[ovs-dev] [PATCH 1/1] netdev-linux: Don't set ethtool flags if flag is already set on netdev
Check if ethtool flags is already set on a netdev, before trying to set it. This patch works around issues with some older verison of ethernet drivers, which tend to reset the NIC when call to disable LRO is made, even if LRO is already disable on that NIC. NIC reset is not desirable in OVS upgrade scenario as it causes extended downtime. Signed-off-by: Anoob Soman--- lib/netdev-linux.c | 6 +- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/lib/netdev-linux.c b/lib/netdev-linux.c index 56eed04..fe92fb5 100644 --- a/lib/netdev-linux.c +++ b/lib/netdev-linux.c @@ -5298,7 +5298,11 @@ netdev_linux_ethtool_set_flag(struct netdev *netdev, uint32_t flag, } COVERAGE_INC(netdev_set_ethtool); -evalue.data = new_flags = (evalue.data & ~flag) | (enable ? flag : 0); +new_flags = (evalue.data & ~flag) | (enable ? flag : 0); +if (new_flags == evalue.data) { +retrun 0; +} +evalue.data = new_flags; error = netdev_linux_do_ethtool(netdev_name, (struct ethtool_cmd *), ETHTOOL_SFLAGS, "ETHTOOL_SFLAGS"); -- 1.9.1 ___ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
Re: [ovs-dev] [PATCH] datapath-windows: Tunnel filter initialization check
> On Sep 2, 2015, at 9:30 AM, Sorin Vinturis> wrote: > > Verify if the tunnel filter is initialized before submitting requests. > > Signed-off-by: Sorin Vinturis > Reported-by: Sorin Vinturis > Reported-at: > https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_openvswitch_ovs-2Dissues_issues_100=BQIGaQ=Sqcl0Ez6M0X8aeM67LKIiDJAXVeAw-YihVMNtXt-uEs=pNHQcdr7B40b4h6Yb7FIedI1dnBsxdDuTLBYD3JqV80=2nGvmsCDTDdyyhZa0oS-VW5I3bR194bTi04ou3j5KFM=3X78mGHEeExIP5hrcxN61x8Um8RhohMBCPWD7cnK4-Q= > Acked-by: Nithin Raju ___ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
Re: [ovs-dev] [PATCH] datapath-windows: IpHelper support for multiple adapter instances
hi Sorin/Alin, I suppose this is a patch that helps with supporting multiple hyper-v switches in one datapath. We had spoken about this a couple of weeks ago during the IRC meeting. I was proposing a solution involves writing a teaming driver that can connect to multiple physical adapters. In order to support multiple internal adapters, we can write another driver similar to a TUN/TAP driver that allows us to create as many virtual adapters as we want. On the backend these virtual adapters can inject packets directly into the hyper-v switch. We had signed off by saying we’ll writeup the proposal that talks about the workflow end-to-end, and take it from there. Would it be possible to send out the proposal before we make heavy duty changes? Some concerns I have with supporting multiple switches are: 1. I am not sure how sound/great it is to forward packets from one hyper-v switch to another. Would it be possible to get a technical clarification from MSFT about this? I’ll ask around if we have any contacts. 2. How would compute provisioning work? With the current workflow we have, we pick a particular hyper-v switch (Eg. Overlay Switch) and connect all of the VMs to that switch, and OVS would take care of networking them up. If we support multiple Hyper-V switches, what would be the basis for connecting VMs to different Hyper-V switches? 3. It does not take away the need for a teaming driver. thanks, -- Nithin > On Sep 3, 2015, at 4:54 AM, Sorin Vinturis> wrote: > > Added support for multiple internal adapter instances to the IpHelper > module. > > Signed-off-by: Sorin Vinturis > Reported-by: Sorin Vinturis > Reported-at: > https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_openvswitch_ovs-2Dissues_issues_101=BQIGaQ=Sqcl0Ez6M0X8aeM67LKIiDJAXVeAw-YihVMNtXt-uEs=pNHQcdr7B40b4h6Yb7FIedI1dnBsxdDuTLBYD3JqV80=qGum5o5AOAacL3zQu_AHdhnVXoD8hib7nyXXg1JuQr8=iXoc-btgG4cPIdPKi_vFiw9g6JJS-Beqf0HUA6_dz2o= > > --- > datapath-windows/ovsext/IpHelper.c | 648 ++--- > datapath-windows/ovsext/IpHelper.h | 11 +- > datapath-windows/ovsext/Vport.c| 4 +- > 3 files changed, 477 insertions(+), 186 deletions(-) > > diff --git a/datapath-windows/ovsext/IpHelper.c > b/datapath-windows/ovsext/IpHelper.c > index de0d457..964b675 100644 > --- a/datapath-windows/ovsext/IpHelper.c > +++ b/datapath-windows/ovsext/IpHelper.c > @@ -26,28 +26,45 @@ > #include "Debug.h" > > /* > - * Fow now, we assume only one internal adapter > + * IpHelper supports multiple internal adapters. > */ > > KSTART_ROUTINE OvsStartIpHelper; > > > +/* Contains the entries of internal adapter objects. */ > +static LIST_ENTRY ovsInstanceList; > + > +/* Passive-level lock used to protect the internal adapter object list. */ > +static ERESOURCE ovsInstanceListLock; > + > /* > + * This structure is used to define each adapter instance. > + * > + * Note: > * Only when the internal IP is configured and virtual > * internal port is connected, the IP helper request can be > * queued. > + * > + * We only keep internal IP for reference, it will not be used for > determining > + * SRC IP of the Tunnel. > + * > + * The lock must not raise the IRQL higher than PASSIVE_LEVEL in order for > the > + * route manipulation functions, i.e. GetBestRoute, to work. > */ > -static BOOLEAN ovsInternalIPConfigured; > -static UINT32 ovsInternalPortNo; > -static GUIDovsInternalNetCfgId; > -static MIB_IF_ROW2 ovsInternalRow; > -static MIB_IPINTERFACE_ROW ovsInternalIPRow; > - > -/* we only keep one internal IP for reference, it will not be used for > - * determining SRC IP of Tunnel > - */ > -static UINT32 ovsInternalIP; > +typedef struct _OVS_IPHELPER_INSTANCE > +{ > +LIST_ENTRY link; > + > +BOOLEAN isIpConfigured; > +UINT32 portNo; > +GUIDnetCfgId; > +MIB_IF_ROW2 internalRow; > +MIB_IPINTERFACE_ROW internalIPRow; > +UINT32 ipAddress; > > +ERESOURCE lock; > +} OVS_IPHELPER_INSTANCE, *POVS_IPHELPER_INSTANCE; > > /* > * FWD_ENTRY > IPFORWARD_ENTRY > @@ -85,6 +102,9 @@ static VOID OvsRemoveAllFwdEntriesWithSrc(UINT32 ipAddr); > static VOID OvsCleanupIpHelperRequestList(VOID); > static VOID OvsCleanupFwdTable(VOID); > static VOID OvsAddToSortedNeighList(POVS_IPNEIGH_ENTRY ipn); > +static POVS_IPHELPER_INSTANCE OvsIpHelperAllocateInstance( > +POVS_IP_HELPER_REQUEST request); > +static VOID OvsIpHelperDeleteInstance(POVS_IPHELPER_INSTANCE instance); > > static VOID > OvsDumpIfRow(PMIB_IF_ROW2 ifRow) > @@ -325,30 +345,53 @@ OvsDumpRoute(const SOCKADDR_INET *sourceAddress, > > > NTSTATUS > -OvsGetRoute(NET_LUID interfaceLuid, > -const SOCKADDR_INET *destinationAddress, >
[ovs-dev] [PATCH] datapath-windows: check vport attribute before access
OVS_VPORT_ATTR_OPTIONS being an optional attribute should be preceded by a check for valid value before access. Signed-off-by: Nithin Raju--- datapath-windows/ovsext/Vport.c | 10 ++ 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/datapath-windows/ovsext/Vport.c b/datapath-windows/ovsext/Vport.c index 6b74ec2..dd615e4 100644 --- a/datapath-windows/ovsext/Vport.c +++ b/datapath-windows/ovsext/Vport.c @@ -2177,10 +2177,12 @@ OvsNewVportCmdHandler(POVS_USER_PARAMS_CONTEXT usrParamsCtx, break; } -PNL_ATTR attr = NlAttrFindNested(vportAttrs[OVS_VPORT_ATTR_OPTIONS], - OVS_TUNNEL_ATTR_DST_PORT); -if (attr) { -transportPortDest = NlAttrGetU16(attr); +if (vportAttrs[OVS_VPORT_ATTR_OPTIONS]) { +PNL_ATTR attr = NlAttrFindNested(vportAttrs[OVS_VPORT_ATTR_OPTIONS], + OVS_TUNNEL_ATTR_DST_PORT); +if (attr) { +transportPortDest = NlAttrGetU16(attr); +} } status = OvsInitTunnelVport(usrParamsCtx, -- 1.8.5.6 ___ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
