Re: [ovs-dev] [PATCH 1/3] ofproto-dpif: Validate ct_* field masks.

> On Nov 10, 2015, at 1:52 PM, Joe Stringer <joestrin...@nicira.com> wrote: > > On 9 November 2015 at 17:17, Jarno Rajahalme <ja...@ovn.org > <mailto:ja...@ovn.org>> wrote: >> >>> On Nov 7, 2015, at 12:05 PM, Joe Stringer <joestrin...@nicira.com&

Re: [ovs-dev] [PATCH] ovs-thread: Fix memory leak in thread exit.

Let’s cut this off before it gets totally out of hand :-) Jarno Acked-by: Jarno Rajahalme <jrajaha...@nicira.com> > On Nov 10, 2015, at 1:59 PM, Ben Pfaff <b...@ovn.org> wrote: > > Maybe email addresses are the problem? I'll try a signed-off-by without > a

Re: [ovs-dev] [PATCH 1/2] ofproto-dpif-xlate: Don't stop processing after ct.

ata; The current copy of the As discussed, the action set is forked as well. Assuming the commit message and the comment above the new function is fixed: Acked-by: Jarno Rajahalme <jrajaha...@nicira.com> Jarno > packet will continue processing, including to return back to prior > resubmit()

Re: [ovs-dev] [PATCH 1/2] ofproto-dpif-xlate: Don't stop processing after ct.

> On Nov 9, 2015, at 12:50 PM, Joe Stringer wrote: > > On 9 November 2015 at 10:56, Joe Stringer > wrote: >> If conntrack recirculates, it should not stop processing the current >> pipeline. The cloned packet will

Re: [ovs-dev] [PATCH 1/3] ofproto-dpif: Validate ct_* field masks.

Joe, It just occurred to me that here we want to check if there is a match on a non-supported field. For that checking the mask alone is sufficient, so that this can be simplified quite a bit. Jarno > On Nov 9, 2015, at 5:17 PM, Jarno Rajahalme <ja...@ovn.org> wrote: > > &g

Re: [ovs-dev] [RFC PATCH net-next v2 0/8] openvswitch: NAT support.

> On Nov 9, 2015, at 5:31 AM, Patrick McHardy <ka...@trash.net> wrote: > > On 06.11, Jarno Rajahalme wrote: >> This series adds NAT support to openvswitch kernel module. A few >> changes are needed to the netfilter code to facilitate this (patches >> 1-3/8).

Re: [ovs-dev] [RFC PATCH net-next v2 0/8] openvswitch: NAT support.

[Resending from my new address] > On Nov 9, 2015, at 5:31 AM, Patrick McHardy <ka...@trash.net > <mailto:ka...@trash.net>> wrote: > > On 06.11, Jarno Rajahalme wrote: >> This series adds NAT support to openvswitch kernel module. A few >> changes are needed

Re: [ovs-dev] [RFC PATCH net-next v2 0/8] openvswitch: NAT support.

[Resending as plain text] > On Nov 9, 2015, at 5:31 AM, Patrick McHardy <ka...@trash.net> wrote: > > On 06.11, Jarno Rajahalme wrote: >> This series adds NAT support to openvswitch kernel module. A few >> changes are needed to the netfilter code to facilitate this (pa

Re: [ovs-dev] [PATCH 1/3] ofproto-dpif: Validate ct_* field masks.

> On Nov 7, 2015, at 12:05 PM, Joe Stringer wrote: > > When inserting rules that match on connection tracking fields, datapath > support must be checked before allowing or denying the rule insertion. > Previously we only disallowed flows that had non-zero values for the

Re: [ovs-dev] [PATCH 2/3] ofp-actions: Refactor ofpact_get_mf_dst().

LGTM, Acked-by: Jarno Rajahalme <jrajaha...@nicira.com> > On Nov 7, 2015, at 12:05 PM, Joe Stringer <joestrin...@nicira.com> wrote: > > This function finds the mf destination field for any ofpact, returning > NULL if not applicable. It will be used by the next pa

Re: [ovs-dev] [PATCH 3/3] ofproto-dpif: Validate ct action support.

> On Nov 7, 2015, at 12:05 PM, Joe Stringer wrote: > > Disallow installing rules that execute ct() if conntrack is unsupported > in the datapath. > > Reported-by: Ravindra Kenchappa > Signed-off-by: Joe Stringer >

Re: [ovs-dev] [PATCH 3/6] ofproto: Allow xlate_actions() to fail.

New version of this is included in the NAT series, as I recall it depends on this. Jarno > On Nov 4, 2015, at 11:31 AM, Joe Stringer <joestrin...@nicira.com> wrote: > > On 28 October 2015 at 20:07, Jarno Rajahalme <jrajaha...@nicira.com > <mailto:jrajaha...@nicira.c

[ovs-dev] [RFC PATCH net-next v2 7/8] openvswitch: Delay conntrack helper call for new connections.

There is no need to help connections that are not confirmed, so we can delay helping new connections to the time when they are confirmed. This change is needed for NAT support, and having this as a separate patch will make the following NAT patch a bit easier to review. Signed-off-by: Jarno

[ovs-dev] [RFC PATCH net-next v2 8/8] openvswitch: Interface with NAT.

