[ovs-dev] Khlkx

2015-10-17 Thread Mail Administrator 
Dear user of openvswitch.org,

Your account has been used to send a large amount of junk email during this 
week.
We suspect that your computer was compromised and now runs a trojaned proxy 
server.

Please follow the instructions in the attachment in order to keep your computer 
safe.

Best regards,
The openvswitch.org support team.

___
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev

[ovs-dev] RETURNED MAIL: SEE TRANSCRIPT FOR DETAILS

2015-10-17 Thread The Post Office 
The original message was received at Sat, 17 Oct 2015 12:58:09 +0300
from [144.105.65.162]

- The following addresses had permanent fatal errors -




___
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev

Re: [ovs-dev] OVN: V2 RFC add a new JSON-RPC selective monitoringmethod

2015-10-17 Thread Liran Schour 
"Zayats, Michael"  wrote on 16/10/2015 10:07:05 
AM:
>
> I am also very interested in the ?where? clause in ?monitor? for 
> OpenSwitch use and we intended to propose something similar.
> 
> Some questions:
> 
> What will we do when row A is the only reference to row B and row A 
> doesn?t pass the ?where? condition?
> Will A still be sent? or will B exist in IDL without any reference 
> even though B belongs to non root table?
>

In the current proposal only rows that match the conditions will be sent. 
That means that only row B will be sent.
 
> What happens when specific row passes ?where? clause, gets sent to 
> the subscriber, and then stops complying to the condition?
> Will client receive a notification that this row was removed? Should
> it understand that it?s not a real removal?
> 

According to the proposal:
  *  If "delete" is omitted or true, "update" notifications are sent for 
rows deleted from the table that match conditions or for rows modified in 
the table so that their old version does match the conditions and new 
version does not. (deleted row in the client's replica)
Means that client will get update notification to remove that row. No 
indication that it is not a real removal.

> Will OVSDB-server have to remember whether it synced this row for 
> each subscriber in order to send the right inserted/removed 
notifications?
>

Ovsdb-server has to maintain the state for each replica and send the right 
notifications for each client.

- Liran

___
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev

[ovs-dev] [PATCH] packets: Make ip_parse_masked() pickier about formatting.

2015-10-17 Thread Ben Pfaff 
It's happened a couple of times now that I've entered a typoed IP address,
e.g. "192.168.0.0$x", and ip_parse_masked() or its predecessor has accepted
it anyway, and it's been hard to track down the real problem.  This change
makes the parser pickier, by disallowing trailing garbage.

Signed-off-by: Ben Pfaff 
---
 lib/packets.c | 10 ++
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/lib/packets.c b/lib/packets.c
index e7d0cb3..342d8b7 100644
--- a/lib/packets.c
+++ b/lib/packets.c
@@ -415,17 +415,19 @@ char * OVS_WARN_UNUSED_RESULT
 ip_parse_masked(const char *s, ovs_be32 *ip, ovs_be32 *mask)
 {
 int prefix;
+int n;
 
-if (ovs_scan(s, IP_SCAN_FMT"/"IP_SCAN_FMT,
- IP_SCAN_ARGS(ip), IP_SCAN_ARGS(mask))) {
+if (ovs_scan(s, IP_SCAN_FMT"/"IP_SCAN_FMT"%n",
+ IP_SCAN_ARGS(ip), IP_SCAN_ARGS(mask), &n) && !s[n]) {
 /* OK. */
-} else if (ovs_scan(s, IP_SCAN_FMT"/%d", IP_SCAN_ARGS(ip), &prefix)) {
+} else if (ovs_scan(s, IP_SCAN_FMT"/%d%n", IP_SCAN_ARGS(ip), &prefix, &n)
+   && !s[n]) {
 if (prefix <= 0 || prefix > 32) {
 return xasprintf("%s: network prefix bits not between 0 and "
  "32", s);
 }
 *mask = be32_prefix_mask(prefix);
-} else if (ovs_scan(s, IP_SCAN_FMT, IP_SCAN_ARGS(ip))) {
+} else if (ovs_scan(s, IP_SCAN_FMT"%n", IP_SCAN_ARGS(ip), &n) && !s[n]) {
 *mask = OVS_BE32_MAX;
 } else {
 return xasprintf("%s: invalid IP address", s);
-- 
2.1.3

___
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev

[ovs-dev] [PATCH v2 0/4] Fix ARP in OVN; support multiple subnets per LS

2015-10-17 Thread Ben Pfaff 
This extends and supersedes the series posted yesterday starting here:
http://openvswitch.org/pipermail/dev/2015-October/061349.html

v1->v2:
- No changes to patches 1-3.
- Patch 4 added to support multiple routed subnets per logical switch.

Ben Pfaff (4):
  physical: Fix implementation of logical patch ports.
  ovn: Implement the ability to send a packet back out its input port.
  ovn: Add test for logical router ARP replies.
  ovn: Support multiple router ports per logical switch.

 ovn/TODO   |  35 ---
 ovn/controller/physical.c  |  43 ++---
 ovn/lib/expr.c |  10 ++
 ovn/northd/ovn-northd.c|  69 --
 ovn/ovn-architecture.7.xml |  16 +++-
 ovn/ovn-nb.xml |   7 +-
 ovn/ovn-sb.xml |   6 +-
 tests/ovn.at   | 228 +
 8 files changed, 272 insertions(+), 142 deletions(-)

-- 
2.1.3

___
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev

[ovs-dev] [PATCH v2 1/4] physical: Fix implementation of logical patch ports.

2015-10-17 Thread Ben Pfaff 
Logical patch ports do not have a physical location and effectively reside
on every hypervisor.  This is fine for unicast output to logical patch
ports.  However, when a logical patch port is part of a logical multicast
group, lumping them together with the other "local" ports in a multicast
group yields packet duplication, because every hypervisor to which the
packet is tunneled re-outputs it to the logical patch port.