[ovs-dev] [PATCH] FAQ: mention about plotnetcfg tool
The plotnetcfg is an open source tool to visualy represent relationship between network interfaces on a single host. It helps to understand the path of a packet on a host. Signed-off-by: Flavio Leitner--- FAQ.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/FAQ.md b/FAQ.md index 5ce42b9..631f6a4 100644 --- a/FAQ.md +++ b/FAQ.md @@ -1623,6 +1623,9 @@ A: To debug network behavior problems, trace the path of a packet, that's correct, then trace the path of the response packet back to the origin. + The open source tool called "plotnetcfg" can help to understand the + relationship between the networking devices on a single host. + Usually a simple ICMP echo request and reply ("ping") packet is good enough. Start by initiating an ongoing "ping" from the origin host to a remote host. If you are tracking down a connectivity -- 2.1.0 ___ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
Re: [ovs-dev] [PATCH] sandbox: Include vtep dir into the sandbox path
On 09/03/2015 01:02 PM, majop...@redhat.com wrote: > From: Miguel Angel Ajo> > Otherwise the built vtep-ctl is not available from the > sandbox command line. > > Signed-off-by: Miguel Angel Ajo Thanks! Acked-by: Russell Bryant -- Russell Bryant ___ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
Re: [ovs-dev] [PATCH] FAQ: mention about plotnetcfg tool
tried this out, looks useful, Look good to me, Thanks, Alex Wang, On 3 September 2015 at 07:53, Flavio Leitnerwrote: > The plotnetcfg is an open source tool to visualy represent > relationship between network interfaces on a single host. > > It helps to understand the path of a packet on a host. > > Signed-off-by: Flavio Leitner > --- > FAQ.md | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/FAQ.md b/FAQ.md > index 5ce42b9..631f6a4 100644 > --- a/FAQ.md > +++ b/FAQ.md > @@ -1623,6 +1623,9 @@ A: To debug network behavior problems, trace the > path of a packet, > that's correct, then trace the path of the response packet back to > the origin. > > + The open source tool called "plotnetcfg" can help to understand the > + relationship between the networking devices on a single host. > + > Usually a simple ICMP echo request and reply ("ping") packet is > good enough. Start by initiating an ongoing "ping" from the origin > host to a remote host. If you are tracking down a connectivity > -- > 2.1.0 > > > ___ > dev mailing list > dev@openvswitch.org > http://openvswitch.org/mailman/listinfo/dev > -- Alex Wang, Open vSwitch developer ___ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
[ovs-dev] Fwd: [Dpdk-ovs] dpdk ovs
Hi all, Plz comment. Regards, gayathri -- Forwarded message -- From: Gray, Mark DDate: Thu, Sep 3, 2015 at 12:54 AM Subject: RE: [Dpdk-ovs] dpdk ovs To: Gayathri , "dpdk-...@lists.01.org" < dpdk-...@lists.01.org> I think this refers to OVS so you should post to ovs-dev. > -Original Message- > From: Dpdk-ovs [mailto:dpdk-ovs-boun...@lists.01.org] On Behalf Of > Gayathri > Sent: Wednesday, September 2, 2015 11:06 PM > To: dpdk-...@lists.01.org > Subject: [Dpdk-ovs] dpdk ovs > > Hi *, > > We were looking into having VNFs working on DPDK ovs within a VM. These > VMs with the VNF will be running in turn on a host that is running already > DPDK ovs. All documents that I have seen so far only indicate DPDK within > the quest (with DPDK ovs on the HOST) and not DPDK with ovs in the guest & > host. Please let me know if this is even possible. > > Thanks in advance > > Regards, > Dev > ___ > Dpdk-ovs mailing list > dpdk-...@lists.01.org > https://lists.01.org/mailman/listinfo/dpdk-ovs ___ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
[ovs-dev] Fwd: [Dpdk-ovs] dpdk ovs inter VM communication
Hi all, Please comment. Regards, Dev -- Forwarded message -- From: Gray, Mark DDate: Thu, Sep 3, 2015 at 12:54 AM Subject: RE: [Dpdk-ovs] dpdk ovs inter VM communication To: Gayathri , "dpdk-...@lists.01.org" < dpdk-...@lists.01.org> I think this should be posted on ovs-dev as it refers to OVS rather than OVDK. Mark > -Original Message- > From: Dpdk-ovs [mailto:dpdk-ovs-boun...@lists.01.org] On Behalf Of > Gayathri > Sent: Wednesday, September 2, 2015 6:13 PM > To: dpdk-...@lists.01.org > Subject: [Dpdk-ovs] dpdk ovs inter VM communication > > Hi *, > > I have dpdk 2.0 and ovs 2.4 working for a single VM. I would like to create > couple of them and have INTER-VM communication tested. But not sure > what is the configuration requirement to accomplish this. Please help me > out. > > Few questions regarding the ports shown in the below o/p: > MYBOX:~/OVS$ sudo ovs-vsctl show > 39834e02-bf59-4219-8200-b91297015e92 > Bridge "br1" > Port "dpdkvhost1" > Interface "dpdkvhost1" > type: dpdkvhostuser > Port "dpdk1" > Interface "dpdk1" > type: dpdk > Port "br1" > Interface "br1" > type: internal > Bridge "br0" > Port "dpdk0" > Interface "dpdk0" > type: dpdk > Port "br0" > Interface "br0" > type: internal > Port "dpdkvhost0" > Interface "dpdkvhost0" > type: dpdkvhostuser > > 1) What are these ports dpdk0/1 ? Are they outgoing ports connected to the > physical nics > 2) Also dpdkvhost0/1 are they ports connecting the VM interface? > 3) How do we detect the port num of Rxring/Txring of the vhost port? > > > Regards, > Gayathri > ___ > Dpdk-ovs mailing list > dpdk-...@lists.01.org > https://lists.01.org/mailman/listinfo/dpdk-ovs ___ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
Re: [ovs-dev] [PATCH] FAQ: mention about plotnetcfg tool
On Thu, Sep 03, 2015 at 09:26:17AM -0700, ALeX Wang wrote: > tried this out, looks useful, Yeah, try on a openstack compute node with some tenants. It uses namespaces, veth pairs, ovs bridges, internal ports, tunnels, linux bridges, etc. Of course, it's possible to trace the path of a packet, but it's time consuming and the names aren't exactly human friendly :) The tool helps a lot with those sophisticated scenarios. fbl > > Look good to me, > > Thanks, > Alex Wang, > > On 3 September 2015 at 07:53, Flavio Leitnerwrote: > > > The plotnetcfg is an open source tool to visualy represent > > relationship between network interfaces on a single host. > > > > It helps to understand the path of a packet on a host. > > > > Signed-off-by: Flavio Leitner > > --- > > FAQ.md | 3 +++ > > 1 file changed, 3 insertions(+) > > > > diff --git a/FAQ.md b/FAQ.md > > index 5ce42b9..631f6a4 100644 > > --- a/FAQ.md > > +++ b/FAQ.md > > @@ -1623,6 +1623,9 @@ A: To debug network behavior problems, trace the > > path of a packet, > > that's correct, then trace the path of the response packet back to > > the origin. > > > > + The open source tool called "plotnetcfg" can help to understand the > > + relationship between the networking devices on a single host. > > + > > Usually a simple ICMP echo request and reply ("ping") packet is > > good enough. Start by initiating an ongoing "ping" from the origin > > host to a remote host. If you are tracking down a connectivity > > -- > > 2.1.0 > > > > > > ___ > > dev mailing list > > dev@openvswitch.org > > http://openvswitch.org/mailman/listinfo/dev > > > > > > -- > Alex Wang, > Open vSwitch developer > ___ > dev mailing list > dev@openvswitch.org > http://openvswitch.org/mailman/listinfo/dev ___ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
[ovs-dev] [PATCH v8 2/2] ovn: Add "localnet" logical port type.
