[ovs-dev] [PATCH] openvswitch: meter: Use 64-bit arithmetic instead of 32-bit
Add suffix LL to constant 1000 in order to give the compiler complete information about the proper arithmetic to use. Notice that this constant is used in a context that expects an expression of type long long int (64 bits, signed). The expression (band->burst_size + band->rate) * 1000 is currently being evaluated using 32-bit arithmetic. Addresses-Coverity-ID: 1461563 ("Unintentional integer overflow") Signed-off-by: Gustavo A. R. Silva --- net/openvswitch/meter.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/openvswitch/meter.c b/net/openvswitch/meter.c index 3fbfc78..04b9428 100644 --- a/net/openvswitch/meter.c +++ b/net/openvswitch/meter.c @@ -488,7 +488,7 @@ bool ovs_meter_execute(struct datapath *dp, struct sk_buff *skb, long long int max_bucket_size; band = &meter->bands[i]; - max_bucket_size = (band->burst_size + band->rate) * 1000; + max_bucket_size = (band->burst_size + band->rate) * 1000LL; band->bucket += delta_ms * band->rate; if (band->bucket > max_bucket_size) -- 2.7.4 ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] Detecte y Prevenga Fraudes Oportunamente
En línea y en Vivo / Para todo su Equipo con una sola Conexión Sistemas Eficaces de Control a través de Auditorías Administrativas 22 de Febrero - Online en Vivo - Horario de 10:00 a 13:00 y de 15:00 a 18:00 ¡No más fugas de recursos! Detecte y prevenga fraudes de manera oportuna, establezca las pruebas de control interno adecuadas y asegúrese del cumplimiento de las políticas de su organización. La elevada competividad en el mundo empresarial, obliga a toda organización, sin importar su tamaño, a mejorar sus procesos, ser más eficientes e idenficar sus fallas; para esto resulta imprescindible la gestión e implementación de controles internos. Una auditoría interna eficiente, ayudará a la gerencia a revisar, evaluar y verificar el uso y control de los recursos humanos, materiales y financieros. TEMARIO: 1. Componentes de la Auditoría Administrativa. 2. Procedimientos de Auditoría Administrativa. 3. Instrumentación de la Auditoría Administrativa. 4. Emisión de Informes de Auditoría Administrativa. - Y mucho más. ¿Requiere la información a la Brevedad? responda este email con la palabra: Fraude Nombre: Teléfono: Empresa: Centro telefónico: 018002129393 Lic. María Canul Líder de Proyecto ¿Demasiados mensajes en su cuenta? Responda este mensaje indicando que solo desea recibir CALENDARIO y sólo recibirá un correo al mes. Si desea cancelar la suscripción, solicite su BAJA.. ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH 18/20] datapath: use ktime_get_ts64() instead of ktime_get_ts()
On 1/30/2018 3:40 PM, Greg Rose wrote: From: Arnd Bergmann Upstream commit: commit 311af51dcb5629f04976a8e451673f77e3301041 Author: Arnd Bergmann Date: Mon Nov 27 12:41:38 2017 +0100 openvswitch: use ktime_get_ts64() instead of ktime_get_ts() timespec is deprecated because of the y2038 overflow, so let's convert this one to ktime_get_ts64(). The code is already safe even on 32-bit architectures, since it uses monotonic times. On 64-bit architectures, nothing changes, while on 32-bit architectures this avoids one type conversion. Signed-off-by: Arnd Bergmann Signed-off-by: David S. Miller Additional compatability check for ktime_get_ts64() exists or not. If not, then just continue using ktime_get_ts(). Cc: Arnd Bergmann Signed-off-by: Greg Rose Oops, I screwed this up. ktime_get_ts64 isn't a macro. We'll need this incremental... diff --git a/acinclude.m4 b/acinclude.m4 index bc1ec72..5c63222 100644 --- a/acinclude.m4 +++ b/acinclude.m4 @@ -807,6 +807,9 @@ AC_DEFUN([OVS_CHECK_LINUX_COMPAT], [ OVS_GREP_IFELSE([$KSRC/include/linux/timekeeping.h], [ktime_get_ns], [OVS_DEFINE([HAVE_KTIME_GET_NS])]) + OVS_GREP_IFELSE([$KSRC/include/linux/timekeeping.h], + [ktime_get_ts64], + [OVS_DEFINE([HAVE_KTIME_GET_TS64])]) if cmp -s datapath/linux/kcompat.h.new \ datapath/linux/kcompat.h >/dev/null 2>&1; then diff --git a/datapath/flow.c b/datapath/flow.c index 385e481..cd8d422 100644 --- a/datapath/flow.c +++ b/datapath/flow.c @@ -52,7 +52,7 @@ #include "flow_netlink.h" #include "vport.h" -#ifndef ktime_get_ts64 +#ifndef HAVE_KTIME_GET_TS64 #define ktime_get_ts64 ktime_get_ts #define timespec64 timespec #endif --- datapath/flow.c | 11 --- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/datapath/flow.c b/datapath/flow.c index 5da7e3e..385e481 100644 --- a/datapath/flow.c +++ b/datapath/flow.c @@ -52,14 +52,19 @@ #include "flow_netlink.h" #include "vport.h" +#ifndef ktime_get_ts64 +#define ktime_get_ts64 ktime_get_ts +#define timespec64 timespec +#endif + u64 ovs_flow_used_time(unsigned long flow_jiffies) { - struct timespec cur_ts; + struct timespec64 cur_ts; u64 cur_ms, idle_ms; - ktime_get_ts(&cur_ts); + ktime_get_ts64(&cur_ts); idle_ms = jiffies_to_msecs(jiffies - flow_jiffies); - cur_ms = (u64)cur_ts.tv_sec * MSEC_PER_SEC + + cur_ms = (u64)(u32)cur_ts.tv_sec * MSEC_PER_SEC + cur_ts.tv_nsec / NSEC_PER_MSEC; return cur_ms - idle_ms; ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH V2] rhel: Fix support for root user using DPDK
Since 2.8.0 OVS runs as non-root user on rhel distros, but the current implementation breaks the ability to run as root with DPDK and as a consequence there is no way possible to use UIO drivers on kernel 4.0 and newer [1, 2]. [1] http://dpdk.org/browse/dpdk/commit/?id=cdc242f260e766bd95a658b5e0686a 62ec04f5b0 [2] https://www.kernel.org/doc/Documentation/vm/pagemap.txt Fixes: e3e738a3d058 ("redhat: allow dpdk to also run as non-root user") Signed-off-by: Marcos Schwarz --- lib/daemon-unix.c | 3 ++- rhel/usr_lib_systemd_system_ovs-vswitchd.service.in | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/lib/daemon-unix.c b/lib/daemon-unix.c index adb549c98..06528e9ab 100644 --- a/lib/daemon-unix.c +++ b/lib/daemon-unix.c @@ -1047,5 +1047,6 @@ daemon_set_new_user(const char *user_spec) } } -switch_user = true; +if (!uid_verify(uid) || !gid_verify(gid)) +switch_user = true; } diff --git a/rhel/usr_lib_systemd_system_ovs-vswitchd.service.in b/rhel/ usr_lib_systemd_system_ovs-vswitchd.service.in index c6d9aa1b8..e8b81e707 100644 --- a/rhel/usr_lib_systemd_system_ovs-vswitchd.service.in +++ b/rhel/usr_lib_systemd_system_ovs-vswitchd.service.in @@ -14,7 +14,7 @@ Environment=HOME=/var/run/openvswitch EnvironmentFile=/etc/openvswitch/default.conf EnvironmentFile=-/etc/sysconfig/openvswitch @begin_dpdk@ -ExecStartPre=-/usr/bin/chown :hugetlbfs /dev/hugepages +ExecStartPre=-/bin/sh -c '/usr/bin/chown :${OVS_USER_ID##*:} ExecStartPre=-/usr/bin/chmod 0775 /dev/hugepages @end_dpdk@ ExecStart=/usr/share/openvswitch/scripts/ovs-ctl \ -- 2.14.3 ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH 20/20] Documentation: Update NEWS and faq
On 1/30/2018 3:43 PM, Justin Pettit wrote: On Jan 30, 2018, at 3:40 PM, Greg Rose wrote: Signed-off-by: Greg Rose --- Documentation/faq/releases.rst | 1 + NEWS | 2 ++ 2 files changed, 3 insertions(+) diff --git a/Documentation/faq/releases.rst b/Documentation/faq/releases.rst index 62a1957..2f03c89 100644 --- a/Documentation/faq/releases.rst +++ b/Documentation/faq/releases.rst @@ -67,6 +67,7 @@ Q: What Linux kernel versions does each Open vSwitch release work with? 2.7.x3.10 to 4.9 2.8.x3.10 to 4.12 2.9.x3.10 to 4.13 +2.10.x 3.10 to 4.14 Thanks for the patches, Greg. Should we try to get these into 2.9 or just wait for 2.10? --Justin I assumed 2.10 but... well, I'm not sure. The major features new in the Linux kernel since 4.13 are meters, NSH and erspan. Not sure if we need those for 2.9 or not. - Greg ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH 20/20] Documentation: Update NEWS and faq
> On Jan 30, 2018, at 3:40 PM, Greg Rose wrote: > > Signed-off-by: Greg Rose > --- > Documentation/faq/releases.rst | 1 + > NEWS | 2 ++ > 2 files changed, 3 insertions(+) > > diff --git a/Documentation/faq/releases.rst b/Documentation/faq/releases.rst > index 62a1957..2f03c89 100644 > --- a/Documentation/faq/releases.rst > +++ b/Documentation/faq/releases.rst > @@ -67,6 +67,7 @@ Q: What Linux kernel versions does each Open vSwitch > release work with? > 2.7.x3.10 to 4.9 > 2.8.x3.10 to 4.12 > 2.9.x3.10 to 4.13 > +2.10.x 3.10 to 4.14 Thanks for the patches, Greg. Should we try to get these into 2.9 or just wait for 2.10? --Justin ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH 20/20] Documentation: Update NEWS and faq
Signed-off-by: Greg Rose --- Documentation/faq/releases.rst | 1 + NEWS | 2 ++ 2 files changed, 3 insertions(+) diff --git a/Documentation/faq/releases.rst b/Documentation/faq/releases.rst index 62a1957..2f03c89 100644 --- a/Documentation/faq/releases.rst +++ b/Documentation/faq/releases.rst @@ -67,6 +67,7 @@ Q: What Linux kernel versions does each Open vSwitch release work with? 2.7.x3.10 to 4.9 2.8.x3.10 to 4.12 2.9.x3.10 to 4.13 +2.10.x 3.10 to 4.14 == Open vSwitch userspace should also work with the Linux kernel module built diff --git a/NEWS b/NEWS index 726589c..38989bd 100644 --- a/NEWS +++ b/NEWS @@ -2,6 +2,8 @@ Post-v2.9.0 - ovs-vswitchd: * New options --l7 and --l7-len to "ofproto/trace" command. +- Linux kernel 4.14 + * Add support for compiling OVS with the latest Linux 4.14 kernel v2.9.0 - xx xxx -- 1.8.3.1 ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH 19/20] compat:inet_frag.h: Check for frag_percpu_counter_batch
Fix up the compat layer to check for frag_percpu_counter_batch and if not present then use atomic_sub and atomic_add as per the backport in the 3.16.50 LTS kernel. Fixes compile errors on 3.16 series kernels from 3.16.50 on. Signed-off-by: Greg Rose --- datapath/linux/compat/include/net/inet_frag.h | 14 ++ 1 file changed, 14 insertions(+) diff --git a/datapath/linux/compat/include/net/inet_frag.h b/datapath/linux/compat/include/net/inet_frag.h index 34078c8..c98c3a4 100644 --- a/datapath/linux/compat/include/net/inet_frag.h +++ b/datapath/linux/compat/include/net/inet_frag.h @@ -30,6 +30,7 @@ static inline bool inet_frag_evicting(struct inet_frag_queue *q) #endif #ifndef HAVE_SUB_FRAG_MEM_LIMIT_ARG_STRUCT_NETNS_FRAGS +#ifdef frag_percpu_counter_batch static inline void rpl_sub_frag_mem_limit(struct netns_frags *nf, int i) { __percpu_counter_add(&nf->mem, -i, frag_percpu_counter_batch); @@ -41,6 +42,19 @@ static inline void rpl_add_frag_mem_limit(struct netns_frags *nf, int i) __percpu_counter_add(&nf->mem, i, frag_percpu_counter_batch); } #define add_frag_mem_limit rpl_add_frag_mem_limit +#else /* frag_percpu_counter_batch */ +static inline void rpl_sub_frag_mem_limit(struct netns_frags *nf, int i) +{ + atomic_sub(i, &nf->mem); +} +#define sub_frag_mem_limit rpl_sub_frag_mem_limit + +static inline void rpl_add_frag_mem_limit(struct netns_frags *nf, int i) +{ + atomic_add(i, &nf->mem); +} +#define add_frag_mem_limit rpl_add_frag_mem_limit +#endif /* frag_percpu_counter_batch */ #endif #ifdef HAVE_VOID_INET_FRAGS_INIT -- 1.8.3.1 ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH 18/20] datapath: use ktime_get_ts64() instead of ktime_get_ts()
From: Arnd Bergmann Upstream commit: commit 311af51dcb5629f04976a8e451673f77e3301041 Author: Arnd Bergmann Date: Mon Nov 27 12:41:38 2017 +0100 openvswitch: use ktime_get_ts64() instead of ktime_get_ts() timespec is deprecated because of the y2038 overflow, so let's convert this one to ktime_get_ts64(). The code is already safe even on 32-bit architectures, since it uses monotonic times. On 64-bit architectures, nothing changes, while on 32-bit architectures this avoids one type conversion. Signed-off-by: Arnd Bergmann Signed-off-by: David S. Miller Additional compatability check for ktime_get_ts64() exists or not. If not, then just continue using ktime_get_ts(). Cc: Arnd Bergmann Signed-off-by: Greg Rose --- datapath/flow.c | 11 --- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/datapath/flow.c b/datapath/flow.c index 5da7e3e..385e481 100644 --- a/datapath/flow.c +++ b/datapath/flow.c @@ -52,14 +52,19 @@ #include "flow_netlink.h" #include "vport.h" +#ifndef ktime_get_ts64 +#define ktime_get_ts64 ktime_get_ts +#define timespec64 timespec +#endif + u64 ovs_flow_used_time(unsigned long flow_jiffies) { - struct timespec cur_ts; + struct timespec64 cur_ts; u64 cur_ms, idle_ms; - ktime_get_ts(&cur_ts); + ktime_get_ts64(&cur_ts); idle_ms = jiffies_to_msecs(jiffies - flow_jiffies); - cur_ms = (u64)cur_ts.tv_sec * MSEC_PER_SEC + + cur_ms = (u64)(u32)cur_ts.tv_sec * MSEC_PER_SEC + cur_ts.tv_nsec / NSEC_PER_MSEC; return cur_ms - idle_ms; -- 1.8.3.1 ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH 17/20] datapath: fix the incorrect flow action alloc size
From: zhangliping Upstream commit: commit 67c8d22a73128ff910e2287567132530abcf5b71 Author: zhangliping Date: Sat Nov 25 22:02:12 2017 +0800 openvswitch: fix the incorrect flow action alloc size If we want to add a datapath flow, which has more than 500 vxlan outputs' action, we will get the following error reports: openvswitch: netlink: Flow action size 32832 bytes exceeds max openvswitch: netlink: Flow action size 32832 bytes exceeds max openvswitch: netlink: Actions may not be safe on all matching packets ... ... It seems that we can simply enlarge the MAX_ACTIONS_BUFSIZE to fix it, but this is not the root cause. For example, for a vxlan output action, we need about 60 bytes for the nlattr, but after it is converted to the flow action, it only occupies 24 bytes. This means that we can still support more than 1000 vxlan output actions for a single datapath flow under the the current 32k max limitation. So even if the nla_len(attr) is larger than MAX_ACTIONS_BUFSIZE, we shouldn't report EINVAL and keep it move on, as the judgement can be done by the reserve_sfa_size. Signed-off-by: zhangliping Acked-by: Pravin B Shelar Signed-off-by: David S. Miller Cc: zhangliping Signed-off-by: Greg Rose --- datapath/flow_netlink.c | 16 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/datapath/flow_netlink.c b/datapath/flow_netlink.c index 303337c..80c57bd 100644 --- a/datapath/flow_netlink.c +++ b/datapath/flow_netlink.c @@ -1909,14 +1909,11 @@ int ovs_nla_put_mask(const struct sw_flow *flow, struct sk_buff *skb) #define MAX_ACTIONS_BUFSIZE(32 * 1024) #endif -static struct sw_flow_actions *nla_alloc_flow_actions(int size, bool log) +static struct sw_flow_actions *nla_alloc_flow_actions(int size) { struct sw_flow_actions *sfa; - if (size > MAX_ACTIONS_BUFSIZE) { - OVS_NLERR(log, "Flow action size %u bytes exceeds max", size); - return ERR_PTR(-EINVAL); - } + WARN_ON_ONCE(size > MAX_ACTIONS_BUFSIZE); sfa = kmalloc(sizeof(*sfa) + size, GFP_KERNEL); if (!sfa) @@ -1989,12 +1986,15 @@ static struct nlattr *reserve_sfa_size(struct sw_flow_actions **sfa, new_acts_size = ksize(*sfa) * 2; if (new_acts_size > MAX_ACTIONS_BUFSIZE) { - if ((MAX_ACTIONS_BUFSIZE - next_offset) < req_size) + if ((MAX_ACTIONS_BUFSIZE - next_offset) < req_size) { + OVS_NLERR(log, "Flow action size exceeds max %u", + MAX_ACTIONS_BUFSIZE); return ERR_PTR(-EMSGSIZE); + } new_acts_size = MAX_ACTIONS_BUFSIZE; } - acts = nla_alloc_flow_actions(new_acts_size, log); + acts = nla_alloc_flow_actions(new_acts_size); if (IS_ERR(acts)) return (void *)acts; @@ -2673,7 +2673,7 @@ int ovs_nla_copy_actions(struct net *net, const struct nlattr *attr, { int err; - *sfa = nla_alloc_flow_actions(nla_len(attr), log); + *sfa = nla_alloc_flow_actions(min(nla_len(attr), MAX_ACTIONS_BUFSIZE)); if (IS_ERR(*sfa)) return PTR_ERR(*sfa); -- 1.8.3.1 ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH 16/20] datapath: fix data type in queue_gso_packets
From: "Gustavo A. R. Silva" Upstream commit: commit 2734166e89639c973c6e125ac8bcfc2d9db72b70 Author: Gustavo A. R. Silva Date: Sat Nov 25 13:14:40 2017 -0600 net: openvswitch: datapath: fix data type in queue_gso_packets gso_type is being used in binary AND operations together with SKB_GSO_UDP. The issue is that variable gso_type is of type unsigned short and SKB_GSO_UDP expands to more than 16 bits: SKB_GSO_UDP = 1 << 16 this makes any binary AND operation between gso_type and SKB_GSO_UDP to be always zero, hence making some code unreachable and likely causing undesired behavior. Fix this by changing the data type of variable gso_type to unsigned int. Addresses-Coverity-ID: 1462223 Fixes: 0c19f846d582 ("net: accept UFO datagrams from tuntap and packet") Signed-off-by: Gustavo A. R. Silva Acked-by: Willem de Bruijn Signed-off-by: David S. Miller While backporting this I found another couple of instances of the same issue so I fixed them up as well. Cc: Gustavo A. R. Silva Signed-off-by: Greg Rose --- datapath/datapath.c | 2 +- datapath/linux/compat/stt.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/datapath/datapath.c b/datapath/datapath.c index 07b6c71..e90177c 100644 --- a/datapath/datapath.c +++ b/datapath/datapath.c @@ -313,7 +313,7 @@ static int queue_gso_packets(struct datapath *dp, struct sk_buff *skb, uint32_t cutlen) { #ifdef HAVE_SKB_GSO_UDP - unsigned short gso_type = skb_shinfo(skb)->gso_type; + unsigned int gso_type = skb_shinfo(skb)->gso_type; struct sw_flow_key later_key; #endif struct sk_buff *segs, *nskb; diff --git a/datapath/linux/compat/stt.c b/datapath/linux/compat/stt.c index 66a97f2..2189476 100644 --- a/datapath/linux/compat/stt.c +++ b/datapath/linux/compat/stt.c @@ -1315,7 +1315,7 @@ static bool validate_checksum(struct sk_buff *skb) static bool set_offloads(struct sk_buff *skb) { struct stthdr *stth = stt_hdr(skb); - unsigned short gso_type = 0; + unsigned int gso_type = 0; int l3_header_size; int l4_header_size; u16 csum_offset; -- 1.8.3.1 ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH 15/20] datapath: meter: fix NULL pointer dereference in ovs_meter_cmd_reply_start
From: "Gustavo A. R. Silva" Upstream commit: commit b74912a2fdae9aadd20da502644aa8848c861954 Author: Gustavo A. R. Silva Date: Tue Nov 14 14:26:16 2017 -0600 openvswitch: meter: fix NULL pointer dereference in ovs_meter_cmd_reply_star It seems that the intention of the code is to null check the value returned by function genlmsg_put. But the current code is null checking the address of the pointer that holds the value returned by genlmsg_put. Fix this by properly null checking the value returned by function genlmsg_put in order to avoid a pontential null pointer dereference. Addresses-Coverity-ID: 1461561 ("Dereference before null check") Addresses-Coverity-ID: 1461562 ("Dereference null return value") Fixes: 96fbc13d7e77 ("openvswitch: Add meter infrastructure") Signed-off-by: Gustavo A. R. Silva Signed-off-by: David S. Miller Cc: Gustavo A. R. Silva Signed-off-by: Greg Rose --- datapath/meter.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/datapath/meter.c b/datapath/meter.c index 7b9391d..d36870b 100644 --- a/datapath/meter.c +++ b/datapath/meter.c @@ -99,7 +99,7 @@ ovs_meter_cmd_reply_start(struct genl_info *info, u8 cmd, *ovs_reply_header = genlmsg_put(skb, info->snd_portid, info->snd_seq, &dp_meter_genl_family, 0, cmd); - if (!ovs_reply_header) { + if (!*ovs_reply_header) { nlmsg_free(skb); return ERR_PTR(-EMSGSIZE); } -- 1.8.3.1 ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH 14/20] datapath: Using kfree_rcu() to simplify the code
From: Wei Yongjun Upstream commit: commit 6dc14dc40a1d1dafd8491c349b5f3e15aabc4edb Author: Wei Yongjun Date: Tue Nov 14 06:27:12 2017 + openvswitch: Using kfree_rcu() to simplify the code The callback function of call_rcu() just calls a kfree(), so we can use kfree_rcu() instead of call_rcu() + callback function. Signed-off-by: Wei Yongjun Acked-by: Pravin B Shelar Signed-off-by: David S. Miller Cc: Wei Yongjun Signed-off-by: Greg Rose --- datapath/meter.c | 9 + 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/datapath/meter.c b/datapath/meter.c index bc940ae..7b9391d 100644 --- a/datapath/meter.c +++ b/datapath/meter.c @@ -42,19 +42,12 @@ static const struct nla_policy band_policy[OVS_BAND_ATTR_MAX + 1] = { [OVS_BAND_ATTR_STATS] = { .len = sizeof(struct ovs_flow_stats) }, }; -static void rcu_free_ovs_meter_callback(struct rcu_head *rcu) -{ - struct dp_meter *meter = container_of(rcu, struct dp_meter, rcu); - - kfree(meter); -} - static void ovs_meter_free(struct dp_meter *meter) { if (!meter) return; - call_rcu(&meter->rcu, rcu_free_ovs_meter_callback); + kfree_rcu(meter, rcu); } static struct hlist_head *meter_hash_bucket(const struct datapath *dp, -- 1.8.3.1 ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH 13/20] datapath: Fix return value check in ovs_meter_cmd_features()
