[ovs-dev] [PATCH v4] tc: Add support for TCA_STATS_PKT64
Currently tc offload flow packet counters will roll over every ~4
billion packets. This is because the packet counter in struct
tc_stats provided by TCA_STATS_BASIC is a 32bit integer.
Now we check for the optional TCA_STATS_PKT64 attribute which provides
the full 64bit packet counter if the 32bit one has rolled over. Because
the TCA_STATS_PKT64 attribute may appear multiple times in a netlink
message, the method of parsing attributes was changed.
Fixes: f98e418fbdb6 ("tc: Add tc flower functions")
Reported-at: https://bugzilla.redhat.com/show_bug.cgi?id=1776816
Signed-off-by: Mike Pattrick
---
Since v1:
- Retain support for pre-TCA_STATS_PKT64 kernels
Since v2:
- Added compat header
Since v3:
- Rebased on to current master
Signed-off-by: Mike Pattrick
---
lib/tc.c | 105 ++-
1 file changed, 66 insertions(+), 39 deletions(-)
diff --git a/lib/tc.c b/lib/tc.c
index a66dc432f..56a83e2c4 100644
--- a/lib/tc.c
+++ b/lib/tc.c
@@ -1852,16 +1852,9 @@ static const struct nl_policy act_policy[] = {
[TCA_ACT_STATS] = { .type = NL_A_NESTED, .optional = false, },
};
-static const struct nl_policy stats_policy[] = {
-[TCA_STATS_BASIC] = { .type = NL_A_UNSPEC,
- .min_len = sizeof(struct gnet_stats_basic),
- .optional = false, },
-[TCA_STATS_BASIC_HW] = { .type = NL_A_UNSPEC,
- .min_len = sizeof(struct gnet_stats_basic),
- .optional = true, },
-[TCA_STATS_QUEUE] = { .type = NL_A_UNSPEC,
- .min_len = sizeof(struct gnet_stats_queue),
- .optional = true, },
+struct flow_stats {
+uint64_t n_packets;
+uint64_t n_bytes;
};
static int
@@ -1870,48 +1863,82 @@ nl_parse_action_stats(struct nlattr *act_stats,
struct ovs_flow_stats *stats_hw,
struct ovs_flow_stats *stats_dropped)
{
-struct nlattr *stats_attrs[ARRAY_SIZE(stats_policy)];
-struct gnet_stats_basic bs_all, bs_sw, bs_hw;
+const struct gnet_stats_basic *stats_basic;
+struct flow_stats s_sw = {0}, s_hw = {0};
+uint16_t prev_type = __TCA_STATS_MAX;
const struct gnet_stats_queue *qs;
+const struct nlattr *nla;
+uint32_t s_dropped = 0;
+uint64_t packets;
+uint16_t type;
+int seen = 0;
+size_t left;
-if (!nl_parse_nested(act_stats, stats_policy, stats_attrs,
- ARRAY_SIZE(stats_policy))) {
-VLOG_ERR_RL(_rl, "Failed to parse action stats policy");
-return EPROTO;
-}
+/* Cannot use nl_parse_nested due to duplicate attributes */
+NL_ATTR_FOR_EACH (nla, left, nl_attr_get(act_stats),
+ nl_attr_get_size(act_stats)) {
+type = nl_attr_type(nla);
+seen |= 1 << type;
-memcpy(_all,
- nl_attr_get_unspec(stats_attrs[TCA_STATS_BASIC], sizeof bs_all),
- sizeof bs_all);
-if (stats_attrs[TCA_STATS_BASIC_HW]) {
-memcpy(_hw, nl_attr_get_unspec(stats_attrs[TCA_STATS_BASIC_HW],
- sizeof bs_hw),
- sizeof bs_hw);
+switch (type) {
+case TCA_STATS_BASIC:
+stats_basic = nl_attr_get_unspec(nla, sizeof *stats_basic);
+s_sw.n_packets = stats_basic->packets;
+s_sw.n_bytes = stats_basic->bytes;
+break;
+case TCA_STATS_BASIC_HW:
+stats_basic = nl_attr_get_unspec(nla, sizeof *stats_basic);
+s_hw.n_packets = stats_basic->packets;
+s_hw.n_bytes = stats_basic->bytes;
+break;
+case TCA_STATS_QUEUE:
+qs = nl_attr_get_unspec(nla, sizeof *qs);
+s_dropped = qs->drops;
+break;
+case TCA_STATS_PKT64:
+packets = nl_attr_get_u64(nla);
-bs_sw.packets = bs_all.packets - bs_hw.packets;
-bs_sw.bytes = bs_all.bytes - bs_hw.bytes;
-} else {
-bs_sw.packets = bs_all.packets;
-bs_sw.bytes = bs_all.bytes;
+if (prev_type == TCA_STATS_BASIC) {
+s_sw.n_packets = packets;
+} else if (prev_type == TCA_STATS_BASIC_HW) {
+s_hw.n_packets = packets;
+} else {
+goto err;
+}
+break;
+default:
+break;
+}
+prev_type = type;
}
-if (bs_sw.packets > get_32aligned_u64(_sw->n_packets)) {
-put_32aligned_u64(_sw->n_packets, bs_sw.packets);
-put_32aligned_u64(_sw->n_bytes, bs_sw.bytes);
+if (!(seen & 1 << TCA_STATS_BASIC)) {
+goto err;
}
-if (stats_attrs[TCA_STATS_BASIC_HW]
-&& bs_hw.packets > get_32aligned_u64(_hw->n_packets)) {
-put_32aligned_u64(_hw->n_packets, bs_hw.packets);
-
[ovs-dev] [PATCH net] net: openvswitch: release vport resources on failure
A recent commit introducing upcall packet accounting failed to properly
release the vport object when the per-cpu stats struct couldn't be
allocated. This can cause dangling pointers to dp objects long after
they've been released.
Cc: Eelco Chaudron
Cc: wangchuanlei
Fixes: 1933ea365aa7 ("net: openvswitch: Add support to count upcall packets")
Reported-by: syzbot+8f4e2dcfcb3209ac3...@syzkaller.appspotmail.com
Signed-off-by: Aaron Conole
---
net/openvswitch/datapath.c | 8 ++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/net/openvswitch/datapath.c b/net/openvswitch/datapath.c
index 932bcf766d63..6774baf9e212 100644
--- a/net/openvswitch/datapath.c
+++ b/net/openvswitch/datapath.c
@@ -1854,7 +1854,7 @@ static int ovs_dp_cmd_new(struct sk_buff *skb, struct
genl_info *info)
vport->upcall_stats = netdev_alloc_pcpu_stats(struct
vport_upcall_stats_percpu);
if (!vport->upcall_stats) {
err = -ENOMEM;
- goto err_destroy_portids;
+ goto err_destroy_vport;
}
err = ovs_dp_cmd_fill_info(dp, reply, info->snd_portid,
@@ -1869,6 +1869,8 @@ static int ovs_dp_cmd_new(struct sk_buff *skb, struct
genl_info *info)
ovs_notify(_datapath_genl_family, reply, info);
return 0;
+err_destroy_vport:
+ ovs_dp_detach_port(vport);
err_destroy_portids:
kfree(rcu_dereference_raw(dp->upcall_portids));
err_unlock_and_destroy_meters:
@@ -2316,7 +2318,7 @@ static int ovs_vport_cmd_new(struct sk_buff *skb, struct
genl_info *info)
vport->upcall_stats = netdev_alloc_pcpu_stats(struct
vport_upcall_stats_percpu);
if (!vport->upcall_stats) {
err = -ENOMEM;
- goto exit_unlock_free;
+ goto exit_unlock_free_vport;
}
err = ovs_vport_cmd_fill_info(vport, reply, genl_info_net(info),
@@ -2336,6 +2338,8 @@ static int ovs_vport_cmd_new(struct sk_buff *skb, struct
genl_info *info)
ovs_notify(_vport_genl_family, reply, info);
return 0;
+exit_unlock_free_vport:
+ ovs_dp_detach_port(vport);
exit_unlock_free:
ovs_unlock();
kfree_skb(reply);
--
2.31.1
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH branch-3.0 1/2] Set release date for 3.0.3.
Bleep bloop. Greetings Ilya Maximets, I am a robot and I have tried out your patch. Thanks for your contribution. I encountered some error that I wasn't expecting. See the details below. git-am: error: Failed to merge in the changes. hint: Use 'git am --show-current-patch=diff' to see the failed patch Patch failed at 0001 Set release date for 3.0.3. When you have resolved this problem, run "git am --continue". If you prefer to skip this patch, run "git am --skip" instead. To restore the original branch and stop patching, run "git am --abort". Patch skipped due to previous failure. Please check this out. If you feel there has been an error, please email acon...@redhat.com Thanks, 0-day Robot ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH branch-3.0 2/2] Prepare for 3.0.4.
Bleep bloop. Greetings Ilya Maximets, I am a robot and I have tried out your patch. Thanks for your contribution. I encountered some error that I wasn't expecting. See the details below. Patch skipped due to previous failure. Please check this out. If you feel there has been an error, please email acon...@redhat.com Thanks, 0-day Robot ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH branch-3.0 2/2] Prepare for 3.0.4.
On 12/20/22 20:36, Aaron Conole wrote: > Ilya Maximets writes: > >> Signed-off-by: Ilya Maximets >> --- > > Acked-by: Aaron Conole Thanks! I applied all the patches now. Will update the website and send announce email soon. Best regards, Ilya Maximets. > >> NEWS | 3 +++ >> configure.ac | 2 +- >> debian/changelog | 6 ++ >> 3 files changed, 10 insertions(+), 1 deletion(-) >> >> diff --git a/NEWS b/NEWS >> index 4909b7b72..ff46fef3a 100644 >> --- a/NEWS >> +++ b/NEWS >> @@ -1,3 +1,6 @@ >> +v3.0.4 - xx xxx >> + >> + >> v3.0.3 - 20 Dec 2022 >> >> - Bug fixes >> diff --git a/configure.ac b/configure.ac >> index 0e32d5fc8..013f7cca5 100644 >> --- a/configure.ac >> +++ b/configure.ac >> @@ -13,7 +13,7 @@ >> # limitations under the License. >> >> AC_PREREQ(2.63) >> -AC_INIT(openvswitch, 3.0.3, b...@openvswitch.org) >> +AC_INIT(openvswitch, 3.0.4, b...@openvswitch.org) >> AC_CONFIG_SRCDIR([vswitchd/ovs-vswitchd.c]) >> AC_CONFIG_MACRO_DIR([m4]) >> AC_CONFIG_AUX_DIR([build-aux]) >> diff --git a/debian/changelog b/debian/changelog >> index ec8fcd8ca..ed2d35982 100644 >> --- a/debian/changelog >> +++ b/debian/changelog >> @@ -1,3 +1,9 @@ >> +openvswitch (3.0.4-1) unstable; urgency=low >> + [ Open vSwitch team ] >> + * New upstream version >> + >> + -- Open vSwitch team Tue, 20 Dec 2022 20:07:05 >> +0100 >> + >> openvswitch (3.0.3-1) unstable; urgency=low >> [ Open vSwitch team ] >> * New upstream version > ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH branch-2.15 2/2] Prepare for 2.15.8.
Ilya Maximets writes: > Signed-off-by: Ilya Maximets > --- Acked-by: Aaron Conole > NEWS | 3 +++ > configure.ac | 2 +- > debian/changelog | 6 ++ > 3 files changed, 10 insertions(+), 1 deletion(-) > > diff --git a/NEWS b/NEWS > index fb0a03960..8a34fbf5f 100644 > --- a/NEWS > +++ b/NEWS > @@ -1,3 +1,6 @@ > +v2.15.8 - xx xxx > +- > + > v2.15.7 - 20 Dec 2022 > - > - Bug fixes > diff --git a/configure.ac b/configure.ac > index 72f676d72..1fff02bb4 100644 > --- a/configure.ac > +++ b/configure.ac > @@ -13,7 +13,7 @@ > # limitations under the License. > > AC_PREREQ(2.63) > -AC_INIT(openvswitch, 2.15.7, b...@openvswitch.org) > +AC_INIT(openvswitch, 2.15.8, b...@openvswitch.org) > AC_CONFIG_SRCDIR([datapath/datapath.c]) > AC_CONFIG_MACRO_DIR([m4]) > AC_CONFIG_AUX_DIR([build-aux]) > diff --git a/debian/changelog b/debian/changelog > index b154ee197..4591ab2d9 100644 > --- a/debian/changelog > +++ b/debian/changelog > @@ -1,3 +1,9 @@ > +openvswitch (2.15.8-1) unstable; urgency=low > + [ Open vSwitch team ] > + * New upstream version > + > + -- Open vSwitch team Tue, 20 Dec 2022 20:06:37 +0100 > + > openvswitch (2.15.7-1) unstable; urgency=low > [ Open vSwitch team ] > * New upstream version ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH branch-3.0 1/2] Set release date for 3.0.3.
Ilya Maximets writes: > Signed-off-by: Ilya Maximets > --- Acked-by: Aaron Conole > NEWS | 7 ++- > debian/changelog | 2 +- > 2 files changed, 7 insertions(+), 2 deletions(-) > > diff --git a/NEWS b/NEWS > index 21f56f1ec..4909b7b72 100644 > --- a/NEWS > +++ b/NEWS > @@ -1,5 +1,10 @@ > -v3.0.3 - xx xxx > +v3.0.3 - 20 Dec 2022 > > + - Bug fixes > + - Security: > + * Fixed LLDP underflow issue while parsing malformed Auto Attach TLVs. > + The original patch is available here: > + > https://mail.openvswitch.org/pipermail/ovs-dev/2022-December/400596.html > > v3.0.2 - 01 Dec 2022 > > diff --git a/debian/changelog b/debian/changelog > index 304994f0b..ec8fcd8ca 100644 > --- a/debian/changelog > +++ b/debian/changelog > @@ -2,7 +2,7 @@ openvswitch (3.0.3-1) unstable; urgency=low > [ Open vSwitch team ] > * New upstream version > > - -- Open vSwitch team Thu, 01 Dec 2022 13:18:45 +0100 > + -- Open vSwitch team Tue, 20 Dec 2022 20:07:05 +0100 > > openvswitch (3.0.2-1) unstable; urgency=low > [ Open vSwitch team ] ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH branch-3.0 2/2] Prepare for 3.0.4.
Ilya Maximets writes: > Signed-off-by: Ilya Maximets > --- Acked-by: Aaron Conole > NEWS | 3 +++ > configure.ac | 2 +- > debian/changelog | 6 ++ > 3 files changed, 10 insertions(+), 1 deletion(-) > > diff --git a/NEWS b/NEWS > index 4909b7b72..ff46fef3a 100644 > --- a/NEWS > +++ b/NEWS > @@ -1,3 +1,6 @@ > +v3.0.4 - xx xxx > + > + > v3.0.3 - 20 Dec 2022 > > - Bug fixes > diff --git a/configure.ac b/configure.ac > index 0e32d5fc8..013f7cca5 100644 > --- a/configure.ac > +++ b/configure.ac > @@ -13,7 +13,7 @@ > # limitations under the License. > > AC_PREREQ(2.63) > -AC_INIT(openvswitch, 3.0.3, b...@openvswitch.org) > +AC_INIT(openvswitch, 3.0.4, b...@openvswitch.org) > AC_CONFIG_SRCDIR([vswitchd/ovs-vswitchd.c]) > AC_CONFIG_MACRO_DIR([m4]) > AC_CONFIG_AUX_DIR([build-aux]) > diff --git a/debian/changelog b/debian/changelog > index ec8fcd8ca..ed2d35982 100644 > --- a/debian/changelog > +++ b/debian/changelog > @@ -1,3 +1,9 @@ > +openvswitch (3.0.4-1) unstable; urgency=low > + [ Open vSwitch team ] > + * New upstream version > + > + -- Open vSwitch team Tue, 20 Dec 2022 20:07:05 +0100 > + > openvswitch (3.0.3-1) unstable; urgency=low > [ Open vSwitch team ] > * New upstream version ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH branch-2.15 1/2] Set release date for 2.15.7.
Ilya Maximets writes: > Signed-off-by: Ilya Maximets > --- Acked-by: Aaron Conole > NEWS | 7 ++- > debian/changelog | 2 +- > 2 files changed, 7 insertions(+), 2 deletions(-) > > diff --git a/NEWS b/NEWS > index 6510dfc96..fb0a03960 100644 > --- a/NEWS > +++ b/NEWS > @@ -1,5 +1,10 @@ > -v2.15.7 - xx xxx > +v2.15.7 - 20 Dec 2022 > - > + - Bug fixes > + - Security: > + * Fixed LLDP underflow issue while parsing malformed Auto Attach TLVs. > + The original patch is available here: > + > https://mail.openvswitch.org/pipermail/ovs-dev/2022-December/400596.html > > v2.15.6 - 07 Oct 2022 > - > diff --git a/debian/changelog b/debian/changelog > index e503d30d9..b154ee197 100644 > --- a/debian/changelog > +++ b/debian/changelog > @@ -2,7 +2,7 @@ openvswitch (2.15.7-1) unstable; urgency=low > [ Open vSwitch team ] > * New upstream version > > - -- Open vSwitch team Fri, 07 Oct 2022 13:12:36 +0200 > + -- Open vSwitch team Tue, 20 Dec 2022 20:06:37 +0100 > > openvswitch (2.15.6-1) unstable; urgency=low > [ Open vSwitch team ] ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH branch-2.14 2/2] Prepare for 2.14.9.
Ilya Maximets writes: > Signed-off-by: Ilya Maximets > --- Acked-by: Aaron Conole > NEWS | 3 +++ > configure.ac | 2 +- > debian/changelog | 6 ++ > 3 files changed, 10 insertions(+), 1 deletion(-) > > diff --git a/NEWS b/NEWS > index 1752cdebc..8b4c64ae4 100644 > --- a/NEWS > +++ b/NEWS > @@ -1,3 +1,6 @@ > +v2.14.9 - xx xxx > +- > + > v2.14.8 - 20 Dec 2022 > - > - Bug fixes > diff --git a/configure.ac b/configure.ac > index 322d46810..a9e664deb 100644 > --- a/configure.ac > +++ b/configure.ac > @@ -13,7 +13,7 @@ > # limitations under the License. > > AC_PREREQ(2.63) > -AC_INIT(openvswitch, 2.14.8, b...@openvswitch.org) > +AC_INIT(openvswitch, 2.14.9, b...@openvswitch.org) > AC_CONFIG_SRCDIR([datapath/datapath.c]) > AC_CONFIG_MACRO_DIR([m4]) > AC_CONFIG_AUX_DIR([build-aux]) > diff --git a/debian/changelog b/debian/changelog > index 6e90ce281..d607f73f1 100644 > --- a/debian/changelog > +++ b/debian/changelog > @@ -1,3 +1,9 @@ > +openvswitch (2.14.9-1) unstable; urgency=low > + [ Open vSwitch team ] > + * New upstream version > + > + -- Open vSwitch team Tue, 20 Dec 2022 20:06:25 +0100 > + > openvswitch (2.14.8-1) unstable; urgency=low > [ Open vSwitch team ] > * New upstream version ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH branch-2.17 1/2] Set release date for 2.17.5.
Ilya Maximets writes: > Signed-off-by: Ilya Maximets > --- Acked-by: Aaron Conole > NEWS | 7 ++- > debian/changelog | 2 +- > 2 files changed, 7 insertions(+), 2 deletions(-) > > diff --git a/NEWS b/NEWS > index 9dd57de05..2ea9ac0c2 100644 > --- a/NEWS > +++ b/NEWS > @@ -1,5 +1,10 @@ > -v2.17.5 - xx xxx > +v2.17.5 - 20 Dec 2022 > - > + - Bug fixes > + - Security: > + * Fixed LLDP underflow issue while parsing malformed Auto Attach TLVs. > + The original patch is available here: > + > https://mail.openvswitch.org/pipermail/ovs-dev/2022-December/400596.html > > v2.17.4 - 01 Dec 2022 > - > diff --git a/debian/changelog b/debian/changelog > index 46fed5cac..1bcc7c1bf 100644 > --- a/debian/changelog > +++ b/debian/changelog > @@ -2,7 +2,7 @@ openvswitch (2.17.5-1) unstable; urgency=low > [ Open vSwitch team ] > * New upstream version > > - -- Open vSwitch team Thu, 01 Dec 2022 13:16:55 +0100 > + -- Open vSwitch team Tue, 20 Dec 2022 20:06:56 +0100 > > openvswitch (2.17.4-1) unstable; urgency=low > [ Open vSwitch team ] ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH branch-2.14 1/2] Set release date for 2.14.8.
Ilya Maximets writes: > Signed-off-by: Ilya Maximets > --- Acked-by: Aaron Conole > NEWS | 7 ++- > debian/changelog | 2 +- > 2 files changed, 7 insertions(+), 2 deletions(-) > > diff --git a/NEWS b/NEWS > index 817249593..1752cdebc 100644 > --- a/NEWS > +++ b/NEWS > @@ -1,5 +1,10 @@ > -v2.14.8 - xx xxx > +v2.14.8 - 20 Dec 2022 > - > + - Bug fixes > + - Security: > + * Fixed LLDP underflow issue while parsing malformed Auto Attach TLVs. > + The original patch is available here: > + > https://mail.openvswitch.org/pipermail/ovs-dev/2022-December/400596.html > > v2.14.7 - 07 Oct 2022 > - > diff --git a/debian/changelog b/debian/changelog > index a3f016d0c..6e90ce281 100644 > --- a/debian/changelog > +++ b/debian/changelog > @@ -2,7 +2,7 @@ openvswitch (2.14.8-1) unstable; urgency=low > [ Open vSwitch team ] > * New upstream version > > - -- Open vSwitch team Fri, 07 Oct 2022 13:12:32 +0200 > + -- Open vSwitch team Tue, 20 Dec 2022 20:06:25 +0100 > > openvswitch (2.14.7-1) unstable; urgency=low > [ Open vSwitch team ] ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH branch-2.17 2/2] Prepare for 2.17.6.
Ilya Maximets writes: > Signed-off-by: Ilya Maximets > --- Acked-by: Aaron Conole > NEWS | 3 +++ > configure.ac | 2 +- > debian/changelog | 6 ++ > 3 files changed, 10 insertions(+), 1 deletion(-) > > diff --git a/NEWS b/NEWS > index 2ea9ac0c2..45b974ed2 100644 > --- a/NEWS > +++ b/NEWS > @@ -1,3 +1,6 @@ > +v2.17.6 - xx xxx > +- > + > v2.17.5 - 20 Dec 2022 > - > - Bug fixes > diff --git a/configure.ac b/configure.ac > index a108195e0..64db07f27 100644 > --- a/configure.ac > +++ b/configure.ac > @@ -13,7 +13,7 @@ > # limitations under the License. > > AC_PREREQ(2.63) > -AC_INIT(openvswitch, 2.17.5, b...@openvswitch.org) > +AC_INIT(openvswitch, 2.17.6, b...@openvswitch.org) > AC_CONFIG_SRCDIR([datapath/datapath.c]) > AC_CONFIG_MACRO_DIR([m4]) > AC_CONFIG_AUX_DIR([build-aux]) > diff --git a/debian/changelog b/debian/changelog > index 1bcc7c1bf..11de722a8 100644 > --- a/debian/changelog > +++ b/debian/changelog > @@ -1,3 +1,9 @@ > +openvswitch (2.17.6-1) unstable; urgency=low > + [ Open vSwitch team ] > + * New upstream version > + > + -- Open vSwitch team Tue, 20 Dec 2022 20:06:56 +0100 > + > openvswitch (2.17.5-1) unstable; urgency=low > [ Open vSwitch team ] > * New upstream version ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH branch-2.16 2/2] Prepare for 2.16.7.
Ilya Maximets writes: > Signed-off-by: Ilya Maximets > --- Acked-by: Aaron Conole > NEWS | 3 +++ > configure.ac | 2 +- > debian/changelog | 6 ++ > 3 files changed, 10 insertions(+), 1 deletion(-) > > diff --git a/NEWS b/NEWS > index b64bc0452..ee3855978 100644 > --- a/NEWS > +++ b/NEWS > @@ -1,3 +1,6 @@ > +v2.16.7 - xx xxx > +- > + > v2.16.6 - 20 Dec 2022 > - > - Bug fixes > diff --git a/configure.ac b/configure.ac > index 2a957c1e0..7382132ae 100644 > --- a/configure.ac > +++ b/configure.ac > @@ -13,7 +13,7 @@ > # limitations under the License. > > AC_PREREQ(2.63) > -AC_INIT(openvswitch, 2.16.6, b...@openvswitch.org) > +AC_INIT(openvswitch, 2.16.7, b...@openvswitch.org) > AC_CONFIG_SRCDIR([datapath/datapath.c]) > AC_CONFIG_MACRO_DIR([m4]) > AC_CONFIG_AUX_DIR([build-aux]) > diff --git a/debian/changelog b/debian/changelog > index 03cc2ea4b..a4f5011fe 100644 > --- a/debian/changelog > +++ b/debian/changelog > @@ -1,3 +1,9 @@ > +openvswitch (2.16.7-1) unstable; urgency=low > + [ Open vSwitch team ] > + * New upstream version > + > + -- Open vSwitch team Tue, 20 Dec 2022 20:06:45 +0100 > + > openvswitch (2.16.6-1) unstable; urgency=low > [ Open vSwitch team ] > * New upstream version ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH branch-2.16 1/2] Set release date for 2.16.6.
Ilya Maximets writes: > Signed-off-by: Ilya Maximets > --- Acked-by: Aaron Conole > NEWS | 7 ++- > debian/changelog | 2 +- > 2 files changed, 7 insertions(+), 2 deletions(-) > > diff --git a/NEWS b/NEWS > index 331af302b..b64bc0452 100644 > --- a/NEWS > +++ b/NEWS > @@ -1,5 +1,10 @@ > -v2.16.6 - xx xxx > +v2.16.6 - 20 Dec 2022 > - > + - Bug fixes > + - Security: > + * Fixed LLDP underflow issue while parsing malformed Auto Attach TLVs. > + The original patch is available here: > + > https://mail.openvswitch.org/pipermail/ovs-dev/2022-December/400596.html > > v2.16.5 - 07 Oct 2022 > - > diff --git a/debian/changelog b/debian/changelog > index e749ad5f2..03cc2ea4b 100644 > --- a/debian/changelog > +++ b/debian/changelog > @@ -2,7 +2,7 @@ openvswitch (2.16.6-1) unstable; urgency=low > [ Open vSwitch team ] > * New upstream version > > - -- Open vSwitch team Fri, 07 Oct 2022 13:12:46 +0200 > + -- Open vSwitch team Tue, 20 Dec 2022 20:06:45 +0100 > > openvswitch (2.16.5-1) unstable; urgency=low > [ Open vSwitch team ] ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH branch-2.13 1/2] Set release date for 2.13.10.
Ilya Maximets writes: > Signed-off-by: Ilya Maximets > --- Acked-by: Aaron Conole > NEWS | 7 ++- > debian/changelog | 2 +- > 2 files changed, 7 insertions(+), 2 deletions(-) > > diff --git a/NEWS b/NEWS > index fe5743bb8..a7527f135 100644 > --- a/NEWS > +++ b/NEWS > @@ -1,5 +1,10 @@ > -v2.13.10 - xx xxx > +v2.13.10 - 20 Dec 2022 > -- > + - Bug fixes > + - Security: > + * Fixed LLDP underflow issue while parsing malformed Auto Attach TLVs. > + The original patch is available here: > + > https://mail.openvswitch.org/pipermail/ovs-dev/2022-December/400596.html > > v2.13.9 - 07 Oct 2022 > - > diff --git a/debian/changelog b/debian/changelog > index 87231dcc6..018dccf78 100644 > --- a/debian/changelog > +++ b/debian/changelog > @@ -2,7 +2,7 @@ openvswitch (2.13.10-1) unstable; urgency=low > [ Open vSwitch team ] > * New upstream version > > - -- Open vSwitch team Fri, 07 Oct 2022 13:11:43 +0200 > + -- Open vSwitch team Tue, 20 Dec 2022 20:05:48 +0100 > > openvswitch (2.13.9-1) unstable; urgency=low > [ Open vSwitch team ] ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH branch-2.13 2/2] Prepare for 2.13.11.
Ilya Maximets writes: > Signed-off-by: Ilya Maximets > --- Acked-by: Aaron Conole > NEWS | 3 +++ > configure.ac | 2 +- > debian/changelog | 6 ++ > 3 files changed, 10 insertions(+), 1 deletion(-) > > diff --git a/NEWS b/NEWS > index a7527f135..7e80b57dc 100644 > --- a/NEWS > +++ b/NEWS > @@ -1,3 +1,6 @@ > +v2.13.11 - xx xxx > +-- > + > v2.13.10 - 20 Dec 2022 > -- > - Bug fixes > diff --git a/configure.ac b/configure.ac > index dc69fd768..6cb7f639c 100644 > --- a/configure.ac > +++ b/configure.ac > @@ -13,7 +13,7 @@ > # limitations under the License. > > AC_PREREQ(2.63) > -AC_INIT(openvswitch, 2.13.10, b...@openvswitch.org) > +AC_INIT(openvswitch, 2.13.11, b...@openvswitch.org) > AC_CONFIG_SRCDIR([datapath/datapath.c]) > AC_CONFIG_MACRO_DIR([m4]) > AC_CONFIG_AUX_DIR([build-aux]) > diff --git a/debian/changelog b/debian/changelog > index 018dccf78..48c2273df 100644 > --- a/debian/changelog > +++ b/debian/changelog > @@ -1,3 +1,9 @@ > +openvswitch (2.13.11-1) unstable; urgency=low > + [ Open vSwitch team ] > + * New upstream version > + > + -- Open vSwitch team Tue, 20 Dec 2022 20:05:48 +0100 > + > openvswitch (2.13.10-1) unstable; urgency=low > [ Open vSwitch team ] > * New upstream version ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH branch-3.0 2/2] Prepare for 3.0.4.
Signed-off-by: Ilya Maximets --- NEWS | 3 +++ configure.ac | 2 +- debian/changelog | 6 ++ 3 files changed, 10 insertions(+), 1 deletion(-) diff --git a/NEWS b/NEWS index 4909b7b72..ff46fef3a 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,6 @@ +v3.0.4 - xx xxx + + v3.0.3 - 20 Dec 2022 - Bug fixes diff --git a/configure.ac b/configure.ac index 0e32d5fc8..013f7cca5 100644 --- a/configure.ac +++ b/configure.ac @@ -13,7 +13,7 @@ # limitations under the License. AC_PREREQ(2.63) -AC_INIT(openvswitch, 3.0.3, b...@openvswitch.org) +AC_INIT(openvswitch, 3.0.4, b...@openvswitch.org) AC_CONFIG_SRCDIR([vswitchd/ovs-vswitchd.c]) AC_CONFIG_MACRO_DIR([m4]) AC_CONFIG_AUX_DIR([build-aux]) diff --git a/debian/changelog b/debian/changelog index ec8fcd8ca..ed2d35982 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +openvswitch (3.0.4-1) unstable; urgency=low + [ Open vSwitch team ] + * New upstream version + + -- Open vSwitch team Tue, 20 Dec 2022 20:07:05 +0100 + openvswitch (3.0.3-1) unstable; urgency=low [ Open vSwitch team ] * New upstream version -- 2.38.1 ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH branch-3.0 1/2] Set release date for 3.0.3.
Signed-off-by: Ilya Maximets --- NEWS | 7 ++- debian/changelog | 2 +- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/NEWS b/NEWS index 21f56f1ec..4909b7b72 100644 --- a/NEWS +++ b/NEWS @@ -1,5 +1,10 @@ -v3.0.3 - xx xxx +v3.0.3 - 20 Dec 2022 + - Bug fixes + - Security: + * Fixed LLDP underflow issue while parsing malformed Auto Attach TLVs. + The original patch is available here: + https://mail.openvswitch.org/pipermail/ovs-dev/2022-December/400596.html v3.0.2 - 01 Dec 2022 diff --git a/debian/changelog b/debian/changelog index 304994f0b..ec8fcd8ca 100644 --- a/debian/changelog +++ b/debian/changelog @@ -2,7 +2,7 @@ openvswitch (3.0.3-1) unstable; urgency=low [ Open vSwitch team ] * New upstream version - -- Open vSwitch team Thu, 01 Dec 2022 13:18:45 +0100 + -- Open vSwitch team Tue, 20 Dec 2022 20:07:05 +0100 openvswitch (3.0.2-1) unstable; urgency=low [ Open vSwitch team ] -- 2.38.1 ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH branch-2.17 0/2] Release patches for v2.17.5.
Bug fixes + Security issue in LLDP. Ilya Maximets (2): Set release date for 2.17.5. Prepare for 2.17.6. NEWS | 10 +- configure.ac | 2 +- debian/changelog | 8 +++- 3 files changed, 17 insertions(+), 3 deletions(-) -- 2.38.1 ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH branch-3.0 0/2] Release patches for v3.0.3.
Bug fixes + Security issue in LLDP. Ilya Maximets (2): Set release date for 3.0.3. Prepare for 3.0.4. NEWS | 10 +- configure.ac | 2 +- debian/changelog | 8 +++- 3 files changed, 17 insertions(+), 3 deletions(-) -- 2.38.1 ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH branch-2.17 2/2] Prepare for 2.17.6.
Signed-off-by: Ilya Maximets --- NEWS | 3 +++ configure.ac | 2 +- debian/changelog | 6 ++ 3 files changed, 10 insertions(+), 1 deletion(-) diff --git a/NEWS b/NEWS index 2ea9ac0c2..45b974ed2 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,6 @@ +v2.17.6 - xx xxx +- + v2.17.5 - 20 Dec 2022 - - Bug fixes diff --git a/configure.ac b/configure.ac index a108195e0..64db07f27 100644 --- a/configure.ac +++ b/configure.ac @@ -13,7 +13,7 @@ # limitations under the License. AC_PREREQ(2.63) -AC_INIT(openvswitch, 2.17.5, b...@openvswitch.org) +AC_INIT(openvswitch, 2.17.6, b...@openvswitch.org) AC_CONFIG_SRCDIR([datapath/datapath.c]) AC_CONFIG_MACRO_DIR([m4]) AC_CONFIG_AUX_DIR([build-aux]) diff --git a/debian/changelog b/debian/changelog index 1bcc7c1bf..11de722a8 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +openvswitch (2.17.6-1) unstable; urgency=low + [ Open vSwitch team ] + * New upstream version + + -- Open vSwitch team Tue, 20 Dec 2022 20:06:56 +0100 + openvswitch (2.17.5-1) unstable; urgency=low [ Open vSwitch team ] * New upstream version -- 2.38.1 ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH branch-2.16 2/2] Prepare for 2.16.7.
Signed-off-by: Ilya Maximets --- NEWS | 3 +++ configure.ac | 2 +- debian/changelog | 6 ++ 3 files changed, 10 insertions(+), 1 deletion(-) diff --git a/NEWS b/NEWS index b64bc0452..ee3855978 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,6 @@ +v2.16.7 - xx xxx +- + v2.16.6 - 20 Dec 2022 - - Bug fixes diff --git a/configure.ac b/configure.ac index 2a957c1e0..7382132ae 100644 --- a/configure.ac +++ b/configure.ac @@ -13,7 +13,7 @@ # limitations under the License. AC_PREREQ(2.63) -AC_INIT(openvswitch, 2.16.6, b...@openvswitch.org) +AC_INIT(openvswitch, 2.16.7, b...@openvswitch.org) AC_CONFIG_SRCDIR([datapath/datapath.c]) AC_CONFIG_MACRO_DIR([m4]) AC_CONFIG_AUX_DIR([build-aux]) diff --git a/debian/changelog b/debian/changelog index 03cc2ea4b..a4f5011fe 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +openvswitch (2.16.7-1) unstable; urgency=low + [ Open vSwitch team ] + * New upstream version + + -- Open vSwitch team Tue, 20 Dec 2022 20:06:45 +0100 + openvswitch (2.16.6-1) unstable; urgency=low [ Open vSwitch team ] * New upstream version -- 2.38.1 ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH branch-2.17 1/2] Set release date for 2.17.5.
Signed-off-by: Ilya Maximets --- NEWS | 7 ++- debian/changelog | 2 +- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/NEWS b/NEWS index 9dd57de05..2ea9ac0c2 100644 --- a/NEWS +++ b/NEWS @@ -1,5 +1,10 @@ -v2.17.5 - xx xxx +v2.17.5 - 20 Dec 2022 - + - Bug fixes + - Security: + * Fixed LLDP underflow issue while parsing malformed Auto Attach TLVs. + The original patch is available here: + https://mail.openvswitch.org/pipermail/ovs-dev/2022-December/400596.html v2.17.4 - 01 Dec 2022 - diff --git a/debian/changelog b/debian/changelog index 46fed5cac..1bcc7c1bf 100644 --- a/debian/changelog +++ b/debian/changelog @@ -2,7 +2,7 @@ openvswitch (2.17.5-1) unstable; urgency=low [ Open vSwitch team ] * New upstream version - -- Open vSwitch team Thu, 01 Dec 2022 13:16:55 +0100 + -- Open vSwitch team Tue, 20 Dec 2022 20:06:56 +0100 openvswitch (2.17.4-1) unstable; urgency=low [ Open vSwitch team ] -- 2.38.1 ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH branch-2.16 0/2] Release patches for v2.16.6.
Bug fixes + Security issue in LLDP. Ilya Maximets (2): Set release date for 2.16.6. Prepare for 2.16.7. NEWS | 10 +- configure.ac | 2 +- debian/changelog | 8 +++- 3 files changed, 17 insertions(+), 3 deletions(-) -- 2.38.1 ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH branch-2.16 1/2] Set release date for 2.16.6.
Signed-off-by: Ilya Maximets --- NEWS | 7 ++- debian/changelog | 2 +- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/NEWS b/NEWS index 331af302b..b64bc0452 100644 --- a/NEWS +++ b/NEWS @@ -1,5 +1,10 @@ -v2.16.6 - xx xxx +v2.16.6 - 20 Dec 2022 - + - Bug fixes + - Security: + * Fixed LLDP underflow issue while parsing malformed Auto Attach TLVs. + The original patch is available here: + https://mail.openvswitch.org/pipermail/ovs-dev/2022-December/400596.html v2.16.5 - 07 Oct 2022 - diff --git a/debian/changelog b/debian/changelog index e749ad5f2..03cc2ea4b 100644 --- a/debian/changelog +++ b/debian/changelog @@ -2,7 +2,7 @@ openvswitch (2.16.6-1) unstable; urgency=low [ Open vSwitch team ] * New upstream version - -- Open vSwitch team Fri, 07 Oct 2022 13:12:46 +0200 + -- Open vSwitch team Tue, 20 Dec 2022 20:06:45 +0100 openvswitch (2.16.5-1) unstable; urgency=low [ Open vSwitch team ] -- 2.38.1 ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH branch-2.15 2/2] Prepare for 2.15.8.
Signed-off-by: Ilya Maximets --- NEWS | 3 +++ configure.ac | 2 +- debian/changelog | 6 ++ 3 files changed, 10 insertions(+), 1 deletion(-) diff --git a/NEWS b/NEWS index fb0a03960..8a34fbf5f 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,6 @@ +v2.15.8 - xx xxx +- + v2.15.7 - 20 Dec 2022 - - Bug fixes diff --git a/configure.ac b/configure.ac index 72f676d72..1fff02bb4 100644 --- a/configure.ac +++ b/configure.ac @@ -13,7 +13,7 @@ # limitations under the License. AC_PREREQ(2.63) -AC_INIT(openvswitch, 2.15.7, b...@openvswitch.org) +AC_INIT(openvswitch, 2.15.8, b...@openvswitch.org) AC_CONFIG_SRCDIR([datapath/datapath.c]) AC_CONFIG_MACRO_DIR([m4]) AC_CONFIG_AUX_DIR([build-aux]) diff --git a/debian/changelog b/debian/changelog index b154ee197..4591ab2d9 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +openvswitch (2.15.8-1) unstable; urgency=low + [ Open vSwitch team ] + * New upstream version + + -- Open vSwitch team Tue, 20 Dec 2022 20:06:37 +0100 + openvswitch (2.15.7-1) unstable; urgency=low [ Open vSwitch team ] * New upstream version -- 2.38.1 ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH branch-2.15 1/2] Set release date for 2.15.7.
Signed-off-by: Ilya Maximets --- NEWS | 7 ++- debian/changelog | 2 +- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/NEWS b/NEWS index 6510dfc96..fb0a03960 100644 --- a/NEWS +++ b/NEWS @@ -1,5 +1,10 @@ -v2.15.7 - xx xxx +v2.15.7 - 20 Dec 2022 - + - Bug fixes + - Security: + * Fixed LLDP underflow issue while parsing malformed Auto Attach TLVs. + The original patch is available here: + https://mail.openvswitch.org/pipermail/ovs-dev/2022-December/400596.html v2.15.6 - 07 Oct 2022 - diff --git a/debian/changelog b/debian/changelog index e503d30d9..b154ee197 100644 --- a/debian/changelog +++ b/debian/changelog @@ -2,7 +2,7 @@ openvswitch (2.15.7-1) unstable; urgency=low [ Open vSwitch team ] * New upstream version - -- Open vSwitch team Fri, 07 Oct 2022 13:12:36 +0200 + -- Open vSwitch team Tue, 20 Dec 2022 20:06:37 +0100 openvswitch (2.15.6-1) unstable; urgency=low [ Open vSwitch team ] -- 2.38.1 ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH branch-2.15 0/2] Release patches for v2.15.7.
Bug fixes + Security issue in LLDP. Ilya Maximets (2): Set release date for 2.15.7. Prepare for 2.15.8. NEWS | 10 +- configure.ac | 2 +- debian/changelog | 8 +++- 3 files changed, 17 insertions(+), 3 deletions(-) -- 2.38.1 ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH branch-2.14 2/2] Prepare for 2.14.9.
Signed-off-by: Ilya Maximets --- NEWS | 3 +++ configure.ac | 2 +- debian/changelog | 6 ++ 3 files changed, 10 insertions(+), 1 deletion(-) diff --git a/NEWS b/NEWS index 1752cdebc..8b4c64ae4 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,6 @@ +v2.14.9 - xx xxx +- + v2.14.8 - 20 Dec 2022 - - Bug fixes diff --git a/configure.ac b/configure.ac index 322d46810..a9e664deb 100644 --- a/configure.ac +++ b/configure.ac @@ -13,7 +13,7 @@ # limitations under the License. AC_PREREQ(2.63) -AC_INIT(openvswitch, 2.14.8, b...@openvswitch.org) +AC_INIT(openvswitch, 2.14.9, b...@openvswitch.org) AC_CONFIG_SRCDIR([datapath/datapath.c]) AC_CONFIG_MACRO_DIR([m4]) AC_CONFIG_AUX_DIR([build-aux]) diff --git a/debian/changelog b/debian/changelog index 6e90ce281..d607f73f1 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +openvswitch (2.14.9-1) unstable; urgency=low + [ Open vSwitch team ] + * New upstream version + + -- Open vSwitch team Tue, 20 Dec 2022 20:06:25 +0100 + openvswitch (2.14.8-1) unstable; urgency=low [ Open vSwitch team ] * New upstream version -- 2.38.1 ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH branch-2.14 1/2] Set release date for 2.14.8.
Signed-off-by: Ilya Maximets --- NEWS | 7 ++- debian/changelog | 2 +- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/NEWS b/NEWS index 817249593..1752cdebc 100644 --- a/NEWS +++ b/NEWS @@ -1,5 +1,10 @@ -v2.14.8 - xx xxx +v2.14.8 - 20 Dec 2022 - + - Bug fixes + - Security: + * Fixed LLDP underflow issue while parsing malformed Auto Attach TLVs. + The original patch is available here: + https://mail.openvswitch.org/pipermail/ovs-dev/2022-December/400596.html v2.14.7 - 07 Oct 2022 - diff --git a/debian/changelog b/debian/changelog index a3f016d0c..6e90ce281 100644 --- a/debian/changelog +++ b/debian/changelog @@ -2,7 +2,7 @@ openvswitch (2.14.8-1) unstable; urgency=low [ Open vSwitch team ] * New upstream version - -- Open vSwitch team Fri, 07 Oct 2022 13:12:32 +0200 + -- Open vSwitch team Tue, 20 Dec 2022 20:06:25 +0100 openvswitch (2.14.7-1) unstable; urgency=low [ Open vSwitch team ] -- 2.38.1 ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH branch-2.14 0/2] Release patches for v2.14.8.
Bug fixes + Security issue in LLDP. Ilya Maximets (2): Set release date for 2.14.8. Prepare for 2.14.9. NEWS | 10 +- configure.ac | 2 +- debian/changelog | 8 +++- 3 files changed, 17 insertions(+), 3 deletions(-) -- 2.38.1 ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH branch-2.13 2/2] Prepare for 2.13.11.
Signed-off-by: Ilya Maximets --- NEWS | 3 +++ configure.ac | 2 +- debian/changelog | 6 ++ 3 files changed, 10 insertions(+), 1 deletion(-) diff --git a/NEWS b/NEWS index a7527f135..7e80b57dc 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,6 @@ +v2.13.11 - xx xxx +-- + v2.13.10 - 20 Dec 2022 -- - Bug fixes diff --git a/configure.ac b/configure.ac index dc69fd768..6cb7f639c 100644 --- a/configure.ac +++ b/configure.ac @@ -13,7 +13,7 @@ # limitations under the License. AC_PREREQ(2.63) -AC_INIT(openvswitch, 2.13.10, b...@openvswitch.org) +AC_INIT(openvswitch, 2.13.11, b...@openvswitch.org) AC_CONFIG_SRCDIR([datapath/datapath.c]) AC_CONFIG_MACRO_DIR([m4]) AC_CONFIG_AUX_DIR([build-aux]) diff --git a/debian/changelog b/debian/changelog index 018dccf78..48c2273df 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +openvswitch (2.13.11-1) unstable; urgency=low + [ Open vSwitch team ] + * New upstream version + + -- Open vSwitch team Tue, 20 Dec 2022 20:05:48 +0100 + openvswitch (2.13.10-1) unstable; urgency=low [ Open vSwitch team ] * New upstream version -- 2.38.1 ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH branch-2.13 1/2] Set release date for 2.13.10.
Signed-off-by: Ilya Maximets --- NEWS | 7 ++- debian/changelog | 2 +- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/NEWS b/NEWS index fe5743bb8..a7527f135 100644 --- a/NEWS +++ b/NEWS @@ -1,5 +1,10 @@ -v2.13.10 - xx xxx +v2.13.10 - 20 Dec 2022 -- + - Bug fixes + - Security: + * Fixed LLDP underflow issue while parsing malformed Auto Attach TLVs. + The original patch is available here: + https://mail.openvswitch.org/pipermail/ovs-dev/2022-December/400596.html v2.13.9 - 07 Oct 2022 - diff --git a/debian/changelog b/debian/changelog index 87231dcc6..018dccf78 100644 --- a/debian/changelog +++ b/debian/changelog @@ -2,7 +2,7 @@ openvswitch (2.13.10-1) unstable; urgency=low [ Open vSwitch team ] * New upstream version - -- Open vSwitch team Fri, 07 Oct 2022 13:11:43 +0200 + -- Open vSwitch team Tue, 20 Dec 2022 20:05:48 +0100 openvswitch (2.13.9-1) unstable; urgency=low [ Open vSwitch team ] -- 2.38.1 ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH branch-2.13 0/2] Release patches for v2.13.10.
Bug fixes + Security issue in LLDP. Ilya Maximets (2): Set release date for 2.13.10. Prepare for 2.13.11. NEWS | 10 +- configure.ac | 2 +- debian/changelog | 8 +++- 3 files changed, 17 insertions(+), 3 deletions(-) -- 2.38.1 ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH v2] lldp: fix bugs when parsing malformed AutoAttach
Ilya Maximets writes:
> On 12/20/22 15:36, Aaron Conole wrote:
>> The OVS LLDP implementation includes support for AutoAttach standard, which
>> the 'upstream' lldpd project does not include. As part of adding this
>> support, the message parsing for these TLVs did not include proper length
>> checks for the LLDP_TLV_AA_ELEMENT_SUBTYPE and the
>> LLDP_TLV_AA_ISID_VLAN_ASGNS_SUBTYPE elements. The result is that a message
>> without a proper boundary will cause an overread of memory, and lead to
>> undefined results, including crashes or other unidentified behavior.
>>
>> The fix is to introduce proper bounds checking for these elements. Introduce
>> a unit test to ensure that we have some proper rejection in this code
>> base in the future.
>>
>> Fixes: be53a5c447c3 ("auto-attach: Initial support for Auto-Attach standard")
>> Signed-off-by: Qian Chen
>> Co-authored-by: Aaron Conole
>> Signed-off-by: Aaron Conole
>> ---
>> NOTES: This bug is publicly known and disclosed at
>>https://github.com/openvswitch/ovs/pull/405 which makes this mostly
>>a repost.
>> v2:Convert from system traffic test to a basic unit test
>>
>> lib/lldp/lldp.c | 2 ++
>> tests/ofproto-dpif.at | 19 +++
>> 2 files changed, 21 insertions(+)
>
> Thanks! I fixed the authorship that changed between the versions
> for some reason and applied the fix. Backported down to 2.13.
Thanks - not sure how that happened.
> Best regards, Ilya Maximets.
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH v2] dpif-netdev: Load based PMD sleeping.
On 19/12/2022 16:18, Ilya Maximets wrote: On 12/16/22 18:50, Kevin Traynor wrote: Sleep for an incremental amount of time if none of the Rx queues assigned to a PMD have at least half a batch of packets (i.e. 16 pkts) on an polling iteration of the PMD. Upon detecting the threshold of >= 16 pkts on an Rxq, reset the sleep time to zero (i.e. no sleep). Sleep time will be increased by 1 uS on each iteration where the low load conditions remain up to a total of the max sleep time which has a default of 250 uS. Hi, Kevin. Thanks for the patch! The feature seems interesting. At least, as an experimental feature for users to try out. See some comments below. Hi Ilya, Thanks for reviewing. Comments below, thanks, Kevin. The feature is off by default and can be enabled by: ovs-vsctl set Open_vSwitch . other_config:pmd-powersave=true The max sleep time per iteration can be set e.g. to set to 500 uS: ovs-vsctl set Open_vSwitch . other_config:pmd-powersave-maxsleep=500 Do we actually need two separate options for this? What about dropping the general 'pmd-powersave' option and only keeping the max sleep configuration with '0' being a default and meaning no sleep? We may recommend some value in the docs, but it will ultimately be a user's decision. We definitely don't need both to operate now. There's just a couple of things to consider about the interface. If having a default is useful for users, or we can expect that they would be ok with coming up with a value. In some ways it's nice that they would have to pick a value because it forces them to be aware of the latency trade-off :-) Another thing is how much to abstract the user i.e. if we want the user to have a powersaving feature, in which we may change the implementation (think interrupts), or have a pmd sleep feature which can (hopefully) result in power saving for them. I suppose a plus for only a max-sleep setting is that it's easier to start one config knob and add another if needed. Also, now that it is limited to 10 ms, it is not as easy for a user to put in something crazy. OTOH, if the implementation changed or became some mix of interrupts and sleeps, the user would likely need to change their commands. Just sharing thoughts above, I'm ok with single max-sleep param for now as there is no concrete plan for changing the underlying implementation at present. Interested to hear what anyone else thinks about the user controls. We might also drop the 'powersave' part from the knob and just have 'pmd-max-sleep'. But I have no strong opinion on this. sure, the 'powersave' was to tie the config knobs together, so we could remove it if removing =true. The single max sleep option can be extended in the future to accept a list of 'core:value' pairs for a fine grained per-PMD control, if necessary, without breaking backward compatibility. But that is probably not needed right now. True. Something along these lines is already requested by Thilak. Also add new stats to pmd-perf-show to get visibility of operation e.g. - No-sleep hit:36445 ( 98.4 % of busy it) Sleep time: 3350902 uS ( 34 us/it avg.)> Signed-off-by: Kevin Traynor --- v2: - Updated to mark feature as experimental as there is still discussion on it's operation and control knobs - Added pmd-powersave-maxsleep to set the max requested sleep time - Added unit tests for pmd-powersave and pmd-powersave-maxsleep config knobs - Added docs to explain that requested sleep time and actual sleep time may differ - Added actual measurement of sleep time instead of reporting requested time - Removed Max sleep hit statistics - Added total sleep time statistic for the length of the measurement period (avg. uS per iteration still exists also) - Updated other statistics to account for sleep time - Some renaming - Replaced xnanosleep with nanosleep to avoid having to start/end quiesce for every sleep (this may KO this feature on Windows) Maybe convert a current xnanosleep with a static void xnanosleep__(uint64_t nanoseconds, bool need_to_quiesce) and create 2 wrappers with true/false as arguments: xnanosleep() and xnanosleep_no_quiesce() ? Or something like that? yes, i had thought about doing something like that, but figured it could be extended to Windows laterhowever, I see next comment, so seems better to do now. I didn't test, but the current code might break the windows build, not only this particular function. I had not thought about that! - Limited max requested sleep to max PMD quiesce time (10 ms) - Adapted ALB measurement about whether a PMD is overloaded to account for time spent sleeping --- Documentation/topics/dpdk/pmd.rst | 46 + lib/dpif-netdev-perf.c| 26 -- lib/dpif-netdev-perf.h| 5 +- lib/dpif-netdev.c | 86 +-- tests/pmd.at | 43
Re: [ovs-dev] [PATCH v2] lldp: fix bugs when parsing malformed AutoAttach
On 12/20/22 15:36, Aaron Conole wrote:
> The OVS LLDP implementation includes support for AutoAttach standard, which
> the 'upstream' lldpd project does not include. As part of adding this
> support, the message parsing for these TLVs did not include proper length
> checks for the LLDP_TLV_AA_ELEMENT_SUBTYPE and the
> LLDP_TLV_AA_ISID_VLAN_ASGNS_SUBTYPE elements. The result is that a message
> without a proper boundary will cause an overread of memory, and lead to
> undefined results, including crashes or other unidentified behavior.
>
> The fix is to introduce proper bounds checking for these elements. Introduce
> a unit test to ensure that we have some proper rejection in this code
> base in the future.
>
> Fixes: be53a5c447c3 ("auto-attach: Initial support for Auto-Attach standard")
> Signed-off-by: Qian Chen
> Co-authored-by: Aaron Conole
> Signed-off-by: Aaron Conole
> ---
> NOTES: This bug is publicly known and disclosed at
>https://github.com/openvswitch/ovs/pull/405 which makes this mostly
>a repost.
> v2:Convert from system traffic test to a basic unit test
>
> lib/lldp/lldp.c | 2 ++
> tests/ofproto-dpif.at | 19 +++
> 2 files changed, 21 insertions(+)
Thanks! I fixed the authorship that changed between the versions
for some reason and applied the fix. Backported down to 2.13.
Best regards, Ilya Maximets.
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH v3] stream-ssl: fix setting key and certificate
stream_ssl_set_key_and_cert is supposed to, whenever either the certificate or
the private key file changes, re-read both of them.
It was re-reading them only when both changed.
So, if, for instance, certificate was changed a few seconds only after changing
the key, the new key and certificate were never applied.
A few patches have been proposed on similar issues.
This patch tries to take into account the inputs/comments from them i.e.
- avoid crash on NULL private key and valid certificate
(from d5d0c94551b6 ("stream-ssl: Fix crash on NULL private key and valid
certificate."))
- avoid breaking setup while the second component is not updated
(from
https://patchwork.ozlabs.org/project/openvswitch/patch/20210513213311.1870647-1-hz...@ovn.org/
- update key and cert, if they are valid.
Fixes: d5d0c94551b6 ("stream-ssl: Fix crash on NULL private key and valid
certificate.")
Signed-off-by: Xavier Simonart
---
v2: fix 'rl' shadows an earlier one
v3: fix uggly memory leak
---
lib/stream-ssl.c | 120 +++---
tests/ovsdb-server.at | 36 +
2 files changed, 126 insertions(+), 30 deletions(-)
diff --git a/lib/stream-ssl.c b/lib/stream-ssl.c
index 62da9febb..f56cb1ec7 100644
--- a/lib/stream-ssl.c
+++ b/lib/stream-ssl.c
@@ -76,6 +76,12 @@ enum session_type {
SERVER
};
+enum ssl_update_result {
+SSL_UPDATE_ERROR,
+SSL_NOT_UPDATED,
+SSL_UPDATED
+};
+
struct ssl_stream
{
struct stream stream;
@@ -186,6 +192,7 @@ static unsigned int next_session_nr;
static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(10, 25);
static int ssl_init(void);
+static SSL_CTX *new_ssl_ctx(void);
static int do_ssl_init(void);
static bool ssl_wants_io(int ssl_error);
static void ssl_close(struct stream *);
@@ -201,7 +208,8 @@ static void stream_ssl_set_ca_cert_file__(const char
*file_name,
bool bootstrap, bool force);
static void ssl_protocol_cb(int write_p, int version, int content_type,
const void *, size_t, SSL *, void *sslv_);
-static bool update_ssl_config(struct ssl_config_file *, const char *file_name);
+static enum ssl_update_result update_ssl_config(struct ssl_config_file *,
+const char *file_name);
static int sock_errno(void);
static short int
@@ -1010,11 +1018,39 @@ ssl_init(void)
return init_status;
}
-static int
-do_ssl_init(void)
+static SSL_CTX *
+new_ssl_ctx(void)
{
SSL_METHOD *method;
+/* OpenSSL has a bunch of "connection methods": SSLv2_method(),
+ * SSLv3_method(), TLSv1_method(), SSLv23_method(), ... Most of these
+ * support exactly one version of SSL, e.g. TLSv1_method() supports TLSv1
+ * only, not any earlier *or later* version. The only exception is
+ * SSLv23_method(), which in fact supports *any* version of SSL and TLS.
+ * We don't want SSLv2 or SSLv3 support, so we turn it off below with
+ * SSL_CTX_set_options().
+ *
+ * The cast is needed to avoid a warning with newer versions of OpenSSL in
+ * which SSLv23_method() returns a "const" pointer. */
+method = CONST_CAST(SSL_METHOD *, SSLv23_method());
+if (method == NULL) {
+VLOG_ERR("TLSv1_method: %s", ERR_error_string(ERR_get_error(), NULL));
+return NULL;
+}
+
+SSL_CTX *new_ctx = SSL_CTX_new(method);
+if (new_ctx == NULL) {
+VLOG_ERR_RL(, "SSL_new: %s",
+ERR_error_string(ERR_get_error(), NULL));
+return NULL;
+}
+return new_ctx;
+}
+
+static int
+do_ssl_init(void)
+{
#if OPENSSL_VERSION_NUMBER < 0x1010L || defined (LIBRESSL_VERSION_NUMBER)
#ifdef _WIN32
/* The following call is needed if we "#include ". */
@@ -1054,25 +1090,8 @@ do_ssl_init(void)
RAND_seed(seed, sizeof seed);
}
-/* OpenSSL has a bunch of "connection methods": SSLv2_method(),
- * SSLv3_method(), TLSv1_method(), SSLv23_method(), ... Most of these
- * support exactly one version of SSL, e.g. TLSv1_method() supports TLSv1
- * only, not any earlier *or later* version. The only exception is
- * SSLv23_method(), which in fact supports *any* version of SSL and TLS.
- * We don't want SSLv2 or SSLv3 support, so we turn it off below with
- * SSL_CTX_set_options().
- *
- * The cast is needed to avoid a warning with newer versions of OpenSSL in
- * which SSLv23_method() returns a "const" pointer. */
-method = CONST_CAST(SSL_METHOD *, SSLv23_method());
-if (method == NULL) {
-VLOG_ERR("TLSv1_method: %s", ERR_error_string(ERR_get_error(), NULL));
-return ENOPROTOOPT;
-}
-
-ctx = SSL_CTX_new(method);
+ctx = new_ssl_ctx();
if (ctx == NULL) {
-VLOG_ERR("SSL_CTX_new: %s", ERR_error_string(ERR_get_error(), NULL));
return ENOPROTOOPT;
}
SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
@@ -1132,14 +1151,19 @@
[ovs-dev] [syzbot] KASAN: use-after-free Read in ovs_vport_locate
Hello, syzbot found the following issue on: HEAD commit:041fae9c105a Merge tag 'f2fs-for-6.2-rc1' of git://git.ker.. git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=15c5d02048 kernel config: https://syzkaller.appspot.com/x/.config?x=836aafbf33f4fa6c dashboard link: https://syzkaller.appspot.com/bug?extid=8f4e2dcfcb3209ac35f9 compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 Unfortunately, I don't have any reproducer for this issue yet. Downloadable assets: disk image: https://storage.googleapis.com/syzbot-assets/30e749b24df4/disk-041fae9c.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/dd6d972f5b02/vmlinux-041fae9c.xz kernel image: https://storage.googleapis.com/syzbot-assets/405163d7c7cc/bzImage-041fae9c.xz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+8f4e2dcfcb3209ac3...@syzkaller.appspotmail.com netlink: 208 bytes leftover after parsing attributes in process `syz-executor.4'. == BUG: KASAN: use-after-free in read_pnet include/net/net_namespace.h:383 [inline] BUG: KASAN: use-after-free in ovs_dp_get_net net/openvswitch/datapath.h:195 [inline] BUG: KASAN: use-after-free in ovs_vport_locate+0x131/0x150 net/openvswitch/vport.c:103 Read of size 8 at addr 88802055e360 by task syz-executor.4/5621 CPU: 0 PID: 5621 Comm: syz-executor.4 Not tainted 6.1.0-syzkaller-10971-g041fae9c105a #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xd1/0x138 lib/dump_stack.c:106 print_address_description mm/kasan/report.c:306 [inline] print_report+0x15e/0x461 mm/kasan/report.c:417 kasan_report+0xbf/0x1f0 mm/kasan/report.c:517 read_pnet include/net/net_namespace.h:383 [inline] ovs_dp_get_net net/openvswitch/datapath.h:195 [inline] ovs_vport_locate+0x131/0x150 net/openvswitch/vport.c:103 lookup_datapath+0x54/0x3a0 net/openvswitch/datapath.c:1628 ovs_dp_reset_user_features net/openvswitch/datapath.c:1639 [inline] ovs_dp_cmd_new+0xd5b/0x11c0 net/openvswitch/datapath.c:1848 genl_family_rcv_msg_doit.isra.0+0x1e6/0x2d0 net/netlink/genetlink.c:968 genl_family_rcv_msg net/netlink/genetlink.c:1048 [inline] genl_rcv_msg+0x4ff/0x7e0 net/netlink/genetlink.c:1065 netlink_rcv_skb+0x165/0x440 net/netlink/af_netlink.c:2564 genl_rcv+0x28/0x40 net/netlink/genetlink.c:1076 netlink_unicast_kernel net/netlink/af_netlink.c:1330 [inline] netlink_unicast+0x547/0x7f0 net/netlink/af_netlink.c:1356 netlink_sendmsg+0x91b/0xe10 net/netlink/af_netlink.c:1932 sock_sendmsg_nosec net/socket.c:714 [inline] sock_sendmsg+0xd3/0x120 net/socket.c:734 sys_sendmsg+0x712/0x8c0 net/socket.c:2476 ___sys_sendmsg+0x110/0x1b0 net/socket.c:2530 __sys_sendmsg+0xf7/0x1c0 net/socket.c:2559 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7f142348c0d9 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:7f14240ff168 EFLAGS: 0246 ORIG_RAX: 002e RAX: ffda RBX: 7f14235abf80 RCX: 7f142348c0d9 RDX: 0800 RSI: 2100 RDI: 0003 RBP: 7f14234e7ae9 R08: R09: R10: R11: 0246 R12: R13: 7ffdd965a34f R14: 7f14240ff300 R15: 00022000 Allocated by task 5564: kasan_save_stack+0x22/0x40 mm/kasan/common.c:45 kasan_set_track+0x25/0x30 mm/kasan/common.c:52 kasan_kmalloc mm/kasan/common.c:371 [inline] kasan_kmalloc mm/kasan/common.c:330 [inline] __kasan_kmalloc+0xa3/0xb0 mm/kasan/common.c:380 kmalloc include/linux/slab.h:580 [inline] kzalloc include/linux/slab.h:720 [inline] ovs_dp_cmd_new+0x1a3/0x11c0 net/openvswitch/datapath.c:1796 genl_family_rcv_msg_doit.isra.0+0x1e6/0x2d0 net/netlink/genetlink.c:968 genl_family_rcv_msg net/netlink/genetlink.c:1048 [inline] genl_rcv_msg+0x4ff/0x7e0 net/netlink/genetlink.c:1065 netlink_rcv_skb+0x165/0x440 net/netlink/af_netlink.c:2564 genl_rcv+0x28/0x40 net/netlink/genetlink.c:1076 netlink_unicast_kernel net/netlink/af_netlink.c:1330 [inline] netlink_unicast+0x547/0x7f0 net/netlink/af_netlink.c:1356 netlink_sendmsg+0x91b/0xe10 net/netlink/af_netlink.c:1932 sock_sendmsg_nosec net/socket.c:714 [inline] sock_sendmsg+0xd3/0x120 net/socket.c:734 sys_sendmsg+0x712/0x8c0 net/socket.c:2476 ___sys_sendmsg+0x110/0x1b0 net/socket.c:2530 __sys_sendmsg+0xf7/0x1c0 net/socket.c:2559 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd Freed by
Re: [ovs-dev] [PATCH] Revert "rhel: Move conf.db to /var/lib/openvswitch, using symlinks."
On 12/15/22 14:05, Ilya Maximets wrote: > This reverts commit 59e8cb8a053d50f49629be8b6fd614562d066404. > > Commit broke the package install on a clean system and also doesn't > seem to manage access rights for created symlinks correctly. > > Revert it until a proper solution is proposed. > > Reported-at: > https://mail.openvswitch.org/pipermail/ovs-dev/2022-December/400045.html > Reported-by: Roi Dayan > Signed-off-by: Ilya Maximets > --- > rhel/openvswitch-fedora.spec.in | 27 --- > 1 file changed, 4 insertions(+), 23 deletions(-) > Superseded by the actual fix: https://patchwork.ozlabs.org/project/openvswitch/patch/d7f650c4973284b713ce22c08d2b93468c835996.1671204586.git.tredae...@redhat.com/ ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [ovs-dev v7 1/3] ofproto-dpif-upcall: fix push_dp_ops
On 19 Dec 2022, at 11:52, Peng He wrote:
> Eelco Chaudron 于2022年12月16日周五 23:00写道:
>
>>
>>
>> On 16 Dec 2022, at 8:56, Peng He wrote:
>>
>>> From: Peng He
>>> To: Eelco Chaudron
>>> Cc: Ilya Maximets , ovs-dev@openvswitch.org
>>> Subject: Re: [ovs-dev v7 1/3] ofproto-dpif-upcall: fix push_dp_ops
>>> Date: Fri, 16 Dec 2022 15:56:32 +0800
>>>
>>> Eelco Chaudron 于2022年12月13日周二 20:36写道:
>>>
On 10 Dec 2022, at 1:37, Peng He wrote:
> Patch v5 has statistics issues.
>
> In order to solve this issue, we had a discussion.
>
> below is the quote of the email.
>
> ”
> After a second thought, I think maybe keeping INCONSISTENT just for the
> modify error is a better option.
>
> With current patch:
> 1.
> the modify error case:
> OPERATIONAL -> INCONSISTENT -> EVICTING -> EVICTED
> 2.
> the delete error case:
> EVICTING -> EVICTED
>
> Change both to INCONSISTENT:
>
> the modify error case:
> did not change.
>
> the delete error case:
> EVICTING -> INCONSISTENT -> EVICTED?
>
> “
>
> And we agree to take the second solution.
I know, but going over the state meanings again, UKEY_EVICTING means the
following:
/* Ukey is in umap, datapath flow delete is queued. */
Which now no longer is the case, so should a new state not make more
>> sense?
>>>
>>> Why it's no longer valid?
>>>
>>> In the patch, only modify failed ukey will be set to EVICTING, is it just
>>> right fit the meaning of
>>> EVICTING? (ukey in the umap, but delete operation is queued?)
>>
>> But it’s not as the delete operation is not queued, that is done in the
>> revalidator_sweep__() part.
>>
>
> Understand now.
>
>
>>
Any one else has some input on this??
> Eelco Chaudron 于2022年12月8日周四 18:54写道:
>
>>
>>
>> On 27 Nov 2022, at 8:28, Peng He wrote:
>>
>>> push_dp_ops only handles delete ops errors but ignores the modify
>>> ops results. It's better to handle all the dp operation errors in
>>> a consistent way.
>>>
>>> We observe in the production environment that sometimes a megaflow
>>> with wrong actions keep staying in datapath. The coverage command
>> shows
>>> revalidators have dumped several times, however the correct
>>> actions are not set. This implies that the ukey's action does not
>>> equal to the meagaflow's, i.e. revalidators think the underlying
>>> megaflow's actions are correct however they are not.
>>>
>>> We also check the megaflow using the ofproto/trace command, and the
>>> actions are not matched with the ones in the actual magaflow. By
>>> performing a revalidator/purge command, the right actions are set.
>>>
>>> This patch prevents the inconsistency by considering modify failure
>>> in revalidators.
>>>
>>> To note, we cannot perform two state transitions and change
>> ukey_state
>>> into UKEY_EVICTED directly here, because, if we do so, the
>>> sweep will remove the ukey alone and leave dp flow alive. Later, the
>>> dump will retrieve the dp flow and might even recover it. This will
>>> contribute the stats of this dp flow twice.
>>>
>>> Signed-off-by: Peng He
>>> ---
>>> ofproto/ofproto-dpif-upcall.c | 34
>> +++---
>>> 1 file changed, 23 insertions(+), 11 deletions(-)
>>>
>>> diff --git a/ofproto/ofproto-dpif-upcall.c
>> b/ofproto/ofproto-dpif-upcall.c
>>> index 7ad728adf..c2cefbeb8 100644
>>> --- a/ofproto/ofproto-dpif-upcall.c
>>> +++ b/ofproto/ofproto-dpif-upcall.c
>>> @@ -2416,26 +2416,30 @@ push_dp_ops(struct udpif *udpif, struct
>> ukey_op
>> *ops, size_t n_ops)
>>>
>>> for (i = 0; i < n_ops; i++) {
>>> struct ukey_op *op = [i];
>>> -struct dpif_flow_stats *push, *stats, push_buf;
>>> -
>>> -stats = op->dop.flow_del.stats;
>>> -push = _buf;
>>> -
>>> -if (op->dop.type != DPIF_OP_FLOW_DEL) {
>>> -/* Only deleted flows need their stats pushed. */
>>> -continue;
>>> -}
>>>
>>> if (op->dop.error) {
>>> -/* flow_del error, 'stats' is unusable. */
>>> if (op->ukey) {
>>> ovs_mutex_lock(>ukey->mutex);
>>> -transition_ukey(op->ukey, UKEY_EVICTED);
>>> +if (op->dop.type == DPIF_OP_FLOW_DEL) {
>>> +transition_ukey(op->ukey, UKEY_EVICTED);
>>> +} else {
I think we could use a comment here to make sure why we set it to
evicting. Maybe just a reference to the comment in revalidator_sweep__()
might be enough.
>>> +transition_ukey(op->ukey, UKEY_EVICTING);
>>> +}
>>>
Re: [ovs-dev] [PATCH v2 2/7] netdev-afxdp: Allow building with libxdp and newer libbpf.
On 20 Dec 2022, at 14:58, Ilya Maximets wrote: > On 12/20/22 14:01, Eelco Chaudron wrote: >> >> >> On 19 Dec 2022, at 13:20, Ilya Maximets wrote: >> >>> AF_XDP functions was deprecated in libbpf 0.7 and moved to libxdp. >>> Functions bpf_get/set_link_xdp_id() was deprecated in libbpf 0.8 >>> and replaced with bpf_xdp_query_id() and bpf_xdp_attach/detach(). >>> >>> Updating configuration and source code to accommodate above changes >>> and allow building OVS with AF_XDP support on newer systems: >>> >>> - Checking availability of the libxdp in a system by looking >>>for a library providing libxdp_strerror(). >>> >>> - Checking for xsk.h header provided by libxdp-dev[el] first, >>>fall back to xsk.h from libbpf if not found. >>> >>> - Check for the NEED_WAKEUP feature replaced with direct checking >>>in the source code if XDP_USE_NEED_WAKEUP is defined. >>> >>> - Checking availability of bpf_xdp_query_id and bpf_xdp_detach >>>and using them instead of deprecated APIs. Fall back to old >>>functions if not found. >> >> So I guess this requires our build environment to match our runtime >> environment, as these functions are from dynamic libraries, not statically >> linked? > > Not exactly match, but symbols available during the build should > be present in the runtime. In general it means that libraries > at build time should be the same or older than runtime ones. > > If the build environment is newer that will obviously not work, > but I don't think that is generally supported anyway. Guess we will find out once we switch the default ;) >> >> I guess this is find, as long as people understand it. >> >>> >>> - Dropped LIBBPF_LDADD variable as it makes library and function >>>detection much harder without providing any actual benefits. >>>AC_SEARCH_LIBS is used instead and it allows use of AC_CHECK_FUNCS. >>> >>> - Header includes moved around to files where they are actually used. >>> >>> - Removed libelf dependency as it is not really used. >>> >>> With these changes it should be possible to build OVS with either: >>> >>> - libbpf built from the kernel sources (5.19 or older). >>> - libbpf < 0.7 provided in distributions. >>> - libxdp and libbpf >= 0.7 provided in newer distributions. >>> >>> libxdp added as a build dependency for Fedora build since all >>> supported versions of Fedora are packaging this library. >>> >>> Signed-off-by: Ilya Maximets >> >> I have problems building this on my fedora35 system with >> gcc-11.3.1-3.fc35.x86_64: >> >> libtool: link: ( cd "include/openvswitch/.libs" && rm -f "libcxxtest.la" && >> ln -s "../libcxxtest.la" "libcxxtest.la" ) >> In file included from lib/netdev-linux-private.h:30, >> from lib/netdev-afxdp.c:19: >> In function ‘dp_packet_delete’, >> inlined from ‘dp_packet_delete’ at lib/dp-packet.h:246:1, >> inlined from ‘dp_packet_batch_add__’ at lib/dp-packet.h:775:9, >> inlined from ‘dp_packet_batch_add’ at lib/dp-packet.h:783:5, >> inlined from ‘netdev_afxdp_rxq_recv’ at lib/netdev-afxdp.c:894:9: >> lib/dp-packet.h:260:9: error: ‘free’ called on pointer ‘*umem.xpool.array’ >> with nonzero offset [8, 2558044588346441168] [-Werror=free-nonheap-object] >> 260 | free(b); >> | ^~~ >> >> Guess it does not recognise the (b->source == DPBUF_AFXDP) statement… > > This is annoying, I didn't found a way to trick compiler into > doing the right thing. The code path is fairly obvious and > b->source is always set on that code path just a few lines above. > > So, it definitely looks like a compiler bug. > > Do you know of a good portable way disabling warnings in the code? > Otherwise, we can disable it globally in the configure script if > building with AF_XDP. I know there is ‘#pragma clang diagnostic’ and ‘#pragma gcc diagnostic’ not sure what other compilers we support. >> >> This is my build config: >> >> ./configure --enable-Werror --enable-usdt-probes --localstatedir=/var >> --prefix=/usr --sysconfdir=/etc --enable-afxdp >> >> Guess this should be fixed before we enable afxdp by default? >> >> >> Also when I build it without the Werror option I’m not able to start a >> sandbox: >> >> make[1]: Leaving directory '/home/echaudron/Documents/review/ovs_ilya_afxdp' >> ovsdb-tool create conf.db >> /home/echaudron/Documents/review/ovs_ilya_afxdp/vswitchd/vswitch.ovsschema >> ovsdb-tool: symbol lookup error: /lib64/libxdp.so.1: undefined symbol: >> silence_libbpf_logging >> cat: >> '/home/echaudron/Documents/review/ovs_ilya_afxdp/tutorial/sandbox/*.pid': No >> such file or directory >> >> But this might be something specific to libxdp on my system, and libbpf :( > > Yeah, I guess libxdp and libbpf versions on f35 are not really compatible. > We're not calling silence_libbpf_logging from OVS, so it's a call from the > libbpf itself. > >> >>> --- >>> NEWS| 2 ++ >>> acinclude.m4| 21 +- >>>
Re: [ovs-dev] [PATCH ovn 1/2] .ci: ovn-kubernetes: Add a "prepare" stage to allow for custom actions.
On 12/20/22 16:30, Dumitru Ceara wrote:
> One example is to allow us to change the ovn-kubernetes code that
> decides what e2e tests are run. That's needed on older stable branches
> that don't support all the features that newer OVN versions do.
>
> Currently, on the main branch, there's no custom change required but on
> older branches (branch-22.09 -> branch-22.03) the affinity timeout
> related tests should be disabled because the OVN feature didn't exist
> there. An upcoming patch does that.
>
> Signed-off-by: Dumitru Ceara
> ---
> .ci/ovn-kubernetes/Dockerfile| 10 +-
> .ci/ovn-kubernetes/custom.patch |0
> .ci/ovn-kubernetes/prepare.sh| 20
> .github/workflows/ovn-kubernetes.yml |7 +++
> Makefile.am |2 ++
> 5 files changed, 38 insertions(+), 1 deletion(-)
> create mode 100644 .ci/ovn-kubernetes/custom.patch
> create mode 100755 .ci/ovn-kubernetes/prepare.sh
>
> diff --git a/.ci/ovn-kubernetes/Dockerfile b/.ci/ovn-kubernetes/Dockerfile
> index e74b620be8..7edf86a13a 100644
> --- a/.ci/ovn-kubernetes/Dockerfile
> +++ b/.ci/ovn-kubernetes/Dockerfile
> @@ -47,9 +47,17 @@ RUN GO111MODULE=on go install
> github.com/ovn-org/libovsdb/cmd/modelgen@${LIBOVSD
> # Clone OVN Kubernetes and build the binary based on the commit passed as
> argument
> WORKDIR /root
> RUN git clone https://github.com/ovn-org/ovn-kubernetes.git
> -WORKDIR /root/ovn-kubernetes/go-controller
> +WORKDIR /root/ovn-kubernetes
> RUN git checkout ${OVNKUBE_COMMIT} && git log -n 1
>
> +# Copy the ovn-kubernetes scripts from the OVN sources and apply any
> +# custom changes if needed.
> +RUN mkdir -p /tmp/ovn/.ci/ovn-kubernetes
> +COPY .ci/ovn-kubernetes /tmp/ovn/.ci/ovn-kubernetes
> +WORKDIR /tmp/ovn
> +RUN .ci/ovn-kubernetes/prepare.sh /root/ovn-kubernetes
> +
> +WORKDIR /root/ovn-kubernetes/go-controller
> # Make sure we use the OVN NB/SB schema from the local code.
> COPY --from=ovnbuilder /tmp/ovn/ovn-nb.ovsschema pkg/nbdb/ovn-nb.ovsschema
> COPY --from=ovnbuilder /tmp/ovn/ovn-sb.ovsschema pkg/sbdb/ovn-sb.ovsschema
> diff --git a/.ci/ovn-kubernetes/custom.patch b/.ci/ovn-kubernetes/custom.patch
> new file mode 100644
> index 00..e69de29bb2
> diff --git a/.ci/ovn-kubernetes/prepare.sh b/.ci/ovn-kubernetes/prepare.sh
> new file mode 100755
> index 00..8fc9652afd
> --- /dev/null
> +++ b/.ci/ovn-kubernetes/prepare.sh
> @@ -0,0 +1,20 @@
> +#!/bin/bash
> +
> +set -ev
> +
> +ovnk8s_path=$1
> +topdir=$PWD
> +
> +pushd ${ovnk8s_path}
> +
> +# Add here any custom operations that need to performed on the
> +# ovn-kubernetes cloned repo, e.g., custom patches.
> +
> +# git apply --allow-empty is too new so not all git versions from major
> +# distros support it, just check if the custom patch file is not empty
> +# before applying it.
> +[ -s ${topdir}/.ci/ovn-kubernetes/custom.patch ] && \
> +git apply -v ${topdir}/.ci/ovn-kubernetes/custom.patch
> +
> +popd # ${ovnk8s_path}
> +exit 0
> diff --git a/.github/workflows/ovn-kubernetes.yml
> b/.github/workflows/ovn-kubernetes.yml
> index 344937e53a..070d96bcb3 100644
> --- a/.github/workflows/ovn-kubernetes.yml
> +++ b/.github/workflows/ovn-kubernetes.yml
> @@ -91,12 +91,19 @@ jobs:
> go-version: ${{ env.GO_VERSION }}
>id: go
>
> +- name: Check out ovn
> + uses: actions/checkout@v2
> +
This should be actions/checkout@v3, I will fix it in v2 after v1 gets
some review time.
> - name: Check out ovn-kubernetes
>uses: actions/checkout@v3
>with:
>path: src/github.com/ovn-org/ovn-kubernetes
>repository: ovn-org/ovn-kubernetes
>
> +- name: Prepare
> + run: |
> +.ci/ovn-kubernetes/prepare.sh src/github.com/ovn-org/ovn-kubernetes
> +
> - name: Set up environment
>run: |
> export GOPATH=$(go env GOPATH)
> diff --git a/Makefile.am b/Makefile.am
> index 3b0df83938..8c60d4a719 100644
> --- a/Makefile.am
> +++ b/Makefile.am
> @@ -91,6 +91,8 @@ EXTRA_DIST = \
> .ci/osx-build.sh \
> .ci/osx-prepare.sh \
> .ci/ovn-kubernetes/Dockerfile \
> + .ci/ovn-kubernetes/prepare.sh \
> + .ci/ovn-kubernetes/custom.patch \
> .github/workflows/test.yml \
> .github/workflows/ovn-kubernetes.yml \
> boot.sh \
>
> ___
> dev mailing list
> d...@openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-dev
>
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH ovn 2/2] .ci: ovn-kubernetes: Skip session affinity related tests.
Bleep bloop. Greetings Dumitru Ceara, I am a robot and I have tried out your patch. Thanks for your contribution. I encountered some error that I wasn't expecting. See the details below. checkpatch: WARNING: Line has non-spaces leading whitespace WARNING: Line has trailing whitespace #43 FILE: .ci/ovn-kubernetes/custom.patch:22: WARNING: Line has non-spaces leading whitespace WARNING: Line has trailing whitespace #49 FILE: .ci/ovn-kubernetes/custom.patch:28: WARNING: Line has trailing whitespace #50 FILE: .ci/ovn-kubernetes/custom.patch:29: -- Lines checked: 56, Warnings: 5, Errors: 0 Please check this out. If you feel there has been an error, please email acon...@redhat.com Thanks, 0-day Robot ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [syzbot] KASAN: use-after-free Read in ovs_vport_locate
Paolo Abeni writes: > On Tue, 2022-12-20 at 00:22 -0800, syzbot wrote: >> HEAD commit:041fae9c105a Merge tag 'f2fs-for-6.2-rc1' of git://git.ker.. >> git tree: upstream >> console output: https://syzkaller.appspot.com/x/log.txt?x=15c5d02048 >> kernel config: https://syzkaller.appspot.com/x/.config?x=836aafbf33f4fa6c >> dashboard link: https://syzkaller.appspot.com/bug?extid=8f4e2dcfcb3209ac35f9 >> compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils >> for Debian) 2.35.2 >> >> Unfortunately, I don't have any reproducer for this issue yet. >> >> Downloadable assets: >> disk image: >> https://storage.googleapis.com/syzbot-assets/30e749b24df4/disk-041fae9c.raw.xz >> vmlinux: >> https://storage.googleapis.com/syzbot-assets/dd6d972f5b02/vmlinux-041fae9c.xz >> kernel image: >> https://storage.googleapis.com/syzbot-assets/405163d7c7cc/bzImage-041fae9c.xz >> >> IMPORTANT: if you fix the issue, please add the following tag to the commit: >> Reported-by: syzbot+8f4e2dcfcb3209ac3...@syzkaller.appspotmail.com >> >> netlink: 208 bytes leftover after parsing attributes in process >> `syz-executor.4'. >> == >> BUG: KASAN: use-after-free in read_pnet include/net/net_namespace.h:383 >> [inline] >> BUG: KASAN: use-after-free in ovs_dp_get_net net/openvswitch/datapath.h:195 >> [inline] >> BUG: KASAN: use-after-free in ovs_vport_locate+0x131/0x150 >> net/openvswitch/vport.c:103 >> Read of size 8 at addr 88802055e360 by task syz-executor.4/5621 >> >> CPU: 0 PID: 5621 Comm: syz-executor.4 Not tainted >> 6.1.0-syzkaller-10971-g041fae9c105a #0 >> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS >> Google 10/26/2022 >> Call Trace: >> >> __dump_stack lib/dump_stack.c:88 [inline] >> dump_stack_lvl+0xd1/0x138 lib/dump_stack.c:106 >> print_address_description mm/kasan/report.c:306 [inline] >> print_report+0x15e/0x461 mm/kasan/report.c:417 >> kasan_report+0xbf/0x1f0 mm/kasan/report.c:517 >> read_pnet include/net/net_namespace.h:383 [inline] >> ovs_dp_get_net net/openvswitch/datapath.h:195 [inline] >> ovs_vport_locate+0x131/0x150 net/openvswitch/vport.c:103 >> lookup_datapath+0x54/0x3a0 net/openvswitch/datapath.c:1628 >> ovs_dp_reset_user_features net/openvswitch/datapath.c:1639 [inline] >> ovs_dp_cmd_new+0xd5b/0x11c0 net/openvswitch/datapath.c:1848 >> genl_family_rcv_msg_doit.isra.0+0x1e6/0x2d0 net/netlink/genetlink.c:968 >> genl_family_rcv_msg net/netlink/genetlink.c:1048 [inline] >> genl_rcv_msg+0x4ff/0x7e0 net/netlink/genetlink.c:1065 >> netlink_rcv_skb+0x165/0x440 net/netlink/af_netlink.c:2564 >> genl_rcv+0x28/0x40 net/netlink/genetlink.c:1076 >> netlink_unicast_kernel net/netlink/af_netlink.c:1330 [inline] >> netlink_unicast+0x547/0x7f0 net/netlink/af_netlink.c:1356 >> netlink_sendmsg+0x91b/0xe10 net/netlink/af_netlink.c:1932 >> sock_sendmsg_nosec net/socket.c:714 [inline] >> sock_sendmsg+0xd3/0x120 net/socket.c:734 >> sys_sendmsg+0x712/0x8c0 net/socket.c:2476 >> ___sys_sendmsg+0x110/0x1b0 net/socket.c:2530 >> __sys_sendmsg+0xf7/0x1c0 net/socket.c:2559 >> do_syscall_x64 arch/x86/entry/common.c:50 [inline] >> do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80 >> entry_SYSCALL_64_after_hwframe+0x63/0xcd >> RIP: 0033:0x7f142348c0d9 >> Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 >> 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff >> 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 >> RSP: 002b:7f14240ff168 EFLAGS: 0246 ORIG_RAX: 002e >> RAX: ffda RBX: 7f14235abf80 RCX: 7f142348c0d9 >> RDX: 0800 RSI: 2100 RDI: 0003 >> RBP: 7f14234e7ae9 R08: R09: >> R10: R11: 0246 R12: >> R13: 7ffdd965a34f R14: 7f14240ff300 R15: 00022000 >> >> >> Allocated by task 5564: >> kasan_save_stack+0x22/0x40 mm/kasan/common.c:45 >> kasan_set_track+0x25/0x30 mm/kasan/common.c:52 >> kasan_kmalloc mm/kasan/common.c:371 [inline] >> kasan_kmalloc mm/kasan/common.c:330 [inline] >> __kasan_kmalloc+0xa3/0xb0 mm/kasan/common.c:380 >> kmalloc include/linux/slab.h:580 [inline] >> kzalloc include/linux/slab.h:720 [inline] >> ovs_dp_cmd_new+0x1a3/0x11c0 net/openvswitch/datapath.c:1796 >> genl_family_rcv_msg_doit.isra.0+0x1e6/0x2d0 net/netlink/genetlink.c:968 >> genl_family_rcv_msg net/netlink/genetlink.c:1048 [inline] >> genl_rcv_msg+0x4ff/0x7e0 net/netlink/genetlink.c:1065 >> netlink_rcv_skb+0x165/0x440 net/netlink/af_netlink.c:2564 >> genl_rcv+0x28/0x40 net/netlink/genetlink.c:1076 >> netlink_unicast_kernel net/netlink/af_netlink.c:1330 [inline] >> netlink_unicast+0x547/0x7f0 net/netlink/af_netlink.c:1356 >> netlink_sendmsg+0x91b/0xe10 net/netlink/af_netlink.c:1932 >> sock_sendmsg_nosec net/socket.c:714 [inline] >>
[ovs-dev] [PATCH ovn 2/2] .ci: ovn-kubernetes: Skip session affinity related tests.
The OVN feature used to implement session affinity timeout doesn't exist on this branch. ovn-kubernetes code already moved to implementing the feature by using the newer OVN option so, in order to keep testing as many features as possible in CI, we now disable all session affinity tests (but keep executing the rest). Signed-off-by: Dumitru Ceara --- NOTE: This commit should only be applied to branches <= branch-22.09. --- .ci/ovn-kubernetes/custom.patch | 31 +++ 1 file changed, 31 insertions(+) diff --git a/.ci/ovn-kubernetes/custom.patch b/.ci/ovn-kubernetes/custom.patch index e69de29bb2..ea5dd75408 100644 --- a/.ci/ovn-kubernetes/custom.patch +++ b/.ci/ovn-kubernetes/custom.patch @@ -0,0 +1,31 @@ +From 903eef2dd6f9fec818a580760f4757d8137b9974 Mon Sep 17 00:00:00 2001 +From: Dumitru Ceara +Date: Mon, 19 Dec 2022 12:18:55 +0100 +Subject: [PATCH] DOWNSTREAM: Disable session affinity tests. + +Commit https://github.com/ovn-org/ovn-kubernetes/commit/898d2f8f10c4 +enabled affinity timeout tests but the underlying OVN feature is +not supported in this branch. Disable affinity tests. + +Signed-off-by: Dumitru Ceara +--- + test/scripts/e2e-kind.sh | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/test/scripts/e2e-kind.sh b/test/scripts/e2e-kind.sh +index 69959fa1b..c3b2a5c3e 100755 +--- a/test/scripts/e2e-kind.sh b/test/scripts/e2e-kind.sh +@@ -26,6 +26,9 @@ kube-proxy + should set TCP CLOSE_WAIT timeout + \[Feature:ProxyTerminatingEndpoints\] + ++# Disable session affinity tests completely. ++session affinity ++ + # NOT IMPLEMENTED; SEE DISCUSSION IN https://github.com/ovn-org/ovn-kubernetes/pull/1225 + named port.+\[Feature:NetworkPolicy\] + +-- +2.31.1 + ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH ovn 1/2] .ci: ovn-kubernetes: Add a "prepare" stage to allow for custom actions.
One example is to allow us to change the ovn-kubernetes code that
decides what e2e tests are run. That's needed on older stable branches
that don't support all the features that newer OVN versions do.
Currently, on the main branch, there's no custom change required but on
older branches (branch-22.09 -> branch-22.03) the affinity timeout
related tests should be disabled because the OVN feature didn't exist
there. An upcoming patch does that.
Signed-off-by: Dumitru Ceara
---
.ci/ovn-kubernetes/Dockerfile| 10 +-
.ci/ovn-kubernetes/custom.patch |0
.ci/ovn-kubernetes/prepare.sh| 20
.github/workflows/ovn-kubernetes.yml |7 +++
Makefile.am |2 ++
5 files changed, 38 insertions(+), 1 deletion(-)
create mode 100644 .ci/ovn-kubernetes/custom.patch
create mode 100755 .ci/ovn-kubernetes/prepare.sh
diff --git a/.ci/ovn-kubernetes/Dockerfile b/.ci/ovn-kubernetes/Dockerfile
index e74b620be8..7edf86a13a 100644
--- a/.ci/ovn-kubernetes/Dockerfile
+++ b/.ci/ovn-kubernetes/Dockerfile
@@ -47,9 +47,17 @@ RUN GO111MODULE=on go install
github.com/ovn-org/libovsdb/cmd/modelgen@${LIBOVSD
# Clone OVN Kubernetes and build the binary based on the commit passed as
argument
WORKDIR /root
RUN git clone https://github.com/ovn-org/ovn-kubernetes.git
-WORKDIR /root/ovn-kubernetes/go-controller
+WORKDIR /root/ovn-kubernetes
RUN git checkout ${OVNKUBE_COMMIT} && git log -n 1
+# Copy the ovn-kubernetes scripts from the OVN sources and apply any
+# custom changes if needed.
+RUN mkdir -p /tmp/ovn/.ci/ovn-kubernetes
+COPY .ci/ovn-kubernetes /tmp/ovn/.ci/ovn-kubernetes
+WORKDIR /tmp/ovn
+RUN .ci/ovn-kubernetes/prepare.sh /root/ovn-kubernetes
+
+WORKDIR /root/ovn-kubernetes/go-controller
# Make sure we use the OVN NB/SB schema from the local code.
COPY --from=ovnbuilder /tmp/ovn/ovn-nb.ovsschema pkg/nbdb/ovn-nb.ovsschema
COPY --from=ovnbuilder /tmp/ovn/ovn-sb.ovsschema pkg/sbdb/ovn-sb.ovsschema
diff --git a/.ci/ovn-kubernetes/custom.patch b/.ci/ovn-kubernetes/custom.patch
new file mode 100644
index 00..e69de29bb2
diff --git a/.ci/ovn-kubernetes/prepare.sh b/.ci/ovn-kubernetes/prepare.sh
new file mode 100755
index 00..8fc9652afd
--- /dev/null
+++ b/.ci/ovn-kubernetes/prepare.sh
@@ -0,0 +1,20 @@
+#!/bin/bash
+
+set -ev
+
+ovnk8s_path=$1
+topdir=$PWD
+
+pushd ${ovnk8s_path}
+
+# Add here any custom operations that need to performed on the
+# ovn-kubernetes cloned repo, e.g., custom patches.
+
+# git apply --allow-empty is too new so not all git versions from major
+# distros support it, just check if the custom patch file is not empty
+# before applying it.
+[ -s ${topdir}/.ci/ovn-kubernetes/custom.patch ] && \
+git apply -v ${topdir}/.ci/ovn-kubernetes/custom.patch
+
+popd # ${ovnk8s_path}
+exit 0
diff --git a/.github/workflows/ovn-kubernetes.yml
b/.github/workflows/ovn-kubernetes.yml
index 344937e53a..070d96bcb3 100644
--- a/.github/workflows/ovn-kubernetes.yml
+++ b/.github/workflows/ovn-kubernetes.yml
@@ -91,12 +91,19 @@ jobs:
go-version: ${{ env.GO_VERSION }}
id: go
+- name: Check out ovn
+ uses: actions/checkout@v2
+
- name: Check out ovn-kubernetes
uses: actions/checkout@v3
with:
path: src/github.com/ovn-org/ovn-kubernetes
repository: ovn-org/ovn-kubernetes
+- name: Prepare
+ run: |
+.ci/ovn-kubernetes/prepare.sh src/github.com/ovn-org/ovn-kubernetes
+
- name: Set up environment
run: |
export GOPATH=$(go env GOPATH)
diff --git a/Makefile.am b/Makefile.am
index 3b0df83938..8c60d4a719 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -91,6 +91,8 @@ EXTRA_DIST = \
.ci/osx-build.sh \
.ci/osx-prepare.sh \
.ci/ovn-kubernetes/Dockerfile \
+ .ci/ovn-kubernetes/prepare.sh \
+ .ci/ovn-kubernetes/custom.patch \
.github/workflows/test.yml \
.github/workflows/ovn-kubernetes.yml \
boot.sh \
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH ovn 0/2] Fix ovn-kubernetes CI jobs on stable branches.
The first patch of the series adds a mechanism to do custom changes to the ovn-kubernetes code to be used in CI. That's needed because ovn-kubernetes might be using OVN features that are not present on all OVN stable branches. It is however desirable to run the most recent version of ovn-kubernetes because it might exercise more of the (already existing) OVN features. So the second patch in the series just disables all session affinity tests because the OVN feature used by ovn-kubernetes to implement affinity is not present on branches <= 22.09. This also means that the second patch should only be applied to branches <= 22.09. Dumitru Ceara (2): .ci: ovn-kubernetes: Add a "prepare" stage to allow for custom actions. .ci: ovn-kubernetes: Skip session affinity related tests. .ci/ovn-kubernetes/custom.patch | 31 +++ 1 file changed, 31 insertions(+) ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH v5] ovs-thread: Detect changes in number of cpus
On 12/19/22 19:29, Adrian Moreno wrote: > Currently, things like the number of handler and revalidator threads are > calculated based on the number of available CPUs. However, this number > is considered static and only calculated once, hence ignoring events > such as cpus being hotplugged, switched on/off or affinity mask > changing. > > On the other hand, checking the number of available CPUs multiple times > per second seems like an overkill. > Affinity should not change that often and, even if it does, the impact > of destroying and recreating all the threads so often is probably a > price too expensive to pay. > > I tested the impact of updating the threads every 5 seconds and saw > an impact in the main loop duration of <1% and a worst-case scenario > impact in throughput of < 5% [1]. This patch sets the default period to > 10 seconds just to be safer. > > [1] Tested in the worst-case scenario of disabling the kernel cache > (other_config:flow-size=0), modifying ovs-vswithd's affinity so the > number of handlers go up and down every 5 seconds and calculated the > difference in netperf's ops/sec. > > Signed-off-by: Adrian Moreno > --- Applied. Thanks! Best regards, Ilya Maximets. ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH v2] ovs-ctl: Allow inclusion of hugepages in coredumps
On 12/19/22 15:28, David Marchand wrote: > On Mon, Dec 19, 2022 at 2:39 PM Mike Pattrick wrote: >> >> Add new option --dump-hugepages option in ovs-ctl to enable the addition >> of hugepages in the core dump filter. >> >> Signed-off-by: Mike Pattrick > > LGTM. > Reviewed-by: David Marchand Applied. Thanks! Best regards, Ilya Maximets. ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH v3] dpif-netdev: Use unmasked key when adding datapath flows.
On 11/28/22 09:53, Eelco Chaudron wrote:
> The datapath supports installing wider flows, and OVS relies on
> this behavior. For example if ipv4(src=1.1.1.1/192.0.0.0,
> dst=1.1.1.2/192.0.0.0) exists, a wider flow (smaller mask) of
> ipv4(src=192.1.1.1/128.0.0.0,dst=192.1.1.2/128.0.0.0) is allowed
> to be added.
>
> However, if we try to add a wildcard rule, the installation fails:
>
> # ovs-appctl dpctl/add-flow system@myDP "in_port(1),eth_type(0x0800), \
> ipv4(src=1.1.1.1/192.0.0.0,dst=1.1.1.2/192.0.0.0,frag=no)" 2
> # ovs-appctl dpctl/add-flow system@myDP "in_port(1),eth_type(0x0800), \
> ipv4(src=192.1.1.1/0.0.0.0,dst=49.1.1.2/0.0.0.0,frag=no)" 2
> ovs-vswitchd: updating flow table (File exists)
>
> The reason is that the key used to determine if the flow is already
> present in the system uses the original key ANDed with the mask.
> This results in the IP address not being part of the (miniflow) key,
> i.e., being substituted with an all-zero value. When doing the actual
> lookup, this results in the key wrongfully matching the first flow,
> and therefore the flow does not get installed. The solution is to use
> the unmasked key for the existence check, the same way this is handled
> in the "slow" dpif_flow_put() case.
>
> OVS relies on the fact that overlapping flows can exist if one is a
> superset of the other. Note that this is only true when the same set
> of actions is applied. This is due to how the revalidator process
> works. During revalidation, OVS removes too generic flows from the
> datapath to avoid incorrect matches but allows too narrow flows to
> stay in the datapath to avoid the data plane disruption and also to
> avoid constant flow deletions if the datapath ignores wildcards on
> certain fields/bits. See flow_wildcards_has_extra() check in the
> revalidate_ukey__() function.
>
> The problem here is that we have a too narrow flow installed, and now
> OpenFlow rules got changed, so the actual flow should be more generic.
> Revalidators will not remove the narrow flow, and we will eventually get
> an upcall on the packet that doesn't match the narrow flow, but we will
> not be able to install a more generic flow because after masking with
> the new wider mask, the key matches on the narrow flow, so we get EEXIST.
>
> Fixes: beb75a40fdc2 ("userspace: Switching of L3 packets in L2 pipeline")
> Signed-off-by: Eelco Chaudron
>
> ---
Thanks! Applied and backported down to 2.17.
Best regards, Ilya Maximets.
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH] utilities: Add a GDB macro to dump hmap structures.
On 12/7/22 17:26, Eelco Chaudron wrote: > Add a new GDB macro called ovs_dump_hmap, which can be used to dump any > cmap structure. For example > > (gdb) ovs_dump_hmap "&'all_bridges.lto_priv.0'" "struct bridge" "node" > (struct bridge *) 0x55ec43069c70 > (struct bridge *) 0x55ec430428a0 > (struct bridge *) 0x55ec430a55f0 > > Signed-off-by: Eelco Chaudron > --- > utilities/gdb/ovs_gdb.py | 53 > +- > 1 file changed, 52 insertions(+), 1 deletion(-) > Applied. Thanks! Best regards, Ilya Maximets. ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH] dpdk: Fix typo in v22.11.1 tarball extract example.
On 12/8/22 09:06, David Marchand wrote:
> There was a small typo that slipped in when updating to v22.11.1 tag.
>
> Fixes: a77c7796f23a ("dpdk: Update to use v22.11.1.")
> Signed-off-by: David Marchand
> ---
> Documentation/intro/install/dpdk.rst | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/Documentation/intro/install/dpdk.rst
> b/Documentation/intro/install/dpdk.rst
> index e360ee83dd..63a0ebb23b 100644
> --- a/Documentation/intro/install/dpdk.rst
> +++ b/Documentation/intro/install/dpdk.rst
> @@ -74,7 +74,7 @@ Install DPDK
>
> $ cd /usr/src/
> $ wget https://fast.dpdk.org/rel/dpdk-22.11.1.tar.xz
> - $ tar xf dpdk-22.11.tar.xz
> + $ tar xf dpdk-22.11.1.tar.xz
> $ export DPDK_DIR=/usr/src/dpdk-stable-22.11.1
> $ cd $DPDK_DIR
>
Applied. Thanks!
Best regards, Ilya Maximets.
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH] rhel: avoid creating an empty database file
On 12/19/22 13:23, Ilya Maximets wrote:
> On 12/16/22 16:29, Timothy Redaelli wrote:
>> In 59e8cb8a053d ("rhel: Move conf.db to /var/lib/openvswitch, using
>> symlinks.")
>> conf.db is created as empty file in /var/lib/openvswitch, if it doesn't
>> exists, but this prevent ovsdb-server to start.
>>
>> This commit changes the previous behaviour to set
>> /var/lib/openvswitch owner to openvswitch:hugetlbfs, if built with
>> dpdk, or openvswitch:openvswitch.
>>
>> Fixes: 59e8cb8a053d ("rhel: Move conf.db to /var/lib/openvswitch, using
>> symlinks.")
>> Reported-at:
>> https://mail.openvswitch.org/pipermail/ovs-dev/2022-December/400045.html
>> Reported-by: Roi Dayan
>> Signed-off-by: Timothy Redaelli
>> ---
>> rhel/openvswitch-fedora.spec.in | 12 +---
>> 1 file changed, 5 insertions(+), 7 deletions(-)
>>
>> diff --git a/rhel/openvswitch-fedora.spec.in
>> b/rhel/openvswitch-fedora.spec.in
>> index 8d692b36c..6c8813793 100644
>> --- a/rhel/openvswitch-fedora.spec.in
>> +++ b/rhel/openvswitch-fedora.spec.in
>> @@ -340,12 +340,6 @@ for base in conf.db .conf.db.~lock~; do
>> if test ! -e $old && test ! -h $old; then
>> ln -s $new $old
>> fi
>> -touch $new
>> -%if %{with dpdk}
>> -chown openvswitch:hugetlbfs $new
>> -%else
>> -chown openvswitch:openvswitch $new
>> -%endif
>> done
>>
>> %if 0%{?systemd_post:1}
>> @@ -506,7 +500,11 @@ fi
>> %{_prefix}/lib/udev/rules.d/91-vfio.rules
>> %endif
>> %doc NOTICE README.rst NEWS rhel/README.RHEL.rst
>> -/var/lib/openvswitch
>> +%if %{with dpdk}
>> +%attr(750,openvswitch,hugetlbfs) /var/lib/openvswitch
>> +%else
>> +%attr(750,openvswitch,openvswitch) /var/lib/openvswitch
>> +%endif
>> %attr(750,root,root) /var/log/openvswitch
>> %ghost %attr(755,root,root) %{_rundir}/openvswitch
>> %ghost %attr(644,root,root) %{_rundir}/openvswitch.useropts
>
> Thanks, Timothy. This change seems to work.
