Re: [ovs-dev] [PATCH v2 3/5] selinux: tag the custom policy version

[Ansis Atteka]

On Fri, 4 May 2018 at 11:28, Aaron Conole  wrote:

> Since the policy is an intermediate file, it can inherit the policy
> module version from release version.

> Suggested-by: Ansis Atteka 
> Signed-off-by: Aaron Conole 

Acked-by: Ansis Atteka 

> ---
> selinux/openvswitch-custom.te.in | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)

> diff --git a/selinux/openvswitch-custom.te.in b/selinux/
openvswitch-custom.te.in
> index 31e8fab15..df5013f48 100644
> --- a/selinux/openvswitch-custom.te.in
> +++ b/selinux/openvswitch-custom.te.in
> @@ -1,4 +1,4 @@
> -module openvswitch-custom 1.0.1;
> +module openvswitch-custom @VERSION@;

> require {
> role system_r;
> --
> 2.14.3
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] Recursos Federales para PyMES

[Beneficios y Resultados]

Acceso a Recursos Federales para PyMES  
Junio 05 - webinar Interactivo

Introducción:

En la actualidad el autoempleo y el emprendimiento son considerados una de las 
mejores maneras de generar ingresos. Muchas veces tenemos la idea y los 
conocimientos para iniciar, pero nos hace falta el recurso monetario necesario 
para la inversión inicial. Ese empujón que nos permita pasar del plan, de las 
ideas al mundo de lo concreto. Este curso está diseñado para orientar a los 
emprendedores y las pequeñas y medianas empresas en el camino a conseguir 
recursos federales para lograr el establecimiento de sus negocios. 

Temas a tratar:

1.- Introducción y Aspectos Generales de los Proyectos y Apoyos Federales.
2.- Corrida Financiera y Análisis de Rentabilidad.
3.- Objetivos Generales.
4.- Justificación y Análisis de Factibilidad. 
5.- Secretarías y Programas. 
6.- Plan Detallado del Proyecto.
7.- Organigrama y Tareas. 
8.- Beneficios y Resultados. 
9.- Revisión y Checklist del Proyecto. 
 
 
Temario e Inscripciones:

Respondiendo por este medio "Federales"+ Nombre + Teléfono + Empresa o marcando 
al:

045 + 5515546630 
 



___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH] ovn/utilities: add info and warn level log functions

[Yifeng Sun]

Looks good to me, thanks.

Reviewed-by: Yifeng Sun 

On Sun, Apr 29, 2018 at 2:02 PM, Ben Pfaff  wrote:

> From: Paul Greenberg 
>
> There is no INFO or WARN level log function. It is either ERROR or
> FATAL. This PR adds it.
>
> Signed-off-by: Paul Greenberg 
> Submitted-at: https://github.com/openvswitch/ovs/pull/229
> ---
> Posting to ovs-dev so that it gets reviewed.
>
>  ovn/utilities/ovn-docker-overlay-driver.in | 14 ++
>  python/ovs/util.py | 28
> 
>  2 files changed, 42 insertions(+)
>
> diff --git a/ovn/utilities/ovn-docker-overlay-driver.in b/ovn/utilities/
> ovn-docker-overlay-driver.in
> index 65edfcd9d19e..28778d1e5263 100755
> --- a/ovn/utilities/ovn-docker-overlay-driver.in
> +++ b/ovn/utilities/ovn-docker-overlay-driver.in
> @@ -110,6 +110,7 @@ def prepare():
>  fo = open(PLUGIN_FILE, "w")
>  fo.write("tcp://0.0.0.0:5000")
>  fo.close()
> +ovs.util.ovs_info("configuration file: %s" % (PLUGIN_FILE), vlog)
>  except Exception as e:
>  ovs.util.ovs_fatal(0, "Failed to write to spec file (%s)" %
> str(e),
> vlog)
> @@ -437,6 +438,19 @@ def network_leave():
>
>  return jsonify({})
>
> +@app.route('/', defaults={'path': ''})
> +@app.route('/')
> +def unsupported_libnetwork_call(path):
> +'''
> +This function handles any new endpoints that are being added to
> +Docker libnetwork remote network plugin API. If this function receives
> +a request and that request is valid, there is a need to refactor
> +this plugin, because a new functionality is being introduced.
> +'''
> +ovs.util.ovs_warn("received unsupported libnetwork %s request to: %s,
> with payload: %s" % (request.method, request.path, request.data), vlog)
> +
> +return jsonify({})
> +
>  if __name__ == '__main__':
>  prepare()
>  app.run(host='0.0.0.0')
> diff --git a/python/ovs/util.py b/python/ovs/util.py
> index 411ac99c85a4..13a34d8c302b 100644
> --- a/python/ovs/util.py
> +++ b/python/ovs/util.py
> @@ -93,3 +93,31 @@ def ovs_fatal(*args, **kwargs):
>
>  ovs_error(*args, **kwargs)
>  sys.exit(1)
> +
> +
> +def ovs_info(message, vlog=None):
> +"""Prints 'message' on stdout and emits an INFO level log message to
> +'vlog' if supplied.
> +
> +'message' should not end with a new-line, because this function will
> add
> +one itself."""
> +
> +info_msg = "%s: %s" % (PROGRAM_NAME, message)
> +
> +sys.stdout.write("%s\n" % info_msg)
> +if vlog:
> +vlog.info(info_msg)
> +
> +
> +def ovs_warn(message, vlog=None):
> +"""Prints 'message' on stdout and emits an WARN level log message to
> +'vlog' if supplied.
> +
> +'message' should not end with a new-line, because this function will
> add
> +one itself."""
> +
> +info_msg = "%s: %s" % (PROGRAM_NAME, message)
> +
> +sys.stdout.write("%s\n" % info_msg)
> +if vlog:
> +vlog.warn(info_msg)
> --
> 2.16.1
>
> ___
> dev mailing list
> d...@openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-dev
>
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH] ofp-actions: Split ofpacts_check__() into many functions.

[Ben Pfaff]

ofpacts_check__() was a huge switch statement with special cases for many
different kinds of actions.  This made it unwieldy and put the special
cases far away from the rest of the code related to a given action.  This
commit refactors the code to avoid the problem.

Signed-off-by: Ben Pfaff 
---
 include/openvswitch/ofp-actions.h |  20 +-
 lib/ofp-actions.c | 973 --
 lib/ofp-flow.c|  19 +-
 ofproto/ofproto-dpif-trace.c  |  20 +-
 ofproto/ofproto.c |  12 +-
 utilities/ovs-ofctl.c |  19 +-
 6 files changed, 678 insertions(+), 385 deletions(-)

diff --git a/include/openvswitch/ofp-actions.h 
b/include/openvswitch/ofp-actions.h
index b3dd0959d53e..8f5ebaa2be51 100644
--- a/include/openvswitch/ofp-actions.h
+++ b/include/openvswitch/ofp-actions.h
@@ -1029,14 +1029,22 @@ ofpacts_pull_openflow_instructions(struct ofpbuf 
*openflow,
const struct vl_mff_map *vl_mff_map,
uint64_t *ofpacts_tlv_bitmap,
struct ofpbuf *ofpacts);
+
+struct ofpact_check_params {
+/* Input. */
+struct match *match;
+ofp_port_t max_ports;
+uint8_t table_id;
+uint8_t n_tables;
+
+/* Output. */
+enum ofputil_protocol usable_protocols;
+};
 enum ofperr ofpacts_check(struct ofpact[], size_t ofpacts_len,
-  struct match *, ofp_port_t max_ports,
-  uint8_t table_id, uint8_t n_tables,
-  enum ofputil_protocol *usable_protocols);
+  struct ofpact_check_params *);
 enum ofperr ofpacts_check_consistency(struct ofpact[], size_t ofpacts_len,
-  struct match *, ofp_port_t max_ports,
-  uint8_t table_id, uint8_t n_tables,
-  enum ofputil_protocol usable_protocols);
+  enum ofputil_protocol needed_protocols,
+  struct ofpact_check_params *);
 enum ofperr ofpact_check_output_port(ofp_port_t port, ofp_port_t max_ports);
 
 /* Converting ofpacts to OpenFlow. */
diff --git a/lib/ofp-actions.c b/lib/ofp-actions.c
index 87797bc9a4fd..a5967ea777fa 100644
--- a/lib/ofp-actions.c
+++ b/lib/ofp-actions.c
@@ -430,6 +430,8 @@ static char * OVS_WARN_UNUSED_RESULT ofpacts_parse_copy(
 const char *s_, const struct ofpact_parse_params *pp,
 bool allow_instructions, enum ofpact_type outer_action);
 
+static void inconsistent_match(enum ofputil_protocol *usable_protocols);
+
 /* Returns the ofpact following 'ofpact', except that if 'ofpact' contains
  * nested ofpacts it returns the first one. */
 struct ofpact *
@@ -687,6 +689,13 @@ format_OUTPUT(const struct ofpact_output *a,
 ds_put_format(fp->s, ":%"PRIu16, a->max_len);
 }
 }
+
+static enum ofperr
+check_OUTPUT(const struct ofpact_output *a,
+ const struct ofpact_check_params *cp)
+{
+return ofpact_check_output_port(a->port, cp->max_ports);
+}
 
 /* Group actions. */
 
@@ -719,6 +728,13 @@ format_GROUP(const struct ofpact_group *a,
 ds_put_format(fp->s, "%sgroup:%s%"PRIu32,
   colors.special, colors.end, a->group_id);
 }
+
+static enum ofperr
+check_GROUP(const struct ofpact_group *a OVS_UNUSED,
+const struct ofpact_check_params *cp OVS_UNUSED)
+{
+return 0;
+}
 
 /* Action structure for NXAST_CONTROLLER.
  *
@@ -1010,6 +1026,13 @@ format_CONTROLLER(const struct ofpact_controller *a,
 ds_put_format(fp->s, "%s)%s", colors.paren, colors.end);
 }
 }
+
+static enum ofperr
+check_CONTROLLER(const struct ofpact_controller *a OVS_UNUSED,
+ const struct ofpact_check_params *cp OVS_UNUSED)
+{
+return 0;
+}
 
 /* Enqueue action. */
 struct ofp10_action_enqueue {
@@ -1090,6 +1113,18 @@ format_ENQUEUE(const struct ofpact_enqueue *a,
 ofputil_format_port(a->port, fp->port_map, fp->s);
 ds_put_format(fp->s, ":%"PRIu32, a->queue);
 }
+
+static enum ofperr
+check_ENQUEUE(const struct ofpact_enqueue *a,
+  const struct ofpact_check_params *cp)
+{
+if (ofp_to_u16(a->port) >= ofp_to_u16(cp->max_ports)
+&& a->port != OFPP_IN_PORT
+&& a->port != OFPP_LOCAL) {
+return OFPERR_OFPBAC_BAD_OUT_PORT;
+}
+return 0;
+}
 
 /* Action structure for NXAST_OUTPUT_REG.
  *
@@ -1243,6 +1278,13 @@ format_OUTPUT_REG(const struct ofpact_output_reg *a,
 ds_put_format(fp->s, "%soutput:%s", colors.special, colors.end);
 mf_format_subfield(>src, fp->s);
 }
+
+static enum ofperr
+check_OUTPUT_REG(const struct ofpact_output_reg *a,
+ const struct ofpact_check_params *cp)
+{
+return mf_check_src(>src, cp->match);
+}
 
 /* Action structure for NXAST_BUNDLE and NXAST_BUNDLE_LOAD.
  *
@@ -1461,6 +1503,13 @@ format_BUNDLE(const struct ofpact_bundle *a,
 {
  

Re: [ovs-dev] [PATCH v2 2/5] selinux: create a transition type for module loading

[Ansis Atteka]

On Fri, 4 May 2018 at 11:28, Aaron Conole  wrote:

> Defines a type 'openvswitch_load_module_t' used exclusively for loading
> modules.  This means that the 'openvswitch_t' domain won't require
> access to the module loading facility - such access can only happen
> after transitioning through the 'openvswitch_load_module_exec_t'
> transition context.

