- Version bump to 2.10.0. Some of the changes are:
* ovs-vswitchd and utilities now support DNS names in OpenFlow and
OVSDB remotes.
* ovs-vswitchd:
- New options --l7 and --l7-len to "ofproto/trace" command.
- Previous versions gave OpenFlow tables default names of the form
"table#". These are not helpful names for the purpose of accepting
and displaying table names, so now tables by default have no names.
- The "null" interface type, deprecated since 2013, has been removed.
- Add minimum network namespace support for Linux.
- New command "lacp/show-stats"
* ovs-ofctl:
- ovs-ofctl now accepts and display table names in place of numbers. By
default it always accepts names and in interactive use it displays them;
use --names or --no-names to override. See ovs-ofctl(8) for details.
* ovs-vsctl: New commands "add-bond-iface" and "del-bond-iface".
* ovs-dpctl:
- New commands "ct-set-limits", "ct-del-limits", and "ct-get-limits".
* OpenFlow:
- OFPT_ROLE_STATUS is now available in OpenFlow 1.3.
- OpenFlow 1.5 extensible statistics (OXS) now implemented.
- New OpenFlow 1.0 extensions for group support.
- Default selection method for select groups is now dp_hash with improved
accuracy.
* ovn:
- Implemented icmp4/icmp6/tcp_reset actions in order to drop the packet
and reply with a RST for TCP or ICMPv4/ICMPv6 unreachable message for
other IPv4/IPv6-based protocols whenever a reject ACL rule is hit.
- ACL match conditions can now match on Port_Groups as well as address
sets that are automatically generated by Port_Groups. ACLs can be
OBS-URL: https://build.opensuse.org/request/show/631965
OBS-URL: https://build.opensuse.org/package/show/network/openvswitch?expand=0&rev=156
- Version bump to 2.9.2. Some of the changes are:
* OVSDB has new, experimental support for database clustering:
- New high-level documentation in ovsdb(7).
- New file format documentation for developers in ovsdb(5).
- Protocol documentation moved from ovsdb-server(1) to ovsdb-server(7).
- ovsdb-server now supports online schema conversion via
"ovsdb-client convert".
- ovsdb-server now always hosts a built-in database named _Server. See
ovsdb-server(5) for more details.
- ovsdb-client: New "get-schema-cksum", "query", "backup", "restore",
and "wait" commands. New --timeout option.
- ovsdb-tool: New "create-cluster", "join-cluster", "db-cid", "db-sid",
"db-local-address", "db-is-clustered", "db-is-standalone", "db-name",
"schema-name", "compare-versions", and "check-cluster" commands.
- ovsdb-server: New ovs-appctl commands for managing clusters.
- ovs-sandbox: New support for clustered databases.
* OVN:
- ovn-sbctl, ovn-nbctl: New options --leader-only, --no-leader-only.
* Bug fixes
- Use openvswitch user/group for the log directory (3f556d66edb9)
- Add support for RedHat distributions. All SUSE macros are now
conditional and the spec file has been adapted based on the upstream
one (fate#324537)
- spec-cleaner fixes
OBS-URL: https://build.opensuse.org/request/show/612850
OBS-URL: https://build.opensuse.org/package/show/network/openvswitch?expand=0&rev=149
- Preserve 'enable' status of openvswitch.service file when upgrading
from <SLE-12-SP3. The service file has been moved from the old
openvswitch-switch subpackage to the main openvswitch one so we
need to handle this migration step in %posttrans (bsc#1089476)
- Move DISABLE_STOP_ON_REMOVAL=yes to %preun. This variable is only
checked in %service_del_preun macro
OBS-URL: https://build.opensuse.org/request/show/599992
OBS-URL: https://build.opensuse.org/package/show/network/openvswitch?expand=0&rev=145
- Version bump to 2.9.0. Some of the changes are:
* NSH implementation now conforms to latest draft (draft-ietf-sfc-nsh-28).
* OVSDB:
- ovsdb-client: New "get-schema-cksum" and "query" commands.
- ovsdb-client: New "backup" and "restore" commands.
- ovsdb-client: New --timeout option.
- ovsdb-tool: New "db-name" and "schema-name" commands.
* ovs-vsctl and other commands that display data in tables now support a
--max-column-width option to limit column width.
* No longer slow-path traffic that sends to a controller. Applications,
such as OVN ACL logging, want to send a copy of a packet to a
controller while leaving the actual packet forwarding in the datapath.
* OVN:
- The "requested-chassis" option for a logical switch port now accepts a
chassis "hostname" in addition to a chassis "name".
- IPv6
* Added support to send IPv6 Router Advertisement packets in response to
the IPv6 Router Solicitation packets from the VIF ports.
* Added support to generate Neighbor Solicitation packets using the OVN
action 'nd_ns' to resolve unknown next hop MAC addresses for the
IPv6 packets.
- ovn-ctl: New commands run_nb_ovsdb and run_sb_ovsdb.
* OpenFlow:
- ct_clear action is now backed by kernel datapath. Support is probed for
when OVS starts.
- ovs-dpctl and related ovs-appctl commands:
* "flush-conntrack" now accept a 5-tuple to delete a specific
connection tracking entry.
* New "ct-set-maxconns", "ct-get-maxconns", and "ct-get-nconns" commands
for userspace datapath.
- No longer send packets to the Linux TAP device if it's DOWN unless it is
in another networking namespace.
* DPDK:
- Add support for DPDK v17.11
- Add support for vHost IOMMU
- New debug appctl command 'netdev-dpdk/get-mempool-info'.
* Custom statistics:
- DPDK physical ports now return custom set of "dropped", "error" and
"management" statistics.
- ovs-ofctl dump-ports command now prints new of set custom statistics
if available (for OpenFlow 1.4+).
- New appctl command 'dpif-netdev/pmd-rxq-rebalance' to rebalance rxq to
pmd assignments.
- Add rxq utilization of pmd to appctl 'dpif-netdev/pmd-rxq-show'.
- Add support for vHost dequeue zero copy (experimental)
* Userspace datapath:
- Output packet batching support.
* vswitchd:
- Datapath IDs may now be specified as 0x1 (etc.) instead of 16 digits.
- Configuring a controller, or unconfiguring all controllers, now deletes
all groups and meters (as well as all flows).
- New --enable-sparse configure option enables "sparse" checking by default.
- Added additional information to vhost-user status.
- For the complete list of changes, please refer to
http://openvswitch.org/releases/NEWS-2.9.0
- Fix incorrect python3 dependencies for python2 subpackages
- Drop upstream patches for DPDK 17.11 support. They have been merged upstream
* 0001-netdev-dpdk-replace-uint8_t-with-dpdk_port_t.patch
* 0002-netdev-dpdk-DPDK-v17.11-upgrade.patch
* 0003-netdev-dpdk-vHost-IOMMU-support.patch
- Get rid of the old openvswitch DPDK migration steps everybody should have
migrated from <2.6 to latest releases by now.
* 0001-utilities-Add-script-to-support-DPDK-option-migratio.patch
OBS-URL: https://build.opensuse.org/request/show/583259
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openvswitch?expand=0&rev=22
- Version bump to 2.9.0. Some of the changes are:
* NSH implementation now conforms to latest draft (draft-ietf-sfc-nsh-28).
* OVSDB:
- ovsdb-client: New "get-schema-cksum" and "query" commands.
- ovsdb-client: New "backup" and "restore" commands.
- ovsdb-client: New --timeout option.
- ovsdb-tool: New "db-name" and "schema-name" commands.
* ovs-vsctl and other commands that display data in tables now support a
--max-column-width option to limit column width.
* No longer slow-path traffic that sends to a controller. Applications,
such as OVN ACL logging, want to send a copy of a packet to a
controller while leaving the actual packet forwarding in the datapath.
* OVN:
- The "requested-chassis" option for a logical switch port now accepts a
chassis "hostname" in addition to a chassis "name".
- IPv6
* Added support to send IPv6 Router Advertisement packets in response to
the IPv6 Router Solicitation packets from the VIF ports.
* Added support to generate Neighbor Solicitation packets using the OVN
action 'nd_ns' to resolve unknown next hop MAC addresses for the
IPv6 packets.
- ovn-ctl: New commands run_nb_ovsdb and run_sb_ovsdb.
* OpenFlow:
- ct_clear action is now backed by kernel datapath. Support is probed for
when OVS starts.
- ovs-dpctl and related ovs-appctl commands:
* "flush-conntrack" now accept a 5-tuple to delete a specific
connection tracking entry.
* New "ct-set-maxconns", "ct-get-maxconns", and "ct-get-nconns" commands
for userspace datapath.
OBS-URL: https://build.opensuse.org/request/show/582588
OBS-URL: https://build.opensuse.org/package/show/network/openvswitch?expand=0&rev=139
- Add upstream patches to support DPDK 17.11 (fate#322609)
* 0001-netdev-dpdk-replace-uint8_t-with-dpdk_port_t.patch
* 0002-netdev-dpdk-DPDK-v17.11-upgrade.patch
* 0003-netdev-dpdk-vHost-IOMMU-support.patch
- Python fixes and improvements
* Build Python3 subpackages for Open vSwitch python bindings
* Switch build architecture to 'noarch' for python bindings.
* Fix license for python subpackages
* Build and ship python bytecode files.
- Do not mark files in /usr/share/* as configuration files
- Replace version macro with actual version number of Obsoletes tags.
The DPDK packages have been merged with the regular OvS ones in the
2.7.0 release so make it more explicit which ones we are obsoleting.
- spec-cleaner fixes
OBS-URL: https://build.opensuse.org/request/show/563300
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openvswitch?expand=0&rev=20
- Python fixes and improvements
* Build Python3 subpackages for Open vSwitch python bindings
* Switch build architecture to 'noarch' for python bindings.
* Fix license for python subpackages
* Build and ship python bytecode files.
- Do not mark files in /usr/share/* as configuration files
- Replace version macro with actual version number of Obsoletes tags.
The DPDK packages have been merged with the regular OvS ones in the
2.7.0 release so make it more explicit which ones we are obsoleting.
- spec-cleaner fixes
OBS-URL: https://build.opensuse.org/request/show/560283
OBS-URL: https://build.opensuse.org/package/show/network/openvswitch?expand=0&rev=133
- Version bump to 2.8.0 (fate#323334, bsc#1050700). Some of the changes are:
* ovs-ofctl can now accept and display port names in place of numbers. By
default it always accepts names and in interactive use it displays them;
use --names or --no-names to override. See ovs-ofctl(8) for details.
* "ovs-ofctl dump-flows" now accepts --no-stats to omit flow statistics.
* New ovs-dpctl command "ct-stats-show" to show connection tracking stats.
* DPDK log messages redirected to OVS logging subsystem.
Log level can be changed in a usual OVS way using
'ovs-appctl vlog' commands for 'dpdk' module. Lower bound
still can be configured via extra arguments for DPDK EAL.
* dpdkvhostuser ports are marked as deprecated. They will be removed
in an upcoming release.
* Support for DPDK v17.05.1.
* New support for multiple VLANs (802.1ad or "QinQ"), including a new
"dot1q-tunnel" port VLAN mode.
* Added NAT support for userspace datapath.
* Added FTP and TFTP support with NAT for userspace datapath.
* Experimental NSH (Network Service Header) support in userspace datapath.
* Tracing with ofproto/trace now traces through recirculation.
* New support for role-based access control (see ovsdb-server(1)).
* New commands 'stp/show' and 'rstp/show' (see ovs-vswitchd(8)).
* All features required by OpenFlow 1.4 are now implemented, so
ovs-vswitchd now enables OpenFlow 1.4 by default (in addition to
OpenFlow 1.0 to 1.3).
* Increased support for OpenFlow 1.6 (draft).
* Bundles now support hashing by just nw_src or nw_dst.
* The "learn" action now supports a "limit" option (see ovs-ofctl(8)).
* The port status bit OFPPS_LIVE now reflects link aliveness.
* OpenFlow 1.5 packet-out is now supported.
* Support for OpenFlow 1.5 field packet_type and packet-type-aware
OBS-URL: https://build.opensuse.org/request/show/521652
OBS-URL: https://build.opensuse.org/package/show/network/openvswitch?expand=0&rev=124
- Version bump to 2.7.2. Some of the changes are:
* Revert "netdev: Fix netdev_open() to adhere to class type if given"
* connmgr: Fix crash when in_band_create() fails.
* db-ctl-base: Fix reference-following feature in get_row_by_id().
* netdev: Fix crash when ifa_netmask is null.
* ovn-controller: fix use-after-free in physical_run()
* ovn-controller: avoid crash when vswitchd connection is lost
* ovsdb-types: Fix memory leak on error path.
* vswitchd: Fix IFACE_STAT name error in iface_refresh_stats
* netdev: Fix crash when interface option is changed to invalid value.
* ofp-util: fix memory leak in ofputil_pull_ofp11_buckets
* configure: Fix check for rte_config.h to handle cross-compilation.
* ofp-util: Check length of buckets in ofputil_pull_ofp15_group_mod() (cve-2017-9265) (bsc#1041447)
* ofp-print: Don't abort on unknown reason in role status message (cve-2017-9263) (bsc#1041470)
OBS-URL: https://build.opensuse.org/request/show/511377
OBS-URL: https://build.opensuse.org/package/show/network/openvswitch?expand=0&rev=119
- Version bump to 2.7.1. Some of the changes are:
* Add --cleanup option to command 'ovs-appctl exit' (see ovs-vswitchd(8)).
* libopenvswitch-2 was renamed to libopenvswitch-2.7. Applications built
against libopenvswitch must be recompiled against the newer library.
* ovs-ctl: allow passing user:group to daemons
* ofproto/bond: Fix bond reconfiguration race condition
* ofproto/bond: Fix bond post recirc rule leak.
* ofproto/bond: fix interal flow leak of tcp-balance bond
* mcast-snooping: Avoid segfault for vswitchd.
* tun-metadata: Fix memory leak in tun_metadata_table_mod().
* netdev-dpdk: Fix mempool segfault.
* mirror: Allow concurrent lookups.
* ofp-util: Fix buffer overread in ofputil_pull_queue_get_config_reply10() (bsc#1040543)
* ovsdb: Check null before deref in ovsdb_monitor_table_condition_update().
* For the complete list of changes, please see:
- https://github.com/openvswitch/ovs/compare/v2.7.0...v2.7.1
- Remove upstreamed patch
* 0001-ofp-util-Fix-buffer-overread-in-ofputil_pull_queue_g.patch
- OVN services are no longer restarted automatically after upgrade (44dd4cc49c8a)
OBS-URL: https://build.opensuse.org/request/show/508719
OBS-URL: https://build.opensuse.org/package/show/network/openvswitch?expand=0&rev=116
- Install firewalld OVN files with chmod 644 instead of 755 (4a54614120ea)
- Use python-six instead of python2-six dependency to cover distributions
which are not using the python-singlespec packaging specification yet (bsc#1041110)
- Add upstream patch to fix a buffer overread vulnerability (cve-2017-9214) (bsc#1040543)
* 0001-ofp-util-Fix-buffer-overread-in-ofputil_pull_queue_g.patch
OBS-URL: https://build.opensuse.org/request/show/501114
OBS-URL: https://build.opensuse.org/package/show/network/openvswitch?expand=0&rev=114
- Version bump to 2.7.0 (fate#321541). Some of the changes are:
* Utilities and daemons that support SSL now allow protocols and
ciphers to be configured with --ssl-protocols and --ssl-ciphers.
* OVN:
- QoS is now implemented via egress shaping rather than ingress policing.
- DSCP marking is now supported, via the new northbound QoS table.
- IPAM now supports fixed MAC addresses.
- Support for source IP address based routing.
- ovn-trace:
* New --ovs option to also print OpenFlow flows.
* put_dhcp_opts and put_dhcp_optsv6 actions may now be traced.
- Support for managing SSL and remote connection configuration in
northbound and southbound databases.
* Fixed regression in table stats maintenance introduced in OVS
2.3.0, wherein the number of OpenFlow table hits and misses was
not accurate.
* OpenFlow:
- OFPT_PACKET_OUT messages are now supported in bundles.
- A new "selection_method=dp_hash" type for OpenFlow select group
bucket selection that uses the datapath computed 5-tuple hash
without making datapath flows match the 5-tuple fields, which
is useful for more efficient load balancing, for example. This
uses the Netronome extension to OpenFlow 1.5+ that allows
control over the OpenFlow select groups selection method. See
"selection_method" and related options in ovs-ofctl(8) for
details.
- The "sample" action now supports "ingress" and "egress" options.
- The "ct" action now supports the TFTP ALG where support is available.
- New actions "clone" and "ct_clear".
* ovs-ofctl:
OBS-URL: https://build.opensuse.org/request/show/479156
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openvswitch?expand=0&rev=13
- Version bump to 2.7.0 (fate#321541). Some of the changes are:
* Utilities and daemons that support SSL now allow protocols and
ciphers to be configured with --ssl-protocols and --ssl-ciphers.
* OVN:
- QoS is now implemented via egress shaping rather than ingress policing.
- DSCP marking is now supported, via the new northbound QoS table.
- IPAM now supports fixed MAC addresses.
- Support for source IP address based routing.
- ovn-trace:
* New --ovs option to also print OpenFlow flows.
* put_dhcp_opts and put_dhcp_optsv6 actions may now be traced.
- Support for managing SSL and remote connection configuration in
northbound and southbound databases.
* Fixed regression in table stats maintenance introduced in OVS
2.3.0, wherein the number of OpenFlow table hits and misses was
not accurate.
* OpenFlow:
- OFPT_PACKET_OUT messages are now supported in bundles.
- A new "selection_method=dp_hash" type for OpenFlow select group
bucket selection that uses the datapath computed 5-tuple hash
without making datapath flows match the 5-tuple fields, which
is useful for more efficient load balancing, for example. This
uses the Netronome extension to OpenFlow 1.5+ that allows
control over the OpenFlow select groups selection method. See
"selection_method" and related options in ovs-ofctl(8) for
details.
- The "sample" action now supports "ingress" and "egress" options.
- The "ct" action now supports the TFTP ALG where support is available.
- New actions "clone" and "ct_clear".
* ovs-ofctl:
OBS-URL: https://build.opensuse.org/request/show/461859
OBS-URL: https://build.opensuse.org/package/show/network/openvswitch?expand=0&rev=111
