| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
| |
There are many docs that don't need to kept at the top level, along
with many more hidden in random folders. Move them all.
This also allows us to add the '-W' flag to Sphinx, ensuring unindexed
docs result in build failures.
Signed-off-by: Stephen Finucane <stephen@that.guru>
Signed-off-by: Ben Pfaff <blp@ovn.org>
|
|
|
|
|
|
|
|
|
| |
There are a couple of references to these for various build systems.
The website is going to be our "one true resource" for all docs, so
simply remove these references.
Signed-off-by: Stephen Finucane <stephen@that.guru>
Signed-off-by: Ben Pfaff <blp@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The assertions in dpif_ipfix_set_options() made some bad assumptions about
flow exporters. The code that added and removed exporters would add a flow
exporter even if it had an invalid configuration ("broken"), but the
assertions checked that broken flow exporters were not added. Thus, the
when a flow exporter was broken, ovs-vswitchd would crash due to an
assertion failure.
Here is an example vsctl command that, run in the sandbox, would crash
ovs-vswitchd:
ovs-vsctl \
-- add-br br0 \
-- --id=@br0 get bridge br0 \
-- --id=@ipfix create ipfix target='["xyzzy"]' \
-- create flow_sample_collector_set id=1 bridge=@br0 ipfix=@ipfix
The minimal fix would be to remove the assertions, but this would leave
broken flow exporters in place. This commit goes a little farther and
actually removes broken flow exporters.
This fix pulls code out of an "if" statement to a higher level, so it is a
smaller fix when viewed igoring space changes.
This bug dates back to the introduction of IPFIX in 2013.
VMware-BZ: #1779123
CC: Romain Lenglet <romain.lenglet@berabera.info>
Fixes: 29089a540cfa ("Implement IPFIX export")
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Jarno Rajahalme <jarno@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When the datapath, whose type is "netdev", processes packets
in userspce action, it may cause a segmentation fault. In the
dp_execute_userspace_action(), we pass the "wc" argument to
dp_netdev_upcall() using NULL. In the dp_netdev_upcall() call tree,
the "wc" will be used. For example, dp_netdev_upcall() uses the
&wc->masks for debugging, and flow_wildcards_init_for_packet()
uses the "wc" if we disable megaflow, which is described in
more detail below.
Segmentation fault in flow_wildcards_init_for_packet:
#0 0x0000000000468fe8 flow_wildcards_init_for_packet lib/flow.c:1275
#1 0x0000000000436c0b upcall_cb ofproto/ofproto-dpif-upcall.c:1231
#2 0x000000000045bd96 dp_netdev_upcall lib/dpif-netdev.c:3857
#3 0x0000000000461bf3 dp_execute_userspace_action lib/dpif-netdev.c:4388
#4 dp_execute_cb lib/dpif-netdev.c:4521
#5 0x0000000000486ae2 odp_execute_actions lib/odp-execute.c:538
#6 0x00000000004607f9 dp_netdev_execute_actions lib/dpif-netdev.c:4627
#7 packet_batch_per_flow_execute lib/dpif-netdev.c:3927
#8 dp_netdev_input__ lib/dpif-netdev.c:4229
#9 0x0000000000460ba8 dp_netdev_input lib/dpif-netdev.c:4238
#10 dp_netdev_process_rxq_port lib/dpif-netdev.c:2873
#11 0x000000000046126e dpif_netdev_run lib/dpif-netdev.c:3000
#12 0x000000000042baf5 type_run ofproto/ofproto-dpif.c:504
#13 0x00000000004192bf ofproto_type_run ofproto/ofproto.c:1687
#14 0x0000000000409965 bridge_run__ vswitchd/bridge.c:2875
#15 0x000000000040f145 bridge_run vswitchd/bridge.c:2938
#16 0x00000000004062e5 main vswitchd/ovs-vswitchd.c:111
Signed-off-by: nickcooper-zhangtonghao <nic@opencloud.tech>
Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com>
|
|
|
|
|
|
|
|
|
| |
Without this patch, I see errors like this on master:
../ofproto/ipfix-gen-entities:115:1: E305 expected 2 blank lines after
class or function definition, found 1
Signed-off-by: Joe Stringer <joe@ovn.org>
Acked-by: Daniele Di Proietto <diproiettod@vmware.com>
|
|
|
|
|
| |
Signed-off-by: nickcooper-zhangtonghao <nic@opencloud.tech>
Signed-off-by: Ben Pfaff <blp@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
| |
VxLan device expect valid tp-dst in tunnel metadata.
