date:20161208

Re: [ovs-dev] [RFC PATCH] datapath: allow tunnels to be created with rtnetlink

2016-12-08 Thread Pravin Shelar

On Thu, Dec 8, 2016 at 1:14 AM, Jiri Benc  wrote:
> On Wed, 7 Dec 2016 16:35:59 -0800, Pravin Shelar wrote:
>> In compat mode, OVS tunnel devices are not used in same way as LWT,
>> since OVS do support kernel version that does not have core LWT
>> support. Therefore we have to use legacy vport APIs to create these
>> ports.
>
> I see. Yes, that's unfortunate.
>
>> There might be a way to configure the device, once it is
>> created, using rtnetlink API but would complicate the code. So I think
>> in such cases like GPE we could to add code to the legacy code.
>
> Could we just support the newest shiniest features only with lwtunnel
> capable kernel? Kernel 4.3 is out for more than a year already, that's
> a long time. And several more months will pass before this is available
> in an Open vSwitch release.
>
OVS out of tree kernel module is using compat tunnel code upto kernel
4.5 kernel even thought LWT is available in these kernels. This is due
to missing features on these kernel which are backported to OVS
module. In future we could bump up requirements of kernel again.
Therefore I think we could add compat code for GPE given it is not
that complicated.
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH] datapath: Linux 4.9 compat.

2016-12-08 Thread Andy Zhou

On Wed, Dec 7, 2016 at 4:31 PM, Jarno Rajahalme  wrote:

> This patch allows openvswitch kernel module in the OVS tree to be
> compiled against the current net-next Linux kernel.  The changes are
> due to these upstream commits:
>
> 56989f6d856 ("genetlink: mark families as __ro_after_init")
> 489111e5c25 ("genetlink: statically initialize families")
> a07ea4d9941 ("genetlink: no longer support using static family IDs")
>
> struct genl_family initialization is changed be completely static and
> to include the new (in Linux 4.6) __ro_after_init attribute.  Compat
> code defines it as an empty macro if not defined already.
>
> GENL_ID_GENERATE is no longer defined, but since it was defined as 0,
> it is safe to drop it from all initializers also on older Linux
> versions.
>
> Tested with current Linux net-next (4.9) and 3.16.
>
> Signed-off-by: Jarno Rajahalme 
>

Tested building linux 4.0-4.9.

Acked-by: Andy Zhou 

When compiling with 4.0, I got the following warnning. It does not seem to
be related to this patch.

/home/azhou/projs/ovs/datapath/linux/datapath.c: In function
‘ovs_flow_cmd_set’:
/home/azhou/projs/ovs/datapath/linux/datapath.c:1232:1: warning: the frame
size of 1040 bytes is larger than 1024 bytes [-Wframe-larger-than=]
 }
 ^
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] dev The world has opened up to me in several ways

2016-12-08 Thread Kerry

you are awesome really This drug is constructed to offer you a increase of 
energyhttps://shar.es/18xm2nmy self-confidence level has truly been through the 
roof
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH] python: Currently stream supported SSL

2016-12-08 Thread Guoshuai Li

Signed-off-by: Guoshuai Li 
---
 python/ovs/stream.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/python/ovs/stream.py b/python/ovs/stream.py
index b43e105..d81bedb 100644
--- a/python/ovs/stream.py
+++ b/python/ovs/stream.py
@@ -104,7 +104,7 @@ class Stream(object):
 """Attempts to connect a stream to a remote peer.  'name' is a
 connection name in the form "TYPE:ARGS", where TYPE is an active stream
 class's name and ARGS are stream class-specific.  Currently the only
-supported TYPEs are "unix" and "tcp".
+supported TYPEs are "unix", "tcp" and "ssl".
 
 Returns (error, stream): on success 'error' is 0 and 'stream' is the
 new Stream, on failure 'error' is a positive errno value and 'stream'
-- 
2.10.1.windows.1

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH 1/3] csum: Fix csum_continue() on big endian with an odd number of bytes.

2016-12-08 Thread Daniele Di Proietto

Even though it reads 16 bits at a time, csum_continue() is almost
neutral to endianness (see RFC 1071 1.2 (B), "Byte Order Independence").

Consider a buffer like the following:

: XX YY XX YY XX YY XX YY ZZ

Each couple of bytes is interpreted on little endian as:

*data = 0xYYXX

while on big endian

*data = 0xXXYY

The last byte "ZZ" should be treated as the two bytes "ZZ 00"
little endian:

*data = 0x00ZZ

big endian:

*data = 0xZZ00

which means that the last byte (for odd buffers) should be left shifted
by 8 bits on big endian platforms.

This fixes a couple of connection tracking tests in userspace for big
endian platforms.

I guess RFC1071 4.1 (implementation example of the checksum in C), would
manifest the same problem on big endian.

Reported-at: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840770
Signed-off-by: Daniele Di Proietto 
---
 lib/csum.c | 4 
 1 file changed, 4 insertions(+)

diff --git a/lib/csum.c b/lib/csum.c
index a0e9967..5951576 100644
--- a/lib/csum.c
+++ b/lib/csum.c
@@ -44,7 +44,11 @@ csum_continue(uint32_t partial, const void *data_, size_t n)
 partial = csum_add16(partial, get_unaligned_be16(data));
 }
 if (n) {
+#ifdef WORDS_BIGENDIAN
+partial += (*(uint8_t *) data) << 8;
+#else
 partial += *(uint8_t *) data;
+#endif
 }
 return partial;
 }
-- 
2.10.2

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH 3/3] system-traffic: Skip test cases if firewalld is on.

2016-12-08 Thread Yi-Hung Wei

On RHEL 7.3, test cases that use vxlan, gre, and geneve tunnels fail because
traffic is blocked by default firewall configuration. This commit detects the
status of firewalld, and skips the tests if firewalld is on.

Signed-off-by: Yi-Hung Wei 
---
 tests/system-common-macros.at | 16 +---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/tests/system-common-macros.at b/tests/system-common-macros.at
index 765ea85..d41de23 100644
--- a/tests/system-common-macros.at
+++ b/tests/system-common-macros.at
@@ -223,16 +223,26 @@ m4_define([NETNS_DAEMONIZE],
]
 )
 
+# OVS_CHECK_FIREWALL()
+#
+# Check if firewalld is active, skip the test if it is on.
+# The following command currently only supports RHEL and CentOS.
+m4_define([OVS_CHECK_FIREWALL],
+[AT_SKIP_IF([systemctl status firewalld 2>&1 | grep running > /dev/null])])
+
 # OVS_CHECK_VXLAN()
 #
 # Do basic check for vxlan functionality, skip the test if it's not there.
 m4_define([OVS_CHECK_VXLAN],
-[AT_SKIP_IF([! ip link add foo type vxlan help 2>&1 | grep dstport 
>/dev/null])])
+[AT_SKIP_IF([! ip link add foo type vxlan help 2>&1 | grep dstport 
>/dev/null])
+ OVS_CHECK_FIREWALL()])
 
 # OVS_CHECK_GRE()
 m4_define([OVS_CHECK_GRE],
-[AT_SKIP_IF([! ip link add foo type gretap help 2>&1 | grep gre 
>/dev/null])])
+[AT_SKIP_IF([! ip link add foo type gretap help 2>&1 | grep gre 
>/dev/null])
+ OVS_CHECK_FIREWALL()])
 
 # OVS_CHECK_GENEVE()
 m4_define([OVS_CHECK_GENEVE],
-[AT_SKIP_IF([! ip link add foo type geneve help 2>&1 | grep geneve 
>/dev/null])])
+[AT_SKIP_IF([! ip link add foo type geneve help 2>&1 | grep geneve 
>/dev/null])
+ OVS_CHECK_FIREWALL()])
-- 
2.7.4

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH 2/3] system-traffic: Skip test cases if netcat is not installed.

2016-12-08 Thread Yi-Hung Wei

Test cases that use netcat will fail if netcat is not installed. This patch
detects if netcat is present, and skips those test cases if netcat is not there.

Singed-off-by: Yi-Hung Wei 
---
 tests/atlocal.in| 17 +
 tests/system-traffic.at |  5 +
 2 files changed, 22 insertions(+)

diff --git a/tests/atlocal.in b/tests/atlocal.in
index f518cda..1353b46 100644
--- a/tests/atlocal.in
+++ b/tests/atlocal.in
@@ -124,6 +124,23 @@ else
 HAVE_PYFTPDLIB="no"
 fi
 
+# Look for a commnand in the system. If it is found, defines
+# HAVE_COMMAND="yes", otherwise HAVE_COMMAND="no".
+FindCommand()
+{
+which $1 > /dev/null 2>&1
+status=$?
+var=HAVE_`echo "$1" | tr '[a-z]' '[A-Z]'`
+if test "$status" = "0"; then
+eval ${var}="yes"
+else
+eval ${var}="no"
+fi
+}
+
+# Set HAVE_NC
+FindCommand nc
+
 # Determine correct netcat option to quit on stdin EOF
 if nc --version 2>&1 | grep -q nmap.org; then
 NC_EOF_OPT="--send-only"
diff --git a/tests/system-traffic.at b/tests/system-traffic.at
index 801dfe3..ffeca35 100644
--- a/tests/system-traffic.at
+++ b/tests/system-traffic.at
@@ -338,6 +338,7 @@ OVS_TRAFFIC_VSWITCHD_STOP
 AT_CLEANUP
 
 AT_SETUP([datapath - basic truncate action])
+AT_SKIP_IF([test $HAVE_NC = no])
 OVS_TRAFFIC_VSWITCHD_START()
 AT_CHECK([ovs-ofctl del-flows br0])
 
@@ -454,6 +455,7 @@ dnl   ns1: connect to br0, with IP:10.1.1.2
 dnl   br-underlay: with IP: 172.31.1.100
 dnl   ns0: connect to br-underlay, with IP: 10.1.1.1
 AT_SETUP([datapath - truncate and output to gre tunnel])
+AT_SKIP_IF([test $HAVE_NC = no])
 OVS_CHECK_GRE()
 OVS_TRAFFIC_VSWITCHD_START()
 
@@ -1479,6 +1481,7 @@ OVS_TRAFFIC_VSWITCHD_STOP
 AT_CLEANUP
 
 AT_SETUP([conntrack - ICMP related])
+AT_SKIP_IF([test $HAVE_NC = no])
 CHECK_CONNTRACK()
 OVS_TRAFFIC_VSWITCHD_START()
 
@@ -2408,6 +2411,7 @@ OVS_TRAFFIC_VSWITCHD_STOP
 AT_CLEANUP
 
 AT_SETUP([conntrack - ICMP related with NAT])
+AT_SKIP_IF([test $HAVE_NC = no])
 CHECK_CONNTRACK()
 CHECK_CONNTRACK_NAT()
 OVS_TRAFFIC_VSWITCHD_START()
@@ -2832,6 +2836,7 @@ AT_CLEANUP
 
 
 AT_SETUP([conntrack - DNAT load balancing with NC])
+AT_SKIP_IF([test $HAVE_NC = no])
 CHECK_CONNTRACK()
 CHECK_CONNTRACK_NAT()
 OVS_TRAFFIC_VSWITCHD_START()
-- 
2.7.4

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] I Hope You Get My Message This Time

2016-12-08 Thread Friedrich Mayrhofer



 This is the second time i am sending you this mail.

I, Friedrich Mayrhofer Donate $ 1,000,000.00 to You, Email  Me personally
for more details.

Regards.
Friedrich Mayrhofer
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] Did you get my message this time?

2016-12-08 Thread Sir friedrich mayhofer.....



 This is the second time i am sending you this mail.

I, Friedrich Mayrhofer Donate $ 1,000,000.00 to You, Email  Me personally
for more details.

Regards.
Friedrich Mayrhofer
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH] rpms: Remove more OVN files form openvswitch rpm builds

2016-12-08 Thread Andy Zhou

OVN is packaged with openvswitch-fedora.spec.in, but not with
openvswitch.spec.in. Remove OVN files from openvswitch.spec.in
builds to make rpm build happy.

Signed-off-by: Andy Zhou 
---
 rhel/openvswitch.spec.in | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/rhel/openvswitch.spec.in b/rhel/openvswitch.spec.in
index 9f6549a..14f6e98 100644
--- a/rhel/openvswitch.spec.in
+++ b/rhel/openvswitch.spec.in
@@ -103,7 +103,8 @@ rm \
 $RPM_BUILD_ROOT/usr/bin/ovn-* \
 $RPM_BUILD_ROOT/usr/share/man/man?/ovn-* \
 $RPM_BUILD_ROOT/usr/share/openvswitch/ovn-* \
-$RPM_BUILD_ROOT/usr/share/openvswitch/scripts/ovn-*
+$RPM_BUILD_ROOT/usr/share/openvswitch/scripts/ovn-* \
+$RPM_BUILD_ROOT/usr/share/openvswitch/scripts/ovndb-*
 (cd "$RPM_BUILD_ROOT" && rm -rf usr/%{_lib}/*.la)
 (cd "$RPM_BUILD_ROOT" && rm -rf usr/include)
 
-- 
2.7.4

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [RFC PATCH] datapath: allow tunnels to be created with rtnetlink

2016-12-08 Thread Yang, Yi

On Thu, Dec 08, 2016 at 03:24:35PM -0500, Eric Garver wrote:
> On Wed, Dec 07, 2016 at 08:47:56AM +0800, Yang, Yi wrote:
> > 
> > I notice if we fallback to ovs compat modules to create vxlan, it will
> > use generic netlink but not rtnetlink, do you meam you're changing
> > generic netlink in function dpif_netlink_vport_transact in 
> > lib/dpif-netlink.c to rtnetlink?
> 
> If using out-of-tree modules we will try to create using rtnetlink
> before falling back to genetlink.
> 
> > I want to know when you have a test patch available, I can help test
> > even implement it.
> 
> That would be appreciated.

Thank you, look forward to seeing your patches available ASAP :-)
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH] datapath-windows: Fix issues related to packet completion

2016-12-08 Thread Sairam Venugopal

Acked-by: Sairam Venugopal 


On 12/8/16, 1:31 PM, "Shashank Ram"  wrote:

>- In OvsTunnelPortTx() function, for packets coming from the
>  VIF port, the srcVportNo, srcPortId and srcNicIndex were
>  getting modified for the original NBL prior to creation
>  of newNbl. This is not correct since modifying the original
>  packet's forwarding detail can cause completion issues.
>  Instead, we should keep the forwarding detail of the original
>  packet as is, and only update the forwarding detail for the
>  newNbl.
>
>Signed-off-by: Shashank Ram 
>---
> datapath-windows/ovsext/Actions.c | 25 -
> 1 file changed, 20 insertions(+), 5 deletions(-)
>
>diff --git a/datapath-windows/ovsext/Actions.c
>b/datapath-windows/ovsext/Actions.c
>index f46309a..b5d922b 100644
>--- a/datapath-windows/ovsext/Actions.c
>+++ b/datapath-windows/ovsext/Actions.c
>@@ -663,6 +663,9 @@ OvsTunnelPortTx(OvsForwardingContext *ovsFwdCtx)
> {
> NDIS_STATUS status = NDIS_STATUS_FAILURE;
> PNET_BUFFER_LIST newNbl = NULL;
>+UINT32 srcVportNo;
>+NDIS_SWITCH_NIC_INDEX srcNicIndex;
>+NDIS_SWITCH_PORT_ID srcPortId;
>
> /*
>  * Setup the source port to be the internal port to as to facilitate
>the
>@@ -675,11 +678,15 @@ OvsTunnelPortTx(OvsForwardingContext *ovsFwdCtx)
> L"OVS-Dropped since either internal or external port is
>absent");
> return NDIS_STATUS_FAILURE;
> }
>-ovsFwdCtx->srcVportNo =
>-
>((POVS_VPORT_ENTRY)ovsFwdCtx->switchContext->internalVport)->portNo;
>
>-ovsFwdCtx->fwdDetail->SourcePortId =
>ovsFwdCtx->switchContext->internalPortId;
>-ovsFwdCtx->fwdDetail->SourceNicIndex =
>+/*
>+ * Save the 'srcVportNo', 'srcPortId', 'srcNicIndex' so that
>+ * this can be applied to the new NBL later on.
>+ */
>+srcVportNo =
>+
>((POVS_VPORT_ENTRY)ovsFwdCtx->switchContext->internalVport)->portNo;
>+srcPortId = ovsFwdCtx->switchContext->internalPortId;
>+srcNicIndex =
> 
>((POVS_VPORT_ENTRY)ovsFwdCtx->switchContext->internalVport)->nicIndex;
>
> /* Do the encap. Encap function does not consume the NBL. */
>@@ -715,12 +722,20 @@ OvsTunnelPortTx(OvsForwardingContext *ovsFwdCtx)
> ASSERT(newNbl);
> OvsCompleteNBLForwardingCtx(ovsFwdCtx,
> L"Complete after cloning NBL for
>encapsulation");
>+status = OvsInitForwardingCtx(ovsFwdCtx,
>ovsFwdCtx->switchContext,
>+  newNbl, srcVportNo, 0,
>+ 
>NET_BUFFER_LIST_SWITCH_FORWARDING_DETAIL(newNbl),
>+  ovsFwdCtx->completionList,
>+  >layers, FALSE);
> ovsFwdCtx->curNbl = newNbl;
>+/* Update the forwarding detail for the new NBL */
>+ovsFwdCtx->fwdDetail->SourcePortId = srcPortId;
>+ovsFwdCtx->fwdDetail->SourceNicIndex = srcNicIndex;
> status = OvsDoFlowLookupOutput(ovsFwdCtx);
> ASSERT(ovsFwdCtx->curNbl == NULL);
> } else {
> /*
>-* XXX: Temporary freeing of the packet until we register a
>+ * XXX: Temporary freeing of the packet until we register a
>  * callback to IP helper.
>  */
> OvsCompleteNBLForwardingCtx(ovsFwdCtx,
>--
>2.6.2
>
>___
>dev mailing list
>d...@openvswitch.org
>https://urldefense.proofpoint.com/v2/url?u=https-3A__mail.openvswitch.org_
>mailman_listinfo_ovs-2Ddev=DgICAg=uilaK90D4TOVoH58JNXRgQ=Z6vowHUOjP5
>ysP_g372c49Nqc1vEKqHKNBkR5Q5Z7uo=wzeqpMw3eihlOFBYWonYkI0sNArcFcP7lPBZUyK
>kqAs=r6kexkZdDVn07MGbD73MlXTxChjQTq9_HD2G7vXjjFQ= 

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH] datapath-windows: Remove dead code from PacketIO

2016-12-08 Thread Sairam Venugopal

Acked-by: Sairam Venugopal 


On 12/8/16, 9:57 AM, "Alin Serdean" 
wrote:

>Assigning value to 'nativeNbls' has no effect outside the function and
>the variable is not used inside the function.
>
>Signed-off-by: Alin Gabriel Serdean 
>---
> datapath-windows/ovsext/PacketIO.c | 1 -
> 1 file changed, 1 deletion(-)
>
>diff --git a/datapath-windows/ovsext/PacketIO.c
>b/datapath-windows/ovsext/PacketIO.c
>index a0ddc3d..e30a0c1 100644
>--- a/datapath-windows/ovsext/PacketIO.c
>+++ b/datapath-windows/ovsext/PacketIO.c
>@@ -193,7 +193,6 @@ OvsAppendNativeForwardedPacket(POVS_SWITCH_CONTEXT
>switchContext,
> NDIS_STRING filterReason;
> 
> *nativeNbls = curNbl;
>-nativeNbls = &(curNbl->Next);
> 
> ctx = OvsInitExternalNBLContext(switchContext, curNbl, isRecv);
> if (ctx == NULL) {
>-- 
>2.10.2.windows.1
>___
>dev mailing list
>d...@openvswitch.org
>https://urldefense.proofpoint.com/v2/url?u=https-3A__mail.openvswitch.org_
>mailman_listinfo_ovs-2Ddev=DgICAg=uilaK90D4TOVoH58JNXRgQ=Z6vowHUOjP5
>ysP_g372c49Nqc1vEKqHKNBkR5Q5Z7uo=u7z7arqGCxuNIKt8Zhp1FfwyoCZsYRbNSscfkxo
>Lihc=1wgb8Vypt2VJcx2rtHrYV7_GaXspvT-MowntD5okH8A= 

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH 1/4] datapath-windows: Force driver version to depend on a variable

2016-12-08 Thread Sairam Venugopal

Thanks for sending this out.

