-Original Message-
From: dev On Behalf Of David Wilder
Sent: Wednesday 19 May 2021 01:10
To: ovs-dev@openvswitch.org
Cc: daniele.di.proie...@gmail.com; wil...@us.ibm.com; i.maxim...@ovn.org
Subject: [ovs-dev] [PATCH v4 1/2] ovs-numa: Support non-contiguous numa nodes
and offline CPU co
-Original Message-
From: dev On Behalf Of David Wilder
Sent: Wednesday 19 May 2021 01:10
To: ovs-dev@openvswitch.org
Cc: daniele.di.proie...@gmail.com; wil...@us.ibm.com; i.maxim...@ovn.org
Subject: [ovs-dev] [PATCH v4 2/2] ovs-numa: Dpdk options with non-contiguous
nodes
If not suppl
On 14 May 2021, at 21:33, Vasu Dasari wrote:
> Currently there is an option to add/flush/show ARP/ND neighbor. This covers L3
> side. For L2 side, there is only fdb show command. This patch gives an option
> to add/del an fdb entry via ovs-appctl. ovs-appctl command looks like this:
>
> To add:
On 5/17/21 5:22 PM, Dumitru Ceara wrote:
> On 4/26/21 2:19 PM, Eelco Chaudron wrote:
>> Currently, conntrack in the kernel has an undocumented feature referred
>> to as all-zero IP address NULL SNAT. Basically, when a source port
>> collision is detected during the commit, the source port will be
>
On Wed, May 19, 2021 at 01:22:58PM -0700, Ben Pfaff wrote:
> On Wed, May 19, 2021 at 10:03:57PM +0200, Ilya Maximets wrote:
> > Hi.
> >
> > Taking into account some very unhealthy things that happened recently
> > with FreeNode network and resigning of lots of its stuff [1], we
> > probably need t
When a thread is blocked on a barrier, there is no guarantee
regarding the moment it will resume, only that it will at some point in
the future.
One thread can resume first then proceed to destroy the barrier while
another thread has not yet awoken. When it finally happens, the second
thread will
No unit test exist currently for the ovs-barrier type.
It is however crucial as a building block and should be verified to work
as expected.
Create a simple test verifying the basic function of ovs-barrier.
Integrate the test as part of the test suite.
Signed-off-by: Gaetan Rivet
---
tests/auto
Add a simple postponing test verifying RCU callbacks have executed and
RCU exits in order. Add as part of library unit-tests.
Signed-off-by: Gaetan Rivet
---
tests/library.at | 8 ++-
tests/test-rcu.c | 61
2 files changed, 68 insertions(+),
A mutex is allocated, initialized and destroyed, without being
used in the perthread structure.
Signed-off-by: Gaetan Rivet
---
lib/ovs-rcu.c | 3 ---
1 file changed, 3 deletions(-)
diff --git a/lib/ovs-rcu.c b/lib/ovs-rcu.c
index cde1e925b..1866bd308 100644
--- a/lib/ovs-rcu.c
+++ b/lib/ovs-rc
Joining pthreads makes the caller quiescent. It should register as such,
as joined threads may wait on an RCU callback executing before quitting,
deadlocking the caller.
Signed-off-by: Gaetan Rivet
---
lib/ovs-thread.c | 16 ++--
1 file changed, 14 insertions(+), 2 deletions(-)
diff
When using the RCU mechanism and deferring memory reclamation, potential
use-after-free due to incorrect use of RCU can be hidden.
Add a test triggering a UAF event. When the test suite is built with
AddressSanitizer support, verify that the event triggers and the tool is
usable with RCU.
Signed-
This series adds a compilation option that changes the behavior of the RCU
module. Once enabled, RCU reclamation by user threads becomes blocking until
the RCU threads has executed the scheduled callbacks.
Tools such as AddressSanitizer are useful to detect memory errors e.g.
user-after-free.
Suc
Add the configure option --enable-rcu-blocking, that modifies the RCU
library. When enabled, quiescing from other threads will block, waiting
on the RCU thread to execute the postponed jobs.
This mode forces the deferred memory reclamation to happen
deterministically, reducing the latency of the d
Add a configure option to enable ASAN in a simple way.
Adding an AC variable to allow checking for support in the testsuite.
