diff --git a/.gitignore b/.gitignore index 559019f..86ef991 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ -SOURCES/openvswitch-2.0.0.tar.gz +SOURCES/*.tar.* +SRPMS diff --git a/.openvswitch.metadata b/.openvswitch.metadata index b820c5e..48a19dd 100644 --- a/.openvswitch.metadata +++ b/.openvswitch.metadata @@ -1 +1,6 @@ -3ce3f0bb96bfc79fdaf7a325ca1287803324eae7 SOURCES/openvswitch-2.0.0.tar.gz +002450621b33c5690060345b0aac25bc2426d675 SOURCES/docutils-0.12.tar.gz +6fa486bc4c6af2bc692fe25f1d0e7737f05fa7d4 SOURCES/openvswitch-3.3.0.tar.gz +8509a716f9f936526f64fb23f313c5a9baf2f123 SOURCES/pyelftools-0.27.tar.gz +d34f96421a86004aa5d26ecf975edefd09f948b1 SOURCES/Pygments-1.4.tar.gz +3a11f130c63b057532ca37fe49c8967d0cbae1d5 SOURCES/Sphinx-1.2.3.tar.gz +061198752d3d8b64d33113b7c8c1e272c973403d SOURCES/dpdk-23.11.tar.xz diff --git a/SOURCES/openvswitch-3.3.0.patch b/SOURCES/openvswitch-3.3.0.patch new file mode 100644 index 0000000..adebfb4 --- /dev/null +++ b/SOURCES/openvswitch-3.3.0.patch @@ -0,0 +1,1489 @@ +diff --git a/.github/workflows/build-and-test.yml b/.github/workflows/build-and-test.yml +index fc75581486..6f5139304a 100644 +--- a/.github/workflows/build-and-test.yml ++++ b/.github/workflows/build-and-test.yml +@@ -238,6 +238,14 @@ jobs: + if: matrix.m32 != '' + run: sudo apt install -y gcc-multilib + ++ - name: Reduce ASLR entropy ++ if: matrix.sanitizers != '' ++ # Asan in llvm 14 provided in ubuntu-22.04 is incompatible with ++ # high-entropy ASLR configured in much newer kernels that GitHub ++ # runners are using leading to random crashes: ++ # https://github.com/actions/runner-images/issues/9491 ++ run: sudo sysctl -w vm.mmap_rnd_bits=28 ++ + - name: prepare + run: ./.ci/linux-prepare.sh + +diff --git a/AUTHORS.rst b/AUTHORS.rst +index aa9284fb16..80678854bd 100644 +--- a/AUTHORS.rst ++++ b/AUTHORS.rst +@@ -588,6 +588,7 @@ David Evans davidjoshuaevans@gmail.com + David Palma palma@onesource.pt + David van Moolenbroek dvmoolenbroek@aimvalley.nl + Derek Cormier derek.cormier@lab.ntt.co.jp ++Derrick Lim derrick.lim@rakuten.com + Dhaval Badiani dbadiani@vmware.com + DK Moon + Ding Zhi zhi.ding@6wind.com +diff --git a/Documentation/intro/install/windows.rst b/Documentation/intro/install/windows.rst +index fce099d5dc..efdb8aebce 100644 +--- a/Documentation/intro/install/windows.rst ++++ b/Documentation/intro/install/windows.rst +@@ -112,7 +112,7 @@ The following explains the steps in some detail. + `OpenSSL for Windows `__ + + Note down the directory where OpenSSL is installed (e.g.: +- ``C:/OpenSSL-Win32``) for later use. ++ ``C:/OpenSSL-Win64``) for later use. + + .. note:: + +@@ -182,7 +182,7 @@ To configure with SSL support, add the requisite additional options: + --localstatedir="C:/openvswitch/var" + --sysconfdir="C:/openvswitch/etc" \ + --with-pthread="C:/pthread" \ +- --enable-ssl --with-openssl="C:/OpenSSL-Win32" ++ --enable-ssl --with-openssl="C:/OpenSSL-Win64" + + Finally, to the kernel module also: + +@@ -194,7 +194,7 @@ Finally, to the kernel module also: + --localstatedir="C:/openvswitch/var" \ + --sysconfdir="C:/openvswitch/etc" \ + --with-pthread="C:/pthread" \ +- --enable-ssl --with-openssl="C:/OpenSSL-Win32" \ ++ --enable-ssl --with-openssl="C:/OpenSSL-Win64" \ + --with-vstudiotarget="" \ + --with-vstudiotargetver="" + +diff --git a/NEWS b/NEWS +index 8888fb3ec5..4bfb341cf4 100644 +--- a/NEWS ++++ b/NEWS +@@ -1,3 +1,6 @@ ++v3.3.1 - xx xxx xxxx ++-------------------- ++ + v3.3.0 - 16 Feb 2024 + -------------------- + - OVSDB: +diff --git a/configure.ac b/configure.ac +index 05afbb9cc8..a3ea65c0fa 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -13,7 +13,7 @@ + # limitations under the License. + + AC_PREREQ(2.63) +-AC_INIT(openvswitch, 3.3.0, bugs@openvswitch.org) ++AC_INIT(openvswitch, 3.3.1, bugs@openvswitch.org) + AC_CONFIG_SRCDIR([vswitchd/ovs-vswitchd.c]) + AC_CONFIG_MACRO_DIR([m4]) + AC_CONFIG_AUX_DIR([build-aux]) +diff --git a/debian/changelog b/debian/changelog +index 2049ddaa26..22c767a4ce 100644 +--- a/debian/changelog ++++ b/debian/changelog +@@ -1,3 +1,9 @@ ++openvswitch (3.3.1-1) unstable; urgency=low ++ [ Open vSwitch team ] ++ * New upstream version ++ ++ -- Open vSwitch team Fri, 16 Feb 2024 12:25:58 +0100 ++ + openvswitch (3.3.0-1) unstable; urgency=low + + * New upstream version +diff --git a/lib/bfd.c b/lib/bfd.c +index 9af258917b..b8149e7897 100644 +--- a/lib/bfd.c ++++ b/lib/bfd.c +@@ -1130,10 +1130,11 @@ bfd_set_state(struct bfd *bfd, enum state state, enum diag diag) + if (!VLOG_DROP_INFO(&rl)) { + struct ds ds = DS_EMPTY_INITIALIZER; + +- ds_put_format(&ds, "%s: BFD state change: %s->%s" +- " \"%s\"->\"%s\".\n", ++ ds_put_format(&ds, "%s: BFD state change: (bfd.SessionState: %s," ++ " bfd.LocalDiag: \"%s\") -> (bfd.SessionState: %s," ++ " bfd.LocalDiag: \"%s\")\n", + bfd->name, bfd_state_str(bfd->state), +- bfd_state_str(state), bfd_diag_str(bfd->diag), ++ bfd_diag_str(bfd->diag), bfd_state_str(state), + bfd_diag_str(diag)); + bfd_put_details(&ds, bfd); + VLOG_INFO("%s", ds_cstr(&ds)); +diff --git a/lib/conntrack.c b/lib/conntrack.c +index 013709bd62..6d02eaba8b 100644 +--- a/lib/conntrack.c ++++ b/lib/conntrack.c +@@ -2637,25 +2637,19 @@ conntrack_dump_start(struct conntrack *ct, struct conntrack_dump *dump, + + dump->ct = ct; + *ptot_bkts = 1; /* Need to clean up the callers. */ ++ dump->cursor = cmap_cursor_start(&ct->conns); + return 0; + } + + int + conntrack_dump_next(struct conntrack_dump *dump, struct ct_dpif_entry *entry) + { +- struct conntrack *ct = dump->ct; + long long now = time_msec(); + +- for (;;) { +- struct cmap_node *cm_node = cmap_next_position(&ct->conns, +- &dump->cm_pos); +- if (!cm_node) { +- break; +- } +- struct conn_key_node *keyn; +- struct conn *conn; ++ struct conn_key_node *keyn; ++ struct conn *conn; + +- INIT_CONTAINER(keyn, cm_node, cm_node); ++ CMAP_CURSOR_FOR_EACH_CONTINUE (keyn, cm_node, &dump->cursor) { + if (keyn->dir != CT_DIR_FWD) { + continue; + } +diff --git a/lib/conntrack.h b/lib/conntrack.h +index 0a888be455..6339701627 100644 +--- a/lib/conntrack.h ++++ b/lib/conntrack.h +@@ -101,8 +101,8 @@ struct conntrack_dump { + struct conntrack *ct; + unsigned bucket; + union { +- struct cmap_position cm_pos; + struct hmap_position hmap_pos; ++ struct cmap_cursor cursor; + }; + bool filter_zone; + uint16_t zone; +diff --git a/lib/dp-packet.c b/lib/dp-packet.c +index 305822293b..df7bf8e6b3 100644 +--- a/lib/dp-packet.c ++++ b/lib/dp-packet.c +@@ -592,6 +592,18 @@ dp_packet_ol_send_prepare(struct dp_packet *p, uint64_t flags) + if (dp_packet_hwol_is_tunnel_geneve(p) || + dp_packet_hwol_is_tunnel_vxlan(p)) { + tnl_inner = true; ++ ++ /* If the TX interface doesn't support UDP tunnel offload but does ++ * support inner checksum offload and an outer UDP checksum is ++ * required, then we can't offload inner checksum either. As that would ++ * invalidate the outer checksum. */ ++ if (!(flags & NETDEV_TX_OFFLOAD_OUTER_UDP_CKSUM) && ++ dp_packet_hwol_is_outer_udp_cksum(p)) { ++ flags &= ~(NETDEV_TX_OFFLOAD_TCP_CKSUM | ++ NETDEV_TX_OFFLOAD_UDP_CKSUM | ++ NETDEV_TX_OFFLOAD_SCTP_CKSUM | ++ NETDEV_TX_OFFLOAD_IPV4_CKSUM); ++ } + } + + if (dp_packet_hwol_tx_ip_csum(p)) { +diff --git a/lib/netdev-dpdk.c b/lib/netdev-dpdk.c +index 45f61930d4..8c52accff9 100644 +--- a/lib/netdev-dpdk.c ++++ b/lib/netdev-dpdk.c +@@ -607,6 +607,9 @@ int netdev_dpdk_get_vid(const struct netdev_dpdk *dev); + struct ingress_policer * + netdev_dpdk_get_ingress_policer(const struct netdev_dpdk *dev); + ++static void netdev_dpdk_mbuf_dump(const char *prefix, const char *message, ++ const struct rte_mbuf *); ++ + static bool + is_dpdk_class(const struct netdev_class *class) + { +@@ -2569,9 +2572,29 @@ netdev_dpdk_prep_hwol_packet(struct netdev_dpdk *dev, struct rte_mbuf *mbuf) + struct dp_packet *pkt = CONTAINER_OF(mbuf, struct dp_packet, mbuf); + struct tcp_header *th; + +- if (!(mbuf->ol_flags & (RTE_MBUF_F_TX_IP_CKSUM | RTE_MBUF_F_TX_L4_MASK +- | RTE_MBUF_F_TX_TCP_SEG))) { +- mbuf->ol_flags &= ~(RTE_MBUF_F_TX_IPV4 | RTE_MBUF_F_TX_IPV6); ++ const uint64_t all_requests = (RTE_MBUF_F_TX_IP_CKSUM | ++ RTE_MBUF_F_TX_L4_MASK | ++ RTE_MBUF_F_TX_OUTER_IP_CKSUM | ++ RTE_MBUF_F_TX_OUTER_UDP_CKSUM | ++ RTE_MBUF_F_TX_TCP_SEG); ++ const uint64_t all_marks = (RTE_MBUF_F_TX_IPV4 | ++ RTE_MBUF_F_TX_IPV6 | ++ RTE_MBUF_F_TX_OUTER_IPV4 | ++ RTE_MBUF_F_TX_OUTER_IPV6 | ++ RTE_MBUF_F_TX_TUNNEL_MASK); ++ ++ if (!(mbuf->ol_flags & all_requests)) { ++ /* No offloads requested, no marks should be set. */ ++ mbuf->ol_flags &= ~all_marks; ++ ++ uint64_t unexpected = mbuf->ol_flags & RTE_MBUF_F_TX_OFFLOAD_MASK; ++ if (OVS_UNLIKELY(unexpected)) { ++ VLOG_WARN_RL(&rl, "%s: Unexpected Tx offload flags: %#"PRIx64, ++ netdev_get_name(&dev->up), unexpected); ++ netdev_dpdk_mbuf_dump(netdev_get_name(&dev->up), ++ "Packet with unexpected ol_flags", mbuf); ++ return false; ++ } + return true; + } + +@@ -2664,6 +2687,35 @@ netdev_dpdk_prep_hwol_batch(struct netdev_dpdk *dev, struct rte_mbuf **pkts, + return cnt; + } + ++static void ++netdev_dpdk_mbuf_dump(const char *prefix, const char *message, ++ const struct rte_mbuf *mbuf) ++{ ++ static struct vlog_rate_limit dump_rl = VLOG_RATE_LIMIT_INIT(5, 5); ++ char *response = NULL; ++ FILE *stream; ++ size_t size; ++ ++ if (VLOG_DROP_DBG(&dump_rl)) { ++ return; ++ } ++ ++ stream = open_memstream(&response, &size); ++ if (!stream) { ++ VLOG_ERR("Unable to open memstream for mbuf dump: %s.", ++ ovs_strerror(errno)); ++ return; ++ } ++ ++ rte_pktmbuf_dump(stream, mbuf, rte_pktmbuf_pkt_len(mbuf)); ++ ++ fclose(stream); ++ ++ VLOG_DBG(prefix ? "%s: %s:\n%s" : "%s%s:\n%s", ++ prefix ? prefix : "", message, response); ++ free(response); ++} ++ + /* Tries to transmit 'pkts' to txq 'qid' of device 'dev'. Takes ownership of + * 'pkts', even in case of failure. + * +@@ -2680,6 +2732,8 @@ netdev_dpdk_eth_tx_burst(struct netdev_dpdk *dev, int qid, + VLOG_WARN_RL(&rl, "%s: Output batch contains invalid packets. " + "Only %u/%u are valid: %s", netdev_get_name(&dev->up), + nb_tx_prep, cnt, rte_strerror(rte_errno)); ++ netdev_dpdk_mbuf_dump(netdev_get_name(&dev->up), ++ "First invalid packet", pkts[nb_tx_prep]); + } + + while (nb_tx != nb_tx_prep) { +diff --git a/lib/netdev-dummy.c b/lib/netdev-dummy.c +index cd7e85a818..e8bbf8d514 100644 +--- a/lib/netdev-dummy.c ++++ b/lib/netdev-dummy.c +@@ -39,6 +39,7 @@ + #include "pcap-file.h" + #include "openvswitch/poll-loop.h" + #include "openvswitch/shash.h" ++#include "ovs-router.h" + #include "sset.h" + #include "stream.h" + #include "unaligned.h" +@@ -2084,11 +2085,20 @@ netdev_dummy_ip4addr(struct unixctl_conn *conn, int argc OVS_UNUSED, + + if (netdev && is_dummy_class(netdev->netdev_class)) { + struct in_addr ip, mask; ++ struct in6_addr ip6; ++ uint32_t plen; + char *error; + +- error = ip_parse_masked(argv[2], &ip.s_addr, &mask.s_addr); ++ error = ip_parse_cidr(argv[2], &ip.s_addr, &plen); + if (!error) { ++ mask.s_addr = be32_prefix_mask(plen); + netdev_dummy_add_in4(netdev, ip, mask); ++ ++ /* Insert local route entry for the new address. */ ++ in6_addr_set_mapped_ipv4(&ip6, ip.s_addr); ++ ovs_router_force_insert(0, &ip6, plen + 96, true, argv[1], ++ &in6addr_any, &ip6); ++ + unixctl_command_reply(conn, "OK"); + } else { + unixctl_command_reply_error(conn, error); +@@ -2118,6 +2128,11 @@ netdev_dummy_ip6addr(struct unixctl_conn *conn, int argc OVS_UNUSED, + + mask = ipv6_create_mask(plen); + netdev_dummy_add_in6(netdev, &ip6, &mask); ++ ++ /* Insert local route entry for the new address. */ ++ ovs_router_force_insert(0, &ip6, plen, true, argv[1], ++ &in6addr_any, &ip6); ++ + unixctl_command_reply(conn, "OK"); + } else { + unixctl_command_reply_error(conn, error); +diff --git a/lib/ovs-router.c b/lib/ovs-router.c +index ca014d80ed..3d84c9a30a 100644 +--- a/lib/ovs-router.c ++++ b/lib/ovs-router.c +@@ -330,6 +330,20 @@ ovs_router_insert(uint32_t mark, const struct in6_addr *ip_dst, uint8_t plen, + } + } + ++/* The same