[ovs-dev] [PATCH] netlink: make Netlink socket receive buffer 4x larger

to calculate buffer size required, but it would be more sophisticated solution than simply increasing buffer size. Signed-off-by: Ansis Atteka VMware-BZ: #2724821 --- lib/netlink-socket.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/netlink-socket.c b/lib/netlink-socket.c

[ovs-dev] [PATCH] debian: Add python3-sphinx to ovs build dependencies

onvert multiple manpages to ReST.") CC: Ben Pfaff Signed-off-by: Ansis Atteka Reported-by: Artem Teleshev --- debian/control | 1 + 1 file changed, 1 insertion(+) diff --git a/debian/control b/debian/control index e47767d75..0646b22a1 100644 --- a/debian/control +++ b/debian/control @@

[ovs-dev] [PATCH] debian: Fix broken build after some man pages became generated from RST

debian *.manpages files to point to the generted files. Fixes: 39b5e46312 ("Documentation: Convert multiple manpages to ReST.") CC: Ben Pfaff Signed-off-by: Ansis Atteka --- debian/openvswitch-common.manpages | 6 +++--- debian/openvswitch-switch.manpages | 6 +++--- debian/openvswitch

Re: [ovs-dev] [PATCH 2/2] fedora: Handle upgrades from rhel package.

t create %{_tmppath}/ovs-upgrade-from-sysv. So we will > not restart openvswitch. I hope we are on the same page. > You are right. The %pre of the new package creates this file in tmp. For strange reasons I overlooked something and incorrectly assum

Re: [ovs-dev] [PATCH 2/2] fedora: Handle upgrades from rhel package.

On Fri, 3 May 2019 at 11:19, Gurucharan Shetty wrote: > > Currently we have rhel/openvswitch.spec.in that provides > sysv scripts. The fedora package provides systemd scripts. > If one upgrades openvswitch package from sysv to systemd, > you will end up in a situation where old OVS daemons are >

Re: [ovs-dev] [PATCH 2/2] fedora: Handle upgrades from rhel package.

On Fri, 3 May 2019 at 11:19, Gurucharan Shetty wrote: > > Currently we have rhel/openvswitch.spec.in that provides > sysv scripts. The fedora package provides systemd scripts. > If one upgrades openvswitch package from sysv to systemd, > you will end up in a situation where old OVS daemons are >

Re: [ovs-dev] [PATCH 1/2] fedora: Ability to auto enable openvswitch service.

d not changed the default behavior, then this patch should not affect the packages distributed by Fedora. So: Acked-by: Ansis Atteka > --- > rhel/openvswitch-fedora.spec.in | 9 + > 1 file changed, 9 insertions(+) > > diff --git a/rhel/openvswitch-fedora.spec.in b/rhel/openvswit

Re: [ovs-dev] [PATCH] selinux: update for netlink socket types

On Thu, 18 Apr 2019 at 14:00, Aaron Conole wrote: > > Ansis Atteka writes: > > > On Wed, 17 Apr 2019 at 13:07, Aaron Conole wrote: > >> > >> These are used for interfacing with conntrack, as well as by some > >> DPDK PMDs > > > > Did you ge

Re: [ovs-dev] [PATCH] selinux: update for netlink socket types

On Wed, 17 Apr 2019 at 13:07, Aaron Conole wrote: > > These are used for interfacing with conntrack, as well as by some > DPDK PMDs Did you get these with audit2allow? If so, then looks good to me. > > Signed-off-by: Aaron Conole > --- > selinux/openvswitch-custom.te.in | 8 > 1 file

Re: [ovs-dev] [PATCH] rhel: Include all header files in the Fedora's devel package

On Wed, 17 Apr 2019 at 08:49, Aaron Conole wrote: > > Ben Pfaff writes: > > > On Mon, Apr 01, 2019 at 09:26:31AM -0700, Ansis Atteka wrote: > >> From: Ansis Atteka > >> > >> While the header files added by this patch into Fedora's devel > >&g

Re: [ovs-dev] [PATCHv2] rhel: if rpms were built without libcapng then let processrs to run as root

On Tue, 16 Apr 2019 at 12:36, Ben Pfaff wrote: > > On Tue, Apr 16, 2019 at 12:27:59PM -0700, Ansis Atteka wrote: > > Otherwise, Open vSwitch will fail to start with the following > > error "libcap-ng is not configured at compile time" when it > > attempts

Re: [ovs-dev] [PATCH] rhel: if rpms were built without libcapng then let processrs to run as root

On Tue, 16 Apr 2019 at 12:36, Ansis Atteka wrote: > > On Tue, 16 Apr 2019 at 10:46, Aaron Conole wrote: > > > > Ansis Atteka writes: > > > > > Otherwise, Open vSwitch will fail to start with the following > > > error "libcap-ng is not con

Re: [ovs-dev] [PATCH] rhel: if rpms were built without libcapng then let processrs to run as root

On Tue, 16 Apr 2019 at 10:46, Aaron Conole wrote: > > Ansis Atteka writes: > > > Otherwise, Open vSwitch will fail to start with the following > > error "libcap-ng is not configured at compile time" when it > > attempts to downgrade to Open vSwitch user.

