Alex Wang | 21 Oct 03:03 2014

'/etc/init.d/openvswitch force-reload-kmod' on RHEL7 fails,

Hey Flavio,

We found when set selinux 'enforcing' on RHEL7/CentOS7,
The init.d script command 'force-reload-kmod' cannot work properly:
Shown below:

[root <at> ovs_team_rhel7]# /etc/init.d/openvswitch force-reload-kmod

Detected internal interfaces:  [  OK  ]
Saving flows [  OK  ]
Killing ovsdb-server (11131) [  OK  ]
Starting ovsdb-server [  OK  ]
Configuring Open vSwitch system IDs [  OK  ]
Killing ovs-vswitchd (11146) [  OK  ]
*Saving interface configuration /usr/share/openvswitch/scripts/ovs-save: ip
not found in /*
*sbin:/usr/sbin:/bin:/usr/bin*
*[FAILED]*
*Failed to save configuration, not replacing kernel module ... (warning).*
Starting ovs-vswitchd [  OK  ]
Enabling remote OVSDB managers [  OK  ]

The reason seems to be that domain openvswitch_t does not have right
to access /usr/sbin/ => that's why ovs-save reports 'ip not found'

We are using the latest selinux-policy:
http://rpmfind.net//linux/RPM/centos/updates/7.0.1406/x86_64/Packages/selinux-policy-3.12.1-153.el7_0.11.noarch.html

We are using kernel: 3.10.0-123.8.1.el7.x86_64

(Continue reading)

Ankur Sharma | 21 Oct 02:35 2014

[PATCH v1 1/6] datapath-windows: pid-instance hash table data structure.

This patch introduces data structure for holding instances hashed by
pid.

Signed-off-by: Ankur Sharma <ankursharma@...>
---
 datapath-windows/ovsext/Datapath.h |  2 ++
 datapath-windows/ovsext/Event.c    |  1 +
 datapath-windows/ovsext/Switch.c   | 15 ++++++++++++++-
 datapath-windows/ovsext/Switch.h   |  3 +++
 4 files changed, 20 insertions(+), 1 deletion(-)

diff --git a/datapath-windows/ovsext/Datapath.h b/datapath-windows/ovsext/Datapath.h
index abbcc1a..221515d 100644
--- a/datapath-windows/ovsext/Datapath.h
+++ b/datapath-windows/ovsext/Datapath.h
 <at>  <at>  -87,6 +87,8  <at>  <at>  typedef struct _OVS_OPEN_INSTANCE {
                                  * markers can store the row and the column
                                  * indices. */
     } dumpState;                /* data to support dump commands. */
+    LIST_ENTRY             pidLink; /* Links the instance to
+                                     * pidHashArray */
 } OVS_OPEN_INSTANCE, *POVS_OPEN_INSTANCE;

 NDIS_STATUS OvsCreateDeviceObject(NDIS_HANDLE ovsExtDriverHandle);
diff --git a/datapath-windows/ovsext/Event.c b/datapath-windows/ovsext/Event.c
index 656f719..96f4e16 100644
--- a/datapath-windows/ovsext/Event.c
+++ b/datapath-windows/ovsext/Event.c
 <at>  <at>  -258,6 +258,7  <at>  <at>  OvsSubscribeEventIoctl(PFILE_OBJECT fileObject,
         ovsNumEventQueue++;
(Continue reading)

Ben Pfaff | 21 Oct 00:05 2014

[PATCH] ofproto: Report support for group stats.

This feature bit was overlooked when we added support for group stats.

Reported-by: Anup Khadka <khadka.py@...>
Signed-off-by: Ben Pfaff <blp@...>
---
 ofproto/ofproto.c |    3 ++-
 tests/ofproto.at  |    4 ++--
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/ofproto/ofproto.c b/ofproto/ofproto.c
index 2cb93b0..8bd5f03 100644
--- a/ofproto/ofproto.c
+++ b/ofproto/ofproto.c
 <at>  <at>  -2997,7 +2997,8  <at>  <at>  handle_features_request(struct ofconn *ofconn, const struct ofp_header *oh)
     features.n_buffers = pktbuf_capacity();
     features.n_tables = ofproto_get_n_visible_tables(ofproto);
     features.capabilities = (OFPUTIL_C_FLOW_STATS | OFPUTIL_C_TABLE_STATS |
-                             OFPUTIL_C_PORT_STATS | OFPUTIL_C_QUEUE_STATS);
+                             OFPUTIL_C_PORT_STATS | OFPUTIL_C_QUEUE_STATS |
+                             OFPUTIL_C_GROUP_STATS);
     if (arp_match_ip) {
         features.capabilities |= OFPUTIL_C_ARP_MATCH_IP;
     }
diff --git a/tests/ofproto.at b/tests/ofproto.at
index 51efd37..3278287 100644
--- a/tests/ofproto.at
+++ b/tests/ofproto.at
 <at>  <at>  -482,7 +482,7  <at>  <at>  do
     AT_CHECK_UNQUOTED([STRIP_XIDS stdout], [0], [dnl
 OFPT_FEATURES_REPLY (OF1.2): dpid:fedcba9876543210
(Continue reading)

Ben Pfaff | 20 Oct 23:45 2014

[PATCH] ofp-actions: Properly check for action that exceeds buffer length.