Acked-by: Sairam Venugopal 



On 12/5/16, 6:58 PM, "Alin Serdean" 
wrote:

>The following components use Windows driver information:
>-  System (inf file); used during device installation
>-  Resource file (rc file); used by applications when looking over the
>driver
>file(sys)
>
>Currently we have the following for the driver version number:
>-  (inf file) generated value from the build timestamp
>-  (rc file) predefined value
>
>This patch forces both files to depend on a variable: '$(Version)'.
>This is a predefined variable from Visual Studio.
>
>To achieve the above we change the current project settings used by the
>'stampinf' utility and we define a new preprocessor value named
>'VersionWithCommas' (which is obtained by replacing all
>'.' with ',' from $(Version) ).
>Certain values from the resource file are expected to use ',' instead of
>'.' .
>
>The resource file has been updated to use the new values when generating
>information about the driver (sys).
>
>The variable '$(Version' can be changed from the command line via the
>'msbuild' utility.
>
>Signed-off-by: Alin Gabriel Serdean 
>---
> datapath-windows/ovsext/ovsext.rc  | 11 ++-
> datapath-windows/ovsext/ovsext.vcxproj | 19 ++-
> 2 files changed, 24 insertions(+), 6 deletions(-)
>
>diff --git a/datapath-windows/ovsext/ovsext.rc
>b/datapath-windows/ovsext/ovsext.rc
>index 0b92e2e..578367d 100644
>--- a/datapath-windows/ovsext/ovsext.rc
>+++ b/datapath-windows/ovsext/ovsext.rc
>@@ -8,14 +8,15 @@
> LANGUAGE LANG_ENGLISH, SUBLANG_ENGLISH_US
> #pragma code_page(1252)
> 
>+#define STR(x)  #x
> 
>//
>///
> //
> // Version
> //
> 
> VS_VERSION_INFO VERSIONINFO
>- FILEVERSION 6,3,9600,17298
>- PRODUCTVERSION 6,3,9600,17298
>+ FILEVERSION VersionWithCommas
>+ PRODUCTVERSION VersionWithCommas
>  FILEFLAGSMASK 0x3fL
> #ifdef _DEBUG
>  FILEFLAGS 0x9L
>@@ -32,12 +33,12 @@ BEGIN
> BEGIN
> VALUE "CompanyName", "Open vSwitch"
> VALUE "FileDescription", "Open vSwitch Extension"
>-VALUE "FileVersion", "6.3.9600.17298"
>+VALUE "FileVersion", STR(Version)
> VALUE "InternalName", "OVSExt.SYS"
> VALUE "LegalCopyright", "Licensed under the Apache License,
>Version 2.0 (the ""License"")"
> VALUE "OriginalFilename", "OVSExt.SYS"
>-VALUE "ProductName", "Open vSwitch 8/8.1 DDK driver"
>-VALUE "ProductVersion", "6.3.9600.17298"
>+VALUE "ProductName", "Open vSwitch"
>+VALUE "ProductVersion", STR(Version)
> END
> END
> BLOCK "VarFileInfo"
>diff --git a/datapath-windows/ovsext/ovsext.vcxproj
>b/datapath-windows/ovsext/ovsext.vcxproj
>index 77530fd..dc0d2db 100644
>--- a/datapath-windows/ovsext/ovsext.vcxproj
>+++ b/datapath-windows/ovsext/ovsext.vcxproj
>@@ -174,6 +174,18 @@
>   Condition="'$(Configuration)|$(Platform)'=='Win8.1
>Debug|x64'">true
>   Condition="'$(Configuration)|$(Platform)'=='Win8.1
>Release|x64'">true
> 
>+
>+  $(Version)
>+
>+
>+  $(Version)
>+
>+
>+  $(Version)
>+
>+
>+  $(Version)
>+
>   
>   
> 
>@@ -212,7 +224,12 @@
> 
> 
> 
>-
>+
>+  Condition="'$(Configuration)|$(Platform)'=='Win8
>Release|x64'">%(PreprocessorDefinitions);NDIS_WDM=1;NDIS630=1;VersionWithC
>ommas=$(Version.Replace('.',','))
>+  Condition="'$(Configuration)|$(Platform)'=='Win8
>Debug|x64'">%(PreprocessorDefinitions);NDIS_WDM=1;NDIS630=1;VersionWithCom
>mas=$(Version.Replace('.',','))
>+  Condition="'$(Configuration)|$(Platform)'=='Win8.1
>Release|x64'">%(PreprocessorDefinitions);NDIS_WDM=1;NDIS640=1;VersionWithC
>ommas=$(Version.Replace('.',','))
>+  Condition="'$(Configuration)|$(Platform)'=='Win8.1
>Debug|x64'">%(PreprocessorDefinitions);NDIS_WDM=1;NDIS640=1;VersionWithCom
>mas=$(Version.Replace('.',','))
>+
>   
>   
> 
>-- 
>2.10.2.windows.1
>___
>dev mailing list
>d...@openvswitch.org
>https://urldefense.proofpoint.com/v2/url?u=https-3A__mail.openvswitch.org_
>mailman_listinfo_ovs-2Ddev=DgICAg=uilaK90D4TOVoH58JNXRgQ=Z6vowHUOjP5
>ysP_g372c49Nqc1vEKqHKNBkR5Q5Z7uo=lD77IS846RCT1HY3xivbqDpv9md7-xwT03OaBza
>bGvE=uHuKmtnr6McdMnEcgTRWuISVR9Vn-mvG0iRTTLFHDyI= 

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH 1/4] datapath-windows: Force driver version to depend on a variable

2016-12-08 Thread Sairam Venugopal

Thanks for sending this out.


On 12/5/16, 6:58 PM, "Alin Serdean" 
wrote:

>The following components use Windows driver information:
>-  System (inf file); used during device installation
>-  Resource file (rc file); used by applications when looking over the
>driver
>file(sys)
>
>Currently we have the following for the driver version number:
>-  (inf file) generated value from the build timestamp
>-  (rc file) predefined value
>
>This patch forces both files to depend on a variable: '$(Version)'.
>This is a predefined variable from Visual Studio.
>
>To achieve the above we change the current project settings used by the
>'stampinf' utility and we define a new preprocessor value named
>'VersionWithCommas' (which is obtained by replacing all
>'.' with ',' from $(Version) ).
>Certain values from the resource file are expected to use ',' instead of
>'.' .
>
>The resource file has been updated to use the new values when generating
>information about the driver (sys).
>
>The variable '$(Version' can be changed from the command line via the
>'msbuild' utility.
>
>Signed-off-by: Alin Gabriel Serdean 
>---
> datapath-windows/ovsext/ovsext.rc  | 11 ++-
> datapath-windows/ovsext/ovsext.vcxproj | 19 ++-
> 2 files changed, 24 insertions(+), 6 deletions(-)
>
>diff --git a/datapath-windows/ovsext/ovsext.rc
>b/datapath-windows/ovsext/ovsext.rc
>index 0b92e2e..578367d 100644
>--- a/datapath-windows/ovsext/ovsext.rc
>+++ b/datapath-windows/ovsext/ovsext.rc
>@@ -8,14 +8,15 @@
> LANGUAGE LANG_ENGLISH, SUBLANG_ENGLISH_US
> #pragma code_page(1252)
> 
>+#define STR(x)  #x
> 
>//
>///
> //
> // Version
> //
> 
> VS_VERSION_INFO VERSIONINFO
>- FILEVERSION 6,3,9600,17298
>- PRODUCTVERSION 6,3,9600,17298
>+ FILEVERSION VersionWithCommas
>+ PRODUCTVERSION VersionWithCommas
>  FILEFLAGSMASK 0x3fL
> #ifdef _DEBUG
>  FILEFLAGS 0x9L
>@@ -32,12 +33,12 @@ BEGIN
> BEGIN
> VALUE "CompanyName", "Open vSwitch"
> VALUE "FileDescription", "Open vSwitch Extension"
>-VALUE "FileVersion", "6.3.9600.17298"
>+VALUE "FileVersion", STR(Version)
> VALUE "InternalName", "OVSExt.SYS"
> VALUE "LegalCopyright", "Licensed under the Apache License,
>Version 2.0 (the ""License"")"
> VALUE "OriginalFilename", "OVSExt.SYS"
>-VALUE "ProductName", "Open vSwitch 8/8.1 DDK driver"
>-VALUE "ProductVersion", "6.3.9600.17298"
>+VALUE "ProductName", "Open vSwitch"
>+VALUE "ProductVersion", STR(Version)
> END
> END
> BLOCK "VarFileInfo"
>diff --git a/datapath-windows/ovsext/ovsext.vcxproj
>b/datapath-windows/ovsext/ovsext.vcxproj
>index 77530fd..dc0d2db 100644
>--- a/datapath-windows/ovsext/ovsext.vcxproj
>+++ b/datapath-windows/ovsext/ovsext.vcxproj
>@@ -174,6 +174,18 @@
>   Condition="'$(Configuration)|$(Platform)'=='Win8.1
>Debug|x64'">true
>   Condition="'$(Configuration)|$(Platform)'=='Win8.1
>Release|x64'">true
> 
>+
>+  $(Version)
>+
>+
>+  $(Version)
>+
>+
>+  $(Version)
>+
>+
>+  $(Version)
>+
>   
>   
> 
>@@ -212,7 +224,12 @@
> 
> 
> 
>-
>+
>+  Condition="'$(Configuration)|$(Platform)'=='Win8
>Release|x64'">%(PreprocessorDefinitions);NDIS_WDM=1;NDIS630=1;VersionWithC
>ommas=$(Version.Replace('.',','))
>+  Condition="'$(Configuration)|$(Platform)'=='Win8
>Debug|x64'">%(PreprocessorDefinitions);NDIS_WDM=1;NDIS630=1;VersionWithCom
>mas=$(Version.Replace('.',','))
>+  Condition="'$(Configuration)|$(Platform)'=='Win8.1
>Release|x64'">%(PreprocessorDefinitions);NDIS_WDM=1;NDIS640=1;VersionWithC
>ommas=$(Version.Replace('.',','))
>+  Condition="'$(Configuration)|$(Platform)'=='Win8.1
>Debug|x64'">%(PreprocessorDefinitions);NDIS_WDM=1;NDIS640=1;VersionWithCom
>mas=$(Version.Replace('.',','))
>+
>   
>   
> 
>-- 
>2.10.2.windows.1
>___
>dev mailing list
>d...@openvswitch.org
>https://urldefense.proofpoint.com/v2/url?u=https-3A__mail.openvswitch.org_
>mailman_listinfo_ovs-2Ddev=DgICAg=uilaK90D4TOVoH58JNXRgQ=Z6vowHUOjP5
>ysP_g372c49Nqc1vEKqHKNBkR5Q5Z7uo=lD77IS846RCT1HY3xivbqDpv9md7-xwT03OaBza
>bGvE=uHuKmtnr6McdMnEcgTRWuISVR9Vn-mvG0iRTTLFHDyI= 

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH 4/5] datapath-windows: Fix function prototypes

2016-12-08 Thread Sairam Venugopal

Acked-by: Sairam Venugopal 


On 12/5/16, 7:39 AM, "Alin Serdean" 
wrote:

>There is a mismatch between OvsInitCompletionList and
>OvsAddPktCompletionList
>prototypes.
>
>Eg:
>https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_openvswitc
>h_ovs_blob_master_datapath-2Dwindows_ovsext_PacketIO.h-23L33=DgICAg=ui
>laK90D4TOVoH58JNXRgQ=Z6vowHUOjP5ysP_g372c49Nqc1vEKqHKNBkR5Q5Z7uo=8AKMs
>mfyRzn5xvNTQboqhDuunhZu4vYt4Vym0YI7-tM=oXXLPziBcet7PqVa02jDJwm_inXZOnYsK
>dX05_y0y-k= 
>https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_openvswitc
>h_ovs_blob_master_datapath-2Dwindows_ovsext_PacketIO.c-23L54=DgICAg=ui
>laK90D4TOVoH58JNXRgQ=Z6vowHUOjP5ysP_g372c49Nqc1vEKqHKNBkR5Q5Z7uo=8AKMs
>mfyRzn5xvNTQboqhDuunhZu4vYt4Vym0YI7-tM=WR0V0caIZsNPr1lfeB0yOGiCCmNro5zYM
>Kwc_2T7ulM= 
>
>Found while compiling with Windows 10 kernel tool chain.
>
>Signed-off-by: Alin Gabriel Serdean 
>---
> datapath-windows/ovsext/PacketIO.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
>diff --git a/datapath-windows/ovsext/PacketIO.c
>b/datapath-windows/ovsext/PacketIO.c
>index a0ddc3d..dacd6f9 100644
>--- a/datapath-windows/ovsext/PacketIO.c
>+++ b/datapath-windows/ovsext/PacketIO.c
>@@ -51,7 +51,7 @@ static NTSTATUS OvsCreateNewNBLsFromMultipleNBs(
> PNET_BUFFER_LIST *curNbl,
> PNET_BUFFER_LIST *nextNbl);
> 
>-__inline VOID
>+VOID
> OvsInitCompletionList(OvsCompletionList *completionList,
>   POVS_SWITCH_CONTEXT switchContext,
>   ULONG sendCompleteFlags)
>@@ -64,7 +64,7 @@ OvsInitCompletionList(OvsCompletionList *completionList,
> }
> 
> /* Utility function used to complete an NBL. */
>-__inline VOID
>+VOID
> OvsAddPktCompletionList(OvsCompletionList *completionList,
> BOOLEAN incoming,
> NDIS_SWITCH_PORT_ID sourcePort,
>-- 
>2.10.2.windows.1
>___
>dev mailing list
>d...@openvswitch.org
>https://urldefense.proofpoint.com/v2/url?u=https-3A__mail.openvswitch.org_
>mailman_listinfo_ovs-2Ddev=DgICAg=uilaK90D4TOVoH58JNXRgQ=Z6vowHUOjP5
>ysP_g372c49Nqc1vEKqHKNBkR5Q5Z7uo=8AKMsmfyRzn5xvNTQboqhDuunhZu4vYt4Vym0YI
>7-tM=Cc5wG5_d5sRo9gUaBHqujGyhNXPkT-T_DD-DmqqLg8c= 

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH 1/5] datapath-windows: Ignore VStudio 2015 temporary files

2016-12-08 Thread Sairam Venugopal

Acked-by: Sairam Venugopal 


On 12/5/16, 7:39 AM, "Alin Serdean" 
wrote:

>Ignore the temporary files created by Visual Studio 2015 when opening
>a solution.
>
>Signed-off-by: Alin Gabriel Serdean 
>---
> datapath-windows/.gitignore | 2 ++
> 1 file changed, 2 insertions(+)
>
>diff --git a/datapath-windows/.gitignore b/datapath-windows/.gitignore
>index a3ed49b..5d84960 100644
>--- a/datapath-windows/.gitignore
>+++ b/datapath-windows/.gitignore
>@@ -1,4 +1,6 @@
> /Package/x64/
>+*.db
>+*.opendb
> *.opensdf
> *.sdf
> /ovsext/x64/
>-- 
>2.10.2.windows.1
>___
>dev mailing list
>d...@openvswitch.org
>https://urldefense.proofpoint.com/v2/url?u=https-3A__mail.openvswitch.org_
>mailman_listinfo_ovs-2Ddev=DgICAg=uilaK90D4TOVoH58JNXRgQ=Z6vowHUOjP5
>ysP_g372c49Nqc1vEKqHKNBkR5Q5Z7uo=zfkY_DlMGfIGkGLEIIGs4vdMU8CEKSzzI8bCPjh
>ZV_M=r6DEOma1zd0XssHVnL1rsDZzNYoCHW6ZxQvFi5uC-20= 

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH v2] Windows: Implement Hyper-V VIF discovery agent.

2016-12-08 Thread Yin Lin

Add Makefile changes to build the daemon from console.
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] OVS-Hyper-V-Discovery-Agent Design Document

2016-12-08 Thread Yin Lin

Hi Alin,

Sorry for the late response. I somehow that the message slip by.

How do you use vswitchd/netlink to watch VIF creation/deletion and Hyper-V
switch changes? Note that through WMI, we monitor the following events:
1. VIF creation/deletion.
2. Hyper-V switch creation/deletion.
3. OVS extension enable/disable on a Hyper-V switch.

Also, note that we only register a callback with WMI so that we are
passively notified when a change we are interested in happens. We do not
run WMI calls in a loop.

If you have a better solution, do you mind elaborate a little more on your
idea?

Best regards,
Yin Lin

On Mon, Dec 5, 2016 at 12:05 PM, Alin Serdean <
aserd...@cloudbasesolutions.com> wrote:

> Sorry for the late reply. We had a few days of bank holiday last week.
>
> > -Original Message-
> > From: Ben Pfaff [mailto:b...@ovn.org]
> > Sent: Tuesday, November 29, 2016 2:28 AM
> > To: Nithin Raju 
> > Cc: Yin Lin ; d...@openvswitch.org; Alin Serdean
> > ; Justin Pettit 
> > Subject: Re: [ovs-dev] OVS-Hyper-V-Discovery-Agent Design Document
> >
> > OK, I understand now.
> >
> > Having ovs-vswitchd itself add ports would be unprecedented.  Normally,
> we
> > depend on some part of the system integration to do that: libvirt does
> it in
> > modern KVM environments (as you say), a hook script does it on XenServer,
> > and so on.
> [Alin Serdean] I think we need to look at a bigger picture on what we are
> trying to achieve.
> AFAIK, in the case of libvirt/Xen, someone asks them to create an adapter
> and after it is created the result is added to OVSDB.
> On Windows, someone asks vmms (https://technet.microsoft.
> com/en-us/library/dd582295(v=ws.10).aspx) to create a port on a switch,
> rename the port which was created, and after add it to OVSDB afterwards.
> In the case of Windows+OpenStack (with or without OVN) things are already
> handled since the code for port renaming is already there. If someone wants
> to integrate it in his solution, he could use/reuse/implement the code in
> the powershell script which is in our repository (1).
> This daemon is targeted for unexperienced users which do not want/do not
> know how to do the extra step of renaming the port name. This will give us
> better user experience.
> The reasons I would like to add the functionality in vswitchd are
> simplicity and speed (we see the port creation in the windows datapath,
> after it was created by vmms, and during an upcall we could add the port).
> >
> > My preference would be to keep these details of the system integration
> > separate from ovs-vswitchd, since it matches the implementation
> > elsewhere.  I'd expect this to be a pretty simple daemon, which probably
> > wouldn't use much CPU or memory.
> >
> [Alin Serdean] My main problem with the current implementation is that WMI
> calls are slow. Using vswitchd or another monitor that reuses the netlink
> implementation would be better IMO.
>
> (1) https://github.com/openvswitch/ovs/blob/master/
> datapath-windows/misc/OVS.psm1
>
>
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH] datapath-windows: Fix issues related to packet completion

2016-12-08 Thread Shashank Ram

- In OvsTunnelPortTx() function, for packets coming from the
  VIF port, the srcVportNo, srcPortId and srcNicIndex were
  getting modified for the original NBL prior to creation
  of newNbl. This is not correct since modifying the original
  packet's forwarding detail can cause completion issues.
  Instead, we should keep the forwarding detail of the original
  packet as is, and only update the forwarding detail for the
  newNbl.

