[ovs-git] [openvswitch/ovs] 3988f5: vswitch.xml: Fix key type and description style of...

GitHub noreply at github.com
Fri Sep 14 14:01:34 UTC 2018


  Branch: refs/heads/dpdk-latest
  Home:   https://github.com/openvswitch/ovs
  Commit: 3988f56ac4f2fac718d320ba2eb5eb8955cca82d
      https://github.com/openvswitch/ovs/commit/3988f56ac4f2fac718d320ba2eb5eb8955cca82d
  Author: Ilya Maximets <i.maximets at samsung.com>
  Date:   2018-08-30 (Thu, 30 Aug 2018)

  Changed paths:
    M vswitchd/vswitch.xml

  Log Message:
  -----------
  vswitch.xml: Fix key type and description style of tc-policy.

The set of supported values specified.
Style fixed to look good in man page. Fixed indents.

CC: Paul Blakey <paulb at mellanox.com>
Fixes: 691d20cbdcf3 ("other-config: Add tc-policy switch to
                control tc flower flag")
Signed-off-by: Ilya Maximets <i.maximets at samsung.com>
Signed-off-by: Simon Horman <simon.horman at netronome.com>


  Commit: fc253483d6c874295c1a9eb7a86f44d2fe4f57ee
      https://github.com/openvswitch/ovs/commit/fc253483d6c874295c1a9eb7a86f44d2fe4f57ee
  Author: Ben Pfaff <blp at ovn.org>
  Date:   2018-08-30 (Thu, 30 Aug 2018)

  Changed paths:
    M lib/nx-match.c

  Log Message:
  -----------
  nx-match: Avoid double-free on some error paths.

Reported-at: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9966
Reported-at: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9968
Fixes: f1eb32b9641c ("ofp-group: Fix memory leak in error cases parsing group requests.")
Signed-off-by: Ben Pfaff <blp at ovn.org>
Reviewed-by: Yifeng Sun <pkusunyifeng at gmail.com>


  Commit: 3ee9b38d5cd6c7b5dc29a5854432ffb77aa4f7db
      https://github.com/openvswitch/ovs/commit/3ee9b38d5cd6c7b5dc29a5854432ffb77aa4f7db
  Author: Ben Pfaff <blp at ovn.org>
  Date:   2018-08-30 (Thu, 30 Aug 2018)

  Changed paths:
    M lib/ofp-actions.c

  Log Message:
  -----------
  ofp-actions: Re-fix error path for parsing OpenFlow actions.

A previous commit attempted to fix the error path when the actions nested
within clone provoked an error.  However, this commit just introduced a new
problem in another case, since it made ofpacts_pull_openflow_actions__()
restore a previously valid pointer to data that might have been
reallocated.

This commit takes another approach.  Instead of trying to restore anything
at all, it just defines ofpacts_pull_openflow_actions__() to clear the
output buffer when there's an error.  It seems that this is less error
prone.  Most of the callers don't care; this commit fixes up the ones that
do.

Reported-at: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9975
Fixes: 20cdd1dbd546 ("ofp-actions: Avoid assertion failure for clone(ct(...bad actions...)).")
Signed-off-by: Ben Pfaff <blp at ovn.org>
Tested-by: Yifeng Sun <pkusunyifeng at gmail.com>
Reviewed-by: Yifeng Sun <pkusunyifeng at gmail.com>


  Commit: db1dcb235feef8a5e13b26dc25705585fc5c325d
      https://github.com/openvswitch/ovs/commit/db1dcb235feef8a5e13b26dc25705585fc5c325d
  Author: Darrell Ball <dlu998 at gmail.com>
  Date:   2018-08-30 (Thu, 30 Aug 2018)

  Changed paths:
    M .travis.yml
    M acinclude.m4
    M datapath/linux/Modules.mk
    A datapath/linux/compat/include/net/ip6_fib.h

  Log Message:
  -----------
  datapath: Fix builds on older kernels.

On older kernels, for example 3.19, the function rt6_get_cookie() is
not available and used with ipv6 config enabled;  it was introduced in
4.2.  Put back the replacement function if it does not exist.
Add a 3.19 version to travis.

CC: Yifeng Sun <pkusunyifeng at gmail.com>
Fixes: bf61b8b1c1db ("datapath: Add support for kernel 4.16.x & 4.17.x.")
Signed-off-by: Darrell Ball <dlu998 at gmail.com>
Signed-off-by: Ben Pfaff <blp at ovn.org>
Tested-by: Yifeng Sun <pkusunyifeng at gmail.com>
Reviewed-by: Yifeng Sun <pkusunyifeng at gmail.com>


  Commit: 2235714c653d19e33aee653e2fe7500693fe5935
      https://github.com/openvswitch/ovs/commit/2235714c653d19e33aee653e2fe7500693fe5935
  Author: Markos Chandras <mchandras at suse.de>
  Date:   2018-08-30 (Thu, 30 Aug 2018)

  Changed paths:
    M utilities/ovs-appctl-bashcomp.bash

  Log Message:
  -----------
  utilities: Drop shebang from bash completion script

This fixes the following warning when building Open vSwitch on the
openSUSE Build Service:

  W: non-executable-script /usr/share/bash-completion/completions/ovs-appctl-bashcomp.bash
  This text file contains a shebang or is located in a path dedicated
  for executables, but lacks the executable bits and cannot thus be
  executed. If the file is meant to be an executable script, add the
  executable bits, otherwise remove the shebang or move the file
  elsewhere.

The file is meant to be sourced instead of executed, so we can simply
drop the shebang.

Signed-off-by: Markos Chandras <mchandras at suse.de>
Signed-off-by: Ben Pfaff <blp at ovn.org>


  Commit: e9b33ad780f3bc712a5de6be9e1e0803fadcd249
      https://github.com/openvswitch/ovs/commit/e9b33ad780f3bc712a5de6be9e1e0803fadcd249
  Author: Greg Rose <gvrose8192 at gmail.com>
  Date:   2018-08-31 (Fri, 31 Aug 2018)

  Changed paths:
    M datapath/linux/compat/include/net/netfilter/nf_conntrack_core.h

  Log Message:
  -----------
  compat: Remove unused function

The compat function rpl_nf_conntrack_in() does not appear to be used
anywhere and emits warnings as such during builds < 4.10.

The patch passes Travis:

https://travis-ci.org/gvrose8192/ovs-experimental/builds/423097292

Remove it.

Signed-off-by: Greg Rose <gvrose8192 at gmail.com>
Signed-off-by: Ben Pfaff <blp at ovn.org>


  Commit: d0db81eac89e0b0304c6e468c9c4d590414181d8
      https://github.com/openvswitch/ovs/commit/d0db81eac89e0b0304c6e468c9c4d590414181d8
  Author: Justin Pettit <jpettit at ovn.org>
  Date:   2018-09-04 (Tue, 04 Sep 2018)

  Changed paths:
    M lib/dpif-netdev.c

  Log Message:
  -----------
  dpif-netdev: Don't check if xcalloc() failed when creating meter.

xcalloc() can't return null.

Signed-off-by: Justin Pettit <jpettit at ovn.org>
Acked-by: Flavio Leitner <fbl at sysclose.org>
Acked-by: Ben Pfaff <blp at ovn.org>


  Commit: 866bc7567ac5f6cf6ee52f6e3aa1253766898cf6
      https://github.com/openvswitch/ovs/commit/866bc7567ac5f6cf6ee52f6e3aa1253766898cf6
  Author: Justin Pettit <jpettit at ovn.org>
  Date:   2018-09-04 (Tue, 04 Sep 2018)

  Changed paths:
    M lib/dpif-netdev.c

  Log Message:
  -----------
  dpif-netdev: Prevent unsafe access when retrieving meter stats.

dpif_netdev_meter_get() retrieved a pointer to a meter entry without
holding a lock.  It's possible that another thread could have deleted
that entry between retrieving the pointer and dereferencing the pointer.
This makes the function hold the lock the entire time the meter entry is
needed.

Found by inspection.

Signed-off-by: Justin Pettit <jpettit at ovn.org>
Acked-by: Flavio Leitner <fbl at sysclose.org>


  Commit: 71972fcaa2aa25d546f47078d9257797eb79eb86
      https://github.com/openvswitch/ovs/commit/71972fcaa2aa25d546f47078d9257797eb79eb86
  Author: Bhargava Shastry <bshastry at sect.tu-berlin.de>
  Date:   2018-09-05 (Wed, 05 Sep 2018)

  Changed paths:
    M tests/oss-fuzz/config/flow_extract_target.options
    M tests/oss-fuzz/flow_extract_target.c

  Log Message:
  -----------
  ossfuzz: Improve coverage of flow_extract_target

This commit improves test coverage of the ossfuzz flow extract test harness
by extending the harness with additional API calls from lib/flow.c

An additional minor change is adding a config option to
flow_extract_target.options file in `tests/ossfuzz/config` to suppress
debug output while fuzzing.

A cursory evaluation shows that the patch covers 8 additional files and
improves line coverage of lib/flow.c from 23% to 37%.

Signed-off-by: Bhargava Shastry <bshastry at sect.tu-berlin.de>
Signed-off-by: Ben Pfaff <blp at ovn.org>


  Commit: 9e8c33133c2b0ef6c49a07da4395483f23aff090
      https://github.com/openvswitch/ovs/commit/9e8c33133c2b0ef6c49a07da4395483f23aff090
  Author: Martin Xu <martinxu9.ovs at gmail.com>
  Date:   2018-09-05 (Wed, 05 Sep 2018)

  Changed paths:
    M rhel/openvswitch-kmod-fedora.spec.in

  Log Message:
  -----------
  rhel: openvswitch-kmod-fedora.spec.in file bug fix

Patch 22c33c303932 used /usr/src/linux/<kernel version> as path of the
linux headers, which does not work for SLES. Use /lib/modules/<kernel
version>/build instead.

Fixes 22c33c303932 (rhel: support kmod build against mulitple kernel versions,
fedora)

Signed-off-by: Martin Xu <martinxu9.ovs at gmail.com>
CC: Greg Rose <gvrose8192 at gmail.com>
CC: Markos Chandras <mchandras at suse.de>
Signed-off-by: Ben Pfaff <blp at ovn.org>
Acked-by: Flavio Leitner <fbl at sysclose.org>
Reviewed-by: Markos Chandras <mchandras at suse.de>


  Commit: 56bfa517d9c8face982efc852644c72e1b5b1564
      https://github.com/openvswitch/ovs/commit/56bfa517d9c8face982efc852644c72e1b5b1564
  Author: Martin Xu <martinxu9.ovs at gmail.com>
  Date:   2018-09-05 (Wed, 05 Sep 2018)

  Changed paths:
    M datapath/linux/Makefile.main.in
    M rhel/kmod-openvswitch-rhel6.spec.in
    M rhel/openvswitch-kmod-fedora.spec.in

  Log Message:
  -----------
  rhel: use full path for /sbin/depmod

Fixes: 22c33c303932 (rhel: support kmod build against mulitple kernel versions, fedora)
Fixes: c8cd1307b248 (rhel: support kmod build against multiple 7.2 kernels, rhel6)
Signed-off-by: Martin Xu <martinxu9.ovs at gmail.com>
CC: Greg Rose <gvrose8192 at gmail.com>
Signed-off-by: Ben Pfaff <blp at ovn.org>
Acked-by: Flavio Leitner <fbl at sysclose.org>


  Commit: eac9f26661aeb3bf565a4730e04f1f05f44bf444
      https://github.com/openvswitch/ovs/commit/eac9f26661aeb3bf565a4730e04f1f05f44bf444
  Author: Martin Xu <martinxu9.ovs at gmail.com>
  Date:   2018-09-05 (Wed, 05 Sep 2018)

  Changed paths:
    M rhel/openvswitch-kmod-fedora.spec.in

  Log Message:
  -----------
  rhel: allow passing more flags to configure, fedora

Define a variable _ovs_config_extra_flags to allow passing more flags to
configure when building OVS kmod RPM. For example, to build with a
non-standard openssl and add an RPATH, use the following command

make rpm-fedora-kmod RPMBUILD_OPT='-D "_ovs_config_extra_flags
--with-openssl=<path to your openssl header> LDFLAGS=\"\${LDFLAGS} -Xlinker
-rpath=<path to your openssl lib>\""'

Signed-off-by: Martin Xu <martinxu9.ovs at gmail.com>
CC: Greg Rose <gvrose8192 at gmail.com>
CC: Flavio Leitner <fbl at sysclose.org>
Signed-off-by: Ben Pfaff <blp at ovn.org>
Acked-by: Flavio Leitner <fbl at sysclose.org>
Reviewed-by: Markos Chandras <mchandras at suse.de>


  Commit: 697f5993c0cf437faa7ec6753e8cf47850a44da3
      https://github.com/openvswitch/ovs/commit/697f5993c0cf437faa7ec6753e8cf47850a44da3
  Author: Ben Pfaff <blp at ovn.org>
  Date:   2018-09-05 (Wed, 05 Sep 2018)

  Changed paths:
    M tests/ovn.at
    M tests/ovs-macros.at

  Log Message:
  -----------
  ovs-macros: Make tests log how long they waited when they succeed.

Many OVS tests wait up for 10 seconds for a condition to become true.
Usually these conditions are ones that should take only a second or so to
actually become true in practice, but on a busy and slow machine it's
possible that some tests might fail or come close to failing because 10
seconds is simply not enough there.

This commit adds logging for the case where a condition actually succeeds
to indicate the amount of time that was waited.  This should make it easier
to identify whether we need to increase the maximum wait time from 10
seconds to something longer, by allowing us to see whether some of the
successful waits came close to timing out.

Reported-by: Thomas Goirand <zigo at debian.org>
Reported-at: https://mail.openvswitch.org/pipermail/ovs-discuss/2018-September/047340.html
Signed-off-by: Ben Pfaff <blp at ovn.org>
Tested-by: Thomas Goirand <zigo at debian.org>


  Commit: c3570519ecaf653d2b13ec8ed572d75396f7cc98
      https://github.com/openvswitch/ovs/commit/c3570519ecaf653d2b13ec8ed572d75396f7cc98
  Author: Martin Xu <martinxu9.ovs at gmail.com>
  Date:   2018-09-05 (Wed, 05 Sep 2018)

  Changed paths:
    M rhel/openvswitch-kmod-fedora.spec.in
    M rhel/usr_share_openvswitch_scripts_ovs-kmod-manage.sh

  Log Message:
  -----------
  rhel: add 4.4 kernel in kmod build with mulitple versions, fedora

Extends 22c33c303932 (rhel: support kmod build against mulitple kernel
versions, fedora) to kernel version 4.4.x, x>=73 for SLES 12 SP3

Signed-off-by: Martin Xu <martinxu9.ovs at gmail.com>
CC: Greg Rose <gvrose8192 at gmail.com>
CC: Markos Chandras <mchandras at suse.de>
CC: Ben Pfaff <blp at ovn.org>
Reviewed-by: Greg Rose <gvrose8192 at gmail.com>
Tested-by: Greg Rose <gvrose8192 at gmail.com>
Signed-off-by: Ben Pfaff <blp at ovn.org>


  Commit: ed1e8ded84dcc490a8b4b815ef0fe9f5e25ab051
      https://github.com/openvswitch/ovs/commit/ed1e8ded84dcc490a8b4b815ef0fe9f5e25ab051
  Author: Ben Pfaff <blp at ovn.org>
  Date:   2018-09-06 (Thu, 06 Sep 2018)

  Changed paths:
    M lib/daemon-unix.c

  Log Message:
  -----------
  daemon-unix: Use same name for original or restarted children.

Linux has an idea of process name that is visible in /proc/$pid/comm.  This
is "ovs-vswitchd" for a freshly started ovs-vswitchd process.  When the
monitor code restarted a crash child, it changed it to the empty string.
This confused the daemon_is_running check in ovs-lib.in, which checks
comm.  This commit fixes the problem by setting the program name as comm
in newly restarted children.

VMware-BZ: #2191724
Signed-off-by: Ben Pfaff <blp at ovn.org>
Acked-by: Gurucharan Shetty <guru at ovn.org>


  Commit: 2600ef022e151976a6385abef838cbd87ff6005d
      https://github.com/openvswitch/ovs/commit/2600ef022e151976a6385abef838cbd87ff6005d
  Author: Justin Pettit <jpettit at ovn.org>
  Date:   2018-09-06 (Thu, 06 Sep 2018)

  Changed paths:
    M tests/ovn.at

  Log Message:
  -----------
  ovn.at: Skip ACL rate-limiting test on slow/overloaded systems.

In ACL rate-limiting test, we send three sets of 100 packets.  One of
the sets drops packets at a rate of 10 per second, one at a rate of 5
per second, and one not at all.  On my setup, it takes roughly 0.67
seconds to send those 300 packets, but we have reports of it taking over
15 seconds on others.  The test was intended to allow some flexibility
in run-time, but it's very difficult to design a mechanism that can all
possibilities.

To prevent false test failures, this patch changes the test to check
the duration count of the meter, and if it's greater than nine seconds,
just skip the test.

Signed-off-by: Justin Pettit <jpettit at ovn.org>
Reported-by: Thomas Goirand <zigo at debian.org>


  Commit: bc92e8a4788f63e4728d32f2d5baba080ede4004
      https://github.com/openvswitch/ovs/commit/bc92e8a4788f63e4728d32f2d5baba080ede4004
  Author: Xin Long <lucien.xin at gmail.com>
  Date:   2018-09-06 (Thu, 06 Sep 2018)

  Changed paths:
    M datapath/linux/compat/ip6_gre.c
    M datapath/linux/compat/ip_gre.c

  Log Message:
  -----------
  erspan: set erspan_ver to 1 by default when adding an erspan dev

Upstream commit:
    commit 84581bdae9587023cea1d139523f0ef0f28bd88d
    Author: Xin Long <lucien.xin at gmail.com>
    Date:   Mon Aug 27 18:41:32 2018 +0800

    erspan: set erspan_ver to 1 by default when adding an erspan dev

    After erspan_ver is introudced, if erspan_ver is not set in iproute, its
    value will be left 0 by default. Since Commit 02f99df1875c ("erspan: fix
    invalid erspan version."), it has broken the traffic due to the version
    check in erspan_xmit if users are not aware of 'erspan_ver' param, like
    using an old version of iproute.

    To fix this compatibility problem, it sets erspan_ver to 1 by default
    when adding an erspan dev in erspan_setup. Note that we can't do it in
    ipgre_netlink_parms, as this function is also used by ipgre_changelink.

    Fixes: 02f99df1875c ("erspan: fix invalid erspan version.")
    Reported-by: Jianlin Shi <jishi at redhat.com>
    Signed-off-by: Xin Long <lucien.xin at gmail.com>
    Signed-off-by: David S. Miller <davem at davemloft.net>

Fixes: 5e720da59d ("erspan: fix invalid erspan version.")
Cc: Xin Long <lucien.xin at gmail.com>
Signed-off-by: Greg Rose <gvrose8192 at gmail.com>
Signed-off-by: Ben Pfaff <blp at ovn.org>


  Commit: 863fb61f84e764ea0322e2fa4162e280abf3cfa0
      https://github.com/openvswitch/ovs/commit/863fb61f84e764ea0322e2fa4162e280abf3cfa0
  Author: Mark Michelson <mmichels at redhat.com>
  Date:   2018-09-06 (Thu, 06 Sep 2018)

  Changed paths:
    M ovn/northd/ovn-northd.c
    M ovn/utilities/ovn-nbctl.c
    M tests/ovn.at

  Log Message:
  -----------
  ovn: Detect and prevent duplicate address assignments.

This patch alters the 'ovn-nbctl lsp-set-addresses' command to check if
the IP addresses being added are duplicates of already-set IP addresses.
Test cases have been added for this detection.

This patch also adds a warning message to ovn-northd if duplicate IPv4
addresses are detected on a switch.

Signed-off-by: Mark Michelson <mmichels at redhat.com>
Signed-off-by: Ben Pfaff <blp at ovn.org>


  Commit: adf1b852301842a2d39ea363df816b6df183a76e
      https://github.com/openvswitch/ovs/commit/adf1b852301842a2d39ea363df816b6df183a76e
  Author: Tiago Lam <tiago.lam at intel.com>
  Date:   2018-09-06 (Thu, 06 Sep 2018)

  Changed paths:
    M tests/system-kmod-macros.at
    M tests/system-traffic.at
    M tests/system-userspace-macros.at

  Log Message:
  -----------
  system-traffic: Fix conntrack per zone limit test.

Commit 3f1087c added a per zone limit test which relied on the
CHECK_CT_DPIF_FLUSH_BY_CT_TUPLE m4 macro to skip the test when executing
in a userspace datapath (since the per zone limit feature is not yet
implemented in userspace). That macro, however, has been removed in
commit 271e48a ("conntrack: Support conntrack flush by ct 5-tuple")
which was causing the test to fail when executing in userspace.

Instead, a new m4 macro, CHECK_CT_DPIF_PER_ZONE_LIMIT, is introduced to
make the same differentiation, until userspace doesn't support the per
zone limit.

CC: Yi-Hung Wei <yihung.wei at gmail.com>
Fixes: 3f1087c ("system-traffic: Add conntrack per zone limit test case")
Signed-off-by: Tiago Lam <tiago.lam at intel.com>
Signed-off-by: Ben Pfaff <blp at ovn.org>
Acked-by: Yi-Hung Wei <yihung.wei at gmail.com>


  Commit: 70738f0b7815ca635b28ac554b2cb92c80df9d8d
      https://github.com/openvswitch/ovs/commit/70738f0b7815ca635b28ac554b2cb92c80df9d8d
  Author: Darrell Ball <dlu998 at gmail.com>
  Date:   2018-09-06 (Thu, 06 Sep 2018)

  Changed paths:
    M utilities/ovs-ctl.in

  Log Message:
  -----------
  ovs-ctl: Allow add-remote without vswitchd started.

'add_managers ()' is filtering add-remote if vswitchd is not started.
However, if we actually filter here we end up with a bricked system,
blackholing all traffic.  Allowing add_manager() to proceed may mean
extra churn in controllers in some cases, but this is far better than
the alternative of a bricked system.

Signed-off-by: Darrell Ball <dlu998 at gmail.com>
Signed-off-by: Ben Pfaff <blp at ovn.org>


  Commit: 105e8179cebf862687f4049c36f831960b6a6367
      https://github.com/openvswitch/ovs/commit/105e8179cebf862687f4049c36f831960b6a6367
  Author: Or Gerlitz <ogerlitz at mellanox.com>
  Date:   2018-09-07 (Fri, 07 Sep 2018)

  Changed paths:
    M lib/netdev-tc-offloads.c
    M lib/tc.c
    M lib/tc.h

  Log Message:
  -----------
  lib/tc: Put the tunnel match fields as part of the tc/flower key struct

Move the tunnel match fields to be part of the tc/flower key structure.

This is pre-step for being able to apply masked match where needed.

Signed-off-by: Or Gerlitz <ogerlitz at mellanox.com>
Reviewed-by: Roi Dayan <roid at mellanox.com>
Signed-off-by: Simon Horman <simon.horman at netronome.com>


  Commit: 49a7961fca6516866eb46b622bb39776b6cd071f
      https://github.com/openvswitch/ovs/commit/49a7961fca6516866eb46b622bb39776b6cd071f
  Author: Or Gerlitz <ogerlitz at mellanox.com>
  Date:   2018-09-07 (Fri, 07 Sep 2018)

  Changed paths:
    M lib/netdev-tc-offloads.c
    M lib/tc.c

  Log Message:
  -----------
  lib/tc: Avoid matching on tunnel ttl or tos if not needed

The tunnel ttl key is not masked when provided to the tc lib, hence we
wrongly attempted to match on it, when we got non zero ttl key with a zero
mask. Fix it by applying the mask. Use the same practice for the tunnel tos.

Fixes: dd83253e117c ('lib/tc: Support matching on ip tunnel tos and ttl')
Signed-off-by: Or Gerlitz <ogerlitz at mellanox.com>
Reported-by: Eli Britstein <elibr at mellanox.com>
Reviewed-by: Roi Dayan <roid at mellanox.com>
Signed-off-by: Simon Horman <simon.horman at netronome.com>


  Commit: 34b1695506f83fba5bf0ffa8a99ad3456da21f79
      https://github.com/openvswitch/ovs/commit/34b1695506f83fba5bf0ffa8a99ad3456da21f79
  Author: Pieter Jansen van Vuuren <pieter.jansenvanvuuren at netronome.com>
  Date:   2018-09-07 (Fri, 07 Sep 2018)

  Changed paths:
    M lib/netdev-tc-offloads.c
    M lib/tc.c
    M lib/tc.h

  Log Message:
  -----------
  lib/tc: add single mpls match offload support

Add TC offload support for classifying single MPLS tagged traffic.

Signed-off-by: Pieter Jansen van Vuuren <pieter.jansenvanvuuren at netronome.com>
Reviewed-by: Simon Horman <simon.horman at netronome.com>
Reviewed-by: John Hurley <john.hurley at netronome.com>
Signed-off-by: Simon Horman <simon.horman at netronome.com>


  Commit: 3869435f1acd923c8bf95011e5182fb5d6de4404
      https://github.com/openvswitch/ovs/commit/3869435f1acd923c8bf95011e5182fb5d6de4404
  Author: Yunjian Wang <wangyunjian at huawei.com>
  Date:   2018-09-07 (Fri, 07 Sep 2018)

  Changed paths:
    M datapath/linux/compat/stt.c

  Log Message:
  -----------
  datapath: stt: Remove unused if statement in function stt_cleanup().

Signed-off-by: Yunjian Wang <wangyunjian at huawei.com>
Signed-off-by: Ben Pfaff <blp at ovn.org>
Reviewed-by: Greg Rose <gvrose8192 at gmail.com>


  Commit: dc041eae5019a936618c398a2a1d106f65604ccc
      https://github.com/openvswitch/ovs/commit/dc041eae5019a936618c398a2a1d106f65604ccc
  Author: Timothy Redaelli <tredaelli at redhat.com>
  Date:   2018-09-07 (Fri, 07 Sep 2018)

  Changed paths:
    M build-aux/generate-dhparams-c

  Log Message:
  -----------
  dhparams: Fix .c file generation with OpenSSL >= 1.1.1-pre9

Since OpenSSL upstream commit 201b305a2409
("apps/dsaparam.c generates code that is intended to be pasted or included into
an existing source file: the function is static, and the code doesn't include
dsa.h.  Match the generated C source style of dsaparam.") "openssl dhparam -C"
generates the get_dh functions as static, but the functions are used inside
stream-ssl.c and so the static keyword cannot be used.

This commit removes the static keyword from the get_dh functions during
dhparams.c file generation by restoring the current behaviour.

Signed-off-by: Timothy Redaelli <tredaelli at redhat.com>
Signed-off-by: Ben Pfaff <blp at ovn.org>


  Commit: ca3556541c6014bb2d41160b0a9d8af53b9c51f2
      https://github.com/openvswitch/ovs/commit/ca3556541c6014bb2d41160b0a9d8af53b9c51f2
  Author: Bhargava Shastry <bshastry at sect.tu-berlin.de>
  Date:   2018-09-07 (Fri, 07 Sep 2018)

  Changed paths:
    M tests/oss-fuzz/flow_extract_target.c

  Log Message:
  -----------
  ossfuzz: Add parse_tcp_flags() to flow_extract_target.

This patch invokes parse_tcp_flags() in flow_extract_target.c after doing a
basic sanitization check (that packet contains at least an ETH header).

A cursory evaluation shows that the patch improves line coverage of
lib/flow.c from 37% to 39%.

Signed-off-by: Bhargava Shastry <bshastry at sect.tu-berlin.de>
Signed-off-by: Ben Pfaff <blp at ovn.org>


  Commit: 189de33f02b27663f15e5034c6eefb3bcaaca8fc
      https://github.com/openvswitch/ovs/commit/189de33f02b27663f15e5034c6eefb3bcaaca8fc
  Author: Eelco Chaudron <echaudro at redhat.com>
  Date:   2018-09-07 (Fri, 07 Sep 2018)

  Changed paths:
    M lib/netdev-vport.c
    M tests/tunnel.at

  Log Message:
  -----------
  netdev-vport: reject concomitant incompatible tunnels

This patch will make sure VXLAN tunnels with and without the group
based policy (GBP) option enabled can not coexist on the same
destination UDP port.

In theory, VXLAN tunnel with and without GBP enables can be
multiplexed on the same UDP port as long as different VNI's are
used. However currently OVS does not support this, hence this patch to
check for this condition.

Signed-off-by: Eelco Chaudron <echaudro at redhat.com>
Signed-off-by: Ben Pfaff <blp at ovn.org>


  Commit: c7e22c6e4e94863ac933090a7b0cc3bc2cb06b40
      https://github.com/openvswitch/ovs/commit/c7e22c6e4e94863ac933090a7b0cc3bc2cb06b40
  Author: Ben Pfaff <blp at ovn.org>
  Date:   2018-09-07 (Fri, 07 Sep 2018)

  Changed paths:
    M vswitchd/vswitch.xml

  Log Message:
  -----------
  vswitch.xml: Better explain vlan-limit.

CC: Eric Garver <e at erig.me>
Requested-by: Jerry Lilijun <jerry.lilijun at huawei.com>
Signed-off-by: Ben Pfaff <blp at ovn.org>
Acked-by: Eric Garver <e at erig.me>


  Commit: 662a6fd4c2c34e0fb02f82e583c6ced8717c346c
      https://github.com/openvswitch/ovs/commit/662a6fd4c2c34e0fb02f82e583c6ced8717c346c
  Author: Louis Peens <louis.peens at netronome.com>
  Date:   2018-09-10 (Mon, 10 Sep 2018)

  Changed paths:
    M lib/netdev-tc-offloads.c

  Log Message:
  -----------
  lib/tc: reject offloading of non-Ethernet packets

When a packet is marked with the special ethtype of OFP_DL_TYPE_NOT_ETH_TYPE
it got wrongly installed into tc datapath as a match on a packet with that
ethtype. This prevents that from happening.

Signed-off-by: Louis Peens <louis.peens at netronome.com>
Reviewed-by: Pieter Jansen van Vuuren <pieter.jansenvanvuuren at netronome.com>
Reviewed-by: Simon Horman <simon.horman at netronome.com>
Signed-off-by: Simon Horman <simon.horman at netronome.com>


  Commit: 5ff53df67441f71feafa97e95e8f74a4eaf9490a
      https://github.com/openvswitch/ovs/commit/5ff53df67441f71feafa97e95e8f74a4eaf9490a
  Author: Bhargava Shastry <bshastry at sec.t-labs.tu-berlin.de>
  Date:   2018-09-10 (Mon, 10 Sep 2018)

  Changed paths:
    M tests/oss-fuzz/flow_extract_target.c

  Log Message:
  -----------
  oss-fuzz: Fuzz miniflow APIs also.

This patch increases coverage of `lib/flow.c` from 39% to 43%, covers three
additional files and increases coverage in five other source/header files.

Signed-off-by: Bhargava Shastry <bshastry at sect.tu-berlin.de>
Signed-off-by: Ben Pfaff <blp at ovn.org>


  Commit: 49b21677f4f32e194442e4016afd2253bbc78077
      https://github.com/openvswitch/ovs/commit/49b21677f4f32e194442e4016afd2253bbc78077
  Author: Ben Pfaff <blp at ovn.org>
  Date:   2018-09-10 (Mon, 10 Sep 2018)

  Changed paths:
    M lib/ofp-port.c
    M lib/ofp-print.c

  Log Message:
  -----------
  ofp-port: Further cleanups and fixes for ofputil_decode_port_stats().

This fixes leaks on the error path in parse_intel_port_custom_property().

ofp_print_ofpst_port_reply() failed to free the custom_stats in decoded
port stats.  This fixes the problem.

parse_intel_port_custom_property() had a memory leak if there was more than
one custom stats property (which there shouldn't be, but still).  This
fixes the problem.

There was a function netdev_free_custom_stats_counters() meant for freeing
custom_stats, but hardly anything used it.  This adopts it consistently.

It wasn't safe to free the custom stats if ofputil_decode_port_stats()
returned an error.  Using netdev_free_custom_stats_counters() avoids this
pitfall.

Reported-at: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9972
Signed-off-by: Ben Pfaff <blp at ovn.org>
Reviewed-by: Yifeng Sun <pkusunyifeng at gmail.com>


  Commit: 2bdeb9a70e3c882ab97e9d2e16e7a7989b07f024
      https://github.com/openvswitch/ovs/commit/2bdeb9a70e3c882ab97e9d2e16e7a7989b07f024
  Author: Ben Pfaff <blp at ovn.org>
  Date:   2018-09-10 (Mon, 10 Sep 2018)

  Changed paths:
    M tests/automake.mk
    A tests/fuzz-regression-list.at
    A tests/fuzz-regression.at
    A tests/fuzz-regression/flow_extract_fuzzer-5112775280951296
    A tests/fuzz-regression/flow_extract_fuzzer-5457710546944000
    A tests/fuzz-regression/json_parser_fuzzer-4790908707930112
    A tests/fuzz-regression/ofp_print_fuzzer-4584019764183040
    A tests/fuzz-regression/ofp_print_fuzzer-4730143510626304
    A tests/fuzz-regression/ofp_print_fuzzer-4854119633256448
    A tests/fuzz-regression/ofp_print_fuzzer-5070973479944192
    A tests/fuzz-regression/ofp_print_fuzzer-5072291707748352
    A tests/fuzz-regression/ofp_print_fuzzer-5147430386401280
    A tests/fuzz-regression/ofp_print_fuzzer-5168455220199424
    A tests/fuzz-regression/ofp_print_fuzzer-5190507327127552
    A tests/fuzz-regression/ofp_print_fuzzer-5204186701496320
    A tests/fuzz-regression/ofp_print_fuzzer-5394482341085184
    A tests/fuzz-regression/ofp_print_fuzzer-5395207246839808
    A tests/fuzz-regression/ofp_print_fuzzer-5647458888581120
    A tests/fuzz-regression/ofp_print_fuzzer-5674119268925440
    A tests/fuzz-regression/ofp_print_fuzzer-5674419757252608
    A tests/fuzz-regression/ofp_print_fuzzer-5677588436484096
    A tests/fuzz-regression/ofp_print_fuzzer-5706562554298368
    A tests/fuzz-regression/ofp_print_fuzzer-5722747668791296
    A tests/fuzz-regression/ofp_print_fuzzer-6285128790704128
    A tests/fuzz-regression/ofp_print_fuzzer-6470117922701312
    A tests/fuzz-regression/ofp_print_fuzzer-6502620041576448
    M tests/testsuite.at

  Log Message:
  -----------
  tests: Add regression tests for all the bugs found by oss-fuzz so far.

This will make it harder for bugs found by oss-fuzz to reappear.

Signed-off-by: Ben Pfaff <blp at ovn.org>
Tested-by: Yifeng Sun <pkusunyifeng at gmail.com>
Reviewed-by: Yifeng Sun <pkusunyifeng at gmail.com>
Signed-off-by: Ben Pfaff <blp at ovn.org>


  Commit: af8ba764510fb86babd2d5b3a7dd422e0a6d93bf
      https://github.com/openvswitch/ovs/commit/af8ba764510fb86babd2d5b3a7dd422e0a6d93bf
  Author: Ben Pfaff <blp at ovn.org>
  Date:   2018-09-10 (Mon, 10 Sep 2018)

  Changed paths:
    M tests/automake.mk

  Log Message:
  -----------
  tests: Add $(AM_V_GEN) annotation to fuzz-regression-list.at target.

Fixes: 2bdeb9a70e3c ("tests: Add regression tests for all the bugs found by oss-fuzz so far.")
Signed-off-by: Ben Pfaff <blp at ovn.org>


  Commit: 7f02f26c2e2dd9a904179e22dd158d07a0f7aa09
      https://github.com/openvswitch/ovs/commit/7f02f26c2e2dd9a904179e22dd158d07a0f7aa09
  Author: Pieter Jansen van Vuuren <pieter.jansenvanvuuren at netronome.com>
  Date:   2018-09-12 (Wed, 12 Sep 2018)

  Changed paths:
    M lib/netdev-tc-offloads.c
    M lib/tc.c

  Log Message:
  -----------
  lib/tc: treat vlan id and prio as independent fields

Previously the key was used to check the presence of vlan id and
prio fields instead of using the mask. Additionally the vlan id
field was considered to be present if only the prio field was set,
and vice versa. f.e. setting the following:

ovs-ofctl -OOpenFlow13,OpenFlow15 add-flow br0 \
priority=10,cookie=1,table=0,ip,dl_vlan_pcp=2,actions=output:2

Resulted in (instead of wildcarding vlan_id, filter matches 0):
filter protocol 802.1Q pref 1 flower chain 0
filter protocol 802.1Q pref 1 flower chain 0 handle 0x1
 vlan_id 0
 vlan_prio 2
 vlan_ethtype ip
 eth_type ipv4
 ip_flags nofrag
 in_hw
       action order 1: mirred (Egress Redirect to device eth1) stolen
       index 2 ref 1 bind 1 installed 5 sec used 5 sec
       Action statistics:
       Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
       backlog 0b 0p requeues 0
       cookie 47040ae7a94fff6afd7ed8aa04b11ba4

Signed-off-by: Pieter Jansen van Vuuren <pieter.jansenvanvuuren at netronome.com>
Reviewed-by: Simon Horman <simon.horman at netronome.com>
Signed-off-by: Simon Horman <simon.horman at netronome.com>


  Commit: f89771542a4600ea4955670e7ff3aa24367994b7
      https://github.com/openvswitch/ovs/commit/f89771542a4600ea4955670e7ff3aa24367994b7
  Author: Ben Pfaff <blp at ovn.org>
  Date:   2018-09-12 (Wed, 12 Sep 2018)

  Changed paths:
    M lib/odp-util.c

  Log Message:
  -----------
  odp-util: Don't attempt to write IPv6 flow label bits that don't exist.

The ipv6_label field member of struct ovs_key_ipv6 is 32 bits in size,
but an IPv6 label is only 20 bits, so the upper 12 bits are not writable
and must be 0 in the mask.  The code wasn't careful about this so it could
try to write them anyway.  This commit fixes the problem.

Reported-by: nm_r at directbox.com
Reported-at: https://mail.openvswitch.org/pipermail/ovs-discuss/2018-September/047357.html
Signed-off-by: Ben Pfaff <blp at ovn.org>
Reviewed-by: Yifeng Sun <pkusunyifeng at gmail.com>


  Commit: 34c2c3433460bdd21b9a82673714fce04e2e0acb
      https://github.com/openvswitch/ovs/commit/34c2c3433460bdd21b9a82673714fce04e2e0acb
  Author: Ben Pfaff <blp at ovn.org>
  Date:   2018-09-12 (Wed, 12 Sep 2018)

  Changed paths:
    M lib/flow.c

  Log Message:
  -----------
  flow: Document parse_tcp_flags() assumptions and semantics.

Reported-by: Bhargava Shastry <bshastry at sect.tu-berlin.de>
Signed-off-by: Ben Pfaff <blp at ovn.org>
Reviewed-by: Yifeng Sun <pkusunyifeng at gmail.com>


  Commit: 1657366f6eb51e78bfdb28b3a683f281e66adddb
      https://github.com/openvswitch/ovs/commit/1657366f6eb51e78bfdb28b3a683f281e66adddb
  Author: Yunjian Wang <wangyunjian at huawei.com>
  Date:   2018-09-12 (Wed, 12 Sep 2018)

  Changed paths:
    M datapath/linux/compat/lisp.c

  Log Message:
  -----------
  datapath: lisp: Fix uninitialized field in tunnel_cfg.

The tunnel_cfg had the gro_receive and gro_complete fields uninitialized
in function lisp_open(). This caused an uninitialized memory read.

Signed-off-by: Yunjian Wang <wangyunjian at huawei.com>
Signed-off-by: Ben Pfaff <blp at ovn.org>
Reviewed-by: Greg Rose <gvrose8192 at gmail.com>


  Commit: 205639c253e698ae92de3e6661166a5fcb21e8d8
      https://github.com/openvswitch/ovs/commit/205639c253e698ae92de3e6661166a5fcb21e8d8
  Author: Nicolas Haller <nicolas at boiteameuh.org>
  Date:   2018-09-12 (Wed, 12 Sep 2018)

  Changed paths:
    M Documentation/topics/tracing.rst

  Log Message:
  -----------
  Documentation: cosmetic fix for example flows

Signed-off-by: Nicolas Haller <nicolas at boiteameuh.org>
Signed-off-by: Ben Pfaff <blp at ovn.org>


  Commit: 0d6b401cf60d10809e4644105cf47c44b4bdc4ab
      https://github.com/openvswitch/ovs/commit/0d6b401cf60d10809e4644105cf47c44b4bdc4ab
  Author: Gavi Teitz <gavi at mellanox.com>
  Date:   2018-09-13 (Thu, 13 Sep 2018)

  Changed paths:
    M lib/dpif-netdev.c

  Log Message:
  -----------
  dpif-netdev: Initialize dpif_flow attrs

In a previous commit, the dpif_flow struct was expanded, with the
'offloaded' field being moved into a new struct which also includes a
field for the dp layer the flow is handled on. The initialization of
these fields was only done in dpif-netlink.

This completes that commit, by initializing the fields in dpif-netdev
as well. As the 'offloaded' field was previously ignored by
dpif-netdev, the attrs are initialized to the default values of
'false' for the offloaded state, and 'ovs' for the dp layer.

Fixes: d63ca5329ff9 ("dpctl: Properly reflect a rule's offloaded to HW state")
Signed-off-by: Gavi Teitz <gavi at mellanox.com>
Acked-by: Roi Dayan <roid at mellanox.com>
Signed-off-by: Simon Horman <simon.horman at netronome.com>


  Commit: a692410af0f71f89ef3b4c4b89b039d23cdfedb3
      https://github.com/openvswitch/ovs/commit/a692410af0f71f89ef3b4c4b89b039d23cdfedb3
  Author: Gavi Teitz <gavi at mellanox.com>
  Date:   2018-09-13 (Thu, 13 Sep 2018)

  Changed paths:
    M lib/dpctl.c
    M lib/dpctl.man
    M lib/dpif-netdev.c
    M lib/dpif-netlink.c
    M lib/dpif-provider.h
    M lib/dpif.c
    M lib/dpif.h

  Log Message:
  -----------
  dpctl: Expand the flow dump type filter

Added new types to the flow dump filter, and allowed multiple filter
types to be passed at once, as a comma separated list. The new types
added are:
 * tc - specifies flows handled by the tc dp
 * non-offloaded - specifies flows not offloaded to the HW
 * all - specifies flows of all types

The type list is now fully parsed by the dpctl, and a new struct was
added to dpif which enables dpctl to define which types of dumps to
provide, rather than passing the type string and having dpif parse it.

Signed-off-by: Gavi Teitz <gavi at mellanox.com>
Acked-by: Roi Dayan <roid at mellanox.com>
Signed-off-by: Simon Horman <simon.horman at netronome.com>


  Commit: 949758946767ff79b4c3eb5eca755c6cf21643e3
      https://github.com/openvswitch/ovs/commit/949758946767ff79b4c3eb5eca755c6cf21643e3
  Author: Timothy Redaelli <tredaelli at redhat.com>
  Date:   2018-09-13 (Thu, 13 Sep 2018)

  Changed paths:
    M utilities/ovs-save

  Log Message:
  -----------
  ovs-save: Don't always include the default flow during restore

Currently the default flow (actions=NORMAL) is present in the flow table after
the flow table is restored also when the default flow is removed.

This commit changes the behaviour of the "ovs-save save-flows" command to use
"replace-flows" instead of "add-flows" to restore the flows. This is needed in
order to always have the new flow table as it was before restoring it.

Reported-by: Flavio Leitner <fbl at sysclose.org>
Reported-at: https://bugzilla.redhat.com/show_bug.cgi?id=1626096
Signed-off-by: Timothy Redaelli <tredaelli at redhat.com>
Acked-by: Flavio Leitner <fbl at sysclose.org>
Signed-off-by: Gurucharan Shetty <guru at ovn.org>


Compare: https://github.com/openvswitch/ovs/compare/28533f58e829...949758946767
      **NOTE:** This service has been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/

      Functionality will be removed from GitHub.com on January 31st, 2019.


More information about the git mailing list