Commit c2d936a44fa (ofp-actions: Centralize all OpenFlow action code for
maintainability.) rewrote OpenFlow action parsing but failed to check that
actions don't overflow their buffers.  This commit fixes the problem and
adds negative tests so that this bug doesn't recur.

Reported-by: Tomer Pearl <Tomer.Pearl@...>
Signed-off-by: Ben Pfaff <blp@...>
---
 lib/ofp-actions.c    |    5 +++++
 tests/ofp-actions.at |   16 ++++++++++++++++
 2 files changed, 21 insertions(+)

diff --git a/lib/ofp-actions.c b/lib/ofp-actions.c
index 7d9ee58..41c7622 100644
--- a/lib/ofp-actions.c
+++ b/lib/ofp-actions.c
 <at>  <at>  -6406,6 +6406,11  <at>  <at>  ofpact_pull_raw(struct ofpbuf *buf, enum ofp_version ofp_version,
     }

     length = ntohs(oah->len);
+    if (length > ofpbuf_size(buf)) {
+        VLOG_WARN_RL(&rl, "OpenFlow action %s length %u exceeds action buffer "
+                     "length %"PRIu32, action->name, length, ofpbuf_size(buf));
+        return OFPERR_OFPBAC_BAD_LEN;
+    }
     if (length < action->min_length || length > action->max_length) {
         VLOG_WARN_RL(&rl, "OpenFlow action %s length %u not in valid range "
                      "[%hu,%hu]", action->name, length,
diff --git a/tests/ofp-actions.at b/tests/ofp-actions.at
index 64b4bc2..311c3c5 100644
(Continue reading)

Eitan Eliahu | 21 Oct 03:23 2014

[PATCH] datapath-windows: Missed packet, Kernel to User mode notification

An I/O request is queued in Kernel to be completed upon a packet mismatch.
This mechanism is similar to the port state notification.
Access to instance data should be under a lock (TBD)

Signed-off-by: Eitan Eliahu <eliahue@...>
---
 datapath-windows/include/OvsDpInterfaceExt.h |  1 +
 datapath-windows/ovsext/Datapath.c           | 30 ++++++++++++++++++++++++++++
 2 files changed, 31 insertions(+)

diff --git a/datapath-windows/include/OvsDpInterfaceExt.h b/datapath-windows/include/OvsDpInterfaceExt.h
index 953c8ba..cea9e41 100644
--- a/datapath-windows/include/OvsDpInterfaceExt.h
+++ b/datapath-windows/include/OvsDpInterfaceExt.h
 <at>  <at>  -77,6 +77,7  <at>  <at> 
 enum ovs_win_control_cmd {
     OVS_CTRL_CMD_WIN_GET_PID,
     OVS_CTRL_CMD_WIN_PEND_REQ,
+    OVS_CTRL_CMD_WIN_PEND_PACKET_REQ,
     OVS_CTRL_CMD_MC_SUBSCRIBE_REQ,
     OVS_CTRL_CMD_PACKET_SUBSCRIBE_REQ,

diff --git a/datapath-windows/ovsext/Datapath.c b/datapath-windows/ovsext/Datapath.c
index fae824a..79e7c7d 100644
--- a/datapath-windows/ovsext/Datapath.c
+++ b/datapath-windows/ovsext/Datapath.c
 <at>  <at>  -91,6 +91,7  <at>  <at>  typedef struct _NETLINK_FAMILY {
 /* Handlers for the various netlink commands. */
 static NetlinkCmdHandler OvsGetPidCmdHandler,
                          OvsPendEventCmdHandler,
(Continue reading)

Thomas Graf | 20 Oct 19:23 2014

[PATCH] Makefile.am: Properly indent INSTALL.DPDK

Signed-off-by: Thomas Graf <tgraf@...>
---
 Makefile.am | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Makefile.am b/Makefile.am
index 43cc420..846172d 100644
--- a/Makefile.am
+++ b/Makefile.am
 <at>  <at>  -69,7 +69,7  <at>  <at>  EXTRA_DIST = \
 	INSTALL \
 	INSTALL.Debian \
 	INSTALL.Docker \
-        INSTALL.DPDK \
+	INSTALL.DPDK \
 	INSTALL.Fedora \
 	INSTALL.KVM \
 	INSTALL.Libvirt \
--

-- 
1.9.3

rdunlap | 20 Oct 12:11 2014
Picon

Returned mail: see transcript for details

Dear user dev@...,

Your account was used to send a huge amount of spam during the last week.
Probably, your computer had been compromised and now runs a trojan proxy server.

Please follow the instructions in order to keep your computer safe.

Have a nice day,
openvswitch.org support team.

Alex Wang | 20 Oct 07:50 2014

[compgen v2 1/5] command-line: Add function to print all options.

This commit adds a function that prints (both long and short)
options of a ovs-* command.  To use this function, option
'--option' is added to ovs-appctl/dpctl/ofctl and ovsdb-tool
ommands.  A future patch will the option output to conduct
bash command-line completion.

Signed-off-by: Alex Wang <alexw@...>

---
PATCH -> V2:
- distinguish optional and compulsory arguments.
- call print() in the print_option().
---
 lib/command-line.c     |   21 +++++++++++++++++++++
 lib/command-line.h     |    1 +
 ovsdb/ovsdb-tool.c     |    5 +++++
 utilities/ovs-appctl.c |    6 ++++++
 utilities/ovs-dpctl.c  |    6 +++++-
 utilities/ovs-ofctl.c  |    5 +++++
 6 files changed, 43 insertions(+), 1 deletion(-)

diff --git a/lib/command-line.c b/lib/command-line.c
index cb73a25..1f26c5c 100644
--- a/lib/command-line.c
+++ b/lib/command-line.c
 <at>  <at>  -19,6 +19,7  <at>  <at> 
 #include <getopt.h>
 #include <limits.h>
 #include <stdlib.h>
+#include "dynamic-string.h"
(Continue reading)

dkatz | 20 Oct 04:31 2014
Picon

(no subject)

Dear user dev@...,

We have detected that your email account has been used to send a large amount of unsolicited commercial
email messages during the last week.
Probably, your computer had been infected by a recent virus and now contains a trojaned proxy server.

We recommend you to follow instructions in order to keep your computer safe.

Best regards,
openvswitch.org user support team.

Madhu Challa | 18 Oct 22:18 2014

[PATCH v3] lib/dpif: Fix crash in format_odp_actions, actions = 0x0

When flow_get fails (in this case flow does not exist) simply log
the key part of the get and erase the rest of the flow because it
is invalid.

verified the fix by doing ovs-ofctl del-flows when traffic is running

2014-10-18T20:12:13.785Z|00011|dpif(revalidator20)|WARN|system <at> ovs-system: failed to flow_get
(No such file or directory)
dp_hash(0),recirc_id(0),skb_priority(0),in_port(2),skb_mark(0),eth(src=00:13:72:0b:52:fa,dst=00:14:72:0b:52:fa),eth_type(0x0800),ipv4(src=10.0.0.164,dst=11.0.0.164,proto=6,tos=0,ttl=4,frag=no),tcp(src=1651,dst=6095),tcp_flags(ack),
packets:0, bytes:0, used:never
---
 lib/dpif.c |    4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/dpif.c b/lib/dpif.c
index d088f68..64e6a0e 100644
--- a/lib/dpif.c
+++ b/lib/dpif.c
 <at>  <at>  -1155,11 +1155,11  <at>  <at>  dpif_operate(struct dpif *dpif, struct dpif_op **ops, size_t n_ops)
                     struct dpif_flow_get *get = &op->u.flow_get;

                     COVERAGE_INC(dpif_flow_get);
-                    log_flow_get_message(dpif, get, error);
-
                     if (error) {
                         memset(get->flow, 0, sizeof *get->flow);
                     }
+                    log_flow_get_message(dpif, get, error);
+
                     break;
(Continue reading)

Nithin Raju | 18 Oct 20:39 2014

[PATCH 1/4 v2] datapath-windows: event read should not fail when no events

The semantics are read operation are generally to return 0 bytes and
STATUS_SUCCESS when there are no events.

Also, added a fix to assign the PID to the synthetic OVS_MESSAGE formed
for the command validation.

Signed-off-by: Nithin Raju <nithin@...>
Acked-by: Nithin Raju <nithin@...>
---
 datapath-windows/ovsext/Datapath.c |    4 ++++
 1 files changed, 4 insertions(+), 0 deletions(-)

diff --git a/datapath-windows/ovsext/Datapath.c b/datapath-windows/ovsext/Datapath.c
index 6cb9398..0d87a6d 100644
--- a/datapath-windows/ovsext/Datapath.c
+++ b/datapath-windows/ovsext/Datapath.c
 <at>  <at>  -728,6 +728,7  <at>  <at>  OvsDeviceControl(PDEVICE_OBJECT deviceObject,

         ovsMsg = &ovsMsgReadOp;
         ovsMsg->nlMsg.nlmsgType = OVS_WIN_NL_CTRL_FAMILY_ID;
+        ovsMsg->nlMsg.nlmsgPid = instance->pid;
         /* An "artificial" command so we can use NL family function table*/
         ovsMsg->genlMsg.cmd = (code == OVS_IOCTL_READ_EVENT) ?
                               OVS_CTRL_CMD_EVENT_NOTIFY :
 <at>  <at>  -2289,6 +2290,9  <at>  <at>  OvsReadEventCmdHandler(POVS_USER_PARAMS_CONTEXT usrParamsCtx,
     /* remove an event entry from the event queue */
     status = OvsRemoveEventEntry(usrParamsCtx->ovsInstance, &eventEntry);
     if (status != STATUS_SUCCESS) {
+        /* If there were not elements, read should return no data. */
+        status = STATUS_SUCCESS;
(Continue reading)


Gmane