| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
| |
Add priority-70 flows to generate ICMPv6 address unreachable messages
in reply to IPv6 packets directed to the router's IP address on IP
protocols other than UDP, TCP, and ICMP
Signed-off-by: Lorenzo Bianconi <lorenzo.bianconi@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
|
|
|
|
|
|
|
|
|
| |
Add priority-80 flow to generate ICMPv6 port unreachable messages in
reply to IPv6 UDP datagrams directed to the router's IP address since the
logical router doesn't accept any UDP traffic
Signed-off-by: Lorenzo Bianconi <lorenzo.bianconi@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
|
|
|
|
|
|
|
|
|
| |
Add unit test for the ICMPv6 TTL exceeded packet sent by OVN
logical router when it receives an IPv6 packet whose TTL has
expired (ip.ttl == {0, 1})
Signed-off-by: Lorenzo Bianconi <lorenzo.bianconi@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently in OvS if we hit "Table-miss" rules (associated with Controller
action) then we send PACKET_IN message to controller with reason as
OFPR_NO_MATCH.
“Table-miss” rule is one whose priority is 0 and its catch all rule.
But if we hit same "Table-miss" rule after executing group entry we will
send the reason as OFPR_ACTION (for OF1.3 and below) and OFPR_GROUP
(for OF1.4 and above).
This is because once we execute group entry we set ctx->in_group and later
when we hit the "Table-miss" rule, Since ctx->in_group is set we send
reason as OFPR_ACTION (for OF1.3) and OFPR_GROUP (for OF1.4 and above).
For eg: for the following pipeline, we will send the reason as OFPR_ACTION
even if we hit The “Table-miss” rule.
cookie=0x8000000, duration=761.189s, table=0, n_packets=1401, n_bytes=67954,
priority=4,in_port=9,vlan_tci=0x0000/0x1fff
actions=write_metadata:0x67870000000000/0xffffff0000000001,goto_table:17
cookie=0x6800001, duration=768.848s, table=17, n_packets=1418, n_bytes=68776,
priority=10,metadata=0x67870000000000/0xffffff0000000000
actions=write_metadata:0xe067870000000000/0xfffffffffffffffe,goto_table:60
cookie=0x6800000, duration=24944.312s, table=60, n_packets=58244,
n_bytes=2519520, priority=0 actions=resubmit(,17)
cookie=0x8040000, duration=785.733s, table=17, n_packets=1450, n_bytes=69724,
priority=10,metadata=0xe067870000000000/0xffffff0000000000
actions=write_metadata:0x67871d4d000000/0xfffffffffffffffe,goto_table:43
cookie=0x822002d, duration=24960.795s, table=43, n_packets=53097,
n_bytes=2230074, priority=100,arp,arp_op=1 actions=group:6000
group_id=6000,type=all,bucket=actions=CONTROLLER:65535,
bucket=actions=resubmit(,48), bucket=actions=resubmit(,81)
cookie=0x8500000, duration=24977.323s, table=48, n_packets=58309, n_bytes=2522634,
priority=0 actions=resubmit(,49),resubmit(,50)
cookie=0x8050000, duration=24984.679s, table=50, n_packets=6, n_bytes=264,
priority=0 actions=CONTROLLER:65535
Currently we are sending table_id as 50 and packet_in reason as OFPR_ACTION.
Instead of sending packet_in reason as OFPR_NO_MATCH.
Signed-off-by: Keshav Gupta <keshav.gupta@ericsson.com>
Co-authored-by: Rohith Basavaraja <rohith.basavaraja@gmail.com>
Signed-off-by: Rohith Basavaraja <rohith.basavaraja@gmail.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
|
|
|
|
|
|
|
|
| |
This can't cause a crash and doesn't seem relevant to normal operation.
Reported-at: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9044
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Justin Pettit <jpettit@ovn.org>
|
|
|
|
|
|
|
| |
Tests are added to cover out of order fragments, overlapping fragments
and multiple extension headers in the case of IPv6.
Signed-off-by: Darrell Ball <dlu998@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The ipv4 fragmentation check is broken and allows fragments through.
There were fragile and poorly maintainable checks in extract_l3_ipv*
designed to save a few cycles. The checks make assumptions about what
sanity checks may have been done and could be skipped based on inferring
from the value of another paramater that should be unrelated (l4
pointer needing assignment). Since the benefit is minimal, remove
the special checks and always do sanity checks.