Signed-off-by: Shashank Ram 
---
 datapath-windows/ovsext/Actions.c | 25 -
 1 file changed, 20 insertions(+), 5 deletions(-)

diff --git a/datapath-windows/ovsext/Actions.c 
b/datapath-windows/ovsext/Actions.c
index f46309a..b5d922b 100644
--- a/datapath-windows/ovsext/Actions.c
+++ b/datapath-windows/ovsext/Actions.c
@@ -663,6 +663,9 @@ OvsTunnelPortTx(OvsForwardingContext *ovsFwdCtx)
 {
 NDIS_STATUS status = NDIS_STATUS_FAILURE;
 PNET_BUFFER_LIST newNbl = NULL;
+UINT32 srcVportNo;
+NDIS_SWITCH_NIC_INDEX srcNicIndex;
+NDIS_SWITCH_PORT_ID srcPortId;

 /*
  * Setup the source port to be the internal port to as to facilitate the
@@ -675,11 +678,15 @@ OvsTunnelPortTx(OvsForwardingContext *ovsFwdCtx)
 L"OVS-Dropped since either internal or external port is absent");
 return NDIS_STATUS_FAILURE;
 }
-ovsFwdCtx->srcVportNo =
-((POVS_VPORT_ENTRY)ovsFwdCtx->switchContext->internalVport)->portNo;

-ovsFwdCtx->fwdDetail->SourcePortId = 
ovsFwdCtx->switchContext->internalPortId;
-ovsFwdCtx->fwdDetail->SourceNicIndex =
+/*
+ * Save the 'srcVportNo', 'srcPortId', 'srcNicIndex' so that
+ * this can be applied to the new NBL later on.
+ */
+srcVportNo =
+((POVS_VPORT_ENTRY)ovsFwdCtx->switchContext->internalVport)->portNo;
+srcPortId = ovsFwdCtx->switchContext->internalPortId;
+srcNicIndex =
 ((POVS_VPORT_ENTRY)ovsFwdCtx->switchContext->internalVport)->nicIndex;

 /* Do the encap. Encap function does not consume the NBL. */
@@ -715,12 +722,20 @@ OvsTunnelPortTx(OvsForwardingContext *ovsFwdCtx)
 ASSERT(newNbl);
 OvsCompleteNBLForwardingCtx(ovsFwdCtx,
 L"Complete after cloning NBL for 
encapsulation");
+status = OvsInitForwardingCtx(ovsFwdCtx, ovsFwdCtx->switchContext,
+  newNbl, srcVportNo, 0,
+  
NET_BUFFER_LIST_SWITCH_FORWARDING_DETAIL(newNbl),
+  ovsFwdCtx->completionList,
+  >layers, FALSE);
 ovsFwdCtx->curNbl = newNbl;
+/* Update the forwarding detail for the new NBL */
+ovsFwdCtx->fwdDetail->SourcePortId = srcPortId;
+ovsFwdCtx->fwdDetail->SourceNicIndex = srcNicIndex;
 status = OvsDoFlowLookupOutput(ovsFwdCtx);
 ASSERT(ovsFwdCtx->curNbl == NULL);
 } else {
 /*
-* XXX: Temporary freeing of the packet until we register a
+ * XXX: Temporary freeing of the packet until we register a
  * callback to IP helper.
  */
 OvsCompleteNBLForwardingCtx(ovsFwdCtx,
--
2.6.2

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH] ovn: fix OVNDB process is stopped when master node demote to the slave by pacemaker

2016-12-08 Thread Andy Zhou

On Wed, Dec 7, 2016 at 11:42 PM, Guoshuai Li  wrote:

>
> On 2016/12/8 5:36, Andy Zhou wrote:
>
>
>
> On Tue, Dec 6, 2016 at 9:41 PM, Guoshuai Li  wrote:
>
>> When the master node's OVNDB process fails, the local node demote to the
>> slave.
>> Failure cause is that the OVNDB process is stop, So the need to re-run
>> the process up.
>> if return $OCF_NOT_RUNNING will not demote the node to slave.
>>
>> Signed-off-by: Guoshuai Li 
>> ---
>>  ovn/utilities/ovndb-servers.ocf | 2 +-
>>  1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/ovn/utilities/ovndb-servers.ocf
>> b/ovn/utilities/ovndb-servers.ocf
>> index 1cf6f20..8a64e88 100755
>> --- a/ovn/utilities/ovndb-servers.ocf
>> +++ b/ovn/utilities/ovndb-servers.ocf
>> @@ -283,7 +283,7 @@ ovsdb_server_promote() {
>>  ovsdb_server_demote() {
>>  ovsdb_server_check_status
>>  if [ $? = $OCF_NOT_RUNNING ]; then
>> -return $OCF_NOT_RUNNING
>> +ovsdb_server_start
>>
>
> The logic here looks odd to me. demote() operation should be done against
> running OVNDBs.
>
> Why is OVNDB stopped in the first place?  If they are stopped by admin, it
> would be odd that ocf script
> would restart them.
>
>
>
> I agree that demote () should not start OVN-DB.
> But when the OVN-DB process crashes, who might restart it?
>

If OVN-DB crashes, (usually with SIGSEGV segmentation fault), it will be
restarted by the --monitor option.
ovsdb-server deamon does not consider kill -9 (SIGKILL)  as crash. It is
rather treated as intentional stop.

>
> I put the master node's OVSDB process with 'kill -9', It does not migrate
> because of depends on VIP.
> but after a long time did not start, and no master node.
>
> * Full list of resources:*
> * Master/Slave Set: ovndb_servers-master [ovndb_servers]*
> * ovndb_servers  (ocf::ovn:ovndb-servers):   Started ovn2*
> * ovndb_servers  (ocf::ovn:ovndb-servers):   Started ovn3*
> * ovndb_servers  (ocf::ovn:ovndb-servers):   **Stopped*
> * Slaves: [ ovn2 ovn3 ]*
> * Stopped: [ ovn1 ]*
> * VirtualIP  (ocf::heartbeat:IPaddr2):   Started ovn1*
> *Failed Actions:*
> ** ovndb_servers_demote_0 on ovn1 'not running' (7): call=21,
> status=complete, exitreason='none',*
> *last-rc-change='Thu Dec  8 13:41:14 2016', queued=0ms, exec=69ms*
>
> By debugging I found that pacemaker did not call ovsdb_server_start(), it
> call ovsdb_server_demote() and ovsdb_server_stop().
> Who should start it?  ovsdb_server_monitor ()?  or pacemaker error?
>
>
>
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [RFC PATCH] datapath: allow tunnels to be created with rtnetlink

2016-12-08 Thread Eric Garver

On Wed, Dec 07, 2016 at 08:47:56AM +0800, Yang, Yi wrote:
> On Tue, Dec 06, 2016 at 09:38:09AM -0500, Eric Garver wrote:
> > On Tue, Dec 06, 2016 at 07:17:20AM +, Yang, Yi Y wrote:
> > > Hi, guys
> > 
> > Hi Yi,
> > 
> > > This patch isn't updated from June on, Cascardo said he/Eric is still
> > > working on this, but six months passed, we don't see any following
> > 
> > Work is still ongoing. There was delay due to some debate about how and
> > when to prefer out-of-tree vs in-tree tunnels.
> 
> I'd like to know how you will handle 3 cases Pravin mentioned
> 
> """
> Case 1. OVS kernel module is upstream. It is straight forward to
> tunnel devices on upstream kernel module. STT and lisp are not
> available.
> Case 2. OVS kernel module is out of tree. In this case OVS has compat
> code and USE_UPSTREAM_TUNNEL is defined. We are using upstream kernel
> modules for geneve, gre and vxlan, for rest of vport. (stt and lisp)
> we are using netdevices from compat code.
> Case 3. OVS kernel module is out of tree and not using upstream tunnel
> devices. we have to fallback to  OVS compat code for all tunnel
> modules.
> """
> 
> According to the below Cascardo's reply, it seems those old patches can
> handle all the cases, but my test confirmed we can't create vxlan-gpe if
> we don't change the compatibility code, I want to hear your idea about
> this.
> 
> """
> So, in summary, we drop this patch, submit what we had before, make sure
> it
> works in the following scenarions:
> 
> 1) upstream ovs and tunnels are used;
>   1a) metadata tunnels can be created, those are used;
>   1b) we use compat vports if the configuration allows that;
> 
> 2) out-of-tree ovs and out-of-tree tunnels are used;
>we make sure using rtnetlink will fail and compat vport is used;
>NOTE: this should work even with the old out-of-tree code that named
>  drivers as vxlan instead of ovs_vxlan.
> 
> 3) out-of-tree ovs and upstream/in-tree tunnels are used;
>it should work just like with upstream ovs, unless the out-of-tree
> code does
>not support metadata tunnels, in which case, it should fallback to
> compat
>code.
> """
> 
> > 
> > > 
> > > So my advice about this is we can push patch [2] to Linux net-next
> > > first, then apply patch series
> > > https://mail.openvswitch.org/pipermail/ovs-dev/2016-June/316879.html
> > > from Cascardo and apply [1], that can cover all the cases Pravin
> > > mentioned.
> > 
> > As Cascardo and Jesse mentioned back in June [1], we should not be
> > adding new features to this interface. GPE has been backported to the
> > out-of-tree VXLAN code. The only part that remains is userspace changes
> > to create with rtnetlink, which is still being worked on.
> 
> I notice if we fallback to ovs compat modules to create vxlan, it will
> use generic netlink but not rtnetlink, do you meam you're changing
> generic netlink in function dpif_netlink_vport_transact in lib/dpif-netlink.c 
> to rtnetlink?

If using out-of-tree modules we will try to create using rtnetlink
before falling back to genetlink.

> I want to know when you have a test patch available, I can help test
> even implement it.

That would be appreciated.
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH] netdev: Set the default number of queues at removal from the database

2016-12-08 Thread Stokes, Ian

> Expected behavior for attribute removal from the database is resetting it
> to default value. Currently this doesn't work for n_rxq/n_txq options of
> pmd netdevs (last requested value used):
> 
>   # ovs-vsctl set interface dpdk0 options:n_rxq=4
>   # ovs-vsctl remove interface dpdk0 options n_rxq
>   # ovs-appctl dpif/show | grep dpdk0
> <...>
> dpdk0 1/1: (dpdk: configured_rx_queues=4, <...> \
>   requested_rx_queues=4,  <...>)
> 
> Fix that by using NR_QUEUE or 1 as a default value for 'smap_get_int'.
> 
> Fixes: a14b8947fd13 ("dpif-netdev: Allow different numbers of
>   rx queues for different ports.")
> Signed-off-by: Ilya Maximets 
> ---
>  lib/netdev-dpdk.c  | 2 +-
>  lib/netdev-dummy.c | 4 ++--
>  tests/pmd.at   | 7 +++
>  3 files changed, 10 insertions(+), 3 deletions(-)
> 
> diff --git a/lib/netdev-dpdk.c b/lib/netdev-dpdk.c index 61d7aa3..625f425
> 100644
> --- a/lib/netdev-dpdk.c
> +++ b/lib/netdev-dpdk.c
> @@ -1084,7 +1084,7 @@ dpdk_set_rxq_config(struct netdev_dpdk *dev, const
> struct smap *args)  {
>  int new_n_rxq;
> 
> -new_n_rxq = MAX(smap_get_int(args, "n_rxq", dev->requested_n_rxq),
> 1);
> +new_n_rxq = MAX(smap_get_int(args, "n_rxq", NR_QUEUE), 1);
>  if (new_n_rxq != dev->requested_n_rxq) {
>  dev->requested_n_rxq = new_n_rxq;
>  netdev_request_reconfigure(>up);
> diff --git a/lib/netdev-dummy.c b/lib/netdev-dummy.c index
> dec1a8e..de74846 100644
> --- a/lib/netdev-dummy.c
> +++ b/lib/netdev-dummy.c
> @@ -868,8 +868,8 @@ netdev_dummy_set_config(struct netdev *netdev_, const
> struct smap *args)
>  goto exit;
>  }
> 
> -new_n_rxq = MAX(smap_get_int(args, "n_rxq", netdev->requested_n_rxq),
> 1);
> -new_n_txq = MAX(smap_get_int(args, "n_txq", netdev->requested_n_txq),
> 1);
> +new_n_rxq = MAX(smap_get_int(args, "n_rxq", 1), 1);
> +new_n_txq = MAX(smap_get_int(args, "n_txq", 1), 1);
>  new_numa_id = smap_get_int(args, "numa_id", 0);
>  if (new_n_rxq != netdev->requested_n_rxq
>  || new_n_txq != netdev->requested_n_txq diff --git a/tests/pmd.at
> b/tests/pmd.at index 8f05d74..7d3fa0d 100644
> --- a/tests/pmd.at
> +++ b/tests/pmd.at
> @@ -259,6 +259,13 @@ NXT_PACKET_IN2 (xid=0x0): cookie=0x0 total_len=42
> in_port=1 (via action) data_le
> 
> icmp,vlan_tci=0x,dl_src=50:54:00:00:00:09,dl_dst=50:54:00:00:00:0a,nw_
> src=10.0.0.2,nw_dst=10.0.0.1,nw_tos=0,nw_ecn=0,nw_ttl=64,icmp_type=8,icmp_
> code=0 icmp_csum:f7ff
>  ])
> 
> +dnl Check resetting to default number of rx queues after removal from the
> db.
> +AT_CHECK([ovs-vsctl remove interface p1 options n_rxq])
> +
> +AT_CHECK([ovs-appctl dpif/show | grep p1 | sed 's/\(tx_queues=\)[[0-
> 9]]*/\1/g'], [0], [dnl
> + p1 1/1: (dummy-pmd: configured_rx_queues=1,
> +configured_tx_queues=, requested_rx_queues=1,
> +requested_tx_queues=)
> +])
> +
>  OVS_VSWITCHD_STOP
>  AT_CLEANUP
> 

LGTM.

I'll wait for Daniele to give the ACK on this but as an FYI I've tested and it 
worked without issue.

Tested-by: Ian Stokes 

Ian

> --
> 2.7.4
> 
> ___
> dev mailing list
> d...@openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-dev
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH net-next] openvswitch: fix VxLAN-gpe port can't be created in ovs compat mode

2016-12-08 Thread Pravin Shelar

On Thu, Dec 8, 2016 at 12:20 AM, Yi Yang  wrote:
> In ovs compat mode, ovs won't use LWT in current kernel, this is to
> make sure ovs can work on the old kernels, Linux kernel v4.7 includes
> VxLAN-gpe support but many Linux distributions' kernels are odler than
> v4.7, this fix will ensure that ovs can create VxLAN-gpe port correctly
> on old kernels, it has been verified on Ubuntu 16.04 x86_64 with Linux
> kernel 4.4.0-53-generic.
>
> This does touch compat code, but it is necessary as Pravin commented.
>
> Without this fix, ovs can't create VxLAN-gpe port, it is still a VxLAN
> port.
>
> vxlan_sys_4790 Link encap:Ethernet  HWaddr 72:23:60:c2:8b:8d
>   inet6 addr: fe80::7023:60ff:fec2:8b8d/64 Scope:Link
>   UP BROADCAST RUNNING MULTICAST  MTU:65485  Metric:1
>   RX packets:0 errors:0 dropped:0 overruns:0 frame:0
>   TX packets:0 errors:0 dropped:8 overruns:0 carrier:0
>   collisions:0 txqueuelen:1000
>   RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
>
> But with this fix applied, a real L3 port is created
>
> vxlan_sys_4790 Link encap:UNSPEC  HWaddr
> 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
>   UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:65485  Metric:1
>   RX packets:0 errors:0 dropped:0 overruns:0 frame:0
>   TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
>   collisions:0 txqueuelen:1000
>   RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
>
> Signed-off-by: Yi Yang 
> ---
>  include/uapi/linux/openvswitch.h |  1 +
>  net/openvswitch/vport-vxlan.c| 15 +++
>  2 files changed, 16 insertions(+)
>
There is no need for this patch in upstream kernel module. I am open
to having such a patch in out of tree kernel if it simplifies feature
compatibility code.
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH] treewide: Fix recent flake8-check.

2016-12-08 Thread Daniele Di Proietto

2016-12-08 10:22 GMT-08:00 Joe Stringer :
> Without this patch, I see errors like this on master:
> ../ofproto/ipfix-gen-entities:115:1: E305 expected 2 blank lines after
> class or function definition, found 1
>
> Signed-off-by: Joe Stringer 

Interesting, I pushed a related fix a few days ago, and on my machine
it builds fine even without your patch.

Just curious, which version of pycodestyle do you have?

In any case, I tested it and it builds on my machine

Acked-by: Daniele Di Proietto 

> ---
>  ofproto/ipfix-gen-entities | 1 +
>  utilities/ovs-pcap.in  | 3 +++
>  utilities/ovs-tcpdump.in   | 1 +
>  vtep/ovs-vtep  | 1 +
>  4 files changed, 6 insertions(+)
>
> diff --git a/ofproto/ipfix-gen-entities b/ofproto/ipfix-gen-entities
> index a603cd1d1f2e..0be719967d17 100755
> --- a/ofproto/ipfix-gen-entities
> +++ b/ofproto/ipfix-gen-entities
> @@ -112,6 +112,7 @@ The following options are also available:
>  """ % {'name': name})
>  sys.exit(0)
>
> +
>  if __name__ == '__main__':
>  try:
>  options, args = getopt.gnu_getopt(sys.argv[1:], 'hV',
> diff --git a/utilities/ovs-pcap.in b/utilities/ovs-pcap.in
> index 2e9197d15ffa..c43acb52eae0 100755
> --- a/utilities/ovs-pcap.in
> +++ b/utilities/ovs-pcap.in
> @@ -55,6 +55,8 @@ class PcapReader(object):
>  if len(packet) != incl_len:
>  raise PcapException("end of file reading pcap packet data")
>  return packet
> +
> +
>  argv0 = sys.argv[0]
>
>
> @@ -70,6 +72,7 @@ The following options are also available:
>  """ % {'argv0': argv0})
>  sys.exit(0)
>
> +
>  if __name__ == "__main__":
>  try:
>  try:
> diff --git a/utilities/ovs-tcpdump.in b/utilities/ovs-tcpdump.in
> index 538b3b405c8e..a6e4adadb428 100755
> --- a/utilities/ovs-tcpdump.in
> +++ b/utilities/ovs-tcpdump.in
> @@ -67,6 +67,7 @@ def _install_tap_linux(tap_name):
>  *(['ip', 'link', 'set', 'dev', str(tap_name), 'up']))
>  pipe.wait()
>
> +
>  _make_taps['linux'] = _install_tap_linux
>  _make_taps['linux2'] = _install_tap_linux
>
> diff --git a/vtep/ovs-vtep b/vtep/ovs-vtep
> index b32a82a907ea..9a5aa3d680bb 100755
> --- a/vtep/ovs-vtep
> +++ b/vtep/ovs-vtep
> @@ -752,6 +752,7 @@ def main():
>
>  unixctl.close()
>
> +
>  if __name__ == '__main__':
>  try:
>  main()
> --
> 2.10.2
>
> ___
> dev mailing list
> d...@openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-dev
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH] datapath-windows: Conntrack move null checks to functions

2016-12-08 Thread Alin Serdean

Add null checks inside OvsConntrackValidateIcmpPacket,
OvsConntrackValidateTcpPacket to make the functions self-contained.

