- Installation Instructions for OpenFlow Reference Release
+ OpenVSwitch Installation Instructions
-This document describes how to build, install, and execute the
-reference implementation of OpenFlow. Please send any comments to:
+This document describes how to build, install, and execute
+OpenVSwitch.
- <info@openflowswitch.org>
+OpenVSwitch implements an Ethernet switch with MAC learning that may
+be configured with any of the following features:
-Contents
-========
+ * NIC bonding with automatic fail-over and source MAC-based TX
+ load balancing ("SLB").
-The OpenFlow reference implementation includes two OpenFlow switch
-implementations:
+ * 802.1Q VLAN support.
- - The "kernel-based switch": This divides the switch into a
- "datapath" Linux kernel module (openflow_mod.ko) and a
- userspace program (secchan). The kernel-based switch is
- faster than either of the other two implementations but
- requires building and installing a kernel module, which can
- sometimes be challenging.
+ * Port mirroring, with optional VLAN tagging.
- - The "userspace datapath-based switch": This divides the
- switch into a userspace "datapath" (built as
- udatapath/udatapath) and the same userspace program used by
- the kernel-based switch (secchan). The userspace
- datapath-based switch does not require building a kernel
- module, but it is not as fast as the kernel-based switch.
+ * NetFlow v5 flow logging.
+
+ * Connectivity to an external OpenFlow controller, such as
+ NOX.
+
+The current version of this distribution requires a kernel module to
+be built and loaded. An (optional) entirely userspace switch is on
+the roadmap for future versions.
The reference implementation also contains a simple OpenFlow
controller (built as controller/controller) and a number of related
Base Prerequisites
------------------
-Regardless of how it is built, OpenFlow has a common set of
+Regardless of how it is built, OpenVSwitch has a common set of
prerequisites. To compile the userspace programs in the OpenFlow
reference distribution, you will need the following software:
with version 4.2 or 4.3.
- libssl, from OpenSSL (http://www.openssl.org/), is optional but
- recommended. libssl is required to establish confidentiality
- and authenticity in the connections among OpenFlow switches and
- controllers. To enable, configure with --enable-ssl=yes.
-
-If you are working from a Git tree or snapshot (instead of from a
-distribution tarball), or if you modify the OpenFlow build system, you
-will also need the following software:
-
- - Autoconf version 2.60 or later (http://www.gnu.org/software/autoconf).
-
- - Automake version 1.10 or later (http://www.gnu.org/software/automake).
-
- - pkg-config (http://pkg-config.freedesktop.org/wiki/). We test
- with version 0.22.
-
-Debian Prerequisites
---------------------
-
-To build Debian packages from the OpenFlow distribution, you will need
-to install a number of Debian packages in addition to the base
-prerequisites listed above. These additional prerequisites may be
-found listed as "Build-Depends" in debian/control in the source tree.
-To check that they are installed, first install the dpkg-dev package,
-then run dpkg-checkbuilddeps from the top level of the OpenFlow source
-tree.
-
-To build Debian packages without being root, also install the
-"fakeroot" package.
+ recommended if you plan to connect the OpenVSwitch to an
+ OpenFlow controller. libssl is required to establish
+ confidentiality and authenticity in the connections from an
+ OpenVSwitch to an OpenFlow controller. To enable, configure
+ with --enable-ssl=yes.
-Kernel-Based Switch Prerequisites
----------------------------------
-
-The OpenFlow distribution also includes a Linux kernel module that can
-be used to achieve higher switching performance. To compile the
-kernel module, you must install the following in addition to the
-software listed in the "Base Prerequisites" section above:
+To compile the kernel module, you must also install the following:
- A supported Linux kernel version. Please refer to README for a
list of supported versions.
corresponding linux-headers package with the required build
infrastructure.
+If you are working from a Git tree or snapshot (instead of from a
+distribution tarball), or if you modify the OpenVSwitch build system,
+you will also need the following software:
+
+ - Autoconf version 2.60 or later (http://www.gnu.org/software/autoconf).
+
+ - Automake version 1.10 or later (http://www.gnu.org/software/automake).
+
+ - pkg-config (http://pkg-config.freedesktop.org/wiki/). We test
+ with version 0.22.
+
+Debian Prerequisites
+--------------------
+
+To build Debian packages from the OpenVSwitch distribution, you will
+need to install a number of Debian packages in addition to the base
+prerequisites listed above. These additional prerequisites may be
+found listed as "Build-Depends" in debian/control in the source tree.
+To check that they are installed, first install the dpkg-dev package,
+then run dpkg-checkbuilddeps from the top level of the OpenFlow source
+tree.
+
+To build Debian packages without being root, also install the
+"fakeroot" package.
+
Building Conventionally
=======================
-This section explains how to build and install the OpenFlow
+This section explains how to build and install the OpenVSwitch
distribution in the ordinary way using "configure" and "make".
0. Check that you have installed all the prerequisites listed above in
- the Base Prerequisites section. If you want to compile the Linux
- kernel module, also check that the prequisites listed under
- Kernel-Based Switch Prequisites are installed.
+ the Base Prerequisites section.
1. In the top source directory, configure the package by running the
configure script. You can usually invoke configure without any
% ./configure CC=gcc-4.2
To build the Linux kernel module, so that you can run the
- kernel-based switch, add --with-l26 or --with-l24 option, or both,
- to the configure script's command line. Refer to Building the
- Linux Kernel-Based Switch, below, for more information.
+ kernel-based switch, pass the location of the kernel build
+ directory on --with-l26. For example, to build for a running
+ instance of Linux 2.6:
+
+ % ./configure --with-l26=/lib/modules/`uname -r`/build
+
+ If you wish to build the kernel module for an architecture other
+ than the architecture of the machine used for the build, you may
+ specify the kernel architecture string using the KARCH variable
+ when invoking the configure script. For example, to build for MIPS
+ with Linux 2.6:
+
+ % ./configure --with-l26=/path/to/linux-2.6 KARCH=mips
The configure script accepts a number of other options and honors
additional environment variables. For a full list, invoke
The following binaries will be built:
- - Userspace datapath: udatapath/udatapath.
+ - Virtual switch daemon: vswitchd/vswitchd
+
+ - Bridge compatibility daemon: vswitchd/brcompatd
- Secure channel executable: secchan/secchan.
- Runtime logging configuration utility: utilities/vlogconf.
- - Miscellaneous utilities: utilities/ofp-discover,
- utilities/ofp-kill.
+ - Miscellaneous utilities: utilities/ovs-discover,
+ utilities/ovs-kill.
- Tests: various binaries in tests/.
ext/ezio/ezio-term.
- Switch monitoring UI for small text displays:
- ext/ezio/ofp-switchui.
+ ext/ezio/ovs-switchui.
If you passed --with-l26 to configure, "make" will also build the
following kernel modules:
have been loaded, run "/sbin/lsmod" and check that openflow_mod is
listed.
-4. Test the userspace programs, as described under Testing Userspace
- Programs below.
-
-5. If you built the kernel module, test the kernel-based switch, as
- described under Testing the Kernel-Based Implementation below.
-
-Building the Linux Kernel-Based Switch
---------------------------------------
-
-To build the kernel module, follow the build process described above,
-but pass the location of the kernel build directory as an additional
-argument to the configure script, as described under step 1 in that
-section. Specify the location on --with-l26. For example, to build
-for a running instance of Linux 2.6:
-
- % ./configure --with-l26=/lib/modules/`uname -r`/build
-
-If you wish to build OpenFlow for an architecture other than the
-architecture used for compilation, you may specify the kernel
-architecture string using the KARCH variable when invoking the
-configure script. For example, to build OpenFlow for MIPS with Linux
-2.6:
-
- % ./configure --with-l24=/path/to/linux-2.6 KARCH=mips
-
+5. Test the virtuaal switch, as described under Testing the Virtual
+Switch below.
Building Debian Packages
========================
This form of configuration is not supported for the userspace
datapath-based switch.
- - By running the ofp-switch-setup program. This interactive
+ - By running the ovs-switch-setup program. This interactive
program will walk you through all the steps of configuring an
OpenFlow switch, including configuration of SSL certificates.
Run it without arguments, as root:
- % ofp-switch-setup
+ % ovs-switch-setup
This form of configuration is not supported for the userspace
datapath-based switch.
-Testing
-=======
-
-The following sets of instructions show how to use the OpenFlow
-reference implementation as a switch on a single machine. This can be
-used to verify that the distribution built properly. For full
-installation instructions, refer to the Installation section below.
-
-Userspace Datapath
-------------------
-
-These instructions use the OpenFlow userspace datapath ("udatapath").
-
-1. Start the OpenFlow controller running in the background, by running
- the "controller" program with a command like the following:
-
- # controller punix:/var/run/controller.sock &
-
- This command causes the controller to bind to the specified Unix
- domain socket, awaiting connections from OpenFlow switches. See
- controller(8) for details.
-
- The "controller" program does not require any special privilege, so
- you do not need to run it as root.
-
-2. The commands below must run as root, so log in as root, or use a
- program such as "su" to become root temporarily.
-
-3. Create a datapath instance running in the background. The command
- below creates a datapath that listens for connections from secchan
- on a Unix domain socket located in /var/run and services physical
- ports eth1 and eth2:
-
- # udatapath punix:/var/run/dp0.sock -i eth1,eth2 &
-
-4. Run secchan to start the secure channel connecting the datapath and
- the controller:
-
- # secchan unix:/var/run/controller.sock unix:/var/run/dp0.sock &
-
-5. Devices plugged into the network ports specified in step 2 should
- now be able to send packets to each other, as if they were plugged
- into ports on a conventional Ethernet switch.
-
Installation
============
-This section explains how to install OpenFlow in a network with one
+This section explains how to install OpenVSwitch in a network with one
controller and one or more switches, each of which runs on a separate
machine. Before you begin, you must decide on one of two ways for
each switch to reach the controller over the network:
Make sure the machine hosting the controller is reachable by the
switch.
-Userspace Datapath-Based Setup
-------------------------------
-
-On a machine that is to host an OpenFlow userspace datapath-based
-switch, follow the procedure below.
-
-0. The commands below must run as root, so log in as root, or use a
- program such as "su" to become root temporarily.
-
-1. Create a datapath instance running in the background. The command
- below creates a datapath that listens for connections from secchan
- on a Unix domain socket located in /var/run, services physical
- ports eth1 and eth2, and creates a TAP network device named "tap0"
- for use in in-band control:
-
- # udatapath punix:/var/run/dp0.sock -i eth1,eth2 --local-port=tap:tap0 &
-
- (See udatapath(8) for details.)
-
- If the switch will connect to the controller out-of-band, then the
- --local-port option may be omitted, or --no-local-port may be
- substituted.
-
-3. Arrange so that the switch can reach the controller over the
- network.
-
- - If you are using out-of-band control, at this point make sure
- that the switch machine can reach the controller over the
- network.
-
- - If you are using in-band control with manual configuration, at
- this point the TAP network device created in step 1 is not
- bridged to any physical network, so the next step depends on
- whether connectivity is required to configure the device's IP
- address:
-
- * If the switch has a static IP address, you may configure
- its IP address now, e.g.:
-
- # ifconfig tap0 192.168.1.1
-
- * If the switch does not have a static IP address, e.g. its
- IP address is obtained dynamically via DHCP, then proceed
- to step 4. The DHCP client will not be able to contact
- the DHCP server until the secure channel has started up.
-
- - If you are using in-band control with controller discovery, no
- configuration is required at this point. You may proceed to
- step 4.
-
-4. Run secchan to start the secure channel connecting the datapath to
- a remote controller. If the controller is running on host
- 192.168.1.2 port 6633 (the default port), the secchan invocation
- would look like this:
-
- # secchan unix:/var/run/dp0.sock tcp:192.168.1.2
-
- - If you are using in-band control with controller discovery, omit
- the second argument to the secchan command.
-
- - If you are using out-of-band control, add --out-of-band to the
- command line.
-
-5. If you are using in-band control with manual configuration, and the
- switch obtains its IP address dynamically, then you may now obtain
- the switch's IP address, e.g. by invoking a DHCP client. The
- secure channel will only be able to connect to the controller after
- an IP address has been obtained.
-
-6. The secure channel should connect to the controller within a few
- seconds. It may take a little longer if controller discovery is in
- use, because the switch must then also obtain its own IP address
- and the controller's location via DHCP.
-
-Testing the Kernel-Based Implementation
----------------------------------------
+Testing the Virtual Switch
+--------------------------
-The OpenFlow kernel module must be loaded, as described under
+The OpenVSwitch kernel module must be loaded, as described under
"Building Conventionally", before it may be used.
0. The commands below must run as root, so log in as root, or use a
# dpctl adddp dp0
- (dp0 is the first datapath within a host. openflow_mod supports
+ (dp0 is the first datapath within a host. openvswitch_mod supports
multiple datapaths within the same host, which would be identified
as dp1, dp2, etc.)
Secure operation over SSL
-------------------------
-The instructions above set up OpenFlow for operation over a plaintext
-TCP connection. Production use of OpenFlow should use SSL[*] to
-ensure confidentiality and authenticity of traffic among switches and
-controllers. The source must be configured with --enable-ssl=yes to
-build with SSL support.
+The instructions above set up OpenVSwitch for operation over a
+plaintext TCP connection. Production use of OpenVSwitch should use
+SSL[*] to ensure confidentiality and authenticity of traffic among
+switches and controllers. The source must be configured with
+--enable-ssl=yes to build with SSL support.
-To use SSL with OpenFlow, you must set up a public-key infrastructure
+To use SSL with OpenVSwitch, you must set up a public-key infrastructure
(PKI) including a pair of certificate authorities (CAs), one for
controllers and one for switches. If you have an established PKI,
-OpenFlow can use it directly. Otherwise, refer to "Establishing a
+OpenVSwitch can use it directly. Otherwise, refer to "Establishing a
Public Key Infrastructure" below.
To configure the controller to listen for SSL connections on port 6633
# secchan -v DATAPATH ssl:192.168.1.2 --private-key=sc-privkey.pem \
--certificate=sc-cert.pem --ca-cert=pki/controllerca/cacert.pem
-[*] To be specific, OpenFlow uses TLS version 1.0 or later (TLSv1), as
+[*] To be specific, OpenVSwitch uses TLS version 1.0 or later (TLSv1), as
specified by RFC 2246, which is very similar to SSL version 3.0.
TLSv1 was released in January 1999, so all current software and
hardware should implement it.
Establishing a Public Key Infrastructure
----------------------------------------
-If you do not have a PKI, the ofp-pki script included with OpenFlow
+If you do not have a PKI, the ovs-pki script included with OpenVSwitch
can help. To create an initial PKI structure, invoke it as:
- % ofp-pki init
+ % ovs-pki init
which will create and populate a new PKI directory. The default
-location for the PKI directory depends on how the OpenFlow tree was
+location for the PKI directory depends on how the OpenVSwitch tree was
configured (to see the configured default, look for the --dir option
-description in the output of "ofp-pki --help").
+description in the output of "ovs-pki --help").
The pki directory contains two important subdirectories. The
controllerca subdirectory contains controller certificate authority
no need for switches or controllers to have a copy of it.
After you create the initial structure, you can create keys and
-certificates for switches and controllers with ofp-pki. To create a
+certificates for switches and controllers with ovs-pki. To create a
controller private key and certificate in files named ctl-privkey.pem
and ctl-cert.pem, for example, you could run:
- % ofp-pki req+sign ctl controller
+ % ovs-pki req+sign ctl controller
ctl-privkey.pem and ctl-cert.pem would need to be copied to the
controller for its use at runtime (they could then be deleted from
their original locations). The --private-key and --certificate
Analogously, to create a switch private key and certificate in files
named sc-privkey.pem and sc-cert.pem, for example, you could run:
- % ofp-pki req+sign sc switch
+ % ovs-pki req+sign sc switch
sc-privkey.pem and sc-cert.pem would need to be copied to the switch
for its use at runtime (they could then be deleted from their original
locations). The --private-key and --certificate options,
Bug Reporting
-------------
-Please report problems to:
-info@openflowswitch.org
+Please report problems to ovs-bugs@openvswitch.org.
+++ /dev/null
-The following features are temporarily missing, pending time to
-reimplement them with the new architecture:
-
-- STP support in secchan (note that this is distinct from STP support
- in vswitchd).
-
-- SNAT support in secchan (but SNAT is still supported in the kernel
- datapath).
-
-- udatapath.
- OpenFlow Reference Release <http://openflowswitch.org>
+ OpenVSwitch <http://openvswitch.org>
-What is OpenFlow?
------------------
+What is OpenVSwitch?
+--------------------
-OpenFlow is a flow-based switch specification designed to enable
-researchers to run experiments in live networks. OpenFlow is based on a
-simple Ethernet flow switch that exposes a standardized interface for
-adding and removing flow entries.
+OpenVSwitch is an Ethernet switch for virtual servers with the
+following features:
-An OpenFlow switch consists of three parts: (1) A "flow table" in
-which each flow entry is associated with an action telling the switch
-how to process the flow, (2) a "secure channel" that connects the switch
-to a remote process (a controller), allowing commands and packets to
-be sent between the controller and the switch, and (3) an OpenFlow
-protocol implementation, providing an open and standard way for a
-controller to talk to the switch.
+ * NIC bonding with automatic fail-over and source MAC-based TX
+ load balancing ("SLB").
-An OpenFlow switch can thus serve as a simple datapath element that
-forwards packets between ports according to flow actions defined by
-the controller using OpenFlow commands. Example actions are:
+ * 802.1Q VLAN support.
- - Forward this flow's packets to the given port(s)
- - Drop this flow's packets
- - Encapsulate and forward this flow's packets to the controller.
+ * Port mirroring, with optional VLAN tagging.
-The OpenFlow switch is defined in detail in the OpenFlow switch
-Specification [2].
+ * NetFlow v5 flow logging.
+
+ * Connectivity to an external OpenFlow controller, such as
+ NOX.
What's here?
------------
-This distribution includes two reference implementations of an
-OpenFlow switch. The first implementation, which is closely tied to
-Linux because it is partially implemented in the Linux kernel, has the
-following components:
+The most important components of this distribution are:
- - A Linux kernel module that implements the flow table, in the
+ - A Linux kernel module for flow-based switching, in the
datapath directory.
- - secchan, a program that implements the secure channel
- component of the reference switch.
-
- - dpctl, a tool for configuring the datapath and OpenFlow
- switches in general.
-
-The second implementation has the following components:
+ - vswitchd, a daemon that implements the virtual switch.
- - udatapath, which implements the same functionality as the
- Linux kernel module in userspace, at a cost in performance.
-
- - secchan, a program that implements the secure channel
- component of the reference switch (the same program used in
- the kernel-based implementation).
+ - dpctl, a tool for configuring the kernel module and
+ controlling OpenFlow switches.
This distribution includes some additional software as well:
- - controller, a simple program that connects to any number of
- OpenFlow switches, commanding them to act as regular MAC
- learning switches.
+ - secchan, a program that implements a simple OpenFlow switch
+ (without the special features provided by vswitchd) using
+ the same kernel module as vswitchd.
+
+ - controller, a simple OpenFlow switch
- vlogconf, a utility that can adjust the logging levels of a
running secchan or controller.
- - ofp-pki, a utility for creating and managing the public-key
+ - ovs-pki, a utility for creating and managing the public-key
infrastructure for OpenFlow switches.
- A patch to tcpdump that enables it to parse OpenFlow
Platform support
----------------
-Other than the Linux kernel module and userspace switch
-implementation, the software in the OpenFlow distribution should
-compile under Unix-like environments such as Linux, FreeBSD, Mac OS X,
-and Solaris. Our primary test environment is Debian GNU/Linux.
-Please contact us with portability-related bug reports or patches.
+Our primary test environment is Debian GNU/Linux. Ports to other
+platforms are welcome. Please contact us with portability-related bug
+reports or patches.
-The Linux kernel module is, of course, Linux-specific, and the dpctl
-utility will not be useful without the kernel module. The testing of
-the kernel module has focused on version 2.6.18 from Xen and version
-2.6.26 from kernel.org. Linux 2.6 releases from 2.6.15 onward should
-also work.
-
-The userspace datapath implementation should be easy to port to
-Unix-like systems. The interface to network devices, in netdev.c, is
-the code most likely to need changes. So far, only Linux is
-supported. We welcome ports to other platforms.
+The testing of the kernel module has focused on version 2.6.18 from
+Xen and version 2.6.26 from kernel.org. Linux 2.6 releases from
+2.6.15 onward should also work.
GCC is the expected compiler.
-References
-----------
-
- [1] OpenFlow: Enabling Innovation in College Networks. Whitepaper.
- <http://openflowswitch.org/documents/openflow-wp-latest.pdf>
-
- [2] OpenFlow Switch Specification.
- <http://openflowswitch.org/documents/openflow-spec-latest.pdf>
-
Contact
-------
-e-mail: info@openflowswitch.org
-www: http://openflowswitch.org/
+ovs-bugs@openvswitch.org
+http://openvswitch.org/
# advertising or publicity pertaining to the Software or any
# derivatives without specific, written prior permission.
-dnl OFP_CHECK_LINUX(OPTION, VERSION, VARIABLE, CONDITIONAL)
+dnl OVS_CHECK_LINUX(OPTION, VERSION, VARIABLE, CONDITIONAL)
dnl
dnl Configure linux kernel source tree
-AC_DEFUN([OFP_CHECK_LINUX], [
+AC_DEFUN([OVS_CHECK_LINUX], [
AC_ARG_WITH([$1],
[AC_HELP_STRING([--with-$1=/path/to/linux-$2],
[Specify the linux $2 kernel sources])],
! test -e "$path"/include/linux/autoconf.h; then
AC_MSG_ERROR([Linux kernel source in $path is not configured])
fi
- m4_if($2, [2.6], [OFP_CHECK_LINUX26_COMPAT])
+ m4_if($2, [2.6], [OVS_CHECK_LINUX26_COMPAT])
fi
AM_CONDITIONAL($4, test -n "$path")
])
-dnl OFP_GREP_IFELSE(FILE, REGEX, IF-MATCH, IF-NO-MATCH)
+dnl OVS_GREP_IFELSE(FILE, REGEX, IF-MATCH, IF-NO-MATCH)
dnl
dnl Greps FILE for REGEX. If it matches, runs IF-MATCH, otherwise IF-NO-MATCH.
-AC_DEFUN([OFP_GREP_IFELSE], [
+AC_DEFUN([OVS_GREP_IFELSE], [
AC_MSG_CHECKING([whether $2 matches in $1])
grep '$2' $1 >/dev/null 2>&1
status=$?
esac
])
-dnl OFP_DEFINE(NAME)
+dnl OVS_DEFINE(NAME)
dnl
dnl Defines NAME to 1 in kcompat.h.
-AC_DEFUN([OFP_DEFINE], [
+AC_DEFUN([OVS_DEFINE], [
echo '#define $1 1' >> datapath/linux-2.6/kcompat.h.new
])
-AC_DEFUN([OFP_CHECK_VETH], [
+AC_DEFUN([OVS_CHECK_VETH], [
AC_MSG_CHECKING([whether to build veth module])
if test "$sublevel" = 18; then
AC_MSG_RESULT([yes])
fi
])
-AC_DEFUN([OFP_CHECK_LOG2_H], [
+AC_DEFUN([OVS_CHECK_LOG2_H], [
AC_MSG_CHECKING([for $KSRC26/include/linux/log2.h])
if test -e $KSRC26/include/linux/log2.h; then
AC_MSG_RESULT([yes])
- OFP_DEFINE([HAVE_LOG2_H])
+ OVS_DEFINE([HAVE_LOG2_H])
else
AC_MSG_RESULT([no])
fi
])
-dnl OFP_CHECK_LINUX26_COMPAT
+dnl OVS_CHECK_LINUX26_COMPAT
dnl
dnl Runs various Autoconf checks on the Linux 2.6 kernel source in
dnl the directory in $KSRC26.
-AC_DEFUN([OFP_CHECK_LINUX26_COMPAT], [
+AC_DEFUN([OVS_CHECK_LINUX26_COMPAT], [
rm -f datapath/linux-2.6/kcompat.h.new
mkdir -p datapath/linux-2.6
: > datapath/linux-2.6/kcompat.h.new
- OFP_GREP_IFELSE([$KSRC26/include/linux/skbuff.h], [skb_transport_header],
- [OFP_DEFINE([HAVE_SKBUFF_HEADER_HELPERS])])
- OFP_GREP_IFELSE([$KSRC26/include/linux/skbuff.h], [raw],
- [OFP_DEFINE([HAVE_MAC_RAW])])
- OFP_GREP_IFELSE([$KSRC26/include/linux/skbuff.h],
+ OVS_GREP_IFELSE([$KSRC26/include/linux/skbuff.h], [skb_transport_header],
+ [OVS_DEFINE([HAVE_SKBUFF_HEADER_HELPERS])])
+ OVS_GREP_IFELSE([$KSRC26/include/linux/skbuff.h], [raw],
+ [OVS_DEFINE([HAVE_MAC_RAW])])
+ OVS_GREP_IFELSE([$KSRC26/include/linux/skbuff.h],
[skb_copy_from_linear_data_offset],
- [OFP_DEFINE([HAVE_SKB_COPY_FROM_LINEAR_DATA_OFFSET])])
- OFP_GREP_IFELSE([$KSRC26/include/net/netlink.h], [NLA_NUL_STRING],
- [OFP_DEFINE([HAVE_NLA_NUL_STRING])])
- OFP_GREP_IFELSE([$KSRC26/include/linux/err.h], [ERR_CAST],
- [OFP_DEFINE([HAVE_ERR_CAST])])
- OFP_CHECK_LOG2_H
- OFP_CHECK_VETH
+ [OVS_DEFINE([HAVE_SKB_COPY_FROM_LINEAR_DATA_OFFSET])])
+ OVS_GREP_IFELSE([$KSRC26/include/net/netlink.h], [NLA_NUL_STRING],
+ [OVS_DEFINE([HAVE_NLA_NUL_STRING])])
+ OVS_GREP_IFELSE([$KSRC26/include/linux/err.h], [ERR_CAST],
+ [OVS_DEFINE([HAVE_ERR_CAST])])
+ OVS_CHECK_LOG2_H
+ OVS_CHECK_VETH
if cmp -s datapath/linux-2.6/kcompat.h.new \
datapath/linux-2.6/kcompat.h >/dev/null 2>&1; then
rm datapath/linux-2.6/kcompat.h.new
])
dnl Checks for net/if_packet.h.
-AC_DEFUN([OFP_CHECK_IF_PACKET],
+AC_DEFUN([OVS_CHECK_IF_PACKET],
[AC_CHECK_HEADER([net/if_packet.h],
[HAVE_IF_PACKET=yes],
[HAVE_IF_PACKET=no])
[Define to 1 if net/if_packet.h is available.])
fi])
-dnl Enable OpenFlow extension submodule.
-AC_DEFUN([OFP_ENABLE_EXT],
+dnl Enable OpenVSwitch extension submodule.
+AC_DEFUN([OVS_ENABLE_EXT],
[AC_ARG_ENABLE([ext],
AS_HELP_STRING([--enable-ext],
- [use OpenFlow extensions
+ [use OpenVSwitch extensions
(default is yes if "ext" dir exists)]))
case "${enable_ext}" in
(yes)
AC_MSG_ERROR([cannot configure extensions without "ext" directory])
fi
AC_DEFINE([HAVE_EXT], [1],
- [Whether the OpenFlow extensions submodule is available])
+ [Whether the OpenVSwitch extensions submodule is available])
fi
AM_CONDITIONAL([HAVE_EXT], [test $HAVE_EXT = yes])])
dnl Checks for dpkg-buildpackage. If this is available then we check
dnl that the Debian packaging is functional at "make distcheck" time.
-AC_DEFUN([OFP_CHECK_DPKG_BUILDPACKAGE],
+AC_DEFUN([OVS_CHECK_DPKG_BUILDPACKAGE],
[AC_CHECK_PROG([HAVE_DPKG_BUILDPACKAGE], [dpkg-buildpackage], [yes], [no])
AM_CONDITIONAL([HAVE_DPKG_BUILDPACKAGE],
[test $HAVE_DPKG_BUILDPACKAGE = yes])])
dnl gives unlimited permission to copy and/or distribute it,
dnl with or without modifications, as long as this notice is preserved.
-dnl OFP_CHECK_CC_OPTION([OPTION], [ACTION-IF-ACCEPTED], [ACTION-IF-REJECTED])
+dnl OVS_CHECK_CC_OPTION([OPTION], [ACTION-IF-ACCEPTED], [ACTION-IF-REJECTED])
dnl Check whether the given C compiler OPTION is accepted.
dnl If so, execute ACTION-IF-ACCEPTED, otherwise ACTION-IF-REJECTED.
-AC_DEFUN([OFP_CHECK_CC_OPTION],
+AC_DEFUN([OVS_CHECK_CC_OPTION],
[
- m4_define([ofp_cv_name], [ofp_cv_[]m4_translit([$1], [-], [_])])dnl
- AC_CACHE_CHECK([whether $CC accepts $1], [ofp_cv_name],
- [ofp_save_CFLAGS="$CFLAGS"
+ m4_define([ovs_cv_name], [ovs_cv_[]m4_translit([$1], [-], [_])])dnl
+ AC_CACHE_CHECK([whether $CC accepts $1], [ovs_cv_name],
+ [ovs_save_CFLAGS="$CFLAGS"
CFLAGS="$CFLAGS $1"
- AC_COMPILE_IFELSE([AC_LANG_PROGRAM(,)], [ofp_cv_name[]=yes], [ofp_cv_name[]=no])
- CFLAGS="$ofp_save_CFLAGS"])
- if test $ofp_cv_name = yes; then
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM(,)], [ovs_cv_name[]=yes], [ovs_cv_name[]=no])
+ CFLAGS="$ovs_save_CFLAGS"])
+ if test $ovs_cv_name = yes; then
m4_if([$2], [], [;], [$2])
else
m4_if([$3], [], [:], [$3])
fi
])
-dnl OFP_ENABLE_OPTION([OPTION])
+dnl OVS_ENABLE_OPTION([OPTION])
dnl Check whether the given C compiler OPTION is accepted.
dnl If so, add it to CFLAGS.
-dnl Example: OFP_ENABLE_OPTION([-Wdeclaration-after-statement])
-AC_DEFUN([OFP_ENABLE_OPTION],
- [OFP_CHECK_CC_OPTION([$1], [CFLAGS="$CFLAGS $1"])])
+dnl Example: OVS_ENABLE_OPTION([-Wdeclaration-after-statement])
+AC_DEFUN([OVS_ENABLE_OPTION],
+ [OVS_CHECK_CC_OPTION([$1], [CFLAGS="$CFLAGS $1"])])
dnl ----------------------------------------------------------------------
(--enable-ext) have_ext=yes ;;
(--disable-ext) have_ext=no ;;
(--help) cat <<EOF
-$0: bootstrap OpenFlow from a checked-out VCS tree
+$0: bootstrap OpenVSwitch from a checked-out VCS tree
usage: $0 [OPTIONS]
The recognized options are:
- --enable-ext include openflowext
- --disable-ext exclude openflowext
-By default, openflowext is included if it is present.
+ --enable-ext include vswitchext
+ --disable-ext exclude vswitchext
+By default, vswitchext is included if it is present.
EOF
exit 0
;;
# Enable or disable ext.
if test "$have_ext" = yes; then
- echo 'Enabling openflowext...'
+ echo 'Enabling vswitchext...'
echo 'include ext/automake.mk' > ext.mk
echo 'm4_include([ext/configure.m4])' > ext.m4
cat debian/control.in ext/debian/control.in > debian/control
test -e debian/$d || ln -s ../ext/debian/$d debian/$d
done
else
- echo 'Disabling openflowext...'
+ echo 'Disabling vswitchext...'
echo '# This file intentionally left blank.' > ext.mk
echo '# This file intentionally left blank.' > ext.m4
cat debian/control.in > debian/control
# derivatives without specific, written prior permission.
AC_PREREQ(2.60)
-AC_INIT(openflow, 0.8.9~1, info@openflowswitch.org)
+AC_INIT(openvswitch, 0.90.0, ovs-bugs@openvswitch.org)
NX_BUILDNR
AC_CONFIG_SRCDIR([datapath/datapath.c])
AC_CONFIG_MACRO_DIR([m4])
AC_MSG_ERROR([Perl interpreter not found in $PATH or $PERL.])
fi
-OFP_CHECK_LIBOPENFLOW
-OFP_CHECK_IF_PACKET
+OVS_CHECK_LIBOPENVSWITCH
+OVS_CHECK_IF_PACKET
AC_SYS_LARGEFILE
AC_CHECK_FUNCS([strsignal])
AC_ARG_VAR(KARCH, [Kernel Architecture String])
AC_SUBST(KARCH)
-OFP_CHECK_LINUX(l26, 2.6, KSRC26, L26_ENABLED)
+OVS_CHECK_LINUX(l26, 2.6, KSRC26, L26_ENABLED)
-OFP_CHECK_DPKG_BUILDPACKAGE
+OVS_CHECK_DPKG_BUILDPACKAGE
-OFP_ENABLE_OPTION([-Wall])
-OFP_ENABLE_OPTION([-Wno-sign-compare])
-OFP_ENABLE_OPTION([-Wpointer-arith])
-OFP_ENABLE_OPTION([-Wdeclaration-after-statement])
-OFP_ENABLE_OPTION([-Wformat-security])
-OFP_ENABLE_OPTION([-Wswitch-enum])
-OFP_ENABLE_OPTION([-Wunused-parameter])
-OFP_ENABLE_OPTION([-Wstrict-aliasing])
-OFP_ENABLE_OPTION([-Wbad-function-cast])
-OFP_ENABLE_OPTION([-Wcast-align])
-OFP_ENABLE_OPTION([-Wstrict-prototypes])
-OFP_ENABLE_OPTION([-Wold-style-definition])
-OFP_ENABLE_OPTION([-Wmissing-prototypes])
-OFP_ENABLE_OPTION([-Wmissing-field-initializers])
-OFP_ENABLE_OPTION([-Wno-override-init])
+OVS_ENABLE_OPTION([-Wall])
+OVS_ENABLE_OPTION([-Wno-sign-compare])
+OVS_ENABLE_OPTION([-Wpointer-arith])
+OVS_ENABLE_OPTION([-Wdeclaration-after-statement])
+OVS_ENABLE_OPTION([-Wformat-security])
+OVS_ENABLE_OPTION([-Wswitch-enum])
+OVS_ENABLE_OPTION([-Wunused-parameter])
+OVS_ENABLE_OPTION([-Wstrict-aliasing])
+OVS_ENABLE_OPTION([-Wbad-function-cast])
+OVS_ENABLE_OPTION([-Wcast-align])
+OVS_ENABLE_OPTION([-Wstrict-prototypes])
+OVS_ENABLE_OPTION([-Wold-style-definition])
+OVS_ENABLE_OPTION([-Wmissing-prototypes])
+OVS_ENABLE_OPTION([-Wmissing-field-initializers])
+OVS_ENABLE_OPTION([-Wno-override-init])
-OFP_ENABLE_EXT
+OVS_ENABLE_EXT
m4_include([ext.m4])
AC_CONFIG_FILES([Makefile
DISTCLEANFILES += controller/controller.8
controller_controller_SOURCES = controller/controller.c
-controller_controller_LDADD = lib/libopenflow.a $(FAULT_LIBS) $(SSL_LIBS)
+controller_controller_LDADD = lib/libopenvswitch.a $(FAULT_LIBS) $(SSL_LIBS)
EXTRA_DIST += controller/controller.8.in
-.TH controller 8 "March 2009" "OpenFlow" "OpenFlow Manual"
+.TH controller 8 "March 2009" "OpenVSwitch" "OpenVSwitch Manual"
.ds PN controller
.SH NAME
recommended, flows will never expire. The default is 60 seconds.
This option affects only flows set up by the OpenFlow controller. In
-some configurations, the OpenFlow secure channel can set up some flows
+some configurations, the switch can set up some flows
on its own. To set the idle time for those flows, pass
-\fB--max-idle\fR to \fBsecchan\fR(8).
+\fB--max-idle\fR to \fBsecchan\fR (on the switch).
This option has no effect when \fB-n\fR (or \fB--noflow\fR) is in use
(because the controller does not set up flows in that case).
signal(SIGPIPE, SIG_IGN);
if (argc - optind < 1) {
- ofp_fatal(0, "at least one vconn argument required; "
+ ovs_fatal(0, "at least one vconn argument required; "
"use --help for usage");
}
retval = vconn_open(name, OFP_VERSION, &vconn);
if (!retval) {
if (n_switches >= MAX_SWITCHES) {
- ofp_fatal(0, "max %d switch connections", n_switches);
+ ovs_fatal(0, "max %d switch connections", n_switches);
}
new_switch(&switches[n_switches++], vconn, name);
continue;
retval = pvconn_open(name, &pvconn);
if (!retval) {
if (n_listeners >= MAX_LISTENERS) {
- ofp_fatal(0, "max %d passive connections", n_listeners);
+ ovs_fatal(0, "max %d passive connections", n_listeners);
}
listeners[n_listeners++] = pvconn;
}
}
}
if (n_switches == 0 && n_listeners == 0) {
- ofp_fatal(0, "no active or passive switch connections");
+ ovs_fatal(0, "no active or passive switch connections");
}
die_if_already_running();
retval = unixctl_server_create(NULL, &unixctl);
if (retval) {
- ofp_fatal(retval, "Could not listen for unixctl connections");
+ ovs_fatal(retval, "Could not listen for unixctl connections");
}
while (n_switches > 0 || n_listeners > 0) {
} else {
max_idle = atoi(optarg);
if (max_idle < 1 || max_idle > 65535) {
- ofp_fatal(0, "--max-idle argument must be between 1 and "
+ ovs_fatal(0, "--max-idle argument must be between 1 and "
"65535 or the word 'permanent'");
}
}
-# Some modules should be built and distributed, e.g. openflow.
+# Some modules should be built and distributed, e.g. openvswitch.
#
# Some modules should be distributed but not built, e.g. we do not build
# veth if the kernel in question already has it.
#
# Some modules should be built but not distributed, e.g. third-party
# hwtable modules.
-both_modules = openflow
+both_modules = openvswitch
build_modules = $(both_modules) # Modules to build
dist_modules = $(both_modules) # Modules to distribute
-openflow_sources = \
+openvswitch_sources = \
actions.c \
datapath.c \
dp_dev.c \
snat.c \
table.c
-openflow_headers = \
+openvswitch_headers = \
actions.h \
compat.h \
datapath.h \
* Stanford Junior University
*/
-/* Functions for executing OpenFlow actions. */
+/* Functions for executing flow actions. */
#include <linux/skbuff.h>
#include <linux/in.h>
#include "datapath.h"
#include "dp_dev.h"
#include "actions.h"
-#include "openflow/datapath-protocol.h"
+#include "openvswitch/datapath-protocol.h"
#include "snat.h"
struct sk_buff *
#include <linux/proc_fs.h>
#include <linux/seq_file.h>
#include <net/genetlink.h>
-#include "openflow/brcompat-netlink.h"
+#include "openvswitch/brcompat-netlink.h"
/* This code implements a Generic Netlink command BRC_GENL_C_SET_PROC that can
* be used to add, modify, and delete arbitrary files in selected
#include <linux/version.h>
/*
- * Sysfs attributes of bridge for OpenFlow
+ * Sysfs attributes of bridge for OpenVSwitch
*
* This has been shamelessly copied from the kernel sources.
*/
#if LINUX_VERSION_CODE == KERNEL_VERSION(2,6,18)
/*
- * Sysfs attributes of bridge ports for OpenFlow
+ * Sysfs attributes of bridge ports for OpenVSwitch
*
* This has been shamelessly copied from the kernel sources.
*/
#include <net/genetlink.h>
#include "compat.h"
-#include "openflow/openflow-netlink.h"
-#include "openflow/brcompat-netlink.h"
+#include "openvswitch/brcompat-netlink.h"
#include "brc_procfs.h"
#include "brc_sysfs.h"
#include "datapath.h"
int i;
int err;
- printk("OpenFlow Bridge Compatibility, built "__DATE__" "__TIME__"\n");
+ printk("OpenVSwitch Bridge Compatibility, built "__DATE__" "__TIME__"\n");
rcu_read_lock();
for (i=0; i<ODP_MAX; i++) {
/* Set the bridge ioctl handler */
brioctl_set(brc_ioctl_deviceless_stub);
- /* Set the OpenFlow device ioctl handler */
+ /* Set the openvswitch_mod device ioctl handler */
dp_ioctl_hook = brc_dev_ioctl;
/* Register hooks for datapath adds and deletes */
module_init(brc_init);
module_exit(brc_cleanup);
-MODULE_DESCRIPTION("OpenFlow bridge compatibility");
+MODULE_DESCRIPTION("OpenVSwitch bridge compatibility");
MODULE_AUTHOR("Copyright (c) 2009 The Board of Trustees of The Leland Stanford Junior University");
MODULE_LICENSE("GPL");
#include <linux/workqueue.h>
#include <linux/dmi.h>
-#include "openflow/datapath-protocol.h"
+#include "openvswitch/datapath-protocol.h"
#include "datapath.h"
#include "snat.h"
#include "actions.h"
return 0;
}
-static long openflow_ioctl(struct file *f, unsigned int cmd,
+static long openvswitch_ioctl(struct file *f, unsigned int cmd,
unsigned long argp)
{
int dp_idx = iminor(f->f_dentry->d_inode);
return 0;
}
-ssize_t openflow_read(struct file *f, char __user *buf, size_t nbytes,
+ssize_t openvswitch_read(struct file *f, char __user *buf, size_t nbytes,
loff_t *ppos)
{
int listeners = (int) f->private_data;
return retval;
}
-static unsigned int openflow_poll(struct file *file, poll_table *wait)
+static unsigned int openvswitch_poll(struct file *file, poll_table *wait)
{
int dp_idx = iminor(file->f_dentry->d_inode);
struct datapath *dp = get_dp(dp_idx);
return mask;
}
-const struct file_operations openflow_fops = {
- /* XXX .aio_read = openflow_aio_read, */
- .read = openflow_read,
- .poll = openflow_poll,
- .unlocked_ioctl = openflow_ioctl,
- /* XXX .fasync = openflow_fasync, */
+const struct file_operations openvswitch_fops = {
+ /* XXX .aio_read = openvswitch_aio_read, */
+ .read = openvswitch_read,
+ .poll = openvswitch_poll,
+ .unlocked_ioctl = openvswitch_ioctl,
+ /* XXX .fasync = openvswitch_fasync, */
};
static int major;
{
int err;
- printk("OpenFlow %s, built "__DATE__" "__TIME__"\n", VERSION BUILDNR);
+ printk("OpenVSwitch %s, built "__DATE__" "__TIME__"\n", VERSION BUILDNR);
err = flow_init();
if (err)
if (err)
goto error_flow_exit;
- major = register_chrdev(0, "openflow", &openflow_fops);
+ major = register_chrdev(0, "openvswitch", &openvswitch_fops);
if (err < 0)
goto error_unreg_notifier;
continue;
rtnl_unlock();
- printk("openflow: must delete bridges "
+ printk("openvswitch: must delete bridges "
"before loading\n");
err = -EBUSY;
goto error_unreg_notifier;
}
- printk("openflow: hijacking bridge hook\n");
+ printk("openvswitch: hijacking bridge hook\n");
}
br_handle_frame_hook = dp_frame_hook;
rtnl_unlock();
static void dp_cleanup(void)
{
- unregister_chrdev(major, "openflow");
+ unregister_chrdev(major, "openvswitch");
unregister_netdevice_notifier(&dp_device_notifier);
flow_exit();
br_handle_frame_hook = NULL;
module_init(dp_init);
module_exit(dp_cleanup);
-MODULE_DESCRIPTION("OpenFlow switching datapath");
+MODULE_DESCRIPTION("OpenVSwitch switching datapath");
MODULE_LICENSE("GPL");
-/* Interface exported by OpenFlow module. */
+/* Interface exported by openvswitch_mod. */
#ifndef DATAPATH_H
#define DATAPATH_H 1
static void dp_getinfo(struct net_device *netdev, struct ethtool_drvinfo *info)
{
struct dp_dev *dp_dev = dp_dev_priv(netdev);
- strcpy(info->driver, "openflow");
+ strcpy(info->driver, "openvswitch");
sprintf(info->bus_info, "%d", dp_dev->dp->dp_idx);
}
#define TCP_FLAGS_OFFSET 13
#define TCP_FLAG_MASK 0x3f
-static inline struct ofp_tcphdr *ofp_tcp_hdr(const struct sk_buff *skb)
+static inline struct ovs_tcphdr *ovs_tcp_hdr(const struct sk_buff *skb)
{
- return (struct ofp_tcphdr *)skb_transport_header(skb);
+ return (struct ovs_tcphdr *)skb_transport_header(skb);
}
void flow_used(struct sw_flow *flow, struct sk_buff *skb)
#include <linux/rcupdate.h>
#include <linux/gfp.h>
-#include "openflow/datapath-protocol.h"
+#include "openvswitch/datapath-protocol.h"
struct sk_buff;
/dp_notify.c
/flow.c
/genetlink-brcompat.c
-/genetlink-openflow.c
+/genetlink-openvswitch.c
/kcompat.h
/linux-2.6
/modules.order
-openflow_sources += \
- linux-2.6/compat-2.6/genetlink-openflow.c \
+openvswitch_sources += \
+ linux-2.6/compat-2.6/genetlink-openvswitch.c \
linux-2.6/compat-2.6/random32.c
-openflow_headers += \
+openvswitch_headers += \
linux-2.6/compat-2.6/compat26.h \
linux-2.6/compat-2.6/include/asm-generic/bug.h \
linux-2.6/compat-2.6/include/linux/dmi.h \
#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,23)
/* We fix grp->id to 32 so that it doesn't collide with any of the multicast
- * groups selected by openflow_mod, which uses groups 16 through 31. Collision
- * isn't fatal--multicast listeners should check that the family is the one
- * that they want and discard others--but it wastes time and memory to receive
- * unwanted messages. */
+ * groups selected by openvswitch_mod, which uses groups 16 through 31.
+ * Collision isn't fatal--multicast listeners should check that the family is
+ * the one that they want and discard others--but it wastes time and memory to
+ * receive unwanted messages. */
int genl_register_mc_group(struct genl_family *family,
struct genl_multicast_group *grp)
{
+++ /dev/null
-#include "net/genetlink.h"
-
-#include <linux/version.h>
-#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,23)
-
-/* We use multicast groups 16 through 31 to avoid colliding with the multicast
- * group selected by brcompat_mod, which uses groups 32. Collision isn't
- * fatal--multicast listeners should check that the family is the one that they
- * want and discard others--but it wastes time and memory to receive unwanted
- * messages. */
-int genl_register_mc_group(struct genl_family *family,
- struct genl_multicast_group *grp)
-{
- /* This code is called single-threaded. */
- static unsigned int next_id = 0;
- grp->id = next_id++ % 16 + 16;
- grp->family = family;
-
- return 0;
-}
-
-#endif /* kernel < 2.6.23 */
--- /dev/null
+#include "net/genetlink.h"
+
+#include <linux/version.h>
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,23)
+
+/* We use multicast groups 16 through 31 to avoid colliding with the multicast
+ * group selected by brcompat_mod, which uses groups 32. Collision isn't
+ * fatal--multicast listeners should check that the family is the one that they
+ * want and discard others--but it wastes time and memory to receive unwanted
+ * messages. */
+int genl_register_mc_group(struct genl_family *family,
+ struct genl_multicast_group *grp)
+{
+ /* This code is called single-threaded. */
+ static unsigned int next_id = 0;
+ grp->id = next_id++ % 16 + 16;
+ grp->family = family;
+
+ return 0;
+}
+
+#endif /* kernel < 2.6.23 */
}
spin_unlock_irqrestore(&p->lock, flags);
- /* Pass the translated packet as input to the OpenFlow stack, which
+ /* Pass the translated packet as input to the openvswitch stack, which
* consumes it. */
skb_push(skb, ETH_HLEN);
skb_reset_mac_header(skb);
/corekeeper
/files
/nicira-switch
-/openflow
-/openflow-common
-/openflow-common.copyright
-/openflow-controller
-/openflow-datapath-source
-/openflow-dbg
-/openflow-monitor
-/openflow-monitor.copyright
-/openflow-monitor.default
-/openflow-monitor.dirs
-/openflow-monitor.init
-/openflow-monitor.install
-/openflow-pki
-/openflow-pki-server
-/openflow-switch
-/openflow-switch-config
-/openflow-switch.copyright
-/openflow-switchui
-/openflow-switchui.copyright
-/openflow-switchui.default
-/openflow-switchui.dirs
-/openflow-switchui.init
-/openflow-switchui.install
-/openflow-wdt
-/openflow-wdt.copyright
-/openflow-wdt.default
-/openflow-wdt.dirs
-/openflow-wdt.init
-/openflow-wdt.install
+/openvswitch
+/openvswitch-common
+/openvswitch-common.copyright
+/openvswitch-controller
+/openvswitch-datapath-source
+/openvswitch-dbg
+/openvswitch-monitor
+/openvswitch-monitor.copyright
+/openvswitch-monitor.default
+/openvswitch-monitor.dirs
+/openvswitch-monitor.init
+/openvswitch-monitor.install
+/openvswitch-pki
+/openvswitch-pki-server
+/openvswitch-switch
+/openvswitch-switch-config
+/openvswitch-switch.copyright
+/openvswitch-switchui
+/openvswitch-switchui.copyright
+/openvswitch-switchui.default
+/openvswitch-switchui.dirs
+/openvswitch-switchui.init
+/openvswitch-switchui.install
+/openvswitch-wdt
+/openvswitch-wdt.copyright
+/openvswitch-wdt.default
+/openvswitch-wdt.dirs
+/openvswitch-wdt.init
+/openvswitch-wdt.install
/rules.ext
debian/corekeeper.cron.daily \
debian/corekeeper.init \
debian/dirs \
- debian/ofp-switch-setup \
- debian/ofp-switch-setup.8 \
- debian/openflow-common.dirs \
- debian/openflow-common.install \
- debian/openflow-common.manpages \
- debian/openflow-controller.README.Debian \
- debian/openflow-controller.default \
- debian/openflow-controller.dirs \
- debian/openflow-controller.init \
- debian/openflow-controller.install \
- debian/openflow-controller.manpages \
- debian/openflow-controller.postinst \
- debian/openflow-datapath-module-_KVERS_.postinst.modules.in \
- debian/openflow-datapath-source.README.Debian \
- debian/openflow-datapath-source.copyright \
- debian/openflow-datapath-source.dirs \
- debian/openflow-datapath-source.install \
- debian/openflow-pki-server.apache2 \
- debian/openflow-pki-server.dirs \
- debian/openflow-pki-server.install \
- debian/openflow-pki-server.postinst \
- debian/openflow-pki.postinst \
- debian/openflow-switch-config.dirs \
- debian/openflow-switch-config.install \
- debian/openflow-switch-config.manpages \
- debian/openflow-switch-config.overrides \
- debian/openflow-switch-config.templates \
- debian/openflow-switch.README.Debian \
- debian/openflow-switch.dirs \
- debian/openflow-switch.init \
- debian/openflow-switch.install \
- debian/openflow-switch.logrotate \
- debian/openflow-switch.manpages \
- debian/openflow-switch.postinst \
- debian/openflow-switch.postrm \
- debian/openflow-switch.template \
+ debian/ovs-switch-setup \
+ debian/ovs-switch-setup.8 \
+ debian/openvswitch-common.dirs \
+ debian/openvswitch-common.install \
+ debian/openvswitch-common.manpages \
+ debian/openvswitch-controller.README.Debian \
+ debian/openvswitch-controller.default \
+ debian/openvswitch-controller.dirs \
+ debian/openvswitch-controller.init \
+ debian/openvswitch-controller.install \
+ debian/openvswitch-controller.manpages \
+ debian/openvswitch-controller.postinst \
+ debian/openvswitch-datapath-module-_KVERS_.postinst.modules.in \
+ debian/openvswitch-datapath-source.README.Debian \
+ debian/openvswitch-datapath-source.copyright \
+ debian/openvswitch-datapath-source.dirs \
+ debian/openvswitch-datapath-source.install \
+ debian/openvswitch-pki-server.apache2 \
+ debian/openvswitch-pki-server.dirs \
+ debian/openvswitch-pki-server.install \
+ debian/openvswitch-pki-server.postinst \
+ debian/openvswitch-pki.postinst \
+ debian/openvswitch-switch-config.dirs \
+ debian/openvswitch-switch-config.install \
+ debian/openvswitch-switch-config.manpages \
+ debian/openvswitch-switch-config.overrides \
+ debian/openvswitch-switch-config.templates \
+ debian/openvswitch-switch.README.Debian \
+ debian/openvswitch-switch.dirs \
+ debian/openvswitch-switch.init \
+ debian/openvswitch-switch.install \
+ debian/openvswitch-switch.logrotate \
+ debian/openvswitch-switch.manpages \
+ debian/openvswitch-switch.postinst \
+ debian/openvswitch-switch.postrm \
+ debian/openvswitch-switch.template \
debian/po/POTFILES.in \
debian/po/templates.pot \
debian/rules
-openflow (0.8.1) unstable; urgency=low
+openvswitch (0.90.0) unstable; urgency=low
* Development version.
- -- OpenFlow team <openflow-dev@lists.stanford.edu> Mon, 19 Nov 2007 14:57:52 -0800
+ -- OpenVSwitch developers <ovs-dev@openvswitch.org> Mon, 19 Nov 2007 14:57:52 -0800
use strict;
use warnings;
-my $default = '/etc/default/openflow-switch';
+my $default = '/etc/default/openvswitch-switch';
my (%config) = load_config($default);
if (@ARGV) {
-Source: openflow
+Source: openvswitch
Section: net
Priority: extra
-Maintainer: OpenFlow Team <openflow-dev@lists.stanford.edu>
+Maintainer: OpenVSwitch developers <ovs-dev@openvswitch.org>
Build-Depends: debhelper (>= 5), autoconf (>= 2.60), automake1.10, libssl-dev, pkg-config (>= 0.21), po-debconf, bzip2, openssl, libncurses5-dev, libpcre3-dev
Standards-Version: 3.7.3
-Package: openflow-datapath-source
+Package: openvswitch-datapath-source
Architecture: all
Depends: module-assistant, bzip2, debhelper (>= 5.0.37)
-Suggests: openflow-switch
-Description: Source code for OpenFlow datapath Linux module
- This package provides the OpenFlow datapath module source code that
- is needed by the kernel-based OpenFlow switch. The kernel module can
- be built from it using module-assistant or make-kpkg. README.Debian
- in this package provides further instructions.
+Suggests: openvswitch-switch
+Description: Source code for OpenVSwitch datapath Linux module
+ This package provides the OpenVSwitch datapath module source code
+ that is needed by openvswitch-switch. The kernel module can be built
+ from it using module-assistant or make-kpkg. README.Debian in this
+ package provides further instructions.
.
- OpenFlow is a protocol for flow-based control over network switching.
+ OpenVSwitch is a software-based Ethernet switch targeted at virtual
+ servers.
-Package: openflow-common
+Package: openvswitch-common
Architecture: any
Depends: ${shlibs:Depends}, openssl
-Description: OpenFlow common components
- openflow-common provides components required by both openflow-switch
- and openflow-controller.
+Description: OpenVSwitch common components
+ openvswitch-common provides components required by both openvswitch-switch
+ and openvswitch-controller.
.
- OpenFlow is a protocol for flow-based control over network switching.
+ OpenVSwitch is a software-based Ethernet switch targeted at virtual
+ servers.
-Package: openflow-switch
+Package: openvswitch-switch
Architecture: any
-Suggests: openflow-datapath-module
-Depends: ${shlibs:Depends}, ${misc:Depends}, openflow-common, dhcp3-client, module-init-tools, dmidecode, procps, debianutils
-Description: OpenFlow switch implementations
- openflow-switch provides the userspace components and utilities for
- the OpenFlow kernel-based switch.
+Suggests: openvswitch-datapath-module
+Depends: ${shlibs:Depends}, ${misc:Depends}, openvswitch-common, dhcp3-client, module-init-tools, dmidecode, procps, debianutils
+Description: OpenVSwitch switch implementations
+ openvswitch-switch provides the userspace components and utilities for
+ the Openvswitch kernel-based switch.
.
- OpenFlow is a protocol for flow-based control over network switching.
+ OpenVSwitch is a software-based Ethernet switch targeted at virtual
+ servers.
-Package: openflow-switch-config
+Package: openvswitch-switch-config
Architecture: any
-Depends: ${shlibs:Depends}, ${misc:Depends}, openflow-switch, libwww-perl, libdigest-sha1-perl
-Description: OpenFlow switch implementations
- openflow-switch-config provides a utility for interactively configuring
- the OpenFlow switch provided in the openflow-switch package.
+Depends: ${shlibs:Depends}, ${misc:Depends}, openvswitch-switch, libwww-perl, libdigest-sha1-perl
+Description: OpenVSwitch switch implementations
+ openvswitch-switch-config provides a utility for interactively configuring
+ the OpenVSwitch switch provided in the openvswitch-switch package.
.
- OpenFlow is a protocol for flow-based control over network switching.
+ OpenVSwitch is a software-based Ethernet switch targeted at virtual
+ servers.
-Package: openflow-pki
+Package: openvswitch-pki
Architecture: all
-Depends: ${shlibs:Depends}, ${misc:Depends}, openflow-common
-Description: OpenFlow public key infrastructure
- openflow-pki provides PKI (public key infrastructure) support for
- OpenFlow switches and controllers, reducing the risk of
- man-in-the-middle attacks on the OpenFlow network infrastructure.
+Depends: ${shlibs:Depends}, ${misc:Depends}, openvswitch-common
+Description: OpenVSwitch public key infrastructure
+ openvswitch-pki provides PKI (public key infrastructure) support for
+ OpenVSwitch switches and controllers, reducing the risk of
+ man-in-the-middle attacks on the Openvswitch network infrastructure.
.
- OpenFlow is a protocol for flow-based control over network switching.
+ OpenVSwitch is a software-based Ethernet switch targeted at virtual
+ servers.
-Package: openflow-pki-server
+Package: openvswitch-pki-server
Architecture: all
-Depends: ${shlibs:Depends}, ${misc:Depends}, ${perl:Depends}, openflow-pki, apache2
-Description: OpenFlow public key infrastructure (HTTP server support)
- openflow-pki-server provides HTTP access to the OpenFlow PKI (public
+Depends: ${shlibs:Depends}, ${misc:Depends}, ${perl:Depends}, openvswitch-pki, apache2
+Description: OpenVSwitch public key infrastructure (HTTP server support)
+ openvswitch-pki-server provides HTTP access to the OpenVSwitch PKI (public
key infrastructure) maintained on the local machine by the
- openflow-pki package. This HTTP access is needed for secure and
- convenient OpenFlow switch setup using the ofp-switch-setup program
- in the openflow-switch package.
+ openvswitch-pki package. This HTTP access is needed for secure and
+ convenient OpenFlow switch setup using the ovs-switch-setup program
+ in the openvswitch-switch package.
.
- OpenFlow is a protocol for flow-based control over network switching.
+ OpenVSwitch is a software-based Ethernet switch targeted at virtual
+ servers.
-Package: openflow-controller
+Package: openvswitch-controller
Architecture: any
-Depends: ${shlibs:Depends}, openflow-common, openflow-pki
-Description: OpenFlow controller implementation
- The OpenFlow controller enables OpenFlow switches that connect to it
+Depends: ${shlibs:Depends}, openvswitch-common, openvswitch-pki
+Description: OpenVSwitch controller implementation
+ The OpenVSwitch controller enables OpenFlow switches that connect to it
to act as MAC-learning Ethernet switches.
.
- OpenFlow is a protocol for flow-based control over network switching.
+ OpenVSwitch is a software-based Ethernet switch targeted at virtual
+ servers.
Package: corekeeper
Architecture: all
The corekeeper package configures the system to dump all core files to
/var/log/core. It also deletes core files older than 7 days.
-Package: openflow-dbg
+Package: openvswitch-dbg
Architecture: any
Depends: ${shlibs:Depends}
-Description: Debug symbols for OpenFlow packages
- This package contains the debug symbols for all the other openflow-*
+Description: Debug symbols for OpenVSwitch packages
+ This package contains the debug symbols for all the other openvswitch-*
packages. Install it to debug one of them or to examine a core dump
produced by one of them.
-Source: openflow
+Source: openvswitch
Section: net
Priority: extra
-Maintainer: OpenFlow Team <openflow-dev@lists.stanford.edu>
+Maintainer: OpenVSwitch developers <ovs-dev@openvswitch.org>
Build-Depends: debhelper (>= 5.0.37)
Standards-Version: 3.7.3
-Package: openflow-datapath-module-_KVERS_
+Package: openvswitch-datapath-module-_KVERS_
Architecture: any
-Recommends: kernel-image-_KVERS_, openflow-switch
-Provides: openflow-datapath-module
-Description: OpenFlow Linux datapath kernel module
- This package contains the OpenFlow loadable datapath kernel modules for
+Recommends: kernel-image-_KVERS_, openvswitch-switch
+Provides: openvswitch-datapath-module
+Description: OpenVSwitch Linux datapath kernel module
+ This package contains the OpenVSwitch loadable datapath kernel modules for
the kernel-image-_KVERS_ package.
.
If you compiled a custom kernel, you will most likely need to compile
- a custom version of this module as well. The openflow-datapath-source
- package has been provided for this purpose. Refer to README.Debian
- provided in that package for further instructions.
+ a custom version of this module as well. The
+ openvswitch-datapath-source package has been provided for this
+ purpose. Refer to README.Debian provided in that package for further
+ instructions.
+++ /dev/null
-#! /usr/bin/perl
-
-use POSIX;
-use Debconf::Client::ConfModule ':all';
-use HTTP::Request;
-use LWP::UserAgent;
-use Digest::SHA1 'sha1_hex';
-use strict;
-use warnings;
-
-# XXX should support configuring SWITCH_NETMASK and SWITCH_GATEWAY
-# when the mode is in-band.
-
-my $debconf_owner = 'openflow-switch';
-
-my $default = '/etc/default/openflow-switch';
-my $template = '/usr/share/openflow/switch/default.template';
-my $etc = '/etc/openflow-switch';
-my $rundir = '/var/run';
-my $privkey_file = "$etc/of0-privkey.pem";
-my $req_file = "$etc/of0-req.pem";
-my $cert_file = "$etc/of0-cert.pem";
-my $cacert_file = "$etc/cacert.pem";
-my $ofp_discover_pidfile = "$rundir/ofp-discover.pid";
-
-my $ua = LWP::UserAgent->new;
-$ua->timeout(10);
-$ua->env_proxy;
-
-system("/etc/init.d/openflow-switch stop 1>&2");
-kill_ofp_discover();
-
-version('2.0');
-capb('backup');
-title('OpenFlow Switch Setup');
-
-my (%netdevs) = find_netdevs();
-db_subst('netdevs', 'choices',
- join(', ', map($netdevs{$_}, sort(keys(%netdevs)))));
-db_set('netdevs', join(', ', grep(!/IP/, values(%netdevs))));
-
-my %oldconfig;
-if (-e $default) {
- %oldconfig = load_config($default);
-
- my (%map) =
- (NETDEVS => sub {
- db_set('netdevs', join(', ', map($netdevs{$_},
- grep(exists $netdevs{$_}, split))))
- },
- MODE => sub {
- db_set('mode',
- $_ eq 'in-band' || $_ eq 'out-of-band' ? $_ : 'discovery')
- },
- SWITCH_IP => sub { db_set('switch-ip', $_) },
- CONTROLLER => sub { db_set('controller-vconn', $_) },
- PRIVKEY => sub { $privkey_file = $_ },
- CERT => sub { $cert_file = $_ },
- CACERT => sub { $cacert_file = $_ },
- );
-
- for my $key (keys(%map)) {
- local $_ = $oldconfig{$key};
- &{$map{$key}}() if defined && !/^\s*$/;
- }
-} elsif (-e $template) {
- %oldconfig = load_config($template);
-}
-
-my $cacert_preverified = -e $cacert_file;
-my ($req, $req_fingerprint);
-
-my %options;
-
-my (@states) =
- (sub {
- # User backed up from first dialog box.
- exit(10);
- },
- sub {
- # Prompt for ports to include in switch.
- db_input('netdevs');
- return;
- },
- sub {
- # Validate the chosen ports.
- my (@netdevs) = split(', ', db_get('netdevs'));
- if (!@netdevs) {
- # No ports chosen. Disable switch.
- db_input('no-netdevs');
- return 'prev' if db_go();
- return 'done';
- } elsif (my (@conf_netdevs) = grep(/IP/, @netdevs)) {
- # Point out that some ports have configured IP addresses.
- db_subst('configured-netdevs', 'configured-netdevs',
- join(', ', @conf_netdevs));
- db_input('configured-netdevs');
- return;
- } else {
- # Otherwise proceed.
- return 'skip';
- }
- },
- sub {
- # Discovery or in-band or out-of-band controller?
- db_input('mode');
- return;
- },
- sub {
- return 'skip' if db_get('mode') ne 'discovery';
- for (;;) {
- # Notify user that we are going to do discovery.
- db_input('discover');
- return 'prev' if db_go();
- print STDERR "Please wait up to 30 seconds for discovery...\n";
-
- # Make sure that there's no running discovery process.
- kill_ofp_discover();
-
- # Do discovery.
- %options = ();
- open(DISCOVER, '-|', 'ofp-discover --timeout=30 --pidfile '
- . join(' ', netdev_names()));
- while (<DISCOVER>) {
- chomp;
- if (my ($name, $value) = /^([^=]+)=(.*)$/) {
- if ($value =~ /^"(.*)"$/) {
- $value = $1;
- $value =~ s/\\([0-7][0-7][0-7])/chr($1)/ge;
- } else {
- $value =~ s/^(0x[[:xdigit:]]+)$/hex($1)/e;
- $value = '' if $value eq 'empty';
- next if $value eq 'null'; # Shouldn't happen.
- }
- $options{$name} = $value;
- }
- last if /^$/;
- }
-
- # Check results.
- my $vconn = $options{'ofp-controller-vconn'};
- my $pki_uri = $options{'ofp-pki-uri'};
- return 'next'
- if (defined($vconn)
- && is_valid_vconn($vconn)
- && (!is_ssl_vconn($vconn) || defined($pki_uri)));
-
- # Try again?
- kill_ofp_discover();
- db_input('discovery-failure');
- db_go();
- }
- },
- sub {
- return 'skip' if db_get('mode') ne 'discovery';
-
- my $vconn = $options{'ofp-controller-vconn'};
- my $pki_uri = $options{'ofp-pki-uri'};
- db_subst('discovery-success', 'controller-vconn', $vconn);
- db_subst('discovery-success',
- 'pki-uri', is_ssl_vconn($vconn) ? $pki_uri : "no PKI in use");
- db_input('discovery-success');
- return 'prev' if db_go();
- db_set('controller-vconn', $vconn);
- db_set('pki-uri', $pki_uri);
- return 'next';
- },
- sub {
- return 'skip' if db_get('mode') ne 'in-band';
- for (;;) {
- db_input('switch-ip');
- return 'prev' if db_go();
-
- my $ip = db_get('switch-ip');
- return 'next' if $ip =~ /^dhcp|\d+\.\d+.\d+.\d+$/i;
-
- db_input('switch-ip-error');
- db_go();
- }
- },
- sub {
- return 'skip' if db_get('mode') eq 'discovery';
- for (;;) {
- my $old_vconn = db_get('controller-vconn');
- db_input('controller-vconn');
- return 'prev' if db_go();
-
- my $vconn = db_get('controller-vconn');
- if (is_valid_vconn($vconn)) {
- if ($old_vconn ne $vconn || db_get('pki-uri') eq '') {
- db_set('pki-uri', pki_host_to_uri($2));
- }
- return 'next';
- }
-
- db_input('controller-vconn-error');
- db_go();
- }
- },
- sub {
- return 'skip' if !ssl_enabled();
-
- if (! -e $privkey_file) {
- my $old_umask = umask(077);
- run_cmd("ofp-pki req $etc/of0 >&2 2>/dev/null");
- chmod(0644, $req_file) or die "$req_file: chmod: $!\n";
- umask($old_umask);
- }
-
- if (! -e $cert_file) {
- open(REQ, '<', $req_file) or die "$req_file: open: $!\n";
- $req = join('', <REQ>);
- close(REQ);
- $req_fingerprint = sha1_hex($req);
- }
- return 'skip';
- },
- sub {
- return 'skip' if !ssl_enabled();
- return 'skip' if -e $cacert_file && -e $cert_file;
-
- db_input('pki-uri');
- return 'prev' if db_go();
- return;
- },
- sub {
- return 'skip' if !ssl_enabled();
- return 'skip' if -e $cacert_file;
-
- my $pki_uri = db_get('pki-uri');
- if ($pki_uri !~ /:/) {
- $pki_uri = pki_host_to_uri($pki_uri);
- } else {
- # Trim trailing slashes.
- $pki_uri =~ s%/+$%%;
- }
- db_set('pki-uri', $pki_uri);
-
- my $url = "$pki_uri/controllerca/cacert.pem";
- my $response = $ua->get($url, ':content_file' => $cacert_file);
- if ($response->is_success) {
- return 'next';
- }
-
- db_subst('fetch-cacert-failed', 'url', $url);
- db_subst('fetch-cacert-failed', 'error', $response->status_line);
- db_subst('fetch-cacert-failed', 'pki-uri', $pki_uri);
- db_input('fetch-cacert-failed');
- db_go();
- return 'prev';
- },
- sub {
- return 'skip' if !ssl_enabled();
- return 'skip' if -e $cert_file;
-
- for (;;) {
- db_set('send-cert-req', 'yes');
- db_input('send-cert-req');
- return 'prev' if db_go();
- return 'next' if db_get('send-cert-req') eq 'no';
-
- my $pki_uri = db_get('pki-uri');
- my ($pki_base_uri) = $pki_uri =~ m%^([^/]+://[^/]+)/%;
- my $url = "$pki_base_uri/cgi-bin/ofp-pki-cgi";
- my $response = $ua->post($url, {'type' => 'switch',
- 'req' => $req});
- return 'next' if $response->is_success;
-
- db_subst('send-cert-req-failed', 'url', $url);
- db_subst('send-cert-req-failed', 'error',
- $response->status_line);
- db_subst('send-cert-req-failed', 'pki-uri', $pki_uri);
- db_input('send-cert-req-failed');
- db_go();
- }
- },
- sub {
- return 'skip' if !ssl_enabled();
- return 'skip' if $cacert_preverified;
-
- my ($cacert_fingerprint) = x509_fingerprint($cacert_file);
- db_subst('verify-controller-ca', 'fingerprint', $cacert_fingerprint);
- db_input('verify-controller-ca');
- return 'prev' if db_go();
- return 'next' if db_get('verify-controller-ca') eq 'yes';
- unlink($cacert_file);
- return 'prev';
- },
- sub {
- return 'skip' if !ssl_enabled();
- return 'skip' if -e $cert_file;
-
- for (;;) {
- db_set('fetch-switch-cert', 'yes');
- db_input('fetch-switch-cert');
- return 'prev' if db_go();
- exit(1) if db_get('fetch-switch-cert') eq 'no';
-
- my $pki_uri = db_get('pki-uri');
- my $url = "$pki_uri/switchca/certs/$req_fingerprint-cert.pem";
- my $response = $ua->get($url, ':content_file' => $cert_file);
- if ($response->is_success) {
- return 'next';
- }
-
- db_subst('fetch-switch-cert-failed', 'url', $url);
- db_subst('fetch-switch-cert-failed', 'error',
- $response->status_line);
- db_subst('fetch-switch-cert-failed', 'pki-uri', $pki_uri);
- db_input('fetch-switch-cert-failed');
- db_go();
- }
- },
- sub {
- db_input('complete');
- db_go();
- return;
- },
- sub {
- return 'done';
- },
-);
-
-my $state = 1;
-my $direction = 1;
-for (;;) {
- my $ret = &{$states[$state]}();
- $ret = db_go() ? 'prev' : 'next' if !defined $ret;
- if ($ret eq 'next') {
- $direction = 1;
- } elsif ($ret eq 'prev') {
- $direction = -1;
- } elsif ($ret eq 'skip') {
- # Nothing to do.
- } elsif ($ret eq 'done') {
- last;
- } else {
- die "unknown ret $ret";
- }
- $state += $direction;
-}
-
-my %config = %oldconfig;
-$config{NETDEVS} = join(' ', netdev_names());
-$config{MODE} = db_get('mode');
-if (db_get('mode') eq 'in-band') {
- $config{SWITCH_IP} = db_get('switch-ip');
-}
-if (db_get('mode') ne 'discovery') {
- $config{CONTROLLER} = db_get('controller-vconn');
-}
-$config{PRIVKEY} = $privkey_file;
-$config{CERT} = $cert_file;
-$config{CACERT} = $cacert_file;
-save_config($default, %config);
-
-dup2(2, 1); # Get stdout back.
-kill_ofp_discover();
-system("/etc/init.d/openflow-switch start");
-
-sub ssl_enabled {
- return is_ssl_vconn(db_get('controller-vconn'));
-}
-
-sub db_subst {
- my ($question, $key, $value) = @_;
- $question = "$debconf_owner/$question";
- my ($ret, $seen) = subst($question, $key, $value);
- if ($ret && $ret != 30) {
- die "Error substituting $value for $key in debconf question "
- . "$question: $seen";
- }
-}
-
-sub db_set {
- my ($question, $value) = @_;
- $question = "$debconf_owner/$question";
- my ($ret, $seen) = set($question, $value);
- if ($ret && $ret != 30) {
- die "Error setting debconf question $question to $value: $seen";
- }
-}
-
-sub db_get {
- my ($question) = @_;
- $question = "$debconf_owner/$question";
- my ($ret, $seen) = get($question);
- if ($ret) {
- die "Error getting debconf question $question answer: $seen";
- }
- return $seen;
-}
-
-sub db_fset {
- my ($question, $flag, $value) = @_;
- $question = "$debconf_owner/$question";
- my ($ret, $seen) = fset($question, $flag, $value);
- if ($ret && $ret != 30) {
- die "Error setting debconf question $question flag $flag to $value: "
- . "$seen";
- }
-}
-
-sub db_fget {
- my ($question, $flag) = @_;
- $question = "$debconf_owner/$question";
- my ($ret, $seen) = fget($question, $flag);
- if ($ret) {
- die "Error getting debconf question $question flag $flag: $seen";
- }
- return $seen;
-}
-
-sub db_input {
- my ($question) = @_;
- db_fset($question, "seen", "false");
-
- $question = "$debconf_owner/$question";
- my ($ret, $seen) = input('high', $question);
- if ($ret && $ret != 30) {
- die "Error requesting debconf question $question: $seen";
- }
- return $ret;
-}
-
-sub db_go {
- my ($ret, $seen) = go();
- if (!defined($ret)) {
- exit(1); # Cancel button was pushed.
- }
- if ($ret && $ret != 30) {
- die "Error asking debconf questions: $seen";
- }
- return $ret;
-}
-
-sub run_cmd {
- my ($cmd) = @_;
- return if system($cmd) == 0;
-
- if ($? == -1) {
- die "$cmd: failed to execute: $!\n";
- } elsif ($? & 127) {
- die sprintf("$cmd: child died with signal %d, %s coredump\n",
- ($? & 127), ($? & 128) ? 'with' : 'without');
- } else {
- die sprintf("$cmd: child exited with value %d\n", $? >> 8);
- }
-}
-
-sub x509_fingerprint {
- my ($file) = @_;
- my $cmd = "openssl x509 -noout -in $file -fingerprint";
- open(OPENSSL, '-|', $cmd) or die "$cmd: failed to execute: $!\n";
- my $line = <OPENSSL>;
- close(OPENSSL);
- my ($fingerprint) = $line =~ /SHA1 Fingerprint=(.*)/;
- return $line if !defined $fingerprint;
- $fingerprint =~ s/://g;
- return $fingerprint;
-}
-
-sub find_netdevs {
- my ($netdev, %netdevs);
- open(IFCONFIG, "/sbin/ifconfig -a|") or die "ifconfig failed: $!";
- while (<IFCONFIG>) {
- if (my ($nd) = /^([^\s]+)/) {
- $netdev = $nd;
- $netdevs{$netdev} = "$netdev";
- if (my ($hwaddr) = /HWaddr (\S+)/) {
- $netdevs{$netdev} .= " (MAC: $hwaddr)";
- }
- } elsif (my ($ip4) = /^\s*inet addr:(\S+)/) {
- $netdevs{$netdev} .= " (IP: $ip4)";
- } elsif (my ($ip6) = /^\s*inet6 addr:(\S+)/) {
- $netdevs{$netdev} .= " (IPv6: $ip6)";
- }
- }
- foreach my $nd (keys(%netdevs)) {
- delete $netdevs{$nd} if $nd eq 'lo' || $nd =~ /^wmaster/;
- }
- close(IFCONFIG);
- return %netdevs;
-}
-
-sub load_config {
- my ($file) = @_;
-
- # Get the list of the variables that the shell sets automatically.
- my (%auto_vars) = read_vars("set -a && env");
-
- # Get the variables from $default.
- my (%config) = read_vars("set -a && . '$default' && env");
-
- # Subtract.
- delete @config{keys %auto_vars};
-
- return %config;
-}
-
-sub read_vars {
- my ($cmd) = @_;
- local @ENV;
- if (!open(VARS, '-|', $cmd)) {
- print STDERR "$cmd: failed to execute: $!\n";
- return ();
- }
- my (%config);
- while (<VARS>) {
- my ($var, $value) = /^([^=]+)=(.*)$/ or next;
- $config{$var} = $value;
- }
- close(VARS);
- return %config;
-}
-
-sub shell_escape {
- local $_ = $_[0];
- if ($_ eq '') {
- return '""';
- } elsif (m&^[-a-zA-Z0-9:./%^_+,]*$&) {
- return $_;
- } else {
- s/'/'\\''/;
- return "'$_'";
- }
-}
-
-sub shell_assign {
- my ($var, $value) = @_;
- return $var . '=' . shell_escape($value);
-}
-
-sub save_config {
- my ($file, %config) = @_;
- my (@lines);
- if (open(FILE, '<', $file)) {
- @lines = <FILE>;
- chomp @lines;
- close(FILE);
- }
-
- # Replace all existing variable assignments.
- for (my ($i) = 0; $i <= $#lines; $i++) {
- local $_ = $lines[$i];
- my ($var, $value) = /^\s*([^=#]+)=(.*)$/ or next;
- if (exists($config{$var})) {
- $lines[$i] = shell_assign($var, $config{$var});
- delete $config{$var};
- } else {
- $lines[$i] = "#$lines[$i]";
- }
- }
-
- # Find a place to put any remaining variable assignments.
- VAR:
- for my $var (keys(%config)) {
- my $assign = shell_assign($var, $config{$var});
-
- # Replace the last commented-out variable assignment to $var, if any.
- for (my ($i) = $#lines; $i >= 0; $i--) {
- local $_ = $lines[$i];
- if (/^\s*#\s*$var=/) {
- $lines[$i] = $assign;
- next VAR;
- }
- }
-
- # Find a place to add the var: after the final commented line
- # just after a line that contains "$var:".
- for (my ($i) = 0; $i <= $#lines; $i++) {
- if ($lines[$i] =~ /^\s*#\s*$var:/) {
- for (my ($j) = $i + 1; $j <= $#lines; $j++) {
- if ($lines[$j] !~ /^\s*#/) {
- splice(@lines, $j, 0, $assign);
- next VAR;
- }
- }
- }
- }
-
- # Just append it.
- push(@lines, $assign);
- }
-
- open(NEWFILE, '>', "$file.tmp") or die "$file.tmp: create: $!\n";
- print NEWFILE join('', map("$_\n", @lines));
- close(NEWFILE);
- rename("$file.tmp", $file) or die "$file.tmp: rename to $file: $!\n";
-}
-
-sub pki_host_to_uri {
- my ($pki_host) = @_;
- return "http://$pki_host/openflow/pki";
-}
-
-sub kill_ofp_discover {
- # Delegate this to a subprocess because there is no portable way
- # to invoke fcntl(F_GETLK) from Perl.
- system("ofp-kill --force $ofp_discover_pidfile");
-}
-
-sub netdev_names {
- return map(/^(\S+)/, split(', ', db_get('netdevs')));
-}
-
-sub is_valid_vconn {
- my ($vconn) = @_;
- return scalar($vconn =~ /^(tcp|ssl):([^:]+)(:.*)?/);
-}
-
-sub is_ssl_vconn {
- my ($vconn) = @_;
- return scalar($vconn =~ /^ssl:/);
-}
+++ /dev/null
-.TH ofp-switch-setup 8 "June 2008" "OpenFlow" "OpenFlow Manual"
-
-.SH NAME
-ofp\-switch\-setup \- interactive setup for OpenFlow switch
-
-.SH SYNOPSIS
-.B ofp\-switch\-setup
-
-.SH DESCRIPTION
-The \fBofp\-switch\-setup\fR program is an interactive program that
-assists the system administrator in configuring an OpenFlow switch,
-including the underlying public key infrastructure (PKI).
-
-.SH OPTIONS
-ofp\-switch\-setup does not accept any command-line options.
-
-.SH FILES
-.IP /etc/default/openflow-switch
-Main configuration file for OpenFlow switch.
-
-.IP /etc/openflow-switch/cacert.pem
-Default location of CA certificate for OpenFlow controllers.
-
-.IP /etc/openflow-switch/of0-cert.pem
-Default location of certificate for the OpenFlow switch's private key.
-
-.IP /etc/openflow-switch/of0-privkey.pem
-Default location of the OpenFlow switch's private key. This file
-should be readable only by \fBroot\fR.
-
-.IP /etc/openflow-switch/of0-req.pem
-Default location of certificate request for the OpenFlow switch's
-certificate. This file is not used after the signed certificate
-(typically \fB/etc/openflow-switch/of0-cert.pem\fR, above) has been
-obtained from the OpenFlow PKI server.
-
-.SH "SEE ALSO"
-
-.BR ofp-pki (8),
-.BR dpctl (8),
-.BR secchan (8)
+++ /dev/null
-var/log/openflow
+++ /dev/null
-_debian/utilities/ofp-parse-leaks usr/bin
-_debian/utilities/ofp-pki usr/sbin
-_debian/utilities/vlogconf usr/sbin
+++ /dev/null
-_debian/utilities/vlogconf.8
-_debian/utilities/ofp-pki.8
+++ /dev/null
-README.Debian for openflow-controller
--------------------------------------
-
-* To (re)configure the controller, edit /etc/default/openflow-controller
- and run "/etc/init.d/openflow-controller restart".
-
-* To enable OpenFlow switches to automatically discover the location
- of the controller, you must install and configure a DHCP server.
- The secchan(8) manpage (found in the openflow-switch package) gives
- a working example configuration file for the ISC DHCP server.
+++ /dev/null
-# This is a POSIX shell fragment -*- sh -*-
-
-# LISTEN: What OpenFlow connection methods should the controller listen on?
-#
-# This is a space-delimited list of connection methods:
-#
-# * "pssl:[PORT]": Listen for SSL connections on the specified PORT
-# (default: 6633). The private key, certificate, and CA certificate
-# must be specified below.
-#
-# * "pctp:[PORT]": Listen for TCP connections on the specified PORT
-# (default: 6633). Not recommended for security reasons.
-#
-LISTEN="pssl:"
-
-# PRIVKEY: Name of file containing controller's private key.
-# Required if SSL enabled.
-PRIVKEY=/etc/openflow-controller/privkey.pem
-
-# CERT: Name of file containing certificate for private key.
-# Required if SSL enabled.
-CERT=/etc/openflow-controller/cert.pem
-
-# CACERT: Name of file containing switch CA certificate.
-# Required if SSL enabled.
-CACERT=/etc/openflow-controller/cacert.pem
-
-# Additional options to pass to controller, e.g. "--hub"
-DAEMON_OPTS=""
+++ /dev/null
-etc/openflow-controller
+++ /dev/null
-#!/bin/sh
-#
-# Copyright (c) 2007 Javier Fernandez-Sanguino <jfs@debian.org>
-#
-# This is free software; you may redistribute it and/or modify
-# it under the terms of the GNU General Public License as
-# published by the Free Software Foundation; either version 2,
-# or (at your option) any later version.
-#
-# This is distributed in the hope that it will be useful, but
-# WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License with
-# the Debian operating system, in /usr/share/common-licenses/GPL; if
-# not, write to the Free Software Foundation, Inc., 59 Temple Place,
-# Suite 330, Boston, MA 02111-1307 USA
-#
-### BEGIN INIT INFO
-# Provides: openflow-controller
-# Required-Start: $network $local_fs
-# Required-Stop:
-# Should-Start: $named
-# Should-Stop:
-# Default-Start: 2 3 4 5
-# Default-Stop: 0 1 6
-# Short-Description: OpenFlow controller
-### END INIT INFO
-
-PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
-
-DAEMON=/usr/sbin/controller # Introduce the server's location here
-NAME=controller # Introduce the short server's name here
-DESC=controller # Introduce a short description here
-LOGDIR=/var/log/openflow # Log directory to use
-
-PIDFILE=/var/run/$NAME.pid
-
-test -x $DAEMON || exit 0
-
-. /lib/lsb/init-functions
-
-# Default options, these can be overriden by the information
-# at /etc/default/$NAME
-DAEMON_OPTS="" # Additional options given to the server
-
-DODTIME=10 # Time to wait for the server to die, in seconds
- # If this value is set too low you might not
- # let some servers to die gracefully and
- # 'restart' will not work
-
-LOGFILE=$LOGDIR/$NAME.log # Server logfile
-#DAEMONUSER= # User to run the daemons as. If this value
- # is set start-stop-daemon will chuid the server
-
-# Include defaults if available
-default=/etc/default/openflow-controller
-if [ -f $default ] ; then
- . $default
-fi
-
-# Check that the user exists (if we set a user)
-# Does the user exist?
-if [ -n "$DAEMONUSER" ] ; then
- if getent passwd | grep -q "^$DAEMONUSER:"; then
- # Obtain the uid and gid
- DAEMONUID=`getent passwd |grep "^$DAEMONUSER:" | awk -F : '{print $3}'`
- DAEMONGID=`getent passwd |grep "^$DAEMONUSER:" | awk -F : '{print $4}'`
- else
- log_failure_msg "The user $DAEMONUSER, required to run $NAME does not exist."
- exit 1
- fi
-fi
-
-
-set -e
-
-running_pid() {
-# Check if a given process pid's cmdline matches a given name
- pid=$1
- name=$2
- [ -z "$pid" ] && return 1
- [ ! -d /proc/$pid ] && return 1
- cmd=`cat /proc/$pid/cmdline | tr "\000" "\n"|head -n 1 |cut -d : -f 1`
- # Is this the expected server
- [ "$cmd" != "$name" ] && return 1
- return 0
-}
-
-running() {
-# Check if the process is running looking at /proc
-# (works for all users)
-
- # No pidfile, probably no daemon present
- [ ! -f "$PIDFILE" ] && return 1
- pid=`cat $PIDFILE`
- running_pid $pid $DAEMON || return 1
- return 0
-}
-
-start_server() {
- if [ -z "$LISTEN" ]; then
- echo "$default: No connection methods configured, controller disabled" >&2
- exit 0
- fi
-
- SSL_OPTS=
- case $LISTEN in
- *ssl*)
- : ${PRIVKEY:=/etc/openflow-controller/privkey.pem}
- : ${CERT:=/etc/openflow-controller/cert.pem}
- : ${CACERT:=/etc/openflow-controller/cacert.pem}
- if test ! -e "$PRIVKEY" || test ! -e "$CERT" ||
- test ! -e "$CACERT"; then
- if test ! -e "$PRIVKEY"; then
- echo "$PRIVKEY: private key missing" >&2
- fi
- if test ! -e "$CERT"; then
- echo "$CERT: certificate for private key missing" >&2
- fi
- if test ! -e "$CACERT"; then
- echo "$CACERT: CA certificate missing" >&2
- fi
- exit 1
- fi
- SSL_OPTS="--private-key=$PRIVKEY --certificate=$CERT --ca-cert=$CACERT"
- ;;
- esac
-
-# Start the process using the wrapper
- if [ -z "$DAEMONUSER" ] ; then
- start-stop-daemon --start --pidfile $PIDFILE \
- --exec $DAEMON -- --detach --pidfile=$PIDFILE \
- $LISTEN $DAEMON_OPTS $SSL_OPTS
- errcode=$?
- else
-# if we are using a daemonuser then change the user id
- start-stop-daemon --start --quiet --pidfile $PIDFILE \
- --chuid $DAEMONUSER --exec $DAEMON -- \
- --detach --pidfile=$PIDFILE $LISTEN $DAEMON_OPTS \
- $SSL_OPTS
- errcode=$?
- fi
- return $errcode
-}
-
-stop_server() {
-# Stop the process using the wrapper
- if [ -z "$DAEMONUSER" ] ; then
- start-stop-daemon --stop --quiet --pidfile $PIDFILE \
- --exec $DAEMON
- errcode=$?
- else
-# if we are using a daemonuser then look for process that match
- start-stop-daemon --stop --quiet --pidfile $PIDFILE \
- --user $DAEMONUSER --exec $DAEMON
- errcode=$?
- fi
-
- return $errcode
-}
-
-reload_server() {
- [ ! -f "$PIDFILE" ] && return 1
- pid=`cat $PIDFILE` # This is the daemon's pid
- # Send a SIGHUP
- kill -1 $pid
- return $?
-}
-
-force_stop() {
-# Force the process to die killing it manually
- [ ! -e "$PIDFILE" ] && return
- if running ; then
- kill -15 $pid
- # Is it really dead?
- sleep "$DIETIME"s
- if running ; then
- kill -9 $pid
- sleep "$DIETIME"s
- if running ; then
- echo "Cannot kill $NAME (pid=$pid)!"
- exit 1
- fi
- fi
- fi
- rm -f $PIDFILE
-}
-
-
-case "$1" in
- start)
- log_daemon_msg "Starting $DESC " "$NAME"
- # Check if it's running first
- if running ; then
- log_progress_msg "apparently already running"
- log_end_msg 0
- exit 0
- fi
- if start_server && running ; then
- # It's ok, the server started and is running
- log_end_msg 0
- else
- # Either we could not start it or it is not running
- # after we did
- # NOTE: Some servers might die some time after they start,
- # this code does not try to detect this and might give
- # a false positive (use 'status' for that)
- log_end_msg 1
- fi
- ;;
- stop)
- log_daemon_msg "Stopping $DESC" "$NAME"
- if running ; then
- # Only stop the server if we see it running
- stop_server
- log_end_msg $?
- else
- # If it's not running don't do anything
- log_progress_msg "apparently not running"
- log_end_msg 0
- exit 0
- fi
- ;;
- force-stop)
- # First try to stop gracefully the program
- $0 stop
- if running; then
- # If it's still running try to kill it more forcefully
- log_daemon_msg "Stopping (force) $DESC" "$NAME"
- force_stop
- log_end_msg $?
- fi
- ;;
- restart|force-reload)
- log_daemon_msg "Restarting $DESC" "$NAME"
- stop_server
- # Wait some sensible amount, some server need this
- [ -n "$DIETIME" ] && sleep $DIETIME
- start_server
- running
- log_end_msg $?
- ;;
- status)
-
- log_daemon_msg "Checking status of $DESC" "$NAME"
- if running ; then
- log_progress_msg "running"
- log_end_msg 0
- else
- log_progress_msg "apparently not running"
- log_end_msg 1
- exit 1
- fi
- ;;
- # Use this if the daemon cannot reload
- reload)
- log_warning_msg "Reloading $NAME daemon: not implemented, as the daemon"
- log_warning_msg "cannot re-read the config file (use restart)."
- ;;
- *)
- N=/etc/init.d/$NAME
- echo "Usage: $N {start|stop|force-stop|restart|force-reload|status}" >&2
- exit 1
- ;;
-esac
-
-exit 0
+++ /dev/null
-_debian/controller/controller usr/sbin
+++ /dev/null
-_debian/controller/controller.8
+++ /dev/null
-#!/bin/sh
-# postinst script for openflow-controller
-#
-# see: dh_installdeb(1)
-
-set -e
-
-# summary of how this script can be called:
-# * <postinst> `configure' <most-recently-configured-version>
-# * <old-postinst> `abort-upgrade' <new version>
-# * <conflictor's-postinst> `abort-remove' `in-favour' <package>
-# <new-version>
-# * <postinst> `abort-remove'
-# * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
-# <failed-install-package> <version> `removing'
-# <conflicting-package> <version>
-# for details, see http://www.debian.org/doc/debian-policy/ or
-# the debian-policy package
-
-
-case "$1" in
- configure)
- cd /etc/openflow-controller
- if ! test -e cacert.pem; then
- ln -s /usr/share/openflow/pki/switchca/cacert.pem cacert.pem
- fi
- if ! test -e privkey.pem || ! test -e cert.pem; then
- oldumask=$(umask)
- umask 077
- ofp-pki req+sign tmp controller >/dev/null
- mv tmp-privkey.pem privkey.pem
- mv tmp-cert.pem cert.pem
- mv tmp-req.pem req.pem
- chmod go+r cert.pem req.pem
- umask $oldumask
- fi
- ;;
-
- abort-upgrade|abort-remove|abort-deconfigure)
- ;;
-
- *)
- echo "postinst called with unknown argument \`$1'" >&2
- exit 1
- ;;
-esac
-
-#DEBHELPER#
-
-exit 0
-
-
+++ /dev/null
-#!/bin/sh
-# postinst script for #PACKAGE#
-#
-# see: dh_installdeb(1)
-
-set -e
-
-depmod -a
-
-#DEBHELPER#
-
-# If the switch is running, restart it. This ensures that we are using the
-# latest kernel module, because the init script will unload and reload the
-# module.
-#
-# (Ideally we'd only want to do this if this package corresponds to the
-# running kernel, but I don't know a reliable way to check.)
-INIT=/etc/init.d/openflow-switch
-if test -x $INIT && $INIT status; then
- $INIT restart || true
-fi
-
-exit 0
-
-
+++ /dev/null
-OpenFlow for Debian
--------------------
-
-* How do I build this module the Debian way?
-
- - Building with module-assistant:
-
- $ module-assistant auto-install openflow
- or
- $ m-a a-i openflow
-
- If kernel source or headers are in a non-standard directory, add
- the option -k /path/to/kernel/source with the correct path.
-
- - Building with make-kpkg
-
- $ cd /usr/src/
- $ tar jxvf openflow.tar.bz2
- $ cd /usr/src/kernel-source-2.6.9
- $ make-kpkg --added-modules=openflow modules
-
- - Building without make-kpkg
-
- $ cd /usr/src/
- $ tar jxvf openflow.tar.bz2
- $ cd modules/openflow
- $ fakeroot debian/rules kdist_image
-
- If you run this as root, fakeroot is not needed.
-
- -- OpenFlow Team <openflow-dev@lists.stanford.edu>, Thu, 12 Jun 2008 16:42:38 -0700
+++ /dev/null
-Upstream Authors:
-
- The Board of Trustees of The Leland Stanford Junior University
-
-Copyright:
-
- Copyright (C) 2008 The Board of Trustees of The Leland Stanford
- Junior University
-
-License:
-
- Files in the datapath/ and its sub-directories are covered under the GNU
- General Public License Version 2.
-
- On Debian systems, the complete text of the GNU General
- Public License can be found in `/usr/share/common-licenses/GPL'.
+++ /dev/null
-usr/src/modules/openflow-datapath/debian
+++ /dev/null
-debian/changelog usr/src/modules/openflow-datapath/debian
-debian/control usr/src/modules/openflow-datapath/debian
-debian/compat usr/src/modules/openflow-datapath/debian
-debian/*.modules.in usr/src/modules/openflow-datapath/debian
-debian/rules usr/src/modules/openflow-datapath/debian
-_debian/openflow.tar.gz usr/src/modules/openflow-datapath
+++ /dev/null
-Alias /openflow/pki/ /usr/share/openflow/pki/
+++ /dev/null
-etc/apache2/sites-available
+++ /dev/null
-_debian/utilities/ofp-pki-cgi usr/lib/cgi-bin
+++ /dev/null
-#!/bin/sh
-# postinst script for openflow
-#
-# see: dh_installdeb(1)
-
-set -e
-
-# summary of how this script can be called:
-# * <postinst> `configure' <most-recently-configured-version>
-# * <old-postinst> `abort-upgrade' <new version>
-# * <conflictor's-postinst> `abort-remove' `in-favour' <package>
-# <new-version>
-# * <postinst> `abort-remove'
-# * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
-# <failed-install-package> <version> `removing'
-# <conflicting-package> <version>
-# for details, see http://www.debian.org/doc/debian-policy/ or
-# the debian-policy package
-
-case "$1" in
- configure)
- # Enable site under Apache.
- a2ensite openflow-pki >/dev/null
- if command -v invoke-rc.d >/dev/null 2>&1; then
- invoke-rc.d apache2 force-reload || :
- else
- [ -x /etc/init.d/apache2 ] && /etc/init.d/apache2 force-reload || :
- fi
- ;;
-
- abort-upgrade|abort-remove|abort-deconfigure)
- ;;
-
- *)
- echo "postinst called with unknown argument \`$1'" >&2
- exit 1
- ;;
-esac
-
-#DEBHELPER#
-
-exit 0
-
-
+++ /dev/null
-#!/bin/sh
-# postinst script for openflow
-#
-# see: dh_installdeb(1)
-
-set -e
-
-# summary of how this script can be called:
-# * <postinst> `configure' <most-recently-configured-version>
-# * <old-postinst> `abort-upgrade' <new version>
-# * <conflictor's-postinst> `abort-remove' `in-favour' <package>
-# <new-version>
-# * <postinst> `abort-remove'
-# * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
-# <failed-install-package> <version> `removing'
-# <conflicting-package> <version>
-# for details, see http://www.debian.org/doc/debian-policy/ or
-# the debian-policy package
-
-case "$1" in
- configure)
- # Create certificate authorities.
- if test ! -d /usr/share/openflow/pki; then
- ofp-pki init
- fi
- ;;
-
- abort-upgrade|abort-remove|abort-deconfigure)
- ;;
-
- *)
- echo "postinst called with unknown argument \`$1'" >&2
- exit 1
- ;;
-esac
-
-#DEBHELPER#
-
-exit 0
-
-
+++ /dev/null
-/usr/share/lintian/overrides
+++ /dev/null
-debian/ofp-switch-setup usr/sbin
+++ /dev/null
-debian/ofp-switch-setup.8
+++ /dev/null
-debconf-is-not-a-registry
+++ /dev/null
-Template: openflow-switch/netdevs
-Type: multiselect
-_Choices: ${choices}
-_Description: OpenFlow switch network devices:
- Choose the network devices that should become part of the OpenFlow
- switch. At least two devices must be selected for this machine to be
- a useful switch. Unselecting all network devices will disable the
- OpenFlow switch entirely.
- .
- The network devices that you select should not be configured with IP
- or IPv6 addresses, even if the switch contacts the controller over
- one of the selected network devices. This is because a running
- OpenFlow switch takes over network devices at a low level: they
- become part of the switch and cannot be used for other purposes.
-
-Template: openflow-switch/no-netdevs
-Type: error
-_Description: No network devices were selected.
- No network devices were selected for inclusion in the OpenFlow switch.
- The switch will be disabled.
-
-Template: openflow-switch/configured-netdevs
-Type: note
-_Description: Some Network Devices Have IP or IPv6 Addresses
- The following network devices selected to be part of the OpenFlow switch
- have IP or IPv6 addresses configured:
- .
- ${configured-netdevs}
- .
- This is usually a mistake, even if the switch contacts the controller over
- one of the selected network devices. This is because a running
- OpenFlow switch takes over network devices at a low level: they
- become part of the switch and cannot be used for other purposes.
- .
- If this is an unintentional mistake, move back and fix the selection,
- or de-configure the IP or IPv6 from these network devices.
-
-Template: openflow-switch/mode
-Type: select
-_Choices: discovery, in-band, out-of-band
-Default: discovery
-_Description: Switch-to-controller access method:
- The OpenFlow switch must be able to contact the OpenFlow controller over
- the network. It can do so in one of three ways:
- .
- discovery: A single network is used for OpenFlow traffic and other
- data traffic; that is, the switch contacts the controller over one of
- the network devices selected as OpenFlow switch network devices in
- the previous question. The switch automatically determines the
- location of the controller using a DHCP request with an
- OpenFlow-specific vendor option. This is the most common case.
- .
- in-band: As above, but the location of the controller is manually
- configured.
- .
- out-of-band: OpenFlow traffic uses a network separate from the data traffic
- that it controls. If this is the case, the control network must already
- be configured on a network device other than one of those selected as
- an OpenFlow switch netdev in the previous question.
-
-Template: openflow-switch/discover
-Type: note
-_Description: Preparing to discover controller.
- The setup program will now attempt to discover the OpenFlow controller.
- Controller discovery may take up to 30 seconds. Please be patient.
- .
- See secchan(8) for instructions on how to configure a DHCP server for
- controller discovery.
-
-Template: openflow-switch/discovery-failure
-Type: error
-_Description: Controller discovery failed.
- The controller's location could not be determined automatically.
- .
- Ensure that the OpenFlow DHCP server is properly configured. See
- secchan(8) for instructions on how to configure a DHCP server for
- controller discovery.
-
-Template: openflow-switch/discovery-success
-Type: boolean
-Default: true
-_Description: Use discovered settings?
- Controller discovery obtained the following settings:
- .
- Controller location: ${controller-vconn}
- .
- PKI URL: ${pki-uri}
- .
- Please verify that these settings are correct.
-
-Template: openflow-switch/switch-ip
-Type: string
-Default: dhcp
-_Description: Switch IP address:
- For in-band communication with the controller, the OpenFlow switch must
- be able to determine its own IP address. Its IP address may be configured
- statically or dynamically.
- .
- For static configuration, specify the switch's IP address as a string.
- .
- For dynamic configuration with DHCP (the most common case), specify "dhcp".
- Configuration with DHCP will only work reliably if the network topology
- allows the switch to contact the DHCP server before it connects to the
- OpenFlow controller.
-
-Template: openflow-switch/switch-ip-error
-Type: error
-_Description: The switch IP address is invalid.
- The switch IP address must specified as "dhcp" or a valid IP address in
- dotted-octet form (e.g. "1.2.3.4").
-
-Template: openflow-switch/controller-vconn
-Type: string
-_Description: Controller location:
- Specify how the OpenFlow switch should connect to the OpenFlow controller.
- The value should be in form "ssl:HOST[:PORT]" to connect to the controller
- over SSL (recommended for security) or "tcp:HOST[:PORT]" to connect over
- cleartext TCP.
-
-Template: openflow-switch/controller-vconn-error
-Type: error
-_Description: The controller location is invalid.
- The controller location must be specifed as "ssl:HOST[:PORT]" to
- connect to the controller over SSL (recommended for security) or
- "tcp:HOST[:PORT]" to connect over cleartext TCP.
-
-Template: openflow-switch/pki-uri
-Type: string
-_Description: OpenFlow PKI server host name or URL:
- Specify a URL to the OpenFlow public key infrastructure (PKI). If a
- host name or IP address is specified in place of a URL, then
- http://<host>/openflow/pki/ will be used,
- where <host> is the specified host name or IP address.
- .
- The OpenFlow PKI is usually on the same machine as the OpenFlow
- controller.
- .
- The setup process will connect to the OpenFlow PKI server over
- HTTP, using the system's configured default HTTP proxy (if any).
-
-Template: openflow-switch/fetch-cacert-failed
-Type: error
-_Description: The switch CA certificate could not be retrieved.
- Retrieval of ${url} failed, with the following status: "${error}".
- .
- Ensure that the OpenFlow PKI server is correctly configured and
- available at ${pki-uri}. If the system is configured to use an HTTP
- proxy, also make sure that the HTTP proxy is available and that the
- PKI server can be reached through it.
-
-Template: openflow-switch/verify-controller-ca
-Type: select
-_Choices: yes, no
-Default: yes
-_Description: Is ${fingerprint} the controller CA's fingerprint?
- If a man-in-the-middle attack is possible in your network
- environment, check that the controller CA's fingerprint is really
- ${fingerprint}. Answer "yes" if it matches, "no" if
- there is a discrepancy.
- .
- If a man-in-the-middle attack is not a concern, there is no need to
- verify the fingerprint. Simply answer "yes".
-
-Template: openflow-switch/send-cert-req
-Type: select
-_Choices: yes, no
-Default: yes
-_Description: Send certificate request to switch CA?
- Before it can connect to the controller over SSL, the OpenFlow
- switch's key must be signed by the switch certificate authority (CA)
- located on the OpenFlow PKI server, which is usually collocated with
- the OpenFlow controller. A signing request can be sent to the PKI
- server now.
- .
- Answer "yes" to send a signing request to the switch CA now. This is
- ordinarily the correct choice. There is no harm in sending a given
- signing request more than once.
- .
- Answer "no" to skip sending a signing request to the switch CA.
- Unless the request has already been sent to the switch CA, manual
- sending of the request and signing will be necessary.
-
-Template: openflow-switch/send-cert-req-failed
-Type: error
-_Description: The certificate request could not be sent.
- Posting to ${url} failed, with the following status: "${error}".
- .
- Ensure that the OpenFlow PKI server is correctly configured and
- available at ${pki-uri}.
-
-Template: openflow-switch/fetch-switch-cert
-Type: select
-_Choices: yes, no
-_Description: Fetch signed switch certificate from PKI server?
- Before it can connect to the controller over SSL, the OpenFlow
- switch's key must be signed by the switch certificate authority (CA)
- located on the OpenFlow PKI server, which is usually collocated with
- the OpenFlow controller.
- .
- At this point, a signing request has been sent to the switch CA (or
- sending a request has been manually skipped), but the signed
- certificate has not yet been retrieved. Manual action may need to be
- taken at the PKI server to approve the signing request.
- .
- Answer "yes" to attempt to retrieve the signed switch certificate
- from the switch CA. If the switch certificate request has been
- signed at the PKI server, this is the correct choice.
- .
- Answer "no" to postpone switch configuration. The configuration
- process must be restarted later, when the switch certificate request
- has been signed.
-
-Template: openflow-switch/fetch-switch-cert-failed
-Type: error
-_Description: Signed switch certificate could not be retrieved.
- The signed switch certificate could not be retrieved from the switch
- CA: retrieval of ${url} failed, with the following status: "${error}".
- .
- This probably indicates that the switch's certificate request has not
- yet been signed. If this is the problem, it may be fixed by signing
- the certificate request at ${pki-uri}, then trying to fetch the
- signed switch certificate again.
-
-Template: openflow-switch/complete
-Type: note
-_Description: OpenFlow Switch Setup Finished
- Setup of this OpenFlow switch is finished. Complete the setup procedure
- to enable the switch.
+++ /dev/null
-README.Debian for openflow-switch
----------------------------------
-
-* The switch must be configured before it can be used. To configure
- it interactively, install the openflow-switch-config package and run
- the ofp-switch-setup program. Alternatively, edit
- /etc/default/openflow-switch by hand, then start the switch manually
- with "/etc/init.d/openflow-switch start".
-
-* To use the Linux kernel-based switch implementation, you will need
- to build and install the OpenFlow kernel module. To do so, install
- the openflow-datapath-source package, then follow the instructions
- given in /usr/share/doc/openflow-datapath-source/README.Debian
-
-* This package does not yet support the userspace datapath-based
- switch implementation.
-
- -- Ben Pfaff <blp@nicira.com>, Tue, 6 Jan 2009 13:52:33 -0800
+++ /dev/null
-/etc/openflow-switch
-/usr/share/openflow/switch
+++ /dev/null
-#! /bin/sh
-#
-# /etc/init.d/openflow-switch
-#
-# Written by Miquel van Smoorenburg <miquels@cistron.nl>.
-# Modified for Debian by Ian Murdock <imurdock@gnu.ai.mit.edu>.
-# Further changes by Javier Fernandez-Sanguino <jfs@debian.org>
-# Modified for openflow-switch.
-#
-# Version: @(#)skeleton 1.9 26-Feb-2001 miquels@cistron.nl
-#
-### BEGIN INIT INFO
-# Provides: openflow-switch
-# Required-Start: $network $named $remote_fs $syslog
-# Required-Stop:
-# Default-Start: 2 3 4 5
-# Default-Stop: 0 1 6
-# Short-Description: OpenFlow switch
-### END INIT INFO
-
-PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
-DAEMON=/usr/sbin/secchan
-NAME=secchan
-DESC=secchan
-
-test -x $DAEMON || exit 0
-
-NICIRA_OUI="002320"
-
-LOGDIR=/var/log/openflow
-PIDFILE=/var/run/$NAME.pid
-DHCLIENT_PIDFILE=/var/run/dhclient.of0.pid
-DODTIME=1 # Time to wait for the server to die, in seconds
- # If this value is set too low you might not
- # let some servers to die gracefully and
- # 'restart' will not work
-
-# Include secchan defaults if available
-unset NETDEVS
-unset MODE
-unset SWITCH_IP
-unset CONTROLLER
-unset PRIVKEY
-unset CERT
-unset CACERT
-unset CACERT_MODE
-unset MGMT_VCONNS
-unset COMMANDS
-unset DAEMON_OPTS
-unset CORE_LIMIT
-unset DATAPATH_ID
-default=/etc/default/openflow-switch
-if [ -f $default ] ; then
- . $default
-fi
-
-set -e
-
-running_pid()
-{
- # Check if a given process pid's cmdline matches a given name
- pid=$1
- name=$2
- [ -z "$pid" ] && return 1
- [ ! -d /proc/$pid ] && return 1
- cmd=`cat /proc/$pid/cmdline | tr "\000" "\n"|head -n 1 |cut -d : -f 1`
- # Is this the expected child?
- case $cmd in
- $name|*/$name)
- return 0
- ;;
- *)
- return 1
- ;;
- esac
-}
-
-running()
-{
-# Check if the process is running looking at /proc
-# (works for all users)
-
- # No pidfile, probably no daemon present
- [ ! -f "$PIDFILE" ] && return 1
- # Obtain the pid and check it against the binary name
- pid=`cat $PIDFILE`
- running_pid $pid $NAME || return 1
- return 0
-}
-
-force_stop() {
-# Forcefully kill the process
- [ ! -f "$PIDFILE" ] && return
- if running ; then
- kill -15 $pid
- # Is it really dead?
- [ -n "$DODTIME" ] && sleep "$DODTIME"s
- if running ; then
- kill -9 $pid
- [ -n "$DODTIME" ] && sleep "$DODTIME"s
- if running ; then
- echo "Cannot kill $NAME (pid=$pid)!"
- exit 1
- fi
- fi
- fi
- rm -f $PIDFILE
- return 0
-}
-
-must_succeed() {
- echo -n "$1: "
- shift
- if "$@"; then
- echo "success."
- else
- echo " ERROR."
- exit 1
- fi
-}
-
-check_op() {
- echo -n "$1: "
- shift
- if "$@"; then
- echo "success."
- else
- echo " ERROR."
- fi
-}
-
-configure_ssl() {
- if (test "$CACERT_MODE" != secure && test "$CACERT_MODE" != bootstrap) \
- || test ! -e "$PRIVKEY" || test ! -e "$CERT" \
- || (test ! -e "$CACERT" && test "$CACERT_MODE" != bootstrap); then
- if test "$CACERT_MODE" != secure && test "$CACERT_MODE" != bootstrap
- then
- echo "CACERT_MODE is not set to 'secure' or 'bootstrap'"
- fi
- if test ! -e "$PRIVKEY"; then
- echo "$PRIVKEY: private key missing" >&2
- fi
- if test ! -e "$CERT"; then
- echo "$CERT: certificate for private key missing" >&2
- fi
- if test ! -e "$CACERT" && test "$CACERT_MODE" != bootstrap; then
- echo "$CACERT: CA certificate missing (and CA certificate bootstrapping not enabled)" >&2
- fi
- echo "Run ofp-switch-setup (in the openflow-switch-config package) or edit /etc/default/openflow-switch to configure" >&2
- if test "$MODE" = discovery; then
- echo "You may also delete or rename $PRIVKEY to disable SSL requirement" >&2
- fi
- exit 1
- fi
-
- SSL_OPTS="--private-key=$PRIVKEY --certificate=$CERT"
- if test ! -e "$CACERT" && test "$CACERT_MODE" = bootstrap; then
- SSL_OPTS="$SSL_OPTS --bootstrap-ca-cert=$CACERT"
- else
- SSL_OPTS="$SSL_OPTS --ca-cert=$CACERT"
- fi
-}
-
-check_int_var() {
- eval value=\$$1
- if test -n "$value"; then
- if expr "X$value" : 'X[0-9][0-9]*$' > /dev/null 2>&1; then
- if test $value -lt $2; then
- echo "warning: The $1 option may not be set to a value below $2, treating as $2" >&2
- eval $1=$2
- fi
- else
- echo "warning: The $1 option must be set to a number, ignoring" >&2
- unset $1
- fi
- fi
-}
-
-check_new_option() {
- case $DAEMON_OPTS in
- *$1*)
- echo "warning: The $1 option in DAEMON_OPTS may now be set with the $2 variable in $default. The setting in DAEMON_OPTS will override the $2 variable, which will prevent the switch UI from configuring $1." >&2
- ;;
- esac
-}
-
-case "$1" in
- start)
- if test -z "$NETDEVS"; then
- echo "$default: No network devices configured, switch disabled" >&2
- echo "Run ofp-switch-setup (in the openflow-switch-config package) or edit /etc/default/openflow-switch to configure" >&2
- exit 0
- fi
- if test "$MODE" = discovery; then
- unset CONTROLLER
- elif test "$MODE" = in-band || test "$MODE" = out-of-band; then
- if test -z "$CONTROLLER"; then
- echo "$default: No controller configured and not configured for discovery, switch disabled" >&2
- echo "Run ofp-switch-setup (in the openflow-switch-config package) or edit /etc/default/openflow-switch to configure" >&2
- exit 0
- fi
- else
- echo "$default: MODE must set to 'discovery', 'in-band', or 'out-of-band'" >&2
- echo "Run ofp-switch-setup (in the openflow-switch-config package) or edit /etc/default/openflow-switch to configure" >&2
- exit 1
- fi
- : ${PRIVKEY:=/etc/openflow-switch/of0-privkey.pem}
- : ${CERT:=/etc/openflow-switch/of0-cert.pem}
- : ${CACERT:=/etc/openflow-switch/cacert.pem}
- case $CONTROLLER in
- '')
- # Discovery mode.
- if test -e "$PRIVKEY"; then
- configure_ssl
- fi
- ;;
- tcp:*)
- ;;
- ssl:*)
- configure_ssl
- ;;
- *)
- echo "$default: CONTROLLER must be in the form 'ssl:HOST[:PORT]' or 'tcp:HOST[:PORT]' when not in discovery mode" >&2
- echo "Run ofp-switch-setup (in the openflow-switch-config package) or edit /etc/default/openflow-switch to configure" >&2
- exit 1
- esac
- case $DISCONNECTED_MODE in
- ''|switch|drop) ;;
- *) echo "$default: warning: DISCONNECTED_MODE is not 'switch' or 'drop'" >&2 ;;
- esac
-
- check_int_var RATE_LIMIT 100
- check_int_var INACTIVITY_PROBE 5
- check_int_var MAX_BACKOFF 1
-
- check_new_option --fail DISCONNECTED_MODE
- check_new_option --stp STP
- check_new_option --rate-limit RATE_LIMIT
- check_new_option --inactivity INACTIVITY_PROBE
- check_new_option --max-backoff MAX_BACKOFF
- case $DAEMON_OPTS in
- *--rate-limit*)
- echo "$default: --rate-limit may now be set with RATE_LIMIT" >&2
- esac
-
- echo -n "Loading openflow_mod: "
- if grep -q '^openflow_mod$' /proc/modules; then
- echo "already loaded, nothing to do."
- elif modprobe openflow_mod; then
- echo "success."
- else
- echo "ERROR."
- echo "openflow_mod has probably not been built for this kernel."
- if ! test -d /usr/share/doc/openflow-datapath-source; then
- echo "Install the openflow-datapath-source package, then read"
- echo "/usr/share/doc/openflow-datapath-source/README.Debian"
- else
- echo "For instructions, read"
- echo "/usr/share/doc/openflow-datapath-source/README.Debian"
- fi
- exit 1
- fi
-
- for netdev in $NETDEVS; do
- check_op "Removing IP address from $netdev" ifconfig $netdev 0.0.0.0
- done
-
- must_succeed "Creating datapath" dpctl adddp of0 $NETDEVS
-
- xx='[0-9abcdefABCDEF][0-9abcdefABCDEF]'
- case $DATAPATH_ID in
- '')
- # Check if the DMI System UUID contains a Nicira mac address
- # that should be used for this datapath. The UUID is assumed
- # to be RFC 4122 compliant.
- DMIDECODE=`which dmidecode`
- if [ -n $DMIDECODE ]; then
- UUID_MAC=`$DMIDECODE -s system-uuid | cut -d'-' -f 5`
- case $UUID_MAC in
- $NICIRA_OUI*)
- ifconfig of0 down
- must_succeed "Setting of0 MAC address to $UUID_MAC" ifconfig of0 hw ether $UUID_MAC
- ifconfig of0 up
- ;;
- esac
- fi
- ;;
- $xx:$xx:$xx:$xx:$xx:$xx)
- ifconfig of0 down
- must_succeed "Setting of0 MAC address to $DATAPATH_ID" ifconfig of0 hw ether $DATAPATH_ID
- ifconfig of0 up
- ;;
- *)
- echo "DATAPATH_ID is not a valid MAC address in the form XX:XX:XX:XX:XX:XX, ignoring" >&2
- ;;
- esac
-
- if test "$MODE" = in-band; then
- if test "$SWITCH_IP" = dhcp; then
- must_succeed "Temporarily disabling of0" ifconfig of0 down
- else
- COMMAND="ifconfig of0 $SWITCH_IP"
- if test -n "$SWITCH_NETMASK"; then
- COMMAND="$COMMAND netmask $SWITCH_NETMASK"
- fi
- must_succeed "Configuring of0: $COMMAND" $COMMAND
- if test -n "$SWITCH_GATEWAY"; then
- # This can fail because the route already exists,
- # so we don't insist that it succeed.
- COMMAND="route add default gw $SWITCH_GATEWAY"
- check_op "Adding default route: $COMMAND" $COMMAND
- fi
- fi
- else
- must_succeed "Disabling of0" ifconfig of0 down
- fi
-
- if test -n "$CORE_LIMIT"; then
- check_op "Setting core limit to $CORE_LIMIT" ulimit -c "$CORE_LIMIT"
- fi
-
- # Compose secchan options.
- set --
- set -- "$@" --verbose=ANY:console:emer --verbose=ANY:syslog:err
- set -- "$@" --log-file
- set -- "$@" --detach --pidfile=$PIDFILE
- for vconn in $MGMT_VCONNS; do
- set -- "$@" --listen="$vconn"
- done
- if test -n "$COMMANDS"; then
- set -- "$@" --command-acl="$COMMANDS"
- fi
- case $STP in
- yes) set -- "$@" --stp ;;
- no) set -- "$@" --no-stp ;;
- esac
- case $DISCONNECTED_MODE in
- switch) set -- "$@" --fail=open ;;
- drop) set -- "$@" --fail=closed ;;
- esac
- if test -n "$RATE_LIMIT"; then
- set -- "$@" --rate-limit=$RATE_LIMIT
- fi
- if test -n "$INACTIVITY_PROBE"; then
- set -- "$@" --inactivity-probe=$INACTIVITY_PROBE
- fi
- if test -n "$MAX_BACKOFF"; then
- set -- "$@" --max-backoff=$MAX_BACKOFF
- fi
- set -- "$@" $SSL_OPTS $DAEMON_OPTS
- if test "$MODE" = out-of-band; then
- set -- "$@" --out-of-band
- fi
- set -- "$@" of0 "$CONTROLLER"
- echo -n "Starting $DESC: "
- start-stop-daemon --start --quiet --pidfile $PIDFILE \
- --exec $DAEMON -- "$@"
- if running; then
- echo "$NAME."
- else
- echo " ERROR."
- fi
-
- if test "$MODE" = in-band && test "$SWITCH_IP" = dhcp; then
- echo -n "Starting dhclient on of0: "
- start-stop-daemon --start --quiet --pidfile $DHCLIENT_PIDFILE \
- --exec /sbin/dhclient -- -q -pf $DHCLIENT_PIDFILE of0
- if running; then
- echo "dhclient."
- else
- echo " ERROR."
- fi
- fi
- ;;
- stop)
- if test -e /var/run/dhclient.of0.pid; then
- echo -n "Stopping dhclient on of0: "
- start-stop-daemon --stop --quiet --oknodo \
- --pidfile $DHCLIENT_PIDFILE --exec /sbin/dhclient
- echo "dhclient."
- fi
-
- echo -n "Stopping $DESC: "
- start-stop-daemon --stop --quiet --oknodo --pidfile $PIDFILE \
- --exec $DAEMON
- echo "$NAME."
-
- check_op "Deleting datapath" dpctl deldp of0
- check_op "Unloading kernel module" modprobe -r openflow_mod
- ;;
- force-stop)
- echo -n "Forcefully stopping $DESC: "
- force_stop
- if ! running; then
- echo "$NAME."
- else
- echo " ERROR."
- fi
- ;;
- reload)
- ;;
- force-reload)
- start-stop-daemon --stop --test --quiet --pidfile \
- $PIDFILE --exec $DAEMON \
- && $0 restart \
- || exit 0
- ;;
- restart)
- $0 stop || true
- $0 start
- ;;
- status)
- echo -n "$NAME is "
- if running ; then
- echo "running"
- else
- echo " not running."
