[ovs-dev] [PATCH 1/1] netdev-linux: Don't set ethtool flags if flag is already set on netdev

2015-09-03 Thread Anoob Soman 
Check if ethtool flags is already set on a netdev, before trying to set it.

This patch works around issues with some older verison of ethernet drivers,
which tend to reset the NIC when call to disable LRO is made, even if LRO is
already disable on that NIC. NIC reset is not desirable in OVS upgrade scenario
as it causes extended downtime.

Signed-off-by: Anoob Soman 
---
 lib/netdev-linux.c | 6 +-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/lib/netdev-linux.c b/lib/netdev-linux.c
index 56eed04..fe92fb5 100644
--- a/lib/netdev-linux.c
+++ b/lib/netdev-linux.c
@@ -5298,7 +5298,11 @@ netdev_linux_ethtool_set_flag(struct netdev *netdev, 
uint32_t flag,
 }
 
 COVERAGE_INC(netdev_set_ethtool);
-evalue.data = new_flags = (evalue.data & ~flag) | (enable ? flag : 0);
+new_flags = (evalue.data & ~flag) | (enable ? flag : 0);
+if (new_flags == evalue.data) {
+retrun 0;
+}
+evalue.data = new_flags;
 error = netdev_linux_do_ethtool(netdev_name,
 (struct ethtool_cmd *),
 ETHTOOL_SFLAGS, "ETHTOOL_SFLAGS");
-- 
1.9.1

___
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev

Re: [ovs-dev] [PATCH] datapath-windows: Tunnel filter initialization check

2015-09-03 Thread Nithin Raju 
> On Sep 2, 2015, at 9:30 AM, Sorin Vinturis  
> wrote:
> 
> Verify if the tunnel filter is initialized before submitting requests.
> 
> Signed-off-by: Sorin Vinturis 
> Reported-by: Sorin Vinturis 
> Reported-at: 
> https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_openvswitch_ovs-2Dissues_issues_100=BQIGaQ=Sqcl0Ez6M0X8aeM67LKIiDJAXVeAw-YihVMNtXt-uEs=pNHQcdr7B40b4h6Yb7FIedI1dnBsxdDuTLBYD3JqV80=2nGvmsCDTDdyyhZa0oS-VW5I3bR194bTi04ou3j5KFM=3X78mGHEeExIP5hrcxN61x8Um8RhohMBCPWD7cnK4-Q=
>  

Acked-by: Nithin Raju 

___
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev

Re: [ovs-dev] [PATCH] datapath-windows: IpHelper support for multiple adapter instances

2015-09-03 Thread Nithin Raju 
hi Sorin/Alin,
I suppose this is a patch that helps with supporting multiple hyper-v switches 
in one datapath.

We had spoken about this a couple of weeks ago during the IRC meeting. I was 
proposing a solution involves writing a teaming driver that can connect to 
multiple physical adapters. In order to support multiple internal adapters, we 
can write another driver similar to a TUN/TAP driver that allows us to create 
as many virtual adapters as we want. On the backend these virtual adapters can 
inject packets directly into the hyper-v switch.

We had signed off by saying we’ll writeup the proposal that talks about the 
workflow end-to-end, and take it from there. Would it be possible to send out 
the proposal before we make heavy duty changes?

Some concerns I have with supporting multiple switches are:

1. I am not sure how sound/great it is to forward packets from one hyper-v 
switch to another. Would it be possible to get a technical clarification from 
MSFT about this? I’ll ask around if we have any contacts.

2. How would compute provisioning work? With the current workflow we have, we 
pick a particular hyper-v switch (Eg. Overlay Switch) and connect all of the 
VMs to that switch, and OVS would take care of networking them up. If we 
support multiple Hyper-V switches, what would be the basis for connecting VMs 
to different Hyper-V switches?

3. It does not take away the need for a teaming driver.

thanks,
-- Nithin


> On Sep 3, 2015, at 4:54 AM, Sorin Vinturis  
> wrote:
> 
> Added support for multiple internal adapter instances to the IpHelper
> module.
> 
> Signed-off-by: Sorin Vinturis 
> Reported-by: Sorin Vinturis 
> Reported-at: 
> https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_openvswitch_ovs-2Dissues_issues_101=BQIGaQ=Sqcl0Ez6M0X8aeM67LKIiDJAXVeAw-YihVMNtXt-uEs=pNHQcdr7B40b4h6Yb7FIedI1dnBsxdDuTLBYD3JqV80=qGum5o5AOAacL3zQu_AHdhnVXoD8hib7nyXXg1JuQr8=iXoc-btgG4cPIdPKi_vFiw9g6JJS-Beqf0HUA6_dz2o=
>  
> ---
> datapath-windows/ovsext/IpHelper.c | 648 ++---
> datapath-windows/ovsext/IpHelper.h |  11 +-
> datapath-windows/ovsext/Vport.c|   4 +-
> 3 files changed, 477 insertions(+), 186 deletions(-)
> 
> diff --git a/datapath-windows/ovsext/IpHelper.c 
> b/datapath-windows/ovsext/IpHelper.c
> index de0d457..964b675 100644
> --- a/datapath-windows/ovsext/IpHelper.c
> +++ b/datapath-windows/ovsext/IpHelper.c
> @@ -26,28 +26,45 @@
> #include "Debug.h"
> 
> /*
> - * Fow now, we assume only one internal adapter
> + * IpHelper supports multiple internal adapters.
>  */
> 
> KSTART_ROUTINE OvsStartIpHelper;
> 
> 
> +/* Contains the entries of internal adapter objects. */
> +static LIST_ENTRY  ovsInstanceList;
> +
> +/* Passive-level lock used to protect the internal adapter object list. */
> +static ERESOURCE   ovsInstanceListLock;
> +
> /*
> + * This structure is used to define each adapter instance.
> + *
> + * Note:
>  * Only when the internal IP is configured and virtual
>  * internal port is connected, the IP helper request can be
>  * queued.
> + *
> + * We only keep internal IP for reference, it will not be used for 
> determining
> + * SRC IP of the Tunnel.
> + *
> + * The lock must not raise the IRQL higher than PASSIVE_LEVEL in order for 
> the
> + * route manipulation functions, i.e. GetBestRoute, to work.
>  */
> -static BOOLEAN ovsInternalIPConfigured;
> -static UINT32  ovsInternalPortNo;
> -static GUIDovsInternalNetCfgId;
> -static MIB_IF_ROW2 ovsInternalRow;
> -static MIB_IPINTERFACE_ROW ovsInternalIPRow;
> -
> -/* we only keep one internal IP for reference, it will not be used for
> - * determining SRC IP of Tunnel
> - */
> -static UINT32   ovsInternalIP;
> +typedef struct _OVS_IPHELPER_INSTANCE
> +{
> +LIST_ENTRY  link;
> +
> +BOOLEAN isIpConfigured;
> +UINT32  portNo;
> +GUIDnetCfgId;
> +MIB_IF_ROW2 internalRow;
> +MIB_IPINTERFACE_ROW internalIPRow;
> +UINT32  ipAddress;
> 
> +ERESOURCE   lock;
> +} OVS_IPHELPER_INSTANCE, *POVS_IPHELPER_INSTANCE;
> 
> /*
>  * FWD_ENTRY >  IPFORWARD_ENTRY
> @@ -85,6 +102,9 @@ static VOID OvsRemoveAllFwdEntriesWithSrc(UINT32 ipAddr);
> static VOID OvsCleanupIpHelperRequestList(VOID);
> static VOID OvsCleanupFwdTable(VOID);
> static VOID OvsAddToSortedNeighList(POVS_IPNEIGH_ENTRY ipn);
> +static POVS_IPHELPER_INSTANCE OvsIpHelperAllocateInstance(
> +POVS_IP_HELPER_REQUEST request);
> +static VOID OvsIpHelperDeleteInstance(POVS_IPHELPER_INSTANCE instance);
> 
> static VOID
> OvsDumpIfRow(PMIB_IF_ROW2 ifRow)
> @@ -325,30 +345,53 @@ OvsDumpRoute(const SOCKADDR_INET *sourceAddress,
> 
> 
> NTSTATUS
> -OvsGetRoute(NET_LUID interfaceLuid,
> -const SOCKADDR_INET *destinationAddress,
>

[ovs-dev] [PATCH] datapath-windows: check vport attribute before access

2015-09-03 Thread Nithin Raju 
OVS_VPORT_ATTR_OPTIONS being an optional attribute should be
preceded by a check for valid value before access.

Signed-off-by: Nithin Raju 
---
 datapath-windows/ovsext/Vport.c | 10 ++
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/datapath-windows/ovsext/Vport.c b/datapath-windows/ovsext/Vport.c
index 6b74ec2..dd615e4 100644
--- a/datapath-windows/ovsext/Vport.c
+++ b/datapath-windows/ovsext/Vport.c
@@ -2177,10 +2177,12 @@ OvsNewVportCmdHandler(POVS_USER_PARAMS_CONTEXT 
usrParamsCtx,
 break;
 }
 
-PNL_ATTR attr = 
NlAttrFindNested(vportAttrs[OVS_VPORT_ATTR_OPTIONS],
- OVS_TUNNEL_ATTR_DST_PORT);
-if (attr) {
-transportPortDest = NlAttrGetU16(attr);
+if (vportAttrs[OVS_VPORT_ATTR_OPTIONS]) {
+PNL_ATTR attr = 
NlAttrFindNested(vportAttrs[OVS_VPORT_ATTR_OPTIONS],
+ OVS_TUNNEL_ATTR_DST_PORT);
+if (attr) {
+transportPortDest = NlAttrGetU16(attr);
+}
 }
 
 status = OvsInitTunnelVport(usrParamsCtx,
-- 
1.8.5.6

___
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev

[ovs-dev] [PATCH] FAQ: mention about plotnetcfg tool

2015-09-03 Thread Flavio Leitner 
The plotnetcfg is an open source tool to visualy represent
relationship between network interfaces on a single host.

It helps to understand the path of a packet on a host.

Signed-off-by: Flavio Leitner 
---
 FAQ.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/FAQ.md b/FAQ.md
index 5ce42b9..631f6a4 100644
--- a/FAQ.md
+++ b/FAQ.md
@@ -1623,6 +1623,9 @@ A: To debug network behavior problems, trace the path of 
a packet,
that's correct, then trace the path of the response packet back to
the origin.
 