Four tests are added to better maintain fragmentation support.
This needs backporting to 2.9.
Fixes: c8b1ad49da68("conntrack: Reorder sanity checks in extract_l3_ipvx().")
Fixes: a489b16854b5("conntrack: New userspace connection tracker.")
Signed-off-by: Darrell Ball <dlu998@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A bug was reported on the feature of applying ACLs on port groups [1].
This bug was not detected by the original test case, because it didn't
test the return traffic and so didn't ensure the stateful feature is
working. The fix [2] causes the original test case fail, because
once the conntrack is enabled, the test packets are dropped because
the checksum in those packets are invalid and so marked with "invalid"
state by conntrack. To avoid the test case failure, the fix [2] changed
it to test stateless acl only, which leaves the scenario untested,
although it is fixed. This patch adds back the stateful ACL in the
test, and replaced the dummy/receive with inject-pkt to send the test
packets, so that checksums can be properly filled in, and it also
adds tests for the return traffic, which ensures the stateful is
working.
[1] https://mail.openvswitch.org/pipermail/ovs-discuss/2018-June/046927.html
[2] https://patchwork.ozlabs.org/patch/931913/
Signed-off-by: Han Zhou <hzhou8@ebay.com>
Acked-by: Jakub Sitnicki <jkbs@redhat.com>
Acked-by: Daniel Alvarez <dalvarez@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When using Port Groups, the pre ACLs were not applied so the
conntrack action was not performed. This patch takes Port Groups
into account when processing the pre ACLs.
As a follow up, we could enhance this patch by creating an index
from lswitch to port groups.
Signed-off-by: Daniel Alvarez <dalvarez@redhat.com>
Acked-by: Lucas Alvares Gomes <lucasagomes@gmail.com>
Acked-by: Han Zhou <hzhou8@ebay.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
check_logs ignores some log messages, but it wasn't smart enough to ignore
the messages that said that the ignored messages had been rate-limited.
This fixes the problem.
It's OK to ignore all rate-limiting messages because they only appear if at
least one message was not rate-limited, which check_logs will catch anyway.
Reported-by: Timothy Redaelli <tredaelli@redhat.com>
Reported-at: https://mail.openvswitch.org/pipermail/ovs-discuss/2018-July/046978.html
Signed-off-by: Ben Pfaff <blp@ovn.org>
Tested-By: Timothy Redaelli <tredaelli@redhat.com>
|
|
|
|
|
|
|
| |
It's not a problem but it looks odd in output.
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Mark Michelson <mmichels@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Add priority-70 flows to generate ICMP protocol unreachable messages
in reply to packets directed to the router's IP address on IP protocols
other than UDP, TCP, and ICMP
Signed-off-by: Lorenzo Bianconi <lorenzo.bianconi@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
|
|
|
|
|
|
|
|
|
| |
Add priority-80 flows to generate TCP reset messages in reply to
TCP datagrams directed to the router's IP address since the
logical router doesn't accept any TCP traffic
Signed-off-by: Lorenzo Bianconi <lorenzo.bianconi@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
|
|
|
|
|
|
|
|
|
| |
Add priority-80 flows to generate ICMP port unreachable messages in
reply to UDP datagrams directed to the router's IP address since the
logical router doesn't accept any UDP traffic
Signed-off-by: Lorenzo Bianconi <lorenzo.bianconi@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When inserting data into a "singleton" table (one that has maxRows ==
1), there is a check that ensures that the table is currently empty
before inserting the row. The intention is to prevent races where
multiple clients might attempt to insert rows at the same time.
The problem is that this singleton check can cause legitimate
transactions to fail. Specifically, a transaction that attempts to
delete the current content of the table and insert new data will cause
the singleton check to fail since the table currently has data.
This patch corrects the issue by keeping a count of the rows being
deleted and added to singleton tables. If the total is larger than zero,
then the net operation is attempting to insert rows. If the total is
less than zero, then the net operation is attempting to remove rows. If
the total is zero, then the operation is inserting and deleting an equal
number of rows (or is just updating rows). We only add the singleton
check if the total is larger than zero.
This patch also includes a new test for singleton tables that ensures
that the maxRows constraint works as expected.
Signed-off-by: Mark Michelson <mmichels@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The change fixes random stp test failure. Accuracy is about 20%.
