- Fix preserving old default OVS_USER_ID for users that removed the
override at /etc/sysconfig/openvswitch or for users affected by
fillup bug below (bsc#1172861).
- Add patch to workaround a possible fillup issue that could cause
existing openvswitch configuration to be unintendedly altered during
upgrades (bsc#1172929).
* 0001-Use-double-hash-for-OVS_USER_ID-comment.patch
OBS-URL: https://build.opensuse.org/request/show/814738
OBS-URL: https://build.opensuse.org/package/show/network/openvswitch?expand=0&rev=201
- Update openvswitch to 2.13.0.
* For a list of changes, check
https://github.com/openvswitch/ovs/blob/v2.13.0/NEWS
* This version drops python2 binding support. Only python3 bindings
provided going forward.
* Tool ovs-vlan-bug-workaround is no longer provided.
- OVN was split to its own repo but is still built together with OVS and as
such from this same source package. OVN initial version is 20.03.
* For a list of changes, check
https://github.com/ovn-org/ovn/blob/v20.03.0/NEWS
* Packages openvswitch-ovn* are renamed to ovn*.
* OVN now has its own sysconfig and log paths.
- Add OVS patch to be proposed upstream:
* 0001-rhel-Fix-reload-of-OVS_USER_ID-on-startup.patch
- Patch instead of post-processing configuration files to set running
credentials (bsc#1157338):
* 0001-Run-openvswitch-as-openvswitch-openvswitch.patch
* 0001-Run-ovn-as-openvswitch-openvswitch.patch
- Will no longer change group ownership of /dev/hugepages to 'hugetlbfs'
(bsc#1140835). System admin should mount hugepages on a path and permissions of
his choosing for OVS. Add patch:
* 0001-dont-change-permissions-of-dev-hugepages.patch
- Will no longer install udev rule to change group ownership of vfio devices to
'hugetlbfs'. Group name does not make much sense in this case and ownership of
vfio devices should be coordinated system wide or per device.
- Will no longer run under group 'hugetlbfs' on new installs with DPDK enabled.
OVS will now run under group 'openvswitch' whether compiled with DPDK support
or not.
- OVS persistent state is now saved on /var/lib/openvswitch instead of
/etc/openvswitch for new installs.
OBS-URL: https://build.opensuse.org/request/show/802898
OBS-URL: https://build.opensuse.org/package/show/network/openvswitch?expand=0&rev=196
- Fix problem preventing new installs to run as non root (bsc#1132029),
including:
* Align with upstream so that no running configuration is changed on
upgrades, specifically to avoid changes on the user Open vSwitch runs
under.
* hugetblfs groups is created as system group.
- Add missing opnvswitch-ipsec package and systemd service.
- Add patch to use strongswan instead of libreswan for openvswitch-ipsec.
libreswan package not available currently.
* 0001-Use-strongswan-for-openvswitch-ipsec-service.patch
- Add missing ovs-delete-transient-ports systemd service.
- Align installed headers with upstream.
- Fix problem preventing rpm build '--with check'.
- Fix python environment that had directories pointing to /usr/local.
- Version bump to 2.11.1. Some of the changes are:
* netdev-tc-offloads: Fix probe tc block support
* rhel: Include all header files in the Fedora's devel package
* reconnect.c: Don't transition back to ACTIVE when forced to RECONNECT.
* OVN: Make periodic RAs consistent with RA responder.
* OVN: Always send prefix option in RAs
* OVN: Use offset instead of pointer into ofpbuf
* ofproto: fix the bug of bucket counter is not updated
* netdev-dpdk: Print netdev name for txq mapping.
* dpif-netdev-perf: Fix millisecond stats precision with slower TSC.
* ifupdown.sh: Add missing "--may-exist" option
* dpif-netdev-perf: Fix double update of perf histograms.
* dpdk: Stop dumping memzones to stdout.
* dpctl: Drop parser debug information.
* netdev-tc-offloads: Properly get the block id on flow del/get
* netdev-tc-offloads: Improve log message for icmpv6 offload not supported
* conntrack: Replace structure copy by memcpy().
* conntrack: Lookup only 'UNNAT conns' in 'nat_clean()'.