Signed-off-by: Alin Gabriel Serdean 
Suggested-by: Yin Lin 
---
 datapath-windows/ovsext/Conntrack-icmp.c | 4 
 datapath-windows/ovsext/Conntrack-tcp.c  | 6 +-
 datapath-windows/ovsext/Conntrack.c  | 4 ++--
 3 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/datapath-windows/ovsext/Conntrack-icmp.c 
b/datapath-windows/ovsext/Conntrack-icmp.c
index 7db8e7d..b1b6043 100644
--- a/datapath-windows/ovsext/Conntrack-icmp.c
+++ b/datapath-windows/ovsext/Conntrack-icmp.c
@@ -59,6 +59,10 @@ OvsConntrackUpdateIcmpEntry(OVS_CT_ENTRY* conn_,
 BOOLEAN
 OvsConntrackValidateIcmpPacket(const ICMPHdr *icmp)
 {
+if (!icmp) {
+return FALSE;
+}
+
 return icmp->type == ICMP4_ECHO_REQUEST
|| icmp->type == ICMP4_INFO_REQUEST
|| icmp->type == ICMP4_TIMESTAMP_REQUEST;
diff --git a/datapath-windows/ovsext/Conntrack-tcp.c 
b/datapath-windows/ovsext/Conntrack-tcp.c
index c7fcfa8..1c46bb0 100644
--- a/datapath-windows/ovsext/Conntrack-tcp.c
+++ b/datapath-windows/ovsext/Conntrack-tcp.c
@@ -457,9 +457,13 @@ OvsConntrackUpdateTcpEntry(OVS_CT_ENTRY* conn_,
 BOOLEAN
 OvsConntrackValidateTcpPacket(const TCPHdr *tcp)
 {
+if (!tcp) {
+return FALSE;
+}
+
 UINT16 tcp_flags = ntohs(tcp->flags);
 
-if (tcp == NULL || OvsCtInvalidTcpFlags(tcp_flags)) {
+if (OvsCtInvalidTcpFlags(tcp_flags)) {
 return FALSE;
 }
 
diff --git a/datapath-windows/ovsext/Conntrack.c 
b/datapath-windows/ovsext/Conntrack.c
index 84c4091..47dba9d 100644
--- a/datapath-windows/ovsext/Conntrack.c
+++ b/datapath-windows/ovsext/Conntrack.c
@@ -199,7 +199,7 @@ OvsCtEntryCreate(PNET_BUFFER_LIST curNbl,
 TCPHdr tcpStorage;
 const TCPHdr *tcp;
 tcp = OvsGetTcp(curNbl, l4Offset, );
-if (!tcp || !OvsConntrackValidateTcpPacket(tcp)) {
+if (!OvsConntrackValidateTcpPacket(tcp)) {
 goto invalid;
 }
 
@@ -220,7 +220,7 @@ OvsCtEntryCreate(PNET_BUFFER_LIST curNbl,
 ICMPHdr storage;
 const ICMPHdr *icmp;
 icmp = OvsGetIcmp(curNbl, l4Offset, );
-if (!icmp || !OvsConntrackValidateIcmpPacket(icmp)) {
+if (!OvsConntrackValidateIcmpPacket(icmp)) {
 goto invalid;
 }
 
-- 
2.10.2.windows.1
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH v2 0/3] ovn: support ssl connections to nb/sb dbs

2016-12-08 Thread Lance Richardson

> From: "Lance Richardson" 
> To: d...@openvswitch.org, b...@ovn.org, russ...@ovn.org, nusid...@redhat.com
> Sent: Thursday, December 8, 2016 1:12:22 PM
> Subject: [ovs-dev] [PATCH v2 0/3] ovn: support ssl connections to nb/sb dbs
> 
> This series adds support for SSL connections to the northbound
> and southbound OVN database servers and removes the previous
> default TCP connection type.
> 
> 
> v2: - Changed DB_NB_DEFAULT_REMOTE to DB_NB_CREATE_REMOTE.
> - Changed DB_SB_DEFAULT_REMOTE to DB_SB_CREATE_REMOTE.
> - Create default remote configuration in db instead of
>   via command-line options.

Forgot to mention:
  - Added support for specifying poll interval when creating
remote via ovn-ctl.

> 
> Lance Richardson (3):
>   ovn-nb: remote connection management in nb db
>   ovn-sb: remote connection management in sb db
>   ovn-ctl: add support for SSL nb/sb db connections
> 
>  NEWS  |   7 +
>  manpages.mk   |  10 ++
>  ovn/ovn-nb.ovsschema  |  53 +++-
>  ovn/ovn-nb.xml| 288
>  ++
>  ovn/ovn-sb.ovsschema  |  21 ++-
>  ovn/ovn-sb.xml|  48 ++-
>  ovn/utilities/ovn-ctl | 106 +---
>  ovn/utilities/ovn-ctl.8.xml   |   7 +
>  ovn/utilities/ovn-nbctl.8.xml |  36 ++
>  ovn/utilities/ovn-nbctl.c | 208 ++
>  ovn/utilities/ovn-sbctl.8.in  |  85 -
>  ovn/utilities/ovn-sbctl.c | 221 +++-
>  tests/ovn.at  | 104 +++
>  13 files changed, 1161 insertions(+), 33 deletions(-)
> 
> --
> 2.5.5
> 
> ___
> dev mailing list
> d...@openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-dev
> 
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH] treewide: Fix recent flake8-check.

2016-12-08 Thread Joe Stringer

Without this patch, I see errors like this on master:
../ofproto/ipfix-gen-entities:115:1: E305 expected 2 blank lines after
class or function definition, found 1

Signed-off-by: Joe Stringer 
---
 ofproto/ipfix-gen-entities | 1 +
 utilities/ovs-pcap.in  | 3 +++
 utilities/ovs-tcpdump.in   | 1 +
 vtep/ovs-vtep  | 1 +
 4 files changed, 6 insertions(+)

diff --git a/ofproto/ipfix-gen-entities b/ofproto/ipfix-gen-entities
index a603cd1d1f2e..0be719967d17 100755
--- a/ofproto/ipfix-gen-entities
+++ b/ofproto/ipfix-gen-entities
@@ -112,6 +112,7 @@ The following options are also available:
 """ % {'name': name})
 sys.exit(0)
 
+
 if __name__ == '__main__':
 try:
 options, args = getopt.gnu_getopt(sys.argv[1:], 'hV',
diff --git a/utilities/ovs-pcap.in b/utilities/ovs-pcap.in
index 2e9197d15ffa..c43acb52eae0 100755
--- a/utilities/ovs-pcap.in
+++ b/utilities/ovs-pcap.in
@@ -55,6 +55,8 @@ class PcapReader(object):
 if len(packet) != incl_len:
 raise PcapException("end of file reading pcap packet data")
 return packet
+
+
 argv0 = sys.argv[0]
 
 
@@ -70,6 +72,7 @@ The following options are also available:
 """ % {'argv0': argv0})
 sys.exit(0)
 
+
 if __name__ == "__main__":
 try:
 try:
diff --git a/utilities/ovs-tcpdump.in b/utilities/ovs-tcpdump.in
index 538b3b405c8e..a6e4adadb428 100755
--- a/utilities/ovs-tcpdump.in
+++ b/utilities/ovs-tcpdump.in
@@ -67,6 +67,7 @@ def _install_tap_linux(tap_name):
 *(['ip', 'link', 'set', 'dev', str(tap_name), 'up']))
 pipe.wait()
 
+
 _make_taps['linux'] = _install_tap_linux
 _make_taps['linux2'] = _install_tap_linux
 
diff --git a/vtep/ovs-vtep b/vtep/ovs-vtep
index b32a82a907ea..9a5aa3d680bb 100755
--- a/vtep/ovs-vtep
+++ b/vtep/ovs-vtep
@@ -752,6 +752,7 @@ def main():
 
 unixctl.close()
 
+
 if __name__ == '__main__':
 try:
 main()
-- 
2.10.2

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH v2 3/3] ovn-ctl: add support for SSL nb/sb db connections

2016-12-08 Thread Lance Richardson

Add support for SSL connections to OVN northbound and/or
southbound databases.

To improve security, the NB and SB ovsdb daemons no longer
have open ptcp connections by default.  This is a change in
behavior from previous versions, users wishing to use TCP
connections to the NB/SB daemons can either request that
a passive TCP connection be used via ovn-ctl command-line
options (e.g. via OVN_CTL_OPTS/OVN_NORTHD_OPTS in startup
scripts):

--db-sb-create-remote=yes
--db-nb-create-remote=yes

Or configure a connection after the NB/SB daemons have been
started, e.g.:

ovn-sbctl set-connection ptcp:6642
ovn-nbctl set-connection ptcp:6641

Users desiring SSL database connections will need to generate certificates
and private key as described in INSTALL.SSL.rst and perform the following
one-time configuration steps:

   ovn-sbctl set-ssl   
   ovn-sbctl set-connection pssl:6642
   ovn-nbctl set-ssl   
   ovn-nbctl set-connection pssl:6641

On the ovn-controller and ovn-controller-vtep side, SSL configuration
must be provided on the command-line when the daemons are started, this
should be provided via the following command-line options (e.g. via
OVN_CTL_OPTS/OVN_CONTROLLER_OPTS in startup scripts):

   --ovn-controller-ssl-key=
   --ovn-controller-ssl-cert=
   --ovn-controller-ssl-ca-cert=

The SB database connection should also be configured to use SSL, e.g.:

ovs-vsctl set Open_vSwitch . \
  external-ids:ovn-remote=ssl:w.x.y.z:6642

Co-authored-by: Numan Siddique 
Signed-off-by: Numan Siddique 
Signed-off-by: Lance Richardson 
---
 NEWS|   5 +++
 manpages.mk |   4 ++
 ovn/utilities/ovn-ctl   | 106 +---
 ovn/utilities/ovn-ctl.8.xml |   7 +++
 4 files changed, 105 insertions(+), 17 deletions(-)

diff --git a/NEWS b/NEWS
index 3a33abf..0f640bd 100644
--- a/NEWS
+++ b/NEWS
@@ -9,6 +9,11 @@ Post-v2.6.0
  * Support for source IP address based routing.
  * Support for managing SSL and remote connection configuration in
northbound and southbound databases.
+ * TCP connections to northbound and southbound databases are no
+   longer enabled by default and must be explicitly configured.
+   See documentation for ovn-sbctl/ovn-nbctl "set-connection" command
+   or ovn-ctl "--db-sb-create-remote"/"--db-nb-create-remote"
+   options for information regarding enabling TCP connections.
- Fixed regression in table stats maintenance introduced in OVS
  2.3.0, wherein the number of OpenFlow table hits and misses was
  not accurate.
diff --git a/manpages.mk b/manpages.mk
index 11ec023..742bd66 100644
--- a/manpages.mk
+++ b/manpages.mk
@@ -10,6 +10,8 @@ ovn/utilities/ovn-sbctl.8: \
lib/table.man \
lib/vlog.man \
ovsdb/remote-active.man \
+   ovsdb/remote-active.man \
+   ovsdb/remote-passive.man \
ovsdb/remote-passive.man
 ovn/utilities/ovn-sbctl.8.in:
 lib/common.man:
@@ -20,6 +22,8 @@ lib/ssl.man:
 lib/table.man:
 lib/vlog.man:
 ovsdb/remote-active.man:
+ovsdb/remote-active.man:
+ovsdb/remote-passive.man:
 ovsdb/remote-passive.man:
 
 ovsdb/ovsdb-client.1: \
diff --git a/ovn/utilities/ovn-ctl b/ovn/utilities/ovn-ctl
index 73e78e5..f4526fd 100755
--- a/ovn/utilities/ovn-ctl
+++ b/ovn/utilities/ovn-ctl
@@ -50,7 +50,7 @@ stop_ovsdb () {
 
 demote_ovnnb() {
 if test ! -z "$DB_NB_SYNC_FROM_ADDR"; then
-echo "tcp:$DB_NB_SYNC_FROM_ADDR:$DB_NB_SYNC_FROM_PORT" > 
$ovnnb_active_conf_file
+echo 
"$DB_NB_SYNC_FROM_PROTO:$DB_NB_SYNC_FROM_ADDR:$DB_NB_SYNC_FROM_PORT" > 
$ovnnb_active_conf_file
 fi
 
 if test -e $ovnnb_active_conf_file; then
@@ -64,7 +64,7 @@ demote_ovnnb() {
 
 demote_ovnsb() {
 if test ! -z "$DB_SB_SYNC_FROM_ADDR"; then
-echo "tcp:$DB_SB_SYNC_FROM_ADDR:$DB_SB_SYNC_FROM_PORT" > 
$ovnsb_active_conf_file
+echo 
"$DB_SB_SYNC_FROM_PROTO:$DB_SB_SYNC_FROM_ADDR:$DB_SB_SYNC_FROM_PORT" > 
$ovnsb_active_conf_file
 fi
 
 if test -e $ovnsb_active_conf_file; then
@@ -93,15 +93,17 @@ start_ovsdb () {
 
 set ovsdb-server
 
-set "$@" --detach --monitor $OVN_NB_LOG \
---log-file=$OVN_NB_LOGFILE \
---remote=punix:$DB_NB_SOCK \
---remote=ptcp:$DB_NB_PORT:$DB_NB_ADDR \
---pidfile=$DB_NB_PID \
---unixctl=ovnnb_db.ctl
+set "$@" --detach --monitor
+set "$@" $OVN_NB_LOG --log-file=$OVN_NB_LOGFILE
+set "$@" --remote=punix:$DB_NB_SOCK --pidfile=$DB_NB_PID
+set "$@" --remote=db:OVN_Northbound,NB_Global,connections
+set "$@" --unixctl=ovnnb_db.ctl
+set "$@" --private-key=db:OVN_Northbound,SSL,private_key
+set "$@" --certificate=db:OVN_Northbound,SSL,certificate
+set "$@" --ca-cert=db:OVN_Northbound,SSL,ca_cert
 
 if test ! -z "$DB_NB_SYNC_FROM_ADDR"; then
-echo

[ovs-dev] [PATCH v2 2/3] ovn-sb: remote connection management in sb db

2016-12-08 Thread Lance Richardson

Add support for managing remote connections, including
SSL configuration, to southbound db schema, and add necessary
commands to ovn-sbctl.

Signed-off-by: Lance Richardson 
---
 NEWS |   2 +-
 manpages.mk  |   6 ++
 ovn/ovn-sb.ovsschema |  21 +++-
 ovn/ovn-sb.xml   |  48 +-
 ovn/utilities/ovn-sbctl.8.in |  85 -
 ovn/utilities/ovn-sbctl.c| 221 ++-
 tests/ovn.at |  52 ++
 7 files changed, 423 insertions(+), 12 deletions(-)

diff --git a/NEWS b/NEWS
index 2ec3dbb..3a33abf 100644
--- a/NEWS
+++ b/NEWS
@@ -8,7 +8,7 @@ Post-v2.6.0
  * IPAM now supports fixed MAC addresses.
  * Support for source IP address based routing.
  * Support for managing SSL and remote connection configuration in
-   northbound database.
+   northbound and southbound databases.
- Fixed regression in table stats maintenance introduced in OVS
  2.3.0, wherein the number of OpenFlow table hits and misses was
  not accurate.
diff --git a/manpages.mk b/manpages.mk
index 2fb8ef4..11ec023 100644
--- a/manpages.mk
+++ b/manpages.mk
@@ -4,6 +4,9 @@ ovn/utilities/ovn-sbctl.8: \
ovn/utilities/ovn-sbctl.8.in \
lib/common.man \
lib/db-ctl-base.man \
+   lib/ssl-bootstrap.man \
+   lib/ssl-peer-ca-cert.man \
+   lib/ssl.man \
lib/table.man \
lib/vlog.man \
ovsdb/remote-active.man \
@@ -11,6 +14,9 @@ ovn/utilities/ovn-sbctl.8: \
 ovn/utilities/ovn-sbctl.8.in:
 lib/common.man:
 lib/db-ctl-base.man:
+lib/ssl-bootstrap.man:
+lib/ssl-peer-ca-cert.man:
+lib/ssl.man:
 lib/table.man:
 lib/vlog.man:
 ovsdb/remote-active.man:
diff --git a/ovn/ovn-sb.ovsschema b/ovn/ovn-sb.ovsschema
index 89342fe..0212a5e 100644
--- a/ovn/ovn-sb.ovsschema
+++ b/ovn/ovn-sb.ovsschema
@@ -1,7 +1,7 @@
 {
 "name": "OVN_Southbound",
 "version": "1.9.0",
-"cksum": "239060528 9012",
+"cksum": "2240045372 9719",
 "tables": {
 "SB_Global": {
 "columns": {
@@ -13,7 +13,11 @@
 "type": {"key": {"type": "uuid",
  "refTable": "Connection"},
  "min": 0,
- "max": "unlimited"}}},
+ "max": "unlimited"}},
+"ssl": {
+"type": {"key": {"type": "uuid",
+ "refTable": "SSL"},
+ "min": 0, "max": 1}}},
 "maxRows": 1,
 "isRoot": true},
 "Chassis": {
@@ -183,4 +187,15 @@
 "min": 0,
 "max": "unlimited"},
 "ephemeral": true}},
-"indexes": [["target"]]}}}
+"indexes": [["target"]]},
+"SSL": {
+"columns": {
+"private_key": {"type": "string"},
+"certificate": {"type": "string"},
+"ca_cert": {"type": "string"},
+"bootstrap_ca_cert": {"type": "boolean"},
+"external_ids": {"type": {"key": "string",
+  "value": "string",
+  "min": 0,
+  "max": "unlimited"}}},
+"maxRows": 1}}}
diff --git a/ovn/ovn-sb.xml b/ovn/ovn-sb.xml
index 65191ed..e2f88b5 100644
--- a/ovn/ovn-sb.xml
+++ b/ovn/ovn-sb.xml
@@ -169,6 +169,9 @@
 connections should be configured.  See the 
 table for more information.
   
+  
+Global SSL configuration.
+  
 
   
 
@@ -2309,7 +2312,9 @@ tcp.flags = RST;
 
   The specified SSL port on the host at the given
   ip, which must be expressed as an IP address
-  (not a DNS name).
+  (not a DNS name). A valid SSL configuration must be provided
+  when this form is used, this configuration can be specified
+  via command-line options or the  table.
 
 
   If port is not specified, it defaults to 6640.
@@ -2345,6 +2350,9 @@ tcp.flags = RST;
   address, wrap in square brackets,
   e.g. pssl:6640:[::1].  If ip is not
   specified then it listens only on IPv4 (but not IPv6) addresses.
+  A valid SSL configuration must be provided when this form is 
used,
+ this can be specified either via command-line options or the
+  table.
 