> A future commit will instruct the selinux policy on how to label the
> appropriate script with extended attributes to make use of this new
domain.

> Acked-By: Timothy Redaelli 
> Signed-off-by: Aaron Conole 
> ---
>   selinux/openvswitch-custom.te.in | 79
+---
>   1 file changed, 74 insertions(+), 5 deletions(-)

> diff --git a/selinux/openvswitch-custom.te.in b/selinux/
openvswitch-custom.te.in
> index db3cf6d8d..31e8fab15 100644
> --- a/selinux/openvswitch-custom.te.in
> +++ b/selinux/openvswitch-custom.te.in
> @@ -1,13 +1,31 @@
>   module openvswitch-custom 1.0.1;

>   require {
> +role system_r;
> +role object_r;
> +
>   type openvswitch_t;
>   type openvswitch_rw_t;
>   type openvswitch_tmp_t;
>   type openvswitch_var_run_t;

> +type bin_t;
>   type ifconfig_exec_t;
> +type init_t;
> +type init_var_run_t;
> +type insmod_exec_t;
>   type hostname_exec_t;
> +type modules_conf_t;
> +type modules_object_t;
> +type passwd_file_t;
> +type plymouth_exec_t;
> +type proc_t;
> +type shell_exec_t;
> +type sssd_t;
> +type sssd_public_t;
> +type sssd_var_lib_t;
> +type sysfs_t;
> +type systemd_unit_file_t;
>   type tun_tap_device_t;

>   @begin_dpdk@
> @@ -21,18 +39,36 @@ require {

>   class capability { dac_override audit_write };
>   class chr_file { write getattr read open ioctl };
> -class dir { write remove_name add_name lock read };
> -class file { write getattr read open execute execute_no_trans
create unlink };
> +class dir { write remove_name add_name lock read getattr search
open };
> +class fd { use };
> +class file { write getattr read open execute execute_no_trans
create unlink map entrypoint lock ioctl };
> +class fifo_file { getattr read write append ioctl lock open };
> +class filesystem getattr;
> +class lnk_file { read open };
>   class netlink_audit_socket { create nlmsg_relay audit_write read
write };
>   class netlink_socket { setopt getopt create connect getattr
write read };
> -class unix_stream_socket { write getattr read connectto connect
setopt getopt sendto accept bind recvfrom acceptfrom };
> +class sock_file { write };
> +class system module_load;
> +class process { sigchld signull transition noatsecure siginh
rlimitinh };
> +class unix_stream_socket { write getattr read connectto connect
setopt getopt sendto accept bind recvfrom acceptfrom ioctl };

>   @begin_dpdk@
> -class sock_file { read write append getattr open };
> +class sock_file { read append getattr open };
>   class tun_socket { relabelfrom relabelto create };
>   @end_dpdk@
>   }

> +#= Set up the transition domain =
> +type openvswitch_load_module_exec_t;
> +type openvswitch_load_module_t;
> +
> +domain_type(openvswitch_load_module_exec_t);
> +domain_type(openvswitch_load_module_t);
> +role object_r types openvswitch_load_module_exec_t;
> +role system_r types openvswitch_load_module_t;
> +domain_entry_file(openvswitch_load_module_t,
openvswitch_load_module_exec_t);
> +domtrans_pattern(openvswitch_t, openvswitch_load_module_exec_t,
openvswitch_load_module_t);
> +
>   #= openvswitch_t ==
>   allow openvswitch_t self:capability { dac_override audit_write };
>   allow openvswitch_t self:netlink_audit_socket { create nlmsg_relay
audit_write read write };
> @@ -41,10 +77,11 @@ allow openvswitch_t self:netlink_socket { setopt
getopt create connect getattr w
>   allow openvswitch_t hostname_exec_t:file { read getattr open execute
execute_no_trans };
>   allow openvswitch_t ifconfig_exec_t:file { read getattr open execute
execute_no_trans };

> -allow openvswitch_t openvswitch_rw_t:dir { write remove_name add_name
lock read };
> +allow openvswitch_t openvswitch_rw_t:dir { write remove_name add_name
lock read getattr open search };
>   allow openvswitch_t openvswitch_rw_t:file { write getattr read open
execute execute_no_trans create unlink };
>   allow openvswitch_t openvswitch_tmp_t:file { execute execute_no_trans };
>   allow openvswitch_t openvswitch_tmp_t:unix_stream_socket { write getattr
read connectto connect setopt getopt sendto accept bind recvfrom acceptfrom
};
> +allow openvswitch_t openvswitch_var_run_t:dir { getattr read open search
};
>   allow openvswitch_t 

Re: [ovs-dev] [PATCH v2 1/5] ovs-kmod-ctl: introduce a kernel module load script

[Ansis Atteka]

On Fri, 11 May 2018 at 07:21, Aaron Conole  wrote:

> Thanks for the review, Ansis!

> Ansis Atteka  writes:

> > On Fri, 4 May 2018 at 11:28, Aaron Conole  wrote:
> >
> >> Currently, Open vSwitch on linux embeds the logic of loading and
unloading
> >> kernel modules into the ovs-ctl and ovs-lib script files.  This works,
but
> >> it means that there is no way to leverage extended filesystem
attributes
> >> to grant fine grain permissions relating to module loading.
> >
> >> The split out utility 'ovs-kmod-ctl' will be used in an upcoming commit
> >> for RHEL-based distributions to have a separate transition domain that
> >> will allow module loading to be given to a separate selinux domain from
> >> the openvswitch_t domain.
> >
> > One thing I have been thinking about recently is how we could
containerize
> > Open vSwitch (not sure if that is even possible in feasible way).

> Seems it's the new hotness.  My understanding is if you want all the
> benefits of containerization, OvS still has some things to adapt.

> > The idea would be that there would be, for example, Ubuntu based
container
> > running OVS user space daemons installed from our deb packages. And the
> > "container host" would have Open vSwitch kernel module installed from
our
> > dkms or kmod rpm packages. (or vice versa).
> >
> > Such design, I think, inevitably would require sometihing like
ovs-kmod-ctl
> > utility distributed with the dkms or kmod kernel module package.

> Most likely - and the corresponding selinux policies applied, and
> probably will need to refactor 2/5 to use an interface definition
> instead of hard coding the openvswitch_t as the only allowed domain
> (unless you're thinking that ovs-ctl and an openvswitch labeled service
> will be installed in the host as well - in which case, it would likely
> be okay to keep as is).

> There's definitely some work there (but it sounds beneficial).  I
> haven't done too much thinking about it, though.

> > This is something that does not requre action w.r.t. your series, but I
> > would be interested to hear your opinion if you have thought how to make
> > that happen...

> I haven't thought too much about it, but maybe someone with more
> knowledge of containers and orchestration would have some ideas.  I'm
> interested in the purpose of containerizing the openvswitch suite (for
> instance, is it to gain some of the isolation/separation benefits?)

> >> Acked-By: Timothy Redaelli 
> >> Signed-off-by: Aaron Conole 
> >> ---
> >>   debian/openvswitch-switch.install  |   1 +
> >>   debian/openvswitch-switch.manpages |   1 +
> >>   rhel/openvswitch-fedora.spec.in|   2 +
> >>   rhel/openvswitch.spec.in   |   2 +
> >>   utilities/.gitignore   |   1 +
> >>   utilities/automake.mk  |   5 +
> >>   utilities/ovs-ctl.in   |  32 +-
> >>   utilities/ovs-kmod-ctl.8   | 109 ++
> >>   utilities/ovs-kmod-ctl.in  | 228
> > +
> >>   utilities/ovs-lib.in   |  12 +-
> >>   10 files changed, 356 insertions(+), 37 deletions(-)
> >>   create mode 100644 utilities/ovs-kmod-ctl.8
> >>   create mode 100644 utilities/ovs-kmod-ctl.in
> >
> >> diff --git a/debian/openvswitch-switch.install
> > b/debian/openvswitch-switch.install
> >> index bfb391fe8..6a6e9a543 100644
> >> --- a/debian/openvswitch-switch.install
> >> +++ b/debian/openvswitch-switch.install
> >> @@ -12,5 +12,6 @@ usr/sbin/ovs-vswitchd
> >>   usr/sbin/ovsdb-server
> >>   usr/share/openvswitch/scripts/ovs-check-dead-ifs
> >>   usr/share/openvswitch/scripts/ovs-ctl
> >> +usr/share/openvswitch/scripts/ovs-kmod-ctl
> >>   usr/share/openvswitch/scripts/ovs-save
> >>   usr/share/openvswitch/vswitch.ovsschema
> >> diff --git a/debian/openvswitch-switch.manpages
> > b/debian/openvswitch-switch.manpages
> >> index c85cbfd30..1161cfda7 100644
> >> --- a/debian/openvswitch-switch.manpages
> >> +++ b/debian/openvswitch-switch.manpages
> >> @@ -3,6 +3,7 @@ ovsdb/ovsdb-server.5
> >>   utilities/ovs-ctl.8
> >>   utilities/ovs-dpctl-top.8
> >>   utilities/ovs-dpctl.8
> >> +utilities/ovs-kmod-ctl.8
> >>   utilities/ovs-pcap.1
> >>   utilities/ovs-tcpdump.8
> >>   utilities/ovs-tcpundump.1
> >> diff --git a/rhel/openvswitch-fedora.spec.in b/rhel/
> > openvswitch-fedora.spec.in
> >> index 3e5cf21e0..bf4526de2 100644
> >> --- a/rhel/openvswitch-fedora.spec.in
> >> +++ b/rhel/openvswitch-fedora.spec.in
> >> @@ -545,6 +545,7 @@ fi
> >>   %{_datadir}/openvswitch/scripts/ovs-save
> >>   %{_datadir}/openvswitch/scripts/ovs-vtep
> >>   %{_datadir}/openvswitch/scripts/ovs-ctl
> >> +%{_datadir}/openvswitch/scripts/ovs-kmod-ctl
> >>   %{_datadir}/openvswitch/scripts/ovs-systemd-reload
> >>   %config %{_datadir}/openvswitch/vswitch.ovsschema
> >>   %config %{_datadir}/openvswitch/vtep.ovsschema
> >> @@ -578,6 +579,7 @@ fi
> >>   

[ovs-dev] [RFC] dpif-netdev: Free packets on TUNNEL_PUSH if may_steal.

[Ilya Maximets]

Unconditional return may cause packet leak in case of
'may_steal == true'.

Additionally, removed redundant checking for depth level and
clarified ignoring of the 'false' value of 'may_steal'.

