Type: string
_Description: Controller location:
Specify how the OpenFlow switch should connect to the OpenFlow controller.
- The value should be in form "ssl:HOST[:PORT]" to connect to the controller
- over SSL (recommended for security) or "tcp:HOST[:PORT]" to connect over
+ The value should be in form "ssl:IP[:PORT]" to connect to the controller
+ over SSL (recommended for security) or "tcp:IP[:PORT]" to connect over
cleartext TCP.
Template: openvswitch-switch/controller-vconn-error
Type: error
_Description: The controller location is invalid.
- The controller location must be specifed as "ssl:HOST[:PORT]" to
+ The controller location must be specifed as "ssl:IP[:PORT]" to
connect to the controller over SSL (recommended for security) or
- "tcp:HOST[:PORT]" to connect over cleartext TCP.
+ "tcp:IP[:PORT]" to connect over cleartext TCP.
Template: openvswitch-switch/pki-uri
Type: string
configure_ssl
;;
*)
- echo "$default: CONTROLLER must be in the form 'ssl:HOST[:PORT]' or 'tcp:HOST[:PORT]' when not in discovery mode" >&2
+ echo "$default: CONTROLLER must be in the form 'ssl:IP[:PORT]' or 'tcp:IP[:PORT]' when not in discovery mode" >&2
echo "Run ovs-switch-setup (in the openvswitch-switch-config package) or edit /etc/default/openvswitch-switch to configure" >&2
exit 1
esac
# CONTROLLER: Location of controller.
# One of the following formats:
-# tcp:HOST[:PORT] via TCP to PORT (default: 6633) on HOST
-# ssl:HOST[:PORT] via SSL to PORT (default: 6633) on HOST
+# tcp:IP[:PORT] via TCP to PORT (default: 6633) at IP
+# ssl:IP[:PORT] via SSL to PORT (default: 6633) at IP
# The default below assumes that the controller is running locally.
# This setting has no effect when MODE is set to 'discovery'.
#CONTROLLER="tcp:127.0.0.1"
#: ../openvswitch-switch-config.templates:10001
msgid ""
"Specify how the OpenFlow switch should connect to the OpenFlow controller. "
-"The value should be in form \"ssl:HOST[:PORT]\" to connect to the controller "
-"over SSL (recommended for security) or \"tcp:HOST[:PORT]\" to connect over "
+"The value should be in form \"ssl:IP[:PORT]\" to connect to the controller "
+"over SSL (recommended for security) or \"tcp:IP[:PORT]\" to connect over "
"cleartext TCP."
msgstr ""
#. Description
#: ../openvswitch-switch-config.templates:11001
msgid ""
-"The controller location must be specifed as \"ssl:HOST[:PORT]\" to connect "
-"to the controller over SSL (recommended for security) or \"tcp:HOST[:PORT]\" "
+"The controller location must be specifed as \"ssl:IP[:PORT]\" to connect "
+"to the controller over SSL (recommended for security) or \"tcp:IP[:PORT]\" "
"to connect over cleartext TCP."
msgstr ""
return max_fds;
}
-/* Translates 'host_name', which may be a DNS name or an IP address, into a
- * numeric IP address in '*addr'. Returns 0 if successful, otherwise a
- * positive errno value. */
+/* Translates 'host_name', which must be a string representation of an IP
+ * address, into a numeric IP address in '*addr'. Returns 0 if successful,
+ * otherwise a positive errno value. */
int
lookup_ip(const char *host_name, struct in_addr *addr)
{
if (!inet_aton(host_name, addr)) {
- struct hostent *he = gethostbyname(host_name);
- if (he == NULL) {
- struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
- VLOG_ERR_RL(&rl, "gethostbyname(%s): %s", host_name,
- (h_errno == HOST_NOT_FOUND ? "host not found"
- : h_errno == TRY_AGAIN ? "try again"
- : h_errno == NO_RECOVERY ? "non-recoverable error"
- : h_errno == NO_ADDRESS ? "no address"
- : "unknown error"));
- return ENOENT;
- }
- addr->s_addr = *(uint32_t *) he->h_addr;
+ struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
+ VLOG_ERR_RL(&rl, "\"%s\" is not a valid IP address", host_name);
+ return ENOENT;
}
return 0;
}
printf("\n");
if (active) {
printf("Active OpenFlow connection methods:\n");
- printf(" tcp:HOST[:PORT] "
- "PORT (default: %d) on remote TCP HOST\n", OFP_TCP_PORT);
+ printf(" tcp:IP[:PORT] "
+ "PORT (default: %d) at remote IP\n", OFP_TCP_PORT);
#ifdef HAVE_OPENSSL
- printf(" ssl:HOST[:PORT] "
- "SSL PORT (default: %d) on remote HOST\n", OFP_SSL_PORT);
+ printf(" ssl:IP[:PORT] "
+ "SSL PORT (default: %d) at remote IP\n", OFP_SSL_PORT);
#endif
printf(" unix:FILE Unix domain socket named FILE\n");
}
the OpenFlow controller. It takes one of the following forms:
.RS
-.TP
-\fBssl:\fIhost\fR[\fB:\fIport\fR]
-The specified SSL \fIport\fR (default: 6633) on the given remote
-\fIhost\fR. The \fB--private-key\fR, \fB--certificate\fR, and
-\fB--ca-cert\fR options are mandatory when this form is used.
+.IP "\fBssl:\fIip\fR[\fB:\fIport\fR]"
+The specified SSL \fIport\fR (default: 6633) on the host at the given
+\fIip\fR, which must be expressed as an IP address (not a DNS name).
+The \fB--private-key\fR, \fB--certificate\fR, and \fB--ca-cert\fR
+options are mandatory when this form is used.
-.TP
-\fBtcp:\fIhost\fR[\fB:\fIport\fR]
-The specified TCP \fIport\fR (default: 6633) on the given remote
-\fIhost\fR.
+.IP "\fBtcp:\fIip\fR[\fB:\fIport\fR]"
+The specified TCP \fIport\fR (default: 6633) on the host at the given
+\fIip\fR, which must be expressed as an IP address (not a DNS name).
.TP
\fBunix:\fIfile\fR
is given, the default is in-band control.
.TP
-\fB--netflow=\fIhost\fB:\fIport\fR
-Configures the given UDP \fIport\fR on the specified IP \fIhost\fR as
-a recipient of NetFlow messages for expired flows.
+\fB--netflow=\fIip\fB:\fIport\fR
+Configures the given UDP \fIport\fR on the specified IP \fIip\fR as
+a recipient of NetFlow messages for expired flows. The \fIip\fR must
+be specified numerically, not as a DNS name.
This option may be specified multiple times to configure additional
NetFlow collectors.
Listens for connections from OpenFlow switches on the Unix domain
server socket named \fIfile\fR.
-.TP
-\fBssl:\fIhost\fR[\fB:\fIport\fR]
-The specified SSL \fIport\fR (default: 6633) on the given remote
-\fIhost\fR. The \fB--private-key\fR, \fB--certificate\fR, and
-\fB--ca-cert\fR options are mandatory when this form is used.
-
-.TP
-\fBtcp:\fIhost\fR[\fB:\fIport\fR]
-The specified TCP \fIport\fR (default: 6633) on the given remote
-\fIhost\fR.
+.IP "\fBssl:\fIip\fR[\fB:\fIport\fR]"
+The specified SSL \fIport\fR (default: 6633) on the host at the given
+\fIip\fR, which must be expressed as an IP address (not a DNS name).
+The \fB--private-key\fR, \fB--certificate\fR, and \fB--ca-cert\fR
+options are mandatory when this form is used.
+
+.IP "\fBtcp:\fIip\fR[\fB:\fIport\fR]"
+The specified TCP \fIport\fR (default: 6633) on the host at the given
+\fIip\fR, which must be expressed as an IP address (not a DNS name).