+   The open source tool called "plotnetcfg" can help to understand the
+   relationship between the networking devices on a single host.
+
Usually a simple ICMP echo request and reply ("ping") packet is
good enough.  Start by initiating an ongoing "ping" from the origin
host to a remote host.  If you are tracking down a connectivity
-- 
2.1.0


___
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev

Re: [ovs-dev] [PATCH] sandbox: Include vtep dir into the sandbox path

2015-09-03 Thread Russell Bryant 
On 09/03/2015 01:02 PM, majop...@redhat.com wrote:
> From: Miguel Angel Ajo 
> 
> Otherwise the built vtep-ctl is not available from the
> sandbox command line.
> 
> Signed-off-by: Miguel Angel Ajo 

Thanks!

Acked-by: Russell Bryant 

-- 
Russell Bryant
___
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev

Re: [ovs-dev] [PATCH] FAQ: mention about plotnetcfg tool

2015-09-03 Thread ALeX Wang 
tried this out, looks useful,

Look good to me,

Thanks,
Alex Wang,

On 3 September 2015 at 07:53, Flavio Leitner  wrote:

> The plotnetcfg is an open source tool to visualy represent
> relationship between network interfaces on a single host.
>
> It helps to understand the path of a packet on a host.
>
> Signed-off-by: Flavio Leitner 
> ---
>  FAQ.md | 3 +++
>  1 file changed, 3 insertions(+)
>
> diff --git a/FAQ.md b/FAQ.md
> index 5ce42b9..631f6a4 100644
> --- a/FAQ.md
> +++ b/FAQ.md
> @@ -1623,6 +1623,9 @@ A: To debug network behavior problems, trace the
> path of a packet,
> that's correct, then trace the path of the response packet back to
> the origin.
>
> +   The open source tool called "plotnetcfg" can help to understand the
> +   relationship between the networking devices on a single host.
> +
> Usually a simple ICMP echo request and reply ("ping") packet is
> good enough.  Start by initiating an ongoing "ping" from the origin
> host to a remote host.  If you are tracking down a connectivity
> --
> 2.1.0
>
>
> ___
> dev mailing list
> dev@openvswitch.org
> http://openvswitch.org/mailman/listinfo/dev
>



-- 
Alex Wang,
Open vSwitch developer
___
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev

[ovs-dev] Fwd: [Dpdk-ovs] dpdk ovs

2015-09-03 Thread Gayathri 
Hi all,

Plz comment.

Regards,
gayathri

-- Forwarded message --
From: Gray, Mark D 
Date: Thu, Sep 3, 2015 at 12:54 AM
Subject: RE: [Dpdk-ovs] dpdk ovs
To: Gayathri , "dpdk-...@lists.01.org" <
dpdk-...@lists.01.org>


I think this refers to OVS so you should post to ovs-dev.

> -Original Message-
> From: Dpdk-ovs [mailto:dpdk-ovs-boun...@lists.01.org] On Behalf Of
> Gayathri
> Sent: Wednesday, September 2, 2015 11:06 PM
> To: dpdk-...@lists.01.org
> Subject: [Dpdk-ovs] dpdk ovs
>
> Hi *,
>
> We were looking into having VNFs working on DPDK ovs within a VM. These
> VMs with the VNF will be running in turn on a host that is running already
> DPDK ovs. All documents that I have seen so far only indicate DPDK within
> the quest (with DPDK ovs on the HOST) and not DPDK with ovs in the guest &
> host. Please let me know if this is even possible.
>
> Thanks in advance
>
> Regards,
> Dev
> ___
> Dpdk-ovs mailing list
> dpdk-...@lists.01.org
> https://lists.01.org/mailman/listinfo/dpdk-ovs
___
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev

[ovs-dev] Fwd: [Dpdk-ovs] dpdk ovs inter VM communication

2015-09-03 Thread Gayathri 
Hi all,

Please comment.

Regards,
Dev
-- Forwarded message --
From: Gray, Mark D 
Date: Thu, Sep 3, 2015 at 12:54 AM
Subject: RE: [Dpdk-ovs] dpdk ovs inter VM communication
To: Gayathri , "dpdk-...@lists.01.org" <
dpdk-...@lists.01.org>


I think this should be posted on ovs-dev as it refers to OVS rather than
OVDK.

Mark

> -Original Message-
> From: Dpdk-ovs [mailto:dpdk-ovs-boun...@lists.01.org] On Behalf Of
> Gayathri
> Sent: Wednesday, September 2, 2015 6:13 PM
> To: dpdk-...@lists.01.org
> Subject: [Dpdk-ovs] dpdk ovs inter VM communication
>
> Hi *,
>
> I have dpdk 2.0 and ovs 2.4 working for a single VM. I would like to
create
> couple of them and have INTER-VM communication tested. But not sure
> what is the configuration requirement to accomplish this.  Please help me
> out.
>
> Few questions regarding the ports shown in the below o/p:
> MYBOX:~/OVS$ sudo ovs-vsctl show
> 39834e02-bf59-4219-8200-b91297015e92
> Bridge "br1"
> Port "dpdkvhost1"
> Interface "dpdkvhost1"
> type: dpdkvhostuser
> Port "dpdk1"
> Interface "dpdk1"
> type: dpdk
> Port "br1"
> Interface "br1"
> type: internal
> Bridge "br0"
> Port "dpdk0"
> Interface "dpdk0"
> type: dpdk
> Port "br0"
> Interface "br0"
> type: internal
> Port "dpdkvhost0"
> Interface "dpdkvhost0"
> type: dpdkvhostuser
>
> 1) What are these ports dpdk0/1 ?  Are they outgoing ports connected to
the
> physical nics
> 2) Also dpdkvhost0/1 are they ports connecting the VM interface?
> 3) How do we detect the port num of Rxring/Txring of the vhost port?
>
>
> Regards,
> Gayathri
> ___
> Dpdk-ovs mailing list
> dpdk-...@lists.01.org
> https://lists.01.org/mailman/listinfo/dpdk-ovs
___
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev

Re: [ovs-dev] [PATCH] FAQ: mention about plotnetcfg tool

2015-09-03 Thread Flavio Leitner 
On Thu, Sep 03, 2015 at 09:26:17AM -0700, ALeX Wang wrote:
> tried this out, looks useful,

Yeah, try on a openstack compute node with some tenants.
It uses namespaces, veth pairs, ovs bridges, internal ports, tunnels,
linux bridges, etc.  Of course, it's possible to trace the path of a
packet, but it's time consuming and the names aren't exactly human
friendly :)

The tool helps a lot with those sophisticated scenarios.

fbl


> 
> Look good to me,
> 
> Thanks,
> Alex Wang,
> 
> On 3 September 2015 at 07:53, Flavio Leitner  wrote:
> 
> > The plotnetcfg is an open source tool to visualy represent
> > relationship between network interfaces on a single host.
> >
> > It helps to understand the path of a packet on a host.
> >
> > Signed-off-by: Flavio Leitner 
> > ---
> >  FAQ.md | 3 +++
> >  1 file changed, 3 insertions(+)
> >
> > diff --git a/FAQ.md b/FAQ.md
> > index 5ce42b9..631f6a4 100644
> > --- a/FAQ.md
> > +++ b/FAQ.md
> > @@ -1623,6 +1623,9 @@ A: To debug network behavior problems, trace the
> > path of a packet,
> > that's correct, then trace the path of the response packet back to
> > the origin.
> >
> > +   The open source tool called "plotnetcfg" can help to understand the
> > +   relationship between the networking devices on a single host.
> > +
> > Usually a simple ICMP echo request and reply ("ping") packet is
> > good enough.  Start by initiating an ongoing "ping" from the origin
> > host to a remote host.  If you are tracking down a connectivity
> > --
> > 2.1.0
> >
> >
> > ___
> > dev mailing list
> > dev@openvswitch.org
> > http://openvswitch.org/mailman/listinfo/dev
> >
> 
> 
> 
> -- 
> Alex Wang,
> Open vSwitch developer
> ___
> dev mailing list
> dev@openvswitch.org
> http://openvswitch.org/mailman/listinfo/dev

___
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev

[ovs-dev] [PATCH v8 2/2] ovn: Add "localnet" logical port type.

2015-09-03 Thread Russell Bryant 
Introduce a new logical port type called "localnet".  A logical port
with this type also has an option called "network_name".  A "localnet"
logical port represents a connection to a network that is locally
accessible from each chassis running ovn-controller.  ovn-controller
will use the ovn-bridge-mappings configuration to figure out which
patch port on br-int should be used for this port.

OpenStack Neutron has an API extension called "provider networks" which
allows an administrator to specify that it would like ports directly
attached to some pre-existing network in their environment.  There was a
previous thread where we got into the details of this here:

  http://openvswitch.org/pipermail/dev/2015-June/056765.html

The case where this would be used is an environment that isn't actually
interested in virtual networks and just wants all of their compute
resources connected up to externally managed networks.  Even in this
environment, OVN still has a lot of value to add.  OVN implements port
security and ACLs for all ports connected to these networks.  OVN also
provides the configuration interface and control plane to manage this
across many hypervisors.

As a specific example, consider an environment with two hypvervisors
(A and B) with two VMs on each hypervisor (A1, A2, B1, B2).  Now imagine
that the desired setup from an OpenStack perspective is to have all of
these VMs attached to the same provider network, which is a physical
network we'll refer to as "physnet1".

The first step here is to configure each hypervisor with bridge mappings
that tell ovn-controller that a local bridge called "br-eth1" is used to
reach the network called "physnet1".  We can simulate the inital setup
of this environment in ovs-sandbox with the following commands:

  # Setup the local hypervisor (A)
  ovs-vsctl add-br br-eth1
  ovs-vsctl set open . external-ids:ovn-bridge-mappings=physnet1:br-eth1

  # Create a fake remote hypervisor (B)
  ovn-sbctl chassis-add fakechassis geneve 127.0.0.1

To get the behavior we want, we model every Neutron port connected to a
Neutron provider network as an OVN logical switch with 2 ports.  The
first port is a normal logical port to be used by the VM.  The second
logical port is a special port with its type set to "localnet".

