[ovs-dev] not able to find documentation on ovs python library
not able to find documentation on OVS python library please help -- Ankit Bhardwaj ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH] show "rx_missed_errors" counter in interface statisics
On Tue, Sep 03, 2019 at 07:28:26PM +0800, txfh2007 via dev wrote: > Hi all: > > Currently OVS maintains several Statistics counters per interface. > "rx_missed_errors" counter is amount them and collects pkts not received due > to local resource constaints. Many ovs netdevs support collecting this > counter, such as netdev-linux, netdev-dpdk, netdev-bsd and so on. But as far > as I know, this counter can't be read by command "ovs-vsctl list interface > |grep statistics". I have found the root cause(may be I was wrong) > is in task "iface_refresh_stats", the "rx_missed_errors" is not in the macro > IFACE_STATS. So even if this counter is updated by netdev, it woundn't be > read by users. > > This simple patch tries to solve this problem, many thanks for your > kindly reminder. Thanks, applied to master. ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH branch-2.10] dpdk: Use DPDK 17.11.6 release.
It looks like these DPDK version update patches have been overlooked. Ilya, Ian, do you want to look at them? On Mon, Sep 02, 2019 at 09:34:53AM +0200, Lukasz Pawlik wrote: > Modify travis linux build script to use the latest DPDK stable release > 17.11.6. Update docs for latest DPDK stable releases. > > Signed-off-by: Lukasz Pawlik > --- > .travis/linux-build.sh | 2 +- > Documentation/faq/releases.rst | 4 ++-- > Documentation/intro/install/dpdk.rst | 8 > Documentation/topics/dpdk/vhost-user.rst | 6 +++--- > NEWS | 2 ++ > 5 files changed, 12 insertions(+), 10 deletions(-) > > diff --git a/.travis/linux-build.sh b/.travis/linux-build.sh > index 1fe5bbf..ede62a5 100755 > --- a/.travis/linux-build.sh > +++ b/.travis/linux-build.sh > @@ -83,7 +83,7 @@ fi > > if [ "$DPDK" ]; then > if [ -z "$DPDK_VER" ]; then > -DPDK_VER="17.11.4" > +DPDK_VER="17.11.6" > fi > install_dpdk $DPDK_VER > if [ "$CC" = "clang" ]; then > diff --git a/Documentation/faq/releases.rst b/Documentation/faq/releases.rst > index 216eb30..8fe16d9 100644 > --- a/Documentation/faq/releases.rst > +++ b/Documentation/faq/releases.rst > @@ -167,8 +167,8 @@ Q: What DPDK version does each Open vSwitch release work > with? > 2.6.x16.07.2 > 2.7.x16.11.8 > 2.8.x17.05.2 > -2.9.x17.11.4 > -2.10.x 17.11.4 > +2.9.x17.11.6 > +2.10.x 17.11.6 > === > > Q: Are all the DPDK releases that OVS versions work with maintained? > diff --git a/Documentation/intro/install/dpdk.rst > b/Documentation/intro/install/dpdk.rst > index 13546bb..5f39263 100644 > --- a/Documentation/intro/install/dpdk.rst > +++ b/Documentation/intro/install/dpdk.rst > @@ -42,7 +42,7 @@ Build requirements > In addition to the requirements described in :doc:`general`, building Open > vSwitch with DPDK will require the following: > > -- DPDK 17.11.4 > +- DPDK 17.11.6 > > - A `DPDK supported NIC`_ > > @@ -71,9 +71,9 @@ Install DPDK > #. Download the `DPDK sources`_, extract the file and set ``DPDK_DIR``:: > > $ cd /usr/src/ > - $ wget http://fast.dpdk.org/rel/dpdk-17.11.4.tar.xz > - $ tar xf dpdk-17.11.4.tar.xz > - $ export DPDK_DIR=/usr/src/dpdk-stable-17.11.4 > + $ wget http://fast.dpdk.org/rel/dpdk-17.11.6.tar.xz > + $ tar xf dpdk-17.11.6.tar.xz > + $ export DPDK_DIR=/usr/src/dpdk-stable-17.11.6 > $ cd $DPDK_DIR > > #. (Optional) Configure DPDK as a shared library > diff --git a/Documentation/topics/dpdk/vhost-user.rst > b/Documentation/topics/dpdk/vhost-user.rst > index 6334590..c5fe9ee 100644 > --- a/Documentation/topics/dpdk/vhost-user.rst > +++ b/Documentation/topics/dpdk/vhost-user.rst > @@ -320,9 +320,9 @@ To begin, instantiate a guest as described in > :ref:`dpdk-vhost-user` or > DPDK sources to VM and build DPDK:: > > $ cd /root/dpdk/ > -$ wget http://fast.dpdk.org/rel/dpdk-17.11.4.tar.xz > -$ tar xf dpdk-17.11.4.tar.xz > -$ export DPDK_DIR=/root/dpdk/dpdk-stable-17.11.4 > +$ wget http://fast.dpdk.org/rel/dpdk-17.11.6.tar.xz > +$ tar xf dpdk-17.11.6.tar.xz > +$ export DPDK_DIR=/root/dpdk/dpdk-stable-17.11.6 > $ export DPDK_TARGET=x86_64-native-linuxapp-gcc > $ export DPDK_BUILD=$DPDK_DIR/$DPDK_TARGET > $ cd $DPDK_DIR > diff --git a/NEWS b/NEWS > index 064550b..92c3f81 100644 > --- a/NEWS > +++ b/NEWS > @@ -4,6 +4,8 @@ v2.10.3 - xx xxx > v2.10.2 - 30 Mar 2019 > > - Bug fixes > + - DPDK > +* OVS validated with DPDK 17.11.6 which is recommended to be used. > > v2.10.1 - 19 Oct 2018 > > -- > 2.7.4 > > ___ > dev mailing list > d...@openvswitch.org > https://mail.openvswitch.org/mailman/listinfo/ovs-dev ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH v2] treewide: Use packet batch APIs
On Sun, Sep 01, 2019 at 03:10:05PM +0200, Paul Chaignon wrote: > This patch replaces direct accesses to dp_packet_batch and dp_packet > internal components by the appropriate API calls. It extends commit > 1270b6e52 (treewide: Wider use of packet batch APIs). > > This patch was generated using the following semantic patch (cf. > http://coccinelle.lip6.fr). Thanks a lot. I applied this to master. ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH] Add a __str__ method to idl.Row
On Tue, Sep 03, 2019 at 06:27:18PM -0500, Terry Wilson wrote: > It's sometimes handy to log an entire Row object, so this just > adds a string representation of the object as: > >Tablename(col1=val1, col2=val2, ..., coln=valn) > > Signed-off-by: Terry Wilson Applied to master. Thanks! ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCHv2] fatal-signal: Catch SIGSEGV and print backtrace.
Bleep bloop. Greetings William Tu, I am a robot and I have tried out your
patch.
Thanks for your contribution.
I encountered some error that I wasn't expecting. See the details below.
build:
/bin/sh ./libtool --tag=CC --mode=compile gcc -std=gnu99 -DHAVE_CONFIG_H -I.
-I ./include -I ./include -I ./lib -I ./lib-Wstrict-prototypes -Wall
-Wextra -Wno-sign-compare -Wpointer-arith -Wformat -Wformat-security
-Wswitch-enum -Wunused-parameter -Wbad-function-cast -Wcast-align
-Wstrict-prototypes -Wold-style-definition -Wmissing-prototypes
-Wmissing-field-initializers -fno-strict-aliasing -Wshadow -Werror -Werror -g
-O2 -MT lib/dynamic-string.lo -MD -MP -MF $depbase.Tpo -c -o
lib/dynamic-string.lo lib/dynamic-string.c &&\
mv -f $depbase.Tpo $depbase.Plo
libtool: compile: gcc -std=gnu99 -DHAVE_CONFIG_H -I. -I ./include -I ./include
-I ./lib -I ./lib -Wstrict-prototypes -Wall -Wextra -Wno-sign-compare
-Wpointer-arith -Wformat -Wformat-security -Wswitch-enum -Wunused-parameter
-Wbad-function-cast -Wcast-align -Wstrict-prototypes -Wold-style-definition
-Wmissing-prototypes -Wmissing-field-initializers -fno-strict-aliasing -Wshadow
-Werror -Werror -g -O2 -MT lib/dynamic-string.lo -MD -MP -MF
lib/.deps/dynamic-string.Tpo -c lib/dynamic-string.c -o lib/dynamic-string.o
depbase=`echo lib/entropy.lo | sed 's|[^/]*$|.deps/&|;s|\.lo$||'`;\
/bin/sh ./libtool --tag=CC --mode=compile gcc -std=gnu99 -DHAVE_CONFIG_H -I.
-I ./include -I ./include -I ./lib -I ./lib-Wstrict-prototypes -Wall
-Wextra -Wno-sign-compare -Wpointer-arith -Wformat -Wformat-security
-Wswitch-enum -Wunused-parameter -Wbad-function-cast -Wcast-align
-Wstrict-prototypes -Wold-style-definition -Wmissing-prototypes
-Wmissing-field-initializers -fno-strict-aliasing -Wshadow -Werror -Werror -g
-O2 -MT lib/entropy.lo -MD -MP -MF $depbase.Tpo -c -o lib/entropy.lo
lib/entropy.c &&\
mv -f $depbase.Tpo $depbase.Plo
libtool: compile: gcc -std=gnu99 -DHAVE_CONFIG_H -I. -I ./include -I ./include
-I ./lib -I ./lib -Wstrict-prototypes -Wall -Wextra -Wno-sign-compare
-Wpointer-arith -Wformat -Wformat-security -Wswitch-enum -Wunused-parameter
-Wbad-function-cast -Wcast-align -Wstrict-prototypes -Wold-style-definition
-Wmissing-prototypes -Wmissing-field-initializers -fno-strict-aliasing -Wshadow
-Werror -Werror -g -O2 -MT lib/entropy.lo -MD -MP -MF lib/.deps/entropy.Tpo -c
lib/entropy.c -o lib/entropy.o
depbase=`echo lib/fat-rwlock.lo | sed 's|[^/]*$|.deps/&|;s|\.lo$||'`;\
/bin/sh ./libtool --tag=CC --mode=compile gcc -std=gnu99 -DHAVE_CONFIG_H -I.
-I ./include -I ./include -I ./lib -I ./lib-Wstrict-prototypes -Wall
-Wextra -Wno-sign-compare -Wpointer-arith -Wformat -Wformat-security
-Wswitch-enum -Wunused-parameter -Wbad-function-cast -Wcast-align
-Wstrict-prototypes -Wold-style-definition -Wmissing-prototypes
-Wmissing-field-initializers -fno-strict-aliasing -Wshadow -Werror -Werror -g
-O2 -MT lib/fat-rwlock.lo -MD -MP -MF $depbase.Tpo -c -o lib/fat-rwlock.lo
lib/fat-rwlock.c &&\
mv -f $depbase.Tpo $depbase.Plo
libtool: compile: gcc -std=gnu99 -DHAVE_CONFIG_H -I. -I ./include -I ./include
-I ./lib -I ./lib -Wstrict-prototypes -Wall -Wextra -Wno-sign-compare
-Wpointer-arith -Wformat -Wformat-security -Wswitch-enum -Wunused-parameter
-Wbad-function-cast -Wcast-align -Wstrict-prototypes -Wold-style-definition
-Wmissing-prototypes -Wmissing-field-initializers -fno-strict-aliasing -Wshadow
-Werror -Werror -g -O2 -MT lib/fat-rwlock.lo -MD -MP -MF
lib/.deps/fat-rwlock.Tpo -c lib/fat-rwlock.c -o lib/fat-rwlock.o
depbase=`echo lib/fatal-signal.lo | sed 's|[^/]*$|.deps/&|;s|\.lo$||'`;\
/bin/sh ./libtool --tag=CC --mode=compile gcc -std=gnu99 -DHAVE_CONFIG_H -I.
-I ./include -I ./include -I ./lib -I ./lib-Wstrict-prototypes -Wall
-Wextra -Wno-sign-compare -Wpointer-arith -Wformat -Wformat-security
-Wswitch-enum -Wunused-parameter -Wbad-function-cast -Wcast-align
-Wstrict-prototypes -Wold-style-definition -Wmissing-prototypes
-Wmissing-field-initializers -fno-strict-aliasing -Wshadow -Werror -Werror -g
-O2 -MT lib/fatal-signal.lo -MD -MP -MF $depbase.Tpo -c -o lib/fatal-signal.lo
lib/fatal-signal.c &&\
mv -f $depbase.Tpo $depbase.Plo
libtool: compile: gcc -std=gnu99 -DHAVE_CONFIG_H -I. -I ./include -I ./include
-I ./lib -I ./lib -Wstrict-prototypes -Wall -Wextra -Wno-sign-compare
-Wpointer-arith -Wformat -Wformat-security -Wswitch-enum -Wunused-parameter
-Wbad-function-cast -Wcast-align -Wstrict-prototypes -Wold-style-definition
-Wmissing-prototypes -Wmissing-field-initializers -fno-strict-aliasing -Wshadow
-Werror -Werror -g -O2 -MT lib/fatal-signal.lo -MD -MP -MF
lib/.deps/fatal-signal.Tpo -c lib/fatal-signal.c -o lib/fatal-signal.o
lib/fatal-signal.c: In function 'fatal_signal_handler':
lib/fatal-signal.c:207:13: error: 'daemonize_fd' undeclared (first use in this
function)
if (daemonize_fd != -1) {
^
lib/fatal-signal.c:207:13: note: each undeclared
Re: [ovs-dev] [PATCH v5 9/9] ofproto-dpif-xlate: Translate timeout policy in ct action
On Wed, Sep 25, 2019 at 3:59 PM Justin Pettit wrote:
>
>
> > On Aug 28, 2019, at 3:14 PM, Yi-Hung Wei wrote:
> >
> > diff --git a/lib/dpif-provider.h b/lib/dpif-provider.h
> > index e988626ea05b..4a599c8eb866 100644
> > --- a/lib/dpif-provider.h
> > +++ b/lib/dpif-provider.h
> > @@ -542,6 +542,16 @@ struct dpif_class {
> >struct ct_dpif_timeout_policy *tp);
> > int (*ct_timeout_policy_dump_done)(struct dpif *, void *state);
> >
> > +/* Gets timeout policy based on 'tp_id', 'dl_type' and 'nw_proto'.
> > + * On success, returns 0, stores the timeout policy name in 'tp_name',
> > + * and sets 'is_generic'. 'is_generic' is false if the returned timeout
> > + * policy in the 'dpif' is specific to 'dl_type' and 'nw_proto' in the
> > + * datapath, i.e. in kernel datapath. Sets 'is_generic' to true, if
> > + * the timeout policy supports all OVS supported L3/L4 protocols. */
> > +int (*ct_get_timeout_policy_name)(struct dpif *, uint32_t tp_id,
> > + uint16_t dl_type, uint8_t nw_proto,
> > + struct ds *tp_name, bool
> > *is_generic);
>
> I don't have a great justification, but we've generally used "char **"
> instead of "struct ds" in these interfaces. Let me know what you think of
> the attached incremental. It ended up being a more invasive change than I
> expected, but I think it will be more consistent in our API.
