In commit 41eefcb2807d, the format of external_ids:ovn-chassis-id for
tunnels was modified to include the local encapsulation IP. This change
can lead to the recreation of tunnels during an upgrade, potentially
disrupting the dataplane temporarily, especially in large-scale
environments.
This
> On 12-Feb-2024, at 8:36 PM, Ihar Hrachyshka wrote:
>
> On Tue, Jan 30, 2024 at 10:52 PM Naveen Yerramneni
> wrote:
>
>
> > On 29-Jan-2024, at 9:11 PM, Ihar Hrachyshka wrote:
> >
> > On Mon, Jan 22, 2024 at 12:22 PM Naveen Yerramneni
> > wrote:
> > This option can be used to
On 2/15/24 14:23, Simon Horman wrote:
> On Thu, Feb 15, 2024 at 09:16:38AM +0100, Jakob Meng wrote:
>> On 30.01.24 10:44, Simon Horman wrote:
>>> On Fri, Jan 26, 2024 at 02:24:51PM +0100, jm...@redhat.com wrote:
From: Jakob Meng
In a scenario where OVN does load balancing and then
Previously some packets were excluded from the tunnel mark if they
weren't L4. However, this causes problems with multi encapsulated
packets like arp.
Due to these flags being set, additional checks are required in checksum
modification code.
Fixes: 084c8087292c ("userspace: Support VXLAN and
Previously a gap existed in the tunnel system tests where only ICMP and
TCP traffic was tested. However, the code paths using for UDP traffic is
different then either of those and should also be tested.
Some of the modified tests had previously checked for TCP with ncat but
didn't include an
Previously a change was added to the vnet prepend code to solve for the
case where no L4 checksum offloading was needed but the L3 checksum
hadn't been calculated. But the added check didn't properly account
for IPv6 traffic.
Fixes: 85bcbbed839a ("userspace: Enable tunnel tests with TSO.")
On 2/15/24 14:36, Simon Horman wrote:
> On Thu, Feb 15, 2024 at 12:55:59PM +0100, Ilya Maximets wrote:
>> The cited commit removed direct call to RSTP module from a callback,
>> but we can still enter the module after going through a patch port
>> to a different bridge via
Previously if an OVS configuration nested multiple layers of UDP tunnels
like VXLAN or GENEVE on top of each other through netdev-linux
interfaces, the vnet header would be incorrectly set to the outermost
UDP tunnel layer instead of the intermediary tunnel layer.
This resulted in the middle UDP
On 2/15/24 14:18, Simon Horman wrote:
> On Tue, Feb 13, 2024 at 08:44:41PM +0100, Ilya Maximets wrote:
>> The output file of this openssl command is a certificate signed with
>> pre-existing private key. It doesn't create a private key. The
>> restricted permissions are explicitly removed from
On 2/15/24 14:15, Simon Horman wrote:
> On Tue, Feb 13, 2024 at 08:42:36PM +0100, Ilya Maximets wrote:
>> It's not an executable file.
>>
>> Signed-off-by: Ilya Maximets
>
> Acked-by: Simon Horman
Thanks, Mike and Simon! Applied.
Best regards, Ilya Maximets.
On Thu, Feb 15, 2024 at 4:59 PM Mike Pattrick wrote:
>
> Previously some packets were excluded from the tunnel mark if they
> weren't L4. However, this causes problems with multi encapsulated
> packets like arp.
>
> Due to these flags being set, additional checks are required in checksum
>
Previously some packets were excluded from the tunnel mark if they
weren't L4. However, this causes problems with multi encapsulated
packets like arp.
Due to these flags being set, additional checks are required in checksum
modification code.
Fixes: 084c8087292c ("userspace: Support VXLAN and
Previously a gap existed in the tunnel system tests where only ICMP and
TCP traffic was tested. However, the code paths using for UDP traffic is
different then either of those and should also be tested.
Some of the modified tests had previously checked for TCP with ncat but
didn't include an
Previously a change was added to the vnet prepend code to solve for the
case where no L4 checksum offloading was needed but the L3 checksum
hadn't been calculated. But the added check didn't properly account
for IPv6 traffic.
Fixes: 85bcbbed839a ("userspace: Enable tunnel tests with TSO.")
Previously if an OVS configuration nested multiple layers of UDP tunnels
like VXLAN or GENEVE on top of each other through netdev-linux
interfaces, the vnet header would be incorrectly set to the outermost
UDP tunnel layer instead of the intermediary tunnel layer.