[ovs-dev] [PATCHv2] rhel: if rpms were built without libcapng then let processrs to run as root

n creating "openvswitch" user in the first place. Signed-off-by: Ansis Atteka --- rhel/openvswitch-fedora.spec.in | 8 1 file changed, 8 insertions(+) diff --git a/rhel/openvswitch-fedora.spec.in b/rhel/openvswitch-fedora.spec.in index c1cd3f4c6..ce728b4f0 100644 --

[ovs-dev] [PATCH] rhel: if rpms were built without libcapng then let processrs to run as root

n creating "openvswitch" user in the first place. Signed-off-by: Ansis Atteka --- poc/playbook-fedora-builder.yml | 6 +++--- rhel/openvswitch-fedora.spec.in | 8 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/poc/playbook-fedora-builder.yml b/poc/playbook-fedo

[ovs-dev] [PATCH] rhel: Include all header files in the Fedora's devel package

From: Ansis Atteka While the header files added by this patch into Fedora's devel rpm package can be considered private, the other devel packages for RHEL/CentOS and Debian/Ubuntu distros include them. So this patch simply makes the Fedora devel package consistent with the other devel packages

[ovs-dev] [RFC] Introduce "OpenFlow Controller as Shared Library"

From: Ansis Atteka Currently ovs-vswitchd process can communicate with an OpenFlow controller only through tcp, unix and ssl sockets. This patch would allow ovs-vswitchd process to communicate with an OpenFlow controller by directly calling into its code that provides interface similar

Re: [ovs-dev] [PATCH v5 2/6] ipsec: reintroduce IPsec support for tunneling

On Sun, 19 Aug 2018 at 20:31, Qiuyu Xiao wrote: > > On Mon, Aug 13, 2018 at 2:33 AM, Ansis Atteka wrote: > > On Tue, 7 Aug 2018 at 09:43, Qiuyu Xiao wrote: > >> > >> This patch reintroduces ovs-monitor-ipsec daemon that > >> was previously removed by co

Re: [ovs-dev] [PATCH v5 6/6] Documentation: OVN RBAC and IPsec tutorial

On Tue, 7 Aug 2018 at 09:46, Qiuyu Xiao wrote: > > This patch adds step-by-step guide for configuring OVN Role-Based Access > Control and IPsec. > > Signed-off-by: Qiuyu Xiao > --- > Documentation/automake.mk | 2 + > Documentation/index.rst | 4 +- >

Re: [ovs-dev] [PATCH v5 2/6] ipsec: reintroduce IPsec support for tunneling

ed. User can choose pre-shared key, > self-signed peer certificate, or CA-signed certificate as authentication > method. s/mehod/methods > > Signed-off-by: Qiuyu Xiao > Signed-off-by: Ansis Atteka > Co-authored-by: Ansis Atteka > --- I have two high level comments

Re: [ovs-dev] [PATCH v5 3/6] debian and rhel: Create IPsec package.

On Tue, 7 Aug 2018 at 09:43, Qiuyu Xiao wrote: > > Added rules and files to create debian and rpm ovs-ipsec packages. > > Signed-off-by: Qiuyu Xiao > Signed-off-by: Ansis Atteka > Co-authored-by: Ansis Atteka Did you test this patch on Fedora with SElinux enabled? ovs-mo

Re: [ovs-dev] [PATCH] selinux: changes to support newer hugetlbfs restrictions

Signed-off-by: Aaron Conole Thanks for the patch and sorry for the late reply: Acked-by: Ansis Atteka Pushed to master. Do you want this to be in other branches? > --- > NOTE: I seem to have lost the system with the logs that were used to > generate this policy. If needed, I can

Re: [ovs-dev] [PATCH 2/3] ipsec: add CA-cert based authentication

On Wed, 27 Jun 2018 at 10:59, Qiuyu Xiao wrote: > > This patch adds CA-cert based authentication to the ovs-monitor-ipsec > daemon. With CA-cert based authentication enabled, OVS approves IPsec > tunnel if the peer has a cert signed by a trusted CA and the identity of > the peer cert is as

Re: [ovs-dev] encrypting only some traffic (was: OVN: Encrypt tunnel traffic with IPsec)

On Mon, 25 Jun 2018 at 15:06, Qiuyu Xiao wrote: > > Thanks for your comments! > > > For #1 and #2 you would not need skb mark at all. Are you considering these > > two approaches as well? > > My current proposal will implement #1. #2 is also a nice feature to have! To > enable #2, the northbound

Re: [ovs-dev] encrypting only some traffic (was: OVN: Encrypt tunnel traffic with IPsec)

On Fri, 22 Jun 2018 at 15:57, Ben Pfaff wrote: > > On Thu, Jun 21, 2018 at 03:44:58PM -0700, Qiuyu Xiao wrote: > ... > > Discussion > > --- > > The current proposal only allows CMS to choose either encrypting all > > tunnel traffic or not. A more flexible design allows CMS to define >

Re: [ovs-dev] [PATCH v3 3/6] selinux: allow openvswitch_t net_broadcast and net_raw

ype=AVC msg=audit(1527876508.109:3043): avc: denied { > net_raw } for pid=5368 comm="ovs-vswitchd" capability=11 > scontext=system_u:system_r:openvswitch_t:s0 > tcontext=system_u:system_r:openvswitch_t:s0 tclass=capability permissive=0 > > Signed-off-by: Aaron Conole Ac

Re: [ovs-dev] [PATCH v3 2/6] selinux: create a transition type for module loading

tioning through the 'openvswitch_load_module_exec_t' > transition context. > > A future commit will instruct the selinux policy on how to label the > appropriate script with extended attributes to make use of this new domain. > > Acked-By: Timothy Redaelli > Signed-off-by:

Re: [ovs-dev] [PATCH v3 1/6] ovs-kmod-ctl: introduce a kernel module load script

ll allow module loading to be given to a separate selinux domain from > > the openvswitch_t domain. > > > > Acked-By: Timothy Redaelli > > Signed-off-by: Aaron Conole Acked-by: Ansis Atteka > > --- > > debian/openvswitch-switch.install | 1 + > > d

Re: [ovs-dev] [PATCH v3 1/6] ovs-kmod-ctl: introduce a kernel module load script

On Wed, Jun 6, 2018, 7:31 AM Aaron Conole wrote: > Aaron Conole writes: > > > Currently, Open vSwitch on linux embeds the logic of loading and > unloading > > kernel modules into the ovs-ctl and ovs-lib script files. This works, > but > > it means that there is no way to leverage extended

Re: [ovs-dev] [PATCH] rhel: remove ovs-sim man page from temporary directory (also for RHEL)

On Tue, 5 Jun 2018 at 20:32, Ben Pfaff wrote: > > On Tue, Jun 05, 2018 at 07:48:26PM -0700, Ansis Atteka wrote: > > Fix following compilation error when building rpm packages > > with rhel/openvswitch.spec file. > > > > error: Installed (but unpackaged) file(s) fou

[ovs-dev] [PATCH] rhel: remove ovs-sim man page from temporary directory (also for RHEL)

Fix following compilation error when building rpm packages with rhel/openvswitch.spec file. error: Installed (but unpackaged) file(s) found: /usr/share/man/man1/ovs-sim.1.gz Signed-off-by: Ansis Atteka --- rhel/openvswitch.spec.in | 1 + 1 file changed, 1 insertion(+) diff --git a/rhel

Re: [ovs-dev] [PATCH v2 5/5] rhel: selinux-policy to invoke proper label macros

> This commit switches to use the selinux rpm macros which will ensure that > all of the labels defined in the .fc.in file are applied properly. > Acked-By: Timothy Redaelli <tredae...@redhat.com> > Signed-off-by: Aaron Conole <acon...@redhat.com> Awesome work, Aaron. Thanks!

Re: [ovs-dev] [PATCH v2 4/5] selinux: introduce domain transitioned kmod helper

ec_t type. > Note that unless the selinux relabel operation is invoked, the script > will not be labelled. This merely instructs the selinux tools that > ovs-kmod-ctl should have a label applied. > Acked-By: Timothy Redaelli <tredae...@redhat.com> > Signed-off-by: Aaron Cono

Re: [ovs-dev] [PATCH v2 3/5] selinux: tag the custom policy version

On Fri, 4 May 2018 at 11:28, Aaron Conole <acon...@redhat.com> wrote: > Since the policy is an intermediate file, it can inherit the policy > module version from release version. > Suggested-by: Ansis Atteka <aatt...@ovn.org> > Signed-off-by: Aaron Conole <acon...@r

Re: [ovs-dev] [PATCH v2 2/5] selinux: create a transition type for module loading

On Fri, 4 May 2018 at 11:28, Aaron Conole wrote: > Defines a type 'openvswitch_load_module_t' used exclusively for loading > modules. This means that the 'openvswitch_t' domain won't require > access to the module loading facility - such access can only happen > after

Re: [ovs-dev] [PATCH v2 1/5] ovs-kmod-ctl: introduce a kernel module load script

On Fri, 11 May 2018 at 07:21, Aaron Conole <acon...@redhat.com> wrote: > Thanks for the review, Ansis! > Ansis Atteka <ansisatt...@gmail.com> writes: > > On Fri, 4 May 2018 at 11:28, Aaron Conole <acon...@redhat.com> wrote: > > > >> Currently, Open

Re: [ovs-dev] [PATCH v2 1/5] ovs-kmod-ctl: introduce a kernel module load script

On Fri, 4 May 2018 at 11:28, Aaron Conole wrote: > Currently, Open vSwitch on linux embeds the logic of loading and unloading > kernel modules into the ovs-ctl and ovs-lib script files. This works, but > it means that there is no way to leverage extended filesystem

Re: [ovs-dev] [PATCH] rhel: openvswitch-fedora.spec.in: Specify PYTHON and PYTHON3

uilt, the full path of python3 > interpreter. > Reported-by: Ansis Atteka <ansisatt...@gmail.com> > Reported-at: https://mail.openvswitch.org/pipermail/ovs-dev/2018-May/346796.html > Signed-off-by: Timothy Redaelli <tredae...@redhat.com> Thanks for the fix. Will push to m

Re: [ovs-dev] [PATCH v2 0/5] selinux: introduce a transition domain for loading kmods

On Fri, 4 May 2018 at 11:28, Aaron Conole wrote: > On linux systems, the initial start of openvswitch attempts to load > the openvswitch.ko kernel module. This module allows openvswitch to > utilize the kernel datapath. > Some of these linux systems, notably Fedora and

Re: [ovs-dev] [PATCH] Makefile.am: Distribute poc/playbook-fedora-builder.yml.

I also sent out a patch for this: Acked-by: Ansis Atteka <aatt...@ovn.org> On 25 April 2018 at 12:48, Ben Pfaff <b...@ovn.org> wrote: > This fixes a broken build. > > CC: Ansis Atteka <aatt...@ovn.org> > Fixes: 3a2ceb01c81b ("poc: Automate building of Fedora

[ovs-dev] [PATCH] poc: fix debian package build breakage

This commit fixes following error introduced by 3a2ceb01 (poc: Automate building of Fedora rpm packages): The following files are in git but not the distribution: poc/playbook-fedora-builder.yml Signed-off-by: Ansis Atteka <aatt...@ovn.org> --- Makefile.am | 1 + 1 file changed, 1 ins

Re: [ovs-dev] [PATCHv2] poc: Automate building of Fedora rpm packages

On 25 April 2018 at 06:49, Aaron Conole <acon...@redhat.com> wrote: > Ansis Atteka <aatt...@ovn.org> writes: > >> This patch automates building of Fedora rpm packages (Just >> like we are already doing this for for CentOS and Ubuntu). >> >> Si

Re: [ovs-dev] [PATCH] poc: update the documentation

On 24 April 2018 at 13:10, Aaron Conole <acon...@redhat.com> wrote: > Misc. fixes to the Proof of Concepts section to help render the > information a bit nicer. > > Signed-off-by: Aaron Conole <acon...@redhat.com> Acked-by: Ansis Atteka <aatt...@ovn.org> Thanks!

[ovs-dev] [PATCHv2] poc: Automate building of Fedora rpm packages

This patch automates building of Fedora rpm packages (Just like we are already doing this for for CentOS and Ubuntu). Signed-off-by: Ansis Atteka <aatt...@ovn.org> --- poc/builders/Vagrantfile| 12 poc/playbook-fedora-builder.yml | 128 +

Re: [ovs-dev] [PATCH] poc: Automate building of Fedora rpm packages

On 24 April 2018 at 13:10, Aaron Conole <acon...@redhat.com> wrote: > Ansis Atteka <aatt...@ovn.org> writes: > >> This patch automates building of Fedora rpm packages (Just >> like we are already doing this for for CentOS and Ubuntu). >> >> Si

[ovs-dev] [PATCH] poc: Automate building of Fedora rpm packages

This patch automates building of Fedora rpm packages (Just like we are already doing this for for CentOS and Ubuntu). Signed-off-by: Ansis Atteka <aatt...@ovn.org> --- poc/builders/Vagrantfile| 12 + poc/playbook-fedora-builder.yml | 117 +

Re: [ovs-dev] [PATCH 1/4] ovs-kmod-ctl: introduce a kernel module load script

On 26 March 2018 at 19:58, Joe Stringer <j...@ovn.org> wrote: > On 26 March 2018 at 14:32, Aaron Conole <acon...@redhat.com> wrote: >> Thanks for the review, Ansis! >> >> Ansis Atteka <ansisatt...@gmail.com> writes: >> >>> On 20 March

Re: [ovs-dev] [PATCH 4/4] rhel: selinux-policy to invoke proper label macros

On 20 March 2018 at 14:05, Aaron Conole wrote: > The rpm doesn't invoke all of the required selinux helpers to enact labeling > or relabeling on all versions of Fedora/RHEL. According to: > https://fedoraproject.org/wiki/SELinux/IndependentPolicy > > This commit switches to

Re: [ovs-dev] [PATCH 3/4] selinux: introduce domain transitioned kmod helper

On 20 March 2018 at 14:05, Aaron Conole wrote: > This commit uses the previously defined selinux label to transition > from the openvswitch_t to openvswitch_load_module_t domain, by way of > a specially labelled ovs-kmod-ctl helper. s/by way of a specially labelled

Re: [ovs-dev] [PATCH 2/4] selinux: create a transition type for module loading

On 20 March 2018 at 14:05, Aaron Conole wrote: > Defines a type 'openvswitch_load_module_t' used exclusively for loading > modules. This means that the 'openvswitch_t' domain won't require > modules Are you sure the bootstrapping to intended openvswitch_load_module_t happens

Re: [ovs-dev] [PATCH 1/4] ovs-kmod-ctl: introduce a kernel module load script

On 20 March 2018 at 14:05, Aaron Conole wrote: > Currently, Open vSwitch on linux embeds the logic of loading and unloading > kernel modules into the ovs-ctl and ovs-lib script files. This works, but > it means that there is no way to leverage extended filesystem attributes >

Re: [ovs-dev] [PATCH 0/4] selinux: introduce a transition domain for loading kmods

On 20 March 2018 at 14:05, Aaron Conole wrote: > On linux systems, the initial start of openvswitch attempts to load > the openvswitch.ko kernel module. This module allows openvswitch to > utilize the kernel datapath. > > Some of these linux systems, notably Fedora and RHEL,

Re: [ovs-dev] [PATCH] selinux: include the svirt_t type

ype svirt_t' at token ';' on > line 1060: > > Reported-by: Guoshuai Li <l...@dtdream.com> > Signed-off-by: Aaron Conole <acon...@redhat.com> Acked-by: Ansis Atteka <aatt...@ovn.org> Thanks, pushed to the master branch. > --- > NOTE: Apologies. I was working on a dom

Re: [ovs-dev] [PATCH] selinux: add a new target to build the policy

; Signed-off-by: Aaron Conole <acon...@redhat.com> Acked-By: Ansis Atteka <aatt...@ovn.org> Thanks for the patch. Will push to master, > --- > rhel/openvswitch-fedora.spec.in | 4 +--- > rhel/openvswitch.spec.in| 4 +--- > selinux/automake.mk |

Re: [ovs-dev] [PATCH] selinux: allow dpdkvhostuserclient sockets with newer libvirt

d" path="/tmp/vhost0" > scontext=system_u:system_r:openvswitch_t:s0 > tcontext=system_u:system_r:svirt_t:s0:c106,c530 > tclass=unix_stream_socket > > Signed-off-by: Aaron Conole <acon...@redhat.com> Acked-By: Ansis Atteka <aatt...@ovn.org> Thanks

Re: [ovs-dev] [PATCHv2] poc: Introduce Proof of Concepts (Package building)

On 12 February 2018 at 10:41, Gregory Rose <gvrose8...@gmail.com> wrote: > On 2/4/2018 6:48 PM, Ansis Atteka wrote: >> >> From: Ansis Atteka <ansisatt...@gmail.com> >> >> This patch sets up foundations for Proof of Concepts that >> simply materi

Re: [ovs-dev] [PATCH] poc: Introduce Proof of Concepts (Package building)

On 26 January 2018 at 09:13, Gregory Rose <gvrose8...@gmail.com> wrote: > On 1/19/2018 7:55 PM, Ansis Atteka wrote: >> >> From: Ansis Atteka <ansisatt...@gmail.com> >> >> This patch sets up foundations for Proof of Concepts that >> simply materi

Re: [ovs-dev] [PATCH] rhel: Ensure proper OVS kernel modules load - rhel6

el: Ensure proper OVS kernel modules...") > CC: Ansis Atteka <ansisatt...@gmail.com> > CC: Flavio Leitner <f...@sysclose.org> > Signed-off-by: Greg Rose <gvrose8...@gmail.com> > --- Acked-by: Ansis Atteka <aatt...@ovn.org> _

Re: [ovs-dev] [PATCH 1/2] rhel: add missing mandatory build dependencies

On 16 January 2018 at 15:55, Ansis Atteka <aatt...@ovn.org> wrote: > From: Ansis Atteka <ansisatt...@gmail.com> > > autoconf, automake and libtool are required for ./boot.sh. > > python-sphinx is required to prevent an error where ovs-test.8 is > otherwise not gener

Re: [ovs-dev] [PATCH 2/2] rhel: Add the new ovsdb manpages to %files list (also for RHEL)

On 16 January 2018 at 16:49, Gregory Rose <gvrose8...@gmail.com> wrote: > On 1/16/2018 3:55 PM, Ansis Atteka wrote: >> >> From: Ansis Atteka <ansisatt...@gmail.com> >> >> Currently, "rpmbuild -bb rhel/openvswitch.spec" doesn't work correctly

[ovs-dev] [PATCH 2/2] rhel: Add the new ovsdb manpages to %files list (also for RHEL)

From: Ansis Atteka <ansisatt...@gmail.com> Currently, "rpmbuild -bb rhel/openvswitch.spec" doesn't work correctly since the new ovsdb manpages (ovsdb.5, ovsdb.7 and ovsdb-server.7) were added. This patch adds the new ovsdb manpages in the %files list in the spec file.

[ovs-dev] [PATCH 1/2] rhel: add missing mandatory build dependencies

From: Ansis Atteka <ansisatt...@gmail.com> autoconf, automake and libtool are required for ./boot.sh. python-sphinx is required to prevent an error where ovs-test.8 is otherwise not generated. Signed-off-by: Ansis Atteka <aatt...@ovn.org> --- rhel/openvswitch.spec.in | 2 ++ 1 fil

Re: [ovs-dev] [PATCH V2] rhel: Ensure proper OVS kernel modules load after upgrade

On 16 January 2018 at 15:33, Gregory Rose wrote: > On 1/16/2018 2:38 PM, Guru Shetty wrote: >> >> >> >> On 16 January 2018 at 08:44, Greg Rose > > wrote: >> >> Add post install and post un-install scripts to make sure

Re: [ovs-dev] [PATCH V2] rhel: Ensure proper OVS kernel modules load after upgrade

files are currently broken due to another issue, this patch looks sane to me. Hence: Acked-by: Ansis Atteka <aatt...@ovn.org> I will test it once I will get past other issues that prevent me from building rpms on master branch. > > --- > V2 - Modify the correct kmod spe

Re: [ovs-dev] [PATCH 1/2] rhel: Add depmod file for openvswitch moduule search

On 11 January 2018 at 16:13, Greg Rose wrote: > From: Greg Rose > You have a typo in title: s/moduule/module Otherwise, looks good, but I would prefer that someone else takes a look too. > There are occasions when an openvswitch kernel module rpm which

Re: [ovs-dev] [PATCH 2/2] rhel: Add post installation check for kernel modules

On 11 January 2018 at 16:13, Greg Rose wrote: > From: Greg Rose > > A bug in RHEL 7.2 has been found in which a customer who installed > a RHEL 7.2 openvswitch kernel module rpm with a slightly different > minor build number than the rnning kernel found

Re: [ovs-dev] [PATCH v3 0/3] updated selinux policy for Open vSwitch

On 1 September 2017 at 10:20, Aaron Conole <acon...@redhat.com> wrote: > Ansis Atteka <ansisatt...@gmail.com> writes: > >> On 31 August 2017 at 16:22, Aaron Conole <acon...@redhat.com> wrote: >>> This series brings about a policy update to openvswitch al

Re: [ovs-dev] [PATCH 3/3] centos: fix selinux intermediate file

.te file, and then create the > final policy files. > > Fixes: 7bc1aae71e89 ("rhel: make the selinux policy intermediate") > Reported-by: Ansis Atteka <aatt...@ovn.org> > Signed-off-by: Aaron Conole <acon...@redhat.com> Acked-by: Ansis Atteka <aatt...@ovn.org>

Re: [ovs-dev] [PATCH 2/3] selinux.rst: point to the correct file

ae71e89 ("rhel: make the selinux policy intermediate") > Reported-by: Ansis Atteka <aatt...@ovn.org> > Signed-off-by: Aaron Conole <acon...@redhat.com> Acked-by: Ansis Atteka <aatt...@ovn.org> ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH 1/3] selinux: move chr_file to non-dpdk as well

hich should allow non-dpdk enabled builds to work. > > Fixes: 84d272330506 ("selinux: update policy to reflect non-root and dpdk > support") > Signed-off-by: Aaron Conole <acon...@redhat.com> Acked-by: Ansis Atteka <aatt...@ovn.org> __

Re: [ovs-dev] [PATCH v3 0/3] updated selinux policy for Open vSwitch

On 31 August 2017 at 16:22, Aaron Conole wrote: > This series brings about a policy update to openvswitch allowing it to > run on a RHEL / Fedora system, even as a non-root user, with selinux set > to Enforcing. > > The first two patches make some changes to the way the

Re: [ovs-dev] [PATCH v3 1/3] rhel: make the selinux policy intermediate

> > Signed-off-by: Aaron Conole <acon...@redhat.com> > Tested-by: Jean Hsiao <jhs...@redhat.com> Acked-by: Ansis Atteka <aatt...@ovn.org> ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH v3 2/3] makefile: hook up dpdkstrip preprocessor

..@sysclose.org> > Signed-off-by: Aaron Conole <acon...@redhat.com> > Tested-by: Jean Hsiao <jhs...@redhat.com> Acked-by: Ansis Atteka <aatt...@ovn.org> ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH v3 3/3] selinux: update policy to reflect non-root and dpdk support

itch to operate > with selinux set to Enforcing mode, even while running as a non-root user. > > Acked-by: Flavio Leitner <f...@sysclose.org> > Signed-off-by: Aaron Conole <acon...@redhat.com> > Tested-by: Jean Hsiao <jhs...@redhat

Re: [ovs-dev] [PATCH v2 3/3] selinux: update policy to reflect non-root and dpdk support

On 31 August 2017 at 14:57, Aaron Conole <acon...@redhat.com> wrote: > Ansis Atteka <ansisatt...@gmail.com> writes: > >> On 31 August 2017 at 11:58, Aaron Conole <acon...@redhat.com> wrote: >>> Hi Ansis, >>> >>> Thanks for the re

Re: [ovs-dev] [PATCH v2 3/3] selinux: update policy to reflect non-root and dpdk support

On 31 August 2017 at 11:58, Aaron Conole <acon...@redhat.com> wrote: > Hi Ansis, > > Thanks for the review! > > Ansis Atteka <ansisatt...@gmail.com> writes: > >> On 30 August 2017 at 07:00, Aaron Conole <acon...@redhat.com> wrote: >>> T

Re: [ovs-dev] [RFC PATCH v1 2/3] Docs: Add userspace-ipsec how to guide.