CC: Sugesh Chandran 
Fixes: 7c12dfc527a5 ("tunneling: Avoid datapath-recirc by
  combining recirc actions at xlate.")
Signed-off-by: Ilya Maximets 
---
 lib/dpif-netdev.c | 26 +-
 1 file changed, 13 insertions(+), 13 deletions(-)

diff --git a/lib/dpif-netdev.c b/lib/dpif-netdev.c
index f86ed2a..3e9e627 100644
--- a/lib/dpif-netdev.c
+++ b/lib/dpif-netdev.c
@@ -5574,22 +5574,14 @@ push_tnl_action(const struct dp_netdev_pmd_thread *pmd,
 {
 struct tx_port *tun_port;
 const struct ovs_action_push_tnl *data;
-int err;
 
 data = nl_attr_get(attr);
 
 tun_port = pmd_tnl_port_cache_lookup(pmd, data->tnl_port);
 if (!tun_port) {
-err = -EINVAL;
-goto error;
-}
-err = netdev_push_header(tun_port->port->netdev, batch, data);
-if (!err) {
-return 0;
+return -EINVAL;
 }
-error:
-dp_packet_delete_batch(batch, true);
-return err;
+return netdev_push_header(tun_port->port->netdev, batch, data);
 }
 
 static void
@@ -5672,9 +5664,17 @@ dp_execute_cb(void *aux_, struct dp_packet_batch 
*packets_,
 break;
 
 case OVS_ACTION_ATTR_TUNNEL_PUSH:
-if (*depth < MAX_RECIRC_DEPTH) {
-dp_packet_batch_apply_cutlen(packets_);
-push_tnl_action(pmd, a, packets_);
+/*
+ * XXX: 'may_steal' concept is broken here, because we're
+ *  unconditionally changing the packets just like for other PUSH_*
+ *  actions in 'odp_execute()'. 'false' value could be ignored,
+ *  because we could reach here only after clone, but we still need
+ *  to free the packets in case 'may_steal == true'.
+ */
+dp_packet_batch_apply_cutlen(packets_);
+if (push_tnl_action(pmd, a, packets_) != 0) {
+/* Push failed. Drop the packets to prevent further processing. */
+dp_packet_delete_batch(packets_, true);
 return;
 }
 break;
-- 
2.7.4

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH v2] datapath: compat: Fix build on RHEL 7.5

[Lucas Alvares Gomes]

Great, thanks for the v2

On Fri, May 11, 2018 at 6:32 PM, Yi-Hung Wei  wrote:
> 1) OVS datapath compat modules breaks on RHEL 7.5, because it moves
> ndo_change_mtu function pointer from 'struct net_device_ops' to
> 'struct net_device_ops_extended'.
>
> 2) RHEL 7.5 introduces the MTU range checking as mentioned in
> 6c0bf091 ("datapath: use core MTU range checking in core net infra").
> However, the max_mtu field is defined in 'struct net_device_extended'
> but not in 'struct net_device' as upstream kernel.
>
> This patch defines a new symbol HAVE_RHEL7_MAX_MTU that determines
> the previous 2 conditions, and fixes the backport issue.
>
> Signed-off-by: Yi-Hung Wei 

Acked-by: Lucas Alvares Gomes 
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH v2 1/5] ovs-kmod-ctl: introduce a kernel module load script

[Ben Pfaff]

On Fri, May 11, 2018 at 01:29:09AM +, Ansis Atteka wrote:
> On Fri, 4 May 2018 at 11:28, Aaron Conole  wrote:
> 
> > Currently, Open vSwitch on linux embeds the logic of loading and unloading
> > kernel modules into the ovs-ctl and ovs-lib script files.  This works, but
> > it means that there is no way to leverage extended filesystem attributes
> > to grant fine grain permissions relating to module loading.
> 
> > The split out utility 'ovs-kmod-ctl' will be used in an upcoming commit
> > for RHEL-based distributions to have a separate transition domain that
> > will allow module loading to be given to a separate selinux domain from
> > the openvswitch_t domain.
> 
> One thing I have been thinking about recently is how we could containerize
> Open vSwitch (not sure if that is even possible in feasible way).
> 
> The idea would be that there would be, for example, Ubuntu based container
> running OVS user space daemons installed from our deb packages. And the
> "container host" would have Open vSwitch kernel module installed from our
> dkms or kmod rpm packages. (or vice versa).
> 
> Such design, I think, inevitably would require sometihing like ovs-kmod-ctl
> utility distributed with the dkms or kmod kernel module package.
> 
> This is something that does not requre action w.r.t. your series, but I
> would be interested to hear your opinion if you have thought how to make
> that happen...

I'd like to see this happen too.
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH] netdev-tc-offloads: Fix incorrect mask in probe_multi_mask_per_prio().

[Ben Pfaff]

On Fri, May 11, 2018 at 10:44:40AM -0700, Justin Pettit wrote:
> 
> > On May 11, 2018, at 9:10 AM, Ben Pfaff  wrote:
> > 
> > Presumably this was meant to be all-one-bits but it wasn't.  It also didn't
> > have the right endianness for an ovs_be16, so "sparse" complained.
> > 
> > CC: Paul Blakey 
> > CC: Simon Horman 
> > Fixes: d00eeded6a9b ("netdev-tc-offloads: Probe for allowing multiple masks 
> > on single priority")
> > Signed-off-by: Ben Pfaff 
> 
> Acked-by: Justin Pettit 

Thanks, applied to master.
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH] netdev-tc-offloads: Fix incorrect mask in probe_multi_mask_per_prio().

[Justin Pettit]

> On May 11, 2018, at 9:10 AM, Ben Pfaff  wrote:
> 
> Presumably this was meant to be all-one-bits but it wasn't.  It also didn't
> have the right endianness for an ovs_be16, so "sparse" complained.
> 
> CC: Paul Blakey 
> CC: Simon Horman 
> Fixes: d00eeded6a9b ("netdev-tc-offloads: Probe for allowing multiple masks 
> on single priority")
> Signed-off-by: Ben Pfaff 

Acked-by: Justin Pettit 

--Justin


___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH] rhel: Specify that force-corefiles is enabled by default

[Ben Pfaff]

On Fri, May 11, 2018 at 07:13:10PM +0200, Timothy Redaelli wrote:
> Currently in /etc/sysconfig/openvswitch it's not clear that
> force-corefiles is enabled by default.
> This patch adds a comment explaining that force-corefiles is, by
> default, set to yes.
> 
> Signed-off-by: Timothy Redaelli 

Applied to master, thanks!
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH] datapath: compat: Fix build on RHEL 7.5

[Yi-Hung Wei]

> On RHEL 7.5, internal_dev_change_mtu will not be used and the compiler
> will throw a warning about it:
>
>   CC [M]  /root/ovs/datapath/linux/vport-internal_dev.o
> /root/ovs/datapath/linux/vport-internal_dev.c:92:12: warning:
> ‘internal_dev_change_mtu’ defined but not used [-Wunused-function]
>  static int internal_dev_change_mtu(struct net_device *dev, int new_mtu)
>
> Can we have the same conditional [0] around that function definition
> to avoid such warning ?
>

Sure, I add that condition to avoid the warning in v2.
https://patchwork.ozlabs.org/patch/912095/

Thanks,

-Yi-Hung
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH v2] datapath: compat: Fix build on RHEL 7.5

[Yi-Hung Wei]

1) OVS datapath compat modules breaks on RHEL 7.5, because it moves
ndo_change_mtu function pointer from 'struct net_device_ops' to
'struct net_device_ops_extended'.

2) RHEL 7.5 introduces the MTU range checking as mentioned in
6c0bf091 ("datapath: use core MTU range checking in core net infra").
However, the max_mtu field is defined in 'struct net_device_extended'
but not in 'struct net_device' as upstream kernel.

This patch defines a new symbol HAVE_RHEL7_MAX_MTU that determines
the previous 2 conditions, and fixes the backport issue.

Signed-off-by: Yi-Hung Wei 
---
 acinclude.m4   | 2 ++
 datapath/linux/compat/geneve.c | 4 
 datapath/linux/compat/ip_gre.c | 4 
 datapath/linux/compat/lisp.c   | 4 
 datapath/linux/compat/stt.c| 4 
 datapath/linux/compat/vxlan.c  | 8 
 datapath/vport-internal_dev.c  | 4 ++--
 7 files changed, 28 insertions(+), 2 deletions(-)

diff --git a/acinclude.m4 b/acinclude.m4
index 60186d33de88..a2444af33c22 100644
--- a/acinclude.m4
+++ b/acinclude.m4
@@ -576,6 +576,8 @@ AC_DEFUN([OVS_CHECK_LINUX_COMPAT], [
 
   OVS_FIND_FIELD_IFELSE([$KSRC/include/linux/netdevice.h], [net_device],
 [max_mtu])
+  OVS_FIND_FIELD_IFELSE([$KSRC/include/linux/netdevice.h], 
[net_device_ops_extended],
+[ndo_change_mtu], [OVS_DEFINE([HAVE_RHEL7_MAX_MTU])])
 
   OVS_GREP_IFELSE([$KSRC/include/linux/netfilter.h], [nf_hook_state])
   OVS_GREP_IFELSE([$KSRC/include/linux/netfilter.h], [nf_register_net_hook])
diff --git a/datapath/linux/compat/geneve.c b/datapath/linux/compat/geneve.c
index c08dced3feaf..eacffb2c5b2a 100644
--- a/datapath/linux/compat/geneve.c
+++ b/datapath/linux/compat/geneve.c
@@ -1271,7 +1271,11 @@ static const struct net_device_ops geneve_netdev_ops = {
.ndo_stop   = geneve_stop,
.ndo_start_xmit = geneve_dev_xmit,
.ndo_get_stats64= ip_tunnel_get_stats64,
+#ifdef HAVE_RHEL7_MAX_MTU
+   .extended.ndo_change_mtu = geneve_change_mtu,
+#else
.ndo_change_mtu = geneve_change_mtu,
+#endif
.ndo_validate_addr  = eth_validate_addr,
.ndo_set_mac_address= eth_mac_addr,
 #ifdef HAVE_NDO_FILL_METADATA_DST
diff --git a/datapath/linux/compat/ip_gre.c b/datapath/linux/compat/ip_gre.c
index 4e325914d8be..2f297a548e30 100644
--- a/datapath/linux/compat/ip_gre.c
+++ b/datapath/linux/compat/ip_gre.c
@@ -491,7 +491,11 @@ static const struct net_device_ops gre_tap_netdev_ops = {
.ndo_start_xmit = gre_dev_xmit,
.ndo_set_mac_address= eth_mac_addr,
.ndo_validate_addr  = eth_validate_addr,
+#ifdef HAVE_RHEL7_MAX_MTU
+   .extended.ndo_change_mtu = ip_tunnel_change_mtu,
+#else
.ndo_change_mtu = ip_tunnel_change_mtu,
+#endif
 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,39)
.ndo_get_stats64= ip_tunnel_get_stats64,
 #endif
diff --git a/datapath/linux/compat/lisp.c b/datapath/linux/compat/lisp.c
index 34f82324a7ff..4882a636a33e 100644
--- a/datapath/linux/compat/lisp.c
+++ b/datapath/linux/compat/lisp.c
@@ -546,7 +546,11 @@ static const struct net_device_ops lisp_netdev_ops = {
.ndo_open   = lisp_open,
.ndo_stop   = lisp_stop,
.ndo_start_xmit = lisp_dev_xmit,
+#ifdef  HAVE_RHEL7_MAX_MTU
+   .extended.ndo_change_mtu = lisp_change_mtu,
+#else
.ndo_change_mtu = lisp_change_mtu,
+#endif
.ndo_validate_addr  = eth_validate_addr,
.ndo_set_mac_address= eth_mac_addr,
 #ifdef USE_UPSTREAM_TUNNEL
diff --git a/datapath/linux/compat/stt.c b/datapath/linux/compat/stt.c
index 2189476e176e..ee1c7aa0a78d 100644
--- a/datapath/linux/compat/stt.c
+++ b/datapath/linux/compat/stt.c
@@ -1857,7 +1857,11 @@ static const struct net_device_ops stt_netdev_ops = {
.ndo_stop   = stt_stop,
.ndo_start_xmit = stt_dev_xmit,
.ndo_get_stats64= ip_tunnel_get_stats64,
+#ifdef  HAVE_RHEL7_MAX_MTU
+   .extended.ndo_change_mtu = stt_change_mtu,
+#else
.ndo_change_mtu = stt_change_mtu,
+#endif
.ndo_validate_addr  = eth_validate_addr,
.ndo_set_mac_address= eth_mac_addr,
 #ifdef USE_UPSTREAM_TUNNEL
diff --git a/datapath/linux/compat/vxlan.c b/datapath/linux/compat/vxlan.c
index 54b953454bf4..40cb12b1329d 100644
--- a/datapath/linux/compat/vxlan.c
+++ b/datapath/linux/compat/vxlan.c
@@ -1481,7 +1481,11 @@ static const struct net_device_ops 
vxlan_netdev_ether_ops = {
.ndo_start_xmit = vxlan_dev_xmit,
.ndo_get_stats64= ip_tunnel_get_stats64,
.ndo_set_rx_mode= vxlan_set_multicast_list,
+#ifdef HAVE_RHEL7_MAX_MTU
+   .extended.ndo_change_mtu = vxlan_change_mtu,
+#else
.ndo_change_mtu = vxlan_change_mtu,
+#endif
.ndo_validate_addr  = eth_validate_addr,
.ndo_set_mac_address= eth_mac_addr,
 #ifdef 

[ovs-dev] [PATCH] rhel: Specify that force-corefiles is enabled by default

[Timothy Redaelli]

Currently in /etc/sysconfig/openvswitch it's not clear that
force-corefiles is enabled by default.
This patch adds a comment explaining that force-corefiles is, by
default, set to yes.

Signed-off-by: Timothy Redaelli 
---
 rhel/usr_share_openvswitch_scripts_systemd_sysconfig.template | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/rhel/usr_share_openvswitch_scripts_systemd_sysconfig.template 
b/rhel/usr_share_openvswitch_scripts_systemd_sysconfig.template
index fdaee00d5..936445402 100644
--- a/rhel/usr_share_openvswitch_scripts_systemd_sysconfig.template
+++ b/rhel/usr_share_openvswitch_scripts_systemd_sysconfig.template
@@ -1,6 +1,7 @@
 ### Configuration options for openvswitch
 #
-# Enable core files:
+# Enable core files.
+# This option should be set to "yes" or "no".  The default is "yes".
 # --force-corefiles=yes
 #
 # Set "nice" priority at which to run ovsdb-server:
-- 
2.17.0

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH] Avoid crash in OvS while transmitting fragmented packets over tunnel.

[Darrell Ball]

On Thu, May 10, 2018 at 11:35 PM, Rohith Basavaraja <
rohith.basavar...@ericsson.com> wrote:

> Hi Darell,
>
> I reproduce the issue by making VM to transmit fragmented packets and in
> OvS if we have corresponding rule
> to transmit the received fragmented packet (from VM) over tunnel then I
> always hit the crash.
>
>
Thanks Rohith

Unfortunately, I don't hit the assert.
I even tried again with the latest master with this change removed.
I used Geneve for the last test, but I am pretty sure I used Vxlan as well
for this kind of test b4, as I use it often as well.

Would you mind describing your test in more detail (packets and flows)?

Thanks Darrell





> Thanks
> Rohith
>
> On 11/05/18, 2:16 AM, "Darrell Ball"  wrote:
>
> Thanks Rohith
> I see this patch was applied, but I have one question inline.
>
>
> On 4/20/18, 1:48 AM, "ovs-dev-boun...@openvswitch.org on behalf of
> Rohith Basavaraja"  rohith.basavar...@ericsson.com> wrote:
>
> Currently when fragmented packets are to be transmitted in to
> tunnel,
> base_flow->nw_frag which was initially non-zero at reception is not
> reset to zero when the base_flow and flow are rewritten
> as part of the emulated tnl_push action in the ofproto-dpif-xlate
> module.
>
> Because of this when fragmented packets are transmitted out of
> tunnel,
> we hit crash caused by the following assert.
>
> lib/odp-util.c:5654: assertion flow->nw_proto ==
> base_flow->nw_proto &&
> flow->nw_frag == base_flow->nw_frag failed in
> commit_set_ipv4_action()
>
> Can you describe how you hit this assertion?
> I have some testing in and around this code, but have not hit this
> yet, so I was curious?
>
> With the following change propagate_tunnel_data_to_flow__
> is modified to reset *nw_frag* to zero.
>
>
> Also, that currently we don't
> fragment tunnelled packets, we should reset *nw_frag* to zero in
> propagate_tunnel_data_to_flow__.
>
> Signed-off-by: Jan Scheurich 
> From: Rohith Basavaraja 
> CC: Jan Scheurich 
>
> ---
>  ofproto/ofproto-dpif-xlate.c | 1 +
>  1 file changed, 1 insertion(+)
>
> diff --git a/ofproto/ofproto-dpif-xlate.c
> b/ofproto/ofproto-dpif-xlate.c
> index 94e3ddb..e9ed037 100644
> --- a/ofproto/ofproto-dpif-xlate.c
> +++ b/ofproto/ofproto-dpif-xlate.c
> @@ -3310,6 +3310,7 @@ propagate_tunnel_data_to_flow__(struct flow
> *dst_flow,
>  dst_flow->ipv6_dst = src_flow->tunnel.ipv6_dst;
>  dst_flow->ipv6_src = src_flow->tunnel.ipv6_src;
>
> +dst_flow->nw_frag = 0; /* Tunnel packets are unfragmented. */
>
>
>  dst_flow->nw_tos = src_flow->tunnel.ip_tos;
>  dst_flow->nw_ttl = src_flow->tunnel.ip_ttl;
>  dst_flow->tp_dst = src_flow->tunnel.tp_dst;
> --
> 1.9.1
>
>
>
>
> ___
> dev mailing list
> d...@openvswitch.org
> https://urldefense.proofpoint.com/v2/url?u=https-3A__mail.
> openvswitch.org_mailman_listinfo_ovs-2Ddev=DwICAg=
> uilaK90D4TOVoH58JNXRgQ=BVhFA09CGX7JQ5Ih-uZnsw=
> 6ZMZ7J9yNmX0ZQRMQyUfQ8fZrhemcMFiUqpnVD_jN9w=lYu98hfGnEvKr7YcK50fxDDY9-
> d0mA3W0yYtpSeeIQo=
>
>
>
>
>
>
> ___
> dev mailing list
> d...@openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-dev
>
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] Indicadores Clave para el Desempeño - En Línea

[Mejore los resultados de su empresa]

 
Cómo Diseñar y aplicar  
Indicadores Clave para el Desempeño
 Fecha: 18/Mayo/2018
 

Horario: 10:00 a 13:00 y 15:00 a 18:00 horas
 


"La Matriz de Indicadores para Resultados (MIR) se construye para alinear los 
objetivos de las Empresas. "



Un experto director académico aconseja:

Primero define los objetivos
Después evalúa cómo se cumplieron.
Define una fórmula: Comercial, financiera, de capital humano y de operación. 

Una buena correlación entre los indicadores genera buenos indicadores de 
desempeño y mejoran los procedimientos, lo que eleva el nivel de satisfacción 
de los clientes.

 
Responda este correo con el asunto Indicadores, con los siguientes datos:

Nombre: 
Correo: 
Teléfono: 

 
Si lo que usted desea dejar de recibir este tipo de mensajes responder este 
correo con el asunto BAJA
 


___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] Packet switching in OVS ! Please reply

[Shanthosh Krishna Moorthy]

Code structure is explained as part of https://youtu.be/0BAeFEVCVbQ

I would suggest enabling logging and map the code flow.

On Fri, May 11, 2018, 2:29 PM rakesh kumar  wrote:

> Dear Team,
>
> I need to modify the functionality of OVS  to test some scenarios using
> Network Emulator Core for my research I need to know the following things.
>
> 1. Which part of the code is dealing with Packet Switching and where these
> packets are structured in OVS ?
>
> 2. Any link or document which can  give some brief descriptions about the
> OVS Source code structure ?
>
>
> Regards
> Rakesh Kumar
> ___
> dev mailing list
> d...@openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-dev
>
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] OVS DPDK: dpdk_merge pull request for branch-2.7

[Ben Pfaff]

On Fri, May 11, 2018 at 11:58:10AM +, Stokes, Ian wrote:
> Hi Ben,
> 
> The following changes since commit f749357e624af52fb16a49ed41789db35293835b:
> 
>   compat: Fix upstream 4.4.119 kernel (2018-05-08 17:35:03 -0700)
> 
> are available in the git repository at:
> 
>   https://github.com/istokes/ovs dpdk_merge_2_7
> 
> for you to fetch changes up to cf668fb1c15b60198caefdc2ec416f8a3f56a366:
> 
>   Configurable Link State Change (LSC) detection mode (2018-05-11 10:53:23 
> +0100)

Thanks, merged to branch-2.7.
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] OVS DPDK: dpdk_merge pull request for branch-2.8

[Ben Pfaff]

On Fri, May 11, 2018 at 11:58:02AM +, Stokes, Ian wrote:
> Hi Ben,
> 
> The following changes since commit 1a75e02b1b5e3a9ca5a1fb904da17022c86e9084:
> 
>   Avoid crash in OvS while transmitting fragmented packets over tunnel. 
> (2018-05-09 15:02:02 -0700)
> 
> are available in the git repository at:
> 
>   https://github.com/istokes/ovs dpdk_merge_2_8
> 
> for you to fetch changes up to d24e0ab81ce6d9761c57588bb1b33690f2c17622:
> 
>   Configurable Link State Change (LSC) detection mode (2018-05-11 10:11:20 
> +0100)

Thanks, merged to branch-2.8.
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] OVS DPDK: dpdk_merge pull request for branch-2.9

[Ben Pfaff]

On Fri, May 11, 2018 at 11:57:48AM +, Stokes, Ian wrote:
> Hi Ben,
> 
> The following changes since commit 3462a4ec4c28d0126d08955c3328712ea1ce6275:
> 
>   ofproto: Fix crash processing malformed Bundle Add message. (2018-05-10 
> 16:45:46 -0700)
> 
> are available in the git repository at:
> 
>   https://github.com/istokes/ovs dpdk_merge_2_9
> 
> for you to fetch changes up to 00e56c53251c68d76d8ef94d334ae4c7bcb55a02:
> 
>   netdev-dpdk: Fixed netdev_dpdk structure alignment (2018-05-11 08:10:02 
> +0100)

Thanks, merged to branch-2.9.
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] OVS DPDK: dpdk_merge pull request for master

[Ben Pfaff]

On Fri, May 11, 2018 at 11:57:30AM +, Stokes, Ian wrote:
> Hi Ben,
> 
> The following changes since commit d87e08978fc3b522acb4ecb21cffb5c2108b3b33:
> 
>   ovn-nbctl: Support ACL commands on port groups. (2018-05-10 16:53:22 -0700)
> 
> are available in the git repository at:
> 
>   https://github.com/istokes/ovs dpdk_merge
> 
> for you to fetch changes up to eaa4358119e627171f1b16ce932a1a34f6ab1eb9:
> 
>   netdev-dpdk: Fixed netdev_dpdk structure alignment (2018-05-11 08:08:24 
> +0100)

Thanks, merged to master.
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH] netdev-tc-offloads: Fix incorrect mask in probe_multi_mask_per_prio().

[Ben Pfaff]

Presumably this was meant to be all-one-bits but it wasn't.  It also didn't
have the right endianness for an ovs_be16, so "sparse" complained.

CC: Paul Blakey 
CC: Simon Horman 
Fixes: d00eeded6a9b ("netdev-tc-offloads: Probe for allowing multiple masks on 
single priority")
Signed-off-by: Ben Pfaff 
---
 lib/netdev-tc-offloads.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/netdev-tc-offloads.c b/lib/netdev-tc-offloads.c
index 7bac62ac3a7d..69d6533e4b33 100644
--- a/lib/netdev-tc-offloads.c
+++ b/lib/netdev-tc-offloads.c
@@ -1213,7 +1213,7 @@ probe_multi_mask_per_prio(int ifindex)
 memset(, 0, sizeof flower);
 
 flower.key.eth_type = htons(ETH_P_IP);
-flower.mask.eth_type = 0xfff;
+flower.mask.eth_type = OVS_BE16_MAX;
 memset(_mac, 0x11, sizeof flower.key.dst_mac);
 memset(_mac, 0xff, sizeof flower.mask.dst_mac);
 
-- 
2.16.1

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] IDE for OVS ?

