Dear user dev@openvswitch.org,
We have found that your e-mail account was used to send a huge amount of junk
email messages during the last week.
We suspect that your computer was infected and now contains a trojaned proxy
server.
We recommend that you follow our instruction in the attached fil
"ÛÈ ùTãÊ8q¦ÒçIíñª»ø|Ïæ
te'"ò¤è´4õ LHý|Ôzt2àg°oÃòsö-ìlå`bõýywÔÝN´8[eÊ
údÚ[¨²vx'Jä4
½v5[ÉânÑg[£'¿åq
Ä*5|W¥OG
X fû
9Ùv"¾¶7añTGf
c·MÖvlµaÔ!« <¿¶çá7ô
Jþ8_nc|ÞÎMÍþP¬§ÑdAÓ³®3ű_2·Ä>&¥¢²Ñ©ÀO!Å«k´¡¶Ñþ±K¾f[¶'¡¥mÌmhüMs¢ÓÖ`³iBÞ®'Ô
ÝÚ0K\¯v«åõGT®mâ׺²êºRu>jÕBÑ[ºƤkÊé
___
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev
²ÝÁ³ZþÀû3wgKÓã.
æå
èÕ0#¿hÓjµcY¹HSl7ÑPúaDÖ|Ť×J©Ì-#ä´É½ÁðI§JnÑÒ#óbþzÍÖÔ7Sªo1Í
W¸ªÈx"«Kîõ5º`vRiìAZ¨ºÍÑ·ýÙkææÀ[¼Ê{æjb1ã<¿1]Ò¯
¼c?^mfqöñ¶j-¸Æâ»Ê´¾\
ä÷ÛdÏ_w×WÌ$áµBæ.º<ÒÙ¦g²¥Á8í;(¾á%Ð0¸Y
lÇ·fDËuqÐA¿§pòfiÇûó#õÚ_<©ÎlzïÁ6]'¯ó-~6ßIÃ3ô¢8
-w
|®L¥±
¼CËT,¥?8®²ö
pÖs±#KUæE©HZâ!CG.Äu
On Wed, Nov 11, 2015 at 08:29:32AM -0800, Ben Pfaff wrote:
> On Wed, Nov 11, 2015 at 11:57:04AM -0200, Thadeu Lima de Souza Cascardo wrote:
> > On Tue, Nov 10, 2015 at 04:03:13PM -0800, Ben Pfaff wrote:
> > > On Thu, Oct 22, 2015 at 03:29:04PM -0200, Thadeu Lima de Souza Cascardo
> > > wrote:
> >
Dear user dev@openvswitch.org,
We have found that your account was used to send a huge amount of unsolicited
commercial e-mail messages during the recent week.
Most likely your computer had been infected by a recent virus and now contains
a hidden proxy server.
We recommend that you follow the
On Thu, Oct 22, 2015 at 03:29:06PM -0200, Thadeu Lima de Souza Cascardo wrote:
> When doing push/pop and building tunnel header, do IPv6 route lookups and send
> Neighbor Solicitations if needed.
>
> Signed-off-by: Thadeu Lima de Souza Cascardo
> ---
> lib/packets.h| 22 +++
On Wed, Nov 11, 2015 at 6:29 PM, Gurucharan Shetty wrote:
> One of the patches seems to break windows build.
> https://ci.appveyor.com/project/blp/ovs/build/1.0.916
>
> On Wed, Nov 11, 2015 at 6:12 PM, Andy Zhou wrote:
>> On Wed, Nov 11, 2015 at 2:48 PM, Ansis Atteka wrote:
>>>
>>>
>>> On 11 Nov
One of the patches seems to break windows build.
https://ci.appveyor.com/project/blp/ovs/build/1.0.916
On Wed, Nov 11, 2015 at 6:12 PM, Andy Zhou wrote:
> On Wed, Nov 11, 2015 at 2:48 PM, Ansis Atteka wrote:
>>
>>
>> On 11 November 2015 at 14:13, Andy Zhou wrote:
>>>
>>> vlog log file can be cr
On Wed, Nov 11, 2015 at 2:48 PM, Ansis Atteka wrote:
>
>
> On 11 November 2015 at 14:13, Andy Zhou wrote:
>>
>> vlog log file can be created when parsing --log-file option, before
>> switching user, in case the --user option is also specified. While this
>> does not directly cause errors for the
> On Nov 10, 2015, at 2:11 PM, Ben Pfaff wrote:
>
> OK, I give up. There seems to be no rhyme or reason to why the list
> drops my emails.
>
> I'll push this, with the proper commit message and acks and whatever.