Failed test is following:
2337: STP - flush the fdb and mdb when topology changed
In some cases, a validation is executed after topology change and
it increase time of stp stabilization. To prevent this, delay
which wait validation is added before deleting a port.
CC: Tonghao Zhang <xiangxia.m.yue@gmail.com>
Fixes: 427e9751f300 ("tests: Add and improve stp tests.")
Signed-off-by: Ivan Dyukov <i.dyukov@samsung.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
|
|
|
|
|
|
|
|
| |
CC: Ashish Varma <ashishvarma.ovs@gmail.com>
Fixes: 296251ca0c82 ("tests: Added NSH related unit test cases for datapath")
Signed-off-by: Timothy Redaelli <tredaelli@redhat.com>
Acked-by: Ashish Varma <ashishvarma.ovs@gmail.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently if IPv6 is globally disabled (net.ipv6.conf.all.disable_ipv6=1) or
if IPv6 is disabled on loopback interface (net.ipv6.conf.lo.disable_ipv6=1)
the check doesn't work since no interface have ::1 and EADDRNOTAVAIL is
returned.
This causes a Python exception to be printed, like this:
Traceback (most recent call last):
File "<string>", line 6, in <module>
File "/usr/lib64/python2.7/socket.py", line 228, in meth
return getattr(self._sock,name)(*args)
socket.error: [Errno 99] Cannot assign requested address
In this case HAVE_IPV6 is not set and all IPv6 tests fails.
This commit fixes the problem by check also for EADDRNOTAVAIL.
CC: Ben Pfaff <blp@ovn.org>
Fixes: 5c1d812d7fb3 ("tests: Avoid printing Python exception for hosts without IPv6 support.")
Signed-off-by: Timothy Redaelli <tredaelli@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
|
|
|
|
|
| |
Signed-off-by: Darrell Ball <dlu998@gmail.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
|
|
|
|
|
|
|
|
|
| |
Using icmp4 action, send an ICMP time exceeded frame whenever
an OVN logical router receives an IPv4 packets whose TTL has
expired (ip.ttl == {0, 1})
Signed-off-by: Lorenzo Bianconi <lorenzo.bianconi@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The design of the compound index feature in the C OVSDB IDL was unusual.
Indexes were generally referenced only by name rather than by pointer, and
could be obtained only from the top-level ovsdb_idl object. To iterate or
otherwise search an index required explicitly creating a special
ovsdb_idl_cursor object, which at least seemed somewhat heavy-weight given
that it required a string lookup in a table of indexes.
This commit redesigns the compound index interface. It discards the use of
names for indexes, instead having clients pass in a pointer to the index
object itself. It simplifies how indexes are created, gets rid of the need
for explicit cursor objects, and updates all of the users to the new
interface.
The underlying reason for this commit is to make it easier in
ovn-controller to keep track of the dependencies for a given function, by
making the indexes explicit arguments to any function that needs to use
them.
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Han Zhou <hzhou8@ebay.com>
|
|
|
|
|
|
|
|
|
| |
It's always been OVS coding style to use spaces rather than tabs for
indentation, but some tabs have snuck in over time. This commit converts
them to spaces.
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Justin Pettit <jpettit@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
| |
OVS uses spaces for indentation in source code and it makes sense for it to
also use spaces for indentation in output. Spaces also consume less
horizontal space in output, which often makes it easier to read. This
commit transitions one part of output from tabs to spaces and updates
appropriate parts of the tests to match.
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Justin Pettit <jpettit@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
| |
OVS uses spaces for indentation in source code and it makes sense for it to
also use spaces for indentation in output. Spaces also consume less
horizontal space in output, which often makes it easier to read. This
commit transitions one part of output from tabs to spaces and updates
appropriate parts of the tests to match.
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Justin Pettit <jpettit@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
| |
OVS uses spaces for indentation in source code and it makes sense for it to
also use spaces for indentation in output. Spaces also consume less
horizontal space in output, which often makes it easier to read. This
commit transitions one part of output from tabs to spaces and updates
appropriate parts of the tests to match.
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Justin Pettit <jpettit@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
| |
OVS uses spaces for indentation in source code and it makes sense for it to
also use spaces for indentation in output. Spaces also consume less
horizontal space in output, which often makes it easier to read. This
commit transitions one part of output from tabs to spaces and updates
appropriate parts of the tests to match.
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Justin Pettit <jpettit@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
| |
OVS uses spaces for indentation in source code and it makes sense for it to
also use spaces for indentation in output. Spaces also consume less
horizontal space in output, which often makes it easier to read. This
commit transitions one part of output from tabs to spaces and updates
appropriate parts of the tests to match.
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Justin Pettit <jpettit@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
| |
OVS uses spaces for indentation in source code and it makes sense for it to
also use spaces for indentation in output. Spaces also consume less
horizontal space in output, which often makes it easier to read. This
commit transitions one part of output from tabs to spaces and updates
appropriate parts of the tests to match.
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Justin Pettit <jpettit@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
| |
OVS uses spaces for indentation in source code and it makes sense for it to
also use spaces for indentation in output. Spaces also consume less
horizontal space in output, which often makes it easier to read. This
commit transitions one part of output from tabs to spaces and updates
appropriate parts of the tests to match.
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Justin Pettit <jpettit@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
| |
OVS uses spaces for indentation in source code and it makes sense for it to
also use spaces for indentation in output. Spaces also consume less
horizontal space in output, which often makes it easier to read. This
commit transitions one part of output from tabs to spaces and updates
appropriate parts of the tests to match.
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Justin Pettit <jpettit@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The dp_hash selection method for select groups overcomes the scalability
problems of the current default selection method which, due to L2-L4
hashing during xlation and un-wildcarding of the hashed fields,
basically requires an upcall to the slow path to load-balance every
L4 connection. The consequence are an explosion of datapath flows
(megaflows degenerate to miniflows) and a limitation of connection
setup rate OVS can handle.
This commit changes the default selection method to dp_hash, provided the
bucket configuration is such that the dp_hash method can accurately
represent the bucket weights with up to 64 hash values. Otherwise we
stick to original default hash method.
We use the new dp_hash algorithm OVS_HASH_L4_SYMMETRIC to maintain the
symmetry property of the old default hash method.
A controller can explicitly request the old default hash selection method
by specifying selection method "hash" with an empty list of fields in the
Group properties of the OpenFlow 1.5 Group Mod message.
Update the documentation about selection method in the ovs-ovctl man page.
Revise and complete the ofproto-dpif unit tests cases for select groups.
Signed-off-by: Jan Scheurich <jan.scheurich@ericsson.com>
Signed-off-by: Nitin Katiyar <nitin.katiyar@ericsson.com>
Co-authored-by: Nitin Katiyar <nitin.katiyar@ericsson.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The current implementation of the "dp_hash" selection method suffers
from two deficiences: 1. The hash mask and hence the number of dp_hash
values is just large enough to cover the number of group buckets, but
does not consider the case that buckets have different weights. 2. The
xlate-time selection of best bucket from the masked dp_hash value often
results in bucket load distributions that are quite different from the
bucket weights because the number of available masked dp_hash values
is too small (2-6 bits compared to 32 bits of a full hash in the default
hash selection method).
This commit provides a more accurate implementation of the dp_hash
select group by applying the well known Webster method for distributing
a small number of "seats" fairly over the weighted "parties"
(see https://en.wikipedia.org/wiki/Webster/Sainte-Lagu%C3%AB_method).
The dp_hash mask is autmatically chosen large enough to provide good
enough accuracy even with widely differing weights.
This distribution happens at group modification time and the resulting
table is stored with the group-dpif struct. At xlation time, we use the
masked dp_hash values as index to look up the assigned bucket.
If the bucket should not be live, we do a circular search over the
mapping table until we find the first live bucket. As the buckets in
the table are by construction in pseudo-random order with a frequency
according to their weight, this method maintains correct distribution
even if one or more buckets are non-live.
Xlation is further simplified by storing some derived select group state
at group construction in struct group-dpif in a form better suited for
xlation purposes.
Adapted the unit test case for dp_hash select group accordingly.
Signed-off-by: Jan Scheurich <jan.scheurich@ericsson.com>
Signed-off-by: Nitin Katiyar <nitin.katiyar@ericsson.com>
Co-authored-by: Nitin Katiyar <nitin.katiyar@ericsson.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The tests probe whether the host has IPv6 support and, if it doesn't, skip
the tests that require IPv6. However, until now, when the host lacks
support, this caused a Python exception to be printed, like this:
Traceback (most recent call last):
File "<string>", line 3, in <module>
File "/usr/lib64/python2.7/socket.py", line 187, in __init__
_sock = _realsocket(family, type, proto)
socket.error: [Errno 97] Address family not supported by protocol
This exception is expected and harmless, but it reasonably surprised some
users. This commit fixes the problem.
Reported-by: Paul Greenberg
Reported-at: https://github.com/openvswitch/ovs-issues/issues/146#issuecomment-390081887
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Justin Pettit <jpettit@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Until now the timing in the cluster torture test has been pretty
inaccurate because it just worked by calling "sleep 1" in a loop that
did other things. The longer those other things took, the more
inaccurate it got.
This commit changes to using a separate process for timing. It still won't
be all that accurate but at least the timing loop doesn't try to do
anything else.
(I'm not sure how to actually get accurate timing in shell.)
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Justin Pettit <jpettit@ovn.org>
|
|
|
|
|
|
|
|
|
|
| |
This test is supposed to be parameterized, but one of the loops didn't
honor the parameterization and just had hardcoded values. Also, the
output comparison didn't work properly for more than 100 client sets
(n1 > 100), so this adds some explicit sorting to the mix.
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Justin Pettit <jpettit@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Several OVS structs contain embedded named unions, like this:
struct {
...
union {
...
} u;
};
C11 standardized a feature that many compilers already implemented
anyway, where an embedded union may be unnamed, like this:
struct {
...
union {
...
};
};
This is more convenient because it allows the programmer to omit "u."
in many places. OVS already used this feature in several places. This
commit embraces it in several others.
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Justin Pettit <jpettit@ovn.org>
Tested-by: Alin Gabriel Serdean <aserdean@ovn.org>
Acked-by: Alin Gabriel Serdean <aserdean@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
ERSPAN is the first real-world use cases of Experimenter OXM,
which introduces 4 new NXOXM_ET_ fields (ver, idx, dir, hwid).
The patch adds test cases for these fields.
At the same time, delete the special case for NXOXM_ET_DP_HASH,
because it was only in there for testing anyway.
Cc: Greg Rose <gvrose8192@gmail.com>
Signed-off-by: William Tu <u9012063@gmail.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Check the application of conjunctive matching to logical flow match
expressions. In particular cover the case where conjunctive matching is
applied to ACL match expressions that refer to Address Sets.
Mark Michelson who tested a similar patch [1] has found a significant
improvement in ACL processing and reduction of OF flows from an order of
1 million to few thousands. [2]
Signed-off-by: Numan Siddique <nusiddiq@redhat.com>
[1] - https://mail.openvswitch.org/pipermail/ovs-dev/2018-February/344523.html
[2] - https://mail.openvswitch.org/pipermail/ovs-dev/2018-February/344311.html
Signed-off-by: Ben Pfaff <blp@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Appending prerequisites to sub-expressions of OR that are all over one
symbol prevents the expression-to-matches converter from applying
conjunctive matching. This happens during the annotation phase.
input: s1 == { c1, c2 } && s2 == { c3, c4 }
expanded: (s1 == c1 || s1 == c2) && (s2 == c3 || s2 == c4)
annotated: ((p1 && s1 == c1) || (p1 && s1 == c2)) &&
((p2 && s2 == c3) || (p2 && s2 == c4))
normalized: (p1 && p2 && s1 == c1 && s2 == c3) ||
(p1 && p2 && s1 == c1 && s2 == c4) ||
(p1 && p2 && s1 == c2 && s2 == c3) ||
(p1 && p2 && s1 == c2 && s2 == c4)
Where s1,s2 - symbols, c1..c4 - constants, p1,p2 - prerequisites.
Since sub-expressions of OR trees that are over one symbol all have the
same prerequisites, we can factor them out leaving the OR tree in tact,
and enabling the converter to apply conjunctive matching to
AND(OR(clause)) trees.
Going back to our example this change gives us:
input: s1 == { c1, c2 } && s2 == { c3, c4 }
expanded: (s1 == c1 || s1 == c2) && (s2 == c3 || s2 == c4)
annotated: (s1 == c1 || s1 == c2) && p1 && (s2 == c3 || s2 == c4) && p2
normalized: p1 && p2 && (s1 == c1 || s1 == c2) && (s2 == c3 || s2 == c4)
We also factor out the prerequisites out of pure AND or mixed AND/OR
trees to keep the common code path, but in this case the only thing we
gain is a shorter expression as prerequisites for each symbol appear
only once.
Documentation comments have been contributed by Ben Pfaff.
Signed-off-by: Jakub Sitnicki <jkbs@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
| |
The test fails occasionally because it may starts sending packets
before the new ACL related flows are installed on HVs, even if it
ensures lflows exist in SB DB. This patch ensure the HVs are in
sync by ovn-nbctl --wait=hv sync, and removes the check for lflow
readiness in SB.
Signed-off-by: Han Zhou <hzhou8@ebay.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
|
|
|
|
|
|
|
|
|
| |
The test 'ofproto-dpif - in place modification (vlan)' fails often
due to miss handling. Hence, make it more predictable by specifying
that misses should just be dropped.
Signed-off-by: Darrell Ball <dlu998@gmail.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
|
|
|
|
|
|
|
|
|
|
| |
The patch add supports for flow-based erspan options.
The erspan_ver, erspan_idx, erspan_dir, and erspan_hwid can be
set as "flow" so that its value is set by the openflow rule,
instead of statically configured at port creation time.
Signed-off-by: William Tu <u9012063@gmail.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
|
|
|
|
|
|
|
| |
pass check, check-kernel (4.16-rc4), check-system-userspace
Signed-off-by: William Tu <u9012063@gmail.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
ERSPAN is a tunneling protocol based on GRE tunnel. The patch
add erspan tunnel support for ovs-vswitchd with userspace datapath.
Configuring erspan tunnel is similar to gre tunnel, but with
additional erspan's parameters. Matching a flow on erspan's
metadata is also supported, see ovs-fields for more details.
Signed-off-by: William Tu <u9012063@gmail.com>
Signed-off-by: Greg Rose <gvrose8192@gmail.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
|
|
|
|
|
|
|
|
|
|
| |
The patch adds support for gre sequence number.
Default is disable. When enable with 'options:seq=true',
the outgoing gre packet will have its sequence number
incremented by one.
Signed-off-by: William Tu <u9012063@gmail.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
|
|
|
|
|
| |
Signed-off-by: Justin Pettit <jpettit@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>
|
|
|
|
|
|
|
|
|
| |
This makes it clear which buckets from a group are executed and why.
The update to nsh.at provides an example.
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Justin Pettit <jpettit@ovn.org>
|
|
|
|
|
|
|
|
|
|
| |
ofp_to_string__() is supposed to call ofp_print_stats() for all kinds of
statistics, but it was only doing so haphazardly. This commit makes it
systematic and in the process adds it to at least one case where it was
missing (and fixes up a test case).
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Justin Pettit <jpettit@ovn.org>
|
|
|
|
|
| |
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Justin Pettit <jpettit@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch provides implementation Existing flow entry statistics are
redefined as standard OXS(OpenFlow Extensible Statistics) fields for
displaying the arbitrary flow stats.
To support this implementation below messages are newly added
OFPRAW_OFPT15_FLOW_REMOVED,
OFPRAW_OFPST15_AGGREGATE_REQUEST,
OFPRAW_OFPST15_FLOW_REPLY,
OFPRAW_OFPST15_AGGREGATE_REPLY,
The current commit adds support for the new feature in flow statistics
multipart messages, aggregate multipart messages and OXS support for flow
removal message, individual flow description messages.
Signed-off-by: Satya Valli <satyavalli.rama@tcs.com>
Co-authored-by: Lavanya Harivelam <harivelam.lavanya@tcs.com>
Signed-off-by: Lavanya Harivelam <harivelam.lavanya@tcs.com>
Co-authored-by: Surya Muttamsetty <muttamsetty.surya@tcs.com>
Signed-off-by: Surya Muttamsetty <muttamsetty.surya@tcs.com>
Co-authored-by: Manasa Cherukupally <manasa.cherukupally@tcs.com>
Signed-off-by: Manasa Cherukupally <manasa.cherukupally@tcs.com>
Co-authored-by: Pavani Panthagada <p.pavani1@tcs.com>
Signed-off-by: Pavani Panthagada <p.pavani1@tcs.com>
[blp@ovn.org simplified and rewrote much of the code]
Co-authored-by: Ben Pfaff <blp@ovn.org>
Signed-off-by: Ben Pfaff <blp@ovn.org>
|