From: Ben Pfaff Date: Mon, 11 May 2009 17:36:32 +0000 (-0700) Subject: Rename the project to OpenVSwitch and change version number to 0.90.0. X-Git-Url: https://pintos-os.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e10113bb3fc49e29cb8c142f0d2e75ef962b813b;p=openvswitch Rename the project to OpenVSwitch and change version number to 0.90.0. The Debian packages have not been renamed yet, since they need plenty of other work at the moment too. --- diff --git a/INSTALL b/INSTALL index fb2dab9b..34f898b7 100644 --- a/INSTALL +++ b/INSTALL @@ -1,29 +1,26 @@ - Installation Instructions for OpenFlow Reference Release + OpenVSwitch Installation Instructions -This document describes how to build, install, and execute the -reference implementation of OpenFlow. Please send any comments to: +This document describes how to build, install, and execute +OpenVSwitch. - +OpenVSwitch implements an Ethernet switch with MAC learning that may +be configured with any of the following features: -Contents -======== + * NIC bonding with automatic fail-over and source MAC-based TX + load balancing ("SLB"). -The OpenFlow reference implementation includes two OpenFlow switch -implementations: + * 802.1Q VLAN support. - - The "kernel-based switch": This divides the switch into a - "datapath" Linux kernel module (openflow_mod.ko) and a - userspace program (secchan). The kernel-based switch is - faster than either of the other two implementations but - requires building and installing a kernel module, which can - sometimes be challenging. + * Port mirroring, with optional VLAN tagging. - - The "userspace datapath-based switch": This divides the - switch into a userspace "datapath" (built as - udatapath/udatapath) and the same userspace program used by - the kernel-based switch (secchan). The userspace - datapath-based switch does not require building a kernel - module, but it is not as fast as the kernel-based switch. + * NetFlow v5 flow logging. + + * Connectivity to an external OpenFlow controller, such as + NOX. + +The current version of this distribution requires a kernel module to +be built and loaded. An (optional) entirely userspace switch is on +the roadmap for future versions. The reference implementation also contains a simple OpenFlow controller (built as controller/controller) and a number of related @@ -43,7 +40,7 @@ There are two principal ways to build and install this distribution: Base Prerequisites ------------------ -Regardless of how it is built, OpenFlow has a common set of +Regardless of how it is built, OpenVSwitch has a common set of prerequisites. To compile the userspace programs in the OpenFlow reference distribution, you will need the following software: @@ -54,42 +51,13 @@ reference distribution, you will need the following software: with version 4.2 or 4.3. - libssl, from OpenSSL (http://www.openssl.org/), is optional but - recommended. libssl is required to establish confidentiality - and authenticity in the connections among OpenFlow switches and - controllers. To enable, configure with --enable-ssl=yes. - -If you are working from a Git tree or snapshot (instead of from a -distribution tarball), or if you modify the OpenFlow build system, you -will also need the following software: - - - Autoconf version 2.60 or later (http://www.gnu.org/software/autoconf). - - - Automake version 1.10 or later (http://www.gnu.org/software/automake). - - - pkg-config (http://pkg-config.freedesktop.org/wiki/). We test - with version 0.22. - -Debian Prerequisites --------------------- - -To build Debian packages from the OpenFlow distribution, you will need -to install a number of Debian packages in addition to the base -prerequisites listed above. These additional prerequisites may be -found listed as "Build-Depends" in debian/control in the source tree. -To check that they are installed, first install the dpkg-dev package, -then run dpkg-checkbuilddeps from the top level of the OpenFlow source -tree. - -To build Debian packages without being root, also install the -"fakeroot" package. + recommended if you plan to connect the OpenVSwitch to an + OpenFlow controller. libssl is required to establish + confidentiality and authenticity in the connections from an + OpenVSwitch to an OpenFlow controller. To enable, configure + with --enable-ssl=yes. -Kernel-Based Switch Prerequisites ---------------------------------- - -The OpenFlow distribution also includes a Linux kernel module that can -be used to achieve higher switching performance. To compile the -kernel module, you must install the following in addition to the -software listed in the "Base Prerequisites" section above: +To compile the kernel module, you must also install the following: - A supported Linux kernel version. Please refer to README for a list of supported versions. @@ -110,16 +78,39 @@ software listed in the "Base Prerequisites" section above: corresponding linux-headers package with the required build infrastructure. +If you are working from a Git tree or snapshot (instead of from a +distribution tarball), or if you modify the OpenVSwitch build system, +you will also need the following software: + + - Autoconf version 2.60 or later (http://www.gnu.org/software/autoconf). + + - Automake version 1.10 or later (http://www.gnu.org/software/automake). + + - pkg-config (http://pkg-config.freedesktop.org/wiki/). We test + with version 0.22. + +Debian Prerequisites +-------------------- + +To build Debian packages from the OpenVSwitch distribution, you will +need to install a number of Debian packages in addition to the base +prerequisites listed above. These additional prerequisites may be +found listed as "Build-Depends" in debian/control in the source tree. +To check that they are installed, first install the dpkg-dev package, +then run dpkg-checkbuilddeps from the top level of the OpenFlow source +tree. + +To build Debian packages without being root, also install the +"fakeroot" package. + Building Conventionally ======================= -This section explains how to build and install the OpenFlow +This section explains how to build and install the OpenVSwitch distribution in the ordinary way using "configure" and "make". 0. Check that you have installed all the prerequisites listed above in - the Base Prerequisites section. If you want to compile the Linux - kernel module, also check that the prequisites listed under - Kernel-Based Switch Prequisites are installed. + the Base Prerequisites section. 1. In the top source directory, configure the package by running the configure script. You can usually invoke configure without any @@ -133,9 +124,19 @@ distribution in the ordinary way using "configure" and "make". % ./configure CC=gcc-4.2 To build the Linux kernel module, so that you can run the - kernel-based switch, add --with-l26 or --with-l24 option, or both, - to the configure script's command line. Refer to Building the - Linux Kernel-Based Switch, below, for more information. + kernel-based switch, pass the location of the kernel build + directory on --with-l26. For example, to build for a running + instance of Linux 2.6: + + % ./configure --with-l26=/lib/modules/`uname -r`/build + + If you wish to build the kernel module for an architecture other + than the architecture of the machine used for the build, you may + specify the kernel architecture string using the KARCH variable + when invoking the configure script. For example, to build for MIPS + with Linux 2.6: + + % ./configure --with-l26=/path/to/linux-2.6 KARCH=mips The configure script accepts a number of other options and honors additional environment variables. For a full list, invoke @@ -147,7 +148,9 @@ distribution in the ordinary way using "configure" and "make". The following binaries will be built: - - Userspace datapath: udatapath/udatapath. + - Virtual switch daemon: vswitchd/vswitchd + + - Bridge compatibility daemon: vswitchd/brcompatd - Secure channel executable: secchan/secchan. @@ -157,8 +160,8 @@ distribution in the ordinary way using "configure" and "make". - Runtime logging configuration utility: utilities/vlogconf. - - Miscellaneous utilities: utilities/ofp-discover, - utilities/ofp-kill. + - Miscellaneous utilities: utilities/ovs-discover, + utilities/ovs-kill. - Tests: various binaries in tests/. @@ -169,7 +172,7 @@ distribution in the ordinary way using "configure" and "make". ext/ezio/ezio-term. - Switch monitoring UI for small text displays: - ext/ezio/ofp-switchui. + ext/ezio/ovs-switchui. If you passed --with-l26 to configure, "make" will also build the following kernel modules: @@ -188,31 +191,8 @@ distribution in the ordinary way using "configure" and "make". have been loaded, run "/sbin/lsmod" and check that openflow_mod is listed. -4. Test the userspace programs, as described under Testing Userspace - Programs below. - -5. If you built the kernel module, test the kernel-based switch, as - described under Testing the Kernel-Based Implementation below. - -Building the Linux Kernel-Based Switch --------------------------------------- - -To build the kernel module, follow the build process described above, -but pass the location of the kernel build directory as an additional -argument to the configure script, as described under step 1 in that -section. Specify the location on --with-l26. For example, to build -for a running instance of Linux 2.6: - - % ./configure --with-l26=/lib/modules/`uname -r`/build - -If you wish to build OpenFlow for an architecture other than the -architecture used for compilation, you may specify the kernel -architecture string using the KARCH variable when invoking the -configure script. For example, to build OpenFlow for MIPS with Linux -2.6: - - % ./configure --with-l24=/path/to/linux-2.6 KARCH=mips - +5. Test the virtuaal switch, as described under Testing the Virtual +Switch below. Building Debian Packages ======================== @@ -286,64 +266,20 @@ Follow these instructions to build Debian packages for OpenFlow. This form of configuration is not supported for the userspace datapath-based switch. - - By running the ofp-switch-setup program. This interactive + - By running the ovs-switch-setup program. This interactive program will walk you through all the steps of configuring an OpenFlow switch, including configuration of SSL certificates. Run it without arguments, as root: - % ofp-switch-setup + % ovs-switch-setup This form of configuration is not supported for the userspace datapath-based switch. -Testing -======= - -The following sets of instructions show how to use the OpenFlow -reference implementation as a switch on a single machine. This can be -used to verify that the distribution built properly. For full -installation instructions, refer to the Installation section below. - -Userspace Datapath ------------------- - -These instructions use the OpenFlow userspace datapath ("udatapath"). - -1. Start the OpenFlow controller running in the background, by running - the "controller" program with a command like the following: - - # controller punix:/var/run/controller.sock & - - This command causes the controller to bind to the specified Unix - domain socket, awaiting connections from OpenFlow switches. See - controller(8) for details. - - The "controller" program does not require any special privilege, so - you do not need to run it as root. - -2. The commands below must run as root, so log in as root, or use a - program such as "su" to become root temporarily. - -3. Create a datapath instance running in the background. The command - below creates a datapath that listens for connections from secchan - on a Unix domain socket located in /var/run and services physical - ports eth1 and eth2: - - # udatapath punix:/var/run/dp0.sock -i eth1,eth2 & - -4. Run secchan to start the secure channel connecting the datapath and - the controller: - - # secchan unix:/var/run/controller.sock unix:/var/run/dp0.sock & - -5. Devices plugged into the network ports specified in step 2 should - now be able to send packets to each other, as if they were plugged - into ports on a conventional Ethernet switch. - Installation ============ -This section explains how to install OpenFlow in a network with one +This section explains how to install OpenVSwitch in a network with one controller and one or more switches, each of which runs on a separate machine. Before you begin, you must decide on one of two ways for each switch to reach the controller over the network: @@ -374,84 +310,10 @@ port 6633 (the default), as shown below. Make sure the machine hosting the controller is reachable by the switch. -Userspace Datapath-Based Setup ------------------------------- - -On a machine that is to host an OpenFlow userspace datapath-based -switch, follow the procedure below. - -0. The commands below must run as root, so log in as root, or use a - program such as "su" to become root temporarily. - -1. Create a datapath instance running in the background. The command - below creates a datapath that listens for connections from secchan - on a Unix domain socket located in /var/run, services physical - ports eth1 and eth2, and creates a TAP network device named "tap0" - for use in in-band control: - - # udatapath punix:/var/run/dp0.sock -i eth1,eth2 --local-port=tap:tap0 & - - (See udatapath(8) for details.) - - If the switch will connect to the controller out-of-band, then the - --local-port option may be omitted, or --no-local-port may be - substituted. - -3. Arrange so that the switch can reach the controller over the - network. - - - If you are using out-of-band control, at this point make sure - that the switch machine can reach the controller over the - network. - - - If you are using in-band control with manual configuration, at - this point the TAP network device created in step 1 is not - bridged to any physical network, so the next step depends on - whether connectivity is required to configure the device's IP - address: - - * If the switch has a static IP address, you may configure - its IP address now, e.g.: - - # ifconfig tap0 192.168.1.1 - - * If the switch does not have a static IP address, e.g. its - IP address is obtained dynamically via DHCP, then proceed - to step 4. The DHCP client will not be able to contact - the DHCP server until the secure channel has started up. - - - If you are using in-band control with controller discovery, no - configuration is required at this point. You may proceed to - step 4. - -4. Run secchan to start the secure channel connecting the datapath to - a remote controller. If the controller is running on host - 192.168.1.2 port 6633 (the default port), the secchan invocation - would look like this: - - # secchan unix:/var/run/dp0.sock tcp:192.168.1.2 - - - If you are using in-band control with controller discovery, omit - the second argument to the secchan command. - - - If you are using out-of-band control, add --out-of-band to the - command line. - -5. If you are using in-band control with manual configuration, and the - switch obtains its IP address dynamically, then you may now obtain - the switch's IP address, e.g. by invoking a DHCP client. The - secure channel will only be able to connect to the controller after - an IP address has been obtained. - -6. The secure channel should connect to the controller within a few - seconds. It may take a little longer if controller discovery is in - use, because the switch must then also obtain its own IP address - and the controller's location via DHCP. - -Testing the Kernel-Based Implementation ---------------------------------------- +Testing the Virtual Switch +-------------------------- -The OpenFlow kernel module must be loaded, as described under +The OpenVSwitch kernel module must be loaded, as described under "Building Conventionally", before it may be used. 0. The commands below must run as root, so log in as root, or use a @@ -463,7 +325,7 @@ The OpenFlow kernel module must be loaded, as described under # dpctl adddp dp0 - (dp0 is the first datapath within a host. openflow_mod supports + (dp0 is the first datapath within a host. openvswitch_mod supports multiple datapaths within the same host, which would be identified as dp1, dp2, etc.) @@ -543,16 +405,16 @@ Configuration Secure operation over SSL ------------------------- -The instructions above set up OpenFlow for operation over a plaintext -TCP connection. Production use of OpenFlow should use SSL[*] to -ensure confidentiality and authenticity of traffic among switches and -controllers. The source must be configured with --enable-ssl=yes to -build with SSL support. +The instructions above set up OpenVSwitch for operation over a +plaintext TCP connection. Production use of OpenVSwitch should use +SSL[*] to ensure confidentiality and authenticity of traffic among +switches and controllers. The source must be configured with +--enable-ssl=yes to build with SSL support. -To use SSL with OpenFlow, you must set up a public-key infrastructure +To use SSL with OpenVSwitch, you must set up a public-key infrastructure (PKI) including a pair of certificate authorities (CAs), one for controllers and one for switches. If you have an established PKI, -OpenFlow can use it directly. Otherwise, refer to "Establishing a +OpenVSwitch can use it directly. Otherwise, refer to "Establishing a Public Key Infrastructure" below. To configure the controller to listen for SSL connections on port 6633 @@ -587,7 +449,7 @@ like: # secchan -v DATAPATH ssl:192.168.1.2 --private-key=sc-privkey.pem \ --certificate=sc-cert.pem --ca-cert=pki/controllerca/cacert.pem -[*] To be specific, OpenFlow uses TLS version 1.0 or later (TLSv1), as +[*] To be specific, OpenVSwitch uses TLS version 1.0 or later (TLSv1), as specified by RFC 2246, which is very similar to SSL version 3.0. TLSv1 was released in January 1999, so all current software and hardware should implement it. @@ -595,13 +457,13 @@ like: Establishing a Public Key Infrastructure ---------------------------------------- -If you do not have a PKI, the ofp-pki script included with OpenFlow +If you do not have a PKI, the ovs-pki script included with OpenVSwitch can help. To create an initial PKI structure, invoke it as: - % ofp-pki init + % ovs-pki init which will create and populate a new PKI directory. The default -location for the PKI directory depends on how the OpenFlow tree was +location for the PKI directory depends on how the OpenVSwitch tree was configured (to see the configured default, look for the --dir option -description in the output of "ofp-pki --help"). +description in the output of "ovs-pki --help"). The pki directory contains two important subdirectories. The controllerca subdirectory contains controller certificate authority @@ -628,10 +490,10 @@ related files, analogous to those in the controllerca subdirectory: no need for switches or controllers to have a copy of it. After you create the initial structure, you can create keys and -certificates for switches and controllers with ofp-pki. To create a +certificates for switches and controllers with ovs-pki. To create a controller private key and certificate in files named ctl-privkey.pem and ctl-cert.pem, for example, you could run: - % ofp-pki req+sign ctl controller + % ovs-pki req+sign ctl controller ctl-privkey.pem and ctl-cert.pem would need to be copied to the controller for its use at runtime (they could then be deleted from their original locations). The --private-key and --certificate @@ -639,7 +501,7 @@ options of controller, respectively, would point to these files. Analogously, to create a switch private key and certificate in files named sc-privkey.pem and sc-cert.pem, for example, you could run: - % ofp-pki req+sign sc switch + % ovs-pki req+sign sc switch sc-privkey.pem and sc-cert.pem would need to be copied to the switch for its use at runtime (they could then be deleted from their original locations). The --private-key and --certificate options, @@ -648,5 +510,4 @@ respectively, of secchan would point to these files. Bug Reporting ------------- -Please report problems to: -info@openflowswitch.org +Please report problems to ovs-bugs@openvswitch.org. diff --git a/MISSING b/MISSING deleted file mode 100644 index c985fe03..00000000 --- a/MISSING +++ /dev/null @@ -1,10 +0,0 @@ -The following features are temporarily missing, pending time to -reimplement them with the new architecture: - -- STP support in secchan (note that this is distinct from STP support - in vswitchd). - -- SNAT support in secchan (but SNAT is still supported in the kernel - datapath). - -- udatapath. diff --git a/README b/README index 90986441..44afd798 100644 --- a/README +++ b/README @@ -1,68 +1,48 @@ - OpenFlow Reference Release + OpenVSwitch -What is OpenFlow? ------------------ +What is OpenVSwitch? +-------------------- -OpenFlow is a flow-based switch specification designed to enable -researchers to run experiments in live networks. OpenFlow is based on a -simple Ethernet flow switch that exposes a standardized interface for -adding and removing flow entries. +OpenVSwitch is an Ethernet switch for virtual servers with the +following features: -An OpenFlow switch consists of three parts: (1) A "flow table" in -which each flow entry is associated with an action telling the switch -how to process the flow, (2) a "secure channel" that connects the switch -to a remote process (a controller), allowing commands and packets to -be sent between the controller and the switch, and (3) an OpenFlow -protocol implementation, providing an open and standard way for a -controller to talk to the switch. + * NIC bonding with automatic fail-over and source MAC-based TX + load balancing ("SLB"). -An OpenFlow switch can thus serve as a simple datapath element that -forwards packets between ports according to flow actions defined by -the controller using OpenFlow commands. Example actions are: + * 802.1Q VLAN support. - - Forward this flow's packets to the given port(s) - - Drop this flow's packets - - Encapsulate and forward this flow's packets to the controller. + * Port mirroring, with optional VLAN tagging. -The OpenFlow switch is defined in detail in the OpenFlow switch -Specification [2]. + * NetFlow v5 flow logging. + + * Connectivity to an external OpenFlow controller, such as + NOX. What's here? ------------ -This distribution includes two reference implementations of an -OpenFlow switch. The first implementation, which is closely tied to -Linux because it is partially implemented in the Linux kernel, has the -following components: +The most important components of this distribution are: - - A Linux kernel module that implements the flow table, in the + - A Linux kernel module for flow-based switching, in the datapath directory. - - secchan, a program that implements the secure channel - component of the reference switch. - - - dpctl, a tool for configuring the datapath and OpenFlow - switches in general. - -The second implementation has the following components: + - vswitchd, a daemon that implements the virtual switch. - - udatapath, which implements the same functionality as the - Linux kernel module in userspace, at a cost in performance. - - - secchan, a program that implements the secure channel - component of the reference switch (the same program used in - the kernel-based implementation). + - dpctl, a tool for configuring the kernel module and + controlling OpenFlow switches. This distribution includes some additional software as well: - - controller, a simple program that connects to any number of - OpenFlow switches, commanding them to act as regular MAC - learning switches. + - secchan, a program that implements a simple OpenFlow switch + (without the special features provided by vswitchd) using + the same kernel module as vswitchd. + + - controller, a simple OpenFlow switch - vlogconf, a utility that can adjust the logging levels of a running secchan or controller. - - ofp-pki, a utility for creating and managing the public-key + - ovs-pki, a utility for creating and managing the public-key infrastructure for OpenFlow switches. - A patch to tcpdump that enables it to parse OpenFlow @@ -74,36 +54,18 @@ is also accompanied by a manpage. Platform support ---------------- -Other than the Linux kernel module and userspace switch -implementation, the software in the OpenFlow distribution should -compile under Unix-like environments such as Linux, FreeBSD, Mac OS X, -and Solaris. Our primary test environment is Debian GNU/Linux. -Please contact us with portability-related bug reports or patches. +Our primary test environment is Debian GNU/Linux. Ports to other +platforms are welcome. Please contact us with portability-related bug +reports or patches. -The Linux kernel module is, of course, Linux-specific, and the dpctl -utility will not be useful without the kernel module. The testing of -the kernel module has focused on version 2.6.18 from Xen and version -2.6.26 from kernel.org. Linux 2.6 releases from 2.6.15 onward should -also work. - -The userspace datapath implementation should be easy to port to -Unix-like systems. The interface to network devices, in netdev.c, is -the code most likely to need changes. So far, only Linux is -supported. We welcome ports to other platforms. +The testing of the kernel module has focused on version 2.6.18 from +Xen and version 2.6.26 from kernel.org. Linux 2.6 releases from +2.6.15 onward should also work. GCC is the expected compiler. -References ----------- - - [1] OpenFlow: Enabling Innovation in College Networks. Whitepaper. - - - [2] OpenFlow Switch Specification. - - Contact ------- -e-mail: info@openflowswitch.org -www: http://openflowswitch.org/ +ovs-bugs@openvswitch.org +http://openvswitch.org/ diff --git a/acinclude.m4 b/acinclude.m4 index 96648845..a1bd67ef 100644 --- a/acinclude.m4 +++ b/acinclude.m4 @@ -32,10 +32,10 @@ # advertising or publicity pertaining to the Software or any # derivatives without specific, written prior permission. -dnl OFP_CHECK_LINUX(OPTION, VERSION, VARIABLE, CONDITIONAL) +dnl OVS_CHECK_LINUX(OPTION, VERSION, VARIABLE, CONDITIONAL) dnl dnl Configure linux kernel source tree -AC_DEFUN([OFP_CHECK_LINUX], [ +AC_DEFUN([OVS_CHECK_LINUX], [ AC_ARG_WITH([$1], [AC_HELP_STRING([--with-$1=/path/to/linux-$2], [Specify the linux $2 kernel sources])], @@ -64,15 +64,15 @@ AC_DEFUN([OFP_CHECK_LINUX], [ ! test -e "$path"/include/linux/autoconf.h; then AC_MSG_ERROR([Linux kernel source in $path is not configured]) fi - m4_if($2, [2.6], [OFP_CHECK_LINUX26_COMPAT]) + m4_if($2, [2.6], [OVS_CHECK_LINUX26_COMPAT]) fi AM_CONDITIONAL($4, test -n "$path") ]) -dnl OFP_GREP_IFELSE(FILE, REGEX, IF-MATCH, IF-NO-MATCH) +dnl OVS_GREP_IFELSE(FILE, REGEX, IF-MATCH, IF-NO-MATCH) dnl dnl Greps FILE for REGEX. If it matches, runs IF-MATCH, otherwise IF-NO-MATCH. -AC_DEFUN([OFP_GREP_IFELSE], [ +AC_DEFUN([OVS_GREP_IFELSE], [ AC_MSG_CHECKING([whether $2 matches in $1]) grep '$2' $1 >/dev/null 2>&1 status=$? @@ -91,14 +91,14 @@ AC_DEFUN([OFP_GREP_IFELSE], [ esac ]) -dnl OFP_DEFINE(NAME) +dnl OVS_DEFINE(NAME) dnl dnl Defines NAME to 1 in kcompat.h. -AC_DEFUN([OFP_DEFINE], [ +AC_DEFUN([OVS_DEFINE], [ echo '#define $1 1' >> datapath/linux-2.6/kcompat.h.new ]) -AC_DEFUN([OFP_CHECK_VETH], [ +AC_DEFUN([OVS_CHECK_VETH], [ AC_MSG_CHECKING([whether to build veth module]) if test "$sublevel" = 18; then AC_MSG_RESULT([yes]) @@ -108,37 +108,37 @@ AC_DEFUN([OFP_CHECK_VETH], [ fi ]) -AC_DEFUN([OFP_CHECK_LOG2_H], [ +AC_DEFUN([OVS_CHECK_LOG2_H], [ AC_MSG_CHECKING([for $KSRC26/include/linux/log2.h]) if test -e $KSRC26/include/linux/log2.h; then AC_MSG_RESULT([yes]) - OFP_DEFINE([HAVE_LOG2_H]) + OVS_DEFINE([HAVE_LOG2_H]) else AC_MSG_RESULT([no]) fi ]) -dnl OFP_CHECK_LINUX26_COMPAT +dnl OVS_CHECK_LINUX26_COMPAT dnl dnl Runs various Autoconf checks on the Linux 2.6 kernel source in dnl the directory in $KSRC26. -AC_DEFUN([OFP_CHECK_LINUX26_COMPAT], [ +AC_DEFUN([OVS_CHECK_LINUX26_COMPAT], [ rm -f datapath/linux-2.6/kcompat.h.new mkdir -p datapath/linux-2.6 : > datapath/linux-2.6/kcompat.h.new - OFP_GREP_IFELSE([$KSRC26/include/linux/skbuff.h], [skb_transport_header], - [OFP_DEFINE([HAVE_SKBUFF_HEADER_HELPERS])]) - OFP_GREP_IFELSE([$KSRC26/include/linux/skbuff.h], [raw], - [OFP_DEFINE([HAVE_MAC_RAW])]) - OFP_GREP_IFELSE([$KSRC26/include/linux/skbuff.h], + OVS_GREP_IFELSE([$KSRC26/include/linux/skbuff.h], [skb_transport_header], + [OVS_DEFINE([HAVE_SKBUFF_HEADER_HELPERS])]) + OVS_GREP_IFELSE([$KSRC26/include/linux/skbuff.h], [raw], + [OVS_DEFINE([HAVE_MAC_RAW])]) + OVS_GREP_IFELSE([$KSRC26/include/linux/skbuff.h], [skb_copy_from_linear_data_offset], - [OFP_DEFINE([HAVE_SKB_COPY_FROM_LINEAR_DATA_OFFSET])]) - OFP_GREP_IFELSE([$KSRC26/include/net/netlink.h], [NLA_NUL_STRING], - [OFP_DEFINE([HAVE_NLA_NUL_STRING])]) - OFP_GREP_IFELSE([$KSRC26/include/linux/err.h], [ERR_CAST], - [OFP_DEFINE([HAVE_ERR_CAST])]) - OFP_CHECK_LOG2_H - OFP_CHECK_VETH + [OVS_DEFINE([HAVE_SKB_COPY_FROM_LINEAR_DATA_OFFSET])]) + OVS_GREP_IFELSE([$KSRC26/include/net/netlink.h], [NLA_NUL_STRING], + [OVS_DEFINE([HAVE_NLA_NUL_STRING])]) + OVS_GREP_IFELSE([$KSRC26/include/linux/err.h], [ERR_CAST], + [OVS_DEFINE([HAVE_ERR_CAST])]) + OVS_CHECK_LOG2_H + OVS_CHECK_VETH if cmp -s datapath/linux-2.6/kcompat.h.new \ datapath/linux-2.6/kcompat.h >/dev/null 2>&1; then rm datapath/linux-2.6/kcompat.h.new @@ -148,7 +148,7 @@ AC_DEFUN([OFP_CHECK_LINUX26_COMPAT], [ ]) dnl Checks for net/if_packet.h. -AC_DEFUN([OFP_CHECK_IF_PACKET], +AC_DEFUN([OVS_CHECK_IF_PACKET], [AC_CHECK_HEADER([net/if_packet.h], [HAVE_IF_PACKET=yes], [HAVE_IF_PACKET=no]) @@ -158,11 +158,11 @@ AC_DEFUN([OFP_CHECK_IF_PACKET], [Define to 1 if net/if_packet.h is available.]) fi]) -dnl Enable OpenFlow extension submodule. -AC_DEFUN([OFP_ENABLE_EXT], +dnl Enable OpenVSwitch extension submodule. +AC_DEFUN([OVS_ENABLE_EXT], [AC_ARG_ENABLE([ext], AS_HELP_STRING([--enable-ext], - [use OpenFlow extensions + [use OpenVSwitch extensions (default is yes if "ext" dir exists)])) case "${enable_ext}" in (yes) @@ -186,13 +186,13 @@ AC_DEFUN([OFP_ENABLE_EXT], AC_MSG_ERROR([cannot configure extensions without "ext" directory]) fi AC_DEFINE([HAVE_EXT], [1], - [Whether the OpenFlow extensions submodule is available]) + [Whether the OpenVSwitch extensions submodule is available]) fi AM_CONDITIONAL([HAVE_EXT], [test $HAVE_EXT = yes])]) dnl Checks for dpkg-buildpackage. If this is available then we check dnl that the Debian packaging is functional at "make distcheck" time. -AC_DEFUN([OFP_CHECK_DPKG_BUILDPACKAGE], +AC_DEFUN([OVS_CHECK_DPKG_BUILDPACKAGE], [AC_CHECK_PROG([HAVE_DPKG_BUILDPACKAGE], [dpkg-buildpackage], [yes], [no]) AM_CONDITIONAL([HAVE_DPKG_BUILDPACKAGE], [test $HAVE_DPKG_BUILDPACKAGE = yes])]) @@ -204,28 +204,28 @@ dnl This file is free software; the Free Software Foundation dnl gives unlimited permission to copy and/or distribute it, dnl with or without modifications, as long as this notice is preserved. -dnl OFP_CHECK_CC_OPTION([OPTION], [ACTION-IF-ACCEPTED], [ACTION-IF-REJECTED]) +dnl OVS_CHECK_CC_OPTION([OPTION], [ACTION-IF-ACCEPTED], [ACTION-IF-REJECTED]) dnl Check whether the given C compiler OPTION is accepted. dnl If so, execute ACTION-IF-ACCEPTED, otherwise ACTION-IF-REJECTED. -AC_DEFUN([OFP_CHECK_CC_OPTION], +AC_DEFUN([OVS_CHECK_CC_OPTION], [ - m4_define([ofp_cv_name], [ofp_cv_[]m4_translit([$1], [-], [_])])dnl - AC_CACHE_CHECK([whether $CC accepts $1], [ofp_cv_name], - [ofp_save_CFLAGS="$CFLAGS" + m4_define([ovs_cv_name], [ovs_cv_[]m4_translit([$1], [-], [_])])dnl + AC_CACHE_CHECK([whether $CC accepts $1], [ovs_cv_name], + [ovs_save_CFLAGS="$CFLAGS" CFLAGS="$CFLAGS $1" - AC_COMPILE_IFELSE([AC_LANG_PROGRAM(,)], [ofp_cv_name[]=yes], [ofp_cv_name[]=no]) - CFLAGS="$ofp_save_CFLAGS"]) - if test $ofp_cv_name = yes; then + AC_COMPILE_IFELSE([AC_LANG_PROGRAM(,)], [ovs_cv_name[]=yes], [ovs_cv_name[]=no]) + CFLAGS="$ovs_save_CFLAGS"]) + if test $ovs_cv_name = yes; then m4_if([$2], [], [;], [$2]) else m4_if([$3], [], [:], [$3]) fi ]) -dnl OFP_ENABLE_OPTION([OPTION]) +dnl OVS_ENABLE_OPTION([OPTION]) dnl Check whether the given C compiler OPTION is accepted. dnl If so, add it to CFLAGS. -dnl Example: OFP_ENABLE_OPTION([-Wdeclaration-after-statement]) -AC_DEFUN([OFP_ENABLE_OPTION], - [OFP_CHECK_CC_OPTION([$1], [CFLAGS="$CFLAGS $1"])]) +dnl Example: OVS_ENABLE_OPTION([-Wdeclaration-after-statement]) +AC_DEFUN([OVS_ENABLE_OPTION], + [OVS_CHECK_CC_OPTION([$1], [CFLAGS="$CFLAGS $1"])]) dnl ---------------------------------------------------------------------- diff --git a/boot.sh b/boot.sh index aa15e184..4598d537 100755 --- a/boot.sh +++ b/boot.sh @@ -9,12 +9,12 @@ do (--enable-ext) have_ext=yes ;; (--disable-ext) have_ext=no ;; (--help) cat < ext.mk echo 'm4_include([ext/configure.m4])' > ext.m4 cat debian/control.in ext/debian/control.in > debian/control @@ -32,7 +32,7 @@ if test "$have_ext" = yes; then test -e debian/$d || ln -s ../ext/debian/$d debian/$d done else - echo 'Disabling openflowext...' + echo 'Disabling vswitchext...' echo '# This file intentionally left blank.' > ext.mk echo '# This file intentionally left blank.' > ext.m4 cat debian/control.in > debian/control diff --git a/configure.ac b/configure.ac index 5f382a51..67526c91 100644 --- a/configure.ac +++ b/configure.ac @@ -31,7 +31,7 @@ # derivatives without specific, written prior permission. AC_PREREQ(2.60) -AC_INIT(openflow, 0.8.9~1, info@openflowswitch.org) +AC_INIT(openvswitch, 0.90.0, ovs-bugs@openvswitch.org) NX_BUILDNR AC_CONFIG_SRCDIR([datapath/datapath.c]) AC_CONFIG_MACRO_DIR([m4]) @@ -51,35 +51,35 @@ if test "$PERL" = no; then AC_MSG_ERROR([Perl interpreter not found in $PATH or $PERL.]) fi -OFP_CHECK_LIBOPENFLOW -OFP_CHECK_IF_PACKET +OVS_CHECK_LIBOPENVSWITCH +OVS_CHECK_IF_PACKET AC_SYS_LARGEFILE AC_CHECK_FUNCS([strsignal]) AC_ARG_VAR(KARCH, [Kernel Architecture String]) AC_SUBST(KARCH) -OFP_CHECK_LINUX(l26, 2.6, KSRC26, L26_ENABLED) +OVS_CHECK_LINUX(l26, 2.6, KSRC26, L26_ENABLED) -OFP_CHECK_DPKG_BUILDPACKAGE +OVS_CHECK_DPKG_BUILDPACKAGE -OFP_ENABLE_OPTION([-Wall]) -OFP_ENABLE_OPTION([-Wno-sign-compare]) -OFP_ENABLE_OPTION([-Wpointer-arith]) -OFP_ENABLE_OPTION([-Wdeclaration-after-statement]) -OFP_ENABLE_OPTION([-Wformat-security]) -OFP_ENABLE_OPTION([-Wswitch-enum]) -OFP_ENABLE_OPTION([-Wunused-parameter]) -OFP_ENABLE_OPTION([-Wstrict-aliasing]) -OFP_ENABLE_OPTION([-Wbad-function-cast]) -OFP_ENABLE_OPTION([-Wcast-align]) -OFP_ENABLE_OPTION([-Wstrict-prototypes]) -OFP_ENABLE_OPTION([-Wold-style-definition]) -OFP_ENABLE_OPTION([-Wmissing-prototypes]) -OFP_ENABLE_OPTION([-Wmissing-field-initializers]) -OFP_ENABLE_OPTION([-Wno-override-init]) +OVS_ENABLE_OPTION([-Wall]) +OVS_ENABLE_OPTION([-Wno-sign-compare]) +OVS_ENABLE_OPTION([-Wpointer-arith]) +OVS_ENABLE_OPTION([-Wdeclaration-after-statement]) +OVS_ENABLE_OPTION([-Wformat-security]) +OVS_ENABLE_OPTION([-Wswitch-enum]) +OVS_ENABLE_OPTION([-Wunused-parameter]) +OVS_ENABLE_OPTION([-Wstrict-aliasing]) +OVS_ENABLE_OPTION([-Wbad-function-cast]) +OVS_ENABLE_OPTION([-Wcast-align]) +OVS_ENABLE_OPTION([-Wstrict-prototypes]) +OVS_ENABLE_OPTION([-Wold-style-definition]) +OVS_ENABLE_OPTION([-Wmissing-prototypes]) +OVS_ENABLE_OPTION([-Wmissing-field-initializers]) +OVS_ENABLE_OPTION([-Wno-override-init]) -OFP_ENABLE_EXT +OVS_ENABLE_EXT m4_include([ext.m4]) AC_CONFIG_FILES([Makefile diff --git a/controller/automake.mk b/controller/automake.mk index ff9f627c..80b14da7 100644 --- a/controller/automake.mk +++ b/controller/automake.mk @@ -3,6 +3,6 @@ man_MANS += controller/controller.8 DISTCLEANFILES += controller/controller.8 controller_controller_SOURCES = controller/controller.c -controller_controller_LDADD = lib/libopenflow.a $(FAULT_LIBS) $(SSL_LIBS) +controller_controller_LDADD = lib/libopenvswitch.a $(FAULT_LIBS) $(SSL_LIBS) EXTRA_DIST += controller/controller.8.in diff --git a/controller/controller.8.in b/controller/controller.8.in index 2811d14b..0e29566e 100644 --- a/controller/controller.8.in +++ b/controller/controller.8.in @@ -1,4 +1,4 @@ -.TH controller 8 "March 2009" "OpenFlow" "OpenFlow Manual" +.TH controller 8 "March 2009" "OpenVSwitch" "OpenVSwitch Manual" .ds PN controller .SH NAME @@ -95,9 +95,9 @@ packets being seen. If \fBpermanent\fR is specified, which is not recommended, flows will never expire. The default is 60 seconds. This option affects only flows set up by the OpenFlow controller. In -some configurations, the OpenFlow secure channel can set up some flows +some configurations, the switch can set up some flows on its own. To set the idle time for those flows, pass -\fB--max-idle\fR to \fBsecchan\fR(8). +\fB--max-idle\fR to \fBsecchan\fR (on the switch). This option has no effect when \fB-n\fR (or \fB--noflow\fR) is in use (because the controller does not set up flows in that case). diff --git a/controller/controller.c b/controller/controller.c index fcebf675..d67bc98b 100644 --- a/controller/controller.c +++ b/controller/controller.c @@ -98,7 +98,7 @@ main(int argc, char *argv[]) signal(SIGPIPE, SIG_IGN); if (argc - optind < 1) { - ofp_fatal(0, "at least one vconn argument required; " + ovs_fatal(0, "at least one vconn argument required; " "use --help for usage"); } @@ -111,7 +111,7 @@ main(int argc, char *argv[]) retval = vconn_open(name, OFP_VERSION, &vconn); if (!retval) { if (n_switches >= MAX_SWITCHES) { - ofp_fatal(0, "max %d switch connections", n_switches); + ovs_fatal(0, "max %d switch connections", n_switches); } new_switch(&switches[n_switches++], vconn, name); continue; @@ -120,7 +120,7 @@ main(int argc, char *argv[]) retval = pvconn_open(name, &pvconn); if (!retval) { if (n_listeners >= MAX_LISTENERS) { - ofp_fatal(0, "max %d passive connections", n_listeners); + ovs_fatal(0, "max %d passive connections", n_listeners); } listeners[n_listeners++] = pvconn; } @@ -130,7 +130,7 @@ main(int argc, char *argv[]) } } if (n_switches == 0 && n_listeners == 0) { - ofp_fatal(0, "no active or passive switch connections"); + ovs_fatal(0, "no active or passive switch connections"); } die_if_already_running(); @@ -138,7 +138,7 @@ main(int argc, char *argv[]) retval = unixctl_server_create(NULL, &unixctl); if (retval) { - ofp_fatal(retval, "Could not listen for unixctl connections"); + ovs_fatal(retval, "Could not listen for unixctl connections"); } while (n_switches > 0 || n_listeners > 0) { @@ -286,7 +286,7 @@ parse_options(int argc, char *argv[]) } else { max_idle = atoi(optarg); if (max_idle < 1 || max_idle > 65535) { - ofp_fatal(0, "--max-idle argument must be between 1 and " + ovs_fatal(0, "--max-idle argument must be between 1 and " "65535 or the word 'permanent'"); } } diff --git a/datapath/Modules.mk b/datapath/Modules.mk index 2e320c11..9853f211 100644 --- a/datapath/Modules.mk +++ b/datapath/Modules.mk @@ -1,15 +1,15 @@ -# Some modules should be built and distributed, e.g. openflow. +# Some modules should be built and distributed, e.g. openvswitch. # # Some modules should be distributed but not built, e.g. we do not build # veth if the kernel in question already has it. # # Some modules should be built but not distributed, e.g. third-party # hwtable modules. -both_modules = openflow +both_modules = openvswitch build_modules = $(both_modules) # Modules to build dist_modules = $(both_modules) # Modules to distribute -openflow_sources = \ +openvswitch_sources = \ actions.c \ datapath.c \ dp_dev.c \ @@ -18,7 +18,7 @@ openflow_sources = \ snat.c \ table.c -openflow_headers = \ +openvswitch_headers = \ actions.h \ compat.h \ datapath.h \ diff --git a/datapath/actions.c b/datapath/actions.c index cce1e5c0..9215b11c 100644 --- a/datapath/actions.c +++ b/datapath/actions.c @@ -4,7 +4,7 @@ * Stanford Junior University */ -/* Functions for executing OpenFlow actions. */ +/* Functions for executing flow actions. */ #include #include @@ -18,7 +18,7 @@ #include "datapath.h" #include "dp_dev.h" #include "actions.h" -#include "openflow/datapath-protocol.h" +#include "openvswitch/datapath-protocol.h" #include "snat.h" struct sk_buff * diff --git a/datapath/brc_procfs.c b/datapath/brc_procfs.c index 1489ef81..733e9a94 100644 --- a/datapath/brc_procfs.c +++ b/datapath/brc_procfs.c @@ -4,7 +4,7 @@ #include #include #include -#include "openflow/brcompat-netlink.h" +#include "openvswitch/brcompat-netlink.h" /* This code implements a Generic Netlink command BRC_GENL_C_SET_PROC that can * be used to add, modify, and delete arbitrary files in selected diff --git a/datapath/brc_sysfs_dp.c b/datapath/brc_sysfs_dp.c index 8743938c..38702176 100644 --- a/datapath/brc_sysfs_dp.c +++ b/datapath/brc_sysfs_dp.c @@ -1,7 +1,7 @@ #include /* - * Sysfs attributes of bridge for OpenFlow + * Sysfs attributes of bridge for OpenVSwitch * * This has been shamelessly copied from the kernel sources. */ diff --git a/datapath/brc_sysfs_if.c b/datapath/brc_sysfs_if.c index cf1412ff..9d269d16 100644 --- a/datapath/brc_sysfs_if.c +++ b/datapath/brc_sysfs_if.c @@ -2,7 +2,7 @@ #if LINUX_VERSION_CODE == KERNEL_VERSION(2,6,18) /* - * Sysfs attributes of bridge ports for OpenFlow + * Sysfs attributes of bridge ports for OpenVSwitch * * This has been shamelessly copied from the kernel sources. */ diff --git a/datapath/brcompat.c b/datapath/brcompat.c index 3817ba84..a675d9e9 100644 --- a/datapath/brcompat.c +++ b/datapath/brcompat.c @@ -10,8 +10,7 @@ #include #include "compat.h" -#include "openflow/openflow-netlink.h" -#include "openflow/brcompat-netlink.h" +#include "openvswitch/brcompat-netlink.h" #include "brc_procfs.h" #include "brc_sysfs.h" #include "datapath.h" @@ -494,7 +493,7 @@ __init brc_init(void) int i; int err; - printk("OpenFlow Bridge Compatibility, built "__DATE__" "__TIME__"\n"); + printk("OpenVSwitch Bridge Compatibility, built "__DATE__" "__TIME__"\n"); rcu_read_lock(); for (i=0; i #include -#include "openflow/datapath-protocol.h" +#include "openvswitch/datapath-protocol.h" #include "datapath.h" #include "snat.h" #include "actions.h" @@ -1366,7 +1366,7 @@ get_port_group(struct datapath *dp, struct odp_port_group *upg) return 0; } -static long openflow_ioctl(struct file *f, unsigned int cmd, +static long openvswitch_ioctl(struct file *f, unsigned int cmd, unsigned long argp) { int dp_idx = iminor(f->f_dentry->d_inode); @@ -1511,7 +1511,7 @@ static int dp_has_packet_of_interest(struct datapath *dp, int listeners) return 0; } -ssize_t openflow_read(struct file *f, char __user *buf, size_t nbytes, +ssize_t openvswitch_read(struct file *f, char __user *buf, size_t nbytes, loff_t *ppos) { int listeners = (int) f->private_data; @@ -1566,7 +1566,7 @@ error: return retval; } -static unsigned int openflow_poll(struct file *file, poll_table *wait) +static unsigned int openvswitch_poll(struct file *file, poll_table *wait) { int dp_idx = iminor(file->f_dentry->d_inode); struct datapath *dp = get_dp(dp_idx); @@ -1583,12 +1583,12 @@ static unsigned int openflow_poll(struct file *file, poll_table *wait) return mask; } -const struct file_operations openflow_fops = { - /* XXX .aio_read = openflow_aio_read, */ - .read = openflow_read, - .poll = openflow_poll, - .unlocked_ioctl = openflow_ioctl, - /* XXX .fasync = openflow_fasync, */ +const struct file_operations openvswitch_fops = { + /* XXX .aio_read = openvswitch_aio_read, */ + .read = openvswitch_read, + .poll = openvswitch_poll, + .unlocked_ioctl = openvswitch_ioctl, + /* XXX .fasync = openvswitch_fasync, */ }; static int major; @@ -1597,7 +1597,7 @@ static int __init dp_init(void) { int err; - printk("OpenFlow %s, built "__DATE__" "__TIME__"\n", VERSION BUILDNR); + printk("OpenVSwitch %s, built "__DATE__" "__TIME__"\n", VERSION BUILDNR); err = flow_init(); if (err) @@ -1607,7 +1607,7 @@ static int __init dp_init(void) if (err) goto error_flow_exit; - major = register_chrdev(0, "openflow", &openflow_fops); + major = register_chrdev(0, "openvswitch", &openvswitch_fops); if (err < 0) goto error_unreg_notifier; @@ -1621,12 +1621,12 @@ static int __init dp_init(void) continue; rtnl_unlock(); - printk("openflow: must delete bridges " + printk("openvswitch: must delete bridges " "before loading\n"); err = -EBUSY; goto error_unreg_notifier; } - printk("openflow: hijacking bridge hook\n"); + printk("openvswitch: hijacking bridge hook\n"); } br_handle_frame_hook = dp_frame_hook; rtnl_unlock(); @@ -1643,7 +1643,7 @@ error: static void dp_cleanup(void) { - unregister_chrdev(major, "openflow"); + unregister_chrdev(major, "openvswitch"); unregister_netdevice_notifier(&dp_device_notifier); flow_exit(); br_handle_frame_hook = NULL; @@ -1652,5 +1652,5 @@ static void dp_cleanup(void) module_init(dp_init); module_exit(dp_cleanup); -MODULE_DESCRIPTION("OpenFlow switching datapath"); +MODULE_DESCRIPTION("OpenVSwitch switching datapath"); MODULE_LICENSE("GPL"); diff --git a/datapath/datapath.h b/datapath/datapath.h index 08485b28..30f6e5fc 100644 --- a/datapath/datapath.h +++ b/datapath/datapath.h @@ -1,4 +1,4 @@ -/* Interface exported by OpenFlow module. */ +/* Interface exported by openvswitch_mod. */ #ifndef DATAPATH_H #define DATAPATH_H 1 diff --git a/datapath/dp_dev.c b/datapath/dp_dev.c index d450996b..ca878cba 100644 --- a/datapath/dp_dev.c +++ b/datapath/dp_dev.c @@ -122,7 +122,7 @@ static int dp_dev_stop(struct net_device *netdev) static void dp_getinfo(struct net_device *netdev, struct ethtool_drvinfo *info) { struct dp_dev *dp_dev = dp_dev_priv(netdev); - strcpy(info->driver, "openflow"); + strcpy(info->driver, "openvswitch"); sprintf(info->bus_info, "%d", dp_dev->dp->dp_idx); } diff --git a/datapath/flow.c b/datapath/flow.c index 8a531e03..347bc7ae 100644 --- a/datapath/flow.c +++ b/datapath/flow.c @@ -64,9 +64,9 @@ static inline int icmphdr_ok(struct sk_buff *skb) #define TCP_FLAGS_OFFSET 13 #define TCP_FLAG_MASK 0x3f -static inline struct ofp_tcphdr *ofp_tcp_hdr(const struct sk_buff *skb) +static inline struct ovs_tcphdr *ovs_tcp_hdr(const struct sk_buff *skb) { - return (struct ofp_tcphdr *)skb_transport_header(skb); + return (struct ovs_tcphdr *)skb_transport_header(skb); } void flow_used(struct sw_flow *flow, struct sk_buff *skb) diff --git a/datapath/flow.h b/datapath/flow.h index 5d3fd260..55efede1 100644 --- a/datapath/flow.h +++ b/datapath/flow.h @@ -7,7 +7,7 @@ #include #include -#include "openflow/datapath-protocol.h" +#include "openvswitch/datapath-protocol.h" struct sk_buff; diff --git a/datapath/linux-2.6/.gitignore b/datapath/linux-2.6/.gitignore index 486ba1d1..1f540d5d 100644 --- a/datapath/linux-2.6/.gitignore +++ b/datapath/linux-2.6/.gitignore @@ -10,7 +10,7 @@ /dp_notify.c /flow.c /genetlink-brcompat.c -/genetlink-openflow.c +/genetlink-openvswitch.c /kcompat.h /linux-2.6 /modules.order diff --git a/datapath/linux-2.6/Modules.mk b/datapath/linux-2.6/Modules.mk index c8af7580..bbc4c72f 100644 --- a/datapath/linux-2.6/Modules.mk +++ b/datapath/linux-2.6/Modules.mk @@ -1,7 +1,7 @@ -openflow_sources += \ - linux-2.6/compat-2.6/genetlink-openflow.c \ +openvswitch_sources += \ + linux-2.6/compat-2.6/genetlink-openvswitch.c \ linux-2.6/compat-2.6/random32.c -openflow_headers += \ +openvswitch_headers += \ linux-2.6/compat-2.6/compat26.h \ linux-2.6/compat-2.6/include/asm-generic/bug.h \ linux-2.6/compat-2.6/include/linux/dmi.h \ diff --git a/datapath/linux-2.6/compat-2.6/genetlink-brcompat.c b/datapath/linux-2.6/compat-2.6/genetlink-brcompat.c index f30996ce..c43b3ce4 100644 --- a/datapath/linux-2.6/compat-2.6/genetlink-brcompat.c +++ b/datapath/linux-2.6/compat-2.6/genetlink-brcompat.c @@ -4,10 +4,10 @@ #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,23) /* We fix grp->id to 32 so that it doesn't collide with any of the multicast - * groups selected by openflow_mod, which uses groups 16 through 31. Collision - * isn't fatal--multicast listeners should check that the family is the one - * that they want and discard others--but it wastes time and memory to receive - * unwanted messages. */ + * groups selected by openvswitch_mod, which uses groups 16 through 31. + * Collision isn't fatal--multicast listeners should check that the family is + * the one that they want and discard others--but it wastes time and memory to + * receive unwanted messages. */ int genl_register_mc_group(struct genl_family *family, struct genl_multicast_group *grp) { diff --git a/datapath/linux-2.6/compat-2.6/genetlink-openflow.c b/datapath/linux-2.6/compat-2.6/genetlink-openflow.c deleted file mode 100644 index 9e09215f..00000000 --- a/datapath/linux-2.6/compat-2.6/genetlink-openflow.c +++ /dev/null @@ -1,22 +0,0 @@ -#include "net/genetlink.h" - -#include -#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,23) - -/* We use multicast groups 16 through 31 to avoid colliding with the multicast - * group selected by brcompat_mod, which uses groups 32. Collision isn't - * fatal--multicast listeners should check that the family is the one that they - * want and discard others--but it wastes time and memory to receive unwanted - * messages. */ -int genl_register_mc_group(struct genl_family *family, - struct genl_multicast_group *grp) -{ - /* This code is called single-threaded. */ - static unsigned int next_id = 0; - grp->id = next_id++ % 16 + 16; - grp->family = family; - - return 0; -} - -#endif /* kernel < 2.6.23 */ diff --git a/datapath/linux-2.6/compat-2.6/genetlink-openvswitch.c b/datapath/linux-2.6/compat-2.6/genetlink-openvswitch.c new file mode 100644 index 00000000..9e09215f --- /dev/null +++ b/datapath/linux-2.6/compat-2.6/genetlink-openvswitch.c @@ -0,0 +1,22 @@ +#include "net/genetlink.h" + +#include +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,23) + +/* We use multicast groups 16 through 31 to avoid colliding with the multicast + * group selected by brcompat_mod, which uses groups 32. Collision isn't + * fatal--multicast listeners should check that the family is the one that they + * want and discard others--but it wastes time and memory to receive unwanted + * messages. */ +int genl_register_mc_group(struct genl_family *family, + struct genl_multicast_group *grp) +{ + /* This code is called single-threaded. */ + static unsigned int next_id = 0; + grp->id = next_id++ % 16 + 16; + grp->family = family; + + return 0; +} + +#endif /* kernel < 2.6.23 */ diff --git a/datapath/snat.c b/datapath/snat.c index 17da5173..48a01de3 100644 --- a/datapath/snat.c +++ b/datapath/snat.c @@ -260,7 +260,7 @@ snat_pre_route_finish(struct sk_buff *skb) } spin_unlock_irqrestore(&p->lock, flags); - /* Pass the translated packet as input to the OpenFlow stack, which + /* Pass the translated packet as input to the openvswitch stack, which * consumes it. */ skb_push(skb, ETH_HLEN); skb_reset_mac_header(skb); diff --git a/debian/.gitignore b/debian/.gitignore index 4d6f69f9..ece9bd0c 100644 --- a/debian/.gitignore +++ b/debian/.gitignore @@ -5,33 +5,33 @@ /corekeeper /files /nicira-switch -/openflow -/openflow-common -/openflow-common.copyright -/openflow-controller -/openflow-datapath-source -/openflow-dbg -/openflow-monitor -/openflow-monitor.copyright -/openflow-monitor.default -/openflow-monitor.dirs -/openflow-monitor.init -/openflow-monitor.install -/openflow-pki -/openflow-pki-server -/openflow-switch -/openflow-switch-config -/openflow-switch.copyright -/openflow-switchui -/openflow-switchui.copyright -/openflow-switchui.default -/openflow-switchui.dirs -/openflow-switchui.init -/openflow-switchui.install -/openflow-wdt -/openflow-wdt.copyright -/openflow-wdt.default -/openflow-wdt.dirs -/openflow-wdt.init -/openflow-wdt.install +/openvswitch +/openvswitch-common +/openvswitch-common.copyright +/openvswitch-controller +/openvswitch-datapath-source +/openvswitch-dbg +/openvswitch-monitor +/openvswitch-monitor.copyright +/openvswitch-monitor.default +/openvswitch-monitor.dirs +/openvswitch-monitor.init +/openvswitch-monitor.install +/openvswitch-pki +/openvswitch-pki-server +/openvswitch-switch +/openvswitch-switch-config +/openvswitch-switch.copyright +/openvswitch-switchui +/openvswitch-switchui.copyright +/openvswitch-switchui.default +/openvswitch-switchui.dirs +/openvswitch-switchui.init +/openvswitch-switchui.install +/openvswitch-wdt +/openvswitch-wdt.copyright +/openvswitch-wdt.default +/openvswitch-wdt.dirs +/openvswitch-wdt.init +/openvswitch-wdt.install /rules.ext diff --git a/debian/automake.mk b/debian/automake.mk index fda8a7aa..ef0b0cb6 100644 --- a/debian/automake.mk +++ b/debian/automake.mk @@ -9,42 +9,42 @@ EXTRA_DIST += \ debian/corekeeper.cron.daily \ debian/corekeeper.init \ debian/dirs \ - debian/ofp-switch-setup \ - debian/ofp-switch-setup.8 \ - debian/openflow-common.dirs \ - debian/openflow-common.install \ - debian/openflow-common.manpages \ - debian/openflow-controller.README.Debian \ - debian/openflow-controller.default \ - debian/openflow-controller.dirs \ - debian/openflow-controller.init \ - debian/openflow-controller.install \ - debian/openflow-controller.manpages \ - debian/openflow-controller.postinst \ - debian/openflow-datapath-module-_KVERS_.postinst.modules.in \ - debian/openflow-datapath-source.README.Debian \ - debian/openflow-datapath-source.copyright \ - debian/openflow-datapath-source.dirs \ - debian/openflow-datapath-source.install \ - debian/openflow-pki-server.apache2 \ - debian/openflow-pki-server.dirs \ - debian/openflow-pki-server.install \ - debian/openflow-pki-server.postinst \ - debian/openflow-pki.postinst \ - debian/openflow-switch-config.dirs \ - debian/openflow-switch-config.install \ - debian/openflow-switch-config.manpages \ - debian/openflow-switch-config.overrides \ - debian/openflow-switch-config.templates \ - debian/openflow-switch.README.Debian \ - debian/openflow-switch.dirs \ - debian/openflow-switch.init \ - debian/openflow-switch.install \ - debian/openflow-switch.logrotate \ - debian/openflow-switch.manpages \ - debian/openflow-switch.postinst \ - debian/openflow-switch.postrm \ - debian/openflow-switch.template \ + debian/ovs-switch-setup \ + debian/ovs-switch-setup.8 \ + debian/openvswitch-common.dirs \ + debian/openvswitch-common.install \ + debian/openvswitch-common.manpages \ + debian/openvswitch-controller.README.Debian \ + debian/openvswitch-controller.default \ + debian/openvswitch-controller.dirs \ + debian/openvswitch-controller.init \ + debian/openvswitch-controller.install \ + debian/openvswitch-controller.manpages \ + debian/openvswitch-controller.postinst \ + debian/openvswitch-datapath-module-_KVERS_.postinst.modules.in \ + debian/openvswitch-datapath-source.README.Debian \ + debian/openvswitch-datapath-source.copyright \ + debian/openvswitch-datapath-source.dirs \ + debian/openvswitch-datapath-source.install \ + debian/openvswitch-pki-server.apache2 \ + debian/openvswitch-pki-server.dirs \ + debian/openvswitch-pki-server.install \ + debian/openvswitch-pki-server.postinst \ + debian/openvswitch-pki.postinst \ + debian/openvswitch-switch-config.dirs \ + debian/openvswitch-switch-config.install \ + debian/openvswitch-switch-config.manpages \ + debian/openvswitch-switch-config.overrides \ + debian/openvswitch-switch-config.templates \ + debian/openvswitch-switch.README.Debian \ + debian/openvswitch-switch.dirs \ + debian/openvswitch-switch.init \ + debian/openvswitch-switch.install \ + debian/openvswitch-switch.logrotate \ + debian/openvswitch-switch.manpages \ + debian/openvswitch-switch.postinst \ + debian/openvswitch-switch.postrm \ + debian/openvswitch-switch.template \ debian/po/POTFILES.in \ debian/po/templates.pot \ debian/rules diff --git a/debian/changelog b/debian/changelog index ad26b6cd..e988e1fe 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,5 +1,5 @@ -openflow (0.8.1) unstable; urgency=low +openvswitch (0.90.0) unstable; urgency=low * Development version. - -- OpenFlow team Mon, 19 Nov 2007 14:57:52 -0800 + -- OpenVSwitch developers Mon, 19 Nov 2007 14:57:52 -0800 diff --git a/debian/commands/reconfigure b/debian/commands/reconfigure index a9610524..dc493a18 100755 --- a/debian/commands/reconfigure +++ b/debian/commands/reconfigure @@ -4,7 +4,7 @@ use POSIX; use strict; use warnings; -my $default = '/etc/default/openflow-switch'; +my $default = '/etc/default/openvswitch-switch'; my (%config) = load_config($default); if (@ARGV) { diff --git a/debian/control.in b/debian/control.in index c5da704c..a2750a6d 100644 --- a/debian/control.in +++ b/debian/control.in @@ -1,80 +1,87 @@ -Source: openflow +Source: openvswitch Section: net Priority: extra -Maintainer: OpenFlow Team +Maintainer: OpenVSwitch developers Build-Depends: debhelper (>= 5), autoconf (>= 2.60), automake1.10, libssl-dev, pkg-config (>= 0.21), po-debconf, bzip2, openssl, libncurses5-dev, libpcre3-dev Standards-Version: 3.7.3 -Package: openflow-datapath-source +Package: openvswitch-datapath-source Architecture: all Depends: module-assistant, bzip2, debhelper (>= 5.0.37) -Suggests: openflow-switch -Description: Source code for OpenFlow datapath Linux module - This package provides the OpenFlow datapath module source code that - is needed by the kernel-based OpenFlow switch. The kernel module can - be built from it using module-assistant or make-kpkg. README.Debian - in this package provides further instructions. +Suggests: openvswitch-switch +Description: Source code for OpenVSwitch datapath Linux module + This package provides the OpenVSwitch datapath module source code + that is needed by openvswitch-switch. The kernel module can be built + from it using module-assistant or make-kpkg. README.Debian in this + package provides further instructions. . - OpenFlow is a protocol for flow-based control over network switching. + OpenVSwitch is a software-based Ethernet switch targeted at virtual + servers. -Package: openflow-common +Package: openvswitch-common Architecture: any Depends: ${shlibs:Depends}, openssl -Description: OpenFlow common components - openflow-common provides components required by both openflow-switch - and openflow-controller. +Description: OpenVSwitch common components + openvswitch-common provides components required by both openvswitch-switch + and openvswitch-controller. . - OpenFlow is a protocol for flow-based control over network switching. + OpenVSwitch is a software-based Ethernet switch targeted at virtual + servers. -Package: openflow-switch +Package: openvswitch-switch Architecture: any -Suggests: openflow-datapath-module -Depends: ${shlibs:Depends}, ${misc:Depends}, openflow-common, dhcp3-client, module-init-tools, dmidecode, procps, debianutils -Description: OpenFlow switch implementations - openflow-switch provides the userspace components and utilities for - the OpenFlow kernel-based switch. +Suggests: openvswitch-datapath-module +Depends: ${shlibs:Depends}, ${misc:Depends}, openvswitch-common, dhcp3-client, module-init-tools, dmidecode, procps, debianutils +Description: OpenVSwitch switch implementations + openvswitch-switch provides the userspace components and utilities for + the Openvswitch kernel-based switch. . - OpenFlow is a protocol for flow-based control over network switching. + OpenVSwitch is a software-based Ethernet switch targeted at virtual + servers. -Package: openflow-switch-config +Package: openvswitch-switch-config Architecture: any -Depends: ${shlibs:Depends}, ${misc:Depends}, openflow-switch, libwww-perl, libdigest-sha1-perl -Description: OpenFlow switch implementations - openflow-switch-config provides a utility for interactively configuring - the OpenFlow switch provided in the openflow-switch package. +Depends: ${shlibs:Depends}, ${misc:Depends}, openvswitch-switch, libwww-perl, libdigest-sha1-perl +Description: OpenVSwitch switch implementations + openvswitch-switch-config provides a utility for interactively configuring + the OpenVSwitch switch provided in the openvswitch-switch package. . - OpenFlow is a protocol for flow-based control over network switching. + OpenVSwitch is a software-based Ethernet switch targeted at virtual + servers. -Package: openflow-pki +Package: openvswitch-pki Architecture: all -Depends: ${shlibs:Depends}, ${misc:Depends}, openflow-common -Description: OpenFlow public key infrastructure - openflow-pki provides PKI (public key infrastructure) support for - OpenFlow switches and controllers, reducing the risk of - man-in-the-middle attacks on the OpenFlow network infrastructure. +Depends: ${shlibs:Depends}, ${misc:Depends}, openvswitch-common +Description: OpenVSwitch public key infrastructure + openvswitch-pki provides PKI (public key infrastructure) support for + OpenVSwitch switches and controllers, reducing the risk of + man-in-the-middle attacks on the Openvswitch network infrastructure. . - OpenFlow is a protocol for flow-based control over network switching. + OpenVSwitch is a software-based Ethernet switch targeted at virtual + servers. -Package: openflow-pki-server +Package: openvswitch-pki-server Architecture: all -Depends: ${shlibs:Depends}, ${misc:Depends}, ${perl:Depends}, openflow-pki, apache2 -Description: OpenFlow public key infrastructure (HTTP server support) - openflow-pki-server provides HTTP access to the OpenFlow PKI (public +Depends: ${shlibs:Depends}, ${misc:Depends}, ${perl:Depends}, openvswitch-pki, apache2 +Description: OpenVSwitch public key infrastructure (HTTP server support) + openvswitch-pki-server provides HTTP access to the OpenVSwitch PKI (public key infrastructure) maintained on the local machine by the - openflow-pki package. This HTTP access is needed for secure and - convenient OpenFlow switch setup using the ofp-switch-setup program - in the openflow-switch package. + openvswitch-pki package. This HTTP access is needed for secure and + convenient OpenFlow switch setup using the ovs-switch-setup program + in the openvswitch-switch package. . - OpenFlow is a protocol for flow-based control over network switching. + OpenVSwitch is a software-based Ethernet switch targeted at virtual + servers. -Package: openflow-controller +Package: openvswitch-controller Architecture: any -Depends: ${shlibs:Depends}, openflow-common, openflow-pki -Description: OpenFlow controller implementation - The OpenFlow controller enables OpenFlow switches that connect to it +Depends: ${shlibs:Depends}, openvswitch-common, openvswitch-pki +Description: OpenVSwitch controller implementation + The OpenVSwitch controller enables OpenFlow switches that connect to it to act as MAC-learning Ethernet switches. . - OpenFlow is a protocol for flow-based control over network switching. + OpenVSwitch is a software-based Ethernet switch targeted at virtual + servers. Package: corekeeper Architecture: all @@ -83,11 +90,11 @@ Description: Core file centralizer and reaper The corekeeper package configures the system to dump all core files to /var/log/core. It also deletes core files older than 7 days. -Package: openflow-dbg +Package: openvswitch-dbg Architecture: any Depends: ${shlibs:Depends} -Description: Debug symbols for OpenFlow packages - This package contains the debug symbols for all the other openflow-* +Description: Debug symbols for OpenVSwitch packages + This package contains the debug symbols for all the other openvswitch-* packages. Install it to debug one of them or to examine a core dump produced by one of them. diff --git a/debian/control.modules.in b/debian/control.modules.in index cc149cac..cc163299 100644 --- a/debian/control.modules.in +++ b/debian/control.modules.in @@ -1,19 +1,20 @@ -Source: openflow +Source: openvswitch Section: net Priority: extra -Maintainer: OpenFlow Team +Maintainer: OpenVSwitch developers Build-Depends: debhelper (>= 5.0.37) Standards-Version: 3.7.3 -Package: openflow-datapath-module-_KVERS_ +Package: openvswitch-datapath-module-_KVERS_ Architecture: any -Recommends: kernel-image-_KVERS_, openflow-switch -Provides: openflow-datapath-module -Description: OpenFlow Linux datapath kernel module - This package contains the OpenFlow loadable datapath kernel modules for +Recommends: kernel-image-_KVERS_, openvswitch-switch +Provides: openvswitch-datapath-module +Description: OpenVSwitch Linux datapath kernel module + This package contains the OpenVSwitch loadable datapath kernel modules for the kernel-image-_KVERS_ package. . If you compiled a custom kernel, you will most likely need to compile - a custom version of this module as well. The openflow-datapath-source - package has been provided for this purpose. Refer to README.Debian - provided in that package for further instructions. + a custom version of this module as well. The + openvswitch-datapath-source package has been provided for this + purpose. Refer to README.Debian provided in that package for further + instructions. diff --git a/debian/ofp-switch-setup b/debian/ofp-switch-setup deleted file mode 100755 index 5a999ab4..00000000 --- a/debian/ofp-switch-setup +++ /dev/null @@ -1,615 +0,0 @@ -#! /usr/bin/perl - -use POSIX; -use Debconf::Client::ConfModule ':all'; -use HTTP::Request; -use LWP::UserAgent; -use Digest::SHA1 'sha1_hex'; -use strict; -use warnings; - -# XXX should support configuring SWITCH_NETMASK and SWITCH_GATEWAY -# when the mode is in-band. - -my $debconf_owner = 'openflow-switch'; - -my $default = '/etc/default/openflow-switch'; -my $template = '/usr/share/openflow/switch/default.template'; -my $etc = '/etc/openflow-switch'; -my $rundir = '/var/run'; -my $privkey_file = "$etc/of0-privkey.pem"; -my $req_file = "$etc/of0-req.pem"; -my $cert_file = "$etc/of0-cert.pem"; -my $cacert_file = "$etc/cacert.pem"; -my $ofp_discover_pidfile = "$rundir/ofp-discover.pid"; - -my $ua = LWP::UserAgent->new; -$ua->timeout(10); -$ua->env_proxy; - -system("/etc/init.d/openflow-switch stop 1>&2"); -kill_ofp_discover(); - -version('2.0'); -capb('backup'); -title('OpenFlow Switch Setup'); - -my (%netdevs) = find_netdevs(); -db_subst('netdevs', 'choices', - join(', ', map($netdevs{$_}, sort(keys(%netdevs))))); -db_set('netdevs', join(', ', grep(!/IP/, values(%netdevs)))); - -my %oldconfig; -if (-e $default) { - %oldconfig = load_config($default); - - my (%map) = - (NETDEVS => sub { - db_set('netdevs', join(', ', map($netdevs{$_}, - grep(exists $netdevs{$_}, split)))) - }, - MODE => sub { - db_set('mode', - $_ eq 'in-band' || $_ eq 'out-of-band' ? $_ : 'discovery') - }, - SWITCH_IP => sub { db_set('switch-ip', $_) }, - CONTROLLER => sub { db_set('controller-vconn', $_) }, - PRIVKEY => sub { $privkey_file = $_ }, - CERT => sub { $cert_file = $_ }, - CACERT => sub { $cacert_file = $_ }, - ); - - for my $key (keys(%map)) { - local $_ = $oldconfig{$key}; - &{$map{$key}}() if defined && !/^\s*$/; - } -} elsif (-e $template) { - %oldconfig = load_config($template); -} - -my $cacert_preverified = -e $cacert_file; -my ($req, $req_fingerprint); - -my %options; - -my (@states) = - (sub { - # User backed up from first dialog box. - exit(10); - }, - sub { - # Prompt for ports to include in switch. - db_input('netdevs'); - return; - }, - sub { - # Validate the chosen ports. - my (@netdevs) = split(', ', db_get('netdevs')); - if (!@netdevs) { - # No ports chosen. Disable switch. - db_input('no-netdevs'); - return 'prev' if db_go(); - return 'done'; - } elsif (my (@conf_netdevs) = grep(/IP/, @netdevs)) { - # Point out that some ports have configured IP addresses. - db_subst('configured-netdevs', 'configured-netdevs', - join(', ', @conf_netdevs)); - db_input('configured-netdevs'); - return; - } else { - # Otherwise proceed. - return 'skip'; - } - }, - sub { - # Discovery or in-band or out-of-band controller? - db_input('mode'); - return; - }, - sub { - return 'skip' if db_get('mode') ne 'discovery'; - for (;;) { - # Notify user that we are going to do discovery. - db_input('discover'); - return 'prev' if db_go(); - print STDERR "Please wait up to 30 seconds for discovery...