From: Wei Yongjun Upstream commit: commit 8a860c2bcc84a8e4fbcabb928cd97e4c51b17d93 Author: Wei Yongjun Date: Tue Nov 14 06:20:16 2017 + openvswitch: Fix return value check in ovs_meter_cmd_features() In case of error, the function ovs_meter_cmd_reply_start() returns ERR_PTR() not NULL. The NULL test in the return value check should be replaced with IS_ERR(). Fixes: 96fbc13d7e77 ("openvswitch: Add meter infrastructure") Signed-off-by: Wei Yongjun Acked-by: Pravin B Shelar Signed-off-by: David S. Miller Cc: Wei Yongjun Signed-off-by: Greg Rose --- datapath/meter.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/datapath/meter.c b/datapath/meter.c index 1ab965d..bc940ae 100644 --- a/datapath/meter.c +++ b/datapath/meter.c @@ -166,7 +166,7 @@ static int ovs_meter_cmd_features(struct sk_buff *skb, struct genl_info *info) reply = ovs_meter_cmd_reply_start(info, OVS_METER_CMD_FEATURES, &ovs_reply_header); - if (!reply) + if (IS_ERR(reply)) return PTR_ERR(reply); if (nla_put_u32(reply, OVS_METER_ATTR_MAX_METERS, U32_MAX) || -- 1.8.3.1 ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH 12/20] datapath: Add meter infrastructure
From: Andy Zhou Upstream commit: commit 96fbc13d7e770b542d2d1fcf700d0baadc6e8063 Author: Andy Zhou Date: Fri Nov 10 12:09:42 2017 -0800 openvswitch: Add meter infrastructure OVS kernel datapath so far does not support Openflow meter action. This is the first stab at adding kernel datapath meter support. This implementation supports only drop band type. Signed-off-by: Andy Zhou Signed-off-by: David S. Miller Added a compat layer fixup for nla_parse. Added another compat fixup for ktime_get_ns. Cc: Andy Zhou Signed-off-by: Greg Rose --- acinclude.m4| 3 + datapath/Modules.mk | 6 +- datapath/datapath.c | 14 +- datapath/datapath.h | 3 + datapath/linux/compat/include/net/netlink.h | 9 + datapath/meter.c| 614 datapath/meter.h| 54 +++ 7 files changed, 699 insertions(+), 4 deletions(-) create mode 100644 datapath/meter.c create mode 100644 datapath/meter.h diff --git a/acinclude.m4 b/acinclude.m4 index 1f0b592..bc1ec72 100644 --- a/acinclude.m4 +++ b/acinclude.m4 @@ -804,6 +804,9 @@ AC_DEFUN([OVS_CHECK_LINUX_COMPAT], [ OVS_GREP_IFELSE([$KSRC/include/net/net_namespace.h], [EXPORT_SYMBOL_GPL(peernet2id_alloc)], [OVS_DEFINE([HAVE_PEERNET2ID_ALLOC])]) + OVS_GREP_IFELSE([$KSRC/include/linux/timekeeping.h], + [ktime_get_ns], + [OVS_DEFINE([HAVE_KTIME_GET_NS])]) if cmp -s datapath/linux/kcompat.h.new \ datapath/linux/kcompat.h >/dev/null 2>&1; then diff --git a/datapath/Modules.mk b/datapath/Modules.mk index 21f04a0..a9e2880 100644 --- a/datapath/Modules.mk +++ b/datapath/Modules.mk @@ -26,7 +26,8 @@ openvswitch_sources = \ flow_table.c \ vport.c \ vport-internal_dev.c \ - vport-netdev.c + vport-netdev.c \ + meter.c vport_geneve_sources = vport-geneve.c vport_vxlan_sources = vport-vxlan.c @@ -43,7 +44,8 @@ openvswitch_headers = \ flow_table.h \ vport.h \ vport-internal_dev.h \ - vport-netdev.h + vport-netdev.h \ + meter.h dist_sources = $(foreach module,$(dist_modules),$($(module)_sources)) dist_headers = $(foreach module,$(dist_modules),$($(module)_headers)) diff --git a/datapath/datapath.c b/datapath/datapath.c index 13b055a..07b6c71 100644 --- a/datapath/datapath.c +++ b/datapath/datapath.c @@ -57,6 +57,7 @@ #include "flow.h" #include "flow_table.h" #include "flow_netlink.h" +#include "meter.h" #include "gso.h" #include "vport-internal_dev.h" #include "vport-netdev.h" @@ -177,6 +178,7 @@ static void destroy_dp_rcu(struct rcu_head *rcu) ovs_flow_tbl_destroy(&dp->table); free_percpu(dp->stats_percpu); kfree(dp->ports); + ovs_meters_exit(dp); kfree(dp); } @@ -1601,6 +1603,10 @@ static int ovs_dp_cmd_new(struct sk_buff *skb, struct genl_info *info) for (i = 0; i < DP_VPORT_HASH_BUCKETS; i++) INIT_HLIST_HEAD(&dp->ports[i]); + err = ovs_meters_init(dp); + if (err) + goto err_destroy_ports_array; + /* Set up our datapath device. */ parms.name = nla_data(a[OVS_DP_ATTR_NAME]); parms.type = OVS_VPORT_TYPE_INTERNAL; @@ -1629,7 +1635,7 @@ static int ovs_dp_cmd_new(struct sk_buff *skb, struct genl_info *info) ovs_dp_reset_user_features(skb, info); } - goto err_destroy_ports_array; + goto err_destroy_meters; } err = ovs_dp_cmd_fill_info(dp, reply, info->snd_portid, @@ -1644,8 +1650,10 @@ static int ovs_dp_cmd_new(struct sk_buff *skb, struct genl_info *info) ovs_notify(&dp_datapath_genl_family, &ovs_dp_datapath_multicast_group, reply, info); return 0; -err_destroy_ports_array: +err_destroy_meters: ovs_unlock(); + ovs_meters_exit(dp); +err_destroy_ports_array: kfree(dp->ports); err_destroy_percpu: free_percpu(dp->stats_percpu); @@ -2295,6 +2303,7 @@ static struct genl_family *dp_genl_families[] = { &dp_vport_genl_family, &dp_flow_genl_family, &dp_packet_genl_family, + &dp_meter_genl_family, }; static void dp_unregister_genl(int n_families) @@ -2488,3 +2497,4 @@ MODULE_ALIAS_GENL_FAMILY(OVS_DATAPATH_FAMILY); MODULE_ALIAS_GENL_FAMILY(OVS_VPORT_FAMILY); MODULE_ALIAS_GENL_FAMILY(OVS_FLOW_FAMILY); MODULE_ALIAS_GENL_FAMILY(OVS_PACKET_FAMILY); +MODULE_ALIAS_GENL_FAMILY(OVS_METER_FAMILY); diff --git a/datapath/datapath.h b/datapath/datapath.h index 7481d6d..93c9ed5 100644 --- a/datapath/datapath.h +++ b/datapath/datapath.h @@ -93,6 +93,9 @@ struct datapath { u32 user_features; u32 max_headroom; + + /* Switch meters. */ + struct hlist_head *meters; }; /** diff --git a/d
[ovs-dev] [PATCH 11/20] datapath: Add meter netlink definitions
From: Andy Zhou Upstream commit: commit 5794040647de4011598a6d005fdad95d24fd385b Author: Andy Zhou Date: Fri Nov 10 12:09:40 2017 -0800 openvswitch: Add meter netlink definitions Meter has its own netlink family. Define netlink messages and attributes for communicating with the user space programs. Signed-off-by: Andy Zhou Signed-off-by: David S. Miller Cc: Andy Zhou Signed-off-by: Greg Rose --- datapath/linux/compat/include/linux/openvswitch.h | 51 +++ 1 file changed, 51 insertions(+) diff --git a/datapath/linux/compat/include/linux/openvswitch.h b/datapath/linux/compat/include/linux/openvswitch.h index 6081a29..164f57d 100644 --- a/datapath/linux/compat/include/linux/openvswitch.h +++ b/datapath/linux/compat/include/linux/openvswitch.h @@ -945,4 +945,55 @@ enum ovs_action_attr { #define OVS_ACTION_ATTR_MAX (__OVS_ACTION_ATTR_MAX - 1) +/* Meters. */ +#define OVS_METER_FAMILY "ovs_meter" +#define OVS_METER_MCGROUP "ovs_meter" +#define OVS_METER_VERSION 0x1 + +enum ovs_meter_cmd { + OVS_METER_CMD_UNSPEC, + OVS_METER_CMD_FEATURES, /* Get features supported by the datapath. */ + OVS_METER_CMD_SET, /* Add or modify a meter. */ + OVS_METER_CMD_DEL, /* Delete a meter. */ + OVS_METER_CMD_GET /* Get meter stats. */ +}; + +enum ovs_meter_attr { + OVS_METER_ATTR_UNSPEC, + OVS_METER_ATTR_ID, /* u32 meter ID within datapath. */ + OVS_METER_ATTR_KBPS,/* No argument. If set, units in kilobits +* per second. Otherwise, units in +* packets per second. +*/ + OVS_METER_ATTR_STATS, /* struct ovs_flow_stats for the meter. */ + OVS_METER_ATTR_BANDS, /* Nested attributes for meter bands. */ + OVS_METER_ATTR_USED,/* u64 msecs last used in monotonic time. */ + OVS_METER_ATTR_CLEAR, /* Flag to clear stats, used. */ + OVS_METER_ATTR_MAX_METERS, /* u32 number of meters supported. */ + OVS_METER_ATTR_MAX_BANDS, /* u32 max number of bands per meter. */ + OVS_METER_ATTR_PAD, + __OVS_METER_ATTR_MAX +}; + +#define OVS_METER_ATTR_MAX (__OVS_METER_ATTR_MAX - 1) + +enum ovs_band_attr { + OVS_BAND_ATTR_UNSPEC, + OVS_BAND_ATTR_TYPE, /* u32 OVS_METER_BAND_TYPE_* constant. */ + OVS_BAND_ATTR_RATE, /* u32 band rate in meter units (see above). */ + OVS_BAND_ATTR_BURST,/* u32 burst size in meter units. */ + OVS_BAND_ATTR_STATS,/* struct ovs_flow_stats for the band. */ + __OVS_BAND_ATTR_MAX +}; + +#define OVS_BAND_ATTR_MAX (__OVS_BAND_ATTR_MAX - 1) + +enum ovs_meter_band_type { + OVS_METER_BAND_TYPE_UNSPEC, + OVS_METER_BAND_TYPE_DROP, /* Drop exceeding packets. */ + __OVS_METER_BAND_TYPE_MAX +}; + +#define OVS_METER_BAND_TYPE_MAX (__OVS_METER_BAND_TYPE_MAX - 1) + #endif /* _LINUX_OPENVSWITCH_H */ -- 1.8.3.1 ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH 09/20] datapath: reliable interface indentification in port dumps
From: Jiri Benc Upstream commit: commit 9354d452034273a50a4fd703bea31e5d6b1fc20b Author: Jiri Benc Date: Thu Nov 2 17:04:37 2017 -0200 openvswitch: reliable interface indentification in port dumps This patch allows reliable identification of netdevice interfaces connected to openvswitch bridges. In particular, user space queries the netdev interfaces belonging to the ports for statistics, up/down state, etc. Datapath dump needs to provide enough information for the user space to be able to do that. Currently, only interface names are returned. This is not sufficient, as openvswitch allows its ports to be in different name spaces and the interface name is valid only in its name space. What is needed and generally used in other netlink APIs, is the pair ifindex+netnsid. The solution is addition of the ifindex+netnsid pair (or only ifindex if in the same name space) to vport get/dump operation. On request side, ideally the ifindex+netnsid pair could be used to get/set/del the corresponding vport. This is not implemented by this patch and can be added later if needed. Signed-off-by: Jiri Benc Signed-off-by: David S. Miller Added compat fixup for peernet2id. Cc: Jiri Benc Signed-off-by: Greg Rose --- acinclude.m4 | 3 ++ datapath/datapath.c | 49 +-- datapath/datapath.h | 4 +- datapath/dp_notify.c | 3 +- datapath/linux/compat/include/linux/openvswitch.h | 2 + 5 files changed, 45 insertions(+), 16 deletions(-) diff --git a/acinclude.m4 b/acinclude.m4 index a838a46..1f0b592 100644 --- a/acinclude.m4 +++ b/acinclude.m4 @@ -801,6 +801,9 @@ AC_DEFUN([OVS_CHECK_LINUX_COMPAT], [ OVS_GREP_IFELSE([$KSRC/include/linux/compiler_types.h], [__LINUX_COMPILER_TYPES_H], [OVS_DEFINE([HAVE_LINUX_COMPILER_TYPES_H])]) + OVS_GREP_IFELSE([$KSRC/include/net/net_namespace.h], + [EXPORT_SYMBOL_GPL(peernet2id_alloc)], + [OVS_DEFINE([HAVE_PEERNET2ID_ALLOC])]) if cmp -s datapath/linux/kcompat.h.new \ datapath/linux/kcompat.h >/dev/null 2>&1; then diff --git a/datapath/datapath.c b/datapath/datapath.c index 38a453b..ebe5d20 100644 --- a/datapath/datapath.c +++ b/datapath/datapath.c @@ -1876,7 +1876,8 @@ static struct genl_family dp_datapath_genl_family __ro_after_init = { /* Called with ovs_mutex or RCU read lock. */ static int ovs_vport_cmd_fill_info(struct vport *vport, struct sk_buff *skb, - u32 portid, u32 seq, u32 flags, u8 cmd) + struct net *net, u32 portid, u32 seq, + u32 flags, u8 cmd) { struct ovs_header *ovs_header; struct ovs_vport_stats vport_stats; @@ -1892,9 +1893,19 @@ static int ovs_vport_cmd_fill_info(struct vport *vport, struct sk_buff *skb, if (nla_put_u32(skb, OVS_VPORT_ATTR_PORT_NO, vport->port_no) || nla_put_u32(skb, OVS_VPORT_ATTR_TYPE, vport->ops->type) || nla_put_string(skb, OVS_VPORT_ATTR_NAME, - ovs_vport_name(vport))) + ovs_vport_name(vport)) || + nla_put_u32(skb, OVS_VPORT_ATTR_IFINDEX, vport->dev->ifindex)) goto nla_put_failure; +#ifdef HAVE_PEERNET2ID_ALLOC + if (!net_eq(net, dev_net(vport->dev))) { + int id = peernet2id_alloc(net, dev_net(vport->dev)); + + if (nla_put_s32(skb, OVS_VPORT_ATTR_NETNSID, id)) + goto nla_put_failure; + } + +#endif ovs_vport_get_stats(vport, &vport_stats); if (nla_put_64bit(skb, OVS_VPORT_ATTR_STATS, sizeof(struct ovs_vport_stats), &vport_stats, @@ -1924,8 +1935,8 @@ static struct sk_buff *ovs_vport_cmd_alloc_info(void) } /* Called with ovs_mutex, only via ovs_dp_notify_wq(). */ -struct sk_buff *ovs_vport_cmd_build_info(struct vport *vport, u32 portid, -u32 seq, u8 cmd) +struct sk_buff *ovs_vport_cmd_build_info(struct vport *vport, struct net *net, +u32 portid, u32 seq, u8 cmd) { struct sk_buff *skb; int retval; @@ -1934,7 +1945,7 @@ struct sk_buff *ovs_vport_cmd_build_info(struct vport *vport, u32 portid, if (!skb) return ERR_PTR(-ENOMEM); - retval = ovs_vport_cmd_fill_info(vport, skb, portid, seq, 0, cmd); + retval = ovs_vport_cmd_fill_info(vport, skb, net, portid, seq, 0, cmd); BUG_ON(retval < 0); return skb; @@ -1948,6 +1959,8 @@ static struct vport *lookup_vport(struct net *net, struct datapath *dp; struct vport *vport; + if (a[OVS_VPORT_ATTR_IFINDEX]) + return ERR_PTR(-EOPNOTSUPP); if (a[OVS_VPORT_ATTR_NAM
[ovs-dev] [PATCH 10/20] datapath: export get_dp() API
From: Andy Zhou Upstream commit: commit 9602c01e57f7b868d748c2ba2aef0efa64b71ffc Author: Andy Zhou Date: Fri Nov 10 12:09:41 2017 -0800 openvswitch: export get_dp() API. Later patches will invoke get_dp() outside of datapath.c. Export it. Signed-off-by: Andy Zhou Signed-off-by: David S. Miller Cc: Andy Zhou Signed-off-by: Greg Rose --- datapath/datapath.c | 29 - datapath/datapath.h | 31 +++ 2 files changed, 31 insertions(+), 29 deletions(-) diff --git a/datapath/datapath.c b/datapath/datapath.c index ebe5d20..13b055a 100644 --- a/datapath/datapath.c +++ b/datapath/datapath.c @@ -145,35 +145,6 @@ static int queue_userspace_packet(struct datapath *dp, struct sk_buff *, const struct dp_upcall_info *, uint32_t cutlen); -/* Must be called with rcu_read_lock. */ -static struct datapath *get_dp_rcu(struct net *net, int dp_ifindex) -{ - struct net_device *dev = dev_get_by_index_rcu(net, dp_ifindex); - - if (dev) { - struct vport *vport = ovs_internal_dev_get_vport(dev); - if (vport) - return vport->dp; - } - - return NULL; -} - -/* The caller must hold either ovs_mutex or rcu_read_lock to keep the - * returned dp pointer valid. - */ -static inline struct datapath *get_dp(struct net *net, int dp_ifindex) -{ - struct datapath *dp; - - WARN_ON_ONCE(!rcu_read_lock_held() && !lockdep_ovsl_is_held()); - rcu_read_lock(); - dp = get_dp_rcu(net, dp_ifindex); - rcu_read_unlock(); - - return dp; -} - /* Must be called with rcu_read_lock or ovs_mutex. */ const char *ovs_dp_name(const struct datapath *dp) { diff --git a/datapath/datapath.h b/datapath/datapath.h index 1c73fb4..7481d6d 100644 --- a/datapath/datapath.h +++ b/datapath/datapath.h @@ -31,6 +31,7 @@ #include "compat.h" #include "flow.h" #include "flow_table.h" +#include "vport-internal_dev.h" #define DP_MAX_PORTS USHRT_MAX #define DP_VPORT_HASH_BUCKETS 1024 @@ -197,6 +198,36 @@ static inline struct vport *ovs_vport_ovsl(const struct datapath *dp, int port_n return ovs_lookup_vport(dp, port_no); } +/* Must be called with rcu_read_lock. */ +static inline struct datapath *get_dp_rcu(struct net *net, int dp_ifindex) +{ + struct net_device *dev = dev_get_by_index_rcu(net, dp_ifindex); + + if (dev) { + struct vport *vport = ovs_internal_dev_get_vport(dev); + + if (vport) + return vport->dp; + } + + return NULL; +} + +/* The caller must hold either ovs_mutex or rcu_read_lock to keep the + * returned dp pointer valid. + */ +static inline struct datapath *get_dp(struct net *net, int dp_ifindex) +{ + struct datapath *dp; + + WARN_ON_ONCE(!rcu_read_lock_held() && !lockdep_ovsl_is_held()); + rcu_read_lock(); + dp = get_dp_rcu(net, dp_ifindex); + rcu_read_unlock(); + + return dp; +} + extern struct notifier_block ovs_dp_device_notifier; extern struct genl_family dp_vport_genl_family; extern struct genl_multicast_group ovs_dp_vport_multicast_group; -- 1.8.3.1 ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH 08/20] datapath: Fix an error handling path in 'ovs_nla_init_match_and_action()
From: Christophe JAILLET Upstream commit: commit 5829e62ac17a40ab08c1b905565604a4b5fa7af6 Author: Christophe JAILLET Date: Mon Sep 11 21:56:20 2017 +0200 openvswitch: Fix an error handling path in 'ovs_nla_init_match_and_action()' All other error handling paths in this function go through the 'error' label. This one should do the same. Fixes: 9cc9a5cb176c ("datapath: Avoid using stack larger than 1024.") Signed-off-by: Christophe JAILLET Acked-by: Pravin B Shelar Signed-off-by: David S. Miller Cc: Christophe JAILLET Fixes: 850c2a4d1a ("datapath: Avoid using stack larger than 1024.") Signed-off-by: Greg Rose --- datapath/datapath.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/datapath/datapath.c b/datapath/datapath.c index a3fdd8f..38a453b 100644 --- a/datapath/datapath.c +++ b/datapath/datapath.c @@ -1139,7 +1139,8 @@ static int ovs_nla_init_match_and_action(struct net *net, if (!a[OVS_FLOW_ATTR_KEY]) { OVS_NLERR(log, "Flow key attribute not present in set flow."); - return -EINVAL; + error = -EINVAL; + goto error; } *acts = get_flow_actions(net, a[OVS_FLOW_ATTR_ACTIONS], key, -- 1.8.3.1 ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH 07/20] compat: Fix compiler headers
Since Linux kernel upstream commit d15155824c50 ("linux/compiler.h: Split into compiler.h and compiler_types.h") this error check for the gcc compiler header is no longer valid. Remove so that openvswitch builds for linux kernels 4.14.8 and since. Signed-off-by: Greg Rose --- acinclude.m4 | 3 +++ datapath/linux/compat/include/linux/compiler-gcc.h | 2 ++ 2 files changed, 5 insertions(+) diff --git a/acinclude.m4 b/acinclude.m4 index d0f9d82..a838a46 100644 --- a/acinclude.m4 +++ b/acinclude.m4 @@ -798,6 +798,9 @@ AC_DEFUN([OVS_CHECK_LINUX_COMPAT], [ OVS_FIND_PARAM_IFELSE([$KSRC/include/linux/netdevice.h], [netdev_master_upper_dev_link], [extack], [OVS_DEFINE([HAVE_UPPER_DEV_LINK_EXTACK])]) + OVS_GREP_IFELSE([$KSRC/include/linux/compiler_types.h], + [__LINUX_COMPILER_TYPES_H], + [OVS_DEFINE([HAVE_LINUX_COMPILER_TYPES_H])]) if cmp -s datapath/linux/kcompat.h.new \ datapath/linux/kcompat.h >/dev/null 2>&1; then diff --git a/datapath/linux/compat/include/linux/compiler-gcc.h b/datapath/linux/compat/include/linux/compiler-gcc.h index bf057f7..bfcd531 100644 --- a/datapath/linux/compat/include/linux/compiler-gcc.h +++ b/datapath/linux/compat/include/linux/compiler-gcc.h @@ -1,6 +1,8 @@ #ifndef __LINUX_COMPILER_H +#ifndef HAVE_LINUX_COMPILER_TYPES_H #error "Please don't include directly, include instead." #endif +#endif #include_next -- 1.8.3.1 ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH 06/20] travis: Update kernel test list from kernel.org
Signed-off-by: Greg Rose --- .travis.yml | 17 - 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/.travis.yml b/.travis.yml index 48acc8e..88bdda2 100644 --- a/.travis.yml +++ b/.travis.yml @@ -26,17 +26,16 @@ sudo: false env: - OPTS="--disable-ssl" - - TESTSUITE=1 KERNEL=3.16.47 + - TESTSUITE=1 KERNEL=3.16.53 - TESTSUITE=1 OPTS="--enable-shared" - BUILD_ENV="-m32" OPTS="--disable-ssl" - - KERNEL=3.16.47 DPDK=1 - - KERNEL=3.16.47 DPDK=1 OPTS="--enable-shared" - - KERNEL=4.13 - - KERNEL=4.12.11 - - KERNEL=4.9.48 - - KERNEL=4.4.87 - - KERNEL=4.1.43 - - KERNEL=3.10.107 + - KERNEL=3.16.53 DPDK=1 + - KERNEL=3.16.53 DPDK=1 OPTS="--enable-shared" + - KERNEL=4.14.15 + - KERNEL=4.9.78 + - KERNEL=4.4.113 + - KERNEL=4.1.49 + - KERNEL=3.10.108 - TESTSUITE=1 LIBS=-ljemalloc matrix: -- 1.8.3.1 ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH 05/20] acinclude.m4: Enable Linux 4.14
Signed-off-by: Greg Rose --- acinclude.m4 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/acinclude.m4 b/acinclude.m4 index 768c20c..d0f9d82 100644 --- a/acinclude.m4 +++ b/acinclude.m4 @@ -151,10 +151,10 @@ AC_DEFUN([OVS_CHECK_LINUX], [ AC_MSG_RESULT([$kversion]) if test "$version" -ge 4; then - if test "$version" = 4 && test "$patchlevel" -le 13; then + if test "$version" = 4 && test "$patchlevel" -le 14; then : # Linux 4.x else - AC_ERROR([Linux kernel in $KBUILD is version $kversion, but version newer than 4.13.x is not supported (please refer to the FAQ for advice)]) + AC_ERROR([Linux kernel in $KBUILD is version $kversion, but version newer than 4.14.x is not supported (please refer to the FAQ for advice)]) fi elif test "$version" = 3 && test "$patchlevel" -ge 10; then : # Linux 3.x -- 1.8.3.1 ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH 04/20] datapath: Fix SKB_GSO_UDP usage
Using SKB_GSO_UDP breaks the compilation on Linux 4.14. Check for the HAVE_SKB_GSO_UDP compiler #define. Signed-off-by: Greg Rose --- datapath/datapath.c | 9 ++--- datapath/linux/compat/stt.c | 11 ++- 2 files changed, 16 insertions(+), 4 deletions(-) diff --git a/datapath/datapath.c b/datapath/datapath.c index 1780819..a3fdd8f 100644 --- a/datapath/datapath.c +++ b/datapath/datapath.c @@ -339,8 +339,10 @@ static int queue_gso_packets(struct datapath *dp, struct sk_buff *skb, const struct dp_upcall_info *upcall_info, uint32_t cutlen) { +#ifdef HAVE_SKB_GSO_UDP unsigned short gso_type = skb_shinfo(skb)->gso_type; struct sw_flow_key later_key; +#endif struct sk_buff *segs, *nskb; struct ovs_skb_cb ovs_cb; int err; @@ -352,7 +354,7 @@ static int queue_gso_packets(struct datapath *dp, struct sk_buff *skb, return PTR_ERR(segs); if (segs == NULL) return -EINVAL; - +#ifdef HAVE_SKB_GSO_UDP if (gso_type & SKB_GSO_UDP) { /* The initial flow key extracted by ovs_flow_key_extract() * in this case is for a first fragment, so we need to @@ -361,14 +363,15 @@ static int queue_gso_packets(struct datapath *dp, struct sk_buff *skb, later_key = *key; later_key.ip.frag = OVS_FRAG_TYPE_LATER; } - +#endif /* Queue all of the segments. */ skb = segs; do { *OVS_CB(skb) = ovs_cb; +#ifdef HAVE_SKB_GSO_UDP if (gso_type & SKB_GSO_UDP && skb != segs) key = &later_key; - +#endif err = queue_userspace_packet(dp, skb, key, upcall_info, cutlen); if (err) break; diff --git a/datapath/linux/compat/stt.c b/datapath/linux/compat/stt.c index 37d5f4b..66a97f2 100644 --- a/datapath/linux/compat/stt.c +++ b/datapath/linux/compat/stt.c @@ -81,8 +81,13 @@ struct stt_dev { #define STT_PROTO_TCP BIT(3) #define STT_PROTO_TYPES(STT_PROTO_IPV4 | STT_PROTO_TCP) +#ifdef HAVE_SKB_GSO_UDP #define SUPPORTED_GSO_TYPES (SKB_GSO_TCPV4 | SKB_GSO_UDP | SKB_GSO_DODGY | \ SKB_GSO_TCPV6) +#else +#define SUPPORTED_GSO_TYPES (SKB_GSO_TCPV4 | SKB_GSO_DODGY | \ +SKB_GSO_TCPV6) +#endif /* The length and offset of a fragment are encoded in the sequence number. * STT_SEQ_LEN_SHIFT is the left shift needed to store the length. @@ -1310,7 +1315,7 @@ static bool validate_checksum(struct sk_buff *skb) static bool set_offloads(struct sk_buff *skb) { struct stthdr *stth = stt_hdr(skb); - unsigned short gso_type; + unsigned short gso_type = 0; int l3_header_size; int l4_header_size; u16 csum_offset; @@ -1351,7 +1356,9 @@ static bool set_offloads(struct sk_buff *skb) case STT_PROTO_IPV4: /* UDP/IPv4 */ csum_offset = offsetof(struct udphdr, check); +#ifdef HAVE_SKB_GSO_UDP gso_type = SKB_GSO_UDP; +#endif l3_header_size = sizeof(struct iphdr); l4_header_size = sizeof(struct udphdr); skb->protocol = htons(ETH_P_IP); @@ -1359,7 +1366,9 @@ static bool set_offloads(struct sk_buff *skb) default: /* UDP/IPv6 */ csum_offset = offsetof(struct udphdr, check); +#ifdef HAVE_SKB_GSO_UDP gso_type = SKB_GSO_UDP; +#endif l3_header_size = sizeof(struct ipv6hdr); l4_header_size = sizeof(struct udphdr); skb->protocol = htons(ETH_P_IPV6); -- 1.8.3.1 ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH 03/20] datapath: conntrack: make protocol tracker pointers const
From: Florian Westphal Upstream commit: commit b3480fe059ac9121b5714205b4ddae14b59ef4be Author: Florian Westphal Date: Sat Aug 12 00:57:08 2017 +0200 netfilter: conntrack: make protocol tracker pointers const Doesn't change generated code, but will make it easier to eventually make the actual trackers themselvers const. Signed-off-by: Florian Westphal Signed-off-by: Pablo Neira Ayuso Signed-off-by: Greg Rose --- datapath/conntrack.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/datapath/conntrack.c b/datapath/conntrack.c index 3f79433..a75ae3c 100644 --- a/datapath/conntrack.c +++ b/datapath/conntrack.c @@ -613,8 +613,8 @@ static struct nf_conn * ovs_ct_find_existing(struct net *net, const struct nf_conntrack_zone *zone, u8 l3num, struct sk_buff *skb, bool natted) { - struct nf_conntrack_l3proto *l3proto; - struct nf_conntrack_l4proto *l4proto; + const struct nf_conntrack_l3proto *l3proto; + const struct nf_conntrack_l4proto *l4proto; struct nf_conntrack_tuple tuple; struct nf_conntrack_tuple_hash *h; struct nf_conn *ct; -- 1.8.3.1 ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH 02/20] compat: Do not include headers when not compiling
If the entire file is not going to be compiled because OVS is using upstream tunnel support then also don't bother pulling in the headers. Signed-off-by: Greg Rose --- datapath/linux/compat/ip_gre.c| 2 +- datapath/linux/compat/ip_output.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/datapath/linux/compat/ip_gre.c b/datapath/linux/compat/ip_gre.c index 94fdaa9..4e32591 100644 --- a/datapath/linux/compat/ip_gre.c +++ b/datapath/linux/compat/ip_gre.c @@ -12,6 +12,7 @@ #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt +#ifndef USE_UPSTREAM_TUNNEL #include #include #include @@ -52,7 +53,6 @@ #include #include -#ifndef USE_UPSTREAM_TUNNEL #if IS_ENABLED(CONFIG_IPV6) #include #include diff --git a/datapath/linux/compat/ip_output.c b/datapath/linux/compat/ip_output.c index edca340..e2f869f 100644 --- a/datapath/linux/compat/ip_output.c +++ b/datapath/linux/compat/ip_output.c @@ -45,6 +45,7 @@ * Hirokazu Takahashi: sendfile() on UDP works now. */ +#ifndef HAVE_CORRECT_MRU_HANDLING #include #include #include @@ -82,7 +83,6 @@ #include #include -#ifndef HAVE_CORRECT_MRU_HANDLING static inline void rpl_ip_options_fragment(struct sk_buff *skb) { unsigned char *optptr = skb_network_header(skb) + sizeof(struct iphdr); -- 1.8.3.1 ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH 01/20] datapath: Fix netdev_master_upper_dev_link for 4.14
An extended netlink ack has been added for 4.14 - add compat layer changes so that it compiles for all kernels up to and including 4.14. Signed-off-by: Greg Rose --- acinclude.m4| 3 +++ datapath/linux/compat/include/linux/netdevice.h | 15 ++- datapath/vport-netdev.c | 9 - 3 files changed, 25 insertions(+), 2 deletions(-) diff --git a/acinclude.m4 b/acinclude.m4 index c04c2c6..768c20c 100644 --- a/acinclude.m4 +++ b/acinclude.m4 @@ -795,6 +795,9 @@ AC_DEFUN([OVS_CHECK_LINUX_COMPAT], [ [OVS_DEFINE([HAVE_LIST_IN_NF_HOOK_OPS])]) OVS_GREP_IFELSE([$KSRC/include/uapi/linux/netfilter/nf_conntrack_common.h], [IP_CT_UNTRACKED]) + OVS_FIND_PARAM_IFELSE([$KSRC/include/linux/netdevice.h], +[netdev_master_upper_dev_link], [extack], +[OVS_DEFINE([HAVE_UPPER_DEV_LINK_EXTACK])]) if cmp -s datapath/linux/kcompat.h.new \ datapath/linux/kcompat.h >/dev/null 2>&1; then diff --git a/datapath/linux/compat/include/linux/netdevice.h b/datapath/linux/compat/include/linux/netdevice.h index 3c3cf42..c460332 100644 --- a/datapath/linux/compat/include/linux/netdevice.h +++ b/datapath/linux/compat/include/linux/netdevice.h @@ -101,13 +101,26 @@ static inline bool netif_needs_gso(struct sk_buff *skb, #ifndef HAVE_NETDEV_MASTER_UPPER_DEV_LINK_RH static inline int rpl_netdev_master_upper_dev_link(struct net_device *dev, struct net_device *upper_dev, - void *upper_priv, void *upper_info) + void *upper_priv, + void *upper_info, void *extack) { return netdev_master_upper_dev_link(dev, upper_dev); } #define netdev_master_upper_dev_link rpl_netdev_master_upper_dev_link #endif +#else +#ifndef HAVE_UPPER_DEV_LINK_EXTACK +static inline int rpl_netdev_master_upper_dev_link(struct net_device *dev, + struct net_device *upper_dev, + void *upper_priv, + void *upper_info, void *extack) +{ + return netdev_master_upper_dev_link(dev, upper_dev, upper_priv, + upper_info); +} +#define netdev_master_upper_dev_link rpl_netdev_master_upper_dev_link +#endif #endif #if LINUX_VERSION_CODE < KERNEL_VERSION(3,16,0) diff --git a/datapath/vport-netdev.c b/datapath/vport-netdev.c index 697c442..e2d8eaf 100644 --- a/datapath/vport-netdev.c +++ b/datapath/vport-netdev.c @@ -112,8 +112,15 @@ struct vport *ovs_netdev_link(struct vport *vport, const char *name) } rtnl_lock(); +#ifdef HAVE_NETDEV_MASTER_UPPER_DEV_LINK_RH err = netdev_master_upper_dev_link(vport->dev, - get_dpdev(vport->dp), NULL, NULL); + get_dpdev(vport->dp), + NULL, NULL); +#else + err = netdev_master_upper_dev_link(vport->dev, + get_dpdev(vport->dp), + NULL, NULL, NULL); +#endif if (err) goto error_unlock; -- 1.8.3.1 ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH 00/20] Update and backport of upstream Linux
Allow OVS to compile and build on Linux 4.14.x kernels. Added necessary compatability layer changes to the respective patches as required for our OOT build environment. Note that NSH and ERSPAN patches are not in this series. We are working with the authors of those patches to get them backported. This series of patches was originally sent as two separate sets however the dependencies and compatability layer requirements made it more convenient to combine the two sets. Andy Zhou (3): datapath: export get_dp() API datapath: Add meter netlink definitions datapath: Add meter infrastructure Arnd Bergmann (1): datapath: use ktime_get_ts64() instead of ktime_get_ts() Christophe JAILLET (1): datapath: Fix an error handling path in 'ovs_nla_init_match_and_action() Florian Westphal (1): datapath: conntrack: make protocol tracker pointers const Greg Rose (8): datapath: Fix netdev_master_upper_dev_link for 4.14 compat: Do not include headers when not compiling datapath: Fix SKB_GSO_UDP usage acinclude.m4: Enable Linux 4.14 travis: Update kernel test list from kernel.org compat: Fix compiler headers compat:inet_frag.h: Check for frag_percpu_counter_batch Documentation: Update NEWS and faq Gustavo A. R. Silva (2): datapath: meter: fix NULL pointer dereference in ovs_meter_cmd_reply_start datapath: fix data type in queue_gso_packets Jiri Benc (1): datapath: reliable interface indentification in port dumps Wei Yongjun (2): datapath: Fix return value check in ovs_meter_cmd_features() datapath: Using kfree_rcu() to simplify the code zhangliping (1): datapath: fix the incorrect flow action alloc size .travis.yml| 17 +- Documentation/faq/releases.rst | 1 + NEWS | 2 + acinclude.m4 | 16 +- datapath/Modules.mk| 6 +- datapath/conntrack.c | 4 +- datapath/datapath.c| 106 ++-- datapath/datapath.h| 38 +- datapath/dp_notify.c | 3 +- datapath/flow.c| 11 +- datapath/flow_netlink.c| 16 +- datapath/linux/compat/include/linux/compiler-gcc.h | 2 + datapath/linux/compat/include/linux/netdevice.h| 15 +- datapath/linux/compat/include/linux/openvswitch.h | 53 ++ datapath/linux/compat/include/net/inet_frag.h | 14 + datapath/linux/compat/include/net/netlink.h| 9 + datapath/linux/compat/ip_gre.c | 2 +- datapath/linux/compat/ip_output.c | 2 +- datapath/linux/compat/stt.c| 11 +- datapath/meter.c | 607 + datapath/meter.h | 54 ++ datapath/vport-netdev.c| 9 +- 22 files changed, 915 insertions(+), 83 deletions(-) create mode 100644 datapath/meter.c create mode 100644 datapath/meter.h -- 1.8.3.1 ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH 09/15] ovsdb-server: Add support for a built-in _Server database.
> On Dec 31, 2017, at 9:16 PM, Ben Pfaff wrote: > > @@ -5,6 +7,7 @@ > /ovsdb-idlc > /ovsdb-server > /ovsdb-server.1 > +/ovsdb-server.5 Do you need to add the new man page to the distributions? debian/openvswitch-switch.manpages rhel/openvswitch-fedora.spec.in rhel/openvswitch.spec.in xenserver/openvswitch-xen.spec.in Also, I think you may want to add a reference to "Documentation/ref/index.rst". > +# _Server schema documentation > +EXTRA_DIST += ovsdb/_server.xml > +CLEANFILES += ovsdb/ovsdb-server.5 > +man_MANS += ovsdb/ovsdb-server.5 > +ovsdb/ovsdb-server.5: \ > + ovsdb/ovsdb-doc ovsdb/_server.xml ovsdb/_server.ovsschema \ > + $(VSWITCH_PIC) Did you intend to include VSWITCH_PIC? > @@ -328,6 +333,7 @@ main(int argc, char *argv[]) > ovs_fatal(0, "%s", error); > } > } > +add_server_db(&server_config); I don't think there's anything that frees 'server_config'. Not a huge deal since it would be on shutdown, but it's always nice to have a clean valgrind run. > +/* Add the internal _Server database to the server configuration. */ > +static void > +add_server_db(struct server_config *config) > +{ > +struct json *schema_json = json_from_string( > +#include "ovsdb/_server.ovsschema.inc" > +); > +ovs_assert(schema_json->type == JSON_OBJECT); > + > +struct ovsdb_schema *schema; > +struct ovsdb_error *error OVS_UNUSED = > ovsdb_schema_from_json(schema_json, > + &schema); > +ovs_assert(!error); > +json_destroy(schema_json); > + > +struct db *db = xzalloc(sizeof *db); > +db->filename = xstrdup(""); > +db->db = ovsdb_create(schema); > +add_db(config, db->db->schema->name, db); > +} Probably not a huge deal, since there's a single instance that runs as long as the process, but I don't think there's anything that free the memory allocated from this internal database. > +/* Updates the Database table in the _Server database. */ > +static void > +update_server_status(struct shash *all_dbs) > +{ > +struct db *server_db = shash_find_data(all_dbs, "_Server"); > +struct ovsdb_table *database_table = shash_find_data( > +&server_db->db->tables, "Database"); > +struct ovsdb_txn *txn = ovsdb_txn_create(server_db->db); > + > +/* Update rows for databases that still exist. > + * Delete rows for databases that no longer exist. */ > +const struct ovsdb_row *row, *next_row; > +HMAP_FOR_EACH_SAFE (row, next_row, hmap_node, &database_table->rows) { > +const char *name; > +ovsdb_util_read_string_column(row, "name", &name); > +struct db *db = shash_find_data(all_dbs, name); > +if (!db || !db->db) { > +ovsdb_txn_row_delete(txn, row); > +} else { > +update_database_status(ovsdb_txn_row_modify(txn, row), db); > } > } > + > +/* Add rows for new databases. > + * > + * This is O(n**2) but usually there are only 2 or 3 databases. */ > +struct shash_node *node; > +SHASH_FOR_EACH (node, all_dbs) { > +struct db *db = node->data; > + > +if (!db->db) { > +continue; > +} > + > +HMAP_FOR_EACH (row, hmap_node, &database_table->rows) { > +const char *name; > +ovsdb_util_read_string_column(row, "name", &name); > +if (!strcmp(name, node->name)) { > +goto next; > +} > +} > + > +/* Add row. */ > +struct ovsdb_row *row = ovsdb_row_create(database_table); > +uuid_generate(ovsdb_row_get_uuid_rw(row)); > +update_database_status(row, db); > +ovsdb_txn_row_insert(txn, row); > + > +next:; > +} > + > +commit_txn(txn, "_Server"); > } I see a memory leak when I run unit tests (e.g., "testing database multiplexing implementation") under valgrind: ==123484== 6 bytes in 6 blocks are definitely lost in loss record 4 of 115 ==123484==at 0x4C2DB8F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd6 4-linux.so) ==123484==by 0x437084: xmalloc (util.c:120) ==123484==by 0x4370B3: xmemdup (util.c:142) ==123484==by 0x4257BE: ovsdb_atom_init_default (ovsdb-data.c:77) ==123484==by 0x42580D: alloc_default_atoms (ovsdb-data.c:317) ==123484==by 0x425F48: ovsdb_datum_init_default (ovsdb-data.c:913) ==123484==by 0x412C12: ovsdb_row_create (row.c:56) ==123484==by 0x4051F7: update_server_status (ovsdb-server.c:1030) ==123484==by 0x4051F7: main_loop (ovsdb-server.c:226) ==123484==by 0x4051F7: main (ovsdb-server.c:438) > diff --git a/ovsdb/ovsdb-util.c b/ovsdb/ovsdb-util.c > index 5ee5e4ddaf8d..06d25af49a18 100644 > --- a/ovsdb/ovsdb-util.c > +++ b/ovsdb/ovsdb-util.c > @@ -22,6 +22,38 @@ > > VLOG_DEFINE_THIS_MODULE(ovsdb_util); > > +static void > +ovsdb_util_clear_column(struct ovsdb_row *row, const char *column_name) > +{ > ... > +if (column->type.n
[ovs-dev] Top Gun de Ventas
Top Gun de Ventas Febrero 12 - webinar Interactivo Objetivo: El participante conocerá una poderosa metodología para incrementar su capacidad y talento para ser un vendedor de alto rendimiento. COMPETENCIAS A DESARROLLAR: Automotivación | Espíritu Comercial | Atención al Cliente 1. Vendedor de alto rendimiento. 2. ¿Cómo hacer una fuerza de alto rendimiento? 3. Autorrespeto, automotivación, ambición y agresividad. 4. Relaciones Públicas. 5. Cercanía con el cliente. 6. Cómo vender más. 7. Metodología Top Gun Temario e Inscripciones: Respondiendo por este medio "TOP"+TELÉFONO + NOMBRE o marcando al: 045 + 5515546630 ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] deleting chassis doesn't delete the lport and lflows from northd
Thanks Han: Sorry for the typo. I thought devs would catch that. So to summarize, I was concerned about two issues: 1. killing the compute/HV gracefully should have deleted the chassis from southbound db along with the bindings which did not happen 2. It is ok to leave the ports acting as orphan in northbound db if chassis are deleted from southbound since we take it as expected. So 2 is clear as we consider that as expected. However, for 1 do we need to get a fix/code changes or am I missing something here because as per source code it should have deleted? Please advise for the inputs further. On Tue, Jan 30, 2018 at 2:45 PM, Han Zhou wrote: > Hi Ali, > > Thanks for the details. Please see my comments inlined. > > On Mon, Jan 29, 2018 at 7:12 PM, Ali Gin wrote: > > > > Hi team/Ben: > > > > Want to get inputs about compute de-comm use case. So when deleting the > chassis from southd after gracefully killing the compute, doesn't delete > the ports binded to the northd lswitch. > > > I think you had a typo here: s/southd/south-bound DB, s/northd/north-bound > DB. > > > > > Below is the detail of a sandbox from recent scale test env. > > root@fake-host:~/sandbox-192.168.83.8# ls > > br0.mgmt db.sock ovn-uuid > ovs-vswitchd.13976.ctl > > br0.snoop ovn-controller.14063.ctl ovsdb-server.13959.ctl > ovs-vswitchd.log > > br-int.mgmt ovn-controller.logovsdb-server.log > ovs-vswitchd.pid > > br-int.snoop ovn-controller.pidovsdb-server.pid > ovs-vswitchd.sh > > conf.db ovn-controller.sh ovsdb-server.sh > sandbox.rc > > root@fake-host:~/sandbox-192.168.83.8# ps aux | grep 14063 > > root 14063 1.9 0.0 114904 88456 ?Ss 00:23 21:53 > ovn-controller --detach --no-chdir --pidfile -vconsole:off -vsyslog:off > -vfile:info --log-file > > root 1 0.0 0.0 14224 972 pts/0S+ 19:30 0:00 grep > --color=auto 14063 > > root@fake-host:~/sandbox-192.168.83.8# kill 14063 > > > > root@fake-host~/sandbox-192.168.83.8# ps aux | grep 13976 > > root 13976 1.2 0.8 2480864 2325768 ? Ssl 00:23 13:49 > ovs-vswitchd --detach --no-chdir --pidfile -vconsole:off -vsyslog:off > -vfile:info --log-file --enable-dummy=override > > root 44688 0.0 0.0 14224 1008 pts/0S+ 19:30 0:00 grep > --color=auto 13976 > > > > root@fake-host:~/sandbox-192.168.83.8# kill 13959 > > root@fake-host:~/sandbox-192.168.83.8# ovs-vsctl show > > ovs-vsctl: unix:/root/sandbox-192.168.83.8/db.sock: database connection > failed (No such file or directory) > > > > southdb details: > > Chassis "7aa3f562-4b8c-4b63-b22a-d7da7fcdedcb" > > hostname: "fake234" > > Encap geneve > > ip: "192.168.83.8/16" > > options: {csum="true"} > > Port_Binding "lport_5ead7e_UCUe2A" > > Port_Binding "lport_5ead7e_LaD1jw" > > Port_Binding "lport_5ead7e_XcVUdA" > > Port_Binding "lport_5ead7e_wPkica" > > Port_Binding "lport_5ead7e_Ms539W" > > Port_Binding "lport_5ead7e_UGdRuk" > > Port_Binding "lport_5ead7e_8jHLXB" > > Port_Binding "lport_5ead7e_IKRwFf" > > Port_Binding "lport_5ead7e_U2eXES" > > Port_Binding "lport_5ead7e_UIVysQ" > > > > ovn-sbctl chassis-del 7aa3f562-4b8c-4b63-b22a-d7da7fcdedcb > > > > ovn-nbctl show 5cf94839-d4b6-424c-9081-20739e48eb53 > > port lport_5ead7e_UCUe2A > > addresses: ["5e:7f:47:62:6b:d0 172.145.74.24"] > > > > ovn-sbctl lflow-list | grep 5e:7f:47:62:6b:d0 > > table=0 (ls_in_port_sec_l2 ), priority=50 , match=(inport == > "lport_5ead7e_UCUe2A" && eth.src == {5e:7f:47:62:6b:d0}), action=(next;) > > table=2 (ls_in_port_sec_nd ), priority=90 , match=(inport == > "lport_5ead7e_UCUe2A" && eth.src == 5e:7f:47:62:6b:d0 && arp.sha == > 5e:7f:47:62:6b:d0), action=(next;) > > table=2 (ls_in_port_sec_nd ), priority=90 , match=(inport == > "lport_5ead7e_UCUe2A" && eth.src == 5e:7f:47:62:6b:d0 && ip6 && nd && > ((nd.sll == 00:00:00:00:00:00 || nd.sll == 5e:7f:47:62:6b:d0) || ((nd.tll > == 00:00:00:00:00:00 || nd.tll == 5e:7f:47:62:6b:d0, action=(next;) > > table=15(ls_in_l2_lkup ), priority=50 , match=(eth.dst == > 5e:7f:47:62:6b:d0), action=(outport = "lport_5ead7e_UCUe2A"; output;) > > table=8 (ls_out_port_sec_l2 ), priority=50 , match=(outport == > "lport_5ead7e_UCUe2A" && eth.dst == {5e:7f:47:62:6b:d0}), action=(output;) > > > > So is it kept on purpose or should we make code changes to take care of > deleting the same from northd too since the lports are left orphan. > > > > After deleting chassis from SB, lports are expected to be kept in NB and > logical flows are expected to be kept in SB, since port-binding and logical > port operations are independent. > > However, I would expect we don't have to manually delete the chassis from > SB if it is gracefully shutdown. Maybe it was not graceful for some reason. > ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listin
Re: [ovs-dev] [patch v4 03/10] Userspace datapath: Add fragmentation handling.
I added the following incremental to this patch: diff --git a/lib/ipf.c b/lib/ipf.c index 11f8f18..6eb283e 100644 --- a/lib/ipf.c +++ b/lib/ipf.c @@ -463,7 +463,7 @@ ipf_reassemble_v6_frags(struct ipf_list *ipf_list) add_len = frag_list[i].end_data_byte - frag_list[i].start_data_byte + 1; pl += add_len; -if (pl > IPV4_PACKET_MAX_SIZE) { +if (pl > IPV6_PACKET_MAX_DATA) { dp_packet_delete(pkt); return NULL; } @@ -908,9 +908,10 @@ ipf_send_frags_in_list(struct ipf_list *ipf_list, struct dp_packet_batch *pb, enum ipf_list_type list_type, bool v4) OVS_REQUIRES(ipf_lock) { +struct dp_packet *pkt; while (ipf_list->last_sent_idx < ipf_list->last_inuse_idx) { -if (ipf_dp_packet_batch_add(pb, -ipf_list->frag_list[ipf_list->last_sent_idx + 1].pkt)) { +pkt = ipf_list->frag_list[ipf_list->last_sent_idx + 1].pkt; +if (ipf_dp_packet_batch_add(pb, pkt)) { ipf_list->last_sent_idx++; atomic_count_dec(&nfrag); @@ -919,6 +920,7 @@ ipf_send_frags_in_list(struct ipf_list *ipf_list, struct dp_packet_batch *pb, ipf_count(v4, IPF_COUNTER_NFRAGS_COMPL_SENT); } else { ipf_count(v4, IPF_COUNTER_NFRAGS_EXPD_SENT); +pkt->md.ct_state = CS_INVALID; } if (ipf_list->last_sent_idx == ipf_list->last_inuse_idx) { I'll send a new version later, after some soak time. Thanks Darrell On Tue, Jan 30, 2018 at 12:58 AM, Darrell Ball wrote: > Fragmentation handling is added for supporting conntrack. > Fragmentation handling is disabled by default and enabled > via a user commands implemented in a subsequent patch. > Both v4 and v6 are supported. > > Signed-off-by: Darrell Ball > --- > include/sparse/netinet/ip6.h |1 + > lib/automake.mk |2 + > lib/ipf.c| 1179 ++ > > lib/ipf.h| 61 +++ > 4 files changed, 1243 insertions(+) > create mode 100644 lib/ipf.c > create mode 100644 lib/ipf.h > > diff --git a/include/sparse/netinet/ip6.h b/include/sparse/netinet/ip6.h > index d2a54de..bfa637a 100644 > --- a/include/sparse/netinet/ip6.h > +++ b/include/sparse/netinet/ip6.h > @@ -64,5 +64,6 @@ struct ip6_frag { > }; > > #define IP6F_OFF_MASK ((OVS_FORCE ovs_be16) 0xfff8) > +#define IP6F_MORE_FRAG ((OVS_FORCE ovs_be16) 0x0001) > > #endif /* netinet/ip6.h sparse */ > diff --git a/lib/automake.mk b/lib/automake.mk > index 159319f..6ca6a1e 100644 > --- a/lib/automake.mk > +++ b/lib/automake.mk > @@ -107,6 +107,8 @@ lib_libopenvswitch_la_SOURCES = \ > lib/hmapx.h \ > lib/id-pool.c \ > lib/id-pool.h \ > + lib/ipf.c \ > + lib/ipf.h \ > lib/jhash.c \ > lib/jhash.h \ > lib/json.c \ > diff --git a/lib/ipf.c b/lib/ipf.c > new file mode 100644 > index 000..74c4b32 > --- /dev/null > +++ b/lib/ipf.c > @@ -0,0 +1,1179 @@ > +/* > + * Copyright (c) 2018 Nicira, Inc. > + * > + * Licensed under the Apache License, Version 2.0 (the "License"); > + * you may not use this file except in compliance with the License. > + * You may obtain a copy of the License at: > + * > + * http://www.apache.org/licenses/LICENSE-2.0 > + * > + * Unless required by applicable law or agreed to in writing, software > + * distributed under the License is distributed on an "AS IS" BASIS, > + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or > implied. > + * See the License for the specific language governing permissions and > + * limitations under the License. > + */ > + > +#include > +#include > +#include > +#include > +#include > +#include > +#include > +#include > + > +#include "csum.h" > +#include "ipf.h" > +#include "openvswitch/hmap.h" > +#include "openvswitch/vlog.h" > +#include "ovs-atomic.h" > +#include "packets.h" > +#include "util.h" > + > +VLOG_DEFINE_THIS_MODULE(ipf); > + > +enum { > +IPV4_PACKET_MAX_HDR_SIZE = 60, > +IPV4_PACKET_MAX_SIZE = 65535, > +IPV6_PACKET_MAX_DATA = 65535, > +}; > + > +enum ipf_list_state { > +IPF_LIST_STATE_UNUSED, > +IPF_LIST_STATE_REASS_FAIL, > +IPF_LIST_STATE_OTHER_SEEN, > +IPF_LIST_STATE_FIRST_SEEN, > +IPF_LIST_STATE_LAST_SEEN, > +IPF_LIST_STATE_FIRST_LAST_SEEN, > +IPF_LIST_STATE_COMPLETED, > +}; > + > +enum ipf_list_type { > +IPF_FRAG_COMPLETED_LIST, > +IPF_FRAG_EXPIRY_LIST, > +}; > + > +enum { > +IPF_INVALID_IDX = -1, > +IPF_V4_FRAG_SIZE_LBOUND = 400, > +IPF_V4_FRAG_SIZE_MIN_DEF = 1200, > +IPF_V6_FRAG_SIZE_LBOUND = 1280, > +IPF_V6_FRAG_SIZE_MIN_DEF = 1280, > +IPF_MAX_FRAGS_DEFAULT = 1000, > +IPF_NFRAG_UBOUND = 5000, > +}; > + > +enum ipf_counter_type { > +IPF_COUNTER_NFRAGS, > +IPF_COUNTER_NFRAGS_ACCEPTED, > +IPF_COUNTER_NFRAGS_COMPL_SENT, > +IPF_COUNTER_NFRAGS_EXPD_SENT, > +
Re: [ovs-dev] deleting chassis doesn't delete the lport and lflows from northd
Hi Ali, Thanks for the details. Please see my comments inlined. On Mon, Jan 29, 2018 at 7:12 PM, Ali Gin wrote: > > Hi team/Ben: > > Want to get inputs about compute de-comm use case. So when deleting the chassis from southd after gracefully killing the compute, doesn't delete the ports binded to the northd lswitch. > I think you had a typo here: s/southd/south-bound DB, s/northd/north-bound DB. > > Below is the detail of a sandbox from recent scale test env. > root@fake-host:~/sandbox-192.168.83.8# ls > br0.mgmt db.sock ovn-uuid ovs-vswitchd.13976.ctl > br0.snoop ovn-controller.14063.ctl ovsdb-server.13959.ctl ovs-vswitchd.log > br-int.mgmt ovn-controller.logovsdb-server.log ovs-vswitchd.pid > br-int.snoop ovn-controller.pidovsdb-server.pid ovs-vswitchd.sh > conf.db ovn-controller.sh ovsdb-server.sh sandbox.rc > root@fake-host:~/sandbox-192.168.83.8# ps aux | grep 14063 > root 14063 1.9 0.0 114904 88456 ?Ss 00:23 21:53 ovn-controller --detach --no-chdir --pidfile -vconsole:off -vsyslog:off -vfile:info --log-file > root 1 0.0 0.0 14224 972 pts/0S+ 19:30 0:00 grep --color=auto 14063 > root@fake-host:~/sandbox-192.168.83.8# kill 14063 > > root@fake-host~/sandbox-192.168.83.8# ps aux | grep 13976 > root 13976 1.2 0.8 2480864 2325768 ? Ssl 00:23 13:49 ovs-vswitchd --detach --no-chdir --pidfile -vconsole:off -vsyslog:off -vfile:info --log-file --enable-dummy=override > root 44688 0.0 0.0 14224 1008 pts/0S+ 19:30 0:00 grep --color=auto 13976 > > root@fake-host:~/sandbox-192.168.83.8# kill 13959 > root@fake-host:~/sandbox-192.168.83.8# ovs-vsctl show > ovs-vsctl: unix:/root/sandbox-192.168.83.8/db.sock: database connection failed (No such file or directory) > > southdb details: > Chassis "7aa3f562-4b8c-4b63-b22a-d7da7fcdedcb" > hostname: "fake234" > Encap geneve > ip: "192.168.83.8/16" > options: {csum="true"} > Port_Binding "lport_5ead7e_UCUe2A" > Port_Binding "lport_5ead7e_LaD1jw" > Port_Binding "lport_5ead7e_XcVUdA" > Port_Binding "lport_5ead7e_wPkica" > Port_Binding "lport_5ead7e_Ms539W" > Port_Binding "lport_5ead7e_UGdRuk" > Port_Binding "lport_5ead7e_8jHLXB" > Port_Binding "lport_5ead7e_IKRwFf" > Port_Binding "lport_5ead7e_U2eXES" > Port_Binding "lport_5ead7e_UIVysQ" > > ovn-sbctl chassis-del 7aa3f562-4b8c-4b63-b22a-d7da7fcdedcb > > ovn-nbctl show 5cf94839-d4b6-424c-9081-20739e48eb53 > port lport_5ead7e_UCUe2A > addresses: ["5e:7f:47:62:6b:d0 172.145.74.24"] > > ovn-sbctl lflow-list | grep 5e:7f:47:62:6b:d0 > table=0 (ls_in_port_sec_l2 ), priority=50 , match=(inport == "lport_5ead7e_UCUe2A" && eth.src == {5e:7f:47:62:6b:d0}), action=(next;) > table=2 (ls_in_port_sec_nd ), priority=90 , match=(inport == "lport_5ead7e_UCUe2A" && eth.src == 5e:7f:47:62:6b:d0 && arp.sha == 5e:7f:47:62:6b:d0), action=(next;) > table=2 (ls_in_port_sec_nd ), priority=90 , match=(inport == "lport_5ead7e_UCUe2A" && eth.src == 5e:7f:47:62:6b:d0 && ip6 && nd && ((nd.sll == 00:00:00:00:00:00 || nd.sll == 5e:7f:47:62:6b:d0) || ((nd.tll == 00:00:00:00:00:00 || nd.tll == 5e:7f:47:62:6b:d0, action=(next;) > table=15(ls_in_l2_lkup ), priority=50 , match=(eth.dst == 5e:7f:47:62:6b:d0), action=(outport = "lport_5ead7e_UCUe2A"; output;) > table=8 (ls_out_port_sec_l2 ), priority=50 , match=(outport == "lport_5ead7e_UCUe2A" && eth.dst == {5e:7f:47:62:6b:d0}), action=(output;) > > So is it kept on purpose or should we make code changes to take care of deleting the same from northd too since the lports are left orphan. > After deleting chassis from SB, lports are expected to be kept in NB and logical flows are expected to be kept in SB, since port-binding and logical port operations are independent. However, I would expect we don't have to manually delete the chassis from SB if it is gracefully shutdown. Maybe it was not graceful for some reason. ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH v2 2/3] ofp-util: New data structure for mapping between table names and numbers.
Looks good to me, thanks. Reviewed-by: Yifeng Sun On Fri, Jan 12, 2018 at 12:57 PM, Ben Pfaff wrote: > This shares the infrastructure for mapping port names and numbers. It will > be used in an upcoming commit. > > Signed-off-by: Ben Pfaff > --- > include/openvswitch/ofp-util.h | 33 +++-- > lib/ofp-util.c | 150 ++ > --- > 2 files changed, 138 insertions(+), 45 deletions(-) > > diff --git a/include/openvswitch/ofp-util.h b/include/openvswitch/ofp- > util.h > index 296078a2fe8b..d9780dd44582 100644 > --- a/include/openvswitch/ofp-util.h > +++ b/include/openvswitch/ofp-util.h > @@ -43,15 +43,24 @@ union ofp_action; > struct ofpact_set_field; > struct vl_mff_map; > > -/* Mapping between port numbers and names. */ > -struct ofputil_port_map { > +/* Name-number mapping. > + * > + * This is not exported directly but only through specializations for port > + * name-number and table name-number mappings. */ > +struct ofputil_name_map { > struct hmap by_name; > struct hmap by_number; > }; > - > -#define OFPUTIL_PORT_MAP_INITIALIZER(MAP) \ > +#define OFPUTIL_NAME_MAP_INITIALIZER(MAP) \ > { HMAP_INITIALIZER(&(MAP)->by_name), HMAP_INITIALIZER(&(MAP)->by_number) > } > > +/* Mapping between port numbers and names. */ > +struct ofputil_port_map { > +struct ofputil_name_map map; > +}; > +#define OFPUTIL_PORT_MAP_INITIALIZER(MAP) \ > +{ OFPUTIL_NAME_MAP_INITIALIZER(&(MAP)->map) } > + > void ofputil_port_map_init(struct ofputil_port_map *); > const char *ofputil_port_map_get_name(const struct ofputil_port_map *, >ofp_port_t); > @@ -791,6 +800,22 @@ struct ofputil_table_mod_prop_vacancy { > uint8_t vacancy; /* Current vacancy (%). */ > }; > > +/* Mapping between table numbers and names. */ > +struct ofputil_table_map { > +struct ofputil_name_map map; > +}; > +#define OFPUTIL_TABLE_MAP_INITIALIZER(MAP) \ > +{ OFPUTIL_NAME_MAP_INITIALIZER((MAP).map) } > + > +void ofputil_table_map_init(struct ofputil_table_map *); > +const char *ofputil_table_map_get_name(const struct ofputil_table_map *, > + uint8_t); > +uint8_t ofputil_table_map_get_number(const struct ofputil_table_map *, > + const char *name); > +void ofputil_table_map_put(struct ofputil_table_map *, > + uint8_t, const char *name); > +void ofputil_table_map_destroy(struct ofputil_table_map *); > + > /* Abstract ofp_table_mod. */ > struct ofputil_table_mod { > uint8_t table_id; /* ID of the table, 0xff indicates all > tables. */ > diff --git a/lib/ofp-util.c b/lib/ofp-util.c > index 597112e4f84e..f3b2e3f6108c 100644 > --- a/lib/ofp-util.c > +++ b/lib/ofp-util.c > @@ -7454,12 +7454,14 @@ ofputil_port_to_string(ofp_port_t port, > snprintf(namebuf, bufsize, "%"PRIu32, port); > } > > -/* ofputil_port_map. */ > -struct ofputil_port_map_node { > +/* ofputil_name_map. */ > + > +struct ofputil_name_map_node { > struct hmap_node name_node; > struct hmap_node number_node; > -ofp_port_t ofp_port;/* Port number. */ > -char *name; /* Port name. */ > + > +uint32_t number; > +char *name; > > /* OpenFlow doesn't require port names to be unique, although that's > the > * only sensible way. However, even in Open vSwitch it's possible > for two > @@ -7469,22 +7471,25 @@ struct ofputil_port_map_node { > * corner case. > * > * OpenFlow does require port numbers to be unique. We check for > duplicate > - * ports numbers just in case a switch has a bug. */ > + * ports numbers just in case a switch has a bug. > + * > + * OpenFlow doesn't require table names to be unique and Open vSwitch > + * doesn't try to make them unique. */ > bool duplicate; > }; > > -void > -ofputil_port_map_init(struct ofputil_port_map *map) > +static void > +ofputil_name_map_init(struct ofputil_name_map *map) > { > hmap_init(&map->by_name); > hmap_init(&map->by_number); > } > > -static struct ofputil_port_map_node * > -ofputil_port_map_find_by_name(const struct ofputil_port_map *map, > +static struct ofputil_name_map_node * > +ofputil_name_map_find_by_name(const struct ofputil_name_map *map, >const char *name) > { > -struct ofputil_port_map_node *node; > +struct ofputil_name_map_node *node; > > HMAP_FOR_EACH_WITH_HASH (node, name_node, hash_string(name, 0), > &map->by_name) { > @@ -7495,38 +7500,38 @@ ofputil_port_map_find_by_name(const struct > ofputil_port_map *map, > return NULL; > } > > -static struct ofputil_port_map_node * > -ofputil_port_map_find_by_number(const struct ofputil_port_map *map, > -ofp_port_t ofp_port) > +static struct ofputil_name_map_node * > +ofputil_name_map_find_by_number(const struct ofputil_n
Re: [ovs-dev] [PATCH v2 1/3] ofp-actions: Make formatting and parsing functions take a struct argument.
Looks good to me, thanks. Reviewed-by: Yifeng Sun On Fri, Jan 12, 2018 at 12:57 PM, Ben Pfaff wrote: > An upcoming commit will add another parameter for parsing and formatting > actions. It is much easier to add these parameters if they are > encapsulated in a struct, so this commit first makes that change. > > Signed-off-by: Ben Pfaff > --- > include/openvswitch/ofp-actions.h | 32 +- > lib/ofp-actions.c | 1137 +++--- > --- > lib/ofp-parse.c | 24 +- > lib/ofp-print.c | 40 +- > ofproto/ofproto-dpif-trace.c |8 +- > ofproto/ofproto-dpif-xlate.c | 12 +- > ofproto/ofproto.c |3 +- > ovn/controller/ofctrl.c |3 +- > ovn/utilities/ovn-sbctl.c |3 +- > tests/test-ovn.c |3 +- > utilities/ovs-ofctl.c | 19 +- > 11 files changed, 565 insertions(+), 719 deletions(-) > > diff --git a/include/openvswitch/ofp-actions.h b/include/openvswitch/ofp- > actions.h > index 4e957358f90a..454c705ccf73 100644 > --- a/include/openvswitch/ofp-actions.h > +++ b/include/openvswitch/ofp-actions.h > @@ -1064,18 +1064,32 @@ bool ofpacts_equal_stringwise(const struct ofpact > a[], size_t a_len, > const struct mf_field *ofpact_get_mf_dst(const struct ofpact *ofpact); > uint32_t ofpacts_get_meter(const struct ofpact[], size_t ofpacts_len); > > -/* Formatting and parsing ofpacts. */ > +/* Formatting ofpacts. */ > +struct ofpact_format_params { > +/* Input. */ > +const struct ofputil_port_map *port_map; > + > +/* Output. */ > +struct ds *s; > +}; > void ofpacts_format(const struct ofpact[], size_t ofpacts_len, > -const struct ofputil_port_map *, struct ds *); > -char *ofpacts_parse_actions(const char *, const struct ofputil_port_map *, > -struct ofpbuf *ofpacts, > -enum ofputil_protocol *usable_protocols) > +const struct ofpact_format_params *); > +const char *ofpact_name(enum ofpact_type); > + > +/* Parsing ofpacts. */ > +struct ofpact_parse_params { > +/* Input. */ > +const struct ofputil_port_map *port_map; > + > +/* Output. */ > +struct ofpbuf *ofpacts; > +enum ofputil_protocol *usable_protocols; > +}; > +char *ofpacts_parse_actions(const char *, const struct > ofpact_parse_params *) > OVS_WARN_UNUSED_RESULT; > -char *ofpacts_parse_instructions(const char *, const struct > ofputil_port_map *, > - struct ofpbuf *ofpacts, > - enum ofputil_protocol *usable_protocols) > +char *ofpacts_parse_instructions(const char *, > + const struct ofpact_parse_params *) > OVS_WARN_UNUSED_RESULT; > -const char *ofpact_name(enum ofpact_type); > > /* Internal use by the helpers below. */ > void ofpact_init(struct ofpact *, enum ofpact_type, size_t len); > diff --git a/lib/ofp-actions.c b/lib/ofp-actions.c > index db933634bf8b..93792ddfca4b 100644 > --- a/lib/ofp-actions.c > +++ b/lib/ofp-actions.c > @@ -417,8 +417,7 @@ static void *ofpact_put_raw(struct ofpbuf *, enum > ofp_version, > enum ofp_raw_action_type, uint64_t arg); > > static char *OVS_WARN_UNUSED_RESULT ofpacts_parse( > -char *str, const struct ofputil_port_map *, > -struct ofpbuf *ofpacts, enum ofputil_protocol *usable_protocols, > +char *str, const struct ofpact_parse_params *pp, > bool allow_instructions, enum ofpact_type outer_action); > static enum ofperr ofpacts_pull_openflow_actions__( > struct ofpbuf *openflow, unsigned int actions_len, > @@ -426,8 +425,7 @@ static enum ofperr ofpacts_pull_openflow_actions__( > struct ofpbuf *ofpacts, enum ofpact_type outer_action, > const struct vl_mff_map *vl_mff_map, uint64_t *ofpacts_tlv_bitmap); > static char * OVS_WARN_UNUSED_RESULT ofpacts_parse_copy( > -const char *s_, const struct ofputil_port_map *, struct ofpbuf > *ofpacts, > -enum ofputil_protocol *usable_protocols, > +const char *s_, const struct ofpact_parse_params *pp, > bool allow_instructions, enum ofpact_type outer_action); > > /* Returns the ofpact following 'ofpact', except that if 'ofpact' contains > @@ -607,16 +605,16 @@ encode_OUTPUT(const struct ofpact_output *output, > } > > static char * OVS_WARN_UNUSED_RESULT > -parse_truncate_subfield(struct ofpact_output_trunc *output_trunc, > -const char *arg_, > -const struct ofputil_port_map *port_map) > +parse_truncate_subfield(const char *arg_, > +const struct ofpact_parse_params *pp, > +struct ofpact_output_trunc *output_trunc) > { > char *key, *value; > char *arg = CONST_CAST(char *, arg_); > > while (ofputil_parse_key_value(&arg, &key, &value)) { > if (!strcmp(key, "port")) { > -if (!ofputil_
Re: [ovs-dev] [PATCH] classifier: Refactor interface for classifier_remove().
Thanks for the patch, which is better than the one I submitted. Tested-by: Yifeng Sun Reviewed-by: Yifeng Sun On Tue, Jan 30, 2018 at 1:00 PM, Ben Pfaff wrote: > Until now, classifier_remove() returned either null or the classifier rule > passed to it, which is an unusual interface. This commit changes it to > return true if it succeeds or false on failure. > > In addition, most of classifier_remove()'s callers know ahead of time that > it must succeed, even though most of them didn't bother with an assertion, > so this commit adds a classifier_remove_assert() function as a helper. > > Signed-off-by: Ben Pfaff > --- > lib/classifier.c| 25 + > lib/classifier.h| 4 ++-- > lib/ovs-router.c| 19 --- > lib/tnl-ports.c | 5 ++--- > ofproto/ofproto.c | 14 -- > tests/test-classifier.c | 19 +-- > tests/test-ovn.c| 2 +- > utilities/ovs-ofctl.c | 2 +- > 8 files changed, 44 insertions(+), 46 deletions(-) > > diff --git a/lib/classifier.c b/lib/classifier.c > index 16c451da1b30..9ad3710d61a1 100644 > --- a/lib/classifier.c > +++ b/lib/classifier.c > @@ -695,15 +695,16 @@ classifier_insert(struct classifier *cls, const > struct cls_rule *rule, > ovs_assert(!displaced_rule); > } > > -/* Removes 'rule' from 'cls'. It is the caller's responsibility to > destroy > - * 'rule' with cls_rule_destroy(), freeing the memory block in which > 'rule' > - * resides, etc., as necessary. > +/* If 'rule' is in 'cls', removes 'rule' from 'cls' and returns true. It > is > + * the caller's responsibility to destroy 'rule' with cls_rule_destroy(), > + * freeing the memory block in which 'rule' resides, etc., as necessary. > * > - * Does nothing if 'rule' has been already removed, or was never inserted. > + * If 'rule' is not in any classifier, returns false without making any > + * changes. > * > - * Returns the removed rule, or NULL, if it was already removed. > + * 'rule' must not be in some classifier other than 'cls'. > */ > -const struct cls_rule * > +bool > classifier_remove(struct classifier *cls, const struct cls_rule *cls_rule) > { > struct cls_match *rule, *prev, *next, *head; > @@ -716,7 +717,7 @@ classifier_remove(struct classifier *cls, const struct > cls_rule *cls_rule) > > rule = get_cls_match_protected(cls_rule); > if (!rule) { > -return NULL; > +return false; > } > /* Mark as removed. */ > ovsrcu_set(&CONST_CAST(struct cls_rule *, cls_rule)->cls_match, NULL); > @@ -820,7 +821,15 @@ check_priority: > ovsrcu_postpone(cls_match_free_cb, rule); > cls->n_rules--; > > -return cls_rule; > +return true; > +} > + > +void > +classifier_remove_assert(struct classifier *cls, > + const struct cls_rule *cls_rule) > +{ > +bool OVS_UNUSED removed = classifier_remove(cls, cls_rule); > +ovs_assert(removed); > } > > /* Prefix tree context. Valid when 'lookup_done' is true. Can skip all > diff --git a/lib/classifier.h b/lib/classifier.h > index 71c2e507d7c3..31d4a1b08bd2 100644 > --- a/lib/classifier.h > +++ b/lib/classifier.h > @@ -387,8 +387,8 @@ const struct cls_rule *classifier_replace(struct > classifier *, >ovs_version_t, >const struct cls_conjunction *, >size_t n_conjunctions); > -const struct cls_rule *classifier_remove(struct classifier *, > - const struct cls_rule *); > +bool classifier_remove(struct classifier *, const struct cls_rule *); > +void classifier_remove_assert(struct classifier *, const struct cls_rule > *); > static inline void classifier_defer(struct classifier *); > static inline void classifier_publish(struct classifier *); > > diff --git a/lib/ovs-router.c b/lib/ovs-router.c > index cd2ab15fb003..e6cc81fd0827 100644 > --- a/lib/ovs-router.c > +++ b/lib/ovs-router.c > @@ -245,19 +245,14 @@ ovs_router_insert(uint32_t mark, const struct > in6_addr *ip_dst, uint8_t plen, > ovs_router_insert__(mark, plen, ip_dst, plen, output_bridge, gw); > } > > -static bool > -__rt_entry_delete(const struct cls_rule *cr) > +static void > +rt_entry_delete__(const struct cls_rule *cr) > { > struct ovs_router_entry *p = ovs_router_entry_cast(cr); > > tnl_port_map_delete_ipdev(p->output_bridge); > -/* Remove it. */ > -cr = classifier_remove(&cls, cr); > -if (cr) { > -ovsrcu_postpone(rt_entry_free, ovs_router_entry_cast(cr)); > -return true; > -} > -return false; > +classifier_remove_assert(&cls, cr); > +ovsrcu_postpone(rt_entry_free, ovs_router_entry_cast(cr)); > } > > static bool > @@ -277,8 +272,10 @@ rt_entry_delete(uint32_t mark, uint8_t priority, > cr = classifier_find_rule_exactly(&cls, &rule, OVS_VERSION_MAX); > if (cr) { > ovs_mutex_lo
Re: [ovs-dev] [PATCH] classifier: Fix typo in comment.
Thanks, applied to master. On Tue, Jan 30, 2018 at 12:52:09PM -0800, Yifeng Sun wrote: > Thanks for the fix. > > Reviewed-by: Yifeng Sun > > On Tue, Jan 30, 2018 at 12:34 PM, Ben Pfaff wrote: > > > Signed-off-by: Ben Pfaff > > --- > > lib/classifier.h | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > diff --git a/lib/classifier.h b/lib/classifier.h > > index f0ea5a9cb8b2..71c2e507d7c3 100644 > > --- a/lib/classifier.h > > +++ b/lib/classifier.h > > @@ -284,7 +284,7 @@ > > * > > * The classifier may safely be accessed by many reader threads > > concurrently > > * and by a single writer, or by multiple writers when they guarantee > > mutually > > - * exlucive access to classifier modifications. > > + * exclusive access to classifier modifications. > > * > > * Since the classifier rules are RCU protected, the rule destruction > > after > > * removal from the classifier must be RCU postponed. Also, when > > versioning is > > -- > > 2.10.2 > > > > ___ > > dev mailing list > > d...@openvswitch.org > > https://mail.openvswitch.org/mailman/listinfo/ovs-dev > > ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH] classifier: Refactor interface for classifier_remove().
Until now, classifier_remove() returned either null or the classifier rule passed to it, which is an unusual interface. This commit changes it to return true if it succeeds or false on failure. In addition, most of classifier_remove()'s callers know ahead of time that it must succeed, even though most of them didn't bother with an assertion, so this commit adds a classifier_remove_assert() function as a helper. Signed-off-by: Ben Pfaff --- lib/classifier.c| 25 + lib/classifier.h| 4 ++-- lib/ovs-router.c| 19 --- lib/tnl-ports.c | 5 ++--- ofproto/ofproto.c | 14 -- tests/test-classifier.c | 19 +-- tests/test-ovn.c| 2 +- utilities/ovs-ofctl.c | 2 +- 8 files changed, 44 insertions(+), 46 deletions(-) diff --git a/lib/classifier.c b/lib/classifier.c index 16c451da1b30..9ad3710d61a1 100644 --- a/lib/classifier.c +++ b/lib/classifier.c @@ -695,15 +695,16 @@ classifier_insert(struct classifier *cls, const struct cls_rule *rule, ovs_assert(!displaced_rule); } -/* Removes 'rule' from 'cls'. It is the caller's responsibility to destroy - * 'rule' with cls_rule_destroy(), freeing the memory block in which 'rule' - * resides, etc., as necessary. +/* If 'rule' is in 'cls', removes 'rule' from 'cls' and returns true. It is + * the caller's responsibility to destroy 'rule' with cls_rule_destroy(), + * freeing the memory block in which 'rule' resides, etc., as necessary. * - * Does nothing if 'rule' has been already removed, or was never inserted. + * If 'rule' is not in any classifier, returns false without making any + * changes. * - * Returns the removed rule, or NULL, if it was already removed. + * 'rule' must not be in some classifier other than 'cls'. */ -const struct cls_rule * +bool classifier_remove(struct classifier *cls, const struct cls_rule *cls_rule) { struct cls_match *rule, *prev, *next, *head; @@ -716,7 +717,7 @@ classifier_remove(struct classifier *cls, const struct cls_rule *cls_rule) rule = get_cls_match_protected(cls_rule); if (!rule) { -return NULL; +return false; } /* Mark as removed. */ ovsrcu_set(&CONST_CAST(struct cls_rule *, cls_rule)->cls_match, NULL); @@ -820,7 +821,15 @@ check_priority: ovsrcu_postpone(cls_match_free_cb, rule); cls->n_rules--; -return cls_rule; +return true; +} + +void +classifier_remove_assert(struct classifier *cls, + const struct cls_rule *cls_rule) +{ +bool OVS_UNUSED removed = classifier_remove(cls, cls_rule); +ovs_assert(removed); } /* Prefix tree context. Valid when 'lookup_done' is true. Can skip all diff --git a/lib/classifier.h b/lib/classifier.h index 71c2e507d7c3..31d4a1b08bd2 100644 --- a/lib/classifier.h +++ b/lib/classifier.h @@ -387,8 +387,8 @@ const struct cls_rule *classifier_replace(struct classifier *, ovs_version_t, const struct cls_conjunction *, size_t n_conjunctions); -const struct cls_rule *classifier_remove(struct classifier *, - const struct cls_rule *); +bool classifier_remove(struct classifier *, const struct cls_rule *); +void classifier_remove_assert(struct classifier *, const struct cls_rule *); static inline void classifier_defer(struct classifier *); static inline void classifier_publish(struct classifier *); diff --git a/lib/ovs-router.c b/lib/ovs-router.c index cd2ab15fb003..e6cc81fd0827 100644 --- a/lib/ovs-router.c +++ b/lib/ovs-router.c @@ -245,19 +245,14 @@ ovs_router_insert(uint32_t mark, const struct in6_addr *ip_dst, uint8_t plen, ovs_router_insert__(mark, plen, ip_dst, plen, output_bridge, gw); } -static bool -__rt_entry_delete(const struct cls_rule *cr) +static void +rt_entry_delete__(const struct cls_rule *cr) { struct ovs_router_entry *p = ovs_router_entry_cast(cr); tnl_port_map_delete_ipdev(p->output_bridge); -/* Remove it. */ -cr = classifier_remove(&cls, cr); -if (cr) { -ovsrcu_postpone(rt_entry_free, ovs_router_entry_cast(cr)); -return true; -} -return false; +classifier_remove_assert(&cls, cr); +ovsrcu_postpone(rt_entry_free, ovs_router_entry_cast(cr)); } static bool @@ -277,8 +272,10 @@ rt_entry_delete(uint32_t mark, uint8_t priority, cr = classifier_find_rule_exactly(&cls, &rule, OVS_VERSION_MAX); if (cr) { ovs_mutex_lock(&mutex); -res = __rt_entry_delete(cr); +rt_entry_delete__(cr); ovs_mutex_unlock(&mutex); + +res = true; } cls_rule_destroy(&rule); @@ -476,7 +473,7 @@ ovs_router_flush(void) classifier_defer(&cls); CLS_FOR_EACH(rt, cr, &cls) { if (rt->priority == rt->plen) { -__rt_entry_delete(&rt->cr); +rt_entry_delete__(&r
[ovs-dev] [PATCH] classifier: refactor classifier_remove and introduce classifier_remove_assert
The return type of classifier_remove is changed to bool. Besides, classifier_remove_assert is introduced to assert that the classifier must contain the rule. This patch is based on Ben's advice. Signed-off-by: Yifeng Sun --- lib/classifier.c | 21 + lib/classifier.h | 6 -- lib/ovs-router.c | 15 +-- lib/tnl-ports.c | 5 ++--- ofproto/ofproto.c | 14 -- 5 files changed, 32 insertions(+), 29 deletions(-) diff --git a/lib/classifier.c b/lib/classifier.c index 16c451da1b30..4a4aacfd6208 100644 --- a/lib/classifier.c +++ b/lib/classifier.c @@ -701,9 +701,9 @@ classifier_insert(struct classifier *cls, const struct cls_rule *rule, * * Does nothing if 'rule' has been already removed, or was never inserted. * - * Returns the removed rule, or NULL, if it was already removed. + * Returns true on success, or false, if it was already removed. */ -const struct cls_rule * +bool classifier_remove(struct classifier *cls, const struct cls_rule *cls_rule) { struct cls_match *rule, *prev, *next, *head; @@ -716,7 +716,7 @@ classifier_remove(struct classifier *cls, const struct cls_rule *cls_rule) rule = get_cls_match_protected(cls_rule); if (!rule) { -return NULL; +return false; } /* Mark as removed. */ ovsrcu_set(&CONST_CAST(struct cls_rule *, cls_rule)->cls_match, NULL); @@ -820,7 +820,20 @@ check_priority: ovsrcu_postpone(cls_match_free_cb, rule); cls->n_rules--; -return cls_rule; +return true; +} + +/* Removes 'rule' from 'cls'. It is the caller's responsibility to destroy + * 'rule' with cls_rule_destroy(), freeing the memory block in which 'rule' + * resides, etc., as necessary. + * + * Asserts that the rule must be in the classifier. + */ +void +classifier_remove_assert(struct classifier *cls, + const struct cls_rule *cls_rule) +{ +ovs_assert(classifier_remove(cls, cls_rule)); } /* Prefix tree context. Valid when 'lookup_done' is true. Can skip all diff --git a/lib/classifier.h b/lib/classifier.h index f0ea5a9cb8b2..7699d58e1b07 100644 --- a/lib/classifier.h +++ b/lib/classifier.h @@ -387,8 +387,10 @@ const struct cls_rule *classifier_replace(struct classifier *, ovs_version_t, const struct cls_conjunction *, size_t n_conjunctions); -const struct cls_rule *classifier_remove(struct classifier *, - const struct cls_rule *); +bool classifier_remove(struct classifier *, + const struct cls_rule *); +void classifier_remove_assert(struct classifier *, + const struct cls_rule *); static inline void classifier_defer(struct classifier *); static inline void classifier_publish(struct classifier *); diff --git a/lib/ovs-router.c b/lib/ovs-router.c index cd2ab15fb003..a7d55c754d16 100644 --- a/lib/ovs-router.c +++ b/lib/ovs-router.c @@ -245,19 +245,15 @@ ovs_router_insert(uint32_t mark, const struct in6_addr *ip_dst, uint8_t plen, ovs_router_insert__(mark, plen, ip_dst, plen, output_bridge, gw); } -static bool +static void __rt_entry_delete(const struct cls_rule *cr) { struct ovs_router_entry *p = ovs_router_entry_cast(cr); tnl_port_map_delete_ipdev(p->output_bridge); /* Remove it. */ -cr = classifier_remove(&cls, cr); -if (cr) { -ovsrcu_postpone(rt_entry_free, ovs_router_entry_cast(cr)); -return true; -} -return false; +classifier_remove_assert(&cls, cr); +ovsrcu_postpone(rt_entry_free, p); } static bool @@ -267,7 +263,6 @@ rt_entry_delete(uint32_t mark, uint8_t priority, const struct cls_rule *cr; struct cls_rule rule; struct match match; -bool res = false; rt_init_match(&match, mark, ip6_dst, plen); @@ -277,12 +272,12 @@ rt_entry_delete(uint32_t mark, uint8_t priority, cr = classifier_find_rule_exactly(&cls, &rule, OVS_VERSION_MAX); if (cr) { ovs_mutex_lock(&mutex); -res = __rt_entry_delete(cr); +__rt_entry_delete(cr); ovs_mutex_unlock(&mutex); } cls_rule_destroy(&rule); -return res; +return (cr != NULL); } static bool diff --git a/lib/tnl-ports.c b/lib/tnl-ports.c index 04d2b3f7c6cf..b814f7a0a50a 100644 --- a/lib/tnl-ports.c +++ b/lib/tnl-ports.c @@ -223,9 +223,8 @@ tnl_port_unref(const struct cls_rule *cr) struct tnl_port_in *p = tnl_port_cast(cr); if (cr && ovs_refcount_unref_relaxed(&p->ref_cnt) == 1) { -if (classifier_remove(&cls, cr)) { -ovsrcu_postpone(tnl_port_free, p); -} +classifier_remove_assert(&cls, cr); +ovsrcu_postpone(tnl_port_free, p); } } diff --git a/ofproto/ofproto.c b/ofproto/ofproto.c index 4f17f79d286f..536636393850 100644 --- a/ofproto/ofproto.c +++ b/ofproto/ofproto.c @@ -1520,10 +1520
Re: [ovs-dev] [PATCH] classifier: Fix typo in comment.
Thanks for the fix. Reviewed-by: Yifeng Sun On Tue, Jan 30, 2018 at 12:34 PM, Ben Pfaff wrote: > Signed-off-by: Ben Pfaff > --- > lib/classifier.h | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/lib/classifier.h b/lib/classifier.h > index f0ea5a9cb8b2..71c2e507d7c3 100644 > --- a/lib/classifier.h > +++ b/lib/classifier.h > @@ -284,7 +284,7 @@ > * > * The classifier may safely be accessed by many reader threads > concurrently > * and by a single writer, or by multiple writers when they guarantee > mutually > - * exlucive access to classifier modifications. > + * exclusive access to classifier modifications. > * > * Since the classifier rules are RCU protected, the rule destruction > after > * removal from the classifier must be RCU postponed. Also, when > versioning is > -- > 2.10.2 > > ___ > dev mailing list > d...@openvswitch.org > https://mail.openvswitch.org/mailman/listinfo/ovs-dev > ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH] classifier: Fix typo in comment.
Signed-off-by: Ben Pfaff --- lib/classifier.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/classifier.h b/lib/classifier.h index f0ea5a9cb8b2..71c2e507d7c3 100644 --- a/lib/classifier.h +++ b/lib/classifier.h @@ -284,7 +284,7 @@ * * The classifier may safely be accessed by many reader threads concurrently * and by a single writer, or by multiple writers when they guarantee mutually - * exlucive access to classifier modifications. + * exclusive access to classifier modifications. * * Since the classifier rules are RCU protected, the rule destruction after * removal from the classifier must be RCU postponed. Also, when versioning is -- 2.10.2 ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] Habilidades necesarias para alcanzar sus objetivos
Adecuada gestión de personal para resultados excelentes Técnicas de Supervisión Efectiva, Liderazgo, Productividad y Manejo de Conflictos 14 de Febrero- Psi. Dolores Romero Mora - 9am- 8pm Las habilidades de supervisión son imprescindibles para aquellos jefes o supervisores que tienen equipos de trabajo a su cargo y tienen el reto de alcanzar objetivos dentro de las empresas. Es posible ocupar un puesto de este tipo por dar buenos resultados en nuestras funciones, por antigüedad o porque hemos demostrado capacidad y responsabilidad en el cumplimiento de las tareas asignadas. Sin embargo, esto no garantiza el éxito, ya que las competencias que se requieren para ser un buen jefe o supervisor no son las mismas que se requieren para ser un buen empleado o colaborador. BENEFICIOS DE ASISTIR: - Conocerá cuáles son las competencias de su puesto de trabajo. - Aprenderá sobre las habilidades de comunicación y asertividad para con sus colaboradores. - Identificará los tipos de liderazgo y técnicas motivacionales a implementar con su equipo de trabajo. - Comprenderá los estilos y técnicas para manejo de conflictos y negociación. - ¡Más información aplicable a sus actividades! ¿Requiere la información a la Brevedad? responda este email con la palabra: Supervisión + nombre - teléfono - correo. centro telefónico:018002120744 ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH V2 7/7] compat: Fix compiler headers
Please ignore this series - a couple of other things have changed in the stable and long term kernels that need some attention. I'll send V3 when I get them fixed up. On 1/29/2018 2:54 PM, Greg Rose wrote: Since Linux kernel upstream commit d15155824c50 ("linux/compiler.h: Split into compiler.h and compiler_types.h") this error check for the gcc compiler header is no longer valid. Remove so that openvswitch builds for linux kernels 4.14.8 and since. Signed-off-by: Greg Rose --- acinclude.m4 | 3 +++ datapath/linux/compat/include/linux/compiler-gcc.h | 2 ++ 2 files changed, 5 insertions(+) diff --git a/acinclude.m4 b/acinclude.m4 index d0f9d82..a838a46 100644 --- a/acinclude.m4 +++ b/acinclude.m4 @@ -798,6 +798,9 @@ AC_DEFUN([OVS_CHECK_LINUX_COMPAT], [ OVS_FIND_PARAM_IFELSE([$KSRC/include/linux/netdevice.h], [netdev_master_upper_dev_link], [extack], [OVS_DEFINE([HAVE_UPPER_DEV_LINK_EXTACK])]) + OVS_GREP_IFELSE([$KSRC/include/linux/compiler_types.h], + [__LINUX_COMPILER_TYPES_H], + [OVS_DEFINE([HAVE_LINUX_COMPILER_TYPES_H])]) if cmp -s datapath/linux/kcompat.h.new \ datapath/linux/kcompat.h >/dev/null 2>&1; then diff --git a/datapath/linux/compat/include/linux/compiler-gcc.h b/datapath/linux/compat/include/linux/compiler-gcc.h index bf057f7..bfcd531 100644 --- a/datapath/linux/compat/include/linux/compiler-gcc.h +++ b/datapath/linux/compat/include/linux/compiler-gcc.h @@ -1,6 +1,8 @@ #ifndef __LINUX_COMPILER_H +#ifndef HAVE_LINUX_COMPILER_TYPES_H #error "Please don't include directly, include instead." #endif +#endif #include_next ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH v2 1/5] xlate: fix packets loopback caused by duplicate read of xcfgp.
That 'ctx->xcfg' can't be null in my previous patch. This patch looks good to me. On Thu, Jan 25, 2018 at 3:40 AM, Ben Pfaff wrote: > From: Huanle Han > > Some functions, such as xlate_normal_mcast_send_mrouters, test xbundle > pointers equality to avoid sending packet back to in bundle. However, > xbundle pointers port from different xcfgp for same port are inequal. > This may lead to the packet loopback. > > This commit stores xcfgp on ctx at first and always uses the same xcfgp > during one packet process period. > > Signed-off-by: Huanle Han > Signed-off-by: Ben Pfaff > --- > ofproto/ofproto-dpif-xlate.c | 43 ++- > 1 file changed, 14 insertions(+), 29 deletions(-) > > diff --git a/ofproto/ofproto-dpif-xlate.c b/ofproto/ofproto-dpif-xlate.c > index 40c04cc4fb4a..f767224941cf 100644 > --- a/ofproto/ofproto-dpif-xlate.c > +++ b/ofproto/ofproto-dpif-xlate.c > @@ -182,6 +182,7 @@ struct xlate_ctx { > struct xlate_in *xin; > struct xlate_out *xout; > > +struct xlate_cfg *xcfg; > const struct xbridge *xbridge; > > /* Flow at the last commit. */ > @@ -514,7 +515,6 @@ static struct xlate_cfg *new_xcfg = NULL; > > typedef void xlate_actions_handler(const struct ofpact *, size_t ofpacts_len, > struct xlate_ctx *, bool); > - > static bool may_receive(const struct xport *, struct xlate_ctx *); > static void do_xlate_actions(const struct ofpact *, size_t ofpacts_len, > struct xlate_ctx *, bool); > @@ -1965,8 +1965,7 @@ mirror_packet(struct xlate_ctx *ctx, struct xbundle > *xbundle, > > /* Send the packet to the mirror. */ > if (out) { > -struct xlate_cfg *xcfg = ovsrcu_get(struct xlate_cfg *, &xcfgp); > -struct xbundle *out_xbundle = xbundle_lookup(xcfg, out); > +struct xbundle *out_xbundle = xbundle_lookup(ctx->xcfg, out); > if (out_xbundle) { > output_normal(ctx, out_xbundle, &xvlan); > } > @@ -2234,7 +2233,6 @@ output_normal(struct xlate_ctx *ctx, const struct > xbundle *out_xbundle, > xport = CONTAINER_OF(ovs_list_front(&out_xbundle->xports), struct > xport, > bundle_node); > } else { > -struct xlate_cfg *xcfg = ovsrcu_get(struct xlate_cfg *, &xcfgp); > struct flow_wildcards *wc = ctx->wc; > struct ofport_dpif *ofport; > > @@ -2256,7 +2254,7 @@ output_normal(struct xlate_ctx *ctx, const struct > xbundle *out_xbundle, > > ofport = bond_choose_output_slave(out_xbundle->bond, >&ctx->xin->flow, wc, vid); > -xport = xport_lookup(xcfg, ofport); > +xport = xport_lookup(ctx->xcfg, ofport); > > if (!xport) { > /* No slaves enabled, so drop packet. */ > @@ -2525,7 +2523,6 @@ update_mcast_snooping_table(const struct xlate_ctx *ctx, > const struct dp_packet *packet) > { > struct mcast_snooping *ms = ctx->xbridge->ms; > -struct xlate_cfg *xcfg; > struct xbundle *mcast_xbundle; > struct mcast_port_bundle *fport; > > @@ -2537,9 +2534,8 @@ update_mcast_snooping_table(const struct xlate_ctx *ctx, > /* Don't learn from flood ports */ > mcast_xbundle = NULL; > ovs_rwlock_wrlock(&ms->rwlock); > -xcfg = ovsrcu_get(struct xlate_cfg *, &xcfgp); > LIST_FOR_EACH(fport, node, &ms->fport_list) { > -mcast_xbundle = xbundle_lookup(xcfg, fport->port); > +mcast_xbundle = xbundle_lookup(ctx->xcfg, fport->port); > if (mcast_xbundle == in_xbundle) { > break; > } > @@ -2566,13 +2562,11 @@ xlate_normal_mcast_send_group(struct xlate_ctx *ctx, >const struct xvlan *xvlan) > OVS_REQ_RDLOCK(ms->rwlock) > { > -struct xlate_cfg *xcfg; > struct mcast_group_bundle *b; > struct xbundle *mcast_xbundle; > > -xcfg = ovsrcu_get(struct xlate_cfg *, &xcfgp); > LIST_FOR_EACH(b, bundle_node, &grp->bundle_lru) { > -mcast_xbundle = xbundle_lookup(xcfg, b->port); > +mcast_xbundle = xbundle_lookup(ctx->xcfg, b->port); > if (mcast_xbundle && mcast_xbundle != in_xbundle) { > xlate_report(ctx, OFT_DETAIL, "forwarding to mcast group port"); > output_normal(ctx, mcast_xbundle, xvlan); > @@ -2594,13 +2588,11 @@ xlate_normal_mcast_send_mrouters(struct xlate_ctx > *ctx, > const struct xvlan *xvlan) > OVS_REQ_RDLOCK(ms->rwlock) > { > -struct xlate_cfg *xcfg; > struct mcast_mrouter_bundle *mrouter; > struct xbundle *mcast_xbundle; > > -xcfg = ovsrcu_get(struct xlate_cfg *, &xcfgp); > LIST_FOR_EACH(mrouter, mrouter_node, &ms->mrouter_lru) { > -mcast_xbundle = xbundle_lookup(xcfg, mrouter->port); > +mcast_xbundle = xbundle_lookup(ctx->xcfg, mrouter->port); > if (mcast_xbu
Re: [ovs-dev] [PATCH 3/3] mirror: do not mirror packet on recirculation
Thanks for your review. Here is a test case: 1. add a trunk, balance-tcp bond to a bridge 2. add a access port tag=xxx to same bridge 3. add a mirror, which mirrors all ports in vlan=xxx to another out port 4. send packet from access port to bond (simply use arp). as a result, *mirror send 2 duplicated packets to outport * Commands for example: br=br1 src_port=vnet1 mirror_port=vnet12 ovs-vsctl --if-exists del-port $mirror_port -- add-port $br $mirror_port ovs-vsctl --if-exists del-port $src_port -- add-port $br $src_port tag=199 ovs-vsctl -- set Bridge $br mirrors=@m -- \ --id=@p0 get Port $mirror_port -- \ --id=@m create Mirror select_all=true name=mm select_vlan=199 output_port=@p0 Result of datapath flows: 11,which is the mirror outport, is outputed twice. recirc_id(0x2),dp_hash(0xb8/0xff),in_port(10),eth_type(0x8100),vlan(vid=199),encap(eth_type(0x0806), packets:9, bytes:414, used:0.605s, actions:9,11 recirc_id(0),in_port(10),eth(src=fa:da:41:1d:30:0e,dst=ff:ff:ff:ff:ff:ff),eth_type(0x0806),arp(sip=7.7.7.18,tip=7.7.7.192,op=1/0xff), packets:9, bytes:378, used:0.604s, actions:push_vlan(vid=199,pcp=0),11,pop_vlan,7,push_vlan(vid=199,pcp=0),12,hash(hash_l4(0),recirc(0x2) About patch: I didn't notice 'frozen_state' thing util you pointed it out. And after review the code, I think ovs doesn't save the mirror information in frozen_state for bond recirc. My old patch is naive. I would appreciate it if you would fix it. On Thu, Jan 25, 2018 at 3:30 AM, Ben Pfaff wrote: > On Wed, Jan 24, 2018 at 09:41:12AM -0800, Ben Pfaff wrote: >> From: Huanle Han >> >> Signed-off-by: Huanle Han >> --- >> ofproto/ofproto-dpif-xlate.c | 4 >> 1 file changed, 4 insertions(+) >> >> diff --git a/ofproto/ofproto-dpif-xlate.c b/ofproto/ofproto-dpif-xlate.c >> index 9d6ca94afc82..23938c8c8cf3 100644 >> --- a/ofproto/ofproto-dpif-xlate.c >> +++ b/ofproto/ofproto-dpif-xlate.c >> @@ -1931,6 +1931,10 @@ mirror_packet(struct xlate_ctx *ctx, struct xbundle >> *xbundle, >> return; >> } >> >> +if (ctx->xin->flow.recirc_id != 0) { >> +return; >> +} >> + > > Can you help me understand what cases this addresses? The frozen_state > that comes along with a recirculation should keep track of what mirrors > have already been output, which should prevent duplicate mirroring on > recirculation. If it doesn't work in every case, then probably we > should address that instead of just disabling mirroring on > recirculation. > > Thanks, > > Ben. ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH] rhel: Fix support for root user using DPDK
> -Original Message- > From: ovs-dev-boun...@openvswitch.org [mailto:ovs-dev- > boun...@openvswitch.org] On Behalf Of Marcos Felipe Schwarz > Sent: Sunday, January 28, 2018 2:42 AM > To: d...@openvswitch.org > Subject: [ovs-dev] [PATCH] rhel: Fix support for root user using DPDK > > Since 2.8.0 OVS runs as non-root user on rhel distros, but the current > implementation breaks the ability to run as root with DPDK and as a > consequence there is no way possible to use UIO drivers on kernel 4.0 and > newer [1, 2]. > [1] > http://dpdk.org/browse/dpdk/commit/?id=cdc242f260e766bd95a658b5e0686a62ec0 > 4f5b0 > [2] https://www.kernel.org/doc/Documentation/vm/pagemap.txt > > Signed-off-by: Marcos Schwarz Hi Marcos, Thanks for this, normally a fix will include the fixes tag for the commit message. I spotted Aaron acked this already but had issues with applying to the head of master, I had the same issue, if you can rebase and add the fixes tag I'll add this to DPDK_MERGE and backport it for the 2.9 branch. Thanks Ian > --- > lib/daemon-unix.c | 3 ++- > rhel/usr_lib_systemd_system_ovs-vswitchd.service.in | 2 +- > 2 files changed, 3 insertions(+), 2 deletions(-) > > diff --git a/lib/daemon-unix.c b/lib/daemon-unix.c index > adb549c98..06528e9ab 100644 > --- a/lib/daemon-unix.c > +++ b/lib/daemon-unix.c > @@ -1047,5 +1047,6 @@ daemon_set_new_user(const char *user_spec) > } > } > > -switch_user = true; > +if (!uid_verify(uid) || !gid_verify(gid)) > +switch_user = true; > } > diff --git a/rhel/usr_lib_systemd_system_ovs-vswitchd.service.in b/rhel/ > usr_lib_systemd_system_ovs-vswitchd.service.in > index c6d9aa1b8..9b01c9271 100644 > --- a/rhel/usr_lib_systemd_system_ovs-vswitchd.service.in > +++ b/rhel/usr_lib_systemd_system_ovs-vswitchd.service.in > @@ -14,7 +14,7 @@ Environment=HOME=/var/run/openvswitch > EnvironmentFile=/etc/openvswitch/default.conf > EnvironmentFile=-/etc/sysconfig/openvswitch > @begin_dpdk@ > -ExecStartPre=-/usr/bin/chown :hugetlbfs /dev/hugepages > +ExecStartPre=-/bin/sh -c '/usr/bin/chown :${OVS_USER_ID##*:} > /dev/hugepages' > ExecStartPre=-/usr/bin/chmod 0775 /dev/hugepages @end_dpdk@ > ExecStart=/usr/share/openvswitch/scripts/ovs-ctl \ > -- > 2.14.3 > ___ > dev mailing list > d...@openvswitch.org > https://mail.openvswitch.org/mailman/listinfo/ovs-dev ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH v1 0/5] datapath: enable NSH support in kernel compat mode
On Tue, Jan 30, 2018 at 11:33:55AM +, Yang, Yi Y wrote: > Hi, Greg > > I installed linux 3.10.107 in Ubuntu 14.04 and fixed skb_gso_error_unwind > issue, but for unit test, tests/system-layer3-tunnels.at is a good reference > for it because we used vxlan-gpe for nsh, I ran unit test 90, but it always > fails (I have installed and used net-next kernel and the latest iproute2) > > Here is error log > > ./system-layer3-tunnels.at:25: ip netns exec at_ns0 sh << NS_EXEC_HEREDOC > ip route add 10.1.1.2/32 encap ip id 0 dst 172.31.1.100 dev at_vxlan1 > NS_EXEC_HEREDOC > --- /dev/null 2018-01-30 02:18:43.272647961 + > +++ > /home/vagrant/ovs-nsh-test/tests/system-kmod-testsuite.dir/at-groups/90/stderr > 2018-01-30 09:45:15.415934534 + > @@ -0,0 +1 @@ > +RTNETLINK answers: Operation not supported > ./system-layer3-tunnels.at:25: exit code was 2, expected 0 > > I think my system missed something so “ip route add 10.1.1.2/32 encap ip id 0 > dst 172.31.1.100 dev at_vxlan1 > “ failed, Eric, what linux distribution do you know I can run “ping over > VXLAN-GPE” successfully, I’ll use it as baseline to add NSH unit test for > kernel data path. When I added the tests it was on RHEL-7.4 with a net-next kernel. It should skip the tests if the installed iproute2 does not have the options for GPE. The error you're seeing likely means your kernel does not have GPE support. VXLAN-GPE first appeared in kernel 4.7. e1e5314de08b ("vxlan: implement GPE") As such, I think the VXLAN-GPE test case should pass on any distro with a 4.7+ kernel. > > From: Gregory Rose [mailto:gvrose8...@gmail.com] > Sent: Tuesday, January 30, 2018 1:51 AM > To: Yang, Yi Y ; d...@openvswitch.org > Cc: b...@ovn.org; jan.scheur...@ericsson.com > Subject: Re: [PATCH v1 0/5] datapath: enable NSH support in kernel compat mode > > On 1/10/2018 11:53 PM, Yi Yang wrote: > > > This patch series is to backport NSH support patches in Linux net-next tree > > to OVS in order that it can support NSH in kernel compat mode. > > > > Yi Yang (5): > > datapath: ether: add NSH ethertype > > datapath: vxlan: factor out VXLAN-GPE next protocol > > datapath: net: add NSH header structures and helpers > > datapath: nsh: add GSO support > > datapath: enable NSH support > > > > NEWS | 1 + > > datapath/Modules.mk | 4 +- > > datapath/actions.c| 116 > > datapath/datapath.c | 4 + > > datapath/flow.c | 51 > > datapath/flow.h | 7 + > > datapath/flow_netlink.c | 343 > +- > > datapath/flow_netlink.h | 5 + > > datapath/linux/Modules.mk | 2 + > > datapath/linux/compat/include/linux/if_ether.h| 4 + > > datapath/linux/compat/include/linux/openvswitch.h | 6 +- > > datapath/linux/compat/include/net/nsh.h | 313 > > datapath/linux/compat/include/net/tun_proto.h | 49 > > datapath/linux/compat/include/net/vxlan.h | 6 - > > datapath/linux/compat/vxlan.c | 32 +- > > datapath/nsh.c| 142 + > > 16 files changed, 1048 insertions(+), 37 deletions(-) > > create mode 100644 datapath/linux/compat/include/net/nsh.h > > create mode 100644 datapath/linux/compat/include/net/tun_proto.h > > create mode 100644 datapath/nsh.c > > > > Hi Yi, > > My apologies for the delay in reviewing this series. > > I've finished up my review and I think it mostly looks pretty good but I did > find an issue compiling on a 3.10.107 kernel build: > CC [M] > /home/travis/build/gvrose8192/ovs-experimental/datapath/linux/vport-netdev.o > /home/travis/build/gvrose8192/ovs-experimental/datapath/linux/nsh.c:108:17: > error: undefined identifier 'skb_gso_error_unwind' > CC [M] /home/travis/build/gvrose8192/ovs-experimental/datapath/linux/nsh.o > /home/travis/build/gvrose8192/ovs-experimental/datapath/linux/nsh.c: In > function ‘nsh_gso_segment’: > /home/travis/build/gvrose8192/ovs-experimental/datapath/linux/nsh.c:108:3: > error: implicit declaration of function ‘skb_gso_error_unwind’ > [-Werror=implicit-function-declaration] > skb_gso_error_unwind(skb, htons(ETH_P_NSH), nsh_len, > ^ > cc1: some warnings being treated as errors > make[3]: *** > [/home/travis/build/gvrose8192/ovs-experimental/datapath/linux/nsh.o] Error 1 > make[3]: *** Waiting for unfinished jobs > make[2]: *** > [_module_/home/travis/build/gvrose8192/ovs-experimental/datapath/linux] Error > 2 > make[2]: Leaving directory > `/home/travis/build/gvrose8192/ovs-experimental/linux-3.10.107' > make[1]: *** [default] Error 2 > make[1]: Leaving directory > `/home/travis/build/gvrose8192/ovs-experimental/datapath/lin
Re: [ovs-dev] [PATCH] rhel: Fix support for root user using DPDK
Marcos Felipe Schwarz writes: > Since 2.8.0 OVS runs as non-root user on rhel distros, but the current > implementation breaks the ability to run as root with DPDK and as a > consequence there is no way possible to use UIO drivers on kernel 4.0 and > newer [1, 2]. > [1] > http://dpdk.org/browse/dpdk/commit/?id=cdc242f260e766bd95a658b5e0686a62ec04f5b0 > [2] https://www.kernel.org/doc/Documentation/vm/pagemap.txt > > Signed-off-by: Marcos Schwarz > --- The patchwork version of this had problems applying (so I cc'd Stephen). I manually applied this, and it works for me. Acked-by: Aaron Conole ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH v1 0/5] datapath: enable NSH support in kernel compat mode
Hi, Greg I installed linux 3.10.107 in Ubuntu 14.04 and fixed skb_gso_error_unwind issue, but for unit test, tests/system-layer3-tunnels.at is a good reference for it because we used vxlan-gpe for nsh, I ran unit test 90, but it always fails (I have installed and used net-next kernel and the latest iproute2) Here is error log ./system-layer3-tunnels.at:25: ip netns exec at_ns0 sh << NS_EXEC_HEREDOC ip route add 10.1.1.2/32 encap ip id 0 dst 172.31.1.100 dev at_vxlan1 NS_EXEC_HEREDOC --- /dev/null 2018-01-30 02:18:43.272647961 + +++ /home/vagrant/ovs-nsh-test/tests/system-kmod-testsuite.dir/at-groups/90/stderr 2018-01-30 09:45:15.415934534 + @@ -0,0 +1 @@ +RTNETLINK answers: Operation not supported ./system-layer3-tunnels.at:25: exit code was 2, expected 0 I think my system missed something so “ip route add 10.1.1.2/32 encap ip id 0 dst 172.31.1.100 dev at_vxlan1 “ failed, Eric, what linux distribution do you know I can run “ping over VXLAN-GPE” successfully, I’ll use it as baseline to add NSH unit test for kernel data path. From: Gregory Rose [mailto:gvrose8...@gmail.com] Sent: Tuesday, January 30, 2018 1:51 AM To: Yang, Yi Y ; d...@openvswitch.org Cc: b...@ovn.org; jan.scheur...@ericsson.com Subject: Re: [PATCH v1 0/5] datapath: enable NSH support in kernel compat mode On 1/10/2018 11:53 PM, Yi Yang wrote: This patch series is to backport NSH support patches in Linux net-next tree to OVS in order that it can support NSH in kernel compat mode. Yi Yang (5): datapath: ether: add NSH ethertype datapath: vxlan: factor out VXLAN-GPE next protocol datapath: net: add NSH header structures and helpers datapath: nsh: add GSO support datapath: enable NSH support NEWS | 1 + datapath/Modules.mk | 4 +- datapath/actions.c| 116 datapath/datapath.c | 4 + datapath/flow.c | 51 datapath/flow.h | 7 + datapath/flow_netlink.c | 343 +- datapath/flow_netlink.h | 5 + datapath/linux/Modules.mk | 2 + datapath/linux/compat/include/linux/if_ether.h| 4 + datapath/linux/compat/include/linux/openvswitch.h | 6 +- datapath/linux/compat/include/net/nsh.h | 313 datapath/linux/compat/include/net/tun_proto.h | 49 datapath/linux/compat/include/net/vxlan.h | 6 - datapath/linux/compat/vxlan.c | 32 +- datapath/nsh.c| 142 + 16 files changed, 1048 insertions(+), 37 deletions(-) create mode 100644 datapath/linux/compat/include/net/nsh.h create mode 100644 datapath/linux/compat/include/net/tun_proto.h create mode 100644 datapath/nsh.c Hi Yi, My apologies for the delay in reviewing this series. I've finished up my review and I think it mostly looks pretty good but I did find an issue compiling on a 3.10.107 kernel build: CC [M] /home/travis/build/gvrose8192/ovs-experimental/datapath/linux/vport-netdev.o /home/travis/build/gvrose8192/ovs-experimental/datapath/linux/nsh.c:108:17: error: undefined identifier 'skb_gso_error_unwind' CC [M] /home/travis/build/gvrose8192/ovs-experimental/datapath/linux/nsh.o /home/travis/build/gvrose8192/ovs-experimental/datapath/linux/nsh.c: In function ‘nsh_gso_segment’: /home/travis/build/gvrose8192/ovs-experimental/datapath/linux/nsh.c:108:3: error: implicit declaration of function ‘skb_gso_error_unwind’ [-Werror=implicit-function-declaration] skb_gso_error_unwind(skb, htons(ETH_P_NSH), nsh_len, ^ cc1: some warnings being treated as errors make[3]: *** [/home/travis/build/gvrose8192/ovs-experimental/datapath/linux/nsh.o] Error 1 make[3]: *** Waiting for unfinished jobs make[2]: *** [_module_/home/travis/build/gvrose8192/ovs-experimental/datapath/linux] Error 2 make[2]: Leaving directory `/home/travis/build/gvrose8192/ovs-experimental/linux-3.10.107' make[1]: *** [default] Error 2 make[1]: Leaving directory `/home/travis/build/gvrose8192/ovs-experimental/datapath/linux' make: *** [all-recursive] Error 1 So we'll need to fix that up and I also think the patches will need to be rebased to current master. That second part is my fault... so sorry again about that. One other thing, I ran this through our standard 'make check and make check-kmod' tests and everything was fine so the patches don't seem break anything. I'm still concerned though that the test coverage probably didn't hit any parts of your code. I'm wondering if there is some way I can test the code path and get some test coverage there. Could you write up a self test for the tests/system-traffic.at kernel test? Of if that's not practical is there some other way I could test this code? Thanks, -
Re: [ovs-dev] [PATCH] Add unixctl option for ovn-northd
This is required for spawning ovn-northd for networking-ovn functional tests i.e https://review.openstack.org/#/c/532440/ https://review.openstack.org/#/c/532440/11/networking_ovn/tests/functional/resources/process.py@60 https://review.openstack.org/#/c/532440/11/networking_ovn/tests/functional/resources/process.py@95 Thanks Anil On Tue, Jan 30, 2018 at 3:12 PM, wrote: > From: Venkata Anil > > Signed-off-by: Venkata Anil > --- > lib/automake.mk | 3 ++- > lib/unixctl.xml | 26 ++ > ovn/northd/ovn-northd.8.xml | 7 +-- > ovn/northd/ovn-northd.c | 9 - > tests/ovn-northd.at | 39 +++ > 5 files changed, 80 insertions(+), 4 deletions(-) > create mode 100644 lib/unixctl.xml > > diff --git a/lib/automake.mk b/lib/automake.mk > index 159319f..38d2a99 100644 > --- a/lib/automake.mk > +++ b/lib/automake.mk > @@ -455,7 +455,8 @@ EXTRA_DIST += \ > lib/ssl.xml \ > lib/ssl-bootstrap.xml \ > lib/table.xml \ > - lib/vlog.xml > + lib/vlog.xml \ > + lib/unixctl.xml > > MAN_FRAGMENTS += \ > lib/colors.man \ > diff --git a/lib/unixctl.xml b/lib/unixctl.xml > new file mode 100644 > index 000..51bfc5f > --- /dev/null > +++ b/lib/unixctl.xml > @@ -0,0 +1,26 @@ > + > + > + --unixctl=socket > + > +Sets the name of the control socket on which > +program listens for runtime management > commands > +(see RUNTIME MANAGEMENT COMMANDS, below). If > socket > +does not begin with /, it is interpreted as relative to > +@RUNDIR@. If --unixctl is not used at all, > +the default socket is > +@RUNDIR@/program.pid< > code>.ctl, > +where pid is program's process ID. > + > +On Windows a local named pipe is used to listen for runtime management > +commands. A file is created in the absolute path as pointed by > +socket or if --unixctl is not used at all, > +a file is created as program in the > configured > +OVS_RUNDIR directory. The file exists just to mimic the > +behavior of a Unix domain socket. > + > + > +Specifying none for socket disables the > control > +socket feature. > + > + > + > diff --git a/ovn/northd/ovn-northd.8.xml b/ovn/northd/ovn-northd.8.xml > index ee9cf8c..6bc2dd6 100644 > --- a/ovn/northd/ovn-northd.8.xml > +++ b/ovn/northd/ovn-northd.8.xml > @@ -54,8 +54,11 @@ > http://www.w3.org/ > 2003/XInclude"/> > > Other Options > - > -http://www.w3.org/ > 2003/XInclude"/> > + + xmlns:xi="http://www.w3.org/2003/XInclude"/> > + > + + xmlns:xi="http://www.w3.org/2003/XInclude"/> > > Runtime Management Commands > > diff --git a/ovn/northd/ovn-northd.c b/ovn/northd/ovn-northd.c > index f4edd8f..e206e0a 100644 > --- a/ovn/northd/ovn-northd.c > +++ b/ovn/northd/ovn-northd.c > @@ -59,6 +59,7 @@ struct northd_context { > > static const char *ovnnb_db; > static const char *ovnsb_db; > +static const char *unixctl_path; > > #define MAC_ADDR_PREFIX 0x0A00ULL > #define MAC_ADDR_SPACE 0xff > @@ -239,6 +240,7 @@ Options:\n\ > (default: %s)\n\ >--ovnsb-db=DATABASE connect to ovn-sb database at DATABASE\n\ > (default: %s)\n\ > + --unixctl = SOCKET override default control socket name\n\ >-h, --helpdisplay this help message\n\ >-o, --options list available options\n\ >-V, --version display version information\n\ > @@ -6663,6 +6665,7 @@ parse_options(int argc OVS_UNUSED, char *argv[] > OVS_UNUSED) > static const struct option long_options[] = { > {"ovnsb-db", required_argument, NULL, 'd'}, > {"ovnnb-db", required_argument, NULL, 'D'}, > +{"unixctl", required_argument, NULL, 'u'}, > {"help", no_argument, NULL, 'h'}, > {"options", no_argument, NULL, 'o'}, > {"version", no_argument, NULL, 'V'}, > @@ -6694,6 +6697,10 @@ parse_options(int argc OVS_UNUSED, char *argv[] > OVS_UNUSED) > ovnnb_db = optarg; > break; > > +case 'u': > +unixctl_path = optarg; > +break; > + > case 'h': > usage(); > exit(EXIT_SUCCESS); > @@ -6746,7 +6753,7 @@ main(int argc, char *argv[]) > > daemonize_start(false); > > -retval = unixctl_server_create(NULL, &unixctl); > +retval = unixctl_server_create(unixctl_path, &unixctl); > if (retval) { > exit(EXIT_FAILURE); > } > diff --git a/tests/ovn-northd.at b/tests/ovn-northd.at > index baa2add..1878eb2 100644 > --- a/tests/ovn-northd.at > +++ b/tests/ovn-northd.at > @@ -262,3 +262,42 @@ AT_CHECK_UNQUOTED([ovn-sbctl get Port_Binding ${uuid} > options:ipv6_ra_prefixes], > ]) > > AT_CLEANUP > + > +AT_SETUP([ovn -- test unixctl]) > +ovn_init_db ovn-sb; ovn-sbctl init > +ovn_init_db ovn-nb; ovn-nbctl init > + > +# test unixctl
Re: [ovs-dev] [PATCH 1/3] ovn-controller: Add extend_table instead of group_table to expand meter.
Acked-By: Miguel Angel Ajo The refactor looks good to me. On Wed, Jan 24, 2018 at 2:40 AM Ben Pfaff wrote: > From: Guoshuai Li > > The structure and function of the group table and meter table are similar, > refactoring code is used to extend for add the meter table. > The following function as lib: table init/destroy/clear, > install contents from desired, remove contents from existing, > Move the contents of desired to existing. > > Signed-off-by: Guoshuai Li > Signed-off-by: Ben Pfaff > --- > include/ovn/actions.h | 21 + > ovn/controller/lflow.c | 8 +- > ovn/controller/lflow.h | 4 +- > ovn/controller/ofctrl.c | 180 +--- > ovn/controller/ofctrl.h | 7 +- > ovn/controller/ovn-controller.c | 20 +--- > ovn/lib/actions.c | 58 ++-- > ovn/lib/automake.mk | 2 + > ovn/lib/extend-table.c | 198 > > ovn/lib/extend-table.h | 69 ++ > tests/test-ovn.c| 8 +- > 11 files changed, 356 insertions(+), 219 deletions(-) > create mode 100644 ovn/lib/extend-table.c > create mode 100644 ovn/lib/extend-table.h > > diff --git a/include/ovn/actions.h b/include/ovn/actions.h > index 85a484ffac20..ea90dbb2a69a 100644 > --- a/include/ovn/actions.h > +++ b/include/ovn/actions.h > @@ -31,6 +31,7 @@ struct lexer; > struct ofpbuf; > struct shash; > struct simap; > +struct ovn_extend_table; > > /* List of OVN logical actions. > * > @@ -338,24 +339,6 @@ void *ovnact_put(struct ofpbuf *, enum ovnact_type, > size_t len); > OVNACTS > #undef OVNACT > > -#define MAX_OVN_GROUPS 65535 > - > -struct group_table { > -unsigned long *group_ids; /* Used as a bitmap with value set > -* for allocated group ids in either > -* desired_groups or existing_groups. */ > -struct hmap desired_groups; > -struct hmap existing_groups; > -}; > - > -struct group_info { > -struct hmap_node hmap_node; > -struct ds group; > -uint32_t group_id; > -bool new_group_id; /* 'True' if 'group_id' was reserved from > - * group_table's 'group_ids' bitmap. */ > -}; > - > enum action_opcode { > /* "arp { ...actions... }". > * > @@ -505,7 +488,7 @@ struct ovnact_encode_params { > bool is_gateway_router; > > /* A struct to figure out the group_id for group actions. */ > -struct group_table *group_table; > +struct ovn_extend_table *group_table; > > /* OVN maps each logical flow table (ltable), one-to-one, onto a > physical > * OpenFlow flow table (ptable). A number of parameters describe this > diff --git a/ovn/controller/lflow.c b/ovn/controller/lflow.c > index a62ec6ebe09f..3d990c49c195 100644 > --- a/ovn/controller/lflow.c > +++ b/ovn/controller/lflow.c > @@ -61,7 +61,7 @@ static void consider_logical_flow(struct controller_ctx > *ctx, >const struct chassis_index > *chassis_index, >const struct sbrec_logical_flow *lflow, >const struct hmap *local_datapaths, > - struct group_table *group_table, > + struct ovn_extend_table *group_table, >const struct sbrec_chassis *chassis, >struct hmap *dhcp_opts, >struct hmap *dhcpv6_opts, > @@ -143,7 +143,7 @@ static void > add_logical_flows(struct controller_ctx *ctx, >const struct chassis_index *chassis_index, >const struct hmap *local_datapaths, > - struct group_table *group_table, > + struct ovn_extend_table *group_table, >const struct sbrec_chassis *chassis, >const struct shash *addr_sets, >struct hmap *flow_table, > @@ -190,7 +190,7 @@ consider_logical_flow(struct controller_ctx *ctx, >const struct chassis_index *chassis_index, >const struct sbrec_logical_flow *lflow, >const struct hmap *local_datapaths, > - struct group_table *group_table, > + struct ovn_extend_table *group_table, >const struct sbrec_chassis *chassis, >struct hmap *dhcp_opts, >struct hmap *dhcpv6_opts, > @@ -434,7 +434,7 @@ lflow_run(struct controller_ctx *ctx, >const struct sbrec_chassis *chassis, >const struct chassis_index *chassis_index, >const struct hmap *local_datapaths, > - struct group_table *group_table, > + struct ovn_extend_table *group_table, >const struct shash *addr_sets, >struct hmap *flow_tabl
Re: [ovs-dev] test
ACK. It worked for me. On Mon, Jan 29, 2018 at 9:55 PM Ben Pfaff wrote: > I've heard that there are problems with the mailing list this morning, > so here's a test email. > ___ > dev mailing list > d...@openvswitch.org > https://mail.openvswitch.org/mailman/listinfo/ovs-dev > ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH] docs: Update supported DPDK versions.
Update the OVS to DPDK release table to use the latest stable DPDK 16.11.4 for OVS 2.7. Signed-off-by: Ian Stokes --- Documentation/faq/releases.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Documentation/faq/releases.rst b/Documentation/faq/releases.rst index 62a1957..86eefeb 100644 --- a/Documentation/faq/releases.rst +++ b/Documentation/faq/releases.rst @@ -162,7 +162,7 @@ Q: What DPDK version does each Open vSwitch release work with? 2.4.x2.0 2.5.x2.2 2.6.x16.07.2 -2.7.x16.11.3 +2.7.x16.11.4 2.8.x17.05.2 2.9.x17.11 === -- 2.7.5 ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH branch-2.7] docs: Use DPDK 16.11.4 stable release.
Modify docs and travis linux build script to use DPDK 16.11.4 stable branch to benefit from most recent bug fixes. There are no new features introduced in the DPDK release, only back ported bug fixes. For completeness these bug fixes have been documented under the 16.11.4 section in the link below. http://dpdk.org/doc/guides-16.11/rel_notes/release_16_11.html Signed-off-by: Ian Stokes --- .travis/linux-build.sh | 2 +- Documentation/faq/releases.rst | 2 +- Documentation/intro/install/dpdk.rst | 6 +++--- Documentation/topics/dpdk/vhost-user.rst | 8 4 files changed, 9 insertions(+), 9 deletions(-) diff --git a/.travis/linux-build.sh b/.travis/linux-build.sh index 67f3ec2..088f20f 100755 --- a/.travis/linux-build.sh +++ b/.travis/linux-build.sh @@ -80,7 +80,7 @@ fi if [ "$DPDK" ]; then if [ -z "$DPDK_VER" ]; then -DPDK_VER="16.11.3" +DPDK_VER="16.11.4" fi install_dpdk $DPDK_VER if [ "$CC" = "clang" ]; then diff --git a/Documentation/faq/releases.rst b/Documentation/faq/releases.rst index fa983cb..c60d0ad 100644 --- a/Documentation/faq/releases.rst +++ b/Documentation/faq/releases.rst @@ -160,7 +160,7 @@ Q: What DPDK version does each Open vSwitch release work with? 2.4.x2.0 2.5.x2.2 2.6.x16.07.2 -2.7.x16.11.3 +2.7.x16.11.4 === Q: I get an error like this when I configure Open vSwitch:: diff --git a/Documentation/intro/install/dpdk.rst b/Documentation/intro/install/dpdk.rst index 55d8bd1..4ee93f2 100644 --- a/Documentation/intro/install/dpdk.rst +++ b/Documentation/intro/install/dpdk.rst @@ -64,9 +64,9 @@ Install DPDK #. Download the `DPDK sources`_, extract the file and set ``DPDK_DIR``:: $ cd /usr/src/ - $ wget http://fast.dpdk.org/rel/dpdk-16.11.3.tar.xz - $ tar xf dpdk-16.11.3.tar.xz - $ export DPDK_DIR=/usr/src/dpdk-stable-16.11.3 + $ wget http://fast.dpdk.org/rel/dpdk-16.11.4.tar.xz + $ tar xf dpdk-16.11.4.tar.xz + $ export DPDK_DIR=/usr/src/dpdk-stable-16.11.4 $ cd $DPDK_DIR #. (Optional) Configure DPDK as a shared library diff --git a/Documentation/topics/dpdk/vhost-user.rst b/Documentation/topics/dpdk/vhost-user.rst index 2150809..b75c9dc 100644 --- a/Documentation/topics/dpdk/vhost-user.rst +++ b/Documentation/topics/dpdk/vhost-user.rst @@ -278,9 +278,9 @@ To begin, instantiate a guest as described in :ref:`dpdk-vhost-user` or DPDK sources to VM and build DPDK:: $ cd /root/dpdk/ -$ wget http://fast.dpdk.org/rel/dpdk-16.11.3.tar.xz -$ tar xf dpdk-16.11.3.tar.xz -$ export DPDK_DIR=/root/dpdk/dpdk-stable-16.11.3 +$ wget http://fast.dpdk.org/rel/dpdk-16.11.4.tar.xz +$ tar xf dpdk-16.11.4.tar.xz +$ export DPDK_DIR=/root/dpdk/dpdk-stable-16.11.4 $ export DPDK_TARGET=x86_64-native-linuxapp-gcc $ export DPDK_BUILD=$DPDK_DIR/$DPDK_TARGET $ cd $DPDK_DIR @@ -364,7 +364,7 @@ Sample XML - + -- 2.7.5 ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH] Add unixctl option for ovn-northd
From: Venkata Anil Signed-off-by: Venkata Anil --- lib/automake.mk | 3 ++- lib/unixctl.xml | 26 ++ ovn/northd/ovn-northd.8.xml | 7 +-- ovn/northd/ovn-northd.c | 9 - tests/ovn-northd.at | 39 +++ 5 files changed, 80 insertions(+), 4 deletions(-) create mode 100644 lib/unixctl.xml diff --git a/lib/automake.mk b/lib/automake.mk index 159319f..38d2a99 100644 --- a/lib/automake.mk +++ b/lib/automake.mk @@ -455,7 +455,8 @@ EXTRA_DIST += \ lib/ssl.xml \ lib/ssl-bootstrap.xml \ lib/table.xml \ - lib/vlog.xml + lib/vlog.xml \ + lib/unixctl.xml MAN_FRAGMENTS += \ lib/colors.man \ diff --git a/lib/unixctl.xml b/lib/unixctl.xml new file mode 100644 index 000..51bfc5f --- /dev/null +++ b/lib/unixctl.xml @@ -0,0 +1,26 @@ + + + --unixctl=socket + +Sets the name of the control socket on which +program listens for runtime management commands +(see RUNTIME MANAGEMENT COMMANDS, below). If socket +does not begin with /, it is interpreted as relative to +@RUNDIR@. If --unixctl is not used at all, +the default socket is +@RUNDIR@/program.pid.ctl, +where pid is program's process ID. + +On Windows a local named pipe is used to listen for runtime management +commands. A file is created in the absolute path as pointed by +socket or if --unixctl is not used at all, +a file is created as program in the configured +OVS_RUNDIR directory. The file exists just to mimic the +behavior of a Unix domain socket. + + +Specifying none for socket disables the control +socket feature. + + + diff --git a/ovn/northd/ovn-northd.8.xml b/ovn/northd/ovn-northd.8.xml index ee9cf8c..6bc2dd6 100644 --- a/ovn/northd/ovn-northd.8.xml +++ b/ovn/northd/ovn-northd.8.xml @@ -54,8 +54,11 @@ http://www.w3.org/2003/XInclude"/> Other Options - -http://www.w3.org/2003/XInclude"/> +http://www.w3.org/2003/XInclude"/> + +http://www.w3.org/2003/XInclude"/> Runtime Management Commands diff --git a/ovn/northd/ovn-northd.c b/ovn/northd/ovn-northd.c index f4edd8f..e206e0a 100644 --- a/ovn/northd/ovn-northd.c +++ b/ovn/northd/ovn-northd.c @@ -59,6 +59,7 @@ struct northd_context { static const char *ovnnb_db; static const char *ovnsb_db; +static const char *unixctl_path; #define MAC_ADDR_PREFIX 0x0A00ULL #define MAC_ADDR_SPACE 0xff @@ -239,6 +240,7 @@ Options:\n\ (default: %s)\n\ --ovnsb-db=DATABASE connect to ovn-sb database at DATABASE\n\ (default: %s)\n\ + --unixctl = SOCKET override default control socket name\n\ -h, --helpdisplay this help message\n\ -o, --options list available options\n\ -V, --version display version information\n\ @@ -6663,6 +6665,7 @@ parse_options(int argc OVS_UNUSED, char *argv[] OVS_UNUSED) static const struct option long_options[] = { {"ovnsb-db", required_argument, NULL, 'd'}, {"ovnnb-db", required_argument, NULL, 'D'}, +{"unixctl", required_argument, NULL, 'u'}, {"help", no_argument, NULL, 'h'}, {"options", no_argument, NULL, 'o'}, {"version", no_argument, NULL, 'V'}, @@ -6694,6 +6697,10 @@ parse_options(int argc OVS_UNUSED, char *argv[] OVS_UNUSED) ovnnb_db = optarg; break; +case 'u': +unixctl_path = optarg; +break; + case 'h': usage(); exit(EXIT_SUCCESS); @@ -6746,7 +6753,7 @@ main(int argc, char *argv[]) daemonize_start(false); -retval = unixctl_server_create(NULL, &unixctl); +retval = unixctl_server_create(unixctl_path, &unixctl); if (retval) { exit(EXIT_FAILURE); } diff --git a/tests/ovn-northd.at b/tests/ovn-northd.at index baa2add..1878eb2 100644 --- a/tests/ovn-northd.at +++ b/tests/ovn-northd.at @@ -262,3 +262,42 @@ AT_CHECK_UNQUOTED([ovn-sbctl get Port_Binding ${uuid} options:ipv6_ra_prefixes], ]) AT_CLEANUP + +AT_SETUP([ovn -- test unixctl]) +ovn_init_db ovn-sb; ovn-sbctl init +ovn_init_db ovn-nb; ovn-nbctl init + +# test unixctl option +mkdir "$ovs_base"/northd +as northd start_daemon ovn-northd --unixctl="$ovs_base"/northd/ovn-northd.ctl --ovnnb-db=unix:"$ovs_base"/ovn-nb/ovn-nb.sock --ovnsb-db=unix:"$ovs_base"/ovn-sb/ovn-sb.sock +ovn-nbctl ls-add sw +ovn-nbctl --wait=sb lsp-add sw p1 +# northd created with unixctl option successfully created port_binding entry +AT_CHECK([ovn-sbctl --bare --columns datapath find port_binding logical_port="p1" | wc -l], [0], [1 +]) +AT_CHECK([ovn-nbctl --wait=sb lsp-del p1]) + +# ovs-appctl exit with unixctl option +OVS_APP_EXIT_AND_WAIT_BY_TARGET(["$ovs_base"/northd/ovn-northd.ctl], ["$ovs_base"/northd/ovn-northd.pid]) + +# Check no port_binding entry for new port a
[ovs-dev] [patch v4 10/10] tests: Enable fragmentation for userspace datapath.
Signed-off-by: Darrell Ball --- tests/system-kmod-macros.at | 14 +++- tests/system-traffic.at | 34 tests/system-userspace-macros.at | 49 3 files changed, 72 insertions(+), 25 deletions(-) diff --git a/tests/system-kmod-macros.at b/tests/system-kmod-macros.at index 12b0adf..b4f7f9a 100644 --- a/tests/system-kmod-macros.at +++ b/tests/system-kmod-macros.at @@ -76,12 +76,6 @@ m4_define([CHECK_CONNTRACK], # m4_define([CHECK_CONNTRACK_ALG]) -# CHECK_CONNTRACK_FRAG() -# -# Perform requirements checks for running conntrack fragmentations tests. -# The kernel always supports fragmentation, so no check is needed. -m4_define([CHECK_CONNTRACK_FRAG]) - # CHECK_CONNTRACK_LOCAL_STACK() # # Perform requirements checks for running conntrack tests with local stack. @@ -123,3 +117,11 @@ m4_define([CHECK_CT_DPIF_GET_NCONNS], [ AT_SKIP_IF([:]) ]) + +# DPCTL_ENABLE_FRAGMENTATION() +# +# The kernel does not support this command. +m4_define([DPCTL_ENABLE_FRAGMENTATION], +[ + +]) diff --git a/tests/system-traffic.at b/tests/system-traffic.at index 5b59392..1610e3b 100644 --- a/tests/system-traffic.at +++ b/tests/system-traffic.at @@ -1759,7 +1759,6 @@ AT_CLEANUP AT_SETUP([conntrack - IPv4 fragmentation]) CHECK_CONNTRACK() -CHECK_CONNTRACK_FRAG() OVS_TRAFFIC_VSWITCHD_START() ADD_NAMESPACES(at_ns0, at_ns1) @@ -1778,6 +1777,9 @@ priority=100,in_port=2,ct_state=+trk+est-new,icmp,action=1 AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt]) +dnl Enable userspace conntrack fragmentation handling. +DPCTL_ENABLE_FRAGMENTATION() + dnl Ipv4 fragmentation connectivity check. NS_CHECK_EXEC([at_ns0], [ping -s 1600 -q -c 3 -i 0.3 -w 2 10.1.1.2 | FORMAT_PING], [0], [dnl 3 packets transmitted, 3 received, 0% packet loss, time 0ms @@ -1793,7 +1795,6 @@ AT_CLEANUP AT_SETUP([conntrack - IPv4 fragmentation expiry]) CHECK_CONNTRACK() -CHECK_CONNTRACK_FRAG() OVS_TRAFFIC_VSWITCHD_START() ADD_NAMESPACES(at_ns0, at_ns1) @@ -1814,6 +1815,9 @@ priority=100,in_port=2,ct_state=+trk+est-new,icmp,action=1 AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt]) +dnl Enable userspace conntrack fragmentation handling. +DPCTL_ENABLE_FRAGMENTATION() + dnl Ipv4 fragmentation connectivity check. NS_CHECK_EXEC([at_ns0], [ping -s 1600 -q -c 1 -i 0.3 -w 2 10.1.1.2 | FORMAT_PING], [0], [dnl 7 packets transmitted, 0 received, 100% packet loss, time 0ms @@ -1824,7 +1828,6 @@ AT_CLEANUP AT_SETUP([conntrack - IPv4 fragmentation + vlan]) CHECK_CONNTRACK() -CHECK_CONNTRACK_FRAG() OVS_TRAFFIC_VSWITCHD_START() ADD_NAMESPACES(at_ns0, at_ns1) @@ -1845,6 +1848,9 @@ priority=100,in_port=2,ct_state=+trk+est-new,icmp,action=1 AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt]) +dnl Enable userspace conntrack fragmentation handling. +DPCTL_ENABLE_FRAGMENTATION() + dnl Ipv4 fragmentation connectivity check. NS_CHECK_EXEC([at_ns0], [ping -s 1600 -q -c 3 -i 0.3 -w 2 10.2.2.2 | FORMAT_PING], [0], [dnl 3 packets transmitted, 3 received, 0% packet loss, time 0ms @@ -1860,7 +1866,6 @@ AT_CLEANUP AT_SETUP([conntrack - IPv4 fragmentation + cvlan]) CHECK_CONNTRACK() -CHECK_CONNTRACK_FRAG() OVS_TRAFFIC_VSWITCHD_START([set Open_vSwitch . other_config:vlan-limit=0]) OVS_CHECK_8021AD() @@ -1888,6 +1893,9 @@ AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt]) OVS_WAIT_UNTIL([ip netns exec at_ns0 ping -c 1 10.2.2.2]) +dnl Enable userspace conntrack fragmentation handling. +DPCTL_ENABLE_FRAGMENTATION() + dnl Ipv4 fragmentation connectivity check. NS_CHECK_EXEC([at_ns0], [ping -s 1600 -q -c 3 -i 0.3 -w 2 10.2.2.2 | FORMAT_PING], [0], [dnl 3 packets transmitted, 3 received, 0% packet loss, time 0ms @@ -1913,7 +1921,6 @@ AT_CLEANUP AT_SETUP([conntrack - IPv6 fragmentation]) CHECK_CONNTRACK() -CHECK_CONNTRACK_FRAG() OVS_TRAFFIC_VSWITCHD_START() ADD_NAMESPACES(at_ns0, at_ns1) @@ -1938,6 +1945,9 @@ dnl waiting, we get occasional failures due to the following error: dnl "connect: Cannot assign requested address" OVS_WAIT_UNTIL([ip netns exec at_ns0 ping6 -c 1 fc00::2]) +dnl Enable userspace conntrack fragmentation handling. +DPCTL_ENABLE_FRAGMENTATION() + dnl Ipv6 fragmentation connectivity check. NS_CHECK_EXEC([at_ns0], [ping6 -s 1600 -q -c 3 -i 0.3 -w 2 fc00::2 | FORMAT_PING], [0], [dnl 3 packets transmitted, 3 received, 0% packet loss, time 0ms @@ -1953,7 +1963,6 @@ AT_CLEANUP AT_SETUP([conntrack - IPv6 fragmentation expiry]) CHECK_CONNTRACK() -CHECK_CONNTRACK_FRAG() OVS_TRAFFIC_VSWITCHD_START() ADD_NAMESPACES(at_ns0, at_ns1) @@ -1982,6 +1991,9 @@ dnl waiting, we get occasional failures due to the following error: dnl "connect: Cannot assign requested address" OVS_WAIT_UNTIL([ip netns exec at_ns0 ping6 -c 1 fc00::2]) +dnl Enable userspace conntrack fragmentation handling. +DPCTL_ENABLE_FRAGMENTATION() + dnl Send an IPv6 fragment. Some time later, it should expire. NS_CHECK_EXEC([at_ns0], [pi
[ovs-dev] [patch v4 09/10] tests: Add missed local stack checks.
Signed-off-by: Darrell Ball --- tests/system-traffic.at | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests/system-traffic.at b/tests/system-traffic.at index dbd5640..5b59392 100644 --- a/tests/system-traffic.at +++ b/tests/system-traffic.at @@ -2093,6 +2093,7 @@ AT_SETUP([conntrack - Fragmentation over vxlan]) OVS_CHECK_VXLAN() CHECK_CONNTRACK() CHECK_CONNTRACK_FRAG() +CHECK_CONNTRACK_LOCAL_STACK() OVS_TRAFFIC_VSWITCHD_START() ADD_BR([br-underlay]) @@ -2145,6 +2146,7 @@ AT_SETUP([conntrack - IPv6 Fragmentation over vxlan]) OVS_CHECK_VXLAN() CHECK_CONNTRACK() CHECK_CONNTRACK_FRAG() +CHECK_CONNTRACK_LOCAL_STACK() OVS_TRAFFIC_VSWITCHD_START() ADD_BR([br-underlay]) -- 1.9.1 ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [patch v4 08/10] ipf: Add command to get fragmentation handling status.
A new command "ovs-appctl dpctl/ipf-get-status" is added for userspace datapath conntrack fragmentation support. The command shows the configuration status as well as fragment counters. Signed-off-by: Darrell Ball --- NEWS| 2 ++ lib/ct-dpif.c | 21 lib/ct-dpif.h | 6 + lib/dpctl.c | 72 + lib/dpctl.man | 5 lib/dpif-netdev.c | 33 lib/dpif-netlink.c | 1 + lib/dpif-provider.h | 7 ++ lib/ipf.c | 26 +++ lib/ipf.h | 3 +++ 10 files changed, 176 insertions(+) diff --git a/NEWS b/NEWS index 044f1ab..56625da 100644 --- a/NEWS +++ b/NEWS @@ -11,6 +11,8 @@ Post-v2.9.0 datapath conntrack fragmentation support. * New "ovs-appctl dpctl/ipf-set-maxfrags" command for userspace datapath conntrack fragmentation support. + * New "ovs-appctl dpctl/ipf-get-status" command for userspace datapath + conntrack fragmentation support. v2.9.0 - xx xxx diff --git a/lib/ct-dpif.c b/lib/ct-dpif.c index 81f9d92..60c8986 100644 --- a/lib/ct-dpif.c +++ b/lib/ct-dpif.c @@ -188,6 +188,27 @@ ct_dpif_ipf_set_nfrag_max(struct dpif *dpif, uint32_t max_frags) : EOPNOTSUPP); } +int ct_dpif_ipf_get_status(struct dpif *dpif, bool *ipf_v4_enabled, +unsigned int *min_v4_frag_size, unsigned int *nfrag_max, +unsigned int *nfrag, unsigned int *n4frag_accepted, +unsigned int *n4frag_completed_sent, +unsigned int *n4frag_expired_sent, unsigned int *n4frag_too_small, +unsigned int *n4frag_overlap, bool *ipf_v6_enabled, +unsigned int *min_v6_frag_size, unsigned int *n6frag_accepted, +unsigned int *n6frag_completed_sent, +unsigned int *n6frag_expired_sent, unsigned int *n6frag_too_small, +unsigned int *n6frag_overlap) +{ +return (dpif->dpif_class->ipf_get_status +? dpif->dpif_class->ipf_get_status(dpif, ipf_v4_enabled, +min_v4_frag_size, nfrag_max, nfrag, n4frag_accepted, +n4frag_completed_sent, n4frag_expired_sent, n4frag_too_small, +n4frag_overlap, ipf_v6_enabled, min_v6_frag_size, n6frag_accepted, +n6frag_completed_sent, n6frag_expired_sent, n6frag_too_small, +n6frag_overlap) +: EOPNOTSUPP); +} + void ct_dpif_entry_uninit(struct ct_dpif_entry *entry) { diff --git a/lib/ct-dpif.h b/lib/ct-dpif.h index 4ce4dd4..8a24128 100644 --- a/lib/ct-dpif.h +++ b/lib/ct-dpif.h @@ -203,6 +203,12 @@ int ct_dpif_get_nconns(struct dpif *dpif, uint32_t *nconns); int ct_dpif_ipf_change_enabled(struct dpif *, bool, bool); int ct_dpif_ipf_set_min_frag(struct dpif *, bool, uint32_t); int ct_dpif_ipf_set_nfrag_max(struct dpif *, uint32_t); +int ct_dpif_ipf_get_status(struct dpif *dpif, bool *, unsigned int *, + unsigned int *, unsigned int *, unsigned int *, + unsigned int *, unsigned int *, unsigned int *, + unsigned int *, bool *, unsigned int *, + unsigned int *, unsigned int *, unsigned int *, + unsigned int *, unsigned int *); void ct_dpif_entry_uninit(struct ct_dpif_entry *); void ct_dpif_format_entry(const struct ct_dpif_entry *, struct ds *, bool verbose, bool print_stats); diff --git a/lib/dpctl.c b/lib/dpctl.c index e58917c..54a346b 100644 --- a/lib/dpctl.c +++ b/lib/dpctl.c @@ -1851,6 +1851,77 @@ dpctl_ct_ipf_set_nfrag_max(int argc, const char *argv[], return error; } +static int +dpctl_ct_ipf_get_status(int argc, const char *argv[], +struct dpctl_params *dpctl_p) +{ +struct dpif *dpif; +int error = dpctl_ct_open_dp(argc, argv, dpctl_p, &dpif, 2); +if (!error) { +bool ipf_v4_enabled; +unsigned int min_v4_frag_size; +unsigned int nfrag_max; +unsigned int nfrag; +unsigned int n4frag_accepted; +unsigned int n4frag_completed_sent; +unsigned int n4frag_expired_sent; +unsigned int n4frag_too_small; +unsigned int n4frag_overlap; +unsigned int min_v6_frag_size; +bool ipf_v6_enabled; +unsigned int n6frag_accepted; +unsigned int n6frag_completed_sent; +unsigned int n6frag_expired_sent; +unsigned int n6frag_too_small; +unsigned int n6frag_overlap; +error = ct_dpif_ipf_get_status(dpif, &ipf_v4_enabled, +&min_v4_frag_size, &nfrag_max, &nfrag, &n4frag_accepted, +&n4frag_completed_sent, &n4frag_expired_sent, &n4frag_too_small, +&n4frag_overlap, &ipf_v6_enabled, &min_v6_frag_size, +&n6frag_accepted, &n6frag_completed_sent, &n6frag_expired_sent, +&n6frag_too_small, &n6frag_overlap); + +if (!error) { +dpctl_print(dpctl_p, "\tFragmentation Module Status\n"); +
[ovs-dev] [patch v4 07/10] ipf: Add set maximum fragments supported command.
A new command "ovs-appctl dpctl/ipf-set-maxfrags" is added for userspace datapath conntrack fragmentation support. Signed-off-by: Darrell Ball --- NEWS| 2 ++ lib/ct-dpif.c | 8 lib/ct-dpif.h | 1 + lib/dpctl.c | 31 +++ lib/dpctl.man | 8 lib/dpif-netdev.c | 8 lib/dpif-netlink.c | 1 + lib/dpif-provider.h | 2 ++ lib/ipf.c | 10 ++ lib/ipf.h | 3 +++ 10 files changed, 74 insertions(+) diff --git a/NEWS b/NEWS index d2107a8..044f1ab 100644 --- a/NEWS +++ b/NEWS @@ -9,6 +9,8 @@ Post-v2.9.0 conntrack fragmentation support. * New "ovs-appctl dpctl/ipf-set-minfragment" command for userspace datapath conntrack fragmentation support. + * New "ovs-appctl dpctl/ipf-set-maxfrags" command for userspace datapath + conntrack fragmentation support. v2.9.0 - xx xxx diff --git a/lib/ct-dpif.c b/lib/ct-dpif.c index 4a93bf6..81f9d92 100644 --- a/lib/ct-dpif.c +++ b/lib/ct-dpif.c @@ -180,6 +180,14 @@ ct_dpif_ipf_set_min_frag(struct dpif *dpif, bool v6, uint32_t min_frag) : EOPNOTSUPP); } +int +ct_dpif_ipf_set_nfrag_max(struct dpif *dpif, uint32_t max_frags) +{ +return (dpif->dpif_class->ipf_set_nfrag_max +? dpif->dpif_class->ipf_set_nfrag_max(dpif, max_frags) +: EOPNOTSUPP); +} + void ct_dpif_entry_uninit(struct ct_dpif_entry *entry) { diff --git a/lib/ct-dpif.h b/lib/ct-dpif.h index 449f958..4ce4dd4 100644 --- a/lib/ct-dpif.h +++ b/lib/ct-dpif.h @@ -202,6 +202,7 @@ int ct_dpif_get_maxconns(struct dpif *dpif, uint32_t *maxconns); int ct_dpif_get_nconns(struct dpif *dpif, uint32_t *nconns); int ct_dpif_ipf_change_enabled(struct dpif *, bool, bool); int ct_dpif_ipf_set_min_frag(struct dpif *, bool, uint32_t); +int ct_dpif_ipf_set_nfrag_max(struct dpif *, uint32_t); void ct_dpif_entry_uninit(struct ct_dpif_entry *); void ct_dpif_format_entry(const struct ct_dpif_entry *, struct ds *, bool verbose, bool print_stats); diff --git a/lib/dpctl.c b/lib/dpctl.c index e15626d..e58917c 100644 --- a/lib/dpctl.c +++ b/lib/dpctl.c @@ -1822,6 +1822,35 @@ dpctl_ct_ipf_set_min_frag(int argc, const char *argv[], return error; } +static int +dpctl_ct_ipf_set_nfrag_max(int argc, const char *argv[], + struct dpctl_params *dpctl_p) +{ +struct dpif *dpif; +int error = dpctl_ct_open_dp(argc, argv, dpctl_p, &dpif, 3); +if (!error) { +uint32_t nfrags_max; +if (ovs_scan(argv[argc - 1], "%"SCNu32, &nfrags_max)) { +error = ct_dpif_ipf_set_nfrag_max(dpif, nfrags_max); + +if (!error) { +dpctl_print(dpctl_p, +"setting maximum fragments successful"); +} else { +dpctl_error(dpctl_p, error, +"setting maximum fragments failed"); +} +} else { +error = EINVAL; +dpctl_error(dpctl_p, error, +"parameter missing for maximum fragments"); +} +dpif_close(dpif); +} + +return error; +} + /* Undocumented commands for unit testing. */ static int @@ -2125,6 +2154,8 @@ static const struct dpctl_command all_commands[] = { dpctl_ct_ipf_change_enabled, DP_RW }, { "ipf-set-minfragment", "[dp] minfragment", 2, 3, dpctl_ct_ipf_set_min_frag, DP_RW }, +{ "ipf-set-maxfrags", "[dp] maxfrags", 1, 2, + dpctl_ct_ipf_set_nfrag_max, DP_RW }, { "help", "", 0, INT_MAX, dpctl_help, DP_RO }, { "list-commands", "", 0, INT_MAX, dpctl_list_commands, DP_RO }, diff --git a/lib/dpctl.man b/lib/dpctl.man index 87067f9..53b3cdc 100644 --- a/lib/dpctl.man +++ b/lib/dpctl.man @@ -286,3 +286,11 @@ Sets the minimum fragment size supported by the userspace datapath connection tracker. Either v4 or v6 must be specified. The default v4 value is 1200 and the clamped minimum is 400. The default v6 value is 1280, which is also the clamped minimum. +. +.TP +\*(DX\fBipf\-set\-maxfrags\fR [\fIdp\fR] \fBmaxfrags\fR +Sets the maximum number of fragments tracked by the userspace datapath +connection tracker. The default value is 1000 and the clamped maximum +is 5000. Note that packet buffers can be held by the fragmentation +module while fragments are incomplete, but will timeout after 15 seconds. +Memory pool sizing should be set accordingly when fragmentation is enabled. diff --git a/lib/dpif-netdev.c b/lib/dpif-netdev.c index 44e511f..925917d 100644 --- a/lib/dpif-netdev.c +++ b/lib/dpif-netdev.c @@ -5886,6 +5886,13 @@ dpif_netdev_ipf_set_min_frag(struct dpif *dpif OVS_UNUSED, bool v6, return ipf_set_min_frag(v6, min_frag); } +static int +dpif_netdev_ipf_set_nfrag_max(struct dpif *dpif OVS_UNUSED, + uint32_t max_frags) +{ +return ipf_set_nfrag_max(max_frags); +} + c
[ovs-dev] [patch v4 06/10] ipf: Add set minimum fragment size command.
A new command "ovs-appctl dpctl/ipf-set-minfrag" is added for userspace datapath conntrack fragmentation support. Signed-off-by: Darrell Ball --- NEWS| 2 ++ lib/ct-dpif.c | 8 lib/ct-dpif.h | 1 + lib/dpctl.c | 40 lib/dpctl.man | 7 +++ lib/dpif-netdev.c | 8 lib/dpif-netlink.c | 1 + lib/dpif-provider.h | 2 ++ lib/ipf.c | 23 +++ lib/ipf.h | 3 +++ 10 files changed, 95 insertions(+) diff --git a/NEWS b/NEWS index d4859e5..d2107a8 100644 --- a/NEWS +++ b/NEWS @@ -7,6 +7,8 @@ Post-v2.9.0 * Add v4/v6 fragmentation support for conntrack. * New "ovs-appctl dpctl/ipf-set-enabled" command for userspace datapath conntrack fragmentation support. + * New "ovs-appctl dpctl/ipf-set-minfragment" command for userspace + datapath conntrack fragmentation support. v2.9.0 - xx xxx diff --git a/lib/ct-dpif.c b/lib/ct-dpif.c index 32d55c1..4a93bf6 100644 --- a/lib/ct-dpif.c +++ b/lib/ct-dpif.c @@ -172,6 +172,14 @@ ct_dpif_ipf_change_enabled(struct dpif *dpif, bool v6, bool enable) : EOPNOTSUPP); } +int +ct_dpif_ipf_set_min_frag(struct dpif *dpif, bool v6, uint32_t min_frag) +{ +return (dpif->dpif_class->ipf_set_min_frag +? dpif->dpif_class->ipf_set_min_frag(dpif, v6, min_frag) +: EOPNOTSUPP); +} + void ct_dpif_entry_uninit(struct ct_dpif_entry *entry) { diff --git a/lib/ct-dpif.h b/lib/ct-dpif.h index 3f0bce5..449f958 100644 --- a/lib/ct-dpif.h +++ b/lib/ct-dpif.h @@ -201,6 +201,7 @@ int ct_dpif_set_maxconns(struct dpif *dpif, uint32_t maxconns); int ct_dpif_get_maxconns(struct dpif *dpif, uint32_t *maxconns); int ct_dpif_get_nconns(struct dpif *dpif, uint32_t *nconns); int ct_dpif_ipf_change_enabled(struct dpif *, bool, bool); +int ct_dpif_ipf_set_min_frag(struct dpif *, bool, uint32_t); void ct_dpif_entry_uninit(struct ct_dpif_entry *); void ct_dpif_format_entry(const struct ct_dpif_entry *, struct ds *, bool verbose, bool print_stats); diff --git a/lib/dpctl.c b/lib/dpctl.c index a302ed5..e15626d 100644 --- a/lib/dpctl.c +++ b/lib/dpctl.c @@ -1784,6 +1784,44 @@ dpctl_ct_ipf_change_enabled(int argc, const char *argv[], return error; } +static int +dpctl_ct_ipf_set_min_frag(int argc, const char *argv[], + struct dpctl_params *dpctl_p) +{ +struct dpif *dpif; +int error = dpctl_ct_open_dp(argc, argv, dpctl_p, &dpif, 4); +if (!error) { +char v4_or_v6[3] = {0}; +if (ovs_scan(argv[argc - 2], "%2s", v4_or_v6) && +(!strncmp(v4_or_v6, "v4", 2) || !strncmp(v4_or_v6, "v6", 2))) { +uint32_t min_fragment; +if (ovs_scan(argv[argc - 1], "%"SCNu32, &min_fragment)) { +error = ct_dpif_ipf_set_min_frag( +dpif, !strncmp(v4_or_v6, "v6", 2), min_fragment); + +if (!error) { +dpctl_print(dpctl_p, +"setting minimum fragment size successful"); +} else { +dpctl_error(dpctl_p, error, +"setting minimum fragment size failed"); +} +} else { +error = EINVAL; +dpctl_error(dpctl_p, error, +"parameter missing for minimum fragment size"); +} +} else { +error = EINVAL; +dpctl_error(dpctl_p, error, +"parameter missing: v4 for ipv4 or v6 for ipv6"); +} +dpif_close(dpif); +} + +return error; +} + /* Undocumented commands for unit testing. */ static int @@ -2085,6 +2123,8 @@ static const struct dpctl_command all_commands[] = { { "ct-get-nconns", "[dp]", 0, 1, dpctl_ct_get_nconns, DP_RO }, { "ipf-set-enabled", "[dp] enabled", 2, 3, dpctl_ct_ipf_change_enabled, DP_RW }, +{ "ipf-set-minfragment", "[dp] minfragment", 2, 3, + dpctl_ct_ipf_set_min_frag, DP_RW }, { "help", "", 0, INT_MAX, dpctl_help, DP_RO }, { "list-commands", "", 0, INT_MAX, dpctl_list_commands, DP_RO }, diff --git a/lib/dpctl.man b/lib/dpctl.man index 491de0b..87067f9 100644 --- a/lib/dpctl.man +++ b/lib/dpctl.man @@ -279,3 +279,10 @@ differentiate between first and other fragments. Although, this would logically happen naturally anyways, it is mentioned for clarity. If there is a need to differentiate between first and other fragments, do it after conntrack. +. +.TP +\*(DX\fBipf\-set\-minfrag\fR [\fIdp\fR] [\fIv4 or v6\fR] \fBminfrag\fR +Sets the minimum fragment size supported by the userspace datapath +connection tracker. Either v4 or v6 must be specified. The default v4 +value is 1200 and the clamped minimum is 400. The default v6 value is +1280, which is also the clamped minimum. diff --git a/lib/
[ovs-dev] [patch v4 05/10] ipf: Add command to enable fragmentation handling.
A new command "ovs-appctl dpctl/ipf-set-enabled" is added to enable/disable userspace datapath conntrack fragmentation support. Signed-off-by: Darrell Ball --- NEWS| 2 ++ lib/ct-dpif.c | 8 lib/ct-dpif.h | 1 + lib/dpctl.c | 40 lib/dpctl.man | 11 +++ lib/dpif-netdev.c | 9 + lib/dpif-netlink.c | 1 + lib/dpif-provider.h | 2 ++ lib/ipf.c | 15 +++ lib/ipf.h | 3 +++ 10 files changed, 92 insertions(+) diff --git a/NEWS b/NEWS index dccff06..d4859e5 100644 --- a/NEWS +++ b/NEWS @@ -5,6 +5,8 @@ Post-v2.9.0 - Userspace datapath: * Add v4/v6 fragmentation support for conntrack. + * New "ovs-appctl dpctl/ipf-set-enabled" command for userspace datapath + conntrack fragmentation support. v2.9.0 - xx xxx diff --git a/lib/ct-dpif.c b/lib/ct-dpif.c index 5fa3a97..32d55c1 100644 --- a/lib/ct-dpif.c +++ b/lib/ct-dpif.c @@ -164,6 +164,14 @@ ct_dpif_get_nconns(struct dpif *dpif, uint32_t *nconns) : EOPNOTSUPP); } +int +ct_dpif_ipf_change_enabled(struct dpif *dpif, bool v6, bool enable) +{ +return (dpif->dpif_class->ipf_change_enabled +? dpif->dpif_class->ipf_change_enabled(dpif, v6, enable) +: EOPNOTSUPP); +} + void ct_dpif_entry_uninit(struct ct_dpif_entry *entry) { diff --git a/lib/ct-dpif.h b/lib/ct-dpif.h index 09e7698..3f0bce5 100644 --- a/lib/ct-dpif.h +++ b/lib/ct-dpif.h @@ -200,6 +200,7 @@ int ct_dpif_flush(struct dpif *, const uint16_t *zone, int ct_dpif_set_maxconns(struct dpif *dpif, uint32_t maxconns); int ct_dpif_get_maxconns(struct dpif *dpif, uint32_t *maxconns); int ct_dpif_get_nconns(struct dpif *dpif, uint32_t *nconns); +int ct_dpif_ipf_change_enabled(struct dpif *, bool, bool); void ct_dpif_entry_uninit(struct ct_dpif_entry *); void ct_dpif_format_entry(const struct ct_dpif_entry *, struct ds *, bool verbose, bool print_stats); diff --git a/lib/dpctl.c b/lib/dpctl.c index 87f0412..a302ed5 100644 --- a/lib/dpctl.c +++ b/lib/dpctl.c @@ -1746,6 +1746,44 @@ dpctl_ct_get_nconns(int argc, const char *argv[], return error; } +static int +dpctl_ct_ipf_change_enabled(int argc, const char *argv[], +struct dpctl_params *dpctl_p) +{ +struct dpif *dpif; +int error = dpctl_ct_open_dp(argc, argv, dpctl_p, &dpif, 4); +if (!error) { +char v4_or_v6[3] = {0}; +if (ovs_scan(argv[argc - 2], "%2s", v4_or_v6) && +(!strncmp(v4_or_v6, "v4", 2) || !strncmp(v4_or_v6, "v6", 2))) { +uint32_t enabled; +if (ovs_scan(argv[argc - 1], "%"SCNu32, &enabled)) { +error = ct_dpif_ipf_change_enabled( +dpif, !strncmp(v4_or_v6, "v6", 2), enabled); +if (!error) { +dpctl_print(dpctl_p, +"changing fragmentation enabled successful"); +} else { +dpctl_error(dpctl_p, error, +"changing fragmentation enabled failed"); +} +} else { +error = EINVAL; +dpctl_error( +dpctl_p, error, +"parameter missing: 0 for disabled or 1 for enabled"); +} +} else { +error = EINVAL; +dpctl_error(dpctl_p, error, +"parameter missing: v4 for ipv4 or v6 for ipv6"); +} +dpif_close(dpif); +} + +return error; +} + /* Undocumented commands for unit testing. */ static int @@ -2045,6 +2083,8 @@ static const struct dpctl_command all_commands[] = { { "ct-set-maxconns", "[dp] maxconns", 1, 2, dpctl_ct_set_maxconns, DP_RW }, { "ct-get-maxconns", "[dp]", 0, 1, dpctl_ct_get_maxconns, DP_RO }, { "ct-get-nconns", "[dp]", 0, 1, dpctl_ct_get_nconns, DP_RO }, +{ "ipf-set-enabled", "[dp] enabled", 2, 3, + dpctl_ct_ipf_change_enabled, DP_RW }, { "help", "", 0, INT_MAX, dpctl_help, DP_RO }, { "list-commands", "", 0, INT_MAX, dpctl_list_commands, DP_RO }, diff --git a/lib/dpctl.man b/lib/dpctl.man index 9e9d2dc..491de0b 100644 --- a/lib/dpctl.man +++ b/lib/dpctl.man @@ -268,3 +268,14 @@ Only supported for userspace datapath. \*(DX\fBct\-get\-nconns\fR [\fIdp\fR] Read the current number of connection tracker connections. Only supported for userspace datapath. +. +.TP +\*(DX\fBipf\-set\-enabled\fR [\fIdp\fR] [\fIv4 or v6\fR] \fBenable\fR +Enables or disables fragmentation handling for the userspace datapath +connection tracker. Either v4 or v6 must be specified. Both v4 and v6 +are disabled by default. When fragmentation handling is enabled, the +rules for handling fragments before entering conntrack should not +differentiate between first and other fragments. Although, this would +logically happen natural
[ovs-dev] [patch v4 03/10] Userspace datapath: Add fragmentation handling.
Fragmentation handling is added for supporting conntrack. Fragmentation handling is disabled by default and enabled via a user commands implemented in a subsequent patch. Both v4 and v6 are supported. Signed-off-by: Darrell Ball --- include/sparse/netinet/ip6.h |1 + lib/automake.mk |2 + lib/ipf.c| 1179 ++ lib/ipf.h| 61 +++ 4 files changed, 1243 insertions(+) create mode 100644 lib/ipf.c create mode 100644 lib/ipf.h diff --git a/include/sparse/netinet/ip6.h b/include/sparse/netinet/ip6.h index d2a54de..bfa637a 100644 --- a/include/sparse/netinet/ip6.h +++ b/include/sparse/netinet/ip6.h @@ -64,5 +64,6 @@ struct ip6_frag { }; #define IP6F_OFF_MASK ((OVS_FORCE ovs_be16) 0xfff8) +#define IP6F_MORE_FRAG ((OVS_FORCE ovs_be16) 0x0001) #endif /* netinet/ip6.h sparse */ diff --git a/lib/automake.mk b/lib/automake.mk index 159319f..6ca6a1e 100644 --- a/lib/automake.mk +++ b/lib/automake.mk @@ -107,6 +107,8 @@ lib_libopenvswitch_la_SOURCES = \ lib/hmapx.h \ lib/id-pool.c \ lib/id-pool.h \ + lib/ipf.c \ + lib/ipf.h \ lib/jhash.c \ lib/jhash.h \ lib/json.c \ diff --git a/lib/ipf.c b/lib/ipf.c new file mode 100644 index 000..74c4b32 --- /dev/null +++ b/lib/ipf.c @@ -0,0 +1,1179 @@ +/* + * Copyright (c) 2018 Nicira, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include +#include +#include +#include +#include +#include +#include +#include + +#include "csum.h" +#include "ipf.h" +#include "openvswitch/hmap.h" +#include "openvswitch/vlog.h" +#include "ovs-atomic.h" +#include "packets.h" +#include "util.h" + +VLOG_DEFINE_THIS_MODULE(ipf); + +enum { +IPV4_PACKET_MAX_HDR_SIZE = 60, +IPV4_PACKET_MAX_SIZE = 65535, +IPV6_PACKET_MAX_DATA = 65535, +}; + +enum ipf_list_state { +IPF_LIST_STATE_UNUSED, +IPF_LIST_STATE_REASS_FAIL, +IPF_LIST_STATE_OTHER_SEEN, +IPF_LIST_STATE_FIRST_SEEN, +IPF_LIST_STATE_LAST_SEEN, +IPF_LIST_STATE_FIRST_LAST_SEEN, +IPF_LIST_STATE_COMPLETED, +}; + +enum ipf_list_type { +IPF_FRAG_COMPLETED_LIST, +IPF_FRAG_EXPIRY_LIST, +}; + +enum { +IPF_INVALID_IDX = -1, +IPF_V4_FRAG_SIZE_LBOUND = 400, +IPF_V4_FRAG_SIZE_MIN_DEF = 1200, +IPF_V6_FRAG_SIZE_LBOUND = 1280, +IPF_V6_FRAG_SIZE_MIN_DEF = 1280, +IPF_MAX_FRAGS_DEFAULT = 1000, +IPF_NFRAG_UBOUND = 5000, +}; + +enum ipf_counter_type { +IPF_COUNTER_NFRAGS, +IPF_COUNTER_NFRAGS_ACCEPTED, +IPF_COUNTER_NFRAGS_COMPL_SENT, +IPF_COUNTER_NFRAGS_EXPD_SENT, +IPF_COUNTER_NFRAGS_TOO_SMALL, +IPF_COUNTER_NFRAGS_OVERLAP, +}; + +struct ipf_addr { +union { +ovs_16aligned_be32 ipv4; +union ovs_16aligned_in6_addr ipv6; +ovs_be32 ipv4_aligned; +struct in6_addr ipv6_aligned; +}; +}; + +struct ipf_frag { +struct dp_packet *pkt; +uint16_t start_data_byte; +uint16_t end_data_byte; +}; + +struct ipf_list_key { +struct ipf_addr src_addr; +struct ipf_addr dst_addr; +uint32_t recirc_id; +ovs_be32 ip_id; /* V6 is 32 bits. */ +ovs_be16 dl_type; +uint16_t zone; +uint8_t nw_proto; +}; + +struct ipf_list { +struct hmap_node node; +struct ovs_list exp_node; +struct ovs_list complete_node; +struct ipf_frag *frag_list; +struct ipf_list_key key; +struct dp_packet *reass_execute_ctx; +long long expiration; +int last_sent_idx; +int last_inuse_idx; +int size; +uint8_t state; +}; + +struct reassembled_pkt { +struct ovs_list rp_list_node; +struct dp_packet *pkt; +struct ipf_list *list; +}; + +struct OVS_LOCKABLE ipf_lock { +struct ovs_mutex lock; +}; + +static int max_v4_frag_list_size; + +static struct hmap frag_lists OVS_GUARDED; +static struct ovs_list frag_exp_list OVS_GUARDED; +static struct ovs_list frag_complete_list OVS_GUARDED; +static struct ovs_list reassembled_pkt_list OVS_GUARDED; + +static atomic_bool ifp_v4_enabled; +static atomic_bool ifp_v6_enabled; +static atomic_uint nfrag_max; +/* Will be clamped above 400 bytes; the value chosen should handle + * alg control packets of interest that use string encoding of mutable + * IP fields; meaning, the control packets should not be fragmented. */ +static atomic_uint min_v4_frag_size; +static atomic_uint min_v6_frag_size; + +static atomic_count nfrag; +static atomic_count n4frag_accepted; +static atomic
[ovs-dev] [patch v4 04/10] conntrack: Support fragmentation.
The conntrack module now calls fragmentation support apis. Signed-off-by: Darrell Ball --- NEWS| 2 ++ lib/conntrack.c | 7 +++ 2 files changed, 9 insertions(+) diff --git a/NEWS b/NEWS index 726589c..dccff06 100644 --- a/NEWS +++ b/NEWS @@ -3,6 +3,8 @@ Post-v2.9.0 - ovs-vswitchd: * New options --l7 and --l7-len to "ofproto/trace" command. + - Userspace datapath: + * Add v4/v6 fragmentation support for conntrack. v2.9.0 - xx xxx diff --git a/lib/conntrack.c b/lib/conntrack.c index bcd3b20..f637620 100644 --- a/lib/conntrack.c +++ b/lib/conntrack.c @@ -30,6 +30,7 @@ #include "ct-dpif.h" #include "dp-packet.h" #include "flow.h" +#include "ipf.h" #include "netdev.h" #include "odp-netlink.h" #include "openvswitch/hmap.h" @@ -340,6 +341,7 @@ conntrack_init(struct conntrack *ct) atomic_init(&ct->n_conn_limit, DEFAULT_N_CONN_LIMIT); latch_init(&ct->clean_thread_exit); ct->clean_thread = ovs_thread_create("ct_clean", clean_thread_main, ct); +ipf_init(); } /* Destroys the connection tracker 'ct' and frees all the allocated memory. */ @@ -382,6 +384,7 @@ conntrack_destroy(struct conntrack *ct) hindex_destroy(&ct->alg_expectation_refs); ct_rwlock_unlock(&ct->resources_lock); ct_rwlock_destroy(&ct->resources_lock); +ipf_destroy(); } static unsigned hash_to_bucket(uint32_t hash) @@ -1308,6 +1311,8 @@ conntrack_execute(struct conntrack *ct, struct dp_packet_batch *pkt_batch, const struct nat_action_info_t *nat_action_info, long long now) { +ipf_preprocess_conntrack(pkt_batch, now, dl_type, zone, ct->hash_basis); + struct dp_packet *packet; struct conn_lookup_ctx ctx; @@ -1321,6 +1326,8 @@ conntrack_execute(struct conntrack *ct, struct dp_packet_batch *pkt_batch, setlabel, nat_action_info, tp_src, tp_dst, helper); } +ipf_postprocess_conntrack(pkt_batch, now, dl_type); + return 0; } -- 1.9.1 ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [patch v4 02/10] flow: Enhance parse_ipv6_ext_hdrs.
Enhance the api parse_ipv6_ext_hdrs to return the fragmentation header to be used in later patches. Signed-off-by: Darrell Ball --- lib/conntrack.c | 5 +++-- lib/flow.c | 23 ++- lib/flow.h | 3 ++- 3 files changed, 19 insertions(+), 12 deletions(-) diff --git a/lib/conntrack.c b/lib/conntrack.c index 562e767..bcd3b20 100644 --- a/lib/conntrack.c +++ b/lib/conntrack.c @@ -1308,7 +1308,6 @@ conntrack_execute(struct conntrack *ct, struct dp_packet_batch *pkt_batch, const struct nat_action_info_t *nat_action_info, long long now) { - struct dp_packet *packet; struct conn_lookup_ctx ctx; @@ -1566,7 +1565,9 @@ extract_l3_ipv6(struct conn_key *key, const void *data, size_t size, uint8_t nw_proto = ip6->ip6_nxt; uint8_t nw_frag = 0; -if (!parse_ipv6_ext_hdrs(&data, &size, &nw_proto, &nw_frag)) { +const struct ovs_16aligned_ip6_frag *frag_hdr; +if (!parse_ipv6_ext_hdrs(&data, &size, &nw_proto, &nw_frag, + &frag_hdr)) { return false; } diff --git a/lib/flow.c b/lib/flow.c index 38ff29c..0283e6d 100644 --- a/lib/flow.c +++ b/lib/flow.c @@ -455,7 +455,8 @@ invalid: static inline bool parse_ipv6_ext_hdrs__(const void **datap, size_t *sizep, uint8_t *nw_proto, - uint8_t *nw_frag) + uint8_t *nw_frag, + const struct ovs_16aligned_ip6_frag **frag_hdr) { while (1) { if (OVS_LIKELY((*nw_proto != IPPROTO_HOPOPTS) @@ -502,17 +503,17 @@ parse_ipv6_ext_hdrs__(const void **datap, size_t *sizep, uint8_t *nw_proto, return false; } } else if (*nw_proto == IPPROTO_FRAGMENT) { -const struct ovs_16aligned_ip6_frag *frag_hdr = *datap; +*frag_hdr = *datap; -*nw_proto = frag_hdr->ip6f_nxt; -if (!data_try_pull(datap, sizep, sizeof *frag_hdr)) { +*nw_proto = (*frag_hdr)->ip6f_nxt; +if (!data_try_pull(datap, sizep, sizeof **frag_hdr)) { return false; } /* We only process the first fragment. */ -if (frag_hdr->ip6f_offlg != htons(0)) { +if ((*frag_hdr)->ip6f_offlg != htons(0)) { *nw_frag = FLOW_NW_FRAG_ANY; -if ((frag_hdr->ip6f_offlg & IP6F_OFF_MASK) != htons(0)) { +if (((*frag_hdr)->ip6f_offlg & IP6F_OFF_MASK) != htons(0)) { *nw_frag |= FLOW_NW_FRAG_LATER; *nw_proto = IPPROTO_FRAGMENT; return true; @@ -524,9 +525,11 @@ parse_ipv6_ext_hdrs__(const void **datap, size_t *sizep, uint8_t *nw_proto, bool parse_ipv6_ext_hdrs(const void **datap, size_t *sizep, uint8_t *nw_proto, -uint8_t *nw_frag) +uint8_t *nw_frag, +const struct ovs_16aligned_ip6_frag **frag_hdr) { -return parse_ipv6_ext_hdrs__(datap, sizep, nw_proto, nw_frag); +return parse_ipv6_ext_hdrs__(datap, sizep, nw_proto, nw_frag, + frag_hdr); } bool @@ -840,7 +843,9 @@ miniflow_extract(struct dp_packet *packet, struct miniflow *dst) nw_ttl = nh->ip6_hlim; nw_proto = nh->ip6_nxt; -if (!parse_ipv6_ext_hdrs__(&data, &size, &nw_proto, &nw_frag)) { +const struct ovs_16aligned_ip6_frag *frag_hdr; +if (!parse_ipv6_ext_hdrs__(&data, &size, &nw_proto, &nw_frag, + &frag_hdr)) { goto out; } } else { diff --git a/lib/flow.h b/lib/flow.h index 770a07a..7a9eb47 100644 --- a/lib/flow.h +++ b/lib/flow.h @@ -129,7 +129,8 @@ void flow_compose(struct dp_packet *, const struct flow *, void packet_expand(struct dp_packet *, const struct flow *, size_t size); bool parse_ipv6_ext_hdrs(const void **datap, size_t *sizep, uint8_t *nw_proto, - uint8_t *nw_frag); + uint8_t *nw_frag, + const struct ovs_16aligned_ip6_frag **frag_hdr); ovs_be16 parse_dl_type(const struct eth_header *data_, size_t size); bool parse_nsh(const void **datap, size_t *sizep, struct ovs_key_nsh *key); -- 1.9.1 ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [patch v4 01/10] dp-packet: Add const qualifiers for checksum apis.
Signed-off-by: Darrell Ball --- lib/dp-packet.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/dp-packet.h b/lib/dp-packet.h index b4b721c..61d4cd4 100644 --- a/lib/dp-packet.h +++ b/lib/dp-packet.h @@ -637,7 +637,7 @@ dp_packet_mbuf_init(struct dp_packet *p OVS_UNUSED) } static inline bool -dp_packet_ip_checksum_valid(struct dp_packet *p OVS_UNUSED) +dp_packet_ip_checksum_valid(const struct dp_packet *p OVS_UNUSED) { #ifdef DPDK_NETDEV return (p->mbuf.ol_flags & PKT_RX_IP_CKSUM_MASK) == @@ -648,7 +648,7 @@ dp_packet_ip_checksum_valid(struct dp_packet *p OVS_UNUSED) } static inline bool -dp_packet_ip_checksum_bad(struct dp_packet *p OVS_UNUSED) +dp_packet_ip_checksum_bad(const struct dp_packet *p OVS_UNUSED) { #ifdef DPDK_NETDEV return (p->mbuf.ol_flags & PKT_RX_IP_CKSUM_MASK) == -- 1.9.1 ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [patch v4 00/10] Userspace datapath: Add fragmentation support.
Fragmentation support for userspace datapath conntrack is added; both v4 and v6 are supported. See the patches for additional details. v3->v4: Add V6 support to the patches. Fix possible race cleanup bug when the user disables fragmentation and there are list occupancies, not cleaned up yet. Add missed orig tuple fields for copy from reassembled packet to fragments. Fix an fragment list increment check - shoiuld have been "> 0" rather then "!= 0". Fix max frags calculation in case of theoretical corner case. Add proper lock annotations. Made some other improvements while adding V6 support. v2->v3: Patch 2 was updated: Remove "XXX" todo items by implementing the ones needed, including realloc frag_list contexts to save memory. Fix related bug with max_frag_list_size when min_frag_size is reconfigured. Tighten ip_tot_len sanity check for reassembled packets which was more loose than intended. Add another sanity check for fragment ip_tot_len; even though it be redundant, add for completeness. v1->v2: Few fixes, improvements and cleanups. Darrell Ball (10): dp-packet: Add const qualifiers for checksum apis. flow: Enhance parse_ipv6_ext_hdrs. Userspace datapath: Add fragmentation handling. conntrack: Support fragmentation. ipf: Add command to enable fragmentation handling. ipf: Add set minimum fragment size command. ipf: Add set maximum fragments supported command. ipf: Add command to get fragmentation handling status. tests: Add missed local stack checks. tests: Enable fragmentation for userspace datapath. NEWS | 10 + include/sparse/netinet/ip6.h |1 + lib/automake.mk |2 + lib/conntrack.c | 10 +- lib/ct-dpif.c| 45 ++ lib/ct-dpif.h|9 + lib/dp-packet.h |4 +- lib/dpctl.c | 183 ++ lib/dpctl.man| 31 + lib/dpif-netdev.c| 58 ++ lib/dpif-netlink.c |4 + lib/dpif-provider.h | 13 + lib/flow.c | 23 +- lib/flow.h |3 +- lib/ipf.c| 1253 ++ lib/ipf.h| 73 +++ tests/system-kmod-macros.at | 14 +- tests/system-traffic.at | 36 +- tests/system-userspace-macros.at | 49 +- 19 files changed, 1783 insertions(+), 38 deletions(-) create mode 100644 lib/ipf.c create mode 100644 lib/ipf.h -- 1.9.1 ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev