openvswitch2.13-ipsec-2.13.0-153.el8 > 6 6_6 3!pQp)Tξ7]mtZ`a~ ]mtZ`Re3A؋Ly Fj3;Nz`A2脝~SI  ˤ:n _BBWn)!nU/X*vp3vz1M5lYmnvy:gLY 5r<`{5"ʣQsz :h\X^shq5}s[q|{Cيt_d۵nkT/:MV56&Dz~]ӻF䯎B4è4QN{ ̭eءc{L5gD h&Bn)3M՚g n%bQrBKbt$rDrY:rFOQ:qo}M~6BaEo_畄^f Sz\ʹ$ \_1'nU Hax 7v}kv7L#f縄A4zDﴭ?Q+kS&RPEI SDR=8h#Hs6t>p<y?yd ' L *FLT\ ` d l   4<t2(_8h9:"zGw<HwDIwLXwPYwX\wx]w^wbwdyeyfylyty4uy<vyDwytxy|yyyyyyCopenvswitch2.13-ipsec2.13.0153.el8Open vSwitch IPsec tunneling supportThis package provides IPsec tunneling support for OVS tunnels.azord1-prod-a64build002.svc.aws.rockylinux.orgKojiRockyASL 2.0infrastructure@rockylinux.orgSystem Environment/Daemons daemon/database/utilitieshttp://www.openvswitch.org/linuxaarch64y7^Fdaza8aafada0fccf3e784539fb6ffa2016dca7299cfb90401e4f2ef6e7317e19c86680eb91190d12c9d1d1b906f67164d7d03b03c52755d94ebfb31a5108dcf1b88rootrootrootrootopenvswitch2.13-2.13.0-153.el8.src.rpmopenvswitch2.13-ipsecopenvswitch2.13-ipsec(aarch-64)@    /usr/libexec/platform-pythonlibreswanpython3-openvswitch2.13rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)2.13.0-153.el83.0.4-14.6.0-14.0-15.2-14.14.3a7a@a@a@a@a@a@a@aNaaZ@a@aa@a@@aKazay?@ay?@araqV@an@ahaf@aexaUaQ@aLl@aC1a8aaS@aS@a@`` @`@`\`````f@`@`q` @``~@`v@`pA`lM@`lM@`g@`e`c`X`T@`P`*b@`#`3@``@`>`>`>`@``@`@`@`@`@`2@_@_1@_$_$_@_ǁ_^@_@_i_@_@_/@_@__ _@_"_"_P_a@_Z@_G@_FN_;_;_5+@_16_16_._._"@_A@_A@_A@_A@____ @_@^^3^3^3^?@^?@^^^^^^@^@^@^@^@^@^@^@^1^^H^H^H^^k@^^^}^y@^x^x^x^h^W@^U @Open vSwitch CI - 2.13.0-153Eelco Chaudron - 2.13.0-152Eelco Chaudron - 2.13.0-151Eelco Chaudron - 2.13.0-150Eelco Chaudron - 2.13.0-149Eelco Chaudron - 2.13.0-148Eelco Chaudron - 2.13.0-147Open vSwitch CI - 2.13.0-146Open vSwitch CI - 2.13.0-145Open vSwitch CI - 2.13.0-144Open vSwitch CI - 2.13.0-143Open vSwitch CI - 2.13.0-142Open vSwitch CI - 2.13.0-141Open vSwitch CI - 2.13.0-140Open vSwitch CI - 2.13.0-139Open vSwitch CI - 2.13.0-138Open vSwitch CI - 2.13.0-137Open vSwitch CI - 2.13.0-136Open vSwitch CI - 2.13.0-135Open vSwitch CI - 2.13.0-134Open vSwitch CI - 2.13.0-133Open vSwitch CI - 2.13.0-132Open vSwitch CI - 2.13.0-131Open vSwitch CI - 2.13.0-130Open vSwitch CI - 2.13.0-129Open vSwitch CI - 2.13.0-128Open vSwitch CI - 2.13.0-127Timothy Redaelli - 2.13.0-126Open vSwitch CI - 2.13.0-125Open vSwitch CI - 2.13.0-124Michael Santana - 2.13.0-123Open vSwitch CI - 2.13.0-122Michael Santana - 2.13.0-121Open vSwitch CI - 2.13.0-120Open vSwitch CI - 2.13.0-119Open vSwitch CI - 2.13.0-118Open vSwitch CI - 2.13.0-117Timothy Redaelli - 2.13.0-116Open vSwitch CI - 2.13.0-115Open vSwitch CI - 2.13.0-114Open vSwitch CI - 2.13.0-113Open vSwitch CI - 2.13.0-112Open vSwitch CI - 2.13.0-111Open vSwitch CI - 2.13.0-110Open vSwitch CI - 2.13.0-109Open vSwitch CI - 2.13.0-108Open vSwitch CI - 2.13.0-107Timothy Redaelli - 2.13.0-106Open vSwitch CI - 2.13.0-105Open vSwitch CI - 2.13.0-104Timothy Redaelli - 2.13.0-103Timothy Redaelli - 2.13.0-102Open vSwitch CI - 2.13.0-101Open vSwitch CI - 2.13.0-100Open vSwitch CI - 2.13.0-99Kevin Traynor - 2.13.0-98Kevin Traynor - 2.13.0-97Open vSwitch CI - 2.13.0-96Eelco Chaudron - 2.13.0-95Open vSwitch CI - 2.13.0-94Open vSwitch CI - 2.13.0-93Open vSwitch CI - 2.13.0-92Open vSwitch CI - 2.13.0-91Timothy Redaelli - 2.13.0-90Timothy Redaelli - 2.13.0-89Timothy Redaelli - 2.13.0-88Open vSwitch CI - 2.13.0-87Open vSwitch CI - 2.13.0-86Open vSwitch CI - 2.13.0-85Timothy Redaelli - 2.13.0-84Flavio Leitner - 2.13.0-83Flavio Leitner - 2.13.0-82Timothy Redaelli - 2.13.0-81Open vSwitch CI - 2.13.0-80Open vSwitch CI - 2.13.0-79Open vSwitch CI - 2.13.0-78Open vSwitch CI - 2.13.0-77Open vSwitch CI - 2.13.0-76Open vSwitch CI - 2.13.0-75Open vSwitch CI - 2.13.0-74Timothy Redaelli - 2.13.0-73Timothy Redaelli - 2.13.0-72Open vSwitch CI - 2.13.0-71Flavio Leitner - 2.13.0-70Flavio Leitner - 2.13.0-69Flavio Leitner - 2.13.0-68Ilya Maximets - 2.13.0-67Ilya Maximets - 2.13.0-66Open vSwitch CI - 2.13.0-65Open vSwitch CI - 2.13.0-64Open vSwitch CI - 2.13.0-63Timothy Redaelli - 2.13.0-62Open vSwitch CI - 2.13.0-61Open vSwitch CI - 2.13.0-60Open vSwitch CI - 2.13.0-59Open vSwitch CI - 2.13.0-58Open vSwitch CI - 2.13.0-57Flavio Leitner - 2.13.0-56Flavio Leitner - 2.13.0-55Open vSwitch CI - 2.13.0-54Open vSwitch CI - 2.13.0-53Dumitru Ceara - 2.13.0-52Flavio Leitner - 2.13.0-51Flavio Leitner - 2.13.0-50Timothy Redaelli - 2.13.0-49Flavio Leitner - 2.13.0-48Flavio Leitner - 2.13.0-47Flavio Leitner - 2.13.0-46Flavio Leitner - 2.13.0-45Flavio Leitner - 2.13.0-44Flavio Leitner - 2.13.0-43Flavio Leitner - 2.13.0-42Flavio Leitner - 2.13.0-41Timothy Redaelli - 2.13.0-40Timothy Redaelli - 2.13.0-39Ilya Maximets - 2.13.0-38Ilya Maximets - 2.13.0-37Ilya Maximets - 2.13.0-36Aaron Conole - 2.13.0-35Aaron Conole - 2.13.0-34Timothy Redaelli - 2.13.0-33Timothy Redaelli - 2.13.0-32Timothy Redaelli - 2.13.0-31Timothy Redaelli - 2.13.0-30Timothy Redaelli - 2.13.0-29Dumitru Ceara - 2.13.0-28Dumitru Ceara - 2.13.0-27Dumitru Ceara - 2.13.0-26Dumitru Ceara - 2.13.0-25Dumitru Ceara - 2.13.0-24Dumitru Ceara - 2.13.0-23Dumitru Ceara - 2.13.0-22Dumitru Ceara - 2.13.0-21Timothy Redaelli - 2.13.0-20Timothy Redaelli - 2.13.0-19Timothy Redaelli - 2.13.0-18Timothy Redaelli - 2.13.0-17Timothy Redaelli - 2.13.0-16Timothy Redaelli - 2.13.0-15Flavio Leitner - 2.13.0-14Flavio Leitner - 2.13.0-13Flavio Leitner - 2.13.0-12Flavio Leitner - 2.13.0-11Flavio Leitner - 2.13.0-10Timothy Redaelli - 2.13.0-9Timothy Redaelli - 2.13.0-8Numan Siddique - 2.13.0-7Timothy Redaelli - 2.13.0-6Timothy Redaelli - 2.13.0-5Timothy Redaelli - 2.13.0-4- Merging upstream branch-2.13 [RH git: 607e493104] Commit list: 348cdae4b4 ofproto-dpif: Fix issue with non-reversible actions on a patch ports.- downstream: Enable usdt probes in build [RH git: 30f6bfcfca] Fixes: BZ1840877- utilities: Add netlink flow operation USDT probes and upcall_cost script. [RH git: bb307de169] This patch adds a series of NetLink flow operation USDT probes. These probes are in turn used in the upcall_cost Python script, which in addition of some kernel tracepoints, give an insight into the time spent on processing upcall. Signed-off-by: Eelco Chaudron Acked-by: Paolo Valerio Signed-off-by: Ilya Maximets - utilities: Add upcall USDT probe and associated script. [RH git: 2c68e0b4c2] Added the dpif_recv:recv_upcall USDT probe, which is used by the included upcall_monitor.py script. This script receives all upcall packets sent by the kernel to ovs-vswitchd. By default, it will show all upcall events, which looks something like this: TIME CPU COMM PID DPIF_NAME TYPE PKT_LEN FLOW_KEY_LEN 5952147.003848809 2 handler4 1381158 system@ovs-system 0 98 132 5952147.003879643 2 handler4 1381158 system@ovs-system 0 70 160 5952147.003914924 2 handler4 1381158 system@ovs-system 0 98 152 It can also dump the packet and NetLink content, and if required, the packets can also be written to a pcap file. Signed-off-by: Eelco Chaudron Acked-by: Paolo Valerio Signed-off-by: Ilya Maximets - Documentation: Add USDT documentation and bpftrace example. [RH git: 714f513833] Add the USDT documentation and a bpftrace example using the bridge run USDT probes. Signed-off-by: Eelco Chaudron Acked-by: Paolo Valerio Signed-off-by: Ilya Maximets - openvswitch: Define the OVS_STATIC_TRACE() macro. [RH git: c47c990c6b] This patch defines the OVS_STATIC_TRACE() macro, and as an example, adds two of them in the bridge run loop. Signed-off-by: Eelco Chaudron Acked-by: Paolo Valerio Signed-off-by: Ilya Maximets - configure: Add --enable-usdt-probes option to enable USDT probes. [RH git: 6bad1cd13d] Allow inclusion of User Statically Defined Trace (USDT) probes in the OVS binaries using the --enable-usdt-probes option to the ./configure script. Signed-off-by: Eelco Chaudron Acked-by: Paolo Valerio Signed-off-by: Ilya Maximets - Merging upstream branch-2.13 [RH git: 0b2dac74a2] Commit list: 0df41e29b2 ovs-monitor-ipsec: Fix generated strongSwan ipsec.conf for IPv6.- Merging upstream branch-2.13 [RH git: 035f2095f9] Commit list: 9572c60bfc datapath-windows: Pickup Ct tuple as CT lookup key in function OvsCtSetupLookupCtx- Merging upstream branch-2.13 [RH git: df42b314bc] Commit list: 77750b1b19 Documentation: Fix Rx/Tx queue configuration section.- Merging upstream branch-2.13 [RH git: 52b03eee18] Commit list: d30d561bd9 ofproto-dpif: Fix memory leak in dpif/show-dp-features appctl.- Merging upstream branch-2.13 [RH git: e2ae994435] Commit list: 025ec93bc5 Prepare for 2.13.7. 723e0727f3 Set release date for 2.13.6. d6d2dead72 ofproto-dpif-xlate: Snoop ingress packets and update neigh cache if needed. dc8b79ccf1 tnl-neigh-cache: Do not refresh the entry while revalidating. 7e1c6034b5 tnl-neigh-cache: Include expected array sizes in prototypes. 9c98116ac7 tnl-neigh-cache: Read/write expires atomically.- Merging upstream branch-2.13 [RH git: 035911bcc8] Commit list: 0263845fde compat: handle NF_REPEAT error on nf_conntrack_in.- Merging upstream branch-2.13 [RH git: 6a59db52e8] Commit list: 9fa66631c2 flow: Consider dataofs when parsing TCP packets. cabeb5d056 tests/flowgen: Fix packet data endianness. 0b8586fbeb ofproto: Fix resource usage explosion due to removal of large number of flows. 34801d50e2 ofproto: Fix resource usage explosion while processing bundled FLOW_MOD. 1910814e5e tests/flowgen: Fix length field of 802.2 data link header. 6aac7758c0 ovs-lib: Backup and remove existing DB when joining cluster. a5e1af7b99 docs/dpdk: Fix install doc. 6fb9d7ab08 ovs-save: Save igmp flows in ofp_parse syntax. 0c93c71f8c dpdk: Use DPDK 19.11.10 release.- Merging upstream branch-2.13 [RH git: 37c2767bbd] Commit list: 057a5b0708 ofproto-dpif-xlate: Fix check_pkt_larger incomplete translation.- Merging upstream branch-2.13 [RH git: 424b25f9ca] Commit list: 85358e0a9f datapath-windows: Reset flow key after Ipv4 fragments are reassembled- Merging upstream branch-2.13 [RH git: f86ccc67c2] Commit list: da5b115580 datapath-windows:Reset PseudoChecksum value only for TX direction offload case- Merging upstream branch-2.13 [RH git: 25cc09c60a] Commit list: 2c1369aa6d netdev-offload-tc: Verify the flower rule installed.- Merging upstream branch-2.13 [RH git: 1b6734e549] Commit list: b73ad3bcf7 ci: Make linux-prepare trust system installs.- Merging upstream branch-2.13 [RH git: c72ff28f03] Commit list: 4d5470a450 Prepare for 2.13.6. 6771b9c9d7 Set release date for 2.13.5.- Merging upstream branch-2.13 [RH git: d37b008459] Commit list: 70f6efa41c python: idl: Avoid sending transactions when the DB is not synced up.- Merging upstream branch-2.13 [RH git: 60a72ee3f6] Commit list: 5c33e4db80 datapath-windows: add layers when adding the deferred actions- Merging upstream branch-2.13 [RH git: 31c65d3e94] Commit list: 6e2e180851 ofproto-dpif-xlate: Fix zone set from non-frozen-metadata fields.- Merging upstream branch-2.13 [RH git: beb8cdaec6] Commit list: ceb395773d dpif-netdev: Fix use-after-free on PACKET_OUT of IP fragments. fed4df9bb7 tunnel-push-pop.at: Mask source port in tunnel header.- Merging upstream branch-2.13 [RH git: fc819dabd3] Commit list: ec44c50cf0 ipf: release unhandled packets from the batch- Merging upstream branch-2.13 [RH git: 9d83aff7e3] Commit list: 695d25f507 datapath-windows:adjust Offset when processing packet in POP_VLAN action- Merging upstream branch-2.13 [RH git: a117849d24] Commit list: e33aaf8bda cirrus: Reduce memory requirements for FreeBSD VMs.- redhat: use hugetlbfs group for /var/log/openvswitch when dpdk is enabled [RH git: a32eb508f7] (#2007292) Resolves: #2007292- Merging upstream branch-2.13 [RH git: 215f08bbd8] Commit list: a56a8008eb netdev-linux: Fix a null pointer dereference in netdev_linux_notify_sock(). 186ff2a5b2 pcap-file: Fix memory leak in ovs_pcap_open(). b9b144b8d8 odp-util: Fix a null pointer dereference in odp_flow_format(). fea883d3bd odp-util: Fix a null pointer dereference in odp_nsh_key_from_attr__(). ef6d151b04 ipf: Fix only nat the first fragment in the reass process.- Merging upstream branch-2.13 [RH git: b3c7c50935] Commit list: 38efd803dd dpif-netdev: Fix crash when PACKET_OUT is metered.- Migrate openvswitch to gitlab [RH git: 081bad43fc] Signed-off-by: Michael Santana - Merging upstream branch-2.13 [RH git: 775922244f] Commit list: f61f810fb3 tc: Set action flags for tunnel_key release. 0dc609a260 netlink-socket: Replace error with txn->error when logging nacked transactions. d3776e354c dynamic-string: Fix a crash in ds_clone().- pkgtool: Make changelog in spec file more informative [RH git: 42174a9bc1] This is done by adding the body of the commit message to the changelong. The body is indented and has extra spacing separating each entry in the changelog to make each one more discernible since now they could be longer. Also, make sure the bugzilla ID is at the end of the line Signed-off-by: Michael Santana - Merging upstream branch-2.13 [RH git: eda2f50cf9] Commit list: f7e3b47e09 dpif-netdev: Fix offloads of modified flows. 350507b163 dpif-netdev: Fix flow modification after failure.- Merging upstream branch-2.13 [RH git: c2e53c3150] Commit list: f92ce92e53 daemon-unix: Fix leak of a fork error message.- Merging upstream branch-2.13 [RH git: d613ce404a] Commit list: d794934d01 datapath-windows:Correct checksum for DNAT action- Merging upstream branch-2.13 [RH git: 1dbd295283] Commit list: 9b1c0df6ad dpif-netlink: Fix report_loss() message. 17e98772cb conntrack: Document all-zero IP SNAT behavior and add a test case. 305b944a2e ovsdb-server: Fix memleak when failing to read storage. 1aa1f59142 netdev-linux: Ignore TSO packets when TSO is not enabled for userspace. d127fa6d2b conntrack: Handle already natted packets. c8ebe4434c python: Fix Idl.run change_seqno update. 2762bf6895 Prepare for 2.13.5. d72ccdfbda Set release date for 2.13.4. 76fdda2b34 netlink: removed incorrect optimization 9c386761f9 ovs-actions.xml: Add missing bracket. be8c4af1ce netdev-offload-tc: Use nl_msg_put_flag for OVS_TUNNEL_KEY_ATTR_CSUM.- Merging 15251f0e1d datapath-windows: Specify external include .. [RH git: f9d10a495b] Commit list: 15251f0e1d datapath-windows: Specify external include paths 9f05167b21 Remove Python 2 leftovers. 64c3133c01 ipf: Fix a use-after-free error, and remove the 'do_not_steal' flag. fe7bd42d6c ofproto: Fix potential NULL dereference in ofproto_ct_*_zone_timeout_policy(). fc23134227 ofproto: Fix potential NULL dereference in ofproto_get_datapath_cap().- Merging upstream branch-2.13 [RH git: 190762bf5c] Commit list: 8be19f789b dpif-netlink: Fix send of uninitialized memory in ct limit requests. 25dd08492d ofproto-dpif: Fix use of uninitialized attributes of timeout policy. 95570b23c8 netdev-linux: Fix use of uninitialized LAG master name.- Merging upstream branch-2.13 [RH git: 63656e47fb] Commit list: 160bb80a32 ofp_actions: Fix set_mpls_tc formatting.- Merging upstream branch-2.13 [RH git: 43b0d45790] Commit list: 32a197f845 dpif-netdev: Remove meter rate from the bucket size calculation. 1b4d8fe1d9 ovsdb-idl: Consider all tables when computing expected cond seqno.- Merging upstream branch-2.13 [RH git: 3f4fc768f0] Commit list: 9acbf2cff7 ovs-ofctl: Fix coredump when using "add-groups" command.- Merging upstream branch-2.13 [RH git: 5eca61ee5e] Commit list: 058702e3dc raft: Transfer leadership before creating snapshots.- Merging upstream branch-2.13 [RH git: 6022570f3f] Commit list: 3bc41e2b6a dpdk: Use DPDK 19.11.8 release.- Merging upstream branch-2.13 [RH git: 132c26ba20] Commit list: fbebe7377d github: Fix up malformed /etc/hosts. 2a3d1f4971 doc: automake: Add support for sphinx 4.0. 4ab5524dbb cirrus: Look up existing versions of python dependencies.- Merging upstream branch-2.13 [RH git: d2edacdddd] Commit list: ea98fe0743 ofp-group: Use big-enough buffer in ofputil_format_group().- Merging upstream branch-2.13 [RH git: 9a8a649301] Commit list: 798a40ffb6 ofproto/ofproto-dpif-sflow: Check sflow agent in case of race 9984d61124 dpif: Fix use of uninitialized execute hash. 43c2a10922 odp-util: Fix use of uninitialized erspan metadata. 4f68040a5c dpif-netlink: Fix using uninitialized info.tc_modify_flow_deleted in out label. 1c2a5f170f netdev-offload-tc: Probe for support for any of the ct_state flags. a4730043a4 compat: Add ct_state flags definitions. bbd62d7a44 tc: Use skip_hw flag when probing tc features.- Fix typo in rh-mock-srpm [RH git: 5641bf9d72] Thanks fbl for reporting- Merging upstream branch-2.13 [RH git: 0aaf7c02b7] Commit list: 759da53f07 Add test cases for ingress_policing parameters c901a563f4 netdev-linux: correct unit of burst parameter- Merging upstream branch-2.13 [RH git: 1334a398c9] Commit list: d47800bd66 ovsdb-idl: Mark arc sources as updated when destination is deleted. 6cf6f9d0d3 ovsdb-idl: Preserve references for deleted rows. e7d451ab8a ovsdb-idl.at: Make test outputs more predictable. 7fca8a3c94 test-ovsdb: Log steps in idl test. 4ca9dd87f6 test-stream: Silence memory leak report.- Align DPDK config to 19.11.7 [RH git: 62cff1abf5]- Merge tag 'c765f42e31c1baa8f4e7a9e01080f5474596ea98' into fast-datapath-rhel-8 [RH git: 4ef8ee2e1a] dpdk-19.11.7- Merging upstream branch-2.13 [RH git: 02b662f992] Commit list: 68086371c8 ipsec: Fix IPv6 default route support for Libreswan.- Merging upstream branch-2.13 [RH git: 7323d4b8e4] Commit list: 2cb952326e ovs-ofctl: Fix segfault due to bad meter n_bands.- Merging upstream branch-2.13 [RH git: 8e7dc3319c] Commit list: a112239ff5 dpif-netdev: Refactor and fix the buckets calculation. d9d8ebfa00 dpif-netdev: Fix the meter buckets overflow.- dpif-netdev: Allow PMD auto load balance with cross-numa. [RH git: edeaca020b] (#1938162) commit ec68a877db5bbfba49ddeb9929479c033420ea6b Author: Kevin Traynor Date: Thu Mar 18 11:34:04 2021 +0000 dpif-netdev: Allow PMD auto load balance with cross-numa. Previously auto load balance did not trigger a reassignment when there was any cross-numa polling as an rxq could be polled from a different numa after reassign and it could impact estimates. In the case where there is only one numa with pmds available, the same numa will always poll before and after reassignment, so estimates are valid. Allow PMD auto load balance to trigger a reassignment in this case. Acked-by: Eelco Chaudron Acked-by: David Marchand Tested-by: Sunil Pai G Acked-by: Flavio Leitner Signed-off-by: Kevin Traynor Signed-off-by: Ilya Maximets Reported-at: https://bugzilla.redhat.com/show_bug.cgi?id=1938162 Conflicts: Commit backported from upstream master branch. Commit not present on upstream branch-2.13. Removed NEWS file update as could cause future merge conflicts.- redhat: Update docs for test builds [RH git: 0322f225d3]- Merging upstream branch-2.13 [RH git: bb107a7f7f] Commit list: fc8444fb1d python: Send notifications after the transaction ends. 712193ff1c ovs-ctl: Allow recording hostname separately. 3665d7f805 dpif-netdev: Fix crash when add dp flow without in_port field. 732e17d6b6 Documentation: Fix DPDK qos example. 1dee0a67e5 raft: Report disconnected in cluster/status if candidate retries election. e78d6ffba7 raft: Reintroduce jsonrpc inactivity probes. aea5fefdac connmgr: Check nullptr inside ofmonitor_report(). 26fa38c332 ovsdb-client: Fix needs-conversion when SERVER is explicitly specified. 65582c0bad dpdk: Use DPDK 19.11.6 release. 967d4055e7 windows, tests: Modify service test. ccdfc67b74 netdev-linux: Fix indentation. 81e759618c ci: Use parallel build for distcheck. 6d67310f4d ofp-actions: Fix use-after-free while decoding RAW_ENCAP.- conntrack: add generic IP protocol support [RH git: 6b3ca4b028] Currently, userspace conntrack only tracks TCP, UDP, and ICMP, and all other IP protocols are discarded, and the +inv state is returned. This is not in line with the kernel conntrack. Where if no L4 information can be extracted it's treated as generic L3. The change below mimics the behavior of the kernel. Resolves: BZ1876459 Signed-off-by: Eelco Chaudron Acked-by: Flavio Leitner Signed-off-by: Ilya Maximets (cherry picked from commit a27d70a8984879bc0a66afc2d7c35149659be24d)- Merging upstream branch-2.13 [RH git: 8655a639ac] Commit list: 2be25e3b00 Prepare for 2.13.4. f25820bf55 Set release date for 2.13.3. 9a5e78b5c7 cirrus: Use FreeBSD 12.2. 3512fb512c flow: Support extra padding length.- Merging upstream branch-2.13 [RH git: 2100324b58] Commit list: a6efca9628 netdev-offload-tc: Reject rules with unsupported ct_state flags.- Merging upstream branch-2.13 [RH git: 92b77d1489] Commit list: 9985c46501 dist-docs: Include manpages generated from rST.- Merging upstream branch-2.13 [RH git: ea87c21ff2] Commit list: fcae3177d4 tc: Fix mpls bottom of stack bit mask reporting.- dpif-netdev: Add PMD auto load balance status log. [RH git: 4fd540d8ef] When any PMD auto load balance parameters change, it is useful to also log if the feature is enabled or disabled. |dpif_netdev|INFO|PMD auto load balance load threshold changed to 70% |dpif_netdev|INFO|PMD auto load balance is disabled Signed-off-by: Kevin Traynor Acked-by: David Marchand Acked-by: Ian Stokes Signed-off-by: Ilya Maximets (cherry picked from commit 30de75520277a39ac775d15d4fa1c9cc886ad5d2)- dpif-netdev: Add parameters to configure PMD auto load balance. [RH git: 5935f7a9d8] Two important parts of how PMD auto load balance operates are how loaded a core needs to be and how much improvement is estimated before a PMD auto load balance can trigger. Previously they were hardcoded to 95% loaded and 25% variance improvement. These default values may not be suitable for all use cases and we may want to use a more (or less) aggressive rebalance, either on the pmd load threshold or on the minimum variance improvement threshold. The defaults are not changed, but "pmd-auto-lb-load-threshold" and "pmd-auto-lb-improvement-threshold" parameters are added to override the defaults. $ ovs-vsctl set open_vswitch . other_config:pmd-auto-lb-load-threshold="70" $ ovs-vsctl set open_vswitch . other_config:pmd-auto-lb-improvement-threshold="20" Signed-off-by: Christophe Fontaine Co-Authored-by: Kevin Traynor Signed-off-by: Kevin Traynor Acked-by: David Marchand Acked-by: Ian Stokes Signed-off-by: Ilya Maximets (cherry picked from commit 62ab5594c20cc815592562af69abb5b8ebe85d55)- dpif-netdev: Add log for PMD auto load balance interval parameter. [RH git: a8f4696c20] Previously if the parameter for the PMD auto load balance minimum interval was changed at runtime, it was not logged unless the PMD auto load balance feature was also changed to enabled. Log the parameter anytime it changes, and use minutes when it is logged as that is the user input format. Fixes: 5bf84282482a ("Adding support for PMD auto load balancing") Signed-off-by: Kevin Traynor Acked-by: David Marchand Acked-by: Ian Stokes Signed-off-by: Ilya Maximets (cherry picked from commit e4db0b69e2d81d8d5ca1265fbfbd08a9b30a1a02)- Merging upstream branch-2.13 [RH git: d303f53850] Commit list: a5e068f24b netdev-dpdk: Fix incorrect shinfo initialization. 522d828ae6 github: Don't fail the job if 'apt update' failed. 81026f0bad vswitchd.xml: Fix supported IPsec tunnels.- Merging upstream branch-2.13 [RH git: 2986e0866e] Commit list: 98723e351f ovsdb-doc: Add build dependency on dirs.py.- Merging upstream branch-2.13 [RH git: f2f6b58dd9] Commit list: 484068b741 dpctl: Fix dpctl process command parameter error.- redhat: Use a mock config based on the buildsystem target [RH git: b820a7b894]- Merging b37528cef7 conntrack: Fix the icmp conntrack new state. [RH git: dc913c7d4c] Commit list: b37528cef7 conntrack: Fix the icmp conntrack new state. c06328ae57 conntrack: Fix icmp conntrack state. 8e0a1527d7 odp-util: Fix abort while formatting nsh actions.- Merging f383000ca6 acinclude: Strip out -mno-avx512f provided .. [RH git: 304ba372e4] Commit list: f383000ca6 acinclude: Strip out -mno-avx512f provided by DPDK. 63f2aa2b7d acinclude: Strip out -march provided by DPDK.- Enable AVX512 support on binutils >= 2.30-79.el8 [RH git: 8b3f992902]- Merging upstream branch-2.13 [RH git: b7a6e48410] Commit list: 66fc41bfb2 Prepare for 2.13.3. e8ca014102 Set release date for 2.13.2. 9b00c9c047 lldp: do not leak memory on multiple instances of TLVs 02e48ecf29 ipf: Avoid accessing to a freed rp. 999bec82e1 rhel: Fix libunwind dev package.- Merging upstream branch-2.13 [RH git: 86c9f9af77] Commit list: 6c3d1c9f6f ovs-monitor-ipsec: Add option to not restart IKE daemon. d9edf71d17 ovs-monitor-ipsec: Allow exit of ipsec daemon maintaining state. 7286dc4412 ovs-ctl: Use 'stop_daemon' to stop ovs-monitor-ipsec. 60c6013b7b ovs-monitor-ipsec: Fix active connection regex. d59ec5359d ovs-monitor-ipsec: set correct 'leftcert' and 'rightcert' name 6e1f4ade25 ovs-monitor-ipsec: Add support for tunnel 'local_ip'. 03ee7466ca ovs-monitor-ipsec: Suppress "unknown %d argument" warning. d371c42bbb ovs-monitor-ipsec: Fix _nss_clear_database() parse error. ff48c43a59 ovs-ctl: Don't overwrite external-id hostname.- Merging upstream branch-2.13 [RH git: 2cfb47639f] Commit list: 7312222306 odp-util: Fix netlink message overflow with userdata. b3c09431ad NEWS: Move '--offload-stats' entry to correct release. 7c24762d3e ovsdb-tool: Fix datum leak in the show-log command. a47647c6ec ofproto-dpif-xlate: Stop forwarding MLD reports to group ports. 82093f97c5 github: Fix Ubuntu package installation. 56b81e3ee7 jsonrpc: Avoid disconnecting prematurely due to long poll intervals.- Merging upstream branch-2.13 [RH git: 350e017b66] Commit list: aacf05c5b8 ovsdb-idl: Fix expected condition seqno when changes are pending. db74cd6f4b ovsdb-cluster.at: Fix infinite loop in torture tests.- Merging upstream branch-2.13 [RH git: ece49fb665] Commit list: cdf4cf4966 lib/tc: fix parse act pedit for tos rewrite- Merging upstream branch-2.13 [RH git: 3e10785905] Commit list: ac5c067937 ovsdb-idl: Fix use-after-free when deleting orphaned rows. 60607ba779 ovsdb-idl: Fix memleak when deleting orphan rows. 08c8a29bf4 ovsdb-idl: Fix memleak when reinserting tracked orphan rows.- Merging upstream branch-2.13 [RH git: 773fc1e75b] Commit list: d853716dcb python: Update build system to ensure dirs.py is created. 9ada310291 python: set ovs.dirs variables with build system values 9342d27a26 datapath: ovs_ct_exit to be done under ovs_lock d93d9181f5 compat: rcu: Add support for consolidated-RCU reader checking 505b916b03 ovsdb-idl: Fix iteration over tracked rows with no actual data. 1eb6abd6fc Handle refTable values with setkey() feec8e6888 tests: Add overflow test for the sha1 library. b5a39a7d7f travis: Remove support for Travis CI. db5e2bdd3b github: Add GitHub Actions workflow. 3ff5e400bd ci: Don't use 'native' machine for DPDK cache.- Fix building OVS on ppc64le and armv7hl with Python 3.9 [RH git: a6928f88b2] Python 3.9 changed the architecture naming in suffix used for binary extensions. Use python3-config --extension-suffix in order to figure out the correct extension suffix used for binary extensions. This is not, currently, an issue on RHEL8, but it'll be an issue on RHEL9 and it's an issue on Fedora Rawhide.- redhat: Enable ipsec support [RH git: 2c7306b51f] (#1782141) Resolves: #1782141- Merging upstream branch-2.13 [RH git: 2aae181525] Commit list: abe7fe4486 ovsdb-idl: Return correct seqno from ovsdb_idl_db_set_condition(). 03c12fe076 ovsdb-idl: Fix *_is_new() IDL functions. 1b73731eef ovsdb-idl.at: Return stream open_block python tests. b876447179 compat: Fix compile warning. cb874fa2f2 compat: Remove stale code. 6c5cd45051 tests: Add parse-flow tests for MPLS fields. fa59781826 ofp-actions: Fix userspace support for mpls_ttl. cdf2cf98e3 python: Don't raise an Exception on failure to connect via SSL. 032fd056fe lldp: correctly increase discarded count f051229561 lldp: increase statsTLVsUnrecognizedTotal on unknown TLV 12ffc6118e lldp: fix a buffer overflow when handling management address TLV 46b5101de0 lldp: Fix size of PEEK_DISCARD_UINT32() 364d371c58 lldp: validate a bit more received LLDP frames 3a3c52b8a2 sha1: Fix algorithm for data bigger than 512 megabytes. 8ea7e55eb6 odp-util: Fix overflow of nested netlink attributes.- redhat: Fix conf.db permissions in the spec. [RH git: 46d3617298] Upstream has removed the read permission from the db file because it may incur security concerns, for example, IPsec Pre-shared keys are stored in the db. Fixes: 3e581f43a9 ("ovsdb: Remove read permission of *.db from others.") Signed-off-by: Flavio Leitner - Merging d43d10e10c netdev-offload-dpdk: Preserve HW statistics.. [RH git: a779495d03] Commit list: d43d10e10c netdev-offload-dpdk: Preserve HW statistics for modified flows. 3e581f43a9 ovsdb: Remove read permission of *.db from others. 1440833435 raft: Make backlog thresholds configurable. efc59be2ea raft: Set threshold on backlog for raft connections.- Merging dc5b4e8f69 ovs-bugtool: Fix crash when enable --ovs. [RH git: de7f5508d7] Commit list: dc5b4e8f69 ovs-bugtool: Fix crash when enable --ovs.- Merging upstream branch-2.13 [RH git: 03753de14f] Commit list: 07049d5b66 bugtool: Fix for Python3. 625a6f0f0e raft: Avoid having more than one snapshot in-flight. fc7a644a73 ovsdb-server: Reclaim heap memory after compaction. 49453540d9 raft: Add log length to the memory report.- Merging upstream branch-2.13 [RH git: 373b7e9f51] Commit list: fd29479f04 raft: Report jsonrpc backlog in kilobytes. 7865bc49d3 ovsdb: Add raft memory usage to memory report.- Merging upstream branch-2.13 [RH git: f9a054c1b5] Commit list: 7a69ccf7e4 raft: Avoid annoying debug logs if raft is connected. 3a8897322f raft: Fix error leak on failure while saving snapshot.- Merging upstream branch-2.13 [RH git: 73eb33dcf1] Commit list: 9bd5bf4c3a netdev-tc-offloads: Don't delete ufid mapping if fail to delete filter- Merging upstream branch-2.13 [RH git: 6f80f8c230] Commit list: df3ecbbb6b travis: Fix kernel download retry. 1c9e73f922 Revert "travis: Disable check for array of flexible structures in sparse." 1557ce2673 ofp-ed-props: Fix using uninitialized padding for NSH encap actions.- redhat: Add conflicts for older versioned packages [RH git: b1f563c738] (#1886836) Resolves: #1886836- Merging upstream branch-2.13 [RH git: fa57a21817] Commit list: 75fbada49b travis: Disable check for array of flexible structures in sparse. 12c43c2e64 ovsdb-idl.at: Queue for termination all OVSDB IDL pids. 61e6f03cc3 system-userspace-packet-type-aware.at: Wait for ip address updates. 6d30b86168 dpif-netdev: Fix typo in copyright header. 9400845f88 docs: Add flow control on i40e issue- Merging upstream branch-2.13 [RH git: 38d21cf4eb] Commit list: 3c2b1915d2 ipsec: Fix Strongswan configuration syntax. 610dfdc63d cirrus: Use FreeBSD 11.4. 0cb432954a selinux: Add missing permissions for ovs-kmod-ctl. 9a6d26ea30 netdev-dpdk: Don't set rx mq mode for net_virtio. 183be08223 rhel: Fix reload of OVS_USER_ID on startup. 90443bc5c6 classifier: Fix use of uninitialized value. c38ebe8164 userspace-tso: Document the minimum kernel version. faf6651357 rhel: Fix logrotate group when dpdk is enabled.- Merging upstream branch-2.13 [RH git: 4fbcdeb187] Commit list: 4d6846d4d8 ovsdb-idl.at: Wait all servers to join the cluster.- Merging upstream branch-2.13 [RH git: d5817ddabf] Commit list: ace73aa122 travis: Merge matrix entries. 9eedff62fe ovs-dpctl-top: Skip "eth()" element. 9903c42973 meta-flow: fix a typo in "MPLS Bottom of Stack Field" paragraph. 7f1b52086b python: Fixup python shebangs to python3. 5d1e1c161a test-conntrack: Fix conntrack benchmark by clearing conntrack metadata.- Merging upstream branch-2.13 [RH git: 2fe3a06bff] Commit list: 14c5912a7b travis: Test build of debian packages. 823bea7797 debian: Fix broken build after some man pages became generated from RST 895fc18393 debian: Add python3-sphinx to ovs build dependencies b0e8532d01 debian: Fix package dependencies 0427918d89 connmgr: Support changing openflow versions without restarting. d02892966c ovs-monitor-ipsec: Convert Python2 code to Python3. 8b3fcc65a0 netdev-offload-dpdk: Fix for broken ethernet matching HWOL for XL710NIC.- dpdk: Updated configs to 19.11.3 [RH git: 4e4acaf40a]- Merging 798524b5e3 version: 19.11.3 [RH git: 64c883ec66] (#1868709) Commit list: 798524b5e3 version: 19.11.3 1e5167d97f mem: mark pages as not accessed when freeing memory 4153891ad2 net/mlx5: fix packet length assert in MPRQ 8bec239cff buildtools: get static mlx dependencies for meson 3196e264f7 net/mlx5: fix build with separate glue lib for dlopen f9fde3f8a9 doc: fix reference in ABI guide d455442cac Revert "common/qat: fix GEN3 marketing name" d764b2cd1f test/crypto: fix statistics case b965554c17 eal/ppc: fix bool type after altivec include 9f090f7c97 net/hns3: replace memory barrier with data dependency order 05f23c1a24 net/hns3: add free threshold in Rx 22ae47b85b net/hns3: remove one IO barrier in Rx 7669265b7f net/hns3: reduce judgements of free Tx ring space 4341cd6f0c net/hns3: remove unnecessary assignments in Tx 008d6625ed net/mlx5: fix RSS key copy to TIR context 987ef3cd66 net/ena/base: fix testing for supported hash function 5072ef83e7 net/hns3: fix MSI-X interrupt during initialization 6fdabde3d9 net/hns3: fix Rx interrupt after reset eb23edc7c2 net/hns3: fix Tx interrupt when enabling Rx interrupt 3db4e6aabb net/hns3: fix RSS indirection table configuration 7cfc979bc9 net/hns3: support different numbers of Rx and Tx queues f16148907b net/hns3: support Rx interrupt a4f8b13c12 doc: add NASM installation steps 43e4f20638 doc: fix API index 106dddaf87 doc: prefer https when pointing to dpdk.org 130830b165 doc: fix typo in contributors guide e9aeb99c93 doc: fix typo in contributors guide 029c527ef4 examples/ip_pipeline: remove check of null response 1b2d70662c examples/kni: fix crash during MTU set d9da460ee3 net/ixgbe: check driver type in MACsec API 33189eecd0 net/i40e: fix flow director enabling a6c3bc7236 net/ice: fix setting L2TAG a46186d063 net/iavf: fix setting L2TAG b7a08ea7cd net/i40e: fix setting L2TAG 696a40bd94 net/sfc/base: fix manual filter delete in EF10 bea8e15b59 net/hinic: fix TSO c4d7293707 net/octeontx2: fix buffer size assignment 586faf5a4f net/bnxt: fix Rx ring producer index 1df20ac457 cryptodev: fix SHA-1 digest enum comment 86809db310 doc: fix build with doxygen 1.8.18 121f752786 examples/vm_power: drop Unix path limit redefinition ba5df75ed5 examples/vm_power: fix build with -fno-common 4d1fd43b3a net/mvpp2: fix build with gcc 10 1c2eaf9a98 vhost: fix zero-copy server mode 3ddb8f1d07 net/i40e: fix queue related exception handling 69516f9e3f net/ice: fix RSS for GTPU f956486556 net/i40e: fix wild pointer 3af3834731 examples/kni: fix MTU change to setup Tx queue 4b369799c7 fix same typo in multiple places c85044909a mempool/dpaa2: install missing header with meson fd2cc33835 kvargs: fix strcmp helper documentation 0b45ef6e39 doc: fix typos in ABI policy a7413810b9 pci: reject negative values in PCI id c4d58cd40c pci: accept 32-bit domain numbers 7b732e25df net/ice/base: update copyright 0491724e4a common/iavf: update copyright 75f2750b43 net/i40e/base: update copyright 3c6d1a0269 net/ixgbe/base: update copyright 7c36f2ea8b app/testpmd: fix DCB set 070a7b832d common/mlx5: fix netlink buffer allocation from stack 8fecf8ad1d net/mlx5: fix doorbell bitmap management offsets fc047c800b net/i40e: fix queue region in RSS flow 099b9e280c net/bnxt: fix storing MAC address twice ba15f6288e net/bnxt: fix using RSS config struct 2109b14aa9 net/bnxt: fix error log for command timeout bbcbd194d8 net/qede: fix port reconfiguration f9630f56a4 net/virtio: fix unexpected event after reconnect c651ee6999 vhost: handle mbuf allocation failure 1e2a3beb12 net/hinic: fix Tx mbuf length while copying b191e32975 net/hinic: fix queues resource free 733bc3f639 net/vmxnet3: handle bad host framing a15ee3e4a7 net/mlx5: fix VLAN flow action with wildcard VLAN item 4de7d8bc21 net/qede: fix link state configuration f98d3de913 net/ixgbe: fix statistics in flow control mode 22f701a5d4 common/mlx5: fix umem buffer alignment 348a2c5a9a doc: fix multicast filter feature announcement fc962b01c7 net/e1000: fix port hotplug for multi-process 2e33e6b144 doc: fix build issue in ABI guide da5586fcbe eal: fix C++17 compilation 2d2ba1fb00 doc: fix default symbol binding in ABI guide ef254d821e doc: fix LTO config option f40d9a3cbb build: disable gcc 10 zero-length-bounds warning b02c7838a0 crypto/caam_jr: fix IRQ functions return type 199d2c49a6 crypto/caam_jr: fix check of file descriptors 053c7ff9b5 app/eventdev: check Tx adapter service ID a23ef1c188 event/dsw: fix enqueue burst return value 32b5e80df1 crypto/qat: support plain SHA1..SHA512 hashes 507cda6e23 examples: remove extra new line after link duplex 83e7cafc27 app: remove extra new line after link duplex 40a2233e78 net/mlx5: fix Tx queue release debug log timing ead66a3fb9 net/mlx4: fix drop queue error handling 46cd8f27b1 net/mlx5: fix meter color register consideration 77ca941f9d net/mlx5: fix matching for UDP tunnels with Verbs 23e2c36fa1 net/mlx5: fix match on empty VLAN item in DV mode 425b3ccd2d net/ring: fix device pointer on allocation 39abdde91a net/ice: fix variable initialization 8ec53ab745 Revert "net/bnxt: fix number of TQM ring" ee4518a2de Revert "net/bnxt: fix TQM ring context memory size" 53038c4760 net/ixgbe: fix link state timing on fiber ports 61706cf3f2 bus/fslmc: fix size of qman fq descriptor eeaa4c42b3 net/dpaa2: fix congestion ID for multiple traffic classes a71e30e6b0 net/dpaa2: fix 10G port negotiation ef6d112d7d bus/fslmc: fix dereferencing null pointer f83c2ba6ea app/testpmd: fix memory failure handling for i40e DDP e428b51c18 net/bnxt: fix FW version query dafdf58799 net/virtio: fix crash when device reconnecting abe65fce86 net/bnxt: fix TQM ring context memory size 426e8b5253 net/bnxt: fix number of TQM ring 2befb2f470 net/tap: fix crash in flow destroy 82e2269d01 net/ice: fix crash in switch filter 2e1e12f6a8 net/ice: support mark only action for flow director f05c433b44 net/ixgbe: fix link status synchronization on BSD b639786c5f net/iavf: fix link speed 6c8f2aef2f net/bnxt: fix possible stack smashing 1a476dbabd net/netvsc: do not configure RSS if disabled f815b93c27 net/netvsc: do RSS across Rx queue only bb0fd68c99 bus/vmbus: fix comment spelling 4fe11771a2 net/netvsc: fix comment spelling 024a568578 app/testpmd: fix statistics after reset 556ae6bd83 net/failsafe: fix fd leak 47bd1f0ad2 ipsec: check SAD lookup error 7b842acdfa drivers/crypto: disable gcc 10 no-common errors b64337ffa3 examples/fips_validation: fix parsing of algorithms b168483089 crypto/kasumi: fix extern declaration 0665fb6e09 crypto/qat: fix cipher descriptor for ZUC and SNOW de299dec14 app/crypto-perf: fix display of sample test vector 9b91b991b6 crypto/ccp: fix fd leak on probe failure 6e0bdc2ba1 bbdev: fix doxygen comments abc111ae3d test/flow_classify: enable multi-sockets system a009c7667f event/octeontx2: fix build for O1 optimization 6fc3588de0 net/ena: fix build for O1 optimization c6f6f3d8e1 mempool/octeontx2: fix build for gcc O1 optimization 2cb0536157 examples/eventdev: fix crash on exit fd554a1f8f mem: fix overflow on allocation f0ac3aa2d2 examples/l2fwd-keepalive: fix mbuf pool size deb055888f remove references to private PCI probe function d8aeeb8cfb service: remove rte prefix from static functions 99303c675d service: fix identification of service running on other lcore c4bcf57075 service: fix race condition for MT unsafe service c4c9531648 mk: fix static linkage of mlx dependency d104eb2c03 common/octeontx: fix gcc 9.1 ABI break 9022ffe003 event/dsw: avoid reusing previously recorded events 85c1aae896 eventdev: fix probe and remove for secondary process a309eafc89 event/octeontx2: fix queue removal from Rx adapter 46b7943fda net/mlx5: fix gcc 10 enum-conversion warning 7e01ad84bf net/mlx5: fix VLAN ID check 4fdea813e5 net/mlx5: fix assert in modify converting 831152d0d9 net/mlx5: fix RSS enablement ea6b087b9b net/octeontx: fix dangling pointer on init failure ee263a1371 net/hns3: fix return value when clearing statistics 827eb6ca97 net/hns3: fix VLAN PVID when configuring device 6686131671 net/softnic: fix resource leak for pipeline 60dfeffc23 net/softnic: fix memory leak for thread e399ff6427 net/sfc/base: fix build when EVB is enabled 5862e3fe62 net/sfc/base: use simpler EF10 family run-time checks 68409f9a6c net/sfc/base: use simpler EF10 family conditional check ecd69bfb76 net/mlx5: fix actions validation on root table 58ca518c24 net/mlx5: fix assert in dynamic metadata handling a6ae060e39 vhost: prevent zero-copy with incompatible client mode 5099fb8d59 vhost: fix peer close check fd7ba64cb4 net/mlx5: fix assert in doorbell lookup d6db84d0b1 net/i40e: fix flush of flow director filter a42e979217 doc: add i40e limitation for flow director 74095b0ca6 net/i40e: fix flow director for ARP packets fe42bb4b74 net/bnxt: fix max ring count a131ab7d0f eal/ppc: fix build with gcc 9.3 2acc78a0a1 kvargs: fix invalid token parsing on FreeBSD df17bcb43b eal/x86: ignore gcc 10 stringop-overflow warnings 274dec7548 examples/ipsec-gw: fix gcc 10 maybe-uninitialized warning ea0fb3e5a5 net/avp: fix gcc 10 maybe-uninitialized warning daa2cd115f eal: fix typo in endian conversion macros 9ef2246962 doc: fix log level example in Linux guide aecc7782a6 app/testpmd: add parsing for QinQ VLAN headers 26467e800b net/bnxt: fix VNIC Rx queue count on VNIC free 61c8f03fd4 net/bnxt: fix memory leak during queue restart e09bf2672d bus/pci: fix UIO resource access from secondary process 35348ca71e usertools: check for pci.ids in /usr/share/misc a8e6e27b00 app: fix usage help of options separated by dashes 0d7e4fbf2d fix various typos found by Lintian ccc676944f timer: protect initialization with lock 6be8fba616 eal: fix comments spelling 32688549a0 lpm6: fix comments spelling eee7a4f089 lpm6: fix size of tbl8 group 8426cebb49 mempool: remove inline functions from export list 632fec749f security: fix crash at accessing non-implemented ops 0407d17dae net/bnxt: fix VLAN add when port is stopped a62880c4d4 net/bnxt: fix port start failure handling 6cc939165f net/bnxt: use true/false for bool types 886085974e net/bnxt: fix HWRM command during FW reset c1b7cb6792 net/iavf: fix stats query error code ca2ecc15f2 net/ixgbe: fix link status after port reset 9a673fc544 net/ixgbe: fix resource leak after thread exits normally 4c84ef15a7 net/mlx5: improve logging of MPRQ selection f0a019c950 net/mlx5: set dynamic flow metadata in Rx queues bf10f18c64 net/mlx5: fix header modify action validation da5c4ff51b net/mlx5: fix crash when releasing meter table a9018074d1 common/mlx5: fix build with rdma-core 21 461a2ba67a net/i40e: fix flow director initialisation ac051be918 net/tap: fix queues fd check before close 4c587687f7 net/virtio-user: fix devargs parsing 74a51ef091 vhost: fix shadowed descriptors not flushed 2f48b05305 vhost: fix shadow update d28299df0a net/tap: fix unexpected link handler 8e90f78a02 net/tap: fix fd leak on creation failure 2523e877dc net/tap: fix file close on remove 2b74a885aa net/tap: fix check for mbuf number of segment 2fe4af64f9 net/tap: fix mbuf and mem leak during queue release 908866e6fc net/tap: fix mbuf double free when writev fails ab9701159d net/mlx5: fix validation of push VLAN without full mask d2f4d1ae3d net/mlx5: fix push VLAN action to use item info 1603ade39c net/enic: fix flow action reordering d3c99e41b1 net/mlx5: fix jump table leak 652a21028a net/mlx5: fix meter suffix table leak afca8bc661 net/mlx5: add multi-segment packets in MPRQ mode bbdd1a9c79 net/mlx5: enable MPRQ multi-stride operations a1b3dc84bc net/mlx5: add device parameter for MPRQ stride size 31d1b373d5 net/i40e: relax barrier in Tx for NEON 85897fd567 net/octeontx2: disable unnecessary error interrupts 6075a1ee65 net/octeontx2: enable error and RAS interrupt in configure fd2f1973f4 net/mlx5: use open/read/close for ib stats query 624db5a0ab net/mlx4: fix build with -fno-common b3e01cd3e4 common/mlx5: fix build with -fno-common be0d36b087 net/hns3: fix VLAN filter when setting promisucous mode c6f7d75949 net/hns3: fix default VLAN filter configuration for PF 0bd1d3b49c net/hns3: fix RSS key length c4e9d7e10c net/hns3: add RSS hash offload to capabilities 50daf2acc9 net/hns3: clear residual flow rules on init 1ff55a18be vhost: make IOTLB cache name unique among processes c0c67a2dac vhost: remove unused variable 871773f3ac net/virtio: fix outdated comment 4f5f084c7f net/vhost: fix potential memory leak on close b35cbd50b9 vhost: fix packed ring zero-copy e624761604 vhost/crypto: add missing user protocol flag 11d9847039 net/hinic/base: fix PF firmware hot-active problem f662af80b1 net/null: remove redundant check bfc5290bc8 net/null: fix secondary burst function selection 670758fe8b net/pfe: fix double free of MAC address 175f707d92 app/testpmd: fix PPPoE flow command 03527bd393 net/mlx5: fix counter container usage 2c0c0e4820 net/ena: set IO ring size to valid value 59acd7de4c net/ena/base: fix indentation of multiple defines 3c4bf79460 net/ena/base: fix indentation in CQ polling 3c6ec30057 net/ena/base: fix documentation of functions c6730185e0 net/ena/base: prevent allocation of zero sized memory d5cfa58c05 net/ena/base: make allocation macros thread-safe af84a4f278 net/ice/base: remove unused code in switch rule 5cfef294de net/ice: fix RSS advanced rule 46825a9e59 net/nfp: fix dangling pointer on probe failure d027444df5 net/nfp: fix log format specifiers 61347b53bb examples/vmdq: fix RSS configuration 267e255ef4 ethdev: fix build when vtune profiling is on c6f822199a net/memif: fix resource leak 4f880a2089 net/netvsc: avoid possible live lock 9f54fa3e2b net/netvsc: handle Tx completions based on burst size 62ec946eec net/netvsc: remove process event optimization 81441b4e4f net/netvsc: fix memory free on device close 42916635b3 net/netvsc: split send buffers from Tx descriptors 244193073d net/netvsc: handle Rx packets during multi-channel setup cc1f006253 net/netvsc: propagate descriptor limits from VF 39e690ab3b net/ice: fix input set of VLAN item 175dc210ad net/ice: add action number check for switch 1b23b24565 net/ice: change default tunnel type 8e8fdd68f7 net/octeontx2: fix device configuration sequence 272fcab063 net/octeontx: fix meson build for disabled drivers d50174f38a net/tap: remove unused assert f50974db04 net/ice/base: check memory pointer before copying 3e51abed66 net/ice/base: fix binary order for GTPU filter 7ba59c1fd4 net/mlx5: fix imissed counter overflow e7c5383a09 net/thunderx: use dynamic log type 3e0d3b1204 net/dpaa: use dynamic log type 516f5f9136 net/bnxt: do not use PMD log type 45284045c5 net/pfe: do not use PMD log type 64ca12ff65 net/tap: do not use PMD log type 0bf29e36c3 net/virtio: do not use PMD log type 80e04ea6ae net/mvneta: do not use PMD log type 1b70d8acd0 examples/vmdq: fix output of pools/queues d9a7bf74e1 net/mlx5: fix zero value validation for metadata 5e3859176e net/mlx5: fix call to modify action without init item 24f6ab6d31 net/mlx5: update VLAN and encap actions validation 2491443dce net/mlx5: fix metadata for compressed Rx CQEs c469619b7a net/mlx5: fix validation of VXLAN/VXLAN-GPE specs 4493efb719 net/ixgbe: fix link status inconsistencies 117ecae920 net/ice/base: fix MAC write command d57cbe48b2 net/ice/base: minor fixes b97902938a net/ice/base: read PSM clock frequency from register d1cd22be97 net/ice/base: fix uninitialized stack variables 8081044a6f net/hns3: fix return value of setting VLAN offload 2717e6ab25 net/hns3: fix mailbox opcode data type 70b22c9ed2 net/hns3: fix configuring RSS hash when rules are flushed 7953227c19 net/ipn3ke: use control thread to check link status d57282791c net/hinic/base: fix port start during FW hot update 4710da6ef5 net/hinic: fix LRO 7caa43cc22 net/hns3: fix status after repeated resets 3f9c9bdcb5 net/hns3: fix configuring illegal VLAN PVID b6c05b0781 net/hns3: fix crash when flushing RSS flow rules with FLR 1cd4ab6cf4 net/hns3: fix default error code of command interface e9248b23b3 net/hns3: fix packets offload features flags in Rx ebad6ac59a test: remove redundant macro b54822ff2f security: fix session counter 477f8e08d3 security: fix return types in documentation 4fa404e280 security: fix verification of parameters 48bb740ce1 crypto/openssl: fix out-of-place encryption 8d5349e781 test/crypto: fix flag check 9aa6caeb5a drivers/crypto: fix log type variables for -fno-common 46a37b23ba cryptodev: add asymmetric session-less feature name efd0dea9c8 drivers: fix log type variables for -fno-common 2ef9870118 vfio: fix use after free with multiprocess 5732151922 vfio: fix race condition with sysfs 952892aa67 eal: fix PRNG init with HPET enabled 8eefb8787a doc: fix matrix CSS for recent sphinx da57576513 log: fix level picked with globbing on type register bd5e2ef80a ipsec: fix build dependency on hash lib c4d52beff8 doc: fix sphinx compatibility b0843e5671 event/dsw: remove unnecessary read barrier 09a714399a event/dsw: remove redundant control ring poll b9b72b8815 crypto/nitrox: fix oversized device name b878b432b7 crypto/nitrox: fix CSR register address generation 3b841d16dc baseband/turbo_sw: fix exposed LLR decimals assumption 2193048d87 test/ipsec: fix crash in session destroy 152fadd540 common/qat: fix GEN3 marketing name 196993b705 cryptodev: fix missing device id range checking ca31f0aee2 fib: fix headers for C++ support 1c51807a35 ci: fix telemetry dependency in Travis 39adba3b55 bus/pci: fix devargs on probing again c285902e7b kvargs: fix buffer overflow when parsing list bbf0c2d983 test/kvargs: fix invalid cases check bcdd4476cd test/kvargs: fix to consider empty elements as valid 9aebba7e3d mem: preallocate VA space in no-huge mode 46cd0c98bb eal/freebsd: fix queuing duplicate alarm callbacks 7ad8cd364e test: skip some subtests in no-huge mode 796af72c2d test: load drivers when required 7c8ab0ae70 devtools: fix symbol map change check 4710904861 contigmem: cleanup properly when load fails 6e0c764098 net/mlx5: reduce Tx completion index memory loads 307876a747 net/mlx5: fix CVLAN tag set in IP item translation 7ad364893c net/hinic: allocate IO memory with socket id 75457cff3f net/mlx5: fix zero metadata action 8ea2ea8fe4 net/sfc/base: handle manual and auto filter clashes in EF10 c6ae74f068 net/sfc/base: refactor filter lookup loop in EF10 9e496b76ab net/sfc/base: reject automatic filter creation by users 0e4497208a net/sfc/base: reduce filter priorities to implemented only c239286b98 net/sfc: set priority of created filters to manual 8771074d95 net/sfc: fix promiscuous and allmulticast toggles errors 6c1634ec93 ethdev: fix spelling 7aa0060a2a net/hns3: fix promiscuous mode for PF 32f349234b net/hinic: fix repeating cable log and length check d16cceef30 net/hinic: fix snprintf length of cable info d40bcdfb59 net/memif: fix init when already connected ba2322fb9a build: support MinGW-w64 with Meson 5cdff30419 net/mlx5: fix mask used for IPv6 item validation 7ce629f7f2 net/ice: remove bulk alloc option a42ef6f777 net/sfc: fix Rx queue start failure path 251cb7e722 net/sfc: fix initialization error path 5f0378bb2e net/vmxnet3: fix RSS setting on v4 556cdccab2 net/sfc: fix reported promiscuous/multicast mode 194ca60cde doc: fix number of failsafe sub-devices adf15e37f2 net/ice: remove unnecessary variable 2847184082 net/enetc: fix Rx lock-up aec781c6b1 net/ice: fix hash flow crash 2ce2096092 net/i40e: fix X722 performance 64a38788d1 net/mlx5: fix VLAN PCP item calculation 3e387d591e net/i40e: relax barrier in Tx 2550666028 net/octeontx2: fix link information for loopback port c2e90f337d build: fix linker warnings with clang on Windows 3262e4181c pci: fix build on ppc 5a99c0d994 pci: fix build on FreeBSD 027e022a18 pci: remove unneeded includes in public header file 9ca664d8be telemetry: fix port stats retrieval c20055f471 service: fix crash on exit d0e456e9b1 mem: mark pages as not accessed when reserving VA bcf4069ff2 eal/arm64: fix precise TSC 40a7c85881 eal: fix log message print for regex 2a46dc5951 drivers/crypto: fix build with make 4.3 3425ff8896 drivers: add crypto as dependency for event drivers 25fe1c8b05 examples/qos_sched: fix build with gcc 10 4de659fdc0 examples/eventdev: fix build with gcc 10 84119ecce2 examples/vhost_blk: fix build with gcc 10 5fb297ba3d app/pipeline: fix build with gcc 10 ef348e22a0 test: fix build with gcc 10 295ba7d0c3 crypto/octeontx2: fix build with gcc 10 Resolves: #1868709- Merging upstream branch-2.13 [RH git: 5dddb2d4f8] Commit list: 0047ca3a02 acinclude: Fix build with kernels with prandom* moved to prandom.h. 8a72db60ad faq: Mention Linux kernel versions supported by 2.13.x. 114ff63e3d Documentation: Fix kernel support matrix- Merging upstream branch-2.13 [RH git: bb436c2999] Commit list: 184a58e8b8 ovsdb-server: Replace in-memory DB contents at raft install_snapshot. 727bb3440d Prepare for 2.13.2. 714caaf571 Set release date for 2.13.1. ac51dcac87 odp-util: Clear padding in the nd_extension. eeef00da2f datapath-windows: Update flow key in SET action 37606fb5ca odp-util: Fix clearing match mask if set action is partially unnecessary. 5ad46c9a4d debian: Fixed openvswitch-test package dependency. b3a9dc6e5e dpctl: Fix memory leak in dpctl_dump_flows() cce57c5e0e ovs-router: Fix flushing of local routes. 8d0b409fcc acinclude: Remove libmnl for MLX5 PMD. 217ac490ac dpif-netdev: Avoid deadlock with offloading during PMD thread deletion.- ovsdb-server: Replace in-memory DB contents at raft install_snapshot. [RH git: 9f646ec051] (#1867185) Every time a follower has to install a snapshot received from the leader, it should also replace the data in memory. Right now this only happens when snapshots are installed that also change the schema. This can lead to inconsistent DB data on follower nodes and the snapshot may fail to get applied. Fixes: bda1f6b60588 ("ovsdb-server: Don't disconnect clients after raft install_snapshot.") Acked-by: Han Zhou Signed-off-by: Dumitru Ceara Signed-off-by: Ilya Maximets (cherry picked from commit 184a58e8b892231b44479b612bdfe2529bb04363) Resolves: #1867185- redhat: Add support to custom RPM releases. [RH git: 7eb5b56344] This commit allows the developer to specify a custom release string to be appended to package NVR. If the custom release is 'bz123456', the final release would look like -Y.bz123456.X where Y is the number of changes until the branch was created, and X is the number of changes after that.- pkgtool: Use OVS static version in package NVR. [RH git: a0b572aaa1] The package NVR must coincide with the tarball version.- odp-util: Fix clearing match mask if set action is partially unnecessary. [RH git: 6d85fea8b4] (#1862153) While committing set() actions, commit() could wildcard all the fields that are same in match key and in the set action. This leads to situation where mask after commit could actually contain less bits than it was before. And if set action was partially committed, all the fields that were the same will be cleared out from the matching key resulting in the incorrect (too wide) flow. For example, for the flow that matches on both src and dst mac addresses, if the dst mac is the same and only src should be changed by the set() action, destination address will be wildcarded in the match key and will never be matched, i.e. flows with any destination mac will match, which is not correct. Setting OF rule: in_port=1,dl_src=50:54:00:00:00:09 actions=mod_dl_dst(50:54:00:00:00:0a),output(2) Sending following packets on port 1: 1. eth(src=50:54:00:00:00:09,dst=50:54:00:00:00:0a),eth_type(0x0800) 2. eth(src=50:54:00:00:00:09,dst=50:54:00:00:00:0c),eth_type(0x0800) 3. eth(src=50:54:00:00:00:0b,dst=50:54:00:00:00:0c),eth_type(0x0800) Resulted datapath flows: eth(dst=50:54:00:00:00:0c),<...>, actions:set(eth(dst=50:54:00:00:00:0a)),2 eth(src=50:54:00:00:00:09,dst=50:54:00:00:00:0a),<...>, actions:2 The first flow doesn't have any match on source MAC address and the third packet successfully matched on it while it must be dropped. Fix that by updating the match mask with only the new bits set by commit(), but keeping those that were cleared (OR operation). With fix applied, resulted correct flows are: eth(src=50:54:00:00:00:09,dst=50:54:00:00:00:0a),<...>, actions:2 eth(src=50:54:00:00:00:09,dst=50:54:00:00:00:0c),<...>, actions:set(eth(dst=50:54:00:00:00:0a)),2 eth(src=50:54:00:00:00:0b),<...>, actions:drop The code before commit dbf4a92800d0 was not able to reduce the mask, it was only possible to expand it to exact match, so it was OK to update original matching mask with the new value in all cases. Fixes: dbf4a92800d0 ("odp-util: Do not rewrite fields with the same values as matched") Reported-at: https://bugzilla.redhat.com/show_bug.cgi?id=1854376 Acked-by: Eli Britstein Tested-by: Adrián Moreno Signed-off-by: Ilya Maximets (cherry picked from commit 37606fb5ca76aef478a51d407aaa06caf7fb9376) Resolves: #1862153- redhat: Clean old changelog entries. [RH git: 6cf8d909e8] Fix the changelog shift caused by use of static references and remove the old entries not relevant to the new tarball. Fixes: 90ac9bd6aa ("redhat: Use static references.")- redhat: Update the documentation. [RH git: c9571d2dad]- redhat: Add merge script. [RH git: 752c59ba74] This script helps to provide a standard commit log.- redhat: Use static references. [RH git: f1025c1515] Add static references because there could be patches after SHA_REF not available in newer tarballs. Therefore, it is only possible to update the references if all previous patches are applied in the new references.- Update DPDK configs to v19.11.2. [RH git: 98e6e9823b]- Merge DPDK tag 'v19.11.2' into fast-datapath-rhel-8 [RH git: 755e86c61a]- Merging upstream branch-2.13 to fast-datapath-rhel-8 [RH git: 735b3f94c2] Commit list: bef407fa7f dpdk: Use DPDK 19.11.2 release. 53e0568753 dpif-netdev: Return error code when no mark available. 99a4564348 dpif-netdev: Add check mark to avoid ovs-vswitchd crash. 22c6148a9a netdev-offload-dpdk: Fix Ethernet matching for type only. 9747d5649b dpif-netdev: Don't use zero flow mark. 39cc59dc91 netdev-linux: Fix broken build on Ubuntu 14.04 ac92cdbc4d odp-execute: Fix length checking while executing check_pkt_len action. 08ad9f6483 odp-util.c: Fix dp_hash execution with slowpath actions. 5351651d37 ctags: Include new annotations to ctags ignore list. d5484cf697 lib/tc: only update the stats for non-empty counter 998475d79f datapath-windows, conntrack: Fix conntrack new state 6dbbf0771e bridge: Fix null dereference on ct_timeout_policy record 3e5991a75e rhel: Fix syntax error when matching version. 59cedd3b35 rhel: Support RHEL 7.8 kernel module rpm build. 78ac2896d1 dpif-netlink: Fix Windows incompatibility when setting new feature 51e9479da6 ovsdb-idl: Avoid inconsistent IDL state with OVSDB_MONITOR_V3. 8ba057d345 ovs-rcu: Avoid flushing callbacks during postponing. b24ff56441 raft: Avoid sending equal snapshots. a33880c6e9 ovsdb: Fix timeout type for wait operation. 7077328846 classifier: Prevent tries vs n_tries race leading to NULL dereference. a29fe0d482 ovsdb-server: Fix schema leak while reading db. 1bb5be5138 compat: Backport ipv6_stub change 71acf83c33 netdev-offload-tc: Re-fetch block ID after probing. 23e3ae7158 netdev-linux: Update LAG in all cases. 85fe081852 ofproto: Fix statistics of removed flow. 6bd9ddc829 metaflow: Fix maskable conntrack orig tuple fields 1600e0040c raft: Disable RAFT jsonrpc inactivity probe. 168beb87ca raft: Fix leak of the incomplete command. da9dc791de compat: Fix ipv6_dst_lookup build error a09e22dbdd system-traffic: Check frozen state handling with TLV map change b267889057 tun_metadata: Fix coredump caused by use-after-free bug d323c5398f cirrus: Force pkg update on FreeBSD. 62cede43ee Revert "ovsdb-idl: Avoid sending redundant conditional monitoring updates" b52877a483 dpif-netdev: Force port reconfiguration to change dynamic_txqs. dc389fd319 netdev-offload-tc: Flush rules on ingress block when init tc flow api e2f6393592 conntrack: Reset ct_state when entering a new zone. 314bd235c1 ofp-actions: Fix memory leak. 1f12a91cf9 ofproto-dpif-xlate: Fix recirculation when in_port is OFPP_CONTROLLER. 8315f3cc98 conntrack: Fix NULL pointer dereference. 89c85b997c dpif-netlink: avoid netlink modify flow put op failed after tc modify flow put op failed. 49db27d213 dpif-netdev: Enter quiescent state after each offloading operation. bf2dcbfe5c pvector: Use acquire-release semantics for size. 443f8e2575 tc: Fix nat port range when offloading ct action d69d4c0537 travis: Disable sindex build in sparse. 25a7e5547f raft: Fix the problem of stuck in candidate role forever. 877618fc83 raft: Fix next_index in install_snapshot reply handling. 3ae90e1899 raft: Avoid busy loop during leader election. adc64ab057 raft: Fix raft_is_connected() when there is no leader yet. f0c8b44c58 ovsdb-server: Don't disconnect clients after raft install_snapshot. 78c8011f58 raft-rpc: Fix message format. f0de491257 ovs-dpctl-top: python3 compatibility 00dd014519 dpif-netdev.at: Fix partial offloading test cases failure. 6f86b10549 userspace TSO: SCTP checksum offload optional. b837d1fdc4 userspace TSO: Include UDP checksum offload. ad550ebc36 netdev-dpdk: vhost: disable unsupported offload features. 3f83220418 docs: Update conntrack established state description dd0293c8b5 conntrack: Fix TCP conntrack state 0aefc0eb8e docs: Update DPDK version table d33cc044f3 Prepare for 2.13.1.- redhat: Rename OVSCI job name. [RH git: a61f1d1095] The OVSCI job's name has been renamed to follow a standard.- redhat: pkgtool: use diff instead of format-patch [RH git: da2129ac82]- bus/pci: fix VF memory access [RH git: 2b22bcd9ad] (#1851169) To fix CVE-2020-12888, the linux vfio-pci module will invalidate mmaps and block MMIO access on disabled memory, it will send a SIGBUS to the application: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=abafbc551fdd When the application opens the vfio PCI device, the vfio-pci module will enable the bus memory space through PCI read/write access. According to the PCIe specification, the 'Memory Space Enable' is always zero for VF: Table 9-13 Command Register Changes Bit Location | PF and VF Register Differences | PF | VF | From Base | Attributes | Attributes -------------+--------------------------------+------------+----------- | Memory Space Enable - Does not | | | apply to VFs. Must be hardwired| Base | 0b 1 | to 0b for VFs. VF Memory Space | | | is controlled by the VF MSE bit| | | in the VF Control register. | | -------------+--------------------------------+------------+----------- Afterwards the vfio-pci will initialize its own virtual PCI config space data ('vconfig') by reading the VF's physical PCI config space, then the 'Memory Space Enable' bit in vconfig will always be 0b value. This will make the vfio-pci treat the BAR memory space as disabled, and the SIGBUS will be triggered if access these BARs. By investigation, the VF PCI device *passthrough* into the Guest OS by QEMU has the 'Memory Space Enable' with 1b value. That's because every PCI driver will start to enable the memory space, and this action will be hooked by vfio-pci virtual PCI read/write to set the 'Memory Space Enable' in vconfig space to 1b. So VF runs in guest OS has 'Mem+', but VF runs in host OS has 'Mem-'. Align with PCI working mode in Guest/QEMU/Host, in DPDK, enable the PCI bus memory space explicitly to avoid access on disabled memory. Fixes: 33604c31354a ("vfio: refactor PCI BAR mapping") Cc: stable@dpdk.org Signed-off-by: Haiyue Wang Acked-by: Anatoly Burakov Tested-by: Harman Kalra Tested-by: David Marchand Tested-by: Thierry Martin (cherry picked from commit 54f3fb127d9c265a5724d193e5c7c6db29fb4150) Resolves: #1851169- raft: Avoid sending equal snapshots. [RH git: 3168eba559] (#1834838) [ upstream commit 8c2c503bdb0da1ce6044a53d462f905fd4f8acf5 ] Snapshots are huge. In some cases we could receive several outdated append replies from the remote server. This could happen in high scale cases if the remote server is overloaded and not able to process all the raft requests in time. As an action to each outdated append reply we're sending full database snapshot. While remote server is already overloaded those snapshots will stuck in jsonrpc backlog for a long time making it grow up to few GB. Since remote server wasn't able to timely process incoming messages it will likely not able to process snapshots leading to the same situation with low chances to recover. Remote server will likely stuck in 'candidate' state, other servers will grow their memory consumption due to growing jsonrpc backlogs: jsonrpc|INFO|excessive sending backlog, jsonrpc: ssl:192.16.0.3:6644, num of msgs: 3795, backlog: 8838994624. This patch is trying to avoid that situation by avoiding sending of equal snapshot install requests. This helps maintain reasonable memory consumption and allows the cluster to recover on a larger scale. Acked-by: Han Zhou Signed-off-by: Ilya Maximets Related: #1834838 Signed-off-by: Ilya Maximets - ovsdb-server: Fix schema leak while reading db. [RH git: 92a1e56c8a] (#1834838) [ upstream commit 16e3a80cf646f6c53d22ef98599d5aecb8310414 ] parse_txn() function doesn't always take ownership of the 'schema' passed. So, if the schema of the clustered db has same version as the one that already in use, parse_txn() will not use it, resulting with a memory leak: 7,827 (56 direct, 7,771 indirect) bytes in 1 blocks are definitely lost at 0x483BB1A: calloc (vg_replace_malloc.c:762) by 0x44AD02: xcalloc (util.c:121) by 0x40E70E: ovsdb_schema_create (ovsdb.c:41) by 0x40EA6D: ovsdb_schema_from_json (ovsdb.c:217) by 0x415EDD: ovsdb_storage_read (storage.c:280) by 0x408968: read_db (ovsdb-server.c:607) by 0x40733D: main_loop (ovsdb-server.c:227) by 0x40733D: main (ovsdb-server.c:469) While we could put ovsdb_schema_destroy() in a few places inside 'parse_txn()', from the users' point of view it seems better to have a constant argument and just clone the 'schema' if needed. The caller will be responsible for destroying the 'schema' it owns. Fixes: 1b1d2e6daa56 ("ovsdb: Introduce experimental support for clustered databases.") Acked-by: Han Zhou Signed-off-by: Ilya Maximets Related: #1834838 Signed-off-by: Ilya Maximets - ovsdb: Add raft memory usage to memory report. [RH git: fb32a78921] (#1834838) [ upstream commit 3423cd97f88fe6a8de8b649d79fe6ac83bce94d1 ] Memory reports could be found in logs or by calling 'memory/show' appctl command. For ovsdb-server it includes information about db cells, monitor connections with their backlog size, etc. But it doesn't contain any information about memory consumed by raft. Backlogs of raft connections could be insanely large because of snapshot installation requests that simply contains the whole database. In not that healthy clusters where one of ovsdb servers is not able to timely handle all the incoming raft traffic, backlog on a sender's side could cause significant memory consumption issues. Adding new 'raft-connections' and 'raft-backlog' counters to the memory report to better track such conditions. Acked-by: Han Zhou Signed-off-by: Ilya Maximets Related: #1834838 Signed-off-by: Ilya Maximets - netdev-offload-tc: Re-fetch block ID after probing. [RH git: d14e39f81b] It's possible that block_id could changes after the probe for block support. Therefore, fetch the block_id again after the probe. Fixes: edc2055a2bf7 ("netdev-offload-tc: Flush rules on ingress block when init tc flow api") Cc: Dmytro Linkin Acked-by: Roi Dayan Co-authored-by: Marcelo Leitner Signed-off-by: Marcelo Leitner Signed-off-by: Aaron Conole Signed-off-by: Ilya Maximets - netdev-linux: Update LAG in all cases. [RH git: 8b15547574] In some cases, when processing a netlink change event, it's possible for an alternate part of OvS (like the IPv6 endpoint processing) to hold an active netdev interface. This creates a race-condition, where sometimes the OvS change processing will take the normal path. This doesn't work because the netdev device object won't actually be enslaved to the ovs-system (for instance, a linux bond) and ingress qdisc entries will be missing. To address this, we update the LAG information in ALL cases where LAG information could come in. Fixes: d22f8927c3c9 ("netdev-linux: monitor and offload LAG slaves to TC") Cc: Marcelo Leitner Cc: John Hurley Acked-by: Roi Dayan Signed-off-by: Aaron Conole Signed-off-by: Ilya Maximets - vhost: fix potential fd leak [RH git: a9e6e35814] Vhost will create temporary file when receiving VHOST_USER_GET_INFLIGHT_FD message. Malicious guest can send endless this message to drain out the resource of host. When receiving VHOST_USER_GET_INFLIGHT_FD message repeatedly, closing the file created during the last handling of this message. Fixes: d87f1a1cb7b666550 ("vhost: support inflight info sharing") Cc: stable@dpdk.org This issue has been assigned CVE-2020-10726 Signed-off-by: Xuan Ding Signed-off-by: Xiaolong Ye Reviewed-by: Maxime Coquelin - vhost: fix potential memory space leak [RH git: b39bac1377] A malicious container which has direct access to the vhost-user socket can keep sending VHOST_USER_GET_INFLIGHT_FD messages which may cause leaking resources until resulting a DOS. Fix it by unmapping the dev->inflight_info->addr before assigning new mapped addr to it. Fixes: d87f1a1cb7b6 ("vhost: support inflight info sharing") Cc: stable@dpdk.org This issue has been assigned CVE-2020-10726 Signed-off-by: Xiaolong Ye Reviewed-by: Maxime Coquelin - vhost: fix translated address not checked [RH git: 7da9061642] Malicious guest can construct desc with invalid address and zero buffer length. That will request vhost to check both translated address and translated data length. This patch will add missed address check. Fixes: 75ed51697820 ("vhost: add packed ring batch dequeue") Fixes: ef861692c398 ("vhost: add packed ring batch enqueue") Cc: stable@dpdk.org This issue has been assigned CVE-2020-10725 Signed-off-by: Marvin Liu Reviewed-by: Maxime Coquelin - vhost: fix vring index check [RH git: 7c4cfd12e3] vhost_user_check_and_alloc_queue_pair() is used to extract a vring index from a payload. This function validates the index and is called early on in when performing message handling. Most message handlers depend on it correctly validating the vring index. Depending on the message type the vring index is in different parts of the payload. The function contains a switch/case for each type and copies the index. This is stored in a uint16. This index is then validated. Depending on the message, the source index is an unsigned int. If integer truncation occurs (uint->uint16) the top 16 bits of the index are never validated. When they are used later on (e.g. in vhost_user_set_vring_num() or vhost_user_set_vring_addr()) it can lead to out of bound indexing. The out of bound indexed data gets written to, and hence this can cause memory corruption. This patch fixes this vulnerability by declaring vring index as an unsigned int in vhost_user_check_and_alloc_queue_pair(). Fixes: 160cbc815b41 ("vhost: remove a hack on queue allocation") Cc: stable@dpdk.org This issue has been assigned CVE-2020-10723 Reported-by: Ilja Van Sprundel Signed-off-by: Maxime Coquelin Reviewed-by: Xiaolong Ye Reviewed-by: Ilja Van Sprundel - vhost: check log mmap offset and size overflow [RH git: 517d8488dc] vhost_user_set_log_base() is a message handler that is called to handle the VHOST_USER_SET_LOG_BASE message. Its payload contains a 64 bit size and offset. Both are added up and used as a size when calling mmap(). There is no integer overflow check. If an integer overflow occurs a smaller memory map would be created than requested. Since the returned mapping is mapped as writable and used for logging, a memory corruption could occur. Fixes: fbc4d248b198 ("vhost: fix offset while mmaping log base address") Cc: stable@dpdk.org This issue has been assigned CVE-2020-10722 Reported-by: Ilja Van Sprundel Signed-off-by: Maxime Coquelin Reviewed-by: Xiaolong Ye Reviewed-by: Ilja Van Sprundel - raft: Disable RAFT jsonrpc inactivity probe. [RH git: 3d9b529afb] (#1836308) [ upstream commit 1600e0040caded7eaa9b1f41926f9619d8e0ec8d ] With the scale test of 640 nodes k8s cluster, raft DB nodes' jsonrpc session got closed due to the timeout of default 5 seconds probe. It will cause disturbance of the raft cluster. Since we already have the heartbeat for RAFT, just disable the probe between the servers to avoid the unnecessary jsonrpc inactivity probe. Acked-by: Han Zhou Signed-off-by: Zhen Wang Signed-off-by: Ilya Maximets Resolves: #1836308 Signed-off-by: Dumitru Ceara - raft: Fix leak of the incomplete command. [RH git: 5c38ccd52f] (#1836307) [ upstream commit 168beb87ca63056e8896b09a60031565b7b60728 ] Function raft_command_initiate() returns correctly referenced command instance. 'n_ref' equals 1 for complete commands and 2 for incomplete commands because one more reference is in raft->commands list. raft_handle_execute_command_request__() leaks the reference by not returning pointer anywhere and not unreferencing incomplete commands. 792 bytes in 11 blocks are definitely lost in loss record 258 of 262 at 0x483BB1A: calloc (vg_replace_malloc.c:762) by 0x44BA32: xcalloc (util.c:121) by 0x422E5F: raft_command_create_incomplete (raft.c:2038) by 0x422E5F: raft_command_initiate (raft.c:2061) by 0x428651: raft_handle_execute_command_request__ (raft.c:4161) by 0x428651: raft_handle_execute_command_request (raft.c:4177) by 0x428651: raft_handle_rpc (raft.c:4230) by 0x428651: raft_conn_run (raft.c:1445) by 0x428DEA: raft_run (raft.c:1803) by 0x407392: main_loop (ovsdb-server.c:226) by 0x407392: main (ovsdb-server.c:469) Fixes: 1b1d2e6daa56 ("ovsdb: Introduce experimental support for clustered databases.") Signed-off-by: Ilya Maximets Acked-by: Han Zhou Signed-off-by: William Tu Resolves: #1836307 Signed-off-by: Dumitru Ceara - raft: Fix the problem of stuck in candidate role forever. [RH git: 9c76350e27] (#1836305) [ upstream commit 25a7e5547f1e107db0f032ad269f447c57401531 ] Sometimes a server can stay in candidate role forever, even if the server already see the new leader and handles append-requests normally. However, because of the wrong role, it appears as disconnected from cluster and so the clients are disconnected. This problem happens when 2 servers become candidates in the same term, and one of them is elected as leader in that term. It can be reproduced by the test cases added in this patch. The root cause is that the current implementation only changes role to follower when a bigger term is observed (in raft_receive_term__()). According to the RAFT paper, if another candidate becomes leader with the same term, the candidate should change to follower. This patch fixes it by changing the role to follower when leader is being updated in raft_update_leader(). Signed-off-by: Han Zhou Signed-off-by: Ben Pfaff Resolves: #1836305 Signed-off-by: Dumitru Ceara - raft: Fix next_index in install_snapshot reply handling. [RH git: cc3d026992] (#1836305) [ upstream commit 877618fc833273d1e29e012b5e925d51cba80ff5 ] When a leader handles install_snapshot reply, the next_index for the follower should be log_start instead of log_end, because there can be new entries added in leader's log after initiating the install_snapshot procedure. Also, it should send all the accumulated entries to follower in the following append-request message, instead of sending 0 entries, to speed up the converge. Without this fix, there is no functional problem, but it takes uncessary extra rounds of append-requests responsed with "inconsistency" by follower, although finally will be converged. Signed-off-by: Han Zhou Signed-off-by: Ben Pfaff Resolves: #1836305 Signed-off-by: Dumitru Ceara - raft: Avoid busy loop during leader election. [RH git: 053b78c8d6] (#1836305) [ upstream commit 3ae90e1899c5a05148ea1870d9bb4ac3c05e3a19 ] When a server doesn't see a leader yet, e.g. during leader re-election, if a transaction comes from a client, it will cause 100% CPU busy loop. With debug log enabled it is like: 2020-02-28T04:04:35.631Z|00059|poll_loop|DBG|wakeup due to 0-ms timeout at ../ovsdb/trigger.c:164 2020-02-28T04:04:35.631Z|00062|poll_loop|DBG|wakeup due to 0-ms timeout at ../ovsdb/trigger.c:164 2020-02-28T04:04:35.631Z|00065|poll_loop|DBG|wakeup due to 0-ms timeout at ../ovsdb/trigger.c:164 2020-02-28T04:04:35.631Z|00068|poll_loop|DBG|wakeup due to 0-ms timeout at ../ovsdb/trigger.c:164 2020-02-28T04:04:35.631Z|00071|poll_loop|DBG|wakeup due to 0-ms timeout at ../ovsdb/trigger.c:164 2020-02-28T04:04:35.631Z|00074|poll_loop|DBG|wakeup due to 0-ms timeout at ../ovsdb/trigger.c:164 2020-02-28T04:04:35.631Z|00077|poll_loop|DBG|wakeup due to 0-ms timeout at ../ovsdb/trigger.c:164 ... The problem is that in ovsdb_trigger_try(), all cluster errors are treated as temporary error and retry immediately. This patch fixes it by introducing 'run_triggers_now', which tells if a retry is needed immediately. When the cluster error is with detail 'not leader', we don't immediately retry, but will wait for the next poll event to trigger the retry. When 'not leader' status changes, there must be a event, i.e. raft RPC that changes the status, so the trigger is guaranteed to be triggered, without busy loop. Signed-off-by: Han Zhou Signed-off-by: Ben Pfaff Resolves: #1836305 Signed-off-by: Dumitru Ceara - raft: Fix raft_is_connected() when there is no leader yet. [RH git: e732012d7b] (#1836305) [ upstream commit adc64ab057345f7004c44bf92363b9adda862134 ] If there is never a leader known by the current server, it's status should be "disconnected" to the cluster. Without this patch, when a server in cluster is restarted, before it successfully connecting back to the cluster it will appear as connected, which is wrong. Signed-off-by: Han Zhou Signed-off-by: Ben Pfaff Resolves: #1836305 Signed-off-by: Dumitru Ceara - ovsdb-server: Don't disconnect clients after raft install_snapshot. [RH git: 8ff30dfee6] (#1836305) [ upstream commit f0c8b44c5832c36989fad78927407fc14e64ce46 ] When "schema" field is found in read_db(), there can be two cases: 1. There is a schema change in clustered DB and the "schema" is the new one. 2. There is a install_snapshot RPC happened, which caused log compaction on the server and the next log is just the snapshot, which always constains "schema" field, even though the schema hasn't been changed. The current implementation doesn't handle case 2), and always assume the schema is changed hence disconnect all clients of the server. It can cause stability problem when there are big number of clients connected when this happens in a large scale environment. Signed-off-by: Han Zhou Signed-off-by: Ben Pfaff Resolves: #1836305 Signed-off-by: Dumitru Ceara - raft-rpc: Fix message format. [RH git: 914d885061] (#1836305) [ upstream commit 78c8011f58daec41ec97440f2e42795699322742 ] Signed-off-by: Han Zhou Signed-off-by: Ben Pfaff Resolves: #1836305 Signed-off-by: Dumitru Ceara - redhat: pkgtool: Use the oldest sha1 [RH git: 4c657a79de] Doing git merge from a branch to another branch the tag:C0FF3E commit is repeated, but the correct one is the oldest one.- Fix building locally on Fedora 32+ [RH git: d1c89e4d99]- Set -fcommon in DPDK CFLAGS [RH git: f8a379e95e] This is needed to build on Fedora 32+- Update DPDK config files for 19.11.1 [RH git: d771330907]- Merge tag 'v19.11.1' into fast-datapath-rhel-8 [RH git: 0b3abfb0e6] dpdk-19.11.1- bugtool: Fix for Python3. [RH git: 71f25b7920] (#1809241) Currently ovs-bugtool tool doesn't start on Python 3. This commit fixes ovs-bugtool to make it works on Python 3. Replaced StringIO.StringIO with io.BytesIO since the script is processing binary data. Reported-at: https://bugzilla.redhat.com/1809241 Reported-by: Flavio Leitner Signed-off-by: Timothy Redaelli Co-authored-by: William Tu Signed-off-by: William Tu (cherry picked from commit 9e6c00bca9af29031d0e160d33174b7ae99b9244)- redhat: Skip NVR check only if building rhel-8 on rhel-7. [RH git: 2b9f32bef2]- redhat: rh-dgit-brew: Skip NVR check in RHEL-7. [RH git: 6280d8d29f] The RPM in RHEL-7 can't parse Supplements tag in the SPEC to get the package NVR. The NVR is used to check if brew is already done. error: line 241: Unknown tag: Supplements: (openvswitch2.13 and network-scripts) error: query of specfile openvswitch2.13.spec failed, can't parse Use --skip-nvr-check to work around the issue.- redhat: pkgtool: Use BZ id from reported-at tag. [RH git: 3ee7ec51b6] Some upstream commits might contain the Reported-at tag pointing to Red Hat bugzilla. In that case, use the BZ id in the package's changelog. Signed-off-by: Flavio Leitner - redhat: ovsci: Schedule the CI job while brew is building. [RH git: 1551e1e70e] The CI will wait for the brew build to complete and this helps to have a single place to monitor and also to record in the CI log the brew build.- redhat: ovsci: Use the correct job name and params. [RH git: 220f32afb2] Jenkins needs to support different use-cases so fix the parameters to be uniform and the job name to allow multiple triggers (formal and non-formal releases processes). Signed-off-by: Flavio Leitner - Add compatibility with RHEL7 git [RH git: 3492995783]- Use the date in UTC [RH git: b53bdb16b8] In order to avoid changing date in changelog cast the date in UTC- ofproto-dpif-xlate: Fix recirculation when in_port is OFPP_CONTROLLER. [RH git: 4ee0f6af9e] (#1775160) [ upstream commit c5a910dd92ecbad24f86b4c59b4ff8105b5149fd ] Recirculation usually requires finding the pre-recirculation input port. Packets sent by the controller, with in_port of OFPP_CONTROLLER or OFPP_NONE, do not have a real input port data structure, only a port number. The code in xlate_lookup_ofproto_() mishandled this case, failing to return the ofproto data structure. This commit fixes the problem and adds a test to guard against regression. Reported-by: Numan Siddique Reported-at: https://mail.openvswitch.org/pipermail/ovs-dev/2020-March/368642.html Tested-by: Numan Siddique Acked-by: Numan Siddique Signed-off-by: Ben Pfaff Resolves: #1775160 Signed-off-by: Numan Siddique - vhost: fix packed virtqueue ready condition [RH git: 0b4e7827b8] (#1812620) [ upstream commit c5a910dd92ecbad24f86b4c59b4ff8105b5149fd ] Consider a virtqueue ready when, apart from the descriptor area, both event suppression areas have been mapped. Fixes: 2d1541e2b6b3 ("vhost: add vring address setup for packed queues") Signed-off-by: Adrian Moreno Reviewed-by: Tiwei Bie Resolves: #1812620- redhat: permit make to fail when pkgtool --gen{spec,patches} exist badly [RH git: 61807f941e]- vhost: protect log address translation in IOTLB update [RH git: 0d4370404f] (#1806599) [ upstream commit 4f37df14c405b754b5e971c75f4f67f4bb5bfdde ] Currently, the log address translation only happens in the vhost-user's translate_ring_addresses(). However, the IOTLB update handler is not checking if it was mapped to re-trigger that translation. Since the log address mapping could fail, check it on iotlb updates. Also, check it on vring_translate() so we do not dirty pages if the logging address is not yet ready. Additionally, properly protect the accesses to the iotlb structures. Fixes: fbda9f145927 ("vhost: translate incoming log address to GPA") Signed-off-by: Adrian Moreno Reviewed-by: Maxime Coquelin Resolves: #1806599 Signed-off-by: Maxime Coquelin 2.13.0-153.el82.13.0-153.el8openvswitch-ipsec.serviceovs-monitor-ipsec/usr/lib/systemd/system//usr/share/openvswitch/scripts/-O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -fasynchronous-unwind-tables -fstack-clash-protectioncpioxz2aarch64-redhat-linux-gnuASCII textPython script, ASCII text executableRutf-8cd6dc44c432a68e565d9f357c7e9dbfee35738657b2eda3621cc81bb3cb79009?@7zXZ !#,s)] b2u Q{KlgjrK'zIdt%`҄0'8ZP7W5AX,ǭ&,KpK>Tf-O"c ̄Z'|M~Sfl),1."l!zϒm{ uh~HAi&ZGSCn 0lZ)핐a$ MD S)ґ[*HM9eLz 5*eo0c%zQ=Ik`a^0+b2+<'F"~UJ&vo, B ˣns-xTM)nөz(N*h<,Fvul{MNt0G{]KγF.TBMYDec<'pdVoʰ1m-7j I`qMϤ_pi˲ҫvW &omEY~n[Jp֐T+(yz"`cV~d-JZ|~)6ٯ d=ֆè,b)%b_14=* ljrd!x(Tk`SuPva `)&kTm s;M<Ȏ)?>" X7ncV{,Po^TU=8>e{rl]C`^߃ry4+9>c57i, FP?)ܭ?NГ=ӰC:b RIgzT݀ g 7&6.M1{%.+yj;\cziviU O]d]Vp7#=}~!mYB(5D9lSzz=q`s)HlW2ņn293߾ 2pK#`^ӻ_}~FEG!cBuM#CYf2Эw)* zZX%z woْBpRĜdF]֝njS +O漒$Vp Ա4?s`0/Yƪ*%˱G~ -Y3\di޺tM`sYh9H++g=Lp97ޓp&d$ gg6e$\|?QN$JJښ +\^D~Pͅ@S_7SG X248U`fJ/#-Y| .|-u4^je$5o1hU~;K7G),{,O<@q5lkwWd=*837!-ĸg-B: Gōq|0ٰ[^psr tGDbeT՛¶F\"fDq$ը 2/3Mr:[É8jr=;Ь΁49aBmDNwM0:to4S}`l@5A1g{8hs-uiN6)VS=MQKVTxn'Ikk΄ QtoMCjNP5M-]t˿8`F+#8Li:y۸).ǟgv!A;CJN?(/#C)Sb+Cź`:XL9\魶p΍@!WfgM/VsیU,0.^LYmDa>_/|g vˑQ%~^q̕UZArxOQ6%9l\(qn&Q %D2=Бx.q= 0ݢ;9ĀPtq^#66)+xMQ6Ԛ,0Arq(eLa2;mƺCo?l_rOa_тv`č{7)Pɛkw8.OwUr+pJ. :zFZKh6 [y#9/C6HL/;I#Ҭ{1UQៜC@7ᘮ!N~vǎ敦j@hpT$iY£ma25c&;Ĺ./W2VMb YvعlO^[7scUur3nJR>[SeQ tw'3^ݶG!g{)E]vx!$}~Is8#{3%& lĥ iw  ce]R-4f&.xi5f $vC/Bgҧ@ v5PQޫ5n"׋d@OaY\r ƑbȭJg,9%wS `gGJQ7p$9yf(99>[b0T`֦F2f@`g]Eñ $*4%٪:~ 5DluSd5K'9|@jd̯.ѩ*XF֊j3!ہL{ cN% OCjD߳A~%/bT[)|.y޵) UӗӮi/:&i4?#&aMg#;Bh)b8%@^2\NeϩX/?e^}p& d fH\=LRScȍ=\>< yҼr=c%,e(PE-CiMIW{hxm1[n~(ee"Wu*⭱@1l\jp_cc-P4]ޥ\6AJrs8e|J9B<|N=iÏ&<=JgOqKv+jq:i#jҰӖp?#YԊ|( 4MGɁq&o.3qA)֣JYTR'T/?$:9> oV,p>(`<=R8p/ǵ[_5=K|| i y1԰;6w`&t.r iAAe[~{ed>G 2tzH 5Jh?F/+rQ}rIH eC[1l9" zN-OccZ^87؋0걥.up]t羜-xUR"*B)]eIK|ĶvBw(Ūjj/#L[ t:X5YЀKMd5܀uJ%]4Ub֚?s郒X,je Ѡv[F^^Rm7'-k`scoZ*S83rP~iBgX,G$\Ð\rv4ى>O VZ}eI=5Ğ>eYq,|K ;}'JH]hq&QBy}!ҟ"!+ *;!429:mD<`$ Ur Q! b6a2v"RToJNRJS}Tx=]T9,@?[p+zF#P#f%p6EvkohNa-%W"0\Z0rDr([Pe=1L+lOt#6((tW[o OLgV"2ͨF ѕ b֟ 4vUoqk /e\ƢV+ kcPL1Szu֐brK#>1Rj]̴e^wTߒ%EQ Xak P*1`Oķ!b=_A8Moq 縺snhXR>[ 6Pv;[z"Jf vD7k$fᮐ$^bw !~PW1T>Cۢ [ i:%_X`*ʼ$iEM Lm{>}J=+=ط:g@'JNxevLM|<(+"4V;/w`J;]r$UfdD9C6*ҩ=13TCK)cJ%k83YZMwfk{x0vTs ZVŚ|F^}C yDHmEn3˳%G=nqx&EY>&k,>gTlaʙ 64onHfRh.+aa I޵uiavYGf{tv1`v[ڲĩA+] Є\ ;6 Rq+Mg'=Gؠ TIr$G7vzIj_eBvؾ% } iul2~3[)Č䢁~u^ 3LzaY~3,+ =n)d]kò+u‰fG@ŭ⯲y~++SdSQms$VƢ}pmUJ 0騈pj ~- jA*{91Z!A8Cӏ(0gj3.d%S9 H-sc~A\{6$@N` A|ר qW׉XV^T[c*YD{%> w~0CRymҍt;ՖE0sX^@vl)<I޾%OPO2,Z30n@,ЈB`H 9]'F6gȝ`qLI$}vNY$Η X]eRl?6<.k٨(ܽoiwbouX 26(5'`w̢O⭴pm,=0X&,XV5° Mje0/E:YnHCF٭u@U΢S( CZpKk3x<֜Ajiq;@[#>̎JI1i(W"<,Mt pvۓ*ϥ%1(r#3 ӆ ˉB, a>z|d;I%%p \ 2,۱S@QXDf+uzD܋{űN  aB<@ GNc_ZB_!^p}9Wp.2D[=fƫRa}7ls:r,ko~1"a'ߎi'LiyƩ^+>ZtR_xē7^SG#TٱyO` xRXRHWM`Mju'Cy30N@QVuY~B,:u;u|հi n= + f Ӟ-⫁R'5E!0zErW?=$d(~G!8M8c HX)9^=)r"Zh8h7ᙞCqU2@]dPɗUzZI\ݗ^׎h렉7u@5k@rxQ+ڃTm}H*#OѐilI61_lCEĪ _E <@i?ѭ̦'+Ηl>#u%E'bӨ 6uh2c;$hf UL(ڽ]eSz B@-nC)qs(;oل;,jZ+8uqPHz72mTG8 ^Hw> >< /s Dҽack̷r'?Pp z%--#woG i{M:/"6R[! BhPRļ1GZ1\YlMrIL7ˈ$0k:5B"ևqlBvPiҘH=C7^!S- ;{sU[DOWtmK;IՃvV-ۂ=1w?8;>?C׷iI 4 o(~od[1)+SZY \=(͕oqZyCet4H. (zͰ_y8H9K ^鍫=Z֊)/tpya:i)UjWLI_* Ipr̂5 yL~wJT7h-J~0+xF=T;әv&M1z?g֓ 񨚌t?Խ^dBLƳ/y_(|`&XY` b &gRm+-d[Ktw+u0Տ.jvNt9eEJUwA( k/d<6Ko;m,'x5Kv?wE d |9£Y@ Nz[&O?7#(AR{MMv2ڪDZDL`G'UHB&sbHI~]vcD!$Pz-/:,J^ְ5s`@[8{_'{ѴqbC<ٜ Id 7k;eP^gүSଵ|mUta,{6YRG1 /!|瓌+#ݨDΥ@y0Oe,TTصl1_16l +gطoQcC-:)]هyXz+gWMВ/RI YZ