Make it easier to bootstrap the PKI for SSL connections in OpenFlow.

[openvswitch] / switch / switch.c

diff --git a/switch/switch.c b/switch/switch.c
index 28a6b427773f2796a3970db4fdcaa226061395d8..a7624126cd51c92f07375845a774cc14410910ee 100644 (file)
--- a/switch/switch.c
+++ b/switch/switch.c
@@ -59,15 +59,16 @@
 
 
 /* Strings to describe the manufacturer, hardware, and software.  This data 
- * is queriable through the version stats message. */
-char mfr_desc[VERSION_STR_LEN] = "Nicira Networks";
-char hw_desc[VERSION_STR_LEN] = "Reference User-Space Switch";
-char sw_desc[VERSION_STR_LEN] = VERSION;
+ * is queriable through the switch description stats message. */
+char mfr_desc[DESC_STR_LEN] = "Nicira Networks";
+char hw_desc[DESC_STR_LEN] = "Reference User-Space Switch";
+char sw_desc[DESC_STR_LEN] = VERSION;
+char serial_num[SERIAL_NUM_LEN] = "None";
 
 static void parse_options(int argc, char *argv[]);
 static void usage(void) NO_RETURN;
 
-static const char *listen_vconn_name;
+static const char *listen_pvconn_name;
 static struct datapath *dp;
 static uint64_t dpid = UINT64_MAX;
 static char *port_list;
@@ -92,30 +93,27 @@ main(int argc, char *argv[])
     signal(SIGPIPE, SIG_IGN);
 
     if (argc - optind != 1) {
-        fatal(0, "missing controller argument; use --help for usage");
+        ofp_fatal(0, "missing controller argument; use --help for usage");
     }
 
     rconn = rconn_create(60, max_backoff);
     error = rconn_connect(rconn, argv[optind]);
     if (error == EAFNOSUPPORT) {
-        fatal(0, "no support for %s vconn", argv[optind]);
+        ofp_fatal(0, "no support for %s vconn", argv[optind]);
     }
     error = dp_new(&dp, dpid, rconn);
-    if (listen_vconn_name) {
-        struct vconn *listen_vconn;
+    if (listen_pvconn_name) {
+        struct pvconn *listen_pvconn;
         int retval;
-        
-        retval = vconn_open(listen_vconn_name, &listen_vconn);
+
+        retval = pvconn_open(listen_pvconn_name, &listen_pvconn);
         if (retval && retval != EAGAIN) {
-            fatal(retval, "opening %s", listen_vconn_name);
-        }
-        if (!vconn_is_passive(listen_vconn)) {
-            fatal(0, "%s is not a passive vconn", listen_vconn_name);
+            ofp_fatal(retval, "opening %s", listen_pvconn_name);
         }
-        dp_add_listen_vconn(dp, listen_vconn);
+        dp_add_listen_pvconn(dp, listen_pvconn);
     }
     if (error) {
-        fatal(error, "could not create datapath");
+        ofp_fatal(error, "could not create datapath");
     }
     if (port_list) {
         add_ports(dp, port_list); 
@@ -123,7 +121,7 @@ main(int argc, char *argv[])
 
     error = vlog_server_listen(NULL, NULL);
     if (error) {
-        fatal(error, "could not listen for vlog connections");
+        ofp_fatal(error, "could not listen for vlog connections");
     }
 
     die_if_already_running();
@@ -151,7 +149,7 @@ add_ports(struct datapath *dp, char *port_list)
          port = strtok_r(NULL, ",,", &save_ptr)) {
         int error = dp_add_port(dp, port);
         if (error) {
-            fatal(error, "failed to add port %s", port);
+            ofp_fatal(error, "failed to add port %s", port);
         }
     }
 }
@@ -163,7 +161,9 @@ parse_options(int argc, char *argv[])
         OPT_MAX_BACKOFF = UCHAR_MAX + 1,
         OPT_MFR_DESC,
         OPT_HW_DESC,
-        OPT_SW_DESC
+        OPT_SW_DESC,
+        OPT_SERIAL_NUM,
+        OPT_BOOTSTRAP_CA_CERT
     };
 
     static struct option long_options[] = {
@@ -180,7 +180,11 @@ parse_options(int argc, char *argv[])
         {"mfr-desc",    required_argument, 0, OPT_MFR_DESC},
         {"hw-desc",     required_argument, 0, OPT_HW_DESC},
         {"sw-desc",     required_argument, 0, OPT_SW_DESC},
+        {"serial_num",  required_argument, 0, OPT_SERIAL_NUM},
+#ifdef HAVE_OPENSSL
         VCONN_SSL_LONG_OPTIONS
+        {"bootstrap-ca-cert", required_argument, 0, OPT_BOOTSTRAP_CA_CERT},
+#endif
         {0, 0, 0, 0},
     };
     char *short_options = long_options_to_short_options(long_options);
@@ -198,12 +202,13 @@ parse_options(int argc, char *argv[])
         case 'd':
             if (strlen(optarg) != 12
                 || strspn(optarg, "0123456789abcdefABCDEF") != 12) {
-                fatal(0, "argument to -d or --datapath-id must be "
-                      "exactly 12 hex digits");
+                ofp_fatal(0, "argument to -d or --datapath-id must be "
+                          "exactly 12 hex digits");
             }
             dpid = strtoll(optarg, NULL, 16);
             if (!dpid) {
-                fatal(0, "argument to -d or --datapath-id must be nonzero");
+                ofp_fatal(0, "argument to -d or --datapath-id must "
+                          "be nonzero");
             }
             break;
 
@@ -241,7 +246,7 @@ parse_options(int argc, char *argv[])
         case OPT_MAX_BACKOFF:
             max_backoff = atoi(optarg);
             if (max_backoff < 1) {
-                fatal(0, "--max-backoff argument must be at least 1");
+                ofp_fatal(0, "--max-backoff argument must be at least 1");
             } else if (max_backoff > 3600) {
                 max_backoff = 3600;
             }
@@ -259,15 +264,25 @@ parse_options(int argc, char *argv[])
             strncpy(sw_desc, optarg, sizeof sw_desc);
             break;
 
+        case OPT_SERIAL_NUM:
+            strncpy(serial_num, optarg, sizeof serial_num);
+            break;
+
         case 'l':
-            if (listen_vconn_name) {
-                fatal(0, "-l or --listen may be only specified once");
+            if (listen_pvconn_name) {
+                ofp_fatal(0, "-l or --listen may be only specified once");
             }
-            listen_vconn_name = optarg;
+            listen_pvconn_name = optarg;
             break;
 
+#ifdef HAVE_OPENSSL
         VCONN_SSL_OPTION_HANDLERS
 
+        case OPT_BOOTSTRAP_CA_CERT:
+            vconn_ssl_set_ca_cert_file(optarg, true);
+            break;
+#endif
+
         case '?':
             exit(EXIT_FAILURE);
 
@@ -285,7 +300,7 @@ usage(void)
            "usage: %s [OPTIONS] CONTROLLER\n"
            "where CONTROLLER is an active OpenFlow connection method.\n",
            program_name, program_name);
-    vconn_usage(true, true);
+    vconn_usage(true, true, true);
     printf("\nConfiguration options:\n"
            "  -i, --interfaces=NETDEV[,NETDEV]...\n"
            "                          add specified initial switch ports\n"