- exit 1
- fi
- ;;
- *)
- N=/etc/init.d/$NAME
- echo "Usage: $N {start|stop|restart|force-reload|status|force-stop}" >&2
- exit 1
- ;;
-esac
-
-exit 0
+++ /dev/null
-_debian/secchan/secchan usr/sbin
-_debian/utilities/dpctl usr/sbin
-_debian/utilities/ofp-discover usr/sbin
-_debian/utilities/ofp-kill usr/sbin
-debian/openflow/usr/share/openflow/commands/* usr/share/openflow/commands
-debian/commands/* usr/share/openflow/commands
+++ /dev/null
-/var/log/openflow/secchan.log {
- daily
- compress
- create 640 root adm
- delaycompress
- missingok
- rotate 30
- postrotate
- vlogconf --target /var/run/secchan.pid --reopen
- endscript
-}
+++ /dev/null
-_debian/secchan/secchan.8
-_debian/utilities/ofp-discover.8
-_debian/utilities/ofp-kill.8
-_debian/utilities/dpctl.8
+++ /dev/null
-#!/bin/sh
-# postinst script for openflow-switch
-#
-# see: dh_installdeb(1)
-
-set -e
-
-# summary of how this script can be called:
-# * <postinst> `configure' <most-recently-configured-version>
-# * <old-postinst> `abort-upgrade' <new version>
-# * <conflictor's-postinst> `abort-remove' `in-favour' <package>
-# <new-version>
-# * <postinst> `abort-remove'
-# * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
-# <failed-install-package> <version> `removing'
-# <conflicting-package> <version>
-# for details, see http://www.debian.org/doc/debian-policy/ or
-# the debian-policy package
-
-
-case "$1" in
- configure)
- DEFAULT=/etc/default/openflow-switch
- TEMPLATE=/usr/share/openflow/switch/default.template
- if ! test -e $DEFAULT; then
- cp $TEMPLATE $DEFAULT
- else
- for var in $(awk -F'[ :]' '/^# [_A-Z0-9]+:/{print $2}' $TEMPLATE)
- do
- if ! grep $var $DEFAULT >/dev/null 2>&1; then
- echo >> $DEFAULT
- sed -n "/$var:/,/$var=/p" $TEMPLATE >> $DEFAULT
- fi
- done
- fi
- ;;
-
- abort-upgrade|abort-remove|abort-deconfigure)
- ;;
-
- *)
- echo "postinst called with unknown argument \`$1'" >&2
- exit 1
- ;;
-esac
-
-#DEBHELPER#
-
-exit 0
-
-
+++ /dev/null
-#!/bin/sh
-# postrm script for openflow-switch
-#
-# see: dh_installdeb(1)
-
-set -e
-
-# summary of how this script can be called:
-# * <postrm> `remove'
-# * <postrm> `purge'
-# * <old-postrm> `upgrade' <new-version>
-# * <new-postrm> `failed-upgrade' <old-version>
-# * <new-postrm> `abort-install'
-# * <new-postrm> `abort-install' <old-version>
-# * <new-postrm> `abort-upgrade' <old-version>
-# * <disappearer's-postrm> `disappear' <overwriter>
-# <overwriter-version>
-# for details, see http://www.debian.org/doc/debian-policy/ or
-# the debian-policy package
-
-
-case "$1" in
- purge)
- rm -f /etc/default/openflow-switch
- ;;
-
- remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
- ;;
-
- *)
- echo "postrm called with unknown argument \`$1'" >&2
- exit 1
- ;;
-esac
-
-# dh_installdeb will replace this with shell code automatically
-# generated by other debhelper scripts.
-
-#DEBHELPER#
-
-exit 0
-
-
+++ /dev/null
-# This is a POSIX shell fragment -*- sh -*-
-
-# To configure the secure channel, fill in the following properly and
-# uncomment them. Afterward, the secure channel will come up
-# automatically at boot time. It can be started immediately with
-# /etc/init.d/openflow-switch start
-# Alternatively, use the ofp-switch-setup program (from the
-# openflow-switch-config package) to do everything automatically.
-
-# NETDEVS: Which network devices should the OpenFlow switch include?
-#
-# List the network devices that should become part of the OpenFlow
-# switch, separated by spaces. At least two devices must be selected
-# for this machine to be a useful switch. Unselecting all network
-# devices will disable the OpenFlow switch entirely.
-#
-# The network devices that you select should not be configured with IP
-# or IPv6 addresses, even if the switch contacts the controller over
-# one of the selected network devices. This is because a running
-# OpenFlow switch takes over network devices at a low level: they
-# become part of the switch and cannot be used for other purposes.
-#NETDEVS=""
-
-# MODE: The OpenFlow switch has three modes that determine how it
-# reaches the controller:
-#
-# * in-band with discovery: A single network is used for OpenFlow
-# traffic and other data traffic; that is, the switch contacts the
-# controller over one of the network devices selected as OpenFlow
-# switch ports. The switch automatically determines the location of
-# the controller using a DHCP request with an OpenFlow-specific
-# vendor option. This is the most common case.
-#
-# * in-band: As above, but the location of the controller is manually
-# configured.
-#
-# * out-of-band: OpenFlow traffic uses a network separate from the
-# data traffic that it controls. If this is the case, the control
-# network must already be configured on a network device other than
-# one of those selected as an OpenFlow switch port in the previous
-# question.
-#
-# Set MODE to 'discovery', 'in-band', or 'out-of-band' for these
-# respective cases.
-MODE=discovery
-
-# SWITCH_IP: In 'in-band' mode, the switch's IP address may be
-# configured statically or dynamically:
-#
-# * For static configuration, specify the switch's IP address as a
-# string. In this case you may also set SWITCH_NETMASK and
-# SWITCH_GATEWAY appropriately (see below).
-#
-# * For dynamic configuration with DHCP (the most common case),
-# specify "dhcp". Configuration with DHCP will only work reliably
-# if the network topology allows the switch to contact the DHCP
-# server before it connects to the OpenFlow controller.
-#
-# This setting has no effect unless MODE is set to 'in-band'.
-SWITCH_IP=dhcp
-
-# SWITCH_NETMASK: IP netmask to use in 'in-band' mode when the switch
-# IP address is not 'dhcp'.
-#SWITCH_NETMASK=255.255.255.0
-
-# SWITCH_GATEWAY: IP gateway to use in 'in-band' mode when the switch
-# IP address is not 'dhcp'.
-#SWITCH_GATEWAY=192.168.1.1
-
-# CONTROLLER: Location of controller.
-# One of the following formats:
-# tcp:HOST[:PORT] via TCP to PORT (default: 6633) on HOST
-# ssl:HOST[:PORT] via SSL to PORT (default: 6633) on HOST
-# The default below assumes that the controller is running locally.
-# This setting has no effect when MODE is set to 'discovery'.
-#CONTROLLER="tcp:127.0.0.1"
-
-# PRIVKEY: Name of file containing switch's private key.
-# Required if SSL enabled.
-#PRIVKEY=/etc/openflow-switch/of0-privkey.pem
-
-# CERT: Name of file containing certificate for private key.
-# Required if SSL enabled.
-#CERT=/etc/openflow-switch/of0-cert.pem
-
-# CACERT: Name of file containing controller CA certificate.
-# Required if SSL enabled.
-#CACERT=/etc/openflow-switch/cacert.pem
-
-# CACERT_MODE: Two modes are available:
-#
-# * secure: The controller CA certificate named in CACERT above must exist.
-# (You must copy it manually from the PKI server or another trusted source.)
-#
-# * bootstrap: If the controller CA certificate named in CACERT above does
-# not exist, the switch will obtain it from the controller the first time
-# it connects and save a copy to the file named in CACERT. This is insecure,
-# in the same way that initial connections with ssh are insecure, but
-# it is convenient.
-#
-# Set CACERT_MODE to 'secure' or 'bootstrap' for these respective cases.
-#CACERT_MODE=secure
-
-# MGMT_VCONNS: List of vconns (space-separated) on which secchan
-# should listen for management connections from dpctl, etc.
-# openflow-switchui by default connects to
-# unix:/var/run/secchan.mgmt, so do not disable this if you want to
-# use openflow-switchui.
-MGMT_VCONNS="punix:/var/run/secchan.mgmt"
-
-# COMMANDS: Access control list for the commands that can be executed
-# remotely over the OpenFlow protocol, as a comma-separated list of
-# shell glob patterns. Negative patterns (beginning with !) act as a
-# blacklist. To be executable, a command name must match one positive
-# pattern and not match any negative patterns.
-#COMMANDS="reboot,update"
-
-# DISCONNECTED_MODE: Switch behavior when attempts to connect to the
-# controller repeatedly fail, either 'switch', to act as an L2 switch
-# in this case, or 'drop', to drop all packets (except those necessary
-# to connect to the controller). If unset, the default is 'drop'.
-#DISCONNECTED_MODE=switch
-
-# STP: Enable or disabled 802.1D-1998 Spanning Tree Protocol. Set to
-# 'yes' to enable STP, 'no' to disable it. If unset, secchan's
-# current default is 'no' (but this may change in the future).
-#STP=no
-
-# RATE_LIMIT: Maximum number of received frames, that do not match any
-# existing switch flow, to forward up to the controller per second.
-# The valid range is 100 and up. If unset, this rate will not be
-# limited.
-#RATE_LIMIT=1000
-
-# INACTIVITY_PROBE: The maximum number of seconds of inactivity on the
-# controller connection before secchan sends an inactivity probe
-# message to the controller. The valid range is 5 and up. If unset,
-# secchan defaults to 15 seconds.
-#INACTIVITY_PROBE=5
-
-# MAX_BACKOFF: The maximum time that secchan will wait between
-# attempts to connect to the controller. The valid range is 1 and up.
-# If unset, secchan defaults to 15 seconds.
-#MAX_BACKOFF=15
-
-# DAEMON_OPTS: Additional options to pass to secchan, e.g. "--fail=open"
-DAEMON_OPTS=""
-
-# CORE_LIMIT: Maximum size for core dumps.
-#
-# Leaving this unset will use the system default. Setting it to 0
-# will disable core dumps. Setting it to "unlimited" will dump all
-# core files regardless of size.
-#CORE_LIMIT=unlimited
-
-# DATAPATH_ID: Identifier for this switch.
-#
-# By default, the switch checks if the DMI System UUID contains a Nicira
-# mac address to use as a datapath ID. If not, then the switch generates
-# a new, random datapath ID every time it starts up. By setting this
-# value, the supplied datapath ID will always be used.
-#
-# Set DATAPATH_ID to a MAC address in the form XX:XX:XX:XX:XX:XX where each
-# X is a hexadecimal digit (0-9 or a-f).
-#DATAPATH_ID=XX:XX:XX:XX:XX:XX
--- /dev/null
+var/log/openvswitch
--- /dev/null
+_debian/utilities/ovs-parse-leaks usr/bin
+_debian/utilities/ovs-pki usr/sbin
+_debian/utilities/vlogconf usr/sbin
--- /dev/null
+_debian/utilities/vlogconf.8
+_debian/utilities/ovs-pki.8
--- /dev/null
+README.Debian for openvswitch-controller
+-------------------------------------
+
+* To (re)configure the controller, edit /etc/default/openvswitch-controller
+ and run "/etc/init.d/openvswitch-controller restart".
+
+* To enable OpenFlow switches to automatically discover the location
+ of the controller, you must install and configure a DHCP server.
+ The secchan(8) manpage (found in the openvswitch-switch package) gives
+ a working example configuration file for the ISC DHCP server.
+
+ -- Ben Pfaff <blp@nicira.com>, Mon, 11 May 2009 13:26:38 -0700
--- /dev/null
+# This is a POSIX shell fragment -*- sh -*-
+
+# LISTEN: What OpenFlow connection methods should the controller listen on?
+#
+# This is a space-delimited list of connection methods:
+#
+# * "pssl:[PORT]": Listen for SSL connections on the specified PORT
+# (default: 6633). The private key, certificate, and CA certificate
+# must be specified below.
+#
+# * "pctp:[PORT]": Listen for TCP connections on the specified PORT
+# (default: 6633). Not recommended for security reasons.
+#
+LISTEN="pssl:"
+
+# PRIVKEY: Name of file containing controller's private key.
+# Required if SSL enabled.
+PRIVKEY=/etc/openvswitch-controller/privkey.pem
+
+# CERT: Name of file containing certificate for private key.
+# Required if SSL enabled.
+CERT=/etc/openvswitch-controller/cert.pem
+
+# CACERT: Name of file containing switch CA certificate.
+# Required if SSL enabled.
+CACERT=/etc/openvswitch-controller/cacert.pem
+
+# Additional options to pass to controller, e.g. "--hub"
+DAEMON_OPTS=""
--- /dev/null
+etc/openvswitch-controller
--- /dev/null
+#!/bin/sh
+#
+# Copyright (c) 2007, 2009 Javier Fernandez-Sanguino <jfs@debian.org>
+#
+# This is free software; you may redistribute it and/or modify
+# it under the terms of the GNU General Public License as
+# published by the Free Software Foundation; either version 2,
+# or (at your option) any later version.
+#
+# This is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License with
+# the Debian operating system, in /usr/share/common-licenses/GPL; if
+# not, write to the Free Software Foundation, Inc., 59 Temple Place,
+# Suite 330, Boston, MA 02111-1307 USA
+#
+### BEGIN INIT INFO
+# Provides: openvswitch-controller
+# Required-Start: $network $local_fs
+# Required-Stop:
+# Should-Start: $named
+# Should-Stop:
+# Default-Start: 2 3 4 5
+# Default-Stop: 0 1 6
+# Short-Description: OpenVSwitch controller
+### END INIT INFO
+
+PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
+
+DAEMON=/usr/sbin/controller # Introduce the server's location here
+NAME=controller # Introduce the short server's name here
+DESC=controller # Introduce a short description here
+LOGDIR=/var/log/openvswitch # Log directory to use
+
+PIDFILE=/var/run/$NAME.pid
+
+test -x $DAEMON || exit 0
+
+. /lib/lsb/init-functions
+
+# Default options, these can be overriden by the information
+# at /etc/default/$NAME
+DAEMON_OPTS="" # Additional options given to the server
+
+DODTIME=10 # Time to wait for the server to die, in seconds
+ # If this value is set too low you might not
+ # let some servers to die gracefully and
+ # 'restart' will not work
+
+LOGFILE=$LOGDIR/$NAME.log # Server logfile
+#DAEMONUSER= # User to run the daemons as. If this value
+ # is set start-stop-daemon will chuid the server
+
+# Include defaults if available
+default=/etc/default/openvswitch-controller
+if [ -f $default ] ; then
+ . $default
+fi
+
+# Check that the user exists (if we set a user)
+# Does the user exist?
+if [ -n "$DAEMONUSER" ] ; then
+ if getent passwd | grep -q "^$DAEMONUSER:"; then
+ # Obtain the uid and gid
+ DAEMONUID=`getent passwd |grep "^$DAEMONUSER:" | awk -F : '{print $3}'`
+ DAEMONGID=`getent passwd |grep "^$DAEMONUSER:" | awk -F : '{print $4}'`
+ else
+ log_failure_msg "The user $DAEMONUSER, required to run $NAME does not exist."
+ exit 1
+ fi
+fi
+
+
+set -e
+
+running_pid() {
+# Check if a given process pid's cmdline matches a given name
+ pid=$1
+ name=$2
+ [ -z "$pid" ] && return 1
+ [ ! -d /proc/$pid ] && return 1
+ cmd=`cat /proc/$pid/cmdline | tr "\000" "\n"|head -n 1 |cut -d : -f 1`
+ # Is this the expected server
+ [ "$cmd" != "$name" ] && return 1
+ return 0
+}
+
+running() {
+# Check if the process is running looking at /proc
+# (works for all users)
+
+ # No pidfile, probably no daemon present
+ [ ! -f "$PIDFILE" ] && return 1
+ pid=`cat $PIDFILE`
+ running_pid $pid $DAEMON || return 1
+ return 0
+}
+
+start_server() {
+ if [ -z "$LISTEN" ]; then
+ echo "$default: No connection methods configured, controller disabled" >&2
+ exit 0
+ fi
+
+ SSL_OPTS=
+ case $LISTEN in
+ *ssl*)
+ : ${PRIVKEY:=/etc/openvswitch-controller/privkey.pem}
+ : ${CERT:=/etc/openvswitch-controller/cert.pem}
+ : ${CACERT:=/etc/openvswitch-controller/cacert.pem}
+ if test ! -e "$PRIVKEY" || test ! -e "$CERT" ||
+ test ! -e "$CACERT"; then
+ if test ! -e "$PRIVKEY"; then
+ echo "$PRIVKEY: private key missing" >&2
+ fi
+ if test ! -e "$CERT"; then
+ echo "$CERT: certificate for private key missing" >&2
+ fi
+ if test ! -e "$CACERT"; then
+ echo "$CACERT: CA certificate missing" >&2
+ fi
+ exit 1
+ fi
+ SSL_OPTS="--private-key=$PRIVKEY --certificate=$CERT --ca-cert=$CACERT"
+ ;;
+ esac
+
+# Start the process using the wrapper
+ if [ -z "$DAEMONUSER" ] ; then
+ start-stop-daemon --start --pidfile $PIDFILE \
+ --exec $DAEMON -- --detach --pidfile=$PIDFILE \
+ $LISTEN $DAEMON_OPTS $SSL_OPTS
+ errcode=$?
+ else
+# if we are using a daemonuser then change the user id
+ start-stop-daemon --start --quiet --pidfile $PIDFILE \
+ --chuid $DAEMONUSER --exec $DAEMON -- \
+ --detach --pidfile=$PIDFILE $LISTEN $DAEMON_OPTS \
+ $SSL_OPTS
+ errcode=$?
+ fi
+ return $errcode
+}
+
+stop_server() {
+# Stop the process using the wrapper
+ if [ -z "$DAEMONUSER" ] ; then
+ start-stop-daemon --stop --quiet --pidfile $PIDFILE \
+ --exec $DAEMON
+ errcode=$?
+ else
+# if we are using a daemonuser then look for process that match
+ start-stop-daemon --stop --quiet --pidfile $PIDFILE \
+ --user $DAEMONUSER --exec $DAEMON
+ errcode=$?
+ fi
+
+ return $errcode
+}
+
+reload_server() {
+ [ ! -f "$PIDFILE" ] && return 1
+ pid=`cat $PIDFILE` # This is the daemon's pid
+ # Send a SIGHUP
+ kill -1 $pid
+ return $?
+}
+
+force_stop() {
+# Force the process to die killing it manually
+ [ ! -e "$PIDFILE" ] && return
+ if running ; then
+ kill -15 $pid
+ # Is it really dead?
+ sleep "$DIETIME"s
+ if running ; then
+ kill -9 $pid
+ sleep "$DIETIME"s
+ if running ; then
+ echo "Cannot kill $NAME (pid=$pid)!"
+ exit 1
+ fi
+ fi
+ fi
+ rm -f $PIDFILE
+}
+
+
+case "$1" in
+ start)
+ log_daemon_msg "Starting $DESC " "$NAME"
+ # Check if it's running first
+ if running ; then
+ log_progress_msg "apparently already running"
+ log_end_msg 0
+ exit 0
+ fi
+ if start_server && running ; then
+ # It's ok, the server started and is running
+ log_end_msg 0
+ else
+ # Either we could not start it or it is not running
+ # after we did
+ # NOTE: Some servers might die some time after they start,
+ # this code does not try to detect this and might give
+ # a false positive (use 'status' for that)
+ log_end_msg 1
+ fi
+ ;;
+ stop)
+ log_daemon_msg "Stopping $DESC" "$NAME"
+ if running ; then
+ # Only stop the server if we see it running
+ stop_server
+ log_end_msg $?
+ else
+ # If it's not running don't do anything
+ log_progress_msg "apparently not running"
+ log_end_msg 0
+ exit 0
+ fi
+ ;;
+ force-stop)
+ # First try to stop gracefully the program
+ $0 stop
+ if running; then
+ # If it's still running try to kill it more forcefully
+ log_daemon_msg "Stopping (force) $DESC" "$NAME"
+ force_stop
+ log_end_msg $?
+ fi
+ ;;
+ restart|force-reload)
+ log_daemon_msg "Restarting $DESC" "$NAME"
+ stop_server
+ # Wait some sensible amount, some server need this
+ [ -n "$DIETIME" ] && sleep $DIETIME
+ start_server
+ running
+ log_end_msg $?
+ ;;
+ status)
+
+ log_daemon_msg "Checking status of $DESC" "$NAME"
+ if running ; then
+ log_progress_msg "running"
+ log_end_msg 0
+ else
+ log_progress_msg "apparently not running"
+ log_end_msg 1
+ exit 1
+ fi
+ ;;
+ # Use this if the daemon cannot reload
+ reload)
+ log_warning_msg "Reloading $NAME daemon: not implemented, as the daemon"
+ log_warning_msg "cannot re-read the config file (use restart)."
+ ;;
+ *)
+ N=/etc/init.d/$NAME
+ echo "Usage: $N {start|stop|force-stop|restart|force-reload|status}" >&2
+ exit 1
+ ;;
+esac
+
+exit 0
--- /dev/null
+_debian/controller/controller usr/sbin
--- /dev/null
+_debian/controller/controller.8
--- /dev/null
+#!/bin/sh
+# postinst script for openvswitch-controller
+#
+# see: dh_installdeb(1)
+
+set -e
+
+# summary of how this script can be called:
+# * <postinst> `configure' <most-recently-configured-version>
+# * <old-postinst> `abort-upgrade' <new version>
+# * <conflictor's-postinst> `abort-remove' `in-favour' <package>
+# <new-version>
+# * <postinst> `abort-remove'
+# * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
+# <failed-install-package> <version> `removing'
+# <conflicting-package> <version>
+# for details, see http://www.debian.org/doc/debian-policy/ or
+# the debian-policy package
+
+
+case "$1" in
+ configure)
+ cd /etc/openvswitch-controller
+ if ! test -e cacert.pem; then
+ ln -s /usr/share/openvswitch/pki/switchca/cacert.pem cacert.pem
+ fi
+ if ! test -e privkey.pem || ! test -e cert.pem; then
+ oldumask=$(umask)
+ umask 077
+ ovs-pki req+sign tmp controller >/dev/null
+ mv tmp-privkey.pem privkey.pem
+ mv tmp-cert.pem cert.pem
+ mv tmp-req.pem req.pem
+ chmod go+r cert.pem req.pem
+ umask $oldumask
+ fi
+ ;;
+
+ abort-upgrade|abort-remove|abort-deconfigure)
+ ;;
+
+ *)
+ echo "postinst called with unknown argument \`$1'" >&2
+ exit 1
+ ;;
+esac
+
+#DEBHELPER#
+
+exit 0
+
+
--- /dev/null
+#!/bin/sh
+# postinst script for #PACKAGE#
+#
+# see: dh_installdeb(1)
+
+set -e
+
+depmod -a
+
+#DEBHELPER#
+
+# If the switch is running, restart it. This ensures that we are using the
+# latest kernel module, because the init script will unload and reload the
+# module.
+#
+# (Ideally we'd only want to do this if this package corresponds to the
+# running kernel, but I don't know a reliable way to check.)
+INIT=/etc/init.d/openvswitch-switch
+if test -x $INIT && $INIT status; then
+ $INIT restart || true
+fi
+
+exit 0
+
+
--- /dev/null
+OpenVSwitch for Debian
+----------------------
+
+* How do I build this module the Debian way?
+
+ - Building with module-assistant:
+
+ $ module-assistant auto-install openvswitch
+ or
+ $ m-a a-i openvswitch
+
+ If kernel source or headers are in a non-standard directory, add
+ the option -k /path/to/kernel/source with the correct path.
+
+ - Building with make-kpkg
+
+ $ cd /usr/src/
+ $ tar jxvf openvswitch.tar.bz2
+ $ cd /usr/src/kernel-source-2.6.9
+ $ make-kpkg --added-modules=openvswitch modules
+
+ - Building without make-kpkg
+
+ $ cd /usr/src/
+ $ tar jxvf openvswitch.tar.bz2
+ $ cd modules/openvswitch
+ $ fakeroot debian/rules kdist_image
+
+ If you run this as root, fakeroot is not needed.
+
+ -- Ben Pfaff <blp@nicira.com>, Mon, 11 May 2009 13:27:50 -0700
--- /dev/null
+Upstream Authors:
+
+ The Board of Trustees of The Leland Stanford Junior University
+
+Copyright:
+
+ Copyright (C) 2008 The Board of Trustees of The Leland Stanford
+ Junior University
+
+License:
+
+ Files in the datapath/ and its sub-directories are covered under the GNU
+ General Public License Version 2.
+
+ On Debian systems, the complete text of the GNU General
+ Public License can be found in `/usr/share/common-licenses/GPL'.
--- /dev/null
+usr/src/modules/openvswitch-datapath/debian
--- /dev/null
+debian/changelog usr/src/modules/openvswitch-datapath/debian
+debian/control usr/src/modules/openvswitch-datapath/debian
+debian/compat usr/src/modules/openvswitch-datapath/debian
+debian/*.modules.in usr/src/modules/openvswitch-datapath/debian
+debian/rules usr/src/modules/openvswitch-datapath/debian
+_debian/openvswitch.tar.gz usr/src/modules/openvswitch-datapath
--- /dev/null
+Alias /openvswitch/pki/ /usr/share/openvswitch/pki/
--- /dev/null
+etc/apache2/sites-available
--- /dev/null
+_debian/utilities/ovs-pki-cgi usr/lib/cgi-bin
--- /dev/null
+#!/bin/sh
+# postinst script for openflow
+#
+# see: dh_installdeb(1)
+
+set -e
+
+# summary of how this script can be called:
+# * <postinst> `configure' <most-recently-configured-version>
+# * <old-postinst> `abort-upgrade' <new version>
+# * <conflictor's-postinst> `abort-remove' `in-favour' <package>
+# <new-version>
+# * <postinst> `abort-remove'
+# * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
+# <failed-install-package> <version> `removing'
+# <conflicting-package> <version>
+# for details, see http://www.debian.org/doc/debian-policy/ or
+# the debian-policy package
+
+case "$1" in
+ configure)
+ # Enable site under Apache.
+ a2ensite openflow-pki >/dev/null
+ if command -v invoke-rc.d >/dev/null 2>&1; then
+ invoke-rc.d apache2 force-reload || :
+ else
+ [ -x /etc/init.d/apache2 ] && /etc/init.d/apache2 force-reload || :
+ fi
+ ;;
+
+ abort-upgrade|abort-remove|abort-deconfigure)
+ ;;
+
+ *)
+ echo "postinst called with unknown argument \`$1'" >&2
+ exit 1
+ ;;
+esac
+
+#DEBHELPER#
+
+exit 0
+
+
--- /dev/null
+#!/bin/sh
+# postinst script for openvswitch
+#
+# see: dh_installdeb(1)
+
+set -e
+
+# summary of how this script can be called:
+# * <postinst> `configure' <most-recently-configured-version>
+# * <old-postinst> `abort-upgrade' <new version>
+# * <conflictor's-postinst> `abort-remove' `in-favour' <package>
+# <new-version>
+# * <postinst> `abort-remove'
+# * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
+# <failed-install-package> <version> `removing'
+# <conflicting-package> <version>
+# for details, see http://www.debian.org/doc/debian-policy/ or
+# the debian-policy package
+
+case "$1" in
+ configure)
+ # Create certificate authorities.
+ if test ! -d /usr/share/openvswitch/pki; then
+ ovs-pki init
+ fi
+ ;;
+
+ abort-upgrade|abort-remove|abort-deconfigure)
+ ;;
+
+ *)
+ echo "postinst called with unknown argument \`$1'" >&2
+ exit 1
+ ;;
+esac
+
+#DEBHELPER#
+
+exit 0
+
+
--- /dev/null
+/usr/share/lintian/overrides
--- /dev/null
+debian/ovs-switch-setup usr/sbin
--- /dev/null
+debian/ovs-switch-setup.8
--- /dev/null
+debconf-is-not-a-registry
--- /dev/null
+Template: openvswitch-switch/netdevs
+Type: multiselect
+_Choices: ${choices}
+_Description: OpenFlow switch network devices:
+ Choose the network devices that should become part of the OpenFlow
+ switch. At least two devices must be selected for this machine to be
+ a useful switch. Unselecting all network devices will disable the
+ OpenFlow switch entirely.
+ .
+ The network devices that you select should not be configured with IP
+ or IPv6 addresses, even if the switch contacts the controller over
+ one of the selected network devices. This is because a running
+ OpenFlow switch takes over network devices at a low level: they
+ become part of the switch and cannot be used for other purposes.
+
+Template: openvswitch-switch/no-netdevs
+Type: error
+_Description: No network devices were selected.
+ No network devices were selected for inclusion in the OpenFlow switch.
+ The switch will be disabled.
+
+Template: openvswitch-switch/configured-netdevs
+Type: note
+_Description: Some Network Devices Have IP or IPv6 Addresses
+ The following network devices selected to be part of the OpenFlow switch
+ have IP or IPv6 addresses configured:
+ .
+ ${configured-netdevs}
+ .
+ This is usually a mistake, even if the switch contacts the controller over
+ one of the selected network devices. This is because a running
+ OpenFlow switch takes over network devices at a low level: they
+ become part of the switch and cannot be used for other purposes.
+ .
+ If this is an unintentional mistake, move back and fix the selection,
+ or de-configure the IP or IPv6 from these network devices.
+
+Template: openvswitch-switch/mode
+Type: select
+_Choices: discovery, in-band, out-of-band
+Default: discovery
+_Description: Switch-to-controller access method:
+ The OpenFlow switch must be able to contact the OpenFlow controller over
+ the network. It can do so in one of three ways:
+ .
+ discovery: A single network is used for OpenFlow traffic and other
+ data traffic; that is, the switch contacts the controller over one of
+ the network devices selected as OpenFlow switch network devices in
+ the previous question. The switch automatically determines the
+ location of the controller using a DHCP request with an
+ OpenFlow-specific vendor option. This is the most common case.
+ .
+ in-band: As above, but the location of the controller is manually
+ configured.
+ .
+ out-of-band: OpenFlow traffic uses a network separate from the data traffic
+ that it controls. If this is the case, the control network must already
+ be configured on a network device other than one of those selected as
+ an OpenFlow switch netdev in the previous question.
+
+Template: openvswitch-switch/discover
+Type: note
+_Description: Preparing to discover controller.
+ The setup program will now attempt to discover the OpenFlow controller.
+ Controller discovery may take up to 30 seconds. Please be patient.
+ .
+ See secchan(8) for instructions on how to configure a DHCP server for
+ controller discovery.
+
+Template: openvswitch-switch/discovery-failure
+Type: error
+_Description: Controller discovery failed.
+ The controller's location could not be determined automatically.
+ .
+ Ensure that the OpenFlow DHCP server is properly configured. See
+ secchan(8) for instructions on how to configure a DHCP server for
+ controller discovery.
+
+Template: openvswitch-switch/discovery-success
+Type: boolean
+Default: true
+_Description: Use discovered settings?
+ Controller discovery obtained the following settings:
+ .
+ Controller location: ${controller-vconn}
+ .
+ PKI URL: ${pki-uri}
+ .
+ Please verify that these settings are correct.
+
+Template: openvswitch-switch/switch-ip
+Type: string
+Default: dhcp
+_Description: Switch IP address:
+ For in-band communication with the controller, the OpenFlow switch must
+ be able to determine its own IP address. Its IP address may be configured
+ statically or dynamically.
+ .
+ For static configuration, specify the switch's IP address as a string.
+ .
+ For dynamic configuration with DHCP (the most common case), specify "dhcp".
+ Configuration with DHCP will only work reliably if the network topology
+ allows the switch to contact the DHCP server before it connects to the
+ OpenFlow controller.
+
+Template: openvswitch-switch/switch-ip-error
+Type: error
+_Description: The switch IP address is invalid.
+ The switch IP address must specified as "dhcp" or a valid IP address in
+ dotted-octet form (e.g. "1.2.3.4").
+
+Template: openvswitch-switch/controller-vconn
+Type: string
+_Description: Controller location:
+ Specify how the OpenFlow switch should connect to the OpenFlow controller.
+ The value should be in form "ssl:HOST[:PORT]" to connect to the controller
+ over SSL (recommended for security) or "tcp:HOST[:PORT]" to connect over
+ cleartext TCP.
+
+Template: openvswitch-switch/controller-vconn-error
+Type: error
+_Description: The controller location is invalid.
+ The controller location must be specifed as "ssl:HOST[:PORT]" to
+ connect to the controller over SSL (recommended for security) or
+ "tcp:HOST[:PORT]" to connect over cleartext TCP.
+
+Template: openvswitch-switch/pki-uri
+Type: string
+_Description: OpenFlow PKI server host name or URL:
+ Specify a URL to the OpenFlow public key infrastructure (PKI). If a
+ host name or IP address is specified in place of a URL, then
+ http://<host>/openvswitch/pki/ will be used,
+ where <host> is the specified host name or IP address.
+ .
+ The OpenFlow PKI is usually on the same machine as the OpenFlow
+ controller.
+ .
+ The setup process will connect to the OpenFlow PKI server over
+ HTTP, using the system's configured default HTTP proxy (if any).
+
+Template: openvswitch-switch/fetch-cacert-failed
+Type: error
+_Description: The switch CA certificate could not be retrieved.
+ Retrieval of ${url} failed, with the following status: "${error}".
+ .
+ Ensure that the OpenFlow PKI server is correctly configured and
+ available at ${pki-uri}. If the system is configured to use an HTTP
+ proxy, also make sure that the HTTP proxy is available and that the
+ PKI server can be reached through it.
+
+Template: openvswitch-switch/verify-controller-ca
+Type: select
+_Choices: yes, no
+Default: yes
+_Description: Is ${fingerprint} the controller CA's fingerprint?
+ If a man-in-the-middle attack is possible in your network
+ environment, check that the controller CA's fingerprint is really
+ ${fingerprint}. Answer "yes" if it matches, "no" if
+ there is a discrepancy.
+ .
+ If a man-in-the-middle attack is not a concern, there is no need to
+ verify the fingerprint. Simply answer "yes".
+
+Template: openvswitch-switch/send-cert-req
+Type: select
+_Choices: yes, no
+Default: yes
+_Description: Send certificate request to switch CA?
+ Before it can connect to the controller over SSL, the OpenFlow
+ switch's key must be signed by the switch certificate authority (CA)
+ located on the OpenFlow PKI server, which is usually collocated with
+ the OpenFlow controller. A signing request can be sent to the PKI
+ server now.
+ .
+ Answer "yes" to send a signing request to the switch CA now. This is
+ ordinarily the correct choice. There is no harm in sending a given
+ signing request more than once.
+ .
+ Answer "no" to skip sending a signing request to the switch CA.
+ Unless the request has already been sent to the switch CA, manual
+ sending of the request and signing will be necessary.
+
+Template: openvswitch-switch/send-cert-req-failed
+Type: error
+_Description: The certificate request could not be sent.
+ Posting to ${url} failed, with the following status: "${error}".
+ .
+ Ensure that the OpenFlow PKI server is correctly configured and
+ available at ${pki-uri}.
+
+Template: openvswitch-switch/fetch-switch-cert
+Type: select
+_Choices: yes, no
+_Description: Fetch signed switch certificate from PKI server?
+ Before it can connect to the controller over SSL, the OpenFlow
+ switch's key must be signed by the switch certificate authority (CA)
+ located on the OpenFlow PKI server, which is usually collocated with
+ the OpenFlow controller.
+ .
+ At this point, a signing request has been sent to the switch CA (or
+ sending a request has been manually skipped), but the signed
+ certificate has not yet been retrieved. Manual action may need to be
+ taken at the PKI server to approve the signing request.
+ .
+ Answer "yes" to attempt to retrieve the signed switch certificate
+ from the switch CA. If the switch certificate request has been
+ signed at the PKI server, this is the correct choice.
+ .
+ Answer "no" to postpone switch configuration. The configuration
+ process must be restarted later, when the switch certificate request
+ has been signed.
+
+Template: openvswitch-switch/fetch-switch-cert-failed
+Type: error
+_Description: Signed switch certificate could not be retrieved.
+ The signed switch certificate could not be retrieved from the switch
+ CA: retrieval of ${url} failed, with the following status: "${error}".
+ .
+ This probably indicates that the switch's certificate request has not
+ yet been signed. If this is the problem, it may be fixed by signing
+ the certificate request at ${pki-uri}, then trying to fetch the
+ signed switch certificate again.
+
+Template: openvswitch-switch/complete
+Type: note
+_Description: OpenFlow Switch Setup Finished
+ Setup of this OpenFlow switch is finished. Complete the setup procedure
+ to enable the switch.
--- /dev/null
+README.Debian for openvswitch-switch
+---------------------------------
+
+* The switch must be configured before it can be used. To configure
+ it interactively, install the openvswitch-switch-config package and run
+ the ovs-switch-setup program. Alternatively, edit
+ /etc/default/openvswitch-switch by hand, then start the switch manually
+ with "/etc/init.d/openvswitch-switch start".
+
+* To use the Linux kernel-based switch implementation, you will need
+ to build and install the OpenVSwitch kernel module. To do so, install
+ the openvswitch-datapath-source package, then follow the instructions
+ given in /usr/share/doc/openvswitch-datapath-source/README.Debian
+
+* This package does not yet support the userspace datapath-based
+ switch implementation.
+
+ -- Ben Pfaff <blp@nicira.com>, Mon, 11 May 2009 13:29:43 -0700
--- /dev/null
+/etc/openvswitch-switch
+/usr/share/openvswitch/switch
--- /dev/null
+#! /bin/sh
+#
+# /etc/init.d/openvswitch-switch
+#
+# Written by Miquel van Smoorenburg <miquels@cistron.nl>.
+# Modified for Debian by Ian Murdock <imurdock@gnu.ai.mit.edu>.
+# Further changes by Javier Fernandez-Sanguino <jfs@debian.org>
+# Modified for openvswitch-switch.
+#
+# Version: @(#)skeleton 1.9 26-Feb-2001 miquels@cistron.nl
+#
+### BEGIN INIT INFO
+# Provides: openvswitch-switch
+# Required-Start: $network $named $remote_fs $syslog
+# Required-Stop:
+# Default-Start: 2 3 4 5
+# Default-Stop: 0 1 6
+# Short-Description: OpenVSwitch switch
+### END INIT INFO
+
+PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
+DAEMON=/usr/sbin/secchan
+NAME=secchan
+DESC=secchan
+
+test -x $DAEMON || exit 0
+
+NICIRA_OUI="002320"
+
+LOGDIR=/var/log/openvswitch
+PIDFILE=/var/run/$NAME.pid
+DHCLIENT_PIDFILE=/var/run/dhclient.of0.pid
+DODTIME=1 # Time to wait for the server to die, in seconds
+ # If this value is set too low you might not
+ # let some servers to die gracefully and
+ # 'restart' will not work
+
+# Include secchan defaults if available
+unset NETDEVS
+unset MODE
+unset SWITCH_IP
+unset CONTROLLER
+unset PRIVKEY
+unset CERT
+unset CACERT
+unset CACERT_MODE
+unset MGMT_VCONNS
+unset COMMANDS
+unset DAEMON_OPTS
+unset CORE_LIMIT
+unset DATAPATH_ID
+default=/etc/default/openvswitch-switch
+if [ -f $default ] ; then
+ . $default
+fi
+
+set -e
+
+running_pid()
+{
+ # Check if a given process pid's cmdline matches a given name
+ pid=$1
+ name=$2
+ [ -z "$pid" ] && return 1
+ [ ! -d /proc/$pid ] && return 1
+ cmd=`cat /proc/$pid/cmdline | tr "\000" "\n"|head -n 1 |cut -d : -f 1`
+ # Is this the expected child?
+ case $cmd in
+ $name|*/$name)
+ return 0
+ ;;
+ *)
+ return 1
+ ;;
+ esac
+}
+
+running()
+{
+# Check if the process is running looking at /proc
+# (works for all users)
+
+ # No pidfile, probably no daemon present
+ [ ! -f "$PIDFILE" ] && return 1
+ # Obtain the pid and check it against the binary name
+ pid=`cat $PIDFILE`
+ running_pid $pid $NAME || return 1
+ return 0
+}
+
+force_stop() {
+# Forcefully kill the process
+ [ ! -f "$PIDFILE" ] && return
+ if running ; then
+ kill -15 $pid
+ # Is it really dead?
+ [ -n "$DODTIME" ] && sleep "$DODTIME"s
+ if running ; then
+ kill -9 $pid
+ [ -n "$DODTIME" ] && sleep "$DODTIME"s
+ if running ; then
+ echo "Cannot kill $NAME (pid=$pid)!"
+ exit 1
+ fi
+ fi
+ fi
+ rm -f $PIDFILE
+ return 0
+}
+
+must_succeed() {
+ echo -n "$1: "
+ shift
+ if "$@"; then
+ echo "success."
+ else
+ echo " ERROR."
+ exit 1
+ fi
+}
+
+check_op() {
+ echo -n "$1: "
+ shift
+ if "$@"; then
+ echo "success."
+ else
+ echo " ERROR."
+ fi
+}
+
+configure_ssl() {
+ if (test "$CACERT_MODE" != secure && test "$CACERT_MODE" != bootstrap) \
+ || test ! -e "$PRIVKEY" || test ! -e "$CERT" \
+ || (test ! -e "$CACERT" && test "$CACERT_MODE" != bootstrap); then
+ if test "$CACERT_MODE" != secure && test "$CACERT_MODE" != bootstrap
+ then
+ echo "CACERT_MODE is not set to 'secure' or 'bootstrap'"
+ fi
+ if test ! -e "$PRIVKEY"; then
+ echo "$PRIVKEY: private key missing" >&2
+ fi
+ if test ! -e "$CERT"; then
+ echo "$CERT: certificate for private key missing" >&2
+ fi
+ if test ! -e "$CACERT" && test "$CACERT_MODE" != bootstrap; then
+ echo "$CACERT: CA certificate missing (and CA certificate bootstrapping not enabled)" >&2
+ fi
+ echo "Run ovs-switch-setup (in the openvswitch-switch-config package) or edit /etc/default/openvswitch-switch to configure" >&2
+ if test "$MODE" = discovery; then
+ echo "You may also delete or rename $PRIVKEY to disable SSL requirement" >&2
+ fi
+ exit 1
+ fi
+
+ SSL_OPTS="--private-key=$PRIVKEY --certificate=$CERT"
+ if test ! -e "$CACERT" && test "$CACERT_MODE" = bootstrap; then
+ SSL_OPTS="$SSL_OPTS --bootstrap-ca-cert=$CACERT"
+ else
+ SSL_OPTS="$SSL_OPTS --ca-cert=$CACERT"
+ fi
+}
+
+check_int_var() {
+ eval value=\$$1
+ if test -n "$value"; then
+ if expr "X$value" : 'X[0-9][0-9]*$' > /dev/null 2>&1; then
+ if test $value -lt $2; then
+ echo "warning: The $1 option may not be set to a value below $2, treating as $2" >&2
+ eval $1=$2
+ fi
+ else
+ echo "warning: The $1 option must be set to a number, ignoring" >&2
+ unset $1
+ fi
+ fi
+}
+
+check_new_option() {
+ case $DAEMON_OPTS in
+ *$1*)
+ echo "warning: The $1 option in DAEMON_OPTS may now be set with the $2 variable in $default. The setting in DAEMON_OPTS will override the $2 variable, which will prevent the switch UI from configuring $1." >&2
+ ;;
+ esac
+}
+
+case "$1" in
+ start)
+ if test -z "$NETDEVS"; then
+ echo "$default: No network devices configured, switch disabled" >&2
+ echo "Run ovs-switch-setup (in the openvswitch-switch-config package) or edit /etc/default/openvswitch-switch to configure" >&2
+ exit 0
+ fi
+ if test "$MODE" = discovery; then
+ unset CONTROLLER
+ elif test "$MODE" = in-band || test "$MODE" = out-of-band; then
+ if test -z "$CONTROLLER"; then
+ echo "$default: No controller configured and not configured for discovery, switch disabled" >&2
+ echo "Run ovs-switch-setup (in the openvswitch-switch-config package) or edit /etc/default/openvswitch-switch to configure" >&2
+ exit 0
+ fi
+ else
+ echo "$default: MODE must set to 'discovery', 'in-band', or 'out-of-band'" >&2
+ echo "Run ovs-switch-setup (in the openvswitch-switch-config package) or edit /etc/default/openvswitch-switch to configure" >&2
+ exit 1
+ fi
+ : ${PRIVKEY:=/etc/openvswitch-switch/of0-privkey.pem}
+ : ${CERT:=/etc/openvswitch-switch/of0-cert.pem}
+ : ${CACERT:=/etc/openvswitch-switch/cacert.pem}
+ case $CONTROLLER in
+ '')
+ # Discovery mode.
+ if test -e "$PRIVKEY"; then
+ configure_ssl
+ fi
+ ;;
+ tcp:*)
+ ;;
+ ssl:*)
+ configure_ssl
+ ;;
+ *)
+ echo "$default: CONTROLLER must be in the form 'ssl:HOST[:PORT]' or 'tcp:HOST[:PORT]' when not in discovery mode" >&2
+ echo "Run ovs-switch-setup (in the openvswitch-switch-config package) or edit /etc/default/openvswitch-switch to configure" >&2
+ exit 1
+ esac
+ case $DISCONNECTED_MODE in
+ ''|switch|drop) ;;
+ *) echo "$default: warning: DISCONNECTED_MODE is not 'switch' or 'drop'" >&2 ;;
+ esac
+
+ check_int_var RATE_LIMIT 100
+ check_int_var INACTIVITY_PROBE 5
+ check_int_var MAX_BACKOFF 1
+
+ check_new_option --fail DISCONNECTED_MODE
+ check_new_option --stp STP
+ check_new_option --rate-limit RATE_LIMIT
+ check_new_option --inactivity INACTIVITY_PROBE
+ check_new_option --max-backoff MAX_BACKOFF
+ case $DAEMON_OPTS in
+ *--rate-limit*)
+ echo "$default: --rate-limit may now be set with RATE_LIMIT" >&2
+ esac
+
+ echo -n "Loading openvswitch_mod: "
+ if grep -q '^openvswitch_mod$' /proc/modules; then
+ echo "already loaded, nothing to do."
+ elif modprobe openvswitch_mod; then
+ echo "success."
+ else
+ echo "ERROR."
+ echo "openvswitch_mod has probably not been built for this kernel."
+ if ! test -d /usr/share/doc/openvswitch-datapath-source; then
+ echo "Install the openvswitch-datapath-source package, then read"
+ echo "/usr/share/doc/openvswitch-datapath-source/README.Debian"
+ else
+ echo "For instructions, read"
+ echo "/usr/share/doc/openvswitch-datapath-source/README.Debian"
+ fi
+ exit 1
+ fi
+
+ for netdev in $NETDEVS; do
+ check_op "Removing IP address from $netdev" ifconfig $netdev 0.0.0.0
+ done
+
+ must_succeed "Creating datapath" dpctl adddp of0 $NETDEVS
+
+ xx='[0-9abcdefABCDEF][0-9abcdefABCDEF]'
+ case $DATAPATH_ID in
+ '')
+ # Check if the DMI System UUID contains a Nicira mac address
+ # that should be used for this datapath. The UUID is assumed
+ # to be RFC 4122 compliant.
+ DMIDECODE=`which dmidecode`
+ if [ -n $DMIDECODE ]; then
+ UUID_MAC=`$DMIDECODE -s system-uuid | cut -d'-' -f 5`
+ case $UUID_MAC in
+ $NICIRA_OUI*)
+ ifconfig of0 down
+ must_succeed "Setting of0 MAC address to $UUID_MAC" ifconfig of0 hw ether $UUID_MAC
+ ifconfig of0 up
+ ;;
+ esac
+ fi
+ ;;
+ $xx:$xx:$xx:$xx:$xx:$xx)
+ ifconfig of0 down
+ must_succeed "Setting of0 MAC address to $DATAPATH_ID" ifconfig of0 hw ether $DATAPATH_ID
+ ifconfig of0 up
+ ;;
+ *)
+ echo "DATAPATH_ID is not a valid MAC address in the form XX:XX:XX:XX:XX:XX, ignoring" >&2
+ ;;
+ esac
+
+ if test "$MODE" = in-band; then
+ if test "$SWITCH_IP" = dhcp; then
+ must_succeed "Temporarily disabling of0" ifconfig of0 down
+ else
+ COMMAND="ifconfig of0 $SWITCH_IP"
+ if test -n "$SWITCH_NETMASK"; then
+ COMMAND="$COMMAND netmask $SWITCH_NETMASK"
+ fi
+ must_succeed "Configuring of0: $COMMAND" $COMMAND
+ if test -n "$SWITCH_GATEWAY"; then
+ # This can fail because the route already exists,
+ # so we don't insist that it succeed.
+ COMMAND="route add default gw $SWITCH_GATEWAY"
+ check_op "Adding default route: $COMMAND" $COMMAND
+ fi
+ fi
+ else
+ must_succeed "Disabling of0" ifconfig of0 down
+ fi
+
+ if test -n "$CORE_LIMIT"; then
+ check_op "Setting core limit to $CORE_LIMIT" ulimit -c "$CORE_LIMIT"
+ fi
+
+ # Compose secchan options.
+ set --
+ set -- "$@" --verbose=ANY:console:emer --verbose=ANY:syslog:err
+ set -- "$@" --log-file
+ set -- "$@" --detach --pidfile=$PIDFILE
+ for vconn in $MGMT_VCONNS; do
+ set -- "$@" --listen="$vconn"
+ done
+ if test -n "$COMMANDS"; then
+ set -- "$@" --command-acl="$COMMANDS"
+ fi
+ case $STP in
+ yes) set -- "$@" --stp ;;
+ no) set -- "$@" --no-stp ;;
+ esac
+ case $DISCONNECTED_MODE in
+ switch) set -- "$@" --fail=open ;;
+ drop) set -- "$@" --fail=closed ;;
+ esac
+ if test -n "$RATE_LIMIT"; then
+ set -- "$@" --rate-limit=$RATE_LIMIT
+ fi
+ if test -n "$INACTIVITY_PROBE"; then
+ set -- "$@" --inactivity-probe=$INACTIVITY_PROBE
+ fi
+ if test -n "$MAX_BACKOFF"; then
+ set -- "$@" --max-backoff=$MAX_BACKOFF
+ fi
+ set -- "$@" $SSL_OPTS $DAEMON_OPTS
+ if test "$MODE" = out-of-band; then
+ set -- "$@" --out-of-band
+ fi
+ set -- "$@" of0 "$CONTROLLER"
+ echo -n "Starting $DESC: "
+ start-stop-daemon --start --quiet --pidfile $PIDFILE \
+ --exec $DAEMON -- "$@"
+ if running; then
+ echo "$NAME."
+ else
+ echo " ERROR."
+ fi
+
+ if test "$MODE" = in-band && test "$SWITCH_IP" = dhcp; then
+ echo -n "Starting dhclient on of0: "
+ start-stop-daemon --start --quiet --pidfile $DHCLIENT_PIDFILE \
+ --exec /sbin/dhclient -- -q -pf $DHCLIENT_PIDFILE of0
+ if running; then
+ echo "dhclient."
+ else
+ echo " ERROR."
+ fi
+ fi
+ ;;
+ stop)
+ if test -e /var/run/dhclient.of0.pid; then
+ echo -n "Stopping dhclient on of0: "
+ start-stop-daemon --stop --quiet --oknodo \
+ --pidfile $DHCLIENT_PIDFILE --exec /sbin/dhclient
+ echo "dhclient."
+ fi
+
+ echo -n "Stopping $DESC: "
+ start-stop-daemon --stop --quiet --oknodo --pidfile $PIDFILE \
+ --exec $DAEMON
+ echo "$NAME."
+
+ check_op "Deleting datapath" dpctl deldp of0
+ check_op "Unloading kernel module" modprobe -r openvswitch_mod
+ ;;
+ force-stop)
+ echo -n "Forcefully stopping $DESC: "
+ force_stop
+ if ! running; then
+ echo "$NAME."
+ else
+ echo " ERROR."
+ fi
+ ;;
+ reload)
+ ;;
+ force-reload)
+ start-stop-daemon --stop --test --quiet --pidfile \
+ $PIDFILE --exec $DAEMON \
+ && $0 restart \
+ || exit 0
+ ;;
+ restart)
+ $0 stop || true
+ $0 start
+ ;;
+ status)
+ echo -n "$NAME is "
+ if running ; then
+ echo "running"
+ else
+ echo " not running."
+ exit 1
+ fi
+ ;;
+ *)
+ N=/etc/init.d/$NAME
+ echo "Usage: $N {start|stop|restart|force-reload|status|force-stop}" >&2
+ exit 1
+ ;;
+esac
+
+exit 0
--- /dev/null
+_debian/secchan/secchan usr/sbin
+_debian/utilities/dpctl usr/sbin
+_debian/utilities/ovs-discover usr/sbin
+_debian/utilities/ovs-kill usr/sbin
+debian/openvswitch/usr/share/openvswitch/commands/* usr/share/openvswitch/commands
+debian/commands/* usr/share/openvswitch/commands
--- /dev/null
+/var/log/openvswitch/secchan.log {
+ daily
+ compress
+ create 640 root adm
+ delaycompress
+ missingok
+ rotate 30
+ postrotate
+ vlogconf --target /var/run/secchan.pid --reopen
+ endscript
+}
--- /dev/null
+_debian/secchan/secchan.8
+_debian/utilities/ovs-discover.8
+_debian/utilities/ovs-kill.8
+_debian/utilities/dpctl.8
--- /dev/null
+#!/bin/sh
+# postinst script for openvswitch-switch
+#
+# see: dh_installdeb(1)
+
+set -e
+
+# summary of how this script can be called:
+# * <postinst> `configure' <most-recently-configured-version>
+# * <old-postinst> `abort-upgrade' <new version>
+# * <conflictor's-postinst> `abort-remove' `in-favour' <package>
+# <new-version>
+# * <postinst> `abort-remove'
+# * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
+# <failed-install-package> <version> `removing'
+# <conflicting-package> <version>
+# for details, see http://www.debian.org/doc/debian-policy/ or
+# the debian-policy package
+
+
+case "$1" in
+ configure)
+ DEFAULT=/etc/default/openvswitch-switch
+ TEMPLATE=/usr/share/openvswitch/switch/default.template
+ if ! test -e $DEFAULT; then
+ cp $TEMPLATE $DEFAULT
+ else
+ for var in $(awk -F'[ :]' '/^# [_A-Z0-9]+:/{print $2}' $TEMPLATE)
+ do
+ if ! grep $var $DEFAULT >/dev/null 2>&1; then
+ echo >> $DEFAULT
+ sed -n "/$var:/,/$var=/p" $TEMPLATE >> $DEFAULT
+ fi
+ done
+ fi
+ ;;
+
+ abort-upgrade|abort-remove|abort-deconfigure)
+ ;;
+
+ *)
+ echo "postinst called with unknown argument \`$1'" >&2
+ exit 1
+ ;;
+esac
+
+#DEBHELPER#
+
+exit 0
+
+
--- /dev/null
+#!/bin/sh
+# postrm script for openvswitch-switch
+#
+# see: dh_installdeb(1)
+
+set -e
+
+# summary of how this script can be called:
+# * <postrm> `remove'
+# * <postrm> `purge'
+# * <old-postrm> `upgrade' <new-version>
+# * <new-postrm> `failed-upgrade' <old-version>
+# * <new-postrm> `abort-install'
+# * <new-postrm> `abort-install' <old-version>
+# * <new-postrm> `abort-upgrade' <old-version>
+# * <disappearer's-postrm> `disappear' <overwriter>
+# <overwriter-version>
+# for details, see http://www.debian.org/doc/debian-policy/ or
+# the debian-policy package
+
+
+case "$1" in
+ purge)
+ rm -f /etc/default/openvswitch-switch
+ ;;
+
+ remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
+ ;;
+
+ *)
+ echo "postrm called with unknown argument \`$1'" >&2
+ exit 1
+ ;;
+esac
+
+# dh_installdeb will replace this with shell code automatically
+# generated by other debhelper scripts.
+
+#DEBHELPER#
+
+exit 0
+
+
--- /dev/null
+# This is a POSIX shell fragment -*- sh -*-
+
+# To configure the secure channel, fill in the following properly and
+# uncomment them. Afterward, the secure channel will come up
+# automatically at boot time. It can be started immediately with
+# /etc/init.d/openvswitch-switch start
+# Alternatively, use the ovs-switch-setup program (from the
+# openvswitch-switch-config package) to do everything automatically.
+
+# NETDEVS: Which network devices should the OpenFlow switch include?
+#
+# List the network devices that should become part of the OpenFlow
+# switch, separated by spaces. At least two devices must be selected
+# for this machine to be a useful switch. Unselecting all network
+# devices will disable the OpenFlow switch entirely.
+#
+# The network devices that you select should not be configured with IP
+# or IPv6 addresses, even if the switch contacts the controller over
+# one of the selected network devices. This is because a running
+# OpenVSwitch switch takes over network devices at a low level: they
+# become part of the switch and cannot be used for other purposes.
+#NETDEVS=""
+
+# MODE: The OpenFlow switch has three modes that determine how it
+# reaches the controller:
+#
+# * in-band with discovery: A single network is used for OpenFlow
+# traffic and other data traffic; that is, the switch contacts the
+# controller over one of the network devices selected as OpenFlow
+# switch ports. The switch automatically determines the location of
+# the controller using a DHCP request with an OpenFlow-specific
+# vendor option. This is the most common case.
+#
+# * in-band: As above, but the location of the controller is manually
+# configured.
+#
+# * out-of-band: OpenFlow traffic uses a network separate from the
+# data traffic that it controls. If this is the case, the control
+# network must already be configured on a network device other than
+# one of those selected as an OpenVSwitch switch port in the previous
+# question.
+#
+# Set MODE to 'discovery', 'in-band', or 'out-of-band' for these
+# respective cases.
+MODE=discovery
+
+# SWITCH_IP: In 'in-band' mode, the switch's IP address may be
+# configured statically or dynamically:
+#
+# * For static configuration, specify the switch's IP address as a
+# string. In this case you may also set SWITCH_NETMASK and
+# SWITCH_GATEWAY appropriately (see below).
+#
+# * For dynamic configuration with DHCP (the most common case),
+# specify "dhcp". Configuration with DHCP will only work reliably
+# if the network topology allows the switch to contact the DHCP
+# server before it connects to the OpenFlow controller.
+#
+# This setting has no effect unless MODE is set to 'in-band'.
+SWITCH_IP=dhcp
+
+# SWITCH_NETMASK: IP netmask to use in 'in-band' mode when the switch
+# IP address is not 'dhcp'.
+#SWITCH_NETMASK=255.255.255.0
+
+# SWITCH_GATEWAY: IP gateway to use in 'in-band' mode when the switch
+# IP address is not 'dhcp'.
+#SWITCH_GATEWAY=192.168.1.1
+
+# CONTROLLER: Location of controller.
+# One of the following formats:
+# tcp:HOST[:PORT] via TCP to PORT (default: 6633) on HOST
+# ssl:HOST[:PORT] via SSL to PORT (default: 6633) on HOST
+# The default below assumes that the controller is running locally.
+# This setting has no effect when MODE is set to 'discovery'.
+#CONTROLLER="tcp:127.0.0.1"
+
+# PRIVKEY: Name of file containing switch's private key.
+# Required if SSL enabled.
+#PRIVKEY=/etc/openvswitch-switch/of0-privkey.pem
+
+# CERT: Name of file containing certificate for private key.
+# Required if SSL enabled.
+#CERT=/etc/openvswitch-switch/of0-cert.pem
+
+# CACERT: Name of file containing controller CA certificate.
+# Required if SSL enabled.
+#CACERT=/etc/openvswitch-switch/cacert.pem
+
+# CACERT_MODE: Two modes are available:
+#
+# * secure: The controller CA certificate named in CACERT above must exist.
+# (You must copy it manually from the PKI server or another trusted source.)
+#
+# * bootstrap: If the controller CA certificate named in CACERT above does
+# not exist, the switch will obtain it from the controller the first time
+# it connects and save a copy to the file named in CACERT. This is insecure,
+# in the same way that initial connections with ssh are insecure, but
+# it is convenient.
+#
+# Set CACERT_MODE to 'secure' or 'bootstrap' for these respective cases.
+#CACERT_MODE=secure
+
+# MGMT_VCONNS: List of vconns (space-separated) on which secchan
+# should listen for management connections from dpctl, etc.
+# openvswitch-switchui by default connects to
+# unix:/var/run/secchan.mgmt, so do not disable this if you want to
+# use openvswitch-switchui.
+MGMT_VCONNS="punix:/var/run/secchan.mgmt"
+
+# COMMANDS: Access control list for the commands that can be executed
+# remotely over the OpenFlow protocol, as a comma-separated list of
+# shell glob patterns. Negative patterns (beginning with !) act as a
+# blacklist. To be executable, a command name must match one positive
+# pattern and not match any negative patterns.
+#COMMANDS="reboot,update"
+
+# DISCONNECTED_MODE: Switch behavior when attempts to connect to the
+# controller repeatedly fail, either 'switch', to act as an L2 switch
+# in this case, or 'drop', to drop all packets (except those necessary
+# to connect to the controller). If unset, the default is 'drop'.
+#DISCONNECTED_MODE=switch
+
+# STP: Enable or disabled 802.1D-1998 Spanning Tree Protocol. Set to
+# 'yes' to enable STP, 'no' to disable it. If unset, secchan's
+# current default is 'no' (but this may change in the future).