>
> Roi, could you, please, check if it solves the problem in your setup?
Meanwhile, I applied this patch as it is definitely an improvement.
Thanks!
>
> Best regards, Ilya Maximets.
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH v2] lldp: fix bugs when parsing malformed AutoAttach
Bleep bloop. Greetings Aaron Conole, I am a robot and I have tried out your patch. Thanks for your contribution. I encountered some error that I wasn't expecting. See the details below. checkpatch: ERROR: Author should not be also be co-author. Lines checked: 80, Warnings: 0, Errors: 1 Please check this out. If you feel there has been an error, please email acon...@redhat.com Thanks, 0-day Robot ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH v2 2/7] netdev-afxdp: Allow building with libxdp and newer libbpf.
On 12/20/22 14:14, Eelco Chaudron wrote: > > > On 20 Dec 2022, at 14:06, David Marchand wrote: > >> On Tue, Dec 20, 2022 at 2:01 PM Eelco Chaudron wrote: >>> I have problems building this on my fedora35 system with >>> gcc-11.3.1-3.fc35.x86_64: >>> >>> libtool: link: ( cd "include/openvswitch/.libs" && rm -f "libcxxtest.la" && >>> ln -s "../libcxxtest.la" "libcxxtest.la" ) >>> In file included from lib/netdev-linux-private.h:30, >>> from lib/netdev-afxdp.c:19: >>> In function ‘dp_packet_delete’, >>> inlined from ‘dp_packet_delete’ at lib/dp-packet.h:246:1, >>> inlined from ‘dp_packet_batch_add__’ at lib/dp-packet.h:775:9, >>> inlined from ‘dp_packet_batch_add’ at lib/dp-packet.h:783:5, >>> inlined from ‘netdev_afxdp_rxq_recv’ at lib/netdev-afxdp.c:894:9: >>> lib/dp-packet.h:260:9: error: ‘free’ called on pointer ‘*umem.xpool.array’ >>> with nonzero offset [8, 2558044588346441168] [-Werror=free-nonheap-object] >>> 260 | free(b); >>> | ^~~ >>> >>> Guess it does not recognise the (b->source == DPBUF_AFXDP) statement… >>> >>> This is my build config: >>> >>> ./configure --enable-Werror --enable-usdt-probes --localstatedir=/var >>> --prefix=/usr --sysconfdir=/etc --enable-afxdp >>> >>> Guess this should be fixed before we enable afxdp by default? >> >> Same for me. >> I have been scratching my head over this report... I wonder if this is >> a compiler bug. > > I guess the compiler does not understand that we will always call > dp_packet_delete() with the source being DPBUF_AFXDP, and don’t hit the > free(). > Guess we should probably disable the warning in this specific code path. > > //Eelco > Meanwhile I opened a GCC bug: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108187 There are few similar issues in the tracker, so it might make sense disabling the warning. Best regards, Ilya Maximets. ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH v2] lldp: fix bugs when parsing malformed AutoAttach
The OVS LLDP implementation includes support for AutoAttach standard, which
the 'upstream' lldpd project does not include. As part of adding this
support, the message parsing for these TLVs did not include proper length
checks for the LLDP_TLV_AA_ELEMENT_SUBTYPE and the
LLDP_TLV_AA_ISID_VLAN_ASGNS_SUBTYPE elements. The result is that a message
without a proper boundary will cause an overread of memory, and lead to
undefined results, including crashes or other unidentified behavior.
The fix is to introduce proper bounds checking for these elements. Introduce
a unit test to ensure that we have some proper rejection in this code
base in the future.
Fixes: be53a5c447c3 ("auto-attach: Initial support for Auto-Attach standard")
Signed-off-by: Qian Chen
Co-authored-by: Aaron Conole
Signed-off-by: Aaron Conole
---
NOTES: This bug is publicly known and disclosed at
https://github.com/openvswitch/ovs/pull/405 which makes this mostly
a repost.
v2:Convert from system traffic test to a basic unit test
lib/lldp/lldp.c | 2 ++
tests/ofproto-dpif.at | 19 +++
2 files changed, 21 insertions(+)
diff --git a/lib/lldp/lldp.c b/lib/lldp/lldp.c
index dfeb2a8002..6fdcfef569 100644
--- a/lib/lldp/lldp.c
+++ b/lib/lldp/lldp.c
@@ -583,6 +583,7 @@ lldp_decode(struct lldpd *cfg OVS_UNUSED, char *frame, int
s,
switch(tlv_subtype) {
case LLDP_TLV_AA_ELEMENT_SUBTYPE:
+CHECK_TLV_SIZE(50, "ELEMENT");
PEEK_BYTES(_auth_digest, sizeof msg_auth_digest);
aa_element_dword = PEEK_UINT32;
@@ -629,6 +630,7 @@ lldp_decode(struct lldpd *cfg OVS_UNUSED, char *frame, int
s,
break;
case LLDP_TLV_AA_ISID_VLAN_ASGNS_SUBTYPE:
+CHECK_TLV_SIZE(36, "ISID_VLAN_ASGNS");
PEEK_BYTES(_auth_digest, sizeof msg_auth_digest);
/* Subtract off tlv type and length (2Bytes) + OUI (3B) +
diff --git a/tests/ofproto-dpif.at b/tests/ofproto-dpif.at
index eb4cd18960..fa6111c1ed 100644
--- a/tests/ofproto-dpif.at
+++ b/tests/ofproto-dpif.at
@@ -62,6 +62,25 @@ AT_CHECK([ovs-appctl coverage/read-counter rev_reconfigure],
[0], [dnl
OVS_VSWITCHD_STOP
AT_CLEANUP
+AT_SETUP([ofproto-dpif - malformed lldp autoattach tlv])
+OVS_VSWITCHD_START()
+add_of_ports br0 1
+
+dnl Enable lldp
+AT_CHECK([ovs-vsctl set interface p1 lldp:enable=true])
+
+dnl Send a malformed lldp packet
+packet="0180c20ef6b426aa5f0088cc020704f6b426aa5f000403057632060200780c"dnl
+"5044454144424545464445414442454546444541444245454644454144424545464445414"dnl
+"4424545464445414442454546444541444245454644454144424545464445414442454546"dnl
+"4445414442454546fe0500040d0c01"
+AT_CHECK([ovs-appctl netdev-dummy/receive p1 "$packet"], [0], [stdout])
+
+OVS_WAIT_UNTIL([grep -q "ISID_VLAN_ASGNS TLV too short" ovs-vswitchd.log])
+
+OVS_VSWITCHD_STOP(["/|WARN|ISID_VLAN_ASGNS TLV too short received on/d"])
+AT_CLEANUP
+
AT_SETUP([ofproto-dpif - active-backup bonding (with primary)])
dnl Create br0 with members p1, p2 and p7, creating bond0 with p1 and
--
2.38.1
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH v6] revalidator: add a USDT probe after evaluation when flows are deleted.
On 20 Dec 2022, at 15:21, Eelco Chaudron wrote: > On 16 Nov 2022, at 16:41, Eelco Chaudron wrote: > >> On 21 Oct 2022, at 18:35, Kevin Sprague wrote: >> >>> During normal operations, it is useful to understand when a particular flow >>> gets removed from the system. This can be useful when debugging performance >>> issues tied to ofproto flow changes, trying to determine deployed traffic >>> patterns, or while debugging dynamic systems where ports come and go. >>> >>> Prior to this change, there was a lack of visibility around flow expiration. >>> The existing debugging infrastructure could tell us when a flow was added to >>> the datapath, but not when it was removed or why. >>> >>> This change introduces a USDT probe at the point where the revalidator >>> determines that the flow should be removed. Additionally, we track the >>> reason for the flow eviction and provide that information as well. With >>> this change, we can track the complete flow lifecycle for the netlink >>> datapath >>> by hooking the upcall tracepoint in kernel, the flow put USDT, and the >>> revaldiator USDT, letting us watch as flows are added and removed from the >>> kernel datapath. >>> >>> This change only enables this information via USDT probe, so it won't be >>> possible to access this information any other way (see: >>> Documentation/topics/usdt-probes.rst). >>> >>> Also included is a script (utilities/usdt-scripts/flow_reval_monitor.py) >>> that >>> serves as a demonstration of how the new USDT probe might be used going >>> forward. >>> >>> Change since v5: fixed author information. >>> >>> Signed-off-by: Kevin Sprague >> >> >> Hi Kevin, >> >> Most of the changes look fine to me, however, there are still a lot of >> crashes in the filter code. >> >> Also for now including the OVS data structures in the script will work for >> now. If we do not get a solution before this gets merged, I’ll fix up all >> the scripts that need this later. >> >> About the crash, it has to do with when we do not receive any uuid/key (I >> think I did not research). >> >> But if I start the script, and do the following (RHEL8): >> >> ovs-vsctl del-br br-int >> ovs-vsctl add-br br-int >> >> Now I get this: >> >> TIME UFID EVENT/REASON >> 5361884.255647616 ufid:---- Insert >> (put) flow to kernel. >> 5361884.255689699 ufid:---- Insert >> (put) flow to kernel. >> 5361884.255712148 ufid:---- Insert >> (put) flow to kernel. >> 5361884.255734158 ufid:---- Insert >> (put) flow to kernel. >> 5361884.255753341 ufid:---- Insert >> (put) flow to kernel. >> 5361884.255772079 ufid:---- Insert >> (put) flow to kernel. >> 5361884.255805591 ufid:2876428c-567e-429c-9dc3-d83503f1 Insert >> (put) flow to kernel. >> 5361884.255832007 ufid:---- Insert >> (put) flow to kernel. >> 5361884.255852449 ufid:---- Insert >> (put) flow to kernel. >> 5361884.255871090 ufid:---- Insert >> (put) flow to kernel. >> 5361884.255889960 ufid:---- Insert >> (put) flow to kernel. >> 5361884.255909455 ufid:---- Insert >> (put) flow to kernel. >> 5361884.255928863 ufid:---- Insert >> (put) flow to kernel. >> 5361884.255948291 ufid:---- Insert >> (put) flow to kernel. >> >> So a lot of all 0 ufid’s, did not investigate if this is true, or a script >> error. >> >> >> Now if I use the script with the -k option: >> >> $ ./flow_reval_monitor.py -k >> TIME UFID EVENT/REASON >> Traceback (most recent call last): >> File "_ctypes/callbacks.c", line 234, in 'calling callback function' >> File "/usr/lib/python3.6/site-packages/bcc/table.py", line 1068, in >> ringbuf_cb_ >> ret = callback(ctx, data, size) >> File "./flow_reval_monitor.py", line 502, in handle_event >> handle_flow_put(event) >> File "./flow_reval_monitor.py", line 227, in handle_flow_put >> key = decode_key(bytes(event.key)[:event.key_size]) >> File "./flow_reval_monitor.py", line 328, in decode_key >> result[get_ovs_key_attr_str(nla_type)] = nla_data >> File "./flow_reval_monitor.py", line 373, in get_ovs_key_attr_str >> return ovs_key_attr[attr] >> IndexError: list index out of range >> >> Same thing if I try to use a filter option: >> >> [wsfd-netdev64:~/...ilities/usdt-scripts]$ ./flow_reval_monitor.py -f ipv6 >> TIME UFID EVENT/REASON >> Traceback (most recent call last): >> File "_ctypes/callbacks.c", line 234, in
Re: [ovs-dev] [ovs-security] [PATCH] lldp: fix bugs when parsing malformed AutoAttach
Ilya Maximets writes:
> On 12/19/22 20:27, Aaron Conole wrote:
>> From: Qian Chen
>>
>> The OVS LLDP implementation includes support for AutoAttach standard, which
>> the 'upstream' lldpd project does not include. As part of adding this
>> support, the message parsing for these TLVs did not include proper length
>> checks for the LLDP_TLV_AA_ELEMENT_SUBTYPE and the
>> LLDP_TLV_AA_ISID_VLAN_ASGNS_SUBTYPE elements. The result is that a message
>> without a proper boundary will cause an over read of memory, and lead to
>> undefined results, including crashes or other unidentified behavior.
>>
>> The fix is to introduce proper bounds checking for these elements. Introduce
>> a unit test to ensure that we have some proper rejection in this code
>> base in the future.
>>
>> Fixes: be53a5c447c3 ("auto-attach: Initial support for Auto-Attach standard")
>> Signed-off-by: Qian Chen
>> Co-authored-by: Aaron Conole
>> Signed-off-by: Aaron Conole
>> ---
>> NOTES: This bug is publicly known and disclosed at
>>https://github.com/openvswitch/ovs/pull/405 which makes this mostly
>>a repost.
>>I have modified the test case to ensure that it would run
>>correctly when doing both 'make check-kernel' and
>>'make check-system-userspace'
>>
>> lib/lldp/lldp.c | 2 ++
>> tests/system-traffic.at | 27 +++
>> 2 files changed, 29 insertions(+)
>>
>> diff --git a/lib/lldp/lldp.c b/lib/lldp/lldp.c
>> index dfeb2a8002..6fdcfef569 100644
>> --- a/lib/lldp/lldp.c
>> +++ b/lib/lldp/lldp.c
>> @@ -583,6 +583,7 @@ lldp_decode(struct lldpd *cfg OVS_UNUSED, char *frame,
>> int s,
>>
>> switch(tlv_subtype) {
>> case LLDP_TLV_AA_ELEMENT_SUBTYPE:
>> +CHECK_TLV_SIZE(50, "ELEMENT");
>> PEEK_BYTES(_auth_digest, sizeof msg_auth_digest);
>>
>> aa_element_dword = PEEK_UINT32;
>> @@ -629,6 +630,7 @@ lldp_decode(struct lldpd *cfg OVS_UNUSED, char *frame,
>> int s,
>> break;
>>
>> case LLDP_TLV_AA_ISID_VLAN_ASGNS_SUBTYPE:
>> +CHECK_TLV_SIZE(36, "ISID_VLAN_ASGNS");
>> PEEK_BYTES(_auth_digest, sizeof msg_auth_digest);
>>
>> /* Subtract off tlv type and length (2Bytes) + OUI (3B)
>> +
>> diff --git a/tests/system-traffic.at b/tests/system-traffic.at
>> index e5403519f2..0928bfe540 100644
>> --- a/tests/system-traffic.at
>> +++ b/tests/system-traffic.at
>> @@ -7440,3 +7440,30 @@ OVS_WAIT_UNTIL([cat p2.pcap | grep -E "0x0050: *
>> * *5002 *2000 *b85e *00
>>
>> OVS_TRAFFIC_VSWITCHD_STOP
>> AT_CLEANUP
>> +
>> +AT_SETUP([autoattach - malformed lldp])
>> +OVS_TRAFFIC_VSWITCHD_START()
>> +
>> +ADD_NAMESPACES(at_ns0)
>> +
>> +dnl Set up simple bridge port to receive lldp packets
>> +ADD_VETH(p0, at_ns0, br0, "172.31.1.1/24", "f6:b4:26:aa:5f:00")
>> +
>> +NETNS_DAEMONIZE([at_ns0], [tcpdump -l -n -xx -U -i p0 > p0.pcap],
>> [tcpdump.pid])
>> +sleep 1
>> +
>> +dnl Enable lldp
>> +AT_CHECK([ovs-vsctl set interface ovs-p0 lldp:enable=true])
>> +
>> +dnl Send a malformed lldp packet
>> +NS_CHECK_EXEC([at_ns0], [$PYTHON3 $srcdir/sendpkt.py p0 01 80 c2 00 00 0e
>> f6 b4 26 aa 5f 00 88 cc 02 07 04 f6 b4 26 aa 5f 00 04 03 05 76 32 06 02 00
>> 78 0c 50 44 45 41 44 42 45 45 46 44 45 41 44 42 45 45 46 44 45 41 44 42 45
>> 45 46 44 45 41 44 42 45 45 46 44 45 41 44 42 45 45 46 44 45 41 44 42 45 45
>> 46 44 45 41 44 42 45 45 46 44 45 41 44 42 45 45 46 44 45 41 44 42 45 45 46
>> 44 45 41 44 42 45 45 46 fe 05 00 04 0d 0c 01 00 00 >/dev/null])
>> +
>> +dnl Check the expected lldp packet by looking for the end
>> +OVS_WAIT_UNTIL([cat p0.pcap | grep -E "0x0070: *4546 *fe05 *0004 *0d0c
>> *0100 *00" 2>&1 1>/dev/null])
>> +
>> +AT_CHECK([grep -o "ISID_VLAN_ASGNS TLV too short" ovs-vswitchd.log], [0],
>> [dnl
>> +ISID_VLAN_ASGNS TLV too short
>> +])
>> +
>> +OVS_TRAFFIC_VSWITCHD_STOP(["/|WARN|ISID_VLAN_ASGNS TLV too short received
>> on ovs-p0/d"])
>> +AT_CLEANUP
>
> Do we actually need a system test here?
> It looks like it can be converted to a simple unit test. E.g.:
>
> diff --git a/tests/ofproto-dpif.at b/tests/ofproto-dpif.at
> index eb4cd1896..41741d324 100644
> --- a/tests/ofproto-dpif.at
> +++ b/tests/ofproto-dpif.at
> @@ -11966,3 +11966,25 @@ AT_CHECK([test 1 = `ovs-ofctl parse-pcap p2-tx.pcap
> | wc -l`])
>
> OVS_VSWITCHD_STOP
> AT_CLEANUP
> +
> +AT_SETUP([ofproto-dpif - malformed lldp])
> +OVS_VSWITCHD_START
> +add_of_ports br0 1
> +
> +AT_CHECK([ovs-ofctl add-flow br0 action=normal])
> +
> +dnl Enable lldp.
> +AT_CHECK([ovs-vsctl set interface p1 lldp:enable=true])
> +
> +dnl Send a malformed lldp packet.
> +packet="0180c20ef6b426aa5f0088cc020704f6b426aa5f000403057632060200780c"dnl
> +"5044454144424545464445414442454546444541444245454644454144424545464445414"dnl
> +"4424545464445414442454546444541444245454644454144424545464445414442454546"dnl
>
Re: [ovs-dev] [PATCH v2 7/7] rhel: Enable AF_XDP by default in Fedora builds.
On 20 Dec 2022, at 14:39, Ilya Maximets wrote: > On 12/20/22 14:34, Eelco Chaudron wrote: >> >> >> On 19 Dec 2022, at 13:20, Ilya Maximets wrote: >> >>> All supported versions of Fedora do package libxdp and libbpf, so it >>> makes sense to enable AF_XDP support. >>> >>> Control files for debian packaging are much less flexible, so its hard >>> to enable AF_XDP builds while not breaking builds for version of Ubuntu >>> and Debian that do not package libbpf or libxdp. >>> >>> Signed-off-by: Ilya Maximets >> >> Well not sure if this is true, as on my Fedora35 it seems to be broken :( >> >> I quickly tried it on a vagrant fedora35 instance, and the same problem. >> It has the following (might be xdptools issue, but Toke is out). >> >> [vagrant@f35 ~]$ rpm -qa | grep -E "xdp|bpf" >> libbpf-0.6.1-2.fc35.x86_64 >> libbpf-devel-0.6.1-2.fc35.x86_64 >> bpftool-5.19.4-100.fc35.x86_64 >> libxdp-1.2.0-2.fc35.x86_64 >> xdp-tools-1.2.0-2.fc35.x86_64 > > I guess, you might have the issue similar to what Frode had, > because you have an old libbpf with a new libxdp. And they > are likely incompatible. > > FWIW, f35 is EOL, so nobody should use it. :) This might be a distro package issue :( Including Toke, who might know more? This is the link/load error: ovsdb-tool: symbol lookup error: /lib64/libxdp.so.1: undefined symbol: silence_libbpf_logging >> >> //Eelco >> >>> --- >>> rhel/openvswitch-fedora.spec.in | 4 ++-- >>> 1 file changed, 2 insertions(+), 2 deletions(-) >>> >>> diff --git a/rhel/openvswitch-fedora.spec.in >>> b/rhel/openvswitch-fedora.spec.in >>> index fbfcdcf63..7676eb737 100644 >>> --- a/rhel/openvswitch-fedora.spec.in >>> +++ b/rhel/openvswitch-fedora.spec.in >>> @@ -26,8 +26,8 @@ >>> %bcond_without libcapng >>> # To enable DPDK support, specify '--with dpdk' when building >>> %bcond_with dpdk >>> -# To enable AF_XDP support, specify '--with afxdp' when building >>> -%bcond_with afxdp >>> +# To disable AF_XDP support, specify '--without afxdp' when building >>> +%bcond_without afxdp >>> >>> # If there is a need to automatically enable the package after >>> installation, >>> # specify the "--with autoenable" >>> -- >>> 2.38.1 >> ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH v6] revalidator: add a USDT probe after evaluation when flows are deleted.
On 16 Nov 2022, at 16:41, Eelco Chaudron wrote: > On 21 Oct 2022, at 18:35, Kevin Sprague wrote: > >> During normal operations, it is useful to understand when a particular flow >> gets removed from the system. This can be useful when debugging performance >> issues tied to ofproto flow changes, trying to determine deployed traffic >> patterns, or while debugging dynamic systems where ports come and go. >> >> Prior to this change, there was a lack of visibility around flow expiration. >> The existing debugging infrastructure could tell us when a flow was added to >> the datapath, but not when it was removed or why. >> >> This change introduces a USDT probe at the point where the revalidator >> determines that the flow should be removed. Additionally, we track the >> reason for the flow eviction and provide that information as well. With >> this change, we can track the complete flow lifecycle for the netlink >> datapath >> by hooking the upcall tracepoint in kernel, the flow put USDT, and the >> revaldiator USDT, letting us watch as flows are added and removed from the >> kernel datapath. >> >> This change only enables this information via USDT probe, so it won't be >> possible to access this information any other way (see: >> Documentation/topics/usdt-probes.rst). >> >> Also included is a script (utilities/usdt-scripts/flow_reval_monitor.py) that >> serves as a demonstration of how the new USDT probe might be used going >> forward. >> >> Change since v5: fixed author information. >> >> Signed-off-by: Kevin Sprague > > > Hi Kevin, > > Most of the changes look fine to me, however, there are still a lot of > crashes in the filter code. > > Also for now including the OVS data structures in the script will work for > now. If we do not get a solution before this gets merged, I’ll fix up all the > scripts that need this later. > > About the crash, it has to do with when we do not receive any uuid/key (I > think I did not research). > > But if I start the script, and do the following (RHEL8): > > ovs-vsctl del-br br-int > ovs-vsctl add-br br-int > > Now I get this: > > TIME UFID EVENT/REASON > 5361884.255647616 ufid:---- Insert (put) > flow to kernel. > 5361884.255689699 ufid:---- Insert (put) > flow to kernel. > 5361884.255712148 ufid:---- Insert (put) > flow to kernel. > 5361884.255734158 ufid:---- Insert (put) > flow to kernel. > 5361884.255753341 ufid:---- Insert (put) > flow to kernel. > 5361884.255772079 ufid:---- Insert (put) > flow to kernel. > 5361884.255805591 ufid:2876428c-567e-429c-9dc3-d83503f1 Insert (put) > flow to kernel. > 5361884.255832007 ufid:---- Insert (put) > flow to kernel. > 5361884.255852449 ufid:---- Insert (put) > flow to kernel. > 5361884.255871090 ufid:---- Insert (put) > flow to kernel. > 5361884.255889960 ufid:---- Insert (put) > flow to kernel. > 5361884.255909455 ufid:---- Insert (put) > flow to kernel. > 5361884.255928863 ufid:---- Insert (put) > flow to kernel. > 5361884.255948291 ufid:---- Insert (put) > flow to kernel. > > So a lot of all 0 ufid’s, did not investigate if this is true, or a script > error. > > > Now if I use the script with the -k option: > > $ ./flow_reval_monitor.py -k > TIME UFID EVENT/REASON > Traceback (most recent call last): > File "_ctypes/callbacks.c", line 234, in 'calling callback function' > File "/usr/lib/python3.6/site-packages/bcc/table.py", line 1068, in > ringbuf_cb_ > ret = callback(ctx, data, size) > File "./flow_reval_monitor.py", line 502, in handle_event > handle_flow_put(event) > File "./flow_reval_monitor.py", line 227, in handle_flow_put > key = decode_key(bytes(event.key)[:event.key_size]) > File "./flow_reval_monitor.py", line 328, in decode_key > result[get_ovs_key_attr_str(nla_type)] = nla_data > File "./flow_reval_monitor.py", line 373, in get_ovs_key_attr_str > return ovs_key_attr[attr] > IndexError: list index out of range > > Same thing if I try to use a filter option: > > [wsfd-netdev64:~/...ilities/usdt-scripts]$ ./flow_reval_monitor.py -f ipv6 > TIME UFID EVENT/REASON > Traceback (most recent call last): > File "_ctypes/callbacks.c", line 234, in 'calling callback function' > File "/usr/lib/python3.6/site-packages/bcc/table.py", line 1068, in > ringbuf_cb_ > ret = callback(ctx, data, size) > File
[ovs-dev] [PATCH v3] utilities: Add revalidator measurement script and needed USDT probes.
This patch adds a Python script that can be used to analyze the revalidator runs by providing statistics (including some real time graphs). The USDT events can also be captured to a file and used for later offline analysis. The following blog explains the Open vSwitch revalidator implementation and how this tool can help you understand what is happening in your system. https://developers.redhat.com/articles/2022/10/19/open-vswitch-revalidator-process-explained Signed-off-by: Eelco Chaudron --- v2: Added note that script only works a with single datapath configured. v3: Updated patch to use pahole to get OVS structures dynamically from debug data. Documentation/topics/usdt-probes.rst| 84 +++ ofproto/ofproto-dpif-upcall.c | 11 utilities/automake.mk |3 utilities/usdt-scripts/reval_monitor.py | 858 +++ 4 files changed, 955 insertions(+), 1 deletion(-) create mode 100755 utilities/usdt-scripts/reval_monitor.py diff --git a/Documentation/topics/usdt-probes.rst b/Documentation/topics/usdt-probes.rst index 7ce19aaed..bc250e723 100644 --- a/Documentation/topics/usdt-probes.rst +++ b/Documentation/topics/usdt-probes.rst @@ -214,6 +214,10 @@ Available probes in ``ovs_vswitchd``: - dpif_recv:recv_upcall - main:poll_block - main:run_start +- revalidate_ukey\_\_:entry +- revalidate_ukey\_\_:exit +- udpif_revalidator:start_dump +- udpif_revalidator:sweep_done dpif_netlink_operate\_\_:op_flow_del @@ -327,6 +331,7 @@ probe main:run_start **Description**: + The ovs-vswitchd's main process contains a loop that runs every time some work needs to be done. This probe gets triggered every time the loop starts from the beginning. See also the ``main:poll_block`` probe below. @@ -344,6 +349,7 @@ probe main:poll_block ~ **Description**: + The ovs-vswitchd's main process contains a loop that runs every time some work needs to be done. This probe gets triggered every time the loop is done, and it's about to wait for being re-started by a poll_block() call returning. @@ -358,6 +364,84 @@ See also the ``main:run_start`` probe above. - ``utilities/usdt-scripts/bridge_loop.bt`` +revalidate_ukey\_\_:entry +~ + +**Description**: + +This probe gets triggered on entry of the revalidate_ukey__() function. + +**Arguments**: + +- *arg0*: ``(struct udpif *) udpif`` +- *arg1*: ``(struct udpif_key *) ukey`` +- *arg2*: ``(uint16_t) tcp_flags`` +- *arg3*: ``(struct ofpbuf *) odp_actions`` +- *arg4*: ``(struct recirc_refs *) recircs`` +- *arg5*: ``(struct xlate_cache *) xcache`` + +**Script references**: + +- ``utilities/usdt-scripts/reval_monitor.py`` + + +revalidate_ukey\_\_:exit + + +**Description**: + +This probe gets triggered right before the revalidate_ukey__() function exits. + +**Arguments**: + +- *arg0*: ``(struct udpif *) udpif`` +- *arg1*: ``(struct udpif_key *) ukey`` +- *arg2*: ``(enum reval_result) result`` + +**Script references**: + +*None* + + +udpif_revalidator:start_dump + + +**Description**: + +The ovs-vswitchd's revalidator process contains a loop that runs every time +revalidation work is needed. This probe gets triggered every time the +dump phase has started. + +**Arguments**: + +- *arg0*: ``(struct udpif *) udpif`` +- *arg1*: ``(size_t) n_flows`` + +**Script references**: + +- ``utilities/usdt-scripts/reval_monitor.py`` + + +udpif_revalidator:sweep_done + + +**Description**: + +The ovs-vswitchd's revalidator process contains a loop that runs every time +revalidation work is needed. This probe gets triggered every time the +sweep phase was completed. + +**Arguments**: + +- *arg0*: ``(struct udpif *) udpif`` +- *arg1*: ``(size_t) n_flows`` +- *arg2*: ``(unsigned) MIN(ofproto_max_idle, ofproto_max_revalidator)`` + +**Script references**: + +- ``utilities/usdt-scripts/reval_monitor.py`` + + Adding your own probes -- diff --git a/ofproto/ofproto-dpif-upcall.c b/ofproto/ofproto-dpif-upcall.c index 57f94df54..4c016ee34 100644 --- a/ofproto/ofproto-dpif-upcall.c +++ b/ofproto/ofproto-dpif-upcall.c @@ -42,6 +42,7 @@ #include "seq.h" #include "tunnel.h" #include "unixctl.h" +#include "openvswitch/usdt-probes.h" #include "openvswitch/vlog.h" #include "lib/netdev-provider.h" @@ -965,6 +966,7 @@ udpif_revalidator(void *arg) terse_dump = udpif_use_ufid(udpif); udpif->dump = dpif_flow_dump_create(udpif->dpif, terse_dump, NULL); +OVS_USDT_PROBE(udpif_revalidator, start_dump, udpif, n_flows); } } @@ -1016,6 +1018,9 @@ udpif_revalidator(void *arg) duration); } +OVS_USDT_PROBE(udpif_revalidator, sweep_done, udpif, n_flows, + MIN(ofproto_max_idle,
Re: [ovs-dev] [PATCH v2 2/7] netdev-afxdp: Allow building with libxdp and newer libbpf.
On 12/20/22 14:01, Eelco Chaudron wrote: > > > On 19 Dec 2022, at 13:20, Ilya Maximets wrote: > >> AF_XDP functions was deprecated in libbpf 0.7 and moved to libxdp. >> Functions bpf_get/set_link_xdp_id() was deprecated in libbpf 0.8 >> and replaced with bpf_xdp_query_id() and bpf_xdp_attach/detach(). >> >> Updating configuration and source code to accommodate above changes >> and allow building OVS with AF_XDP support on newer systems: >> >> - Checking availability of the libxdp in a system by looking >>for a library providing libxdp_strerror(). >> >> - Checking for xsk.h header provided by libxdp-dev[el] first, >>fall back to xsk.h from libbpf if not found. >> >> - Check for the NEED_WAKEUP feature replaced with direct checking >>in the source code if XDP_USE_NEED_WAKEUP is defined. >> >> - Checking availability of bpf_xdp_query_id and bpf_xdp_detach >>and using them instead of deprecated APIs. Fall back to old >>functions if not found. > > So I guess this requires our build environment to match our runtime > environment, as these functions are from dynamic libraries, not statically > linked? Not exactly match, but symbols available during the build should be present in the runtime. In general it means that libraries at build time should be the same or older than runtime ones. If the build environment is newer that will obviously not work, but I don't think that is generally supported anyway. > > I guess this is find, as long as people understand it. > >> >> - Dropped LIBBPF_LDADD variable as it makes library and function >>detection much harder without providing any actual benefits. >>AC_SEARCH_LIBS is used instead and it allows use of AC_CHECK_FUNCS. >> >> - Header includes moved around to files where they are actually used. >> >> - Removed libelf dependency as it is not really used. >> >> With these changes it should be possible to build OVS with either: >> >> - libbpf built from the kernel sources (5.19 or older). >> - libbpf < 0.7 provided in distributions. >> - libxdp and libbpf >= 0.7 provided in newer distributions. >> >> libxdp added as a build dependency for Fedora build since all >> supported versions of Fedora are packaging this library. >> >> Signed-off-by: Ilya Maximets > > I have problems building this on my fedora35 system with > gcc-11.3.1-3.fc35.x86_64: > > libtool: link: ( cd "include/openvswitch/.libs" && rm -f "libcxxtest.la" && > ln -s "../libcxxtest.la" "libcxxtest.la" ) > In file included from lib/netdev-linux-private.h:30, > from lib/netdev-afxdp.c:19: > In function ‘dp_packet_delete’, > inlined from ‘dp_packet_delete’ at lib/dp-packet.h:246:1, > inlined from ‘dp_packet_batch_add__’ at lib/dp-packet.h:775:9, > inlined from ‘dp_packet_batch_add’ at lib/dp-packet.h:783:5, > inlined from ‘netdev_afxdp_rxq_recv’ at lib/netdev-afxdp.c:894:9: > lib/dp-packet.h:260:9: error: ‘free’ called on pointer ‘*umem.xpool.array’ > with nonzero offset [8, 2558044588346441168] [-Werror=free-nonheap-object] > 260 | free(b); > | ^~~ > > Guess it does not recognise the (b->source == DPBUF_AFXDP) statement… This is annoying, I didn't found a way to trick compiler into doing the right thing. The code path is fairly obvious and b->source is always set on that code path just a few lines above. So, it definitely looks like a compiler bug. Do you know of a good portable way disabling warnings in the code? Otherwise, we can disable it globally in the configure script if building with AF_XDP. > > This is my build config: > > ./configure --enable-Werror --enable-usdt-probes --localstatedir=/var > --prefix=/usr --sysconfdir=/etc --enable-afxdp > > Guess this should be fixed before we enable afxdp by default? > > > Also when I build it without the Werror option I’m not able to start a > sandbox: > > make[1]: Leaving directory '/home/echaudron/Documents/review/ovs_ilya_afxdp' > ovsdb-tool create conf.db > /home/echaudron/Documents/review/ovs_ilya_afxdp/vswitchd/vswitch.ovsschema > ovsdb-tool: symbol lookup error: /lib64/libxdp.so.1: undefined symbol: > silence_libbpf_logging > cat: > '/home/echaudron/Documents/review/ovs_ilya_afxdp/tutorial/sandbox/*.pid': No > such file or directory > > But this might be something specific to libxdp on my system, and libbpf :( Yeah, I guess libxdp and libbpf versions on f35 are not really compatible. We're not calling silence_libbpf_logging from OVS, so it's a call from the libbpf itself. > >> --- >> NEWS| 2 ++ >> acinclude.m4| 21 +- >> lib/automake.mk | 1 - >> lib/libopenvswitch.pc.in| 2 +- >> lib/netdev-afxdp-pool.c | 2 ++ >> lib/netdev-afxdp-pool.h | 5 - >> lib/netdev-afxdp.c | 38 ++--- >> rhel/openvswitch-fedora.spec.in | 2 +- >> 8 files changed, 46 insertions(+), 27
Re: [ovs-dev] [PATCH v2 7/7] rhel: Enable AF_XDP by default in Fedora builds.
On 12/20/22 14:34, Eelco Chaudron wrote: > > > On 19 Dec 2022, at 13:20, Ilya Maximets wrote: > >> All supported versions of Fedora do package libxdp and libbpf, so it >> makes sense to enable AF_XDP support. >> >> Control files for debian packaging are much less flexible, so its hard >> to enable AF_XDP builds while not breaking builds for version of Ubuntu >> and Debian that do not package libbpf or libxdp. >> >> Signed-off-by: Ilya Maximets > > Well not sure if this is true, as on my Fedora35 it seems to be broken :( > > I quickly tried it on a vagrant fedora35 instance, and the same problem. > It has the following (might be xdptools issue, but Toke is out). > > [vagrant@f35 ~]$ rpm -qa | grep -E "xdp|bpf" > libbpf-0.6.1-2.fc35.x86_64 > libbpf-devel-0.6.1-2.fc35.x86_64 > bpftool-5.19.4-100.fc35.x86_64 > libxdp-1.2.0-2.fc35.x86_64 > xdp-tools-1.2.0-2.fc35.x86_64 I guess, you might have the issue similar to what Frode had, because you have an old libbpf with a new libxdp. And they are likely incompatible. FWIW, f35 is EOL, so nobody should use it. :) > > //Eelco > >> --- >> rhel/openvswitch-fedora.spec.in | 4 ++-- >> 1 file changed, 2 insertions(+), 2 deletions(-) >> >> diff --git a/rhel/openvswitch-fedora.spec.in >> b/rhel/openvswitch-fedora.spec.in >> index fbfcdcf63..7676eb737 100644 >> --- a/rhel/openvswitch-fedora.spec.in >> +++ b/rhel/openvswitch-fedora.spec.in >> @@ -26,8 +26,8 @@ >> %bcond_without libcapng >> # To enable DPDK support, specify '--with dpdk' when building >> %bcond_with dpdk >> -# To enable AF_XDP support, specify '--with afxdp' when building >> -%bcond_with afxdp >> +# To disable AF_XDP support, specify '--without afxdp' when building >> +%bcond_without afxdp >> >> # If there is a need to automatically enable the package after installation, >> # specify the "--with autoenable" >> -- >> 2.38.1 > ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH v2 7/7] rhel: Enable AF_XDP by default in Fedora builds.
On 19 Dec 2022, at 13:20, Ilya Maximets wrote: > All supported versions of Fedora do package libxdp and libbpf, so it > makes sense to enable AF_XDP support. > > Control files for debian packaging are much less flexible, so its hard > to enable AF_XDP builds while not breaking builds for version of Ubuntu > and Debian that do not package libbpf or libxdp. > > Signed-off-by: Ilya Maximets Well not sure if this is true, as on my Fedora35 it seems to be broken :( I quickly tried it on a vagrant fedora35 instance, and the same problem. It has the following (might be xdptools issue, but Toke is out). [vagrant@f35 ~]$ rpm -qa | grep -E "xdp|bpf" libbpf-0.6.1-2.fc35.x86_64 libbpf-devel-0.6.1-2.fc35.x86_64 bpftool-5.19.4-100.fc35.x86_64 libxdp-1.2.0-2.fc35.x86_64 xdp-tools-1.2.0-2.fc35.x86_64 //Eelco > --- > rhel/openvswitch-fedora.spec.in | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/rhel/openvswitch-fedora.spec.in b/rhel/openvswitch-fedora.spec.in > index fbfcdcf63..7676eb737 100644 > --- a/rhel/openvswitch-fedora.spec.in > +++ b/rhel/openvswitch-fedora.spec.in > @@ -26,8 +26,8 @@ > %bcond_without libcapng > # To enable DPDK support, specify '--with dpdk' when building > %bcond_with dpdk > -# To enable AF_XDP support, specify '--with afxdp' when building > -%bcond_with afxdp > +# To disable AF_XDP support, specify '--without afxdp' when building > +%bcond_without afxdp > > # If there is a need to automatically enable the package after installation, > # specify the "--with autoenable" > -- > 2.38.1 ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH v2 6/7] acinclude.m4: Build with AF_XDP support by default if possible.
On 20 Dec 2022, at 14:24, Ilya Maximets wrote:
> On 12/20/22 14:19, Eelco Chaudron wrote:
>>
>>
>> On 19 Dec 2022, at 13:20, Ilya Maximets wrote:
>>
>>> With this change we will try to detect all the netdev-afxdp
>>> dependencies and enable AF_XDP support by default if they are
>>> present at the build time.
>>>
>>> Configuration script behaves in a following way:
>>>
>>> - ./configure --enable-afxdp
>>>
>>>Will check for AF_XDP dependencies and fail if they are
>>>not available.
>>>
>>> - ./configure --disable-afxdp
>>>
>>>Disables checking for AF_XDP. Build will not support
>>>AF_XDP even if all dependencies are installed.
>>>
>>> - Just ./configure or ./configure --enable-afxdp=auto
>>>
>>>Will check for AF_XDP dependencies. Will print a warning
>>>if they are not available, but will continue without AF_XDP
>>>support. If dependencies are available in a system, this
>>>option is equal to --enable-afxdp, except that AF_XDP will
>>>not be enabled for libbpf >= 0.7 if libxdp is not available,
>>>to avoid deprecation warnings during the build.
>>>
>>> '--disable-afxdp' added to the debian and fedora package builds
>>> to keep predictable behavior.
>>>
>>> Signed-off-by: Ilya Maximets
>>
>> I still don’t like building AF_XDP automatically, but looks like I’m the
>> only one ;)
>>
>>> ---
>>> Documentation/intro/install/afxdp.rst | 6 +-
>>> NEWS | 3 +
>>> acinclude.m4 | 89 ++-
>>> debian/rules | 25 +---
>>> rhel/openvswitch-fedora.spec.in | 2 +
>>> 5 files changed, 85 insertions(+), 40 deletions(-)
>>>
>>> diff --git a/Documentation/intro/install/afxdp.rst
>>> b/Documentation/intro/install/afxdp.rst
>>> index a4f0b87fe..51c24bf5b 100644
>>> --- a/Documentation/intro/install/afxdp.rst
>>> +++ b/Documentation/intro/install/afxdp.rst
>>> @@ -30,8 +30,7 @@ This document describes how to build and install Open
>>> vSwitch using
>>> AF_XDP netdev.
>>>
>>> .. warning::
>>> - The AF_XDP support of Open vSwitch is considered 'experimental',
>>> - and it is not compiled in by default.
>>> + The AF_XDP support of Open vSwitch is considered 'experimental'.
>>>
>>>
>>> Introduction
>>> @@ -137,6 +136,9 @@ bootstrap/configure the package::
>>>
>>>./boot.sh && ./configure --enable-afxdp
>>>
>>> +``--enable-afxdp`` here is optional, but it will ensure that all
>>> dependencies
>>> +are available at the build time.
>>> +
>>> Finally, build and install OVS::
>>>
>>>make && make install
>>> diff --git a/NEWS b/NEWS
>>> index 5d39c7d27..d2bbae591 100644
>>> --- a/NEWS
>>> +++ b/NEWS
>>> @@ -2,6 +2,9 @@ Post-v3.0.0
>>>
>>> - AF_XDP:
>>> * Added support for building with libxdp and libbpf >= 0.7.
>>> + * Support for AF_XDP is now enabled by default if all dependencies are
>>> + available at the build time. Use --disable-afxdp to disable.
>>> + Use --enable-afxdp to fail the build if dependencies are not
>>> present.
>>> - ovs-appctl:
>>> * "ovs-appctl ofproto/trace" command can now display port names with
>>> the
>>> "--names" option.
>>> diff --git a/acinclude.m4 b/acinclude.m4
>>> index aed01c967..8411c0e6c 100644
>>> --- a/acinclude.m4
>>> +++ b/acinclude.m4
>>> @@ -253,39 +253,72 @@ dnl OVS_CHECK_LINUX_AF_XDP
>>> dnl
>>> dnl Check both Linux kernel AF_XDP and libbpf/libxdp support
>>> AC_DEFUN([OVS_CHECK_LINUX_AF_XDP], [
>>> - AC_ARG_ENABLE([afxdp],
>>> -[AS_HELP_STRING([--enable-afxdp], [Enable AF-XDP
>>> support])],
>>> -[], [enable_afxdp=no])
>>> + AC_ARG_ENABLE(
>>> +[afxdp],
>>> +[AS_HELP_STRING([--disable-afxdp], [Disable AF-XDP support])],
>>> +[case "${enableval}" in
>>> + (yes | no | auto) ;;
>>> + (*) AC_MSG_ERROR([bad value ${enableval} for --enable-afxdp]) ;;
>>> + esac],
>>> +[enable_afxdp=auto])
>>> +
>>>AC_MSG_CHECKING([whether AF_XDP is enabled])
>>> - if test "$enable_afxdp" != yes; then
>>> + if test "$enable_afxdp" == no; then
>>> AC_MSG_RESULT([no])
>>> AF_XDP_ENABLE=false
>>>else
>>> -AC_MSG_RESULT([yes])
>>> +AC_MSG_RESULT([$enable_afxdp])
>>> AF_XDP_ENABLE=true
>>> -
>>> -AC_CHECK_HEADER([bpf/libbpf.h], [],
>>> - [AC_MSG_ERROR([unable to find bpf/libbpf.h for AF_XDP support])])
>>> -
>>> -AC_CHECK_HEADER([linux/if_xdp.h], [],
>>> - [AC_MSG_ERROR([unable to find linux/if_xdp.h for AF_XDP support])])
>>> -
>>> -AC_CHECK_HEADER([xdp/xsk.h],
>>> - AC_DEFINE([HAVE_LIBXDP], [1], [xsk.h is supplied with libxdp]),
>>> - AC_CHECK_HEADER([bpf/xsk.h], [],
>>> -[AC_MSG_ERROR([unable to find xsk.h for AF_XDP support])]))
>>> -
>>> -AC_CHECK_FUNCS([pthread_spin_lock], [],
>>> - [AC_MSG_ERROR([unable to find pthread_spin_lock for AF_XDP
>>> support])])
>>> -
>>> -OVS_FIND_DEPENDENCY([numa_alloc_onnode],
Re: [ovs-dev] [PATCH v2 6/7] acinclude.m4: Build with AF_XDP support by default if possible.
On 12/20/22 14:19, Eelco Chaudron wrote:
>
>
> On 19 Dec 2022, at 13:20, Ilya Maximets wrote:
>
>> With this change we will try to detect all the netdev-afxdp
>> dependencies and enable AF_XDP support by default if they are
>> present at the build time.
>>
>> Configuration script behaves in a following way:
>>
>> - ./configure --enable-afxdp
>>
>>Will check for AF_XDP dependencies and fail if they are
>>not available.
>>
>> - ./configure --disable-afxdp
>>
>>Disables checking for AF_XDP. Build will not support
>>AF_XDP even if all dependencies are installed.
>>
>> - Just ./configure or ./configure --enable-afxdp=auto
>>
>>Will check for AF_XDP dependencies. Will print a warning
>>if they are not available, but will continue without AF_XDP
>>support. If dependencies are available in a system, this
>>option is equal to --enable-afxdp, except that AF_XDP will
>>not be enabled for libbpf >= 0.7 if libxdp is not available,
>>to avoid deprecation warnings during the build.
>>
>> '--disable-afxdp' added to the debian and fedora package builds
>> to keep predictable behavior.
>>
>> Signed-off-by: Ilya Maximets
>
> I still don’t like building AF_XDP automatically, but looks like I’m the only
> one ;)
>
>> ---
>> Documentation/intro/install/afxdp.rst | 6 +-
>> NEWS | 3 +
>> acinclude.m4 | 89 ++-
>> debian/rules | 25 +---
>> rhel/openvswitch-fedora.spec.in | 2 +
>> 5 files changed, 85 insertions(+), 40 deletions(-)
>>
>> diff --git a/Documentation/intro/install/afxdp.rst
>> b/Documentation/intro/install/afxdp.rst
>> index a4f0b87fe..51c24bf5b 100644
>> --- a/Documentation/intro/install/afxdp.rst
>> +++ b/Documentation/intro/install/afxdp.rst
>> @@ -30,8 +30,7 @@ This document describes how to build and install Open
>> vSwitch using
>> AF_XDP netdev.
>>
>> .. warning::
>> - The AF_XDP support of Open vSwitch is considered 'experimental',
>> - and it is not compiled in by default.
>> + The AF_XDP support of Open vSwitch is considered 'experimental'.
>>
>>
>> Introduction
>> @@ -137,6 +136,9 @@ bootstrap/configure the package::
>>
>>./boot.sh && ./configure --enable-afxdp
>>
>> +``--enable-afxdp`` here is optional, but it will ensure that all
>> dependencies
>> +are available at the build time.
>> +
>> Finally, build and install OVS::
>>
>>make && make install
>> diff --git a/NEWS b/NEWS
>> index 5d39c7d27..d2bbae591 100644
>> --- a/NEWS
>> +++ b/NEWS
>> @@ -2,6 +2,9 @@ Post-v3.0.0
>>
>> - AF_XDP:
>> * Added support for building with libxdp and libbpf >= 0.7.
>> + * Support for AF_XDP is now enabled by default if all dependencies are
>> + available at the build time. Use --disable-afxdp to disable.
>> + Use --enable-afxdp to fail the build if dependencies are not present.
>> - ovs-appctl:
>> * "ovs-appctl ofproto/trace" command can now display port names with
>> the
>> "--names" option.
>> diff --git a/acinclude.m4 b/acinclude.m4
>> index aed01c967..8411c0e6c 100644
>> --- a/acinclude.m4
>> +++ b/acinclude.m4
>> @@ -253,39 +253,72 @@ dnl OVS_CHECK_LINUX_AF_XDP
>> dnl
>> dnl Check both Linux kernel AF_XDP and libbpf/libxdp support
>> AC_DEFUN([OVS_CHECK_LINUX_AF_XDP], [
>> - AC_ARG_ENABLE([afxdp],
>> -[AS_HELP_STRING([--enable-afxdp], [Enable AF-XDP support])],
>> -[], [enable_afxdp=no])
>> + AC_ARG_ENABLE(
>> +[afxdp],
>> +[AS_HELP_STRING([--disable-afxdp], [Disable AF-XDP support])],
>> +[case "${enableval}" in
>> + (yes | no | auto) ;;
>> + (*) AC_MSG_ERROR([bad value ${enableval} for --enable-afxdp]) ;;
>> + esac],
>> +[enable_afxdp=auto])
>> +
>>AC_MSG_CHECKING([whether AF_XDP is enabled])
>> - if test "$enable_afxdp" != yes; then
>> + if test "$enable_afxdp" == no; then
>> AC_MSG_RESULT([no])
>> AF_XDP_ENABLE=false
>>else
>> -AC_MSG_RESULT([yes])
>> +AC_MSG_RESULT([$enable_afxdp])
>> AF_XDP_ENABLE=true
>> -
>> -AC_CHECK_HEADER([bpf/libbpf.h], [],
>> - [AC_MSG_ERROR([unable to find bpf/libbpf.h for AF_XDP support])])
>> -
>> -AC_CHECK_HEADER([linux/if_xdp.h], [],
>> - [AC_MSG_ERROR([unable to find linux/if_xdp.h for AF_XDP support])])
>> -
>> -AC_CHECK_HEADER([xdp/xsk.h],
>> - AC_DEFINE([HAVE_LIBXDP], [1], [xsk.h is supplied with libxdp]),
>> - AC_CHECK_HEADER([bpf/xsk.h], [],
>> -[AC_MSG_ERROR([unable to find xsk.h for AF_XDP support])]))
>> -
>> -AC_CHECK_FUNCS([pthread_spin_lock], [],
>> - [AC_MSG_ERROR([unable to find pthread_spin_lock for AF_XDP support])])
>> -
>> -OVS_FIND_DEPENDENCY([numa_alloc_onnode], [numa], [libnuma])
>> -OVS_FIND_DEPENDENCY([libbpf_strerror], [bpf], [libbpf])
>> -AC_SEARCH_LIBS([libxdp_strerror], [xdp])
>> -
>> -AC_CHECK_FUNCS([bpf_xdp_query_id bpf_xdp_detach])
Re: [ovs-dev] [PATCH v2 6/7] acinclude.m4: Build with AF_XDP support by default if possible.
On 19 Dec 2022, at 13:20, Ilya Maximets wrote:
> With this change we will try to detect all the netdev-afxdp
> dependencies and enable AF_XDP support by default if they are
> present at the build time.
>
> Configuration script behaves in a following way:
>
> - ./configure --enable-afxdp
>
>Will check for AF_XDP dependencies and fail if they are
>not available.
>
> - ./configure --disable-afxdp
>
>Disables checking for AF_XDP. Build will not support
>AF_XDP even if all dependencies are installed.
>
> - Just ./configure or ./configure --enable-afxdp=auto
>
>Will check for AF_XDP dependencies. Will print a warning
>if they are not available, but will continue without AF_XDP
>support. If dependencies are available in a system, this
>option is equal to --enable-afxdp, except that AF_XDP will
>not be enabled for libbpf >= 0.7 if libxdp is not available,
>to avoid deprecation warnings during the build.
>
> '--disable-afxdp' added to the debian and fedora package builds
> to keep predictable behavior.
>
> Signed-off-by: Ilya Maximets
I still don’t like building AF_XDP automatically, but looks like I’m the only
one ;)
> ---
> Documentation/intro/install/afxdp.rst | 6 +-
> NEWS | 3 +
> acinclude.m4 | 89 ++-
> debian/rules | 25 +---
> rhel/openvswitch-fedora.spec.in | 2 +
> 5 files changed, 85 insertions(+), 40 deletions(-)
>
> diff --git a/Documentation/intro/install/afxdp.rst
> b/Documentation/intro/install/afxdp.rst
> index a4f0b87fe..51c24bf5b 100644
> --- a/Documentation/intro/install/afxdp.rst
> +++ b/Documentation/intro/install/afxdp.rst
> @@ -30,8 +30,7 @@ This document describes how to build and install Open
> vSwitch using
> AF_XDP netdev.
>
> .. warning::
> - The AF_XDP support of Open vSwitch is considered 'experimental',
> - and it is not compiled in by default.
> + The AF_XDP support of Open vSwitch is considered 'experimental'.
>
>
> Introduction
> @@ -137,6 +136,9 @@ bootstrap/configure the package::
>
>./boot.sh && ./configure --enable-afxdp
>
> +``--enable-afxdp`` here is optional, but it will ensure that all dependencies
> +are available at the build time.
> +
> Finally, build and install OVS::
>
>make && make install
> diff --git a/NEWS b/NEWS
> index 5d39c7d27..d2bbae591 100644
> --- a/NEWS
> +++ b/NEWS
> @@ -2,6 +2,9 @@ Post-v3.0.0
>
> - AF_XDP:
> * Added support for building with libxdp and libbpf >= 0.7.
> + * Support for AF_XDP is now enabled by default if all dependencies are
> + available at the build time. Use --disable-afxdp to disable.
> + Use --enable-afxdp to fail the build if dependencies are not present.
> - ovs-appctl:
> * "ovs-appctl ofproto/trace" command can now display port names with the
> "--names" option.
> diff --git a/acinclude.m4 b/acinclude.m4
> index aed01c967..8411c0e6c 100644
> --- a/acinclude.m4
> +++ b/acinclude.m4
> @@ -253,39 +253,72 @@ dnl OVS_CHECK_LINUX_AF_XDP
> dnl
> dnl Check both Linux kernel AF_XDP and libbpf/libxdp support
> AC_DEFUN([OVS_CHECK_LINUX_AF_XDP], [
> - AC_ARG_ENABLE([afxdp],
> -[AS_HELP_STRING([--enable-afxdp], [Enable AF-XDP support])],
> -[], [enable_afxdp=no])
> + AC_ARG_ENABLE(
> +[afxdp],
> +[AS_HELP_STRING([--disable-afxdp], [Disable AF-XDP support])],
> +[case "${enableval}" in
> + (yes | no | auto) ;;
> + (*) AC_MSG_ERROR([bad value ${enableval} for --enable-afxdp]) ;;
> + esac],
> +[enable_afxdp=auto])
> +
>AC_MSG_CHECKING([whether AF_XDP is enabled])
> - if test "$enable_afxdp" != yes; then
> + if test "$enable_afxdp" == no; then
> AC_MSG_RESULT([no])
> AF_XDP_ENABLE=false
>else
> -AC_MSG_RESULT([yes])
> +AC_MSG_RESULT([$enable_afxdp])
> AF_XDP_ENABLE=true
> -
> -AC_CHECK_HEADER([bpf/libbpf.h], [],
> - [AC_MSG_ERROR([unable to find bpf/libbpf.h for AF_XDP support])])
> -
> -AC_CHECK_HEADER([linux/if_xdp.h], [],
> - [AC_MSG_ERROR([unable to find linux/if_xdp.h for AF_XDP support])])
> -
> -AC_CHECK_HEADER([xdp/xsk.h],
> - AC_DEFINE([HAVE_LIBXDP], [1], [xsk.h is supplied with libxdp]),
> - AC_CHECK_HEADER([bpf/xsk.h], [],
> -[AC_MSG_ERROR([unable to find xsk.h for AF_XDP support])]))
> -
> -AC_CHECK_FUNCS([pthread_spin_lock], [],
> - [AC_MSG_ERROR([unable to find pthread_spin_lock for AF_XDP support])])
> -
> -OVS_FIND_DEPENDENCY([numa_alloc_onnode], [numa], [libnuma])
> -OVS_FIND_DEPENDENCY([libbpf_strerror], [bpf], [libbpf])
> -AC_SEARCH_LIBS([libxdp_strerror], [xdp])
> -
> -AC_CHECK_FUNCS([bpf_xdp_query_id bpf_xdp_detach])
> -
> -AC_DEFINE([HAVE_AF_XDP], [1],
> - [Define to 1 if AF_XDP support is available and enabled.])
> +failed_dep=none
> +dnl Saving libs to restore in case we will
Re: [ovs-dev] [PATCH v2 2/7] netdev-afxdp: Allow building with libxdp and newer libbpf.
On 20 Dec 2022, at 14:06, David Marchand wrote: > On Tue, Dec 20, 2022 at 2:01 PM Eelco Chaudron wrote: >> I have problems building this on my fedora35 system with >> gcc-11.3.1-3.fc35.x86_64: >> >> libtool: link: ( cd "include/openvswitch/.libs" && rm -f "libcxxtest.la" && >> ln -s "../libcxxtest.la" "libcxxtest.la" ) >> In file included from lib/netdev-linux-private.h:30, >> from lib/netdev-afxdp.c:19: >> In function ‘dp_packet_delete’, >> inlined from ‘dp_packet_delete’ at lib/dp-packet.h:246:1, >> inlined from ‘dp_packet_batch_add__’ at lib/dp-packet.h:775:9, >> inlined from ‘dp_packet_batch_add’ at lib/dp-packet.h:783:5, >> inlined from ‘netdev_afxdp_rxq_recv’ at lib/netdev-afxdp.c:894:9: >> lib/dp-packet.h:260:9: error: ‘free’ called on pointer ‘*umem.xpool.array’ >> with nonzero offset [8, 2558044588346441168] [-Werror=free-nonheap-object] >> 260 | free(b); >> | ^~~ >> >> Guess it does not recognise the (b->source == DPBUF_AFXDP) statement… >> >> This is my build config: >> >> ./configure --enable-Werror --enable-usdt-probes --localstatedir=/var >> --prefix=/usr --sysconfdir=/etc --enable-afxdp >> >> Guess this should be fixed before we enable afxdp by default? > > Same for me. > I have been scratching my head over this report... I wonder if this is > a compiler bug. I guess the compiler does not understand that we will always call dp_packet_delete() with the source being DPBUF_AFXDP, and don’t hit the free(). Guess we should probably disable the warning in this specific code path. //Eelco ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH v2 5/7] Documentation/afxdp: Use packaged libbpf/libxdp for the build.
On 19 Dec 2022, at 13:20, Ilya Maximets wrote: > Necessary bits was removed from the kernel's libbpf in 6.0 release, > so the instructions on how to build libbpf from kernel sources are > now incorrect. Suggest to use libbpf and libxdp packaged by > distributions instead. > > Signed-off-by: Ilya Maximets Changes look good to me. Acked-by: Eelco Chaudron ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH v2 2/7] netdev-afxdp: Allow building with libxdp and newer libbpf.
On Tue, Dec 20, 2022 at 2:01 PM Eelco Chaudron wrote: > I have problems building this on my fedora35 system with > gcc-11.3.1-3.fc35.x86_64: > > libtool: link: ( cd "include/openvswitch/.libs" && rm -f "libcxxtest.la" && > ln -s "../libcxxtest.la" "libcxxtest.la" ) > In file included from lib/netdev-linux-private.h:30, > from lib/netdev-afxdp.c:19: > In function ‘dp_packet_delete’, > inlined from ‘dp_packet_delete’ at lib/dp-packet.h:246:1, > inlined from ‘dp_packet_batch_add__’ at lib/dp-packet.h:775:9, > inlined from ‘dp_packet_batch_add’ at lib/dp-packet.h:783:5, > inlined from ‘netdev_afxdp_rxq_recv’ at lib/netdev-afxdp.c:894:9: > lib/dp-packet.h:260:9: error: ‘free’ called on pointer ‘*umem.xpool.array’ > with nonzero offset [8, 2558044588346441168] [-Werror=free-nonheap-object] > 260 | free(b); > | ^~~ > > Guess it does not recognise the (b->source == DPBUF_AFXDP) statement… > > This is my build config: > > ./configure --enable-Werror --enable-usdt-probes --localstatedir=/var > --prefix=/usr --sysconfdir=/etc --enable-afxdp > > Guess this should be fixed before we enable afxdp by default? Same for me. I have been scratching my head over this report... I wonder if this is a compiler bug. -- David Marchand ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH v2 4/7] github: Test AF_XDP build using libbpf instead of kernel sources.
On 19 Dec 2022, at 13:20, Ilya Maximets wrote:
> AF_XDP bits was removed from kernel's libbpf in 6.0. libbpf
> and libxdp are now primary way to build AF_XDP applications.
> Most of modern distributions are already packaging some version
> of libbpf, so it's better to test building with it instead
> of building old unsupported kernel tree.
>
> Ubuntu started packaging libxdp only in 22.10, so not using
> it for now.
>
> Kernel build infrastructure in CI scripts is not needed anymore.
> Removed.
>
> Signed-off-by: Ilya Maximets
Changes look good to me, I just hope that the issue I see on Fedora35 is not
compiler related and make it’s way to the distro used for testing.
Acked-by: Eelco Chaudron
> ---
> .ci/linux-build.sh | 77
> .github/workflows/build-and-test.yml | 10 ++--
> 2 files changed, 3 insertions(+), 84 deletions(-)
>
> diff --git a/.ci/linux-build.sh b/.ci/linux-build.sh
> index 6d2b90ccf..f492b8c47 100755
> --- a/.ci/linux-build.sh
> +++ b/.ci/linux-build.sh
> @@ -22,79 +22,6 @@ on_exit() {
> # them via a EXIT handler.
> [ -n "$GITHUB_WORKFLOW" ] || trap on_exit EXIT
>
> -function install_kernel()
> -{
> -if [[ "$1" =~ ^5.* ]]; then
> -PREFIX="v5.x"
> -elif [[ "$1" =~ ^4.* ]]; then
> -PREFIX="v4.x"
> -elif [[ "$1" =~ ^3.* ]]; then
> -PREFIX="v3.x"
> -else
> -PREFIX="v2.6/longterm/v2.6.32"
> -fi
> -
> -base_url="https://cdn.kernel.org/pub/linux/kernel/${PREFIX};
> -# Download page with list of all available kernel versions.
> -wget ${base_url}/
> -# Uncompress in case server returned gzipped page.
> -(file index* | grep ASCII) || (mv index* index.new.gz && gunzip index*)
> -# Get version of the latest stable release.
> -hi_ver=$(echo ${1} | sed 's/\./\\\./')
> -lo_ver=$(cat ./index* | grep -P -o "${hi_ver}\.[0-9]+" | \
> - sed 's/.*\..*\.\(.*\)/\1/' | sort -h | tail -1)
> -version="${1}.${lo_ver}"
> -
> -rm -rf index* linux-*
> -
> -url="${base_url}/linux-${version}.tar.xz"
> -# Download kernel sources. Try direct link on CDN failure.
> -wget ${url} ||
> -(rm -f linux-${version}.tar.xz && wget ${url}) ||
> -(rm -f linux-${version}.tar.xz && wget ${url/cdn/www})
> -
> -tar xvf linux-${version}.tar.xz > /dev/null
> -pushd linux-${version}
> -make allmodconfig
> -
> -# Cannot use CONFIG_KCOV: -fsanitize-coverage=trace-pc is not supported
> by compiler
> -sed -i 's/CONFIG_KCOV=y/CONFIG_KCOV=n/' .config
> -
> -# stack validation depends on tools/objtool, but objtool does not
> compile on travis.
> -# It is giving following error.
> -# >>> GEN arch/x86/insn/inat-tables.c
> -# >>> Semantic error at 40: Unknown imm opnd: AL
> -# So for now disable stack-validation for the build.
> -
> -sed -i 's/CONFIG_STACK_VALIDATION=y/CONFIG_STACK_VALIDATION=n/' .config
> -make oldconfig
> -
> -# Older kernels do not include openvswitch
> -if [ -d "net/openvswitch" ]; then
> -make net/openvswitch/
> -else
> -make net/bridge/
> -fi
> -
> -if [ "$AFXDP" ]; then
> -sudo make headers_install INSTALL_HDR_PATH=/usr
> -pushd tools/lib/bpf/
> -# Bulding with gcc because there are some issues in make files
> -# that breaks building libbpf with clang on Travis.
> -CC=gcc sudo make install
> -CC=gcc sudo make install_headers
> -sudo ldconfig
> -popd
> -# The Linux kernel defines __always_inline in stddef.h (283d7573),
> and
> -# sys/cdefs.h tries to re-define it. Older libc-dev package in
> xenial
> -# doesn't have a fix for this issue. Applying it manually.
> -sudo sed -i '/^# define __always_inline .*/i # undef
> __always_inline' \
> -/usr/include/x86_64-linux-gnu/sys/cdefs.h || true
> -EXTRA_OPTS="${EXTRA_OPTS} --enable-afxdp"
> -fi
> -popd
> -}
> -
> function install_dpdk()
> {
> local DPDK_VER=$1
> @@ -227,10 +154,6 @@ assert ovs.json.from_string('{\"a\": 42}') == {'a': 42}"
> exit 0
> fi
>
> -if [ "$KERNEL" ]; then
> -install_kernel $KERNEL
> -fi
> -
> if [ "$DPDK" ] || [ "$DPDK_SHARED" ]; then
> if [ -z "$DPDK_VER" ]; then
> DPDK_VER="22.11.1"
> diff --git a/.github/workflows/build-and-test.yml
> b/.github/workflows/build-and-test.yml
> index e08d7b1ba..286e088c8 100644
> --- a/.github/workflows/build-and-test.yml
> +++ b/.github/workflows/build-and-test.yml
> @@ -8,14 +8,12 @@ jobs:
>dependencies: |
> automake libtool gcc bc libjemalloc2 libjemalloc-dev\
> libssl-dev llvm-dev libelf-dev libnuma-dev libpcap-dev \
> -ninja-build selinux-policy-dev
> - AFXDP: ${{ matrix.afxdp }}
> +ninja-build selinux-policy-dev libbpf-dev
>ASAN:${{ matrix.asan }}
>UBSAN: ${{ matrix.ubsan }}
>CC:
Re: [ovs-dev] [PATCH v2 3/7] netdev-afxdp: Hide too large memset from sparse.
On 19 Dec 2022, at 13:20, Ilya Maximets wrote: > Sparse complains about 64M umem initialization. Hide it from > the checker instead of disabling a warning globally. > > SPARSE_FLAGS are kept in the CI script even though they are > empty at the moment. > > Signed-off-by: Ilya Maximets Looks good to me. Acked-by: Eelco Chaudron ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH v2 2/7] netdev-afxdp: Allow building with libxdp and newer libbpf.
On 19 Dec 2022, at 13:20, Ilya Maximets wrote: > AF_XDP functions was deprecated in libbpf 0.7 and moved to libxdp. > Functions bpf_get/set_link_xdp_id() was deprecated in libbpf 0.8 > and replaced with bpf_xdp_query_id() and bpf_xdp_attach/detach(). > > Updating configuration and source code to accommodate above changes > and allow building OVS with AF_XDP support on newer systems: > > - Checking availability of the libxdp in a system by looking >for a library providing libxdp_strerror(). > > - Checking for xsk.h header provided by libxdp-dev[el] first, >fall back to xsk.h from libbpf if not found. > > - Check for the NEED_WAKEUP feature replaced with direct checking >in the source code if XDP_USE_NEED_WAKEUP is defined. > > - Checking availability of bpf_xdp_query_id and bpf_xdp_detach >and using them instead of deprecated APIs. Fall back to old >functions if not found. So I guess this requires our build environment to match our runtime environment, as these functions are from dynamic libraries, not statically linked? I guess this is find, as long as people understand it. > > - Dropped LIBBPF_LDADD variable as it makes library and function >detection much harder without providing any actual benefits. >AC_SEARCH_LIBS is used instead and it allows use of AC_CHECK_FUNCS. > > - Header includes moved around to files where they are actually used. > > - Removed libelf dependency as it is not really used. > > With these changes it should be possible to build OVS with either: > > - libbpf built from the kernel sources (5.19 or older). > - libbpf < 0.7 provided in distributions. > - libxdp and libbpf >= 0.7 provided in newer distributions. > > libxdp added as a build dependency for Fedora build since all > supported versions of Fedora are packaging this library. > > Signed-off-by: Ilya Maximets I have problems building this on my fedora35 system with gcc-11.3.1-3.fc35.x86_64: libtool: link: ( cd "include/openvswitch/.libs" && rm -f "libcxxtest.la" && ln -s "../libcxxtest.la" "libcxxtest.la" ) In file included from lib/netdev-linux-private.h:30, from lib/netdev-afxdp.c:19: In function ‘dp_packet_delete’, inlined from ‘dp_packet_delete’ at lib/dp-packet.h:246:1, inlined from ‘dp_packet_batch_add__’ at lib/dp-packet.h:775:9, inlined from ‘dp_packet_batch_add’ at lib/dp-packet.h:783:5, inlined from ‘netdev_afxdp_rxq_recv’ at lib/netdev-afxdp.c:894:9: lib/dp-packet.h:260:9: error: ‘free’ called on pointer ‘*umem.xpool.array’ with nonzero offset [8, 2558044588346441168] [-Werror=free-nonheap-object] 260 | free(b); | ^~~ Guess it does not recognise the (b->source == DPBUF_AFXDP) statement… This is my build config: ./configure --enable-Werror --enable-usdt-probes --localstatedir=/var --prefix=/usr --sysconfdir=/etc --enable-afxdp Guess this should be fixed before we enable afxdp by default? Also when I build it without the Werror option I’m not able to start a sandbox: make[1]: Leaving directory '/home/echaudron/Documents/review/ovs_ilya_afxdp' ovsdb-tool create conf.db /home/echaudron/Documents/review/ovs_ilya_afxdp/vswitchd/vswitch.ovsschema ovsdb-tool: symbol lookup error: /lib64/libxdp.so.1: undefined symbol: silence_libbpf_logging cat: '/home/echaudron/Documents/review/ovs_ilya_afxdp/tutorial/sandbox/*.pid': No such file or directory But this might be something specific to libxdp on my system, and libbpf :( > --- > NEWS| 2 ++ > acinclude.m4| 21 +- > lib/automake.mk | 1 - > lib/libopenvswitch.pc.in| 2 +- > lib/netdev-afxdp-pool.c | 2 ++ > lib/netdev-afxdp-pool.h | 5 - > lib/netdev-afxdp.c | 38 ++--- > rhel/openvswitch-fedora.spec.in | 2 +- > 8 files changed, 46 insertions(+), 27 deletions(-) > > diff --git a/NEWS b/NEWS > index 265375e1c..5d39c7d27 100644 > --- a/NEWS > +++ b/NEWS > @@ -1,5 +1,7 @@ > Post-v3.0.0 > > + - AF_XDP: > + * Added support for building with libxdp and libbpf >= 0.7. > - ovs-appctl: > * "ovs-appctl ofproto/trace" command can now display port names with the > "--names" option. > diff --git a/acinclude.m4 b/acinclude.m4 > index aa9af5506..aed01c967 100644 > --- a/acinclude.m4 > +++ b/acinclude.m4 > @@ -251,7 +251,7 @@ AC_DEFUN([OVS_FIND_DEPENDENCY], [ > > dnl OVS_CHECK_LINUX_AF_XDP > dnl > -dnl Check both Linux kernel AF_XDP and libbpf support > +dnl Check both Linux kernel AF_XDP and libbpf/libxdp support > AC_DEFUN([OVS_CHECK_LINUX_AF_XDP], [ >AC_ARG_ENABLE([afxdp], > [AS_HELP_STRING([--enable-afxdp], [Enable AF-XDP support])], > @@ -270,23 +270,22 @@ AC_DEFUN([OVS_CHECK_LINUX_AF_XDP], [ > AC_CHECK_HEADER([linux/if_xdp.h], [], >[AC_MSG_ERROR([unable to find linux/if_xdp.h for AF_XDP support])]) > > -
Re: [ovs-dev] [PATCH ovn branch-22.03 1/2] Set release date for 22.03.2.
On 12/19/22 22:07, Mark Michelson wrote: > Signed-off-by: Mark Michelson > --- Acked-by: Dumitru Ceara Thanks, Dumitru ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH ovn branch-22.03 2/2] Prepare for 22.03.3.
On 12/19/22 22:07, Mark Michelson wrote: > Signed-off-by: Mark Michelson > --- Acked-by: Dumitru Ceara Thanks, Dumitru ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH ovn branch-22.06 2/2] Prepare for 22.06.2.
On 12/19/22 22:07, Mark Michelson wrote: > Signed-off-by: Mark Michelson > --- Acked-by: Dumitru Ceara Thanks, Dumitru ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH ovn branch-22.06 1/2] Set release date for 22.06.1.
On 12/19/22 22:07, Mark Michelson wrote: > Signed-off-by: Mark Michelson > --- Acked-by: Dumitru Ceara Thanks, Dumitru ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH ovn branch-22.09 2/2] Prepare for 22.09.2.
On 12/19/22 22:07, Mark Michelson wrote: > Signed-off-by: Mark Michelson > --- Acked-by: Dumitru Ceara Thanks, Dumitru ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH ovn branch-22.09 1/2] Set release date for 22.09.1.
On 12/19/22 22:07, Mark Michelson wrote: > Signed-off-by: Mark Michelson > --- Acked-by: Dumitru Ceara Thanks, Dumitru ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH] dpif: Fix tunnel key set for IPv6 tunnels with SLOW_ACTION.
On 12/7/22 17:17, Eelco Chaudron wrote:
> The dpif_execute_helper_cb() function is supposed to add the
> OVS_ACTION_ATTR_SET(OVS_KEY_ATTR_TUNNEL()) action to the
> list of actions when passing it down to the kernel.
>
> This function was only checking if the IPv4 destination
> address was set, not both. This patch fixes this, including
> a datapath testcase.
>
> Fixes: 076caa2fb077 ("ofproto: Meter translation.")
> Signed-off-by: Eelco Chaudron
> ---
> lib/dpif.c |2 +-
> tests/system-traffic.at | 44
> 2 files changed, 45 insertions(+), 1 deletion(-)
Hi, Eelco. Good catch!
I wonder if we can have a unit test instead of a system test here.
The issue doesn't seem to depend on the datapath implementation.
Maybe something similar to what we have in tests/tunnel-push-pop.at ?
We can set IPs and capture packets in pcap files on dummy ports
as well. Probably, the 'tunnel_push_pop - packet_out debug_slow'
test can be used as a reference.
A couple of small comments inline.
Best regards, Ilya Maximets.
>
> diff --git a/lib/dpif.c b/lib/dpif.c
> index 40f5fe446..fe4db83fb 100644
> --- a/lib/dpif.c
> +++ b/lib/dpif.c
> @@ -1213,7 +1213,7 @@ dpif_execute_helper_cb(void *aux_, struct
> dp_packet_batch *packets_,
> /* The Linux kernel datapath throws away the tunnel information
> * that we supply as metadata. We have to use a "set" action to
> * supply it. */
> -if (md->tunnel.ip_dst) {
> +if (flow_tnl_dst_is_set(>tunnel)) {
> odp_put_tunnel_action(>tunnel, _actions, NULL);
> }
> ofpbuf_put(_actions, action, NLA_ALIGN(action->nla_len));
> diff --git a/tests/system-traffic.at b/tests/system-traffic.at
> index e5403519f..91e15ddef 100644
> --- a/tests/system-traffic.at
> +++ b/tests/system-traffic.at
> @@ -855,6 +855,50 @@ NS_CHECK_EXEC([at_ns0], [ping -s 3200 -q -c 3 -i 0.3 -w
> 2 10.1.1.100 | FORMAT_PI
> OVS_TRAFFIC_VSWITCHD_STOP
> AT_CLEANUP
>
> +AT_SETUP([datapath - slow_action on geneve6 tunnel])
> +AT_SKIP_IF([test $HAVE_TCPDUMP = no])
> +OVS_CHECK_TUNNEL_TSO()
> +OVS_CHECK_GENEVE_UDP6ZEROCSUM()
> +
> +OVS_TRAFFIC_VSWITCHD_START()
> +ADD_BR([br-underlay])
> +
> +AT_CHECK([ovs-ofctl add-flow br0 "actions=normal"])
> +AT_CHECK([ovs-ofctl add-flow br-underlay "actions=normal"])
> +
> +ADD_NAMESPACES(at_ns0)
> +
> +dnl Set up underlay link from host into the namespace using veth pair.
> +ADD_VETH(p0, at_ns0, br-underlay, "fc00::1/64", [], [], "nodad")
> +AT_CHECK([ip addr add dev br-underlay "fc00::100/64" nodad])
> +AT_CHECK([ip link set dev br-underlay up])
> +
> +dnl Set up tunnel endpoints on OVS outside the namespace and with a native
> +dnl linux device inside the namespace.
> +ADD_OVS_TUNNEL6([geneve], [br0], [at_gnv0], [fc00::1], [10.1.1.100/24])
> +ADD_NATIVE_TUNNEL6([geneve], [ns_gnv0], [at_ns0], [fc00::100], [10.1.1.1/24],
> + [vni 0 udp6zerocsumtx udp6zerocsumrx])
> +AT_CHECK([ovs-ofctl add-flow br0 "table=37,actions=at_gnv0"])
> +
> +OVS_WAIT_UNTIL([ip netns exec at_ns0 ping6 -c 1 fc00::100])
> +
> +dnl First, check the underlay.
> +NS_CHECK_EXEC([at_ns0], [ping6 -q -c 3 -i 0.3 -w 2 fc00::100 | FORMAT_PING],
> [0], [dnl
> +3 packets transmitted, 3 received, 0% packet loss, time 0ms
> +])
> +
> +dnl Start tcpdump to capture the encapsulated packets.
> +NETNS_DAEMONIZE([at_ns0], [tcpdump -l -n -xx -U -i p0 > p0.pcap],
> [tcpdump.pid])
This doesn't generate a pcap file AFAICT, so the name p0.pcap is a bit
misleading.
> +sleep 1
> +
> +dnl Generate a single packet trough the controler that needs an ARP
> modification
> +AT_CHECK([ovs-ofctl -O OpenFlow15 packet-out br0 "in_port=controller
> packet=fa163e949d8008060001080006040001fa163e949d80c0a820300afe
>
> actions=set_field:0xaf4->reg1,move:NXM_NX_XXREG0[[64..95]]->NXM_OF_ARP_SPA[[]],resubmit(,37)"])
As an alternative, we may use 'actions=debug_slow,<...>' to force the
slow action execution in userspace. This should ensure that we're
testing what we want to test.
> +
> +dnl Stop OVS and tcpdump and verify the results.
> +OVS_TRAFFIC_VSWITCHD_STOP
> +AT_CHECK([grep -Eq "IP6 fc00::100\..*> fc00::1.geneve: Geneve, Flags
> \[[none\]], vni 0x0: ARP, Request who-has 10\.0\.0\.254 tell 10\.0\.0\.244,
> length 28" p0.pcap])
> +AT_CLEANUP
> +
> AT_SETUP([datapath - ping over gre tunnel by simulated packets])
> OVS_CHECK_TUNNEL_TSO()
> OVS_CHECK_MIN_KERNEL(3, 10)
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH v2 1/7] ci: Fix overriding OPTS provided from the yml.
On 19 Dec 2022, at 13:20, Ilya Maximets wrote:
> For GCC builds we're overriding --disable-ssl or --enable-shared
> options set up in the GHA yml file.
>
> Fix that by adding to EXTRA_OPTS instead.
>
> Fixes: 2581b0ad1159 ("travis: Combine kernel builds.")
> Signed-off-by: Ilya Maximets
Changes look good to me.
Acked-by: Eelco Chaudron
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH v2] stream-ssl: fix setting key and certificate
stream_ssl_set_key_and_cert is supposed to, whenever either the certificate or
the private key file changes, re-read both of them.
It was re-reading them only when both changed.
So, if, for instance, certificate was changed a few seconds only after changing
the key, the new key and certificate were never applied.
A few patches have been proposed on similar issues.
This patch tries to take into account the inputs/comments from them i.e.
- avoid crash on NULL private key and valid certificate
(from d5d0c94551b6 ("stream-ssl: Fix crash on NULL private key and valid
certificate."))
- avoid breaking setup while the second component is not updated
(from
https://patchwork.ozlabs.org/project/openvswitch/patch/20210513213311.1870647-1-hz...@ovn.org/
- update key and cert, if they are valid.
Fixes: d5d0c94551b6 ("stream-ssl: Fix crash on NULL private key and valid
certificate.")
Signed-off-by: Xavier Simonart
---
v2: fix 'rl' shadows an earlier one
---
lib/stream-ssl.c | 115 +++---
tests/ovsdb-server.at | 36 +
2 files changed, 121 insertions(+), 30 deletions(-)
diff --git a/lib/stream-ssl.c b/lib/stream-ssl.c
index 62da9febb..0bfe49b4c 100644
--- a/lib/stream-ssl.c
+++ b/lib/stream-ssl.c
@@ -76,6 +76,12 @@ enum session_type {
SERVER
};
+enum ssl_update_result {
+SSL_UPDATE_ERROR,
+SSL_NOT_UPDATED,
+SSL_UPDATED
+};
+
struct ssl_stream
{
struct stream stream;
@@ -186,6 +192,7 @@ static unsigned int next_session_nr;
static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(10, 25);
static int ssl_init(void);
+static SSL_CTX *new_ssl_ctx(void);
static int do_ssl_init(void);
static bool ssl_wants_io(int ssl_error);
static void ssl_close(struct stream *);
@@ -201,7 +208,8 @@ static void stream_ssl_set_ca_cert_file__(const char
*file_name,
bool bootstrap, bool force);
static void ssl_protocol_cb(int write_p, int version, int content_type,
const void *, size_t, SSL *, void *sslv_);
-static bool update_ssl_config(struct ssl_config_file *, const char *file_name);
+static enum ssl_update_result update_ssl_config(struct ssl_config_file *,
+const char *file_name);
static int sock_errno(void);
static short int
@@ -1010,11 +1018,39 @@ ssl_init(void)
return init_status;
}
-static int
-do_ssl_init(void)
+static SSL_CTX *
+new_ssl_ctx(void)
{
SSL_METHOD *method;
+/* OpenSSL has a bunch of "connection methods": SSLv2_method(),
+ * SSLv3_method(), TLSv1_method(), SSLv23_method(), ... Most of these
+ * support exactly one version of SSL, e.g. TLSv1_method() supports TLSv1
+ * only, not any earlier *or later* version. The only exception is
+ * SSLv23_method(), which in fact supports *any* version of SSL and TLS.
+ * We don't want SSLv2 or SSLv3 support, so we turn it off below with
+ * SSL_CTX_set_options().
+ *
+ * The cast is needed to avoid a warning with newer versions of OpenSSL in
+ * which SSLv23_method() returns a "const" pointer. */
+method = CONST_CAST(SSL_METHOD *, SSLv23_method());
+if (method == NULL) {
+VLOG_ERR("TLSv1_method: %s", ERR_error_string(ERR_get_error(), NULL));
+return NULL;
+}
+
+SSL_CTX *new_ctx = SSL_CTX_new(method);
+if (new_ctx == NULL) {
+VLOG_ERR_RL(, "SSL_new: %s",
+ERR_error_string(ERR_get_error(), NULL));
+return NULL;
+}
+return new_ctx;
+}
+
+static int
+do_ssl_init(void)
+{
#if OPENSSL_VERSION_NUMBER < 0x1010L || defined (LIBRESSL_VERSION_NUMBER)
#ifdef _WIN32
/* The following call is needed if we "#include ". */
@@ -1054,25 +1090,8 @@ do_ssl_init(void)
RAND_seed(seed, sizeof seed);
}
-/* OpenSSL has a bunch of "connection methods": SSLv2_method(),
- * SSLv3_method(), TLSv1_method(), SSLv23_method(), ... Most of these
- * support exactly one version of SSL, e.g. TLSv1_method() supports TLSv1
- * only, not any earlier *or later* version. The only exception is
- * SSLv23_method(), which in fact supports *any* version of SSL and TLS.
- * We don't want SSLv2 or SSLv3 support, so we turn it off below with
- * SSL_CTX_set_options().
- *
- * The cast is needed to avoid a warning with newer versions of OpenSSL in
- * which SSLv23_method() returns a "const" pointer. */
-method = CONST_CAST(SSL_METHOD *, SSLv23_method());
-if (method == NULL) {
-VLOG_ERR("TLSv1_method: %s", ERR_error_string(ERR_get_error(), NULL));
-return ENOPROTOOPT;
-}
-
-ctx = SSL_CTX_new(method);
+ctx = new_ssl_ctx();
if (ctx == NULL) {
-VLOG_ERR("SSL_CTX_new: %s", ERR_error_string(ERR_get_error(), NULL));
return ENOPROTOOPT;
}
SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
@@ -1132,14 +1151,19 @@ stream_ssl_is_configured(void)
Re: [ovs-dev] 回复: [PATCH 6/6] ci: add the opts about ALLOW_EXPERIMENTAL_API
On Mon, Dec 19, 2022 at 03:39:50PM +0100, Ilya Maximets wrote: > On 12/17/22 07:15, Nole Zhang wrote: > > > > > >> -邮件原件- > >> 发件人: David Marchand > >> 发送时间: 2022年12月17日 4:02 > >> 收件人: Simon Horman > >> 抄送: d...@openvswitch.org; Eli Britstein ; Chaoyong He > >> ; oss-drivers ; Ilya > >> Maximets ; Nole Zhang > >> 主题: Re: [ovs-dev] [PATCH 6/6] ci: add the opts about > >> ALLOW_EXPERIMENTAL_API > >> > >> [You don't often get email from david.march...@redhat.com. Learn why this > >> is important at https://aka.ms/LearnAboutSenderIdentification ] > >> > >> On Fri, Dec 16, 2022 at 4:52 PM Simon Horman > >> wrote: > >>> > >>> From: Peng Zhang > >>> > >>> This commit adds support for OVS-DPDK with > >> -DALLOW_EXPERIMENTAL_API. > >>> > >>> Tunnel offloads and Meter offloads are experimental APIs in DPDK. To > >>> enable these features, compile need add -DALLOW_EXPERIMENTAL_API. So > >>> in workflow, we also need need the new test with > >>> -DALLOW_EXPERIMENTAL_API. > >>> > >>> Signed-off-by: Peng Zhang > >> > >> We have a similar patch in the dpdk-latest branch. > >> https://github.com/openvswitch/ovs/commit/a8f6be98801f0c43d52173843d > >> 649df2af5e1c0d > >> Is something wrong with it? > > > > The patch is good for me, I just didn't notice it,thanks for your notice. > > I think, the main thing is that this patch set needs to be posted > against dpdk-latest branch, i.e. has the '[PATCH dpdk-latest]' > subject prefix. Changes that are using experimental DPDK features > are supposed to be developed and can be accepted in that branch. Thanks Ilya, got it. Will do so with v2. > We did an exception in the past and accepted experimental tunnel > offloading support because it required extensive changes in many > generic parts of OVS and it would be a burden trying to maintain it > separately. But the time showed that it wasn't a good decision. > I'm actually considering a possibility of removing that support > because current DPDK API for tunnel offloading is not usable in > most cases [1]. It requires changes, but not going anywhere AFAIK. > > [1] https://inbox.dpdk.org/dev/5248c2ca-f2a6-3fb0-38b8-7f659bfa4...@ovn.org/ > > Best regards, Ilya Maximets. ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH] [ovs-dev v2] dpctl: Add support to count upcall packets
On 15 Dec 2022, at 2:01, wangchuanlei wrote:
> Add support to count upall packets, when kmod of openvswitch upcall to
> count the number of packets for upcall succeed and failed, which is a
> better way to see how many packets upcalled on every interfaces.
>
> Signed-off-by: wangchuanlei
> ---
Hi,
Thanks for this patch, see comments below.
//Eelco
>
> ovs-kmod already support count statistic of interfaces, the link is
> below, and this commit is the part of userspace.
>
> https://git.kernel.org/netdev/net-next/c/1933ea365aa7
>
> note: this commit is compatible with old version of ovs-kmod, that is,
> even the kernel is older, and do not support count statistic of
> interfaces(do not have the code in upper link), this part of code is
> still stable!
>
> include/linux/openvswitch.h | 19 +++
> include/openvswitch/netdev.h | 3 +++
> lib/dpctl.c | 2 ++
> lib/dpif-netlink.c | 13 +
> lib/dpif-netlink.h | 2 ++
> lib/netdev-linux.c | 8
> 6 files changed, 47 insertions(+)
>
> diff --git a/include/linux/openvswitch.h b/include/linux/openvswitch.h
> index 8bb5abdc8..ff2dc58c9 100644
> --- a/include/linux/openvswitch.h
> +++ b/include/linux/openvswitch.h
> @@ -141,6 +141,11 @@ struct ovs_vport_stats {
> __u64 tx_dropped; /* no space available in linux */
> };
>
> +struct ovs_vport_upcall_stats {
> + uint64_t tx_success; /* total packets upcall succeed */
> + uint64_t tx_fail; /* total packets upcall failed */
> +};
> +
This is a Linux include file, so it should be aligned with the Linux include.
This structure is not in the Linux UAPI, so please move it to a different
include file.
Also if you move it to an OVS include, make sure comments start with a capital
letter and end with a dot.
> /* Allow last Netlink attribute to be unaligned */
> #define OVS_DP_F_UNALIGNED (1 << 0)
>
> @@ -301,11 +306,25 @@ enum ovs_vport_attr {
> OVS_VPORT_ATTR_PAD,
> OVS_VPORT_ATTR_IFINDEX,
> OVS_VPORT_ATTR_NETNSID,
> + OVS_VPORT_ATTR_UPCALL_STATS,
> __OVS_VPORT_ATTR_MAX
> };
>
> #define OVS_VPORT_ATTR_MAX (__OVS_VPORT_ATTR_MAX - 1)
>
> +/**
> +* enum OVS_VPORT_UPCALL_ATTR -- attributes for %OVS_VPORT_UPCALL* commands
> +* @OVS_VPORT_UPCALL_ATTR_SUCCESS: 64-bit upcall success packets.
> +* @OVS_VPORT_UPCALL_ATTR_FAIL: 64-bit upcall fail packets.
> +*/
> +enum OVS_VPORT_UPCALL_ATTR {
In the Linux include ovs_vport_upcall_attr is lower case, can we make sure we
copy the exact content from the Linux include?
> + OVS_VPORT_UPCALL_ATTR_SUCCESS,
> + OVS_VPORT_UPCALL_ATTR_FAIL,
> + __OVS_VPORT_UPCALL_ATTR_MAX,
> +};
> +
> +#define OVS_VPORT_UPCALL_ATTR_MAX (__OVS_VPORT_UPCALL_ATTR_MAX - 1)
> +
> enum {
> OVS_VXLAN_EXT_UNSPEC,
> OVS_VXLAN_EXT_GBP,
> diff --git a/include/openvswitch/netdev.h b/include/openvswitch/netdev.h
> index 0c10f7b48..ed1bf73dc 100644
> --- a/include/openvswitch/netdev.h
> +++ b/include/openvswitch/netdev.h
> @@ -87,6 +87,9 @@ struct netdev_stats {
> uint64_t rx_oversize_errors;
> uint64_t rx_fragmented_errors;
> uint64_t rx_jabber_errors;
Can we add a comment here explaining what these stats are? Especially as tx
sounds like we are sending them out, maybe we should rename them to rx from an
OVS point of view.
> +
> +uint64_t tx_upcall_success;
> +uint64_t tx_upcall_fail;
> };
>
> /* Structure representation of custom statistics counter */
> diff --git a/lib/dpctl.c b/lib/dpctl.c
> index 29041fa3e..d03d84fe6 100644
> --- a/lib/dpctl.c
> +++ b/lib/dpctl.c
> @@ -742,6 +742,8 @@ show_dpif(struct dpif *dpif, struct dpctl_params *dpctl_p)
> dpctl_print(dpctl_p, "\n");
>
> print_stat(dpctl_p, "collisions:", s.collisions);
> +print_stat(dpctl_p, " upcall success:", s.tx_upcall_success);
> +print_stat(dpctl_p, " upcall fail:", s.tx_upcall_fail);
As mentioned above, we should maybe move it to the RX section?
> dpctl_print(dpctl_p, "\n");
>
> print_stat(dpctl_p, "RX bytes:", s.rx_bytes);
> diff --git a/lib/dpif-netlink.c b/lib/dpif-netlink.c
> index 026b0daa8..492f0ee72 100644
> --- a/lib/dpif-netlink.c
> +++ b/lib/dpif-netlink.c
> @@ -4685,6 +4685,8 @@ dpif_netlink_vport_from_ofpbuf(struct
> dpif_netlink_vport *vport,
> .optional = true },
> [OVS_VPORT_ATTR_OPTIONS] = { .type = NL_A_NESTED, .optional = true },
> [OVS_VPORT_ATTR_NETNSID] = { .type = NL_A_U32, .optional = true },
> +[OVS_VPORT_ATTR_UPCALL_STATS] = { .type = NL_A_NESTED,
> + .optional = true },
Alignment is off.
[OVS_VPORT_ATTR_UPCALL_STATS] = { .type = NL_A_NESTED,
.optional = true },
> };
>
> dpif_netlink_vport_init(vport);
> @@ -4716,6 +4718,17 @@
Re: [ovs-dev] [syzbot] KASAN: use-after-free Read in ovs_vport_locate
On Tue, 2022-12-20 at 00:22 -0800, syzbot wrote: > HEAD commit:041fae9c105a Merge tag 'f2fs-for-6.2-rc1' of git://git.ker.. > git tree: upstream > console output: https://syzkaller.appspot.com/x/log.txt?x=15c5d02048 > kernel config: https://syzkaller.appspot.com/x/.config?x=836aafbf33f4fa6c > dashboard link: https://syzkaller.appspot.com/bug?extid=8f4e2dcfcb3209ac35f9 > compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils > for Debian) 2.35.2 > > Unfortunately, I don't have any reproducer for this issue yet. > > Downloadable assets: > disk image: > https://storage.googleapis.com/syzbot-assets/30e749b24df4/disk-041fae9c.raw.xz > vmlinux: > https://storage.googleapis.com/syzbot-assets/dd6d972f5b02/vmlinux-041fae9c.xz > kernel image: > https://storage.googleapis.com/syzbot-assets/405163d7c7cc/bzImage-041fae9c.xz > > IMPORTANT: if you fix the issue, please add the following tag to the commit: > Reported-by: syzbot+8f4e2dcfcb3209ac3...@syzkaller.appspotmail.com > > netlink: 208 bytes leftover after parsing attributes in process > `syz-executor.4'. > == > BUG: KASAN: use-after-free in read_pnet include/net/net_namespace.h:383 > [inline] > BUG: KASAN: use-after-free in ovs_dp_get_net net/openvswitch/datapath.h:195 > [inline] > BUG: KASAN: use-after-free in ovs_vport_locate+0x131/0x150 > net/openvswitch/vport.c:103 > Read of size 8 at addr 88802055e360 by task syz-executor.4/5621 > > CPU: 0 PID: 5621 Comm: syz-executor.4 Not tainted > 6.1.0-syzkaller-10971-g041fae9c105a #0 > Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS > Google 10/26/2022 > Call Trace: > > __dump_stack lib/dump_stack.c:88 [inline] > dump_stack_lvl+0xd1/0x138 lib/dump_stack.c:106 > print_address_description mm/kasan/report.c:306 [inline] > print_report+0x15e/0x461 mm/kasan/report.c:417 > kasan_report+0xbf/0x1f0 mm/kasan/report.c:517 > read_pnet include/net/net_namespace.h:383 [inline] > ovs_dp_get_net net/openvswitch/datapath.h:195 [inline] > ovs_vport_locate+0x131/0x150 net/openvswitch/vport.c:103 > lookup_datapath+0x54/0x3a0 net/openvswitch/datapath.c:1628 > ovs_dp_reset_user_features net/openvswitch/datapath.c:1639 [inline] > ovs_dp_cmd_new+0xd5b/0x11c0 net/openvswitch/datapath.c:1848 > genl_family_rcv_msg_doit.isra.0+0x1e6/0x2d0 net/netlink/genetlink.c:968 > genl_family_rcv_msg net/netlink/genetlink.c:1048 [inline] > genl_rcv_msg+0x4ff/0x7e0 net/netlink/genetlink.c:1065 > netlink_rcv_skb+0x165/0x440 net/netlink/af_netlink.c:2564 > genl_rcv+0x28/0x40 net/netlink/genetlink.c:1076 > netlink_unicast_kernel net/netlink/af_netlink.c:1330 [inline] > netlink_unicast+0x547/0x7f0 net/netlink/af_netlink.c:1356 > netlink_sendmsg+0x91b/0xe10 net/netlink/af_netlink.c:1932 > sock_sendmsg_nosec net/socket.c:714 [inline] > sock_sendmsg+0xd3/0x120 net/socket.c:734 > sys_sendmsg+0x712/0x8c0 net/socket.c:2476 > ___sys_sendmsg+0x110/0x1b0 net/socket.c:2530 > __sys_sendmsg+0xf7/0x1c0 net/socket.c:2559 > do_syscall_x64 arch/x86/entry/common.c:50 [inline] > do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80 > entry_SYSCALL_64_after_hwframe+0x63/0xcd > RIP: 0033:0x7f142348c0d9 > Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 > 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 > 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 > RSP: 002b:7f14240ff168 EFLAGS: 0246 ORIG_RAX: 002e > RAX: ffda RBX: 7f14235abf80 RCX: 7f142348c0d9 > RDX: 0800 RSI: 2100 RDI: 0003 > RBP: 7f14234e7ae9 R08: R09: > R10: R11: 0246 R12: > R13: 7ffdd965a34f R14: 7f14240ff300 R15: 00022000 > > > Allocated by task 5564: > kasan_save_stack+0x22/0x40 mm/kasan/common.c:45 > kasan_set_track+0x25/0x30 mm/kasan/common.c:52 > kasan_kmalloc mm/kasan/common.c:371 [inline] > kasan_kmalloc mm/kasan/common.c:330 [inline] > __kasan_kmalloc+0xa3/0xb0 mm/kasan/common.c:380 > kmalloc include/linux/slab.h:580 [inline] > kzalloc include/linux/slab.h:720 [inline] > ovs_dp_cmd_new+0x1a3/0x11c0 net/openvswitch/datapath.c:1796 > genl_family_rcv_msg_doit.isra.0+0x1e6/0x2d0 net/netlink/genetlink.c:968 > genl_family_rcv_msg net/netlink/genetlink.c:1048 [inline] > genl_rcv_msg+0x4ff/0x7e0 net/netlink/genetlink.c:1065 > netlink_rcv_skb+0x165/0x440 net/netlink/af_netlink.c:2564 > genl_rcv+0x28/0x40 net/netlink/genetlink.c:1076 > netlink_unicast_kernel net/netlink/af_netlink.c:1330 [inline] > netlink_unicast+0x547/0x7f0 net/netlink/af_netlink.c:1356 > netlink_sendmsg+0x91b/0xe10 net/netlink/af_netlink.c:1932 > sock_sendmsg_nosec net/socket.c:714 [inline] > sock_sendmsg+0xd3/0x120 net/socket.c:734 > sys_sendmsg+0x712/0x8c0 net/socket.c:2476 > ___sys_sendmsg+0x110/0x1b0 net/socket.c:2530 >
[ovs-dev] [PATCH ovs] stream-ssl: fix setting key and certificate
stream_ssl_set_key_and_cert is supposed to, whenever either the certificate or
the private key file changes, re-read both of them.
It was re-reading them only when both changed.
So, if, for instance, certificate was changed a few seconds only after changing
the key, the new key and certificate were never applied.
A few patches have been proposed on similar issues.
This patch tries to take into account the inputs/comments from them i.e.
- avoid crash on NULL private key and valid certificate
(from d5d0c94551b6 ("stream-ssl: Fix crash on NULL private key and valid
certificate."))
- avoid breaking setup while the second component is not updated
(from
https://patchwork.ozlabs.org/project/openvswitch/patch/20210513213311.1870647-1-hz...@ovn.org/
- update key and cert, if they are valid.
Fixes: d5d0c94551b6 ("stream-ssl: Fix crash on NULL private key and valid
certificate.")
Signed-off-by: Xavier Simonart
---
lib/stream-ssl.c | 117 +++---
tests/ovsdb-server.at | 36 +
2 files changed, 123 insertions(+), 30 deletions(-)
diff --git a/lib/stream-ssl.c b/lib/stream-ssl.c
index 62da9febb..2c5aa36f8 100644
--- a/lib/stream-ssl.c
+++ b/lib/stream-ssl.c
@@ -76,6 +76,12 @@ enum session_type {
SERVER
};
+enum ssl_update_result {
+SSL_UPDATE_ERROR,
+SSL_NOT_UPDATED,
+SSL_UPDATED
+};
+
struct ssl_stream
{
struct stream stream;
@@ -186,6 +192,7 @@ static unsigned int next_session_nr;
static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(10, 25);
static int ssl_init(void);
+static SSL_CTX *new_ssl_ctx(void);
static int do_ssl_init(void);
static bool ssl_wants_io(int ssl_error);
static void ssl_close(struct stream *);
@@ -201,7 +208,8 @@ static void stream_ssl_set_ca_cert_file__(const char
*file_name,
bool bootstrap, bool force);
static void ssl_protocol_cb(int write_p, int version, int content_type,
const void *, size_t, SSL *, void *sslv_);
-static bool update_ssl_config(struct ssl_config_file *, const char *file_name);
+static enum ssl_update_result update_ssl_config(struct ssl_config_file *,
+const char *file_name);
static int sock_errno(void);
static short int
@@ -1010,11 +1018,39 @@ ssl_init(void)
return init_status;
}
-static int
-do_ssl_init(void)
+static SSL_CTX *
+new_ssl_ctx(void)
{
SSL_METHOD *method;
+/* OpenSSL has a bunch of "connection methods": SSLv2_method(),
+ * SSLv3_method(), TLSv1_method(), SSLv23_method(), ... Most of these
+ * support exactly one version of SSL, e.g. TLSv1_method() supports TLSv1
+ * only, not any earlier *or later* version. The only exception is
+ * SSLv23_method(), which in fact supports *any* version of SSL and TLS.
+ * We don't want SSLv2 or SSLv3 support, so we turn it off below with
+ * SSL_CTX_set_options().
+ *
+ * The cast is needed to avoid a warning with newer versions of OpenSSL in
+ * which SSLv23_method() returns a "const" pointer. */
+method = CONST_CAST(SSL_METHOD *, SSLv23_method());
+if (method == NULL) {
+VLOG_ERR("TLSv1_method: %s", ERR_error_string(ERR_get_error(), NULL));
+return NULL;
+}
+
+SSL_CTX *new_ctx = SSL_CTX_new(method);
+if (new_ctx == NULL) {
+VLOG_ERR_RL(, "SSL_new: %s",
+ERR_error_string(ERR_get_error(), NULL));
+return NULL;
+}
+return new_ctx;
+}
+
+static int
+do_ssl_init(void)
+{
#if OPENSSL_VERSION_NUMBER < 0x1010L || defined (LIBRESSL_VERSION_NUMBER)
#ifdef _WIN32
/* The following call is needed if we "#include ". */
@@ -1054,25 +1090,8 @@ do_ssl_init(void)
RAND_seed(seed, sizeof seed);
}
-/* OpenSSL has a bunch of "connection methods": SSLv2_method(),
- * SSLv3_method(), TLSv1_method(), SSLv23_method(), ... Most of these
- * support exactly one version of SSL, e.g. TLSv1_method() supports TLSv1
- * only, not any earlier *or later* version. The only exception is
- * SSLv23_method(), which in fact supports *any* version of SSL and TLS.
- * We don't want SSLv2 or SSLv3 support, so we turn it off below with
- * SSL_CTX_set_options().
- *
- * The cast is needed to avoid a warning with newer versions of OpenSSL in
- * which SSLv23_method() returns a "const" pointer. */
-method = CONST_CAST(SSL_METHOD *, SSLv23_method());
-if (method == NULL) {
-VLOG_ERR("TLSv1_method: %s", ERR_error_string(ERR_get_error(), NULL));
-return ENOPROTOOPT;
-}
-
-ctx = SSL_CTX_new(method);
+ctx = new_ssl_ctx();
if (ctx == NULL) {
-VLOG_ERR("SSL_CTX_new: %s", ERR_error_string(ERR_get_error(), NULL));
return ENOPROTOOPT;
}
SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
@@ -1132,14 +1151,19 @@ stream_ssl_is_configured(void)
return private_key.file_name ||