To simulate the creation of the OVN logical switches and OVN logical
ports for A1, A2, B1, and B2, you can run the following commands:

  # Create 4 OVN logical switches.  Each logical switch has 2 ports,
  # port1 for a VM and physnet1 for the existing network we are
  # connecting to.
  for n in 1 2 3 4; do
  ovn-nbctl lswitch-add provnet1-$n

  ovn-nbctl lport-add provnet1-$n provnet1-$n-port1
  ovn-nbctl lport-set-macs provnet1-$n-port1 00:00:00:00:00:0$n
  ovn-nbctl lport-set-port-security provnet1-$n-port1 00:00:00:00:00:0$n

  ovn-nbctl lport-add provnet1-$n provnet1-$n-physnet1
  ovn-nbctl lport-set-macs provnet1-$n-physnet1 unknown
  ovn-nbctl lport-set-type provnet1-$n-physnet1 localnet
  ovn-nbctl lport-set-options provnet1-$n-physnet1 network_name=physnet1
  done

  # Bind lport1 (A1) and lport2 (A2) to the local hypervisor.
  ovs-vsctl add-port br-int lport1 -- set Interface lport1 
external_ids:iface-id=provnet1-1-port1
  ovs-vsctl add-port br-int lport2 -- set Interface lport2 
external_ids:iface-id=provnet1-2-port1

  # Bind the other 2 ports to the fake remote hypervisor.
  ovn-sbctl lport-bind provnet1-3-port1 fakechassis
  ovn-sbctl lport-bind provnet1-4-port1 fakechassis

After running these commands, we have the following logical
configuration:

  $ ovn-nbctl show
lswitch 035645fc-b2ff-4e26-b953-69addba80a9a (provnet1-4)
lport provnet1-4-physnet1
macs: unknown
lport provnet1-4-port1
macs: 00:00:00:00:00:04
lswitch 66212a85-b3b6-4688-bcf6-8062941a2d96 (provnet1-2)
lport provnet1-2-physnet1
macs: unknown
lport provnet1-2-port1
macs: 00:00:00:00:00:02
lswitch fc5b1141-0216-4fa7-86f3-461811c1fc9b (provnet1-3)
lport provnet1-3-physnet1
macs: unknown
lport provnet1-3-port1
macs: 00:00:00:00:00:03
lswitch 9b1d2636-e654-4d43-84e8-a921af611b33 (provnet1-1)
lport provnet1-1-physnet1
macs: unknown
lport provnet1-1-port1
macs: 00:00:00:00:00:01

We can also look at OVN_Southbound to see that 2 logical ports are bound
to each hypervisor:

  $ ovn-sbctl show
  Chassis "56b18105-5706-46ef-80c4-ff20979ab068"
  Encap geneve
  ip: "127.0.0.1"
  Port_Binding "provnet1-1-port1"
  Port_Binding "provnet1-2-port1"
  Chassis fakechassis
  Encap geneve
  ip: "127.0.0.1"
  Port_Binding "provnet1-3-port1"
  Port_Binding "provnet1-4-port1"

Now we can generate several packets to test how a packet would be
processed on hypervisor A.  The OpenFlow port numbers in this demo are:

  1 - patch port to br-eth1 (physnet1)
  2 - tunnel

[ovs-dev] [PATCH v8 0/2] OVN support for Neutron provider networks

2015-09-03 Thread Russell Bryant 
v7->v8:
 - Add notes about br-int getting created automatically to ovn-architecture and
   ovn-controller docs.
 - Immediately return br_int after it gets created instead of waiting for a
   future run of the main loop to find it.
 - Restrict "localnet" port type to Neutron's use case where a logical switch
   can only have a single normal logical port on a switch with a single localnet
   logical port.  This simplifies things a good bit.
 - Note that this restriction discussed in the previous point is only
   documented right now, not enforced in code because it wasn't obvious to me
   the best way to do so.  There's nothing stopping the bad configuration from
   being done in OVN_Northbound.  I suppose ovn-northd could at least detect
   and log an error on the invalid configuration.  I'm happy to address this in
   another rev or a followup patch if we can settle on what makes the msot
   sense.

Russell Bryant (2):
  ovn: Automatically create br-int in ovn-controller.
  ovn: Add "localnet" logical port type.

 ovn/controller/ovn-controller.8.xml |   5 +-
 ovn/controller/ovn-controller.c |  67 +++---
 ovn/controller/physical.c   | 178 +++-
 ovn/ovn-architecture.7.xml  |  15 ++-
 ovn/ovn-nb.xml  |  18 +++-
 ovn/ovn-sb.xml  |  33 ++-
 tutorial/ovs-sandbox|   2 -
 7 files changed, 274 insertions(+), 44 deletions(-)

-- 
2.4.3

___
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev

[ovs-dev] [PATCH v8 1/2] ovn: Automatically create br-int in ovn-controller.

2015-09-03 Thread Russell Bryant 
ovn-controller previously required the integration bridge to be
created before running ovn-controller.  This patch makes
ovn-controller automatically create it if it doesn't already exist.

Signed-off-by: Russell Bryant 
---
 ovn/controller/ovn-controller.8.xml |  5 ++-
 ovn/controller/ovn-controller.c | 67 +++--
 ovn/ovn-architecture.7.xml  |  8 +++--
 tutorial/ovs-sandbox|  2 --
 4 files changed, 66 insertions(+), 16 deletions(-)

diff --git a/ovn/controller/ovn-controller.8.xml 
b/ovn/controller/ovn-controller.8.xml
index c5d9dce..92cd669 100644
--- a/ovn/controller/ovn-controller.8.xml
+++ b/ovn/controller/ovn-controller.8.xml
@@ -84,7 +84,10 @@
   
 external_ids:ovn-bridge specifies the
 integration bridge to which logical ports are attached.
-The default is br-int.
+The default is br-int.  If this bridge does
+not exist when ovn-controller starts, it will be created
+automatically with the default configuration suggested in
+ovn-architecture(7).
   
 
 
diff --git a/ovn/controller/ovn-controller.c b/ovn/controller/ovn-controller.c
index 1608cc4..d705a16 100644
--- a/ovn/controller/ovn-controller.c
+++ b/ovn/controller/ovn-controller.c
@@ -70,9 +70,53 @@ get_bridge(struct ovsdb_idl *ovs_idl, const char *br_name)
 }
 
 static const struct ovsrec_bridge *
-get_br_int(struct ovsdb_idl *ovs_idl)
+create_br_int(struct controller_ctx *ctx,
+  const struct ovsrec_open_vswitch *cfg,
+  const char *bridge_name)
 {
-const struct ovsrec_open_vswitch *cfg = ovsrec_open_vswitch_first(ovs_idl);
+if (!ctx->ovs_idl_txn) {
+return NULL;
+}
+
+ovsdb_idl_txn_add_comment(ctx->ovs_idl_txn,
+"ovn-controller: creating integration bridge '%s'", bridge_name);
+
+struct ovsrec_interface *iface;
+iface = ovsrec_interface_insert(ctx->ovs_idl_txn);
+ovsrec_interface_set_name(iface, bridge_name);
+ovsrec_interface_set_type(iface, "internal");
+
+struct ovsrec_port *port;
+port = ovsrec_port_insert(ctx->ovs_idl_txn);
+ovsrec_port_set_name(port, bridge_name);
+ovsrec_port_set_interfaces(port, , 1);
+
+struct ovsrec_bridge *bridge;
+bridge = ovsrec_bridge_insert(ctx->ovs_idl_txn);
+ovsrec_bridge_set_name(bridge, bridge_name);
+ovsrec_bridge_set_fail_mode(bridge, "secure");
+struct smap other_config = SMAP_INITIALIZER(_config);
+smap_add(_config, "disable-in-band", "true");
+ovsrec_bridge_set_other_config(bridge, _config);
+smap_destroy(_config);
+ovsrec_bridge_set_ports(bridge, , 1);
+
+struct ovsrec_bridge **bridges;
+size_t bytes = sizeof *bridges * cfg->n_bridges;
+bridges = xmalloc(bytes + sizeof *bridges);
+memcpy(bridges, cfg->bridges, bytes);
+bridges[cfg->n_bridges] = bridge;
+ovsrec_open_vswitch_verify_bridges(cfg);
+ovsrec_open_vswitch_set_bridges(cfg, bridges, cfg->n_bridges + 1);
+
+return bridge;
+}
+
+static const struct ovsrec_bridge *
+get_br_int(struct controller_ctx *ctx)
+{
+const struct ovsrec_open_vswitch *cfg;
+cfg = ovsrec_open_vswitch_first(ctx->ovs_idl);
 if (!cfg) {
 return NULL;
 }
@@ -83,14 +127,11 @@ get_br_int(struct ovsdb_idl *ovs_idl)
 }
 
 const struct ovsrec_bridge *br;
-br = get_bridge(ovs_idl, br_int_name);
-if (br) {
-return br;
+br = get_bridge(ctx->ovs_idl, br_int_name);
+if (!br) {
+return create_br_int(ctx, cfg, br_int_name);
 }
-
-static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 1);
-VLOG_WARN_RL(, "%s: integration bridge does not exist", br_int_name);
-return NULL;
+return br;
 }
 
 static const char *
@@ -374,6 +415,7 @@ main(int argc, char *argv[])
 ovsdb_idl_add_table(ovs_idl_loop.idl, _table_open_vswitch);
 ovsdb_idl_add_column(ovs_idl_loop.idl,
  _open_vswitch_col_external_ids);
+ovsdb_idl_add_column(ovs_idl_loop.idl, _open_vswitch_col_bridges);
 ovsdb_idl_add_table(ovs_idl_loop.idl, _table_interface);
 ovsdb_idl_add_column(ovs_idl_loop.idl, _interface_col_name);
 ovsdb_idl_add_column(ovs_idl_loop.idl, _interface_col_type);
@@ -384,6 +426,9 @@ main(int argc, char *argv[])
 ovsdb_idl_add_column(ovs_idl_loop.idl, _port_col_external_ids);
 ovsdb_idl_add_table(ovs_idl_loop.idl, _table_bridge);
 ovsdb_idl_add_column(ovs_idl_loop.idl, _bridge_col_ports);
+ovsdb_idl_add_column(ovs_idl_loop.idl, _bridge_col_name);
+ovsdb_idl_add_column(ovs_idl_loop.idl, _bridge_col_fail_mode);
+ovsdb_idl_add_column(ovs_idl_loop.idl, _bridge_col_other_config);
 chassis_register_ovs_idl(ovs_idl_loop.idl);
 encaps_register_ovs_idl(ovs_idl_loop.idl);
 binding_register_ovs_idl(ovs_idl_loop.idl);
@@ -406,7 +451,7 @@ main(int argc, char *argv[])
 .ovnsb_idl_txn =

[ovs-dev] [PATCH] sandbox: Include vtep dir into the sandbox path

2015-09-03 Thread majopela 
From: Miguel Angel Ajo 

Otherwise the built vtep-ctl is not available from the
sandbox command line.

Signed-off-by: Miguel Angel Ajo 
---
 tutorial/ovs-sandbox | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tutorial/ovs-sandbox b/tutorial/ovs-sandbox
index c8fc32f..5e0553b 100755
--- a/tutorial/ovs-sandbox
+++ b/tutorial/ovs-sandbox
@@ -258,7 +258,7 @@ if $built; then
 echo >&2 'build not found, please change set $builddir or change 
directory'
 exit 1
 fi
-PATH=$builddir/ovsdb:$builddir/vswitchd:$builddir/utilities:$PATH
+
PATH=$builddir/ovsdb:$builddir/vswitchd:$builddir/utilities:$builddir/vtep:$PATH
 if $ovn; then
 
PATH=$builddir/ovn:$builddir/ovn/controller:$builddir/ovn/controller-vtep:$builddir/ovn/northd:$builddir/ovn/utilities:$PATH
 fi
-- 
1.8.3.1

___
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev

Re: [ovs-dev] [PATCH 1/1] netdev-linux: Don't set ethtool flags if flag is already set on netdev

2015-09-03 Thread Jesse Gross 
On Thu, Sep 3, 2015 at 6:53 AM, Anoob Soman  wrote:
> Check if ethtool flags is already set on a netdev, before trying to set it.
>
> This patch works around issues with some older verison of ethernet drivers,
> which tend to reset the NIC when call to disable LRO is made, even if LRO is
> already disable on that NIC. NIC reset is not desirable in OVS upgrade 
> scenario
> as it causes extended downtime.
>
> Signed-off-by: Anoob Soman 

Thanks, applied to master, branch-2.4, and branch-2.3.

I did fix the typo in 'return' that prevents this from compiling though...
___
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev

[ovs-dev] [PATCH 2/4] tests: Group the OVN tests together.

2015-09-03 Thread Justin Pettit 
Signed-off-by: Justin Pettit 
---
 tests/testsuite.at |2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/tests/testsuite.at b/tests/testsuite.at
index 384efdf..f3bc126 100644
--- a/tests/testsuite.at
+++ b/tests/testsuite.at
@@ -18,7 +18,6 @@ m4_include([tests/ovs-macros.at])
 m4_include([tests/ovsdb-macros.at])
 m4_include([tests/ofproto-macros.at])
 
-m4_include([tests/ovn-controller-vtep.at])
 m4_include([tests/completion.at])
 m4_include([tests/bfd.at])
 m4_include([tests/cfm.at])
@@ -70,3 +69,4 @@ m4_include([tests/vtep-ctl.at])
 m4_include([tests/auto-attach.at])
 m4_include([tests/ovn.at])
 m4_include([tests/ovn-sbctl.at])
+m4_include([tests/ovn-controller-vtep.at])
-- 
1.7.5.4

___
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev

[ovs-dev] Bonus

2015-09-03 Thread Telekom Malaysia Berhad 
Telekom Malaysia Berhad
G.03B, Ground Floor, Kompleks Antarabangsa,
Jln Sultan Ismail, Off Jalan Ampang
50088 50250
Kuala Lumpur.


NOTIS RASMI HADIAH TELEKOM MALAYSIA

Pihak Telekom Malaysia @Program Kemenangan yang telah diadakan pada 2 September 
2015 di 
mana alamat email anda yang disertakan beraama Tiket Kemenangan nombor 2 - 4 - 
16 - 37 
- 89 - 40 -85 dengan siri nombor 2268/02 telah memenangi loteri kategori hadiah 
kedua 
khas keluarga Telekom Malaysia. Untuk menuntut hadiah kemenangan ini anda 
dikehendaki 
menghubungi melalui e mail Bahagian Tuntutan untuk tujuan pemerosesan dan 
pembayaran 
hadiah wang tunai kepada anda.

Di sepanjang program Khas Keluarga Telekom yang telah diadakan di Ibupejabat di 
Kuala 
Lumpur sejumlah Rm 270,000.00 (Ringgit Malaysia : Dua Ratus Tujoh Puloh Ribu) 
telah 
dianugerahkan kepada anda oleh Telekom Malaysia Berhad kepada anda dan keluarga 
anda 
sempena sambutsn Hari Raya 2015 ini.

Program ini turut dibiayai bersama oleh Toyota Malaysia dan Tenaga Nasional 
sebagai 
pakej istimewa Telekom 2015 dan anda perlu memahami bahawa e mail ini adalah 
100% sah 
dan diiktiraf kerana program ini kebiasaannya diadakan sekali dalam masa lima 
tahun.

Sila hubungi agen kami untuk menuntut hadiah ini :

EN SHAFIE BIN HASSAN
Pengarah Bahagian Tuntutan
E-mail: tmbcla...@outlook.my

Untuk tujuan pemerosesan sila hubungi agen kami dengan maklumat-maklumat 
berikut :
1) Nama Penuh:
2). Umur:
3). Pekerjaan:
4). Telefon:
5). Negeri/Bandar:

Perlu diingatkan bahawa hadiah akhir tahun Telekom Malaysia Berhad 2015 ini 
adalah 
diberikan khas kepada anda dan keluarga anda dan anda hendaklah membuat tunttan 
ini 
sebelum Oktober 20, 2015.

Terima kasih.

Mrs Nadia binti Rafik
Pengurus Eksekutif
Anugerah Telekom Malaysia
Ibupejabat telekom Malaysia
___
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev

Re: [ovs-dev] OVN: RFC add a new JSON-RPC selective monitoring method

2015-09-03 Thread Andy Zhou 
On Thu, Sep 3, 2015 at 5:27 AM, Liran Schour  wrote:
> Andy Zhou  wrote on 01/09/2015 11:15:56 PM:
>
>> From: Andy Zhou 
>> To: Liran Schour/Haifa/IBM@IBMIL
>> Cc: Ben Pfaff , dev 
>> Date: 01/09/2015 11:16 PM
>> Subject: Re: [ovs-dev] OVN: RFC add a new JSON-RPC selective monitoring
>> method
>>
>> >
>> >> Third, this may be a good opportunity to fix a design mistake in
>> >> "monitor", which is that it sends too much data when a row is modified:
>> >> it sends both the old and new values for columns that have changed, as
>> >> well as the value of every column that did not change.  I thought that
>> >> would be useful when I originally designed it, but it's proven to just
>> >> waste CPU and memory and bandwidth.
>> >>
>> >
>> > I will include a new version of Update Notification that will describe
>> > this change.
>> >
>> I am working on patch series that implements this enhancement. My
>> current plan is to send the RFC changes along with the prototyping
>> code for review. I am currently making a small change to the original
>> monitor message to indicate whether it will accept the new Update
>> Notification format.  With the proposal of ,  I
>> think it can be implied with the new message, and much cleaner.
>>
>> The details of the new Update Notification is more involved that I
>> would like to prototype before proposing.
>>
>
> I thought to define a new member called "modified" to monitor-select object
> to signify that update notification should include only modified columns
> with their new value only. Client should set to true only one of the members
> "modify", "modified". If both omitted default behavior is "modify" as it is
> now. (XOR)

This is an interesting proposal. But I don't think we need the bit for
the new monitor message.

The new 'modified' only update notification is likely to be
significantly different than current Update Notification,
I think it will make sense to add a new message type, say, Update
Notification2 (V2).

Coming back to the modified bit proposal, I don't think we need this
extra bit. The monitor-select should accept
both current Update Notification and V2, assuming both changes are
made into the same OVS release.

On the other hand, this bit may be useful to be added to the current
monitor message if we want to continue
using it after monitor-select being available for modified only
updates. I currently don't foresee such
use case.  Do you?

Make sense?
___
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev

[ovs-dev] [PATCH 1/4] tests: Fix banner name for ovn-sbctl.

2015-09-03 Thread Justin Pettit 
Signed-off-by: Justin Pettit 
---
 tests/ovn-sbctl.at |2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/tests/ovn-sbctl.at b/tests/ovn-sbctl.at
index 16968fd..d44714e 100644
--- a/tests/ovn-sbctl.at
+++ b/tests/ovn-sbctl.at
@@ -1,4 +1,4 @@
-AT_BANNER([ovn_controller_gw])
+AT_BANNER([ovn-sbctl])
 
 # OVN_SBCTL_TEST_START
 m4_define([OVN_SBCTL_TEST_START],
-- 
1.7.5.4

___
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev

[ovs-dev] [PATCH 4/4] tests: Add unit tests for ovn-nbctl.

2015-09-03 Thread Justin Pettit 
Signed-off-by: Justin Pettit 
---
 tests/automake.mk  |1 +
 tests/ovn-nbctl.at |  119 
 tests/testsuite.at |1 +
 3 files changed, 121 insertions(+), 0 deletions(-)
 create mode 100644 tests/ovn-nbctl.at

diff --git a/tests/automake.mk b/tests/automake.mk
index 32f757b..4198039 100644
--- a/tests/automake.mk
+++ b/tests/automake.mk
@@ -87,6 +87,7 @@ TESTSUITE_AT = \
tests/vtep-ctl.at \
tests/auto-attach.at \
tests/ovn.at \
+   tests/ovn-nbctl.at \
tests/ovn-sbctl.at \
tests/ovn-controller-vtep.at
 
