diff --git a/.ci/linux-build.sh b/.ci/linux-build.sh new file mode 100755 index 0000000000..61b73744d5 --- /dev/null +++ b/.ci/linux-build.sh @@ -0,0 +1,131 @@ +#!/bin/bash + +set -o errexit + +KERNELSRC="" +CFLAGS="-Werror" +SPARSE_FLAGS="" +EXTRA_OPTS="" +TARGET="x86_64-native-linuxapp-gcc" + +function install_kernel() +{ + if [[ "$1" =~ ^4.* ]]; then + PREFIX="v4.x" + elif [[ "$1" =~ ^3.* ]]; then + PREFIX="v3.x" + else + PREFIX="v2.6/longterm/v2.6.32" + fi + + wget https://www.kernel.org/pub/linux/kernel/${PREFIX}/linux-${1}.tar.gz + tar xzvf linux-${1}.tar.gz > /dev/null + cd linux-${1} + make allmodconfig + + # Cannot use CONFIG_KCOV: -fsanitize-coverage=trace-pc is not supported by compiler + sed -i 's/CONFIG_KCOV=y/CONFIG_KCOV=n/' .config + + # stack validation depends on tools/objtool, but objtool does not compile on travis. + # It is giving following error. + # >>> GEN arch/x86/insn/inat-tables.c + # >>> Semantic error at 40: Unknown imm opnd: AL + # So for now disable stack-validation for the build. + + sed -i 's/CONFIG_STACK_VALIDATION=y/CONFIG_STACK_VALIDATION=n/' .config + make oldconfig + + # Older kernels do not include openvswitch + if [ -d "net/openvswitch" ]; then + make net/openvswitch/ + else + make net/bridge/ + fi + + KERNELSRC=$(pwd) + if [ ! "$DPDK" ] && [ ! "$DPDK_SHARED" ]; then + EXTRA_OPTS="--with-linux=$(pwd)" + fi + echo "Installed kernel source in $(pwd)" + cd .. +} + +function install_dpdk() +{ + if [ -n "$DPDK_GIT" ]; then + git clone $DPDK_GIT dpdk-$1 + cd dpdk-$1 + git checkout tags/v$1 + else + wget https://fast.dpdk.org/rel/dpdk-$1.tar.xz + tar xvf dpdk-$1.tar.xz > /dev/null + DIR_NAME=$(tar -tf dpdk-$1.tar.xz | head -1 | cut -f1 -d"/") + if [ $DIR_NAME != "dpdk-$1" ]; then mv $DIR_NAME dpdk-$1; fi + cd dpdk-$1 + fi + find ./ -type f | xargs sed -i 's/max-inline-insns-single=100/max-inline-insns-single=400/' + find ./ -type f | xargs sed -i 's/-Werror/-Werror -Wno-error=inline/' + echo 'CONFIG_RTE_BUILD_FPIC=y' >>config/common_linuxapp + sed -ri '/EXECENV_CFLAGS = -pthread -fPIC/{s/$/\nelse ifeq ($(CONFIG_RTE_BUILD_FPIC),y)/;s/$/\nEXECENV_CFLAGS = -pthread -fPIC/}' mk/exec-env/linuxapp/rte.vars.mk + if [ "$DPDK_SHARED" ]; then + sed -i '/CONFIG_RTE_BUILD_SHARED_LIB=n/s/=n/=y/' config/common_base + export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$(pwd)/$TARGET/lib + fi + make config CC=gcc T=$TARGET + make CC=gcc RTE_KERNELDIR=$KERNELSRC + echo "Installed DPDK source in $(pwd)" + cd .. +} + +function configure_ovs() +{ + ./boot.sh && ./configure $* +} + +if [ "$KERNEL" ] || [ "$DPDK" ] || [ "$DPDK_SHARED" ]; then + install_kernel $KERNEL +fi + +if [ "$DPDK" ] || [ "$DPDK_SHARED" ]; then + if [ -z "$DPDK_VER" ]; then + DPDK_VER="18.11.11" + fi + install_dpdk $DPDK_VER + if [ "$CC" = "clang" ]; then + # Disregard cast alignment errors until DPDK is fixed + CFLAGS="$CFLAGS -Wno-cast-align" + fi + EXTRA_OPTS="$EXTRA_OPTS --with-dpdk=./dpdk-$DPDK_VER/build" +elif [ "$CC" != "clang" ]; then + # DPDK headers currently trigger sparse errors + SPARSE_FLAGS="$SPARSE_FLAGS -Wsparse-error" +fi + +configure_ovs $EXTRA_OPTS $* + +make selinux-policy + +# Only build datapath if we are testing kernel w/o running testsuite +if [ "$KERNEL" ] && [ ! "$TESTSUITE" ] && \ + [ ! "$DPDK" ] && [ ! "$DPDK_SHARED" ]; then + cd datapath +fi + +if [ "$CC" = "clang" ]; then + make -j2 CFLAGS="$CFLAGS -Wno-error=unused-command-line-argument" +elif [[ $BUILD_ENV =~ "-m32" ]]; then + # Disable sparse for 32bit builds on 64bit machine + make -j2 CFLAGS="$CFLAGS $BUILD_ENV" +else + make -j2 CFLAGS="$CFLAGS $BUILD_ENV $SPARSE_FLAGS" C=1 +fi + +if [ "$TESTSUITE" ] && [ "$CC" != "clang" ]; then + if ! make distcheck TESTSUITEFLAGS=-j4 RECHECK=yes; then + # testsuite.log is necessary for debugging. + cat */_build/tests/testsuite.log + exit 1 + fi +fi + +exit 0 diff --git a/.ci/linux-prepare.sh b/.ci/linux-prepare.sh new file mode 100755 index 0000000000..89770c28d9 --- /dev/null +++ b/.ci/linux-prepare.sh @@ -0,0 +1,14 @@ +#!/bin/bash + +set -ev + +# Build and install sparse. +# +# Explicitly disable sparse support for llvm because some travis +# environments claim to have LLVM (llvm-config exists and works) but +# linking against it fails. +git clone git://git.kernel.org/pub/scm/devel/sparse/chrisl/sparse.git +cd sparse && make HAVE_LLVM= install && cd .. + +pip install --disable-pip-version-check --user six flake8 hacking +pip install --user --upgrade docutils diff --git a/.ci/osx-build.sh b/.ci/osx-build.sh new file mode 100755 index 0000000000..f11d7b9af5 --- /dev/null +++ b/.ci/osx-build.sh @@ -0,0 +1,28 @@ +#!/bin/bash + +set -o errexit + +CFLAGS="-Werror $CFLAGS" +EXTRA_OPTS="" + +function configure_ovs() +{ + ./boot.sh && ./configure $* +} + +configure_ovs $EXTRA_OPTS $* + +if [ "$CC" = "clang" ]; then + make CFLAGS="$CFLAGS -Wno-error=unused-command-line-argument" +else + make CFLAGS="$CFLAGS $BUILD_ENV" +fi +if [ "$TESTSUITE" ] && [ "$CC" != "clang" ]; then + if ! make distcheck RECHECK=yes; then + # testsuite.log is necessary for debugging. + cat */_build/tests/testsuite.log + exit 1 + fi +fi + +exit 0 diff --git a/.ci/osx-prepare.sh b/.ci/osx-prepare.sh new file mode 100755 index 0000000000..4725fd829d --- /dev/null +++ b/.ci/osx-prepare.sh @@ -0,0 +1,7 @@ +#!/bin/bash +set -ev +pip2 install --user six +pip2 install --user --upgrade docutils + +brew update || true +brew uninstall libtool && brew install libtool || true diff --git a/.cirrus.yml b/.cirrus.yml index eb6af0a719..1bf81a983a 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -2,21 +2,21 @@ freebsd_build_task: freebsd_instance: matrix: - image: freebsd-12-0-release-amd64 - image: freebsd-11-2-release-amd64 + image_family: freebsd-12-2-snap + image_family: freebsd-11-4-snap cpu: 4 memory: 8G env: DEPENDENCIES: automake libtool gmake gcc wget openssl - python py27-six py27-sphinx py27-openssl - python3 py36-six py36-openssl + python3 py37-six py37-sphinx py37-openssl matrix: COMPILER: gcc COMPILER: clang prepare_script: - sysctl -w kern.coredump=0 + - pkg update -f - pkg install -y ${DEPENDENCIES} configure_script: diff --git a/.github/workflows/build-and-test.yml b/.github/workflows/build-and-test.yml new file mode 100644 index 0000000000..f7a4ef2b9f --- /dev/null +++ b/.github/workflows/build-and-test.yml @@ -0,0 +1,162 @@ +name: Build and Test + +on: [push, pull_request] + +jobs: + build-linux: + env: + dependencies: | + automake libtool gcc bc libjemalloc1 libjemalloc-dev \ + libssl-dev llvm-dev libelf-dev libnuma-dev \ + python-sphinx selinux-policy-dev gcc-multilib + CC: ${{ matrix.compiler }} + DPDK: ${{ matrix.dpdk }} + DPDK_SHARED: ${{ matrix.dpdk_shared }} + KERNEL: ${{ matrix.kernel }} + LIBS: ${{ matrix.libs }} + BUILD_ENV: ${{ matrix.build_env }} + OPTS: ${{ matrix.opts }} + TESTSUITE: ${{ matrix.testsuite }} + + name: linux ${{ join(matrix.