}
#ifdef HAVE_OPENSSL
-static bool
-config_string_change(const char *value, char **valuep)
-{
- if (value && (!*valuep || strcmp(value, *valuep))) {
- free(*valuep);
- *valuep = xstrdup(value);
- return true;
- } else {
- return false;
- }
-}
-
static void
bridge_configure_ssl(const struct ovsrec_ssl *ssl)
{
- /* XXX SSL should be configurable on a per-bridge basis.
- * XXX should be possible to de-configure SSL. */
- static char *private_key_file;
- static char *certificate_file;
- static char *cacert_file;
- struct stat s;
-
- if (!ssl) {
- /* XXX We can't un-set SSL settings. */
- return;
- }
-
- if (config_string_change(ssl->private_key, &private_key_file)) {
- stream_ssl_set_private_key_file(private_key_file);
- }
-
- if (config_string_change(ssl->certificate, &certificate_file)) {
- stream_ssl_set_certificate_file(certificate_file);
- }
-
- /* We assume that even if the filename hasn't changed, if the CA cert
- * file has been removed, that we want to move back into
- * boot-strapping mode. This opens a small security hole, because
- * the old certificate will still be trusted until vSwitch is
- * restarted. We may want to address this in vconn's SSL library. */
- if (config_string_change(ssl->ca_cert, &cacert_file)
- || (cacert_file && stat(cacert_file, &s) && errno == ENOENT)) {
- stream_ssl_set_ca_cert_file(cacert_file, ssl->bootstrap_ca_cert);
+ /* XXX SSL should be configurable on a per-bridge basis. */
+ if (ssl) {
+ stream_ssl_set_private_key_file(ssl->private_key);
+ stream_ssl_set_certificate_file(ssl->certificate);
+ stream_ssl_set_ca_cert_file(ssl->ca_cert, ssl->bootstrap_ca_cert);
}
}
#endif
bridge_reconfigure_controller(const struct ovsrec_open_vswitch *ovs_cfg,
struct bridge *br)
{
- char *pfx = xasprintf("bridge.%s.controller", br->name);
const struct ovsrec_controller *c;
c = bridge_get_controller(ovs_cfg, br);
ofproto_set_probe_interval(br->ofproto, 5);
ofproto_set_failure(br->ofproto, false);
}
- free(pfx);
ofproto_set_controller(br->ofproto, br->controller);
}
size_t n_vlans;
int *vlans;
size_t i;
- bool mirror_all_ports;
- bool any_ports_specified;
- bool any_vlans_specified;
/* Get output port. */
if (cfg->output_port) {
return;
}
- /* Get all the ports, and drop duplicates and ports that don't exist. */
shash_init(&src_ports);
shash_init(&dst_ports);
- mirror_collect_ports(m, cfg->select_src_port, cfg->n_select_src_port,
- &src_ports);
- mirror_collect_ports(m, cfg->select_dst_port, cfg->n_select_dst_port,
- &dst_ports);
- any_ports_specified = cfg->n_select_dst_port || cfg->n_select_dst_port;
- if (any_ports_specified
- && shash_is_empty(&src_ports) && shash_is_empty(&dst_ports)) {
- VLOG_ERR("bridge %s: disabling mirror %s since none of the specified "
- "selection ports exists", m->bridge->name, m->name);
- mirror_destroy(m);
- goto exit;
- }
+ if (cfg->select_all) {
+ for (i = 0; i < m->bridge->n_ports; i++) {
+ const char *name = m->bridge->ports[i]->name;
+ shash_add_once(&src_ports, name, NULL);
+ shash_add_once(&dst_ports, name, NULL);
+ }
+ vlans = NULL;
+ n_vlans = 0;
+ } else {
+ /* Get ports, and drop duplicates and ports that don't exist. */
+ mirror_collect_ports(m, cfg->select_src_port, cfg->n_select_src_port,
+ &src_ports);
+ mirror_collect_ports(m, cfg->select_dst_port, cfg->n_select_dst_port,
+ &dst_ports);
- /* Get all the vlans, and drop duplicate and invalid vlans. */
- n_vlans = mirror_collect_vlans(m, cfg, &vlans);
- any_vlans_specified = cfg->n_select_vlan > 0;
- if (any_vlans_specified && !n_vlans) {
- VLOG_ERR("bridge %s: disabling mirror %s since none of the specified "
- "VLANs exists", m->bridge->name, m->name);
- mirror_destroy(m);
- goto exit;
+ /* Get all the vlans, and drop duplicate and invalid vlans. */
+ n_vlans = mirror_collect_vlans(m, cfg, &vlans);
}
/* Update mirror data. */
m->out_port = out_port;
m->out_vlan = out_vlan;
- /* If no selection criteria have been given, mirror for all ports. */
- mirror_all_ports = !any_ports_specified && !any_vlans_specified;
-
/* Update ports. */
mirror_bit = MIRROR_MASK_C(1) << m->idx;
for (i = 0; i < m->bridge->n_ports; i++) {
struct port *port = m->bridge->ports[i];
- if (mirror_all_ports
- || shash_find(&m->src_ports, port->name)
+ if (shash_find(&m->src_ports, port->name)
|| (m->n_vlans
&& (!port->vlan
? port_trunks_any_mirrored_vlan(m, port)
port->src_mirrors &= ~mirror_bit;
}
- if (mirror_all_ports || shash_find(&m->dst_ports, port->name)) {
+ if (shash_find(&m->dst_ports, port->name)) {
port->dst_mirrors |= mirror_bit;
} else {
port->dst_mirrors &= ~mirror_bit;
}
/* Clean up. */
-exit:
shash_destroy(&src_ports);
shash_destroy(&dst_ports);
}