diff --git a/tests/ovn-nbctl.at b/tests/ovn-nbctl.at
new file mode 100644
index 000..dd81626
--- /dev/null
+++ b/tests/ovn-nbctl.at
@@ -0,0 +1,119 @@
+AT_BANNER([ovn-nbctl])
+
+# OVN_NBCTL_TEST_START
+m4_define([OVN_NBCTL_TEST_START],
+  [OVS_RUNDIR=`pwd`; export OVS_RUNDIR
+   OVS_LOGDIR=`pwd`; export OVS_LOGDIR
+   OVS_DBDIR=`pwd`; export OVS_DBDIR
+   OVS_SYSCONFDIR=`pwd`; export OVS_SYSCONFDIR
+
+   dnl Create ovn-nb database.
+   AT_CHECK([ovsdb-tool create ovn-nb.db $abs_top_srcdir/ovn/ovn-nb.ovsschema])
+
+   dnl Start ovsdb-server.
+   AT_CHECK([ovsdb-server --detach --no-chdir --pidfile --log-file 
--remote=punix:$OVS_RUNDIR/db.sock ovn-nb.db], [0], [], [stderr])
+ON_EXIT_UNQUOTED([kill `cat ovsdb-server.pid`])
+   AT_CHECK([[sed < stderr '
+/vlog|INFO|opened log file/d
+/ovsdb_server|INFO|ovsdb-server (Open vSwitch)/d']])
+   AT_CAPTURE_FILE([ovsdb-server.log])
+])
+
+# OVN_NBCTL_TEST_STOP
+m4_define([OVN_NBCTL_TEST_STOP],
+  [AT_CHECK([check_logs $1])
+   AT_CHECK([ovs-appctl -t ovsdb-server exit])])
+
+
+AT_SETUP([ovn-nbctl - lswitch])
+OVN_NBCTL_TEST_START
+
+AT_CHECK([ovn-nbctl lswitch-add ls0])
+AT_CHECK([ovn-nbctl lswitch-list | ${PERL} $srcdir/uuidfilt.pl], [0], [dnl
+<0> (ls0)
+])
+
+AT_CHECK([ovn-nbctl lswitch-add ls1])
+AT_CHECK([ovn-nbctl lswitch-list | ${PERL} $srcdir/uuidfilt.pl], [0], [dnl
+<0> (ls0)
+<1> (ls1)
+])
+
+AT_CHECK([ovn-nbctl lswitch-del ls0])
+AT_CHECK([ovn-nbctl lswitch-list | ${PERL} $srcdir/uuidfilt.pl], [0], [dnl
+<0> (ls1)
+])
+
+OVN_NBCTL_TEST_STOP
+AT_CLEANUP
+
+dnl -
+
+AT_SETUP([ovn-nbctl - lport])
+OVN_NBCTL_TEST_START
+
+AT_CHECK([ovn-nbctl lswitch-add ls0])
+AT_CHECK([ovn-nbctl lport-add ls0 lp0])
+AT_CHECK([ovn-nbctl lport-list ls0 | ${PERL} $srcdir/uuidfilt.pl], [0], [dnl
+<0> (lp0)
+])
+
+AT_CHECK([ovn-nbctl lport-add ls0 lp1])
+AT_CHECK([ovn-nbctl lport-list ls0 | ${PERL} $srcdir/uuidfilt.pl], [0], [dnl
+<0> (lp0)
+<1> (lp1)
+])
+
+AT_CHECK([ovn-nbctl lport-del lp1])
+AT_CHECK([ovn-nbctl lport-list ls0 | ${PERL} $srcdir/uuidfilt.pl], [0], [dnl
+<0> (lp0)
+])
+
+OVN_NBCTL_TEST_STOP
+AT_CLEANUP
+
+dnl -
+
+AT_SETUP([ovn-nbctl - lport macs])
+OVN_NBCTL_TEST_START
+
+AT_CHECK([ovn-nbctl lswitch-add ls0])
+AT_CHECK([ovn-nbctl lport-add ls0 lp0])
+AT_CHECK([ovn-nbctl lport-get-macs lp0], [0], [dnl
+])
+
+AT_CHECK([ovn-nbctl lport-set-macs lp0 00:11:22:33:44:55 unknown])
+AT_CHECK([ovn-nbctl lport-get-macs lp0], [0], [dnl
+00:11:22:33:44:55
+unknown
+])
+
+AT_CHECK([ovn-nbctl lport-set-macs lp0])
+AT_CHECK([ovn-nbctl lport-get-macs lp0], [0], [dnl
+])
+
+OVN_NBCTL_TEST_STOP
+AT_CLEANUP
+
+dnl -
+
+AT_SETUP([ovn-nbctl - lport port security])
+OVN_NBCTL_TEST_START
+
+AT_CHECK([ovn-nbctl lswitch-add ls0])
+AT_CHECK([ovn-nbctl lport-add ls0 lp0])
+AT_CHECK([ovn-nbctl lport-get-macs lp0], [0], [dnl
+])
+
+AT_CHECK([ovn-nbctl lport-set-port-security lp0 aa:bb:cc:dd:ee:ff 
00:11:22:33:44:55])
+AT_CHECK([ovn-nbctl lport-get-port-security lp0], [0], [dnl
+00:11:22:33:44:55
+aa:bb:cc:dd:ee:ff
+])
+
+AT_CHECK([ovn-nbctl lport-set-port-security lp0])
+AT_CHECK([ovn-nbctl lport-get-port-security lp0], [0], [dnl
+])
+
+OVN_NBCTL_TEST_STOP
+AT_CLEANUP
diff --git a/tests/testsuite.at b/tests/testsuite.at
index f3bc126..cb2e098 100644
--- a/tests/testsuite.at
+++ b/tests/testsuite.at
@@ -68,5 +68,6 @@ m4_include([tests/vlog.at])
 m4_include([tests/vtep-ctl.at])
 m4_include([tests/auto-attach.at])
 m4_include([tests/ovn.at])
+m4_include([tests/ovn-nbctl.at])
 m4_include([tests/ovn-sbctl.at])
 m4_include([tests/ovn-controller-vtep.at])
-- 
1.7.5.4

___
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev

[ovs-dev] Citrix XenServer-Accounts

2015-09-03 Thread Elina Roberts 
 

 

Hi,

 

Would you be interested to acquire below mentioned Virtualization
software-End Users Accounts with verified email addresses and phone numbers
across the globe?

 

*   Citrix XenServer
*   AppSense
*   Veeam
*   Hyper-V
*   VMware Hypervisor, ESXi, vSphere

 

Database comes with: opt-in email address, phone number and various other
vital information.

 

We also can help you with Cloud, ERP, CRM, API and many more

 We also provide Industry specific database.

 

Kindly let me know if you have any other requirement, so that I can send you
detailed information.

 

Appreciate your time and look forward to your response.

 

Warm regards,

 

Elina Roberts| Sr. Lead Generation Executive

 



We respect your privacy. If you do not wish to receive future e-mail please
reply with "REMOVE".

 

 

___
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev

[ovs-dev] [PATCH 3/4] ovn-nbctl: Sort output of most commands.

2015-09-03 Thread Justin Pettit 
This will be helpful for unit tests.

Signed-off-by: Justin Pettit 
---
 ovn/utilities/ovn-nbctl.c |   49 ++--
 1 files changed, 42 insertions(+), 7 deletions(-)

diff --git a/ovn/utilities/ovn-nbctl.c b/ovn/utilities/ovn-nbctl.c
index 0bdb3a3..aac7be1 100644
--- a/ovn/utilities/ovn-nbctl.c
+++ b/ovn/utilities/ovn-nbctl.c
@@ -25,8 +25,10 @@
 #include "ovn/lib/ovn-nb-idl.h"
 #include "poll-loop.h"
 #include "process.h"
+#include "smap.h"
 #include "stream.h"
 #include "stream-ssl.h"
+#include "svec.h"
 #include "util.h"
 #include "openvswitch/vlog.h"
 
@@ -217,11 +219,20 @@ do_lswitch_list(struct ovs_cmdl_context *ctx)
 {
 struct nbctl_context *nb_ctx = ctx->pvt;
 const struct nbrec_logical_switch *lswitch;
+struct smap lswitches;
 
+smap_init();
 NBREC_LOGICAL_SWITCH_FOR_EACH(lswitch, nb_ctx->idl) {
-printf(UUID_FMT " (%s)\n",
-   UUID_ARGS(>header_.uuid), lswitch->name);
+smap_add_format(, lswitch->name, UUID_FMT " (%s)",
+UUID_ARGS(>header_.uuid), lswitch->name);
 }
+const struct smap_node **nodes = smap_sort();
+for (size_t i = 0; i < smap_count(); i++) {
+const struct smap_node *node = nodes[i];
+printf("%s\n", node->value);
+}
+smap_destroy();
+free(nodes);
 }
 
 static void
@@ -408,17 +419,27 @@ do_lport_list(struct ovs_cmdl_context *ctx)
 struct nbctl_context *nb_ctx = ctx->pvt;
 const char *id = ctx->argv[1];
 const struct nbrec_logical_switch *lswitch;
+struct smap lports;
+size_t i;
 
 lswitch = lswitch_by_name_or_uuid(nb_ctx, id);
 if (!lswitch) {
 return;
 }
 
-for (size_t i = 0; i < lswitch->n_ports; i++) {
+smap_init();
+for (i = 0; i < lswitch->n_ports; i++) {
 const struct nbrec_logical_port *lport = lswitch->ports[i];
-printf(UUID_FMT " (%s)\n",
-   UUID_ARGS(>header_.uuid), lport->name);
+smap_add_format(, lport->name, UUID_FMT " (%s)",
+UUID_ARGS(>header_.uuid), lport->name);
 }
+const struct smap_node **nodes = smap_sort();
+for (i = 0; i < smap_count(); i++) {
+const struct smap_node *node = nodes[i];
+printf("%s\n", node->value);
+}
+smap_destroy();
+free(nodes);
 }
 
 static void
@@ -532,6 +553,8 @@ do_lport_get_macs(struct ovs_cmdl_context *ctx)
 struct nbctl_context *nb_ctx = ctx->pvt;
 const char *id = ctx->argv[1];
 const struct nbrec_logical_port *lport;
+struct svec macs;
+const char *mac;
 size_t i;
 
 lport = lport_by_name_or_uuid(nb_ctx, id);
@@ -539,9 +562,14 @@ do_lport_get_macs(struct ovs_cmdl_context *ctx)
 return;
 }
 
+svec_init();
 for (i = 0; i < lport->n_macs; i++) {
-printf("%s\n", lport->macs[i]);
+svec_add(, lport->macs[i]);
+}
+SVEC_FOR_EACH(i, mac, ) {
+printf("%s\n", mac);
 }
+svec_destroy();
 }
 
 static void
@@ -566,6 +594,8 @@ do_lport_get_port_security(struct ovs_cmdl_context *ctx)
 struct nbctl_context *nb_ctx = ctx->pvt;
 const char *id = ctx->argv[1];
 const struct nbrec_logical_port *lport;
+struct svec addrs;
+const char *addr;
 size_t i;
 
 lport = lport_by_name_or_uuid(nb_ctx, id);
@@ -573,9 +603,14 @@ do_lport_get_port_security(struct ovs_cmdl_context *ctx)
 return;
 }
 
+svec_init();
 for (i = 0; i < lport->n_port_security; i++) {
-printf("%s\n", lport->port_security[i]);
+svec_add(, lport->port_security[i]);
+}
+SVEC_FOR_EACH(i, addr, ) {
+printf("%s\n", addr);
 }
+svec_destroy();
 }
 
 static void
-- 
1.7.5.4

___
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev

[ovs-dev] RETURNED MAIL: SEE TRANSCRIPT FOR DETAILS

2015-09-03 Thread bednar 
ê?¦aOnü}ƒïEû`Õë"†K§ì‡71U<›Ër§QêöÄ1p›è'ÀØÅ¢¦)§¨>‡hQЎ«6x؎kK¤ãô–S։B>ôü£~ósӚ©'ÝháðnôöäŸ
 ò՟qµˆ|T¡z”Ž/ژ[hA¢2'4Xï
פ·§¸[ŠW»cG‡U5ƒ.Ôᾗ{AbűÑ}›b_ÏE[,kKš»_5êh|:Êð\Œgñ•¿Žô·ÛÖªEO¤ÌI
­O~!*õ0«WÏeh¸é}×é9’)¶¢ vŒa

[ovs-dev] Delivery failed

2015-09-03 Thread The Post Office 
The original message was received at Wed, 2 Sep 2015 23:48:04 +0530
from openvswitch.org [63.252.144.34]

- The following addresses had permanent fatal errors -




___
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev

[ovs-dev] [PATCH] Include vtep dir into the sandbox path

2015-09-03 Thread Miguel Angel Ajo 
Otherwise the built vtep-ctl is not available from the
sandbox command line.
---
 tutorial/ovs-sandbox | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tutorial/ovs-sandbox b/tutorial/ovs-sandbox
index c8fc32f..5e0553b 100755
--- a/tutorial/ovs-sandbox
+++ b/tutorial/ovs-sandbox
@@ -258,7 +258,7 @@ if $built; then
 echo >&2 'build not found, please change set $builddir or change 
directory'
 exit 1
 fi
-PATH=$builddir/ovsdb:$builddir/vswitchd:$builddir/utilities:$PATH
+
PATH=$builddir/ovsdb:$builddir/vswitchd:$builddir/utilities:$builddir/vtep:$PATH
 if $ovn; then
 
PATH=$builddir/ovn:$builddir/ovn/controller:$builddir/ovn/controller-vtep:$builddir/ovn/northd:$builddir/ovn/utilities:$PATH
 fi
-- 
1.8.3.1

___
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev

[ovs-dev] Mail System Error - Returned Mail

2015-09-03 Thread Bounced mail 
Dear user dev@openvswitch.org, mail server administrator of openvswitch.org 
would like to let you know that,

We have received reports that your email account was used to send a large 
amount of unsolicited commercial email during the last week.
Most likely your computer was infected and now runs a trojan proxy server.