*, ' ') }} + runs-on: ubuntu-16.04 + timeout-minutes: 30 + + strategy: + fail-fast: false + matrix: + compiler: [gcc, clang] + kernel: ['4.18.20', '4.17.19', '4.16.18', '4.15.18', '4.14.111', + '4.9.149', '4.4.148', '3.16.57'] + opts: [''] + testsuite: [''] + dpdk: [''] + dpdk_shared: [''] + build_env: [''] + include: + - compiler: gcc + opts: --disable-ssl + - compiler: clang + opts: --disable-ssl + + - compiler: gcc + testsuite: test + kernel: 3.16.54 + - compiler: clang + testsuite: test + kernel: 3.16.54 + + - compiler: gcc + testsuite: test + opts: --enable-shared + - compiler: clang + testsuite: test + opts: --enable-shared + + - compiler: gcc + testsuite: test + libs: -ljemalloc + - compiler: clang + testsuite: test + libs: -ljemalloc + + - compiler: gcc + dpdk: dpdk + kernel: 3.16.54 + - compiler: clang + dpdk: dpdk + kernel: 3.16.54 + + - compiler: gcc + dpdk: dpdk + kernel: 3.16.54 + opts: --enable-shared + - compiler: clang + dpdk: dpdk + kernel: 3.16.54 + opts: --enable-shared + + - compiler: gcc + dpdk_shared: dpdk-shared + kernel: 3.16.54 + - compiler: clang + dpdk_shared: dpdk-shared + kernel: 3.16.54 + + - compiler: gcc + dpdk_shared: dpdk-shared + opts: --enable-shared + kernel: 3.16.54 + - compiler: clang + dpdk_shared: dpdk-shared + kernel: 3.16.54 + opts: --enable-shared + + - compiler: gcc + build_env: -m32 + opts: --disable-ssl + + steps: + - name: checkout + uses: actions/checkout@v2 + + - name: update APT cache + run: sudo apt update || true + - name: install common dependencies + run: sudo apt install -y ${{ env.dependencies }} + - name: install libunbound + if: matrix.build_env == '' + run: sudo apt install -y libunbound-dev + + - name: prepare + run: ./.ci/linux-prepare.sh + + - name: build + run: PATH="$PATH:$HOME/bin" ./.ci/linux-build.sh ${{ env.OPTS }} + + - name: copy logs on failure + if: failure() || cancelled() + run: | + # upload-artifact@v2 throws exceptions if it tries to upload socket + # files and we could have some socket files in testsuite.dir. + # Also, upload-artifact@v2 doesn't work well enough with wildcards. + # So, we're just archiving everything here to avoid any issues. + mkdir logs + cp config.log ./logs/ + cp -r ./*/_build/sub/tests/testsuite.* ./logs/ || true + tar -czvf logs.tgz logs/ + + - name: upload logs on failure + if: failure() || cancelled() + uses: actions/upload-artifact@v2 + with: + name: logs-linux-${{ join(matrix.*, '-') }} + path: logs.tgz + + build-osx: + env: + CC: clang + OPTS: --disable-ssl + + name: osx clang --disable-ssl + runs-on: macos-latest + timeout-minutes: 30 + + strategy: + fail-fast: false + + steps: + - name: checkout + uses: actions/checkout@v2 + - name: install dependencies + run: brew install automake libtool + - name: prepare + run: ./.ci/osx-prepare.sh + - name: build + run: PATH="$PATH:$HOME/bin" ./.ci/osx-build.sh + - name: upload logs on failure + if: failure() + uses: actions/upload-artifact@v2 + with: + name: logs-osx-clang---disable-ssl + path: config.log diff --git a/AUTHORS.rst b/AUTHORS.rst index f3237e1828..e1e1e5fa36 100644 --- a/AUTHORS.rst +++ b/AUTHORS.rst @@ -523,6 +523,7 @@ Krishna Miriyala miriyalak@vmware.com Krishna Mohan Elluru elluru.kri.mohan@hpe.com László Sürü laszlo.suru@ericsson.com Len Gao leng@vmware.com +Linhaifeng haifeng.lin@huawei.com Logan Rosen logatronico@gmail.com Luca Falavigna dktrkranz@debian.org Luiz Henrique Ozaki luiz.ozaki@gmail.com @@ -619,6 +620,7 @@ Ying Chen yingchen@vmware.com Yongqiang Liu liuyq7809@gmail.com ZHANG Zhiming zhangzhiming@yunshan.net.cn Zhangguanghui zhang.guanghui@h3c.com +Zheng Jingzhou glovejmm@163.com Ziyou Wang ziyouw@vmware.com ankur dwivedi ankurengg2003@gmail.com chen zhang 3zhangchen9211@gmail.com diff --git a/Documentation/faq/configuration.rst b/Documentation/faq/configuration.rst index cb2c6b4eca..ff3b71a5d4 100644 --- a/Documentation/faq/configuration.rst +++ b/Documentation/faq/configuration.rst @@ -212,6 +212,19 @@ Q: Does Open vSwitch support ERSPAN? options:erspan_ver=2 options:erspan_dir=1 \ options:erspan_hwid=4 +Q: Does Open vSwitch support IPv6 GRE? + + A: Yes. L2 tunnel interface GRE over IPv6 is supported. + L3 GRE tunnel over IPv6 is not supported. + + :: + + $ ovs-vsctl add-br br0 + $ ovs-vsctl add-port br0 at_gre0 -- \ + set int at_gre0 type=ip6gre \ + options:remote_ip=fc00:100::1 \ + options:packet_type=legacy_l2 + Q: How do I connect two bridges? A: First, why do you want to do this? Two connected bridges are not much diff --git a/Documentation/faq/releases.rst b/Documentation/faq/releases.rst index eeb949d4a6..d6a93b943b 100644 --- a/Documentation/faq/releases.rst +++ b/Documentation/faq/releases.rst @@ -164,9 +164,9 @@ Q: What DPDK version does each Open vSwitch release work with? A: The following table lists the DPDK version against which the given versions of Open vSwitch will successfully build. - ============ ======= + ============ ======== Open vSwitch DPDK - ============ ======= + ============ ======== 2.2.x 1.6 2.3.x 1.6 2.4.x 2.0 @@ -174,10 +174,10 @@ Q: What DPDK version does each Open vSwitch release work with? 2.6.x 16.07.2 2.7.x 16.11.9 2.8.x 17.05.2 - 2.9.x 17.11.4 - 2.10.x 17.11.4 - 2.11.x 18.11.2 - ============ ======= + 2.9.x 17.11.10 + 2.10.x 17.11.10 + 2.11.x 18.11.11 + ============ ======== Q: Are all the DPDK releases that OVS versions work with maintained? diff --git a/Documentation/internals/contributing/submitting-patches.rst b/Documentation/internals/contributing/submitting-patches.rst index 5a314cc60a..f2039595e7 100644 --- a/Documentation/internals/contributing/submitting-patches.rst +++ b/Documentation/internals/contributing/submitting-patches.rst @@ -68,11 +68,9 @@ Testing is also important: feature. A bug fix patch should preferably add a test that would fail if the bug recurs. -If you are using GitHub, then you may utilize the travis-ci.org CI build system -by linking your GitHub repository to it. This will run some of the above tests -automatically when you push changes to your repository. See the "Continuous -Integration with Travis-CI" in :doc:`/topics/testing` for details on how to set -it up. +If you are using GitHub, then you may utilize the GitHub Actions CI build +system. It will run some of the above tests automatically when you push +changes to your repository. Email Subject ------------- diff --git a/Documentation/internals/mailing-lists.rst b/Documentation/internals/mailing-lists.rst index 33f20277be..e8b3440943 100644 --- a/Documentation/internals/mailing-lists.rst +++ b/Documentation/internals/mailing-lists.rst @@ -93,4 +93,4 @@ security The `security`__ mailing list is for submitting security vulnerabilities to the security team. -__ security@ovs.org +__ security@openvswitch.org diff --git a/Documentation/intro/install/dpdk.rst b/Documentation/intro/install/dpdk.rst index 6e5f1ea60a..a441715fd4 100644 --- a/Documentation/intro/install/dpdk.rst +++ b/Documentation/intro/install/dpdk.rst @@ -42,7 +42,7 @@ Build requirements In addition to the requirements described in :doc:`general`, building Open vSwitch with DPDK will require the following: -- DPDK 18.11.2 +- DPDK 18.11.11 - A `DPDK supported NIC`_ @@ -71,9 +71,9 @@ Install DPDK #. Download the `DPDK sources`_, extract the file and set ``DPDK_DIR``:: $ cd /usr/src/ - $ wget http://fast.dpdk.org/rel/dpdk-18.11.2.tar.xz - $ tar xf dpdk-18.11.2.tar.xz - $ export DPDK_DIR=/usr/src/dpdk-stable-18.11.2 + $ wget http://fast.dpdk.org/rel/dpdk-18.11.11.tar.xz + $ tar xf dpdk-18.11.11.tar.xz + $ export DPDK_DIR=/usr/src/dpdk-stable-18.11.11 $ cd $DPDK_DIR #. (Optional) Configure DPDK as a shared library @@ -687,6 +687,15 @@ Limitations around is temporary and is expected to be removed once a method is provided by DPDK to query the upper bound MTU value for a given device. +- Flow Control: When using i40e devices (Intel(R) 700 Series) it is recommended + to set Link State Change detection to interrupt mode. Otherwise it has been + observed that using the default polling mode, flow control changes may not be + applied, and flow control states will not be reflected correctly. + The issue is under investigation, this is a temporary work around. + + For information about setting Link State Change detection, refer to + :ref:`lsc-detection`. + Reporting Bugs -------------- diff --git a/Documentation/topics/dpdk/bridge.rst b/Documentation/topics/dpdk/bridge.rst index a3ed926ca9..2fae9188a4 100644 --- a/Documentation/topics/dpdk/bridge.rst +++ b/Documentation/topics/dpdk/bridge.rst @@ -74,6 +74,12 @@ OpenFlow14`` option:: $ ovs-ofctl -O OpenFlow14 dump-ports br0 +There are custom statistics that OVS accumulates itself and these stats has +``ovs_`` as prefix. These custom stats are shown along with other stats +using the following command:: + + $ ovs-vsctl get Interface statistics + EMC Insertion Probability ------------------------- diff --git a/Documentation/topics/dpdk/phy.rst b/Documentation/topics/dpdk/phy.rst index 93d74df452..9bf6e3112a 100644 --- a/Documentation/topics/dpdk/phy.rst +++ b/Documentation/topics/dpdk/phy.rst @@ -364,6 +364,8 @@ Jumbo Frames DPDK physical ports can be configured to use Jumbo Frames. For more information, refer to :doc:`jumbo-frames`. +.. _lsc-detection: + Link State Change (LSC) detection configuration ----------------------------------------------- diff --git a/Documentation/topics/dpdk/vhost-user.rst b/Documentation/topics/dpdk/vhost-user.rst index 33361ec359..adef15a133 100644 --- a/Documentation/topics/dpdk/vhost-user.rst +++ b/Documentation/topics/dpdk/vhost-user.rst @@ -303,6 +303,31 @@ The default value is false. .. _dpdk-testpmd: +vhost-user-client tx retries config +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +For vhost-user-client interfaces, the max amount of retries can be changed from +the default 8 by setting ``tx-retries-max``. + +The minimum is 0 which means there will be no retries and if any packets in +each batch cannot be sent immediately they will be dropped. The maximum is 32, +which would mean that after the first packet(s) in the batch was sent there +could be a maximum of 32 more retries. + +Retries can help with avoiding packet loss when temporarily unable to send to a +vhost interface because the virtqueue is full. However, spending more time +retrying to send to one interface, will reduce the time available for rx/tx and +processing packets on other interfaces, so some tuning may be required for best +performance. + +Tx retries max can be set for vhost-user-client ports:: + + $ ovs-vsctl set Interface vhost-client-1 options:tx-retries-max=0 + +.. note:: + + Configurable vhost tx retries are not supported with vhost-user ports. + DPDK in the Guest ----------------- @@ -320,9 +345,9 @@ To begin, instantiate a guest as described in :ref:`dpdk-vhost-user` or DPDK sources to VM and build DPDK:: $ cd /root/dpdk/ - $ wget http://fast.dpdk.org/rel/dpdk-18.11.2.tar.xz - $ tar xf dpdk-18.11.2.tar.xz - $ export DPDK_DIR=/root/dpdk/dpdk-stable-18.11.2 + $ wget http://fast.dpdk.org/rel/dpdk-18.11.11.tar.xz + $ tar xf dpdk-18.11.11.tar.xz + $ export DPDK_DIR=/root/dpdk/dpdk-stable-18.11.11 $ export DPDK_TARGET=x86_64-native-linuxapp-gcc $ export DPDK_BUILD=$DPDK_DIR/$DPDK_TARGET $ cd $DPDK_DIR @@ -437,6 +462,50 @@ Jumbo Frames DPDK vHost User ports can be configured to use Jumbo Frames. For more information, refer to :doc:`jumbo-frames`. +vhost tx retries +---------------- + +When sending a batch of packets to a vhost-user or vhost-user-client interface, +it may happen that some but not all of the packets in the batch are able to be +sent to the guest. This is often because there is not enough free descriptors +in the virtqueue for all the packets in the batch to be sent. In this case +there will be a retry, with a default maximum of 8 occurring. If at any time no +packets can be sent, it may mean the guest is not accepting packets, so there +are no (more) retries. + +For information about configuring the maximum amount of tx retries for +vhost-user-client interfaces see `vhost-user-client tx retries config`_. + +.. note:: + + Maximum vhost tx batch size is defined by NETDEV_MAX_BURST, and is currently + as 32. + +Tx Retries may be reduced or even avoided by some external configuration, such +as increasing the virtqueue size through the ``rx_queue_size`` parameter +introduced in QEMU 2.7.0 / libvirt 2.3.0:: + + + + + + +
+ + +The guest application will also need need to provide enough descriptors. For +example with ``testpmd`` the command line argument can be used:: + + --rxd=1024 --txd=1024 + +The guest should also have sufficient cores dedicated for consuming and +processing packets at the required rate. + +The amount of Tx retries on a vhost-user or vhost-user-client interface can be +shown with:: + + $ ovs-vsctl get Interface dpdkvhostclient0 statistics:ovs_tx_retries + vhost-user Dequeue Zero Copy (experimental) ------------------------------------------- diff --git a/Documentation/topics/testing.rst b/Documentation/topics/testing.rst index a8892e1c1c..b74653436d 100644 --- a/Documentation/topics/testing.rst +++ b/Documentation/topics/testing.rst @@ -372,45 +372,17 @@ You should invoke scan-view to view analysis results. The last line of output from ``clang-analyze`` will list the command (containing results directory) that you should invoke to view the results on a browser. -Continuous Integration with Travis CI -------------------------------------- +Continuous Integration with GitHub Actions +------------------------------------------ -A .travis.yml file is provided to automatically build Open vSwitch with various -build configurations and run the testsuite using Travis CI. Builds will be -performed with gcc, sparse and clang with the -Werror compiler flag included, -therefore the build will fail if a new warning has been introduced. +A ``.github/workflows/*.yml`` files provided to automatically build +Open vSwitch with various build configurations and run the testsuite using +GitHub Actions. Builds will be performed with gcc, sparse and clang with the +-Werror compiler flag included, therefore the build will fail if a new warning +has been introduced. The CI build is triggered via git push (regardless of the specific branch) or -pull request against any Open vSwitch GitHub repository that is linked to -travis-ci. - -Instructions to setup travis-ci for your GitHub repository: - -1. Go to https://travis-ci.org/ and sign in using your GitHub ID. -2. Go to the "Repositories" tab and enable the ovs repository. You may disable - builds for pushes or pull requests. -3. In order to avoid forks sending build failures to the upstream mailing list, - the notification email recipient is encrypted. If you want to receive email - notification for build failures, replace the the encrypted string: - - 1. Install the travis-ci CLI (Requires ruby >=2.0): gem install travis - 2. In your Open vSwitch repository: travis encrypt mylist@mydomain.org - 3. Add/replace the notifications section in .travis.yml and fill in the - secure string as returned by travis encrypt:: - - notifications: - email: - recipients: - - secure: "....." - - .. note:: - You may remove/omit the notifications section to fall back to default - notification behaviour which is to send an email directly to the author and - committer of the failing commit. Note that the email is only sent if the - author/committer have commit rights for the particular GitHub repository. - -4. Pushing a commit to the repository which breaks the build or the - testsuite will now trigger a email sent to mylist@mydomain.org +pull request against any Open vSwitch GitHub repository. vsperf ------ diff --git a/Makefile.am b/Makefile.am index ff1f94b484..4f9f1866c0 100644 --- a/Makefile.am +++ b/Makefile.am @@ -76,12 +76,12 @@ EXTRA_DIST = \ MAINTAINERS.rst \ README.rst \ NOTICE \ + .ci/linux-build.sh \ + .ci/linux-prepare.sh \ + .ci/osx-build.sh \ + .ci/osx-prepare.sh \ .cirrus.yml \ - .travis.yml \ - .travis/linux-build.sh \ - .travis/linux-prepare.sh \ - .travis/osx-build.sh \ - .travis/osx-prepare.sh \ + .github/workflows/build-and-test.yml \ appveyor.yml \ boot.sh \ poc/builders/Vagrantfile \ diff --git a/NEWS b/NEWS index f177d7efc1..b8510e01ea 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,39 @@ +v2.11.8 - xx xxx xxxx +--------------------- + +v2.11.7 - 05 Mar 2021 +--------------------- + - Bug fixes + - DPDK + * OVS validated with DPDK 18.11.11. Due to this being the final release + in the DPDK 18.11 series it is recommended to be used. + +v2.11.6 - 10 Feb 2021 +--------------------- + - Bug fixes + - Security: + * Fixed packet parsing vulnerability CVE-2020-35498. + +v2.11.5 - 13 Jan 2021 +--------------------- + - Bug fixes + - LLDP: + * Security fixes for CVE-2015-8011 and CVE-2020-27827. + - OVSDB: + * Fixed SHA-1 hash computation for databases larger than 512 MB. + - DPDK: + * Fixed support of 'net_virtio' devices. + +v2.11.4 - 30 Jul 2020 +--------------------- + - Bug fixes + - DPDK + * OVS validated with DPDK 18.11.9. Due to this being the latest LTS to + be validated and coupled with the inclusion of fixes for + CVE-2019-14818, CVE-2020-10722, CVE-2020-10723 and CVE-2020-10724 + over the course of various LTS releases, this DPDK version is strongly + recommended to be used. + v2.11.3 - 06 Sep 2019 --------------------- - Fix compilation issue with Ubuntu kernel 4.15.60. diff --git a/README.rst b/README.rst index 54d06d04be..37d7685c88 100644 --- a/README.rst +++ b/README.rst @@ -6,8 +6,8 @@ Open vSwitch ============ -.. image:: https://travis-ci.org/openvswitch/ovs.png - :target: https://travis-ci.org/openvswitch/ovs +.. image:: https://github.com/openvswitch/ovs/workflows/Build%20and%20Test/badge.svg + :target: https://github.com/openvswitch/ovs/actions .. image:: https://ci.appveyor.com/api/projects/status/github/openvswitch/ovs?branch=master&svg=true&retina=true :target: https://ci.appveyor.com/project/blp/ovs/history diff --git a/acinclude.m4 b/acinclude.m4 index f15b1ff670..71813077c6 100644 --- a/acinclude.m4 +++ b/acinclude.m4 @@ -172,16 +172,30 @@ AC_DEFUN([OVS_CHECK_LINUX], [ AM_CONDITIONAL(LINUX_ENABLED, test -n "$KBUILD") ]) +dnl OVS_CHECK_LINUX_NETLINK +dnl +dnl Configure Linux netlink compat. +AC_DEFUN([OVS_CHECK_LINUX_NETLINK], [ + AC_COMPILE_IFELSE([ + AC_LANG_PROGRAM([#include ], [ + struct nla_bitfield32 x = { 0 }; + ])], + [AC_DEFINE([HAVE_NLA_BITFIELD32], [1], + [Define to 1 if struct nla_bitfield32 is available.])]) +]) + dnl OVS_CHECK_LINUX_TC dnl dnl Configure Linux tc compat. AC_DEFUN([OVS_CHECK_LINUX_TC], [ AC_COMPILE_IFELSE([ AC_LANG_PROGRAM([#include ], [ - int x = TCA_FLOWER_KEY_ENC_IP_TTL_MASK; + int x = TCA_ACT_FLAGS; ])], - [AC_DEFINE([HAVE_TCA_FLOWER_KEY_ENC_IP_TTL_MASK], [1], - [Define to 1 if TCA_FLOWER_KEY_ENC_IP_TTL_MASK is available.])]) + [AC_DEFINE([HAVE_TCA_ACT_FLAGS], [1], + [Define to 1 if TCA_ACT_FLAGS is available.])]) + + AC_CHECK_MEMBERS([struct tcf_t.firstuse], [], [], [#include ]) AC_COMPILE_IFELSE([ AC_LANG_PROGRAM([#include ], [ @@ -685,6 +699,10 @@ AC_DEFUN([OVS_CHECK_LINUX_COMPAT], [ OVS_GREP_IFELSE([$KSRC/include/linux/random.h], [prandom_u32]) OVS_GREP_IFELSE([$KSRC/include/linux/random.h], [prandom_u32_max]) + OVS_GREP_IFELSE([$KSRC/include/linux/prandom.h], + [prandom_u32[[\(]]], + [OVS_DEFINE([HAVE_PRANDOM_U32])]) + OVS_GREP_IFELSE([$KSRC/include/linux/prandom.h], [prandom_u32_max]) OVS_GREP_IFELSE([$KSRC/include/net/rtnetlink.h], [get_link_net]) OVS_GREP_IFELSE([$KSRC/include/net/rtnetlink.h], [name_assign_type]) @@ -834,8 +852,6 @@ AC_DEFUN([OVS_CHECK_LINUX_COMPAT], [ OVS_GREP_IFELSE([$KSRC/include/net/sock.h], [sk_no_check_tx]) OVS_GREP_IFELSE([$KSRC/include/linux/udp.h], [no_check6_tx]) - OVS_GREP_IFELSE([$KSRC/include/linux/utsrelease.h], [el6], - [OVS_DEFINE([HAVE_RHEL6_PER_CPU])]) OVS_FIND_PARAM_IFELSE([$KSRC/include/net/protocol.h], [udp_add_offload], [net], [OVS_DEFINE([HAVE_UDP_ADD_OFFLOAD_TAKES_NET])]) @@ -967,6 +983,8 @@ AC_DEFUN([OVS_CHECK_LINUX_COMPAT], [ [OVS_DEFINE([HAVE_NF_CONNTRACK_IN_TAKES_NF_HOOK_STATE])]) OVS_GREP_IFELSE([$KSRC/include/net/ipv6_frag.h], [IP6_DEFRAG_CONNTRACK_IN], [OVS_DEFINE([HAVE_IPV6_FRAG_H])]) + OVS_GREP_IFELSE([$KSRC/include/net/dst_ops.h], [bool confirm_neigh], + [OVS_DEFINE([HAVE_DST_OPS_CONFIRM_NEIGH])]) if cmp -s datapath/linux/kcompat.h.new \ datapath/linux/kcompat.h >/dev/null 2>&1; then diff --git a/build-aux/dist-docs b/build-aux/dist-docs index 9f6ca7b2cb..85641745ee 100755 --- a/build-aux/dist-docs +++ b/build-aux/dist-docs @@ -43,7 +43,7 @@ rm -rf $distdir mkdir $distdir # Install manpages. -${MAKE-make} install-man mandir="$abs_distdir"/man +${MAKE-make} install-man install-man-rst mandir="$abs_distdir"/man (cd $distdir && mv `find man -type f` . && rm -rf man) manpages=`cd $distdir && echo *` diff --git a/configure.ac b/configure.ac index 45ff8cb07e..86fb44d19b 100644 --- a/configure.ac +++ b/configure.ac @@ -13,7 +13,7 @@ # limitations under the License. AC_PREREQ(2.63) -AC_INIT(openvswitch, 2.11.3, bugs@openvswitch.org) +AC_INIT(openvswitch, 2.11.8, bugs@openvswitch.org) AC_CONFIG_SRCDIR([datapath/datapath.c]) AC_CONFIG_MACRO_DIR([m4]) AC_CONFIG_AUX_DIR([build-aux]) @@ -185,6 +185,7 @@ OVS_CTAGS_IDENTIFIERS AC_ARG_VAR(KARCH, [Kernel Architecture String]) AC_SUBST(KARCH) OVS_CHECK_LINUX +OVS_CHECK_LINUX_NETLINK OVS_CHECK_LINUX_TC OVS_CHECK_DPDK OVS_CHECK_PRAGMA_MESSAGE diff --git a/datapath-windows/ovsext/Actions.c b/datapath-windows/ovsext/Actions.c index 5c9b5c3a0c..c709699bc7 100644 --- a/datapath-windows/ovsext/Actions.c +++ b/datapath-windows/ovsext/Actions.c @@ -1112,9 +1112,9 @@ OvsPopFieldInPacketBuf(OvsForwardingContext *ovsFwdCtx, * should split the function and refactor. */ if (!bufferData) { EthHdr *ethHdr = (EthHdr *)bufferStart; - /* If the frame is not VLAN make it a no op */ if (ethHdr->Type != ETH_TYPE_802_1PQ_NBO) { - return NDIS_STATUS_SUCCESS; + OVS_LOG_ERROR("Invalid ethHdr type %u, nbl %p", ethHdr->Type, ovsFwdCtx->curNbl); + return NDIS_STATUS_INVALID_PACKET; } } RtlMoveMemory(bufferStart + shiftLength, bufferStart, shiftOffset); @@ -1137,6 +1137,9 @@ OvsPopFieldInPacketBuf(OvsForwardingContext *ovsFwdCtx, static __inline NDIS_STATUS OvsPopVlanInPktBuf(OvsForwardingContext *ovsFwdCtx) { + NDIS_STATUS status; + OVS_PACKET_HDR_INFO* layers = &ovsFwdCtx->layers; + /* * Declare a dummy vlanTag structure since we need to compute the size * of shiftLength. The NDIS one is a unionized structure. @@ -1145,7 +1148,15 @@ OvsPopVlanInPktBuf(OvsForwardingContext *ovsFwdCtx) UINT32 shiftLength = sizeof(vlanTag.TagHeader); UINT32 shiftOffset = sizeof(DL_EUI48) + sizeof(DL_EUI48); - return OvsPopFieldInPacketBuf(ovsFwdCtx, shiftOffset, shiftLength, NULL); + status = OvsPopFieldInPacketBuf(ovsFwdCtx, shiftOffset, shiftLength, + NULL); + + if (status == NDIS_STATUS_SUCCESS) { + layers->l3Offset -= (UINT16) shiftLength; + layers->l4Offset -= (UINT16) shiftLength; + } + + return status; } @@ -1259,6 +1270,7 @@ OvsActionMplsPush(OvsForwardingContext *ovsFwdCtx, */ static __inline NDIS_STATUS OvsUpdateEthHeader(OvsForwardingContext *ovsFwdCtx, + OvsFlowKey *key, const struct ovs_key_ethernet *ethAttr) { PNET_BUFFER curNb; @@ -1285,9 +1297,11 @@ OvsUpdateEthHeader(OvsForwardingContext *ovsFwdCtx, } ethHdr = (EthHdr *)(bufferStart + NET_BUFFER_CURRENT_MDL_OFFSET(curNb)); - RtlCopyMemory(ethHdr->Destination, ethAttr->eth_dst, - sizeof ethHdr->Destination); - RtlCopyMemory(ethHdr->Source, ethAttr->eth_src, sizeof ethHdr->Source); + RtlCopyMemory(ethHdr->Destination, ethAttr->eth_dst, ETH_ADDR_LENGTH); + RtlCopyMemory(ethHdr->Source, ethAttr->eth_src, ETH_ADDR_LENGTH); + /* Update l2 flow key */ + RtlCopyMemory(key->l2.dlDst, ethAttr->eth_dst, ETH_ADDR_LENGTH); + RtlCopyMemory(key->l2.dlSrc, ethAttr->eth_src, ETH_ADDR_LENGTH); return NDIS_STATUS_SUCCESS; } @@ -1376,6 +1390,7 @@ PUINT8 OvsGetHeaderBySize(OvsForwardingContext *ovsFwdCtx, */ NDIS_STATUS OvsUpdateUdpPorts(OvsForwardingContext *ovsFwdCtx, + OvsFlowKey *key, const struct ovs_key_udp *udpAttr) { PUINT8 bufferStart; @@ -1400,15 +1415,19 @@ OvsUpdateUdpPorts(OvsForwardingContext *ovsFwdCtx, udpHdr->check = ChecksumUpdate16(udpHdr->check, udpHdr->source, udpAttr->udp_src); udpHdr->source = udpAttr->udp_src; + key->ipKey.l4.tpSrc = udpAttr->udp_src; } if (udpHdr->dest != udpAttr->udp_dst) { udpHdr->check = ChecksumUpdate16(udpHdr->check, udpHdr->dest, udpAttr->udp_dst); udpHdr->dest = udpAttr->udp_dst; + key->ipKey.l4.tpDst = udpAttr->udp_dst; } } else { udpHdr->source = udpAttr->udp_src; + key->ipKey.l4.tpSrc = udpAttr->udp_src; udpHdr->dest = udpAttr->udp_dst; + key->ipKey.l4.tpDst = udpAttr->udp_dst; } return NDIS_STATUS_SUCCESS; @@ -1423,6 +1442,7 @@ OvsUpdateUdpPorts(OvsForwardingContext *ovsFwdCtx, */ NDIS_STATUS OvsUpdateTcpPorts(OvsForwardingContext *ovsFwdCtx, + OvsFlowKey *key, const struct ovs_key_tcp *tcpAttr) { PUINT8 bufferStart; @@ -1447,11 +1467,13 @@ OvsUpdateTcpPorts(OvsForwardingContext *ovsFwdCtx, tcpHdr->check = ChecksumUpdate16(tcpHdr->check, tcpHdr->source, tcpAttr->tcp_src); tcpHdr->source = tcpAttr->tcp_src; + key->ipKey.l4.tpSrc = tcpAttr->tcp_src; } if (tcpHdr->dest != tcpAttr->tcp_dst) { tcpHdr->check = ChecksumUpdate16(tcpHdr->check, tcpHdr->dest, tcpAttr->tcp_dst); tcpHdr->dest = tcpAttr->tcp_dst; + key->ipKey.l4.tpDst = tcpAttr->tcp_dst; } return NDIS_STATUS_SUCCESS; @@ -1579,6 +1601,7 @@ OvsUpdateAddressAndPort(OvsForwardingContext *ovsFwdCtx, */ NDIS_STATUS OvsUpdateIPv4Header(OvsForwardingContext *ovsFwdCtx, + OvsFlowKey *key, const struct ovs_key_ipv4 *ipAttr) { PUINT8 bufferStart; @@ -1632,6 +1655,7 @@ OvsUpdateIPv4Header(OvsForwardingContext *ovsFwdCtx, ipAttr->ipv4_src); } ipHdr->saddr = ipAttr->ipv4_src; + key->ipKey.nwSrc = ipAttr->ipv4_src; } if (ipHdr->daddr != ipAttr->ipv4_dst) { if (tcpHdr) { @@ -1647,6 +1671,7 @@ OvsUpdateIPv4Header(OvsForwardingContext *ovsFwdCtx, ipAttr->ipv4_dst); } ipHdr->daddr = ipAttr->ipv4_dst; + key->ipKey.nwDst = ipAttr->ipv4_dst; } if (ipHdr->protocol != ipAttr->ipv4_proto) { UINT16 oldProto = (ipHdr->protocol << 16) & 0xff00; @@ -1661,6 +1686,7 @@ OvsUpdateIPv4Header(OvsForwardingContext *ovsFwdCtx, ipHdr->check = ChecksumUpdate16(ipHdr->check, oldProto, newProto); } ipHdr->protocol = ipAttr->ipv4_proto; + key->ipKey.nwProto = ipAttr->ipv4_proto; } if (ipHdr->ttl != ipAttr->ipv4_ttl) { UINT16 oldTtl = (ipHdr->ttl) & 0xff; @@ -1669,6 +1695,7 @@ OvsUpdateIPv4Header(OvsForwardingContext *ovsFwdCtx, ipHdr->check = ChecksumUpdate16(ipHdr->check, oldTtl, newTtl); } ipHdr->ttl = ipAttr->ipv4_ttl; + key->ipKey.nwTtl = ipAttr->ipv4_ttl; } return NDIS_STATUS_SUCCESS; @@ -1691,12 +1718,12 @@ OvsExecuteSetAction(OvsForwardingContext *ovsFwdCtx, switch (type) { case OVS_KEY_ATTR_ETHERNET: - status = OvsUpdateEthHeader(ovsFwdCtx, + status = OvsUpdateEthHeader(ovsFwdCtx, key, NlAttrGetUnspec(a, sizeof(struct ovs_key_ethernet))); break; case OVS_KEY_ATTR_IPV4: - status = OvsUpdateIPv4Header(ovsFwdCtx, + status = OvsUpdateIPv4Header(ovsFwdCtx, key, NlAttrGetUnspec(a, sizeof(struct ovs_key_ipv4))); break; @@ -1709,16 +1736,17 @@ OvsExecuteSetAction(OvsForwardingContext *ovsFwdCtx, status = SUCCEEDED(convertStatus) ? NDIS_STATUS_SUCCESS : NDIS_STATUS_FAILURE; ASSERT(status == NDIS_STATUS_SUCCESS); RtlCopyMemory(&ovsFwdCtx->tunKey, &tunKey, sizeof ovsFwdCtx->tunKey); + RtlCopyMemory(&key->tunKey, &tunKey, sizeof key->tunKey); break; } case OVS_KEY_ATTR_UDP: - status = OvsUpdateUdpPorts(ovsFwdCtx, + status = OvsUpdateUdpPorts(ovsFwdCtx, key, NlAttrGetUnspec(a, sizeof(struct ovs_key_udp))); break; case OVS_KEY_ATTR_TCP: - status = OvsUpdateTcpPorts(ovsFwdCtx, + status = OvsUpdateTcpPorts(ovsFwdCtx, key, NlAttrGetUnspec(a, sizeof(struct ovs_key_tcp))); break; @@ -2053,6 +2081,7 @@ OvsDoExecuteActions(POVS_SWITCH_CONTEXT switchContext, */ status = OvsPopVlanInPktBuf(&ovsFwdCtx); if (status != NDIS_STATUS_SUCCESS) { + OVS_LOG_ERROR("OVS-pop vlan action failed status = %lu", status); dropReason = L"OVS-pop vlan action failed"; goto dropit; } diff --git a/datapath-windows/ovsext/Actions.h b/datapath-windows/ovsext/Actions.h index fd050d5dd8..bc12e1166d 100644 --- a/datapath-windows/ovsext/Actions.h +++ b/datapath-windows/ovsext/Actions.h @@ -115,14 +115,17 @@ PUINT8 OvsGetHeaderBySize(OvsForwardingContext *ovsFwdCtx, NDIS_STATUS OvsUpdateUdpPorts(OvsForwardingContext *ovsFwdCtx, + OvsFlowKey *key, const struct ovs_key_udp *udpAttr); NDIS_STATUS OvsUpdateTcpPorts(OvsForwardingContext *ovsFwdCtx, + OvsFlowKey *key, const struct ovs_key_tcp *tcpAttr); NDIS_STATUS OvsUpdateIPv4Header(OvsForwardingContext *ovsFwdCtx, + OvsFlowKey *key, const struct ovs_key_ipv4 *ipAttr); NDIS_STATUS diff --git a/datapath/conntrack.c b/datapath/conntrack.c index 83840f9579..974387addb 100644 --- a/datapath/conntrack.c +++ b/datapath/conntrack.c @@ -1895,7 +1895,8 @@ static void ovs_ct_limit_exit(struct net *net, struct ovs_net *ovs_net) struct hlist_head *head = &info->limits[i]; struct ovs_ct_limit *ct_limit; - hlist_for_each_entry_rcu(ct_limit, head, hlist_node) + hlist_for_each_entry_rcu(ct_limit, head, hlist_node, + lockdep_ovsl_is_held()) kfree_rcu(ct_limit, rcu); } kfree(ovs_net->ct_limit_info->limits); diff --git a/datapath/datapath.c b/datapath/datapath.c index 2febcb3f2a..c645c2b797 100644 --- a/datapath/datapath.c +++ b/datapath/datapath.c @@ -2383,8 +2383,10 @@ static void __net_exit ovs_exit_net(struct net *dnet) ovs_netns_frags6_exit(dnet); ovs_netns_frags_exit(dnet); - ovs_ct_exit(dnet); ovs_lock(); + + ovs_ct_exit(dnet); + list_for_each_entry_safe(dp, dp_next, &ovs_net->dps, list_node) __dp_destroy(dp); diff --git a/datapath/linux/compat/include/linux/openvswitch.h b/datapath/linux/compat/include/linux/openvswitch.h index 9b087f1b06..3369c8630d 100644 --- a/datapath/linux/compat/include/linux/openvswitch.h +++ b/datapath/linux/compat/include/linux/openvswitch.h @@ -404,6 +404,28 @@ enum ovs_tunnel_key_attr { #define OVS_TUNNEL_KEY_ATTR_MAX (__OVS_TUNNEL_KEY_ATTR_MAX - 1) +/** + * enum xlate_error - Different types of error during translation + */ + +#ifndef __KERNEL__ +enum xlate_error { + XLATE_OK = 0, + XLATE_BRIDGE_NOT_FOUND, + XLATE_RECURSION_TOO_DEEP, + XLATE_TOO_MANY_RESUBMITS, + XLATE_STACK_TOO_DEEP, + XLATE_NO_RECIRCULATION_CONTEXT, + XLATE_RECIRCULATION_CONFLICT, + XLATE_TOO_MANY_MPLS_LABELS, + XLATE_INVALID_TUNNEL_METADATA, + XLATE_UNSUPPORTED_PACKET_TYPE, + XLATE_CONGESTION_DROP, + XLATE_FORWARDING_DISABLED, + XLATE_MAX, +}; +#endif + /** * enum ovs_frag_type - IPv4 and IPv6 fragment type * @OVS_FRAG_TYPE_NONE: Packet is not a fragment. @@ -855,6 +877,24 @@ enum ovs_nat_attr { #define OVS_NAT_ATTR_MAX (__OVS_NAT_ATTR_MAX - 1) +/* + * enum ovs_check_pkt_len_attr - Attributes for %OVS_ACTION_ATTR_CHECK_PKT_LEN. + * + * @OVS_CHECK_PKT_LEN_ATTR_PKT_LEN: u16 Packet length to check for. + * @OVS_CHECK_PKT_LEN_ATTR_USERSPACE_COND: u8 comparison condition to send + * the packet to userspace. One of OVS_CHECK_PKT_LEN_COND_*. + * @OVS_CHECK_PKT_LEN_ATTR_USERPACE - Nested OVS_USERSPACE_ATTR_* actions. + */ +enum ovs_check_pkt_len_attr { + OVS_CHECK_PKT_LEN_ATTR_UNSPEC, + OVS_CHECK_PKT_LEN_ATTR_PKT_LEN, + OVS_CHECK_PKT_LEN_ATTR_ACTIONS_IF_GREATER, + OVS_CHECK_PKT_LEN_ATTR_ACTIONS_IF_LESS_EQUAL, + __OVS_CHECK_PKT_LEN_ATTR_MAX, +}; + +#define OVS_CHECK_PKT_LEN_ATTR_MAX (__OVS_CHECK_PKT_LEN_ATTR_MAX - 1) + /** * enum ovs_action_attr - Action types. * @@ -911,6 +951,10 @@ enum ovs_nat_attr { * packet, or modify the packet (e.g., change the DSCP field). * @OVS_ACTION_ATTR_CLONE: make a copy of the packet and execute a list of * actions without affecting the original packet and key. + * @OVS_ACTION_ATTR_CHECK_PKT_LEN: Check the packet length and execute a set + * of actions if greater than the specified packet length, else execute + * another set of actions. + * @OVS_ACTION_ATTR_DROP: Explicit drop action. */ enum ovs_action_attr { @@ -938,10 +982,12 @@ enum ovs_action_attr { OVS_ACTION_ATTR_POP_NSH, /* No argument. */ OVS_ACTION_ATTR_METER, /* u32 meter number. */ OVS_ACTION_ATTR_CLONE, /* Nested OVS_CLONE_ATTR_*. */ + OVS_ACTION_ATTR_CHECK_PKT_LEN, /* Nested OVS_CHECK_PKT_LEN_ATTR_*. */ #ifndef __KERNEL__ OVS_ACTION_ATTR_TUNNEL_PUSH, /* struct ovs_action_push_tnl*/ OVS_ACTION_ATTR_TUNNEL_POP, /* u32 port number. */ + OVS_ACTION_ATTR_DROP, /* u32 xlate_error. */ #endif __OVS_ACTION_ATTR_MAX, /* Nothing past this will be accepted * from userspace. */ diff --git a/datapath/linux/compat/include/linux/percpu.h b/datapath/linux/compat/include/linux/percpu.h index 7c346aa31a..a039142e22 100644 --- a/datapath/linux/compat/include/linux/percpu.h +++ b/datapath/linux/compat/include/linux/percpu.h @@ -7,12 +7,6 @@ #define this_cpu_ptr(ptr) per_cpu_ptr(ptr, smp_processor_id()) #endif -#ifdef HAVE_RHEL6_PER_CPU -#undef this_cpu_read -#undef this_cpu_inc -#undef this_cpu_dec -#endif - #if !defined this_cpu_read #define this_cpu_read(ptr) percpu_read(ptr) #endif diff --git a/datapath/linux/compat/include/linux/rculist.h b/datapath/linux/compat/include/linux/rculist.h index 8df8ad8a27..40fd5e1710 100644 --- a/datapath/linux/compat/include/linux/rculist.h +++ b/datapath/linux/compat/include/linux/rculist.h @@ -9,9 +9,28 @@ #define hlist_pprev_rcu(node) (*((struct hlist_node __rcu **)((node)->pprev))) #endif +/* + * Check during list traversal that we are within an RCU reader + */ + +#define check_arg_count_one(dummy) + +#ifdef CONFIG_PROVE_RCU_LIST +#define __list_check_rcu(dummy, cond, extra...) \ + ({ \ + check_arg_count_one(extra); \ + RCU_LOCKDEP_WARN(!cond && !rcu_read_lock_any_held(), \ + "RCU-list traversed in non-reader section!"); \ + }) +#else +#define __list_check_rcu(dummy, cond, extra...) \ + ({ check_arg_count_one(extra); }) +#endif + #undef hlist_for_each_entry_rcu -#define hlist_for_each_entry_rcu(pos, head, member) \ - for (pos = hlist_entry_safe (rcu_dereference_raw(hlist_first_rcu(head)),\ +#define hlist_for_each_entry_rcu(pos, head, member, cond...) \ + for (__list_check_rcu(dummy, ## cond, 0), \ + pos = hlist_entry_safe(rcu_dereference_raw(hlist_first_rcu(head)),\ typeof(*(pos)), member); \ pos; \ pos = hlist_entry_safe(rcu_dereference_raw(hlist_next_rcu(\ diff --git a/datapath/linux/compat/include/linux/skbuff.h b/datapath/linux/compat/include/linux/skbuff.h index 4a6ac2384c..9828f811d9 100644 --- a/datapath/linux/compat/include/linux/skbuff.h +++ b/datapath/linux/compat/include/linux/skbuff.h @@ -278,7 +278,7 @@ static inline void skb_clear_hash(struct sk_buff *skb) #ifdef HAVE_RXHASH skb->rxhash = 0; #endif -#if defined(HAVE_L4_RXHASH) && !defined(HAVE_RHEL_OVS_HOOK) +#if defined(HAVE_L4_RXHASH) skb->l4_rxhash = 0; #endif } diff --git a/datapath/linux/compat/ip6_gre.c b/datapath/linux/compat/ip6_gre.c index 2ffdda5e1d..aa6cf3e7fc 100644 --- a/datapath/linux/compat/ip6_gre.c +++ b/datapath/linux/compat/ip6_gre.c @@ -1196,7 +1196,11 @@ static netdev_tx_t ip6erspan_tunnel_xmit(struct sk_buff *skb, /* TooBig packet may have updated dst->dev's mtu */ if (!t->parms.collect_md && dst && dst_mtu(dst) > dst->dev->mtu) +#ifndef HAVE_DST_OPS_CONFIRM_NEIGH dst->ops->update_pmtu(dst, NULL, skb, dst->dev->mtu); +#else + dst->ops->update_pmtu(dst, NULL, skb, dst->dev->mtu, false); +#endif err = ip6_tnl_xmit(skb, dev, dsfield, &fl6, encap_limit, &mtu, NEXTHDR_GRE); @@ -2550,7 +2554,7 @@ static struct rtnl_link_ops ip6gre_link_ops __read_mostly = { }; static struct rtnl_link_ops ip6gre_tap_ops __read_mostly = { - .kind = "ip6gre", + .kind = "ip6gretap", .maxtype = RPL_IFLA_GRE_MAX, .policy = ip6gre_policy, .priv_size = sizeof(struct ip6_tnl), diff --git a/datapath/linux/compat/ip_tunnel.c b/datapath/linux/compat/ip_tunnel.c index d16e60fbfe..f1c8ba7cdc 100644 --- a/datapath/linux/compat/ip_tunnel.c +++ b/datapath/linux/compat/ip_tunnel.c @@ -266,7 +266,12 @@ static int rpl_tnl_update_pmtu(struct net_device *dev, struct sk_buff *skb, mtu = skb_dst(skb) ? dst_mtu(skb_dst(skb)) : dev->mtu; if (skb_dst(skb)) +#ifndef HAVE_DST_OPS_CONFIRM_NEIGH skb_dst(skb)->ops->update_pmtu(skb_dst(skb), NULL, skb, mtu); +#else + skb_dst(skb)->ops->update_pmtu(skb_dst(skb), + NULL, skb, mtu, false); +#endif if (skb->protocol == htons(ETH_P_IP)) { if (!skb_is_gso(skb) && diff --git a/datapath/linux/compat/nf_conntrack_reasm.c b/datapath/linux/compat/nf_conntrack_reasm.c index 9d77d98271..715388d838 100644 --- a/datapath/linux/compat/nf_conntrack_reasm.c +++ b/datapath/linux/compat/nf_conntrack_reasm.c @@ -56,10 +56,13 @@ #include #include "datapath.h" -#ifdef OVS_NF_DEFRAG6_BACKPORT +#if defined(HAVE_INET_FRAGS_WITH_FRAGS_WORK) || !defined(HAVE_INET_FRAGS_RND) static const char nf_frags_cache_name[] = "ovs-frag6"; +#endif + +#ifdef OVS_NF_DEFRAG6_BACKPORT struct nf_ct_frag6_skb_cb { struct inet6_skb_parm h; diff --git a/debian/changelog b/debian/changelog index d08cfbfd91..5b1d53da32 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,33 @@ +openvswitch (2.11.8-1) unstable; urgency=low + [ Open vSwitch team ] + * New upstream version + + -- Open vSwitch team Fri, 05 Mar 2021 16:27:47 +0100 + +openvswitch (2.11.7-1) unstable; urgency=low + [ Open vSwitch team ] + * New upstream version + + -- Open vSwitch team Fri, 05 Mar 2021 16:27:47 +0100 + +openvswitch (2.11.6-1) unstable; urgency=low + [ Open vSwitch team ] + * New upstream version + + -- Open vSwitch team Wed, 10 Feb 2021 16:07:06 +0100 + +openvswitch (2.11.5-1) unstable; urgency=low + [ Open vSwitch team ] + * New upstream version + + -- Open vSwitch team Wed, 13 Jan 2021 11:26:35 -0500 + +openvswitch (2.11.4-1) unstable; urgency=low + [ Open vSwitch team ] + * New upstream version + + -- Open vSwitch team Thu, 30 Jul 2020 00:25:16 +0200 + openvswitch (2.11.3-1) unstable; urgency=low [ Open vSwitch team ] * New upstream version diff --git a/dpdk/app/test-crypto-perf/main.c b/dpdk/app/test-crypto-perf/main.c index 921394799a..8affc5dc95 100644 --- a/dpdk/app/test-crypto-perf/main.c +++ b/dpdk/app/test-crypto-perf/main.c @@ -544,7 +544,8 @@ main(int argc, char **argv) goto err; } - if (!opts.silent) + if (!opts.silent && opts.test != CPERF_TEST_TYPE_THROUGHPUT && + opts.test != CPERF_TEST_TYPE_LATENCY) show_test_vector(t_vec); total_nb_qps = nb_cryptodevs * opts.nb_qps; diff --git a/dpdk/app/test-eventdev/test_pipeline_common.c b/dpdk/app/test-eventdev/test_pipeline_common.c index c988da28c9..b586804090 100644 --- a/dpdk/app/test-eventdev/test_pipeline_common.c +++ b/dpdk/app/test-eventdev/test_pipeline_common.c @@ -366,12 +366,16 @@ pipeline_event_tx_adapter_setup(struct evt_options *opt, if (!(cap & RTE_EVENT_ETH_TX_ADAPTER_CAP_INTERNAL_PORT)) { uint32_t service_id; - rte_event_eth_tx_adapter_service_id_get(consm, - &service_id); + ret = rte_event_eth_tx_adapter_service_id_get(consm, + &service_id); + if (ret != -ESRCH && ret != 0) { + evt_err("Failed to get Tx adptr service ID"); + return ret; + } ret = evt_service_setup(service_id); if (ret) { evt_err("Failed to setup service core" - " for Tx adapter\n"); + " for Tx adapter"); return ret; } } diff --git a/dpdk/app/test-pmd/Makefile b/dpdk/app/test-pmd/Makefile index d5258eae4a..f36137fd44 100644 --- a/dpdk/app/test-pmd/Makefile +++ b/dpdk/app/test-pmd/Makefile @@ -15,6 +15,12 @@ CFLAGS += -O3 CFLAGS += $(WERROR_FLAGS) CFLAGS += -Wno-deprecated-declarations +ifeq ($(CONFIG_RTE_TOOLCHAIN_GCC),y) +ifeq ($(shell test $(GCC_VERSION) -ge 100 && echo 1), 1) +CFLAGS += -fcommon +endif +endif + # # all source are stored in SRCS-y # diff --git a/dpdk/app/test-pmd/cmdline.c b/dpdk/app/test-pmd/cmdline.c index 26295130c5..abf803418c 100644 --- a/dpdk/app/test-pmd/cmdline.c +++ b/dpdk/app/test-pmd/cmdline.c @@ -101,7 +101,7 @@ static void cmd_help_brief_parsed(__attribute__((unused)) void *parsed_result, " help ports : Configuring ports.\n" " help registers : Reading and setting port registers.\n" " help filters : Filters configuration help.\n" - " help traffic_management : Traffic Management commmands.\n" + " help traffic_management : Traffic Management commands.\n" " help all : All of the above sections.\n\n" ); @@ -4932,7 +4932,7 @@ cmd_gso_size_parsed(void *parsed_result, if (test_done == 0) { printf("Before setting GSO segsz, please first" - " stop fowarding\n"); + " stop forwarding\n"); return; } @@ -16459,8 +16459,10 @@ cmd_ddp_get_list_parsed( #ifdef RTE_LIBRTE_I40E_PMD size = PROFILE_INFO_SIZE * MAX_PROFILE_NUM + 4; p_list = (struct rte_pmd_i40e_profile_list *)malloc(size); - if (!p_list) + if (!p_list) { printf("%s: Failed to malloc buffer\n", __func__); + return; + } if (ret == -ENOTSUP) ret = rte_pmd_i40e_get_ddp_list(res->port_id, diff --git a/dpdk/app/test-pmd/config.c b/dpdk/app/test-pmd/config.c index 6e9a2042c2..0e5d77159d 100644 --- a/dpdk/app/test-pmd/config.c +++ b/dpdk/app/test-pmd/config.c @@ -204,11 +204,26 @@ nic_stats_display(portid_t port_id) void nic_stats_clear(portid_t port_id) { + int ret; + if (port_id_is_invalid(port_id, ENABLED_WARN)) { print_valid_ports(); return; } - rte_eth_stats_reset(port_id); + + ret = rte_eth_stats_reset(port_id); + if (ret != 0) { + printf("%s: Error: failed to reset stats (port %u): %s", + __func__, port_id, strerror(ret)); + return; + } + + ret = rte_eth_stats_get(port_id, &ports[port_id].stats); + if (ret != 0) { + printf("%s: Error: failed to get stats (port %u): %s", + __func__, port_id, strerror(ret)); + return; + } printf("\n NIC statistics for port %d cleared\n", port_id); } @@ -278,11 +293,20 @@ nic_xstats_display(portid_t port_id) void nic_xstats_clear(portid_t port_id) { + int ret; + if (port_id_is_invalid(port_id, ENABLED_WARN)) { print_valid_ports(); return; } rte_eth_xstats_reset(port_id); + + ret = rte_eth_stats_get(port_id, &ports[port_id].stats); + if (ret != 0) { + printf("%s: Error: failed to get stats (port %u): %s", + __func__, port_id, strerror(ret)); + return; + } } void diff --git a/dpdk/app/test-pmd/csumonly.c b/dpdk/app/test-pmd/csumonly.c index 46eb52d5b8..b0d528d98c 100644 --- a/dpdk/app/test-pmd/csumonly.c +++ b/dpdk/app/test-pmd/csumonly.c @@ -138,21 +138,23 @@ parse_ipv6(struct ipv6_hdr *ipv6_hdr, struct testpmd_offload_info *info) /* * Parse an ethernet header to fill the ethertype, l2_len, l3_len and - * ipproto. This function is able to recognize IPv4/IPv6 with one optional vlan - * header. The l4_len argument is only set in case of TCP (useful for TSO). + * ipproto. This function is able to recognize IPv4/IPv6 with optional VLAN + * headers. The l4_len argument is only set in case of TCP (useful for TSO). */ static void parse_ethernet(struct ether_hdr *eth_hdr, struct testpmd_offload_info *info) { struct ipv4_hdr *ipv4_hdr; struct ipv6_hdr *ipv6_hdr; + struct vlan_hdr *vlan_hdr; info->l2_len = sizeof(struct ether_hdr); info->ethertype = eth_hdr->ether_type; - if (info->ethertype == _htons(ETHER_TYPE_VLAN)) { - struct vlan_hdr *vlan_hdr = (struct vlan_hdr *)(eth_hdr + 1); - + while (info->ethertype == _htons(ETHER_TYPE_VLAN) || + info->ethertype == _htons(ETHER_TYPE_QINQ)) { + vlan_hdr = (struct vlan_hdr *) + ((char *)eth_hdr + info->l2_len); info->l2_len += sizeof(struct vlan_hdr); info->ethertype = vlan_hdr->eth_proto; } diff --git a/dpdk/app/test-pmd/meson.build b/dpdk/app/test-pmd/meson.build index 6006c60f99..adeeeeedba 100644 --- a/dpdk/app/test-pmd/meson.build +++ b/dpdk/app/test-pmd/meson.build @@ -5,6 +5,11 @@ name = 'testpmd' allow_experimental_apis = true cflags += '-Wno-deprecated-declarations' + +if (toolchain == 'gcc' and cc.version().version_compare('>=10.0.0')) + cflags += '-fcommon' +endif + sources = files('cmdline.c', 'cmdline_flow.c', 'cmdline_mtr.c', diff --git a/dpdk/app/test-pmd/parameters.c b/dpdk/app/test-pmd/parameters.c index 4d5e28970c..57028c313f 100644 --- a/dpdk/app/test-pmd/parameters.c +++ b/dpdk/app/test-pmd/parameters.c @@ -52,7 +52,7 @@ static void usage(char* progname) { - printf("usage: %s " + printf("usage: %s [EAL options] -- " #ifdef RTE_LIBRTE_CMDLINE "[--interactive|-i] " "[--cmdline-file=FILENAME] " diff --git a/dpdk/app/test-pmd/testpmd.c b/dpdk/app/test-pmd/testpmd.c index a910c06dc2..a32eae750c 100644 --- a/dpdk/app/test-pmd/testpmd.c +++ b/dpdk/app/test-pmd/testpmd.c @@ -2500,7 +2500,7 @@ check_all_ports_link_status(uint32_t port_mask) "Port%d Link Up. speed %u Mbps- %s\n", portid, link.link_speed, (link.link_duplex == ETH_LINK_FULL_DUPLEX) ? - ("full-duplex") : ("half-duplex\n")); + ("full-duplex") : ("half-duplex")); else printf("Port %d Link Down\n", portid); continue; @@ -2934,6 +2934,8 @@ get_eth_dcb_conf(portid_t pid, struct rte_eth_conf *eth_conf, struct rte_eth_dcb_tx_conf *tx_conf = ð_conf->tx_adv_conf.dcb_tx_conf; + memset(&rss_conf, 0, sizeof(struct rte_eth_rss_conf)); + rc = rte_eth_dev_rss_hash_conf_get(pid, &rss_conf); if (rc != 0) return rc; diff --git a/dpdk/config/meson.build b/dpdk/config/meson.build index 616af97466..88742ce9db 100644 --- a/dpdk/config/meson.build +++ b/dpdk/config/meson.build @@ -111,6 +111,10 @@ warning_flags = [ '-Wcast-qual', '-Wno-address-of-packed-member' ] +if cc.get_id() == 'gcc' and cc.version().version_compare('>=10.0') +# FIXME: Bugzilla 396 + warning_flags += '-Wno-zero-length-bounds' +endif if not dpdk_conf.get('RTE_ARCH_64') # for 32-bit, don't warn about casting a 32-bit pointer to 64-bit int - it's fine!! warning_flags += '-Wno-pointer-to-int-cast' diff --git a/dpdk/devtools/check-symbol-change.sh b/dpdk/devtools/check-symbol-change.sh index f6f79a883b..2d4f05fdd2 100755 --- a/dpdk/devtools/check-symbol-change.sh +++ b/dpdk/devtools/check-symbol-change.sh @@ -17,13 +17,11 @@ build_map_changes() # map files are altered, and all section/symbol names # appearing between a triggering of this rule and the # next trigger of this rule are associated with this file - /[-+] a\/.*\.map/ {map=$2; in_map=1} + /[-+] [ab]\/.*\.map/ {map=$2; in_map=1; next} - # Same pattern as above, only it matches on anything that - # does not end in 'map', indicating we have left the map chunk. - # When we hit this, turn off the in_map variable, which - # supresses the subordonate rules below - /[-+] a\/.*\.[^map]/ {in_map=0} + # The previous rule catches all .map files, anything else + # indicates we left the map chunk. + /[-+] [ab]\// {in_map=0} # Triggering this rule, which starts a line and ends it # with a { identifies a versioned section. The section name is diff --git a/dpdk/devtools/checkpatches.sh b/dpdk/devtools/checkpatches.sh index c471731d45..acff1843af 100755 --- a/dpdk/devtools/checkpatches.sh +++ b/dpdk/devtools/checkpatches.sh @@ -56,6 +56,14 @@ check_forbidden_additions() { # -f $(dirname $(readlink -e $0))/check-forbidden-tokens.awk \ "$1" || res=1 + # links must prefer https over http + awk -v FOLDERS='doc' \ + -v EXPRESSIONS='http://.*dpdk.org' \ + -v RET_ON_FAIL=1 \ + -v MESSAGE='Using non https link to dpdk.org' \ + -f $(dirname $(readlink -f $0))/check-forbidden-tokens.awk \ + "$1" || res=1 + return $res } diff --git a/dpdk/doc/api/doxy-api-index.md b/dpdk/doc/api/doxy-api-index.md index e27874c5ae..a380f44fbd 100644 --- a/dpdk/doc/api/doxy-api-index.md +++ b/dpdk/doc/api/doxy-api-index.md @@ -1,4 +1,4 @@ -API {#index} +API ===