.TP
\fBunix:\fIfile\fR
are supported:
.RS
-.TP
-\fBssl:\fIhost\fR[\fB:\fIport\fR]
-The specified SSL \fIport\fR (default: 6633) on the given remote
-\fIhost\fR. The \fB--private-key\fR, \fB--certificate\fR, and
-\fB--ca-cert\fR options are mandatory when this form is used.
-
-.TP
-\fBtcp:\fIhost\fR[\fB:\fIport\fR]
-The specified TCP \fIport\fR (default: 6633) on the given remote
-\fIhost\fR.
+.IP "\fBssl:\fIip\fR[\fB:\fIport\fR]"
+The specified SSL \fIport\fR (default: 6633) on the host at the given
+\fIip\fR, which must be expressed as an IP address (not a DNS name).
+The \fB--private-key\fR, \fB--certificate\fR, and \fB--ca-cert\fR
+options are mandatory when this form is used.
+
+.IP "\fBtcp:\fIip\fR[\fB:\fIport\fR]"
+The specified TCP \fIport\fR (default: 6633) on the host at the given
+\fIip\fR, which must be expressed as an IP address (not a DNS name).
.TP
\fBunix:\fIfile\fR
IP flows, such as the principals involved and duration. A bridge may be
configured to send NetFlow v5 records to NetFlow collectors when flows
end. To enable, define the key \fBnetflow.\fIbridge\fB.host\fR for each
-collector in the form \fIhost\fB:\fIport\fR. Records from \fIbridge\fR
-will be sent to each \fIhost\fR on UDP \fIport\fR.
+collector in the form \fIip\fB:\fIport\fR. Records from \fIbridge\fR
+will be sent to each \fIip\fR on UDP \fIport\fR. The \fIip\fR must
+be specified numerically, not as a DNS name.
The NetFlow messages will use the datapath index for the engine type and id.
This can be overridden with the \fBnetflow.\fIbridge\fB.engine-type\fR and
functionality is enabled by setting the key \fBmgmt.controller\fR to one
of the following values:
.
-.TP
-\fBssl:\fIhost\fR[\fB:\fIport\fR]
-The specified SSL \fIport\fR (default: 6633) on the given remote
-\fIhost\fR. SSL must be configured when this form is used (see \fBSSL
+.IP "\fBssl:\fIip\fR[\fB:\fIport\fR]"
+The specified SSL \fIport\fR (default: 6633) on the host at the given
+\fIip\fR, which must be expressed as an IP address (not a DNS name).
+SSL must be configured when this form is used (see \fBSSL
Configuration\fR, below).
.
-.TP
-\fBtcp:\fIhost\fR[\fB:\fIport\fR]
-The specified TCP \fIport\fR (default: 6633) on the given remote
-\fIhost\fR.
+.IP "\fBtcp:\fIip\fR[\fB:\fIport\fR]"
+The specified TCP \fIport\fR (default: 6633) on the host at the given
+\fIip\fR, which must be expressed as an IP address (not a DNS name).
.PP
The maximum time between attempts to connect to the controller may be
specified in integral seconds with the \fBmgmt.max-backoff\fR key. The
.RE
.
.TP
-\fBssl:\fIhost\fR[\fB:\fIport\fR]
-The specified SSL \fIport\fR (default: 6633) on the given remote
-\fIhost\fR. SSL must be configured when this form is used (see \fBSSL
+\fBssl:\fIip\fR[\fB:\fIport\fR]
+The specified SSL \fIport\fR (default: 6633) on the host at the given
+\fIip\fR, which must be expressed as an IP address (not a DNS name).
+SSL must be configured when this form is used (see \fBSSL
Configuration\fR, below).
.
.TP
-\fBtcp:\fIhost\fR[\fB:\fIport\fR]
-The specified TCP \fIport\fR (default: 6633) on the given remote
-\fIhost\fR.
+\fBtcp:\fIip\fR[\fB:\fIport\fR]
+The specified TCP \fIport\fR (default: 6633) on the host at the given
+\fIip\fR, which must be expressed as an IP address (not a DNS name).
.
.TP
\fBunix:\fIfile\fR
projects / openvswitch / commitdiff