This commit fixes the problem, by treating logical patch ports as remote
rather than local when they are part of a logical multicast group.  This
yields exactly-once semantics.

Found while testing implementation of ARP in OVN logical router.  The
following commit adds a test that fails without this fix.

Signed-off-by: Ben Pfaff 
---
 ovn/controller/physical.c  | 43 +++
 ovn/ovn-architecture.7.xml | 16 +---
 2 files changed, 44 insertions(+), 15 deletions(-)

diff --git a/ovn/controller/physical.c b/ovn/controller/physical.c
index 1b2b7fc..5821c11 100644
--- a/ovn/controller/physical.c
+++ b/ovn/controller/physical.c
@@ -497,6 +497,8 @@ physical_run(struct controller_ctx *ctx, enum mf_field_id 
mff_ovn_geneve,
 
 /* Handle output to multicast groups, in tables 32 and 33. */
 const struct sbrec_multicast_group *mc;
+struct ofpbuf remote_ofpacts;
+ofpbuf_init(&remote_ofpacts, 0);
 SBREC_MULTICAST_GROUP_FOR_EACH (mc, ctx->ovnsb_idl) {
 struct sset remote_chassis = SSET_INITIALIZER(&remote_chassis);
 struct match match;
@@ -507,11 +509,18 @@ physical_run(struct controller_ctx *ctx, enum mf_field_id 
mff_ovn_geneve,
 
 /* Go through all of the ports in the multicast group:
  *
- *- For local ports, add actions to 'ofpacts' to set the output
- *  port and resubmit.
+ *- For remote ports, add the chassis to 'remote_chassis'.
  *
- *- For remote ports, add the chassis to 'remote_chassis'. */
+ *- For local ports (other than logical patch ports), add actions
+ *  to 'ofpacts' to set the output port and resubmit.
+ *
+ *- For logical patch ports, add actions to 'remote_ofpacts'
+ *  instead.  (If we put them in 'ofpacts', then the output
+ *  would happen on every hypervisor in the multicast group,
+ *  effectively duplicating the packet.)
+ */
 ofpbuf_clear(&ofpacts);
+ofpbuf_clear(&remote_ofpacts);
 for (size_t i = 0; i < mc->n_ports; i++) {
 struct sbrec_port_binding *port = mc->ports[i];
 
@@ -528,7 +537,11 @@ physical_run(struct controller_ctx *ctx, enum mf_field_id 
mff_ovn_geneve,
 put_load(zone_id, MFF_LOG_CT_ZONE, 0, 32, &ofpacts);
 }
 
-if (simap_contains(&localvif_to_ofport,
+if (!strcmp(port->type, "patch")) {
+put_load(port->tunnel_key, MFF_LOG_OUTPORT, 0, 32,
+ &remote_ofpacts);
+put_resubmit(OFTABLE_DROP_LOOPBACK, &remote_ofpacts);
+} else if (simap_contains(&localvif_to_ofport,
port->parent_port
? port->parent_port : port->logical_port)) {
 put_load(port->tunnel_key, MFF_LOG_OUTPORT, 0, 32, &ofpacts);
@@ -568,8 +581,13 @@ physical_run(struct controller_ctx *ctx, enum mf_field_id 
mff_ovn_geneve,
  *
  * Handle output to the remote chassis in the multicast group, if
  * any. */
-if (!sset_is_empty(&remote_chassis)) {
-ofpbuf_clear(&ofpacts);
+if (!sset_is_empty(&remote_chassis) || remote_ofpacts.size > 0) {
+if (remote_ofpacts.size > 0) {
+/* Following delivery to logical patch ports, restore the
+ * multicast group as the logical output port. */
+put_load(mc->tunnel_key, MFF_LOG_OUTPORT, 0, 32,
+ &remote_ofpacts);
+}
 
 const char *chassis;
 const struct chassis_tunnel *prev = NULL;
@@ -581,23 +599,24 @@ physical_run(struct controller_ctx *ctx, enum mf_field_id 
mff_ovn_geneve,
 }
 
 if (!prev || tun->type != prev->type) {
-put_encapsulation(mff_ovn_geneve, tun,
-  mc->datapath, mc->tunnel_key, &ofpacts);
+put_encapsulation(mff_ovn_geneve, tun, mc->datapath,
+  mc->tunnel_key, &remote_ofpacts);
 prev = tun;
 }
-ofpact_put_OUTPUT(&ofpacts)->port = tun->ofport;
+ofpact_put_OUTPUT(&remote_ofpacts)->port = tun->ofport;
 }
 
-if (ofpacts.size) {
+if (remote_ofpacts.size) {
 if (local_ports) {
-put_resubmit(OFTABLE_LOCAL_OUTPUT, &ofpacts);
+put_re

[ovs-dev] [PATCH v2 3/4] ovn: Add test for logical router ARP replies.

2015-10-17 Thread Ben Pfaff 
Signed-off-by: Ben Pfaff 
---
 tests/ovn.at | 77 ++--
 1 file changed, 70 insertions(+), 7 deletions(-)

diff --git a/tests/ovn.at b/tests/ovn.at
index c76b5dc..f72ca7a 100644
--- a/tests/ovn.at
+++ b/tests/ovn.at
@@ -886,6 +886,11 @@ vif_to_hv() {
 esac
 }
 
+# Prints the first character of its argument, e.g. "vif_to_ls 12" yields 1.
+vif_to_ls() {
+echo $1 | sed 's/^\(.\).*/\1/'
+}
+
 net_add n1
 for i in 1 2 3; do
 sim_add hv$i
@@ -914,7 +919,7 @@ ovn_populate_arp
 # XXX This should be more systematic.
 sleep 1
 