>
> > diff --git a/ofproto/ofproto-dpif-xlate.c b/ofproto/ofproto-dpif-xlate.c
> > index 17800f3c8a3f..c8e508bca2c8 100644
> > --- a/ofproto/ofproto-dpif-xlate.c
> > +++ b/ofproto/ofproto-dpif-xlate.c
> > @@ -5983,6 +5983,25 @@ put_ct_helper(struct xlate_ctx *ctx,
> > }
> >
> > static void
> > +put_ct_timeout(struct ofpbuf *odp_actions, const struct dpif_backer
> > *backer,
> > + const struct flow *flow, struct flow_wildcards *wc,
> > + uint16_t zone_id)
> > +{
> > +struct ds tp_name = DS_EMPTY_INITIALIZER;
> > +bool unwildcard;
> > +
> > +if (ofproto_dpif_ct_zone_timeout_policy_get_name(backer, zone_id,
> > +ntohs(flow->dl_type), flow->nw_proto, _name, )) {
> > +nl_msg_put_string(odp_actions, OVS_CT_ATTR_TIMEOUT,
> > ds_cstr(_name));
> > +
> > +if (unwildcard) {
> > +memset(>masks.nw_proto, 0xff, sizeof
> > wc->masks.nw_proto);
>
> I think it's worth mentioning again why we're unwildcarding "nw_proto" and
> why it wasn't necessary to also unwildcard "dl_type". How about something
> like the following:
>
> /* The underlying datapath requires separate timeout
> * policies for different Ethertypes and IP protocols. We
> * don't need to unwildcard 'wc->masks.dl_type' since that
> * field is always unwildcarded in megaflows. */
> memset(>masks.nw_proto, 0xff, sizeof wc->masks.nw_proto);
>
> Sorry for the long delay in finishing this review. Assuming you're happy
> with the changes, I'll merge the series into master.
>
> Thanks,
>
> --Justin
Thanks Justin for the review. The proposed diff looks good to me.
Thanks,
-Yi-Hung
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] Regarding TSO using AF_PACKET in OVS
On Thu, Sep 19, 2019 at 2:16 AM Ramana Reddy wrote: > > Hi William, > Thanks for your reply. Please find the inline comments. > > On Fri, Aug 30, 2019 at 9:26 PM William Tu wrote: >> >> Hi Ramana, >> >> I'm trying to understand your setup. >> >> On Wed, Aug 28, 2019 at 4:11 AM Ramana Reddy wrote: >> > >> > Hi Ben, Justin, Jesse and All, >> > >> > Hope everyone doing great. >> > >> > During my work, I create a socket using AF_PACKET with virtio_net_hdr and >> > filled all the fields in the virtio_net_hdr >> > and the flag to VIRTIO_NET_GSO_TCPV4 to enable TSO using af_packet. >> > >> > vnet->gso_type = VIRTIO_NET_HDR_GSO_TCPV4; >> > >> > The code is not working when I am trying to send large packets over OVS >> > VXLAN tunnel. It's dropping the large packets and >> > the application is resending the MTU sized packets. The code is working >> > fine in non ovs case (directly sending without ovs). btw, does 'dmesg' shows that OVS complaining about packet size larger than MTU, so it drops the packet? >> >> Do you create AF_PACKET and bind its socket to OVS's vxlan device, >> ex: vxlan_sys_4789? > > No. We created a AF_PACKET and binding it our own interface in the container. > It takes the help of the routing table in the container > and routes the packets to the OVS veth interface, and from there, the OVS > rule selects the respective out_port based on the destination IP address. > We can't select vxlan_sys_4789 interface as it is in the host namespace. > It's up to the OVS to select the respective interface (out_port). > And we are not aware and need not know about the underlying network (OVS > bridge or linux or some docker bridge) in the host. > >> In the non-ovs working case, do you bind AF_PACKET to the vxlan device >> created >> by using ip link command? >> >> > >> > I understood that UDP tunneling offloading (VXLAN) not happening because of >> > nic may not support this offloading feature, >> > but when I send iperf (AF_INET) traffic, though the offloading is not >> > happening, but the large packets are fragmented and the >> > VXLAN tunneling sending the fragmented packets. Why are we seeing this >> > different behavior? >> >> OVS's vxlan device is a light-weight tunnel device, so it might not >> have all the >> features. > > This is the same question in my mind. OVS may not be handling AF_PACKET with > vnet_hdr. Right, I couldn't find any source code related to vnet_hdr in OVS kernel module. >> >> >> > >> > What is the expected behavior in AF_PACKET in OVS? Does OVS support >> > AF_PACKET offloading mechanism? >> >> AF_PACKET (see net/packet/af_packet.c) just from userspace send packet into >> kernel and to the device you bind to. It creates skb and invokes the >> device's xmit >> function. > > This I understood. But OVS should understand this and offload the packet to > the driver or to the nic > when virtio_net_hdr is set. If we send the packets to the normal interface > (eth0) without ovs, the kernel > is able to understand the TSO packets with virtio_net_hdr and handover the > offloading to the driver (GSO) or nic (TSO). I see your point. Yes, currently OVS does not understand this offload type, this might be a good feature to add to OVS. Regards, William ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCHv2] fatal-signal: Catch SIGSEGV and print backtrace.
The patch catches the SIGSEGV signal and prints the backtrace
using libunwind at the monitor daemon. This makes debugging easier
when there is no debug symbol package or gdb installed on production
systems. The patch works when the ovs-vswitchd compiles even without
debug symbol (no -g option), because the object files still have function
symbols. For example:
|daemon_unix(monitor)|WARN|SIGSEGV detected, backtrace:
|daemon_unix(monitor)|WARN|0x00482752
|daemon_unix(monitor)|WARN|0x7fb4900734b0
|daemon_unix(monitor)|WARN|0x7fb49013974d <__poll+0x2d>
|daemon_unix(monitor)|WARN|0x0052b348
|daemon_unix(monitor)|WARN|0x005153ec
|daemon_unix(monitor)|WARN|0x0058630a
|daemon_unix(monitor)|WARN|0x004ffd1d
|daemon_unix(monitor)|WARN|0x7fb490b3b6ba
|daemon_unix(monitor)|WARN|0x7fb49014541d
|daemon_unix(monitor)|ERR|1 crashes: pid 122849 died, killed \
(Segmentation fault), core dumped, restarting
However, if the object files' symbols are stripped, then we can only
get init function plus offset value. This is still useful when trying
to see if two bugs have the same root cause, Example:
|daemon_unix(monitor)|WARN|SIGSEGV detected, backtrace:
|daemon_unix(monitor)|WARN|0x00482752 <_init+0x7d68a>
|daemon_unix(monitor)|WARN|0x7f5f7c8cf4b0
|daemon_unix(monitor)|WARN|0x7f5f7c99574d <__poll+0x2d>
|daemon_unix(monitor)|WARN|0x0052b348 <_init+0x126280>
|daemon_unix(monitor)|WARN|0x005153ec <_init+0x110324>
|daemon_unix(monitor)|WARN|0x00407439 <_init+0x2371>
|daemon_unix(monitor)|WARN|0x7f5f7c8ba830 <__libc_start_main+0xf0>
|daemon_unix(monitor)|WARN|0x00408329 <_init+0x3261>
|daemon_unix(monitor)|ERR|1 crashes: pid 106155 died, killed \
(Segmentation fault), core dumped, restarting
Signed-off-by: William Tu
---
v2:
Address comments from Ben about async-signal-safety
---
.travis.yml| 1 +
configure.ac | 1 +
lib/backtrace.h| 18 ++
lib/daemon-unix.c | 30 --
lib/fatal-signal.c | 47 ++-
m4/openvswitch.m4 | 10 ++
6 files changed, 100 insertions(+), 7 deletions(-)
diff --git a/.travis.yml b/.travis.yml
index 68026312ba84..b547eb041791 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -25,6 +25,7 @@ addons:
- selinux-policy-dev
- libunbound-dev
- libunbound-dev:i386
+ - libunwind-dev
before_install: ./.travis/${TRAVIS_OS_NAME}-prepare.sh
diff --git a/configure.ac b/configure.ac
index 1d45c4fdd153..15922418062b 100644
--- a/configure.ac
+++ b/configure.ac
@@ -139,6 +139,7 @@ OVS_LIBTOOL_VERSIONS
OVS_CHECK_CXX
AX_FUNC_POSIX_MEMALIGN
OVS_CHECK_UNBOUND
+OVS_CHECK_UNWIND
OVS_CHECK_INCLUDE_NEXT([stdio.h string.h])
AC_CONFIG_FILES([
diff --git a/lib/backtrace.h b/lib/backtrace.h
index 384f2700d94c..daf035d4f322 100644
--- a/lib/backtrace.h
+++ b/lib/backtrace.h
@@ -20,6 +20,11 @@
#include
#include "openvswitch/dynamic-string.h"
+#ifdef HAVE_UNWIND
+#define UNW_LOCAL_ONLY
+#include
+#endif
+
/* log_backtrace() will save the backtrace of a running program
* into the log at the DEBUG level.
*
@@ -71,4 +76,17 @@ struct backtrace {
void backtrace_capture(struct backtrace *);
void log_backtrace_at(const char *msg, const char *where);
+#ifdef HAVE_UNWIND
+#define UNW_MAX_DEPTH 32
+#define UNW_MAX_FUNCN 32
+#define UNW_MAX_BUF \
+(UNW_MAX_DEPTH * sizeof(struct unw_backtrace))
+
+struct unw_backtrace {
+char func[UNW_MAX_FUNCN];
+unw_word_t ip;
+unw_word_t offset;
+};
+#endif
+
#endif /* backtrace.h */
diff --git a/lib/daemon-unix.c b/lib/daemon-unix.c
index 6169763c294c..b45d1ffad043 100644
--- a/lib/daemon-unix.c
+++ b/lib/daemon-unix.c
@@ -15,6 +15,7 @@
*/
#include
+#include "backtrace.h"
#include "daemon.h"
#include "daemon-private.h"
#include
@@ -75,7 +76,7 @@ static bool overwrite_pidfile;
static bool chdir_ = true;
/* File descriptor used by daemonize_start() and daemonize_complete(). */
-static int daemonize_fd = -1;
+int daemonize_fd = -1;
/* --monitor: Should a supervisory process monitor the daemon and restart it if
* it dies due to an error signal? */
@@ -291,8 +292,7 @@ fork_and_wait_for_startup(int *fdp, pid_t *child_pid)
OVS_NOT_REACHED();
}
}
-close(fds[0]);
-*fdp = -1;
+*fdp = fds[0];
} else if (!pid) {
/* Running in child process. */
close(fds[0]);
@@ -313,8 +313,6 @@ fork_notify_startup(int fd)
if (error) {
VLOG_FATAL("pipe write failed (%s)", ovs_strerror(error));
}
-
-close(fd);
}
}
@@ -373,6 +371,8 @@ monitor_daemon(pid_t daemon_pid)
}
if (!child_ready || retval == daemon_pid) {
+int byte_read;
+struct unw_backtrace backtrace[UNW_MAX_DEPTH];
char *s = process_status_msg(status);
Re: [ovs-dev] [PATCHv4] netdev-afxdp: Add need_wakeup supprt.
On Tue, Sep 24, 2019 at 7:48 AM Ilya Maximets wrote:
>
> Hi.
> Thanks for a new version.
>
> Comments inline.
Hi Ilya,
Thanks for your feedback.
> > static struct xsk_socket_info *
> > -xsk_configure(int ifindex, int xdp_queue_id, int xdpmode)
> > +xsk_configure(int ifindex, int xdp_queue_id, int xdpmode,
> > + bool use_need_wakeup)
> > {
> > struct xsk_socket_info *xsk;
> > struct xsk_umem_info *umem;
> > @@ -334,7 +392,8 @@ xsk_configure(int ifindex, int xdp_queue_id, int
> > xdpmode)
> >
> > VLOG_DBG("Allocated umem pool at 0x%"PRIxPTR, (uintptr_t) umem);
> >
> > -xsk = xsk_configure_socket(umem, ifindex, xdp_queue_id, xdpmode);
> > +xsk = xsk_configure_socket(umem, ifindex, xdp_queue_id, xdpmode,
> > + use_need_wakeup);
> > if (!xsk) {
> > /* Clean up umem and xpacket pool. */
> > if (xsk_umem__delete(umem->umem)) {
> > @@ -365,9 +424,12 @@ xsk_configure_all(struct netdev *netdev)
> >
> > /* Configure each queue. */
> > for (i = 0; i < n_rxq; i++) {
> > -VLOG_INFO("%s: configure queue %d mode %s", __func__, i,
> > - dev->xdpmode == XDP_COPY ? "SKB" : "DRV");
> > -xsk_info = xsk_configure(ifindex, i, dev->xdpmode);
> > +VLOG_INFO("%s: configure queue %d mode %s use_need_wakeup %s.",
> > + __func__, i,
>
> __func__ seems unnecessary here. Netdev name would make more sense.
>
> BTW, maybe DBG will be more suitable for this kind of log?
Sure, I will fix it in next version.
>
> > + dev->xdpmode == XDP_COPY ? "SKB" : "DRV",
> > + dev->use_need_wakeup ? "true" : "false");
> > +xsk_info = xsk_configure(ifindex, i, dev->xdpmode,
> > + dev->use_need_wakeup);
> > if (!xsk_info) {
> > VLOG_ERR("Failed to create AF_XDP socket on queue %d.", i);
> > dev->xsks[i] = NULL;
> > @@ -459,6 +521,7 @@ netdev_afxdp_set_config(struct netdev *netdev, const
> > struct smap *args,
> > struct netdev_linux *dev = netdev_linux_cast(netdev);
> > const char *str_xdpmode;
> > int xdpmode, new_n_rxq;
> > +bool need_wakeup;
> >
> > ovs_mutex_lock(>mutex);
> > new_n_rxq = MAX(smap_get_int(args, "n_rxq", NR_QUEUE), 1);
> > @@ -481,10 +544,17 @@ netdev_afxdp_set_config(struct netdev *netdev, const
> > struct smap *args,
> > return EINVAL;
> > }
> >
> > +need_wakeup = smap_get_bool(args, "use_need_wakeup", true);
> > +if (need_wakeup && !HAVE_XDP_NEED_WAKEUP) {
>
> I'm not sure if this will compile if HAVE_XDP_NEED_WAKEUP will
> not be defined. Anyway it seems dangerous to mix up this kind
> of macro definitions with code and even using an arithmetic on them.
>
At acinclude, it's either define as 0 or 1
AC_DEFINE([HAVE_XDP_NEED_WAKEUP], [0],...
Let me think about other way.
> > +VLOG_WARN("XDP need_wakeup is not supported in libbpf.");
> > +}
> > +
> > if (dev->requested_n_rxq != new_n_rxq
> > -|| dev->requested_xdpmode != xdpmode) {
> > +|| dev->requested_xdpmode != xdpmode
> > +|| dev->requested_need_wakeup != need_wakeup) {
> > dev->requested_n_rxq = new_n_rxq;
> > dev->requested_xdpmode = xdpmode;
> > +dev->requested_need_wakeup = need_wakeup;
> > netdev_request_reconfigure(netdev);
> > }
> > ovs_mutex_unlock(>mutex);
> > @@ -500,6 +570,8 @@ netdev_afxdp_get_config(const struct netdev *netdev,
> > struct smap *args)
> > smap_add_format(args, "n_rxq", "%d", netdev->n_rxq);
> > smap_add_format(args, "xdpmode", "%s",
> > dev->xdpmode == XDP_ZEROCOPY ? "drv" : "skb");
> > +smap_add_format(args, "use_need_wakeup", "%s",
> > +dev->use_need_wakeup ? "true" : "false");
>
> Could you, please, align this line to the '('.
> I see that above line is not aligned too, but you may align it too.
> It's better to not reproduce bad style patterns.
Sorry for making the mistake again and again...
Will fix it in next version.
>
> > ovs_mutex_unlock(>mutex);
> > return 0;
> > }
> > @@ -515,6 +587,7 @@ netdev_afxdp_reconfigure(struct netdev *netdev)
> >
> > if (netdev->n_rxq == dev->requested_n_rxq
> > && dev->xdpmode == dev->requested_xdpmode
> > +&& dev->use_need_wakeup == dev->requested_need_wakeup
> > && dev->xsks) {
> > goto out;
> > }
> > @@ -538,6 +611,7 @@ netdev_afxdp_reconfigure(struct netdev *netdev)
> >* when no device is in DRV mode.
