Merge remote branch 'repo/master' into stats

[openvswitch] / secchan / secchan.c

diff --git a/secchan/secchan.c b/secchan/secchan.c
index 72cbd257386b11d0113789b5103813d107e03ab9..8ac3d4190dad7b2869ffdecd7dd06aa0016f78ea 100644 (file)
--- a/secchan/secchan.c
+++ b/secchan/secchan.c
@@ -58,7 +58,7 @@
 static void parse_options(int argc, char *argv[]);
 static void usage(void) NO_RETURN;
 
-static struct vconn *listen_vconn = NULL;
+static const char *listen_vconn_name;
 
 struct half {
     struct rconn *rconn;
@@ -81,6 +81,7 @@ static void relay_destroy(struct relay *);
 int
 main(int argc, char *argv[])
 {
+    struct vconn *listen_vconn;
     const char *nl_name;
     int retval;
 
@@ -100,6 +101,18 @@ main(int argc, char *argv[])
         fatal(0, "%s: argument is not of the form \"nl:DP_ID\"", nl_name);
     }
 
+    if (listen_vconn_name) {
+        retval = vconn_open(listen_vconn_name, &listen_vconn);
+        if (retval && retval != EAGAIN) {
+            fatal(retval, "opening %s", listen_vconn_name);
+        }
+        if (!vconn_is_passive(listen_vconn)) {
+            fatal(0, "%s is not a passive vconn", listen_vconn_name);
+        }
+    } else {
+        listen_vconn = NULL;
+    }
+
     retval = vlog_server_listen(NULL, NULL);
     if (retval) {
         fatal(retval, "Could not listen for vlog connections");
@@ -114,8 +127,8 @@ main(int argc, char *argv[])
             relay_run(r);
         }
         if (listen_vconn) {
-            struct vconn *new_remote;
             for (;;) {
+                struct vconn *new_remote;
                 retval = vconn_accept(listen_vconn, &new_remote);
                 if (retval) {
                     if (retval != EAGAIN) {
@@ -123,7 +136,6 @@ main(int argc, char *argv[])
                     }
                     break;
                 }
-
                 new_management_connection(nl_name, new_remote);
             }
         }
@@ -267,17 +279,12 @@ parse_options(int argc, char *argv[])
         {"verbose",     optional_argument, 0, 'v'},
         {"help",        no_argument, 0, 'h'},
         {"version",     no_argument, 0, 'V'},
-#ifdef HAVE_OPENSSL
-        {"private-key", required_argument, 0, 'p'},
-        {"certificate", required_argument, 0, 'c'},
-        {"ca-cert",     required_argument, 0, 'C'},
-#endif
+        VCONN_SSL_LONG_OPTIONS
         {0, 0, 0, 0},
     };
     char *short_options = long_options_to_short_options(long_options);
     
     for (;;) {
-        int retval;
         int c;
 
         c = getopt_long(argc, argv, short_options, long_options, NULL);
@@ -287,16 +294,10 @@ parse_options(int argc, char *argv[])
 
         switch (c) {
         case 'l':
-            if (listen_vconn) {
+            if (listen_vconn_name) {
                 fatal(0, "-l or --listen may be only specified once");
             }
-            retval = vconn_open(optarg, &listen_vconn);
-            if (retval && retval != EAGAIN) {
-                fatal(retval, "opening %s", optarg);
-            }
-            if (!vconn_is_passive(listen_vconn)) {
-                fatal(0, "%s is not a passive vconn", optarg);
-            }
+            listen_vconn_name = optarg;
             break;
 
         case 'h':
@@ -310,19 +311,7 @@ parse_options(int argc, char *argv[])
             vlog_set_verbosity(optarg);
             break;
 
-#ifdef HAVE_OPENSSL
-        case 'p':
-            vconn_ssl_set_private_key_file(optarg);
-            break;
-
-        case 'c':
-            vconn_ssl_set_certificate_file(optarg);
-            break;
-
-        case 'C':
-            vconn_ssl_set_ca_cert_file(optarg);
-            break;
-#endif
+        VCONN_SSL_OPTION_HANDLERS
 
         case '?':
             exit(EXIT_FAILURE);
@@ -337,32 +326,15 @@ parse_options(int argc, char *argv[])
 static void
 usage(void)
 {
-    printf("%s: Secure Channel\n"
+    printf("%s: Secure Channel, a relay for OpenFlow messages.\n"
            "usage: %s [OPTIONS] LOCAL REMOTE\n"
-           "\nRelays OpenFlow message between LOCAL and REMOTE datapaths.\n"
-           "LOCAL and REMOTE must each be one of the following:\n"
-           "  tcp:HOST[:PORT]         PORT (default: %d) on remote TCP HOST\n",
-           program_name, program_name, OFP_TCP_PORT);
-#ifdef HAVE_NETLINK
-    printf("  nl:DP_IDX               local datapath DP_IDX\n");
-#endif
-#ifdef HAVE_OPENSSL
-    printf("  ssl:HOST[:PORT]         SSL PORT (default: %d) on remote HOST\n"
-           "\nPKI configuration (required to use SSL):\n"
-           "  -p, --private-key=FILE  file with private key\n"
-           "  -c, --certificate=FILE  file with certificate for private key\n"
-           "  -C, --ca-cert=FILE      file with peer CA certificate\n",
-           OFP_SSL_PORT);
-#endif
+           "where LOCAL and REMOTE are active OpenFlow connection methods.\n",
+           program_name, program_name);
+    vconn_usage(true, true);
     printf("\nNetworking options:\n"
-           "  -l, --listen=VCONN      allow management connections on VCONN:\n"
-           "                          ptcp:[PORT]   TCP PORT (default: %d)\n",
-           OFP_TCP_PORT);
-#ifdef HAVE_OPENSSL
-    printf("                          pssl:[PORT]   SSL PORT (default: %d)\n",
-           OFP_SSL_PORT);
-#endif
-    printf("\nOther options:\n"
+           "  -l, --listen=METHOD     allow management connections on METHOD\n"
+           "                          (a passive OpenFlow connection method)\n"
+           "\nOther options:\n"
            "  -v, --verbose           set maximum verbosity level\n"
            "  -h, --help              display this help message\n"
            "  -V, --version           display version information\n");