[ovs-dev] [PATCH ovn] tests: Fix IPv6 prefix delegation test.
The IPv6 prefix delegation test was failing from time to time,
because the tcpdump stderr "leaked" into the test stderr. Make sure
the stderr for every tcpdump is redirected into file and while at it
properly wait for the tcpdump to fully start.
Signed-off-by: Ales Musil
---
tests/system-common-macros.at | 11 ++-
1 file changed, 6 insertions(+), 5 deletions(-)
diff --git a/tests/system-common-macros.at b/tests/system-common-macros.at
index 177178067..d6c4e090e 100644
--- a/tests/system-common-macros.at
+++ b/tests/system-common-macros.at
@@ -438,7 +438,8 @@ chown root:dhcpd /var/lib/dhcp /var/lib/dhcp/dhcpd6.leases
chmod 775 /var/lib/dhcp
chmod 664 /var/lib/dhcp/dhcpd6.leases
-NS_CHECK_EXEC([server], [tcpdump -nni s1 > pkt.pcap &])
+NETNS_DAEMONIZE([server], [tcpdump -nni s1 > pkt.pcap
2>server-tcpdump.stderr], [server-tcpdump.pid])
+OVS_WAIT_UNTIL([grep "listening" server-tcpdump.stderr])
NETNS_DAEMONIZE([server], [dhcpd -6 -f s1 > dhcpd.log 2>&1], [dhcpd.pid])
ovn-nbctl --wait=hv sync
@@ -462,9 +463,11 @@ ovn-nbctl list logical_router_port rp-public >
/tmp/rp-public
ovn-nbctl set logical_router_port rp-sw0 options:prefix=false
ovn-nbctl set logical_router_port rp-sw1 options:prefix=false
# Renew message
-NS_CHECK_EXEC([server], [tcpdump -c 1 -nni s1 ip6[[48:1]]=0x05 and
ip6[[113:4]]=0x${prefix} > renew.pcap &])
+NETNS_DAEMONIZE([server], [tcpdump -c 1 -nni s1 ip6[[48:1]]=0x05 and
ip6[[113:4]]=0x${prefix} > renew.pcap 2>renew-tcpdump.stderr],
[renew-tcpdump.pid])
+OVS_WAIT_UNTIL([grep "listening" renew-tcpdump.stderr])
# Reply message with Status OK
-NS_CHECK_EXEC([server], [tcpdump -c 1 -nni s1 ip6[[48:1]]=0x07 and
ip6[[81:4]]=0x${prefix} > reply.pcap &])
+NETNS_DAEMONIZE([server], [tcpdump -c 1 -nni s1 ip6[[48:1]]=0x07 and
ip6[[81:4]]=0x${prefix} > reply.pcap 2>reply-tcpdump.stderr],
[reply-tcpdump.pid])
+OVS_WAIT_UNTIL([grep "listening" reply-tcpdump.stderr])
OVS_WAIT_UNTIL([
total_pkts=$(cat renew.pcap | wc -l)
@@ -476,8 +479,6 @@ OVS_WAIT_UNTIL([
test "${total_pkts}" = "1"
])
-kill $(pidof tcpdump)
-
ovn-nbctl set logical_router_port rp-sw0 options:prefix=false
ovn-nbctl clear logical_router_port rp-sw0 ipv6_prefix
OVS_WAIT_WHILE([test "$(ovn-nbctl get logical_router_port rp-sw0 ipv6_prefix |
cut -c3-16)" = "[2001:1db8:]"])
--
2.43.0
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH v2] dp-packet: Don't offload inner csum if outer isn't supported.
On 2/26/24 14:38, Mike Pattrick wrote:
> Some network cards support inner checksum offloading but not outer
> checksum offloading. Currently OVS will resolve that outer checksum but
> allows the network card to resolve the inner checksum, invalidating the
> outer checksum in the process.
>
> Now if we can't offload outer checksums, we don't offload inner either.
>
> Reported-at: https://issues.redhat.com/browse/FDP-363
> Fixes: 084c8087292c ("userspace: Support VXLAN and GENEVE TSO.")
> Signed-off-by: Mike Pattrick
> ---
> nb: I also tested a more complex patch that only resolved the inner
> checksum and offloaded the UDP layer. This didn't noticably improve
> performance.
> v2: Added IPv4 flag
> ---
> lib/dp-packet.c | 12
> 1 file changed, 12 insertions(+)
>
> diff --git a/lib/dp-packet.c b/lib/dp-packet.c
> index 305822293..df7bf8e6b 100644
> --- a/lib/dp-packet.c
> +++ b/lib/dp-packet.c
> @@ -592,6 +592,18 @@ dp_packet_ol_send_prepare(struct dp_packet *p, uint64_t
> flags)
> if (dp_packet_hwol_is_tunnel_geneve(p) ||
> dp_packet_hwol_is_tunnel_vxlan(p)) {
> tnl_inner = true;
> +
> +/* If the TX interface doesn't support UDP tunnel offload but does
> + * support inner checksum offload and an outer UDP checksum is
> + * required, then we can't offload inner checksum either. As that
> would
> + * invalidate the outer checksum. */
> +if (!(flags & NETDEV_TX_OFFLOAD_OUTER_UDP_CKSUM) &&
> +dp_packet_hwol_is_outer_udp_cksum(p)) {
> +flags &= ~(NETDEV_TX_OFFLOAD_TCP_CKSUM |
> + NETDEV_TX_OFFLOAD_UDP_CKSUM |
> + NETDEV_TX_OFFLOAD_SCTP_CKSUM |
> + NETDEV_TX_OFFLOAD_IPV4_CKSUM);
Thanks, Mike. Applied and backported to 3.3.
Though I still think the logic of offload flags is backwards.
Unfortunately that is derivative of the kernel and DPDK APIs.
Maybe we can try to flip it in OVS? I think it might be good
if we could make all the basic flags always mean offloads of
the outermost headers and have another set of inner flags.
Maybe we could bitshift them on encapsulations/decapsulations.
This will require flag translation on receive and send for
each particular netdev type. But maybe it will be more clear
to implement OVS logic this way, as long as it doesn't give a
huge performance hit. I'd happily sacrifice a couple percents
of performance for a clearer internal logic.
Any other ideas are also welcome. But the fact that basic flags
mean innermost header, except for cases where they do not,
doesn't make a lot of sense to me and we'll keep hitting issues
like this one because of that.
Best regards, Ilya Maximets.
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH v28 8/8] system-offloads-traffic.at: Add sFlow offload test cases
On 2/29/2024 9:04 PM, Ilya Maximets wrote: On 2/29/24 01:56, Chris Mi wrote: On 2/28/2024 8:51 PM, Ilya Maximets wrote: On 2/28/24 13:26, Chris Mi wrote: Hi Ilya, On 2/28/2024 7:56 PM, Ilya Maximets wrote: On 2/28/24 11:03, Eelco Chaudron wrote: On 28 Feb 2024, at 8:06, Chris Mi wrote: Hi Eelco, I did a rebase and pushed to github. Nothing changed, but the actions always reported the following failure: -1000 packets transmitted, 1000 received, 0% packet loss, time 0ms +744 packets transmitted, 744 received, 0% packet loss, time 0ms I can't reproduce the failure locally. Not sure if the test machine is a little weak. So how about change the test like this to make test robost: -NS_CHECK_EXEC([at_ns0], [ping -q -c 1000 -i 0.01 -w 12 10.1.1.2 | FORMAT_PING], [0], [dnl -1000 packets transmitted, 1000 received, 0% packet loss, time 0ms +NS_CHECK_EXEC([at_ns0], [ping -q -c 200 -i 0.05 -w 12 10.1.1.2 | FORMAT_PING], [0], [dnl +200 packets transmitted, 200 received, 0% packet loss, time 0ms It looks like the machine might be too slow to handle the 1000 pings in 12 seconds. Scaling it down should not be a problem. Maybe back to 500, and see if this is enough? 500 is also not stable. Is it necessary to send hundreds of packets? Can we just send 3-10 like other tests do? 200 seems stable. But why 5 or 10 is not enough? If ratio is 1, 5 or 10 is enough. I can change it. If ratio is 2, we need send more packets. But maybe we only need to check the range of the sampled packets. For the ratio of 2 we could send 100 packets and check that the number is within 30-70 range. This gives us less than 0.01% failure rate. With 200 we'll need to check the 70-130 range, which isn't a significantly narrower range and a chance to successfully send 100 pings is much higher than with 200. So, maybe 100 is a good number to test ratio of 2 with? Also, please, use -W instead of -w in pings as -w doesn't stop ping from sending more packets than requested leading to random failures. OK, thanks for your suggestion. I'll try it. I see, there is an existing test that sends 1000 packets, but it probably should be canged as well. Not as part of this patch set, but in general. In case you missed my previous review for this patch where I pointed out the problem with the slow ping: https://patchwork.ozlabs.org/project/openvswitch/patch/20230619050557.310690-9-...@nvidia.com/#3136718 OK, I'll address other comments. It should be reproducible locally under ASAN.OK. Ping is not a reliable tool when we're trying to send a particular number of packets, especially with intervals under 100ms. OK, I see. Thanks, Chris Best regards, Ilya Maximets. ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH ovn v4] ovn-ctl: Add ssl-ciphers and protocols support.