This resulted in the middle UDP
On 2/14/24 13:43, Xavier Simonart wrote:
> When a ct element was cleaned, the cmap could be shrinked, potentially
> causing some elements to be skipped in the flush iteration.
>
> Signed-off-by: Xavier Simonart
> ---
> lib/conntrack.c | 14 -
> lib/conntrack.h | 1 +
Hi everyone,
I wrote a series of three RBAC-related patches that will be in the
upcoming OVN 24.03 release. Here are links to the patches in the main
branch on github:
(1)
https://github.com/ovn-org/ovn/commit/c3bc0f851c941869efa1ee1b43bef7aadd14c127
(2)
On Thu, Feb 15, 2024 at 5:10 AM Xavier Simonart wrote:
>
> Hi Numan
>
> Thanks for the quick review.
>
> On Wed, Feb 14, 2024 at 10:57 PM Numan Siddique wrote:
>
> > On Wed, Feb 14, 2024 at 1:26 PM Xavier Simonart
> > wrote:
> > >
> > > When (re)starting ovn-northd with an existing big nbdb,
>
> > diff --git a/lib/netlink-conntrack.c b/lib/netlink-conntrack.c
> > index 492bfcffb..1b050894d 100644
> > --- a/lib/netlink-conntrack.c
> > +++ b/lib/netlink-conntrack.c
> > @@ -25,6 +25,7 @@
> > #include
> > #include
> > #include
> > +#include
> >
> > #include "byte-order.h"
> >
Felix Huettner via dev writes:
> Previously the kernel did not provide a netlink interface to flush/list
> only conntrack entries matching a specific zone. With [1] and [2] it is now
> possible to flush and list conntrack entries filtered by zone. Older
> kernels not yet supporting this feature
Paolo Valerio writes:
> The patch, when 'persistent' flag is specified, makes the IP selection
> in a range persistent across reboots.
>
> Signed-off-by: Paolo Valerio
> ---
> NEWS | 3 ++-
> lib/conntrack.c | 27 +--
> lib/conntrack.h | 1 +
>
Xavier Simonart writes:
> When a ct element was cleaned, the cmap could be shrinked, potentially
> causing some elements to be skipped in the flush iteration.
>
> Signed-off-by: Xavier Simonart
> ---
This only applies to netdev datapaths, so might be good to mention it in
the commit message.
On Thu, Feb 15, 2024 at 01:00:05PM +0100, Ilya Maximets wrote:
> Currently, failures of pthread_* functions are printed to stderr
> only and then OVS aborts. These error messages are hard to find
> and may be even just lost.
>
> Use VLOG_ABORT() instead. It will do the same thing, but will try
On Thu, Feb 15, 2024 at 12:55:59PM +0100, Ilya Maximets wrote:
> The cited commit removed direct call to RSTP module from a callback,
> but we can still enter the module after going through a patch port
> to a different bridge via ofproto_dpif_send_packet().
>
> Partially revert the change going
On Wed, Feb 14, 2024 at 01:43:21PM +0100, Xavier Simonart wrote:
> When a ct element was cleaned, the cmap could be shrinked, potentially
> causing some elements to be skipped in the flush iteration.
>
> Signed-off-by: Xavier Simonart
Thanks for the patch Xavier.
Acked-by: Simon Horman
On Thu, Feb 15, 2024 at 09:16:38AM +0100, Jakob Meng wrote:
> On 30.01.24 10:44, Simon Horman wrote:
> > On Fri, Jan 26, 2024 at 02:24:51PM +0100, jm...@redhat.com wrote:
> >> From: Jakob Meng
> >>
> >> In a scenario where OVN does load balancing and then SNAT with a OVS
> >> userspace datapath
On Tue, Feb 13, 2024 at 08:44:41PM +0100, Ilya Maximets wrote:
> The output file of this openssl command is a certificate signed with
> pre-existing private key. It doesn't create a private key. The
> restricted permissions are explicitly removed from the resulted
> certificate right after its
On Tue, Feb 13, 2024 at 08:42:36PM +0100, Ilya Maximets wrote:
> It's not an executable file.
>
> Signed-off-by: Ilya Maximets
Acked-by: Simon Horman
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
On Tue, Feb 13, 2024 at 08:40:18PM +0100, Ilya Maximets wrote:
> OpenSSL 1.0.2u is long deprecated and not available for download.
> So, our CI never actually downloads it and uses whatever is in the
> OpenSSL-Win64 folder provided by AppVeyor. Luckily, it happens to
> be OpenSSL 1.0.2u today.
>
On Tue, Feb 13, 2024 at 08:40:17PM +0100, Ilya Maximets wrote:
> OpenSSL 1.1.0 changed the library names from libeay32 and ssleay32 to
> standard libssl and libcrypto. All the versions of OpenSSL that used
> old names reached their official EoL, so it should be safe to just
> migrate to new
On Tue, Feb 13, 2024 at 08:40:16PM +0100, Ilya Maximets wrote:
> There is no chmod or 'mkdir -m' support on Windows, so setting file
> permissions for keys and certificates doesn't actually work.
>
> Implementing them using icacls utility instead.
...
> Signed-off-by: Ilya Maximets
Acked-by:
On 2/15/24 13:42, Simon Horman wrote:
> On Tue, Feb 13, 2024 at 11:08:54AM +0100, Ilya Maximets wrote:
>> On 2/13/24 09:37, Adrian Moreno wrote:
>>>
>>>
>>> On 2/13/24 09:32, Adrian Moreno wrote:
On 2/9/24 17:17, Ilya Maximets wrote:
> For some reason annotation is made for a
On Tue, Feb 13, 2024 at 08:40:15PM +0100, Ilya Maximets wrote:
> We need to know exact linking / compilation errors in order
> to fix issues. We could have uploaded it as an artifact,
> but it seems easier to just print it out for now.
>
> Signed-off-by: Ilya Maximets
> ---
>
On Tue, Feb 13, 2024 at 11:08:54AM +0100, Ilya Maximets wrote:
> On 2/13/24 09:37, Adrian Moreno wrote:
> >
> >
> > On 2/13/24 09:32, Adrian Moreno wrote:
> >>
> >>
> >> On 2/9/24 17:17, Ilya Maximets wrote:
> >>> For some reason annotation is made for a read-lock, while all the
> >>> callers
On Wed, Feb 07, 2024 at 06:38:07PM +0100, Paolo Valerio wrote:
> The userspace conntrack only supported hash for port selection.
> With the patch, both userspace and kernel datapath support the random
> flag.
>
> The default behavior remains the same, that is, if no flags are
> specified, hash is
On Wed, Feb 07, 2024 at 06:38:08PM +0100, Paolo Valerio wrote:
> The patch, when 'persistent' flag is specified, makes the IP selection
> in a range persistent across reboots.
>
> Signed-off-by: Paolo Valerio
Hi Paolo,
I have some minor nits below - which you can feel free to take or leave.
Currently, failures of pthread_* functions are printed to stderr
only and then OVS aborts. These error messages are hard to find
and may be even just lost.
Use VLOG_ABORT() instead. It will do the same thing, but will try
to log the error to the log file and syslog first, if configured.
Using
The cited commit removed direct call to RSTP module from a callback,
but we can still enter the module after going through a patch port
to a different bridge via ofproto_dpif_send_packet().
Partially revert the change going back to a recursive mutex.
Adding the same test for both RSTP and STP.
Hi Numan
Thanks for the quick review.
On Wed, Feb 14, 2024 at 10:57 PM Numan Siddique wrote:
> On Wed, Feb 14, 2024 at 1:26 PM Xavier Simonart
> wrote:
> >
> > When (re)starting ovn-northd with an existing big nbdb,
> > the first iteration of northd was very slow as trying to
> > push all
On Thu, Feb 15, 2024 at 7:03 AM Mike Pattrick wrote:
> I've made a branch where we properly account for outer and inner
> checksums, and it passes the tests mostly, except for afxdp.
>
> For afxdp we crash in dp_packet_prealloc_headroom(). netdev-afxdp has
> a hardcoded OVS_XDP_HEADROOM=128 bytes
On 30.01.24 10:44, Simon Horman wrote:
> On Fri, Jan 26, 2024 at 02:24:51PM +0100, jm...@redhat.com wrote:
>> From: Jakob Meng
>>
>> In a scenario where OVN does load balancing and then SNAT with a OVS
>> userspace datapath [0], the recirc_depth may be greater than 6. In
>> that case,
41 matches
Mail list logo