[Ben Pfaff]

On Fri, May 11, 2018 at 02:45:33PM +0530, rakesh kumar wrote:
> What is the IDE or framework used in Linux environment for the OVS
> Develpment ?

Most of my team uses Emacs or vim.

> Can we debug the OVS if used as SDN Service in Core Emulator or any other
> network emulator .

I don't know.
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH] netdev-tc-offloads: Probe for allowing multiple masks on single priority

[Simon Horman]

On Sun, May 06, 2018 at 03:26:35PM +0300, Paul Blakey wrote:
> OVS datapath flows aren't overlapping, so having their tc flower
> counterparts be prioritized makes no sense, we did so because of a
> tc flower restriction.
> 
> Kernel tc flower added support for multiple masks on a single flower
> instance (there's an instance per priority) to remove this restriction.
> Probe for this once on first added port, and if available, use a
> single priority per ethertype when inserting tc flower flows.
> 
> Signed-off-by: Paul Blakey 
> Reviewed-by: Roi Dayan 

Thanks Paul, applied to master.
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH v2 1/5] ovs-kmod-ctl: introduce a kernel module load script

[Aaron Conole]

Thanks for the review, Ansis!

Ansis Atteka  writes:

> On Fri, 4 May 2018 at 11:28, Aaron Conole  wrote:
>
>> Currently, Open vSwitch on linux embeds the logic of loading and unloading
>> kernel modules into the ovs-ctl and ovs-lib script files.  This works, but
>> it means that there is no way to leverage extended filesystem attributes
>> to grant fine grain permissions relating to module loading.
>
>> The split out utility 'ovs-kmod-ctl' will be used in an upcoming commit
>> for RHEL-based distributions to have a separate transition domain that
>> will allow module loading to be given to a separate selinux domain from
>> the openvswitch_t domain.
>
> One thing I have been thinking about recently is how we could containerize
> Open vSwitch (not sure if that is even possible in feasible way).

Seems it's the new hotness.  My understanding is if you want all the
benefits of containerization, OvS still has some things to adapt.

> The idea would be that there would be, for example, Ubuntu based container
> running OVS user space daemons installed from our deb packages. And the
> "container host" would have Open vSwitch kernel module installed from our
> dkms or kmod rpm packages. (or vice versa).
>
> Such design, I think, inevitably would require sometihing like ovs-kmod-ctl
> utility distributed with the dkms or kmod kernel module package.

Most likely - and the corresponding selinux policies applied, and
probably will need to refactor 2/5 to use an interface definition
instead of hard coding the openvswitch_t as the only allowed domain
(unless you're thinking that ovs-ctl and an openvswitch labeled service
will be installed in the host as well - in which case, it would likely
be okay to keep as is).

There's definitely some work there (but it sounds beneficial).  I
haven't done too much thinking about it, though.

> This is something that does not requre action w.r.t. your series, but I
> would be interested to hear your opinion if you have thought how to make
> that happen...

I haven't thought too much about it, but maybe someone with more
knowledge of containers and orchestration would have some ideas.  I'm
interested in the purpose of containerizing the openvswitch suite (for
instance, is it to gain some of the isolation/separation benefits?)

>> Acked-By: Timothy Redaelli 
>> Signed-off-by: Aaron Conole 
>> ---
>>   debian/openvswitch-switch.install  |   1 +
>>   debian/openvswitch-switch.manpages |   1 +
>>   rhel/openvswitch-fedora.spec.in|   2 +
>>   rhel/openvswitch.spec.in   |   2 +
>>   utilities/.gitignore   |   1 +
>>   utilities/automake.mk  |   5 +
>>   utilities/ovs-ctl.in   |  32 +-
>>   utilities/ovs-kmod-ctl.8   | 109 ++
>>   utilities/ovs-kmod-ctl.in  | 228
> +
>>   utilities/ovs-lib.in   |  12 +-
>>   10 files changed, 356 insertions(+), 37 deletions(-)
>>   create mode 100644 utilities/ovs-kmod-ctl.8
>>   create mode 100644 utilities/ovs-kmod-ctl.in
>
>> diff --git a/debian/openvswitch-switch.install
> b/debian/openvswitch-switch.install
>> index bfb391fe8..6a6e9a543 100644
>> --- a/debian/openvswitch-switch.install
>> +++ b/debian/openvswitch-switch.install
>> @@ -12,5 +12,6 @@ usr/sbin/ovs-vswitchd
>>   usr/sbin/ovsdb-server
>>   usr/share/openvswitch/scripts/ovs-check-dead-ifs
>>   usr/share/openvswitch/scripts/ovs-ctl
>> +usr/share/openvswitch/scripts/ovs-kmod-ctl
>>   usr/share/openvswitch/scripts/ovs-save
>>   usr/share/openvswitch/vswitch.ovsschema
>> diff --git a/debian/openvswitch-switch.manpages
> b/debian/openvswitch-switch.manpages
>> index c85cbfd30..1161cfda7 100644
>> --- a/debian/openvswitch-switch.manpages
>> +++ b/debian/openvswitch-switch.manpages
>> @@ -3,6 +3,7 @@ ovsdb/ovsdb-server.5
>>   utilities/ovs-ctl.8
>>   utilities/ovs-dpctl-top.8
>>   utilities/ovs-dpctl.8
>> +utilities/ovs-kmod-ctl.8
>>   utilities/ovs-pcap.1
>>   utilities/ovs-tcpdump.8
>>   utilities/ovs-tcpundump.1
>> diff --git a/rhel/openvswitch-fedora.spec.in b/rhel/
> openvswitch-fedora.spec.in
>> index 3e5cf21e0..bf4526de2 100644
>> --- a/rhel/openvswitch-fedora.spec.in
>> +++ b/rhel/openvswitch-fedora.spec.in
>> @@ -545,6 +545,7 @@ fi
>>   %{_datadir}/openvswitch/scripts/ovs-save
>>   %{_datadir}/openvswitch/scripts/ovs-vtep
>>   %{_datadir}/openvswitch/scripts/ovs-ctl
>> +%{_datadir}/openvswitch/scripts/ovs-kmod-ctl
>>   %{_datadir}/openvswitch/scripts/ovs-systemd-reload
>>   %config %{_datadir}/openvswitch/vswitch.ovsschema
>>   %config %{_datadir}/openvswitch/vtep.ovsschema
>> @@ -578,6 +579,7 @@ fi
>>   %{_mandir}/man8/ovs-ctl.8*
>>   %{_mandir}/man8/ovs-dpctl.8*
>>   %{_mandir}/man8/ovs-dpctl-top.8*
>> +%{_mandir}/man8/ovs-kmod-ctl.8*
>>   %{_mandir}/man8/ovs-ofctl.8*
>>   %{_mandir}/man8/ovs-pki.8*
>>   %{_mandir}/man8/ovs-vsctl.8*
>> diff --git a/rhel/openvswitch.spec.in 

Re: [ovs-dev] [PATCH] doc: Final cleanup of the DPDK documents

[Stokes, Ian]

> On Thu, 2018-05-10 at 19:05 +, Stokes, Ian wrote:
> > > This concludes the cleanup by fixing some nits and adding some
> > > additional cross-references.
> > >
> > > Signed-off-by: Stephen Finucane 
> > > ---
> > > This was initially sent as part of a larger series but excluded from
> > > a recent merge due to label issues. I wasn't able to reproduce these
> > > so I'm resending verbatim.
> >
> > Hi Stephen,
> >
> > Thanks for this. Bit of a strange one. I'm still seeing the complaint
> > regarding the duplication of labels on my own system
> >
> > Warning, treated as error:
> > ovs/Documentation/topics/dpdk/index.rst:None: WARNING: duplicate label
> > bridges and ports, other instance in ovs/Documentation/howto/dpdk.rst
> >
> > This could be specific to my board as you couldn't re-produce, however
> running the patch through travis build throws up a separate error on
> compilation regarding the use of caption in toctree.
> >
> > Warning, treated as error:
> > Documentation/topics/dpdk/index.rst:1: ERROR: Error in "toctree"
> directive:
> > unknown option: "caption".
> > .. toctree::
> >:maxdepth: 2
> >:caption: Bridges and Ports
> >/topics/dpdk/bridge
> >/topics/dpdk/phy
> >/topics/dpdk/vhost-user
> >/topics/dpdk/ring
> >/topics/dpdk/vdev
> >
> > For completeness the link to the travis build is included below.
> >
> > https://travis-ci.org/istokes/ovs/jobs/377412427
> 
> Yeah, looks like this is using Sphinx 1.2.2 and the 'caption' directive
> was added in Sphinx 1.3 [1]. I'm guessing there's a reason that we're
> using such an old version?

Not sure tbh, is there a hard requirement in the docs related to sphinx 
versions? I didn’t spot any.

> 
> > I wondering is this related to different sphinx versions across the test
> systems.
> >
> > I'll investigate the error that appears on my board if you can look at
> the travis error above.
> 
> What versions of Sphinx are you using locally? I'll see if I can reproduce
> said issue myself too (or at least make sense of it).
> 

I'm using v1.4.8.

Ian

> Stephen
> 
> [1] http://www.sphinx-doc.org/en/master/usage/restructuredtext/directiv
> es.html#directive-toctree
> 
> > Thanks
> > Ian
> > > ---
> > >  Documentation/howto/dpdk.rst| 51 
> 
> > > -
> > >  Documentation/topics/dpdk/index.rst |  6 +
> > >  2 files changed, 28 insertions(+), 29 deletions(-)
> > >
> > > diff --git a/Documentation/howto/dpdk.rst
> > > b/Documentation/howto/dpdk.rst index 380181db0..6344f1cb0 100644
> > > --- a/Documentation/howto/dpdk.rst
> > > +++ b/Documentation/howto/dpdk.rst
> > > @@ -25,23 +25,26 @@
> > >  Using Open vSwitch with DPDK
> > >  
> > >
> > > -This document describes how to use Open vSwitch with DPDK datapath.
> > > +This document describes how to use Open vSwitch with DPDK datapath.
> > > +For more detailed information, refer to the various :doc:`DPDK
> > > +topic guides `.
> > >
> > >  .. important::
> > >
> > > Using the DPDK datapath requires building OVS with DPDK support.
> > > Refer to
> > > :doc:`/intro/install/dpdk` for more information.
> > >
> > > -Ports and Bridges
> > > --
> > > +Overview
> > > +
> > >
> > > -ovs-vsctl can be used to set up bridges and other Open vSwitch
> features.
> > > -Bridges should be created with a ``datapath_type=netdev``::
> > > +:program:`ovs-vsctl` can be used to set up bridges and other Open
> > > +vSwitch features.  Bridges should be created with a
> > > ``datapath_type=netdev``::
> > >
> > >  $ ovs-vsctl add-br br0 -- set bridge br0 datapath_type=netdev
> > >
> > > -ovs-vsctl can also be used to add DPDK devices. ovs-vswitchd should
> > > print the -number of dpdk devices found in the log file::
> > > +:program:`ovs-vsctl` can also be used to add DPDK devices.
> > > +:program:`ovs-vswitchd` should print the number of ``dpdk`` devices
> > > +found in the log file::
> > >
> > >  $ ovs-vsctl add-port br0 dpdk-p0 -- set Interface dpdk-p0
> type=dpdk \
> > >  options:dpdk-devargs=:01:00.0 @@ -59,14 +62,13 @@ is
> > > suggested::
> > >
> > >  .. important::
> > >
> > > -Hotplugging physical interfaces is not supported using the above
> > > syntax.
> > > -This is expected to change with the release of DPDK v18.05. For
> > > information
> > > -on hotplugging physical interfaces, you should instead refer to
> > > -:ref:`port-hotplug`.
> > > +Hotplugging physical interfaces is not supported for these
> devices.
> > > This
> > > +is expected to change with the release of DPDK v18.05. For
> > > information on
> > > +hotplugging physical interfaces, refer to :ref:`port-hotplug`.
> > >
> > >  After the DPDK ports get added to switch, a polling thread
> > > continuously polls -DPDK devices and consumes 100% of the core, as
> > > can be checked from ``top`` and -``ps`` commands::
> > > +DPDK devices and consumes 100% of the core, as 

[ovs-dev] OVS DPDK: dpdk_merge pull request for branch-2.7

[Stokes, Ian]

Hi Ben,

The following changes since commit f749357e624af52fb16a49ed41789db35293835b:

  compat: Fix upstream 4.4.119 kernel (2018-05-08 17:35:03 -0700)

are available in the git repository at:

  https://github.com/istokes/ovs dpdk_merge_2_7

for you to fetch changes up to cf668fb1c15b60198caefdc2ec416f8a3f56a366:

  Configurable Link State Change (LSC) detection mode (2018-05-11 10:53:23 
+0100)


Ian Stokes (1):
  faq: Document DPDK version maintenance.