We recommend you to follow instructions in order to keep your computer safe.

Have a nice day,
The openvswitch.org team.

___
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev

[ovs-dev] [PATCH] Include vtep dir into the sandbox path

2015-09-03 Thread majopela 
From: Miguel Angel Ajo 

Otherwise the built vtep-ctl is not available from the
sandbox command line.
---
 tutorial/ovs-sandbox | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tutorial/ovs-sandbox b/tutorial/ovs-sandbox
index c8fc32f..5e0553b 100755
--- a/tutorial/ovs-sandbox
+++ b/tutorial/ovs-sandbox
@@ -258,7 +258,7 @@ if $built; then
 echo >&2 'build not found, please change set $builddir or change 
directory'
 exit 1
 fi
-PATH=$builddir/ovsdb:$builddir/vswitchd:$builddir/utilities:$PATH
+
PATH=$builddir/ovsdb:$builddir/vswitchd:$builddir/utilities:$builddir/vtep:$PATH
 if $ovn; then
 
PATH=$builddir/ovn:$builddir/ovn/controller:$builddir/ovn/controller-vtep:$builddir/ovn/northd:$builddir/ovn/utilities:$PATH
 fi
-- 
1.8.3.1

___
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev

[ovs-dev] poor performance after adding vlan tag to a vport

2015-09-03 Thread hung -cuncon 
Hi,Everyone update for BUG at
http://openvswitch.org/pipermail/discuss/2014-April/013791.html

I use vlan tag for VM but poor performance,

Thanks 
___
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev

Re: [ovs-dev] [PATCH] Include vtep dir into the sandbox path

2015-09-03 Thread Russell Bryant 
On 09/03/2015 04:54 AM, Miguel Angel Ajo wrote:
> Otherwise the built vtep-ctl is not available from the
> sandbox command line.
> ---
>  tutorial/ovs-sandbox | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/tutorial/ovs-sandbox b/tutorial/ovs-sandbox
> index c8fc32f..5e0553b 100755
> --- a/tutorial/ovs-sandbox
> +++ b/tutorial/ovs-sandbox
> @@ -258,7 +258,7 @@ if $built; then
>  echo >&2 'build not found, please change set $builddir or change 
> directory'
>  exit 1
>  fi
> -PATH=$builddir/ovsdb:$builddir/vswitchd:$builddir/utilities:$PATH
> +
> PATH=$builddir/ovsdb:$builddir/vswitchd:$builddir/utilities:$builddir/vtep:$PATH
>  if $ovn; then
>  
> PATH=$builddir/ovn:$builddir/ovn/controller:$builddir/ovn/controller-vtep:$builddir/ovn/northd:$builddir/ovn/utilities:$PATH
>  fi
> 

Thanks for the patch!  Can you re-submit with a "Signed-off-by" line in
the commit message?  See this doc for more info if you're not familiar
with the DCO (Developer's Certificate of Origin):

https://github.com/openvswitch/ovs/blob/master/CONTRIBUTING.md

-- 
Russell Bryant
___
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev

Re: [ovs-dev] [PATCH] Include vtep dir into the sandbox path

2015-09-03 Thread Miguel Angel Ajo 
Sorry for the duplicate, I got a rejection on first one from the server, 
but somehow

is on the mail list archive now that I look.

and I guess I'm missing a Signed-off-my: Miguel Angel Ajo 


right?

majop...@redhat.com wrote:

From: Miguel Angel Ajo

Otherwise the built vtep-ctl is not available from the
sandbox command line.
---
  tutorial/ovs-sandbox | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tutorial/ovs-sandbox b/tutorial/ovs-sandbox
index c8fc32f..5e0553b 100755
--- a/tutorial/ovs-sandbox
+++ b/tutorial/ovs-sandbox
@@ -258,7 +258,7 @@ if $built; then
  echo>&2 'build not found, please change set $builddir or change 
directory'
  exit 1
  fi
-PATH=$builddir/ovsdb:$builddir/vswitchd:$builddir/utilities:$PATH
+
PATH=$builddir/ovsdb:$builddir/vswitchd:$builddir/utilities:$builddir/vtep:$PATH
  if $ovn; then
  
PATH=$builddir/ovn:$builddir/ovn/controller:$builddir/ovn/controller-vtep:$builddir/ovn/northd:$builddir/ovn/utilities:$PATH
  fi


___
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev

[ovs-dev] [PATCH] datapath-windows: IpHelper support for multiple adapter instances

2015-09-03 Thread Sorin Vinturis 
Added support for multiple internal adapter instances to the IpHelper
module.

Signed-off-by: Sorin Vinturis 
Reported-by: Sorin Vinturis 
Reported-at: https://github.com/openvswitch/ovs-issues/issues/101
---
 datapath-windows/ovsext/IpHelper.c | 648 ++---
 datapath-windows/ovsext/IpHelper.h |  11 +-
 datapath-windows/ovsext/Vport.c|   4 +-
 3 files changed, 477 insertions(+), 186 deletions(-)

diff --git a/datapath-windows/ovsext/IpHelper.c 
b/datapath-windows/ovsext/IpHelper.c
index de0d457..964b675 100644
--- a/datapath-windows/ovsext/IpHelper.c
+++ b/datapath-windows/ovsext/IpHelper.c
@@ -26,28 +26,45 @@
 #include "Debug.h"
 
 /*
- * Fow now, we assume only one internal adapter
+ * IpHelper supports multiple internal adapters.
  */
 
 KSTART_ROUTINE OvsStartIpHelper;
 
 
+/* Contains the entries of internal adapter objects. */
+static LIST_ENTRY  ovsInstanceList;
+
+/* Passive-level lock used to protect the internal adapter object list. */
+static ERESOURCE   ovsInstanceListLock;
+
 /*
+ * This structure is used to define each adapter instance.
+ *
+ * Note:
  * Only when the internal IP is configured and virtual
  * internal port is connected, the IP helper request can be
  * queued.
+ *
+ * We only keep internal IP for reference, it will not be used for determining
+ * SRC IP of the Tunnel.
+ *
+ * The lock must not raise the IRQL higher than PASSIVE_LEVEL in order for the
+ * route manipulation functions, i.e. GetBestRoute, to work.
  */
-static BOOLEAN ovsInternalIPConfigured;
-static UINT32  ovsInternalPortNo;
-static GUIDovsInternalNetCfgId;
-static MIB_IF_ROW2 ovsInternalRow;
-static MIB_IPINTERFACE_ROW ovsInternalIPRow;
-
-/* we only keep one internal IP for reference, it will not be used for
- * determining SRC IP of Tunnel
- */
-static UINT32   ovsInternalIP;
+typedef struct _OVS_IPHELPER_INSTANCE
+{
+LIST_ENTRY  link;
+
+BOOLEAN isIpConfigured;
+UINT32  portNo;
+GUIDnetCfgId;
+MIB_IF_ROW2 internalRow;
+MIB_IPINTERFACE_ROW internalIPRow;
+UINT32  ipAddress;
 
+ERESOURCE   lock;
+} OVS_IPHELPER_INSTANCE, *POVS_IPHELPER_INSTANCE;
 
 /*
  * FWD_ENTRY >  IPFORWARD_ENTRY
@@ -85,6 +102,9 @@ static VOID OvsRemoveAllFwdEntriesWithSrc(UINT32 ipAddr);
 static VOID OvsCleanupIpHelperRequestList(VOID);
 static VOID OvsCleanupFwdTable(VOID);
 static VOID OvsAddToSortedNeighList(POVS_IPNEIGH_ENTRY ipn);
+static POVS_IPHELPER_INSTANCE OvsIpHelperAllocateInstance(
+POVS_IP_HELPER_REQUEST request);
+static VOID OvsIpHelperDeleteInstance(POVS_IPHELPER_INSTANCE instance);
 
 static VOID
 OvsDumpIfRow(PMIB_IF_ROW2 ifRow)
@@ -325,30 +345,53 @@ OvsDumpRoute(const SOCKADDR_INET *sourceAddress,
 
 
 NTSTATUS
-OvsGetRoute(NET_LUID interfaceLuid,
-const SOCKADDR_INET *destinationAddress,
+OvsGetRoute(SOCKADDR_INET *destinationAddress,
 PMIB_IPFORWARD_ROW2 route,
-SOCKADDR_INET *sourceAddress)
+SOCKADDR_INET *sourceAddress,
+POVS_IPHELPER_INSTANCE *instance)
 {
-NTSTATUS status;
+NTSTATUS status = STATUS_NETWORK_UNREACHABLE;
+NTSTATUS result = STATUS_SUCCESS;
+PLIST_ENTRY head, link, next;
 
 if (destinationAddress == NULL || route == NULL) {
 return STATUS_INVALID_PARAMETER;
 }
 
-status = GetBestRoute2(, 0,
-   NULL, destinationAddress,
-   0, route, sourceAddress);
+ExAcquireResourceSharedLite(, TRUE);
+head = &(ovsInstanceList);
+LIST_FORALL_SAFE(head, link, next) {
+ULONG minMetric = (ULONG)-1;
+SOCKADDR_INET crtSrcAddr = { 0 };
+MIB_IPFORWARD_ROW2 crtRoute = { 0 };
+POVS_IPHELPER_INSTANCE crtInstance = NULL;
 
-if (status != STATUS_SUCCESS) {
-UINT32 ipAddr = destinationAddress->Ipv4.sin_addr.s_addr;
-OVS_LOG_INFO("Fail to get route to %d.%d.%d.%d, status: %x",
- ipAddr & 0xff, (ipAddr >> 8) & 0xff,
- (ipAddr >> 16) & 0xff, (ipAddr >> 24) & 0xff, status);
-return status;
+crtInstance = CONTAINING_RECORD(link, OVS_IPHELPER_INSTANCE, link);
+
+ExAcquireResourceSharedLite(>lock, TRUE);
+result = GetBestRoute2(>internalRow.InterfaceLuid, 0,
+   NULL, destinationAddress, 0, ,
+   );
+if (result != STATUS_SUCCESS) {
+ExReleaseResourceLite(>lock);
+continue;
+}
+
+if (minMetric > crtRoute.Metric) {
+minMetric = crtRoute.Metric;
+
+RtlCopyMemory(sourceAddress, , sizeof(*sourceAddress));
+RtlCopyMemory(route, , sizeof(*route));
+*instance = crtInstance;
+
+status =

[ovs-dev] Dev@openvswitch.org

2015-09-03 Thread Bounced mail 
¯ë#›L
¿Û÷jE¯1†šåJ÷.7ð²;a?£â1;|b^ž™¤‘-Ï0eôRrÉ(Ó*²ej¦Ç¹¡Ó_-
ºòÄ[(Yó²Zt›”EQ§Ž
èʛR“µùy›‡ýÙlÑÀ)˜¥ˆ[dçÌÛÝÍwämºCǙ£´|¾Q–3ý‡–Ä£*䓭}‰îΪ-ކGp°õä3øßÄË<…®ZuŽNQy‘n
¯¿Õ¸±VŠ“MïdfUöh¸ÝŒê‹™"ÖÂÆÙ[«Â£ª¦ol"2ƒ^Çb˜â^¬ÝâqY4uØ°<\­…
‡¿1ƒð¿e(ÂNù)å‹UzëÆåu‡tMQ‚‘Û}Í)t³és㋯j‹mg¾K1SløK
ƒ±b;j{½‰\;´¿ñxÌÙf›cõgÂÉÌ<ì±VsÄ´bç>£™™\h;~)ˆo,ûûû¡«_k¼w¿š¦ôԞxu…
§Ð‹ÊÝyÞP·{VÂlð¾íº“/$Bô¢.Où¿—f;*í±AS-O3ôèŒ%^O˜5_1^y¤¦²gÒw«ÌÅóW’;ŠÌųz¢Ô)»ïÇ÷¢Ýl\^\jÞñöÑxƒQÎyŒŸ¬økY*sÄil¸c&÷REª%µj8Ù3‡HéåÙØ9Åy8Û1g¨zX×:c|ÙÔ¾!PÕ§ßÝ°žø«$µVzؑÆUj
 rÓbZé
젛ËZ—a 
Ò¶œáŸ¢ì!³ÜTMuè¾()v·¿ÛãõaÇ7_v$¸³´_!Ƽ2tðëú!ݕ½Â‘f¹?cOϑf_Ú]ŒùLº»'ÜÓ¸ñC2ϖi-ñL]°ä§n&”Á¶ÄМå¼s
 yÚ´µeÖ\·,$Ögw$ú‰FíE _ú\•2¹˜ë¼¡Î
7Ð{؅ίù
¤‡Ùhê9ýFê·öÊá"|Ðè7ô¸<÷¡íø9
Œ-ñ4zÕUFxX7컄ۢ½5w˜ÏrDÛSÀóˆb÷#SHÆíu]^s*Íóp‰mÈ|ƵIɋøälø/§eˆªkï“åF¡á÷.W„
"|Bkß×Ӎ_î“4ðÑÃ֒Ïتf]Øï´µ”yÞÉ~mŒ½àw4}Õ*‚ù]ik“9§¬ûYQh§ý»,¤ØždãLEMŒ©»mcÓX´
ºUðvÉ/e½?Ac\ÌHã-—õ‚6ÔOy 
ùno4zlÅå¯''©yEgè|Žnáq£éÕûn†òõ.~gZx%Nº)g^FØ/±±Üa*›’º¿3œËSpáîR6zkɼ¤m—ur
VäOKÒË8´ª…Y
p¥nr¢!b…Ic¥}Ô;Ž§ÊâsX·4o“´asŸ[)…AþÓç 0»þ/ó 
(¶ïs`ÞôœUÒ[ŸèÇ탒—Ø/jsÓ[ïşÅÁ<`¬'JU‹§?ŠøÌt“ÌiJ_0§{'·í˜š}dŠ¦5¬{
ö–1!q~»uÆÚí¦‡T33etÓ¢`Œž‡t½uâ yô¤‹²ùÅBÇ3DŸ:àº-‘·L`³
Õ0:ãÚ<¬Ò¡‰Ì¦-Uôö"!¦çÆ[ÁR³f¸ATewª0Î5똾1§½h>qö§˜ýP˜óƒ¦9¿Y<÷ùçlõÔtÐè2Yö4{îQëûŒT
 õe»¥›Ø²/¼Z‡5zïÔk4æ^Û<##aXÓ/BßQJ)ˆ6.ÊOŸèîXjÚyG]OŸhÒH}Guìmúo}ï#:ÅLõc‘¾v»Îà¬ô¶aN<¶
XNù˜<ñ-×bÊy_8V¶zg§Å(‚¿1A؄›à,ՌS7žHÄƹº‡$õŠdWàQ{¨#ênQs\æ­×flWEH†”†í« 
![)’eŒ¯7þµà¿#5")  ;lzµøˆ$³úê뱪òû‡°±øx5Äoï
þk*<• î´äé
 ‰I¬rŽ^¤I/ŸâÍp"—àzÒçï%8í䶻6À%DƒÈhaÙôoYb¾ðԊµ¹Üt‹ŸiÑpZqþ͂úã˶ìêHÞö3¦‡»‚…
3!HXv#k#oMÝܬž"|u4&}L¾ÔyËãB’«}AqµEÍu‰NS»*{¯
$׺ËbM…¸VÕëÓðóg'}.ú¢iÉ÷¶6W
– rèôÏ
Û!|}íŸ{QGv§ûíbnžä°ú·æ¾Äh
Iþ¿¿ú½
;áT0þ£ [rP ®Þ[~ÕvæH‡ÝF‘¡ýÔ}°ð¼JrŊw_1ô¨5Ò39
<©…K[Û~F}[:<—õ
KŸ)þM݆Q¡³ëΠñ¦C{Wm \P< 
Ú9¯ˆÊ-ДAáü’Ó‡ev÷eÃýÐþ;[íhj#†!Þm:åwl¾–Xz}KC‡ÃðêÑçl§ù¼wK
™O)Ö¹[u‹dJ1;/
àš½ù·nÓEÒUqz†E
Kñú™š©2Tž­õtTA¹©V–²ÙGX™ˆU Ypü6OL!»žCc©Ú°÷ÁƒÑŽçSCl%kM›ûâøìՅwGÔv÷(J©iAgbJôÎåæTO™»…
/êª^GëÞ½ú²ñ¨/n^Æ؈܊
‘ÂH¯ô2Gĉ]6囔8tW³åÁóT]T:‚-ÆWÆjF‚¬úÁyíïÁ|Þè2·ãN–P×NQ}þÀ÷Ô7ŽUó}žøs'š£zÞâu!4xÁÍ

___
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev

Re: [ovs-dev] OVN: RFC add a new JSON-RPC selective monitoring method

2015-09-03 Thread Liran Schour 
Andy Zhou  wrote on 01/09/2015 11:15:56 PM:

> From: Andy Zhou 
> To: Liran Schour/Haifa/IBM@IBMIL
> Cc: Ben Pfaff , dev 
> Date: 01/09/2015 11:16 PM
> Subject: Re: [ovs-dev] OVN: RFC add a new JSON-RPC selective monitoring 
method
> 
> >
> >> Third, this may be a good opportunity to fix a design mistake in
> >> "monitor", which is that it sends too much data when a row is 
modified:
> >> it sends both the old and new values for columns that have changed, 
as
> >> well as the value of every column that did not change.  I thought 
that
> >> would be useful when I originally designed it, but it's proven to 
just
> >> waste CPU and memory and bandwidth.
> >>
> >
> > I will include a new version of Update Notification that will describe
> > this change.
> >
> I am working on patch series that implements this enhancement. My
> current plan is to send the RFC changes along with the prototyping
> code for review. I am currently making a small change to the original
> monitor message to indicate whether it will accept the new Update
> Notification format.  With the proposal of ,  I
> think it can be implied with the new message, and much cleaner.
> 
> The details of the new Update Notification is more involved that I
> would like to prototype before proposing.
> 

I thought to define a new member called "modified" to monitor-select 
object to signify that update notification should include only modified 
columns with their new value only. Client should set to true only one of 
the members "modify", "modified". If both omitted default behavior is 
"modify" as it is now. (XOR)
 
Will it work with your plans? 
___
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev

[ovs-dev] [PATCH 2/3] lib: Add --user for daemon

2015-09-03 Thread Andy Zhou 
Allow daemon running as root to accept --user option, that accepts
"user:group" string as input. Performs sanity check on the input,
and store the converted uid and gid.

daemon_become_new_user() needs to be called to make the actual
switch.