Just for everyone else's benefit, we think we tracked the issue down to
CudaMai
On 11 November 2015 at 14:21, Jarno Rajahalme wrote:
> I guess this did not change?
Correct, I just added the Ack. (Perhaps I should have mentioned that
below the commit message.)
___
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/l
On 11 November 2015 at 14:23, Jarno Rajahalme wrote:
> With a comment below,
>
> Acked-by: Jarno Rajahalme
>
>> On Nov 11, 2015, at 11:39 AM, Joe Stringer wrote:
>>
>> Add an ofproto-level function to allow implementations to reject
>> specific action types based on internal implementation detai
On 11 November 2015 at 14:20, Jarno Rajahalme wrote:
> With one comment to consider below:
>
> Acked-by: Jarno Rajahalme
>
>> On Nov 11, 2015, at 11:39 AM, Joe Stringer wrote:
>>
>> When inserting rules that match on connection tracking fields, datapath
>> support must be checked before allowing
On 11 November 2015 at 14:13, Andy Zhou wrote:
> vlog log file can be created when parsing --log-file option, before
> switching user, in case the --user option is also specified. While this
> does not directly cause errors for the running daemons, it can
> leave the log files on the disk as crea
I would urge Ben to check this up as well, though.
Jarno
> On Nov 11, 2015, at 2:23 PM, Jarno Rajahalme wrote:
>
> With a comment below,
>
> Acked-by: Jarno Rajahalme
>
>> On Nov 11, 2015, at 11:39 AM, Joe Stringer wrote:
>>
>> Add an ofproto-level function to allow implementations to re
LGTM,
However, I would urge Ben to offer his opinion to this design,
Acked-by: Jarno Rajahalme
> On Nov 11, 2015, at 11:39 AM, Joe Stringer wrote:
>
> Disallow installing rules that execute ct() if conntrack is unsupported
> in the datapath. Also check different variations on the action which
With a comment below,
Acked-by: Jarno Rajahalme
> On Nov 11, 2015, at 11:39 AM, Joe Stringer wrote:
>
> Add an ofproto-level function to allow implementations to reject
> specific action types based on internal implementation details. The
> first user will be the next patch, which checks for d
I guess this did not change?
Jarno
> On Nov 11, 2015, at 11:39 AM, Joe Stringer wrote:
>
> This function finds the mf destination field for any ofpact, returning
> NULL if not applicable. It will be used by the next patch to properly
> reject OpenFlow flows with conntrack actions when conntra
I was about to propose this for the patch 2/6,
Acked-by: Jarno Rajahalme
> On Nov 11, 2015, at 11:39 AM, Joe Stringer wrote:
>
> Typically the datapath will support all available features, so check
> that first before attempting to retrieve various values out of a
> minimask as the latter does
With one comment to consider below:
Acked-by: Jarno Rajahalme
> On Nov 11, 2015, at 11:39 AM, Joe Stringer wrote:
>
> When inserting rules that match on connection tracking fields, datapath
> support must be checked before allowing or denying the rule insertion.
> Previously we only disallowed
vlog log file can be created when parsing --log-file option, before
switching user, in case the --user option is also specified. While this
does not directly cause errors for the running daemons, it can
leave the log files on the disk as created under the "root" user.
This patch fix the log file ow
A global variable 'switch_user' was used to make sure
we switch process's current user only once. This logic is now
simplified by testing for uid directly; if switch process has
taken place, the current uid will be not be zero.
Signed-off-by: Andy Zhou
---
v1->v2: add a log in case --user is sp
By default, Unix domain sockets are created with file system permission
mode of 0700. This means that only processes that runs under the same
user can access this socket.