+#STP=no
+
+# RATE_LIMIT: Maximum number of received frames, that do not match any
+# existing switch flow, to forward up to the controller per second.
+# The valid range is 100 and up. If unset, this rate will not be
+# limited.
+#RATE_LIMIT=1000
+
+# INACTIVITY_PROBE: The maximum number of seconds of inactivity on the
+# controller connection before secchan sends an inactivity probe
+# message to the controller. The valid range is 5 and up. If unset,
+# secchan defaults to 15 seconds.
+#INACTIVITY_PROBE=5
+
+# MAX_BACKOFF: The maximum time that secchan will wait between
+# attempts to connect to the controller. The valid range is 1 and up.
+# If unset, secchan defaults to 15 seconds.
+#MAX_BACKOFF=15
+
+# DAEMON_OPTS: Additional options to pass to secchan, e.g. "--fail=open"
+DAEMON_OPTS=""
+
+# CORE_LIMIT: Maximum size for core dumps.
+#
+# Leaving this unset will use the system default. Setting it to 0
+# will disable core dumps. Setting it to "unlimited" will dump all
+# core files regardless of size.
+#CORE_LIMIT=unlimited
+
+# DATAPATH_ID: Identifier for this switch.
+#
+# By default, the switch checks if the DMI System UUID contains a Nicira
+# mac address to use as a datapath ID. If not, then the switch generates
+# a new, random datapath ID every time it starts up. By setting this
+# value, the supplied datapath ID will always be used.
+#
+# Set DATAPATH_ID to a MAC address in the form XX:XX:XX:XX:XX:XX where each
+# X is a hexadecimal digit (0-9 or a-f).
+#DATAPATH_ID=XX:XX:XX:XX:XX:XX
--- /dev/null
+#! /usr/bin/perl
+
+use POSIX;
+use Debconf::Client::ConfModule ':all';
+use HTTP::Request;
+use LWP::UserAgent;
+use Digest::SHA1 'sha1_hex';
+use strict;
+use warnings;
+
+# XXX should support configuring SWITCH_NETMASK and SWITCH_GATEWAY
+# when the mode is in-band.
+
+my $debconf_owner = 'openvswitch-switch';
+
+my $default = '/etc/default/openvswitch-switch';
+my $template = '/usr/share/openvswitch/switch/default.template';
+my $etc = '/etc/openvswitch-switch';
+my $rundir = '/var/run';
+my $privkey_file = "$etc/of0-privkey.pem";
+my $req_file = "$etc/of0-req.pem";
+my $cert_file = "$etc/of0-cert.pem";
+my $cacert_file = "$etc/cacert.pem";
+my $ovs_discover_pidfile = "$rundir/ovs-discover.pid";
+
+my $ua = LWP::UserAgent->new;
+$ua->timeout(10);
+$ua->env_proxy;
+
+system("/etc/init.d/openvswitch-switch stop 1>&2");
+kill_ovs_discover();
+
+version('2.0');
+capb('backup');
+title('OpenVSwitch Switch Setup');
+
+my (%netdevs) = find_netdevs();
+db_subst('netdevs', 'choices',
+ join(', ', map($netdevs{$_}, sort(keys(%netdevs)))));
+db_set('netdevs', join(', ', grep(!/IP/, values(%netdevs))));
+
+my %oldconfig;
+if (-e $default) {
+ %oldconfig = load_config($default);
+
+ my (%map) =
+ (NETDEVS => sub {
+ db_set('netdevs', join(', ', map($netdevs{$_},
+ grep(exists $netdevs{$_}, split))))
+ },
+ MODE => sub {
+ db_set('mode',
+ $_ eq 'in-band' || $_ eq 'out-of-band' ? $_ : 'discovery')
+ },
+ SWITCH_IP => sub { db_set('switch-ip', $_) },
+ CONTROLLER => sub { db_set('controller-vconn', $_) },
+ PRIVKEY => sub { $privkey_file = $_ },
+ CERT => sub { $cert_file = $_ },
+ CACERT => sub { $cacert_file = $_ },
+ );
+
+ for my $key (keys(%map)) {
+ local $_ = $oldconfig{$key};
+ &{$map{$key}}() if defined && !/^\s*$/;
+ }
+} elsif (-e $template) {
+ %oldconfig = load_config($template);
+}
+
+my $cacert_preverified = -e $cacert_file;
+my ($req, $req_fingerprint);
+
+my %options;
+
+my (@states) =
+ (sub {
+ # User backed up from first dialog box.
+ exit(10);
+ },
+ sub {
+ # Prompt for ports to include in switch.
+ db_input('netdevs');
+ return;
+ },
+ sub {
+ # Validate the chosen ports.
+ my (@netdevs) = split(', ', db_get('netdevs'));
+ if (!@netdevs) {
+ # No ports chosen. Disable switch.
+ db_input('no-netdevs');
+ return 'prev' if db_go();
+ return 'done';
+ } elsif (my (@conf_netdevs) = grep(/IP/, @netdevs)) {
+ # Point out that some ports have configured IP addresses.
+ db_subst('configured-netdevs', 'configured-netdevs',
+ join(', ', @conf_netdevs));
+ db_input('configured-netdevs');
+ return;
+ } else {
+ # Otherwise proceed.
+ return 'skip';
+ }
+ },
+ sub {
+ # Discovery or in-band or out-of-band controller?
+ db_input('mode');
+ return;
+ },
+ sub {
+ return 'skip' if db_get('mode') ne 'discovery';
+ for (;;) {
+ # Notify user that we are going to do discovery.
+ db_input('discover');
+ return 'prev' if db_go();
+ print STDERR "Please wait up to 30 seconds for discovery...\n";
+
+ # Make sure that there's no running discovery process.
+ kill_ovs_discover();
+
+ # Do discovery.
+ %options = ();
+ open(DISCOVER, '-|', 'ovs-discover --timeout=30 --pidfile '
+ . join(' ', netdev_names()));
+ while (<DISCOVER>) {
+ chomp;
+ if (my ($name, $value) = /^([^=]+)=(.*)$/) {
+ if ($value =~ /^"(.*)"$/) {
+ $value = $1;
+ $value =~ s/\\([0-7][0-7][0-7])/chr($1)/ge;
+ } else {
+ $value =~ s/^(0x[[:xdigit:]]+)$/hex($1)/e;
+ $value = '' if $value eq 'empty';
+ next if $value eq 'null'; # Shouldn't happen.
+ }
+ $options{$name} = $value;
+ }
+ last if /^$/;
+ }
+
+ # Check results.
+ my $vconn = $options{'ovs-controller-vconn'};
+ my $pki_uri = $options{'ovs-pki-uri'};
+ return 'next'
+ if (defined($vconn)
+ && is_valid_vconn($vconn)
+ && (!is_ssl_vconn($vconn) || defined($pki_uri)));
+
+ # Try again?
+ kill_ovs_discover();
+ db_input('discovery-failure');
+ db_go();
+ }
+ },
+ sub {
+ return 'skip' if db_get('mode') ne 'discovery';
+
+ my $vconn = $options{'ovs-controller-vconn'};
+ my $pki_uri = $options{'ovs-pki-uri'};
+ db_subst('discovery-success', 'controller-vconn', $vconn);
+ db_subst('discovery-success',
+ 'pki-uri', is_ssl_vconn($vconn) ? $pki_uri : "no PKI in use");
+ db_input('discovery-success');
+ return 'prev' if db_go();
+ db_set('controller-vconn', $vconn);
+ db_set('pki-uri', $pki_uri);
+ return 'next';
+ },
+ sub {
+ return 'skip' if db_get('mode') ne 'in-band';
+ for (;;) {
+ db_input('switch-ip');
+ return 'prev' if db_go();
+
+ my $ip = db_get('switch-ip');
+ return 'next' if $ip =~ /^dhcp|\d+\.\d+.\d+.\d+$/i;
+
+ db_input('switch-ip-error');
+ db_go();
+ }
+ },
+ sub {
+ return 'skip' if db_get('mode') eq 'discovery';
+ for (;;) {
+ my $old_vconn = db_get('controller-vconn');
+ db_input('controller-vconn');
+ return 'prev' if db_go();
+
+ my $vconn = db_get('controller-vconn');
+ if (is_valid_vconn($vconn)) {
+ if ($old_vconn ne $vconn || db_get('pki-uri') eq '') {
+ db_set('pki-uri', pki_host_to_uri($2));
+ }
+ return 'next';
+ }
+
+ db_input('controller-vconn-error');
+ db_go();
+ }
+ },
+ sub {
+ return 'skip' if !ssl_enabled();
+
+ if (! -e $privkey_file) {
+ my $old_umask = umask(077);
+ run_cmd("ovs-pki req $etc/of0 >&2 2>/dev/null");
+ chmod(0644, $req_file) or die "$req_file: chmod: $!\n";
+ umask($old_umask);
+ }
+
+ if (! -e $cert_file) {
+ open(REQ, '<', $req_file) or die "$req_file: open: $!\n";
+ $req = join('', <REQ>);
+ close(REQ);
+ $req_fingerprint = sha1_hex($req);
+ }
+ return 'skip';
+ },
+ sub {
+ return 'skip' if !ssl_enabled();
+ return 'skip' if -e $cacert_file && -e $cert_file;
+
+ db_input('pki-uri');
+ return 'prev' if db_go();
+ return;
+ },
+ sub {
+ return 'skip' if !ssl_enabled();
+ return 'skip' if -e $cacert_file;
+
+ my $pki_uri = db_get('pki-uri');
+ if ($pki_uri !~ /:/) {
+ $pki_uri = pki_host_to_uri($pki_uri);
+ } else {
+ # Trim trailing slashes.
+ $pki_uri =~ s%/+$%%;
+ }
+ db_set('pki-uri', $pki_uri);
+
+ my $url = "$pki_uri/controllerca/cacert.pem";
+ my $response = $ua->get($url, ':content_file' => $cacert_file);
+ if ($response->is_success) {
+ return 'next';
+ }
+
+ db_subst('fetch-cacert-failed', 'url', $url);
+ db_subst('fetch-cacert-failed', 'error', $response->status_line);
+ db_subst('fetch-cacert-failed', 'pki-uri', $pki_uri);
+ db_input('fetch-cacert-failed');
+ db_go();
+ return 'prev';
+ },
+ sub {
+ return 'skip' if !ssl_enabled();
+ return 'skip' if -e $cert_file;
+
+ for (;;) {
+ db_set('send-cert-req', 'yes');
+ db_input('send-cert-req');
+ return 'prev' if db_go();
+ return 'next' if db_get('send-cert-req') eq 'no';
+
+ my $pki_uri = db_get('pki-uri');
+ my ($pki_base_uri) = $pki_uri =~ m%^([^/]+://[^/]+)/%;
+ my $url = "$pki_base_uri/cgi-bin/ovs-pki-cgi";
+ my $response = $ua->post($url, {'type' => 'switch',
+ 'req' => $req});
+ return 'next' if $response->is_success;
+
+ db_subst('send-cert-req-failed', 'url', $url);
+ db_subst('send-cert-req-failed', 'error',
+ $response->status_line);
+ db_subst('send-cert-req-failed', 'pki-uri', $pki_uri);
+ db_input('send-cert-req-failed');
+ db_go();
+ }
+ },
+ sub {
+ return 'skip' if !ssl_enabled();
+ return 'skip' if $cacert_preverified;
+
+ my ($cacert_fingerprint) = x509_fingerprint($cacert_file);
+ db_subst('verify-controller-ca', 'fingerprint', $cacert_fingerprint);
+ db_input('verify-controller-ca');
+ return 'prev' if db_go();
+ return 'next' if db_get('verify-controller-ca') eq 'yes';
+ unlink($cacert_file);
+ return 'prev';
+ },
+ sub {
+ return 'skip' if !ssl_enabled();
+ return 'skip' if -e $cert_file;
+
+ for (;;) {
+ db_set('fetch-switch-cert', 'yes');
+ db_input('fetch-switch-cert');
+ return 'prev' if db_go();
+ exit(1) if db_get('fetch-switch-cert') eq 'no';
+
+ my $pki_uri = db_get('pki-uri');
+ my $url = "$pki_uri/switchca/certs/$req_fingerprint-cert.pem";
+ my $response = $ua->get($url, ':content_file' => $cert_file);
+ if ($response->is_success) {
+ return 'next';
+ }
+
+ db_subst('fetch-switch-cert-failed', 'url', $url);
+ db_subst('fetch-switch-cert-failed', 'error',
+ $response->status_line);
+ db_subst('fetch-switch-cert-failed', 'pki-uri', $pki_uri);
+ db_input('fetch-switch-cert-failed');
+ db_go();
+ }
+ },
+ sub {
+ db_input('complete');
+ db_go();
+ return;
+ },
+ sub {
+ return 'done';
+ },
+);
+
+my $state = 1;
+my $direction = 1;
+for (;;) {
+ my $ret = &{$states[$state]}();
+ $ret = db_go() ? 'prev' : 'next' if !defined $ret;
+ if ($ret eq 'next') {
+ $direction = 1;
+ } elsif ($ret eq 'prev') {
+ $direction = -1;
+ } elsif ($ret eq 'skip') {
+ # Nothing to do.
+ } elsif ($ret eq 'done') {
+ last;
+ } else {
+ die "unknown ret $ret";
+ }
+ $state += $direction;
+}
+
+my %config = %oldconfig;
+$config{NETDEVS} = join(' ', netdev_names());
+$config{MODE} = db_get('mode');
+if (db_get('mode') eq 'in-band') {
+ $config{SWITCH_IP} = db_get('switch-ip');
+}
+if (db_get('mode') ne 'discovery') {
+ $config{CONTROLLER} = db_get('controller-vconn');
+}
+$config{PRIVKEY} = $privkey_file;
+$config{CERT} = $cert_file;
+$config{CACERT} = $cacert_file;
+save_config($default, %config);
+
+dup2(2, 1); # Get stdout back.
+kill_ovs_discover();
+system("/etc/init.d/openvswitch-switch start");
+
+sub ssl_enabled {
+ return is_ssl_vconn(db_get('controller-vconn'));
+}
+
+sub db_subst {
+ my ($question, $key, $value) = @_;
+ $question = "$debconf_owner/$question";
+ my ($ret, $seen) = subst($question, $key, $value);
+ if ($ret && $ret != 30) {
+ die "Error substituting $value for $key in debconf question "
+ . "$question: $seen";
+ }
+}
+
+sub db_set {
+ my ($question, $value) = @_;
+ $question = "$debconf_owner/$question";
+ my ($ret, $seen) = set($question, $value);
+ if ($ret && $ret != 30) {
+ die "Error setting debconf question $question to $value: $seen";
+ }
+}
+
+sub db_get {
+ my ($question) = @_;
+ $question = "$debconf_owner/$question";
+ my ($ret, $seen) = get($question);
+ if ($ret) {
+ die "Error getting debconf question $question answer: $seen";
+ }
+ return $seen;
+}
+
+sub db_fset {
+ my ($question, $flag, $value) = @_;
+ $question = "$debconf_owner/$question";
+ my ($ret, $seen) = fset($question, $flag, $value);
+ if ($ret && $ret != 30) {
+ die "Error setting debconf question $question flag $flag to $value: "
+ . "$seen";
+ }
+}
+
+sub db_fget {
+ my ($question, $flag) = @_;
+ $question = "$debconf_owner/$question";
+ my ($ret, $seen) = fget($question, $flag);
+ if ($ret) {
+ die "Error getting debconf question $question flag $flag: $seen";
+ }
+ return $seen;
+}
+
+sub db_input {
+ my ($question) = @_;
+ db_fset($question, "seen", "false");
+
+ $question = "$debconf_owner/$question";
+ my ($ret, $seen) = input('high', $question);
+ if ($ret && $ret != 30) {
+ die "Error requesting debconf question $question: $seen";
+ }
+ return $ret;
+}
+
+sub db_go {
+ my ($ret, $seen) = go();
+ if (!defined($ret)) {
+ exit(1); # Cancel button was pushed.
+ }
+ if ($ret && $ret != 30) {
+ die "Error asking debconf questions: $seen";
+ }
+ return $ret;
+}
+
+sub run_cmd {
+ my ($cmd) = @_;
+ return if system($cmd) == 0;
+
+ if ($? == -1) {
+ die "$cmd: failed to execute: $!\n";
+ } elsif ($? & 127) {
+ die sprintf("$cmd: child died with signal %d, %s coredump\n",
+ ($? & 127), ($? & 128) ? 'with' : 'without');
+ } else {
+ die sprintf("$cmd: child exited with value %d\n", $? >> 8);
+ }
+}
+
+sub x509_fingerprint {
+ my ($file) = @_;
+ my $cmd = "openssl x509 -noout -in $file -fingerprint";
+ open(OPENSSL, '-|', $cmd) or die "$cmd: failed to execute: $!\n";
+ my $line = <OPENSSL>;
+ close(OPENSSL);
+ my ($fingerprint) = $line =~ /SHA1 Fingerprint=(.*)/;
+ return $line if !defined $fingerprint;
+ $fingerprint =~ s/://g;
+ return $fingerprint;
+}
+
+sub find_netdevs {
+ my ($netdev, %netdevs);
+ open(IFCONFIG, "/sbin/ifconfig -a|") or die "ifconfig failed: $!";
+ while (<IFCONFIG>) {
+ if (my ($nd) = /^([^\s]+)/) {
+ $netdev = $nd;
+ $netdevs{$netdev} = "$netdev";
+ if (my ($hwaddr) = /HWaddr (\S+)/) {
+ $netdevs{$netdev} .= " (MAC: $hwaddr)";
+ }
+ } elsif (my ($ip4) = /^\s*inet addr:(\S+)/) {
+ $netdevs{$netdev} .= " (IP: $ip4)";
+ } elsif (my ($ip6) = /^\s*inet6 addr:(\S+)/) {
+ $netdevs{$netdev} .= " (IPv6: $ip6)";
+ }
+ }
+ foreach my $nd (keys(%netdevs)) {
+ delete $netdevs{$nd} if $nd eq 'lo' || $nd =~ /^wmaster/;
+ }
+ close(IFCONFIG);
+ return %netdevs;
+}
+
+sub load_config {
+ my ($file) = @_;
+
+ # Get the list of the variables that the shell sets automatically.
+ my (%auto_vars) = read_vars("set -a && env");
+
+ # Get the variables from $default.
+ my (%config) = read_vars("set -a && . '$default' && env");
+
+ # Subtract.
+ delete @config{keys %auto_vars};
+
+ return %config;
+}
+
+sub read_vars {
+ my ($cmd) = @_;
+ local @ENV;
+ if (!open(VARS, '-|', $cmd)) {
+ print STDERR "$cmd: failed to execute: $!\n";
+ return ();
+ }
+ my (%config);
+ while (<VARS>) {
+ my ($var, $value) = /^([^=]+)=(.*)$/ or next;
+ $config{$var} = $value;
+ }
+ close(VARS);
+ return %config;
+}
+
+sub shell_escape {
+ local $_ = $_[0];
+ if ($_ eq '') {
+ return '""';
+ } elsif (m&^[-a-zA-Z0-9:./%^_+,]*$&) {
+ return $_;
+ } else {
+ s/'/'\\''/;
+ return "'$_'";
+ }
+}
+
+sub shell_assign {
+ my ($var, $value) = @_;
+ return $var . '=' . shell_escape($value);
+}
+
+sub save_config {
+ my ($file, %config) = @_;
+ my (@lines);
+ if (open(FILE, '<', $file)) {
+ @lines = <FILE>;
+ chomp @lines;
+ close(FILE);
+ }
+
+ # Replace all existing variable assignments.
+ for (my ($i) = 0; $i <= $#lines; $i++) {
+ local $_ = $lines[$i];
+ my ($var, $value) = /^\s*([^=#]+)=(.*)$/ or next;
+ if (exists($config{$var})) {
+ $lines[$i] = shell_assign($var, $config{$var});
+ delete $config{$var};
+ } else {
+ $lines[$i] = "#$lines[$i]";
+ }
+ }
+
+ # Find a place to put any remaining variable assignments.
+ VAR:
+ for my $var (keys(%config)) {
+ my $assign = shell_assign($var, $config{$var});
+
+ # Replace the last commented-out variable assignment to $var, if any.
+ for (my ($i) = $#lines; $i >= 0; $i--) {
+ local $_ = $lines[$i];
+ if (/^\s*#\s*$var=/) {
+ $lines[$i] = $assign;
+ next VAR;
+ }
+ }
+
+ # Find a place to add the var: after the final commented line
+ # just after a line that contains "$var:".
+ for (my ($i) = 0; $i <= $#lines; $i++) {
+ if ($lines[$i] =~ /^\s*#\s*$var:/) {
+ for (my ($j) = $i + 1; $j <= $#lines; $j++) {
+ if ($lines[$j] !~ /^\s*#/) {
+ splice(@lines, $j, 0, $assign);
+ next VAR;
+ }
+ }
+ }
+ }
+
+ # Just append it.
+ push(@lines, $assign);
+ }
+
+ open(NEWFILE, '>', "$file.tmp") or die "$file.tmp: create: $!\n";
+ print NEWFILE join('', map("$_\n", @lines));
+ close(NEWFILE);
+ rename("$file.tmp", $file) or die "$file.tmp: rename to $file: $!\n";
+}
+
+sub pki_host_to_uri {
+ my ($pki_host) = @_;
+ return "http://$pki_host/openvswitch/pki";
+}
+
+sub kill_ovs_discover {
+ # Delegate this to a subprocess because there is no portable way
+ # to invoke fcntl(F_GETLK) from Perl.
+ system("ovs-kill --force $ovs_discover_pidfile");
+}
+
+sub netdev_names {
+ return map(/^(\S+)/, split(', ', db_get('netdevs')));
+}
+
+sub is_valid_vconn {
+ my ($vconn) = @_;
+ return scalar($vconn =~ /^(tcp|ssl):([^:]+)(:.*)?/);
+}
+
+sub is_ssl_vconn {
+ my ($vconn) = @_;
+ return scalar($vconn =~ /^ssl:/);
+}
--- /dev/null
+.TH ovs-switch-setup 8 "June 2008" "OpenVSwitch" "OpenVSwitch Manual"
+
+.SH NAME
+ovs\-switch\-setup \- interactive setup for OpenVSwitch switch
+
+.SH SYNOPSIS
+.B ovs\-switch\-setup
+
+.SH DESCRIPTION
+The \fBovs\-switch\-setup\fR program is an interactive program that
+assists the system administrator in configuring an OpenVSwitch switch,
+including the underlying public key infrastructure (PKI).
+
+.SH OPTIONS
+ovs\-switch\-setup does not accept any command-line options.
+
+.SH FILES
+.IP /etc/default/openvswitch-switch
+Main configuration file for OpenVSwitch switch.
+
+.IP /etc/openvswitch-switch/cacert.pem
+Default location of CA certificate for OpenFlow controllers.
+
+.IP /etc/openvswitch-switch/of0-cert.pem
+Default location of certificate for the OpenVSwitch switch's private key.
+
+.IP /etc/openvswitch-switch/of0-privkey.pem
+Default location of the OpenVSwitch switch's private key. This file
+should be readable only by \fBroot\fR.
+
+.IP /etc/openvswitch-switch/of0-req.pem
+Default location of certificate request for the OpenVSwitch switch's
+certificate. This file is not used after the signed certificate
+(typically \fB/etc/openvswitch-switch/of0-cert.pem\fR, above) has been
+obtained from the OpenFlow PKI server.
+
+.SH "SEE ALSO"
+
+.BR ovs-pki (8),
+.BR dpctl (8),
+.BR secchan (8)
-[type: gettext/rfc822deb] openflow-switch-config.templates
+[type: gettext/rfc822deb] openvswitch-switch-config.templates
msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
-"Report-Msgid-Bugs-To: openflow-dev@lists.stanford.edu\n"
-"POT-Creation-Date: 2008-10-31 10:13-0700\n"
+"Report-Msgid-Bugs-To: ovs-dev@openvswitch.org\n"
+"POT-Creation-Date: 2009-05-11 13:38-0700\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
#. Type: multiselect
#. Choices
-#: ../openflow-switch-config.templates:1001
+#: ../openvswitch-switch-config.templates:1001
msgid "${choices}"
msgstr ""
#. Type: multiselect
#. Description
-#: ../openflow-switch-config.templates:1002
+#: ../openvswitch-switch-config.templates:1002
msgid "OpenFlow switch network devices:"
msgstr ""
#. Type: multiselect
#. Description
-#: ../openflow-switch-config.templates:1002
+#: ../openvswitch-switch-config.templates:1002
msgid ""
"Choose the network devices that should become part of the OpenFlow switch. "
"At least two devices must be selected for this machine to be a useful "
#. Type: multiselect
#. Description
-#: ../openflow-switch-config.templates:1002
+#: ../openvswitch-switch-config.templates:1002
msgid ""
"The network devices that you select should not be configured with IP or IPv6 "
"addresses, even if the switch contacts the controller over one of the "
#. Type: error
#. Description
-#: ../openflow-switch-config.templates:2001
+#: ../openvswitch-switch-config.templates:2001
msgid "No network devices were selected."
msgstr ""
#. Type: error
#. Description
-#: ../openflow-switch-config.templates:2001
+#: ../openvswitch-switch-config.templates:2001
msgid ""
"No network devices were selected for inclusion in the OpenFlow switch. The "
"switch will be disabled."
#. Type: note
#. Description
-#: ../openflow-switch-config.templates:3001
+#: ../openvswitch-switch-config.templates:3001
msgid "Some Network Devices Have IP or IPv6 Addresses"
msgstr ""
#. Type: note
#. Description
-#: ../openflow-switch-config.templates:3001
+#: ../openvswitch-switch-config.templates:3001
msgid ""
"The following network devices selected to be part of the OpenFlow switch "
"have IP or IPv6 addresses configured:"
#. Type: note
#. Description
-#: ../openflow-switch-config.templates:3001
+#: ../openvswitch-switch-config.templates:3001
msgid "${configured-netdevs}"
msgstr ""
#. Type: note
#. Description
-#: ../openflow-switch-config.templates:3001
+#: ../openvswitch-switch-config.templates:3001
msgid ""
"This is usually a mistake, even if the switch contacts the controller over "
"one of the selected network devices. This is because a running OpenFlow "
#. Type: note
#. Description
-#: ../openflow-switch-config.templates:3001
+#: ../openvswitch-switch-config.templates:3001
msgid ""
"If this is an unintentional mistake, move back and fix the selection, or de-"
"configure the IP or IPv6 from these network devices."
#. Type: select
#. Choices
-#: ../openflow-switch-config.templates:4001
+#: ../openvswitch-switch-config.templates:4001
msgid "discovery, in-band, out-of-band"
msgstr ""
#. Type: select
#. Description
-#: ../openflow-switch-config.templates:4002
+#: ../openvswitch-switch-config.templates:4002
msgid "Switch-to-controller access method:"
msgstr ""
#. Type: select
#. Description
-#: ../openflow-switch-config.templates:4002
+#: ../openvswitch-switch-config.templates:4002
msgid ""
"The OpenFlow switch must be able to contact the OpenFlow controller over the "
"network. It can do so in one of three ways:"
#. Type: select
#. Description
-#: ../openflow-switch-config.templates:4002
+#: ../openvswitch-switch-config.templates:4002
msgid ""
"discovery: A single network is used for OpenFlow traffic and other data "
"traffic; that is, the switch contacts the controller over one of the network "
#. Type: select
#. Description
-#: ../openflow-switch-config.templates:4002
+#: ../openvswitch-switch-config.templates:4002
msgid ""
"in-band: As above, but the location of the controller is manually configured."
msgstr ""
#. Type: select
#. Description
-#: ../openflow-switch-config.templates:4002
+#: ../openvswitch-switch-config.templates:4002
msgid ""
"out-of-band: OpenFlow traffic uses a network separate from the data traffic "
"that it controls. If this is the case, the control network must already be "
#. Type: note
#. Description
-#: ../openflow-switch-config.templates:5001
+#: ../openvswitch-switch-config.templates:5001
msgid "Preparing to discover controller."
msgstr ""
#. Type: note
#. Description
-#: ../openflow-switch-config.templates:5001
+#: ../openvswitch-switch-config.templates:5001
msgid ""
"The setup program will now attempt to discover the OpenFlow controller. "
"Controller discovery may take up to 30 seconds. Please be patient."
#. Type: note
#. Description
-#: ../openflow-switch-config.templates:5001
+#: ../openvswitch-switch-config.templates:5001
msgid ""
"See secchan(8) for instructions on how to configure a DHCP server for "
"controller discovery."
#. Type: error
#. Description
-#: ../openflow-switch-config.templates:6001
+#: ../openvswitch-switch-config.templates:6001
msgid "Controller discovery failed."
msgstr ""
#. Type: error
#. Description
-#: ../openflow-switch-config.templates:6001
+#: ../openvswitch-switch-config.templates:6001
msgid "The controller's location could not be determined automatically."
msgstr ""
#. Type: error
#. Description
-#: ../openflow-switch-config.templates:6001
+#: ../openvswitch-switch-config.templates:6001
msgid ""
"Ensure that the OpenFlow DHCP server is properly configured. See secchan(8) "
"for instructions on how to configure a DHCP server for controller discovery."
#. Type: boolean
#. Description
-#: ../openflow-switch-config.templates:7001
+#: ../openvswitch-switch-config.templates:7001
msgid "Use discovered settings?"
msgstr ""
#. Type: boolean
#. Description
-#: ../openflow-switch-config.templates:7001
+#: ../openvswitch-switch-config.templates:7001
msgid "Controller discovery obtained the following settings:"
msgstr ""
#. Type: boolean
#. Description
-#: ../openflow-switch-config.templates:7001
+#: ../openvswitch-switch-config.templates:7001
msgid "Controller location: ${controller-vconn}"
msgstr ""
#. Type: boolean
#. Description
-#: ../openflow-switch-config.templates:7001
+#: ../openvswitch-switch-config.templates:7001
msgid "PKI URL: ${pki-uri}"
msgstr ""
#. Type: boolean
#. Description
-#: ../openflow-switch-config.templates:7001
+#: ../openvswitch-switch-config.templates:7001
msgid "Please verify that these settings are correct."
msgstr ""
#. Type: string
#. Description
-#: ../openflow-switch-config.templates:8001
+#: ../openvswitch-switch-config.templates:8001
msgid "Switch IP address:"
msgstr ""
#. Type: string
#. Description
-#: ../openflow-switch-config.templates:8001
+#: ../openvswitch-switch-config.templates:8001
msgid ""
"For in-band communication with the controller, the OpenFlow switch must be "
"able to determine its own IP address. Its IP address may be configured "
#. Type: string
#. Description
-#: ../openflow-switch-config.templates:8001
+#: ../openvswitch-switch-config.templates:8001
msgid "For static configuration, specify the switch's IP address as a string."
msgstr ""
#. Type: string
#. Description
-#: ../openflow-switch-config.templates:8001
+#: ../openvswitch-switch-config.templates:8001
msgid ""
"For dynamic configuration with DHCP (the most common case), specify \"dhcp"
"\". Configuration with DHCP will only work reliably if the network topology "
#. Type: error
#. Description
-#: ../openflow-switch-config.templates:9001
+#: ../openvswitch-switch-config.templates:9001
msgid "The switch IP address is invalid."
msgstr ""
#. Type: error
#. Description
-#: ../openflow-switch-config.templates:9001
+#: ../openvswitch-switch-config.templates:9001
msgid ""
"The switch IP address must specified as \"dhcp\" or a valid IP address in "
"dotted-octet form (e.g. \"1.2.3.4\")."
#. Type: string
#. Description
-#: ../openflow-switch-config.templates:10001
+#: ../openvswitch-switch-config.templates:10001
msgid "Controller location:"
msgstr ""
#. Type: string
#. Description
-#: ../openflow-switch-config.templates:10001
+#: ../openvswitch-switch-config.templates:10001
msgid ""
"Specify how the OpenFlow switch should connect to the OpenFlow controller. "
"The value should be in form \"ssl:HOST[:PORT]\" to connect to the controller "
#. Type: error
#. Description
-#: ../openflow-switch-config.templates:11001
+#: ../openvswitch-switch-config.templates:11001
msgid "The controller location is invalid."
msgstr ""
#. Type: error
#. Description
-#: ../openflow-switch-config.templates:11001
+#: ../openvswitch-switch-config.templates:11001
msgid ""
"The controller location must be specifed as \"ssl:HOST[:PORT]\" to connect "
"to the controller over SSL (recommended for security) or \"tcp:HOST[:PORT]\" "
#. Type: string
#. Description
-#: ../openflow-switch-config.templates:12001
+#: ../openvswitch-switch-config.templates:12001
msgid "OpenFlow PKI server host name or URL:"
msgstr ""
#. Type: string
#. Description
-#: ../openflow-switch-config.templates:12001
+#: ../openvswitch-switch-config.templates:12001
msgid ""
"Specify a URL to the OpenFlow public key infrastructure (PKI). If a host "
"name or IP address is specified in place of a URL, then http://<host>/"
-"openflow/pki/ will be used, where <host> is the specified host name or IP "
+"openvswitch/pki/ will be used, where <host> is the specified host name or IP "
"address."
msgstr ""
#. Type: string
#. Description
-#: ../openflow-switch-config.templates:12001
+#: ../openvswitch-switch-config.templates:12001
msgid ""
"The OpenFlow PKI is usually on the same machine as the OpenFlow controller."
msgstr ""
#. Type: string
#. Description
-#: ../openflow-switch-config.templates:12001
+#: ../openvswitch-switch-config.templates:12001
msgid ""
"The setup process will connect to the OpenFlow PKI server over HTTP, using "
"the system's configured default HTTP proxy (if any)."
#. Type: error
#. Description
-#: ../openflow-switch-config.templates:13001
+#: ../openvswitch-switch-config.templates:13001
msgid "The switch CA certificate could not be retrieved."
msgstr ""
#. Type: error
#. Description
-#: ../openflow-switch-config.templates:13001
+#: ../openvswitch-switch-config.templates:13001
msgid "Retrieval of ${url} failed, with the following status: \"${error}\"."
msgstr ""
#. Type: error
#. Description
-#: ../openflow-switch-config.templates:13001
+#: ../openvswitch-switch-config.templates:13001
msgid ""
"Ensure that the OpenFlow PKI server is correctly configured and available at "
"${pki-uri}. If the system is configured to use an HTTP proxy, also make "
#. Choices
#. Type: select
#. Choices
-#: ../openflow-switch-config.templates:14001
-#: ../openflow-switch-config.templates:15001
-#: ../openflow-switch-config.templates:17001
+#: ../openvswitch-switch-config.templates:14001
+#: ../openvswitch-switch-config.templates:15001
+#: ../openvswitch-switch-config.templates:17001
msgid "yes, no"
msgstr ""
#. Type: select
#. Description
-#: ../openflow-switch-config.templates:14002
+#: ../openvswitch-switch-config.templates:14002
msgid "Is ${fingerprint} the controller CA's fingerprint?"
msgstr ""
#. Type: select
#. Description
-#: ../openflow-switch-config.templates:14002
+#: ../openvswitch-switch-config.templates:14002
msgid ""
"If a man-in-the-middle attack is possible in your network environment, check "
"that the controller CA's fingerprint is really ${fingerprint}. Answer \"yes"
#. Type: select
#. Description
-#: ../openflow-switch-config.templates:14002
+#: ../openvswitch-switch-config.templates:14002
msgid ""
"If a man-in-the-middle attack is not a concern, there is no need to verify "
"the fingerprint. Simply answer \"yes\"."
#. Type: select
#. Description
-#: ../openflow-switch-config.templates:15002
+#: ../openvswitch-switch-config.templates:15002
msgid "Send certificate request to switch CA?"
msgstr ""
#. Type: select
#. Description
-#: ../openflow-switch-config.templates:15002
+#: ../openvswitch-switch-config.templates:15002
msgid ""
"Before it can connect to the controller over SSL, the OpenFlow switch's key "
"must be signed by the switch certificate authority (CA) located on the "
#. Type: select
#. Description
-#: ../openflow-switch-config.templates:15002
+#: ../openvswitch-switch-config.templates:15002
msgid ""
"Answer \"yes\" to send a signing request to the switch CA now. This is "
"ordinarily the correct choice. There is no harm in sending a given signing "
#. Type: select
#. Description
-#: ../openflow-switch-config.templates:15002
+#: ../openvswitch-switch-config.templates:15002
msgid ""
"Answer \"no\" to skip sending a signing request to the switch CA. Unless the "
"request has already been sent to the switch CA, manual sending of the "
#. Type: error
#. Description
-#: ../openflow-switch-config.templates:16001
+#: ../openvswitch-switch-config.templates:16001
msgid "The certificate request could not be sent."
msgstr ""
#. Type: error
#. Description
-#: ../openflow-switch-config.templates:16001
+#: ../openvswitch-switch-config.templates:16001
msgid "Posting to ${url} failed, with the following status: \"${error}\"."
msgstr ""
#. Type: error
#. Description
-#: ../openflow-switch-config.templates:16001
+#: ../openvswitch-switch-config.templates:16001
msgid ""
"Ensure that the OpenFlow PKI server is correctly configured and available at "
"${pki-uri}."
#. Type: select
#. Description
-#: ../openflow-switch-config.templates:17002
+#: ../openvswitch-switch-config.templates:17002
msgid "Fetch signed switch certificate from PKI server?"
msgstr ""
#. Type: select
#. Description
-#: ../openflow-switch-config.templates:17002
+#: ../openvswitch-switch-config.templates:17002
msgid ""
"Before it can connect to the controller over SSL, the OpenFlow switch's key "
"must be signed by the switch certificate authority (CA) located on the "
#. Type: select
#. Description
-#: ../openflow-switch-config.templates:17002
+#: ../openvswitch-switch-config.templates:17002
msgid ""
"At this point, a signing request has been sent to the switch CA (or sending "
"a request has been manually skipped), but the signed certificate has not yet "
#. Type: select
#. Description
-#: ../openflow-switch-config.templates:17002
+#: ../openvswitch-switch-config.templates:17002
msgid ""
"Answer \"yes\" to attempt to retrieve the signed switch certificate from the "
"switch CA. If the switch certificate request has been signed at the PKI "
#. Type: select
#. Description
-#: ../openflow-switch-config.templates:17002
+#: ../openvswitch-switch-config.templates:17002
msgid ""
"Answer \"no\" to postpone switch configuration. The configuration process "
"must be restarted later, when the switch certificate request has been signed."
#. Type: error
#. Description
-#: ../openflow-switch-config.templates:18001
+#: ../openvswitch-switch-config.templates:18001
msgid "Signed switch certificate could not be retrieved."
msgstr ""
#. Type: error
#. Description
-#: ../openflow-switch-config.templates:18001
+#: ../openvswitch-switch-config.templates:18001
msgid ""
"The signed switch certificate could not be retrieved from the switch CA: "
"retrieval of ${url} failed, with the following status: \"${error}\"."
#. Type: error
#. Description
-#: ../openflow-switch-config.templates:18001
+#: ../openvswitch-switch-config.templates:18001
msgid ""
"This probably indicates that the switch's certificate request has not yet "
"been signed. If this is the problem, it may be fixed by signing the "
#. Type: note
#. Description
-#: ../openflow-switch-config.templates:19001
+#: ../openvswitch-switch-config.templates:19001
msgid "OpenFlow Switch Setup Finished"
msgstr ""
#. Type: note
#. Description
-#: ../openflow-switch-config.templates:19001
+#: ../openvswitch-switch-config.templates:19001
msgid ""
"Setup of this OpenFlow switch is finished. Complete the setup procedure to "
"enable the switch."
export DH_OPTIONS
# prefix of the target package name
-PACKAGE=openflow-datapath-module
+PACKAGE=openvswitch-datapath-module
# modifieable for experiments or debugging m-a
MA_DIR ?= /usr/share/modass
# load generic variable handling
build-indep: build-indep-stamp
build-indep-stamp: configure-stamp
- $(MAKE) -C _debian dist distdir=openflow
+ $(MAKE) -C _debian dist distdir=openvswitch
$(ext_build_indep)
touch $@
kdist_clean:
dh_clean
- rm -rf openflow
+ rm -rf openvswitch
kdist_config: prep-deb-files
dh_testdir
dh_testroot
dh_clean -k
- tar xzf openflow.tar.gz
- cd openflow && ./configure --with-l26=$(KSRC) $(DATAPATH_CONFIGURE_OPTS) --with-build-number=$(BUILD_NUMBER)
- cd openflow && $(MAKE) -C datapath/linux-2.6
+ tar xzf openvswitch.tar.gz
+ cd openvswitch && ./configure --with-l26=$(KSRC) $(DATAPATH_CONFIGURE_OPTS) --with-build-number=$(BUILD_NUMBER)
+ cd openvswitch && $(MAKE) -C datapath/linux-2.6
install -d -m755 $(DSTDIR)
- install -m644 openflow/datapath/linux-2.6/*_mod.ko $(DSTDIR)/
+ install -m644 openvswitch/datapath/linux-2.6/*_mod.ko $(DSTDIR)/
dh_installdocs
dh_installchangelogs
dh_compress
dh_clean -k -i
dh_installdirs -i
dh_install -i
- cd debian/openflow-datapath-source/usr/src && tar -c modules | bzip2 -9 > openflow-datapath.tar.bz2 && rm -rf modules
- install -m644 debian/openflow-pki-server.apache2 debian/openflow-pki-server/etc/apache2/sites-available/openflow-pki
+ cd debian/openvswitch-datapath-source/usr/src && tar -c modules | bzip2 -9 > openvswitch-datapath.tar.bz2 && rm -rf modules
+ install -m644 debian/openvswitch-pki-server.apache2 debian/openvswitch-pki-server/etc/apache2/sites-available/openvswitch-pki
install -m1777 -d debian/corekeeper/var/log/core
$(ext_install_indep)
dh_testroot
dh_clean -k -s
dh_installdirs -s
- $(MAKE) -C _debian DESTDIR=$(CURDIR)/debian/openflow install
- cp debian/openflow-switch-config.overrides debian/openflow-switch-config/usr/share/lintian/overrides/openflow-switch-config
- cp debian/openflow-switch.template debian/openflow-switch/usr/share/openflow/switch/default.template
+ $(MAKE) -C _debian DESTDIR=$(CURDIR)/debian/openvswitch install
+ cp debian/openvswitch-switch-config.overrides debian/openvswitch-switch-config/usr/share/lintian/overrides/openvswitch-switch-config
+ cp debian/openvswitch-switch.template debian/openvswitch-switch/usr/share/openvswitch/switch/default.template
dh_install -s
$(ext_install_arch)
dh_installcron
dh_installman
dh_link
- dh_strip --dbg-package=openflow-dbg
+ dh_strip --dbg-package=openvswitch-dbg
dh_compress
dh_fixperms -X var/log/core
dh_perl
include include/openflow/automake.mk
+include include/openvswitch/automake.mk
noinst_HEADERS += \
- include/openflow/brcompat-netlink.h \
- include/openflow/datapath-protocol.h \
include/openflow/openflow-mgmt.h \
include/openflow/nicira-ext.h \
- include/openflow/openflow.h \
- include/openflow/openflow-netlink.h
+ include/openflow/openflow.h
+++ /dev/null
-/* Copyright (c) 2008, 2009 The Board of Trustees of The Leland Stanford
- * Junior University
- *
- * We are making the OpenFlow specification and associated documentation
- * (Software) available for public use and benefit with the expectation
- * that others will use, modify and enhance the Software and contribute
- * those enhancements back to the community. However, since we would
- * like to make the Software available for broadest use, with as few
- * restrictions as possible permission is hereby granted, free of
- * charge, to any person obtaining a copy of this Software to deal in
- * the Software under the copyrights without restriction, including
- * without limitation the rights to use, copy, modify, merge, publish,
- * distribute, sublicense, and/or sell copies of the Software, and to
- * permit persons to whom the Software is furnished to do so, subject to
- * the following conditions:
- *
- * The above copyright notice and this permission notice shall be
- * included in all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
- * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
- * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
- * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
- * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
- * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
- * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
- * SOFTWARE.
- *
- * The name and trademarks of copyright holder(s) may NOT be used in
- * advertising or publicity pertaining to the Software or any
- * derivatives without specific, written prior permission.
- */
-
-#ifndef OPENFLOW_BRCOMPAT_NETLINK_H
-#define OPENFLOW_BRCOMPAT_NETLINK_H 1
-
-#define BRC_GENL_FAMILY_NAME "brcompat"
-
-/* Attributes that can be attached to the datapath's netlink messages. */
-enum {
- BRC_GENL_A_UNSPEC,
- BRC_GENL_A_DP_NAME, /* Datapath name. */
- BRC_GENL_A_PORT_NAME, /* Interface name. */
- BRC_GENL_A_ERR_CODE, /* Positive error code. */
- BRC_GENL_A_MC_GROUP, /* Generic netlink multicast group. */
- BRC_GENL_A_PROC_DIR, /* Name of subdirectory in /proc. */
- BRC_GENL_A_PROC_NAME, /* Name of file in /proc. */
- BRC_GENL_A_PROC_DATA, /* Contents of file in /proc. */
-
- __BRC_GENL_A_MAX,
- BRC_GENL_A_MAX = __BRC_GENL_A_MAX - 1
-};
-
-/* Commands that can be executed on the datapath's netlink interface. */
-enum brc_genl_command {
- BRC_GENL_C_UNSPEC,
-
- /*
- * "K:" messages are sent by the kernel to userspace.
- * "U:" messages are sent by userspace to the kernel.
- */
- BRC_GENL_C_DP_ADD, /* K: Datapath created. */
- BRC_GENL_C_DP_DEL, /* K: Datapath destroyed. */
- BRC_GENL_C_DP_RESULT, /* U: Result of datapath command from vswitchd. */
- BRC_GENL_C_PORT_ADD, /* K: Port added to datapath. */
- BRC_GENL_C_PORT_DEL, /* K: Port removed from datapath. */
- BRC_GENL_C_QUERY_MC, /* U: Get multicast group for brcompat. */
- BRC_GENL_C_SET_PROC, /* U: Set contents of file in /proc. */
-
- __BRC_GENL_C_MAX,
- BRC_GENL_C_MAX = __BRC_GENL_C_MAX - 1
-};
-#endif /* openflow/brcompat-netlink.h */
+++ /dev/null
-/* Copyright (c) 2009 The Board of Trustees of The Leland Stanford
- * Junior University
- *
- * We are making the OpenFlow specification and associated documentation
- * (Software) available for public use and benefit with the expectation
- * that others will use, modify and enhance the Software and contribute
- * those enhancements back to the community. However, since we would
- * like to make the Software available for broadest use, with as few
- * restrictions as possible permission is hereby granted, free of
- * charge, to any person obtaining a copy of this Software to deal in
- * the Software under the copyrights without restriction, including
- * without limitation the rights to use, copy, modify, merge, publish,
- * distribute, sublicense, and/or sell copies of the Software, and to
- * permit persons to whom the Software is furnished to do so, subject to
- * the following conditions:
- *
- * The above copyright notice and this permission notice shall be
- * included in all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
- * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
- * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
- * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
- * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
- * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
- * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
- * SOFTWARE.
- *
- * The name and trademarks of copyright holder(s) may NOT be used in
- * advertising or publicity pertaining to the Software or any
- * derivatives without specific, written prior permission.
- */
-
-/* Protocol between secchan and datapath. */
-
-#ifndef OPENFLOW_DATAPATH_PROTOCOL_H
-#define OPENFLOW_DATAPATH_PROTOCOL_H 1
-
-#ifdef __KERNEL__
-#include <linux/types.h>
-#else
-#include <sys/types.h>
-#endif
-#include <linux/if_ether.h>
-
-#define ODP_MAX 256 /* Maximum number of datapaths. */
-
-#define ODP_DP_CREATE _IO('O', 0)
-#define ODP_DP_DESTROY _IO('O', 1)
-#define ODP_DP_STATS _IOW('O', 2, struct odp_stats)
-
-#define ODP_GET_DROP_FRAGS _IOW('O', 3, int)
-#define ODP_SET_DROP_FRAGS _IOR('O', 4, int)
-
-#define ODP_GET_LISTEN_MASK _IOW('O', 5, int)
-#define ODP_SET_LISTEN_MASK _IOR('O', 6, int)
-
-#define ODP_PORT_ADD _IOR('O', 7, struct odp_port)
-#define ODP_PORT_DEL _IOR('O', 8, int)
-#define ODP_PORT_QUERY _IOWR('O', 9, struct odp_port)
-#define ODP_PORT_LIST _IOWR('O', 10, struct odp_portvec)
-
-#define ODP_PORT_GROUP_SET _IOR('O', 11, struct odp_port_group)
-#define ODP_PORT_GROUP_GET _IOWR('O', 12, struct odp_port_group)
-
-#define ODP_FLOW_GET _IOWR('O', 13, struct odp_flow)
-#define ODP_FLOW_GET_MULTIPLE _IOWR('O', 14, struct odp_flowvec)
-#define ODP_FLOW_LIST _IOWR('O', 15, struct odp_flowvec)
-
-#define ODP_FLOW_FLUSH _IO('O', 16)
-#define ODP_FLOW_PUT _IOWR('O', 17, struct odp_flow)
-#define ODP_FLOW_DEL _IOWR('O', 18, struct odp_flow)
-
-#define ODP_EXECUTE _IOR('O', 19, struct odp_execute)
-
-#define ODP_SNAT_ADD_PORT _IOR('O', 20, struct odp_snat_config)
-#define ODP_SNAT_DEL_PORT _IOR('O', 21, int)
-
-struct odp_stats {
- /* Flows. */
- __u32 n_flows; /* Number of flows in flow table. */
- __u32 cur_capacity; /* Current flow table capacity. */
- __u32 max_capacity; /* Maximum expansion of flow table capacity. */
-
- /* Ports. */
- __u32 n_ports; /* Current number of ports. */
- __u32 max_ports; /* Maximum supported number of ports. */
- __u16 max_groups; /* Maximum number of port groups. */
- __u16 reserved;
-
- /* Lookups. */
- __u64 n_frags; /* Number of dropped IP fragments. */
- __u64 n_hit; /* Number of flow table matches. */
- __u64 n_missed; /* Number of flow table misses. */
- __u64 n_lost; /* Number of misses not sent to userspace. */
-
- /* Queues. */
- __u16 max_miss_queue; /* Max length of ODPL_MISS queue. */
- __u16 max_action_queue; /* Max length of ODPL_ACTION queue. */
-};
-
-/* Logical ports. */
-#define ODPP_LOCAL ((__u16)0)
-#define ODPP_NONE ((__u16)-1)
-
-/* Listening channels. */
-#define _ODPL_MISS_NR 0 /* Packet missed in flow table. */
-#define ODPL_MISS (1 << _ODPL_MISS_NR)
-#define _ODPL_ACTION_NR 1 /* Packet output to ODPP_CONTROLLER. */
-#define ODPL_ACTION (1 << _ODPL_ACTION_NR)
-#define ODPL_ALL (ODPL_MISS | ODPL_ACTION)
-
-/* Format of messages read from datapath fd. */
-struct odp_msg {
- __u32 type; /* _ODPL_MISS_NR or _ODPL_ACTION_NR. */
- __u32 length; /* Message length, including header. */
- __u16 port; /* Port on which frame was received. */
- __u16 reserved;
- __u32 arg; /* Argument value specified in action. */
- /* Followed by packet data. */
-};
-
-struct odp_port {
- char devname[16]; /* IFNAMSIZ */
- __u16 port;
- __u16 reserved1;
- __u32 reserved2;
-};
-
-struct odp_portvec {
- struct odp_port *ports;
- int n_ports;
-};
-
-struct odp_port_group {
- __u16 *ports;
- __u16 n_ports; /* Number of ports. */
- __u16 group; /* Group number. */
-};
-
-struct odp_flow_stats {
- __u64 n_packets; /* Number of matched packets. */
- __u64 n_bytes; /* Number of matched bytes. */
- __u64 used_sec; /* Time last used. */
- __u32 used_nsec;
- __u8 tcp_flags;
- __u8 ip_tos;
- __u16 reserved;
-};
-
-struct odp_flow_key {
- __be32 nw_src; /* IP source address. */
- __be32 nw_dst; /* IP destination address. */
- __u16 in_port; /* Input switch port. */
- __be16 dl_vlan; /* Input VLAN. */
- __be16 dl_type; /* Ethernet frame type. */
- __be16 tp_src; /* TCP/UDP source port. */
- __be16 tp_dst; /* TCP/UDP destination port. */
- __u8 dl_src[ETH_ALEN]; /* Ethernet source address. */
- __u8 dl_dst[ETH_ALEN]; /* Ethernet destination address. */
- __u8 nw_proto; /* IP protocol. */
- __u8 reserved; /* Pad to 64 bits. */
-};
-
-struct odp_flow {
- struct odp_flow_stats stats;
- struct odp_flow_key key;
- union odp_action *actions;
- __u32 n_actions;
-};
-
-/* Flags for ODP_FLOW_PUT. */
-#define ODPPF_CREATE (1 << 0) /* Allow creating a new flow. */
-#define ODPPF_MODIFY (1 << 1) /* Allow modifying an existing flow. */
-#define ODPPF_ZERO_STATS (1 << 2) /* Zero the stats of an existing flow. */
-
-/* ODP_FLOW_PUT argument. */
-struct odp_flow_put {
- struct odp_flow flow;
- __u32 flags;
-};
-
-struct odp_flowvec {
- struct odp_flow *flows;
- int n_flows;
-};
-
-/* The VLAN id is 12 bits, so we can use the entire 16 bits to indicate
- * special conditions. All ones is used to match that no VLAN id was
- * set. */
-#define ODP_VLAN_NONE 0xffff
-
-/* Action types. */
-#define ODPAT_OUTPUT 0 /* Output to switch port. */
-#define ODPAT_OUTPUT_GROUP 1 /* Output to all ports in group. */
-#define ODPAT_CONTROLLER 2 /* Send copy to controller. */
-#define ODPAT_SET_VLAN_VID 3 /* Set the 802.1q VLAN id. */
-#define ODPAT_SET_VLAN_PCP 4 /* Set the 802.1q priority. */
-#define ODPAT_STRIP_VLAN 5 /* Strip the 802.1q header. */
-#define ODPAT_SET_DL_SRC 6 /* Ethernet source address. */
-#define ODPAT_SET_DL_DST 7 /* Ethernet destination address. */
-#define ODPAT_SET_NW_SRC 8 /* IP source address. */
-#define ODPAT_SET_NW_DST 9 /* IP destination address. */
-#define ODPAT_SET_TP_SRC 10 /* TCP/UDP source port. */
-#define ODPAT_SET_TP_DST 11 /* TCP/UDP destination port. */
-#define ODPAT_SNAT 12 /* Source NAT. */
-#define ODPAT_N_ACTIONS 13
-
-struct odp_action_output {
- __u16 type; /* ODPAT_OUTPUT. */
- __u16 port; /* Output port. */
- __u16 reserved1;
- __u16 reserved2;
-};
-
-struct odp_action_output_group {
- __u16 type; /* ODPAT_OUTPUT_GROUP. */
- __u16 group; /* Group number. */
- __u16 reserved1;
- __u16 reserved2;
-};
-
-struct odp_action_controller {
- __u16 type; /* ODPAT_OUTPUT_CONTROLLER. */
- __u16 reserved;
- __u32 arg; /* Copied to struct odp_msg 'arg' member. */
-};
-
-/* Action structure for ODPAT_SET_VLAN_VID. */
-struct odp_action_vlan_vid {
- __u16 type; /* ODPAT_SET_VLAN_VID. */
- __be16 vlan_vid; /* VLAN id. */
- __u16 reserved1;
- __u16 reserved2;
-};
-
-/* Action structure for ODPAT_SET_VLAN_PCP. */
-struct odp_action_vlan_pcp {
- __u16 type; /* ODPAT_SET_VLAN_PCP. */
- __u8 vlan_pcp; /* VLAN priority. */
- __u8 reserved1;
- __u16 reserved2;
- __u16 reserved3;
-};
-
-/* Action structure for ODPAT_SET_DL_SRC/DST. */
-struct odp_action_dl_addr {
- __u16 type; /* ODPAT_SET_DL_SRC/DST. */
- __u8 dl_addr[ETH_ALEN]; /* Ethernet address. */
-};
-
-/* Action structure for ODPAT_SET_NW_SRC/DST. */
-struct odp_action_nw_addr {
- __u16 type; /* ODPAT_SET_TW_SRC/DST. */
- __u16 reserved;
- __be32 nw_addr; /* IP address. */
-};
-
-/* Action structure for ODPAT_SET_TP_SRC/DST. */
-struct odp_action_tp_port {
- __u16 type; /* ODPAT_SET_TP_SRC/DST. */
- __be16 tp_port; /* TCP/UDP port. */
- __u16 reserved1;
- __u16 reserved2;
-};
-
-struct odp_action_snat {
- __u16 type; /* ODPAT_SNAT. */
- __u16 port; /* Output port. */
- __u16 reserved1;
- __u16 reserved2;
-};
-
-union odp_action {
- __u16 type;
- struct odp_action_output output;
- struct odp_action_output_group output_group;
- struct odp_action_controller controller;
- struct odp_action_vlan_vid vlan_vid;
- struct odp_action_vlan_pcp vlan_pcp;
- struct odp_action_dl_addr dl_addr;
- struct odp_action_nw_addr nw_addr;
- struct odp_action_tp_port tp_port;
- struct odp_action_snat snat;
-};
-
-struct odp_execute {
- __u16 in_port;
- __u16 reserved1;
- __u32 reserved2;
-
- union odp_action *actions;
- __u32 n_actions;
-
- const void *data;
- __u32 length;
-};
-
-/* Values below this cutoff are 802.3 packets and the two bytes
- * following MAC addresses are used as a frame length. Otherwise, the
- * two bytes are used as the Ethernet type.
- */
-#define ODP_DL_TYPE_ETH2_CUTOFF 0x0600
-
-/* Value of dl_type to indicate that the frame does not include an
- * Ethernet type.
- */
-#define ODP_DL_TYPE_NOT_ETH_TYPE 0x05ff
-
-/* The VLAN id is 12-bits, so we can use the entire 16 bits to indicate
- * special conditions. All ones indicates that no VLAN id was set.
- */
-#define ODP_VLAN_NONE 0xffff
-
-/* Configuration for source-NATing */
-struct odp_snat_config {
- __u16 port;
-
- /* Time to cache MAC addresses of SNAT'd hosts in seconds (0=default). */
- __u16 mac_timeout;
-
- /* Range of IP addresses to impersonate. Set both values to the same to
- * support a single address. */
- __be32 ip_start, ip_end;
-
- /* Range of transport ports that should be used as new source port. A
- * value of zero lets the kernel choose. */
- __be16 tcp_start, tcp_end;
- __be16 udp_start, udp_end;
-
- /* MAC address to use for ARP requests for a SNAT IP address that comes in
- * on a different interface than 'port'. A value of all zeros silently
- * drops those ARP requests. Requests that arrive on 'port' get a response
- * with the mac address of the datapath device. */
- __u8 mac_addr[ETH_ALEN];
- __u16 reserved;
-};
-
-#endif /* openflow/datapath-protocol.h */
+++ /dev/null
-/* Copyright (c) 2008, 2009 The Board of Trustees of The Leland Stanford
- * Junior University
- *
- * We are making the OpenFlow specification and associated documentation
- * (Software) available for public use and benefit with the expectation
- * that others will use, modify and enhance the Software and contribute
- * those enhancements back to the community. However, since we would
- * like to make the Software available for broadest use, with as few
- * restrictions as possible permission is hereby granted, free of
- * charge, to any person obtaining a copy of this Software to deal in
- * the Software under the copyrights without restriction, including
- * without limitation the rights to use, copy, modify, merge, publish,
- * distribute, sublicense, and/or sell copies of the Software, and to
- * permit persons to whom the Software is furnished to do so, subject to
- * the following conditions:
- *
- * The above copyright notice and this permission notice shall be
- * included in all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
- * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
- * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
- * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
- * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
- * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
- * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
- * SOFTWARE.
- *
- * The name and trademarks of copyright holder(s) may NOT be used in
- * advertising or publicity pertaining to the Software or any
- * derivatives without specific, written prior permission.
