SLFO-pool/openvswitch
SHA256
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
a94b355a87
openvswitch/openvswitch.changes

2172 lines
101 KiB
Plaintext
Raw Blame History

-------------------------------------------------------------------
Thu Dec 14 11:55:19 UTC 2023 - Dirk Müller <dmueller@suse.com>
- convert to sysuser generated users
-------------------------------------------------------------------
Mon Dec 4 15:52:33 UTC 2023 - Ana Guerrero <ana.guerrero@suse.com>
- Add BuildRequires on python-setuptools. Previously this was pulled
by python-Sphinx in the build environment.
-------------------------------------------------------------------
Thu Sep 7 07:55:29 UTC 2023 - Duraisankar P <Duraisankar.pitchumani@suse.com>
- Fix CVE-2023-3153 [bsc#1212125], VUL-0: CVE-2023-3153: openvswitch,openvswitch3: service monitor MAC flow is not rate limited
- Added patch,
CVE-2023-3152.patch
-------------------------------------------------------------------
Wed May 17 09:46:44 UTC 2023 - Duraisankar P <Duraisankar.pitchumani@suse.com>
- Fix CVE-2023-1668 [bsc#1210054], openvswitch: remote traffic denial of service via crafted packets with IP proto 0
- Added patch,
CVE-2023-1668.patch
-------------------------------------------------------------------
Tue May 2 07:48:43 UTC 2023 - Dominique Leuenberger <dimstar@opensuse.org>
- Remove python/ovs/dirs.py prior to building: have this
re-generated based on the shipped template (boo#1210479).
-------------------------------------------------------------------
Wed Apr 5 21:14:59 UTC 2023 - Duraisankar P <Duraisankar.pitchumani@suse.com>
- Update OVS version to v3.1.0 and OVN version to v23.03.0
Some of the features are,
- ovs-vswitchd now detects changes in CPU affinity and adjusts the number
of handler and revalidator threads if necessary.
- AF_XDP:
* Added support for building with libxdp and libbpf >= 0.7.
* Support for AF_XDP is now enabled by default if all dependencies are
available at the build time. Use --disable-afxdp to disable.
Use --enable-afxdp to fail the build if dependencies are not present.
- ovs-appctl:
* "ovs-appctl ofproto/trace" command can now display port names with the
"--names" option.
- OVSDB-IDL:
* Add the support to specify the persistent uuid for row insert in both
C and Python IDLs.
- Windows:
* Conntrack IPv6 fragment support.
- DPDK:
* Add support for DPDK 22.11.1.
- For the QoS max-rate and STP/RSTP path-cost configuration OVS now assumes
10 Gbps link speed by default in case the actual link speed cannot be
determined. Previously it was 10 Mbps. Values can still be overridden
by specifying 'max-rate' or '[r]stp-path-cost' accordingly.
- OpenFlow:
* New OpenFlow extension NXT_CT_FLUSH to flush connections matching
the specified fields.
- ovs-ctl:
* New option '--dump-hugepages' to include hugepages in core dumps. This
can assist with postmortem analysis involving DPDK, but may also produce
significantly larger core dump files.
- ovs-dpctl and 'ovs-appctl dpctl/' commands:
* 'flush-conntrack' is now capable of handling partial 5-tuple,
with additional optional parameter to specify the reply direction.
- ovs-ofctl:
* New command 'flush-conntrack' that accepts zone and 5-tuple (or partial
5-tuple) for both directions.
- Support for travis-ci.org based continuous integration builds has been
dropped.
- Userspace datapath:
* Add '-secs' argument to appctl 'dpif-netdev/pmd-rxq-show' to show
the pmd usage of an Rx queue over a configurable time period.
* Add new experimental PMD load based sleeping feature. PMD threads can
request to sleep up to a user configured 'pmd-maxsleep' value under
low load conditions.
-For more details, check
https://github.com/openvswitch/ovs/blob/v3.1.0/NEWS
-Includes secrity fix for CVE-2022-4338 (bsc#1206580) and CVE-2022-4337 (bsc#1206581)
- Removed patches,
* 0001-Replace-deprecated-var-run-with-run.patch
* 0001-openvswitch-merge-compiler.h-files-into-one-file.patch
* openvswitch-CVE-2021-36980.patch
* 0002-build-Seperated-common-used-headers.patch
* a77ad9693c8b49055389559187fe74eddb619746.patch
* 0001-m4-Test-avx512-for-x86-only.patch
* openvswitch-2.17.2-Fix-tests-with-GNU-grep-3.8.patch
- Renamed and rebased patches,
* 0001-Don-t-change-permissions-of-dev-hugepages.patch
* 0001-Use-double-hash-for-OVS_USER_ID-comment.patch
* 0001-Run-ovn-as-openvswitch-openvswitch.patch
* 0001-Use-strongswan-for-openvswitch-ipsec-service.patch
* 0001-Run-openvswitch-as-openvswitch-openvswitch.patch
- Added ovsb tool install patch,
* install-ovsdb-tools.patch
-------------------------------------------------------------------
Thu Sep 29 11:58:47 UTC 2022 - Dirk Müller <dmueller@suse.com>
- add a77ad9693c8b49055389559187fe74eddb619746.patch to avoid
the cpu detection code being compiled with AVX512 enabled
- add 0001-m4-Test-avx512-for-x86-only.patch
-------------------------------------------------------------------
Mon Sep 12 19:55:30 UTC 2022 - Andreas Stieger <andreas.stieger@gmx.de>
- fix tests with GNU grep 3.8 boo#1203239
add openvswitch-2.17.2-Fix-tests-with-GNU-grep-3.8.patch
-------------------------------------------------------------------
Wed Aug 3 11:11:36 UTC 2022 - Dirk Müller <dmueller@suse.com>
- update to 2.17.2:
- Bug fixes
- DPDK:
* OVS validated with DPDK 21.11.1. It is recommended to use this version
until further releases.
- Bug fixes
- libopenvswitch API change:
* To fix the Undefined Behavior issue causing the compiler to incorrectly
optimize important parts of code, container iteration macros (e.g.,
LIST_FOR_EACH) have been re-implemented in a UB-safe way.
* Backwards compatibility has mostly been preserved, however the
user-provided pointer is now set to NULL after the loop (unless it
exited via "break;")
* Users of libopenvswitch will need to double-check the use of such loop
macros before compiling with a new version.
* Since the change is limited to the definitions within the headers, the
ABI is not affected.
- refresh 0001-openvswitch-merge-compiler.h-files-into-one-file.patch
0002-build-Seperated-common-used-headers.patch
-------------------------------------------------------------------
Fri May 13 15:52:24 UTC 2022 - Dominique Leuenberger <dimstar@opensuse.org>
- Allow dpdk version 21.11.
-------------------------------------------------------------------
Fri Apr 22 20:42:31 UTC 2022 - Ferdinand Thiessen <rpm@fthiessen.de>
- Python package: Do not use C json parser on 32bit as large numbers
will overflow.
-------------------------------------------------------------------
Sun Apr 3 13:12:28 UTC 2022 - Ferdinand Thiessen <rpm@fthiessen.de>
- Mention openvswitch-rpmlintrc as Source in spec file
-------------------------------------------------------------------
Mon Mar 14 13:55:07 UTC 2022 - Ferdinand Thiessen <rpm@fthiessen.de>
- Fix installation of files shared with OVN (required for building
OVN without openvswitch sources), remove custom installation
of internal headers from SPEC-install section and use patches
(for upstreaming) instead.
* install-ovsdb-tools.patch
* Added 0001-openvswitch-merge-compiler.h-files-into-one-file.patch
* Added 0002-build-Seperated-common-used-headers.patch
- Enabled check section / running testsuite by default to validate
build result. There must no problems with the testsuite anymore as
upstream runs it by CI and checked before release of a new version.
- Renamed 0001-Don-t-change-permissions-of-dev-hugepages.patch to
Don-t-change-permissions-of-dev-hugepages.patch
- Renamed 0001-Run-openvswitch-as-openvswitch-openvswitch.patch to
Run-openvswitch-as-openvswitch-openvswitch.patch
- Renamed 0001-Use-double-hash-for-OVS_USER_ID-comment.patch to
Use-double-hash-for-OVS_USER_ID-comment.patch
- Rebased 0001-Use-strongswan-for-openvswitch-ipsec-service.patch to
Use-strongswan-for-openvswitch-ipsec-service.patch
-------------------------------------------------------------------
Fri Mar 11 11:33:18 UTC 2022 - Ferdinand Thiessen <rpm@fthiessen.de>
- Fix OVS location for python bindings (dirs.py), boo#1196978
Make sure dirs.py is freshly generated
-------------------------------------------------------------------
Mon Mar 7 12:04:30 UTC 2022 - Dirk Müller <dmueller@suse.com>
- fix python3 requires (bsc#1196758)
-------------------------------------------------------------------
Sun Feb 27 19:24:57 UTC 2022 - Ferdinand Thiessen <rpm@fthiessen.de>
- Added install-ovsdb-tools.patch to install ovsdb tools required
for building OVN
-------------------------------------------------------------------
Sat Feb 26 22:11:06 UTC 2022 - Ferdinand Thiessen <rpm@fthiessen.de>
- Enable multiple python3 flavor subpackages on Tumbleweed / Factory
-------------------------------------------------------------------
Sat Feb 26 00:56:03 UTC 2022 - Ferdinand Thiessen <rpm@fthiessen.de>
- Update OVS to version 2.17.0
* Userspace datapath:
* Optimized flow lookups for datapath flows with simple match criteria.
* New per-interface configuration knob 'other_config:tx-steering'.
* Removed experimental tag for PMD Auto Load Balance.
* New configuration knob 'other_config:n-offload-threads' to change the
number of HW offloading threads.
* DPDK:
* EAL argument --socket-mem is no longer configured by default upon
start-up. If dpdk-socket-mem and dpdk-alloc-mem are not specified,
DPDK defaults will be used.
* EAL argument --socket-limit no longer takes on the value of --socket-mem
by default. 'other_config:dpdk-socket-limit' can be set equal to
the 'other_config:dpdk-socket-mem' to preserve the legacy memory
limiting behavior.
* EAL argument --in-memory is applied by default if supported.
* Add support for DPDK 21.11.
* Forbid use of DPDK multiprocess feature.
* Add support for running threads on cores >= RTE_MAX_LCORE.
* Python: For SSL support, the use of the pyOpenSSL library has
been replaced with the native 'ssl' module.
* OVSDB:
* Python library for OVSDB clients now also supports faster
resynchronization with a clustered database after a brief disconnection,
i.e. 'monitor_cond_since' monitoring method.
* Major improvement in the performance of the OVSDB server.
* OpenFlow:
* Default selection method for select groups with up to 256 buckets is
now dp_hash. Previously this was limited to 64 buckets. This change
is mainly for the benefit of OVN load balancing configurations.
* Encap & Decap action support for MPLS packet type.
- Update OVS to version 2.16.0
* Fix CVE-2021-36980 (boo#1188524)
openvswitch 2.11.0 through 2.15.0 has a use-after-free in
decode_NXAST_RAW_ENCAP (called from ofpact_decode and ofpacts_decode)
during the decoding of a RAW_ENCAP action
* Removed support for 1024-bit Diffie-Hellman key exchange
* Rate limiting configuration now supports setting packet-per-second
limits in addition to the previously configurable byte rate settings.
* OVSDB:
* Introduced new database service model - "relay".
* New command line options --record/--replay for ovsdb-server and
ovsdb-client to record and replay all the incoming transactions,
monitors, etc.
* The Python Idl class now has a cooperative_yield() method
* In ovs-vsctl and vtep-ctl, the "find" command now accept new
operators {in} and {not-in}.
* Various Userspace datapath improvements
* ovs-ctl:
* New option '--no-record-hostname' to disable hostname configuration
in ovsdb on startup.
* New command 'record-hostname-if-not-set' to update hostname in ovsdb.
* ovs-appctl: Added ability to add and delete static mac entries using:
'ovs-appctl fdb/add <bridge> <port> <vlan> <mac>'
'ovs-appctl fdb/del <bridge> <vlan> <mac>'
* Linux datapath:
* ovs-vswitchd will configure the kernel module using per-cpu dispatch
mode (if available). This changes the way upcalls are delivered to
user space in order to resolve a number of issues with per-vport dispatch.
* New vswitchd unixctl command `dpif-netlink/dispatch-mode` will return
the current dispatch mode for each datapath.
- Update OVS to version 2.15.0
* OVSDB:
* Changed format in which ovsdb transactions are stored in
database files. Now each transaction contains diff of data
instead of the whole new value of a column.
