Age | Commit message (Collapse) | Author |
|
Signed-off-by: Justin Pettit <jpettit@nicira.com>
|
|
dpkg-buildflags has not always supported --export=configure, but commit
6c2d4c8780 (debian: Apply hardening options to build.) used it
unconditionally, causing the build to fail on old Debian distributions.
This fixes the problem.
Signed-off-by: Ben Pfaff <blp@nicira.com>
|
|
Debian now encourages building every program with various GCC hardening
options. This commit implements that recommendation for Open vSwitch.
See https://wiki.debian.org/Hardening for details.
Found by lintian.
Signed-off-by: Ben Pfaff <blp@nicira.com>
|
|
Reported-by: Maxime Brun <m.brun@alphalink.fr>
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
|
|
This reverts commit 9f31efc731090e8d33236c55a4adbf461f3acbd1.
This is the 1.11.0 release, so this patch doesn't belong.
|
|
Signed-off-by: Justin Pettit <jpettit@nicira.com>
|
|
Signed-off-by: Justin Pettit <jpettit@nicira.com>
|
|
Signed-off-by: Justin Pettit <jpettit@nicira.com>
|
|
Currently, when we upgrade openvswitch packages, we do a restart
of userspace daemons automatically. This does not replace the
kernel module.
But almost everytime, we want to use the new kernel module
that comes with the new version. This means that we need to
manually do a "force-reload-kmod". This step, reloads the
kernel module and also restarts the userspace daemons. This gives
us a total of two restarts of userspace daemons. This is quite
expensive in a hypervisor with hundreds of VMs sending real traffic.
This also hurts the controller as it gets two reconnections in a short
amount of time.
With this patch, during a package upgrade, if the kernel module
on disk is different than the one that is loaded, we will
automatically do a force-reload-kmod while openvswitch-switch
is installed. If not, we will just do a "restart" like before.
One can install the kernel package first and then install the userspace
packages in 2 separate steps to enforce a single 'force-reload-kmod'.
If anyone wants to just restart the userspace package instead of
force-reload-kmod, they can set the value of OVS_FORCE_RELOAD_KMOD=no
while installing the package.
Ex: OVS_FORCE_RELOAD_KMOD=no dpkg -i openvswitch-switch*
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
|
|
Define a new NXAST_SAMPLE OpenFlow vendor action and the corresponding
OFPACT_SAMPLE OVS action, to do per-flow packet sampling, translated
into a new SAMPLE "flow_sample" dp action.
Make the userspace action's userdata size vary depending on the union
member used. Add a new "flow_sample" upcall to do per-flow packet
sampling. Add a new "ipfix" upcall to do per-bridge packet sampling
to IPFIX collectors.
Extend the OVSDB schema to support configuring IPFIX collector sets.
Add support for configuring multiple IPFIX collectors for per-flow
packet sampling. Add support for configuring per-bridge IPFIX
sampling.
Automatically generate standard IPFIX entity definitions from the IANA
specs. Send one IPFIX data record message for every packet sampled by
an OpenFlow sample action or received by a bridge configured with
IPFIX sampling, and periodically send IPFIX template set messages.
Signed-off-by: Romain Lenglet <rlenglet@vmware.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
|
|
Signed-off-by: YAMAMOTO Takashi <yamt@mwd.biglobe.ne.jp>
Signed-off-by: Ben Pfaff <blp@nicira.com>
|
|
Signed-off-by: Zang MingJie <zealot0630@gmail.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
|
|
Commit fba6bd1d3f(ovs-vsctl: Try connecting only once for active connections..)
removed the timeout option from ifupdown.sh. Removing the "--timeout=" option
can cause ifupdown script to hang if ovs-vswitchd is not running and ifupdown
script changes the OVSDB. So, re-add it.
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
|
|
Until now, ovs-vsctl has kept trying to the database server until it
succeeded or the timeout expired (if one was specified with --timeout).
This meant that if ovsdb-server wasn't running, then ovs-vsctl would hang.
The result was that almost every ovs-vsctl invocation in scripts specified
a timeout on the off-chance that the database server might not be running.
But it's difficult to choose a good timeout. A timeout that is too short
can cause spurious failures. A timeout that is too long causes long delays
if the server really isn't running.
This commit should alleviate this problem. It changes ovs-vsctl's behavior
so that, if it fails to connect to the server, it exits unsuccessfully.
This makes --timeout obsolete for the purpose of avoiding a hang if the
database server isn't running. (--timeout is still useful to avoid a hang
if ovsdb-server is running but ovs-vswitchd is not, for ovs-vsctl commands
that modify the database. --no-wait also avoids that issue.)
Bug #2393.
Bug #15594.
Reported-by: Jeff Merrick <jmerrick@vmware.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
|
|
We use ovs-ctl from startup scripts to start, stop, restart,
force-reload-kmod OVS daemons. ovs-ctl gives quite a descriptive
o/p while running the above commands. But the o/p goes to stdout.
Sometimes, this output is quite useful to debug issues.
With this patch, we store the o/p of ovs-ctl when called from
startup scripts in /var/log/openvswitch/ovs-ctl.log
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
|
|
This also sets the dates for 1.8.0, even though it was an internal-only
release.
Signed-off-by: Justin Pettit <jpettit@nicira.com>
|
|
Since userspace flow based tunneling code is checked in, the kernel
port based tunneling code can be removed.
Patch removes following components:
- tunnel ports hash table and moved tunnel ports list to individual
vports.
- Cleaned per tnl-port config.
- OVS_KEY_ATTR_TUN_ID action is removed.
Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>
Bug #15078
|
|
The openvswitch-dbg package does not have any binaries from
openvswitch-ipsec package. So remove the dependency.
While trying to install a openvswitch-dbg package currently,
we are forced to install racoon and openvswitch-ipsec package
which is not really necessary.
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
|
|
The VXLAN draft just got updated from -02 to -03, with no major changes.
Update documentation to reflect the change.
Signed-off-by: Lorand Jakab <lojakab@cisco.com>
Acked-by: Kyle Mestery <kmestery@cisco.com>
Signed-off-by: Jesse Gross <jesse@nicira.com>
|
|
Signed-off-by: Justin Pettit <jpettit@nicira.com>
|
|
Signed-off-by: Justin Pettit <jpettit@nicira.com>
|
|
Currently, every time we install the non-dkms openvswitch kernel package,
we restart openvswitch. This has no useful effect when an Open vSwitch kernel
module is already loaded, because "/etc/init.d/openvswitch restart" does not
load the new version of the kernel module.
With this patch, we start openvswitch if there is no kernel module
currently loaded (which is a case for a fresh install of openvswitch). This
will load the kernel module.
If someone wants to use the latest kernel module after an upgrade, they need
to run "/etc/init.d/openvswitch-switch force-reload-kmod" manually.
Issue #13556
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
|
|
Add Linux 3.8 kernel to the range of supported kernel versions.
Signed-off-by: James Page <james.page@ubuntu.com>
[jesse: Update NEWS and FAQ]
Signed-off-by: Jesse Gross <jesse@nicira.com>
|
|
This patch fixes regressions in the dist and distclean targets, and in
the Debian build process, that were introduced by commit d2cb6c956b
(manpages: Put version number instead of date at bottom of page.).
Signed-off-by: Saul St. John <sstjohn@cs.wisc.edu>
Signed-off-by: Ben Pfaff <blp@nicira.com>
|
|
Reported-by: Saul St. John
Reported-by: Logan Rosen <logatronico@gmail.com>
Reported-at: https://bugs.launchpad.net/ubuntu/+source/openvswitch/+bug/1094556
Signed-off-by: Ben Pfaff <blp@nicira.com>
|
|
Currently brcompat does not work on master due to recent
datapath changes. We have decided to remove it as it is
not used very widely.
Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>
|
|
Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
bug #14341
|
|
Currently, there is an option to use the /etc/network/interfaces
file to configure Open vSwitch bridges and ports. To create and
destroy bridges, one has to manually run the following commands.
ifup --allow=ovs $list_of_bridges
ifdown --allow=ovs $list_of_bridges
This commit will automatically run the above two commands when
the system boots up and shuts down respectively through the
OVS startup script.
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
|
|
datapath: backport 15e473046cb6e5d18a4d0057e61d76315230382b
Signed-off-by: Isaku Yamahata <yamahata@valinux.co.jp>
[jesse: fix kernel version in error message]
Signed-off-by: Jesse Gross <jesse@nicira.com>
|
|
This patch adds support for skb mark matching and set action.
Acked-by: Jesse Gross <jesse@nicira.com>
Signed-off-by: Ansis Atteka <aatteka@nicira.com>
|
|
This patch adds ipv6 set action functionality. It allows to change
traffic class, flow label, hop-limit, ipv6 source and destination
address fields.
Acked-by: Jesse Gross <jesse@nicira.com>
Signed-off-by: Ansis Atteka <aatteka@nicira.com>
|
|
Tunnel caching was added to reduce CPU utilization on TX path
by caching packet header, So performance gain is directly proportional
to number of skbs transferred. But with help of offloads skb are getting
larger. So there are less number of skbs. Therefore header caching does
not shows similar gains we seen in past. And now kernel 3.6 has removed
dst caching from networking which makes header caching even more tricky.
So this commit removes header caching from OVS tunnelling.
Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>
|
|
The CAPWAP implementation is just the encapsulation format and
therefore really not the full protocol. While there were some
uses of it (primarily hardware support and UDP transport). But
these are most likely better provided by VXLAN. As a result,
CAPWAP will be removed no earlier than February 2013.
Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
|
|
This commit updates NEWS and debian/changelog to reflect that
commit 8087f5ff (Process RARP packets with ethertype 0x8035
similar to ARP packets.) is going to be backported intto 1.9.0, so
that they should no longer be listed as post-1.9 features.
Signed-off-by: Mehak Mahajan <mmahajan@nicira.com>
|
|
With this commit, OVS will match the data in the RARP packets having
ethertype 0x8035, in the same way as the data in the ARP packets.
Signed-off-by: Mehak Mahajan <mmahajan@nicira.com>
|
|
This is a complementary patch to the other one I sent out previously.
The purpose of it is to make it more obvious that tunnel pmtud is
deprecated and will be removed soon.
Requested-by: Jesse Gross <jesse@nicira.com>
Signed-off-by: Ansis Atteka <aatteka@nicira.com>
|
|
When physical interfaces are added to a bond through the
/etc/network/interfaces script, administratively 'up' the
slave interfaces.
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
|
|
When debian package for openvswitch-switch is upgraded,
export a variable, OVS_RESTART_SAVE_FLOWS=yes.
This will save the openflow flows in vswitchd and
re-apply it after the upgrade.
Feature #13555.
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
|
|
ovs-ctl has a new command called "restart" which
saves and restores the openflow flows on bridges.
Use that command from the init scripts when doing
a "restart --save-flows=yes".
Also, the debian package postinst script can
set the variable OVS_RESTART_SAVE_FLOWS to "yes"
to ask for save and restore of flows.
Feature #13555.
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
|
|
Signed-off-by: Ben Pfaff <blp@nicira.com>
|
|
Signed-off-by: Ben Pfaff <blp@nicira.com>
|
|
The new ovs-parse-backtrace utility makes the output of ovs-appctl
backtrace more human readable by removing duplicate traces and
converting addresses to function names.
Signed-off-by: Ethan Jackson <ethan@nicira.com>
|
|
Extend GRE to have a 64-bit key. Use GRE sequence number to
store upper 32-bits of the key, but this is not standard way of
using GRE sequence number.
Bug #13186
Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>
|
|
Signed-off-by: Justin Pettit <jpettit@nicira.com>
|
|
This patch adds new netdev classes that implement
"system" and "tap" devices on FreeBSD using the
libpcap library. This enables the use of the
"netdev" datapath_type of Open vSwitch on FreeBSD.
Signed-off-by: Gaetano Catalli <gaetano.catalli@gmail.com>
Signed-off-by: Ed Maste <emaste@adaranet.com>
Signed-off-by: Giuseppe Lettieri <g.lettieri@iet.unipi.it>
Signed-off-by: Ben Pfaff <blp@nicira.com>
|
|
A Debian package is expected to remove all its configuration files (which
includes all files in /etc) when it is purged, but the
openvswitch-controller package wasn't doing that. This fixes the problem.
Debian bug #682187.
CC: 682187@bugs.debian.org
Reported-by: Andreas Beckmann <debian@abeckmann.de>
Signed-off-by: Ben Pfaff <blp@nicira.com>
|
|
Debian kernel maintainer Bastian Blank writes, at
http://bugs.debian.org/680537:
The netfilter rules are a shared resource. There is no synchronization,
so the admin have the last word. As kernel maintainer, I see it similar
to a configuration file, so ยง10.7 policy applies.
The purpose of openvswitch is to provide support for switching, not to
setup filter rules. This means it violates the principle of least
surprise.
I believe that the argument by analogy to configuration files is weak,
given that the Debian policy section in question is very specifically about
files, not about general principles. On the other hand, Debian does not
install any firewall by default, so the presence of a rule that blocks GRE
traffic is a sign that the administrator has taken an explicit action to
install a firewall that blocks GRE, and therefore it is rather rude to
override this. Therefore, this patch simply turns off this behavior on
Debian, given that in ordinary Debian installations it will have no
adverse effect on Open vSwitch.
Debian bug #680537.
CC: 680537@bugs.debian.org
Reported-by: Bastian Blank <waldi@debian.org>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Simon Horman <horms@verge.net.au>
|
|
Signed-off-by: Justin Pettit <jpettit@nicira.com>
|
|
Signed-off-by: Justin Pettit <jpettit@nicira.com>
|
|
This hasn't been necessary for a long time.
Signed-off-by: Ben Pfaff <blp@nicira.com>
|