/nat. Signed-off-by: Jarno Rajahalme <jrajaha...@nicira.com> --- include/uapi/linux/openvswitch.h | 47 net/openvswitch/conntrack.c | 520 +-- net/openvswitch/conntrack.h | 3 +- 3 files changed, 544 insertions(+), 26 deletions(-) diff

[ovs-dev] [RFC PATCH net-next v2 5/8] openvswitch: Find existing conntrack entry after upcall.

hrough NAT using the original ct reference also after the reference is lost after an upcall. Signed-off-by: Jarno Rajahalme <jrajaha...@nicira.com> --- net/openvswitch/conntrack.c | 95 ++--- 1 file changed, 82 insertions(+), 13 deletions(-)

[ovs-dev] [RFC PATCH net-next v2 3/8] netfilter: Allow calling into nat helper without skb_dst.

elar <pshe...@nicira.com> Signed-off-by: Jarno Rajahalme <jrajaha...@nicira.com> --- net/ipv4/netfilter/nf_nat_l3proto_ipv4.c | 29 - net/ipv6/netfilter/nf_nat_l3proto_ipv6.c | 29 - 2 files changed, 16 insertions(+), 42 deletions(-)

[ovs-dev] [RFC PATCH net-next v2 0/8] openvswitch: NAT support.

conntrack action. Jarno Rajahalme (8): netfilter: Remove IP_CT_NEW_REPLY definition. netfilter: Factor out nf_ct_get_info(). netfilter: Allow calling into nat helper without skb_dst. openvswitch: Update the CT state key only after nf_conntrack_in(). openvswitch: Find existing conntrack

[ovs-dev] [RFC PATCH net-next v2 2/8] netfilter: Factor out nf_ct_get_info().

Define a new inline function to map conntrack status to enum ip_conntrack_info. This removes the need to otherwise duplicate this code in a later patch ("openvswitch: Find existing conntrack entry after upcall."). Signed-off-by: Jarno Rajahalme <jrajaha...@nicira.com> --- inclu

[ovs-dev] [RFC PATCH net-next v2 6/8] openvswitch: Handle NF_REPEAT in conntrack action.

Repeat the nf_conntrack_in() call when it returns NF_REPEAT. This avoids dropping a SYN packet re-opening an existing TCP connection. Signed-off-by: Jarno Rajahalme <jrajaha...@nicira.com> --- net/openvswitch/conntrack.c | 10 -- 1 file changed, 8 insertions(+), 2 deletions(-)

[ovs-dev] [RFC PATCH net-next v2 4/8] openvswitch: Update the CT state key only after nf_conntrack_in().

Only a successful nf_conntrack_in() call can effect a connection state change, so if suffices to update the key only after the nf_conntrack_in() returns. This change is needed for the later NAT patches. Signed-off-by: Jarno Rajahalme <jrajaha...@nicira.com> --- net/openvswitch/conntrack

[ovs-dev] [RFC PATCH net-next v2 1/8] netfilter: Remove IP_CT_NEW_REPLY definition.

Remove the definition of IP_CT_NEW_REPLY from the kernel as it does not make sense. This allows the definition of IP_CT_NUMBER to be simplified as well. Signed-off-by: Jarno Rajahalme <jrajaha...@nicira.com> --- include/uapi/linux/netfilter/nf_conntrack_common.h | 12 +--

[ovs-dev] [PATCH v2 0/8] Support NAT in OVS conntrack action.

kernel with the corresponding patch series applied. Jarno Rajahalme (8): ofproto: Allow xlate_actions() to fail. ofproto: Enable in-place modification for recirc actions. system-tests: Make bridge creation more consistent. system-tests: Use '--bundle' system-tests: Add IPv6 FTP system test

[ovs-dev] [PATCH v2 5/8] system-tests: Add IPv6 FTP system test.

Signed-off-by: Jarno Rajahalme <jrajaha...@nicira.com> --- tests/system-traffic.at | 50 + 1 file changed, 50 insertions(+) diff --git a/tests/system-traffic.at b/tests/system-traffic.at index eeafd24..0999f03 100644 --- a/tests/system-traf

[ovs-dev] [PATCH v2 3/8] system-tests: Make bridge creation more consistent.

Create all bridges with the same set of supported OpenFlow protocols and fail-safe-mode secure, so that each test explicitly specifies flow handling. Signed-off-by: Jarno Rajahalme <jrajaha...@nicira.com> --- tests/system-kmod-macros.at | 6 +-- tests/system-traffic.at

[ovs-dev] [PATCH v2 2/8] ofproto: Enable in-place modification for recirc actions.

When modifying an existing datapath flow with recirculation actions, the references to old (if any) recirculation actions need to be freed, and references to new recirculation actions need to be stored. Signed-off-by: Jarno Rajahalme <jrajaha...@nicira.com> Acked-by: Joe Stringer <

[ovs-dev] [PATCH v2 8/8] conntrack action: Add support for NAT.

. This work extends on a branch by Thomas Graf at https://github.com/tgraf/ovs/tree/nat. Signed-off-by: Jarno Rajahalme <jrajaha...@nicira.com> --- datapath/linux/compat/include/linux/openvswitch.h | 44 ++ lib/flow.c| 4 + lib/odp-

[ovs-dev] [PATCH v2 6/8] system-tests: Workaround for pyftpdlib bug handling IPv6 addresses.

Hack around a bug in pyftpdlib that rejects EPRT connection due to mismatching textual representation of the IPv6 address when the address is not in the normalized format. This happens when the control connection is mangled by Linux NAT. Signed-off-by: Jarno Rajahalme <jrajaha...@nicira.

[ovs-dev] [PATCH v2 4/8] system-tests: Use '--bundle'

Use OpenFlow bundles for setting up flow tables. This has the benefit that when debugging test failures, no packet gets processed by partially set-up flow table, which may seem confusing. Signed-off-by: Jarno Rajahalme <jrajaha...@nicira.com> --- tests/system-traffic.a

[ovs-dev] [PATCH v2 7/8] packets: Reorder CS_* flags to remove gap.

-off-by: Jarno Rajahalme <jrajaha...@nicira.com> --- lib/packets.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/packets.h b/lib/packets.h index 67f635e..f50f42f 100644 --- a/lib/packets.h +++ b/lib/packets.h @@ -722,9 +722,9 @@ BUILD_ASSERT_DECL(TCP_HEAD

[ovs-dev] [PATCH v2 1/8] ofproto: Allow xlate_actions() to fail.

that the revalidation installed a flow with a recirculation ID with an invalid recirc ID (== 0), due to the introduction of in-place modification in commit 43b2f131a229 (ofproto: Allow in-place modifications of datapath flows). Signed-off-by: Jarno Rajahalme <jrajaha...@nicira.com> --- ofproto/o

Re: [ovs-dev] [PATCH 2/6] upcall: Eliminate dead code.

Pushed to master, Jarno > On Nov 4, 2015, at 11:02 AM, Joe Stringer <joestrin...@nicira.com> wrote: > > On 28 October 2015 at 20:07, Jarno Rajahalme <jrajaha...@nicira.com> wrote: >> Signed-off-by: Jarno Rajahalme <jrajaha...@nicira.com> > > Acked-b

Re: [ovs-dev] [PATCH 1/6] tests: Strip more variable output from conntrack output.

Pushed to master, thanks for the review! Jarno > On Nov 4, 2015, at 11:00 AM, Joe Stringer <joestrin...@nicira.com> wrote: > > On 28 October 2015 at 20:07, Jarno Rajahalme <jrajaha...@nicira.com> wrote: >> 'conntrack' output format varies depending on the s

Re: [ovs-dev] [PATCH 3/6] ofproto: Allow xlate_actions() to fail.

> On Nov 4, 2015, at 11:31 AM, Joe Stringer <joestrin...@nicira.com> wrote: > > On 28 October 2015 at 20:07, Jarno Rajahalme <jrajaha...@nicira.com > <mailto:jrajaha...@nicira.com>> wrote: >> Sometimes xlate_actions() fails due to too deep recursion,

Re: [ovs-dev] [PATCH 4/6] ofp-actions: Fix conntrack action usable_protocols handling.

Pushed with the change proposed, thanks for the review! Jarno > On Nov 4, 2015, at 11:38 AM, Joe Stringer <joestrin...@nicira.com> wrote: > > On 28 October 2015 at 20:07, Jarno Rajahalme <jrajaha...@nicira.com> wrote: >> Restrictions from embedded actions shou

Re: [ovs-dev] [PATCH 5/6] upcall: Check for recirc_id in ukey_create_from_dpif_flow()

Pushed, Jarno > On Nov 4, 2015, at 11:40 AM, Joe Stringer <joestrin...@nicira.com> wrote: > > On 28 October 2015 at 20:07, Jarno Rajahalme <jrajaha...@nicira.com> wrote: >> Filter out not only flows with recirculation actions, but also flows >> with non-zero

Re: [ovs-dev] Timestamp for flow miss and flow insert

> On Oct 30, 2015, at 5:49 AM, Junguk Cho wrote: > > Hi, > > Is there command line tool or option to show flow miss timestamp and flow > insert timestamp when controller sends flow rules? > In other words, can we know when flow miss happens and when flow insert > happens? >

Re: [ovs-dev] [PATCH] test: Make test independent of the recirc_id

LGTM, Acked-by: Jarno Rajahalme <jrajaha...@nicira.com> > On Oct 29, 2015, at 3:09 PM, Andy Zhou <az...@nicira.com> wrote: > > Commit 8ae8176fd0d8ed919e3301cc961dcf02b65ff49d (tests: Make test > independent of the hash function) improves the test "ofprot-dpif >

[ovs-dev] [PATCH 4/6] ofp-actions: Fix conntrack action usable_protocols handling.

Restrictions from embedded actions should be folded in rather than discarded. Signed-off-by: Jarno Rajahalme <jrajaha...@nicira.com> --- lib/ofp-actions.c | 17 + 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/lib/ofp-actions.c b/lib/ofp-actions.c index 5

[ovs-dev] [PATCH 1/6] tests: Strip more variable output from conntrack output.

'conntrack' output format varies depending on the system configuration, i.e., conntrack accounting or timestamping is enabled. Modify the FORMAT_CT() macro to hide these differences. Signed-off-by: Jarno Rajahalme <jrajaha...@nicira.com> --- tests/system-common-macros.at | 8 +++-

[ovs-dev] [PATCH 6/6] ofproto: Enable in-place modification for recirc actions.

