Blob Blame History Raw
# Copyright (C) 2009, 2010, 2013, 2014 Nicira Networks, Inc.
#
# Copying and distribution of this file, with or without modification,
# are permitted in any medium without royalty provided the copyright
# notice and this notice are preserved.  This file is offered as-is,
# without warranty of any kind.
#
# If tests have to be skipped while building, specify the '--without check'
# option. For example:
# rpmbuild -bb --without check rhel/openvswitch-fedora.spec

# This defines the base package name's version.

%define pkgname openvswitch2.11

# Enable PIE, bz#955181
%global _hardened_build 1

# RHEL-7 doesn't define _rundir macro yet
# Fedora 15 onwards uses /run as _rundir
%if 0%{!?_rundir:1}
%define _rundir /run
%endif

# FIXME Test "STP - flush the fdb and mdb when topology changed" fails on s390x
# FIXME 2 tests fails on ppc64le. They will be hopefully fixed before official 2.11
%ifarch %{ix86} x86_64 aarch64
%bcond_without check
%else
%bcond_with check
%endif
# option to run kernel datapath tests, requires building as root!
%bcond_with check_datapath_kernel
# option to build with libcap-ng, needed for running OVS as regular user
%bcond_without libcapng

# Build python2 (that provides python) and python3 subpackages on Fedora
# Build only python3 (that provides python) subpackage on RHEL8
# Build only python subpackage on RHEL7
%if 0%{?rhel} > 7 || 0%{?fedora}
# Use Python3
%global _py python3
%global _py2 python2
%global with_python3 1
%if 0%{?fedora}
%global with_python2 1
%else
%global with_python2 0
%endif
# On RHEL8 Sphinx is included in buildroot
%global external_sphinx 1
%global __python %{__python3}
%else
# Use Python2
%global _py python
%global _py2 python
%global with_python2 1
%global with_python3 0
# Don't use external sphinx (RHV doesn't have optional repositories enabled)
%global external_sphinx 0
%global __python %{__python2}
%endif

Name: %{pkgname}
Summary: Open vSwitch
Group: System Environment/Daemons daemon/database/utilities
URL: http://www.openvswitch.org/
Version: 2.11.3
Release: 89%{?dist}

# Nearly all of openvswitch is ASL 2.0.  The bugtool is LGPLv2+, and the
# lib/sflow*.[ch] files are SISSL
# datapath/ is GPLv2 (although not built into any of the binary packages)
License: ASL 2.0 and LGPLv2+ and SISSL

%define dpdkver 18.11.7
%define dpdkdir dpdk
%define dpdksver %(echo %{dpdkver} | cut -d. -f-2)
# NOTE: DPDK does not currently build for s390x
# DPDK on aarch64 is not stable enough to be enabled in FDP
%define dpdkarches x86_64 ppc64le

Source: https://github.com/openvswitch/ovs/archive/v%{version}.tar.gz#/openvswitch-%{version}.tar.gz
Source10: https://fast.dpdk.org/rel/dpdk-%{dpdkver}.tar.xz

%define docutilsver 0.12
%define pygmentsver 1.4
%define sphinxver   1.1.3
Source100: https://pypi.io/packages/source/d/docutils/docutils-%{docutilsver}.tar.gz
Source101: https://pypi.io/packages/source/P/Pygments/Pygments-%{pygmentsver}.tar.gz
Source102: https://pypi.io/packages/source/S/Sphinx/Sphinx-%{sphinxver}.tar.gz

Source500: configlib.sh
Source502: set_config.sh

# Important: source503 is used as the actual copy file
# @TODO: this causes a warning - fix it?
Source504: arm64-armv8a-linuxapp-gcc-config
Source505: ppc_64-power8-linuxapp-gcc-config
Source506: x86_64-native-linuxapp-gcc-config

Patch:     openvswitch-%{version}.patch

# The DPDK is designed to optimize througput of network traffic using, among
# other techniques, carefully crafted assembly instructions.  As such it
# needs extensive work to port it to other architectures.
ExclusiveArch: x86_64 aarch64 ppc64le s390x

# Do not enable this otherwise YUM will break on any upgrade.
# Provides: openvswitch
Conflicts: openvswitch < 2.11
Conflicts: openvswitch-dpdk < 2.11

# dpdk_mach_arch maps between rpm and dpdk arch name, often same as _target_cpu
# dpdk_mach_tmpl is the config template dpdk_mach name, often "native"
# dpdk_mach is the actual dpdk_mach name used in the dpdk make system
%ifarch x86_64
%define dpdk_mach_arch x86_64
%define dpdk_mach_tmpl native
%define dpdk_mach default
%endif
%ifarch aarch64
%define dpdk_mach_arch arm64
%define dpdk_mach_tmpl armv8a
%define dpdk_mach armv8a
%endif
%ifarch ppc64le
%define dpdk_mach_arch ppc_64
%define dpdk_mach_tmpl power8
%define dpdk_mach power8
%endif

%define dpdktarget %{dpdk_mach_arch}-%{dpdk_mach_tmpl}-linuxapp-gcc

# FIXME Sphinx is used to generate some manpages, unfortunately, on RHEL, it's
# in the -optional repository and so we can't require it directly since RHV
# doesn't have the -optional repository enabled and so TPS fails
%if %{external_sphinx}
BuildRequires: %{_py}-sphinx
%else
# Sphinx dependencies
BuildRequires: %{_py}-devel
BuildRequires: %{_py}-setuptools
#BuildRequires: %{_py}-docutils
BuildRequires: %{_py}-jinja2
BuildRequires: %{_py}-nose
#BuildRequires: %{_py}-pygments
# docutils dependencies
BuildRequires: %{_py}-imaging
# pygments dependencies
BuildRequires: %{_py}-nose
%endif

BuildRequires: gcc gcc-c++ make
BuildRequires: autoconf automake libtool
BuildRequires: systemd-units openssl openssl-devel
%if %{with_python3}
BuildRequires: python3-devel python3-six python3-setuptools
%endif
%if %{with_python2}
BuildRequires: %{_py2}-devel %{_py2}-six %{_py2}-setuptools
%endif
BuildRequires: desktop-file-utils
BuildRequires: groff-base graphviz
BuildRequires: unbound-devel
# make check dependencies
BuildRequires: procps-ng
%if %{with_python2}
BuildRequires: pyOpenSSL
%else
BuildRequires: python3-pyOpenSSL
%endif
%if %{with check_datapath_kernel}
BuildRequires: nmap-ncat
# would be useful but not available in RHEL or EPEL
#BuildRequires: pyftpdlib
%endif

%if %{with libcapng}
BuildRequires: libcap-ng libcap-ng-devel
%endif

%ifarch %{dpdkarches}
# DPDK driver dependencies
BuildRequires: zlib-devel numactl-devel
%ifarch x86_64
BuildRequires: rdma-core-devel >= 15 libmnl-devel
%global __requires_exclude_from ^%{_libdir}/openvswitch/librte_pmd_mlx[45]_glue\.so.*$
%endif

# Required by packaging policy for the bundled DPDK
Provides: bundled(dpdk) = %{dpdkver}
%endif

Requires: openssl iproute module-init-tools
#Upstream kernel commit 4f647e0a3c37b8d5086214128614a136064110c3
#Requires: kernel >= 3.15.0-0
Requires: openvswitch-selinux-extra-policy

Requires(pre): shadow-utils
Requires(post): /bin/sed
Requires(post): /usr/sbin/usermod
Requires(post): /usr/sbin/groupadd
Requires(post): systemd-units
Requires(preun): systemd-units
Requires(postun): systemd-units
Obsoletes: openvswitch-controller <= 0:2.1.0-1

%description
Open vSwitch provides standard network bridging functions and
support for the OpenFlow protocol for remote per-flow control of
traffic.

%if %{with_python2}
%package -n %{_py2}-%{pkgname}
Summary: Open vSwitch %{_py2} bindings
License: ASL 2.0
Requires: %{_py2} %{_py2}-six
Requires: %{pkgname} = %{?epoch:%{epoch}:}%{version}-%{release}
%if "%{_py2}" == "python2"
Obsoletes: python-%{pkgname} < 2.6.1-2
Provides: python-%{pkgname} = %{?epoch:%{epoch}:}%{version}-%{release}
%endif

%description -n %{_py2}-%{pkgname}
Python bindings for the Open vSwitch database
%endif

%if %{with_python3}
%package -n python3-%{pkgname}
Summary: Open vSwitch python3 bindings
License: ASL 2.0
Requires: python3 python3-six
Requires: %{pkgname} = %{?epoch:%{epoch}:}%{version}-%{release}
%if ! %{with_python2}
Obsoletes: python-%{pkgname} < 2.10.0-6
Provides: python-%{pkgname} = %{?epoch:%{epoch}:}%{version}-%{release}
%endif

%description -n python3-%{pkgname}
Python bindings for the Open vSwitch database
%endif

%package test
Summary: Open vSwitch testing utilities
License: ASL 2.0
BuildArch: noarch
%if %{with_python2}
Requires: %{_py2}-%{pkgname} = %{?epoch:%{epoch}:}%{version}-%{release}
Requires: %{_py2} %{_py2}-twisted%{?rhel:-web}
Requires: %{_py2}-netifaces
%else
Requires: python3-%{pkgname} = %{?epoch:%{epoch}:}%{version}-%{release}
Requires: python3-netifaces
%endif
Requires: tcpdump

%description test
Utilities that are useful to diagnose performance and connectivity
issues in Open vSwitch setup.

%package devel
Summary: Open vSwitch OpenFlow development package (library, headers)
License: ASL 2.0
Requires: %{pkgname} = %{?epoch:%{epoch}:}%{version}-%{release}

%description devel
This provides shared library, libopenswitch.so and the openvswitch header
files needed to build an external application.

%if 0%{?rhel} > 7 || 0%{?fedora} > 28
%package -n network-scripts-%{name}
Summary: Open vSwitch legacy network service support
License: ASL 2.0
Requires: network-scripts
Supplements: (%{name} and network-scripts)

%description -n network-scripts-%{name}
This provides the ifup and ifdown scripts for use with the legacy network
service.
%endif


%prep
%setup -q -n ovs-%{version} -a 10
%if ! %{external_sphinx}
%setup -n ovs-%{version} -q -D -T -a 100 -a 101 -a 102
%endif

mv dpdk-*/ %{dpdkdir}/

%patch -p1

%build
# Build Sphinx on RHEL
%if ! %{external_sphinx}
export PYTHONPATH="${PYTHONPATH:+$PYTHONPATH:}%{_builddir}/pytmp/lib/python"
for x in docutils-%{docutilsver} Pygments-%{pygmentsver} Sphinx-%{sphinxver}; do
    pushd "$x"
    %{_py} setup.py install --home %{_builddir}/pytmp
    popd
done

export PATH="$PATH:%{_builddir}/pytmp/bin"
%endif

./boot.sh

%ifarch %{dpdkarches}    # build dpdk
# Lets build DPDK first
cd %{dpdkdir}

# In case dpdk-devel is installed
unset RTE_SDK RTE_INCLUDE RTE_TARGET

# Avoid appending second -Wall to everything, it breaks upstream warning
# disablers in makefiles. Strip explicit -march= from optflags since they
# will only guarantee build failures, DPDK is picky with that.
# Note: _hardening_ldflags has to go on the extra cflags line because dpdk is
# astoundingly convoluted in how it processes its linker flags.  Fixing it in
# dpdk is the preferred solution, but adjusting to allow a gcc option in the
# ldflags, even when gcc is used as the linker, requires large tree-wide changes
touch obj.o
gcc -### obj.o 2>&1 | awk '/.*collect2.*/ { print $0}' | sed -e 's/\S*\.res\S*//g' -e 's/-z \S*//g' -e 's/[^ ]*\.o//g' -e 's/ /\n/g' | sort -u > ./noopts.txt
gcc -### $RPM_LD_FLAGS obj.o 2>&1 | awk '/.*collect2.*/ {print $0}' | sed -e 's/\S*\.res\S*//g' -e 's/-z \S*//g' -e 's/[^ ]*\.o//g' -e 's/ /\n/g' | sort -u > ./opts.txt
EXTRA_RPM_LDFLAGS=$(comm -13 ./noopts.txt ./opts.txt)
rm -f obj.o

export EXTRA_CFLAGS="$(echo %{optflags} | sed -e 's:-Wall::g' -e 's:-march=[[:alnum:]]* ::g') -Wformat -fPIC %{_hardening_ldflags}"
export EXTRA_LDFLAGS=$(echo %{__global_ldflags} | sed -e's/-Wl,//g' -e's/-spec.*//')
export HOST_EXTRA_CFLAGS="$EXTRA_CFLAGS $EXTRA_RPM_LDFLAGS"
export EXTRA_HOST_LDFLAGS="$EXTRA_RPM_LDFLAGS $(echo %{__global_ldflags} | sed -e's/-spec.*//')"

# DPDK defaults to using builder-specific compiler flags.  However,
# the config has been changed by specifying CONFIG_RTE_MACHINE=default
# in order to build for a more generic host.  NOTE: It is possible that
# the compiler flags used still won't work for all Fedora-supported
# dpdk_machs, but runtime checks in DPDK will catch those situations.

make V=1 O=%{dpdktarget} T=%{dpdktarget} %{?_smp_mflags} config

cp -f %{SOURCE500} %{SOURCE502} "%{_sourcedir}/%{dpdktarget}-config" .
%{SOURCE502} %{dpdktarget}-config "%{dpdktarget}/.config"

make V=1 O=%{dpdktarget} %{?_smp_mflags}

# Generate a list of supported drivers, its hard to tell otherwise.
cat << EOF > README.DPDK-PMDS
DPDK drivers included in this package:

EOF

for f in $(ls %{dpdk_mach_arch}-%{dpdk_mach_tmpl}-linuxapp-gcc/lib/lib*_pmd_*); do
    basename ${f} | cut -c12- | cut -d. -f1 | tr [:lower:] [:upper:]
done >> README.DPDK-PMDS

cat << EOF >> README.DPDK-PMDS

For further information about the drivers, see
http://dpdk.org/doc/guides-%{dpdksver}/nics/index.html
EOF

cd -
%endif    # build dpdk

# And now for OVS...
mkdir build-shared build-static
pushd build-shared
ln -s ../configure
%configure \
%if %{with libcapng}
        --enable-libcapng \
%else
        --disable-libcapng \
%endif
        --disable-static \
        --enable-shared \
        --enable-ssl \
        --with-pkidir=%{_sharedstatedir}/openvswitch/pki
make %{?_smp_mflags}
popd
pushd build-static
ln -s ../configure
%ifarch %{dpdkarches}
LDFLAGS="%{__global_ldflags} -Wl,-rpath,%{_libdir}/openvswitch" \
%endif
%configure \
%if %{with libcapng}
        --enable-libcapng \
%else
        --disable-libcapng \
%endif
        --enable-ssl \
%ifarch %{dpdkarches}
        --with-dpdk=$(pwd)/../%{dpdkdir}/%{dpdktarget} \
%endif
        --with-pkidir=%{_sharedstatedir}/openvswitch/pki
make %{?_smp_mflags}
popd

/usr/bin/%{_py} build-aux/dpdkstrip.py \
        --dpdk \
        < rhel/usr_lib_systemd_system_ovs-vswitchd.service.in \
        > rhel/usr_lib_systemd_system_ovs-vswitchd.service

%install
rm -rf $RPM_BUILD_ROOT
make -C build-shared install-libLTLIBRARIES DESTDIR=$RPM_BUILD_ROOT
make -C build-static install DESTDIR=$RPM_BUILD_ROOT

install -d -m 0755 $RPM_BUILD_ROOT%{_rundir}/openvswitch
install -d -m 0750 $RPM_BUILD_ROOT%{_localstatedir}/log/openvswitch
install -d -m 0755 $RPM_BUILD_ROOT%{_sysconfdir}/openvswitch

install -p -D -m 0644 rhel/usr_lib_udev_rules.d_91-vfio.rules \
        $RPM_BUILD_ROOT%{_udevrulesdir}/91-vfio.rules

install -p -D -m 0644 \
        rhel/usr_share_openvswitch_scripts_systemd_sysconfig.template \
        $RPM_BUILD_ROOT/%{_sysconfdir}/sysconfig/openvswitch

for service in openvswitch ovsdb-server ovs-vswitchd \
               ovs-delete-transient-ports; do
        install -p -D -m 0644 \
                        rhel/usr_lib_systemd_system_${service}.service \
                        $RPM_BUILD_ROOT%{_unitdir}/${service}.service
done


install -m 0755 rhel/etc_init.d_openvswitch \
        $RPM_BUILD_ROOT%{_datadir}/openvswitch/scripts/openvswitch.init

install -p -D -m 0644 rhel/etc_openvswitch_default.conf \
        $RPM_BUILD_ROOT/%{_sysconfdir}/openvswitch/default.conf

install -p -D -m 0644 rhel/etc_logrotate.d_openvswitch \
        $RPM_BUILD_ROOT/%{_sysconfdir}/logrotate.d/openvswitch

install -m 0644 vswitchd/vswitch.ovsschema \
        $RPM_BUILD_ROOT/%{_datadir}/openvswitch/vswitch.ovsschema

install -d -m 0755 $RPM_BUILD_ROOT/%{_sysconfdir}/sysconfig/network-scripts/
install -p -m 0755 rhel/etc_sysconfig_network-scripts_ifdown-ovs \
        $RPM_BUILD_ROOT/%{_sysconfdir}/sysconfig/network-scripts/ifdown-ovs
install -p -m 0755 rhel/etc_sysconfig_network-scripts_ifup-ovs \
        $RPM_BUILD_ROOT/%{_sysconfdir}/sysconfig/network-scripts/ifup-ovs

%if %{with_python2}
install -d -m 0755 $RPM_BUILD_ROOT%{python_sitelib}
cp -a $RPM_BUILD_ROOT/%{_datadir}/openvswitch/python/ovstest \
        $RPM_BUILD_ROOT%{python_sitelib}
%else
install -d -m 0755 $RPM_BUILD_ROOT%{python3_sitelib}
cp -a $RPM_BUILD_ROOT/%{_datadir}/openvswitch/python/ovstest \
        $RPM_BUILD_ROOT%{python3_sitelib}
%endif

# Build the JSON C extension for the Python lib (#1417738)
pushd python
%if %{with_python2}
(
export CPPFLAGS="-I ../include -I ../build-shared/include"
export LDFLAGS="%{__global_ldflags} -L $RPM_BUILD_ROOT%{_libdir}"
%py2_build
%py2_install
[ -f "$RPM_BUILD_ROOT/%{python2_sitearch}/ovs/_json.so" ]
)
%endif
%if %{with_python3}
(
export CPPFLAGS="-I ../include -I ../build-shared/include"
export LDFLAGS="%{__global_ldflags} -L $RPM_BUILD_ROOT%{_libdir}"
%py3_build
%py3_install
[ -f "$RPM_BUILD_ROOT/%{python3_sitearch}/ovs/_json.cpython-%{python3_version_nodots}m-%{_arch}-%{_target_os}%{?_gnu}.so" ]
)
%endif
popd

rm -rf $RPM_BUILD_ROOT/%{_datadir}/openvswitch/python/

install -d -m 0755 $RPM_BUILD_ROOT/%{_sharedstatedir}/openvswitch

install -d -m 0755 $RPM_BUILD_ROOT%{_prefix}/lib/firewalld/services/

install -p -D -m 0755 \
        rhel/usr_share_openvswitch_scripts_ovs-systemd-reload \
        $RPM_BUILD_ROOT%{_datadir}/openvswitch/scripts/ovs-systemd-reload

touch $RPM_BUILD_ROOT%{_sysconfdir}/openvswitch/conf.db
touch $RPM_BUILD_ROOT%{_sysconfdir}/openvswitch/system-id.conf

%ifarch x86_64
install -d -m 0755 $RPM_BUILD_ROOT%{_libdir}/openvswitch
install -p -m 0755 %{dpdkdir}/%{dpdktarget}/lib/librte_pmd_mlx{4,5}_glue.so.* \
        $RPM_BUILD_ROOT%{_libdir}/openvswitch/
%endif
# remove unpackaged files
rm -f $RPM_BUILD_ROOT/%{_bindir}/ovs-benchmark \
        $RPM_BUILD_ROOT/%{_bindir}/ovs-docker \
        $RPM_BUILD_ROOT/%{_bindir}/ovs-parse-backtrace \
        $RPM_BUILD_ROOT/%{_bindir}/ovs-testcontroller \
        $RPM_BUILD_ROOT/%{_datadir}/openvswitch/scripts/ovs-monitor-ipsec \
        $RPM_BUILD_ROOT/%{_sbindir}/ovs-vlan-bug-workaround \
        $RPM_BUILD_ROOT/%{_mandir}/man1/ovs-benchmark.1* \
        $RPM_BUILD_ROOT/%{_mandir}/man8/ovs-testcontroller.* \
        $RPM_BUILD_ROOT/%{_mandir}/man8/ovs-vlan-bug-workaround.8*


# remove ovn unpackages files
rm -f $RPM_BUILD_ROOT%{_bindir}/ovn*
rm -f $RPM_BUILD_ROOT%{_mandir}/man1/ovn*
rm -f $RPM_BUILD_ROOT%{_mandir}/man5/ovn*
rm -f $RPM_BUILD_ROOT%{_mandir}/man7/ovn*
rm -f $RPM_BUILD_ROOT%{_mandir}/man8/ovn*
rm -f $RPM_BUILD_ROOT%{_datadir}/openvswitch/ovn*
rm -f $RPM_BUILD_ROOT%{_datadir}/openvswitch/scripts/ovn*
rm -f $RPM_BUILD_ROOT%{_includedir}/ovn/*

%check
    export MLX4_GLUE_PATH=$(pwd)/%{dpdkdir}/%{dpdktarget}/lib
    export MLX5_GLUE_PATH=$(pwd)/%{dpdkdir}/%{dpdktarget}/lib
%if %{with check}
    pushd build-static
    touch resolv.conf
    export OVS_RESOLV_CONF=$(pwd)/resolv.conf
    if make check TESTSUITEFLAGS='%{_smp_mflags}' ||
       make check TESTSUITEFLAGS='--recheck'; then :;
    else
        cat tests/testsuite.log
        exit 1
    fi
    popd
%endif
%if %{with check_datapath_kernel}
    pushd build-static
    if make check-kernel RECHECK=yes; then :;
    else
        cat tests/system-kmod-testsuite.log
        exit 1
    fi
    popd
%endif

%clean
rm -rf $RPM_BUILD_ROOT

%preun
%if 0%{?systemd_preun:1}
    %systemd_preun openvswitch.service
%else
    if [ $1 -eq 0 ] ; then
    # Package removal, not upgrade
        /bin/systemctl --no-reload disable openvswitch.service >/dev/null 2>&1 || :
        /bin/systemctl stop openvswitch.service >/dev/null 2>&1 || :
    fi
%endif

%pre
getent group openvswitch >/dev/null || groupadd -r openvswitch
getent passwd openvswitch >/dev/null || \
    useradd -r -g openvswitch -d / -s /sbin/nologin \
    -c "Open vSwitch Daemons" openvswitch

%ifarch %{dpdkarches}
    getent group hugetlbfs >/dev/null || groupadd hugetlbfs
    usermod -a -G hugetlbfs openvswitch
%endif
exit 0

%post
if [ $1 -eq 1 ]; then
    sed -i 's:^#OVS_USER_ID=:OVS_USER_ID=:' /etc/sysconfig/openvswitch

%ifarch %{dpdkarches}
    sed -i \
        's@OVS_USER_ID="openvswitch:openvswitch"@OVS_USER_ID="openvswitch:hugetlbfs"@'\
        /etc/sysconfig/openvswitch
%endif
fi
chown -R openvswitch:openvswitch /etc/openvswitch

%if 0%{?systemd_post:1}
    %systemd_post openvswitch.service
%else
    # Package install, not upgrade
    if [ $1 -eq 1 ]; then
        /bin/systemctl daemon-reload >dev/null || :
    fi
%endif

%postun
%if 0%{?systemd_postun:1}
    %systemd_postun openvswitch.service
%else
    /bin/systemctl daemon-reload >/dev/null 2>&1 || :
%endif

%triggerun -- openvswitch < 2.5.0-22.git20160727%{?dist}
# old rpm versions restart the service in postun, but
# due to systemd some preparation is needed.
if systemctl is-active openvswitch >/dev/null 2>&1 ; then
    /usr/share/openvswitch/scripts/ovs-ctl stop >/dev/null 2>&1 || :
    systemctl daemon-reload >/dev/null 2>&1 || :
    systemctl stop openvswitch ovsdb-server ovs-vswitchd >/dev/null 2>&1 || :
    systemctl start openvswitch >/dev/null 2>&1 || :
fi
exit 0

%if %{with_python2}
%files -n %{_py2}-%{pkgname}
%{python2_sitearch}/ovs
%{python2_sitearch}/ovs-*.egg-info
%doc LICENSE
%endif

%if %{with_python3}
%files -n python3-%{pkgname}
%{python3_sitearch}/ovs
%{python3_sitearch}/ovs-*.egg-info
%doc LICENSE
%endif

%files test
%{_bindir}/ovs-pcap
%{_bindir}/ovs-tcpdump
%{_bindir}/ovs-tcpundump
%{_mandir}/man1/ovs-pcap.1*
%{_mandir}/man8/ovs-tcpdump.8*
%{_mandir}/man1/ovs-tcpundump.1*
%if %{with_python2}
%{_bindir}/ovs-test
%{_bindir}/ovs-vlan-test
%{_bindir}/ovs-l3ping
%{_mandir}/man8/ovs-test.8*
%{_mandir}/man8/ovs-vlan-test.8*
%{_mandir}/man8/ovs-l3ping.8*
%{python_sitelib}/ovstest
%else
%exclude %{_mandir}/man8/ovs-test.8*
%exclude %{_mandir}/man8/ovs-vlan-test.8*
%exclude %{_mandir}/man8/ovs-l3ping.8*
%{python3_sitelib}/ovstest
%endif

%files devel
%{_libdir}/*.so
%{_libdir}/pkgconfig/*.pc
%{_includedir}/openvswitch/*
%{_includedir}/openflow/*
%exclude %{_libdir}/*.a
%exclude %{_libdir}/*.la

%if 0%{?rhel} > 7 || 0%{?fedora} > 28
%files -n network-scripts-%{name}
%{_sysconfdir}/sysconfig/network-scripts/ifup-ovs
%{_sysconfdir}/sysconfig/network-scripts/ifdown-ovs
%endif

%files
%defattr(-,openvswitch,openvswitch)
%dir %{_sysconfdir}/openvswitch
%{_sysconfdir}/openvswitch/default.conf
%config %ghost %verify(not owner group md5 size mtime) %{_sysconfdir}/openvswitch/conf.db
%ghost %attr(0600,-,-) %verify(not owner group md5 size mtime) %{_sysconfdir}/openvswitch/.conf.db.~lock~
%config %ghost %{_sysconfdir}/openvswitch/system-id.conf
%defattr(-,root,root)
%config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/sysconfig/openvswitch
%{_sysconfdir}/bash_completion.d/ovs-appctl-bashcomp.bash
%{_sysconfdir}/bash_completion.d/ovs-vsctl-bashcomp.bash
%config(noreplace) %{_sysconfdir}/logrotate.d/openvswitch
%{_unitdir}/openvswitch.service
%{_unitdir}/ovsdb-server.service
%{_unitdir}/ovs-vswitchd.service
%{_unitdir}/ovs-delete-transient-ports.service
%{_datadir}/openvswitch/scripts/openvswitch.init
%{_datadir}/openvswitch/scripts/ovs-check-dead-ifs
%{_datadir}/openvswitch/scripts/ovs-lib
%{_datadir}/openvswitch/scripts/ovs-save
%{_datadir}/openvswitch/scripts/ovs-vtep
%{_datadir}/openvswitch/scripts/ovs-ctl
%{_datadir}/openvswitch/scripts/ovs-kmod-ctl
%{_datadir}/openvswitch/scripts/ovs-systemd-reload
%config %{_datadir}/openvswitch/vswitch.ovsschema
%config %{_datadir}/openvswitch/vtep.ovsschema
%{_bindir}/ovs-appctl
%{_bindir}/ovs-dpctl
%{_bindir}/ovs-ofctl
%{_bindir}/ovs-vsctl
%{_bindir}/ovsdb-client
%{_bindir}/ovsdb-tool
%{_bindir}/ovs-pki
%{_bindir}/vtep-ctl
%{_libdir}/*.so.*
%ifarch x86_64
%dir %{_libdir}/openvswitch
%{_libdir}/openvswitch/librte_pmd_mlx4_glue.so.*
%{_libdir}/openvswitch/librte_pmd_mlx5_glue.so.*
%endif
%{_sbindir}/ovs-vswitchd
%{_sbindir}/ovsdb-server
%{_mandir}/man1/ovsdb-client.1*
%{_mandir}/man1/ovsdb-server.1*
%{_mandir}/man1/ovsdb-tool.1*
%{_mandir}/man5/ovsdb.5*
%{_mandir}/man5/ovsdb-server.5.*
%{_mandir}/man5/ovs-vswitchd.conf.db.5*
%{_mandir}/man5/vtep.5*
%{_mandir}/man7/ovsdb-server.7*
%{_mandir}/man7/ovsdb.7*
%{_mandir}/man7/ovs-actions.7*
%{_mandir}/man7/ovs-fields.7*
%{_mandir}/man8/vtep-ctl.8*
%{_mandir}/man8/ovs-appctl.8*
%{_mandir}/man8/ovs-ctl.8*
%{_mandir}/man8/ovs-dpctl.8*
%{_mandir}/man8/ovs-kmod-ctl.8.*
%{_mandir}/man8/ovs-ofctl.8*
%{_mandir}/man8/ovs-pki.8*
%{_mandir}/man8/ovs-vsctl.8*
%{_mandir}/man8/ovs-vswitchd.8*
%{_mandir}/man8/ovs-parse-backtrace.8*
%{_udevrulesdir}/91-vfio.rules
%doc LICENSE NOTICE README.rst NEWS rhel/README.RHEL.rst
%ifarch %{dpdkarches}
%doc %{dpdkdir}/README.DPDK-PMDS
%endif
/var/lib/openvswitch
%attr(750,openvswitch,openvswitch) %verify(not owner group) /var/log/openvswitch
%ghost %attr(755,root,root) %verify(not owner group) %{_rundir}/openvswitch
%if %{with_python2}
%{_datadir}/openvswitch/bugtool-plugins/
%{_datadir}/openvswitch/scripts/ovs-bugtool-*
%{_bindir}/ovs-dpctl-top
%{_sbindir}/ovs-bugtool
%{_mandir}/man8/ovs-dpctl-top.8*
%{_mandir}/man8/ovs-bugtool.8*
%else
%exclude %{_mandir}/man8/ovs-dpctl-top.8*
%endif
%if (0%{?rhel} && 0%{?rhel} <= 7) || (0%{?fedora} && 0%{?fedora} < 29)
%{_sysconfdir}/sysconfig/network-scripts/ifup-ovs
%{_sysconfdir}/sysconfig/network-scripts/ifdown-ovs
%endif


%changelog
* Mon May 10 2021 Open vSwitch CI <ovs-team@redhat.com> - 2.11.3-89
- Merging upstream branch-2.11 [RH gerrit: 1d6f0bd658]
    Commit list:
    75907f8a11 ofp-group: Use big-enough buffer in ofputil_format_group().


* Wed Apr 07 2021 Michael Santana <msantana@redhat.com> - 2.11.3-88
- Make changelog in spec file more informative [RH gerrit: 99ad8d96f6]
    This is done by adding the body of the commit message to the changelong.
    The body is indented and has extra spacing separating each entry in the
    changelog to make each one more discernible since now they could be
    longer
    
    Signed-off-by: Michael Santana <msantana@redhat.com>


* Wed Mar 17 2021 Open vSwitch CI <ovs-team@redhat.com> - 2.11.3-87
- Merging upstream branch-2.11 [RH gerrit: 560df0228c]
    Commit list:
    8710c3e5ce python: Send notifications after the transaction ends.
    bf3ef6a869 Handle refTable values with setkey()


* Tue Mar 16 2021 Open vSwitch CI <ovs-team@redhat.com> - 2.11.3-86
- Merging upstream branch-2.11 [RH gerrit: 67070c0625]
    Commit list:
    e9ad1da4f4 Prepare for 2.11.8.
    bbc2705315 Set release date for 2.11.7.
    0f475a5cd4 ovsdb-client: Fix needs-conversion when SERVER is explicitly specified.
    46299c1c72 dpdk: Use DPDK 18.11.11 release.
    65c61b0c23 ofp-actions: Fix use-after-free while decoding RAW_ENCAP.


* Wed Feb 10 2021 Open vSwitch CI <ovs-team@redhat.com> - 2.11.3-85
- Merging upstream branch-2.11 [RH gerrit: 4351a9b512]
    Commit list:
    9b0307cf7d Prepare for 2.11.7.
    5d07b5da2e Set release date for 2.11.6.
    018d35b7d9 cirrus: Use FreeBSD 12.2.
    abd7a45765 flow: Support extra padding length.


* Fri Feb 05 2021 Open vSwitch CI <ovs-team@redhat.com> - 2.11.3-84
- Merging upstream branch-2.11 [RH gerrit: a4f1272cee]
    Commit list:
    5a62ed8002 dist-docs: Include manpages generated from rST.


* Thu Feb 04 2021 Timothy Redaelli <tredaelli@redhat.com> - 2.11.3-83
- flow: Support extra padding length. [RH gerrit: 35a473f35c]
    Although not required, padding can be optionally added until
    the packet length is MTU bytes. A packet with extra padding
    currently fails sanity checks.
    
    Fixes: fa8d9001a624 ("miniflow_extract: Properly handle small IP packets.")
    Reported-by: Joakim Hindersson <joakim.hindersson@elastx.se>
    Acked-by: Ilya Maximets <i.maximets@ovn.org>
    Signed-off-by: Flavio Leitner <fbl@sysclose.org>


* Wed Feb 03 2021 Open vSwitch CI <ovs-team@redhat.com> - 2.11.3-82
- Merging upstream branch-2.11 [RH gerrit: 2e04729b43]
    Commit list:
    1faf6f507c tc: Fix mpls bottom of stack bit mask reporting.


* Tue Feb 02 2021 Open vSwitch CI <ovs-team@redhat.com> - 2.11.3-81
- Merging upstream branch-2.11 [RH gerrit: a6fede58cb]
    Commit list:
    6747878b7a python: Add 'six' to list of install requirements.


* Thu Jan 21 2021 Open vSwitch CI <ovs-team@redhat.com> - 2.11.3-80
- Merging upstream branch-2.11 [RH gerrit: b8354bd062]
    Commit list:
    cd0f896c01 github: Fix Ubuntu package installation.
    5804c31209 odp-util: Fix abort while formatting nsh actions.


* Thu Jan 14 2021 Open vSwitch CI <ovs-team@redhat.com> - 2.11.3-79
- Merging upstream branch-2.11 [RH gerrit: f41ec7e05b]
    Commit list:
    d9e429cc49 Prepare for 2.11.6.
    634e6e41cd Set release date for 2.11.5.


* Wed Jan 13 2021 Open vSwitch CI <ovs-team@redhat.com> - 2.11.3-78
- Merging upstream branch-2.11 [RH gerrit: 68170d878c]
    Commit list:
    dc222c3cf1 lldp: do not leak memory on multiple instances of TLVs
    569595898b ofproto-dpif: Uninitialize 'xlate_cache' to free resources


* Thu Jan 07 2021 Open vSwitch CI <ovs-team@redhat.com> - 2.11.3-77
- Merging upstream branch-2.11 [RH gerrit: 10478e3802]
    Commit list:
    008414b6f0 ovs-monitor-ipsec: Fix active connection regex.


* Thu Dec 24 2020 Open vSwitch CI <ovs-team@redhat.com> - 2.11.3-76
- Merging upstream branch-2.11 [RH gerrit: aa80d76b09]
    Commit list:
    026339bc76 odp-util: Fix netlink message overflow with userdata.
    29077624db ovsdb-tool: Fix datum leak in the show-log command.
    041d001019 ofproto-dpif-xlate: Stop forwarding MLD reports to group ports.


* Wed Dec 02 2020 Open vSwitch CI <ovs-team@redhat.com> - 2.11.3-75
- Merging upstream branch-2.11 [RH gerrit: 838f461d65]
    Commit list:
    abe75f4938 datapath: ovs_ct_exit to be done under ovs_lock
    884800683f compat: rcu: Add support for consolidated-RCU reader checking
    090c694ac7 tests: Add overflow test for the sha1 library.
    7bcf93452e travis: Remove support for Travis CI.
    a29cda9b26 github: Add GitHub Actions workflow.
    a9748802e0 ovsdb-cluster.at: Fix infinite loop in torture tests.


* Tue Nov 17 2020 Open vSwitch CI <ovs-team@redhat.com> - 2.11.3-74
- Merging upstream branch-2.11 [RH gerrit: 757d6ce62c]
    Commit list:
    1dae577d74 ovsdb-idl: Fix *_is_new() IDL functions.
    709b548549 compat: Fix compile warning.
    8bd0dadd04 compat: Remove stale code.
    9414a66816 tests: Add parse-flow tests for MPLS fields.
    00ec8e5cb9 ofp-actions: Fix userspace support for mpls_ttl.
    655e9aa784 python: Don't raise an Exception on failure to connect via SSL.
    1cf4245ace lldp: correctly increase discarded count
    330d64d036 lldp: increase statsTLVsUnrecognizedTotal on unknown TLV
    c00a829e45 lldp: fix a buffer overflow when handling management address TLV
    9aed58b5f1 lldp: Fix size of PEEK_DISCARD_UINT32()
    2c0bbbacf3 lldp: validate a bit more received LLDP frames
    72aa3deacf sha1: Fix algorithm for data bigger than 512 megabytes.
    7d52af2228 odp-util: Fix overflow of nested netlink attributes.


* Mon Nov 02 2020 Timothy Redaelli <tredaelli@redhat.com> - 2.11.3-73
- redhat: Explicitly define __python [RH gerrit: 045337a5c8]
    See https://fedoraproject.org/wiki/Changes/PythonMacroError


* Tue Oct 27 2020 Open vSwitch CI <ovs-team@redhat.com> - 2.11.3-72
- Merging upstream branch-2.11 [RH gerrit: e835b37ab3]
    Commit list:
    684e43b4d8 raft: Fix error leak on failure while saving snapshot.


* Thu Oct 22 2020 Open vSwitch CI <ovs-team@redhat.com> - 2.11.3-71
- Merging upstream branch-2.11 [RH gerrit: a11c3da9f7]
    Commit list:
    cc81b50a60 ofp-ed-props: Fix using uninitialized padding for NSH encap actions.


* Fri Oct 09 2020 Open vSwitch CI <ovs-team@redhat.com> - 2.11.3-70
- Merging upstream branch-2.11 [RH gerrit: 2a26d61978]
    Commit list:
    3cc79bbc13 system-userspace-packet-type-aware.at: Wait for ip address updates.
    2deed05096 netdev-dpdk: Don't set rx mq mode for net_virtio.


* Tue Oct 06 2020 Open vSwitch CI <ovs-team@redhat.com> - 2.11.3-69
- Merging upstream branch-2.11 [RH gerrit: e31b9384be]
    Commit list:
    5ceafdc389 docs: Add flow control on i40e issue


* Wed Sep 16 2020 Open vSwitch CI <ovs-team@redhat.com> - 2.11.3-68
- Merging upstream branch-2.11 [RH gerrit: a43432762b]
    Commit list:
    dfcebfcc2f cirrus: Use FreeBSD 11.4.
    9e53a8a76b classifier: Fix use of uninitialized value.
    30387b61ac rhel: Fix logrotate group when dpdk is enabled.


* Thu Aug 27 2020 Open vSwitch CI <ovs-team@redhat.com> - 2.11.3-67
- Merging upstream branch-2.11 [RH gerrit: dd4802fb0c]
    Commit list:
    1b842af7ad ovs-dpctl-top: Skip "eth()" element.
    9ff2a5a115 meta-flow: fix a typo in "MPLS Bottom of Stack Field" paragraph.


* Tue Aug 18 2020 Flavio Leitner <fbl@redhat.com> - 2.11.3-66
- pkgtool: Use git-branch to retrieve the name. [RH gerrit: 7240e67479]
    The name-rev can return any symbolic name for ref, whether
    it is a branch or a tag.
    
    Use git branch --show-current instead.


* Mon Aug 17 2020 Open vSwitch CI <ovs-team@redhat.com> - 2.11.3-65
- Merging upstream branch-2.11 [RH gerrit: b16596dda3]
    Commit list:
    05bbdfceb7 netdev-offload-dpdk: Fix for broken ethernet matching HWOL for XL710NIC.


* Wed Aug 12 2020 Open vSwitch CI <ovs-team@redhat.com> - 2.11.3-64
- Merging upstream branch-2.11 [RH gerrit: 7b48e66922]
    Commit list:
    e38b412dcb acinclude: Fix build with kernels with prandom* moved to prandom.h.


* Tue Aug 11 2020 Open vSwitch CI <ovs-team@redhat.com> - 2.11.3-63
- Merging upstream branch-2.11 [RH gerrit: 9ae7cb0a10]
    Commit list:
    218ab4f731 Prepare for 2.11.5.
    adf1b5c390 Set release date for 2.11.4.
    1210688623 datapath-windows: Update flow key in SET action
    d04e409f39 dpctl: Fix memory leak in dpctl_dump_flows()
    5d7a08db86 ovs-router: Fix flushing of local routes.


* Sun Aug 09 2020 Flavio Leitner <fbl@redhat.com> - 2.11.3-62
- redhat: Add support to custom RPM releases. [RH gerrit: 570434c6c2]
    This commit allows the developer to specify a custom release
    string to be appended to package NVR.
    
    If the custom release is 'bz123456', the final release would
    look like -Y.bz123456.X where Y is the number of changes
    until the branch was created, and X is the number of changes
    after that.


* Sun Aug 09 2020 Flavio Leitner <fbl@redhat.com> - 2.11.3-61
- pkgtool: Use OVS static version in package NVR. [RH gerrit: 2ed240a84c]
    The package NVR must coincide with the tarball version.


* Fri Jul 17 2020 Flavio Leitner <fbl@redhat.com> - 2.11.3-60
- Merge branch 'fast-datapath-rhel-7' into fast-datapath-rhel-8 [RH gerrit: a2d9792f8c]


* Thu Jul 16 2020 Flavio Leitner <fbl@redhat.com> - 2.11.3-59
- Merge branch 'fast-datapath-rhel-7' into fast-datapath-rhel-8 [RH gerrit: c9f7a9e2d3]


* Wed Jul 15 2020 Flavio Leitner <fbl@redhat.com> - 2.11.3-58
- spec: Fix configure to use dpdkdir without version. [RH gerrit: 583acc91dd]


* Mon Jul 13 2020 Flavio Leitner <fbl@redhat.com> - 2.11.3-57
- redhat: Rename OVSCI job name. [RH gerrit: cbcaa83118]
    The OVSCI job's name has been renamed to follow a standard.


* Fri Jul 10 2020 Timothy Redaelli <tredaelli@redhat.com> - 2.11.3-56
- This is fast-datapath-rhel-8 [RH gerrit: 98f312f126]


* Fri Jul 10 2020 Timothy Redaelli <tredaelli@redhat.com> - 2.11.3-55
- bus/pci: fix VF memory access (#1851170) [RH gerrit: fa4d90db57]
    To fix CVE-2020-12888, the linux vfio-pci module will invalidate mmaps
    and block MMIO access on disabled memory, it will send a SIGBUS to the
    application:
    https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=abafbc551fdd
    
    When the application opens the vfio PCI device, the vfio-pci module will
    enable the bus memory space through PCI read/write access. According to
    the PCIe specification, the 'Memory Space Enable' is always zero for VF:
    
                 Table 9-13 Command Register Changes
    
    Bit Location | PF and VF Register Differences | PF         | VF
                 | From Base                      | Attributes | Attributes
    -------------+--------------------------------+------------+-----------
                 | Memory Space Enable - Does not |            |
                 | apply to VFs. Must be hardwired|  Base      |  0b
         1       | to 0b for VFs. VF Memory Space |            |
                 | is controlled by the VF MSE bit|            |
                 | in the VF Control register.    |            |
    -------------+--------------------------------+------------+-----------
    
    Afterwards the vfio-pci will initialize its own virtual PCI config space
    data ('vconfig') by reading the VF's physical PCI config space, then the
    'Memory Space Enable' bit in vconfig will always be 0b value. This will
    make the vfio-pci treat the BAR memory space as disabled, and the SIGBUS
    will be triggered if access these BARs.
    
    By investigation, the VF PCI device *passthrough* into the Guest OS by
    QEMU has the 'Memory Space Enable' with 1b value. That's because every
    PCI driver will start to enable the memory space, and this action will
    be hooked by vfio-pci virtual PCI read/write to set the 'Memory Space
    Enable' in vconfig space to 1b. So VF runs in guest OS has 'Mem+', but
    VF runs in host OS has 'Mem-'.
    
    Align with PCI working mode in Guest/QEMU/Host, in DPDK, enable the PCI
    bus memory space explicitly to avoid access on disabled memory.
    
    Fixes: 33604c31354a ("vfio: refactor PCI BAR mapping")
    Cc: stable@dpdk.org
    
    Signed-off-by: Haiyue Wang <haiyue.wang@intel.com>
    Acked-by: Anatoly Burakov <anatoly.burakov@intel.com>
    Tested-by: Harman Kalra <hkalra@marvell.com>
    Tested-by: David Marchand <david.marchand@redhat.com>
    Tested-by: Thierry Martin <thierry.martin.public@gmail.com>
    (cherry picked from commit 54f3fb127d9c265a5724d193e5c7c6db29fb4150)
    
    Resolves: #1851170


* Fri Jul 10 2020 Timothy Redaelli <tredaelli@redhat.com> - 2.11.3-54
- vhost: fix vring index check (#1831391) [RH gerrit: 8e33084d85]
    vhost_user_check_and_alloc_queue_pair() is used to extract
    a vring index from a payload. This function validates the
    index and is called early on in when performing message
    handling. Most message handlers depend on it correctly
    validating the vring index.
    
    Depending on the message type the vring index is in
    different parts of the payload. The function contains a
    switch/case for each type and copies the index. This is
    stored in a uint16. This index is then validated. Depending
    on the message, the source index is an unsigned int. If
    integer truncation occurs (uint->uint16) the top 16 bits
    of the index are never validated.
    
    When they are used later on  (e.g. in
    vhost_user_set_vring_num() or vhost_user_set_vring_addr())
    it can lead to out of bound indexing. The out of bound
    indexed data gets written to, and hence this can cause
    memory corruption.
    
    This patch fixes this vulnerability by declaring vring
    index as an unsigned int in
    vhost_user_check_and_alloc_queue_pair().
    
    Fixes: 160cbc815b41 ("vhost: remove a hack on queue allocation")
    Cc: stable@dpdk.org
    
    This issue has been assigned CVE-2020-10723
    
    Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
    Signed-off-by: Maxime Coquelin <maxime.coquelin@redhat.com>
    Reviewed-by: Xiaolong Ye <xiaolong.ye@intel.com>
    Reviewed-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
    (cherry picked from commit c78d94189dced04def987a17f16097fcb197a186)
    
    Resolves: #1831391


* Fri Jul 10 2020 Timothy Redaelli <tredaelli@redhat.com> - 2.11.3-53
- vhost: check log mmap offset and size overflow (#1831391) [RH gerrit: 753ae0cf66]
    vhost_user_set_log_base() is a message handler that is
    called to handle the VHOST_USER_SET_LOG_BASE message.
    Its payload contains a 64 bit size and offset. Both are
    added up and used as a size when calling mmap().
    
    There is no integer overflow check. If an integer overflow
    occurs a smaller memory map would be created than
    requested. Since the returned mapping is mapped as writable
    and used for logging, a memory corruption could occur.
    
    Fixes: fbc4d248b198 ("vhost: fix offset while mmaping log base address")
    
    This issue has been assigned CVE-2020-10722
    
    Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
    Signed-off-by: Maxime Coquelin <maxime.coquelin@redhat.com>
    Reviewed-by: Xiaolong Ye <xiaolong.ye@intel.com>
    Reviewed-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
    (cherry picked from commit 338f5eae5de73a91ba42951bfe7d1fba898e1aab)
    
    Resolves: #1831391


* Fri Jul 10 2020 Timothy Redaelli <tredaelli@redhat.com> - 2.11.3-52
- vhost: add device op when notification to guest is sent (#1726579) [RH gerrit: 92715cf99c]
    This patch adds an operation callback which gets called every time
    the library is waking up the guest trough an eventfd_write() call.
    
    This can be used by 3rd party application, like OVS, to track the
    number of times interrupts where generated. This might be of
    interest to find out system-call were called in the fast path.
    
    Signed-off-by: Eelco Chaudron <echaudro@redhat.com>
    Reviewed-by: Maxime Coquelin <maxime.coquelin@redhat.com>
    (cherry picked from commit 039253166a57ee660dd2fbe92ca77fa65154751c)
    
    Resolves: #1726579


* Fri Jul 10 2020 Timothy Redaelli <tredaelli@redhat.com> - 2.11.3-51
- net/i40e: re-program promiscuous mode on VF interface (#1733402) [RH gerrit: 0fe1f42b5f]
    During a kernel PF reset, this event is propagated to the VF.
    The DPDK VF PMD will execute the reset task before the PF is done
    with his. This results in the admin queue message not being responded
    to leaving the port in "promiscuous" mode.
    
    This patch makes sure the promiscuous mode is configured independently
    of the current admin state.
    
    Signed-off-by: Eelco Chaudron <echaudro@redhat.com>
    Reviewed-by: Xiao Zhang <xiao.zhang@intel.com>
    (cherry picked from commit ddc7cb0d9453e0c0601a01eab1f388eae4c1fb65)
    
    Resolves: #1733402


* Fri Jul 10 2020 Timothy Redaelli <tredaelli@redhat.com> - 2.11.3-50
- bus/pci: always check IOMMU capabilities (#1711739) [RH gerrit: 0815c39d39]
    IOMMU capabilities won't change and must be checked even if no PCI device
    seem to be supported yet when EAL initialised.
    
    This is to accommodate with SPDK that registers its drivers after
    rte_eal_init(), especially on PPC platform where the IOMMU does not
    support VA.
    
    Fixes: 703458e19c16 ("bus/pci: consider only usable devices for IOVA mode")
    
    Signed-off-by: David Marchand <david.marchand@redhat.com>
    Reviewed-by: David Christensen <drc@linux.vnet.ibm.com>
    Acked-by: Jerin Jacob <jerinj@marvell.com>
    Tested-by: Jerin Jacob <jerinj@marvell.com>
    Tested-by: Takeshi Yoshimura <tyos@jp.ibm.com>
    
    (cherry picked from commit 66d3724b2c87e6fcdf3851ca191683696a91b901)
    Signed-off-by: David Marchand <david.marchand@redhat.com>
    
    Resolves: #1711739


* Fri Jul 10 2020 Timothy Redaelli <tredaelli@redhat.com> - 2.11.3-49
- eal: fix IOVA mode selection as VA for PCI drivers (#1711739) [RH gerrit: 11fbef3c85]
    The incriminated commit broke the use of RTE_PCI_DRV_IOVA_AS_VA which
    was intended to mean "driver only supports VA" but had been understood
    as "driver supports both PA and VA" by most net drivers and used to let
    dpdk processes to run as non root (which do not have access to physical
    addresses on recent kernels).
    
    The check on physical addresses actually closed the gap for those
    drivers. We don't need to mark them with RTE_PCI_DRV_IOVA_AS_VA and this
    flag can retain its intended meaning.
    Document explicitly its meaning.
    
    We can check that a driver requirement wrt to IOVA mode is fulfilled
    before trying to probe a device.
    
    Finally, document the heuristic used to select the IOVA mode and hope
    that we won't break it again.
    
    Fixes: 703458e19c16 ("bus/pci: consider only usable devices for IOVA mode")
    
    Signed-off-by: David Marchand <david.marchand@redhat.com>
    Reviewed-by: Jerin Jacob <jerinj@marvell.com>
    Tested-by: Jerin Jacob <jerinj@marvell.com>
    Acked-by: Anatoly Burakov <anatoly.burakov@intel.com>
    
    (cherry picked from commit b76fafb174d2cd5247c3573bb3d49444e195e760)
    Signed-off-by: David Marchand <david.marchand@redhat.com>
    
    Conflicts:
    	drivers/net/avf/avf_ethdev.c
    	drivers/net/ice/ice_ethdev.c
    	drivers/net/mlx4/mlx4.c
    	drivers/net/mlx5/mlx5.c
    	drivers/net/octeontx2/otx2_ethdev.c
    	drivers/raw/ioat/ioat_rawdev.c
    
    Resolves: #1711739


* Fri Jul 10 2020 Timothy Redaelli <tredaelli@redhat.com> - 2.11.3-48
- bus/pci: consider only usable devices for IOVA mode (#1711739) [RH gerrit: 69f5cb4c56]
    When selecting the preferred IOVA mode of the pci bus, the current
    heuristic ("are devices bound?", "are devices bound to UIO?", "are pmd
    drivers supporting IOVA as VA?" etc..) should honor the device
    white/blacklist so that an unwanted device does not impact the decision.
    
    There is no reason to consider a device which has no driver available.
    
    This applies to all OS, so implements this in common code then call a
    OS specific callback.
    
    On Linux side:
    - the VFIO special considerations should be evaluated only if VFIO
      support is built,
    - there is no strong requirement on using VA rather than PA if a driver
      supports VA, so defaulting to DC in such a case.
    
    Signed-off-by: Ben Walker <benjamin.walker@intel.com>
    Signed-off-by: David Marchand <david.marchand@redhat.com>
    Reviewed-by: Anatoly Burakov <anatoly.burakov@intel.com>
    
    (cherry picked from commit 703458e19c16135143b3f30089e1af66100c82dc)
    Signed-off-by: David Marchand <david.marchand@redhat.com>
    
    Conflicts:
            drivers/bus/pci/linux/pci.c
            drivers/bus/pci/pci_common.c
    
    Resolves: #1711739


* Fri Jul 10 2020 Timothy Redaelli <tredaelli@redhat.com> - 2.11.3-47
- eal: compute IOVA mode based on PA availability (#1711739) [RH gerrit: d5e1d2fa50]
    Currently, if the bus selects IOVA as PA, the memory init can fail when
    lacking access to physical addresses.
    This can be quite hard for normal users to understand what is wrong
    since this is the default behavior.
    
    Catch this situation earlier in eal init by validating physical addresses
    availability, or select IOVA when no clear preferrence had been expressed.
    
    The bus code is changed so that it reports when it does not care about
    the IOVA mode and let the eal init decide.
    
    In Linux implementation, rework rte_eal_using_phys_addrs() so that it can
    be called earlier but still avoid a circular dependency with
    rte_mem_virt2phys().
    In FreeBSD implementation, rte_eal_using_phys_addrs() always returns
    false, so the detection part is left as is.
    
    If librte_kni is compiled in and the KNI kmod is loaded,
    - if the buses requested VA, force to PA if physical addresses are
      available as it was done before,
    - else, keep iova as VA, KNI init will fail later.
    
    Signed-off-by: Ben Walker <benjamin.walker@intel.com>
    Signed-off-by: David Marchand <david.marchand@redhat.com>
    Acked-by: Anatoly Burakov <anatoly.burakov@intel.com>
    
    (cherry picked from commit c2361bab70c56f64e50f07946b1b20bf688d782a)
    Signed-off-by: David Marchand <david.marchand@redhat.com>
    
    Resolves: #1711739


* Fri Jul 10 2020 Timothy Redaelli <tredaelli@redhat.com> - 2.11.3-46
- netdev-linux: Update LAG in all cases. (#1812892) [RH gerrit: 2763511809]
    In some cases, when processing a netlink change event, it's possible for
    an alternate part of OvS (like the IPv6 endpoint processing) to hold an
    active netdev interface.  This creates a race-condition, where sometimes
    the OvS change processing will take the normal path.  This doesn't work
    because the netdev device object won't actually be enslaved to the
    ovs-system (for instance, a linux bond) and ingress qdisc entries will
    be missing.
    
    To address this, we update the LAG information in ALL cases where
    LAG information could come in.
    
    Fixes: d22f8927c3c9 ("netdev-linux: monitor and offload LAG slaves to TC")
    Cc: Marcelo Leitner <mleitner@redhat.com>
    Cc: John Hurley <john.hurley@netronome.com>
    Acked-by: Roi Dayan <roid@mellanox.com>
    Signed-off-by: Aaron Conole <aconole@redhat.com>
    Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
    (cherry picked from commit 7a076a53716394742d0ae44652451501ae17335d)
    
    Resolves: #1812892


* Fri Jul 10 2020 Timothy Redaelli <tredaelli@redhat.com> - 2.11.3-45
- netdev-offload-tc: Re-fetch block ID after probing. (#1812892) [RH gerrit: 83cebd3221]
    It's possible that block_id could changes after the probe for block
    support.  Therefore, fetch the block_id again after the probe.
    
    Fixes: edc2055a2bf7 ("netdev-offload-tc: Flush rules on ingress block when init tc flow api")
    Cc: Dmytro Linkin <dmitrolin@mellanox.com>
    Acked-by: Roi Dayan <roid@mellanox.com>
    Co-authored-by: Marcelo Leitner <mleitner@redhat.com>
    Signed-off-by: Marcelo Leitner <mleitner@redhat.com>
    Signed-off-by: Aaron Conole <aconole@redhat.com>
    Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
    (cherry picked from commit 8508a57228560e154963c542823d36d8098e6610)
    
    Resolves: #1812892


* Fri Jul 10 2020 Timothy Redaelli <tredaelli@redhat.com> - 2.11.3-44
- netdev-offload-tc: Flush rules on ingress block when init tc flow api (#1812892) [RH gerrit: e5d7d5ec24]
    OVS can fail to attach ingress block on iface when init tc flow api,
    if block already exist with rules on it and is shared with other iface.
    Fix by flush all existing rules on the ingress block prior to deleting
    it.
    
    Fixes: 093c9458fb02 ("tc: allow offloading of block ids")
    Signed-off-by: Dmytro Linkin <dmitrolin@mellanox.com>
    Acked-by: Raed Salem <raeds@mellanox.com>
    Acked-by: Roi Dayan <roid@mellanox.com>
    Signed-off-by: Simon Horman <simon.horman@netronome.com>
    (cherry picked from commit edc2055a2bf73258d5731a8f8853397190348b04)
    
    Resolves: #1812892


* Fri Jul 10 2020 Timothy Redaelli <tredaelli@redhat.com> - 2.11.3-43
- netdev-vport: Use the dst_port in tunnel netdev name (#1727599) [RH gerrit: f4a6fb7574]
    If tunnel device dst_port is not the default one, "ovs-dpctl dump-flows"
    will fail. The error message for vxlan is:
    
    netdev_linux|INFO|ioctl(SIOCGIFINDEX) on vxlan_sys_4789 device failed: No such device
    
    That's because when calling netdev_vport_construct() for netdev
    vxlan_sys_xxxx, the default dst_port is used. Actually, the dst_port
    value is in the netdev name. Use it to avoid the error.
    
    Signed-off-by: Chris Mi <chrism@mellanox.com>
    Reviewed-by: Roi Dayan <roid@mellanox.com>
    Signed-off-by: Ben Pfaff <blp@ovn.org>
    (cherry picked from commit 6998788197e23c409a6b6cecaa30867ff6d40928)
    
    Resolves: #1727599


* Fri Jul 10 2020 Timothy Redaelli <tredaelli@redhat.com> - 2.11.3-42
- lib/tc: Fix flow dump for tunnel id equal zero (#1732305) [RH gerrit: 765ba1d1c0]
    Tunnel id 0 is not printed unless tunnel flag FLOW_TNL_F_KEY is set.
    Fix that by always setting FLOW_TNL_F_KEY when tunnel id is valid.
    
    Fixes: 0227bf092ee6 ("lib/tc: Support optional tunnel id")
    Signed-off-by: Dmytro Linkin <dmitrolin@mellanox.com>
    Reviewed-by: Roi Dayan <roid@mellanox.com>
    Signed-off-by: Simon Horman <simon.horman@netronome.com>
    (cherry picked from commit 36e50679a6517ee1ec6ed9e4cc83293279a5fffc)
    
    Resolves: #1732305


* Fri Jul 10 2020 Timothy Redaelli <tredaelli@redhat.com> - 2.11.3-41
- lib/tc: Support optional tunnel id (#1732305) [RH gerrit: 42f09fe96f]
    Currently the TC tunnel_key action is always
    initialized with the given tunnel id value. However,
    some tunneling protocols define the tunnel id as an optional field.
    
    This patch initializes the id field of tunnel_key:set and tunnel_key:unset
    only if a value is provided.
    
    In the case that a tunnel key value is not provided by the user
    the key flag will not be set.
    
    Signed-off-by: Adi Nissim <adin@mellanox.com>
    Acked-by: Paul Blakey <paulb@mellanox.com>
    Signed-off-by: Simon Horman <simon.horman@netronome.com>
    (cherry picked from commit 0227bf092ee6b5d18e2b79493d44769cb37ecc98)
    
    Resolves: #1732305


* Fri Jul 10 2020 Timothy Redaelli <tredaelli@redhat.com> - 2.11.3-40
- tc: Set 'no_percpu' flag for compatible actions (#1780690) [RH gerrit: 42f07f6bd8]
    Recent changes in Linux kernel TC action subsystem introduced new
    TCA_ACT_FLAGS_NO_PERCPU_STATS flag. The purpose of the flag is to request
    action implementation to skip allocating action stats with expensive percpu
    allocator and use regular built-in action stats instead. Such approach
    significantly improves rule insertion rate and reduce memory usage for
    hardware-offloaded rules that don't need benefits provided by percpu
    allocated stats (improved software TC fast-path performance). Set the flag
    for all compatible actions.
    
    Modify acinclude.m4 to use OVS-internal pkt_cls.h implementation when
    TCA_ACT_FLAGS is not defined by kernel headers and to manually define
    struct nla_bitfield32 in netlink.h (new file) when it is not defined by
    kernel headers.
    
    Signed-off-by: Vlad Buslov <vladbu@mellanox.com>
    Reviewed-by: Roi Dayan <roid@mellanox.com>
    Signed-off-by: Simon Horman <simon.horman@netronome.com>
    (cherry picked from commit 292d5bd9bb344527e0da19433cf3e51f8a24058c)
    
    Resolves: #1780690


* Fri Jul 10 2020 Timothy Redaelli <tredaelli@redhat.com> - 2.11.3-39
- rhel: let *-ctl handle runtime directory (#1785586) [RH gerrit: c3763ec916]
    Recent versions of systemd restores RuntimeDirectory ownership to the
    unit's User in between execution of *Exec directives (see [1]). Using
    ExecStartPre to reset RuntimeDirectory ownership to OVS_USER no longer
    works as expected.
    
    The ctl scripts already handle creation of the runtime directory with
    correct ownership and permissions so we can basically remove
    RuntimeDirectory from systemd unit file. There is still need to handle
    ownsership to cover some upgrade scenarios, but success of that will be
    optional as the directory itself wont exist at first time run.
    
    [1] https://github.com/systemd/systemd/issues/12713
    
    Signed-off-by: Jaime Caamaño Ruiz <jcaamano@suse.com>
    Signed-off-by: Ben Pfaff <blp@ovn.org>
    (cherry picked from commit 7a65e5a9252ac06df62707a571931f501747ecfc)
    
    Resolves: #1785586


* Fri Jul 10 2020 Timothy Redaelli <tredaelli@redhat.com> - 2.11.3-38
- rhel: set useropts optional for ovsdb-server (#1785586) [RH gerrit: 77bed8f0e4]
    systemd assesses the presssence of all EnvironmentFile before execution
    of Exec* directives, thus useropts needs to be optional even though it
    will always be created at ExecStartPre.
    
    Fixes: 94e1e8be3187 ("rhel: run ovn with the same user as ovs")
    Signed-off-by: Jaime Caamaño Ruiz <jcaamano@suse.com>
    Signed-off-by: Ben Pfaff <blp@ovn.org>
    (cherry picked from commit 0186c3807cc4500c5699fcf034df3a995c34885c)
    
    Resolves: #1785586


* Fri Jul 10 2020 Timothy Redaelli <tredaelli@redhat.com> - 2.11.3-37
- rhel: run ovn with the same user as ovs (#1785586) [RH gerrit: 8f5f39b4af]
    Both ovn and ovs share the same log and run directories which are owned
    by the user running ovs so it makes sense that ovn runs under that user
    too to diminish security concerns and possible problems with log rotation.
    
    Signed-off-by: Jaime Caamaño Ruiz <jcaamano@suse.com>
    Signed-off-by: Ben Pfaff <blp@ovn.org>
    (cherry picked from commit 94e1e8be3187a4824ac27ed843396dde5cc02d13)
    
    Resolves: #1785586


* Fri Jul 10 2020 Timothy Redaelli <tredaelli@redhat.com> - 2.11.3-36
- rhel: secure openvswitch useropts (#1785586) [RH gerrit: 71154ad26f]
    The openvswitch useropts file is being stored in a directory where the
    openvswitch user has write permissions. The openvswitch user can then
    manipulate the file to change the user under which switchd daemon runs.
    
    This patch changes the file to /var/openvswitch.useropts preventing any
    manipulation.
    
    Signed-off-by: Jaime Caamaño Ruiz <jcaamano@suse.com>
    Signed-off-by: Ben Pfaff <blp@ovn.org>
    (cherry picked from commit 27e25e18c1f4cdd789d5670ab9e01dcf02a86b6f)
    
    Resolves: #1785586


* Fri Jul 10 2020 Timothy Redaelli <tredaelli@redhat.com> - 2.11.3-35
- userspace: Improved packet drop statistics. (#1726568) [RH gerrit: a6b7a37be8]
    Currently OVS maintains explicit packet drop/error counters only on port
    level.  Packets that are dropped as part of normal OpenFlow processing
    are counted in flow stats of “drop” flows or as table misses in table
    stats. These can only be interpreted by controllers that know the
    semantics of the configured OpenFlow pipeline.  Without that knowledge,
    it is impossible for an OVS user to obtain e.g. the total number of
    packets dropped due to OpenFlow rules.
    
    Furthermore, there are numerous other reasons for which packets can be
    dropped by OVS slow path that are not related to the OpenFlow pipeline.
    The generated datapath flow entries include a drop action to avoid
    further expensive upcalls to the slow path, but subsequent packets
    dropped by the datapath are not accounted anywhere.
    
    Finally, the datapath itself drops packets in certain error situations.
    Also, these drops are today not accounted for.This makes it difficult
    for OVS users to monitor packet drop in an OVS instance and to alert a
    management system in case of a unexpected increase of such drops.
    Also OVS trouble-shooters face difficulties in analysing packet drops.
    
    With this patch we implement following changes to address the issues
    mentioned above.
    
    1. Identify and account all the silent packet drop scenarios
    2. Display these drops in ovs-appctl coverage/show
    
    Co-authored-by: Rohith Basavaraja <rohith.basavaraja@gmail.com>
    Co-authored-by: Keshav Gupta <keshugupta1@gmail.com>
    Signed-off-by: Anju Thomas <anju.thomas@ericsson.com>
    Signed-off-by: Rohith Basavaraja <rohith.basavaraja@gmail.com>
    Signed-off-by: Keshav Gupta <keshugupta1@gmail.com>
    Acked-by: Eelco Chaudron <echaudro@redhat.com
    Acked-by: Ben Pfaff <blp@ovn.org>
    Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
    (cherry picked from commit a13a0209750c424556189796061c40d08c689467)
    
    Resolves: #1726568


* Fri Jul 10 2020 Timothy Redaelli <tredaelli@redhat.com> - 2.11.3-34
- netdev-dpdk: Fix sw stats perf drop. (#1790841) [RH gerrit: 54f4571750]
    Accessing the sw stats in the vhost datapath of a PVP test
    can incur a performance drop of ~2%.
    
    Most of the time these stats will just be getting zero added
    to them. By checking if there is a non-zero update first, we
    can avoid accessing them when they won't be updated and avoid
    the performance drop.
    
    Fixes: 2f862c712e52 ("netdev-dpdk: Detailed packet drop statistics.")
    Signed-off-by: Kevin Traynor <ktraynor@redhat.com>
    Acked-by: Eelco Chaudron <echaudro@redhat.com>
    Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
    (cherry picked from commit 6d77abf4f7ea5596ba8c4a7a27768e83e80a7e46)
    
    Resolves: #1790841


* Fri Jul 10 2020 Timothy Redaelli <tredaelli@redhat.com> - 2.11.3-33
- netdev-dpdk: Detailed packet drop statistics. (#1790841) [RH gerrit: 1e1b33541a]
    OVS may be unable to transmit packets for multiple reasons on
    the userspace datapath and today there is a single counter to
    track packets dropped due to any of those reasons. This patch
    adds custom software stats for the different reasons packets
    may be dropped during tx/rx on the userspace datapath in OVS.
    
    - MTU drops : drops that occur due to a too large packet size
    - Qos drops : drops that occur due to egress/ingress QOS
    - Tx failures: drops as returned by the DPDK PMD send function
    
    Note that the reason for tx failures is not specified in OVS.
    In practice for vhost ports it is most common that tx failures
    are because there are not enough available descriptors,
    which is usually caused by misconfiguration of the guest queues
    and/or because the guest is not consuming packets fast enough
    from the queues.
    
    These counters are displayed along with other stats in
    "ovs-vsctl get interface <iface> statistics" command and are
    available for dpdk and vhostuser/vhostuserclient ports.
    
    Also the existing "tx_retries" counter for vhost ports has been
    renamed to "ovs_tx_retries", so that all the custom statistics
    that OVS accumulates itself will have the prefix "ovs_". This
    will prevent any custom stats names overlapping with
    driver/HW stats.
    
    Acked-by: Kevin Traynor <ktraynor@redhat.com>
    Signed-off-by: Sriram Vatala <sriram.v@altencalsoftlabs.com>
    Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
    (cherry picked from commit 2f862c712e52fe524e441ab58bb042dcb20214ee)
    
    Resolves: #1790841


* Fri Jul 10 2020 Timothy Redaelli <tredaelli@redhat.com> - 2.11.3-32
- netdev-dpdk: Reuse vhost function for dpdk ETH custom stats. (#1790841) [RH gerrit: e0d00f70c5]
    This is yet another refactoring for upcoming detailed drop stats.
    It allows to use single function for all the software calculated
    statistics in netdev-dpdk for both vhost and ETH ports.
    
    UINT64_MAX used as a marker for non-supported statistics in a
    same way as it's done in bridge.c for common netdev stats.
    
    Co-authored-by: Sriram Vatala <sriram.v@altencalsoftlabs.com>
    Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
    Signed-off-by: Sriram Vatala <sriram.v@altencalsoftlabs.com>
    Acked-by: Kevin Traynor <ktraynor@redhat.com>
    (cherry picked from commit b99ab8aaaf9f6057ddbc332c76ab774dbfd4ccc3)
    
    Resolves: #1790841


* Fri Jul 10 2020 Timothy Redaelli <tredaelli@redhat.com> - 2.11.3-31
- netdev-dpdk: Refactor vhost custom stats for extensibility. (#1790841) [RH gerrit: b084d7a5c2]
    vHost interfaces currently has only one custom statistic, but there
    might be others in the near future. This refactoring makes the code
    work in the same way as it done for dpdk and afxdp stats to keep the
    common style over the different code places and makes it easily
    extensible for the new stats addition.
    
    Signed-off-by: Ilya Maximets <i.maximets@samsung.com>
    Reviewed-by: David Marchand <david.marchand@redhat.com>
    Acked-by: Kevin Traynor <ktraynor@redhat.com>
    (cherry picked from commit 5c7ba90d8189ee7b35a1723d5a76dc205720af50)
    
    Resolves: #1790841


* Fri Jul 10 2020 Timothy Redaelli <tredaelli@redhat.com> - 2.11.3-30
- netdev-dpdk: Fix not reporting rx_oversize_errors in stats. (#1790841) [RH gerrit: 26017f85c8]
    There is a big code duplication issue with DPDK xstats that led to
    missed "rx_oversize_errors" statistics. It's defined but not used.
    Fix that by actually using this stat along with code refactoring that
    will allow us to not make same mistakes in the future.
    Macro definitions are perfectly suitable to automate code generation
    in such cases and already used in a couple of places in OVS for similar
    purposes.
    
    Signed-off-by: Ilya Maximets <i.maximets@samsung.com>
    Reviewed-by: David Marchand <david.marchand@redhat.com>
    Acked-by: Kevin Traynor <ktraynor@redhat.com>
    Acked-by: Ian Stokes <ian.stokes@intel.com>
    (cherry picked from commit 18366d165162051463fd28e9f46d1c2cbe355eb3)
    
    Resolves: #1790841


* Fri Jul 10 2020 Timothy Redaelli <tredaelli@redhat.com> - 2.11.3-29
- ovsdb replication: Provide option to configure probe interval. (#1788800) [RH gerrit: e8a669ead7]
    When ovsdb-server is in backup mode and connects to the active
    ovsdb-server for replication, and if takes more than 5 seconds to
    get the dump of the whole database, it will drop the connection
    soon after as the default probe interval is 5 seconds. This
    results in a snowball effect of reconnections to the active
    ovsdb-server.
    
    This patch handles or mitigates this issue by setting the
    default probe interval value to 60 seconds and provide the option to
    configure this value from the unixctl command.
    
    Other option could be increase the value of 'RECONNECT_DEFAULT_PROBE_INTERVAL'
    to a higher value.
    
    Acked-by: Mark Michelson <mmichels@redhat.com>
    Acked-by: Dumitru Ceara <dceara@redhat.com>
    Signed-off-by: Numan Siddique <numans@ovn.org>
    Signed-off-by: Ben Pfaff <blp@ovn.org>
    (cherry-picked from commit e988b8abeec9d4be94b519c5d4ed4586ff71fde0)
    
    Resolves: #1788800


* Fri Jul 10 2020 Timothy Redaelli <tredaelli@redhat.com> - 2.11.3-28
- netdev-dpdk: Add coverage counter to count vhost IRQs. (#1726579) [RH gerrit: 3c3997eb0a]
    When the dpdk vhost library executes an eventfd_write() call,
    i.e. waking up the guest, a new callback will be called.
    
    This patch adds the callback to count the number of
    interrupts sent to the VM to track the number of times
    interrupts where generated.
    
    This might be of interest to find out system-calls were
    called in the DPDK fast path.
    
    The coverage counter is called "vhost_notification" and
    can be read with:
    
      $ ovs-appctl coverage/read-counter vhost_notification
      13238319
    
    Signed-off-by: Eelco Chaudron <echaudro@redhat.com>
    Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
    
    (cherry picked from commit 3d56e4ac445d17e69484a95b319ac578e3580b65)
    Signed-off-by: David Marchand <david.marchand@redhat.com>
    
    Conflicts:
    	lib/netdev-dpdk.c
    
    Resolves: #1726579


* Fri Jul 10 2020 Timothy Redaelli <tredaelli@redhat.com> - 2.11.3-27
- netdev-dpdk: add support for the RTE_ETH_EVENT_INTR_RESET event. (#1719644) [RH gerrit: ca1a1a8e1c]
    Currently, OVS does not register and therefore not handle the
    interface reset event from the DPDK framework. This would cause a
    problem in cases where a VF is used as an interface, and its
    configuration changes.
    
    As an example in the following scenario the MAC change is not
    detected/acted upon until OVS is restarted without the patch applied:
    
      $ echo 1 > /sys/bus/pci/devices/0000:05:00.1/sriov_numvfs
      $ ovs-vsctl add-port ovs_pvp_br0 dpdk0 -- \
                set Interface dpdk0 type=dpdk -- \
                set Interface dpdk0 options:dpdk-devargs=0000:05:0a.0
    
      $ ip link set p5p2 vf 0 mac 52:54:00:92:d3:33
    
    Signed-off-by: Eelco Chaudron <echaudro@redhat.com>
    Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
    (cherry picked from commit 988fd46391495e1ff92fa0d81204ae712e89ef9d)
    
    Resolves: #1719644


* Fri Jul 10 2020 Timothy Redaelli <tredaelli@redhat.com> - 2.11.3-26
- bridge: Allow manual notifications about interfaces' updates. (#1719644) [RH gerrit: f58b680888]
    Sometimes interface updates could happen in a way ifnotifier is not
    able to catch.  For example some heavy operations (device reset) in
    netdev-dpdk could require re-applying of the bridge configuration.
    
    For this purpose new manual notifier introduced. Its function
    'if_notifier_manual_report()' could be called directly by the code
    that aware about changes.  This new notifier is thread-safe.
    
    Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
    Acked-by: Eelco Chaudron <echaudro@redhat.com>
    
    (cherry picked from commit db54e9672052db9c45f84d89454104eb2fedfb02)
    Signed-off-by: David Marchand <david.marchand@redhat.com>
    
    Conflicts:
    	lib/automake.mk
    	vswitchd/bridge.c
    
    Resolves: #1719644


* Fri Jul 10 2020 Timothy Redaelli <tredaelli@redhat.com> - 2.11.3-25
- Shutdown SSL connection before closing socket (#1780745) [RH gerrit: aa97017175]
    Without shutting down the SSL connection, log messages like:
    
    stream_ssl|WARN|SSL_read: unexpected SSL connection close
    jsonrpc|WARN|ssl:127.0.0.1:47052: receive error: Protocol error
    reconnect|WARN|ssl:127.0.0.1:47052: connection dropped (Protocol error)
    
    would occur whenever the socket is closed. This just adds an
    SSLStream.close() that calls shutdown() and ignores SSL errors, the
    same way that lib/stream-ssl.c does in ssl_close().
    
    Signed-off-by: Terry Wilson <twilson@redhat.com>
    Signed-off-by: Ben Pfaff <blp@ovn.org>
    (cherry picked from commit 5fe179987d14ff38cce345dbbe57ef1ffe7853cc)
    
    Resolves: #1780745


* Fri Jul 10 2020 Timothy Redaelli <tredaelli@redhat.com> - 2.11.3-24
- flake8: also check the ovs-check-dead-ifs script (#1751161) [RH gerrit: ecd3a1b407]
    Acked-by: William Tu <u9012063@gmail.com>
    Signed-off-by: Aaron Conole <aconole@redhat.com>
    Signed-off-by: Ben Pfaff <blp@ovn.org>
    (cherry picked from commit bc6f73c951af472d221985965085544e60248b03)
    
    Resolves: #1751161


* Fri Jul 10 2020 Timothy Redaelli <tredaelli@redhat.com> - 2.11.3-23
- ovs-check-dead-ifs: unshadow pid variable (#1751161) [RH gerrit: a086e76181]
    The pid variable is being shadowed by the list comprehension in the
    os.execvp() call.  This can generate flakes / warnings in some environments
    so fix it.
    
    Acked-by: William Tu <u9012063@gmail.com>
    Signed-off-by: Aaron Conole <aconole@redhat.com>
    Signed-off-by: Ben Pfaff <blp@ovn.org>
    (cherry picked from commit 78e2a56927b5ba7e6f8808e3cf967171a2708a57)
    
    Resolves: #1751161


* Fri Jul 10 2020 Timothy Redaelli <tredaelli@redhat.com> - 2.11.3-22
- ovs-check-dead-ifs: python3 print format (#1751161) [RH gerrit: d61553f744]
    The print call changed in python3, so update it.
    
    Acked-by: William Tu <u9012063@gmail.com>
    Signed-off-by: Aaron Conole <aconole@redhat.com>
    Signed-off-by: Ben Pfaff <blp@ovn.org>
    (cherry picked from commit c864b82d889dc47fb88d5cdde8caeca962776871)
    
    Resolves: #1751161


* Fri Jul 10 2020 Timothy Redaelli <tredaelli@redhat.com> - 2.11.3-21
- ovs-tcpundump: exit when getting version (#1764127) [RH gerrit: ea9923af22]
    Running 'ovs-tcpundump -V' will cause ovs-tcpundump to start processing on
    stdin.  Instead, print the version and exit.
    
    Signed-off-by: Aaron Conole <aconole@redhat.com>
    Signed-off-by: Ben Pfaff <blp@ovn.org>
    (cherry picked from commit c691cffb03ba3a7595f364c2766fdd2ace8c3842)
    
    Resolves: #1764127


* Fri Jul 10 2020 Timothy Redaelli <tredaelli@redhat.com> - 2.11.3-20
- ovs-tcpundump: allow multiple packet lengths (#1764125) [RH gerrit: ac3b779405]
    The tcpundump tool expects all packets to be a length which aligns to
    exactly a 4-nibble boundary.  This means packets like DNS requests will be
    stripped before being correctly processed.  Fix this by allowing at least
    two nibbles (or one byte) alignment.
    
    Signed-off-by: Aaron Conole <aconole@redhat.com>
    Signed-off-by: Ben Pfaff <blp@ovn.org>
    (cherry picked from commit 1051576cf2b8a6ffddf849d984c250a8456e6144)
    
    Resolves: #1764125


* Fri Jul 10 2020 Timothy Redaelli <tredaelli@redhat.com> - 2.11.3-19
- jsonrpc: increase input buffer size from 512 to 4096 (#1776883) [RH gerrit: 9c93db8373]
    Increase jsonrpc input buffer size from 512 to 4096 bytes in order to
    reduce the syscall overhead when downloading huge db size
    
    Acked-by: Mark Michelson <mmichels@redhat.com>
    Signed-off-by: Lorenzo Bianconi <lorenzo.bianconi@redhat.com>
    Signed-off-by: Ben Pfaff <blp@ovn.org>
    (cherry picked from commit ea5c1ba0e3b899b8b6684f23a44bbfd4331815ee)
    
    Resolves: #1776883


* Fri Jul 10 2020 Timothy Redaelli <tredaelli@redhat.com> - 2.11.3-18
- netdev-dpdk: Track vhost tx contention. (#1740144) [RH gerrit: 31112a9502]
    Add a coverage counter to help diagnose contention on the vhost txqs.
    This is seen as dropped packets on the physical ports for rates that
    are usually handled fine by OVS.
    
    Acked-by: Eelco Chaudron <echaudro@redhat.com>
    Signed-off-by: David Marchand <david.marchand@redhat.com>
    Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
    (cherry picked from commit 9ff24b9c9323652f9dc80ff7928148c4af12da9c)
    
    Resolves: #1740144


* Fri Jul 10 2020 Timothy Redaelli <tredaelli@redhat.com> - 2.11.3-17
- ovsdb-server: Allow replication from older schema version servers. (#1766586) [RH gerrit: cb53fe2282]
    Presently, replication is not allowed if there is a schema version mismatch between
    the schema returned by the active ovsdb-server and the local db schema. This is
    causing failures in OVN DB HA deployments during uprades.
    
    In the case of OpenStack tripleo deployment with OVN, OVN DB ovsdb-servers are
    deployed on a multi node controller cluster in active/standby mode. During
    minor updates or major upgrades, the cluster is updated one at a time. If
    a node A is running active OVN DB ovsdb-servers and when it is updated, another
    node B becomes active. After the update when OVN DB ovsdb-servers in A are started,
    these ovsdb-servers fail to replicate from the active if there is a schema
    version mismatch.
    
    This patch addresses this issue by allowing replication even if there is a
    schema version mismatch only if all the active db schema tables and its colums are
    present in the local db schema.
    
    This should not result in any data loss.
    
    Signed-off-by: Numan Siddique <numans@ovn.org>
    Signed-off-by: Ben Pfaff <blp@ovn.org>
    (cherry picked from commit cec7005bde4bc81de7b94a3dc4b4160800c98be7)
    
    Resolves: #1766586


* Fri Jul 10 2020 Timothy Redaelli <tredaelli@redhat.com> - 2.11.3-16
- ovsdb-server: Don't drop all connections on read/write status change. (#1761572) [RH gerrit: 5a0a77328b]
    The commit [1] force drops all connections when the db read/write status changes.
    Prior to the commit [1], when there was read/write status change, the existing
    jsonrpc sessions with 'db_change_aware' set to true, were not updated with the
    changed 'read_only' value. If the db status was changed to 'standby', the existing
    clients could still write to the db.
    
    In the case of pacemaker OVN HA, OVN OCF script 'start' action starts the
    ovsdb-servers in read-only state and later, it sets to read-write in the
    'promote' action. We have observed that if some ovn-controllers connect to
    the SB ovsdb-server (in read-only state) just before the 'promote' action,
    the connection is not reset all the times and these ovn-controllers remain connected
    to the SB ovsdb-server in read-only state all the time. Even though
    the commit [1] calls 'ovsdb_jsonrpc_server_reconnect()' with 'forced' flag
    set to true when the db read/write status changes, somehow the FSM misses resetting
    the connections of these ovn-controllers.
    
    I think this needs to be addressed in the FSM. This patch doesn't address
    this FSM issue. Instead it changes the behavior of 'ovsdb_jsonrpc_server_set_read_only()'
    by setting the 'read_only' flag of all the jsonrpc sessions instead of forcefully
    resetting the connection.
    
    I think there is no need to reset the connection. In large scale production
    deployements with OVN, this results in unnecessary waste of CPU cycles as ovn-controllers
    will have to connect twice - once during 'start' action and again during 'promote'.
    
    [1] - 2a9679e3b2c6("ovsdb-server: drop all connections on read/write status change")
    
    Acked-by: Dumitru Ceara <dceara@redhat.com>
    Signed-off-by: Numan Siddique <nusiddiq@redhat.com>
    Signed-off-by: Ben Pfaff <blp@ovn.org>
    (cherry picked from commit a5ff4874ba4bb60ced7bda6ad97d0be38e8172eb)
    
    Resolves: #1761572


* Fri Jul 10 2020 Timothy Redaelli <tredaelli@redhat.com> - 2.11.3-15
- ofproto-dpif: Fix continuation with patch port (#1761461) [RH gerrit: 069d4bd437]
    This patch fixes the ofp_port to odp_port translation issue on patch
    port with nxt_resume.  When OVS resumes processing a packet from
    nxt_resume, OVS does not translate the ofp in_port to odp in_port
    correctly if the packet is originally received from a patch port.
    Currently,OVS sets the odp in_port for this resume pakcet as ODPP_NONE
    and push the resume packet back to the datapath. Later on, if the packet
    goes through a recirc, OVS will generate the following message since it
    can not translate odp in_port (ODPP_NONE) back to ofp in_port during upcall,
    and push down a datapath rule to drop the packet.
    
        ofproto_dpif_upcall(handler16)|INFO|received packet on unassociated
            datapath port 4294967295
    
    When OVS revalidates the drop datapath flow with ODPP_NONE in_port, we
    will see the following warning.
        ofproto_dpif_upcall(revalidator18)|WARN|Failed to acquire udpif_key
            corresponding to unexpected flow (Invalid argument): ufid:....
    
    This patch resolves this issue by storing the odp in_port in the
    continuation messages, and restores the odp in_port before push the
    packet back to the datapath.
    
    VMWare-BZ: 2364696
    Signed-off-by: Yi-Hung Wei <yihung.wei@gmail.com>
    Signed-off-by: Ben Pfaff <blp@ovn.org>
    (cherry picked from commit 88d2ac50aa4e3383e185b698a1b3a44a6f7b4f80)
    
    Resolves: #1761461


* Fri Jul 10 2020 Timothy Redaelli <tredaelli@redhat.com> - 2.11.3-14
- vswitch: ratelimit the device add log (#1737146) [RH gerrit: 052e541d45]
    It's possible that a port added to the system with certain kinds
    of invalid parameters will cause the 'could not add' log to be
    triggered.  When this happens, the vswitch run loop can continually
    re-attempt adding the port.  While the parameters remain invalid
    the vswitch run loop will re-trigger the warning, flooding the
    syslog.
    
    This patch adds a simple rate limit to the log.
    
    Acked-by: William Tu <u9012063@gmail.com>
    Signed-off-by: Aaron Conole <aconole@redhat.com>
    Signed-off-by: Ben Pfaff <blp@ovn.org>
    (cherry picked from commit 45bd8c563273fb914ff1960a53cfdcfddb0a5588)
    
    Resolves: #1737146


* Fri Jul 10 2020 Timothy Redaelli <tredaelli@redhat.com> - 2.11.3-13
- netdev-dpdk: Enable tx-retries-max config. (#1747531) [RH gerrit: 734086f5d4]
    vhost tx retries can provide some mitigation against
    dropped packets due to a temporarily slow guest/limited queue
    size for an interface, but on the other hand when a system
    is fully loaded those extra cycles retrying could mean
    packets are dropped elsewhere.
    
    Up to now max vhost tx retries have been hardcoded, which meant
    no tuning and no way to disable for debugging to see if extra
    cycles spent retrying resulted in rx drops on some other
    interface.
    
    Add an option to change the max retries, with a value of
    0 effectively disabling vhost tx retries.
    
    Signed-off-by: Kevin Traynor <ktraynor@redhat.com>
    Acked-by: Eelco Chaudron <echaudro@redhat.com>
    Acked-by: Flavio Leitner <fbl@sysclose.org>
    Acked-by: Ilya Maximets <i.maximets@samsung.com>
    Signed-off-by: Ian Stokes <ian.stokes@intel.com>
    (cherry picked from commit 080f080c3bc1e87da4affdce28a01b1a87a60364)
    
    Resolves: #1747531


* Fri Jul 10 2020 Timothy Redaelli <tredaelli@redhat.com> - 2.11.3-12
- netdev-dpdk: Add custom stat for vhost tx retries. (#1747531) [RH gerrit: 0c238ac414]
    vhost tx retries may occur, and it can be a sign that
    the guest is not optimally configured.
    
    Add a custom stat so a user will know if vhost tx retries are
    occurring and hence give a hint that guest config should be
    examined.
    
    Signed-off-by: Kevin Traynor <ktraynor@redhat.com>
    Signed-off-by: Ian Stokes <ian.stokes@intel.com>
    (cherry picked from commit c161357d5d96f32144f4b63ee6b06049c0cc0a09)
    
    Resolves: #1747531


* Fri Jul 10 2020 Timothy Redaelli <tredaelli@redhat.com> - 2.11.3-11
- doc: Move vhost tx retry info to separate section. (#1747531) [RH gerrit: 91d9e4d92b]
    vhost tx retry is applicable to vhost-user and vhost-user-client,
    but was in the section that compares them. Also, moved further
    down the doc as prefer to have more fundamental info about vhost
    nearer the top.
    
    Fixes: 6d6513bfc657 ("doc: Add info on vhost tx retries.")
    Reported-by: David Marchand <david.marchand@redhat.com>
    Signed-off-by: Kevin Traynor <ktraynor@redhat.com>
    Reviewed-by: David Marchand <david.marchand@redhat.com>
    Signed-off-by: Ian Stokes <ian.stokes@intel.com>
    (cherry picked from commit 4e6c16db31806dfcf84d6ebdb0d708cfa39bd08f)
    
    Resolves: #1747531


* Fri Jul 10 2020 Timothy Redaelli <tredaelli@redhat.com> - 2.11.3-10
- netdev-vport: Make ip6gre netdev type to use TC rules (#1725623) [RH gerrit: d3315b8035]
    The offload api functions already assigned to every tunnel class.
    For ip6gre tunnel class only need to also assign the get_ifindex
    function, similarly as done in commit 5e63eaa969a3 ("netdev-vport: Make
    gre netdev type to use TC rules").
    
    Signed-off-by: Eli Britstein <elibr@mellanox.com>
    Reviewed-by: Roi Dayan <roid@mellanox.com>
    Signed-off-by: Ben Pfaff <blp@ovn.org>
    (cherry picked from commit 8732450c2ee76410c7fbebaebe5f9cf27252208f)
    
    Resolves: #1725623


* Fri Jul 10 2020 Timothy Redaelli <tredaelli@redhat.com> - 2.11.3-9
- tunnel: Add layer 2 IPv6 GRE encapsulation support. (#1725623) [RH gerrit: 0c20e7e83d]
    The patch adds ip6gre support. Tunnel type 'ip6gre' with packet_type=
    legacy_l2 is a layer 2 GRE tunnel over IPv6, carrying inner ethernet packets
    and encap with GRE header with outer IPv6 header.  Encapsulation of layer 3
    packet over IPv6 GRE, ip6gre, is not supported yet.  I tested it by running:
      # make check-kernel TESTSUITEFLAGS='-k ip6gre'
    under kernel 5.2 and for userspace:
      # make check TESTSUITEFLAGS='-k ip6gre'
    
    Tested-by: Greg Rose <gvrose8192@gmail.com>
    Tested-at: https://travis-ci.org/gvrose8192/ovs-experimental/builds/552977116
    Reviewed-by: Greg Rose <gvrose8192@gmail.com>
    Reviewed-by: Eli Britstein <elibr@mellanox.com>
    Signed-off-by: William Tu <u9012063@gmail.com>
    Signed-off-by: Ben Pfaff <blp@ovn.org>
    (cherry picked from commit a3173ee1476840aaa6d90640169bd276568ff4c1)
    
    Resolves: #1725623


* Fri Jul 10 2020 Timothy Redaelli <tredaelli@redhat.com> - 2.11.3-8
- ovsdb-server: drop all connections on read/write status change (#1720947) [RH gerrit: 0f0be40ee0]
    Prior to this patch, only db change aware connections were dropped
    on a read/write status change. However, current schema in OVN does
    not allow clients to monitor whether a particular DB changes this
    status. In order to accomplish this, we'd need to change the schema
    and adapting ovsdb-server and existing clients.
    
    Before tackling that, this patch is changing ovsdb-server to drop
    *all* the existing connections upon a read/write status change. This
    will force clients to reconnect and honor the change.
    
    Reported-at: https://mail.openvswitch.org/pipermail/ovs-discuss/2019-July/048981.html
    Signed-off-by: Daniel Alvarez <dalvarez@redhat.com>
    Signed-off-by: Ben Pfaff <blp@ovn.org>
    (cherry picked from commit 2a9679e3b2c6fde74ddae362d88ba16db7fbfc38)
    
    Resolves: #1720947


* Fri Jul 10 2020 Timothy Redaelli <tredaelli@redhat.com> - 2.11.3-7
- netdev-tc-offloads: Support match on priority tags (#1725623) [RH gerrit: 895735b382]
    The logic by which a TC rule has a VLAN match is by the VLAN TCI field,
    either the VID, PCP or CFI are non-zero. For priority-tag packets
    there is a VLAN tag header with a zero VLAN TCI. Match on existence of
    VLAN header (TPID) regardless of TCI matching.
    
    Signed-off-by: Eli Britstein <elibr@mellanox.com>
    Reviewed-by: Roi Dayan <roid@mellanox.com>
    Signed-off-by: Simon Horman <simon.horman@netronome.com>
    (cherry picked from commit 0b0a84783cd6048ca3d35af0f5b4652cecd34358)
    
    Resolves: #1725623


* Fri Jul 10 2020 Timothy Redaelli <tredaelli@redhat.com> - 2.11.3-6
- rhel: limit stack size to 2M. (#1720315) [RH gerrit: 79c6209e71]
    The default stack size in Fedora/RHEL is 8M, which means when ovs-vswitchd
    daemon starts and uses --mlockall (default), it will dirty all memory
    regions for all threads which is proportionally to the number of CPUs.
    
    On a big host this increases memory usage to many hundreds of megabytes
    while OVS actually requires much less.
    
    This patch relies on systemd to limit to 2M/thread. That is much more
    than the minimum documented at function ovs_thread_create():
    
        /* Some small systems use a default stack size as small as 80 kB, but OVS
         * requires approximately 384 kB according to the following analysis:
         * https://mail.openvswitch.org/pipermail/ovs-dev/2016-January/308592.html
         *
         * We use 512 kB to give us some margin of error. */
    
    Acked-By: Timothy Redaelli <tredaelli@redhat.com>
    Tested-By: Timothy Redaelli <tredaelli@redhat.com>
    Signed-off-by: Flavio Leitner <fbl@sysclose.org>
    Signed-off-by: Ben Pfaff <blp@ovn.org>
    (cherry picked from commit b82a90e266e1246fe2973db97c95df22558174ea)
    
    Resolves: #1720315


* Fri Jul 10 2020 Timothy Redaelli <tredaelli@redhat.com> - 2.11.3-5
- Add a new OVS action check_pkt_larger (#1702564) [RH gerrit: c899ac5788]
    This patch adds a new action 'check_pkt_larger' which checks if the
    packet is larger than the given size and stores the result in the
    destination register.
    
    Usage: check_pkt_larger(len)->REGISTER
    Eg. match=...,actions=check_pkt_larger(1442)->NXM_NX_REG0[0],next;
    
    This patch makes use of the new datapath action - 'check_pkt_len'
    which was recently added in the commit [1].
    At the start of ovs-vswitchd, datapath is probed for this action.
    If the datapath action is present, then 'check_pkt_larger'
    makes use of this datapath action.
    
    Datapath action 'check_pkt_len' takes these nlattrs
          * OVS_CHECK_PKT_LEN_ATTR_PKT_LEN - 'pkt_len' to check for
          * OVS_CHECK_PKT_LEN_ATTR_ACTIONS_IF_GREATER (optional) - Nested actions
            to apply if the packet length is greater than the specified 'pkt_len'
          * OVS_CHECK_PKT_LEN_ATTR_ACTIONS_IF_LESS_EQUAL (optional) - Nested
            actions to apply if the packet length is lesser or equal to the
            specified 'pkt_len'.
    
    Let's say we have these flows added to an OVS bridge br-int
    
    table=0, priority=100 in_port=1,ip,actions=check_pkt_larger:100->NXM_NX_REG0[0],resubmit(,1)
    table=1, priority=200,in_port=1,ip,reg0=0x1/0x1 actions=output:3
    table=1, priority=100,in_port=1,ip,actions=output:4
    
    Then the action 'check_pkt_larger' will be translated as
      - check_pkt_len(size=100,gt(3),le(4))
    
    datapath will check the packet length and if the packet length is greater than 100,
    it will output to port 3, else it will output to port 4.
    
    In case, datapath doesn't support 'check_pkt_len' action, the OVS action
    'check_pkt_larger' sets SLOW_ACTION so that datapath flow is not added.
    
    This OVS action is intended to be used by OVN to check the packet length
    and generate an ICMP packet with type 3, code 4 and next hop mtu
    in the logical router pipeline if the MTU of the physical interface
    is lesser than the packet length. More information can be found here [2]
    
    [1] - https://kernel.googlesource.com/pub/scm/linux/kernel/git/davem/net-next/+/4d5ec89fc8d14dcdab7214a0c13a1c7321dc6ea9
    [2] - https://mail.openvswitch.org/pipermail/ovs-discuss/2018-July/047039.html
    
    Reported-at:
    https://mail.openvswitch.org/pipermail/ovs-discuss/2018-July/047039.html
    Suggested-by: Ben Pfaff <blp@ovn.org>
    Signed-off-by: Numan Siddique <nusiddiq@redhat.com>
    CC: Ben Pfaff <blp@ovn.org>
    CC: Gregory Rose <gvrose8192@gmail.com>
    Acked-by: Mark Michelson <mmichels@redhat.com>
    Signed-off-by: Ben Pfaff <blp@ovn.org>
    (cherry picked from commit 5b34f8fc3b38b430c05ee39a0c84f8e9da24cd3a)
    
    Conflicts:
           NEWS
           tests/ofprot-dpif.at +L10571 - Not really a conflict. Had to fix the test case because we
                                          don't have the commit - dbf4a92800d0365cc3ec3c0e99df56e2ba676cb7
    
    Resolves: #1702564


* Fri Jul 10 2020 Timothy Redaelli <tredaelli@redhat.com> - 2.11.3-4
- netlink linux: account for the netnsid netlink attr. (#1692812) [RH gerrit: ce14b518b7]
    The buffer needs to be reallocated and data copied when
    the netnsid netlink attribute is included, so avoid that
    by accounting the attribute when the buffer is initially
    allocated.
    
    Fixes: 756819ddd788 ("netdev-linux: use netlink to update netdev.")
    Acked-by: Aaron Conole <aconole@redhat.com>
    Signed-off-by: Flavio Leitner <fbl@sysclose.org>
    Signed-off-by: Ben Pfaff <blp@ovn.org>
    (cherry picked from commit b43762a5ad3343d28e61ed518c97802c5bd8f380)
    
    Resolves: #1692812


* Fri Jul 10 2020 Timothy Redaelli <tredaelli@redhat.com> - 2.11.3-3
- rhel: Add an example to specify custom options (#1687775) [RH gerrit: a7dd6b6eb5]
    Add an example to specify custom options of ovs-vswitchd and
    ovsdb-server.
    In the example, the log level for file and console destinations is set to dbg.
    
    Signed-off-by: Timothy Redaelli <tredaelli@redhat.com>
    Signed-off-by: Ben Pfaff <blp@ovn.org>
    (cherry picked from commit 175b9a6401da76994bac955ebc9f440634e63d55)
    
    Resolves: #1687775


* Fri Jul 10 2020 Timothy Redaelli <tredaelli@redhat.com> - 2.11.3-2
- ovs-ctl: Permit to specify additional options (#1687775) [RH gerrit: b8a874b82e]
    Currently using ovs-ctl is not possible to specify additional options
    for ovs-vswitchd and ovsdb-server (for example to specify a different
    loglevel during daemon startup).
    
    This patch adds --ovs-vswitchd-options and --ovsdb-server-options
    options to ovs-ctl in order to specify the additional options.
    
    Due to word splitting it may not be possible to specify an option that
    includes whitespaces.
    
    Reported-at: https://bugzilla.redhat.com/1664794
    Reported-by: Matt Flusche <mflusche@redhat.com>
    Signed-off-by: Timothy Redaelli <tredaelli@redhat.com>
    Signed-off-by: Ben Pfaff <blp@ovn.org>
    (cherry picked from commit fce20b8b73b1c08bc0f51a04a2109d80e4bc8b51)
    
    Resolves: #1687775


* Fri Jul 10 2020 Timothy Redaelli <tredaelli@redhat.com> - 2.11.3-1
- Merge commit 'a4efc599e0244e43fd417b2fb38b7f120eb1ebd4' into fast-datapath-rhel-7 [RH gerrit: 8da1428afe]


* Thu Jun 25 2020 Timothy Redaelli <tredaelli@redhat.com> - 2.11.0-56.20200327gita4efc59
- Backport "bus/pci: fix VF memory access" (#1851170)

* Wed May 27 2020 Aaron Conole <aconole@redhat.com> - 2.11.0-55.20200327gita4efc59
- Backport the upstreammed fixes for HWOL (#1812892)

* Mon May 11 2020 Maxime Coquelin <maxime.coquelin@redhat.com> - 2.11.0-54.20200327gita4efc59
- Backport fixes for CVE-2020-10722 & CVE-2020-10723 (#1831391 & #1831394)

* Tue Apr 21 2020 Aaron Conole <aconole@redhat.com> - 2.11.0-53.20200327gita4efc59
- Backport HWOL fixes for ingress qdisc (#1812892)

* Fri Apr 17 2020 Timothy Redaelli <tredaelli@redhat.com> - 2.11.0-52.20200327gita4efc59
- Update to DPDK 18.11.7 (#1822653)

* Thu Apr 09 2020 Timothy Redaelli <tredaelli@redhat.com> - 2.11.0-51.20200327gita4efc59
- Rebase to last branch-2.11 commit and DPDK 18.11.6 (#1822653)

* Wed Mar 11 2020 Timothy Redaelli <tredaelli@redhat.com> - 2.11.0-50
- Backport "vhost: fix packed virtqueue ready condition" (#1793068)

* Tue Mar 10 2020 Timothy Redaelli <tredaelli@redhat.com> - 2.11.0-49
- Revert Backport "ovs-tc: support OvS internal port offload" and deps (#1737982)
- Revert Backport "netdev-tc-offloads: Use correct hook qdisc at init tc flow" (#1737982)

* Tue Feb 25 2020 Maxime Coquelin <maxime.coquelin@redhat.com> - 2.11.0-48
- Backport "vhost: fix vring memory partially mapped" (#1798996)
- Backport "vhost: protect log address translation in IOTLB update" (#1798996)

* Thu Jan 16 2020 Timothy Redaelli <tredaelli@redhat.com> - 2.11.0-47
- Backport "netdev-vport: Use the dst_port in tunnel netdev name" (#1727599)

* Thu Jan 16 2020 Timothy Redaelli <tredaelli@redhat.com> - 2.11.0-46
- Backport "dpif-netlink: Allow offloading of flows with dl_type 0x1234." (#1722337)

* Thu Jan 16 2020 Timothy Redaelli <tredaelli@redhat.com> - 2.11.0-45
- Backport "lib/tc: Support optional tunnel id" (#1732305)
  Backport "lib/tc: Fix flow dump for tunnel id equal zero" (#1732305)

* Wed Jan 15 2020 Timothy Redaelli <tredaelli@redhat.com> - 2.11.0-44
- Backport "tc: implement support for action flags" (#1780690)

* Wed Jan 15 2020 Timothy Redaelli <tredaelli@redhat.com> - 2.11.0-43
- Backport "rhel: secure openvswitch useropts" (#1785586)
- Backport "rhel: run ovn with the same user as ovs" (#1785586)
- Backport "rhel: set useropts optional for ovsdb-server" (#1785586)
- Backport "rhel: let *-ctl handle runtime directory" (#1785586)

* Tue Jan 14 2020 Eelco Chaudron <echaudro@redhat.com> - 2.11.0-42
- Backport "userspace: Improved packet drop statistics" (#1726568)

* Tue Jan 14 2020 Kevin Traynor <ktraynor@redhat.com> - 2.11.0-41
- Detailed packet drop statistics and related patches (#1790841)
- Backport "netdev-dpdk: Fix not reporting rx_oversize_errors in stats." (#1790841)
- Backport "netdev-dpdk: Refactor vhost custom stats for extensibility." (#1790841)
- Backport "netdev-dpdk: Reuse vhost function for dpdk ETH custom stats." (#1790841)
- Backport "netdev-dpdk: Detailed packet drop statistics." (#1790841)
- Backport "netdev-dpdk: Fix sw stats perf drop." (#1790841)

* Fri Jan 10 2020 Adrián Moreno <amorenoz@redhat.com> - 2.11.0-40
- Backport "vhost: fix virtqueue not accessible" (#1792399)
- Backport "vhost: prevent zero copy mode if IOMMU is on" (#1792399)
- Backport "vhost: convert buffer addresses to GPA for logging" (#1792399)
- Backport "vhost: translate incoming log address to GPA" (#1792399)
- Backport "vhost: fix vring address handling during live migration" (#1792399)
- Backport "vhost: add external message handling to the API" (#1792399)

* Wed Jan 08 2020 Numan Siddique <nusiddiq@redhat.com> - 2.11.0-39
- Backport "ovsdb replication: Provide option to configure probe interval" (#1788800)

* Tue Jan 07 2020 David Marchand <david.marchand@redhat.com> - 2.11.0-38
- Backport DPDK interrupt fixes for qede (#1738789)

* Mon Dec 23 2019 Eelco Chaudron <echaudro@redhat.com> - 2.11.0-37
- Backport "vhost: add device op when notification to guest is sent" (#1726579)
- Backport "netdev-dpdk: Add coverage counter to count vhost IRQs" (#1726579)

* Mon Dec 23 2019 Eelco Chaudron <echaudro@redhat.com> - 2.11.0-36
- Backport "net/i40e: downgrade error log" (#1719644)
- Backport "net/i40e: re-program promiscuous mode on VF interface" (#1733402)
- Backport "bridge: Allow manual notifications about interfaces' updates" (#1719644)
- Backport "netdev-dpdk: add support for the RTE_ETH_EVENT_INTR_RESET" (#1719644)

* Tue Dec 10 2019 Timothy Redaelli <tredaelli@redhat.com> - 2.11.0-35
- Fix librte_pmd_mlx{4,5}_glue.so error in Execshield part of RPMDiff
  by backporting the DPDK flags from dpdk spec file.

* Fri Dec 06 2019 Timothy Redaelli <tredaelli@redhat.com> - 2.11.0-34
- Backport "Shutdown SSL connection before closing socket" (#1780745)

* Thu Dec 05 2019 Aaron Conole <aconole@redhat.com> - 2.11.0-33
- Backport "ovs-check-dead-ifs: python3 print format" (#1751161)
- Backport "ovs-check-dead-ifs: unshadow pid variable" (#1751161)
- Backport "flake8: also check the ovs-check-dead-ifs script" (#1751161)

* Thu Dec 05 2019 Aaron Conole <aconole@redhat.com> - 2.11.0-32
- Backport "ovs-tcpundump: exit when getting version" (#1764127)

* Thu Dec 05 2019 Aaron Conole <aconole@redhat.com> - 2.11.0-31
- Backport "ovs-tcpundump: allow multiple packet lengths" (#1764125)

* Tue Dec 03 2019 Timothy Redaelli <tredaelli@redhat.com> - 2.11.0-30
- Rebase internal DPDK to 18.11.5 (#1760246) (CVE-2019-14818)

* Tue Nov 26 2019 Lorenzo Bianconi <lorenzo.bianconi@redhat.com> - 2.11.0-29
- Backport "jsonrpc: increase input buffer size from 512 to 4096" (#1776883)

* Tue Nov 12 2019 David Marchand <david.marchand@redhat.com> - 2.11.0-28
- Backport "netdev-dpdk: Track vhost tx contention." (#1740144)

* Tue Oct 29 2019 Numan Siddique <nusiddiq@redhat.com> - 2.11.0-27
- Backport "ovsdb-server: Allow replication from older schema version servers" (#1766586)

* Mon Oct 14 2019 Numan Siddique <nusiddiq@redhat.com> - 2.11.0-26
- Backport "ovsdb-server: Don't drop all connections on read/write status change" (#1761572)

* Mon Oct 14 2019 Dumitru Ceara <dceara@redhat.com> - 2.11.0-25
- Backport "ofproto-dpif: Fix continuation with patch port" (#1761461)

* Mon Oct 07 2019 Aaron Conole <aconole@redhat.com> - 2.11.0-24
- Backport "vswitch: ratelimit the device add log" (#1737146)

* Fri Sep 13 2019 Kevin Traynor <ktraynor@redhat.com> - 2.11.0-23
- Backport "Add custom stat for vhost tx retries." (#1747531)
- Backport "Enable tx-retries-max config." (#1747531)

* Tue Sep 03 2019 Flavio Leitner <fbl@redhat.com> - 2.11.0-22
- tnl-neigh: Use outgoing ofproto version (#1685642)

* Tue Aug 27 2019 Flavio Leitner <fbl@redhat.com> - 2.11.0-21
- Bump release

* Tue Aug 06 2019 David Marchand <david.marchand@redhat.com> - 2.11.0-20
- Renumbered dpdk patches
- Backport IOVA fixes (#1711739)

* Tue Jul 23 2019 Numan Siddique <nusiddiq@redhat.com> - 2.11.0-19
- Backport "ovsdb-server: drop all connections on read/write status change" (#1720947)

* Tue Jul 16 2019 Timothy Redaelli <tredaelli@redhat.com> - 2.11.0-18
- Increase CONFIG_RTE_MAX_ETHPORTS to 128 (#1730421)

* Tue Jul 16 2019 Timothy Redaelli <tredaelli@redhat.com> - 2.11.0-17
- Backport "tunnel: Add layer 2 IPv6 GRE encapsulation support." and
  "netdev-vport: Make ip6gre netdev type to use TC rules" (#1725623)

* Fri Jul 12 2019 Timothy Redaelli <tredaelli@redhat.com> - 2.11.0-16
- Rebase internal DPDK to 18.11.2 (#1713698)

* Tue Jul 09 2019 David Marchand <david.marchand@redhat.com> - 2.11.0-15
- Backport "net/i40e: fix dropped packets statistics name" (#1728610)

* Tue Jul 02 2019 Timothy Redaelli <tredaelli@redhat.com> - 2.11.0-14
- Backport "netdev-tc-offloads: Use correct hook qdisc at init tc flow" (#1721219)

* Fri Jun 21 2019 Timothy Redaelli <tredaelli@redhat.com> - 2.11.0-13
- Backport "netdev-tc-offloads: Support match on priority tags" (#1722249)

* Thu Jun 13 2019 Maxime Coquelin <maxime.coquelin@redhat.com> - 2.11.0-12
- Backport Vhost performance regression fixes (#1672538)

* Thu Jun 13 2019 Flavio Leitner <fbl@redhat.com> - 2.11.0-11
- Backport "rhel: limit stack size to 2M." (#1720315)

* Thu May 16 2019 Pablo Cascón <pablo.cascon@redhat.com> - 2.11.0-10
- Backport "ovs-tc: support OvS internal port offload" and deps (#1702334)

* Wed Apr 24 2019 Numan Siddique <nusiddiq@redhat.com> - 2.11.0-9
- Backport "[OVN] Fragmentation support - check_pkt_larger action" (#1702564)

* Thu Apr 11 2019 Kevin Traynor <ktraynor@redhat.com> - 2.11.0-8
- Backport "net/qede: support IOVA VA mode" (#1684605)

* Wed Apr 10 2019 David Marchand <david.marchand@redhat.com> - 2.11.0-7
- Backport cpu affinity fixes (#1687320)

* Tue Apr 09 2019 Timothy Redaelli <tredaelli@redhat.com> - 2.11.0-6
- Add missing dependencies for ovs-tcpdump (#1697978)

* Tue Mar 26 2019 Flavio Leitner <fbl@redhat.com> - 2.11.0-5
- fixed netlink msg corruption when updating netdev. (#1692812)

* Tue Mar 12 2019 Davide Caratti <dcaratti@redhat.com> - 2.11.0-4
- Backport "net/bnxt: support IOVA VA mode" (#1645523)

* Tue Mar 12 2019 Timothy Redaelli <tredaelli@redhat.com> - 2.11.0-3
- Backport "ovs-ctl: Permit to specify additional options" (#1687775)
- Remove useless -fPIC from DPDK

* Fri Mar 01 2019 Timothy Redaelli <tredaelli@redhat.com> - 2.11.0-2
- Backport "rhel: Use PIDFile on forking systemd service files" (#1684477)

* Thu Feb 28 2019 Timothy Redaelli <tredaelli@redhat.com> - 2.11.0-1
- Update to official 2.11 release

* Thu Jan 31 2019 Open vSwitch Bot <null@redhat.com> - 2.11.0-0.20190129gitd3a10db
- Snapshot of branch-2.11 d3a10db4fd38

* Sun Jan 27 2019 Open vSwitch Bot <null@redhat.com> - 2.11.0-0.20190126gitd4ff5b2
- Snapshot of branch-2.11 d4ff5b2be7fc

* Mon Jan 14 2019 Timothy Redaelli <tredaelli@redhat.com> - 2.11.0-0.20190114gitadb3f0b
- Update to a snapshot of OVS 2.11 from master

* Mon Jan 7 2019 Lorenzo Bianconi <lorenzo.bianconi@redhat.com> - 2.10.0-42
- Backport "OVN: add static IP support to IPAM" (#1664028)

* Thu Jan 03 2019 Timothy Redaelli <tredaelli@redhat.com> - 2.10.0-41
- Backport some patches to improve offload indications (#1655990)

* Wed Jan 02 2019 Timothy Redaelli <tredaelli@redhat.com> - 2.10.0-40
- Add "Requires: openvswitch = %%{version}-%%{release}" to python-openvswitch2.10 (#1662944)

* Wed Jan 2 2019 Lorenzo Bianconi <lorenzo.bianconi@redhat.com> - 2.10.0-39
- Backport "OVN: add mac address only support to IPAM/MACAM" (#1662905)

* Thu Dec 20 2018 Numan Siddique <nusiddiq@redhat.com> - 2.10.0-38
- Backport "ovn-controller: Inject GARPs to logical switch pipeline to update neighbors" (#1643902)

* Tue Dec 18 2018 David Marchand <david.marchand@redhat.com> - 2.10.0-37
- Backport 'ovs-ctl: fix system-id.conf owner' (#1659391)
- Do not check /var/log/openvswitch owner/group (#1659391)

* Tue Dec 18 2018 Numan Siddique <nusiddiq@redhat.com> - 2.10.0-36
- Backport "ovn: Fix the invalid eth.dst and ip6.dst set by nd_ns action for certain cases." (#1656018)

* Mon Dec 10 2018 Timothy Redaelli <tredaelli@redhat.com> - 2.10.0-35
- Backport "dpif-netdev: Add vlan to mask for flow_put operation" (#1649516)

* Tue Nov 27 2018 Numan Siddique <nusiddiq@redhat.com> - 2.10.0-34
- Backport "ovn: Avoid tunneling for VLAN packets redirected to a gateway chassis" (#1561880)

* Fri Nov 23 2018 Eelco Chaudron <echaudro@redhat.com> - 2.10.0-33
- Backport "mem: fix memory initialization time" (#1647498)

* Thu Nov 22 2018 Timothy Redaelli <tredaelli@redhat.com> - 2.10.0-32
- Backport "tests: Use the default key length when generating RSA keys"

* Wed Nov 14 2018 Timothy Redaelli <tredaelli@redhat.com> - 2.10.0-31
- Backport "net/qede: fix crash when configure fails" (#1648183)

* Tue Nov 13 2018 Lorenzo Bianconi <lorenzo.bianconi@redhat.com> - 2.10.0-30
- Backport 'pinctrl: Fix dp_packet structure leak' and 'pinctrl: Fix crash on
  buffered packets hmap double remove'. Moreover align 'ovn -- 3 HVs, 3 LS, 3
  lports/LS, 1 LR' test to upstream one (#1649008)

* Tue Nov 13 2018 Eelco Chaudron <echaudro@redhat.com> - 2.10.0-29
- Backup "netdev-dpdk: Bring link down when NETDEV_UP is not set" (#1645288)

* Fri Nov 09 2018 Lorenzo Bianconi <lorenzo.bianconi@redhat.com> - 2.10.0-28
- OVN: configure L2 address according to the used IP address (#1648272)

* Thu Nov 08 2018 Timothy Redaelli <tredaelli@redhat.com> - 2.10.0-27
- Backport "bond: Honor updelay and downdelay when LACP is in use" (#1646923)

* Thu Nov 08 2018 Lorenzo Bianconi <lorenzo.bianconi@redhat.com> - 2.10.0-26
- OVN: introduce mac_prefix support to IPAM (#1647750)

* Tue Nov 06 2018 Timothy Redaelli <tredaelli@redhat.com> - 2.10.0-25
- Backport "ofproto-dpif-xlate: Avoid deadlock on multicast snooping recursion" (#1643065)

* Tue Nov 06 2018 Timothy Redaelli <tredaelli@redhat.com> - 2.10.0-24
- Re-enable "make check"

* Fri Nov 02 2018 Kevin Traynor <ktraynor@redhat.com> - 2.10.0-23
- Update to DPDK 17.11.4 (#1566069)

* Thu Oct 25 2018 Timothy Redaelli <tredaelli@redhat.com> - 2.10.0-22
- Ship statically linked OVS binaries (#1643478)

* Tue Oct 23 2018 Numan Siddique <nusiddiq@redhat.com> - 2.10.0-21
- Backport connmgr: Fix vswitchd abort when a port is added and the controller is down (#1637926)

* Mon Oct 22 2018 Timothy Redaelli <tredaelli@redhat.com> - 2.10.0-20
- Backport "ovn: Add DHCP support for option 252" (#1641740)

* Wed Oct 17 2018 Timothy Redaelli <tredaelli@redhat.com> - 2.10.0-19
- Backport "net/i40e: fix VLAN offload setting issue" (#1637893)

* Wed Oct 17 2018 Timothy Redaelli <tredaelli@redhat.com> - 2.10.0-18
- Backport "Python: Make Row's __getattr__ less error prone" (#1639963)

* Fri Oct 12 2018 Numan Siddique <nusiddiq@redhat.com> - 2.10.0-17
- OVN: ovn-ctl: Fix the wrong pidfile argument passed to ovsdb-servers (#1636714)

* Fri Oct 12 2018 Numan Siddique <nusiddiq@redhat.com> - 2.10.0-16
- OVN: Support processing DHCPv6 information request message type (#1636874)

* Fri Oct 12 2018 Numan Siddique <nusiddiq@redhat.com> - 2.10.0-15
- OVN: Fix IPv6 DAD failure for container ports (#1616129)

* Thu Oct 11 2018 Numan Siddique <nusiddiq@redhat.com> - 2.10.0-14
- OVN: Fix the issue in IPv6 Neigh Solicitation responder for router IPs (#1567735)

* Tue Oct 09 2018 Lorenzo Bianconi <lorenzo.bianconi@redhat.com> - 2.10.0-13
- OVN: add buffering support for ip packets (#1637466)

* Mon Oct 08 2018 Matteo Croce <mcroce@redhat.com> - 2.10.0-12
- Fix null pointer (#1634015)
* Tue Oct 02 2018 Lorenzo Bianconi <lorenzo.bianconi@redhat.com> - 2.10.0-11
- OVN: add CT_LB action to ovn-trace (#1635344)

* Mon Oct 01 2018 Timothy Redaelli <tredaelli@redhat.com> - 2.10.0-10
- Backport NFP PMD's non-root related commits for > 1TB of RAM (#1634820):
  - net/nfp: support IOVA VA mode
  - bus/pci: forbid IOVA mode if IOMMU address width too small
  - net/nfp: check hugepages IOVAs based on DMA mask
  - mem: use address hint for mapping hugepages
  - bus/pci: use IOVAs check when setting IOVA mode
  - mem: add function for checking memsegs IOVAs addresses
  - mem: fix max DMA maskbit size

* Thu Sep 27 2018 Matteo Croce <mcroce@redhat.com> - 2.10.0-9
- Backport "Remove support for multiple queues per port" (#1634015)

* Wed Sep 26 2018 Matteo Croce <mcroce@redhat.com> - 2.10.0-8
- Backport EMC reorder fix (#1565205)

* Wed Sep 26 2018 Matteo Croce <mcroce@redhat.com> - 2.10.0-7
- Backport per-port socket netlink creation with EPOLLEXCLUSIVE (#1634015)

* Fri Sep 21 2018 Kevin Traynor <ktraynor@redhat.com> - 2.10.0-6
- Backport roundrobin rxq to pmd assignment (#1631797)

* Fri Sep 14 2018 Timothy Redaelli <tredaelli@redhat.com> - 2.10.0-5
- Backport "ovs-save: Don't always include the default flow during restore" (#1628905)

* Thu Sep 13 2018 Flavio Leitner <fbl@redhat.com> - 2.10.0-4
- applied Fix translation of groups with no buckets (#1626488)

* Thu Sep 13 2018 Flavio Leitner <fbl@redhat.com> - 2.10.0-3
- Removed provides and obsoletes for openvswitch-dpdk (#1628603)

* Tue Sep 11 2018 Timothy Redaelli <tredaelli@redhat.com> - 2.10.0-2
- Backported "net/mlx{4,5}: avoid stripping the glue library" (#1627700)

* Tue Aug 21 2018 Flavio Leitner <fbl@redhat.com> - 2.10-1
- Updated with 2.10.0 official tarball (#1618551)

* Fri Aug 17 2018 Flavio Leitner <fbl@redhat.com> - 2.10-0
- Sync'ed with fd-next (4452afaa58)
- vhost: flush IOTLB cache on new mem table handling (#1609643)
- OVN: introduce ovs-appctl command to monitor HVs sb (#1593804)

* Thu Aug 16 2018 Open vSwitch Bot <null@redhat.com> - 2.10-0
- Snapshot of branch-2.10 6bced903bb50

* Fri Aug 10 2018 Open vSwitch Bot <null@redhat.com> - 2.10-0
- Snapshot of branch-2.10 58a7ce60b9f7

* Wed Aug 08 2018 Open vSwitch Bot <null@redhat.com> - 2.10-0
- Snapshot of branch-2.10 faf64fb8861f

* Tue Aug 07 2018 Flavio Leitner <fbl@redhat.com> - 2.10-0
- Snapshot of branch master 7a78d1c1ad73

* Tue Jul 31 2018 Flavio Leitner <fbl@redhat.com> - 2.10-0
- Sync'ed spec file with fd-next-57 (shared linking).
  (DPDK patches not included)
- Fixed package dependencies (#1610603)

* Fri Jul 27 2018 Open vSwitch Bot <null@redhat.com> - 2.10-0
- Snapshot of branch master b1ca64f020f7

* Fri Jul 27 2018 Flavio Leitner <fbl@redhat.com> - 2.10-0
- Replace macro %%{name} with 'openvswitch'.

* Tue Jul 24 2018 Open vSwitch Bot <null@redhat.com> - 2.10-0
- Snapshot of branch master 1ac690899592

* Tue Jul 24 2018 Flavio Leitner <fbl@redhat.com> - 2.10-0
- Versioned conflict to be less than 2.10.

* Thu Jul 19 2018 Open vSwitch Bot <null@redhat.com> - 2.10-0
- Snapshot of branch master 3c921cc2b6b7

* Wed Jul 18 2018 Flavio Leitner <fbl@redhat.com> - 2.10-0
- Fixed unbound requires and buildrequires.

* Tue Jul 10 2018 Open vSwitch Bot <null@redhat.com> - 2.10-0
- Snapshot of branch master 93c0ef12039c

* Tue Jul 03 2018 Open vSwitch Bot <null@redhat.com> - 2.10-0
- Snapshot of branch master 79d0dfa4e99a

* Wed Jun 27 2018 Open vSwitch Bot <null@redhat.com> - 2.10-0
- Snapshot of branch master e46148133067

* Wed Jun 27 2018 Open vSwitch Bot <null@redhat.com> - 2.10-0
- Snapshot of branch master 61677bf976e9

* Tue Jun 26 2018 Flavio Leitner <fbl@redhat.com> - 2.10-0
- snapshot of branch master

* Mon Jun 11 2018 Aaron Conole <aconole@redhat.com> - 2.9.0-47
- Backport "net/mlx5: fix memory region cache lookup" (#1581230)
- Backport "net/mlx5: fix memory region boundary checks" (#1581230)

* Mon Jun 11 2018 Timothy Redaelli <tredaelli@redhat.com> - 2.9.0-46
- Backport "net/qede: fix memory alloc for multiple port reconfig" (#1589866)

* Thu Jun 07 2018 Timothy Redaelli <tredaelli@redhat.com> - 2.9.0-45
- Backport "net/qede: fix unicast filter routine return code" (#1578590)

* Thu Jun 07 2018 Timothy Redaelli <tredaelli@redhat.com> - 2.9.0-44
- Backport "net/qede: fix L2-handles used for RSS hash update" (#1578981)

* Tue May 29 2018 Timothy Redaelli <tredaelli@redhat.com> - 2.9.0-43
- Backport "net/nfp: fix lock file usage" (#1583670)

* Mon May 28 2018 Timothy Redaelli <tredaelli@redhat.com> - 2.9.0-42
- Backport "net/nfp: configure default RSS reta table" (#1583161)

* Mon May 28 2018 Timothy Redaelli <tredaelli@redhat.com> - 2.9.0-41
- Backport "netdev-dpdk: don't enable scatter for jumbo RX support for nfp" (#1578324)

* Mon May 28 2018 Timothy Redaelli <tredaelli@redhat.com> - 2.9.0-40
- Backport "ovn pacemaker: Fix promotion issue when the master node is reset" (#1579025)

* Thu May 24 2018 Timothy Redaelli <tredaelli@redhat.com> - 2.9.0-39
- Backport spec file modfications from "rhel: Use openvswitch user/group for
  the log directory"

* Wed May 23 2018 Maxime Coquelin <maxime.coquelin@redhat.com> - 2.9.0-38
- Backport "vhost: improve dirty pages logging performance" (#1552465)

* Wed May 16 2018 Timothy Redaelli <tredaelli@redhat.com> - 2.9.0-37
- Backport "ovn: Set proper Neighbour Adv flag when replying for NS request for
  router IP" (#1567735)

* Mon May 14 2018 Timothy Redaelli <tredaelli@redhat.com> - 2.9.0-36
- Enable QEDE PMDs (only on x86_64) (#1578003)

* Thu May 10 2018 Lorenzo Bianconi <lorenzo.bianconi@redhat.com> - 2.9.0-35
- ovn-nbctl: Show gw chassis in decreasing prio order (#1576725)

* Wed May 09 2018 Timothy Redaelli <tredaelli@redhat.com> - 2.9.0-34
- Fix hugetlbfs group when DPDK is enabled

* Wed May 09 2018 Timothy Redaelli <tredaelli@redhat.com> - 2.9.0-33
- Backport "eal: abstract away the auxiliary vector" (#1560728)
- Re-enable DPDK on ppc64le

* Wed May 09 2018 Aaron Conole <aconole@redhat.com> - 2.9.0-32
- Require the selinux policy module (#1555440)

* Tue May 08 2018 Timothy Redaelli <tredaelli@redhat.com> - 2.9.0-31
- Backport fix QEDE PMD (#1494616)

* Tue May 08 2018 Timothy Redaelli <tredaelli@redhat.com> - 2.9.0-30
- Backport "net/nfp: fix mbufs releasing when stop or close" (#1575067)

* Sun May 06 2018 Timothy Redaelli <tredaelli@redhat.com> - 2.9.0-29
- Backport net/mlx4: fix broadcast Rx (#1568908)

* Fri May 04 2018 Kevin Traynor <ktraynor@redhat.com> - 2.9.0-28
- Backport mempool use after free fix and debug (#1575016)

* Fri May 04 2018 Aaron Conole <aconole@redhat.com> - 2.9.0-27
- Fix the email address in the changelog.

* Wed May 02 2018 Aaron Conole <aconole@redhat.com> - 2.9.0-26
- Backport fix for missing user during install/upgrade (#1559374)

* Mon Apr 30 2018 Jakub Sitnicki <jkbs@redhat.com> - 2.9.0-25
- Backport fix for Unicode encoding in Python IDL (#1547065)

* Thu Apr 26 2018 Aaron Conole <aconole@redhat.com> - 2.9.0-24
- Backport the cisco enic patches

* Thu Apr 26 2018 Timothy Redaelli <tredaelli@redhat.com> - 2.9.0-23
- Backport a fix for "Offload of Fragment Matching in OvS Userspace" (#1559111)

* Thu Apr 26 2018 Timothy Redaelli <tredaelli@redhat.com> - 2.9.0-22
- Backport "ovn-controller: Handle Port_Binding's "requested-chassis" option" (#1559222)

* Thu Apr 26 2018 Timothy Redaelli <tredaelli@redhat.com> - 2.9.0-21
- Backport "python: avoid useless JSON conversion to enhance performance" (#1551016)

* Thu Apr 26 2018 Timothy Redaelli <tredaelli@redhat.com> - 2.9.0-20
- Backport "ovn: Set router lifetime value for IPv6 periodic RA" (#1567735)
- Remove useless libpcap-devel dependency

* Mon Apr 23 2018 Kevin Traynor <ktraynor@redhat.com> - 2.9.0-19
- Backport DPDK CVE-2018-1059 (#1544298)

* Fri Apr 20 2018 Davide Caratti <dcaratti@redhat.com> - 2.9.0-18
- Backport fix for PMD segfault when BNXT receives tunneled traffic (#1567634)

* Mon Apr 16 2018 Timothy Redaelli <tredaelli@redhat.com> - 2.9.0-17
- Backport patches to make NFP detect the correct firmware (#1566712)
- Backport "rhel: Fix literal dollar sign usage in systemd service files"

* Fri Mar 30 2018 Timothy Redaelli <tredaelli@redhat.com> - 2.9.0-16
- Backport "rhel: don't drop capabilities when running as root"
- Change owner of /etc/openvswitch during upgrade

* Tue Mar 27 2018 Timothy Redaelli <tredaelli@redhat.com> - 2.9.0-14
- Disable DPDK on ppc64le

* Sun Mar 25 2018 Timothy Redaelli <tredaelli@redhat.com> - 2.9.0-13
- Disable DPDK on aarch64

* Thu Mar 22 2018 Flavio Leitner <fbl@redhat.com> - 2.9.0-12
- fixes i40e link status timeout trough direct register access (#1559612)

* Thu Mar 22 2018 Timothy Redaelli <tredaelli@redhat.com> - 2.9.0-11
- Enable BNXT, MLX4, MLX5 and NFP (aligned from FDB)

* Thu Mar 22 2018 Timothy Redaelli <tredaelli@redhat.com> - 2.9.0-10
- Backport "Offload of Fragment Matching in OvS Userspace" (#1559111)

* Thu Mar 15 2018 Timothy Redaelli <tredaelli@redhat.com> - 2.9.0-9
- Avoid to unpack openvswitch 2 times and to overwrite all the patched files
  Fixes 2.9.0-4

* Thu Mar 08 2018 Eric Garver <egarver@redhat.com> - 2.9.0-8
- Backport "ofproto-dpif-xlate: translate action_set in clone action" (#1544892)

* Thu Mar 08 2018 Timothy Redaelli <tredaelli@redhat.com> - 2.9.0-7
- Backport "ovn: Calculate UDP checksum for DNS over IPv6" (#1553023)

* Tue Mar 06 2018 Aaron Conole <aconole@redhat.com> - 2.9.0-6
- Require the latest rhel selinux policy (#1549673)

* Fri Mar 02 2018 Matteo Croce <mcroce@redhat.com> - 2.9.0-5
- Backport vhost patches (#1541881)

* Fri Mar 02 2018 Timothy Redaelli <tredaelli@redhat.com> - 2.9.0-4
- Don't require python-sphinx directly, but built it since python-sphinx is in
  the optional repository that is not available on RHEV and TPS test fails.

* Tue Feb 20 2018 Timothy Redaelli <tredaelli@redhat.com> - 2.9.0-3
- Don't verify the user and group of /etc/openvswitch and /etc/sysconfig/openvswitch
  This is needed since we cannot change the user and group if you upgrade from
  an old version that still uses root:root.

* Tue Feb 20 2018 Timothy Redaelli <tredaelli@redhat.com> - 2.9.0-1
- Update to OVS 2.9.0 + DPDK 17.11 (#1475436)
- Backport of ofproto-dpif: Delete system tunnel interface when remove ovs bridge (#1505776)
- Backport DPDK patches from FDB (vhost user async fix and enic fixes)
- Backport 94cd8383e297 and 951d79e638ec to fix permissions (#1489465)
- Use a static configuration file for DPDK

* Fri Jan 12 2018 Timothy Redaelli <tredaelli@redhat.com> - 2.7.3-3.git20180112
- Rebase to latest OVS branch-2.7 fixes + DPDK 16.11.4 (#1533872)

* Wed Oct 18 2017 Timothy Redaelli <tredaelli@redhat.com> - 2.7.3-2.git20171010
- Remove ovs-test and ovs-vlan-test from openvswitch-test package
- Add an option to enable openvswitch-ovn-docker package (disabled by default)

* Tue Oct 10 2017 Timothy Redaelli <tredaelli@redhat.com> - 2.7.3-1.git20171010
- Update to OVS 2.7.3 + branch-2.7 bugfixes (#1502742)

* Mon Sep 18 2017 Kevin Traynor <ktraynor@redhat.com> - 2.7.2-10.git20170914
- Backport of fix for i40e flow control get (#1491791)

* Thu Sep 14 2017 Timothy Redaelli <tredaelli@redhat.com> - 2.7.2-9.git20170914
- Rebase to latest OVS branch fixes + DPDK 16.11.3

* Wed Sep 06 2017 Timothy Redaelli <tredaelli@redhat.com> - 2.7.2-8.git20170719
- Backport of enic driver crash fix to dpdk-16.11 (#1489010)

* Tue Aug 22 2017 Aaron Conole <aconole@redhat.com> - 2.7.2-7.git20170719
- Re-enable Cisco enic PMD (#1482675)

* Tue Aug 22 2017 Aaron Conole <aconole@redhat.com> - 2.7.2-6.git20170719
- Update based on multi-arch

* Tue Aug 22 2017 Aaron Conole <aconole@redhat.com> - 2.7.2-5.git20170719
- Disable unsupported PMDs (#1482675)
- software and hardware PMDs audited by the team

* Thu Aug 03 2017 John W. Linville <linville@redhat.com> - 2.7.2-4.git20170719
- Backport mmap fix for memory initialization on ppc64le to dpdk-16.11

* Thu Aug 03 2017 John W. Linville <linville@redhat.com> - 2.7.2-3.git20170719
- Backport support for vfio-pci based PMD in ppc64le to dpdk-16.11

* Thu Aug 03 2017 John W. Linville <linville@redhat.com> - 2.7.2-2.git20170719
- Backport support for Intel XL710 (i40e) pmd in ppc64le to dpdk-16.11

* Wed Jul 19 2017 Timothy Redaelli <tredaelli@redhat.com> - 2.7.2-1.git20170719
- Update to OVS 2.7.2 + branch-2.7 bugfixes (#1472854)
- Add a symlink of the OCF script in the OCF resources folder (#1472729)

* Mon Jul 10 2017 Timothy Redaelli <tredaelli@redhat.com> - 2.7.1-1.git20170710
- Align to FDB openvswitch-2.7.1-1.git20170710.el7fdb (#1459286)

* Wed Jun 07 2017 Timothy Redaelli <tredaelli@redhat.com> - 2.6.1-20.git20161206
- backport "mcast-snooping: Avoid segfault for vswitchd" (#1456356)
- backport "mcast-snooping: Flush ports mdb when VLAN cfg changed." (#1456358)

* Sun May 21 2017 Lance Richardson <lrichard@redhat.com> - 2.6.1-19.git20161206
- backport patch to not automatically restard ovn svcs after upgrade (#1438901)

* Tue May 09 2017 Timothy Redaelli <tredaelli@redhat.com> - 2.6.1-18.git20161206
- rconn: Avoid abort for ill-behaved remote (#1449109)

* Fri May 05 2017 Timothy Redaelli <tredaelli@redhat.com> - 2.6.1-17.git20161206
- Fix race in "PMD - change numa node" test (#1447714)
- Report only un-deleted groups in group stats replies. (#1447724)
- Workaround some races in "ofproto - asynchronous message control" tests (#1448536)

* Mon Apr 10 2017 Eric Garver <egarver@redhat.com> - 2.6.1-16.git20161206
- Fix an issue using set_field action on nw_ecn (#1410715)

* Fri Mar 31 2017 Kevin Traynor <ktraynor@redhat.com> - 2.6.1-15.git20161206
- backport patch to fix uni-dir vhost perf drop (#1414919)

* Wed Mar 29 2017 Lance Richardson <lrichard@redhat.com> - 2.6.1-14.git20161206
- backport patch to correct port number in firewalld service file (#1390938)

* Fri Mar 10 2017 Timothy Redaelli <tredaelli@redhat.com> - 2.6.1-13.git20161206
- backport patch to enable/disable libcap-ng support (--with libcapng)

* Thu Mar 09 2017 Aaron Conole <aconole@redhat.com> - 2.6.1-12.git20161206
- Fix an MTU issue with ovs mirror ports (#1426342)

* Wed Mar 08 2017 Lance Richardson <lrichard@redhat.com> - 2.6.1-11.git20161206
- update spec file to install firewalld service files (#1390938)

* Thu Feb 16 2017 Aaron Conole <aconole@redhat.com> - 2.6.1-10.git20161206
- vhostuser client mode support for ifup/ifdown (#1418957)

* Thu Feb 16 2017 Lance Richardson <lrichard@redhat.com> - 2.6.1-9.git20161206
-  OVN-DHCP is not sending DHCP responses after a MAC change in north db (#1418261)

* Thu Feb 16 2017 Timothy Redaelli <tredaelli@redhat.com> - 2.6.1-8.git20161206
- systemd service starts too fast (#1422227)

* Fri Feb 10 2017 Lance Richardson <lrichard@redhat.com> - 2.6.1-7.git20161206
- iptables should be easily configurable for OVN hosts and OVN central server (#1390938)

* Thu Feb 09 2017 Aaron Conole <aconole@redhat.com> - 2.6.1-6.git20161206
- ovn: IPAM has no reply to DHCP request for renewal (#1415449)

* Tue Feb 07 2017 Timothy Redaelli <tredaelli@redhat.com> - 2.6.1-5.git20161206
- ovn-controller: Provide the option to set Encap.options:csum (#1418742)

* Mon Feb 06 2017 Flavio Leitner <fbl@redhat.com> 2.5.0-23.git20160727
- fixed broken service after a package upgrade (#1403958)

* Wed Dec 21 2016 Lance Richardson <lrichard@redhat.com> 2.6.1-3.git20161206
- ovsdb-idlc: Initialize nonnull string columns for inserted rows. (#1405094)

* Fri Dec 09 2016 Lance Richardson <lrichard@redhat.com> 2.6.1-2.git20161206
- OVN: Support IPAM with externally specified MAC (#1368043)

* Tue Dec 06 2016 Kevin Traynor <ktraynor@redhat.com> 2.6.1-1.git20161206
- Update to OVS 2.6.1 + branch-2.6 bugfixes (#1335865)
- Update to use DPDK 16.11 (#1335865)
- Enable OVN

* Tue Nov 22 2016 Flavio Leitner <fbl@redhat.com> 2.5.0-22.git20160727
- ifnotifier: do not wake up when there is no db connection (#1397504)

* Tue Nov 22 2016 Flavio Leitner <fbl@redhat.com> 2.5.0-21.git20160727
- Use instant sending instead of queue (#1397481)

* Mon Nov 21 2016 Flavio Leitner <fbl@redhat.com> 2.5.0-20.git20160727
- dpdk vhost: workaround stale vring base (#1376217)

* Thu Oct 20 2016 Aaron Conole <aconole@redhat.com> - 2.5.0-19.git20160727
- Applied tnl fix (#1346232)

* Tue Oct 18 2016 Aaron Conole <aconole@redhat.com> - 2.5.0-18.git20160727
- Applied the systemd backports

* Tue Oct 18 2016 Flavio Leitner <fbl@redhat.com> - 2.5.0-17.git20160727
- Fixed OVS to not require SSSE3 if DPDK is not used (#1378501)

* Tue Oct 18 2016 Flavio Leitner <fbl@redhat.com> - 2.5.0-16.git20160727
- Fixed a typo (#1385096)

* Tue Oct 18 2016 Flavio Leitner <fbl@redhat.com> - 2.5.0-15.git20160727
- Do not restart the service after a package upgrade (#1385096)

* Mon Sep 26 2016 Panu Matilainen <pmatilai@redhat.com> - 2.5.0-14.git20160727
- Permit running just the kernel datapath tests (#1375660)

* Wed Sep 14 2016 Panu Matilainen <pmatilai@redhat.com> - 2.5.0-13.git20160727
- Obsolete openvswitch-dpdk < 2.6.0 to provide migration path
- Add spec option to run kernel datapath tests (#1375660)

* Fri Sep 09 2016 Panu Matilainen <pmatilai@redhat.com> - 2.5.0-12.git20160727
- Backport ovs-tcpdump support (#1335560)
- Add ovs-pcap, ovs-tcpdump and ovs-tcpundump to -test package

* Thu Sep 08 2016 Panu Matilainen <pmatilai@redhat.com> - 2.5.0-11.git20160727
- Add openvswitch-dpdk provide for testing and depending on dpdk-enablement
- Disable bnx2x driver, it's not stable
- Build dpdk with -Wno-error to permit for newer compilers
- Drop subpkgs conditional from spec, its not useful anymore

* Fri Aug 26 2016 Panu Matilainen <pmatilai@redhat.com> - 2.5.0-10.git20160727
- Fix adding ukeys for same flow by different pmds (#1364898)

* Thu Jul 28 2016 Flavio Leitner <fbl@redhat.com> - 2.5.0-9.git20160727
- Fixed ifup-ovs to support DPDK Bond (#1360426)

* Thu Jul 28 2016 Flavio Leitner <fbl@redhat.com> - 2.5.0-8.git20160727
- Fixed ifup-ovs to delete the ports first (#1359890)

* Wed Jul 27 2016 Flavio Leitner <fbl@redhat.com> - 2.5.0-7.git20160727
- pull bugfixes from upstream 2.5 branch (#1360431)

* Tue Jul 26 2016 Flavio Leitner <fbl@redhat.com> - 2.5.0-6.git20160628
- Removed redundant provides for openvswitch
- Added epoch to the provides for -static package

* Thu Jul 21 2016 Flavio Leitner <fbl@redhat.com> - 2.5.0-5.git20160628
- Renamed to openvswitch (dpdk enabled)
- Enabled sub-packages
- Removed conflicts to openvswitch
- Increased epoch to give this package preference over stable

* Tue Jun 28 2016 Panu Matilainen <pmatilai@redhat.com> - 2.5.0-4.git20160628
- pull bugfixes from upstream 2.5 branch (#1346313)

* Wed Apr 27 2016 Panu Matilainen <pmatilai@redhat.com> - 2.5.0-4
- Enable DPDK bnx2x driver (#1330589)
- Add README.DPDK-PMDS document listing drivers included in this package

* Thu Mar 17 2016 Flavio Leitner <fbl@redhat.com> - 2.5.0-3
- Run testsuite by default on x86 arches (#1318786)
  (this sync the spec with non-dpdk version though the testsuite
   was already enabled here)

* Thu Mar 17 2016 Panu Matilainen <pmatilai@redhat.com> - 2.5.0-2
- eliminate debuginfo-artifacts (#1281913)

* Thu Mar 17 2016 Panu Matilainen <pmatilai@redhat.com> - 2.5.0-1
- Update to OVS to 2.5.0 and bundled DPDK to 2.2.0 (#1317889)

* Mon Nov 23 2015 Panu Matilainen <pmatilai@redhat.com>
- Provide openvswitch ver-rel (#1281894)

* Thu Aug 13 2015 Flavio Leitner <fbl@redhat.com>
- ExclusiveArch to x86_64 (dpdk)
- Provides bundled(dpdk)
- Re-enable testsuite

* Fri Aug 07 2015 Panu Matilainen <pmatilai@redhat.com>
- Enable building from pre-release snapshots, update to pre 2.4 version
- Bundle a minimal, private build of DPDK 2.0 and link statically
- Rename package to openvswitch-dpdk, conflict with regular openvswitch
- Disable all sub-packages

* Wed Jan 12 2011 Ralf Spenneberg <ralf@os-s.net>
- First build on F14