From: Aliasgar Ginwala
Setting up OVN on new kernel bumps openssl version.
Since OVS PKI infrastructure that generated older ssl certs based on
old openssl version, raft fails with error
2024-02-27T19:28:39.673Z|00022|stream_ssl|WARN|SSL_connect: error:1416F086:SSL
routines:tls_process_server_certificate:certificate verify failed
For running ovn-controller in container, we can still pin ssl-ciphers directly.
This was missed to set via ovn-ctl utility and hence setting the same.
e.g. pin ciphers to 'HIGH:!aNULL:!MD5:@SECLEVEL=1'
for raft/ovn-controllers, etc.
Also update options to show up ssl-ciphers and ssl-protocols for each
components in help.
Signed-off-by: Aliasgar Ginwala
---
utilities/ovn-ctl | 69 +++--
utilities/ovn-ctl.8.xml | 16 ++
2 files changed, 83 insertions(+), 2 deletions(-)
diff --git a/utilities/ovn-ctl b/utilities/ovn-ctl
index 50d588358..700efe35a 100755
--- a/utilities/ovn-ctl
+++ b/utilities/ovn-ctl
@@ -185,6 +185,8 @@ start_ovsdb__() {
local ovn_db_election_timer
local relay_mode
local cluster_db_upgrade
+local ovn_db_ssl_protocols
+local ovn_db_ssl_ciphers
eval db_pid_file=\$DB_${DB}_PIDFILE
eval cluster_local_addr=\$DB_${DB}_CLUSTER_LOCAL_ADDR
eval cluster_local_port=\$DB_${DB}_CLUSTER_LOCAL_PORT
@@ -214,6 +216,8 @@ start_ovsdb__() {
eval relay_mode=\$RELAY_MODE
eval relay_remote=\$DB_${DB}_REMOTE
eval cluster_db_upgrade=\$DB_CLUSTER_SCHEMA_UPGRADE
+eval ovn_db_ssl_protocols=\$OVN_${DB}_DB_SSL_PROTOCOLS
+eval ovn_db_ssl_ciphers=\$OVN_${DB}_DB_SSL_CIPHERS
ovn_install_dir "$OVN_RUNDIR"
ovn_install_dir "$ovn_logdir"
@@ -313,8 +317,17 @@ $cluster_remote_port
set "$@" --ca-cert=db:$schema_name,SSL,ca_cert
fi
-set "$@" --ssl-protocols=db:$schema_name,SSL,ssl_protocols
-set "$@" --ssl-ciphers=db:$schema_name,SSL,ssl_ciphers
+if test X"$ovn_db_ssl_protocols" != X; then
+set "$@" --ssl-protocols=$ovn_db_ssl_protocols
+else
+set "$@" --ssl-protocols=db:$schema_name,SSL,ssl_protocols
+fi
+
+if test X"$ovn_db_ssl_ciphers" != X; then
+set "$@" --ssl-ciphers=$ovn_db_ssl_ciphers
+else
+set "$@" --ssl-ciphers=db:$schema_name,SSL,ssl_ciphers
+fi
if test X"$create_insecure_remote" = Xyes; then
set "$@" --remote=ptcp:$port:$addr
@@ -523,6 +536,12 @@ start_northd () {
if test "$OVN_NORTHD_N_THREADS" != 1; then
set "$@" --n-threads=$OVN_NORTHD_N_THREADS
fi
+if test X"$OVN_NORTHD_SSL_PROTOCOLS" != X; then
+set "$@" --ssl-protocols=$OVN_NORTHD_SSL_PROTOCOLS
+fi
+if test X"$OVN_NORTHD_SSL_CIPHERS" != X; then
+set "$@" --ssl-ciphers=$OVN_NORTHD_SSL_CIPHERS
+fi
[ "$OVN_USER" != "" ] && set "$@" --user "$OVN_USER"
@@ -558,6 +577,12 @@ start_ic () {
if test X"$OVN_IC_SSL_CA_CERT" != X; then
set "$@" --ca-cert=$OVN_IC_SSL_CA_CERT
fi
+if test X"$OVN_IC_SSL_PROTOCOLS" != X; then
+set "$@" --ssl-protocols=$OVN_IC_SSL_PROTOCOLS
+fi
+if test X"$OVN_IC_SSL_CIPHERS" != X; then
+set "$@" --ssl-ciphers=$OVN_IC_SSL_CIPHERS
+fi
[ "$OVN_USER" != "" ] && set "$@" --user "$OVN_USER"
@@ -586,6 +611,12 @@ start_controller () {
if test X"$OVN_CONTROLLER_SSL_BOOTSTRAP_CA_CERT" != X; then
set "$@" --bootstrap-ca-cert=$OVN_CONTROLLER_SSL_BOOTSTRAP_CA_CERT
fi
+if test X"$OVN_CONTROLLER_SSL_PROTOCOLS" != X; then
+set "$@" --ssl-protocols=$OVN_CONTROLLER_SSL_PROTOCOLS
+fi
+if test X"$OVN_CONTROLLER_SSL_CIPHERS" != X; then
+set "$@" --ssl-ciphers=$OVN_CONTROLLER_SSL_CIPHERS
+fi
[ "$OVN_USER" != "" ] && set "$@" --user "$OVN_USER"
@@ -611,6 +642,12 @@ start_controller_vtep () {
if test X"$OVN_CONTROLLER_SSL_BOOTSTRAP_CA_CERT" != X; then
set "$@" --bootstrap-ca-cert=$OVN_CONTROLLER_SSL_BOOTSTRAP_CA_CERT
fi
+if test X"$OVN_CONTROLLER_SSL_PROTOCOLS" != X; then
+set "$@" --ssl-protocols=$OVN_CONTROLLER_SSL_PROTOCOLS
+fi
+if test X"$OVN_CONTROLLER_SSL_CIPHERS" != X; then
+set "$@" --ssl-ciphers=$OVN_CONTROLLER_SSL_CIPHERS
+fi
if test X"$DB_SOCK" != X; then
set "$@" --vtep-db=$DB_SOCK
fi
@@ -814,14 +851,20 @@ set_defaults () {
OVN_CONTROLLER_SSL_CERT=""
OVN_CONTROLLER_SSL_CA_CERT=""
OVN_CONTROLLER_SSL_BOOTSTRAP_CA_CERT=""
+OVN_CONTROLLER_SSL_PROTOCOLS=""
+OVN_CONTROLLER_SSL_CIPHERS=""
OVN_NORTHD_SSL_KEY=""
OVN_NORTHD_SSL_CERT=""
OVN_NORTHD_SSL_CA_CERT=""
+OVN_NORTHD_SSL_PROTOCOLS=""
+OVN_NORTHD_SSL_CIPHERS=""
OVN_IC_SSL_KEY=""
OVN_IC_SSL_CERT=""
OVN_IC_SSL_CA_CERT=""
+OVN_IC_SSL_PROTOCOLS=""
+OVN_IC_SSL_CIPHERS=""
DB_SB_CREATE_INSECURE_REMOTE="no"
DB_NB_CREATE_INSECURE_REMOTE="no"
@@ -878,18 +921,26 @@
Re: [ovs-dev] [PATCH v2] dpif-netdev: Do not create handler threads.
On 20 Feb 2024, at 17:50, Mike Pattrick wrote: > On Tue, Feb 20, 2024 at 4:32 AM Eelco Chaudron wrote: >> >> Avoid unnecessary thread creation as no upcalls are generated, >> resulting in idle threads waiting for process termination. >> >> This optimization significantly reduces memory usage, cutting it >> by half on a 128 CPU/thread system during testing, with the number >> of threads reduced from 95 to 0. >> >> Signed-off-by: Eelco Chaudron >> --- > > I tested this out a bit, and it seems to work well. > > Acked-by: Mike Pattrick Thanks Mike for the review, applied to the main branch. //Eelco ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH v28 8/8] system-offloads-traffic.at: Add sFlow offload test cases
On 2/29/24 01:56, Chris Mi wrote: > On 2/28/2024 8:51 PM, Ilya Maximets wrote: >> On 2/28/24 13:26, Chris Mi wrote: >>> Hi Ilya, >>> >>> On 2/28/2024 7:56 PM, Ilya Maximets wrote: On 2/28/24 11:03, Eelco Chaudron wrote: > > > On 28 Feb 2024, at 8:06, Chris Mi wrote: > >> Hi Eelco, >> >> I did a rebase and pushed to github. Nothing changed, but the actions >> always reported the following failure: >> >> -1000 packets transmitted, 1000 received, 0% packet loss, time 0ms >> +744 packets transmitted, 744 received, 0% packet loss, time 0ms >> >> I can't reproduce the failure locally. Not sure if the test machine >> is a little weak. So how about change the test like this to make test >> robost: >> >> -NS_CHECK_EXEC([at_ns0], [ping -q -c 1000 -i 0.01 -w 12 10.1.1.2 | >> FORMAT_PING], [0], [dnl >> -1000 packets transmitted, 1000 received, 0% packet loss, time 0ms >> +NS_CHECK_EXEC([at_ns0], [ping -q -c 200 -i 0.05 -w 12 10.1.1.2 | >> FORMAT_PING], [0], [dnl >> +200 packets transmitted, 200 received, 0% packet loss, time 0ms > > It looks like the machine might be too slow to handle the 1000 pings in > 12 seconds. Scaling it down should not be a problem. Maybe back to 500, > and see if this is enough? >>> 500 is also not stable. Is it necessary to send hundreds of packets? Can we just send 3-10 like other tests do? >>> 200 seems stable. >> >> But why 5 or 10 is not enough? > If ratio is 1, 5 or 10 is enough. I can change it. > If ratio is 2, we need send more packets. But maybe we only need > to check the range of the sampled packets. For the ratio of 2 we could send 100 packets and check that the number is within 30-70 range. This gives us less than 0.01% failure rate. With 200 we'll need to check the 70-130 range, which isn't a significantly narrower range and a chance to successfully send 100 pings is much higher than with 200. So, maybe 100 is a good number to test ratio of 2 with? Also, please, use -W instead of -w in pings as -w doesn't stop ping from sending more packets than requested leading to random failures. >> I see, there is an existing test that sends 1000 packets, but it probably should be canged as well. Not as part of this patch set, but in general. In case you missed my previous review for this patch where I pointed out the problem with the slow ping: https://patchwork.ozlabs.org/project/openvswitch/patch/20230619050557.310690-9-...@nvidia.com/#3136718 >>> OK, I'll address other comments. It should be reproducible locally under ASAN.OK. Ping is not a reliable tool when we're trying to send a particular number of packets, especially with intervals under 100ms. >>> OK, I see. >>> >>> Thanks, >>> Chris Best regards, Ilya Maximets. >> ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH v1 07/12] python: ovs: flowviz: Add OpenFlow logical view.
On 19 Feb 2024, at 9:14, Adrian Moreno wrote: > This view is interesting for debugging the logical pipeline. It arranges > the flows in "logical" groups (not to be confused with OVN's > Logical_Flows). A logical group of flows is a set of flows that: > - Have the same table number and priority > - Match on the same fields (regardless of the value they match against) > - Have the same actions, regardless of the arguments for those actions, > except for output and recirc, for which arguments do care. > > Optionally, the cookie can also be force to be unique for the logical > group. By doing so, we can extend the information we show by querying an > external OVN database and running "ovn-detrace" on each cookie. The > result is a compact list of flow groups with interlieved OVN > information. > > Furthermore, if connected to an OVN database, we can apply an OVN > regexp filter. > > Examples: > $ ovs-ofctl dump-flows br-int | ovs-flowviz openflow logic > $ ovs-ofctl dump-flows br-int | ovs-flowviz openflow logic -s -h > $ export OVN_NB_DB=... > $ export OVN_SB_DB=... > $ ovs-ofctl dump-flows br-int | ovs-flowviz openflow logic -d > $ ovs-ofctl dump-flows br-int | ovs-flowviz openflow logic -d > --ovn-filter="acl.*icmp4" > > Acked-by: Eelco Chaudron > Signed-off-by: Adrian Moreno Ack on the additional change. Acked-by: Eelco Chaudron ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH v1 10/12] python: ovs: flowviz: Add datapath graph format.
On 19 Feb 2024, at 9:14, Adrian Moreno wrote: > Graph view leverages the tree format (specially the tree-based > filtering) and uses graphviz library to build a visual graph of the > datapath in graphviz format. > > Conntrack zones are shown in random colors to help visualize connection > tracking interdependencies. > > An html flag builds an HTML page with both the html flows and the graph > (in svg) that enables navegation. > > Examples: > $ ovs-appctl dpctl/dump-flows -m | ovs-flowviz datapath graph | dot > -Tpng -o graph.png > $ ovs-appctl dpctl/dump-flows -m | ovs-flowviz datapath graph --html > > flows.html > > Acked-by: Eelco Chaudron > Signed-off-by: Adrian Moreno Thanks for adding the example to the commit message. Acked-by: Eelco Chaudron ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH ovn] Update copyright year to 2024.
I noticed the copyright year at the bottom of https://docs.ovn.org/en/latest/contents.html Signed-off-by: Igor Zhukov --- Documentation/conf.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Documentation/conf.py b/Documentation/conf.py index f8fc0125f..828e9443b 100644 --- a/Documentation/conf.py +++ b/Documentation/conf.py @@ -46,7 +46,7 @@ master_doc = 'contents' # General information about the project. project = u'Open Virtual Network (OVN)' -copyright = u'2020-2023, The Open Virtual Network (OVN) Development Community' +copyright = u'2020-2024, The Open Virtual Network (OVN) Development Community' author = u'The Open Virtual Network (OVN) Development Community' # The version info for the project you're documenting, acts as replacement for -- 2.43.0.windows.1 ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH v1 04/12] python: ovs: flowviz: Add default config file.
On 19 Feb 2024, at 9:14, Adrian Moreno wrote: > It has two basic styles defined: "dark" and "light" intended for > dark and light terminals. > > Examples: > $ ovs-flowviz -i /tmp/dpflows --style=dark datapath console > $ ovs-flowviz -i /tmp/ofpflows --style=light openflow console > > Acked-by: Eelco Chaudron > Signed-off-by: Adrian Moreno Thanks for making the additional nit changes. Acked-by: Eelco Chaudron ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH ovn] Update copyright year to 2024
I noticed the copyright year at the bottom of https://docs.ovn.org/en/latest/contents.html Signed-off-by: Igor Zhukov --- Documentation/conf.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Documentation/conf.py b/Documentation/conf.py index f8fc0125f..828e9443b 100644 --- a/Documentation/conf.py +++ b/Documentation/conf.py @@ -46,7 +46,7 @@ master_doc = 'contents' # General information about the project. project = u'Open Virtual Network (OVN)' -copyright = u'2020-2023, The Open Virtual Network (OVN) Development Community' +copyright = u'2020-2024, The Open Virtual Network (OVN) Development Community' author = u'The Open Virtual Network (OVN) Development Community' # The version info for the project you're documenting, acts as replacement for -- 2.43.0.windows.1 ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH v1 02/12] python: ovs: flowviz: Add file processing infra.
On 19 Feb 2024, at 9:14, Adrian Moreno wrote: > process.py contains a useful base class that processes files > odp.py and ofp.py: contain datapath and openflow subcommand definitions > as well as the first formatting option: json. > > Also, this patch adds basic filtering support. > > Examples: > $ ovs-ofctl dump-flows br-int | ovs-flowviz openflow json > $ ovs-ofctl dump-flows br-int > flows.txt && ovs-flowviz -i flows.txt > openflow json > $ ovs-ofctl appctl dpctl/dump-flows | ovs-flowviz -f 'ct' datapath json > $ ovs-ofctl appctl dpctl/dump-flows > flows.txt && ovs-flowviz -i flows.txt > -f 'drop' datapath json > > Signed-off-by: Adrian Moreno > Thanks for making the suggested changes. Acked-by: Eelco Chaudron ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH AUTOSEL 6.6 09/21] selftests: openvswitch: Add validation for the recursion test
From: Aaron Conole
[ Upstream commit bd128f62c365504e1268dc09fcccdfb1f091e93a ]
Add a test case into the netlink checks that will show the number of
nested action recursions won't exceed 16. Going to 17 on a small
clone call isn't enough to exhaust the stack on (most) systems, so
it should be safe to run even on systems that don't have the fix
applied.
Signed-off-by: Aaron Conole
Reviewed-by: Simon Horman
Link: https://lore.kernel.org/r/20240207132416.1488485-3-acon...@redhat.com
Signed-off-by: Jakub Kicinski
Signed-off-by: Sasha Levin
---
.../selftests/net/openvswitch/openvswitch.sh | 13
.../selftests/net/openvswitch/ovs-dpctl.py| 71 +++
2 files changed, 69 insertions(+), 15 deletions(-)
diff --git a/tools/testing/selftests/net/openvswitch/openvswitch.sh
b/tools/testing/selftests/net/openvswitch/openvswitch.sh
index f8499d4c87f3f..36e40256ab92a 100755
--- a/tools/testing/selftests/net/openvswitch/openvswitch.sh
+++ b/tools/testing/selftests/net/openvswitch/openvswitch.sh
@@ -502,7 +502,20 @@ test_netlink_checks () {
wc -l) == 2 ] || \
return 1
+ info "Checking clone depth"
ERR_MSG="Flow actions may not be safe on all matching packets"
+ PRE_TEST=$(dmesg | grep -c "${ERR_MSG}")
+ ovs_add_flow "test_netlink_checks" nv0 \
+ 'in_port(1),eth(),eth_type(0x800),ipv4()' \
+
'clone(clone(clone(clone(clone(clone(clone(clone(clone(clone(clone(clone(clone(clone(clone(clone(clone(drop)'
\
+ >/dev/null 2>&1 && return 1
+ POST_TEST=$(dmesg | grep -c "${ERR_MSG}")
+
+ if [ "$PRE_TEST" == "$POST_TEST" ]; then
+ info "failed - clone depth too large"
+ return 1
+ fi
+
PRE_TEST=$(dmesg | grep -c "${ERR_MSG}")
ovs_add_flow "test_netlink_checks" nv0 \
'in_port(1),eth(),eth_type(0x0806),arp()' 'drop(0),2' \
diff --git a/tools/testing/selftests/net/openvswitch/ovs-dpctl.py
b/tools/testing/selftests/net/openvswitch/ovs-dpctl.py
index b97e621face95..5e0e539a323d5 100644
--- a/tools/testing/selftests/net/openvswitch/ovs-dpctl.py
+++ b/tools/testing/selftests/net/openvswitch/ovs-dpctl.py
@@ -299,7 +299,7 @@ class ovsactions(nla):
("OVS_ACTION_ATTR_PUSH_NSH", "none"),
("OVS_ACTION_ATTR_POP_NSH", "flag"),
("OVS_ACTION_ATTR_METER", "none"),
-("OVS_ACTION_ATTR_CLONE", "none"),
+("OVS_ACTION_ATTR_CLONE", "recursive"),
("OVS_ACTION_ATTR_CHECK_PKT_LEN", "none"),
("OVS_ACTION_ATTR_ADD_MPLS", "none"),
("OVS_ACTION_ATTR_DEC_TTL", "none"),
@@ -465,29 +465,42 @@ class ovsactions(nla):
print_str += "pop_mpls"
else:
datum = self.get_attr(field[0])
-print_str += datum.dpstr(more)
+if field[0] == "OVS_ACTION_ATTR_CLONE":
+print_str += "clone("
+print_str += datum.dpstr(more)
+print_str += ")"
+else:
+print_str += datum.dpstr(more)
return print_str
def parse(self, actstr):
+totallen = len(actstr)
while len(actstr) != 0:
parsed = False
+parencount = 0
if actstr.startswith("drop"):
# If no reason is provided, the implicit drop is used (i.e no
# action). If some reason is given, an explicit action is used.
-actstr, reason = parse_extract_field(
-actstr,
-"drop(",
-"([0-9]+)",
-lambda x: int(x, 0),
-False,
-None,
-)
+reason = None
+if actstr.startswith("drop("):
+parencount += 1
+
+actstr, reason = parse_extract_field(
+actstr,
+"drop(",
+"([0-9]+)",
+lambda x: int(x, 0),
+False,
+None,
+)
+
if reason is not None:
self["attrs"].append(["OVS_ACTION_ATTR_DROP", reason])
parsed = True
else:
-return
+actstr = actstr[len("drop"): ]
+return (totallen - len(actstr))
elif parse_starts_block(actstr, "^(\d+)", False, True):
actstr, output = parse_extract_field(
@@ -504,6 +517,7 @@ class ovsactions(nla):
False,
0,
)
+parencount += 1
self["attrs"].append(["OVS_ACTION_ATTR_RECIRC", recircid])
parsed = True
@@ -516,12 +530,22 @@ class ovsactions(nla):
for flat_act in parse_flat_map:
if
Re: [ovs-dev] [PATCH v1 01/12] python: ovs: Add flowviz scheleton.
On 19 Feb 2024, at 9:14, Adrian Moreno wrote: > Add a new python package (just the scheleton for now) to hold a flow > visualization tool based on the flow parsing library. > > flowviz dependencies are installed via "extras_require", so a user must > run: > > $ pip install .[flowviz] > or > $ pip install ovs[flowviz] > > Signed-off-by: Adrian Moreno Thanks for making the additional nit changes. Acked-by: Eelco Chaudron ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH AUTOSEL 6.7 10/26] selftests: openvswitch: Add validation for the recursion test
From: Aaron Conole
[ Upstream commit bd128f62c365504e1268dc09fcccdfb1f091e93a ]
Add a test case into the netlink checks that will show the number of
nested action recursions won't exceed 16. Going to 17 on a small
clone call isn't enough to exhaust the stack on (most) systems, so
it should be safe to run even on systems that don't have the fix
applied.
Signed-off-by: Aaron Conole
Reviewed-by: Simon Horman
Link: https://lore.kernel.org/r/20240207132416.1488485-3-acon...@redhat.com
Signed-off-by: Jakub Kicinski
Signed-off-by: Sasha Levin
---
.../selftests/net/openvswitch/openvswitch.sh | 13
.../selftests/net/openvswitch/ovs-dpctl.py| 71 +++
2 files changed, 69 insertions(+), 15 deletions(-)
diff --git a/tools/testing/selftests/net/openvswitch/openvswitch.sh
b/tools/testing/selftests/net/openvswitch/openvswitch.sh
index f8499d4c87f3f..36e40256ab92a 100755
--- a/tools/testing/selftests/net/openvswitch/openvswitch.sh
+++ b/tools/testing/selftests/net/openvswitch/openvswitch.sh
@@ -502,7 +502,20 @@ test_netlink_checks () {
wc -l) == 2 ] || \
return 1
+ info "Checking clone depth"
ERR_MSG="Flow actions may not be safe on all matching packets"
+ PRE_TEST=$(dmesg | grep -c "${ERR_MSG}")
+ ovs_add_flow "test_netlink_checks" nv0 \
+ 'in_port(1),eth(),eth_type(0x800),ipv4()' \
+
'clone(clone(clone(clone(clone(clone(clone(clone(clone(clone(clone(clone(clone(clone(clone(clone(clone(drop)'
\
+ >/dev/null 2>&1 && return 1
+ POST_TEST=$(dmesg | grep -c "${ERR_MSG}")
+
+ if [ "$PRE_TEST" == "$POST_TEST" ]; then
+ info "failed - clone depth too large"
+ return 1
+ fi
+
PRE_TEST=$(dmesg | grep -c "${ERR_MSG}")
ovs_add_flow "test_netlink_checks" nv0 \
'in_port(1),eth(),eth_type(0x0806),arp()' 'drop(0),2' \
diff --git a/tools/testing/selftests/net/openvswitch/ovs-dpctl.py
b/tools/testing/selftests/net/openvswitch/ovs-dpctl.py
index b97e621face95..5e0e539a323d5 100644
--- a/tools/testing/selftests/net/openvswitch/ovs-dpctl.py
+++ b/tools/testing/selftests/net/openvswitch/ovs-dpctl.py
@@ -299,7 +299,7 @@ class ovsactions(nla):
("OVS_ACTION_ATTR_PUSH_NSH", "none"),
("OVS_ACTION_ATTR_POP_NSH", "flag"),
("OVS_ACTION_ATTR_METER", "none"),
-("OVS_ACTION_ATTR_CLONE", "none"),
+("OVS_ACTION_ATTR_CLONE", "recursive"),
("OVS_ACTION_ATTR_CHECK_PKT_LEN", "none"),
("OVS_ACTION_ATTR_ADD_MPLS", "none"),
("OVS_ACTION_ATTR_DEC_TTL", "none"),
@@ -465,29 +465,42 @@ class ovsactions(nla):
print_str += "pop_mpls"
else:
datum = self.get_attr(field[0])
-print_str += datum.dpstr(more)
+if field[0] == "OVS_ACTION_ATTR_CLONE":
+print_str += "clone("
+print_str += datum.dpstr(more)
+print_str += ")"
+else:
+print_str += datum.dpstr(more)
return print_str
def parse(self, actstr):
+totallen = len(actstr)
while len(actstr) != 0:
parsed = False
+parencount = 0
if actstr.startswith("drop"):
# If no reason is provided, the implicit drop is used (i.e no
# action). If some reason is given, an explicit action is used.
-actstr, reason = parse_extract_field(
-actstr,
-"drop(",
-"([0-9]+)",
-lambda x: int(x, 0),
-False,
-None,
-)
+reason = None
+if actstr.startswith("drop("):
+parencount += 1
+
+actstr, reason = parse_extract_field(
+actstr,
+"drop(",
+"([0-9]+)",
+lambda x: int(x, 0),
+False,
+None,
+)
+
if reason is not None:
self["attrs"].append(["OVS_ACTION_ATTR_DROP", reason])
parsed = True
else:
-return
+actstr = actstr[len("drop"): ]
+return (totallen - len(actstr))
elif parse_starts_block(actstr, "^(\d+)", False, True):
actstr, output = parse_extract_field(
@@ -504,6 +517,7 @@ class ovsactions(nla):
False,
0,
)
+parencount += 1
self["attrs"].append(["OVS_ACTION_ATTR_RECIRC", recircid])
parsed = True
@@ -516,12 +530,22 @@ class ovsactions(nla):
for flat_act in parse_flat_map:
if
Re: [ovs-dev] [PATCH v1 12/12] documentation: Document ovs-flowviz.
On 20 Feb 2024, at 7:29, Adrian Moreno wrote: > On 2/19/24 23:53, Ilya Maximets wrote: >> On 2/19/24 09:14, Adrian Moreno wrote: >>> Add a page for flow visualization with a few key concepts and examples. >>> >>> Signed-off-by: Adrian Moreno >>> --- >>> Documentation/automake.mk | 3 +- >>> Documentation/topics/flow-visualization.rst | 469 >> >> Hi, Adrian. This doc looks a lot like a man page. Maybe it should it be >> a man page instead? i.e. be in Documentation/ref/ and structured a little >> more like a man page? >> >> I suppose it can also be split in two docs, the man page and a topic >> document with more comprehensive usage examples. What do you think? >> > > That's a good idea. Will do. Some more small nits, but I’ll wait for the v2 on this before I do a full review. //Eelco >> >> I didn't fully read the doc, but see some typos and minor issues that >> caught my eye below. >> >> Best regards, Ilya Maximets. >> >>> Documentation/topics/index.rst | 1 + >>> 3 files changed, 472 insertions(+), 1 deletion(-) >>> create mode 100644 Documentation/topics/flow-visualization.rst >>> >>> diff --git a/Documentation/automake.mk b/Documentation/automake.mk >>> index 47d2e336a..f1339e876 100644 >>> --- a/Documentation/automake.mk >>> +++ b/Documentation/automake.mk >>> @@ -45,7 +45,7 @@ DOC_SOURCE = \ >>> Documentation/topics/fuzzing/ovs-fuzzing-infrastructure.rst \ >>> Documentation/topics/fuzzing/ovs-fuzzers.rst \ >>> Documentation/topics/fuzzing/security-analysis-of-ovs-fuzzers.rst \ >>> - Documentation/topics/testing.rst \ >>> + Documentation/topics/flow-visualization.rst \ >>> Documentation/topics/integration.rst \ >>> Documentation/topics/language-bindings.rst \ >>> Documentation/topics/networking-namespaces.rst \ >>> @@ -55,6 +55,7 @@ DOC_SOURCE = \ >>> Documentation/topics/ovsdb-replication.rst \ >>> Documentation/topics/porting.rst \ >>> Documentation/topics/record-replay.rst \ >>> + Documentation/topics/testing.rst \ >>> Documentation/topics/tracing.rst \ >>> Documentation/topics/usdt-probes.rst \ >>> Documentation/topics/userspace-checksum-offloading.rst \ >>> diff --git a/Documentation/topics/flow-visualization.rst >>> b/Documentation/topics/flow-visualization.rst >>> new file mode 100644 >>> index 0..366275c54 >>> --- /dev/null >>> +++ b/Documentation/topics/flow-visualization.rst >>> @@ -0,0 +1,469 @@ >>> +.. >>> + Licensed under the Apache License, Version 2.0 (the "License"); you >>> may >>> + not use this file except in compliance with the License. You may >>> obtain >>> + a copy of the License at >>> + >>> + http://www.apache.org/licenses/LICENSE-2.0 >>> + >>> + Unless required by applicable law or agreed to in writing, software >>> + distributed under the License is distributed on an "AS IS" BASIS, >>> WITHOUT >>> + WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See >>> the >>> + License for the specific language governing permissions and >>> limitations >>> + under the License. >>> + >>> + Convention for heading levels in Open vSwitch documentation: >>> + >>> + === Heading 0 (reserved for the title in a document) >>> + --- Heading 1 >>> + ~~~ Heading 2 >>> + +++ Heading 3 >>> + ''' Heading 4 >>> + >>> + Avoid deeper levels because they do not render well. >>> + >>> += >>> +ovs-flowviz: Datapath and Openflow flow visualization >> >> * OpenFlow >> >>> += >>> + >>> +When troubleshooting networking issues with OVS, we typically end up >>> looking >>> +at OpenFlow or datapath flow dumps. These dumps tend to be quite dense and >>> +difficult to reason about. >>> + >>> +``ovs-flowviz`` is a utility script that helps visualizing OpenFlow and >>> +datapath flows to make it easier to understand what is going on. >>> + >>> + >>> +Installing ovs-flowviz >>> +-- >>> + >>> +``ovs-flowviz`` is part of the openvswitch python package. To install it, >>> run: >>> +:: >>> + >>> +$ pip install openvswitch[flowviz] >>> + >>> +Or, if you are working with the OVS tree: >>> +:: >>> + >>> +$ cd python && pip install .[flowviz] >>> + >>> +Running the tool >>> + >>> +Here is the basic usage of the tool: >>> +:: >>> + >>> +$ ovs-flowviz --help >>> +Usage: ovs-flowviz [OPTIONS] COMMAND [ARGS]... >>> + >>> + OpenvSwitch flow visualization utility. >>> + >>> + It reads openflow and datapath flows (such as the output of >>> ovs-ofctl dump- OpenFlow >>> + flows or ovs-appctl dpctl/dump-flows) and prints them in different >>> formats. >>> + >>> +Options: >>> + -c, --config PATH Use config file [default: >>> /home/amorenoz/src/ovs/pyth >> >> We probbaly shouldn't list
Re: [ovs-dev] [PATCH v1 03/12] python: ovs: flowviz: Add console formatting.