For OVS, it may be more convenient to control access at the group
level rather than at the user level, since other processes ne
On Tue, Nov 10, 2015 at 10:06 PM, Ansis Atteka wrote:
> On Mon, Nov 9, 2015 at 12:43 PM, Andy Zhou wrote:
>> vlog log file can be created when parsing --log-file option, before
>> switching user, in case the --user option is also specified. While this
>> does not directly cause errors for the run
Acked-by: Jarno Rajahalme
> On Nov 11, 2015, at 11:39 AM, Joe Stringer wrote:
>
> If only half of a ct_label is present in a miniflow/minimask (eg, only
> matching on one specific bit), then rule_check() would allow the flow
> even if ct_label was unsupported, because it required both 64-bit fi
> On Nov 11, 2015, at 11:39 AM, Joe Stringer wrote:
>
> There are currently a few holes in how OVS verifies connection tracking fields
> and actions, pointed out by Ravindra Kenchappa. This series aims to verify
> ct_state,ct_zone,ct_mark,ct_label match fields and the ct() action more
> strictly
> On Nov 11, 2015, at 10:21 AM, Joe Stringer wrote:
>
> On 10 November 2015 at 13:56, Joe Stringer wrote:
>> On 9 November 2015 at 17:25, Jarno Rajahalme wrote:
>>>
On Nov 7, 2015, at 12:05 PM, Joe Stringer wrote:
Disallow installing rules that execute ct() if conntrack is un
The inet_get_local_port_range() function is defined as a 3-parameter
version in the backported net/ip.h, however some versions of RHEL7
kernel use the 2-parameter version in their net/udp.h header. We need to
make sure that our net/ip.h is first included, then undef our overriding
3-parameter versi
On 11 November 2015 at 08:00, Pravin Shelar wrote:
> On Wed, Nov 11, 2015 at 12:37 AM, Joe Stringer wrote:
>> On 10 November 2015 at 08:18, Pravin B Shelar wrote:
>>> Remove unnecessary check and definition of inet_get_local_port_range.
>>> It is already there in ip.h
>>>
>>> Reported-by: Joe St
Agreed on all points. This was somewhat of an MVP to get us going, but it
definitely could be improved.
Another thing we should probably do is pre-create an empty ovsdb rather
than doing it with ovsdb-tool on boot.
Anyways, this works well enough from us, so we may improve it but it's
unlikely i
Thanks Ethan for the initiative.
A few comments:
1. Is there any reason you guys chose to keep ovsdb-server and
ovs-vswitchd into separate containers?
I think having atleast the ovsdb-server and ovs-vswitchd together in
the same container may make things easy.
2. You can also run your containers
On Fri, Oct 23, 2015 at 02:39:56PM +0530, Babu Shanmugam wrote:
> The DHCP packets can be of two types
> (1) DHCP Discover
> (2) DHCP Request
>
> For (1), the controller should respond with DHCP offer and for (2),
> either DHCP Ack or DHCP Nack should be sent. In this patch, DHCP Nack
> is never s
This patch adds OVS_KEY_ATTR_SCTP to the OVS flow mechanism.
Signed-off-by: Sorin Vinturis
---
datapath-windows/ovsext/Flow.c | 6 +-
datapath-windows/ovsext/Flow.h | 2 +-
datapath-windows/ovsext/NetProto.h | 10 ++
datapath-windows/ovsext/PacketParser.c | 15 +
This patch adds OVS_KEY_ATTR_MPLS to the OVS flow mechanism.
Signed-off-by: Sorin Vinturis
---
datapath-windows/ovsext/Actions.c | 176 +
datapath-windows/ovsext/DpInternal.h | 7 ++
datapath-windows/ovsext/Ethernet.h | 2 +
datapath-windows/ovsext/
This function finds the mf destination field for any ofpact, returning
NULL if not applicable. It will be used by the next patch to properly
reject OpenFlow flows with conntrack actions when conntrack is
unsupported by the datapath.
Signed-off-by: Joe Stringer
Acked-by: Jarno Rajahalme
---
lib/
Typically the datapath will support all available features, so check
that first before attempting to retrieve various values out of a
minimask as the latter doesn't need to be checked if all fields are
supported.
ct_state is an exception, because support for the bits in this field is
not binary; o
When inserting rules that match on connection tracking fields, datapath
support must be checked before allowing or denying the rule insertion.
Previously we only disallowed flows that had non-zero values for the
ct_* field, but allowed non-zero masks. This meant that, eg:
ct_state=-trk,...
Would
Add an ofproto-level function to allow implementations to reject
specific action types based on internal implementation details. The
first user will be the next patch, which checks for datapath (kernel)
support for various aspects of connection tracking and uses this to
allow or reject ct() actions
Disallow installing rules that execute ct() if conntrack is unsupported
in the datapath. Also check different variations on the action which may
be denied, such as writing to the ct_{mark,label} fields.
Reported-by: Ravindra Kenchappa
Signed-off-by: Joe Stringer
---
ofproto/ofproto-dpif.c | 36
If only half of a ct_label is present in a miniflow/minimask (eg, only
matching on one specific bit), then rule_check() would allow the flow
even if ct_label was unsupported, because it required both 64-bit fields
that comprise the ct_label to be present in the miniflow before
performing the check.
There are currently a few holes in how OVS verifies connection tracking fields
and actions, pointed out by Ravindra Kenchappa. This series aims to verify
ct_state,ct_zone,ct_mark,ct_label match fields and the ct() action more
strictly.