Kevin Traynor (1):
  dpdk: Use DPDK 16.11.6 release.

Róbert Mulik (1):
  Configurable Link State Change (LSC) detection mode

 .travis/linux-build.sh   |  2 +-
 Documentation/faq/releases.rst   | 18 +-
 Documentation/intro/install/dpdk.rst | 30 +++---
 Documentation/topics/dpdk/vhost-user.rst |  6 +++---
 lib/netdev-dpdk.c| 36 
+++-
 vswitchd/vswitch.xml | 17 +
 6 files changed, 96 insertions(+), 13 deletions(-)

Thanks
Ian
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] OVS DPDK: dpdk_merge pull request for branch-2.8

[Stokes, Ian]

Hi Ben,

The following changes since commit 1a75e02b1b5e3a9ca5a1fb904da17022c86e9084:

  Avoid crash in OvS while transmitting fragmented packets over tunnel. 
(2018-05-09 15:02:02 -0700)

are available in the git repository at:

  https://github.com/istokes/ovs dpdk_merge_2_8

for you to fetch changes up to d24e0ab81ce6d9761c57588bb1b33690f2c17622:

  Configurable Link State Change (LSC) detection mode (2018-05-11 10:11:20 
+0100)


Kevin Traynor (1):
  faq: Document DPDK version maintenance.

Pablo Cascón (1):
  netdev-dpdk: don't enable scatter for jumbo RX support for nfp

Róbert Mulik (1):
  Configurable Link State Change (LSC) detection mode

 Documentation/faq/releases.rst   | 16 
 Documentation/intro/install/dpdk.rst | 24 
 lib/netdev-dpdk.c| 46 
++
 vswitchd/vswitch.xml | 17 +
 4 files changed, 95 insertions(+), 8 deletions(-)

Thanks
Ian
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] OVS DPDK: dpdk_merge pull request for branch-2.9

[Stokes, Ian]

Hi Ben,

The following changes since commit 3462a4ec4c28d0126d08955c3328712ea1ce6275:

  ofproto: Fix crash processing malformed Bundle Add message. (2018-05-10 
16:45:46 -0700)

are available in the git repository at:

  https://github.com/istokes/ovs dpdk_merge_2_9

for you to fetch changes up to 00e56c53251c68d76d8ef94d334ae4c7bcb55a02:

  netdev-dpdk: Fixed netdev_dpdk structure alignment (2018-05-11 08:10:02 +0100)


Eelco Chaudron (1):
  netdev-dpdk: Fixed netdev_dpdk structure alignment

Kevin Traynor (2):
  dpdk: Use DPDK 17.11.2 release.
  faq: Document DPDK version maintenance.

Pablo Cascón (1):
  netdev-dpdk: don't enable scatter for jumbo RX support for nfp

Róbert Mulik (1):
  Configurable Link State Change (LSC) detection mode

 .travis/linux-build.sh   |  2 +-
 Documentation/faq/releases.rst   | 20 ++--
 Documentation/intro/install/dpdk.rst | 32 
 Documentation/topics/dpdk/vhost-user.rst |  6 +++---
 lib/netdev-dpdk.c| 49 
+++--
 vswitchd/vswitch.xml | 17 +
 6 files changed, 106 insertions(+), 20 deletions(-)

Thanks
Ian
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] OVS DPDK: dpdk_merge pull request for master

[Stokes, Ian]

Hi Ben,

The following changes since commit d87e08978fc3b522acb4ecb21cffb5c2108b3b33:

  ovn-nbctl: Support ACL commands on port groups. (2018-05-10 16:53:22 -0700)

are available in the git repository at:

  https://github.com/istokes/ovs dpdk_merge

for you to fetch changes up to eaa4358119e627171f1b16ce932a1a34f6ab1eb9:

  netdev-dpdk: Fixed netdev_dpdk structure alignment (2018-05-11 08:08:24 +0100)


Eelco Chaudron (1):
  netdev-dpdk: Fixed netdev_dpdk structure alignment

Jan Scheurich (3):
  netdev: Add optional qfill output parameter to rxq_recv()
  dpif-netdev: Detailed performance stats for PMDs
  dpif-netdev: Detection and logging of suspicious PMD iterations

Kevin Traynor (2):
  dpdk: Use DPDK 17.11.2 release.
  faq: Document DPDK version maintenance.

Pablo Cascón (1):
  netdev-dpdk: don't enable scatter for jumbo RX support for nfp

Róbert Mulik (1):
  Configurable Link State Change (LSC) detection mode

Tiago Lam (2):
  gitignore: Ignore system-dpdk-testsuite
  dpdk-testsuite: Filter 1G HugePages WARN log.

 .travis/linux-build.sh   |   2 +-
 Documentation/faq/releases.rst   |  20 +-
 Documentation/intro/install/dpdk.rst |   8 +--
 Documentation/topics/dpdk/phy.rst|  24 +++
 Documentation/topics/dpdk/vhost-user.rst |   6 +-
 NEWS |   7 ++
 lib/automake.mk  |   1 +
 lib/dpif-netdev-perf.c   | 686 
+++-
 lib/dpif-netdev-perf.h   | 218 
+---
 lib/dpif-netdev-unixctl.man  | 216 
+++
 lib/dpif-netdev.c| 192 
+
 lib/netdev-bsd.c |   8 ++-
 lib/netdev-dpdk.c|  90 -
 lib/netdev-dummy.c   |   8 ++-
 lib/netdev-linux.c   |   7 +-
 lib/netdev-provider.h|   8 ++-
 lib/netdev.c |   5 +-
 lib/netdev.h |   3 +-
 manpages.mk  |   2 +
 tests/.gitignore |   1 +
 tests/system-dpdk.at |  12 +++-
 vswitchd/ovs-vswitchd.8.in   |  27 +---
 vswitchd/vswitch.xml |  29 
 23 files changed, 1481 insertions(+), 99 deletions(-)
 create mode 100644 lib/dpif-netdev-unixctl.man

Thanks
Ian
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH] compat: Fix for soft lockup issue with vxlan misconfiguration

[Neelakantam Gaddam]

This patch fixes the kernel soft lockup issue with vxlan configuration where
the tunneled packet is sent on the same bridge where vxlan port is attached
to.
It detects the loop in vxlan xmit function and drops if loop is detected.


--- a/datapath/linux/compat/vxlan.c
+++ b/datapath/linux/compat/vxlan.c
@@ -1115,7 +1115,8 @@ static void vxlan_xmit_one(struct sk_buff *skb,
struct net_device *dev,
goto tx_error;
}

-   if (rt->dst.dev == dev) {
+   if ((rt->dst.dev == dev) ||
+   (OVS_CB(skb)->input_vport->dev == rt->dst.dev)) {
netdev_dbg(dev, "circular route to %pI4\n",
   >sin.sin_addr.s_addr);
dev->stats.collisions++;
@@ -1174,7 +1175,8 @@ static void vxlan_xmit_one(struct sk_buff *skb,
struct net_device *dev,
goto tx_error;
}

-   if (ndst->dev == dev) {
+   if ((ndst->dev == dev) ||
+   (OVS_CB(skb)->input_vport->dev == ndst->dev)) {
netdev_dbg(dev, "circular route to %pI6\n",
   >sin6.sin6_addr);
dst_release(ndst);




-- 
Thanks & Regards
Neelakantam Gaddam
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH v3] ovn: Set proper Neighbour Adv flag when replying for NS request for router IP

[Numan Siddique]

On Fri, May 11, 2018 at 5:08 AM, Ben Pfaff  wrote:

> On Thu, May 10, 2018 at 11:18:23PM +0530, nusid...@redhat.com wrote:
> > From: Numan Siddique 
> >
> > Presently when a VM's IPv6 stack sends a Neighbor Solicitation request
> for its
> > router IP, (mostly when the ND cache entry for the router is in STALE
> state)
> > ovn-controller responds with a Neighbor Adv packet (using the action
> nd_na).
> > But it doesn't set 'ND_RSO_ROUTER' in the RSO flags (please see RFC4861
> page 23).
> > Because of which, the VM deletes the default route. The default route
> gets added
> > again when the next RA is received (but would again gets deleted if its
> sends
> > NS request). And this results in disruption of IPv6 traffic.
> >
> > This patch addresses this issue by adding a new action 'nd_na_router'
> which is
> > same as 'nd_na' but it sets the 'ND_RSO_ROUTER' in the RSO flags.
> ovn-northd
> > uses this action. A new action is added instead of modifying the
> existing 'nd_na'
> > action. This is because
> >   - We cannot set the RSO flags in the "nd_na { ..actions .. }"
> >   - It would be ugly to have something like nd_na { router_flags,
> ...actions .. }
> >
> > Reported-at: https://bugzilla.redhat.com/show_bug.cgi?id=1567735
> > Signed-off-by: Numan Siddique 
> > Acked-by: Mark Michelson 
>
> Please document the new action in ovn/ovn-sb.xml.
>
> Otherwise this looks good to me, thank you!
>

Thanks for the review Ben. I have updated the patch. Request to apply this
patch to branch 2.9 as well.

Thanks
Numan
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH v4] ovn: Set proper Neighbour Adv flag when replying for NS request for router IP

[nusiddiq]

From: Numan Siddique 

Presently when a VM's IPv6 stack sends a Neighbor Solicitation request for its
router IP, (mostly when the ND cache entry for the router is in STALE state)
ovn-controller responds with a Neighbor Adv packet (using the action nd_na).
But it doesn't set 'ND_RSO_ROUTER' in the RSO flags (please see RFC4861 page 
23).
Because of which, the VM deletes the default route. The default route gets added
again when the next RA is received (but would again gets deleted if its sends
NS request). And this results in disruption of IPv6 traffic.