On 19 Feb 2024, at 9:14, Adrian Moreno wrote:
> Add a flow formatting framework and one implementation for console
> printing using rich.
>
> The flow formatting framework is a simple set of classes that can be
> used to write different flow formatting implementations. It supports
> styles to be described by any class, highlighting and config-file based
> style definition.
>
> The first flow formatting implementation is also introduced: the
> ConsoleFormatter. It uses the an advanced rich-text printing library
> [1].
>
> The console printing supports:
> - Heatmap: printing the packet/byte statistics of each flow in a color
> that represents its relative size: blue (low) -> red (high).
> - Printing a banner with the file name and alias.
> - Extensive style definition via config file.
>
> This console format is added to both OpenFlow and Datapath flows.
>
> Examples:
> - Highlight drops in datapath flows:
> $ ovs-flowviz -i flows.txt --highlight "drop" datapath console
> - Quickly detect where most packets are going using heatmap and
> paginated output:
> $ ovs-ofctl dump-flows br-int | ovs-flowviz openflow console -h
>
> [1] https://rich.readthedocs.io/en/stable/introduction.html
>
> Signed-off-by: Adrian Moreno
> ---
Two small nits below, the rest look good to me.
//Eelco
> python/automake.mk| 2 +
> python/ovs/flowviz/console.py | 175
> python/ovs/flowviz/format.py | 371 ++
> python/ovs/flowviz/main.py| 58 +-
> python/ovs/flowviz/odp/cli.py | 25 +++
> python/ovs/flowviz/ofp/cli.py | 26 +++
> python/ovs/flowviz/process.py | 83 +++-
> python/setup.py | 4 +-
> 8 files changed, 736 insertions(+), 8 deletions(-)
> create mode 100644 python/ovs/flowviz/console.py
> create mode 100644 python/ovs/flowviz/format.py
>
> diff --git a/python/automake.mk b/python/automake.mk
> index fd5e74081..bd53c5405 100644
> --- a/python/automake.mk
> +++ b/python/automake.mk
> @@ -65,6 +65,8 @@ ovs_pytests = \
>
> ovs_flowviz = \
> python/ovs/flowviz/__init__.py \
> + python/ovs/flowviz/console.py \
> + python/ovs/flowviz/format.py \
> python/ovs/flowviz/main.py \
> python/ovs/flowviz/odp/__init__.py \
> python/ovs/flowviz/odp/cli.py \
> diff --git a/python/ovs/flowviz/console.py b/python/ovs/flowviz/console.py
> new file mode 100644
> index 0..4a3443360
> --- /dev/null
> +++ b/python/ovs/flowviz/console.py
> @@ -0,0 +1,175 @@
> +# Copyright (c) 2023 Red Hat, Inc.
> +#
> +# Licensed under the Apache License, Version 2.0 (the "License");
> +# you may not use this file except in compliance with the License.
> +# You may obtain a copy of the License at:
> +#
> +# http://www.apache.org/licenses/LICENSE-2.0
> +#
> +# Unless required by applicable law or agreed to in writing, software
> +# distributed under the License is distributed on an "AS IS" BASIS,
> +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
> +# See the License for the specific language governing permissions and
> +# limitations under the License.
> +
> +import colorsys
> +
> +from rich.console import Console
> +from rich.color import Color
> +from rich.emoji import Emoji
> +from rich.panel import Panel
> +from rich.text import Text
> +from rich.style import Style
> +
> +from ovs.flowviz.format import FlowFormatter, FlowBuffer, FlowStyle
> +
> +
> +def file_header(name):
> +return Panel(
> +Text(
> +Emoji.replace(":scroll:")
> ++ " "
> ++ name
> ++ " "
> ++ Emoji.replace(":scroll:"),
> +style="bold",
> +justify="center",
> +)
> +)
> +
> +
> +class ConsoleBuffer(FlowBuffer):
> +"""ConsoleBuffer implements FlowBuffer to provide console-based text
> +formatting based on rich.Text.
> +
> +Append functions accept a rich.Style.
> +
> +Args:
> +rtext(rich.Text): Optional; text instance to reuse
> +"""
> +
> +def __init__(self, rtext):
> +self._text = rtext or Text()
> +
> +@property
> +def text(self):
> +return self._text
> +
> +def _append(self, string, style):
> +"""Append to internal text."""
> +return self._text.append(string, style)
> +
> +def append_key(self, kv, style):
> +"""Append a key.
> +Args:
> +kv (KeyValue): the KeyValue instance to append
> +style (rich.Style): the style to use
> +"""
> +return self._append(kv.meta.kstring, style)
> +
> +def append_delim(self, kv, style):
> +"""Append a delimiter.
> +Args:
> +kv (KeyValue): the KeyValue instance to append
> +style (rich.Style): the style to use
> +"""
> +return self._append(kv.meta.delim, style)
> +
> +def append_end_delim(self, kv, style):
> +"""Append an end delimiter.
> +Args:
> +kv
Re: [ovs-dev] [PATCH v1 06/12] python: ovs: flowviz: Add datapath tree format.
On 19 Feb 2024, at 9:14, Adrian Moreno wrote: > Datapath flows can be arranged into a "tree"-like structure based on > recirculation ids, e.g: > > recirc(0),eth(...),ipv4(...) actions=ct,recirc(0x42) >\-> recirc(42),ct_state(0/0),eth(...),ipv4(...) actions=1 >\-> recirc(42),ct_state(1/0),eth(...),ipv4(...) actions=userspace(...) > > This patch adds support for building such logical datapath trees in a > format-agnostic way and adds support for console-based formatting > supporting: > - head-maps formatting of statistics > - hash-based pallete of recirculation ids: each recirculation id is > assigned a unique color to easily follow the sequence of related > actions. > - full-tree filtering: if a user specifies a filter, an entire subtree > is filtered out if none of its branches satisfy it. > > Acked-by: Eelco Chaudron > Signed-off-by: Adrian Moreno Ack on the additional small changes. Acked-by: Eelco Chaudron ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH v1 11/12] python: ovs: flowviz: Support html dark style.
On 19 Feb 2024, at 9:14, Adrian Moreno wrote: > In order to support dark style in html outputs, allow the config file to > express the background color and set it in a top style object. > > Signed-off-by: Adrian Moreno Thanks for adding this. It makes my eyes happy ;) Acked-by: Eelco Chaudron ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH ovn] Update copyright year to 2024
Bleep bloop. Greetings Igor Zhukov, I am a robot and I have tried out your patch. Thanks for your contribution. I encountered some error that I wasn't expecting. See the details below. checkpatch: WARNING: The subject summary should end with a dot. Subject: Update copyright year to 2024 Lines checked: 29, Warnings: 1, Errors: 0 Please check this out. If you feel there has been an error, please email acon...@redhat.com Thanks, 0-day Robot ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH v1 08/12] python: ovs: flowviz: Add Openflow cookie format.
On 19 Feb 2024, at 9:14, Adrian Moreno wrote: > When anaylizing OVN issues, it might be useful to see what OpenFlow > flows were generated from each logical flow. In order to make it simpler > to visualize this, add a cookie format that simply sorts the flows first > by cookie, then by table. > > Example: > $ export OVN_NB_DB=... > $ export OVN_SB_DB=... > $ ovs-vsctl dump-flows br-int | ovs-flowviz openflow cookie > --ovn-filter="acl.*icmp4" > $ ovs-vsctl dump-flows br-int | ovs-flowviz openflow cookie > --ovn-detrace > > Acked-by: Eelco Chaudron > Signed-off-by: Adrian Moreno Ack on the additional change. Acked-by: Eelco Chaudron ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH v1 09/12] python: ovs: flowviz: Add datapath html format.
On 19 Feb 2024, at 9:14, Adrian Moreno wrote: > Using the existing FlowTree and HTMLFormatter, create an HTML tree > visualization that also supports collapsing and expanding entire flow > trees and subtrees. > > Examples: > $ ovs-appcl dpctl/dump-flows | ovs-flowviz --highlight drop datapath > html > /tmp/flows.html > $ ovs-appcl dpctl/dump-flows | ovs-flowviz -f "output.port=3" > datapath html > /tmp/flows.html > > Acked-by: Eelco Chaudron > Signed-off-by: Adrian Moreno Thanks for adding the example to the commit message. Acked-by: Eelco Chaudron ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH ovn] northd: Don't create fair Sb meters for ACLs with logging disabled.
On 2/28/24 02:21, Ales Musil wrote:
On Tue, Feb 27, 2024 at 5:04 PM Ilya Maximets wrote:
If the ACL.log is false for a fair meter, but ACL.meter is set in the
Northbound database, northd will create a unique meter for this ACL in
a Southbound database, even though it will never be used.
Normal ovn-nbctl acl-add command can't create such a record, but it is
possible with a plain 'ovn-nbctl set' or a direct database transaction.
And, in practice, ovn-kubernetes always sets the ACL.meter column even
if the logging is not enabled in the namespace. This creates extra
unnecessary load on the Southbound database and the ovn-controller that
performs a linear iteration over the Southbound Meter table on every
ofctrl_put().
Logging is also not a default option, so only a fraction of ACLs will
actually need meters under normal circumstances.
Stop generating these unnecessary meters.
In an ovn-kubernetes setup with 90K ACLs 1K of which has logging
enabled this saves ~20 MB of the Southbound database file size and
about 30% of the RSS on ovsdb-server (with 1 ovn-controller connected).
Should make ofctrl_put() in ovn-controller much faster as well.
Arguably, CMS should not set ACL.meter without ACL.log, but the
behavior of the ovn-northd is not correct either, so should be fixed
anyway.
Fixes: 880dca99eaf7 ("northd: Enhance the implementation of ACL log meters
(pre-ddlog merge).")
Reported-at: https://issues.redhat.com/browse/FDP-401
Signed-off-by: Ilya Maximets
---
northd/en-meters.c | 8 ++--
tests/ovn-northd.at | 18 ++
2 files changed, 24 insertions(+), 2 deletions(-)
diff --git a/northd/en-meters.c b/northd/en-meters.c
index aabd002b6..793a46335 100644
--- a/northd/en-meters.c
+++ b/northd/en-meters.c
@@ -203,9 +203,13 @@ sync_acl_fair_meter(struct ovsdb_idl_txn *ovnsb_txn,
const struct nbrec_acl *acl, struct shash *sb_meters,
struct sset *used_sb_meters)
{
-const struct nbrec_meter *nb_meter =
-fair_meter_lookup_by_name(meter_groups, acl->meter);
+const struct nbrec_meter *nb_meter;
+
+if (!acl->log || !acl->meter) {
+return;
+}
+nb_meter = fair_meter_lookup_by_name(meter_groups, acl->meter);
if (!nb_meter) {
return;
}
diff --git a/tests/ovn-northd.at b/tests/ovn-northd.at
index 6fdd761da..0732486f3 100644
--- a/tests/ovn-northd.at
+++ b/tests/ovn-northd.at
@@ -2432,6 +2432,24 @@ check_acl_lflow acl_two meter_me__${acl2} sw0
check_acl_lflow acl_three meter_me__${acl3} sw0
check_acl_lflow acl_three meter_me__${acl3} sw1
+AS_BOX([Disable/enable logging for acl3 while still referencing the
meter])
+check_row_count meter 4
+check ovn-nbctl --wait=sb set acl $acl3 log=false
+check_row_count meter 3
+check_meter_by_name meter_me meter_me__${acl1} meter_me__${acl2}
+check_meter_by_name NOT meter_me__${acl3}
+check_acl_lflow acl_one meter_me__${acl1} sw0
+check_acl_lflow acl_two meter_me__${acl2} sw0
+
+check ovn-nbctl --wait=sb set acl $acl3 log=true
+check_row_count meter 4
+check_meter_by_name \
+meter_me meter_me__${acl1} meter_me__${acl2} meter_me__${acl3}
+check_acl_lflow acl_one meter_me__${acl1} sw0
+check_acl_lflow acl_two meter_me__${acl2} sw0
+check_acl_lflow acl_three meter_me__${acl3} sw0
+check_acl_lflow acl_three meter_me__${acl3} sw1
+
AS_BOX([Stop using meter for acl1])
check ovn-nbctl --wait=sb clear acl $acl1 meter
check_meter_by_name meter_me meter_me__${acl2}
--
2.43.0
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Looks good to me, thanks.
Acked-by: Ales Musil
Thanks Ilya and Ales.
I merged this to main and all branches back to branch-23.03.
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH ovn branch-23.09 2/2] Prepare for 23.09.3.
Signed-off-by: Mark Michelson --- NEWS | 3 +++ configure.ac | 2 +- debian/changelog | 6 ++ 3 files changed, 10 insertions(+), 1 deletion(-) diff --git a/NEWS b/NEWS index c6e0e2483..58b1c9066 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,6 @@ +OVN v23.09.3 - xx xxx +-- + OVN v23.09.2 - 01 Mar 2024 -- - Bug fixes diff --git a/configure.ac b/configure.ac index e4d5134dd..090a29a15 100644 --- a/configure.ac +++ b/configure.ac @@ -13,7 +13,7 @@ # limitations under the License. AC_PREREQ(2.63) -AC_INIT(ovn, 23.09.2, b...@openvswitch.org) +AC_INIT(ovn, 23.09.3, b...@openvswitch.org) AC_CONFIG_MACRO_DIR([m4]) AC_CONFIG_AUX_DIR([build-aux]) AC_CONFIG_HEADERS([config.h]) diff --git a/debian/changelog b/debian/changelog index 39087759c..e9255a9ef 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +OVN (23.09.3-1) unstable; urgency=low + [ OVN team ] + * New upstream version + + -- OVN team Thu, 29 Feb 2024 14:08:22 -0500 + OVN (23.09.2-1) unstable; urgency=low [ OVN team ] * New upstream version -- 2.43.0 ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH ovn branch-22.03 1/2] Set release date for 22.03.6.
Signed-off-by: Mark Michelson --- NEWS | 3 ++- debian/changelog | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/NEWS b/NEWS index d2e495af3..8f691f2b5 100644 --- a/NEWS +++ b/NEWS @@ -1,5 +1,6 @@ -OVN v22.03.6 - xx xxx +OVN v22.03.6 - 01 Mar 2024 -- + - Bug fixes - Add "garp-max-timeout-sec" config option to vswitchd external-ids to cap the time between when ovn-controller sends gARP packets. diff --git a/debian/changelog b/debian/changelog index dd90f836b..d3134e5a7 100644 --- a/debian/changelog +++ b/debian/changelog @@ -2,7 +2,7 @@ OVN (22.03.6-1) unstable; urgency=low [ OVN team ] * New upstream version - -- OVN team Fri, 01 Dec 2023 14:41:25 -0500 + -- OVN team Thu, 29 Feb 2024 14:08:13 -0500 OVN (22.03.5-1) unstable; urgency=low [ OVN team ] -- 2.43.0 ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH ovn branch-23.09 0/2] Release patches for v23.09.2.
Mark Michelson (2): Set release date for 23.09.2. Prepare for 23.09.3. NEWS | 5 - configure.ac | 2 +- debian/changelog | 8 +++- 3 files changed, 12 insertions(+), 3 deletions(-) -- 2.43.0 ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH ovn branch-24.03 0/2] Release patches for v24.03.0.
Mark Michelson (2): Set release date for 24.03.0. Prepare for 24.03.1. NEWS | 5 - configure.ac | 2 +- debian/changelog | 8 +++- 3 files changed, 12 insertions(+), 3 deletions(-) -- 2.43.0 ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH ovn branch-22.03 2/2] Prepare for 22.03.7.
Signed-off-by: Mark Michelson --- NEWS | 3 +++ configure.ac | 2 +- debian/changelog | 6 ++ 3 files changed, 10 insertions(+), 1 deletion(-) diff --git a/NEWS b/NEWS index 8f691f2b5..5e707974d 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,6 @@ +OVN v22.03.7 - xx xxx +-- + OVN v22.03.6 - 01 Mar 2024 -- - Bug fixes diff --git a/configure.ac b/configure.ac index 2d13430de..e11553351 100644 --- a/configure.ac +++ b/configure.ac @@ -13,7 +13,7 @@ # limitations under the License. AC_PREREQ(2.63) -AC_INIT(ovn, 22.03.6, b...@openvswitch.org) +AC_INIT(ovn, 22.03.7, b...@openvswitch.org) AC_CONFIG_MACRO_DIR([m4]) AC_CONFIG_AUX_DIR([build-aux]) AC_CONFIG_HEADERS([config.h]) diff --git a/debian/changelog b/debian/changelog index d3134e5a7..68ca39e26 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +OVN (22.03.7-1) unstable; urgency=low + [ OVN team ] + * New upstream version + + -- OVN team Thu, 29 Feb 2024 14:08:13 -0500 + OVN (22.03.6-1) unstable; urgency=low [ OVN team ] * New upstream version -- 2.43.0 ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH ovn branch-23.09 1/2] Set release date for 23.09.2.
Signed-off-by: Mark Michelson --- NEWS | 2 +- debian/changelog | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/NEWS b/NEWS index 060b0d0e6..c6e0e2483 100644 --- a/NEWS +++ b/NEWS @@ -1,4 +1,4 @@ -OVN v23.09.2 - xx xxx +OVN v23.09.2 - 01 Mar 2024 -- - Bug fixes - Enable PMTU discovery on geneve/vxlan tunnels for E/W traffic. diff --git a/debian/changelog b/debian/changelog index 479d4c944..39087759c 100644 --- a/debian/changelog +++ b/debian/changelog @@ -2,7 +2,7 @@ OVN (23.09.2-1) unstable; urgency=low [ OVN team ] * New upstream version - -- OVN team Fri, 01 Dec 2023 14:41:31 -0500 + -- OVN team Thu, 29 Feb 2024 14:08:22 -0500 OVN (23.09.1-1) unstable; urgency=low [ OVN team ] -- 2.43.0 ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH ovn branch-24.03 1/2] Set release date for 24.03.0.
Signed-off-by: Mark Michelson --- NEWS | 2 +- debian/changelog | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/NEWS b/NEWS index a58c8d350..71de7bf78 100644 --- a/NEWS +++ b/NEWS @@ -1,4 +1,4 @@ -OVN v24.03.0 - xx xxx +OVN v24.03.0 - 01 Mar 2024 -- - DNS now have an "options" column for configuration of extra options. - A new DNS option "ovn-owned" has been added to allow defining domains diff --git a/debian/changelog b/debian/changelog index ad21b4eda..c00e7dbab 100644 --- a/debian/changelog +++ b/debian/changelog @@ -2,7 +2,7 @@ ovn (24.03.0-1) unstable; urgency=low * New upstream version - -- OVN team Fri, 02 Feb 2024 11:16:48 -0500 + -- OVN team Thu, 29 Feb 2024 14:08:33 -0500 ovn (23.09.0-1) unstable; urgency=low -- 2.43.0 ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH ovn branch-24.03 2/2] Prepare for 24.03.1.
Signed-off-by: Mark Michelson --- NEWS | 3 +++ configure.ac | 2 +- debian/changelog | 6 ++ 3 files changed, 10 insertions(+), 1 deletion(-) diff --git a/NEWS b/NEWS index 71de7bf78..c66a2bc50 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,6 @@ +OVN v24.03.1 - xx xxx +-- + OVN v24.03.0 - 01 Mar 2024 -- - DNS now have an "options" column for configuration of extra options. diff --git a/configure.ac b/configure.ac index 5faf1b7e1..5f15422f2 100644 --- a/configure.ac +++ b/configure.ac @@ -13,7 +13,7 @@ # limitations under the License. AC_PREREQ(2.63) -AC_INIT(ovn, 24.03.0, b...@openvswitch.org) +AC_INIT(ovn, 24.03.1, b...@openvswitch.org) AC_CONFIG_MACRO_DIR([m4]) AC_CONFIG_AUX_DIR([build-aux]) AC_CONFIG_HEADERS([config.h]) diff --git a/debian/changelog b/debian/changelog index c00e7dbab..77cdc6598 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +OVN (24.03.1-1) unstable; urgency=low + [ OVN team ] + * New upstream version + + -- OVN team Thu, 29 Feb 2024 14:08:33 -0500 + ovn (24.03.0-1) unstable; urgency=low * New upstream version -- 2.43.0 ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH ovn branch-22.03 0/2] Release patches for v22.03.6.
Mark Michelson (2): Set release date for 22.03.6. Prepare for 22.03.7. NEWS | 6 +- configure.ac | 2 +- debian/changelog | 8 +++- 3 files changed, 13 insertions(+), 3 deletions(-) -- 2.43.0 ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH ovn branch-23.09 2/2] Prepare for 23.09.3.
Bleep bloop. Greetings Mark Michelson, I am a robot and I have tried out your patch. Thanks for your contribution. I encountered some error that I wasn't expecting. See the details below. git-am: error: sha1 information is lacking or useless (NEWS). error: could not build fake ancestor hint: Use 'git am --show-current-patch=diff' to see the failed patch Patch failed at 0001 Prepare for 23.09.3. When you have resolved this problem, run "git am --continue". If you prefer to skip this patch, run "git am --skip" instead. To restore the original branch and stop patching, run "git am --abort". Please check this out. If you feel there has been an error, please email acon...@redhat.com Thanks, 0-day Robot ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
