[ovs-dev] [PATCH] openvswitch: meter: Use 64-bit arithmetic instead of 32-bit

[Gustavo A. R. Silva]

Add suffix LL to constant 1000 in order to give the compiler
complete information about the proper arithmetic to use. Notice
that this constant is used in a context that expects an expression
of type long long int (64 bits, signed).

The expression (band->burst_size + band->rate) * 1000 is currently
being evaluated using 32-bit arithmetic.

Addresses-Coverity-ID: 1461563 ("Unintentional integer overflow")
Signed-off-by: Gustavo A. R. Silva 
---
 net/openvswitch/meter.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/openvswitch/meter.c b/net/openvswitch/meter.c
index 3fbfc78..04b9428 100644
--- a/net/openvswitch/meter.c
+++ b/net/openvswitch/meter.c
@@ -488,7 +488,7 @@ bool ovs_meter_execute(struct datapath *dp, struct sk_buff 
*skb,
long long int max_bucket_size;
 
band = >bands[i];
-   max_bucket_size = (band->burst_size + band->rate) * 1000;
+   max_bucket_size = (band->burst_size + band->rate) * 1000LL;
 
band->bucket += delta_ms * band->rate;
if (band->bucket > max_bucket_size)
-- 
2.7.4

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] Detecte y Prevenga Fraudes Oportunamente

[Auditorías Administrativas]

 

En línea y en Vivo / Para todo su Equipo con una sola Conexión 

Sistemas Eficaces de Control a través de Auditorías Administrativas
22 de Febrero - Online en Vivo - Horario de 10:00 a 13:00 y de 15:00 a 18:00
   
 
¡No más fugas de recursos! Detecte y prevenga fraudes de manera oportuna, 
establezca las pruebas de control interno adecuadas y asegúrese del 
cumplimiento de las políticas de su organización. La elevada competividad en el 
mundo empresarial, obliga a toda organización, sin importar su tamaño, a 
mejorar sus procesos, ser más eficientes e idenficar sus fallas; para esto 
resulta imprescindible la gestión e implementación de controles internos. 
Una auditoría interna eficiente, ayudará a la gerencia a revisar, evaluar y 
verificar el uso y control de los recursos humanos, materiales y financieros. 

TEMARIO: 

1. Componentes de la Auditoría Administrativa.

2. Procedimientos de Auditoría Administrativa.

3. Instrumentación de la Auditoría Administrativa.

4. Emisión de Informes de Auditoría Administrativa.

- Y mucho más. 




 
¿Requiere la información a la Brevedad?
responda este email con la palabra: 

Fraude

Nombre:

Teléfono:

Empresa:

Centro telefónico: 018002129393


Lic. María Canul
Líder de Proyecto


 
¿Demasiados mensajes en su cuenta? Responda este mensaje indicando que solo 
desea recibir CALENDARIO y sólo recibirá un correo al mes. Si desea cancelar la 
suscripción, solicite su BAJA..
 

 

 



___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH 18/20] datapath: use ktime_get_ts64() instead of ktime_get_ts()

[Gregory Rose]

On 1/30/2018 3:40 PM, Greg Rose wrote:

From: Arnd Bergmann 

Upstream commit:
 commit 311af51dcb5629f04976a8e451673f77e3301041
 Author: Arnd Bergmann 
 Date:   Mon Nov 27 12:41:38 2017 +0100

 openvswitch: use ktime_get_ts64() instead of ktime_get_ts()

 timespec is deprecated because of the y2038 overflow, so let's convert
 this one to ktime_get_ts64(). The code is already safe even on 32-bit
 architectures, since it uses monotonic times. On 64-bit architectures,
 nothing changes, while on 32-bit architectures this avoids one
 type conversion.

 Signed-off-by: Arnd Bergmann 
 Signed-off-by: David S. Miller 

Additional compatability check for ktime_get_ts64() exists or not.
If not, then just continue using ktime_get_ts().

Cc: Arnd Bergmann 
Signed-off-by: Greg Rose 


Oops, I screwed this up.  ktime_get_ts64 isn't a macro.  We'll need this 
incremental...


diff --git a/acinclude.m4 b/acinclude.m4
index bc1ec72..5c63222 100644
--- a/acinclude.m4
+++ b/acinclude.m4
@@ -807,6 +807,9 @@ AC_DEFUN([OVS_CHECK_LINUX_COMPAT], [
   OVS_GREP_IFELSE([$KSRC/include/linux/timekeeping.h],
   [ktime_get_ns],
   [OVS_DEFINE([HAVE_KTIME_GET_NS])])
+  OVS_GREP_IFELSE([$KSRC/include/linux/timekeeping.h],
+  [ktime_get_ts64],
+  [OVS_DEFINE([HAVE_KTIME_GET_TS64])])

   if cmp -s datapath/linux/kcompat.h.new \
 datapath/linux/kcompat.h >/dev/null 2>&1; then
diff --git a/datapath/flow.c b/datapath/flow.c
index 385e481..cd8d422 100644
--- a/datapath/flow.c
+++ b/datapath/flow.c
@@ -52,7 +52,7 @@
 #include "flow_netlink.h"
 #include "vport.h"

-#ifndef ktime_get_ts64
+#ifndef HAVE_KTIME_GET_TS64
 #define ktime_get_ts64 ktime_get_ts
 #define timespec64 timespec
 #endif



---
  datapath/flow.c | 11 ---
  1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/datapath/flow.c b/datapath/flow.c
index 5da7e3e..385e481 100644
--- a/datapath/flow.c
+++ b/datapath/flow.c
@@ -52,14 +52,19 @@
  #include "flow_netlink.h"
  #include "vport.h"
  
+#ifndef ktime_get_ts64

+#define ktime_get_ts64 ktime_get_ts
+#define timespec64 timespec
+#endif
+
  u64 ovs_flow_used_time(unsigned long flow_jiffies)
  {
-   struct timespec cur_ts;
+   struct timespec64 cur_ts;
u64 cur_ms, idle_ms;
  
-	ktime_get_ts(_ts);

+   ktime_get_ts64(_ts);
idle_ms = jiffies_to_msecs(jiffies - flow_jiffies);
-   cur_ms = (u64)cur_ts.tv_sec * MSEC_PER_SEC +
+   cur_ms = (u64)(u32)cur_ts.tv_sec * MSEC_PER_SEC +
 cur_ts.tv_nsec / NSEC_PER_MSEC;
  
  	return cur_ms - idle_ms;


___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH V2] rhel: Fix support for root user using DPDK

[Marcos Felipe Schwarz]

 Since 2.8.0 OVS runs as non-root user on rhel distros, but the current
implementation breaks the ability to run as root with DPDK and as a
consequence there is no way possible to use UIO drivers on kernel 4.0 and
newer [1, 2].
[1] http://dpdk.org/browse/dpdk/commit/?id=cdc242f260e766bd95a658b5e0686a
62ec04f5b0
[2] https://www.kernel.org/doc/Documentation/vm/pagemap.txt

Fixes: e3e738a3d058 ("redhat: allow dpdk to also run as non-root user")
Signed-off-by: Marcos Schwarz 
---
 lib/daemon-unix.c   | 3 ++-
 rhel/usr_lib_systemd_system_ovs-vswitchd.service.in | 2 +-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/lib/daemon-unix.c b/lib/daemon-unix.c
index adb549c98..06528e9ab 100644
--- a/lib/daemon-unix.c
+++ b/lib/daemon-unix.c
@@ -1047,5 +1047,6 @@ daemon_set_new_user(const char *user_spec)
 }
 }

-switch_user = true;
+if (!uid_verify(uid) || !gid_verify(gid))
+switch_user = true;
 }
diff --git a/rhel/usr_lib_systemd_system_ovs-vswitchd.service.in b/rhel/
usr_lib_systemd_system_ovs-vswitchd.service.in
index c6d9aa1b8..e8b81e707 100644
--- a/rhel/usr_lib_systemd_system_ovs-vswitchd.service.in
+++ b/rhel/usr_lib_systemd_system_ovs-vswitchd.service.in
@@ -14,7 +14,7 @@ Environment=HOME=/var/run/openvswitch
 EnvironmentFile=/etc/openvswitch/default.conf
 EnvironmentFile=-/etc/sysconfig/openvswitch
 @begin_dpdk@
-ExecStartPre=-/usr/bin/chown :hugetlbfs /dev/hugepages
+ExecStartPre=-/bin/sh -c '/usr/bin/chown :${OVS_USER_ID##*:}
 ExecStartPre=-/usr/bin/chmod 0775 /dev/hugepages
 @end_dpdk@
 ExecStart=/usr/share/openvswitch/scripts/ovs-ctl \
--
2.14.3
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH 20/20] Documentation: Update NEWS and faq

[Gregory Rose]

On 1/30/2018 3:43 PM, Justin Pettit wrote:



On Jan 30, 2018, at 3:40 PM, Greg Rose  wrote:

Signed-off-by: Greg Rose 
---
Documentation/faq/releases.rst | 1 +
NEWS   | 2 ++
2 files changed, 3 insertions(+)

diff --git a/Documentation/faq/releases.rst b/Documentation/faq/releases.rst
index 62a1957..2f03c89 100644
--- a/Documentation/faq/releases.rst
+++ b/Documentation/faq/releases.rst
@@ -67,6 +67,7 @@ Q: What Linux kernel versions does each Open vSwitch release 
work with?
 2.7.x3.10 to 4.9
 2.8.x3.10 to 4.12
 2.9.x3.10 to 4.13
+2.10.x   3.10 to 4.14

Thanks for the patches, Greg.  Should we try to get these into 2.9 or just wait 
for 2.10?

--Justin




I assumed 2.10 but... well, I'm not sure.  The major features new in the 
Linux kernel since 4.13 are meters, NSH and erspan.  Not sure if we need 
those for 2.9 or not.


- Greg
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH 20/20] Documentation: Update NEWS and faq

[Justin Pettit]

> On Jan 30, 2018, at 3:40 PM, Greg Rose  wrote:
> 
> Signed-off-by: Greg Rose 
> ---
> Documentation/faq/releases.rst | 1 +
> NEWS   | 2 ++
> 2 files changed, 3 insertions(+)
> 
> diff --git a/Documentation/faq/releases.rst b/Documentation/faq/releases.rst
> index 62a1957..2f03c89 100644
> --- a/Documentation/faq/releases.rst
> +++ b/Documentation/faq/releases.rst
> @@ -67,6 +67,7 @@ Q: What Linux kernel versions does each Open vSwitch 
> release work with?
> 2.7.x3.10 to 4.9
> 2.8.x3.10 to 4.12
> 2.9.x3.10 to 4.13
> +2.10.x   3.10 to 4.14

Thanks for the patches, Greg.  Should we try to get these into 2.9 or just wait 
for 2.10?

--Justin


___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH 20/20] Documentation: Update NEWS and faq

[Greg Rose]

Signed-off-by: Greg Rose 
---
 Documentation/faq/releases.rst | 1 +
 NEWS   | 2 ++
 2 files changed, 3 insertions(+)

diff --git a/Documentation/faq/releases.rst b/Documentation/faq/releases.rst
index 62a1957..2f03c89 100644
--- a/Documentation/faq/releases.rst
+++ b/Documentation/faq/releases.rst
@@ -67,6 +67,7 @@ Q: What Linux kernel versions does each Open vSwitch release 
work with?
 2.7.x3.10 to 4.9
 2.8.x3.10 to 4.12
 2.9.x3.10 to 4.13
+2.10.x   3.10 to 4.14
  ==
 
 Open vSwitch userspace should also work with the Linux kernel module built
diff --git a/NEWS b/NEWS
index 726589c..38989bd 100644
--- a/NEWS
+++ b/NEWS
@@ -2,6 +2,8 @@ Post-v2.9.0
 
 - ovs-vswitchd:
   * New options --l7 and --l7-len to "ofproto/trace" command.
+- Linux kernel 4.14
+  * Add support for compiling OVS with the latest Linux 4.14 kernel
 
 
 v2.9.0 - xx xxx 
-- 
1.8.3.1

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH 19/20] compat:inet_frag.h: Check for frag_percpu_counter_batch

[Greg Rose]

Fix up the compat layer to check for frag_percpu_counter_batch and
if not present then use atomic_sub and atomic_add as per the
backport in the 3.16.50 LTS kernel.  Fixes compile errors on
3.16 series kernels from 3.16.50 on.

Signed-off-by: Greg Rose 
---
 datapath/linux/compat/include/net/inet_frag.h | 14 ++
 1 file changed, 14 insertions(+)

diff --git a/datapath/linux/compat/include/net/inet_frag.h 
b/datapath/linux/compat/include/net/inet_frag.h
index 34078c8..c98c3a4 100644
--- a/datapath/linux/compat/include/net/inet_frag.h
+++ b/datapath/linux/compat/include/net/inet_frag.h
@@ -30,6 +30,7 @@ static inline bool inet_frag_evicting(struct inet_frag_queue 
*q)
 #endif
 
 #ifndef HAVE_SUB_FRAG_MEM_LIMIT_ARG_STRUCT_NETNS_FRAGS
+#ifdef frag_percpu_counter_batch
 static inline void rpl_sub_frag_mem_limit(struct netns_frags *nf, int i)
 {
__percpu_counter_add(>mem, -i, frag_percpu_counter_batch);
@@ -41,6 +42,19 @@ static inline void rpl_add_frag_mem_limit(struct netns_frags 
*nf, int i)
__percpu_counter_add(>mem, i, frag_percpu_counter_batch);
 }
 #define add_frag_mem_limit rpl_add_frag_mem_limit
+#else /* frag_percpu_counter_batch */
+static inline void rpl_sub_frag_mem_limit(struct netns_frags *nf, int i)
+{
+   atomic_sub(i, >mem);
+}
+#define sub_frag_mem_limit rpl_sub_frag_mem_limit
+
+static inline void rpl_add_frag_mem_limit(struct netns_frags *nf, int i)
+{
+   atomic_add(i, >mem);
+}
+#define add_frag_mem_limit rpl_add_frag_mem_limit
+#endif /* frag_percpu_counter_batch */
 #endif
 
 #ifdef HAVE_VOID_INET_FRAGS_INIT
-- 
1.8.3.1

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH 18/20] datapath: use ktime_get_ts64() instead of ktime_get_ts()

[Greg Rose]

From: Arnd Bergmann 

Upstream commit:
commit 311af51dcb5629f04976a8e451673f77e3301041
Author: Arnd Bergmann 
Date:   Mon Nov 27 12:41:38 2017 +0100

openvswitch: use ktime_get_ts64() instead of ktime_get_ts()

timespec is deprecated because of the y2038 overflow, so let's convert
this one to ktime_get_ts64(). The code is already safe even on 32-bit
architectures, since it uses monotonic times. On 64-bit architectures,
nothing changes, while on 32-bit architectures this avoids one
type conversion.

Signed-off-by: Arnd Bergmann 
Signed-off-by: David S. Miller 

Additional compatability check for ktime_get_ts64() exists or not.
If not, then just continue using ktime_get_ts().

Cc: Arnd Bergmann 
Signed-off-by: Greg Rose 
---
 datapath/flow.c | 11 ---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/datapath/flow.c b/datapath/flow.c
index 5da7e3e..385e481 100644
--- a/datapath/flow.c
+++ b/datapath/flow.c
@@ -52,14 +52,19 @@
 #include "flow_netlink.h"
 #include "vport.h"
 
+#ifndef ktime_get_ts64
+#define ktime_get_ts64 ktime_get_ts
+#define timespec64 timespec
+#endif
+
 u64 ovs_flow_used_time(unsigned long flow_jiffies)
 {
-   struct timespec cur_ts;
+   struct timespec64 cur_ts;
u64 cur_ms, idle_ms;
 
-   ktime_get_ts(_ts);
+   ktime_get_ts64(_ts);
idle_ms = jiffies_to_msecs(jiffies - flow_jiffies);
-   cur_ms = (u64)cur_ts.tv_sec * MSEC_PER_SEC +
+   cur_ms = (u64)(u32)cur_ts.tv_sec * MSEC_PER_SEC +
 cur_ts.tv_nsec / NSEC_PER_MSEC;
 
return cur_ms - idle_ms;
-- 
1.8.3.1

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH 17/20] datapath: fix the incorrect flow action alloc size

[Greg Rose]

From: zhangliping 

Upstream commit:
commit 67c8d22a73128ff910e2287567132530abcf5b71
Author: zhangliping 
Date:   Sat Nov 25 22:02:12 2017 +0800

openvswitch: fix the incorrect flow action alloc size

If we want to add a datapath flow, which has more than 500 vxlan outputs'
action, we will get the following error reports:
  openvswitch: netlink: Flow action size 32832 bytes exceeds max
  openvswitch: netlink: Flow action size 32832 bytes exceeds max
  openvswitch: netlink: Actions may not be safe on all matching packets
  ... ...

It seems that we can simply enlarge the MAX_ACTIONS_BUFSIZE to fix it, but
this is not the root cause. For example, for a vxlan output action, we need
about 60 bytes for the nlattr, but after it is converted to the flow
action, it only occupies 24 bytes. This means that we can still support
more than 1000 vxlan output actions for a single datapath flow under the
the current 32k max limitation.

So even if the nla_len(attr) is larger than MAX_ACTIONS_BUFSIZE, we
shouldn't report EINVAL and keep it move on, as the judgement can be
done by the reserve_sfa_size.

Signed-off-by: zhangliping 
Acked-by: Pravin B Shelar 
Signed-off-by: David S. Miller 

Cc: zhangliping 
Signed-off-by: Greg Rose 
---
 datapath/flow_netlink.c | 16 
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/datapath/flow_netlink.c b/datapath/flow_netlink.c
index 303337c..80c57bd 100644
--- a/datapath/flow_netlink.c
+++ b/datapath/flow_netlink.c
@@ -1909,14 +1909,11 @@ int ovs_nla_put_mask(const struct sw_flow *flow, struct 
sk_buff *skb)
 #define MAX_ACTIONS_BUFSIZE(32 * 1024)
 #endif
 
-static struct sw_flow_actions *nla_alloc_flow_actions(int size, bool log)
+static struct sw_flow_actions *nla_alloc_flow_actions(int size)
 {
struct sw_flow_actions *sfa;
 
-   if (size > MAX_ACTIONS_BUFSIZE) {
-   OVS_NLERR(log, "Flow action size %u bytes exceeds max", size);
-   return ERR_PTR(-EINVAL);
-   }
+   WARN_ON_ONCE(size > MAX_ACTIONS_BUFSIZE);
 
sfa = kmalloc(sizeof(*sfa) + size, GFP_KERNEL);
if (!sfa)
@@ -1989,12 +1986,15 @@ static struct nlattr *reserve_sfa_size(struct 
sw_flow_actions **sfa,
new_acts_size = ksize(*sfa) * 2;
 
if (new_acts_size > MAX_ACTIONS_BUFSIZE) {
-   if ((MAX_ACTIONS_BUFSIZE - next_offset) < req_size)
+   if ((MAX_ACTIONS_BUFSIZE - next_offset) < req_size) {
+   OVS_NLERR(log, "Flow action size exceeds max %u",
+ MAX_ACTIONS_BUFSIZE);
return ERR_PTR(-EMSGSIZE);
+   }
new_acts_size = MAX_ACTIONS_BUFSIZE;
}
 
-   acts = nla_alloc_flow_actions(new_acts_size, log);
+   acts = nla_alloc_flow_actions(new_acts_size);
if (IS_ERR(acts))
return (void *)acts;
 
@@ -2673,7 +2673,7 @@ int ovs_nla_copy_actions(struct net *net, const struct 
nlattr *attr,
 {
int err;
 
-   *sfa = nla_alloc_flow_actions(nla_len(attr), log);
+   *sfa = nla_alloc_flow_actions(min(nla_len(attr), MAX_ACTIONS_BUFSIZE));
if (IS_ERR(*sfa))
return PTR_ERR(*sfa);
 
-- 
1.8.3.1

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH 16/20] datapath: fix data type in queue_gso_packets

[Greg Rose]

From: "Gustavo A. R. Silva" 

Upstream commit:
commit 2734166e89639c973c6e125ac8bcfc2d9db72b70
Author: Gustavo A. R. Silva 
Date:   Sat Nov 25 13:14:40 2017 -0600

net: openvswitch: datapath: fix data type in queue_gso_packets

gso_type is being used in binary AND operations together with SKB_GSO_UDP.
The issue is that variable gso_type is of type unsigned short and
SKB_GSO_UDP expands to more than 16 bits:

SKB_GSO_UDP = 1 << 16

this makes any binary AND operation between gso_type and SKB_GSO_UDP to
be always zero, hence making some code unreachable and likely causing
undesired behavior.

Fix this by changing the data type of variable gso_type to unsigned int.

Addresses-Coverity-ID: 1462223
Fixes: 0c19f846d582 ("net: accept UFO datagrams from tuntap and packet")
Signed-off-by: Gustavo A. R. Silva 
Acked-by: Willem de Bruijn 
Signed-off-by: David S. Miller 

While backporting this I found another couple of instances of the
same issue so I fixed them up as well.

Cc: Gustavo A. R. Silva 
Signed-off-by: Greg Rose 
---
 datapath/datapath.c | 2 +-
 datapath/linux/compat/stt.c | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/datapath/datapath.c b/datapath/datapath.c
index 07b6c71..e90177c 100644
--- a/datapath/datapath.c
+++ b/datapath/datapath.c
@@ -313,7 +313,7 @@ static int queue_gso_packets(struct datapath *dp, struct 
sk_buff *skb,
 uint32_t cutlen)
 {
 #ifdef HAVE_SKB_GSO_UDP
-   unsigned short gso_type = skb_shinfo(skb)->gso_type;
+   unsigned int gso_type = skb_shinfo(skb)->gso_type;
struct sw_flow_key later_key;
 #endif
struct sk_buff *segs, *nskb;
diff --git a/datapath/linux/compat/stt.c b/datapath/linux/compat/stt.c
index 66a97f2..2189476 100644
--- a/datapath/linux/compat/stt.c
+++ b/datapath/linux/compat/stt.c
@@ -1315,7 +1315,7 @@ static bool validate_checksum(struct sk_buff *skb)
 static bool set_offloads(struct sk_buff *skb)
 {
struct stthdr *stth = stt_hdr(skb);
-   unsigned short gso_type = 0;
+   unsigned int gso_type = 0;
int l3_header_size;
int l4_header_size;
u16 csum_offset;
-- 
1.8.3.1

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH 15/20] datapath: meter: fix NULL pointer dereference in ovs_meter_cmd_reply_start

[Greg Rose]

From: "Gustavo A. R. Silva" 

Upstream commit:
commit b74912a2fdae9aadd20da502644aa8848c861954
Author: Gustavo A. R. Silva 
Date:   Tue Nov 14 14:26:16 2017 -0600

openvswitch: meter: fix NULL pointer dereference in ovs_meter_cmd_reply_star

It seems that the intention of the code is to null check the value
returned by function genlmsg_put. But the current code is null
checking the address of the pointer that holds the value returned
by genlmsg_put.

Fix this by properly null checking the value returned by function
genlmsg_put in order to avoid a pontential null pointer dereference.

Addresses-Coverity-ID: 1461561 ("Dereference before null check")
Addresses-Coverity-ID: 1461562 ("Dereference null return value")
Fixes: 96fbc13d7e77 ("openvswitch: Add meter infrastructure")
Signed-off-by: Gustavo A. R. Silva 
Signed-off-by: David S. Miller 

Cc: Gustavo A. R. Silva 
Signed-off-by: Greg Rose 
---
 datapath/meter.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/datapath/meter.c b/datapath/meter.c
index 7b9391d..d36870b 100644
--- a/datapath/meter.c
+++ b/datapath/meter.c
@@ -99,7 +99,7 @@ ovs_meter_cmd_reply_start(struct genl_info *info, u8 cmd,
*ovs_reply_header = genlmsg_put(skb, info->snd_portid,
info->snd_seq,
_meter_genl_family, 0, cmd);
-   if (!ovs_reply_header) {
+   if (!*ovs_reply_header) {
nlmsg_free(skb);
return ERR_PTR(-EMSGSIZE);
}
-- 
1.8.3.1

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH 14/20] datapath: Using kfree_rcu() to simplify the code

[Greg Rose]

From: Wei Yongjun 

Upstream commit:
commit 6dc14dc40a1d1dafd8491c349b5f3e15aabc4edb
Author: Wei Yongjun 
Date:   Tue Nov 14 06:27:12 2017 +

openvswitch: Using kfree_rcu() to simplify the code

The callback function of call_rcu() just calls a kfree(), so we
can use kfree_rcu() instead of call_rcu() + callback function.

Signed-off-by: Wei Yongjun 
Acked-by: Pravin B Shelar 
Signed-off-by: David S. Miller 

Cc: Wei Yongjun 
Signed-off-by: Greg Rose 
---
 datapath/meter.c | 9 +
 1 file changed, 1 insertion(+), 8 deletions(-)

diff --git a/datapath/meter.c b/datapath/meter.c
index bc940ae..7b9391d 100644
--- a/datapath/meter.c
+++ b/datapath/meter.c
@@ -42,19 +42,12 @@ static const struct nla_policy 
band_policy[OVS_BAND_ATTR_MAX + 1] = {
[OVS_BAND_ATTR_STATS] = { .len = sizeof(struct ovs_flow_stats) },
 };
 
-static void rcu_free_ovs_meter_callback(struct rcu_head *rcu)
-{
-   struct dp_meter *meter = container_of(rcu, struct dp_meter, rcu);
-
-   kfree(meter);
-}
-
 static void ovs_meter_free(struct dp_meter *meter)
 {
if (!meter)
return;
 
-   call_rcu(>rcu, rcu_free_ovs_meter_callback);
+   kfree_rcu(meter, rcu);
 }
 
 static struct hlist_head *meter_hash_bucket(const struct datapath *dp,
-- 
1.8.3.1

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH 13/20] datapath: Fix return value check in ovs_meter_cmd_features()

[Greg Rose]

From: Wei Yongjun 

Upstream commit:
commit 8a860c2bcc84a8e4fbcabb928cd97e4c51b17d93
Author: Wei Yongjun 
Date:   Tue Nov 14 06:20:16 2017 +

openvswitch: Fix return value check in ovs_meter_cmd_features()

In case of error, the function ovs_meter_cmd_reply_start() returns
ERR_PTR() not NULL. The NULL test in the return value check should
be replaced with IS_ERR().

Fixes: 96fbc13d7e77 ("openvswitch: Add meter infrastructure")
Signed-off-by: Wei Yongjun 
Acked-by: Pravin B Shelar 
Signed-off-by: David S. Miller 

Cc: Wei Yongjun 
Signed-off-by: Greg Rose 
---
 datapath/meter.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/datapath/meter.c b/datapath/meter.c
index 1ab965d..bc940ae 100644
--- a/datapath/meter.c
+++ b/datapath/meter.c
@@ -166,7 +166,7 @@ static int ovs_meter_cmd_features(struct sk_buff *skb, 
struct genl_info *info)
 
reply = ovs_meter_cmd_reply_start(info, OVS_METER_CMD_FEATURES,
  _reply_header);
-   if (!reply)
+   if (IS_ERR(reply))
return PTR_ERR(reply);
 
if (nla_put_u32(reply, OVS_METER_ATTR_MAX_METERS, U32_MAX) ||
-- 
1.8.3.1

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH 12/20] datapath: Add meter infrastructure

[Greg Rose]

From: Andy Zhou 

Upstream commit:
commit 96fbc13d7e770b542d2d1fcf700d0baadc6e8063
Author: Andy Zhou 
Date:   Fri Nov 10 12:09:42 2017 -0800

openvswitch: Add meter infrastructure

OVS kernel datapath so far does not support Openflow meter action.
This is the first stab at adding kernel datapath meter support.
This implementation supports only drop band type.

Signed-off-by: Andy Zhou 
Signed-off-by: David S. Miller 

Added a compat layer fixup for nla_parse.
Added another compat fixup for ktime_get_ns.

Cc: Andy Zhou 
Signed-off-by: Greg Rose 
---
 acinclude.m4|   3 +
 datapath/Modules.mk |   6 +-
 datapath/datapath.c |  14 +-
 datapath/datapath.h |   3 +
 datapath/linux/compat/include/net/netlink.h |   9 +
 datapath/meter.c| 614 
 datapath/meter.h|  54 +++
 7 files changed, 699 insertions(+), 4 deletions(-)
 create mode 100644 datapath/meter.c
 create mode 100644 datapath/meter.h

diff --git a/acinclude.m4 b/acinclude.m4
index 1f0b592..bc1ec72 100644
--- a/acinclude.m4
+++ b/acinclude.m4
@@ -804,6 +804,9 @@ AC_DEFUN([OVS_CHECK_LINUX_COMPAT], [
   OVS_GREP_IFELSE([$KSRC/include/net/net_namespace.h],
   [EXPORT_SYMBOL_GPL(peernet2id_alloc)],
   [OVS_DEFINE([HAVE_PEERNET2ID_ALLOC])])
+  OVS_GREP_IFELSE([$KSRC/include/linux/timekeeping.h],
+  [ktime_get_ns],
+  [OVS_DEFINE([HAVE_KTIME_GET_NS])])
 
   if cmp -s datapath/linux/kcompat.h.new \
 datapath/linux/kcompat.h >/dev/null 2>&1; then
diff --git a/datapath/Modules.mk b/datapath/Modules.mk
index 21f04a0..a9e2880 100644
--- a/datapath/Modules.mk
+++ b/datapath/Modules.mk
@@ -26,7 +26,8 @@ openvswitch_sources = \
flow_table.c \
vport.c \
vport-internal_dev.c \
-   vport-netdev.c
+   vport-netdev.c \
+   meter.c
 
 vport_geneve_sources = vport-geneve.c
 vport_vxlan_sources = vport-vxlan.c
@@ -43,7 +44,8 @@ openvswitch_headers = \
flow_table.h \
vport.h \
vport-internal_dev.h \
-   vport-netdev.h
+   vport-netdev.h \
+   meter.h
 
 dist_sources = $(foreach module,$(dist_modules),$($(module)_sources))
 dist_headers = $(foreach module,$(dist_modules),$($(module)_headers))
diff --git a/datapath/datapath.c b/datapath/datapath.c
index 13b055a..07b6c71 100644
--- a/datapath/datapath.c
+++ b/datapath/datapath.c
@@ -57,6 +57,7 @@
 #include "flow.h"
 #include "flow_table.h"
 #include "flow_netlink.h"
+#include "meter.h"
 #include "gso.h"
 #include "vport-internal_dev.h"
 #include "vport-netdev.h"
@@ -177,6 +178,7 @@ static void destroy_dp_rcu(struct rcu_head *rcu)
ovs_flow_tbl_destroy(>table);
free_percpu(dp->stats_percpu);
kfree(dp->ports);
+   ovs_meters_exit(dp);
kfree(dp);
 }
 
@@ -1601,6 +1603,10 @@ static int ovs_dp_cmd_new(struct sk_buff *skb, struct 
genl_info *info)
for (i = 0; i < DP_VPORT_HASH_BUCKETS; i++)
INIT_HLIST_HEAD(>ports[i]);
 
+   err = ovs_meters_init(dp);
+   if (err)
+   goto err_destroy_ports_array;
+
/* Set up our datapath device. */
parms.name = nla_data(a[OVS_DP_ATTR_NAME]);
parms.type = OVS_VPORT_TYPE_INTERNAL;
@@ -1629,7 +1635,7 @@ static int ovs_dp_cmd_new(struct sk_buff *skb, struct 
genl_info *info)
ovs_dp_reset_user_features(skb, info);
}
 
-   goto err_destroy_ports_array;
+   goto err_destroy_meters;
}
 
err = ovs_dp_cmd_fill_info(dp, reply, info->snd_portid,
@@ -1644,8 +1650,10 @@ static int ovs_dp_cmd_new(struct sk_buff *skb, struct 
genl_info *info)
ovs_notify(_datapath_genl_family, _dp_datapath_multicast_group, 
reply, info);
return 0;
 
-err_destroy_ports_array:
+err_destroy_meters:
ovs_unlock();
+   ovs_meters_exit(dp);
+err_destroy_ports_array:
kfree(dp->ports);
 err_destroy_percpu:
free_percpu(dp->stats_percpu);
@@ -2295,6 +2303,7 @@ static struct genl_family *dp_genl_families[] = {
_vport_genl_family,
_flow_genl_family,
_packet_genl_family,
+   _meter_genl_family,
 };
 
 static void dp_unregister_genl(int n_families)
@@ -2488,3 +2497,4 @@ MODULE_ALIAS_GENL_FAMILY(OVS_DATAPATH_FAMILY);
 MODULE_ALIAS_GENL_FAMILY(OVS_VPORT_FAMILY);
 MODULE_ALIAS_GENL_FAMILY(OVS_FLOW_FAMILY);
 MODULE_ALIAS_GENL_FAMILY(OVS_PACKET_FAMILY);
+MODULE_ALIAS_GENL_FAMILY(OVS_METER_FAMILY);
diff --git a/datapath/datapath.h b/datapath/datapath.h
index 7481d6d..93c9ed5 100644
--- a/datapath/datapath.h
+++ b/datapath/datapath.h
@@ -93,6 +93,9 @@ struct datapath {
u32 user_features;
 
u32 max_headroom;
+
+   /* 

[ovs-dev] [PATCH 11/20] datapath: Add meter netlink definitions

[Greg Rose]

From: Andy Zhou 

Upstream commit:
commit 5794040647de4011598a6d005fdad95d24fd385b
Author: Andy Zhou 
Date:   Fri Nov 10 12:09:40 2017 -0800

openvswitch: Add meter netlink definitions

Meter has its own netlink family. Define netlink messages and attributes
for communicating with the user space programs.

Signed-off-by: Andy Zhou 
Signed-off-by: David S. Miller 

Cc: Andy Zhou 
Signed-off-by: Greg Rose 
---
 datapath/linux/compat/include/linux/openvswitch.h | 51 +++
 1 file changed, 51 insertions(+)

diff --git a/datapath/linux/compat/include/linux/openvswitch.h 
b/datapath/linux/compat/include/linux/openvswitch.h
index 6081a29..164f57d 100644
--- a/datapath/linux/compat/include/linux/openvswitch.h
+++ b/datapath/linux/compat/include/linux/openvswitch.h
@@ -945,4 +945,55 @@ enum ovs_action_attr {
 
 #define OVS_ACTION_ATTR_MAX (__OVS_ACTION_ATTR_MAX - 1)
 
+/* Meters. */
+#define OVS_METER_FAMILY  "ovs_meter"
+#define OVS_METER_MCGROUP "ovs_meter"
+#define OVS_METER_VERSION 0x1
+
+enum ovs_meter_cmd {
+   OVS_METER_CMD_UNSPEC,
+   OVS_METER_CMD_FEATURES, /* Get features supported by the datapath. */
+   OVS_METER_CMD_SET,  /* Add or modify a meter. */
+   OVS_METER_CMD_DEL,  /* Delete a meter. */
+   OVS_METER_CMD_GET   /* Get meter stats. */
+};
+
+enum ovs_meter_attr {
+   OVS_METER_ATTR_UNSPEC,
+   OVS_METER_ATTR_ID,  /* u32 meter ID within datapath. */
+   OVS_METER_ATTR_KBPS,/* No argument. If set, units in kilobits
+* per second. Otherwise, units in
+* packets per second.
+*/
+   OVS_METER_ATTR_STATS,   /* struct ovs_flow_stats for the meter. */
+   OVS_METER_ATTR_BANDS,   /* Nested attributes for meter bands. */
+   OVS_METER_ATTR_USED,/* u64 msecs last used in monotonic time. */
+   OVS_METER_ATTR_CLEAR,   /* Flag to clear stats, used. */
+   OVS_METER_ATTR_MAX_METERS, /* u32 number of meters supported. */
+   OVS_METER_ATTR_MAX_BANDS,  /* u32 max number of bands per meter. */
+   OVS_METER_ATTR_PAD,
+   __OVS_METER_ATTR_MAX
+};
+
+#define OVS_METER_ATTR_MAX (__OVS_METER_ATTR_MAX - 1)
+
+enum ovs_band_attr {
+   OVS_BAND_ATTR_UNSPEC,
+   OVS_BAND_ATTR_TYPE, /* u32 OVS_METER_BAND_TYPE_* constant. */
+   OVS_BAND_ATTR_RATE, /* u32 band rate in meter units (see above). */
+   OVS_BAND_ATTR_BURST,/* u32 burst size in meter units. */
+   OVS_BAND_ATTR_STATS,/* struct ovs_flow_stats for the band. */
+   __OVS_BAND_ATTR_MAX
+};
+
+#define OVS_BAND_ATTR_MAX (__OVS_BAND_ATTR_MAX - 1)
+
+enum ovs_meter_band_type {
+   OVS_METER_BAND_TYPE_UNSPEC,
+   OVS_METER_BAND_TYPE_DROP,   /* Drop exceeding packets. */
+   __OVS_METER_BAND_TYPE_MAX
+};
+
+#define OVS_METER_BAND_TYPE_MAX (__OVS_METER_BAND_TYPE_MAX - 1)
+
 #endif /* _LINUX_OPENVSWITCH_H */
-- 
1.8.3.1

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH 09/20] datapath: reliable interface indentification in port dumps

[Greg Rose]

From: Jiri Benc 

Upstream commit:
commit 9354d452034273a50a4fd703bea31e5d6b1fc20b
Author: Jiri Benc 
Date:   Thu Nov 2 17:04:37 2017 -0200

openvswitch: reliable interface indentification in port dumps

This patch allows reliable identification of netdevice interfaces connected
to openvswitch bridges. In particular, user space queries the netdev
interfaces belonging to the ports for statistics, up/down state, etc.
Datapath dump needs to provide enough information for the user space to be
able to do that.

Currently, only interface names are returned. This is not sufficient, as
openvswitch allows its ports to be in different name spaces and the
interface name is valid only in its name space. What is needed and generally
used in other netlink APIs, is the pair ifindex+netnsid.

The solution is addition of the ifindex+netnsid pair (or only ifindex if in
the same name space) to vport get/dump operation.

On request side, ideally the ifindex+netnsid pair could be used to
get/set/del the corresponding vport. This is not implemented by this patch
and can be added later if needed.

Signed-off-by: Jiri Benc 
Signed-off-by: David S. Miller 

Added compat fixup for peernet2id.

Cc: Jiri Benc 
Signed-off-by: Greg Rose 
---
 acinclude.m4  |  3 ++
 datapath/datapath.c   | 49 +--
 datapath/datapath.h   |  4 +-
 datapath/dp_notify.c  |  3 +-
 datapath/linux/compat/include/linux/openvswitch.h |  2 +
 5 files changed, 45 insertions(+), 16 deletions(-)

diff --git a/acinclude.m4 b/acinclude.m4
index a838a46..1f0b592 100644
--- a/acinclude.m4
+++ b/acinclude.m4
@@ -801,6 +801,9 @@ AC_DEFUN([OVS_CHECK_LINUX_COMPAT], [
   OVS_GREP_IFELSE([$KSRC/include/linux/compiler_types.h],
   [__LINUX_COMPILER_TYPES_H],
   [OVS_DEFINE([HAVE_LINUX_COMPILER_TYPES_H])])
+  OVS_GREP_IFELSE([$KSRC/include/net/net_namespace.h],
+  [EXPORT_SYMBOL_GPL(peernet2id_alloc)],
+  [OVS_DEFINE([HAVE_PEERNET2ID_ALLOC])])
 
   if cmp -s datapath/linux/kcompat.h.new \
 datapath/linux/kcompat.h >/dev/null 2>&1; then
diff --git a/datapath/datapath.c b/datapath/datapath.c
index 38a453b..ebe5d20 100644
--- a/datapath/datapath.c
+++ b/datapath/datapath.c
@@ -1876,7 +1876,8 @@ static struct genl_family dp_datapath_genl_family 
__ro_after_init = {
 
 /* Called with ovs_mutex or RCU read lock. */
 static int ovs_vport_cmd_fill_info(struct vport *vport, struct sk_buff *skb,
-  u32 portid, u32 seq, u32 flags, u8 cmd)
+  struct net *net, u32 portid, u32 seq,
+  u32 flags, u8 cmd)
 {
struct ovs_header *ovs_header;
struct ovs_vport_stats vport_stats;
@@ -1892,9 +1893,19 @@ static int ovs_vport_cmd_fill_info(struct vport *vport, 
struct sk_buff *skb,
if (nla_put_u32(skb, OVS_VPORT_ATTR_PORT_NO, vport->port_no) ||
nla_put_u32(skb, OVS_VPORT_ATTR_TYPE, vport->ops->type) ||
nla_put_string(skb, OVS_VPORT_ATTR_NAME,
-  ovs_vport_name(vport)))
+  ovs_vport_name(vport)) ||
+   nla_put_u32(skb, OVS_VPORT_ATTR_IFINDEX, vport->dev->ifindex))
goto nla_put_failure;
 
+#ifdef HAVE_PEERNET2ID_ALLOC
+   if (!net_eq(net, dev_net(vport->dev))) {
+   int id = peernet2id_alloc(net, dev_net(vport->dev));
+
+   if (nla_put_s32(skb, OVS_VPORT_ATTR_NETNSID, id))
+   goto nla_put_failure;
+   }
+
+#endif
ovs_vport_get_stats(vport, _stats);
if (nla_put_64bit(skb, OVS_VPORT_ATTR_STATS,
  sizeof(struct ovs_vport_stats), _stats,
@@ -1924,8 +1935,8 @@ static struct sk_buff *ovs_vport_cmd_alloc_info(void)
 }
 
 /* Called with ovs_mutex, only via ovs_dp_notify_wq(). */
-struct sk_buff *ovs_vport_cmd_build_info(struct vport *vport, u32 portid,
-u32 seq, u8 cmd)
+struct sk_buff *ovs_vport_cmd_build_info(struct vport *vport, struct net *net,
+u32 portid, u32 seq, u8 cmd)
 {
struct sk_buff *skb;
int retval;
@@ -1934,7 +1945,7 @@ struct sk_buff *ovs_vport_cmd_build_info(struct vport 
*vport, u32 portid,
if (!skb)
return ERR_PTR(-ENOMEM);
 
-   retval = ovs_vport_cmd_fill_info(vport, skb, portid, seq, 0, cmd);
+   retval = ovs_vport_cmd_fill_info(vport, skb, net, portid, seq, 0, cmd);
BUG_ON(retval < 0);
 
return skb;
@@ -1948,6 +1959,8 @@ static struct vport *lookup_vport(struct net *net,
struct datapath *dp;
struct vport *vport;
 
+   if 

[ovs-dev] [PATCH 10/20] datapath: export get_dp() API

[Greg Rose]

From: Andy Zhou 

Upstream commit:
commit 9602c01e57f7b868d748c2ba2aef0efa64b71ffc
Author: Andy Zhou 
Date:   Fri Nov 10 12:09:41 2017 -0800

openvswitch: export get_dp() API.

Later patches will invoke get_dp() outside of datapath.c. Export it.

Signed-off-by: Andy Zhou 
Signed-off-by: David S. Miller 

Cc: Andy Zhou 
Signed-off-by: Greg Rose 
---
 datapath/datapath.c | 29 -
 datapath/datapath.h | 31 +++
 2 files changed, 31 insertions(+), 29 deletions(-)

diff --git a/datapath/datapath.c b/datapath/datapath.c
index ebe5d20..13b055a 100644
--- a/datapath/datapath.c
+++ b/datapath/datapath.c
@@ -145,35 +145,6 @@ static int queue_userspace_packet(struct datapath *dp, 
struct sk_buff *,
  const struct dp_upcall_info *,
  uint32_t cutlen);
 
-/* Must be called with rcu_read_lock. */
-static struct datapath *get_dp_rcu(struct net *net, int dp_ifindex)
-{
-   struct net_device *dev = dev_get_by_index_rcu(net, dp_ifindex);
-
-   if (dev) {
-   struct vport *vport = ovs_internal_dev_get_vport(dev);
-   if (vport)
-   return vport->dp;
-   }
-
-   return NULL;
-}
-
-/* The caller must hold either ovs_mutex or rcu_read_lock to keep the
- * returned dp pointer valid.
- */
-static inline struct datapath *get_dp(struct net *net, int dp_ifindex)
-{
-   struct datapath *dp;
-
-   WARN_ON_ONCE(!rcu_read_lock_held() && !lockdep_ovsl_is_held());
-   rcu_read_lock();
-   dp = get_dp_rcu(net, dp_ifindex);
-   rcu_read_unlock();
-
-   return dp;
-}
-
 /* Must be called with rcu_read_lock or ovs_mutex. */
 const char *ovs_dp_name(const struct datapath *dp)
 {
diff --git a/datapath/datapath.h b/datapath/datapath.h
index 1c73fb4..7481d6d 100644
--- a/datapath/datapath.h
+++ b/datapath/datapath.h
@@ -31,6 +31,7 @@
 #include "compat.h"
 #include "flow.h"
 #include "flow_table.h"
+#include "vport-internal_dev.h"
 
 #define DP_MAX_PORTS   USHRT_MAX
 #define DP_VPORT_HASH_BUCKETS  1024
@@ -197,6 +198,36 @@ static inline struct vport *ovs_vport_ovsl(const struct 
datapath *dp, int port_n
return ovs_lookup_vport(dp, port_no);
 }
 
+/* Must be called with rcu_read_lock. */
+static inline struct datapath *get_dp_rcu(struct net *net, int dp_ifindex)
+{
+   struct net_device *dev = dev_get_by_index_rcu(net, dp_ifindex);
+
+   if (dev) {
+   struct vport *vport = ovs_internal_dev_get_vport(dev);
+
+   if (vport)
+   return vport->dp;
+   }
+
+   return NULL;
+}
+
+/* The caller must hold either ovs_mutex or rcu_read_lock to keep the
+ * returned dp pointer valid.
+ */
+static inline struct datapath *get_dp(struct net *net, int dp_ifindex)
+{
+   struct datapath *dp;
+
+   WARN_ON_ONCE(!rcu_read_lock_held() && !lockdep_ovsl_is_held());
+   rcu_read_lock();
+   dp = get_dp_rcu(net, dp_ifindex);
+   rcu_read_unlock();
+
+   return dp;
+}
+
 extern struct notifier_block ovs_dp_device_notifier;
 extern struct genl_family dp_vport_genl_family;
 extern struct genl_multicast_group ovs_dp_vport_multicast_group;
-- 
1.8.3.1

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH 08/20] datapath: Fix an error handling path in 'ovs_nla_init_match_and_action()

[Greg Rose]

From: Christophe JAILLET 

Upstream commit:
commit 5829e62ac17a40ab08c1b905565604a4b5fa7af6
Author: Christophe JAILLET 
Date:   Mon Sep 11 21:56:20 2017 +0200

openvswitch: Fix an error handling path in 'ovs_nla_init_match_and_action()'

All other error handling paths in this function go through the 'error'
label. This one should do the same.

Fixes: 9cc9a5cb176c ("datapath: Avoid using stack larger than 1024.")
Signed-off-by: Christophe JAILLET 
Acked-by: Pravin B Shelar 
Signed-off-by: David S. Miller 

Cc: Christophe JAILLET 
Fixes: 850c2a4d1a ("datapath: Avoid using stack larger than 1024.")
Signed-off-by: Greg Rose 
---
 datapath/datapath.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/datapath/datapath.c b/datapath/datapath.c
index a3fdd8f..38a453b 100644
--- a/datapath/datapath.c
+++ b/datapath/datapath.c
@@ -1139,7 +1139,8 @@ static int ovs_nla_init_match_and_action(struct net *net,
if (!a[OVS_FLOW_ATTR_KEY]) {
OVS_NLERR(log,
  "Flow key attribute not present in set 
flow.");
-   return -EINVAL;
+   error = -EINVAL;
+   goto error;
}
 
*acts = get_flow_actions(net, a[OVS_FLOW_ATTR_ACTIONS], key,
-- 
1.8.3.1

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH 07/20] compat: Fix compiler headers

[Greg Rose]

Since Linux kernel upstream commit d15155824c50
("linux/compiler.h: Split into compiler.h and compiler_types.h") this
error check for the gcc compiler header is no longer valid.  Remove
so that openvswitch builds for linux kernels 4.14.8 and since.

Signed-off-by: Greg Rose 
---
 acinclude.m4   | 3 +++
 datapath/linux/compat/include/linux/compiler-gcc.h | 2 ++
 2 files changed, 5 insertions(+)

diff --git a/acinclude.m4 b/acinclude.m4
index d0f9d82..a838a46 100644
--- a/acinclude.m4
+++ b/acinclude.m4
@@ -798,6 +798,9 @@ AC_DEFUN([OVS_CHECK_LINUX_COMPAT], [
   OVS_FIND_PARAM_IFELSE([$KSRC/include/linux/netdevice.h],
 [netdev_master_upper_dev_link], [extack],
 [OVS_DEFINE([HAVE_UPPER_DEV_LINK_EXTACK])])
+  OVS_GREP_IFELSE([$KSRC/include/linux/compiler_types.h],
+  [__LINUX_COMPILER_TYPES_H],
+  [OVS_DEFINE([HAVE_LINUX_COMPILER_TYPES_H])])
 
   if cmp -s datapath/linux/kcompat.h.new \
 datapath/linux/kcompat.h >/dev/null 2>&1; then
diff --git a/datapath/linux/compat/include/linux/compiler-gcc.h 
b/datapath/linux/compat/include/linux/compiler-gcc.h
index bf057f7..bfcd531 100644
--- a/datapath/linux/compat/include/linux/compiler-gcc.h
+++ b/datapath/linux/compat/include/linux/compiler-gcc.h
@@ -1,6 +1,8 @@
 #ifndef __LINUX_COMPILER_H
+#ifndef HAVE_LINUX_COMPILER_TYPES_H
 #error "Please don't include  directly, include 
 instead."
 #endif
+#endif
 
 #include_next 
 
-- 
1.8.3.1

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH 06/20] travis: Update kernel test list from kernel.org

[Greg Rose]

Signed-off-by: Greg Rose 
---
 .travis.yml | 17 -
 1 file changed, 8 insertions(+), 9 deletions(-)

diff --git a/.travis.yml b/.travis.yml
index 48acc8e..88bdda2 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -26,17 +26,16 @@ sudo: false
 
 env:
   - OPTS="--disable-ssl"
-  - TESTSUITE=1 KERNEL=3.16.47
+  - TESTSUITE=1 KERNEL=3.16.53
   - TESTSUITE=1 OPTS="--enable-shared"
   - BUILD_ENV="-m32" OPTS="--disable-ssl"
-  - KERNEL=3.16.47 DPDK=1
-  - KERNEL=3.16.47 DPDK=1 OPTS="--enable-shared"
-  - KERNEL=4.13
-  - KERNEL=4.12.11
-  - KERNEL=4.9.48
-  - KERNEL=4.4.87
-  - KERNEL=4.1.43
-  - KERNEL=3.10.107
+  - KERNEL=3.16.53 DPDK=1
+  - KERNEL=3.16.53 DPDK=1 OPTS="--enable-shared"
+  - KERNEL=4.14.15
+  - KERNEL=4.9.78
+  - KERNEL=4.4.113
+  - KERNEL=4.1.49
+  - KERNEL=3.10.108
   - TESTSUITE=1 LIBS=-ljemalloc
 
 matrix:
-- 
1.8.3.1

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH 05/20] acinclude.m4: Enable Linux 4.14

[Greg Rose]

Signed-off-by: Greg Rose 
---
 acinclude.m4 | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/acinclude.m4 b/acinclude.m4
index 768c20c..d0f9d82 100644
--- a/acinclude.m4
+++ b/acinclude.m4
@@ -151,10 +151,10 @@ AC_DEFUN([OVS_CHECK_LINUX], [
 AC_MSG_RESULT([$kversion])
 
 if test "$version" -ge 4; then
-   if test "$version" = 4 && test "$patchlevel" -le 13; then
+   if test "$version" = 4 && test "$patchlevel" -le 14; then
   : # Linux 4.x
else
-  AC_ERROR([Linux kernel in $KBUILD is version $kversion, but version 
newer than 4.13.x is not supported (please refer to the FAQ for advice)])
+  AC_ERROR([Linux kernel in $KBUILD is version $kversion, but version 
newer than 4.14.x is not supported (please refer to the FAQ for advice)])
fi
 elif test "$version" = 3 && test "$patchlevel" -ge 10; then
: # Linux 3.x
-- 
1.8.3.1

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH 04/20] datapath: Fix SKB_GSO_UDP usage

[Greg Rose]

Using SKB_GSO_UDP breaks the compilation on Linux 4.14. Check for
the HAVE_SKB_GSO_UDP compiler #define.

Signed-off-by: Greg Rose 
---
 datapath/datapath.c |  9 ++---
 datapath/linux/compat/stt.c | 11 ++-
 2 files changed, 16 insertions(+), 4 deletions(-)

diff --git a/datapath/datapath.c b/datapath/datapath.c
index 1780819..a3fdd8f 100644
--- a/datapath/datapath.c
+++ b/datapath/datapath.c
@@ -339,8 +339,10 @@ static int queue_gso_packets(struct datapath *dp, struct 
sk_buff *skb,
 const struct dp_upcall_info *upcall_info,
 uint32_t cutlen)
 {
+#ifdef HAVE_SKB_GSO_UDP
unsigned short gso_type = skb_shinfo(skb)->gso_type;
struct sw_flow_key later_key;
+#endif
struct sk_buff *segs, *nskb;
struct ovs_skb_cb ovs_cb;
int err;
@@ -352,7 +354,7 @@ static int queue_gso_packets(struct datapath *dp, struct 
sk_buff *skb,
return PTR_ERR(segs);
if (segs == NULL)
return -EINVAL;
-
+#ifdef HAVE_SKB_GSO_UDP
if (gso_type & SKB_GSO_UDP) {
/* The initial flow key extracted by ovs_flow_key_extract()
 * in this case is for a first fragment, so we need to
@@ -361,14 +363,15 @@ static int queue_gso_packets(struct datapath *dp, struct 
sk_buff *skb,
later_key = *key;
later_key.ip.frag = OVS_FRAG_TYPE_LATER;
}
-
+#endif
/* Queue all of the segments. */
skb = segs;
do {
*OVS_CB(skb) = ovs_cb;
+#ifdef HAVE_SKB_GSO_UDP
if (gso_type & SKB_GSO_UDP && skb != segs)
key = _key;
-
+#endif
err = queue_userspace_packet(dp, skb, key, upcall_info, cutlen);
if (err)
break;
diff --git a/datapath/linux/compat/stt.c b/datapath/linux/compat/stt.c
index 37d5f4b..66a97f2 100644
--- a/datapath/linux/compat/stt.c
+++ b/datapath/linux/compat/stt.c
@@ -81,8 +81,13 @@ struct stt_dev {
 #define STT_PROTO_TCP  BIT(3)
 #define STT_PROTO_TYPES(STT_PROTO_IPV4 | STT_PROTO_TCP)
 
+#ifdef HAVE_SKB_GSO_UDP
 #define SUPPORTED_GSO_TYPES (SKB_GSO_TCPV4 | SKB_GSO_UDP | SKB_GSO_DODGY | \
 SKB_GSO_TCPV6)
+#else
+#define SUPPORTED_GSO_TYPES (SKB_GSO_TCPV4 | SKB_GSO_DODGY | \
+SKB_GSO_TCPV6)
+#endif
 
 /* The length and offset of a fragment are encoded in the sequence number.
  * STT_SEQ_LEN_SHIFT is the left shift needed to store the length.
@@ -1310,7 +1315,7 @@ static bool validate_checksum(struct sk_buff *skb)
 static bool set_offloads(struct sk_buff *skb)
 {
struct stthdr *stth = stt_hdr(skb);
-   unsigned short gso_type;
+   unsigned short gso_type = 0;
int l3_header_size;
int l4_header_size;
u16 csum_offset;
@@ -1351,7 +1356,9 @@ static bool set_offloads(struct sk_buff *skb)
case STT_PROTO_IPV4:
/* UDP/IPv4 */
csum_offset = offsetof(struct udphdr, check);
+#ifdef HAVE_SKB_GSO_UDP
gso_type = SKB_GSO_UDP;
+#endif
l3_header_size = sizeof(struct iphdr);
l4_header_size = sizeof(struct udphdr);
skb->protocol = htons(ETH_P_IP);
@@ -1359,7 +1366,9 @@ static bool set_offloads(struct sk_buff *skb)
default:
/* UDP/IPv6 */
csum_offset = offsetof(struct udphdr, check);
+#ifdef HAVE_SKB_GSO_UDP
gso_type = SKB_GSO_UDP;
+#endif
l3_header_size = sizeof(struct ipv6hdr);
l4_header_size = sizeof(struct udphdr);
skb->protocol = htons(ETH_P_IPV6);
-- 
1.8.3.1

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH 03/20] datapath: conntrack: make protocol tracker pointers const

[Greg Rose]

From: Florian Westphal 

Upstream commit:
commit b3480fe059ac9121b5714205b4ddae14b59ef4be
Author: Florian Westphal 
Date:   Sat Aug 12 00:57:08 2017 +0200

netfilter: conntrack: make protocol tracker pointers const

Doesn't change generated code, but will make it easier to eventually
make the actual trackers themselvers const.

Signed-off-by: Florian Westphal 
Signed-off-by: Pablo Neira Ayuso 

Signed-off-by: Greg Rose 
---
 datapath/conntrack.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/datapath/conntrack.c b/datapath/conntrack.c
index 3f79433..a75ae3c 100644
--- a/datapath/conntrack.c
+++ b/datapath/conntrack.c
@@ -613,8 +613,8 @@ static struct nf_conn *
 ovs_ct_find_existing(struct net *net, const struct nf_conntrack_zone *zone,
 u8 l3num, struct sk_buff *skb, bool natted)
 {
-   struct nf_conntrack_l3proto *l3proto;
-   struct nf_conntrack_l4proto *l4proto;
+   const struct nf_conntrack_l3proto *l3proto;
+   const struct nf_conntrack_l4proto *l4proto;
struct nf_conntrack_tuple tuple;
struct nf_conntrack_tuple_hash *h;
struct nf_conn *ct;
-- 
1.8.3.1

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH 02/20] compat: Do not include headers when not compiling

[Greg Rose]

If the entire file is not going to be compiled because OVS is using
upstream tunnel support then also don't bother pulling in the headers.

Signed-off-by: Greg Rose 
---
 datapath/linux/compat/ip_gre.c| 2 +-
 datapath/linux/compat/ip_output.c | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/datapath/linux/compat/ip_gre.c b/datapath/linux/compat/ip_gre.c
index 94fdaa9..4e32591 100644
--- a/datapath/linux/compat/ip_gre.c
+++ b/datapath/linux/compat/ip_gre.c
@@ -12,6 +12,7 @@
 
 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
 
+#ifndef USE_UPSTREAM_TUNNEL
 #include 
 #include 
 #include 
@@ -52,7 +53,6 @@
 #include 
 #include 
 
-#ifndef USE_UPSTREAM_TUNNEL
 #if IS_ENABLED(CONFIG_IPV6)
 #include 
 #include 
diff --git a/datapath/linux/compat/ip_output.c 
b/datapath/linux/compat/ip_output.c
index edca340..e2f869f 100644
--- a/datapath/linux/compat/ip_output.c
+++ b/datapath/linux/compat/ip_output.c
@@ -45,6 +45,7 @@
  * Hirokazu Takahashi: sendfile() on UDP works now.
  */
 
+#ifndef HAVE_CORRECT_MRU_HANDLING
 #include 
 #include 
 #include 
@@ -82,7 +83,6 @@
 #include 
 #include 
 
-#ifndef HAVE_CORRECT_MRU_HANDLING
 static inline void rpl_ip_options_fragment(struct sk_buff *skb)
 {
unsigned char *optptr = skb_network_header(skb) + sizeof(struct iphdr);
-- 
1.8.3.1

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH 01/20] datapath: Fix netdev_master_upper_dev_link for 4.14

[Greg Rose]

An extended netlink ack has been added for 4.14 - add compat layer
changes so that it compiles for all kernels up to and including
4.14.

Signed-off-by: Greg Rose 
---
 acinclude.m4|  3 +++
 datapath/linux/compat/include/linux/netdevice.h | 15 ++-
 datapath/vport-netdev.c |  9 -
 3 files changed, 25 insertions(+), 2 deletions(-)

diff --git a/acinclude.m4 b/acinclude.m4
index c04c2c6..768c20c 100644
--- a/acinclude.m4
+++ b/acinclude.m4
@@ -795,6 +795,9 @@ AC_DEFUN([OVS_CHECK_LINUX_COMPAT], [
 [OVS_DEFINE([HAVE_LIST_IN_NF_HOOK_OPS])])
   OVS_GREP_IFELSE([$KSRC/include/uapi/linux/netfilter/nf_conntrack_common.h],
   [IP_CT_UNTRACKED])
+  OVS_FIND_PARAM_IFELSE([$KSRC/include/linux/netdevice.h],
+[netdev_master_upper_dev_link], [extack],
+[OVS_DEFINE([HAVE_UPPER_DEV_LINK_EXTACK])])
 
   if cmp -s datapath/linux/kcompat.h.new \
 datapath/linux/kcompat.h >/dev/null 2>&1; then
diff --git a/datapath/linux/compat/include/linux/netdevice.h 
b/datapath/linux/compat/include/linux/netdevice.h
index 3c3cf42..c460332 100644
--- a/datapath/linux/compat/include/linux/netdevice.h
+++ b/datapath/linux/compat/include/linux/netdevice.h
@@ -101,13 +101,26 @@ static inline bool netif_needs_gso(struct sk_buff *skb,
 #ifndef HAVE_NETDEV_MASTER_UPPER_DEV_LINK_RH
 static inline int rpl_netdev_master_upper_dev_link(struct net_device *dev,
   struct net_device *upper_dev,
-  void *upper_priv, void 
*upper_info)
+  void *upper_priv,
+  void *upper_info, void *extack)
 {
return netdev_master_upper_dev_link(dev, upper_dev);
 }
 #define netdev_master_upper_dev_link rpl_netdev_master_upper_dev_link
 
 #endif
+#else
+#ifndef HAVE_UPPER_DEV_LINK_EXTACK
+static inline int rpl_netdev_master_upper_dev_link(struct net_device *dev,
+  struct net_device *upper_dev,
+  void *upper_priv,
+  void *upper_info, void *extack)
+{
+   return netdev_master_upper_dev_link(dev, upper_dev, upper_priv,
+   upper_info);
+}
+#define netdev_master_upper_dev_link rpl_netdev_master_upper_dev_link
+#endif
 #endif
 
 #if LINUX_VERSION_CODE < KERNEL_VERSION(3,16,0)
diff --git a/datapath/vport-netdev.c b/datapath/vport-netdev.c
index 697c442..e2d8eaf 100644
--- a/datapath/vport-netdev.c
+++ b/datapath/vport-netdev.c
@@ -112,8 +112,15 @@ struct vport *ovs_netdev_link(struct vport *vport, const 
char *name)
}
 
rtnl_lock();
+#ifdef HAVE_NETDEV_MASTER_UPPER_DEV_LINK_RH
err = netdev_master_upper_dev_link(vport->dev,
-  get_dpdev(vport->dp), NULL, NULL);
+  get_dpdev(vport->dp),
+  NULL, NULL);
+#else
+   err = netdev_master_upper_dev_link(vport->dev,
+  get_dpdev(vport->dp),
+  NULL, NULL, NULL);
+#endif
if (err)
goto error_unlock;
 
-- 
1.8.3.1

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH 00/20] Update and backport of upstream Linux

[Greg Rose]

Allow OVS to compile and build on Linux 4.14.x kernels.  Added
necessary compatability layer changes to the respective patches
as required for our OOT build environment.

Note that NSH and ERSPAN patches are not in this series.  We
are working with the authors of those patches to get them
backported.

This series of patches was originally sent as two separate sets
however the dependencies and compatability layer requirements
made it more convenient to combine the two sets.

Andy Zhou (3):
  datapath: export get_dp() API
  datapath: Add meter netlink definitions
  datapath: Add meter infrastructure

Arnd Bergmann (1):
  datapath: use ktime_get_ts64() instead of ktime_get_ts()

Christophe JAILLET (1):
  datapath:  Fix an error handling path in
'ovs_nla_init_match_and_action()

Florian Westphal (1):
  datapath: conntrack: make protocol tracker pointers const

Greg Rose (8):
  datapath: Fix netdev_master_upper_dev_link for 4.14
  compat: Do not include headers when not compiling
  datapath: Fix SKB_GSO_UDP usage
  acinclude.m4: Enable Linux 4.14
  travis: Update kernel test list from kernel.org
  compat: Fix compiler headers
  compat:inet_frag.h: Check for frag_percpu_counter_batch
  Documentation: Update NEWS and faq

Gustavo A. R. Silva (2):
  datapath: meter: fix NULL pointer dereference in
ovs_meter_cmd_reply_start
  datapath: fix data type in queue_gso_packets

Jiri Benc (1):
  datapath: reliable interface indentification in port dumps

Wei Yongjun (2):
  datapath: Fix return value check in ovs_meter_cmd_features()
  datapath: Using kfree_rcu() to simplify the code

zhangliping (1):
  datapath: fix the incorrect flow action alloc size

 .travis.yml|  17 +-
 Documentation/faq/releases.rst |   1 +
 NEWS   |   2 +
 acinclude.m4   |  16 +-
 datapath/Modules.mk|   6 +-
 datapath/conntrack.c   |   4 +-
 datapath/datapath.c| 106 ++--
 datapath/datapath.h|  38 +-
 datapath/dp_notify.c   |   3 +-
 datapath/flow.c|  11 +-
 datapath/flow_netlink.c|  16 +-
 datapath/linux/compat/include/linux/compiler-gcc.h |   2 +
 datapath/linux/compat/include/linux/netdevice.h|  15 +-
 datapath/linux/compat/include/linux/openvswitch.h  |  53 ++
 datapath/linux/compat/include/net/inet_frag.h  |  14 +
 datapath/linux/compat/include/net/netlink.h|   9 +
 datapath/linux/compat/ip_gre.c |   2 +-
 datapath/linux/compat/ip_output.c  |   2 +-
 datapath/linux/compat/stt.c|  11 +-
 datapath/meter.c   | 607 +
 datapath/meter.h   |  54 ++
 datapath/vport-netdev.c|   9 +-
 22 files changed, 915 insertions(+), 83 deletions(-)
 create mode 100644 datapath/meter.c
 create mode 100644 datapath/meter.h

-- 
1.8.3.1

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH 09/15] ovsdb-server: Add support for a built-in _Server database.

[Justin Pettit]

> On Dec 31, 2017, at 9:16 PM, Ben Pfaff  wrote:
> 
> @@ -5,6 +7,7 @@
> /ovsdb-idlc
> /ovsdb-server
> /ovsdb-server.1
> +/ovsdb-server.5

Do you need to add the new man page to the distributions?

debian/openvswitch-switch.manpages
rhel/openvswitch-fedora.spec.in
rhel/openvswitch.spec.in
xenserver/openvswitch-xen.spec.in

Also, I think you may want to add a reference to "Documentation/ref/index.rst".

> +# _Server schema documentation
> +EXTRA_DIST += ovsdb/_server.xml
> +CLEANFILES += ovsdb/ovsdb-server.5
> +man_MANS += ovsdb/ovsdb-server.5
> +ovsdb/ovsdb-server.5: \
> + ovsdb/ovsdb-doc ovsdb/_server.xml ovsdb/_server.ovsschema \
> + $(VSWITCH_PIC)

Did you intend to include VSWITCH_PIC?

> @@ -328,6 +333,7 @@ main(int argc, char *argv[])
> ovs_fatal(0, "%s", error);
> }
> }
> +add_server_db(_config);

I don't think there's anything that frees 'server_config'.  Not a huge deal 
since it would be on shutdown, but it's always nice to have a clean valgrind 
run.

> +/* Add the internal _Server database to the server configuration. */
> +static void
> +add_server_db(struct server_config *config)
> +{
> +struct json *schema_json = json_from_string(
> +#include "ovsdb/_server.ovsschema.inc"
> +);
> +ovs_assert(schema_json->type == JSON_OBJECT);
> +
> +struct ovsdb_schema *schema;
> +struct ovsdb_error *error OVS_UNUSED = 
> ovsdb_schema_from_json(schema_json,
> +  );
> +ovs_assert(!error);
> +json_destroy(schema_json);
> +
> +struct db *db = xzalloc(sizeof *db);
> +db->filename = xstrdup("");
> +db->db = ovsdb_create(schema);
> +add_db(config, db->db->schema->name, db);
> +}

Probably not a huge deal, since there's a single instance that runs as long as 
the process, but I don't think there's anything that free the memory allocated 
from this internal database.

> +/* Updates the Database table in the _Server database. */
> +static void
> +update_server_status(struct shash *all_dbs)
> +{
> +struct db *server_db = shash_find_data(all_dbs, "_Server");
> +struct ovsdb_table *database_table = shash_find_data(
> +_db->db->tables, "Database");
> +struct ovsdb_txn *txn = ovsdb_txn_create(server_db->db);
> +
> +/* Update rows for databases that still exist.
> + * Delete rows for databases that no longer exist. */
> +const struct ovsdb_row *row, *next_row;
> +HMAP_FOR_EACH_SAFE (row, next_row, hmap_node, _table->rows) {
> +const char *name;
> +ovsdb_util_read_string_column(row, "name", );
> +struct db *db = shash_find_data(all_dbs, name);
> +if (!db || !db->db) {
> +ovsdb_txn_row_delete(txn, row);
> +} else {
> +update_database_status(ovsdb_txn_row_modify(txn, row), db);
> }
> }
> +
> +/* Add rows for new databases.
> + *
> + * This is O(n**2) but usually there are only 2 or 3 databases. */
> +struct shash_node *node;
> +SHASH_FOR_EACH (node, all_dbs) {
> +struct db *db = node->data;
> +
> +if (!db->db) {
> +continue;
> +}
> +
> +HMAP_FOR_EACH (row, hmap_node, _table->rows) {
> +const char *name;
> +ovsdb_util_read_string_column(row, "name", );
> +if (!strcmp(name, node->name)) {
> +goto next;
> +}
> +}
> +
> +/* Add row. */
> +struct ovsdb_row *row = ovsdb_row_create(database_table);
> +uuid_generate(ovsdb_row_get_uuid_rw(row));
> +update_database_status(row, db);
> +ovsdb_txn_row_insert(txn, row);
> +
> +next:;
> +}
> +
> +commit_txn(txn, "_Server");
> }

I see a memory leak when I run unit tests (e.g., "testing database multiplexing 
implementation") under valgrind:

==123484== 6 bytes in 6 blocks are definitely lost in loss record 4 of 115
==123484==at 0x4C2DB8F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd6
4-linux.so)
==123484==by 0x437084: xmalloc (util.c:120)
==123484==by 0x4370B3: xmemdup (util.c:142)
==123484==by 0x4257BE: ovsdb_atom_init_default (ovsdb-data.c:77)
==123484==by 0x42580D: alloc_default_atoms (ovsdb-data.c:317)
==123484==by 0x425F48: ovsdb_datum_init_default (ovsdb-data.c:913)
==123484==by 0x412C12: ovsdb_row_create (row.c:56)
==123484==by 0x4051F7: update_server_status (ovsdb-server.c:1030)
==123484==by 0x4051F7: main_loop (ovsdb-server.c:226)
==123484==by 0x4051F7: main (ovsdb-server.c:438)

> diff --git a/ovsdb/ovsdb-util.c b/ovsdb/ovsdb-util.c
> index 5ee5e4ddaf8d..06d25af49a18 100644
> --- a/ovsdb/ovsdb-util.c
> +++ b/ovsdb/ovsdb-util.c
> @@ -22,6 +22,38 @@
> 
> VLOG_DEFINE_THIS_MODULE(ovsdb_util);
> 
> +static void
> +ovsdb_util_clear_column(struct ovsdb_row *row, const char *column_name)
> +{
> ...
> +if (column->type.n_min) {
> +if 

[ovs-dev] Top Gun de Ventas

[=?utf-8?Q?=C2=BFC=C3=B3mo_podemos_vender_m=C3=A1s??=]

 
Top Gun de Ventas
Febrero 12 - webinar Interactivo

Objetivo:

El participante conocerá una poderosa metodología para incrementar su capacidad 
y talento para ser un vendedor de alto rendimiento.

COMPETENCIAS A DESARROLLAR:

Automotivación | Espíritu Comercial | Atención al Cliente

1. Vendedor de alto rendimiento.
 2. ¿Cómo hacer una fuerza de alto rendimiento?
 3. Autorrespeto, automotivación, ambición y agresividad.
 4. Relaciones Públicas.
 5. Cercanía con el cliente.
 6. Cómo vender más.
 7. Metodología Top Gun 
 
Temario e Inscripciones:

Respondiendo por este medio "TOP"+TELÉFONO + NOMBRE o marcando al:

045 + 5515546630  



___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] deleting chassis doesn't delete the lport and lflows from northd

[Ali Gin]

Thanks Han:

Sorry for the typo. I thought devs would catch that. So to summarize, I was
concerned about two issues:

1. killing the compute/HV gracefully should have deleted the chassis from
southbound db along with the bindings which did not happen
2. It is ok to leave the ports acting as orphan in northbound db if chassis
are deleted from southbound since we take it as expected.

So 2 is clear as we consider that as expected. However, for 1 do we need to
get a fix/code changes or am I missing something here because as per source
code it should have deleted?


Please advise for the inputs further.



On Tue, Jan 30, 2018 at 2:45 PM, Han Zhou  wrote:

> Hi Ali,
>
> Thanks for the details. Please see my comments inlined.
>
> On Mon, Jan 29, 2018 at 7:12 PM, Ali Gin  wrote:
> >
> > Hi team/Ben:
> >
> > Want to get inputs about compute de-comm use case. So when deleting the
> chassis from southd after gracefully killing the compute, doesn't delete
> the ports binded to the northd lswitch.
> >
> I think you had a typo here: s/southd/south-bound DB, s/northd/north-bound
> DB.
>
> >
> > Below is the detail of a sandbox from recent scale test env.
> > root@fake-host:~/sandbox-192.168.83.8# ls
> > br0.mgmt  db.sock   ovn-uuid
>  ovs-vswitchd.13976.ctl
> > br0.snoop ovn-controller.14063.ctl  ovsdb-server.13959.ctl
>  ovs-vswitchd.log
> > br-int.mgmt   ovn-controller.logovsdb-server.log
>  ovs-vswitchd.pid
> > br-int.snoop  ovn-controller.pidovsdb-server.pid
>  ovs-vswitchd.sh
> > conf.db   ovn-controller.sh ovsdb-server.sh
> sandbox.rc
> > root@fake-host:~/sandbox-192.168.83.8# ps aux | grep 14063
> > root 14063  1.9  0.0 114904 88456 ?Ss   00:23  21:53
> ovn-controller --detach --no-chdir --pidfile -vconsole:off -vsyslog:off
> -vfile:info --log-file
> > root 1  0.0  0.0  14224   972 pts/0S+   19:30   0:00 grep
> --color=auto 14063
> > root@fake-host:~/sandbox-192.168.83.8# kill 14063
> >
> > root@fake-host~/sandbox-192.168.83.8# ps aux | grep 13976
> > root 13976  1.2  0.8 2480864 2325768 ? Ssl  00:23  13:49
> ovs-vswitchd --detach --no-chdir --pidfile -vconsole:off -vsyslog:off
> -vfile:info --log-file --enable-dummy=override
> > root 44688  0.0  0.0  14224  1008 pts/0S+   19:30   0:00 grep
> --color=auto 13976
> >
> > root@fake-host:~/sandbox-192.168.83.8# kill 13959
> > root@fake-host:~/sandbox-192.168.83.8# ovs-vsctl show
> > ovs-vsctl: unix:/root/sandbox-192.168.83.8/db.sock: database connection
> failed (No such file or directory)
> >
> > southdb details:
> > Chassis "7aa3f562-4b8c-4b63-b22a-d7da7fcdedcb"
> > hostname: "fake234"
> > Encap geneve
> > ip: "192.168.83.8/16"
> > options: {csum="true"}
> > Port_Binding "lport_5ead7e_UCUe2A"
> > Port_Binding "lport_5ead7e_LaD1jw"
> > Port_Binding "lport_5ead7e_XcVUdA"
> > Port_Binding "lport_5ead7e_wPkica"
> > Port_Binding "lport_5ead7e_Ms539W"
> > Port_Binding "lport_5ead7e_UGdRuk"
> > Port_Binding "lport_5ead7e_8jHLXB"
> > Port_Binding "lport_5ead7e_IKRwFf"
> > Port_Binding "lport_5ead7e_U2eXES"
> > Port_Binding "lport_5ead7e_UIVysQ"
> >
> > ovn-sbctl chassis-del 7aa3f562-4b8c-4b63-b22a-d7da7fcdedcb
> >
> > ovn-nbctl show 5cf94839-d4b6-424c-9081-20739e48eb53
> > port lport_5ead7e_UCUe2A
> > addresses: ["5e:7f:47:62:6b:d0 172.145.74.24"]
> >
> > ovn-sbctl lflow-list | grep 5e:7f:47:62:6b:d0
> >   table=0 (ls_in_port_sec_l2  ), priority=50   , match=(inport ==
> "lport_5ead7e_UCUe2A" && eth.src == {5e:7f:47:62:6b:d0}), action=(next;)
> >   table=2 (ls_in_port_sec_nd  ), priority=90   , match=(inport ==
> "lport_5ead7e_UCUe2A" && eth.src == 5e:7f:47:62:6b:d0 && arp.sha ==
> 5e:7f:47:62:6b:d0), action=(next;)
> >   table=2 (ls_in_port_sec_nd  ), priority=90   , match=(inport ==
> "lport_5ead7e_UCUe2A" && eth.src == 5e:7f:47:62:6b:d0 && ip6 && nd &&
> ((nd.sll == 00:00:00:00:00:00 || nd.sll == 5e:7f:47:62:6b:d0) || ((nd.tll
> == 00:00:00:00:00:00 || nd.tll == 5e:7f:47:62:6b:d0, action=(next;)
> >   table=15(ls_in_l2_lkup  ), priority=50   , match=(eth.dst ==
> 5e:7f:47:62:6b:d0), action=(outport = "lport_5ead7e_UCUe2A"; output;)
> >   table=8 (ls_out_port_sec_l2 ), priority=50   , match=(outport ==
> "lport_5ead7e_UCUe2A" && eth.dst == {5e:7f:47:62:6b:d0}), action=(output;)
> >
> > So is it kept on purpose or should we make code changes to take care of
> deleting the same from northd too since the lports are left orphan.
> >
>
> After deleting chassis from SB, lports are expected to be kept in NB and
> logical flows are expected to be kept in SB, since port-binding and logical
> port operations are independent.
>
> However, I would expect we don't have to manually delete the chassis from
> SB if it is gracefully shutdown. Maybe it was not graceful for some reason.
>
___
dev mailing list
d...@openvswitch.org

Re: [ovs-dev] [patch v4 03/10] Userspace datapath: Add fragmentation handling.

[Darrell Ball]

I added the following incremental to this patch:

diff --git a/lib/ipf.c b/lib/ipf.c
index 11f8f18..6eb283e 100644
--- a/lib/ipf.c
+++ b/lib/ipf.c
@@ -463,7 +463,7 @@ ipf_reassemble_v6_frags(struct ipf_list *ipf_list)
 add_len = frag_list[i].end_data_byte -
   frag_list[i].start_data_byte + 1;
 pl += add_len;
-if (pl > IPV4_PACKET_MAX_SIZE) {
+if (pl > IPV6_PACKET_MAX_DATA) {
 dp_packet_delete(pkt);
 return NULL;
 }
@@ -908,9 +908,10 @@ ipf_send_frags_in_list(struct ipf_list *ipf_list,
struct dp_packet_batch *pb,
enum ipf_list_type list_type, bool v4)
 OVS_REQUIRES(ipf_lock)
 {
+struct dp_packet *pkt;
 while (ipf_list->last_sent_idx < ipf_list->last_inuse_idx) {
-if (ipf_dp_packet_batch_add(pb,
-ipf_list->frag_list[ipf_list->last_sent_idx + 1].pkt)) {
+pkt = ipf_list->frag_list[ipf_list->last_sent_idx + 1].pkt;
+if (ipf_dp_packet_batch_add(pb, pkt)) {

 ipf_list->last_sent_idx++;
 atomic_count_dec();
@@ -919,6 +920,7 @@ ipf_send_frags_in_list(struct ipf_list *ipf_list,
struct dp_packet_batch *pb,
 ipf_count(v4, IPF_COUNTER_NFRAGS_COMPL_SENT);
 } else {
 ipf_count(v4, IPF_COUNTER_NFRAGS_EXPD_SENT);
+pkt->md.ct_state = CS_INVALID;
 }

 if (ipf_list->last_sent_idx == ipf_list->last_inuse_idx) {


I'll send a new version later, after some soak time.

Thanks Darrell



On Tue, Jan 30, 2018 at 12:58 AM, Darrell Ball  wrote:

> Fragmentation handling is added for supporting conntrack.
> Fragmentation handling is disabled by default and enabled
> via a user commands implemented in a subsequent patch.
> Both v4 and v6 are supported.
>
> Signed-off-by: Darrell Ball 
> ---
>  include/sparse/netinet/ip6.h |1 +
>  lib/automake.mk  |2 +
>  lib/ipf.c| 1179 ++
> 
>  lib/ipf.h|   61 +++
>  4 files changed, 1243 insertions(+)
>  create mode 100644 lib/ipf.c
>  create mode 100644 lib/ipf.h
>
> diff --git a/include/sparse/netinet/ip6.h b/include/sparse/netinet/ip6.h
> index d2a54de..bfa637a 100644
> --- a/include/sparse/netinet/ip6.h
> +++ b/include/sparse/netinet/ip6.h
> @@ -64,5 +64,6 @@ struct ip6_frag {
>  };
>
>  #define IP6F_OFF_MASK ((OVS_FORCE ovs_be16) 0xfff8)
> +#define IP6F_MORE_FRAG ((OVS_FORCE ovs_be16) 0x0001)
>
>  #endif /* netinet/ip6.h sparse */
> diff --git a/lib/automake.mk b/lib/automake.mk
> index 159319f..6ca6a1e 100644
> --- a/lib/automake.mk
> +++ b/lib/automake.mk
> @@ -107,6 +107,8 @@ lib_libopenvswitch_la_SOURCES = \
> lib/hmapx.h \
> lib/id-pool.c \
> lib/id-pool.h \
> +   lib/ipf.c \
> +   lib/ipf.h \
> lib/jhash.c \
> lib/jhash.h \
> lib/json.c \
> diff --git a/lib/ipf.c b/lib/ipf.c
> new file mode 100644
> index 000..74c4b32
> --- /dev/null
> +++ b/lib/ipf.c
> @@ -0,0 +1,1179 @@
> +/*
> + * Copyright (c) 2018 Nicira, Inc.
> + *
> + * Licensed under the Apache License, Version 2.0 (the "License");
> + * you may not use this file except in compliance with the License.
> + * You may obtain a copy of the License at:
> + *
> + * http://www.apache.org/licenses/LICENSE-2.0
> + *
> + * Unless required by applicable law or agreed to in writing, software
> + * distributed under the License is distributed on an "AS IS" BASIS,
> + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
> implied.
> + * See the License for the specific language governing permissions and
> + * limitations under the License.
> + */
> +
> +#include 
> +#include 
> +#include 
> +#include 
> +#include 
> +#include 
> +#include 
> +#include 
> +
> +#include "csum.h"
> +#include "ipf.h"
> +#include "openvswitch/hmap.h"
> +#include "openvswitch/vlog.h"
> +#include "ovs-atomic.h"
> +#include "packets.h"
> +#include "util.h"
> +
> +VLOG_DEFINE_THIS_MODULE(ipf);
> +
> +enum {
> +IPV4_PACKET_MAX_HDR_SIZE = 60,
> +IPV4_PACKET_MAX_SIZE = 65535,
> +IPV6_PACKET_MAX_DATA = 65535,
> +};
> +
> +enum ipf_list_state {
> +IPF_LIST_STATE_UNUSED,
> +IPF_LIST_STATE_REASS_FAIL,
> +IPF_LIST_STATE_OTHER_SEEN,
> +IPF_LIST_STATE_FIRST_SEEN,
> +IPF_LIST_STATE_LAST_SEEN,
> +IPF_LIST_STATE_FIRST_LAST_SEEN,
> +IPF_LIST_STATE_COMPLETED,
> +};
> +
> +enum ipf_list_type {
> +IPF_FRAG_COMPLETED_LIST,
> +IPF_FRAG_EXPIRY_LIST,
> +};
> +
> +enum {
> +IPF_INVALID_IDX = -1,
> +IPF_V4_FRAG_SIZE_LBOUND = 400,
> +IPF_V4_FRAG_SIZE_MIN_DEF = 1200,
> +IPF_V6_FRAG_SIZE_LBOUND = 1280,
> +IPF_V6_FRAG_SIZE_MIN_DEF = 1280,
> +IPF_MAX_FRAGS_DEFAULT = 1000,
> +IPF_NFRAG_UBOUND = 5000,
> +};
> +
> +enum ipf_counter_type {
> +IPF_COUNTER_NFRAGS,
> +IPF_COUNTER_NFRAGS_ACCEPTED,
> +IPF_COUNTER_NFRAGS_COMPL_SENT,
> +

Re: [ovs-dev] deleting chassis doesn't delete the lport and lflows from northd

[Han Zhou]

Hi Ali,

Thanks for the details. Please see my comments inlined.

On Mon, Jan 29, 2018 at 7:12 PM, Ali Gin  wrote:
>
> Hi team/Ben:
>
> Want to get inputs about compute de-comm use case. So when deleting the
chassis from southd after gracefully killing the compute, doesn't delete
the ports binded to the northd lswitch.
>
I think you had a typo here: s/southd/south-bound DB, s/northd/north-bound
DB.

>
> Below is the detail of a sandbox from recent scale test env.
> root@fake-host:~/sandbox-192.168.83.8# ls
> br0.mgmt  db.sock   ovn-uuid
 ovs-vswitchd.13976.ctl
> br0.snoop ovn-controller.14063.ctl  ovsdb-server.13959.ctl
 ovs-vswitchd.log
> br-int.mgmt   ovn-controller.logovsdb-server.log
 ovs-vswitchd.pid
> br-int.snoop  ovn-controller.pidovsdb-server.pid
 ovs-vswitchd.sh
> conf.db   ovn-controller.sh ovsdb-server.sh sandbox.rc
> root@fake-host:~/sandbox-192.168.83.8# ps aux | grep 14063
> root 14063  1.9  0.0 114904 88456 ?Ss   00:23  21:53
ovn-controller --detach --no-chdir --pidfile -vconsole:off -vsyslog:off
-vfile:info --log-file
> root 1  0.0  0.0  14224   972 pts/0S+   19:30   0:00 grep
--color=auto 14063
> root@fake-host:~/sandbox-192.168.83.8# kill 14063
>
> root@fake-host~/sandbox-192.168.83.8# ps aux | grep 13976
> root 13976  1.2  0.8 2480864 2325768 ? Ssl  00:23  13:49
ovs-vswitchd --detach --no-chdir --pidfile -vconsole:off -vsyslog:off
-vfile:info --log-file --enable-dummy=override
> root 44688  0.0  0.0  14224  1008 pts/0S+   19:30   0:00 grep
--color=auto 13976
>
> root@fake-host:~/sandbox-192.168.83.8# kill 13959
> root@fake-host:~/sandbox-192.168.83.8# ovs-vsctl show
> ovs-vsctl: unix:/root/sandbox-192.168.83.8/db.sock: database connection
failed (No such file or directory)
>
> southdb details:
> Chassis "7aa3f562-4b8c-4b63-b22a-d7da7fcdedcb"
> hostname: "fake234"
> Encap geneve
> ip: "192.168.83.8/16"
> options: {csum="true"}
> Port_Binding "lport_5ead7e_UCUe2A"
> Port_Binding "lport_5ead7e_LaD1jw"
> Port_Binding "lport_5ead7e_XcVUdA"
> Port_Binding "lport_5ead7e_wPkica"
> Port_Binding "lport_5ead7e_Ms539W"
> Port_Binding "lport_5ead7e_UGdRuk"
> Port_Binding "lport_5ead7e_8jHLXB"
> Port_Binding "lport_5ead7e_IKRwFf"
> Port_Binding "lport_5ead7e_U2eXES"
> Port_Binding "lport_5ead7e_UIVysQ"
>
> ovn-sbctl chassis-del 7aa3f562-4b8c-4b63-b22a-d7da7fcdedcb
>
> ovn-nbctl show 5cf94839-d4b6-424c-9081-20739e48eb53
> port lport_5ead7e_UCUe2A
> addresses: ["5e:7f:47:62:6b:d0 172.145.74.24"]
>
> ovn-sbctl lflow-list | grep 5e:7f:47:62:6b:d0
>   table=0 (ls_in_port_sec_l2  ), priority=50   , match=(inport ==
"lport_5ead7e_UCUe2A" && eth.src == {5e:7f:47:62:6b:d0}), action=(next;)
>   table=2 (ls_in_port_sec_nd  ), priority=90   , match=(inport ==
"lport_5ead7e_UCUe2A" && eth.src == 5e:7f:47:62:6b:d0 && arp.sha ==
5e:7f:47:62:6b:d0), action=(next;)
>   table=2 (ls_in_port_sec_nd  ), priority=90   , match=(inport ==
"lport_5ead7e_UCUe2A" && eth.src == 5e:7f:47:62:6b:d0 && ip6 && nd &&
((nd.sll == 00:00:00:00:00:00 || nd.sll == 5e:7f:47:62:6b:d0) || ((nd.tll
== 00:00:00:00:00:00 || nd.tll == 5e:7f:47:62:6b:d0, action=(next;)
>   table=15(ls_in_l2_lkup  ), priority=50   , match=(eth.dst ==
5e:7f:47:62:6b:d0), action=(outport = "lport_5ead7e_UCUe2A"; output;)
>   table=8 (ls_out_port_sec_l2 ), priority=50   , match=(outport ==
"lport_5ead7e_UCUe2A" && eth.dst == {5e:7f:47:62:6b:d0}), action=(output;)
>
> So is it kept on purpose or should we make code changes to take care of
deleting the same from northd too since the lports are left orphan.
>

After deleting chassis from SB, lports are expected to be kept in NB and
logical flows are expected to be kept in SB, since port-binding and logical
port operations are independent.

However, I would expect we don't have to manually delete the chassis from
SB if it is gracefully shutdown. Maybe it was not graceful for some reason.
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH v2 2/3] ofp-util: New data structure for mapping between table names and numbers.

[Yifeng Sun]

Looks good to me, thanks.

Reviewed-by: Yifeng Sun 


On Fri, Jan 12, 2018 at 12:57 PM, Ben Pfaff  wrote:

> This shares the infrastructure for mapping port names and numbers.  It will
> be used in an upcoming commit.
>
> Signed-off-by: Ben Pfaff 
> ---
>  include/openvswitch/ofp-util.h |  33 +++--
>  lib/ofp-util.c | 150 ++
> ---
>  2 files changed, 138 insertions(+), 45 deletions(-)
>
> diff --git a/include/openvswitch/ofp-util.h b/include/openvswitch/ofp-
> util.h
> index 296078a2fe8b..d9780dd44582 100644
> --- a/include/openvswitch/ofp-util.h
> +++ b/include/openvswitch/ofp-util.h
> @@ -43,15 +43,24 @@ union ofp_action;
>  struct ofpact_set_field;
>  struct vl_mff_map;
>
> -/* Mapping between port numbers and names. */
> -struct ofputil_port_map {
> +/* Name-number mapping.
> + *
> + * This is not exported directly but only through specializations for port
> + * name-number and table name-number mappings. */
> +struct ofputil_name_map {
>  struct hmap by_name;
>  struct hmap by_number;
>  };
> -
> -#define OFPUTIL_PORT_MAP_INITIALIZER(MAP)  \
> +#define OFPUTIL_NAME_MAP_INITIALIZER(MAP)  \
>  { HMAP_INITIALIZER(&(MAP)->by_name), HMAP_INITIALIZER(&(MAP)->by_number)
> }
>
> +/* Mapping between port numbers and names. */
> +struct ofputil_port_map {
> +struct ofputil_name_map map;
> +};
> +#define OFPUTIL_PORT_MAP_INITIALIZER(MAP) \
> +{ OFPUTIL_NAME_MAP_INITIALIZER(&(MAP)->map) }
> +
>  void ofputil_port_map_init(struct ofputil_port_map *);
>  const char *ofputil_port_map_get_name(const struct ofputil_port_map *,
>ofp_port_t);
> @@ -791,6 +800,22 @@ struct ofputil_table_mod_prop_vacancy {
>  uint8_t vacancy; /* Current vacancy (%). */
>  };
>
> +/* Mapping between table numbers and names. */
> +struct ofputil_table_map {
> +struct ofputil_name_map map;
> +};
> +#define OFPUTIL_TABLE_MAP_INITIALIZER(MAP) \
> +{ OFPUTIL_NAME_MAP_INITIALIZER((MAP).map) }
> +
> +void ofputil_table_map_init(struct ofputil_table_map *);
> +const char *ofputil_table_map_get_name(const struct ofputil_table_map *,
> +   uint8_t);
> +uint8_t ofputil_table_map_get_number(const struct ofputil_table_map *,
> + const char *name);
> +void ofputil_table_map_put(struct ofputil_table_map *,
> +   uint8_t, const char *name);
> +void ofputil_table_map_destroy(struct ofputil_table_map *);
> +
>  /* Abstract ofp_table_mod. */
>  struct ofputil_table_mod {
>  uint8_t table_id; /* ID of the table, 0xff indicates all
> tables. */
> diff --git a/lib/ofp-util.c b/lib/ofp-util.c
> index 597112e4f84e..f3b2e3f6108c 100644
> --- a/lib/ofp-util.c
> +++ b/lib/ofp-util.c
> @@ -7454,12 +7454,14 @@ ofputil_port_to_string(ofp_port_t port,
>  snprintf(namebuf, bufsize, "%"PRIu32, port);
>  }
>
> -/* ofputil_port_map.  */
> -struct ofputil_port_map_node {
> +/* ofputil_name_map.  */
> +
> +struct ofputil_name_map_node {
>  struct hmap_node name_node;
>  struct hmap_node number_node;
> -ofp_port_t ofp_port;/* Port number. */
> -char *name; /* Port name. */
> +
> +uint32_t number;
> +char *name;
>
>  /* OpenFlow doesn't require port names to be unique, although that's
> the
>   * only sensible way.  However, even in Open vSwitch it's possible
> for two
> @@ -7469,22 +7471,25 @@ struct ofputil_port_map_node {
>   * corner case.
>   *
>   * OpenFlow does require port numbers to be unique.  We check for
> duplicate
> - * ports numbers just in case a switch has a bug. */
> + * ports numbers just in case a switch has a bug.
> + *
> + * OpenFlow doesn't require table names to be unique and Open vSwitch
> + * doesn't try to make them unique. */
>  bool duplicate;
>  };
>
> -void
> -ofputil_port_map_init(struct ofputil_port_map *map)
> +static void
> +ofputil_name_map_init(struct ofputil_name_map *map)
>  {
>  hmap_init(>by_name);
>  hmap_init(>by_number);
>  }
>
> -static struct ofputil_port_map_node *
> -ofputil_port_map_find_by_name(const struct ofputil_port_map *map,
> +static struct ofputil_name_map_node *
> +ofputil_name_map_find_by_name(const struct ofputil_name_map *map,
>const char *name)
>  {
> -struct ofputil_port_map_node *node;
> +struct ofputil_name_map_node *node;
>
>  HMAP_FOR_EACH_WITH_HASH (node, name_node, hash_string(name, 0),
>   >by_name) {
> @@ -7495,38 +7500,38 @@ ofputil_port_map_find_by_name(const struct
> ofputil_port_map *map,
>  return NULL;
>  }
>
> -static struct ofputil_port_map_node *
> -ofputil_port_map_find_by_number(const struct ofputil_port_map *map,
> -ofp_port_t ofp_port)
> +static struct ofputil_name_map_node *
> 

Re: [ovs-dev] [PATCH v2 1/3] ofp-actions: Make formatting and parsing functions take a struct argument.

[Yifeng Sun]

Looks good to me, thanks.

Reviewed-by: Yifeng Sun 


On Fri, Jan 12, 2018 at 12:57 PM, Ben Pfaff  wrote:

> An upcoming commit will add another parameter for parsing and formatting
> actions.  It is much easier to add these parameters if they are
> encapsulated in a struct, so this commit first makes that change.
>
> Signed-off-by: Ben Pfaff 
> ---
>  include/openvswitch/ofp-actions.h |   32 +-
>  lib/ofp-actions.c | 1137 +++---
> ---
>  lib/ofp-parse.c   |   24 +-
>  lib/ofp-print.c   |   40 +-
>  ofproto/ofproto-dpif-trace.c  |8 +-
>  ofproto/ofproto-dpif-xlate.c  |   12 +-
>  ofproto/ofproto.c |3 +-
>  ovn/controller/ofctrl.c   |3 +-
>  ovn/utilities/ovn-sbctl.c |3 +-
>  tests/test-ovn.c  |3 +-
>  utilities/ovs-ofctl.c |   19 +-
>  11 files changed, 565 insertions(+), 719 deletions(-)
>
> diff --git a/include/openvswitch/ofp-actions.h b/include/openvswitch/ofp-
> actions.h
> index 4e957358f90a..454c705ccf73 100644
> --- a/include/openvswitch/ofp-actions.h
> +++ b/include/openvswitch/ofp-actions.h
> @@ -1064,18 +1064,32 @@ bool ofpacts_equal_stringwise(const struct ofpact
> a[], size_t a_len,
>  const struct mf_field *ofpact_get_mf_dst(const struct ofpact *ofpact);
>  uint32_t ofpacts_get_meter(const struct ofpact[], size_t ofpacts_len);
>
> -/* Formatting and parsing ofpacts. */
> +/* Formatting ofpacts. */
> +struct ofpact_format_params {
> +/* Input. */
> +const struct ofputil_port_map *port_map;
> +
> +/* Output. */
> +struct ds *s;
> +};
>  void ofpacts_format(const struct ofpact[], size_t ofpacts_len,
> -const struct ofputil_port_map *, struct ds *);
> -char *ofpacts_parse_actions(const char *, const struct ofputil_port_map *,
> -struct ofpbuf *ofpacts,
> -enum ofputil_protocol *usable_protocols)
> +const struct ofpact_format_params *);
> +const char *ofpact_name(enum ofpact_type);
> +
> +/* Parsing ofpacts. */
> +struct ofpact_parse_params {
> +/* Input. */
> +const struct ofputil_port_map *port_map;
> +
> +/* Output. */
> +struct ofpbuf *ofpacts;
> +enum ofputil_protocol *usable_protocols;
> +};
> +char *ofpacts_parse_actions(const char *, const struct
> ofpact_parse_params *)
>  OVS_WARN_UNUSED_RESULT;
> -char *ofpacts_parse_instructions(const char *, const struct
> ofputil_port_map *,
> - struct ofpbuf *ofpacts,
> - enum ofputil_protocol *usable_protocols)
> +char *ofpacts_parse_instructions(const char *,
> + const struct ofpact_parse_params *)
>  OVS_WARN_UNUSED_RESULT;
> -const char *ofpact_name(enum ofpact_type);
>
>  /* Internal use by the helpers below. */
>  void ofpact_init(struct ofpact *, enum ofpact_type, size_t len);
> diff --git a/lib/ofp-actions.c b/lib/ofp-actions.c
> index db933634bf8b..93792ddfca4b 100644
> --- a/lib/ofp-actions.c
> +++ b/lib/ofp-actions.c
> @@ -417,8 +417,7 @@ static void *ofpact_put_raw(struct ofpbuf *, enum
> ofp_version,
>  enum ofp_raw_action_type, uint64_t arg);
>
>  static char *OVS_WARN_UNUSED_RESULT ofpacts_parse(
> -char *str, const struct ofputil_port_map *,
> -struct ofpbuf *ofpacts, enum ofputil_protocol *usable_protocols,
> +char *str, const struct ofpact_parse_params *pp,
>  bool allow_instructions, enum ofpact_type outer_action);
>  static enum ofperr ofpacts_pull_openflow_actions__(
>  struct ofpbuf *openflow, unsigned int actions_len,
> @@ -426,8 +425,7 @@ static enum ofperr ofpacts_pull_openflow_actions__(
>  struct ofpbuf *ofpacts, enum ofpact_type outer_action,
>  const struct vl_mff_map *vl_mff_map, uint64_t *ofpacts_tlv_bitmap);
>  static char * OVS_WARN_UNUSED_RESULT ofpacts_parse_copy(
> -const char *s_, const struct ofputil_port_map *, struct ofpbuf
> *ofpacts,
> -enum ofputil_protocol *usable_protocols,
> +const char *s_, const struct ofpact_parse_params *pp,
>  bool allow_instructions, enum ofpact_type outer_action);
>
>  /* Returns the ofpact following 'ofpact', except that if 'ofpact' contains
> @@ -607,16 +605,16 @@ encode_OUTPUT(const struct ofpact_output *output,
>  }
>
>  static char * OVS_WARN_UNUSED_RESULT
> -parse_truncate_subfield(struct ofpact_output_trunc *output_trunc,
> -const char *arg_,
> -const struct ofputil_port_map *port_map)
> +parse_truncate_subfield(const char *arg_,
> +const struct ofpact_parse_params *pp,
> +struct ofpact_output_trunc *output_trunc)
>  {
>  char *key, *value;
>  char *arg = CONST_CAST(char *, arg_);
>
>  while (ofputil_parse_key_value(, , )) {
>  if (!strcmp(key, 

Re: [ovs-dev] [PATCH] classifier: Refactor interface for classifier_remove().

[Yifeng Sun]

Thanks for the patch, which is better than the one I submitted.

Tested-by: Yifeng Sun 

Reviewed-by: Yifeng Sun 

On Tue, Jan 30, 2018 at 1:00 PM, Ben Pfaff  wrote:

> Until now, classifier_remove() returned either null or the classifier rule
> passed to it, which is an unusual interface.  This commit changes it to
> return true if it succeeds or false on failure.
>
> In addition, most of classifier_remove()'s callers know ahead of time that
> it must succeed, even though most of them didn't bother with an assertion,
> so this commit adds a classifier_remove_assert() function as a helper.
>
> Signed-off-by: Ben Pfaff 
> ---
>  lib/classifier.c| 25 +
>  lib/classifier.h|  4 ++--
>  lib/ovs-router.c| 19 ---
>  lib/tnl-ports.c |  5 ++---
>  ofproto/ofproto.c   | 14 --
>  tests/test-classifier.c | 19 +--
>  tests/test-ovn.c|  2 +-
>  utilities/ovs-ofctl.c   |  2 +-
>  8 files changed, 44 insertions(+), 46 deletions(-)
>
> diff --git a/lib/classifier.c b/lib/classifier.c
> index 16c451da1b30..9ad3710d61a1 100644
> --- a/lib/classifier.c
> +++ b/lib/classifier.c
> @@ -695,15 +695,16 @@ classifier_insert(struct classifier *cls, const
> struct cls_rule *rule,
>  ovs_assert(!displaced_rule);
>  }
>
> -/* Removes 'rule' from 'cls'.  It is the caller's responsibility to
> destroy
> - * 'rule' with cls_rule_destroy(), freeing the memory block in which
> 'rule'
> - * resides, etc., as necessary.
> +/* If 'rule' is in 'cls', removes 'rule' from 'cls' and returns true.  It
> is
> + * the caller's responsibility to destroy 'rule' with cls_rule_destroy(),
> + * freeing the memory block in which 'rule' resides, etc., as necessary.
>   *
> - * Does nothing if 'rule' has been already removed, or was never inserted.
> + * If 'rule' is not in any classifier, returns false without making any
> + * changes.
>   *
> - * Returns the removed rule, or NULL, if it was already removed.
> + * 'rule' must not be in some classifier other than 'cls'.
>   */
> -const struct cls_rule *
> +bool
>  classifier_remove(struct classifier *cls, const struct cls_rule *cls_rule)
>  {
>  struct cls_match *rule, *prev, *next, *head;
> @@ -716,7 +717,7 @@ classifier_remove(struct classifier *cls, const struct
> cls_rule *cls_rule)
>
>  rule = get_cls_match_protected(cls_rule);
>  if (!rule) {
> -return NULL;
> +return false;
>  }
>  /* Mark as removed. */
>  ovsrcu_set(_CAST(struct cls_rule *, cls_rule)->cls_match, NULL);
> @@ -820,7 +821,15 @@ check_priority:
>  ovsrcu_postpone(cls_match_free_cb, rule);
>  cls->n_rules--;
>
> -return cls_rule;
> +return true;
> +}
> +
> +void
> +classifier_remove_assert(struct classifier *cls,
> + const struct cls_rule *cls_rule)
> +{
> +bool OVS_UNUSED removed = classifier_remove(cls, cls_rule);
> +ovs_assert(removed);
>  }
>
>  /* Prefix tree context.  Valid when 'lookup_done' is true.  Can skip all
> diff --git a/lib/classifier.h b/lib/classifier.h
> index 71c2e507d7c3..31d4a1b08bd2 100644
> --- a/lib/classifier.h
> +++ b/lib/classifier.h
> @@ -387,8 +387,8 @@ const struct cls_rule *classifier_replace(struct
> classifier *,
>ovs_version_t,
>const struct cls_conjunction *,
>size_t n_conjunctions);
> -const struct cls_rule *classifier_remove(struct classifier *,
> - const struct cls_rule *);
> +bool classifier_remove(struct classifier *, const struct cls_rule *);
> +void classifier_remove_assert(struct classifier *, const struct cls_rule
> *);
>  static inline void classifier_defer(struct classifier *);
>  static inline void classifier_publish(struct classifier *);
>
> diff --git a/lib/ovs-router.c b/lib/ovs-router.c
> index cd2ab15fb003..e6cc81fd0827 100644
> --- a/lib/ovs-router.c
> +++ b/lib/ovs-router.c
> @@ -245,19 +245,14 @@ ovs_router_insert(uint32_t mark, const struct
> in6_addr *ip_dst, uint8_t plen,
>  ovs_router_insert__(mark, plen, ip_dst, plen, output_bridge, gw);
>  }
>
> -static bool
> -__rt_entry_delete(const struct cls_rule *cr)
> +static void
> +rt_entry_delete__(const struct cls_rule *cr)
>  {
>  struct ovs_router_entry *p = ovs_router_entry_cast(cr);
>
>  tnl_port_map_delete_ipdev(p->output_bridge);
> -/* Remove it. */
> -cr = classifier_remove(, cr);
> -if (cr) {
> -ovsrcu_postpone(rt_entry_free, ovs_router_entry_cast(cr));
> -return true;
> -}
> -return false;
> +classifier_remove_assert(, cr);
> +ovsrcu_postpone(rt_entry_free, ovs_router_entry_cast(cr));
>  }
>
>  static bool
> @@ -277,8 +272,10 @@ rt_entry_delete(uint32_t mark, uint8_t priority,
>  cr = classifier_find_rule_exactly(, , 

Re: [ovs-dev] [PATCH] classifier: Fix typo in comment.

[Ben Pfaff]

Thanks, applied to master.

On Tue, Jan 30, 2018 at 12:52:09PM -0800, Yifeng Sun wrote:
> Thanks for the fix.
> 
> Reviewed-by: Yifeng Sun 
> 
> On Tue, Jan 30, 2018 at 12:34 PM, Ben Pfaff  wrote:
> 
> > Signed-off-by: Ben Pfaff 
> > ---
> >  lib/classifier.h | 2 +-
> >  1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/lib/classifier.h b/lib/classifier.h
> > index f0ea5a9cb8b2..71c2e507d7c3 100644
> > --- a/lib/classifier.h
> > +++ b/lib/classifier.h
> > @@ -284,7 +284,7 @@
> >   *
> >   * The classifier may safely be accessed by many reader threads
> > concurrently
> >   * and by a single writer, or by multiple writers when they guarantee
> > mutually
> > - * exlucive access to classifier modifications.
> > + * exclusive access to classifier modifications.
> >   *
> >   * Since the classifier rules are RCU protected, the rule destruction
> > after
> >   * removal from the classifier must be RCU postponed.  Also, when
> > versioning is
> > --
> > 2.10.2
> >
> > ___
> > dev mailing list
> > d...@openvswitch.org
> > https://mail.openvswitch.org/mailman/listinfo/ovs-dev
> >
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH] classifier: Refactor interface for classifier_remove().

[Ben Pfaff]

Until now, classifier_remove() returned either null or the classifier rule
passed to it, which is an unusual interface.  This commit changes it to
return true if it succeeds or false on failure.

In addition, most of classifier_remove()'s callers know ahead of time that
it must succeed, even though most of them didn't bother with an assertion,
so this commit adds a classifier_remove_assert() function as a helper.

Signed-off-by: Ben Pfaff 
---
 lib/classifier.c| 25 +
 lib/classifier.h|  4 ++--
 lib/ovs-router.c| 19 ---
 lib/tnl-ports.c |  5 ++---
 ofproto/ofproto.c   | 14 --
 tests/test-classifier.c | 19 +--
 tests/test-ovn.c|  2 +-
 utilities/ovs-ofctl.c   |  2 +-
 8 files changed, 44 insertions(+), 46 deletions(-)

diff --git a/lib/classifier.c b/lib/classifier.c
index 16c451da1b30..9ad3710d61a1 100644
--- a/lib/classifier.c
+++ b/lib/classifier.c
@@ -695,15 +695,16 @@ classifier_insert(struct classifier *cls, const struct 
cls_rule *rule,
 ovs_assert(!displaced_rule);
 }
 
-/* Removes 'rule' from 'cls'.  It is the caller's responsibility to destroy
- * 'rule' with cls_rule_destroy(), freeing the memory block in which 'rule'
- * resides, etc., as necessary.
+/* If 'rule' is in 'cls', removes 'rule' from 'cls' and returns true.  It is
+ * the caller's responsibility to destroy 'rule' with cls_rule_destroy(),
+ * freeing the memory block in which 'rule' resides, etc., as necessary.
  *
- * Does nothing if 'rule' has been already removed, or was never inserted.
+ * If 'rule' is not in any classifier, returns false without making any
+ * changes.
  *
- * Returns the removed rule, or NULL, if it was already removed.
+ * 'rule' must not be in some classifier other than 'cls'.
  */
-const struct cls_rule *
+bool
 classifier_remove(struct classifier *cls, const struct cls_rule *cls_rule)
 {
 struct cls_match *rule, *prev, *next, *head;
@@ -716,7 +717,7 @@ classifier_remove(struct classifier *cls, const struct 
cls_rule *cls_rule)
 
 rule = get_cls_match_protected(cls_rule);
 if (!rule) {
-return NULL;
+return false;
 }
 /* Mark as removed. */
 ovsrcu_set(_CAST(struct cls_rule *, cls_rule)->cls_match, NULL);
@@ -820,7 +821,15 @@ check_priority:
 ovsrcu_postpone(cls_match_free_cb, rule);
 cls->n_rules--;
 
-return cls_rule;
+return true;
+}
+
+void
+classifier_remove_assert(struct classifier *cls,
+ const struct cls_rule *cls_rule)
+{
+bool OVS_UNUSED removed = classifier_remove(cls, cls_rule);
+ovs_assert(removed);
 }
 
 /* Prefix tree context.  Valid when 'lookup_done' is true.  Can skip all
diff --git a/lib/classifier.h b/lib/classifier.h
index 71c2e507d7c3..31d4a1b08bd2 100644
--- a/lib/classifier.h
+++ b/lib/classifier.h
@@ -387,8 +387,8 @@ const struct cls_rule *classifier_replace(struct classifier 
*,
   ovs_version_t,
   const struct cls_conjunction *,
   size_t n_conjunctions);
-const struct cls_rule *classifier_remove(struct classifier *,
- const struct cls_rule *);
+bool classifier_remove(struct classifier *, const struct cls_rule *);
+void classifier_remove_assert(struct classifier *, const struct cls_rule *);
 static inline void classifier_defer(struct classifier *);
 static inline void classifier_publish(struct classifier *);
 
diff --git a/lib/ovs-router.c b/lib/ovs-router.c
index cd2ab15fb003..e6cc81fd0827 100644
--- a/lib/ovs-router.c
+++ b/lib/ovs-router.c
@@ -245,19 +245,14 @@ ovs_router_insert(uint32_t mark, const struct in6_addr 
*ip_dst, uint8_t plen,
 ovs_router_insert__(mark, plen, ip_dst, plen, output_bridge, gw);
 }
 
-static bool
-__rt_entry_delete(const struct cls_rule *cr)
+static void
+rt_entry_delete__(const struct cls_rule *cr)
 {
 struct ovs_router_entry *p = ovs_router_entry_cast(cr);
 
 tnl_port_map_delete_ipdev(p->output_bridge);
-/* Remove it. */
-cr = classifier_remove(, cr);
-if (cr) {
-ovsrcu_postpone(rt_entry_free, ovs_router_entry_cast(cr));
-return true;
-}
-return false;
+classifier_remove_assert(, cr);
+ovsrcu_postpone(rt_entry_free, ovs_router_entry_cast(cr));
 }
 
 static bool
@@ -277,8 +272,10 @@ rt_entry_delete(uint32_t mark, uint8_t priority,
 cr = classifier_find_rule_exactly(, , OVS_VERSION_MAX);
 if (cr) {
 ovs_mutex_lock();
-res = __rt_entry_delete(cr);
+rt_entry_delete__(cr);
 ovs_mutex_unlock();
+
+res = true;
 }
 
 cls_rule_destroy();
@@ -476,7 +473,7 @@ ovs_router_flush(void)
 classifier_defer();
 CLS_FOR_EACH(rt, cr, ) {
 if (rt->priority == rt->plen) {
-__rt_entry_delete(>cr);
+rt_entry_delete__(>cr);
 }
 }
 

[ovs-dev] [PATCH] classifier: refactor classifier_remove and introduce classifier_remove_assert

[Yifeng Sun]

The return type of classifier_remove is changed to bool. Besides,
classifier_remove_assert is introduced to assert that the classifier
must contain the rule. This patch is based on Ben's advice.

Signed-off-by: Yifeng Sun 
---
 lib/classifier.c  | 21 +
 lib/classifier.h  |  6 --
 lib/ovs-router.c  | 15 +--
 lib/tnl-ports.c   |  5 ++---
 ofproto/ofproto.c | 14 --
 5 files changed, 32 insertions(+), 29 deletions(-)

diff --git a/lib/classifier.c b/lib/classifier.c
index 16c451da1b30..4a4aacfd6208 100644
--- a/lib/classifier.c
+++ b/lib/classifier.c
@@ -701,9 +701,9 @@ classifier_insert(struct classifier *cls, const struct 
cls_rule *rule,
  *
  * Does nothing if 'rule' has been already removed, or was never inserted.
  *
- * Returns the removed rule, or NULL, if it was already removed.
+ * Returns true on success, or false, if it was already removed.
  */
-const struct cls_rule *
+bool
 classifier_remove(struct classifier *cls, const struct cls_rule *cls_rule)
 {
 struct cls_match *rule, *prev, *next, *head;
@@ -716,7 +716,7 @@ classifier_remove(struct classifier *cls, const struct 
cls_rule *cls_rule)
 
 rule = get_cls_match_protected(cls_rule);
 if (!rule) {
-return NULL;
+return false;
 }
 /* Mark as removed. */
 ovsrcu_set(_CAST(struct cls_rule *, cls_rule)->cls_match, NULL);
@@ -820,7 +820,20 @@ check_priority:
 ovsrcu_postpone(cls_match_free_cb, rule);
 cls->n_rules--;
 
-return cls_rule;
+return true;
+}
+
+/* Removes 'rule' from 'cls'.  It is the caller's responsibility to destroy
+ * 'rule' with cls_rule_destroy(), freeing the memory block in which 'rule'
+ * resides, etc., as necessary.
+ *
+ * Asserts that the rule must be in the classifier.
+ */
+void
+classifier_remove_assert(struct classifier *cls,
+ const struct cls_rule *cls_rule)
+{
+ovs_assert(classifier_remove(cls, cls_rule));
 }
 
 /* Prefix tree context.  Valid when 'lookup_done' is true.  Can skip all
diff --git a/lib/classifier.h b/lib/classifier.h
index f0ea5a9cb8b2..7699d58e1b07 100644
--- a/lib/classifier.h
+++ b/lib/classifier.h
@@ -387,8 +387,10 @@ const struct cls_rule *classifier_replace(struct 
classifier *,
   ovs_version_t,
   const struct cls_conjunction *,
   size_t n_conjunctions);
-const struct cls_rule *classifier_remove(struct classifier *,
- const struct cls_rule *);
+bool classifier_remove(struct classifier *,
+   const struct cls_rule *);
+void classifier_remove_assert(struct classifier *,
+  const struct cls_rule *);
 static inline void classifier_defer(struct classifier *);
 static inline void classifier_publish(struct classifier *);
 
diff --git a/lib/ovs-router.c b/lib/ovs-router.c
index cd2ab15fb003..a7d55c754d16 100644
--- a/lib/ovs-router.c
+++ b/lib/ovs-router.c
@@ -245,19 +245,15 @@ ovs_router_insert(uint32_t mark, const struct in6_addr 
*ip_dst, uint8_t plen,
 ovs_router_insert__(mark, plen, ip_dst, plen, output_bridge, gw);
 }
 
-static bool
+static void
 __rt_entry_delete(const struct cls_rule *cr)
 {
 struct ovs_router_entry *p = ovs_router_entry_cast(cr);
 
 tnl_port_map_delete_ipdev(p->output_bridge);
 /* Remove it. */
-cr = classifier_remove(, cr);
-if (cr) {
-ovsrcu_postpone(rt_entry_free, ovs_router_entry_cast(cr));
-return true;
-}
-return false;
+classifier_remove_assert(, cr);
+ovsrcu_postpone(rt_entry_free, p);
 }
 
 static bool
@@ -267,7 +263,6 @@ rt_entry_delete(uint32_t mark, uint8_t priority,
 const struct cls_rule *cr;
 struct cls_rule rule;
 struct match match;
-bool res = false;
 
 rt_init_match(, mark, ip6_dst, plen);
 
@@ -277,12 +272,12 @@ rt_entry_delete(uint32_t mark, uint8_t priority,
 cr = classifier_find_rule_exactly(, , OVS_VERSION_MAX);
 if (cr) {
 ovs_mutex_lock();
-res = __rt_entry_delete(cr);
+__rt_entry_delete(cr);
 ovs_mutex_unlock();
 }
 
 cls_rule_destroy();
-return res;
+return (cr != NULL);
 }
 
 static bool
diff --git a/lib/tnl-ports.c b/lib/tnl-ports.c
index 04d2b3f7c6cf..b814f7a0a50a 100644
--- a/lib/tnl-ports.c
+++ b/lib/tnl-ports.c
@@ -223,9 +223,8 @@ tnl_port_unref(const struct cls_rule *cr)
 struct tnl_port_in *p = tnl_port_cast(cr);
 
 if (cr && ovs_refcount_unref_relaxed(>ref_cnt) == 1) {
-if (classifier_remove(, cr)) {
-ovsrcu_postpone(tnl_port_free, p);
-}
+classifier_remove_assert(, cr);
+ovsrcu_postpone(tnl_port_free, p);
 }
 }
 
diff --git a/ofproto/ofproto.c b/ofproto/ofproto.c
index 4f17f79d286f..536636393850 100644
--- a/ofproto/ofproto.c
+++ b/ofproto/ofproto.c
@@ -1520,10 +1520,8 @@ ofproto_rule_delete(struct 

Re: [ovs-dev] [PATCH] classifier: Fix typo in comment.

[Yifeng Sun]

Thanks for the fix.

Reviewed-by: Yifeng Sun 

On Tue, Jan 30, 2018 at 12:34 PM, Ben Pfaff  wrote:

> Signed-off-by: Ben Pfaff 
> ---
>  lib/classifier.h | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/lib/classifier.h b/lib/classifier.h
> index f0ea5a9cb8b2..71c2e507d7c3 100644
> --- a/lib/classifier.h
> +++ b/lib/classifier.h
> @@ -284,7 +284,7 @@
>   *
>   * The classifier may safely be accessed by many reader threads
> concurrently
>   * and by a single writer, or by multiple writers when they guarantee
> mutually
> - * exlucive access to classifier modifications.
> + * exclusive access to classifier modifications.
>   *
>   * Since the classifier rules are RCU protected, the rule destruction
> after
>   * removal from the classifier must be RCU postponed.  Also, when
> versioning is
> --
> 2.10.2
>
> ___
> dev mailing list
> d...@openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-dev
>
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH] classifier: Fix typo in comment.

[Ben Pfaff]

Signed-off-by: Ben Pfaff 
---
 lib/classifier.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/classifier.h b/lib/classifier.h
index f0ea5a9cb8b2..71c2e507d7c3 100644
--- a/lib/classifier.h
+++ b/lib/classifier.h
@@ -284,7 +284,7 @@
  *
  * The classifier may safely be accessed by many reader threads concurrently
  * and by a single writer, or by multiple writers when they guarantee mutually
- * exlucive access to classifier modifications.
+ * exclusive access to classifier modifications.
  *
  * Since the classifier rules are RCU protected, the rule destruction after
  * removal from the classifier must be RCU postponed.  Also, when versioning is
-- 
2.10.2

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] Habilidades necesarias para alcanzar sus objetivos

[Técnicas de Supervisión Efectiva]

Adecuada gestión de personal para resultados excelentes 

Técnicas de Supervisión Efectiva, Liderazgo, Productividad y Manejo de 
Conflictos
14 de Febrero- Psi. Dolores Romero Mora - 9am- 8pm

Las habilidades de supervisión son imprescindibles para aquellos jefes o 
supervisores que tienen equipos de trabajo a su cargo y tienen el reto de 
alcanzar objetivos dentro de las empresas. Es posible ocupar un puesto de este 
tipo por dar buenos resultados en nuestras funciones, por antigüedad o porque 
hemos demostrado capacidad y responsabilidad en el cumplimiento de las tareas 
asignadas. Sin embargo, esto no garantiza el éxito, ya que las competencias que 
se requieren para ser un buen jefe o supervisor no son las mismas que se 
requieren para ser un buen empleado o colaborador. 

BENEFICIOS DE ASISTIR: 

- Conocerá cuáles son las competencias de su puesto de trabajo.
- Aprenderá sobre las habilidades de comunicación y asertividad para con sus 
colaboradores.
- Identificará los tipos de liderazgo y técnicas motivacionales a implementar 
con su equipo de trabajo.
- Comprenderá los estilos y técnicas para manejo de conflictos y negociación.
- ¡Más información aplicable a sus actividades! 

¿Requiere la información a la Brevedad? responda este email con la palabra: 
Supervisión + nombre - teléfono - correo.


centro telefónico:018002120744 


 


___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH V2 7/7] compat: Fix compiler headers

[Gregory Rose]

Please ignore this series - a couple of other things have changed in the 
stable and long term kernels that need some attention.  I'll send  V3 
when I get them fixed up.


On 1/29/2018 2:54 PM, Greg Rose wrote:

Since Linux kernel upstream commit d15155824c50
("linux/compiler.h: Split into compiler.h and compiler_types.h") this
error check for the gcc compiler header is no longer valid.  Remove
so that openvswitch builds for linux kernels 4.14.8 and since.

Signed-off-by: Greg Rose 
---
  acinclude.m4   | 3 +++
  datapath/linux/compat/include/linux/compiler-gcc.h | 2 ++
  2 files changed, 5 insertions(+)

diff --git a/acinclude.m4 b/acinclude.m4
index d0f9d82..a838a46 100644
--- a/acinclude.m4
+++ b/acinclude.m4
@@ -798,6 +798,9 @@ AC_DEFUN([OVS_CHECK_LINUX_COMPAT], [
OVS_FIND_PARAM_IFELSE([$KSRC/include/linux/netdevice.h],
  [netdev_master_upper_dev_link], [extack],
  [OVS_DEFINE([HAVE_UPPER_DEV_LINK_EXTACK])])
+  OVS_GREP_IFELSE([$KSRC/include/linux/compiler_types.h],
+  [__LINUX_COMPILER_TYPES_H],
+  [OVS_DEFINE([HAVE_LINUX_COMPILER_TYPES_H])])
  
if cmp -s datapath/linux/kcompat.h.new \

  datapath/linux/kcompat.h >/dev/null 2>&1; then
diff --git a/datapath/linux/compat/include/linux/compiler-gcc.h 
b/datapath/linux/compat/include/linux/compiler-gcc.h
index bf057f7..bfcd531 100644
--- a/datapath/linux/compat/include/linux/compiler-gcc.h
+++ b/datapath/linux/compat/include/linux/compiler-gcc.h
@@ -1,6 +1,8 @@
  #ifndef __LINUX_COMPILER_H
+#ifndef HAVE_LINUX_COMPILER_TYPES_H
  #error "Please don't include  directly, include 
 instead."
  #endif
+#endif
  
  #include_next 
  


___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH v2 1/5] xlate: fix packets loopback caused by duplicate read of xcfgp.

[Huanle Han]

That 'ctx->xcfg' can't be null in my previous patch. This patch looks
good to me.

On Thu, Jan 25, 2018 at 3:40 AM, Ben Pfaff  wrote:
> From: Huanle Han 
>
> Some functions, such as xlate_normal_mcast_send_mrouters, test xbundle
> pointers equality to avoid sending packet back to in bundle. However,
> xbundle pointers port from different xcfgp for same port are inequal.
> This may lead to the packet loopback.
>
> This commit stores xcfgp on ctx at first and always uses the same xcfgp
> during one packet process period.
>
> Signed-off-by: Huanle Han 
> Signed-off-by: Ben Pfaff 
> ---
>  ofproto/ofproto-dpif-xlate.c | 43 ++-
>  1 file changed, 14 insertions(+), 29 deletions(-)
>
> diff --git a/ofproto/ofproto-dpif-xlate.c b/ofproto/ofproto-dpif-xlate.c
> index 40c04cc4fb4a..f767224941cf 100644
> --- a/ofproto/ofproto-dpif-xlate.c
> +++ b/ofproto/ofproto-dpif-xlate.c
> @@ -182,6 +182,7 @@ struct xlate_ctx {
>  struct xlate_in *xin;
>  struct xlate_out *xout;
>
> +struct xlate_cfg *xcfg;
>  const struct xbridge *xbridge;
>
>  /* Flow at the last commit. */
> @@ -514,7 +515,6 @@ static struct xlate_cfg *new_xcfg = NULL;
>
>  typedef void xlate_actions_handler(const struct ofpact *, size_t ofpacts_len,
> struct xlate_ctx *, bool);
> -
>  static bool may_receive(const struct xport *, struct xlate_ctx *);
>  static void do_xlate_actions(const struct ofpact *, size_t ofpacts_len,
>   struct xlate_ctx *, bool);
> @@ -1965,8 +1965,7 @@ mirror_packet(struct xlate_ctx *ctx, struct xbundle 
> *xbundle,
>
>  /* Send the packet to the mirror. */
>  if (out) {
> -struct xlate_cfg *xcfg = ovsrcu_get(struct xlate_cfg *, );
> -struct xbundle *out_xbundle = xbundle_lookup(xcfg, out);
> +struct xbundle *out_xbundle = xbundle_lookup(ctx->xcfg, out);
>  if (out_xbundle) {
>  output_normal(ctx, out_xbundle, );
>  }
> @@ -2234,7 +2233,6 @@ output_normal(struct xlate_ctx *ctx, const struct 
> xbundle *out_xbundle,
>  xport = CONTAINER_OF(ovs_list_front(_xbundle->xports), struct 
> xport,
>   bundle_node);
>  } else {
> -struct xlate_cfg *xcfg = ovsrcu_get(struct xlate_cfg *, );
>  struct flow_wildcards *wc = ctx->wc;
>  struct ofport_dpif *ofport;
>
> @@ -2256,7 +2254,7 @@ output_normal(struct xlate_ctx *ctx, const struct 
> xbundle *out_xbundle,
>
>  ofport = bond_choose_output_slave(out_xbundle->bond,
>>xin->flow, wc, vid);
> -xport = xport_lookup(xcfg, ofport);
> +xport = xport_lookup(ctx->xcfg, ofport);
>
>  if (!xport) {
>  /* No slaves enabled, so drop packet. */
> @@ -2525,7 +2523,6 @@ update_mcast_snooping_table(const struct xlate_ctx *ctx,
>  const struct dp_packet *packet)
>  {
>  struct mcast_snooping *ms = ctx->xbridge->ms;
> -struct xlate_cfg *xcfg;
>  struct xbundle *mcast_xbundle;
>  struct mcast_port_bundle *fport;
>
> @@ -2537,9 +2534,8 @@ update_mcast_snooping_table(const struct xlate_ctx *ctx,
>  /* Don't learn from flood ports */
>  mcast_xbundle = NULL;
>  ovs_rwlock_wrlock(>rwlock);
> -xcfg = ovsrcu_get(struct xlate_cfg *, );
>  LIST_FOR_EACH(fport, node, >fport_list) {
> -mcast_xbundle = xbundle_lookup(xcfg, fport->port);
> +mcast_xbundle = xbundle_lookup(ctx->xcfg, fport->port);
>  if (mcast_xbundle == in_xbundle) {
>  break;
>  }
> @@ -2566,13 +2562,11 @@ xlate_normal_mcast_send_group(struct xlate_ctx *ctx,
>const struct xvlan *xvlan)
>  OVS_REQ_RDLOCK(ms->rwlock)
>  {
> -struct xlate_cfg *xcfg;
>  struct mcast_group_bundle *b;
>  struct xbundle *mcast_xbundle;
>
> -xcfg = ovsrcu_get(struct xlate_cfg *, );
>  LIST_FOR_EACH(b, bundle_node, >bundle_lru) {
> -mcast_xbundle = xbundle_lookup(xcfg, b->port);
> +mcast_xbundle = xbundle_lookup(ctx->xcfg, b->port);
>  if (mcast_xbundle && mcast_xbundle != in_xbundle) {
>  xlate_report(ctx, OFT_DETAIL, "forwarding to mcast group port");
>  output_normal(ctx, mcast_xbundle, xvlan);
> @@ -2594,13 +2588,11 @@ xlate_normal_mcast_send_mrouters(struct xlate_ctx 
> *ctx,
>   const struct xvlan *xvlan)
>  OVS_REQ_RDLOCK(ms->rwlock)
>  {
> -struct xlate_cfg *xcfg;
>  struct mcast_mrouter_bundle *mrouter;
>  struct xbundle *mcast_xbundle;
>
> -xcfg = ovsrcu_get(struct xlate_cfg *, );
>  LIST_FOR_EACH(mrouter, mrouter_node, >mrouter_lru) {
> -mcast_xbundle = xbundle_lookup(xcfg, mrouter->port);
> +mcast_xbundle = xbundle_lookup(ctx->xcfg, mrouter->port);
>  if 

Re: [ovs-dev] [PATCH 3/3] mirror: do not mirror packet on recirculation

[Huanle Han]

Thanks for your review.

Here is a test case:
1. add a trunk, balance-tcp bond to a bridge
2. add a access port tag=xxx to same bridge
3. add a mirror, which mirrors all ports in vlan=xxx to another out port
4. send packet from access port to bond (simply use arp). as a result,
*mirror send 2 duplicated packets to outport *

Commands for example：
br=br1
src_port=vnet1
mirror_port=vnet12

ovs-vsctl --if-exists del-port $mirror_port -- add-port $br $mirror_port
ovs-vsctl --if-exists del-port $src_port -- add-port $br $src_port tag=199

ovs-vsctl -- set Bridge $br mirrors=@m --  \
--id=@p0 get Port $mirror_port -- \
--id=@m create Mirror select_all=true name=mm select_vlan=199
output_port=@p0

Result of datapath flows: 11,which is the mirror outport, is outputed twice.
recirc_id(0x2),dp_hash(0xb8/0xff),in_port(10),eth_type(0x8100),vlan(vid=199),encap(eth_type(0x0806),
packets:9, bytes:414, used:0.605s, actions:9,11
recirc_id(0),in_port(10),eth(src=fa:da:41:1d:30:0e,dst=ff:ff:ff:ff:ff:ff),eth_type(0x0806),arp(sip=7.7.7.18,tip=7.7.7.192,op=1/0xff),
packets:9, bytes:378, used:0.604s,
actions:push_vlan(vid=199,pcp=0),11,pop_vlan,7,push_vlan(vid=199,pcp=0),12,hash(hash_l4(0),recirc(0x2)

About patch:
I didn't notice 'frozen_state' thing util you pointed it out. And
after review the code, I think ovs doesn't save the mirror information
in frozen_state for bond recirc. My old patch is naive. I would
appreciate it if you would fix it.


On Thu, Jan 25, 2018 at 3:30 AM, Ben Pfaff  wrote:
> On Wed, Jan 24, 2018 at 09:41:12AM -0800, Ben Pfaff wrote:
>> From: Huanle Han 
>>
>> Signed-off-by: Huanle Han 
>> ---
>>  ofproto/ofproto-dpif-xlate.c | 4 
>>  1 file changed, 4 insertions(+)
>>
>> diff --git a/ofproto/ofproto-dpif-xlate.c b/ofproto/ofproto-dpif-xlate.c
>> index 9d6ca94afc82..23938c8c8cf3 100644
>> --- a/ofproto/ofproto-dpif-xlate.c
>> +++ b/ofproto/ofproto-dpif-xlate.c
>> @@ -1931,6 +1931,10 @@ mirror_packet(struct xlate_ctx *ctx, struct xbundle 
>> *xbundle,
>>  return;
>>  }
>>
>> +if (ctx->xin->flow.recirc_id != 0) {
>> +return;
>> +}
>> +
>
> Can you help me understand what cases this addresses?  The frozen_state
> that comes along with a recirculation should keep track of what mirrors
> have already been output, which should prevent duplicate mirroring on
> recirculation.  If it doesn't work in every case, then probably we
> should address that instead of just disabling mirroring on
> recirculation.
>
> Thanks,
>
> Ben.
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH] rhel: Fix support for root user using DPDK

[Stokes, Ian]

> -Original Message-
> From: ovs-dev-boun...@openvswitch.org [mailto:ovs-dev-
> boun...@openvswitch.org] On Behalf Of Marcos Felipe Schwarz
> Sent: Sunday, January 28, 2018 2:42 AM
> To: d...@openvswitch.org
> Subject: [ovs-dev] [PATCH] rhel: Fix support for root user using DPDK
> 
> Since 2.8.0 OVS runs as non-root user on rhel distros, but the current
> implementation breaks the ability to run as root with DPDK and as a
> consequence there is no way possible to use UIO drivers on kernel 4.0 and
> newer [1, 2].
> [1]
> http://dpdk.org/browse/dpdk/commit/?id=cdc242f260e766bd95a658b5e0686a62ec0
> 4f5b0
> [2] https://www.kernel.org/doc/Documentation/vm/pagemap.txt
> 
> Signed-off-by: Marcos Schwarz 

Hi Marcos,

Thanks for this, normally a fix will include the fixes tag for the commit 
message.

I spotted Aaron acked this already but had issues with applying to the head of 
master, I had the same issue, if you can rebase and add the fixes tag I'll add 
this to DPDK_MERGE and backport it for the 2.9 branch.

Thanks
Ian
> ---
>  lib/daemon-unix.c   | 3 ++-
>  rhel/usr_lib_systemd_system_ovs-vswitchd.service.in | 2 +-
>  2 files changed, 3 insertions(+), 2 deletions(-)
> 
> diff --git a/lib/daemon-unix.c b/lib/daemon-unix.c index
> adb549c98..06528e9ab 100644
> --- a/lib/daemon-unix.c
> +++ b/lib/daemon-unix.c
> @@ -1047,5 +1047,6 @@ daemon_set_new_user(const char *user_spec)
>  }
>  }
> 
> -switch_user = true;
> +if (!uid_verify(uid) || !gid_verify(gid))
> +switch_user = true;
>  }
> diff --git a/rhel/usr_lib_systemd_system_ovs-vswitchd.service.in b/rhel/
> usr_lib_systemd_system_ovs-vswitchd.service.in
> index c6d9aa1b8..9b01c9271 100644
> --- a/rhel/usr_lib_systemd_system_ovs-vswitchd.service.in
> +++ b/rhel/usr_lib_systemd_system_ovs-vswitchd.service.in
> @@ -14,7 +14,7 @@ Environment=HOME=/var/run/openvswitch
>  EnvironmentFile=/etc/openvswitch/default.conf
>  EnvironmentFile=-/etc/sysconfig/openvswitch
>  @begin_dpdk@
> -ExecStartPre=-/usr/bin/chown :hugetlbfs /dev/hugepages
> +ExecStartPre=-/bin/sh -c '/usr/bin/chown :${OVS_USER_ID##*:}
> /dev/hugepages'
>  ExecStartPre=-/usr/bin/chmod 0775 /dev/hugepages  @end_dpdk@
> ExecStart=/usr/share/openvswitch/scripts/ovs-ctl \
> --
> 2.14.3
> ___
> dev mailing list
> d...@openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-dev
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH v1 0/5] datapath: enable NSH support in kernel compat mode

[Eric Garver]

On Tue, Jan 30, 2018 at 11:33:55AM +, Yang, Yi Y wrote:
> Hi, Greg
> 
> I installed linux 3.10.107 in Ubuntu 14.04 and fixed skb_gso_error_unwind 
> issue, but for unit test, tests/system-layer3-tunnels.at is a good reference 
> for it because we used vxlan-gpe for nsh, I ran unit test 90, but it always 
> fails (I have installed and used net-next kernel and the latest iproute2)
> 
> Here is error log
> 
> ./system-layer3-tunnels.at:25: ip netns exec at_ns0 sh << NS_EXEC_HEREDOC
> ip route add 10.1.1.2/32 encap ip id 0 dst 172.31.1.100 dev at_vxlan1
> NS_EXEC_HEREDOC
> --- /dev/null   2018-01-30 02:18:43.272647961 +
> +++ 
> /home/vagrant/ovs-nsh-test/tests/system-kmod-testsuite.dir/at-groups/90/stderr
>   2018-01-30 09:45:15.415934534 +
> @@ -0,0 +1 @@
> +RTNETLINK answers: Operation not supported
> ./system-layer3-tunnels.at:25: exit code was 2, expected 0
> 
> I think my system missed something so “ip route add 10.1.1.2/32 encap ip id 0 
> dst 172.31.1.100 dev at_vxlan1
> “ failed, Eric, what linux distribution do you know I can run “ping over 
> VXLAN-GPE” successfully, I’ll use it as baseline to add NSH unit test for 
> kernel data path.

When I added the tests it was on RHEL-7.4 with a net-next kernel. It
should skip the tests if the installed iproute2 does not have the
options for GPE.

The error you're seeing likely means your kernel does not have GPE
support. VXLAN-GPE first appeared in kernel 4.7.

  e1e5314de08b ("vxlan: implement GPE")

As such, I think the VXLAN-GPE test case should pass on any distro with
a 4.7+ kernel.

> 
> From: Gregory Rose [mailto:gvrose8...@gmail.com]
> Sent: Tuesday, January 30, 2018 1:51 AM
> To: Yang, Yi Y ; d...@openvswitch.org
> Cc: b...@ovn.org; jan.scheur...@ericsson.com
> Subject: Re: [PATCH v1 0/5] datapath: enable NSH support in kernel compat mode
> 
> On 1/10/2018 11:53 PM, Yi Yang wrote:
> 
> 
> This patch series is to backport NSH support patches in Linux net-next tree
> 
> to OVS in order that it can support NSH in kernel compat mode.
> 
> 
> 
> Yi Yang (5):
> 
>   datapath: ether: add NSH ethertype
> 
>   datapath: vxlan: factor out VXLAN-GPE next protocol
> 
>   datapath: net: add NSH header structures and helpers
> 
>   datapath: nsh: add GSO support
> 
>   datapath: enable NSH support
> 
> 
> 
>  NEWS  |   1 +
> 
>  datapath/Modules.mk   |   4 +-
> 
>  datapath/actions.c| 116 
> 
>  datapath/datapath.c   |   4 +
> 
>  datapath/flow.c   |  51 
> 
>  datapath/flow.h   |   7 +
> 
>  datapath/flow_netlink.c   | 343 
> +-
> 
>  datapath/flow_netlink.h   |   5 +
> 
>  datapath/linux/Modules.mk |   2 +
> 
>  datapath/linux/compat/include/linux/if_ether.h|   4 +
> 
>  datapath/linux/compat/include/linux/openvswitch.h |   6 +-
> 
>  datapath/linux/compat/include/net/nsh.h   | 313 
> 
>  datapath/linux/compat/include/net/tun_proto.h |  49 
> 
>  datapath/linux/compat/include/net/vxlan.h |   6 -
> 
>  datapath/linux/compat/vxlan.c |  32 +-
> 
>  datapath/nsh.c| 142 +
> 
>  16 files changed, 1048 insertions(+), 37 deletions(-)
> 
>  create mode 100644 datapath/linux/compat/include/net/nsh.h
> 
>  create mode 100644 datapath/linux/compat/include/net/tun_proto.h
> 
>  create mode 100644 datapath/nsh.c
> 
> 
> 
> Hi Yi,
> 
> My apologies for the delay in reviewing this series.
> 
> I've finished up my review and I think it mostly looks pretty good but I did 
> find an issue compiling on a 3.10.107 kernel build:
> CC [M] 
> /home/travis/build/gvrose8192/ovs-experimental/datapath/linux/vport-netdev.o
> /home/travis/build/gvrose8192/ovs-experimental/datapath/linux/nsh.c:108:17: 
> error: undefined identifier 'skb_gso_error_unwind'
> CC [M] /home/travis/build/gvrose8192/ovs-experimental/datapath/linux/nsh.o
> /home/travis/build/gvrose8192/ovs-experimental/datapath/linux/nsh.c: In 
> function ‘nsh_gso_segment’:
> /home/travis/build/gvrose8192/ovs-experimental/datapath/linux/nsh.c:108:3: 
> error: implicit declaration of function ‘skb_gso_error_unwind’ 
> [-Werror=implicit-function-declaration]
> skb_gso_error_unwind(skb, htons(ETH_P_NSH), nsh_len,
> ^
> cc1: some warnings being treated as errors
> make[3]: *** 
> [/home/travis/build/gvrose8192/ovs-experimental/datapath/linux/nsh.o] Error 1
> make[3]: *** Waiting for unfinished jobs
> make[2]: *** 
> [_module_/home/travis/build/gvrose8192/ovs-experimental/datapath/linux] Error 
> 2
> make[2]: Leaving directory 
> `/home/travis/build/gvrose8192/ovs-experimental/linux-3.10.107'
> make[1]: *** [default] Error 2
> make[1]: Leaving directory 
> 

Re: [ovs-dev] [PATCH] rhel: Fix support for root user using DPDK

[Aaron Conole]

Marcos Felipe Schwarz  writes:

> Since 2.8.0 OVS runs as non-root user on rhel distros, but the current
> implementation breaks the ability to run as root with DPDK and as a
> consequence there is no way possible to use UIO drivers on kernel 4.0 and
> newer [1, 2].
> [1]
> http://dpdk.org/browse/dpdk/commit/?id=cdc242f260e766bd95a658b5e0686a62ec04f5b0
> [2] https://www.kernel.org/doc/Documentation/vm/pagemap.txt
>
> Signed-off-by: Marcos Schwarz 
> ---

The patchwork version of this had problems applying (so I cc'd Stephen).
I manually applied this, and it works for me.

Acked-by: Aaron Conole 
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH v1 0/5] datapath: enable NSH support in kernel compat mode

[Yang, Yi Y]

Hi, Greg

I installed linux 3.10.107 in Ubuntu 14.04 and fixed skb_gso_error_unwind 
issue, but for unit test, tests/system-layer3-tunnels.at is a good reference 
for it because we used vxlan-gpe for nsh, I ran unit test 90, but it always 
fails (I have installed and used net-next kernel and the latest iproute2)

Here is error log

./system-layer3-tunnels.at:25: ip netns exec at_ns0 sh << NS_EXEC_HEREDOC
ip route add 10.1.1.2/32 encap ip id 0 dst 172.31.1.100 dev at_vxlan1
NS_EXEC_HEREDOC
--- /dev/null   2018-01-30 02:18:43.272647961 +
+++ 
/home/vagrant/ovs-nsh-test/tests/system-kmod-testsuite.dir/at-groups/90/stderr  
2018-01-30 09:45:15.415934534 +
@@ -0,0 +1 @@
+RTNETLINK answers: Operation not supported
./system-layer3-tunnels.at:25: exit code was 2, expected 0

I think my system missed something so “ip route add 10.1.1.2/32 encap ip id 0 
dst 172.31.1.100 dev at_vxlan1
“ failed, Eric, what linux distribution do you know I can run “ping over 
VXLAN-GPE” successfully, I’ll use it as baseline to add NSH unit test for 
kernel data path.

From: Gregory Rose [mailto:gvrose8...@gmail.com]
Sent: Tuesday, January 30, 2018 1:51 AM
To: Yang, Yi Y ; d...@openvswitch.org
Cc: b...@ovn.org; jan.scheur...@ericsson.com
Subject: Re: [PATCH v1 0/5] datapath: enable NSH support in kernel compat mode

On 1/10/2018 11:53 PM, Yi Yang wrote:


This patch series is to backport NSH support patches in Linux net-next tree

to OVS in order that it can support NSH in kernel compat mode.



Yi Yang (5):

  datapath: ether: add NSH ethertype

  datapath: vxlan: factor out VXLAN-GPE next protocol

  datapath: net: add NSH header structures and helpers

  datapath: nsh: add GSO support

  datapath: enable NSH support



 NEWS  |   1 +

 datapath/Modules.mk   |   4 +-

 datapath/actions.c| 116 

 datapath/datapath.c   |   4 +

 datapath/flow.c   |  51 

 datapath/flow.h   |   7 +

 datapath/flow_netlink.c   | 343 +-

 datapath/flow_netlink.h   |   5 +

 datapath/linux/Modules.mk |   2 +

 datapath/linux/compat/include/linux/if_ether.h|   4 +

 datapath/linux/compat/include/linux/openvswitch.h |   6 +-

 datapath/linux/compat/include/net/nsh.h   | 313 

 datapath/linux/compat/include/net/tun_proto.h |  49 

 datapath/linux/compat/include/net/vxlan.h |   6 -

 datapath/linux/compat/vxlan.c |  32 +-

 datapath/nsh.c| 142 +

 16 files changed, 1048 insertions(+), 37 deletions(-)

 create mode 100644 datapath/linux/compat/include/net/nsh.h

 create mode 100644 datapath/linux/compat/include/net/tun_proto.h

 create mode 100644 datapath/nsh.c



Hi Yi,

My apologies for the delay in reviewing this series.

I've finished up my review and I think it mostly looks pretty good but I did 
find an issue compiling on a 3.10.107 kernel build:
CC [M] 
/home/travis/build/gvrose8192/ovs-experimental/datapath/linux/vport-netdev.o
/home/travis/build/gvrose8192/ovs-experimental/datapath/linux/nsh.c:108:17: 
error: undefined identifier 'skb_gso_error_unwind'
CC [M] /home/travis/build/gvrose8192/ovs-experimental/datapath/linux/nsh.o
/home/travis/build/gvrose8192/ovs-experimental/datapath/linux/nsh.c: In 
function ‘nsh_gso_segment’:
/home/travis/build/gvrose8192/ovs-experimental/datapath/linux/nsh.c:108:3: 
error: implicit declaration of function ‘skb_gso_error_unwind’ 
[-Werror=implicit-function-declaration]
skb_gso_error_unwind(skb, htons(ETH_P_NSH), nsh_len,
^
cc1: some warnings being treated as errors
make[3]: *** 
[/home/travis/build/gvrose8192/ovs-experimental/datapath/linux/nsh.o] Error 1
make[3]: *** Waiting for unfinished jobs
make[2]: *** 
[_module_/home/travis/build/gvrose8192/ovs-experimental/datapath/linux] Error 2
make[2]: Leaving directory 
`/home/travis/build/gvrose8192/ovs-experimental/linux-3.10.107'
make[1]: *** [default] Error 2
make[1]: Leaving directory 
`/home/travis/build/gvrose8192/ovs-experimental/datapath/linux'
make: *** [all-recursive] Error 1

So we'll need to fix that up and I also think the patches will need to be 
rebased to current master.  That second part is my fault... so sorry again 
about that.

One other thing, I ran this through our standard 'make check and make 
check-kmod' tests and everything was fine so the patches don't seem break 
anything.  I'm still concerned though that the test coverage probably didn't 
hit any parts of your code.  I'm wondering if there is some way I can test the 
code path and get some test coverage there.  Could you write up a self test for 
the tests/system-traffic.at kernel test?  Of if that's not practical is there 
some other way I could test 

Re: [ovs-dev] [PATCH] Add unixctl option for ovn-northd

[Anil Venkata]

This is required for spawning ovn-northd for networking-ovn functional
tests i.e https://review.openstack.org/#/c/532440/
https://review.openstack.org/#/c/532440/11/networking_ovn/tests/functional/resources/process.py@60
https://review.openstack.org/#/c/532440/11/networking_ovn/tests/functional/resources/process.py@95

Thanks
Anil

On Tue, Jan 30, 2018 at 3:12 PM,  wrote:

> From: Venkata Anil 
>
> Signed-off-by: Venkata Anil 
> ---
>  lib/automake.mk |  3 ++-
>  lib/unixctl.xml | 26 ++
>  ovn/northd/ovn-northd.8.xml |  7 +--
>  ovn/northd/ovn-northd.c |  9 -
>  tests/ovn-northd.at | 39 +++
>  5 files changed, 80 insertions(+), 4 deletions(-)
>  create mode 100644 lib/unixctl.xml
>
> diff --git a/lib/automake.mk b/lib/automake.mk
> index 159319f..38d2a99 100644
> --- a/lib/automake.mk
> +++ b/lib/automake.mk
> @@ -455,7 +455,8 @@ EXTRA_DIST += \
> lib/ssl.xml \
> lib/ssl-bootstrap.xml \
> lib/table.xml \
> -   lib/vlog.xml
> +   lib/vlog.xml \
> +   lib/unixctl.xml
>
>  MAN_FRAGMENTS += \
> lib/colors.man \
> diff --git a/lib/unixctl.xml b/lib/unixctl.xml
> new file mode 100644
> index 000..51bfc5f
> --- /dev/null
> +++ b/lib/unixctl.xml
> @@ -0,0 +1,26 @@
> +
> +
> +  --unixctl=socket
> +  
> +Sets the name of the control socket on which
> +program listens for runtime management
> commands
> +(see RUNTIME MANAGEMENT COMMANDS, below).  If
> socket
> +does not begin with /, it is interpreted as relative to
> +@RUNDIR@. If --unixctl is not used at all,
> +the default socket is
> +@RUNDIR@/program.pid<
> code>.ctl,
> +where pid is program's process ID.
> +  
> +On Windows a local named pipe is used to listen for runtime management
> +commands.  A file is created in the absolute path as pointed by
> +socket or if --unixctl is not used at all,
> +a file is created as program in the
> configured
> +OVS_RUNDIR directory.  The file exists just to mimic the
> +behavior of a Unix domain socket.
> +  
> +  
> +Specifying none for socket disables the
> control
> +socket feature.
> +  
> +  
> +
> diff --git a/ovn/northd/ovn-northd.8.xml b/ovn/northd/ovn-northd.8.xml
> index ee9cf8c..6bc2dd6 100644
> --- a/ovn/northd/ovn-northd.8.xml
> +++ b/ovn/northd/ovn-northd.8.xml
> @@ -54,8 +54,11 @@
>  http://www.w3.org/
> 2003/XInclude"/>
>
>  Other Options
> -
> -http://www.w3.org/
> 2003/XInclude"/>
> + + xmlns:xi="http://www.w3.org/2003/XInclude"/>
> +
> + + xmlns:xi="http://www.w3.org/2003/XInclude"/>
>
>  Runtime Management Commands
>  
> diff --git a/ovn/northd/ovn-northd.c b/ovn/northd/ovn-northd.c
> index f4edd8f..e206e0a 100644
> --- a/ovn/northd/ovn-northd.c
> +++ b/ovn/northd/ovn-northd.c
> @@ -59,6 +59,7 @@ struct northd_context {
>
>  static const char *ovnnb_db;
>  static const char *ovnsb_db;
> +static const char *unixctl_path;
>
>  #define MAC_ADDR_PREFIX 0x0A00ULL
>  #define MAC_ADDR_SPACE 0xff
> @@ -239,6 +240,7 @@ Options:\n\
>  (default: %s)\n\
>--ovnsb-db=DATABASE   connect to ovn-sb database at DATABASE\n\
>  (default: %s)\n\
> +  --unixctl = SOCKET  override default control socket name\n\
>-h, --helpdisplay this help message\n\
>-o, --options list available options\n\
>-V, --version display version information\n\
> @@ -6663,6 +6665,7 @@ parse_options(int argc OVS_UNUSED, char *argv[]
> OVS_UNUSED)
>  static const struct option long_options[] = {
>  {"ovnsb-db", required_argument, NULL, 'd'},
>  {"ovnnb-db", required_argument, NULL, 'D'},
> +{"unixctl", required_argument, NULL, 'u'},
>  {"help", no_argument, NULL, 'h'},
>  {"options", no_argument, NULL, 'o'},
>  {"version", no_argument, NULL, 'V'},
> @@ -6694,6 +6697,10 @@ parse_options(int argc OVS_UNUSED, char *argv[]
> OVS_UNUSED)
>  ovnnb_db = optarg;
>  break;
>
> +case 'u':
> +unixctl_path = optarg;
> +break;
> +
>  case 'h':
>  usage();
>  exit(EXIT_SUCCESS);
> @@ -6746,7 +6753,7 @@ main(int argc, char *argv[])
>
>  daemonize_start(false);
>
> -retval = unixctl_server_create(NULL, );
> +retval = unixctl_server_create(unixctl_path, );
>  if (retval) {
>  exit(EXIT_FAILURE);
>  }
> diff --git a/tests/ovn-northd.at b/tests/ovn-northd.at
> index baa2add..1878eb2 100644
> --- a/tests/ovn-northd.at
> +++ b/tests/ovn-northd.at
> @@ -262,3 +262,42 @@ AT_CHECK_UNQUOTED([ovn-sbctl get Port_Binding ${uuid}
> options:ipv6_ra_prefixes],
>  ])
>
>  AT_CLEANUP
> +
> +AT_SETUP([ovn -- test unixctl])
> +ovn_init_db ovn-sb; ovn-sbctl init
> 

Re: [ovs-dev] [PATCH 1/3] ovn-controller: Add extend_table instead of group_table to expand meter.

[Miguel Angel Ajo Pelayo]

Acked-By: Miguel Angel Ajo 

The refactor looks good to me.

On Wed, Jan 24, 2018 at 2:40 AM Ben Pfaff  wrote:

> From: Guoshuai Li 
>
> The structure and function of the group table and meter table are similar,
> refactoring code is used to extend for add the meter table.
> The following function as lib: table init/destroy/clear,
> install contents from desired, remove contents from existing,
> Move the contents of desired to existing.
>
> Signed-off-by: Guoshuai Li 
> Signed-off-by: Ben Pfaff 
> ---
>  include/ovn/actions.h   |  21 +
>  ovn/controller/lflow.c  |   8 +-
>  ovn/controller/lflow.h  |   4 +-
>  ovn/controller/ofctrl.c | 180 +---
>  ovn/controller/ofctrl.h |   7 +-
>  ovn/controller/ovn-controller.c |  20 +---
>  ovn/lib/actions.c   |  58 ++--
>  ovn/lib/automake.mk |   2 +
>  ovn/lib/extend-table.c  | 198
> 
>  ovn/lib/extend-table.h  |  69 ++
>  tests/test-ovn.c|   8 +-
>  11 files changed, 356 insertions(+), 219 deletions(-)
>  create mode 100644 ovn/lib/extend-table.c
>  create mode 100644 ovn/lib/extend-table.h
>
> diff --git a/include/ovn/actions.h b/include/ovn/actions.h
> index 85a484ffac20..ea90dbb2a69a 100644
> --- a/include/ovn/actions.h
> +++ b/include/ovn/actions.h
> @@ -31,6 +31,7 @@ struct lexer;
>  struct ofpbuf;
>  struct shash;
>  struct simap;
> +struct ovn_extend_table;
>
>  /* List of OVN logical actions.
>   *
> @@ -338,24 +339,6 @@ void *ovnact_put(struct ofpbuf *, enum ovnact_type,
> size_t len);
>  OVNACTS
>  #undef OVNACT
>
> -#define MAX_OVN_GROUPS 65535
> -
> -struct group_table {
> -unsigned long *group_ids;  /* Used as a bitmap with value set
> -* for allocated group ids in either
> -* desired_groups or existing_groups. */
> -struct hmap desired_groups;
> -struct hmap existing_groups;
> -};
> -
> -struct group_info {
> -struct hmap_node hmap_node;
> -struct ds group;
> -uint32_t group_id;
> -bool new_group_id;  /* 'True' if 'group_id' was reserved from
> - * group_table's 'group_ids' bitmap. */
> -};
> -
>  enum action_opcode {
>  /* "arp { ...actions... }".
>   *
> @@ -505,7 +488,7 @@ struct ovnact_encode_params {
>  bool is_gateway_router;
>
>  /* A struct to figure out the group_id for group actions. */
> -struct group_table *group_table;
> +struct ovn_extend_table *group_table;
>
>  /* OVN maps each logical flow table (ltable), one-to-one, onto a
> physical
>   * OpenFlow flow table (ptable).  A number of parameters describe this
> diff --git a/ovn/controller/lflow.c b/ovn/controller/lflow.c
> index a62ec6ebe09f..3d990c49c195 100644
> --- a/ovn/controller/lflow.c
> +++ b/ovn/controller/lflow.c
> @@ -61,7 +61,7 @@ static void consider_logical_flow(struct controller_ctx
> *ctx,
>const struct chassis_index
> *chassis_index,
>const struct sbrec_logical_flow *lflow,
>const struct hmap *local_datapaths,
> -  struct group_table *group_table,
> +  struct ovn_extend_table *group_table,
>const struct sbrec_chassis *chassis,
>struct hmap *dhcp_opts,
>struct hmap *dhcpv6_opts,
> @@ -143,7 +143,7 @@ static void
>  add_logical_flows(struct controller_ctx *ctx,
>const struct chassis_index *chassis_index,
>const struct hmap *local_datapaths,
> -  struct group_table *group_table,
> +  struct ovn_extend_table *group_table,
>const struct sbrec_chassis *chassis,
>const struct shash *addr_sets,
>struct hmap *flow_table,
> @@ -190,7 +190,7 @@ consider_logical_flow(struct controller_ctx *ctx,
>const struct chassis_index *chassis_index,
>const struct sbrec_logical_flow *lflow,
>const struct hmap *local_datapaths,
> -  struct group_table *group_table,
> +  struct ovn_extend_table *group_table,
>const struct sbrec_chassis *chassis,
>struct hmap *dhcp_opts,
>struct hmap *dhcpv6_opts,
> @@ -434,7 +434,7 @@ lflow_run(struct controller_ctx *ctx,
>const struct sbrec_chassis *chassis,
>const struct chassis_index *chassis_index,
>const struct hmap *local_datapaths,
> -  struct group_table *group_table,
> +  struct ovn_extend_table 

Re: [ovs-dev] test

[Miguel Angel Ajo Pelayo]

ACK. It worked for me.

On Mon, Jan 29, 2018 at 9:55 PM Ben Pfaff  wrote:

> I've heard that there are problems with the mailing list this morning,
> so here's a test email.
> ___
> dev mailing list
> d...@openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-dev
>
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH] docs: Update supported DPDK versions.

[Ian Stokes]

Update the OVS to DPDK release table to use the latest stable
DPDK 16.11.4 for OVS 2.7.

Signed-off-by: Ian Stokes 
---
 Documentation/faq/releases.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Documentation/faq/releases.rst b/Documentation/faq/releases.rst
index 62a1957..86eefeb 100644
--- a/Documentation/faq/releases.rst
+++ b/Documentation/faq/releases.rst
@@ -162,7 +162,7 @@ Q: What DPDK version does each Open vSwitch release work 
with?
 2.4.x2.0
 2.5.x2.2
 2.6.x16.07.2
-2.7.x16.11.3
+2.7.x16.11.4
 2.8.x17.05.2
 2.9.x17.11
  ===
-- 
2.7.5

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH branch-2.7] docs: Use DPDK 16.11.4 stable release.

[Ian Stokes]

Modify docs and travis linux build script to use DPDK 16.11.4 stable
branch to benefit from most recent bug fixes.

There are no new features introduced in the DPDK release, only back
ported bug fixes. For completeness these bug fixes have been
documented under the 16.11.4 section in the link below.

http://dpdk.org/doc/guides-16.11/rel_notes/release_16_11.html

Signed-off-by: Ian Stokes 
---
 .travis/linux-build.sh   | 2 +-
 Documentation/faq/releases.rst   | 2 +-
 Documentation/intro/install/dpdk.rst | 6 +++---
 Documentation/topics/dpdk/vhost-user.rst | 8 
 4 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/.travis/linux-build.sh b/.travis/linux-build.sh
index 67f3ec2..088f20f 100755
--- a/.travis/linux-build.sh
+++ b/.travis/linux-build.sh
@@ -80,7 +80,7 @@ fi
 
 if [ "$DPDK" ]; then
 if [ -z "$DPDK_VER" ]; then
-DPDK_VER="16.11.3"
+DPDK_VER="16.11.4"
 fi
 install_dpdk $DPDK_VER
 if [ "$CC" = "clang" ]; then
diff --git a/Documentation/faq/releases.rst b/Documentation/faq/releases.rst
index fa983cb..c60d0ad 100644
--- a/Documentation/faq/releases.rst
+++ b/Documentation/faq/releases.rst
@@ -160,7 +160,7 @@ Q: What DPDK version does each Open vSwitch release work 
with?
 2.4.x2.0
 2.5.x2.2
 2.6.x16.07.2
-2.7.x16.11.3
+2.7.x16.11.4
  ===
 
 Q: I get an error like this when I configure Open vSwitch::
diff --git a/Documentation/intro/install/dpdk.rst 
b/Documentation/intro/install/dpdk.rst
index 55d8bd1..4ee93f2 100644
--- a/Documentation/intro/install/dpdk.rst
+++ b/Documentation/intro/install/dpdk.rst
@@ -64,9 +64,9 @@ Install DPDK
 #. Download the `DPDK sources`_, extract the file and set ``DPDK_DIR``::
 
$ cd /usr/src/
-   $ wget http://fast.dpdk.org/rel/dpdk-16.11.3.tar.xz
-   $ tar xf dpdk-16.11.3.tar.xz
-   $ export DPDK_DIR=/usr/src/dpdk-stable-16.11.3
+   $ wget http://fast.dpdk.org/rel/dpdk-16.11.4.tar.xz
+   $ tar xf dpdk-16.11.4.tar.xz
+   $ export DPDK_DIR=/usr/src/dpdk-stable-16.11.4
$ cd $DPDK_DIR
 
 #. (Optional) Configure DPDK as a shared library
diff --git a/Documentation/topics/dpdk/vhost-user.rst 
b/Documentation/topics/dpdk/vhost-user.rst
index 2150809..b75c9dc 100644
--- a/Documentation/topics/dpdk/vhost-user.rst
+++ b/Documentation/topics/dpdk/vhost-user.rst
@@ -278,9 +278,9 @@ To begin, instantiate a guest as described in 
:ref:`dpdk-vhost-user` or
 DPDK sources to VM and build DPDK::
 
 $ cd /root/dpdk/
-$ wget http://fast.dpdk.org/rel/dpdk-16.11.3.tar.xz
-$ tar xf dpdk-16.11.3.tar.xz
-$ export DPDK_DIR=/root/dpdk/dpdk-stable-16.11.3
+$ wget http://fast.dpdk.org/rel/dpdk-16.11.4.tar.xz
+$ tar xf dpdk-16.11.4.tar.xz
+$ export DPDK_DIR=/root/dpdk/dpdk-stable-16.11.4
 $ export DPDK_TARGET=x86_64-native-linuxapp-gcc
 $ export DPDK_BUILD=$DPDK_DIR/$DPDK_TARGET
 $ cd $DPDK_DIR
@@ -364,7 +364,7 @@ Sample XML
 
 
   
-  
+  
   
   
 
-- 
2.7.5

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH] Add unixctl option for ovn-northd

[vkommadi]

From: Venkata Anil 

Signed-off-by: Venkata Anil 
---
 lib/automake.mk |  3 ++-
 lib/unixctl.xml | 26 ++
 ovn/northd/ovn-northd.8.xml |  7 +--
 ovn/northd/ovn-northd.c |  9 -
 tests/ovn-northd.at | 39 +++
 5 files changed, 80 insertions(+), 4 deletions(-)
 create mode 100644 lib/unixctl.xml

diff --git a/lib/automake.mk b/lib/automake.mk
index 159319f..38d2a99 100644
--- a/lib/automake.mk
+++ b/lib/automake.mk
@@ -455,7 +455,8 @@ EXTRA_DIST += \
lib/ssl.xml \
lib/ssl-bootstrap.xml \
lib/table.xml \
-   lib/vlog.xml
+   lib/vlog.xml \
+   lib/unixctl.xml
 
 MAN_FRAGMENTS += \
lib/colors.man \
diff --git a/lib/unixctl.xml b/lib/unixctl.xml
new file mode 100644
index 000..51bfc5f
--- /dev/null
+++ b/lib/unixctl.xml
@@ -0,0 +1,26 @@
+
+
+  --unixctl=socket
+  
+Sets the name of the control socket on which
+program listens for runtime management commands
+(see RUNTIME MANAGEMENT COMMANDS, below).  If socket
+does not begin with /, it is interpreted as relative to
+@RUNDIR@. If --unixctl is not used at all,
+the default socket is
+@RUNDIR@/program.pid.ctl,
+where pid is program's process ID.
+  
+On Windows a local named pipe is used to listen for runtime management
+commands.  A file is created in the absolute path as pointed by
+socket or if --unixctl is not used at all,
+a file is created as program in the configured
+OVS_RUNDIR directory.  The file exists just to mimic the
+behavior of a Unix domain socket.
+  
+  
+Specifying none for socket disables the control
+socket feature.
+  
+  
+
diff --git a/ovn/northd/ovn-northd.8.xml b/ovn/northd/ovn-northd.8.xml
index ee9cf8c..6bc2dd6 100644
--- a/ovn/northd/ovn-northd.8.xml
+++ b/ovn/northd/ovn-northd.8.xml
@@ -54,8 +54,11 @@
 http://www.w3.org/2003/XInclude"/>
 
 Other Options
-
-http://www.w3.org/2003/XInclude"/>
+http://www.w3.org/2003/XInclude"/>
+
+http://www.w3.org/2003/XInclude"/>
 
 Runtime Management Commands
 
diff --git a/ovn/northd/ovn-northd.c b/ovn/northd/ovn-northd.c
index f4edd8f..e206e0a 100644
--- a/ovn/northd/ovn-northd.c
+++ b/ovn/northd/ovn-northd.c
@@ -59,6 +59,7 @@ struct northd_context {
 
 static const char *ovnnb_db;
 static const char *ovnsb_db;
+static const char *unixctl_path;
 
 #define MAC_ADDR_PREFIX 0x0A00ULL
 #define MAC_ADDR_SPACE 0xff
@@ -239,6 +240,7 @@ Options:\n\
 (default: %s)\n\
   --ovnsb-db=DATABASE   connect to ovn-sb database at DATABASE\n\
 (default: %s)\n\
+  --unixctl = SOCKET  override default control socket name\n\
   -h, --helpdisplay this help message\n\
   -o, --options list available options\n\
   -V, --version display version information\n\
@@ -6663,6 +6665,7 @@ parse_options(int argc OVS_UNUSED, char *argv[] 
OVS_UNUSED)
 static const struct option long_options[] = {
 {"ovnsb-db", required_argument, NULL, 'd'},
 {"ovnnb-db", required_argument, NULL, 'D'},
+{"unixctl", required_argument, NULL, 'u'},
 {"help", no_argument, NULL, 'h'},
 {"options", no_argument, NULL, 'o'},
 {"version", no_argument, NULL, 'V'},
@@ -6694,6 +6697,10 @@ parse_options(int argc OVS_UNUSED, char *argv[] 
OVS_UNUSED)
 ovnnb_db = optarg;
 break;
 
+case 'u':
+unixctl_path = optarg;
+break;
+
 case 'h':
 usage();
 exit(EXIT_SUCCESS);
@@ -6746,7 +6753,7 @@ main(int argc, char *argv[])
 
 daemonize_start(false);
 
-retval = unixctl_server_create(NULL, );
+retval = unixctl_server_create(unixctl_path, );
 if (retval) {
 exit(EXIT_FAILURE);
 }
diff --git a/tests/ovn-northd.at b/tests/ovn-northd.at
index baa2add..1878eb2 100644
--- a/tests/ovn-northd.at
+++ b/tests/ovn-northd.at
@@ -262,3 +262,42 @@ AT_CHECK_UNQUOTED([ovn-sbctl get Port_Binding ${uuid} 
options:ipv6_ra_prefixes],
 ])
 
 AT_CLEANUP
+
+AT_SETUP([ovn -- test unixctl])
+ovn_init_db ovn-sb; ovn-sbctl init
+ovn_init_db ovn-nb; ovn-nbctl init
+
+# test unixctl option
+mkdir "$ovs_base"/northd
+as northd start_daemon ovn-northd --unixctl="$ovs_base"/northd/ovn-northd.ctl 
--ovnnb-db=unix:"$ovs_base"/ovn-nb/ovn-nb.sock 
--ovnsb-db=unix:"$ovs_base"/ovn-sb/ovn-sb.sock
+ovn-nbctl ls-add sw
+ovn-nbctl --wait=sb lsp-add sw p1
+# northd created with unixctl option successfully created port_binding entry
+AT_CHECK([ovn-sbctl --bare --columns datapath find port_binding 
logical_port="p1" | wc -l], [0], [1
+])
+AT_CHECK([ovn-nbctl --wait=sb lsp-del p1])
+
+# ovs-appctl exit with unixctl option
+OVS_APP_EXIT_AND_WAIT_BY_TARGET(["$ovs_base"/northd/ovn-northd.ctl], 
["$ovs_base"/northd/ovn-northd.pid])
+
+# Check no 

[ovs-dev] [patch v4 10/10] tests: Enable fragmentation for userspace datapath.

[Darrell Ball]

Signed-off-by: Darrell Ball 
---
 tests/system-kmod-macros.at  | 14 +++-
 tests/system-traffic.at  | 34 
 tests/system-userspace-macros.at | 49 
 3 files changed, 72 insertions(+), 25 deletions(-)

diff --git a/tests/system-kmod-macros.at b/tests/system-kmod-macros.at
index 12b0adf..b4f7f9a 100644
--- a/tests/system-kmod-macros.at
+++ b/tests/system-kmod-macros.at
@@ -76,12 +76,6 @@ m4_define([CHECK_CONNTRACK],
 #
 m4_define([CHECK_CONNTRACK_ALG])
 
-# CHECK_CONNTRACK_FRAG()
-#
-# Perform requirements checks for running conntrack fragmentations tests.
-# The kernel always supports fragmentation, so no check is needed.
-m4_define([CHECK_CONNTRACK_FRAG])
-
 # CHECK_CONNTRACK_LOCAL_STACK()
 #
 # Perform requirements checks for running conntrack tests with local stack.
@@ -123,3 +117,11 @@ m4_define([CHECK_CT_DPIF_GET_NCONNS],
 [
 AT_SKIP_IF([:])
 ])
+
+# DPCTL_ENABLE_FRAGMENTATION()
+#
+# The kernel does not support this command.
+m4_define([DPCTL_ENABLE_FRAGMENTATION],
+[
+
+])
diff --git a/tests/system-traffic.at b/tests/system-traffic.at
index 5b59392..1610e3b 100644
--- a/tests/system-traffic.at
+++ b/tests/system-traffic.at
@@ -1759,7 +1759,6 @@ AT_CLEANUP
 
 AT_SETUP([conntrack - IPv4 fragmentation])
 CHECK_CONNTRACK()
-CHECK_CONNTRACK_FRAG()
 OVS_TRAFFIC_VSWITCHD_START()
 
 ADD_NAMESPACES(at_ns0, at_ns1)
@@ -1778,6 +1777,9 @@ priority=100,in_port=2,ct_state=+trk+est-new,icmp,action=1
 
 AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt])
 
+dnl Enable userspace conntrack fragmentation handling.
+DPCTL_ENABLE_FRAGMENTATION()
+
 dnl Ipv4 fragmentation connectivity check.
 NS_CHECK_EXEC([at_ns0], [ping -s 1600 -q -c 3 -i 0.3 -w 2 10.1.1.2 | 
FORMAT_PING], [0], [dnl
 3 packets transmitted, 3 received, 0% packet loss, time 0ms
@@ -1793,7 +1795,6 @@ AT_CLEANUP
 
 AT_SETUP([conntrack - IPv4 fragmentation expiry])
 CHECK_CONNTRACK()
-CHECK_CONNTRACK_FRAG()
 OVS_TRAFFIC_VSWITCHD_START()
 
 ADD_NAMESPACES(at_ns0, at_ns1)
@@ -1814,6 +1815,9 @@ priority=100,in_port=2,ct_state=+trk+est-new,icmp,action=1
 
 AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt])
 
+dnl Enable userspace conntrack fragmentation handling.
+DPCTL_ENABLE_FRAGMENTATION()
+
 dnl Ipv4 fragmentation connectivity check.
 NS_CHECK_EXEC([at_ns0], [ping -s 1600 -q -c 1 -i 0.3 -w 2 10.1.1.2 | 
FORMAT_PING], [0], [dnl
 7 packets transmitted, 0 received, 100% packet loss, time 0ms
@@ -1824,7 +1828,6 @@ AT_CLEANUP
 
 AT_SETUP([conntrack - IPv4 fragmentation + vlan])
 CHECK_CONNTRACK()
-CHECK_CONNTRACK_FRAG()
 OVS_TRAFFIC_VSWITCHD_START()
 
 ADD_NAMESPACES(at_ns0, at_ns1)
@@ -1845,6 +1848,9 @@ priority=100,in_port=2,ct_state=+trk+est-new,icmp,action=1
 
 AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt])
 
+dnl Enable userspace conntrack fragmentation handling.
+DPCTL_ENABLE_FRAGMENTATION()
+
 dnl Ipv4 fragmentation connectivity check.
 NS_CHECK_EXEC([at_ns0], [ping -s 1600 -q -c 3 -i 0.3 -w 2 10.2.2.2 | 
FORMAT_PING], [0], [dnl
 3 packets transmitted, 3 received, 0% packet loss, time 0ms
@@ -1860,7 +1866,6 @@ AT_CLEANUP
 
 AT_SETUP([conntrack - IPv4 fragmentation + cvlan])
 CHECK_CONNTRACK()
-CHECK_CONNTRACK_FRAG()
 OVS_TRAFFIC_VSWITCHD_START([set Open_vSwitch . other_config:vlan-limit=0])
 OVS_CHECK_8021AD()
 
@@ -1888,6 +1893,9 @@ AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt])
 
 OVS_WAIT_UNTIL([ip netns exec at_ns0 ping -c 1 10.2.2.2])
 
+dnl Enable userspace conntrack fragmentation handling.
+DPCTL_ENABLE_FRAGMENTATION()
+
 dnl Ipv4 fragmentation connectivity check.
 NS_CHECK_EXEC([at_ns0], [ping -s 1600 -q -c 3 -i 0.3 -w 2 10.2.2.2 | 
FORMAT_PING], [0], [dnl
 3 packets transmitted, 3 received, 0% packet loss, time 0ms
@@ -1913,7 +1921,6 @@ AT_CLEANUP
 
 AT_SETUP([conntrack - IPv6 fragmentation])
 CHECK_CONNTRACK()
-CHECK_CONNTRACK_FRAG()
 OVS_TRAFFIC_VSWITCHD_START()
 
 ADD_NAMESPACES(at_ns0, at_ns1)
@@ -1938,6 +1945,9 @@ dnl waiting, we get occasional failures due to the 
following error:
 dnl "connect: Cannot assign requested address"
 OVS_WAIT_UNTIL([ip netns exec at_ns0 ping6 -c 1 fc00::2])
 
+dnl Enable userspace conntrack fragmentation handling.
+DPCTL_ENABLE_FRAGMENTATION()
+
 dnl Ipv6 fragmentation connectivity check.
 NS_CHECK_EXEC([at_ns0], [ping6 -s 1600 -q -c 3 -i 0.3 -w 2 fc00::2 | 
FORMAT_PING], [0], [dnl
 3 packets transmitted, 3 received, 0% packet loss, time 0ms
@@ -1953,7 +1963,6 @@ AT_CLEANUP
 
 AT_SETUP([conntrack - IPv6 fragmentation expiry])
 CHECK_CONNTRACK()
-CHECK_CONNTRACK_FRAG()
 OVS_TRAFFIC_VSWITCHD_START()
 
 ADD_NAMESPACES(at_ns0, at_ns1)
@@ -1982,6 +1991,9 @@ dnl waiting, we get occasional failures due to the 
following error:
 dnl "connect: Cannot assign requested address"
 OVS_WAIT_UNTIL([ip netns exec at_ns0 ping6 -c 1 fc00::2])
 
+dnl Enable userspace conntrack fragmentation handling.
+DPCTL_ENABLE_FRAGMENTATION()
+
 dnl Send an IPv6 fragment. Some time later, it should expire.
 

[ovs-dev] [patch v4 09/10] tests: Add missed local stack checks.

[Darrell Ball]

Signed-off-by: Darrell Ball 
---
 tests/system-traffic.at | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/tests/system-traffic.at b/tests/system-traffic.at
index dbd5640..5b59392 100644
--- a/tests/system-traffic.at
+++ b/tests/system-traffic.at
@@ -2093,6 +2093,7 @@ AT_SETUP([conntrack - Fragmentation over vxlan])
 OVS_CHECK_VXLAN()
 CHECK_CONNTRACK()
 CHECK_CONNTRACK_FRAG()
+CHECK_CONNTRACK_LOCAL_STACK()
 
 OVS_TRAFFIC_VSWITCHD_START()
 ADD_BR([br-underlay])
@@ -2145,6 +2146,7 @@ AT_SETUP([conntrack - IPv6 Fragmentation over vxlan])
 OVS_CHECK_VXLAN()
 CHECK_CONNTRACK()
 CHECK_CONNTRACK_FRAG()
+CHECK_CONNTRACK_LOCAL_STACK()
 
 OVS_TRAFFIC_VSWITCHD_START()
 ADD_BR([br-underlay])
-- 
1.9.1

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [patch v4 06/10] ipf: Add set minimum fragment size command.

[Darrell Ball]

A new command "ovs-appctl dpctl/ipf-set-minfrag" is added
for userspace datapath conntrack fragmentation support.

Signed-off-by: Darrell Ball 
---
 NEWS|  2 ++
 lib/ct-dpif.c   |  8 
 lib/ct-dpif.h   |  1 +
 lib/dpctl.c | 40 
 lib/dpctl.man   |  7 +++
 lib/dpif-netdev.c   |  8 
 lib/dpif-netlink.c  |  1 +
 lib/dpif-provider.h |  2 ++
 lib/ipf.c   | 23 +++
 lib/ipf.h   |  3 +++
 10 files changed, 95 insertions(+)

diff --git a/NEWS b/NEWS
index d4859e5..d2107a8 100644
--- a/NEWS
+++ b/NEWS
@@ -7,6 +7,8 @@ Post-v2.9.0
  * Add v4/v6 fragmentation support for conntrack.
  * New "ovs-appctl dpctl/ipf-set-enabled" command for userspace datapath
conntrack fragmentation support.
+ * New "ovs-appctl dpctl/ipf-set-minfragment" command for userspace
+   datapath conntrack fragmentation support.
 
 v2.9.0 - xx xxx 
 
diff --git a/lib/ct-dpif.c b/lib/ct-dpif.c
index 32d55c1..4a93bf6 100644
--- a/lib/ct-dpif.c
+++ b/lib/ct-dpif.c
@@ -172,6 +172,14 @@ ct_dpif_ipf_change_enabled(struct dpif *dpif, bool v6, 
bool enable)
 : EOPNOTSUPP);
 }
 
+int
+ct_dpif_ipf_set_min_frag(struct dpif *dpif, bool v6, uint32_t min_frag)
+{
+return (dpif->dpif_class->ipf_set_min_frag
+? dpif->dpif_class->ipf_set_min_frag(dpif, v6, min_frag)
+: EOPNOTSUPP);
+}
+
 void
 ct_dpif_entry_uninit(struct ct_dpif_entry *entry)
 {
diff --git a/lib/ct-dpif.h b/lib/ct-dpif.h
index 3f0bce5..449f958 100644
--- a/lib/ct-dpif.h
+++ b/lib/ct-dpif.h
@@ -201,6 +201,7 @@ int ct_dpif_set_maxconns(struct dpif *dpif, uint32_t 
maxconns);
 int ct_dpif_get_maxconns(struct dpif *dpif, uint32_t *maxconns);
 int ct_dpif_get_nconns(struct dpif *dpif, uint32_t *nconns);
 int ct_dpif_ipf_change_enabled(struct dpif *, bool, bool);
+int ct_dpif_ipf_set_min_frag(struct dpif *, bool, uint32_t);
 void ct_dpif_entry_uninit(struct ct_dpif_entry *);
 void ct_dpif_format_entry(const struct ct_dpif_entry *, struct ds *,
   bool verbose, bool print_stats);
diff --git a/lib/dpctl.c b/lib/dpctl.c
index a302ed5..e15626d 100644
--- a/lib/dpctl.c
+++ b/lib/dpctl.c
@@ -1784,6 +1784,44 @@ dpctl_ct_ipf_change_enabled(int argc, const char *argv[],
 return error;
 }
 
+static int
+dpctl_ct_ipf_set_min_frag(int argc, const char *argv[],
+  struct dpctl_params *dpctl_p)
+{
+struct dpif *dpif;
+int error = dpctl_ct_open_dp(argc, argv, dpctl_p, , 4);
+if (!error) {
+char v4_or_v6[3] = {0};
+if (ovs_scan(argv[argc - 2], "%2s", v4_or_v6) &&
+(!strncmp(v4_or_v6, "v4", 2) || !strncmp(v4_or_v6, "v6", 2))) {
+uint32_t min_fragment;
+if (ovs_scan(argv[argc - 1], "%"SCNu32, _fragment)) {
+error = ct_dpif_ipf_set_min_frag(
+dpif, !strncmp(v4_or_v6, "v6", 2), min_fragment);
+
+if (!error) {
+dpctl_print(dpctl_p,
+"setting minimum fragment size successful");
+} else {
+dpctl_error(dpctl_p, error,
+"setting minimum fragment size failed");
+}
+} else {
+error = EINVAL;
+dpctl_error(dpctl_p, error,
+"parameter missing for minimum fragment size");
+}
+} else {
+error = EINVAL;
+dpctl_error(dpctl_p, error,
+"parameter missing: v4 for ipv4 or v6 for ipv6");
+}
+dpif_close(dpif);
+}
+
+return error;
+}
+
 /* Undocumented commands for unit testing. */
 
 static int
@@ -2085,6 +2123,8 @@ static const struct dpctl_command all_commands[] = {
 { "ct-get-nconns", "[dp]", 0, 1, dpctl_ct_get_nconns, DP_RO },
 { "ipf-set-enabled", "[dp] enabled", 2, 3,
dpctl_ct_ipf_change_enabled, DP_RW },
+{ "ipf-set-minfragment", "[dp] minfragment", 2, 3,
+   dpctl_ct_ipf_set_min_frag, DP_RW },
 { "help", "", 0, INT_MAX, dpctl_help, DP_RO },
 { "list-commands", "", 0, INT_MAX, dpctl_list_commands, DP_RO },
 
diff --git a/lib/dpctl.man b/lib/dpctl.man
index 491de0b..87067f9 100644
--- a/lib/dpctl.man
+++ b/lib/dpctl.man
@@ -279,3 +279,10 @@ differentiate between first and other fragments.  
Although, this would
 logically happen naturally anyways, it is mentioned for clarity.  If there
 is a need to differentiate between first and other fragments, do it after
 conntrack.
+.
+.TP
+\*(DX\fBipf\-set\-minfrag\fR [\fIdp\fR] [\fIv4 or v6\fR] \fBminfrag\fR
+Sets the minimum fragment size supported by the userspace datapath
+connection tracker.  Either v4 or v6 must be specified.  The default v4
+value is 1200 and the clamped minimum is 400.  The default v6 value is
+1280, which is also the clamped minimum.
diff 

[ovs-dev] [patch v4 05/10] ipf: Add command to enable fragmentation handling.

[Darrell Ball]

A new command "ovs-appctl dpctl/ipf-set-enabled" is added to
enable/disable userspace datapath conntrack fragmentation support.

Signed-off-by: Darrell Ball 
---
 NEWS|  2 ++
 lib/ct-dpif.c   |  8 
 lib/ct-dpif.h   |  1 +
 lib/dpctl.c | 40 
 lib/dpctl.man   | 11 +++
 lib/dpif-netdev.c   |  9 +
 lib/dpif-netlink.c  |  1 +
 lib/dpif-provider.h |  2 ++
 lib/ipf.c   | 15 +++
 lib/ipf.h   |  3 +++
 10 files changed, 92 insertions(+)

diff --git a/NEWS b/NEWS
index dccff06..d4859e5 100644
--- a/NEWS
+++ b/NEWS
@@ -5,6 +5,8 @@ Post-v2.9.0
 
- Userspace datapath:
  * Add v4/v6 fragmentation support for conntrack.
+ * New "ovs-appctl dpctl/ipf-set-enabled" command for userspace datapath
+   conntrack fragmentation support.
 
 v2.9.0 - xx xxx 
 
diff --git a/lib/ct-dpif.c b/lib/ct-dpif.c
index 5fa3a97..32d55c1 100644
--- a/lib/ct-dpif.c
+++ b/lib/ct-dpif.c
@@ -164,6 +164,14 @@ ct_dpif_get_nconns(struct dpif *dpif, uint32_t *nconns)
 : EOPNOTSUPP);
 }
 
+int
+ct_dpif_ipf_change_enabled(struct dpif *dpif, bool v6, bool enable)
+{
+return (dpif->dpif_class->ipf_change_enabled
+? dpif->dpif_class->ipf_change_enabled(dpif, v6, enable)
+: EOPNOTSUPP);
+}
+
 void
 ct_dpif_entry_uninit(struct ct_dpif_entry *entry)
 {
diff --git a/lib/ct-dpif.h b/lib/ct-dpif.h
index 09e7698..3f0bce5 100644
--- a/lib/ct-dpif.h
+++ b/lib/ct-dpif.h
@@ -200,6 +200,7 @@ int ct_dpif_flush(struct dpif *, const uint16_t *zone,
 int ct_dpif_set_maxconns(struct dpif *dpif, uint32_t maxconns);
 int ct_dpif_get_maxconns(struct dpif *dpif, uint32_t *maxconns);
 int ct_dpif_get_nconns(struct dpif *dpif, uint32_t *nconns);
+int ct_dpif_ipf_change_enabled(struct dpif *, bool, bool);
 void ct_dpif_entry_uninit(struct ct_dpif_entry *);
 void ct_dpif_format_entry(const struct ct_dpif_entry *, struct ds *,
   bool verbose, bool print_stats);
diff --git a/lib/dpctl.c b/lib/dpctl.c
index 87f0412..a302ed5 100644
--- a/lib/dpctl.c
+++ b/lib/dpctl.c
@@ -1746,6 +1746,44 @@ dpctl_ct_get_nconns(int argc, const char *argv[],
 return error;
 }
 
+static int
+dpctl_ct_ipf_change_enabled(int argc, const char *argv[],
+struct dpctl_params *dpctl_p)
+{
+struct dpif *dpif;
+int error = dpctl_ct_open_dp(argc, argv, dpctl_p, , 4);
+if (!error) {
+char v4_or_v6[3] = {0};
+if (ovs_scan(argv[argc - 2], "%2s", v4_or_v6) &&
+(!strncmp(v4_or_v6, "v4", 2) || !strncmp(v4_or_v6, "v6", 2))) {
+uint32_t enabled;
+if (ovs_scan(argv[argc - 1], "%"SCNu32, )) {
+error = ct_dpif_ipf_change_enabled(
+dpif, !strncmp(v4_or_v6, "v6", 2), enabled);
+if (!error) {
+dpctl_print(dpctl_p,
+"changing fragmentation enabled successful");
+} else {
+dpctl_error(dpctl_p, error,
+"changing fragmentation enabled failed");
+}
+} else {
+error = EINVAL;
+dpctl_error(
+dpctl_p, error,
+"parameter missing: 0 for disabled or 1 for enabled");
+}
+} else {
+error = EINVAL;
+dpctl_error(dpctl_p, error,
+"parameter missing: v4 for ipv4 or v6 for ipv6");
+}
+dpif_close(dpif);
+}
+
+return error;
+}
+
 /* Undocumented commands for unit testing. */
 
 static int
@@ -2045,6 +2083,8 @@ static const struct dpctl_command all_commands[] = {
 { "ct-set-maxconns", "[dp] maxconns", 1, 2, dpctl_ct_set_maxconns, DP_RW },
 { "ct-get-maxconns", "[dp]", 0, 1, dpctl_ct_get_maxconns, DP_RO },
 { "ct-get-nconns", "[dp]", 0, 1, dpctl_ct_get_nconns, DP_RO },
+{ "ipf-set-enabled", "[dp] enabled", 2, 3,
+   dpctl_ct_ipf_change_enabled, DP_RW },
 { "help", "", 0, INT_MAX, dpctl_help, DP_RO },
 { "list-commands", "", 0, INT_MAX, dpctl_list_commands, DP_RO },
 
diff --git a/lib/dpctl.man b/lib/dpctl.man
index 9e9d2dc..491de0b 100644
--- a/lib/dpctl.man
+++ b/lib/dpctl.man
@@ -268,3 +268,14 @@ Only supported for userspace datapath.
 \*(DX\fBct\-get\-nconns\fR [\fIdp\fR]
 Read the current number of connection tracker connections.
 Only supported for userspace datapath.
+.
+.TP
+\*(DX\fBipf\-set\-enabled\fR [\fIdp\fR] [\fIv4 or v6\fR] \fBenable\fR
+Enables or disables fragmentation handling for the userspace datapath
+connection tracker.  Either v4 or v6 must be specified.  Both v4 and v6
+are disabled by default.  When fragmentation handling is enabled, the
+rules for handling fragments before entering conntrack should not
+differentiate between first and other fragments.  Although, this would
+logically happen 

[ovs-dev] [patch v4 03/10] Userspace datapath: Add fragmentation handling.

[Darrell Ball]

Fragmentation handling is added for supporting conntrack.
Fragmentation handling is disabled by default and enabled
via a user commands implemented in a subsequent patch.
Both v4 and v6 are supported.

Signed-off-by: Darrell Ball 
---
 include/sparse/netinet/ip6.h |1 +
 lib/automake.mk  |2 +
 lib/ipf.c| 1179 ++
 lib/ipf.h|   61 +++
 4 files changed, 1243 insertions(+)
 create mode 100644 lib/ipf.c
 create mode 100644 lib/ipf.h

diff --git a/include/sparse/netinet/ip6.h b/include/sparse/netinet/ip6.h
index d2a54de..bfa637a 100644
--- a/include/sparse/netinet/ip6.h
+++ b/include/sparse/netinet/ip6.h
@@ -64,5 +64,6 @@ struct ip6_frag {
 };
 
 #define IP6F_OFF_MASK ((OVS_FORCE ovs_be16) 0xfff8)
+#define IP6F_MORE_FRAG ((OVS_FORCE ovs_be16) 0x0001)
 
 #endif /* netinet/ip6.h sparse */
diff --git a/lib/automake.mk b/lib/automake.mk
index 159319f..6ca6a1e 100644
--- a/lib/automake.mk
+++ b/lib/automake.mk
@@ -107,6 +107,8 @@ lib_libopenvswitch_la_SOURCES = \
lib/hmapx.h \
lib/id-pool.c \
lib/id-pool.h \
+   lib/ipf.c \
+   lib/ipf.h \
lib/jhash.c \
lib/jhash.h \
lib/json.c \
diff --git a/lib/ipf.c b/lib/ipf.c
new file mode 100644
index 000..74c4b32
--- /dev/null
+++ b/lib/ipf.c
@@ -0,0 +1,1179 @@
+/*
+ * Copyright (c) 2018 Nicira, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+
+#include "csum.h"
+#include "ipf.h"
+#include "openvswitch/hmap.h"
+#include "openvswitch/vlog.h"
+#include "ovs-atomic.h"
+#include "packets.h"
+#include "util.h"
+
+VLOG_DEFINE_THIS_MODULE(ipf);
+
+enum {
+IPV4_PACKET_MAX_HDR_SIZE = 60,
+IPV4_PACKET_MAX_SIZE = 65535,
+IPV6_PACKET_MAX_DATA = 65535,
+};
+
+enum ipf_list_state {
+IPF_LIST_STATE_UNUSED,
+IPF_LIST_STATE_REASS_FAIL,
+IPF_LIST_STATE_OTHER_SEEN,
+IPF_LIST_STATE_FIRST_SEEN,
+IPF_LIST_STATE_LAST_SEEN,
+IPF_LIST_STATE_FIRST_LAST_SEEN,
+IPF_LIST_STATE_COMPLETED,
+};
+
+enum ipf_list_type {
+IPF_FRAG_COMPLETED_LIST,
+IPF_FRAG_EXPIRY_LIST,
+};
+
+enum {
+IPF_INVALID_IDX = -1,
+IPF_V4_FRAG_SIZE_LBOUND = 400,
+IPF_V4_FRAG_SIZE_MIN_DEF = 1200,
+IPF_V6_FRAG_SIZE_LBOUND = 1280,
+IPF_V6_FRAG_SIZE_MIN_DEF = 1280,
+IPF_MAX_FRAGS_DEFAULT = 1000,
+IPF_NFRAG_UBOUND = 5000,
+};
+
+enum ipf_counter_type {
+IPF_COUNTER_NFRAGS,
+IPF_COUNTER_NFRAGS_ACCEPTED,
+IPF_COUNTER_NFRAGS_COMPL_SENT,
+IPF_COUNTER_NFRAGS_EXPD_SENT,
+IPF_COUNTER_NFRAGS_TOO_SMALL,
+IPF_COUNTER_NFRAGS_OVERLAP,
+};
+
+struct ipf_addr {
+union {
+ovs_16aligned_be32 ipv4;
+union ovs_16aligned_in6_addr ipv6;
+ovs_be32 ipv4_aligned;
+struct in6_addr ipv6_aligned;
+};
+};
+
+struct ipf_frag {
+struct dp_packet *pkt;
+uint16_t start_data_byte;
+uint16_t end_data_byte;
+};
+
+struct ipf_list_key {
+struct ipf_addr src_addr;
+struct ipf_addr dst_addr;
+uint32_t recirc_id;
+ovs_be32 ip_id;   /* V6 is 32 bits. */
+ovs_be16 dl_type;
+uint16_t zone;
+uint8_t nw_proto;
+};
+
+struct ipf_list {
+struct hmap_node node;
+struct ovs_list exp_node;
+struct ovs_list complete_node;
+struct ipf_frag *frag_list;
+struct ipf_list_key key;
+struct dp_packet *reass_execute_ctx;
+long long expiration;
+int last_sent_idx;
+int last_inuse_idx;
+int size;
+uint8_t state;
+};
+
+struct reassembled_pkt {
+struct ovs_list rp_list_node;
+struct dp_packet *pkt;
+struct ipf_list *list;
+};
+
+struct OVS_LOCKABLE ipf_lock {
+struct ovs_mutex lock;
+};
+
+static int max_v4_frag_list_size;
+
+static struct hmap frag_lists OVS_GUARDED;
+static struct ovs_list frag_exp_list OVS_GUARDED;
+static struct ovs_list frag_complete_list OVS_GUARDED;
+static struct ovs_list reassembled_pkt_list OVS_GUARDED;
+
+static atomic_bool ifp_v4_enabled;
+static atomic_bool ifp_v6_enabled;
+static atomic_uint nfrag_max;
+/* Will be clamped above 400 bytes; the value chosen should handle
+ * alg control packets of interest that use string encoding of mutable
+ * IP fields; meaning, the control packets should not be fragmented. */
+static atomic_uint min_v4_frag_size;
+static atomic_uint min_v6_frag_size;
+
+static atomic_count nfrag;
+static atomic_count 

[ovs-dev] [patch v4 04/10] conntrack: Support fragmentation.

[Darrell Ball]

The conntrack module now calls fragmentation support apis.

Signed-off-by: Darrell Ball 
---
 NEWS| 2 ++
 lib/conntrack.c | 7 +++
 2 files changed, 9 insertions(+)

diff --git a/NEWS b/NEWS
index 726589c..dccff06 100644
--- a/NEWS
+++ b/NEWS
@@ -3,6 +3,8 @@ Post-v2.9.0
 - ovs-vswitchd:
   * New options --l7 and --l7-len to "ofproto/trace" command.
 
+   - Userspace datapath:
+ * Add v4/v6 fragmentation support for conntrack.
 
 v2.9.0 - xx xxx 
 
diff --git a/lib/conntrack.c b/lib/conntrack.c
index bcd3b20..f637620 100644
--- a/lib/conntrack.c
+++ b/lib/conntrack.c
@@ -30,6 +30,7 @@
 #include "ct-dpif.h"
 #include "dp-packet.h"
 #include "flow.h"
+#include "ipf.h"
 #include "netdev.h"
 #include "odp-netlink.h"
 #include "openvswitch/hmap.h"
@@ -340,6 +341,7 @@ conntrack_init(struct conntrack *ct)
 atomic_init(>n_conn_limit, DEFAULT_N_CONN_LIMIT);
 latch_init(>clean_thread_exit);
 ct->clean_thread = ovs_thread_create("ct_clean", clean_thread_main, ct);
+ipf_init();
 }
 
 /* Destroys the connection tracker 'ct' and frees all the allocated memory. */
@@ -382,6 +384,7 @@ conntrack_destroy(struct conntrack *ct)
 hindex_destroy(>alg_expectation_refs);
 ct_rwlock_unlock(>resources_lock);
 ct_rwlock_destroy(>resources_lock);
+ipf_destroy();
 }
 
 static unsigned hash_to_bucket(uint32_t hash)
@@ -1308,6 +1311,8 @@ conntrack_execute(struct conntrack *ct, struct 
dp_packet_batch *pkt_batch,
   const struct nat_action_info_t *nat_action_info,
   long long now)
 {
+ipf_preprocess_conntrack(pkt_batch, now, dl_type, zone, ct->hash_basis);
+
 struct dp_packet *packet;
 struct conn_lookup_ctx ctx;
 
@@ -1321,6 +1326,8 @@ conntrack_execute(struct conntrack *ct, struct 
dp_packet_batch *pkt_batch,
 setlabel, nat_action_info, tp_src, tp_dst, helper);
 }
 
+ipf_postprocess_conntrack(pkt_batch, now, dl_type);
+
 return 0;
 }
 
-- 
1.9.1

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [patch v4 02/10] flow: Enhance parse_ipv6_ext_hdrs.

[Darrell Ball]

Enhance the api parse_ipv6_ext_hdrs to return the
fragmentation header to be used in later patches.

Signed-off-by: Darrell Ball 
---
 lib/conntrack.c |  5 +++--
 lib/flow.c  | 23 ++-
 lib/flow.h  |  3 ++-
 3 files changed, 19 insertions(+), 12 deletions(-)

diff --git a/lib/conntrack.c b/lib/conntrack.c
index 562e767..bcd3b20 100644
--- a/lib/conntrack.c
+++ b/lib/conntrack.c
@@ -1308,7 +1308,6 @@ conntrack_execute(struct conntrack *ct, struct 
dp_packet_batch *pkt_batch,
   const struct nat_action_info_t *nat_action_info,
   long long now)
 {
-
 struct dp_packet *packet;
 struct conn_lookup_ctx ctx;
 
@@ -1566,7 +1565,9 @@ extract_l3_ipv6(struct conn_key *key, const void *data, 
size_t size,
 uint8_t nw_proto = ip6->ip6_nxt;
 uint8_t nw_frag = 0;
 
-if (!parse_ipv6_ext_hdrs(, , _proto, _frag)) {
+const struct ovs_16aligned_ip6_frag *frag_hdr;
+if (!parse_ipv6_ext_hdrs(, , _proto, _frag,
+ _hdr)) {
 return false;
 }
 
diff --git a/lib/flow.c b/lib/flow.c
index 38ff29c..0283e6d 100644
--- a/lib/flow.c
+++ b/lib/flow.c
@@ -455,7 +455,8 @@ invalid:
 
 static inline bool
 parse_ipv6_ext_hdrs__(const void **datap, size_t *sizep, uint8_t *nw_proto,
-  uint8_t *nw_frag)
+  uint8_t *nw_frag,
+  const struct ovs_16aligned_ip6_frag **frag_hdr)
 {
 while (1) {
 if (OVS_LIKELY((*nw_proto != IPPROTO_HOPOPTS)
@@ -502,17 +503,17 @@ parse_ipv6_ext_hdrs__(const void **datap, size_t *sizep, 
uint8_t *nw_proto,
 return false;
 }
 } else if (*nw_proto == IPPROTO_FRAGMENT) {
-const struct ovs_16aligned_ip6_frag *frag_hdr = *datap;
+*frag_hdr = *datap;
 
-*nw_proto = frag_hdr->ip6f_nxt;
-if (!data_try_pull(datap, sizep, sizeof *frag_hdr)) {
+*nw_proto = (*frag_hdr)->ip6f_nxt;
+if (!data_try_pull(datap, sizep, sizeof **frag_hdr)) {
 return false;
 }
 
 /* We only process the first fragment. */
-if (frag_hdr->ip6f_offlg != htons(0)) {
+if ((*frag_hdr)->ip6f_offlg != htons(0)) {
 *nw_frag = FLOW_NW_FRAG_ANY;
-if ((frag_hdr->ip6f_offlg & IP6F_OFF_MASK) != htons(0)) {
+if (((*frag_hdr)->ip6f_offlg & IP6F_OFF_MASK) != htons(0)) {
 *nw_frag |= FLOW_NW_FRAG_LATER;
 *nw_proto = IPPROTO_FRAGMENT;
 return true;
@@ -524,9 +525,11 @@ parse_ipv6_ext_hdrs__(const void **datap, size_t *sizep, 
uint8_t *nw_proto,
 
 bool
 parse_ipv6_ext_hdrs(const void **datap, size_t *sizep, uint8_t *nw_proto,
-uint8_t *nw_frag)
+uint8_t *nw_frag,
+const struct ovs_16aligned_ip6_frag **frag_hdr)
 {
-return parse_ipv6_ext_hdrs__(datap, sizep, nw_proto, nw_frag);
+return parse_ipv6_ext_hdrs__(datap, sizep, nw_proto, nw_frag,
+ frag_hdr);
 }
 
 bool
@@ -840,7 +843,9 @@ miniflow_extract(struct dp_packet *packet, struct miniflow 
*dst)
 nw_ttl = nh->ip6_hlim;
 nw_proto = nh->ip6_nxt;
 
-if (!parse_ipv6_ext_hdrs__(, , _proto, _frag)) {
+const struct ovs_16aligned_ip6_frag *frag_hdr;
+if (!parse_ipv6_ext_hdrs__(, , _proto, _frag,
+   _hdr)) {
 goto out;
 }
 } else {
diff --git a/lib/flow.h b/lib/flow.h
index 770a07a..7a9eb47 100644
--- a/lib/flow.h
+++ b/lib/flow.h
@@ -129,7 +129,8 @@ void flow_compose(struct dp_packet *, const struct flow *,
 void packet_expand(struct dp_packet *, const struct flow *, size_t size);
 
 bool parse_ipv6_ext_hdrs(const void **datap, size_t *sizep, uint8_t *nw_proto,
- uint8_t *nw_frag);
+ uint8_t *nw_frag,
+ const struct ovs_16aligned_ip6_frag **frag_hdr);
 ovs_be16 parse_dl_type(const struct eth_header *data_, size_t size);
 bool parse_nsh(const void **datap, size_t *sizep, struct ovs_key_nsh *key);
 
-- 
1.9.1

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [patch v4 01/10] dp-packet: Add const qualifiers for checksum apis.

[Darrell Ball]

Signed-off-by: Darrell Ball 
---
 lib/dp-packet.h | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/dp-packet.h b/lib/dp-packet.h
index b4b721c..61d4cd4 100644
--- a/lib/dp-packet.h
+++ b/lib/dp-packet.h
@@ -637,7 +637,7 @@ dp_packet_mbuf_init(struct dp_packet *p OVS_UNUSED)
 }
 
 static inline bool
-dp_packet_ip_checksum_valid(struct dp_packet *p OVS_UNUSED)
+dp_packet_ip_checksum_valid(const struct dp_packet *p OVS_UNUSED)
 {
 #ifdef DPDK_NETDEV
 return (p->mbuf.ol_flags & PKT_RX_IP_CKSUM_MASK) ==
@@ -648,7 +648,7 @@ dp_packet_ip_checksum_valid(struct dp_packet *p OVS_UNUSED)
 }
 
 static inline bool
-dp_packet_ip_checksum_bad(struct dp_packet *p OVS_UNUSED)
+dp_packet_ip_checksum_bad(const struct dp_packet *p OVS_UNUSED)
 {
 #ifdef DPDK_NETDEV
 return (p->mbuf.ol_flags & PKT_RX_IP_CKSUM_MASK) ==
-- 
1.9.1

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [patch v4 00/10] Userspace datapath: Add fragmentation support.

[Darrell Ball]

Fragmentation support for userspace datapath conntrack is added; both
v4 and v6 are supported. See the patches for additional details.

v3->v4: Add V6 support to the patches.
Fix possible race cleanup bug when the user disables
   fragmentation and there are list occupancies, not cleaned up
   yet.
Add missed orig tuple fields for copy from reassembled packet
to fragments.
Fix an fragment list increment check - shoiuld have been "> 0"
rather then "!= 0".
Fix max frags calculation in case of theoretical corner case.
Add proper lock annotations.
Made some other improvements while adding V6 support.

v2->v3: Patch 2 was updated:
Remove "XXX" todo items by implementing the ones needed,
including realloc frag_list contexts to save memory.
Fix related bug with max_frag_list_size when min_frag_size is
reconfigured.

Tighten ip_tot_len sanity check for reassembled packets which
was more loose than intended.

Add another sanity check for fragment ip_tot_len; even though
it be redundant, add for completeness.

v1->v2: Few fixes, improvements and cleanups.

Darrell Ball (10):
  dp-packet: Add const qualifiers for checksum apis.
  flow: Enhance parse_ipv6_ext_hdrs.
  Userspace datapath: Add fragmentation handling.
  conntrack: Support fragmentation.
  ipf: Add command to enable fragmentation handling.
  ipf: Add set minimum fragment size command.
  ipf: Add set maximum fragments supported command.
  ipf: Add command to get fragmentation handling status.
  tests: Add missed local stack checks.
  tests: Enable fragmentation for userspace datapath.

 NEWS |   10 +
 include/sparse/netinet/ip6.h |1 +
 lib/automake.mk  |2 +
 lib/conntrack.c  |   10 +-
 lib/ct-dpif.c|   45 ++
 lib/ct-dpif.h|9 +
 lib/dp-packet.h  |4 +-
 lib/dpctl.c  |  183 ++
 lib/dpctl.man|   31 +
 lib/dpif-netdev.c|   58 ++
 lib/dpif-netlink.c   |4 +
 lib/dpif-provider.h  |   13 +
 lib/flow.c   |   23 +-
 lib/flow.h   |3 +-
 lib/ipf.c| 1253 ++
 lib/ipf.h|   73 +++
 tests/system-kmod-macros.at  |   14 +-
 tests/system-traffic.at  |   36 +-
 tests/system-userspace-macros.at |   49 +-
 19 files changed, 1783 insertions(+), 38 deletions(-)
 create mode 100644 lib/ipf.c
 create mode 100644 lib/ipf.h

-- 
1.9.1

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev