# Copyright (C) 2009, 2010, 2013, 2014 Nicira Networks, Inc.
# Copying and distribution of this file, with or without modification,
# are permitted in any medium without royalty provided the copyright
# notice and this notice are preserved. This file is offered as-is,
# without warranty of any kind.
# If tests have to be skipped while building, specify the '--without check'
# option. For example:
# rpmbuild -bb --without check rhel/openvswitch-fedora.spec
# This defines the base package name's version.
%define pkgname openvswitch2.17
%if 0%{?commit:1}
%global shortcommit %(c=%{commit}; echo ${c:0:7})
# Enable PIE, bz#955181
%global _hardened_build 1
# RHEL-7 doesn't define _rundir macro yet
# Fedora 15 onwards uses /run as _rundir
%if 0%{!?_rundir:1}
%define _rundir /run
# FIXME Test "STP - flush the fdb and mdb when topology changed" fails on s390x
# FIXME 2 tests fails on ppc64le. They will be hopefully fixed before official 2.11
%ifarch %{ix86} x86_64 aarch64
%bcond_without check
%bcond_with check
# option to run kernel datapath tests, requires building as root!
%bcond_with check_datapath_kernel
# option to build with libcap-ng, needed for running OVS as regular user
%bcond_without libcapng
# option to build with ipsec support
%bcond_without ipsec
# Build python2 (that provides python) and python3 subpackages on Fedora
# Build only python3 (that provides python) subpackage on RHEL8
# Build only python subpackage on RHEL7
%if 0%{?rhel} > 7 || 0%{?fedora}
# On RHEL8 Sphinx is included in buildroot
%global external_sphinx 1
# Don't use external sphinx (RHV doesn't have optional repositories enabled)
%global external_sphinx 0
Name: %{pkgname}
Summary: Open vSwitch
Group: System Environment/Daemons daemon/database/utilities
URL: http://www.openvswitch.org/
Version: 2.17.0
Release: 31%{?dist}
# Nearly all of openvswitch is ASL 2.0. The bugtool is LGPLv2+, and the
# lib/sflow*.[ch] files are SISSL
# datapath/ is GPLv2 (although not built into any of the binary packages)
License: ASL 2.0 and LGPLv2+ and SISSL
%define dpdkver 21.11
%define dpdkdir dpdk
%define dpdksver %(echo %{dpdkver} | cut -d. -f-2)
# NOTE: DPDK does not currently build for s390x
# DPDK on aarch64 is not stable enough to be enabled in FDP
%if 0%{?rhel} > 7 || 0%{?fedora}
%define dpdkarches x86_64 ppc64le
%define dpdkarches
%if 0%{?commit:1}
Source: https://github.com/openvswitch/ovs/archive/%{commit}.tar.gz#/openvswitch-%{commit}.tar.gz
Source: https://github.com/openvswitch/ovs/archive/v%{version}.tar.gz#/openvswitch-%{version}.tar.gz
Source10: https://fast.dpdk.org/rel/dpdk-%{dpdkver}.tar.xz
%define docutilsver 0.12
%define pygmentsver 1.4
%define sphinxver 1.2.3
%define pyelftoolsver 0.27
Source100: https://pypi.io/packages/source/d/docutils/docutils-%{docutilsver}.tar.gz
Source101: https://pypi.io/packages/source/P/Pygments/Pygments-%{pygmentsver}.tar.gz
Source102: https://pypi.io/packages/source/S/Sphinx/Sphinx-%{sphinxver}.tar.gz
Source103: https://pypi.io/packages/source/p/pyelftools/pyelftools-%{pyelftoolsver}.tar.gz
Patch: openvswitch-%{version}.patch
# The DPDK is designed to optimize througput of network traffic using, among
# other techniques, carefully crafted assembly instructions. As such it
# needs extensive work to port it to other architectures.
ExclusiveArch: x86_64 aarch64 ppc64le s390x
# Do not enable this otherwise YUM will break on any upgrade.
# Provides: openvswitch
Conflicts: openvswitch < 2.17
Conflicts: openvswitch-dpdk < 2.17
Conflicts: openvswitch2.10
Conflicts: openvswitch2.11
Conflicts: openvswitch2.12
Conflicts: openvswitch2.13
Conflicts: openvswitch2.14
Conflicts: openvswitch2.15
Conflicts: openvswitch2.16
# FIXME Sphinx is used to generate some manpages, unfortunately, on RHEL, it's
# in the -optional repository and so we can't require it directly since RHV
# doesn't have the -optional repository enabled and so TPS fails
%if %{external_sphinx}
BuildRequires: python3-sphinx
# Sphinx dependencies
BuildRequires: python-devel
BuildRequires: python-setuptools
#BuildRequires: python2-docutils
BuildRequires: python-jinja2
BuildRequires: python-nose
#BuildRequires: python2-pygments
# docutils dependencies
BuildRequires: python-imaging
# pygments dependencies
BuildRequires: python-nose
BuildRequires: gcc gcc-c++ make
BuildRequires: autoconf automake libtool
BuildRequires: systemd-units openssl openssl-devel
BuildRequires: python3-devel python3-setuptools
BuildRequires: desktop-file-utils
BuildRequires: groff-base graphviz
BuildRequires: unbound-devel
BuildRequires: systemtap-sdt-devel
# make check dependencies
BuildRequires: procps-ng
%if %{with check_datapath_kernel}
BuildRequires: nmap-ncat
# would be useful but not available in RHEL or EPEL
#BuildRequires: pyftpdlib
%if %{with libcapng}
BuildRequires: libcap-ng libcap-ng-devel
%ifarch %{dpdkarches}
BuildRequires: meson
%if 0%{?rhel} > 8 || 0%{?fedora}
BuildRequires: python3-pyelftools
# DPDK driver dependencies
BuildRequires: zlib-devel numactl-devel libarchive-devel
%ifarch x86_64
BuildRequires: rdma-core-devel >= 15 libmnl-devel
# Required by packaging policy for the bundled DPDK
Provides: bundled(dpdk) = %{dpdkver}
Requires: openssl iproute module-init-tools
#Upstream kernel commit 4f647e0a3c37b8d5086214128614a136064110c3
#Requires: kernel >= 3.15.0-0
Requires: openvswitch-selinux-extra-policy
Requires(pre): shadow-utils
Requires(post): /bin/sed
Requires(post): /usr/sbin/usermod
Requires(post): /usr/sbin/groupadd
Requires(post): systemd-units
Requires(preun): systemd-units
Requires(postun): systemd-units
Obsoletes: openvswitch-controller <= 0:2.1.0-1
%if 0%{?rhel}
# sortedcontainers are not packaged on RHEL yet, but ovs includes it
%global __requires_exclude ^python%{python3_version}dist\\(sortedcontainers\\)$
Open vSwitch provides standard network bridging functions and
support for the OpenFlow protocol for remote per-flow control of
%package -n python3-%{pkgname}
Summary: Open vSwitch python3 bindings
License: ASL 2.0
Requires: %{pkgname} = %{?epoch:%{epoch}:}%{version}-%{release}
Provides: python-%{pkgname} = %{?epoch:%{epoch}:}%{version}-%{release}
%description -n python3-%{pkgname}
Python bindings for the Open vSwitch database
%package test
Summary: Open vSwitch testing utilities
License: ASL 2.0
BuildArch: noarch
Requires: python3-%{pkgname} = %{?epoch:%{epoch}:}%{version}-%{release}
Requires: tcpdump
%description test
Utilities that are useful to diagnose performance and connectivity
issues in Open vSwitch setup.
%package devel
Summary: Open vSwitch OpenFlow development package (library, headers)
License: ASL 2.0
Requires: %{pkgname} = %{?epoch:%{epoch}:}%{version}-%{release}
%description devel
This provides shared library, libopenswitch.so and the openvswitch header
files needed to build an external application.
%if 0%{?rhel} == 8 || 0%{?fedora} > 28
%package -n network-scripts-%{name}
Summary: Open vSwitch legacy network service support
License: ASL 2.0
Requires: network-scripts
Supplements: (%{name} and network-scripts)
%description -n network-scripts-%{name}
This provides the ifup and ifdown scripts for use with the legacy network
%if %{with ipsec}
%package ipsec
Summary: Open vSwitch IPsec tunneling support
License: ASL 2.0
Requires: python3-%{pkgname} = %{?epoch:%{epoch}:}%{version}-%{release}
Requires: libreswan
%description ipsec
This package provides IPsec tunneling support for OVS tunnels.
%if 0%{?commit:1}
%setup -q -n ovs-%{commit} -a 10
%setup -q -n ovs-%{version} -a 10
%if ! %{external_sphinx}
%if 0%{?commit:1}
%setup -n ovs-%{commit} -q -D -T -a 100 -a 101 -a 102
%setup -n ovs-%{version} -q -D -T -a 100 -a 101 -a 102
%if 0%{?rhel} && 0%{?rhel} < 9
%if 0%{?commit:1}
%setup -n ovs-%{commit} -q -D -T -a 103
%setup -n ovs-%{version} -q -D -T -a 103
mv dpdk-*/ %{dpdkdir}/
# FIXME should we propose a way to do that upstream?
sed -ri "/^subdir\('(usertools|app)'\)/d" %{dpdkdir}/meson.build
%patch -p1
%if 0%{?rhel} && 0%{?rhel} < 9
export PYTHONPATH="${PWD}/pyelftools-%{pyelftoolsver}"
# Build Sphinx on RHEL
%if ! %{external_sphinx}
export PYTHONPATH="${PYTHONPATH:+$PYTHONPATH:}%{_builddir}/pytmp/lib/python"
for x in docutils-%{docutilsver} Pygments-%{pygmentsver} Sphinx-%{sphinxver}; do
pushd "$x"
python2 setup.py install --home %{_builddir}/pytmp
export PATH="$PATH:%{_builddir}/pytmp/bin"
%ifarch %{dpdkarches} # build dpdk
# Lets build DPDK first
cd %{dpdkdir}
%ifarch x86_64
%ifarch aarch64 x86_64
for driver in "${ENABLED_DRIVERS[@]}"; do
# As of 21.11-rc3, following libraries can be disabled:
# optional_libs = [
# 'bitratestats',
# 'gpudev',
# 'gro',
# 'gso',
# 'kni',
# 'jobstats',
# 'latencystats',
# 'metrics',
# 'pdump',
# 'power',
# 'vhost',
# ]
# If doing any updates, this must be aligned with:
# https://access.redhat.com/articles/3538141
for lib in "${DISABLED_LIBS[@]}"; do
%__meson --prefix=%{_builddir}/dpdk-build \
--buildtype=plain \
-Ddisable_libs="$disable_libs" \
-Denable_drivers="$enable_drivers" \
-Dplatform=generic \
-Dmax_ethports=1024 \
-Dmax_numa_nodes=8 \
-Dtests=false \
%__meson install -C %{_vpath_builddir} --no-rebuild
# FIXME currently with LTO enabled OVS tries to link with both static and shared libraries
rm -v %{_builddir}/dpdk-build/%{_lib}/*.so*
# Generate a list of supported drivers, its hard to tell otherwise.
DPDK drivers included in this package:
for f in %{_builddir}/dpdk-build/%{_lib}/librte_net_*.a; do
basename ${f} | cut -c12- | cut -d. -f1 | tr [:lower:] [:upper:]
For further information about the drivers, see
cd -
%endif # build dpdk
# And now for OVS...
mkdir build-shared build-static
pushd build-shared
ln -s ../configure
%configure \
%if %{with libcapng}
--enable-libcapng \
--disable-libcapng \
--disable-static \
--enable-shared \
--enable-ssl \
--with-pkidir=%{_sharedstatedir}/openvswitch/pki \
make %{?_smp_mflags}
pushd build-static
ln -s ../configure
%ifarch %{dpdkarches}
PKG_CONFIG_PATH=%{_builddir}/dpdk-build/%{_lib}/pkgconfig \
%configure \
%if %{with libcapng}
--enable-libcapng \
--disable-libcapng \
--enable-ssl \
%ifarch %{dpdkarches}
--with-dpdk=static \
--with-pkidir=%{_sharedstatedir}/openvswitch/pki \
make %{?_smp_mflags}
/usr/bin/python3 build-aux/dpdkstrip.py \
--dpdk \
< rhel/usr_lib_systemd_system_ovs-vswitchd.service.in \
> rhel/usr_lib_systemd_system_ovs-vswitchd.service
make -C build-shared install-libLTLIBRARIES DESTDIR=$RPM_BUILD_ROOT
make -C build-static install DESTDIR=$RPM_BUILD_ROOT
install -d -m 0755 $RPM_BUILD_ROOT%{_rundir}/openvswitch
install -d -m 0750 $RPM_BUILD_ROOT%{_localstatedir}/log/openvswitch
install -d -m 0755 $RPM_BUILD_ROOT%{_sysconfdir}/openvswitch
install -p -D -m 0644 rhel/usr_lib_udev_rules.d_91-vfio.rules \
install -p -D -m 0644 \
rhel/usr_share_openvswitch_scripts_systemd_sysconfig.template \
for service in openvswitch ovsdb-server ovs-vswitchd \
ovs-delete-transient-ports; do
install -p -D -m 0644 \
rhel/usr_lib_systemd_system_${service}.service \
%if %{with ipsec}
install -p -D -m 0644 rhel/usr_lib_systemd_system_openvswitch-ipsec.service \
install -m 0755 rhel/etc_init.d_openvswitch \
install -p -D -m 0644 rhel/etc_openvswitch_default.conf \
install -p -D -m 0644 rhel/etc_logrotate.d_openvswitch \
install -m 0644 vswitchd/vswitch.ovsschema \
%if 0%{?rhel} < 9
install -d -m 0755 $RPM_BUILD_ROOT/%{_sysconfdir}/sysconfig/network-scripts/
install -p -m 0755 rhel/etc_sysconfig_network-scripts_ifdown-ovs \
install -p -m 0755 rhel/etc_sysconfig_network-scripts_ifup-ovs \
install -d -m 0755 $RPM_BUILD_ROOT%{python3_sitelib}
cp -a $RPM_BUILD_ROOT/%{_datadir}/openvswitch/python/ovstest \
# Build the JSON C extension for the Python lib (#1417738)
pushd python
export CPPFLAGS="-I ../include -I ../build-shared/include"
export LDFLAGS="%{__global_ldflags} -L $RPM_BUILD_ROOT%{_libdir}"
[ -f "$RPM_BUILD_ROOT/%{python3_sitearch}/ovs/_json$(python3-config --extension-suffix)" ]
rm -rf $RPM_BUILD_ROOT/%{_datadir}/openvswitch/python/
install -d -m 0755 $RPM_BUILD_ROOT/%{_sharedstatedir}/openvswitch
install -d -m 0755 $RPM_BUILD_ROOT%{_prefix}/lib/firewalld/services/
install -p -D -m 0755 \
rhel/usr_share_openvswitch_scripts_ovs-systemd-reload \
touch $RPM_BUILD_ROOT%{_sysconfdir}/openvswitch/conf.db
# The db needs special permission as IPsec Pre-shared keys are stored in it.
chmod 0640 $RPM_BUILD_ROOT%{_sysconfdir}/openvswitch/conf.db
touch $RPM_BUILD_ROOT%{_sysconfdir}/openvswitch/system-id.conf
# remove unpackaged files
rm -f $RPM_BUILD_ROOT/%{_bindir}/ovs-benchmark \
$RPM_BUILD_ROOT/%{_bindir}/ovs-docker \
$RPM_BUILD_ROOT/%{_bindir}/ovs-parse-backtrace \
$RPM_BUILD_ROOT/%{_bindir}/ovs-testcontroller \
$RPM_BUILD_ROOT/%{_sbindir}/ovs-vlan-bug-workaround \
$RPM_BUILD_ROOT/%{_mandir}/man1/ovs-benchmark.1* \
$RPM_BUILD_ROOT/%{_mandir}/man8/ovs-testcontroller.* \
%if ! %{with ipsec}
rm -f $RPM_BUILD_ROOT/%{_datadir}/openvswitch/scripts/ovs-monitor-ipsec
# remove ovn unpackages files
rm -f $RPM_BUILD_ROOT%{_bindir}/ovn*
rm -f $RPM_BUILD_ROOT%{_mandir}/man1/ovn*
rm -f $RPM_BUILD_ROOT%{_mandir}/man5/ovn*
rm -f $RPM_BUILD_ROOT%{_mandir}/man7/ovn*
rm -f $RPM_BUILD_ROOT%{_mandir}/man8/ovn*
rm -f $RPM_BUILD_ROOT%{_datadir}/openvswitch/ovn*
rm -f $RPM_BUILD_ROOT%{_datadir}/openvswitch/scripts/ovn*
rm -f $RPM_BUILD_ROOT%{_includedir}/ovn/*
%if %{with check}
pushd build-static
touch resolv.conf
export OVS_RESOLV_CONF=$(pwd)/resolv.conf
if make check TESTSUITEFLAGS='%{_smp_mflags}' ||
make check TESTSUITEFLAGS='--recheck'; then :;
cat tests/testsuite.log
exit 1
%if %{with check_datapath_kernel}
pushd build-static
if make check-kernel RECHECK=yes; then :;
cat tests/system-kmod-testsuite.log
exit 1
%if 0%{?systemd_preun:1}
%systemd_preun openvswitch.service
if [ $1 -eq 0 ] ; then
# Package removal, not upgrade
/bin/systemctl --no-reload disable openvswitch.service >/dev/null 2>&1 || :
/bin/systemctl stop openvswitch.service >/dev/null 2>&1 || :
getent group openvswitch >/dev/null || groupadd -r openvswitch
getent passwd openvswitch >/dev/null || \
useradd -r -g openvswitch -d / -s /sbin/nologin \
-c "Open vSwitch Daemons" openvswitch
%ifarch %{dpdkarches}
getent group hugetlbfs >/dev/null || groupadd hugetlbfs
usermod -a -G hugetlbfs openvswitch
exit 0
if [ $1 -eq 1 ]; then
sed -i 's:^#OVS_USER_ID=:OVS_USER_ID=:' /etc/sysconfig/openvswitch
%ifarch %{dpdkarches}
sed -i \
chown -R openvswitch:openvswitch /etc/openvswitch
%if 0%{?systemd_post:1}
%systemd_post openvswitch.service
# Package install, not upgrade
if [ $1 -eq 1 ]; then
/bin/systemctl daemon-reload >dev/null || :
%if 0%{?systemd_postun:1}
%systemd_postun openvswitch.service
/bin/systemctl daemon-reload >/dev/null 2>&1 || :
%triggerun -- openvswitch < 2.5.0-22.git20160727%{?dist}
# old rpm versions restart the service in postun, but
# due to systemd some preparation is needed.
if systemctl is-active openvswitch >/dev/null 2>&1 ; then
/usr/share/openvswitch/scripts/ovs-ctl stop >/dev/null 2>&1 || :
systemctl daemon-reload >/dev/null 2>&1 || :
systemctl stop openvswitch ovsdb-server ovs-vswitchd >/dev/null 2>&1 || :
systemctl start openvswitch >/dev/null 2>&1 || :
exit 0
%files -n python3-%{pkgname}
%files test
%files devel
%exclude %{_libdir}/*.a
%exclude %{_libdir}/*.la
%if 0%{?rhel} == 8 || 0%{?fedora} > 28
%files -n network-scripts-%{name}
%dir %{_sysconfdir}/openvswitch
%config %ghost %verify(not owner group md5 size mtime) %{_sysconfdir}/openvswitch/conf.db
%ghost %attr(0600,-,-) %verify(not owner group md5 size mtime) %{_sysconfdir}/openvswitch/.conf.db.~lock~
%config %ghost %{_sysconfdir}/openvswitch/system-id.conf
%config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/sysconfig/openvswitch
%config(noreplace) %{_sysconfdir}/logrotate.d/openvswitch
%config %{_datadir}/openvswitch/local-config.ovsschema
%config %{_datadir}/openvswitch/vswitch.ovsschema
%config %{_datadir}/openvswitch/vtep.ovsschema
%ifarch %{dpdkarches}
%doc %{dpdkdir}/README.DPDK-PMDS
%attr(750,openvswitch,hugetlbfs) %verify(not owner group) /var/log/openvswitch
%attr(750,openvswitch,openvswitch) %verify(not owner group) /var/log/openvswitch
%ghost %attr(755,root,root) %verify(not owner group) %{_rundir}/openvswitch
%if (0%{?rhel} && 0%{?rhel} <= 7) || (0%{?fedora} && 0%{?fedora} < 29)
%if %{with ipsec}
%files ipsec
* Thu Jul 14 2022 Open vSwitch CI <ovs-ci@redhat.com> - 2.17.0-31
- Merging upstream branch-2.17 [RH git: bdc6c6696c]
Commit list:
13ac0bc7c6 tc: Fix misaligned access while creating pedit actions.
2c85d737a4 utilities/bashcomp: Fix incorrect file mode.
* Wed Jul 06 2022 Timothy Redaelli <tredaelli@redhat.com> - 2.17.0-30
- rhel: libarchive-devel is needed for DPDK to load compressed firmwares [RH git: 95331d366d]
Reported-by: David Marchand (david.marchand@redhat.com)
* Fri Jul 01 2022 Open vSwitch CI <ovs-ci@redhat.com> - 2.17.0-29
- Merging upstream branch-2.17 [RH git: d3c723a17e]
Commit list:
05e9d2b7a9 Pmd.at: fix dpcls and dpif configuration test cases.
* Thu Jun 30 2022 Ilya Maximets <i.maximets@redhat.com> - 2.17.0-28
- Merging upstream branch-2.17 [RH git: 9738f7f756]
Commit list:
45ecaa9e57 ovsdb: Add Local_Config schema.
redhat/template.spec.in updated with new files.
Signed-off-by: Ilya Maximets <i.maximets@redhat.com>
* Wed Jun 29 2022 Open vSwitch CI <ovs-ci@redhat.com> - 2.17.0-27
- Merging upstream branch-2.17 [RH git: 62ee0c2ec8]
Commit list:
61d64d3899 dpif-netdev: Fix leak of AVX512 DPIF scratch pad.
* Wed Jun 29 2022 Timothy Redaelli <tredaelli@redhat.com> - 2.17.0-26
- Fix REPO_URL [RH git: cf6a18b2bd]
* Wed Jun 29 2022 Open vSwitch CI <ovs-ci@redhat.com> - 2.17.0-25
- Merging upstream branch-2.17 [RH git: 27d62d7d3f]
Commit list:
a77ad9693c dpif-netdev: Refactor AVX512 runtime checks. (#2100393)
* Tue Jun 28 2022 Open vSwitch CI <ovs-ci@redhat.com> - 2.17.0-24
- Merging upstream branch-2.17 [RH git: f0e25fe3e6]
Commit list:
ccea7df578 dpif-netdev-extract-avx512: Protect GCC builtin usage.
807f7f994a ovs-tcpdump: Default to OVS_RUNDIR if present.
ec13b03ca3 ovsdb: Fix memory leak on error path in ovsdb_file_read__().
8b2dff2e34 odp-util: Ignore unknown attributes in parse_key_and_mask_to_match(). (#2089331)
13d97f6637 ofproto-dpif: Avoid unneccesary backer revalidation.
9b4035d699 lldp: Fix lldp memory leak.
d9351febc2 ipfix: Trigger revalidation if ipfix options changes.
5419b1de93 conntrack: Fix incorrect bit shift while hashing nat range.
1ab5f94a11 packets: Fix misaligned write to MPLS lse.
8e00be03c7 tc: Fix misaligned access to stats and time values.
3a1f5341ca odp-util: Fix unaligned access to tunnel id.
0c54c43b89 ofpbuf: Fix offsetting a NULL pointer in ofpbuf_reserve.
98edacb40c drop-stats.at: Fix frequent failures of the recursion too deep test.
cbc13ce4f7 odp_util: Fix parse_key_and_mask_to_match() vlan parsing.
* Tue Jun 21 2022 Open vSwitch CI <ovs-ci@redhat.com> - 2.17.0-23
- Merging upstream branch-2.17 [RH git: e2e0aac349]
Commit list:
73e6ce4925 Prepare for 2.17.3.
95979b0f0d Set release date for 2.17.2.
* Tue Jun 07 2022 Open vSwitch CI <ovs-ci@redhat.com> - 2.17.0-22
- Merging upstream branch-2.17 [RH git: ce91947e61]
Commit list:
250e1a6dd2 ofproto-dpif-xlate: Fix internal CT state for non-recirc traffic.
fe870ee072 classifier: Adjust segment boundary to execute prerequisite processing. (#2081773)
ec0ec464ba ovs-tcpdump: Fix error when stopping ovs-tcpdump.
* Tue May 31 2022 Open vSwitch CI <ovs-ci@redhat.com> - 2.17.0-21
- Merging upstream branch-2.17 [RH git: 6ff800a303]
Commit list:
420823e2af ofproto-dpif: Fix meter use-after-free.
c762da2623 ovs-rcu: Add ovsrcu_barrier.
cd9b6b64f4 dpif-netdev: Fix ALB 'rebalance_intvl' max hard limit.
64f6c49d25 dpif-netdev: Fix ALB parameters type mismatch.
b11b84ea7f dpdk: Use DPDK 21.11.1 release.
d3bf48e9a9 raft: Don't use HMAP_FOR_EACH_SAFE when logging commands.
* Thu May 26 2022 Open vSwitch CI <ovs-ci@redhat.com> - 2.17.0-20
- Merging upstream branch-2.17 [RH git: 77f2886b02]
Commit list:
e07377bb49 ovsdb: raft: Fix transaction double commit due to lost leadership. (#2046340)
5da86cb360 dynamic-string: Fix undefined behavior due to offsetting null pointer.
369e688908 Revert "odp-util: Always report ODP_FIT_TOO_LITTLE for IGMP."
18341166ed ofproto-dpif-xlate: Fix netdev native tunnel neigh discovery spa.
748e4b2b5b ovs-router: Expose the ovs_router_get_netdev_source_address function.
34390bb35c ofproto-dpif: Trigger revalidation if ct tp changes.
* Wed May 25 2022 Open vSwitch CI <ovs-ci@redhat.com> - 2.17.0-19
- Merging upstream branch-2.17 [RH git: 993b9ca4b4]
Commit list:
1adb07e206 Carefully release NBL in Windows
* Thu May 19 2022 Open vSwitch CI <ovs-ci@redhat.com> - 2.17.0-18
- Merging upstream branch-2.17 [RH git: 868b675dfd]
Commit list:
1ccaba4484 tests: Properly kill ovsdb test processes.
260b091c2a ovs-save: Get highest ofp version error.
7606bb1210 netdev-linux: Properly access 32-bit aligned rtnl_link_stats64 structs.
0688b9f27d treewide: Avoid offsetting NULL pointers.
92bcf0a823 treewide: Fix invalid bit shift operations.
* Wed May 04 2022 Open vSwitch CI <ovs-ci@redhat.com> - 2.17.0-17
- Merging upstream branch-2.17 [RH git: e16db3efbf]
Commit list:
7fa76371de utilities: Handle dumping packets in GDB TUI.
8cac8baa8f ofproto-dpif-xlate: Remove mirror assert.
e0e8f0c546 netdev-dpdk: Fix tx drops statistic for a down netdev.
f9b5f8a781 netdev-dpdk: Remove a leftover lock annotation.
4c3976ff2a netdev-dpdk: Refactor the DPDK transmit path.
* Wed May 04 2022 Open vSwitch CI <ovs-ci@redhat.com> - 2.17.0-16
- Merging upstream branch-2.17 [RH git: ca8c5adb3e]
Commit list:
410b97c839 netdev-offload-dpdk: Fix ethernet type for VLANs.
7948312feb netdev-offload-dpdk: Use has_vlan match attribute.
* Mon May 02 2022 Open vSwitch CI <ovs-ci@redhat.com> - 2.17.0-15
- Merging upstream branch-2.17 [RH git: e706ea8148]
Commit list:
522c46884d python: idl: Raise AttributeError from uuid_to_row.
cb24c524e4 ofproto-dpif-xlate: Clear out vlan flow fields while processing native tunnel. (#2060552)
a665b75dec dpif-netdev-avx512: Fix overflow of UINT32_C(1).
* Thu Apr 28 2022 Timothy Redaelli <tredaelli@redhat.com> - 2.17.0-14
- vhost: fix queue number check when setting inflight FD [RH git: 2ac21853a2]
[ upstream commit 6442c329b9d2ded0f44b27d2016aaba8ba5844c5 ]
In function vhost_user_set_inflight_fd, queue number in inflight
message is used to access virtqueue. However, queue number could
be larger than VHOST_MAX_VRING and cause write OOB as this number
will be used to write inflight info in virtqueue structure. This
patch checks the queue number to avoid the issue and also make
sure virtqueues are allocated before setting inflight information.
Fixes: ad0a4ae491fe ("vhost: checkout resubmit inflight information")
Reported-by: Wenxiang Qian <leonwxqian@gmail.com>
Signed-off-by: Chenbo Xia <chenbo.xia@intel.com>
Reviewed-by: Maxime Coquelin <maxime.coquelin@redhat.com>
* Thu Apr 28 2022 Timothy Redaelli <tredaelli@redhat.com> - 2.17.0-13
- vhost: fix FD leak with inflight messages [RH git: bff69b098f]
[ upstream commit af74f7db384ed149fe42b21dbd7975f8a54ef227 ]
Even if unlikely, a buggy vhost-user master might attach fds to inflight
messages. Add checks like for other types of vhost-user messages.
Fixes: d87f1a1cb7b6 ("vhost: support inflight info sharing")
Signed-off-by: David Marchand <david.marchand@redhat.com>
Reviewed-by: Maxime Coquelin <maxime.coquelin@redhat.com>
* Wed Apr 27 2022 Open vSwitch CI <ovs-ci@redhat.com> - 2.17.0-12
- Merging upstream branch-2.17 [RH git: 7a9f21a896]
Commit list:
60e7badd6e dpif-netdev-avx512: Fix ubsan shift error in bitmasks.
9cc329ec5b python: Politely handle misuse of table.condition.
0631be2b5a ofproto-xlate: Fix crash when forwarding packet between legacy_l3 tunnels.
df97903099 system-traffic: Fix fragment reassembly with L3 L4 protocol information.
ba159ee0f9 cirrus: Update FreeBSD versions.
* Thu Apr 21 2022 Timothy Redaelli <tredaelli@redhat.com> - 2.17.0-11
- Set RTE_ETH_MAXPORTS to 1024 [RH git: c02e6bcdc4] (#2077451)
Resolves: #2077451
* Wed Apr 13 2022 Timothy Redaelli <tredaelli@redhat.com> - 2.17.0-10
- redhat: network-scripts are gone in RHEL9 [RH git: 613e0e5190]
* Fri Apr 08 2022 Open vSwitch CI <ovs-ci@redhat.com> - 2.17.0-9
- Merging upstream branch-2.17 [RH git: 4b4333522a]
Commit list:
bd1a3b6b49 Prepare for 2.17.2.
41bb202fb3 Set release date for 2.17.1.
8f42d4f597 NEWS: Highlight libopenvswitch API change caused by UB fixes.
* Fri Apr 08 2022 Open vSwitch CI <ovs-ci@redhat.com> - 2.17.0-8
- Merging upstream branch-2.17 [RH git: 11b19654f7]
Commit list:
14301b3a3c netdev-offload-tc: Check for ct_state flag combinations that are not offloadable.
* Mon Apr 04 2022 Open vSwitch CI <ovs-ci@redhat.com> - 2.17.0-7
- Merging upstream branch-2.17 [RH git: 6cd8201ead]
Commit list:
3a2eef7927 python: idl: Set cond_changed to true if condition change requested.
d05ccf288d dpif-netdev: Fix dp_netdev_get_pmd() function getting correct core_id.
79e291f983 alb.at: Add tests for cross-numa polling.
9c3b74fb24 dpif-netdev: Fix PMD auto load balance with pmd-rxq-isolate.
8580ff9ddd pmd.at: Add tests for multi non-local numa pmds.
6bf4eeddbb dpif-netdev: Fix non-local numa selection for more than two numas.
c41434b3b7 dpif-netdev: Fix typo in function name.
e0aa5e1329 python: idl: Set cond_changed to false if last id is zero.
8da40d31c7 ofproto-dpif-xlate: Fix NULL pointer dereference in xlate_normal().
63a903ab42 ofproto/ofproto-dpif: Fix dpif_type for userspace tunnels.
* Mon Apr 04 2022 Timothy Redaelli <tredaelli@redhat.com> - 2.17.0-6
- downstream: Enable usdt probes in build [RH git: b366bbed8f]
Fixes: BZ1840877
* Thu Mar 31 2022 Michael Santana <msantana@redhat.com> - 2.17.0-5
- redhat/makefile: fix support for more rhel versions [RH git: 7c8bb3babb]
Signed-off-by: Michael Santana <msantana@redhat.com>
* Thu Mar 31 2022 Open vSwitch CI <ovs-ci@redhat.com> - 2.17.0-4
- Merging upstream branch-2.17 [RH git: 95e1c005d2]
Commit list:
14d54eb8b6 sset: add SHORT version of SAFE loop macros.
f0e63b115f sparse: bump recommended version and include headers.
70b87cf722 idlc: support short version of SAFE macros.
3777ed90c9 rculist: use multi-variable helpers for loop macros.
bb52e9bebf hindex: remove the next variable in safe loops.
7d6cbfa24b hindex: use multi-variable iterators.
97ad96b63a cmap: use multi-variable iterators.
cd62fda22d hmap: use short version of safe loops if possible.
d56bfd7521 hmap: implement UB-safe hmap pop iterator.
e2c8354861 hmap: use multi-variable helpers for hmap loops.
897d6647e6 list: use short version of safe loops if possible.
979a9eb5b5 list: use multi-variable helpers for list loops.
6bacf802c6 util: add helpers to overload SAFE macro.
f127123d66 util: add safe multi-variable iterators.
38e73f0b68 util: add multi-variable loop iterator macros.
e91edf4568 ovsdb: raft: Fix inability to read the database with DNS host names. (#2055097)
2404d45367 system-traffic.at: Fix flaky DNAT load balancing test.
6b8adfdd8d dpif-netdev: Keep orig_in_port as a field of the flow.
6098b7f250 tests: Fix incorrect usage of OVS_WAIT_UNTIL.
cf9018d373 odp-util: Fix output for tc to be equal to kernel.
992de24063 netdev-offload-tc: Fix IP and port ranges in flower returns.
7e26796c03 netdev-offload-tc: Fix use of ICMP values instead of masks defines.
e319e27064 netdev-offload-tc: Always include conntrack information to tc.
51ef81ad78 netdev-offload-tc: Check for valid netdev ifindex in flow_put.
974253dc2e netdev-offload-tc: Set the correct VLAN_VID and VLAN_PCP masks.
c43c159aea netdev-offload-tc: Add debug logs on tc rule verify failures.
d34622a03b tc: Keep header rewrite actions order.
5255713d1f faq: Update OVS/DPDK version table for OVS 2.15/2.16
05cf36a620 system-dpdk: Fix mfex autovalidator tests.
87540e3b9f ofp-prop: Silence the 'may be uninitialized' warning.
812164adef tests: Ignore log about failing to set NETLINK_EXT_ACK.
ae51ccc12c ovsdb-cluster.at: Avoid test failures due to different hashing.
f33cde23c7 ofproto: Use xlate map for uuid lookups.
6ac255496c ofproto: Add refcount to ofproto to fix ofproto use-after-free.
db0cc8be38 ofproto-dpif: Trigger revalidation when ipfix config set.
31b86e5c98 conntrack: Prefer dst port range during unique tuple search.
b761b532c3 conntrack: Select correct sport range for well-known origin sport.
78bd058c36 ipsec: StrongSwan report connection update failures to ovs logs.
aa05596dfb ipsec: Libreswan report connection failures to ovs logs.
427776ceae system-tso: Skip encap tests when userspace TSO is enabled.
66d16e2883 tc: Fix stats byte count on fragmented packets.
b63c41f31f compat: Add gen_stats include to define tc hw stats.
c531b3828f ovsdb: raft: Fix inability to join the cluster after interrupted attempt. (#2033514)
498cedc483 reconnect: Fix broken inactivity probe if there is no other reason to wake up.
5dc1423d80 datapath-windows: Fix NXM_OF_IP_TOS issue
91c0f0068d Prepare for 2.17.1.
* Wed Mar 30 2022 Timothy Redaelli <tredaelli@redhat.com> - 2.17.0-3
- redhat: fix setup on RHEL8 [RH git: 769c7d89ac]
* Wed Mar 30 2022 Timothy Redaelli <tredaelli@redhat.com> - 2.17.0-2
- rhel: avoid including sortedcontainers [RH git: 3c5b820d14]
* Mon Feb 21 2022 Timothy Redaelli <tredaelli@redhat.com> - 2.17.0-1
- redhat: Imported Red Hat build files. [RH git: 00b5f7b51b]