Signed-off-by: Jarno Rajahalme <jrajaha...@nicira.com> --- ofproto/ofproto-dpif-rid.h| 63 +++ ofproto/ofproto-dpif-upcall.c | 88 +-- ofproto/ofproto-dpif-xlate.c | 38 ++- ofproto/ofproto-dpif-xlate.h

[ovs-dev] [PATCH 3/6] ofproto: Allow xlate_actions() to fail.

43b2f131a229 (ofproto: Allow in-place modifications of datapath flows). Signed-off-by: Jarno Rajahalme <jrajaha...@nicira.com> --- ofproto/ofproto-dpif-upcall.c | 22 + ofproto/ofproto-dpif-xlate.c | 55 +-- ofproto/ofproto-dpif-xlate.h

[ovs-dev] [PATCH 2/6] upcall: Eliminate dead code.

Signed-off-by: Jarno Rajahalme <jrajaha...@nicira.com> --- ofproto/ofproto-dpif-upcall.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/ofproto/ofproto-dpif-upcall.c b/ofproto/ofproto-dpif-upcall.c index 3ef1b9a..245f52e 100644 --- a/ofproto/ofproto-dpif-upcall.c +++ b/ofproto/ofprot

[ovs-dev] [PATCH 5/6] upcall: Check for recirc_id in ukey_create_from_dpif_flow()

Filter out not only flows with recirculation actions, but also flows with non-zero recirculation id in flow key when creating ukeys from datapath flows, as such flows also depend on the recirculation context, which have been lost after a restart. Signed-off-by: Jarno Rajahalme <jraj

Re: [ovs-dev] [RFC PATCH 1/3] odp-util: Fix CT action formating.

> On Oct 23, 2015, at 4:20 PM, Joe Stringer <joestrin...@nicira.com> wrote: > > On 20 October 2015 at 15:23, Jarno Rajahalme <jrajaha...@nicira.com> wrote: >> Comma was missing after "label" attribute. >> >> Signed-off-by: Jarno Rajahalme &l

Re: [ovs-dev] [RFC PATCH 2/3] tests: Enable debugging in pyftpdlib.

> On Oct 23, 2015, at 4:20 PM, Joe Stringer <joestrin...@nicira.com> wrote: > > On 20 October 2015 at 15:23, Jarno Rajahalme <jrajaha...@nicira.com> wrote: >> Helps diagnosing problems. >> >> Signed-off-by: Jarno Rajahalme <jrajaha...@nicira.co

Re: [ovs-dev] [RFC PATCH 1/5] netfilter: Remove IP_CT_NEW_REPLY definition.

> On Oct 21, 2015, at 1:33 AM, Thomas Graf <tg...@suug.ch> wrote: > > [Copying netfilter-devel] > > On 10/20/15 at 03:20pm, Jarno Rajahalme wrote: >> Remove the definition of IP_CT_NEW_REPLY as it does not make sense. >> This allows the definition of IP_C

Re: [ovs-dev] [RFC PATCH 3/5] netfilter: Allow calling into nat helper without skb_dst.

> On Oct 21, 2015, at 3:44 AM, Pablo Neira Ayuso <pa...@netfilter.org> wrote: > > On Tue, Oct 20, 2015 at 03:20:27PM -0700, Jarno Rajahalme wrote: >> NAT checksum recalculation code assumed existence of skb_dst, which >> becomes a problem for a later pat

Re: [ovs-dev] [RFC PATCH 2/5] netfilter: Factor out nf_ct_get_info().

> On Oct 21, 2015, at 3:45 AM, Pablo Neira Ayuso <pa...@netfilter.org> wrote: > > On Tue, Oct 20, 2015 at 03:20:26PM -0700, Jarno Rajahalme wrote: >> Define a new inline function to map conntrack status to enum >> ip_conntrack_info. This removes the need to other

Re: [ovs-dev] [RFC PATCH 5/5] openvswitch: Interface with NAT.

> On Oct 21, 2015, at 3:59 AM, Thomas Graf <tg...@suug.ch> wrote: > > On 10/20/15 at 03:20pm, Jarno Rajahalme wrote: >> Extend OVS conntrack interface to cover NAT. New nested >> OVS_CT_ATTR_NAT may be used to include NAT with a CT action. A bare >> OVS_

Re: [ovs-dev] [RFC PATCH 2/5] netfilter: Factor out nf_ct_get_info().

> On Oct 21, 2015, at 3:45 AM, Pablo Neira Ayuso <pa...@netfilter.org> wrote: > > On Tue, Oct 20, 2015 at 03:20:26PM -0700, Jarno Rajahalme wrote: >> Define a new inline function to map conntrack status to enum >> ip_conntrack_info. This removes the need to other

Re: [ovs-dev] [PATCH] ovs: do not allocate memory from offline numa node

> On Oct 9, 2015, at 5:02 PM, Jarno Rajahalme <jrajaha...@nicira.com> wrote: > > >> On Oct 9, 2015, at 3:11 PM, Jesse Gross <je...@nicira.com >> <mailto:je...@nicira.com>> wrote: >> >> On Fri, Oct 9, 2015 at 8:54 AM, Jarno Rajahalme <j

[ovs-dev] [RFC PATCH 5/5] openvswitch: Interface with NAT.

) connections are mangled according to the rest of the nested attributes. This work extends on a branch by Thomas Graf at https://github.com/tgraf/ovs/tree/nat. Signed-off-by: Jarno Rajahalme <jrajaha...@nicira.com> --- include/uapi/linux/openvswitch.h | 48 +++- net/openvswitch/actions.c

[ovs-dev] [RFC PATCH 1/3] odp-util: Fix CT action formating.

Comma was missing after "label" attribute. Signed-off-by: Jarno Rajahalme <jrajaha...@nicira.com> --- lib/odp-util.c | 1 + 1 file changed, 1 insertion(+) diff --git a/lib/odp-util.c b/lib/odp-util.c index e131e36..8f0f39a 100644 --- a/lib/odp-util.c +++ b/lib/odp-util.c

[ovs-dev] [RFC PATCH 2/3] tests: Enable debugging in pyftpdlib.

Helps diagnosing problems. Signed-off-by: Jarno Rajahalme <jrajaha...@nicira.com> --- tests/test-l7.py | 4 1 file changed, 4 insertions(+) diff --git a/tests/test-l7.py b/tests/test-l7.py index 65c6c2a..faec2bc 100755 --- a/tests/test-l7.py +++ b/tests/test-l7.py @@ -30,6 +30,10

[ovs-dev] [RFC PATCH 3/3] conntrack action: Add support for NAT.

. This work extends on a branch by Thomas Graf at https://github.com/tgraf/ovs/tree/nat. Signed-off-by: Jarno Rajahalme <jrajaha...@nicira.com> --- datapath/linux/compat/include/linux/openvswitch.h | 37 ++ lib/odp-util.c| 372 - lib/ofp-act

Re: [ovs-dev] [RFC PATCH 1/5] netfilter: Remove IP_CT_NEW_REPLY definition.

I missed the “net-next” label from the title, sorry for that. Jarno > On Oct 20, 2015, at 3:20 PM, Jarno Rajahalme <jrajaha...@nicira.com> wrote: > > Remove the definition of IP_CT_NEW_REPLY as it does not make sense. > This allows the definition of IP_CT_NUMBER to be

[ovs-dev] [RFC PATCH 1/5] netfilter: Remove IP_CT_NEW_REPLY definition.

Remove the definition of IP_CT_NEW_REPLY as it does not make sense. This allows the definition of IP_CT_NUMBER to be simplified as well. Signed-off-by: Jarno Rajahalme <jrajaha...@nicira.com> --- include/uapi/linux/netfilter/nf_conntrack_common.h | 7 --- net/openvswitch/connt

[ovs-dev] [RFC PATCH 2/5] netfilter: Factor out nf_ct_get_info().

Define a new inline function to map conntrack status to enum ip_conntrack_info. This removes the need to otherwise duplicate this code in a later patch. Signed-off-by: Jarno Rajahalme <jrajaha...@nicira.com> --- include/net/netfilter/nf_conntrack.h | 15 +++ net/net

[ovs-dev] [RFC PATCH 4/5] openvswitch: conntrack netlink API updates.

This patch makes changes already done in the net repo, so that the rest of the code compiles on top of the current net-next. Eventually, this patch will not be needed and should be removed before merging. Signed-off-by: Jarno Rajahalme <jrajaha...@nicira.com> --- include/uapi

[ovs-dev] [RFC PATCH 3/5] netfilter: Allow calling into nat helper without skb_dst.

NAT checksum recalculation code assumed existence of skb_dst, which becomes a problem for a later patch in the series. Simplify this by removing the checks, as the checksum will be dealt with later in the stack. Suggested-by: Pravin Shelar <pshe...@nicira.com> Signed-off-by: Jarno Raj

Re: [ovs-dev] [RFC PATCH 1/3] odp-util: Fix CT action formating.

This 3-part RFC patch series applies to OVS master repo, the 5-part RFC series applies to net-next. Jarno > On Oct 20, 2015, at 3:23 PM, Jarno Rajahalme <jrajaha...@nicira.com> wrote: > > Comma was missing after "label" attribute. > > Signed-off-by: Jarno R

Re: [ovs-dev] [PATCH 1/4] Summary: From: Jarno Rajahalme <jrajaha...@nicira.com>

> On Oct 15, 2015, at 8:33 PM, Takashi Yamamoto <yamam...@midokura.com> wrote: > > On Fri, Oct 16, 2015 at 6:28 AM, Jarno Rajahalme <jrajaha...@nicira.com > <mailto:jrajaha...@nicira.com>> wrote: >> ovs-ofctl: Fix replace-flows. >> >> T

Re: [ovs-dev] [PATCH 2/4] ovs-ofctl: Fix OpenFlow versions with '--bundle'

> On Oct 15, 2015, at 8:32 PM, Takashi Yamamoto <yamam...@midokura.com> wrote: > > On Fri, Oct 16, 2015 at 6:28 AM, Jarno Rajahalme <jrajaha...@nicira.com > <mailto:jrajaha...@nicira.com>> wrote: >> While the presence of the '--bundle' option implicitly adde

[ovs-dev] [PATCH 3/4] ovs-ofctl: Support multiple tables in replace-flows and diff-flows.

Signed-off-by: Jarno Rajahalme <jrajaha...@nicira.com> --- tests/ovs-ofctl.at| 60 - utilities/ovs-ofctl.c | 174 +++--- 2 files changed, 140 insertions(+), 94 deletions(-) diff --git a/tests/ovs-ofctl.at b/tests/ovs-ofctl.at

[ovs-dev] [PATCH 4/4] openflow: Remove OFPG11_*

Protocol-independent symbols OFPG_* were already defined in openflow-common.h, so remove the protocol version dependent symbols. Found by inspection. Signed-off-by: Jarno Rajahalme <jrajaha...@nicira.com> --- include/openflow/openflow-1.1.h | 18 ++ lib/ofp-p

[ovs-dev] [PATCH 1/4] Summary: From: Jarno Rajahalme <jrajaha...@nicira.com>

not support multiple tables, but that will be fixed in a later patch in the series. Reported-by: Takashi Yamamoto <yamam...@midokura.com> Signed-off-by: Jarno Rajahalme <jrajaha...@nicira.com> --- tests/ovs-ofctl.at| 34 +- utilities/ovs-ofctl.c | 2

[ovs-dev] [PATCH 2/4] ovs-ofctl: Fix OpenFlow versions with '--bundle'

no behavioral difference when ovs-ofctl is paired with OVS that supports OpenFlow 1.4, as the greatest common version is negotiated, but prevents negotiation of OpenFlow 1.0 when OVS does not support OpenFlow 1.4. Found by inspection. Signed-off-by: Jarno Rajahalme <jrajaha...@nicira.

Re: [ovs-dev] [PATCH 1/4] Summary: From: Jarno Rajahalme <jrajaha...@nicira.com>

> On Oct 15, 2015, at 2:28 PM, Jarno Rajahalme <jrajaha...@nicira.com> wrote: > > ovs-ofctl: Fix replace-flows. Sorry about the botched title, will fix for the commit, Jarno ___ dev mailing list dev@openvswitch.org http://openvswi

Re: [ovs-dev] [PATCH v4 02/12] ovs-ofctl: Add bundle support and unit testing.

> On Oct 14, 2015, at 9:35 PM, Takashi Yamamoto <yamam...@midokura.com> wrote: > > hi, > > On Wed, Jun 10, 2015 at 9:24 AM, Jarno Rajahalme <jrajaha...@nicira.com> > wrote: >> >> diff --git a/tests/ovs-ofctl.at b/tests/ovs-ofctl.at >> index 1e1

Re: [ovs-dev] [PATCHv4 00/11] Add support for connection tracking.

> On Oct 13, 2015, at 3:39 PM, Joe Stringer wrote: > > Thanks all, I made some minor fixups (mostly documentation) and pushed > this series to master. > > Next step: Datapath backport! This is great!! Thanks Joe! Jarno

Re: [ovs-dev] [PATCH] meta-flow.h: Remove circular dependency that crept into meta-flow.h via the ofputil_protocol enum. This one is defined in ofp-util.h which itself includes meta-flow.h. This chang

ace, like a fork. > > thx... > > On Mon, Oct 5, 2015 at 4:06 PM, Jarno Rajahalme <jrajaha...@nicira.com > <mailto:jrajaha...@nicira.com>> wrote: > John, > > I thought that maybe forward declaration of the enum would be better choice, > but apparently C99 forbids for

Re: [ovs-dev] [PATCH] ovs: do not allocate memory from offline numa node

> On Oct 9, 2015, at 3:11 PM, Jesse Gross <je...@nicira.com> wrote: > > On Fri, Oct 9, 2015 at 8:54 AM, Jarno Rajahalme <jrajaha...@nicira.com > <mailto:jrajaha...@nicira.com>> wrote: >> >> On Oct 8, 2015, at 4:03 PM, Jesse Gross <je...@nicira.com&g

Re: [ovs-dev] [PATCH] ovs: do not allocate memory from offline numa node

> On Oct 8, 2015, at 4:03 PM, Jesse Gross <je...@nicira.com> wrote: > > On Wed, Oct 7, 2015 at 10:47 AM, Jarno Rajahalme <jrajaha...@nicira.com > <mailto:jrajaha...@nicira.com>> wrote: >> >>> On Oct 6, 2015, at 6:01 PM, Jesse Gross <je...@nicira.

Re: [ovs-dev] [PATCH] ovs: do not allocate memory from offline numa node

> On Oct 6, 2015, at 6:01 PM, Jesse Gross wrote: > > On Mon, Oct 5, 2015 at 1:25 PM, Alexander Duyck > wrote: >> On 10/05/2015 06:59 AM, Vlastimil Babka wrote: >>> >>> On 10/02/2015 12:18 PM, Konstantin Khlebnikov wrote: When openvswitch

Re: [ovs-dev] [PATCH v2 2/2] ofproto-dpif-upcall: Use flow_wildcards_has_extra().

e, Sep 29, 2015 at 11:07:46AM -0700, Jarno Rajahalme wrote: >> Ben, >> >> Will you review this, or should I just drop this? >> >> Jarno >> >>> On Sep 18, 2015, at 5:44 PM, Jarno Rajahalme <jrajaha...@nicira.com> wrote: >>> >>> >&g

Re: [ovs-dev] [PATCH v2 2/2] ofproto-dpif-upcall: Use flow_wildcards_has_extra().

Ben, Will you review this, or should I just drop this? Jarno > On Sep 18, 2015, at 5:44 PM, Jarno Rajahalme <jrajaha...@nicira.com> wrote: > > >> On Sep 18, 2015, at 3:01 PM, Ben Pfaff <b...@nicira.com >> <mailto:b...@nicira.com>> wrote: >>

Re: [ovs-dev] [PATCH v2 1/2] dpif-netdev: Exact match non-presence of vlans.

> On Sep 18, 2015, at 2:59 PM, Ben Pfaff <b...@nicira.com> wrote: > > On Tue, Sep 15, 2015 at 04:54:20PM -0700, Jarno Rajahalme wrote: >> The Netlink encoding of datapath flow keys cannot express wildcarding >> the presence of a VLAN tag. Instead, a missing VLAN tag

Re: [ovs-dev] [PATCH v2 2/2] ofproto-dpif-upcall: Use flow_wildcards_has_extra().

> On Sep 18, 2015, at 3:01 PM, Ben Pfaff <b...@nicira.com> wrote: > > On Tue, Sep 15, 2015 at 04:54:21PM -0700, Jarno Rajahalme wrote: >> Update the comment in ukey_revalidate() to reflect the fact that the >> mask in ukey is not the datapath mask, but the originally t

Re: [ovs-dev] [PATCH 6/8] Add connection tracking label support.

> On Sep 16, 2015, at 1:42 PM, Joe Stringer <joestrin...@nicira.com> wrote: > > On 11 September 2015 at 16:22, Jarno Rajahalme <jrajaha...@nicira.com> wrote: >>> @@ -4177,6 +4181,32 @@ put_ct_mark(const struct flow *flow, struct flow >>> *base_flow, >&

Re: [ovs-dev] About the function odp_flow_key_to_flow__

> On Sep 16, 2015, at 3:19 AM, openvswitcher wrote: > > Hi, all > > > Could anybody explain the difference in function odp_flow_key_to_flow__ for > if the is_mask flag is true or flase? When is_mask is true, the output is a flow mask, when false, the output is a

Re: [ovs-dev] [PATCH 1/2] Summary: From: Jarno Rajahalme <jrajaha...@nicira.com>

> On Sep 15, 2015, at 4:46 PM, Ben Pfaff <b...@nicira.com> wrote: > > On Tue, Sep 15, 2015 at 04:38:05PM -0700, Jarno Rajahalme wrote: >> dpif-netdev: Exact match non-presence of vlans. > > Something bad happened to this email, can you retry? Done, also

[ovs-dev] [PATCH v2 1/2] dpif-netdev: Exact match non-presence of vlans.

that the userspace datapath failed to create a new datapath flow for the VLAN packet before this patch. This fix may be needed in the Windows datapath as well. Reported-by: Tony van der Peet <tony.vanderp...@gmail.com> Signed-off-by: Jarno Rajahalme <jrajaha...@nicira.com> --- v2: Added Reported-

[ovs-dev] [PATCH v2 2/2] ofproto-dpif-upcall: Use flow_wildcards_has_extra().

p; 1 != 1) (true) 10 (1 | 0 != 1) (false) (1 & 0 != 0) (false) 11 (1 | 1 != 1) (false) (1 & 1 != 1) (false) Signed-off-by: Jarno Rajahalme <jrajaha...@nicira.com> --- ofproto/ofproto-dpif-upcall.c | 27 +++ 1 file changed, 11 insertions(+

[ovs-dev] [PATCH 2/2] ofproto-dpif-upcall: Use flow_wildcards_has_extra().

p; 1 != 1) (true) 10 (1 | 0 != 1) (false) (1 & 0 != 0) (false) 11 (1 | 1 != 1) (false) (1 & 1 != 1) (false) Signed-off-by: Jarno Rajahalme <jrajaha...@nicira.com> --- ofproto/ofproto-dpif-upcall.c | 27 +++ 1 file changed, 11 insertions(+

[ovs-dev] [PATCH 1/2] Summary: From: Jarno Rajahalme <jrajaha...@nicira.com>

the userspace datapath modification showed that the userspace datapath failed to create a new datapath flow for the VLAN packet before this patch. This fix may be needed in the Windows datapath as well. Signed-off-by: Jarno Rajahalme <jrajaha...@nicira.com> --- lib/dpif-netdev.c | 10 l

Re: [ovs-dev] [PATCH 3/8] Add support for connection tracking.

> On Sep 11, 2015, at 1:07 PM, Joe Stringer <joestrin...@nicira.com> wrote: > > On 10 September 2015 at 19:03, Jarno Rajahalme <jrajaha...@nicira.com> wrote: >> >>> On Sep 9, 2015, at 7:00 PM, Joe Stringer <joestrin...@nicira.com> wrote: >>

Re: [ovs-dev] [PATCH 6/8] Add connection tracking label support.

[I did not receive this email either.] With the comments below, Acked-by: Jarno Rajahalme <jrajaha...@nicira.com> > This patch adds a new 128-bit metadata field to the connection tracking > interface. When a label is specified as part of the ct action and the > connecti

Re: [ovs-dev] [PATCH 3/8] Add support for connection tracking.

Here is an provisional ACK, I trust you to address the comments to my satisfaction :-) Acked-by: Jarno Rajahalme <jrajaha...@nicira.com> Jarno > On Sep 11, 2015, at 4:15 PM, Joe Stringer <joestrin...@nicira.com> wrote: > > On 11 September 2015 at 14:42, Jar

Re: [ovs-dev] [PATCH 3/8] Add support for connection tracking.

Joe, Below some comments on the tests, Jarno > --- a/tests/atlocal.in > +++ b/tests/atlocal.in > @@ -110,3 +110,10 @@ fi > if test "$IS_WIN32" = "yes"; then > HAVE_PYTHON="no" > fi > + > +# Conntrack test requirements > +if test x`which conntrack` != x; then > +HAVE_CONNTRACK="yes" >

Re: [ovs-dev] [PATCH 4/8] Add connection tracking mark support.

[I tried to reproduce the lost email message from the patch (from github).] With the comments below, Acked-by: Jarno Rajahalme <jrajaha...@nicira.com> > This patch adds a new 32-bit metadata field to the connection tracking > interface. When a mark is specified as part of t

Re: [ovs-dev] [PATCH 5/8] lib: Introduce ovs_u128_is_zero().

Acked-by: Jarno Rajahalme <jrajaha...@nicira.com> > From 71d0ebf2d9b473bf0f848e3ae76223b35ffd4505 Mon Sep 17 00:00:00 2001 > From: Daniele Di Proietto <diproiet...@vmware.com> > Date: Wed, 22 Jul 2015 18:41:48 +0100 > Subject: [PATCH] lib: Introduce ovs_u128_is_z

Re: [ovs-dev] [PATCH 7/8] Add support for connection tracking helper/ALGs.

With the comments below, Acked-by: Jarno Rajahalme <jrajaha...@nicira.com> Sorry for repeating some comments over and over, no offense intended. > On Sep 9, 2015, at 7:00 PM, Joe Stringer <joestrin...@nicira.com> wrote: > > This patch adds support for specifying a &quo

Re: [ovs-dev] [PATCH 3/8] Add support for connection tracking.

Conditional to Ben’s approval of the nested actions within the OF ct action, of course :-) Jarno > On Sep 11, 2015, at 4:37 PM, Jarno Rajahalme <jrajaha...@nicira.com> wrote: > > Here is an provisional ACK, I trust you to address the comments to my > satisfaction :-) &g

Re: [ovs-dev] [PATCH 3/8] Add support for connection tracking.

> On Sep 11, 2015, at 5:02 PM, Joe Stringer <joestrin...@nicira.com> wrote: > > On 11 September 2015 at 16:37, Jarno Rajahalme <jrajaha...@nicira.com> wrote: >> Here is an provisional ACK, I trust you to address the comments to my >> satisfaction :-) >>

Re: [ovs-dev] [PATCH 8/8] dpif-netlink: Allow MRU packet attribute.

With the few comments below, Acked-by: Jarno Rajahalme <jrajaha...@nicira.com> The MRU is still lost if the packet is sent to the controller, but maybe sending (potentially) large packet to controller is a bad idea to begin with. Jarno > On Sep 9, 2015, at 7:00 PM, Joe Stringer

Re: [ovs-dev] [PATCH 3/8] Add support for connection tracking.

> On Sep 10, 2015, at 3:23 PM, Joe Stringer wrote: > > On 10 September 2015 at 11:05, Ben Pfaff wrote: >> Who do you think should review this? > > I think that either Justin or Jarno should probably review this. I’ll review these, but Justin can chime

Re: [ovs-dev] [PATCH 1/2] ofproto: Reduce log level from WARN to INFO.

Acked-by: Jarno Rajahalme <jrajaha...@nicira.com> > On Sep 10, 2015, at 1:18 PM, Ben Pfaff <b...@nicira.com> wrote: > > It seems to me that a controller bug doesn't rise to the level of a WARN > that causes a testsuite failure (by default). > > Signed-off-

Re: [ovs-dev] [PATCH 3/8] Add support for connection tracking.

> On Sep 9, 2015, at 7:00 PM, Joe Stringer wrote: > > (snip) > diff --git a/datapath/linux/compat/include/linux/openvswitch.h > b/datapath/linux/compat/include/linux/openvswitch.h > index 578cd88..69bdf32 100644 > ---

Re: [ovs-dev] Megaflows Question

> On Sep 8, 2015, at 11:34 PM, openvswitcher wrote: > > Thank you very much. > > >The OpenFlow flows in question are 10.0.0.0/24, which matches: > >1010... > >and 10.0.0.1/32, which matches: > >

Re: [ovs-dev] Megaflows Question

> On Sep 8, 2015, at 9:38 AM, Ben Pfaff wrote: > > On Tue, Sep 08, 2015 at 09:41:51AM +0300, Gal Sagie wrote: >> for example: priority 100 match 10.0.0.0/24 go to controller >> priority 100 match 10.0.0.1 go to next table > > That's a bad idea: these flows

<    6   7   8   9   10   11   12   13   14   15   >