On 18 May 2017 at 02:15, Ian Stokes wrote: > This commit adds a how to guide for using the proposed IPsec userspace > interface. It is not intended to be upstreamed but simply seeks to > solicit feed back by providing an example of the proposed IPsec interface > design setup

Re: [ovs-dev] [RFC PATCH v1 1/3] vswitch.xml: Detail ipsec user interface.

On 18 May 2017 at 02:15, Ian Stokes wrote: > This commit adds details to the vswitch xml regarding the use of the > ipsec interface type. This patch is not intended for upstreaming and > simply seeks to solicit feedback on the user interface design of the > ipsec port type

Re: [ovs-dev] [PATCH] selinux: Allow creating tap devices.

On 26 January 2017 at 04:03, Daniele Di Proietto <diproiet...@vmware.com> wrote: > > > > > > On 25/01/2017 00:01, "Ansis Atteka" <ansisatt...@gmail.com> wrote: > > > > > > >On Jan 25, 2017 4:22 AM, "Daniele Di Proietto"

Re: [ovs-dev] [PATCH] selinux: Allow creating tap devices.

On 26 January 2017 at 21:24, Aaron Conole <acon...@redhat.com> wrote: > Daniele Di Proietto <diproiet...@vmware.com> writes: > > > On 25/01/2017 00:01, "Ansis Atteka" <ansisatt...@gmail.com> wrote: > > > >>On Jan 25, 2017 4:22 AM,

Re: [ovs-dev] [PATCH] selinux: Allow creating tap devices.

by the userspace datapath would fail. This doesn't mean that we can run Open vSwitch with DPDK under SELinux yet, but at least we can use the userspace datapath. Signed-off-by: Daniele Di Proietto <diproiet...@vmware.com> Acked-by: Ansis Atteka <aatt...@ovn.org> I saw that other open sour

Re: [ovs-dev] GRE over IPsec on CentOS

On Sep 26, 2016 7:02 PM, wrote: > > Hi all , > > I have been trying to test IPSEC over GRE on Centos7.3 . I am able to test on ubuntu14.04 . The ovs-monitor-ipsec daemon never was packaged (ie had *.rpm package) for CentOS. Just for debain/ubuntu. However, now we

Re: [ovs-dev] [PATCH] openvswitch: Allow external IPsec tunnel management.

-ipsec > delete mode 100644 tests/ovs-monitor-ipsec.at Assuming you were able to build all other debian packages with "fakeroot debian/rules binary" after removing and editing those files, then Acked-by: Ansis Atteka <aatt...@ovn.org> Let me know, if you want me to independen

Re: [ovs-dev] [PATCH] openvswitch: deprecates support for IPsec tunnel port.

git a/vswitchd/vswitch.xml b/vswitchd/vswitch.xml > index e73023d..6381cc8 100644 > --- a/vswitchd/vswitch.xml > +++ b/vswitchd/vswitch.xml > @@ -2008,6 +2008,9 @@ > > An Ethernet over RFC 2890 Generic Routing Encapsulation over > IPv4/IPv6 >

Re: [ovs-dev] [PATCH] openvswitch: Allow external IPsec tunnel management.

On Fri, Sep 23, 2016 at 1:12 AM, pravin shelar <pshe...@ovn.org> wrote: > On Thu, Sep 22, 2016 at 11:59 AM, Ansis Atteka <ansisatt...@gmail.com> wrote: >> >> >> On 20 September 2016 at 20:52, Pravin B Shelar <pshe...@ovn.org> wrote: >>> >>>

Re: [ovs-dev] [PATCHv2] ovs-lib: Fix SELinux contexts for created dirs.

ems where 'restorecon' is unavailable, this should be a no-op. > > VMware-BZ: #1732672 > > Signed-off-by: Joe Stringer <j...@ovn.org> > Acked-by: Ansis Atteka <aatt...@ovn.org> > Thanks for taking care of this. I just did a basic test and I think your V2 patch is a good enhanc

Re: [ovs-dev] [PATCH] ovs-lib: Fix SELinux contexts for created dirs.

ems where 'restorecon' is unavailable, this should be a no-op. > > VMware-BZ: #1732672 > > Signed-off-by: Joe Stringer <j...@ovn.org> Acked-by: Ansis Atteka <aatt...@ovn.org> I could give Tested-by, but only in 12 hours, if you are willing to wait. One thing that caught my att

Re: [ovs-dev] [PATCH] openvswitch: Allow external IPsec tunnel management.

On 20 September 2016 at 20:52, Pravin B Shelar wrote: > OVS IPsec tunnel support has issues: > 1. It only works for GRE. 2. only works on Debian. 3. It does not allow user to match on packet-mark >on packet received on tunnel ports. > Therefore following patch provide

Re: [ovs-dev] [PATCH] ipsec: Do not allow ipsec_gre tunnel traffic to exit unencrypted

On 30 August 2016 at 02:21, Jesse Gross <je...@kernel.org> wrote: > On Mon, Aug 29, 2016 at 11:57 AM, Ansis Atteka <aatt...@ovn.org> wrote: > > If ipsec_gre tunnel configuration is changed in OVSDB, > > then GRE packets may sometimes exit unencrypted until &g

[ovs-dev] [PATCH] ipsec: Do not allow ipsec_gre tunnel traffic to exit unencrypted

) Signed-off-by: Ansis Atteka <aatt...@ovn.org> Reported-by: Steffen Birkeland <steff...@stud.ntnu.no> --- debian/control | 1 + debian/ovs-monitor-ipsec | 16 ++-- tests/ofproto-macros.at | 7 +++ 3 files changed, 22 insertions(+), 2 deletions(-) diff --

Re: [ovs-dev] [PATCHv2 2/2] tunneling: get skb marking to work properly with tunnels

On Jul 21, 2016 2:08 PM, "Jarno Rajahalme" <ja...@ovn.org> wrote: > > Looks good to me: > > Acked-by: Jarno Rajahalme <ja...@ovn.org> > Thanks. Can you also review patch 1/2? > > On Jul 19, 2016, at 2:25 PM, Ansis Atteka <aatt...@ovn.org> wrote: &

Re: [ovs-dev] [PATCH 2/2] tunneling: get skb marking to work properly with tunnels

On 14 July 2016 at 02:22, Jarno Rajahalme <ja...@ovn.org> wrote: > > > On Jul 13, 2016, at 9:01 PM, Ansis Atteka <aatt...@ovn.org> wrote: > > > > There are two issues that this patch fixes: > > 1. it was impossible to set skb mark at all through > >

[ovs-dev] [PATCHv2 2/2] tunneling: get skb marking to work properly with tunnels

patch also adds anti-regression tests to prevent such breakages in the future. Signed-off-by: Ansis Atteka <aatt...@ovn.org> VMware-BZ: #1653178 --- ofproto/tunnel.c | 3 +- tests/tunnel.at | 120 +++ 2 files changed, 122 insertion

[ovs-dev] [PATCHv2 1/2] IPsec: refactor out some code in OVS_MONITOR_IPSEC_START macro

This OVS_MONITOR_IPSEC_START macro will be helpful in the next patch where it will be used also from tests/tunnel.at file to test that skb marking happens correctly. Otherwise, without ovs-monitor-ipsec running the ovs-vswitchd would refuse to configure ipsec_XXX tunnels. Signed-off-by: Ansis

[ovs-dev] [PATCH 2/2] tunneling: get skb marking to work properly with tunnels

patch also adds anti-regression tests to prevent such breakages in the future. Signed-off-by: Ansis Atteka <aatt...@ovn.org> VMware-BZ: #1653178 --- ofproto/tunnel.c | 4 +- tests/tunnel.at | 120 +++ 2 files changed, 122 insertions

[ovs-dev] [PATCH 1/2] IPsec: refactor out some code in OVS_MONITOR_IPSEC_START macro

This OVS_MONITOR_IPSEC_START macro will be helpful in the next patch where it will be used also from tests/tunnel.at file to test that skb marking happens correctly. Otherwise, without ovs-monitor-ipsec running the ovs-vswitchd would refuse to configure ipsec_XXX tunnels. Signed-off-by: Ansis

Re: [ovs-dev] [PATCH v2 2/2] netdev-dpdk: Support user-defined socket attribs

On Wed, Jul 6, 2016 at 7:24 AM, Aaron Conole wrote: > Aaron Conole writes: > >> Daniele Di Proietto writes: >> >>> On 10/06/2016 10:51, "Aaron Conole" wrote: >>> Aaron Conole writes:

Re: [ovs-dev] [PATCH] bridge: fix windows build

; > > > On 6/29/16, 6:16 PM, "Ansis Atteka" <aatt...@ovn.org> wrote: > > >Patch 81d2f75c (bridge: allow OVS to interact with controller > >through sockets outside run dir) broke windows build. This patch > >fixes that. > > > >Signed-off-by

[ovs-dev] [PATCH] bridge: fix windows build

Patch 81d2f75c (bridge: allow OVS to interact with controller through sockets outside run dir) broke windows build. This patch fixes that. Signed-off-by: Ansis Atteka <aatt...@ovn.org> --- lib/daemon.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/daemon.h

Re: [ovs-dev] [PATCHv3] bridge: allow OVS to interact with controller through sockets outside run dir

On 27 June 2016 at 19:52, Jesse Gross <je...@kernel.org> wrote: > On Mon, Jun 27, 2016 at 7:20 PM, Ansis Atteka <aatt...@ovn.org> wrote: > > Currently Open vSwitch is unable to create or connect to Unix Domain > > Sockets outside designated 'run' directory, because of f

  1   2   3   4   5   >