- */
-
-#ifndef OPENFLOW_OPENFLOW_NETLINK_H
-#define OPENFLOW_OPENFLOW_NETLINK_H 1
-
-#define DP_GENL_FAMILY_NAME "OpenFlow"
-
-/* Attributes that can be attached to the datapath's netlink messages. */
-enum {
- DP_GENL_A_UNSPEC,
- DP_GENL_A_DP_IDX, /* Datapath device index. */
- DP_GENL_A_PORTNAME, /* Device name for datapath port. */
- DP_GENL_A_MC_GROUP, /* Generic netlink multicast group. */
- DP_GENL_A_OPENFLOW, /* OpenFlow packet. */
- DP_GENL_A_DP_NAME, /* Datapath device name. */
-
- __DP_GENL_A_MAX,
- DP_GENL_A_MAX = __DP_GENL_A_MAX - 1
-};
-
-/* Commands that can be executed on the datapath's netlink interface. */
-enum dp_genl_command {
- DP_GENL_C_UNSPEC,
- DP_GENL_C_ADD_DP, /* Create datapath. */
- DP_GENL_C_DEL_DP, /* Destroy datapath. */
- DP_GENL_C_QUERY_DP, /* Get multicast group for datapath. */
- DP_GENL_C_ADD_PORT, /* Add port to datapath. */
- DP_GENL_C_DEL_PORT, /* Remove port from datapath. */
- DP_GENL_C_OPENFLOW, /* Encapsulated OpenFlow protocol. */
-
- __DP_GENL_C_MAX,
- DP_GENL_C_MAX = __DP_GENL_C_MAX - 1
-};
-
-#endif /* openflow/openflow-netlink.h */
--- /dev/null
+noinst_HEADERS += \
+ include/openvswitch/brcompat-netlink.h \
+ include/openvswitch/datapath-protocol.h
+
--- /dev/null
+/* Copyright (c) 2008, 2009 The Board of Trustees of The Leland Stanford
+ * Junior University
+ *
+ * We are making the OpenFlow specification and associated documentation
+ * (Software) available for public use and benefit with the expectation
+ * that others will use, modify and enhance the Software and contribute
+ * those enhancements back to the community. However, since we would
+ * like to make the Software available for broadest use, with as few
+ * restrictions as possible permission is hereby granted, free of
+ * charge, to any person obtaining a copy of this Software to deal in
+ * the Software under the copyrights without restriction, including
+ * without limitation the rights to use, copy, modify, merge, publish,
+ * distribute, sublicense, and/or sell copies of the Software, and to
+ * permit persons to whom the Software is furnished to do so, subject to
+ * the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+ * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+ * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+ * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ *
+ * The name and trademarks of copyright holder(s) may NOT be used in
+ * advertising or publicity pertaining to the Software or any
+ * derivatives without specific, written prior permission.
+ */
+
+#ifndef OPENVSWITCH_BRCOMPAT_NETLINK_H
+#define OPENVSWITCH_BRCOMPAT_NETLINK_H 1
+
+#define BRC_GENL_FAMILY_NAME "brcompat"
+
+/* Attributes that can be attached to the datapath's netlink messages. */
+enum {
+ BRC_GENL_A_UNSPEC,
+ BRC_GENL_A_DP_NAME, /* Datapath name. */
+ BRC_GENL_A_PORT_NAME, /* Interface name. */
+ BRC_GENL_A_ERR_CODE, /* Positive error code. */
+ BRC_GENL_A_MC_GROUP, /* Generic netlink multicast group. */
+ BRC_GENL_A_PROC_DIR, /* Name of subdirectory in /proc. */
+ BRC_GENL_A_PROC_NAME, /* Name of file in /proc. */
+ BRC_GENL_A_PROC_DATA, /* Contents of file in /proc. */
+
+ __BRC_GENL_A_MAX,
+ BRC_GENL_A_MAX = __BRC_GENL_A_MAX - 1
+};
+
+/* Commands that can be executed on the datapath's netlink interface. */
+enum brc_genl_command {
+ BRC_GENL_C_UNSPEC,
+
+ /*
+ * "K:" messages are sent by the kernel to userspace.
+ * "U:" messages are sent by userspace to the kernel.
+ */
+ BRC_GENL_C_DP_ADD, /* K: Datapath created. */
+ BRC_GENL_C_DP_DEL, /* K: Datapath destroyed. */
+ BRC_GENL_C_DP_RESULT, /* U: Result of datapath command from vswitchd. */
+ BRC_GENL_C_PORT_ADD, /* K: Port added to datapath. */
+ BRC_GENL_C_PORT_DEL, /* K: Port removed from datapath. */
+ BRC_GENL_C_QUERY_MC, /* U: Get multicast group for brcompat. */
+ BRC_GENL_C_SET_PROC, /* U: Set contents of file in /proc. */
+
+ __BRC_GENL_C_MAX,
+ BRC_GENL_C_MAX = __BRC_GENL_C_MAX - 1
+};
+#endif /* openvswitch/brcompat-netlink.h */
--- /dev/null
+/* Copyright (c) 2009 The Board of Trustees of The Leland Stanford
+ * Junior University
+ *
+ * We are making the OpenFlow specification and associated documentation
+ * (Software) available for public use and benefit with the expectation
+ * that others will use, modify and enhance the Software and contribute
+ * those enhancements back to the community. However, since we would
+ * like to make the Software available for broadest use, with as few
+ * restrictions as possible permission is hereby granted, free of
+ * charge, to any person obtaining a copy of this Software to deal in
+ * the Software under the copyrights without restriction, including
+ * without limitation the rights to use, copy, modify, merge, publish,
+ * distribute, sublicense, and/or sell copies of the Software, and to
+ * permit persons to whom the Software is furnished to do so, subject to
+ * the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+ * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+ * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+ * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ *
+ * The name and trademarks of copyright holder(s) may NOT be used in
+ * advertising or publicity pertaining to the Software or any
+ * derivatives without specific, written prior permission.
+ */
+
+/* Protocol between secchan and datapath. */
+
+#ifndef OPENVSWITCH_DATAPATH_PROTOCOL_H
+#define OPENVSWITCH_DATAPATH_PROTOCOL_H 1
+
+#ifdef __KERNEL__
+#include <linux/types.h>
+#else
+#include <sys/types.h>
+#endif
+#include <linux/if_ether.h>
+
+#define ODP_MAX 256 /* Maximum number of datapaths. */
+
+#define ODP_DP_CREATE _IO('O', 0)
+#define ODP_DP_DESTROY _IO('O', 1)
+#define ODP_DP_STATS _IOW('O', 2, struct odp_stats)
+
+#define ODP_GET_DROP_FRAGS _IOW('O', 3, int)
+#define ODP_SET_DROP_FRAGS _IOR('O', 4, int)
+
+#define ODP_GET_LISTEN_MASK _IOW('O', 5, int)
+#define ODP_SET_LISTEN_MASK _IOR('O', 6, int)
+
+#define ODP_PORT_ADD _IOR('O', 7, struct odp_port)
+#define ODP_PORT_DEL _IOR('O', 8, int)
+#define ODP_PORT_QUERY _IOWR('O', 9, struct odp_port)
+#define ODP_PORT_LIST _IOWR('O', 10, struct odp_portvec)
+
+#define ODP_PORT_GROUP_SET _IOR('O', 11, struct odp_port_group)
+#define ODP_PORT_GROUP_GET _IOWR('O', 12, struct odp_port_group)
+
+#define ODP_FLOW_GET _IOWR('O', 13, struct odp_flow)
+#define ODP_FLOW_GET_MULTIPLE _IOWR('O', 14, struct odp_flowvec)
+#define ODP_FLOW_LIST _IOWR('O', 15, struct odp_flowvec)
+
+#define ODP_FLOW_FLUSH _IO('O', 16)
+#define ODP_FLOW_PUT _IOWR('O', 17, struct odp_flow)
+#define ODP_FLOW_DEL _IOWR('O', 18, struct odp_flow)
+
+#define ODP_EXECUTE _IOR('O', 19, struct odp_execute)
+
+#define ODP_SNAT_ADD_PORT _IOR('O', 20, struct odp_snat_config)
+#define ODP_SNAT_DEL_PORT _IOR('O', 21, int)
+
+struct odp_stats {
+ /* Flows. */
+ __u32 n_flows; /* Number of flows in flow table. */
+ __u32 cur_capacity; /* Current flow table capacity. */
+ __u32 max_capacity; /* Maximum expansion of flow table capacity. */
+
+ /* Ports. */
+ __u32 n_ports; /* Current number of ports. */
+ __u32 max_ports; /* Maximum supported number of ports. */
+ __u16 max_groups; /* Maximum number of port groups. */
+ __u16 reserved;
+
+ /* Lookups. */
+ __u64 n_frags; /* Number of dropped IP fragments. */
+ __u64 n_hit; /* Number of flow table matches. */
+ __u64 n_missed; /* Number of flow table misses. */
+ __u64 n_lost; /* Number of misses not sent to userspace. */
+
+ /* Queues. */
+ __u16 max_miss_queue; /* Max length of ODPL_MISS queue. */
+ __u16 max_action_queue; /* Max length of ODPL_ACTION queue. */
+};
+
+/* Logical ports. */
+#define ODPP_LOCAL ((__u16)0)
+#define ODPP_NONE ((__u16)-1)
+
+/* Listening channels. */
+#define _ODPL_MISS_NR 0 /* Packet missed in flow table. */
+#define ODPL_MISS (1 << _ODPL_MISS_NR)
+#define _ODPL_ACTION_NR 1 /* Packet output to ODPP_CONTROLLER. */
+#define ODPL_ACTION (1 << _ODPL_ACTION_NR)
+#define ODPL_ALL (ODPL_MISS | ODPL_ACTION)
+
+/* Format of messages read from datapath fd. */
+struct odp_msg {
+ __u32 type; /* _ODPL_MISS_NR or _ODPL_ACTION_NR. */
+ __u32 length; /* Message length, including header. */
+ __u16 port; /* Port on which frame was received. */
+ __u16 reserved;
+ __u32 arg; /* Argument value specified in action. */
+ /* Followed by packet data. */
+};
+
+struct odp_port {
+ char devname[16]; /* IFNAMSIZ */
+ __u16 port;
+ __u16 reserved1;
+ __u32 reserved2;
+};
+
+struct odp_portvec {
+ struct odp_port *ports;
+ int n_ports;
+};
+
+struct odp_port_group {
+ __u16 *ports;
+ __u16 n_ports; /* Number of ports. */
+ __u16 group; /* Group number. */
+};
+
+struct odp_flow_stats {
+ __u64 n_packets; /* Number of matched packets. */
+ __u64 n_bytes; /* Number of matched bytes. */
+ __u64 used_sec; /* Time last used. */
+ __u32 used_nsec;
+ __u8 tcp_flags;
+ __u8 ip_tos;
+ __u16 reserved;
+};
+
+struct odp_flow_key {
+ __be32 nw_src; /* IP source address. */
+ __be32 nw_dst; /* IP destination address. */
+ __u16 in_port; /* Input switch port. */
+ __be16 dl_vlan; /* Input VLAN. */
+ __be16 dl_type; /* Ethernet frame type. */
+ __be16 tp_src; /* TCP/UDP source port. */
+ __be16 tp_dst; /* TCP/UDP destination port. */
+ __u8 dl_src[ETH_ALEN]; /* Ethernet source address. */
+ __u8 dl_dst[ETH_ALEN]; /* Ethernet destination address. */
+ __u8 nw_proto; /* IP protocol. */
+ __u8 reserved; /* Pad to 64 bits. */
+};
+
+struct odp_flow {
+ struct odp_flow_stats stats;
+ struct odp_flow_key key;
+ union odp_action *actions;
+ __u32 n_actions;
+};
+
+/* Flags for ODP_FLOW_PUT. */
+#define ODPPF_CREATE (1 << 0) /* Allow creating a new flow. */
+#define ODPPF_MODIFY (1 << 1) /* Allow modifying an existing flow. */
+#define ODPPF_ZERO_STATS (1 << 2) /* Zero the stats of an existing flow. */
+
+/* ODP_FLOW_PUT argument. */
+struct odp_flow_put {
+ struct odp_flow flow;
+ __u32 flags;
+};
+
+struct odp_flowvec {
+ struct odp_flow *flows;
+ int n_flows;
+};
+
+/* The VLAN id is 12 bits, so we can use the entire 16 bits to indicate
+ * special conditions. All ones is used to match that no VLAN id was
+ * set. */
+#define ODP_VLAN_NONE 0xffff
+
+/* Action types. */
+#define ODPAT_OUTPUT 0 /* Output to switch port. */
+#define ODPAT_OUTPUT_GROUP 1 /* Output to all ports in group. */
+#define ODPAT_CONTROLLER 2 /* Send copy to controller. */
+#define ODPAT_SET_VLAN_VID 3 /* Set the 802.1q VLAN id. */
+#define ODPAT_SET_VLAN_PCP 4 /* Set the 802.1q priority. */
+#define ODPAT_STRIP_VLAN 5 /* Strip the 802.1q header. */
+#define ODPAT_SET_DL_SRC 6 /* Ethernet source address. */
+#define ODPAT_SET_DL_DST 7 /* Ethernet destination address. */
+#define ODPAT_SET_NW_SRC 8 /* IP source address. */
+#define ODPAT_SET_NW_DST 9 /* IP destination address. */
+#define ODPAT_SET_TP_SRC 10 /* TCP/UDP source port. */
+#define ODPAT_SET_TP_DST 11 /* TCP/UDP destination port. */
+#define ODPAT_SNAT 12 /* Source NAT. */
+#define ODPAT_N_ACTIONS 13
+
+struct odp_action_output {
+ __u16 type; /* ODPAT_OUTPUT. */
+ __u16 port; /* Output port. */
+ __u16 reserved1;
+ __u16 reserved2;
+};
+
+struct odp_action_output_group {
+ __u16 type; /* ODPAT_OUTPUT_GROUP. */
+ __u16 group; /* Group number. */
+ __u16 reserved1;
+ __u16 reserved2;
+};
+
+struct odp_action_controller {
+ __u16 type; /* ODPAT_OUTPUT_CONTROLLER. */
+ __u16 reserved;
+ __u32 arg; /* Copied to struct odp_msg 'arg' member. */
+};
+
+/* Action structure for ODPAT_SET_VLAN_VID. */
+struct odp_action_vlan_vid {
+ __u16 type; /* ODPAT_SET_VLAN_VID. */
+ __be16 vlan_vid; /* VLAN id. */
+ __u16 reserved1;
+ __u16 reserved2;
+};
+
+/* Action structure for ODPAT_SET_VLAN_PCP. */
+struct odp_action_vlan_pcp {
+ __u16 type; /* ODPAT_SET_VLAN_PCP. */
+ __u8 vlan_pcp; /* VLAN priority. */
+ __u8 reserved1;
+ __u16 reserved2;
+ __u16 reserved3;
+};
+
+/* Action structure for ODPAT_SET_DL_SRC/DST. */
+struct odp_action_dl_addr {
+ __u16 type; /* ODPAT_SET_DL_SRC/DST. */
+ __u8 dl_addr[ETH_ALEN]; /* Ethernet address. */
+};
+
+/* Action structure for ODPAT_SET_NW_SRC/DST. */
+struct odp_action_nw_addr {
+ __u16 type; /* ODPAT_SET_TW_SRC/DST. */
+ __u16 reserved;
+ __be32 nw_addr; /* IP address. */
+};
+
+/* Action structure for ODPAT_SET_TP_SRC/DST. */
+struct odp_action_tp_port {
+ __u16 type; /* ODPAT_SET_TP_SRC/DST. */
+ __be16 tp_port; /* TCP/UDP port. */
+ __u16 reserved1;
+ __u16 reserved2;
+};
+
+struct odp_action_snat {
+ __u16 type; /* ODPAT_SNAT. */
+ __u16 port; /* Output port. */
+ __u16 reserved1;
+ __u16 reserved2;
+};
+
+union odp_action {
+ __u16 type;
+ struct odp_action_output output;
+ struct odp_action_output_group output_group;
+ struct odp_action_controller controller;
+ struct odp_action_vlan_vid vlan_vid;
+ struct odp_action_vlan_pcp vlan_pcp;
+ struct odp_action_dl_addr dl_addr;
+ struct odp_action_nw_addr nw_addr;
+ struct odp_action_tp_port tp_port;
+ struct odp_action_snat snat;
+};
+
+struct odp_execute {
+ __u16 in_port;
+ __u16 reserved1;
+ __u32 reserved2;
+
+ union odp_action *actions;
+ __u32 n_actions;
+
+ const void *data;
+ __u32 length;
+};
+
+/* Values below this cutoff are 802.3 packets and the two bytes
+ * following MAC addresses are used as a frame length. Otherwise, the
+ * two bytes are used as the Ethernet type.
+ */
+#define ODP_DL_TYPE_ETH2_CUTOFF 0x0600
+
+/* Value of dl_type to indicate that the frame does not include an
+ * Ethernet type.
+ */
+#define ODP_DL_TYPE_NOT_ETH_TYPE 0x05ff
+
+/* The VLAN id is 12-bits, so we can use the entire 16 bits to indicate
+ * special conditions. All ones indicates that no VLAN id was set.
+ */
+#define ODP_VLAN_NONE 0xffff
+
+/* Configuration for source-NATing */
+struct odp_snat_config {
+ __u16 port;
+
+ /* Time to cache MAC addresses of SNAT'd hosts in seconds (0=default). */
+ __u16 mac_timeout;
+
+ /* Range of IP addresses to impersonate. Set both values to the same to
+ * support a single address. */
+ __be32 ip_start, ip_end;
+
+ /* Range of transport ports that should be used as new source port. A
+ * value of zero lets the kernel choose. */
+ __be16 tcp_start, tcp_end;
+ __be16 udp_start, udp_end;
+
+ /* MAC address to use for ARP requests for a SNAT IP address that comes in
+ * on a different interface than 'port'. A value of all zeros silently
+ * drops those ARP requests. Requests that arrive on 'port' get a response
+ * with the mac address of the datapath device. */
+ __u8 mac_addr[ETH_ALEN];
+ __u16 reserved;
+};
+
+#endif /* openvswitch/datapath-protocol.h */
-noinst_LIBRARIES += lib/libopenflow.a
+noinst_LIBRARIES += lib/libopenvswitch.a
-lib_libopenflow_a_SOURCES = \
+lib_libopenvswitch_a_SOURCES = \
lib/backtrace.c \
lib/backtrace.h \
lib/bitmap.c \
lib/xtoxll.h
if HAVE_NETLINK
-lib_libopenflow_a_SOURCES += \
+lib_libopenvswitch_a_SOURCES += \
lib/dpif.c \
lib/dpif.h \
lib/netlink-protocol.h \
endif
if HAVE_OPENSSL
-lib_libopenflow_a_SOURCES += \
+lib_libopenvswitch_a_SOURCES += \
lib/vconn-ssl.c
-nodist_lib_libopenflow_a_SOURCES = lib/dhparams.c
+nodist_lib_libopenvswitch_a_SOURCES = lib/dhparams.c
lib/dhparams.c: lib/dh1024.pem lib/dh2048.pem lib/dh4096.pem
(echo '#include "lib/dhparams.h"' && \
openssl dhparam -C -in $(srcdir)/lib/dh1024.pem -noout && \
CLEANFILES += lib/dirs.c
lib/dirs.c: Makefile
($(ro_c) && \
- echo 'const char ofp_pkgdatadir[] = "$(pkgdatadir$)";' && \
- echo 'const char ofp_rundir[] = "@RUNDIR@";' && \
- echo 'const char ofp_logdir[] = "@LOGDIR@";') > lib/dirs.c.tmp
+ echo 'const char ovs_pkgdatadir[] = "$(pkgdatadir$)";' && \
+ echo 'const char ovs_rundir[] = "@RUNDIR@";' && \
+ echo 'const char ovs_logdir[] = "@LOGDIR@";') > lib/dirs.c.tmp
mv lib/dirs.c.tmp lib/dirs.c
install-data-local:
char *
make_pidfile_name(const char *name)
{
- return (!name ? xasprintf("%s/%s.pid", ofp_rundir, program_name)
+ return (!name ? xasprintf("%s/%s.pid", ovs_rundir, program_name)
: *name == '/' ? xstrdup(name)
- : xasprintf("%s/%s", ofp_rundir, name));
+ : xasprintf("%s/%s", ovs_rundir, name));
}
/* Sets up a following call to daemonize() to create a pidfile named 'name'.
pid_t pid = already_running();
if (pid) {
if (!force) {
- ofp_fatal(0, "%s: already running as pid %ld",
+ ovs_fatal(0, "%s: already running as pid %ld",
get_pidfile(), (long int) pid);
} else {
VLOG_WARN("%s: %s already running as pid %ld",
char c = 0;
int fds[2];
if (pipe(fds) < 0) {
- ofp_fatal(errno, "pipe failed");
+ ovs_fatal(errno, "pipe failed");
}
switch (fork()) {
close(fds[1]);
fatal_signal_fork();
if (read(fds[0], &c, 1) != 1) {
- ofp_fatal(errno, "daemon child failed to signal startup");
+ ovs_fatal(errno, "daemon child failed to signal startup");
}
exit(0);
case -1:
/* Error. */
- ofp_fatal(errno, "could not fork");
+ ovs_fatal(errno, "could not fork");
break;
}
} else {
" -D, --detach run in background as daemon\n"
" -P, --pidfile[=FILE] create pidfile (default: %s/%s.pid)\n"
" -f, --force with -P, start even if already running\n",
- ofp_rundir, program_name);
+ ovs_rundir, program_name);
}
/* Opens and reads a PID from 'pidfile'. Returns the nonnegative PID if
-/* Copyright (c) 2008 The Board of Trustees of The Leland Stanford
+/* Copyright (c) 2008, 2009 The Board of Trustees of The Leland Stanford
* Junior University
*
* We are making the OpenFlow specification and associated documentation
#ifndef DIRS_H
#define DIRS_H 1
-extern const char ofp_pkgdatadir[]; /* /usr/local/share/openflow */
-extern const char ofp_rundir[]; /* /usr/local/var/run */
-extern const char ofp_logdir[]; /* /usr/local/var/log */
+extern const char ovs_pkgdatadir[]; /* /usr/local/share/openvswitch */
+extern const char ovs_rundir[]; /* /usr/local/var/run */
+extern const char ovs_logdir[]; /* /usr/local/var/log */
#endif /* dirs.h */
static int name_to_minor(const char *name, unsigned int *minor);
static int lookup_minor(const char *name, unsigned int *minor);
static int open_by_minor(unsigned int minor, struct dpif *);
-static int make_openflow_device(unsigned int minor, char **fnp);
+static int make_openvswitch_device(unsigned int minor, char **fnp);
static void check_rw_odp_flow(struct odp_flow *);
int
nl_sock_wait(mon->sock, POLLIN);
}
\f
-static int get_openflow_major(void);
+static int get_openvswitch_major(void);
static int get_major(const char *target, int default_major);
static int
goto error_close_sock;
}
- if (strcmp(drvinfo.driver, "openflow")) {
- VLOG_WARN("%s is not an openflow device", name);
+ if (strcmp(drvinfo.driver, "openvswitch")) {
+ VLOG_WARN("%s is not an openvswitch device", name);
error = EOPNOTSUPP;
goto error_close_sock;
}
if (!isdigit(drvinfo.bus_info[0])) {
- VLOG_WARN("%s ethtool info does not contain an openflow minor", name);
+ VLOG_WARN("%s ethtool info does not contain an openvswitch minor",
+ name);
error = EPROTOTYPE;
goto error_close_sock;
}
}
static int
-make_openflow_device(unsigned int minor, char **fnp)
+make_openvswitch_device(unsigned int minor, char **fnp)
{
- dev_t dev = makedev(get_openflow_major(), minor);
+ dev_t dev = makedev(get_openvswitch_major(), minor);
const char dirname[] = "/dev/net";
struct stat s;
char fn[128];
static int
-get_openflow_major(void)
+get_openvswitch_major(void)
{
- static unsigned int openflow_major;
- if (!openflow_major) {
+ static unsigned int openvswitch_major;
+ if (!openvswitch_major) {
enum { DEFAULT_MAJOR = 248 };
- openflow_major = get_major("openflow", DEFAULT_MAJOR);
+ openvswitch_major = get_major("openvswitch", DEFAULT_MAJOR);
}
- return openflow_major;
+ return openvswitch_major;
}
static int
dpif->minor = -1;
dpif->fd = -1;
- error = make_openflow_device(minor, &fn);
+ error = make_openvswitch_device(minor, &fn);
if (error) {
return error;
}
* generalize to multiple types of local datapaths, but the implementation only
* supports the openflow kernel module. */
-#include "openflow/datapath-protocol.h"
+#include "openvswitch/datapath-protocol.h"
#include <stdbool.h>
#include <stddef.h>
#include <stdint.h>
sigaddset(&fatal_signal_set, sig_nr);
if (sigaction(sig_nr, NULL, &old_sa)) {
- ofp_fatal(errno, "sigaction");
+ ovs_fatal(errno, "sigaction");
}
if (old_sa.sa_handler == SIG_DFL
&& signal(sig_nr, fatal_signal_handler) == SIG_ERR) {
- ofp_fatal(errno, "signal");
+ ovs_fatal(errno, "signal");
}
}
atexit(atexit_handler);
#include "dynamic-string.h"
#include "hash.h"
#include "ofpbuf.h"
-#include "openflow/datapath-protocol.h"
#include "openflow/openflow.h"
+#include "openvswitch/datapath-protocol.h"
#include "packets.h"
#include "vlog.h"
#include <string.h>
#include "openflow/openflow.h"
#include "hash.h"
-#include "openflow/datapath-protocol.h"
#include "openflow/openflow.h"
+#include "openvswitch/datapath-protocol.h"
#include "util.h"
struct ds;
tap_fd = open(tap_dev, O_RDWR);
if (tap_fd < 0) {
- ofp_error(errno, "opening \"%s\" failed", tap_dev);
+ ovs_error(errno, "opening \"%s\" failed", tap_dev);
return errno;
}
}
if (ioctl(tap_fd, TUNSETIFF, &ifr) < 0) {
int error = errno;
- ofp_error(error, "ioctl(TUNSETIFF) on \"%s\" failed", tap_dev);
+ ovs_error(error, "ioctl(TUNSETIFF) on \"%s\" failed", tap_dev);
close(tap_fd);
return error;
}
error = set_nonblocking(tap_fd);
if (error) {
- ofp_error(error, "set_nonblocking on \"%s\" failed", tap_dev);
+ ovs_error(error, "set_nonblocking on \"%s\" failed", tap_dev);
close(tap_fd);
return error;
}
af_inet_sock = socket(AF_INET, SOCK_DGRAM, 0);
if (af_inet_sock < 0) {
- ofp_fatal(errno, "socket(AF_INET)");
+ ovs_fatal(errno, "socket(AF_INET)");
}
error = nl_sock_create(NETLINK_ROUTE, 0, 0, 0, &rtnl_sock);
if (error) {
- ofp_fatal(error, "socket(AF_NETLINK, NETLINK_ROUTE)");
+ ovs_fatal(error, "socket(AF_NETLINK, NETLINK_ROUTE)");
}
/* Decide on the netdev_get_stats() implementation to use. Netlink is
#include <stdbool.h>
#include <stdint.h>
-#include "openflow/datapath-protocol.h"
#include "openflow/openflow.h"
+#include "openvswitch/datapath-protocol.h"
struct ds;
pcap = tmpfile();
if (!pcap) {
- ofp_error(errno, "tmpfile");
+ ovs_error(errno, "tmpfile");
return xstrdup("<error>");
}
pcap_write_header(pcap);
pcap_write(pcap, &buf);
fflush(pcap);
if (ferror(pcap)) {
- ofp_error(errno, "error writing temporary file");
+ ovs_error(errno, "error writing temporary file");
}
rewind(pcap);
tcpdump = popen(command, "r");
fclose(pcap);
if (!tcpdump) {
- ofp_error(errno, "exec(\"%s\")", command);
+ ovs_error(errno, "exec(\"%s\")", command);
return xstrdup("<error>");
}
status = pclose(tcpdump);
if (WIFEXITED(status)) {
if (WEXITSTATUS(status))
- ofp_error(0, "tcpdump exited with status %d", WEXITSTATUS(status));
+ ovs_error(0, "tcpdump exited with status %d", WEXITSTATUS(status));
} else if (WIFSIGNALED(status)) {
- ofp_error(0, "tcpdump exited with signal %d", WTERMSIG(status));
+ ovs_error(0, "tcpdump exited with signal %d", WTERMSIG(status));
}
return ds_cstr(&ds);
}
/* Create notification pipe. */
if (pipe(fds)) {
- ofp_fatal(errno, "could not create pipe");
+ ovs_fatal(errno, "could not create pipe");
}
set_nonblocking(fds[0]);
set_nonblocking(fds[1]);
sigemptyset(&sa.sa_mask);
sa.sa_flags = SA_NOCLDSTOP | SA_RESTART;
if (sigaction(SIGCHLD, &sa, NULL)) {
- ofp_fatal(errno, "sigaction(SIGCHLD) failed");
+ ovs_fatal(errno, "sigaction(SIGCHLD) failed");
}
}
sigemptyset(&sigchld);
sigaddset(&sigchld, SIGCHLD);
if (sigprocmask(SIG_BLOCK, &sigchld, oldsigs)) {
- ofp_fatal(errno, "sigprocmask");
+ ovs_fatal(errno, "sigprocmask");
}
}
unblock_sigchld(const sigset_t *oldsigs)
{
if (sigprocmask(SIG_SETMASK, oldsigs, NULL)) {
- ofp_fatal(errno, "sigprocmask");
+ ovs_fatal(errno, "sigprocmask");
}
}
#include "leak-checker.h"
#include "ofpbuf.h"
-static void check_queue(struct ofp_queue *q);
+static void check_queue(struct ovs_queue *q);
/* Initializes 'q' as an empty packet queue. */
void
-queue_init(struct ofp_queue *q)
+queue_init(struct ovs_queue *q)
{
q->n = 0;
q->head = NULL;
/* Destroys 'q' and all of the packets that it contains. */
void
-queue_destroy(struct ofp_queue *q)
+queue_destroy(struct ovs_queue *q)
{
struct ofpbuf *cur, *next;
for (cur = q->head; cur != NULL; cur = next) {
/* Removes and destroys all of the packets in 'q', rendering it empty. */
void
-queue_clear(struct ofp_queue *q)
+queue_clear(struct ovs_queue *q)
{
queue_destroy(q);
queue_init(q);
* passed to a function for possible consumption (and destruction) and only
* dropped from the queue if that function actually accepts it. */
void
-queue_advance_head(struct ofp_queue *q, struct ofpbuf *next)
+queue_advance_head(struct ovs_queue *q, struct ofpbuf *next)
{
assert(q->n);
assert(q->head);
/* Appends 'b' to the tail of 'q'. */
void
-queue_push_tail(struct ofp_queue *q, struct ofpbuf *b)
+queue_push_tail(struct ovs_queue *q, struct ofpbuf *b)
{
check_queue(q);
leak_checker_claim(b);
* it. The caller must free the buffer (with ofpbuf_delete()) when it is no
* longer needed. */
struct ofpbuf *
-queue_pop_head(struct ofp_queue *q)
+queue_pop_head(struct ovs_queue *q)
{
struct ofpbuf *head = q->head;
queue_advance_head(q, head->next);
/* Checks the internal integrity of 'q'. For use in debugging. */
static void
-check_queue(struct ofp_queue *q UNUSED)
+check_queue(struct ovs_queue *q UNUSED)
{
#if 0
struct ofpbuf *iter;
-/* Copyright (c) 2008 The Board of Trustees of The Leland Stanford
+/* Copyright (c) 2008, 2009 The Board of Trustees of The Leland Stanford
* Junior University
*
* We are making the OpenFlow specification and associated documentation
#define QUEUE_H 1
/* Packet queue. */
-struct ofp_queue {
+struct ovs_queue {
int n; /* Number of queued packets. */
struct ofpbuf *head; /* First queued packet, null if n == 0. */
struct ofpbuf *tail; /* Last queued packet, null if n == 0. */
};
-void queue_init(struct ofp_queue *);
-void queue_destroy(struct ofp_queue *);
-void queue_clear(struct ofp_queue *);
-void queue_advance_head(struct ofp_queue *, struct ofpbuf *next);
-void queue_push_tail(struct ofp_queue *, struct ofpbuf *);
-struct ofpbuf *queue_pop_head(struct ofp_queue *);
+void queue_init(struct ovs_queue *);
+void queue_destroy(struct ovs_queue *);
+void queue_clear(struct ovs_queue *);
+void queue_advance_head(struct ovs_queue *, struct ofpbuf *next);
+void queue_push_tail(struct ovs_queue *, struct ofpbuf *);
+struct ofpbuf *queue_pop_head(struct ovs_queue *);
#endif /* queue.h */
-/* Copyright (c) 2008 The Board of Trustees of The Leland Stanford
+/* Copyright (c) 2008, 2009 The Board of Trustees of The Leland Stanford
* Junior University
*
* We are making the OpenFlow specification and associated documentation
struct timeval tv;
inited = true;
if (gettimeofday(&tv, NULL) < 0) {
- ofp_fatal(errno, "gettimeofday");
+ ovs_fatal(errno, "gettimeofday");
}
srand(tv.tv_sec ^ tv.tv_usec);
}
char *name;
bool reliable;
- struct ofp_queue txq;
+ struct ovs_queue txq;
int backoff;
int max_backoff;
-/* Copyright (c) 2008 The Board of Trustees of The Leland Stanford
+/* Copyright (c) 2008, 2009 The Board of Trustees of The Leland Stanford
* Junior University
*
* We are making the OpenFlow specification and associated documentation
if (!inited) {
inited = true;
if (pipe(fds)) {
- ofp_fatal(errno, "could not create pipe");
+ ovs_fatal(errno, "could not create pipe");
}
set_nonblocking(fds[0]);
set_nonblocking(fds[1]);
sigemptyset(&sa.sa_mask);
sa.sa_flags = SA_RESTART;
if (sigaction(signr, &sa, NULL)) {
- ofp_fatal(errno, "sigaction(%d) failed", signr);
+ ovs_fatal(errno, "sigaction(%d) failed", signr);
}
/* Return structure. */
sigemptyset(&sa.sa_mask);
sa.sa_flags = SA_RESTART;
if (sigaction(SIGALRM, &sa, NULL)) {
- ofp_fatal(errno, "sigaction(SIGALRM) failed");
+ ovs_fatal(errno, "sigaction(SIGALRM) failed");
}
/* Set up periodic timer. */
itimer.it_interval.tv_usec = TIME_UPDATE_INTERVAL * 1000;
itimer.it_value = itimer.it_interval;
if (setitimer(ITIMER_REAL, &itimer, NULL)) {
- ofp_fatal(errno, "setitimer failed");
+ ovs_fatal(errno, "setitimer failed");
}
}
sigemptyset(&sigalrm);
sigaddset(&sigalrm, SIGALRM);
if (sigprocmask(SIG_BLOCK, &sigalrm, oldsigs)) {
- ofp_fatal(errno, "sigprocmask");
+ ovs_fatal(errno, "sigprocmask");
}
}
unblock_sigalrm(const sigset_t *oldsigs)
{
if (sigprocmask(SIG_SETMASK, oldsigs, NULL)) {
- ofp_fatal(errno, "sigprocmask");
+ ovs_fatal(errno, "sigprocmask");
}
}
if (path[0] == '/') {
server->path = xstrdup(path);
} else {
- server->path = xasprintf("%s/%s", ofp_rundir, path);
+ server->path = xasprintf("%s/%s", ovs_rundir, path);
}
} else {
- server->path = xasprintf("%s/%s.%ld.ctl", ofp_rundir,
+ server->path = xasprintf("%s/%s.%ld.ctl", ovs_rundir,
program_name, (long int) getpid());
}
\f
/* Connects to a Vlog server socket. 'path' should be the name of a Vlog
* server socket. If it does not start with '/', it will be prefixed with
- * ofp_rundir (e.g. /var/run).
+ * ovs_rundir (e.g. /var/run).
*
* Returns 0 if successful, otherwise a positive errno value. If successful,
* sets '*clientp' to the new unixctl_client, otherwise to NULL. */
if (path[0] == '/') {
client->connect_path = xstrdup(path);
} else {
- client->connect_path = xasprintf("%s/%s", ofp_rundir, path);
+ client->connect_path = xasprintf("%s/%s", ovs_rundir, path);
}
client->bind_path = xasprintf("/tmp/vlog.%ld.%d",
(long int) getpid(), counter++);
void
out_of_memory(void)
{
- ofp_fatal(0, "virtual memory exhausted");
+ ovs_fatal(0, "virtual memory exhausted");
}
void *
}
void
-ofp_fatal(int err_no, const char *format, ...)
+ovs_fatal(int err_no, const char *format, ...)
{
va_list args;
}
void
-ofp_error(int err_no, const char *format, ...)
+ovs_error(int err_no, const char *format, ...)
{
int save_errno = errno;
va_list args;
* byte in 'buf'. If 'ascii' is true then the corresponding ASCII characters
* are also rendered alongside. */
void
-ofp_hex_dump(FILE *stream, const void *buf_, size_t size,
+ovs_hex_dump(FILE *stream, const void *buf_, size_t size,
uintptr_t ofs, bool ascii)
{
const uint8_t *buf = buf_;
void strlcpy(char *dst, const char *src, size_t size);
#endif
-void ofp_fatal(int err_no, const char *format, ...)
+void ovs_fatal(int err_no, const char *format, ...)
PRINTF_FORMAT(2, 3) NO_RETURN;
-void ofp_error(int err_no, const char *format, ...) PRINTF_FORMAT(2, 3);
-void ofp_hex_dump(FILE *, const void *, size_t, uintptr_t offset, bool ascii);
+void ovs_error(int err_no, const char *format, ...) PRINTF_FORMAT(2, 3);
+void ovs_hex_dump(FILE *, const void *, size_t, uintptr_t offset, bool ascii);
bool str_to_int(const char *, int base, int *);
bool str_to_long(const char *, int base, long *);
host_name = strtok_r(suffix, "::", &save_ptr);
port_string = strtok_r(NULL, "::", &save_ptr);
if (!host_name) {
- ofp_error(0, "%s: bad peer name format", name);
+ ovs_error(0, "%s: bad peer name format", name);
return EAFNOSUPPORT;
}
if (!dh->dh) {
dh->dh = dh->constructor();
if (!dh->dh) {
- ofp_fatal(ENOMEM, "out of memory constructing "
+ ovs_fatal(ENOMEM, "out of memory constructing "
"Diffie-Hellman parameters");
}
}
host_name = strtok_r(suffix, "::", &save_ptr);
port_string = strtok_r(NULL, "::", &save_ptr);
if (!host_name) {
- ofp_error(0, "%s: bad peer name format", name);
+ ovs_error(0, "%s: bad peer name format", name);
return EAFNOSUPPORT;
}
VLOG_MODULE(netdev)
VLOG_MODULE(netflow)
VLOG_MODULE(netlink)
-VLOG_MODULE(ofp_discover)
+VLOG_MODULE(ovs_discover)
VLOG_MODULE(ofproto)
VLOG_MODULE(pktbuf)
VLOG_MODULE(pcap)
old_log_file_name = log_file_name;
log_file_name = (file_name
? xstrdup(file_name)
- : xasprintf("%s/%s.log", ofp_logdir, program_name));
+ : xasprintf("%s/%s.log", ovs_logdir, program_name));
free(old_log_file_name);
file_name = NULL; /* Might have been freed. */
if (arg) {
char *msg = vlog_set_levels_from_string(arg);
if (msg) {
- ofp_fatal(0, "processing \"%s\": %s", arg, msg);
+ ovs_fatal(0, "processing \"%s\": %s", arg, msg);
}
} else {
vlog_set_levels(VLM_ANY_MODULE, VLF_ANY_FACILITY, VLL_DBG);
" -v, --verbose set maximum verbosity level\n"
" --log-file[=FILE] enable logging to specified FILE\n"
" (default: %s/%s.log)\n",
- ofp_logdir, program_name);
+ ovs_logdir, program_name);
}
+++ /dev/null
-# -*- autoconf -*-
-
-# Copyright (c) 2008, 2009 The Board of Trustees of The Leland Stanford
-# Junior University
-#
-# We are making the OpenFlow specification and associated documentation
-# (Software) available for public use and benefit with the expectation
-# that others will use, modify and enhance the Software and contribute
-# those enhancements back to the community. However, since we would
-# like to make the Software available for broadest use, with as few
-# restrictions as possible permission is hereby granted, free of
-# charge, to any person obtaining a copy of this Software to deal in
-# the Software under the copyrights without restriction, including
-# without limitation the rights to use, copy, modify, merge, publish,
-# distribute, sublicense, and/or sell copies of the Software, and to
-# permit persons to whom the Software is furnished to do so, subject to
-# the following conditions:
-#
-# The above copyright notice and this permission notice shall be
-# included in all copies or substantial portions of the Software.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
-# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
-# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
-# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-# SOFTWARE.
-#
-# The name and trademarks of copyright holder(s) may NOT be used in
-# advertising or publicity pertaining to the Software or any
-# derivatives without specific, written prior permission.
-
-dnl Checks for --enable-ndebug and defines NDEBUG if it is specified.
-AC_DEFUN([OFP_CHECK_NDEBUG],
- [AC_ARG_ENABLE(
- [ndebug],
- [AC_HELP_STRING([--enable-ndebug],
- [Disable debugging features for max performance])],
- [case "${enableval}" in
- (yes) ndebug=true ;;
- (no) ndebug=false ;;
- (*) AC_MSG_ERROR([bad value ${enableval} for --enable-ndebug]) ;;
- esac],
- [ndebug=false])
- AM_CONDITIONAL([NDEBUG], [test x$ndebug = xtrue])])
-
-dnl Checks for Netlink support.
-AC_DEFUN([OFP_CHECK_NETLINK],
- [AC_CHECK_HEADER([linux/netlink.h],
- [HAVE_NETLINK=yes],
- [HAVE_NETLINK=no],
- [#include <sys/socket.h>
- #include <linux/types.h>
- ])
- AM_CONDITIONAL([HAVE_NETLINK], [test "$HAVE_NETLINK" = yes])
- if test "$HAVE_NETLINK" = yes; then
- AC_DEFINE([HAVE_NETLINK], [1],
- [Define to 1 if Netlink protocol is available.])
- fi])
-
-dnl Checks for OpenSSL, if --enable-ssl is passed in.
-AC_DEFUN([OFP_CHECK_OPENSSL],
- [AC_ARG_ENABLE(
- [ssl],
- [AC_HELP_STRING([--enable-ssl],
- [Enable ssl support (requires libssl)])],
- [case "${enableval}" in
- (yes) ssl=true ;;
- (no) ssl=false ;;
- (*) AC_MSG_ERROR([bad value ${enableval} for --enable-ssl]) ;;
- esac],
- [ssl=false])
-
- if test "$ssl" = true; then
- dnl Make sure that pkg-config is installed.
- m4_pattern_forbid([PKG_CHECK_MODULES])
- PKG_CHECK_MODULES([SSL], [libssl],
- [HAVE_OPENSSL=yes],
- [HAVE_OPENSSL=no
- AC_MSG_WARN([Cannot find libssl:
-
- $SSL_PKG_ERRORS
-
- OpenFlow will not support SSL connections.])])
-
- fi
- AM_CONDITIONAL([HAVE_OPENSSL], [test "$HAVE_OPENSSL" = yes])
- if test "$HAVE_OPENSSL" = yes; then
- AC_DEFINE([HAVE_OPENSSL], [1], [Define to 1 if OpenSSL is installed.])
- fi])
-
-dnl Checks for --enable-snat and defines SUPPORT_SNAT if it is specified.
-AC_DEFUN([OFP_CHECK_SNAT],
- [AC_ARG_ENABLE(
- [snat],
- [AC_HELP_STRING([--enable-snat],
- [Enable support for source-NAT action])],
- [case "${enableval}" in
- (yes) snat=true ;;
- (no) snat=false ;;
- (*) AC_MSG_ERROR([bad value ${enableval} for --enable-snat]) ;;
- esac],
- [snat=false])
- AM_CONDITIONAL([SUPPORT_SNAT], [test x$snat = xtrue])
- if test x$snat = xtrue; then
- AC_DEFINE([SUPPORT_SNAT], [1], [Define to 1 if SNAT is desired.])
- SUPPORT_SNAT=-DSUPPORT_SNAT
- AC_SUBST([SUPPORT_SNAT])
- fi])
-
-dnl Checks for libraries needed by lib/fault.c.
-AC_DEFUN([OFP_CHECK_FAULT_LIBS],
- [AC_CHECK_LIB([dl], [dladdr], [FAULT_LIBS=-ldl])
- AC_SUBST([FAULT_LIBS])])
-
-dnl Checks for libraries needed by lib/socket-util.c.
-AC_DEFUN([OFP_CHECK_SOCKET_LIBS],
- [AC_CHECK_LIB([socket], [connect])
- AC_SEARCH_LIBS([gethostbyname], [resolv], [RESOLVER_LIBS=-lresolv])])
-
-dnl Checks for the directory in which to store the PKI.
-AC_DEFUN([OFP_CHECK_PKIDIR],
- [AC_ARG_WITH(
- [pkidir],
- AC_HELP_STRING([--with-pkidir=DIR],
- [PKI hierarchy directory [[DATADIR/openflow/pki]]]),
- [PKIDIR=$withval],
- [PKIDIR='${pkgdatadir}/pki'])
- AC_SUBST([PKIDIR])])
-
-dnl Checks for the directory in which to store pidfiles.
-AC_DEFUN([OFP_CHECK_RUNDIR],
- [AC_ARG_WITH(
- [rundir],
- AC_HELP_STRING([--with-rundir=DIR],
- [directory used for pidfiles [[LOCALSTATEDIR/run]]]),
- [RUNDIR=$withval],
- [RUNDIR='${localstatedir}/run'])
- AC_SUBST([RUNDIR])])
-
-dnl Checks for the directory in which to store logs.
-AC_DEFUN([OFP_CHECK_LOGDIR],
- [AC_ARG_WITH(
- [logdir],
- AC_HELP_STRING([--with-logdir=DIR],
- [directory used for logs [[LOCALSTATEDIR/log/PACKAGE]]]),
- [LOGDIR=$withval],
- [LOGDIR='${localstatedir}/log/${PACKAGE}'])
- AC_SUBST([LOGDIR])])
-
-dnl Checks for __malloc_hook, etc., supported by glibc.
-AC_DEFUN([OFP_CHECK_MALLOC_HOOKS],
- [AC_CACHE_CHECK(
- [whether libc supports hooks for malloc and related functions],
- [ofp_cv_malloc_hooks],
- [AC_COMPILE_IFELSE(
- [AC_LANG_PROGRAM(
- [#include <malloc.h>
- ],
- [(void) __malloc_hook;
- (void) __realloc_hook;
- (void) __free_hook;])],
- [ofp_cv_malloc_hooks=yes],
- [ofp_cv_malloc_hooks=no])])
- if test $ofp_cv_malloc_hooks = yes; then
- AC_DEFINE([HAVE_MALLOC_HOOKS], [1],
- [Define to 1 if you have __malloc_hook, __realloc_hook, and
- __free_hook in <malloc.h>.])
- fi])
-
-dnl Checks for valgrind/valgrind.h.
-AC_DEFUN([OFP_CHECK_VALGRIND],
- [AC_CHECK_HEADERS([valgrind/valgrind.h])])
-
-dnl Runs the checks required to include the headers in include/ and
-dnl link against lib/libopenflow.a.
-AC_DEFUN([OFP_CHECK_LIBOPENFLOW],
- [AC_REQUIRE([AC_USE_SYSTEM_EXTENSIONS])
- AC_REQUIRE([AC_C_BIGENDIAN])
- AC_REQUIRE([OFP_CHECK_NDEBUG])
- AC_REQUIRE([OFP_CHECK_NETLINK])
- AC_REQUIRE([OFP_CHECK_OPENSSL])
- AC_REQUIRE([OFP_CHECK_SNAT])
- AC_REQUIRE([OFP_CHECK_FAULT_LIBS])
- AC_REQUIRE([OFP_CHECK_SOCKET_LIBS])
- AC_REQUIRE([OFP_CHECK_PKIDIR])
- AC_REQUIRE([OFP_CHECK_RUNDIR])
- AC_REQUIRE([OFP_CHECK_LOGDIR])
- AC_REQUIRE([OFP_CHECK_MALLOC_HOOKS])
- AC_REQUIRE([OFP_CHECK_VALGRIND])
- AC_CHECK_FUNCS([strlcpy])])
-
--- /dev/null
+# -*- autoconf -*-
+
+# Copyright (c) 2008, 2009 The Board of Trustees of The Leland Stanford
+# Junior University
+#
+# We are making the OpenFlow specification and associated documentation
+# (Software) available for public use and benefit with the expectation
+# that others will use, modify and enhance the Software and contribute
+# those enhancements back to the community. However, since we would
+# like to make the Software available for broadest use, with as few
+# restrictions as possible permission is hereby granted, free of
+# charge, to any person obtaining a copy of this Software to deal in
+# the Software under the copyrights without restriction, including
+# without limitation the rights to use, copy, modify, merge, publish,
+# distribute, sublicense, and/or sell copies of the Software, and to
+# permit persons to whom the Software is furnished to do so, subject to
+# the following conditions:
+#
+# The above copyright notice and this permission notice shall be
+# included in all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+#
+# The name and trademarks of copyright holder(s) may NOT be used in
+# advertising or publicity pertaining to the Software or any
+# derivatives without specific, written prior permission.
+
+dnl Checks for --enable-ndebug and defines NDEBUG if it is specified.
+AC_DEFUN([OVS_CHECK_NDEBUG],
+ [AC_ARG_ENABLE(
+ [ndebug],
+ [AC_HELP_STRING([--enable-ndebug],
+ [Disable debugging features for max performance])],
+ [case "${enableval}" in
+ (yes) ndebug=true ;;
+ (no) ndebug=false ;;
+ (*) AC_MSG_ERROR([bad value ${enableval} for --enable-ndebug]) ;;
+ esac],
+ [ndebug=false])
+ AM_CONDITIONAL([NDEBUG], [test x$ndebug = xtrue])])
+
+dnl Checks for Netlink support.
+AC_DEFUN([OVS_CHECK_NETLINK],
+ [AC_CHECK_HEADER([linux/netlink.h],
+ [HAVE_NETLINK=yes],
+ [HAVE_NETLINK=no],
+ [#include <sys/socket.h>
+ #include <linux/types.h>
+ ])
+ AM_CONDITIONAL([HAVE_NETLINK], [test "$HAVE_NETLINK" = yes])
+ if test "$HAVE_NETLINK" = yes; then
+ AC_DEFINE([HAVE_NETLINK], [1],
+ [Define to 1 if Netlink protocol is available.])
+ fi])
+
+dnl Checks for OpenSSL, if --enable-ssl is passed in.
+AC_DEFUN([OVS_CHECK_OPENSSL],
+ [AC_ARG_ENABLE(
+ [ssl],
+ [AC_HELP_STRING([--enable-ssl],
+ [Enable ssl support (requires libssl)])],
+ [case "${enableval}" in
+ (yes) ssl=true ;;
+ (no) ssl=false ;;
+ (*) AC_MSG_ERROR([bad value ${enableval} for --enable-ssl]) ;;
+ esac],
+ [ssl=false])
+
+ if test "$ssl" = true; then
+ dnl Make sure that pkg-config is installed.
+ m4_pattern_forbid([PKG_CHECK_MODULES])
+ PKG_CHECK_MODULES([SSL], [libssl],
+ [HAVE_OPENSSL=yes],
+ [HAVE_OPENSSL=no
+ AC_MSG_WARN([Cannot find libssl:
+
+ $SSL_PKG_ERRORS
+
+ OpenFlow connections over SSL will not be supported.])])
+
+ fi
+ AM_CONDITIONAL([HAVE_OPENSSL], [test "$HAVE_OPENSSL" = yes])
+ if test "$HAVE_OPENSSL" = yes; then
+ AC_DEFINE([HAVE_OPENSSL], [1], [Define to 1 if OpenSSL is installed.])
+ fi])
+
+dnl Checks for --enable-snat and defines SUPPORT_SNAT if it is specified.
+AC_DEFUN([OVS_CHECK_SNAT],
+ [AC_ARG_ENABLE(
+ [snat],
+ [AC_HELP_STRING([--enable-snat],
+ [Enable support for source-NAT action])],
+ [case "${enableval}" in
+ (yes) snat=true ;;
+ (no) snat=false ;;
+ (*) AC_MSG_ERROR([bad value ${enableval} for --enable-snat]) ;;
+ esac],
+ [snat=false])
+ AM_CONDITIONAL([SUPPORT_SNAT], [test x$snat = xtrue])
+ if test x$snat = xtrue; then
+ AC_DEFINE([SUPPORT_SNAT], [1], [Define to 1 if SNAT is desired.])
+ SUPPORT_SNAT=-DSUPPORT_SNAT
+ AC_SUBST([SUPPORT_SNAT])
+ fi])
+
+dnl Checks for libraries needed by lib/fault.c.
+AC_DEFUN([OVS_CHECK_FAULT_LIBS],
+ [AC_CHECK_LIB([dl], [dladdr], [FAULT_LIBS=-ldl])
+ AC_SUBST([FAULT_LIBS])])
+
+dnl Checks for libraries needed by lib/socket-util.c.
+AC_DEFUN([OVS_CHECK_SOCKET_LIBS],
+ [AC_CHECK_LIB([socket], [connect])
+ AC_SEARCH_LIBS([gethostbyname], [resolv], [RESOLVER_LIBS=-lresolv])])
+
+dnl Checks for the directory in which to store the PKI.
+AC_DEFUN([OVS_CHECK_PKIDIR],
+ [AC_ARG_WITH(
+ [pkidir],
+ AC_HELP_STRING([--with-pkidir=DIR],
+ [PKI hierarchy directory [[DATADIR/openvswitch/pki]]]),
+ [PKIDIR=$withval],
+ [PKIDIR='${pkgdatadir}/pki'])
+ AC_SUBST([PKIDIR])])
+
+dnl Checks for the directory in which to store pidfiles.
+AC_DEFUN([OVS_CHECK_RUNDIR],
+ [AC_ARG_WITH(
+ [rundir],
+ AC_HELP_STRING([--with-rundir=DIR],
+ [directory used for pidfiles [[LOCALSTATEDIR/run]]]),
+ [RUNDIR=$withval],
+ [RUNDIR='${localstatedir}/run'])
+ AC_SUBST([RUNDIR])])
+
+dnl Checks for the directory in which to store logs.
+AC_DEFUN([OVS_CHECK_LOGDIR],
+ [AC_ARG_WITH(
+ [logdir],
+ AC_HELP_STRING([--with-logdir=DIR],
+ [directory used for logs [[LOCALSTATEDIR/log/PACKAGE]]]),
+ [LOGDIR=$withval],
+ [LOGDIR='${localstatedir}/log/${PACKAGE}'])
+ AC_SUBST([LOGDIR])])
+
+dnl Checks for __malloc_hook, etc., supported by glibc.
+AC_DEFUN([OVS_CHECK_MALLOC_HOOKS],
+ [AC_CACHE_CHECK(
+ [whether libc supports hooks for malloc and related functions],
+ [ovs_cv_malloc_hooks],
+ [AC_COMPILE_IFELSE(
+ [AC_LANG_PROGRAM(
+ [#include <malloc.h>
+ ],
+ [(void) __malloc_hook;
+ (void) __realloc_hook;
+ (void) __free_hook;])],
+ [ovs_cv_malloc_hooks=yes],
+ [ovs_cv_malloc_hooks=no])])
+ if test $ovs_cv_malloc_hooks = yes; then
+ AC_DEFINE([HAVE_MALLOC_HOOKS], [1],
+ [Define to 1 if you have __malloc_hook, __realloc_hook, and
+ __free_hook in <malloc.h>.])
+ fi])
+
+dnl Checks for valgrind/valgrind.h.
+AC_DEFUN([OVS_CHECK_VALGRIND],
+ [AC_CHECK_HEADERS([valgrind/valgrind.h])])
+
+dnl Runs the checks required to include the headers in include/ and
+dnl link against lib/libopenvswitch.a.
