On Wed, Mar 9, 2016 at 1:51 PM, Russell Bryant wrote:
>
> Apply some minor updates to the description of flows related to ACLs.
>
> Signed-off-by: Russell Bryant
> ---
> ovn/northd/ovn-northd.8.xml | 8 +---
> ovn/ovn-sb.xml | 11 +--
> 2 files changed, 14 insertions(+)
On Wed, Mar 9, 2016 at 1:51 PM, Russell Bryant wrote:
>
> Update the "ct_commit;" logical flow action to optionally take a
> parameter, setting the value of "ct_mark" to a 32-bit integer.
> Supported ct_commit syntax now includes:
>
> ct_commit;
> ct_commit();
> ct_commit(ct_mark=1);
>
On Wed, Mar 9, 2016 at 1:51 PM, Russell Bryant wrote:
>
> Prior to this commit, once a connection had been committed to the
> connection tracker, the connection would continue to be allowed, even
> if the policy defined in the ACL table changed. This patch changes
> the implementation so that exi
Requirements
OVN uses two databases, the "northbound" and "southbound" databases,
in a somewhat idiosyncratic manner. Each client of one of these
databases maintains an in-memory replica of the database (or some
subset of it), and the server sends it updates to this replica as they
a
On Wed, Mar 9, 2016 at 1:32 PM, Ryan Moats wrote:
>
>
>
> "dev" wrote on 03/09/2016 03:12:07 PM:
>
> > From: Russell Bryant
> > To: ovs dev
> > Date: 03/09/2016 03:12 PM
> > Subject: [ovs-dev] [RFC] OVN northbound address sets
> > Sent by: "dev"
> >
> > I'd like to propose a new feature for th
rhel packaging for OVN is split to host(controller), central(northd),
common(command line utilities) and docker(docker network plugin). This is
similar to OVN packaging for Debian.
Signed-off-by: Babu Shanmugam
---
rhel/openvswitch-fedora.spec.in | 106 +++-
1
Hi Andy, thanks for fixing this.
On 9 March 2016 at 18:05, Andy Zhou wrote:
> From: Daniele Di Proietto
As a general rule, it's nice to have the commit id direct in the
message to show the upstream commit being backported. I've been doing
it like this at the start of the message:
Upstream: e88
Hi Jarno,
Thanks for working on this. Mostly just a few style things around #ifdefs below.
On 9 March 2016 at 15:10, Jarno Rajahalme wrote:
> Extend OVS conntrack interface to cover NAT. New nested
> OVS_CT_ATTR_NAT attribute may be used to include NAT with a CT action.
> A bare OVS_CT_ATTR_NAT
On 9 March 2016 at 15:10, Jarno Rajahalme wrote:
> There is no need to help connections that are not confirmed, so we can
> delay helping new connections to the time when they are confirmed.
> This change is needed for NAT support, and having this as a separate
> patch will make the following NAT
On 9 March 2016 at 15:10, Jarno Rajahalme wrote:
> Add a new function ovs_ct_find_existing() to find an existing
> conntrack entry for which this packet was already applied to. This is
> only to be called when there is evidence that the packet was already
> tracked and committed, but we lost the
On 9 March 2016 at 15:10, Jarno Rajahalme wrote:
> Only a successful nf_conntrack_in() call can effect a connection state
> change, so if suffices to update the key only after the
> nf_conntrack_in() returns.
"it" suffices to update...
> This change is needed for the later NAT patches.
>
> Signe
From: Daniele Di Proietto
Recently some testcases have been failing in travis because of a warning
related to the use of an L3 device (OpenVZ specific) inside the workers.
To get travis tests working again we can move to the newer container
infrastructure: this commit does that.
The disadvantag
Branch 2.4 travis builds have been failing for a while, due to infrastructure
changes at the travis ends. However, with constant build failures, it is
hard to tell if any newer patches pushed into branch-2.4 contain genuine
build breakers.
Back port the following patches to restore the build healt
On Thu, Mar 10, 2016 at 01:33:03AM +, Daniele Di Proietto wrote:
> Thanks for the patch!
>
> Were you able to hit this bug in your setup or did you just
> find this by code inspection?
Yes, it's a 100% reproducible bug if you have TSO enabled, which is a
feature has been merged for DPDK v2.3
Thanks for the patch!
Were you able to hit this bug in your setup or did you just
find this by code inspection?
I'm asking because I'm wondering whether we should backport
the fix.
In any case I've applied this to master and added your name
to the AUTHORS file, thanks!
On 07/03/2016 17:50, "dev
Thanks for the patch, I'll put this in the use case list for
my series if I need to resend it!
It would be nice to get the numa socket information without
linking OVS with libnuma, maybe using some DPDK api. From
a quick look I didn't find any way, but maybe you know a
better way.
Some preliminar
From: Pravin B Shelar
Device can have multiple IP address but netdev_get_in4/6()
returns only one configured IPv6 address. Following
patch fixes it.
OVS router is also updated to return source ip address for
given destination, This is required when interface has multiple
IP address configured.
S
Listen to RTNLGRP_IPV6_IFINFO to get IPv6 address change
notification.
Signed-off-by: Pravin B Shelar
---
lib/netdev-linux.c | 15 ---
lib/rtnetlink.c| 6 --
2 files changed, 16 insertions(+), 5 deletions(-)
diff --git a/lib/netdev-linux.c b/lib/netdev-linux.c
index d58c1b1
From: Pravin B Shelar
There is check to disable IPv6 tunneling. Following patch
removes it and reintroduces the tunneling automake tests.
This reverts commit 250bd94d1e500a89c76cac944e660bd9c07ac364.
Signed-off-by: Pravin B Shelar
---
lib/netdev-vport.c| 8 ---
ofproto/tunnel.c
I saw following error while testing this series.
---8<---
In file included from lib/smap.c:16:
./lib/smap.h:75:56: warning: declaration of 'struct in6_addr' will not be
visible outside of this function [-Wvisibility]
void smap_add_ipv6(struct smap *, const char *, struct in6_addr *);
Following patch fixes number of issues with compose nd, like
setting ip packet header, set ICMP opt-len, checksum.
Signed-off-by: Pravin B Shelar
---
lib/packets.c | 60 +--
1 file changed, 42 insertions(+), 18 deletions(-)
diff --git a/li
This just avoid unnecessary routes in the ovs-router.
Signed-off-by: Pravin B Shelar
---
lib/ovs-router.c | 6 ++
1 file changed, 6 insertions(+)
diff --git a/lib/ovs-router.c b/lib/ovs-router.c
index 9b64ffb..3b11512 100644
--- a/lib/ovs-router.c
+++ b/lib/ovs-router.c
@@ -130,6 +130,7 @@
On Wed, Mar 9, 2016 at 4:25 PM, Samuel Gauthier
wrote:
> Sorry, I missed that. Thank you for pointing it out.
>
> Although, set command is also used to reset the flow statistics, and the
> action attribute seems optional. Would you find acceptable to make the key
> attribute mandatory only if the
Sorry, I missed that. Thank you for pointing it out.
Although, set command is also used to reset the flow statistics, and the
action attribute seems optional. Would you find acceptable to make the key
attribute mandatory only if the action attribute is provided?
The ovs-dpctl command could then b
Hi Alin/Sorin,
The OvsDoRecircFlowLookupOutput function currently assumes that the
srcVport is always the Internal VPort. It also does not distinguish
between Receive vs Transmit in the OvsCreateAndAddPackets call.
Shouldn¹t the source VPORT point to the actual source VPORT instead of the
Interna
Sergei,
Just found this from my junk mail box, sorry. Will fix spelling, but I just
sent v9 and will wait for other reviews before re-posting.
Jarno
> On Mar 9, 2016, at 5:50 AM, Sergei Shtylyov
> wrote:
>
> Hello.
>
> On 3/9/2016 3:24 AM, Jarno Rajahalme wrote:
>
>> This makes the code
Repeat the nf_conntrack_in() call when it returns NF_REPEAT. This
avoids dropping a SYN packet re-opening an existing TCP connection.
Signed-off-by: Jarno Rajahalme
Acked-by: Joe Stringer
---
net/openvswitch/conntrack.c | 10 --
1 file changed, 8 insertions(+), 2 deletions(-)
diff --g
_CT_NEW_REPLY-definition/20160309-083126
> base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next master
> config: i386-randconfig-x0-03091344 (attached as .config)
> reproduce:
># save the attached .config to linux build tree
>make ARCH=i386
Extend OVS conntrack interface to cover NAT. New nested
OVS_CT_ATTR_NAT attribute may be used to include NAT with a CT action.