 
   If port is not specified, it defaults to 6640.
@@ -2517,4 +2525,42 @@ tcp.flags = RST;
   
 
   
+  
+SSL configuration for ovn-sb database access.
+
+
+  Name of a PEM file containing the private key used as the switch's
+  identity for SSL

[ovs-dev] [PATCH v2 1/3] ovn-nb: remote connection management in nb db

2016-12-08 Thread Lance Richardson

Add support for managing remote connections, including
SSL configuration, to northbound db schema, and add necessary
commands to ovn-nbctl.

Signed-off-by: Lance Richardson 
---
 NEWS  |   2 +
 ovn/ovn-nb.ovsschema  |  53 +++-
 ovn/ovn-nb.xml| 288 ++
 ovn/utilities/ovn-nbctl.8.xml |  36 ++
 ovn/utilities/ovn-nbctl.c | 208 ++
 tests/ovn.at  |  52 
 6 files changed, 634 insertions(+), 5 deletions(-)

diff --git a/NEWS b/NEWS
index 5c5628c..2ec3dbb 100644
--- a/NEWS
+++ b/NEWS
@@ -7,6 +7,8 @@ Post-v2.6.0
  * DSCP marking is now supported, via the new northbound QoS table.
  * IPAM now supports fixed MAC addresses.
  * Support for source IP address based routing.
+ * Support for managing SSL and remote connection configuration in
+   northbound database.
- Fixed regression in table stats maintenance introduced in OVS
  2.3.0, wherein the number of OpenFlow table hits and misses was
  not accurate.
diff --git a/ovn/ovn-nb.ovsschema b/ovn/ovn-nb.ovsschema
index 65f2d7c..39c7f99 100644
--- a/ovn/ovn-nb.ovsschema
+++ b/ovn/ovn-nb.ovsschema
@@ -1,7 +1,7 @@
 {
 "name": "OVN_Northbound",
 "version": "5.4.1",
-"cksum": "3773248894 11490",
+"cksum": "3485560318 13777",
 "tables": {
 "NB_Global": {
 "columns": {
@@ -10,7 +10,16 @@
 "hv_cfg": {"type": {"key": "integer"}},
 "external_ids": {
 "type": {"key": "string", "value": "string",
- "min": 0, "max": "unlimited"}}},
+ "min": 0, "max": "unlimited"}},
+"connections": {
+"type": {"key": {"type": "uuid",
+ "refTable": "Connection"},
+ "min": 0,
+ "max": "unlimited"}},
+"ssl": {
+"type": {"key": {"type": "uuid",
+ "refTable": "SSL"},
+ "min": 0, "max": 1}}},
 "maxRows": 1,
 "isRoot": true},
 "Logical_Switch": {
@@ -221,6 +230,40 @@
 "external_ids": {
 "type": {"key": "string", "value": "string",
  "min": 0, "max": "unlimited"}}},
-"isRoot": true}
-}
-}
+"isRoot": true},
+"Connection": {
+"columns": {
+"target": {"type": "string"},
+"max_backoff": {"type": {"key": {"type": "integer",
+ "minInteger": 1000},
+ "min": 0,
+ "max": 1}},
+"inactivity_probe": {"type": {"key": "integer",
+  "min": 0,
+  "max": 1}},
+"other_config": {"type": {"key": "string",
+  "value": "string",
+  "min": 0,
+  "max": "unlimited"}},
+"external_ids": {"type": {"key": "string",
+ "value": "string",
+ "min": 0,
+ "max": "unlimited"}},
+"is_connected": {"type": "boolean", "ephemeral": true},
+"status": {"type": {"key": "string",
+"value": "string",
+"min": 0,
+"max": "unlimited"},
+"ephemeral": true}},
+"indexes": [["target"]]},
+"SSL": {
+"columns": {
+"private_key": {"type": "string"},
+"certificate": {"type": "string"},
+"ca_cert": {"type": "string"},
+"bootstrap_ca_cert": {"type": "boolean"},
+"external_ids": {"type": {"key": "string",
+  "value": "string",
+  "min": 0,
+  "max": "unlimited"}}},
+"maxRows": 1}}}
diff --git a/ovn/ovn-nb.xml b/ovn/ovn-nb.xml
index 3e40881..a3dc916 100644
--- a/ovn/ovn-nb.xml
+++ b/ovn/ovn-nb.xml
@@ -69,6 +69,17 @@
 See External IDs at the beginning of this document.
   
 
+
+  
+Database clients to which the Open vSwitch database server should
+connect or on which it should listen, along with options for how these
+connections should be configured.  See the 
+table for more information.
+  
+  
+Global SSL configuration.
+  
+
   
 
   
@@

[ovs-dev] [PATCH v2 0/3] ovn: support ssl connections to nb/sb dbs

2016-12-08 Thread Lance Richardson

This series adds support for SSL connections to the northbound
and southbound OVN database servers and removes the previous
default TCP connection type.


v2: - Changed DB_NB_DEFAULT_REMOTE to DB_NB_CREATE_REMOTE.
- Changed DB_SB_DEFAULT_REMOTE to DB_SB_CREATE_REMOTE.
- Create default remote configuration in db instead of
  via command-line options.

Lance Richardson (3):
  ovn-nb: remote connection management in nb db
  ovn-sb: remote connection management in sb db
  ovn-ctl: add support for SSL nb/sb db connections

 NEWS  |   7 +
 manpages.mk   |  10 ++
 ovn/ovn-nb.ovsschema  |  53 +++-
 ovn/ovn-nb.xml| 288 ++
 ovn/ovn-sb.ovsschema  |  21 ++-
 ovn/ovn-sb.xml|  48 ++-
 ovn/utilities/ovn-ctl | 106 +---
 ovn/utilities/ovn-ctl.8.xml   |   7 +
 ovn/utilities/ovn-nbctl.8.xml |  36 ++
 ovn/utilities/ovn-nbctl.c | 208 ++
 ovn/utilities/ovn-sbctl.8.in  |  85 -
 ovn/utilities/ovn-sbctl.c | 221 +++-
 tests/ovn.at  | 104 +++
 13 files changed, 1161 insertions(+), 33 deletions(-)

-- 
2.5.5

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH] datapath-windows: Remove dead code from PacketIO

2016-12-08 Thread Alin Serdean

Assigning value to 'nativeNbls' has no effect outside the function and
the variable is not used inside the function.

Signed-off-by: Alin Gabriel Serdean 
---
 datapath-windows/ovsext/PacketIO.c | 1 -
 1 file changed, 1 deletion(-)

diff --git a/datapath-windows/ovsext/PacketIO.c 
b/datapath-windows/ovsext/PacketIO.c
index a0ddc3d..e30a0c1 100644
--- a/datapath-windows/ovsext/PacketIO.c
+++ b/datapath-windows/ovsext/PacketIO.c
@@ -193,7 +193,6 @@ OvsAppendNativeForwardedPacket(POVS_SWITCH_CONTEXT 
switchContext,
 NDIS_STRING filterReason;
 
 *nativeNbls = curNbl;
-nativeNbls = &(curNbl->Next);
 
 ctx = OvsInitExternalNBLContext(switchContext, curNbl, isRecv);
 if (ctx == NULL) {
-- 
2.10.2.windows.1
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] Las 5´s de la Calidad total Japonesa

2016-12-08 Thread cómo organizar todas las áreas de su compañía

 

En línea y en Vivo / Para todo su Equipo con una sola Conexión 

Las 5´s de la CALIDAD TOTAL JAPONESA 
Y cómo ponerlo en marcha HOY en su compañía
15 de diciembre - Online en Vivo - 10:00 a 13:00 y de 15:00 a 18:00 Hrs   
 
Conozca las cinco reglas japonesas que revolucionaron el concepto de la 
producción, las oficinas y los servicios, principios que le mostrarán cómo 
organizar todas las áreas de su compañía, siguiendo la filosofía TOYOTA, y 
descubra los beneficios de ser más organizado y más ordenado de manera 
permanente. 
"Pregunte por nuestra Promoción Navideña"


Temario: 

1. Las Cinco S de la calidad total.

2. Lean management.

3. Cómo saber que necesitamos las 5’s.

4. Antes de implementarlas.

5. Las 5’S.



...¡Y mucho más!


 
¿Requiere la información a la Brevedad?
responda este email con la palabra: 
Info - 5s.
centro telefónico: 018002129393
 

Lic. Pamela Rangel
Coordinador de Evento


 
¿Demasiados mensajes en su cuenta? Responda este mensaje indicando que solo 
desea recibir CALENDARIO y sólo recibirá un correo al mes. Si desea cancelar la 
suscripción, solicite su BAJA. 
 

 

 

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH 3/3] ovn-ctl: add support for SSL nb/sb db connections

2016-12-08 Thread Russell Bryant

On Thu, Dec 8, 2016 at 8:37 AM, Lance Richardson 
wrote:

> > From: "Numan Siddique" 
> > To: "Lance Richardson" 
> > Cc: "ovs dev" 
> > Sent: Thursday, December 8, 2016 8:01:07 AM
> > Subject: Re: [ovs-dev] [PATCH 3/3] ovn-ctl: add support for SSL nb/sb db
> connections
> >
> > On Thu, Dec 1, 2016 at 9:07 PM, Lance Richardson 
> > wrote:
> >
> > > Add support for SSL connections to OVN northbound and/or
> > > southbound databases.
> > >
> > > To improve security, the NB and SB ovsdb daemons no longer
> > > have open ptcp connections by default.  This is a change in
> > > behavior from previous versions, users wishing to use TCP
> > > connections to the NB/SB daemons can either request that
> > > a passive TCP connection be used via ovn-ctl command-line
> > > options (e.g. via OVN_CTL_OPTS/OVN_NORTHD_OPTS in startup
> > > scripts):
> > >
> > > --db-sb-default-remote=yes
> > > --db-nb-default-remote=yes
> > >
> > > Or configure a connection after the NB/SB daemons have been
> > > started, e.g.:
> > >
> > > ovn-sbctl set-connection ptcp:6642
> > > ovn-nbctl set-connection ptcp:6641
> > >
> > > Users desiring SSL database connections will need to generate
> certificates
> > > and private key as described in INSTALL.SSL.rst and perform the
> following
> > > one-time configuration steps:
> > >
> > >ovn-sbctl set-ssl   
> > >ovn-sbctl set-connection pssl:6642
> > >ovn-nbctl set-ssl   
> > >ovn-nbctl set-connection pssl:6641
> > >
> > > On the ovn-controller and ovn-controller-vtep side, SSL configuration
> > > must be provided on the command-line when the daemons are started, this
> > > should be provided via the following command-line options (e.g. via
> > > OVN_CTL_OPTS/OVN_CONTROLLER_OPTS in startup scripts):
> > >
> > >--ovn-controller-ssl-key=
> > >--ovn-controller-ssl-cert=
> > >--ovn-controller-ssl-ca-cert=
> > >
> > > The SB database connection should also be configured to use SSL, e.g.:
> > >
> > > ovs-vsctl set Open_vSwitch . \
> > >   external-ids:ovn-remote=ssl:w.x.y.z:6642
> > >
> > > Signed-off-by: Lance Richardson 
> > > ---
> > >  NEWS|  5 
> > >  manpages.mk |  4 +++
> > >  ovn/utilities/ovn-ctl   | 72 ++
> > > ---
> > >  ovn/utilities/ovn-ctl.8.xml |  7 +
> > >  4 files changed, 71 insertions(+), 17 deletions(-)
> > >
> > > diff --git a/NEWS b/NEWS
> > > index 3a33abf..9ac8808 100644
> > > --- a/NEWS
> > > +++ b/NEWS
> > > @@ -9,6 +9,11 @@ Post-v2.6.0
> > >   * Support for source IP address based routing.
> > >   * Support for managing SSL and remote connection configuration in
> > > northbound and southbound databases.
> > > + * TCP connections to northbound and southbound databases are no
> > > +   longer enabled by default and must be explicitly configured.
> > > +   See documentation for ovn-sbctl/ovn-nbctl "set-connection"
> command
> > > +   or ovn-ctl "--db-sb-default-remote"/"--db-nb-default-remote"
> > > +   options for information regarding enabling TCP connections.
> > > - Fixed regression in table stats maintenance introduced in OVS
> > >   2.3.0, wherein the number of OpenFlow table hits and misses was
> > >   not accurate.
> > > diff --git a/manpages.mk b/manpages.mk
> > > index 11ec023..742bd66 100644
> > > --- a/manpages.mk
> > > +++ b/manpages.mk
> > > @@ -10,6 +10,8 @@ ovn/utilities/ovn-sbctl.8: \
> > > lib/table.man \
> > > lib/vlog.man \
> > > ovsdb/remote-active.man \
> > > +   ovsdb/remote-active.man \
> > > +   ovsdb/remote-passive.man \
> > > ovsdb/remote-passive.man
> > >  ovn/utilities/ovn-sbctl.8.in:
> > >  lib/common.man:
> > > @@ -20,6 +22,8 @@ lib/ssl.man:
> > >  lib/table.man:
> > >  lib/vlog.man:
> > >  ovsdb/remote-active.man:
> > > +ovsdb/remote-active.man:
> > > +ovsdb/remote-passive.man:
> > >  ovsdb/remote-passive.man:
> > >
> > >  ovsdb/ovsdb-client.1: \
> > > diff --git a/ovn/utilities/ovn-ctl b/ovn/utilities/ovn-ctl
> > > index 73e78e5..4dade90 100755
> > > --- a/ovn/utilities/ovn-ctl
> > > +++ b/ovn/utilities/ovn-ctl
> > > @@ -50,7 +50,7 @@ stop_ovsdb () {
> > >
> > >  demote_ovnnb() {
> > >  if test ! -z "$DB_NB_SYNC_FROM_ADDR"; then
> > > -echo "tcp:$DB_NB_SYNC_FROM_ADDR:$DB_NB_SYNC_FROM_PORT" >
> > > $ovnnb_active_conf_file
> > > +echo
> > > "$DB_NB_SYNC_FROM_PROTO:$DB_NB_SYNC_FROM_ADDR:$DB_NB_SYNC_FROM_PORT"
> > > > $ovnnb_active_conf_file
> > >  fi
> > >
> > >  if test -e $ovnnb_active_conf_file; then
> > > @@ -64,7 +64,7 @@ demote_ovnnb() {
> > >
> > >  demote_ovnsb() {
> > >  if test ! -z "$DB_SB_SYNC_FROM_ADDR"; then
> > > -echo "tcp:$DB_SB_SYNC_FROM_ADDR:$DB_SB_SYNC_FROM_PORT" >
> > > $ovnsb_active_conf_file
> > > +echo
> > >

Re: [ovs-dev] [PATCH 3/3] ovn-ctl: add support for SSL nb/sb db connections

2016-12-08 Thread Lance Richardson

> From: "Numan Siddique" 
> To: "Lance Richardson" 
> Cc: "ovs dev" 
> Sent: Thursday, December 8, 2016 8:01:07 AM
> Subject: Re: [ovs-dev] [PATCH 3/3] ovn-ctl: add support for SSL nb/sb db 
> connections
> 
> On Thu, Dec 1, 2016 at 9:07 PM, Lance Richardson 
> wrote:
> 
> > Add support for SSL connections to OVN northbound and/or
> > southbound databases.
> >
> > To improve security, the NB and SB ovsdb daemons no longer
> > have open ptcp connections by default.  This is a change in
> > behavior from previous versions, users wishing to use TCP
> > connections to the NB/SB daemons can either request that
> > a passive TCP connection be used via ovn-ctl command-line
> > options (e.g. via OVN_CTL_OPTS/OVN_NORTHD_OPTS in startup
> > scripts):
> >
> > --db-sb-default-remote=yes
> > --db-nb-default-remote=yes
> >
> > Or configure a connection after the NB/SB daemons have been
> > started, e.g.:
> >
> > ovn-sbctl set-connection ptcp:6642
> > ovn-nbctl set-connection ptcp:6641
> >
> > Users desiring SSL database connections will need to generate certificates
> > and private key as described in INSTALL.SSL.rst and perform the following
> > one-time configuration steps:
> >
> >ovn-sbctl set-ssl   
> >ovn-sbctl set-connection pssl:6642
> >ovn-nbctl set-ssl   
> >ovn-nbctl set-connection pssl:6641
> >
> > On the ovn-controller and ovn-controller-vtep side, SSL configuration
> > must be provided on the command-line when the daemons are started, this
> > should be provided via the following command-line options (e.g. via
> > OVN_CTL_OPTS/OVN_CONTROLLER_OPTS in startup scripts):
> >
> >--ovn-controller-ssl-key=
> >--ovn-controller-ssl-cert=
> >--ovn-controller-ssl-ca-cert=
> >
> > The SB database connection should also be configured to use SSL, e.g.:
> >
> > ovs-vsctl set Open_vSwitch . \
> >   external-ids:ovn-remote=ssl:w.x.y.z:6642
> >
> > Signed-off-by: Lance Richardson 
> > ---
> >  NEWS|  5 
> >  manpages.mk |  4 +++
> >  ovn/utilities/ovn-ctl   | 72 ++
> > ---
> >  ovn/utilities/ovn-ctl.8.xml |  7 +
> >  4 files changed, 71 insertions(+), 17 deletions(-)
> >
> > diff --git a/NEWS b/NEWS
> > index 3a33abf..9ac8808 100644
> > --- a/NEWS
> > +++ b/NEWS
> > @@ -9,6 +9,11 @@ Post-v2.6.0
> >   * Support for source IP address based routing.
> >   * Support for managing SSL and remote connection configuration in
> > northbound and southbound databases.
> > + * TCP connections to northbound and southbound databases are no
> > +   longer enabled by default and must be explicitly configured.
> > +   See documentation for ovn-sbctl/ovn-nbctl "set-connection" command
> > +   or ovn-ctl "--db-sb-default-remote"/"--db-nb-default-remote"
> > +   options for information regarding enabling TCP connections.
> > - Fixed regression in table stats maintenance introduced in OVS
> >   2.3.0, wherein the number of OpenFlow table hits and misses was
> >   not accurate.
> > diff --git a/manpages.mk b/manpages.mk
> > index 11ec023..742bd66 100644
> > --- a/manpages.mk
> > +++ b/manpages.mk
> > @@ -10,6 +10,8 @@ ovn/utilities/ovn-sbctl.8: \
> > lib/table.man \
> > lib/vlog.man \
> > ovsdb/remote-active.man \
> > +   ovsdb/remote-active.man \
> > +   ovsdb/remote-passive.man \
> > ovsdb/remote-passive.man
> >  ovn/utilities/ovn-sbctl.8.in:
> >  lib/common.man:
> > @@ -20,6 +22,8 @@ lib/ssl.man:
> >  lib/table.man:
> >  lib/vlog.man:
> >  ovsdb/remote-active.man:
> > +ovsdb/remote-active.man:
> > +ovsdb/remote-passive.man:
> >  ovsdb/remote-passive.man:
> >
> >  ovsdb/ovsdb-client.1: \
> > diff --git a/ovn/utilities/ovn-ctl b/ovn/utilities/ovn-ctl
> > index 73e78e5..4dade90 100755
> > --- a/ovn/utilities/ovn-ctl
> > +++ b/ovn/utilities/ovn-ctl
> > @@ -50,7 +50,7 @@ stop_ovsdb () {
> >
> >  demote_ovnnb() {
> >  if test ! -z "$DB_NB_SYNC_FROM_ADDR"; then
> > -echo "tcp:$DB_NB_SYNC_FROM_ADDR:$DB_NB_SYNC_FROM_PORT" >
> > $ovnnb_active_conf_file
> > +echo
> > "$DB_NB_SYNC_FROM_PROTO:$DB_NB_SYNC_FROM_ADDR:$DB_NB_SYNC_FROM_PORT"
> > > $ovnnb_active_conf_file
> >  fi
> >
> >  if test -e $ovnnb_active_conf_file; then
> > @@ -64,7 +64,7 @@ demote_ovnnb() {
> >
> >  demote_ovnsb() {
> >  if test ! -z "$DB_SB_SYNC_FROM_ADDR"; then
> > -echo "tcp:$DB_SB_SYNC_FROM_ADDR:$DB_SB_SYNC_FROM_PORT" >
> > $ovnsb_active_conf_file
> > +echo
> > "$DB_SB_SYNC_FROM_PROTO:$DB_SB_SYNC_FROM_ADDR:$DB_SB_SYNC_FROM_PORT"
> > > $ovnsb_active_conf_file
> >  fi
> >
> >  if test -e $ovnsb_active_conf_file; then
> > @@ -93,15 +93,21 @@ start_ovsdb () {
> >
> >  set ovsdb-server
> >
> > -set "$@" --detach --monitor $OVN_NB_LOG \
> > -

