network-scripts-openvswitch2.11-2.11.3-90.el8s >  H `A !F^(*v< Tz:KaFlgYa.s.{LQ/SFt`~`)'n'lh$sksDR(fSb5 4Ua} *T0@uÀ@Ug^n(jҚ*l:].apHWZ{y"ո#IIh=/.e)bfR\ŖjSn.71~ MSd{x5~].uᗴ&G86379667b8d911c68ae56030158d116cdc289e691e153b0da1b404fe0159cd3d673176bbaee0593e89cff88a2bd23d84256119c35p`A !F^(*v2Oo<de`] r8CQt  A&A&w:Gq* g]Bzq ! wZߡwy-cWp h{nysdٍ/Dc}]VAe+iC: a=3s̘<Ӥ<)L@ Y OCUZϰ*c71vḋ@"a|%4{/ܑHŰ,զaP2tA5_%l,30>p?{?{d") 1 ] 0LR\d h l t   <D!(?8H:90::G:GyHyIy$Xy(Yy0\yP]yX^ylbydzezfzlztzuzv{w{4x{<y{D{L{P{v{x{|{{Cnetwork-scripts-openvswitch2.112.11.390.el8sOpen vSwitch legacy network service supportThis provides the ifup and ifdown scripts for use with the legacy network service.`bp8le03.rdu2.centos.org.CentOSCentOSASL 2.0CBS System Environment/Daemons daemon/database/utilitieshttp://www.openvswitch.org/linuxppc64le&n]r?]r?f5df1805618f089479f4a3ec3ed6a1b964317e85964e01e5029481a5944513ec6e3b1a4b00ba391a7e7ef48d41c396da845346b5149cbb346c26deb6919c2c47rootrootrootrootopenvswitch2.11-2.11.3-90.el8s.src.rpmnetwork-scripts-openvswitch2.11network-scripts-openvswitch2.11(ppc-64)@    /bin/bashnetwork-scriptsrpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)3.0.4-14.6.0-14.0-15.2-14.14.3`@` @`m`Q@`P`#`3@``@`>` l`2@____ǁ_@__ _t@_P_|\@_a@_G@_;_:q@_3_2@_/@_/@__A@__ L_X@_X@_X@_X@_X@_X@_X@_X@_X@_X@_X@_X@_X@_X@_X@_X@_X@_X@_X@_X@_X@_X@_X@_X@_X@_X@_X@_X@_X@_X@_X@_X@_X@_X@_X@_X@_X@_X@_X@_X@_X@_X@_X@_X@_X@_X@_X@_X@_X@_X@_X@_X@_X@_X@_X@_X@^^V@^>@^@^@^@^h^g@^U @^ P@^ P@^ P@^^^@^@^g@^@^r^@^@]]B]@]@]@]N@]]ʞ])]c@]c@](]{]nU]e@]Ik]6]-@]-@](v@]$]G@] ]:]:\P\O\,@\\@\@\@\@\y\w@\R@\M@\ - 2.11.3-90Open vSwitch CI - 2.11.3-89Michael Santana - 2.11.3-88Open vSwitch CI - 2.11.3-87Open vSwitch CI - 2.11.3-86Open vSwitch CI - 2.11.3-85Open vSwitch CI - 2.11.3-84Timothy Redaelli - 2.11.3-83Open vSwitch CI - 2.11.3-82Open vSwitch CI - 2.11.3-81Open vSwitch CI - 2.11.3-80Open vSwitch CI - 2.11.3-79Open vSwitch CI - 2.11.3-78Open vSwitch CI - 2.11.3-77Open vSwitch CI - 2.11.3-76Open vSwitch CI - 2.11.3-75Open vSwitch CI - 2.11.3-74Timothy Redaelli - 2.11.3-73Open vSwitch CI - 2.11.3-72Open vSwitch CI - 2.11.3-71Open vSwitch CI - 2.11.3-70Open vSwitch CI - 2.11.3-69Open vSwitch CI - 2.11.3-68Open vSwitch CI - 2.11.3-67Flavio Leitner - 2.11.3-66Open vSwitch CI - 2.11.3-65Open vSwitch CI - 2.11.3-64Open vSwitch CI - 2.11.3-63Flavio Leitner - 2.11.3-62Flavio Leitner - 2.11.3-61Flavio Leitner - 2.11.3-60Flavio Leitner - 2.11.3-59Flavio Leitner - 2.11.3-58Flavio Leitner - 2.11.3-57Timothy Redaelli - 2.11.3-56Timothy Redaelli - 2.11.3-55Timothy Redaelli - 2.11.3-54Timothy Redaelli - 2.11.3-53Timothy Redaelli - 2.11.3-52Timothy Redaelli - 2.11.3-51Timothy Redaelli - 2.11.3-50Timothy Redaelli - 2.11.3-49Timothy Redaelli - 2.11.3-48Timothy Redaelli - 2.11.3-47Timothy Redaelli - 2.11.3-46Timothy Redaelli - 2.11.3-45Timothy Redaelli - 2.11.3-44Timothy Redaelli - 2.11.3-43Timothy Redaelli - 2.11.3-42Timothy Redaelli - 2.11.3-41Timothy Redaelli - 2.11.3-40Timothy Redaelli - 2.11.3-39Timothy Redaelli - 2.11.3-38Timothy Redaelli - 2.11.3-37Timothy Redaelli - 2.11.3-36Timothy Redaelli - 2.11.3-35Timothy Redaelli - 2.11.3-34Timothy Redaelli - 2.11.3-33Timothy Redaelli - 2.11.3-32Timothy Redaelli - 2.11.3-31Timothy Redaelli - 2.11.3-30Timothy Redaelli - 2.11.3-29Timothy Redaelli - 2.11.3-28Timothy Redaelli - 2.11.3-27Timothy Redaelli - 2.11.3-26Timothy Redaelli - 2.11.3-25Timothy Redaelli - 2.11.3-24Timothy Redaelli - 2.11.3-23Timothy Redaelli - 2.11.3-22Timothy Redaelli - 2.11.3-21Timothy Redaelli - 2.11.3-20Timothy Redaelli - 2.11.3-19Timothy Redaelli - 2.11.3-18Timothy Redaelli - 2.11.3-17Timothy Redaelli - 2.11.3-16Timothy Redaelli - 2.11.3-15Timothy Redaelli - 2.11.3-14Timothy Redaelli - 2.11.3-13Timothy Redaelli - 2.11.3-12Timothy Redaelli - 2.11.3-11Timothy Redaelli - 2.11.3-10Timothy Redaelli - 2.11.3-9Timothy Redaelli - 2.11.3-8Timothy Redaelli - 2.11.3-7Timothy Redaelli - 2.11.3-6Timothy Redaelli - 2.11.3-5Timothy Redaelli - 2.11.3-4Timothy Redaelli - 2.11.3-3Timothy Redaelli - 2.11.3-2Timothy Redaelli - 2.11.3-1Timothy Redaelli - 2.11.0-56.20200327gita4efc59Aaron Conole - 2.11.0-55.20200327gita4efc59Maxime Coquelin - 2.11.0-54.20200327gita4efc59Aaron Conole - 2.11.0-53.20200327gita4efc59Timothy Redaelli - 2.11.0-52.20200327gita4efc59Timothy Redaelli - 2.11.0-51.20200327gita4efc59Timothy Redaelli - 2.11.0-50Timothy Redaelli - 2.11.0-49Maxime Coquelin - 2.11.0-48Timothy Redaelli - 2.11.0-47Timothy Redaelli - 2.11.0-46Timothy Redaelli - 2.11.0-45Timothy Redaelli - 2.11.0-44Timothy Redaelli - 2.11.0-43Eelco Chaudron - 2.11.0-42Kevin Traynor - 2.11.0-41Adrián Moreno - 2.11.0-40Numan Siddique - 2.11.0-39David Marchand - 2.11.0-38Eelco Chaudron - 2.11.0-37Eelco Chaudron - 2.11.0-36Timothy Redaelli - 2.11.0-35Timothy Redaelli - 2.11.0-34Aaron Conole - 2.11.0-33Aaron Conole - 2.11.0-32Aaron Conole - 2.11.0-31Timothy Redaelli - 2.11.0-30Lorenzo Bianconi - 2.11.0-29David Marchand - 2.11.0-28Numan Siddique - 2.11.0-27Numan Siddique - 2.11.0-26Dumitru Ceara - 2.11.0-25Aaron Conole - 2.11.0-24Kevin Traynor - 2.11.0-23Flavio Leitner - 2.11.0-22Flavio Leitner - 2.11.0-21David Marchand - 2.11.0-20Numan Siddique - 2.11.0-19Timothy Redaelli - 2.11.0-18Timothy Redaelli - 2.11.0-17Timothy Redaelli - 2.11.0-16David Marchand - 2.11.0-15Timothy Redaelli - 2.11.0-14Timothy Redaelli - 2.11.0-13Maxime Coquelin - 2.11.0-12Flavio Leitner - 2.11.0-11Pablo Cascón - 2.11.0-10Numan Siddique - 2.11.0-9Kevin Traynor - 2.11.0-8David Marchand - 2.11.0-7Timothy Redaelli - 2.11.0-6Flavio Leitner - 2.11.0-5Davide Caratti - 2.11.0-4Timothy Redaelli - 2.11.0-3Timothy Redaelli - 2.11.0-2Timothy Redaelli - 2.11.0-1Open vSwitch Bot - 2.11.0-0.20190129gitd3a10dbOpen vSwitch Bot - 2.11.0-0.20190126gitd4ff5b2Timothy Redaelli - 2.11.0-0.20190114gitadb3f0bLorenzo Bianconi - 2.10.0-42Timothy Redaelli - 2.10.0-41Timothy Redaelli - 2.10.0-40Lorenzo Bianconi - 2.10.0-39Numan Siddique - 2.10.0-38David Marchand - 2.10.0-37Numan Siddique - 2.10.0-36Timothy Redaelli - 2.10.0-35Numan Siddique - 2.10.0-34Eelco Chaudron - 2.10.0-33Timothy Redaelli - 2.10.0-32Timothy Redaelli - 2.10.0-31Lorenzo Bianconi - 2.10.0-30Eelco Chaudron - 2.10.0-29Lorenzo Bianconi - 2.10.0-28Timothy Redaelli - 2.10.0-27Lorenzo Bianconi - 2.10.0-26Timothy Redaelli - 2.10.0-25Timothy Redaelli - 2.10.0-24Kevin Traynor - 2.10.0-23Timothy Redaelli - 2.10.0-22Numan Siddique - 2.10.0-21Timothy Redaelli - 2.10.0-20Timothy Redaelli - 2.10.0-19Timothy Redaelli - 2.10.0-18Numan Siddique - 2.10.0-17Numan Siddique - 2.10.0-16Numan Siddique - 2.10.0-15Numan Siddique - 2.10.0-14Lorenzo Bianconi - 2.10.0-13Matteo Croce - 2.10.0-12Lorenzo Bianconi - 2.10.0-11Timothy Redaelli - 2.10.0-10Matteo Croce - 2.10.0-9Matteo Croce - 2.10.0-8Matteo Croce - 2.10.0-7Kevin Traynor - 2.10.0-6Timothy Redaelli - 2.10.0-5Flavio Leitner - 2.10.0-4Flavio Leitner - 2.10.0-3Timothy Redaelli - 2.10.0-2Flavio Leitner - 2.10-1Flavio Leitner - 2.10-0Open vSwitch Bot - 2.10-0Open vSwitch Bot - 2.10-0Open vSwitch Bot - 2.10-0Flavio Leitner - 2.10-0Flavio Leitner - 2.10-0Open vSwitch Bot - 2.10-0Flavio Leitner - 2.10-0Open vSwitch Bot - 2.10-0Flavio Leitner - 2.10-0Open vSwitch Bot - 2.10-0Flavio Leitner - 2.10-0Open vSwitch Bot - 2.10-0Open vSwitch Bot - 2.10-0Open vSwitch Bot - 2.10-0Open vSwitch Bot - 2.10-0Flavio Leitner - 2.10-0Aaron Conole - 2.9.0-47Timothy Redaelli - 2.9.0-46Timothy Redaelli - 2.9.0-45Timothy Redaelli - 2.9.0-44Timothy Redaelli - 2.9.0-43Timothy Redaelli - 2.9.0-42Timothy Redaelli - 2.9.0-41Timothy Redaelli - 2.9.0-40Timothy Redaelli - 2.9.0-39Maxime Coquelin - 2.9.0-38Timothy Redaelli - 2.9.0-37Timothy Redaelli - 2.9.0-36Lorenzo Bianconi - 2.9.0-35Timothy Redaelli - 2.9.0-34Timothy Redaelli - 2.9.0-33Aaron Conole - 2.9.0-32Timothy Redaelli - 2.9.0-31Timothy Redaelli - 2.9.0-30Timothy Redaelli - 2.9.0-29Kevin Traynor - 2.9.0-28Aaron Conole - 2.9.0-27Aaron Conole - 2.9.0-26Jakub Sitnicki - 2.9.0-25Aaron Conole - 2.9.0-24Timothy Redaelli - 2.9.0-23Timothy Redaelli - 2.9.0-22Timothy Redaelli - 2.9.0-21Timothy Redaelli - 2.9.0-20Kevin Traynor - 2.9.0-19Davide Caratti - 2.9.0-18Timothy Redaelli - 2.9.0-17Timothy Redaelli - 2.9.0-16Timothy Redaelli - 2.9.0-14Timothy Redaelli - 2.9.0-13Flavio Leitner - 2.9.0-12Timothy Redaelli - 2.9.0-11Timothy Redaelli - 2.9.0-10Timothy Redaelli - 2.9.0-9Eric Garver - 2.9.0-8Timothy Redaelli - 2.9.0-7Aaron Conole - 2.9.0-6Matteo Croce - 2.9.0-5Timothy Redaelli - 2.9.0-4Timothy Redaelli - 2.9.0-3Timothy Redaelli - 2.9.0-1Timothy Redaelli - 2.7.3-3.git20180112Timothy Redaelli - 2.7.3-2.git20171010Timothy Redaelli - 2.7.3-1.git20171010Kevin Traynor - 2.7.2-10.git20170914Timothy Redaelli - 2.7.2-9.git20170914Timothy Redaelli - 2.7.2-8.git20170719Aaron Conole - 2.7.2-7.git20170719Aaron Conole - 2.7.2-6.git20170719Aaron Conole - 2.7.2-5.git20170719John W. Linville - 2.7.2-4.git20170719John W. Linville - 2.7.2-3.git20170719John W. Linville - 2.7.2-2.git20170719Timothy Redaelli - 2.7.2-1.git20170719Timothy Redaelli - 2.7.1-1.git20170710Timothy Redaelli - 2.6.1-20.git20161206Lance Richardson - 2.6.1-19.git20161206Timothy Redaelli - 2.6.1-18.git20161206Timothy Redaelli - 2.6.1-17.git20161206Eric Garver - 2.6.1-16.git20161206Kevin Traynor - 2.6.1-15.git20161206Lance Richardson - 2.6.1-14.git20161206Timothy Redaelli - 2.6.1-13.git20161206Aaron Conole - 2.6.1-12.git20161206Lance Richardson - 2.6.1-11.git20161206Aaron Conole - 2.6.1-10.git20161206Lance Richardson - 2.6.1-9.git20161206Timothy Redaelli - 2.6.1-8.git20161206Lance Richardson - 2.6.1-7.git20161206Aaron Conole - 2.6.1-6.git20161206Timothy Redaelli - 2.6.1-5.git20161206Flavio Leitner 2.5.0-23.git20160727Lance Richardson 2.6.1-3.git20161206Lance Richardson 2.6.1-2.git20161206Kevin Traynor 2.6.1-1.git20161206Flavio Leitner 2.5.0-22.git20160727Flavio Leitner 2.5.0-21.git20160727Flavio Leitner 2.5.0-20.git20160727Aaron Conole - 2.5.0-19.git20160727Aaron Conole - 2.5.0-18.git20160727Flavio Leitner - 2.5.0-17.git20160727Flavio Leitner - 2.5.0-16.git20160727Flavio Leitner - 2.5.0-15.git20160727Panu Matilainen - 2.5.0-14.git20160727Panu Matilainen - 2.5.0-13.git20160727Panu Matilainen - 2.5.0-12.git20160727Panu Matilainen - 2.5.0-11.git20160727Panu Matilainen - 2.5.0-10.git20160727Flavio Leitner - 2.5.0-9.git20160727Flavio Leitner - 2.5.0-8.git20160727Flavio Leitner - 2.5.0-7.git20160727Flavio Leitner - 2.5.0-6.git20160628Flavio Leitner - 2.5.0-5.git20160628Panu Matilainen - 2.5.0-4.git20160628Panu Matilainen - 2.5.0-4Flavio Leitner - 2.5.0-3Panu Matilainen - 2.5.0-2Panu Matilainen - 2.5.0-1Panu Matilainen Flavio Leitner Panu Matilainen Ralf Spenneberg - Merging upstream branch-2.11 [RH gerrit: aac87adaf1] Commit list: 40682157c9 ovsdb-server: Fix memleak when failing to read storage.- Merging upstream branch-2.11 [RH gerrit: 1d6f0bd658] Commit list: 75907f8a11 ofp-group: Use big-enough buffer in ofputil_format_group().- Make changelog in spec file more informative [RH gerrit: 99ad8d96f6] This is done by adding the body of the commit message to the changelong. The body is indented and has extra spacing separating each entry in the changelog to make each one more discernible since now they could be longer Signed-off-by: Michael Santana - Merging upstream branch-2.11 [RH gerrit: 560df0228c] Commit list: 8710c3e5ce python: Send notifications after the transaction ends. bf3ef6a869 Handle refTable values with setkey()- Merging upstream branch-2.11 [RH gerrit: 67070c0625] Commit list: e9ad1da4f4 Prepare for 2.11.8. bbc2705315 Set release date for 2.11.7. 0f475a5cd4 ovsdb-client: Fix needs-conversion when SERVER is explicitly specified. 46299c1c72 dpdk: Use DPDK 18.11.11 release. 65c61b0c23 ofp-actions: Fix use-after-free while decoding RAW_ENCAP.- Merging upstream branch-2.11 [RH gerrit: 4351a9b512] Commit list: 9b0307cf7d Prepare for 2.11.7. 5d07b5da2e Set release date for 2.11.6. 018d35b7d9 cirrus: Use FreeBSD 12.2. abd7a45765 flow: Support extra padding length.- Merging upstream branch-2.11 [RH gerrit: a4f1272cee] Commit list: 5a62ed8002 dist-docs: Include manpages generated from rST.- flow: Support extra padding length. [RH gerrit: 35a473f35c] Although not required, padding can be optionally added until the packet length is MTU bytes. A packet with extra padding currently fails sanity checks. Fixes: fa8d9001a624 ("miniflow_extract: Properly handle small IP packets.") Reported-by: Joakim Hindersson Acked-by: Ilya Maximets Signed-off-by: Flavio Leitner - Merging upstream branch-2.11 [RH gerrit: 2e04729b43] Commit list: 1faf6f507c tc: Fix mpls bottom of stack bit mask reporting.- Merging upstream branch-2.11 [RH gerrit: a6fede58cb] Commit list: 6747878b7a python: Add 'six' to list of install requirements.- Merging upstream branch-2.11 [RH gerrit: b8354bd062] Commit list: cd0f896c01 github: Fix Ubuntu package installation. 5804c31209 odp-util: Fix abort while formatting nsh actions.- Merging upstream branch-2.11 [RH gerrit: f41ec7e05b] Commit list: d9e429cc49 Prepare for 2.11.6. 634e6e41cd Set release date for 2.11.5.- Merging upstream branch-2.11 [RH gerrit: 68170d878c] Commit list: dc222c3cf1 lldp: do not leak memory on multiple instances of TLVs 569595898b ofproto-dpif: Uninitialize 'xlate_cache' to free resources- Merging upstream branch-2.11 [RH gerrit: 10478e3802] Commit list: 008414b6f0 ovs-monitor-ipsec: Fix active connection regex.- Merging upstream branch-2.11 [RH gerrit: aa80d76b09] Commit list: 026339bc76 odp-util: Fix netlink message overflow with userdata. 29077624db ovsdb-tool: Fix datum leak in the show-log command. 041d001019 ofproto-dpif-xlate: Stop forwarding MLD reports to group ports.- Merging upstream branch-2.11 [RH gerrit: 838f461d65] Commit list: abe75f4938 datapath: ovs_ct_exit to be done under ovs_lock 884800683f compat: rcu: Add support for consolidated-RCU reader checking 090c694ac7 tests: Add overflow test for the sha1 library. 7bcf93452e travis: Remove support for Travis CI. a29cda9b26 github: Add GitHub Actions workflow. a9748802e0 ovsdb-cluster.at: Fix infinite loop in torture tests.- Merging upstream branch-2.11 [RH gerrit: 757d6ce62c] Commit list: 1dae577d74 ovsdb-idl: Fix *_is_new() IDL functions. 709b548549 compat: Fix compile warning. 8bd0dadd04 compat: Remove stale code. 9414a66816 tests: Add parse-flow tests for MPLS fields. 00ec8e5cb9 ofp-actions: Fix userspace support for mpls_ttl. 655e9aa784 python: Don't raise an Exception on failure to connect via SSL. 1cf4245ace lldp: correctly increase discarded count 330d64d036 lldp: increase statsTLVsUnrecognizedTotal on unknown TLV c00a829e45 lldp: fix a buffer overflow when handling management address TLV 9aed58b5f1 lldp: Fix size of PEEK_DISCARD_UINT32() 2c0bbbacf3 lldp: validate a bit more received LLDP frames 72aa3deacf sha1: Fix algorithm for data bigger than 512 megabytes. 7d52af2228 odp-util: Fix overflow of nested netlink attributes.- redhat: Explicitly define __python [RH gerrit: 045337a5c8] See https://fedoraproject.org/wiki/Changes/PythonMacroError- Merging upstream branch-2.11 [RH gerrit: e835b37ab3] Commit list: 684e43b4d8 raft: Fix error leak on failure while saving snapshot.- Merging upstream branch-2.11 [RH gerrit: a11c3da9f7] Commit list: cc81b50a60 ofp-ed-props: Fix using uninitialized padding for NSH encap actions.- Merging upstream branch-2.11 [RH gerrit: 2a26d61978] Commit list: 3cc79bbc13 system-userspace-packet-type-aware.at: Wait for ip address updates. 2deed05096 netdev-dpdk: Don't set rx mq mode for net_virtio.- Merging upstream branch-2.11 [RH gerrit: e31b9384be] Commit list: 5ceafdc389 docs: Add flow control on i40e issue- Merging upstream branch-2.11 [RH gerrit: a43432762b] Commit list: dfcebfcc2f cirrus: Use FreeBSD 11.4. 9e53a8a76b classifier: Fix use of uninitialized value. 30387b61ac rhel: Fix logrotate group when dpdk is enabled.- Merging upstream branch-2.11 [RH gerrit: dd4802fb0c] Commit list: 1b842af7ad ovs-dpctl-top: Skip "eth()" element. 9ff2a5a115 meta-flow: fix a typo in "MPLS Bottom of Stack Field" paragraph.- pkgtool: Use git-branch to retrieve the name. [RH gerrit: 7240e67479] The name-rev can return any symbolic name for ref, whether it is a branch or a tag. Use git branch --show-current instead.- Merging upstream branch-2.11 [RH gerrit: b16596dda3] Commit list: 05bbdfceb7 netdev-offload-dpdk: Fix for broken ethernet matching HWOL for XL710NIC.- Merging upstream branch-2.11 [RH gerrit: 7b48e66922] Commit list: e38b412dcb acinclude: Fix build with kernels with prandom* moved to prandom.h.- Merging upstream branch-2.11 [RH gerrit: 9ae7cb0a10] Commit list: 218ab4f731 Prepare for 2.11.5. adf1b5c390 Set release date for 2.11.4. 1210688623 datapath-windows: Update flow key in SET action d04e409f39 dpctl: Fix memory leak in dpctl_dump_flows() 5d7a08db86 ovs-router: Fix flushing of local routes.- redhat: Add support to custom RPM releases. [RH gerrit: 570434c6c2] This commit allows the developer to specify a custom release string to be appended to package NVR. If the custom release is 'bz123456', the final release would look like -Y.bz123456.X where Y is the number of changes until the branch was created, and X is the number of changes after that.- pkgtool: Use OVS static version in package NVR. [RH gerrit: 2ed240a84c] The package NVR must coincide with the tarball version.- Merge branch 'fast-datapath-rhel-7' into fast-datapath-rhel-8 [RH gerrit: a2d9792f8c]- Merge branch 'fast-datapath-rhel-7' into fast-datapath-rhel-8 [RH gerrit: c9f7a9e2d3]- spec: Fix configure to use dpdkdir without version. [RH gerrit: 583acc91dd]- redhat: Rename OVSCI job name. [RH gerrit: cbcaa83118] The OVSCI job's name has been renamed to follow a standard.- This is fast-datapath-rhel-8 [RH gerrit: 98f312f126]- bus/pci: fix VF memory access (#1851170) [RH gerrit: fa4d90db57] To fix CVE-2020-12888, the linux vfio-pci module will invalidate mmaps and block MMIO access on disabled memory, it will send a SIGBUS to the application: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=abafbc551fdd When the application opens the vfio PCI device, the vfio-pci module will enable the bus memory space through PCI read/write access. According to the PCIe specification, the 'Memory Space Enable' is always zero for VF: Table 9-13 Command Register Changes Bit Location | PF and VF Register Differences | PF | VF | From Base | Attributes | Attributes -------------+--------------------------------+------------+----------- | Memory Space Enable - Does not | | | apply to VFs. Must be hardwired| Base | 0b 1 | to 0b for VFs. VF Memory Space | | | is controlled by the VF MSE bit| | | in the VF Control register. | | -------------+--------------------------------+------------+----------- Afterwards the vfio-pci will initialize its own virtual PCI config space data ('vconfig') by reading the VF's physical PCI config space, then the 'Memory Space Enable' bit in vconfig will always be 0b value. This will make the vfio-pci treat the BAR memory space as disabled, and the SIGBUS will be triggered if access these BARs. By investigation, the VF PCI device *passthrough* into the Guest OS by QEMU has the 'Memory Space Enable' with 1b value. That's because every PCI driver will start to enable the memory space, and this action will be hooked by vfio-pci virtual PCI read/write to set the 'Memory Space Enable' in vconfig space to 1b. So VF runs in guest OS has 'Mem+', but VF runs in host OS has 'Mem-'. Align with PCI working mode in Guest/QEMU/Host, in DPDK, enable the PCI bus memory space explicitly to avoid access on disabled memory. Fixes: 33604c31354a ("vfio: refactor PCI BAR mapping") Cc: stable@dpdk.org Signed-off-by: Haiyue Wang Acked-by: Anatoly Burakov Tested-by: Harman Kalra Tested-by: David Marchand Tested-by: Thierry Martin (cherry picked from commit 54f3fb127d9c265a5724d193e5c7c6db29fb4150) Resolves: #1851170- vhost: fix vring index check (#1831391) [RH gerrit: 8e33084d85] vhost_user_check_and_alloc_queue_pair() is used to extract a vring index from a payload. This function validates the index and is called early on in when performing message handling. Most message handlers depend on it correctly validating the vring index. Depending on the message type the vring index is in different parts of the payload. The function contains a switch/case for each type and copies the index. This is stored in a uint16. This index is then validated. Depending on the message, the source index is an unsigned int. If integer truncation occurs (uint->uint16) the top 16 bits of the index are never validated. When they are used later on (e.g. in vhost_user_set_vring_num() or vhost_user_set_vring_addr()) it can lead to out of bound indexing. The out of bound indexed data gets written to, and hence this can cause memory corruption. This patch fixes this vulnerability by declaring vring index as an unsigned int in vhost_user_check_and_alloc_queue_pair(). Fixes: 160cbc815b41 ("vhost: remove a hack on queue allocation") Cc: stable@dpdk.org This issue has been assigned CVE-2020-10723 Reported-by: Ilja Van Sprundel Signed-off-by: Maxime Coquelin Reviewed-by: Xiaolong Ye Reviewed-by: Ilja Van Sprundel (cherry picked from commit c78d94189dced04def987a17f16097fcb197a186) Resolves: #1831391- vhost: check log mmap offset and size overflow (#1831391) [RH gerrit: 753ae0cf66] vhost_user_set_log_base() is a message handler that is called to handle the VHOST_USER_SET_LOG_BASE message. Its payload contains a 64 bit size and offset. Both are added up and used as a size when calling mmap(). There is no integer overflow check. If an integer overflow occurs a smaller memory map would be created than requested. Since the returned mapping is mapped as writable and used for logging, a memory corruption could occur. Fixes: fbc4d248b198 ("vhost: fix offset while mmaping log base address") This issue has been assigned CVE-2020-10722 Reported-by: Ilja Van Sprundel Signed-off-by: Maxime Coquelin Reviewed-by: Xiaolong Ye Reviewed-by: Ilja Van Sprundel (cherry picked from commit 338f5eae5de73a91ba42951bfe7d1fba898e1aab) Resolves: #1831391- vhost: add device op when notification to guest is sent (#1726579) [RH gerrit: 92715cf99c] This patch adds an operation callback which gets called every time the library is waking up the guest trough an eventfd_write() call. This can be used by 3rd party application, like OVS, to track the number of times interrupts where generated. This might be of interest to find out system-call were called in the fast path. Signed-off-by: Eelco Chaudron Reviewed-by: Maxime Coquelin (cherry picked from commit 039253166a57ee660dd2fbe92ca77fa65154751c) Resolves: #1726579- net/i40e: re-program promiscuous mode on VF interface (#1733402) [RH gerrit: 0fe1f42b5f] During a kernel PF reset, this event is propagated to the VF. The DPDK VF PMD will execute the reset task before the PF is done with his. This results in the admin queue message not being responded to leaving the port in "promiscuous" mode. This patch makes sure the promiscuous mode is configured independently of the current admin state. Signed-off-by: Eelco Chaudron Reviewed-by: Xiao Zhang (cherry picked from commit ddc7cb0d9453e0c0601a01eab1f388eae4c1fb65) Resolves: #1733402- bus/pci: always check IOMMU capabilities (#1711739) [RH gerrit: 0815c39d39] IOMMU capabilities won't change and must be checked even if no PCI device seem to be supported yet when EAL initialised. This is to accommodate with SPDK that registers its drivers after rte_eal_init(), especially on PPC platform where the IOMMU does not support VA. Fixes: 703458e19c16 ("bus/pci: consider only usable devices for IOVA mode") Signed-off-by: David Marchand Reviewed-by: David Christensen Acked-by: Jerin Jacob Tested-by: Jerin Jacob Tested-by: Takeshi Yoshimura (cherry picked from commit 66d3724b2c87e6fcdf3851ca191683696a91b901) Signed-off-by: David Marchand Resolves: #1711739- eal: fix IOVA mode selection as VA for PCI drivers (#1711739) [RH gerrit: 11fbef3c85] The incriminated commit broke the use of RTE_PCI_DRV_IOVA_AS_VA which was intended to mean "driver only supports VA" but had been understood as "driver supports both PA and VA" by most net drivers and used to let dpdk processes to run as non root (which do not have access to physical addresses on recent kernels). The check on physical addresses actually closed the gap for those drivers. We don't need to mark them with RTE_PCI_DRV_IOVA_AS_VA and this flag can retain its intended meaning. Document explicitly its meaning. We can check that a driver requirement wrt to IOVA mode is fulfilled before trying to probe a device. Finally, document the heuristic used to select the IOVA mode and hope that we won't break it again. Fixes: 703458e19c16 ("bus/pci: consider only usable devices for IOVA mode") Signed-off-by: David Marchand Reviewed-by: Jerin Jacob Tested-by: Jerin Jacob Acked-by: Anatoly Burakov (cherry picked from commit b76fafb174d2cd5247c3573bb3d49444e195e760) Signed-off-by: David Marchand Conflicts: drivers/net/avf/avf_ethdev.c drivers/net/ice/ice_ethdev.c drivers/net/mlx4/mlx4.c drivers/net/mlx5/mlx5.c drivers/net/octeontx2/otx2_ethdev.c drivers/raw/ioat/ioat_rawdev.c Resolves: #1711739- bus/pci: consider only usable devices for IOVA mode (#1711739) [RH gerrit: 69f5cb4c56] When selecting the preferred IOVA mode of the pci bus, the current heuristic ("are devices bound?", "are devices bound to UIO?", "are pmd drivers supporting IOVA as VA?" etc..) should honor the device white/blacklist so that an unwanted device does not impact the decision. There is no reason to consider a device which has no driver available. This applies to all OS, so implements this in common code then call a OS specific callback. On Linux side: - the VFIO special considerations should be evaluated only if VFIO support is built, - there is no strong requirement on using VA rather than PA if a driver supports VA, so defaulting to DC in such a case. Signed-off-by: Ben Walker Signed-off-by: David Marchand Reviewed-by: Anatoly Burakov (cherry picked from commit 703458e19c16135143b3f30089e1af66100c82dc) Signed-off-by: David Marchand Conflicts: drivers/bus/pci/linux/pci.c drivers/bus/pci/pci_common.c Resolves: #1711739- eal: compute IOVA mode based on PA availability (#1711739) [RH gerrit: d5e1d2fa50] Currently, if the bus selects IOVA as PA, the memory init can fail when lacking access to physical addresses. This can be quite hard for normal users to understand what is wrong since this is the default behavior. Catch this situation earlier in eal init by validating physical addresses availability, or select IOVA when no clear preferrence had been expressed. The bus code is changed so that it reports when it does not care about the IOVA mode and let the eal init decide. In Linux implementation, rework rte_eal_using_phys_addrs() so that it can be called earlier but still avoid a circular dependency with rte_mem_virt2phys(). In FreeBSD implementation, rte_eal_using_phys_addrs() always returns false, so the detection part is left as is. If librte_kni is compiled in and the KNI kmod is loaded, - if the buses requested VA, force to PA if physical addresses are available as it was done before, - else, keep iova as VA, KNI init will fail later. Signed-off-by: Ben Walker Signed-off-by: David Marchand Acked-by: Anatoly Burakov (cherry picked from commit c2361bab70c56f64e50f07946b1b20bf688d782a) Signed-off-by: David Marchand Resolves: #1711739- netdev-linux: Update LAG in all cases. (#1812892) [RH gerrit: 2763511809] In some cases, when processing a netlink change event, it's possible for an alternate part of OvS (like the IPv6 endpoint processing) to hold an active netdev interface. This creates a race-condition, where sometimes the OvS change processing will take the normal path. This doesn't work because the netdev device object won't actually be enslaved to the ovs-system (for instance, a linux bond) and ingress qdisc entries will be missing. To address this, we update the LAG information in ALL cases where LAG information could come in. Fixes: d22f8927c3c9 ("netdev-linux: monitor and offload LAG slaves to TC") Cc: Marcelo Leitner Cc: John Hurley Acked-by: Roi Dayan Signed-off-by: Aaron Conole Signed-off-by: Ilya Maximets (cherry picked from commit 7a076a53716394742d0ae44652451501ae17335d) Resolves: #1812892- netdev-offload-tc: Re-fetch block ID after probing. (#1812892) [RH gerrit: 83cebd3221] It's possible that block_id could changes after the probe for block support. Therefore, fetch the block_id again after the probe. Fixes: edc2055a2bf7 ("netdev-offload-tc: Flush rules on ingress block when init tc flow api") Cc: Dmytro Linkin Acked-by: Roi Dayan Co-authored-by: Marcelo Leitner Signed-off-by: Marcelo Leitner Signed-off-by: Aaron Conole Signed-off-by: Ilya Maximets (cherry picked from commit 8508a57228560e154963c542823d36d8098e6610) Resolves: #1812892- netdev-offload-tc: Flush rules on ingress block when init tc flow api (#1812892) [RH gerrit: e5d7d5ec24] OVS can fail to attach ingress block on iface when init tc flow api, if block already exist with rules on it and is shared with other iface. Fix by flush all existing rules on the ingress block prior to deleting it. Fixes: 093c9458fb02 ("tc: allow offloading of block ids") Signed-off-by: Dmytro Linkin Acked-by: Raed Salem Acked-by: Roi Dayan Signed-off-by: Simon Horman (cherry picked from commit edc2055a2bf73258d5731a8f8853397190348b04) Resolves: #1812892- netdev-vport: Use the dst_port in tunnel netdev name (#1727599) [RH gerrit: f4a6fb7574] If tunnel device dst_port is not the default one, "ovs-dpctl dump-flows" will fail. The error message for vxlan is: netdev_linux|INFO|ioctl(SIOCGIFINDEX) on vxlan_sys_4789 device failed: No such device That's because when calling netdev_vport_construct() for netdev vxlan_sys_xxxx, the default dst_port is used. Actually, the dst_port value is in the netdev name. Use it to avoid the error. Signed-off-by: Chris Mi Reviewed-by: Roi Dayan Signed-off-by: Ben Pfaff (cherry picked from commit 6998788197e23c409a6b6cecaa30867ff6d40928) Resolves: #1727599- lib/tc: Fix flow dump for tunnel id equal zero (#1732305) [RH gerrit: 765ba1d1c0] Tunnel id 0 is not printed unless tunnel flag FLOW_TNL_F_KEY is set. Fix that by always setting FLOW_TNL_F_KEY when tunnel id is valid. Fixes: 0227bf092ee6 ("lib/tc: Support optional tunnel id") Signed-off-by: Dmytro Linkin Reviewed-by: Roi Dayan Signed-off-by: Simon Horman (cherry picked from commit 36e50679a6517ee1ec6ed9e4cc83293279a5fffc) Resolves: #1732305- lib/tc: Support optional tunnel id (#1732305) [RH gerrit: 42f09fe96f] Currently the TC tunnel_key action is always initialized with the given tunnel id value. However, some tunneling protocols define the tunnel id as an optional field. This patch initializes the id field of tunnel_key:set and tunnel_key:unset only if a value is provided. In the case that a tunnel key value is not provided by the user the key flag will not be set. Signed-off-by: Adi Nissim Acked-by: Paul Blakey Signed-off-by: Simon Horman (cherry picked from commit 0227bf092ee6b5d18e2b79493d44769cb37ecc98) Resolves: #1732305- tc: Set 'no_percpu' flag for compatible actions (#1780690) [RH gerrit: 42f07f6bd8] Recent changes in Linux kernel TC action subsystem introduced new TCA_ACT_FLAGS_NO_PERCPU_STATS flag. The purpose of the flag is to request action implementation to skip allocating action stats with expensive percpu allocator and use regular built-in action stats instead. Such approach significantly improves rule insertion rate and reduce memory usage for hardware-offloaded rules that don't need benefits provided by percpu allocated stats (improved software TC fast-path performance). Set the flag for all compatible actions. Modify acinclude.m4 to use OVS-internal pkt_cls.h implementation when TCA_ACT_FLAGS is not defined by kernel headers and to manually define struct nla_bitfield32 in netlink.h (new file) when it is not defined by kernel headers. Signed-off-by: Vlad Buslov Reviewed-by: Roi Dayan Signed-off-by: Simon Horman (cherry picked from commit 292d5bd9bb344527e0da19433cf3e51f8a24058c) Resolves: #1780690- rhel: let *-ctl handle runtime directory (#1785586) [RH gerrit: c3763ec916] Recent versions of systemd restores RuntimeDirectory ownership to the unit's User in between execution of *Exec directives (see [1]). Using ExecStartPre to reset RuntimeDirectory ownership to OVS_USER no longer works as expected. The ctl scripts already handle creation of the runtime directory with correct ownership and permissions so we can basically remove RuntimeDirectory from systemd unit file. There is still need to handle ownsership to cover some upgrade scenarios, but success of that will be optional as the directory itself wont exist at first time run. [1] https://github.com/systemd/systemd/issues/12713 Signed-off-by: Jaime Caamaño Ruiz Signed-off-by: Ben Pfaff (cherry picked from commit 7a65e5a9252ac06df62707a571931f501747ecfc) Resolves: #1785586- rhel: set useropts optional for ovsdb-server (#1785586) [RH gerrit: 77bed8f0e4] systemd assesses the presssence of all EnvironmentFile before execution of Exec* directives, thus useropts needs to be optional even though it will always be created at ExecStartPre. Fixes: 94e1e8be3187 ("rhel: run ovn with the same user as ovs") Signed-off-by: Jaime Caamaño Ruiz Signed-off-by: Ben Pfaff (cherry picked from commit 0186c3807cc4500c5699fcf034df3a995c34885c) Resolves: #1785586- rhel: run ovn with the same user as ovs (#1785586) [RH gerrit: 8f5f39b4af] Both ovn and ovs share the same log and run directories which are owned by the user running ovs so it makes sense that ovn runs under that user too to diminish security concerns and possible problems with log rotation. Signed-off-by: Jaime Caamaño Ruiz Signed-off-by: Ben Pfaff (cherry picked from commit 94e1e8be3187a4824ac27ed843396dde5cc02d13) Resolves: #1785586- rhel: secure openvswitch useropts (#1785586) [RH gerrit: 71154ad26f] The openvswitch useropts file is being stored in a directory where the openvswitch user has write permissions. The openvswitch user can then manipulate the file to change the user under which switchd daemon runs. This patch changes the file to /var/openvswitch.useropts preventing any manipulation. Signed-off-by: Jaime Caamaño Ruiz Signed-off-by: Ben Pfaff (cherry picked from commit 27e25e18c1f4cdd789d5670ab9e01dcf02a86b6f) Resolves: #1785586- userspace: Improved packet drop statistics. (#1726568) [RH gerrit: a6b7a37be8] Currently OVS maintains explicit packet drop/error counters only on port level. Packets that are dropped as part of normal OpenFlow processing are counted in flow stats of “drop” flows or as table misses in table stats. These can only be interpreted by controllers that know the semantics of the configured OpenFlow pipeline. Without that knowledge, it is impossible for an OVS user to obtain e.g. the total number of packets dropped due to OpenFlow rules. Furthermore, there are numerous other reasons for which packets can be dropped by OVS slow path that are not related to the OpenFlow pipeline. The generated datapath flow entries include a drop action to avoid further expensive upcalls to the slow path, but subsequent packets dropped by the datapath are not accounted anywhere. Finally, the datapath itself drops packets in certain error situations. Also, these drops are today not accounted for.This makes it difficult for OVS users to monitor packet drop in an OVS instance and to alert a management system in case of a unexpected increase of such drops. Also OVS trouble-shooters face difficulties in analysing packet drops. With this patch we implement following changes to address the issues mentioned above. 1. Identify and account all the silent packet drop scenarios 2. Display these drops in ovs-appctl coverage/show Co-authored-by: Rohith Basavaraja Co-authored-by: Keshav Gupta Signed-off-by: Anju Thomas Signed-off-by: Rohith Basavaraja Signed-off-by: Keshav Gupta Acked-by: Eelco Chaudron Signed-off-by: Ilya Maximets (cherry picked from commit a13a0209750c424556189796061c40d08c689467) Resolves: #1726568- netdev-dpdk: Fix sw stats perf drop. (#1790841) [RH gerrit: 54f4571750] Accessing the sw stats in the vhost datapath of a PVP test can incur a performance drop of ~2%. Most of the time these stats will just be getting zero added to them. By checking if there is a non-zero update first, we can avoid accessing them when they won't be updated and avoid the performance drop. Fixes: 2f862c712e52 ("netdev-dpdk: Detailed packet drop statistics.") Signed-off-by: Kevin Traynor Acked-by: Eelco Chaudron Signed-off-by: Ilya Maximets (cherry picked from commit 6d77abf4f7ea5596ba8c4a7a27768e83e80a7e46) Resolves: #1790841- netdev-dpdk: Detailed packet drop statistics. (#1790841) [RH gerrit: 1e1b33541a] OVS may be unable to transmit packets for multiple reasons on the userspace datapath and today there is a single counter to track packets dropped due to any of those reasons. This patch adds custom software stats for the different reasons packets may be dropped during tx/rx on the userspace datapath in OVS. - MTU drops : drops that occur due to a too large packet size - Qos drops : drops that occur due to egress/ingress QOS - Tx failures: drops as returned by the DPDK PMD send function Note that the reason for tx failures is not specified in OVS. In practice for vhost ports it is most common that tx failures are because there are not enough available descriptors, which is usually caused by misconfiguration of the guest queues and/or because the guest is not consuming packets fast enough from the queues. These counters are displayed along with other stats in "ovs-vsctl get interface statistics" command and are available for dpdk and vhostuser/vhostuserclient ports. Also the existing "tx_retries" counter for vhost ports has been renamed to "ovs_tx_retries", so that all the custom statistics that OVS accumulates itself will have the prefix "ovs_". This will prevent any custom stats names overlapping with driver/HW stats. Acked-by: Kevin Traynor Signed-off-by: Sriram Vatala Signed-off-by: Ilya Maximets (cherry picked from commit 2f862c712e52fe524e441ab58bb042dcb20214ee) Resolves: #1790841- netdev-dpdk: Reuse vhost function for dpdk ETH custom stats. (#1790841) [RH gerrit: e0d00f70c5] This is yet another refactoring for upcoming detailed drop stats. It allows to use single function for all the software calculated statistics in netdev-dpdk for both vhost and ETH ports. UINT64_MAX used as a marker for non-supported statistics in a same way as it's done in bridge.c for common netdev stats. Co-authored-by: Sriram Vatala Signed-off-by: Ilya Maximets Signed-off-by: Sriram Vatala Acked-by: Kevin Traynor (cherry picked from commit b99ab8aaaf9f6057ddbc332c76ab774dbfd4ccc3) Resolves: #1790841- netdev-dpdk: Refactor vhost custom stats for extensibility. (#1790841) [RH gerrit: b084d7a5c2] vHost interfaces currently has only one custom statistic, but there might be others in the near future. This refactoring makes the code work in the same way as it done for dpdk and afxdp stats to keep the common style over the different code places and makes it easily extensible for the new stats addition. Signed-off-by: Ilya Maximets Reviewed-by: David Marchand Acked-by: Kevin Traynor (cherry picked from commit 5c7ba90d8189ee7b35a1723d5a76dc205720af50) Resolves: #1790841- netdev-dpdk: Fix not reporting rx_oversize_errors in stats. (#1790841) [RH gerrit: 26017f85c8] There is a big code duplication issue with DPDK xstats that led to missed "rx_oversize_errors" statistics. It's defined but not used. Fix that by actually using this stat along with code refactoring that will allow us to not make same mistakes in the future. Macro definitions are perfectly suitable to automate code generation in such cases and already used in a couple of places in OVS for similar purposes. Signed-off-by: Ilya Maximets Reviewed-by: David Marchand Acked-by: Kevin Traynor Acked-by: Ian Stokes (cherry picked from commit 18366d165162051463fd28e9f46d1c2cbe355eb3) Resolves: #1790841- ovsdb replication: Provide option to configure probe interval. (#1788800) [RH gerrit: e8a669ead7] When ovsdb-server is in backup mode and connects to the active ovsdb-server for replication, and if takes more than 5 seconds to get the dump of the whole database, it will drop the connection soon after as the default probe interval is 5 seconds. This results in a snowball effect of reconnections to the active ovsdb-server. This patch handles or mitigates this issue by setting the default probe interval value to 60 seconds and provide the option to configure this value from the unixctl command. Other option could be increase the value of 'RECONNECT_DEFAULT_PROBE_INTERVAL' to a higher value. Acked-by: Mark Michelson Acked-by: Dumitru Ceara Signed-off-by: Numan Siddique Signed-off-by: Ben Pfaff (cherry-picked from commit e988b8abeec9d4be94b519c5d4ed4586ff71fde0) Resolves: #1788800- netdev-dpdk: Add coverage counter to count vhost IRQs. (#1726579) [RH gerrit: 3c3997eb0a] When the dpdk vhost library executes an eventfd_write() call, i.e. waking up the guest, a new callback will be called. This patch adds the callback to count the number of interrupts sent to the VM to track the number of times interrupts where generated. This might be of interest to find out system-calls were called in the DPDK fast path. The coverage counter is called "vhost_notification" and can be read with: $ ovs-appctl coverage/read-counter vhost_notification 13238319 Signed-off-by: Eelco Chaudron Signed-off-by: Ilya Maximets (cherry picked from commit 3d56e4ac445d17e69484a95b319ac578e3580b65) Signed-off-by: David Marchand Conflicts: lib/netdev-dpdk.c Resolves: #1726579- netdev-dpdk: add support for the RTE_ETH_EVENT_INTR_RESET event. (#1719644) [RH gerrit: ca1a1a8e1c] Currently, OVS does not register and therefore not handle the interface reset event from the DPDK framework. This would cause a problem in cases where a VF is used as an interface, and its configuration changes. As an example in the following scenario the MAC change is not detected/acted upon until OVS is restarted without the patch applied: $ echo 1 > /sys/bus/pci/devices/0000:05:00.1/sriov_numvfs $ ovs-vsctl add-port ovs_pvp_br0 dpdk0 -- \ set Interface dpdk0 type=dpdk -- \ set Interface dpdk0 options:dpdk-devargs=0000:05:0a.0 $ ip link set p5p2 vf 0 mac 52:54:00:92:d3:33 Signed-off-by: Eelco Chaudron Signed-off-by: Ilya Maximets (cherry picked from commit 988fd46391495e1ff92fa0d81204ae712e89ef9d) Resolves: #1719644- bridge: Allow manual notifications about interfaces' updates. (#1719644) [RH gerrit: f58b680888] Sometimes interface updates could happen in a way ifnotifier is not able to catch. For example some heavy operations (device reset) in netdev-dpdk could require re-applying of the bridge configuration. For this purpose new manual notifier introduced. Its function 'if_notifier_manual_report()' could be called directly by the code that aware about changes. This new notifier is thread-safe. Signed-off-by: Ilya Maximets Acked-by: Eelco Chaudron (cherry picked from commit db54e9672052db9c45f84d89454104eb2fedfb02) Signed-off-by: David Marchand Conflicts: lib/automake.mk vswitchd/bridge.c Resolves: #1719644- Shutdown SSL connection before closing socket (#1780745) [RH gerrit: aa97017175] Without shutting down the SSL connection, log messages like: stream_ssl|WARN|SSL_read: unexpected SSL connection close jsonrpc|WARN|ssl:127.0.0.1:47052: receive error: Protocol error reconnect|WARN|ssl:127.0.0.1:47052: connection dropped (Protocol error) would occur whenever the socket is closed. This just adds an SSLStream.close() that calls shutdown() and ignores SSL errors, the same way that lib/stream-ssl.c does in ssl_close(). Signed-off-by: Terry Wilson Signed-off-by: Ben Pfaff (cherry picked from commit 5fe179987d14ff38cce345dbbe57ef1ffe7853cc) Resolves: #1780745- flake8: also check the ovs-check-dead-ifs script (#1751161) [RH gerrit: ecd3a1b407] Acked-by: William Tu Signed-off-by: Aaron Conole Signed-off-by: Ben Pfaff (cherry picked from commit bc6f73c951af472d221985965085544e60248b03) Resolves: #1751161- ovs-check-dead-ifs: unshadow pid variable (#1751161) [RH gerrit: a086e76181] The pid variable is being shadowed by the list comprehension in the os.execvp() call. This can generate flakes / warnings in some environments so fix it. Acked-by: William Tu Signed-off-by: Aaron Conole Signed-off-by: Ben Pfaff (cherry picked from commit 78e2a56927b5ba7e6f8808e3cf967171a2708a57) Resolves: #1751161- ovs-check-dead-ifs: python3 print format (#1751161) [RH gerrit: d61553f744] The print call changed in python3, so update it. Acked-by: William Tu Signed-off-by: Aaron Conole Signed-off-by: Ben Pfaff (cherry picked from commit c864b82d889dc47fb88d5cdde8caeca962776871) Resolves: #1751161- ovs-tcpundump: exit when getting version (#1764127) [RH gerrit: ea9923af22] Running 'ovs-tcpundump -V' will cause ovs-tcpundump to start processing on stdin. Instead, print the version and exit. Signed-off-by: Aaron Conole Signed-off-by: Ben Pfaff (cherry picked from commit c691cffb03ba3a7595f364c2766fdd2ace8c3842) Resolves: #1764127- ovs-tcpundump: allow multiple packet lengths (#1764125) [RH gerrit: ac3b779405] The tcpundump tool expects all packets to be a length which aligns to exactly a 4-nibble boundary. This means packets like DNS requests will be stripped before being correctly processed. Fix this by allowing at least two nibbles (or one byte) alignment. Signed-off-by: Aaron Conole Signed-off-by: Ben Pfaff (cherry picked from commit 1051576cf2b8a6ffddf849d984c250a8456e6144) Resolves: #1764125- jsonrpc: increase input buffer size from 512 to 4096 (#1776883) [RH gerrit: 9c93db8373] Increase jsonrpc input buffer size from 512 to 4096 bytes in order to reduce the syscall overhead when downloading huge db size Acked-by: Mark Michelson Signed-off-by: Lorenzo Bianconi Signed-off-by: Ben Pfaff (cherry picked from commit ea5c1ba0e3b899b8b6684f23a44bbfd4331815ee) Resolves: #1776883- netdev-dpdk: Track vhost tx contention. (#1740144) [RH gerrit: 31112a9502] Add a coverage counter to help diagnose contention on the vhost txqs. This is seen as dropped packets on the physical ports for rates that are usually handled fine by OVS. Acked-by: Eelco Chaudron Signed-off-by: David Marchand Signed-off-by: Ilya Maximets (cherry picked from commit 9ff24b9c9323652f9dc80ff7928148c4af12da9c) Resolves: #1740144- ovsdb-server: Allow replication from older schema version servers. (#1766586) [RH gerrit: cb53fe2282] Presently, replication is not allowed if there is a schema version mismatch between the schema returned by the active ovsdb-server and the local db schema. This is causing failures in OVN DB HA deployments during uprades. In the case of OpenStack tripleo deployment with OVN, OVN DB ovsdb-servers are deployed on a multi node controller cluster in active/standby mode. During minor updates or major upgrades, the cluster is updated one at a time. If a node A is running active OVN DB ovsdb-servers and when it is updated, another node B becomes active. After the update when OVN DB ovsdb-servers in A are started, these ovsdb-servers fail to replicate from the active if there is a schema version mismatch. This patch addresses this issue by allowing replication even if there is a schema version mismatch only if all the active db schema tables and its colums are present in the local db schema. This should not result in any data loss. Signed-off-by: Numan Siddique Signed-off-by: Ben Pfaff (cherry picked from commit cec7005bde4bc81de7b94a3dc4b4160800c98be7) Resolves: #1766586- ovsdb-server: Don't drop all connections on read/write status change. (#1761572) [RH gerrit: 5a0a77328b] The commit [1] force drops all connections when the db read/write status changes. Prior to the commit [1], when there was read/write status change, the existing jsonrpc sessions with 'db_change_aware' set to true, were not updated with the changed 'read_only' value. If the db status was changed to 'standby', the existing clients could still write to the db. In the case of pacemaker OVN HA, OVN OCF script 'start' action starts the ovsdb-servers in read-only state and later, it sets to read-write in the 'promote' action. We have observed that if some ovn-controllers connect to the SB ovsdb-server (in read-only state) just before the 'promote' action, the connection is not reset all the times and these ovn-controllers remain connected to the SB ovsdb-server in read-only state all the time. Even though the commit [1] calls 'ovsdb_jsonrpc_server_reconnect()' with 'forced' flag set to true when the db read/write status changes, somehow the FSM misses resetting the connections of these ovn-controllers. I think this needs to be addressed in the FSM. This patch doesn't address this FSM issue. Instead it changes the behavior of 'ovsdb_jsonrpc_server_set_read_only()' by setting the 'read_only' flag of all the jsonrpc sessions instead of forcefully resetting the connection. I think there is no need to reset the connection. In large scale production deployements with OVN, this results in unnecessary waste of CPU cycles as ovn-controllers will have to connect twice - once during 'start' action and again during 'promote'. [1] - 2a9679e3b2c6("ovsdb-server: drop all connections on read/write status change") Acked-by: Dumitru Ceara Signed-off-by: Numan Siddique Signed-off-by: Ben Pfaff (cherry picked from commit a5ff4874ba4bb60ced7bda6ad97d0be38e8172eb) Resolves: #1761572- ofproto-dpif: Fix continuation with patch port (#1761461) [RH gerrit: 069d4bd437] This patch fixes the ofp_port to odp_port translation issue on patch port with nxt_resume. When OVS resumes processing a packet from nxt_resume, OVS does not translate the ofp in_port to odp in_port correctly if the packet is originally received from a patch port. Currently,OVS sets the odp in_port for this resume pakcet as ODPP_NONE and push the resume packet back to the datapath. Later on, if the packet goes through a recirc, OVS will generate the following message since it can not translate odp in_port (ODPP_NONE) back to ofp in_port during upcall, and push down a datapath rule to drop the packet. ofproto_dpif_upcall(handler16)|INFO|received packet on unassociated datapath port 4294967295 When OVS revalidates the drop datapath flow with ODPP_NONE in_port, we will see the following warning. ofproto_dpif_upcall(revalidator18)|WARN|Failed to acquire udpif_key corresponding to unexpected flow (Invalid argument): ufid:.... This patch resolves this issue by storing the odp in_port in the continuation messages, and restores the odp in_port before push the packet back to the datapath. VMWare-BZ: 2364696 Signed-off-by: Yi-Hung Wei Signed-off-by: Ben Pfaff (cherry picked from commit 88d2ac50aa4e3383e185b698a1b3a44a6f7b4f80) Resolves: #1761461- vswitch: ratelimit the device add log (#1737146) [RH gerrit: 052e541d45] It's possible that a port added to the system with certain kinds of invalid parameters will cause the 'could not add' log to be triggered. When this happens, the vswitch run loop can continually re-attempt adding the port. While the parameters remain invalid the vswitch run loop will re-trigger the warning, flooding the syslog. This patch adds a simple rate limit to the log. Acked-by: William Tu Signed-off-by: Aaron Conole Signed-off-by: Ben Pfaff (cherry picked from commit 45bd8c563273fb914ff1960a53cfdcfddb0a5588) Resolves: #1737146- netdev-dpdk: Enable tx-retries-max config. (#1747531) [RH gerrit: 734086f5d4] vhost tx retries can provide some mitigation against dropped packets due to a temporarily slow guest/limited queue size for an interface, but on the other hand when a system is fully loaded those extra cycles retrying could mean packets are dropped elsewhere. Up to now max vhost tx retries have been hardcoded, which meant no tuning and no way to disable for debugging to see if extra cycles spent retrying resulted in rx drops on some other interface. Add an option to change the max retries, with a value of 0 effectively disabling vhost tx retries. Signed-off-by: Kevin Traynor Acked-by: Eelco Chaudron Acked-by: Flavio Leitner Acked-by: Ilya Maximets Signed-off-by: Ian Stokes (cherry picked from commit 080f080c3bc1e87da4affdce28a01b1a87a60364) Resolves: #1747531- netdev-dpdk: Add custom stat for vhost tx retries. (#1747531) [RH gerrit: 0c238ac414] vhost tx retries may occur, and it can be a sign that the guest is not optimally configured. Add a custom stat so a user will know if vhost tx retries are occurring and hence give a hint that guest config should be examined. Signed-off-by: Kevin Traynor Signed-off-by: Ian Stokes (cherry picked from commit c161357d5d96f32144f4b63ee6b06049c0cc0a09) Resolves: #1747531- doc: Move vhost tx retry info to separate section. (#1747531) [RH gerrit: 91d9e4d92b] vhost tx retry is applicable to vhost-user and vhost-user-client, but was in the section that compares them. Also, moved further down the doc as prefer to have more fundamental info about vhost nearer the top. Fixes: 6d6513bfc657 ("doc: Add info on vhost tx retries.") Reported-by: David Marchand Signed-off-by: Kevin Traynor Reviewed-by: David Marchand Signed-off-by: Ian Stokes (cherry picked from commit 4e6c16db31806dfcf84d6ebdb0d708cfa39bd08f) Resolves: #1747531- netdev-vport: Make ip6gre netdev type to use TC rules (#1725623) [RH gerrit: d3315b8035] The offload api functions already assigned to every tunnel class. For ip6gre tunnel class only need to also assign the get_ifindex function, similarly as done in commit 5e63eaa969a3 ("netdev-vport: Make gre netdev type to use TC rules"). Signed-off-by: Eli Britstein Reviewed-by: Roi Dayan Signed-off-by: Ben Pfaff (cherry picked from commit 8732450c2ee76410c7fbebaebe5f9cf27252208f) Resolves: #1725623- tunnel: Add layer 2 IPv6 GRE encapsulation support. (#1725623) [RH gerrit: 0c20e7e83d] The patch adds ip6gre support. Tunnel type 'ip6gre' with packet_type= legacy_l2 is a layer 2 GRE tunnel over IPv6, carrying inner ethernet packets and encap with GRE header with outer IPv6 header. Encapsulation of layer 3 packet over IPv6 GRE, ip6gre, is not supported yet. I tested it by running: under kernel 5.2 and for userspace: Tested-by: Greg Rose Tested-at: https://travis-ci.org/gvrose8192/ovs-experimental/builds/552977116 Reviewed-by: Greg Rose Reviewed-by: Eli Britstein Signed-off-by: William Tu Signed-off-by: Ben Pfaff (cherry picked from commit a3173ee1476840aaa6d90640169bd276568ff4c1) Resolves: #1725623- ovsdb-server: drop all connections on read/write status change (#1720947) [RH gerrit: 0f0be40ee0] Prior to this patch, only db change aware connections were dropped on a read/write status change. However, current schema in OVN does not allow clients to monitor whether a particular DB changes this status. In order to accomplish this, we'd need to change the schema and adapting ovsdb-server and existing clients. Before tackling that, this patch is changing ovsdb-server to drop *all* the existing connections upon a read/write status change. This will force clients to reconnect and honor the change. Reported-at: https://mail.openvswitch.org/pipermail/ovs-discuss/2019-July/048981.html Signed-off-by: Daniel Alvarez Signed-off-by: Ben Pfaff (cherry picked from commit 2a9679e3b2c6fde74ddae362d88ba16db7fbfc38) Resolves: #1720947- netdev-tc-offloads: Support match on priority tags (#1725623) [RH gerrit: 895735b382] The logic by which a TC rule has a VLAN match is by the VLAN TCI field, either the VID, PCP or CFI are non-zero. For priority-tag packets there is a VLAN tag header with a zero VLAN TCI. Match on existence of VLAN header (TPID) regardless of TCI matching. Signed-off-by: Eli Britstein Reviewed-by: Roi Dayan Signed-off-by: Simon Horman (cherry picked from commit 0b0a84783cd6048ca3d35af0f5b4652cecd34358) Resolves: #1725623- rhel: limit stack size to 2M. (#1720315) [RH gerrit: 79c6209e71] The default stack size in Fedora/RHEL is 8M, which means when ovs-vswitchd daemon starts and uses --mlockall (default), it will dirty all memory regions for all threads which is proportionally to the number of CPUs. On a big host this increases memory usage to many hundreds of megabytes while OVS actually requires much less. This patch relies on systemd to limit to 2M/thread. That is much more than the minimum documented at function ovs_thread_create(): /* Some small systems use a default stack size as small as 80 kB, but OVS * requires approximately 384 kB according to the following analysis: * https://mail.openvswitch.org/pipermail/ovs-dev/2016-January/308592.html * * We use 512 kB to give us some margin of error. */ Acked-By: Timothy Redaelli Tested-By: Timothy Redaelli Signed-off-by: Flavio Leitner Signed-off-by: Ben Pfaff (cherry picked from commit b82a90e266e1246fe2973db97c95df22558174ea) Resolves: #1720315- Add a new OVS action check_pkt_larger (#1702564) [RH gerrit: c899ac5788] This patch adds a new action 'check_pkt_larger' which checks if the packet is larger than the given size and stores the result in the destination register. Usage: check_pkt_larger(len)->REGISTER Eg. match=...,actions=check_pkt_larger(1442)->NXM_NX_REG0[0],next; This patch makes use of the new datapath action - 'check_pkt_len' which was recently added in the commit [1]. At the start of ovs-vswitchd, datapath is probed for this action. If the datapath action is present, then 'check_pkt_larger' makes use of this datapath action. Datapath action 'check_pkt_len' takes these nlattrs * OVS_CHECK_PKT_LEN_ATTR_PKT_LEN - 'pkt_len' to check for * OVS_CHECK_PKT_LEN_ATTR_ACTIONS_IF_GREATER (optional) - Nested actions to apply if the packet length is greater than the specified 'pkt_len' * OVS_CHECK_PKT_LEN_ATTR_ACTIONS_IF_LESS_EQUAL (optional) - Nested actions to apply if the packet length is lesser or equal to the specified 'pkt_len'. Let's say we have these flows added to an OVS bridge br-int table=0, priority=100 in_port=1,ip,actions=check_pkt_larger:100->NXM_NX_REG0[0],resubmit(,1) table=1, priority=200,in_port=1,ip,reg0=0x1/0x1 actions=output:3 table=1, priority=100,in_port=1,ip,actions=output:4 Then the action 'check_pkt_larger' will be translated as - check_pkt_len(size=100,gt(3),le(4)) datapath will check the packet length and if the packet length is greater than 100, it will output to port 3, else it will output to port 4. In case, datapath doesn't support 'check_pkt_len' action, the OVS action 'check_pkt_larger' sets SLOW_ACTION so that datapath flow is not added. This OVS action is intended to be used by OVN to check the packet length and generate an ICMP packet with type 3, code 4 and next hop mtu in the logical router pipeline if the MTU of the physical interface is lesser than the packet length. More information can be found here [2] [1] - https://kernel.googlesource.com/pub/scm/linux/kernel/git/davem/net-next/+/4d5ec89fc8d14dcdab7214a0c13a1c7321dc6ea9 [2] - https://mail.openvswitch.org/pipermail/ovs-discuss/2018-July/047039.html Reported-at: https://mail.openvswitch.org/pipermail/ovs-discuss/2018-July/047039.html Suggested-by: Ben Pfaff Signed-off-by: Numan Siddique CC: Ben Pfaff CC: Gregory Rose Acked-by: Mark Michelson Signed-off-by: Ben Pfaff (cherry picked from commit 5b34f8fc3b38b430c05ee39a0c84f8e9da24cd3a) Conflicts: NEWS tests/ofprot-dpif.at +L10571 - Not really a conflict. Had to fix the test case because we don't have the commit - dbf4a92800d0365cc3ec3c0e99df56e2ba676cb7 Resolves: #1702564- netlink linux: account for the netnsid netlink attr. (#1692812) [RH gerrit: ce14b518b7] The buffer needs to be reallocated and data copied when the netnsid netlink attribute is included, so avoid that by accounting the attribute when the buffer is initially allocated. Fixes: 756819ddd788 ("netdev-linux: use netlink to update netdev.") Acked-by: Aaron Conole Signed-off-by: Flavio Leitner Signed-off-by: Ben Pfaff (cherry picked from commit b43762a5ad3343d28e61ed518c97802c5bd8f380) Resolves: #1692812- rhel: Add an example to specify custom options (#1687775) [RH gerrit: a7dd6b6eb5] Add an example to specify custom options of ovs-vswitchd and ovsdb-server. In the example, the log level for file and console destinations is set to dbg. Signed-off-by: Timothy Redaelli Signed-off-by: Ben Pfaff (cherry picked from commit 175b9a6401da76994bac955ebc9f440634e63d55) Resolves: #1687775- ovs-ctl: Permit to specify additional options (#1687775) [RH gerrit: b8a874b82e] Currently using ovs-ctl is not possible to specify additional options for ovs-vswitchd and ovsdb-server (for example to specify a different loglevel during daemon startup). This patch adds --ovs-vswitchd-options and --ovsdb-server-options options to ovs-ctl in order to specify the additional options. Due to word splitting it may not be possible to specify an option that includes whitespaces. Reported-at: https://bugzilla.redhat.com/1664794 Reported-by: Matt Flusche Signed-off-by: Timothy Redaelli Signed-off-by: Ben Pfaff (cherry picked from commit fce20b8b73b1c08bc0f51a04a2109d80e4bc8b51) Resolves: #1687775- Merge commit 'a4efc599e0244e43fd417b2fb38b7f120eb1ebd4' into fast-datapath-rhel-7 [RH gerrit: 8da1428afe]- Backport "bus/pci: fix VF memory access" (#1851170)- Backport the upstreammed fixes for HWOL (#1812892)- Backport fixes for CVE-2020-10722 & CVE-2020-10723 (#1831391 & #1831394)- Backport HWOL fixes for ingress qdisc (#1812892)- Update to DPDK 18.11.7 (#1822653)- Rebase to last branch-2.11 commit and DPDK 18.11.6 (#1822653)- Backport "vhost: fix packed virtqueue ready condition" (#1793068)- Revert Backport "ovs-tc: support OvS internal port offload" and deps (#1737982) - Revert Backport "netdev-tc-offloads: Use correct hook qdisc at init tc flow" (#1737982)- Backport "vhost: fix vring memory partially mapped" (#1798996) - Backport "vhost: protect log address translation in IOTLB update" (#1798996)- Backport "netdev-vport: Use the dst_port in tunnel netdev name" (#1727599)- Backport "dpif-netlink: Allow offloading of flows with dl_type 0x1234." (#1722337)- Backport "lib/tc: Support optional tunnel id" (#1732305) Backport "lib/tc: Fix flow dump for tunnel id equal zero" (#1732305)- Backport "tc: implement support for action flags" (#1780690)- Backport "rhel: secure openvswitch useropts" (#1785586) - Backport "rhel: run ovn with the same user as ovs" (#1785586) - Backport "rhel: set useropts optional for ovsdb-server" (#1785586) - Backport "rhel: let *-ctl handle runtime directory" (#1785586)- Backport "userspace: Improved packet drop statistics" (#1726568)- Detailed packet drop statistics and related patches (#1790841) - Backport "netdev-dpdk: Fix not reporting rx_oversize_errors in stats." (#1790841) - Backport "netdev-dpdk: Refactor vhost custom stats for extensibility." (#1790841) - Backport "netdev-dpdk: Reuse vhost function for dpdk ETH custom stats." (#1790841) - Backport "netdev-dpdk: Detailed packet drop statistics." (#1790841) - Backport "netdev-dpdk: Fix sw stats perf drop." (#1790841)- Backport "vhost: fix virtqueue not accessible" (#1792399) - Backport "vhost: prevent zero copy mode if IOMMU is on" (#1792399) - Backport "vhost: convert buffer addresses to GPA for logging" (#1792399) - Backport "vhost: translate incoming log address to GPA" (#1792399) - Backport "vhost: fix vring address handling during live migration" (#1792399) - Backport "vhost: add external message handling to the API" (#1792399)- Backport "ovsdb replication: Provide option to configure probe interval" (#1788800)- Backport DPDK interrupt fixes for qede (#1738789)- Backport "vhost: add device op when notification to guest is sent" (#1726579) - Backport "netdev-dpdk: Add coverage counter to count vhost IRQs" (#1726579)- Backport "net/i40e: downgrade error log" (#1719644) - Backport "net/i40e: re-program promiscuous mode on VF interface" (#1733402) - Backport "bridge: Allow manual notifications about interfaces' updates" (#1719644) - Backport "netdev-dpdk: add support for the RTE_ETH_EVENT_INTR_RESET" (#1719644)- Fix librte_pmd_mlx{4,5}_glue.so error in Execshield part of RPMDiff by backporting the DPDK flags from dpdk spec file.- Backport "Shutdown SSL connection before closing socket" (#1780745)- Backport "ovs-check-dead-ifs: python3 print format" (#1751161) - Backport "ovs-check-dead-ifs: unshadow pid variable" (#1751161) - Backport "flake8: also check the ovs-check-dead-ifs script" (#1751161)- Backport "ovs-tcpundump: exit when getting version" (#1764127)- Backport "ovs-tcpundump: allow multiple packet lengths" (#1764125)- Rebase internal DPDK to 18.11.5 (#1760246) (CVE-2019-14818)- Backport "jsonrpc: increase input buffer size from 512 to 4096" (#1776883)- Backport "netdev-dpdk: Track vhost tx contention." (#1740144)- Backport "ovsdb-server: Allow replication from older schema version servers" (#1766586)- Backport "ovsdb-server: Don't drop all connections on read/write status change" (#1761572)- Backport "ofproto-dpif: Fix continuation with patch port" (#1761461)- Backport "vswitch: ratelimit the device add log" (#1737146)- Backport "Add custom stat for vhost tx retries." (#1747531) - Backport "Enable tx-retries-max config." (#1747531)- tnl-neigh: Use outgoing ofproto version (#1685642)- Bump release- Renumbered dpdk patches - Backport IOVA fixes (#1711739)- Backport "ovsdb-server: drop all connections on read/write status change" (#1720947)- Increase CONFIG_RTE_MAX_ETHPORTS to 128 (#1730421)- Backport "tunnel: Add layer 2 IPv6 GRE encapsulation support." and "netdev-vport: Make ip6gre netdev type to use TC rules" (#1725623)- Rebase internal DPDK to 18.11.2 (#1713698)- Backport "net/i40e: fix dropped packets statistics name" (#1728610)- Backport "netdev-tc-offloads: Use correct hook qdisc at init tc flow" (#1721219)- Backport "netdev-tc-offloads: Support match on priority tags" (#1722249)- Backport Vhost performance regression fixes (#1672538)- Backport "rhel: limit stack size to 2M." (#1720315)- Backport "ovs-tc: support OvS internal port offload" and deps (#1702334)- Backport "[OVN] Fragmentation support - check_pkt_larger action" (#1702564)- Backport "net/qede: support IOVA VA mode" (#1684605)- Backport cpu affinity fixes (#1687320)- Add missing dependencies for ovs-tcpdump (#1697978)- fixed netlink msg corruption when updating netdev. (#1692812)- Backport "net/bnxt: support IOVA VA mode" (#1645523)- Backport "ovs-ctl: Permit to specify additional options" (#1687775) - Remove useless -fPIC from DPDK- Backport "rhel: Use PIDFile on forking systemd service files" (#1684477)- Update to official 2.11 release- Snapshot of branch-2.11 d3a10db4fd38- Snapshot of branch-2.11 d4ff5b2be7fc- Update to a snapshot of OVS 2.11 from master- Backport "OVN: add static IP support to IPAM" (#1664028)- Backport some patches to improve offload indications (#1655990)- Add "Requires: openvswitch = %{version}-%{release}" to python-openvswitch2.10 (#1662944)- Backport "OVN: add mac address only support to IPAM/MACAM" (#1662905)- Backport "ovn-controller: Inject GARPs to logical switch pipeline to update neighbors" (#1643902)- Backport 'ovs-ctl: fix system-id.conf owner' (#1659391) - Do not check /var/log/openvswitch owner/group (#1659391)- Backport "ovn: Fix the invalid eth.dst and ip6.dst set by nd_ns action for certain cases." (#1656018)- Backport "dpif-netdev: Add vlan to mask for flow_put operation" (#1649516)- Backport "ovn: Avoid tunneling for VLAN packets redirected to a gateway chassis" (#1561880)- Backport "mem: fix memory initialization time" (#1647498)- Backport "tests: Use the default key length when generating RSA keys"- Backport "net/qede: fix crash when configure fails" (#1648183)- Backport 'pinctrl: Fix dp_packet structure leak' and 'pinctrl: Fix crash on buffered packets hmap double remove'. Moreover align 'ovn -- 3 HVs, 3 LS, 3 lports/LS, 1 LR' test to upstream one (#1649008)- Backup "netdev-dpdk: Bring link down when NETDEV_UP is not set" (#1645288)- OVN: configure L2 address according to the used IP address (#1648272)- Backport "bond: Honor updelay and downdelay when LACP is in use" (#1646923)- OVN: introduce mac_prefix support to IPAM (#1647750)- Backport "ofproto-dpif-xlate: Avoid deadlock on multicast snooping recursion" (#1643065)- Re-enable "make check"- Update to DPDK 17.11.4 (#1566069)- Ship statically linked OVS binaries (#1643478)- Backport connmgr: Fix vswitchd abort when a port is added and the controller is down (#1637926)- Backport "ovn: Add DHCP support for option 252" (#1641740)- Backport "net/i40e: fix VLAN offload setting issue" (#1637893)- Backport "Python: Make Row's __getattr__ less error prone" (#1639963)- OVN: ovn-ctl: Fix the wrong pidfile argument passed to ovsdb-servers (#1636714)- OVN: Support processing DHCPv6 information request message type (#1636874)- OVN: Fix IPv6 DAD failure for container ports (#1616129)- OVN: Fix the issue in IPv6 Neigh Solicitation responder for router IPs (#1567735)- OVN: add buffering support for ip packets (#1637466)- Fix null pointer (#1634015)- OVN: add CT_LB action to ovn-trace (#1635344)- Backport NFP PMD's non-root related commits for > 1TB of RAM (#1634820): - net/nfp: support IOVA VA mode - bus/pci: forbid IOVA mode if IOMMU address width too small - net/nfp: check hugepages IOVAs based on DMA mask - mem: use address hint for mapping hugepages - bus/pci: use IOVAs check when setting IOVA mode - mem: add function for checking memsegs IOVAs addresses - mem: fix max DMA maskbit size- Backport "Remove support for multiple queues per port" (#1634015)- Backport EMC reorder fix (#1565205)- Backport per-port socket netlink creation with EPOLLEXCLUSIVE (#1634015)- Backport roundrobin rxq to pmd assignment (#1631797)- Backport "ovs-save: Don't always include the default flow during restore" (#1628905)- applied Fix translation of groups with no buckets (#1626488)- Removed provides and obsoletes for openvswitch-dpdk (#1628603)- Backported "net/mlx{4,5}: avoid stripping the glue library" (#1627700)- Updated with 2.10.0 official tarball (#1618551)- Sync'ed with fd-next (4452afaa58) - vhost: flush IOTLB cache on new mem table handling (#1609643) - OVN: introduce ovs-appctl command to monitor HVs sb (#1593804)- Snapshot of branch-2.10 6bced903bb50- Snapshot of branch-2.10 58a7ce60b9f7- Snapshot of branch-2.10 faf64fb8861f- Snapshot of branch master 7a78d1c1ad73- Sync'ed spec file with fd-next-57 (shared linking). (DPDK patches not included) - Fixed package dependencies (#1610603)- Snapshot of branch master b1ca64f020f7- Replace macro %{name} with 'openvswitch'.- Snapshot of branch master 1ac690899592- Versioned conflict to be less than 2.10.- Snapshot of branch master 3c921cc2b6b7- Fixed unbound requires and buildrequires.- Snapshot of branch master 93c0ef12039c- Snapshot of branch master 79d0dfa4e99a- Snapshot of branch master e46148133067- Snapshot of branch master 61677bf976e9- snapshot of branch master- Backport "net/mlx5: fix memory region cache lookup" (#1581230) - Backport "net/mlx5: fix memory region boundary checks" (#1581230)- Backport "net/qede: fix memory alloc for multiple port reconfig" (#1589866)- Backport "net/qede: fix unicast filter routine return code" (#1578590)- Backport "net/qede: fix L2-handles used for RSS hash update" (#1578981)- Backport "net/nfp: fix lock file usage" (#1583670)- Backport "net/nfp: configure default RSS reta table" (#1583161)- Backport "netdev-dpdk: don't enable scatter for jumbo RX support for nfp" (#1578324)- Backport "ovn pacemaker: Fix promotion issue when the master node is reset" (#1579025)- Backport spec file modfications from "rhel: Use openvswitch user/group for the log directory"- Backport "vhost: improve dirty pages logging performance" (#1552465)- Backport "ovn: Set proper Neighbour Adv flag when replying for NS request for router IP" (#1567735)- Enable QEDE PMDs (only on x86_64) (#1578003)- ovn-nbctl: Show gw chassis in decreasing prio order (#1576725)- Fix hugetlbfs group when DPDK is enabled- Backport "eal: abstract away the auxiliary vector" (#1560728) - Re-enable DPDK on ppc64le- Require the selinux policy module (#1555440)- Backport fix QEDE PMD (#1494616)- Backport "net/nfp: fix mbufs releasing when stop or close" (#1575067)- Backport net/mlx4: fix broadcast Rx (#1568908)- Backport mempool use after free fix and debug (#1575016)- Fix the email address in the changelog.- Backport fix for missing user during install/upgrade (#1559374)- Backport fix for Unicode encoding in Python IDL (#1547065)- Backport the cisco enic patches- Backport a fix for "Offload of Fragment Matching in OvS Userspace" (#1559111)- Backport "ovn-controller: Handle Port_Binding's "requested-chassis" option" (#1559222)- Backport "python: avoid useless JSON conversion to enhance performance" (#1551016)- Backport "ovn: Set router lifetime value for IPv6 periodic RA" (#1567735) - Remove useless libpcap-devel dependency- Backport DPDK CVE-2018-1059 (#1544298)- Backport fix for PMD segfault when BNXT receives tunneled traffic (#1567634)- Backport patches to make NFP detect the correct firmware (#1566712) - Backport "rhel: Fix literal dollar sign usage in systemd service files"- Backport "rhel: don't drop capabilities when running as root" - Change owner of /etc/openvswitch during upgrade- Disable DPDK on ppc64le- Disable DPDK on aarch64- fixes i40e link status timeout trough direct register access (#1559612)- Enable BNXT, MLX4, MLX5 and NFP (aligned from FDB)- Backport "Offload of Fragment Matching in OvS Userspace" (#1559111)- Avoid to unpack openvswitch 2 times and to overwrite all the patched files Fixes 2.9.0-4- Backport "ofproto-dpif-xlate: translate action_set in clone action" (#1544892)- Backport "ovn: Calculate UDP checksum for DNS over IPv6" (#1553023)- Require the latest rhel selinux policy (#1549673)- Backport vhost patches (#1541881)- Don't require python-sphinx directly, but built it since python-sphinx is in the optional repository that is not available on RHEV and TPS test fails.- Don't verify the user and group of /etc/openvswitch and /etc/sysconfig/openvswitch This is needed since we cannot change the user and group if you upgrade from an old version that still uses root:root.- Update to OVS 2.9.0 + DPDK 17.11 (#1475436) - Backport of ofproto-dpif: Delete system tunnel interface when remove ovs bridge (#1505776) - Backport DPDK patches from FDB (vhost user async fix and enic fixes) - Backport 94cd8383e297 and 951d79e638ec to fix permissions (#1489465) - Use a static configuration file for DPDK- Rebase to latest OVS branch-2.7 fixes + DPDK 16.11.4 (#1533872)- Remove ovs-test and ovs-vlan-test from openvswitch-test package - Add an option to enable openvswitch-ovn-docker package (disabled by default)- Update to OVS 2.7.3 + branch-2.7 bugfixes (#1502742)- Backport of fix for i40e flow control get (#1491791)- Rebase to latest OVS branch fixes + DPDK 16.11.3- Backport of enic driver crash fix to dpdk-16.11 (#1489010)- Re-enable Cisco enic PMD (#1482675)- Update based on multi-arch- Disable unsupported PMDs (#1482675) - software and hardware PMDs audited by the team- Backport mmap fix for memory initialization on ppc64le to dpdk-16.11- Backport support for vfio-pci based PMD in ppc64le to dpdk-16.11- Backport support for Intel XL710 (i40e) pmd in ppc64le to dpdk-16.11- Update to OVS 2.7.2 + branch-2.7 bugfixes (#1472854) - Add a symlink of the OCF script in the OCF resources folder (#1472729)- Align to FDB openvswitch-2.7.1-1.git20170710.el7fdb (#1459286)- backport "mcast-snooping: Avoid segfault for vswitchd" (#1456356) - backport "mcast-snooping: Flush ports mdb when VLAN cfg changed." (#1456358)- backport patch to not automatically restard ovn svcs after upgrade (#1438901)- rconn: Avoid abort for ill-behaved remote (#1449109)- Fix race in "PMD - change numa node" test (#1447714) - Report only un-deleted groups in group stats replies. (#1447724) - Workaround some races in "ofproto - asynchronous message control" tests (#1448536)- Fix an issue using set_field action on nw_ecn (#1410715)- backport patch to fix uni-dir vhost perf drop (#1414919)- backport patch to correct port number in firewalld service file (#1390938)- backport patch to enable/disable libcap-ng support (--with libcapng)- Fix an MTU issue with ovs mirror ports (#1426342)- update spec file to install firewalld service files (#1390938)- vhostuser client mode support for ifup/ifdown (#1418957)- OVN-DHCP is not sending DHCP responses after a MAC change in north db (#1418261)- systemd service starts too fast (#1422227)- iptables should be easily configurable for OVN hosts and OVN central server (#1390938)- ovn: IPAM has no reply to DHCP request for renewal (#1415449)- ovn-controller: Provide the option to set Encap.options:csum (#1418742)- fixed broken service after a package upgrade (#1403958)- ovsdb-idlc: Initialize nonnull string columns for inserted rows. (#1405094)- OVN: Support IPAM with externally specified MAC (#1368043)- Update to OVS 2.6.1 + branch-2.6 bugfixes (#1335865) - Update to use DPDK 16.11 (#1335865) - Enable OVN- ifnotifier: do not wake up when there is no db connection (#1397504)- Use instant sending instead of queue (#1397481)- dpdk vhost: workaround stale vring base (#1376217)- Applied tnl fix (#1346232)- Applied the systemd backports- Fixed OVS to not require SSSE3 if DPDK is not used (#1378501)- Fixed a typo (#1385096)- Do not restart the service after a package upgrade (#1385096)- Permit running just the kernel datapath tests (#1375660)- Obsolete openvswitch-dpdk < 2.6.0 to provide migration path - Add spec option to run kernel datapath tests (#1375660)- Backport ovs-tcpdump support (#1335560) - Add ovs-pcap, ovs-tcpdump and ovs-tcpundump to -test package- Add openvswitch-dpdk provide for testing and depending on dpdk-enablement - Disable bnx2x driver, it's not stable - Build dpdk with -Wno-error to permit for newer compilers - Drop subpkgs conditional from spec, its not useful anymore- Fix adding ukeys for same flow by different pmds (#1364898)- Fixed ifup-ovs to support DPDK Bond (#1360426)- Fixed ifup-ovs to delete the ports first (#1359890)- pull bugfixes from upstream 2.5 branch (#1360431)- Removed redundant provides for openvswitch - Added epoch to the provides for -static package- Renamed to openvswitch (dpdk enabled) - Enabled sub-packages - Removed conflicts to openvswitch - Increased epoch to give this package preference over stable- pull bugfixes from upstream 2.5 branch (#1346313)- Enable DPDK bnx2x driver (#1330589) - Add README.DPDK-PMDS document listing drivers included in this package- Run testsuite by default on x86 arches (#1318786) (this sync the spec with non-dpdk version though the testsuite was already enabled here)- eliminate debuginfo-artifacts (#1281913)- Update to OVS to 2.5.0 and bundled DPDK to 2.2.0 (#1317889)- Provide openvswitch ver-rel (#1281894)- ExclusiveArch to x86_64 (dpdk) - Provides bundled(dpdk) - Re-enable testsuite- Enable building from pre-release snapshots, update to pre 2.4 version - Bundle a minimal, private build of DPDK 2.0 and link statically - Rename package to openvswitch-dpdk, conflict with regular openvswitch - Disable all sub-packages- First build on F142.11.3-90.el8s2.11.3-90.el8sifdown-ovsifup-ovs/etc/sysconfig/network-scripts/-O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mcpu=power8 -mtune=power8 -funwind-tables -fstack-clash-protectioncpioxz2ppc64le-redhat-linux-gnuBourne-Again shell script, ASCII text executableRR(openvswitch2.11 and network-scripts)utf-82b886917c0823e73848337cacd9c8becf2cf066e8a0caa89dfae2af1b46aa194?7zXZ !#,0 >] b2u y-iSqtxG ŊcP+CB isdIhֹba J3yЖ[W4A)^H}>s婢Kjl oʢ Tuv/O$qKMyB/:*jh jܖ"TmB2z !״f 7|ƣH qr-ES2|g'V( %q.JU:wɤ;[^Xtye= Iys\V ZDr2}FFZ-ѳk0\zlE ׻)tTB͉uXONgAM]fKi^!?HTa#po%31فQ/coT9,XTO 7~4# [Q}3@杇7]P ̱GuuZ~o}=WuayA!L]/ ޵dg]틄 6U`؈\#i }f, )20HMk;Q#QH!6TsL Cn/ ST!;Itpȩj1(N#6FTD١7{^̴qċY}:fdtŹMIgR/•?|i(E0>#r޶V( R?;PUK<1ɖqJn:3fGMj P( ڡ=[! ?E`ЃΉzSI`HqW .(r;R,}Ub#Pc?d[E'*bakdΨȌ?)")DZH/F _& K;lVdqK%b בֽ4eNHobU$tVB%*՗']iHϪ1C3gR2ǽ›P0V7hs_1?Na4[dNިe=4߂V_Qb/c '?qJm\Ue̷pU2(+ 8 h7lhѨ RL Ic/BD3 0Ћ)ۙ|p &}sF/f'x7/DѼ,9 g R03pM'BiOw|Xj+lߏx6 .)v S5E{dP= Xh_>JUvZ1+9@a<pI99-QQ($D +xyšw\&O_w͘-0װV ~qz;V5~"{_ Ɋ31 AWHsb"*-YRsz&v[j_V|VJ<_`;T뛨x3]x9}n*&kцWW7~{xh#4YE xr3ԧ’li!Oމ-9K٩:y}sөADQE &-#& "s"R\}bwmv]r±F"8LS!ju?