Signed-off-by: Gaetan Rivet
---
.ci/linux-build.sh | 4 ++--
NEWS | 1 +
acinclude.m4 | 16
configure.ac | 1 +
tests/atlocal
On Thu, May 6, 2021, at 01:19, Ben Pfaff wrote:
> On Thu, May 06, 2021 at 12:37:36AM +0200, Gaëtan Rivet wrote:
> > On Wed, May 5, 2021, at 21:36, Ben Pfaff wrote:
> > > On Wed, Apr 28, 2021 at 01:03:24AM +0200, Gaetan Rivet wrote:
> > > > This series adds a compilation option that changes the beha
On 5/18/21 8:49 AM, Dumitru Ceara wrote:
> When setting monitor conditions ovsdb_cs_db_set_condition() returns the
> sequence number when it is expected that all updates that correspond to
> the new condition have been received. This sequence number is used by
> ovn-controller to determine whether
On 4/7/21 6:49 PM, Ben Pfaff wrote:
[...]
>>
>> Thanks! I can download them now. It's back on my to-do list.
>
> I can reproduce the problem now. I haven't fixed it yet, but I did fix
> a nasty performance problem in ovn-nbctl that became really apparent
> when working with your databases:
>
Hi,
On Mon, May 17, 2021 at 01:18:53PM +0200, Simon Horman wrote:
...
> @@ -547,6 +549,12 @@ is_tap_netdev(const struct netdev *netdev)
> return netdev_get_class(netdev) == &netdev_tap_class;
> }
> �
> +enum {
> +OVS_TC_QOS_TYPE_BPS,
> +OVS_TC_QOS_TYPE_PPS,
> +OVS_TC_QOS_TYPE_MA
On Thu, May 20, 2021 at 05:06:26PM +0200, Dumitru Ceara wrote:
> On 4/7/21 6:49 PM, Ben Pfaff wrote:
>
> [...]
>
> >>
> >> Thanks! I can download them now. It's back on my to-do list.
> >
> > I can reproduce the problem now. I haven't fixed it yet, but I did fix
> > a nasty performance proble
On Thu, May 20, 2021 at 09:46:01AM -0300, Flavio Leitner wrote:
> On Wed, May 19, 2021 at 01:22:58PM -0700, Ben Pfaff wrote:
> > On Wed, May 19, 2021 at 10:03:57PM +0200, Ilya Maximets wrote:
> > > Hi.
> > >
> > > Taking into account some very unhealthy things that happened recently
> > > with Fre
Mark Gray (2):
ovn-nb.xml: Fix typo
ovn-northd: Fix IPv6 ECMP symmetric reply flows
northd/ovn-northd.8.xml | 2 +-
northd/ovn-northd.c | 2 +-
ovn-nb.xml | 2 +-
tests/ovn.at| 127 +++
tests/system-ovn.at | 162 +++
When adding ECMP routes with symmetric replies, ovn-northd
adds a priority 100 flow in the table "lr_in_ip_routing" which bypasses
the ECMP routes for replies by using the ct.rpl field. Lower priority
flows are also added in this table for each route to IPv4/6 network. These
flows have a priority t
Signed-off-by: Mark Gray
---
ovn-nb.xml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/ovn-nb.xml b/ovn-nb.xml
index ed271d8eb3f2..cb3aef1ba881 100644
--- a/ovn-nb.xml
+++ b/ovn-nb.xml
@@ -2750,7 +2750,7 @@
-It true, then new traffic that arrives ove
On 04/04/2021 18:31, Ilya Maximets wrote:
> 'if_indextoname' may fail leaving the 'master_name' uninitialized:
>
> Conditional jump or move depends on uninitialised value(s)
> at 0x4C34329: strlen (vg_replace_strmem.c:459)
> by 0x51C638: hash_string (hash.h:342)
> by 0x51C638: hash_na
On 04/04/2021 18:31, Ilya Maximets wrote:
> 'cdtp' is allocated on a stack and it has uninitialized 'present'
> field that specifies which attributes are actually set. This
> causes use of uninitialized attributes.
>
> Conditional jump or move depends on uninitialised value(s)
> at 0x539651:
On 04/04/2021 18:31, Ilya Maximets wrote:
> ct limit requests never initializes the whole 'struct ovs_zone_limit'
> sending uninitialized stack memory to kernel:
>
> Syscall param sendmsg(msg.msg_iov[0]) points to uninitialised byte(s)
> at 0x5E23867: sendmsg (in /usr/lib64/libpthread-2.28.so
Thank you Eelco for testing the patch.
My responses are inline:
*Vasu Dasari*
On Thu, May 20, 2021 at 5:20 AM Eelco Chaudron wrote:
>
>
> On 14 May 2021, at 21:33, Vasu Dasari wrote:
>
> > Currently there is an option to add/flush/show ARP/ND neighbor. This
> covers L3
> > side. For L2 side,
On 5/20/21 6:55 PM, Mark Gray wrote:
> On 04/04/2021 18:31, Ilya Maximets wrote:
>> ct limit requests never initializes the whole 'struct ovs_zone_limit'
>> sending uninitialized stack memory to kernel:
>>
>> Syscall param sendmsg(msg.msg_iov[0]) points to uninitialised byte(s)
>> at 0x5E23867
Looks good to me.
For the series:
Acked-by: Mark Michelson
On 5/20/21 12:30 PM, Mark Gray wrote:
Mark Gray (2):
ovn-nb.xml: Fix typo
ovn-northd: Fix IPv6 ECMP symmetric reply flows
northd/ovn-northd.8.xml | 2 +-
northd/ovn-northd.c | 2 +-
ovn-nb.xml | 2 +-
On 5/20/21 7:46 PM, Ilya Maximets wrote:
> On 5/20/21 6:55 PM, Mark Gray wrote:
>> On 04/04/2021 18:31, Ilya Maximets wrote:
>>> ct limit requests never initializes the whole 'struct ovs_zone_limit'
>>> sending uninitialized stack memory to kernel:
>>>
>>> Syscall param sendmsg(msg.msg_iov[0]) poi
On 5/20/21 6:30 PM, Mark Gray wrote:
> When adding ECMP routes with symmetric replies, ovn-northd
> adds a priority 100 flow in the table "lr_in_ip_routing" which bypasses
> the ECMP routes for replies by using the ct.rpl field. Lower priority
> flows are also added in this table for each route to
This is one of the hottest points in the northd in case of big number
of load balancers and we're reallocating matches and actions several
times for each vIP for each load balancer.
Fix that by re-using the allocated memory and just clearing dynamic
strings for all subsequnet IPs.
Signed-off-by:
Dumitru Ceara writes:
> On 4/26/21 2:19 PM, Eelco Chaudron wrote:
>> Currently, conntrack in the kernel has an undocumented feature referred
>> to as all-zero IP address NULL SNAT. Basically, when a source port
>> collision is detected during the commit, the source port will be
>> translated to a
Next meeting: 03-June, 2021
Attendees:
* Aaron
* Paolo
* Korol
* Gaetan
Agenda:
A Security concerns, raised by NVidia
- tcp_loose mode support
- Kernel supports this via sysctl knob
- Userspace has no such knob or function
- Aconole: will start work on this as a separate series
During the irc meeting today, a question of @openstack bot was raised.
We use the bot to manage and log our weekly meetings, and we would
like to continue using it after migration.
I talked to openstack infra folks (specifically, @fungi), and here is
what I am told:
- openstack still hasn't decide
I think this patch could use some ovn-controller tests to ensure that
meters configured in the SB end up being applied to the resulting
controller() actions.
On 4/29/21 1:04 PM, Lorenzo Bianconi wrote:
From: Dumitru Ceara
Add a new 'controller_meter' column to OVN Southbound Logical_Flow
tab
On 4/29/21 1:04 PM, Lorenzo Bianconi wrote:
From: Dumitru Ceara
Add new 'Copp' (Control plane protection) table to OVN Northbound DB:
- this stores mappings between control plane protocol names and meters
that should be used to rate limit controller-destined traffic for
those protocols.
Hi Ben,
I gave these patches another look, and I can say that for patches 1-10,
and patch 27:
Acked-by: Mark Michelson
For patch 11, I had suggested previously a configure-time check to
detect if the correct DDLog version was installed, and you replied with
an example that you would roll i
Acked-by: Mark Michelson
I have a small nit below, but since it's strictly with a comment, it's
easy for whoever merges this to correct the comment when they do it.
There's no reason to spin up a new version of this.
On 5/4/21 1:59 PM, Lorenzo Bianconi wrote:
Since the localnet port is avail
On Mon, May 17, 2021 at 2:47 PM Ihar Hrachyshka wrote:
>
> For each allow-stateless ACL, a rule was added earlier in the pipeline
> that circumvented setting REGBIT_CONNTRACK_DEFRAG regardless of
> whether other, e.g. allow-related ACLs with higher priority were
> present.
>
> Now, when allow-stat
On Mon, May 17, 2021 at 2:47 PM Ihar Hrachyshka wrote:
>
> For each allow-stateless ACL, a rule was added earlier in the pipeline
> that circumvented setting REGBIT_CONNTRACK_DEFRAG regardless of
> whether other, e.g. allow ACLs with higher priority were present.
>
> Now, when allow-stateless ACLs
On Mon, May 17, 2021 at 2:47 PM Ihar Hrachyshka wrote:
>
> While we *should not* circumvent conntrack when a stateful ACL of higher
> priority is present on the switch, we should do so only when
> allow-stateless and allow-stateful directions are the same, otherwise we
> should still skip conntrac
From: Mark Gray
When sending traffic from a Logical Switch Port to an external
IP address via a Gateway Router with a Load Balancer, Open vSwitch
creates datapath flows with a couple of problems:
1) In the router pipeline, we have the following stages to handle
dnat and unsnat.
- Stage 4 : lr_
As discussed in the OVN meeting earlier today.
Ben Pfaff (3):
ovn-northd-ddlog: Document --ddlog-record option.
ovn-northd, ovn-northd-ddlog: New --dry-run option.
tests: Don't define tests that will always be skipped.
NEWS | 2 +-
northd/ovn-northd-ddlog.c | 44 +
Signed-off-by: Ben Pfaff
---
northd/ovn-northd-ddlog.c | 1 +
northd/ovn-northd.8.xml | 10 ++
2 files changed, 11 insertions(+)
diff --git a/northd/ovn-northd-ddlog.c b/northd/ovn-northd-ddlog.c
index b7d2c8a5ef8d..c79e15312b64 100644
--- a/northd/ovn-northd-ddlog.c
+++ b/northd/ovn-
The "(northbound|southbound) database reconnection" tests had
dp-groups=yes variants but they were unconditionally skipped at runtime.
There's no point in having them, so this commit drops them.
This changes the changes of the tests without datapath groups to have
"dp-groups=no" in their names. T
By being able to start up ovn-northd-ddlog in a paused state, we can
produce a recording for use in debugging without having to restart one
of the real ovn-northd-ddlog processes or disturbing the system.
Signed-off-by: Ben Pfaff
CC: Ihar Hrachyshka
---
NEWS | 2 +-
northd
On Thu, May 20, 2021 at 5:05 PM Mark Michelson wrote:
>
> Acked-by: Mark Michelson
>
> I have a small nit below, but since it's strictly with a comment, it's
> easy for whoever merges this to correct the comment when they do it.
> There's no reason to spin up a new version of this.
>
> On 5/4/21 1
Bleep bloop. Greetings Ben Pfaff, I am a robot and I have tried out your patch.
Thanks for your contribution.
I encountered some error that I wasn't expecting. See the details below.
checkpatch:
WARNING: Line lacks whitespace around operator
WARNING: Line lacks whitespace around operator
WARNI
Bleep bloop. Greetings Ben Pfaff, I am a robot and I have tried out your patch.
Thanks for your contribution.
I encountered some error that I wasn't expecting. See the details below.
checkpatch:
WARNING: Line lacks whitespace around operator
#70 FILE: northd/ovn-northd-ddlog.c:1053:
--dry-ru
The 05/11/2021 11:38, Roi Dayan wrote:
> From: Jianbo Liu
>
> There is a race condidtion between purger and handler. Handler may
> create new ukey and install it while executing 'ovs-appctl
> revalidator/purge' command. However, before handler calls
> transition_ukey() in handle_upcalls(), purger
On Thu, May 20, 2021 at 3:22 PM Han Zhou wrote:
>
>
>
> On Mon, May 17, 2021 at 2:47 PM Ihar Hrachyshka
wrote:
> >
> > While we *should not* circumvent conntrack when a stateful ACL of higher
> > priority is present on the switch, we should do so only when
> > allow-stateless and allow-stateful d
Hi, Ilya
Ilya Maximets 于2021年5月19日周三 下午8:50写道:
>
> On 2/27/21 10:34 AM, Peng He wrote:
> > CT zone could be set from a field that is not included in frozen
> > metadata. Consider the example rules which are typically seen in
> > OpenStack security group rules:
> >
> > priority=100,in_port=1,tcp
On Thu, May 20, 2021 at 04:50:58PM -0400, Mark Michelson wrote:
> Hi Ben,
>
> I gave these patches another look, and I can say that for patches 1-10, and
> patch 27:
>
> Acked-by: Mark Michelson
>
> For patch 11, I had suggested previously a configure-time check to detect if
> the correct DDLog
54 matches
Mail list logo