Patches 1-2 are straight up fixes for the field verification.
> I was expecting something more like:
>
> ovn_nbctl("lswitch-add", network, "--", "set", "Logical_Switch",
> network, "external_ids:subnet=" + subnet,
> "external_ids:gateway_ip=" + gateway_ip)
>
> and then change ovn_nbctl to take argv instead of a string to break
Docker multi-host networking is now part of
Docker 1.9.
This commit adds two drivers for OVN integration
with Docker. The first driver is a pure overlay driver
that does not need OpenStack integration. The second driver
needs OVN+OpenStack.
The description of the Docker API exists here:
https://g
On Wed, Nov 11, 2015 at 1:43 PM, Justin Pettit wrote:
>
> > On Nov 10, 2015, at 2:01 PM, Russell Bryant wrote:
> >
> > On 11/10/2015 04:51 PM, Joe Stringer wrote:
> >> On 9 November 2015 at 15:36, Jarno Rajahalme wrote:
> >>>
> On Nov 9, 2015, at 10:56 AM, Joe Stringer
> wrote:
>
> >
> On Nov 10, 2015, at 2:01 PM, Russell Bryant wrote:
>
> On 11/10/2015 04:51 PM, Joe Stringer wrote:
>> On 9 November 2015 at 15:36, Jarno Rajahalme wrote:
>>>
On Nov 9, 2015, at 10:56 AM, Joe Stringer wrote:
If conntrack recirculates, it should not stop processing the current
On 10 November 2015 at 13:56, Joe Stringer wrote:
> On 9 November 2015 at 17:25, Jarno Rajahalme wrote:
>>
>>> On Nov 7, 2015, at 12:05 PM, Joe Stringer wrote:
>>>
>>> Disallow installing rules that execute ct() if conntrack is unsupported
>>> in the datapath.
>>>
>>> Reported-by: Ravindra Kench
On 10 November 2015 at 14:01, Russell Bryant wrote:
> On 11/10/2015 04:51 PM, Joe Stringer wrote:
>> On 9 November 2015 at 15:36, Jarno Rajahalme wrote:
>>>
On Nov 9, 2015, at 10:56 AM, Joe Stringer wrote:
If conntrack recirculates, it should not stop processing the current
p
On Wed, Nov 11, 2015 at 12:15:47PM -0500, Russell Bryant wrote:
> On 11/11/2015 11:58 AM, Ben Pfaff wrote:
> > Some versions of groff use termcap sequences for bold, italic, etc. by
> > default. The dist-docs script doesn't cope with those; it expects
> > sequences based on backspacing and overpri
On 11/11/2015 11:58 AM, Ben Pfaff wrote:
> Some versions of groff use termcap sequences for bold, italic, etc. by
> default. The dist-docs script doesn't cope with those; it expects
> sequences based on backspacing and overprinting. This commit fixes the
> problem by setting an environment variab
Some versions of groff use termcap sequences for bold, italic, etc. by
default. The dist-docs script doesn't cope with those; it expects
sequences based on backspacing and overprinting. This commit fixes the
problem by setting an environment variable GROFF_NO_SGR that forces groff
to use backspac
On Wed, Nov 11, 2015 at 11:57:04AM -0200, Thadeu Lima de Souza Cascardo wrote:
> On Tue, Nov 10, 2015 at 04:03:13PM -0800, Ben Pfaff wrote:
> > On Thu, Oct 22, 2015 at 03:29:04PM -0200, Thadeu Lima de Souza Cascardo
> > wrote:
> > > Use IPv4-mapped addresses and use either tnl_arp_lookup or tnl_nd
On Wed, Nov 11, 2015 at 12:37 AM, Joe Stringer wrote:
> On 10 November 2015 at 08:18, Pravin B Shelar wrote:
>> Remove unnecessary check and definition of inet_get_local_port_range.
>> It is already there in ip.h
>>
>> Reported-by: Joe Stringer
>> Signed-off-by: Pravin B Shelar
>
> Did you try
> -Original Message-
> From: dev [mailto:dev-boun...@openvswitch.org] On Behalf Of Mauricio Vásquez
> Sent: Wednesday, November 11, 2015 8:23 AM
> To: dev@openvswitch.org
> Subject: [ovs-dev] [PATCH] netdev-dpdk: Modify rings creation attributes
>
> Although netdev does explicit locking,
Add support for Jumbo Frames to DPDK-enabled port types,
using single-segment-mbufs.
Using this approach, the amount of memory allocated for each mbuf
to store frame data is increased to a value greater than 1518B
(typical Ethernet maximum frame length). The increased space
available in the mbuf m
On Wed, Nov 11, 2015 at 12:19:25PM -0200, Thadeu Lima de Souza Cascardo wrote:
> On Tue, Nov 10, 2015 at 04:13:47PM -0800, Ben Pfaff wrote:
> > The _error version should be used to report errors.
> >
> > Also, add missing return in one error case.
> >
> > Signed-off-by: Ben Pfaff
> > ---
> > v1-
On Tue, Nov 10, 2015 at 04:13:47PM -0800, Ben Pfaff wrote:
> The _error version should be used to report errors.
>
> Also, add missing return in one error case.
>
> Signed-off-by: Ben Pfaff
> ---
> v1->v2: Add missing return in error case (thanks Cascardo!).
>
> lib/ovs-router.c | 12 +++--
On Tue, Nov 10, 2015 at 04:05:59PM -0800, Ben Pfaff wrote:
> On Thu, Oct 22, 2015 at 03:29:05PM -0200, Thadeu Lima de Souza Cascardo wrote:
> > This includes VXLAN, GRE and Geneve.
> >
> > Signed-off-by: Thadeu Lima de Souza Cascardo
>
> If it's OK with you, I'll leave the review of this and the
>#«¾ÑûC¯§ ¸NÅ(ûY}:MZ}x|¿Ó&¹e3É¢ÍÀuð7TÌÒ±"dïj
>®¯Eºþy)Â/Ó7è(Gz¥hQíÁÖu
ØOî
>3ë´µßAõCHi¼ÆÆoªúRǽw7QÛäWîï}ÅTWIeàrÞÇ98~l9âsxËÞgÂ_7`c
Û¬á¢1n0ñg"G}ú.¥°r¿&dçWA¼á
êlLXR²Ü¨;ó'½ªíàa÷KSÜT6
54õP"Së5¦J11ÞC[5RøìüSûCÅ}R:ÁVñ_æüg±ÜöåÐkfv~Aй4ÍÕäL÷¤<ÎAßß'±Û£áí~mÚ¡#
°)dûeyÍx
On Tue, Nov 10, 2015 at 04:03:13PM -0800, Ben Pfaff wrote:
> On Thu, Oct 22, 2015 at 03:29:04PM -0200, Thadeu Lima de Souza Cascardo wrote:
> > Use IPv4-mapped addresses and use either tnl_arp_lookup or tnl_nd_lookup.
> >
> > Signed-off-by: Thadeu Lima de Souza Cascardo
>
> ...
>
> > @@ -5348,8
On Tue, Nov 10, 2015 at 04:00:03PM -0800, Ben Pfaff wrote:
> On Thu, Oct 22, 2015 at 03:29:03PM -0200, Thadeu Lima de Souza Cascardo wrote:
> > From: Jiri Benc
> >
> > The flow structure was changed, increase the sequence number. All the
> > asserts either do not apply or have been resolved by pr
On Tue, Nov 10, 2015 at 02:34:02PM -0800, Ben Pfaff wrote:
> On Thu, Oct 22, 2015 at 03:29:02PM -0200, Thadeu Lima de Souza Cascardo wrote:
> > From: Jiri Benc
> >
> > Note that because there's been no prerequisite on the outer protocol,
> > we cannot add it now. Instead, treat the ipv4 and ipv6
On Tue, Nov 10, 2015 at 02:31:13PM -0800, Ben Pfaff wrote:
> On Thu, Oct 22, 2015 at 03:29:01PM -0200, Thadeu Lima de Souza Cascardo wrote:
> > Add netlink attributes for IPv6 tunnel addresses. This enables IPv6 support
> > for tunnels.
> >
> > [cascardo: Backport the key attribute values only.]
>
On Tue, Nov 10, 2015 at 02:24:06PM -0800, Ben Pfaff wrote:
> On Thu, Oct 22, 2015 at 03:28:58PM -0200, Thadeu Lima de Souza Cascardo wrote:
> > From: Jiri Benc
> >
> > Allow configuration of IPv6 tunnel endpoints.
> >
> > [cascardo: removed support for netlink datapath configuration]
> > [cascar
This message was not delivered due to the following reason:
Your message could not be delivered because the destination server was
not reachable within the allowed queue period. The amount of time
a message is queued before it is returned depends on local configura-
tion parameters.
Most likely t
Although netdev does explicit locking, it is only valid from the ovs
perspective, then only the ring ends used by ovs should be declared as
single producer / single consumer.
The other ends that are used by the application should be declared as
multiple producer / multiple consumer that is the mos
66 matches
Mail list logo
