ovn-doc-23.03.0-150600.33.3.1<>,JgrGp9|?TAlan=%;5`C^-X984DQFOUPI9t|@5ЕֽG:b?%S"|LDPh-:8zz~8L@n\'j+T a+qrDPI'Bµ|ؙοv5VNwK?QǤgXjf׽IKur!7:40&EG` uq3R+嗢(S1nݰu;AX?AHd   Cpt NPN N N N NN NNZNN@HX(8j9j:%CjF2`G2tNH3NI4NX54Y58\5PN]6N^;b=5c=d>de>if>ll>nu>Nv?z@@@AADCovn-doc23.03.0150600.33.3.1Open Virtual Network DocumentationContains additional documentation for OVN.grGh03-ch2d SUSE Linux Enterprise 15SUSE LLC Apache-2.0https://www.suse.com/System/Librarieshttp://openvswitch.org/linuxnoarch)Z9.AC r 6|PT+lH C -]+f; ]#f,.P8-G& ?F H3CrI&lAA큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤grGgrGgrGgrGgrGgrGgrGgrGgrGgrGgrGgrGgrGgrGgrGgrGgrGgrGgrGgrGgrGgrGgrGgrGgrGgrGgrGgrGgrGgrGgrGgrGgrGgrGgrGgrGgrGgrGgrGgrGgrGgrGgrGgrGgrGgrGgrGgrGgrGgrGgrGgrGgrGgrGgrGgrGgrGgrGgrGgrGgrGgrGgrGgrGgrGgrGgrGgrGgrGgrGgrGgrGgrGgrGgrGgrGgrGgrG2222862ddad5fc56b0161b07d423b995a09a3cdf773a66eaefdc98c588265bb2e8b0ea6f7b3ffc1af27fa191c4839994eb31578053e00bb0764c12ae80bc273c681ec2477cb4cd49c398ad654a3daa8079791614427049ac6b17af953d25e0d5ee3cb2daaa8fd5c2e722e720d068ca1b4e4f393d06e68e982cb09f72ae2b5b9e40cf1c59bb49ef042040a723f60de36d2013f19cf8a3df24b647a9a7905f1f5f546547a9d8eb3d17326e31124319c6532f2a1274174467244135612605c32f9c7e15a159eb8a852398a832019cdba4b1b67d761b70dfe25470391fe98f8f56d819253a00345f6c48e337cdf2b3f117b290528045a18db2527e2653244c16ae4b3bd0c1e998a1849d1da4a161311f3174c348a18f3dc662b48da69944c00ad9c697cc451ac92580ee40a9b601bd8faecf9fc0ce059543b0f43ca6850d57581c9ead04ebaffff99285d6433fdc47cea214b834bf805bcfd0a5c1516c8fd38aba5434fe5a19fc98dc8a476568becdbba46ecc000e7bdbbd79928471b5e1a98025203eed4d240928787763202d710239b2120a8b3e2d5d1b4f889b3f59c57fefdddcc47498fff7831c38d50edad31910a7ec579d74072b294ae25639f06c86a57f969f28b97da791ec91a9f425a3ace788c6525447a01673041d9a87d3f94019b4166cbd7dbe4c599aede7fe11adc1494f0f3bcd926e621adf75e57b1eb5aa57a42e19fdd2ffdb6d214486b94724de35278c33fff7545ddd528643a1219207bfdabdfc0da9cb785f2c15e4b8377c49895254ea11d0379ad90cb78f936c6ea78188c58eb62e78067f871ee5fce2895aeff2de864252c72d443e17cd4fd447dca46a0d4d3e9526a19d5822d729107efa5d946ce5f085885e5a2e04489e61982f1089b467a2f6192d3eb65e5e8655a58544b23e4f775b7276fe8611e241bd32f8ae5c929046c15c4525da43211fe95d6255f7c1b87f9abf6f26ea45639e529745f7d6fc328a1aabef12deaeecc8f8ee2c7c243cc99324771ffdeb3a063cbf56351d4b3af8fb6ea85366fae5a2eb8b6eb7a4b1e66234d99f98bf4ab0add5d8f173f109a044c65a95b78c97d0781d83cd3964969c0c1642ebb4beb4d2b59e1fc9c9a77e146d539e697bc49aa2e94e5c2e123cf42410568a1b2b31737988f73356ee94665b1bc7cb6398e2193d6342ed4c2b78a7a28781a5de647a1c169f030357e46e75c3ca5a027e5539c44c16c1c90e3cedfc56998d6a6696b8312d7dc00b0e4bc0b6cdd03b7d023f26738d5821a938bfe85d56f2d8d71a2bca76925612c756880921ef495a3d12bc39802310f1f202257c799a1f0762dbe5af0dfe040994da1f112058b46ad4030e3ec363adbef8fa3e225bd3d9553d66219b1f5d6c25290556d3b8ede086dbefd851f27db6cc0dad723dd8d3107ea1eeddb7172b77b67b71fc0d1851da33b753573915b4e850960e16341032cef42c2198b3c53b88108ad11c0421aa6ef32a3fd9aa46d459d528a4dd9b6f84575572dfccb114ac7da57701c42fecf1fcf35b4d3b8face603550d125b11f6d8b6d88faec2fae28a323ec1562c2758d6a55675c75acc399789c996500333247d999e543e47e89586b43aa2f16ca456d21c1d646e3530c0cd191b7d166363101d79e5d4e9e0593e3011be84c24b09a1f7eb95e6580247420dc18237d7fc53863466a71244cd544c1820a216318fb2bed50af6fe0fc792e751f2b1bd3076bce50268607810dafa5ca240d76ccfc4a83d1fe6a8a0a27abfd98ad10f8ef676a89e1a101c38b626ab9fcc15b4f4df846c124ff79f81382d4bddd71718dfac98cbc5a6b663494e05258563d9ea0581399593e3feaeaed79528c76eb3cfb227d8748f969265c794a9f0c2c42385fa229c156608a4fccc8536c9007e812eacf9a608200f6e7024e81bb5c2e0aa5b4cb457410997c4c269c4cbb0ee7fe4be61a6b5f33df36a629e35359f39cf4ee344569ef1a28eda06bcb5a22580edc399491f2bbdac75d04319f1c35f181cc121d4ff46ca3f644be55b8a5d210696c4a184b24d98ad294d315c97a7fe9a8e18bb30d7bedc6dfdde3c79f46d44d07f6ebd7e3eb81de59c2b287a5236756a7752532ae63b3d4265a6baea50e7696cef79ac1ef813c81017b98d0f42153080edd2a75467eaa01e382adc4d7779ea369fd9540e68f900e06e7ec60fb41638f1ce308d9c565947cae8665dde710aee9c285cc1b512b006070d6a25138f7fb205d02d08e4e03675551c5e8d2c2ca8c09d62f700a272d2b7b3033fe74df351e7236db0bc811acf76fb756daa1e5e808e436d3eaa9678e17b394e11fa888c39a5be8f597a1f577ca4bba65adf85c10595f967abc1e4c198e46e9c122c31647d9c67d6e8e94401716826c50e26ae2bd8fa7a2ccb48b2cb51c60b1ddd4b63b2c7575758ba282c81b42c930a35eec70b5176a20177b0054d2fba39416f0d648bdf4a4b0d2c74a44cdb89498770aa127a33a812bd13749af959d8b856fc6afb3e47e5055a0c983b8e8fe87e5aca045bf40d6251da8166aeca99c9379512bac2d1bf566ee7ef0205d651da38fbf42dc965b71ce240efc0939bfd2e152782fa8d64a28f529626c799a3430a1f344a82c0250f31cd02c80587cf7c6ea1593a9d137a5a024b80b43c7d40532a31c534d99b82cdecc814b650df37c5e0e75145cadb2f4983e84472041ec62f5a5849dd989a2a823d31045b95f77e9e0f93b4e8a6971d091035b8cf2f7c98342e4f62dc2e6cc3a0a7af0079d2a7a3c5b0126ba560b0880c8c67e8614249eb1813a6ce5e6b8895829d58e31fe1887277823394ee021e2735330fb40e10280d44761c53b043f2caf79c38abc69bbc3eb49f9bca3128b3dd9761d8992874eef15267a6e0a2f287042daad0cfb2b8933ea9ac42606dbc75ac8664bacb868493b5153733earootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootopenvswitch-3.1.0-150600.33.3.1.src.rpmovn-doc    rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)3.0.4-14.6.0-14.0-15.2-14.14.3gX-@e}@eez@em@d@dddP@d-bc5c@bc@b~H@bbbI@b/.@b+9b%bgb@b@` @``&m_F@_s!_N7^b^א^^E:@]@]L]-@] u@\F@\!\@\\|\w@\f\I\I\Db[@[%@[ͻ[@[[9@[ug@[@[ @ZZ@ZZZI@Z@ZTZC@Z'Z@Y5Y@@YJYyYoIY`@Y^&@Y)j@Xf@X8'X2X&WH@WWίW]@W"WWzOWs@WrfWj}Wi,@WH6WF@WBW>@W=W+5VbV3VV޾VxV'@VՄ@V͛@V͛@V͛@VGTTFJDuraisankar.pitchumani@suse.comDuraisankar.pitchumani@suse.comDuraisankar.pitchumani@suse.comdmueller@suse.comana.guerrero@suse.comDuraisankar.pitchumani@suse.comDuraisankar.pitchumani@suse.comdimstar@opensuse.orgDuraisankar.pitchumani@suse.comdmueller@suse.comandreas.stieger@gmx.dedmueller@suse.comdimstar@opensuse.orgrpm@fthiessen.derpm@fthiessen.derpm@fthiessen.derpm@fthiessen.dedmueller@suse.comrpm@fthiessen.derpm@fthiessen.derpm@fthiessen.dedmueller@suse.comjcaamano@suse.comjcaamano@suse.comjcaamano@suse.comjcaamano@suse.comjcaamano@suse.comjcaamano@suse.comjcaamano@suse.comjcaamano@suse.comdmueller@suse.comjcaamano@suse.comjcaamano@suse.comjcaamano@suse.comjcaamano@suse.comjcaamano@suse.comjcaamano@suse.comjcaamano@suse.comjcaamano@suse.comjengelh@inai.dejcaamano@suse.comjcaamano@suse.comjcaamano@suse.comJaime Caamaño (jcaamano@suse.com)tbechtold@suse.comjcaamano@suse.commchandras@suse.demchandras@suse.demchandras@suse.demchandras@suse.demchandras@suse.demchandras@suse.demchandras@suse.demchandras@suse.demchandras@suse.demchandras@suse.demchandras@suse.demchandras@suse.dedmueller@suse.commchandras@suse.demchandras@suse.demchandras@suse.demchandras@suse.derbrown@suse.commchandras@suse.demchandras@suse.deolaf@aepfle.demchandras@suse.demchandras@suse.dejengelh@inai.demchandras@suse.demchandras@suse.demchandras@suse.demchandras@suse.demchandras@suse.demchandras@suse.demchandras@suse.demchandras@suse.demchandras@suse.dero@suse.dero@suse.demchandras@suse.demchandras@suse.demchandras@suse.demchandras@suse.dejengelh@inai.demchandras@suse.demchandras@suse.demchandras@suse.dejengelh@inai.demchandras@suse.dedmueller@suse.commchandras@suse.dedmueller@suse.commchandras@suse.dekmroz@suse.comkmroz@suse.comkmroz@suse.comkmroz@suse.comkmroz@suse.comkmroz@suse.comkmroz@suse.comkmroz@suse.comantoine.belvire@laposte.netandrea@opensuse.orgdmueller@suse.com- Fix [bsc#1233369], ovs-thread: Fix cpus not read for the first 10s. - Added patch, * 0002-Openvswitch-fix-cpus-not-read-for-the-first-10s.patch- Fix CVE-2023-3966 [bsc#1219465] openvswitch3: Invalid memory access in Geneve with HW offload - Added patch, +openvswitch-CVE-2023-3966.patch- Fix CVE-2023-5366 [bsc#1216002], openvswitch: missing masks on a final stage with ports trie - Added patch, * CVE-2023-5366.patch- convert to sysuser generated users- Add BuildRequires on python-setuptools. Previously this was pulled by python-Sphinx in the build environment.