Re: [ovs-dev] [PATCH ovn] tests: Skip "daemon ssl files change" when SSL is disabled.

On 4/18/23 10:34, Dumitru Ceara wrote: On 4/14/23 17:20, Mark Michelson wrote: The "ovn-nbctl - daemon ssl files change" test will hang forever if SSL is disabled. This commit fixes the issue by skipping the test if SSL is disabled. Signed-off-by: Mark Michelson --- tests/ovn-nbctl.at | 1 +

Re: [ovs-dev] [PATCH ovn v3 3/4] ovn-nbctl: Add tier ACL options.

Bleep bloop. Greetings Mark Michelson, I am a robot and I have tried out your patch. Thanks for your contribution. I encountered some error that I wasn't expecting. See the details below. checkpatch: WARNING: Line is 468 characters long (recommended limit is 79) #122 FILE: utilities/ovn-nbctl

[ovs-dev] [PATCH ovn v3 4/4] acls: Add "pass" ACL action.

This allows for evaluating ACLs at the current tier to stop, and to start evaluating ACLs at the next tier. If not using tiers, or if we match on the final ACL tier, then a "pass" verdict results in the default ACL action being applied. Reported-at: https://bugzilla.redhat.com/show_bug.cgi?id=2134

[ovs-dev] [PATCH ovn v3 2/4] northd: Add tiered ACL support.

With this commit, ACLs can now be arranged in hierarchical tiers. A tier number can be assigned to an ACL. When evaluating ACLs, we first will consider ACLs at tier 0. If no matching ACL is found, then we move to tier 1. This continues until a matching ACL is found, or we reach the maximum tier. If

[ovs-dev] [PATCH ovn v3 3/4] ovn-nbctl: Add tier ACL options.

This modifies the acl-add and acl-del commands so that an ACL tier can be specified when adding or deleting ACLs. For acl-add, if the tier is specified, then the ACL created by the command will have that tier set. For acl-del, if the tier is specified, then the tier will be one of the criteria us

Re: [ovs-dev] [PATCH ovn v2 2/4] northd: Add tiered ACL support.

Hi Ales, I have a response below. On 4/13/23 06:56, Ales Musil wrote: On Mon, Apr 10, 2023 at 7:26 PM Mark Michelson > wrote: With this commit, ACLs can now be arranged in hierarchical tiers. A tier number can be assigned to an ACL. When evaluating ACLs, w

Re: [ovs-dev] [PATCH v2 2/2] deb: Update openvswitch-ipsec dependencies

On Tue, Mar 22, 2022 at 10:09 AM Emeel Hakim via dev wrote: > > patch ovs-monitor-ipsec: Migration from ipsec.conf to swanctl.conf > introduces strongswan-swanctl as an openvswitch-ipsec dependency, > this patch adds it to the openvswitch-ipsec dependencies. > > Signed-off-by: Emeel Hakim > --- >

Re: [ovs-dev] [PATCH v2 1/2] ovs-monitor-ipsec: Migration from ipsec.conf to swanctl.conf

On Tue, Mar 22, 2022 at 10:09 AM Emeel Hakim via dev wrote: > > As strongswan moved to the modern vici-based interface,this patch > modifies ovs-monitor-ipsec to use strongswan's vici-based > configuration instead of the legacy stroke-based configuration. > > Reviewed-by: Raed Salem > Signed-off-

[ovs-dev] [PATCH 7/7] netdev-linux: support 64-bit rates in tc policing

Use TCA_POLICE_RATE64 if the rate cannot be expressed using 32bits. This breaks the 32Gbps barrier. The new barrier is ~4Tbps caused by netdev's API expressing kbps rates using 32-bit integers. Reported-at: https://bugzilla.redhat.com/show_bug.cgi?id=2137643 Signed-off-by: Adrian Moreno --- lib

[ovs-dev] [PATCH 6/7] netdev-linux: refactor nl_msg_put_act_police

In preparation for supporting 64-bit rates in tc policies, move the allocation and initialization of struct tc_police object inside nl_msg_put_act_police(). That way, the function is now called with the actual rates. Signed-off-by: Adrian Moreno --- lib/netdev-linux.c | 37 ++

[ovs-dev] [PATCH 4/7] netdev-linux: use 64-bit rates in htb tc classes

Currently, htb rates are capped at ~34Gbps because they are internally expressed as 32-bit fields. Move min and max rates to 64-bit fields and use TCA_HTB_RATE64 and TCA_HTB_CEIL64 to configure HTC classes to break this barrier. In order to test this, create a dummy tuntap device and set it's spe