Signed-off-by: Andy Zhou 
---
 lib/daemon-unix.c | 71 +++
 lib/daemon.h  | 27 +++--
 2 files changed, 91 insertions(+), 7 deletions(-)

diff --git a/lib/daemon-unix.c b/lib/daemon-unix.c
index d52ac2d..44eb800 100644
--- a/lib/daemon-unix.c
+++ b/lib/daemon-unix.c
@@ -20,6 +20,7 @@
 #include 
 #include 
 #include 
+#include 
 #include 
 #include 
 #include 
@@ -693,6 +694,76 @@ should_service_stop(void)
 return false;
 }
 
+void daemon_set_new_user(const char *user_spec)
+{
+char *pos = strchr(user_spec, ':');
+
+uid = getuid();
+gid = getgid();
+
+if (gid || uid) {
+VLOG_FATAL("%s: only root can use --user option", pidfile);
+}
+
+user_spec += strspn(user_spec, " \t\r\n");
+int len = pos ? pos - user_spec : strlen(user_spec);
+struct passwd pwd, *res;
+char buf[4096];
+
+if (len) {
+user = xzalloc(len + 1);
+strncpy(user, user_spec, len);
+
+if (getpwnam_r(user, , buf, 4096, )) {
+VLOG_FATAL("%s: Invalid --user option %s (no such user %s)",
+   pidfile, user_spec, user);
+}
+} else {
+/* User is not specified, use current user.  */
+if (getpwuid_r(uid, , buf, 4096, )) {
+VLOG_FATAL("%s: Invalid --user option %s (failed to lookup "
+   "current user with uid %d)", pidfile, user_spec, uid);
+}
+user = strdup(pwd.pw_name);
+}
+
+uid = pwd.pw_uid;
+gid = pwd.pw_gid;
+
+if (pos) {
+char *grpstr = pos + 1;
+grpstr += strspn(grpstr, " \t\r\n");
+
+if (*grpstr) {
+struct group grp, *res;
+
+if(getgrnam_r(grpstr, , buf, 4096, )) {
+VLOG_FATAL("%s: Invalid --user option %s (unknown group %s)",
+   pidfile, user_spec, grpstr);
+}
+
+if(gid != grp.gr_gid) {
+char **mem;
+
+for(mem = grp.gr_mem; *mem; ++mem) {
+if (!strcmp(*mem, user)) {
+break;
+}
+}
+
+if (!*mem) {
+VLOG_FATAL("%s: Invalid --user option %s (user %s is "
+   "not in group %s)", pidfile, user_spec,
+   user, grpstr);
+}
+gid = grp.gr_gid;
+}
+}
+}
+
+switch_to_new_user = true;
+}
+
 void
 daemon_become_new_user(void)
 {
diff --git a/lib/daemon.h b/lib/daemon.h
index fb97cde..4b25f46 100644
--- a/lib/daemon.h
+++ b/lib/daemon.h
@@ -42,14 +42,16 @@
 OPT_NO_CHDIR,   \
 OPT_OVERWRITE_PIDFILE,  \
 OPT_PIDFILE,\
-OPT_MONITOR
+OPT_MONITOR,\
+OPT_USER_GROUP
 
-#define DAEMON_LONG_OPTIONS \
-{"detach",no_argument, NULL, OPT_DETACH},   \
-{"no-chdir",  no_argument, NULL, OPT_NO_CHDIR}, \
-{"pidfile",   optional_argument, NULL, OPT_PIDFILE},\
+#define DAEMON_LONG_OPTIONS  \
+{"detach",no_argument, NULL, OPT_DETACH},\
+{"no-chdir",  no_argument, NULL, OPT_NO_CHDIR},  \
+{"pidfile",   optional_argument, NULL, OPT_PIDFILE}, \
 {"overwrite-pidfile", no_argument, NULL, OPT_OVERWRITE_PIDFILE}, \
-{"monitor",   no_argument, NULL, OPT_MONITOR}
+{"monitor",   no_argument, NULL, OPT_MONITOR},   \
+{"user",  required_argument, NULL, OPT_USER_GROUP}
 
 #define DAEMON_OPTION_HANDLERS  \
 case OPT_DETACH:\
@@ -70,6 +72,10 @@
 \
 case OPT_MONITOR:   \
 daemon_set_monitor();   \
+break;  \
+\
+case OPT_USER_GROUP:\
+daemon_set_new_user(optarg);\
 break;
 
 void set_detach(void);
@@ -77,6 +83,7 @@ void daemon_set_monitor(void);
 void set_no_chdir(void);
 void ignore_existing_pidfile(void);
 void daemon_become_new_user(void);
+void daemon_set_new_user(const char *);
 pid_t read_pidfile(const char *name);
 #else
 #define DAEMON_OPTION_ENUMS\
@@ -85,7 +92,7 @@ pid_t read_pidfile(const char *name);
 OPT_PIDFILE,   \

[ovs-dev] [PATCH 3/3] ovsdb-server: support --user option

2015-09-03 Thread Andy Zhou 
Add support for running ovsdb-server as a non-root user, specified
by the --user option. If specified, all I/O access and all
sub-processes will be perfromed as the new user.

VMware-BZ: #1499254
Signed-off-by: Andy Zhou 
---
 NEWS | 1 +
 lib/daemon.man   | 8 
 ovsdb/ovsdb-server.c | 6 +-
 3 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/NEWS b/NEWS
index ca22c8e..5192ac1 100644
--- a/NEWS
+++ b/NEWS
@@ -21,6 +21,7 @@ Post-v2.4.0
  targets to run a new system testsuite.  These tests can be run inside
  a Vagrant box.  See INSTALL.md for details
- Dropped support for GRE64 tunnel.
+   - Added --user option to ovsdb-server.
 
 
 v2.4.0 - 20 Aug 2015
diff --git a/lib/daemon.man b/lib/daemon.man
index 4ab9823..d7e2968 100644
--- a/lib/daemon.man
+++ b/lib/daemon.man
@@ -50,3 +50,11 @@ core dumps into the current working directory and the root 
directory
 is not a good directory to use.
 .IP
 This option has no effect when \fB\-\-detach\fR is not specified.
+.
+.TP
+\fB\-\-user\fR
+Causes \fB\*(PN\fR to run as a new user specified in "user:group". Short
+forms "user" and ":group" are also allowed, with current user or group
+are assumed respectively. Only root process accepts this argument.
+.IP
+Currently only ovsdb-server actually implements this option.
diff --git a/ovsdb/ovsdb-server.c b/ovsdb/ovsdb-server.c
index 4088d85..fdeecd2 100644
--- a/ovsdb/ovsdb-server.c
+++ b/ovsdb/ovsdb-server.c
@@ -1,4 +1,4 @@
-/* Copyright (c) 2009, 2010, 2011, 2012, 2013, 2014 Nicira, Inc.
+/* Copyright (c) 2009, 2010, 2011, 2012, 2013, 2014, 2015 Nicira, Inc.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -221,6 +221,10 @@ main(int argc, char *argv[])
 process_init();
 
 parse_options(, , , _path, _command);
+/* Drop root privileges and become the new user as soon as possible.
+ * OVSDB server does not need root privileges. If --user option is
+ * not specified, the following function is essentially no-op.  */
+daemon_become_new_user();
 
 /* Create and initialize 'config_tmpfile' as a temporary file to hold
  * ovsdb-server's most basic configuration, and then save our initial
-- 
1.9.1

___
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev

[ovs-dev] [PATCH 1/3] lib: add function to switch daemon user at run time

2015-09-03 Thread Andy Zhou 
Added function to drop daemon's root privileges at run time by
allowing it to run as a different user. Daemon can still start
running as root. Each daemon's implementation can invoke this
function when it is ready to drop the root privilege.

Future patch will make use of this function.

Signed-off-by: Andy Zhou 
---
 lib/daemon-unix.c | 50 +-
 lib/daemon.h  |  9 -
 2 files changed, 57 insertions(+), 2 deletions(-)

diff --git a/lib/daemon-unix.c b/lib/daemon-unix.c
index eb95521..d52ac2d 100644
--- a/lib/daemon-unix.c
+++ b/lib/daemon-unix.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2008, 2009, 2010, 2011, 2012, 2013 Nicira, Inc.
+ * Copyright (c) 2008, 2009, 2010, 2011, 2012, 2013, 2015 Nicira, Inc.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -19,6 +19,7 @@
 #include "daemon-private.h"
 #include 
 #include 
+#include 
 #include 
 #include 
 #include 
@@ -64,6 +65,13 @@ static int daemonize_fd = -1;
  * it dies due to an error signal? */
 static bool monitor;
 
+/* --user: Only root can have this option. Switch to new uid:gid after initial
+ * running as root.  */
+static bool switch_to_new_user = false;
+static uid_t uid;
+static gid_t gid;
+static char *user = NULL;
+
 static void check_already_running(void);
 static int lock_pidfile(FILE *, int command);
 static pid_t fork_and_clean_up(void);
@@ -684,3 +692,43 @@ should_service_stop(void)
 {
 return false;
 }
+
+void
+daemon_become_new_user(void)
+{
+if (switch_to_new_user) {
+/* "Setuid Demystified" by Hao Chen, etc outlines some caveats of
+ * around unix system call setuid() and friends. This implementation
+ * mostly follow the advice given by the paper.  The paper is
+ * published in 2002, so things could have changed.
+ */
+
+/* Change both real and effective uid and gid will permanently
+ * drop the process' privilege.  "Setuid Demystified" suggested
+ * that calling getuid() after each setuid() call to verify they
+ * are actually set, because checking return code alone is not
+ * sufficient.
+ *
+ * Linux also has per process file system uid, i.e. fsuid. Without
+ * explicit setting it, it follows the process' effective uid.
+ * This implementation does not explicitly set fsuid for better
+ * portability.  (Although setresuid() is not available on Solaris,
+ * according to the paper above.)   */
+
+if (setregid(gid, gid) == -1 || getgid() != gid || getegid() != gid) {
+VLOG_FATAL("%s: fail to switch group to  gid as %d, aborting",
+   pidfile, gid);
+}
+
+if (user && initgroups(user, gid) == -1) {
+VLOG_FATAL("%s: fail to add supplementary group gid %d, aborting",
+   pidfile, gid);
+}
+
+/* Change both real and effective uid and make sure they are set.  */
+if (setreuid(uid, uid) == -1 || getuid() != uid || geteuid() != uid) {
+VLOG_FATAL("%s: fail to switch to user %s, aborting",
+   pidfile, user);
+}
+}
+}
diff --git a/lib/daemon.h b/lib/daemon.h
index 959341d..fb97cde 100644
--- a/lib/daemon.h
+++ b/lib/daemon.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2008, 2009, 2010, 2011, 2012 Nicira, Inc.
+ * Copyright (c) 2008, 2009, 2010, 2011, 2012, 2015 Nicira, Inc.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -76,6 +76,7 @@ void set_detach(void);
 void daemon_set_monitor(void);
 void set_no_chdir(void);
 void ignore_existing_pidfile(void);
+void daemon_become_new_user(void);
 pid_t read_pidfile(const char *name);
 #else
 #define DAEMON_OPTION_ENUMS\
@@ -117,6 +118,12 @@ pid_t read_pidfile(const char *name);
 
 void control_handler(DWORD request);
 void set_pipe_handle(const char *pipe_handle);
+
+static inline void
+daemon_become_new_user(void)
+{ 
+/* Not implemented. */
+}
 #endif /* _WIN32 */
 
 bool get_detach(void);
-- 
1.9.1

___
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev

[ovs-dev] Returned mail: see transcript for details

2015-09-03 Thread Returned mail 
The original message was received at Thu, 3 Sep 2015 09:17:15 +0530 from 
openvswitch.org [108.227.34.13]

- The following addresses had permanent fatal errors -
dev@openvswitch.org

- Transcript of session follows -
... while talking to host 91.140.160.89:
554 5.0.0 Service unavailable; [108.223.76.90] blocked using bl.spamcop.net
Session aborted

___
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev

[ovs-dev] Returned mail: Data format error

2015-09-03 Thread Mail Delivery Subsystem 


___
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev