[ovs-dev] [PATCH v3] dpdk: add support for v2.1.0
Update relevant artifacts to add support for DPDK v2.1.0 - INSTALL.DPDK.md - acinclude.m4: Change DPDK library name - netdev-dpdk: Limit minimum mbuf size to to adapt to DPDK bug fix that changes the treatment of the requested mbuf size - build.sh: Change DPDK version number Note that this breaks compatibility with DPDK v2.0.0 although only for the library name change. Note that throughput for vhost ports with mergeable buffers is reduced about 10% due to a necessary bug fix in DPDK vhost code. Signed-off-by: Mark Kavanagh Signed-off-by: Michal Weglicki Signed-off-by: Timo Puha --- .travis/build.sh | 2 +- INSTALL.DPDK.md | 17 ++--- acinclude.m4 | 2 +- lib/netdev-dpdk.c | 12 +--- 4 files changed, 17 insertions(+), 16 deletions(-) diff --git a/.travis/build.sh b/.travis/build.sh index e90f4d0..3cadbf0 100755 --- a/.travis/build.sh +++ b/.travis/build.sh @@ -71,7 +71,7 @@ fi if [ "$DPDK" ]; then if [ -z "$DPDK_VER" ]; then -DPDK_VER="2.0.0" +DPDK_VER="2.1.0" fi install_dpdk $DPDK_VER if [ "$CC" = "clang" ]; then diff --git a/INSTALL.DPDK.md b/INSTALL.DPDK.md index 35dd9a0..8834c1d 100644 --- a/INSTALL.DPDK.md +++ b/INSTALL.DPDK.md @@ -16,7 +16,7 @@ OVS needs a system with 1GB hugepages support. Building and Installing: -Required: DPDK 2.0 +Required: DPDK 2.1 Optional (if building with vhost-cuse): `fuse`, `fuse-devel` (`libfuse-dev` on Debian/Ubuntu) @@ -24,7 +24,7 @@ on Debian/Ubuntu) 1. Set `$DPDK_DIR` ``` - export DPDK_DIR=/usr/src/dpdk-2.0 + export DPDK_DIR=/usr/src/dpdk-2.1 cd $DPDK_DIR ``` @@ -33,11 +33,6 @@ on Debian/Ubuntu) `CONFIG_RTE_BUILD_COMBINE_LIBS=y` - Update `config/common_linuxapp` so that DPDK is built with vhost - libraries. - - `CONFIG_RTE_LIBRTE_VHOST=y` - Then run `make install` to build and install the library. For default install without IVSHMEM: @@ -112,7 +107,7 @@ Using the DPDK with ovs-vswitchd: 3. Bind network device to vfio-pci: `$DPDK_DIR/tools/dpdk_nic_bind.py --bind=vfio-pci eth1` -3. Mount the hugetable filsystem +3. Mount the hugetable filesystem `mount -t hugetlbfs -o pagesize=1G none /dev/hugepages` @@ -315,7 +310,7 @@ the vswitchd. DPDK vhost: --- -DPDK 2.0 supports two types of vhost: +DPDK 2.1 supports two types of vhost: 1. vhost-user 2. vhost-cuse @@ -336,7 +331,7 @@ with OVS. DPDK vhost-user Prerequisites: - -1. DPDK 2.0 with vhost support enabled as documented in the "Building and +1. DPDK 2.1 with vhost support enabled as documented in the "Building and Installing section" 2. QEMU version v2.1.0+ @@ -418,7 +413,7 @@ with OVS. DPDK vhost-cuse Prerequisites: - -1. DPDK 2.0 with vhost support enabled as documented in the "Building and +1. DPDK 2.1 with vhost support enabled as documented in the "Building and Installing section" As an additional step, you must enable vhost-cuse in DPDK by setting the following additional flag in `config/common_linuxapp`: diff --git a/acinclude.m4 b/acinclude.m4 index 45cfaf6..90bb708 100644 --- a/acinclude.m4 +++ b/acinclude.m4 @@ -172,7 +172,7 @@ AC_DEFUN([OVS_CHECK_DPDK], [ DPDK_INCLUDE=$RTE_SDK/include DPDK_LIB_DIR=$RTE_SDK/lib -DPDK_LIB="-lintel_dpdk" +DPDK_LIB="-ldpdk" DPDK_EXTRA_LIB="" AC_COMPILE_IFELSE( diff --git a/lib/netdev-dpdk.c b/lib/netdev-dpdk.c index 3444bb1..4f46acd 100644 --- a/lib/netdev-dpdk.c +++ b/lib/netdev-dpdk.c @@ -65,11 +65,17 @@ static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(5, 20); /* * need to reserve tons of extra space in the mbufs so we can align the * DMA addresses to 4KB. + * The minimum mbuf size is limited to avoid scatter behaviour and drop in + * performance for standard Ethernet MTU. */ - #define MTU_TO_MAX_LEN(mtu) ((mtu) + ETHER_HDR_LEN + ETHER_CRC_LEN) -#define MBUF_SIZE(mtu) (MTU_TO_MAX_LEN(mtu) + (512) + \ - sizeof(struct rte_mbuf) + RTE_PKTMBUF_HEADROOM) +#define MBUF_SIZE_MTU(mtu) (MTU_TO_MAX_LEN(mtu)\ + + sizeof(struct dp_packet) \ + + RTE_PKTMBUF_HEADROOM) +#define MBUF_SIZE_DRIVER (2048 \ + + sizeof (struct rte_mbuf) \ + + RTE_PKTMBUF_HEADROOM) +#define MBUF_SIZE(mtu) MAX(MBUF_SIZE_MTU(mtu), MBUF_SIZE_DRIVER) /* Max and min number of packets in the mempool. OVS tries to allocate a * mempool with MAX_NB_MBUF: if this fails (because the system doesn't have -- 1.8.3.1 ___ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
[ovs-dev] [PATCH] INSTALL.DPDK: Fix a typo.
I started by just fixing s/expect/expects/ and made a couple more tweaks to the short paragraph while I was in there. Signed-off-by: Russell Bryant --- INSTALL.DPDK.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/INSTALL.DPDK.md b/INSTALL.DPDK.md index 35dd9a0..20bd1c6 100644 --- a/INSTALL.DPDK.md +++ b/INSTALL.DPDK.md @@ -173,9 +173,9 @@ Using the DPDK with ovs-vswitchd: `ovs-vsctl add-br br0 -- set bridge br0 datapath_type=netdev` - Now you can add dpdk devices. OVS expect DPDK device name start with dpdk - and end with portid. vswitchd should print (in the log file) the number - of dpdk devices found. + Now you can add dpdk devices. OVS expects DPDK device names to start with + "dpdk" and end with a portid. vswitchd should print (in the log file) the + number of dpdk devices found. ``` ovs-vsctl add-port br0 dpdk0 -- set Interface dpdk0 type=dpdk -- 2.4.3 ___ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
Re: [ovs-dev] [PATCH 1/1] netdev-linux: Don't set ethtool flags if flag is already set on netdev
My bad, Thanks. -Anoob On 03/09/15 20:54, Jesse Gross wrote: On Thu, Sep 3, 2015 at 6:53 AM, Anoob Soman wrote: Check if ethtool flags is already set on a netdev, before trying to set it. This patch works around issues with some older verison of ethernet drivers, which tend to reset the NIC when call to disable LRO is made, even if LRO is already disable on that NIC. NIC reset is not desirable in OVS upgrade scenario as it causes extended downtime. Signed-off-by: Anoob Soman Thanks, applied to master, branch-2.4, and branch-2.3. I did fix the typo in 'return' that prevents this from compiling though... ___ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
Re: [ovs-dev] [PATCH] INSTALL.DPDK: Fix a typo.
On Fri, Sep 04, 2015 at 10:46:58AM -0400, Russell Bryant wrote: > I started by just fixing s/expect/expects/ and made a couple more > tweaks to the short paragraph while I was in there. > > Signed-off-by: Russell Bryant > --- LGTM Acked-by: Flavio Leitner ___ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
Re: [ovs-dev] Fwd: [Dpdk-ovs] dpdk ovs inter VM communication
> > -Original Message- > > From: Dpdk-ovs [mailto:dpdk-ovs-boun...@lists.01.org] On Behalf Of > > Gayathri > > Sent: Wednesday, September 2, 2015 6:13 PM > > To: dpdk-...@lists.01.org > > Subject: [Dpdk-ovs] dpdk ovs inter VM communication > > > > Hi *, > > > > I have dpdk 2.0 and ovs 2.4 working for a single VM. I would like to > create > > couple of them and have INTER-VM communication tested. But not sure > > what is the configuration requirement to accomplish this. Please help me > > out. > > > > Few questions regarding the ports shown in the below o/p: > > MYBOX:~/OVS$ sudo ovs-vsctl show > > 39834e02-bf59-4219-8200-b91297015e92 > > Bridge "br1" > > Port "dpdkvhost1" > > Interface "dpdkvhost1" > > type: dpdkvhostuser > > Port "dpdk1" > > Interface "dpdk1" > > type: dpdk > > Port "br1" > > Interface "br1" > > type: internal > > Bridge "br0" > > Port "dpdk0" > > Interface "dpdk0" > > type: dpdk > > Port "br0" > > Interface "br0" > > type: internal > > Port "dpdkvhost0" > > Interface "dpdkvhost0" > > type: dpdkvhostuser > > > > 1) What are these ports dpdk0/1 ? Are they outgoing ports connected to > the > > physical nics Yes, "dpdk" plus a number is a physical interface. > > 2) Also dpdkvhost0/1 are they ports connecting the VM interface? Those are DPDK vhost-user ports. Those ports use shared mem with a notification mechanism to exchange packets with qemu. However, you need to configure qemu/VM to actually use them. Something like: > > 3) How do we detect the port num of Rxring/Txring of the vhost port? Sorry, I didn't understand. fbl ___ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
Re: [ovs-dev] [PATCH 1/4] tests: Fix banner name for ovn-sbctl.
On Thu, Sep 03, 2015 at 02:46:59PM -0700, Justin Pettit wrote: > Signed-off-by: Justin Pettit Acked-by: Ben Pfaff ___ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
[ovs-dev] [PATCH 2/2] ovs-router: include ovs-router.h as first header
Signed-off-by: Thadeu Lima de Souza Cascardo --- lib/ovs-router.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/ovs-router.c b/lib/ovs-router.c index d4a5c35..7493c79 100644 --- a/lib/ovs-router.c +++ b/lib/ovs-router.c @@ -14,6 +14,8 @@ * limitations under the License. */ +#include "ovs-router.h" + #include #include #include @@ -34,7 +36,6 @@ #include "netdev.h" #include "packets.h" #include "seq.h" -#include "ovs-router.h" #include "ovs-thread.h" #include "route-table.h" #include "unixctl.h" -- 2.4.3 ___ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
[ovs-dev] [PATCH 1/2] ovs-router: add missing ds_destroy after ds was put
Signed-off-by: Thadeu Lima de Souza Cascardo
---
lib/ovs-router.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/lib/ovs-router.c b/lib/ovs-router.c
index df55bb4..d4a5c35 100644
--- a/lib/ovs-router.c
+++ b/lib/ovs-router.c
@@ -278,6 +278,7 @@ ovs_router_lookup_cmd(struct unixctl_conn *conn, int argc
OVS_UNUSED,
ds_put_format(&ds, "gateway " IP_FMT "\n", IP_ARGS(gw));
ds_put_format(&ds, "dev %s\n", iface);
unixctl_command_reply(conn, ds_cstr(&ds));
+ds_destroy(&ds);
} else {
unixctl_command_reply(conn, "Not found");
}
--
2.4.3
___
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev
[ovs-dev] [PATCH] ovn: Document supported predicates.
ovn-sb(5) discussed that predicates are supported and described what
they were. It did not list the predicates that are defined for OVN
matches. This patch lists the supported predicates and what they
expand to.
Signed-off-by: Russell Bryant
---
ovn/ovn-sb.xml | 21 +
1 file changed, 21 insertions(+)
diff --git a/ovn/ovn-sb.xml b/ovn/ovn-sb.xml
index 8102eb3..b6b3fef 100644
--- a/ovn/ovn-sb.xml
+++ b/ovn/ovn-sb.xml
@@ -690,6 +690,27 @@
nd.target nd.sll nd.tll
+
+The following predicates are supported:
+
+
+
+vlan.present expands to vlan.tci[12]
+ip4 expands to eth.type == 0x800
+ip6 expands to eth.type == 0x86dd
+ip expands to ip4 || ip6
+icmp4 expands to ip4 && ip.proto ==
1
+icmp6 expands to ip6 && ip.proto ==
58
+icmp expands to icmp4 || icmp6
+ip.is_frag expands to ip.frag[0]
+ip.later_frag expands to ip.frag[1]
+ip.first_frag expands to ip.is_frag &&
!ip.later_frag
+arp expands to eth.type == 0x806
+nd expands to icmp6.type == {135, 136}
&& icmp6.code == 0
+tcp expands to ip.proto == 6
+udp expands to ip.proto == 17
+sctp expands to ip.proto == 132
+
--
2.4.3
___
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev
Re: [ovs-dev] [PATCH 2/4] tests: Group the OVN tests together.
On Thu, Sep 03, 2015 at 02:47:00PM -0700, Justin Pettit wrote: > Signed-off-by: Justin Pettit Acked-by: Ben Pfaff ___ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
Re: [ovs-dev] [PATCH 3/4] ovn-nbctl: Sort output of most commands.
On Thu, Sep 03, 2015 at 02:47:01PM -0700, Justin Pettit wrote: > This will be helpful for unit tests. > > Signed-off-by: Justin Pettit I don't understand why this commit changes do_lport_get_macs() and do_lport_get_port_security(), since the changes appear to be no-ops. Did you omit the code to sort them? ___ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
Re: [ovs-dev] [PATCH 4/4] tests: Add unit tests for ovn-nbctl.
On Thu, Sep 03, 2015 at 02:47:02PM -0700, Justin Pettit wrote: > Signed-off-by: Justin Pettit Thanks for writing tests! Acked-by: Ben Pfaff ___ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
Re: [ovs-dev] [PATCH] INSTALL.DPDK: Fix a typo.
On Fri, Sep 04, 2015 at 10:46:58AM -0400, Russell Bryant wrote: > I started by just fixing s/expect/expects/ and made a couple more > tweaks to the short paragraph while I was in there. > > Signed-off-by: Russell Bryant Applied to master, thanks! ___ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
Re: [ovs-dev] [PATCH] datapath-windows: check vport attribute before access
Acked-by: Sairam Venugopal
On 9/3/15, 7:01 AM, "Nithin Raju" wrote:
>OVS_VPORT_ATTR_OPTIONS being an optional attribute should be
>preceded by a check for valid value before access.
>
>Signed-off-by: Nithin Raju
>---
> datapath-windows/ovsext/Vport.c | 10 ++
> 1 file changed, 6 insertions(+), 4 deletions(-)
>
>diff --git a/datapath-windows/ovsext/Vport.c
>b/datapath-windows/ovsext/Vport.c
>index 6b74ec2..dd615e4 100644
>--- a/datapath-windows/ovsext/Vport.c
>+++ b/datapath-windows/ovsext/Vport.c
>@@ -2177,10 +2177,12 @@ OvsNewVportCmdHandler(POVS_USER_PARAMS_CONTEXT
>usrParamsCtx,
> break;
> }
>
>-PNL_ATTR attr =
>NlAttrFindNested(vportAttrs[OVS_VPORT_ATTR_OPTIONS],
>- OVS_TUNNEL_ATTR_DST_PORT);
>-if (attr) {
>-transportPortDest = NlAttrGetU16(attr);
>+if (vportAttrs[OVS_VPORT_ATTR_OPTIONS]) {
>+PNL_ATTR attr =
>NlAttrFindNested(vportAttrs[OVS_VPORT_ATTR_OPTIONS],
>+
>OVS_TUNNEL_ATTR_DST_PORT);
>+if (attr) {
>+transportPortDest = NlAttrGetU16(attr);
>+}
> }
>
> status = OvsInitTunnelVport(usrParamsCtx,
>--
>1.8.5.6
>
>___
>dev mailing list
>dev@openvswitch.org
>https://urldefense.proofpoint.com/v2/url?u=http-3A__openvswitch.org_mailma
>n_listinfo_dev&d=BQIGaQ&c=Sqcl0Ez6M0X8aeM67LKIiDJAXVeAw-YihVMNtXt-uEs&r=Dc
>ruz40PROJ40ROzSpxyQSLw6fcrOWpJgEcEmNR3JEQ&m=M6HsLmOuYm_fYoAFouyGOA8j2eLADC
>Xwt6z5nSZ_nig&s=OhvXMw1uly8zT4V_RJmeHY9zTieLgVoooGIzOIN7nRU&e=
___
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev
Re: [ovs-dev] [PATCH] ovn: Document supported predicates.
On Fri, Sep 04, 2015 at 01:46:30PM -0400, Russell Bryant wrote: > ovn-sb(5) discussed that predicates are supported and described what > they were. It did not list the predicates that are defined for OVN > matches. This patch lists the supported predicates and what they > expand to. > > Signed-off-by: Russell Bryant Thanks for improving the documentation! Applied to master. ___ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
Re: [ovs-dev] [PATCH] datapath-windows: check vport attribute before access
Thanks Nithin and Sairam, applied to master and branch-2.4.
On Fri, Sep 04, 2015 at 06:01:19PM +, Sairam Venugopal wrote:
> Acked-by: Sairam Venugopal
>
>
> On 9/3/15, 7:01 AM, "Nithin Raju" wrote:
>
> >OVS_VPORT_ATTR_OPTIONS being an optional attribute should be
> >preceded by a check for valid value before access.
> >
> >Signed-off-by: Nithin Raju
> >---
> > datapath-windows/ovsext/Vport.c | 10 ++
> > 1 file changed, 6 insertions(+), 4 deletions(-)
> >
> >diff --git a/datapath-windows/ovsext/Vport.c
> >b/datapath-windows/ovsext/Vport.c
> >index 6b74ec2..dd615e4 100644
> >--- a/datapath-windows/ovsext/Vport.c
> >+++ b/datapath-windows/ovsext/Vport.c
> >@@ -2177,10 +2177,12 @@ OvsNewVportCmdHandler(POVS_USER_PARAMS_CONTEXT
> >usrParamsCtx,
> > break;
> > }
> >
> >-PNL_ATTR attr =
> >NlAttrFindNested(vportAttrs[OVS_VPORT_ATTR_OPTIONS],
> >- OVS_TUNNEL_ATTR_DST_PORT);
> >-if (attr) {
> >-transportPortDest = NlAttrGetU16(attr);
> >+if (vportAttrs[OVS_VPORT_ATTR_OPTIONS]) {
> >+PNL_ATTR attr =
> >NlAttrFindNested(vportAttrs[OVS_VPORT_ATTR_OPTIONS],
> >+
> >OVS_TUNNEL_ATTR_DST_PORT);
> >+if (attr) {
> >+transportPortDest = NlAttrGetU16(attr);
> >+}
> > }
> >
> > status = OvsInitTunnelVport(usrParamsCtx,
> >--
> >1.8.5.6
> >
> >___
> >dev mailing list
> >dev@openvswitch.org
> >https://urldefense.proofpoint.com/v2/url?u=http-3A__openvswitch.org_mailma
> >n_listinfo_dev&d=BQIGaQ&c=Sqcl0Ez6M0X8aeM67LKIiDJAXVeAw-YihVMNtXt-uEs&r=Dc
> >ruz40PROJ40ROzSpxyQSLw6fcrOWpJgEcEmNR3JEQ&m=M6HsLmOuYm_fYoAFouyGOA8j2eLADC
> >Xwt6z5nSZ_nig&s=OhvXMw1uly8zT4V_RJmeHY9zTieLgVoooGIzOIN7nRU&e=
>
> ___
> dev mailing list
> dev@openvswitch.org
> http://openvswitch.org/mailman/listinfo/dev
___
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev
Re: [ovs-dev] [PATCH] FAQ: mention about plotnetcfg tool
On Thu, Sep 03, 2015 at 11:53:17AM -0300, Flavio Leitner wrote: > The plotnetcfg is an open source tool to visualy represent > relationship between network interfaces on a single host. > > It helps to understand the path of a packet on a host. > > Signed-off-by: Flavio Leitner Applied to master, thanks! I hadn't run into this tool before. It looks useful. ___ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
Re: [ovs-dev] [PATCH] sandbox: Include vtep dir into the sandbox path
On Thu, Sep 03, 2015 at 01:08:13PM -0400, Russell Bryant wrote: > On 09/03/2015 01:02 PM, majop...@redhat.com wrote: > > From: Miguel Angel Ajo > > > > Otherwise the built vtep-ctl is not available from the > > sandbox command line. > > > > Signed-off-by: Miguel Angel Ajo > > Thanks! > > Acked-by: Russell Bryant Applied, thanks Miguel and Russell! ___ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
Re: [ovs-dev] [PATCH] datapath-windows: Tunnel filter initialization check
Hi Ben, Could you please apply this patch to master and branch-2.4? Thanks, Sorin -Original Message- From: Nithin Raju [mailto:nit...@vmware.com] Sent: Thursday, 3 September, 2015 17:18 To: Sorin Vinturis Cc: dev@openvswitch.org Subject: Re: [ovs-dev] [PATCH] datapath-windows: Tunnel filter initialization check > On Sep 2, 2015, at 9:30 AM, Sorin Vinturis > wrote: > > Verify if the tunnel filter is initialized before submitting requests. > > Signed-off-by: Sorin Vinturis > Reported-by: Sorin Vinturis > Reported-at: > https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_openvswitch_ovs-2Dissues_issues_100&d=BQIGaQ&c=Sqcl0Ez6M0X8aeM67LKIiDJAXVeAw-YihVMNtXt-uEs&r=pNHQcdr7B40b4h6Yb7FIedI1dnBsxdDuTLBYD3JqV80&m=2nGvmsCDTDdyyhZa0oS-VW5I3bR194bTi04ou3j5KFM&s=3X78mGHEeExIP5hrcxN61x8Um8RhohMBCPWD7cnK4-Q&e= > Acked-by: Nithin Raju ___ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
Re: [ovs-dev] [PATCH v2] datapath-windows: Add corresponding tag for tunnel context allocations
Hi Ben,
Could you please apply this patch to master and branch-2.4?
Thanks,
Sorin
-Original Message-
From: dev [mailto:dev-boun...@openvswitch.org] On Behalf Of Sorin Vinturis
Sent: Wednesday, 2 September, 2015 19:45
To: dev@openvswitch.org
Subject: [ovs-dev] [PATCH v2] datapath-windows: Add corresponding tag for
tunnel context allocations
Signed-off-by: Sorin Vinturis
Acked-by: Nithin Raju
---
datapath-windows/ovsext/Vport.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/datapath-windows/ovsext/Vport.c b/datapath-windows/ovsext/Vport.c
index 6b74ec2..cdb434c 100644
--- a/datapath-windows/ovsext/Vport.c
+++ b/datapath-windows/ovsext/Vport.c
@@ -1267,7 +1267,8 @@ OvsRemoveTunnelVport(POVS_USER_PARAMS_CONTEXT
usrParamsCtx,
POVS_TUNFLT_INIT_CONTEXT tunnelContext = NULL;
PIRP irp = NULL;
-tunnelContext = OvsAllocateMemory(sizeof(*tunnelContext));
+tunnelContext = OvsAllocateMemoryWithTag(sizeof(*tunnelContext),
+ OVS_VPORT_POOL_TAG);
if (tunnelContext == NULL) {
return STATUS_INSUFFICIENT_RESOURCES;
}
--
1.9.0.msysgit.0
___
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev
___
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev
Re: [ovs-dev] [PATCH v2] datapath-windows: New tag for tunnel filter pool allocations
Hi Ben,
Could you please apply this patch to master and branch-2.4?
Thanks,
Sorin
-Original Message-
From: dev [mailto:dev-boun...@openvswitch.org] On Behalf Of Sorin Vinturis
Sent: Wednesday, 2 September, 2015 19:44
To: dev@openvswitch.org
Subject: [ovs-dev] [PATCH v2] datapath-windows: New tag for tunnel filter pool
allocations
All memory allocations within tunnel filter code have 'WSVO' pool tag.
Signed-off-by: Sorin Vinturis
Acked-by: Nithin Raju
---
datapath-windows/ovsext/TunnelFilter.c | 4 +++-
datapath-windows/ovsext/Util.h | 1 +
2 files changed, 4 insertions(+), 1 deletion(-)
diff --git a/datapath-windows/ovsext/TunnelFilter.c
b/datapath-windows/ovsext/TunnelFilter.c
index a359cac..8bff27a 100644
--- a/datapath-windows/ovsext/TunnelFilter.c
+++ b/datapath-windows/ovsext/TunnelFilter.c
@@ -1446,7 +1446,9 @@ OvsTunnelFilterQueueRequest(PIRP irp,
break;
}
-request = (POVS_TUNFLT_REQUEST) OvsAllocateMemory(sizeof(*request));
+request = (POVS_TUNFLT_REQUEST)
+OvsAllocateMemoryWithTag(sizeof(*request),
+ OVS_TUNFLT_POOL_TAG);
if (NULL == request) {
OVS_LOG_ERROR("Failed to allocate list item.");
status = STATUS_INSUFFICIENT_RESOURCES; diff --git
a/datapath-windows/ovsext/Util.h b/datapath-windows/ovsext/Util.h index
e3f9ede..0bbc52b 100644
--- a/datapath-windows/ovsext/Util.h
+++ b/datapath-windows/ovsext/Util.h
@@ -34,6 +34,7 @@
#define OVS_USER_POOL_TAG 'USVO'
#define OVS_VPORT_POOL_TAG 'PSVO'
#define OVS_STT_POOL_TAG'RSVO'
+#define OVS_TUNFLT_POOL_TAG 'WSVO'
VOID *OvsAllocateMemory(size_t size);
VOID *OvsAllocateMemoryWithTag(size_t size, ULONG tag);
--
1.9.0.msysgit.0
___
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev
___
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev
Re: [ovs-dev] [PATCH 3/4] ovn-nbctl: Sort output of most commands.
> On Sep 4, 2015, at 10:54 AM, Ben Pfaff wrote: > > On Thu, Sep 03, 2015 at 02:47:01PM -0700, Justin Pettit wrote: >> This will be helpful for unit tests. >> >> Signed-off-by: Justin Pettit > > I don't understand why this commit changes do_lport_get_macs() and > do_lport_get_port_security(), since the changes appear to be no-ops. > Did you omit the code to sort them? D'oh. Forgot to call svec_sort(). I'll send out a v2 in a minute. --Justin ___ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
[ovs-dev] [PATCHv2] ovn-nbctl: Sort output of most commands.
This will be helpful for unit tests.
Signed-off-by: Justin Pettit
---
v1->v2: Actually sort the macs and port security addresses.
---
ovn/utilities/ovn-nbctl.c | 51 ++--
1 files changed, 44 insertions(+), 7 deletions(-)
diff --git a/ovn/utilities/ovn-nbctl.c b/ovn/utilities/ovn-nbctl.c
index 0bdb3a3..d095df1 100644
--- a/ovn/utilities/ovn-nbctl.c
+++ b/ovn/utilities/ovn-nbctl.c
@@ -25,8 +25,10 @@
#include "ovn/lib/ovn-nb-idl.h"
#include "poll-loop.h"
#include "process.h"
+#include "smap.h"
#include "stream.h"
#include "stream-ssl.h"
+#include "svec.h"
#include "util.h"
#include "openvswitch/vlog.h"
@@ -217,11 +219,20 @@ do_lswitch_list(struct ovs_cmdl_context *ctx)
{
struct nbctl_context *nb_ctx = ctx->pvt;
const struct nbrec_logical_switch *lswitch;
+struct smap lswitches;
+smap_init(&lswitches);
NBREC_LOGICAL_SWITCH_FOR_EACH(lswitch, nb_ctx->idl) {
-printf(UUID_FMT " (%s)\n",
- UUID_ARGS(&lswitch->header_.uuid), lswitch->name);
+smap_add_format(&lswitches, lswitch->name, UUID_FMT " (%s)",
+UUID_ARGS(&lswitch->header_.uuid), lswitch->name);
}
+const struct smap_node **nodes = smap_sort(&lswitches);
+for (size_t i = 0; i < smap_count(&lswitches); i++) {
+const struct smap_node *node = nodes[i];
+printf("%s\n", node->value);
+}
+smap_destroy(&lswitches);
+free(nodes);
}
static void
@@ -408,17 +419,27 @@ do_lport_list(struct ovs_cmdl_context *ctx)
struct nbctl_context *nb_ctx = ctx->pvt;
const char *id = ctx->argv[1];
const struct nbrec_logical_switch *lswitch;
+struct smap lports;
+size_t i;
lswitch = lswitch_by_name_or_uuid(nb_ctx, id);
if (!lswitch) {
return;
}
-for (size_t i = 0; i < lswitch->n_ports; i++) {
+smap_init(&lports);
+for (i = 0; i < lswitch->n_ports; i++) {
const struct nbrec_logical_port *lport = lswitch->ports[i];
-printf(UUID_FMT " (%s)\n",
- UUID_ARGS(&lport->header_.uuid), lport->name);
+smap_add_format(&lports, lport->name, UUID_FMT " (%s)",
+UUID_ARGS(&lport->header_.uuid), lport->name);
}
+const struct smap_node **nodes = smap_sort(&lports);
+for (i = 0; i < smap_count(&lports); i++) {
+const struct smap_node *node = nodes[i];
+printf("%s\n", node->value);
+}
+smap_destroy(&lports);
+free(nodes);
}
static void
@@ -532,6 +553,8 @@ do_lport_get_macs(struct ovs_cmdl_context *ctx)
struct nbctl_context *nb_ctx = ctx->pvt;
const char *id = ctx->argv[1];
const struct nbrec_logical_port *lport;
+struct svec macs;
+const char *mac;
size_t i;
lport = lport_by_name_or_uuid(nb_ctx, id);
@@ -539,9 +562,15 @@ do_lport_get_macs(struct ovs_cmdl_context *ctx)
return;
}
+svec_init(&macs);
for (i = 0; i < lport->n_macs; i++) {
-printf("%s\n", lport->macs[i]);
+svec_add(&macs, lport->macs[i]);
+}
+svec_sort(&macs);
+SVEC_FOR_EACH(i, mac, &macs) {
+printf("%s\n", mac);
}
+svec_destroy(&macs);
}
static void
@@ -566,6 +595,8 @@ do_lport_get_port_security(struct ovs_cmdl_context *ctx)
struct nbctl_context *nb_ctx = ctx->pvt;
const char *id = ctx->argv[1];
const struct nbrec_logical_port *lport;
+struct svec addrs;
+const char *addr;
size_t i;
lport = lport_by_name_or_uuid(nb_ctx, id);
@@ -573,9 +604,15 @@ do_lport_get_port_security(struct ovs_cmdl_context *ctx)
return;
}
+svec_init(&addrs);
for (i = 0; i < lport->n_port_security; i++) {
-printf("%s\n", lport->port_security[i]);
+svec_add(&addrs, lport->port_security[i]);
+}
+svec_sort(&addrs);
+SVEC_FOR_EACH(i, addr, &addrs) {
+printf("%s\n", addr);
}
+svec_destroy(&addrs);
}
static void
--
1.7.5.4
___
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev
[ovs-dev] [PATCH] .travis.yml: Direct email notifications to ovs-build without encryption.
Maybe it'll work, this way. Signed-off-by: Ben Pfaff --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 70cc14b..d14f786 100644 --- a/.travis.yml +++ b/.travis.yml @@ -28,4 +28,4 @@ script: ./.travis/build.sh $OPTS notifications: email: recipients: - - secure: KnZ6yDXDcC4VoiI04ZYR4sRTln7q16aXA7gVBa/M1jPWxl3BiTi+4idVE5bgrB1AK5iUwUXN6LQpjOdFDw1U/D+sKt+xmVG5MyLaTYIFp1TUOgtSGeiG3IUhpu125PN1i2EhXNqANyWyStCiISDvJkDe4D/tbBehip1AEBuQONk= + - bu...@openvswitch.org -- 2.1.3 ___ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
Re: [ovs-dev] [PATCHv2] ovn-nbctl: Sort output of most commands.
On Fri, Sep 04, 2015 at 01:21:59PM -0700, Justin Pettit wrote: > This will be helpful for unit tests. > > Signed-off-by: Justin Pettit > --- > v1->v2: Actually sort the macs and port security addresses. Acked-by: Ben Pfaff ___ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
Re: [ovs-dev] [PATCH] tnl-ports: Add destination IP and MAC address to the match.
On Wed, Sep 02, 2015 at 09:03:15PM -0700, Pravin B Shelar wrote: > Currently tnl-port table wildcard destination ip and mac addresses > for given tunnel packet. That could result accepting tunnel > packets destined for other hosts. Following patch adds > support for matching for ip and mac address. > IP address upates to tnl-port table are piggybacked on > ovs-router updates. > > Reported-by: Ben Pfaff > Signed-off-by: Pravin B Shelar When I substitute this for my patch "ovn-controller: Attach local_ip to each tunnel." in my series at https://github.com/blp/ovs-reviews/tree/ovn-sandbox4, or if I use the two together, I get tons of dropped packets in the test that that series adds. With just my patch, it passes consistently. I haven't read the code in this patch yet. I'll try to figure what's happening. Thanks, Ben. ___ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
[ovs-dev] [PATCH 0/3] Fix a number of compilation errors
This change should fix a few compilation errors that recently cropped up on the Travis-CI builds, making the Travis-CI builds successful again. See the travis build at: https://travis-ci.org/orgcandman/ovs/builds/78823232 Aaron Conole (3): Very pleased to make this change request. Commit 74ff3298c880 introduced a compilation issue due to a bad unsigned 64-bit constant, as well as an implicit narrow. The netdev-dpdk uses the struct ether_addr rather than struct eth_addr internal ovs datatype. AUTHORS | 2 +- lib/netdev-dpdk.c | 4 ++-- lib/packets.h | 8 +--- tests/test-aa.c | 2 +- 4 files changed, 9 insertions(+), 7 deletions(-) -- 1.8.3.1 ___ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
[ovs-dev] [PATCH 1/3] Very pleased to make this change request.
Signed-off-by: Aaron Conole --- AUTHORS | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/AUTHORS b/AUTHORS index 6c0989a..c532788 100644 --- a/AUTHORS +++ b/AUTHORS @@ -1,7 +1,7 @@ The following people authored or signed off on commits in the Open vSwitch source code or webpage version control repository. -Aaron Conoleaa...@bytheb.org +Aaron Conoleacon...@redhat.com Aaron Rosen aro...@clemson.edu Alexander Duyck alexander.h.du...@redhat.com Alexandru Copot alex.miha...@gmail.com -- 1.8.3.1 ___ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
[ovs-dev] [PATCH 3/3] The netdev-dpdk uses the struct ether_addr rather than struct eth_addr internal ovs datatype.
To facilitate using either the .ea OR the struct ether_addr.addr_bytes argument for printing/logging, add a new ETH_ADDR_BYTES_ARG() define. Signed-off-by: Aaron Conole --- lib/netdev-dpdk.c | 4 ++-- lib/packets.h | 4 +++- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/lib/netdev-dpdk.c b/lib/netdev-dpdk.c index 4ce0a1e..de8256e 100644 --- a/lib/netdev-dpdk.c +++ b/lib/netdev-dpdk.c @@ -524,9 +524,9 @@ dpdk_eth_dev_init(struct netdev_dpdk *dev) OVS_REQUIRES(dpdk_mutex) memset(ð_addr, 0x0, sizeof(eth_addr)); rte_eth_macaddr_get(dev->port_id, ð_addr); VLOG_INFO_RL(&rl, "Port %d: "ETH_ADDR_FMT"", -dev->port_id, ETH_ADDR_ARGS(eth_addr.addr_bytes)); +dev->port_id, ETH_ADDR_BYTES_ARG(eth_addr.addr_bytes)); -memcpy(dev->hwaddr, eth_addr.addr_bytes, ETH_ADDR_LEN); +memcpy(dev->hwaddr.ea, eth_addr.addr_bytes, ETH_ADDR_LEN); rte_eth_link_get_nowait(dev->port_id, &dev->link); mbp_priv = rte_mempool_get_priv(dev->dpdk_mp->mp); diff --git a/lib/packets.h b/lib/packets.h index a4f6383..b700e4b 100644 --- a/lib/packets.h +++ b/lib/packets.h @@ -324,7 +324,9 @@ ovs_be32 set_mpls_lse_values(uint8_t ttl, uint8_t tc, uint8_t bos, #define ETH_ADDR_SCAN_FMT "%"SCNx8":%"SCNx8":%"SCNx8":%"SCNx8":%"SCNx8":%"SCNx8 #define ETH_ADDR_SCAN_ARGS(EA) \ &(EA).ea[0], &(EA).ea[1], &(EA).ea[2], &(EA).ea[3], &(EA).ea[4], &(EA).ea[5] - +#define ETH_ADDR_BYTES_ARG(EAB) \ + EAB[0], EAB[1], EAB[2], EAB[3], EAB[4], EAB[5] + #define ETH_TYPE_IP0x0800 #define ETH_TYPE_ARP 0x0806 #define ETH_TYPE_TEB 0x6558 -- 1.8.3.1 ___ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
[ovs-dev] [PATCH 2/3] Commit 74ff3298c880 introduced a compilation issue due to a bad unsigned 64-bit constant, as well as an implicit narrow.
This commit uses the C99 ULL suffix to tell the compiler to treat the
constant as 64-bits, and also masks portions of the uint64_t argument to
the htons() calls to avoid compiler errors.
Signed-off-by: Aaron Conole
---
lib/packets.h | 4 ++--
tests/test-aa.c | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/lib/packets.h b/lib/packets.h
index fd235dc..a4f6383 100644
--- a/lib/packets.h
+++ b/lib/packets.h
@@ -230,8 +230,8 @@ static inline uint64_t eth_addr_vlan_to_uint64(const struct
eth_addr ea,
static inline void eth_addr_from_uint64(uint64_t x, struct eth_addr *ea)
{
ea->be16[0] = htons(x >> 32);
-ea->be16[1] = htons(x >> 16);
-ea->be16[2] = htons(x);
+ea->be16[1] = htons((x & 0x) >> 16);
+ea->be16[2] = htons(x & 0x);
}
static inline struct eth_addr eth_addr_invert(const struct eth_addr src)
diff --git a/tests/test-aa.c b/tests/test-aa.c
index 0b0e256..2da572d 100644
--- a/tests/test-aa.c
+++ b/tests/test-aa.c
@@ -153,7 +153,7 @@ test_aa_send(void)
hardware.h_lport.p_element.type =
LLDP_TLV_AA_ELEM_TYPE_CLIENT_VIRTUAL_SWITCH;
hardware.h_lport.p_element.mgmt_vlan = 0xCDC;
-eth_addr_from_uint64(0x010203040506,
+eth_addr_from_uint64(0x010203040506ULL,
&hardware.h_lport.p_element.system_id.system_mac);
hardware.h_lport.p_element.system_id.conn_type = 0x5;
--
1.8.3.1
___
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev
Re: [ovs-dev] [PATCH] tnl-ports: Add destination IP and MAC address to the match.
On Fri, Sep 4, 2015 at 1:50 PM, Ben Pfaff wrote: > On Wed, Sep 02, 2015 at 09:03:15PM -0700, Pravin B Shelar wrote: >> Currently tnl-port table wildcard destination ip and mac addresses >> for given tunnel packet. That could result accepting tunnel >> packets destined for other hosts. Following patch adds >> support for matching for ip and mac address. >> IP address upates to tnl-port table are piggybacked on >> ovs-router updates. >> >> Reported-by: Ben Pfaff >> Signed-off-by: Pravin B Shelar > > When I substitute this for my patch "ovn-controller: Attach local_ip to > each tunnel." in my series at > https://github.com/blp/ovs-reviews/tree/ovn-sandbox4, or if I use the > two together, I get tons of dropped packets in the test that that series > adds. With just my patch, it passes consistently. > > I haven't read the code in this patch yet. I'll try to figure what's > happening. > I guess it is missing /32 route for the interface ip-address. On Linux every net-device has this route set. for example if you configure 1.1.1.1 on br0, there would be a route 1.1.1.1/32. This route is used to configure tnl-port table ip-address. If that does not exist then OVS will drop these packet. So for ovs-dummy netdevices you need to explicitly set these entries in ovs-router, so that tnl-port table can use it. You can have look at diff for tests/tunnel-push-pop.at. ___ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
[ovs-dev] Example of Neutron security groups as OVN ACLs
I've been working on Neutron security groups for OVN a bit this week and
have the first rough cut "working" (it does something, at least). Right
now it only creates ACLs on neutron port creation. I have to go back
and add cleanup, handle when ports or security groups get updated after
they are created, ...
Anyway, I definitely found myself getting confused with Neutron's SG
ingress vs. egress, OVN ACL direction inbound vs. outbound, and when to
use OVN inport and outport associated with each. So, here's the
simplest example. Let me know which part doesn't match what you'd
expect, because surely I've got something backwards.
The "default" security group created by Neutron is this:
> $ neutron security-group-list
> +--+-+--+
> | id | name| security_group_rules
> |
> +--+-+--+
> | b5e2bd3c-241d-41f8-b883-1586955078c0 | default | egress, IPv4
> |
> | | | egress, IPv6
> |
> | | | ingress, IPv4,
> remote_group_id: b5e2bd3c-241d-41f8-b883-1586955078c0 |
> | | | ingress, IPv6,
> remote_group_id: b5e2bd3c-241d-41f8-b883-1586955078c0 |
> +--+-+--+
(To make it easier to talk about direction, I'm going to talk about the
perspective of a VM.)
What this means is that all outgoing IPv4 and IPv6 traffic from a VM
should be allowed. Incoming IPv4 and IPv6 traffic to a VM that
originated from another VM using the same security group is allowed.
VMs can talk to the world and each other, but the world is not allowed
to talk to the VMs.
The Neutron plugin creates ACLs with 2 priorities. The numbers are
arbitrary. It just needs 2 of them. It uses 1001 to create default
drop rules. It then adds a rule with a priority of 1000 for each
allow-related rule.
The default drop rules look like this (the quote escaping is done by the
output of ovsdb-client):
ACL:
priority: 1001
direction: inbound
action: drop
external_ids: {"neutron:lport"="9d0876ea-9191-4d75-83b4-7e20b6d7ad11"}
match: "outport == \"9d0876ea-9191-4d75-83b4-7e20b6d7ad11\""
ACL:
priority: 1001
direction: outbound
action: drop
external_ids: {"neutron:lport"="9d0876ea-9191-4d75-83b4-7e20b6d7ad11"}
match: "inport == \"9d0876ea-9191-4d75-83b4-7e20b6d7ad11\""
The 4 ACL entries here correspond to the 4 security group rules
associated with the "default" security group as shown in the output of
"neutron security-group-list" above.
ACL:
priority: 1000
direction outbound
action: allow-related
external_ids: {"neutron:lport"="9d0876ea-9191-4d75-83b4-7e20b6d7ad11"}
match: "inport == \"9d0876ea-9191-4d75-83b4-7e20b6d7ad11\" && ip4"
ACL:
priority: 1000
direction outbound
action: allow-related
external_ids: {"neutron:lport"="9d0876ea-9191-4d75-83b4-7e20b6d7ad11"}
match: "inport == \"9d0876ea-9191-4d75-83b4-7e20b6d7ad11\" && ip6"
(Note that the set of UUIDs is the set of ports that use the same
security group.)
ACL:
priority: 1000
direction inbound
action: allow-related
external_ids: {"neutron:lport"="9d0876ea-9191-4d75-83b4-7e20b6d7ad11"}
match: "outport == \"9d0876ea-9191-4d75-83b4-7e20b6d7ad11\" && ip4 &&
inport ==
{\"192e5d75-2aac-4213-8bea-81d1322b3ed2\",\"1e6355f5-b6e4-43e3-8e89-aac1836424f8\",\"474febf6-0b68-4807-add7-32fd0de61ff6\",\"5fc806a5-e909-40a7-b037-9d50242596a5\",\"6fdfc7ed-94b9-4be2-92cd-ba56c0c07b3c\",\"9d0876ea-9191-4d75-83b4-7e20b6d7ad11\",\"a6474b44-c091-4be5-a19c-aee8f7529d72\",\"a708bf55-aff7-4cc9-baf4-cc6f7a73e0ca\",\"c092c75d-a342-4f55-b421-c00e15cb4872\",\"d770254e-cc0d-4951-8040-cb7c1fec6961\",\"daceec7d-03db-4f1b-83a3-8a3621693e47\",\"dda41f17-9d8d-4064-8ef5-fd139dc49172\",\"f96a2351-b604-43b0-a34f-54fd861edfc9\"}"
ACL:
priority: 1000
direction inbound
action: allow-related
external_ids: {"neutron:lport"="9d0876ea-9191-4d75-83b4-7e20b6d7ad11"}
match: "outport == \"9d0876ea-9191-4d75-83b4-7e20b6d7ad11\" && ip6 &&
inport ==
{\"192e5d75-2aac-4213-8bea-81d1322b3ed2\",\"1e6355f5-b6e4-43e3-8e89-aac1836424f8\",\"474febf6-0b68-4807-add7-32fd0de61ff6\",\"5fc806a5-e909-40a7-b037-9d50242596a5\",\"6fdfc7ed-94b9-4be2-92cd-ba56c0c07b3c\",\"9d0876ea-9191-4d75-83b4-7e20b6d7ad11\",\"a6474b44-c091-4be5-a19c-aee8f7529d72\",\"a708bf55-aff7-4cc9-baf4-cc6f7a73e0ca\",\"c092c75d-a342-4f55-b421-c00e15cb4872\",\"d770254e-cc0d-4951-8040-cb7c1fec6961\",\"daceec7d-03db-4f1b-83a3-8a3621693e47\",\"dda41f17-9d8d-4064-8ef5-fd139dc49172\",\"f96a2351-b
Re: [ovs-dev] [PATCHv2] ovn-nbctl: Sort output of most commands.
> On Sep 4, 2015, at 1:28 PM, Ben Pfaff wrote: > > On Fri, Sep 04, 2015 at 01:21:59PM -0700, Justin Pettit wrote: >> This will be helpful for unit tests. >> >> Signed-off-by: Justin Pettit >> --- >> v1->v2: Actually sort the macs and port security addresses. > > Acked-by: Ben Pfaff Thanks. I pushed the series. --Justin ___ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
Re: [ovs-dev] [PATCH] .travis.yml: Direct email notifications to ovs-build without encryption.
Sure... Acked-by: Justin Pettit --Justin > On Sep 4, 2015, at 1:27 PM, Ben Pfaff wrote: > > Maybe it'll work, this way. > > Signed-off-by: Ben Pfaff > --- > .travis.yml | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/.travis.yml b/.travis.yml > index 70cc14b..d14f786 100644 > --- a/.travis.yml > +++ b/.travis.yml > @@ -28,4 +28,4 @@ script: ./.travis/build.sh $OPTS > notifications: > email: > recipients: > - - secure: > KnZ6yDXDcC4VoiI04ZYR4sRTln7q16aXA7gVBa/M1jPWxl3BiTi+4idVE5bgrB1AK5iUwUXN6LQpjOdFDw1U/D+sKt+xmVG5MyLaTYIFp1TUOgtSGeiG3IUhpu125PN1i2EhXNqANyWyStCiISDvJkDe4D/tbBehip1AEBuQONk= > + - bu...@openvswitch.org > -- > 2.1.3 > > ___ > dev mailing list > dev@openvswitch.org > http://openvswitch.org/mailman/listinfo/dev ___ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
Re: [ovs-dev] [PATCH] tnl-ports: Add destination IP and MAC address to the match.
On Fri, Sep 04, 2015 at 02:02:56PM -0700, Pravin Shelar wrote: > On Fri, Sep 4, 2015 at 1:50 PM, Ben Pfaff wrote: > > On Wed, Sep 02, 2015 at 09:03:15PM -0700, Pravin B Shelar wrote: > >> Currently tnl-port table wildcard destination ip and mac addresses > >> for given tunnel packet. That could result accepting tunnel > >> packets destined for other hosts. Following patch adds > >> support for matching for ip and mac address. > >> IP address upates to tnl-port table are piggybacked on > >> ovs-router updates. > >> > >> Reported-by: Ben Pfaff > >> Signed-off-by: Pravin B Shelar > > > > When I substitute this for my patch "ovn-controller: Attach local_ip to > > each tunnel." in my series at > > https://github.com/blp/ovs-reviews/tree/ovn-sandbox4, or if I use the > > two together, I get tons of dropped packets in the test that that series > > adds. With just my patch, it passes consistently. > > > > I haven't read the code in this patch yet. I'll try to figure what's > > happening. > > > > I guess it is missing /32 route for the interface ip-address. > On Linux every net-device has this route set. for example if you > configure 1.1.1.1 on br0, there would be a route 1.1.1.1/32. This > route is used to configure tnl-port table ip-address. If that does not > exist then OVS will drop these packet. > So for ovs-dummy netdevices you need to explicitly set these entries > in ovs-router, so that tnl-port table can use it. You can have look at > diff for tests/tunnel-push-pop.at. OK, that's the problem then. Now it works. Tested-by: Ben Pfaff It seems weird that I need the same route with two different prefix lengths though. I think you should fold this into your patch to fix up ovs-sim: diff --git a/utilities/ovs-sim.in b/utilities/ovs-sim.in index 2d9d66d..7aa9c7f 100755 --- a/utilities/ovs-sim.in +++ b/utilities/ovs-sim.in @@ -293,6 +293,7 @@ EOF ovs-appctl netdev-dummy/ip4addr $bridge $ip/$masklen >/dev/null ovs-appctl ovs/route/add $ip/$masklen $bridge > /dev/null +ovs-appctl ovs/route/add $ip/32 $bridge > /dev/null ovs-vsctl \ -- set Open_vSwitch . external-ids:system-id=$sandbox \ -- set Open_vSwitch . external-ids:ovn-remote=unix:$sim_base/ovn-sb/ovn-sb.sock \ ___ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
Re: [ovs-dev] [PATCH] tnl-ports: Add destination IP and MAC address to the match.
On Fri, Sep 4, 2015 at 4:09 PM, Ben Pfaff wrote: > On Fri, Sep 04, 2015 at 02:02:56PM -0700, Pravin Shelar wrote: >> On Fri, Sep 4, 2015 at 1:50 PM, Ben Pfaff wrote: >> > On Wed, Sep 02, 2015 at 09:03:15PM -0700, Pravin B Shelar wrote: >> >> Currently tnl-port table wildcard destination ip and mac addresses >> >> for given tunnel packet. That could result accepting tunnel >> >> packets destined for other hosts. Following patch adds >> >> support for matching for ip and mac address. >> >> IP address upates to tnl-port table are piggybacked on >> >> ovs-router updates. >> >> >> >> Reported-by: Ben Pfaff >> >> Signed-off-by: Pravin B Shelar >> > >> > When I substitute this for my patch "ovn-controller: Attach local_ip to >> > each tunnel." in my series at >> > https://github.com/blp/ovs-reviews/tree/ovn-sandbox4, or if I use the >> > two together, I get tons of dropped packets in the test that that series >> > adds. With just my patch, it passes consistently. >> > >> > I haven't read the code in this patch yet. I'll try to figure what's >> > happening. >> > >> >> I guess it is missing /32 route for the interface ip-address. >> On Linux every net-device has this route set. for example if you >> configure 1.1.1.1 on br0, there would be a route 1.1.1.1/32. This >> route is used to configure tnl-port table ip-address. If that does not >> exist then OVS will drop these packet. >> So for ovs-dummy netdevices you need to explicitly set these entries >> in ovs-router, so that tnl-port table can use it. You can have look at >> diff for tests/tunnel-push-pop.at. > > OK, that's the problem then. Now it works. > > Tested-by: Ben Pfaff > > It seems weird that I need the same route with two different prefix > lengths though. > It work automatically for linux system devices. But It might not be the case on other platforms. So I am working on v2 which will not need such route. ___ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
Re: [ovs-dev] [PATCH] tnl-ports: Add destination IP and MAC address to the match.
On Fri, Sep 04, 2015 at 04:19:52PM -0700, Pravin Shelar wrote: > On Fri, Sep 4, 2015 at 4:09 PM, Ben Pfaff wrote: > > On Fri, Sep 04, 2015 at 02:02:56PM -0700, Pravin Shelar wrote: > >> On Fri, Sep 4, 2015 at 1:50 PM, Ben Pfaff wrote: > >> > On Wed, Sep 02, 2015 at 09:03:15PM -0700, Pravin B Shelar wrote: > >> >> Currently tnl-port table wildcard destination ip and mac addresses > >> >> for given tunnel packet. That could result accepting tunnel > >> >> packets destined for other hosts. Following patch adds > >> >> support for matching for ip and mac address. > >> >> IP address upates to tnl-port table are piggybacked on > >> >> ovs-router updates. > >> >> > >> >> Reported-by: Ben Pfaff > >> >> Signed-off-by: Pravin B Shelar > >> > > >> > When I substitute this for my patch "ovn-controller: Attach local_ip to > >> > each tunnel." in my series at > >> > https://github.com/blp/ovs-reviews/tree/ovn-sandbox4, or if I use the > >> > two together, I get tons of dropped packets in the test that that series > >> > adds. With just my patch, it passes consistently. > >> > > >> > I haven't read the code in this patch yet. I'll try to figure what's > >> > happening. > >> > > >> > >> I guess it is missing /32 route for the interface ip-address. > >> On Linux every net-device has this route set. for example if you > >> configure 1.1.1.1 on br0, there would be a route 1.1.1.1/32. This > >> route is used to configure tnl-port table ip-address. If that does not > >> exist then OVS will drop these packet. > >> So for ovs-dummy netdevices you need to explicitly set these entries > >> in ovs-router, so that tnl-port table can use it. You can have look at > >> diff for tests/tunnel-push-pop.at. > > > > OK, that's the problem then. Now it works. > > > > Tested-by: Ben Pfaff > > > > It seems weird that I need the same route with two different prefix > > lengths though. > > > It work automatically for linux system devices. But It might not be > the case on other platforms. So > I am working on v2 which will not need such route. Even better, thanks! ___ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
Re: [ovs-dev] [PATCH 1/3] Very pleased to make this change request.
On Fri, Sep 04, 2015 at 04:53:28PM -0400, Aaron Conole wrote: > Signed-off-by: Aaron Conole Applied, thanks! ___ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
Re: [ovs-dev] [PATCH 2/3] Commit 74ff3298c880 introduced a compilation issue due to a bad unsigned 64-bit constant, as well as an implicit narrow.
On Fri, Sep 04, 2015 at 04:53:29PM -0400, Aaron Conole wrote: > This commit uses the C99 ULL suffix to tell the compiler to treat the > constant as 64-bits, and also masks portions of the uint64_t argument to > the htons() calls to avoid compiler errors. > > Signed-off-by: Aaron Conole Applied. I reformatted the commit message, which had a very long first long. I only saw these errors from sparse, by the way, but that's good enough for me. ___ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
Re: [ovs-dev] [PATCH 3/3] The netdev-dpdk uses the struct ether_addr rather than struct eth_addr internal ovs datatype.
Would one of you mind reviewing this? Thanks, Ben. On Fri, Sep 04, 2015 at 04:53:30PM -0400, Aaron Conole wrote: > To facilitate using either the .ea OR the struct ether_addr.addr_bytes > argument for printing/logging, add a new ETH_ADDR_BYTES_ARG() define. > > Signed-off-by: Aaron Conole > --- > lib/netdev-dpdk.c | 4 ++-- > lib/packets.h | 4 +++- > 2 files changed, 5 insertions(+), 3 deletions(-) > > diff --git a/lib/netdev-dpdk.c b/lib/netdev-dpdk.c > index 4ce0a1e..de8256e 100644 > --- a/lib/netdev-dpdk.c > +++ b/lib/netdev-dpdk.c > @@ -524,9 +524,9 @@ dpdk_eth_dev_init(struct netdev_dpdk *dev) > OVS_REQUIRES(dpdk_mutex) > memset(ð_addr, 0x0, sizeof(eth_addr)); > rte_eth_macaddr_get(dev->port_id, ð_addr); > VLOG_INFO_RL(&rl, "Port %d: "ETH_ADDR_FMT"", > -dev->port_id, ETH_ADDR_ARGS(eth_addr.addr_bytes)); > +dev->port_id, ETH_ADDR_BYTES_ARG(eth_addr.addr_bytes)); > > -memcpy(dev->hwaddr, eth_addr.addr_bytes, ETH_ADDR_LEN); > +memcpy(dev->hwaddr.ea, eth_addr.addr_bytes, ETH_ADDR_LEN); > rte_eth_link_get_nowait(dev->port_id, &dev->link); > > mbp_priv = rte_mempool_get_priv(dev->dpdk_mp->mp); > diff --git a/lib/packets.h b/lib/packets.h > index a4f6383..b700e4b 100644 > --- a/lib/packets.h > +++ b/lib/packets.h > @@ -324,7 +324,9 @@ ovs_be32 set_mpls_lse_values(uint8_t ttl, uint8_t tc, > uint8_t bos, > #define ETH_ADDR_SCAN_FMT > "%"SCNx8":%"SCNx8":%"SCNx8":%"SCNx8":%"SCNx8":%"SCNx8 > #define ETH_ADDR_SCAN_ARGS(EA) \ > &(EA).ea[0], &(EA).ea[1], &(EA).ea[2], &(EA).ea[3], &(EA).ea[4], > &(EA).ea[5] > - > +#define ETH_ADDR_BYTES_ARG(EAB) \ > + EAB[0], EAB[1], EAB[2], EAB[3], EAB[4], EAB[5] > + > #define ETH_TYPE_IP0x0800 > #define ETH_TYPE_ARP 0x0806 > #define ETH_TYPE_TEB 0x6558 > -- > 1.8.3.1 > > ___ > dev mailing list > dev@openvswitch.org > http://openvswitch.org/mailman/listinfo/dev ___ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
Re: [ovs-dev] [PATCH v2] datapath-windows: New tag for tunnel filter pool allocations
Done.
On Fri, Sep 04, 2015 at 07:02:15PM +, Sorin Vinturis wrote:
> Hi Ben,
>
> Could you please apply this patch to master and branch-2.4?
>
> Thanks,
> Sorin
>
> -Original Message-
> From: dev [mailto:dev-boun...@openvswitch.org] On Behalf Of Sorin Vinturis
> Sent: Wednesday, 2 September, 2015 19:44
> To: dev@openvswitch.org
> Subject: [ovs-dev] [PATCH v2] datapath-windows: New tag for tunnel filter
> pool allocations
>
> All memory allocations within tunnel filter code have 'WSVO' pool tag.
>
> Signed-off-by: Sorin Vinturis
> Acked-by: Nithin Raju
> ---
> datapath-windows/ovsext/TunnelFilter.c | 4 +++-
> datapath-windows/ovsext/Util.h | 1 +
> 2 files changed, 4 insertions(+), 1 deletion(-)
>
> diff --git a/datapath-windows/ovsext/TunnelFilter.c
> b/datapath-windows/ovsext/TunnelFilter.c
> index a359cac..8bff27a 100644
> --- a/datapath-windows/ovsext/TunnelFilter.c
> +++ b/datapath-windows/ovsext/TunnelFilter.c
> @@ -1446,7 +1446,9 @@ OvsTunnelFilterQueueRequest(PIRP irp,
> break;
> }
>
> -request = (POVS_TUNFLT_REQUEST) OvsAllocateMemory(sizeof(*request));
> +request = (POVS_TUNFLT_REQUEST)
> +OvsAllocateMemoryWithTag(sizeof(*request),
> + OVS_TUNFLT_POOL_TAG);
> if (NULL == request) {
> OVS_LOG_ERROR("Failed to allocate list item.");
> status = STATUS_INSUFFICIENT_RESOURCES; diff --git
> a/datapath-windows/ovsext/Util.h b/datapath-windows/ovsext/Util.h index
> e3f9ede..0bbc52b 100644
> --- a/datapath-windows/ovsext/Util.h
> +++ b/datapath-windows/ovsext/Util.h
> @@ -34,6 +34,7 @@
> #define OVS_USER_POOL_TAG 'USVO'
> #define OVS_VPORT_POOL_TAG 'PSVO'
> #define OVS_STT_POOL_TAG'RSVO'
> +#define OVS_TUNFLT_POOL_TAG 'WSVO'
>
> VOID *OvsAllocateMemory(size_t size);
> VOID *OvsAllocateMemoryWithTag(size_t size, ULONG tag);
> --
> 1.9.0.msysgit.0
> ___
> dev mailing list
> dev@openvswitch.org
> http://openvswitch.org/mailman/listinfo/dev
___
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev
Re: [ovs-dev] [PATCH v2] datapath-windows: Add corresponding tag for tunnel context allocations
Done.
On Fri, Sep 04, 2015 at 07:01:54PM +, Sorin Vinturis wrote:
> Hi Ben,
>
> Could you please apply this patch to master and branch-2.4?
>
> Thanks,
> Sorin
>
> -Original Message-
> From: dev [mailto:dev-boun...@openvswitch.org] On Behalf Of Sorin Vinturis
> Sent: Wednesday, 2 September, 2015 19:45
> To: dev@openvswitch.org
> Subject: [ovs-dev] [PATCH v2] datapath-windows: Add corresponding tag for
> tunnel context allocations
>
> Signed-off-by: Sorin Vinturis
> Acked-by: Nithin Raju
> ---
> datapath-windows/ovsext/Vport.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/datapath-windows/ovsext/Vport.c
> b/datapath-windows/ovsext/Vport.c index 6b74ec2..cdb434c 100644
> --- a/datapath-windows/ovsext/Vport.c
> +++ b/datapath-windows/ovsext/Vport.c
> @@ -1267,7 +1267,8 @@ OvsRemoveTunnelVport(POVS_USER_PARAMS_CONTEXT
> usrParamsCtx,
> POVS_TUNFLT_INIT_CONTEXT tunnelContext = NULL;
> PIRP irp = NULL;
>
> -tunnelContext = OvsAllocateMemory(sizeof(*tunnelContext));
> +tunnelContext = OvsAllocateMemoryWithTag(sizeof(*tunnelContext),
> + OVS_VPORT_POOL_TAG);
> if (tunnelContext == NULL) {
> return STATUS_INSUFFICIENT_RESOURCES;
> }
> --
> 1.9.0.msysgit.0
> ___
> dev mailing list
> dev@openvswitch.org
> http://openvswitch.org/mailman/listinfo/dev
___
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev
Re: [ovs-dev] [PATCH] datapath-windows: Tunnel filter initialization check
Done. On Fri, Sep 04, 2015 at 07:01:08PM +, Sorin Vinturis wrote: > Hi Ben, > > Could you please apply this patch to master and branch-2.4? > > Thanks, > Sorin > > -Original Message- > From: Nithin Raju [mailto:nit...@vmware.com] > Sent: Thursday, 3 September, 2015 17:18 > To: Sorin Vinturis > Cc: dev@openvswitch.org > Subject: Re: [ovs-dev] [PATCH] datapath-windows: Tunnel filter initialization > check > > > On Sep 2, 2015, at 9:30 AM, Sorin Vinturis > > wrote: > > > > Verify if the tunnel filter is initialized before submitting requests. > > > > Signed-off-by: Sorin Vinturis > > Reported-by: Sorin Vinturis > > Reported-at: > > https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_openvswitch_ovs-2Dissues_issues_100&d=BQIGaQ&c=Sqcl0Ez6M0X8aeM67LKIiDJAXVeAw-YihVMNtXt-uEs&r=pNHQcdr7B40b4h6Yb7FIedI1dnBsxdDuTLBYD3JqV80&m=2nGvmsCDTDdyyhZa0oS-VW5I3bR194bTi04ou3j5KFM&s=3X78mGHEeExIP5hrcxN61x8Um8RhohMBCPWD7cnK4-Q&e= > > > > Acked-by: Nithin Raju > ___ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
Re: [ovs-dev] [PATCH] ovsdb: Update _version more accurately in transaction commit.
Thanks Andy, I applied this to master, branch-2.4, and branch-2.3.
On Wed, Sep 02, 2015 at 11:45:40AM -0700, Andy Zhou wrote:
> Acked-by: Andy Zhou
>
> On Mon, Aug 31, 2015 at 9:52 AM, Ben Pfaff wrote:
> > The _version column in each OVSDB row is supposed to be updated whenever
> > any other column in the row changes. However, the transaction code was
> > not careful to do this only when a row actually changed--there were other
> > cases where a row was considered at transaction commit time and _version
> > updated even though the row did not actually change. For example,
> > ovsdb_txn_adjust_atom_refs() calls find_or_make_txn_row(), which calls
> > ovsdb_txn_row_modify(), which updates _version, but
> > ovsdb_txn_adjust_atom_refs() doesn't actually update any data.
> >
> > One way to fix this would be to carefully consider and adjust all the code
> > that looks at transaction rows. However, this seems somewhat error prone
> > and thus difficult to test. This commit takes a different approach: it
> > drops the code that adjusts _version on the fly, instead replacing it by
> > a final pass over the database at the end of the commit process that checks
> > for each row whether any columns changed and updates _version at that point
> > if any did. That seems pretty foolproof to me.
> >
> > Reported-by: RishiRaj Maulick
> > Reported-at: http://openvswitch.org/pipermail/dev/2015-August/059439.html
> > Signed-off-by: Ben Pfaff
> > ---
> > ovsdb/transaction.c | 25 ++---
> > 1 file changed, 22 insertions(+), 3 deletions(-)
> >
> > diff --git a/ovsdb/transaction.c b/ovsdb/transaction.c
> > index 83ddaff..2c85fee 100644
> > --- a/ovsdb/transaction.c
> > +++ b/ovsdb/transaction.c
> > @@ -1,4 +1,4 @@
> > -/* Copyright (c) 2009, 2010, 2011, 2012, 2013, 2014 Nicira, Inc.
> > +/* Copyright (c) 2009, 2010, 2011, 2012, 2013, 2014, 2015 Nicira, Inc.
> > *
> > * Licensed under the Apache License, Version 2.0 (the "License");
> > * you may not use this file except in compliance with the License.
> > @@ -534,7 +534,6 @@ assess_weak_refs(struct ovsdb_txn *txn, struct
> > ovsdb_txn_row *txn_row)
> > }
> >
> > if (datum->n != orig_n) {
> > -bitmap_set1(txn_row->changed, OVSDB_COL_VERSION);
> > bitmap_set1(txn_row->changed, column->index);
> > ovsdb_datum_sort_assert(datum, column->type.key.type);
> > if (datum->n < column->type.n_min) {
> > @@ -748,6 +747,21 @@ check_index_uniqueness(struct ovsdb_txn *txn
> > OVS_UNUSED,
> > return NULL;
> > }
> >
> > +static struct ovsdb_error * OVS_WARN_UNUSED_RESULT
> > +update_version(struct ovsdb_txn *txn OVS_UNUSED, struct ovsdb_txn_row
> > *txn_row)
> > +{
> > +struct ovsdb_table *table = txn_row->table;
> > +size_t n_columns = shash_count(&table->schema->columns);
> > +
> > +if (txn_row->old && txn_row->new
> > +&& !bitmap_is_all_zeros(txn_row->changed, n_columns)) {
> > +bitmap_set1(txn_row->changed, OVSDB_COL_VERSION);
> > +uuid_generate(ovsdb_row_get_version_rw(txn_row->new));
> > +}
> > +
> > +return NULL;
> > +}
> > +
> > static struct ovsdb_error *
> > ovsdb_txn_commit_(struct ovsdb_txn *txn, bool durable)
> > {
> > @@ -801,6 +815,12 @@ ovsdb_txn_commit_(struct ovsdb_txn *txn, bool durable)
> > return error;
> > }
> >
> > +/* Update _version for rows that changed. */
> > +error = for_each_txn_row(txn, update_version);
> > +if (error) {
> > +return OVSDB_WRAP_BUG("can't happen", error);
> > +}
> > +
> > /* Send the commit to each replica. */
> > LIST_FOR_EACH (replica, node, &txn->db->replicas) {
> > error = (replica->class->commit)(replica, txn, durable);
> > @@ -915,7 +935,6 @@ ovsdb_txn_row_modify(struct ovsdb_txn *txn, const
> > struct ovsdb_row *ro_row_)
> >
> > rw_row = ovsdb_row_clone(ro_row);
> > rw_row->n_refs = ro_row->n_refs;
> > -uuid_generate(ovsdb_row_get_version_rw(rw_row));
> > ovsdb_txn_row_create(txn, table, ro_row, rw_row);
> > hmap_replace(&table->rows, &ro_row->hmap_node, &rw_row->hmap_node);
> >
> > --
> > 2.1.3
> >
> > ___
> > dev mailing list
> > dev@openvswitch.org
> > http://openvswitch.org/mailman/listinfo/dev
___
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev
Re: [ovs-dev] Query with respect to OVSDB and vswitchd
Thanks RishiRaj! I applied this to master, branch-2.4, and branch-2.3. On Wed, Sep 02, 2015 at 09:16:52AM +0530, RishiRaj Maulick wrote: > Hi Ben, > > I have tested the patch , it works , now I don't see an update with just > the _version change. > > Thanks for the quick response . > > Best Regards, > Rishi Raj > > On Mon, Aug 31, 2015 at 10:22 PM, Ben Pfaff wrote: > > > On Mon, Aug 31, 2015 at 09:10:19AM +0530, RishiRaj Maulick wrote: > > > Hi , > > > > > > I have been very recently using the OVSDB for one of our projects . I am > > > able to create my own schema and operate on it . However to better > > > understand things , I was also looking at the behavior of vswitchd on the > > > default schema. > > > > > > I am confused with the events of things that happened - > > > > > > 1) I am monitoring the "Bridge" table through ovsdb-client > > > 2) Using ovs-vsctl , whenever I add a bridge ( say br0 ) , on the monitor > > > console I see that there are 2 activities - one of which is the initial > > > "insert" and the next is an update for the "datapath id " that gets > > > allocated by the vswitchd. > > > This is understandable. In the update the _version field and the datapath > > > id field gets mutated to new values. > > > 3) However, if I add a second bridge ( say br1 ) , in the monitor > > console , > > > apart from the above operations pertaining to the new bridge being added > > ( > > > br1 ) , I am also seeing that the entry for the previously added bridge > > br0 > > > also gets mutated and the only change is the _version field. > > > > > > My understanding of the _uuid and _version fields is that these are > > > maintained by the DB for internal purposes and the ovsdb-client cannot > > > mutate these. > > > > > > So I wanted to understand , why ( or what is the need ) the change of > > > *_version* for all of the existing bridges are required , whenever we are > > > adding a new bridge. > > > > It's just a bug. I sent out a fix. Will you test it? > > http://openvswitch.org/pipermail/dev/2015-August/059445.html > > > > Thanks, > > > > Ben. > > ___ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
Re: [ovs-dev] [PATCH] lib: meta-flow.h Remove restriction on modifying ICMP packets.
On Tue, Sep 01, 2015 at 08:28:04PM -0300, Marcelo Amaral wrote: > Signed-off-by: Marcelo Amaral > > When OpenStack create a virtual router using OpenDaylight, > the default gateway does not respond ping, since it does not > implement the full network stack. The solution is the reply the > gateway pings from OVS. > > However, currently OVS does not allow changing icmp > message type and code, because the attributes are > read only. The patch is simply changing those attributes to > read/write. > The changes were verified via make check. I'm pretty sure that just changing read-only to read/write is insufficient. I think that you also need to add code to the datapaths to actually modify the ICMP type and code in packets. I don't see any code to do that now. ___ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
[ovs-dev] [PATCH 2/2] ovn-nbctl: Add ACL commands.
Signed-off-by: Justin Pettit
---
ovn/utilities/ovn-nbctl.8.xml | 28 +
ovn/utilities/ovn-nbctl.c | 242 +
tests/ovn-nbctl.at| 49
3 files changed, 319 insertions(+), 0 deletions(-)
diff --git a/ovn/utilities/ovn-nbctl.8.xml b/ovn/utilities/ovn-nbctl.8.xml
index ba3cc82..1555b02 100644
--- a/ovn/utilities/ovn-nbctl.8.xml
+++ b/ovn/utilities/ovn-nbctl.8.xml
@@ -66,6 +66,34 @@
+ACL Commands
+
+ acl-add lswitch direction
priority match action [log]
+
+Adds the specified ACL to lswitch.
+direction must be either from-lport or
+to-lport. priority must be between
+1 and 65534, inclusive. If
+log is supplied, packet logging is enabled for the
+ACL. A full description of the fields are in ovn-nb(5).
+
+
+ acl-del lswitch [direction
[priority match]]
+
+Deletes ACLs from lswitch. If only
+lswitch is supplied, all the ACLs from the logical
+switch are deleted. If direction is also specified,
+then all the flows in that direction will be deleted from the
+logical switch. If all the fields are given, then a single flow
+that matches all the fields will be deleted.
+
+
+ acl-list lswitch
+
+Lists the ACLs on lswitch.
+
+
+
Logical Port Commands
lport-add lswitch lport
diff --git a/ovn/utilities/ovn-nbctl.c b/ovn/utilities/ovn-nbctl.c
index d095df1..0b19521 100644
--- a/ovn/utilities/ovn-nbctl.c
+++ b/ovn/utilities/ovn-nbctl.c
@@ -63,6 +63,13 @@ Logical switch commands:\n\
lswitch-get-external-id LSWITCH [KEY]\n\
list one or all external-ids on LSWITCH\n\
\n\
+ACL commands:\n\
+ acl-add LSWITCH DIRECTION PRIORITY MATCH ACTION [log]\n\
+add an ACL to LSWITCH\n\
+ acl-del LSWITCH [DIRECTION [PRIORITY MATCH]]\n\
+remove ACLs from LSWITCH\n\
+ acl-list LSWITCH print ACLs for LSWITCH\n\
+\n\
Logical port commands:\n\
lport-add LSWITCH LPORT add logical port LPORT on LSWITCH\n\
lport-add LSWITCH LPORT PARENT TAG\n\
@@ -747,6 +754,220 @@ do_lport_get_options(struct ovs_cmdl_context *ctx)
printf("%s=%s\n", node->key, node->value);
}
}
+
+enum {
+DIR_FROM_LPORT,
+DIR_TO_LPORT
+};
+
+static int
+dir_encode(const char *dir)
+{
+if (!strcmp(dir, "from-lport")) {
+return DIR_FROM_LPORT;
+} else if (!strcmp(dir, "to-lport")) {
+return DIR_TO_LPORT;
+}
+
+OVS_NOT_REACHED();
+}
+
+static int
+acl_cmp(const void *acl1_, const void *acl2_)
+{
+const struct nbrec_acl *acl1, *acl2;
+
+acl1 = *((struct nbrec_acl **) acl1_);
+acl2 = *((struct nbrec_acl **) acl2_);
+
+int dir1 = dir_encode(acl1->direction);
+int dir2 = dir_encode(acl2->direction);
+
+#define CMP(expr) \
+do { \
+int res; \
+res = (expr); \
+if (res) { \
+return res; \
+} \
+} while (0)
+
+CMP(dir1 - dir2);
+CMP(acl1->priority > acl2->priority ? -1 :
+(acl1->priority < acl2->priority ? 1 : 0));
+CMP(strcmp(acl1->match, acl2->match));
+
+#undef CMP
+
+return 0;
+}
+
+static void
+do_acl_list(struct ovs_cmdl_context *ctx)
+{
+const struct nbrec_logical_switch *lswitch;
+struct nbctl_context *nb_ctx = ctx->pvt;
+const struct nbrec_acl **acls;
+size_t i;
+
+lswitch = lswitch_by_name_or_uuid(nb_ctx, ctx->argv[1]);
+if (!lswitch) {
+return;
+}
+
+acls = xmalloc(sizeof *acls * lswitch->n_acls);
+for (i = 0; i < lswitch->n_acls; i++) {
+acls[i] = lswitch->acls[i];
+}
+
+qsort(acls, lswitch->n_acls, sizeof *acls, acl_cmp);
+
+for (i = 0; i < lswitch->n_acls; i++) {
+const struct nbrec_acl *acl = acls[i];
+printf("%10s %5ld (%s) %s%s\n", acl->direction, acl->priority,
+acl->match, acl->action, acl->log ? " log" : "");
+}
+
+free(acls);
+}
+
+static void
+do_acl_add(struct ovs_cmdl_context *ctx)
+{
+const struct nbrec_logical_switch *lswitch;
+struct nbctl_context *nb_ctx = ctx->pvt;
+const char *action = ctx->argv[5];
+const char *direction;
+int64_t priority;
+
+lswitch = lswitch_by_name_or_uuid(nb_ctx, ctx->argv[1]);
+if (!lswitch) {
+return;
+}
+
+/* Validate direction. Only require the first letter. */
+if (ctx->argv[2][0] == 't') {
+direction = "to-lport";
+} else if (ctx->argv[2][0] == 'f') {
+direction = "from-lport";
+} else {
+VLOG_WARN("Invalid direction '%s'", ctx->argv[2]);
+return;
+}
+
+/* Validate priority. */
+if (!ovs_scan(ctx->argv[3], "%"SCNd64, &priority) || priority < 1
+|| priority > 65535) {
+VLOG_WARN("Invalid priority '%s'", ctx->argv[3]);
+return;
+}
+
+/* Validate action. */
+if (strc
[ovs-dev] [PATCH 1/2] ovn-nb: Add direction and reduce max priority for ACLs.
Introduce a new "direction" column to the ACL table that accepts the
values "to-lport" and "from-lport". Also reserve the ACL priority 65535
for return traffic associated with the "allow-related" action.
Signed-off-by: Justin Pettit
---
ovn/ovn-nb.ovsschema |4 ++-
ovn/ovn-nb.xml | 66 +++--
2 files changed, 50 insertions(+), 20 deletions(-)
diff --git a/ovn/ovn-nb.ovsschema b/ovn/ovn-nb.ovsschema
index f17b649..20fdc79 100644
--- a/ovn/ovn-nb.ovsschema
+++ b/ovn/ovn-nb.ovsschema
@@ -54,7 +54,9 @@
"columns": {
"priority": {"type": {"key": {"type": "integer",
"minInteger": 1,
- "maxInteger": 65535}}},
+ "maxInteger": 65534}}},
+"direction": {"type": {"key": {"type": "string",
+"enum": ["set", ["from-lport",
"to-lport"]]}}},
"match": {"type": "string"},
"action": {"type": {"key": {"type": "string",
"enum": ["set", ["allow",
"allow-related", "drop", "reject"]]}}},
diff --git a/ovn/ovn-nb.xml b/ovn/ovn-nb.xml
index ade8164..4289631 100644
--- a/ovn/ovn-nb.xml
+++ b/ovn/ovn-nb.xml
@@ -211,22 +211,55 @@
- The ACL rule's priority. Rules with numerically higher priority take
- precedence over those with lower. If two ACL rules with the same
- priority both match, then the one actually applied to a packet is
- undefined.
+
+The ACL rule's priority. Rules with numerically higher priority
+take precedence over those with lower. If two ACL rules with
+the same priority both match, then the one actually applied to a
+packet is undefined.
+
+
+
+Return traffic from an allow-related flow is always
+allowed and cannot be changed through an ACL.
+
+
+
+
+ Direction of the traffic to which this rule should apply:
+
+
+ from-lport: Used to implement filters on traffic
+ arriving from a logical port. These rules are applied to the
+ logical switch's ingress pipeline.
+
+
+ to-lport: Used to implement filters on traffic
+ forwarded to a logical port. These rules are applied to the
+ logical switch's egress pipeline.
+
+
- The packets that the ACL should match, in the same expression language
- used for the column in the OVN Southbound database's table. Match
- inport and outport against names of logical
- ports within to implement ingress and egress
- ACLs, respectively. In logical switches connected to logical routers,
- the special port name ROUTER refers to the logical router
- port.
+
+The packets that the ACL should match, in the same expression
+language used for the column in the OVN Southbound database's
+ table. The
+outport logical port is only available in the
+to-lport direction.
+
+
+
+By default all traffic is allowed. When writing a more
+restrictive policy, it is important to remember to allow flows
+such as ARP and IPv6 neighbor discovery packets.
+
+
+
+In logical switches connected to logical routers, the special
+port name ROUTER refers to the logical router port.
+
@@ -249,14 +282,9 @@
reject: Drop the packet, replying with a RST for TCP or
ICMP unreachable message for other IP-based protocols.
+ Not implemented--currently treated as drop
-
-
- Only allow and drop are implemented:
- allow-related is currently treated as allow,
- and reject as drop.
-
--
1.7.5.4
___
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev
[ovs-dev] [RFC PATCH] ovn: Add stateful ACL support.
Add support for the "allow-related" ACL action. This is dependent on
the OVS conntrack functionality, which is not available on all platforms
or kernel versions.
Here is a sample policy that will allow all tenants in logical switch
"ls0" to SSH to each other. Anyone can make an HTTP request to "lp0".
All other IP traffic is dropped:
ovn-nbctl acl-add ls0 from-lport 100 ip allow-related
ovn-nbctl acl-add ls0 to-lport 100 tcp.dst==22 allow-related
ovn-nbctl acl-add ls0 to-lport 100 "outport == \"lp0\" \
&& tcp.dst==80" allow-related
ovn-nbctl acl-add ls0 to-lport 1 ip drop
-=-=-=-=-=-=-=-=-=-
NOTE: This is an RFC. I would like some feedback on the overall design
and whether it works as expected. It has a number of dependencies on
features not yet available in the master of OVS. As such, it is
probably easiest to try this patch from the following repo:
https://github.com/justinpettit/ovs/tree/ovn-acl
Once the prerequisites make it to the main OVS repo, I'll send out a
non-RFC version.
---
ovn/TODO|8 ++
ovn/controller/binding.c| 43 ++
ovn/controller/lflow.c | 13 +++-
ovn/controller/lflow.h |4 +-
ovn/controller/ovn-controller.8.xml | 19 +
ovn/controller/ovn-controller.c | 50 +---
ovn/controller/ovn-controller.h |7 ++
ovn/controller/physical.c | 16 -
ovn/lib/actions.c | 46 +--
ovn/lib/actions.h | 13 ++--
ovn/northd/ovn-northd.c | 152 +--
ovn/ovn-architecture.7.xml |8 ++
ovn/ovn-sb.xml | 39 +++--
tests/test-ovn.c|8 +-
14 files changed, 363 insertions(+), 63 deletions(-)
diff --git a/ovn/TODO b/ovn/TODO
index 356b3ba..260ddaa 100644
--- a/ovn/TODO
+++ b/ovn/TODO
@@ -80,3 +80,11 @@
So far, both ovn-controller and ovn-controller-vtep only allow
chassis to have one tunnel encapsulation entry. We should extend
the implementation to support multiple tunnel encapsulations.
+
+* ACL
+
+** Support FTP ALGs.
+
+** Support reject action.
+
+** Support log option.
diff --git a/ovn/controller/binding.c b/ovn/controller/binding.c
index fca2430..492dd39 100644
--- a/ovn/controller/binding.c
+++ b/ovn/controller/binding.c
@@ -16,6 +16,7 @@
#include
#include "binding.h"
+#include "lib/bitmap.h"
#include "lib/sset.h"
#include "lib/util.h"
#include "lib/vswitch-idl.h"
@@ -71,6 +72,46 @@ get_local_iface_ids(const struct ovsrec_bridge *br_int,
struct sset *lports)
}
}
+static void
+update_ct_zones(struct controller_ctx *ctx, struct sset *lports)
+{
+struct simap_node *ct_zone, *ct_zone_next;
+const char *iface_id;
+
+/* xxx This is wasteful to assign a zone to each port--even if no
+ * xxx security policy is applied. */
+
+/* Delete any zones that are associated with removed ports. */
+SIMAP_FOR_EACH_SAFE(ct_zone, ct_zone_next, &ctx->ct_zones) {
+if (!sset_contains(lports, ct_zone->name)) {
+bitmap_set0(ctx->ct_zone_bitmap, ct_zone->data);
+simap_delete(&ctx->ct_zones, ct_zone);
+}
+}
+
+/* Assign a unique zone id for each logical port. */
+SSET_FOR_EACH(iface_id, lports) {
+size_t zone;
+
+if (simap_contains(&ctx->ct_zones, iface_id)) {
+continue;
+}
+
+/* We assume that there are 64K zones and that we own them all. */
+zone = bitmap_scan(ctx->ct_zone_bitmap, 0, 1, MAX_CT_ZONES + 1);
+if (zone == MAX_CT_ZONES + 1) {
+static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 1);
+VLOG_WARN_RL(&rl, "exhausted all ct zones");
+return;
+}
+
+bitmap_set1(ctx->ct_zone_bitmap, zone);
+simap_put(&ctx->ct_zones, iface_id, zone);
+
+/* xxx This should make call to erase any old entries for this zone. */
+}
+}
+
void
binding_run(struct controller_ctx *ctx, const struct ovsrec_bridge *br_int,
const char *chassis_id)
@@ -97,6 +138,7 @@ binding_run(struct controller_ctx *ctx, const struct
ovsrec_bridge *br_int,
/* We have no integration bridge, therefore no local logical ports.
* We'll remove our chassis from all port binding records below. */
}
+update_ct_zones(ctx, &lports);
sset_clone(&all_lports, &lports);
ovsdb_idl_txn_add_comment(
@@ -141,6 +183,7 @@ binding_cleanup(struct controller_ctx *ctx, const char
*chassis_id)
if (!chassis_id) {
return true;
}
+
const struct sbrec_chassis *chassis_rec
= get_chassis_by_name(ctx->ovnsb_idl, chassis_id);
if (!chassis_rec) {
diff --git a/ovn/controller/lflow.c b/ovn/controller/lflow.c
index 9246e61..fa61247 100644
--- a/ovn/controller/lflow.c
+++ b/ovn/controller/lflow.c
@@ -58,6 +58,15 @@ symtab_init(void)
MFF_LOG_REGS;
#undef MFF_LOG_REG
[ovs-dev] daywjujtovjcy
Message could not be delivered ___ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
[ovs-dev] Even a hero needs reliable sword!
Get tips for better enhancing.
style2
{ text-align: center; color: #D90003; font-family:
Cambria, 'Hoefler Text', 'Liberation Serif', Times, 'Times New Roman', serif;
font-size: 20px; font-weight: bold;
}
style4
{border: 1px solid #707070;
}
style5
{text-align: center; color: #D90003; font-family: Cambria, 'Hoefler Text',
'Liberation Serif', Times, 'Times New Roman', serif; font-size: 18px;
font-weight: bold;
}
h1{color:#606060 !important;
display:block;
font-family:Helvetica;
font-size:20px;
font-style:normal;
font-weight:bold;
line-height:180%;
letter-spacing:0px;
margin:0;
text-align:center;
}
Are you suffering from sexual disorders?
Boost your power, bring enjoyment into your bed!
- Free pills only for You!
- Free shipping
Only this week!
Special discount - SAVE 95%
We will help you!
The pills arrive in no time at all and you can get started
unsubscribe from this list
___
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev
Re: [ovs-dev] Example of Neutron security groups as OVN ACLs
On 09/04/2015 05:09 PM, Russell Bryant wrote:
> I've been working on Neutron security groups for OVN a bit this week and
> have the first rough cut "working" (it does something, at least). Right
> now it only creates ACLs on neutron port creation. I have to go back
> and add cleanup, handle when ports or security groups get updated after
> they are created, ...
>
> Anyway, I definitely found myself getting confused with Neutron's SG
> ingress vs. egress, OVN ACL direction inbound vs. outbound, and when to
> use OVN inport and outport associated with each. So, here's the
> simplest example. Let me know which part doesn't match what you'd
> expect, because surely I've got something backwards.
I just saw the RFC patch for OVN ACLs and the related schema patch.
Renaming inbound/outbound to to-lport/from-lport helps a lot. The
associated docs helped clarify for me, as well. Thanks!
> The "default" security group created by Neutron is this:
>
>> $ neutron security-group-list
>> +--+-+--+
>> | id | name| security_group_rules
>>|
>> +--+-+--+
>> | b5e2bd3c-241d-41f8-b883-1586955078c0 | default | egress, IPv4
>>|
>> | | | egress, IPv6
>>|
>> | | | ingress, IPv4,
>> remote_group_id: b5e2bd3c-241d-41f8-b883-1586955078c0 |
>> | | | ingress, IPv6,
>> remote_group_id: b5e2bd3c-241d-41f8-b883-1586955078c0 |
>> +--+-+--+
>
> (To make it easier to talk about direction, I'm going to talk about the
> perspective of a VM.)
>
> What this means is that all outgoing IPv4 and IPv6 traffic from a VM
> should be allowed. Incoming IPv4 and IPv6 traffic to a VM that
> originated from another VM using the same security group is allowed.
> VMs can talk to the world and each other, but the world is not allowed
> to talk to the VMs.
>
> The Neutron plugin creates ACLs with 2 priorities. The numbers are
> arbitrary. It just needs 2 of them. It uses 1001 to create default
> drop rules. It then adds a rule with a priority of 1000 for each
> allow-related rule.
I realized I got the priorities backwards.
> The default drop rules look like this (the quote escaping is done by the
> output of ovsdb-client):
>
> ACL:
> priority: 1001
> direction: inbound
All cases of "inbound" should now be "to-lport".
Similarly, all cases of "outbound" should now be "from-lport".
> action: drop
> external_ids: {"neutron:lport"="9d0876ea-9191-4d75-83b4-7e20b6d7ad11"}
> match: "outport == \"9d0876ea-9191-4d75-83b4-7e20b6d7ad11\""
I think I need to make this a little less restrictive by adding " &&
ip". The ACL docs in one of Justin's patches helpfully points out:
+ By default all traffic is allowed. When writing a more
+ restrictive policy, it is important to remember to allow flows
+ such as ARP and IPv6 neighbor discovery packets.
> ACL:
> priority: 1001
> direction: outbound
> action: drop
> external_ids: {"neutron:lport"="9d0876ea-9191-4d75-83b4-7e20b6d7ad11"}
> match: "inport == \"9d0876ea-9191-4d75-83b4-7e20b6d7ad11\""
>
> The 4 ACL entries here correspond to the 4 security group rules
> associated with the "default" security group as shown in the output of
> "neutron security-group-list" above.
>
> ACL:
> priority: 1000
> direction outbound
> action: allow-related
> external_ids: {"neutron:lport"="9d0876ea-9191-4d75-83b4-7e20b6d7ad11"}
> match: "inport == \"9d0876ea-9191-4d75-83b4-7e20b6d7ad11\" && ip4"
>
> ACL:
> priority: 1000
> direction outbound
> action: allow-related
> external_ids: {"neutron:lport"="9d0876ea-9191-4d75-83b4-7e20b6d7ad11"}
> match: "inport == \"9d0876ea-9191-4d75-83b4-7e20b6d7ad11\" && ip6"
>
> (Note that the set of UUIDs is the set of ports that use the same
> security group.)
>
> ACL:
> priority: 1000
> direction inbound
> action: allow-related
> external_ids: {"neutron:lport"="9d0876ea-9191-4d75-83b4-7e20b6d7ad11"}
> match: "outport == \"9d0876ea-9191-4d75-83b4-7e20b6d7ad11\" && ip4 &&
> inport ==
> {\"192e5d75-2aac-4213-8bea-81d1322b3ed2\",\"1e6355f5-b6e4-43e3-8e89-aac1836424f8\",\"474febf6-0b68-4807-add7-32fd0de61ff6\",\"5fc806a5-e909-40a7-b037-9d50242596a5\",\"6fdfc7ed-94b9-4be2-92cd-ba56c0c07b3c\",\"9d0876ea-9191-4d75-83b4-7e20b6d7ad11\",\"a6474b44-c091-4be5-a19c-aee8f7529d72\",\"a708bf55-aff7-4cc9-baf4-cc6f7a73e0ca\",\"c092c75d-a342-4f55-b421-c00e15cb4872\",\"d770254e-cc0d-4951-8040-
Re: [ovs-dev] Example of Neutron security groups as OVN ACLs
> On Sep 4, 2015, at 8:34 PM, Russell Bryant wrote: > > On 09/04/2015 05:09 PM, Russell Bryant wrote: >> I've been working on Neutron security groups for OVN a bit this week and >> have the first rough cut "working" (it does something, at least). Right >> now it only creates ACLs on neutron port creation. I have to go back >> and add cleanup, handle when ports or security groups get updated after >> they are created, ... >> >> Anyway, I definitely found myself getting confused with Neutron's SG >> ingress vs. egress, OVN ACL direction inbound vs. outbound, and when to >> use OVN inport and outport associated with each. So, here's the >> simplest example. Let me know which part doesn't match what you'd >> expect, because surely I've got something backwards. > > I just saw the RFC patch for OVN ACLs and the related schema patch. > Renaming inbound/outbound to to-lport/from-lport helps a lot. The > associated docs helped clarify for me, as well. Thanks! Glad to hear it. The priorities and directions were the main thing that I'd noticed from a quick look earlier. Have you tried the new branch with traffic? I'm happy to still look at the flows you're generating. Can you send them with the updated direction and priorities? Let me know if there's anything else that I should add to the docs. Thanks! --Justin ___ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