Following patch sets consistent tp-dst with respect to
the egress tunnel port.
Reported-by: Gerhard Stenzel <gstenzel@linux.vnet.ibm.com>
Tested-by: Gerhard Stenzel <gstenzel@linux.vnet.ibm.com>
Signed-off-by: Pravin B Shelar <pshelar@ovn.org>
Acked-by: Jarno Rajahalme <jarno@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
While a flow modify must keep the original flow's flags, it must reset
counts if (and only if) the reset_counts flag is present in the flow
mod message.
Behavior prior to this patch is broken in a few ways:
- OpenFlow 1.0 and 1.1 mod-flows did reset the counts, if the flow had
reset_counts flag set. Only add-flow should reset counts.
- With OpenFlow 1.2 and later, if the old flow had the reset_counts
flag set, the counts would be reset by mod-flows, even if the
flow-mod message does not have the reset_counts flag set.
- With OpenFlow 1.2 and later, mod-flows with a reset_count did not
reset the counts, if the old flow did not have the reset_counts flag
set.
Even though the prevailing interpretation seems to be that the
reset_counts flag in the flow-mod message should be stored as part of
the flow state (and reported back in flow dumps with OpenFlow >= 1.3),
we should always just look at the reset_counts flag in the current
flow-mod and ignore the reset_counts flag stored in the flow when
processing a flow mod.
For OpenFlow 1.0 and 1.1 we already implicitly add the reset_counts
flag for add-flow messages (only) to maintain the expected behavior.
This patch adds a comprehensive test case to prevent future regressions.
Suggested-by: Tony van der Peet <tony.vanderpeet@alliedtelesis.co.nz>
Fixes: 748eb2f5b1 ("ofproto-dpif: Always forward 'used' from the old_rule.")
Signed-off-by: Jarno Rajahalme <jarno@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch fixes problems with MPLS handling related to patch ports
and group buckets.
If a group bucket or a peer bridge across a patch port pushes MPLS
headers to a non-MPLS packet and outputs, the flow translation after
returning from the group bucket or patch port would undo the packet
transformations so that the processing could continue with the packet
as it was before entering the patch port. There were two problems
with this:
1. As part of the first MPLS push on a non-MPLS packet, the flow
translation would first clear the L3/4 headers of the 'flow' to mark
those fields invalid. Later, when committing 'flow' changes to
datapath actions before output, the necessary datapath MPLS actions
are created and the corresponding changes updated to the 'base flow'.
This was done using the same flow_push_mpls() function that clears
the L2/3 headers, so also the 'base flow' L2/3 headers were cleared.
Then, when translation returns from a patch port or group bucket, the
original 'flow' is restored, now showing no sign of the MPLS labels.
Since the 'base flow' now has the MPLS labels, following translations
know to issue MPLS POP actions before any output actions. However, as
part of checking for changes to IP headers we test that the IP
protocol type was not changed. But now the 'base flow's 'nw_proto'
field is zero and an assert fail crashes OVS.
This is solved by not clearing the L3/4 fields of the 'base
flow'. This allows the processing after the patch port to continue
with L3/4 fields as if no MPLS was done, after first issuing the
necessary MPLS POP actions.
2. IP header updates were done before the MPLS POP actions were
issued. This caused incorrect packet output after, e.g., group action
or patch port. For example, with actions:
group 1234: all bucket=push_mpls,output:LOCAL
ip actions=group:1234,dec_ttl,output:LOCAL,output:LOCAL
the dec_ttl would only be executed before the last output to LOCAL,
since at the time of committing IP changes after the group action the
packet was still an MPLS packet.
This is solved by checking the dl_type of both 'flow' and 'base flow'
and issuing MPLS actions if they can transform the packet from an MPLS
packet to a non-MPLS packet. For an IP packet the change in ttl can
then be correctly committed before the last two output actions.
Two test cases are added to prevent future regressions.
Reported-by: Thomas Morin <thomas.morin@orange.com>
Suggested-by: Takashi YAMAMOTO <yamamoto@ovn.org>
Fixes: 8bfd0fdac ("Enhance userspace support for MPLS, for up to 3 labels.")
Fixes: 1b035ef20 ("mpls: Allow l3 and l4 actions to prior to a push_mpls action")
Signed-off-by: Jarno Rajahalme <jarno@ovn.org>
Acked-by: YAMAMOTO Takashi <yamamoto@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Before Open vSwitch 2.5.90, IPFIX reports from Open vSwitch didn't include
whether the packet was ingressing or egressing the switch. Starting in
OVS 2.5.90, this information was available but only accurate if the action
included a port number that indicated a tunnel. Conflating these two does
not always make sense (not every packet involves a tunnel!), so this patch
makes it possible for the sample action to simply say whether it's for
ingress or egress.
This is difficult to test, since the "tests" directory of OVS does not have
a proper IPFIX listener. This passes those tests, plus a couple that just
verify that the actions are properly parsed and formatted. Benli did test
it end-to-end in a VMware use case.
Requested-by: Benli Ye <daniely@vmware.com>
Tested-by: Benli Ye <daniely@vmware.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Simon Horman <simon.horman@netronome.com>
|
|
|
|
|
|
|
|
|
| |
Protected ports can not forward frames to other protected ports.
Unprotected ports can receive and forward frames to protected and other
unprotected ports.
Signed-off-by: Ben Kelly <ben@benjii.net>
Signed-off-by: Simon Horman <simon.horman@netronome.com>
|
|
|
|
|
|
|
|
| |
Propagate the protected mode setting from port to xbundle, so that
ofproto* can make decisions.
Signed-off-by: Ben Kelly <ben@benjii.net>
Signed-off-by: Simon Horman <simon.horman@netronome.com>
|
|
|
|
|
|
|
| |
This helper is a little tidier than the alternative. Use it treewide.
Signed-off-by: Joe Stringer <joe@ovn.org>
Acked-by: Simon Horman <simon.horman@netronome.com>
|
|
|
|
|
|
|
|
|
| |
Add definitions for the OpenFlow 1.4.1/1.5 specific capabilities bits
OFPC14_BUNDLES and OFPC14_FLOW_MONITORING. Return the bundles
capability bit in switch features reply.
Reported-by: Andrej Leitner <andrej.leitner@pantheon.tech>
Signed-off-by: Jarno Rajahalme <jarno@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>
|
|
|
|
|
|
|
|
|
|
| |
When iterating the list of mrouters, skip any that are not on the same
vlan as the multicast packet to be forwarded. This bug was causing
duplicate packets when more than one mrouter was behind a trunk port.
Reported-at: https://mail.openvswitch.org/pipermail/ovs-discuss/2016-November/042938.html
Signed-off-by: Darragh O'Reilly <darragh.oreilly@hpe.com>
Signed-off-by: Simon Horman <simon.horman@netronome.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Some datapaths do not support the ct action, and others support only a
subset of its features. Until now, it has been difficult to tell why a
particular action is being rejected. This commit should make it clearer.
Reported-by: Kevin Lin <kevinlin@berkeley.edu>
Reported-at: http://openvswitch.org/pipermail/discuss/2016-October/023060.html
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Joe Stringer <joe@ovn.org>
|
|
|
|
|
| |
Signed-off-by: Stephen Finucane <stephen@that.guru>
Signed-off-by: Russell Bryant <russell@ovn.org>
|
|
|
|
|
|
|
|
|
| |
When deleting a bridge it is currently possible to delete a mater
without deleting the rules using the meter first. Fix this by moving
the meter's rule deletion to meter_delete().
Reported-by: Petr Machata <pertm@mellanox.com>
Signed-off-by: Jarno Rajahalme <jarno@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>
|
|
|
|
|
|
|
|
|
|
| |
Simplify the remaining bits of the original revalidation codepath to
only handle the "full-revalidation" case. Make the 'ukey' parameter
purely const by pushing the only piece that gets changed into a separate
argument.
Signed-off-by: Joe Stringer <joe@ovn.org>
Acked-by: Daniele Di Proietto <diproiettod@vmware.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
To make more of the core revalidate() functions do just one thing and
not modify state on the way, refactor them to prepare the xcache then
defer the ukey modification and stats/side effects execution to the end
of successful revalidation.
If revalidation causes deletion, then the xcache will be prepared and
attached to the ukey, but the actual execution will be skipped since it
will be executed on flow_delete very soon anyway with final stats.
Signed-off-by: Joe Stringer <joe@ovn.org>
Acked-by: Daniele Di Proietto <diproiettod@vmware.com>
|
|
|
|
|
|
|
|
|
|
| |
This code was already very similar to the actual revalidation code, but
previously it wasn't structured quite closely enough to share it. Do so.
xlate_actions_for_side_effects() is now unused, so remove it.
Signed-off-by: Joe Stringer <joe@ovn.org>
Acked-by: Daniele Di Proietto <diproiettod@vmware.com>
|
|
|
|
|
|
|
|
| |
Shift the early-exit conditions for revalidation into a separate
function.
Signed-off-by: Joe Stringer <joe@ovn.org>
Acked-by: Daniele Di Proietto <diproiettod@vmware.com>
|
|
|
|
|
|
|
|
| |
This patch shifts the code that directly calls xlate into a separate
function, xlate_ukey().
Signed-off-by: Joe Stringer <joe@ovn.org>
Acked-by: Daniele Di Proietto <diproiettod@vmware.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Functionally this has little change, but it allows the following patch
to refactor the translation code with less changes.
Strictly speaking the odp_flow_key_to_flow() and xlate_lookup() error
cases should free the ukey->xcache, since it's empty and was never
initialised via the later call to xlate_actions(). However, if one of
these error conditions is hit during a flow dump, then there's no way
that it will ever succeed on a subsequent revalidate/delete. Rather, the
later revalidate/delete would do no stats translation - the same result
as keeping the empty xcache here.
Signed-off-by: Joe Stringer <joe@ovn.org>
Acked-by: Daniele Di Proietto <diproiettod@vmware.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The execution time of 'ovs-ofctl add-flows' with a large number of
flows can be more than halved if revalidators are not running after
each flow mod separately. This was first suspected when it was found
that 'ovs-ofctl --bundle add-flows' is about 10 times faster than the
same command without the '--bundle' option in a scenario where there
is a large set of flows being added and no datapath flows at all. One
of the differences caused by the '--bundle' option is that the
revalidators are woken up only once, at the end of the whole set of
flow table changes, rather than after each flow table change
individually.
This patch limits the revalidation to run at most 200 times a second
by enforcing a minimum of 5ms time gap between the start times of
revalidation rounds. If nothing happens in, say 6 milliseconds, and
then a new flow table change is signaled, the revalidator threads wake
up immediately without any further delay. Values smaller than 5 were
found to increase the 'ovs-ofctl add-flows' execution time noticeably.
Since the revalidators are not running after each flow mod, the
overall OVS CPU utilization during the 'ovs-ofctl add-flows' run time
is reduced roughly by one core on a four core machine.
In testing the 'ovs-ofctl add-flows' execution time is not
significantly improved from this even if the revalidators are not
notified about the flow table changes at all.
Signed-off-by: Jarno Rajahalme <jarno@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
OVS GRE IPsec tunnel support has multiple issues, Therefore
it was deprecated in OVS 2.6.
Following patch removes support for GRE IPsec and allows external
IPsec tunnel management for any type of tunnel not just GRE.
e.g. user can encrypt Geneve or VxLan traffic.
It can be done by using openflow pipeline to set skb-mark
and using IPsec keying daemons to implement IPsec tunnels.
This packet can be matched for the skb-mark to encrypt
selective tunnel traffic.
VMware-BZ: 1710701
Signed-off-by: Pravin B Shelar <pshelar@ovn.org>
Acked-by: Ansis Atteka <aatteka@ovn.org>
|
|
|
|
|
| |
Signed-off-by: Justin Pettit <jpettit@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It's possible to install an OpenFlow flow that matches on udp source and
destination ports without matching on fragments. If the subtable where
such flow stays is visited during translation of a later fragment, the
generated mask will have incorrect prerequisited for the datapath and it
would be revalidated away at the first chance.
