[ovs-dev] [PATCH 2/2] ovsdb-idl.c: Fix IDL index problem when rows are updated.
In current IDL index code it doesn't updated index when handling
"update2" messages, which is the default case. The consequence
is that when a row is updated, the index is not updated accordingly,
and even worse, it causes crash when calling ovsdb_idl_destroy().
It can be easily reproduced by the test cases added in this patch.
Signed-off-by: Han Zhou
---
lib/ovsdb-idl.c| 2 ++
tests/ovsdb-idl.at | 34 ++
tests/test-ovsdb.c | 22 ++
3 files changed, 46 insertions(+), 12 deletions(-)
diff --git a/lib/ovsdb-idl.c b/lib/ovsdb-idl.c
index 40c29cb..8fdd18f 100644
--- a/lib/ovsdb-idl.c
+++ b/lib/ovsdb-idl.c
@@ -3040,11 +3040,13 @@ ovsdb_idl_modify_row_by_diff(struct ovsdb_idl_row *row,
{
bool changed;
+ovsdb_idl_remove_from_indexes(row);
ovsdb_idl_row_unparse(row);
ovsdb_idl_row_clear_arcs(row, true);
changed = ovsdb_idl_row_apply_diff(row, diff_json,
OVSDB_IDL_CHANGE_MODIFY);
ovsdb_idl_row_parse(row);
+ovsdb_idl_add_to_indexes(row);
return changed;
}
diff --git a/tests/ovsdb-idl.at b/tests/ovsdb-idl.at
index 0143828..8db6aa4 100644
--- a/tests/ovsdb-idl.at
+++ b/tests/ovsdb-idl.at
@@ -1509,16 +1509,21 @@
OVSDB_CHECK_IDL_COMPOUND_INDEX_SINGLE_COLUMN_C([Compound_index, single column te
006: i=19
006: i=20
006: i=54
-007: i=1
-007: i=1
-007: i=2
-007: i=2
-007: i=2
007: i=5
-007: i=10
007: i=19
007: i=20
+007: i=30
007: i=54
+008: i=1
+008: i=1
+008: i=2
+008: i=2
+008: i=2
+008: i=5
+008: i=19
+008: i=20
+008: i=30
+008: i=54
],
[002: i=1 s=List000 b=True r=101.00
002: i=1 s=List001 b=False r=110.00
@@ -1538,16 +1543,21 @@
OVSDB_CHECK_IDL_COMPOUND_INDEX_SINGLE_COLUMN_C([Compound_index, single column te
006: i=20 s=List020 b=True r=220.00
006: i=5 s=List005 b=True r=130.00
006: i=54 s=Lista054 b=False r=0.00
-007: i=1 s=List000 b=True r=101.00
-007: i=1 s=List001 b=False r=110.00
-007: i=10 s=List000 b=True r=110.00
007: i=19 s=List020 b=True r=219.00
-007: i=2 s=List000 b=False r=102.00
-007: i=2 s=List001 b=True r=120.00
-007: i=2 s=List001 b=True r=122.00
007: i=20 s=List020 b=True r=220.00
+007: i=30 s=List000 b=True r=110.00
007: i=5 s=List005 b=True r=130.00
007: i=54 s=Lista054 b=False r=0.00
+008: i=1 s=List000 b=True r=101.00
+008: i=1 s=List001 b=False r=110.00
+008: i=19 s=List020 b=True r=219.00
+008: i=2 s=List000 b=False r=102.00
+008: i=2 s=List001 b=True r=120.00
+008: i=2 s=List001 b=True r=122.00
+008: i=20 s=List020 b=True r=220.00
+008: i=30 s=List000 b=True r=110.00
+008: i=5 s=List005 b=True r=130.00
+008: i=54 s=Lista054 b=False r=0.00
])
# Tests to verify the functionality of two column compound index.
diff --git a/tests/test-ovsdb.c b/tests/test-ovsdb.c
index e4e7d90..7932204 100644
--- a/tests/test-ovsdb.c
+++ b/tests/test-ovsdb.c
@@ -2895,6 +2895,27 @@ test_idl_compound_index_single_column(struct ovsdb_idl
*idl,
myRow->s, myRow->b?"True":"False", myRow->r);
}
+/* Update record i=10 to i=30, make sure index is updated accordingly */
+++step;
+struct idltest_simple *toUpdate;
+toUpdate = idltest_simple_index_init_row(i_index);
+idltest_simple_index_set_i(toUpdate, 10);
+ovs_assert(toUpdate->i == 10);
+myRow = idltest_simple_index_find(i_index, toUpdate);
+ovs_assert(myRow);
+ovs_assert(myRow->i == 10);
+txn = ovsdb_idl_txn_create(idl);
+idltest_simple_set_i(myRow, 30);
+ovsdb_idl_txn_commit_block(txn);
+ovsdb_idl_txn_destroy(txn);
+idltest_simple_index_set_i(to, 60);
+printf("Expected 60, stored %"PRId64"\n", to->i);
+ovs_assert(to->i == 60);
+IDLTEST_SIMPLE_FOR_EACH_RANGE (myRow, from, to, i_index) {
+printf("%03d: i=%"PRId64" s=%s b=%s r=%f\n", step, myRow->i,
+ myRow->s, myRow->b?"True":"False", myRow->r);
+}
+
/* Test special-case range, "from" and "to" are both NULL,
* which is interpreted as the range from -infinity to +infinity. */
++step;
@@ -2908,6 +2929,7 @@ test_idl_compound_index_single_column(struct ovsdb_idl
*idl,
idltest_simple_index_destroy_row(to);
idltest_simple_index_destroy_row(equal);
idltest_simple_index_destroy_row(toDelete);
+idltest_simple_index_destroy_row(toUpdate);
return step;
}
--
2.1.0
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [patch v8 9/9] ipf: Add fragmentation status reporting.
> On Jul 16, 2018, at 4:39 PM, Darrell Ball wrote:
>
> void
> ct_dpif_entry_uninit(struct ct_dpif_entry *entry)
> {
> diff --git a/lib/ct-dpif.h b/lib/ct-dpif.h
> index f886ab9..2ff7e26 100644
> --- a/lib/ct-dpif.h
> +++ b/lib/ct-dpif.h
> @@ -204,6 +204,15 @@ int ct_dpif_get_nconns(struct dpif *dpif, uint32_t
> *nconns);
> int ct_dpif_ipf_set_enabled(struct dpif *, bool v6, bool enable);
> int ct_dpif_ipf_set_min_frag(struct dpif *, bool, uint32_t);
> int ct_dpif_ipf_set_max_nfrags(struct dpif *, uint32_t);
> +int ct_dpif_ipf_get_status(struct dpif *dpif, bool *, unsigned int *,
> + unsigned int *, unsigned int *, unsigned int *,
> + unsigned int *, unsigned int *, unsigned int *,
> + unsigned int *, bool *, unsigned int *,
> + unsigned int *, unsigned int *, unsigned int *,
> + unsigned int *, unsigned int *);
> +int ct_dpif_ipf_dump_start(struct dpif *dpif, struct ipf_dump_ctx **);
On my system, I needed to declare "ipf_dump_ctx" for the build to finish.
> diff --git a/lib/dpctl.c b/lib/dpctl.c
> index 5ec36bd..b3e7ce7 100644
> --- a/lib/dpctl.c
> +++ b/lib/dpctl.c
> ..
> +static int
> +dpctl_ct_ipf_get_status(int argc, const char *argv[],
> +struct dpctl_params *dpctl_p)
> +{
> +struct dpif *dpif;
> +int error = opt_dpif_open(argc, argv, dpctl_p, 3, );
> +if (!error) {
> +bool ipf_v4_enabled;
> +unsigned int min_v4_frag_size;
> +unsigned int nfrag_max;
> +unsigned int nfrag;
> +unsigned int n4frag_accepted;
> +unsigned int n4frag_completed_sent;
> +unsigned int n4frag_expired_sent;
> +unsigned int n4frag_too_small;
> +unsigned int n4frag_overlap;
> +unsigned int min_v6_frag_size;
> +bool ipf_v6_enabled;
> +unsigned int n6frag_accepted;
> +unsigned int n6frag_completed_sent;
> +unsigned int n6frag_expired_sent;
> +unsigned int n6frag_too_small;
> +unsigned int n6frag_overlap;
> +error = ct_dpif_ipf_get_status(dpif, _v4_enabled,
> +_v4_frag_size, _max, , _accepted,
> +_completed_sent, _expired_sent, _too_small,
> +_overlap, _v6_enabled, _v6_frag_size,
> +_accepted, _completed_sent, _expired_sent,
> +_too_small, _overlap);
> +
If we just use 'ipf_status', we can delete a lot of these variable declarations.
> diff --git a/lib/dpif-netdev.c b/lib/dpif-netdev.c
> index 76bc1d9..db551ea 100644
> --- a/lib/dpif-netdev.c
> +++ b/lib/dpif-netdev.c
> @@ -6553,6 +6553,60 @@ dpif_netdev_ipf_set_max_nfrags(struct dpif *dpif
> OVS_UNUSED,
> return ipf_set_max_nfrags(max_frags);
> }
>
> +static int
> +dpif_netdev_ipf_get_status(struct dpif *dpif OVS_UNUSED,
> +bool *ipf_v4_enabled, unsigned int *min_v4_frag_size,
> +unsigned int *nfrag_max, unsigned int *nfrag,
> +unsigned int *n4frag_accepted, unsigned int *n4frag_completed_sent,
> +unsigned int *n4frag_expired_sent, unsigned int *n4frag_too_small,
> +unsigned int *n4frag_overlap, bool *ipf_v6_enabled,
> +unsigned int *min_v6_frag_size, unsigned int *n6frag_accepted,
> +unsigned int *n6frag_completed_sent, unsigned int *n6frag_expired_sent,
> +unsigned int *n6frag_too_small, unsigned int *n6frag_overlap)
> +{
> +struct ipf_status ipf_status;
> +ipf_get_status(_status);
> +*ipf_v4_enabled = ipf_status.ifp_v4_enabled;
> +*min_v4_frag_size = ipf_status.min_v4_frag_size;
> +*nfrag_max = ipf_status.nfrag_max;
> +*nfrag = ipf_status.nfrag;
> +*n4frag_accepted = ipf_status.n4frag_accepted;
> +*n4frag_completed_sent = ipf_status.n4frag_completed_sent;
> +*n4frag_expired_sent = ipf_status.n4frag_expired_sent;
> +*n4frag_too_small = ipf_status.n4frag_too_small;
> +*n4frag_overlap = ipf_status.n4frag_overlap;
> +*ipf_v6_enabled = ipf_status.ifp_v6_enabled;
> +*min_v6_frag_size = ipf_status.min_v6_frag_size;
> +*n6frag_accepted = ipf_status.n6frag_accepted;
> +*n6frag_completed_sent = ipf_status.n6frag_completed_sent;
> +*n6frag_expired_sent = ipf_status.n6frag_expired_sent;
> +*n6frag_too_small = ipf_status.n6frag_too_small;
> +*n6frag_overlap = ipf_status.n6frag_overlap;
> +return 0;
> +}
As, I'll suggest later, this can be reduced to just a couple of lines if
'ipf_status' is passed into this function.
> diff --git a/lib/dpif-provider.h b/lib/dpif-provider.h
> index 214f570..2e0d596 100644
> --- a/lib/dpif-provider.h
> +++ b/lib/dpif-provider.h
> @@ -451,6 +451,22 @@ struct dpif_class {
> int (*ipf_set_min_frag)(struct dpif *, bool v6, uint32_t min_frag);
> /* Set maximum number of fragments tracked. */
> int (*ipf_set_max_nfrags)(struct dpif *, uint32_t max_nfrags);
> +/* Get fragmentation configuration status and counters. */
> +int (*ipf_get_status)(struct dpif *, bool
Re: [ovs-dev] [PATCH 4/8] system-traffic.at: Add gre tunnel test that doesn't depend on upstream gre module
Hi Darrell, Thanks for the review. Will do. Best, Yifeng On Fri, Aug 10, 2018 at 3:12 PM, Darrell Ball wrote: > Thanks Yifeng > > Thanks for switching to use ‘packet-out’. > Patches 4-8 seem like they can be part of the same patch, since they are > closely related. > As discussed, none of the tests pass for Userspace datapath, so maybe you > want to check them out or just disable them for now > > I tested with “Linux ubuntu 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 > 16:08:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux” > Fusion Ubuntu VM > > dball@ubuntu:~/ovs$ time sudo make check-system-userspace > TESTSUITEFLAGS='18-22' -C _gcc > make: Entering directory '/home/dball/ovs/_gcc' > make all-recursive > make[1]: Entering directory '/home/dball/ovs/_gcc' > Making all in datapath > make[2]: Entering directory '/home/dball/ovs/_gcc/datapath' > Making all in linux > make[3]: Entering directory '/home/dball/ovs/_gcc/datapath/linux' > make -C /lib/modules/4.4.0-119-generic/build > M=/home/dball/ovs/_gcc/datapath/linux > modules > make[4]: Entering directory '/usr/src/linux-headers-4.4.0-119-generic' > Building modules, stage 2. > MODPOST 6 modules > make[4]: Leaving directory '/usr/src/linux-headers-4.4.0-119-generic' > make[3]: Leaving directory '/home/dball/ovs/_gcc/datapath/linux' > make[3]: Entering directory '/home/dball/ovs/_gcc/datapath' > make[3]: Leaving directory '/home/dball/ovs/_gcc/datapath' > make[2]: Leaving directory '/home/dball/ovs/_gcc/datapath' > make[2]: Entering directory '/home/dball/ovs/_gcc' > make[3]: Entering directory '/home/dball/ovs/_gcc/datapath' > make[3]: 'distfiles' is up to date. > make[3]: Leaving directory '/home/dball/ovs/_gcc/datapath' > make[2]: Leaving directory '/home/dball/ovs/_gcc' > make[1]: Leaving directory '/home/dball/ovs/_gcc' > set /bin/bash '../tests/system-userspace-testsuite' -C tests > AUTOTEST_PATH='utilities:vswitchd:ovsdb:vtep:tests::: > ovn/controller-vtep:ovn/northd:ovn/utilities:ovn/controller' 18-22 -j1; \ > "$@" || (test X'' = Xyes && "$@" --recheck) > ## --- ## > ## openvswitch 2.10.90 test suite. ## > ## --- ## > > datapath-sanity > > 18: datapath - ping over gre tunnel by simulated packets FAILED ( > system-traffic.at:615) > 19: datapath - ping over erspan v1 tunnel by simulated packets FAILED ( > system-traffic.at:659) > 20: datapath - ping over erspan v2 tunnel by simulated packets FAILED ( > system-traffic.at:706) > 21: datapath - ping over ip6erspan v1 tunnel by simulated packets FAILED ( > system-traffic.at:754) > 22: datapath - ping over ip6erspan v2 tunnel by simulated packets FAILED ( > system-traffic.at:804) > > ## - ## > ## Test results. ## > ## - ## > > ERROR: All 5 tests were run, > 5 failed unexpectedly. > ## --- ## > ## system-userspace-testsuite.log was created. ## > ## --- ## > > > The kmod tests all pass now and they are a little faster now, but still > slow > > et /bin/bash '../tests/system-kmod-testsuite' -C tests > AUTOTEST_PATH='utilities:vswitchd:ovsdb:vtep:tests::: > ovn/controller-vtep:ovn/northd:ovn/utilities:ovn/controller' 18 -j1; \ > "$@" || (test X'' = Xyes && "$@" --recheck) > ## --- ## > ## openvswitch 2.10.90 test suite. ## > ## --- ## > 18: datapath - ping over gre tunnel by simulated packets ok > > ## - ## > ## Test results. ## > ## - ## > > 1 test was successful. > make[1]: Leaving directory '/home/dball/ovs/_gcc' > make: Leaving directory '/home/dball/ovs/_gcc' > > real1m32.789s > user0m3.396s > sys 0m0.872s > > > Thanks Darrell > > > > > > > On 8/8/18, 4:35 PM, "ovs-dev-boun...@openvswitch.org on behalf of Yifeng > Sun" > wrote: > > Introduce a new test that doesn't setup native gre tunnels but sends > simulated raw packets. > This test is supposed to only run for kernel version from 4.4.x to > 4.15.x. > > Signed-off-by: Yifeng Sun > --- > tests/system-traffic.at | 47 ++ > + > 1 file changed, 47 insertions(+) > > diff --git a/tests/system-traffic.at b/tests/system-traffic.at > index cf53c10..dca2bc8 100644 > --- a/tests/system-traffic.at > +++ b/tests/system-traffic.at > @@ -575,6 +575,53 @@ NS_CHECK_EXEC([at_ns0], [ping -s 3200 -q -c 3 -i > 0.3 -w 2 10.1.1.100 | FORMAT_PI > OVS_TRAFFIC_VSWITCHD_STOP > AT_CLEANUP > > +AT_SETUP([datapath - ping over gre tunnel by simulated packets]) > +OVS_CHECK_KERNEL(4, 4, 15) > + > +OVS_TRAFFIC_VSWITCHD_START() > + > +AT_CHECK([ovs-vsctl -- set bridge br0 other-config:hwaddr=\"f2:ff: > 00:00:00:01\"]) > +ADD_BR([br-underlay], [set bridge br-underlay > other-config:hwaddr=\"f2:ff:00:00:00:02\"]) > + > +AT_CHECK([ovs-ofctl add-flow br0 "actions=normal"]) >
Re: [ovs-dev] [PATCH v1] ovs-testcontroller: Added section for runtime managment commands
Thanks for the review. I will send a v2 patch with your suggestions. On Tue, Aug 7, 2018 at 4:06 PM, Ben Pfaff wrote: > On Mon, Aug 06, 2018 at 05:21:37PM -0700, Ashish Varma wrote: > > Even though there are no runtime management commands supported by > > ovs-testcontroller, the '--unixctl' section of the man page refers to > > 'RUNTIME MANAGEMENT COMMANDS'. This message which refers to the runtime > > management commands section is common for all '--unixctl' option. > > (via 'lib/unixctl.man') > > > > Added an empty section in the man page for 'RUNTIME MANAGEMENT COMMANDS' > to > > avoid confusion to the reader of the man page. > > > > Signed-off-by: Ashish Varma > > Thanks for improving the OVS documentation! > > However, unixctl is useless if there are no commands. It's probably > better to remove the support for it. > > Thanks, > > Ben. > ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH 4/8] system-traffic.at: Add gre tunnel test that doesn't depend on upstream gre module
Thanks Yifeng Thanks for switching to use ‘packet-out’. Patches 4-8 seem like they can be part of the same patch, since they are closely related. As discussed, none of the tests pass for Userspace datapath, so maybe you want to check them out or just disable them for now I tested with “Linux ubuntu 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux” Fusion Ubuntu VM dball@ubuntu:~/ovs$ time sudo make check-system-userspace TESTSUITEFLAGS='18-22' -C _gcc make: Entering directory '/home/dball/ovs/_gcc' make all-recursive make[1]: Entering directory '/home/dball/ovs/_gcc' Making all in datapath make[2]: Entering directory '/home/dball/ovs/_gcc/datapath' Making all in linux make[3]: Entering directory '/home/dball/ovs/_gcc/datapath/linux' make -C /lib/modules/4.4.0-119-generic/build M=/home/dball/ovs/_gcc/datapath/linux modules make[4]: Entering directory '/usr/src/linux-headers-4.4.0-119-generic' Building modules, stage 2. MODPOST 6 modules make[4]: Leaving directory '/usr/src/linux-headers-4.4.0-119-generic' make[3]: Leaving directory '/home/dball/ovs/_gcc/datapath/linux' make[3]: Entering directory '/home/dball/ovs/_gcc/datapath' make[3]: Leaving directory '/home/dball/ovs/_gcc/datapath' make[2]: Leaving directory '/home/dball/ovs/_gcc/datapath' make[2]: Entering directory '/home/dball/ovs/_gcc' make[3]: Entering directory '/home/dball/ovs/_gcc/datapath' make[3]: 'distfiles' is up to date. make[3]: Leaving directory '/home/dball/ovs/_gcc/datapath' make[2]: Leaving directory '/home/dball/ovs/_gcc' make[1]: Leaving directory '/home/dball/ovs/_gcc' set /bin/bash '../tests/system-userspace-testsuite' -C tests AUTOTEST_PATH='utilities:vswitchd:ovsdb:vtep:tests:::ovn/controller-vtep:ovn/northd:ovn/utilities:ovn/controller' 18-22 -j1; \ "$@" || (test X'' = Xyes && "$@" --recheck) ## --- ## ## openvswitch 2.10.90 test suite. ## ## --- ## datapath-sanity 18: datapath - ping over gre tunnel by simulated packets FAILED (system-traffic.at:615) 19: datapath - ping over erspan v1 tunnel by simulated packets FAILED (system-traffic.at:659) 20: datapath - ping over erspan v2 tunnel by simulated packets FAILED (system-traffic.at:706) 21: datapath - ping over ip6erspan v1 tunnel by simulated packets FAILED (system-traffic.at:754) 22: datapath - ping over ip6erspan v2 tunnel by simulated packets FAILED (system-traffic.at:804) ## - ## ## Test results. ## ## - ## ERROR: All 5 tests were run, 5 failed unexpectedly. ## --- ## ## system-userspace-testsuite.log was created. ## ## --- ## The kmod tests all pass now and they are a little faster now, but still slow et /bin/bash '../tests/system-kmod-testsuite' -C tests AUTOTEST_PATH='utilities:vswitchd:ovsdb:vtep:tests:::ovn/controller-vtep:ovn/northd:ovn/utilities:ovn/controller' 18 -j1; \ "$@" || (test X'' = Xyes && "$@" --recheck) ## --- ## ## openvswitch 2.10.90 test suite. ## ## --- ## 18: datapath - ping over gre tunnel by simulated packets ok ## - ## ## Test results. ## ## - ## 1 test was successful. make[1]: Leaving directory '/home/dball/ovs/_gcc' make: Leaving directory '/home/dball/ovs/_gcc' real1m32.789s user0m3.396s sys 0m0.872s Thanks Darrell On 8/8/18, 4:35 PM, "ovs-dev-boun...@openvswitch.org on behalf of Yifeng Sun" wrote: Introduce a new test that doesn't setup native gre tunnels but sends simulated raw packets. This test is supposed to only run for kernel version from 4.4.x to 4.15.x. Signed-off-by: Yifeng Sun --- tests/system-traffic.at | 47 +++ 1 file changed, 47 insertions(+) diff --git a/tests/system-traffic.at b/tests/system-traffic.at index cf53c10..dca2bc8 100644 --- a/tests/system-traffic.at +++ b/tests/system-traffic.at @@ -575,6 +575,53 @@ NS_CHECK_EXEC([at_ns0], [ping -s 3200 -q -c 3 -i 0.3 -w 2 10.1.1.100 | FORMAT_PI OVS_TRAFFIC_VSWITCHD_STOP AT_CLEANUP +AT_SETUP([datapath - ping over gre tunnel by simulated packets]) +OVS_CHECK_KERNEL(4, 4, 15) + +OVS_TRAFFIC_VSWITCHD_START() + +AT_CHECK([ovs-vsctl -- set bridge br0 other-config:hwaddr=\"f2:ff:00:00:00:01\"]) +ADD_BR([br-underlay], [set bridge br-underlay other-config:hwaddr=\"f2:ff:00:00:00:02\"]) + +AT_CHECK([ovs-ofctl add-flow br0 "actions=normal"]) +AT_CHECK([ovs-ofctl add-flow br-underlay "actions=normal"]) + +ADD_NAMESPACES(at_ns0) + +dnl Set up underlay link from host into the namespace using veth pair. +ADD_VETH(p0, at_ns0, br-underlay, "172.31.1.1/24", f2:ff:00:00:00:03) +AT_CHECK([ip addr add dev br-underlay "172.31.1.100/24"]) +AT_CHECK([ip link set dev br-underlay
[ovs-dev] Investment opportunity
Greetings, I am contacting you for an opportunity to invest in any profitable business in your country. We also offer a quick loan at low interest rate, please reply on my private e-mail: hsbcpeterw...@gmail.com Sincerely: Peter Wong This email was sent by the shareware version of Postman Professional. ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH v5 3/6] debian and rhel: Create IPsec package.
Hi Aaron,
Thanks for the feedback!
On Fri, Aug 10, 2018 at 12:03 PM, Aaron Conole wrote:
>
> Ben Pfaff writes:
>
> > On Thu, Aug 09, 2018 at 06:31:31PM -0400, Aaron Conole wrote:
> >> Ben Pfaff writes:
> >>
> >> > On Thu, Aug 09, 2018 at 12:40:39PM -0700, Ansis Atteka wrote:
> >> >> On Tue, 7 Aug 2018 at 09:43, Qiuyu Xiao
> >> >> wrote:
> >> >> >
> >> >> > Added rules and files to create debian and rpm ovs-ipsec packages.
> >> >> >
> >> >> > Signed-off-by: Qiuyu Xiao
> >> >> > Signed-off-by: Ansis Atteka
> >> >> > Co-authored-by: Ansis Atteka
> >> >>
> >> >> Did you test this patch on Fedora with SElinux enabled?
> >> >> ovs-monitor-ipsec daemon fails to start. You need to create SElinux
> >> >> policy too:
> >> >
>
> Looking at the documentation and playing around here are my thoughts:
>
> 1. We probably can squelch the .local and ldconfig AVCs that pop out.
> These seem to be related more to the python environment of the ipsec
> monitor.
>
> dontaudit openvswitch_t gconf_home_t:dir { search };
> dontaudit openvswitch_t ldconfig_exec_t:file { execute };
>
> I don't think there's any harm in them, so the above would simply keep
> the alert log quiet.
>
> 2. The actual ipsec side seems a bit more complicated.
>
> Since the openvswitch-ipsec daemon writes configurations to /etc, it
> would be best to build a transition domain that has the ability just to
> modify those files and start the ipsec daemon. I'm not sure it makes
> sense to allow openvswitch_t domain to write to all of /etc. We can
> certainly grant that for now and make the transition domain something to
> do in the future. I'll write that policy up and send it out (but it's a
> bit bigger - even the non-domain transition one - just because of the
> extra headache to allow /etc access).
The openvswitch-ipsec directly changes `/etc/ipsec.conf` and
`/etc/ipsec.secrects`, and uses `certutil` command to access NSS db
files in `/etc/ipsec.d/` directory. Can we only grant SELinux
permissions to those files?
>
> On the other hand, it might be possible to use an existing ipsec service
> and use the ipsec dbus interface. Can you take a look to see if we
> could integrate that by default and fall back to the manual monitoring
> mode. That would be my preferred solution (but I don't know if it has
> all of the support needed). The selinux policy for that is much simpler
> as well (just a few macros).
LibreSwan wiki says that the dbus API is still under development.
Currently, openvswitch-ipsec daemon use `ipsec` command to communicate
with LibreSwan IPsec service.
-Qiuyu
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH v4 0/2] Partial cluster support in Python IDL client
Acked-by: Mark Michelson Looks like you may have fixed an existing bug or two with this series, too. On 08/07/2018 07:37 AM, nusid...@redhat.com wrote: From: Numan Siddique Python IDL library is lacking the functionality to connect to the clustered db servers by providing multiple remotes (like - "tcp:10.0.0.1:6641, tcp:10.0.0.2:6641, tcp:10.0.0.3:6641") in the connection string. This patch adds this functionality to the python idl library. It still lacks the feature to connect to the master of the cluster. To add this - python idl client should monitor and read the '_Server' schema - connect to the master of the cluster. I will submit the patch once that is ready. But for now I think this is good enough for the clients to connect to the cluster dbs. v3 -> v4 p1 -> As per Ben's suggestion, used the select.poll() to know the connection status. In case eventlet/gevent is used and select.poll is monkey patched, then get the original select.poll() using eventlet.patcher.original/gevent.monkey.get_original functions. v2 -> v3 Addressed the review comments from Ben to parse the remote in db/idl.py v1 -> v2 Deleted the debug code which I forgot to cleanup when sending v1. Numan Siddique (2): ovs python: ovs.stream.open_block() returns success even if the remote is unreachable python jsonrpc: Allow jsonrpc_session to have more than one remote. python/ovs/db/idl.py | 20 ++- python/ovs/jsonrpc.py | 39 +- python/ovs/poller.py | 34 +-- python/ovs/socket_util.py | 6 ++-- python/ovs/stream.py | 11 -- tests/automake.mk | 1 + tests/ovsdb-idl.at| 70 +++ tests/test-ovsdb.py | 13 ++-- tests/test-stream.py | 32 ++ 9 files changed, 208 insertions(+), 18 deletions(-) create mode 100644 tests/test-stream.py ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] I AM WAITING FOR YOUR REPLY.
Hello My Dear, How are you doing today?I know that this message will come to you as a surprise as we have never meet or seen each other before,I am Barrister John Philips,The late Thomas Rhode retained my services during his lifetime.I therefore write to inform you that my deceased client, listed you as one of the beneficiaries to his Estate. Thomas Rhode died on 8th day of February 2011 after a brief illness at the age of 89. Until his death he was consultant to several oil and gas industries. He was a knight in the Church and belonged to several non-governmental and scientific organizations. He was also great philanthropist and a Paul Harris Fellow of the Rotary Club International. In accordance with our UK inheritance laws you are required to apply for claims through . I am perfecting arrangements to complete the transfer of this inheritance to you. As a matter of fact ,You are hereby required to forward the following details of yours; Identification, Full Names, Contact address, Occupation, age, phone/mobile and fax numbers for verification and re-confirmation. Please acknowledge the receipt of this letter immediately. Best regards, Barrister John Philips (Esq) ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH v3] checkpatch: Improve accuracy and specificity of sign-off checking.
This also makes a start at a testsuite for checkpatch.
CC: Aaron Conole
Signed-off-by: Ben Pfaff
---
v1->v2: Fix case where there's no committer and add test for it.
v2->v3: Fix my misconceptions about "git log" patch formatting.
tests/automake.mk | 1 +
tests/checkpatch.at | 158
tests/testsuite.at | 1 +
utilities/checkpatch.py | 70 ++---
4 files changed, 220 insertions(+), 10 deletions(-)
create mode 100644 tests/checkpatch.at
diff --git a/tests/automake.mk b/tests/automake.mk
index 8224e5a4a22d..01f5077cd6ef 100644
--- a/tests/automake.mk
+++ b/tests/automake.mk
@@ -24,6 +24,7 @@ COMMON_MACROS_AT = \
TESTSUITE_AT = \
tests/testsuite.at \
tests/completion.at \
+ tests/checkpatch.at \
tests/library.at \
tests/heap.at \
tests/bundle.at \
diff --git a/tests/checkpatch.at b/tests/checkpatch.at
new file mode 100644
index ..bcfb753784ca
--- /dev/null
+++ b/tests/checkpatch.at
@@ -0,0 +1,158 @@
+AT_BANNER([checkpatch])
+
+OVS_START_SHELL_HELPERS
+# try_checkpatch PATCH [ERRORS]
+#
+# Runs checkpatch under Python 2 and Python 3, if installed, on the given
+# PATCH, expecting the specified set of ERRORS (and warnings).
+try_checkpatch() {
+AT_SKIP_IF([test $HAVE_PYTHON2 = no && test $HAVE_PYTHON3 = no])
+# Take the patch to test from $1. Remove an initial four-space indent
+# from it and, if it is just headers with no body, add a null body.
+echo "$1" | sed 's/^//' > test.patch
+if grep '---' expout >/dev/null 2>&1; then :
+else
+printf '\n---\n' >> test.patch
+fi
+
+# Take expected output from $2.
+if test -n "$2"; then
+echo "$2" | sed 's/^//' > expout
+else
+: > expout
+fi
+
+try_checkpatch__ "$HAVE_PYTHON2" "$PYTHON2"
+try_checkpatch__ "$HAVE_PYTHON3" "$PYTHON3"
+}
+try_checkpatch__() {
+if test $1 = no; then
+:
+elif test -s expout; then
+AT_CHECK([$2 $top_srcdir/utilities/checkpatch.py -q test.patch],
+ [255], [stdout])
+AT_CHECK([sed '/^Lines checked:/,$d' stdout], [0], [expout])
+else
+AT_CHECK([$2 $top_srcdir/utilities/checkpatch.py -q test.patch])
+fi
+}
+OVS_END_SHELL_HELPERS
+
+AT_SETUP([checkpatch - sign-offs])
+
+# Sign-off for single author who is also the committer.
+try_checkpatch \
+ "Author: A
+Commit: A
+
+Signed-off-by: A"
+try_checkpatch \
+ "Author: A
+Commit: A" \
+ "ERROR: Author A needs to sign off."
+
+# Sign-off for single author and different committer.
+try_checkpatch \
+ "Author: A
+Commit: B
+
+Signed-off-by: A
+Signed-off-by: B"
+try_checkpatch \
+ "Author: A
+Commit: B" \
+ "ERROR: Author A needs to sign off.
+ERROR: Committer B needs to sign off."
+
+# Sign-off for multiple authors with one author also the committer.
+try_checkpatch \
+ "Author: A
+Commit: A
+
+Signed-off-by: A
+Co-authored-by: B
+Signed-off-by: B"
+try_checkpatch \
+ "Author: A
+Commit: A
+
+Co-authored-by: B
+Signed-off-by: B" \
+ "ERROR: Author A needs to sign off."
+try_checkpatch \
+ "Author: A
+Commit: A
+
+Signed-off-by: A
+Co-authored-by: B" \
+ "ERROR: Co-author B needs to sign off."
+try_checkpatch \
+ "Author: A
+Commit: A
+
+Co-authored-by: B" \
+ "ERROR: Author A needs to sign off.
+ERROR: Co-author B needs to sign off."
+
+# Sign-off for multiple authors and separate committer.
+try_checkpatch \
+ "Author: A
+Commit: C
+
+Signed-off-by: A
+Co-authored-by: B
+Signed-off-by: B
+Signed-off-by: C"
+try_checkpatch \
+ "Author: A
+Commit: C
+
+Signed-off-by: A
+Co-authored-by: B
+Signed-off-by: B" \
+ "ERROR: Committer C needs to sign off."
+
+# Extra sign-offs:
+#
+#- If we know the committer, one extra sign-off raises a warning.
+#
+#- If we do not know the committer, two extra sign-offs raise a warning.
+try_checkpatch \
+ "Author: A
+Commit: C
+
+Signed-off-by: A
+Co-authored-by: B
+Signed-off-by: B
+Signed-off-by: C
+Signed-off-by: D" \
+ "WARNING: Unexpected sign-offs from developers who are not authors or
co-authors or committers: D"
+try_checkpatch \
+ "Author: A
+
+Signed-off-by: A
+Co-authored-by: B
+Signed-off-by: B
+Signed-off-by: C"
+try_checkpatch \
+ "Author: A
+
+Signed-off-by: A
+Co-authored-by: B
+Signed-off-by: B
+Signed-off-by: C
+Signed-off-by: D" \
+ "WARNING: Unexpected sign-offs from developers who are not authors or
co-authors or committers: C, D"
+
+# Missing committer is OK, missing author is an error.
+try_checkpatch \
+ "Author: A
+
+Signed-off-by: A"
+try_checkpatch \
+ "Commit: A
+
+Signed-off-by: A" \
+ "ERROR: Patch lacks author."
+
+AT_CLEANUP
diff --git a/tests/testsuite.at b/tests/testsuite.at
index 15c385e2cddb..690904e30881
[ovs-dev] OVS userspace not working with iperf
I am using openvswitch in userspace. Below are my setup: Ubuntu 16.04.5 LTS Openswitch-2.5.5 Namespace h1 - Host 1 Namespace h2 - Host 2 Created bridge s1 with option datapath_tye=netdev Added ports eth1 and eth2 to the bridge I can ping between h1 and h2. I can see the flows being installed on the flow table. But when I use iperf it does not connect between h1 and h2. I noticed the following in ovs-vswitchd.log. 2018-08-10T19:38:23.084Z|00243|netdev_linux|WARN|error sending Ethernet packet on s1: Input/output error 2018-08-10T19:38:23.308Z|00244|netdev_linux|WARN|error sending Ethernet packet on s1: Input/output error 2018-08-10T19:38:23.404Z|00245|netdev_linux|WARN|error sending Ethernet packet on s1: Input/output error 2018-08-10T19:38:23.468Z|00246|netdev_linux|WARN|error sending Ethernet packet on s1: Input/output error 2018-08-10T19:38:24.108Z|00247|netdev_linux|WARN|error sending Ethernet packet on s1: Input/output error 2018-08-10T19:38:24.108Z|00248|netdev_linux|WARN|error sending Ethernet packet on s1: Input/output error 2018-08-10T19:38:24.492Z|00249|netdev_linux|WARN|error sending Ethernet packet on s1: Input/output error 2018-08-10T19:38:24.492Z|00250|netdev_linux|WARN|error sending Ethernet packet on s1: Input/output error 2018-08-10T19:38:24.620Z|00251|netdev_linux|WARN|error sending Ethernet packet on s1: Input/output error 2018-08-10T19:38:25.484Z|00252|netdev_linux|WARN|error sending Ethernet packet on s1: Input/output error 2018-08-10T19:38:28.460Z|00253|netdev_linux|WARN|error sending Ethernet packet on s1: Input/output error 2018-08-10T19:38:28.972Z|00254|netdev_linux|WARN|error sending Ethernet packet on s1: Input/output error 2018-08-10T19:38:32.720Z|00255|connmgr|INFO|s1<->tcp:127.0.0.1:6653: 1 flow_mods 10 s ago (1 adds) 2018-08-10T19:38:37.420Z|00256|netdev_linux|WARN|error sending Ethernet packet on s1: Input/output error 2018-08-10T19:38:37.676Z|00257|netdev_linux|WARN|error sending Ethernet packet on s1: Input/output error 2018-08-10T19:38:39.279Z|00258|netdev_linux|WARN|error sending Ethernet packet on s1: Input/output error 2018-08-10T19:38:53.805Z|00259|netdev_linux|WARN|error sending Ethernet packet on s1: Input/output error 2018-08-10T19:38:54.573Z|00260|netdev_linux|WARN|error sending Ethernet packet on s1: Input/output error 2018-08-10T19:39:27.341Z|00261|netdev_linux|WARN|error sending Ethernet packet on s1: Input/output error 2018-08-10T19:39:29.389Z|00262|netdev_linux|WARN|error sending Ethernet packet on s1: Input/output error 2018-08-10T19:39:32.720Z|00263|connmgr|INFO|s1<->tcp:127.0.0.1:6653: 6 flow_mods in the 14 s starting 53 s ago (6 adds) 2018-08-10T19:40:36.972Z|00264|netdev_linux|WARN|error sending Ethernet packet on s1: Input/output error 2018-08-10T19:40:36.972Z|00265|netdev_linux|WARN|error sending Ethernet packet on s1: Input/output error 2018-08-10T19:40:47.447Z|00266|connmgr|INFO|s1<->tcp:127.0.0.1:6653: 5 flow_mods in the 6 s starting 10 s ago (5 adds) 2018-08-10T19:41:47.448Z|00267|connmgr|INFO|s1<->tcp:127.0.0.1:6653: 1 flow_mods 54 s ago (1 adds) 2018-08-10T19:43:08.524Z|00268|netdev_linux|WARN|error sending Ethernet packet on s1: Input/output error 2018-08-10T19:43:08.524Z|00269|netdev_linux|WARN|error sending Ethernet packet on s1: Input/output error 2018-08-10T19:47:47.052Z|00270|netdev_linux|WARN|error sending Ethernet packet on s1: Input/output error 2018-08-10T19:47:47.052Z|00271|netdev_linux|WARN|error sending Ethernet packet on s1: Input/output error ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH] checkpatch: Improve accuracy and specificity of sign-off checking.
On Fri, Aug 10, 2018 at 03:13:18PM -0400, Aaron Conole wrote:
> Aaron Conole writes:
>
> > Ben Pfaff writes:
> >
> >> This also makes a start at a testsuite for checkpatch.
> >>
> >> CC: Aaron Conole
> >> Signed-off-by: Ben Pfaff
> >> ---
> >
> > I think it's close, but I still get this sort of error:
> >
> > 03:07:46 aconole {ipsec_selinux} ~/git/ovs$ ./utilities/checkpatch.py -1
> > == Checking fa10857dafcc ("checkpatch: Improve accuracy and
> > specificity of sign-off checking.") ==
> > ERROR: Committer None needs to sign off.
> > Lines checked: 268, Warnings: 0, Errors: 1
> >
>
> Actually, it was correct - I did forget to sign off. However, even when
> I do, I see:
>
> WARNING: Unexpected sign-offs from developers who are not authors or
> co-authors or committers: Aaron Conole
Oh, oops. I'll send v3.
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH] checkpatch: Improve accuracy and specificity of sign-off checking.
On Fri, Aug 10, 2018 at 03:09:18PM -0400, Aaron Conole wrote:
> Ben Pfaff writes:
>
> > This also makes a start at a testsuite for checkpatch.
> >
> > CC: Aaron Conole
> > Signed-off-by: Ben Pfaff
> > ---
>
> I think it's close, but I still get this sort of error:
>
> 03:07:46 aconole {ipsec_selinux} ~/git/ovs$ ./utilities/checkpatch.py -1
> == Checking fa10857dafcc ("checkpatch: Improve accuracy and specificity of
> sign-off checking.") ==
> ERROR: Committer None needs to sign off.
> Lines checked: 268, Warnings: 0, Errors: 1
Thanks for the report, I sent v2 that fixes it and adds a test for that
case:
https://patchwork.ozlabs.org/patch/956461/
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH v2] checkpatch: Improve accuracy and specificity of sign-off checking.
This also makes a start at a testsuite for checkpatch.
CC: Aaron Conole
Signed-off-by: Ben Pfaff
---
v1->v2: Fix case where there's no committer and add test for it.
tests/automake.mk | 1 +
tests/checkpatch.at | 139
tests/testsuite.at | 1 +
utilities/checkpatch.py | 58
4 files changed, 190 insertions(+), 9 deletions(-)
create mode 100644 tests/checkpatch.at
diff --git a/tests/automake.mk b/tests/automake.mk
index 8224e5a4a22d..01f5077cd6ef 100644
--- a/tests/automake.mk
+++ b/tests/automake.mk
@@ -24,6 +24,7 @@ COMMON_MACROS_AT = \
TESTSUITE_AT = \
tests/testsuite.at \
tests/completion.at \
+ tests/checkpatch.at \
tests/library.at \
tests/heap.at \
tests/bundle.at \
diff --git a/tests/checkpatch.at b/tests/checkpatch.at
new file mode 100644
index ..81e0fc0a7e50
--- /dev/null
+++ b/tests/checkpatch.at
@@ -0,0 +1,139 @@
+AT_BANNER([checkpatch])
+
+OVS_START_SHELL_HELPERS
+# try_checkpatch PATCH [ERRORS]
+#
+# Runs checkpatch under Python 2 and Python 3, if installed, on the given
+# PATCH, expecting the specified set of ERRORS (and warnings).
+try_checkpatch() {
+AT_SKIP_IF([test $HAVE_PYTHON2 = no && test $HAVE_PYTHON3 = no])
+# Take the patch to test from $1. Remove an initial four-space indent
+# from it and, if it is just headers with no body, add a null body.
+echo "$1" | sed 's/^//' > test.patch
+if grep '---' expout >/dev/null 2>&1; then :
+else
+printf '\n---\n' >> test.patch
+fi
+
+# Take expected output from $2.
+if test -n "$2"; then
+echo "$2" | sed 's/^//' > expout
+else
+: > expout
+fi
+
+try_checkpatch__ "$HAVE_PYTHON2" "$PYTHON2"
+try_checkpatch__ "$HAVE_PYTHON3" "$PYTHON3"
+}
+try_checkpatch__() {
+if test $1 = no; then
+:
+elif test -s expout; then
+AT_CHECK([$2 $top_srcdir/utilities/checkpatch.py -q test.patch],
+ [255], [stdout])
+AT_CHECK([sed '/^Lines checked:/,$d' stdout], [0], [expout])
+else
+AT_CHECK([$2 $top_srcdir/utilities/checkpatch.py -q test.patch])
+fi
+}
+OVS_END_SHELL_HELPERS
+
+AT_SETUP([checkpatch - sign-offs])
+
+# Sign-off for single author who is also the committer.
+try_checkpatch \
+ "Author: A
+Committer: A
+
+Signed-off-by: A"
+try_checkpatch \
+ "Author: A
+Committer: A" \
+ "ERROR: Author A needs to sign off."
+
+# Sign-off for single author and different committer.
+try_checkpatch \
+ "Author: A
+Committer: B
+
+Signed-off-by: A
+Signed-off-by: B"
+try_checkpatch \
+ "Author: A
+Committer: B" \
+ "ERROR: Author A needs to sign off.
+ERROR: Committer B needs to sign off."
+
+# Sign-off for multiple authors with one author also the committer.
+try_checkpatch \
+ "Author: A
+Committer: A
+
+Signed-off-by: A
+Co-authored-by: B
+Signed-off-by: B"
+try_checkpatch \
+ "Author: A
+Committer: A
+
+Co-authored-by: B
+Signed-off-by: B" \
+ "ERROR: Author A needs to sign off."
+try_checkpatch \
+ "Author: A
+Committer: A
+
+Signed-off-by: A
+Co-authored-by: B" \
+ "ERROR: Co-author B needs to sign off."
+try_checkpatch \
+ "Author: A
+Committer: A
+
+Co-authored-by: B" \
+ "ERROR: Author A needs to sign off.
+ERROR: Co-author B needs to sign off."
+
+# Sign-off for multiple authors and separate committer.
+try_checkpatch \
+ "Author: A
+Committer: C
+
+Signed-off-by: A
+Co-authored-by: B
+Signed-off-by: B
+Signed-off-by: C"
+try_checkpatch \
+ "Author: A
+Committer: C
+
+Signed-off-by: A
+Co-authored-by: B
+Signed-off-by: B" \
+ "ERROR: Committer C needs to sign off."
+
+# Extra sign-offs.
+try_checkpatch \
+ "Author: A
+Committer: C
+
+Signed-off-by: A
+Co-authored-by: B
+Signed-off-by: B
+Signed-off-by: C
+Signed-off-by: D
+Signed-off-by: E" \
+ "WARNING: Unexpected sign-offs from developers who are not authors or
co-authors or committers: D, E"
+
+# Missing committer is OK, missing author is an error.
+try_checkpatch \
+ "Author: A
+
+Signed-off-by: A"
+try_checkpatch \
+ "Committer: A
+
+Signed-off-by: A" \
+ "ERROR: Patch lacks author."
+
+AT_CLEANUP
diff --git a/tests/testsuite.at b/tests/testsuite.at
index 15c385e2cddb..690904e30881 100644
--- a/tests/testsuite.at
+++ b/tests/testsuite.at
@@ -21,6 +21,7 @@ m4_include([tests/ovsdb-macros.at])
m4_include([tests/ofproto-macros.at])
m4_include([tests/completion.at])
+m4_include([tests/checkpatch.at])
m4_include([tests/bfd.at])
m4_include([tests/cfm.at])
m4_include([tests/lacp.at])
diff --git a/utilities/checkpatch.py b/utilities/checkpatch.py
index b2f27f5b7dd1..ee4e8855988b 100755
--- a/utilities/checkpatch.py
+++ b/utilities/checkpatch.py
@@ -668,7 +668,7 @@ def run_file_checks(text):
[ovs-dev] [PATCH] ofp-group: Fix memory leak in error cases parsing group requests.
Reported-at: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9424#c4
Signed-off-by: Ben Pfaff
---
lib/ofp-group.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/lib/ofp-group.c b/lib/ofp-group.c
index f6e5242f5244..62cab725efb5 100644
--- a/lib/ofp-group.c
+++ b/lib/ofp-group.c
@@ -1748,7 +1748,7 @@ ofputil_decode_ofp15_group_desc_reply(struct
ofputil_group_desc *gd,
msg, gd->type, OFPGC15_ADD, >props,
length - sizeof *ogds - bucket_list_len);
if (error) {
-ofputil_bucket_list_destroy(>buckets);
+ofputil_uninit_group_desc(gd);
}
return error;
}
@@ -2173,7 +2173,7 @@ ofputil_pull_ofp15_group_mod(struct ofpbuf *msg, enum
ofp_version ofp_version,
error = parse_ofp15_group_properties(msg, gm->type, gm->command,
>props, msg->size);
if (error) {
-ofputil_bucket_list_destroy(>buckets);
+ofputil_uninit_group_mod(gm);
}
return error;
}
--
2.16.1
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH] ofp-port: Fix null dereference parsing Intel custom statistics.
Reported-at: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9788
Fixes: 7333c3b1ce02 ("ofp-port: Fix buffer overread parsing Intel custom
statistics.")
Signed-off-by: Ben Pfaff
---
lib/ofp-port.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/ofp-port.c b/lib/ofp-port.c
index 2c812f8ecfa3..8d882a14b4df 100644
--- a/lib/ofp-port.c
+++ b/lib/ofp-port.c
@@ -1616,7 +1616,7 @@ parse_intel_port_custom_property(struct ofpbuf *payload,
/* Counter name. */
uint8_t *name_len = ofpbuf_try_pull(payload, sizeof *name_len);
-char *name = ofpbuf_try_pull(payload, *name_len);
+char *name = name_len ? ofpbuf_try_pull(payload, *name_len) : NULL;
if (!name_len || !name) {
return OFPERR_OFPBPC_BAD_LEN;
}
--
2.16.1
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] OVN/OVS split: OVN mailing list?
On Fri, Aug 10, 2018 at 11:02 AM, Ben Pfaff wrote: > On Fri, Aug 10, 2018 at 01:52:43PM -0400, Mark Michelson wrote: > > A topic that's come up from time to time for a while now is splitting OVN > > out of the OVS source and into a separate project. Based on discussions > in > > recent OVN IRC meetings, it seems like this will start actually happening > > sometime soon. > > > > Before starting in-depth technical discussions on this list or the > ovs-dev > > list, I'm curious if people would be interested in splitting off a > separate > > OVN list for this and future OVN-related discussions? I can see merits of > > keeping discussions on this list and of starting a new one, so I'm > > interested in what others think about the matter. > > I think it's a reasonable idea. > ___ > dev mailing list > d...@openvswitch.org > https://mail.openvswitch.org/mailman/listinfo/ovs-dev > I will probably put them in same folder of my inbox even if they were split, so it doesn't matter much as a receiver. As a sender I think it is ok to split as long as most emails only need to be sent to one of the lists. ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH] checkpatch: Improve accuracy and specificity of sign-off checking.
Aaron Conole writes:
> Ben Pfaff writes:
>
>> This also makes a start at a testsuite for checkpatch.
>>
>> CC: Aaron Conole
>> Signed-off-by: Ben Pfaff
>> ---
>
> I think it's close, but I still get this sort of error:
>
> 03:07:46 aconole {ipsec_selinux} ~/git/ovs$ ./utilities/checkpatch.py -1
> == Checking fa10857dafcc ("checkpatch: Improve accuracy and
> specificity of sign-off checking.") ==
> ERROR: Committer None needs to sign off.
> Lines checked: 268, Warnings: 0, Errors: 1
>
Actually, it was correct - I did forget to sign off. However, even when
I do, I see:
WARNING: Unexpected sign-offs from developers who are not authors or co-authors
or committers: Aaron Conole
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH] checkpatch: Improve accuracy and specificity of sign-off checking.
Ben Pfaff writes:
> This also makes a start at a testsuite for checkpatch.
>
> CC: Aaron Conole
> Signed-off-by: Ben Pfaff
> ---
I think it's close, but I still get this sort of error:
03:07:46 aconole {ipsec_selinux} ~/git/ovs$ ./utilities/checkpatch.py -1
== Checking fa10857dafcc ("checkpatch: Improve accuracy and specificity of
sign-off checking.") ==
ERROR: Committer None needs to sign off.
Lines checked: 268, Warnings: 0, Errors: 1
Very excited to play with the test suite.
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH v5 3/6] debian and rhel: Create IPsec package.
Ben Pfaff writes:
> On Thu, Aug 09, 2018 at 06:31:31PM -0400, Aaron Conole wrote:
>> Ben Pfaff writes:
>>
>> > On Thu, Aug 09, 2018 at 12:40:39PM -0700, Ansis Atteka wrote:
>> >> On Tue, 7 Aug 2018 at 09:43, Qiuyu Xiao wrote:
>> >> >
>> >> > Added rules and files to create debian and rpm ovs-ipsec packages.
>> >> >
>> >> > Signed-off-by: Qiuyu Xiao
>> >> > Signed-off-by: Ansis Atteka
>> >> > Co-authored-by: Ansis Atteka
>> >>
>> >> Did you test this patch on Fedora with SElinux enabled?
>> >> ovs-monitor-ipsec daemon fails to start. You need to create SElinux
>> >> policy too:
>> >
Looking at the documentation and playing around here are my thoughts:
1. We probably can squelch the .local and ldconfig AVCs that pop out.
These seem to be related more to the python environment of the ipsec
monitor.
dontaudit openvswitch_t gconf_home_t:dir { search };
dontaudit openvswitch_t ldconfig_exec_t:file { execute };
I don't think there's any harm in them, so the above would simply keep
the alert log quiet.
2. The actual ipsec side seems a bit more complicated.
Since the openvswitch-ipsec daemon writes configurations to /etc, it
would be best to build a transition domain that has the ability just to
modify those files and start the ipsec daemon. I'm not sure it makes
sense to allow openvswitch_t domain to write to all of /etc. We can
certainly grant that for now and make the transition domain something to
do in the future. I'll write that policy up and send it out (but it's a
bit bigger - even the non-domain transition one - just because of the
extra headache to allow /etc access).
On the other hand, it might be possible to use an existing ipsec service
and use the ipsec dbus interface. Can you take a look to see if we
could integrate that by default and fall back to the manual monitoring
mode. That would be my preferred solution (but I don't know if it has
all of the support needed). The selinux policy for that is much simpler
as well (just a few macros).
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] checkpatch: Improve accuracy and specificity of sign-off checking.
