X-Git-Url: https://pintos-os.org/cgi-bin/gitweb.cgi?a=blobdiff_plain;ds=sidebyside;f=utilities%2Fovs-ctl.in;h=c783f3da85c96215e813061527f9c4f5e3e75f9a;hb=481db4883344161efab4bd5e7580e21411e62c9f;hp=d316adf023b701393b302efe09624b51f1623039;hpb=2ae9d860584caa98b34bffac536461e3f5099429;p=openvswitch

diff --git a/utilities/ovs-ctl.in b/utilities/ovs-ctl.in
index d316adf0..c783f3da 100755
--- a/utilities/ovs-ctl.in
+++ b/utilities/ovs-ctl.in
@@ -184,7 +184,7 @@ start () {
 	if test X"$MLOCKALL" != Xno; then
 	    set "$@" --mlockall
 	fi
-	start_daemon "$VSWITCHD_PRIORITY" "$@"
+	start_daemon "$OVS_VSWITCHD_PRIORITY" "$@"
     fi
 }
 
@@ -244,7 +244,7 @@ force_reload_kmod () {
     chmod +x "$script"
 
     for dp in `ovs-dpctl dump-dps`; do
-        action "Removing datapath: $dp" "$dpctl" del-dp "$dp"
+        action "Removing datapath: $dp" ovs-dpctl del-dp "$dp"
     done
 
     if test -e /sys/module/openvswitch_mod; then
@@ -270,37 +270,40 @@ force_reload_kmod () {
 ## --------------- ##
 
 enable_protocol () {
-    set X "-p $PROTOCOL"
+    # Translate the protocol name to a number, because "iptables -n -L" prints
+    # some protocols by name (despite the -n) and therefore we need to look for
+    # both forms.
+    #
+    # (iptables -S output is more uniform but old iptables doesn't have it.)
+    protonum=`grep "^$PROTOCOL[ 	]" /etc/protocols | awk '{print $2}'`
+    if expr X"$protonum" : X'[0-9]\{1,\}$' > /dev/null; then :; else
+        log_failure_msg "unknown protocol $PROTOCOL"
+        return 1
+    fi
+
     name=$PROTOCOL
+    match="(\$2 == \"$PROTOCOL\" || \$2 == $protonum)"
+    insert="iptables -I INPUT -p $PROTOCOL"
     if test X"$DPORT" != X; then
-        set "$@" "--dport $DPORT"
         name="$name to port $DPORT"
+        match="$match && /dpt:$DPORT/"
+        insert="$insert --dport $DPORT"
     fi
     if test X"$SPORT" != X; then
-        set "$@" "--sport $SPORT"
         name="$name from port $SPORT"
+        match="$match && /spt:$SPORT/"
+        insert="$insert --sport $SPORT"
     fi
-    shift
-
-    search="/^-A INPUT/!d"
-    insert="iptables -I INPUT"
-    for arg; do
-        search="$search
-/ $arg /!d"
-        insert="$insert $arg"
-    done
     insert="$insert -j ACCEPT"
 
-    if (iptables -S INPUT) >/dev/null 2>&1; then
-        case `iptables -S INPUT | sed "$search"` in
-            '')
-                action "Enabling $name with iptables" $insert
-                ;;
-            *)
-                # There's already a rule for this protocol.  Don't override it.
-                log_success_msg "iptables already has a rule for $name, not explicitly enabling"
-                ;;
-        esac
+    if (iptables -n -L INPUT) >/dev/null 2>&1; then
+        if iptables -n -L INPUT | awk "$match { n++ } END { exit n == 0 }"
+        then
+            # There's already a rule for this protocol.  Don't override it.
+            log_success_msg "iptables already has a rule for $name, not explicitly enabling"
+        else
+            action "Enabling $name with iptables" $insert
+        fi
     elif (iptables --version) >/dev/null 2>&1; then
         action "cannot list iptables rules, not adding a rule for $name"
     else