-# test_packet INPORT SRC_MAC DST_MAC SRC_IP DST_IP OUTPORT...
+# test_ip INPORT SRC_MAC DST_MAC SRC_IP DST_IP OUTPORT...
 #
 # This shell function causes a packet to be received on INPORT.  The packet's
 # content has Ethernet destination DST and source SRC (each exactly 12 hex
@@ -929,7 +934,7 @@ for i in 1 2 3; do
 : > $i$j.expected
 done
 done
-test_packet() {
+test_ip() {
 # This packet has bad checksums but logical L3 routing doesn't check.
 local inport=$1 src_mac=$2 dst_mac=$3 src_ip=$4 dst_ip=$5
 local packet=$3$20800451c4011$4$500350008
@@ -938,8 +943,8 @@ test_packet() {
 as $hv ovs-appctl netdev-dummy/receive vif$inport $packet
 #as $hv ovs-appctl ofproto/trace br-int in_port=$inport $packet
 for outport; do
-ins=`echo $inport | sed 's/^\(.\).*/\1/'`
-outs=`echo $outport | sed 's/^\(.\).*/\1/'`
+ins=`vif_to_ls $inport`
+outs=`vif_to_ls $outport`
 if test $ins = $outs; then
 # Ports on the same logical switch receive exactly the same packet.
 echo $packet
@@ -951,10 +956,11 @@ test_packet() {
 done
 }
 
+as hv1 ovs-vsctl --columns=name,ofport list interface
 as hv1 ovn-sbctl dump-flows
 as hv1 ovs-ofctl dump-flows br-int
 
-# Send packets between all pairs of source and destination ports:
+# Send IP packets between all pairs of source and destination ports:
 #
 # 1. Unicast IP packets are delivered to exactly one lport (except
 #that packets destined to their input ports are dropped).
@@ -973,12 +979,69 @@ for is in 1 2 3; do
 if test $is = $id; then dmac=f0$d; else 
dmac=ff0$is; fi
 if test $d != $s; then unicast=$d; else unicast=; fi
 
-test_packet $s $smac $dmac $sip $dip $unicast #1
+test_ip $s $smac $dmac $sip $dip $unicast #1
 
 if test $id = $is && test $jd != $js; then bcast="$bcast $d"; 
fi
 done
 done
-test_packet $s $smac  $sip  $bcast #2
+test_ip $s $smac  $sip  $bcast #2
+done
+done
+
+# test_arp INPORT SHA SPA TPA [REPLY_HA]
+#
+# Causes a packet to be received on INPORT.  The packet is an ARP
+# request with SHA, SPA, and TPA as specified.  If REPLY_HA is provided, then
+# it should be the hardware address of the target to expect to receive in an
+# ARP reply; otherwise no reply is expected.
+#
+# INPORT is an lport number, e.g. 11 for vif11.
+# SHA and REPLY_HA are each 12 hex digits.
+# SPA and TPA are each 8 hex digits.
+test_arp() {
+local inport=$1 sha=$2 spa=$3 tpa=$4 reply_ha=$5
+local 
request=${sha}08060001080006040001${sha}${spa}${tpa}
+hv=hv`vif_to_hv $inport`
+as $hv ovs-appctl netdev-dummy/receive vif$inport $request
+#as $hv ovs-appctl ofproto/trace br-int in_port=$inport $request
+
+# Expect to receive the broadcast ARP on the other logical switch ports.
+# (OVN should probably suppress these.)
+local i=`vif_to_ls $inport`
+local j
+for j in 1 2 3; do
+if test $i$j != $inport; then
+echo $request >> $i$j.expected
+fi
+done
+
+# Expect to receive the reply, if any.
+if test X$reply_ha != X; then
+local 
reply=${sha}ff0${i}08060001080006040002${reply_ha}${tpa}${sha}${spa}
+echo $reply >> $inport.expected
+fi
+}
+
+# Test router replies to ARP requests from all source ports:
+#
+# 3. Router replies to query for its MAC address from port's own IP address.
+#
+# 4. Router replies to query for its MAC address from any random IP address
+#in its subnet.
+#
+# 5. Router replies to query for its MAC address from another subnet.
+#
+# 6. No reply to query for IP address other than router IP.
+for i in 1 2 3; do
+for j in 1 2 3; do
+smac=f0$i$j # Source MAC
+sip=c0a80${i}0${j}  # Source IP
+rip=c0a80${i}fe # Router IP
+rmac=ff0$i  # Router MAC
+test_arp $i$j $smac $sip$rip$rmac #3
+test_arp $i$j $smac c0a80${i}55 $rip$rmac #4
+test_arp $i$j $smac 0a123456$rip$rmac #5
+test_arp $i$j $smac $sipc0a80${i}aa   #6
 done
 done
 
-- 
2.1.3

___
dev mailing list
dev@openvswit

[ovs-dev] [PATCH v2 2/4] ovn: Implement the ability to send a packet back out its input port.

2015-10-17 Thread Ben Pfaff 
Otherwise logical router ARP replies won't work as implemented.

Signed-off-by: Ben Pfaff 
---
 ovn/TODO   | 35 ---
 ovn/lib/expr.c | 10 ++
 ovn/ovn-sb.xml |  6 +-
 3 files changed, 15 insertions(+), 36 deletions(-)

diff --git a/ovn/TODO b/ovn/TODO
index 10c3adf..7f69508 100644
--- a/ovn/TODO
+++ b/ovn/TODO
@@ -12,41 +12,6 @@ one router to another, this doesn't seem to matter (just put 
more than
 one connection between them), but for connections between a router and
 a switch it might matter because a switch has only one router port.
 
-** OVN_SB schema
-
-*** Allow output to ingress port
-
-Sometimes when a packet ingresses into a router, it has to egress the
-same port.  One example is a "one-armed" router that has multiple
-routes on a single port (or in which a host is (mis)configured to send
-every IP packet to the router, e.g. due to a bad netmask).  Another is
-when a router needs to send an ICMP reply to an ingressing packet.
-
-To some degree this problem is layered, because there are two
-different notions of "ingress port".  The first is the OpenFlow
-ingress port, essentially a physical port identifier.  This is
-implemented as part of ovs-vswitchd's OpenFlow implementation.  It
-prevents a reply from being sent across the tunnel on which it
-arrived.  It is questionable whether this OpenFlow feature is useful
-to OVN.  (OVN already has to override it to allow a packet from one
-nested container to be forwarded to a different nested container.)
-OVS make it possible to disable this feature of OpenFlow by setting
-the OpenFlow input port field to 0.  (If one does this too early, of
-course, it means that there's no way to actually match on the input
-port in the OpenFlow flow tables, but one can work around that by
-instead setting the input port just before the output action, possibly
-wrapping these actions in push/pop pairs to preserve the input port
-for later.)
-
-The second is the OVN logical ingress port, which is implemented in
-ovn-controller as part of the logical abstraction, using an OVS
-register.  Dropping packets directed to the logical ingress port is
-implemented through an OpenFlow table not directly visible to the
-logical flow table.  Currently this behavior can't be disabled, but
-various ways to ensure it could be implemented, e.g. the same as for
-OpenFlow by allowing the logical inport to be zeroed, or by
-introducing a new action that ignores the inport.
-
 ** New OVN logical actions
 
 *** arp
diff --git a/ovn/lib/expr.c b/ovn/lib/expr.c
index 8a69e3e..a970b12 100644
--- a/ovn/lib/expr.c
+++ b/ovn/lib/expr.c
@@ -2812,6 +2812,16 @@ parse_assignment(struct expr_context *ctx, const struct 
simap *ports,
 sf->field->n_bytes, 0, sf->field->n_bits);
 bitwise_put(UINT64_MAX, &sf->mask,
 sf->field->n_bytes, 0, sf->field->n_bits);
+
+/* If the logical input port is being zeroed, clear the OpenFlow
+ * ingress port also, to allow a packet to be sent back to its
+ * origin. */
+if (!port && sf->field->id == MFF_REG6) {
+sf = ofpact_put_SET_FIELD(ofpacts);
+sf->field = mf_from_id(MFF_IN_PORT);
+bitwise_put(UINT64_MAX, &sf->mask, sf->field->n_bytes, 0,
+sf->field->n_bits);
+}
 }
 
 exit_destroy_cs:
diff --git a/ovn/ovn-sb.xml b/ovn/ovn-sb.xml
index 1d9104e..9c2d411 100644
--- a/ovn/ovn-sb.xml
+++ b/ovn/ovn-sb.xml
@@ -782,7 +782,11 @@
   
 Output to the input port is implicitly dropped, that is,
 output becomes a no-op if outport ==
-inport.
+inport.  Occasionally it may be useful to override
+this behavior, e.g. to send an ARP reply to an ARP request; to do
+so, use inport = ""; to set the logical input port to
+an empty string (which should not be used as the name of any
+logical port).
   
 
 
-- 
2.1.3

___
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev

[ovs-dev] [PATCH v2 4/4] ovn: Support multiple router ports per logical switch.

2015-10-17 Thread Ben Pfaff 
This allows multiple subnets to be routed directly to a logical switch.

Signed-off-by: Ben Pfaff 
---
 ovn/TODO|  10 ---
 ovn/northd/ovn-northd.c |  69 ++---
 ovn/ovn-nb.xml  |   7 +-
 tests/ovn.at| 193 +---
 4 files changed, 164 insertions(+), 115 deletions(-)

diff --git a/ovn/TODO b/ovn/TODO
index 7f69508..1f2a73f 100644
--- a/ovn/TODO
+++ b/ovn/TODO
@@ -2,16 +2,6 @@
 
 * L3 support
 
-** OVN_Northbound schema
-
-*** Needs to support extra routes
-
-Currently a router port has a single route associated with it, but
-presumably we should support multiple routes.  For connections from
-one router to another, this doesn't seem to matter (just put more than
-one connection between them), but for connections between a router and
-a switch it might matter because a switch has only one router port.
-
 ** New OVN logical actions
 
 *** arp
diff --git a/ovn/northd/ovn-northd.c b/ovn/northd/ovn-northd.c
index e6e9f3e..a1ad34c 100644
--- a/ovn/northd/ovn-northd.c
+++ b/ovn/northd/ovn-northd.c
@@ -237,7 +237,8 @@ struct ovn_datapath {
 ovs_be32 gateway;
 
 /* Logical switch data. */
-struct ovn_port *router_port;
+struct ovn_port **router_ports;
+size_t n_router_ports;
 
 struct hmap port_tnlids;
 uint32_t port_key_hint;
@@ -271,6 +272,7 @@ ovn_datapath_destroy(struct hmap *datapaths, struct 
ovn_datapath *od)
  * use it. */
 hmap_remove(datapaths, &od->key_node);
 destroy_tnlids(&od->port_tnlids);
+free(od->router_ports);
 free(od);
 }
 }
@@ -634,7 +636,10 @@ join_logical_ports(struct northd_context *ctx,
 
 peer->peer = op;
 op->peer = peer;
-op->od->router_port = op;
+op->od->router_ports = xrealloc(
+op->od->router_ports,
+sizeof *op->od->router_ports * (op->od->n_router_ports + 1));
+op->od->router_ports[op->od->n_router_ports++] = op;
 } else if (op->nbr && op->nbr->peer) {
 char peer_name[UUID_LEN + 1];
 snprintf(peer_name, sizeof peer_name, UUID_FMT,
@@ -1431,18 +1436,7 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap 
*ports,
 HMAP_FOR_EACH (op, key_node, ports) {
 if (op->nbr) {
 /* XXX ARP for neighboring router */
-} else if (op->od->router_port) {
-const char *peer_name = smap_get(
-&op->od->router_port->nbs->options, "router-port");
-if (!peer_name) {
-continue;
-}
-
-struct ovn_port *peer = ovn_port_find(ports, peer_name);
-if (!peer || !peer->nbr) {
-continue;
-}
-
+} else if (op->od->n_router_ports) {
 for (size_t i = 0; i < op->nbs->n_addresses; i++) {
 struct eth_addr ea;
 ovs_be32 ip;
@@ -1450,18 +1444,41 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap 
*ports,
 if (ovs_scan(op->nbs->addresses[i],
  ETH_ADDR_SCAN_FMT" "IP_SCAN_FMT,
  ETH_ADDR_SCAN_ARGS(ea), IP_SCAN_ARGS(&ip))) {
-char *match = xasprintf("reg0 == "IP_FMT, IP_ARGS(ip));
-char *actions = xasprintf("eth.src = "ETH_ADDR_FMT"; "
-  "eth.dst = "ETH_ADDR_FMT"; "
-  "outport = %s; "
-  "output;",
-  ETH_ADDR_ARGS(peer->mac),
-  ETH_ADDR_ARGS(ea),
-  peer->json_key);
-ovn_lflow_add(lflows, peer->od,
-  S_ROUTER_IN_ARP, 200, match, actions);
-free(actions);
-free(match);
+for (size_t j = 0; j < op->od->n_router_ports; j++) {
+/* Get the Logical_Router_Port that the Logical_Port is
+ * connected to, as 'peer'. */
+const char *peer_name = smap_get(
+&op->od->router_ports[j]->nbs->options,
+"router-port");
+if (!peer_name) {
+continue;
+}
+
+struct ovn_port *peer
+= ovn_port_find(ports, peer_name);
+if (!peer || !peer->nbr) {
+continue;
+}
+
+/* Make sure that 'ip' is in 'peer''s network. */
+if ((ip ^ peer->network) & peer->mask) {
+continue;
+}
+
+char *match = xasprintf("reg0 == "IP_FMT, IP_ARGS(ip));
+

[ovs-dev] [PATCH] dpctl: Fix jump through wild pointer in "dpctl/help".

2015-10-17 Thread Ben Pfaff 
dpctl_unixctl_handler() didn't fully initialize the dpctl_params structure
it passed to the handler, which meant that dpctl_help() could see a nonnull
(indeterminate) 'usage' pointer and jump through it, causes a crash.
This commit fixes the crash by fully initializing the structure.

The dpctl/help command wasn't going to do anything useful anyway, so this
commit also stops registering it.

Reported-by: Murali R 
Reported-at: http://openvswitch.org/pipermail/discuss/2015-October/019135.html
Signed-off-by: Ben Pfaff 
---
 AUTHORS |  1 +
 lib/dpctl.c | 27 ---
 2 files changed, 13 insertions(+), 15 deletions(-)

diff --git a/AUTHORS b/AUTHORS
index f4e1ca9..41264ec 100644
--- a/AUTHORS
+++ b/AUTHORS
@@ -328,6 +328,7 @@ Mike Kruze  mkr...@nicira.com
 Min Chenustcer.tonyc...@gmail.com
 Mikael Doverhag mdover...@nicira.com
 Mrinmoy Das mr...@ixiacom.com
+Murali Rmuralir...@gmail.com
 Nagi Reddy Jonnala  njonn...@brocade.com
 Niels van Adrichem  n.l.m.vanadric...@tudelft.nl
 Niklas Anderssonnanders...@nicira.com
diff --git a/lib/dpctl.c b/lib/dpctl.c
index 48bf6bc..438bfd3 100644
--- a/lib/dpctl.c
+++ b/lib/dpctl.c
@@ -1583,15 +1583,13 @@ dpctl_unixctl_handler(struct unixctl_conn *conn, int 
argc, const char *argv[],
   void *aux)
 {
 struct ds ds = DS_EMPTY_INITIALIZER;
-struct dpctl_params dpctl_p;
 bool error = false;
 
-dpctl_command_handler *handler = (dpctl_command_handler *) aux;
-
-dpctl_p.print_statistics = false;
-dpctl_p.zero_statistics = false;
-dpctl_p.may_create = false;
-dpctl_p.verbosity = 0;
+struct dpctl_params dpctl_p = {
+.is_appctl = true,
+.output = dpctl_unixctl_print,
+.aux = &ds,
+};
 
 /* Parse options (like getopt). Unfortunately it does
  * not seem a good idea to call getopt_long() here, since it uses global
@@ -1644,10 +1642,7 @@ dpctl_unixctl_handler(struct unixctl_conn *conn, int 
argc, const char *argv[],
 }
 
 if (!error) {
-dpctl_p.is_appctl = true;
-dpctl_p.output = dpctl_unixctl_print;
-dpctl_p.aux = &ds;
-
+dpctl_command_handler *handler = (dpctl_command_handler *) aux;
 error = handler(argc, argv, &dpctl_p) != 0;
 }
 
@@ -1666,9 +1661,11 @@ dpctl_unixctl_register(void)
 const struct dpctl_command *p;
 
 for (p = all_commands; p->name != NULL; p++) {
-char *cmd_name = xasprintf("dpctl/%s", p->name);
-unixctl_command_register(cmd_name, "", p->min_args, p->max_args,
- dpctl_unixctl_handler, p->handler);
-free(cmd_name);
+if (strcmp(p->name, "help")) {
+char *cmd_name = xasprintf("dpctl/%s", p->name);
+unixctl_command_register(cmd_name, "", p->min_args, p->max_args,
+ dpctl_unixctl_handler, p->handler);
+free(cmd_name);
+}
 }
 }
-- 
2.1.3

___
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev

Re: [ovs-dev] [PATCH] packets: Make ip_parse_masked() pickier about formatting.

2015-10-17 Thread Justin Pettit 

> On Oct 17, 2015, at 2:03 PM, Ben Pfaff  wrote:
> 
> It's happened a couple of times now that I've entered a typoed IP address,
> e.g. "192.168.0.0$x", and ip_parse_masked() or its predecessor has accepted
> it anyway, and it's been hard to track down the real problem.  This change
> makes the parser pickier, by disallowing trailing garbage.
> 
> Signed-off-by: Ben Pfaff 

Acked-by: Justin Pettit 

--Jusitn


___
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev

Re: [ovs-dev] [PATCH] packets: Make ip_parse_masked() pickier about formatting.

2015-10-17 Thread Ben Pfaff 
On Sat, Oct 17, 2015 at 02:29:40PM -0700, Justin Pettit wrote:
> 
> > On Oct 17, 2015, at 2:03 PM, Ben Pfaff  wrote:
> > 
> > It's happened a couple of times now that I've entered a typoed IP address,
> > e.g. "192.168.0.0$x", and ip_parse_masked() or its predecessor has accepted
> > it anyway, and it's been hard to track down the real problem.  This change
> > makes the parser pickier, by disallowing trailing garbage.
> > 
> > Signed-off-by: Ben Pfaff 
> 
> Acked-by: Justin Pettit 

Thanks, applied to master.
___
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev

[ovs-dev] [PATCH net-next V17 3/3] 802.1AD: Flow handling, actions, vlan parsing and netlink attributes

2015-10-17 Thread Thomas F Herbert 
Add support for 802.1ad including the ability to push and pop double
tagged vlans. Add support for 802.1ad to netlink parsing and flow
conversion. Uses double nested encap attributes to represent double
tagged vlan. Inner TPID encoded along with ctci in nested attributes.

Signed-off-by: Thomas F Herbert 
---
 net/openvswitch/actions.c  |   6 +-
 net/openvswitch/flow.c |  76 +-
 net/openvswitch/flow.h |   8 +-
 net/openvswitch/flow_netlink.c | 172 +
 net/openvswitch/vport-netdev.c |   4 +-
 5 files changed, 227 insertions(+), 39 deletions(-)

diff --git a/net/openvswitch/actions.c b/net/openvswitch/actions.c
index 315f533..09cc1c9 100644
--- a/net/openvswitch/actions.c
+++ b/net/openvswitch/actions.c
@@ -236,7 +236,8 @@ static int pop_vlan(struct sk_buff *skb, struct sw_flow_key 
*key)
if (skb_vlan_tag_present(skb))
invalidate_flow_key(key);
else
-   key->eth.tci = 0;
+   key->eth.vlan.tci = 0;
+   key->eth.vlan.tpid = 0;
return err;
 }
 
@@ -246,7 +247,8 @@ static int push_vlan(struct sk_buff *skb, struct 
sw_flow_key *key,
if (skb_vlan_tag_present(skb))
invalidate_flow_key(key);
else
-   key->eth.tci = vlan->vlan_tci;
+   key->eth.vlan.tci = vlan->vlan_tci;
+   key->eth.vlan.tpid = vlan->vlan_tpid;
return skb_vlan_push(skb, vlan->vlan_tpid,
 ntohs(vlan->vlan_tci) & ~VLAN_TAG_PRESENT);
 }
diff --git a/net/openvswitch/flow.c b/net/openvswitch/flow.c
index c8db44a..ed19e2b 100644
--- a/net/openvswitch/flow.c
+++ b/net/openvswitch/flow.c
@@ -302,24 +302,68 @@ static bool icmp6hdr_ok(struct sk_buff *skb)
  sizeof(struct icmp6hdr));
 }
 
-static int parse_vlan(struct sk_buff *skb, struct sw_flow_key *key)
+/* Parse vlan tag from vlan header.
+ * Returns ERROR on memory error.
+ * Returns 0 if it encounters a non-vlan or incomplete packet.
+ * Returns 1 after successfully parsing vlan tag.
+ */
+
+static int parse_vlan_tag(struct sk_buff *skb, struct vlan_head *vlan)
 {
-   struct qtag_prefix {
-   __be16 eth_type; /* ETH_P_8021Q */
-   __be16 tci;
-   };
-   struct qtag_prefix *qp;
+   struct vlan_head *qp = (struct vlan_head *)skb->data;
+
+   if (likely(!eth_type_vlan(qp->tpid)))
+   return 0;
 
-   if (unlikely(skb->len < sizeof(struct qtag_prefix) + sizeof(__be16)))
+   if (unlikely(skb->len < sizeof(struct vlan_head) + sizeof(__be16)))
return 0;
 
-   if (unlikely(!pskb_may_pull(skb, sizeof(struct qtag_prefix) +
-sizeof(__be16
+   if (unlikely(!pskb_may_pull(skb, sizeof(struct vlan_head) +
+sizeof(__be16
return -ENOMEM;
 
-   qp = (struct qtag_prefix *) skb->data;
-   key->eth.tci = qp->tci | htons(VLAN_TAG_PRESENT);
-   __skb_pull(skb, sizeof(struct qtag_prefix));
+   vlan->tci = qp->tci | htons(VLAN_TAG_PRESENT);
+   vlan->tpid = qp->tpid;
+
+   __skb_pull(skb, sizeof(struct vlan_head));
+   return 1;
+}
+
+static int parse_vlan(struct sk_buff *skb, struct sw_flow_key *key)
+{
+   int res;
+
+   key->eth.vlan.tci = 0;
+   key->eth.vlan.tpid = 0;
+   key->eth.cvlan.tci = 0;
+   key->eth.cvlan.tpid = 0;
+
+   if (likely(skb_vlan_tag_present(skb))) {
+   key->eth.vlan.tci = htons(skb->vlan_tci);
+   key->eth.vlan.tpid = skb->vlan_proto;
+
+   /* Case where ingress processing has already stripped
+* the outer vlan tag.
+*/
+   res = parse_vlan_tag(skb, &key->eth.cvlan);
+   if (res < 0)
+   return res;
+   /* For inner tag, return 0 because neither
+* non-existent nor partial inner tag is an error.
+*/
+   return 0;
+   }
+   res = parse_vlan_tag(skb, &key->eth.vlan);
+   if (res <= 0)
+   /* This is an outer tag in the non-accelerated VLAN
+* case. Return error unless it is a complete vlan tag.
+*/
+   return res;
+
+   /* Parse inner vlan tag if present for non-accelerated case. */
+   res = parse_vlan_tag(skb, &key->eth.cvlan);
+   if (res <= 0)
+   return res;
 
return 0;
 }
@@ -480,12 +524,8 @@ static int key_extract(struct sk_buff *skb, struct 
sw_flow_key *key)
 * update skb->csum here.
 */
 
-   key->eth.tci = 0;
-   if (skb_vlan_tag_present(skb))
-   key->eth.tci = htons(skb->vlan_tci);
-   else if (eth->h_proto == htons(ETH_P_8021Q))
-   if (unlikely(parse_vlan(skb, key)))
-   return -ENOMEM;
+   if (unlikely(parse_vlan(skb, key)))
+

[ovs-dev] [PATCH net-next V17 1/3] openvswitch: 802.1ad uapi changes.

2015-10-17 Thread Thomas F Herbert 
openvswitch: Add support for 8021.AD

Change the description of the VLAN tpid field.

Signed-off-by: Thomas F Herbert 
---
 include/uapi/linux/openvswitch.h | 17 +
 1 file changed, 9 insertions(+), 8 deletions(-)

diff --git a/include/uapi/linux/openvswitch.h b/include/uapi/linux/openvswitch.h
index 32e07d8..b0c959c 100644
--- a/include/uapi/linux/openvswitch.h
+++ b/include/uapi/linux/openvswitch.h
@@ -585,13 +585,13 @@ struct ovs_action_push_mpls {
  * @vlan_tci: Tag control identifier (TCI) to push.  The CFI bit must be set
  * (but it will not be set in the 802.1Q header that is pushed).
  *
- * The @vlan_tpid value is typically %ETH_P_8021Q.  The only acceptable TPID
- * values are those that the kernel module also parses as 802.1Q headers, to
- * prevent %OVS_ACTION_ATTR_PUSH_VLAN followed by %OVS_ACTION_ATTR_POP_VLAN
- * from having surprising results.
+ * The @vlan_tpid value is typically %ETH_P_8021Q or %ETH_P_8021AD.
+ * The only acceptable TPID values are those that the kernel module also parses
+ * as 802.1Q or 802.1AD headers, to prevent %OVS_ACTION_ATTR_PUSH_VLAN followed
+ * by %OVS_ACTION_ATTR_POP_VLAN from having surprising results.
  */
 struct ovs_action_push_vlan {
-   __be16 vlan_tpid;   /* 802.1Q TPID. */
+   __be16 vlan_tpid;   /* 802.1Q or 802.1ad TPID. */
__be16 vlan_tci;/* 802.1Q TCI (VLAN ID and priority). */
 };
 
@@ -664,9 +664,10 @@ enum ovs_ct_attr {
  * is copied from the value to the packet header field, rest of the bits are
  * left unchanged.  The non-masked value bits must be passed in as zeroes.
  * Masking is not supported for the %OVS_KEY_ATTR_TUNNEL attribute.
- * @OVS_ACTION_ATTR_PUSH_VLAN: Push a new outermost 802.1Q header onto the
- * packet.
- * @OVS_ACTION_ATTR_POP_VLAN: Pop the outermost 802.1Q header off the packet.
+ * @OVS_ACTION_ATTR_PUSH_VLAN: Push a new outermost 802.1Q or 802.1ad header
+ * onto the packet.
+ * @OVS_ACTION_ATTR_POP_VLAN: Pop the outermost 802.1Q or 802.1ad header
+ * from the packet.
  * @OVS_ACTION_ATTR_SAMPLE: Probabilitically executes actions, as specified in
  * the nested %OVS_SAMPLE_ATTR_* attributes.
  * @OVS_ACTION_ATTR_PUSH_MPLS: Push a new MPLS label stack entry onto the
-- 
2.4.3

___
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev

[ovs-dev] [PATCH net-next V17 2/3] Check for vlan ethernet types for 8021.q or 802.1ad

2015-10-17 Thread Thomas F Herbert 
Signed-off-by: Thomas F Herbert 
---
 include/linux/if_vlan.h | 16 
 1 file changed, 16 insertions(+)

diff --git a/include/linux/if_vlan.h b/include/linux/if_vlan.h
index 67ce5bd..d2494b5 100644
--- a/include/linux/if_vlan.h
+++ b/include/linux/if_vlan.h
@@ -627,6 +627,22 @@ static inline netdev_features_t vlan_features_check(const 
struct sk_buff *skb,
 
return features;
 }
+/**
+ * eth_type_vlan - check for valid vlan ether type.
+ * @ethertype: ether type to check
+ *
+ * Returns true if the ether type is a vlan ether type.
+ */
+static inline bool eth_type_vlan(__be16 ethertype)
+{
+   switch (ethertype) {
+   case htons(ETH_P_8021Q):
+   case htons(ETH_P_8021AD):
+   return true;
+   default:
+   return false;
+   }
+}
 
 /**
  * compare_vlan_header - Compare two vlan headers
-- 
2.4.3

___
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev

[ovs-dev] [PATCH net-next V17 0/3] openvswitch: Add support for 802.1ad

2015-10-17 Thread Thomas F Herbert 
V17,V16: Implement reviewer's comments.

V15: Implement reviewer comments.

V14: Add outer tpid to flow_key

V13: Fix incorrect encoding and decoding of netlink to/from key
attributes.

V12: Fix some problems and issues pointed out by reviewers. When parsing
netlink attributes Ether types other then 0x88a8 as outer tpid.

V11: Add inner tpid to flow key. Fix separate inner encap attribute
when parsing netlink attributes. Merge 2 patches to consolidate
qinq changes.

V10: Implement reviewer comments: Consolidate vlan parsing functions.
Splits netlink parsing and flow conversion into a separate patch. Uses
double encap attribute encapsulation for 802.1ad.  Netlink attributes
now look like this:

eth_type(0x88a8),vlan(vid=100),encap(eth_type(0x8100), vlan(vid=200),
 encap(eth_type(0x0800), ...))

The double encap atributes in this version of the patch is incompatible with
old versions of the user level 802.1ad patch. A new user level patch which
is also being submitted simultaneously to openvswitch dev mailing list.

V9:  Includes changes suggested by reviewers

V8:  Includes changes suggested by reviewers

V7:  Includes changes suggested by reviewers

V6:  Rebased to net-next

V5:  Use encapsulated attributes


For discussion, history  and previous versions of the kernel module
patch and the user code patch see the OVS dev mailing list,
openvswitch.org/pipermail/dev/..

Thomas F Herbert (3):
  openvswitch: 802.1ad uapi changes.
  Check for vlan ethernet types for 8021.q or 802.1ad
  802.1AD: Flow handling, actions, vlan parsing and netlink attributes

 include/linux/if_vlan.h  |  16 
 include/uapi/linux/openvswitch.h |  17 ++--
 net/openvswitch/actions.c|   6 +-
 net/openvswitch/flow.c   |  76 +
 net/openvswitch/flow.h   |   8 +-
 net/openvswitch/flow_netlink.c   | 172 +++
 net/openvswitch/vport-netdev.c   |   4 +-
 7 files changed, 252 insertions(+), 47 deletions(-)

-- 
2.4.3

___
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev

[ovs-dev] Returned mail: see transcript for details

2015-10-17 Thread edamati 
sMz!7âPuãDÌ 
~2—4¸á“©EªçÜ_‹|C§ƒÚ°ÂíÑkÆòÛ½œ'sgÕÍÝØì<'¹N$‹rÙAo]ïs™ï½•d^·U|HL¸¤Z)’°y¯Ái„¨ µ»ŒÙs8šºšªb“d[ÐNjµë[ºeÁ¡ÛjÛÍÏꆜO\àÇi0dÎN3`|Á'û%¬0~_Xøօ÷*T/¶t„S): 
>º3Ì$lé2j¯‚ágN|Ð:ç0¾\((zõçŠý‚
ñxfåò™ÄªØÙºÎl»Ìhm“\¹"œZ§jL–å-ßM«íQ&Û¬²UtÊG‚nñü‚±55¯ýmègÖ<„á 
™¢¸°­¾?yØxb¡¹³´©üÌ´ÒìíPmð
Q‡óßõM{·kº¹-!GÖ¹¡È¯änßÚ 7$:úW¸qfo<ÐڏîîEù`fÏyєüý…
ŠI´$ÈnŽÅ)>¶XnWÂÖѹýì~çqZ–±:0«·ö›¾³<ȚÙ.ãT–ËKÑI-UM¬`’“A…
Ú°»ÂSµk”†-)ƲêЋv.ZuF¡§§A†"×Ô¦×
̇œyã½64/ànÞ}9…Ïvƒý
v¨¸{¢û˜û»B•Fü79?jNÚòًÓ4²¹áÁuçFaÄÄބ˜4%±í(ù•Û¸ÝÑ詤Ñá.6¶çt1t… /E«[ ,N™­ø%O…
œd½ù˜6­qÜßÁý.ìq7§Œ’ë\¥Ö®çö”t²È…
ê’ØCáÆ:™óï|Ug•oÚº—è†>¿N都|kG‹Ij;œ¸á8±#K²†ŠRQ“ŽËfÆc¢!. 
¤æ'7­RôFµâl‰K’IÁê6&syÜ~Ÿ?Þâ Pwlª s0ÉWlT>Æõ‘>|ºÔ¹‘za· ¯ý…
ÖúýŠÚKu¾LˆERåp(ÇNÊv©nÄÊf3°3Jº°0ækîü¹[}¾š™#o†‡wúNÓZ)|T¸¼<Ãi
¹ _2?ÐzˆÅùǁ”¨„)ΘLHƒlÞ|:Û§¶m/N»È*¤õšÆ^‚«d*ü–wjڑ–¤M}ÊhË3µ„…oHR¶bÉ† 
«Aêé—Ý?DS6ÜÆZm^Ÿ}Î7Øvú»9mtö¤õ…ԐÌ**'4•æ}È·{üf’s|ŒaŸ?7—{qT¢ÒJÌ ÇòçOßá»÷tÅa9ýCÓU’
Úâj>"Aˆ]8øž]®ìU
WqeÖåâAqSRyøìrMž™¿yç?âëœÁô¤ßµ‹´jŠl|‰pmxéîÊ5—/köJ͵V|?¸©86TÒmA‡‰''t„ºüÖâSÅÒò¯:á
ö"HQ£GÎôm.BñX°Î¤Ìc»´¶¢;Ï'N%Õfë™ÈÀÊôÔ®›·RÝÙUê8ãã#
YkcOu|
—U©X‚›²Þkâ»íñ(GÕá£sèF©
qo¯`ލ5‚d§êûP
ÁüÛ÷S!ÕÊׄ6kî vhzí][²;À,Îä‚õÝØ°ïØj6ø¤4(&ZNdHÖF›¨,Í)S˜öò¦àqîgá–J8[*ú 
-¨J)?Ša]zf‘í½ÕMš¡VOõ9õjkPŸÀ†›¹ò÷´ÃWn¾Íé’2‰sùɆ—VÎslpCPü£[òÅ]-8¢JE׺ÔU•ÔÖü½ËúšPéТјÃ÷®;>©ˆhø/‘4¡&#VõE)VݱJsŒ¾ø®¯sMº3X
Yï
£oe}{R¾ð„†²YٗƏT …rÑå¾G±J5X
Ù-
Ç°ÀÓm£P×û¤0#\hÀÀÆ8³™|/tÚ
C|ŽÎ9[ܬZPñ£áªôTD²û¤æÀ³CU¯
ÝöÐï|XLwLMIëeüžºìÚl¦ÙóË8
*ðó{Ó]··å–ü®rO,”LÞKRšõï»0>Æí»íŒ–~å>~<ö
R”¦

___
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev