I just sent the patch to netfilter-devel and kernel-janitors with you as
Reported-by.
Jarno
> On Mar 19, 2016, at 5:09 AM, Dan Carpenter wrote:
>
> It doesn't make sense to apply my patch. Can you please send your patch
> but give me a Reported-by: tag?
>
>
instead, as it is only ever applicable to
the 'new' packets of the expected connection.
Fixes: 05752523e565 ('openvswitch: Interface with NAT.')
Reported-by: Dan Carpenter <dan.carpen...@oracle.com>
Signed-off-by: Jarno Rajahalme <ja...@ovn.org>
---
net/openvswitch/conntrack.c | 5 +
> On Mar 20, 2016, at 5:21 PM, Simon Horman <simon.hor...@netronome.com> wrote:
>
> On Fri, Mar 18, 2016 at 09:45:08AM -0700, Jarno Rajahalme wrote:
>> OpenFlow 1.5 spec says: “The group type need not be specified for the delete
>> request.”
>
> Thanks Jarno.
OpenFlow 1.5 spec says: “The group type need not be specified for the delete
request.”
Jarno
> On Mar 17, 2016, at 7:40 PM, Simon Horman wrote:
>
> On Wed, Mar 16, 2016 at 05:48:23PM +, Shuva Jyoti Kar wrote:
>> Hello,
>>
>> I am trying deletion of an
> On Mar 17, 2016, at 3:41 AM, Dan Carpenter wrote:
>
> The original condition is never true. We want to test if BIT(0) is set
> but the code is ANDing with zero.
>
> Fixes: 05752523e565 ('openvswitch: Interface with NAT.')
> Signed-off-by: Dan Carpenter
tch is correctly fixing a bug, the fix reveals another bug that
breaks test cases. Maybe it would be better to send a new series with your fix
as the first patch, and this one as the second patch? If so, here is my
signed-off-by:
Signed-off-by: Jarno Rajahalme <ja...@ovn.org <mailto:j
I think I’ll worry about that when I get to adding group and meter support.
Jarno
> On Mar 14, 2016, at 8:47 PM, Ben Pfaff wrote:
>
> Jarno, what do you think?
>
> On Mon, Mar 14, 2016 at 11:16:27PM +, André Mantas wrote:
>> Ok. And what about Packet_Out validation
> On Mar 14, 2016, at 10:42 AM, Ben Pfaff <b...@ovn.org> wrote:
>
> On Sun, Feb 28, 2016 at 10:33:17PM -0800, Gurucharan Shetty wrote:
>> From: Jarno Rajahalme <jrajaha...@nicira.com>
>>
>> Signed-off-by: Jarno Rajahalme <ja...@ovn.org>
>
>
Thanks for the reviews, Joe!
Now we have acks for the patches 3-8, but not for 1 and 2 that touch netfilter
proper. Who could review those?
Jarno
> On Mar 10, 2016, at 2:01 PM, Joe Stringer <j...@ovn.org> wrote:
>
> On 11 March 2016 at 07:54, Jarno Rajahalme <ja
/nat.
Signed-off-by: Jarno Rajahalme <ja...@ovn.org>
Acked-by: Thomas Graf <tg...@suug.ch>
---
include/uapi/linux/openvswitch.h | 49
net/openvswitch/Kconfig | 3 +-
net/openvswitch/conntrack.c | 524 +--
net/openvswitch
There is no need to help connections that are not confirmed, so we can
delay helping new connections to the time when they are confirmed.
This change is needed for NAT support, and having this as a separate
patch will make the following NAT patch a bit easier to review.
Signed-off-by: Jarno
Thanks for the reviews Joe! Comments below.
> On Mar 9, 2016, at 7:47 PM, Joe Stringer <j...@ovn.org> wrote:
>
> Hi Jarno,
>
> Thanks for working on this. Mostly just a few style things around #ifdefs
> below.
>
> On 9 March 2016 at 15:10, Jarno Rajahalme <ja
Repeat the nf_conntrack_in() call when it returns NF_REPEAT. This
avoids dropping a SYN packet re-opening an existing TCP connection.
Signed-off-by: Jarno Rajahalme <ja...@ovn.org>
Acked-by: Joe Stringer <j...@ovn.org>
---
net/openvswitch/conntrack.c | 10 --
1 fil
This makes the code easier to understand and the following patches
more focused.
Signed-off-by: Jarno Rajahalme <ja...@ovn.org>
---
net/openvswitch/conntrack.c | 21 -
1 file changed, 20 insertions(+), 1 deletion(-)
diff --git a/net/openvswitch/conntrack.c b/net/openv
Only a successful nf_conntrack_in() call can effect a connection state
change, so it suffices to update the key only after the
nf_conntrack_in() returns.
This change is needed for the later NAT patches.
Signed-off-by: Jarno Rajahalme <ja...@ovn.org>
Acked-by: Joe Stringer <j...@ovn.org&
hrough NAT using the
original ct reference also after the reference is lost after an
upcall.
Signed-off-by: Jarno Rajahalme <ja...@ovn.org>
Acked-by: Joe Stringer <j...@ovn.org>
---
net/openvswitch/conntrack.c | 103 ++--
1 file changed, 90 inser
elar <pshe...@nicira.com>
Signed-off-by: Jarno Rajahalme <ja...@ovn.org>
---
net/ipv4/netfilter/nf_nat_l3proto_ipv4.c | 30 --
net/ipv6/netfilter/nf_nat_l3proto_ipv6.c | 30 --
2 files changed, 16 insertions(+), 44 deletions(-)
, and the rules therein
are translated to kernel flow entries on-demand by ovs-vswitchd.
Jarno Rajahalme (8):
netfilter: Remove IP_CT_NEW_REPLY definition.
netfilter: Allow calling into nat helper without skb_dst.
openvswitch: Add commentary to conntrack.c
openvswitch: Update the CT state key only
Remove the definition of IP_CT_NEW_REPLY from the kernel as it does
not make sense. This allows the definition of IP_CT_NUMBER to be
simplified as well.
Signed-off-by: Jarno Rajahalme <ja...@ovn.org>
---
include/uapi/linux/netfilter/nf_conntrack_common.h | 12 +---
net/openv
> On Mar 10, 2016, at 4:00 AM, Thomas Graf <tg...@suug.ch> wrote:
>
> On 03/09/16 at 07:47pm, Joe Stringer wrote:
>> On 9 March 2016 at 15:10, Jarno Rajahalme <ja...@ovn.org> wrote:
>>> Extend OVS conntrack interface to cover NAT. New nested
>>> OVS
Thanks for pointing this out, v10, which hope is the final version, will have
the cover letter back.
Jarno
> On Mar 10, 2016, at 1:16 AM, Or Gerlitz <gerlitz...@gmail.com> wrote:
>
> On Wed, Mar 9, 2016 at 2:24 AM, Jarno Rajahalme <ja...@ovn.org> wrote:
>
3/9/2016 3:24 AM, Jarno Rajahalme wrote:
>
>> This makes the code easier to understand and the following patches
>> more focused.
>>
>> Signed-off-by: Jarno Rajahalme <ja...@ovn.org>
>> ---
>> net/openvswitch/conntrack.c | 21 -
>&g
Repeat the nf_conntrack_in() call when it returns NF_REPEAT. This
avoids dropping a SYN packet re-opening an existing TCP connection.
Signed-off-by: Jarno Rajahalme <ja...@ovn.org>
Acked-by: Joe Stringer <j...@ovn.org>
---
net/openvswitch/conntrack.c | 10 --
1 fil
Just sent a v9 addressing these dependency issues.
Jarno
> On Mar 9, 2016, at 12:04 AM, kbuild test robot <l...@intel.com> wrote:
>
> Hi Jarno,
>
> [auto build test ERROR on nf-next/master]
>
> url:
> https://github.com/0day-ci/linux/commits/Ja
/nat.
Signed-off-by: Jarno Rajahalme <ja...@ovn.org>
---
v9: Fixed module dependencies.
include/uapi/linux/openvswitch.h | 49
net/openvswitch/Kconfig | 3 +-
net/openvswitch/conntrack.c | 523 +--
net/openvswitch/conntrack.h
There is no need to help connections that are not confirmed, so we can
delay helping new connections to the time when they are confirmed.
This change is needed for NAT support, and having this as a separate
patch will make the following NAT patch a bit easier to review.
Signed-off-by: Jarno
Remove the definition of IP_CT_NEW_REPLY from the kernel as it does
not make sense. This allows the definition of IP_CT_NUMBER to be
simplified as well.
Signed-off-by: Jarno Rajahalme <ja...@ovn.org>
---
include/uapi/linux/netfilter/nf_conntrack_common.h | 12 +---
net/openv
Only a successful nf_conntrack_in() call can effect a connection state
change, so if suffices to update the key only after the
nf_conntrack_in() returns.
This change is needed for the later NAT patches.
Signed-off-by: Jarno Rajahalme <ja...@ovn.org>
---
net/openvswitch/conntrack
hrough NAT using the
original ct reference also after the reference is lost after an
upcall.
Signed-off-by: Jarno Rajahalme <ja...@ovn.org>
---
net/openvswitch/conntrack.c | 103 ++--
1 file changed, 90 insertions(+), 13 deletions(-)
diff --git a
This makes the code easier to understand and the following patches
more focused.
Signed-off-by: Jarno Rajahalme <ja...@ovn.org>
---
net/openvswitch/conntrack.c | 21 -
1 file changed, 20 insertions(+), 1 deletion(-)
diff --git a/net/openvswitch/conntrack.c b/net/openv
elar <pshe...@nicira.com>
Signed-off-by: Jarno Rajahalme <ja...@ovn.org>
---
net/ipv4/netfilter/nf_nat_l3proto_ipv4.c | 30 --
net/ipv6/netfilter/nf_nat_l3proto_ipv6.c | 30 --
2 files changed, 16 insertions(+), 44 deletions(-)
Thanks for the reviews, Joe!
I just posted a v8 addressing your concerns,
Jarno
> On Feb 17, 2016, at 4:00 PM, Joe Stringer <j...@ovn.org> wrote:
>
> On 5 February 2016 at 17:41, Jarno Rajahalme <ja...@ovn.org
> <mailto:ja...@ovn.org>> wrote:
>>
/nat.
Signed-off-by: Jarno Rajahalme <ja...@ovn.org>
---
include/uapi/linux/openvswitch.h | 49
net/openvswitch/conntrack.c | 519 +--
net/openvswitch/conntrack.h | 3 +-
3 files changed, 545 insertions(+), 26 deletions(-)
diff --git a/i
Repeat the nf_conntrack_in() call when it returns NF_REPEAT. This
avoids dropping a SYN packet re-opening an existing TCP connection.
Signed-off-by: Jarno Rajahalme <ja...@ovn.org>
Acked-by: Joe Stringer <j...@ovn.org>
---
net/openvswitch/conntrack.c | 10 --
1 fil
This makes the code easier to understand and the following patches
more focused.
Signed-off-by: Jarno Rajahalme <ja...@ovn.org>
---
net/openvswitch/conntrack.c | 21 -
1 file changed, 20 insertions(+), 1 deletion(-)
diff --git a/net/openvswitch/conntrack.c b/net/openv
There is no need to help connections that are not confirmed, so we can
delay helping new connections to the time when they are confirmed.
This change is needed for NAT support, and having this as a separate
patch will make the following NAT patch a bit easier to review.
Signed-off-by: Jarno
Only a successful nf_conntrack_in() call can effect a connection state
change, so if suffices to update the key only after the
nf_conntrack_in() returns.
This change is needed for the later NAT patches.
Signed-off-by: Jarno Rajahalme <ja...@ovn.org>
---
net/openvswitch/conntrack
hrough NAT using the
original ct reference also after the reference is lost after an
upcall.
Signed-off-by: Jarno Rajahalme <ja...@ovn.org>
---
net/openvswitch/conntrack.c | 103 ++--
1 file changed, 90 insertions(+), 13 deletions(-)
diff --git a
elar <pshe...@nicira.com>
Signed-off-by: Jarno Rajahalme <ja...@ovn.org>
---
net/ipv4/netfilter/nf_nat_l3proto_ipv4.c | 30 --
net/ipv6/netfilter/nf_nat_l3proto_ipv6.c | 30 --
2 files changed, 16 insertions(+), 44 deletions(-)
Remove the definition of IP_CT_NEW_REPLY from the kernel as it does
not make sense. This allows the definition of IP_CT_NUMBER to be
simplified as well.
Signed-off-by: Jarno Rajahalme <ja...@ovn.org>
---
include/uapi/linux/netfilter/nf_conntrack_common.h | 12 +---
net/openv
lems)
>
> On 3 March 2016 at 15:12, Jarno Rajahalme <ja...@ovn.org> wrote:
>> Commit 38876d31 fixed setting 'msg' when resizing an ofpbuf, but
>> failed to fix the same issue in ofpbuf_clone_with_headroom(). Without
>> this fix the newly cloned ofpbuf's 'm
It might be super slow, but how about running the test suite with valgrind and
ofpbuf code changed so that each put reallocates the memory? That way we would
not have to be lucky about the timing/placement of reallocations to find these
bugs?
Jarno
> On Mar 4, 2016, at 5:35 PM, William Tu
Maybe going back to the design where we have a separate function analyzing the
current action in case of “deferred recirculation” (== unmatchable struct flow)
would be the best compromise. I recall I did not like that earlier, but it
might be best option if recirculation between MPLS_POP and
ONF Extension 230 adds support for OpenFlow 1.4 bundles to OpenFlow
1.3. Supporting this allows OpenFlow 1.3 controllers to start using
bundles. Also the ovs-ofctl '--bundle' option can now be used with
OpenFlow 1.3.
Signed-off-by: Jarno Rajahalme <ja...@ovn.org>
---
Even though the number of supported MPLS labels may vary between a
datapath and the OVS userspace, it is better to use the
FLOW_MAX_MPLS_LABELS than a hard-coded '3' as the maximum number of
labels to scan.
Requested-by: Ben Pfaff <b...@ovn.org>
Signed-off-by: Jarno Rajahalme <ja..
> On Feb 23, 2016, at 5:01 PM, Ben Pfaff <b...@ovn.org> wrote:
>
> On Wed, Feb 17, 2016 at 11:45:29AM -0800, Jarno Rajahalme wrote:
>> So far we have been limited to including only one MPLS label in the
>> textual datapath flow format. Allow upto 3 labels to be
Thanks for the reviews, series pushed to master.
Jarno
> On Feb 23, 2016, at 8:21 PM, Ben Pfaff <b...@ovn.org> wrote:
>
> On Wed, Feb 17, 2016 at 11:45:30AM -0800, Jarno Rajahalme wrote:
>> So far we have tried to optimize MPLS POP action not to recirculate
>> unl
This needs a rebase, please defer reviews until v2.
Jarno
> On Feb 18, 2016, at 10:48 AM, Jarno Rajahalme <ja...@ovn.org> wrote:
>
> ONF Extension 230 adds support for OpenFlow 1.4 bundles to OpenFlow
> 1.3. Supporting this allows OpenFlow 1.3 controllers to sta
I take that back, just now noticed your response to patch 2/2.
Jarno
> On Feb 24, 2016, at 2:44 PM, Jarno Rajahalme <ja...@ovn.org> wrote:
>
> Ping.
>
>> On Feb 18, 2016, at 10:46 AM, Jarno Rajahalme <ja...@ovn.org> wrote:
>>
>> I was able to imple
Ping.
> On Feb 18, 2016, at 10:46 AM, Jarno Rajahalme <ja...@ovn.org> wrote:
>
> I was able to implement the Extension 230 on top of these, so looking good :-)
>
> Acked-by: Jarno Rajahalme <ja...@ovn.org>
>
>> On Jan 27, 2016, at 3:50 PM, Ben Pfaff <b..
Acked-by: Jarno Rajahalme <ja...@ovn.org>
> On Feb 23, 2016, at 1:26 PM, Joe Stringer <j...@ovn.org> wrote:
>
> Signed-off-by: Joe Stringer <j...@ovn.org>
> ---
> utilities/ovs-ofctl.8.in | 41 -
> 1 file changed, 24 inse
Sorry for the delay,
Acked-by: Jarno Rajahalme <ja...@ovn.org>
> On Jan 19, 2016, at 10:15 PM, Simon Horman <simon.hor...@netronome.com> wrote:
>
> Provide leading padding to allow pushing a value to a miniflow where
> the value is not aligned to 64 bytes and no value h
Sorry for the delay,
Acked-by: Jarno Rajahalme <ja...@ovn.org>
> On Jan 19, 2016, at 10:15 PM, Simon Horman <simon.hor...@netronome.com> wrote:
>
> The motivation is to allow pushing single bytes in
> a manner to that already used for 16, 32 and 64 bit integers
> On Feb 19, 2016, at 3:56 PM, Ben Pfaff <b...@ovn.org> wrote:
>
> On Fri, Feb 19, 2016 at 02:47:59PM -0800, Jarno Rajahalme wrote:
>> With one comment below:
>>
>> Acked-by: Jarno Rajahalme <ja...@ovn.org>
>
> Thanks for the review.
>
>>&
I’ve reviewed the series unto this point. Maybe someone else will review the
OVN patches. I did note, however, that the last patch does not help the test
failure:
Before the last patch:
# put_arp
Acked-by: Jarno Rajahalme <ja...@ovn.org>
> On Feb 19, 2016, at 12:34 AM, Ben Pfaff <b...@ovn.org> wrote:
>
> Signed-off-by: Ben Pfaff <b...@ovn.org>
> ---
> ovn/controller/pinctrl.h | 7 +++
> 1 file changed, 3 insertions(+), 4 deletions(-)
>
> d
With small comments below:
Acked-by: Jarno Rajahalme <ja...@ovn.org>
> On Feb 19, 2016, at 12:34 AM, Ben Pfaff <b...@ovn.org> wrote:
>
> One purpose of OpenFlow packet-in messages is to allow a controller to
> interpose on the path of a packet through the flow ta
With one comment below:
Acked-by: Jarno Rajahalme <ja...@ovn.org>
> On Feb 19, 2016, at 12:34 AM, Ben Pfaff <b...@ovn.org> wrote:
>
> It hadn't occurred to me before that any special support was actually
> necessary or useful for nested properties, but the functions int
With the comments below:
Acked-by: Jarno Rajahalme <ja...@ovn.org>
(snip)
> +/* Properties for NXAST_CONTROLLER2. */
> +enum nx_action_controller2_prop_type {
> +NXAC2PT_MAX_LEN,/* ovs_be16 max length to send controller. */
> +NXAC2PT_CONTROLLER_ID
Acked-by: Jarno Rajahalme <ja...@ovn.org>
> On Feb 19, 2016, at 12:34 AM, Ben Pfaff <b...@ovn.org> wrote:
>
> An upcoming commit will introduce another member that has a length, and
> it seems weird that bare 'len' would be one or the other.
>
> Signed-o
With the notes below:
Acked-by: Jarno Rajahalme <ja...@ovn.org>
(snip)
> diff --git a/include/openflow/nicira-ext.h b/include/openflow/nicira-ext.h
> index dad8707..bcc8758 100644
> --- a/include/openflow/nicira-ext.h
> +++ b/include/openflow/nicira-ext.h
> @@ -1,5 +1,5 @@
Acked-by: Jarno Rajahalme <ja...@ovn.org>
> On Feb 19, 2016, at 12:34 AM, Ben Pfaff <b...@ovn.org> wrote:
>
> It's not const in all cases so it doesn't entirely make sense to mark
> it const here.
>
> Signed-off-by: Ben Pfaff <b...@ovn.org>
> ---
>
With a note and a question below:
Acked-by: Jarno Rajahalme <ja...@ovn.org>
> On Feb 19, 2016, at 12:34 AM, Ben Pfaff <b...@ovn.org> wrote:
>
> A number of times I've looked at code and thought that it would be easier
> to understand if I could write an initializer inste
ONF Extension 230 adds support for OpenFlow 1.4 bundles to OpenFlow
1.3. Supporting this allows OpenFlow 1.3 controllers to start using
bundles.
Signed-off-by: Jarno Rajahalme <ja...@ovn.org>
---
NEWS | 5 +
lib/ofp-errors.h | 38 ++--
lib/ofp-msgs.h
Acked-by: Jarno Rajahalme <ja...@ovn.org>
> On Jan 27, 2016, at 3:50 PM, Ben Pfaff <b...@ovn.org> wrote:
>
> This code was the only user for OpenFlow header definitions other than
> struct ofp_header itself.
>
> Signed-off-by: Ben Pfaff <b...@ovn.org>
&
I was able to implement the Extension 230 on top of these, so looking good :-)
Acked-by: Jarno Rajahalme <ja...@ovn.org>
> On Jan 27, 2016, at 3:50 PM, Ben Pfaff <b...@ovn.org> wrote:
>
> ONF introduced a number of "standard extensions" that use its own
> vend
recirculation state.
Signed-off-by: Jarno Rajahalme <ja...@ovn.org>
---
tests/dpif-netdev.at | 9 +
tests/mpls-xlate.at | 8
tests/ofproto-dpif.at | 10 +-
3 files changed, 18 insertions(+), 9 deletions(-)
diff --git a/tests/dpif-netdev.at b/tests/dpif-netdev.at
<b...@ovn.org>
Signed-off-by: Jarno Rajahalme <ja...@ovn.org>
---
ofproto/ofproto-dpif-xlate.c | 99
tests/mpls-xlate.at | 14 +++
tests/ofproto-dpif.at| 3 +-
3 files changed, 17 insertions(+), 99 deletions(-)
So far we have been limited to including only one MPLS label in the
textual datapath flow format. Allow upto 3 labels to be included so
that testing with multiple labels becomes easier.
Signed-off-by: Jarno Rajahalme <ja...@ovn.org>
---
lib/odp-util.c
> On Feb 17, 2016, at 2:39 AM, André Mantas wrote:
>
> Hi. I'm currently adding support for packet-out messages in bundles.
>
> I started to look at *handle_packet_out*, *handle_bundle_add *and
> *do_bundle_commit
> *functions to understand how things work. Here is what
Acked-by: Jarno Rajahalme <ja...@ovn.org>
> On Feb 10, 2016, at 3:56 PM, Ben Pfaff <b...@ovn.org> wrote:
>
> This makes it accept the same syntax as parse_NOTE(), so that that function
> can be simplified. In an upcoming commit a second action will also be
> able to
With the (few) comments below:
Acked-by: Jarno Rajahalme <ja...@ovn.org>
(snip)
> + * In the current implementation, Open vSwitch forks the packet processing
> + * pipeline across patch ports. Suppose, for example, that the pipeline for
> + * br0 outputs to a patch port who
Joe,
I just noticed I never sent this out. Sorry, and thanks for the review!
Jarno
> On Feb 3, 2016, at 2:19 PM, Joe Stringer <j...@ovn.org> wrote:
>
> On 3 February 2016 at 12:33, Jarno Rajahalme <ja...@ovn.org> wrote:
>> From: Ethan Jackson <et...@nicira.com
IMO we should figure out a name for the “may_steal” that carries the intended
semantics a little bit better. Plain “steal” instead of “may_steal” would be
better, but maybe not the best choice.
Acked-by: Jarno Rajahalme <ja...@ovn.org>
> On Feb 8, 2016, at 10:43 PM, Ben Pfaff <
Acked-by: Jarno Rajahalme <ja...@ovn.org>
> On Feb 9, 2016, at 10:10 PM, Ben Pfaff <b...@ovn.org> wrote:
>
> This interface is still straightforward and easier for the client.
>
> Signed-off-by: Ben Pfaff <b...@ovn.org>
> ---
> ofproto/ofproto-dpif-xlat
Acked-by: Jarno Rajahalme <ja...@ovn.org>
> On Feb 9, 2016, at 10:10 PM, Ben Pfaff <b...@ovn.org> wrote:
>
> Signed-off-by: Ben Pfaff <b...@ovn.org>
> ---
> ofproto/ofproto-dpif-xlate.c | 26 +-
> 1 file changed, 13 insertions(+), 13 de
With one question below:
Acked-by: Jarno Rajahalme <ja...@ovn.org>
> On Feb 9, 2016, at 10:10 PM, Ben Pfaff <b...@ovn.org> wrote:
>
> In my opinion, this is less confusing in multiple ways. I now understand
> the code better myself.
>
> Signed-off-by: Ben Pfaff
I don’t have the patch 6/7 in my email, but here is the Ack for it:
Acked-by: Jarno Rajahalme <ja...@ovn.org>
> On Feb 9, 2016, at 10:10 PM, Ben Pfaff <b...@ovn.org> wrote:
>
> This is the third revision of my "closures" patch.
>
> The first version was:
&
For some reason I can’t find some to the patches in my inbox (nor in Junk
mail). I applied the patches from patchwork, so this seems to be a problem with
my mail.
Anyway, this is an Ack for the 1st patch:
Acked-by: Jarno Rajahalme <ja...@ovn.org>
The second patch fails two test
> On Feb 5, 2016, at 7:27 PM, Ben Pfaff <b...@ovn.org> wrote:
>
> On Fri, Feb 05, 2016 at 04:41:29PM -0800, Jarno Rajahalme wrote:
>>
>>> On Feb 5, 2016, at 3:30 PM, Ben Pfaff <b...@ovn.org> wrote:
>>>
>>> Mirroring is supposed to happen
> On Feb 5, 2016, at 3:30 PM, Ben Pfaff wrote:
>
> Mirroring is supposed to happen at most once for any destination on a given
> packet, so the implementation keeps track of which mirrors have already
> been used. However, until this commit it did that incorrectly: it
>
Acked-by: Jarno Rajahalme <ja...@ovn.org>
> On Feb 5, 2016, at 3:30 PM, Ben Pfaff <b...@ovn.org> wrote:
>
> Autotest isn't too smart, so if you try to use "mirroring" as a keyword
> before this commit it doesn't select most of the tests due to the comma in
/nat.
Signed-off-by: Jarno Rajahalme <ja...@ovn.org>
---
include/uapi/linux/openvswitch.h | 47
net/openvswitch/conntrack.c | 516 +--
net/openvswitch/conntrack.h | 3 +-
3 files changed, 541 insertions(+), 25 deletions(-)
diff --git a/i
There is no need to help connections that are not confirmed, so we can
delay helping new connections to the time when they are confirmed.
This change is needed for NAT support, and having this as a separate
patch will make the following NAT patch a bit easier to review.
Signed-off-by: Jarno
is properly set by the conntrack action.
A full test case requires rules for ARP handling not shown here.
The flow table above is an OpenFlow table, and the rules therein
are translated to kernel flow entries on-demand by ovs-vswitchd.
Jarno Rajahalme (7):
netfilter: Remove IP_CT_NEW_REPLY
Remove the definition of IP_CT_NEW_REPLY from the kernel as it does
not make sense. This allows the definition of IP_CT_NUMBER to be
simplified as well.
Signed-off-by: Jarno Rajahalme <ja...@ovn.org>
---
include/uapi/linux/netfilter/nf_conntrack_common.h | 12 +---
net/openv
hrough NAT using the
original ct reference also after the reference is lost after an
upcall.
Signed-off-by: Jarno Rajahalme <ja...@ovn.org>
---
net/openvswitch/conntrack.c | 111 ++--
1 file changed, 98 insertions(+), 13 deletions(-)
diff --git a
Only a successful nf_conntrack_in() call can effect a connection state
change, so if suffices to update the key only after the
nf_conntrack_in() returns.
This change is needed for the later NAT patches.
Signed-off-by: Jarno Rajahalme <ja...@ovn.org>
---
net/openvswitch/conntrack
Repeat the nf_conntrack_in() call when it returns NF_REPEAT. This
avoids dropping a SYN packet re-opening an existing TCP connection.
Signed-off-by: Jarno Rajahalme <ja...@ovn.org>
---
net/openvswitch/conntrack.c | 10 --
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git
elar <pshe...@nicira.com>
Signed-off-by: Jarno Rajahalme <ja...@ovn.org>
---
net/ipv4/netfilter/nf_nat_l3proto_ipv4.c | 30 --
net/ipv6/netfilter/nf_nat_l3proto_ipv6.c | 30 --
2 files changed, 16 insertions(+), 44 deletions(-)
Thanks for the reviews, series pushed to branch-2.3.
Jarno
> On Feb 5, 2016, at 5:44 PM, Joe Stringer <j...@ovn.org> wrote:
>
> On 4 February 2016 at 16:10, Jarno Rajahalme <ja...@ovn.org
> <mailto:ja...@ovn.org>> wrote:
>> From: Ethan Jackson <et...@n
> On Feb 5, 2016, at 4:06 PM, Ben Pfaff <b...@ovn.org> wrote:
>
> On Fri, Feb 05, 2016 at 03:49:24PM -0800, Jarno Rajahalme wrote:
>> Sorry for not spotting this on review, I must have assumed that if the
>> tests pass it must be correct!
>
> It's funny, I re
Acked-by: Jarno Rajahalme <ja...@ovn.org>
> On Feb 5, 2016, at 4:02 PM, Ben Pfaff <b...@ovn.org> wrote:
>
> This utility was completely broken and no one noticed for the time of a
> full release, so I think that's a safe sign that we should remove it.
>
> Signed-o
Sorry for not spotting this on review, I must have assumed that if the tests
pass it must be correct!
A reference to the commit this fixes would be nice.
Acked-by: Jarno Rajahalme <ja...@ovn.org>
> On Feb 5, 2016, at 3:30 PM, Ben Pfaff <b...@ovn.org> wrote:
>
> This d
> On Feb 4, 2016, at 6:08 AM, Fischetti, Antonio
> wrote:
>
> Hi William,
> Thanks for your interest on this idea.
> I'm currently working to provide a patch, once it is ready I'll be glad to
> share.
>
> In order to compare the throughput between the classifier
> On Feb 4, 2016, at 3:00 PM, Ben Pfaff <b...@ovn.org> wrote:
>
> On Wed, Feb 03, 2016 at 12:33:01PM -0800, Jarno Rajahalme wrote:
>> From: Ethan Jackson <et...@nicira.com>
>>
>> There are certain use cases (such as bond rebalancing) where a
>> d
> On Feb 4, 2016, at 3:22 PM, Ben Pfaff <b...@ovn.org> wrote:
>
> On Thu, Feb 04, 2016 at 03:08:48PM -0800, Jarno Rajahalme wrote:
>>
>>> On Feb 4, 2016, at 3:00 PM, Ben Pfaff <b...@ovn.org> wrote:
>>>
>>> On Wed, Feb 03, 2016 at 12:
Just sent out the v2,
Jarno
> On Feb 4, 2016, at 3:25 PM, Jarno Rajahalme <ja...@ovn.org> wrote:
>
>
>> On Feb 4, 2016, at 3:22 PM, Ben Pfaff <b...@ovn.org> wrote:
>>
>> On Thu, Feb 04, 2016 at 03:08:48PM -0800, Jarno Rajahalme wrote:
>>>
erflow).
Even though this should rarely happen, it is still good to make
push_ukey_ops__() just ignore the operation when it fails.
This is a backport of commit e83c935 to branch-2.3.
Signed-off-by: Alex Wang <ee07b...@gmail.com>
Acked-by: Daniele Di Proietto <diproiet...@vmware.com>
Si
;
Signed-off-by: Jarno Rajahalme <ja...@ovn.org>
Acked-by: Ben Pfaff <b...@ovn.org>
---
ofproto/ofproto-dpif-upcall.c | 47 +++-
ofproto/ofproto-dpif-xlate.c | 101 +++---
ofproto/ofproto-dpif-xlate.h | 11 ++---
ofproto/ofp
701 - 800 of 3087 matches
Mail list logo