> >*/
> > }
> > +dev->use_need_wakeup = dev->requested_need_wakeup;
> >
> > err = xsk_configure_all(netdev);
> > if (err) {
> > @@ -660,6 +734,7 @@ netdev_afxdp_rxq_recv(struct netdev_rxq *rxq_, struct
> > dp_packet_batch *batch,
> >
> > rcvd = xsk_ring_cons__peek(_info->rx, BATCH_SIZE, _rx);
> > if (!rcvd) {
> > +
Re: [ovs-dev] [PATCH v5 9/9] ofproto-dpif-xlate: Translate timeout policy in ct action
> On Aug 28, 2019, at 3:14 PM, Yi-Hung Wei wrote:
>
> diff --git a/lib/dpif-provider.h b/lib/dpif-provider.h
> index e988626ea05b..4a599c8eb866 100644
> --- a/lib/dpif-provider.h
> +++ b/lib/dpif-provider.h
> @@ -542,6 +542,16 @@ struct dpif_class {
>struct ct_dpif_timeout_policy *tp);
> int (*ct_timeout_policy_dump_done)(struct dpif *, void *state);
>
> +/* Gets timeout policy based on 'tp_id', 'dl_type' and 'nw_proto'.
> + * On success, returns 0, stores the timeout policy name in 'tp_name',
> + * and sets 'is_generic'. 'is_generic' is false if the returned timeout
> + * policy in the 'dpif' is specific to 'dl_type' and 'nw_proto' in the
> + * datapath, i.e. in kernel datapath. Sets 'is_generic' to true, if
> + * the timeout policy supports all OVS supported L3/L4 protocols. */
> +int (*ct_get_timeout_policy_name)(struct dpif *, uint32_t tp_id,
> + uint16_t dl_type, uint8_t nw_proto,
> + struct ds *tp_name, bool *is_generic);
I don't have a great justification, but we've generally used "char **" instead
of "struct ds" in these interfaces. Let me know what you think of the attached
incremental. It ended up being a more invasive change than I expected, but I
think it will be more consistent in our API.
> diff --git a/ofproto/ofproto-dpif-xlate.c b/ofproto/ofproto-dpif-xlate.c
> index 17800f3c8a3f..c8e508bca2c8 100644
> --- a/ofproto/ofproto-dpif-xlate.c
> +++ b/ofproto/ofproto-dpif-xlate.c
> @@ -5983,6 +5983,25 @@ put_ct_helper(struct xlate_ctx *ctx,
> }
>
> static void
> +put_ct_timeout(struct ofpbuf *odp_actions, const struct dpif_backer *backer,
> + const struct flow *flow, struct flow_wildcards *wc,
> + uint16_t zone_id)
> +{
> +struct ds tp_name = DS_EMPTY_INITIALIZER;
> +bool unwildcard;
> +
> +if (ofproto_dpif_ct_zone_timeout_policy_get_name(backer, zone_id,
> +ntohs(flow->dl_type), flow->nw_proto, _name, )) {
> +nl_msg_put_string(odp_actions, OVS_CT_ATTR_TIMEOUT,
> ds_cstr(_name));
> +
> +if (unwildcard) {
> +memset(>masks.nw_proto, 0xff, sizeof wc->masks.nw_proto);
I think it's worth mentioning again why we're unwildcarding "nw_proto" and why
it wasn't necessary to also unwildcard "dl_type". How about something like the
following:
/* The underlying datapath requires separate timeout
* policies for different Ethertypes and IP protocols. We
* don't need to unwildcard 'wc->masks.dl_type' since that
* field is always unwildcarded in megaflows. */
memset(>masks.nw_proto, 0xff, sizeof wc->masks.nw_proto);
Sorry for the long delay in finishing this review. Assuming you're happy with
the changes, I'll merge the series into master.
Thanks,
--Justin
-=-=-=-=-=-=-=-=-=-=-
diff --git a/lib/ct-dpif.c b/lib/ct-dpif.c
index 2181c83157ad..23db72d1 100644
--- a/lib/ct-dpif.c
+++ b/lib/ct-dpif.c
@@ -866,7 +866,7 @@ ct_dpif_timeout_policy_dump_done(struct dpif *dpif, void
*state)
int
ct_dpif_get_timeout_policy_name(struct dpif *dpif, uint32_t tp_id,
uint16_t dl_type, uint8_t nw_proto,
-struct ds *tp_name, bool *is_generic)
+char **tp_name, bool *is_generic)
{
return (dpif->dpif_class->ct_get_timeout_policy_name
? dpif->dpif_class->ct_get_timeout_policy_name(
diff --git a/lib/ct-dpif.h b/lib/ct-dpif.h
index b95e6ac762ab..bbcb537ba46d 100644
--- a/lib/ct-dpif.h
+++ b/lib/ct-dpif.h
@@ -320,6 +320,6 @@ int ct_dpif_timeout_policy_dump_next(struct dpif *dpif,
void *state,
int ct_dpif_timeout_policy_dump_done(struct dpif *dpif, void *state);
int ct_dpif_get_timeout_policy_name(struct dpif *dpif, uint32_t tp_id,
uint16_t dl_type, uint8_t nw_proto,
-struct ds *tp_name, bool *is_generic);
+char **tp_name, bool *is_generic);
#endif /* CT_DPIF_H */
diff --git a/lib/dpif-netlink.c b/lib/dpif-netlink.c
index 8f1c6d1ffde7..71d9cdbabc5b 100644
--- a/lib/dpif-netlink.c
+++ b/lib/dpif-netlink.c
@@ -3056,28 +3056,32 @@ static struct dpif_netlink_timeout_policy_protocol
tp_protos[] = {
static void
dpif_netlink_format_tp_name(uint32_t id, uint16_t l3num, uint8_t l4num,
-struct ds *tp_name)
+char **tp_name)
{
-ds_clear(tp_name);
-ds_put_format(tp_name, "%s%"PRIu32"_", NL_TP_NAME_PREFIX, id);
-ct_dpif_format_ipproto(tp_name, l4num);
+struct ds ds = DS_EMPTY_INITIALIZER;
+ds_put_format(, "%s%"PRIu32"_", NL_TP_NAME_PREFIX, id);
+ct_dpif_format_ipproto(, l4num);
if (l3num == AF_INET) {
-ds_put_cstr(tp_name, "4");
+ds_put_cstr(, "4");
} else if (l3num == AF_INET6 && l4num !=
Re: [ovs-dev] [PATCH v4] userspace: Enable non-bridge port as tunnel endpoint.
On Thu, Sep 05, 2019 at 10:40:28AM -0700, Yifeng Sun wrote: > For userspace datapath, currently only the bridge itself, the LOCAL port, > can be the tunnel endpoint to encap/decap tunnel packets. This patch > enables non-bridge port as tunnel endpoint. One use case is for users to > create a bridge and a vtep port as tap, and configure underlay IP at vtep > port as the tunnel endpoint. Thanks a lot, I applied this to master. ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH] Documentation: Document a useful pre-push hook for committers.
Someone else wrote this script originally, I think, but I've extended it quite a bit. Signed-off-by: Ben Pfaff --- .../internals/committer-responsibilities.rst | 50 +++ 1 file changed, 50 insertions(+) diff --git a/Documentation/internals/committer-responsibilities.rst b/Documentation/internals/committer-responsibilities.rst index 4d10c3980875..c35fd708913b 100644 --- a/Documentation/internals/committer-responsibilities.rst +++ b/Documentation/internals/committer-responsibilities.rst @@ -94,3 +94,53 @@ Use Reported-by: and Tested-by: tags in commit messages to indicate the source of a bug report. Keep the ``AUTHORS.rst`` file up to date. + +Pre-Push Hook +- + +The following script can be helpful because it provides an extra +chance to check for mistakes while pushing to the master branch of OVS +or OVN. If you would like to use it, install it as ``hooks/pre-push`` +in your ``.git`` directory and make sure to mark it as executable with +``chmod +x``. For maximum utility, make sure ``checkpatch.py`` is in +``$PATH``: + +.. code-block:: bash + + #! /bin/bash + + remote=$1 + + case $remote in + ovs|ovn|origin) ;; + *) exit 0 ;; + esac + + while read local_ref local_sha1 remote_ref remote_sha1; do + case $remote_ref in + refs/heads/master) + n=0 + while read sha + do + n=$(expr $n + 1) + git log -1 $sha + echo + checkpatch.py -1 $sha + done < /dev/null; then + : + else + exit 1 + fi + ;; + esac + done + + exit 0 -- 2.21.0 ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH 1/2] cgcc: gendeps for -MM, -MD & -MMD too
On Wed, Apr 24, 2019 at 04:12:32PM +0300, Ilya Maximets wrote: > On 20.02.2019 16:34, Luc Van Oostenryck wrote: > > These flags must set '$gendeps', just like a plain '-M' do, > > since they implies '-M'. > > > > Signed-off-by: Luc Van Oostenryck > > --- > > Hi. > > Unlike simple '-M', '-MD' and '-MMD' doesn't imply '-E'. And according > to man: "Since -E is not implied, -MD can be used to generate a > dependency output file as a side-effect of the compilation process." Yes, this should be fixed now in sparse's repository. Thanks and sorry for this huge delay. -- Luc Van Oostenryck ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [patch v4] conntrack: Add option to disable TCP sequence checking.
On Wed, Sep 25, 2019 at 02:09:41PM -0700, Darrell Ball wrote: > This may be needed in some special cases, such as to support some hardware > offload implementations. Note that disabling TCP sequence number > verification is not an optimization in itself, but supporting some > hardware offload implementations may offer better performance. TCP > sequence number verification is enabled by default. This option is only > available for the userspace datapath. Access to this option is presently > provided via 'dpctl' commands as the need for this option is quite node > specific, by virtue of which nics are in use on a given node. A test is > added to verify this option. > > Reported-at: > https://mail.openvswitch.org/pipermail/ovs-dev/2019-May/359188.html > Signed-off-by: Darrell Ball Thanks, applied to master. ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [patch v3] conntrack: Add option to disable TCP sequence checking.
On Wed, Sep 25, 2019 at 1:46 PM Ben Pfaff wrote:
> On September 25, 2019 1:42:36 PM PDT, Darrell Ball
> wrote:
>>
>> Thank you
>>
>> Pls see inline
>>
>> On Wed, Sep 25, 2019 at 10:26 AM Ben Pfaff wrote:
>>
>>> On Tue, Sep 24, 2019 at 03:47:35PM -0700, Darrell Ball wrote:
>>> > This may be needed in some special cases, such as to support some
>>> hardware
>>> > offload implementations. Note that disabling TCP sequence number
>>> > verification is not an optimization in itself, but supporting some
>>> > hardware offload implementations may offer better performance. TCP
>>> > sequence number verification is enabled by default. This option is
>>> only
>>> > available for the userspace datapath. Access to this option is
>>> presently
>>> > provided via 'dpctl' commands as the need for this option is quite node
>>> > specific, by virtual
>>
>>
>> I changed 'virtual' to 'virtue'
>>
>>
>>> of which nics are in use on a given node. A test is
>>> > added to verify this option.
>>> >
>>> > Reported-at:
>>> https://mail.openvswitch.org/pipermail/ovs-dev/2019-May/359188.html
>>> > Signed-off-by: Darrell Ball
>>>
>>> Thanks a lot.
>>>
>>> It sounds like there are a couple of things you're planning to update
>>> here in any case, so I'll expect to see v4 sometime soon.
>>>
>>> This comment seems rather verbose, I'd probably just write "Check
>>> sequence numbers?" or similar:
>>
>>
>> How about ?
>>
>> /* Check TCP sequence numbers. */
>>
>>
>>> > +atomic_bool tcp_seq_ckk; /* TCP sequence number verification; when
>>> > +enabled, this enables sequence number
>>> > +verification; enabled by default. */
>>>
>>> The change to tcp_conn_update() is a bit obscure with side effects in
>>> ?:. It might be clarified somewhat. I'm appending a suggestion.
>>
>>
>> Better
>>
>>
>>>
>>
>>
>>> The text in dpctl.man could be wordsmithed a little. Also appending a
>>> suggestion for that.
>>>
>>
>> Looks good
>>
>>
>>>
>>> The text in dpctl.man mentions 'be_liberal' mode but the tree doesn't
>>> have any other mention of that anywhere.
>>>
>>
>> Good point, I added some context wording.
>>
>> 'but not the same as 'be_liberal' mode, as in Netfilter.'
>>
>>
>>>
>>> Thanks again,
>>>
>>> Ben.
>>>
>>> diff --git a/lib/conntrack-tcp.c b/lib/conntrack-tcp.c
>>> index 1e843f337f8a..1dc7ead3b233 100644
>>> --- a/lib/conntrack-tcp.c
>>> +++ b/lib/conntrack-tcp.c
>>> @@ -149,6 +149,16 @@ tcp_get_wscale(const struct tcp_header *tcp)
>>> return wscale;
>>> }
>>>
>>> +static inline bool
>>>
>>
>> I only dropped the 'inline' specifier since it's implied.
>>
>>
>>> +tcp_bypass_seq_chk(struct conntrack *ct)
>>> +{
>>> +if (!conntrack_get_tcp_seq_chk(ct)) {
>>> +COVERAGE_INC(conntrack_tcp_seq_chk_bypass);
>>> +return true;
>>> +}
>>> +return false;
>>> +}
>>> +
>>> static enum ct_update_res
>>> tcp_conn_update(struct conntrack *ct, struct conn *conn_,
>>> struct dp_packet *pkt, bool reply, long long now)
>>> @@ -288,8 +298,7 @@ tcp_conn_update(struct conntrack *ct, struct conn
>>> *conn_,
>>> /* Acking not more than one window forward */
>>> && ((tcp_flags & TCP_RST) == 0 || orig_seq == src->seqlo
>>> || (orig_seq == src->seqlo + 1) || (orig_seq + 1 ==
>>> src->seqlo)))
>>> -|| (!conntrack_get_tcp_seq_chk(ct)
>>> -? COVERAGE_INC(conntrack_tcp_seq_chk_bypass), 1 : 0)) {
>>> +|| tcp_bypass_seq_chk(ct)) {
>>> /* Require an exact/+1 sequence match on resets when possible */
>>>
>>
>> Better; thank you
>>
>>
>>>
>>> /* update max window */
>>>
>>> diff --git a/lib/dpctl.man b/lib/dpctl.man
>>> index 806e5d8e840d..53b7368e3b77 100644
>>> --- a/lib/dpctl.man
>>> +++ b/lib/dpctl.man
>>> @@ -324,12 +324,13 @@ Only supported for userspace datapath.
>>> .TQ
>>> \*(DX\fBct\-disable\-tcp\-seq\-chk\fR [\fIdp\fR]
>>> Enables or disables TCP sequence checking. When set to disabled, all
>>> sequence
>>> -number verification is disabled, including for TCP resets and hence
>>> this is
>>> -similar, but not equivalent to 'be_liberal' mode. Disabling sequence
>>> number
>>> +number verification is disabled, including for TCP resets. This is
>>> +similar, but not the same as, 'be_liberal' mode. Disabling sequence
>>> number
>>> verification is not an optimization in itself, but is needed for some
>>> hardware
>>> -offload support which might offer some performance advantage, This is
>>> enabled
>>> +offload support which might offer some performance advantage. Sequence
>>> +number checking is enabled
>>> by default to enforce better security and should only be disabled if
>>> -absolutely required. This command is only supported for the userspace
>>> +required for hardware offload support. This command is only supported
>>> for the userspace
>>> datapath.
>>>
>>
>> Looks good; thank you
>> I ended up with:
>>
>> Enables or disables TCP sequence checking.
[ovs-dev] [patch v4] conntrack: Add option to disable TCP sequence checking.
This may be needed in some special cases, such as to support some hardware
offload implementations. Note that disabling TCP sequence number
verification is not an optimization in itself, but supporting some
hardware offload implementations may offer better performance. TCP
sequence number verification is enabled by default. This option is only
available for the userspace datapath. Access to this option is presently
provided via 'dpctl' commands as the need for this option is quite node
specific, by virtue of which nics are in use on a given node. A test is
added to verify this option.
Reported-at: https://mail.openvswitch.org/pipermail/ovs-dev/2019-May/359188.html
Signed-off-by: Darrell Ball
---
v4: Splice tcp sequence number check in tcp_conn_update() out as a function
for clarity (Ben).
Fix up some dpctl man page comments (Ben).
s/ckk/chk/ for 'tcp_seq_chk'.
Shorten inline comment for 'tcp_seq_chk' variable (Ben).
Fix commit message spelling error.
v3: Make manpage comments more verbose.
Expand commit message comments.
v2: Per particular requirement, support 'no-tcp-seq-chk' rather than
'liberal' mode.
NEWS| 3 ++
lib/conntrack-private.h | 4 +-
lib/conntrack-tcp.c | 22 +++-
lib/conntrack.c | 16 ++
lib/conntrack.h | 2 +
lib/ct-dpif.c | 16 ++
lib/ct-dpif.h | 2 +
lib/dpctl.c | 64 +-
lib/dpctl.man | 18 +++
lib/dpif-netdev.c | 18 +++
lib/dpif-netlink.c | 2 +
lib/dpif-provider.h | 5 ++
tests/ofproto-dpif.at | 138
13 files changed, 305 insertions(+), 5 deletions(-)
diff --git a/NEWS b/NEWS
index aba2e4a..3b72d1b 100644
--- a/NEWS
+++ b/NEWS
@@ -4,6 +4,9 @@ Post-v2.12.0
* OVN has been removed from this repository. It now exists as a
separate project. You can find it at
https://github.com/ovn-org/ovn.git
+ - Userspace datapath:
+ * Add option to enable, disable and query TCP sequence checking in
+ conntrack.
v2.12.0 - 03 Sep 2019
-
diff --git a/lib/conntrack-private.h b/lib/conntrack-private.h
index bcfbe10..590f139 100644
--- a/lib/conntrack-private.h
+++ b/lib/conntrack-private.h
@@ -171,8 +171,8 @@ struct conntrack {
struct hindex alg_expectation_refs OVS_GUARDED; /* For lookup from
* control context. */
-/* Fragmentation handling context. */
-struct ipf *ipf;
+struct ipf *ipf; /* Fragmentation handling context. */
+atomic_bool tcp_seq_chk; /* Check TCP sequence numbers. */
};
/* Lock acquisition order:
diff --git a/lib/conntrack-tcp.c b/lib/conntrack-tcp.c
index 397aca1..47eb8e2 100644
--- a/lib/conntrack-tcp.c
+++ b/lib/conntrack-tcp.c
@@ -39,10 +39,15 @@
#include
#include "conntrack-private.h"
+#include "coverage.h"
#include "ct-dpif.h"
#include "dp-packet.h"
#include "util.h"
+COVERAGE_DEFINE(conntrack_tcp_seq_chk_bypass);
+COVERAGE_DEFINE(conntrack_tcp_seq_chk_failed);
+COVERAGE_DEFINE(conntrack_invalid_tcp_flags);
+
struct tcp_peer {
uint32_t seqlo; /* Max sequence number sent */
uint32_t seqhi; /* Max the other end ACKd + win */
@@ -144,6 +149,16 @@ tcp_get_wscale(const struct tcp_header *tcp)
return wscale;
}
+static bool
+tcp_bypass_seq_chk(struct conntrack *ct)
+{
+if (!conntrack_get_tcp_seq_chk(ct)) {
+COVERAGE_INC(conntrack_tcp_seq_chk_bypass);
+return true;
+}
+return false;
+}
+
static enum ct_update_res
tcp_conn_update(struct conntrack *ct, struct conn *conn_,
struct dp_packet *pkt, bool reply, long long now)
@@ -162,6 +177,7 @@ tcp_conn_update(struct conntrack *ct, struct conn *conn_,
uint32_t p_len = tcp_payload_length(pkt);
if (tcp_invalid_flags(tcp_flags)) {
+COVERAGE_INC(conntrack_invalid_tcp_flags);
return CT_UPDATE_INVALID;
}
@@ -272,7 +288,7 @@ tcp_conn_update(struct conntrack *ct, struct conn *conn_,
int ackskew = check_ackskew ? dst->seqlo - ack : 0;
#define MAXACKWINDOW (0x + 1500)/* 1500 is an arbitrary fudge factor */
-if (SEQ_GEQ(src->seqhi, end)
+if ((SEQ_GEQ(src->seqhi, end)
/* Last octet inside other's window space */
&& SEQ_GEQ(seq, src->seqlo - (dst->max_win << dws))
/* Retrans: not more than one window back */
@@ -281,7 +297,8 @@ tcp_conn_update(struct conntrack *ct, struct conn *conn_,
&& (ackskew <= (MAXACKWINDOW << sws))
/* Acking not more than one window forward */
&& ((tcp_flags & TCP_RST) == 0 || orig_seq == src->seqlo
-|| (orig_seq == src->seqlo + 1) || (orig_seq + 1 == src->seqlo))) {
+|| (orig_seq == src->seqlo + 1) || (orig_seq + 1 == src->seqlo)))
+|| tcp_bypass_seq_chk(ct)) {
/* Require an
Re: [ovs-dev] [patch v3] conntrack: Add option to disable TCP sequence checking.
On September 25, 2019 1:42:36 PM PDT, Darrell Ball wrote:
>Thank you
>
>Pls see inline
>
>On Wed, Sep 25, 2019 at 10:26 AM Ben Pfaff wrote:
>
>> On Tue, Sep 24, 2019 at 03:47:35PM -0700, Darrell Ball wrote:
>> > This may be needed in some special cases, such as to support some
>> hardware
>> > offload implementations. Note that disabling TCP sequence number
>> > verification is not an optimization in itself, but supporting some
>> > hardware offload implementations may offer better performance. TCP
>> > sequence number verification is enabled by default. This option is
>only
>> > available for the userspace datapath. Access to this option is
>presently
>> > provided via 'dpctl' commands as the need for this option is quite
>node
>> > specific, by virtual
>
>
>I changed 'virtual' to 'virtue'
>
>
>> of which nics are in use on a given node. A test is
>> > added to verify this option.
>> >
>> > Reported-at:
>> https://mail.openvswitch.org/pipermail/ovs-dev/2019-May/359188.html
>> > Signed-off-by: Darrell Ball
>>
>> Thanks a lot.
>>
>> It sounds like there are a couple of things you're planning to update
>> here in any case, so I'll expect to see v4 sometime soon.
>>
>> This comment seems rather verbose, I'd probably just write "Check
>> sequence numbers?" or similar:
>
>
>How about ?
>
>/* Check TCP sequence numbers. */
>
>
>> > +atomic_bool tcp_seq_ckk; /* TCP sequence number verification;
>when
>> > +enabled, this enables sequence
>number
>> > +verification; enabled by default.
>*/
>>
>> The change to tcp_conn_update() is a bit obscure with side effects in
>> ?:. It might be clarified somewhat. I'm appending a suggestion.
>
>
>Better
>
>
>>
>
>
>> The text in dpctl.man could be wordsmithed a little. Also appending
>a
>> suggestion for that.
>>
>
>Looks good
>
>
>>
>> The text in dpctl.man mentions 'be_liberal' mode but the tree doesn't
>> have any other mention of that anywhere.
>>
>
>Good point, I added some context wording.
>
>'but not the same as 'be_liberal' mode, as in Netfilter.'
>
>
>>
>> Thanks again,
>>
>> Ben.
>>
>> diff --git a/lib/conntrack-tcp.c b/lib/conntrack-tcp.c
>> index 1e843f337f8a..1dc7ead3b233 100644
>> --- a/lib/conntrack-tcp.c
>> +++ b/lib/conntrack-tcp.c
>> @@ -149,6 +149,16 @@ tcp_get_wscale(const struct tcp_header *tcp)
>> return wscale;
>> }
>>
>> +static inline bool
>>
>
>I only dropped the 'inline' specifier since it's implied.
>
>
>> +tcp_bypass_seq_chk(struct conntrack *ct)
>> +{
>> +if (!conntrack_get_tcp_seq_chk(ct)) {
>> +COVERAGE_INC(conntrack_tcp_seq_chk_bypass);
>> +return true;
>> +}
>> +return false;
>> +}
>> +
>> static enum ct_update_res
>> tcp_conn_update(struct conntrack *ct, struct conn *conn_,
>> struct dp_packet *pkt, bool reply, long long now)
>> @@ -288,8 +298,7 @@ tcp_conn_update(struct conntrack *ct, struct conn
>> *conn_,
>> /* Acking not more than one window forward */
>> && ((tcp_flags & TCP_RST) == 0 || orig_seq == src->seqlo
>> || (orig_seq == src->seqlo + 1) || (orig_seq + 1 ==
>> src->seqlo)))
>> -|| (!conntrack_get_tcp_seq_chk(ct)
>> -? COVERAGE_INC(conntrack_tcp_seq_chk_bypass), 1 : 0)) {
>> +|| tcp_bypass_seq_chk(ct)) {
>> /* Require an exact/+1 sequence match on resets when
>possible */
>>
>
>Better; thank you
>
>
>>
>> /* update max window */
>>
>> diff --git a/lib/dpctl.man b/lib/dpctl.man
>> index 806e5d8e840d..53b7368e3b77 100644
>> --- a/lib/dpctl.man
>> +++ b/lib/dpctl.man
>> @@ -324,12 +324,13 @@ Only supported for userspace datapath.
>> .TQ
>> \*(DX\fBct\-disable\-tcp\-seq\-chk\fR [\fIdp\fR]
>> Enables or disables TCP sequence checking. When set to disabled,
>all
>> sequence
>> -number verification is disabled, including for TCP resets and hence
>this
>> is
>> -similar, but not equivalent to 'be_liberal' mode. Disabling
>sequence
>> number
>> +number verification is disabled, including for TCP resets. This is
>> +similar, but not the same as, 'be_liberal' mode. Disabling sequence
>> number
>> verification is not an optimization in itself, but is needed for
>some
>> hardware
>> -offload support which might offer some performance advantage, This
>is
>> enabled
>> +offload support which might offer some performance advantage.
>Sequence
>> +number checking is enabled
>> by default to enforce better security and should only be disabled if
>> -absolutely required. This command is only supported for the
>userspace
>> +required for hardware offload support. This command is only
>supported for
>> the userspace
>> datapath.
>>
>
>Looks good; thank you
>I ended up with:
>
>Enables or disables TCP sequence checking. When set to disabled, all
>sequence
>number verification is disabled, including for TCP resets. This is
>similar, but not the same as 'be_liberal' mode, as in Netfilter.
>Disabling
>sequence number verification is not
Re: [ovs-dev] [patch v3] conntrack: Add option to disable TCP sequence checking.
Thank you
Pls see inline
On Wed, Sep 25, 2019 at 10:26 AM Ben Pfaff wrote:
> On Tue, Sep 24, 2019 at 03:47:35PM -0700, Darrell Ball wrote:
> > This may be needed in some special cases, such as to support some
> hardware
> > offload implementations. Note that disabling TCP sequence number
> > verification is not an optimization in itself, but supporting some
> > hardware offload implementations may offer better performance. TCP
> > sequence number verification is enabled by default. This option is only
> > available for the userspace datapath. Access to this option is presently
> > provided via 'dpctl' commands as the need for this option is quite node
> > specific, by virtual
I changed 'virtual' to 'virtue'
> of which nics are in use on a given node. A test is
> > added to verify this option.
> >
> > Reported-at:
> https://mail.openvswitch.org/pipermail/ovs-dev/2019-May/359188.html
> > Signed-off-by: Darrell Ball
>
> Thanks a lot.
>
> It sounds like there are a couple of things you're planning to update
> here in any case, so I'll expect to see v4 sometime soon.
>
> This comment seems rather verbose, I'd probably just write "Check
> sequence numbers?" or similar:
How about ?
/* Check TCP sequence numbers. */
> > +atomic_bool tcp_seq_ckk; /* TCP sequence number verification; when
> > +enabled, this enables sequence number
> > +verification; enabled by default. */
>
> The change to tcp_conn_update() is a bit obscure with side effects in
> ?:. It might be clarified somewhat. I'm appending a suggestion.
Better
>
> The text in dpctl.man could be wordsmithed a little. Also appending a
> suggestion for that.
>
Looks good
>
> The text in dpctl.man mentions 'be_liberal' mode but the tree doesn't
> have any other mention of that anywhere.
>
Good point, I added some context wording.
'but not the same as 'be_liberal' mode, as in Netfilter.'
>
> Thanks again,
>
> Ben.
>
> diff --git a/lib/conntrack-tcp.c b/lib/conntrack-tcp.c
> index 1e843f337f8a..1dc7ead3b233 100644
> --- a/lib/conntrack-tcp.c
> +++ b/lib/conntrack-tcp.c
> @@ -149,6 +149,16 @@ tcp_get_wscale(const struct tcp_header *tcp)
> return wscale;
> }
>
> +static inline bool
>
I only dropped the 'inline' specifier since it's implied.
> +tcp_bypass_seq_chk(struct conntrack *ct)
> +{
> +if (!conntrack_get_tcp_seq_chk(ct)) {
> +COVERAGE_INC(conntrack_tcp_seq_chk_bypass);
> +return true;
> +}
> +return false;
> +}
> +
> static enum ct_update_res
> tcp_conn_update(struct conntrack *ct, struct conn *conn_,
> struct dp_packet *pkt, bool reply, long long now)
> @@ -288,8 +298,7 @@ tcp_conn_update(struct conntrack *ct, struct conn
> *conn_,
> /* Acking not more than one window forward */
> && ((tcp_flags & TCP_RST) == 0 || orig_seq == src->seqlo
> || (orig_seq == src->seqlo + 1) || (orig_seq + 1 ==
> src->seqlo)))
> -|| (!conntrack_get_tcp_seq_chk(ct)
> -? COVERAGE_INC(conntrack_tcp_seq_chk_bypass), 1 : 0)) {
> +|| tcp_bypass_seq_chk(ct)) {
> /* Require an exact/+1 sequence match on resets when possible */
>
Better; thank you
>
> /* update max window */
>
> diff --git a/lib/dpctl.man b/lib/dpctl.man
> index 806e5d8e840d..53b7368e3b77 100644
> --- a/lib/dpctl.man
> +++ b/lib/dpctl.man
> @@ -324,12 +324,13 @@ Only supported for userspace datapath.
> .TQ
> \*(DX\fBct\-disable\-tcp\-seq\-chk\fR [\fIdp\fR]
> Enables or disables TCP sequence checking. When set to disabled, all
> sequence
> -number verification is disabled, including for TCP resets and hence this
> is
> -similar, but not equivalent to 'be_liberal' mode. Disabling sequence
> number
> +number verification is disabled, including for TCP resets. This is
> +similar, but not the same as, 'be_liberal' mode. Disabling sequence
> number
> verification is not an optimization in itself, but is needed for some
> hardware
> -offload support which might offer some performance advantage, This is
> enabled
> +offload support which might offer some performance advantage. Sequence
> +number checking is enabled
> by default to enforce better security and should only be disabled if
> -absolutely required. This command is only supported for the userspace
> +required for hardware offload support. This command is only supported for
> the userspace
> datapath.
>
Looks good; thank you
I ended up with:
Enables or disables TCP sequence checking. When set to disabled, all
sequence
number verification is disabled, including for TCP resets. This is
similar, but not the same as 'be_liberal' mode, as in Netfilter. Disabling
sequence number verification is not an optimization in itself, but is needed
for some hardware offload support which might offer some performance
advantage. Sequence number checking is enabled by default to enforce better
security and should only be disabled if required
Re: [ovs-dev] [patch v6] conntrack: Optimize recirculations.
On Wed, Sep 25, 2019 at 10:51 AM Ben Pfaff wrote: > On Mon, Aug 26, 2019 at 09:05:44AM -0700, Darrell Ball wrote: > > Cache the 'conn' context and use it when it is valid. The cached 'conn' > > context will get reset if it is not expected to be valid; the cost to do > > this is negligible. Besides being most optimal, this also handles corner > > cases, such as decapsulation leading to the same tuple, as in tunnel VPN > > cases. A negative test is added to check the resetting of the cached > > 'conn'. > > > > Signed-off-by: Darrell Ball > > Applied to master. Thank you! > cool, thank you ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH v3] Require Python 3 and remove support for Python 2.
On Thu, Sep 26, 2019, 12:12 AM Ben Pfaff wrote: > Numan, please (re-)review this when you have time. > Sure. I will do it tomorrow Thanks Numan > On Fri, Sep 20, 2019 at 08:44:48AM -0700, Ben Pfaff wrote: > > Python 2 reaches end-of-life on January 1, 2020, which is only > > a few months away. This means that OVS needs to stop depending > > on in the next release that should occur roughly that same time. > > Therefore, this commit removes all support for Python 2. It > > also makes Python 3 a mandatory build dependency. > > > > Some of the interesting consequences: > > > > - HAVE_PYTHON, HAVE_PYTHON2, and HAVE_PYTHON3 conditionals have > > been removed, since we now know that Python3 is available. > > > > - $PYTHON and $PYTHON2 are removed, and $PYTHON3 is always > > available. > > > > - Many tests for Python 2 support have been removed, and the ones > > that depended on Python 3 now run unconditionally. This allowed > > several macros in the testsuite to be removed, making the code > > clearer. This does make some of the changes to the testsuite > > files large due to indentation level changes. > > > > - #! lines for Python now use /usr/bin/python3 instead of > > /usr/bin/python. > > > > - Packaging depends on Python 3 packages. > > --- > > v1->v2: Bug fixes. > > v2->v3: Update RPM spec file for Fedora packaging to delete the > > Python 2 packaging and to move ovstest into the Python 3 > > packaging. This is going to break compatibility with older > > Fedora and RHEL releases that don't have Python 3. I do not > > know whether this is important, and I don't know how to really > > avoid it if it is. Comments requested. > > > > .cirrus.yml | 3 +- > > .travis/osx-prepare.sh| 4 +- > > Documentation/intro/install/fedora.rst| 4 +- > > Documentation/intro/install/general.rst | 8 +- > > Documentation/intro/install/netbsd.rst| 10 +- > > Documentation/intro/install/rhel.rst | 2 +- > > Documentation/intro/install/windows.rst | 4 +- > > Documentation/intro/install/xenserver.rst | 4 +- > > Makefile.am | 12 +- > > Vagrantfile | 24 +- > > Vagrantfile-FreeBSD | 2 +- > > appveyor.yml | 2 +- > > build-aux/check-structs | 2 +- > > build-aux/extract-ofp-actions | 2 +- > > build-aux/extract-ofp-errors | 2 +- > > build-aux/extract-ofp-fields | 2 +- > > build-aux/extract-ofp-msgs| 2 +- > > build-aux/sodepends.py| 2 +- > > build-aux/soexpand.py | 2 +- > > build-aux/text2c | 2 +- > > build-aux/xml2nroff | 2 +- > > configure.ac | 3 +- > > debian/.gitignore | 1 + > > debian/automake.mk| 4 +- > > debian/control| 35 +- > > debian/openvswitch-test.install | 2 +- > > debian/python-openvswitch.install | 1 - > > ...nvswitch.dirs => python3-openvswitch.dirs} | 0 > > debian/python3-openvswitch.install| 1 + > > debian/rules | 2 +- > > include/openflow/automake.mk | 2 - > > ipsec/ovs-monitor-ipsec.in| 2 +- > > m4/openvswitch.m4 | 101 +--- > > manpages.mk | 6 - > > ovn/automake.mk | 8 +- > > ovsdb/ovsdb-dot.in| 2 +- > > ovsdb/ovsdb-idlc.in | 2 +- > > python/automake.mk| 9 +- > > rhel/openvswitch-fedora.spec.in | 45 +- > > tests/atlocal.in | 42 +- > > tests/automake.mk | 2 +- > > tests/check-structs.at| 3 +- > > tests/checkpatch.at | 17 +- > > tests/daemon-py.at| 453 -- > > tests/flowgen.py | 2 +- > > tests/interface-reconfigure.at| 2 +- > > tests/json.at | 57 +-- > > tests/jsonrpc-py.at | 67 +-- > > tests/library.at | 42 +- > > tests/ofproto-dpif.at | 10 +- > > tests/ofproto.at | 4 +- > > tests/ovs-macros.at | 2 +- > > tests/ovs-xapi-sync.at| 3 +- > > tests/ovsdb-data.at | 9 +- > > tests/ovsdb-idl.at| 188
Re: [ovs-dev] [PATCH] Exclude ovn-nb/ovn-sb man and OVN schema files during compilation.
On Tue, Sep 10, 2019 at 03:10:42PM +0530, nusid...@redhat.com wrote:
> From: Numan Siddique
>
> The commit [1] removed OVN, but had to leave out some OVN bits
> for the ovsdb-server raft testing. But "make install" is installing
> ovn-nb/ovn-sb man entries and OVN schema files.
>
> This patch excludes these.
>
> "make install" is also installing ovn-nbctl/ovn-sbctl and this still needs to
> be addressed.
>
> [1] - f3e24610ea8("Remove OVN.")
>
> Signed-off-by: Numan Siddique
Thanks, applied to master.
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [branch 2.12] ovn: Exclude inport and outport symbol tables from conjunction
On Sat, Sep 14, 2019 at 01:19:17PM +0530, nusid...@redhat.com wrote: > From: Numan Siddique > > If there are multiple ACLs associated with a port group and they > match on a range of some field, then ovn-controller doesn't install > the flows properly and this results in broken ACL functionality. Thanks, applied to branch-2.12. ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH 1/3] ovs-check-dead-ifs: python3 print format
On Fri, Sep 13, 2019 at 01:29:01PM -0400, Aaron Conole wrote: > The print call changed in python3, so update it. > > Signed-off-by: Aaron Conole Thanks for the patches. (William, thanks for the reviews.) I applied this series to master. ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH ovn 4/4] Documentation: Update 'internals' to reflect OVN split.
This is a start and it should be generally and improvement, but further improvements are certainly possible. Signed-off-by: Ben Pfaff --- Documentation/automake.mk | 1 - Documentation/index.rst | 3 +- Documentation/internals/bugs.rst | 21 +- .../contributing/backporting-patches.rst | 127 +--- .../contributing/coding-style-windows.rst | 183 -- .../internals/contributing/coding-style.rst | 16 +- .../contributing/documentation-style.rst | 16 +- .../internals/contributing/index.rst | 9 +- .../contributing/submitting-patches.rst | 43 ++-- Documentation/internals/documentation.rst | 20 +- Documentation/internals/index.rst | 8 +- Documentation/internals/mailing-lists.rst | 29 +-- Documentation/internals/patchwork.rst | 10 +- Documentation/internals/release-process.rst | 28 +-- Documentation/internals/security.rst | 63 +++--- manpages.mk | 98 -- 16 files changed, 114 insertions(+), 561 deletions(-) delete mode 100644 Documentation/internals/contributing/coding-style-windows.rst diff --git a/Documentation/automake.mk b/Documentation/automake.mk index ff376fd831f0..5968d6941561 100644 --- a/Documentation/automake.mk +++ b/Documentation/automake.mk @@ -51,7 +51,6 @@ DOC_SOURCE = \ Documentation/internals/contributing/index.rst \ Documentation/internals/contributing/backporting-patches.rst \ Documentation/internals/contributing/coding-style.rst \ - Documentation/internals/contributing/coding-style-windows.rst \ Documentation/internals/contributing/documentation-style.rst \ Documentation/internals/contributing/libopenvswitch-abi.rst \ Documentation/internals/contributing/submitting-patches.rst \ diff --git a/Documentation/index.rst b/Documentation/index.rst index 290c0abdd0ad..c0c6c374de17 100644 --- a/Documentation/index.rst +++ b/Documentation/index.rst @@ -82,8 +82,7 @@ Learn more about the Open vSwitch project and about how you can contribute: - **Contributing:** :doc:`internals/contributing/submitting-patches` | :doc:`internals/contributing/backporting-patches` | - :doc:`internals/contributing/coding-style` | - :doc:`internals/contributing/coding-style-windows` + :doc:`internals/contributing/coding-style` - **Maintaining:** :doc:`internals/maintainers` | :doc:`internals/committer-responsibilities` | diff --git a/Documentation/internals/bugs.rst b/Documentation/internals/bugs.rst index c2bcceeb295d..c4c3f86166bc 100644 --- a/Documentation/internals/bugs.rst +++ b/Documentation/internals/bugs.rst @@ -21,12 +21,12 @@ Avoid deeper levels because they do not render well. -== -Reporting Bugs in Open vSwitch -== += +Reporting Bugs in OVN += We are eager to hear from users about problems that they have encountered with -Open vSwitch. This file documents how best to report bugs so as to ensure that +OVN. This file documents how best to report bugs so as to ensure that they can be fixed as quickly as possible. Please report bugs by sending email to b...@openvswitch.org. @@ -43,7 +43,7 @@ The most important parts of your bug report are the following: Please also include the following information: -- The Open vSwitch version number (as output by ``ovs-vswitchd --version``). +- The OVN version number (as output by ``ovn-controller --version``). - The Git commit number (as output by ``git rev-parse HEAD``), if you built from a Git snapshot. @@ -55,16 +55,7 @@ The following are also handy sometimes: - The kernel version on which Open vSwitch is running (from ``/proc/version``) and the distribution and version number of your OS (e.g. "Centos 5.0"). -- The contents of the vswitchd configuration database (usually - ``/etc/openvswitch/conf.db``). - -- The output of ``ovs-dpctl show``. - -- If you have Open vSwitch configured to connect to an OpenFlow - controller, the output of ``ovs-ofctl show `` for each - configured in the vswitchd configuration database. - -- A fix or workaround, if you have one. +- The contents of the northbound database. - Any other information that you think might be relevant. diff --git a/Documentation/internals/contributing/backporting-patches.rst b/Documentation/internals/contributing/backporting-patches.rst index 3e6f00459835..b10c9d7b0fb2 100644 --- a/Documentation/internals/contributing/backporting-patches.rst +++ b/Documentation/internals/contributing/backporting-patches.rst @@ -30,11 +30,11 @@ Backporting patches .. note:: This is an advanced topic for developers and maintainers. Readers should -familiarize themselves with building and running Open vSwitch, with the git -tool, and with the Open vSwitch patch submission process. +familiarize
[ovs-dev] [PATCH ovn 3/4] configure: Remove checks that are unlikely to ever be of use to OVN.
OVN should not have its own kernel module, and so on, so these checks aren't useful to it. Signed-off-by: Ben Pfaff --- Makefile.am | 7 - acinclude.m4 | 891 --- configure.ac | 10 +- m4/ovn.m4| 46 --- 4 files changed, 1 insertion(+), 953 deletions(-) diff --git a/Makefile.am b/Makefile.am index 97dc309e3c5d..33c18c5d83c4 100644 --- a/Makefile.am +++ b/Makefile.am @@ -52,13 +52,6 @@ AM_CFLAGS = -Wstrict-prototypes AM_CFLAGS += $(WARNING_FLAGS) AM_CFLAGS += $(OVS_CFLAGS) -if DPDK_NETDEV -AM_CFLAGS += -D_FILE_OFFSET_BITS=64 -DPDKSTRIP_FLAGS = --dpdk -else -DPDKSTRIP_FLAGS = --nodpdk -endif - if NDEBUG AM_CPPFLAGS += -DNDEBUG AM_CFLAGS += -fomit-frame-pointer diff --git a/acinclude.m4 b/acinclude.m4 index 6c3993e83b48..414deccabe2b 100644 --- a/acinclude.m4 +++ b/acinclude.m4 @@ -42,897 +42,6 @@ AC_DEFUN([OVS_ENABLE_WERROR], fi AC_SUBST([SPARSE_WERROR])]) -dnl OVS_CHECK_LINUX -dnl -dnl Configure linux kernel source tree -AC_DEFUN([OVS_CHECK_LINUX], [ - AC_ARG_WITH([linux], - [AC_HELP_STRING([--with-linux=/path/to/linux], - [Specify the Linux kernel build directory])]) - AC_ARG_WITH([linux-source], - [AC_HELP_STRING([--with-linux-source=/path/to/linux-source], - [Specify the Linux kernel source directory - (usually figured out automatically from build - directory)])]) - - # Deprecated equivalents to --with-linux, --with-linux-source. - AC_ARG_WITH([l26]) - AC_ARG_WITH([l26-source]) - - if test X"$with_linux" != X; then -KBUILD=$with_linux - elif test X"$with_l26" != X; then -KBUILD=$with_l26 -AC_MSG_WARN([--with-l26 is deprecated, please use --with-linux instead]) - else -KBUILD= - fi - - if test X"$KBUILD" != X; then -if test X"$with_linux_source" != X; then - KSRC=$with_linux_source -elif test X"$with_l26_source" != X; then - KSRC=$with_l26_source - AC_MSG_WARN([--with-l26-source is deprecated, please use --with-linux-source instead]) -else - KSRC= -fi - elif test X"$with_linux_source" != X || test X"$with_l26_source" != X; then -AC_MSG_ERROR([Linux source directory may not be specified without Linux build directory]) - fi - - if test -n "$KBUILD"; then -KBUILD=`eval echo "$KBUILD"` -case $KBUILD in -/*) ;; -*) KBUILD=`pwd`/$KBUILD ;; -esac - -# The build directory is what the user provided. -# Make sure that it exists. -AC_MSG_CHECKING([for Linux build directory]) -if test -d "$KBUILD"; then -AC_MSG_RESULT([$KBUILD]) -AC_SUBST(KBUILD) -else -AC_MSG_RESULT([no]) -AC_ERROR([source dir $KBUILD doesn't exist]) -fi - -# Debian breaks kernel headers into "source" header and "build" headers. -# We want the source headers, but $KBUILD gives us the "build" headers. -# Use heuristics to find the source headers. -AC_MSG_CHECKING([for Linux source directory]) -if test -n "$KSRC"; then - KSRC=`eval echo "$KSRC"` - case $KSRC in - /*) ;; - *) KSRC=`pwd`/$KSRC ;; - esac - if test ! -e $KSRC/include/linux/kernel.h; then -AC_MSG_ERROR([$KSRC is not a kernel source directory]) - fi -else - KSRC=$KBUILD - if test ! -e $KSRC/include/linux/kernel.h; then -# Debian kernel build Makefiles tend to include a line of the form: -# MAKEARGS := -C /usr/src/linux-headers-3.2.0-1-common O=/usr/src/linux-headers-3.2.0-1-486 -# First try to extract the source directory from this line. -KSRC=`sed -n 's/.*-C \([[^ ]]*\).*/\1/p' "$KBUILD"/Makefile` -if test ! -e "$KSRC"/include/linux/kernel.h; then - # Didn't work. Fall back to name-based heuristics that used to work. - case `echo "$KBUILD" | sed 's,/*$,,'` in # ( -*/build) - KSRC=`echo "$KBUILD" | sed 's,/build/*$,/source,'` - ;; # ( -*) - KSRC=`(cd $KBUILD && pwd -P) | sed 's,-[[^-]]*$,-common,'` - ;; - esac -fi - fi - if test ! -e "$KSRC"/include/linux/kernel.h; then -AC_MSG_ERROR([cannot find source directory (please use --with-linux-source)]) - fi -fi -AC_MSG_RESULT([$KSRC]) - -AC_MSG_CHECKING([for kernel version]) -version=`sed -n 's/^VERSION = //p' "$KSRC/Makefile"` -patchlevel=`sed -n 's/^PATCHLEVEL = //p' "$KSRC/Makefile"` -sublevel=`sed -n 's/^SUBLEVEL = //p' "$KSRC/Makefile"` -if test X"$version" = X || test X"$patchlevel" = X; then - AC_ERROR([cannot determine kernel version]) -elif test X"$sublevel" = X; then - kversion=$version.$patchlevel -else - kversion=$version.$patchlevel.$sublevel -fi -AC_MSG_RESULT([$kversion]) - -if test "$version" -ge 4; then - if test "$version" = 4 &&
[ovs-dev] [PATCH ovn 1/4] configure: Improve checks for OVS source and build directories.
Until now, "configure" was willing to accept anything as the OVS source and build directory, but obviously only an actual OVS source or build directory will actually work. This commit adds some basic checking. In addition, this changes relative paths so that they are relative to the current working directory when "configure" is invoked, instead of relative to the location of the "configure" script. This is less surprising. Finally, this moves the `eval echo "$dir"` lines up higher so that they do their intended job of expanding ~ in the right place. That has to happen early, otherwise, ~/foo will effectively end up as $PWD/\~/foo. Signed-off-by: Ben Pfaff --- acinclude.m4 | 23 ++- 1 file changed, 14 insertions(+), 9 deletions(-) diff --git a/acinclude.m4 b/acinclude.m4 index 31e4f0b5413f..9dfed9034910 100644 --- a/acinclude.m4 +++ b/acinclude.m4 @@ -1220,32 +1220,37 @@ AC_DEFUN([OVN_CHECK_OVS], [ AC_MSG_CHECKING([for OVS source directory]) if test X"$with_ovs_source" != X; then -OVSDIR=$with_ovs_source +OVSDIR=`eval echo "$with_ovs_source"` case $OVSDIR in /*) ;; - *) OVSDIR=$ac_abs_confdir/$OVSDIR ;; + *) OVSDIR=`pwd`/$OVSDIR ;; esac +if test ! -f "$OVSDIR/vswitchd/bridge.c"; then + AC_ERROR([$OVSDIR is not an OVS source directory]) +fi else -AC_ERROR([OVS source dir path needs to be specified]) +AC_ERROR([OVS source dir path needs to be specified (use --with-ovs-source)]) fi - OVSDIR=`eval echo "$OVSDIR"` AC_MSG_RESULT([$OVSDIR]) AC_SUBST(OVSDIR) AC_MSG_CHECKING([for OVS build directory]) if test X"$with_ovs_build" != X; then -OVSBUILDDIR=$with_ovs_build +OVSBUILDDIR=`eval echo "$with_ovs_build"` case $OVSBUILDDIR in /*) ;; - *) OVSBUILDDIR=$ac_abs_confdir/$OVSBUILDDIR ;; + *) OVSBUILDDIR=`pwd`/$OVSBUILDDIR ;; esac - else +if test ! -f "$OVSBUILDDIR/config.h"; then + AC_ERROR([$OVSBUILDDIR is not a configured OVS build directory]) +fi + elif test -f "$OVSDIR/config.h"; then # If separate build dir is not specified, use src dir. OVSBUILDDIR=$OVSDIR + else +AC_ERROR([OVS source dir $OVSDIR is not configured as a build directory (either run configure there or use --with-ovs-build to point to the build directory)]) fi - - OVSBUILDDIR=`eval echo "$OVSBUILDDIR"` AC_MSG_RESULT([$OVSBUILDDIR]) AC_SUBST(OVSBUILDDIR) ]) -- 2.21.0 ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH ovn 2/4] configure: Fix ctags identifier list.
Since compiler.h is an OVS header file, it needs to be relative to the
OVS source directory (and therefore we need to look at it after we've
located the OVS source directory).
Signed-off-by: Ben Pfaff
---
acinclude.m4 | 2 +-
configure.ac | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/acinclude.m4 b/acinclude.m4
index 9dfed9034910..6c3993e83b48 100644
--- a/acinclude.m4
+++ b/acinclude.m4
@@ -1143,7 +1143,7 @@ dnl ctags ignores symbols with extras identifiers. This
builds a list of
dnl specially handled identifiers to be ignored.
AC_DEFUN([OVS_CTAGS_IDENTIFIERS],
AC_SUBST([OVS_CTAGS_IDENTIFIERS_LIST],
- [`printf %s '-I "'; sed -n 's/^#define
\(OVS_[A-Z_]\+\)(\.\.\.)$/\1+/p' ${srcdir}/include/openvswitch/compiler.h | tr
\\\n ' ' ; printf '"'`] ))
+ [`printf %s '-I "'; sed -n 's/^#define
\(OVS_[A-Z_]\+\)(\.\.\.)$/\1+/p' ${OVSDIR}/include/openvswitch/compiler.h | tr
\\\n ' ' ; printf '"'`] ))
dnl OVS_PTHREAD_SET_NAME
dnl
diff --git a/configure.ac b/configure.ac
index a6f708812f87..65c57c7990fb 100644
--- a/configure.ac
+++ b/configure.ac
@@ -171,7 +171,6 @@ OVS_CONDITIONAL_CC_OPTION([-Wno-unused], [HAVE_WNO_UNUSED])
OVS_CONDITIONAL_CC_OPTION([-Wno-unused-parameter], [HAVE_WNO_UNUSED_PARAMETER])
OVS_ENABLE_WERROR
OVS_ENABLE_SPARSE
-OVS_CTAGS_IDENTIFIERS
AC_ARG_VAR(KARCH, [Kernel Architecture String])
AC_SUBST(KARCH)
@@ -180,6 +179,7 @@ OVS_CHECK_LINUX_TC
OVS_CHECK_DPDK
OVS_CHECK_PRAGMA_MESSAGE
OVN_CHECK_OVS
+OVS_CTAGS_IDENTIFIERS
AC_SUBST([OVS_CFLAGS])
AC_SUBST([OVS_LDFLAGS])
--
2.21.0
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH v1] odp-util: calc checksum of ip hdr for tunnel encap
On Tue, Sep 24, 2019 at 08:38:53AM +0800, martinbj2...@gmail.com wrote: > From: Martin Zhang > > When parse tnl_push, if IPv4 is used, > we forget to fill the ipv4 checksum fields. > > In the patch: > csum has been used as a variable, > so we neeed rename it to udp_csum. > > Signed-off-by: Martin Zhang > Signed-off-by: Dujie Thanks for the patch. This fails to build for me: CC lib/odp-util.lo ../lib/odp-util.c:1533:16: error: implicit declaration of function 'csum' is invalid in C99 [-Werror,-Wimplicit-function-declaration] ../lib/odp-util.c:1533:16: error: this function declaration is not a prototype [-Werror,-Wstrict-prototypes] ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH ovn 0/1] Remove ovs subtree
On Wed, Sep 25, 2019 at 9:51 PM Ben Pfaff wrote:
> On Wed, Sep 25, 2019 at 02:53:53PM +0530, nusid...@redhat.com wrote:
> > From: Numan Siddique
> >
> > We can delete the ovs subtree as OVN doesn't depend on this folder any
> more
> > for compilation.
> >
> > ovs subtree is deleted as "git rm -rf ovs"
> >
> > Please note that I am only sending the cover letter of this patch to the
> > ML as the patch is 25M big.
> >
> > The actual patch can be found here -
> >
> https://github.com/numansiddique/ovn/commit/7e6af9d8c3da212fb8368055006aa3fa5d0f3cfd
> > https://github.com/numansiddique/ovn/tree/delete_ovs_subtree
>
> Thanks a lot!
>
> I got an odd error message running "make check". I tracked it down and
> I think you should fold in the following incremental.
>
> With that addendum:
> Acked-by: Ben Pfaff
>
Thanks for the review and fixing the annoying message. With your suggested
changes I applied this
patch to master.
Numan
>
> diff --git a/tests/atlocal.in b/tests/atlocal.in
> index 2e565d788b15..842f5ad62393 100644
> --- a/tests/atlocal.in
> +++ b/tests/atlocal.in
> @@ -62,8 +62,8 @@ Linux)
> # thread-safe. See
> https://bugzilla.redhat.com/show_bug.cgi?id=585674 and
> # in particular the patch attached there, which was applied to glibc
> CVS as
> # "Restore locking in free_check." between 1.11 and 1.11.1.
> -vswitchd=$abs_top_builddir/vswitchd/ovs-vswitchd
> -glibc=`ldd $vswitchd | sed -n 's/^ libc\.[^ ]* => \([^ ]*\) .*/\1/p'`
> +binary=$abs_top_builddir/controller/ovn-controller
> +glibc=`ldd $binary | sed -n 's/^ libc\.[^ ]* => \([^ ]*\) .*/\1/p'`
> glibc_version=`$glibc | sed -n '1s/.*version
> \([0-9]\{1,\}\.[0-9]\{1,\}\).*/\1/p'`
> case $glibc_version in
> 2.[0-9] | 2.1[01]) mcheck=disabled ;;
>
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH ovn v3] Document process for compatibility between OVS and OVN.
Bleep bloop. Greetings Mark Michelson, I am a robot and I have tried out your patch. Thanks for your contribution. I encountered some error that I wasn't expecting. See the details below. checkpatch: WARNING: Line is 80 characters long (recommended limit is 79) #81 FILE: Documentation/internals/contributing/ovs-ovn-compatibility.rst:30: This document discusses the general policy of compatibility between OVS and OVN. WARNING: Line is 80 characters long (recommended limit is 79) #104 FILE: Documentation/internals/contributing/ovs-ovn-compatibility.rst:53: which versions of OVS. When incompatibilities are discovered, it is important to WARNING: Line is 80 characters long (recommended limit is 79) #107 FILE: Documentation/internals/contributing/ovs-ovn-compatibility.rst:56: The split of OVS and OVN happened in the run-up to the release of OVS 2.12. As a WARNING: Line is 80 characters long (recommended limit is 79) #115 FILE: Documentation/internals/contributing/ovs-ovn-compatibility.rst:64: The first way that the projects can become incompatible is if the C code for OVN WARNING: Line is 80 characters long (recommended limit is 79) #128 FILE: Documentation/internals/contributing/ovs-ovn-compatibility.rst:77: incompatibility. OVN developers will be expected to regularly update the version WARNING: Line is 80 characters long (recommended limit is 79) #148 FILE: Documentation/internals/contributing/ovs-ovn-compatibility.rst:97: common way this would happen is if new OpenFlow capabilities are added to OVS as WARNING: Line has trailing whitespace #162 FILE: Documentation/internals/contributing/ovs-ovn-compatibility.rst:111: 2. Make the necessary changes to OVN. WARNING: Line has trailing whitespace #165 FILE: Documentation/internals/contributing/ovs-ovn-compatibility.rst:114: is not present, then output an informational message to the logs that WARNING: Line is 80 characters long (recommended limit is 79) #189 FILE: Documentation/internals/contributing/ovs-ovn-compatibility.rst:138: withdraw compatibility support with a previous OVS version, for reasons such as: WARNING: Line is 80 characters long (recommended limit is 79) #202 FILE: Documentation/internals/contributing/ovs-ovn-compatibility.rst:151: OVS. Therefore, we will maintain a list of "tested" and "untested" compabitility WARNING: Line is 82 characters long (recommended limit is 79) #263 FILE: Documentation/topics/ovs-compatibility.rst:41: OVN version X.Y is 100% feature compatible with OVS versions A.B.C and higher. WARNING: Line is 80 characters long (recommended limit is 79) #276 FILE: Documentation/topics/ovs-compatibility.rst:54: OVN version X.Y has not been tested against OVS versions prior to A.(B-3).0, WARNING: New doc ovs-compatibility.rst not listed in Documentation/automake.mk Lines checked: 294, Warnings: 13, Errors: 0 Please check this out. If you feel there has been an error, please email acon...@redhat.com Thanks, 0-day Robot ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [patch v6] conntrack: Optimize recirculations.
On Mon, Aug 26, 2019 at 09:05:44AM -0700, Darrell Ball wrote: > Cache the 'conn' context and use it when it is valid. The cached 'conn' > context will get reset if it is not expected to be valid; the cost to do > this is negligible. Besides being most optimal, this also handles corner > cases, such as decapsulation leading to the same tuple, as in tunnel VPN > cases. A negative test is added to check the resetting of the cached > 'conn'. > > Signed-off-by: Darrell Ball Applied to master. Thank you! ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH ovn v3] Document process for compatibility between OVS and OVN.
This document serves to provide an explanation for how OVN will remain compatible with OVS. It provides instructions for OVN contributors for how to maintain compatibility even across older versions of OVS when possible. It also creates a document to detail compatibility of specific OVN versions. Signed-off-by: Mark Michelson --- v2 -> v3: * Removed RFC designation * Added the compatibility document for specific versions of OVS and OVN * Clarified compatibility concerns prior to the split * Mentioned possibility of a change to OVS major version as a reason for dropping compatibility. * Clarified where warning messages should be output in the case that feature incompatibility is detected. * Added mention of "tested" and "untested" versions of OVS for compatibility. --- Documentation/automake.mk | 1 + Documentation/internals/contributing/index.rst | 1 + .../contributing/ovs-ovn-compatibility.rst | 153 + Documentation/topics/index.rst | 1 + Documentation/topics/ovs-compatibility.rst | 69 ++ 5 files changed, 225 insertions(+) create mode 100644 Documentation/internals/contributing/ovs-ovn-compatibility.rst create mode 100644 Documentation/topics/ovs-compatibility.rst diff --git a/Documentation/automake.mk b/Documentation/automake.mk index f7e1d2628..d9bd4be1f 100644 --- a/Documentation/automake.mk +++ b/Documentation/automake.mk @@ -56,6 +56,7 @@ DOC_SOURCE = \ Documentation/internals/contributing/documentation-style.rst \ Documentation/internals/contributing/libopenvswitch-abi.rst \ Documentation/internals/contributing/submitting-patches.rst \ + Documentation/internals/contributing/ovs-ovn-compatibility.rst \ Documentation/requirements.txt \ $(addprefix Documentation/ref/,$(RST_MANPAGES) $(RST_MANPAGES_NOINST)) FLAKE8_PYFILES += Documentation/conf.py diff --git a/Documentation/internals/contributing/index.rst b/Documentation/internals/contributing/index.rst index a46cb046a..7ef57a1e2 100644 --- a/Documentation/internals/contributing/index.rst +++ b/Documentation/internals/contributing/index.rst @@ -36,3 +36,4 @@ The below guides provide information on contributing to Open vSwitch itself. coding-style-windows documentation-style libopenvswitch-abi + ovs-ovn-compatibility diff --git a/Documentation/internals/contributing/ovs-ovn-compatibility.rst b/Documentation/internals/contributing/ovs-ovn-compatibility.rst new file mode 100644 index 0..0ff4f5ba9 --- /dev/null +++ b/Documentation/internals/contributing/ovs-ovn-compatibility.rst @@ -0,0 +1,153 @@ +.. + Copyright (c) 2019 Red Hat, Inc. + + Licensed under the Apache License, Version 2.0 (the "License"); you may + not use this file except in compliance with the License. You may obtain + a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the + License for the specific language governing permissions and limitations + under the License. + + Convention for heading levels in Open vSwitch documentation: + + === Heading 0 (reserved for the title in a document) + --- Heading 1 + ~~~ Heading 2 + +++ Heading 3 + ''' Heading 4 + + Avoid deeper levels because they do not render well. + +=== +Keeping OVN Compatible with OVS +=== + +This document discusses the general policy of compatibility between OVS and OVN. +If you are looking for a listing of version compatiblity, please see +:doc:`topics/ovs-compatibility` + +OVN has split from OVS. Prior to this split, there were few issues with +compatibility. All code changes happened at the same time and in the same repo. +New releases contained the latest OVS and OVN changes. The most commonon time +that compatibility typically came into question was during an upgrade; there +might be a brief period where mismatched versions of OVS and OVN are running. +That situation was transient. + +With OVN and OVS being developed and versioned separately, previous assumptions +regarding compatibility are no longer valid. It is valid to permanently run a +version of OVN that is different from the concurrent version of OVS. + +OVS and OVN versions + + +Prior to the split, the release schedule for OVN was bound to the release +schedule for OVS. OVS releases a new version approximately every 6 months. OVN +has not yet determined a release schedule, but it is entirely possible that it +will be different from OVS. Eventually, this will lead to a situation where it +is very important that we publish which versions of OVN are compatible
Re: [ovs-dev] [PATCH] dpdk: Remove unneeded log message copy.
On 9/6/2019 3:18 PM, David Marchand wrote: On Fri, Sep 6, 2019 at 3:24 PM Ilya Maximets wrote: On 06.09.2019 14:26, David Marchand wrote: No need to duplicate and null-terminate the passed buffer. We can directly give it to the vlog subsystem using a dynamic precision in the format string. Signed-off-by: David Marchand --- Thanks for a patch. Looks good at a first glance. One small nit is that you need a space between "(int)" and "size", but this could be, probably, fixed while applying. Tell me, I don't mind sending a v2. Thanks! No need for the v2, can apply on commit. Thanks Ian ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [patch v3] conntrack: Add option to disable TCP sequence checking.
On Tue, Sep 24, 2019 at 03:47:35PM -0700, Darrell Ball wrote:
> This may be needed in some special cases, such as to support some hardware
> offload implementations. Note that disabling TCP sequence number
> verification is not an optimization in itself, but supporting some
> hardware offload implementations may offer better performance. TCP
> sequence number verification is enabled by default. This option is only
> available for the userspace datapath. Access to this option is presently
> provided via 'dpctl' commands as the need for this option is quite node
> specific, by virtual of which nics are in use on a given node. A test is
> added to verify this option.
>
> Reported-at:
> https://mail.openvswitch.org/pipermail/ovs-dev/2019-May/359188.html
> Signed-off-by: Darrell Ball
Thanks a lot.
It sounds like there are a couple of things you're planning to update
here in any case, so I'll expect to see v4 sometime soon.
This comment seems rather verbose, I'd probably just write "Check
sequence numbers?" or similar:
> +atomic_bool tcp_seq_ckk; /* TCP sequence number verification; when
> +enabled, this enables sequence number
> +verification; enabled by default. */
The change to tcp_conn_update() is a bit obscure with side effects in
?:. It might be clarified somewhat. I'm appending a suggestion.
The text in dpctl.man could be wordsmithed a little. Also appending a
suggestion for that.
The text in dpctl.man mentions 'be_liberal' mode but the tree doesn't
have any other mention of that anywhere.
Thanks again,
Ben.
diff --git a/lib/conntrack-tcp.c b/lib/conntrack-tcp.c
index 1e843f337f8a..1dc7ead3b233 100644
--- a/lib/conntrack-tcp.c
+++ b/lib/conntrack-tcp.c
@@ -149,6 +149,16 @@ tcp_get_wscale(const struct tcp_header *tcp)
return wscale;
}
+static inline bool
+tcp_bypass_seq_chk(struct conntrack *ct)
+{
+if (!conntrack_get_tcp_seq_chk(ct)) {
+COVERAGE_INC(conntrack_tcp_seq_chk_bypass);
+return true;
+}
+return false;
+}
+
static enum ct_update_res
tcp_conn_update(struct conntrack *ct, struct conn *conn_,
struct dp_packet *pkt, bool reply, long long now)
@@ -288,8 +298,7 @@ tcp_conn_update(struct conntrack *ct, struct conn *conn_,
/* Acking not more than one window forward */
&& ((tcp_flags & TCP_RST) == 0 || orig_seq == src->seqlo
|| (orig_seq == src->seqlo + 1) || (orig_seq + 1 == src->seqlo)))
-|| (!conntrack_get_tcp_seq_chk(ct)
-? COVERAGE_INC(conntrack_tcp_seq_chk_bypass), 1 : 0)) {
+|| tcp_bypass_seq_chk(ct)) {
/* Require an exact/+1 sequence match on resets when possible */
/* update max window */
diff --git a/lib/dpctl.man b/lib/dpctl.man
index 806e5d8e840d..53b7368e3b77 100644
--- a/lib/dpctl.man
+++ b/lib/dpctl.man
@@ -324,12 +324,13 @@ Only supported for userspace datapath.
.TQ
\*(DX\fBct\-disable\-tcp\-seq\-chk\fR [\fIdp\fR]
Enables or disables TCP sequence checking. When set to disabled, all sequence
-number verification is disabled, including for TCP resets and hence this is
-similar, but not equivalent to 'be_liberal' mode. Disabling sequence number
+number verification is disabled, including for TCP resets. This is
+similar, but not the same as, 'be_liberal' mode. Disabling sequence number
verification is not an optimization in itself, but is needed for some hardware
-offload support which might offer some performance advantage, This is enabled
+offload support which might offer some performance advantage. Sequence
+number checking is enabled
by default to enforce better security and should only be disabled if
-absolutely required. This command is only supported for the userspace
+required for hardware offload support. This command is only supported for the
userspace
datapath.
.
.TP
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH ovn 0/1] Remove ovs subtree
On Wed, Sep 25, 2019 at 02:53:53PM +0530, nusid...@redhat.com wrote:
> From: Numan Siddique
>
> We can delete the ovs subtree as OVN doesn't depend on this folder any more
> for compilation.
>
> ovs subtree is deleted as "git rm -rf ovs"
>
> Please note that I am only sending the cover letter of this patch to the
> ML as the patch is 25M big.
>
> The actual patch can be found here -
> https://github.com/numansiddique/ovn/commit/7e6af9d8c3da212fb8368055006aa3fa5d0f3cfd
> https://github.com/numansiddique/ovn/tree/delete_ovs_subtree
Thanks a lot!
I got an odd error message running "make check". I tracked it down and
I think you should fold in the following incremental.
With that addendum:
Acked-by: Ben Pfaff
diff --git a/tests/atlocal.in b/tests/atlocal.in
index 2e565d788b15..842f5ad62393 100644
--- a/tests/atlocal.in
+++ b/tests/atlocal.in
@@ -62,8 +62,8 @@ Linux)
# thread-safe. See https://bugzilla.redhat.com/show_bug.cgi?id=585674 and
# in particular the patch attached there, which was applied to glibc CVS as
# "Restore locking in free_check." between 1.11 and 1.11.1.
-vswitchd=$abs_top_builddir/vswitchd/ovs-vswitchd
-glibc=`ldd $vswitchd | sed -n 's/^ libc\.[^ ]* => \([^ ]*\) .*/\1/p'`
+binary=$abs_top_builddir/controller/ovn-controller
+glibc=`ldd $binary | sed -n 's/^ libc\.[^ ]* => \([^ ]*\) .*/\1/p'`
glibc_version=`$glibc | sed -n '1s/.*version
\([0-9]\{1,\}\.[0-9]\{1,\}\).*/\1/p'`
case $glibc_version in
2.[0-9] | 2.1[01]) mcheck=disabled ;;
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] Moodle para formadores
QVO LEGIS - FORMAÇÃO E CONSULTADORIA Formação certificada pela DGERT __ Moodle para formadores O curso ONLINE, apresenta a Plataforma Moodle e suas principais ferramentas de comunicação síncrona e assíncrona, ferramentas de edição e gestão de cursos online. Este curso irá proporcionar ao aluno a aquisição de saberes e de competências para saber aceder, criar, gerir, editar, coordenar, ensinar e avaliar programas de educação através da Plataforma Moodle, utilizando de forma eficaz as suas ferramentas de comunicação síncrona (chat), ferramentas de comunicação assíncrona (fóruns e wikis), ferramentas de edição, gestão, coordenação e avaliação do aprendizado online oferecidas por esta plataforma. O curso desenvolverá no aluno a capacidade de: Conhecer as mudanças evolutivas do Ensino a Distância; Identificar as características e as vantagens do e-learning; Reconhecer a importância do e-formador/e-mediador no processo formativo a distância; Identificar os princípios Básicos da e-moderação e do e-formador; Conhecer o papel e as funções do e-formador e e-moderador; ? Identificar e utilizar ferramentas de comunicação Síncrona; Identificar e utilizar ferramentas de comunicação Assíncrona; Conhecer as potencialidades da moodle para a aprendizagem colaborativa. Promover uma pedagogia social (colaboração, atividades, reflexão crítica, etc). Aprender a instalar a Moodle Aprender a customizar a Moodle Aprender a criar cursos ou disciplinas com variados conteúdos formativos e atividades, 100% online. Criar de testes na Moodle Definir os Perfis para gerir os cursos criados. Aprender a gerir os acessos à plataforma e suas atividades. Aprender a utilizar as Ferramentas com as atividades na Moodle Aprender a utilizar as Ferramentas com os recursos na Moodle Destinatários A todos os formadores para adquirir competências na formação á distância. Formadores de todas as áreas que exercem ou querem exercer a atividade de formador. E- Formadores, tutores, todas as pessoas que queiram adquirir competências no uso de plataformas online. DURAÇÃO: 35 Horas com flexibilidade de horários. FORMATO: E- Learning DATA DE INICIO: 07 de outubro Local/Data: Plataforma Moodle com acesso à internet Data Limite de Inscrição: 23 de setembro Preço promocional: 100 Euros (Isentos de IVA). Inscrição: forma...@qvolegis.pt (+351) 214047831 | (+351) 967201906 Reenvie a um/a amigo/a! Obrigado. Esta newsletter, visa informar as ações de formação disponiveis para a sua valorização pessoal e profissional. A QVOLEGIS utiliza os dados dos seus clientes e potenciais clientes de acordo com a legislação do Regulamento Geral da Proteção de Dados . Assim, se não desejar receber as nossas informações ou se pretender alterar os seus dados de contacto, por favor envie email para ge...@qvolegis.pt Estamos gratos pela sua atenção e vontade de continuar a receber as nossas informações. --- Este e-mail foi verificado em termos de vírus pelo software antivírus Avast. https://www.avast.com/antivirus ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH v2 ovn 3/3] northd: introduce logical flow for localnet egress shaping
On Tue, Sep 24, 2019 at 6:40 PM Lorenzo Bianconi
wrote:
>
> Add set_queue() action for qos capable localnet port in
> S_SWITCH_OUT_PORT_SEC_L2 stage of logical swith pipeline
> Introduce build_lswitch_{input,outpur}_port_sec and refactor
> lswitch_port_security code in order to remove duplicated code
>
> Signed-off-by: Lorenzo Bianconi
Looks good to me. Thanks!
Acked-by: Dumitru Ceara
> ---
> northd/ovn-northd.8.xml | 7 +-
> northd/ovn-northd.c | 231
> 2 files changed, 143 insertions(+), 95 deletions(-)
>
> diff --git a/northd/ovn-northd.8.xml b/northd/ovn-northd.8.xml
> index 0f4f1c112..093b55438 100644
> --- a/northd/ovn-northd.8.xml
> +++ b/northd/ovn-northd.8.xml
> @@ -1150,10 +1150,15 @@ output;
>eth.dst are always accepted instead of being subject to
> the
>port security rules; this is implemented through a priority-100 flow
> that
>matches on eth.mcast with action output;.
> - Finally, to ensure that even broadcast and multicast packets are not
> + Moreover, to ensure that even broadcast and multicast packets are not
>delivered to disabled logical ports, a priority-150 flow for each
>disabled logical outport overrides the priority-100 flow
>with a drop; action.
> + Finally if egress qos has been enabled on a localnet port, the outgoing
> + queue id is set through set_queue action. Please remember
> to
> + mark the corresponding physical interface with
> + ovn-egress-iface set to true in + table="Interface" db="Open_vSwitch"/>
>
>
> Logical Router Datapaths
> diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c
> index 633fb502b..b1ece2d29 100644
> --- a/northd/ovn-northd.c
> +++ b/northd/ovn-northd.c
> @@ -3903,6 +3903,140 @@ has_stateful_acl(struct ovn_datapath *od)
> return false;
> }
>
> +static void
> +build_lswitch_input_port_sec(struct hmap *ports, struct hmap *datapaths,
> + struct hmap *lflows)
> +{
> +/* Logical switch ingress table 0: Ingress port security - L2
> + * (priority 50).
> + * Ingress table 1: Ingress port security - IP (priority 90 and 80)
> + * Ingress table 2: Ingress port security - ND (priority 90 and 80)
> + */
> +struct ds actions = DS_EMPTY_INITIALIZER;
> +struct ds match = DS_EMPTY_INITIALIZER;
> +struct ovn_port *op;
> +
> +HMAP_FOR_EACH (op, key_node, ports) {
> +if (!op->nbsp) {
> +continue;
> +}
> +
> +if (!lsp_is_enabled(op->nbsp)) {
> +/* Drop packets from disabled logical ports (since logical flow
> + * tables are default-drop). */
> +continue;
> +}
> +
> +if (lsp_is_external(op->nbsp)) {
> +continue;
> +}
> +
> +ds_clear();
> +ds_clear();
> +ds_put_format(, "inport == %s", op->json_key);
> +build_port_security_l2("eth.src", op->ps_addrs, op->n_ps_addrs,
> + );
> +
> +const char *queue_id = smap_get(>sb->options, "qdisc_queue_id");
> +if (queue_id) {
> +ds_put_format(, "set_queue(%s); ", queue_id);
> +}
> +ds_put_cstr(, "next;");
> +ovn_lflow_add(lflows, op->od, S_SWITCH_IN_PORT_SEC_L2, 50,
> + ds_cstr(), ds_cstr());
> +
> +if (op->nbsp->n_port_security) {
> +build_port_security_ip(P_IN, op, lflows);
> +build_port_security_nd(op, lflows);
> +}
> +}
> +
> +/* Ingress table 1 and 2: Port security - IP and ND, by default
> + * goto next. (priority 0)
> + */
> +struct ovn_datapath *od;
> +HMAP_FOR_EACH (od, key_node, datapaths) {
> +if (!od->nbs) {
> +continue;
> +}
> +
> +ovn_lflow_add(lflows, od, S_SWITCH_IN_PORT_SEC_ND, 0, "1", "next;");
> +ovn_lflow_add(lflows, od, S_SWITCH_IN_PORT_SEC_IP, 0, "1", "next;");
> +}
> +
> +ds_destroy();
> +ds_destroy();
> +}
> +
> +static void
> +build_lswitch_output_port_sec(struct hmap *ports, struct hmap *datapaths,
> + struct hmap *lflows)
> +{
> +struct ds actions = DS_EMPTY_INITIALIZER;
> +struct ds match = DS_EMPTY_INITIALIZER;
> +struct ovn_port *op;
> +
> +/* Egress table 8: Egress port security - IP (priorities 90 and 80)
> + * if port security enabled.
> + *
> + * Egress table 9: Egress port security - L2 (priorities 50 and 150).
> + *
> + * Priority 50 rules implement port security for enabled logical port.
> + *
> + * Priority 150 rules drop packets to disabled logical ports, so that
> + * they don't even receive multicast or broadcast packets.
> + */
> +HMAP_FOR_EACH (op, key_node, ports) {
> +if (!op->nbsp || lsp_is_external(op->nbsp)) {
> +continue;
> +}
> +
> +ds_clear();
> +ds_clear();
> +
> +
Re: [ovs-dev] [PATCH v2 ovn 1/3] Add egress QoS mapping for non-tunnel interfaces
On Tue, Sep 24, 2019 at 6:40 PM Lorenzo Bianconi
wrote:
>
> Introduce add_localnet_egress_interface_mappings routine in order to collect
> as
> egress interfaces all ovs bridge interfaces marked with ovn-egress-iface
> in the external_ids column of ovs interface table.
> ovn-egress-iface is used to indicate to which localnet ports QoS egress
> shaping has to be applied.
> Refactor add_bridge_mappings routine
>
> Signed-off-by: Lorenzo Bianconi
Looks good to me. Thanks!
Acked-by: Dumitru Ceara
> ---
> controller/binding.c| 51 -
> controller/binding.h| 4 ++
> controller/ovn-controller.c | 3 +-
> controller/patch.c | 76 +
> controller/patch.h | 4 ++
> 5 files changed, 103 insertions(+), 35 deletions(-)
>
> diff --git a/controller/binding.c b/controller/binding.c
> index 242163d59..aad9d39e6 100644
> --- a/controller/binding.c
> +++ b/controller/binding.c
> @@ -18,6 +18,7 @@
> #include "ha-chassis.h"
> #include "lflow.h"
> #include "lport.h"
> +#include "patch.h"
>
> #include "lib/bitmap.h"
> #include "openvswitch/poll-loop.h"
> @@ -532,6 +533,9 @@ consider_local_datapath(struct ovsdb_idl_txn
> *ovnsb_idl_txn,
> /* Add all localnet ports to local_lports so that we allocate ct
> zones
> * for them. */
> sset_add(local_lports, binding_rec->logical_port);
> +if (qos_map && ovs_idl_txn) {
> +get_qos_params(binding_rec, qos_map);
> +}
> } else if (!strcmp(binding_rec->type, "external")) {
> if (ha_chassis_group_contains(binding_rec->ha_chassis_group,
>chassis_rec)) {
> @@ -619,10 +623,48 @@ consider_local_datapath(struct ovsdb_idl_txn
> *ovnsb_idl_txn,
> }
> }
>
> +static void
> +add_localnet_egress_interface_mappings(
> +const struct sbrec_port_binding *port_binding,
> +struct shash *bridge_mappings, struct sset *egress_ifaces)
> +{
> +const char *network = smap_get(_binding->options, "network_name");
> +if (!network) {
> +return;
> +}
> +
> +struct ovsrec_bridge *br_ln = shash_find_data(bridge_mappings, network);
> +if (!br_ln) {
> +return;
> +}
> +
> +/* Add egress-ifaces from the connected bridge */
> +for (size_t i = 0; i < br_ln->n_ports; i++) {
> +const struct ovsrec_port *port_rec = br_ln->ports[i];
> +
> +for (size_t j = 0; j < port_rec->n_interfaces; j++) {
> +const struct ovsrec_interface *iface_rec;
> +
> +iface_rec = port_rec->interfaces[j];
> +bool is_egress_iface = smap_get_bool(_rec->external_ids,
> + "ovn-egress-iface", false);
> +if (!is_egress_iface) {
> +continue;
> +}
> +sset_add(egress_ifaces, iface_rec->name);
> +}
> +}
> +}
> +
> static void
> consider_localnet_port(const struct sbrec_port_binding *binding_rec,
> + struct shash *bridge_mappings,
> + struct sset *egress_ifaces,
> struct hmap *local_datapaths)
> {
> +add_localnet_egress_interface_mappings(binding_rec,
> +bridge_mappings, egress_ifaces);
> +
> struct local_datapath *ld
> = get_local_datapath(local_datapaths,
> binding_rec->datapath->tunnel_key);
> @@ -655,6 +697,8 @@ binding_run(struct ovsdb_idl_txn *ovnsb_idl_txn,
> const struct ovsrec_bridge *br_int,
> const struct sbrec_chassis *chassis_rec,
> const struct sset *active_tunnels,
> +const struct ovsrec_bridge_table *bridge_table,
> +const struct ovsrec_open_vswitch_table *ovs_table,
> struct hmap *local_datapaths, struct sset *local_lports,
> struct sset *local_lport_ids)
> {
> @@ -663,6 +707,7 @@ binding_run(struct ovsdb_idl_txn *ovnsb_idl_txn,
> }
>
> const struct sbrec_port_binding *binding_rec;
> +struct shash bridge_mappings = SHASH_INITIALIZER(_mappings);
> struct shash lport_to_iface = SHASH_INITIALIZER(_to_iface);
> struct sset egress_ifaces = SSET_INITIALIZER(_ifaces);
> struct hmap qos_map;
> @@ -688,14 +733,18 @@ binding_run(struct ovsdb_idl_txn *ovnsb_idl_txn,
>
> }
>
> +add_ovs_bridge_mappings(ovs_table, bridge_table, _mappings);
> +
> /* Run through each binding record to see if it is a localnet port
> * on local datapaths discovered from above loop, and update the
> * corresponding local datapath accordingly. */
> SBREC_PORT_BINDING_TABLE_FOR_EACH (binding_rec, port_binding_table) {
> if (!strcmp(binding_rec->type, "localnet")) {
> -consider_localnet_port(binding_rec, local_datapaths);
> +consider_localnet_port(binding_rec, _mappings,
> + _ifaces, local_datapaths);
>
Re: [ovs-dev] DDLog after one week
Hi Leonid,
I've been playing with DDlog for the last week and half and to get the
hang of it I ported the IGMP Snoop & Relay features from ovn-northd to
ovn-northd-ddlog (thanks for reviewing the pull request). I tried to
take notes of all the things that were a bit unclear to me. Even
though I figured out most of the answers while writing the code, I'll
add the notes here as I think some things might need better
documentation.
Looking at IGMP I'm quite happy with the end result in DDlog. It
really allowed me to focus on the feature specific logic and spared me
the code complexity of custom hashtables and IDL lookups to implement
stable ID allocation for multicast groups. Also the code size was
significantly smaller for IGMP: ~500 lines in DDlog vs ~1500 lines in
C.
DDlog - OVN related:
Q: How are the OutProxy_{TableName} relations used? e.g.
OutProxy_Datapath_Binding.
A: In the end I found the answer in the DDlog repo in the OVSDB
compiler implementation comments [1] but maybe we should add this part
to northd/docs.
Bug: "ovn-ctl stop_northd" doesn't work.
Q: Why doesn't the ddlog compiler generate Out_IP_Multicast and only
"input IP_Multicast" in OVN_Southbound.dl.
A: For every table to which ovn-northd-ddlog needs to write we need to
update northd/automake.mk. Could we make this more robust or is it
fine to keep adding tables/keys/readonly fields in the makefile?
Q: Is there more documentation on the ddlog standard library or just
the comments in std.dl [3]?
Q: Why do some generated relations have uuid_name fields while others don't?
A: I guess to save memory but I only got (partial) confirmation after
looking at the compiler comments [1].
Q: Is there a way to leave a field uninitialized in an output
relation? For example "eth_src" in sb.IP_Multicast is of type "string"
in the schema but I couldn't find a way to leave it uninitialized
(NULL) in DDlog.
Issue: We always build for release (hardcoded) => no debug symbols.
Maybe we should rework northd/automake.mk to include debug symbols for
the rust files or enable debug builds.
ovn-northd-ddlog.c specific:
Q: There are scenarios when ovn-northd-ddlog might flush the whole
SB/NB DB (e.g., reconnect)? What happens to tables that are not
populated by ovn-northd (e.g., IGMP_Group)?
A: ddlog_clear_sb() clears tables from the sb_input_relations array.
But it was a bit confusing in the beginning to me because I initially
had the impression that sb_input_relations are OVSDB tables from the
Southbound database that will be fed as input to the ddlog program.
However that's not true, ovsdb2ddlog generates input relations for all
tables in the OVSDB schema.
Q: I defined all my intermediate relations and rules to populate
sb.Out_, dumping the table shows the records but why isn't
the data written to the database?
A: Update get_sb_ops() and get_nb_ops().
I also opened a pull request for a "how to add an OVN feature to
ovn-northd-ddlog" tutorial [2] where I tried to document the steps i
had to do for IGMP. Do you mind having a look at it when you have
time?
Please also see inline some thoughts regarding the points raised by
Mark already.
Thanks,
Dumitru
[1]
https://github.com/vmware/differential-datalog/blob/master/src/Language/DifferentialDatalog/OVSDB/Compile.hs#L51
[2] https://github.com/ovn-org/ovn/pull/12
[3] https://github.com/vmware/differential-datalog/blob/master/lib/std.dl
On Mon, Sep 23, 2019 at 6:54 PM Leonid Ryzhyk wrote:
>
> > Unfortunately, this wasn't possible without exporting some new C functions.
>
> The approach we've taken so far was to export whatever C functions are needed
> from either OVS or OVN. Numan has isolated the relevant patches here:
> https://github.com/numansiddique/ovs/commits/ovs_ddlog_patches
>
> > I'm guessing that the reason for not using the OVSDB IDL is that it
> > doesn't have the hooks necessary for DDLog.
>
> I think the initial implementation actually used the IDL, but Justin felt it
> was an overkill. I will leave it to him to comment in more detail.
>
> > Sure:
> > https://github.com/putnopvut/ovn/commit/0ea3b23d1b6a11f88a870acc4cf15b324c3ffb35
> > I imagine you'll take one look and immediately realize what's wrong :)
>
> This was caused by a bounds violation in `ovn_scan_static_dynamic_ip6`. Here
> is how I found this (I will add a description of this process to the DDlog
> debuggin tips doc in the repo):
>
> - Looked at the northd log to find a bunch of errors like this:
> ```
> 2019-09-23T16:23:24.549Z|00011|ovn_northd|ERR|ddlog_transaction_commit():
> error: failed to receive flush ack message from timely dataflow thread
> ```
>
> I admit this is a poor diagnostics message and we have an issue to fix it:
> https://github.com/vmware/differential-datalog/issues/342, but what it really
> means is that a DDLog thread crashed.
>
> - Replayed the recorded scenario using the CLI generated by DDlog:
> ```
>
[ovs-dev] (no subject)
Hallo.. ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] Time to remove the OVS subtree from OVN repo
On Tue, Sep 24, 2019 at 2:25 AM Ben Pfaff wrote: > On Tue, Sep 24, 2019 at 01:27:57AM +0530, Numan Siddique wrote: > > Hi, > > > > Now that OVN is compiled with OVS sources from external sources, I think > we > > can go ahead and delete the ovs subtree [1], > > > > We can delete this in 2 ways > > (1) Just delete the ovs subfolder using "git rm -rf ovs" > > (2) Using git filter-branch > > > > (2) deletes the history of ovs subfolder and rewrites the commit history. > > > > Any comments on which way to use ? > > I guess I'm inclined toward #1. > Thanks. I have followed this way. I have submitted the cover letter to the ML - https://mail.openvswitch.org/pipermail/ovs-dev/2019-September/362974.html Thanks Numan ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [RFC PATCH ovn] Disable conjunction
From: Numan Siddique
The commit 298701dbc996("Exclude inport and outport symbol tables from
conjunction")
was earlier added to disable conjunction for inport and outport symbols.
This patch extends it to all the symbos added in the symbol table by setting
the 'must_crossproduct' field to 'true'.
There are issues with the conjunction flows generated by ovn-controller.
Please see the commit 298701dbc996 for more information.
Signed-off-by: Numan Siddique
---
TODO.rst | 10 +
lib/expr.c |6 +-
lib/logical-fields.c | 72 +--
tests/ovn.at | 1244 +++---
4 files changed, 1224 insertions(+), 108 deletions(-)
diff --git a/TODO.rst b/TODO.rst
index 943d9bf81..ed55ea236 100644
--- a/TODO.rst
+++ b/TODO.rst
@@ -145,3 +145,13 @@ OVN To-do List
* Support FTP ALGs.
* Support reject action.
+
+* Conjunction: Conjunction is disabled in OVN. This needs to be revisisted
+ to enable conjunction again after addressing the issues related to it.
+ Like, if there are multiple ACLs with overlapping Conjunction matches,
+ conjunction flows are not added properly.
+ Eg. match(ip4.src == {IP1, IP2, IP3} && ip4.dst == {IP4, IP5, IP6} &&
+ tcp.dst >= 800 && tcp.dst <= 900) actions=drop
+
+ match(ip4.src == {IP1, IP2, IP3} && ip4.dst == {IP4, IP5, IP6} &&
+ tcp.dst >= 1000 && tcp.dst <= 2000) actions=allow
diff --git a/lib/expr.c b/lib/expr.c
index c0871e1e8..e6fffa701 100644
--- a/lib/expr.c
+++ b/lib/expr.c
@@ -1483,7 +1483,7 @@ expr_symtab_add_subfield(struct shash *symtab, const char
*name,
name, expr_level_to_string(level), f.symbol->name);
}
-symbol = add_symbol(symtab, name, f.n_bits, prereqs, level, false,
+symbol = add_symbol(symtab, name, f.n_bits, prereqs, level, true,
f.symbol->rw);
symbol->parent = f.symbol;
symbol->parent_ofs = f.ofs;
@@ -1562,7 +1562,7 @@ expr_symtab_add_predicate(struct shash *symtab, const
char *name,
return NULL;
}
-symbol = add_symbol(symtab, name, 1, NULL, level, false, false);
+symbol = add_symbol(symtab, name, 1, NULL, level, true, false);
symbol->predicate = xstrdup(expansion);
return symbol;
}
@@ -1575,7 +1575,7 @@ expr_symtab_add_ovn_field(struct shash *symtab, const
char *name,
struct expr_symbol *symbol;
symbol = add_symbol(symtab, name, ovn_field->n_bits, NULL,
-EXPR_L_NOMINAL, false, true);
+EXPR_L_NOMINAL, true, true);
symbol->ovn_field = ovn_field;
return symbol;
}
diff --git a/lib/logical-fields.c b/lib/logical-fields.c
index 8fb591c0a..cddc86ffe 100644
--- a/lib/logical-fields.c
+++ b/lib/logical-fields.c
@@ -77,7 +77,7 @@ ovn_init_symtab(struct shash *symtab)
* unless they're formally defined as subfields. It's a little awkward. */
for (int xxi = 0; xxi < MFF_N_LOG_REGS / 4; xxi++) {
char *xxname = xasprintf("xxreg%d", xxi);
-expr_symtab_add_field(symtab, xxname, MFF_XXREG0 + xxi, NULL, false);
+expr_symtab_add_field(symtab, xxname, MFF_XXREG0 + xxi, NULL, true);
free(xxname);
}
for (int xi = 0; xi < MFF_N_LOG_REGS / 2; xi++) {
@@ -86,7 +86,7 @@ ovn_init_symtab(struct shash *symtab)
if (xxi < MFF_N_LOG_REGS / 4) {
add_subregister(xname, "xxreg", xxi, 64, 1 - xi % 2, symtab);
} else {
-expr_symtab_add_field(symtab, xname, MFF_XREG0 + xi, NULL, false);
+expr_symtab_add_field(symtab, xname, MFF_XREG0 + xi, NULL, true);
}
free(xname);
}
@@ -99,13 +99,13 @@ ovn_init_symtab(struct shash *symtab)
} else if (xi < MFF_N_LOG_REGS / 2) {
add_subregister(name, "xreg", xi, 32, 1 - i % 2, symtab);
} else {
-expr_symtab_add_field(symtab, name, MFF_REG0 + i, NULL, false);
+expr_symtab_add_field(symtab, name, MFF_REG0 + i, NULL, true);
}
free(name);
}
/* Flags used in logical to physical transformation. */
-expr_symtab_add_field(symtab, "flags", MFF_LOG_FLAGS, NULL, false);
+expr_symtab_add_field(symtab, "flags", MFF_LOG_FLAGS, NULL, true);
char flags_str[16];
snprintf(flags_str, sizeof flags_str, "flags[%d]", MLF_ALLOW_LOOPBACK_BIT);
expr_symtab_add_subfield(symtab, "flags.loopback", NULL, flags_str);
@@ -119,12 +119,12 @@ ovn_init_symtab(struct shash *symtab)
flags_str);
/* Connection tracking state. */
-expr_symtab_add_field(symtab, "ct_mark", MFF_CT_MARK, NULL, false);
+expr_symtab_add_field(symtab, "ct_mark", MFF_CT_MARK, NULL, true);
-expr_symtab_add_field(symtab, "ct_label", MFF_CT_LABEL, NULL, false);
+expr_symtab_add_field(symtab, "ct_label", MFF_CT_LABEL, NULL, true);
expr_symtab_add_subfield(symtab, "ct_label.blocked", NULL, "ct_label[0]");
-expr_symtab_add_field(symtab, "ct_state", MFF_CT_STATE, NULL,
[ovs-dev] DARLEHEN
Sehr geehrte Damen und Herren Sind Sie es auch leid sich mit Banken oder Finanzdienstleister f�r ein Darlehen herumzuschlagen. Sicherheiten zu besorgen, um das Darlehen 200% abzusichern? Sie ben�tigen ein Darlehen um eine Investition vorzunehmen, kurzfristige Schulden in mittel- bis langfristig umzuwandeln? Ja, aber Sicherheit, Vertraulichkeit und Transparenz ist Ihnen wichtig. Dann k�nnen wir Ihnen helfen. Wir sind eine in Europe beheimatete Firma, die sich darauf spezialisiert hat, Darlehen an Private und Firmen unkompliziert zu vergeben. Wir gew�hren Darlehen in H�he von 10.000,00 � bis 20 Mio. � mit einem Zinssatz von 2% Die Zinsen und die Laufzeiten sind sehr attraktiv (2%) und in punkto Sicherheit beschr�nken wir uns auf das absolute Minimum. Interessiert? Dann kontaktieren Sie uns doch f�r weitere Informationen per e-mail Wir freuen uns, von Ihnen zu h�ren. Sicherheit, Vertrauen und Transparenz sind die Pfeiler unseres Gesch�fts. Freundliche Gr�___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