Re: [ovs-dev] [PATCH 3/3] ovn-ctl: add support for SSL nb/sb db connections

2016-12-08 Thread Numan Siddique

On Thu, Dec 1, 2016 at 9:07 PM, Lance Richardson 
wrote:

> Add support for SSL connections to OVN northbound and/or
> southbound databases.
>
> To improve security, the NB and SB ovsdb daemons no longer
> have open ptcp connections by default.  This is a change in
> behavior from previous versions, users wishing to use TCP
> connections to the NB/SB daemons can either request that
> a passive TCP connection be used via ovn-ctl command-line
> options (e.g. via OVN_CTL_OPTS/OVN_NORTHD_OPTS in startup
> scripts):
>
> --db-sb-default-remote=yes
> --db-nb-default-remote=yes
>
> Or configure a connection after the NB/SB daemons have been
> started, e.g.:
>
> ovn-sbctl set-connection ptcp:6642
> ovn-nbctl set-connection ptcp:6641
>
> Users desiring SSL database connections will need to generate certificates
> and private key as described in INSTALL.SSL.rst and perform the following
> one-time configuration steps:
>
>ovn-sbctl set-ssl   
>ovn-sbctl set-connection pssl:6642
>ovn-nbctl set-ssl   
>ovn-nbctl set-connection pssl:6641
>
> On the ovn-controller and ovn-controller-vtep side, SSL configuration
> must be provided on the command-line when the daemons are started, this
> should be provided via the following command-line options (e.g. via
> OVN_CTL_OPTS/OVN_CONTROLLER_OPTS in startup scripts):
>
>--ovn-controller-ssl-key=
>--ovn-controller-ssl-cert=
>--ovn-controller-ssl-ca-cert=
>
> The SB database connection should also be configured to use SSL, e.g.:
>
> ovs-vsctl set Open_vSwitch . \
>   external-ids:ovn-remote=ssl:w.x.y.z:6642
>
> Signed-off-by: Lance Richardson 
> ---
>  NEWS|  5 
>  manpages.mk |  4 +++
>  ovn/utilities/ovn-ctl   | 72 ++
> ---
>  ovn/utilities/ovn-ctl.8.xml |  7 +
>  4 files changed, 71 insertions(+), 17 deletions(-)
>
> diff --git a/NEWS b/NEWS
> index 3a33abf..9ac8808 100644
> --- a/NEWS
> +++ b/NEWS
> @@ -9,6 +9,11 @@ Post-v2.6.0
>   * Support for source IP address based routing.
>   * Support for managing SSL and remote connection configuration in
> northbound and southbound databases.
> + * TCP connections to northbound and southbound databases are no
> +   longer enabled by default and must be explicitly configured.
> +   See documentation for ovn-sbctl/ovn-nbctl "set-connection" command
> +   or ovn-ctl "--db-sb-default-remote"/"--db-nb-default-remote"
> +   options for information regarding enabling TCP connections.
> - Fixed regression in table stats maintenance introduced in OVS
>   2.3.0, wherein the number of OpenFlow table hits and misses was
>   not accurate.
> diff --git a/manpages.mk b/manpages.mk
> index 11ec023..742bd66 100644
> --- a/manpages.mk
> +++ b/manpages.mk
> @@ -10,6 +10,8 @@ ovn/utilities/ovn-sbctl.8: \
> lib/table.man \
> lib/vlog.man \
> ovsdb/remote-active.man \
> +   ovsdb/remote-active.man \
> +   ovsdb/remote-passive.man \
> ovsdb/remote-passive.man
>  ovn/utilities/ovn-sbctl.8.in:
>  lib/common.man:
> @@ -20,6 +22,8 @@ lib/ssl.man:
>  lib/table.man:
>  lib/vlog.man:
>  ovsdb/remote-active.man:
> +ovsdb/remote-active.man:
> +ovsdb/remote-passive.man:
>  ovsdb/remote-passive.man:
>
>  ovsdb/ovsdb-client.1: \
> diff --git a/ovn/utilities/ovn-ctl b/ovn/utilities/ovn-ctl
> index 73e78e5..4dade90 100755
> --- a/ovn/utilities/ovn-ctl
> +++ b/ovn/utilities/ovn-ctl
> @@ -50,7 +50,7 @@ stop_ovsdb () {
>
>  demote_ovnnb() {
>  if test ! -z "$DB_NB_SYNC_FROM_ADDR"; then
> -echo "tcp:$DB_NB_SYNC_FROM_ADDR:$DB_NB_SYNC_FROM_PORT" >
> $ovnnb_active_conf_file
> +echo 
> "$DB_NB_SYNC_FROM_PROTO:$DB_NB_SYNC_FROM_ADDR:$DB_NB_SYNC_FROM_PORT"
> > $ovnnb_active_conf_file
>  fi
>
>  if test -e $ovnnb_active_conf_file; then
> @@ -64,7 +64,7 @@ demote_ovnnb() {
>
>  demote_ovnsb() {
>  if test ! -z "$DB_SB_SYNC_FROM_ADDR"; then
> -echo "tcp:$DB_SB_SYNC_FROM_ADDR:$DB_SB_SYNC_FROM_PORT" >
> $ovnsb_active_conf_file
> +echo 
> "$DB_SB_SYNC_FROM_PROTO:$DB_SB_SYNC_FROM_ADDR:$DB_SB_SYNC_FROM_PORT"
> > $ovnsb_active_conf_file
>  fi
>
>  if test -e $ovnsb_active_conf_file; then
> @@ -93,15 +93,21 @@ start_ovsdb () {
>
>  set ovsdb-server
>
> -set "$@" --detach --monitor $OVN_NB_LOG \
> ---log-file=$OVN_NB_LOGFILE \
> ---remote=punix:$DB_NB_SOCK \
> ---remote=ptcp:$DB_NB_PORT:$DB_NB_ADDR \
> ---pidfile=$DB_NB_PID \
> ---unixctl=ovnnb_db.ctl
> +set "$@" --detach --monitor
> +set "$@" $OVN_NB_LOG --log-file=$OVN_NB_LOGFILE
> +set "$@" --remote=punix:$DB_NB_SOCK --pidfile=$DB_NB_PID
> +set "$@" --remote=db:OVN_Northbound,NB_Global,connections
> +set "$@" --unixctl=ovnnb_db.ctl
> +set "$@"

[ovs-dev] [PATCH v2 08/11] doc: Populate 'tutorials' section

2016-12-08 Thread Stephen Finucane

Rename 'tutorial' to 'ovs-advanced' and 'ovn-tutorial' to 'ovn-basics'.

Signed-off-by: Stephen Finucane 
---
 Documentation/automake.mk|  2 ++
 Documentation/index.rst  |  3 ++-
 Documentation/tutorials/index.rst|  9 +
 .../tutorials/ovn-basics.rst | 10 --
 .../tutorials/ovs-advanced.rst   | 16 +++-
 FAQ.rst  |  2 +-
 README.rst   |  2 +-
 tutorial/automake.mk |  3 ---
 tutorial/ovn/env1/setup.sh   |  2 +-
 tutorial/ovn/env6/setup.sh   |  2 +-
 10 files changed, 28 insertions(+), 23 deletions(-)
 rename tutorial/ovn-tutorial.rst => Documentation/tutorials/ovn-basics.rst 
(99%)
 rename tutorial/tutorial.rst => Documentation/tutorials/ovs-advanced.rst (98%)

diff --git a/Documentation/automake.mk b/Documentation/automake.mk
index 5fc67b0..1f9800f 100644
--- a/Documentation/automake.mk
+++ b/Documentation/automake.mk
@@ -20,6 +20,8 @@ EXTRA_DIST += \
Documentation/intro/install/windows.rst \
Documentation/intro/install/xenserver.rst \
Documentation/tutorials/index.rst \
+   Documentation/tutorials/ovn-basics.rst \
+   Documentation/tutorials/ovs-advanced.rst \
Documentation/topics/index.rst \
Documentation/topics/bonding.rst \
Documentation/topics/datapath.rst \
diff --git a/Documentation/index.rst b/Documentation/index.rst
index be794f1..f15993f 100644
--- a/Documentation/index.rst
+++ b/Documentation/index.rst
@@ -55,7 +55,8 @@ vSwitch? Start here.
   :doc:`intro/install/xenserver` |
   :doc:`intro/install/dpdk`
 
-- **Tutorials:** **TODO**
+- **Tutorials:** :doc:`tutorials/ovs-advanced` |
+  :doc:`tutorials/ovn-basics`
 
 Deeper Dive
 ---
diff --git a/Documentation/tutorials/index.rst 
b/Documentation/tutorials/index.rst
index eebd242..477cadb 100644
--- a/Documentation/tutorials/index.rst
+++ b/Documentation/tutorials/index.rst
@@ -30,5 +30,14 @@ Tutorials
 Getting started with Open vSwitch (OVS) and Open Virtual Network (OVN) for Open
 vSwitch.
 
+.. TODO(stephenfin): We could really do with a few basic tutorials, along with
+   some more specialized ones (DPDK, XenServer, Windows). The latter could
+   probably be formed from the install guides, but the former will need to be
+   produced from scratch or reproduced from blogs (with permission of the
+   author)
+
 .. toctree::
:maxdepth: 2
+
+   ovs-advanced
+   ovn-basics
diff --git a/tutorial/ovn-tutorial.rst b/Documentation/tutorials/ovn-basics.rst
similarity index 99%
rename from tutorial/ovn-tutorial.rst
rename to Documentation/tutorials/ovn-basics.rst
index bb5f620..8115edd 100644
--- a/tutorial/ovn-tutorial.rst
+++ b/Documentation/tutorials/ovn-basics.rst
@@ -21,9 +21,9 @@
 
   Avoid deeper levels because they do not render well.
 
-
-OVN Tutorial
-
+==
+OVN Basics
+==
 
 This tutorial is intended to give you a tour of the basic OVN features using
 ``ovs-sandbox`` as a simulated test environment.  It's assumed that you have an
@@ -873,12 +873,10 @@ of what the resulting OpenFlow flows look like.
 Container Ports
 ---
 
-.. TODO(stephenfin): Update Docker link when this is moved.
-
 OVN supports containers running directly on the hypervisors and running
 containers inside VMs. This example shows how OVN supports network
 virtualization to containers when run inside VMs. Details about how to use
-docker containers in OVS can be found in the `Docker installlation guide`.
+docker containers in OVS can be found in :doc:`/howto/docker`.
 
 To support container traffic created inside a VM and to distinguish network
 traffic coming from different container vifs, for each container a logical port
diff --git a/tutorial/tutorial.rst b/Documentation/tutorials/ovs-advanced.rst
similarity index 98%
rename from tutorial/tutorial.rst
rename to Documentation/tutorials/ovs-advanced.rst
index 422bc0d..4ae27ce 100644
--- a/tutorial/tutorial.rst
+++ b/Documentation/tutorials/ovs-advanced.rst
@@ -21,9 +21,9 @@
 
   Avoid deeper levels because they do not render well.
 
-===
-Open vSwitch Advanced Features Tutorial
-===
+==
+Open vSwitch Advanced Features
+==
 
 Many tutorials cover the basics of OpenFlow.  This is not such a tutorial.
 Rather, a knowledge of the basics of OpenFlow is a prerequisite.  If you do not
@@ -54,18 +54,16 @@ hardware or even supervisor privilege on your system.  
Instead, we will use a
 script called ``ovs-sandbox``, which accompanies the tutorial, that constructs
 a software simulated network environment based on Open

[ovs-dev] [PATCH v2 07/11] doc: Populate 'topics' section

2016-12-08 Thread Stephen Finucane

There are many docs that don't need to kept at the top level, along
with many more hidden in random folders. Move them all.

This also allows us to add the '-W' flag to Sphinx, ensuring unindexed
docs result in build failures.

Signed-off-by: Stephen Finucane 
---
 Documentation/automake.mk  | 16 +--
 Documentation/howto/openstack-containers.rst   |  8 ++--
 Documentation/intro/install/netbsd.rst |  2 +-
 .../topics/bonding.rst | 38 +++--
 .../topics/datapath.rst|  0
 DESIGN.rst => Documentation/topics/design.rst  |  0
 Documentation/topics/dpdk.rst  | 28 +
 .../topics/high-availability.rst   |  0
 Documentation/topics/index.rst | 15 +++
 .../topics/integration.rst | 49 ++
 OPENFLOW.rst => Documentation/topics/openflow.rst  | 28 +++--
 .../ovsdb-replication.rst} |  0
 PORTING.rst => Documentation/topics/porting.rst|  5 +--
 .../DESIGN.rst => Documentation/topics/windows.rst |  0
 FAQ.rst| 16 +++
 Makefile.am|  4 --
 WHY-OVS.rst|  4 +-
 datapath-windows/automake.mk   |  1 -
 datapath/Modules.mk|  3 --
 include/openvswitch/ofp-actions.h  |  4 +-
 include/openvswitch/ofp-util.h |  4 +-
 lib/dpif.h |  5 +--
 lib/mac-learning.c |  6 +--
 lib/mac-learning.h |  4 +-
 lib/netdev.h   |  2 +-
 lib/ofp-util.c |  2 +-
 ofproto/connmgr.c  |  2 +-
 ovn/automake.mk|  3 +-
 ovn/controller/pinctrl.c   |  3 +-
 ovn/ovn-architecture.7.xml |  4 +-
 rhel/openvswitch-fedora.spec.in|  2 +-
 rhel/openvswitch.spec.in   |  2 +-
 tests/ovs-ofctl.at |  2 +-
 utilities/ovs-ofctl.8.in   |  2 +-
 vswitchd/automake.mk   |  1 -
 35 files changed, 147 insertions(+), 118 deletions(-)
 rename vswitchd/INTERNALS.rst => Documentation/topics/bonding.rst (94%)
 rename datapath/README.rst => Documentation/topics/datapath.rst (100%)
 rename DESIGN.rst => Documentation/topics/design.rst (100%)
 create mode 100644 Documentation/topics/dpdk.rst
 rename ovn/OVN-GW-HA.rst => Documentation/topics/high-availability.rst (100%)
 rename IntegrationGuide.rst => Documentation/topics/integration.rst (89%)
 rename OPENFLOW.rst => Documentation/topics/openflow.rst (93%)
 rename Documentation/{OVSDB-replication.rst => topics/ovsdb-replication.rst} 
(100%)
 rename PORTING.rst => Documentation/topics/porting.rst (98%)
 rename datapath-windows/DESIGN.rst => Documentation/topics/windows.rst (100%)

diff --git a/Documentation/automake.mk b/Documentation/automake.mk
index 2622f83..5fc67b0 100644
--- a/Documentation/automake.mk
+++ b/Documentation/automake.mk
@@ -1,6 +1,5 @@
 docs += \
-   Documentation/group-selection-method-property.txt \
-   Documentation/OVSDB-replication.rst
+   Documentation/group-selection-method-property.txt
 
 EXTRA_DIST += \
Documentation/_static/logo.png \
@@ -22,6 +21,16 @@ EXTRA_DIST += \
Documentation/intro/install/xenserver.rst \
Documentation/tutorials/index.rst \
Documentation/topics/index.rst \
+   Documentation/topics/bonding.rst \
+   Documentation/topics/datapath.rst \
+   Documentation/topics/design.rst \
+   Documentation/topics/dpdk.rst \
+   Documentation/topics/high-availability.rst \
+   Documentation/topics/integration.rst \
+   Documentation/topics/openflow.rst \
+   Documentation/topics/ovsdb-replication.rst \
+   Documentation/topics/porting.rst \
+   Documentation/topics/windows.rst \
Documentation/howto/index.rst \
Documentation/howto/docker.rst \
Documentation/howto/kvm.rst \
@@ -58,8 +67,7 @@ SPHINXBUILDDIR = $(srcdir)/Documentation/_build
 # Internal variables.
 PAPEROPT_a4 = -D latex_paper_size=a4
 PAPEROPT_letter = -D latex_paper_size=letter
-# TODO(stephenfin): Add '-W' flag here once we've integrated required docs
-ALLSPHINXOPTS = -d $(SPHINXBUILDDIR)/doctrees $(PAPEROPT_$(PAPER)) 
$(SPHINXOPTS) $(SPHINXSRCDIR)
+ALLSPHINXOPTS = -W -d $(SPHINXBUILDDIR)/doctrees $(PAPEROPT_$(PAPER)) 
$(SPHINXOPTS) $(SPHINXSRCDIR)
 
 .PHONY: htmldocs
 htmldocs:
diff --git a/Documentation/howto/openstack-containers.rst 
b/Documentation/howto/openstack-containers.rst
index f10f60e..692fe25 100644
---

[ovs-dev] [PATCH v2 09/11] doc: Move WHY-OVS

2016-12-08 Thread Stephen Finucane

This is moved separately due to the sheer number of references to this
file in the codebase.

Signed-off-by: Stephen Finucane 
---
 Documentation/automake.mk  | 1 +
 Documentation/intro/index.rst  | 1 +
 WHY-OVS.rst => Documentation/intro/why-ovs.rst | 0
 FAQ.rst| 6 +++---
 Makefile.am| 3 +--
 rhel/openvswitch-fedora.spec.in| 2 +-
 rhel/openvswitch.spec.in   | 2 +-
 tests/run-oftest   | 2 +-
 tests/run-ryu  | 2 +-
 tutorial/ovs-sandbox   | 2 +-
 utilities/ovs-dev.py   | 2 +-
 utilities/ovs-sim.in   | 4 ++--
 12 files changed, 14 insertions(+), 13 deletions(-)
 rename WHY-OVS.rst => Documentation/intro/why-ovs.rst (100%)

diff --git a/Documentation/automake.mk b/Documentation/automake.mk
index 1f9800f..decea3c 100644
--- a/Documentation/automake.mk
+++ b/Documentation/automake.mk
@@ -7,6 +7,7 @@ EXTRA_DIST += \
Documentation/index.rst \
Documentation/contents.rst \
Documentation/intro/index.rst \
+   Documentation/intro/why-ovs.rst \
Documentation/intro/install/index.rst \
Documentation/intro/install/bash-completion.rst \
Documentation/intro/install/debian.rst \
diff --git a/Documentation/intro/index.rst b/Documentation/intro/index.rst
index 7d42813..7ad8bf3 100644
--- a/Documentation/intro/index.rst
+++ b/Documentation/intro/index.rst
@@ -32,4 +32,5 @@ How to get started with Open vSwitch.
 .. toctree::
:maxdepth: 2
 
+   why-ovs
install/index
diff --git a/WHY-OVS.rst b/Documentation/intro/why-ovs.rst
similarity index 100%
rename from WHY-OVS.rst
rename to Documentation/intro/why-ovs.rst
diff --git a/FAQ.rst b/FAQ.rst
index aa21d91..83f6c59 100644
--- a/FAQ.rst
+++ b/FAQ.rst
@@ -87,9 +87,9 @@ Q: Why would I use Open vSwitch instead of the Linux bridge?
 
 A: Open vSwitch is specially designed to make it easier to manage VM
 network configuration and monitor state spread across many physical hosts
-in dynamic virtualized environments.  Refer to `WHY-OVS `__
-for a more detailed description of how Open vSwitch relates to the Linux
-Bridge.
+in dynamic virtualized environments.  Refer to `WHY-OVS
+`__ for a more detailed description of how
+Open vSwitch relates to the Linux Bridge.
 
 Q: How is Open vSwitch related to distributed virtual switches like the VMware
 vNetwork distributed switch or the Cisco Nexus 1000V?
diff --git a/Makefile.am b/Makefile.am
index 427ac07..57de27c 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -70,8 +70,7 @@ docs = \
CONTRIBUTING.rst \
FAQ.rst \
MAINTAINERS.rst \
-   README.rst \
-   WHY-OVS.rst
+   README.rst
 EXTRA_DIST = \
$(docs) \
NOTICE \
diff --git a/rhel/openvswitch-fedora.spec.in b/rhel/openvswitch-fedora.spec.in
index d9befe0..c71c12f 100644
--- a/rhel/openvswitch-fedora.spec.in
+++ b/rhel/openvswitch-fedora.spec.in
@@ -481,7 +481,7 @@ fi
 %{_mandir}/man8/ovs-vswitchd.8*
 %{_mandir}/man8/ovs-parse-backtrace.8*
 %{_mandir}/man8/ovs-testcontroller.8*
-%doc COPYING NOTICE README.rst WHY-OVS.rst
+%doc COPYING NOTICE README.rst
 %doc FAQ.rst NEWS rhel/README.RHEL.rst
 /var/lib/openvswitch
 /var/log/openvswitch
diff --git a/rhel/openvswitch.spec.in b/rhel/openvswitch.spec.in
index 7ed948b..5d83ec0 100644
--- a/rhel/openvswitch.spec.in
+++ b/rhel/openvswitch.spec.in
@@ -248,7 +248,7 @@ exit 0
 /usr/share/openvswitch/scripts/sysconfig.template
 /usr/share/openvswitch/vswitch.ovsschema
 /usr/share/openvswitch/vtep.ovsschema
-%doc COPYING NOTICE README.rst WHY-OVS.rst FAQ.rst NEWS
+%doc COPYING NOTICE README.rst FAQ.rst NEWS
 %doc rhel/README.RHEL.rst
 /var/lib/openvswitch
 /var/log/openvswitch
diff --git a/tests/run-oftest b/tests/run-oftest
index ecfd783..d5701d6 100755
--- a/tests/run-oftest
+++ b/tests/run-oftest
@@ -21,7 +21,7 @@ case $srcdir in
 /*) ;;
 *) srcdir=`pwd`/$srcdir ;;
 esac
-if test ! -e "$srcdir"/WHY-OVS.rst; then
+if test ! -e "$srcdir"/README.rst; then
 echo >&2 'source directory not found, please set $srcdir or run via \"make 
check-oftest'
 exit 1
 fi
diff --git a/tests/run-ryu b/tests/run-ryu
index 0be6c01..2aea14d 100755
--- a/tests/run-ryu
+++ b/tests/run-ryu
@@ -19,7 +19,7 @@ case $srcdir in
 /*) ;;
 *) srcdir=`pwd`/$srcdir ;;
 esac
-if test ! -e "$srcdir"/WHY-OVS.rst; then
+if test ! -e "$srcdir"/README.rst; then
 echo >&2 'source directory not found, please set $srcdir or run via \"make 
check-ryu'
 exit 1
 fi
diff --git a/tutorial/ovs-sandbox b/tutorial/ovs-sandbox
index 4372da4..c9742ab 100755
--- a/tutorial/ovs-sandbox
+++ b/tutorial/ovs-sandbox
@@ -223,7 +223,7 @@ if $built; then
 case $srcdir in
 '')
 srcdir=$builddir
-if test ! -e

[ovs-dev] [PATCH v2 03/11] doc: Populate 'ref' section

2016-12-08 Thread Stephen Finucane

This is a simple table with links to the manpages published on
openvswitch.org. Something fancier can be done in the future.

Signed-off-by: Stephen Finucane 
---
 Documentation/ref/index.rst | 144 +++-
 1 file changed, 143 insertions(+), 1 deletion(-)

diff --git a/Documentation/ref/index.rst b/Documentation/ref/index.rst
index cb4f30b..27d975a 100644
--- a/Documentation/ref/index.rst
+++ b/Documentation/ref/index.rst
@@ -30,4 +30,146 @@ Reference Guide
 Man Pages
 -
 
-**TODO**
+.. TODO(stephenfin): Investigate some way to get the manpages into rST format.
+   The most viable option seems to be writing them all in rST, converting them
+   to roff format and storing both the rST and roff formatted docs in version
+   control.
+
+.. list-table::
+
+   * - ovn-architecture(7)
+ - `(pdf) 
`__
+ - `(html) 
`__
+ - `(plain text) 
`__
+   * - ovn-controller(8)
+ - `(pdf) 
`__
+ - `(html) 
`__
+ - `(plain text) 
`__
+   * - ovn-controller-vtep(8)
+ - `(pdf) 
`__
+ - `(html) 
`__
+ - `(plain text) 
`__
+   * - ovn-ctl(8)
+ - `(pdf) `__
+ - `(html) `__
+ - `(plain text) 
`__
+   * - ovn-nb(5)
+ - `(pdf) `__
+ - `(html) `__
+ - `(plain text) `__
+   * - ovn-nbctl(8)
+ - `(pdf) `__
+ - `(html) `__
+ - `(plain text) 
`__
+   * - ovn-northd(8)
+ - `(pdf) `__
+ - `(html) `__
+ - `(plain text) 
`__
+   * - ovn-sb(5)
+ - `(pdf) `__
+ - `(html) `__
+ - `(plain text) `__
+   * - ovn-sbctl(8)
+ - `(pdf) `__
+ - `(html) `__
+ - `(plain text) 
`__
+   * - ovn-trace(8)
+ - `(pdf) `__
+ - `(html) `__
+ - `(plain text) 
`__
+   * - ovs-appctl(8)
+ - `(pdf) `__
+ - `(html) `__
+ - `(plain text) 
`__
+   * - ovs-bugtool(8)
+ - `(pdf) `__
+ - `(html) `__
+ - `(plain text) 
`__
+   * - ovs-ctl(8)
+ - `(pdf) `__
+ - `(html) `__
+ - `(plain text) 
`__
+   * - ovsdb-client(1)
+ - `(pdf) `__
+ - `(html) 
`__
+ - `(plain text) 
`__
+   * - ovsdb-server(1)
+ - `(pdf) `__
+ - `(html) 
`__
+ - `(plain text) 
`__
+   * - ovsdb-tool(1)
+ - `(pdf) `__
+ - `(html)

[ovs-dev] [PATCH v2 00/11] Sphinx-ification of documentation

2016-12-08 Thread Stephen Finucane

This series is the first in a number of planned series that rework and
expand the OVS documentation. This particular series aims to achieve
the following:

* Configure the basics required for Sphinx documentation generation

* Create a number of document sections and move all documents, with
  the exception of some top-level files, into at least one of these
  sections

* Update or remove references to any doc files which have been moved

Any significant refactoring of documentation has been left for future
series, though TODOs are included to remind people to do this. I plan
to follow-up this series with the following:

* A refactor of existing documents, moving content from one section to
  another if it makes more sense. The (generally excellent, but
  somewhat convoluted) DPDK-advanced guide is first on my radar.

* Adding further documentation to the '/topics' section, based on a
  variety of blog posts and mailing list posts I've collected. A
  change to the patch acceptance criteria could help in the long term
  (think: don't add a new feature until how it works is explained in
  the docs)?

* Other random oddities

All other comments from the original series cover letter still apply.

https://mail.openvswitch.org/pipermail/ovs-dev/2016-November/325292.html

Changes since v1:
- Rebase onto master

Stephen Finucane (11):
  Add initial sphinx configuration
  doc: Create directory structure
  doc: Populate 'ref' section
  doc: Populate 'internals' section
  doc: Populate 'install', 'howto' sections
  doc: Further populate the 'howto' section
  doc: Populate 'topics' section
  doc: Populate 'tutorials' section
  doc: Move WHY-OVS
  doc: Populate 'faq' section
  doc: Remove documentation from distdoc target

 .gitignore |1 +
 CONTRIBUTING.rst   |  430 +---
 Documentation/_static/logo.png |  Bin 0 -> 13341 bytes
 Documentation/automake.mk  |   93 +-
 Documentation/conf.py  |  338 
 Documentation/contents.rst |   42 +
 Documentation/faq/configuration.rst|  240 +++
 Documentation/faq/contributing.rst |   75 +
 Documentation/faq/design.rst   |  110 +
 Documentation/faq/general.rst  |  132 ++
 Documentation/faq/index.rst|   43 +
 Documentation/faq/issues.rst   |  416 
 Documentation/faq/openflow.rst |  537 +
 Documentation/faq/qos.rst  |  169 ++
 Documentation/faq/releases.rst |  270 +++
 Documentation/faq/terminology.rst  |   37 +
 Documentation/faq/vlan.rst |  282 +++
 Documentation/faq/vxlan.rst|   53 +
 .../howto/docker.rst   |   13 +-
 Documentation/howto/index.rst  |   48 +
 INSTALL.KVM.rst => Documentation/howto/kvm.rst |   15 +-
 .../howto/libvirt.rst  |   11 +-
 README-lisp.rst => Documentation/howto/lisp.rst|0
 .../howto/native-tunneling.rst |0
 .../howto/openstack-containers.rst |   10 +-
 .../howto/selinux.rst  |8 +-
 INSTALL.SSL.rst => Documentation/howto/ssl.rst |4 +-
 .../howto/vtep.rst |   17 +-
 Documentation/index.rst|   93 +
 Documentation/internals/authors.rst|   24 +
 .../internals/bugs.rst |2 +-
 .../{ => internals}/committer-grant-revocation.rst |2 +-
 .../{ => internals}/committer-responsibilities.rst |8 +-
 .../contributing/coding-style-windows.rst  |8 +-
 .../internals/contributing/coding-style.rst|2 +-
 .../internals/contributing/documentation-style.rst |8 +-
 Documentation/internals/contributing/index.rst |   36 +
 .../internals/contributing/submitting-patches.rst  |  452 +
 Documentation/internals/index.rst  |   44 +
 Documentation/internals/mailing-lists.rst  |   96 +
 Documentation/internals/maintainers.rst|   24 +
 Documentation/{ => internals}/release-process.rst  |0
 .../internals/security.rst |   36 +-
 Documentation/intro/index.rst  |   36 +
 .../intro/install/bash-completion.rst  |0
 .../intro/install/debian.rst   |   16 +-
 .../intro/install/dpdk-advanced.rst|   23 +-
 .../intro/install/dpdk.rst |   54 +-
 .../intro/install/fedora.rst   |   19 +-
 .../intro/install/general.rst  |   35 +-
 Documentation/intro/install/index.rst  |   67 +
 .../intro/install/netbsd.rst   |7 +-
 .../intro/install/rhel.rst

[ovs-dev] [PATCH v2 02/11] doc: Create directory structure

2016-12-08 Thread Stephen Finucane

Create a series of sections, all of which are currently empty, using
the general design established by Jacob Kaplan-Moss and the Django
project [1]. Five sections are provided:

- intro
- tutorials
- topics
- howto
- ref
- faq
- internals

The purpose of each section is described in the documents themselves.

[1] https://jacobian.org/writing/great-documentation/

Signed-off-by: Stephen Finucane 
---
 Documentation/automake.mk | 10 -
 Documentation/contents.rst| 11 ++
 Documentation/faq/index.rst   | 31 +++
 Documentation/howto/index.rst | 34 +
 Documentation/index.rst   | 40 +++
 Documentation/internals/index.rst | 34 +
 Documentation/intro/index.rst | 35 ++
 Documentation/intro/install/index.rst | 34 +
 Documentation/ref/index.rst   | 33 +
 Documentation/topics/index.rst| 34 +
 Documentation/tutorials/index.rst | 34 +
 11 files changed, 329 insertions(+), 1 deletion(-)
 create mode 100644 Documentation/faq/index.rst
 create mode 100644 Documentation/howto/index.rst
 create mode 100644 Documentation/internals/index.rst
 create mode 100644 Documentation/intro/index.rst
 create mode 100644 Documentation/intro/install/index.rst
 create mode 100644 Documentation/ref/index.rst
 create mode 100644 Documentation/topics/index.rst
 create mode 100644 Documentation/tutorials/index.rst

diff --git a/Documentation/automake.mk b/Documentation/automake.mk
index 9cf67c6..ad5f488 100644
--- a/Documentation/automake.mk
+++ b/Documentation/automake.mk
@@ -9,7 +9,15 @@ EXTRA_DIST += \
Documentation/_static/logo.png \
Documentation/conf.py \
Documentation/index.rst \
-   Documentation/contents.rst
+   Documentation/contents.rst \
+   Documentation/intro/index.rst \
+   Documentation/intro/install/index.rst \
+   Documentation/tutorials/index.rst \
+   Documentation/topics/index.rst \
+   Documentation/howto/index.rst \
+   Documentation/ref/index.rst \
+   Documentation/faq/index.rst \
+   Documentation/internals/index.rst
 
 # You can set these variables from the command line.
 SPHINXOPTS =
diff --git a/Documentation/contents.rst b/Documentation/contents.rst
index 3ecb741..befc8f6 100644
--- a/Documentation/contents.rst
+++ b/Documentation/contents.rst
@@ -29,3 +29,14 @@ Open vSwitch Documentation Contents
:maxdepth: 3
 
index
+
+.. toctree::
+   :maxdepth: 3
+
+   intro/index
+   tutorials/index
+   topics/index
+   howto/index
+   ref/index
+   faq/index
+   internals/index
diff --git a/Documentation/faq/index.rst b/Documentation/faq/index.rst
new file mode 100644
index 000..a32f550
--- /dev/null
+++ b/Documentation/faq/index.rst
@@ -0,0 +1,31 @@
+..
+  Copyright (c) 2016, Stephen Finucane 
+
+  Licensed under the Apache License, Version 2.0 (the "License"); you may
+  not use this file except in compliance with the License. You may obtain
+  a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+  License for the specific language governing permissions and limitations
+  under the License.
+
+  Convention for heading levels in Open vSwitch documentation:
+
+  ===  Heading 0 (reserved for the title in a document)
+  ---  Heading 1
+  ~~~  Heading 2
+  +++  Heading 3
+  '''  Heading 4
+
+  Avoid deeper levels because they do not render well.
+
+
+Open vSwitch FAQ
+
+
+.. toctree::
+   :maxdepth: 2
diff --git a/Documentation/howto/index.rst b/Documentation/howto/index.rst
new file mode 100644
index 000..1c4d9d2
--- /dev/null
+++ b/Documentation/howto/index.rst
@@ -0,0 +1,34 @@
+..
+  Copyright (c) 2016, Stephen Finucane 
+
+  Licensed under the Apache License, Version 2.0 (the "License"); you may
+  not use this file except in compliance with the License. You may obtain
+  a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+  License for the specific language governing permissions and limitations
+  under the License.
+
+  Convention for heading levels in Open vSwitch documentation:
+
+

[ovs-dev] [PATCH v2] sflow: Expose ethernet stats via sFlow

2016-12-08 Thread Robert Wojciechowicz

Expose existing netdev stats via sFlow.
Export sFlow ETHERNET structure with available counters.
Map existing stats to counters in the GENERIC INTERFACE
sFlow structure.
Adjust unit test to accommodate these new counters.

Signed-off-by: Robert Wojciechowicz 
---
v2:
- remove VLAN counters
---
 ofproto/ofproto-dpif-sflow.c |  27 --
 tests/ofproto-dpif.at| 126 +++
 tests/test-sflow.c   |  26 -
 3 files changed, 154 insertions(+), 25 deletions(-)

diff --git a/ofproto/ofproto-dpif-sflow.c b/ofproto/ofproto-dpif-sflow.c
index 37992b4..7ccaa3e 100644
--- a/ofproto/ofproto-dpif-sflow.c
+++ b/ofproto/ofproto-dpif-sflow.c
@@ -298,9 +298,11 @@ sflow_agent_get_counters(void *ds_, SFLPoller *poller,
 {
 struct dpif_sflow *ds = ds_;
 SFLCounters_sample_element elem, lacp_elem, of_elem, name_elem;
+SFLCounters_sample_element eth_elem;
 enum netdev_features current;
 struct dpif_sflow_port *dsp;
 SFLIf_counters *counters;
+SFLEthernet_counters* eth_counters;
 struct netdev_stats stats;
 enum netdev_flags flags;
 struct lacp_slave_stats lacp_stats;
@@ -343,14 +345,14 @@ sflow_agent_get_counters(void *ds_, SFLPoller *poller,
 counters->ifInOctets = stats.rx_bytes;
 counters->ifInUcastPkts = stats.rx_packets;
 counters->ifInMulticastPkts = stats.multicast;
-counters->ifInBroadcastPkts = -1;
+counters->ifInBroadcastPkts = stats.rx_broadcast_packets;
 counters->ifInDiscards = stats.rx_dropped;
 counters->ifInErrors = stats.rx_errors;
 counters->ifInUnknownProtos = -1;
 counters->ifOutOctets = stats.tx_bytes;
 counters->ifOutUcastPkts = stats.tx_packets;
-counters->ifOutMulticastPkts = -1;
-counters->ifOutBroadcastPkts = -1;
+counters->ifOutMulticastPkts = stats.tx_multicast_packets;
+counters->ifOutBroadcastPkts = stats.tx_broadcast_packets;
 counters->ifOutDiscards = stats.tx_dropped;
 counters->ifOutErrors = stats.tx_errors;
 counters->ifPromiscuousMode = 0;
@@ -407,6 +409,25 @@ sflow_agent_get_counters(void *ds_, SFLPoller *poller,
   (OVS_FORCE uint32_t)dsp->ofport->ofp_port;
 SFLADD_ELEMENT(cs, _elem);
 
+/* Include ethernet counters */
+memset(_elem, 0, sizeof eth_elem);
+eth_elem.tag = SFLCOUNTERS_ETHERNET;
+eth_counters = _elem.counterBlock.ethernet;
+eth_counters->dot3StatsAlignmentErrors = stats.rx_frame_errors;
+eth_counters->dot3StatsFCSErrors = stats.rx_crc_errors;
+eth_counters->dot3StatsFrameTooLongs = stats.rx_oversize_errors;
+SFL_UNDEF_COUNTER(eth_counters->dot3StatsSingleCollisionFrames);
+SFL_UNDEF_COUNTER(eth_counters->dot3StatsMultipleCollisionFrames);
+SFL_UNDEF_COUNTER(eth_counters->dot3StatsSQETestErrors);
+SFL_UNDEF_COUNTER(eth_counters->dot3StatsDeferredTransmissions);
+SFL_UNDEF_COUNTER(eth_counters->dot3StatsLateCollisions);
+SFL_UNDEF_COUNTER(eth_counters->dot3StatsExcessiveCollisions);
+SFL_UNDEF_COUNTER(eth_counters->dot3StatsInternalMacTransmitErrors);
+SFL_UNDEF_COUNTER(eth_counters->dot3StatsCarrierSenseErrors);
+SFL_UNDEF_COUNTER(eth_counters->dot3StatsInternalMacReceiveErrors);
+SFL_UNDEF_COUNTER(eth_counters->dot3StatsSymbolErrors);
+SFLADD_ELEMENT(cs, _elem);
+
 sfl_poller_writeCountersSample(poller, cs);
 }
 
diff --git a/tests/ofproto-dpif.at b/tests/ofproto-dpif.at
index cd90424..50de39e 100644
--- a/tests/ofproto-dpif.at
+++ b/tests/ofproto-dpif.at
@@ -5430,19 +5430,103 @@ HEADER

hdr=50-54-00-00-00-05-50-54-00-00-00-07-86-DD-67-00-00-00-00-00-0A-80-FE-80-00-00-00-00-00-00-00-00-00-00-00-00-00-01-FE-80-00-00-00-00-00-00-00-00-00-00-00-00-00-02
 ])
 
-  AT_CHECK_UNQUOTED([[sort sflow.log | $EGREP 
'IFCOUNTERS|ERROR|PORTNAME|OPENFLOWPORT' | head -18 | sed 's/ /\
+  AT_CHECK_UNQUOTED([[sort sflow.log | $EGREP 
'ETHCOUNTERS|IFCOUNTERS|ERROR|PORTNAME|OPENFLOWPORT' | head -24 | sed 's/ /\
/g']], [0], [dnl
+ETHCOUNTERS
+   dot3StatsAlignmentErrors=4294967295
+   dot3StatsFCSErrors=4294967295
+   dot3StatsSingleCollisionFrames=4294967295
+   dot3StatsMultipleCollisionFrames=4294967295
+   dot3StatsSQETestErrors=4294967295
+   dot3StatsDeferredTransmissions=4294967295
+   dot3StatsLateCollisions=4294967295
+   dot3StatsExcessiveCollisions=4294967295
+   dot3StatsInternalMacTransmitErrors=4294967295
+   dot3StatsCarrierSenseErrors=4294967295
+   dot3StatsFrameTooLongs=4294967295
+   dot3StatsInternalMacReceiveErrors=4294967295
+   dot3StatsSymbolErrors=4294967295
+ETHCOUNTERS
+   dot3StatsAlignmentErrors=4294967295
+   dot3StatsFCSErrors=4294967295
+   dot3StatsSingleCollisionFrames=4294967295
+   dot3StatsMultipleCollisionFrames=4294967295
+   dot3StatsSQETestErrors=4294967295
+   dot3StatsDeferredTransmissions=4294967295
+   dot3StatsLateCollisions=4294967295
+

[ovs-dev] [PATCH V2] netdev-dpdk: fix ifindex assignment for DPDK ports

2016-12-08 Thread Przemyslaw Lal

In current implementation port_id is used as an ifindex for all netdev-dpdk
interfaces.

For physical DPDK interfaces using port_id as ifindex causes that '0' is set as
ifindex for 'dpdk0' interface, '1' for 'dpdk1' and so on. For the DPDK vHost
interfaces ifindexes are not even assigned (0 is used by default) due to the
fact that vHost ports don't use port_id field from the DPDK library.

This causes multiple negative side-effects. First of all 0 is an invalid
ifindex value. The other issue is possible overlapping of 'dpdkX' interfaces
ifindex values with the infindexes of kernel space interfaces which may cause
problems in any external tools that use those values. Neither 'dpdk0', nor any
DPDK vHost interfaces are visible in sFlow collector tools, as all interfaces
with ifindexes smaller than 1 are ignored.

Proposed solution to these issues is to calculate a hash of interface's name
and use calculated value as an ifindex. This way interfaces keep their
ifindexes during OVS-DPDK restarts, ports re-initialization events, etc., show
up in sFlow collectors and meet RFC2863 specification regarding re-using
ifindex values by the same virtual interfaces.

Signed-off-by: Przemyslaw Lal 
---
 lib/netdev-dpdk.c | 8 +++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/lib/netdev-dpdk.c b/lib/netdev-dpdk.c
index de78ddd..ef99eb3 100644
--- a/lib/netdev-dpdk.c
+++ b/lib/netdev-dpdk.c
@@ -2075,7 +2075,13 @@ netdev_dpdk_get_ifindex(const struct netdev *netdev)
 int ifindex;
 
 ovs_mutex_lock(>mutex);
-ifindex = dev->port_id;
+/* Calculate hash from the netdev name using hash_bytes() function.
+ * Because ifindex is declared as signed int in the kernel sources and
+ * OVS follows this implementation right shift is needed to set sign bit
+ * to 0 and then XOR to slightly improve collision rate.
+ */
+uint32_t h = hash_bytes(netdev->name, strlen(netdev->name), 0);
+ifindex = (int)((h >> 1) ^ (h & 0x0FFF));
 ovs_mutex_unlock(>mutex);
 
 return ifindex;
-- 
1.9.1

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH net-next] openvswitch: fix VxLAN-gpe port can't be created in ovs compat mode

2016-12-08 Thread Yang, Yi

On Thu, Dec 08, 2016 at 12:37:56PM +0100, Jiri Benc wrote:
> On Thu, 8 Dec 2016 18:57:51 +0800, Yang, Yi wrote:
> > So ovs out of tree modules need to adapt to upstream kernel, any
> > kernel-related changes must be accepted by Linux kernel at first.
> 
> I'm perfectly aware of that and I'm saying that your patch is
> unacceptable for upstream kernel. This is a long standing policy of the
> kernel: there's no way you can get a patch into the kernel to
> accommodate an out of tree kernel module. The policy is there for good
> reasons and as paradoxical as it may sound, it benefits the projects
> that employ out of tree modules in the long run.
> 
> If Open vSwitch wants to carry a non-upstream patch, it's its choice
> and we can have that discussion but that's not something to discuss on
> netdev@vger nor propose for net-next.
>
Jiri, according to your statement, we have to switch Linux 4.7 or above
if we want to use ovs VxLAN-gpe, Ubuntu 16.04 has had new kernel, but it
just use Linux kernel 4.4, you know Linux distributuions nerver uses the
latest stable Linux kernel because they have their own patches to
maintain, that will be a nightmare if they take the latest stable
kernel. You know RHEL also follows the same philosophy.

Current ovs master can be built on Ubuntu 14.04 which have Linux kernel
3.13, I think compatibility backward is very important, out of tree
modules are very important to ovs. If ovs installation will depend on
the latest kernel and force users to switch to new kernel, I believe it
nerver will be so popular in the industies.
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH net-next] openvswitch: fix VxLAN-gpe port can't be created in ovs compat mode

2016-12-08 Thread Jiri Benc

On Thu, 8 Dec 2016 18:57:51 +0800, Yang, Yi wrote:
> So ovs out of tree modules need to adapt to upstream kernel, any
> kernel-related changes must be accepted by Linux kernel at first.

I'm perfectly aware of that and I'm saying that your patch is
unacceptable for upstream kernel. This is a long standing policy of the
kernel: there's no way you can get a patch into the kernel to
accommodate an out of tree kernel module. The policy is there for good
reasons and as paradoxical as it may sound, it benefits the projects
that employ out of tree modules in the long run.

If Open vSwitch wants to carry a non-upstream patch, it's its choice
and we can have that discussion but that's not something to discuss on
netdev@vger nor propose for net-next.

 Jiri
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH v2] ovn-trace: Implement DHCP option support.

2016-12-08 Thread Numan Siddique

On Wed, Dec 7, 2016 at 1:49 PM, Numan Siddique  wrote:

>
>
> On Tue, Dec 6, 2016 at 4:12 AM, Ben Pfaff  wrote:
>
>> On Sun, Oct 23, 2016 at 02:32:11PM -0700, Ben Pfaff wrote:
>> > The put_dhcp_opts(v6) logical action didn't really work because
>> ovn-trace
>> > didn't handle DHCP options.  This fixes the problem.
>> >
>> > This also makes the put_dhcp_opts(v6) logical provide useful tracing
>> output
>> > showing what's happening and the assumptions.
>> >
>> > Signed-off-by: Ben Pfaff 
>>
>
>
> 
> Acked-by:
> Numan Siddique
>  <
>  nusid...@redhat.com
> >
> 
>

Looks like my previous email wasn't formatted properly.

Acked-by: Numan Siddique 


Thanks
Numan


Numan
>
>
> > ---
>> > v1->v2: Improve output in a few minor ways: make --detailed mode mention
>> > the DHCPDISCOVER/DHCPREQUEST assumption, make --minimal mode omit
>> register
>> > modifications.
>> >
>> >  ovn/utilities/ovn-trace.c | 63 ++
>> ++---
>> >  1 file changed, 59 insertions(+), 4 deletions(-)
>>
>> This still needs a review, which shouldn't be difficult.
>> ___
>> dev mailing list
>> d...@openvswitch.org
>> https://mail.openvswitch.org/mailman/listinfo/ovs-dev
>>
>
>
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [RFC PATCH] datapath: allow tunnels to be created with rtnetlink

2016-12-08 Thread Jiri Benc

On Wed, 7 Dec 2016 16:35:59 -0800, Pravin Shelar wrote:
> In compat mode, OVS tunnel devices are not used in same way as LWT,
> since OVS do support kernel version that does not have core LWT
> support. Therefore we have to use legacy vport APIs to create these
> ports.

I see. Yes, that's unfortunate.

> There might be a way to configure the device, once it is
> created, using rtnetlink API but would complicate the code. So I think
> in such cases like GPE we could to add code to the legacy code.

Could we just support the newest shiniest features only with lwtunnel
capable kernel? Kernel 4.3 is out for more than a year already, that's
a long time. And several more months will pass before this is available
in an Open vSwitch release.

What about:
- always preferring the out of tree module (whatever capabilities it
  has)
- first try rtnetlink
- if it fails, try genetlink
- if it fails (but the out of tree module is there), just don't
  bother with kernel
- then try the in kernel module
- first rtnetlink
- if it fails then genetlink

This way, we would accommodate most of the stuff. With old kernels,
VXLAN-GPE wouldn't be available even with the out of tree module (but
I think that's it, I can't think of any other feature unavailable at
this point; of course, more may be added in the future).

Is this really that bad? It's (relatively) simply to implement, the out
of tree module does not diverge from the in kernel one too much, and I
don't think the requirement for lwtunnels capable kernel for the newest
features is unreasonable.

Thanks,

 Jiri
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH] netdev: Set the default number of queues at removal from the database

2016-12-08 Thread Ilya Maximets

Expected behavior for attribute removal from the database is
resetting it to default value. Currently this doesn't work for
n_rxq/n_txq options of pmd netdevs (last requested value used):

# ovs-vsctl set interface dpdk0 options:n_rxq=4
# ovs-vsctl remove interface dpdk0 options n_rxq
# ovs-appctl dpif/show | grep dpdk0
  <...>
  dpdk0 1/1: (dpdk: configured_rx_queues=4, <...> \
requested_rx_queues=4,  <...>)

Fix that by using NR_QUEUE or 1 as a default value for 'smap_get_int'.

Fixes: a14b8947fd13 ("dpif-netdev: Allow different numbers of
  rx queues for different ports.")
Signed-off-by: Ilya Maximets 
---
 lib/netdev-dpdk.c  | 2 +-
 lib/netdev-dummy.c | 4 ++--
 tests/pmd.at   | 7 +++
 3 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/lib/netdev-dpdk.c b/lib/netdev-dpdk.c
index 61d7aa3..625f425 100644
--- a/lib/netdev-dpdk.c
+++ b/lib/netdev-dpdk.c
@@ -1084,7 +1084,7 @@ dpdk_set_rxq_config(struct netdev_dpdk *dev, const struct 
smap *args)
 {
 int new_n_rxq;
 
-new_n_rxq = MAX(smap_get_int(args, "n_rxq", dev->requested_n_rxq), 1);
+new_n_rxq = MAX(smap_get_int(args, "n_rxq", NR_QUEUE), 1);
 if (new_n_rxq != dev->requested_n_rxq) {
 dev->requested_n_rxq = new_n_rxq;
 netdev_request_reconfigure(>up);
diff --git a/lib/netdev-dummy.c b/lib/netdev-dummy.c
index dec1a8e..de74846 100644
--- a/lib/netdev-dummy.c
+++ b/lib/netdev-dummy.c
@@ -868,8 +868,8 @@ netdev_dummy_set_config(struct netdev *netdev_, const 
struct smap *args)
 goto exit;
 }
 
-new_n_rxq = MAX(smap_get_int(args, "n_rxq", netdev->requested_n_rxq), 1);
-new_n_txq = MAX(smap_get_int(args, "n_txq", netdev->requested_n_txq), 1);
+new_n_rxq = MAX(smap_get_int(args, "n_rxq", 1), 1);
+new_n_txq = MAX(smap_get_int(args, "n_txq", 1), 1);
 new_numa_id = smap_get_int(args, "numa_id", 0);
 if (new_n_rxq != netdev->requested_n_rxq
 || new_n_txq != netdev->requested_n_txq
diff --git a/tests/pmd.at b/tests/pmd.at
index 8f05d74..7d3fa0d 100644
--- a/tests/pmd.at
+++ b/tests/pmd.at
@@ -259,6 +259,13 @@ NXT_PACKET_IN2 (xid=0x0): cookie=0x0 total_len=42 
in_port=1 (via action) data_le
 
icmp,vlan_tci=0x,dl_src=50:54:00:00:00:09,dl_dst=50:54:00:00:00:0a,nw_src=10.0.0.2,nw_dst=10.0.0.1,nw_tos=0,nw_ecn=0,nw_ttl=64,icmp_type=8,icmp_code=0
 icmp_csum:f7ff
 ])
 
+dnl Check resetting to default number of rx queues after removal from the db.
+AT_CHECK([ovs-vsctl remove interface p1 options n_rxq])
+
+AT_CHECK([ovs-appctl dpif/show | grep p1 | sed 
's/\(tx_queues=\)[[0-9]]*/\1/g'], [0], [dnl
+   p1 1/1: (dummy-pmd: configured_rx_queues=1, 
configured_tx_queues=, requested_rx_queues=1, 
requested_tx_queues=)
+])
+
 OVS_VSWITCHD_STOP
 AT_CLEANUP
 
-- 
2.7.4

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH net-next] openvswitch: fix VxLAN-gpe port can't be created in ovs compat mode

2016-12-08 Thread Jiri Benc

On Thu,  8 Dec 2016 16:20:10 +0800, Yi Yang wrote:
> In ovs compat mode, ovs won't use LWT in current kernel, this is to
> make sure ovs can work on the old kernels, Linux kernel v4.7 includes
> VxLAN-gpe support but many Linux distributions' kernels are odler than
> v4.7, this fix will ensure that ovs can create VxLAN-gpe port correctly
> on old kernels, it has been verified on Ubuntu 16.04 x86_64 with Linux
> kernel 4.4.0-53-generic.

NAK. We do have a way to configure this and that's rtnetlink. Open
vSwitch should use that to configure tunnels. Out of tree modules are
on their own. Upstream kernel does not accommodate out of tree modules.

 Jiri
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH net-next] openvswitch: fix VxLAN-gpe port can't be created in ovs compat mode

2016-12-08 Thread Yi Yang

In ovs compat mode, ovs won't use LWT in current kernel, this is to
make sure ovs can work on the old kernels, Linux kernel v4.7 includes
VxLAN-gpe support but many Linux distributions' kernels are odler than
v4.7, this fix will ensure that ovs can create VxLAN-gpe port correctly
on old kernels, it has been verified on Ubuntu 16.04 x86_64 with Linux
kernel 4.4.0-53-generic.

This does touch compat code, but it is necessary as Pravin commented.

Without this fix, ovs can't create VxLAN-gpe port, it is still a VxLAN
port.

vxlan_sys_4790 Link encap:Ethernet  HWaddr 72:23:60:c2:8b:8d
  inet6 addr: fe80::7023:60ff:fec2:8b8d/64 Scope:Link
  UP BROADCAST RUNNING MULTICAST  MTU:65485  Metric:1
  RX packets:0 errors:0 dropped:0 overruns:0 frame:0
  TX packets:0 errors:0 dropped:8 overruns:0 carrier:0
  collisions:0 txqueuelen:1000
  RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

But with this fix applied, a real L3 port is created

vxlan_sys_4790 Link encap:UNSPEC  HWaddr
00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
  UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:65485  Metric:1
  RX packets:0 errors:0 dropped:0 overruns:0 frame:0
  TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
  collisions:0 txqueuelen:1000
  RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

Signed-off-by: Yi Yang 
---
 include/uapi/linux/openvswitch.h |  1 +
 net/openvswitch/vport-vxlan.c| 15 +++
 2 files changed, 16 insertions(+)

diff --git a/include/uapi/linux/openvswitch.h b/include/uapi/linux/openvswitch.h
index 375d812..b0e27b3 100644
--- a/include/uapi/linux/openvswitch.h
+++ b/include/uapi/linux/openvswitch.h
@@ -265,6 +265,7 @@ enum ovs_vport_attr {
 enum {
OVS_VXLAN_EXT_UNSPEC,
OVS_VXLAN_EXT_GBP,  /* Flag or __u32 */
+   OVS_VXLAN_EXT_GPE,  /* Flag or __u32 */
__OVS_VXLAN_EXT_MAX,
 };
 
diff --git a/net/openvswitch/vport-vxlan.c b/net/openvswitch/vport-vxlan.c
index 7eb955e..42e46af 100644
--- a/net/openvswitch/vport-vxlan.c
+++ b/net/openvswitch/vport-vxlan.c
@@ -52,6 +52,18 @@ static int vxlan_get_options(const struct vport *vport, 
struct sk_buff *skb)
return -EMSGSIZE;
 
nla_nest_end(skb, exts);
+   } else if (vxlan->flags & VXLAN_F_GPE) {
+   struct nlattr *exts;
+
+   exts = nla_nest_start(skb, OVS_TUNNEL_ATTR_EXTENSION);
+   if (!exts)
+   return -EMSGSIZE;
+
+   if (vxlan->flags & VXLAN_F_GPE &&
+   nla_put_flag(skb, OVS_VXLAN_EXT_GPE))
+   return -EMSGSIZE;
+
+   nla_nest_end(skb, exts);
}
 
return 0;
@@ -59,6 +71,7 @@ static int vxlan_get_options(const struct vport *vport, 
struct sk_buff *skb)
 
 static const struct nla_policy exts_policy[OVS_VXLAN_EXT_MAX + 1] = {
[OVS_VXLAN_EXT_GBP] = { .type = NLA_FLAG, },
+   [OVS_VXLAN_EXT_GPE] = { .type = NLA_FLAG, },
 };
 
 static int vxlan_configure_exts(struct vport *vport, struct nlattr *attr,
@@ -76,6 +89,8 @@ static int vxlan_configure_exts(struct vport *vport, struct 
nlattr *attr,
 
if (exts[OVS_VXLAN_EXT_GBP])
conf->flags |= VXLAN_F_GBP;
+   else if (exts[OVS_VXLAN_EXT_GPE])
+   conf->flags |= VXLAN_F_GPE;
 
return 0;
 }
-- 
1.9.3

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

52 matches

Mail list logo