1. 03 Feb, 2016 2 commits
    • Daniele Di Proietto's avatar
      bridge: Do not add bridges with '/' in name. · 3661c068
      Daniele Di Proietto authored
      This effectively stops vswitchd from creating bridges with '/' in the
      name. OVS used to print a warning but the bridge was created anyway.
      This restriction is implemented because the bridge name is part of a
      filesystem path.
      This check is no substitute for Mandatory Access Control, but it
      certainly helps to catch the error early.
      Signed-off-by: default avatarDaniele Di Proietto <diproiettod@vmware.com>
      [blp@ovn.org added a test]
      Acked-by: default avatarBen Pfaff <blp@ovn.org>
    • Ben Pfaff's avatar
      ofproto: Detect and handle errors in ofproto_port_add(). · 4034cac0
      Ben Pfaff authored
      The update_port() function called in ofproto_port_add() can encounter
      errors that prevent a port from being added, but nothing was checking for
      the error and in fact update_port() didn't even pass the error along to
      its caller.  This commit fixes the problem.
      The scenario that led me to examine this code can be triggered as follows
      from the sandbox, as long as you change --enable-dummy=override to
      --enable-dummy=system in ovs-sandbox:
      ovs-vsctl add-br br0
      ovs-vsctl add-port br0 tun0 \
          -- set interface tun0 type=stt options:remote_ip=
      ovs-vsctl add-port br0 tun1 \
          -- set interface tun1 type=stt options:remote_ip=
      The second add-port will fail due to the duplicate tunnel options, but
      ofproto_port_add() will not return the error.  Instead, it will report to
      the caller that it succeeded and tell it that it has ofp_port OFPP_NONE
      (65535), which is invalid and it obviously does not.  The result is that
      you get bizarre log messages like this:
          tunnel|WARN|tun1: attempting to add tunnel port with same config as port 'tun0' (::->, key=0, dp port=7471, pkt mark=0)
          ofproto|WARN|br0: could not add port tun1 (File exists)
          bridge|INFO|bridge br0: added interface tun1 on port 65535
          ofproto|WARN|br0: cannot configure bfd on nonexistent port 65535
          ofproto|WARN|br0: cannot configure LLDP on nonexistent port 65535
          ofproto|WARN|br0: cannot get STP status on nonexistent port 65535
          ofproto|WARN|br0: cannot get RSTP status on nonexistent port 65535
          ofproto|WARN|br0: cannot get STP stats on nonexistent port 65535
          ofproto|WARN|br0: cannot get STP stats on nonexistent port 65535
      VMware-BZ: #1598643
      Signed-off-by: default avatarBen Pfaff <blp@ovn.org>
      Acked-by: default avatarJustin Pettit <jpettit@ovn.org>
  2. 01 Feb, 2016 1 commit
  3. 28 Jan, 2016 1 commit
  4. 27 Jan, 2016 1 commit
  5. 25 Jan, 2016 1 commit
    • Ben Pfaff's avatar
      ofproto-dpif-xlate: Fix recirculation for resubmit to current table. · 9cd7938f
      Ben Pfaff authored
      When recirculation defers actions for processing later, it decides
      based on the actions being saved whether it needs to record the table
      and cookie from which they originated.  Until now, it was thought that
      this was only important for actions that send packets to the controller
      (because those actions send the table ID and cookie).  This overlooked
      a special case of the "resubmit" action which also depends on the
      current table ID, which meant that this special case malfunctioned if
      it came after recirculation.  This commit fixes the problem.
      This is a backport of a fix orginally committed on master.  That fix
      was able to add a test, but branch-2.4 lacks the "debug_recirc" feature
      needed for the test.
      Found while testing another feature under development.
      Signed-off-by: default avatarBen Pfaff <blp@ovn.org>
      Acked-by: default avatarJarno Rajahalme <jarno@ovn.org>
  6. 19 Jan, 2016 1 commit
    • Ben Pfaff's avatar
      ofproto: Fix memory leak and memory exhaustion bugs in group_mod. · a7a43b43
      Ben Pfaff authored
      In handle_group_mod() cases where adding a group failed, nothing freed the
      list of buckets, causing a leak.  The same was true in every case of
      modifying a group.  This commit fixes the problem by changing add_group()
      to never steal or free the buckets (modify_group() already acted this way)
      and then making handle_group_mod() always free the buckets when it's done.
      This approach might at first raise objections, because it makes add_group()
      copy the buckets instead of just take the existing ones.  On branch-2.5
      and master, there's a good reason for that--please see the original commit
      for explanation.  On this backport to branch-2.4, though, we just use this
      approach to avoid having to carefully write a new version for the backport.
      Found by pain and suffering.
      Signed-off-by: default avatarBen Pfaff <blp@ovn.org>
      Acked-by: default avatarJarno Rajahalme <jarno@ovn.org>
  7. 11 Jan, 2016 2 commits
  8. 06 Jan, 2016 1 commit
  9. 04 Jan, 2016 4 commits
  10. 23 Dec, 2015 1 commit
  11. 22 Dec, 2015 2 commits
  12. 21 Dec, 2015 2 commits
  13. 11 Dec, 2015 4 commits
    • Daniele Di Proietto's avatar
      odp-util: Correctly [de]serialize mask for ND attributes. · 442baef5
      Daniele Di Proietto authored
      When converting between ODP attributes and struct flow_wildcards, we
      check that all the prerequisites are exact matched on the mask.
      For ND(ICMPv6) attributes, an exact match on tp_src and tp_dst
      (which in this context are the icmp type and code) shold look like
      htons(0xff), not htons(0xffff).  Fix this in two places.
      The consequences were that the ODP mask wouldn't include the ND
      attributes and the flow would be deleted by the revalidation.
      Signed-off-by: default avatarDaniele Di Proietto <diproiettod@vmware.com>
      Acked-by: default avatarJarno Rajahalme <jrajahalme@nicira.com>
    • Daniele Di Proietto's avatar
      odp-util: Return exact mask if netlink mask attribute is missing. · f5d5eae4
      Daniele Di Proietto authored
      In the ODP context an empty mask netlink attribute usually means that
      the flow should be an exact match.
      odp_flow_key_to_mask() instead returns a struct flow_wildcards
      with matches only on recirc_id and vlan_tci.
      A more appropriate behavior is to handle a missing (zero length) netlink
      mask specially (like we do in userspace and Linux datapath) and create
      an exact match flow_wildcards from the original flow.
      This fixes a bug in revalidate_ukey(): every flow created with
      megaflows disabled would be revalidated away, because the mask would
      seem too generic. (Another possible fix would be to handle the special
      case of a missing mask in revalidate_ukey(), but this seems a more
      generic solution).
      Signed-off-by: default avatarDaniele Di Proietto <diproiettod@vmware.com>
      Acked-by: default avatarJarno Rajahalme <jrajahalme@nicira.com>
    • Daniele Di Proietto's avatar
      tnl-ports: Generate mask with correct prerequisites. · ed24b01f
      Daniele Di Proietto authored
      We should match on the transport ports only if the tunnel has a UDP
      header.  It doesn't make sense to match on transport port for GRE
      Also, to match on fragment bits we should use FLOW_NW_FRAG_MASK instead
      of 0xFF.  FLOW_NW_FRAG_MASK is what we get if we convert to the ODP
      netlink format and back.
      Adding the correct masks in the tunnel router classifier helps in making
      sure that the translation generates masks that respect prerequisites.
      If the mask has some fields that do not respect prerequisites, the flow
      will get deleted by revalidation, because translating to ODP format and
      back will generate a more generic mask, which will be perceived as too
      generic (compared with the one generated by the translation).
      Signed-off-by: default avatarDaniele Di Proietto <diproiettod@vmware.com>
      Acked-by: default avatarJarno Rajahalme <jrajahalme@nicira.com>
    • Daniele Di Proietto's avatar
      ofproto-dpif-xlate: Fix revalidation in execute_controller_action(). · ce4b834e
      Daniele Di Proietto authored
      If there's no actual packet (e.g. during revalidation),
      execute_controller_action() exits right away, without calling
      commit_odp_actions() might have an influence on slow_path reason
      (which is included in the generated ODP actions), meaning that the
      revalidation will not generate the same actions than the original
      Fix the problem by making execute_controller_action() call
      commit_odp_actions() even without a packet.
      Signed-off-by: default avatarDaniele Di Proietto <diproiettod@vmware.com>
      Acked-by: default avatarJarno Rajahalme <jrajahalme@nicira.com>
  14. 08 Dec, 2015 1 commit
  15. 07 Dec, 2015 1 commit
  16. 04 Dec, 2015 1 commit
  17. 02 Dec, 2015 1 commit
    • Gurucharan Shetty's avatar
      debian: Skip systemctl redirect. · 98b2943e
      Gurucharan Shetty authored
      After some experimentation on Ubuntu15.04, I see the
      following behavior.
      1. If you install openvswitch-switch with 'apt-get install',
      then you automatically get a upstart and systemd config files
      for openvswitch. The integration with 'interfaces' fails
      because both the upstart and systemd jobs do not have logic
      to handle it.
      The above behavior will likely get fixed soon in upstream
      2. If you install openvswitch-switch via the packages
      created from the openvswitch repo, there is no systemd or
      upstart conf files installed. But systemd notices this
      and creates a runtime openvswitch conf file which does
      nothing but call back the sysv startup script.
      In the above case when you call
      "/etc/init.d/openvswitch-switch start", it inturn calls
      "/bin/systemctl start openvswitch-switch.service" and
      that inturn again calls "/etc/init.d/openvswitch-switch start".
      But the above for some reason simply hangs. It looks like a call
      to ifup when invoked in this manner does not return.
      I am not sure why this is happening.
      We can avoid the above behavior completely by skipping the
      systemctl redirect as done in this commit. This should fix
      both 1. and 2. above.
      Signed-off-by: default avatarGurucharan Shetty <guru@ovn.org>
      Acked-by: default avatarBen Pfaff <blp@ovn.org>
  18. 29 Nov, 2015 3 commits
  19. 25 Nov, 2015 1 commit
  20. 23 Nov, 2015 1 commit
  21. 11 Nov, 2015 1 commit
  22. 10 Nov, 2015 2 commits
  23. 03 Nov, 2015 2 commits
  24. 02 Nov, 2015 1 commit
  25. 30 Oct, 2015 1 commit
  26. 22 Oct, 2015 1 commit