* New unixctl command 'ovsdb-server/get-db-storage-status'
* New unixctl command 'ovsdb-server/memory-trim-on-compaction on|off'.
* Maximum backlog on RAFT connections limited to 500 messages or 4GB.
* DPDK: Removed support for vhost-user dequeue zero-copy.
* Add support for DPDK 20.11.
* The environment variable OVS_UNBOUND_CONF, if set, is now used
as the DNS resolver's (unbound) configuration file.
* Linux datapath: Support for kernel versions up to 5.8.x.
* Building the Linux kernel module from the OVS source tree is deprecated
* Support for the Linux kernel is capped at version 5.8
* Only bug fixes for the Linux OOT kernel module will be accepted.
* The Linux kernel module will be fully removed from the OVS source tree
in OVS branch 2.18
- Rebased 0001-Use-strongswan-for-openvswitch-ipsec-service.patch
- Drop upstream fixed 0001-Replace-deprecated-var-run-with-run.patch
- Separated OVN
* Stand alone package, this enables better maintenance
especially updates.
* Drop 0001-Run-ovn-as-openvswitch-openvswitch.patch from OVN
-------------------------------------------------------------------
Mon May 10 10:28:32 UTC 2021 - Dirk Müller <dmueller@suse.com>
- add openssl(cli) dependency on pki (bsc#1185839)
-------------------------------------------------------------------
Thu Apr 29 16:05:49 UTC 2021 - Jaime Caamaño Ruiz <jcaamano@suse.com>
- Replace deprecated /var/run with /run (bsc#1185176, bsc#1185177).
* 0001-Replace-deprecated-var-run-with-run.patch
-------------------------------------------------------------------
Fri Feb 12 10:36:03 UTC 2021 - Jaime Caamaño Ruiz <jcaamano@suse.com>
- Update openvswitch to 2.14.2. For a list of changes, check
https://github.com/openvswitch/ovs/blob/v2.14.2/NEWS
Includes security fix for CVE-2020-27827 (bsc#1181345) and CVE-2020-35498
(bsc#1181742).
- Removed patches no longer applying to code base:
* 0001-rhel-Fix-reload-of-OVS_USER_ID-on-startup.patch
* 0001-ipsec-Fix-Strongswan-configuration-syntax.patch
-------------------------------------------------------------------
Tue Nov 3 10:50:49 UTC 2020 - Jaime Caamaño Ruiz <jcaamano@suse.com>
- Replaced `%service_del_postun -n` with `%service_del_postun_without_restart`
(bsc#1117483).
-------------------------------------------------------------------
Tue Sep 29 10:41:30 UTC 2020 - Jaime Caamaño Ruiz <jcaamano@suse.com>
- Fix wrong default directories for OVS python utilities (bsc#1176273).
- Add upstream patches to fix openvswitch-ipsec service (bsc#1176273).
* 0001-ipsec-Fix-Strongswan-configuration-syntax.patch
-------------------------------------------------------------------
Tue Sep 1 13:50:47 UTC 2020 - Jaime Caamaño Ruiz <jcaamano@suse.com>
- Update openvswitch to 2.14.0. For a list of changes, check
https://github.com/openvswitch/ovs/blob/v2.14.0/NEWS
- Update OVN to 20.06.2. For a list of changes, check
https://github.com/ovn-org/ovn/blob/v20.06.2/NEWS
-------------------------------------------------------------------
Mon Jun 15 13:21:22 UTC 2020 - Jaime Caamaño Ruiz <jcaamano@suse.com>
- Fix preserving old default OVS_USER_ID for users that removed the
override at /etc/sysconfig/openvswitch or for users affected by
fillup bug below (bsc#1172861).
- Add patch to workaround a possible fillup issue that could cause
existing openvswitch configuration to be unintendedly altered during
upgrades (bsc#1172929).
* 0001-Use-double-hash-for-OVS_USER_ID-comment.patch
-------------------------------------------------------------------
Wed Jun 3 14:53:21 UTC 2020 - Jaime Caamaño Ruiz <jcaamano@suse.com>
- add missing provides/obsoletes for python3-openvswitch-test
-------------------------------------------------------------------
Mon May 4 11:38:26 UTC 2020 - Jaime Caamaño Ruiz <jcaamano@suse.com>
- Update openvswitch to 2.13.0.
* For a list of changes, check
https://github.com/openvswitch/ovs/blob/v2.13.0/NEWS
* This version drops python2 binding support. Only python3 bindings
provided going forward.
* Tool ovs-vlan-bug-workaround is no longer provided.
- OVN was split to its own repo but is still built together with OVS and as
such from this same source package. OVN initial version is 20.03.
* For a list of changes, check
https://github.com/ovn-org/ovn/blob/v20.03.0/NEWS
* Packages openvswitch-ovn* are renamed to ovn*.
* OVN now has its own sysconfig and log paths.
- Add OVS patch to be proposed upstream:
* 0001-rhel-Fix-reload-of-OVS_USER_ID-on-startup.patch
- Patch instead of post-processing configuration files to set running
credentials (bsc#1157338):
* 0001-Run-openvswitch-as-openvswitch-openvswitch.patch
* 0001-Run-ovn-as-openvswitch-openvswitch.patch
- Will no longer change group ownership of /dev/hugepages to 'hugetlbfs'
(bsc#1140835). System admin should mount hugepages on a path and permissions of
his choosing for OVS. Add patch:
* 0001-Don-t-change-permissions-of-dev-hugepages.patch
- Will no longer install udev rule to change group ownership of vfio devices to
'hugetlbfs'. Group name does not make much sense in this case and ownership of
vfio devices should be coordinated system wide or per device.
- Will no longer run under group 'hugetlbfs' on new installs with DPDK enabled.
OVS will now run under group 'openvswitch' whether compiled with DPDK support
or not.
- OVS persistent state is now saved on /var/lib/openvswitch instead of
/etc/openvswitch for new installs.
-------------------------------------------------------------------
Thu Feb 13 18:06:02 UTC 2020 - Dirk Mueller <dmueller@suse.com>
- add missing sortedcontainers dependency to the python bindings
-------------------------------------------------------------------
Mon Oct 28 14:56:34 UTC 2019 - Jaime Caamaño Ruiz <jcaamano@suse.com>
- Update openvswitch to 2.12.0. For a list of changes, check
https://github.com/openvswitch/ovs/blob/master/NEWS
- Removed patches that are already included upstream:
* 0001-rhel-secure-openvswitch-useropts.patch
* 0002-rhel-let-ctl-handle-runtime-directory.patch
- Rebased patches:
* 0001-Use-strongswan-for-openvswitch-ipsec-service.patch
-------------------------------------------------------------------
Thu Aug 8 11:55:36 UTC 2019 - <jcaamano@suse.com>
- Fixed missing obsoletes for old python-ovs (bsc#1138948).
-------------------------------------------------------------------
Tue Jul 16 09:10:42 UTC 2019 - <jcaamano@suse.com>
- Add unbound as a build requirement to support asynchronous DNS
resolving for remotes.
-------------------------------------------------------------------
Thu Jun 20 12:00:42 UTC 2019 - <jcaamano@suse.com>
- Update DPDK dependency to support DPDK 18.11.2.
-------------------------------------------------------------------
Mon Jun 10 17:12:00 UTC 2019 - <jcaamano@suse.com>
- Add upstream patches to fix bsc#1135884:
* 0001-rhel-secure-openvswitch-useropts.patch
* 0002-rhel-let-ctl-handle-runtime-directory.patch
-------------------------------------------------------------------
Mon May 6 17:08:26 UTC 2019 - <jcaamano@suse.com>
- Use temporary directory for python build.
-------------------------------------------------------------------
Mon Apr 29 14:12:36 UTC 2019 - <jcaamano@suse.com>
- Fix problem preventing new installs to run as non root (bsc#1132029),
including:
* Align with upstream so that no running configuration is changed on
upgrades, specifically to avoid changes on the user Open vSwitch runs
under.
* hugetblfs groups is created as system group.
- Add missing opnvswitch-ipsec package and systemd service.
- Add patch to use strongswan instead of libreswan for openvswitch-ipsec.
libreswan package not available currently.
* 0001-Use-strongswan-for-openvswitch-ipsec-service.patch
- Add missing ovs-delete-transient-ports systemd service.
- Align installed headers with upstream.
- Fix problem preventing rpm build '--with check'.
- Fix python environment that had directories pointing to /usr/local.
- Version bump to 2.11.1. Some of the changes are:
* netdev-tc-offloads: Fix probe tc block support
* rhel: Include all header files in the Fedora's devel package
* reconnect.c: Don't transition back to ACTIVE when forced to RECONNECT.
* OVN: Make periodic RAs consistent with RA responder.
* OVN: Always send prefix option in RAs
* OVN: Use offset instead of pointer into ofpbuf
* ofproto: fix the bug of bucket counter is not updated
* netdev-dpdk: Print netdev name for txq mapping.
* dpif-netdev-perf: Fix millisecond stats precision with slower TSC.
* ifupdown.sh: Add missing "--may-exist" option
* dpif-netdev-perf: Fix double update of perf histograms.
* dpdk: Stop dumping memzones to stdout.
* dpctl: Drop parser debug information.
* netdev-tc-offloads: Properly get the block id on flow del/get
* netdev-tc-offloads: Improve log message for icmpv6 offload not supported
* conntrack: Replace structure copy by memcpy().
* conntrack: Lookup only 'UNNAT conns' in 'nat_clean()'.
* conntrack: Fix race for NAT cleanup.
* ovn-nbctl: Don't segfault when ovn-northd doesn't configure dynamic addresses.
* datapath-windows: Add annotations to find vport functions
* datapath-windows: Guard vport usage in user.c
* datapath-windows: Fix potential deadlock in event subscription
* datapath-windows: Fix race condition during port creation
* datapath-windows: Fix nbl cleanup when memory allocation fails
* netdev-linux: Remove ingress qdisc before trying to add shared block
* netdev-tc-offloads: Remove ingress qdisc on tc init flow api
* ovsdb-idl: Fix memory leak of idl->remote.
* travis: Remove 'sudo' configuration.
* OVN: Add port addresses to IPAM after all ports are joined.
* dpif-netlink: Free leaked ofpbuf by using ofpbuf_delete
* OVN: update RA next_announce according to {min, max}_interval
* rconn: Avoid occasional immediate connection failures.
* dpdk: Fix case-sensitivity of dpdk-init knob.
* NEWS: Clean up the 2.11.0 release notes a bit.
* conntrack: Fix L4 csum for V6 extension hdr pkts.
* packets: Change return type for 'packet_csum_upperlayer6()'.
* ovsdb-client: Fix typo.
* ovn-nbctl: Daemon mode should retry when IDL connection lost.
* ofctl: break the loop if ovs_pcap_read returns error
* netlink: added check to prevent netlink attribute overflow
-------------------------------------------------------------------
Mon Mar 25 14:18:56 UTC 2019 - <jcaamano@suse.com>
- Disable dpdk on ix86, aligned with dpdk package.
-------------------------------------------------------------------
Thu Mar 21 15:12:55 UTC 2019 - Jan Engelhardt <jengelh@inai.de>
- Combine %service_* calls to reduce generated boilerplate.
- Reduce scriptlets' hard dependency on systemd.
-------------------------------------------------------------------
Thu Feb 28 11:16:58 UTC 2019 - jcaamano@suse.com
- Version bump to 2.11.0. Some of the changes are:
* Linux datapath:
- Support for the kernel versions 4.16.x and 4.17.x.
- Support for the kernel versions 4.18.x
* OpenFlow:
- OFPMP_TABLE_FEATURES_REQUEST can now modify table features.
* ovs-ofctl:
- "mod-table" command can now change OpenFlow table names.
* The environment variable OVS_SYSLOG_METHOD, if set, is now used
as the default syslog method.
* The environment variable OVS_CTL_TIMEOUT, if set, is now used
as the default timeout for control utilities.
* ovn:
- OVN-SB schema changed: duplicated IP with same Encapsulation type
is not allowed any more. Please refer to
Documentation/intro/install/ovn-upgrades.rst for the instructions
in case there are problems encountered when upgrading from an earlier
version.
- New support for IPSEC encrypted tunnels between hypervisors.
- ovn-ctl: allow passing user:group ids to the OVN daemons.
- IPAM/MACAM:
* add the capability to dynamically assign just L2 addresses
* add the capability to specify a static ip address and get the L2 one
allocated dynamically using the following syntax:
ovn-nbctl lsp-set-addresses <port> "dynamic <IP>"
* DPDK:
- Add support for DPDK 18.11
- Add support for port representors.