Introduce a new logical port type called "localnet". A logical port with this type also has an option called "network_name". A "localnet" logical port represents a connection to a network that is locally accessible from each chassis running ovn-controller. ovn-controller will use the ovn-bridge-mappings configuration to figure out which patch port on br-int should be used for this port. OpenStack Neutron has an API extension called "provider networks" which allows an administrator to specify that it would like ports directly attached to some pre-existing network in their environment. There was a previous thread where we got into the details of this here: http://openvswitch.org/pipermail/dev/2015-June/056765.html The case where this would be used is an environment that isn't actually interested in virtual networks and just wants all of their compute resources connected up to externally managed networks. Even in this environment, OVN still has a lot of value to add. OVN implements port security and ACLs for all ports connected to these networks. OVN also provides the configuration interface and control plane to manage this across many hypervisors. As a specific example, consider an environment with two hypvervisors (A and B) with two VMs on each hypervisor (A1, A2, B1, B2). Now imagine that the desired setup from an OpenStack perspective is to have all of these VMs attached to the same provider network, which is a physical network we'll refer to as "physnet1". The first step here is to configure each hypervisor with bridge mappings that tell ovn-controller that a local bridge called "br-eth1" is used to reach the network called "physnet1". We can simulate the inital setup of this environment in ovs-sandbox with the following commands: # Setup the local hypervisor (A) ovs-vsctl add-br br-eth1 ovs-vsctl set open . external-ids:ovn-bridge-mappings=physnet1:br-eth1 # Create a fake remote hypervisor (B) ovn-sbctl chassis-add fakechassis geneve 127.0.0.1 To get the behavior we want, we model every Neutron port connected to a Neutron provider network as an OVN logical switch with 2 ports. The first port is a normal logical port to be used by the VM. The second logical port is a special port with its type set to "localnet". To simulate the creation of the OVN logical switches and OVN logical ports for A1, A2, B1, and B2, you can run the following commands: # Create 4 OVN logical switches. Each logical switch has 2 ports, # port1 for a VM and physnet1 for the existing network we are # connecting to. for n in 1 2 3 4; do ovn-nbctl lswitch-add provnet1-$n ovn-nbctl lport-add provnet1-$n provnet1-$n-port1 ovn-nbctl lport-set-macs provnet1-$n-port1 00:00:00:00:00:0$n ovn-nbctl lport-set-port-security provnet1-$n-port1 00:00:00:00:00:0$n ovn-nbctl lport-add provnet1-$n provnet1-$n-physnet1 ovn-nbctl lport-set-macs provnet1-$n-physnet1 unknown ovn-nbctl lport-set-type provnet1-$n-physnet1 localnet ovn-nbctl lport-set-options provnet1-$n-physnet1 network_name=physnet1 done # Bind lport1 (A1) and lport2 (A2) to the local hypervisor. ovs-vsctl add-port br-int lport1 -- set Interface lport1 external_ids:iface-id=provnet1-1-port1 ovs-vsctl add-port br-int lport2 -- set Interface lport2 external_ids:iface-id=provnet1-2-port1 # Bind the other 2 ports to the fake remote hypervisor. ovn-sbctl lport-bind provnet1-3-port1 fakechassis ovn-sbctl lport-bind provnet1-4-port1 fakechassis After running these commands, we have the following logical configuration: $ ovn-nbctl show lswitch 035645fc-b2ff-4e26-b953-69addba80a9a (provnet1-4) lport provnet1-4-physnet1 macs: unknown lport provnet1-4-port1 macs: 00:00:00:00:00:04 lswitch 66212a85-b3b6-4688-bcf6-8062941a2d96 (provnet1-2) lport provnet1-2-physnet1 macs: unknown lport provnet1-2-port1 macs: 00:00:00:00:00:02 lswitch fc5b1141-0216-4fa7-86f3-461811c1fc9b (provnet1-3) lport provnet1-3-physnet1 macs: unknown lport provnet1-3-port1 macs: 00:00:00:00:00:03 lswitch 9b1d2636-e654-4d43-84e8-a921af611b33 (provnet1-1) lport provnet1-1-physnet1 macs: unknown lport provnet1-1-port1 macs: 00:00:00:00:00:01 We can also look at OVN_Southbound to see that 2 logical ports are bound to each hypervisor: $ ovn-sbctl show Chassis "56b18105-5706-46ef-80c4-ff20979ab068" Encap geneve ip: "127.0.0.1" Port_Binding "provnet1-1-port1" Port_Binding "provnet1-2-port1" Chassis fakechassis Encap geneve ip: "127.0.0.1" Port_Binding "provnet1-3-port1" Port_Binding "provnet1-4-port1" Now we can generate several packets to test how a packet would be processed on hypervisor A. The OpenFlow port numbers in this demo are: 1 - patch port to br-eth1 (physnet1) 2 - tunnel
[ovs-dev] [PATCH v8 0/2] OVN support for Neutron provider networks
v7->v8: - Add notes about br-int getting created automatically to ovn-architecture and ovn-controller docs. - Immediately return br_int after it gets created instead of waiting for a future run of the main loop to find it. - Restrict "localnet" port type to Neutron's use case where a logical switch can only have a single normal logical port on a switch with a single localnet logical port. This simplifies things a good bit. - Note that this restriction discussed in the previous point is only documented right now, not enforced in code because it wasn't obvious to me the best way to do so. There's nothing stopping the bad configuration from being done in OVN_Northbound. I suppose ovn-northd could at least detect and log an error on the invalid configuration. I'm happy to address this in another rev or a followup patch if we can settle on what makes the msot sense. Russell Bryant (2): ovn: Automatically create br-int in ovn-controller. ovn: Add "localnet" logical port type. ovn/controller/ovn-controller.8.xml | 5 +- ovn/controller/ovn-controller.c | 67 +++--- ovn/controller/physical.c | 178 +++- ovn/ovn-architecture.7.xml | 15 ++- ovn/ovn-nb.xml | 18 +++- ovn/ovn-sb.xml | 33 ++- tutorial/ovs-sandbox| 2 - 7 files changed, 274 insertions(+), 44 deletions(-) -- 2.4.3 ___ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
[ovs-dev] [PATCH v8 1/2] ovn: Automatically create br-int in ovn-controller.
ovn-controller previously required the integration bridge to be created before running ovn-controller. This patch makes ovn-controller automatically create it if it doesn't already exist. Signed-off-by: Russell Bryant--- ovn/controller/ovn-controller.8.xml | 5 ++- ovn/controller/ovn-controller.c | 67 +++-- ovn/ovn-architecture.7.xml | 8 +++-- tutorial/ovs-sandbox| 2 -- 4 files changed, 66 insertions(+), 16 deletions(-) diff --git a/ovn/controller/ovn-controller.8.xml b/ovn/controller/ovn-controller.8.xml index c5d9dce..92cd669 100644 --- a/ovn/controller/ovn-controller.8.xml +++ b/ovn/controller/ovn-controller.8.xml @@ -84,7 +84,10 @@ external_ids:ovn-bridge specifies the integration bridge to which logical ports are attached. -The default is br-int. +The default is br-int. If this bridge does +not exist when ovn-controller starts, it will be created +automatically with the default configuration suggested in +ovn-architecture(7). diff --git a/ovn/controller/ovn-controller.c b/ovn/controller/ovn-controller.c index 1608cc4..d705a16 100644 --- a/ovn/controller/ovn-controller.c +++ b/ovn/controller/ovn-controller.c @@ -70,9 +70,53 @@ get_bridge(struct ovsdb_idl *ovs_idl, const char *br_name) } static const struct ovsrec_bridge * -get_br_int(struct ovsdb_idl *ovs_idl) +create_br_int(struct controller_ctx *ctx, + const struct ovsrec_open_vswitch *cfg, + const char *bridge_name) { -const struct ovsrec_open_vswitch *cfg = ovsrec_open_vswitch_first(ovs_idl); +if (!ctx->ovs_idl_txn) { +return NULL; +} + +ovsdb_idl_txn_add_comment(ctx->ovs_idl_txn, +"ovn-controller: creating integration bridge '%s'", bridge_name); + +struct ovsrec_interface *iface; +iface = ovsrec_interface_insert(ctx->ovs_idl_txn); +ovsrec_interface_set_name(iface, bridge_name); +ovsrec_interface_set_type(iface, "internal"); + +struct ovsrec_port *port; +port = ovsrec_port_insert(ctx->ovs_idl_txn); +ovsrec_port_set_name(port, bridge_name); +ovsrec_port_set_interfaces(port, , 1); + +struct ovsrec_bridge *bridge; +bridge = ovsrec_bridge_insert(ctx->ovs_idl_txn); +ovsrec_bridge_set_name(bridge, bridge_name); +ovsrec_bridge_set_fail_mode(bridge, "secure"); +struct smap other_config = SMAP_INITIALIZER(_config); +smap_add(_config, "disable-in-band", "true"); +ovsrec_bridge_set_other_config(bridge, _config); +smap_destroy(_config); +ovsrec_bridge_set_ports(bridge, , 1); + +struct ovsrec_bridge **bridges; +size_t bytes = sizeof *bridges * cfg->n_bridges; +bridges = xmalloc(bytes + sizeof *bridges); +memcpy(bridges, cfg->bridges, bytes); +bridges[cfg->n_bridges] = bridge; +ovsrec_open_vswitch_verify_bridges(cfg); +ovsrec_open_vswitch_set_bridges(cfg, bridges, cfg->n_bridges + 1); + +return bridge; +} + +static const struct ovsrec_bridge * +get_br_int(struct controller_ctx *ctx) +{ +const struct ovsrec_open_vswitch *cfg; +cfg = ovsrec_open_vswitch_first(ctx->ovs_idl); if (!cfg) { return NULL; } @@ -83,14 +127,11 @@ get_br_int(struct ovsdb_idl *ovs_idl) } const struct ovsrec_bridge *br; -br = get_bridge(ovs_idl, br_int_name); -if (br) { -return br; +br = get_bridge(ctx->ovs_idl, br_int_name); +if (!br) { +return create_br_int(ctx, cfg, br_int_name); } - -static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 1); -VLOG_WARN_RL(, "%s: integration bridge does not exist", br_int_name); -return NULL; +return br; } static const char * @@ -374,6 +415,7 @@ main(int argc, char *argv[]) ovsdb_idl_add_table(ovs_idl_loop.idl, _table_open_vswitch); ovsdb_idl_add_column(ovs_idl_loop.idl, _open_vswitch_col_external_ids); +ovsdb_idl_add_column(ovs_idl_loop.idl, _open_vswitch_col_bridges); ovsdb_idl_add_table(ovs_idl_loop.idl, _table_interface); ovsdb_idl_add_column(ovs_idl_loop.idl, _interface_col_name); ovsdb_idl_add_column(ovs_idl_loop.idl, _interface_col_type); @@ -384,6 +426,9 @@ main(int argc, char *argv[]) ovsdb_idl_add_column(ovs_idl_loop.idl, _port_col_external_ids); ovsdb_idl_add_table(ovs_idl_loop.idl, _table_bridge); ovsdb_idl_add_column(ovs_idl_loop.idl, _bridge_col_ports); +ovsdb_idl_add_column(ovs_idl_loop.idl, _bridge_col_name); +ovsdb_idl_add_column(ovs_idl_loop.idl, _bridge_col_fail_mode); +ovsdb_idl_add_column(ovs_idl_loop.idl, _bridge_col_other_config); chassis_register_ovs_idl(ovs_idl_loop.idl); encaps_register_ovs_idl(ovs_idl_loop.idl); binding_register_ovs_idl(ovs_idl_loop.idl); @@ -406,7 +451,7 @@ main(int argc, char *argv[]) .ovnsb_idl_txn =
[ovs-dev] [PATCH] sandbox: Include vtep dir into the sandbox path
From: Miguel Angel AjoOtherwise the built vtep-ctl is not available from the sandbox command line. Signed-off-by: Miguel Angel Ajo --- tutorial/ovs-sandbox | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tutorial/ovs-sandbox b/tutorial/ovs-sandbox index c8fc32f..5e0553b 100755 --- a/tutorial/ovs-sandbox +++ b/tutorial/ovs-sandbox @@ -258,7 +258,7 @@ if $built; then echo >&2 'build not found, please change set $builddir or change directory' exit 1 fi -PATH=$builddir/ovsdb:$builddir/vswitchd:$builddir/utilities:$PATH + PATH=$builddir/ovsdb:$builddir/vswitchd:$builddir/utilities:$builddir/vtep:$PATH if $ovn; then PATH=$builddir/ovn:$builddir/ovn/controller:$builddir/ovn/controller-vtep:$builddir/ovn/northd:$builddir/ovn/utilities:$PATH fi -- 1.8.3.1 ___ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
Re: [ovs-dev] [PATCH 1/1] netdev-linux: Don't set ethtool flags if flag is already set on netdev
On Thu, Sep 3, 2015 at 6:53 AM, Anoob Somanwrote: > Check if ethtool flags is already set on a netdev, before trying to set it. > > This patch works around issues with some older verison of ethernet drivers, > which tend to reset the NIC when call to disable LRO is made, even if LRO is > already disable on that NIC. NIC reset is not desirable in OVS upgrade > scenario > as it causes extended downtime. > > Signed-off-by: Anoob Soman Thanks, applied to master, branch-2.4, and branch-2.3. I did fix the typo in 'return' that prevents this from compiling though... ___ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
[ovs-dev] [PATCH 2/4] tests: Group the OVN tests together.
Signed-off-by: Justin Pettit--- tests/testsuite.at |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/tests/testsuite.at b/tests/testsuite.at index 384efdf..f3bc126 100644 --- a/tests/testsuite.at +++ b/tests/testsuite.at @@ -18,7 +18,6 @@ m4_include([tests/ovs-macros.at]) m4_include([tests/ovsdb-macros.at]) m4_include([tests/ofproto-macros.at]) -m4_include([tests/ovn-controller-vtep.at]) m4_include([tests/completion.at]) m4_include([tests/bfd.at]) m4_include([tests/cfm.at]) @@ -70,3 +69,4 @@ m4_include([tests/vtep-ctl.at]) m4_include([tests/auto-attach.at]) m4_include([tests/ovn.at]) m4_include([tests/ovn-sbctl.at]) +m4_include([tests/ovn-controller-vtep.at]) -- 1.7.5.4 ___ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
[ovs-dev] Bonus
Telekom Malaysia Berhad G.03B, Ground Floor, Kompleks Antarabangsa, Jln Sultan Ismail, Off Jalan Ampang 50088 50250 Kuala Lumpur. NOTIS RASMI HADIAH TELEKOM MALAYSIA Pihak Telekom Malaysia @Program Kemenangan yang telah diadakan pada 2 September 2015 di mana alamat email anda yang disertakan beraama Tiket Kemenangan nombor 2 - 4 - 16 - 37 - 89 - 40 -85 dengan siri nombor 2268/02 telah memenangi loteri kategori hadiah kedua khas keluarga Telekom Malaysia. Untuk menuntut hadiah kemenangan ini anda dikehendaki menghubungi melalui e mail Bahagian Tuntutan untuk tujuan pemerosesan dan pembayaran hadiah wang tunai kepada anda. Di sepanjang program Khas Keluarga Telekom yang telah diadakan di Ibupejabat di Kuala Lumpur sejumlah Rm 270,000.00 (Ringgit Malaysia : Dua Ratus Tujoh Puloh Ribu) telah dianugerahkan kepada anda oleh Telekom Malaysia Berhad kepada anda dan keluarga anda sempena sambutsn Hari Raya 2015 ini. Program ini turut dibiayai bersama oleh Toyota Malaysia dan Tenaga Nasional sebagai pakej istimewa Telekom 2015 dan anda perlu memahami bahawa e mail ini adalah 100% sah dan diiktiraf kerana program ini kebiasaannya diadakan sekali dalam masa lima tahun. Sila hubungi agen kami untuk menuntut hadiah ini : EN SHAFIE BIN HASSAN Pengarah Bahagian Tuntutan E-mail: tmbcla...@outlook.my Untuk tujuan pemerosesan sila hubungi agen kami dengan maklumat-maklumat berikut : 1) Nama Penuh: 2). Umur: 3). Pekerjaan: 4). Telefon: 5). Negeri/Bandar: Perlu diingatkan bahawa hadiah akhir tahun Telekom Malaysia Berhad 2015 ini adalah diberikan khas kepada anda dan keluarga anda dan anda hendaklah membuat tunttan ini sebelum Oktober 20, 2015. Terima kasih. Mrs Nadia binti Rafik Pengurus Eksekutif Anugerah Telekom Malaysia Ibupejabat telekom Malaysia ___ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
Re: [ovs-dev] OVN: RFC add a new JSON-RPC selective monitoring method
On Thu, Sep 3, 2015 at 5:27 AM, Liran Schourwrote: > Andy Zhou wrote on 01/09/2015 11:15:56 PM: > >> From: Andy Zhou >> To: Liran Schour/Haifa/IBM@IBMIL >> Cc: Ben Pfaff , dev >> Date: 01/09/2015 11:16 PM >> Subject: Re: [ovs-dev] OVN: RFC add a new JSON-RPC selective monitoring >> method >> >> > >> >> Third, this may be a good opportunity to fix a design mistake in >> >> "monitor", which is that it sends too much data when a row is modified: >> >> it sends both the old and new values for columns that have changed, as >> >> well as the value of every column that did not change. I thought that >> >> would be useful when I originally designed it, but it's proven to just >> >> waste CPU and memory and bandwidth. >> >> >> > >> > I will include a new version of Update Notification that will describe >> > this change. >> > >> I am working on patch series that implements this enhancement. My >> current plan is to send the RFC changes along with the prototyping >> code for review. I am currently making a small change to the original >> monitor message to indicate whether it will accept the new Update >> Notification format. With the proposal of , I >> think it can be implied with the new message, and much cleaner. >> >> The details of the new Update Notification is more involved that I >> would like to prototype before proposing. >> > > I thought to define a new member called "modified" to monitor-select object > to signify that update notification should include only modified columns > with their new value only. Client should set to true only one of the members > "modify", "modified". If both omitted default behavior is "modify" as it is > now. (XOR) This is an interesting proposal. But I don't think we need the bit for the new monitor message. The new 'modified' only update notification is likely to be significantly different than current Update Notification, I think it will make sense to add a new message type, say, Update Notification2 (V2). Coming back to the modified bit proposal, I don't think we need this extra bit. The monitor-select should accept both current Update Notification and V2, assuming both changes are made into the same OVS release. On the other hand, this bit may be useful to be added to the current monitor message if we want to continue using it after monitor-select being available for modified only updates. I currently don't foresee such use case. Do you? Make sense? ___ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
[ovs-dev] [PATCH 1/4] tests: Fix banner name for ovn-sbctl.
Signed-off-by: Justin Pettit--- tests/ovn-sbctl.at |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/tests/ovn-sbctl.at b/tests/ovn-sbctl.at index 16968fd..d44714e 100644 --- a/tests/ovn-sbctl.at +++ b/tests/ovn-sbctl.at @@ -1,4 +1,4 @@ -AT_BANNER([ovn_controller_gw]) +AT_BANNER([ovn-sbctl]) # OVN_SBCTL_TEST_START m4_define([OVN_SBCTL_TEST_START], -- 1.7.5.4 ___ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
[ovs-dev] [PATCH 4/4] tests: Add unit tests for ovn-nbctl.