as 'ovs_router_insert', but it adds the route even if updates ++ * from the system routing table are disabled. Used for unit tests. */ ++void ++ovs_router_force_insert(uint32_t mark, const struct in6_addr *ip_dst, ++ uint8_t plen, bool local, const char output_bridge[], ++ const struct in6_addr *gw, ++ const struct in6_addr *prefsrc) ++{ ++ uint8_t priority = local ? plen + 64 : plen; ++ ++ ovs_router_insert__(mark, priority, local, ip_dst, plen, ++ output_bridge, gw, prefsrc); ++} ++ + static void + rt_entry_delete__(const struct cls_rule *cr) + { +diff --git a/lib/ovs-router.h b/lib/ovs-router.h +index eb4ff85d9e..d7dc7e55f3 100644 +--- a/lib/ovs-router.h ++++ b/lib/ovs-router.h +@@ -34,6 +34,11 @@ void ovs_router_insert(uint32_t mark, const struct in6_addr *ip_dst, + uint8_t plen, bool local, + const char output_bridge[], const struct in6_addr *gw, + const struct in6_addr *prefsrc); ++void ovs_router_force_insert(uint32_t mark, const struct in6_addr *ip_dst, ++ uint8_t plen, bool local, ++ const char output_bridge[], ++ const struct in6_addr *gw, ++ const struct in6_addr *prefsrc); + void ovs_router_flush(void); + + void ovs_router_disable_system_routing_table(void); +diff --git a/m4/ax_check_openssl.m4 b/m4/ax_check_openssl.m4 +index 281d4dc65e..faa5babde2 100644 +--- a/m4/ax_check_openssl.m4 ++++ b/m4/ax_check_openssl.m4 +@@ -81,7 +81,8 @@ AC_DEFUN([AX_CHECK_OPENSSL], [ + SSL_INCLUDES="-I$ssldir/include" + SSL_LDFLAGS="-L$ssldir/lib" + if test "$WIN32" = "yes"; then +- SSL_LIBS="-lssleay32 -llibeay32" ++ SSL_LDFLAGS="$SSL_LDFLAGS -L$ssldir/lib/VC/x64/MT" ++ SSL_LIBS="-llibssl -llibcrypto" + SSL_DIR=/$(echo ${ssldir} | ${SED} -e 's/://') + else + SSL_LIBS="-lssl -lcrypto" +diff --git a/ofproto/bond.c b/ofproto/bond.c +index cfdf44f854..c31869a4c7 100644 +--- a/ofproto/bond.c ++++ b/ofproto/bond.c +@@ -186,7 +186,7 @@ static struct bond_member *choose_output_member(const struct bond *, + struct flow_wildcards *, + uint16_t vlan) + OVS_REQ_RDLOCK(rwlock); +-static void update_recirc_rules__(struct bond *); ++static void update_recirc_rules(struct bond *) OVS_REQ_WRLOCK(rwlock); + static bool bond_may_recirc(const struct bond *); + static void bond_update_post_recirc_rules__(struct bond *, bool force) + OVS_REQ_WRLOCK(rwlock); +@@ -299,7 +299,10 @@ bond_unref(struct bond *bond) + } + free(bond->hash); + bond->hash = NULL; +- update_recirc_rules__(bond); ++ ++ ovs_rwlock_wrlock(&rwlock); ++ update_recirc_rules(bond); ++ ovs_rwlock_unlock(&rwlock); + + hmap_destroy(&bond->pr_rule_ops); + free(bond->primary); +@@ -331,17 +334,8 @@ add_pr_rule(struct bond *bond, const struct match *match, + hmap_insert(&bond->pr_rule_ops, &pr_op->hmap_node, hash); + } + +-/* This function should almost never be called directly. +- * 'update_recirc_rules()' should be called instead. Since +- * this function modifies 'bond->pr_rule_ops', it is only +- * safe when 'rwlock' is held. +- * +- * However, when the 'bond' is the only reference in the system, +- * calling this function avoid acquiring lock only to satisfy +- * lock annotation. Currently, only 'bond_unref()' calls +- * this function directly. */ + static void +-update_recirc_rules__(struct bond *bond) ++update_recirc_rules(struct bond *bond) OVS_REQ_WRLOCK(rwlock) + { + struct match match; + struct bond_pr_rule_op *pr_op; +@@ -407,6 +401,15 @@ update_recirc_rules__(struct bond *bond) + + VLOG_ERR("failed to remove post recirculation flow %s", err_s); + free(err_s); ++ } else if (bond->hash) { ++ /* If the flow deletion failed, a subsequent call to ++ * ofproto_dpif_add_internal_flow() would just modify the ++ * flow preserving its statistics. Therefore, only reset ++ * the entry's byte counter if it succeeds. */ ++ uint32_t hash = pr_op->match.flow.dp_hash & BOND_MASK; ++ struct bond_entry *entry = &bond->hash[hash]; ++ ++ entry->pr_tx_bytes = 0; + } + + hmap_remove(&bond->pr_rule_ops, &pr_op->hmap_node); +@@ -421,12 +424,6 @@ update_recirc_rules__(struct bond *bond) + ofpbuf_uninit(&ofpacts); + } + +-static void +-update_recirc_rules(struct bond *bond) +- OVS_REQ_RDLOCK(rwlock) +-{ +- update_recirc_rules__(bond); +-} + + /* Updates 'bond''s overall configuration to 's'. + * +diff --git a/ofproto/ofproto-dpif-trace.c b/ofproto/ofproto-dpif-trace.c +index b86e7fe07e..87506aa785 100644 +--- a/ofproto/ofproto-dpif-trace.c ++++ b/ofproto/ofproto-dpif-trace.c +@@ -845,17 +845,35 @@ ofproto_trace(struct ofproto_dpif *ofproto, const struct flow *flow, + bool names) + { + struct ovs_list recirc_queue = OVS_LIST_INITIALIZER(&recirc_queue); ++ int recirculations = 0; ++ + ofproto_trace__(ofproto, flow, packet, &recirc_queue, + ofpacts, ofpacts_len, output, names); + + struct oftrace_recirc_node *recirc_node; + LIST_FOR_EACH_POP (recirc_node, node, &recirc_queue) { ++ if (recirculations++ > 4096) { ++ ds_put_cstr(output, "\n\n"); ++ ds_put_char_multiple(output, '=', 79); ++ ds_put_cstr(output, "\nTrace reached the recirculation limit." ++ " Sopping the trace here."); ++ ds_put_format(output, ++ "\nQueued but not processed: %"PRIuSIZE ++ " recirculations.", ++ ovs_list_size(&recirc_queue) + 1); ++ oftrace_recirc_node_destroy(recirc_node); ++ break; ++ } + ofproto_trace_recirc_node(recirc_node, next_ct_states, output); + ofproto_trace__(ofproto, &recirc_node->flow, recirc_node->packet, + &recirc_queue, ofpacts, ofpacts_len, output, + names); + oftrace_recirc_node_destroy(recirc_node); + } ++ /* Destroy remaining recirculation nodes, if any. */ ++ LIST_FOR_EACH_POP (recirc_node, node, &recirc_queue) { ++ oftrace_recirc_node_destroy(recirc_node); ++ } + } + + void +diff --git a/ofproto/ofproto-dpif-xlate.c b/ofproto/ofproto-dpif-xlate.c +index 1cf4d5f7c9..89f183182e 100644 +--- a/ofproto/ofproto-dpif-xlate.c ++++ b/ofproto/ofproto-dpif-xlate.c +@@ -3815,6 +3815,8 @@ native_tunnel_output(struct xlate_ctx *ctx, const struct xport *xport, + + if (flow->tunnel.ip_src) { + in6_addr_set_mapped_ipv4(&s_ip6, flow->tunnel.ip_src); ++ } else if (ipv6_addr_is_set(&flow->tunnel.ipv6_src)) { ++ s_ip6 = flow->tunnel.ipv6_src; + } + + err = tnl_route_lookup_flow(ctx, flow, &d_ip6, &s_ip6, &out_dev); +diff --git a/tests/nsh.at b/tests/nsh.at +index 55296e5593..0040a50b36 100644 +--- a/tests/nsh.at ++++ b/tests/nsh.at +@@ -521,51 +521,45 @@ AT_CHECK([ + set interface vxlangpe32 type=vxlan options:exts=gpe options:remote_ip=30.0.0.2 options:packet_type=ptap ofport_request=3020 + + ovs-appctl netdev-dummy/ip4addr br-p1 10.0.0.1/24 +- ovs-appctl ovs/route/add 10.0.0.0/24 br-p1 + ovs-appctl tnl/arp/set br-p1 10.0.0.1 $HWADDR_BRP1 + ovs-appctl tnl/arp/set br-p1 10.0.0.2 $HWADDR_BRP2 + ovs-appctl tnl/arp/set br-p1 10.0.0.3 $HWADDR_BRP3 + + ovs-appctl netdev-dummy/ip4addr br-p2 20.0.0.2/24 +- ovs-appctl ovs/route/add 20.0.0.0/24 br-p2 + ovs-appctl tnl/arp/set br-p2 20.0.0.1 $HWADDR_BRP1 + ovs-appctl tnl/arp/set br-p2 20.0.0.2 $HWADDR_BRP2 + ovs-appctl tnl/arp/set br-p2 20.0.0.3 $HWADDR_BRP3 + + ovs-appctl netdev-dummy/ip4addr br-p3 30.0.0.3/24 +- ovs-appctl ovs/route/add 30.0.0.0/24 br-p3 + ovs-appctl tnl/arp/set br-p3 30.0.0.1 $HWADDR_BRP1 + ovs-appctl tnl/arp/set br-p3 30.0.0.2 $HWADDR_BRP2 + ovs-appctl tnl/arp/set br-p3 30.0.0.3 $HWADDR_BRP3 + ], [0], [stdout]) + + AT_CHECK([ +- ovs-appctl ovs/route/add 10.0.0.0/24 br-p1 + ovs-appctl tnl/arp/set br-p1 10.0.0.1 $HWADDR_BRP1 + ovs-appctl tnl/arp/set br-p1 10.0.0.2 $HWADDR_BRP2 + ovs-appctl tnl/arp/set br-p1 10.0.0.3 $HWADDR_BRP3 + ], [0], [stdout]) + + AT_CHECK([ +- ovs-appctl ovs/route/add 20.0.0.0/24 br-p2 + ovs-appctl tnl/arp/set br-p2 20.0.0.1 $HWADDR_BRP1 + ovs-appctl tnl/arp/set br-p2 20.0.0.2 $HWADDR_BRP2 + ovs-appctl tnl/arp/set br-p2 20.0.0.3 $HWADDR_BRP3 + ], [0], [stdout]) + + AT_CHECK([ +- ovs-appctl ovs/route/add 30.0.0.0/24 br-p3 + ovs-appctl tnl/arp/set br-p3 30.0.0.1 $HWADDR_BRP1 + ovs-appctl tnl/arp/set br-p3 30.0.0.2 $HWADDR_BRP2 + ovs-appctl tnl/arp/set br-p3 30.0.0.3 $HWADDR_BRP3 + ], [0], [stdout]) + + AT_CHECK([ +- ovs-appctl ovs/route/show | grep User: ++ ovs-appctl ovs/route/show | grep Cached: | sort + ], [0], [dnl +-User: 10.0.0.0/24 dev br-p1 SRC 10.0.0.1 +-User: 20.0.0.0/24 dev br-p2 SRC 20.0.0.2 +-User: 30.0.0.0/24 dev br-p3 SRC 30.0.0.3 ++Cached: 10.0.0.0/24 dev br-p1 SRC 10.0.0.1 local ++Cached: 20.0.0.0/24 dev br-p2 SRC 20.0.0.2 local ++Cached: 30.0.0.0/24 dev br-p3 SRC 30.0.0.3 local + ]) + + AT_CHECK([ +diff --git a/tests/ofproto-dpif.at b/tests/ofproto-dpif.at +index e305e7b9cd..a1393f7f8e 100644 +--- a/tests/ofproto-dpif.at ++++ b/tests/ofproto-dpif.at +@@ -547,6 +547,23 @@ ovs-appctl time/warp 1000 100 + ovs-appctl bond/show > bond3.txt + AT_CHECK([sed -n '/member p2/,/^$/p' bond3.txt | grep 'hash'], [0], [ignore]) + ++# Check that both ports doing down and back up doesn't break statistics. ++AT_CHECK([ovs-appctl netdev-dummy/set-admin-state p1 down], 0, [OK ++]) ++AT_CHECK([ovs-appctl netdev-dummy/set-admin-state p2 down], 0, [OK ++]) ++ovs-appctl time/warp 1000 100 ++AT_CHECK([ovs-appctl netdev-dummy/set-admin-state p1 up], 0, [OK ++]) ++AT_CHECK([ovs-appctl netdev-dummy/set-admin-state p2 up], 0, [OK ++]) ++ovs-appctl time/warp 1000 100 ++ ++AT_CHECK([SEND_TCP_BOND_PKTS([p5], [5], [65500])]) ++# We sent 49125 KB of data total in 3 batches. No hash should have more ++# than that amount of load. Just checking that it is within 5 digits. ++AT_CHECK([ovs-appctl bond/show | grep -E '[[0-9]]{6}'], [1]) ++ + OVS_VSWITCHD_STOP() + AT_CLEANUP + +@@ -7653,12 +7670,14 @@ dummy@ovs-dummy: hit:0 missed:0 + vm1 5/3: (dummy: ifindex=2011) + ]) + +-dnl set up route to 1.1.2.92 via br0 and action=normal ++dnl Add 1.1.2.92 to br0 and action=normal + AT_CHECK([ovs-appctl netdev-dummy/ip4addr br0 1.1.2.88/24], [0], [OK + ]) +-AT_CHECK([ovs-appctl ovs/route/add 1.1.2.92/24 br0], [0], [OK +-]) + AT_CHECK([ovs-ofctl add-flow br0 action=normal]) ++dnl Checking that a local route for added IP was successfully installed. ++AT_CHECK([ovs-appctl ovs/route/show | grep Cached], [0], [dnl ++Cached: 1.1.2.0/24 dev br0 SRC 1.1.2.88 local ++]) + + dnl Prime ARP Cache for 1.1.2.92 + AT_CHECK([ovs-appctl netdev-dummy/receive p0 'recirc_id(0),in_port(1),eth(src=f8:bc:12:44:34:b6,dst=ff:ff:ff:ff:ff:ff),eth_type(0x0806),arp(sip=1.1.2.92,tip=1.1.2.88,op=2,sha=f8:bc:12:44:34:b6,tha=00:00:00:00:00:00)']) +@@ -7669,10 +7688,13 @@ ovs-vsctl \ + --id=@sf create sflow targets=\"127.0.0.1:$SFLOW_PORT\" agent=127.0.0.1 \ + header=128 sampling=1 polling=0 + +-dnl set up route to 192.168.1.2 via br0 ++dnl Add 192.168.1.2 to br0, + AT_CHECK([ovs-appctl netdev-dummy/ip4addr br0 192.168.1.1/16], [0], [OK + ]) +-AT_CHECK([ovs-appctl ovs/route/add 192.168.0.0/16 br0], [0], [OK ++dnl Checking that a local route for added IP was successfully installed. ++AT_CHECK([ovs-appctl ovs/route/show | grep Cached | sort], [0], [dnl ++Cached: 1.1.2.0/24 dev br0 SRC 1.1.2.88 local ++Cached: 192.168.0.0/16 dev br0 SRC 192.168.1.1 local + ]) + + dnl add rule for int-br to force packet onto tunnel. There is no ifindex +diff --git a/tests/ovsdb-server.at b/tests/ovsdb-server.at +index b8ccc4c8e2..ce6d32aee1 100644 +--- a/tests/ovsdb-server.at ++++ b/tests/ovsdb-server.at +@@ -936,8 +936,10 @@ AT_CHECK_UNQUOTED( + [ignore]) + # The error message for being unable to negotiate a shared ciphersuite + # is 'sslv3 alert handshake failure'. This is not the clearest message. ++# In openssl 3.2.0 all the error messages were updated to replace 'sslv3' ++# with 'ssl/tls'. + AT_CHECK_UNQUOTED( +- [grep "sslv3 alert handshake failure" output], [0], ++ [grep -E "(sslv3|ssl/tls) alert handshake failure" output], [0], + [stdout], + [ignore]) + OVSDB_SERVER_SHUTDOWN([" +diff --git a/tests/packet-type-aware.at b/tests/packet-type-aware.at +index 14cebf6efa..d634930fd5 100644 +--- a/tests/packet-type-aware.at ++++ b/tests/packet-type-aware.at +@@ -142,30 +142,27 @@ AT_CHECK([ + ### Setup GRE tunnels + AT_CHECK([ + ovs-appctl netdev-dummy/ip4addr br-p1 10.0.0.1/24 && +- ovs-appctl ovs/route/add 10.0.0.0/24 br-p1 && + ovs-appctl tnl/arp/set br-p1 10.0.0.1 $HWADDR_BRP1 && + ovs-appctl tnl/arp/set br-p1 10.0.0.2 $HWADDR_BRP2 && + ovs-appctl tnl/arp/set br-p1 10.0.0.3 $HWADDR_BRP3 && + + ovs-appctl netdev-dummy/ip4addr br-p2 20.0.0.2/24 && +- ovs-appctl ovs/route/add 20.0.0.0/24 br-p2 && + ovs-appctl tnl/arp/set br-p2 20.0.0.1 $HWADDR_BRP1 && + ovs-appctl tnl/arp/set br-p2 20.0.0.2 $HWADDR_BRP2 && + ovs-appctl tnl/arp/set br-p2 20.0.0.3 $HWADDR_BRP3 && + + ovs-appctl netdev-dummy/ip4addr br-p3 30.0.0.3/24 && +- ovs-appctl ovs/route/add 30.0.0.0/24 br-p3 && + ovs-appctl tnl/arp/set br-p3 30.0.0.1 $HWADDR_BRP1 && + ovs-appctl tnl/arp/set br-p3 30.0.0.2 $HWADDR_BRP2 && + ovs-appctl tnl/arp/set br-p3 30.0.0.3 $HWADDR_BRP3 + ], [0], [ignore]) + + AT_CHECK([ +- ovs-appctl ovs/route/show | grep User: ++ ovs-appctl ovs/route/show | grep Cached: | sort + ], [0], [dnl +-User: 10.0.0.0/24 dev br-p1 SRC 10.0.0.1 +-User: 20.0.0.0/24 dev br-p2 SRC 20.0.0.2 +-User: 30.0.0.0/24 dev br-p3 SRC 30.0.0.3 ++Cached: 10.0.0.0/24 dev br-p1 SRC 10.0.0.1 local ++Cached: 20.0.0.0/24 dev br-p2 SRC 20.0.0.2 local ++Cached: 30.0.0.0/24 dev br-p3 SRC 30.0.0.3 local + ]) + + AT_CHECK([ +@@ -681,14 +678,13 @@ AT_CHECK([ + + AT_CHECK([ + ovs-appctl netdev-dummy/ip4addr br2 10.0.0.1/24 && +- ovs-appctl ovs/route/add 10.0.0.0/24 br2 && + ovs-appctl tnl/arp/set br2 10.0.0.2 de:af:be:ef:ba:be + ], [0], [ignore]) + + AT_CHECK([ +- ovs-appctl ovs/route/show | grep User: ++ ovs-appctl ovs/route/show | grep Cached: + ], [0], [dnl +-User: 10.0.0.0/24 dev br2 SRC 10.0.0.1 ++Cached: 10.0.0.0/24 dev br2 SRC 10.0.0.1 local + ]) + + +@@ -955,7 +951,6 @@ AT_CHECK([ + + AT_CHECK([ + ovs-appctl netdev-dummy/ip4addr br0 20.0.0.1/24 && +- ovs-appctl ovs/route/add 20.0.0.2/24 br0 && + ovs-appctl tnl/neigh/set br0 20.0.0.1 aa:bb:cc:00:00:01 && + ovs-appctl tnl/neigh/set br0 20.0.0.2 aa:bb:cc:00:00:02 + ], [0], [ignore]) +@@ -963,9 +958,9 @@ AT_CHECK([ + ovs-appctl time/warp 1000 + + AT_CHECK([ +- ovs-appctl ovs/route/show | grep User ++ ovs-appctl ovs/route/show | grep Cached: + ],[0], [dnl +-User: 20.0.0.0/24 dev br0 SRC 20.0.0.1 ++Cached: 20.0.0.0/24 dev br0 SRC 20.0.0.1 local + ]) + + AT_CHECK([ +diff --git a/tests/system-layer3-tunnels.at b/tests/system-layer3-tunnels.at +index 6fbdedb64f..5dcdd2afae 100644 +--- a/tests/system-layer3-tunnels.at ++++ b/tests/system-layer3-tunnels.at +@@ -98,61 +98,6 @@ NS_CHECK_EXEC([at_ns0], [ping -s 3200 -q -c 3 -i 0.3 -W 2 10.1.1.2 | FORMAT_PING + OVS_TRAFFIC_VSWITCHD_STOP + AT_CLEANUP + +-AT_SETUP([layer3 - use non-local port as tunnel endpoint]) +- +-OVS_VSWITCHD_START([add-port br0 p0 -- set Interface p0 type=dummy ofport_request=1]) +-AT_CHECK([ovs-vsctl add-port br0 vtep0 -- set int vtep0 type=dummy], [0]) +-AT_CHECK([ovs-vsctl add-br int-br -- set bridge int-br datapath_type=dummy], [0]) +-AT_CHECK([ovs-vsctl add-port int-br t1 -- set Interface t1 type=gre \ +- options:remote_ip=1.1.2.92 ofport_request=3], [0]) +- +-AT_CHECK([ovs-appctl dpif/show], [0], [dnl +-dummy@ovs-dummy: hit:0 missed:0 +- br0: +- br0 65534/100: (dummy-internal) +- p0 1/1: (dummy) +- vtep0 2/2: (dummy) +- int-br: +- int-br 65534/3: (dummy-internal) +- t1 3/4: (gre: remote_ip=1.1.2.92) +-]) +- +-AT_CHECK([ovs-appctl netdev-dummy/ip4addr vtep0 1.1.2.88/24], [0], [OK +-]) +-AT_CHECK([ovs-appctl ovs/route/add 1.1.2.92/24 vtep0], [0], [OK +-]) +-AT_CHECK([ovs-ofctl add-flow br0 action=normal]) +-AT_CHECK([ovs-ofctl add-flow int-br action=normal]) +- +-dnl Use arp request and reply to achieve tunnel next hop mac binding +-dnl By default, vtep0's MAC address is aa:55:aa:55:00:03 +-AT_CHECK([ovs-appctl netdev-dummy/receive vtep0 'recirc_id(0),in_port(2),eth(dst=ff:ff:ff:ff:ff:ff,src=aa:55:aa:55:00:03),eth_type(0x0806),arp(tip=1.1.2.92,sip=1.1.2.88,op=1,sha=aa:55:aa:55:00:03,tha=00:00:00:00:00:00)']) +-AT_CHECK([ovs-appctl netdev-dummy/receive p0 'recirc_id(0),in_port(1),eth(src=f8:bc:12:44:34:b6,dst=aa:55:aa:55:00:03),eth_type(0x0806),arp(sip=1.1.2.92,tip=1.1.2.88,op=2,sha=f8:bc:12:44:34:b6,tha=aa:55:aa:55:00:03)']) +- +-AT_CHECK([ovs-appctl tnl/neigh/show | tail -n+3 | sort], [0], [dnl +-1.1.2.92 f8:bc:12:44:34:b6 br0 +-]) +- +-AT_CHECK([ovs-appctl ovs/route/show | tail -n+2 | sort], [0], [dnl +-User: 1.1.2.0/24 dev vtep0 SRC 1.1.2.88 +-]) +- +-dnl Check GRE tunnel pop +-AT_CHECK([ovs-appctl ofproto/trace ovs-dummy 'in_port(1),eth(src=f8:bc:12:44:34:b6,dst=aa:55:aa:55:00:03),eth_type(0x0800),ipv4(src=1.1.2.92,dst=1.1.2.88,proto=47,tos=0,ttl=64,frag=no)'], [0], [stdout]) +- +-AT_CHECK([tail -1 stdout], [0], +- [Datapath actions: tnl_pop(4) +-]) +- +-dnl Check GRE tunnel push +-AT_CHECK([ovs-appctl ofproto/trace ovs-dummy 'in_port(3),eth(dst=f9:bc:12:44:34:b6,src=af:55:aa:55:00:03),eth_type(0x0800),ipv4(src=1.1.3.88,dst=1.1.3.92,proto=1,tos=0,ttl=64,frag=no)'], [0], [stdout]) +-AT_CHECK([tail -1 stdout], [0], +- [Datapath actions: tnl_push(tnl_port(4),header(size=38,type=3,eth(dst=f8:bc:12:44:34:b6,src=aa:55:aa:55:00:03,dl_type=0x0800),ipv4(src=1.1.2.88,dst=1.1.2.92,proto=47,tos=0,ttl=64,frag=0x4000),gre((flags=0x0,proto=0x6558))),out_port(2)),1 +-]) +- +-OVS_VSWITCHD_STOP +-AT_CLEANUP +- + AT_SETUP([layer3 - ping over MPLS Bareudp]) + OVS_CHECK_BAREUDP() + OVS_TRAFFIC_VSWITCHD_START([_ADD_BR([br1])]) +diff --git a/tests/system-traffic.at b/tests/system-traffic.at +index 98e494abf4..2d12d558ec 100644 +--- a/tests/system-traffic.at ++++ b/tests/system-traffic.at +@@ -6388,6 +6388,7 @@ OVS_TRAFFIC_VSWITCHD_STOP + AT_CLEANUP + + AT_SETUP([conntrack - SNAT with port range with exhaustion]) ++OVS_CHECK_GITHUB_ACTION() + CHECK_CONNTRACK() + CHECK_CONNTRACK_NAT() + OVS_TRAFFIC_VSWITCHD_START() +@@ -8389,6 +8390,53 @@ AT_CHECK([ovs-pcap client.pcap | grep 000000002010000000002000], [0], [dnl + OVS_TRAFFIC_VSWITCHD_STOP + AT_CLEANUP + ++AT_SETUP([conntrack - Flush many conntrack entries by port]) ++CHECK_CONNTRACK() ++OVS_TRAFFIC_VSWITCHD_START() ++ ++ADD_NAMESPACES(at_ns0, at_ns1) ++ ++ADD_VETH(p0, at_ns0, br0, "10.1.1.1/24") ++ADD_VETH(p1, at_ns1, br0, "10.1.1.2/24") ++ ++AT_DATA([flows.txt], [dnl ++priority=100,in_port=1,udp,action=ct(zone=1,commit),2 ++]) ++ ++AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt]) ++ ++dnl 20 packets from port 1 and 1 packet from port 2. ++flow_l3="\ ++ eth_src=50:54:00:00:00:09,eth_dst=50:54:00:00:00:0a,dl_type=0x0800,\ ++ nw_src=10.1.1.1,nw_dst=10.1.1.2,nw_proto=17,nw_ttl=64,nw_frag=no" ++ ++for i in $(seq 1 20); do ++ frame=$(ovs-ofctl compose-packet --bare "$flow_l3, udp_src=1,udp_dst=$i") ++ AT_CHECK([ovs-ofctl -O OpenFlow13 packet-out br0 "in_port=1 packet=$frame actions=resubmit(,0)"]) ++done ++frame=$(ovs-ofctl compose-packet --bare "$flow_l3, udp_src=2,udp_dst=1") ++AT_CHECK([ovs-ofctl -O OpenFlow13 packet-out br0 "in_port=1 packet=$frame actions=resubmit(,0)"]) ++ ++: > conntrack ++ ++for i in $(seq 1 20); do ++ echo "udp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=1,dport=${i}),reply=(src=10.1.1.2,dst=10.1.1.1,sport=${i},dport=1),zone=1" >> conntrack ++done ++echo "udp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=2,dport=1),reply=(src=10.1.1.2,dst=10.1.1.1,sport=1,dport=2),zone=1" >> conntrack ++ ++sort conntrack > expout ++ ++AT_CHECK([ovs-appctl dpctl/dump-conntrack zone=1 | grep -F "src=10.1.1.1," | sort ], [0], [expout]) ++ ++dnl Check that flushing conntrack by port 1 flush all ct for port 1 but keeps ct for port 2. ++AT_CHECK([ovs-appctl dpctl/flush-conntrack zone=1 'ct_nw_proto=17,ct_tp_src=1']) ++AT_CHECK([ovs-appctl dpctl/dump-conntrack zone=1 | grep -F "src=10.1.1.1," | sort ], [0], [dnl ++udp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=2,dport=1),reply=(src=10.1.1.2,dst=10.1.1.1,sport=1,dport=2),zone=1 ++]) ++ ++OVS_TRAFFIC_VSWITCHD_STOP ++AT_CLEANUP ++ + AT_BANNER([IGMP]) + + AT_SETUP([IGMP - flood under normal action]) +diff --git a/tests/tunnel-push-pop-ipv6.at b/tests/tunnel-push-pop-ipv6.at +index a8dd28c5b5..3f2cf84292 100644 +--- a/tests/tunnel-push-pop-ipv6.at ++++ b/tests/tunnel-push-pop-ipv6.at +@@ -19,11 +19,12 @@ AT_CHECK([ovs-vsctl add-port int-br3 t3 -- set Interface t3 type=srv6 \ + options:srv6_flowlabel=compute \ + ], [0]) + +-dnl First setup dummy interface IP address, then add the route +-dnl so that tnl-port table can get valid IP address for the device. ++dnl Setup dummy interface IP address. + AT_CHECK([ovs-appctl netdev-dummy/ip6addr br0 2001:cafe::88/24], [0], [OK + ]) +-AT_CHECK([ovs-appctl ovs/route/add 2001:cafe::0/24 br0], [0], [OK ++dnl Checking that a local routes for added IPs were successfully installed. ++AT_CHECK([ovs-appctl ovs/route/show | grep Cached], [0], [dnl ++Cached: 2001:ca00::/24 dev br0 SRC 2001:cafe::88 local + ]) + AT_CHECK([ovs-appctl tnl/neigh/set br0 2001:cafe::91 aa:55:aa:55:00:01], [0], [OK + ]) +@@ -105,13 +106,15 @@ dummy@ovs-dummy: hit:0 missed:0 + t2 2/6: (ip6gre: remote_ip=2001:cafe::92) + ]) + +-dnl First setup dummy interface IP address, then add the route +-dnl so that tnl-port table can get valid IP address for the device. ++dnl Setup dummy interface IP addresses. + AT_CHECK([ovs-appctl netdev-dummy/ip6addr br0 2001:cafe::88/24], [0], [OK + ]) + AT_CHECK([ovs-appctl netdev-dummy/ip4addr br0 1.1.2.88/24], [0], [OK + ]) +-AT_CHECK([ovs-appctl ovs/route/add 2001:cafe::92/24 br0], [0], [OK ++dnl Checking that a local routes for added IPs were successfully installed. ++AT_CHECK([ovs-appctl ovs/route/show | grep Cached | sort], [0], [dnl ++Cached: 1.1.2.0/24 dev br0 SRC 1.1.2.88 local ++Cached: 2001:ca00::/24 dev br0 SRC 2001:cafe::88 local + ]) + + AT_CHECK([ovs-ofctl add-flow br0 action=normal]) +@@ -179,13 +182,15 @@ dummy@ovs-dummy: hit:0 missed:0 + t3 3/6: (ip6erspan: erspan_dir=1, erspan_hwid=0x7, erspan_ver=2, key=567, remote_ip=2001:cafe::93) + ]) + +-dnl First setup dummy interface IP address, then add the route +-dnl so that tnl-port table can get valid IP address for the device. ++dnl Setup dummy interface IP addresses. + AT_CHECK([ovs-appctl netdev-dummy/ip6addr br0 2001:cafe::88/24], [0], [OK + ]) + AT_CHECK([ovs-appctl netdev-dummy/ip4addr br0 1.1.2.88/24], [0], [OK + ]) +-AT_CHECK([ovs-appctl ovs/route/add 2001:cafe::92/24 br0], [0], [OK ++dnl Checking that a local routes for added IPs were successfully installed. ++AT_CHECK([ovs-appctl ovs/route/show | grep Cached | sort], [0], [dnl ++Cached: 1.1.2.0/24 dev br0 SRC 1.1.2.88 local ++Cached: 2001:ca00::/24 dev br0 SRC 2001:cafe::88 local + ]) + + AT_CHECK([ovs-ofctl add-flow br0 action=normal]) +@@ -316,14 +321,15 @@ srv6_sys (6) ref_cnt=1 + vxlan_sys_4789 (4789) ref_cnt=2 + ]) + +- +-dnl First setup dummy interface IP address, then add the route +-dnl so that tnl-port table can get valid IP address for the device. ++dnl Setup dummy interface IP addresses. + AT_CHECK([ovs-appctl netdev-dummy/ip6addr br0 2001:cafe::88/24], [0], [OK + ]) + AT_CHECK([ovs-appctl netdev-dummy/ip4addr br0 1.1.2.88/24], [0], [OK + ]) +-AT_CHECK([ovs-appctl ovs/route/add 2001:cafe::92/24 br0], [0], [OK ++dnl Checking that a local routes for added IPs were successfully installed. ++AT_CHECK([ovs-appctl ovs/route/show | grep Cached | sort], [0], [dnl ++Cached: 1.1.2.0/24 dev br0 SRC 1.1.2.88 local ++Cached: 2001:ca00::/24 dev br0 SRC 2001:cafe::88 local + ]) + + AT_CHECK([ovs-ofctl add-flow br0 action=normal]) +@@ -636,3 +642,87 @@ Listening ports: + + OVS_VSWITCHD_STOP + AT_CLEANUP ++ ++AT_SETUP([tunnel_push_pop_ipv6 - local_ip configuration]) ++ ++OVS_VSWITCHD_START( ++ [add-port br0 p0 \ ++ -- set Interface p0 type=dummy ofport_request=1 \ ++ other-config:hwaddr=aa:55:aa:55:00:00]) ++AT_CHECK([ovs-appctl vlog/set dpif_netdev:dbg]) ++AT_CHECK([ovs-vsctl add-br int-br -- set bridge int-br datapath_type=dummy]) ++AT_CHECK([ovs-vsctl add-port int-br t2 \ ++ -- set Interface t2 type=geneve \ ++ options:local_ip=2001:beef::88 \ ++ options:remote_ip=2001:cafe::92 \ ++ options:key=123 ofport_request=2]) ++ ++dnl Setup multiple IP addresses. ++AT_CHECK([ovs-appctl netdev-dummy/ip6addr br0 2001:cafe::88/64], [0], [OK ++]) ++AT_CHECK([ovs-appctl netdev-dummy/ip6addr br0 2001:beef::88/64], [0], [OK ++]) ++dnl Checking that a local route for added IP was successfully installed. ++AT_CHECK([ovs-appctl ovs/route/show | grep Cached | sort], [0], [dnl ++Cached: 2001:beef::/64 dev br0 SRC 2001:beef::88 local ++Cached: 2001:cafe::/64 dev br0 SRC 2001:cafe::88 local ++]) ++AT_CHECK([ovs-ofctl add-flow br0 action=normal]) ++AT_CHECK([ovs-ofctl add-flow int-br action=normal]) ++ ++dnl This Neighbor Advertisement from p0 has two effects: ++dnl 1. The neighbor cache will learn that 2001:cafe::92 is at f8:bc:12:44:34:b6. ++dnl 2. The br0 mac learning will learn that f8:bc:12:44:34:b6 is on p0. ++AT_CHECK([ovs-appctl netdev-dummy/receive p0 dnl ++ 'recirc_id(0),in_port(1),dnl ++ eth(src=f8:bc:12:44:34:b6,dst=aa:55:aa:55:00:00),eth_type(0x86dd),dnl ++ ipv6(src=2001:cafe::92,dst=2001:cafe::88,label=0,proto=58,tclass=0,hlimit=255,frag=no),dnl ++ icmpv6(type=136,code=0),dnl ++ nd(target=2001:cafe::92,sll=00:00:00:00:00:00,tll=f8:bc:12:44:34:b6)' ++]) ++ ++dnl Check that local_ip is used for encapsulation in the trace. ++AT_CHECK([ovs-appctl ofproto/trace int-br in_port=LOCAL \ ++ | grep -E 'tunnel|actions'], [0], [dnl ++ -> output to native tunnel ++ -> tunneling to 2001:cafe::92 via br0 ++ -> tunneling from aa:55:aa:55:00:00 2001:beef::88 to f8:bc:12:44:34:b6 2001:cafe::92 ++Datapath actions: tnl_push(tnl_port(6081),header(size=70,type=5,dnl ++eth(dst=f8:bc:12:44:34:b6,src=aa:55:aa:55:00:00,dl_type=0x86dd),dnl ++ipv6(src=2001:beef::88,dst=2001:cafe::92,label=0,proto=17,tclass=0x0,hlimit=64),dnl ++udp(src=0,dst=6081,csum=0xffff),geneve(vni=0x7b)),out_port(100)),1 ++]) ++ ++dnl Now check that the packet actually has the local_ip in the header. ++AT_CHECK([ovs-vsctl -- set Interface p0 options:tx_pcap=p0.pcap]) ++ ++packet=50540000000a5054000000091234 ++eth=f8bc124434b6aa55aa55000086dd ++ip6=60000000001e11402001beef0000000000000000000000882001cafe000000000000000000000092 ++dnl Source port is based on a packet hash, so it may differ depending on the ++dnl compiler flags and CPU type. Same for UDP checksum. Masked with '....'. ++udp=....17c1001e.... ++geneve=0000655800007b00 ++encap=${eth}${ip6}${udp}${geneve} ++dnl Output to tunnel from a int-br internal port. ++dnl Checking that the packet arrived and it was correctly encapsulated. ++AT_CHECK([ovs-appctl netdev-dummy/receive int-br "${packet}"]) ++OVS_WAIT_UNTIL([test $(ovs-pcap p0.pcap | grep -c "${encap}${packet}") -eq 1]) ++dnl Sending again to exercise the non-miss upcall path. ++AT_CHECK([ovs-appctl netdev-dummy/receive int-br "${packet}"]) ++OVS_WAIT_UNTIL([test $(ovs-pcap p0.pcap | grep -c "${encap}${packet}") -eq 2]) ++ ++dnl Finally, checking that the datapath flow also has a local_ip. ++AT_CHECK([ovs-appctl dpctl/dump-flows | grep tnl_push \ ++ | strip_ufid | strip_used], [0], [dnl ++recirc_id(0),in_port(2),packet_type(ns=0,id=0),dnl ++eth(src=50:54:00:00:00:09,dst=50:54:00:00:00:0a),eth_type(0x1234), dnl ++packets:1, bytes:14, used:0.0s, dnl ++actions:tnl_push(tnl_port(6081),header(size=70,type=5,dnl ++eth(dst=f8:bc:12:44:34:b6,src=aa:55:aa:55:00:00,dl_type=0x86dd),dnl ++ipv6(src=2001:beef::88,dst=2001:cafe::92,label=0,proto=17,tclass=0x0,hlimit=64),dnl ++udp(src=0,dst=6081,csum=0xffff),geneve(vni=0x7b)),out_port(100)),1 ++]) ++ ++OVS_VSWITCHD_STOP ++AT_CLEANUP +diff --git a/tests/tunnel-push-pop.at b/tests/tunnel-push-pop.at +index b1440f5904..97405636f9 100644 +--- a/tests/tunnel-push-pop.at ++++ b/tests/tunnel-push-pop.at +@@ -30,17 +30,15 @@ dummy@ovs-dummy: hit:0 missed:0 + t4 5/3: (erspan: erspan_dir=flow, erspan_hwid=flow, erspan_idx=flow, erspan_ver=flow, key=56, remote_ip=flow) + ]) + +-dnl First setup dummy interface IP address, then add the route +-dnl so that tnl-port table can get valid IP address for the device. ++dnl Setup dummy interface IP addresses. + AT_CHECK([ovs-appctl netdev-dummy/ip4addr br0 1.1.2.88/24], [0], [OK + ]) + AT_CHECK([ovs-appctl netdev-dummy/ip6addr br0 2001:cafe::88/24], [0], [OK + ]) +- +-AT_CHECK([ovs-appctl ovs/route/add 1.1.2.92/24 br0], [0], [OK +-]) +- +-AT_CHECK([ovs-appctl ovs/route/add 1.1.2.92/24 br0 pkt_mark=1234], [0], [OK ++dnl Checking that a local routes for added IPs were successfully installed. ++AT_CHECK([ovs-appctl ovs/route/show | grep Cached | sort], [0], [dnl ++Cached: 1.1.2.0/24 dev br0 SRC 1.1.2.88 local ++Cached: 2001:ca00::/24 dev br0 SRC 2001:cafe::88 local + ]) + + AT_CHECK([ovs-ofctl add-flow br0 action=normal]) +@@ -237,18 +235,21 @@ dummy@ovs-dummy: hit:0 missed:0 + t8 9/2152: (gtpu: key=123, remote_ip=1.1.2.92) + ]) + +-dnl First setup dummy interface IP address, then add the route +-dnl so that tnl-port table can get valid IP address for the device. ++dnl Setup dummy interface IP addresses. + AT_CHECK([ovs-appctl netdev-dummy/ip4addr br0 1.1.2.88/24], [0], [OK + ]) + AT_CHECK([ovs-appctl netdev-dummy/ip6addr br0 2001:cafe::88/24], [0], [OK + ]) +- +-AT_CHECK([ovs-appctl ovs/route/add 1.1.2.92/24 br0], [0], [OK +-]) +- ++dnl Add a static route with a mark. + AT_CHECK([ovs-appctl ovs/route/add 1.1.2.92/24 br0 pkt_mark=1234], [0], [OK + ]) ++dnl Checking that local routes for added IPs and the static route with a mark ++dnl were successfully installed. ++AT_CHECK([ovs-appctl ovs/route/show | grep br0 | sort], [0], [dnl ++Cached: 1.1.2.0/24 dev br0 SRC 1.1.2.88 local ++Cached: 2001:ca00::/24 dev br0 SRC 2001:cafe::88 local ++User: 1.1.2.0/24 MARK 1234 dev br0 SRC 1.1.2.88 ++]) + + AT_CHECK([ovs-ofctl add-flow br0 action=normal]) + +@@ -690,12 +691,12 @@ AT_CHECK([ovs-vsctl add-port int-br t2 -- set Interface t2 type=geneve \ + options:remote_ip=1.1.2.92 options:key=123 ofport_request=2 \ + ]) + +-dnl First setup dummy interface IP address, then add the route +-dnl so that tnl-port table can get valid IP address for the device. ++dnl Setup dummy interface IP address. + AT_CHECK([ovs-appctl netdev-dummy/ip4addr br0 1.1.2.88/24], [0], [OK + ]) +- +-AT_CHECK([ovs-appctl ovs/route/add 1.1.2.92/24 br0], [0], [OK ++dnl Checking that a local route for added IP was successfully installed. ++AT_CHECK([ovs-appctl ovs/route/show | grep Cached], [0], [dnl ++Cached: 1.1.2.0/24 dev br0 SRC 1.1.2.88 local + ]) + + AT_CHECK([ovs-ofctl add-flow br0 action=normal]) +@@ -731,11 +732,12 @@ AT_CHECK([ovs-vsctl add-port int-br t2 dnl + -- set Interface t2 type=geneve options:remote_ip=1.1.2.92 dnl + options:key=123 ofport_request=2]) + +-dnl First setup dummy interface IP address, then add the route +-dnl so that tnl-port table can get valid IP address for the device. ++dnl Setup dummy interface IP address. + AT_CHECK([ovs-appctl netdev-dummy/ip4addr br0 1.1.2.88/24], [0], [OK + ]) +-AT_CHECK([ovs-appctl ovs/route/add 1.1.2.92/24 br0], [0], [OK ++dnl Checking that a local route for added IP was successfully installed. ++AT_CHECK([ovs-appctl ovs/route/show | grep Cached], [0], [dnl ++Cached: 1.1.2.0/24 dev br0 SRC 1.1.2.88 local + ]) + AT_CHECK([ovs-ofctl add-flow br0 action=normal]) + +@@ -777,6 +779,88 @@ AT_CHECK([ovs-appctl dpctl/dump-flows | grep -q 'slow_path(action)'], [0]) + OVS_VSWITCHD_STOP + AT_CLEANUP + ++AT_SETUP([tunnel_push_pop - local_ip configuration]) ++ ++OVS_VSWITCHD_START( ++ [add-port br0 p0 \ ++ -- set Interface p0 type=dummy ofport_request=1 \ ++ other-config:hwaddr=aa:55:aa:55:00:00]) ++AT_CHECK([ovs-appctl vlog/set dpif_netdev:dbg]) ++AT_CHECK([ovs-vsctl add-br int-br -- set bridge int-br datapath_type=dummy]) ++AT_CHECK([ovs-vsctl add-port int-br t2 \ ++ -- set Interface t2 type=geneve \ ++ options:local_ip=2.2.2.88 \ ++ options:remote_ip=1.1.2.92 \ ++ options:key=123 ofport_request=2]) ++ ++dnl Setup multiple IP addresses. ++AT_CHECK([ovs-appctl netdev-dummy/ip4addr br0 1.1.2.88/24], [0], [OK ++]) ++AT_CHECK([ovs-appctl netdev-dummy/ip4addr br0 2.2.2.88/24], [0], [OK ++]) ++dnl Checking that a local route for added IP was successfully installed. ++AT_CHECK([ovs-appctl ovs/route/show | grep Cached | sort], [0], [dnl ++Cached: 1.1.2.0/24 dev br0 SRC 1.1.2.88 local ++Cached: 2.2.2.0/24 dev br0 SRC 2.2.2.88 local ++]) ++AT_CHECK([ovs-ofctl add-flow br0 action=normal]) ++AT_CHECK([ovs-ofctl add-flow int-br action=normal]) ++ ++dnl This ARP reply from p0 has two effects: ++dnl 1. The ARP cache will learn that 1.1.2.92 is at f8:bc:12:44:34:b6. ++dnl 2. The br0 mac learning will learn that f8:bc:12:44:34:b6 is on p0. ++AT_CHECK([ovs-appctl netdev-dummy/receive p0 dnl ++ 'recirc_id(0),in_port(1),dnl ++ eth(src=f8:bc:12:44:34:b6,dst=ff:ff:ff:ff:ff:ff),eth_type(0x0806),dnl ++ arp(sip=1.1.2.92,tip=1.1.2.88,op=2,sha=f8:bc:12:44:34:b6,tha=00:00:00:00:00:00)' ++]) ++ ++dnl Check that local_ip is used for encapsulation in the trace. ++AT_CHECK([ovs-appctl ofproto/trace int-br in_port=LOCAL \ ++ | grep -E 'tunnel|actions'], [0], [dnl ++ -> output to native tunnel ++ -> tunneling to 1.1.2.92 via br0 ++ -> tunneling from aa:55:aa:55:00:00 2.2.2.88 to f8:bc:12:44:34:b6 1.1.2.92 ++Datapath actions: tnl_push(tnl_port(6081),header(size=50,type=5,dnl ++eth(dst=f8:bc:12:44:34:b6,src=aa:55:aa:55:00:00,dl_type=0x0800),dnl ++ipv4(src=2.2.2.88,dst=1.1.2.92,proto=17,tos=0,ttl=64,frag=0x4000),dnl ++udp(src=0,dst=6081,csum=0x0),geneve(vni=0x7b)),out_port(100)),1 ++]) ++ ++dnl Now check that the packet actually has the local_ip in the header. ++AT_CHECK([ovs-vsctl -- set Interface p0 options:tx_pcap=p0.pcap]) ++ ++packet=50540000000a5054000000091234 ++eth=f8bc124434b6aa55aa5500000800 ++ip4=450000320000400040113305020202580101025c ++dnl Source port is based on a packet hash, so it may differ depending on the ++dnl compiler flags and CPU type. Masked with '....'. ++udp=....17c1001e0000 ++geneve=0000655800007b00 ++encap=${eth}${ip4}${udp}${geneve} ++dnl Output to tunnel from a int-br internal port. ++dnl Checking that the packet arrived and it was correctly encapsulated. ++AT_CHECK([ovs-appctl netdev-dummy/receive int-br "${packet}"]) ++OVS_WAIT_UNTIL([test $(ovs-pcap p0.pcap | grep -c "${encap}${packet}") -eq 1]) ++dnl Sending again to exercise the non-miss upcall path. ++AT_CHECK([ovs-appctl netdev-dummy/receive int-br "${packet}"]) ++OVS_WAIT_UNTIL([test $(ovs-pcap p0.pcap | grep -c "${encap}${packet}") -eq 2]) ++ ++dnl Finally, checking that the datapath flow also has a local_ip. ++AT_CHECK([ovs-appctl dpctl/dump-flows | grep tnl_push \ ++ | strip_ufid | strip_used], [0], [dnl ++recirc_id(0),in_port(2),packet_type(ns=0,id=0),dnl ++eth(src=50:54:00:00:00:09,dst=50:54:00:00:00:0a),eth_type(0x1234), dnl ++packets:1, bytes:14, used:0.0s, dnl ++actions:tnl_push(tnl_port(6081),header(size=50,type=5,dnl ++eth(dst=f8:bc:12:44:34:b6,src=aa:55:aa:55:00:00,dl_type=0x0800),dnl ++ipv4(src=2.2.2.88,dst=1.1.2.92,proto=17,tos=0,ttl=64,frag=0x4000),dnl ++udp(src=0,dst=6081,csum=0x0),geneve(vni=0x7b)),out_port(100)),1 ++]) ++ ++OVS_VSWITCHD_STOP ++AT_CLEANUP ++ + AT_SETUP([tunnel_push_pop - underlay bridge match]) + + OVS_VSWITCHD_START([add-port br0 p0 -- set Interface p0 type=dummy ofport_request=1 other-config:hwaddr=aa:55:aa:55:00:00]) +@@ -796,8 +880,11 @@ dummy@ovs-dummy: hit:0 missed:0 + + AT_CHECK([ovs-appctl netdev-dummy/ip4addr br0 1.1.2.88/24], [0], [OK + ]) +-AT_CHECK([ovs-appctl ovs/route/add 1.1.2.92/24 br0], [0], [OK ++dnl Checking that a local route for added IP was successfully installed. ++AT_CHECK([ovs-appctl ovs/route/show | grep Cached], [0], [dnl ++Cached: 1.1.2.0/24 dev br0 SRC 1.1.2.88 local + ]) ++ + AT_CHECK([ovs-ofctl add-flow br0 'arp,priority=1,action=normal']) + + dnl Use arp reply to achieve tunnel next hop mac binding +@@ -840,11 +927,12 @@ AT_CHECK([ovs-vsctl add-port int-br t2 dnl + -- set Interface t2 type=geneve options:remote_ip=1.1.2.92 dnl + options:key=123 ofport_request=2]) + +-dnl First setup dummy interface IP address, then add the route +-dnl so that tnl-port table can get valid IP address for the device. ++dnl Setup dummy interface IP address. + AT_CHECK([ovs-appctl netdev-dummy/ip4addr br0 1.1.2.88/24], [0], [OK + ]) +-AT_CHECK([ovs-appctl ovs/route/add 1.1.2.92/24 br0], [0], [OK ++dnl Checking that a local route for added IP was successfully installed. ++AT_CHECK([ovs-appctl ovs/route/show | grep Cached], [0], [dnl ++Cached: 1.1.2.0/24 dev br0 SRC 1.1.2.88 local + ]) + AT_CHECK([ovs-ofctl add-flow br0 action=normal]) + +@@ -908,10 +996,12 @@ AT_CHECK([ovs-vsctl set port p8 tag=42 dnl + -- set port br0 tag=42 dnl + -- set port p7 tag=200]) + +-dnl Set IP address and route for br0. ++dnl Set an IP address for br0. + AT_CHECK([ovs-appctl netdev-dummy/ip4addr br0 10.0.0.2/24], [0], [OK + ]) +-AT_CHECK([ovs-appctl ovs/route/add 10.0.0.11/24 br0], [0], [OK ++dnl Checking that a local route for added IP was successfully installed. ++AT_CHECK([ovs-appctl ovs/route/show | grep Cached], [0], [dnl ++Cached: 10.0.0.0/24 dev br0 SRC 10.0.0.2 local + ]) + + dnl Send an ARP reply to port b8 on br0, so that packets will be forwarded +@@ -953,10 +1043,12 @@ AT_CHECK([ovs-vsctl add-port ovs-tun0 tun0 dnl + -- add-port ovs-tun0 p7 dnl + -- set interface p7 type=dummy ofport_request=7]) + +-dnl Set IP address and route for br0. ++dnl Set an IP address for br0. + AT_CHECK([ovs-appctl netdev-dummy/ip4addr br0 10.0.0.2/24], [0], [OK + ]) +-AT_CHECK([ovs-appctl ovs/route/add 10.0.0.11/24 br0], [0], [OK ++dnl Checking that a local route for added IP was successfully installed. ++AT_CHECK([ovs-appctl ovs/route/show | grep Cached], [0], [dnl ++Cached: 10.0.0.0/24 dev br0 SRC 10.0.0.2 local + ]) + + dnl Send an ARP reply to port b8 on br0, so that packets will be forwarded +@@ -993,3 +1085,81 @@ udp(src=0,dst=4789,csum=0x0),vxlan(flags=0x8000000,vni=0x0)),out_port(100)),8),7 + + OVS_VSWITCHD_STOP + AT_CLEANUP ++ ++AT_SETUP([tunnel_push_pop - use non-local port as tunnel endpoint]) ++ ++OVS_VSWITCHD_START([add-port br0 p0 \ ++ -- set Interface p0 type=dummy ofport_request=1]) ++ ++dnl Adding another port separately to ensure that it gets an ++dnl aa:55:aa:55:00:03 MAC address (dummy port number 3). ++AT_CHECK([ovs-vsctl add-port br0 vtep0 \ ++ -- set interface vtep0 type=dummy ofport_request=2]) ++AT_CHECK([ovs-vsctl \ ++ -- add-br int-br \ ++ -- set bridge int-br datapath_type=dummy \ ++ -- set Interface int-br ofport_request=3]) ++AT_CHECK([ovs-vsctl \ ++ -- add-port int-br t1 \ ++ -- set Interface t1 type=gre ofport_request=4 \ ++ options:remote_ip=1.1.2.92 ++]) ++ ++AT_CHECK([ovs-appctl dpif/show], [0], [dnl ++dummy@ovs-dummy: hit:0 missed:0 ++ br0: ++ br0 65534/100: (dummy-internal) ++ p0 1/1: (dummy) ++ vtep0 2/2: (dummy) ++ int-br: ++ int-br 65534/3: (dummy-internal) ++ t1 4/4: (gre: remote_ip=1.1.2.92) ++]) ++ ++AT_CHECK([ovs-appctl netdev-dummy/ip4addr vtep0 1.1.2.88/24], [0], [OK ++]) ++dnl Checking that a local route for added IP was successfully installed. ++AT_CHECK([ovs-appctl ovs/route/show | grep Cached], [0], [dnl ++Cached: 1.1.2.0/24 dev vtep0 SRC 1.1.2.88 local ++]) ++ ++AT_CHECK([ovs-ofctl add-flow br0 action=normal]) ++AT_CHECK([ovs-ofctl add-flow int-br action=normal]) ++ ++dnl Use arp request and reply to achieve tunnel next hop mac binding. ++dnl By default, vtep0's MAC address is aa:55:aa:55:00:03. ++AT_CHECK([ovs-appctl netdev-dummy/receive vtep0 'recirc_id(0),in_port(2),dnl ++ eth(dst=ff:ff:ff:ff:ff:ff,src=aa:55:aa:55:00:03),eth_type(0x0806),dnl ++ arp(tip=1.1.2.92,sip=1.1.2.88,op=1,sha=aa:55:aa:55:00:03,tha=00:00:00:00:00:00)']) ++AT_CHECK([ovs-appctl netdev-dummy/receive p0 'recirc_id(0),in_port(1),dnl ++ eth(src=f8:bc:12:44:34:b6,dst=aa:55:aa:55:00:03),eth_type(0x0806),dnl ++ arp(sip=1.1.2.92,tip=1.1.2.88,op=2,sha=f8:bc:12:44:34:b6,tha=aa:55:aa:55:00:03)']) ++ ++AT_CHECK([ovs-appctl tnl/neigh/show | tail -n+3 | sort], [0], [dnl ++1.1.2.92 f8:bc:12:44:34:b6 br0 ++]) ++ ++dnl Check GRE tunnel pop. ++AT_CHECK([ovs-appctl ofproto/trace ovs-dummy 'in_port(1),dnl ++ eth(src=f8:bc:12:44:34:b6,dst=aa:55:aa:55:00:03),eth_type(0x0800),dnl ++ ipv4(src=1.1.2.92,dst=1.1.2.88,proto=47,tos=0,ttl=64,frag=no)'], ++[0], [stdout]) ++ ++AT_CHECK([tail -1 stdout], [0], ++ [Datapath actions: tnl_pop(4) ++]) ++ ++dnl Check GRE tunnel push. ++AT_CHECK([ovs-appctl ofproto/trace ovs-dummy 'in_port(3),dnl ++ eth(dst=f9:bc:12:44:34:b6,src=af:55:aa:55:00:03),eth_type(0x0800),dnl ++ ipv4(src=1.1.3.88,dst=1.1.3.92,proto=1,tos=0,ttl=64,frag=no)'], ++[0], [stdout]) ++AT_CHECK([tail -1 stdout], [0], ++ [Datapath actions: tnl_push(tnl_port(4),header(size=38,type=3,dnl ++eth(dst=f8:bc:12:44:34:b6,src=aa:55:aa:55:00:03,dl_type=0x0800),dnl ++ipv4(src=1.1.2.88,dst=1.1.2.92,proto=47,tos=0,ttl=64,frag=0x4000),dnl ++gre((flags=0x0,proto=0x6558))),out_port(2)),1 ++]) ++ ++OVS_VSWITCHD_STOP ++AT_CLEANUP +diff --git a/tests/tunnel.at b/tests/tunnel.at +index 282651ac73..71e7c2df4e 100644 +--- a/tests/tunnel.at ++++ b/tests/tunnel.at +@@ -524,11 +524,12 @@ dummy@ovs-dummy: hit:0 missed:0 + v2 3/3: (dummy-internal) + ]) + +-dnl First setup dummy interface IP address, then add the route +-dnl so that tnl-port table can get valid IP address for the device. ++dnl Setup dummy interface IP address. + AT_CHECK([ovs-appctl netdev-dummy/ip4addr br0 172.31.1.1/24], [0], [OK + ]) +-AT_CHECK([ovs-appctl ovs/route/add 172.31.1.0/24 br0], [0], [OK ++dnl Checking that a local route for added IP was successfully installed. ++AT_CHECK([ovs-appctl ovs/route/show | grep Cached], [0], [dnl ++Cached: 172.31.1.0/24 dev br0 SRC 172.31.1.1 local + ]) + + dnl change the flow table to bump the internal table version +@@ -1276,15 +1277,12 @@ OVS_VSWITCHD_START([add-port br0 p1 -- set Interface p1 type=dummy \ + ofport_request=2]) + OVS_VSWITCHD_DISABLE_TUNNEL_PUSH_POP + +-dnl First setup dummy interface IP address, then add the route +-dnl so that tnl-port table can get valid IP address for the device. ++dnl Setup dummy interface IP address. + AT_CHECK([ovs-appctl netdev-dummy/ip6addr br0 fc00::1/64], [0], [OK + ]) +-AT_CHECK([ovs-appctl ovs/route/add fc00::0/64 br0], [0], [OK +-]) +-AT_CHECK([ovs-appctl ovs/route/show], [0], [dnl +-Route Table: +-User: fc00::/64 dev br0 SRC fc00::1 ++dnl Checking that a local route for added IP was successfully installed. ++AT_CHECK([ovs-appctl ovs/route/show | grep Cached], [0], [dnl ++Cached: fc00::/64 dev br0 SRC fc00::1 local + ]) + + AT_DATA([flows.txt], [dnl +diff --git a/utilities/ovs-pki.in b/utilities/ovs-pki.in +index e0ba910f94..285018e41e 100755 +--- a/utilities/ovs-pki.in ++++ b/utilities/ovs-pki.in +@@ -57,6 +57,77 @@ FreeBSD|NetBSD|Darwin) + ;; + esac + ++case $(uname -s) in ++MINGW*|MSYS*) ++ chmod() ++ { ++ local PERM=$1 ++ local FILE=$2 ++ local INH= ++ ++ if test -d "${FILE}"; then ++ # Inheritance rules for folders: apply to a folder itself, ++ # subfolders and files within. ++ INH='(OI)(CI)' ++ fi ++ ++ case "${PERM}" in ++ *700 | *600) ++ # Reset all own and inherited ACEs and grant full access to the ++ # "Creator Owner". We're giving full access even for 0600, ++ # because it doesn't matter for a use case of ovs-pki. ++ icacls "${FILE}" /inheritance:r /grant:r "*S-1-3-0:${INH}F" ++ ;; ++ *750) ++ # Reset all own and inherited ACEs, grant full access to the ++ # "Creator Owner" and a read+execute access to the "Creator Group". ++ icacls "${FILE}" /inheritance:r /grant:r \ ++ "*S-1-3-0:${INH}F" "*S-1-3-1:${INH}RX" ++ ;; ++ *) ++ echo >&2 "Unable to set ${PERM} mode for ${FILE}." ++ exit 1 ++ ;; ++ esac ++ } ++ ++ mkdir() ++ { ++ ARG_P= ++ PERM= ++ for arg; do ++ shift ++ case ${arg} in ++ -m?*) ++ PERM=${arg#??} ++ continue ++ ;; ++ -m) ++ PERM=$1 ++ shift ++ continue ++ ;; ++ -p) ++ ARG_P=-p ++ continue ++ ;; ++ *) ++ set -- "$@" "${arg}" ++ ;; ++ esac ++ done ++ ++ command mkdir ${ARG_P} $@ ++ if [ ${PERM} ]; then ++ for dir; do ++ shift ++ chmod ${PERM} ${dir} ++ done ++ fi ++ } ++ ;; ++esac ++ + for option; do + # This option-parsing mechanism borrowed from a Autoconf-generated + # configure script under the following license: +@@ -466,14 +537,24 @@ CN = $cn + [ v3_req ] + subjectAltName = DNS:$cn + EOF ++ # It is important to create private keys in $TMP because umask doesn't ++ # work on Windows and permissions there are inherited from the folder. ++ # umask itself is still needed though to ensure correct permissions ++ # on non-Windows platforms. + if test $keytype = rsa; then +- (umask 077 && openssl genrsa -out "$1-privkey.pem" $bits) 1>&3 2>&3 \ +- || exit $? ++ (umask 077 && openssl genrsa -out "$TMP/privkey.pem" $bits) \ ++ 1>&3 2>&3 || exit $? + else + must_exist "$dsaparam" +- (umask 077 && openssl gendsa -out "$1-privkey.pem" "$dsaparam") \ ++ (umask 077 && openssl gendsa -out "$TMP/privkey.pem" "$dsaparam") \ + 1>&3 2>&3 || exit $? + fi ++ # Windows: applying permissions (ACEs) to the file itself, just in case. ++ # 'mv' should technically preserve all the inherited ACEs from a TMP ++ # folder, but it's better to not rely on that. ++ chmod 0600 "$TMP/privkey.pem" ++ mv "$TMP/privkey.pem" "$1-privkey.pem" ++ + openssl req -config "$TMP/req.cnf" -new -text \ + -key "$1-privkey.pem" -out "$1-req.pem" 1>&3 2>&3 + } diff --git a/SOURCES/openvswitch-hugetlbfs.sysusers b/SOURCES/openvswitch-hugetlbfs.sysusers new file mode 100644 index 0000000..08b2fb1 --- /dev/null +++ b/SOURCES/openvswitch-hugetlbfs.sysusers @@ -0,0 +1,2 @@ +#Type Name ID GECOS Home directory Shell +m openvswitch hugetlbfs diff --git a/SOURCES/openvswitch.sysusers b/SOURCES/openvswitch.sysusers new file mode 100644 index 0000000..a8d06aa --- /dev/null +++ b/SOURCES/openvswitch.sysusers @@ -0,0 +1,2 @@ +#Type Name ID GECOS Home directory Shell +u openvswitch - "Open vSwitch Daemons" / /sbin/nologin diff --git a/SPECS/openvswitch.spec b/SPECS/openvswitch.spec deleted file mode 100644 index f92412d..0000000 --- a/SPECS/openvswitch.spec +++ /dev/null @@ -1,427 +0,0 @@ -%global _hardened_build 1 - - -# This provides a way for distros that doesn't provide -# python-twisted-conch to disable building of ovsdbmonitor -# by default. You can override by passing --with ovsdbmonitor -# or --without ovsdbmonitor while building the RPM. -%define _pkg_ovsdbmonitor 0 - -%if %{?_with_ovsdbmonitor: 1}%{!?_with_ovsdbmonitor: 0} -%define with_ovsdbmonitor 1 -%else -%define with_ovsdbmonitor %{?_without_ovsdbmonitor: 0}%{!?_without_ovsdbmonitor: %{_pkg_ovsdbmonitor}} -%endif - -Name: openvswitch -Version: 2.0.0 -Release: 7%{?dist} -Summary: Open vSwitch daemon/database/utilities - -# Nearly all of openvswitch is ASL 2.0. The bugtool is LGPLv2+, and the -# lib/sflow*.[ch] files are SISSL -# datapath/ is GPLv2 (although not built into any of the binary packages) -# python/compat is Python (although not built into any of the binary packages) -License: ASL 2.0 and LGPLv2+ and SISSL -URL: http://openvswitch.org -Source0: http://openvswitch.org/releases/%{name}-%{version}.tar.gz -Source3: openvswitch.logrotate -Source6: ovsdbmonitor.desktop -Source9: README.RHEL - -Patch1: openvswitch-util-use-gcc-builtins-to-better-check-array-sizes.patch -Patch2: openvswitch-fedora-package-fix-systemd-ordering-and-deps.patch -Patch3: openvswitch-initscripts-add-tunnel-support.patch -Patch4: openvswitch-rhel-Enable-DHCP-support-for-internal-ports.patch - -ExcludeArch: ppc - -BuildRequires: systemd-units openssl openssl-devel -BuildRequires: python python-twisted-core python-zope-interface PyQt4 -BuildRequires: desktop-file-utils -BuildRequires: groff graphviz -%if %{with_ovsdbmonitor} -BuildRequires: python-twisted-conch -%endif - -Requires: openssl iproute module-init-tools - -Requires(post): systemd-units -Requires(preun): systemd-units -Requires(postun): systemd-units - -%description -Open vSwitch provides standard network bridging functions and -support for the OpenFlow protocol for remote per-flow control of -traffic. - -%package -n python-openvswitch -Summary: Open vSwitch python bindings -License: ASL 2.0 -BuildArch: noarch -Requires: python - -%description -n python-openvswitch -Python bindings for the Open vSwitch database - -%if %{with_ovsdbmonitor} -%package -n ovsdbmonitor -Summary: Open vSwitch graphical monitoring tool -License: ASL 2.0 -BuildArch: noarch -Requires: python-openvswitch = %{version}-%{release} -Requires: python python-twisted-core python-twisted-conch python-zope-interface PyQt4 - -%description -n ovsdbmonitor -A GUI tool for monitoring and troubleshooting local or remote Open -vSwitch installations. It presents GUI tables that graphically represent -an Open vSwitch kernel flow table (similar to "ovs-dpctl dump-flows") -and Open vSwitch database contents (similar to "ovs-vsctl list "). -%endif - -%package test -Summary: Open vSwitch testing utilities -License: ASL 2.0 -BuildArch: noarch -Requires: python-openvswitch = %{version}-%{release} -Requires: python python-twisted-core python-twisted-web - -%description test -Utilities that are useful to diagnose performance and connectivity -issues in Open vSwitch setup. - -%package controller -Summary: Open vSwitch OpenFlow controller -License: ASL 2.0 -Requires: openvswitch = %{version}-%{release} - -%description controller -Simple reference implementation of an OpenFlow controller for Open -vSwitch. Manages any number of remote switches over OpenFlow protocol, -causing them to function as L2 MAC-learning switches or hub. - -%prep -%setup -q -%patch1 -p1 -%patch2 -p1 -%patch3 -p1 -%patch4 -p1 - -%build -%configure --enable-ssl --with-pkidir=%{_sharedstatedir}/openvswitch/pki -make %{?_smp_mflags} - - -%install -make install DESTDIR=$RPM_BUILD_ROOT - -install -d -m 0755 $RPM_BUILD_ROOT%{_sysconfdir}/openvswitch - -install -p -D -m 0644 \ - rhel/usr_share_openvswitch_scripts_systemd_sysconfig.template \ - $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/openvswitch -install -p -D -m 0644 \ - rhel/usr_lib_systemd_system_openvswitch.service \ - $RPM_BUILD_ROOT%{_unitdir}/openvswitch.service -install -p -D -m 0644 \ - rhel/usr_lib_systemd_system_openvswitch-nonetwork.service \ - $RPM_BUILD_ROOT%{_unitdir}/openvswitch-nonetwork.service - -install -p -D -m 0755 rhel/etc_init.d_openvswitch \ - $RPM_BUILD_ROOT%{_datadir}/openvswitch/scripts/openvswitch.init - -install -p -D -m 0644 %{SOURCE3} $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/openvswitch - -install -d -m 0755 $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/network-scripts/ -install -p -m 0755 rhel/etc_sysconfig_network-scripts_ifdown-ovs \ - $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/network-scripts/ifdown-ovs -install -p -m 0755 rhel/etc_sysconfig_network-scripts_ifup-ovs \ - $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/network-scripts/ifup-ovs - -install -d -m 0755 $RPM_BUILD_ROOT/%{_sharedstatedir}/openvswitch - -install -d -m 0755 $RPM_BUILD_ROOT%{python_sitelib} -mv $RPM_BUILD_ROOT/%{_datadir}/openvswitch/python/* $RPM_BUILD_ROOT%{python_sitelib} -rmdir $RPM_BUILD_ROOT/%{_datadir}/openvswitch/python/ - -mkdir -p $RPM_BUILD_ROOT%{_docdir}/%{name}-%{version} -install -p -m 0644 %{SOURCE9} $RPM_BUILD_ROOT%{_docdir}/%{name}-%{version} - -# Get rid of stuff we don't want to make RPM happy. -rm -f \ - $RPM_BUILD_ROOT%{_sbindir}/ovs-vlan-bug-workaround \ - $RPM_BUILD_ROOT%{_mandir}/man8/ovs-vlan-bug-workaround.8 \ - $RPM_BUILD_ROOT%{_sbindir}/ovs-brcompatd \ - $RPM_BUILD_ROOT%{_mandir}/man8/ovs-brcompatd.8 - -desktop-file-install --dir=$RPM_BUILD_ROOT%{_datadir}/applications %{SOURCE6} - -%if ! %{with_ovsdbmonitor} -rm -f $RPM_BUILD_ROOT%{_bindir}/ovsdbmonitor -rm -f $RPM_BUILD_ROOT%{_mandir}/man1/ovsdbmonitor.1* -rm -rf $RPM_BUILD_ROOT%{_datadir}/ovsdbmonitor -rm -f $RPM_BUILD_ROOT%{_datadir}/applications/ovsdbmonitor.desktop -rm -rf $RPM_BUILD_ROOT%{_docdir}/ovsdbmonitor -%endif - - -%post -%if 0%{?systemd_post:1} - %systemd_post %{name}.service -%else - # Package install, not upgrade - if [ $1 -eq 1 ]; then - /bin/systemctl daemon-reload >dev/null || : - fi -%endif - -# Package with native systemd unit file is installed for the first time -%triggerun -- %{name} < 1.9.0-1 -# Save the current service runlevel info -# User must manually run systemd-sysv-convert --apply openvswitch -# to migrate them to systemd targets -/usr/bin/systemd-sysv-convert --save %{name} >/dev/null 2>&1 ||: - -# Run these because the SysV package being removed won't do them -/sbin/chkconfig --del %{name} >/dev/null 2>&1 || : -/bin/systemctl try-restart %{name}.service >/dev/null 2>&1 || : - -%preun -%if 0%{?systemd_preun:1} - %systemd_preun %{name}.service -%else - if [ $1 -eq 0 ] ; then - # Package removal, not upgrade - /bin/systemctl --no-reload disable %{name}.service >/dev/null 2>&1 || : - /bin/systemctl stop %{name}.service >/dev/null 2>&1 || : - fi -%endif - -%postun -%if 0%{?systemd_postun_with_restart:1} - %systemd_postun_with_restart %{name}.service -%else - /bin/systemctl daemon-reload >/dev/null 2>&1 || : - if [ "$1" -ge "1" ] ; then - # Package upgrade, not uninstall - /bin/systemctl try-restart %{name}.service >/dev/null 2>&1 || : - fi -%endif - -%files -%{_sysconfdir}/openvswitch/ -%config(noreplace) %{_sysconfdir}/logrotate.d/openvswitch -%config(noreplace) %{_sysconfdir}/sysconfig/openvswitch -%{_sysconfdir}/sysconfig/network-scripts/ifup-ovs -%{_sysconfdir}/sysconfig/network-scripts/ifdown-ovs -%{_unitdir}/openvswitch.service -%{_unitdir}/openvswitch-nonetwork.service -%{_bindir}/ovs-appctl -%{_bindir}/ovs-benchmark -%{_bindir}/ovs-dpctl -%{_bindir}/ovs-dpctl-top -%{_bindir}/ovs-ofctl -%{_bindir}/ovs-pcap -%{_bindir}/ovs-pki -%{_bindir}/ovs-tcpundump -%{_bindir}/ovs-vsctl -%{_bindir}/ovsdb-client -%{_bindir}/ovsdb-tool -%{_bindir}/ovs-parse-backtrace -# ovs-bugtool is LGPLv2+ -%{_sbindir}/ovs-bugtool -%{_sbindir}/ovs-vswitchd -%{_sbindir}/ovsdb-server -%{_mandir}/man1/ovs-benchmark.1* -%{_mandir}/man1/ovs-pcap.1* -%{_mandir}/man1/ovs-tcpundump.1* -%{_mandir}/man1/ovsdb-client.1* -%{_mandir}/man1/ovsdb-server.1* -%{_mandir}/man1/ovsdb-tool.1* -%{_mandir}/man5/ovs-vswitchd.conf.db.5* -%{_mandir}/man8/ovs-appctl.8* -%{_mandir}/man8/ovs-bugtool.8* -%{_mandir}/man8/ovs-ctl.8* -%{_mandir}/man8/ovs-dpctl.8* -%{_mandir}/man8/ovs-dpctl-top.8* -%{_mandir}/man8/ovs-ofctl.8* -%{_mandir}/man8/ovs-pki.8* -%{_mandir}/man8/ovs-vsctl.8* -%{_mandir}/man8/ovs-vswitchd.8* -%{_mandir}/man8/ovs-parse-backtrace.8* -# /usr/share/openvswitch/bugtool-plugins and -# /usr/share/openvswitch/scripts/ovs-bugtool* are LGPLv2+ -%{_datadir}/openvswitch/ -%{_sharedstatedir}/openvswitch -%{_docdir}/%{name}-%{version}/README.RHEL -# see COPYING for full licensing details -%doc COPYING DESIGN INSTALL.SSL NOTICE README WHY-OVS - -%files -n python-openvswitch -%{python_sitelib}/ovs -%doc COPYING - -%if %{with_ovsdbmonitor} -%files -n ovsdbmonitor -%{_bindir}/ovsdbmonitor -%{_mandir}/man1/ovsdbmonitor.1* -%{_datadir}/ovsdbmonitor -%{_datadir}/applications/ovsdbmonitor.desktop -%doc ovsdb/ovsdbmonitor/COPYING -%endif - -%files test -%{_bindir}/ovs-test -%{_bindir}/ovs-vlan-test -%{_bindir}/ovs-l3ping -%{_mandir}/man8/ovs-test.8* -%{_mandir}/man8/ovs-vlan-test.8* -%{_mandir}/man8/ovs-l3ping.8* -%{python_sitelib}/ovstest - -%files controller -%{_bindir}/ovs-controller -%{_mandir}/man8/ovs-controller.8* - - -%changelog -* Fri Jan 24 2014 Daniel Mach - 2.0.0-7 -- Mass rebuild 2014-01-24 - -* Wed Jan 15 2014 Flavio Leitner - 2.0.0-6 -- Enable DHCP support for internal ports - (upstream commit 490db96efaf89c63656b192d5ca287b0908a6c77) - -* Wed Jan 15 2014 Flavio Leitner - 2.0.0-5 -- disabled ovsdbmonitor packaging - (upstream has removed the component) - -* Wed Jan 15 2014 Flavio Leitner - 2.0.0-4 -- fedora package: fix systemd ordering and deps. - (upstream commit b49c106ef00438b1c59876dad90d00e8d6e7b627) - -* Wed Jan 15 2014 Flavio Leitner - 2.0.0-3 -- util: use gcc builtins to better check array sizes - (upstream commit 878f1972909b33f27b32ad2ded208eb465b98a9b) - -* Fri Dec 27 2013 Daniel Mach - 2.0.0-2 -- Mass rebuild 2013-12-27 - -* Mon Oct 28 2013 Flavio Leitner - 2.0.0-1 -- updated to 2.0.0 (#1023184) - -* Mon Oct 28 2013 Flavio Leitner - 1.11.0-8 -- applied upstream commit 7b75828bf5654c494a53fa57be90713c625085e2 - rhel: Option to create tunnel through ifcfg scripts. - -* Mon Oct 28 2013 Flavio Leitner - 1.11.0-7 -- applied upstream commit 32aa46891af5e173144d672e15fec7c305f9a4f3 - rhel: Set STP of a bridge during bridge creation. - -* Mon Oct 28 2013 Flavio Leitner - 1.11.0-6 -- applied upstream commit 5b56f96aaad4a55a26576e0610fb49bde448dabe - rhel: Prevent duplicate ifup calls. - -* Mon Oct 28 2013 Flavio Leitner - 1.11.0-5 -- applied upstream commit 79416011612541d103a1d396d888bb8c84eb1da4 - rhel: Return an exit value of 0 for ifup-ovs. - -* Mon Oct 28 2013 Flavio Leitner - 1.11.0-4 -- applied upstream commit 2517bad92eec7e5625bc8b248db22fdeaa5fcde9 - Added RHEL ovs-ifup STP option handling - -* Tue Oct 1 2013 Flavio Leitner - 1.11.0-3 -- don't use /var/lock/subsys with systemd (#1006412) - -* Thu Sep 19 2013 Flavio Leitner - 1.11.0-2 -- ovsdbmonitor package is optional - -* Thu Aug 29 2013 Thomas Graf - 1.11.0-1 -- Update to 1.11.0 - -* Tue Aug 13 2013 Flavio Leitner - 1.10.0-7 -- Fixed openvswitch-nonetwork to start openvswitch.service (#996804) - -* Sat Aug 03 2013 Petr Pisar - 1.10.0-6 -- Perl 5.18 rebuild - -* Tue Jul 23 2013 Thomas Graf - 1.10.0-5 -- Typo - -* Tue Jul 23 2013 Thomas Graf - 1.10.0-4 -- Spec file fixes -- Maintain local copy of sysconfig.template - -* Thu Jul 18 2013 Petr Pisar - 1.10.0-3 -- Perl 5.18 rebuild - -* Mon Jul 01 2013 Thomas Graf - 1.10.0-2 -- Enable PIE (#955181) -- Provide native systemd unit files (#818754) - -* Thu May 02 2013 Thomas Graf - 1.10.0-1 -- Update to 1.10.0 (#958814) - -* Thu Feb 28 2013 Thomas Graf - 1.9.0-1 -- Update to 1.9.0 (#916537) - -* Tue Feb 12 2013 Thomas Graf - 1.7.3-8 -- Fix systemd service dependency loop (#818754) - -* Fri Jan 25 2013 Thomas Graf - 1.7.3-7 -- Auto-start openvswitch service on ifup/ifdown (#818754) -- Add OVSREQUIRES to allow defining OpenFlow interface dependencies - -* Thu Jan 24 2013 Thomas Graf - 1.7.3-6 -- Update to Open vSwitch 1.7.3 - -* Tue Nov 20 2012 Thomas Graf - 1.7.1-6 -- Increase max fd limit to support 256 bridges (#873072) - -* Thu Nov 1 2012 Thomas Graf - 1.7.1-5 -- Don't create world writable pki/*/incomming directory (#845351) - -* Thu Oct 25 2012 Thomas Graf - 1.7.1-4 -- Don't add iptables accept rule for -p GRE as GRE tunneling is unsupported - -* Tue Oct 16 2012 Thomas Graf - 1.7.1-3 -- require systemd instead of systemd-units to use macro helpers (#850258) - -* Tue Oct 9 2012 Thomas Graf - 1.7.1-2 -- make ovs-vsctl timeout if daemon is not running (#858722) - -* Mon Sep 10 2012 Thomas Graf - 1.7.1.-1 -- Update to 1.7.1 - -* Fri Sep 7 2012 Thomas Graf - 1.7.0.-3 -- add controller package containing ovs-controller - -* Thu Aug 23 2012 Tomas Hozza - 1.7.0-2 -- fixed SPEC file so it comply with new systemd-rpm macros guidelines (#850258) - -* Fri Aug 17 2012 Tomas Hozza - 1.7.0-1 -- Update to 1.7.0 -- Fixed openvswitch-configure-ovskmod-var-autoconfd.patch because - openvswitch kernel module name changed in 1.7.0 -- Removed Source8: ovsdbmonitor-move-to-its-own-data-directory.patch -- Patches merged: - - ovsdbmonitor-move-to-its-own-data-directory-automaked.patch - - openvswitch-rhel-initscripts-resync.patch - -* Fri Jul 20 2012 Fedora Release Engineering - 1.4.0-6 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild - -* Thu Mar 15 2012 Chris Wright - 1.4.0-5 -- fix ovs network initscripts DHCP address acquisition (#803843) - -* Tue Mar 6 2012 Chris Wright - 1.4.0-4 -- make BuildRequires openssl explicit (needed on f18/rawhide now) - -* Tue Mar 6 2012 Chris Wright - 1.4.0-3 -- use glob to catch compressed manpages - -* Thu Mar 1 2012 Chris Wright - 1.4.0-2 -- Update License comment, use consitent macros as per review comments bz799171 - -* Wed Feb 29 2012 Chris Wright - 1.4.0-1 -- Initial package for Fedora diff --git a/SPECS/openvswitch3.3.spec b/SPECS/openvswitch3.3.spec new file mode 100644 index 0000000..970068f --- /dev/null +++ b/SPECS/openvswitch3.3.spec @@ -0,0 +1,794 @@ +# Copyright (C) 2009, 2010, 2013, 2014 Nicira Networks, Inc. +# +# Copying and distribution of this file, with or without modification, +# are permitted in any medium without royalty provided the copyright +# notice and this notice are preserved. This file is offered as-is, +# without warranty of any kind. +# +# If tests have to be skipped while building, specify the '--without check' +# option. For example: +# rpmbuild -bb --without check rhel/openvswitch-fedora.spec + +# This defines the base package name's version. + +%define pkgname openvswitch3.3 + + +%if 0%{?commit:1} +%global shortcommit %(c=%{commit}; echo ${c:0:7}) +%endif + +# Enable PIE, bz#955181 +%global _hardened_build 1 + +# RHEL-7 doesn't define _rundir macro yet +# Fedora 15 onwards uses /run as _rundir +%if 0%{!?_rundir:1} +%define _rundir /run +%endif + +# FIXME Test "STP - flush the fdb and mdb when topology changed" fails on s390x +# FIXME 2 tests fails on ppc64le. They will be hopefully fixed before official 2.11 +%ifarch %{ix86} x86_64 aarch64 +%bcond_without check +%else +%bcond_with check +%endif +# option to run kernel datapath tests, requires building as root! +%bcond_with check_datapath_kernel +# option to build with libcap-ng, needed for running OVS as regular user +%bcond_without libcapng +# option to build with ipsec support +%bcond_without ipsec + +# Build python2 (that provides python) and python3 subpackages on Fedora +# Build only python3 (that provides python) subpackage on RHEL8 +# Build only python subpackage on RHEL7 +%if 0%{?rhel} > 7 || 0%{?fedora} +# On RHEL8 Sphinx is included in buildroot +%global external_sphinx 1 +%else +# Don't use external sphinx (RHV doesn't have optional repositories enabled) +%global external_sphinx 0 +%endif + +Name: %{pkgname} +Summary: Open vSwitch +Group: System Environment/Daemons daemon/database/utilities +URL: http://www.openvswitch.org/ +Version: 3.3.0 +Release: 2%{?dist} + +# Nearly all of openvswitch is ASL 2.0. The bugtool is LGPLv2+, and the +# lib/sflow*.[ch] files are SISSL +# datapath/ is GPLv2 (although not built into any of the binary packages) +License: ASL 2.0 and LGPLv2+ and SISSL + +%define dpdkver 23.11 +%define dpdkdir dpdk +%define dpdksver %(echo %{dpdkver} | cut -d. -f-2) +# NOTE: DPDK does not currently build for s390x +# DPDK on aarch64 is not stable enough to be enabled in FDP +%if 0%{?rhel} > 7 || 0%{?fedora} +%define dpdkarches x86_64 ppc64le +%else +%define dpdkarches +%endif + +%if 0%{?commit:1} +Source: https://github.com/openvswitch/ovs/archive/%{commit}.tar.gz#/openvswitch-%{commit}.tar.gz +%else +Source: https://github.com/openvswitch/ovs/archive/v%{version}.tar.gz#/openvswitch-%{version}.tar.gz +%endif +Source2: openvswitch.sysusers +Source3: openvswitch-hugetlbfs.sysusers +Source10: https://fast.dpdk.org/rel/dpdk-%{dpdkver}.tar.xz + +%define docutilsver 0.12 +%define pygmentsver 1.4 +%define sphinxver 1.2.3 +%define pyelftoolsver 0.27 +Source100: https://pypi.io/packages/source/d/docutils/docutils-%{docutilsver}.tar.gz +Source101: https://pypi.io/packages/source/P/Pygments/Pygments-%{pygmentsver}.tar.gz +Source102: https://pypi.io/packages/source/S/Sphinx/Sphinx-%{sphinxver}.tar.gz +Source103: https://pypi.io/packages/source/p/pyelftools/pyelftools-%{pyelftoolsver}.tar.gz + +%define apply_patch %(test -s %{_sourcedir}/openvswitch-%{version}.patch && echo 1 || echo 0) + +%if %{apply_patch} +Patch0: openvswitch-%{version}.patch +%endif + +# The DPDK is designed to optimize througput of network traffic using, among +# other techniques, carefully crafted assembly instructions. As such it +# needs extensive work to port it to other architectures. +ExclusiveArch: x86_64 aarch64 ppc64le s390x + +# Do not enable this otherwise YUM will break on any upgrade. +# Provides: openvswitch +Conflicts: openvswitch < 3.3 +Conflicts: openvswitch-dpdk < 3.3 +Conflicts: openvswitch2.10 +Conflicts: openvswitch2.11 +Conflicts: openvswitch2.12 +Conflicts: openvswitch2.13 +Conflicts: openvswitch2.14 +Conflicts: openvswitch2.15 +Conflicts: openvswitch2.16 +Conflicts: openvswitch2.17 +Conflicts: openvswitch3.0 +Conflicts: openvswitch3.1 +Conflicts: openvswitch3.2 + +# FIXME Sphinx is used to generate some manpages, unfortunately, on RHEL, it's +# in the -optional repository and so we can't require it directly since RHV +# doesn't have the -optional repository enabled and so TPS fails +%if %{external_sphinx} +BuildRequires: python3-sphinx +%else +# Sphinx dependencies +BuildRequires: python-devel +BuildRequires: python-setuptools +#BuildRequires: python2-docutils +BuildRequires: python-jinja2 +BuildRequires: python-nose +#BuildRequires: python2-pygments +# docutils dependencies +BuildRequires: python-imaging +# pygments dependencies +BuildRequires: python-nose +%endif + +BuildRequires: gcc gcc-c++ make +BuildRequires: autoconf automake libtool +BuildRequires: systemd-units systemd-rpm-macros openssl openssl-devel +BuildRequires: python3-devel python3-setuptools +BuildRequires: desktop-file-utils +BuildRequires: groff-base graphviz +BuildRequires: unbound-devel +BuildRequires: systemtap-sdt-devel +# make check dependencies +BuildRequires: procps-ng +%if %{with check_datapath_kernel} +BuildRequires: nmap-ncat +# would be useful but not available in RHEL or EPEL +#BuildRequires: pyftpdlib +%endif + +%if %{with libcapng} +BuildRequires: libcap-ng libcap-ng-devel +%endif + +%ifarch %{dpdkarches} +BuildRequires: meson +%if 0%{?rhel} > 8 || 0%{?fedora} +BuildRequires: python3-pyelftools +%endif +# DPDK driver dependencies +BuildRequires: zlib-devel numactl-devel libarchive-devel +# libarchive static dependencies +BuildRequires: bzip2-devel libacl-devel libxml2-devel libzstd-devel lz4-devel xz-devel +%ifarch x86_64 +BuildRequires: rdma-core-devel >= 15 libmnl-devel +%endif + +# Required by packaging policy for the bundled DPDK +Provides: bundled(dpdk) = %{dpdkver} +%endif + +Requires: openssl iproute module-init-tools +#Upstream kernel commit 4f647e0a3c37b8d5086214128614a136064110c3 +#Requires: kernel >= 3.15.0-0 +Requires: openvswitch-selinux-extra-policy + +%{?sysusers_requires_compat} +Requires(post): /bin/sed +Requires(post): systemd-units +Requires(preun): systemd-units +Requires(postun): systemd-units +Obsoletes: openvswitch-controller <= 0:2.1.0-1 + +%if 0%{?rhel} +# sortedcontainers are not packaged on RHEL yet, but ovs includes it +%global __requires_exclude ^python%{python3_version}dist\\(sortedcontainers\\)$ +%endif + +%description +Open vSwitch provides standard network bridging functions and +support for the OpenFlow protocol for remote per-flow control of +traffic. + +%package -n python3-%{pkgname} +Summary: Open vSwitch python3 bindings +License: ASL 2.0 +Requires: %{pkgname} = %{?epoch:%{epoch}:}%{version}-%{release} +Provides: python-%{pkgname} = %{?epoch:%{epoch}:}%{version}-%{release} + +%description -n python3-%{pkgname} +Python bindings for the Open vSwitch database + +%package test +Summary: Open vSwitch testing utilities +License: ASL 2.0 +BuildArch: noarch +Requires: python3-%{pkgname} = %{?epoch:%{epoch}:}%{version}-%{release} +Requires: tcpdump + +%description test +Utilities that are useful to diagnose performance and connectivity +issues in Open vSwitch setup. + +%package devel +Summary: Open vSwitch OpenFlow development package (library, headers) +License: ASL 2.0 +Requires: %{pkgname} = %{?epoch:%{epoch}:}%{version}-%{release} + +%description devel +This provides shared library, libopenswitch.so and the openvswitch header +files needed to build an external application. + +%if 0%{?rhel} == 8 || 0%{?fedora} > 28 +%package -n network-scripts-%{name} +Summary: Open vSwitch legacy network service support +License: ASL 2.0 +Requires: network-scripts +Supplements: (%{name} and network-scripts) + +%description -n network-scripts-%{name} +This provides the ifup and ifdown scripts for use with the legacy network +service. +%endif + +%if %{with ipsec} +%package ipsec +Summary: Open vSwitch IPsec tunneling support +License: ASL 2.0 +Requires: python3-%{pkgname} = %{?epoch:%{epoch}:}%{version}-%{release} +Requires: libreswan + +%description ipsec +This package provides IPsec tunneling support for OVS tunnels. +%endif + +%prep +%if 0%{?commit:1} +%setup -q -n ovs-%{commit} -a 10 +%else +%setup -q -n ovs-%{version} -a 10 +%endif +%if ! %{external_sphinx} +%if 0%{?commit:1} +%setup -n ovs-%{commit} -q -D -T -a 100 -a 101 -a 102 +%else +%setup -n ovs-%{version} -q -D -T -a 100 -a 101 -a 102 +%endif +%endif +%if 0%{?rhel} && 0%{?rhel} < 9 +%if 0%{?commit:1} +%setup -n ovs-%{commit} -q -D -T -a 103 +%else +%setup -n ovs-%{version} -q -D -T -a 103 +%endif +%endif + +mv dpdk-*/ %{dpdkdir}/ + +%if %{apply_patch} +%patch0 -p1 +%endif + +%build +%if 0%{?rhel} && 0%{?rhel} < 9 +export PYTHONPATH="${PWD}/pyelftools-%{pyelftoolsver}" +%endif +# Build Sphinx on RHEL +%if ! %{external_sphinx} +export PYTHONPATH="${PYTHONPATH:+$PYTHONPATH:}%{_builddir}/pytmp/lib/python" +for x in docutils-%{docutilsver} Pygments-%{pygmentsver} Sphinx-%{sphinxver}; do + pushd "$x" + python2 setup.py install --home %{_builddir}/pytmp + popd +done + +export PATH="$PATH:%{_builddir}/pytmp/bin" +%endif + +./boot.sh + +%ifarch %{dpdkarches} # build dpdk +# Lets build DPDK first +cd %{dpdkdir} + +ENABLED_DRIVERS=( + bus/pci + bus/vdev + mempool/ring + net/failsafe + net/i40e + net/ring + net/vhost + net/virtio + net/tap +) + +%ifarch x86_64 +ENABLED_DRIVERS+=( + baseband/acc + bus/auxiliary + bus/vmbus + common/iavf + common/mlx5 + common/nfp + net/bnxt + net/enic + net/iavf + net/ice + net/mlx5 + net/netvsc + net/nfp + net/qede + net/vdev_netvsc +) +%endif + +%ifarch aarch64 x86_64 +ENABLED_DRIVERS+=( + net/e1000 + net/ixgbe +) +%endif + +for driver in "${ENABLED_DRIVERS[@]}"; do + enable_drivers="${enable_drivers:+$enable_drivers,}"$driver +done + +# If doing any updates, this must be aligned with: +# https://access.redhat.com/articles/3538141 +ENABLED_LIBS=( + bbdev + bitratestats + bpf + cmdline + cryptodev + dmadev + gro + gso + hash + ip_frag + latencystats + member + meter + metrics + pcapng + pdump + security + stack + vhost +) + +for lib in "${ENABLED_LIBS[@]}"; do + enable_libs="${enable_libs:+$enable_libs,}"$lib +done + +%set_build_flags +%__meson --prefix=%{_builddir}/dpdk-build \ + --buildtype=plain \ + -Denable_libs="$enable_libs" \ + -Ddisable_apps="*" \ + -Denable_drivers="$enable_drivers" \ + -Dplatform=generic \ + -Dmax_ethports=1024 \ + -Dmax_numa_nodes=8 \ + -Dtests=false \ + %{_vpath_builddir} +%meson_build +%__meson install -C %{_vpath_builddir} --no-rebuild + +# FIXME currently with LTO enabled OVS tries to link with both static and shared libraries +rm -v %{_builddir}/dpdk-build/%{_lib}/*.so* + +# Generate a list of supported drivers, its hard to tell otherwise. +cat << EOF > README.DPDK-PMDS +DPDK drivers included in this package: + +EOF + +for f in %{_builddir}/dpdk-build/%{_lib}/librte_net_*.a; do + basename ${f} | cut -c12- | cut -d. -f1 | tr [:lower:] [:upper:] +done >> README.DPDK-PMDS + +cat << EOF >> README.DPDK-PMDS + +For further information about the drivers, see +http://dpdk.org/doc/guides-%{dpdksver}/nics/index.html +EOF + +cd - +%endif # build dpdk + +# And now for OVS... +mkdir build-shared build-static +pushd build-shared +ln -s ../configure +%configure \ +%if %{with libcapng} + --enable-libcapng \ +%else + --disable-libcapng \ +%endif + --disable-static \ + --enable-shared \ + --enable-ssl \ + --with-pkidir=%{_sharedstatedir}/openvswitch/pki \ + --enable-usdt-probes \ + --disable-afxdp +make %{?_smp_mflags} +popd +pushd build-static +ln -s ../configure +%ifarch %{dpdkarches} +PKG_CONFIG_PATH=%{_builddir}/dpdk-build/%{_lib}/pkgconfig \ +%endif +%configure \ +%if %{with libcapng} + --enable-libcapng \ +%else + --disable-libcapng \ +%endif + --enable-ssl \ +%ifarch %{dpdkarches} + --with-dpdk=static \ +%endif + --with-pkidir=%{_sharedstatedir}/openvswitch/pki \ + --enable-usdt-probes \ + --disable-afxdp +make %{?_smp_mflags} +popd + +/usr/bin/python3 build-aux/dpdkstrip.py \ + --dpdk \ + < rhel/usr_lib_systemd_system_ovs-vswitchd.service.in \ + > rhel/usr_lib_systemd_system_ovs-vswitchd.service + +%install +rm -rf $RPM_BUILD_ROOT +make -C build-shared install sbin_PROGRAMS=ovsdb/ovsdb-server DESTDIR=$RPM_BUILD_ROOT +make -C build-static install bin_PROGRAMS= sbin_PROGRAMS=vswitchd/ovs-vswitchd DESTDIR=$RPM_BUILD_ROOT + +install -d -m 0755 $RPM_BUILD_ROOT%{_rundir}/openvswitch +install -d -m 0750 $RPM_BUILD_ROOT%{_localstatedir}/log/openvswitch +install -d -m 0755 $RPM_BUILD_ROOT%{_sysconfdir}/openvswitch + +install -p -D -m 0644 %{SOURCE2} $RPM_BUILD_ROOT%{_sysusersdir}/openvswitch.conf +%ifarch %{dpdkarches} +install -p -D -m 0644 %{SOURCE3} $RPM_BUILD_ROOT%{_sysusersdir}/openvswitch-hugetlbfs.conf +%endif + +install -p -D -m 0644 rhel/usr_lib_udev_rules.d_91-vfio.rules \ + $RPM_BUILD_ROOT%{_udevrulesdir}/91-vfio.rules + +install -p -D -m 0644 \ + rhel/usr_share_openvswitch_scripts_systemd_sysconfig.template \ + $RPM_BUILD_ROOT/%{_sysconfdir}/sysconfig/openvswitch + +for service in openvswitch ovsdb-server ovs-vswitchd \ + ovs-delete-transient-ports; do + install -p -D -m 0644 \ + rhel/usr_lib_systemd_system_${service}.service \ + $RPM_BUILD_ROOT%{_unitdir}/${service}.service +done + +%if %{with ipsec} +install -p -D -m 0644 rhel/usr_lib_systemd_system_openvswitch-ipsec.service \ + $RPM_BUILD_ROOT%{_unitdir}/openvswitch-ipsec.service +%endif + +install -m 0755 rhel/etc_init.d_openvswitch \ + $RPM_BUILD_ROOT%{_datadir}/openvswitch/scripts/openvswitch.init + +install -p -D -m 0644 rhel/etc_openvswitch_default.conf \ + $RPM_BUILD_ROOT/%{_sysconfdir}/openvswitch/default.conf + +install -p -D -m 0644 rhel/etc_logrotate.d_openvswitch \ + $RPM_BUILD_ROOT/%{_sysconfdir}/logrotate.d/openvswitch + +install -m 0644 vswitchd/vswitch.ovsschema \ + $RPM_BUILD_ROOT/%{_datadir}/openvswitch/vswitch.ovsschema + +%if 0%{?rhel} < 9 +install -d -m 0755 $RPM_BUILD_ROOT/%{_sysconfdir}/sysconfig/network-scripts/ +install -p -m 0755 rhel/etc_sysconfig_network-scripts_ifdown-ovs \ + $RPM_BUILD_ROOT/%{_sysconfdir}/sysconfig/network-scripts/ifdown-ovs +install -p -m 0755 rhel/etc_sysconfig_network-scripts_ifup-ovs \ + $RPM_BUILD_ROOT/%{_sysconfdir}/sysconfig/network-scripts/ifup-ovs +%endif + +install -d -m 0755 $RPM_BUILD_ROOT%{python3_sitelib} +cp -a $RPM_BUILD_ROOT/%{_datadir}/openvswitch/python/ovstest \ + $RPM_BUILD_ROOT%{python3_sitelib} + +# Build the JSON C extension for the Python lib (#1417738) +pushd python +( +export CPPFLAGS="-I ../include -I ../build-shared/include" +export LDFLAGS="%{__global_ldflags} -L $RPM_BUILD_ROOT%{_libdir}" +%py3_build +%py3_install +[ -f "$RPM_BUILD_ROOT/%{python3_sitearch}/ovs/_json$(python3-config --extension-suffix)" ] +) +popd + +rm -rf $RPM_BUILD_ROOT/%{_datadir}/openvswitch/python/ + +install -d -m 0755 $RPM_BUILD_ROOT/%{_sharedstatedir}/openvswitch + +install -d -m 0755 $RPM_BUILD_ROOT%{_prefix}/lib/firewalld/services/ + +install -p -D -m 0755 \ + rhel/usr_share_openvswitch_scripts_ovs-systemd-reload \ + $RPM_BUILD_ROOT%{_datadir}/openvswitch/scripts/ovs-systemd-reload + +touch $RPM_BUILD_ROOT%{_sysconfdir}/openvswitch/conf.db +# The db needs special permission as IPsec Pre-shared keys are stored in it. +chmod 0640 $RPM_BUILD_ROOT%{_sysconfdir}/openvswitch/conf.db + +touch $RPM_BUILD_ROOT%{_sysconfdir}/openvswitch/system-id.conf + +# remove unpackaged files +rm -f $RPM_BUILD_ROOT/%{_bindir}/ovs-benchmark \ + $RPM_BUILD_ROOT/%{_bindir}/ovs-docker \ + $RPM_BUILD_ROOT/%{_bindir}/ovs-parse-backtrace \ + $RPM_BUILD_ROOT/%{_bindir}/ovs-testcontroller \ + $RPM_BUILD_ROOT/%{_sbindir}/ovs-vlan-bug-workaround \ + $RPM_BUILD_ROOT/%{_mandir}/man1/ovs-benchmark.1* \ + $RPM_BUILD_ROOT/%{_mandir}/man8/ovs-testcontroller.* \ + $RPM_BUILD_ROOT/%{_mandir}/man8/ovs-vlan-bug-workaround.8* + +%if ! %{with ipsec} +rm -f $RPM_BUILD_ROOT/%{_datadir}/openvswitch/scripts/ovs-monitor-ipsec +%endif + +# remove ovn unpackages files +rm -f $RPM_BUILD_ROOT%{_bindir}/ovn* +rm -f $RPM_BUILD_ROOT%{_mandir}/man1/ovn* +rm -f $RPM_BUILD_ROOT%{_mandir}/man5/ovn* +rm -f $RPM_BUILD_ROOT%{_mandir}/man7/ovn* +rm -f $RPM_BUILD_ROOT%{_mandir}/man8/ovn* +rm -f $RPM_BUILD_ROOT%{_datadir}/openvswitch/ovn* +rm -f $RPM_BUILD_ROOT%{_datadir}/openvswitch/scripts/ovn* +rm -f $RPM_BUILD_ROOT%{_includedir}/ovn/* + +%check +%if %{with check} + pushd build-static + touch resolv.conf + export OVS_RESOLV_CONF=$(pwd)/resolv.conf + if make check TESTSUITEFLAGS='%{_smp_mflags}' || + make check TESTSUITEFLAGS='--recheck'; then :; + else + cat tests/testsuite.log + exit 1 + fi + popd +%endif +%if %{with check_datapath_kernel} + pushd build-static + if make check-kernel RECHECK=yes; then :; + else + cat tests/system-kmod-testsuite.log + exit 1 + fi + popd +%endif + +%clean +rm -rf $RPM_BUILD_ROOT + +%preun +%if 0%{?systemd_preun:1} + %systemd_preun openvswitch.service +%else + if [ $1 -eq 0 ] ; then + # Package removal, not upgrade + /bin/systemctl --no-reload disable openvswitch.service >/dev/null 2>&1 || : + /bin/systemctl stop openvswitch.service >/dev/null 2>&1 || : + fi +%endif + +%pre +%sysusers_create_compat %{SOURCE2} +%ifarch %{dpdkarches} +%sysusers_create_compat %{SOURCE3} +%endif + +%post +if [ $1 -eq 1 ]; then + sed -i 's:^#OVS_USER_ID=:OVS_USER_ID=:' /etc/sysconfig/openvswitch + +%ifarch %{dpdkarches} + sed -i \ + 's@OVS_USER_ID="openvswitch:openvswitch"@OVS_USER_ID="openvswitch:hugetlbfs"@'\ + /etc/sysconfig/openvswitch +%endif +fi +chown -R openvswitch:openvswitch /etc/openvswitch + +%if 0%{?systemd_post:1} + %systemd_post openvswitch.service +%else + # Package install, not upgrade + if [ $1 -eq 1 ]; then + /bin/systemctl daemon-reload >dev/null || : + fi +%endif + +%postun +%if 0%{?systemd_postun:1} + %systemd_postun openvswitch.service +%else + /bin/systemctl daemon-reload >/dev/null 2>&1 || : +%endif + +%triggerun -- openvswitch < 2.5.0-22.git20160727%{?dist} +# old rpm versions restart the service in postun, but +# due to systemd some preparation is needed. +if systemctl is-active openvswitch >/dev/null 2>&1 ; then + /usr/share/openvswitch/scripts/ovs-ctl stop >/dev/null 2>&1 || : + systemctl daemon-reload >/dev/null 2>&1 || : + systemctl stop openvswitch ovsdb-server ovs-vswitchd >/dev/null 2>&1 || : + systemctl start openvswitch >/dev/null 2>&1 || : +fi +exit 0 + +%files -n python3-%{pkgname} +%{python3_sitearch}/ovs +%{python3_sitearch}/ovs-*.egg-info +%doc LICENSE + +%files test +%{_bindir}/ovs-pcap +%{_bindir}/ovs-tcpdump +%{_bindir}/ovs-tcpundump +%{_datadir}/openvswitch/scripts/usdt/* +%{_mandir}/man1/ovs-pcap.1* +%{_mandir}/man8/ovs-tcpdump.8* +%{_mandir}/man1/ovs-tcpundump.1* +%{_bindir}/ovs-test +%{_bindir}/ovs-vlan-test +%{_bindir}/ovs-l3ping +%{_mandir}/man8/ovs-test.8* +%{_mandir}/man8/ovs-vlan-test.8* +%{_mandir}/man8/ovs-l3ping.8* +%{python3_sitelib}/ovstest + +%files devel +%{_libdir}/*.so +%{_libdir}/pkgconfig/*.pc +%{_includedir}/openvswitch/* +%{_includedir}/openflow/* +%exclude %{_libdir}/*.a +%exclude %{_libdir}/*.la + +%if 0%{?rhel} == 8 || 0%{?fedora} > 28 +%files -n network-scripts-%{name} +%{_sysconfdir}/sysconfig/network-scripts/ifup-ovs +%{_sysconfdir}/sysconfig/network-scripts/ifdown-ovs +%endif + +%files +%defattr(-,openvswitch,openvswitch) +%dir %{_sysconfdir}/openvswitch +%{_sysconfdir}/openvswitch/default.conf +%config %ghost %verify(not owner group md5 size mtime) %{_sysconfdir}/openvswitch/conf.db +%ghost %attr(0600,-,-) %verify(not owner group md5 size mtime) %{_sysconfdir}/openvswitch/.conf.db.~lock~ +%config %ghost %{_sysconfdir}/openvswitch/system-id.conf +%defattr(-,root,root) +%config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/sysconfig/openvswitch +%{_sysconfdir}/bash_completion.d/ovs-appctl-bashcomp.bash +%{_sysconfdir}/bash_completion.d/ovs-vsctl-bashcomp.bash +%config(noreplace) %{_sysconfdir}/logrotate.d/openvswitch +%{_unitdir}/openvswitch.service +%{_unitdir}/ovsdb-server.service +%{_unitdir}/ovs-vswitchd.service +%{_unitdir}/ovs-delete-transient-ports.service +%{_datadir}/openvswitch/scripts/openvswitch.init +%{_datadir}/openvswitch/scripts/ovs-check-dead-ifs +%{_datadir}/openvswitch/scripts/ovs-lib +%{_datadir}/openvswitch/scripts/ovs-save +%{_datadir}/openvswitch/scripts/ovs-vtep +%{_datadir}/openvswitch/scripts/ovs-ctl +%{_datadir}/openvswitch/scripts/ovs-kmod-ctl +%{_datadir}/openvswitch/scripts/ovs-systemd-reload +%config %{_datadir}/openvswitch/local-config.ovsschema +%config %{_datadir}/openvswitch/vswitch.ovsschema +%config %{_datadir}/openvswitch/vtep.ovsschema +%{_bindir}/ovs-appctl +%{_bindir}/ovs-dpctl +%{_bindir}/ovs-ofctl +%{_bindir}/ovs-vsctl +%{_bindir}/ovsdb-client +%{_bindir}/ovsdb-tool +%{_bindir}/ovs-pki +%{_bindir}/vtep-ctl +%{_libdir}/*.so.* +%{_sbindir}/ovs-vswitchd +%{_sbindir}/ovsdb-server +%{_mandir}/man1/ovsdb-client.1* +%{_mandir}/man1/ovsdb-server.1* +%{_mandir}/man1/ovsdb-tool.1* +%{_mandir}/man5/ovsdb.5* +%{_mandir}/man5/ovsdb.local-config.5* +%{_mandir}/man5/ovsdb-server.5.* +%{_mandir}/man5/ovs-vswitchd.conf.db.5* +%{_mandir}/man5/vtep.5* +%{_mandir}/man7/ovsdb-server.7* +%{_mandir}/man7/ovsdb.7* +%{_mandir}/man7/ovs-actions.7* +%{_mandir}/man7/ovs-fields.7* +%{_mandir}/man8/vtep-ctl.8* +%{_mandir}/man8/ovs-appctl.8* +%{_mandir}/man8/ovs-ctl.8* +%{_mandir}/man8/ovs-dpctl.8* +%{_mandir}/man8/ovs-kmod-ctl.8.* +%{_mandir}/man8/ovs-ofctl.8* +%{_mandir}/man8/ovs-pki.8* +%{_mandir}/man8/ovs-vsctl.8* +%{_mandir}/man8/ovs-vswitchd.8* +%{_mandir}/man8/ovs-parse-backtrace.8* +%{_udevrulesdir}/91-vfio.rules +%doc LICENSE NOTICE README.rst NEWS rhel/README.RHEL.rst +%ifarch %{dpdkarches} +%doc %{dpdkdir}/README.DPDK-PMDS +%attr(750,openvswitch,hugetlbfs) %verify(not owner group) /var/log/openvswitch +%else +%attr(750,openvswitch,openvswitch) %verify(not owner group) /var/log/openvswitch +%endif +/var/lib/openvswitch +%ghost %attr(755,root,root) %verify(not owner group) %{_rundir}/openvswitch +%{_datadir}/openvswitch/bugtool-plugins/ +%{_datadir}/openvswitch/scripts/ovs-bugtool-* +%{_bindir}/ovs-dpctl-top +%{_sbindir}/ovs-bugtool +%{_mandir}/man8/ovs-dpctl-top.8* +%{_mandir}/man8/ovs-bugtool.8* +%if (0%{?rhel} && 0%{?rhel} <= 7) || (0%{?fedora} && 0%{?fedora} < 29) +%{_sysconfdir}/sysconfig/network-scripts/ifup-ovs +%{_sysconfdir}/sysconfig/network-scripts/ifdown-ovs +%endif +%{_sysusersdir}/openvswitch.conf +%ifarch %{dpdkarches} +%{_sysusersdir}/openvswitch-hugetlbfs.conf +%endif + +%if %{with ipsec} +%files ipsec +%{_datadir}/openvswitch/scripts/ovs-monitor-ipsec +%{_unitdir}/openvswitch-ipsec.service +%endif + +%changelog +* Wed Mar 13 2024 Open vSwitch CI - 3.3.0-2 +- Merging upstream branch-3.3 [RH git: ed97fb253e] + Commit list: + c85158e265 netdev-dpdk: Clean up all marker flags if no offloads requested. + a6bb8be429 github: Reduce ASLR entropy to be compatible with asan in llvm 14. + 70dcee98f4 netdev-dpdk: Dump packets that fail Tx preparation. + 5ae591757a bfd: Improve state change log message. (#2258496) + efbc37b946 tests: Fix "SSL db: Implementation" test with openssl > 3.2.0. + 0f1af687cc conntrack: Fix flush not flushing all elements. + 04f1984a44 m4: Fix linking with OpenSSL 1.1.0+ and 3+ on Windows. + 8f903b598f ovs-pki: Fix file permissions on Windows. + 3002010658 bond: Reset stats when deleting post recirc rule. + 02f0d6db14 ofproto-dpif-trace: Fix infinite recirculation tracing. + e68ddb34bc github: Temporarily disable SNAT with exhaustion system test. + 95d4d7108a dp-packet: Don't offload inner csum if outer isn't supported. + 05453d807d ofproto-dpif-xlate: Fix ignoring IPv6 local_ip for native tunnels. + a0df9c85de netdev-dummy: Add local route entries for IP addresses. + 2f742d7afc tests: Move the non-local port as tunnel endpoint test. + a6bdf7d310 Prepare for 3.3.1. + + +* Wed Mar 13 2024 Timothy Redaelli - 3.3.0-1 +- redhat: Imported Red Hat OVS 3.3 build files. [RH git: dfdea27000] + +