- Fix CVE-2023-3153 [bsc#1212125], VUL-0: CVE-2023-3153: openvswitch,openvswitch3: service monitor MAC flow is not rate limited - Added patch, CVE-2023-3152.patch- Fix CVE-2023-1668 [bsc#1210054], openvswitch: remote traffic denial of service via crafted packets with IP proto 0 - Added patch, CVE-2023-1668.patch- Remove python/ovs/dirs.py prior to building: have this re-generated based on the shipped template (boo#1210479).- Update OVS version to v3.1.0 and OVN version to v23.03.0 Some of the features are, - ovs-vswitchd now detects changes in CPU affinity and adjusts the number of handler and revalidator threads if necessary. - AF_XDP: * Added support for building with libxdp and libbpf >= 0.7. * Support for AF_XDP is now enabled by default if all dependencies are available at the build time. Use --disable-afxdp to disable. Use --enable-afxdp to fail the build if dependencies are not present. - ovs-appctl: * "ovs-appctl ofproto/trace" command can now display port names with the "--names" option. - OVSDB-IDL: * Add the support to specify the persistent uuid for row insert in both C and Python IDLs. - Windows: * Conntrack IPv6 fragment support. - DPDK: * Add support for DPDK 22.11.1. - For the QoS max-rate and STP/RSTP path-cost configuration OVS now assumes 10 Gbps link speed by default in case the actual link speed cannot be determined. Previously it was 10 Mbps. Values can still be overridden by specifying 'max-rate' or '[r]stp-path-cost' accordingly. - OpenFlow: * New OpenFlow extension NXT_CT_FLUSH to flush connections matching the specified fields. - ovs-ctl: * New option '--dump-hugepages' to include hugepages in core dumps. This can assist with postmortem analysis involving DPDK, but may also produce significantly larger core dump files. - ovs-dpctl and 'ovs-appctl dpctl/' commands: * 'flush-conntrack' is now capable of handling partial 5-tuple, with additional optional parameter to specify the reply direction. - ovs-ofctl: * New command 'flush-conntrack' that accepts zone and 5-tuple (or partial 5-tuple) for both directions. - Support for travis-ci.org based continuous integration builds has been dropped. - Userspace datapath: * Add '-secs' argument to appctl 'dpif-netdev/pmd-rxq-show' to show the pmd usage of an Rx queue over a configurable time period. * Add new experimental PMD load based sleeping feature. PMD threads can request to sleep up to a user configured 'pmd-maxsleep' value under low load conditions. - For more details, check https://github.com/openvswitch/ovs/blob/v3.1.0/NEWS - Includes secrity fix for CVE-2022-4338 (bsc#1206580) and CVE-2022-4337 (bsc#1206581) - Removed patches, * 0001-Replace-deprecated-var-run-with-run.patch * 0001-openvswitch-merge-compiler.h-files-into-one-file.patch * openvswitch-CVE-2021-36980.patch * 0002-build-Seperated-common-used-headers.patch * a77ad9693c8b49055389559187fe74eddb619746.patch * 0001-m4-Test-avx512-for-x86-only.patch * openvswitch-2.17.2-Fix-tests-with-GNU-grep-3.8.patch - Renamed and rebased patches, * 0001-Don-t-change-permissions-of-dev-hugepages.patch * 0001-Use-double-hash-for-OVS_USER_ID-comment.patch * 0001-Run-ovn-as-openvswitch-openvswitch.patch * 0001-Use-strongswan-for-openvswitch-ipsec-service.patch * 0001-Run-openvswitch-as-openvswitch-openvswitch.patch - Added ovsb tool install patch, * install-ovsdb-tools.patch- add a77ad9693c8b49055389559187fe74eddb619746.patch to avoid the cpu detection code being compiled with AVX512 enabled - add 0001-m4-Test-avx512-for-x86-only.patch- fix tests with GNU grep 3.8 boo#1203239 add openvswitch-2.17.2-Fix-tests-with-GNU-grep-3.8.patch- update to 2.17.2: - Bug fixes - DPDK: * OVS validated with DPDK 21.11.1. It is recommended to use this version until further releases. - Bug fixes - libopenvswitch API change: * To fix the Undefined Behavior issue causing the compiler to incorrectly optimize important parts of code, container iteration macros (e.g., LIST_FOR_EACH) have been re-implemented in a UB-safe way. * Backwards compatibility has mostly been preserved, however the user-provided pointer is now set to NULL after the loop (unless it exited via "break;") * Users of libopenvswitch will need to double-check the use of such loop macros before compiling with a new version. * Since the change is limited to the definitions within the headers, the ABI is not affected. - refresh 0001-openvswitch-merge-compiler.h-files-into-one-file.patch 0002-build-Seperated-common-used-headers.patch- Allow dpdk version 21.11.- Python package: Do not use C json parser on 32bit as large numbers will overflow.- Mention openvswitch-rpmlintrc as Source in spec file- Fix installation of files shared with OVN (required for building OVN without openvswitch sources), remove custom installation of internal headers from SPEC-install section and use patches (for upstreaming) instead. * install-ovsdb-tools.patch * Added 0001-openvswitch-merge-compiler.h-files-into-one-file.patch * Added 0002-build-Seperated-common-used-headers.patch - Enabled check section / running testsuite by default to validate build result. There must no problems with the testsuite anymore as upstream runs it by CI and checked before release of a new version. - Renamed 0001-Don-t-change-permissions-of-dev-hugepages.patch to Don-t-change-permissions-of-dev-hugepages.patch - Renamed 0001-Run-openvswitch-as-openvswitch-openvswitch.patch to Run-openvswitch-as-openvswitch-openvswitch.patch - Renamed 0001-Use-double-hash-for-OVS_USER_ID-comment.patch to Use-double-hash-for-OVS_USER_ID-comment.patch - Rebased 0001-Use-strongswan-for-openvswitch-ipsec-service.patch to Use-strongswan-for-openvswitch-ipsec-service.patch- Fix OVS location for python bindings (dirs.py), boo#1196978 Make sure dirs.py is freshly generated- fix python3 requires (bsc#1196758)- Added install-ovsdb-tools.patch to install ovsdb tools required for building OVN- Enable multiple python3 flavor subpackages on Tumbleweed / Factory- Update OVS to version 2.17.0 * Userspace datapath: * Optimized flow lookups for datapath flows with simple match criteria. * New per-interface configuration knob 'other_config:tx-steering'. * Removed experimental tag for PMD Auto Load Balance. * New configuration knob 'other_config:n-offload-threads' to change the number of HW offloading threads. * DPDK: * EAL argument --socket-mem is no longer configured by default upon start-up. If dpdk-socket-mem and dpdk-alloc-mem are not specified, DPDK defaults will be used. * EAL argument --socket-limit no longer takes on the value of --socket-mem by default. 'other_config:dpdk-socket-limit' can be set equal to the 'other_config:dpdk-socket-mem' to preserve the legacy memory limiting behavior. * EAL argument --in-memory is applied by default if supported. * Add support for DPDK 21.11. * Forbid use of DPDK multiprocess feature. * Add support for running threads on cores >= RTE_MAX_LCORE. * Python: For SSL support, the use of the pyOpenSSL library has been replaced with the native 'ssl' module. * OVSDB: * Python library for OVSDB clients now also supports faster resynchronization with a clustered database after a brief disconnection, i.e. 'monitor_cond_since' monitoring method. * Major improvement in the performance of the OVSDB server. * OpenFlow: * Default selection method for select groups with up to 256 buckets is now dp_hash. Previously this was limited to 64 buckets. This change is mainly for the benefit of OVN load balancing configurations. * Encap & Decap action support for MPLS packet type. - Update OVS to version 2.16.0 * Fix CVE-2021-36980 (boo#1188524) openvswitch 2.11.0 through 2.15.0 has a use-after-free in decode_NXAST_RAW_ENCAP (called from ofpact_decode and ofpacts_decode) during the decoding of a RAW_ENCAP action * Removed support for 1024-bit Diffie-Hellman key exchange * Rate limiting configuration now supports setting packet-per-second limits in addition to the previously configurable byte rate settings. * OVSDB: * Introduced new database service model - "relay". * New command line options --record/--replay for ovsdb-server and ovsdb-client to record and replay all the incoming transactions, monitors, etc. * The Python Idl class now has a cooperative_yield() method * In ovs-vsctl and vtep-ctl, the "find" command now accept new operators {in} and {not-in}. * Various Userspace datapath improvements * ovs-ctl: * New option '--no-record-hostname' to disable hostname configuration in ovsdb on startup. * New command 'record-hostname-if-not-set' to update hostname in ovsdb. * ovs-appctl: Added ability to add and delete static mac entries using: 'ovs-appctl fdb/add ' 'ovs-appctl fdb/del ' * Linux datapath: * ovs-vswitchd will configure the kernel module using per-cpu dispatch mode (if available). This changes the way upcalls are delivered to user space in order to resolve a number of issues with per-vport dispatch. * New vswitchd unixctl command `dpif-netlink/dispatch-mode` will return the current dispatch mode for each datapath. - Update OVS to version 2.15.0 * OVSDB: * Changed format in which ovsdb transactions are stored in database files. Now each transaction contains diff of data instead of the whole new value of a column. * New unixctl command 'ovsdb-server/get-db-storage-status' * New unixctl command 'ovsdb-server/memory-trim-on-compaction on|off'. * Maximum backlog on RAFT connections limited to 500 messages or 4GB. * DPDK: Removed support for vhost-user dequeue zero-copy. * Add support for DPDK 20.11. * The environment variable OVS_UNBOUND_CONF, if set, is now used as the DNS resolver's (unbound) configuration file. * Linux datapath: Support for kernel versions up to 5.8.x. * Building the Linux kernel module from the OVS source tree is deprecated * Support for the Linux kernel is capped at version 5.8 * Only bug fixes for the Linux OOT kernel module will be accepted. * The Linux kernel module will be fully removed from the OVS source tree in OVS branch 2.18 - Rebased 0001-Use-strongswan-for-openvswitch-ipsec-service.patch - Drop upstream fixed 0001-Replace-deprecated-var-run-with-run.patch - Separated OVN * Stand alone package, this enables better maintenance especially updates. * Drop 0001-Run-ovn-as-openvswitch-openvswitch.patch from OVN- add openssl(cli) dependency on pki (bsc#1185839)- Replace deprecated /var/run with /run (bsc#1185176, bsc#1185177). * 0001-Replace-deprecated-var-run-with-run.patch- Update openvswitch to 2.14.2. For a list of changes, check https://github.com/openvswitch/ovs/blob/v2.14.2/NEWS Includes security fix for CVE-2020-27827 (bsc#1181345) and CVE-2020-35498 (bsc#1181742). - Removed patches no longer applying to code base: * 0001-rhel-Fix-reload-of-OVS_USER_ID-on-startup.patch * 0001-ipsec-Fix-Strongswan-configuration-syntax.patch- Replaced `%service_del_postun -n` with `%service_del_postun_without_restart` (bsc#1117483).- Fix wrong default directories for OVS python utilities (bsc#1176273). - Add upstream patches to fix openvswitch-ipsec service (bsc#1176273). * 0001-ipsec-Fix-Strongswan-configuration-syntax.patch- Update openvswitch to 2.14.0. For a list of changes, check https://github.com/openvswitch/ovs/blob/v2.14.0/NEWS - Update OVN to 20.06.2. For a list of changes, check https://github.com/ovn-org/ovn/blob/v20.06.2/NEWS- Fix preserving old default OVS_USER_ID for users that removed the override at /etc/sysconfig/openvswitch or for users affected by fillup bug below (bsc#1172861). - Add patch to workaround a possible fillup issue that could cause existing openvswitch configuration to be unintendedly altered during upgrades (bsc#1172929). * 0001-Use-double-hash-for-OVS_USER_ID-comment.patch- add missing provides/obsoletes for python3-openvswitch-test- Update openvswitch to 2.13.0. * For a list of changes, check https://github.com/openvswitch/ovs/blob/v2.13.0/NEWS * This version drops python2 binding support. Only python3 bindings provided going forward. * Tool ovs-vlan-bug-workaround is no longer provided. - OVN was split to its own repo but is still built together with OVS and as such from this same source package. OVN initial version is 20.03. * For a list of changes, check https://github.com/ovn-org/ovn/blob/v20.03.0/NEWS * Packages openvswitch-ovn* are renamed to ovn*. * OVN now has its own sysconfig and log paths. - Add OVS patch to be proposed upstream: * 0001-rhel-Fix-reload-of-OVS_USER_ID-on-startup.patch - Patch instead of post-processing configuration files to set running credentials (bsc#1157338): * 0001-Run-openvswitch-as-openvswitch-openvswitch.patch * 0001-Run-ovn-as-openvswitch-openvswitch.patch - Will no longer change group ownership of /dev/hugepages to 'hugetlbfs' (bsc#1140835). System admin should mount hugepages on a path and permissions of his choosing for OVS. Add patch: * 0001-Don-t-change-permissions-of-dev-hugepages.patch - Will no longer install udev rule to change group ownership of vfio devices to 'hugetlbfs'. Group name does not make much sense in this case and ownership of vfio devices should be coordinated system wide or per device. - Will no longer run under group 'hugetlbfs' on new installs with DPDK enabled. OVS will now run under group 'openvswitch' whether compiled with DPDK support or not. - OVS persistent state is now saved on /var/lib/openvswitch instead of /etc/openvswitch for new installs.- add missing sortedcontainers dependency to the python bindings- Update openvswitch to 2.12.0. For a list of changes, check https://github.com/openvswitch/ovs/blob/master/NEWS - Removed patches that are already included upstream: * 0001-rhel-secure-openvswitch-useropts.patch * 0002-rhel-let-ctl-handle-runtime-directory.patch - Rebased patches: * 0001-Use-strongswan-for-openvswitch-ipsec-service.patch- Fixed missing obsoletes for old python-ovs (bsc#1138948).- Add unbound as a build requirement to support asynchronous DNS resolving for remotes.- Update DPDK dependency to support DPDK 18.11.2.- Add upstream patches to fix bsc#1135884: * 0001-rhel-secure-openvswitch-useropts.patch * 0002-rhel-let-ctl-handle-runtime-directory.patch- Use temporary directory for python build.- Fix problem preventing new installs to run as non root (bsc#1132029), including: * Align with upstream so that no running configuration is changed on upgrades, specifically to avoid changes on the user Open vSwitch runs under. * hugetblfs groups is created as system group. - Add missing opnvswitch-ipsec package and systemd service. - Add patch to use strongswan instead of libreswan for openvswitch-ipsec. libreswan package not available currently. * 0001-Use-strongswan-for-openvswitch-ipsec-service.patch - Add missing ovs-delete-transient-ports systemd service. - Align installed headers with upstream. - Fix problem preventing rpm build '--with check'. - Fix python environment that had directories pointing to /usr/local. - Version bump to 2.11.1. Some of the changes are: * netdev-tc-offloads: Fix probe tc block support * rhel: Include all header files in the Fedora's devel package * reconnect.c: Don't transition back to ACTIVE when forced to RECONNECT. * OVN: Make periodic RAs consistent with RA responder. * OVN: Always send prefix option in RAs * OVN: Use offset instead of pointer into ofpbuf * ofproto: fix the bug of bucket counter is not updated * netdev-dpdk: Print netdev name for txq mapping. * dpif-netdev-perf: Fix millisecond stats precision with slower TSC. * ifupdown.sh: Add missing "--may-exist" option * dpif-netdev-perf: Fix double update of perf histograms. * dpdk: Stop dumping memzones to stdout. * dpctl: Drop parser debug information. * netdev-tc-offloads: Properly get the block id on flow del/get * netdev-tc-offloads: Improve log message for icmpv6 offload not supported * conntrack: Replace structure copy by memcpy(). * conntrack: Lookup only 'UNNAT conns' in 'nat_clean()'. * conntrack: Fix race for NAT cleanup. * ovn-nbctl: Don't segfault when ovn-northd doesn't configure dynamic addresses. * datapath-windows: Add annotations to find vport functions * datapath-windows: Guard vport usage in user.c * datapath-windows: Fix potential deadlock in event subscription * datapath-windows: Fix race condition during port creation * datapath-windows: Fix nbl cleanup when memory allocation fails * netdev-linux: Remove ingress qdisc before trying to add shared block * netdev-tc-offloads: Remove ingress qdisc on tc init flow api * ovsdb-idl: Fix memory leak of idl->remote. * travis: Remove 'sudo' configuration. * OVN: Add port addresses to IPAM after all ports are joined. * dpif-netlink: Free leaked ofpbuf by using ofpbuf_delete * OVN: update RA next_announce according to {min, max}_interval * rconn: Avoid occasional immediate connection failures. * dpdk: Fix case-sensitivity of dpdk-init knob. * NEWS: Clean up the 2.11.0 release notes a bit. * conntrack: Fix L4 csum for V6 extension hdr pkts. * packets: Change return type for 'packet_csum_upperlayer6()'. * ovsdb-client: Fix typo. * ovn-nbctl: Daemon mode should retry when IDL connection lost. * ofctl: break the loop if ovs_pcap_read returns error * netlink: added check to prevent netlink attribute overflow- Disable dpdk on ix86, aligned with dpdk package.- Combine %service_* calls to reduce generated boilerplate. - Reduce scriptlets' hard dependency on systemd.- Version bump to 2.11.0. Some of the changes are: * Linux datapath: - Support for the kernel versions 4.16.x and 4.17.x. - Support for the kernel versions 4.18.x * OpenFlow: - OFPMP_TABLE_FEATURES_REQUEST can now modify table features. * ovs-ofctl: - "mod-table" command can now change OpenFlow table names. * The environment variable OVS_SYSLOG_METHOD, if set, is now used as the default syslog method. * The environment variable OVS_CTL_TIMEOUT, if set, is now used as the default timeout for control utilities. * ovn: - OVN-SB schema changed: duplicated IP with same Encapsulation type is not allowed any more. Please refer to Documentation/intro/install/ovn-upgrades.rst for the instructions in case there are problems encountered when upgrading from an earlier version. - New support for IPSEC encrypted tunnels between hypervisors. - ovn-ctl: allow passing user:group ids to the OVN daemons. - IPAM/MACAM: * add the capability to dynamically assign just L2 addresses * add the capability to specify a static ip address and get the L2 one allocated dynamically using the following syntax: ovn-nbctl lsp-set-addresses "dynamic " * DPDK: - Add support for DPDK 18.11 - Add support for port representors. * Userspace datapath: - Add option for simple round-robin based Rxq to PMD assignment. It can be set with pmd-rxq-assign. - Add support for Auto load balancing of PMDs (experimental) - Added new per-port configurable option to manage EMC: 'other_config:emc-enable'. * Add 'symmetric_l3' hash function. * OVS now honors 'updelay' and 'downdelay' for bonds with LACP configured. * ovs-vswitchd: - New configuration option "offload-rebalance", that enables dynamic rebalancing of offloaded flows. * The environment variable OVS_RESOLV_CONF, if set, is now used as the DNS server configuration file. * RHEL packaging: - OVN packages are split from OVS packages. A new spec file - ovn-fedora.spec.in is added to generate OVN packages. - Revisit DISABLE_RESTART_ON_UPDATE and DISABLE_STOP_ON_REMOVAL options (bsc#1117483). DISABLE_STOP_ON_REMOVAL is removed. DISABLE_RESTART_ON_UPDATE is replaced by '%service_del_postun -n'. $FIRST_ARG is replaced by $1. - Add extra openvswitch headers (bsc#1125897).- Obsolete old python[2]-openvswitch-test subpackages (bsc#1124435).- Fixed package name libopenvswitch-2_10-0 to libopenvswitch-2_11-0- Version bump to 2.11.0+git20190123.ad83fc9ab. Some of the changes are: * Linux datapath: - Support for the kernel versions 4.16.x and 4.17.x. * OpenFlow: - OFPMP_TABLE_FEATURES_REQUEST can now modify table features. * ovs-ofctl: - "mod-table" command can now change OpenFlow table names. * The environment variable OVS_SYSLOG_METHOD, if set, is now used as the default syslog method. * The environment variable OVS_CTL_TIMEOUT, if set, is now used as the default timeout for control utilities. * ovn: - OVN-SB schema changed: duplicated IP with same Encapsulation type is not allowed any more. Please refer to Documentation/intro/install/ovn-upgrades.rst for the instructions in case there are problems encountered when upgrading from an earlier version. - New support for IPSEC encrypted tunnels between hypervisors. - ovn-ctl: allow passing user:group ids to the OVN daemons. - IPAM/MACAM: * add the capability to dynamically assign just L2 addresses * add the capability to specify a static ip address and get the L2 one allocated dynamically using the following syntax: ovn-nbctl lsp-set-addresses "dynamic " * DPDK: - Add support for DPDK 18.11 - Add support for port representors. * Userspace datapath: - Add option for simple round-robin based Rxq to PMD assignment. It can be set with pmd-rxq-assign. - Add support for Auto load balancing of PMDs (experimental) - Added new per-port configurable option to manage EMC: 'other_config:emc-enable'. * Add 'symmetric_l3' hash function. * OVS now honors 'updelay' and 'downdelay' for bonds with LACP configured. * ovs-vswitchd: - New configuration option "offload-rebalance", that enables dynamic rebalancing of offloaded flows. * The environment variable OVS_RESOLV_CONF, if set, is now used as the DNS server configuration file. * RHEL packaging: - OVN packages are split from OVS packages. A new spec file - ovn-fedora.spec.in is added to generate OVN packages. - Remove upstreamed patch: * 0001-python-c-ext-Fix-memory-leak-in-Parser_finish.patch - Remove DISABLE_RESTART_ON_UPDATE and DISABLE_STOP_ON_REMOVAL options (bsc#1117483).- python2-ovs provides now also python-ovs which is the standard for singlespec python packages.- Backport upstream fix for python json parser memory leak (bsc#1116437) * 0001-python-c-ext-Fix-memory-leak-in-Parser_finish.patch- Improve python packaging (bsc#1115085) * Rename python*-openvswitch subpackages to python*-ovs to follow the openSUSE policy that packages should be named after the modules they install. * Build the JSON C bindings and as a result the 'noarch' BuildArch needs to be removed. * Drop the python*-openvswitch-test packages and merge them with the test subpackage * Build the python bindings using setuptools * Include the egg-info package. * Use libopenvswitch as dependency to python bindings- Version bump to 2.10.1. Some of the changes are: * dpif-netdev.at: Add missing backslash. * ofproto-dpif-xlate: Avoid deadlock on multicast snooping recursion. * dpif-netdev-perf: Print SMC statistics. * dpif-netdev-unixctl: Change 'masked' to 'megaflow'. * ovn-controller: Support processing DHCPv6 information request message type * ovn-ctl: Fix the wrong pidfile argument passed to ovsdb-servers * ovndb-servers.ocf: Add ssl support for managing OVN DB resources with pacemaker using LB VIP. * ovn-ctl: Allow passing ssl certs when starting OVN DBs in ssl mode. * expr: Disallow < <= >= > comparisons against empty value set. * expr: Set a limit on the depth of nested parentheses * ovn: Fix IPv6 DAD failure for container ports * dpif-netdev: Add vlan to mask for flow_put operation. * ovs-save: Parse geneve tlv map correctly. * extend-table: Fix a bug that iterates wrong table * odp-util: Fix a use-after-free bug. * ofp-packet: Fix NXT_RESUME with geneve tunnel metadata * dpif-netlink: Fix null pointer. * ofproto-dpif-xlate.c: Fix uninitialized variable warning. * dpif: Remove support for multiple queues per port. * dpif-netlink: don't allocate per thread netlink sockets * ovsdb-types: Refactor structs so as to comply with C++ standard * bfd: Make the tp_dst masking megaflow-friendly. * ovsdb-data: Improve grammar in error message. * condition: Reject <, <=, >=, > with optional scalar against empty set. * condition: Fix ==, !=, includes, excludes on optional scalars. * netdev: Properly clear 'details' when iterating in NETDEV_QOS_FOR_EACH. * lex: Fix buffer overrun parsing overlong hexadecimal constants. * sflow: Set agent address properly based on collector address. * ovsdb-client: Fix a bug that uses wrong index * ofproto: Fix build with some GCC versions. * ofproto-dpif-xlate: Fix conntrack fields on NXT_RESUME * ofproto: Handle OpenFlow version mismatch for requestforward with groups. * ovs-save: save and restore groups on restart * sparse: check if floatn-common.h is available. * flow: Fix uninitialized flow fields in IPv6 error case. * ofproto-dpif: Fix NXT_RESUME flow stats * ovn: Add the documentation for the DHCP opt 'wpad' in proper section * meta-flow: Make "nw_frag" a synonym for "ip_frag". * gre: Rename fallback devices to avoid udev's interference * ovsdb-server: Alleviate the possible data loss in an active/standby setup * ovsdb-idlc: Use ALIGNED_CAST to avoid spurious warnings for index rows. * ofproto-dpif-xlate: Fix translation of groups with no buckets. * ovn: Add DHCP support for option 252. * ofp-port: Don't leak on error in ofputil_pull_ofp14_port_stats(). * ofp-print: Fix a memory leak reported by fuzz * ovs-save: Don't always include the default flow during restore * lib/tc: treat vlan id and prio as independent fields * odp-util: Don't attempt to write IPv6 flow label bits that don't exist. * lib/tc: reject offloading of non-Ethernet packets * dhparams: Fix .c file generation with OpenSSL >= 1.1.1-pre9 * ovs-ctl: Allow add-remote without vswitchd started. * system-traffic: Fix conntrack per zone limit test. * erspan: set erspan_ver to 1 by default when adding an erspan dev * ovn.at: Skip ACL rate-limiting test on slow/overloaded systems. * daemon-unix: Use same name for original or restarted children. * dpif-netdev: Prevent unsafe access when retrieving meter stats. * utilities: Drop shebang from bash completion script * ofp-actions: Re-fix error path for parsing OpenFlow actions. * nx-match: Avoid double-free on some error paths. * netdev-dpdk: Support the link speed of XL710 * ovn-northd: Support learning neighbor from ARP request. * ovn-northd: LR respond ARP from valid subnet only. * ovn: Fix the issue in IPv6 Neigh Solicitation responder for router IPs * dpctl: Fix memory leak in dp_exists(). * ofproto-dpif: Check for EBUSY as well * tunnel, tests: Sort flow output in ERSPAN v1/v2 metadata * erspan: add big endian bit fields.- Use correct user for logrotate script (bsc#1104049, b096fa42ddc2)- Fix package name for shared library.- Version bump to 2.10.0. Some of the changes are: * ovs-vswitchd and utilities now support DNS names in OpenFlow and OVSDB remotes. * ovs-vswitchd: - New options --l7 and --l7-len to "ofproto/trace" command. - Previous versions gave OpenFlow tables default names of the form "table#". These are not helpful names for the purpose of accepting and displaying table names, so now tables by default have no names. - The "null" interface type, deprecated since 2013, has been removed. - Add minimum network namespace support for Linux. - New command "lacp/show-stats" * ovs-ofctl: - ovs-ofctl now accepts and display table names in place of numbers. By default it always accepts names and in interactive use it displays them; use --names or --no-names to override. See ovs-ofctl(8) for details. * ovs-vsctl: New commands "add-bond-iface" and "del-bond-iface". * ovs-dpctl: - New commands "ct-set-limits", "ct-del-limits", and "ct-get-limits". * OpenFlow: - OFPT_ROLE_STATUS is now available in OpenFlow 1.3. - OpenFlow 1.5 extensible statistics (OXS) now implemented. - New OpenFlow 1.0 extensions for group support. - Default selection method for select groups is now dp_hash with improved accuracy. * ovn: - Implemented icmp4/icmp6/tcp_reset actions in order to drop the packet and reply with a RST for TCP or ICMPv4/ICMPv6 unreachable message for other IPv4/IPv6-based protocols whenever a reject ACL rule is hit. - ACL match conditions can now match on Port_Groups as well as address sets that are automatically generated by Port_Groups. ACLs can be applied directly to Port_Groups as well. - ovn-nbctl can now run as a daemon (long-lived, background process). See ovn-nbctl(8) for details. * DPDK: - New 'check-dpdk' Makefile target to run a new system testsuite. See Testing topic for the details. - Add LSC interrupt support for DPDK physical devices. - Allow init to fail and record DPDK status/version in OVS database. - Add experimental flow hardware offload support - Support both shared and per port mempools for DPDK devices. * Userspace datapath: - Commands ovs-appctl dpif-netdev/pmd-*-show can now work on a single PMD - Detailed PMD performance metrics available with new command ovs-appctl dpif-netdev/pmd-perf-show - Supervision of PMD performance metrics and logging of suspicious iterations - Add signature match cache (SMC) as experimental feature. When turned on, it improves throughput when traffic has many more flows than EMC size. * ERSPAN: - Implemented ERSPAN protocol (draft-foschiano-erspan-00.txt) for both kernel datapath and userspace datapath. - Added port-based and flow-based ERSPAN tunnel port support, added OpenFlow rules matching ERSPAN fields. See ovs-fields(7).- Fix conditional to only include vfio udev rules when building with DPDK support - Exclude %_docdir from main package which seems to be packaged by default on older openSUSE releases.- Restrict DPDK version to 18.02 since Open vSwitch 2.9 is not going to work with any newer releases.- Version bump to 2.9.2. Some of the changes are: * OVSDB has new, experimental support for database clustering: - New high-level documentation in ovsdb(7). - New file format documentation for developers in ovsdb(5). - Protocol documentation moved from ovsdb-server(1) to ovsdb-server(7). - ovsdb-server now supports online schema conversion via "ovsdb-client convert". - ovsdb-server now always hosts a built-in database named _Server. See ovsdb-server(5) for more details. - ovsdb-client: New "get-schema-cksum", "query", "backup", "restore", and "wait" commands. New --timeout option. - ovsdb-tool: New "create-cluster", "join-cluster", "db-cid", "db-sid", "db-local-address", "db-is-clustered", "db-is-standalone", "db-name", "schema-name", "compare-versions", and "check-cluster" commands. - ovsdb-server: New ovs-appctl commands for managing clusters. - ovs-sandbox: New support for clustered databases. * OVN: - ovn-sbctl, ovn-nbctl: New options --leader-only, --no-leader-only. * Bug fixes - Use openvswitch user/group for the log directory (3f556d66edb9)- Add support for RedHat distributions. All SUSE macros are now conditional and the spec file has been adapted based on the upstream one (fate#324537) - spec-cleaner fixes- Move openvswitch user/group creation to %pre scriptlet. The default ownership of the configuration files expects the user and group to be available as early as possible (bsc#1091408) - spec-cleaner fixes.- Preserve 'enable' status of openvswitch.service file when upgrading from naming scheme is broken, and as such a device will not be available for use until a valid dpdk-devargs is specified. - Virtual DPDK Poll Mode Driver (vdev PMD) support. * For the complete list of changes, please see: - http://openvswitch.org/releases/NEWS-2.7.0 - Add patch to fix DPDK configuration migration for < 2.6 installations * 0001-utilities-Add-script-to-support-DPDK-option-migratio.patch - Rework spec file * Enable DPDK by default and drop openvswitch-dpdk* packages. DPDK is only enabled on supported architectures though. - Remove openvswitch-dpdk.changes - Remove openvswitch-dpdk.spec - Remove pre_checkin.sh * Merge openvswitch and openvswitch-switch into a single package since there was no compelling reason to keep the switch functionality in a separate subpackage. * Split OVN package to ovn-common, ovn-central, ovn-docker, ovn-host and ovn-controller similar to the Debian and RedHat packages.- Relax the DPDK dependency a bit so we can support stable and possibly new minor releases as well.- Do not restart the openvswitch service after a package update. Restarting the systemd service may break connectivity so let the user decide when it is the best time for such an action. (bsc#1002734)- Version bump to 2.6.1. Some of the changes are: * ovn: Do not reply to ARP or ND NS for a VM's own IP address. * ovs-ofctl: Tolerate differences in IPv6 formatting. * netdev-linux: double tagged packets should use 0x88a8 * expr: Fix abort when simplifying "x != 0/0". * dpif-netdev: Fix crash in dpif_netdev_execute(). * ovn-controller: Container can have connection to a hosting VM. * stream-ssl: Fix memory leak on error path. * Other bug fixes.- Version bump to 2.6.0. Some of the changes are: * First supported release of OVN. See ovn-architecture(7) for more details. * ovsdb-server: - New "monitor_cond" "monitor_cond_update" and "update2" extensions to RFC 7047. * OpenFlow: - OpenFlow 1.3+ bundles now expire after 10 seconds since the last time the bundle was either opened, modified, or closed. - OpenFlow 1.3 Extension 230, adding OpenFlow Bundles support, is now implemented. - OpenFlow 1.3+ bundles are now supported for group mods as well as flow mods and port mods. Both 'atomic' and 'ordered' bundle flags are supported for group mods as well as flow mods. - Internal OpenFlow rule representation for load and set-field actions is now much more memory efficient. For a complex flow table this can reduce rule memory consumption by 40%. - Bundles are now much more memory efficient than in OVS 2.5. Together with memory efficiency improvements in OpenFlow rule representation, the peak OVS resident memory use during a bundle commit for large complex set of flow mods can be only 25% of that in OVS 2.5 (4x lower). - OpenFlow 1.1+ OFPT_QUEUE_GET_CONFIG_REQUEST now supports OFPP_ANY. - OpenFlow 1.4+ OFPMP_QUEUE_DESC is now supported. - OpenFlow 1.4+ OFPT_TABLE_STATUS is now supported. - New property-based packet-in message format NXT_PACKET_IN2 with support for arbitrary user-provided data and for serializing flow table traversal into a continuation for later resumption. - New extension message NXT_SET_ASYNC_CONFIG2 to allow OpenFlow 1.4-like control over asynchronous messages in earlier versions of OpenFlow. - [...] - For a complete list of changes, please see http://openvswitch.org/releases/NEWS-2.6.0 - Remove obsolete patches and files * 0001-Remove-broken-pipe-warning-logs-from-ovsdb-server.lo.patch * 0001-ovs-ctl-Add-new-DPDK_OPTIONS-environment-variable.patch * openvswitch-2.5.0-detect-dpdk-installation.patch * openvswitch-switch.logrotate * openvswitch.service- New upstream bugfix release 2.5.1 (bsc#1001657) * DPDK: - New appctl command 'dpif-netdev/pmd-rxq-show' to check the port/rxq assignment. - Type of log messages from PMD threads changed from INFO to DBG. * ovs-pki: Changed message digest algorithm from SHA-1 to SHA-512 because SHA-1 is no longer secure and some operating systems have started to disable it in OpenSSL. * Bug fixes- Add new DPDK_OPTIONS environment variable to hold the dpdk vswitchd options so that the systemd unit files can be used to launch an ovs-vswitcd DPDK capable instance instead of doing it manually. (bsc#987265) * 0001-ovs-ctl-Add-new-DPDK_OPTIONS-environment-variable.patch- enable openvswitch-dpdk on aarch64 since dpdk builds on aarch64 now- remove aarch from openvswitch-dpdk until we have a dpdk that builds for aarch64- Add missing licenses (bsc#988513) - Misc spec file cleanups highlighted by the spec-cleaner tool. - Allow aarch64 builds for openvswitch-dpdk- Allow the OvS daemon to run as non-root (bsc#987545) - Add missing 'Conflicts' statements to all the subpackages as required by the Factory review tools.- Remove the ?_with_dpdk macro usage since this is not being set without explicitly passing --with/--without during an OBS build. This reverts back to using the %{with dpdk} style which is set automatically based on %bcond_with* macros (bsc#989335).- Fix subpackage dependencies to not require the non-existent python DPDK subpackages (bsc#986835). We do not provide DPDK versions of the python bindings so nothing should depend on these subpackages.- Update rpm groups, acronym forms.- Multiple fixes for the openvswitch-dpdk package (bsc#985878) * Rename main package name to openvswitch-dpdk * Do not build the python and kmp packages since they do not depend on the DPDK capabilities * Remove the open_virtual_switch capability. The openvswitch-common will be used by reverse dependencies to require either of the OvS packages. * Provide virtual capabilities for all DPDK subpackages. * Fix the dependencies in the python package to require either of the OvS packages. * Suggest the kmp package only if it's actually provided. * Small cleanups.- Add %check directive to run the openvswitch testsuite on demand. The openvswitch contains hundreds of tests covering simple and complex openvswitch configuration so it's beneficial to run them during package builds. However, running the testsuite is not enabled by default. Also add the following upstream patch: * 0001-Remove-broken-pipe-warning-logs-from-ovsdb-server.lo.patch- Build a DPDK-enabled Open vSwitch (fate#319170) * Apply the following changes to the openvswitch.spec file - Add support for building with DPDK capabilities - Add conflicts between the two packages. - Add new 'open_virtual_switch-*' capabilities for openvswitch, openvswitch-switch, openvswitch-test packages which can be used by reverse dependencies to select between the two openvswitch implementations. * Add pre_checkin.sh to generate the openvswitch_dpdk.spec file based on the openvswitch.spec one. * Add upstream openvswitch-2.5.0-detect-dpdk-installation.patch patch to detect and link against a DPDK installation.- Keep %prep small for speedier `quilt setup`. Kill __DATE__ from source. Drop all .la files that are in %_libdir.- Add missing %dir directive for /var/log/openvswitch- remove aarch64 conditional, no longer needed- Multiple spec file and package fixes. * Drop obsolete log-check-module-loop.patch patch. * Drop conditional code for older openSUSE releases. This also removes all of the sysvinit files which were pulled in when the package was originally developed. * Drop support for building the GUI. The GUI code has been removed in 7868fbc6c97c2 ("ovsdbmonitor: Remove.") upstream commit and it does not exist since v2.2.0 so drop the code in the spec file. * Use the upstream systemd service files for the OVN components instead of maintaining our own downstream. * Drop the unofficial ipsec support. It hasn't been enabled in years. * Drop support for building the upstream kernel module since it's being shipped with the kernel package in latest releases. Restore the %bcond_with kmp to make it easier to build the external kernel module if needed. * Fix some suse-missing-rclink rpmlint warnings for the ovn subpackage * Base our service unit to the upstream one. * Stop silently enabling the GRE protocol in iptables by default. * Install the upstream sysconfig file to pass more information to the openvswitch service unit. * Use make install instead of %makeinstall * Drop brcompat leftovers. * spec-cleaner fixes- address dimstars concerns- Prevent systemd from autogenerating a service file for openvswitch-switch which conflicts with the opevswitch one. (bsc#966762)- Add missing %defattr to ovn files section.- Add additional install requirements for python-openvswitch-test package.- Add support for building both 2.4.0 and 2.5.0 from the same spec file. Needed to fix SLE11 builds as OVS-2.5.0 no longer supports python < 2.7. SLE11 SP3 and SP4 use python 2.6. - Added: openvswitch-2.4.0.tar.gz- New upstream version 2.5.0 (LTS) - Dropped support for Python older than version 2.7. As a consequence, using Open vSwitch 2.5 or later on XenServer 6.5 or earlier (which have Python 2.4) requires first installing Python 2.7. - OpenFlow: * Group chaining (where one OpenFlow group triggers another) is now supported. * OpenFlow 1.4+ "importance" is now considered for flow eviction. * OpenFlow 1.4+ OFPTC_EVICTION is now implemented. * OpenFlow 1.4+ OFPTC_VACANCY_EVENTS is now implemented. * OpenFlow 1.4+ OFPMP_TABLE_DESC is now implemented. * Allow modifying the ICMPv4/ICMPv6 type and code fields. * OpenFlow 1.4+ OFPT_SET_ASYNC_CONFIG and OFPT_GET_ASYNC_CONFIG are now implemented. - ovs-ofctl: * New "out_group" keyword for OpenFlow 1.1+ matching on output group. - Tunnels: * Geneve tunnels can now match and set options and the OAM bit. * The nonstandard GRE64 tunnel extension has been dropped. - Support Multicast Listener Discovery (MLDv1 and MLDv2). - Add 'symmetric_l3l4' and 'symmetric_l3l4+udp' hash functions. - sFlow agent now reports tunnel and MPLS structures. - New 'check-system-userspace', 'check-kmod' and 'check-kernel' Makefile targets to run a new system testsuite. These tests can be run inside a Vagrant box. See INSTALL.md for details - Mark --syslog-target argument as deprecated. It will be removed in the next OVS release. - Added --user option to all daemons - Add support for connection tracking through the new "ct" action and "ct_state"/"ct_zone"/"ct_mark"/"ct_label" match fields. Only available on Linux kernels with the connection tracking module loaded. - Add experimental version of OVN. OVN, the Open Virtual Network, is a system to support virtual network abstraction. OVN complements the existing capabilities of OVS to add native support for virtual network abstractions, such as virtual L2 and L3 overlays and security groups. - RHEL packaging: * DPDK ports may now be created via network scripts (see README.RHEL). - DPDK: * Requires DPDK 2.2 * Added multiqueue support to vhost-user * Note: QEMU 2.5+ required for multiqueue support - SELinux: * Introduced SELinux policy package. - New package: openvswitch-ovn - Removed: openvswitch-2.4.0.tar.gg - Added: openvswitch-2.5.0.tar.gg - Added: openvswitch-testcontroller.init - Added: ovn-controller-vtep.service - Added: ovn-controller.service - Added: ovn-northd.service - TODO: Explicit DPDK support not yet added to spec. - Spec file work and cleanup. - Includes fixes (or obsoletes) the following issues: * bsc#948840, bsc#941466, bsc#936780, bnc#935750, bnc#867964- Tighten up openvswitch service ordering. bsc#968205 (openSUSE), bsc#951314 (SLE).- Don't install INSTALL.* files.- Removed: openvswitch-switch.template- New upstream version 2.4.0 - Flow table modifications are now atomic, meaning that each packet now sees a coherent version of the OpenFlow pipeline. For example, if a controller removes all flows with a single OpenFlow "flow_mod", no packet sees an intermediate version of the OpenFlow pipeline where only some of the flows have been deleted. - Added support for SFQ, FQ_CoDel and CoDel qdiscs. - Add bash command-line completion support for ovs-vsctl Please check utilities/ovs-command-compgen.INSTALL.md for how to use. - The MAC learning feature now includes per-port fairness to mitigate MAC flooding attacks. - New support for a "conjunctive match" OpenFlow extension, which allows constructing OpenFlow matches of the form "field1 in {a,b,c...} AND field2 in {d,e,f...}" and generalizations. For details, see documentation for the "conjunction" action in ovs-ofctl(8). - Add bash command-line completion support for ovs-appctl/ovs-dpctl/ ovs-ofctl/ovsdb-tool commands. Please check utilities/ovs-command-compgen.INSTALL.md for how to use. - The "learn" action supports a new flag "delete_learned" that causes the learned flows to be deleted when the flow with the "learn" action is deleted. - Basic support for the Geneve tunneling protocol. It is not yet possible to generate or match options. This is planned for a future release. The protocol is documented at http://tools.ietf.org/html/draft-gross-geneve-00 - The OVS database now reports controller rate limiting statistics. - sflow now exports information about LACP-based bonds, port names, and OpenFlow port numbers, as well as datapath performance counters. - ovs-dpctl functionality is now available for datapaths integrated into ovs-vswitchd, via ovs-appctl. Some existing ovs-appctl commands are now redundant and will be removed in a future release. See ovs-vswitchd(8) for details. - OpenFlow: * OpenFlow 1.4 bundles are now supported for flow mods and port mods. For flow mods, both 'atomic' and 'ordered' bundle flags are trivially supported, as all bundled messages are executed in the order they were added and all flow table modifications are now atomic to the datapath. Port mods may not appear in atomic bundles, as port status modifications are not atomic. * IPv6 flow label and neighbor discovery fields are now modifiable. * OpenFlow 1.5 extended registers are now supported. * The OpenFlow 1.5 actset_output field is now supported. * OpenFlow 1.5 Copy-Field action is now supported. * OpenFlow 1.5 masked Set-Field action is now supported. * OpenFlow 1.3+ table features requests are now supported (read-only). * Nicira extension "move" actions may now be included in action sets. * "resubmit" actions may now be included in action sets. The resubmit is executed last, and only if the action set has no "output" or "group" action. * OpenFlow 1.4+ flow "importance" is now maintained in the flow table. * A new Netronome extension to OpenFlow 1.5+ allows control over the fields hashed for OpenFlow select groups. See "selection_method" and related options in ovs-ofctl(8) for details. - ovs-ofctl has a new '--bundle' option that makes the flow mod commands ('add-flow', 'add-flows', 'mod-flows', 'del-flows', and 'replace-flows') use an OpenFlow 1.4 bundle to operate the modifications as a single atomic transaction. If any of the flow mods in a transaction fail, none of them are executed. All flow mods in a bundle appear to datapath lookups simultaneously. - ovs-ofctl 'add-flow' and 'add-flows' commands now accept arbitrary flow mods as an input by allowing the flow specification to start with an explicit 'add', 'modify', 'modify_strict', 'delete', or 'delete_strict' keyword. A missing keyword is treated as 'add', so this is fully backwards compatible. With the new '--bundle' option all the flow mods are executed as a single atomic transaction using an OpenFlow 1.4 bundle. - ovs-pki: Changed message digest algorithm from MD5 to SHA-1 because MD5 is no longer secure and some operating systems have started to disable it in OpenSSL. - ovsdb-server: New OVSDB protocol extension allows inequality tests on "optional scalar" columns. See ovsdb-server(1) for details. - ovs-vsctl now permits immutable columns in a new row to be modified in the same transaction that creates the row. - test-controller has been renamed ovs-testcontroller at request of users who find it useful for testing basic OpenFlow setups. It is still not a necessary or desirable part of most Open vSwitch deployments. - Support for travis-ci.org based continuous integration builds has been added. Build failures are reported to build@openvswitch.org. See INSTALL.md file for additional details. - Support for the Rapid Spanning Tree Protocol (IEEE 802.1D-2004). The implementation has been tested successfully against the Ixia Automated Network Validation Library (ANVL). - Stats are no longer updated on fake bond interface. - Keep active bond slave selection across OVS restart. - A simple wrapper script, 'ovs-docker', to integrate OVS with Docker containers. If and when there is a native integration of Open vSwitch with Docker, the wrapper script will be retired. - Added support for DPDK Tunneling. VXLAN, GRE, and Geneve are supported protocols. This is generic tunneling mechanism for userspace datapath. - Support for multicast snooping (IGMPv1, IGMPv2 and IGMPv3) - Support for Linux kernels up to 4.0.x - The documentation now use the term 'destination' to mean one of syslog, console or file for vlog logging instead of the previously used term 'facility'. - Support for VXLAN Group Policy extension - Initial support for the IETF Auto-Attach SPBM draft standard. This contains rudimentary support for the LLDP protocol as needed for Auto-Attach. - The default OpenFlow and OVSDB ports are now the IANA-assigned numbers. OpenFlow is 6653 and OVSDB is 6640. - Support for DPDK vHost. - Support for outer UDP checksums in Geneve and VXLAN. - The kernel vports with dependencies are no longer part of the overall openvswitch.ko but built and loaded automatically as individual kernel modules (vport-*.ko). - Support for STT tunneling. - Support to configure method (--syslog-method argument) that determines how daemons will talk with syslog. - Support for "ovs-appctl vlog/list-pattern" command that lets to query logging message format for each destination. - GRE64 and ipsec_gre64 tunnel protocol is deprecated and will be removed from OVS v2.5 release. * The openvswitch-testcontroller package is new. It reintroduces the simple OpenFlow controller that was packaged with Open vSwitch prior to version 2.1, at request of users who find it useful for testing basic OpenFlow setups. It is still not a necessary or desirable part of most Open vSwitch deployments. - Fixed: log-check-module-loop.patch to work with new version. - Removed: openvswitch-2.3.1.tar.gz - Added: openvswitch-2.4.0.tar.gz - Spec file work and cleanup.- Add calls to /sbin/ldconfig in %post and %postun - Fix typo in Url- new upstream version 2.3.1 - Compatibility with autoconf 2.63 (previously >=2.64) - ovs-pki: Changed message digest algorithm from MD5 to SHA-1 because MD5 is no longer secure and some operating systems have started to disable it in OpenSSL. - Keep active bond slave selection across OVS restart. * v2.3.0 - 14 Aug 2014 - OpenFlow 1.1, 1.2, and 1.3 are now enabled by default in ovs-vswitchd. - Linux kernel datapath now has an exact match cache optimizing the flow matching process. - Datapath flows now have partially wildcarded tranport port field matches. This reduces userspace upcalls, but increases the number of different masks in the datapath. The kernel datapath exact match cache removes the overhead of matching the incoming packets with the larger number of masks, but when paired with an older kernel module, some workloads may perform worse with the new userspace. * v2.2.0 - Internal Release - Internal ports are no longer brought up by default, because it should be an administrator task to bring up devices as they are configured properly. - ovs-vsctl now reports when ovs-vswitchd fails to create a new port or bridge. - The "ovsdbmonitor" graphical tool has been removed, because it was poorly maintained and not widely used. - New "check-ryu" Makefile target for running Ryu tests for OpenFlow controllers against Open vSwitch. See INSTALL for details. - Added IPFIX support for SCTP flows and templates for ICMPv4/v6 flows. - Upon the receipt of a SIGHUP signal, ovs-vswitchd no longer reopens its log file (it will terminate instead). Please use 'ovs-appctl vlog/reopen' instead. - Support for Linux kernels up to 3.14. From Kernel 3.12 onwards OVS uses tunnel API for GRE and VXLAN. - Added experimental DPDK support. - Added support for custom vlog patterns in Python - removed datapath-Add-support-for-Linux-3.12.patch no more required - removed sle11-device-ops-backport.diff , not used before- fix rcX linkh03-ch2d 1735542779  !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUV23.03.0-150600.33.3.1   ovn_staticlogo.pngcontents.rstfaqcontributing.rstgeneral.rstindex.rstgroup-selection-method-property.txthowtodocker.rstfirewalld.rstindex.rstipsec.rstopenstack-containers.rstssl.rstindex.rstinternalsauthors.rstbugs.rstcommitter-emeritus-status.rstcommitter-grant-revocation.rstcommitter-responsibilities.rstcontributingbackporting-patches.rstcoding-style.rstdocumentation-style.rstindex.rstlibopenvswitch-abi.rstsubmitting-patches.rstdocumentation.rstindex.rstmailing-lists.rstmaintainers.rstovs_submodule.rstpatchwork.rstrelease-process.rstsecurity.rstintroindex.rstinstalldebian.rstdistributions.rstdocumentation.rstfedora.rstgeneral.rstindex.rstovn-upgrades.rstrhel.rstwindows.rstrefindex.rstovn-sim.1.rstrequirements.txttopicsdebugging-ddlog.rsthigh-availability.rstindex.rstintegration.rstovn-news-2.8.rstrole-based-access-control.rsttesting.rstvif-plug-providersindex.rstvif-plug-providers.rsttutorialsddlog-new-feature.rstimagesovsdb-relay-1.pngovsdb-relay-2.pngovsdb-relay-3.pngindex.rstovn-interconnection.rstovn-ipsec.rstovn-openstack.rstovn-ovsdb-relay.rstovn-rbac.rstovn-sandbox.rst/usr/share/doc/packages//usr/share/doc/packages/ovn//usr/share/doc/packages/ovn/_static//usr/share/doc/packages/ovn/faq//usr/share/doc/packages/ovn/howto//usr/share/doc/packages/ovn/internals//usr/share/doc/packages/ovn/internals/contributing//usr/share/doc/packages/ovn/intro//usr/share/doc/packages/ovn/intro/install//usr/share/doc/packages/ovn/ref//usr/share/doc/packages/ovn/topics//usr/share/doc/packages/ovn/topics/vif-plug-providers//usr/share/doc/packages/ovn/tutorials//usr/share/doc/packages/ovn/tutorials/images/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.suse.de/SUSE:Maintenance:36865/SUSE_SLE-15-SP6_Update/5e49695ec047303e19615f89315e02f1-openvswitch.SUSE_SLE-15-SP6_Updatedrpmxz5x86_64-suse-linuxdirectoryPNG image data, 200 x 200, 8-bit/color RGBA, non-interlacedASCII textC source, ASCII textUTF-8 Unicode textPNG image data, 1002 x 982, 8-bit/color RGB, non-interlacedPNG image data, 1262 x 1082, 8-bit/color RGB, non-interlacedPNG image data, 1316 x 1382, 8-bit/color RGB, non-interlacedM̟"ނutf-803be2dfe75030d45f94a835ace7c606435073ab645eb826e4472627252ecd67b?P7zXZ !t/H]"k%{\X;薢PN`l ?[gY"aef?Q4ɪr(+6|JԬ ޺uX{u٧<|aAJ}ct&@_ v e6|< ޡ[T:^ϟ){%|URre@T>Nw+c7b(,XhJҔ5DdZtSClo xȾ˒7Kv.Ü߽Oҳr{%:iM6Yc W !xKO{ތG4 XS) %yё[odRf?gᒾ쑀^٧×3w^2(yUx:!pYMSa?H3y$84li i/3O8oN"n0DZSMFan乩paP4DdU _?pjƷ[(dRO5^hfh0^L;c:Tӕcڏ9a+L"w\mS!nk8uyO]HJB:,-B]?aU` !.=  ĉyغ*ƌ}= gdgfF>/kMYbB 'B׶ YZ