[ovs-dev] [PATCH 5/7] netdev-linux: remove tc_matchall_fill_police

It is equivalent to tc_policer_init() so remove the duplicated function. Signed-off-by: Adrian Moreno --- lib/netdev-linux.c | 27 +++ 1 file changed, 3 insertions(+), 24 deletions(-) diff --git a/lib/netdev-linux.c b/lib/netdev-linux.c index 7311fd37b..8ee75981b 100644

[ovs-dev] [PATCH 3/7] netdev-linux: use 64-bit rtab tables

tc uses these "rtab" tables to estimate the time (ticks) that it takes to send a packet of different sizes. In preparation for the introduction of 64-bit rates, add an argument to tc_put_rtab() to allow an external 64-bit rate. Signed-off-by: Adrian Moreno --- lib/netdev-linux.c | 18 +++

[ovs-dev] [PATCH 1/7] netdev: add netdev_get_speed() to nedev API

Currently, the netdev's speed is being calculated by taking the link's feature bits (using netdev_get_features()) and transforming them into bps. This mechanism can be both inaccurate and difficult to maintain, mainly because we currently use the feature bits supported by OpenFlow which would have

[ovs-dev] [PATCH 2/7] netdev-linux: use speed as max rate in tc classes

Instead of relying on feature bits, use the speed value directly as maximum rate for htb and hfsc classes. There is still a limitation with the maximum rate that we can express with a 32-bit number in bytes/s (~ 34.3Gbps), but using the actual link speed instead of the feature bits, we can at leas

[ovs-dev] [PATCH 0/7] Improve linux QoS for exotic and fast links

There are currently two issues that limit our ability to configure QoS on certain cards in linux: 1) Firstly, the maximum link speed (which is used as maximum rate in some tc classes), is obtained from netdev feature bits. This is quite problematic because netdev feature bits do not keep up with t

Re: [ovs-dev] [PATCH ovn 3/3] ci: Switch Cirrus CI to use the new image

On 4/17/23 16:47, Ales Musil wrote: > Use the image with preinstalled dependencies > also on Cirrus CI. > > Signed-off-by: Ales Musil > --- Applied to main, thanks! ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinf

Re: [ovs-dev] [PATCH ovn 2/3] ci: Use container to run the tests

On 4/21/23 15:22, Ales Musil wrote: > On Fri, Apr 21, 2023 at 3:09 PM Dumitru Ceara wrote: > >> On 4/17/23 16:47, Ales Musil wrote: >>> Move the ci.sh script into .ci folder >>> and remove the linux-prepare.sh as it >>> is no longer needed with all the requirements >>> installed in container. >>>

Re: [ovs-dev] [PATCH ovn 1/3] ci: Conditionally install gcc-multilib

On 4/17/23 16:47, Ales Musil wrote: > The gcc-multilib is needed for x86 build on > x86_64, but the package is not available for > arm64. We need to conditonally install only > when we run the x86 job. > > Signed-off-by: Ales Musil > --- > .ci/linux-build.sh | 7 +++ > 1 file changed, 7 inse

Re: [ovs-dev] [PATCH v3] dpif-netlink: Fix memory leak dpif_netlink_open().

On Fri, Apr 21, 2023 at 05:47:58PM +0800, Yunjian Wang wrote: > In the specific call to dpif_netlink_dp_transact() (line 398) in > dpif_netlink_open(), the 'dp' content is not being used in the branch > when no error is returned (starting line 430). Furthermore, the 'dp' > and 'buf' variables are o

Re: [ovs-dev] [PATCH ovn 2/3] ci: Use container to run the tests

On Fri, Apr 21, 2023 at 3:09 PM Dumitru Ceara wrote: > On 4/17/23 16:47, Ales Musil wrote: > > Move the ci.sh script into .ci folder > > and remove the linux-prepare.sh as it > > is no longer needed with all the requirements > > installed in container. > > > > Signed-off-by: Ales Musil > > --- >

Re: [ovs-dev] [PATCH ovn 2/3] ci: Use container to run the tests

On 4/17/23 16:47, Ales Musil wrote: > Move the ci.sh script into .ci folder > and remove the linux-prepare.sh as it > is no longer needed with all the requirements > installed in container. > > Signed-off-by: Ales Musil > --- > {utilities/containers => .ci}/ci.sh | 0 > .ci/linux-prepare.sh

[ovs-dev] [PATCH] utilities: taskset for non-pmd threads

Deployment with dpdk and spdk should limit the core of non-pmd threads. When starting ovs with ovs-ctl or systemd, the process will inherit the affinity of its parent process. Even if we manuanlly set the affinity, restarting after crash will lose the setting. Prepend taskset in ovs-ctl when start

Re: [ovs-dev] [PATCH ovn v2] system-tests: Fix and enable the SCTP test

On 21 Apr 2023, at 12:00, Ales Musil wrote: > Fix the outdated parts of SCTP test and > allow it to be run on CI, in order to do that > we just need to load sctp kernel module. > > Reported-at: https://bugzilla.redhat.com/2183516 > Signed-off-by: Ales Musil > --- > v2: Rebase on top of current

Re: [ovs-dev] [PATCH v2] netdev-dpdk: Check rx/tx descriptor sizes for device.

On 21/04/2023 11:00, David Marchand wrote: On Fri, Apr 14, 2023 at 5:45 PM Kevin Traynor wrote: By default OVS configures 2048 descriptors for tx and rx queues on DPDK devices. It also allows the user to configure those values. If the values used are not acceptable to the device then queue se

Re: [ovs-dev] [PATCH v7 2/8] lib, ovs-vsctl: Add zero-initializations

On Sat, Apr 15, 2023 at 11:21:49PM +0800, James Raphael Tiovalen wrote: > This commit adds zero-initializations by changing `SFL_ALLOC` from > `malloc` to `xzalloc`, initializing a `pollfd` struct variable with > zeroes, and changing some calls to `xmalloc` to `xzalloc`. This is to > prevent potent

[ovs-dev] [PATCH ovn v2] system-tests: Fix and enable the SCTP test

Fix the outdated parts of SCTP test and allow it to be run on CI, in order to do that we just need to load sctp kernel module. Reported-at: https://bugzilla.redhat.com/2183516 Signed-off-by: Ales Musil --- v2: Rebase on top of current main. Address comment from Eelco about not removing the sc

Re: [ovs-dev] [PATCH v2] netdev-dpdk: Check rx/tx descriptor sizes for device.

On Fri, Apr 14, 2023 at 5:45 PM Kevin Traynor wrote: > > By default OVS configures 2048 descriptors for tx and rx queues > on DPDK devices. It also allows the user to configure those values. > > If the values used are not acceptable to the device then queue setup > would fail. > > The device expos

Re: [ovs-dev] [PATCH v7 1/8] lib: Add non-null assertions to return value of `dp_packet_data`

On Sat, Apr 15, 2023 at 11:21:48PM +0800, James Raphael Tiovalen wrote: > This commit adds some `ovs_assert()` checks to the return values of > `dp_packet_data()` to ensure that they are not NULL and to prevent > null-pointer dereferences, which might lead to unwanted crashes. We use > assertions s

[ovs-dev] [PATCH v3] dpif-netlink: Fix memory leak dpif_netlink_open().

In the specific call to dpif_netlink_dp_transact() (line 398) in dpif_netlink_open(), the 'dp' content is not being used in the branch when no error is returned (starting line 430). Furthermore, the 'dp' and 'buf' variables are overwritten later in this same branch when a new netlink request is sen

Re: [ovs-dev] [PATCH v3] ofp-parse: Check ranges on string to uint32_t conversion.

On Fri, Apr 21, 2023 at 10:49:41AM +0200, Eelco Chaudron wrote: > > > On 21 Apr 2023, at 10:27, Yunjian Wang wrote: > > > An unnecessarily overflow would occurs when the 'value' is longer than > > 4294967295. So it's required to check ranges to avoid uint32_t overflow. > > > > Reported-by: Nan Z

Re: [ovs-dev] [PATCH ovn] system-tests: Fix and enable the SCTP test

On Fri, Apr 21, 2023 at 10:47 AM Eelco Chaudron wrote: > > > On 18 Apr 2023, at 8:50, Ales Musil wrote: > > > Fix the outdated parts of SCTP test and > > allow it to be run on CI, in order to do that > > we just need to load sctp kernel module. > > Hi Ales, > > Thanks for looking into this. Some

Re: [ovs-dev] [PATCH v3] ofp-parse: Check ranges on string to uint32_t conversion.

On 21 Apr 2023, at 10:27, Yunjian Wang wrote: > An unnecessarily overflow would occurs when the 'value' is longer than > 4294967295. So it's required to check ranges to avoid uint32_t overflow. > > Reported-by: Nan Zhou > Signed-off-by: Yunjian Wang Thanks for addressing my comment. It looks

Re: [ovs-dev] [PATCH ovn] system-tests: Fix and enable the SCTP test

On 18 Apr 2023, at 8:50, Ales Musil wrote: > Fix the outdated parts of SCTP test and > allow it to be run on CI, in order to do that > we just need to load sctp kernel module. Hi Ales, Thanks for looking into this. Some comments/questions inline… > Reported-at: https://bugzilla.redhat.com/218

[ovs-dev] [PATCH v3] python-stream: handle SSL error in do_handshake

In some cases ovsdb server or relay gets restarted, ovsdb python clients may keep the local socket open. Instead of reconnecting a lot of failures will be logged. This can be reproduced with ssl connections to the server/relay and restarting it, so it has the same IP after restart. This patch catc

[ovs-dev] [PATCH v3] ofp-parse: Check ranges on string to uint32_t conversion.

An unnecessarily overflow would occurs when the 'value' is longer than 4294967295. So it's required to check ranges to avoid uint32_t overflow. Reported-by: Nan Zhou Signed-off-by: Yunjian Wang --- v3: fix patch code styles --- lib/ofp-parse.c | 7 ++- 1 file changed, 2 insertions(+), 5 del

Re: [ovs-dev] [PATCH v2] python-stream: handle SSL error in do_handshake

Bleep bloop. Greetings Stefan Hoffmann, I am a robot and I have tried out your patch. Thanks for your contribution. I encountered some error that I wasn't expecting. See the details below. checkpatch: ERROR: Co-author Luca Czesla needs to sign off. Lines checked: 40, Warnings: 0, Errors: 1

Re: [ovs-dev] [PATCH ovn] tests: decrease risk of flaky failures of ovn -- CoPP system test

On Thu, Apr 20, 2023 at 6:49 PM Xavier Simonart wrote: > The test was often failing with a meter of 10 pps while generating 100 > packets. > When the 100 packets generation takes more than 100 msec, the test fails. > This happens from time to time in upstream ci. > Reducing the number of generate

Re: [ovs-dev] [PATCH ovn] tests: fix "load balancing affinity sessions - IPv4 and IPv6"

On Thu, Apr 20, 2023 at 6:23 PM Xavier Simonart wrote: > The tests were randomly failing as there is no guarentee that > 15 nc will reach different load balancers. > Also, running 15 nc made the test quite slow. > Fixed by running loops of 5 nc, and then checking results. > Test duration decrease

Re: [ovs-dev] [PATCH ovn 3/3] tests: check arguments count of OVS_WAIT_UNTIL

On Thu, Apr 20, 2023 at 6:15 PM Xavier Simonart wrote: > The macro has been used erroneously with the expectation > to take the third parameter as the expected output. > Fail if more than 2 arguments are used. > Also fail if the second argument is an integer (second arg expected to > be a command

[ovs-dev] [PATCH v2] python-stream: handle SSL error in do_handshake

In some cases ovsdb server or relay gets restarted, ovsdb python clients may keep the local socket open. Instead of reconnecting a lot of failures will be logged. This can be reproduced with ssl connections to the server/relay and restarting it, so it has the same IP after restart. This patch catc

Re: [ovs-dev] [PATCH ovn 2/3] tests: Fixed wrong usage of OVS_WAIT_UNTIL

On Thu, Apr 20, 2023 at 6:15 PM Xavier Simonart wrote: > Signed-off-by: Xavier Simonart > --- > tests/ovn-controller.at | 19 --- > tests/ovn.at| 24 > 2 files changed, 24 insertions(+), 19 deletions(-) > > diff --git a/tests/ovn-controller.a

Re: [ovs-dev] [PATCH ovn 1/3] tests: Fixed "1 LR with HA distributed router gateway port"

On Thu, Apr 20, 2023 at 6:15 PM Xavier Simonart wrote: > This test is broken since a long time but passed as it used > OVS_WAIT_UNTIL for checking output, which succeeds whatever the output is > ... > - Replaced OVS_WAIT_UNTIL by OVS_WAIT_FOR_OUTPUT > - Update table numbers > - Added back hv$i-vi

Re: [ovs-dev] [PATCH ovn v3 2/2] ovn-controller: fixed port not always set down when unbinding interface

On Wed, Apr 19, 2023 at 2:41 PM Xavier Simonart wrote: > When interface was unbound, the port was not always set down and the > port_binding->chassis not always removed. > > Fixes: a7c7d4519e50 ("controller: avoid recomputes triggered by SBDB > Port_Binding updates.") > Reported-at: https://bugzi

Re: [ovs-dev] [PATCH ovn v3 1/2] ovn-controller: fixed ovn-installed not always properly added or removed.

On Wed, Apr 19, 2023 at 2:41 PM Xavier Simonart wrote: > OVN checks whether ovn-installed is already present (in OVS) before > updating it. > This might cause ovn-installed related issues in the following case: > - (1) ovn-installed is present > - (2) we claim the interface > - (3) we update ovs,

Re: [ovs-dev] [PATCH v2] ofp-parse: Check ranges on string to uint32_t conversion.

On 21 Apr 2023, at 4:51, Yunjian Wang via dev wrote: > An unnecessarily overflow would occurs when the 'value' is longer than > 4294967295. So it's required to check ranges to avoid uint32_t overflow. > > Reported-by: Nan Zhou > Signed-off-by: Yunjian Wang > --- > v2: fix patch code styles >