A bare OVS_CT_ATTR_NAT only mangles existing and expected connections.
If OVS_NAT_ATTR_SRC or OVS_NAT_ATTR_DST is included within the nested
attributes, new (non-committed
There is no need to help connections that are not confirmed, so we can
delay helping new connections to the time when they are confirmed.
This change is needed for NAT support, and having this as a separate
patch will make the following NAT patch a bit easier to review.
Signed-off-by: Jarno Rajaha
Remove the definition of IP_CT_NEW_REPLY from the kernel as it does
not make sense. This allows the definition of IP_CT_NUMBER to be
simplified as well.
Signed-off-by: Jarno Rajahalme
---
include/uapi/linux/netfilter/nf_conntrack_common.h | 12 +---
net/openvswitch/conntrack.c
Only a successful nf_conntrack_in() call can effect a connection state
change, so if suffices to update the key only after the
nf_conntrack_in() returns.
This change is needed for the later NAT patches.
Signed-off-by: Jarno Rajahalme
---
net/openvswitch/conntrack.c | 7 ---
1 file changed,
Add a new function ovs_ct_find_existing() to find an existing
conntrack entry for which this packet was already applied to. This is
only to be called when there is evidence that the packet was already
tracked and committed, but we lost the ct reference due to an
userspace upcall.
ovs_ct_find_exis
This makes the code easier to understand and the following patches
more focused.
Signed-off-by: Jarno Rajahalme
---
net/openvswitch/conntrack.c | 21 -
1 file changed, 20 insertions(+), 1 deletion(-)
diff --git a/net/openvswitch/conntrack.c b/net/openvswitch/conntrack.c
inde
NAT checksum recalculation code assumes existence of skb_dst, which
becomes a problem for a later patch in the series ("openvswitch:
Interface with NAT."). Simplify this by removing the check on
skb_dst, as the checksum will be dealt with later in the stack.
Suggested-by: Pravin Shelar
Signed-of
Apply some minor updates to the description of flows related to ACLs.
Signed-off-by: Russell Bryant
---
ovn/northd/ovn-northd.8.xml | 8 +---
ovn/ovn-sb.xml | 11 +--
2 files changed, 14 insertions(+), 5 deletions(-)
diff --git a/ovn/northd/ovn-northd.8.xml b/ovn/north
Prior to this commit, once a connection had been committed to the
connection tracker, the connection would continue to be allowed, even
if the policy defined in the ACL table changed. This patch changes
the implementation so that existing connections are affected by policy
changes.
The implementa
Update the "ct_commit;" logical flow action to optionally take a
parameter, setting the value of "ct_mark" to a 32-bit integer.
Supported ct_commit syntax now includes:
ct_commit;
ct_commit();
ct_commit(ct_mark=1);
Setting ct_mark via this type of logical flow results in an OpenFlow
f
Prior to this commit, once a connection had been committed to the
connection tracker, the connection would continue to be allowed, even
if the policy defined in the ACL table changed. This patch changes
the implementation so that existing connections are affected by policy
changes.
The implementa
"dev" wrote on 03/09/2016 03:12:07 PM:
> From: Russell Bryant
> To: ovs dev
> Date: 03/09/2016 03:12 PM
> Subject: [ovs-dev] [RFC] OVN northbound address sets
> Sent by: "dev"
>
> I'd like to propose a new feature for the OVN northbound database. If we
> reach some consensus, I will impleme
On Wed, Mar 9, 2016 at 9:05 AM, Samuel Gauthier
wrote:
> When we want to change a flow using netlink, we have to identify it to
> be able to perform a lookup. Both the flow key and unique flow ID
> (ufid) are valid identifiers, but we always have to specify the flow
> key in the netlink message. W
Hi,
Would you be interested in Finance Marketplace Lending + Investing user list or
many Industry List of marketing and sales data we provides.
And if you interested in other marketing industry let as know.
We maintain 1.7Million contacts of CRM users with permission passed email
I'd like to propose a new feature for the OVN northbound database. If we
reach some consensus, I will implement it.
Overview:
One use case for OVN ACLs includes matching on a set of IP addresses. A
simple example:
inport == "lport1" && ip.src == {10.0.0.1, 10.0.0.3, 10.0.7}
This is only 3
From: RYAN D. MOATS
Persist localvif_to_ofport and tunnels structures and change
physical_run to incremental processing.
Signed-off-by: RYAN D. MOATS
---
ovn/controller/lflow.c|3 +
ovn/controller/physical.c | 113 +++--
ovn/controller/physical.
From: RYAN D. MOATS
Persist all_lports structure and ensure that binding_run
resets to process the entire port binding table when chassis
are added/removed or when get_local_iface_ids finds new ports
on the local vswitch.
Signed-off-by: RYAN D. MOATS
---
ovn/controller/binding.c | 50 +++
From: RYAN D. MOATS
This is a prerequisite for incremental processing.
Side effects:
1. Table rows are now tracked so that removed rows are correctly
handled.
2. Hash by table id+priority+action added to help detect superseded
flows.
3. Hash by insert seqno added to help find deleted flow
From: RYAN D. MOATS
As lflow processing is incremental, reset it whenever a patch port
is added or removed.
Signed-off-by: RYAN D. MOATS
---
ovn/controller/patch.c |4 +++-
1 files changed, 3 insertions(+), 1 deletions(-)
diff --git a/ovn/controller/patch.c b/ovn/controller/patch.c
index
From: RYAN D. MOATS
Persist local_datapaths across runs so that a change can be used
as a trigger to reset incremental flow processing.
Signed-off-by: RYAN D. MOATS
---
ovn/controller/binding.c| 41 --
ovn/controller/ovn-controller.c | 15 +++
From: RYAN D. MOATS
Side effects include tunnel context being persisted and
no need to collect already defined OVS tunnels during each
execution.
Signed-off-by: RYAN D. MOATS
---
ovn/controller/encaps.c | 123 +--
1 files changed, 66 insertions(+),
From: RYAN D. MOATS
Persist across runs so that a change to this simap can be used
as a trigger for resetting incremental processing.
Signed-off-by: RYAN D. MOATS
---
ovn/controller/lflow.c | 125
1 files changed, 115 insertions(+), 10 deletion
From: RYAN D. MOATS
This code changes lflow_run to do incremental process of the
logical flow table rather than processing the full table each run.
Signed-off-by: RYAN D. MOATS
---
ovn/controller/binding.c|3 ++
ovn/controller/lflow.c | 53 +++
From: RYAN D. MOATS
Modify test 1739 to output the OF flows from all three
hypervisors to help debug when something goes wrong.
Signed-off-by: RYAN D. MOATS
---
tests/ovn.at | 14 ++
1 files changed, 14 insertions(+), 0 deletions(-)
diff --git a/tests/ovn.at b/tests/ovn.at
index
From: RYAN D. MOATS
Change ovn-controller to use incremental processing in
encaps_run, binding_run, lflow_run and physical_run where
easily feasible (patch_run and the mutlicast group processing
in physical_run remain as complete rebuilds every cycle).
This patch includes all v7 comments.
Scale
From: RYAN D. MOATS
Currently changes are added to the front of the track list, so
they are looped through in LIFO order. Incremental processing
is more efficient with a FIFO presentation, so
(1) add new changes to the back of the track list, and
(2) move updated changes to the back of the track
Previous commits have converted dpdk EAL initialization from
requiring a ``--dpdk ... --`` command line arguments to using the Open
vSwitch database. This change announces that as significant NEWS.
Signed-off-by: Aaron Conole
Signed-off-by: Kevin Traynor
Tested-by: Sean K Mooney
Tested-by: Robe
A previous change moved some commonly used arguments from commandline to
the database, and with it the ability to pass arbitrary arguments to
EAL. This change allows arbitrary eal arguments to be provided
via a new db entry 'other_config:dpdk-extra' which will tokenize the
string and add it to the
A previous patch introduced the ability to pass arbitrary EAL command
line options via the dpdk_extras database entry. This commit enhances
that by warning the user when such a configuration is detected and
prefering the value in the database.
Suggested-by: Sean K Mooney
Signed-off-by: Aaron Cono
Currently, configuration of DPDK parameters is done via the command line
through a --dpdk **OPTIONS** -- command line argument. This has a number of
challenges, including:
* It must be the first option passed to ovs-vswitchd
* It is the only datapath feature in OVS to be configured on the command l
When the DPDK init function is called, it changes the executing thread's
CPU affinity to a single core specified in -c. This will result in the
userspace bridge configuration thread being rebound, even if that is not
the intent.
This change fixes that behavior by rebinding to the original thread
a
The user has control over the DPDK internal lcore coremask, but this
parameter can be autofilled with a bit more intelligence. If the user
does not fill this parameter in, we use the lowest set bit in the
current task CPU affinity. Otherwise, we will reassign the current
thread to the specified lco
Existing DPDK integration is provided by use of command line options which
must be split out and passed to librte in a special manner. However, this
forces any configuration to be passed by way of a special DPDK flag, and
interferes with ovs+dpdk packaging solutions.
This commit delays dpdk initia
When we want to change a flow using netlink, we have to identify it to
be able to perform a lookup. Both the flow key and unique flow ID
(ufid) are valid identifiers, but we always have to specify the flow
key in the netlink message. When both attributes are there, the ufid
is used.
This commit al
On Tue, Mar 8, 2016 at 9:24 PM, Ajmer Singh wrote:
> I have now question related to mapping of ofp_header->type (OFPT_) with
> OFPRAW_contants
>
> struct ofp_header {
> uint8_t version;/* An OpenFlow version number, e.g. OFP10_VERSION.
> */
> uint8_t type; /* One of the OFPT_ con
Signed-Off-by: Numan Siddique
---
ofproto/ofproto-dpif-xlate.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/ofproto/ofproto-dpif-xlate.c b/ofproto/ofproto-dpif-xlate.c
index cd6eeab..e4692b3 100644
--- a/ofproto/ofproto-dpif-xlate.c
+++ b/ofproto/ofproto-dpif-xlate.c
@@ -3658,6 +3658,7 @@
The patch mentioned in the commit e73b7508fb58 ("INSTALL.DPDK: Mention
issue with QEMU v2.4.0 & dpdkvhostuser") is present in DPDK v2.2.0,
then this issue is not valid anymore.
Signed-off-by: Mauricio Vasquez B
---
INSTALL.DPDK.md | 12
1 file changed, 12 deletions(-)
diff --git a/
Hello.
On 3/9/2016 3:24 AM, Jarno Rajahalme wrote:
This makes the code easier to understand and the following patches
more focused.
Signed-off-by: Jarno Rajahalme
---
net/openvswitch/conntrack.c | 21 -
1 file changed, 20 insertions(+), 1 deletion(-)
diff --git a/net/o
On 12/22/2015 01:31 PM, Ben Pfaff wrote:
> Hi Babu and Numan.
>
> So far, we've been able to build OVN so that the logic of the system is
> implemented in terms of OVN logical flows. That is, the logical flow
> table determines what happens in every significant way in OVN. It would
> be nice to p
Dear dev,
Please find attached 2 invoices for processing.
Yours sincerely,
Sofia Cruz
Account Manager
__
This email has been scanned by the Symantec Email Security.cloud service.
___
Dear dev,
Please find attached 2 invoices for processing.
Yours sincerely,
Frances Lancaster
Financial Manager
__
This email has been scanned by the Symantec Email Security.cloud service.
__
On 09.03.2016 12:13, Wang, Zhihong wrote:
>
>
>> -Original Message-
>> From: Ilya Maximets [mailto:i.maxim...@samsung.com]
>> Sent: Wednesday, March 9, 2016 3:39 PM
>> To: Wang, Zhihong ; dev@openvswitch.org
>> Cc: Flavio Leitner ; Traynor, Kevin
>> ;
>> Dyasly Sergey
>> Subject: Re: vh
> -Original Message-
> From: Ilya Maximets [mailto:i.maxim...@samsung.com]
> Sent: Wednesday, March 9, 2016 3:39 PM
> To: Wang, Zhihong ; dev@openvswitch.org
> Cc: Flavio Leitner ; Traynor, Kevin
> ;
> Dyasly Sergey
> Subject: Re: vhost-user invalid txqid cause discard of packets
>
> O
By the way, I'm still starting vswitchd with valgrind and detected some
memory errors after using "sudo ovs-appctl exit". Is there other way to
exit/stop ovs?
To run I used: valgrind --tool=memcheck --leak-check=full ovs-vswitchd
--pidfile --detach -v --log-file
==2344== HEAP SUMMARY:
==2344==
Hi Jarno,
[auto build test ERROR on nf-next/master]
url:
https://github.com/0day-ci/linux/commits/Jarno-Rajahalme/netfilter-Remove-IP_CT_NEW_REPLY-definition/20160309-083126
base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next master
config: i386-randconfig-x0-03091344
73 matches
Mail list logo