* Userspace datapath:
- Add option for simple round-robin based Rxq to PMD assignment.
It can be set with pmd-rxq-assign.
- Add support for Auto load balancing of PMDs (experimental)
- Added new per-port configurable option to manage EMC:
'other_config:emc-enable'.
* Add 'symmetric_l3' hash function.
* OVS now honors 'updelay' and 'downdelay' for bonds with LACP configured.
* ovs-vswitchd:
- New configuration option "offload-rebalance", that enables dynamic
rebalancing of offloaded flows.
* The environment variable OVS_RESOLV_CONF, if set, is now used
as the DNS server configuration file.
* RHEL packaging:
- OVN packages are split from OVS packages. A new spec
file - ovn-fedora.spec.in is added to generate OVN packages.
- Revisit DISABLE_RESTART_ON_UPDATE and DISABLE_STOP_ON_REMOVAL options
(bsc#1117483). DISABLE_STOP_ON_REMOVAL is removed. DISABLE_RESTART_ON_UPDATE
is replaced by '%service_del_postun -n'. $FIRST_ARG is replaced by $1.
- Add extra openvswitch headers (bsc#1125897).
-------------------------------------------------------------------
Fri Feb 15 16:16:32 UTC 2019 - jcaamano@suse.com
- Obsolete old python[2]-openvswitch-test subpackages (bsc#1124435).
-------------------------------------------------------------------
Thu Jan 24 16:52:16 UTC 2019 - jcaamano@suse.com
- Fixed package name libopenvswitch-2_10-0 to libopenvswitch-2_11-0
-------------------------------------------------------------------
Thu Jan 24 11:34:15 UTC 2019 - Jaime Caamaño (jcaamano@suse.com)
- Version bump to 2.11.0+git20190123.ad83fc9ab. Some of the changes are:
* Linux datapath:
- Support for the kernel versions 4.16.x and 4.17.x.
* OpenFlow:
- OFPMP_TABLE_FEATURES_REQUEST can now modify table features.
* ovs-ofctl:
- "mod-table" command can now change OpenFlow table names.
* The environment variable OVS_SYSLOG_METHOD, if set, is now used
as the default syslog method.
* The environment variable OVS_CTL_TIMEOUT, if set, is now used
as the default timeout for control utilities.
* ovn:
- OVN-SB schema changed: duplicated IP with same Encapsulation type
is not allowed any more. Please refer to
Documentation/intro/install/ovn-upgrades.rst for the instructions
in case there are problems encountered when upgrading from an earlier
version.
- New support for IPSEC encrypted tunnels between hypervisors.
- ovn-ctl: allow passing user:group ids to the OVN daemons.
- IPAM/MACAM:
* add the capability to dynamically assign just L2 addresses
* add the capability to specify a static ip address and get the L2 one
allocated dynamically using the following syntax:
ovn-nbctl lsp-set-addresses <port> "dynamic <IP>"
* DPDK:
- Add support for DPDK 18.11
- Add support for port representors.
* Userspace datapath:
- Add option for simple round-robin based Rxq to PMD assignment.
It can be set with pmd-rxq-assign.
- Add support for Auto load balancing of PMDs (experimental)
- Added new per-port configurable option to manage EMC:
'other_config:emc-enable'.
* Add 'symmetric_l3' hash function.
* OVS now honors 'updelay' and 'downdelay' for bonds with LACP configured.
* ovs-vswitchd:
- New configuration option "offload-rebalance", that enables dynamic
rebalancing of offloaded flows.
* The environment variable OVS_RESOLV_CONF, if set, is now used
as the DNS server configuration file.
* RHEL packaging:
- OVN packages are split from OVS packages. A new spec
file - ovn-fedora.spec.in is added to generate OVN packages.
- Remove upstreamed patch:
* 0001-python-c-ext-Fix-memory-leak-in-Parser_finish.patch
- Remove DISABLE_RESTART_ON_UPDATE and DISABLE_STOP_ON_REMOVAL options (bsc#1117483).
-------------------------------------------------------------------
Sun Jan 20 07:58:20 UTC 2019 - Thomas Bechtold <tbechtold@suse.com>
- python2-ovs provides now also python-ovs which is the standard
for singlespec python packages.
-------------------------------------------------------------------
Mon Nov 26 11:07:30 UTC 2018 - jcaamano@suse.com
- Backport upstream fix for python json parser memory leak (bsc#1116437)
* 0001-python-c-ext-Fix-memory-leak-in-Parser_finish.patch
-------------------------------------------------------------------
Thu Nov 8 11:17:38 UTC 2018 - Markos Chandras <mchandras@suse.de>
- Improve python packaging (bsc#1115085)
* Rename python*-openvswitch subpackages to python*-ovs to follow
the openSUSE policy that packages should be named after the modules
they install.
* Build the JSON C bindings and as a result the 'noarch' BuildArch
needs to be removed.
* Drop the python*-openvswitch-test packages and merge them with the
test subpackage
* Build the python bindings using setuptools
* Include the egg-info package.
* Use libopenvswitch as dependency to python bindings
-------------------------------------------------------------------
Mon Oct 22 09:38:00 UTC 2018 - Markos Chandras <mchandras@suse.de>
- Version bump to 2.10.1. Some of the changes are:
* dpif-netdev.at: Add missing backslash.
* ofproto-dpif-xlate: Avoid deadlock on multicast snooping recursion.
* dpif-netdev-perf: Print SMC statistics.
* dpif-netdev-unixctl: Change 'masked' to 'megaflow'.
* ovn-controller: Support processing DHCPv6 information request message type
* ovn-ctl: Fix the wrong pidfile argument passed to ovsdb-servers
* ovndb-servers.ocf: Add ssl support for managing OVN DB resources with pacemaker using LB VIP.
* ovn-ctl: Allow passing ssl certs when starting OVN DBs in ssl mode.
* expr: Disallow < <= >= > comparisons against empty value set.
* expr: Set a limit on the depth of nested parentheses
* ovn: Fix IPv6 DAD failure for container ports
* dpif-netdev: Add vlan to mask for flow_put operation.
* ovs-save: Parse geneve tlv map correctly.
* extend-table: Fix a bug that iterates wrong table
* odp-util: Fix a use-after-free bug.
* ofp-packet: Fix NXT_RESUME with geneve tunnel metadata
* dpif-netlink: Fix null pointer.
* ofproto-dpif-xlate.c: Fix uninitialized variable warning.
* dpif: Remove support for multiple queues per port.
* dpif-netlink: don't allocate per thread netlink sockets
* ovsdb-types: Refactor structs so as to comply with C++ standard
* bfd: Make the tp_dst masking megaflow-friendly.
* ovsdb-data: Improve grammar in error message.
* condition: Reject <, <=, >=, > with optional scalar against empty set.
* condition: Fix ==, !=, includes, excludes on optional scalars.
* netdev: Properly clear 'details' when iterating in NETDEV_QOS_FOR_EACH.
* lex: Fix buffer overrun parsing overlong hexadecimal constants.
* sflow: Set agent address properly based on collector address.
* ovsdb-client: Fix a bug that uses wrong index
* ofproto: Fix build with some GCC versions.
* ofproto-dpif-xlate: Fix conntrack fields on NXT_RESUME
* ofproto: Handle OpenFlow version mismatch for requestforward with groups.
* ovs-save: save and restore groups on restart
* sparse: check if floatn-common.h is available.
* flow: Fix uninitialized flow fields in IPv6 error case.
* ofproto-dpif: Fix NXT_RESUME flow stats
* ovn: Add the documentation for the DHCP opt 'wpad' in proper section
* meta-flow: Make "nw_frag" a synonym for "ip_frag".
* gre: Rename fallback devices to avoid udev's interference
* ovsdb-server: Alleviate the possible data loss in an active/standby setup
* ovsdb-idlc: Use ALIGNED_CAST to avoid spurious warnings for index rows.
* ofproto-dpif-xlate: Fix translation of groups with no buckets.
* ovn: Add DHCP support for option 252.
* ofp-port: Don't leak on error in ofputil_pull_ofp14_port_stats().
* ofp-print: Fix a memory leak reported by fuzz
* ovs-save: Don't always include the default flow during restore
* lib/tc: treat vlan id and prio as independent fields
* odp-util: Don't attempt to write IPv6 flow label bits that don't exist.
* lib/tc: reject offloading of non-Ethernet packets
* dhparams: Fix .c file generation with OpenSSL >= 1.1.1-pre9
* ovs-ctl: Allow add-remote without vswitchd started.
* system-traffic: Fix conntrack per zone limit test.
* erspan: set erspan_ver to 1 by default when adding an erspan dev
* ovn.at: Skip ACL rate-limiting test on slow/overloaded systems.
* daemon-unix: Use same name for original or restarted children.
* dpif-netdev: Prevent unsafe access when retrieving meter stats.
* utilities: Drop shebang from bash completion script
* ofp-actions: Re-fix error path for parsing OpenFlow actions.
* nx-match: Avoid double-free on some error paths.
* netdev-dpdk: Support the link speed of XL710
* ovn-northd: Support learning neighbor from ARP request.
* ovn-northd: LR respond ARP from valid subnet only.
* ovn: Fix the issue in IPv6 Neigh Solicitation responder for router IPs
* dpctl: Fix memory leak in dp_exists().
* ofproto-dpif: Check for EBUSY as well
* tunnel, tests: Sort flow output in ERSPAN v1/v2 metadata
* erspan: add big endian bit fields.
-------------------------------------------------------------------
Thu Sep 27 16:06:58 UTC 2018 - Markos Chandras <mchandras@suse.de>
- Use correct user for logrotate script (bsc#1104049, b096fa42ddc2)
-------------------------------------------------------------------
Mon Sep 24 12:46:34 UTC 2018 - Markos Chandras <mchandras@suse.de>
- Fix package name for shared library.
-------------------------------------------------------------------
Tue Aug 28 09:21:19 UTC 2018 - mchandras@suse.de
- Version bump to 2.10.0. Some of the changes are:
* ovs-vswitchd and utilities now support DNS names in OpenFlow and
OVSDB remotes.
* ovs-vswitchd:
- New options --l7 and --l7-len to "ofproto/trace" command.
- Previous versions gave OpenFlow tables default names of the form
"table#". These are not helpful names for the purpose of accepting
and displaying table names, so now tables by default have no names.
- The "null" interface type, deprecated since 2013, has been removed.
- Add minimum network namespace support for Linux.
- New command "lacp/show-stats"
* ovs-ofctl:
- ovs-ofctl now accepts and display table names in place of numbers. By
default it always accepts names and in interactive use it displays them;
use --names or --no-names to override. See ovs-ofctl(8) for details.
* ovs-vsctl: New commands "add-bond-iface" and "del-bond-iface".
* ovs-dpctl:
- New commands "ct-set-limits", "ct-del-limits", and "ct-get-limits".
* OpenFlow:
- OFPT_ROLE_STATUS is now available in OpenFlow 1.3.
- OpenFlow 1.5 extensible statistics (OXS) now implemented.
- New OpenFlow 1.0 extensions for group support.
- Default selection method for select groups is now dp_hash with improved
accuracy.
* ovn:
- Implemented icmp4/icmp6/tcp_reset actions in order to drop the packet
and reply with a RST for TCP or ICMPv4/ICMPv6 unreachable message for
other IPv4/IPv6-based protocols whenever a reject ACL rule is hit.
- ACL match conditions can now match on Port_Groups as well as address
sets that are automatically generated by Port_Groups. ACLs can be
applied directly to Port_Groups as well.
- ovn-nbctl can now run as a daemon (long-lived, background process).
See ovn-nbctl(8) for details.
* DPDK:
- New 'check-dpdk' Makefile target to run a new system testsuite.
See Testing topic for the details.
- Add LSC interrupt support for DPDK physical devices.
- Allow init to fail and record DPDK status/version in OVS database.
- Add experimental flow hardware offload support
- Support both shared and per port mempools for DPDK devices.
* Userspace datapath:
- Commands ovs-appctl dpif-netdev/pmd-*-show can now work on a single PMD
- Detailed PMD performance metrics available with new command
ovs-appctl dpif-netdev/pmd-perf-show
- Supervision of PMD performance metrics and logging of suspicious
iterations
- Add signature match cache (SMC) as experimental feature. When turned on,
it improves throughput when traffic has many more flows than EMC size.
* ERSPAN:
- Implemented ERSPAN protocol (draft-foschiano-erspan-00.txt) for
both kernel datapath and userspace datapath.
- Added port-based and flow-based ERSPAN tunnel port support, added
OpenFlow rules matching ERSPAN fields. See ovs-fields(7).
-------------------------------------------------------------------
Thu Aug 16 08:26:19 UTC 2018 - mchandras@suse.de
- Fix conditional to only include vfio udev rules when building with
DPDK support
- Exclude %_docdir from main package which seems to be packaged by
default on older openSUSE releases.
-------------------------------------------------------------------
Thu Jun 7 10:00:35 UTC 2018 - mchandras@suse.de
- Restrict DPDK version to 18.02 since Open vSwitch 2.9 is not going
to work with any newer releases.
-------------------------------------------------------------------
Tue May 29 08:06:29 UTC 2018 - mchandras@suse.de
- Version bump to 2.9.2. Some of the changes are:
* OVSDB has new, experimental support for database clustering:
- New high-level documentation in ovsdb(7).
- New file format documentation for developers in ovsdb(5).
- Protocol documentation moved from ovsdb-server(1) to ovsdb-server(7).
- ovsdb-server now supports online schema conversion via
"ovsdb-client convert".
- ovsdb-server now always hosts a built-in database named _Server. See
ovsdb-server(5) for more details.
- ovsdb-client: New "get-schema-cksum", "query", "backup", "restore",
and "wait" commands. New --timeout option.
- ovsdb-tool: New "create-cluster", "join-cluster", "db-cid", "db-sid",
"db-local-address", "db-is-clustered", "db-is-standalone", "db-name",
"schema-name", "compare-versions", and "check-cluster" commands.
- ovsdb-server: New ovs-appctl commands for managing clusters.
- ovs-sandbox: New support for clustered databases.
* OVN:
- ovn-sbctl, ovn-nbctl: New options --leader-only, --no-leader-only.
* Bug fixes
- Use openvswitch user/group for the log directory (3f556d66edb9)
-------------------------------------------------------------------
Wed May 9 07:24:44 UTC 2018 - mchandras@suse.de
- Add support for RedHat distributions. All SUSE macros are now
conditional and the spec file has been adapted based on the upstream
one (fate#324537)
- spec-cleaner fixes
-------------------------------------------------------------------
Wed May 2 07:58:27 UTC 2018 - mchandras@suse.de
- Move openvswitch user/group creation to %pre scriptlet. The default
ownership of the configuration files expects the user and group to
be available as early as possible (bsc#1091408)
- spec-cleaner fixes.
-------------------------------------------------------------------
Mon Apr 23 09:33:02 UTC 2018 - mchandras@suse.de
- Preserve 'enable' status of openvswitch.service file when upgrading
from <SLE-12-SP3. The service file has been moved from the old
openvswitch-switch subpackage to the main openvswitch one so we
need to handle this migration step in %posttrans (bsc#1089476)
- Move DISABLE_STOP_ON_REMOVAL=yes to %preun. This variable is only
checked in %service_del_preun macro
-------------------------------------------------------------------
Thu Mar 22 10:39:10 UTC 2018 - mchandras@suse.de
- Fix file permissions in /etc/openvswitch for upgrades (951d79e638ec)
-------------------------------------------------------------------
Wed Mar 21 21:03:21 UTC 2018 - dmueller@suse.com
- set rundir to %_rundir
-------------------------------------------------------------------
Thu Mar 1 10:39:54 UTC 2018 - mchandras@suse.de
- Version bump to 2.9.0. Some of the changes are:
* NSH implementation now conforms to latest draft (draft-ietf-sfc-nsh-28).
* OVSDB:
- ovsdb-client: New "get-schema-cksum" and "query" commands.
- ovsdb-client: New "backup" and "restore" commands.
- ovsdb-client: New --timeout option.
- ovsdb-tool: New "db-name" and "schema-name" commands.
* ovs-vsctl and other commands that display data in tables now support a
--max-column-width option to limit column width.
* No longer slow-path traffic that sends to a controller. Applications,
such as OVN ACL logging, want to send a copy of a packet to a
controller while leaving the actual packet forwarding in the datapath.
* OVN:
- The "requested-chassis" option for a logical switch port now accepts a
chassis "hostname" in addition to a chassis "name".
- IPv6
* Added support to send IPv6 Router Advertisement packets in response to
the IPv6 Router Solicitation packets from the VIF ports.
* Added support to generate Neighbor Solicitation packets using the OVN
action 'nd_ns' to resolve unknown next hop MAC addresses for the
IPv6 packets.
- ovn-ctl: New commands run_nb_ovsdb and run_sb_ovsdb.
* OpenFlow:
- ct_clear action is now backed by kernel datapath. Support is probed for
when OVS starts.
- ovs-dpctl and related ovs-appctl commands:
* "flush-conntrack" now accept a 5-tuple to delete a specific
connection tracking entry.
* New "ct-set-maxconns", "ct-get-maxconns", and "ct-get-nconns" commands
for userspace datapath.
- No longer send packets to the Linux TAP device if it's DOWN unless it is
in another networking namespace.
* DPDK:
- Add support for DPDK v17.11
- Add support for vHost IOMMU
- New debug appctl command 'netdev-dpdk/get-mempool-info'.
* Custom statistics:
- DPDK physical ports now return custom set of "dropped", "error" and
"management" statistics.
- ovs-ofctl dump-ports command now prints new of set custom statistics
if available (for OpenFlow 1.4+).
- New appctl command 'dpif-netdev/pmd-rxq-rebalance' to rebalance rxq to
pmd assignments.
- Add rxq utilization of pmd to appctl 'dpif-netdev/pmd-rxq-show'.
- Add support for vHost dequeue zero copy (experimental)
* Userspace datapath:
- Output packet batching support.
* vswitchd:
- Datapath IDs may now be specified as 0x1 (etc.) instead of 16 digits.
- Configuring a controller, or unconfiguring all controllers, now deletes
all groups and meters (as well as all flows).
- New --enable-sparse configure option enables "sparse" checking by default.
- Added additional information to vhost-user status.
- For the complete list of changes, please refer to
http://openvswitch.org/releases/NEWS-2.9.0
- Fix incorrect python3 dependencies for python2 subpackages
- Drop upstream patches for DPDK 17.11 support. They have been merged upstream
* 0001-netdev-dpdk-replace-uint8_t-with-dpdk_port_t.patch
* 0002-netdev-dpdk-DPDK-v17.11-upgrade.patch
* 0003-netdev-dpdk-vHost-IOMMU-support.patch
- Get rid of the old openvswitch DPDK migration steps everybody should have
migrated from <2.6 to latest releases by now.
* 0001-utilities-Add-script-to-support-DPDK-option-migratio.patch
-------------------------------------------------------------------
Tue Jan 9 16:25:48 UTC 2018 - mchandras@suse.de
- Add upstream patches to support DPDK 17.11 (fate#322609)
* 0001-netdev-dpdk-replace-uint8_t-with-dpdk_port_t.patch
* 0002-netdev-dpdk-DPDK-v17.11-upgrade.patch
* 0003-netdev-dpdk-vHost-IOMMU-support.patch
-------------------------------------------------------------------
Wed Dec 27 17:05:35 UTC 2017 - mchandras@suse.de
- Python fixes and improvements
* Build Python3 subpackages for Open vSwitch python bindings
* Switch build architecture to 'noarch' for python bindings.
* Fix license for python subpackages
* Build and ship python bytecode files.
- Do not mark files in /usr/share/* as configuration files
- Replace version macro with actual version number of Obsoletes tags.
The DPDK packages have been merged with the regular OvS ones in the
2.7.0 release so make it more explicit which ones we are obsoleting.
- spec-cleaner fixes
-------------------------------------------------------------------
Wed Dec 6 14:00:55 UTC 2017 - mchandras@suse.de
- Fix documentation installation. It's best to install everything to
%buildroot and then remove the files we don't need instead of the
other way around since some files need to be present in the source
directory for the testsuite to run (bsc#1076284)
-------------------------------------------------------------------
Thu Nov 23 13:38:56 UTC 2017 - rbrown@suse.com
- Replace references to /var/adm/fillup-templates with new
%_fillupdir macro (boo#1069468)
-------------------------------------------------------------------
Fri Sep 29 19:46:56 UTC 2017 - mchandras@suse.de
- Version bump to 2.8.1. Some of the changes are:
* connmgr: Fix violation of flow monitoring protocol description.
* ovn/actions: Improve OVN load-balancing performance.
* dpif-netdev: Fix a zero-rate bug for meter
* conntrack: Tighten handling of alg reverse conns.
* conntrack: Add function ct_print_conn_info().
* conntrack: Create nat_conn_keys_insert().
* netdev-dpdk: reset packet_type for reused dp_packets.
* ofp-util: Fix memory leaks when parsing OF1.5 group properties (cve-2017-14970) (bsc#1061310)
* ofp-util: Fix memory leaks on error cases in ofputil_decode_group_mod() (cve-2017-14970) (bsc#1061310)
* ofp-util: Fix buffer overread in ofputil_decode_bundle_add().
* ofproto: Include patch ports in mtu overriden check
* netdev-tc-offloads: Fix vxlan tunnel offloading
* bridge: Fix controller status update to passive connections
* lib/odp: Fix handling of set masked action in parse_odp_action
* tests: Fix sparse error on test-ovn.c
* dpif-netdev: Fix per packet cycles statistics.
* netdev-dpdk: update vhost user client port status.
* ovsdb-server.1: Fix mention of wrong option.
-------------------------------------------------------------------
Mon Sep 4 07:22:47 UTC 2017 - mchandras@suse.de
- Version bump to 2.8.0 (fate#323334, bsc#1050700). Some of the changes are:
* ovs-ofctl can now accept and display port names in place of numbers. By
default it always accepts names and in interactive use it displays them;
use --names or --no-names to override. See ovs-ofctl(8) for details.
* "ovs-ofctl dump-flows" now accepts --no-stats to omit flow statistics.
* New ovs-dpctl command "ct-stats-show" to show connection tracking stats.
* DPDK log messages redirected to OVS logging subsystem.
Log level can be changed in a usual OVS way using
'ovs-appctl vlog' commands for 'dpdk' module. Lower bound
still can be configured via extra arguments for DPDK EAL.
* dpdkvhostuser ports are marked as deprecated. They will be removed
in an upcoming release.
* Support for DPDK v17.05.1.
* New support for multiple VLANs (802.1ad or "QinQ"), including a new
"dot1q-tunnel" port VLAN mode.
* Added NAT support for userspace datapath.
* Added FTP and TFTP support with NAT for userspace datapath.
* Experimental NSH (Network Service Header) support in userspace datapath.
* Tracing with ofproto/trace now traces through recirculation.
* New support for role-based access control (see ovsdb-server(1)).
* New commands 'stp/show' and 'rstp/show' (see ovs-vswitchd(8)).
* All features required by OpenFlow 1.4 are now implemented, so
ovs-vswitchd now enables OpenFlow 1.4 by default (in addition to
OpenFlow 1.0 to 1.3).
* Increased support for OpenFlow 1.6 (draft).
* Bundles now support hashing by just nw_src or nw_dst.
* The "learn" action now supports a "limit" option (see ovs-ofctl(8)).
* The port status bit OFPPS_LIVE now reflects link aliveness.
* OpenFlow 1.5 packet-out is now supported.
* Support for OpenFlow 1.5 field packet_type and packet-type-aware
pipeline (PTAP).
* Added generic encap and decap actions (EXT-382).
First supported use case is encap/decap for Ethernet.
* Added NSH (Network Service Header) support in userspace
Used generic encap and decap actions to implement encapsulation and
decapsulation of NSH header.
IETF NSH draft - https://datatracker.ietf.org/doc/draft-ietf-sfc-nsh/
* ovs-vswitchd and ovsdb-server run as non-root users by default.
* Add --cleanup option to command 'ovs-appctl exit' (see ovs-vswitchd(8)).
* Use new tunnel port option "packet_type" to configure L2 vs. L3.
* In conjunction with PTAP tunnel ports can handle a mix of L2 and L3
payload.
* New vxlan tunnel extension "gpe" to support VXLAN-GPE tunnels.
* New support for non-Ethernet (L3) payloads in GRE and VXLAN-GPE.
* Add experimental support for hardware offloading
* HW offloading is disabled by default.
* HW offloading is done through the TC interface.
* The next major version of OVS will introduce a change in the
conntrack API. Conntrack state is only available to the processing
path that follows the "recirc_table" argument of the ct() action.
Starting in OVS 2.9, this state will be cleared for the current
processing path whenever ct() is called.
- Create new openvswitch-doc subpackage for the Open vSwitch documentation
- Fix filename for logrotate configuration (bsc#1057357)
- Fix constrains with Provides/Obsoletes tags (bsc#1057357)
- Misc cleanups from spec-cleaner
-------------------------------------------------------------------
Thu Aug 10 15:12:23 UTC 2017 - olaf@aepfle.de
- Update filename in /var/adm/update-messages to match documentation,
and build-compare pattern
-------------------------------------------------------------------
Thu Jul 27 13:05:42 UTC 2017 - mchandras@suse.de
- Do not restart the ovs-vswitchd and ovsdb-server services
on package updates (bsc#1002734)
- Do not restart the ovs-vswitchd, ovsdb-server and openvswitch
services on package removals. This facilitates potential future
package moves but also preserves connectivity when the package is
removed (bsc#1050896)
-------------------------------------------------------------------
Wed Jul 19 07:32:59 UTC 2017 - mchandras@suse.de
- Version bump to 2.7.2. Some of the changes are:
* Revert "netdev: Fix netdev_open() to adhere to class type if given"
* connmgr: Fix crash when in_band_create() fails.
* db-ctl-base: Fix reference-following feature in get_row_by_id().
* netdev: Fix crash when ifa_netmask is null.
* ovn-controller: fix use-after-free in physical_run()
* ovn-controller: avoid crash when vswitchd connection is lost
* ovsdb-types: Fix memory leak on error path.
* vswitchd: Fix IFACE_STAT name error in iface_refresh_stats
* netdev: Fix crash when interface option is changed to invalid value.
* ofp-util: fix memory leak in ofputil_pull_ofp11_buckets
* configure: Fix check for rte_config.h to handle cross-compilation.
* ofp-util: Check length of buckets in ofputil_pull_ofp15_group_mod() (cve-2017-9265) (bsc#1041447)
* ofp-print: Don't abort on unknown reason in role status message (cve-2017-9263) (bsc#1041470)
-------------------------------------------------------------------
Sat Jul 8 20:42:27 UTC 2017 - jengelh@inai.de
- Remove irrelevant wording from summaries/description.
Diversify summaries.
- Get rid of an empty if block by inverting the condition.
- Implement shared library packaging guideline.
-------------------------------------------------------------------
Thu Jul 6 07:59:30 UTC 2017 - mchandras@suse.de
- Version bump to 2.7.1. Some of the changes are:
* Add --cleanup option to command 'ovs-appctl exit' (see ovs-vswitchd(8)).
* libopenvswitch-2 was renamed to libopenvswitch-2.7. Applications built
against libopenvswitch must be recompiled against the newer library.
* ovs-ctl: allow passing user:group to daemons
* ofproto/bond: Fix bond reconfiguration race condition
* ofproto/bond: Fix bond post recirc rule leak.
* ofproto/bond: fix interal flow leak of tcp-balance bond
* mcast-snooping: Avoid segfault for vswitchd.
* tun-metadata: Fix memory leak in tun_metadata_table_mod().
* netdev-dpdk: Fix mempool segfault.
* mirror: Allow concurrent lookups.
* ofp-util: Fix buffer overread in ofputil_pull_queue_get_config_reply10() (bsc#1040543)
* ovsdb: Check null before deref in ovsdb_monitor_table_condition_update().
* For the complete list of changes, please see:
- https://github.com/openvswitch/ovs/compare/v2.7.0...v2.7.1
- Remove upstreamed patch
* 0001-ofp-util-Fix-buffer-overread-in-ofputil_pull_queue_g.patch
- OVN services are no longer restarted automatically after upgrade (44dd4cc49c8a)
-------------------------------------------------------------------
Sat May 27 08:39:25 UTC 2017 - mchandras@suse.de
- Install firewalld OVN files with chmod 644 instead of 755 (4a54614120ea)
- Use python-six instead of python2-six dependency to cover distributions
which are not using the python-singlespec packaging specification yet (bsc#1041110)
- Add upstream patch to fix a buffer overread vulnerability (cve-2017-9214) (bsc#1040543)
* 0001-ofp-util-Fix-buffer-overread-in-ofputil_pull_queue_g.patch
-------------------------------------------------------------------
Tue Feb 28 09:24:48 UTC 2017 - mchandras@suse.de
- Version bump to 2.7.0 (fate#321541). Some of the changes are:
* Utilities and daemons that support SSL now allow protocols and
ciphers to be configured with --ssl-protocols and --ssl-ciphers.
* OVN:
- QoS is now implemented via egress shaping rather than ingress policing.
- DSCP marking is now supported, via the new northbound QoS table.
- IPAM now supports fixed MAC addresses.
- Support for source IP address based routing.
- ovn-trace:
* New --ovs option to also print OpenFlow flows.
* put_dhcp_opts and put_dhcp_optsv6 actions may now be traced.
- Support for managing SSL and remote connection configuration in
northbound and southbound databases.
* Fixed regression in table stats maintenance introduced in OVS
2.3.0, wherein the number of OpenFlow table hits and misses was
not accurate.
* OpenFlow:
- OFPT_PACKET_OUT messages are now supported in bundles.
- A new "selection_method=dp_hash" type for OpenFlow select group
bucket selection that uses the datapath computed 5-tuple hash
without making datapath flows match the 5-tuple fields, which
is useful for more efficient load balancing, for example. This
uses the Netronome extension to OpenFlow 1.5+ that allows
control over the OpenFlow select groups selection method. See
"selection_method" and related options in ovs-ofctl(8) for
details.
- The "sample" action now supports "ingress" and "egress" options.
- The "ct" action now supports the TFTP ALG where support is available.
- New actions "clone" and "ct_clear".
* ovs-ofctl:
- 'bundle' command now supports packet-out messages.
- New syntax for 'ovs-ofctl packet-out' command, which uses the
same string parser as the 'bundle' command. The old 'packet-out'
syntax is deprecated and will be removed in a later OVS
release.
- New unixctl "ofctl/packet-out" command, which can be used to
instruct a flow monitor to issue OpenFlow packet-out messages.
* ovsdb-server:
- Remote connections can now be made read-only (see ovsdb-server(1)).
* DPDK:
- Support for DPDK v16.11.
- Support for rx checksum offload. Refer DPDK HOWTO for details.
- Port Hotplug is now supported.
- DPDK physical ports can now have arbitrary names. The PCI address of
the device must be set using the 'dpdk-devargs' option. Compatibility
with the old dpdk<portid> naming scheme is broken, and as such a
device will not be available for use until a valid dpdk-devargs is
specified.
- Virtual DPDK Poll Mode Driver (vdev PMD) support.
* For the complete list of changes, please see:
- http://openvswitch.org/releases/NEWS-2.7.0
- Add patch to fix DPDK configuration migration for < 2.6 installations
* 0001-utilities-Add-script-to-support-DPDK-option-migratio.patch
- Rework spec file
* Enable DPDK by default and drop openvswitch-dpdk* packages. DPDK is only
enabled on supported architectures though.
- Remove openvswitch-dpdk.changes
- Remove openvswitch-dpdk.spec
- Remove pre_checkin.sh
* Merge openvswitch and openvswitch-switch into a single package since there
was no compelling reason to keep the switch functionality in a separate
subpackage.
* Split OVN package to ovn-common, ovn-central, ovn-docker, ovn-host and
ovn-controller similar to the Debian and RedHat packages.
-------------------------------------------------------------------
Fri Nov 25 16:36:40 UTC 2016 - mchandras@suse.de
- Relax the DPDK dependency a bit so we can support stable and
possibly new minor releases as well.
-------------------------------------------------------------------
Mon Nov 21 11:53:00 UTC 2016 - mchandras@suse.de
- Do not restart the openvswitch service after a package update.
Restarting the systemd service may break connectivity so let the
user decide when it is the best time for such an action. (bsc#1002734)
-------------------------------------------------------------------
Thu Nov 3 10:48:32 UTC 2016 - mchandras@suse.de
- Version bump to 2.6.1. Some of the changes are:
* ovn: Do not reply to ARP or ND NS for a VM's own IP address.
* ovs-ofctl: Tolerate differences in IPv6 formatting.
* netdev-linux: double tagged packets should use 0x88a8
* expr: Fix abort when simplifying "x != 0/0".
* dpif-netdev: Fix crash in dpif_netdev_execute().
* ovn-controller: Container can have connection to a hosting VM.
* stream-ssl: Fix memory leak on error path.
* Other bug fixes.
-------------------------------------------------------------------
Mon Oct 3 08:26:10 UTC 2016 - mchandras@suse.de
- Version bump to 2.6.0. Some of the changes are:
* First supported release of OVN. See ovn-architecture(7) for more
details.
* ovsdb-server:
- New "monitor_cond" "monitor_cond_update" and "update2" extensions to
RFC 7047.
* OpenFlow:
- OpenFlow 1.3+ bundles now expire after 10 seconds since the
last time the bundle was either opened, modified, or closed.
- OpenFlow 1.3 Extension 230, adding OpenFlow Bundles support, is
now implemented.
- OpenFlow 1.3+ bundles are now supported for group mods as well as
flow mods and port mods. Both 'atomic' and 'ordered' bundle
flags are supported for group mods as well as flow mods.
- Internal OpenFlow rule representation for load and set-field
actions is now much more memory efficient. For a complex flow
table this can reduce rule memory consumption by 40%.
- Bundles are now much more memory efficient than in OVS 2.5.
Together with memory efficiency improvements in OpenFlow rule
representation, the peak OVS resident memory use during a
bundle commit for large complex set of flow mods can be only
25% of that in OVS 2.5 (4x lower).
- OpenFlow 1.1+ OFPT_QUEUE_GET_CONFIG_REQUEST now supports OFPP_ANY.
- OpenFlow 1.4+ OFPMP_QUEUE_DESC is now supported.
- OpenFlow 1.4+ OFPT_TABLE_STATUS is now supported.
- New property-based packet-in message format NXT_PACKET_IN2 with support
for arbitrary user-provided data and for serializing flow table
traversal into a continuation for later resumption.
- New extension message NXT_SET_ASYNC_CONFIG2 to allow OpenFlow 1.4-like
control over asynchronous messages in earlier versions of OpenFlow.
- [...]
- For a complete list of changes, please see
http://openvswitch.org/releases/NEWS-2.6.0
- Remove obsolete patches and files
* 0001-Remove-broken-pipe-warning-logs-from-ovsdb-server.lo.patch
* 0001-ovs-ctl-Add-new-DPDK_OPTIONS-environment-variable.patch
* openvswitch-2.5.0-detect-dpdk-installation.patch
* openvswitch-switch.logrotate
* openvswitch.service
-------------------------------------------------------------------
Wed Sep 28 08:06:43 UTC 2016 - mchandras@suse.de
- New upstream bugfix release 2.5.1 (bsc#1001657)
* DPDK:
- New appctl command 'dpif-netdev/pmd-rxq-show' to check the port/rxq
assignment.
- Type of log messages from PMD threads changed from INFO to DBG.
* ovs-pki: Changed message digest algorithm from SHA-1 to SHA-512 because
SHA-1 is no longer secure and some operating systems have started to
disable it in OpenSSL.
* Bug fixes
-------------------------------------------------------------------
Tue Sep 6 10:11:49 UTC 2016 - mchandras@suse.de
- Add new DPDK_OPTIONS environment variable to hold the dpdk
vswitchd options so that the systemd unit files can be used to
launch an ovs-vswitcd DPDK capable instance instead of doing
it manually. (bsc#987265)
* 0001-ovs-ctl-Add-new-DPDK_OPTIONS-environment-variable.patch
-------------------------------------------------------------------
Sun Aug 14 11:05:59 CEST 2016 - ro@suse.de
- enable openvswitch-dpdk on aarch64 since dpdk
builds on aarch64 now
-------------------------------------------------------------------
Sun Aug 7 21:11:51 CEST 2016 - ro@suse.de
- remove aarch from openvswitch-dpdk until we have a dpdk
that builds for aarch64
-------------------------------------------------------------------
Tue Jul 12 10:41:14 UTC 2016 - mchandras@suse.de
- Add missing licenses (bsc#988513)
- Misc spec file cleanups highlighted by the spec-cleaner tool.
- Allow aarch64 builds for openvswitch-dpdk
-------------------------------------------------------------------
Mon Jul 4 12:08:06 UTC 2016 - mchandras@suse.de
- Allow the OvS daemon to run as non-root (bsc#987545)
- Add missing 'Conflicts' statements to all the subpackages as
required by the Factory review tools.
-------------------------------------------------------------------
Wed Jun 29 15:17:07 UTC 2016 - mchandras@suse.de
- Remove the ?_with_dpdk macro usage since this is not being set
without explicitly passing --with/--without during an OBS build.
This reverts back to using the %{with dpdk} style which is set
automatically based on %bcond_with* macros (bsc#989335).
-------------------------------------------------------------------
Tue Jun 28 13:21:12 UTC 2016 - mchandras@suse.de
- Fix subpackage dependencies to not require the non-existent python
DPDK subpackages (bsc#986835). We do not provide DPDK versions of
the python bindings so nothing should depend on these subpackages.
-------------------------------------------------------------------
Wed Jun 22 15:07:01 UTC 2016 - jengelh@inai.de
- Update rpm groups, acronym forms.
-------------------------------------------------------------------
Tue Jun 21 14:10:15 UTC 2016 - mchandras@suse.de
- Multiple fixes for the openvswitch-dpdk package (bsc#985878)
* Rename main package name to openvswitch-dpdk
* Do not build the python and kmp packages since they do not
depend on the DPDK capabilities
* Remove the open_virtual_switch capability. The
openvswitch-common will be used by reverse dependencies to
require either of the OvS packages.
* Provide virtual capabilities for all DPDK subpackages.
* Fix the dependencies in the python package to require either
of the OvS packages.
* Suggest the kmp package only if it's actually provided.
* Small cleanups.
-------------------------------------------------------------------
Fri May 27 13:49:15 UTC 2016 - mchandras@suse.de
- Add %check directive to run the openvswitch testsuite on demand.
The openvswitch contains hundreds of tests covering simple and
complex openvswitch configuration so it's beneficial to run them
during package builds. However, running the testsuite is not enabled
by default. Also add the following upstream patch:
* 0001-Remove-broken-pipe-warning-logs-from-ovsdb-server.lo.patch
-------------------------------------------------------------------
Thu May 26 15:40:04 UTC 2016 - mchandras@suse.de
- Build a DPDK-enabled Open vSwitch (fate#319170)
* Apply the following changes to the openvswitch.spec file
- Add support for building with DPDK capabilities
- Add conflicts between the two packages.
- Add new 'open_virtual_switch-*' capabilities for openvswitch,
openvswitch-switch, openvswitch-test packages which can be used
by reverse dependencies to select between the two openvswitch
implementations.
* Add pre_checkin.sh to generate the openvswitch_dpdk.spec file
based on the openvswitch.spec one.
* Add upstream openvswitch-2.5.0-detect-dpdk-installation.patch
patch to detect and link against a DPDK installation.
-------------------------------------------------------------------
Mon May 23 18:33:13 UTC 2016 - jengelh@inai.de
- Keep %prep small for speedier `quilt setup`. Kill __DATE__ from
source. Drop all .la files that are in %_libdir.
-------------------------------------------------------------------
Fri May 20 09:54:16 UTC 2016 - mchandras@suse.de
- Add missing %dir directive for /var/log/openvswitch
-------------------------------------------------------------------
Thu May 19 10:13:41 UTC 2016 - dmueller@suse.com
- remove aarch64 conditional, no longer needed
-------------------------------------------------------------------
Thu May 5 09:00:26 UTC 2016 - mchandras@suse.de
- Multiple spec file and package fixes.
* Drop obsolete log-check-module-loop.patch patch.
* Drop conditional code for older openSUSE releases. This also removes
all of the sysvinit files which were pulled in when the package was
originally developed.
* Drop support for building the GUI. The GUI code has been removed in
7868fbc6c97c2 ("ovsdbmonitor: Remove.") upstream commit and it does
not exist since v2.2.0 so drop the code in the spec file.
* Use the upstream systemd service files for the OVN components instead
of maintaining our own downstream.
* Drop the unofficial ipsec support. It hasn't been enabled in years.
* Drop support for building the upstream kernel module since it's being
shipped with the kernel package in latest releases. Restore the
%bcond_with kmp to make it easier to build the external kernel module
if needed.
* Fix some suse-missing-rclink rpmlint warnings for the ovn subpackage
* Base our service unit to the upstream one.
* Stop silently enabling the GRE protocol in iptables by default.
* Install the upstream sysconfig file to pass more information to the
openvswitch service unit.
* Use make install instead of %makeinstall
* Drop brcompat leftovers.
* spec-cleaner fixes
-------------------------------------------------------------------
Fri Apr 1 10:39:26 UTC 2016 - dmueller@suse.com
- address dimstars concerns
-------------------------------------------------------------------
Tue Mar 22 18:06:40 UTC 2016 - mchandras@suse.de
- Prevent systemd from autogenerating a service file for
openvswitch-switch which conflicts with the opevswitch
one. (bsc#966762)
-------------------------------------------------------------------
Fri Mar 18 10:20:02 UTC 2016 - kmroz@suse.com
- Add missing %defattr to ovn files section.
-------------------------------------------------------------------
Tue Mar 8 13:16:03 UTC 2016 - kmroz@suse.com
- Add additional install requirements for python-openvswitch-test
package.
-------------------------------------------------------------------
Fri Mar 4 14:38:16 UTC 2016 - kmroz@suse.com
- Add support for building both 2.4.0 and 2.5.0 from the same spec
file. Needed to fix SLE11 builds as OVS-2.5.0 no longer supports
python < 2.7. SLE11 SP3 and SP4 use python 2.6.
- Added: openvswitch-2.4.0.tar.gz
-------------------------------------------------------------------
Thu Mar 3 13:47:04 UTC 2016 - kmroz@suse.com
- New upstream version 2.5.0 (LTS)
- Dropped support for Python older than version 2.7. As a consequence,
using Open vSwitch 2.5 or later on XenServer 6.5 or earlier (which
have Python 2.4) requires first installing Python 2.7.
- OpenFlow:
* Group chaining (where one OpenFlow group triggers another) is
now supported.
* OpenFlow 1.4+ "importance" is now considered for flow eviction.
* OpenFlow 1.4+ OFPTC_EVICTION is now implemented.
* OpenFlow 1.4+ OFPTC_VACANCY_EVENTS is now implemented.
* OpenFlow 1.4+ OFPMP_TABLE_DESC is now implemented.
* Allow modifying the ICMPv4/ICMPv6 type and code fields.
* OpenFlow 1.4+ OFPT_SET_ASYNC_CONFIG and OFPT_GET_ASYNC_CONFIG are
now implemented.
- ovs-ofctl:
* New "out_group" keyword for OpenFlow 1.1+ matching on output group.
- Tunnels:
* Geneve tunnels can now match and set options and the OAM bit.
* The nonstandard GRE64 tunnel extension has been dropped.
- Support Multicast Listener Discovery (MLDv1 and MLDv2).
- Add 'symmetric_l3l4' and 'symmetric_l3l4+udp' hash functions.
- sFlow agent now reports tunnel and MPLS structures.
- New 'check-system-userspace', 'check-kmod' and 'check-kernel' Makefile
targets to run a new system testsuite. These tests can be run inside
a Vagrant box. See INSTALL.md for details
- Mark --syslog-target argument as deprecated. It will be removed in
the next OVS release.
- Added --user option to all daemons
- Add support for connection tracking through the new "ct" action
and "ct_state"/"ct_zone"/"ct_mark"/"ct_label" match fields. Only
available on Linux kernels with the connection tracking module loaded.
- Add experimental version of OVN. OVN, the Open Virtual Network, is a
system to support virtual network abstraction. OVN complements the
existing capabilities of OVS to add native support for virtual network
abstractions, such as virtual L2 and L3 overlays and security groups.
- RHEL packaging:
* DPDK ports may now be created via network scripts (see README.RHEL).
- DPDK:
* Requires DPDK 2.2
* Added multiqueue support to vhost-user
* Note: QEMU 2.5+ required for multiqueue support
- SELinux:
* Introduced SELinux policy package.
- New package: openvswitch-ovn
- Removed: openvswitch-2.4.0.tar.gg
- Added: openvswitch-2.5.0.tar.gg
- Added: openvswitch-testcontroller.init
- Added: ovn-controller-vtep.service
- Added: ovn-controller.service
- Added: ovn-northd.service
- TODO: Explicit DPDK support not yet added to spec.
- Spec file work and cleanup.
- Includes fixes (or obsoletes) the following issues:
* bsc#948840, bsc#941466, bsc#936780, bnc#935750, bnc#867964
-------------------------------------------------------------------
Tue Mar 1 08:43:19 UTC 2016 - kmroz@suse.com
- Tighten up openvswitch service ordering.
bsc#968205 (openSUSE), bsc#951314 (SLE).
-------------------------------------------------------------------
Wed Feb 24 15:23:20 UTC 2016 - kmroz@suse.com
- Don't install INSTALL.* files.
-------------------------------------------------------------------
Wed Feb 24 13:45:52 UTC 2016 - kmroz@suse.com
- Removed: openvswitch-switch.template
-------------------------------------------------------------------
Wed Feb 24 12:53:50 UTC 2016 - kmroz@suse.com
- New upstream version 2.4.0
- Flow table modifications are now atomic, meaning that each packet
now sees a coherent version of the OpenFlow pipeline. For
example, if a controller removes all flows with a single OpenFlow
"flow_mod", no packet sees an intermediate version of the OpenFlow
pipeline where only some of the flows have been deleted.
- Added support for SFQ, FQ_CoDel and CoDel qdiscs.
- Add bash command-line completion support for ovs-vsctl Please check
utilities/ovs-command-compgen.INSTALL.md for how to use.
- The MAC learning feature now includes per-port fairness to mitigate
MAC flooding attacks.
- New support for a "conjunctive match" OpenFlow extension, which
allows constructing OpenFlow matches of the form "field1 in
{a,b,c...} AND field2 in {d,e,f...}" and generalizations. For details,
see documentation for the "conjunction" action in ovs-ofctl(8).
- Add bash command-line completion support for ovs-appctl/ovs-dpctl/
ovs-ofctl/ovsdb-tool commands. Please check
utilities/ovs-command-compgen.INSTALL.md for how to use.
- The "learn" action supports a new flag "delete_learned" that causes
the learned flows to be deleted when the flow with the "learn" action
is deleted.
- Basic support for the Geneve tunneling protocol. It is not yet
possible to generate or match options. This is planned for a future
release. The protocol is documented at
http://tools.ietf.org/html/draft-gross-geneve-00
- The OVS database now reports controller rate limiting statistics.
- sflow now exports information about LACP-based bonds, port names, and
OpenFlow port numbers, as well as datapath performance counters.
- ovs-dpctl functionality is now available for datapaths integrated
into ovs-vswitchd, via ovs-appctl. Some existing ovs-appctl
commands are now redundant and will be removed in a future
release. See ovs-vswitchd(8) for details.
- OpenFlow:
* OpenFlow 1.4 bundles are now supported for flow mods and port
mods. For flow mods, both 'atomic' and 'ordered' bundle flags
are trivially supported, as all bundled messages are executed
in the order they were added and all flow table modifications
are now atomic to the datapath. Port mods may not appear in
atomic bundles, as port status modifications are not atomic.
* IPv6 flow label and neighbor discovery fields are now modifiable.
* OpenFlow 1.5 extended registers are now supported.
* The OpenFlow 1.5 actset_output field is now supported.
* OpenFlow 1.5 Copy-Field action is now supported.
* OpenFlow 1.5 masked Set-Field action is now supported.
* OpenFlow 1.3+ table features requests are now supported (read-only).
* Nicira extension "move" actions may now be included in action sets.
* "resubmit" actions may now be included in action sets. The resubmit
is executed last, and only if the action set has no "output" or "group"
action.
* OpenFlow 1.4+ flow "importance" is now maintained in the flow table.
* A new Netronome extension to OpenFlow 1.5+ allows control over the
fields hashed for OpenFlow select groups. See "selection_method" and
related options in ovs-ofctl(8) for details.
- ovs-ofctl has a new '--bundle' option that makes the flow mod commands
('add-flow', 'add-flows', 'mod-flows', 'del-flows', and 'replace-flows')
use an OpenFlow 1.4 bundle to operate the modifications as a single
atomic transaction. If any of the flow mods in a transaction fail, none
of them are executed. All flow mods in a bundle appear to datapath
lookups simultaneously.
- ovs-ofctl 'add-flow' and 'add-flows' commands now accept arbitrary flow
mods as an input by allowing the flow specification to start with an
explicit 'add', 'modify', 'modify_strict', 'delete', or 'delete_strict'
keyword. A missing keyword is treated as 'add', so this is fully
backwards compatible. With the new '--bundle' option all the flow mods
are executed as a single atomic transaction using an OpenFlow 1.4 bundle.
- ovs-pki: Changed message digest algorithm from MD5 to SHA-1 because
MD5 is no longer secure and some operating systems have started to disable
it in OpenSSL.
- ovsdb-server: New OVSDB protocol extension allows inequality tests on
"optional scalar" columns. See ovsdb-server(1) for details.
- ovs-vsctl now permits immutable columns in a new row to be modified in
the same transaction that creates the row.
- test-controller has been renamed ovs-testcontroller at request of users
who find it useful for testing basic OpenFlow setups. It is still not
a necessary or desirable part of most Open vSwitch deployments.
- Support for travis-ci.org based continuous integration builds has been
added. Build failures are reported to build@openvswitch.org. See INSTALL.md
file for additional details.
- Support for the Rapid Spanning Tree Protocol (IEEE 802.1D-2004).
The implementation has been tested successfully against the Ixia Automated
Network Validation Library (ANVL).
- Stats are no longer updated on fake bond interface.
- Keep active bond slave selection across OVS restart.
- A simple wrapper script, 'ovs-docker', to integrate OVS with Docker
containers. If and when there is a native integration of Open vSwitch
with Docker, the wrapper script will be retired.
- Added support for DPDK Tunneling. VXLAN, GRE, and Geneve are supported
protocols. This is generic tunneling mechanism for userspace datapath.
- Support for multicast snooping (IGMPv1, IGMPv2 and IGMPv3)
- Support for Linux kernels up to 4.0.x
- The documentation now use the term 'destination' to mean one of syslog,
console or file for vlog logging instead of the previously used term
'facility'.
- Support for VXLAN Group Policy extension
- Initial support for the IETF Auto-Attach SPBM draft standard. This
contains rudimentary support for the LLDP protocol as needed for
Auto-Attach.
- The default OpenFlow and OVSDB ports are now the IANA-assigned
numbers. OpenFlow is 6653 and OVSDB is 6640.
- Support for DPDK vHost.
- Support for outer UDP checksums in Geneve and VXLAN.
- The kernel vports with dependencies are no longer part of the overall
openvswitch.ko but built and loaded automatically as individual kernel
modules (vport-*.ko).
- Support for STT tunneling.
- Support to configure method (--syslog-method argument) that determines
how daemons will talk with syslog.
- Support for "ovs-appctl vlog/list-pattern" command that lets to query
logging message format for each destination.
- GRE64 and ipsec_gre64 tunnel protocol is deprecated and will be removed
from OVS v2.5 release.
* The openvswitch-testcontroller package is new. It reintroduces the
simple OpenFlow controller that was packaged with Open vSwitch prior to
version 2.1, at request of users who find it useful for testing basic
OpenFlow setups. It is still not a necessary or desirable part of most
Open vSwitch deployments.
- Fixed: log-check-module-loop.patch to work with new version.
- Removed: openvswitch-2.3.1.tar.gz
- Added: openvswitch-2.4.0.tar.gz
- Spec file work and cleanup.
-------------------------------------------------------------------
Sun Jan 10 17:55:22 UTC 2016 - antoine.belvire@laposte.net
- Add calls to /sbin/ldconfig in %post and %postun
- Fix typo in Url
-------------------------------------------------------------------
Sun Dec 28 21:27:49 UTC 2014 - andrea@opensuse.org
- new upstream version 2.3.1
- Compatibility with autoconf 2.63 (previously >=2.64)
- ovs-pki: Changed message digest algorithm from MD5 to SHA-1 because
MD5 is no longer secure and some operating systems have started to disable
it in OpenSSL.
- Keep active bond slave selection across OVS restart.
* v2.3.0 - 14 Aug 2014
- OpenFlow 1.1, 1.2, and 1.3 are now enabled by default in
ovs-vswitchd.
- Linux kernel datapath now has an exact match cache optimizing the
flow matching process.
- Datapath flows now have partially wildcarded tranport port field
matches. This reduces userspace upcalls, but increases the
number of different masks in the datapath. The kernel datapath
exact match cache removes the overhead of matching the incoming
packets with the larger number of masks, but when paired with an
older kernel module, some workloads may perform worse with the
new userspace.
* v2.2.0 - Internal Release
- Internal ports are no longer brought up by default, because it
should be an administrator task to bring up devices as they are
configured properly.
- ovs-vsctl now reports when ovs-vswitchd fails to create a new port or
bridge.
- The "ovsdbmonitor" graphical tool has been removed, because it was
poorly maintained and not widely used.
- New "check-ryu" Makefile target for running Ryu tests for OpenFlow
controllers against Open vSwitch. See INSTALL for details.
- Added IPFIX support for SCTP flows and templates for ICMPv4/v6 flows.
- Upon the receipt of a SIGHUP signal, ovs-vswitchd no longer reopens its
log file (it will terminate instead). Please use 'ovs-appctl vlog/reopen'
instead.
- Support for Linux kernels up to 3.14. From Kernel 3.12 onwards OVS uses
tunnel API for GRE and VXLAN.
- Added experimental DPDK support.
- Added support for custom vlog patterns in Python
- removed datapath-Add-support-for-Linux-3.12.patch no more required
- removed sle11-device-ops-backport.diff , not used before
-------------------------------------------------------------------
Tue Oct 21 11:24:25 UTC 2014 - dmueller@suse.com
- fix rcX link
-------------------------------------------------------------------
Tue Sep 23 08:40:15 UTC 2014 - dmueller@suse.com
- disable shipped kmp module build for newer distros
-------------------------------------------------------------------
Mon Sep 22 07:11:35 UTC 2014 - dmueller@suse.com
- update to 2.1.3:
datapath: Drop packets when interdev is not up
Fix two memory leaks.
tests: Remove extraneous parenthesis from test name.
build: Allow building with autoconf 2.63
ovsdb: Don't add ovsdb-server.c to libovsdb.
stp: Make stp-disabled port forward stp bpdu packets.
dpif-linux: Fix bad backport in previous commit.
dpif-linux: Avoid null dereference if all ports disappear.
ofp-msgs: Correct code for queue configuration messages in OpenFlow 1.0.
ofp-util: Fix null pointer dereference in ofputil_pull_buckets().
tests: Disable glibc memory checking under glibc <= 2.11.
datapath/flow_netlink: Fix NDP flow mask validation
datapath: Change u64_stats_* to use _irq instead of _bh().
datapath: Use exact lookup for flow_get and flow_del.
json: Fix parsing of strings that end with a backslash.
dpif: When executing actions needs help, use "set" action to set tunnel.
datapath: Rehash 16-bit skbuff hashes into 32 bits.
upcall: Configure datapath max-idle through ovs-vsctl.
upcall: Add appctl call to set flow_limit.
stream-ssl: Enable TLSv1.1 and TLSv1.2.
lib/classifier: Fix use of uninitialized memory.
lib/classifier: Clarify trie_lookup_value().
ovs-lib: allow non-root users to check service status
rhel: Add Patch Port support to initscripts
rhel: support persistent mac addresses on OVS bridges
netflow: Fold netflow_expire() into netflow_flow_clear().
ofproto: Fix memory leak in ofproto_destroy().
ofproto: Send monitor updates if a flow mod changes a rules actions
lib/match: Add mask bits for nd_target for ICMPv6
bridge: Initialize dscp for mgmt connections.
datapath: Fix build from stats backport.
openvswitch: fix a possible deadlock and lockdep warning
AUTHORS: Fix spelling of Anoob Soman's name.
ofproto-dpif-xlate: Fix null pointer dereference
ovs-ctl: Don't decrease max open fds if already set higher
Makefiles: Fix invocation of dot2pic when builddir != srcdir.
dot2pic: Stop assuming the path of the interpreter
dot2pic: Use "> $@; mv $@.tmp $@" notation to make this reliably fail
tunnel: Fix bug where misconfiguration persists.
netdev: Safely increment refcount in netdev_open().
datapath: Fix feature check for HAVE_RXHASH.
datapath: clear l4_rxhash in skb_clear_hash.
ofproto-dpif-xlate: Fix in_port=controller case for NORMAL action
-------------------------------------------------------------------
Fri May 2 03:38:11 UTC 2014 - e.istomin@edss.ee
- updated to 2.1.2.
This contains bug fixes related to sending packet-in messages to the controller.
-------------------------------------------------------------------
Tue Apr 29 17:16:22 UTC 2014 - e.istomin@edss.ee
- updated to 2.1.1. This release removes the "ovsdbmonitor" program and contains bug fixes.
-------------------------------------------------------------------
Wed Apr 2 14:25:35 UTC 2014 - kmroz@suse.com
- Prevent ovsdb-server from entering an infinite loop when
processing logging levels during bringup.
added: log-check-module-loop.patch
-------------------------------------------------------------------
Thu Mar 27 12:56:32 UTC 2014 - dmueller@suse.com
- update to 2.1.0:
- Address prefix tracking support for flow tables. New columns
"prefixes" in OVS-DB table "Flow_Table" controls which packet
header fields are used for address prefix tracking. Prefix
tracking allows the classifier to skip rules with longer than
necessary prefixes, resulting in better wildcarding for datapath
flows. Default configuration is to not use any fields for prefix
tracking. However, if any flow tables contain both exact matches
and masked matches for IP address fields, OVS performance may be
increased by using this feature.
* As of now, the fields for which prefix lookup can be enabled
are: 'tun_id', 'tun_src', 'tun_dst', 'nw_src', 'nw_dst' (or
aliases 'ip_src' and 'ip_dst'), 'ipv6_src', and 'ipv6_dst'.
(Using this feature for 'tun_id' would only make sense if the
tunnel IDs have prefix structure similar to IP addresses.)
* There is a maximum number of fields that can be enabled for any
one flow table. Currently this limit is 3.
* Examples:
$ ovs-vsctl set Bridge br0 flow_tables:0=@N1 -- \
--id=@N1 create Flow_Table name=table0
$ ovs-vsctl set Bridge br0 flow_tables:1=@N1 -- \
--id=@N1 create Flow_Table name=table1
$ ovs-vsctl set Flow_Table table0 prefixes=ip_dst,ip_src
$ ovs-vsctl set Flow_Table table1 prefixes=[]
- TCP flags matching: OVS now supports matching of TCP flags. This
has an adverse performance impact when using OVS userspace 1.10
or older (no megaflows support) together with the new OVS kernel
module. It is recommended that the kernel and userspace modules
both are upgraded at the same time.
- The default OpenFlow and OVSDB ports will change to
IANA-assigned numbers in a future release. Consider updating
your installations to specify port numbers instead of using the
defaults.
- OpenFlow:
* The OpenFlow 1.1+ "Write-Actions" instruction is now supported.
* OVS limits the OpenFlow port numbers it assigns to port 32767 and
below, leaving port numbers above that range free for assignment
by the controller.
* ovs-vswitchd now honors changes to the "ofport_request" column
in the Interface table by changing the port's OpenFlow port
number.
- ovs-vswitchd.conf.db.5 man page will contain graphviz/dot
diagram only if graphviz package was installed at the build time.
- Support for Linux kernels up to 3.11
- ovs-dpctl:
The "show" command also displays mega flow mask stats.
- ovs-ofctl:
* New command "ofp-parse-pcap" to dump OpenFlow from PCAP files.
- ovs-controller has been renamed test-controller. It is no longer
packaged or installed by default, because too many users assumed
incorrectly that ovs-controller was a necessary or desirable part
of an Open vSwitch deployment.
- Added vlog option to export to a UDP syslog sink.
- ovsdb-client:
* The "monitor" command can now monitor all tables in a database,
instead of being limited to a single table.
- The flow-eviction-threshold has been replaced by the flow-limit which is a
hard limit on the number of flows in the datapath. It defaults to 200,000
flows. OVS automatically adjusts this number depending on network
conditions.
-------------------------------------------------------------------
Thu Mar 27 12:55:44 UTC 2014 - dmueller@suse.com
- allow to use kmod as well
-------------------------------------------------------------------
Mon Feb 3 17:13:36 UTC 2014 - dmueller@suse.com
- another fix in logrotate
-------------------------------------------------------------------
Mon Jan 27 10:42:05 UTC 2014 - dmueller@suse.com
- fix logrotate configuration
-------------------------------------------------------------------
Tue Jan 21 08:48:03 UTC 2014 - dmueller@suse.com
- add openvswitch.service for systemd distros
-------------------------------------------------------------------
Tue Jan 14 15:03:56 UTC 2014 - dmueller@suse.com
- add kernel-312.diff (build against Kernel 3.12.x)
-------------------------------------------------------------------
Fri Jan 3 17:54:10 UTC 2014 - dmueller@suse.com
- do not build with valgrind-devel on aarch64 (doesn't exist)
-------------------------------------------------------------------
Thu Dec 5 13:14:11 UTC 2013 - dmueller@suse.com
- update to 2.0.0:
- The ovs-vswitchd process is no longer single-threaded. Multiple
threads are now used to handle flow set up and asynchronous
logging.
- OpenFlow:
* Experimental support for OpenFlow 1.1 (in addition to 1.2 and
1.3, which had experimental support in 1.10).
* New support for matching outer source and destination IP address
of tunneled packets, for tunnel ports configured with the newly
added "remote_ip=flow" and "local_ip=flow" options.
* Support for matching on metadata 'pkt_mark' for interacting with
other system components. On Linux this corresponds to the skb
mark.
* Support matching, rewriting SCTP ports
- The Interface table in the database has a new "ifindex" column to
report the interface's OS-assigned ifindex.
- New "check-oftest" Makefile target for running OFTest against Open
vSwitch. See README-OFTest for details.
- The flow eviction threshold has been moved to the Open_vSwitch table.
- Database names are now mandatory when specifying ovsdb-server options
through database paths (e.g. Private key option with the database name
should look like "--private-key=db:Open_vSwitch,SSL,private_key").
- Added ovs-dev.py, a utility script helpful for Open vSwitch developers.
- Support for Linux kernels up to 3.10
- ovs-ofctl:
* New "ofp-parse" for printing OpenFlow messages read from a file.
- Added configurable flow caching support to IPFIX exporter.
- Dropped support for Linux pre-2.6.32.
- Log file timestamps and ovsdb commit timestamps are now reported
with millisecond resolution. (Previous versions only reported
whole seconds.)
-------------------------------------------------------------------
Wed Dec 4 11:44:02 CET 2013 - jsuchome@suse.cz
- added try-restart action to openvswitch-switch init script
(bnc#849222)
-------------------------------------------------------------------
Wed Nov 20 02:51:57 UTC 2013 - kmroz@suse.com
- Incorporate ubuntu Linux 3.11 fix to prevent kernel datapath panics.
Addresses bnc#851395
+ added datapath-add-support-for-linux-3.11.patch
-------------------------------------------------------------------
Tue Oct 1 07:21:16 UTC 2013 - speilicke@suse.com
- Let openvswitch-switch depend on util-linux instead of uuid-runtime
(Debian package name). The ovs-ctl / ovs-pki tools use /usr/bin/uuidgen
-------------------------------------------------------------------
Tue Sep 24 13:17:25 UTC 2013 - bwiedemann@suse.com
- add vlan_apichange.patch to compensate kernel API changes
between 3.8 and 3.11 in commits f646968f and 86a9bad3
-------------------------------------------------------------------
Fri Sep 13 15:25:40 UTC 2013 - dmueller@suse.com
- update to 1.11.0:
* http://openvswitch.org/releases/NEWS-1.11.0
- remove accept-newer-kernel-versions.diff
-------------------------------------------------------------------
Fri Sep 13 10:09:18 UTC 2013 - dmueller@suse.com
- sign modules for secure boot (bnc#839838)
-------------------------------------------------------------------
Tue Jul 2 17:08:11 UTC 2013 - tpaszkowski@novell.com
- Build openvswitch kernel module for xen kernel flavor.
-------------------------------------------------------------------
Sun Jun 16 05:30:24 UTC 2013 - vuntz@suse.com
- Add openvswitch-ipsec.init, Module.supported,
Module.supported.updates and README.packager as sources: they
were not listed as such.
- Install openvswitch-ipsec.init if we build ipsec support.
-------------------------------------------------------------------
Thu Jun 6 14:28:07 UTC 2013 - tpaszkowski@novell.com
- mark openvswitch module shipped with package as supported
-------------------------------------------------------------------
Fri May 17 11:58:32 UTC 2013 - dmueller@suse.com
- only call boot.sh for newer distros
- build parallel
- accept-newer-kernel-versions.diff:
Accept newer kernel versions
- sle11-device-ops-backport.diff
Handle sle11 device ops backport
-------------------------------------------------------------------
Fri May 3 14:28:00 UTC 2013 - e.istomin@edss.ee
- New upstream version 1.10.0
http://openvswitch.org/releases/NEWS-1.10.0
- Removed openvswitch-1.7.0-stp-fwd-delay.patch because of bridge compatibility support removing
-------------------------------------------------------------------
Wed Apr 3 09:30:20 UTC 2013 - tpaszkowski@novell.com
- %make_install macro no longer works on SLE11. Spec file now uses %makeinstall.
-------------------------------------------------------------------
Tue Mar 26 11:21:37 UTC 2013 - speilicke@suse.com
- Use build conditionals instead of %define and disable GUI by default
everywhere
-------------------------------------------------------------------
Thu Mar 21 13:23:36 UTC 2013 - tpaszkowski@novell.com
- Fix openvswitch-controller init script
- Add openflow-controller sysconfig file with default binding to ptcp:
-------------------------------------------------------------------
Tue Mar 12 13:36:57 UTC 2013 - tpaszkowski@suse.com
- ipsec build temporary disabled
-------------------------------------------------------------------
Fri Mar 8 14:16:57 UTC 2013 - tpaszkowski@suse.com
- Provides and Obsolete for former openvswitch-common package
-------------------------------------------------------------------
Thu Mar 7 21:49:09 UTC 2013 - tpaszkowski@suse.com
- always build in openvswitch kernel module (gre tunelling not present
within the standard kernel module)
- removed unnedded build rquirements (move to appropriate subpackage)
- moved common stuff to main pkg
- added group filed to packages and sub packages
- switch pkg suggest kernel module pkg
- moved python test stuff to python-openvswitch-test sub pkg
- moved ui interface requirements to ovsdbmonitor sub pkg
- ovsdbmonitor will not be build on sles (for now)
- sub pkg test require python-twisted (ovs-test)
- don't call boot.sh on sles11 (old autoconf). Shipped configuration stuff
is ok (we don't patch plenty of stuff)
- ovs-parse-backtrace now part of main pkg
- addes ovs-l3ping,ovs-vlan-test to test sub pkg
-------------------------------------------------------------------
Thu Feb 28 22:17:11 UTC 2013 - e.istomin@edss.ee
- New upstream version 1.9.0
http://openvswitch.org/releases/NEWS-1.9.0
-------------------------------------------------------------------
Thu Nov 15 08:59:41 UTC 2012 - rhafer@suse.com
- New patch openvswitch-1.7.1-ovs-pki-permissions.patch: Avoid
creating world writeable directory (bnc#774332, CVE-2012-3449)
-------------------------------------------------------------------
Sun Sep 9 15:33:08 UTC 2012 - on@morlock.nu
- New upstream version 1.7.1
* This release only contain bug fixes.
-------------------------------------------------------------------
Tue Jul 31 12:41:19 UTC 2012 - on@morlock.nu
- New upstream version 1.7.0
* kernel modules are renamed. openvswitch_mod.ko is now
openvswitch.ko and brcompat_mod.ko is now brcompat.ko.
* Increased the number of NXM registers to 8.
* Added ability to configure DSCP setting for manager and controller
connections. By default, these connections have a DSCP value of
Internetwork Control (0xc0).
* Added the granular link health statistics, 'cfm_health', to an
interface.
* OpenFlow:
- Added support to mask nd_target for ICMPv6 neighbor discovery flows.
- Added support for OpenFlow 1.3 port description (OFPMP_PORT_DESC)
multipart messages.
* ovs-ofctl:
- Added the "dump-ports-desc" command to retrieve port
information using the new port description multipart messages.
* ovs-test:
- Added support for spawning ovs-test server from the client.
- Now ovs-test is able to automatically create test bridges and ports.
* "ovs-dpctl dump-flows" now prints observed TCP flags in TCP flows.
* Tripled flow setup performance.
* The "coverage/log" command previously available through ovs-appctl
has been replaced by "coverage/show". The new command replies with
coverage counter values, instead of logging them.
- Adjusted openvswitch-1.1.0-stp-fwd-delay.patch (new filename)
-------------------------------------------------------------------
Thu Jul 26 11:47:36 UTC 2012 - rhafer@suse.com
- The kernel modules where renamed in recent kernels. Backported a
patch from the 1.7 branch to use the new kernel names when
building on openSUSE > 12.1.
-------------------------------------------------------------------
Tue Jun 26 15:09:02 UTC 2012 - on@morlock.nu
- New upstream version 1.6.1
* Added support for bitwise matching on TCP and UDP ports.
* Support for limiting the number of flows in an OpenFlow flow
table, with configurable policy for evicting flows upon
overflow.
* Added an OpenFlow extension that allows controllers more precise
control over which messages they receive asynchronously.
* CFM module CCM broadcasts can now be tagged with an 802.1p priority.
* Load balancing for bonds can be disabled.
-------------------------------------------------------------------
Wed Jun 6 15:04:45 UTC 2012 - on@morlock.nu
- New upstream version 1.5.0
* OpenFlow:
- Added support for querying, modifying, and deleting flows
based on flow cookie when using NXM.
- Added new NXM_PACKET_IN format.
* ovs-ofctl:
- Added daemonization support to the monitor and snoop commands.
* ovs-vsctl:
- The "find" command supports new set relational operators
{=}, {!=}, {<}, {>}, {<=}, and {>=}.
* ovsdb-tool now uses the typical database and schema installation
directories as defaults.
-------------------------------------------------------------------
Thu May 10 22:32:34 UTC 2012 - on@morlock.nu
- New upstream version 1.4.1
* The default MAC learning timeout has been increased from 60 seconds
to 300 seconds. The MAC learning timeout is now configurable.
* Bug fixes
-------------------------------------------------------------------
Thu Apr 5 10:08:32 UTC 2012 - on@morlock.nu
- Build KMP packages from kernel-source on openSuSE > 12.1.
-------------------------------------------------------------------
Tue Mar 13 12:16:43 UTC 2012 - mvidner@suse.com
- Specify defattr for pki subpackage to fix 11.4 build.
-------------------------------------------------------------------
Thu Mar 1 13:35:52 UTC 2012 - dmacvicar@suse.de
- Rewrite the package based on the debian version instead
* current package was tied to xenserver config without
even requiring it
* instead of one big package depending even on qt4, there
are -switch, -controller, -test subpackages now
-------------------------------------------------------------------
Mon Feb 20 23:39:50 UTC 2012 - on@morlock.nu
- New upstream version 1.4.0
* Compatible with Open vSwitch kernel module included in Linux 3.3.
* Don't require the "normal" action to use mirrors.
* New "VLAN splinters" feature to work around buggy device driver in old Linux versions.
* Added ability to match ECN and TTL in IPv4 and IPv6 headers.
* Added ability to match IPv6 flow label.
* Added ability to modify ECN bits and TTL in IPv4 headers.
* And many others. See the full change log here:
http://openvswitch.org/releases/NEWS-1.4.0
-------------------------------------------------------------------
Fri Sep 2 09:11:21 UTC 2011 - andrea@opensuse.org
- new uopstream version 1.2.1
* The release only contains bug fixes for the 1.2.0 release
-------------------------------------------------------------------
Mon Aug 8 17:47:58 UTC 2011 - andrea@opensuse.org
- new upstream version 1.2.0
* New abstraction layer to make better use of switching ASICs
* Packaging for Red Hat (RHEL) 5.6 and 6.0
* Datapath support for Linux kernels up to 3.0
* And many others. See the full change log here:
http://openvswitch.org/releases/ChangeLog-1.2.0
- rebased openvswitch-1.1.0-suse.patch as
openvswitch-1.2.0-suse.patch to apply to the files
-------------------------------------------------------------------
Thu Jun 23 06:49:16 UTC 2011 - andrea@opensuse.org
- new upstream version 1.1.1
* bug fix release
-------------------------------------------------------------------
Wed May 18 10:09:45 UTC 2011 - andrea@opensuse.org
- re-enabled kmp package since openvswitch_mod.ko and
brcompat_mod.ko are not available on suse kernel rpms
-------------------------------------------------------------------
Tue May 17 12:04:05 UTC 2011 - andrea@opensuse.org
- new upstream version 1.1.0 (stable)
- spec file clean up
- added as dependency all python modules to enable additional
functionalities
- rebase patches
- build pyside support only if pyside is available
-------------------------------------------------------------------
Fri Dec 31 15:26:59 UTC 2010 - pmullaney@novell.com
- updates for build issues
- fixes for libvirt integration
-------------------------------------------------------------------
Sat Dec 11 19:57:28 UTC 2010 - pmullaney@novell.com
- initial version 1.1
Reference in New Issue View Git Blame Copy Permalink