This patch addresses this issue by adding a new action 'nd_na_router' which is
same as 'nd_na' but it sets the 'ND_RSO_ROUTER' in the RSO flags. ovn-northd
uses this action. A new action is added instead of modifying the existing 
'nd_na'
action. This is because
  - We cannot set the RSO flags in the "nd_na { ..actions .. }"
  - It would be ugly to have something like nd_na { router_flags, ...actions .. 
}

Reported-at: https://bugzilla.redhat.com/show_bug.cgi?id=1567735
Signed-off-by: Numan Siddique 
Acked-by: Mark Michelson 
---

v3 -> v4
---
Added the required documentation in ovn-sb.xml/ovn-northd.8.xml

v2 -> v3
---
Updated the commit subject

v1 -> v2
---
Updated the commit message with the RFC info.

 include/ovn/actions.h   |  7 +++
 ovn/controller/pinctrl.c| 23 +
 ovn/lib/actions.c   | 22 
 ovn/northd/ovn-northd.8.xml | 34 ++
 ovn/northd/ovn-northd.c |  2 +-
 ovn/ovn-sb.xml  | 41 +
 ovn/utilities/ovn-trace.c   |  1 +
 tests/ovn.at|  5 +
 8 files changed, 122 insertions(+), 13 deletions(-)

diff --git a/include/ovn/actions.h b/include/ovn/actions.h
index fb8f51509..638465193 100644
--- a/include/ovn/actions.h
+++ b/include/ovn/actions.h
@@ -68,6 +68,7 @@ struct ovn_extend_table;
 OVNACT(ICMP6, ovnact_nest)\
 OVNACT(TCP_RESET, ovnact_nest)\
 OVNACT(ND_NA, ovnact_nest)\
+OVNACT(ND_NA_ROUTER,  ovnact_nest)\
 OVNACT(GET_ARP,   ovnact_get_mac_bind)\
 OVNACT(PUT_ARP,   ovnact_put_mac_bind)\
 OVNACT(GET_ND,ovnact_get_mac_bind)\
@@ -444,6 +445,12 @@ enum action_opcode {
  * The actions, in OpenFlow 1.3 format, follow the action_header.
  */
 ACTION_OPCODE_TCP_RESET,
+
+/* "nd_na_router { ...actions... }" with rso flag 'ND_RSO_ROUTER' set.
+*
+* The actions, in OpenFlow 1.3 format, follow the action_header.
+*/
+ACTION_OPCODE_ND_NA_ROUTER,
 };
 
 /* Header. */
diff --git a/ovn/controller/pinctrl.c b/ovn/controller/pinctrl.c
index 6e6aa1caa..305f20649 100644
--- a/ovn/controller/pinctrl.c
+++ b/ovn/controller/pinctrl.c
@@ -81,7 +81,8 @@ static void send_garp_run(struct controller_ctx *ctx,
   struct sset *active_tunnels);
 static void pinctrl_handle_nd_na(const struct flow *ip_flow,
  const struct match *md,
- struct ofpbuf *userdata);
+ struct ofpbuf *userdata,
+ bool is_router);
 static void reload_metadata(struct ofpbuf *ofpacts,
 const struct match *md);
 static void pinctrl_handle_put_nd_ra_opts(
@@ -1154,7 +1155,11 @@ process_packet_in(const struct ofp_header *msg, struct 
controller_ctx *ctx)
 break;
 
 case ACTION_OPCODE_ND_NA:
-pinctrl_handle_nd_na(, _metadata, );
+pinctrl_handle_nd_na(, _metadata, , false);
+break;
+
+case ACTION_OPCODE_ND_NA_ROUTER:
+pinctrl_handle_nd_na(, _metadata, , true);
 break;
 
 case ACTION_OPCODE_PUT_ND:
@@ -2308,7 +2313,7 @@ reload_metadata(struct ofpbuf *ofpacts, const struct 
match *md)
 
 static void
 pinctrl_handle_nd_na(const struct flow *ip_flow, const struct match *md,
- struct ofpbuf *userdata)
+ struct ofpbuf *userdata, bool is_router)
 {
 /* This action only works for IPv6 ND packets, and the switch should only
  * send us ND packets this way, but check here just to be sure. */
@@ -2322,13 +2327,15 @@ pinctrl_handle_nd_na(const struct flow *ip_flow, const 
struct match *md,
 struct dp_packet packet;
 dp_packet_use_stub(, packet_stub, sizeof packet_stub);
 
-/* xxx These flags are not exactly correct.  Look at section 7.2.4
- * xxx of RFC 4861.  For example, we need to set ND_RSO_ROUTER for
- * xxx router's interfaces and ND_RSO_SOLICITED only if it was
- * xxx requested. */
+/* These flags are not exactly correct.  Look at section 7.2.4
+ * of RFC 4861. */
+uint32_t rso_flags = ND_RSO_SOLICITED | ND_RSO_OVERRIDE;
+if (is_router) {
+rso_flags |= ND_RSO_ROUTER;

Re: [ovs-dev] [PATCH v3] Upcall/Slowpath rate limiter for OVS

[Manohar Krishnappa Chidambaraswamy]

Jan,

Thanx for your comments. Please see inline. I will send v4 patch with your 
comments addressed.

Thanx
Manu

On 09/05/18, 5:26 AM, "Jan Scheurich"  wrote:

Hi Manu,

Thanks for working on this. Two general comments:

1. Is there a chance to add unit test cases for this feature? I know it 
might be difficult due to the real-time character, but perhaps using very low 
parameter values?

[manu] I looked at it but felt it won't be needed as its rate based and not 
that much useful.

2. I believe the number RL-dropped packets must be accounted for in 
function dpif_netdev_get_stats() as stats->n_missed, otherwise the overall 
number of reported packets may not match the total number of packets processed.

[manu] Thanx. Will fix it.

Other comments in-line.

Regards, Jan

> From: Manohar Krishnappa Chidambaraswamy
> Sent: Monday, 07 May, 2018 12:45
> 
> Hi
> 
> Rebased to master and adapted to the new dpif-netdev-perf counters.
> As explained in v2 thread, OFPM_SLOWPATH meters cannot be used as is
> for rate-limiting upcalls, hence reverted back to the simpler method
> using token bucket.

I guess the question was not whether to use meter actions in the datapath 
to implement the upcall rate limiter in dpif-netdev but whether to allow 
configuration of the upcall rate limiter through OpenFlow Meter Mod command for 
special pre-defined meter OFPM_SLOWPATH. In any case, the decision was to drop 
that idea.

> 
> Could you please review this patch?
> 
> Thanx
> Manu
> 
> v2: https://patchwork.ozlabs.org/patch/860687/
> v1: https://patchwork.ozlabs.org/patch/836737/

Please add the list of main changes between the current and the previous 
version in the next revision of the patch. Put it below the '---' separator so 
that is not part of the commit message.
[manu] Sure ok.

> 
> Signed-off-by: Manohar K C
> 
> CC: Jan Scheurich 
> ---
>  Documentation/howto/dpdk.rst | 21 +++
>  lib/dpif-netdev-perf.h   |  1 +
>  lib/dpif-netdev.c| 83 

>  vswitchd/vswitch.xml | 47 +
>  4 files changed, 146 insertions(+), 6 deletions(-)
> 
> diff --git a/Documentation/howto/dpdk.rst b/Documentation/howto/dpdk.rst
> index 79b626c..bd1eaac 100644
> --- a/Documentation/howto/dpdk.rst
> +++ b/Documentation/howto/dpdk.rst
> @@ -739,3 +739,24 @@ devices to bridge ``br0``. Once complete, follow the 
below steps:
> Check traffic on multiple queues::
> 
> $ cat /proc/interrupts | grep virtio
> +
> +Upcall rate limiting
> +
> +ovs-vsctl can be used to enable and configure upcall rate limit 
parameters.
> +There are 2 configurable values ``upcall-rate`` and ``upcall-burst`` 
which
> +take effect when global enable knob ``upcall-rl`` is set to true.

Please explain why upcall rate limiting may be relevant in the context of 
DPDK datapath (upcalls executed in the context of the PMD and affecting 
datapath forwarding capacity). Worth noting here, perhaps, that this rate 
limiting is independently per PMD and not a global limit.

Replace "knob" by "configuration parameter"  and put the command to enable 
rate limiting:
 $ ovs-vsctl set Open_vSwitch . other_config:upcall-rl=true
before the commands to tune the token bucket parameters. Mention the 
default parameter values?
[manu] Done.

> +
> +Upcall rate should be set using ``upcall-rate`` in packets-per-sec. For
> +example::
> +
> +$ ovs-vsctl set Open_vSwitch . other_config:upcall-rate=2000
> +
> +Upcall burst should be set using ``upcall-burst`` in packets-per-sec. For
> +example::
> +
> +$ ovs-vsctl set Open_vSwitch . other_config:upcall-burst=2000
> +
> +Upcall ratelimit feature should be globally enabled using ``upcall-rl``. 
For
> +example::
> +
> +$ ovs-vsctl set Open_vSwitch . other_config:upcall-rl=true

> diff --git a/lib/dpif-netdev-perf.h b/lib/dpif-netdev-perf.h
> index 5993c25..189213c 100644
> --- a/lib/dpif-netdev-perf.h
> +++ b/lib/dpif-netdev-perf.h
> @@ -64,6 +64,7 @@ enum pmd_stat_type {
>   * recirculation. */
>  PMD_STAT_SENT_PKTS, /* Packets that have been sent. */
>  PMD_STAT_SENT_BATCHES,  /* Number of batches sent. */
> +PMD_STAT_RATELIMIT_DROP,/* Packets dropped due to upcall policer. */

Name PMD_STAT_RL_DROP and move up in list after PMD_STAT_LOST. Add space 
before comment.
[manu] Done

>  PMD_CYCLES_ITER_IDLE,   /* Cycles spent in idle iterations. */
>  PMD_CYCLES_ITER_BUSY,   /* 

Re: [ovs-dev] [PATCH] doc: Final cleanup of the DPDK documents

[Stephen Finucane]

On Thu, 2018-05-10 at 19:05 +, Stokes, Ian wrote:
> > This concludes the cleanup by fixing some nits and adding some additional
> > cross-references.
> > 
> > Signed-off-by: Stephen Finucane 
> > ---
> > This was initially sent as part of a larger series but excluded from a
> > recent merge due to label issues. I wasn't able to reproduce these so I'm
> > resending verbatim.
> 
> Hi Stephen,
> 
> Thanks for this. Bit of a strange one. I'm still seeing the complaint 
> regarding the duplication of labels on my own system
> 
> Warning, treated as error:
> ovs/Documentation/topics/dpdk/index.rst:None: WARNING: duplicate label 
> bridges and ports, other instance in ovs/Documentation/howto/dpdk.rst
> 
> This could be specific to my board as you couldn't re-produce, however 
> running the patch through travis build throws up a separate error on 
> compilation regarding the use of caption in toctree.
> 
> Warning, treated as error:
> Documentation/topics/dpdk/index.rst:1: ERROR: Error in "toctree" directive:
> unknown option: "caption".
> .. toctree::
>:maxdepth: 2
>:caption: Bridges and Ports
>/topics/dpdk/bridge
>/topics/dpdk/phy
>/topics/dpdk/vhost-user
>/topics/dpdk/ring
>/topics/dpdk/vdev
> 
> For completeness the link to the travis build is included below.
> 
> https://travis-ci.org/istokes/ovs/jobs/377412427

Yeah, looks like this is using Sphinx 1.2.2 and the 'caption' directive
was added in Sphinx 1.3 [1]. I'm guessing there's a reason that we're
using such an old version?

> I wondering is this related to different sphinx versions across the test 
> systems.
> 
> I'll investigate the error that appears on my board if you can look at the 
> travis error above.

What versions of Sphinx are you using locally? I'll see if I can
reproduce said issue myself too (or at least make sense of it).

Stephen

[1] http://www.sphinx-doc.org/en/master/usage/restructuredtext/directiv
es.html#directive-toctree

> Thanks
> Ian
> > ---
> >  Documentation/howto/dpdk.rst| 51 
> > -
> >  Documentation/topics/dpdk/index.rst |  6 +
> >  2 files changed, 28 insertions(+), 29 deletions(-)
> > 
> > diff --git a/Documentation/howto/dpdk.rst b/Documentation/howto/dpdk.rst
> > index 380181db0..6344f1cb0 100644
> > --- a/Documentation/howto/dpdk.rst
> > +++ b/Documentation/howto/dpdk.rst
> > @@ -25,23 +25,26 @@
> >  Using Open vSwitch with DPDK
> >  
> > 
> > -This document describes how to use Open vSwitch with DPDK datapath.
> > +This document describes how to use Open vSwitch with DPDK datapath. For
> > +more detailed information, refer to the various :doc:`DPDK topic guides
> > +`.
> > 
> >  .. important::
> > 
> > Using the DPDK datapath requires building OVS with DPDK support. Refer
> > to
> > :doc:`/intro/install/dpdk` for more information.
> > 
> > -Ports and Bridges
> > --
> > +Overview
> > +
> > 
> > -ovs-vsctl can be used to set up bridges and other Open vSwitch features.
> > -Bridges should be created with a ``datapath_type=netdev``::
> > +:program:`ovs-vsctl` can be used to set up bridges and other Open
> > +vSwitch features.  Bridges should be created with a
> > ``datapath_type=netdev``::
> > 
> >  $ ovs-vsctl add-br br0 -- set bridge br0 datapath_type=netdev
> > 
> > -ovs-vsctl can also be used to add DPDK devices. ovs-vswitchd should print
> > the -number of dpdk devices found in the log file::
> > +:program:`ovs-vsctl` can also be used to add DPDK devices.
> > +:program:`ovs-vswitchd` should print the number of ``dpdk`` devices
> > +found in the log file::
> > 
> >  $ ovs-vsctl add-port br0 dpdk-p0 -- set Interface dpdk-p0 type=dpdk \
> >  options:dpdk-devargs=:01:00.0 @@ -59,14 +62,13 @@ is
> > suggested::
> > 
> >  .. important::
> > 
> > -Hotplugging physical interfaces is not supported using the above
> > syntax.
> > -This is expected to change with the release of DPDK v18.05. For
> > information
> > -on hotplugging physical interfaces, you should instead refer to
> > -:ref:`port-hotplug`.
> > +Hotplugging physical interfaces is not supported for these devices.
> > This
> > +is expected to change with the release of DPDK v18.05. For
> > information on
> > +hotplugging physical interfaces, refer to :ref:`port-hotplug`.
> > 
> >  After the DPDK ports get added to switch, a polling thread continuously
> > polls -DPDK devices and consumes 100% of the core, as can be checked from
> > ``top`` and -``ps`` commands::
> > +DPDK devices and consumes 100% of the core, as can be checked from
> > +:command:`top` and :command:`ps` commands::
> > 
> >  $ top -H
> >  $ ps -eLo pid,psr,comm | grep pmd
> > @@ -79,7 +81,7 @@ set. For example::
> >  -- set Interface p0 type=dpdk options:dpdk-devargs=:01:00.0 \
> >  -- set Interface p1 type=dpdk options:dpdk-devargs=:01:00.1
> > 
> > -To stop 

[ovs-dev] IDE for OVS ?

[rakesh kumar]

Hello Team,

What is the IDE or framework used in Linux environment for the OVS
Develpment ?

Can we debug the OVS if used as SDN Service in Core Emulator or any other
network emulator .


Regards
Rakesh Kumar
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] Packet switching in OVS ! Please reply

[rakesh kumar]

Dear Team,

I need to modify the functionality of OVS  to test some scenarios using
Network Emulator Core for my research I need to know the following things.

1. Which part of the code is dealing with Packet Switching and where these
packets are structured in OVS ?

2. Any link or document which can  give some brief descriptions about the
OVS Source code structure ?


Regards
Rakesh Kumar
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH] datapath: compat: Fix build on RHEL 7.5

[Lucas Alvares Gomes]

> diff --git a/datapath/vport-internal_dev.c b/datapath/vport-internal_dev.c
> index f48684b2e70f..90e76bac2165 100644
> --- a/datapath/vport-internal_dev.c
> +++ b/datapath/vport-internal_dev.c
> @@ -153,7 +153,7 @@ static const struct net_device_ops 
> internal_dev_netdev_ops = {
> .ndo_stop = internal_dev_stop,
> .ndo_start_xmit = internal_dev_xmit,
> .ndo_set_mac_address = eth_mac_addr,
> -#ifndef HAVE_NET_DEVICE_WITH_MAX_MTU
> +#if!defined(HAVE_NET_DEVICE_WITH_MAX_MTU) && !defined(HAVE_RHEL7_MAX_MTU)
> .ndo_change_mtu = internal_dev_change_mtu,
>  #endif
> .ndo_get_stats64 = (void *)internal_get_stats,

On RHEL 7.5, internal_dev_change_mtu will not be used and the compiler
will throw a warning about it:

  CC [M]  /root/ovs/datapath/linux/vport-internal_dev.o
/root/ovs/datapath/linux/vport-internal_dev.c:92:12: warning:
‘internal_dev_change_mtu’ defined but not used [-Wunused-function]
 static int internal_dev_change_mtu(struct net_device *dev, int new_mtu)

Can we have the same conditional [0] around that function definition
to avoid such warning ?

Other than that the patch looks good to me, thank you!

[0]  #if!defined(HAVE_NET_DEVICE_WITH_MAX_MTU) &&
!defined(HAVE_RHEL7_MAX_MTU)
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH] tunnel: cleanup geneve md before forwarding to another port.

[William Tu]

When there is a flow rule which forwards a packet from geneve
port to another tunnel port, ex: gre, the tun_metadata carried
from the geneve port needs to be clean up.  Otherwise, the output
tunnel port will incorrectly have geneve option being set.

For example, without the patch, the datapath action output to gre
port (1) shows:
  set(tunnel(tun_id=0x7b,dst=2.2.2.2,ttl=64,
geneve({class=0x,type=0,len=4,0x123}),flags(df|key))),1
Where the geneve(...) should not exist.

When using kernel's tunnel port, this triggers an error saying:
"Multiple metadata blocks provided", when there is a rule forwarding
the geneve packet to vxlan/erspan tunnel port.  A userspace test case
using geneve and gre also demonstrates the issue.

Reported-by: Xiaoyan Jin 
Signed-off-by: William Tu 
Cc: Greg Rose 
---
 ofproto/tunnel.c |  6 ++
 tests/tunnel.at  | 18 ++
 2 files changed, 24 insertions(+)

diff --git a/ofproto/tunnel.c b/ofproto/tunnel.c
index e0214ced69e2..00104091c991 100644
--- a/ofproto/tunnel.c
+++ b/ofproto/tunnel.c
@@ -403,6 +403,7 @@ tnl_port_send(const struct ofport_dpif *ofport, struct flow 
*flow,
 struct tnl_port *tnl_port;
 char *pre_flow_str = NULL;
 odp_port_t out_port;
+const char *type;
 
 fat_rwlock_rdlock();
 tnl_port = tnl_find_ofport(ofport);
@@ -474,6 +475,11 @@ tnl_port_send(const struct ofport_dpif *ofport, struct 
flow *flow,
 wc->masks.pkt_mark = UINT32_MAX;
 }
 
+type = netdev_get_type(tnl_port->netdev);
+if (strcmp("geneve", type)) {
+memset(>tunnel.metadata, 0, sizeof(flow->tunnel.metadata));
+}
+
 if (pre_flow_str) {
 char *post_flow_str = flow_to_string(flow, NULL);
 char *tnl_str = tnl_port_to_string(tnl_port);
diff --git a/tests/tunnel.at b/tests/tunnel.at
index 3c217b344f9b..34e1e883a68f 100644
--- a/tests/tunnel.at
+++ b/tests/tunnel.at
@@ -708,5 +708,23 @@ AT_CHECK([tail -2 stdout], [0],
 Datapath actions: set(tunnel(tun_id=0x7b,dst=2.2.2.2,ttl=64,flags(df|key))),1
 ])
 
+AT_CHECK([ovs-ofctl add-tlv-map br0 
"{class=0x,type=0,len=4}->tun_metadata0"])
+AT_CHECK([ovs-ofctl del-flows br0])
+
+AT_DATA([flows2.txt], [dnl
+priority=1,in_port=1,tun_metadata0=0x123, actions=3
+])
+AT_CHECK([ovs-ofctl add-flows br0 flows2.txt])
+
+AT_CHECK([ovs-appctl ofproto/trace ovs-dummy 
'recirc_id(0),tunnel(tun_id=0x0,src=1.1.1.1,dst=1.1.1.2,ttl=64,geneve({class=0x,type=0,len=4,0x123}),flags(csum|key)),in_port(6081),skb_mark(0),eth(src=50:54:00:00:00:05,dst=50:54:00:00:00:07),eth_type(0x0800),ipv4(frag=no)'],
 [0], [stdout])
+AT_CHECK([tail -2 stdout], [0],
+  [Megaflow: 
recirc_id=0,eth,ip,tun_id=0,tun_src=1.1.1.1,tun_dst=1.1.1.2,tun_tos=0,tun_flags=-df+csum+key,tun_metadata0=0x123,in_port=1,nw_ecn=0,nw_frag=no
+Datapath actions: set(tunnel(tun_id=0x7b,dst=2.2.2.2,ttl=64,flags(df|key))),1
+])
+
+dnl with the fix, the actions still have geneve options:
+dnl 
set(tunnel(tun_id=0x7b,dst=2.2.2.2,ttl=64,geneve({class=0x,type=0,len=4,0x123}),flags(df|key))),1
+dnl which is not correct
+
 OVS_VSWITCHD_STOP
 AT_CLEANUP
-- 
2.7.4

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH] Avoid crash in OvS while transmitting fragmented packets over tunnel.

[Rohith Basavaraja]

Hi Darell,

I reproduce the issue by making VM to transmit fragmented packets and in OvS if 
we have corresponding rule
to transmit the received fragmented packet (from VM) over tunnel then I always 
hit the crash.

Thanks
Rohith

On 11/05/18, 2:16 AM, "Darrell Ball"  wrote:

Thanks Rohith
I see this patch was applied, but I have one question inline.


On 4/20/18, 1:48 AM, "ovs-dev-boun...@openvswitch.org on behalf of Rohith 
Basavaraja"  wrote:

Currently when fragmented packets are to be transmitted in to tunnel,
base_flow->nw_frag which was initially non-zero at reception is not
reset to zero when the base_flow and flow are rewritten
as part of the emulated tnl_push action in the ofproto-dpif-xlate
module.

Because of this when fragmented packets are transmitted out of tunnel,
we hit crash caused by the following assert.

lib/odp-util.c:5654: assertion flow->nw_proto == base_flow->nw_proto &&
flow->nw_frag == base_flow->nw_frag failed in commit_set_ipv4_action()

Can you describe how you hit this assertion?
I have some testing in and around this code, but have not hit this yet, so 
I was curious?

With the following change propagate_tunnel_data_to_flow__
is modified to reset *nw_frag* to zero. 


Also, that currently we don't
fragment tunnelled packets, we should reset *nw_frag* to zero in
propagate_tunnel_data_to_flow__.

Signed-off-by: Jan Scheurich 
From: Rohith Basavaraja 
CC: Jan Scheurich 

---
 ofproto/ofproto-dpif-xlate.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/ofproto/ofproto-dpif-xlate.c b/ofproto/ofproto-dpif-xlate.c
index 94e3ddb..e9ed037 100644
--- a/ofproto/ofproto-dpif-xlate.c
+++ b/ofproto/ofproto-dpif-xlate.c
@@ -3310,6 +3310,7 @@ propagate_tunnel_data_to_flow__(struct flow 
*dst_flow,
 dst_flow->ipv6_dst = src_flow->tunnel.ipv6_dst;
 dst_flow->ipv6_src = src_flow->tunnel.ipv6_src;
 
+dst_flow->nw_frag = 0; /* Tunnel packets are unfragmented. */


 dst_flow->nw_tos = src_flow->tunnel.ip_tos;
 dst_flow->nw_ttl = src_flow->tunnel.ip_ttl;
 dst_flow->tp_dst = src_flow->tunnel.tp_dst;
-- 
1.9.1




___
dev mailing list
d...@openvswitch.org

https://urldefense.proofpoint.com/v2/url?u=https-3A__mail.openvswitch.org_mailman_listinfo_ovs-2Ddev=DwICAg=uilaK90D4TOVoH58JNXRgQ=BVhFA09CGX7JQ5Ih-uZnsw=6ZMZ7J9yNmX0ZQRMQyUfQ8fZrhemcMFiUqpnVD_jN9w=lYu98hfGnEvKr7YcK50fxDDY9-d0mA3W0yYtpSeeIQo=






___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev