[ovs-dev] Imperative vs. Declarative abstraction at the SB DB

Hi all, I wanted to raise a question that I came a cross. Maybe the community already dealt with it. The ovn-northd translates the CMS's commands that resides in the NB DB into the SB DB. Specifically it produces the Logical_flow table which represent the L2 L3 topologies specified in the NB

[ovs-dev] [PATCH v4 5/6] nlmon: added netns support.

Signed-off-by: Flavio Leitner --- utilities/nlmon.c | 10 +- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/utilities/nlmon.c b/utilities/nlmon.c index d38a70b6f..448b5eb5d 100644 --- a/utilities/nlmon.c +++ b/utilities/nlmon.c @@ -25,6 +25,7 @@ #include

[ovs-dev] [PATCH v4 6/6] netdev-linux: fail ops not supporting remote netns.

When the netdev is in another namespace and the operation doesn't support network namespaces, return the correct error. Signed-off-by: Flavio Leitner --- lib/dpif-netlink.c | 2 +- lib/netdev-linux.c | 134 +++-

[ovs-dev] [PATCH v4 4/6] netlink linux: enable listening to all nsids

Internal ports may be moved to another network namespace and when that happens, the vswitch stops receiving netlink notifications. This patch enables the vswitch to listen to all network namespaces that have a nsid assigned into the network namespace where the socket has been opened. It requires

[ovs-dev] [PATCH v4 3/6] netdev-linux: use netlink to update netdev.

The ioctl interface doesn't support network namespaces, so try updating the netdev using netlink message instead. To provide backwards compatibility, fall back to the previous method if netlink isn't supported or fails. Signed-off-by: Flavio Leitner --- lib/netdev-linux.c |

[ovs-dev] [PATCH v4 2/6] netnsid: update device only if netnsid matches.

Recent kernels provide the network namespace ID of a port, so use that to discover where the port currently is. A network device in another network namespace could have the same name, so once the socket starts listening to other network namespaces, it is necessary to confirm the netnsid.

[ovs-dev] [PATCH v4 1/6] netlink: provide network namespace id from a msg.

The netlink notification's ancillary data contains the network namespace id (netnsid) needed to identify the device correctly. Signed-off-by: Flavio Leitner --- configure.ac | 3 +- lib/automake.mk| 1 + lib/dpif-netlink.c | 6 +-- lib/netdev-linux.c

[ovs-dev] [PATCH v4 0/6] Add minimum network namespace support.

Today Open vSwitch doesn't know about network namespaces (netns), but users are moving internal ports to other namespaces. Although packets are still flowing, the daemon fails to find out basic port information, like if it is UP or DOWN, for instance. This patchset rely on a new kernel vport API

[ovs-dev] [PATCH v1] tests: Added NSH related unit test cases for datapath

Added test cases for encap, decap, replace and forwarding of NSH packets. Also added a python script 'sendpkt.py' to send hex ethernet frames. Signed-off-by: Ashish Varma --- tests/automake.mk | 4 +- tests/sendpkt.py| 94

Re: [ovs-dev] [PATCH] rhel/systemd: Prevent deletion of runtime directory.

Gurucharan Shetty writes: > Currently, when we do a 'service openvswitch stop', > '/var/run/openvswitch' gets deleted. This is a problem > if you have other users (like OVN) using the same > runtime directory since we delete all the files > related to ovsdb-server backing OVN's

[ovs-dev] [PATCH] rhel/systemd: Prevent deletion of runtime directory.

Currently, when we do a 'service openvswitch stop', '/var/run/openvswitch' gets deleted. This is a problem if you have other users (like OVN) using the same runtime directory since we delete all the files related to ovsdb-server backing OVN's databases. This commit fixes it by removing the

Re: [ovs-dev] [PATCH net-next 0/5] Introduce net_rwsem to protect net_namespace_list

From: Kirill Tkhai Date: Thu, 29 Mar 2018 19:20:23 +0300 > The series introduces fine grained rw_semaphore, which will be used > instead of rtnl_lock() to protect net_namespace_list. > > This improves scalability and allows to do non-exclusive sleepable > iteration

[ovs-dev] [PATCH net-next 4/5] ovs: Remove rtnl_lock() from ovs_exit_net()

Here we iterate for_each_net() and removes vport from alive net to the exiting net. ovs_net::dps are protected by ovs_mutex(), and the others, who change it (ovs_dp_cmd_new(), __dp_destroy()) also take it. The same with datapath::ports list. So, we remove rtnl_lock() here. Signed-off-by: Kirill

[ovs-dev] [PATCH net-next 5/5] net: Remove rtnl_lock() in nf_ct_iterate_destroy()

rtnl_lock() doesn't protect net::ct::count, and it's not needed for__nf_ct_unconfirmed_destroy() and for nf_queue_nf_hook_drop(). Signed-off-by: Kirill Tkhai --- net/netfilter/nf_conntrack_core.c |2 -- 1 file changed, 2 deletions(-) diff --git

[ovs-dev] [PATCH net-next 3/5] security: Remove rtnl_lock() in selinux_xfrm_notify_policyload()

rt_genid_bump_all() consists of ipv4 and ipv6 part. ipv4 part is incrementing of net::ipv4::rt_genid, and I see many places, where it's read without rtnl_lock(). ipv6 part calls __fib6_clean_all(), and it's also called without rtnl_lock() in other places. So, rtnl_lock() here was used to iterate

[ovs-dev] [PATCH net-next 2/5] net: Don't take rtnl_lock() in wireless_nlevent_flush()

This function iterates over net_namespace_list and flushes the queue for every of them. What does this rtnl_lock() protects?! Since we may add skbs to net::wext_nlevents without rtnl_lock(), it does not protects us about queuers. It guarantees, two threads can't flush the queue in parallel, that

[ovs-dev] [PATCH net-next 1/5] net: Introduce net_rwsem to protect net_namespace_list

rtnl_lock() is used everywhere, and contention is very high. When someone wants to iterate over alive net namespaces, he/she has no a possibility to do that without exclusive lock. But the exclusive rtnl_lock() in such places is overkill, and it just increases the contention. Yes, there is already

[ovs-dev] [PATCH net-next 0/5] Introduce net_rwsem to protect net_namespace_list

The series introduces fine grained rw_semaphore, which will be used instead of rtnl_lock() to protect net_namespace_list. This improves scalability and allows to do non-exclusive sleepable iteration for_each_net(), which is enough for most cases. scripts/get_maintainer.pl gives enormous list of

[ovs-dev] Openvswitch - RSA 2018 Enquiry

Hi, RSA Conference 2018 (April 16-20, 2018) Attendees list is available for purchase with Company name, Contact name, Business Email address, phone and mailing address etc. We have 31,256 contacts and you can-acquire this list at $1,450 with your unlimited-usage rights. Should be talking

Re: [ovs-dev] [PATCH] lib/netdev-tc-offloads: Fix frag first/later translation

On Thu, Mar 29, 2018 at 03:46:00PM +0300, Roi Dayan wrote: > > > On 28/03/2018 15:54, Simon Horman wrote: > > On Sun, Mar 25, 2018 at 12:53:25PM +0300, Roi Dayan wrote: > > > > > > > > > On 25/03/2018 12:11, Roi Dayan wrote: > > > > Fragment mask (any and later) always exists so we need to

[ovs-dev] [branch-2.9 PATCH 2/2] netdev-dpdk: Add mempool reuse/free debug.

There is debug when a new mempool is created, but not when it is reused or freed. Add these as it is very difficult to debug mempool issues from logs without them. Signed-off-by: Kevin Traynor --- lib/netdev-dpdk.c | 2 ++ 1 file changed, 2 insertions(+) diff --git

[ovs-dev] [branch-2.9 PATCH 1/2] netdev-dpdk: Free mempool only when no in-use mbufs.

DPDK mempools are freed when they are no longer needed. This can happen when a port is removed or a port's mtu is reconfigured so that a new mempool is used. It is possible that an mbuf is attempted to be returned to a freed mempool from NIC Tx queues and this can lead to a segfault. In order to

Re: [ovs-dev] [PATCH] lib/netdev-tc-offloads: Fix frag first/later translation

On 28/03/2018 15:54, Simon Horman wrote: On Sun, Mar 25, 2018 at 12:53:25PM +0300, Roi Dayan wrote: On 25/03/2018 12:11, Roi Dayan wrote: Fragment mask (any and later) always exists so we need to test for FLOW_NW_FRAG_LATER only if the state is FLOW_NW_FRAG_ANY. Before this fix we could

[ovs-dev] 紧急验证通知（帐户更新）ovs-dev@openvswitch.org

lE8a0F: ovs-dev@openvswitch.org b11NECe36R30N86~C8k62`A8v84^10b37v84�F7l42�0C^76N14�E5�C7z0B]F2u31b11NECv84�AENF6\0F~C4SD1�77�0C�F7~D9b11NEC24\0FeF6~C8k62`A8v84^10b37002 zCBS73SD6m88Y04t06 Y82g9C`A8`F3SD6m88~C8k62�F7l42�0C�F7pB9QFBN0A�62v84�FEcA5�CDeB0oC0m3B`A8v84^10b37002

Re: [ovs-dev] can not update userspace vxlan tunnel neigh mac when peer VTEP mac changed

Hi Ychen, If your tunnel NH is moving IP addresses between MAC addresses or changing the MAC address of an interface hosting the NH IP, I think it should send a GARP to inform the connected subnet about this change. Otherwise the neighbors will blackhole traffic by sending to the wrong MAC

Re: [ovs-dev] [PATCH 4/4] ofp-flow: Reduce memory consumption for ofputil_flow_mod, using minimatch.

On 20 March 2018 at 13:46, Ben Pfaff wrote: > Until now, struct ofputil_flow_mod, which represents an OpenFlow flow table > modification request, has incorporated a struct match, which made the > overall ofputil_flow_mod about 2.5 kB. This is OK for a small number of > flows, but

Re: [ovs-dev] [PATCH 3/4] flow, match, classifier: Add new functions for miniflow and minimatch.

On 20 March 2018 at 13:46, Ben Pfaff wrote: > The miniflow and minimatch APIs lack several of the features of the flow > and match APIs. This commit adds a few of the missing functions. > > These functions will be used for the first time in an upcoming commit. > > Signed-off-by:

Re: [ovs-dev] [PATCH 2/4] flow: Improve type-safety of MINIFLOW_GET_TYPE.

On 20 March 2018 at 13:46, Ben Pfaff wrote: > Until mow, this macro has blindly read the passed-in type's size, but > that's unnecessarily risky. This commit changes it to verify that the > passed-in type is the same size as the field and, on GCC and Clang, that > the types are

Re: [ovs-dev] [PATCH 1/4] match: Add 'tun_md' member to struct minimatch.

On 20 March 2018 at 13:46, Ben Pfaff wrote: > struct match has had a 'tun_md' member for a long time, but struct > minimatch has never had one. This doesn't matter for the purposes for > which minimatch is currently used, but it means that a minimatch is not > completely