When Open vSwitch is configured to use a controller, but is unable to
connect to it, Open vSwitch will setup flows to allow all traffic, if
the failure mode is not configured, or set to standalone.
As this might be a security hazard, it is also possible to configure
Open vSwitch in a secure failure mode. Enabling this mode causes Open
vSwitch to drop all traffic if it is unable to connect to the
controller.
Redirect stderr of the command to /dev/null as it does not support the
--if-exists option.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Due to a copy-paste error, libopenvswitch is missing a dependency when
Open vSwitch is configured to use unbound:
Package openvswitch-libopenvswitch is missing dependencies for the following libraries:
libunbound.so.8
Use the correct config symbol to solve this.
Fixes: 45c8cc9d8a ("openvswitch: make libunbound optional")
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Add a UCI config option to set the OpenFlow datapath description. This
allows setting a human readable description of the bridge, e.g.
"Building x, Floor y, AP z", which makes it easier to recognize the AP.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Open vSwitch supports SSL to connect to an OpenFlow controller. This is
recommended for security. Expand the UCI ovs config section to allow
configuring SSL CA, certificate and private key.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
By default, Open vSwitch will generate the OpenFlow datapath ID of a
bridge based on the MAC address of one of its ports. Due to this, it's
possible that the datapath ID changes when new ports are added. When the
datapath ID changes, Open vSwitch disconnects from the controller, as
there is no way to notify the controller that the datapath ID has
changed.
Add an option to set the datapath ID so that the above situation can be
avoided. The option takes either exactly 16 hex characters, or when
prefixed with 0x, between 1 and 16 hex characters.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
The config symbol is named CONFIG_OPENVSWITCH_WITH_LIBUNBOUND, so check
for that instead of the non-existent CONFIG_OPENVSWITCH_WITH_UNBOUND.
Fixes: 45c8cc9d8a ("openvswitch: make libunbound optional")
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Installing openvswitch on an x86/64 snapshot image pulls in a bunch of
dependencies, good for a total size of 3648406 byte. Disabling
libunbound reduces that with 559941 byte, for a total of 3088465 byte.
This is quite a big reduction for a small tradeoff: without libunbound,
hostnames can not be used to specify OpenFlow managers or controllers.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
The current way to add ports to an Open vSwitch bridge does not allow
complex port configurations. Use a dedicated uci config section per port
instead of the current port:type syntax. This way we can easily support
more features like setting the VLAN tag or the OpenFlow port number.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Quote NEWS item
> - Building the Linux kernel module from the OVS source tree is
> deprecated
> * Support for the Linux kernel is capped at version 5.8
> * Only bug fixes for the Linux OOT kernel module will be accepted.
> * The Linux kernel module will be fully removed from the OVS source
> tree
> in OVS branch 2.18
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Support for kernel 4.14 has been removed in main repo, so drop the
dependencies here as well (and those for even older 4.9).
Also drop a patch that is required only for 4.14 and lower.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
This is to make explicit the conditional select of libunwind is only
needed for libopenvswitch. If we spill it over other packages, the
generated kconfig will have recursive dependency issue. 2 new patches
were made for this goal
The other thing is that "+libunwind" will cause it to be built if any of the
packages defined in this Makefile is enabled (y or m). This is at the moment
by-design of the build system.
Libunwind does not support architectures like arc. Use conditional select To
avoid (libunwind) build failures like the following,
checking for ELF helper width... configure: error: Unknown ELF target: arc
make[3]: *** [Makefile:65: /data/openwrt/build_dir/target-arc_arc700_uClibc/
libunwind-1.3.1/.configured_68b329da9893e34099c7d8ad5cb9c940] Error 1
Things like "+PACKAGE_openvswitch-libopenvswitch:libunwind" will also result in
recursive deps error for chains of 3 nodes. Kconfig construct like the
following will be made
config A
tristate
select B
depends on !(C) || (x)
config B
tristate
select C
config C
tristate
config x
bool
Other changes include
- Shared use of variable ovs__common_depends was removed
- Ovn doc build was patched out
Link: https://github.com/openwrt/packages/pull/12959#issuecomment-665021413
Reported-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
This new config section in package openvswitch
supports creating a named bridge, and setting
its' OpenFlow controller end-point.
An example config is included in /rom/etc/config/openvswitch
Signed-off-by: Simon Kinane <skinane@fb.com>
This is needed since openvswitch 2.13 commit 2a97891eb23b
("Documentation: Work with sphinx-build for Python 3 also.")
The 4th patch was also reworked to serve as another guard
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
This removes Python-related build variants, and adds
PYTHON3_PKG_BUILD:=0 and minor build adjustments (where appropriate),
for non-Python packages. There should be no changes to build output.
This also updates some include paths for python3-package.mk and/or
python3-host.mk to be relative to the package Makefile.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Phase 2 buildbots with this option enabled will cleanup openvswitch
build dir which is needed later when building ovn
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
This is to address the need that openvswitch starting with 2.13 now
depends on libunwind for handling SIGSEGV (upstream commit e2ed6fbeb18
("fatal-signal: Catch SIGSEGV and print backtrace"))
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
python2 library is now removed as the transition has been done by the
upstream project
OVN is now a separate project released with its own release plan and
it's not included within openvswitch starting with ovs 2.13.
openvswitch.mk is split out from the main Makefile for adding ovn
packages back in following commits.
The following two patches are already included in 2.13
- ovsdb-idlc-fix-dict-change-during-iteration.patch
- compat-Include-confirm_neigh-parameter-if-needed.patch
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Condition testing for Linux version 4.14 is spelled LINUX_4_14, not
LINUX_4.14, so the checks were ineffective up to this change.
This Fixes the following error which appeared after update to 2.12.0,
when built against kernel 4.14:
Package kmod-openvswitch-intree is missing dependencies for the
following libraries:
tunnel6.ko
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
This is required for conntrack zone limit support. Linux upstream
commit is 11efd5cb ("openvswitch: Support conntrack zone limit")
Ref: https://github.com/openwrt/packages/issues/9274#issuecomment-507181166
Reported-by: Lech Perczak <lech.perczak@gmail.com>
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
The nsh.ko requirement was introduced in kernel 4.15. Currently there
are 3 kernel versions in base system, 4.9, 4.14, 4.19
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
This is a workaround to prevent the whole build from failing because of
the intree kmods are not supported yet by upstream project.
Root cause is that kernel version should not play a part when making
DEPENDS as the generated kconfig was for all targets that may have
different kernel versions.
One less than ideal effect of this change is that for an unsupported
kernel version, people can still select the intree kmod but it won't be
built. This may contradict expectation if the warning was not noticed
by them
Resolvesopenwrt/packages#9274
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
The following patches are in upstream now
0100-netdev-linux-Use-unsigned-int-for-ifi_flags.patch
0103-ovs-ctl-fix-setting-hostname.patch
0106-ovs-save-compatible-with-busybox-ip-command.patch
0107-datapath-use-KARCH-when-building-linux-datapath-modu.patch
As for 0001-musl-compatibility.patch, the net/if_packet.h part does not
apply anymore. And musl is not relevant as we use libatomic from gcc
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Open vSwitch 2.10 introduces meters support to the kernel datapath. In
upstream Linux, the feature is only available since 4.15
This is mainly for make the newly introduced meter features in linux
kernel datapath more easily available
root@OpenWrt:/# ovs-ofctl -OOpenFlow13 meter-features br0
OFPST_METER_FEATURES reply (OF1.3) (xid=0x2):
max_meter:4294967295 max_bands:1 max_color:0
band_types: drop
capabilities: kbps pktps burst stats
root@OpenWrt:/#
Size comparison between in-tree and upstreamed modules are attached
2800 Sep 5 08:47 ipkg-mips_24kc/kmod-openvswitch-geneve-intree/lib/modules/4.14.67/vport-geneve.ko
2736 Sep 5 08:47 ipkg-mips_24kc/kmod-openvswitch-geneve/lib/modules/4.14.67/vport-geneve.ko
2596 Sep 5 08:47 ipkg-mips_24kc/kmod-openvswitch-gre-intree/lib/modules/4.14.67/vport-gre.ko
2536 Sep 5 08:47 ipkg-mips_24kc/kmod-openvswitch-gre/lib/modules/4.14.67/vport-gre.ko
288320 Sep 5 08:47 ipkg-mips_24kc/kmod-openvswitch-intree/lib/modules/4.14.67/openvswitch.ko
118984 Sep 5 08:47 ipkg-mips_24kc/kmod-openvswitch/lib/modules/4.14.67/openvswitch.ko
2792 Sep 5 08:47 ipkg-mips_24kc/kmod-openvswitch-lisp-intree/lib/modules/4.14.67/vport-lisp.ko
2788 Sep 5 08:47 ipkg-mips_24kc/kmod-openvswitch-stt-intree/lib/modules/4.14.67/vport-stt.ko
3668 Sep 5 08:47 ipkg-mips_24kc/kmod-openvswitch-vxlan-intree/lib/modules/4.14.67/vport-vxlan.ko
3400 Sep 5 08:47 ipkg-mips_24kc/kmod-openvswitch-vxlan/lib/modules/4.14.67/vport-vxlan.ko
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
- initscript: skip when ctl scripts are absent. When only ovs is
installed, this will quash error messages of ovn-ctl not found when
invoking stop
- openvswitch-common: include ovs-kmod-ctl
- patches: ovs-save: compatible with busybox ip command
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
This was introduced in Open vSwitch 2.10 in commit 771680d ("DNS: Add
basic support for asynchronous DNS resolving")
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Do not call library initialization when compiling with openssl 1.1.
The package generates the C source files for its DH parameters at
compile time using the host installed openssl. This patch adds a DH
source, using the same parameters, compatible with openssl 1.0 and 1.1.
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>