Description:
- Update OVS to version v3.1.0 and OVN to version v23.03.0
Actions:
- submit home:dpitchumani:branches:openSUSE:Factory/openvswitch => netowkr/openvswitch
Features:
- ovs-vswitchd now detects changes in CPU affinity and adjusts the number
of handler and revalidator threads if necessary.
- AF_XDP:
* Added support for building with libxdp and libbpf >= 0.7.
* Support for AF_XDP is now enabled by default if all dependencies are
available at the build time. Use --disable-afxdp to disable.
Use --enable-afxdp to fail the build if dependencies are not present.
- ovs-appctl:
* "ovs-appctl ofproto/trace" command can now display port names with the
"--names" option.
- OVSDB-IDL:
* Add the support to specify the persistent uuid for row insert in both
C and Python IDLs.
- Windows:
* Conntrack IPv6 fragment support.
- DPDK:
* Add support for DPDK 22.11.1.
- For the QoS max-rate and STP/RSTP path-cost configuration OVS now assumes
10 Gbps link speed by default in case the actual link speed cannot be
determined. Previously it was 10 Mbps. Values can still be overridden
by specifying 'max-rate' or '[r]stp-path-cost' accordingly.
- OpenFlow:
* New OpenFlow extension NXT_CT_FLUSH to flush connections matching
the specified fields.
- ovs-ctl:
* New option '--dump-hugepages' to include hugepages in core dumps. This
can assist with postmortem analysis involving DPDK, but may also produce
significantly larger core dump files.
- ovs-dpctl and 'ovs-appctl dpctl/' commands:
* 'flush-conntrack' is now capable of handling partial 5-tuple,
with additional optional parameter to specify the reply direction.
- ovs-ofctl:
* New command 'flush-conntrack' that accepts zone and 5-tuple (or partial
5-tuple) for both directions.
- Support for travis-ci.org based continuous integration builds has been
dropped.
- Userspace datapath:
* Add '-secs' argument to appctl 'dpif-netdev/pmd-rxq-show' to show
the pmd usage of an Rx queue over a configurable time period.
* Add new experimental PMD load based sleeping feature. PMD threads can
request to sleep up to a user configured 'pmd-maxsleep' value under
low load conditions.
-For more details, check
https://github.com/openvswitch/ovs/blob/v3.1.0/NEWS
-Includes secrity fix for CVE-2022-4338 (bsc#1206580) and CVE-2022-4337 (bsc#1206581)
- OVN package is not included as new version with API chnages are not yet released.
- Removed upstreamed patches,
* 0001-Replace-deprecated-var-run-with-run.patch
* openvswitch-CVE-2021-36980.patch
- Added ovsb tool install patch,
* install-ovsdb-tools.patch
OBS-URL: https://build.opensuse.org/request/show/1077608
OBS-URL: https://build.opensuse.org/package/show/network/openvswitch?expand=0&rev=238
* OVS validated with DPDK 21.11.1. It is recommended to use this version
until further releases.
- update to 2.17.1:
* To fix the Undefined Behavior issue causing the compiler to incorrectly
optimize important parts of code, container iteration macros (e.g.,
LIST_FOR_EACH) have been re-implemented in a UB-safe way.
* Backwards compatibility has mostly been preserved, however the
user-provided pointer is now set to NULL after the loop (unless it
exited via "break;")
* Users of libopenvswitch will need to double-check the use of such loop
macros before compiling with a new version.
* Since the change is limited to the definitions within the headers, the
ABI is not affected.
OBS-URL: https://build.opensuse.org/package/show/network/openvswitch?expand=0&rev=230
- Bug fixes
- DPDK:
* OVS validated with DPDK 21.11.1. It is recommended to use this version
until further releases.
- Bug fixes
- libopenvswitch API change:
* To fix the Undefined Behavior issue causing the compiler to incorrectly
optimize important parts of code, container iteration macros (e.g.,
LIST_FOR_EACH) have been re-implemented in a UB-safe way.
* Backwards compatibility has mostly been preserved, however the
user-provided pointer is now set to NULL after the loop (unless it
exited via "break;")
* Users of libopenvswitch will need to double-check the use of such loop
macros before compiling with a new version.
* Since the change is limited to the definitions within the headers, the
ABI is not affected.
- refresh 0001-openvswitch-merge-compiler.h-files-into-one-file.patch
0002-build-Seperated-common-used-headers.patch
OBS-URL: https://build.opensuse.org/package/show/network/openvswitch?expand=0&rev=229
- Fix preserving old default OVS_USER_ID for users that removed the
override at /etc/sysconfig/openvswitch or for users affected by
fillup bug below (bsc#1172861).
- Add patch to workaround a possible fillup issue that could cause
existing openvswitch configuration to be unintendedly altered during
upgrades (bsc#1172929).
* 0001-Use-double-hash-for-OVS_USER_ID-comment.patch
OBS-URL: https://build.opensuse.org/request/show/814738
OBS-URL: https://build.opensuse.org/package/show/network/openvswitch?expand=0&rev=201
- Update openvswitch to 2.13.0.
* For a list of changes, check
https://github.com/openvswitch/ovs/blob/v2.13.0/NEWS
* This version drops python2 binding support. Only python3 bindings
provided going forward.
* Tool ovs-vlan-bug-workaround is no longer provided.
- OVN was split to its own repo but is still built together with OVS and as
such from this same source package. OVN initial version is 20.03.
* For a list of changes, check
https://github.com/ovn-org/ovn/blob/v20.03.0/NEWS
* Packages openvswitch-ovn* are renamed to ovn*.
* OVN now has its own sysconfig and log paths.
- Add OVS patch to be proposed upstream:
* 0001-rhel-Fix-reload-of-OVS_USER_ID-on-startup.patch
- Patch instead of post-processing configuration files to set running
credentials (bsc#1157338):
* 0001-Run-openvswitch-as-openvswitch-openvswitch.patch
* 0001-Run-ovn-as-openvswitch-openvswitch.patch
- Will no longer change group ownership of /dev/hugepages to 'hugetlbfs'
(bsc#1140835). System admin should mount hugepages on a path and permissions of
his choosing for OVS. Add patch:
* 0001-dont-change-permissions-of-dev-hugepages.patch
- Will no longer install udev rule to change group ownership of vfio devices to
'hugetlbfs'. Group name does not make much sense in this case and ownership of
vfio devices should be coordinated system wide or per device.
- Will no longer run under group 'hugetlbfs' on new installs with DPDK enabled.
OVS will now run under group 'openvswitch' whether compiled with DPDK support
or not.
- OVS persistent state is now saved on /var/lib/openvswitch instead of
/etc/openvswitch for new installs.
OBS-URL: https://build.opensuse.org/request/show/802898
OBS-URL: https://build.opensuse.org/package/show/network/openvswitch?expand=0&rev=196
- Fix problem preventing new installs to run as non root (bsc#1132029),
including:
* Align with upstream so that no running configuration is changed on
upgrades, specifically to avoid changes on the user Open vSwitch runs
under.
* hugetblfs groups is created as system group.
- Add missing opnvswitch-ipsec package and systemd service.
- Add patch to use strongswan instead of libreswan for openvswitch-ipsec.
libreswan package not available currently.
* 0001-Use-strongswan-for-openvswitch-ipsec-service.patch
- Add missing ovs-delete-transient-ports systemd service.
- Align installed headers with upstream.
- Fix problem preventing rpm build '--with check'.
- Fix python environment that had directories pointing to /usr/local.
- Version bump to 2.11.1. Some of the changes are:
* netdev-tc-offloads: Fix probe tc block support
* rhel: Include all header files in the Fedora's devel package
* reconnect.c: Don't transition back to ACTIVE when forced to RECONNECT.
* OVN: Make periodic RAs consistent with RA responder.
* OVN: Always send prefix option in RAs
* OVN: Use offset instead of pointer into ofpbuf
* ofproto: fix the bug of bucket counter is not updated
* netdev-dpdk: Print netdev name for txq mapping.
* dpif-netdev-perf: Fix millisecond stats precision with slower TSC.
* ifupdown.sh: Add missing "--may-exist" option
* dpif-netdev-perf: Fix double update of perf histograms.
* dpdk: Stop dumping memzones to stdout.
* dpctl: Drop parser debug information.
* netdev-tc-offloads: Properly get the block id on flow del/get
* netdev-tc-offloads: Improve log message for icmpv6 offload not supported
* conntrack: Replace structure copy by memcpy().
* conntrack: Lookup only 'UNNAT conns' in 'nat_clean()'.
* conntrack: Fix race for NAT cleanup.
* ovn-nbctl: Don't segfault when ovn-northd doesn't configure dynamic addresses.
* datapath-windows: Add annotations to find vport functions
* datapath-windows: Guard vport usage in user.c
* datapath-windows: Fix potential deadlock in event subscription
* datapath-windows: Fix race condition during port creation
* datapath-windows: Fix nbl cleanup when memory allocation fails
* netdev-linux: Remove ingress qdisc before trying to add shared block
* netdev-tc-offloads: Remove ingress qdisc on tc init flow api
* ovsdb-idl: Fix memory leak of idl->remote.
* travis: Remove 'sudo' configuration.
* OVN: Add port addresses to IPAM after all ports are joined.
* dpif-netlink: Free leaked ofpbuf by using ofpbuf_delete
* OVN: update RA next_announce according to {min, max}_interval
* rconn: Avoid occasional immediate connection failures.
* dpdk: Fix case-sensitivity of dpdk-init knob.
* NEWS: Clean up the 2.11.0 release notes a bit.
* conntrack: Fix L4 csum for V6 extension hdr pkts.
* packets: Change return type for 'packet_csum_upperlayer6()'.
* ovsdb-client: Fix typo.
* ovn-nbctl: Daemon mode should retry when IDL connection lost.
* ofctl: break the loop if ovs_pcap_read returns error
* netlink: added check to prevent netlink attribute overflow
OBS-URL: https://build.opensuse.org/request/show/699630
OBS-URL: https://build.opensuse.org/package/show/network/openvswitch?expand=0&rev=180
- Version bump to 2.11.0.
- Revisit DISABLE_RESTART_ON_UPDATE and DISABLE_STOP_ON_REMOVAL options
(bsc#1117483). DISABLE_STOP_ON_REMOVAL is removed.
DISABLE_RESTART_ON_UPDATE is replaced by '%service_del_postun -n'.
$FIRST_ARG is replaced by $1.
- Add extra openvswitch headers (bsc#1125897).
- Obsolete old python[2]-openvswitch-test subpackages (bsc#1124435).
OBS-URL: https://build.opensuse.org/request/show/680119
OBS-URL: https://build.opensuse.org/package/show/network/openvswitch?expand=0&rev=174
- Version bump to 2.11.0+git20190123.ad83fc9ab. Some of the changes are:
* Linux datapath:
- Support for the kernel versions 4.16.x and 4.17.x.
* OpenFlow:
- OFPMP_TABLE_FEATURES_REQUEST can now modify table features.
* ovs-ofctl:
- "mod-table" command can now change OpenFlow table names.
* The environment variable OVS_SYSLOG_METHOD, if set, is now used
as the default syslog method.
* The environment variable OVS_CTL_TIMEOUT, if set, is now used
as the default timeout for control utilities.
* ovn:
- OVN-SB schema changed: duplicated IP with same Encapsulation type
is not allowed any more. Please refer to
Documentation/intro/install/ovn-upgrades.rst for the instructions
in case there are problems encountered when upgrading from an earlier
version.
- New support for IPSEC encrypted tunnels between hypervisors.
- ovn-ctl: allow passing user:group ids to the OVN daemons.
- IPAM/MACAM:
* add the capability to dynamically assign just L2 addresses
* add the capability to specify a static ip address and get the L2 one
allocated dynamically using the following syntax:
ovn-nbctl lsp-set-addresses <port> "dynamic <IP>"
* DPDK:
- Add support for DPDK 18.11
- Add support for port representors.
* Userspace datapath:
- Add option for simple round-robin based Rxq to PMD assignment.
It can be set with pmd-rxq-assign.
- Add support for Auto load balancing of PMDs (experimental)
- Added new per-port configurable option to manage EMC:
'other_config:emc-enable'.
* Add 'symmetric_l3' hash function.
* OVS now honors 'updelay' and 'downdelay' for bonds with LACP configured.
* ovs-vswitchd:
- New configuration option "offload-rebalance", that enables dynamic
rebalancing of offloaded flows.
* The environment variable OVS_RESOLV_CONF, if set, is now used
as the DNS server configuration file.
* RHEL packaging:
- OVN packages are split from OVS packages. A new spec
file - ovn-fedora.spec.in is added to generate OVN packages.
- Remove upstreamed patch:
* 0001-python-c-ext-Fix-memory-leak-in-Parser_finish.patch
- Remove DISABLE_RESTART_ON_UPDATE and DISABLE_STOP_ON_REMOVAL options (bsc#1117483).
OBS-URL: https://build.opensuse.org/request/show/668391
OBS-URL: https://build.opensuse.org/package/show/network/openvswitch?expand=0&rev=171
- Improve python packaging (bsc#1115085)
* Rename python*-openvswitch subpackages to python*-ovs to follow
the openSUSE policy that packages should be named after the modules
they install.
* Build the JSON C bindings and as a result the 'noarch' BuildArch
needs to be removed.
* Drop the python*-openvswitch-test packages and merge them with the
test subpackage
* Build the python bindings using setuptools
* Include the egg-info package.
* Use libopenvswitch as dependency to python bindings
OBS-URL: https://build.opensuse.org/request/show/648412
OBS-URL: https://build.opensuse.org/package/show/network/openvswitch?expand=0&rev=165
- Version bump to 2.10.1. Some of the changes are:
* dpif-netdev.at: Add missing backslash.
* ofproto-dpif-xlate: Avoid deadlock on multicast snooping recursion.
* dpif-netdev-perf: Print SMC statistics.
* dpif-netdev-unixctl: Change 'masked' to 'megaflow'.
* ovn-controller: Support processing DHCPv6 information request message type
* ovn-ctl: Fix the wrong pidfile argument passed to ovsdb-servers
* ovndb-servers.ocf: Add ssl support for managing OVN DB resources with pacemaker using LB VIP.
* ovn-ctl: Allow passing ssl certs when starting OVN DBs in ssl mode.
* expr: Disallow < <= >= > comparisons against empty value set.
* expr: Set a limit on the depth of nested parentheses
* ovn: Fix IPv6 DAD failure for container ports
* dpif-netdev: Add vlan to mask for flow_put operation.
* ovs-save: Parse geneve tlv map correctly.
* extend-table: Fix a bug that iterates wrong table
* odp-util: Fix a use-after-free bug.
* ofp-packet: Fix NXT_RESUME with geneve tunnel metadata
* dpif-netlink: Fix null pointer.
* ofproto-dpif-xlate.c: Fix uninitialized variable warning.
* dpif: Remove support for multiple queues per port.
* dpif-netlink: don't allocate per thread netlink sockets
* ovsdb-types: Refactor structs so as to comply with C++ standard
* bfd: Make the tp_dst masking megaflow-friendly.
* ovsdb-data: Improve grammar in error message.
* condition: Reject <, <=, >=, > with optional scalar against empty set.
* condition: Fix ==, !=, includes, excludes on optional scalars.
* netdev: Properly clear 'details' when iterating in NETDEV_QOS_FOR_EACH.
* lex: Fix buffer overrun parsing overlong hexadecimal constants.
* sflow: Set agent address properly based on collector address.
* ovsdb-client: Fix a bug that uses wrong index
OBS-URL: https://build.opensuse.org/request/show/643691
OBS-URL: https://build.opensuse.org/package/show/network/openvswitch?expand=0&rev=163
- Version bump to 2.10.0. Some of the changes are:
* ovs-vswitchd and utilities now support DNS names in OpenFlow and
OVSDB remotes.
* ovs-vswitchd:
- New options --l7 and --l7-len to "ofproto/trace" command.
- Previous versions gave OpenFlow tables default names of the form
"table#". These are not helpful names for the purpose of accepting
and displaying table names, so now tables by default have no names.
- The "null" interface type, deprecated since 2013, has been removed.
- Add minimum network namespace support for Linux.
- New command "lacp/show-stats"
* ovs-ofctl:
- ovs-ofctl now accepts and display table names in place of numbers. By
default it always accepts names and in interactive use it displays them;
use --names or --no-names to override. See ovs-ofctl(8) for details.
* ovs-vsctl: New commands "add-bond-iface" and "del-bond-iface".
* ovs-dpctl:
- New commands "ct-set-limits", "ct-del-limits", and "ct-get-limits".
* OpenFlow:
- OFPT_ROLE_STATUS is now available in OpenFlow 1.3.
- OpenFlow 1.5 extensible statistics (OXS) now implemented.
- New OpenFlow 1.0 extensions for group support.
- Default selection method for select groups is now dp_hash with improved
accuracy.
* ovn:
- Implemented icmp4/icmp6/tcp_reset actions in order to drop the packet
and reply with a RST for TCP or ICMPv4/ICMPv6 unreachable message for
other IPv4/IPv6-based protocols whenever a reject ACL rule is hit.
- ACL match conditions can now match on Port_Groups as well as address
sets that are automatically generated by Port_Groups. ACLs can be
OBS-URL: https://build.opensuse.org/request/show/631965
OBS-URL: https://build.opensuse.org/package/show/network/openvswitch?expand=0&rev=156