+AC_DEFUN([OVS_CHECK_LIBOPENVSWITCH],
+ [AC_REQUIRE([AC_USE_SYSTEM_EXTENSIONS])
+ AC_REQUIRE([AC_C_BIGENDIAN])
+ AC_REQUIRE([OVS_CHECK_NDEBUG])
+ AC_REQUIRE([OVS_CHECK_NETLINK])
+ AC_REQUIRE([OVS_CHECK_OPENSSL])
+ AC_REQUIRE([OVS_CHECK_SNAT])
+ AC_REQUIRE([OVS_CHECK_FAULT_LIBS])
+ AC_REQUIRE([OVS_CHECK_SOCKET_LIBS])
+ AC_REQUIRE([OVS_CHECK_PKIDIR])
+ AC_REQUIRE([OVS_CHECK_RUNDIR])
+ AC_REQUIRE([OVS_CHECK_LOGDIR])
+ AC_REQUIRE([OVS_CHECK_MALLOC_HOOKS])
+ AC_REQUIRE([OVS_CHECK_VALGRIND])
+ AC_CHECK_FUNCS([strlcpy])])
+
secchan_secchan_SOURCES = secchan/main.c
secchan_secchan_LDADD = \
secchan/libsecchan.a \
- lib/libopenflow.a \
+ lib/libopenvswitch.a \
$(FAULT_LIBS) \
$(SSL_LIBS)
#! /bin/sh
-ofp-kill --force --signal=USR1 ofp-switchui.pid
+ovs-kill --force --signal=USR1 ovs-switchui.pid
reboot
e->command_acl = xstrdup(command_acl);
e->command_dir = (command_dir
? xstrdup(command_dir)
- : xasprintf("%s/commands", ofp_pkgdatadir));
+ : xasprintf("%s/commands", ovs_pkgdatadir));
e->n_children = 0;
*executerp = e;
return 0;
/* Start listening for vlogconf requests. */
error = unixctl_server_create(NULL, &unixctl);
if (error) {
- ofp_fatal(error, "Could not listen for unixctl connections");
+ ovs_fatal(error, "Could not listen for unixctl connections");
}
- VLOG_INFO("OpenFlow reference implementation version %s", VERSION BUILDNR);
+ VLOG_INFO("OpenVSwitch version %s", VERSION BUILDNR);
VLOG_INFO("OpenFlow protocol version 0x%02x", OFP_VERSION);
/* Start OpenFlow processing. */
error = ofproto_create(s.dp_name, NULL, NULL, &ofproto);
if (error) {
- ofp_fatal(error, "could not initialize openflow switch");
+ ovs_fatal(error, "could not initialize openflow switch");
}
error = ofproto_set_in_band(ofproto, s.in_band);
if (error) {
- ofp_fatal(error, "failed to configure in-band control");
+ ovs_fatal(error, "failed to configure in-band control");
}
error = ofproto_set_discovery(ofproto, s.discovery, s.accept_controller_re,
s.update_resolv_conf);
if (error) {
- ofp_fatal(error, "failed to configure controller discovery");
+ ovs_fatal(error, "failed to configure controller discovery");
}
if (s.datapath_id) {
ofproto_set_datapath_id(ofproto, s.datapath_id);
ofproto_set_desc(ofproto, s.mfr_desc, s.hw_desc, s.sw_desc, s.serial_desc);
error = ofproto_set_listeners(ofproto, &s.listeners);
if (error) {
- ofp_fatal(error, "failed to configure management connections");
+ ovs_fatal(error, "failed to configure management connections");
}
error = ofproto_set_snoops(ofproto, &s.snoops);
if (error) {
- ofp_fatal(error,
+ ovs_fatal(error,
"failed to configure controller snooping connections");
}
error = ofproto_set_netflow(ofproto, &s.netflow);
if (error) {
- ofp_fatal(error, "failed to configure NetFlow collectors");
+ ovs_fatal(error, "failed to configure NetFlow collectors");
}
ofproto_set_failure(ofproto, s.fail_mode == FAIL_OPEN);
ofproto_set_probe_interval(ofproto, s.probe_interval);
ofproto_set_rate_limit(ofproto, s.rate_limit, s.burst_limit);
error = ofproto_set_stp(ofproto, s.enable_stp);
if (error) {
- ofp_fatal(error, "failed to configure STP");
+ ovs_fatal(error, "failed to configure STP");
}
error = ofproto_set_remote_execution(ofproto, s.command_acl,
s.command_dir);
if (error) {
- ofp_fatal(error, "failed to configure remote command execution");
+ ovs_fatal(error, "failed to configure remote command execution");
}
if (!s.discovery) {
error = ofproto_set_controller(ofproto, s.controller_name);
if (error) {
- ofp_fatal(error, "failed to configure controller");
+ ovs_fatal(error, "failed to configure controller");
}
}
while (ofproto_is_alive(ofproto)) {
error = ofproto_run(ofproto);
if (error) {
- ofp_fatal(error, "unrecoverable datapath error");
+ ovs_fatal(error, "unrecoverable datapath error");
}
unixctl_server_run(unixctl);
case OPT_DATAPATH_ID:
if (strlen(optarg) != 12
|| strspn(optarg, "0123456789abcdefABCDEF") != 12) {
- ofp_fatal(0, "argument to --datapath-id must be "
+ ovs_fatal(0, "argument to --datapath-id must be "
"exactly 12 hex digits");
}
s->datapath_id = strtoll(optarg, NULL, 16);
if (!s->datapath_id) {
- ofp_fatal(0, "argument to --datapath-id must be nonzero");
+ ovs_fatal(0, "argument to --datapath-id must be nonzero");
}
break;
} else if (!strcmp(optarg, "closed")) {
s->fail_mode = FAIL_CLOSED;
} else {
- ofp_fatal(0, "-f or --fail argument must be \"open\" "
+ ovs_fatal(0, "-f or --fail argument must be \"open\" "
"or \"closed\"");
}
break;
case OPT_INACTIVITY_PROBE:
s->probe_interval = atoi(optarg);
if (s->probe_interval < 5) {
- ofp_fatal(0, "--inactivity-probe argument must be at least 5");
+ ovs_fatal(0, "--inactivity-probe argument must be at least 5");
}
break;
} else {
s->max_idle = atoi(optarg);
if (s->max_idle < 1 || s->max_idle > 65535) {
- ofp_fatal(0, "--max-idle argument must be between 1 and "
+ ovs_fatal(0, "--max-idle argument must be between 1 and "
"65535 or the word 'permanent'");
}
}
case OPT_MAX_BACKOFF:
s->max_backoff = atoi(optarg);
if (s->max_backoff < 1) {
- ofp_fatal(0, "--max-backoff argument must be at least 1");
+ ovs_fatal(0, "--max-backoff argument must be at least 1");
} else if (s->max_backoff > 3600) {
s->max_backoff = 3600;
}
if (optarg) {
s->rate_limit = atoi(optarg);
if (s->rate_limit < 1) {
- ofp_fatal(0, "--rate-limit argument must be at least 1");
+ ovs_fatal(0, "--rate-limit argument must be at least 1");
}
} else {
s->rate_limit = 1000;
case OPT_BURST_LIMIT:
s->burst_limit = atoi(optarg);
if (s->burst_limit < 1) {
- ofp_fatal(0, "--burst-limit argument must be at least 1");
+ ovs_fatal(0, "--burst-limit argument must be at least 1");
}
break;
case OPT_MGMT_ID:
if (strlen(optarg) != 12
|| strspn(optarg, "0123456789abcdefABCDEF") != 12) {
- ofp_fatal(0, "argument to --mgmt-id must be "
+ ovs_fatal(0, "argument to --mgmt-id must be "
"exactly 12 hex digits");
}
s->mgmt_id = strtoll(optarg, NULL, 16);
if (!s->mgmt_id) {
- ofp_fatal(0, "argument to --mgmt-id must be nonzero");
+ ovs_fatal(0, "argument to --mgmt-id must be nonzero");
}
break;
argc -= optind;
argv += optind;
if (argc < 1 || argc > 2) {
- ofp_fatal(0, "need one or two non-option arguments; "
+ ovs_fatal(0, "need one or two non-option arguments; "
"use --help for usage");
}
/* Mode of operation. */
s->discovery = s->controller_name == NULL;
if (s->discovery && !s->in_band) {
- ofp_fatal(0, "Cannot perform discovery with out-of-band control");
+ ovs_fatal(0, "Cannot perform discovery with out-of-band control");
}
/* Rate limiting. */
static void
usage(void)
{
- printf("%s: secure channel, a relay for OpenFlow messages.\n"
+ printf("%s: an OpenFlow switch implementation.\n"
"usage: %s [OPTIONS] DATAPATH [CONTROLLER]\n"
"DATAPATH is a local datapath (e.g. \"dp0\").\n"
"CONTROLLER is an active OpenFlow connection method; if it is\n"
"\nRemote command execution options:\n"
" --command-acl=[!]GLOB[,[!]GLOB...] set allowed/denied commands\n"
" --command-dir=DIR set command dir (default: %s/commands)\n",
- ofp_pkgdatadir);
+ ovs_pkgdatadir);
daemon_usage();
vlog_usage();
printf("\nOther options:\n"
host_name = strtok_r(dst, "::", &save_ptr);
port_string = strtok_r(NULL, "::", &save_ptr);
if (!host_name) {
- ofp_error(0, "%s: bad peer name format", dst);
+ ovs_error(0, "%s: bad peer name format", dst);
return -EAFNOSUPPORT;
}
if (!port_string) {
- ofp_error(0, "%s: bad port format", dst);
+ ovs_error(0, "%s: bad port format", dst);
return -EAFNOSUPPORT;
}
#include "odp-util.h"
#include "ofp-print.h"
#include "ofpbuf.h"
-#include "openflow/datapath-protocol.h"
#include "openflow/nicira-ext.h"
#include "openflow/openflow.h"
#include "openflow/openflow-mgmt.h"
+#include "openvswitch/datapath-protocol.h"
#include "packets.h"
#include "pinsched.h"
#include "pktbuf.h"
int burst_limit; /* Maximum token bucket size, in packets. */
/* One queue per physical port. */
- struct port_array queues; /* Array of "struct ofp_queue *". */
+ struct port_array queues; /* Array of "struct ovs_queue *". */
int n_queued; /* Sum over queues[*].n. */
unsigned int last_tx_port; /* Last port checked in round-robin. */
};
static struct ofpbuf *
-dequeue_packet(struct pinsched *ps, struct ofp_queue *q,
+dequeue_packet(struct pinsched *ps, struct ovs_queue *q,
unsigned int port_no)
{
struct ofpbuf *packet = queue_pop_head(q);
static void
drop_packet(struct pinsched *ps)
{
- struct ofp_queue *longest; /* Queue currently selected as longest. */
+ struct ovs_queue *longest; /* Queue currently selected as longest. */
int n_longest; /* # of queues of same length as 'longest'. */
unsigned int longest_port_no;
unsigned int port_no;
- struct ofp_queue *q;
+ struct ovs_queue *q;
ps->n_queue_dropped++;
static struct ofpbuf *
get_tx_packet(struct pinsched *ps)
{
- struct ofp_queue *q = port_array_next(&ps->queues, &ps->last_tx_port);
+ struct ovs_queue *q = port_array_next(&ps->queues, &ps->last_tx_port);
if (!q) {
q = port_array_first(&ps->queues, &ps->last_tx_port);
}
cb(packet, aux);
} else {
/* Otherwise queue it up for the periodic callback to drain out. */
- struct ofp_queue *q;
+ struct ovs_queue *q;
/* We are called with a buffer obtained from dpif_recv() that has much
* more allocated space than actual content most of the time. Since
pinsched_destroy(struct pinsched *ps)
{
if (ps) {
- struct ofp_queue *queue;
+ struct ovs_queue *queue;
unsigned int port_no;
PORT_ARRAY_FOR_EACH (queue, &ps->queues, port_no) {
-.TH secchan 8 "March 2009" "OpenFlow" "OpenFlow Manual"
+.TH secchan 8 "March 2009" "OpenVSwitch" "OpenVSwitch Manual"
.ds PN secchan
.SH NAME
.SH "SEE ALSO"
.BR dpctl (8),
-.BR ofp-discover (8),
+.BR ovs-discover (8),
.BR controller (8),
-.BR ofp-pki (8),
+.BR ovs-pki (8),
.BR udatapath (8),
.BR vlogconf (8),
.BR vswitchd.conf (5)
TESTS += tests/test-classifier
noinst_PROGRAMS += tests/test-classifier
tests_test_classifier_SOURCES = tests/test-classifier.c
-tests_test_classifier_LDADD = lib/libopenflow.a
+tests_test_classifier_LDADD = lib/libopenvswitch.a
TESTS += tests/test-flows.sh
noinst_PROGRAMS += tests/test-flows
tests_test_flows_SOURCES = tests/test-flows.c
-tests_test_flows_LDADD = lib/libopenflow.a
+tests_test_flows_LDADD = lib/libopenvswitch.a
dist_check_SCRIPTS = tests/test-flows.sh tests/flowgen.pl
TESTS += tests/test-hmap
noinst_PROGRAMS += tests/test-hmap
tests_test_hmap_SOURCES = tests/test-hmap.c
-tests_test_hmap_LDADD = lib/libopenflow.a
+tests_test_hmap_LDADD = lib/libopenvswitch.a
TESTS += tests/test-list
noinst_PROGRAMS += tests/test-list
tests_test_list_SOURCES = tests/test-list.c
-tests_test_list_LDADD = lib/libopenflow.a
+tests_test_list_LDADD = lib/libopenvswitch.a
TESTS += tests/test-type-props
noinst_PROGRAMS += tests/test-type-props
noinst_PROGRAMS += tests/test-dhcp-client
tests_test_dhcp_client_SOURCES = tests/test-dhcp-client.c
-tests_test_dhcp_client_LDADD = lib/libopenflow.a $(FAULT_LIBS)
+tests_test_dhcp_client_LDADD = lib/libopenvswitch.a $(FAULT_LIBS)
TESTS += tests/test-stp.sh
EXTRA_DIST += tests/test-stp.sh
noinst_PROGRAMS += tests/test-stp
tests_test_stp_SOURCES = tests/test-stp.c
-tests_test_stp_LDADD = lib/libopenflow.a
+tests_test_stp_LDADD = lib/libopenvswitch.a
stp_files = \
tests/test-stp-ieee802.1d-1998 \
tests/test-stp-ieee802.1d-2004-fig17.4 \
-/* Copyright (c) 2008 The Board of Trustees of The Leland Stanford
+/* Copyright (c) 2008, 2009 The Board of Trustees of The Leland Stanford
* Junior University
*
* We are making the OpenFlow specification and associated documentation
argc -= optind;
argv += optind;
if (argc != 1) {
- ofp_fatal(0, "exactly one non-option argument required; "
+ ovs_fatal(0, "exactly one non-option argument required; "
"use --help for help");
}
error = dhclient_create(argv[0], modify_dhcp_request, NULL, NULL, &cli);
if (error) {
- ofp_fatal(error, "dhclient_create failed");
+ ovs_fatal(error, "dhclient_create failed");
}
dhclient_init(cli, request_ip.s_addr);
fatal_signal_add_hook(release, cli, true);
switch (c) {
case OPT_REQUEST_IP:
if (!inet_aton(optarg, &request_ip)) {
- ofp_fatal(0,
+ ovs_fatal(0,
"--request-ip argument is not a valid IP address");
}
break;
static void
usage(void)
{
- printf("%s: standalone program for testing OpenFlow DHCP client.\n"
+ printf("%s: standalone program for testing OpenVSwitch DHCP client.\n"
"usage: %s [OPTIONS] NETDEV\n"
"where NETDEV is a network device (e.g. eth0).\n"
"\nDHCP options:\n"
flows = stdin;
pcap = fdopen(3, "rb");
if (!pcap) {
- ofp_fatal(errno, "failed to open fd 3 for reading");
+ ovs_fatal(errno, "failed to open fd 3 for reading");
}
retval = pcap_read_header(pcap);
if (retval) {
- ofp_fatal(retval > 0 ? retval : 0, "reading pcap header failed");
+ ovs_fatal(retval > 0 ? retval : 0, "reading pcap header failed");
}
while (fread(&expected_match, sizeof expected_match, 1, flows)) {
retval = pcap_read(pcap, &packet);
if (retval == EOF) {
- ofp_fatal(0, "unexpected end of file reading pcap file");
+ ovs_fatal(0, "unexpected end of file reading pcap file");
} else if (retval) {
- ofp_fatal(retval, "error reading pcap file");
+ ovs_fatal(retval, "error reading pcap file");
}
flow_extract(packet, 1, &flow);
-/* Copyright (c) 2008 The Board of Trustees of The Leland Stanford
+/* Copyright (c) 2008, 2009 The Board of Trustees of The Leland Stanford
* Junior University
*
* We are making the OpenFlow specification and associated documentation
int i;
if (argc != 2) {
- ofp_fatal(0, "usage: test-stp INPUT.STP\n");
+ ovs_fatal(0, "usage: test-stp INPUT.STP\n");
}
file_name = argv[1];
input_file = fopen(file_name, "r");
if (!input_file) {
- ofp_fatal(errno, "error opening \"%s\"", file_name);
+ ovs_fatal(errno, "error opening \"%s\"", file_name);
}
tc = new_test_case();
/dpctl
/dpctl.8
/nlmon
-/ofp-discover
-/ofp-discover.8
-/ofp-kill
-/ofp-kill.8
-/ofp-parse-leaks
-/ofp-pki
-/ofp-pki-cgi
-/ofp-pki.8
+/ovs-discover
+/ovs-discover.8
+/ovs-kill
+/ovs-kill.8
+/ovs-parse-leaks
+/ovs-pki
+/ovs-pki-cgi
+/ovs-pki.8
/vlogconf
/vlogconf.8
utilities/vlogconf \
utilities/cfg-mod \
utilities/dpctl \
- utilities/ofp-discover \
- utilities/ofp-kill
+ utilities/ovs-discover \
+ utilities/ovs-kill
noinst_PROGRAMS += utilities/nlmon
-bin_SCRIPTS += utilities/ofp-pki
-noinst_SCRIPTS += utilities/ofp-pki-cgi utilities/ofp-parse-leaks
+bin_SCRIPTS += utilities/ovs-pki
+noinst_SCRIPTS += utilities/ovs-pki-cgi utilities/ovs-parse-leaks
EXTRA_DIST += \
utilities/cfg-mod.8.in \
utilities/dpctl.8.in \
- utilities/ofp-discover.8.in \
- utilities/ofp-kill.8.in \
- utilities/ofp-parse-leaks.in \
- utilities/ofp-pki-cgi.in \
- utilities/ofp-pki.8.in \
- utilities/ofp-pki.in \
+ utilities/ovs-discover.8.in \
+ utilities/ovs-kill.8.in \
+ utilities/ovs-parse-leaks.in \
+ utilities/ovs-pki-cgi.in \
+ utilities/ovs-pki.8.in \
+ utilities/ovs-pki.in \
utilities/vlogconf.8.in
DISTCLEANFILES += \
utilities/cfg-mod.8 \
utilities/dpctl.8 \
- utilities/ofp-discover.8 \
- utilities/ofp-kill.8 \
- utilities/ofp-parse-leaks \
- utilities/ofp-pki \
- utilities/ofp-pki.8 \
- utilities/ofp-pki-cgi \
+ utilities/ovs-discover.8 \
+ utilities/ovs-kill.8 \
+ utilities/ovs-parse-leaks \
+ utilities/ovs-pki \
+ utilities/ovs-pki.8 \
+ utilities/ovs-pki-cgi \
utilities/vlogconf.8
man_MANS += \
utilities/cfg-mod.8 \
utilities/dpctl.8 \
- utilities/ofp-discover.8 \
- utilities/ofp-kill.8 \
- utilities/ofp-pki.8 \
+ utilities/ovs-discover.8 \
+ utilities/ovs-kill.8 \
+ utilities/ovs-pki.8 \
utilities/vlogconf.8
utilities_cfg_mod_SOURCES = utilities/cfg-mod.c
-utilities_cfg_mod_LDADD = lib/libopenflow.a
+utilities_cfg_mod_LDADD = lib/libopenvswitch.a
utilities_dpctl_SOURCES = utilities/dpctl.c
-utilities_dpctl_LDADD = lib/libopenflow.a $(FAULT_LIBS) $(SSL_LIBS)
+utilities_dpctl_LDADD = lib/libopenvswitch.a $(FAULT_LIBS) $(SSL_LIBS)
utilities_vlogconf_SOURCES = utilities/vlogconf.c
-utilities_vlogconf_LDADD = lib/libopenflow.a
+utilities_vlogconf_LDADD = lib/libopenvswitch.a
-utilities_ofp_discover_SOURCES = utilities/ofp-discover.c
-utilities_ofp_discover_LDADD = lib/libopenflow.a
+utilities_ovs_discover_SOURCES = utilities/ovs-discover.c
+utilities_ovs_discover_LDADD = lib/libopenvswitch.a
-utilities_ofp_kill_SOURCES = utilities/ofp-kill.c
-utilities_ofp_kill_LDADD = lib/libopenflow.a
+utilities_ovs_kill_SOURCES = utilities/ovs-kill.c
+utilities_ovs_kill_LDADD = lib/libopenvswitch.a
utilities_nlmon_SOURCES = utilities/nlmon.c
-utilities_nlmon_LDADD = lib/libopenflow.a
+utilities_nlmon_LDADD = lib/libopenvswitch.a
-.TH cfg-mod 8 "April 2009" "OpenFlow" "OpenFlow Manual"
+.TH cfg-mod 8 "April 2009" "OpenVSwitch" "OpenVSwitch Manual"
.ds PN cfg-mod
.
.SH NAME
error = cfg_set_file(config_file);
if (error) {
- ofp_fatal(error, "failed to add configuration file \"%s\"",
+ ovs_fatal(error, "failed to add configuration file \"%s\"",
config_file);
}
error = cfg_lock(NULL, 0);
if (error) {
- ofp_fatal(error, "could not lock configuration file\n");
+ ovs_fatal(error, "could not lock configuration file\n");
}
}
if ((option > UCHAR_MAX || !strchr("Fh?", option))
&& config_set == false) {
- ofp_fatal(0, "no config file specified (use --help for help)");
+ ovs_fatal(0, "no config file specified (use --help for help)");
}
switch (option) {
free(short_options);
if (optind != argc) {
- ofp_fatal(0, "non-option arguments not accepted "
+ ovs_fatal(0, "non-option arguments not accepted "
"(use --help for help)");
}
-.TH dpctl 8 "March 2009" "OpenFlow" "OpenFlow Manual"
+.TH dpctl 8 "March 2009" "OpenVSwitch" "OpenVSwitch Manual"
.ds PN dpctl
.SH NAME
-dpctl \- administer OpenFlow switches and datapaths
+dpctl \- administer OpenVSwitch datapaths and OpenFlow switches
.SH SYNOPSIS
.B dpctl
.SH DESCRIPTION
The
.B dpctl
-program is a command line tool primarily for monitoring and
-administering OpenFlow switches. It is able to show the current state
-of a switch, including features, configuration, and table entries.
+program is a command line tool for monitoring and administering
+OpenVSwitch datapaths and OpenFlow switches.
.B dpctl
-can also add, delete, and modify OpenFlow reference implementation
-datapaths.
+can add, delete, and modify OpenVSwitch datapaths. It can also show
+the current state of an OpenFlow switch, including features,
+configuration, and table entries.
-.SS "Datapath Commands"
+.SS "OpenVSwitch Datapath Commands"
-The \fBdpctl\fR program can create, modify, and delete datapaths
-supported by the OpenFlow reference implementation. A
-single machine may host up to 256 datapaths (numbered 0 to 255).
+The \fBdpctl\fR program can create, modify, and delete OpenVSwitch
+datapaths. A single machine may host up to 256 datapaths (numbered 0
+to 255).
A newly created datapath is associated with only one network device, a
virtual network device sometimes called the datapath's ``local port''.
Prints to the console all flow entries in datapath \fIdp\fR's
flow table.
-This command is primarily useful for debugging the OpenFlow reference
-implementation. The flow table entries that it displays are not
+This command is primarily useful for debugging OpenVSwitch. The flow
+table entries that it displays are not
OpenFlow flow entries. Instead, they are different and considerably
-simpler flows maintained by the datapaths used by the OpenFlow
-reference implementation.
+simpler flows maintained by the OpenVSwitch kernel module.
.IP "\fBdp-del-flows \fIdp\fR"
Deletes all flow entries from datapath \fIdp\fR's flow table.
-This command is primarily useful for debugging the OpenFlow reference
-implementation. As discussed in \fBdp-dump-flows\fR, these entries are
+This command is primarily useful for debugging OpenVSwitch. As
+discussed in \fBdp-dump-flows\fR, these entries are
not OpenFlow flow entries. By deleting them, the process that set them
up may be confused about their disappearance.
all ports except those disabled by STP, and group 1 contains all
ports. Additional groups might be used in the future.
-This command is primarily useful for debugging the OpenFlow reference
-implementation. OpenFlow does not have a concept of port groups.
+This command is primarily useful for debugging OpenVSwitch. OpenFlow
+does not have a concept of port groups.
.SS "OpenFlow Switch Management Commands"
argc -= optind;
argv += optind;
if (argc < 1)
- ofp_fatal(0, "missing command name; use --help for help");
+ ovs_fatal(0, "missing command name; use --help for help");
for (p = all_commands; p->name != NULL; p++) {
if (!strcmp(p->name, argv[0])) {
int n_arg = argc - 1;
if (n_arg < p->min_args)
- ofp_fatal(0, "'%s' command requires at least %d arguments",
+ ovs_fatal(0, "'%s' command requires at least %d arguments",
p->name, p->min_args);
else if (n_arg > p->max_args)
- ofp_fatal(0, "'%s' command takes at most %d arguments",
+ ovs_fatal(0, "'%s' command takes at most %d arguments",
p->name, p->max_args);
else {
p->handler(&s, argc, argv);
if (ferror(stdout)) {
- ofp_fatal(0, "write to stdout failed");
+ ovs_fatal(0, "write to stdout failed");
}
if (ferror(stderr)) {
- ofp_fatal(0, "write to stderr failed");
+ ovs_fatal(0, "write to stderr failed");
}
exit(0);
}
}
}
- ofp_fatal(0, "unknown command '%s'; use --help for help", argv[0]);
+ ovs_fatal(0, "unknown command '%s'; use --help for help", argv[0]);
return 0;
}
case 't':
timeout = strtoul(optarg, NULL, 10);
if (timeout <= 0) {
- ofp_fatal(0, "value %s on -t or --timeout is not at least 1",
+ ovs_fatal(0, "value %s on -t or --timeout is not at least 1",
optarg);
} else {
time_alarm(timeout);
static void
usage(void)
{
- printf("%s: OpenFlow switch management utility\n"
+ printf("%s: OpenVSwitch datapath and OpenFlow switch management utility\n"
"usage: %s [OPTIONS] COMMAND [ARG...]\n"
- "\nFor datapaths:\n"
+ "\nFor OpenVSwitch datapaths:\n"
" adddp DP [IFACE...] add new datapath DP (with IFACES)\n"
" deldp DP delete local datapath DP\n"
" addif DP IFACE... add each IFACE as a port on DP\n"
next_portno: ;
}
- ofp_fatal(0, "no free datapath ports");
+ ovs_fatal(0, "no free datapath ports");
}
static void
devname = strtok_r(argv[i], "@@", &save_ptr);
if (!devname) {
- ofp_error(0, "%s is not a valid network device name", argv[i]);
+ ovs_error(0, "%s is not a valid network device name", argv[i]);
continue;
}
error = dpif_port_add(&dpif, devname, port);
if (error) {
- ofp_error(error, "adding %s as port %"PRIu16" of %s failed",
+ ovs_error(error, "adding %s as port %"PRIu16" of %s failed",
devname, port, argv[1]);
failure = true;
}
}
}
free(ports);
- ofp_error(0, "no port named %s", name);
+ ovs_error(0, "no port named %s", name);
return false;
}
error = dpif_port_del(&dpif, port);
if (error) {
- ofp_error(error, "deleting port %s from %s failed", name, argv[1]);
+ ovs_error(error, "deleting port %s from %s failed", name, argv[1]);
failure = true;
}
}
if (!error) {
show_dpif(&dpif);
} else {
- ofp_error(error, "opening datapath %s failed", name);
+ ovs_error(error, "opening datapath %s failed", name);
failure = true;
}
}
if (!error) {
show_dpif(&dpif);
} else if (error != ENODEV) {
- ofp_error(error, "opening datapath %s failed", name);
+ ovs_error(error, "opening datapath %s failed", name);
failure = true;
}
}
VLOG_INFO("datapath %s is named %s", name, dpif_name);
}
- socket_name = xasprintf("%s/%s.mgmt", ofp_rundir, dpif_name);
+ socket_name = xasprintf("%s/%s.mgmt", ovs_rundir, dpif_name);
if (stat(socket_name, &s)) {
- ofp_fatal(errno, "cannot connect to %s: stat failed on %s",
+ ovs_fatal(errno, "cannot connect to %s: stat failed on %s",
name, socket_name);
} else if (!S_ISSOCK(s.st_mode)) {
- ofp_fatal(0, "cannot connect to %s: %s is not a socket",
+ ovs_fatal(0, "cannot connect to %s: %s is not a socket",
name, socket_name);
}
free(socket_name);
free(vconn_name);
} else {
- ofp_fatal(0, "%s is not a valid connection method", name);
+ ovs_fatal(0, "%s is not a valid connection method", name);
}
}
vconn_close(vconn);
if (b->size < sizeof *reply) {
- ofp_fatal(0, "short reply (%zu bytes)", b->size);
+ ovs_fatal(0, "short reply (%zu bytes)", b->size);
}
reply = b->data;
if (reply->header.type != OFPT_VENDOR
|| reply->vendor != ntohl(NX_VENDOR_ID)
|| reply->subtype != ntohl(NXT_STATUS_REPLY)) {
ofp_print(stderr, b->data, b->size, 2);
- ofp_fatal(0, "bad reply");
+ ovs_fatal(0, "bad reply");
}
fwrite(reply + 1, b->size - sizeof *reply, 1, stdout);
errno = 0;
value = strtoul(str, &tail, 0);
if (errno == EINVAL || errno == ERANGE || *tail) {
- ofp_fatal(0, "invalid numeric format %s", str);
+ ovs_fatal(0, "invalid numeric format %s", str);
}
return value;
}
{
if (sscanf(str, "%"SCNx8":%"SCNx8":%"SCNx8":%"SCNx8":%"SCNx8":%"SCNx8,
&mac[0], &mac[1], &mac[2], &mac[3], &mac[4], &mac[5]) != 6) {
- ofp_fatal(0, "invalid mac address %s", str);
+ ovs_fatal(0, "invalid mac address %s", str);
}
}
name = strtok_r(str, "//", &save_ptr);
retval = name ? lookup_ip(name, &in_addr) : EINVAL;
if (retval) {
- ofp_fatal(0, "%s: could not convert to IP address", str);
+ ovs_fatal(0, "%s: could not convert to IP address", str);
}
*ip = in_addr.s_addr;
/* Verify that the rest of the bits are 1-bits. */
for (; i < 32; i++) {
if (!(nm & (1u << i))) {
- ofp_fatal(0, "%s: %s is not a valid netmask",
+ ovs_fatal(0, "%s: %s is not a valid netmask",
str, netmask);
}
}
} else {
int prefix = atoi(netmask);
if (prefix <= 0 || prefix > 32) {
- ofp_fatal(0, "%s: network prefix bits not between 1 and 32",
+ ovs_fatal(0, "%s: network prefix bits not between 1 and 32",
str);
}
n_wild = 32 - prefix;
uint16_t port;
if (drop) {
- ofp_fatal(0, "Drop actions must not be followed by other actions");
+ ovs_fatal(0, "Drop actions must not be followed by other actions");
}
/* Arguments are separated by colons */
* an action. */
drop = true;
if (n_actions) {
- ofp_fatal(0, "Drop actions must not be preceded by other "
+ ovs_fatal(0, "Drop actions must not be preceded by other "
"actions");
}
#ifdef SUPPORT_SNAT
struct nx_action_snat *sa;
if (str_to_u32(arg) > OFPP_MAX) {
- ofp_fatal(0, "Invalid nat port: %s\n", arg);
+ ovs_fatal(0, "Invalid nat port: %s\n", arg);
}
sa = put_action(b, sizeof *sa, OFPAT_VENDOR);
} else if (strspn(act, "0123456789") == strlen(act)) {
put_output_action(b, str_to_u32(act));
} else {
- ofp_fatal(0, "Unknown action: %s", act);
+ ovs_fatal(0, "Unknown action: %s", act);
}
}
}
if (actions) {
char *act_str = strstr(string, "action");
if (!act_str) {
- ofp_fatal(0, "must specify an action");
+ ovs_fatal(0, "must specify an action");
}
*(act_str-1) = '\0';
act_str = strchr(act_str, '=');
if (!act_str) {
- ofp_fatal(0, "must specify an action");
+ ovs_fatal(0, "must specify an action");
}
act_str++;
value = strtok_r(NULL, ", \t\r\n", &save_ptr);
if (!value) {
- ofp_fatal(0, "field %s missing value", name);
+ ovs_fatal(0, "field %s missing value", name);
}
if (table_idx && !strcmp(name, "table")) {
}
}
} else {
- ofp_fatal(0, "unknown keyword %s", name);
+ ovs_fatal(0, "unknown keyword %s", name);
}
}
}
file = fopen(argv[2], "r");
if (file == NULL) {
- ofp_fatal(errno, "%s: open", argv[2]);
+ ovs_fatal(errno, "%s: open", argv[2]);
}
open_vconn(argv[1], &vconn);
open_vconn(argv[1], &vconn);
run(vconn_transact(vconn, request, &reply), "talking to %s", argv[1]);
if (reply->size != sizeof(struct ofp_header)) {
- ofp_fatal(0, "reply does not match request");
+ ovs_fatal(0, "reply does not match request");
}
ofpbuf_delete(reply);
vconn_close(vconn);
}
}
if (port_idx == n_ports) {
- ofp_fatal(0, "couldn't find monitored port: %s", argv[2]);
+ ovs_fatal(0, "couldn't find monitored port: %s", argv[2]);
}
opm = make_openflow(sizeof(struct ofp_port_mod), OFPT_PORT_MOD, &request);
opm->mask |= htonl(OFPPC_NO_FLOOD);
opm->config |= htonl(OFPPC_NO_FLOOD);
} else {
- ofp_fatal(0, "unknown mod-port command '%s'", argv[3]);
+ ovs_fatal(0, "unknown mod-port command '%s'", argv[3]);
}
send_openflow_buffer(vconn, request);
payload = argc > 2 ? atoi(argv[2]) : 64;
if (payload > max_payload) {
- ofp_fatal(0, "payload must be between 0 and %zu bytes", max_payload);
+ ovs_fatal(0, "payload must be between 0 and %zu bytes", max_payload);
}
open_vconn(argv[1], &vconn);
payload_size = atoi(argv[2]);
if (payload_size > max_payload) {
- ofp_fatal(0, "payload must be between 0 and %zu bytes", max_payload);
+ ovs_fatal(0, "payload must be between 0 and %zu bytes", max_payload);
}
message_size = sizeof(struct ofp_header) + payload_size;
run(vconn_recv_xid(vconn, xid, &reply), "recv_xid");
if (reply->size < sizeof *ncr) {
- ofp_fatal(0, "reply is too short (%zu bytes < %zu bytes)",
+ ovs_fatal(0, "reply is too short (%zu bytes < %zu bytes)",
reply->size, sizeof *ncr);
}
ncr = reply->data;
if (ncr->nxh.header.type != OFPT_VENDOR
|| ncr->nxh.vendor != htonl(NX_VENDOR_ID)
|| ncr->nxh.subtype != htonl(NXT_COMMAND_REPLY)) {
- ofp_fatal(0, "reply is invalid");
+ ovs_fatal(0, "reply is invalid");
}
status = ntohl(ncr->status);
error = nl_sock_create(NETLINK_ROUTE, RTNLGRP_LINK, 0, 0, &sock);
if (error) {
- ofp_fatal(error, "could not create rtnetlink socket");
+ ovs_fatal(error, "could not create rtnetlink socket");
}
for (;;) {
if (error == EAGAIN) {
/* Nothing to do. */
} else if (error == ENOBUFS) {
- ofp_error(0, "network monitor socket overflowed");
+ ovs_error(0, "network monitor socket overflowed");
} else if (error) {
- ofp_fatal(error, "error on network monitor socket");
+ ovs_fatal(error, "error on network monitor socket");
} else {
struct nlattr *attrs[ARRAY_SIZE(rtnlgrp_link_policy)];
struct nlmsghdr *nlh;
nlh = ofpbuf_at(buf, 0, NLMSG_HDRLEN);
iim = ofpbuf_at(buf, NLMSG_HDRLEN, sizeof *iim);
if (!iim) {
- ofp_error(0, "received bad rtnl message (no ifinfomsg)");
+ ovs_error(0, "received bad rtnl message (no ifinfomsg)");
ofpbuf_delete(buf);
continue;
}
if (!nl_policy_parse(buf, NLMSG_HDRLEN + sizeof(struct ifinfomsg),
rtnlgrp_link_policy,
attrs, ARRAY_SIZE(rtnlgrp_link_policy))) {
- ofp_error(0, "received bad rtnl message (policy)");
+ ovs_error(0, "received bad rtnl message (policy)");
ofpbuf_delete(buf);
continue;
}
+++ /dev/null
-.TH ofp\-discover 8 "May 2008" "OpenFlow" "OpenFlow Manual"
-.ds PN ofp\-discover
-
-.SH NAME
-ofp\-discover \- controller discovery utility
-
-.SH SYNOPSIS
-.B ofp\-discover
-[\fIoptions\fR] \fInetdev\fR [\fInetdev\fR...]
-
-.SH DESCRIPTION
-The \fBofp\-discover\fR program attempts to discover the location of
-an OpenFlow controller on one of the network devices listed on the
-command line. It repeatedly broadcasts a DHCP request with vendor
-class identifier \fBOpenFlow\fR on each network device until it
-receives an acceptable DHCP response. It will accept any valid DHCP
-reply that has the same vendor class identifier and includes a
-vendor-specific option with code 1 whose contents are a string
-specifying the location of the controller in the same format used on
-the \fBsecchan\fR command line (e.g. \fBssl:192.168.0.1\fR).
-
-When \fBofp\-discover\fR receives an acceptable response, it prints
-the details of the response on \fBstdout\fR. Then, by default, it
-configures the network device on which the response was received with
-the received IP address, netmask, and default gateway, and detaches
-itself to the background.
-
-.SH OPTIONS
-.TP
-\fB--accept-vconn=\fIregex\fR
-By default, \fBofp\-discover\fR accepts any controller location
-advertised over DHCP. With this option, only controllers whose names
-match POSIX extended regular expression \fIregex\fR will be accepted.
-Specifying \fBssl:.*\fR for \fIregex\fR, for example, would cause only
-SSL controller connections to be accepted.
-
-The \fIregex\fR is implicitly anchored at the beginning of the
-controller location string, as if it begins with \fB^\fR.
-
-.TP
-\fB--exit-without-bind\fR
-By default, \fBofp\-discover\fR binds the network device that receives
-the first acceptable response to the IP address received over DHCP.
-With this option, the configuration of the network device is not
-changed at all, except to bring it up if it is initially down, and
-\fBofp\-discover\fR will exit immediately after it receives an
-acceptable DHCP response.
-
-This option is mutually exclusive with \fB--exit-after-bind\fR and
-\fB--no-detach\fR.
-
-.TP
-\fB--exit-after-bind\fR
-By default, after it receives an acceptable DHCP response,
-\fBofp\-discover\fR detaches itself from the foreground session and
-runs in the background maintaining the DHCP lease as necessary. With
-this option, \fBofp\-discover\fR will exit immediately after it
-receives an acceptable DHCP response and configures the network device
-with the received IP address. The address obtained via DHCP could
-therefore be used past the expiration of its lease.
-
-This option is mutually exclusive with \fB--exit-without-bind\fR and
-\fB--no-detach\fR.
-
-.TP
-\fB--no-detach\fR
-By default, \fBofp\-discover\fR runs in the foreground until it obtains
-an acceptable DHCP response, then it detaches itself from the
-foreground session and run as a background process. This option
-prevents \fBofp\-discover\fR from detaching, causing it to run in the
-foreground even after it obtains a DHCP response.
-
-This option is mutually exclusive with \fB--exit-without-bind\fR and
-\fB--exit-after-bind\fR.
-
-.TP
-\fB-P\fR[\fIpidfile\fR], \fB--pidfile\fR[\fB=\fIpidfile\fR]
-Causes a file (by default, \fBofp\-discover.pid\fR) to be created indicating
-the PID of the running process. If \fIpidfile\fR is not specified, or
-if it does not begin with \fB/\fR, then it is created in
-\fB@RUNDIR@\fR.
-
-The \fIpidfile\fR is created when \fBofp\-discover\fR detaches, so
-this this option has no effect when one of \fB--exit-without-bind\fR,
-\fB--exit-after-bind\fR, or \fB--no-detach\fR is also given.
-
-.TP
-\fB-f\fR, \fB--force\fR
-By default, when \fB-P\fR or \fB--pidfile\fR is specified and the
-specified pidfile already exists and is locked by a running process,
-\fBcontroller\fR refuses to start. Specify \fB-f\fR or \fB--force\fR
-to cause it to instead overwrite the pidfile.
-
-When \fB-P\fR or \fB--pidfile\fR is not specified, this option has no
-effect.
-
-.so lib/vlog.man
-.so lib/common.man
-
-.SH BUGS
-
-If the network devices specified on the command line have been added
-to an OpenFlow switch with \fBdpctl addif\fR, then controller
-discovery will fail because \fBofp\-discover\fR will not be able to
-see DHCP responses, even though tools such as \fBtcpdump\fR(8) and
-\fBwireshark\fR(1) can see them on the wire. This is because of the
-structure of the Linux kernel networking stack, which hands packets
-first to programs that listen for all arriving packets, then to
-OpenFlow, then to programs that listen for a specific kind of packet.
-OpenFlow consumes all the packets handed to it, so tools like
-\fBtcpdump\fR that look at all packets will see packets arriving on
-OpenFlow interfaces, but \fRofp\-discover\fR, which listens only for
-arriving IP packets, will not.
-
-.SH "SEE ALSO"
-
-.BR secchan (8),
-.BR ofp-pki (8)
+++ /dev/null
-/* Copyright (c) 2008, 2009 The Board of Trustees of The Leland Stanford
- * Junior University
- *
- * We are making the OpenFlow specification and associated documentation
- * (Software) available for public use and benefit with the expectation
- * that others will use, modify and enhance the Software and contribute
- * those enhancements back to the community. However, since we would
- * like to make the Software available for broadest use, with as few
- * restrictions as possible permission is hereby granted, free of
- * charge, to any person obtaining a copy of this Software to deal in
- * the Software under the copyrights without restriction, including
- * without limitation the rights to use, copy, modify, merge, publish,
- * distribute, sublicense, and/or sell copies of the Software, and to
- * permit persons to whom the Software is furnished to do so, subject to
- * the following conditions:
- *
- * The above copyright notice and this permission notice shall be
- * included in all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
- * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
- * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
- * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
- * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
- * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
- * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
- * SOFTWARE.
- *
- * The name and trademarks of copyright holder(s) may NOT be used in
- * advertising or publicity pertaining to the Software or any
- * derivatives without specific, written prior permission.
- */
-
-#include <config.h>
-#include <getopt.h>
-#include <limits.h>
-#include <regex.h>
-#include <signal.h>
-#include <stdlib.h>
-#include <unistd.h>
-#include "command-line.h"
-#include "daemon.h"
-#include "dhcp-client.h"
-#include "dhcp.h"
-#include "dirs.h"
-#include "dynamic-string.h"
-#include "fatal-signal.h"
-#include "netdev.h"
-#include "poll-loop.h"
-#include "timeval.h"
-#include "unixctl.h"
-#include "util.h"
-
-#include "vlog.h"
-#define THIS_MODULE VLM_ofp_discover
-
-struct iface {
- const char *name;
- struct dhclient *dhcp;
-};
-
-/* The interfaces that we serve. */
-static struct iface *ifaces;
-static int n_ifaces;
-
-/* --accept-vconn: Regular expression specifying the class of controller vconns
- * that we will accept during autodiscovery. */
-static const char *accept_controller_re = ".*";
-static regex_t accept_controller_regex;
-
-/* --exit-without-bind: Exit after discovering the controller, without binding
- * the network device to an IP address? */
-static bool exit_without_bind;
-
-/* --exit-after-bind: Exit after discovering the controller, after binding the
- * network device to an IP address? */
-static bool exit_after_bind;
-
-static bool iface_init(struct iface *, const char *netdev_name);
-static void release_ifaces(void *aux UNUSED);
-
-static void parse_options(int argc, char *argv[]);
-static void usage(void) NO_RETURN;
-
-static void modify_dhcp_request(struct dhcp_msg *, void *aux);
-static bool validate_dhcp_offer(const struct dhcp_msg *, void *aux);
-
-int
-main(int argc, char *argv[])
-{
- struct unixctl_server *unixctl;
- int retval;
- int i;
-
- set_program_name(argv[0]);
- time_init();
- vlog_init();
- parse_options(argc, argv);
-
- argc -= optind;
- argv += optind;
- if (argc < 1) {
- ofp_fatal(0, "need at least one non-option argument; "
- "use --help for usage");
- }
-
- ifaces = xmalloc(argc * sizeof *ifaces);
- n_ifaces = 0;
- for (i = 0; i < argc; i++) {
- if (iface_init(&ifaces[n_ifaces], argv[i])) {
- n_ifaces++;
- }
- }
- if (!n_ifaces) {
- ofp_fatal(0, "failed to initialize any DHCP clients");
- }
-
- for (i = 0; i < n_ifaces; i++) {
- struct iface *iface = &ifaces[i];
- dhclient_init(iface->dhcp, 0);
- }
- fatal_signal_add_hook(release_ifaces, NULL, true);
-
- retval = regcomp(&accept_controller_regex, accept_controller_re,
- REG_NOSUB | REG_EXTENDED);
- if (retval) {
- size_t length = regerror(retval, &accept_controller_regex, NULL, 0);
- char *buffer = xmalloc(length);
- regerror(retval, &accept_controller_regex, buffer, length);
- ofp_fatal(0, "%s: %s", accept_controller_re, buffer);
- }
-
- retval = unixctl_server_create(NULL, &unixctl);
- if (retval) {
- ofp_fatal(retval, "Could not listen for unixctl connections");
- }
-
- die_if_already_running();
-
- signal(SIGPIPE, SIG_IGN);
- for (;;) {
- fatal_signal_block();
- for (i = 0; i < n_ifaces; i++) {
- struct iface *iface = &ifaces[i];
- dhclient_run(iface->dhcp);
- if (dhclient_changed(iface->dhcp)) {
- bool is_bound = dhclient_is_bound(iface->dhcp);
- int j;
-
- /* Configure network device. */
- if (!exit_without_bind) {
- dhclient_configure_netdev(iface->dhcp);
- dhclient_update_resolv_conf(iface->dhcp);
- }
-
- if (is_bound) {
- static bool detached = false;
- struct ds ds;
-
- /* Disable timeout, since discovery was successful. */
- time_alarm(0);
-
- /* Print discovered parameters. */
- ds_init(&ds);
- dhcp_msg_to_string(dhclient_get_config(iface->dhcp),
- true, &ds);
- fputs(ds_cstr(&ds), stdout);
- putchar('\n');
- fflush(stdout);
- ds_destroy(&ds);
-
- /* Exit if the user requested it. */
- if (exit_without_bind) {
- VLOG_DBG("exiting because of successful binding on %s "
- "and --exit-without-bind specified",
- iface->name);
- exit(0);
- }
- if (exit_after_bind) {
- VLOG_DBG("exiting because of successful binding on %s "
- "and --exit-after-bind specified",
- iface->name);
- exit(0);
- }
-
- /* Detach into background, if we haven't already. */
- if (!detached) {
- detached = true;
- daemonize();
- }
- }
-
- /* We only want an address on a single one of our interfaces.
- * So: if we have an address on this interface, stop looking
- * for one on the others; if we don't have an address on this
- * interface, start looking everywhere. */
- for (j = 0; j < n_ifaces; j++) {
- struct iface *if2 = &ifaces[j];
- if (iface != if2) {
- if (is_bound) {
- dhclient_release(if2->dhcp);
- } else {
- dhclient_init(if2->dhcp, 0);
- }
- }
- }
- }
- }
- unixctl_server_run(unixctl);
- for (i = 0; i < n_ifaces; i++) {
- struct iface *iface = &ifaces[i];
- dhclient_wait(iface->dhcp);
- }
- unixctl_server_wait(unixctl);
- fatal_signal_unblock();
- poll_block();
- }
-
- return 0;
-}
-
-static bool
-iface_init(struct iface *iface, const char *netdev_name)
-{
- int retval;
-
- iface->name = netdev_name;
- iface->dhcp = NULL;
-
- if (exit_after_bind) {
- /* Bring this interface up permanently, so that the bound address
- * persists past program termination. */
- struct netdev *netdev;
-
- retval = netdev_open(iface->name, NETDEV_ETH_TYPE_NONE, &netdev);
- if (retval) {
- ofp_error(retval, "Could not open %s device", iface->name);
- return false;
- }
- retval = netdev_turn_flags_on(netdev, NETDEV_UP, true);
- if (retval) {
- ofp_error(retval, "Could not bring %s device up", iface->name);
- return false;
- }
- netdev_close(netdev);
- }
-
- retval = dhclient_create(iface->name, modify_dhcp_request,
- validate_dhcp_offer, NULL, &iface->dhcp);
- if (retval) {
- ofp_error(retval, "%s: failed to initialize DHCP client", iface->name);
- return false;
- }
-
- return true;
-}
-
-static void
-release_ifaces(void *aux UNUSED)
-{
- int i;
-
- for (i = 0; i < n_ifaces; i++) {
- struct dhclient *dhcp = ifaces[i].dhcp;
- dhclient_release(dhcp);
- if (dhclient_changed(dhcp)) {
- dhclient_configure_netdev(dhcp);
- }
- }
-}
-
-static void
-modify_dhcp_request(struct dhcp_msg *msg, void *aux UNUSED)
-{
- dhcp_msg_put_string(msg, DHCP_CODE_VENDOR_CLASS, "OpenFlow");
-}
-
-static bool
-validate_dhcp_offer(const struct dhcp_msg *msg, void *aux UNUSED)
-{
- static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(60, 60);
- char *vconn_name;
- bool accept;
-
- vconn_name = dhcp_msg_get_string(msg, DHCP_CODE_OFP_CONTROLLER_VCONN);
- if (!vconn_name) {
- VLOG_WARN_RL(&rl, "rejecting DHCP offer missing controller vconn");
- return false;
- }
- accept = !regexec(&accept_controller_regex, vconn_name, 0, NULL, 0);
- free(vconn_name);
- return accept;
-}
-
-static void
-parse_options(int argc, char *argv[])
-{
- enum {
- OPT_ACCEPT_VCONN = UCHAR_MAX + 1,
- OPT_EXIT_WITHOUT_BIND,
- OPT_EXIT_AFTER_BIND,
- OPT_NO_DETACH,
- };
- static struct option long_options[] = {
- {"accept-vconn", required_argument, 0, OPT_ACCEPT_VCONN},
- {"exit-without-bind", no_argument, 0, OPT_EXIT_WITHOUT_BIND},
- {"exit-after-bind", no_argument, 0, OPT_EXIT_AFTER_BIND},
- {"no-detach", no_argument, 0, OPT_NO_DETACH},
- {"timeout", required_argument, 0, 't'},
- {"pidfile", optional_argument, 0, 'P'},
- {"force", no_argument, 0, 'f'},
- {"verbose", optional_argument, 0, 'v'},
- {"help", no_argument, 0, 'h'},
- {"version", no_argument, 0, 'V'},
- {0, 0, 0, 0},
- };
- char *short_options = long_options_to_short_options(long_options);
- bool detach_after_bind = true;
-
- for (;;) {
- unsigned long int timeout;
- int c;
-
- c = getopt_long(argc, argv, short_options, long_options, NULL);
- if (c == -1) {
- break;
- }
-
- switch (c) {
- case OPT_ACCEPT_VCONN:
- accept_controller_re = (optarg[0] == '^'
- ? optarg
- : xasprintf("^%s", optarg));
- break;
-
- case OPT_EXIT_WITHOUT_BIND:
- exit_without_bind = true;
- break;
-
- case OPT_EXIT_AFTER_BIND:
- exit_after_bind = true;
- break;
-
- case OPT_NO_DETACH:
- detach_after_bind = false;
- break;
-
- case 'P':
- set_pidfile(optarg);
- break;
-
- case 'f':
- ignore_existing_pidfile();
- break;
-
- case 't':
- timeout = strtoul(optarg, NULL, 10);
- if (timeout <= 0) {
- ofp_fatal(0, "value %s on -t or --timeout is not at least 1",
- optarg);
- } else {
- time_alarm(timeout);
- }
- signal(SIGALRM, SIG_DFL);
- break;
-
- case 'h':
- usage();
-
- case 'V':
- printf("%s %s compiled "__DATE__" "__TIME__"\n",
- program_name, VERSION BUILDNR);
- exit(EXIT_SUCCESS);
-
- case 'v':
- vlog_set_verbosity(optarg);
- break;
-
- case '?':
- exit(EXIT_FAILURE);
-
- default:
- abort();
- }
- }
- free(short_options);
-
- if ((exit_without_bind + exit_after_bind + !detach_after_bind) > 1) {
- ofp_fatal(0, "--exit-without-bind, --exit-after-bind, and --no-detach "
- "are mutually exclusive");
- }
- if (detach_after_bind) {
- set_detach();
- }
-}
-
-static void
-usage(void)
-{
- printf("%s: a tool for discovering OpenFlow controllers.\n"
- "usage: %s [OPTIONS] NETDEV [NETDEV...]\n"
- "where each NETDEV is a network device on which to perform\n"
- "controller discovery.\n"
- "\nOrdinarily, ofp-discover runs in the foreground until it\n"
- "obtains an IP address and discovers an OpenFlow controller via\n"
- "DHCP, then it prints information about the controller to stdout\n"
- "and detaches to the background to maintain the IP address lease.\n"
- "\nNetworking options:\n"
- " --accept-vconn=REGEX accept matching discovered controllers\n"
- " --exit-without-bind exit after discovery, without binding\n"
- " --exit-after-bind exit after discovery, after binding\n"
- " --no-detach do not detach after discovery\n",
- program_name, program_name);
- vlog_usage();
- printf("\nOther options:\n"
- " -t, --timeout=SECS give up discovery after SECS seconds\n"
- " -P, --pidfile[=FILE] create pidfile (default: %s/%s.pid)\n"
- " -f, --force with -P, start even if already running\n"
- " -h, --help display this help message\n"
- " -V, --version display version information\n",
- ofp_rundir, program_name);
- exit(EXIT_SUCCESS);
-}
+++ /dev/null
-.TH ofp\-kill 8 "May 2008" "OpenFlow" "OpenFlow Manual"
-.ds PN ofp\-kill
-
-.SH NAME
-ofp\-kill \- kills processes given their pidfiles
-
-.SH SYNOPSIS
-.B ofp\-kill
-[\fIoptions\fR] \fIpidfile\fR [\fIpidfile\fR...]
-
-.SH DESCRIPTION
-The \fBofp\-kill\fR program reads each \fIpidfile\fR specified on the
-command line and sends a signal to the program associated with it, if
-any. It reads one line of text from \fIpidfile\fR, which must contain
-the PID of the process to kill as a text string. It then uses
-\fBfcntl\fR(2) to verify that a process with the PID from the file
-owns a lock on \fIpidfile\fR before it sends the signal.
-
-A \fIpidfile\fR whose name begins with \fB/\fR is used literally.
-Otherwise, \fB@RUNDIR@/\fR is prefixed.
-
-This program exists for use by \fBofp\-switch\-setup\fR, which cannot
-easily implement its functionality since Perl has no portable
-interface to \fBfcntl\fR-based file locking.
-
-.SH OPTIONS
-.TP
-\fB-s \fInumber\fR|\fIname\fR, \fB\-\^\-signal=\fInumber\fR|\fIname\fR
-Sets the signal to be sent to each process. Signals may be given by
-number (e.g. \fB1\fR) or by name (e.g. \fBHUP\fR or \fBSIGHUP\fR).
-By default, \fBSIGTERM\fR is sent.
-
-.TP
-\fB-f\fR, \fB\-\^\-force\fR
-Causes \fBofp\-kill\fR to ignore all errors without printing a message
-to \fBstderr\fR, and to exit with return code 0.
-
-.so lib/common.man
-
-.SH "EXIT CODE"
-
-Without \fB-f\fR or \fB\-\^\-force\fR, \fBofp\-kill\fR exits with
-status 0 if at least one \fIpidfile\fR was given and the process
-represented by every \fIpidfile\fR was signaled successfully,
-otherwise with status 1.
-
-With \fB-f\fR or \fB\-\^\-force\fR, \fBofp\-kill\fR always exits with
-status 0.
-
-.SH BUGS
-
-There is a race between verifying the lock on \fIpidfile\fR and
-actually killing the process.
-
-\fBofp\-kill\fR does not wait for the signaled processes to die before
-exiting.
-
-.SH "SEE ALSO"
-
-.BR ofp\-switch\-setup (8)
+++ /dev/null
-/* Copyright (c) 2008 The Board of Trustees of The Leland Stanford
- * Junior University
- *
- * We are making the OpenFlow specification and associated documentation
- * (Software) available for public use and benefit with the expectation
- * that others will use, modify and enhance the Software and contribute
- * those enhancements back to the community. However, since we would
- * like to make the Software available for broadest use, with as few
- * restrictions as possible permission is hereby granted, free of
- * charge, to any person obtaining a copy of this Software to deal in
- * the Software under the copyrights without restriction, including
- * without limitation the rights to use, copy, modify, merge, publish,
- * distribute, sublicense, and/or sell copies of the Software, and to
- * permit persons to whom the Software is furnished to do so, subject to
- * the following conditions:
- *
- * The above copyright notice and this permission notice shall be
- * included in all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
- * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
- * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
- * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
- * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
- * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
- * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
- * SOFTWARE.
- *
- * The name and trademarks of copyright holder(s) may NOT be used in
- * advertising or publicity pertaining to the Software or any
- * derivatives without specific, written prior permission.
- */
-
-#include <config.h>
-#include <errno.h>
-#include <fcntl.h>
-#include <getopt.h>
-#include <signal.h>
-#include <stdarg.h>
-#include <stdlib.h>
-#include <string.h>
-#include "command-line.h"
-#include "daemon.h"
-#include "timeval.h"
-#include "util.h"
-#include "vlog.h"
-
-/* -s, --signal: signal to send. */
-static int sig_nr = SIGTERM;
-
-/* -f, --force: ignore errors. */
-static bool force;
-
-static void cond_error(int err_no, const char *, ...) PRINTF_FORMAT(2, 3);
-
-static void parse_options(int argc, char *argv[]);
-static void usage(void);
-
-int
-main(int argc, char *argv[])
-{
- bool ok = true;
- int i;
-
- set_program_name(argv[0]);
- time_init();
- vlog_init();
- parse_options(argc, argv);
-
- argc -= optind;
- argv += optind;
- if (argc < 1) {
- if (!force) {
- ofp_fatal(0, "need at least one non-option argument; "
- "use --help for usage");
- }
- }
-
- for (i = 0; i < argc; i++) {
- char *pidfile;
- pid_t pid;
-
- pidfile = make_pidfile_name(argv[i]);
- pid = read_pidfile(pidfile);
- if (pid >= 0) {
- if (kill(pid, sig_nr) < 0) {
- cond_error(errno, "%s: kill(%ld)", pidfile, (long int) pid);
- }
- } else {
- cond_error(-pid, "could not read %s", pidfile);
- }
- free(pidfile);
- }
-
- return ok || force ? EXIT_SUCCESS : EXIT_FAILURE;
-}
-
-static void
-parse_options(int argc, char *argv[])
-{
- static struct option long_options[] = {
- {"signal", required_argument, 0, 's'},
- {"force", no_argument, 0, 'f'},
- {"help", no_argument, 0, 'h'},
- {"version", no_argument, 0, 'V'},
- {0, 0, 0, 0},
- };
- char *short_options = long_options_to_short_options(long_options);
-
- for (;;) {
- int c;
-
- c = getopt_long(argc, argv, short_options, long_options, NULL);
- if (c == -1) {
- break;
- }
-
- switch (c) {
- case 's':
- if (atoi(optarg) || !strcmp(optarg, "0")) {
- sig_nr = atoi(optarg);
- } else {
- struct signal_name {
- const char *name;
- int number;
- };
-
- static const struct signal_name signals[] = {
-#define SIGNAL(NAME) { #NAME, NAME }
- SIGNAL(SIGABRT),
- SIGNAL(SIGALRM),
- SIGNAL(SIGBUS),
- SIGNAL(SIGCHLD),
- SIGNAL(SIGCONT),
- SIGNAL(SIGFPE),
- SIGNAL(SIGHUP),
- SIGNAL(SIGILL),
- SIGNAL(SIGINT),
- SIGNAL(SIGKILL),
- SIGNAL(SIGPIPE),
- SIGNAL(SIGQUIT),
- SIGNAL(SIGSEGV),
- SIGNAL(SIGSTOP),
- SIGNAL(SIGTERM),
- SIGNAL(SIGTSTP),
- SIGNAL(SIGTTIN),
- SIGNAL(SIGTTOU),
- SIGNAL(SIGUSR1),
- SIGNAL(SIGUSR2),
-#ifdef SIGPOLL
- SIGNAL(SIGPOLL),
-#endif
- SIGNAL(SIGPROF),
- SIGNAL(SIGSYS),
- SIGNAL(SIGTRAP),
- SIGNAL(SIGURG),
- SIGNAL(SIGVTALRM),
- SIGNAL(SIGXCPU),
- SIGNAL(SIGXFSZ),
-#undef SIGNAL
- };
- int i;
-
- for (i = 0; i < ARRAY_SIZE(signals); i++) {
- const struct signal_name *s = &signals[i];
- if (!strcmp(optarg, s->name)
- || !strcmp(optarg, s->name + 3)) {
- sig_nr = s->number;
- goto got_name;
- }
- }
- ofp_fatal(0, "unknown signal \"%s\"", optarg);
- got_name: ;
- }
- break;
-
- case 'f':
- force = true;
- break;
-
- case 'h':
- usage();
-
- case 'V':
- printf("%s %s compiled "__DATE__" "__TIME__"\n",
- program_name, VERSION BUILDNR);
- exit(EXIT_SUCCESS);
-
- case '?':
- exit(EXIT_FAILURE);
-
- default:
- abort();
- }
- }
- free(short_options);
-}
-
-static void
-usage(void)
-{
- printf("%s: kills a program using a pidfile\n"
- "usage: %s [OPTIONS] PIDFILE [PIDFILE...]\n"
- "where each PIDFILE is a pidfile created by an OpenFlow daemon.\n"
- "\nOptions:\n"
- " -s, --signal=NUMBER|NAME signal to send (default: TERM)\n"
- " -f, --force ignore errors\n"
- " -h, --help display this help message\n"
- " -V, --version display version information\n",
- program_name, program_name);
- exit(EXIT_SUCCESS);
-}
-
-static void
-cond_error(int err_no, const char *format, ...)
-{
- if (!force) {
- va_list args;
-
- fprintf(stderr, "%s: ", program_name);
- va_start(args, format);
- vfprintf(stderr, format, args);
- va_end(args);
- if (err_no != 0)
- fprintf(stderr, " (%s)", strerror(err_no));
- putc('\n', stderr);
- }
-}
+++ /dev/null
-#! @PERL@
-
-use strict;
-use warnings;
-
-if (grep($_ eq '--help', @ARGV)) {
- print <<EOF;
-$0, for parsing leak checker logs
-usage: $0 [BINARY] < LOG
-where LOG is a log file produced by an OpenFlow program's --check-leaks option
- and BINARY is the binary that wrote LOG.
-EOF
- exit 0;
-}
-
-die "$0: zero or one arguments required; use --help for help\n" if @ARGV > 1;
-die "$0: $ARGV[0] does not exist" if @ARGV > 0 && ! -e $ARGV[0];
-
-our ($binary);
-our ($a2l) = search_path("addr2line");
-my ($no_syms) = "symbols will not be translated";
-if (!@ARGV) {
- print "no binary specified; $no_syms\n";
-} elsif (! -e $ARGV[0]) {
- print "$ARGV[0] does not exist; $no_syms";
-} elsif (!defined($a2l)) {
- print "addr2line not found in PATH; $no_syms";
-} else {
- $binary = $ARGV[0];
-}
-
-our ($objdump) = search_path("objdump");
-print "objdump not found; dynamic library symbols will not be translated\n"
- if !defined($objdump);
-
-our %blocks;
-our @segments;
-while (<STDIN>) {
- my $ptr = "((?:0x)?[0-9a-fA-F]+|\\(nil\\))";
- my $callers = ":((?: $ptr)+)";
- if (/^malloc\((\d+)\) -> $ptr$callers$/) {
- allocated($., $2, $1, $3);
- } elsif (/^claim\($ptr\)$callers$/) {
- claimed($., $1, $2);
- } elsif (/realloc\($ptr, (\d+)\) -> $ptr$callers$/) {
- my ($callers) = $4;
- freed($., $1, $callers);
- allocated($., $3, $2, $callers);
- } elsif (/^free\($ptr\)$callers$/) {
- freed($., $1, $2);
- } elsif (/^segment: $ptr-$ptr $ptr [-r][-w][-x][sp] (.*)/) {
- add_segment(hex($1), hex($2), hex($3), $4);
- } else {
- print "stdin:$.: syntax error\n";
- }
-}
-if (%blocks) {
- my $n_blocks = scalar(keys(%blocks));
- my $n_bytes = 0;
- $n_bytes += $_->{SIZE} foreach values(%blocks);
- print "$n_bytes bytes in $n_blocks blocks not freed at end of run\n";
- my %blocks_by_callers;
- foreach my $block (values(%blocks)) {
- my ($trimmed_callers) = trim_callers($block->{CALLERS});
- push (@{$blocks_by_callers{$trimmed_callers}}, $block);
- }
- foreach my $callers (sort {@{$b} <=> @{$a}} (values(%blocks_by_callers))) {
- $n_blocks = scalar(@{$callers});
- $n_bytes = 0;
- $n_bytes += $_->{SIZE} foreach @{$callers};
- print "$n_bytes bytes in these $n_blocks blocks were not freed:\n";
- my $i = 0;
- my $max = 5;
- foreach my $block (sort {$a->{LINE} <=> $b->{LINE}} (@{$callers})) {
- printf "\t%d-byte block at 0x%08x allocated on stdin:%d\n",
- $block->{SIZE}, $block->{BASE}, $block->{LINE};
- last if $i++ > $max;
- }
- print "\t...and ", $n_blocks - $max, " others...\n"
- if $n_blocks > $max;
- print "The blocks listed above were allocated by:\n";
- print_callers("\t", ${$callers}[0]->{CALLERS});
- }
-}
-sub interp_pointer {
- my ($s_ptr) = @_;
- return $s_ptr eq '(nil)' ? 0 : hex($s_ptr);
-}
-
-sub allocated {
- my ($line, $s_base, $size, $callers) = @_;
- my ($base) = interp_pointer($s_base);
- return if !$base;
- my ($info) = {LINE => $line,
- BASE => $base,
- SIZE => $size,
- CALLERS => $callers};
- if (exists($blocks{$base})) {
- print "In-use address returned by allocator:\n";
- print "\tInitial allocation:\n";
- print_block("\t\t", $blocks{$base});
- print "\tNew allocation:\n";
- print_block("\t\t", $info);
- }
- $blocks{$base} = $info;
-}
-
-sub claimed {
- my ($line, $s_base, $callers) = @_;
- my ($base) = interp_pointer($s_base);
- return if !$base;
- if (exists($blocks{$base})) {
- $blocks{$base}{LINE} = $line;
- $blocks{$base}{CALLERS} = $callers;
- } else {
- printf "Claim asserted on not-in-use block 0x%08x by:\n", $base;
- print_callers('', $callers);
- }
-}
-
-sub freed {
- my ($line, $s_base, $callers) = @_;
- my ($base) = interp_pointer($s_base);
- return if !$base;
-
- if (!delete($blocks{$base})) {
- printf "Bad free of not-allocated address 0x%08x on stdin:%d by:\n", $base, $line;
- print_callers('', $callers);
- }
-}
-
-sub print_block {
- my ($prefix, $info) = @_;
- printf '%s%d-byte block at 0x%08x allocated on stdin:%d by:' . "\n",
- $prefix, $info->{SIZE}, $info->{BASE}, $info->{LINE};
- print_callers($prefix, $info->{CALLERS});
-}
-
-sub print_callers {
- my ($prefix, $callers) = @_;
- foreach my $pc (split(' ', $callers)) {
- print "$prefix\t", lookup_pc($pc), "\n";
- }
-}
-
-our (%cache);
-sub lookup_pc {
- my ($s_pc) = @_;
- if (defined($binary)) {
- my ($pc) = hex($s_pc);
- my ($output) = "$s_pc: ";
- if (!exists($cache{$pc})) {
- open(A2L, "$a2l -fe $binary --demangle $s_pc|");
- chomp(my $function = <A2L>);
- chomp(my $line = <A2L>);
- close(A2L);
- if ($function eq '??') {
- ($function, $line) = lookup_pc_by_segment($pc);
- }
- $line =~ s/^(\.\.\/)*//;
- $line = "..." . substr($line, -25) if length($line) > 28;
- $cache{$pc} = "$s_pc: $function ($line)";
- }
- return $cache{$pc};
- } else {
- return "$s_pc";
- }
-}
-
-sub trim_callers {
- my ($in) = @_;
- my (@out);
- foreach my $pc (split(' ', $in)) {
- my $xlated = lookup_pc($pc);
- if ($xlated =~ /\?\?/) {
- push(@out, "...") if !@out || $out[$#out] ne '...';
- } else {
- push(@out, $pc);
- }
- }
- return join(' ', @out);
-}
-
-sub search_path {
- my ($target) = @_;
- for my $dir (split (':', $ENV{PATH})) {
- my ($file) = "$dir/$target";
- return $file if -e $file;
- }
- return undef;
-}
-
-sub add_segment {
- my ($vm_start, $vm_end, $vm_pgoff, $file) = @_;
- for (my $i = 0; $i <= $#segments; $i++) {
- my ($s) = $segments[$i];
- next if $vm_end <= $s->{START} || $vm_start >= $s->{END};
- if ($vm_start <= $s->{START} && $vm_end >= $s->{END}) {
- splice(@segments, $i, 1);
- --$i;
- } else {
- $s->{START} = $vm_end if $vm_end > $s->{START};
- $s->{END} = $vm_start if $vm_start <= $s->{END};
- }
- }
- push(@segments, {START => $vm_start,
- END => $vm_end,
- PGOFF => $vm_pgoff,
- FILE => $file});
- @segments = sort { $a->{START} <=> $b->{START} } @segments;
-}
-
-sub binary_search {
- my ($array, $value) = @_;
- my $l = 0;
- my $r = $#{$array};
- while ($l <= $r) {
- my $m = int(($l + $r) / 2);
- my $e = $array->[$m];
- if ($value < $e->{START}) {
- $r = $m - 1;
- } elsif ($value >= $e->{END}) {
- $l = $m + 1;
- } else {
- return $e;
- }
- }
- return undef;
-}
-
-sub read_sections {
- my ($file) = @_;
- my (@sections);
- open(OBJDUMP, "$objdump -h $file|");
- while (<OBJDUMP>) {
- my $ptr = "([0-9a-fA-F]+)";
- my ($name, $size, $vma, $lma, $file_off)
- = /^\s*\d+\s+(\S+)\s+$ptr\s+$ptr\s+$ptr\s+$ptr/
- or next;
- push(@sections, {START => hex($file_off),
- END => hex($file_off) + hex($size),
- NAME => $name});
- }
- close(OBJDUMP);
- return [sort { $a->{START} <=> $b->{START} } @sections ];
-}
-
-our %file_to_sections;
-sub segment_to_section {
- my ($file, $file_offset) = @_;
- if (!defined($file_to_sections{$file})) {
- $file_to_sections{$file} = read_sections($file);
- }
- return binary_search($file_to_sections{$file}, $file_offset);
-}
-
-sub address_to_segment {
- my ($pc) = @_;
- return binary_search(\@segments, $pc);
-}
-
-sub lookup_pc_by_segment {
- return ('??', 0) if !defined($objdump);
-
- my ($pc) = @_;
- my ($segment) = address_to_segment($pc);
- return ('??', 0) if !defined($segment) || $segment->{FILE} eq '';
-
- my ($file_offset) = $pc - $segment->{START} + $segment->{PGOFF};
- my ($section) = segment_to_section($segment->{FILE}, $file_offset);
- return ('??', 0) if !defined($section);
-
- my ($section_offset) = $file_offset - $section->{START};
- open(A2L, sprintf("%s -fe %s --demangle --section=$section->{NAME} 0x%x|",
- $a2l, $segment->{FILE}, $section_offset));
- chomp(my $function = <A2L>);
- chomp(my $line = <A2L>);
- close(A2L);
-
- return ($function, $line);
-}
-
-# Local Variables:
-# mode: perl
-# End:
+++ /dev/null
-#! @PERL@
-
-use CGI;
-use Digest::SHA1;
-use Fcntl;
-
-$CGI::POST_MAX = 65536; # Limit POSTs to 64 kB.
-
-use strict;
-use warnings;
-
-my $pkidir = '@PKIDIR@';
-my $q = new CGI;
-
-die unless $q->request_method() eq 'POST';
-
-my $type = $q->param('type');
-die unless defined $type;
-die unless $type eq 'switch' or $type eq 'controller';
-
-my $req = $q->param('req');
-die unless defined $req;
-die unless $req =~ /^-----BEGIN CERTIFICATE REQUEST-----$/m;
-die unless $req =~ /^-----END CERTIFICATE REQUEST-----$/m;
-
-my $digest = Digest::SHA1::sha1_hex($req);
-my $incoming = "$pkidir/${type}ca/incoming";
-my $dst = "$incoming/$digest-req.pem";
-
-sysopen(REQUEST, "$dst.tmp", O_RDWR | O_CREAT | O_EXCL, 0600)
- or die "sysopen $dst.tmp: $!";
-print REQUEST $req;
-close(REQUEST) or die "close $dst.tmp: $!";
-
-rename("$dst.tmp", $dst) or die "rename $dst.tmp to $dst: $!";
-
-print $q->header('text/html', '204 No response');
-
-# Local Variables:
-# mode: perl
-# End:
+++ /dev/null
-.TH ofp\-pki 8 "May 2008" "OpenFlow" "OpenFlow Manual"
-
-.SH NAME
-ofp\-pki \- OpenFlow public key infrastructure management utility
-
-.SH SYNOPSIS
-\fBofp\-pki\fR [\fIOPTIONS\fR] \fICOMMAND\fR [\fIARGS\fR]
-.sp
-Stand\-alone commands with their arguments:
-.br
-\fBofp\-pki\fR \fBinit\fR
-.br
-\fBofp\-pki\fR \fBreq\fR \fINAME\fR
-.br
-\fBofp\-pki\fR \fBsign\fR \fINAME\fR [\fITYPE\fR]
-.br
-\fBofp\-pki\fR \fBreq+sign\fR \fINAME\fR [\fITYPE\fR]
-.br
-\fBofp\-pki\fR \fBverify\fR \fINAME\fR [\fITYPE\fR]
-.br
-\fBofp\-pki\fR \fBfingerprint\fR \fIFILE\fR
-.br
-\fBofp\-pki\fR \self-sign\fR \fINAME\fR
-.sp
-The following additional commands manage an online PKI:
-.br
-\fBofp\-pki\fR \fBls\fR [\fIPREFIX\fR] [\fITYPE\fR]
-.br
-\fBofp\-pki\fR \fBflush\fR [\fITYPE\fR]
-.br
-\fBofp\-pki\fR \fBreject\fR \fIPREFIX\fR [\fITYPE\fR]
-.br
-\fBofp\-pki\fR \fBapprove\fR \fIPREFIX\fR [\fITYPE\fR]
-.br
-\fBofp\-pki\fR \fBprompt\fR [\fITYPE\fR]
-.br
-\fBofp\-pki\fR \fBexpire\fR [\fIAGE\fR]
-.sp
-Each \fITYPE\fR above is a certificate type, either \fBswitch\fR
-(default) or \fBcontroller\fR.
-.sp
-The available options are:
-.br
-[\fB\-k\fR \fItype\fR | \fB\-\^\-key=\fItype\fR]
-[\fB\-B\fR \fInbits\fR | \fB\-\^\-bits=\fInbits\fR]
-[\fB\-D\fR \fIfile\fR | \fB\-\^\-dsaparam=\fIfile\fR]
-[\fB\-b\fR | \fB\-\^\-batch\fR]
-[\fB\-f\fR | \fB\-\^\-force\fR]
-[\fB\-d\fR \fIdir\fR | \fB\-\^\-dir=\fR\fIdir\fR]
-[\fB\-l\fR \fIfile\fR | \fB\-\^\-log=\fIfile\fR]
-[\fB\-h\fR | \fB\-\^\-help\fR]
-.br
-Some options do not apply to every command.
-
-.SH DESCRIPTION
-The \fBofp\-pki\fR program sets up and manages a public key
-infrastructure for use with OpenFlow. It is intended to be a simple
-interface for organizations that do not have an established public key
-infrastructure. Other PKI tools can substitute for or supplement the
-use of \fBofp\-pki\fR.
-
-\fBofp\-pki\fR uses \fBopenssl\fR(1) for certificate management and key
-generation.
-
-.SH "OFFLINE COMMANDS"
-
-The following \fBofp\-pki\fR commands support manual PKI
-administration:
-
-.TP
-\fBinit\fR
-Initializes a new PKI (by default in directory \fB@PKIDIR@\fR) and populates
-it with a pair of certificate authorities for controllers and
-switches.
-
-This command should ideally be run on a high\-security machine separate
-from any OpenFlow controller or switch, called the CA machine. The
-files \fBpki/controllerca/cacert.pem\fR and
-\fBpki/switchca/cacert.pem\fR that it produces will need to be copied
-over to the OpenFlow switches and controllers, respectively. Their
-contents may safely be made public.
-
-By default, \fBofp\-pki\fR generates 2048\-bit RSA keys. The \fB\-B\fR
-or \fB\-\^\-bits\fR option (see below) may be used to override the key
-length. The \fB\-k dsa\fR or \fB\-\^\-key=dsa\fR option may be used to use
-DSA in place of RSA. If DSA is selected, the \fBdsaparam.pem\fR file
-generated in the new PKI hierarchy must be copied to any machine on
-which the \fBreq\fR command (see below) will be executed. Its
-contents may safely be made public.
-
-Other files generated by \fBinit\fR may remain on the CA machine.
-The files \fBpki/controllerca/private/cakey.pem\fR and
-\fBpki/switchca/private/cakey.pem\fR have particularly sensitive
-contents that should not be exposed.
-
-.TP
-\fBreq\fR \fINAME\fR
-Generates a new private key named \fINAME\fR\fB\-privkey.pem\fR and
-corresponding certificate request named \fINAME\fR\fB\-req.pem\fR.
-The private key can be intended for use by a switch or a controller.
-
-This command should ideally be run on the switch or controller that
-will use the private key to identify itself. The file
-\fINAME\fR\fB\-req.pem\fR must be copied to the CA machine for signing
-with the \fBsign\fR command (below).
-
-This command will output a fingerprint to stdout as its final step.
-Write down the fingerprint and take it to the CA machine before
-continuing with the \fBsign\fR step.
-
-When RSA keys are in use (as is the default), \fBreq\fR, unlike the
-rest of \fBofp\-pki\fR's commands, does not need access to a PKI
-hierarchy created by \fBofp\-pki init\fR. The \fB\-B\fR or
-\fB\-\^\-bits\fR option (see below) may be used to specify the number of
-bits in the generated RSA key.
-
-When DSA keys are used (as specified with \fB\-\^\-key=dsa\fR), \fBreq\fR
-needs access to the \fBdsaparam.pem\fR file created as part of the PKI
-hierarchy (but not to other files in that tree). By default,
-\fBofp\-pki\fR looks for this file in \fB@PKIDIR@/dsaparam.pem\fR, but
-the \fB\-D\fR or \fB\-\^\-dsaparam\fR option (see below) may be used to
-specify an alternate location.
-
-\fINAME\fR\fB\-privkey.pem\fR has sensitive contents that should not be
-exposed. \fINAME\fR\fB\-req.pem\fR may be safely made public.
-
-.TP
-\fBsign\fR \fINAME\fR [\fITYPE\fR]
-Signs the certificate request named \fINAME\fR\fB\-req.pem\fR that was
-produced in the previous step, producing a certificate named
-\fINAME\fR\fB\-cert.pem\fR. \fITYPE\fR, either \fBswitch\fR (default) or
-\fBcontroller\fR, indicates the use for which the key is being
-certified.
-
-This command must be run on the CA machine.
-
-The command will output a fingerprint to stdout and request that you
-verify that it is the same fingerprint output by the \fBreq\fR
-command. This ensures that the request being signed is the same one
-produced by \fBreq\fR. (The \fB\-b\fR or \fB\-\^\-batch\fR option
-suppresses the verification step.)
-
-The file \fINAME\fR\fB\-cert.pem\fR will need to be copied back to the
-switch or controller for which it is intended. Its contents may
-safely be made public.
-
-.TP
-\fBreq+sign\fR \fINAME\fR [\fITYPE\fR]
-Combines the \fBreq\fR and \fBsign\fR commands into a single step,
-outputting all the files produced by each. The
-\fINAME\fR\fB\-privkey.pem\fR and \fINAME\fR\fB\-cert.pem\fR files must
-be copied securely to the switch or controller.
-\fINAME\fR\fB\-privkey.pem\fR has sensitive contents and must not be
-exposed in transit. Afterward, it should be deleted from the CA
-machine.
-
-This combined method is, theoretically, less secure than the
-individual steps performed separately on two different machines,
-because there is additional potential for exposure of the private
-key. However, it is also more convenient.
-
-.TP
-\fBverify\fR \fINAME\fR [\fITYPE\fR]
-Verifies that \fINAME\fR\fB\-cert.pem\fR is a valid certificate for the
-given \fITYPE\fR of use, either \fBswitch\fR (default) or
-\fBcontroller\fR. If the certificate is valid for this use, it prints
-the message ``\fINAME\fR\fB\-cert.pem\fR: OK''; otherwise, it prints an
-error message.
-
-.TP
-\fBfingerprint\fR \fIFILE\fR
-Prints the fingerprint for \fIFILE\fR. If \fIFILE\fR is a
-certificate, then this is the SHA\-1 digest of the DER encoded version
-of the certificate; otherwise, it is the SHA\-1 digest of the entire
-file.
-
-.TP
-\fBself-sign\fR \fINAME\fR
-Signs the certificate request named \fINAME\fB\-req.pem\fR using the
-private key \fINAME\fB-privkey.pem\fR, producing a self-signed
-certificate named \fINAMEfB\-cert.pem\fR. The input files should have
-been produced with \fBofp\-pki req\fR.
-
-Some controllers accept such self-signed certificates.
-
-.SH "ONLINE COMMANDS"
-
-An OpenFlow PKI can be administered online, in conjunction with
-.BR ofp\-pki\-cgi (8)
-and a web server such as Apache:
-
-.IP \(bu
-The web server exports the contents of the PKI via HTTP. All files in
-a PKI hierarchy files may be made public, except for the files
-\fBpki/controllerca/private/cakey.pem\fR and
-\fBpki/switchca/private/cakey.pem\fR, which must not be exposed.
-
-.IP \(bu
-\fBofp\-pki\-cgi\fR allows newly generated certificate requests for
-controllers and switches to be uploaded into the
-\fBpki/controllerca/incoming\fR and \fBpki/switchca/incoming\fR
-directories, respectively. Uploaded certificate requests are stored
-in those directories under names of the form
-\fIFINGERPRINT\fB\-req.pem\fR, which \fIFINGERPRINT\fR is the SHA\-1
-hash of the file.
-
-.IP \(bu
-These \fBofp\-pki\fR commands allow incoming certificate requests to
-be approved or rejected, in a form are suitable for use by humans or
-other software.
-
-.PP
-The following \fBofp\-pki\fR commands support online administration:
-
-.TP
-\fBofp\-pki\fR \fBls\fR [\fIPREFIX\fR] [\fITYPE\fR]
-Lists all of the incoming certificate requests of the given \fITYPE\fR
-(either \fBswitch\fR, the default, or \fBcontroller\fR). If
-\fIPREFIX\fR, which must be at least 4 characters long, is specified,
-it causes the list to be limited to files whose names begin with
-\fIPREFIX\fR. This is useful, for example, to avoid typing in an
-entire fingerprint when checking that a specific certificate request
-has been received.
-
-.TP
-\fBofp\-pki\fR \fBflush\fR [\fITYPE\fR]
-Deletes all certificate requests of the given \fITYPE\fR.
-
-.TP
-\fBofp\-pki\fR \fBreject\fR \fIPREFIX\fR [\fITYPE\fR]
-Rejects the certificate request whose name begins with \fIPREFIX\fR,
-which must be at least 4 characters long, of the given type (either
-\fBswitch\fR, the default, or \fBcontroller\fR). \fIPREFIX\fR must
-match exactly one certificate request; its purpose is to allow the
-user to type fewer characters, not to match multiple certificate
-requests.
-
-.TP
-\fBofp\-pki\fR \fBapprove\fR \fIPREFIX\fR [\fITYPE\fR]
-Approves the certificate request whose name begins with \fIPREFIX\fR,
-which must be at least 4 characters long, of the given \fITYPE\fR
-(either \fBswitch\fR, the default, or \fBcontroller\fR). \fIPREFIX\fR
-must match exactly one certificate request; its purpose is to allow
-the user to type fewer characters, not to match multiple certificate
-requests.
-
-The command will output a fingerprint to stdout and request that you
-verify that it is correct. (The \fB\-b\fR or \fB\-\^\-batch\fR option
-suppresses the verification step.)
-
-.TP
-\fBofp\-pki\fR \fBprompt\fR [\fITYPE\fR]
-Prompts the user for each incoming certificate request of the given
-\fITYPE\fR (either \fBswitch\fR, the default, or \fBcontroller\fR).
-Based on the certificate request's fingerprint, the user is given the
-option of approving, rejecting, or skipping the certificate request.
-
-.TP
-\fBofp\-pki\fR \fBexpire\fR [\fIAGE\fR]
-
-Rejects all the incoming certificate requests, of either type, that is
-older than \fIAGE\fR, which must in one of the forms \fIN\fBs\fR,
-\fIN\fBmin\fR, \fIN\fBh\fR, \fIN\fBday\fR. The default is \fB1day\fR.
-
-.SH OPTIONS
-.TP
-\fB\-k\fR \fItype\fR | \fB\-\^\-key=\fItype\fR
-For the \fBinit\fR command, sets the public key algorithm to use for
-the new PKI hierarchy. For the \fBreq\fR and \fBreq+sign\fR commands,
-sets the public key algorithm to use for the key to be generated,
-which must match the value specified on \fBinit\fR. With other
-commands, the value has no effect.
-
-The \fItype\fR may be \fBrsa\fR (the default) or \fBdsa\fR.
-
-.TP
-\fB\-B\fR \fInbits\fR | \fB\-\^\-bits=\fInbits\fR
-Sets the number of bits in the key to be generated. When RSA keys are
-in use, this option affects only the \fBinit\fR, \fBreq\fR, and
-\fBreq+sign\fR commands, and the same value should be given each time.
-With DSA keys are in use, this option affects only the \fBinit\fR
-command.
-
-The value must be at least 1024. The default is 2048.
-
-.TP
-\fB\-D\fR \fIfile\fR | \fB\-\^\-dsaparam=\fIfile\fR
-Specifies an alternate location for the \fBdsaparam.pem\fR file
-required by the \fBreq\fR and \fBreq+sign\fR commands. This option
-affects only these commands, and only when DSA keys are used.
-
-The default is \fBdsaparam.pem\fR under the PKI hierarchy.
-
-.TP
-\fB\-b\fR | \fB\-\^\-batch\fR
-Suppresses the interactive verification of fingerprints that the
-\fBsign\fR and \fBapprove\fR commands by default require.
-
-.TP
-\fB\-d\fR \fIdir\fR | \fB\-\^\-dir=\fR\fIdir\fR
-Specifies the location of the PKI hierarchy to be used or created by
-the command (default: \fB@PKIDIR@\fR). All commands, except \fBreq\fR,
-need access to a PKI hierarchy.
-
-.TP
-\fB\-f\fR | \fB\-\^\-force\fR
-By default, \fBofp\-pki\fR will not overwrite existing files or
-directories. This option overrides this behavior.
-
-.TP
-\fB\-l\fR \fIfile\fR | \fB\-\^\-log=\fIfile\fR
-Sets the log file to \fIfile\fR. Default:
-\fB@LOGDIR@/ofp\-pki.log\fR.
-
-.TP
-\fB\-h\fR | \fB\-\^\-help\fR
-Prints a help usage message and exits.
-
-.SH "SEE ALSO"
-
-.BR controller (8),
-.BR dpctl (8),
-.BR ofp\-pki\-cgi (8),
-.BR secchan (8),
-.BR udatapath (8)
+++ /dev/null
-#! /bin/sh
-
-set -e
-
-pkidir='@PKIDIR@'
-command=
-prev=
-force=no
-batch=no
-log='@LOGDIR@/ofp-pki.log'
-keytype=rsa
-bits=2048
-for option; do
- # This option-parsing mechanism borrowed from a Autoconf-generated
- # configure script under the following license:
-
- # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001,
- # 2002, 2003, 2004, 2005, 2006 Free Software Foundation, Inc.
- # This configure script is free software; the Free Software Foundation
- # gives unlimited permission to copy, distribute and modify it.
-
- # If the previous option needs an argument, assign it.
- if test -n "$prev"; then
- eval $prev=\$option
- prev=
- continue
- fi
- case $option in
- *=*) optarg=`expr "X$option" : '[^=]*=\(.*\)'` ;;
- *) optarg=yes ;;
- esac
-
- case $dashdash$option in
- --)
- dashdash=yes ;;
- -h|--help)
- cat <<EOF
-ofp-pki, for managing a simple OpenFlow public key infrastructure
-usage: $0 [OPTION...] COMMAND [ARG...]
-
-The valid stand-alone commands and their arguments are:
- init Initialize the PKI
- req NAME Create new private key and certificate request
- named NAME-privkey.pem and NAME-req.pem, resp.
- sign NAME [TYPE] Sign switch certificate request NAME-req.pem,
- producing certificate NAME-cert.pem
- req+sign NAME [TYPE] Combine the above two steps, producing all three files.
- verify NAME [TYPE] Checks that NAME-cert.pem is a valid TYPE certificate
- fingerprint FILE Prints the fingerprint for FILE
- self-sign NAME Sign NAME-req.pem with NAME-privkey.pem,
- producing self-signed certificate NAME-cert.pem
-
-The following additional commands manage an online PKI:
- ls [PREFIX] [TYPE] Lists incoming requests of the given TYPE, optionally
- limited to those whose fingerprint begins with PREFIX
- flush [TYPE] Rejects all incoming requests of the given TYPE
- reject PREFIX [TYPE] Rejects the incoming request(s) whose fingerprint begins
- with PREFIX and has the given TYPE
- approve PREFIX [TYPE] Approves the incoming request whose fingerprint begins
- with PREFIX and has the given TYPE
- expire [AGE] Rejects all incoming requests older than AGE, in
- one of the forms Ns, Nmin, Nh, Nday (default: 1day)
- prompt [TYPE] Interactively prompts to accept or reject each incoming
- request of the given TYPE
-
-Each TYPE above is a certificate type: 'switch' (default) or 'controller'.
-
-Options for 'init', 'req', and 'req+sign' only:
- -k, --key=rsa|dsa Type of keys to use (default: rsa)
- -B, --bits=NBITS Number of bits in keys (default: 2048). For DSA keys,
- this has an effect only on 'init'.
- -D, --dsaparam=FILE File with DSA parameters (DSA only)
- (default: dsaparam.pem within PKI directory)
-Options for use with the 'sign' and 'approve' commands:
- -b, --batch Skip fingerprint verification
-Options that apply to any command:
- -d, --dir=DIR Directory where the PKI is located
- (default: $pkidir)
- -f, --force Continue even if file or directory already exists
- -l, --log=FILE Log openssl output to FILE (default: ofp-log.log)
- -h, --help Print this usage message.
-EOF
- exit 0
- ;;
- --di*=*)
- pkidir=$optarg
- ;;
- --di*|-d)
- prev=pkidir
- ;;
- --k*=*)
- keytype=$optarg
- ;;
- --k*|-k)
- prev=keytype
- ;;
- --bi*=*)
- bits=$optarg
- ;;
- --bi*|-B)
- prev=bits
- ;;
- --ds*=*)
- dsaparam=$optarg
- ;;
- --ds*|-D)
- prev=dsaparam
- ;;
- --l*=*)
- log=$optarg
- ;;
- --l*|-l)
- prev=log
- ;;
- --force|-f)
- force=yes
- ;;
- --ba*|-b)
- batch=yes
- ;;
- -*)
- echo "unrecognized option $option" >&2
- exit 1
- ;;
- *)
- if test -z "$command"; then
- command=$option
- elif test -z "${arg1+set}"; then
- arg1=$option
- elif test -z "${arg2+set}"; then
- arg2=$option
- else
- echo "$option: only two arguments may be specified" >&2
- exit 1
- fi
- ;;
- esac
- shift
-done
-if test -n "$prev"; then
- option=--`echo $prev | sed 's/_/-/g'`
- { echo "$as_me: error: missing argument to $option" >&2
- { (exit 1); exit 1; }; }
-fi
-if test -z "$command"; then
- echo "$0: missing command name; use --help for help" >&2
- exit 1
-fi
-if test "$keytype" != rsa && test "$keytype" != dsa; then
- echo "$0: argument to -k or --key must be rsa or dsa"
- exit 1
-fi
-if test "$bits" -lt 1024; then
- echo "$0: argument to -B or --bits must be at least 1024"
- exit 1
-fi
-if test -z "$dsaparam"; then
- dsaparam=$pkidir/dsaparam.pem
-fi
-case $log in
- /*) ;;
- *) $log="$PWD/$log" ;;
-esac
-
-if test "$command" = "init"; then
- if test -e "$pkidir" && test "$force" != "yes"; then
- echo "$0: $pkidir already exists and --force not specified" >&2
- exit 1
- fi
-
- if test ! -d "$pkidir"; then
- mkdir -p "$pkidir"
- fi
- cd "$pkidir"
- exec 3>>$log
-
- if test $keytype = dsa && test ! -e dsaparam.pem; then
- echo "Generating DSA parameters, please wait..." >&2
- openssl dsaparam -out dsaparam.pem $bits 1>&3 2>&3
- fi
-
- # Create the CAs.
- for ca in controllerca switchca; do
- echo "Creating $ca..." >&2
- oldpwd=$PWD
- mkdir -p $ca
- cd $ca
-
- mkdir -p certs crl newcerts
- mkdir -p -m 0700 private
- mkdir -p -m 0733 incoming
- touch index.txt
- test -e crlnumber || echo 01 > crlnumber
- test -e serial || echo 01 > serial
-
- # Put DSA parameters in directory.
- if test $keytype = dsa && test ! -e dsaparam.pem; then
- cp ../dsaparam.pem .
- fi
-
- # Write CA configuration file.
- if test ! -e ca.cnf; then
- sed "s/@ca@/$ca/g" > ca.cnf <<'EOF'
-[ req ]
-prompt = no
-distinguished_name = req_distinguished_name
-
-[ req_distinguished_name ]
-C = US
-ST = CA
-L = Palo Alto
-O = OpenFlow
-OU = @ca@
-CN = OpenFlow @ca@ CA Certificate
-
-[ ca ]
-default_ca = the_ca
-
-[ the_ca ]
-dir = . # top dir
-database = $dir/index.txt # index file.
-new_certs_dir = $dir/newcerts # new certs dir
-certificate = $dir/cacert.pem # The CA cert
-serial = $dir/serial # serial no file
-private_key = $dir/private/cakey.pem# CA private key
-RANDFILE = $dir/private/.rand # random number file
-default_days = 365 # how long to certify for
-default_crl_days= 30 # how long before next CRL
-default_md = md5 # md to use
-policy = policy # default policy
-email_in_dn = no # Don't add the email into cert DN
-name_opt = ca_default # Subject name display option
-cert_opt = ca_default # Certificate display option
-copy_extensions = none # Don't copy extensions from request
-
-# For the CA policy
-[ policy ]
-countryName = optional
-stateOrProvinceName = optional
-organizationName = match
-organizationalUnitName = optional
-commonName = supplied
-emailAddress = optional
-EOF
- fi
-
- # Create certificate authority.
- if test $keytype = dsa; then
- newkey=dsa:dsaparam.pem
- else
- newkey=rsa:$bits
- fi
- openssl req -config ca.cnf -nodes \
- -newkey $newkey -keyout private/cakey.pem -out careq.pem \
- 1>&3 2>&3
- openssl ca -config ca.cnf -create_serial -out cacert.pem \
- -days 1095 -batch -keyfile private/cakey.pem -selfsign \
- -infiles careq.pem 1>&3 2>&3
- chmod 0700 private/cakey.pem
-
- cd "$oldpwd"
- done
- exit 0
-fi
-
-one_arg() {
- if test -z "$arg1" || test -n "$arg2"; then
- echo "$0: $command must have exactly one argument; use --help for help" >&2
- exit 1
- fi
-}
-
-zero_or_one_args() {
- if test -n "$arg2"; then
- echo "$0: $command must have zero or one arguments; use --help for help" >&2
- exit 1
- fi
-}
-
-one_or_two_args() {
- if test -z "$arg1"; then
- echo "$0: $command must have one or two arguments; use --help for help" >&2
- exit 1
- fi
-}
-
-must_not_exist() {
- if test -e "$1" && test "$force" != "yes"; then
- echo "$0: $1 already exists and --force not supplied" >&2
- exit 1
- fi
-}
-
-resolve_prefix() {
- test -n "$type" || exit 123 # Forgot to call check_type?
-
- case $1 in
- ????*)
- ;;
- *)
- echo "Prefix $arg1 is too short (less than 4 hex digits)"
- exit 0
- ;;
- esac
-
- fingerprint=$(cd "$pkidir/${type}ca/incoming" && echo "$1"*-req.pem
- | sed 's/-req\.pem$//')
- case $fingerprint in
- "${1}*")
- echo "No certificate requests matching $1"
- exit 1
- ;;
- *" "*)
- echo "$1 matches more than one certificate request:"
- echo $fingerprint | sed 's/ /\
-/g'
- exit 1
- ;;
- *)
- # Nothing to do.
- ;;
- esac
- req="$pkidir/${type}ca/incoming/$fingerprint-req.pem"
- cert="$pkidir/${type}ca/certs/$fingerprint-cert.pem"
-}
-
-make_tmpdir() {
- TMP=/tmp/ofp-pki.tmp$$
- rm -rf $TMP
- trap "rm -rf $TMP" 0
- mkdir -m 0700 $TMP
-}
-
-fingerprint() {
- local file=$1
- local name=${1-$2}
- local date=$(date -r $file)
- local fingerprint
- if grep -q -e '-BEGIN CERTIFICATE-' "$file"; then
- fingerprint=$(openssl x509 -noout -in "$file" -fingerprint |
- sed 's/SHA1 Fingerprint=//' | tr -d ':')
- else
- fingerprint=$(sha1sum "$file" | awk '{print $1}')
- fi
- printf "$name\\t$date\\n"
- case $file in
- $fingerprint*)
- printf "\\t(correct fingerprint in filename)\\n"
- ;;
- *)
- printf "\\tfingerprint $fingerprint\\n"
- ;;
- esac
-}
-
-verify_fingerprint() {
- fingerprint "$@"
- if test $batch != yes; then
- echo "Does fingerprint match? (yes/no)"
- read answer
- if test "$answer" != yes; then
- echo "Match failure, aborting" >&2
- exit 1
- fi
- fi
-}
-
-check_type() {
- if test x = x"$1"; then
- type=switch
- elif test "$1" = switch || test "$1" = controller; then
- type=$1
- else
- echo "$0: type argument must be 'switch' or 'controller'" >&2
- exit 1
- fi
-}
-
-parse_age() {
- number=$(echo $1 | sed 's/^\([0-9]\+\)\([[:alpha:]]\+\)/\1/')
- unit=$(echo $1 | sed 's/^\([0-9]\+\)\([[:alpha:]]\+\)/\2/')
- case $unit in
- s)
- factor=1
- ;;
- min)
- factor=60
- ;;
- h)
- factor=3600
- ;;
- day)
- factor=86400
- ;;
- *)
- echo "$1: age not in the form Ns, Nmin, Nh, Nday (e.g. 1day)" >&2
- exit 1
- ;;
- esac
- echo $(($number * $factor))
-}
-
-must_exist() {
- if test ! -e "$1"; then
- echo "$0: $1 does not exist" >&2
- exit 1
- fi
-}
-
-pkidir_must_exist() {
- if test ! -e "$pkidir"; then
- echo "$0: $pkidir does not exist (need to run 'init' or use '--dir'?)" >&2
- exit 1
- elif test ! -d "$pkidir"; then
- echo "$0: $pkidir is not a directory" >&2
- exit 1
- fi
-}
-
-make_request() {
- must_not_exist "$arg1-privkey.pem"
- must_not_exist "$arg1-req.pem"
- make_tmpdir
- cat > "$TMP/req.cnf" <<EOF
-[ req ]
-prompt = no
-distinguished_name = req_distinguished_name
-
-[ req_distinguished_name ]
-C = US
-ST = CA
-L = Palo Alto
-O = OpenFlow
-OU = OpenFlow certifier
-CN = OpenFlow certificate for $arg1
-EOF
- if test $keytype = rsa; then
- newkey=rsa:$bits
- else
- must_exist "$dsaparam"
- newkey=dsa:$dsaparam
- fi
- openssl req -config "$TMP/req.cnf" -text -nodes \
- -newkey $newkey -keyout "$1-privkey.pem" -out "$1-req.pem" 1>&3 2>&3
-}
-
-sign_request() {
- must_exist "$1"
- must_not_exist "$2"
- pkidir_must_exist
-
- (cd "$pkidir/${type}ca" &&
- openssl ca -config ca.cnf -batch -in /dev/stdin) \
- < "$1" > "$2.tmp$$" 2>&3
- mv "$2.tmp$$" "$2"
-}
-
-glob() {
- local files=$(echo $1)
- if test "$files" != "$1"; then
- echo "$files"
- fi
-}
-
-exec 3>>$log || true
-if test "$command" = req; then
- one_arg
-
- make_request "$arg1"
- fingerprint "$arg1-req.pem"
-elif test "$command" = sign; then
- one_or_two_args
- check_type "$arg2"
- verify_fingerprint "$arg1-req.pem"
-
- sign_request "$arg1-req.pem" "$arg2-cert.pem"
-elif test "$command" = req+sign; then
- one_or_two_args
- check_type "$arg2"
-
- pkidir_must_exist
- make_request "$arg1"
- sign_request "$arg1-req.pem" "$arg1-cert.pem"
- fingerprint "$arg1-req.pem"
-elif test "$command" = verify; then
- one_or_two_args
- must_exist "$arg1-cert.pem"
- check_type "$arg2"
-
- pkidir_must_exist
- openssl verify -CAfile "$pkidir/${type}ca/cacert.pem" "$arg1-cert.pem"
-elif test "$command" = fingerprint; then
- one_arg
-
- fingerprint "$arg1"
-elif test "$command" = self-sign; then
- one_arg
- must_exist "$arg1-req.pem"
- must_exist "$arg1-privkey.pem"
- must_not_exist "$arg1-cert.pem"
-
- openssl x509 -in "$arg1-req.pem" -out "$arg1-cert.pem" \
- -signkey "$arg1-privkey.pem" -req -text 2>&3
-elif test "$command" = ls; then
- check_type "$arg2"
-
- cd "$pkidir/${type}ca/incoming"
- for file in $(glob "$arg1*-req.pem"); do
- fingerprint $file
- done
-elif test "$command" = flush; then
- check_type "$arg1"
-
- rm -f "$pkidir/${type}ca/incoming/"*
-elif test "$command" = reject; then
- one_or_two_args
- check_type "$arg2"
- resolve_prefix "$arg1"
-
- rm -f "$req"
-elif test "$command" = approve; then
- one_or_two_args
- check_type "$arg2"
- resolve_prefix "$arg1"
-
- make_tmpdir
- cp "$req" "$TMP/$req"
- verify_fingerprint "$TMP/$req"
- sign_request "$TMP/$req"
- rm -f "$req" "$TMP/$req"
-elif test "$command" = prompt; then
- zero_or_one_args
- check_type "$arg1"
-
- make_tmpdir
- cd "$pkidir/${type}ca/incoming"
- for req in $(glob "*-req.pem"); do
- cp "$req" "$TMP/$req"
-
- cert=$(echo "$pkidir/${type}ca/certs/$req" |
- sed 's/-req.pem/-cert.pem/')
- if test -f $cert; then
- echo "Request $req already approved--dropping duplicate request"
- rm -f "$req" "$TMP/$req"
- continue
- fi
-
- echo
- echo
- fingerprint "$TMP/$req" "$req"
- printf "Disposition for this request (skip/approve/reject)? "
- read answer
- case $answer in
- approve)
- echo "Approving $req"
- sign_request "$TMP/$req" "$cert"
- rm -f "$req" "$TMP/$req"
- ;;
- r*)
- echo "Rejecting $req"
- rm -f "$req" "$TMP/$req"
- ;;
- *)
- echo "Skipping $req"
- ;;
- esac
- done
-elif test "$command" = expire; then
- zero_or_one_args
- cutoff=$(($(date +%s) - $(parse_age ${arg1-1day})))
- for type in switch controller; do
- cd "$pkidir/${type}ca/incoming" || exit 1
- for file in $(glob "*"); do
- time=$(date -r "$file" +%s)
- if test "$time" -lt "$cutoff"; then
- rm -f "$file"
- fi
- done
- done
-else
- echo "$0: $command command unknown; use --help for help" >&2
- exit 1
-fi
--- /dev/null
+.TH ovs\-discover 8 "May 2008" "OpenVSwitch" "OpenVSwitch Manual"
+.ds PN ovs\-discover
+
+.SH NAME
+ovs\-discover \- controller discovery utility
+
+.SH SYNOPSIS
+.B ovs\-discover
+[\fIoptions\fR] \fInetdev\fR [\fInetdev\fR...]
+
+.SH DESCRIPTION
+The \fBovs\-discover\fR program attempts to discover the location of
+an OpenFlow controller on one of the network devices listed on the
+command line. It repeatedly broadcasts a DHCP request with vendor
+class identifier \fBOpenFlow\fR on each network device until it
+receives an acceptable DHCP response. It will accept any valid DHCP
+reply that has the same vendor class identifier and includes a
+vendor-specific option with code 1 whose contents are a string
+specifying the location of the controller in the same format used on
+the \fBsecchan\fR command line (e.g. \fBssl:192.168.0.1\fR).
+
+When \fBovs\-discover\fR receives an acceptable response, it prints
+the details of the response on \fBstdout\fR. Then, by default, it
+configures the network device on which the response was received with
+the received IP address, netmask, and default gateway, and detaches
+itself to the background.
+
+.SH OPTIONS
+.TP
+\fB--accept-vconn=\fIregex\fR
+By default, \fBovs\-discover\fR accepts any controller location
+advertised over DHCP. With this option, only controllers whose names
+match POSIX extended regular expression \fIregex\fR will be accepted.
+Specifying \fBssl:.*\fR for \fIregex\fR, for example, would cause only
+SSL controller connections to be accepted.
+
+The \fIregex\fR is implicitly anchored at the beginning of the
+controller location string, as if it begins with \fB^\fR.
+
+.TP
+\fB--exit-without-bind\fR
+By default, \fBovs\-discover\fR binds the network device that receives
+the first acceptable response to the IP address received over DHCP.
+With this option, the configuration of the network device is not
+changed at all, except to bring it up if it is initially down, and
+\fBovs\-discover\fR will exit immediately after it receives an
+acceptable DHCP response.
+
+This option is mutually exclusive with \fB--exit-after-bind\fR and
+\fB--no-detach\fR.
+
+.TP
+\fB--exit-after-bind\fR
+By default, after it receives an acceptable DHCP response,
+\fBovs\-discover\fR detaches itself from the foreground session and
+runs in the background maintaining the DHCP lease as necessary. With
+this option, \fBovs\-discover\fR will exit immediately after it
+receives an acceptable DHCP response and configures the network device
+with the received IP address. The address obtained via DHCP could
+therefore be used past the expiration of its lease.
+
+This option is mutually exclusive with \fB--exit-without-bind\fR and
+\fB--no-detach\fR.
+
+.TP
+\fB--no-detach\fR
+By default, \fBovs\-discover\fR runs in the foreground until it obtains
+an acceptable DHCP response, then it detaches itself from the
+foreground session and run as a background process. This option
+prevents \fBovs\-discover\fR from detaching, causing it to run in the
+foreground even after it obtains a DHCP response.
+
+This option is mutually exclusive with \fB--exit-without-bind\fR and
+\fB--exit-after-bind\fR.
+
+.TP
+\fB-P\fR[\fIpidfile\fR], \fB--pidfile\fR[\fB=\fIpidfile\fR]
+Causes a file (by default, \fBovs\-discover.pid\fR) to be created indicating
+the PID of the running process. If \fIpidfile\fR is not specified, or
+if it does not begin with \fB/\fR, then it is created in
+\fB@RUNDIR@\fR.
+
+The \fIpidfile\fR is created when \fBovs\-discover\fR detaches, so
+this this option has no effect when one of \fB--exit-without-bind\fR,
+\fB--exit-after-bind\fR, or \fB--no-detach\fR is also given.
+
+.TP
+\fB-f\fR, \fB--force\fR
+By default, when \fB-P\fR or \fB--pidfile\fR is specified and the
+specified pidfile already exists and is locked by a running process,
+\fBcontroller\fR refuses to start. Specify \fB-f\fR or \fB--force\fR
+to cause it to instead overwrite the pidfile.
+
+When \fB-P\fR or \fB--pidfile\fR is not specified, this option has no
+effect.
+
+.so lib/vlog.man
+.so lib/common.man
+
+.SH BUGS
+
+If the network devices specified on the command line have been added
+to an OpenVSwitch datapath with \fBdpctl addif\fR, then controller
+discovery will fail because \fBovs\-discover\fR will not be able to
+see DHCP responses, even though tools such as \fBtcpdump\fR(8) and
+\fBwireshark\fR(1) can see them on the wire. This is because of the
+structure of the Linux kernel networking stack, which hands packets
+first to programs that listen for all arriving packets, then to
+OpenVSwitch, then to programs that listen for a specific kind of packet.
+OpenVSwitch consumes all the packets handed to it, so tools like
+\fBtcpdump\fR that look at all packets will see packets arriving on
+OpenVSwitch interfaces, but \fRovs\-discover\fR, which listens only for
+arriving IP packets, will not.
+
+.SH "SEE ALSO"
+
+.BR secchan (8),
+.BR ovs-pki (8)
--- /dev/null
+/* Copyright (c) 2008, 2009 The Board of Trustees of The Leland Stanford
+ * Junior University
+ *
+ * We are making the OpenFlow specification and associated documentation
+ * (Software) available for public use and benefit with the expectation
+ * that others will use, modify and enhance the Software and contribute
+ * those enhancements back to the community. However, since we would
+ * like to make the Software available for broadest use, with as few
+ * restrictions as possible permission is hereby granted, free of
+ * charge, to any person obtaining a copy of this Software to deal in
+ * the Software under the copyrights without restriction, including
+ * without limitation the rights to use, copy, modify, merge, publish,
+ * distribute, sublicense, and/or sell copies of the Software, and to
+ * permit persons to whom the Software is furnished to do so, subject to
+ * the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+ * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+ * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+ * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ *
+ * The name and trademarks of copyright holder(s) may NOT be used in
+ * advertising or publicity pertaining to the Software or any
+ * derivatives without specific, written prior permission.
+ */
+
+#include <config.h>
+#include <getopt.h>
+#include <limits.h>
+#include <regex.h>
+#include <signal.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include "command-line.h"
+#include "daemon.h"
+#include "dhcp-client.h"
+#include "dhcp.h"
+#include "dirs.h"
+#include "dynamic-string.h"
+#include "fatal-signal.h"
+#include "netdev.h"
+#include "poll-loop.h"
+#include "timeval.h"
+#include "unixctl.h"
+#include "util.h"
+
+#include "vlog.h"
+#define THIS_MODULE VLM_ovs_discover
+
+struct iface {
+ const char *name;
+ struct dhclient *dhcp;
+};
+
+/* The interfaces that we serve. */
+static struct iface *ifaces;
+static int n_ifaces;
+
+/* --accept-vconn: Regular expression specifying the class of controller vconns
+ * that we will accept during autodiscovery. */
+static const char *accept_controller_re = ".*";
+static regex_t accept_controller_regex;
+
+/* --exit-without-bind: Exit after discovering the controller, without binding
+ * the network device to an IP address? */
+static bool exit_without_bind;
+
+/* --exit-after-bind: Exit after discovering the controller, after binding the
+ * network device to an IP address? */
+static bool exit_after_bind;
+
+static bool iface_init(struct iface *, const char *netdev_name);
+static void release_ifaces(void *aux UNUSED);
+
+static void parse_options(int argc, char *argv[]);
+static void usage(void) NO_RETURN;
+
+static void modify_dhcp_request(struct dhcp_msg *, void *aux);
+static bool validate_dhcp_offer(const struct dhcp_msg *, void *aux);
+
+int
+main(int argc, char *argv[])
+{
+ struct unixctl_server *unixctl;
+ int retval;
+ int i;
+
+ set_program_name(argv[0]);
+ time_init();
+ vlog_init();
+ parse_options(argc, argv);
+
+ argc -= optind;
+ argv += optind;
+ if (argc < 1) {
+ ovs_fatal(0, "need at least one non-option argument; "
+ "use --help for usage");
+ }
+
+ ifaces = xmalloc(argc * sizeof *ifaces);
+ n_ifaces = 0;
+ for (i = 0; i < argc; i++) {
+ if (iface_init(&ifaces[n_ifaces], argv[i])) {
+ n_ifaces++;
+ }
+ }
+ if (!n_ifaces) {
+ ovs_fatal(0, "failed to initialize any DHCP clients");
+ }
+
+ for (i = 0; i < n_ifaces; i++) {
+ struct iface *iface = &ifaces[i];
+ dhclient_init(iface->dhcp, 0);
+ }
+ fatal_signal_add_hook(release_ifaces, NULL, true);
+
+ retval = regcomp(&accept_controller_regex, accept_controller_re,
+ REG_NOSUB | REG_EXTENDED);
+ if (retval) {
+ size_t length = regerror(retval, &accept_controller_regex, NULL, 0);
+ char *buffer = xmalloc(length);
+ regerror(retval, &accept_controller_regex, buffer, length);
+ ovs_fatal(0, "%s: %s", accept_controller_re, buffer);
+ }
+
+ retval = unixctl_server_create(NULL, &unixctl);
+ if (retval) {
+ ovs_fatal(retval, "Could not listen for unixctl connections");
+ }
+
+ die_if_already_running();
+
+ signal(SIGPIPE, SIG_IGN);
+ for (;;) {
+ fatal_signal_block();
+ for (i = 0; i < n_ifaces; i++) {
+ struct iface *iface = &ifaces[i];
+ dhclient_run(iface->dhcp);
+ if (dhclient_changed(iface->dhcp)) {
+ bool is_bound = dhclient_is_bound(iface->dhcp);
+ int j;
+
+ /* Configure network device. */
+ if (!exit_without_bind) {
+ dhclient_configure_netdev(iface->dhcp);
+ dhclient_update_resolv_conf(iface->dhcp);
+ }
+
+ if (is_bound) {
+ static bool detached = false;
+ struct ds ds;
+
+ /* Disable timeout, since discovery was successful. */
+ time_alarm(0);
+
+ /* Print discovered parameters. */
+ ds_init(&ds);
+ dhcp_msg_to_string(dhclient_get_config(iface->dhcp),
+ true, &ds);
+ fputs(ds_cstr(&ds), stdout);
+ putchar('\n');
+ fflush(stdout);
+ ds_destroy(&ds);
+
+ /* Exit if the user requested it. */
+ if (exit_without_bind) {
+ VLOG_DBG("exiting because of successful binding on %s "
+ "and --exit-without-bind specified",
+ iface->name);
+ exit(0);
+ }
+ if (exit_after_bind) {
+ VLOG_DBG("exiting because of successful binding on %s "
+ "and --exit-after-bind specified",
+ iface->name);
+ exit(0);
+ }
+
+ /* Detach into background, if we haven't already. */
+ if (!detached) {
+ detached = true;
+ daemonize();
+ }
+ }
+
+ /* We only want an address on a single one of our interfaces.
+ * So: if we have an address on this interface, stop looking
+ * for one on the others; if we don't have an address on this
+ * interface, start looking everywhere. */
+ for (j = 0; j < n_ifaces; j++) {
+ struct iface *if2 = &ifaces[j];
+ if (iface != if2) {
+ if (is_bound) {
+ dhclient_release(if2->dhcp);
+ } else {
+ dhclient_init(if2->dhcp, 0);
+ }
+ }
+ }
+ }
+ }
+ unixctl_server_run(unixctl);
+ for (i = 0; i < n_ifaces; i++) {
+ struct iface *iface = &ifaces[i];
+ dhclient_wait(iface->dhcp);
+ }
+ unixctl_server_wait(unixctl);
+ fatal_signal_unblock();
+ poll_block();
+ }
+
+ return 0;
+}
+
+static bool
+iface_init(struct iface *iface, const char *netdev_name)
+{
+ int retval;
+
+ iface->name = netdev_name;
+ iface->dhcp = NULL;
+
+ if (exit_after_bind) {
+ /* Bring this interface up permanently, so that the bound address
+ * persists past program termination. */
+ struct netdev *netdev;
+
+ retval = netdev_open(iface->name, NETDEV_ETH_TYPE_NONE, &netdev);
+ if (retval) {
+ ovs_error(retval, "Could not open %s device", iface->name);
+ return false;
+ }
+ retval = netdev_turn_flags_on(netdev, NETDEV_UP, true);
+ if (retval) {
+ ovs_error(retval, "Could not bring %s device up", iface->name);
+ return false;
+ }
+ netdev_close(netdev);
+ }
+
+ retval = dhclient_create(iface->name, modify_dhcp_request,
+ validate_dhcp_offer, NULL, &iface->dhcp);
+ if (retval) {
+ ovs_error(retval, "%s: failed to initialize DHCP client", iface->name);
+ return false;
+ }
+
+ return true;
+}
+
+static void
+release_ifaces(void *aux UNUSED)
+{
+ int i;
+
+ for (i = 0; i < n_ifaces; i++) {
+ struct dhclient *dhcp = ifaces[i].dhcp;
+ dhclient_release(dhcp);
+ if (dhclient_changed(dhcp)) {
+ dhclient_configure_netdev(dhcp);
+ }
+ }
+}
+
+static void
+modify_dhcp_request(struct dhcp_msg *msg, void *aux UNUSED)
+{
+ dhcp_msg_put_string(msg, DHCP_CODE_VENDOR_CLASS, "OpenFlow");
+}
+
+static bool
+validate_dhcp_offer(const struct dhcp_msg *msg, void *aux UNUSED)
+{
+ static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(60, 60);
+ char *vconn_name;
+ bool accept;
+
+ vconn_name = dhcp_msg_get_string(msg, DHCP_CODE_OFP_CONTROLLER_VCONN);
+ if (!vconn_name) {
+ VLOG_WARN_RL(&rl, "rejecting DHCP offer missing controller vconn");
+ return false;
+ }
+ accept = !regexec(&accept_controller_regex, vconn_name, 0, NULL, 0);
+ free(vconn_name);
+ return accept;
+}
+
+static void
+parse_options(int argc, char *argv[])
+{
+ enum {
+ OPT_ACCEPT_VCONN = UCHAR_MAX + 1,
+ OPT_EXIT_WITHOUT_BIND,
+ OPT_EXIT_AFTER_BIND,
+ OPT_NO_DETACH,
+ };
+ static struct option long_options[] = {
+ {"accept-vconn", required_argument, 0, OPT_ACCEPT_VCONN},
+ {"exit-without-bind", no_argument, 0, OPT_EXIT_WITHOUT_BIND},
+ {"exit-after-bind", no_argument, 0, OPT_EXIT_AFTER_BIND},
+ {"no-detach", no_argument, 0, OPT_NO_DETACH},
+ {"timeout", required_argument, 0, 't'},
+ {"pidfile", optional_argument, 0, 'P'},
+ {"force", no_argument, 0, 'f'},
+ {"verbose", optional_argument, 0, 'v'},
+ {"help", no_argument, 0, 'h'},
+ {"version", no_argument, 0, 'V'},
+ {0, 0, 0, 0},
+ };
+ char *short_options = long_options_to_short_options(long_options);
+ bool detach_after_bind = true;
+
+ for (;;) {
+ unsigned long int timeout;
+ int c;
+
+ c = getopt_long(argc, argv, short_options, long_options, NULL);
+ if (c == -1) {
+ break;
+ }
+
+ switch (c) {
+ case OPT_ACCEPT_VCONN:
+ accept_controller_re = (optarg[0] == '^'
+ ? optarg
+ : xasprintf("^%s", optarg));
+ break;
+
+ case OPT_EXIT_WITHOUT_BIND:
+ exit_without_bind = true;
+ break;
+
+ case OPT_EXIT_AFTER_BIND:
+ exit_after_bind = true;
+ break;
+
+ case OPT_NO_DETACH:
+ detach_after_bind = false;
+ break;
+
+ case 'P':
+ set_pidfile(optarg);
+ break;
+
+ case 'f':
+ ignore_existing_pidfile();
+ break;
+
+ case 't':
+ timeout = strtoul(optarg, NULL, 10);
+ if (timeout <= 0) {
+ ovs_fatal(0, "value %s on -t or --timeout is not at least 1",
+ optarg);
+ } else {
+ time_alarm(timeout);
+ }
+ signal(SIGALRM, SIG_DFL);
+ break;
+
+ case 'h':
+ usage();
+
+ case 'V':
+ printf("%s %s compiled "__DATE__" "__TIME__"\n",
+ program_name, VERSION BUILDNR);
+ exit(EXIT_SUCCESS);
+
+ case 'v':
+ vlog_set_verbosity(optarg);
+ break;
+
+ case '?':
+ exit(EXIT_FAILURE);
+
+ default:
+ abort();
+ }
+ }
+ free(short_options);
+
+ if ((exit_without_bind + exit_after_bind + !detach_after_bind) > 1) {
+ ovs_fatal(0, "--exit-without-bind, --exit-after-bind, and --no-detach "
+ "are mutually exclusive");
+ }
+ if (detach_after_bind) {
+ set_detach();
+ }
+}
+
+static void
+usage(void)
+{
+ printf("%s: a tool for discovering OpenFlow controllers.\n"
+ "usage: %s [OPTIONS] NETDEV [NETDEV...]\n"
+ "where each NETDEV is a network device on which to perform\n"
+ "controller discovery.\n"
+ "\nOrdinarily, ovs-discover runs in the foreground until it\n"
+ "obtains an IP address and discovers an OpenFlow controller via\n"
+ "DHCP, then it prints information about the controller to stdout\n"
+ "and detaches to the background to maintain the IP address lease.\n"
+ "\nNetworking options:\n"
+ " --accept-vconn=REGEX accept matching discovered controllers\n"
+ " --exit-without-bind exit after discovery, without binding\n"
+ " --exit-after-bind exit after discovery, after binding\n"
+ " --no-detach do not detach after discovery\n",
+ program_name, program_name);
+ vlog_usage();
+ printf("\nOther options:\n"
+ " -t, --timeout=SECS give up discovery after SECS seconds\n"
+ " -P, --pidfile[=FILE] create pidfile (default: %s/%s.pid)\n"
+ " -f, --force with -P, start even if already running\n"
+ " -h, --help display this help message\n"
+ " -V, --version display version information\n",
+ ovs_rundir, program_name);
+ exit(EXIT_SUCCESS);
+}
--- /dev/null
+.TH ovs\-kill 8 "May 2008" "OpenVSwitch" "OpenVSwitch Manual"
+.ds PN ovs\-kill
+
+.SH NAME
+ovs\-kill \- kills processes given their pidfiles
+
+.SH SYNOPSIS
+.B ovs\-kill
+[\fIoptions\fR] \fIpidfile\fR [\fIpidfile\fR...]
+
+.SH DESCRIPTION
+The \fBovs\-kill\fR program reads each \fIpidfile\fR specified on the
+command line and sends a signal to the program associated with it, if
+any. It reads one line of text from \fIpidfile\fR, which must contain
+the PID of the process to kill as a text string. It then uses
+\fBfcntl\fR(2) to verify that a process with the PID from the file
+owns a lock on \fIpidfile\fR before it sends the signal.
+
+A \fIpidfile\fR whose name begins with \fB/\fR is used literally.
+Otherwise, \fB@RUNDIR@/\fR is prefixed.
+
+This program exists for use by \fBovs\-switch\-setup\fR, which cannot
+easily implement its functionality since Perl has no portable
+interface to \fBfcntl\fR-based file locking.
+
+.SH OPTIONS
+.TP
+\fB-s \fInumber\fR|\fIname\fR, \fB\-\^\-signal=\fInumber\fR|\fIname\fR
+Sets the signal to be sent to each process. Signals may be given by
+number (e.g. \fB1\fR) or by name (e.g. \fBHUP\fR or \fBSIGHUP\fR).
+By default, \fBSIGTERM\fR is sent.
+
+.TP
+\fB-f\fR, \fB\-\^\-force\fR
+Causes \fBovs\-kill\fR to ignore all errors without printing a message
+to \fBstderr\fR, and to exit with return code 0.
+
+.so lib/common.man
+
+.SH "EXIT CODE"
+
+Without \fB-f\fR or \fB\-\^\-force\fR, \fBovs\-kill\fR exits with
+status 0 if at least one \fIpidfile\fR was given and the process
+represented by every \fIpidfile\fR was signaled successfully,
+otherwise with status 1.
+
+With \fB-f\fR or \fB\-\^\-force\fR, \fBovs\-kill\fR always exits with
+status 0.
+
+.SH BUGS
+
+There is a race between verifying the lock on \fIpidfile\fR and
+actually killing the process.
+
+\fBovs\-kill\fR does not wait for the signaled processes to die before
+exiting.
+
+.SH "SEE ALSO"
+
+.BR ovs\-switch\-setup (8)
--- /dev/null
+/* Copyright (c) 2008, 2009 The Board of Trustees of The Leland Stanford
+ * Junior University
+ *
+ * We are making the OpenFlow specification and associated documentation
+ * (Software) available for public use and benefit with the expectation
+ * that others will use, modify and enhance the Software and contribute
+ * those enhancements back to the community. However, since we would
+ * like to make the Software available for broadest use, with as few
+ * restrictions as possible permission is hereby granted, free of
+ * charge, to any person obtaining a copy of this Software to deal in
+ * the Software under the copyrights without restriction, including
+ * without limitation the rights to use, copy, modify, merge, publish,
+ * distribute, sublicense, and/or sell copies of the Software, and to
+ * permit persons to whom the Software is furnished to do so, subject to
+ * the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+ * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+ * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+ * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ *
+ * The name and trademarks of copyright holder(s) may NOT be used in
+ * advertising or publicity pertaining to the Software or any
+ * derivatives without specific, written prior permission.
+ */
+
+#include <config.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <getopt.h>
+#include <signal.h>
+#include <stdarg.h>
+#include <stdlib.h>
+#include <string.h>
+#include "command-line.h"
+#include "daemon.h"
+#include "timeval.h"
+#include "util.h"
+#include "vlog.h"
+
+/* -s, --signal: signal to send. */
+static int sig_nr = SIGTERM;
+
+/* -f, --force: ignore errors. */
+static bool force;
+
+static void cond_error(int err_no, const char *, ...) PRINTF_FORMAT(2, 3);
+
+static void parse_options(int argc, char *argv[]);
+static void usage(void);
+
+int
+main(int argc, char *argv[])
+{
+ bool ok = true;
+ int i;
+
+ set_program_name(argv[0]);
+ time_init();
+ vlog_init();
+ parse_options(argc, argv);
+
+ argc -= optind;
+ argv += optind;
+ if (argc < 1) {
+ if (!force) {
+ ovs_fatal(0, "need at least one non-option argument; "
+ "use --help for usage");
+ }
+ }
+
+ for (i = 0; i < argc; i++) {
+ char *pidfile;
+ pid_t pid;
+
+ pidfile = make_pidfile_name(argv[i]);
+ pid = read_pidfile(pidfile);
+ if (pid >= 0) {
+ if (kill(pid, sig_nr) < 0) {
+ cond_error(errno, "%s: kill(%ld)", pidfile, (long int) pid);
+ }
+ } else {
+ cond_error(-pid, "could not read %s", pidfile);
+ }
+ free(pidfile);
+ }
+
+ return ok || force ? EXIT_SUCCESS : EXIT_FAILURE;
+}
+
+static void
+parse_options(int argc, char *argv[])
+{
+ static struct option long_options[] = {
+ {"signal", required_argument, 0, 's'},
+ {"force", no_argument, 0, 'f'},
+ {"help", no_argument, 0, 'h'},
+ {"version", no_argument, 0, 'V'},
+ {0, 0, 0, 0},
+ };
+ char *short_options = long_options_to_short_options(long_options);
+
+ for (;;) {
+ int c;
+
+ c = getopt_long(argc, argv, short_options, long_options, NULL);
+ if (c == -1) {
+ break;
+ }
+
+ switch (c) {
+ case 's':
+ if (atoi(optarg) || !strcmp(optarg, "0")) {
+ sig_nr = atoi(optarg);
+ } else {
+ struct signal_name {
+ const char *name;
+ int number;
+ };
+
+ static const struct signal_name signals[] = {
+#define SIGNAL(NAME) { #NAME, NAME }
+ SIGNAL(SIGABRT),
+ SIGNAL(SIGALRM),
+ SIGNAL(SIGBUS),
+ SIGNAL(SIGCHLD),
+ SIGNAL(SIGCONT),
+ SIGNAL(SIGFPE),
+ SIGNAL(SIGHUP),
+ SIGNAL(SIGILL),
+ SIGNAL(SIGINT),
+ SIGNAL(SIGKILL),
+ SIGNAL(SIGPIPE),
+ SIGNAL(SIGQUIT),
+ SIGNAL(SIGSEGV),
+ SIGNAL(SIGSTOP),
+ SIGNAL(SIGTERM),
+ SIGNAL(SIGTSTP),
+ SIGNAL(SIGTTIN),
+ SIGNAL(SIGTTOU),
+ SIGNAL(SIGUSR1),
+ SIGNAL(SIGUSR2),
+#ifdef SIGPOLL
+ SIGNAL(SIGPOLL),
+#endif
+ SIGNAL(SIGPROF),
+ SIGNAL(SIGSYS),
+ SIGNAL(SIGTRAP),
+ SIGNAL(SIGURG),
+ SIGNAL(SIGVTALRM),
+ SIGNAL(SIGXCPU),
+ SIGNAL(SIGXFSZ),
+#undef SIGNAL
+ };
+ int i;
+
+ for (i = 0; i < ARRAY_SIZE(signals); i++) {
+ const struct signal_name *s = &signals[i];
+ if (!strcmp(optarg, s->name)
+ || !strcmp(optarg, s->name + 3)) {
+ sig_nr = s->number;
+ goto got_name;
+ }
+ }
+ ovs_fatal(0, "unknown signal \"%s\"", optarg);
+ got_name: ;
+ }
+ break;
+
+ case 'f':
+ force = true;
+ break;
+
+ case 'h':
+ usage();
+
+ case 'V':
+ printf("%s %s compiled "__DATE__" "__TIME__"\n",
+ program_name, VERSION BUILDNR);
+ exit(EXIT_SUCCESS);
+
+ case '?':
+ exit(EXIT_FAILURE);
+
+ default:
+ abort();
+ }
+ }
+ free(short_options);
+}
+
+static void
+usage(void)
+{
+ printf("%s: kills a program using a pidfile\n"
+ "usage: %s [OPTIONS] PIDFILE [PIDFILE...]\n"
+ "where PIDFILE is a pidfile created by an OpenVSwitch daemon.\n"
+ "\nOptions:\n"
+ " -s, --signal=NUMBER|NAME signal to send (default: TERM)\n"
+ " -f, --force ignore errors\n"
+ " -h, --help display this help message\n"
+ " -V, --version display version information\n",
+ program_name, program_name);
+ exit(EXIT_SUCCESS);
+}
+
+static void
+cond_error(int err_no, const char *format, ...)
+{
+ if (!force) {
+ va_list args;
+
+ fprintf(stderr, "%s: ", program_name);
+ va_start(args, format);
+ vfprintf(stderr, format, args);
+ va_end(args);
+ if (err_no != 0)
+ fprintf(stderr, " (%s)", strerror(err_no));
+ putc('\n', stderr);
+ }
+}
--- /dev/null
+#! @PERL@
+
+use strict;
+use warnings;
+
+if (grep($_ eq '--help', @ARGV)) {
+ print <<EOF;
+$0, for parsing leak checker logs
+usage: $0 [BINARY] < LOG
+where LOG is a file produced by an OpenVSwitch program's --check-leaks option
+ and BINARY is the binary that wrote LOG.
+EOF
+ exit 0;
+}
+
+die "$0: zero or one arguments required; use --help for help\n" if @ARGV > 1;
+die "$0: $ARGV[0] does not exist" if @ARGV > 0 && ! -e $ARGV[0];
+
+our ($binary);
+our ($a2l) = search_path("addr2line");
+my ($no_syms) = "symbols will not be translated";
+if (!@ARGV) {
+ print "no binary specified; $no_syms\n";
+} elsif (! -e $ARGV[0]) {
+ print "$ARGV[0] does not exist; $no_syms";
+} elsif (!defined($a2l)) {
+ print "addr2line not found in PATH; $no_syms";
+} else {
+ $binary = $ARGV[0];
+}
+
+our ($objdump) = search_path("objdump");
+print "objdump not found; dynamic library symbols will not be translated\n"
+ if !defined($objdump);
+
+our %blocks;
+our @segments;
+while (<STDIN>) {
+ my $ptr = "((?:0x)?[0-9a-fA-F]+|\\(nil\\))";
+ my $callers = ":((?: $ptr)+)";
+ if (/^malloc\((\d+)\) -> $ptr$callers$/) {
+ allocated($., $2, $1, $3);
+ } elsif (/^claim\($ptr\)$callers$/) {
+ claimed($., $1, $2);
+ } elsif (/realloc\($ptr, (\d+)\) -> $ptr$callers$/) {
+ my ($callers) = $4;
+ freed($., $1, $callers);
+ allocated($., $3, $2, $callers);
+ } elsif (/^free\($ptr\)$callers$/) {
+ freed($., $1, $2);
+ } elsif (/^segment: $ptr-$ptr $ptr [-r][-w][-x][sp] (.*)/) {
+ add_segment(hex($1), hex($2), hex($3), $4);
+ } else {
+ print "stdin:$.: syntax error\n";
+ }
+}
+if (%blocks) {
+ my $n_blocks = scalar(keys(%blocks));
+ my $n_bytes = 0;
+ $n_bytes += $_->{SIZE} foreach values(%blocks);
+ print "$n_bytes bytes in $n_blocks blocks not freed at end of run\n";
+ my %blocks_by_callers;
+ foreach my $block (values(%blocks)) {
+ my ($trimmed_callers) = trim_callers($block->{CALLERS});
+ push (@{$blocks_by_callers{$trimmed_callers}}, $block);
+ }
+ foreach my $callers (sort {@{$b} <=> @{$a}} (values(%blocks_by_callers))) {
+ $n_blocks = scalar(@{$callers});
+ $n_bytes = 0;
+ $n_bytes += $_->{SIZE} foreach @{$callers};
+ print "$n_bytes bytes in these $n_blocks blocks were not freed:\n";
+ my $i = 0;
+ my $max = 5;
+ foreach my $block (sort {$a->{LINE} <=> $b->{LINE}} (@{$callers})) {
+ printf "\t%d-byte block at 0x%08x allocated on stdin:%d\n",
+ $block->{SIZE}, $block->{BASE}, $block->{LINE};
+ last if $i++ > $max;
+ }
+ print "\t...and ", $n_blocks - $max, " others...\n"
+ if $n_blocks > $max;
+ print "The blocks listed above were allocated by:\n";
+ print_callers("\t", ${$callers}[0]->{CALLERS});
+ }
+}
+sub interp_pointer {
+ my ($s_ptr) = @_;
+ return $s_ptr eq '(nil)' ? 0 : hex($s_ptr);
+}
+
+sub allocated {
+ my ($line, $s_base, $size, $callers) = @_;
+ my ($base) = interp_pointer($s_base);
+ return if !$base;
+ my ($info) = {LINE => $line,
+ BASE => $base,
+ SIZE => $size,
+ CALLERS => $callers};
+ if (exists($blocks{$base})) {
+ print "In-use address returned by allocator:\n";
+ print "\tInitial allocation:\n";
+ print_block("\t\t", $blocks{$base});
+ print "\tNew allocation:\n";
+ print_block("\t\t", $info);
+ }
+ $blocks{$base} = $info;
+}
+
+sub claimed {
+ my ($line, $s_base, $callers) = @_;
+ my ($base) = interp_pointer($s_base);
+ return if !$base;
+ if (exists($blocks{$base})) {
+ $blocks{$base}{LINE} = $line;
+ $blocks{$base}{CALLERS} = $callers;
+ } else {
+ printf "Claim asserted on not-in-use block 0x%08x by:\n", $base;
+ print_callers('', $callers);
+ }
+}
+
+sub freed {
+ my ($line, $s_base, $callers) = @_;
+ my ($base) = interp_pointer($s_base);
+ return if !$base;
+
+ if (!delete($blocks{$base})) {
+ printf "Bad free of not-allocated address 0x%08x on stdin:%d by:\n", $base, $line;
+ print_callers('', $callers);
+ }
+}
+
+sub print_block {
+ my ($prefix, $info) = @_;
+ printf '%s%d-byte block at 0x%08x allocated on stdin:%d by:' . "\n",
+ $prefix, $info->{SIZE}, $info->{BASE}, $info->{LINE};
+ print_callers($prefix, $info->{CALLERS});
+}
+
+sub print_callers {
+ my ($prefix, $callers) = @_;
+ foreach my $pc (split(' ', $callers)) {
+ print "$prefix\t", lookup_pc($pc), "\n";
+ }
+}
+
+our (%cache);
+sub lookup_pc {
+ my ($s_pc) = @_;
+ if (defined($binary)) {
+ my ($pc) = hex($s_pc);
+ my ($output) = "$s_pc: ";
+ if (!exists($cache{$pc})) {
+ open(A2L, "$a2l -fe $binary --demangle $s_pc|");
+ chomp(my $function = <A2L>);
+ chomp(my $line = <A2L>);
+ close(A2L);
+ if ($function eq '??') {
+ ($function, $line) = lookup_pc_by_segment($pc);
+ }
+ $line =~ s/^(\.\.\/)*//;
+ $line = "..." . substr($line, -25) if length($line) > 28;
+ $cache{$pc} = "$s_pc: $function ($line)";
+ }
+ return $cache{$pc};
+ } else {
+ return "$s_pc";
+ }
+}
+
+sub trim_callers {
+ my ($in) = @_;
+ my (@out);
+ foreach my $pc (split(' ', $in)) {
+ my $xlated = lookup_pc($pc);
+ if ($xlated =~ /\?\?/) {
+ push(@out, "...") if !@out || $out[$#out] ne '...';
+ } else {
+ push(@out, $pc);
+ }
+ }
+ return join(' ', @out);
+}
+
+sub search_path {
+ my ($target) = @_;
+ for my $dir (split (':', $ENV{PATH})) {
+ my ($file) = "$dir/$target";
+ return $file if -e $file;
+ }
+ return undef;
+}
+
+sub add_segment {
+ my ($vm_start, $vm_end, $vm_pgoff, $file) = @_;
+ for (my $i = 0; $i <= $#segments; $i++) {
+ my ($s) = $segments[$i];
+ next if $vm_end <= $s->{START} || $vm_start >= $s->{END};
+ if ($vm_start <= $s->{START} && $vm_end >= $s->{END}) {
+ splice(@segments, $i, 1);
+ --$i;
+ } else {
+ $s->{START} = $vm_end if $vm_end > $s->{START};
+ $s->{END} = $vm_start if $vm_start <= $s->{END};
+ }
+ }
+ push(@segments, {START => $vm_start,
+ END => $vm_end,
+ PGOFF => $vm_pgoff,
+ FILE => $file});
+ @segments = sort { $a->{START} <=> $b->{START} } @segments;
+}
+
+sub binary_search {
+ my ($array, $value) = @_;
+ my $l = 0;
+ my $r = $#{$array};
+ while ($l <= $r) {
+ my $m = int(($l + $r) / 2);
+ my $e = $array->[$m];
+ if ($value < $e->{START}) {
+ $r = $m - 1;
+ } elsif ($value >= $e->{END}) {
+ $l = $m + 1;
+ } else {
+ return $e;
+ }
+ }
+ return undef;
+}
+
+sub read_sections {
+ my ($file) = @_;
+ my (@sections);
+ open(OBJDUMP, "$objdump -h $file|");
+ while (<OBJDUMP>) {
+ my $ptr = "([0-9a-fA-F]+)";
+ my ($name, $size, $vma, $lma, $file_off)
+ = /^\s*\d+\s+(\S+)\s+$ptr\s+$ptr\s+$ptr\s+$ptr/
+ or next;
+ push(@sections, {START => hex($file_off),
+ END => hex($file_off) + hex($size),
+ NAME => $name});
+ }
+ close(OBJDUMP);
+ return [sort { $a->{START} <=> $b->{START} } @sections ];
+}
+
+our %file_to_sections;
+sub segment_to_section {
+ my ($file, $file_offset) = @_;
+ if (!defined($file_to_sections{$file})) {
+ $file_to_sections{$file} = read_sections($file);
+ }
+ return binary_search($file_to_sections{$file}, $file_offset);
+}
+
+sub address_to_segment {
+ my ($pc) = @_;
+ return binary_search(\@segments, $pc);
+}
+
+sub lookup_pc_by_segment {
+ return ('??', 0) if !defined($objdump);
+
+ my ($pc) = @_;
+ my ($segment) = address_to_segment($pc);
+ return ('??', 0) if !defined($segment) || $segment->{FILE} eq '';
+
+ my ($file_offset) = $pc - $segment->{START} + $segment->{PGOFF};
+ my ($section) = segment_to_section($segment->{FILE}, $file_offset);
+ return ('??', 0) if !defined($section);
+
+ my ($section_offset) = $file_offset - $section->{START};
+ open(A2L, sprintf("%s -fe %s --demangle --section=$section->{NAME} 0x%x|",
+ $a2l, $segment->{FILE}, $section_offset));
+ chomp(my $function = <A2L>);
+ chomp(my $line = <A2L>);
+ close(A2L);
+
+ return ($function, $line);
+}
+
+# Local Variables:
+# mode: perl
+# End:
--- /dev/null
+#! @PERL@
+
+use CGI;
+use Digest::SHA1;
+use Fcntl;
+
+$CGI::POST_MAX = 65536; # Limit POSTs to 64 kB.
+
+use strict;
+use warnings;
+
+my $pkidir = '@PKIDIR@';
+my $q = new CGI;
+
+die unless $q->request_method() eq 'POST';
+
+my $type = $q->param('type');
+die unless defined $type;
+die unless $type eq 'switch' or $type eq 'controller';
+
+my $req = $q->param('req');
+die unless defined $req;
+die unless $req =~ /^-----BEGIN CERTIFICATE REQUEST-----$/m;
+die unless $req =~ /^-----END CERTIFICATE REQUEST-----$/m;
+
+my $digest = Digest::SHA1::sha1_hex($req);
+my $incoming = "$pkidir/${type}ca/incoming";
+my $dst = "$incoming/$digest-req.pem";
+
+sysopen(REQUEST, "$dst.tmp", O_RDWR | O_CREAT | O_EXCL, 0600)
+ or die "sysopen $dst.tmp: $!";
+print REQUEST $req;
+close(REQUEST) or die "close $dst.tmp: $!";
+
+rename("$dst.tmp", $dst) or die "rename $dst.tmp to $dst: $!";
+
+print $q->header('text/html', '204 No response');
+
+# Local Variables:
+# mode: perl
+# End:
--- /dev/null
+.TH ovs\-pki 8 "May 2008" "OpenVSwitch" "OpenVSwitch Manual"
+
+.SH NAME
+ovs\-pki \- OpenFlow public key infrastructure management utility
+
+.SH SYNOPSIS
+\fBovs\-pki\fR [\fIOPTIONS\fR] \fICOMMAND\fR [\fIARGS\fR]
+.sp
+Stand\-alone commands with their arguments:
+.br
+\fBovs\-pki\fR \fBinit\fR
+.br
+\fBovs\-pki\fR \fBreq\fR \fINAME\fR
+.br
+\fBovs\-pki\fR \fBsign\fR \fINAME\fR [\fITYPE\fR]
+.br
+\fBovs\-pki\fR \fBreq+sign\fR \fINAME\fR [\fITYPE\fR]
+.br
+\fBovs\-pki\fR \fBverify\fR \fINAME\fR [\fITYPE\fR]
+.br
+\fBovs\-pki\fR \fBfingerprint\fR \fIFILE\fR
+.br
+\fBovs\-pki\fR \self-sign\fR \fINAME\fR
+.sp
+The following additional commands manage an online PKI:
+.br
+\fBovs\-pki\fR \fBls\fR [\fIPREFIX\fR] [\fITYPE\fR]
+.br
+\fBovs\-pki\fR \fBflush\fR [\fITYPE\fR]
+.br
+\fBovs\-pki\fR \fBreject\fR \fIPREFIX\fR [\fITYPE\fR]
+.br
+\fBovs\-pki\fR \fBapprove\fR \fIPREFIX\fR [\fITYPE\fR]
+.br
+\fBovs\-pki\fR \fBprompt\fR [\fITYPE\fR]
+.br
+\fBovs\-pki\fR \fBexpire\fR [\fIAGE\fR]
+.sp
+Each \fITYPE\fR above is a certificate type, either \fBswitch\fR
+(default) or \fBcontroller\fR.
+.sp
+The available options are:
+.br
+[\fB\-k\fR \fItype\fR | \fB\-\^\-key=\fItype\fR]
+[\fB\-B\fR \fInbits\fR | \fB\-\^\-bits=\fInbits\fR]
+[\fB\-D\fR \fIfile\fR | \fB\-\^\-dsaparam=\fIfile\fR]
+[\fB\-b\fR | \fB\-\^\-batch\fR]
+[\fB\-f\fR | \fB\-\^\-force\fR]
+[\fB\-d\fR \fIdir\fR | \fB\-\^\-dir=\fR\fIdir\fR]
+[\fB\-l\fR \fIfile\fR | \fB\-\^\-log=\fIfile\fR]
+[\fB\-h\fR | \fB\-\^\-help\fR]
+.br
+Some options do not apply to every command.
+
+.SH DESCRIPTION
+The \fBovs\-pki\fR program sets up and manages a public key
+infrastructure for use with OpenFlow. It is intended to be a simple
+interface for organizations that do not have an established public key
+infrastructure. Other PKI tools can substitute for or supplement the
+use of \fBovs\-pki\fR.
+
+\fBovs\-pki\fR uses \fBopenssl\fR(1) for certificate management and key
+generation.
+
+.SH "OFFLINE COMMANDS"
+
+The following \fBovs\-pki\fR commands support manual PKI
+administration:
+
+.TP
+\fBinit\fR
+Initializes a new PKI (by default in directory \fB@PKIDIR@\fR) and populates
+it with a pair of certificate authorities for controllers and
+switches.
+
+This command should ideally be run on a high\-security machine separate
+from any OpenFlow controller or switch, called the CA machine. The
+files \fBpki/controllerca/cacert.pem\fR and
+\fBpki/switchca/cacert.pem\fR that it produces will need to be copied
+over to the OpenFlow switches and controllers, respectively. Their
+contents may safely be made public.
+
+By default, \fBovs\-pki\fR generates 2048\-bit RSA keys. The \fB\-B\fR
+or \fB\-\^\-bits\fR option (see below) may be used to override the key
+length. The \fB\-k dsa\fR or \fB\-\^\-key=dsa\fR option may be used to use
+DSA in place of RSA. If DSA is selected, the \fBdsaparam.pem\fR file
+generated in the new PKI hierarchy must be copied to any machine on
+which the \fBreq\fR command (see below) will be executed. Its
+contents may safely be made public.
+
+Other files generated by \fBinit\fR may remain on the CA machine.
+The files \fBpki/controllerca/private/cakey.pem\fR and
+\fBpki/switchca/private/cakey.pem\fR have particularly sensitive
+contents that should not be exposed.
+
+.TP
+\fBreq\fR \fINAME\fR
+Generates a new private key named \fINAME\fR\fB\-privkey.pem\fR and
+corresponding certificate request named \fINAME\fR\fB\-req.pem\fR.
+The private key can be intended for use by a switch or a controller.
+
+This command should ideally be run on the switch or controller that
+will use the private key to identify itself. The file
+\fINAME\fR\fB\-req.pem\fR must be copied to the CA machine for signing
+with the \fBsign\fR command (below).
+
+This command will output a fingerprint to stdout as its final step.
+Write down the fingerprint and take it to the CA machine before
+continuing with the \fBsign\fR step.
+
+When RSA keys are in use (as is the default), \fBreq\fR, unlike the
+rest of \fBovs\-pki\fR's commands, does not need access to a PKI
+hierarchy created by \fBovs\-pki init\fR. The \fB\-B\fR or
+\fB\-\^\-bits\fR option (see below) may be used to specify the number of
+bits in the generated RSA key.
+
+When DSA keys are used (as specified with \fB\-\^\-key=dsa\fR), \fBreq\fR
+needs access to the \fBdsaparam.pem\fR file created as part of the PKI
+hierarchy (but not to other files in that tree). By default,
+\fBovs\-pki\fR looks for this file in \fB@PKIDIR@/dsaparam.pem\fR, but
+the \fB\-D\fR or \fB\-\^\-dsaparam\fR option (see below) may be used to
+specify an alternate location.
+
+\fINAME\fR\fB\-privkey.pem\fR has sensitive contents that should not be
+exposed. \fINAME\fR\fB\-req.pem\fR may be safely made public.
+
+.TP
+\fBsign\fR \fINAME\fR [\fITYPE\fR]
+Signs the certificate request named \fINAME\fR\fB\-req.pem\fR that was
+produced in the previous step, producing a certificate named
+\fINAME\fR\fB\-cert.pem\fR. \fITYPE\fR, either \fBswitch\fR (default) or
+\fBcontroller\fR, indicates the use for which the key is being
+certified.
+
+This command must be run on the CA machine.
+
+The command will output a fingerprint to stdout and request that you
+verify that it is the same fingerprint output by the \fBreq\fR
+command. This ensures that the request being signed is the same one
+produced by \fBreq\fR. (The \fB\-b\fR or \fB\-\^\-batch\fR option
+suppresses the verification step.)
+
+The file \fINAME\fR\fB\-cert.pem\fR will need to be copied back to the
+switch or controller for which it is intended. Its contents may
+safely be made public.
+
+.TP
+\fBreq+sign\fR \fINAME\fR [\fITYPE\fR]
+Combines the \fBreq\fR and \fBsign\fR commands into a single step,
+outputting all the files produced by each. The
+\fINAME\fR\fB\-privkey.pem\fR and \fINAME\fR\fB\-cert.pem\fR files must
+be copied securely to the switch or controller.
+\fINAME\fR\fB\-privkey.pem\fR has sensitive contents and must not be
+exposed in transit. Afterward, it should be deleted from the CA
+machine.
+
+This combined method is, theoretically, less secure than the
+individual steps performed separately on two different machines,
+because there is additional potential for exposure of the private
+key. However, it is also more convenient.
+
+.TP
+\fBverify\fR \fINAME\fR [\fITYPE\fR]
+Verifies that \fINAME\fR\fB\-cert.pem\fR is a valid certificate for the
+given \fITYPE\fR of use, either \fBswitch\fR (default) or
+\fBcontroller\fR. If the certificate is valid for this use, it prints
+the message ``\fINAME\fR\fB\-cert.pem\fR: OK''; otherwise, it prints an
+error message.
+
+.TP
+\fBfingerprint\fR \fIFILE\fR
+Prints the fingerprint for \fIFILE\fR. If \fIFILE\fR is a
+certificate, then this is the SHA\-1 digest of the DER encoded version
+of the certificate; otherwise, it is the SHA\-1 digest of the entire
+file.
+
+.TP
+\fBself-sign\fR \fINAME\fR
+Signs the certificate request named \fINAME\fB\-req.pem\fR using the
+private key \fINAME\fB-privkey.pem\fR, producing a self-signed
+certificate named \fINAMEfB\-cert.pem\fR. The input files should have
+been produced with \fBovs\-pki req\fR.
+
+Some controllers accept such self-signed certificates.
+
+.SH "ONLINE COMMANDS"
+
+An OpenFlow PKI can be administered online, in conjunction with
+.BR ovs\-pki\-cgi (8)
+and a web server such as Apache:
+
+.IP \(bu
+The web server exports the contents of the PKI via HTTP. All files in
+a PKI hierarchy files may be made public, except for the files
+\fBpki/controllerca/private/cakey.pem\fR and
+\fBpki/switchca/private/cakey.pem\fR, which must not be exposed.
+
+.IP \(bu
+\fBovs\-pki\-cgi\fR allows newly generated certificate requests for
+controllers and switches to be uploaded into the
+\fBpki/controllerca/incoming\fR and \fBpki/switchca/incoming\fR
+directories, respectively. Uploaded certificate requests are stored
+in those directories under names of the form
+\fIFINGERPRINT\fB\-req.pem\fR, which \fIFINGERPRINT\fR is the SHA\-1
+hash of the file.
+
+.IP \(bu
+These \fBovs\-pki\fR commands allow incoming certificate requests to
+be approved or rejected, in a form are suitable for use by humans or
+other software.
+
+.PP
+The following \fBovs\-pki\fR commands support online administration:
+
+.TP
+\fBovs\-pki\fR \fBls\fR [\fIPREFIX\fR] [\fITYPE\fR]
+Lists all of the incoming certificate requests of the given \fITYPE\fR
+(either \fBswitch\fR, the default, or \fBcontroller\fR). If
+\fIPREFIX\fR, which must be at least 4 characters long, is specified,
+it causes the list to be limited to files whose names begin with
+\fIPREFIX\fR. This is useful, for example, to avoid typing in an
+entire fingerprint when checking that a specific certificate request
+has been received.
+
+.TP
+\fBovs\-pki\fR \fBflush\fR [\fITYPE\fR]
+Deletes all certificate requests of the given \fITYPE\fR.
+
+.TP
+\fBovs\-pki\fR \fBreject\fR \fIPREFIX\fR [\fITYPE\fR]
+Rejects the certificate request whose name begins with \fIPREFIX\fR,
+which must be at least 4 characters long, of the given type (either
+\fBswitch\fR, the default, or \fBcontroller\fR). \fIPREFIX\fR must
+match exactly one certificate request; its purpose is to allow the
+user to type fewer characters, not to match multiple certificate
+requests.
+
+.TP
+\fBovs\-pki\fR \fBapprove\fR \fIPREFIX\fR [\fITYPE\fR]
+Approves the certificate request whose name begins with \fIPREFIX\fR,
+which must be at least 4 characters long, of the given \fITYPE\fR
+(either \fBswitch\fR, the default, or \fBcontroller\fR). \fIPREFIX\fR
+must match exactly one certificate request; its purpose is to allow
+the user to type fewer characters, not to match multiple certificate
+requests.
+
+The command will output a fingerprint to stdout and request that you
+verify that it is correct. (The \fB\-b\fR or \fB\-\^\-batch\fR option
+suppresses the verification step.)
+
+.TP
+\fBovs\-pki\fR \fBprompt\fR [\fITYPE\fR]
+Prompts the user for each incoming certificate request of the given
+\fITYPE\fR (either \fBswitch\fR, the default, or \fBcontroller\fR).
+Based on the certificate request's fingerprint, the user is given the
+option of approving, rejecting, or skipping the certificate request.
+
+.TP
+\fBovs\-pki\fR \fBexpire\fR [\fIAGE\fR]
+
+Rejects all the incoming certificate requests, of either type, that is
+older than \fIAGE\fR, which must in one of the forms \fIN\fBs\fR,
+\fIN\fBmin\fR, \fIN\fBh\fR, \fIN\fBday\fR. The default is \fB1day\fR.
+
+.SH OPTIONS
+.TP
+\fB\-k\fR \fItype\fR | \fB\-\^\-key=\fItype\fR
+For the \fBinit\fR command, sets the public key algorithm to use for
+the new PKI hierarchy. For the \fBreq\fR and \fBreq+sign\fR commands,
+sets the public key algorithm to use for the key to be generated,
+which must match the value specified on \fBinit\fR. With other
+commands, the value has no effect.
+
+The \fItype\fR may be \fBrsa\fR (the default) or \fBdsa\fR.
+
+.TP
+\fB\-B\fR \fInbits\fR | \fB\-\^\-bits=\fInbits\fR
+Sets the number of bits in the key to be generated. When RSA keys are
+in use, this option affects only the \fBinit\fR, \fBreq\fR, and
+\fBreq+sign\fR commands, and the same value should be given each time.
+With DSA keys are in use, this option affects only the \fBinit\fR
+command.
+
+The value must be at least 1024. The default is 2048.
+
+.TP
+\fB\-D\fR \fIfile\fR | \fB\-\^\-dsaparam=\fIfile\fR
+Specifies an alternate location for the \fBdsaparam.pem\fR file
+required by the \fBreq\fR and \fBreq+sign\fR commands. This option
+affects only these commands, and only when DSA keys are used.
+
+The default is \fBdsaparam.pem\fR under the PKI hierarchy.
+
+.TP
+\fB\-b\fR | \fB\-\^\-batch\fR
+Suppresses the interactive verification of fingerprints that the
+\fBsign\fR and \fBapprove\fR commands by default require.
+
+.TP
+\fB\-d\fR \fIdir\fR | \fB\-\^\-dir=\fR\fIdir\fR
+Specifies the location of the PKI hierarchy to be used or created by
+the command (default: \fB@PKIDIR@\fR). All commands, except \fBreq\fR,
+need access to a PKI hierarchy.
+
+.TP
+\fB\-f\fR | \fB\-\^\-force\fR
+By default, \fBovs\-pki\fR will not overwrite existing files or
+directories. This option overrides this behavior.
+
+.TP
+\fB\-l\fR \fIfile\fR | \fB\-\^\-log=\fIfile\fR
+Sets the log file to \fIfile\fR. Default:
+\fB@LOGDIR@/ovs\-pki.log\fR.
+
+.TP
+\fB\-h\fR | \fB\-\^\-help\fR
+Prints a help usage message and exits.
+
+.SH "SEE ALSO"
+
+.BR controller (8),
+.BR dpctl (8),
+.BR ovs\-pki\-cgi (8),
+.BR secchan (8),
+.BR udatapath (8)
--- /dev/null
+#! /bin/sh
+
+set -e
+
+pkidir='@PKIDIR@'
+command=
+prev=
+force=no
+batch=no
+log='@LOGDIR@/ovs-pki.log'
+keytype=rsa
+bits=2048
+for option; do
+ # This option-parsing mechanism borrowed from a Autoconf-generated
+ # configure script under the following license:
+
+ # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001,
+ # 2002, 2003, 2004, 2005, 2006, 2009 Free Software Foundation, Inc.
+ # This configure script is free software; the Free Software Foundation
+ # gives unlimited permission to copy, distribute and modify it.
+
+ # If the previous option needs an argument, assign it.
+ if test -n "$prev"; then
+ eval $prev=\$option
+ prev=
+ continue
+ fi
+ case $option in
+ *=*) optarg=`expr "X$option" : '[^=]*=\(.*\)'` ;;
+ *) optarg=yes ;;
+ esac
+
+ case $dashdash$option in
+ --)
+ dashdash=yes ;;
+ -h|--help)
+ cat <<EOF
+ovs-pki, for managing a simple OpenFlow public key infrastructure
+usage: $0 [OPTION...] COMMAND [ARG...]
+
+The valid stand-alone commands and their arguments are:
+ init Initialize the PKI
+ req NAME Create new private key and certificate request
+ named NAME-privkey.pem and NAME-req.pem, resp.
+ sign NAME [TYPE] Sign switch certificate request NAME-req.pem,
+ producing certificate NAME-cert.pem
+ req+sign NAME [TYPE] Combine the above two steps, producing all three files.
+ verify NAME [TYPE] Checks that NAME-cert.pem is a valid TYPE certificate
+ fingerprint FILE Prints the fingerprint for FILE
+ self-sign NAME Sign NAME-req.pem with NAME-privkey.pem,
+ producing self-signed certificate NAME-cert.pem
+
+The following additional commands manage an online PKI:
+ ls [PREFIX] [TYPE] Lists incoming requests of the given TYPE, optionally
+ limited to those whose fingerprint begins with PREFIX
+ flush [TYPE] Rejects all incoming requests of the given TYPE
+ reject PREFIX [TYPE] Rejects the incoming request(s) whose fingerprint begins
+ with PREFIX and has the given TYPE
+ approve PREFIX [TYPE] Approves the incoming request whose fingerprint begins
+ with PREFIX and has the given TYPE
+ expire [AGE] Rejects all incoming requests older than AGE, in
+ one of the forms Ns, Nmin, Nh, Nday (default: 1day)
+ prompt [TYPE] Interactively prompts to accept or reject each incoming
+ request of the given TYPE
+
+Each TYPE above is a certificate type: 'switch' (default) or 'controller'.
+
+Options for 'init', 'req', and 'req+sign' only:
+ -k, --key=rsa|dsa Type of keys to use (default: rsa)
+ -B, --bits=NBITS Number of bits in keys (default: 2048). For DSA keys,
+ this has an effect only on 'init'.
+ -D, --dsaparam=FILE File with DSA parameters (DSA only)
+ (default: dsaparam.pem within PKI directory)
+Options for use with the 'sign' and 'approve' commands:
+ -b, --batch Skip fingerprint verification
+Options that apply to any command:
+ -d, --dir=DIR Directory where the PKI is located
+ (default: $pkidir)
+ -f, --force Continue even if file or directory already exists
+ -l, --log=FILE Log openssl output to FILE (default: ovs-log.log)
+ -h, --help Print this usage message.
+EOF
+ exit 0
+ ;;
+ --di*=*)
+ pkidir=$optarg
+ ;;
+ --di*|-d)
+ prev=pkidir
+ ;;
+ --k*=*)
+ keytype=$optarg
+ ;;
+ --k*|-k)
+ prev=keytype
+ ;;
+ --bi*=*)
+ bits=$optarg
+ ;;
+ --bi*|-B)
+ prev=bits
+ ;;
+ --ds*=*)
+ dsaparam=$optarg
+ ;;
+ --ds*|-D)
+ prev=dsaparam
+ ;;
+ --l*=*)
+ log=$optarg
+ ;;
+ --l*|-l)
+ prev=log
+ ;;
+ --force|-f)
+ force=yes
+ ;;
+ --ba*|-b)
+ batch=yes
+ ;;
+ -*)
+ echo "unrecognized option $option" >&2
+ exit 1
+ ;;
+ *)
+ if test -z "$command"; then
+ command=$option
+ elif test -z "${arg1+set}"; then
+ arg1=$option
+ elif test -z "${arg2+set}"; then
+ arg2=$option
+ else
+ echo "$option: only two arguments may be specified" >&2
+ exit 1
+ fi
+ ;;
+ esac
+ shift
+done
+if test -n "$prev"; then
+ option=--`echo $prev | sed 's/_/-/g'`
+ { echo "$as_me: error: missing argument to $option" >&2
+ { (exit 1); exit 1; }; }
+fi
+if test -z "$command"; then
+ echo "$0: missing command name; use --help for help" >&2
+ exit 1
+fi
+if test "$keytype" != rsa && test "$keytype" != dsa; then
+ echo "$0: argument to -k or --key must be rsa or dsa"
+ exit 1
+fi
+if test "$bits" -lt 1024; then
+ echo "$0: argument to -B or --bits must be at least 1024"
+ exit 1
+fi
+if test -z "$dsaparam"; then
+ dsaparam=$pkidir/dsaparam.pem
+fi
+case $log in
+ /*) ;;
+ *) $log="$PWD/$log" ;;
+esac
+
+if test "$command" = "init"; then
+ if test -e "$pkidir" && test "$force" != "yes"; then
+ echo "$0: $pkidir already exists and --force not specified" >&2
+ exit 1
+ fi
+
+ if test ! -d "$pkidir"; then
+ mkdir -p "$pkidir"
+ fi
+ cd "$pkidir"
+ exec 3>>$log
+
+ if test $keytype = dsa && test ! -e dsaparam.pem; then
+ echo "Generating DSA parameters, please wait..." >&2
+ openssl dsaparam -out dsaparam.pem $bits 1>&3 2>&3
+ fi
+
+ # Create the CAs.
+ for ca in controllerca switchca; do
+ echo "Creating $ca..." >&2
+ oldpwd=$PWD
+ mkdir -p $ca
+ cd $ca
+
+ mkdir -p certs crl newcerts
+ mkdir -p -m 0700 private
+ mkdir -p -m 0733 incoming
+ touch index.txt
+ test -e crlnumber || echo 01 > crlnumber
+ test -e serial || echo 01 > serial
+
+ # Put DSA parameters in directory.
+ if test $keytype = dsa && test ! -e dsaparam.pem; then
+ cp ../dsaparam.pem .
+ fi
+
+ # Write CA configuration file.
+ if test ! -e ca.cnf; then
+ sed "s/@ca@/$ca/g" > ca.cnf <<'EOF'
+[ req ]
+prompt = no
+distinguished_name = req_distinguished_name
+
+[ req_distinguished_name ]
+C = US
+ST = CA
+L = Palo Alto
+O = OpenVSwitch
+OU = @ca@
+CN = OpenVSwitch @ca@ CA Certificate
+
+[ ca ]
+default_ca = the_ca
+
+[ the_ca ]
+dir = . # top dir
+database = $dir/index.txt # index file.
+new_certs_dir = $dir/newcerts # new certs dir
+certificate = $dir/cacert.pem # The CA cert
+serial = $dir/serial # serial no file
+private_key = $dir/private/cakey.pem# CA private key
+RANDFILE = $dir/private/.rand # random number file
+default_days = 365 # how long to certify for
+default_crl_days= 30 # how long before next CRL
+default_md = md5 # md to use
+policy = policy # default policy
+email_in_dn = no # Don't add the email into cert DN
+name_opt = ca_default # Subject name display option
+cert_opt = ca_default # Certificate display option
+copy_extensions = none # Don't copy extensions from request
+
+# For the CA policy
+[ policy ]
+countryName = optional
+stateOrProvinceName = optional
+organizationName = match
+organizationalUnitName = optional
+commonName = supplied
+emailAddress = optional
+EOF
+ fi
+
+ # Create certificate authority.
+ if test $keytype = dsa; then
+ newkey=dsa:dsaparam.pem
+ else
+ newkey=rsa:$bits
+ fi
+ openssl req -config ca.cnf -nodes \
+ -newkey $newkey -keyout private/cakey.pem -out careq.pem \
+ 1>&3 2>&3
+ openssl ca -config ca.cnf -create_serial -out cacert.pem \
+ -days 1095 -batch -keyfile private/cakey.pem -selfsign \
+ -infiles careq.pem 1>&3 2>&3
+ chmod 0700 private/cakey.pem
+
+ cd "$oldpwd"
+ done
+ exit 0
+fi
+
+one_arg() {
+ if test -z "$arg1" || test -n "$arg2"; then
+ echo "$0: $command must have exactly one argument; use --help for help" >&2
+ exit 1
+ fi
+}
+
+zero_or_one_args() {
+ if test -n "$arg2"; then
+ echo "$0: $command must have zero or one arguments; use --help for help" >&2
+ exit 1
+ fi
+}
+
+one_or_two_args() {
+ if test -z "$arg1"; then
+ echo "$0: $command must have one or two arguments; use --help for help" >&2
+ exit 1
+ fi
+}
+
+must_not_exist() {
+ if test -e "$1" && test "$force" != "yes"; then
+ echo "$0: $1 already exists and --force not supplied" >&2
+ exit 1
+ fi
+}
+
+resolve_prefix() {
+ test -n "$type" || exit 123 # Forgot to call check_type?
+
+ case $1 in
+ ????*)
+ ;;
+ *)
+ echo "Prefix $arg1 is too short (less than 4 hex digits)"
+ exit 0
+ ;;
+ esac
+
+ fingerprint=$(cd "$pkidir/${type}ca/incoming" && echo "$1"*-req.pem
+ | sed 's/-req\.pem$//')
+ case $fingerprint in
+ "${1}*")
+ echo "No certificate requests matching $1"
+ exit 1
+ ;;
+ *" "*)
+ echo "$1 matches more than one certificate request:"
+ echo $fingerprint | sed 's/ /\
+/g'
+ exit 1
+ ;;
+ *)
+ # Nothing to do.
+ ;;
+ esac
+ req="$pkidir/${type}ca/incoming/$fingerprint-req.pem"
+ cert="$pkidir/${type}ca/certs/$fingerprint-cert.pem"
+}
+
+make_tmpdir() {
+ TMP=/tmp/ovs-pki.tmp$$
+ rm -rf $TMP
+ trap "rm -rf $TMP" 0
+ mkdir -m 0700 $TMP
+}
+
+fingerprint() {
+ local file=$1
+ local name=${1-$2}
+ local date=$(date -r $file)
+ local fingerprint
+ if grep -q -e '-BEGIN CERTIFICATE-' "$file"; then
+ fingerprint=$(openssl x509 -noout -in "$file" -fingerprint |
+ sed 's/SHA1 Fingerprint=//' | tr -d ':')
+ else
+ fingerprint=$(sha1sum "$file" | awk '{print $1}')
+ fi
+ printf "$name\\t$date\\n"
+ case $file in
+ $fingerprint*)
+ printf "\\t(correct fingerprint in filename)\\n"
+ ;;
+ *)
+ printf "\\tfingerprint $fingerprint\\n"
+ ;;
+ esac
+}
+
+verify_fingerprint() {
+ fingerprint "$@"
+ if test $batch != yes; then
+ echo "Does fingerprint match? (yes/no)"
+ read answer
+ if test "$answer" != yes; then
+ echo "Match failure, aborting" >&2
+ exit 1
+ fi
+ fi
+}
+
+check_type() {
+ if test x = x"$1"; then
+ type=switch
+ elif test "$1" = switch || test "$1" = controller; then
+ type=$1
+ else
+ echo "$0: type argument must be 'switch' or 'controller'" >&2
+ exit 1
+ fi
+}
+
+parse_age() {
+ number=$(echo $1 | sed 's/^\([0-9]\+\)\([[:alpha:]]\+\)/\1/')
+ unit=$(echo $1 | sed 's/^\([0-9]\+\)\([[:alpha:]]\+\)/\2/')
+ case $unit in
+ s)
+ factor=1
+ ;;
+ min)
+ factor=60
+ ;;
+ h)
+ factor=3600
+ ;;
+ day)
+ factor=86400
+ ;;
+ *)
+ echo "$1: age not in the form Ns, Nmin, Nh, Nday (e.g. 1day)" >&2
+ exit 1
+ ;;
+ esac
+ echo $(($number * $factor))
+}
+
+must_exist() {
+ if test ! -e "$1"; then
+ echo "$0: $1 does not exist" >&2
+ exit 1
+ fi
+}
+
+pkidir_must_exist() {
+ if test ! -e "$pkidir"; then
+ echo "$0: $pkidir does not exist (need to run 'init' or use '--dir'?)" >&2
+ exit 1
+ elif test ! -d "$pkidir"; then
+ echo "$0: $pkidir is not a directory" >&2
+ exit 1
+ fi
+}
+
+make_request() {
+ must_not_exist "$arg1-privkey.pem"
+ must_not_exist "$arg1-req.pem"
+ make_tmpdir
+ cat > "$TMP/req.cnf" <<EOF
+[ req ]
+prompt = no
+distinguished_name = req_distinguished_name
+
+[ req_distinguished_name ]
+C = US
+ST = CA
+L = Palo Alto
+O = OpenVSwitch
+OU = OpenVSwitch certifier
+CN = OpenVSwitch certificate for $arg1
+EOF
+ if test $keytype = rsa; then
+ newkey=rsa:$bits
+ else
+ must_exist "$dsaparam"
+ newkey=dsa:$dsaparam
+ fi
+ openssl req -config "$TMP/req.cnf" -text -nodes \
+ -newkey $newkey -keyout "$1-privkey.pem" -out "$1-req.pem" 1>&3 2>&3
+}
+
+sign_request() {
+ must_exist "$1"
+ must_not_exist "$2"
+ pkidir_must_exist
+
+ (cd "$pkidir/${type}ca" &&
+ openssl ca -config ca.cnf -batch -in /dev/stdin) \
+ < "$1" > "$2.tmp$$" 2>&3
+ mv "$2.tmp$$" "$2"
+}
+
+glob() {
+ local files=$(echo $1)
+ if test "$files" != "$1"; then
+ echo "$files"
+ fi
+}
+
+exec 3>>$log || true
+if test "$command" = req; then
+ one_arg
+
+ make_request "$arg1"
+ fingerprint "$arg1-req.pem"
+elif test "$command" = sign; then
+ one_or_two_args
+ check_type "$arg2"
+ verify_fingerprint "$arg1-req.pem"
+
+ sign_request "$arg1-req.pem" "$arg2-cert.pem"
+elif test "$command" = req+sign; then
+ one_or_two_args
+ check_type "$arg2"
+
+ pkidir_must_exist
+ make_request "$arg1"
+ sign_request "$arg1-req.pem" "$arg1-cert.pem"
+ fingerprint "$arg1-req.pem"
+elif test "$command" = verify; then
+ one_or_two_args
+ must_exist "$arg1-cert.pem"
+ check_type "$arg2"
+
+ pkidir_must_exist
+ openssl verify -CAfile "$pkidir/${type}ca/cacert.pem" "$arg1-cert.pem"
+elif test "$command" = fingerprint; then
+ one_arg
+
+ fingerprint "$arg1"
+elif test "$command" = self-sign; then
+ one_arg
+ must_exist "$arg1-req.pem"
+ must_exist "$arg1-privkey.pem"
+ must_not_exist "$arg1-cert.pem"
+
+ openssl x509 -in "$arg1-req.pem" -out "$arg1-cert.pem" \
+ -signkey "$arg1-privkey.pem" -req -text 2>&3
+elif test "$command" = ls; then
+ check_type "$arg2"
+
+ cd "$pkidir/${type}ca/incoming"
+ for file in $(glob "$arg1*-req.pem"); do
+ fingerprint $file
+ done
+elif test "$command" = flush; then
+ check_type "$arg1"
+
+ rm -f "$pkidir/${type}ca/incoming/"*
+elif test "$command" = reject; then
+ one_or_two_args
+ check_type "$arg2"
+ resolve_prefix "$arg1"
+
+ rm -f "$req"
+elif test "$command" = approve; then
+ one_or_two_args
+ check_type "$arg2"
+ resolve_prefix "$arg1"
+
+ make_tmpdir
+ cp "$req" "$TMP/$req"
+ verify_fingerprint "$TMP/$req"
+ sign_request "$TMP/$req"
+ rm -f "$req" "$TMP/$req"
+elif test "$command" = prompt; then
+ zero_or_one_args
+ check_type "$arg1"
+
+ make_tmpdir
+ cd "$pkidir/${type}ca/incoming"
+ for req in $(glob "*-req.pem"); do
+ cp "$req" "$TMP/$req"
+
+ cert=$(echo "$pkidir/${type}ca/certs/$req" |
+ sed 's/-req.pem/-cert.pem/')
+ if test -f $cert; then
+ echo "Request $req already approved--dropping duplicate request"
+ rm -f "$req" "$TMP/$req"
+ continue
+ fi
+
+ echo
+ echo
+ fingerprint "$TMP/$req" "$req"
+ printf "Disposition for this request (skip/approve/reject)? "
+ read answer
+ case $answer in
+ approve)
+ echo "Approving $req"
+ sign_request "$TMP/$req" "$cert"
+ rm -f "$req" "$TMP/$req"
+ ;;
+ r*)
+ echo "Rejecting $req"
+ rm -f "$req" "$TMP/$req"
+ ;;
+ *)
+ echo "Skipping $req"
+ ;;
+ esac
+ done
+elif test "$command" = expire; then
+ zero_or_one_args
+ cutoff=$(($(date +%s) - $(parse_age ${arg1-1day})))
+ for type in switch controller; do
+ cd "$pkidir/${type}ca/incoming" || exit 1
+ for file in $(glob "*"); do
+ time=$(date -r "$file" +%s)
+ if test "$time" -lt "$cutoff"; then
+ rm -f "$file"
+ fi
+ done
+ done
+else
+ echo "$0: $command command unknown; use --help for help" >&2
+ exit 1
+fi
. ns
. IP "\\$1"
..
-.TH vlogconf 8 "April 2009" "OpenFlow" "OpenFlow Manual"
+.TH vlogconf 8 "April 2009" "OpenVSwitch" "OpenVSwitch Manual"
.ds PN vlogconf
.SH NAME
-vlogconf \- configuration utility for OpenFlow logging in userspace
+vlogconf \- configuration utility for OpenVSwitch logging in userspace
.SH SYNOPSIS
\fBvlogconf\fR [\fB-h\fR | \fB--help\fR] [\fItarget\fR...] [\fIaction\fR...]
.SH DESCRIPTION
The \fBvlogconf\fR program configures the logging system used by
-OpenFlow userspace programs. The logging configuration may be modified
-while OpenFlow programs are running.
+OpenVSwitch userspace programs. The logging configuration may be modified
+while OpenVSwitch programs are running.
\fBvlogconf\fR applies one or more actions to each of one or more
target processes. Targets may be specified using:
break;
}
if (!strchr("th", option) && n_clients == 0) {
- ofp_fatal(0, "no targets specified (use --help for help)");
+ ovs_fatal(0, "no targets specified (use --help for help)");
} else {
++n_actions;
}
vswitchd/xenserver.h
vswitchd_vswitchd_LDADD = \
secchan/libsecchan.a \
- lib/libopenflow.a \
+ lib/libopenvswitch.a \
$(FAULT_LIBS) \
$(SSL_LIBS)
vswitchd/brcompatd.c
vswitchd_brcompatd_LDADD = \
- lib/libopenflow.a \
+ lib/libopenvswitch.a \
$(FAULT_LIBS)
EXTRA_DIST += vswitchd/vswitchd.conf.5.in \
-.TH brcompatd 8 "March 2009" "OpenFlow" "OpenFlow Manual"
+.TH brcompatd 8 "March 2009" "OpenVSwitch" "OpenVSwitch Manual"
.ds PN brcompatd
.
.SH NAME
.BR vswitchd (8),
.BR vswitchd.conf (5),
.BR vlogconf (8),
-\fBINSTALL\fR in the OpenFlow distribution.
+\fBINSTALL\fR in the OpenVSwitch distribution.
#include <fcntl.h>
#include <unistd.h>
-#include "openflow/brcompat-netlink.h"
#include "cfg.h"
#include "command-line.h"
#include "daemon.h"
#include "netdev.h"
#include "netlink.h"
#include "ofpbuf.h"
+#include "openvswitch/brcompat-netlink.h"
#include "poll-loop.h"
#include "process.h"
#include "signals.h"
retval = unixctl_server_create(NULL, &unixctl);
if (retval) {
- ofp_fatal(retval, "could not listen for vlog connections");
+ ovs_fatal(retval, "could not listen for vlog connections");
}
if (brc_open(&brc_sock)) {
- ofp_fatal(0, "could not open brcompat socket. Check "
+ ovs_fatal(0, "could not open brcompat socket. Check "
"\"brcompat\" kernel module.");
}
if (prune_timeout) {
if (nl_sock_create(NETLINK_ROUTE, RTNLGRP_LINK, 0, 0, &rtnl_sock)) {
- ofp_fatal(0, "could not create rtnetlink socket");
+ ovs_fatal(0, "could not create rtnetlink socket");
}
}
argv += optind;
if (argc != 1) {
- ofp_fatal(0, "config file is only non-option argument; "
+ ovs_fatal(0, "config file is only non-option argument; "
"use --help for usage");
}
config_file = argv[0];
error = cfg_set_file(config_file);
if (error) {
- ofp_fatal(error, "failed to add configuration file \"%s\"",
+ ovs_fatal(error, "failed to add configuration file \"%s\"",
config_file);
}
}
#include <inttypes.h>
#include <net/if.h>
#include <openflow/openflow.h>
-#include <openflow/openflow-netlink.h>
#include <signal.h>
#include <stdlib.h>
#include <strings.h>
error = ofproto_create(name, &bridge_ofhooks, br, &br->ofproto);
if (error) {
- VLOG_ERR("failed to create OpenFlow switch %s: %s",
- name, strerror(error));
+ VLOG_ERR("failed to create switch %s: %s", name, strerror(error));
dpif_delete(&br->dpif);
dpif_close(&br->dpif);
free(br);
cfg_get_all_strings(&listeners, "bridge.%s.openflow.listeners", br->name);
if (!listeners.n) {
svec_add_nocopy(&listeners, xasprintf("punix:%s/%s.mgmt",
- ofp_rundir, br->name));
+ ovs_rundir, br->name));
} else if (listeners.n == 1 && !strcmp(listeners.names[0], "none")) {
svec_clear(&listeners);
}
cfg_get_all_strings(&snoops, "bridge.%s.openflow.snoops", br->name);
if (!snoops.n) {
svec_add_nocopy(&snoops, xasprintf("punix:%s/%s.snoop",
- ofp_rundir, br->name));
+ ovs_rundir, br->name));
} else if (snoops.n == 1 && !strcmp(snoops.names[0], "none")) {
svec_clear(&snoops);
}
/* Moves all the dsts with vlan == 'vlan' to the front of the 'n_dsts' in
* 'dsts'. (This may help performance by reducing the number of VLAN changes
- * that we push over OpenFlow. We could in fact fully sort the array by vlan,
- * but in most cases there are at most two different vlan tags so that's
+ * that we push to the datapath. We could in fact fully sort the array by
+ * vlan, but in most cases there are at most two different vlan tags so that's
* possibly overkill.) */
static void
partition_dsts(struct dst *dsts, size_t n_dsts, int vlan)
}
function insert_modules_if_required {
- if ! lsmod | grep -q "openflow_mod"; then
- action "Inserting openflow module" insmod $VSWITCH_BASE/kernel_modules/openflow_mod.ko
+ if ! lsmod | grep -q "openvswitch_mod"; then
+ action "Inserting openvswitch module" insmod $VSWITCH_BASE/kernel_modules/openvswitch_mod.ko
fi
if [ -n "$BRCOMPATD_PIDFILE" ] && ! lsmod | grep -q "brcompat_mod"; then
action "Inserting brcompat module" insmod $VSWITCH_BASE/kernel_modules/brcompat_mod.ko
if lsmod | grep -q "brcompat_mod"; then
action "Removing brcompat module" rmmod brcompat_mod.ko
fi
- if lsmod | grep -q "openflow_mod"; then
- action "Removing openflow module" rmmod openflow_mod.ko
+ if lsmod | grep -q "openvswitch_mod"; then
+ action "Removing openvswitch module" rmmod openvswitch_mod.ko
fi
}
### Configuration options for vswitch
# VSWITCH_BASE: Root directory where vswitch binaries are installed
-# VSWITCH_BASE=/root/vswitch/openflow/build
+# VSWITCH_BASE=/root/vswitch/openvswitch/build
# ENABLE_BRCOMPAT: If 'y' than emulate linux bridging interfaces
# using the brcompat kernel module and brcompatd daemon
#include "netlink-protocol.h"
#include "netlink.h"
#include "ofpbuf.h"
-#include "openflow/brcompat-netlink.h"
+#include "openvswitch/brcompat-netlink.h"
#include "hmap.h"
#include "shash.h"
#include "svec.h"
-.TH vswitchd 8 "March 2009" "OpenFlow" "OpenFlow Manual"
+.TH vswitchd 8 "March 2009" "OpenVSwitch" "OpenVSwitch Manual"
.ds PN vswitchd
.
.SH NAME
-vswitchd \- OpenFlow-based virtual switch daemon
+vswitchd \- virtual switch daemon
.
.SH SYNOPSIS
.B vswitchd
\fIconfig\fR
.
.SH DESCRIPTION
-A daemon that manages and controls any number of OpenFlow-based
-virtual switches on the local machine.
+A daemon that manages and controls any number of virtual switches on
+the local machine.
.PP
The mandatory \fIconfig\fR argument specifies a configuration file.
For a description of \fBvswitchd\fR configuration syntax, see
\fBvswitchd.conf\fR(5).
.PP
At startup or upon receipt of a \fBSIGHUP\fR signal, \fBvswitchd\fR
-reads the configuration file. It sets up OpenFlow datapaths and then
+reads the configuration file. It sets up OpenVSwitch datapaths and then
operates switching across each bridge described in its configuration
files. If a logfile was specified on the command line it will also
be opened or reopened.
.PP
Only a single instance of \fBvswitchd\fR is intended to run at a time.
A single \fBvswitchd\fR can manage any number of virtual switches, up
-to the maximum number of datapaths supported by the OpenFlow
-implementation.
+to the maximum number of supported OpenVSwitch datapaths.
.PP
-\fBvswitchd\fR does all the necessary management of OpenFlow datapaths
+\fBvswitchd\fR does all the necessary management of OpenVSwitch datapaths
itself. Thus, external tools, such \fBdpctl\fR(8), are not needed for
managing datapaths in conjunction with \fBvswitchd\fR, and their use
to modify datapaths when \fBvswitchd\fR is running can interfere with
its operation. (\fBdpctl\fR may still be useful for diagnostics.)
.PP
-An OpenFlow datapath kernel module must be loaded for \fBvswitchd\fR
+An OpenVSwitch datapath kernel module must be loaded for \fBvswitchd\fR
to be useful. Please refer to the \fBINSTALL\fR file included in the
-OpenFlow source distribution for instructions on how to build and load
-the OpenFlow kernel module.
+OpenVSwitch distribution for instructions on how to build and load
+the OpenVSwitch kernel module.
.PP
.SH OPTIONS
.IP "\fB--fake-proc-net\fR"
.
.SH "BUGS"
.
-Only OpenFlow kernel-based datapaths are currently supported. In the
+Only OpenVSwitch kernel-based datapaths are currently supported. In the
future, this restriction may be lifted.
.PP
Only Linux 2.6.\fIx\fR is currently supported.
.BR vswitchd.conf (5),
.BR brcompatd (8),
.BR vlogconf (8),
-\fBINSTALL\fR in the OpenFlow distribution.
+\fBINSTALL\fR in the OpenVSwitch distribution.
retval = unixctl_server_create(NULL, &unixctl);
if (retval) {
- ofp_fatal(retval, "could not listen for control connections");
+ ovs_fatal(retval, "could not listen for control connections");
}
unixctl_command_register("vswitchd/reload", reload);
case OPT_FAKE_PROC_NET:
error = proc_net_compat_init();
if (error) {
- ofp_fatal(error, "failed to initialize /proc/net "
+ ovs_fatal(error, "failed to initialize /proc/net "
"compatibility");
}
break;
argv += optind;
if (argc != 1) {
- ofp_fatal(0, "config file is only non-option argument; "
+ ovs_fatal(0, "config file is only non-option argument; "
"use --help for usage");
}
config_file = argv[0];
error = cfg_set_file(config_file);
if (error) {
- ofp_fatal(error, "failed to add configuration file \"%s\"",
+ ovs_fatal(error, "failed to add configuration file \"%s\"",
config_file);
}
}
. RE
. PP
..
-.TH vswitchd.conf 5 "April 2009" "OpenFlow" "OpenFlow Manual"
+.TH vswitchd.conf 5 "April 2009" "OpenVSwitch" "OpenVSwitch Manual"
.
.SH NAME
vswitchd.conf \- configuration file for \fBvswitchd\fR
projects / openvswitch / commitdiff