* conntrack: Fix race for NAT cleanup.
* ovn-nbctl: Don't segfault when ovn-northd doesn't configure dynamic addresses.
* datapath-windows: Add annotations to find vport functions
* datapath-windows: Guard vport usage in user.c
* datapath-windows: Fix potential deadlock in event subscription
* datapath-windows: Fix race condition during port creation
* datapath-windows: Fix nbl cleanup when memory allocation fails
* netdev-linux: Remove ingress qdisc before trying to add shared block
* netdev-tc-offloads: Remove ingress qdisc on tc init flow api
* ovsdb-idl: Fix memory leak of idl->remote.
* travis: Remove 'sudo' configuration.
* OVN: Add port addresses to IPAM after all ports are joined.
* dpif-netlink: Free leaked ofpbuf by using ofpbuf_delete
* OVN: update RA next_announce according to {min, max}_interval
* rconn: Avoid occasional immediate connection failures.
* dpdk: Fix case-sensitivity of dpdk-init knob.
* NEWS: Clean up the 2.11.0 release notes a bit.
* conntrack: Fix L4 csum for V6 extension hdr pkts.
* packets: Change return type for 'packet_csum_upperlayer6()'.
* ovsdb-client: Fix typo.
* ovn-nbctl: Daemon mode should retry when IDL connection lost.
* ofctl: break the loop if ovs_pcap_read returns error
* netlink: added check to prevent netlink attribute overflow
OBS-URL: https://build.opensuse.org/request/show/699630
OBS-URL: https://build.opensuse.org/package/show/network/openvswitch?expand=0&rev=180
- Version bump to 2.11.0.
- Revisit DISABLE_RESTART_ON_UPDATE and DISABLE_STOP_ON_REMOVAL options
(bsc#1117483). DISABLE_STOP_ON_REMOVAL is removed.
DISABLE_RESTART_ON_UPDATE is replaced by '%service_del_postun -n'.
$FIRST_ARG is replaced by $1.
- Add extra openvswitch headers (bsc#1125897).
- Obsolete old python[2]-openvswitch-test subpackages (bsc#1124435).
OBS-URL: https://build.opensuse.org/request/show/680119
OBS-URL: https://build.opensuse.org/package/show/network/openvswitch?expand=0&rev=174
- Version bump to 2.11.0+git20190123.ad83fc9ab. Some of the changes are:
* Linux datapath:
- Support for the kernel versions 4.16.x and 4.17.x.
* OpenFlow:
- OFPMP_TABLE_FEATURES_REQUEST can now modify table features.
* ovs-ofctl:
- "mod-table" command can now change OpenFlow table names.
* The environment variable OVS_SYSLOG_METHOD, if set, is now used
as the default syslog method.
* The environment variable OVS_CTL_TIMEOUT, if set, is now used
as the default timeout for control utilities.
* ovn:
- OVN-SB schema changed: duplicated IP with same Encapsulation type
is not allowed any more. Please refer to
Documentation/intro/install/ovn-upgrades.rst for the instructions
in case there are problems encountered when upgrading from an earlier
version.
- New support for IPSEC encrypted tunnels between hypervisors.
- ovn-ctl: allow passing user:group ids to the OVN daemons.
- IPAM/MACAM:
* add the capability to dynamically assign just L2 addresses
* add the capability to specify a static ip address and get the L2 one
allocated dynamically using the following syntax:
ovn-nbctl lsp-set-addresses <port> "dynamic <IP>"
* DPDK:
- Add support for DPDK 18.11
- Add support for port representors.
* Userspace datapath:
- Add option for simple round-robin based Rxq to PMD assignment.
It can be set with pmd-rxq-assign.
- Add support for Auto load balancing of PMDs (experimental)
- Added new per-port configurable option to manage EMC:
'other_config:emc-enable'.
* Add 'symmetric_l3' hash function.
* OVS now honors 'updelay' and 'downdelay' for bonds with LACP configured.
* ovs-vswitchd:
- New configuration option "offload-rebalance", that enables dynamic
rebalancing of offloaded flows.
* The environment variable OVS_RESOLV_CONF, if set, is now used
as the DNS server configuration file.
* RHEL packaging:
- OVN packages are split from OVS packages. A new spec
file - ovn-fedora.spec.in is added to generate OVN packages.
- Remove upstreamed patch:
* 0001-python-c-ext-Fix-memory-leak-in-Parser_finish.patch
- Remove DISABLE_RESTART_ON_UPDATE and DISABLE_STOP_ON_REMOVAL options (bsc#1117483).
OBS-URL: https://build.opensuse.org/request/show/668391
OBS-URL: https://build.opensuse.org/package/show/network/openvswitch?expand=0&rev=171
- Improve python packaging (bsc#1115085)
* Rename python*-openvswitch subpackages to python*-ovs to follow
the openSUSE policy that packages should be named after the modules
they install.
* Build the JSON C bindings and as a result the 'noarch' BuildArch
needs to be removed.
* Drop the python*-openvswitch-test packages and merge them with the
test subpackage
* Build the python bindings using setuptools
* Include the egg-info package.
* Use libopenvswitch as dependency to python bindings
OBS-URL: https://build.opensuse.org/request/show/648412
OBS-URL: https://build.opensuse.org/package/show/network/openvswitch?expand=0&rev=165
- Version bump to 2.10.1. Some of the changes are:
* dpif-netdev.at: Add missing backslash.
* ofproto-dpif-xlate: Avoid deadlock on multicast snooping recursion.
* dpif-netdev-perf: Print SMC statistics.
* dpif-netdev-unixctl: Change 'masked' to 'megaflow'.
* ovn-controller: Support processing DHCPv6 information request message type
* ovn-ctl: Fix the wrong pidfile argument passed to ovsdb-servers
* ovndb-servers.ocf: Add ssl support for managing OVN DB resources with pacemaker using LB VIP.
* ovn-ctl: Allow passing ssl certs when starting OVN DBs in ssl mode.
* expr: Disallow < <= >= > comparisons against empty value set.
* expr: Set a limit on the depth of nested parentheses
* ovn: Fix IPv6 DAD failure for container ports
* dpif-netdev: Add vlan to mask for flow_put operation.
* ovs-save: Parse geneve tlv map correctly.
* extend-table: Fix a bug that iterates wrong table
* odp-util: Fix a use-after-free bug.
* ofp-packet: Fix NXT_RESUME with geneve tunnel metadata
* dpif-netlink: Fix null pointer.
* ofproto-dpif-xlate.c: Fix uninitialized variable warning.
* dpif: Remove support for multiple queues per port.
* dpif-netlink: don't allocate per thread netlink sockets
* ovsdb-types: Refactor structs so as to comply with C++ standard
* bfd: Make the tp_dst masking megaflow-friendly.
* ovsdb-data: Improve grammar in error message.
* condition: Reject <, <=, >=, > with optional scalar against empty set.
* condition: Fix ==, !=, includes, excludes on optional scalars.
* netdev: Properly clear 'details' when iterating in NETDEV_QOS_FOR_EACH.
* lex: Fix buffer overrun parsing overlong hexadecimal constants.
* sflow: Set agent address properly based on collector address.
* ovsdb-client: Fix a bug that uses wrong index
OBS-URL: https://build.opensuse.org/request/show/643691
OBS-URL: https://build.opensuse.org/package/show/network/openvswitch?expand=0&rev=163
- Version bump to 2.10.0. Some of the changes are:
* ovs-vswitchd and utilities now support DNS names in OpenFlow and
OVSDB remotes.
* ovs-vswitchd:
- New options --l7 and --l7-len to "ofproto/trace" command.
- Previous versions gave OpenFlow tables default names of the form
"table#". These are not helpful names for the purpose of accepting
and displaying table names, so now tables by default have no names.
- The "null" interface type, deprecated since 2013, has been removed.
- Add minimum network namespace support for Linux.
- New command "lacp/show-stats"
* ovs-ofctl:
- ovs-ofctl now accepts and display table names in place of numbers. By
default it always accepts names and in interactive use it displays them;
use --names or --no-names to override. See ovs-ofctl(8) for details.
* ovs-vsctl: New commands "add-bond-iface" and "del-bond-iface".
* ovs-dpctl:
- New commands "ct-set-limits", "ct-del-limits", and "ct-get-limits".
* OpenFlow:
- OFPT_ROLE_STATUS is now available in OpenFlow 1.3.
- OpenFlow 1.5 extensible statistics (OXS) now implemented.
- New OpenFlow 1.0 extensions for group support.
- Default selection method for select groups is now dp_hash with improved
accuracy.
* ovn:
- Implemented icmp4/icmp6/tcp_reset actions in order to drop the packet
and reply with a RST for TCP or ICMPv4/ICMPv6 unreachable message for
other IPv4/IPv6-based protocols whenever a reject ACL rule is hit.
- ACL match conditions can now match on Port_Groups as well as address
sets that are automatically generated by Port_Groups. ACLs can be
OBS-URL: https://build.opensuse.org/request/show/631965
OBS-URL: https://build.opensuse.org/package/show/network/openvswitch?expand=0&rev=156
- Version bump to 2.9.2. Some of the changes are:
* OVSDB has new, experimental support for database clustering:
- New high-level documentation in ovsdb(7).
- New file format documentation for developers in ovsdb(5).
- Protocol documentation moved from ovsdb-server(1) to ovsdb-server(7).
- ovsdb-server now supports online schema conversion via
"ovsdb-client convert".
- ovsdb-server now always hosts a built-in database named _Server. See
ovsdb-server(5) for more details.
- ovsdb-client: New "get-schema-cksum", "query", "backup", "restore",
and "wait" commands. New --timeout option.
- ovsdb-tool: New "create-cluster", "join-cluster", "db-cid", "db-sid",
"db-local-address", "db-is-clustered", "db-is-standalone", "db-name",
"schema-name", "compare-versions", and "check-cluster" commands.
- ovsdb-server: New ovs-appctl commands for managing clusters.
- ovs-sandbox: New support for clustered databases.
* OVN:
- ovn-sbctl, ovn-nbctl: New options --leader-only, --no-leader-only.
* Bug fixes
- Use openvswitch user/group for the log directory (3f556d66edb9)
- Add support for RedHat distributions. All SUSE macros are now
conditional and the spec file has been adapted based on the upstream
one (fate#324537)
- spec-cleaner fixes
OBS-URL: https://build.opensuse.org/request/show/612850
OBS-URL: https://build.opensuse.org/package/show/network/openvswitch?expand=0&rev=149
- Preserve 'enable' status of openvswitch.service file when upgrading
from <SLE-12-SP3. The service file has been moved from the old
openvswitch-switch subpackage to the main openvswitch one so we
need to handle this migration step in %posttrans (bsc#1089476)
- Move DISABLE_STOP_ON_REMOVAL=yes to %preun. This variable is only
checked in %service_del_preun macro
OBS-URL: https://build.opensuse.org/request/show/599992
OBS-URL: https://build.opensuse.org/package/show/network/openvswitch?expand=0&rev=145
- Version bump to 2.9.0. Some of the changes are:
* NSH implementation now conforms to latest draft (draft-ietf-sfc-nsh-28).
* OVSDB:
- ovsdb-client: New "get-schema-cksum" and "query" commands.
- ovsdb-client: New "backup" and "restore" commands.
- ovsdb-client: New --timeout option.
- ovsdb-tool: New "db-name" and "schema-name" commands.
* ovs-vsctl and other commands that display data in tables now support a
--max-column-width option to limit column width.
* No longer slow-path traffic that sends to a controller. Applications,
such as OVN ACL logging, want to send a copy of a packet to a
controller while leaving the actual packet forwarding in the datapath.
* OVN:
- The "requested-chassis" option for a logical switch port now accepts a
chassis "hostname" in addition to a chassis "name".
- IPv6
* Added support to send IPv6 Router Advertisement packets in response to
the IPv6 Router Solicitation packets from the VIF ports.
* Added support to generate Neighbor Solicitation packets using the OVN
action 'nd_ns' to resolve unknown next hop MAC addresses for the
IPv6 packets.
- ovn-ctl: New commands run_nb_ovsdb and run_sb_ovsdb.
* OpenFlow:
- ct_clear action is now backed by kernel datapath. Support is probed for
when OVS starts.
- ovs-dpctl and related ovs-appctl commands:
* "flush-conntrack" now accept a 5-tuple to delete a specific
connection tracking entry.
* New "ct-set-maxconns", "ct-get-maxconns", and "ct-get-nconns" commands
for userspace datapath.
OBS-URL: https://build.opensuse.org/request/show/582588
OBS-URL: https://build.opensuse.org/package/show/network/openvswitch?expand=0&rev=139
- Python fixes and improvements
* Build Python3 subpackages for Open vSwitch python bindings
* Switch build architecture to 'noarch' for python bindings.
* Fix license for python subpackages
* Build and ship python bytecode files.
- Do not mark files in /usr/share/* as configuration files
- Replace version macro with actual version number of Obsoletes tags.
The DPDK packages have been merged with the regular OvS ones in the
2.7.0 release so make it more explicit which ones we are obsoleting.
- spec-cleaner fixes
OBS-URL: https://build.opensuse.org/request/show/560283
OBS-URL: https://build.opensuse.org/package/show/network/openvswitch?expand=0&rev=133
- Version bump to 2.8.0 (fate#323334, bsc#1050700). Some of the changes are:
* ovs-ofctl can now accept and display port names in place of numbers. By
default it always accepts names and in interactive use it displays them;
use --names or --no-names to override. See ovs-ofctl(8) for details.
* "ovs-ofctl dump-flows" now accepts --no-stats to omit flow statistics.
* New ovs-dpctl command "ct-stats-show" to show connection tracking stats.
* DPDK log messages redirected to OVS logging subsystem.
Log level can be changed in a usual OVS way using
'ovs-appctl vlog' commands for 'dpdk' module. Lower bound
still can be configured via extra arguments for DPDK EAL.
* dpdkvhostuser ports are marked as deprecated. They will be removed
in an upcoming release.
* Support for DPDK v17.05.1.
* New support for multiple VLANs (802.1ad or "QinQ"), including a new
"dot1q-tunnel" port VLAN mode.
* Added NAT support for userspace datapath.
* Added FTP and TFTP support with NAT for userspace datapath.
* Experimental NSH (Network Service Header) support in userspace datapath.
* Tracing with ofproto/trace now traces through recirculation.
* New support for role-based access control (see ovsdb-server(1)).
* New commands 'stp/show' and 'rstp/show' (see ovs-vswitchd(8)).
* All features required by OpenFlow 1.4 are now implemented, so
ovs-vswitchd now enables OpenFlow 1.4 by default (in addition to
OpenFlow 1.0 to 1.3).
* Increased support for OpenFlow 1.6 (draft).
* Bundles now support hashing by just nw_src or nw_dst.
* The "learn" action now supports a "limit" option (see ovs-ofctl(8)).
* The port status bit OFPPS_LIVE now reflects link aliveness.
* OpenFlow 1.5 packet-out is now supported.
* Support for OpenFlow 1.5 field packet_type and packet-type-aware
OBS-URL: https://build.opensuse.org/request/show/521652
OBS-URL: https://build.opensuse.org/package/show/network/openvswitch?expand=0&rev=124
- Version bump to 2.7.2. Some of the changes are:
* Revert "netdev: Fix netdev_open() to adhere to class type if given"
* connmgr: Fix crash when in_band_create() fails.
* db-ctl-base: Fix reference-following feature in get_row_by_id().
* netdev: Fix crash when ifa_netmask is null.
* ovn-controller: fix use-after-free in physical_run()
* ovn-controller: avoid crash when vswitchd connection is lost
* ovsdb-types: Fix memory leak on error path.
* vswitchd: Fix IFACE_STAT name error in iface_refresh_stats
* netdev: Fix crash when interface option is changed to invalid value.
* ofp-util: fix memory leak in ofputil_pull_ofp11_buckets
* configure: Fix check for rte_config.h to handle cross-compilation.
* ofp-util: Check length of buckets in ofputil_pull_ofp15_group_mod() (cve-2017-9265) (bsc#1041447)
* ofp-print: Don't abort on unknown reason in role status message (cve-2017-9263) (bsc#1041470)
OBS-URL: https://build.opensuse.org/request/show/511377
OBS-URL: https://build.opensuse.org/package/show/network/openvswitch?expand=0&rev=119