Signed-off-by: Justin Pettit--- tests/automake.mk |1 + tests/ovn-nbctl.at | 119 tests/testsuite.at |1 + 3 files changed, 121 insertions(+), 0 deletions(-) create mode 100644 tests/ovn-nbctl.at diff --git a/tests/automake.mk b/tests/automake.mk index 32f757b..4198039 100644 --- a/tests/automake.mk +++ b/tests/automake.mk @@ -87,6 +87,7 @@ TESTSUITE_AT = \ tests/vtep-ctl.at \ tests/auto-attach.at \ tests/ovn.at \ + tests/ovn-nbctl.at \ tests/ovn-sbctl.at \ tests/ovn-controller-vtep.at diff --git a/tests/ovn-nbctl.at b/tests/ovn-nbctl.at new file mode 100644 index 000..dd81626 --- /dev/null +++ b/tests/ovn-nbctl.at @@ -0,0 +1,119 @@ +AT_BANNER([ovn-nbctl]) + +# OVN_NBCTL_TEST_START +m4_define([OVN_NBCTL_TEST_START], + [OVS_RUNDIR=`pwd`; export OVS_RUNDIR + OVS_LOGDIR=`pwd`; export OVS_LOGDIR + OVS_DBDIR=`pwd`; export OVS_DBDIR + OVS_SYSCONFDIR=`pwd`; export OVS_SYSCONFDIR + + dnl Create ovn-nb database. + AT_CHECK([ovsdb-tool create ovn-nb.db $abs_top_srcdir/ovn/ovn-nb.ovsschema]) + + dnl Start ovsdb-server. + AT_CHECK([ovsdb-server --detach --no-chdir --pidfile --log-file --remote=punix:$OVS_RUNDIR/db.sock ovn-nb.db], [0], [], [stderr]) +ON_EXIT_UNQUOTED([kill `cat ovsdb-server.pid`]) + AT_CHECK([[sed < stderr ' +/vlog|INFO|opened log file/d +/ovsdb_server|INFO|ovsdb-server (Open vSwitch)/d']]) + AT_CAPTURE_FILE([ovsdb-server.log]) +]) + +# OVN_NBCTL_TEST_STOP +m4_define([OVN_NBCTL_TEST_STOP], + [AT_CHECK([check_logs $1]) + AT_CHECK([ovs-appctl -t ovsdb-server exit])]) + + +AT_SETUP([ovn-nbctl - lswitch]) +OVN_NBCTL_TEST_START + +AT_CHECK([ovn-nbctl lswitch-add ls0]) +AT_CHECK([ovn-nbctl lswitch-list | ${PERL} $srcdir/uuidfilt.pl], [0], [dnl +<0> (ls0) +]) + +AT_CHECK([ovn-nbctl lswitch-add ls1]) +AT_CHECK([ovn-nbctl lswitch-list | ${PERL} $srcdir/uuidfilt.pl], [0], [dnl +<0> (ls0) +<1> (ls1) +]) + +AT_CHECK([ovn-nbctl lswitch-del ls0]) +AT_CHECK([ovn-nbctl lswitch-list | ${PERL} $srcdir/uuidfilt.pl], [0], [dnl +<0> (ls1) +]) + +OVN_NBCTL_TEST_STOP +AT_CLEANUP + +dnl - + +AT_SETUP([ovn-nbctl - lport]) +OVN_NBCTL_TEST_START + +AT_CHECK([ovn-nbctl lswitch-add ls0]) +AT_CHECK([ovn-nbctl lport-add ls0 lp0]) +AT_CHECK([ovn-nbctl lport-list ls0 | ${PERL} $srcdir/uuidfilt.pl], [0], [dnl +<0> (lp0) +]) + +AT_CHECK([ovn-nbctl lport-add ls0 lp1]) +AT_CHECK([ovn-nbctl lport-list ls0 | ${PERL} $srcdir/uuidfilt.pl], [0], [dnl +<0> (lp0) +<1> (lp1) +]) + +AT_CHECK([ovn-nbctl lport-del lp1]) +AT_CHECK([ovn-nbctl lport-list ls0 | ${PERL} $srcdir/uuidfilt.pl], [0], [dnl +<0> (lp0) +]) + +OVN_NBCTL_TEST_STOP +AT_CLEANUP + +dnl - + +AT_SETUP([ovn-nbctl - lport macs]) +OVN_NBCTL_TEST_START + +AT_CHECK([ovn-nbctl lswitch-add ls0]) +AT_CHECK([ovn-nbctl lport-add ls0 lp0]) +AT_CHECK([ovn-nbctl lport-get-macs lp0], [0], [dnl +]) + +AT_CHECK([ovn-nbctl lport-set-macs lp0 00:11:22:33:44:55 unknown]) +AT_CHECK([ovn-nbctl lport-get-macs lp0], [0], [dnl +00:11:22:33:44:55 +unknown +]) + +AT_CHECK([ovn-nbctl lport-set-macs lp0]) +AT_CHECK([ovn-nbctl lport-get-macs lp0], [0], [dnl +]) + +OVN_NBCTL_TEST_STOP +AT_CLEANUP + +dnl - + +AT_SETUP([ovn-nbctl - lport port security]) +OVN_NBCTL_TEST_START + +AT_CHECK([ovn-nbctl lswitch-add ls0]) +AT_CHECK([ovn-nbctl lport-add ls0 lp0]) +AT_CHECK([ovn-nbctl lport-get-macs lp0], [0], [dnl +]) + +AT_CHECK([ovn-nbctl lport-set-port-security lp0 aa:bb:cc:dd:ee:ff 00:11:22:33:44:55]) +AT_CHECK([ovn-nbctl lport-get-port-security lp0], [0], [dnl +00:11:22:33:44:55 +aa:bb:cc:dd:ee:ff +]) + +AT_CHECK([ovn-nbctl lport-set-port-security lp0]) +AT_CHECK([ovn-nbctl lport-get-port-security lp0], [0], [dnl +]) + +OVN_NBCTL_TEST_STOP +AT_CLEANUP diff --git a/tests/testsuite.at b/tests/testsuite.at index f3bc126..cb2e098 100644 --- a/tests/testsuite.at +++ b/tests/testsuite.at @@ -68,5 +68,6 @@ m4_include([tests/vlog.at]) m4_include([tests/vtep-ctl.at]) m4_include([tests/auto-attach.at]) m4_include([tests/ovn.at]) +m4_include([tests/ovn-nbctl.at]) m4_include([tests/ovn-sbctl.at]) m4_include([tests/ovn-controller-vtep.at]) -- 1.7.5.4 ___ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
[ovs-dev] Citrix XenServer-Accounts
Hi, Would you be interested to acquire below mentioned Virtualization software-End Users Accounts with verified email addresses and phone numbers across the globe? * Citrix XenServer * AppSense * Veeam * Hyper-V * VMware Hypervisor, ESXi, vSphere Database comes with: opt-in email address, phone number and various other vital information. We also can help you with Cloud, ERP, CRM, API and many more We also provide Industry specific database. Kindly let me know if you have any other requirement, so that I can send you detailed information. Appreciate your time and look forward to your response. Warm regards, Elina Roberts| Sr. Lead Generation Executive We respect your privacy. If you do not wish to receive future e-mail please reply with "REMOVE". ___ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
[ovs-dev] [PATCH 3/4] ovn-nbctl: Sort output of most commands.
This will be helpful for unit tests. Signed-off-by: Justin Pettit--- ovn/utilities/ovn-nbctl.c | 49 ++-- 1 files changed, 42 insertions(+), 7 deletions(-) diff --git a/ovn/utilities/ovn-nbctl.c b/ovn/utilities/ovn-nbctl.c index 0bdb3a3..aac7be1 100644 --- a/ovn/utilities/ovn-nbctl.c +++ b/ovn/utilities/ovn-nbctl.c @@ -25,8 +25,10 @@ #include "ovn/lib/ovn-nb-idl.h" #include "poll-loop.h" #include "process.h" +#include "smap.h" #include "stream.h" #include "stream-ssl.h" +#include "svec.h" #include "util.h" #include "openvswitch/vlog.h" @@ -217,11 +219,20 @@ do_lswitch_list(struct ovs_cmdl_context *ctx) { struct nbctl_context *nb_ctx = ctx->pvt; const struct nbrec_logical_switch *lswitch; +struct smap lswitches; +smap_init(); NBREC_LOGICAL_SWITCH_FOR_EACH(lswitch, nb_ctx->idl) { -printf(UUID_FMT " (%s)\n", - UUID_ARGS(>header_.uuid), lswitch->name); +smap_add_format(, lswitch->name, UUID_FMT " (%s)", +UUID_ARGS(>header_.uuid), lswitch->name); } +const struct smap_node **nodes = smap_sort(); +for (size_t i = 0; i < smap_count(); i++) { +const struct smap_node *node = nodes[i]; +printf("%s\n", node->value); +} +smap_destroy(); +free(nodes); } static void @@ -408,17 +419,27 @@ do_lport_list(struct ovs_cmdl_context *ctx) struct nbctl_context *nb_ctx = ctx->pvt; const char *id = ctx->argv[1]; const struct nbrec_logical_switch *lswitch; +struct smap lports; +size_t i; lswitch = lswitch_by_name_or_uuid(nb_ctx, id); if (!lswitch) { return; } -for (size_t i = 0; i < lswitch->n_ports; i++) { +smap_init(); +for (i = 0; i < lswitch->n_ports; i++) { const struct nbrec_logical_port *lport = lswitch->ports[i]; -printf(UUID_FMT " (%s)\n", - UUID_ARGS(>header_.uuid), lport->name); +smap_add_format(, lport->name, UUID_FMT " (%s)", +UUID_ARGS(>header_.uuid), lport->name); } +const struct smap_node **nodes = smap_sort(); +for (i = 0; i < smap_count(); i++) { +const struct smap_node *node = nodes[i]; +printf("%s\n", node->value); +} +smap_destroy(); +free(nodes); } static void @@ -532,6 +553,8 @@ do_lport_get_macs(struct ovs_cmdl_context *ctx) struct nbctl_context *nb_ctx = ctx->pvt; const char *id = ctx->argv[1]; const struct nbrec_logical_port *lport; +struct svec macs; +const char *mac; size_t i; lport = lport_by_name_or_uuid(nb_ctx, id); @@ -539,9 +562,14 @@ do_lport_get_macs(struct ovs_cmdl_context *ctx) return; } +svec_init(); for (i = 0; i < lport->n_macs; i++) { -printf("%s\n", lport->macs[i]); +svec_add(, lport->macs[i]); +} +SVEC_FOR_EACH(i, mac, ) { +printf("%s\n", mac); } +svec_destroy(); } static void @@ -566,6 +594,8 @@ do_lport_get_port_security(struct ovs_cmdl_context *ctx) struct nbctl_context *nb_ctx = ctx->pvt; const char *id = ctx->argv[1]; const struct nbrec_logical_port *lport; +struct svec addrs; +const char *addr; size_t i; lport = lport_by_name_or_uuid(nb_ctx, id); @@ -573,9 +603,14 @@ do_lport_get_port_security(struct ovs_cmdl_context *ctx) return; } +svec_init(); for (i = 0; i < lport->n_port_security; i++) { -printf("%s\n", lport->port_security[i]); +svec_add(, lport->port_security[i]); +} +SVEC_FOR_EACH(i, addr, ) { +printf("%s\n", addr); } +svec_destroy(); } static void -- 1.7.5.4 ___ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
[ovs-dev] RETURNED MAIL: SEE TRANSCRIPT FOR DETAILS
ê?¦aOnü}ïEû`Õë"K§ì71U<Ër§QêöÄ1pè'ÀØÅ¢¦)§¨>hQЫ6xØkK¤ãôSÖB>ôü£~ósÓ©'Ýháðnôöä òÕqµ|T¡z/Ú[hA¢2'4Xï פ·§¸[W»cGU5.Ôá¾{AbűÑ}b_ÏE[,kK»_5êh|:Êð\gñ¿ô·ÛÖªEO¤ÌI O~!*õ0«WÏeh¸é}×é9)¶¢ va
[ovs-dev] Delivery failed
The original message was received at Wed, 2 Sep 2015 23:48:04 +0530 from openvswitch.org [63.252.144.34] - The following addresses had permanent fatal errors -___ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
[ovs-dev] [PATCH] Include vtep dir into the sandbox path
Otherwise the built vtep-ctl is not available from the sandbox command line. --- tutorial/ovs-sandbox | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tutorial/ovs-sandbox b/tutorial/ovs-sandbox index c8fc32f..5e0553b 100755 --- a/tutorial/ovs-sandbox +++ b/tutorial/ovs-sandbox @@ -258,7 +258,7 @@ if $built; then echo >&2 'build not found, please change set $builddir or change directory' exit 1 fi -PATH=$builddir/ovsdb:$builddir/vswitchd:$builddir/utilities:$PATH + PATH=$builddir/ovsdb:$builddir/vswitchd:$builddir/utilities:$builddir/vtep:$PATH if $ovn; then PATH=$builddir/ovn:$builddir/ovn/controller:$builddir/ovn/controller-vtep:$builddir/ovn/northd:$builddir/ovn/utilities:$PATH fi -- 1.8.3.1 ___ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
[ovs-dev] Mail System Error - Returned Mail
Dear user dev@openvswitch.org, mail server administrator of openvswitch.org would like to let you know that, We have received reports that your email account was used to send a large amount of unsolicited commercial email during the last week. Most likely your computer was infected and now runs a trojan proxy server. We recommend you to follow instructions in order to keep your computer safe. Have a nice day, The openvswitch.org team. ___ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
[ovs-dev] [PATCH] Include vtep dir into the sandbox path
From: Miguel Angel AjoOtherwise the built vtep-ctl is not available from the sandbox command line. --- tutorial/ovs-sandbox | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tutorial/ovs-sandbox b/tutorial/ovs-sandbox index c8fc32f..5e0553b 100755 --- a/tutorial/ovs-sandbox +++ b/tutorial/ovs-sandbox @@ -258,7 +258,7 @@ if $built; then echo >&2 'build not found, please change set $builddir or change directory' exit 1 fi -PATH=$builddir/ovsdb:$builddir/vswitchd:$builddir/utilities:$PATH + PATH=$builddir/ovsdb:$builddir/vswitchd:$builddir/utilities:$builddir/vtep:$PATH if $ovn; then PATH=$builddir/ovn:$builddir/ovn/controller:$builddir/ovn/controller-vtep:$builddir/ovn/northd:$builddir/ovn/utilities:$PATH fi -- 1.8.3.1 ___ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
[ovs-dev] poor performance after adding vlan tag to a vport
Hi,Everyone update for BUG at http://openvswitch.org/pipermail/discuss/2014-April/013791.html I use vlan tag for VM but poor performance, Thanks ___ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
Re: [ovs-dev] [PATCH] Include vtep dir into the sandbox path
On 09/03/2015 04:54 AM, Miguel Angel Ajo wrote: > Otherwise the built vtep-ctl is not available from the > sandbox command line. > --- > tutorial/ovs-sandbox | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/tutorial/ovs-sandbox b/tutorial/ovs-sandbox > index c8fc32f..5e0553b 100755 > --- a/tutorial/ovs-sandbox > +++ b/tutorial/ovs-sandbox > @@ -258,7 +258,7 @@ if $built; then > echo >&2 'build not found, please change set $builddir or change > directory' > exit 1 > fi > -PATH=$builddir/ovsdb:$builddir/vswitchd:$builddir/utilities:$PATH > + > PATH=$builddir/ovsdb:$builddir/vswitchd:$builddir/utilities:$builddir/vtep:$PATH > if $ovn; then > > PATH=$builddir/ovn:$builddir/ovn/controller:$builddir/ovn/controller-vtep:$builddir/ovn/northd:$builddir/ovn/utilities:$PATH > fi > Thanks for the patch! Can you re-submit with a "Signed-off-by" line in the commit message? See this doc for more info if you're not familiar with the DCO (Developer's Certificate of Origin): https://github.com/openvswitch/ovs/blob/master/CONTRIBUTING.md -- Russell Bryant ___ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
Re: [ovs-dev] [PATCH] Include vtep dir into the sandbox path
Sorry for the duplicate, I got a rejection on first one from the server, but somehow is on the mail list archive now that I look. and I guess I'm missing a Signed-off-my: Miguel Angel Ajoright? majop...@redhat.com wrote: From: Miguel Angel Ajo Otherwise the built vtep-ctl is not available from the sandbox command line. --- tutorial/ovs-sandbox | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tutorial/ovs-sandbox b/tutorial/ovs-sandbox index c8fc32f..5e0553b 100755 --- a/tutorial/ovs-sandbox +++ b/tutorial/ovs-sandbox @@ -258,7 +258,7 @@ if $built; then echo>&2 'build not found, please change set $builddir or change directory' exit 1 fi -PATH=$builddir/ovsdb:$builddir/vswitchd:$builddir/utilities:$PATH + PATH=$builddir/ovsdb:$builddir/vswitchd:$builddir/utilities:$builddir/vtep:$PATH if $ovn; then PATH=$builddir/ovn:$builddir/ovn/controller:$builddir/ovn/controller-vtep:$builddir/ovn/northd:$builddir/ovn/utilities:$PATH fi ___ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
[ovs-dev] [PATCH] datapath-windows: IpHelper support for multiple adapter instances
Added support for multiple internal adapter instances to the IpHelper module. Signed-off-by: Sorin VinturisReported-by: Sorin Vinturis Reported-at: https://github.com/openvswitch/ovs-issues/issues/101 --- datapath-windows/ovsext/IpHelper.c | 648 ++--- datapath-windows/ovsext/IpHelper.h | 11 +- datapath-windows/ovsext/Vport.c| 4 +- 3 files changed, 477 insertions(+), 186 deletions(-) diff --git a/datapath-windows/ovsext/IpHelper.c b/datapath-windows/ovsext/IpHelper.c index de0d457..964b675 100644 --- a/datapath-windows/ovsext/IpHelper.c +++ b/datapath-windows/ovsext/IpHelper.c @@ -26,28 +26,45 @@ #include "Debug.h" /* - * Fow now, we assume only one internal adapter + * IpHelper supports multiple internal adapters. */ KSTART_ROUTINE OvsStartIpHelper; +/* Contains the entries of internal adapter objects. */ +static LIST_ENTRY ovsInstanceList; + +/* Passive-level lock used to protect the internal adapter object list. */ +static ERESOURCE ovsInstanceListLock; + /* + * This structure is used to define each adapter instance. + * + * Note: * Only when the internal IP is configured and virtual * internal port is connected, the IP helper request can be * queued. + * + * We only keep internal IP for reference, it will not be used for determining + * SRC IP of the Tunnel. + * + * The lock must not raise the IRQL higher than PASSIVE_LEVEL in order for the + * route manipulation functions, i.e. GetBestRoute, to work. */ -static BOOLEAN ovsInternalIPConfigured; -static UINT32 ovsInternalPortNo; -static GUIDovsInternalNetCfgId; -static MIB_IF_ROW2 ovsInternalRow; -static MIB_IPINTERFACE_ROW ovsInternalIPRow; - -/* we only keep one internal IP for reference, it will not be used for - * determining SRC IP of Tunnel - */ -static UINT32 ovsInternalIP; +typedef struct _OVS_IPHELPER_INSTANCE +{ +LIST_ENTRY link; + +BOOLEAN isIpConfigured; +UINT32 portNo; +GUIDnetCfgId; +MIB_IF_ROW2 internalRow; +MIB_IPINTERFACE_ROW internalIPRow; +UINT32 ipAddress; +ERESOURCE lock; +} OVS_IPHELPER_INSTANCE, *POVS_IPHELPER_INSTANCE; /* * FWD_ENTRY > IPFORWARD_ENTRY @@ -85,6 +102,9 @@ static VOID OvsRemoveAllFwdEntriesWithSrc(UINT32 ipAddr); static VOID OvsCleanupIpHelperRequestList(VOID); static VOID OvsCleanupFwdTable(VOID); static VOID OvsAddToSortedNeighList(POVS_IPNEIGH_ENTRY ipn); +static POVS_IPHELPER_INSTANCE OvsIpHelperAllocateInstance( +POVS_IP_HELPER_REQUEST request); +static VOID OvsIpHelperDeleteInstance(POVS_IPHELPER_INSTANCE instance); static VOID OvsDumpIfRow(PMIB_IF_ROW2 ifRow) @@ -325,30 +345,53 @@ OvsDumpRoute(const SOCKADDR_INET *sourceAddress, NTSTATUS -OvsGetRoute(NET_LUID interfaceLuid, -const SOCKADDR_INET *destinationAddress, +OvsGetRoute(SOCKADDR_INET *destinationAddress, PMIB_IPFORWARD_ROW2 route, -SOCKADDR_INET *sourceAddress) +SOCKADDR_INET *sourceAddress, +POVS_IPHELPER_INSTANCE *instance) { -NTSTATUS status; +NTSTATUS status = STATUS_NETWORK_UNREACHABLE; +NTSTATUS result = STATUS_SUCCESS; +PLIST_ENTRY head, link, next; if (destinationAddress == NULL || route == NULL) { return STATUS_INVALID_PARAMETER; } -status = GetBestRoute2(, 0, - NULL, destinationAddress, - 0, route, sourceAddress); +ExAcquireResourceSharedLite(, TRUE); +head = &(ovsInstanceList); +LIST_FORALL_SAFE(head, link, next) { +ULONG minMetric = (ULONG)-1; +SOCKADDR_INET crtSrcAddr = { 0 }; +MIB_IPFORWARD_ROW2 crtRoute = { 0 }; +POVS_IPHELPER_INSTANCE crtInstance = NULL; -if (status != STATUS_SUCCESS) { -UINT32 ipAddr = destinationAddress->Ipv4.sin_addr.s_addr; -OVS_LOG_INFO("Fail to get route to %d.%d.%d.%d, status: %x", - ipAddr & 0xff, (ipAddr >> 8) & 0xff, - (ipAddr >> 16) & 0xff, (ipAddr >> 24) & 0xff, status); -return status; +crtInstance = CONTAINING_RECORD(link, OVS_IPHELPER_INSTANCE, link); + +ExAcquireResourceSharedLite(>lock, TRUE); +result = GetBestRoute2(>internalRow.InterfaceLuid, 0, + NULL, destinationAddress, 0, , + ); +if (result != STATUS_SUCCESS) { +ExReleaseResourceLite(>lock); +continue; +} + +if (minMetric > crtRoute.Metric) { +minMetric = crtRoute.Metric; + +RtlCopyMemory(sourceAddress, , sizeof(*sourceAddress)); +RtlCopyMemory(route, , sizeof(*route)); +*instance = crtInstance; + +status =
[ovs-dev] Dev@openvswitch.org
¯ë#L ¿Û÷jE¯1åJ÷.7ð²;a?£â1;|b^¤-Ï0eôRrÉ(Ó*²ej¦Ç¹¡Ó_- ºòÄ[(Yó²ZtEQ§ èÊRµùyýÙlÑÀ)¥[dçÌÛÝÍwämºCÇ£´|¾Q3ýÄ£*ä}îΪ-ÞGp°õä3øßÄË< ®ZuNQyn ¯¿Õ¸±VMïdfUöh¸Ýê"ÖÂÆÙ[«Â£ª¦ol"2^Çbâ^¬ÝâqY4uØ°<\ ¿1ð¿e(ÂNù)åUzëÆåutMQÛ}Í)t³ésã¯jmg¾K1SløK ±b;j{½\;´¿ñxÌÙfcõgÂÉÌ<ì±VsÄ´bç>£\h;~)o,ûûû¡«_k¼w¿¦ôÔxu §ÐÊÝyÞP·{VÂlð¾íº/$Bô¢.Où¿f;*í±AS-O3ôè%^O5_1^y¤¦²gÒw«ÌÅóW;Ìųz¢Ô)»ïÇ÷¢Ýl\^\jÞñöÑxQÎy¬økY*sÄil¸c&÷REª%µj8Ù3HéåÙØ9Åy8Û1g¨zX×:c|ÙÔ¾!PÕ§ßÝ°ø«$µVzØÆUj rÓbZé ì ËZa Ò¶á¢ì!³ÜTMuè¾()v·¿ÛãõaÇ7_v$¸³´_!Ƽ2tðëú!ݽÂf¹?cOÏf_Ú]ùLº»'ÜÓ¸ñC2Ïi-ñL]°ä§n&Á¶ÄÐå¼s yÚ´µeÖ\·,$Ögw$úFíE _ú\2¹ë¼¡Î 7Ð{Ø Î¯ù ¤Ùhê9ýFêÎöÊá"|Ðè7ô¸<÷¡íø9 -ñ4zÕUFxX7ì»Û¢½5wÏrDÛSÀób÷#SHÆíu]^s*ÍópmÈ|ƵIÉøälø/§eªkïåF¡á÷.W "|Bkß×Ó_î4ðÑÃÖÏتf]Øï´µyÞÉ~m½àw4}Õ*ù]ik9§¬ûYQh§ý»,¤ØdãLEM©»mcÓX´ ºUðvÉ/e½?Ac\ÌHã-õ6ÔOy ùno4zlÅå¯''©yEgè|náq£éÕûnòõ.~gZx%Nº)g^FØ/±±Üa*º¿3ËSpáîR6zkɼ¤mur VäOKÒË8´ª Y p¥nr¢!b Ic¥}Ô;§ÊâsX·4o´as[) AþÓç 0»þ/ó (¶ïs`ÞôUÒ[èÇíØ/jsÓ[ïÅÅÁ<`¬'JU§?øÌtÌiJ_0§{'·í}d¦5¬{ ö1!q~»uÆÚí¦T33etÓ¢`t½uâ yô¤²ùÅBÇ3D:àº-·L`³ Õ0:ãÚ<¬Ò¡Ì¦-Uôö"!¦çÆ[ÁR³f¸ATewª0Î5ë¾1§½h>qö§ýPó¦9¿Y<÷ùçlõÔtÐè2Yö4{îQëûT õe» ¥Ø²/¼Z5zïÔk4æ^Û<##aXÓ/BßQJ)6.ÊOèîXjÚyG]OhÒH}Guìmúo}ï#:ÅLõc¾v»Îà¬ô¶aN<¶ XNù<ñ-×bÊy_Â8V¶zg§Å(¿1AØà,ÃS7HÄƹº$õdWàQ{¨#ênQs\æ×flWEHí« ![)e¯7þµà¿#5") ;lzµø$³úê뱪òû°±øx5Äoï þk*< î´äé I¬r^¤I/âÍp"àzÒçï%8í䶻6À%DÈhaÙôoYb¾ðÔµ¹ÜtiÑpZqþÍúã˶ìêHÞö3¦» 3!HXv#k#oMÝܬ"|u4&}L¾ÔyËãB«}AqµEÍuNS»*{¯ $׺ËbM ¸VÕëÓðóg'}.ú¢iÉ÷¶6W rèôÏ Û!|}í{QGv§ûíbnä°ú·æ¾Äh Iþ¿¿ú½ ;áT0þ£ [rP ®Þ[~ÕvæHÝF¡ýÔ}°ð¼JrÅw_1ô¨5Ò39 <© K[Û~F}[:<õ K)þMÝQ¡³ëÎ ñ¦C{Wm \P< Ú9¯Ê-ÐAáüÓev÷eÃýÐþ;[íhj#!Þm:åwl¾Xz}KCÃðêÑçl§ù¼wK O)Ö¹[udJ1;/ à½ù·nÓEÒUqzE Kñú©2TõtTA¹©V²ÙGXU Ypü6OL!» Cc©Ú°÷ÁÑçSCl%kMûâøìÕ wGÔv÷(J©iAgbJôÎåæTO» /êª^GëÞ½ú²ñ¨/n^ÆØÜ ÂH¯ô2GÄ]6å8tW³åÁóT]T:-ÆWÆjF¬úÁyíïÁ|Þè2·ãNP×NQ}þÀ÷Ô7Uó}øs'£zÞâu!4xÁÍ ___ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
Re: [ovs-dev] OVN: RFC add a new JSON-RPC selective monitoring method
Andy Zhouwrote on 01/09/2015 11:15:56 PM: > From: Andy Zhou > To: Liran Schour/Haifa/IBM@IBMIL > Cc: Ben Pfaff , dev > Date: 01/09/2015 11:16 PM > Subject: Re: [ovs-dev] OVN: RFC add a new JSON-RPC selective monitoring method > > > > >> Third, this may be a good opportunity to fix a design mistake in > >> "monitor", which is that it sends too much data when a row is modified: > >> it sends both the old and new values for columns that have changed, as > >> well as the value of every column that did not change. I thought that > >> would be useful when I originally designed it, but it's proven to just > >> waste CPU and memory and bandwidth. > >> > > > > I will include a new version of Update Notification that will describe > > this change. > > > I am working on patch series that implements this enhancement. My > current plan is to send the RFC changes along with the prototyping > code for review. I am currently making a small change to the original > monitor message to indicate whether it will accept the new Update > Notification format. With the proposal of , I > think it can be implied with the new message, and much cleaner. > > The details of the new Update Notification is more involved that I > would like to prototype before proposing. > I thought to define a new member called "modified" to monitor-select object to signify that update notification should include only modified columns with their new value only. Client should set to true only one of the members "modify", "modified". If both omitted default behavior is "modify" as it is now. (XOR) Will it work with your plans? ___ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
[ovs-dev] [PATCH 2/3] lib: Add --user for daemon
Allow daemon running as root to accept --user option, that accepts "user:group" string as input. Performs sanity check on the input, and store the converted uid and gid. daemon_become_new_user() needs to be called to make the actual switch. Signed-off-by: Andy Zhou--- lib/daemon-unix.c | 71 +++ lib/daemon.h | 27 +++-- 2 files changed, 91 insertions(+), 7 deletions(-) diff --git a/lib/daemon-unix.c b/lib/daemon-unix.c index d52ac2d..44eb800 100644 --- a/lib/daemon-unix.c +++ b/lib/daemon-unix.c @@ -20,6 +20,7 @@ #include #include #include +#include #include #include #include @@ -693,6 +694,76 @@ should_service_stop(void) return false; } +void daemon_set_new_user(const char *user_spec) +{ +char *pos = strchr(user_spec, ':'); + +uid = getuid(); +gid = getgid(); + +if (gid || uid) { +VLOG_FATAL("%s: only root can use --user option", pidfile); +} + +user_spec += strspn(user_spec, " \t\r\n"); +int len = pos ? pos - user_spec : strlen(user_spec); +struct passwd pwd, *res; +char buf[4096]; + +if (len) { +user = xzalloc(len + 1); +strncpy(user, user_spec, len); + +if (getpwnam_r(user, , buf, 4096, )) { +VLOG_FATAL("%s: Invalid --user option %s (no such user %s)", + pidfile, user_spec, user); +} +} else { +/* User is not specified, use current user. */ +if (getpwuid_r(uid, , buf, 4096, )) { +VLOG_FATAL("%s: Invalid --user option %s (failed to lookup " + "current user with uid %d)", pidfile, user_spec, uid); +} +user = strdup(pwd.pw_name); +} + +uid = pwd.pw_uid; +gid = pwd.pw_gid; + +if (pos) { +char *grpstr = pos + 1; +grpstr += strspn(grpstr, " \t\r\n"); + +if (*grpstr) { +struct group grp, *res; + +if(getgrnam_r(grpstr, , buf, 4096, )) { +VLOG_FATAL("%s: Invalid --user option %s (unknown group %s)", + pidfile, user_spec, grpstr); +} + +if(gid != grp.gr_gid) { +char **mem; + +for(mem = grp.gr_mem; *mem; ++mem) { +if (!strcmp(*mem, user)) { +break; +} +} + +if (!*mem) { +VLOG_FATAL("%s: Invalid --user option %s (user %s is " + "not in group %s)", pidfile, user_spec, + user, grpstr); +} +gid = grp.gr_gid; +} +} +} + +switch_to_new_user = true; +} + void daemon_become_new_user(void) { diff --git a/lib/daemon.h b/lib/daemon.h index fb97cde..4b25f46 100644 --- a/lib/daemon.h +++ b/lib/daemon.h @@ -42,14 +42,16 @@ OPT_NO_CHDIR, \ OPT_OVERWRITE_PIDFILE, \ OPT_PIDFILE,\ -OPT_MONITOR +OPT_MONITOR,\ +OPT_USER_GROUP -#define DAEMON_LONG_OPTIONS \ -{"detach",no_argument, NULL, OPT_DETACH}, \ -{"no-chdir", no_argument, NULL, OPT_NO_CHDIR}, \ -{"pidfile", optional_argument, NULL, OPT_PIDFILE},\ +#define DAEMON_LONG_OPTIONS \ +{"detach",no_argument, NULL, OPT_DETACH},\ +{"no-chdir", no_argument, NULL, OPT_NO_CHDIR}, \ +{"pidfile", optional_argument, NULL, OPT_PIDFILE}, \ {"overwrite-pidfile", no_argument, NULL, OPT_OVERWRITE_PIDFILE}, \ -{"monitor", no_argument, NULL, OPT_MONITOR} +{"monitor", no_argument, NULL, OPT_MONITOR}, \ +{"user", required_argument, NULL, OPT_USER_GROUP} #define DAEMON_OPTION_HANDLERS \ case OPT_DETACH:\ @@ -70,6 +72,10 @@ \ case OPT_MONITOR: \ daemon_set_monitor(); \ +break; \ +\ +case OPT_USER_GROUP:\ +daemon_set_new_user(optarg);\ break; void set_detach(void); @@ -77,6 +83,7 @@ void daemon_set_monitor(void); void set_no_chdir(void); void ignore_existing_pidfile(void); void daemon_become_new_user(void); +void daemon_set_new_user(const char *); pid_t read_pidfile(const char *name); #else #define DAEMON_OPTION_ENUMS\ @@ -85,7 +92,7 @@ pid_t read_pidfile(const char *name); OPT_PIDFILE, \
[ovs-dev] [PATCH 3/3] ovsdb-server: support --user option
Add support for running ovsdb-server as a non-root user, specified by the --user option. If specified, all I/O access and all sub-processes will be perfromed as the new user. VMware-BZ: #1499254 Signed-off-by: Andy Zhou--- NEWS | 1 + lib/daemon.man | 8 ovsdb/ovsdb-server.c | 6 +- 3 files changed, 14 insertions(+), 1 deletion(-) diff --git a/NEWS b/NEWS index ca22c8e..5192ac1 100644 --- a/NEWS +++ b/NEWS @@ -21,6 +21,7 @@ Post-v2.4.0 targets to run a new system testsuite. These tests can be run inside a Vagrant box. See INSTALL.md for details - Dropped support for GRE64 tunnel. + - Added --user option to ovsdb-server. v2.4.0 - 20 Aug 2015 diff --git a/lib/daemon.man b/lib/daemon.man index 4ab9823..d7e2968 100644 --- a/lib/daemon.man +++ b/lib/daemon.man @@ -50,3 +50,11 @@ core dumps into the current working directory and the root directory is not a good directory to use. .IP This option has no effect when \fB\-\-detach\fR is not specified. +. +.TP +\fB\-\-user\fR +Causes \fB\*(PN\fR to run as a new user specified in "user:group". Short +forms "user" and ":group" are also allowed, with current user or group +are assumed respectively. Only root process accepts this argument. +.IP +Currently only ovsdb-server actually implements this option. diff --git a/ovsdb/ovsdb-server.c b/ovsdb/ovsdb-server.c index 4088d85..fdeecd2 100644 --- a/ovsdb/ovsdb-server.c +++ b/ovsdb/ovsdb-server.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2009, 2010, 2011, 2012, 2013, 2014 Nicira, Inc. +/* Copyright (c) 2009, 2010, 2011, 2012, 2013, 2014, 2015 Nicira, Inc. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -221,6 +221,10 @@ main(int argc, char *argv[]) process_init(); parse_options(, , , _path, _command); +/* Drop root privileges and become the new user as soon as possible. + * OVSDB server does not need root privileges. If --user option is + * not specified, the following function is essentially no-op. */ +daemon_become_new_user(); /* Create and initialize 'config_tmpfile' as a temporary file to hold * ovsdb-server's most basic configuration, and then save our initial -- 1.9.1 ___ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
[ovs-dev] [PATCH 1/3] lib: add function to switch daemon user at run time
Added function to drop daemon's root privileges at run time by allowing it to run as a different user. Daemon can still start running as root. Each daemon's implementation can invoke this function when it is ready to drop the root privilege. Future patch will make use of this function. Signed-off-by: Andy Zhou--- lib/daemon-unix.c | 50 +- lib/daemon.h | 9 - 2 files changed, 57 insertions(+), 2 deletions(-) diff --git a/lib/daemon-unix.c b/lib/daemon-unix.c index eb95521..d52ac2d 100644 --- a/lib/daemon-unix.c +++ b/lib/daemon-unix.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2008, 2009, 2010, 2011, 2012, 2013 Nicira, Inc. + * Copyright (c) 2008, 2009, 2010, 2011, 2012, 2013, 2015 Nicira, Inc. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -19,6 +19,7 @@ #include "daemon-private.h" #include #include +#include #include #include #include @@ -64,6 +65,13 @@ static int daemonize_fd = -1; * it dies due to an error signal? */ static bool monitor; +/* --user: Only root can have this option. Switch to new uid:gid after initial + * running as root. */ +static bool switch_to_new_user = false; +static uid_t uid; +static gid_t gid; +static char *user = NULL; + static void check_already_running(void); static int lock_pidfile(FILE *, int command); static pid_t fork_and_clean_up(void); @@ -684,3 +692,43 @@ should_service_stop(void) { return false; } + +void +daemon_become_new_user(void) +{ +if (switch_to_new_user) { +/* "Setuid Demystified" by Hao Chen, etc outlines some caveats of + * around unix system call setuid() and friends. This implementation + * mostly follow the advice given by the paper. The paper is + * published in 2002, so things could have changed. + */ + +/* Change both real and effective uid and gid will permanently + * drop the process' privilege. "Setuid Demystified" suggested + * that calling getuid() after each setuid() call to verify they + * are actually set, because checking return code alone is not + * sufficient. + * + * Linux also has per process file system uid, i.e. fsuid. Without + * explicit setting it, it follows the process' effective uid. + * This implementation does not explicitly set fsuid for better + * portability. (Although setresuid() is not available on Solaris, + * according to the paper above.) */ + +if (setregid(gid, gid) == -1 || getgid() != gid || getegid() != gid) { +VLOG_FATAL("%s: fail to switch group to gid as %d, aborting", + pidfile, gid); +} + +if (user && initgroups(user, gid) == -1) { +VLOG_FATAL("%s: fail to add supplementary group gid %d, aborting", + pidfile, gid); +} + +/* Change both real and effective uid and make sure they are set. */ +if (setreuid(uid, uid) == -1 || getuid() != uid || geteuid() != uid) { +VLOG_FATAL("%s: fail to switch to user %s, aborting", + pidfile, user); +} +} +} diff --git a/lib/daemon.h b/lib/daemon.h index 959341d..fb97cde 100644 --- a/lib/daemon.h +++ b/lib/daemon.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2008, 2009, 2010, 2011, 2012 Nicira, Inc. + * Copyright (c) 2008, 2009, 2010, 2011, 2012, 2015 Nicira, Inc. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -76,6 +76,7 @@ void set_detach(void); void daemon_set_monitor(void); void set_no_chdir(void); void ignore_existing_pidfile(void); +void daemon_become_new_user(void); pid_t read_pidfile(const char *name); #else #define DAEMON_OPTION_ENUMS\ @@ -117,6 +118,12 @@ pid_t read_pidfile(const char *name); void control_handler(DWORD request); void set_pipe_handle(const char *pipe_handle); + +static inline void +daemon_become_new_user(void) +{ +/* Not implemented. */ +} #endif /* _WIN32 */ bool get_detach(void); -- 1.9.1 ___ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
[ovs-dev] Returned mail: see transcript for details
The original message was received at Thu, 3 Sep 2015 09:17:15 +0530 from openvswitch.org [108.227.34.13] - The following addresses had permanent fatal errors - dev@openvswitch.org - Transcript of session follows - ... while talking to host 91.140.160.89: 554 5.0.0 Service unavailable; [108.223.76.90] blocked using bl.spamcop.net Session aborted ___ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
[ovs-dev] Returned mail: Data format error
___ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev