X-Git-Url: https://pintos-os.org/cgi-bin/gitweb.cgi?a=blobdiff_plain;f=vswitchd%2Fmgmt.c;h=e2cc4f1f866f85dc50dc4aa6740576be06b69949;hb=85c74638ed99b77d6894385c3dce0175c4b4baa4;hp=4f79263c4f17db769f30fcedda00b9328f0fb35d;hpb=a8d211487e1bb9b8d81e65b89e3ae389da4b884c;p=openvswitch
diff --git a/vswitchd/mgmt.c b/vswitchd/mgmt.c
index 4f79263c..e2cc4f1f 100644
--- a/vswitchd/mgmt.c
+++ b/vswitchd/mgmt.c
@@ -1,28 +1,16 @@
/* Copyright (c) 2009 Nicira Networks
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
*
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
*
- * You should have received a copy of the GNU General Public License
- * along with this program. If not, see .
- *
- * In addition, as a special exception, Nicira Networks gives permission
- * to link the code of its release of vswitchd with the OpenSSL project's
- * "OpenSSL" library (or with modified versions of it that use the same
- * license as the "OpenSSL" library), and distribute the linked
- * executables. You must obey the GNU General Public License in all
- * respects for all of the code used other than "OpenSSL". If you modify
- * this file, you may extend this exception to your version of the file,
- * but you are not obligated to do so. If you do not wish to do so,
- * delete this exception statement from your version.
+ * http://www.apache.org/licenses/LICENSE-2.0
*
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
*/
#include
@@ -31,6 +19,9 @@
#include
#include
#include
+#include
+#include
+#include
#include "bridge.h"
#include "cfg.h"
@@ -58,6 +49,7 @@
static struct svec mgmt_cfg;
static uint8_t cfg_cookie[CFG_COOKIE_LEN];
+static bool need_reconfigure = false;
static struct rconn *mgmt_rconn;
static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(60, 60);
static struct svec capabilities;
@@ -112,6 +104,7 @@ mgmt_configure_ssl(void)
static char *private_key_file;
static char *certificate_file;
static char *cacert_file;
+ struct stat s;
/* XXX SSL should be configurable separate from the bridges.
* XXX should be possible to de-configure SSL. */
@@ -123,7 +116,13 @@ mgmt_configure_ssl(void)
vconn_ssl_set_certificate_file(certificate_file);
}
- if (config_string_change("ssl.ca-cert", &cacert_file)) {
+ /* We assume that even if the filename hasn't changed, if the CA cert
+ * file has been removed, that we want to move back into
+ * boot-strapping mode. This opens a small security hole, because
+ * the old certificate will still be trusted until vSwitch is
+ * restarted. We may want to address this in vconn's SSL library. */
+ if (config_string_change("ssl.ca-cert", &cacert_file)
+ || (stat(cacert_file, &s) && errno == ENOENT)) {
vconn_ssl_set_ca_cert_file(cacert_file,
cfg_get_bool(0, "ssl.bootstrap-ca-cert"));
}
@@ -142,6 +141,7 @@ mgmt_reconfigure(void)
int retval;
if (!cfg_has_section("mgmt")) {
+ svec_clear(&mgmt_cfg);
if (mgmt_rconn) {
rconn_destroy(mgmt_rconn);
mgmt_rconn = NULL;
@@ -526,20 +526,6 @@ send_config_update_ack(uint32_t xid, bool success)
send_openflow_buffer(buffer);
}
-static void
-send_ofmp_error_msg(uint32_t xid, uint16_t type, uint16_t code,
- const void *data, size_t len)
-{
- struct ofpbuf *buffer;
- struct ofmp_error_msg *oem;
-
- oem = make_ofmp_xid(sizeof(*oem)+len, OFMPT_ERROR, xid, &buffer);
- oem->type = htons(type);
- oem->code = htons(code);
- memcpy(oem->data, data, len);
- send_openflow_buffer(buffer);
-}
-
static void
send_error_msg(uint32_t xid, uint16_t type, uint16_t code,
const void *data, size_t len)
@@ -667,8 +653,7 @@ recv_ofmp_config_update(uint32_t xid, const struct ofmp_header *ofmph,
* connection settings may have changed. */
send_config_update_ack(xid, true);
- reconfigure();
-
+ need_reconfigure = true;
return 0;
}
@@ -819,15 +804,16 @@ handle_msg(uint32_t xid, const void *msg, size_t length)
return handler(xid, msg);
}
-void
+bool
mgmt_run(void)
{
int i;
if (!mgmt_rconn) {
- return;
+ return false;
}
+ need_reconfigure = false;
rconn_run(mgmt_rconn);
/* Do some processing, but cap it at a reasonable amount so that
@@ -849,6 +835,8 @@ mgmt_run(void)
VLOG_WARN_RL(&rl, "received too-short OpenFlow message");
}
}
+
+ return need_reconfigure;
}
void