Bleep bloop. Greetings Ben Pfaff, I am a robot and I have tried out your patch. Thanks for your contribution. I encountered some error that I wasn't expecting. See the details below. checkpatch: ERROR: Committer None needs to sign off. Lines checked: 268, Warnings: 0, Errors: 1 Please check this out. If you feel there has been an error, please email acon...@bytheb.org Thanks, 0-day Robot ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH] Add ovs.compat module to python package
On Fri, Aug 10, 2018 at 05:52:54PM +0200, Timothy Redaelli wrote: > On Fri, 10 Aug 2018 10:13:23 -0500 > Terry Wilson wrote: > > > Signed-off-by: Terry Wilson > > Acked-by: Timothy Redaelli Applied to master. Does this need backporting? ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH] rhel: Install the network scripts in a new subpackage
On Thu, Aug 09, 2018 at 09:16:16PM -0300, Flavio Leitner wrote: > On Thu, Aug 09, 2018 at 11:50:38AM +0200, Timothy Redaelli wrote: > > On Wed, 8 Aug 2018 13:49:12 -0300 > > Flavio Leitner wrote: > > > > > Actually, we also have dependencies in the systemd service > > > to the network service: > > > > > > [Unit] > > > > > > Description=Open vSwitch Forwarding Unit > > > After=ovsdb-server.service network-pre.target > > > systemd-udev-settle.service Before=network.target network.service > > > ^^^ > > > > > > Looks like that would be gone, right? > > > > I checked and "network.service" is an auto-generated service > > (systemd-sysv-generator - Unit generator for SysV init scripts) > > from /etc/rc.d/init.d/network that brings Up and Down the interfaces > > (if you don't use Network Manager). > > > > The explicit dependency is needed in order to avoid having it to run > > before openvswitch / ovsdb-server. > > Moreover it's also harmless to have it when network.service doesn't > > exists since, in this case, systemd will only ignore the dependency. > > > > For example, NetworkManager.service has "Before=network.target > > network.service" on Fedora Rawhide too, since Fedora Rawhide still have > > the support for the legacy network scripts (/etc/rc.d/init.d/network, in > > network-scripts package). > > Alright, thanks for looking into this. > > Acked-by: Flavio Leitner > > Thanks Timothy. Thanks Timothy (and Flavio). Applied to master. Let me know if you want it in branch-2.10 (or earlier?). ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH 0/3] Use the default key length for RSA keys
On Fri, Aug 10, 2018 at 02:02:51PM +0200, Maxime Coquelin wrote: > > > On 08/09/2018 08:01 PM, Timothy Redaelli wrote: > >Currently, 1024-bit RSA keys are generated for OVS tests, are suggested in > >ovn-architecture manpage examples and are used to generate the RSA keys > >inside > >the sandbox (make sandbox), but OpenSSL documentation suggests to use at > >least > >2048-bit keys, since "fewer amount of bits is considered insecure or to be > >insecure pretty soon" [1]. > > > >Moreover, it's not currently possible to use OVS with 1024-bit keys (and > >some SSL-related tests fail for this reason) on Fedora 29 when the FUTURE > >crypto policies are enabled [2]. FUTURE crypto policies will become the > >DEFAULT soon on Fedora Rawhide. > > > >[1] https://github.com/openssl/openssl/blob/master/doc/HOWTO/keys.txt > >[2] https://fedoraproject.org/wiki/Changes/CryptoSettings > > > >Timothy Redaelli (3): > > tests: Use the default key length when generating RSA keys > > ovn-architecture: Use the default key length in examples > > ovs-sandbox: Generate the SSL keys using the default key length > > > > ovn/ovn-architecture.7.xml | 2 +- > > tests/ovs-vsctl.at | 4 ++-- > > tests/ovsdb-rbac.at| 8 > > tutorial/ovs-sandbox | 8 > > 4 files changed, 11 insertions(+), 11 deletions(-) > > > > Tested-by: Maxime Coquelin Thanks, Timothy and Maxime. I applied this series to master. ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] OVS DPDK: dpdk_merge pull request for master
On Fri, Aug 10, 2018 at 01:37:19PM +0100, Ian Stokes wrote: > Hi Ben, > > The following changes since commit a4c3463d024e51a0d2089b9fba50d8d90c7c668c: > > ofproto-dpif-xlate: Improve log message. (2018-08-09 15:57:30 -0700) > > are available in the git repository at: > > https://github.com/istokes/ovs dpdk_merge > > for you to fetch changes up to 6d947d508a5167f31430a3c8c8026a7d22aa7349: > > vswitch.xml: Update dpdk-init documentation. (2018-08-10 10:39:54 +0100) Merged, thanks! ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] OVS DPDK: dpdk_merge pull request for branch-2.8
On Fri, Aug 10, 2018 at 01:37:42PM +0100, Ian Stokes wrote: > Hi Ben, > > The following changes since commit 05ae838b2057fd2c55cdca87228f34741b046b79: > > netdev-dpdk: Use hex for PCI vendor ID. (2018-08-08 22:12:19 +0100) > > are available in the git repository at: > > https://github.com/istokes/ovs dpdk_merge_2_8 > > for you to fetch changes up to e28c4a160f613ef968a05b4be9d51ba0cf878930: > > netdev-dpdk: Fix failure to configure flow control at netdev-init. > (2018-08-10 10:45:41 +0100) Merged, thanks! ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] OVS DPDK: dpdk_merge pull request for branch-2.7
On Fri, Aug 10, 2018 at 01:37:52PM +0100, Ian Stokes wrote: > Hi Ben, > > The following changes since commit a90ff16cad22afd4cea6dfd9f0b93f93988842cb: > > netdev-dpdk: Use hex for PCI vendor ID. (2018-08-08 22:12:58 +0100) > > are available in the git repository at: > > https://github.com/istokes/ovs dpdk_merge_2_7 > > for you to fetch changes up to c5350a1a7108549008dd59da215139530a1cd6f8: > > netdev-dpdk: Fix failure to configure flow control at netdev-init. > (2018-08-10 10:49:53 +0100) Merged, thanks! ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] OVS DPDK: dpdk_merge pull request for branch-2.10
On Fri, Aug 10, 2018 at 01:37:33PM +0100, Ian Stokes wrote: > Hi Ben, > > The following changes since commit 553d3f1549385a009f703b86aa76d9896fa8da27: > > ofp-port: Fix buffer overread parsing Intel custom statistics. (2018-08-08 > 22:06:46 +0100) > > are available in the git repository at: > > https://github.com/istokes/ovs dpdk_merge_2_10 > > for you to fetch changes up to 7184517ca77fc9c084f1a8b53ccdbc82dab34c19: > > vswitch.xml: Update dpdk-init documentation. (2018-08-10 10:40:20 +0100) Merged, thanks! ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH] checkpatch: Improve accuracy and specificity of sign-off checking.
This also makes a start at a testsuite for checkpatch.
CC: Aaron Conole
Signed-off-by: Ben Pfaff
---
tests/automake.mk | 1 +
tests/checkpatch.at | 128
tests/testsuite.at | 1 +
utilities/checkpatch.py | 56 +
4 files changed, 177 insertions(+), 9 deletions(-)
create mode 100644 tests/checkpatch.at
diff --git a/tests/automake.mk b/tests/automake.mk
index 8224e5a4a22d..01f5077cd6ef 100644
--- a/tests/automake.mk
+++ b/tests/automake.mk
@@ -24,6 +24,7 @@ COMMON_MACROS_AT = \
TESTSUITE_AT = \
tests/testsuite.at \
tests/completion.at \
+ tests/checkpatch.at \
tests/library.at \
tests/heap.at \
tests/bundle.at \
diff --git a/tests/checkpatch.at b/tests/checkpatch.at
new file mode 100644
index ..ac39d1dfdee5
--- /dev/null
+++ b/tests/checkpatch.at
@@ -0,0 +1,128 @@
+AT_BANNER([checkpatch])
+
+OVS_START_SHELL_HELPERS
+# try_checkpatch PATCH [ERRORS]
+#
+# Runs checkpatch under Python 2 and Python 3, if installed, on the given
+# PATCH, expecting the specified set of ERRORS (and warnings).
+try_checkpatch() {
+AT_SKIP_IF([test $HAVE_PYTHON2 = no && test $HAVE_PYTHON3 = no])
+# Take the patch to test from $1. Remove an initial four-space indent
+# from it and, if it is just headers with no body, add a null body.
+echo "$1" | sed 's/^//' > test.patch
+if grep '---' expout >/dev/null 2>&1; then :
+else
+printf '\n---\n' >> test.patch
+fi
+
+# Take expected output from $2.
+if test -n "$2"; then
+echo "$2" | sed 's/^//' > expout
+else
+: > expout
+fi
+
+try_checkpatch__ "$HAVE_PYTHON2" "$PYTHON2"
+try_checkpatch__ "$HAVE_PYTHON3" "$PYTHON3"
+}
+try_checkpatch__() {
+if test $1 = no; then
+:
+elif test -s expout; then
+AT_CHECK([$2 $top_srcdir/utilities/checkpatch.py -q test.patch],
+ [255], [stdout])
+AT_CHECK([sed '/^Lines checked:/,$d' stdout], [0], [expout])
+else
+AT_CHECK([$2 $top_srcdir/utilities/checkpatch.py -q test.patch])
+fi
+}
+OVS_END_SHELL_HELPERS
+
+AT_SETUP([checkpatch - sign-offs])
+
+# Sign-off for single author who is also the committer.
+try_checkpatch \
+ "Author: A
+Committer: A
+
+Signed-off-by: A"
+try_checkpatch \
+ "Author: A
+Committer: A" \
+ "ERROR: Author A needs to sign off."
+
+# Sign-off for single author and different committer.
+try_checkpatch \
+ "Author: A
+Committer: B
+
+Signed-off-by: A
+Signed-off-by: B"
+try_checkpatch \
+ "Author: A
+Committer: B" \
+ "ERROR: Author A needs to sign off.
+ERROR: Committer B needs to sign off."
+
+# Sign-off for multiple authors with one author also the committer.
+try_checkpatch \
+ "Author: A
+Committer: A
+
+Signed-off-by: A
+Co-authored-by: B
+Signed-off-by: B"
+try_checkpatch \
+ "Author: A
+Committer: A
+
+Co-authored-by: B
+Signed-off-by: B" \
+ "ERROR: Author A needs to sign off."
+try_checkpatch \
+ "Author: A
+Committer: A
+
+Signed-off-by: A
+Co-authored-by: B" \
+ "ERROR: Co-author B needs to sign off."
+try_checkpatch \
+ "Author: A
+Committer: A
+
+Co-authored-by: B" \
+ "ERROR: Author A needs to sign off.
+ERROR: Co-author B needs to sign off."
+
+# Sign-off for multiple authors and separate committer.
+try_checkpatch \
+ "Author: A
+Committer: C
+
+Signed-off-by: A
+Co-authored-by: B
+Signed-off-by: B
+Signed-off-by: C"
+try_checkpatch \
+ "Author: A
+Committer: C
+
+Signed-off-by: A
+Co-authored-by: B
+Signed-off-by: B" \
+ "ERROR: Committer C needs to sign off."
+
+# Extra sign-offs.
+try_checkpatch \
+ "Author: A
+Committer: C
+
+Signed-off-by: A
+Co-authored-by: B
+Signed-off-by: B
+Signed-off-by: C
+Signed-off-by: D
+Signed-off-by: E" \
+ "WARNING: Unexpected sign-offs from developers who are not authors or
co-authors or committers: D, E"
+
+AT_CLEANUP
diff --git a/tests/testsuite.at b/tests/testsuite.at
index 15c385e2cddb..690904e30881 100644
--- a/tests/testsuite.at
+++ b/tests/testsuite.at
@@ -21,6 +21,7 @@ m4_include([tests/ovsdb-macros.at])
m4_include([tests/ofproto-macros.at])
m4_include([tests/completion.at])
+m4_include([tests/checkpatch.at])
m4_include([tests/bfd.at])
m4_include([tests/cfm.at])
m4_include([tests/lacp.at])
diff --git a/utilities/checkpatch.py b/utilities/checkpatch.py
index b2f27f5b7dd1..3c3d2fc7c915 100755
--- a/utilities/checkpatch.py
+++ b/utilities/checkpatch.py
@@ -668,7 +668,7 @@ def run_file_checks(text):
check['check'](text)
-def ovs_checkpatch_parse(text, filename):
+def ovs_checkpatch_parse(text, filename, author=None, committer=None):
global print_file_name, total_line, checking_file, \
empty_return_check_state
@@ -686,6 +686,8 @@ def ovs_checkpatch_parse(text,
Re: [ovs-dev] OVN/OVS split: OVN mailing list?
On Fri, Aug 10, 2018 at 01:52:43PM -0400, Mark Michelson wrote: > A topic that's come up from time to time for a while now is splitting OVN > out of the OVS source and into a separate project. Based on discussions in > recent OVN IRC meetings, it seems like this will start actually happening > sometime soon. > > Before starting in-depth technical discussions on this list or the ovs-dev > list, I'm curious if people would be interested in splitting off a separate > OVN list for this and future OVN-related discussions? I can see merits of > keeping discussions on this list and of starting a new one, so I'm > interested in what others think about the matter. I think it's a reasonable idea. ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] OVN/OVS split: OVN mailing list?
Hi folks, A topic that's come up from time to time for a while now is splitting OVN out of the OVS source and into a separate project. Based on discussions in recent OVN IRC meetings, it seems like this will start actually happening sometime soon. Before starting in-depth technical discussions on this list or the ovs-dev list, I'm curious if people would be interested in splitting off a separate OVN list for this and future OVN-related discussions? I can see merits of keeping discussions on this list and of starting a new one, so I'm interested in what others think about the matter. Thanks, Mark ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [patch v7] dpctl: Make opt_dpif_open() more general.
On Wed, Aug 8, 2018 at 2:12 PM, Darrell Ball wrote:
> Ben
>
> If you apply this, I have one line to delete inline.
>
> Darrell
>
> On Wed, Aug 8, 2018 at 2:09 PM, Darrell Ball wrote:
>
>> By making opt_dpif_open() more general, it can be used effectively
>> by all potential callers and avoids trying to open potentially bogus
>> datapaths provided by the user. Also, the error handling is improved by
>> reducing bogus errors and having more specific real errors.
>>
>> Signed-off-by: Darrell Ball
>> ---
>> lib/dpctl.c | 56 ++
>> ++-
>> tests/system-traffic.at | 10 -
>> 2 files changed, 56 insertions(+), 10 deletions(-)
>>
>> diff --git a/lib/dpctl.c b/lib/dpctl.c
>> index c600eeb..ef057aa 100644
>> --- a/lib/dpctl.c
>> +++ b/lib/dpctl.c
>> @@ -187,18 +187,64 @@ parsed_dpif_open(const char *arg_, bool create,
>> struct dpif **dpifp)
>> return result;
>> }
>>
>> +static bool
>> +dp_exists(const char *queried_dp)
>> +{
>> +struct sset dpif_names = SSET_INITIALIZER(_names),
>> +dpif_types = SSET_INITIALIZER(_types);
>> +bool found = false;
>> +char *queried_name, *queried_type;
>> +
>> +dp_parse_name(queried_dp, _name, _type);
>> +dp_enumerate_types(_types);
>> +
>> +if (!sset_contains(_types, queried_type)) {
>> +goto out;
>> +}
>> +
>> +int error = dp_enumerate_names(queried_type, _names);
>> +if (!error && sset_contains(_names, queried_name)) {
>> +found = true;
>> +goto out;
>>
>
> Pls remove the above "goto out;"
>
I ended up sending a V8 with a little more compact code. at the expense of
a slight decrease
in readability and this label is gone in V8.
>
>
>
>> +}
>> +
>> +out:
>> +sset_destroy(_names);
>> +sset_destroy(_types);
>> +return found;
>> +}
>> +
>> +static bool
>> +dp_arg_exists(int argc, const char *argv[])
>> +{
>> +if (argc > 1 && dp_exists(argv[1])) {
>> +return true;
>> +}
>> +return false;
>> +}
>> +
>> /* Open a dpif with an optional name argument.
>> *
>> - * The datapath name is not a mandatory parameter for this command. If
>> - * it is not specified -- so 'argc' < 'max_args' -- we retrieve it from
>> - * the current setup, assuming only one exists. On success stores the
>> - * opened dpif in '*dpifp'. */
>> + * The datapath name is not a mandatory parameter for this command. If
>> it is
>> + * not specified, we retrieve it from the current setup, assuming only
>> one
>> + * exists. On success stores the opened dpif in '*dpifp'. */
>> static int
>> opt_dpif_open(int argc, const char *argv[], struct dpctl_params *dpctl_p,
>>uint8_t max_args, struct dpif **dpifp)
>> {
>> +char *dpname;
>> +if (dp_arg_exists(argc, argv)) {
>> +dpname = xstrdup(argv[1]);
>> +} else if (argc != max_args) {
>> +dpname = get_one_dp(dpctl_p);
>> +} else {
>> +/* If the arguments are the maximum possible number and there is
>> no
>> + * valid datapath argument, then we fall into the case of dpname
>> is
>> + * NULL, since this is an error. */
>> +dpname = NULL;
>> +}
>> +
>> int error = 0;
>> -char *dpname = argc >= max_args ? xstrdup(argv[1]) :
>> get_one_dp(dpctl_p);
>> if (!dpname) {
>> error = EINVAL;
>> dpctl_error(dpctl_p, error, "datapath not found");
>> diff --git a/tests/system-traffic.at b/tests/system-traffic.at
>> index cbd9542..a7c8a24 100644
>> --- a/tests/system-traffic.at
>> +++ b/tests/system-traffic.at
>> @@ -1040,7 +1040,7 @@ AT_CHECK([ovs-appctl dpctl/flush-conntrack zone=5
>> $ICMP_TUPLE])
>> AT_CHECK([ovs-appctl dpctl/dump-conntrack | grep
>> "orig=.src=10\.1\.1\.2,"], [1], [dnl
>> ])
>>
>> -OVS_TRAFFIC_VSWITCHD_STOP(["/could not create datapath/d"])
>> +OVS_TRAFFIC_VSWITCHD_STOP
>> AT_CLEANUP
>>
>> AT_SETUP([conntrack - IPv4 ping])
>> @@ -1124,17 +1124,17 @@ ovs-appctl: ovs-vswitchd: server returned an error
>> ])
>>
>> AT_CHECK([ovs-appctl dpctl/ct-set-maxconns one-bad-dp 10], [2], [], [dnl
>> -ovs-vswitchd: opening datapath (Address family not supported by protocol)
>> +ovs-vswitchd: datapath not found (Invalid argument)
>> ovs-appctl: ovs-vswitchd: server returned an error
>> ])
>>
>> AT_CHECK([ovs-appctl dpctl/ct-get-maxconns one-bad-dp], [2], [], [dnl
>> -ovs-vswitchd: opening datapath (Address family not supported by protocol)
>> +ovs-vswitchd: datapath not found (Invalid argument)
>> ovs-appctl: ovs-vswitchd: server returned an error
>> ])
>>
>> AT_CHECK([ovs-appctl dpctl/ct-get-nconns one-bad-dp], [2], [], [dnl
>> -ovs-vswitchd: opening datapath (Address family not supported by protocol)
>> +ovs-vswitchd: datapath not found (Invalid argument)
>> ovs-appctl: ovs-vswitchd: server returned an error
>> ])
>>
>> @@ -1164,7 +1164,7 @@ AT_CHECK([ovs-appctl dpctl/ct-get-maxconns], [],
>> [dnl
>> 10
>> ])
>>
>> -OVS_TRAFFIC_VSWITCHD_STOP(["/could not create
[ovs-dev] [patch v8] dpctl: Make opt_dpif_open() more general.
By making opt_dpif_open() more general, it can be used effectively
by all potential callers and avoids trying to open potentially bogus
datapaths provided by the user. Also, the error handling is improved by
reducing bogus errors and having more specific real errors.
Signed-off-by: Darrell Ball
---
lib/dpctl.c | 50 -
tests/system-traffic.at | 10 +-
2 files changed, 50 insertions(+), 10 deletions(-)
diff --git a/lib/dpctl.c b/lib/dpctl.c
index c600eeb..5944974 100644
--- a/lib/dpctl.c
+++ b/lib/dpctl.c
@@ -187,18 +187,58 @@ parsed_dpif_open(const char *arg_, bool create, struct
dpif **dpifp)
return result;
}
+static bool
+dp_exists(const char *queried_dp)
+{
+char *queried_name, *queried_type;
+dp_parse_name(queried_dp, _name, _type);
+struct sset dpif_names = SSET_INITIALIZER(_names),
+dpif_types = SSET_INITIALIZER(_types);
+dp_enumerate_types(_types);
+bool found = false;
+
+if (sset_contains(_types, queried_type) &&
+!dp_enumerate_names(queried_type, _names) &&
+sset_contains(_names, queried_name)) {
+found = true;
+}
+
+sset_destroy(_names);
+sset_destroy(_types);
+return found;
+}
+
+static bool
+dp_arg_exists(int argc, const char *argv[])
+{
+if (argc > 1 && dp_exists(argv[1])) {
+return true;
+}
+return false;
+}
+
/* Open a dpif with an optional name argument.
*
- * The datapath name is not a mandatory parameter for this command. If
- * it is not specified -- so 'argc' < 'max_args' -- we retrieve it from
- * the current setup, assuming only one exists. On success stores the
- * opened dpif in '*dpifp'. */
+ * The datapath name is not a mandatory parameter for this command. If it is
+ * not specified, we retrieve it from the current setup, assuming only one
+ * exists. On success stores the opened dpif in '*dpifp'. */
static int
opt_dpif_open(int argc, const char *argv[], struct dpctl_params *dpctl_p,
uint8_t max_args, struct dpif **dpifp)
{
+char *dpname;
+if (dp_arg_exists(argc, argv)) {
+dpname = xstrdup(argv[1]);
+} else if (argc != max_args) {
+dpname = get_one_dp(dpctl_p);
+} else {
+/* If the arguments are the maximum possible number and there is no
+ * valid datapath argument, then we fall into the case of dpname is
+ * NULL, since this is an error. */
+dpname = NULL;
+}
+
int error = 0;
-char *dpname = argc >= max_args ? xstrdup(argv[1]) : get_one_dp(dpctl_p);
if (!dpname) {
error = EINVAL;
dpctl_error(dpctl_p, error, "datapath not found");
diff --git a/tests/system-traffic.at b/tests/system-traffic.at
index cbd9542..a7c8a24 100644
--- a/tests/system-traffic.at
+++ b/tests/system-traffic.at
@@ -1040,7 +1040,7 @@ AT_CHECK([ovs-appctl dpctl/flush-conntrack zone=5
$ICMP_TUPLE])
AT_CHECK([ovs-appctl dpctl/dump-conntrack | grep "orig=.src=10\.1\.1\.2,"],
[1], [dnl
])
-OVS_TRAFFIC_VSWITCHD_STOP(["/could not create datapath/d"])
+OVS_TRAFFIC_VSWITCHD_STOP
AT_CLEANUP
AT_SETUP([conntrack - IPv4 ping])
@@ -1124,17 +1124,17 @@ ovs-appctl: ovs-vswitchd: server returned an error
])
AT_CHECK([ovs-appctl dpctl/ct-set-maxconns one-bad-dp 10], [2], [], [dnl
-ovs-vswitchd: opening datapath (Address family not supported by protocol)
+ovs-vswitchd: datapath not found (Invalid argument)
ovs-appctl: ovs-vswitchd: server returned an error
])
AT_CHECK([ovs-appctl dpctl/ct-get-maxconns one-bad-dp], [2], [], [dnl
-ovs-vswitchd: opening datapath (Address family not supported by protocol)
+ovs-vswitchd: datapath not found (Invalid argument)
ovs-appctl: ovs-vswitchd: server returned an error
])
AT_CHECK([ovs-appctl dpctl/ct-get-nconns one-bad-dp], [2], [], [dnl
-ovs-vswitchd: opening datapath (Address family not supported by protocol)
+ovs-vswitchd: datapath not found (Invalid argument)
ovs-appctl: ovs-vswitchd: server returned an error
])
@@ -1164,7 +1164,7 @@ AT_CHECK([ovs-appctl dpctl/ct-get-maxconns], [], [dnl
10
])
-OVS_TRAFFIC_VSWITCHD_STOP(["/could not create datapath one-bad-dp of unknown
type system/d"])
+OVS_TRAFFIC_VSWITCHD_STOP
AT_CLEANUP
AT_SETUP([conntrack - IPv6 ping])
--
1.9.1
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH] Add ovs.compat module to python package
On Fri, 10 Aug 2018 10:13:23 -0500 Terry Wilson wrote: > Signed-off-by: Terry Wilson Acked-by: Timothy Redaelli ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH] Add ovs.compat module to python package
Signed-off-by: Terry Wilson --- python/setup.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/python/setup.py b/python/setup.py index 0e86834..b52657d 100644 --- a/python/setup.py +++ b/python/setup.py @@ -63,7 +63,8 @@ setup_args = dict( url='http://www.openvswitch.org/', author='Open vSwitch', author_email='d...@openvswitch.org', -packages=['ovs', 'ovs.db', 'ovs.unixctl'], +packages=['ovs', 'ovs.compat', 'ovs.compat.sortedcontainers', + 'ovs.db', 'ovs.unixctl'], keywords=['openvswitch', 'ovs', 'OVSDB'], license='Apache 2.0', classifiers=[ -- 2.7.4 ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH RFC net-next] openvswitch: Queue upcalls to userspace in per-port round-robin order
On Fri, Aug 3, 2018 at 5:43 PM, Stefano Brivio wrote:
> On Fri, 3 Aug 2018 16:01:08 -0700
> Ben Pfaff wrote:
>
> > I think that a simple mechanism for fairness is fine. The direction
> > of extensibility that makes me anxious is how to decide what matters
> > for fairness. So far, we've talked about per-vport fairness. That
> > works pretty well for packets coming in from virtual interfaces where
> > each vport represents a separate VM.
>
> Yes, right, that's the case where we have significant issues currently.
>
> > It does not work well if the traffic filling your queues all comes
> > from a single physical port because some source of traffic is sending
> > traffic at a high rate. In that case, you'll do a lot better if you
> > do fairness based on the source 5-tuple. But if you're doing network
> > virtualization, then the outer source 5-tuples won't necessarily vary
> > much and you'd be better off looking at the VNI and maybe some Geneve
> > TLV options and maybe the inner 5-tuple...
>
> Sure, I see what you mean now. That looks entirely doable if we
> abstract the round-robin bucket selection out of the current patch.
>
> > I would be very pleased if we could integrate a simple mechanism for
> > fairness, based for now on some simple criteria like the source port,
> > but thinking ahead to how we could later make it gracefully extensible
> > to consider more general and possibly customizable criteria.
>
> We could change the patch so that instead of just using the vport for
> round-robin queue insertion, we generalise that and use "buckets"
> instead of vports, and have a set of possible functions that are called
> instead of using port_no directly in ovs_dp_upcall_queue_roundrobin(),
> making this configurable via netlink, per datapath.
>
> We could implement selection based on source port or a hash on the
> source 5-tuple, and the relevant bits of
> ovs_dp_upcall_queue_roundrobin() would look like this:
>
> static int ovs_dp_upcall_queue_roundrobin(struct datapath *dp,
> struct dp_upcall_info *upcall)
> {
>
> [...]
>
> list_for_each_entry(pos, head, list) {
> int bucket = dp->rr_select(pos);
>
> /* Count per-bucket upcalls. */
> if (dp->upcalls.count[bucket] == U8_MAX) {
> err = -ENOSPC;
> goto out_clear;
> }
> dp->upcalls.count[bucket]++;
>
> if (bucket == upcall->bucket) {
> /* Another upcall for the same bucket: move
> insertion
> * point here, keep looking for insertion
> condition to
> * be still met further on.
> */
> find_next = true;
> here = pos;
> continue;
> }
>
> count = dp->upcalls.count[bucket];
> if (find_next && dp->upcalls.count[bucket] >= count) {
> /* Insertion condition met: no need to look
> further,
> * unless another upcall for the same port occurs
> later.
> */
> find_next = false;
> here = pos;
> }
> }
>
> [...]
>
> }
>
> and implementations for dp->rr_select() would look like:
>
> int rr_select_vport(struct dp_upcall_info *upcall)
> {
> return upcall->port_no;
> }
>
> int rr_select_srcport(struct dp_upcall_info *upcall)
> {
> /* look up source port from upcall->skb... */
> }
>
> And we could then easily extend this to use BPF with maps one day.
>
>
Hi Stefano,
If you want to experiment with BPF, Joe and I have some prototype.
We implemented the upcall mechanism using BPF perf event helper function
https://github.com/williamtu/ovs-ebpf/blob/master/bpf/datapath.c#L62
And there are threads polling the perf ring buffer to receive packets from
BPF.
https://github.com/williamtu/ovs-ebpf/blob/master/lib/perf-event.c#L232
If I follow the discussion correctly, before upcall, you need to queue
packets based
on different configurations (vport/hash/vni/5-tuple/...) and queue to
different buckets
when congestion happens. In this case, you probably needs a BPF map to
enqueue/dequeue
the packet. BPF queue map is not supported yet, but there is patch
available:
[iovisor-dev] [RFC PATCH 1/3] bpf: add bpf queue map
So how to enqueue and dequeue packets depends on user's BPF implementation.
This allows fairness scheme to be extensible.
Regards,
William
This is for clarity by the way, but I guess we should avoid indirect
> calls in the final implementation.
>
> What do you think?
>
> --
> Stefano
>
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] OVS DPDK: dpdk_merge pull request for branch-2.10
Bleep bloop. Greetings Ian Stokes, I am a robot and I have tried out your patch. Thanks for your contribution. I encountered some error that I wasn't expecting. See the details below. checkpatch: ERROR: Too many signoffs; are you missing Co-authored-by lines? Lines checked: 101, Warnings: 0, Errors: 1 Please check this out. If you feel there has been an error, please email acon...@bytheb.org Thanks, 0-day Robot ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH 0/2] Reflecting a flow's offloaded state - continuation
Hi Gavi,
On 10 August 2018 at 10:30, Gavi Teitz wrote:
> Continuing work done on improving visibility of a flow's offloaded
> state via dpctl, which was begun in commit d63ca5329ff9 ("dpctl:
> Properly reflect a rule's offloaded to HW state").
>
> The first commit addresses the initialization of the new dpif_flow
> field 'dp_layer' in dpif-netdev, which was left out in the initial
> commit.
>
> The second commit expands the flow type filter, so that flow dumps
> can be filtered by the full expanded set of flow classifications
> related to the offloaded state.
>
> Results of travis run over this series can be seen here:
> https://travis-ci.org/roidayan/ovs/builds/413934233
I will be mostly out-of-office until the 22nd.
I'd like to defer reviewing this until after I return..
>
>
> Gavi Teitz (2):
> dpif-netdev: Initialize dpif_flow attrs
> dpctl: Expand the flow dump type filter
>
> lib/dpctl.c | 112 ++
> +---
> lib/dpctl.man | 14 +--
> lib/dpif-netdev.c |5 ++-
> lib/dpif-netlink.c | 45 +++-
> lib/dpif-provider.h |8 ++-
> lib/dpif.c |5 +-
> lib/dpif.h |7 +++-
> 7 files changed, 131 insertions(+), 65 deletions(-)
>
>
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] OVS DPDK: dpdk_merge pull request for branch-2.8
Hi Ben, The following changes since commit 05ae838b2057fd2c55cdca87228f34741b046b79: netdev-dpdk: Use hex for PCI vendor ID. (2018-08-08 22:12:19 +0100) are available in the git repository at: https://github.com/istokes/ovs dpdk_merge_2_8 for you to fetch changes up to e28c4a160f613ef968a05b4be9d51ba0cf878930: netdev-dpdk: Fix failure to configure flow control at netdev-init. (2018-08-10 10:45:41 +0100) Sugesh Chandran (1): netdev-dpdk: Fix failure to configure flow control at netdev-init. lib/netdev-dpdk.c | 13 ++--- 1 file changed, 6 insertions(+), 7 deletions(-) Regards Ian ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] OVS DPDK: dpdk_merge pull request for branch-2.7
Hi Ben, The following changes since commit a90ff16cad22afd4cea6dfd9f0b93f93988842cb: netdev-dpdk: Use hex for PCI vendor ID. (2018-08-08 22:12:58 +0100) are available in the git repository at: https://github.com/istokes/ovs dpdk_merge_2_7 for you to fetch changes up to c5350a1a7108549008dd59da215139530a1cd6f8: netdev-dpdk: Fix failure to configure flow control at netdev-init. (2018-08-10 10:49:53 +0100) Sugesh Chandran (1): netdev-dpdk: Fix failure to configure flow control at netdev-init. lib/netdev-dpdk.c | 13 + 1 file changed, 5 insertions(+), 8 deletions(-) Regards Ian ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] OVS DPDK: dpdk_merge pull request for branch-2.10
Hi Ben, The following changes since commit 553d3f1549385a009f703b86aa76d9896fa8da27: ofp-port: Fix buffer overread parsing Intel custom statistics. (2018-08-08 22:06:46 +0100) are available in the git repository at: https://github.com/istokes/ovs dpdk_merge_2_10 for you to fetch changes up to 7184517ca77fc9c084f1a8b53ccdbc82dab34c19: vswitch.xml: Update dpdk-init documentation. (2018-08-10 10:40:20 +0100) Ian Stokes (1): releases: Add 2.10 entry for supported DPDK versions. Kevin Traynor (1): vswitch.xml: Update dpdk-init documentation. Documentation/faq/releases.rst | 1 + vswitchd/vswitch.xml | 14 ++ 2 files changed, 11 insertions(+), 4 deletions(-) Regards Ian ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] OVS DPDK: dpdk_merge pull request for master
Hi Ben, The following changes since commit a4c3463d024e51a0d2089b9fba50d8d90c7c668c: ofproto-dpif-xlate: Improve log message. (2018-08-09 15:57:30 -0700) are available in the git repository at: https://github.com/istokes/ovs dpdk_merge for you to fetch changes up to 6d947d508a5167f31430a3c8c8026a7d22aa7349: vswitch.xml: Update dpdk-init documentation. (2018-08-10 10:39:54 +0100) Ian Stokes (1): releases: Add 2.10 entry for supported DPDK versions. Kevin Traynor (1): vswitch.xml: Update dpdk-init documentation. Documentation/faq/releases.rst | 1 + vswitchd/vswitch.xml | 14 ++ 2 files changed, 11 insertions(+), 4 deletions(-) Regards Ian ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH 0/3] Use the default key length for RSA keys
On 08/09/2018 08:01 PM, Timothy Redaelli wrote: Currently, 1024-bit RSA keys are generated for OVS tests, are suggested in ovn-architecture manpage examples and are used to generate the RSA keys inside the sandbox (make sandbox), but OpenSSL documentation suggests to use at least 2048-bit keys, since "fewer amount of bits is considered insecure or to be insecure pretty soon" [1]. Moreover, it's not currently possible to use OVS with 1024-bit keys (and some SSL-related tests fail for this reason) on Fedora 29 when the FUTURE crypto policies are enabled [2]. FUTURE crypto policies will become the DEFAULT soon on Fedora Rawhide. [1] https://github.com/openssl/openssl/blob/master/doc/HOWTO/keys.txt [2] https://fedoraproject.org/wiki/Changes/CryptoSettings Timothy Redaelli (3): tests: Use the default key length when generating RSA keys ovn-architecture: Use the default key length in examples ovs-sandbox: Generate the SSL keys using the default key length ovn/ovn-architecture.7.xml | 2 +- tests/ovs-vsctl.at | 4 ++-- tests/ovsdb-rbac.at| 8 tutorial/ovs-sandbox | 8 4 files changed, 11 insertions(+), 11 deletions(-) Tested-by: Maxime Coquelin Thanks! Maxime ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH Branch2.8] netdev-dpdk: Fix failure to configure flow control at netdev-init.
> This patch backports the commit from the latest OVS master to OVS-2.8. > > Configuring flow control at ixgbe netdev-init is throwing error in port > start. > For eg: without this fix, user cannot configure flow control on ixgbe dpdk > port as below, > > " > ovs-vsctl add-port br0 dpdk0 -- set Interface dpdk0 type=dpdk \ > options:dpdk-devargs=:05:00.1 options:rx-flow-ctrl=true " > > Instead, it must be configured as two different commands, > > " > ovs-vsctl add-port br0 dpdk0 -- set Interface dpdk0 type=dpdk \ >options:dpdk-devargs=:05:00.1 > ovs-vsctl set Interface dpdk0 options:rx-flow-ctrl=true " > > The DPDK ixgbe driver is now validating all the 'rte_eth_fc_conf' fields > before trying to configuring the dpdk ethdev. Hence OVS can no longer set > the 'dont care' fields to just '0' as before. This commit make sure all > the 'rte_eth_fc_conf' fields are populated with default values before the > dev init. > Also to avoid read error on unsupported ports, the flow control parameters > are now read only when user is trying to configure/update it. > > Signed-off-by: Sugesh Chandran Thanks Sugesh, I'll backport this and the 2.7 patch to the appropriate branches as part of today's pull request. Ian ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH] vswitch.xml: Update dpdk-init documentation.
> dpdk-init is now a string. Add description of 'true' and 'try'.
>
> Fixes: 3e52fa5644cd ("dpdk: reflect status and version in the database")
> Cc: acon...@redhat.com
> Signed-off-by: Kevin Traynor
Thanks Kevin,
Will add this to today's pull request and backport to 2.10 also.
Ian
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