This commit fixes it by adjusting the mask for later fragments after
translation.
Other prerequisites of the mask are also prerequisites in OpenFlow, but
not the ip fragment bit, that's why we need a special case here.
For completeness, this commits also fixes a related problem in bfd,
where we check the udp destination port without checking if the frame is
an ip fragment. It's not really necessary to address this separately,
given the adjustment that we perform.
VMware-BZ: #1651589
Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com>
Acked-by: Jarno Rajahalme <jarno@ovn.org>
|
|
|
|
|
| |
Signed-off-by: Huanle Han <hanxueluo@gmail.com>
Signed-off-by: Russell Bryant <russell@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
| |
The new group mod implementation signals revalidation through
'->set_tables_version()', so the separate '->group_modify()' is no
longer needed. The ofproto-provider API is changed to allow
'group_modify' to be NULL.
Fixes: 5d08a275cd ("ofproto: Make groups versioned.")
Signed-off-by: Jarno Rajahalme <jarno@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
commit df70a7731 ("ofproto-dpif-xlate: Allow translating
without side-effects.") created a memory leak by removing the
dp_packet_delete statement in execute_controller_action that
freed the earlier cloned packet. This commit restores this
statement to the end of the method.
Fixes: df70a7731 ("ofproto-dpif-xlate: Allow translating without side-effects.")
Signed-off-by: Ryan Moats <rmoats@us.ibm.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
topology:
+----------------+
+-------->| SDN Controller |<--------------+
| +----------------+ |
| |
+-----------|-----+ +-----------|-----+
| +-----+ | | | +-----+ | |
| | VM1 | | | | | VM2 | | |
| +-----+ | | | +-----+ | |
| ^ V | | ^ V |
| | +-----+ | | | +-----+ |
| +-> | OVS | | | +-> | OVS | |
| +-----+ | | +-----+ |
| ^ | | ^ |
+-----------|-----+ +-----------|-----+
| Nic Nic|
+------------------------------------------+
We start the communication between VM1 and VM2, for example, ICMP.
At the meantime, disconnect OVS and SDN controller, and reconnect
them again, the process ovs-vswitchd crashes.
backtrace:
0 0x00007f658082ffe4 in cls_rule_make_invisible_in_version ()
1 0x00007f65807f6bb3 in delete_flows_start__ ()
2 0x00007f65807f7ee9 in ofproto_group_mod_start ()
3 0x00007f65807fa07b in handle_openflow ()
4 0x00007f658082119b in connmgr_run ()
5 0x00007f65807f3ba6 in ofproto_run ()
6 0x00007f65807e101c in bridge_run__ ()
7 0x00007f65807e715d in bridge_run ()
8 0x00007f658065784d in main ()
Signed-off-by: Binbin Xu <xu.binbin1@zte.com.cn>
Signed-off-by: Ben Pfaff <blp@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When using tunnel TLVs (at the moment, this means Geneve options), a
controller must first map the class and type onto an appropriate OXM
field so that it can be used in OVS flow operations. This table is
managed using OpenFlow extensions.
The original code that added support for TLVs made the mapping table
global as a simplification. However, this is not really logically
correct as the OpenFlow management commands are operating on a per-bridge
basis. This removes the original limitation to make the table per-bridge.
One nice result of this change is that it is generally clearer whether
the tunnel metadata is in datapath or OpenFlow format. Rather than
allowing ad-hoc format changes and trying to handle both formats in the
tunnel metadata functions, the format is more clearly separated by function.
Datapaths (both kernel and userspace) use datapath format and it is not
changed during the upcall process. At the beginning of action translation,
tunnel metadata is converted to OpenFlow format and flows and wildcards
are translated back at the end of the process.
As an additional benefit, this change improves performance in some flow
setup situations by keeping the tunnel metadata in the original packet
format in more cases. This helps when copies need to be made as the amount
of data touched is only what is present in the packet rather than the
maximum amount of metadata supported.
Co-authored-by: Madhu Challa <challa@noironetworks.com>
Signed-off-by: Madhu Challa <challa@noironetworks.com>
Signed-off-by: Jesse Gross <jesse@kernel.org>
Acked-by: Ben Pfaff <blp@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When the bridges on both sides of a patch port included mirrors, the
translation code incorrectly conflated them instead of treating them as
independent.
Reported-by: Zoltán Balogh <zoltan.balogh@ericsson.com>
Reported-by: Sugesh Chandran <sugesh.chandran@intel.com>
Reported-at: http://openvswitch.org/pipermail/discuss/2016-September/022689.html
Signed-off-by: Ben Pfaff <blp@ovn.org>
Tested-by: Zoltán Balogh <zoltan.balogh@ericsson.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
| |
Add a new select group selection method "dp_hash", which uses minimal
number of bits from the datapath calculated packet hash to inform the
select group bucket selection. This makes the datapath flows more
generic resulting in less upcalls to userspace, but adds recirculation
prior to group selection.
Signed-off-by: Jarno Rajahalme <jarno@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Patch b0d38b2f17 unified flow mod reporting in ofproto for both
stand-alone flow mods and bundle flow mods, but left bundle-specific
reporting to the bundle removal code. This patch fixes this by
removing the bundle-specific reporting of flow mods.
Found by inspection.
Fixes: b0d38b2f17 ("ofproto: Report flow mods also from bundles.")
Signed-off-by: Jarno Rajahalme <jarno@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add support for OFPT_PACKET_OUT messages in bundles.
While ovs-ofctl already has a packet-out command, we did not have a
string parser for it, as the parsing was done directly from command
line arguments.
This patch adds the string parser for packet-out messages, adds
support for it into the 'ovs-ofctl packet-out' command, and adds a new
ofctl/packet-out ovs-appctl command that can be used when ovs-ofctl is
used as a flow monitor. The old 'ovs-ofctl packet-out syntax is
deprecated' and will be removed in a later OVS release.
The new packet-out parser is further supported with the ovs-ofctl
bundle command, which allows bundles to mix flow mods, group mods and
packet-out messages. Also the packet-outs in bundles are only
executed if the whole bundle is successful. A failing packet-out
translation may also make the whole bundle to fail.
Signed-off-by: Jarno Rajahalme <jarno@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Refactor handle_packet_out() to prepare for bundle support for packet
outs in a later patch.
Two new callbacks are introduced in ofproto-provider class:
->packet_xlate() and ->packet_execute(). ->packet_xlate() translates
the packet using the flow and actions provided by the caller, but
defers all OpenFlow-visible side-effects (stats, learn actions, actual
packet output, etc.) to be explicitly executed with the
->packet_execute() call.
Adds a new ofproto_rule_reduce_timeouts__() that must be called with
'ofproto_mutex' held. This is used in the next patch.
Signed-off-by: Jarno Rajahalme <jarno@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Extend 'may_learn' attribute to also control the treatment of
FIN_TIMEOUT action and asynchronous messages (packet ins,
continuations), so that when 'may_learn' is 'false' and
'resubmit_stats' is 'NULL', no OpenFlow-visible side effects are
generated by the translation.
Correspondingly, add support for one-time asynchronous messages to
xlate cache, so that all side-effects of the translation may be
executed at a later stage. This will be useful for bundle commits.
Signed-off-by: Jarno Rajahalme <jarno@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use ofproto_flow_mod with a reference to an existing or new rule
instead of ofputil_flow_mod for learn action execution from xlate
cache
Typically we would find that when a learn xlate cache entry is
created, a preceding upcall has already created the learned flow. In
this case the xlate cache entry takes a reference to that flow and
keeps refreshing it without needing to perform any flow table lookups.
Otherwise the creation of the xlate cache entry creates the new rule,
which is then subsequently added to the classifier. In both cases
this is both faster and shrinks the memory cost of each learn cache
entry from ~3.5kb to about 0.3kb.
If the learned rule does not yet exist, it is created and attached to
the ofproto_flow_mod, from which it is then added. If the referred
rule happens to expire, or is modified in any way and is thus removed
from the classifier tables, we create a new rule using the old rule as
a template, so that we can avoid storing the ofputil_flow_mod in all
cases.
Signed-off-by: Jarno Rajahalme <jarno@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Xlate cache entry type XC_TABLE is required for the table stats
(number of misses and matches) to be correctly attributed.
It appears that table stats have been off ever since xlate cache was
introduced. This was now revealed by a PACKET_OUT unit test case in a
later patch that checks for table stats explicitly.
Fixes: b256dc52 ("ofproto-dpif-xlate: Cache xlate_actions() effects.")
Signed-off-by: Jarno Rajahalme <jarno@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Later patches will need to create xlate cache entries from different
modules. This patch refactors the xlate cache code in preparation
without any functional changes, so that the changes are clearly
visible in the following patches.
The definition of XC_ENTRY_FOR_EACH() iterator macro is changed so
that it now does not take the xlate cache pointer to unify the usage
accross all call sites.
Signed-off-by: Jarno Rajahalme <jarno@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Make mac table update functions part of the mac-learning module, which
also helps in figuring what is the minimal set of struct flow fields
needed for the update. Use this to change the xlate cache entry for
XC_NORMAL to not take a copy of the struct flow, but only save the
in_port, dl_src, and some auxiliary fields. This reduces the memory
burden of XC_NORMAL by roughly 0.5kb.
Signed-off-by: Jarno Rajahalme <jarno@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
| |
Make connmgr_wants_packet_in_on_miss() use an atomic int instead of a
list traversal taking the 'ofproto_mutex'. This allows
connmgr_wants_packet_in_on_miss() to be called also when
'ofproto_mutex' is already held, and makes it faster, too.
Remove unused ofproto_dpif_wants_packet_in_on_miss().
Signed-off-by: Jarno Rajahalme <jarno@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>
|
|
|
|
|
|
|
|
| |
As a rule may not be re-inserted to ofproto data structures, it is
cleaner to have three states for the rule, rather than just two. This
will be useful for managing learned flows in later patches.
Signed-off-by: Jarno Rajahalme <jarno@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Timing out idle bundles frees memory that would effectively be leaked
if a long standing OpenFlow connection would fail to commit or discard
a bundle.
OpenFlow specification mandates the timeout to be at least one second,
if the switch implements such a timeout. This patch makes the bundle
idle timeout to be 10 seconds.
We do not limit the number of messages in a bundle, so it does not
make sense to limit the number of bundles either, especially now that
idle bundles are timed out.
Signed-off-by: Jarno Rajahalme <jarno@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Set ofproto's connmgr pointer to NULL after the connmgr has been
destructed, and check for NULL when sending a flow removed
notification.
Verified by sending the flow removed message unconditionally and
observing numerous core dumps in the test suite.
Found by inspection.
Fixes: f695ebfae5 ("ofproto: Postpone sending flow removed messages.")
Signed-off-by: Jarno Rajahalme <jarno@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>
|
|
|
|
|
|
|
|
|
|
| |
The rationale for locking mac learning table entires wrt. gratuitous
ARP packets and bond interfaces was too cryptic for me to understand.
After reading vswitchd/INTERNALS the issue is understandable, but we
can still improve the comment to prevent such confusion in future.
Signed-off-by: Jarno Rajahalme <jarno@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
By default Open vSwitch tries to configure internal interfaces MTU to
match the bridge minimum, overriding any attempt by the user to
configure it through standard system tools, or the database.
While this works in many simple cases (there are probably many users
that rely on this) it may create problems for more advanced use cases
(like any overlay networks).
This commit allows the user to override the default behavior by
providing an explict MTU in the mtu_request column in the Interface
table.
This means that Open vSwitch will now treat differently database MTU
requests from standard system tools MTU requests (coming from `ip link`
or `ifconfig`), but this seems the best way to remain compatible with
old users while providing a more powerful interface.
Suggested-by: Darrell Ball <dlu998@gmail.com>
Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com>
Acked-by: Ben Pfaff <blp@ovn.org>
Tested-by: Joe Stringer <joe@ovn.org>
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit 47bf118665a3d0f3c153d1fe80e9af02ac9a4e9c.
While the commit tries to make it more consistent, it breaks some system
tests. The assumptions made on the tests are probably made by many
users, so it's better to revert it.
Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com>
Acked-by: Ben Pfaff <blp@ovn.org>
|