On Thu, Jan 21, 2016 at 2:09 PM, Russell Bryant wrote:
> On 01/20/2016 05:59 PM, Ansis Atteka wrote:
>> CentOS, RHEL and Fedora distributions ship with their own Open vSwitch
>> SELinux policy that is too strict and prevents Open vSwitch to work
>> normally out of the box
Hi,
In fact I think we should remove any Discretionary Access Control (--user) and
?implement proper Mandatory Access Control (SELinux and Apparmor) support.
Unless anyone can bring up a good case to keep and/or extend DAC feature in OVS.
The link you posted seems to mention Apparmor as the r
On 26 January 2016 at 11:06, Aaron Conole wrote:
> I should be on the discuss mailing list. Let me just state a big _YES_ I
> am working on this problem from multiple facets.
> Ansis Atteka writes:
> > Hi,
> >
> >
> > In fact I think we should remove
E connect(5, AF=1
> "/var/run/openvswitch/vhost-user-1", 35): Permission denied
> $ sudo chown root:kvm /var/run/openvswitch/vhost-user-1
> $ sudo chmod g+w /var/run/openvswitch/vhost-user-1
> srwxrwxr-x 1 root kvm 0 Jan 26 10:47 vhost-user-1=
> $ sudo -u libvirt-qemu s
On 27 January 2016 at 02:30, Christian Ehrhardt <
christian.ehrha...@canonical.com> wrote:
>
> On Wed, Jan 27, 2016 at 9:29 AM, Ansis Atteka
> wrote:
>
>>
>>
>> On 26 January 2016 at 11:07, Christian Ehrhardt <
>> christian.ehrha...@canonical.com>
On 27 January 2016 at 12:42, Flavio Leitner wrote:
> On Tue, 19 Jan 2016 22:50:26 -0800
> Ansis Atteka wrote:
>
> > CentOS, RHEL and Fedora distributions ship with their own Open vSwitch
> > SELinux policy that is too strict and prevents Open vSwitch to work
> &
On Fri, Dec 18, 2015 at 10:27 AM, Aaron Conole wrote:
> The current DPDK vhost socket user and group permissions are derived
> during creation from the DPDK library. This patch adds an action, post
> socket creation, to change the socket permissions and ownership to
> support multi-user systems.
>
On 29 January 2016 at 12:10, Serge Hallyn wrote:
> Quoting Christian Ehrhardt (christian.ehrha...@canonical.com):
> > On Wed, Jan 27, 2016 at 8:26 PM, Ansis Atteka
> wrote:
> >
> > >
> > >
> > > On 27 January 2016 at 02:30, Christian Ehrhardt &l
On 2 February 2016 at 17:56, Daniele Di Proietto
wrote:
> If ovs-vswitchd crashes, it will not be able to recreate the same
> vhost user ports, since the socket will still be in the file system.
>
> This commit introduces an unlink() before creation to remove an eventual
> preexisting vhost user
On 2 February 2016 at 23:33, Serge Hallyn wrote:
> Quoting Ansis Atteka (ansisatt...@gmail.com):
> > On 29 January 2016 at 12:10, Serge Hallyn
> wrote:
> > > Sorry I've not really had anything to add here, I'm just not familiar
> > > enough with the ovs c
On 5 February 2016 at 00:53, Aaron Conole wrote:
> Hi Ansis,
>
> Ansis Atteka writes:
> > On 2 February 2016 at 17:56, Daniele Di Proietto >
> > wrote:
> >
> >> If ovs-vswitchd crashes, it will not be able to recreate the same
> >> vhost user p
Otherwise, "ovs-ctl force-reload-kmod ..." command fails with:
Detected internal interfaces: br-int p1[ OK ]
Saving flows /usr/share/openvswitch/scripts/ovs-ctl:
line 267: /usr/share/openvswitch/scripts/ovs-save: No such file or directory
From: Ansis Atteka
CentOS, RHEL and Fedora distributions ship with their own Open vSwitch
SELinux policy that is too strict and prevents Open vSwitch to work
normally out of the box.
As a solution, this patch introduces a new package which will "loosen"
up "openvswitch_t" SE
On 16 February 2016 at 07:33, Aaron Conole wrote:
> Thanks for this work, Ansis!
>
> Ansis Atteka writes:
>
> > From: Ansis Atteka
> >
> > CentOS, RHEL and Fedora distributions ship with their own Open vSwitch
> > SELinux policy that is too strict and preven
end_packet() leading to
a deadlock.
The patch fixes this deadlock by using fat_rwlock that still allows
to acquire read lock in recursive manner.
VMware-BZ: #1425671
Reported-by: Scott Hendricks
Signed-off-by: Ansis Atteka
---
ofproto/ofproto-dpif-xlate.c | 16
ofproto/ofproto-dp
On Mon, Apr 6, 2015 at 10:19 PM, Ben Pfaff wrote:
> On Mon, Apr 06, 2015 at 09:18:58PM -0700, Ansis Atteka wrote:
>> This patch fixes a deadlock introduced by commit 6b59b543 (ovs-thread:
>> Use fair (but nonrecursive) rwlocks on glibc.)
>>
>> If STP is enabled, then
uot;ubuntu" directory and
then in other directories. If there were two openvswitch.ko modules
in "other directories", then modprobe would have loaded that kernel
module that was nondeterministically listed by file system.
Signed-off-by: Ansis Atteka
---
debian/rules.modules |
On Tue, May 26, 2015 at 6:12 PM, Ben Pfaff wrote:
> On Tue, May 26, 2015 at 05:46:38PM -0700, Ansis Atteka wrote:
>> This patch fixes a bug where "modprobe openvswitch" command on Ubuntu
>> distribution would have sometimes tried to load OVS kernel module that
>&
Transport protocol ports should be taken into account when doing route
lookup because IPsec policies will depend on them. This will be
used in upcoming commit that introduces IPsec support for Ethernet
over L4 tunneling protocols.
Signed-Off-By: Ansis Atteka
---
datapath/compat.h | 5
)
This patch was tested with strongSwan 5.1.2 that comes with
Ubuntu 15.04.
Signed-Off-By: Ansis Atteka
---
INSTALL.IPsec.md | 97 +++
Makefile.am |1 +
NEWS |1 +
README.md|3 +
debian/control
Hi Franck
On 8 June 2015 at 09:34, Franck BAUDIN wrote:
> Hello,
>
> Conntrack looks in very good progress on
> https://github.com/justinpettit/ovs.git
>
> However, I didn't find any code related to "nfqueue" openvswitch action,
> neither on
> https://github.com/tgraf/ovs.git.
>
> Is the nfqueu
On Fri, Jun 12, 2015 at 5:50 AM, Franck Baudin wrote:
> Hi Ansis,
>
>
> On 06/09/15 22:59, Ansis Atteka wrote:
>>
>> Hi Franck
>> On 8 June 2015 at 09:34, Franck BAUDIN > <mailto:franck.bau...@qosmos.com>> wrote:
>>
>> Hello,
>>
.
Signed-Off-By: Ansis Atteka
---
NEWS | 2 +
include/openvswitch/vlog.h | 8
lib/automake.mk| 5 +++
lib/syslog-direct.c| 98 ++
lib/syslog-direct.h| 22 +++
lib/syslog-libc.c
and. Also, this command, for example, makes it obvious to user that,
if one uses libc syslog() call to log messages, then libc syslog() call
would add extra prefix to every log message that Open vSwitch sends to
syslog server.
Signed-Off-By: Ansis Atteka
---
NEWS | 2 +
On Wed, Jun 17, 2015 at 7:53 AM, Ben Pfaff wrote:
> On Wed, Jun 17, 2015 at 12:53:54AM -0700, Ansis Atteka wrote:
>> While it is possible to change PATTERN (a.k.a. logging format) for
>> destinations with vlog/set command, it is currently not possible to
>> retrieve logging
On Wed, Jun 17, 2015 at 7:51 AM, Ben Pfaff wrote:
> On Wed, Jun 17, 2015 at 12:53:53AM -0700, Ansis Atteka wrote:
>> This patch helps to address two issues on Ubuntu 15.04 (and most likely
>> other Linux distributions) when rsyslog daemon is configured to relay
>> log m
Looks good to me.
On Mon, Dec 30, 2013 at 11:39 AM, Ben Pfaff wrote:
> An ovsdb-server test had a literal carriage return in a check that
> validates a directory name. It isn't really necessary (who puts a carriage
> return in a directory name?) and it does cause problems for passing around
> pa
Without these two iptables rules (one for UDP encapsulated IPsec and
another for direct IPsec), ovs-vswitchd would incorrectly conclude
that GRE packet belonged to a plain GRE tunnel instead of IPsec GRE
tunnel.
Reported-by: Aryan TaheriMonfared
Reported-by: Daniel Hiltgen
Signed-off-by: Ansis
On Tue, Jan 21, 2014 at 11:14 AM, Gurucharan Shetty wrote:
> On Mon, Jan 20, 2014 at 5:55 PM, Ansis Atteka wrote:
>> Without these two iptables rules (one for UDP encapsulated IPsec and
>> another for direct IPsec), ovs-vswitchd would incorrectly conclude
>> that GRE packe
OVSDB, if it has to wait cur_cfg field to be updated.
Issue: 1191997
Reported-by: Spiro Kourtessis
Signed-Off-By: Ansis Atteka
---
lib/jsonrpc.c | 8
lib/jsonrpc.h | 1 +
lib/ovsdb-idl.c | 8
lib/ovsdb-idl.h | 1 +
utilities/ovs-vsctl.c | 5 +
5
Thanks for review. I pushed this to branches where issue was observed
- master and 2.1.
On Wed, Feb 19, 2014 at 10:22 AM, Ben Pfaff wrote:
> On Tue, Feb 18, 2014 at 02:34:58PM -0800, Ansis Atteka wrote:
>> If ovs-vsctl has to wait for ovs-vswitchd to reconfigure itself
>> accor
Here is another idea:
Use strongSwan to negotiate IPsec_* tunnels
Currently ovs-monitor-ipsec uses racoon to negotiate IPsec flavored
tunnels. Besides racoon, there are also some other IPsec keying
daemons (e.g. strongSwan, racoon2, open
sible side effect of this patch is that ovs-ofctl
might ignore some error messages that resulted in failed
OFPC_ADD.
Signed-off-by: Ansis Atteka
---
include/openvswitch/vconn.h |5 +++--
lib/vconn.c | 32 ++
utilities/ovs-ofctl.c
> ovs-vswitchd behavior for other contradictory configurations, so this
> commit changes its behavior so that, if both are enabled, RSTP takes
> precedence.
>
> Reported-by: Daniele Venturino
> Signed-off-by: Ben Pfaff
Acked-by: Ansis Atteka
One small comment below.
&
On Thu, Mar 5, 2015 at 8:59 AM, Ben Pfaff wrote:
> On Wed, Mar 04, 2015 at 11:54:42AM -0800, Ansis Atteka wrote:
>> Until now "ovs-ofctl add-flows ..." command sent each OFPC_ADD
>> request one by one accompanied with a barrier request. This
>> meant that b
On Tue, Mar 10, 2015 at 1:37 PM, Ben Pfaff wrote:
> Otherwise the policing limits could make no sense if large rates were
> specified.
>
> Reported-by: Zhangguanghui
> Signed-off-by: Ben Pfaff
> ---
> AUTHORS|1 +
> lib/netdev-linux.c | 13 +++--
> vswitchd/bridge.c |
On Fri, Mar 13, 2015 at 11:31 AM, Ben Pfaff wrote:
> On Tue, Mar 10, 2015 at 09:28:22PM -0700, Ansis Atteka wrote:
>> On Tue, Mar 10, 2015 at 1:37 PM, Ben Pfaff wrote:
>> > Otherwise the policing limits could make no sense if large rates were
>> > specified.
>>
running in different network namespace
on the same host)
Signed-off-by: Ansis Atteka
---
NEWS | 1 +
lib/vlog.c | 10 ++
2 files changed, 11 insertions(+)
diff --git a/NEWS b/NEWS
index ca22c8e..8bdaf3e 100644
--- a/NEWS
+++ b/NEWS
@@ -21,6 +21,7 @@ Post-v2.4.0
targets to
Hi Andy, I still don't see code changes to init.d script or packaging
postinst scripts.
If you are curious how to test it. Invoke "fakeroot debian/rules
binary" command in a clean OVS git repository. This command will
create Debian packages. And then install these debian packages with
"dpkg -i *.d
On Mon, Sep 14, 2015 at 3:54 PM, Andy Zhou wrote:
> Added functions to drop daemon's root privileges at run time by
> allowing it to run as a different user. Daemons all start
> running as root, then drop to the user by invoking
> daemon_become_new_user() function when they are ready to drop
> roo
On Mon, Sep 14, 2015 at 3:54 PM, Andy Zhou wrote:
> All daemons launched by root can drop their privilege using
s/privilege/privileges
> --user option. See man page update form more details.
s/form/for
>
> Signed-off-by: Andy Zhou
> ---
> NEWS | 1 +
> lib/d
On Mon, Sep 14, 2015 at 3:54 PM, Andy Zhou wrote:
> Runs OVSDB server and OVS Vswichd with --monitor option. This features
How about:
s/OVSDB server/ovsbd-server
s/OVS Vswitchd/ovs-vswitchd
s/features/feature
> is useful for testing daemon monitoring, and in conjunction with
This does not read flu
On Mon, Sep 14, 2015 at 3:54 PM, Andy Zhou wrote:
> ovs-dev.py "run" command now accepts the "--user" option for runing
> all ovs daemons as "user". The argument can be speicfied in
> "user[:group]" format.
>
> '-u' is an short hand option that, if ovs-dev.py is lauch as a non-root
s/an/a
s/lauch/
On Mon, Sep 14, 2015 at 3:54 PM, Andy Zhou wrote:
> RUNDIR seems to be a better name.
Another option would be to rename it to PATH_PREFIX or simply PREFIX.
I think it is a little bit clearer if the variables in python script
map to ./configure parameter names. Especially since we have
.../var/run
On 18 September 2015 at 15:35, Ben Pfaff wrote:
> On Wed, Sep 16, 2015 at 07:29:30PM -0700, Ansis Atteka wrote:
> > Commit fe089c0d1e18 ("vlog: abstract out interface to syslog daemon")
> > introduced --syslog-method flag that supersedes --syslog-target flag by:
>
It seems that we haven't defined clear process on how features should
be removed from OVS. This patch attempts to document this process.
Singed-off-by: Ansis Atteka
---
CONTRIBUTING.md | 31 +++
1 file changed, 31 insertions(+)
diff --git a/CONTRIBUTING
On 19 September 2015 at 09:37, Ben Pfaff wrote:
> On Fri, Sep 18, 2015 at 04:09:48PM -0700, Ansis Atteka wrote:
> > On 18 September 2015 at 15:35, Ben Pfaff wrote:
> >
> > > On Wed, Sep 16, 2015 at 07:29:30PM -0700, Ansis Atteka wrote:
> > > > Commit fe089c0
On Mon, Sep 14, 2015 at 3:54 PM, Andy Zhou wrote:
> Common implementation for daemons to support the --user option which
> accepts "user:group" string as input. Performs sanity check on the
> input, and store the converted uid and gid.
>
> daemon_become_new_user() needs to be called to make the ac
On Tue, Sep 22, 2015 at 4:21 AM, Thadeu Lima de Souza Cascardo
wrote:
> On Sat, Sep 19, 2015 at 01:22:39PM -0700, Ansis Atteka wrote:
>> It seems that we haven't defined clear process on how features should
>> be removed from OVS. This patch attempts to document this process.
Thanks for review, I pushed this.
On Tue, Sep 29, 2015 at 4:49 PM, Ben Pfaff wrote:
> On Sat, Sep 19, 2015 at 02:14:45PM -0700, Ansis Atteka wrote:
>> On 19 September 2015 at 09:37, Ben Pfaff wrote:
>>
>> > On Fri, Sep 18, 2015 at 04:09:48PM -0700, Ansis Atteka wrote
Thanks for review, I pushed this after addressing typos.
On Mon, Sep 21, 2015 at 8:47 AM, Flavio Leitner wrote:
> On Sat, Sep 19, 2015 at 01:22:39PM -0700, Ansis Atteka wrote:
>> It seems that we haven't defined clear process on how features should
>> be removed from OVS. Th
dy.
4. directory where rpm packages that were just built can be found.
5. mention SElinux implications that could prevent OVS from starting,
if not using designated OVS directories.
Signed-off-by: Ansis Atteka
---
INSTALL.Fedora.md | 33 +++--
1 file changed, 27 inser
directories.
Signed-off-by: Ansis Atteka
---
INSTALL.RHEL.md | 11 ++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/INSTALL.RHEL.md b/INSTALL.RHEL.md
index 8746bc6..9aefc09 100644
--- a/INSTALL.RHEL.md
+++ b/INSTALL.RHEL.md
@@ -5,7 +5,7 @@ This document describes how to build and
default on CentOS by the way).
Signed-off-by: Ansis Atteka
---
rhel/openvswitch.spec.in | 1 +
1 file changed, 1 insertion(+)
diff --git a/rhel/openvswitch.spec.in b/rhel/openvswitch.spec.in
index 0ec65be..4a2076c 100644
--- a/rhel/openvswitch.spec.in
+++ b/rhel/openvswitch.spec.in
@@ -120,6
On Fri, Oct 2, 2015 at 12:52 PM, Andy Zhou wrote:
> On Fri, Oct 2, 2015 at 6:06 AM, Flavio Leitner wrote:
>> On Thu, Oct 01, 2015 at 03:47:12PM -0700, Andy Zhou wrote:
>>> > Our default systemd unit files don't make use of the --user option that
>>> > requires this library, but conceivably someon
On Sun, Oct 4, 2015 at 6:19 PM, Kyle Mestery wrote:
> On Sun, Oct 4, 2015 at 5:20 PM, Ansis Atteka wrote:
>>
>> Mention:
>> 1. that these instructions have been tested with Fedora 22.
>> 2. dependencies that need to be installed on Fedora 22. Otherwise,
>>rp
On Sun, Oct 4, 2015 at 6:19 PM, Kyle Mestery wrote:
> On Sun, Oct 4, 2015 at 5:20 PM, Ansis Atteka wrote:
>>
>> Mention:
>> 1. that these instructions have been tested with CentOS 7 (which is
>>almost identical distribution to RHEL 7).
>> 2. directory where
On Mon, Oct 5, 2015 at 6:38 PM, Andy Zhou wrote:
> libcap-ng is going to be required to build Debian packages. Daemons
> will run as the ovs user and group, instead of root, to improve
> security.
>
> Signed-off-by: Andy Zhou
I would also update ./debian/control file corresponding sections.
Basi
On Tue, Oct 6, 2015 at 10:32 AM, Ansis Atteka wrote:
> On Mon, Oct 5, 2015 at 6:38 PM, Andy Zhou wrote:
>> libcap-ng is going to be required to build Debian packages. Daemons
>> will run as the ovs user and group, instead of root, to improve
>> security.
>>
>>
On 5 October 2015 at 18:38, Andy Zhou wrote:
> Replace hard coded root user and group with OVS_USER and OVS_GROUP.
>
> Signed-off-by: Andy Zhou
> ---
> utilities/ovs-ctl.in | 3 +++
> utilities/ovs-lib.in | 6 +++---
> 2 files changed, 6 insertions(+), 3 deletions(-)
>
> diff --git a/utilities/
On 5 October 2015 at 18:38, Andy Zhou wrote:
> Add option to ovs-ctl script to specify whether to start the daemons as
> root user or ovs user. The default is 'run-as-root', which preserve
>
s/preserve/preserves
> the scripts' current behavior.
>
s/script/script's
>
> Signed-off-by: Andy Zhou
On Mon, Oct 5, 2015 at 6:38 PM, Andy Zhou wrote:
Thanks Andy for doing this! I will have another more careful look at
this patch tomorrow, because I think I somehow managed to get into a
state where after installing debian packages /etc/openvswitch still
belonged to root.
> Changes to Debian pa
On Tue, Oct 6, 2015 at 3:22 PM, Russell Bryant wrote:
> On 10/06/2015 08:20 PM, Flavio Leitner wrote:
>> On Sun, Oct 04, 2015 at 03:20:08PM -0700, Ansis Atteka wrote:
>>> Mention:
>>> 1. that these instructions have been tested with Fedora 22.
>>> 2. depen
On Wed, Oct 7, 2015 at 8:20 PM, Andy Zhou wrote:
> On Wed, Oct 7, 2015 at 6:49 PM, Ansis Atteka wrote:
>> On Mon, Oct 5, 2015 at 6:38 PM, Andy Zhou wrote:
>>
>> Thanks Andy for doing this! I will have another more careful look at
>> this patch tomorrow, because I thi
>> We recently changed it from kernel/ to kernel/updates (prior to v2.4
>> release), and the commit message suggests it was previously
>> nondeterministic:
>>
>> commit b519432205c36bda5c7331f77a49eaaa919967ad
>> Author: Ansis Atteka
>> Date: Tue May
On Wed, Oct 14, 2015 at 5:33 PM, Saurabh Mohan
wrote:
> On 10/14/2015 04:58 PM, Ansis Atteka wrote:
>>
>> On Wed, Oct 14, 2015 at 4:08 PM, Ben Pfaff wrote:
>>>
>>> On Wed, Oct 14, 2015 at 03:28:24PM -0700, Joe Stringer wrote:
>>>>
>&
On Thu, Oct 15, 2015 at 4:52 PM, Saurabh Mohan
wrote:
> On 10/15/2015 01:55 PM, Ansis Atteka wrote:
>>
>> On Wed, Oct 14, 2015 at 5:33 PM, Saurabh Mohan
>> wrote:
>>>
>>> On 10/14/2015 04:58 PM, Ansis Atteka wrote:
>>>>
>>
On 2 November 2015 at 13:08, Saurabh Mohan
wrote:
> On 10/16/2015 01:55 PM, Saurabh Mohan wrote:
>
>> On 10/16/2015 11:32 AM, Ansis Atteka wrote:
>>
>>> On Thu, Oct 15, 2015 at 4:52 PM, Saurabh Mohan
>>> wrote:
>>>
>>>> On 10/15/2015 01:5
It is very easy to misuse these macros, because when the COMMAND
returns exit code "0" it is actually considered as if condition
evaluated to "true" and not "false" as some might think.
This patch ensures that this is clearly reflected in documentation.
Signed-of
On Tue, Nov 3, 2015 at 4:07 PM, Ben Pfaff wrote:
> On Tue, Nov 03, 2015 at 04:04:33PM -0800, Ansis Atteka wrote:
>> It is very easy to misuse these macros, because when the COMMAND
>> returns exit code "0" it is actually considered as if condition
>> evaluated to
It is very easy to misuse these macros, because when the COMMAND
returns exit code "0" it is actually considered as if condition
evaluated to "true" and not "false" as some might think.
This patch ensures that this is clearly reflected in documentation.
Signed-of
On Tue, Nov 3, 2015 at 4:22 PM, Ben Pfaff wrote:
> On Tue, Nov 03, 2015 at 04:19:16PM -0800, Ansis Atteka wrote:
>> It is very easy to misuse these macros, because when the COMMAND
>> returns exit code "0" it is actually considered as if condition
>> evaluated to
On Sat, Oct 10, 2015 at 1:07 AM, Andy Zhou wrote:
> Global variable 'switch_user' is no longer needed to make sure
> user switch only happens once per process. Testing for uid directly
> simplifies the logic; if switch process has taken place, then the
> currnet uid can not be zero.
s/currnet/curr
On 10 October 2015 at 01:07, Andy Zhou wrote:
> vlog log file can be created when parsing --log-file option, before
switch user, in case the --user option is also specified. This
>
this does not read fluently. How about:
s/switch user/switching user?
does not directly causing errors for the r
On 10 October 2015 at 01:10, Andy Zhou wrote:
> By default, Unix domain sockets are created with file system permission
> mode of 0700. Only the process of the belongs to the same user can
>
How about:
s/Only the process of the belongs to the same user/This means that only
processes that run unde
On 9 November 2015 at 12:43, Andy Zhou wrote:
> A global variable 'switch_user' was used to make sure
> we switch process's current user only once. This logic is now
> simplified by testing for uid directly; if switch process has
> taken place, the current uid will be not be zero.
>
> Signed-off-
On Mon, Nov 9, 2015 at 12:43 PM, Andy Zhou wrote:
> By default, Unix domain sockets are created with file system permission
> mode of 0700. This means that only processes that runs under the same
> user can access this socket.
>
> For OVS, it may be more convenient to control access at the group
>
On Mon, Nov 9, 2015 at 12:43 PM, Andy Zhou wrote:
> vlog log file can be created when parsing --log-file option, before
> switching user, in case the --user option is also specified. While this
> does not directly cause errors for the running daemons, it can
> leave the log files on the disk looks
> +VLOG_FATAL("Failed to change log file ownership.");
>
I would print errno value here and the file name you are actually trying to
change the ownership for. It would simply provide a hint to the users on
what was actually wrong, if it failed.
VLOG_FATAL("Failed to change %s ownership: %s", log_file_name,
ovs_strerror(errno));
And early return from function if log_file_name is NULL to make code look
better.
+}
> +}
> +
>
Otherwise, Acked-by: Ansis Atteka
Thanks for working on this, Andy.
___
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev
On 23 October 2015 at 02:09, Babu Shanmugam wrote:
> The DHCP packets can be of two types
> (1) DHCP Discover
> (2) DHCP Request
>
> For (1), the controller should respond with DHCP offer and for (2),
> either DHCP Ack or DHCP Nack should be sent. In this patch, DHCP Nack
> is never sent. In case
This patch removes unused TNL_F_IPSEC flag.
Issue: 14870
Signed-off-by: Ansis Atteka
---
datapath/tunnel.h|2 +-
include/openvswitch/tunnel.h |1 -
2 files changed, 1 insertion(+), 2 deletions(-)
diff --git a/datapath/tunnel.h b/datapath/tunnel.h
index 7e4d1a6..93ce243
If IPsec policy uses skb mark, then we have to do route look up
with skb mark as well.
Issue: 14870
Signed-off-by: Ansis Atteka
---
datapath/tunnel.c |7 ---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/datapath/tunnel.c b/datapath/tunnel.c
index 6193891..5564d32 100644
The new ovs-monitor-ipsec implementation will use skb marks in
IPsec policies. This patch will configure datapath to use these
skb marks for IPsec tunnel packets.
Issue: 14870
Signed-off-by: Ansis Atteka
---
lib/odp-util.c | 12 +---
lib/odp-util.h |4 ++--
ofproto
All these 3 patches should be applied on branch-1.10.
On Thu, Feb 14, 2013 at 11:50 AM, Ansis Atteka wrote:
> This patch removes unused TNL_F_IPSEC flag.
>
> Issue: 14870
> Signed-off-by: Ansis Atteka
> ---
> datapath/tunnel.h|2 +-
> include/openvswitch/t
On Thu, Feb 14, 2013 at 1:16 PM, Ben Pfaff wrote:
> On Thu, Feb 14, 2013 at 01:13:29PM -0800, Pravin Shelar wrote:
>> On Thu, Feb 14, 2013 at 11:50 AM, Ansis Atteka wrote:
>> > The new ovs-monitor-ipsec implementation will use skb marks in
>> > IPsec policies. This pa
This patch removes unused TNL_F_IPSEC flag.
Issue: 14870
Signed-off-by: Ansis Atteka
---
datapath/tunnel.h|2 +-
include/openvswitch/tunnel.h |2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/datapath/tunnel.h b/datapath/tunnel.h
index 7e4d1a6..93ce243
If IPsec policy uses skb mark, then we have to do route look up
with skb mark as well.
Issue: 14870
Signed-off-by: Ansis Atteka
---
datapath/tunnel.c | 16 +---
1 file changed, 13 insertions(+), 3 deletions(-)
diff --git a/datapath/tunnel.c b/datapath/tunnel.c
index 6193891
The new ovs-monitor-ipsec implementation will use skb marks in
IPsec policies. This patch will configure datapath to use these
skb marks for IPsec tunnel packets.
Issue: 14870
Signed-off-by: Ansis Atteka
---
lib/odp-util.c |9 +
lib/odp-util.h |2 ++
ofproto
The new ovs-monitor-ipsec implementation will use skb marks in
IPsec policies. This patch will configure datapath to use these
skb marks for IPsec tunnel packets.
Issue: 14870
Signed-off-by: Ansis Atteka
---
lib/odp-util.c | 12 ++--
lib/odp-util.h |2 ++
ofproto
On Fri, Feb 15, 2013 at 10:42 AM, Ansis Atteka wrote:
> The new ovs-monitor-ipsec implementation will use skb marks in
> IPsec policies. This patch will configure datapath to use these
> skb marks for IPsec tunnel packets.
>
> Issue: 14870
> Signed-off-by: Ansis Atteka
>
The new ovs-monitor-ipsec implementation will use skb marks in
IPsec policies. This patch will configure datapath to use these
skb marks for IPsec tunnel packets.
Issue: 14870
Signed-off-by: Ansis Atteka
---
lib/odp-util.c | 11 +--
lib/odp-util.h |2 ++
ofproto
On Fri, Feb 15, 2013 at 1:16 PM, Jesse Gross wrote:
> On Fri, Feb 15, 2013 at 11:43 AM, Ansis Atteka wrote:
>> The new ovs-monitor-ipsec implementation will use skb marks in
>> IPsec policies. This patch will configure datapath to use these
>> skb marks for IPsec tunnel
On Mon, Mar 4, 2013 at 9:09 AM, Ernesto Domato wrote:
> Hi everyone, this mail is related to a bug report that I did on Debian
> (#701760) that I wasn't able to resolve yet and want to know if
> someone has the same problem and how could I fix it.
>
> The problem that I'm having is that on shutdow
On Mon, Mar 4, 2013 at 12:08 PM, Ernesto Domato wrote:
> On Mon, Mar 4, 2013 at 4:49 PM, Ansis Atteka wrote:
>> Though, I do agree that, if Open vSwitch was terminated before libvirt
>> for whatever reason, then libvirt still shouldn't hang because of
>> that. And o
On Wed, Mar 6, 2013 at 7:41 AM, Ernesto Domato wrote:
> Sorry for the late response.
>
> On Mon, Mar 4, 2013 at 7:06 PM, Ansis Atteka wrote:
>> On Mon, Mar 4, 2013 at 12:08 PM, Ernesto Domato wrote:
>>
>> If you do not block on interface creation and libvirt/Open vSw
On Thu, Mar 7, 2013 at 7:41 AM, Rajahalme, Jarno (NSN - FI/Espoo)
wrote:
> I recall someone mentioning on this list that the only planned use for
> skb_mark is for ipsec tunneling. At least currently this seems to be the
> case, as the only place where the skb_mark is set to a potentially non-ze
never let through marked but unencrypted packets.
Signed-off-by: Ansis Atteka
Issue: 15074
---
ofproto/ofproto-dpif.c |1 +
ofproto/tunnel.c |3 ---
ofproto/tunnel.h |3 +++
3 files changed, 4 insertions(+), 3 deletions(-)
diff --git a/ofproto/ofproto-dpif.c b/ofproto
On Thu, Mar 14, 2013 at 4:23 PM, Jesse Gross wrote:
> On Thu, Mar 14, 2013 at 2:27 PM, Ansis Atteka wrote:
>> After tunnel packet is unencapsulated we should unset IPsec flag from
>> skb_mark.
>>
>> Otherwise, IPsec policies would be applied one more time on internal
On Fri, Mar 15, 2013 at 1:37 PM, Ben Pfaff wrote:
> Until now, ovs-vsctl has kept trying to the database server until it
> succeeded or the timeout expired (if one was specified with --timeout).
> This meant that if ovsdb-server wasn't running, then ovs-vsctl would hang.
> The result was that almo
On Fri, Mar 15, 2013 at 2:46 PM, Ansis Atteka wrote:
> On Fri, Mar 15, 2013 at 1:37 PM, Ben Pfaff wrote:
>> Until now, ovs-vsctl has kept trying to the database server until it
>> succeeded or the timeout expired (if one was specified with --timeout).
>> This meant that i
101 - 200 of 430 matches
Mail list logo