\n"; - - # Make sure that there's no running discovery process. - kill_ofp_discover(); - - # Do discovery. - %options = (); - open(DISCOVER, '-|', 'ofp-discover --timeout=30 --pidfile ' - . join(' ', netdev_names())); - while () { - chomp; - if (my ($name, $value) = /^([^=]+)=(.*)$/) { - if ($value =~ /^"(.*)"$/) { - $value = $1; - $value =~ s/\\([0-7][0-7][0-7])/chr($1)/ge; - } else { - $value =~ s/^(0x[[:xdigit:]]+)$/hex($1)/e; - $value = '' if $value eq 'empty'; - next if $value eq 'null'; # Shouldn't happen. - } - $options{$name} = $value; - } - last if /^$/; - } - - # Check results. - my $vconn = $options{'ofp-controller-vconn'}; - my $pki_uri = $options{'ofp-pki-uri'}; - return 'next' - if (defined($vconn) - && is_valid_vconn($vconn) - && (!is_ssl_vconn($vconn) || defined($pki_uri))); - - # Try again? - kill_ofp_discover(); - db_input('discovery-failure'); - db_go(); - } - }, - sub { - return 'skip' if db_get('mode') ne 'discovery'; - - my $vconn = $options{'ofp-controller-vconn'}; - my $pki_uri = $options{'ofp-pki-uri'}; - db_subst('discovery-success', 'controller-vconn', $vconn); - db_subst('discovery-success', - 'pki-uri', is_ssl_vconn($vconn) ? $pki_uri : "no PKI in use"); - db_input('discovery-success'); - return 'prev' if db_go(); - db_set('controller-vconn', $vconn); - db_set('pki-uri', $pki_uri); - return 'next'; - }, - sub { - return 'skip' if db_get('mode') ne 'in-band'; - for (;;) { - db_input('switch-ip'); - return 'prev' if db_go(); - - my $ip = db_get('switch-ip'); - return 'next' if $ip =~ /^dhcp|\d+\.\d+.\d+.\d+$/i; - - db_input('switch-ip-error'); - db_go(); - } - }, - sub { - return 'skip' if db_get('mode') eq 'discovery'; - for (;;) { - my $old_vconn = db_get('controller-vconn'); - db_input('controller-vconn'); - return 'prev' if db_go(); - - my $vconn = db_get('controller-vconn'); - if (is_valid_vconn($vconn)) { - if ($old_vconn ne $vconn || db_get('pki-uri') eq '') { - db_set('pki-uri', pki_host_to_uri($2)); - } - return 'next'; - } - - db_input('controller-vconn-error'); - db_go(); - } - }, - sub { - return 'skip' if !ssl_enabled(); - - if (! -e $privkey_file) { - my $old_umask = umask(077); - run_cmd("ofp-pki req $etc/of0 >&2 2>/dev/null"); - chmod(0644, $req_file) or die "$req_file: chmod: $!\n"; - umask($old_umask); - } - - if (! -e $cert_file) { - open(REQ, '<', $req_file) or die "$req_file: open: $!\n"; - $req = join('', ); - close(REQ); - $req_fingerprint = sha1_hex($req); - } - return 'skip'; - }, - sub { - return 'skip' if !ssl_enabled(); - return 'skip' if -e $cacert_file && -e $cert_file; - - db_input('pki-uri'); - return 'prev' if db_go(); - return; - }, - sub { - return 'skip' if !ssl_enabled(); - return 'skip' if -e $cacert_file; - - my $pki_uri = db_get('pki-uri'); - if ($pki_uri !~ /:/) { - $pki_uri = pki_host_to_uri($pki_uri); - } else { - # Trim trailing slashes. - $pki_uri =~ s%/+$%%; - } - db_set('pki-uri', $pki_uri); - - my $url = "$pki_uri/controllerca/cacert.pem"; - my $response = $ua->get($url, ':content_file' => $cacert_file); - if ($response->is_success) { - return 'next'; - } - - db_subst('fetch-cacert-failed', 'url', $url); - db_subst('fetch-cacert-failed', 'error', $response->status_line); - db_subst('fetch-cacert-failed', 'pki-uri', $pki_uri); - db_input('fetch-cacert-failed'); - db_go(); - return 'prev'; - }, - sub { - return 'skip' if !ssl_enabled(); - return 'skip' if -e $cert_file; - - for (;;) { - db_set('send-cert-req', 'yes'); - db_input('send-cert-req'); - return 'prev' if db_go(); - return 'next' if db_get('send-cert-req') eq 'no'; - - my $pki_uri = db_get('pki-uri'); - my ($pki_base_uri) = $pki_uri =~ m%^([^/]+://[^/]+)/%; - my $url = "$pki_base_uri/cgi-bin/ofp-pki-cgi"; - my $response = $ua->post($url, {'type' => 'switch', - 'req' => $req}); - return 'next' if $response->is_success; - - db_subst('send-cert-req-failed', 'url', $url); - db_subst('send-cert-req-failed', 'error', - $response->status_line); - db_subst('send-cert-req-failed', 'pki-uri', $pki_uri); - db_input('send-cert-req-failed'); - db_go(); - } - }, - sub { - return 'skip' if !ssl_enabled(); - return 'skip' if $cacert_preverified; - - my ($cacert_fingerprint) = x509_fingerprint($cacert_file); - db_subst('verify-controller-ca', 'fingerprint', $cacert_fingerprint); - db_input('verify-controller-ca'); - return 'prev' if db_go(); - return 'next' if db_get('verify-controller-ca') eq 'yes'; - unlink($cacert_file); - return 'prev'; - }, - sub { - return 'skip' if !ssl_enabled(); - return 'skip' if -e $cert_file; - - for (;;) { - db_set('fetch-switch-cert', 'yes'); - db_input('fetch-switch-cert'); - return 'prev' if db_go(); - exit(1) if db_get('fetch-switch-cert') eq 'no'; - - my $pki_uri = db_get('pki-uri'); - my $url = "$pki_uri/switchca/certs/$req_fingerprint-cert.pem"; - my $response = $ua->get($url, ':content_file' => $cert_file); - if ($response->is_success) { - return 'next'; - } - - db_subst('fetch-switch-cert-failed', 'url', $url); - db_subst('fetch-switch-cert-failed', 'error', - $response->status_line); - db_subst('fetch-switch-cert-failed', 'pki-uri', $pki_uri); - db_input('fetch-switch-cert-failed'); - db_go(); - } - }, - sub { - db_input('complete'); - db_go(); - return; - }, - sub { - return 'done'; - }, -); - -my $state = 1; -my $direction = 1; -for (;;) { - my $ret = &{$states[$state]}(); - $ret = db_go() ? 'prev' : 'next' if !defined $ret; - if ($ret eq 'next') { - $direction = 1; - } elsif ($ret eq 'prev') { - $direction = -1; - } elsif ($ret eq 'skip') { - # Nothing to do. - } elsif ($ret eq 'done') { - last; - } else { - die "unknown ret $ret"; - } - $state += $direction; -} - -my %config = %oldconfig; -$config{NETDEVS} = join(' ', netdev_names()); -$config{MODE} = db_get('mode'); -if (db_get('mode') eq 'in-band') { - $config{SWITCH_IP} = db_get('switch-ip'); -} -if (db_get('mode') ne 'discovery') { - $config{CONTROLLER} = db_get('controller-vconn'); -} -$config{PRIVKEY} = $privkey_file; -$config{CERT} = $cert_file; -$config{CACERT} = $cacert_file; -save_config($default, %config); - -dup2(2, 1); # Get stdout back. -kill_ofp_discover(); -system("/etc/init.d/openflow-switch start"); - -sub ssl_enabled { - return is_ssl_vconn(db_get('controller-vconn')); -} - -sub db_subst { - my ($question, $key, $value) = @_; - $question = "$debconf_owner/$question"; - my ($ret, $seen) = subst($question, $key, $value); - if ($ret && $ret != 30) { - die "Error substituting $value for $key in debconf question " - . "$question: $seen"; - } -} - -sub db_set { - my ($question, $value) = @_; - $question = "$debconf_owner/$question"; - my ($ret, $seen) = set($question, $value); - if ($ret && $ret != 30) { - die "Error setting debconf question $question to $value: $seen"; - } -} - -sub db_get { - my ($question) = @_; - $question = "$debconf_owner/$question"; - my ($ret, $seen) = get($question); - if ($ret) { - die "Error getting debconf question $question answer: $seen"; - } - return $seen; -} - -sub db_fset { - my ($question, $flag, $value) = @_; - $question = "$debconf_owner/$question"; - my ($ret, $seen) = fset($question, $flag, $value); - if ($ret && $ret != 30) { - die "Error setting debconf question $question flag $flag to $value: " - . "$seen"; - } -} - -sub db_fget { - my ($question, $flag) = @_; - $question = "$debconf_owner/$question"; - my ($ret, $seen) = fget($question, $flag); - if ($ret) { - die "Error getting debconf question $question flag $flag: $seen"; - } - return $seen; -} - -sub db_input { - my ($question) = @_; - db_fset($question, "seen", "false"); - - $question = "$debconf_owner/$question"; - my ($ret, $seen) = input('high', $question); - if ($ret && $ret != 30) { - die "Error requesting debconf question $question: $seen"; - } - return $ret; -} - -sub db_go { - my ($ret, $seen) = go(); - if (!defined($ret)) { - exit(1); # Cancel button was pushed. - } - if ($ret && $ret != 30) { - die "Error asking debconf questions: $seen"; - } - return $ret; -} - -sub run_cmd { - my ($cmd) = @_; - return if system($cmd) == 0; - - if ($? == -1) { - die "$cmd: failed to execute: $!\n"; - } elsif ($? & 127) { - die sprintf("$cmd: child died with signal %d, %s coredump\n", - ($? & 127), ($? & 128) ? 'with' : 'without'); - } else { - die sprintf("$cmd: child exited with value %d\n", $? >> 8); - } -} - -sub x509_fingerprint { - my ($file) = @_; - my $cmd = "openssl x509 -noout -in $file -fingerprint"; - open(OPENSSL, '-|', $cmd) or die "$cmd: failed to execute: $!\n"; - my $line = ; - close(OPENSSL); - my ($fingerprint) = $line =~ /SHA1 Fingerprint=(.*)/; - return $line if !defined $fingerprint; - $fingerprint =~ s/://g; - return $fingerprint; -} - -sub find_netdevs { - my ($netdev, %netdevs); - open(IFCONFIG, "/sbin/ifconfig -a|") or die "ifconfig failed: $!"; - while () { - if (my ($nd) = /^([^\s]+)/) { - $netdev = $nd; - $netdevs{$netdev} = "$netdev"; - if (my ($hwaddr) = /HWaddr (\S+)/) { - $netdevs{$netdev} .= " (MAC: $hwaddr)"; - } - } elsif (my ($ip4) = /^\s*inet addr:(\S+)/) { - $netdevs{$netdev} .= " (IP: $ip4)"; - } elsif (my ($ip6) = /^\s*inet6 addr:(\S+)/) { - $netdevs{$netdev} .= " (IPv6: $ip6)"; - } - } - foreach my $nd (keys(%netdevs)) { - delete $netdevs{$nd} if $nd eq 'lo' || $nd =~ /^wmaster/; - } - close(IFCONFIG); - return %netdevs; -} - -sub load_config { - my ($file) = @_; - - # Get the list of the variables that the shell sets automatically. - my (%auto_vars) = read_vars("set -a && env"); - - # Get the variables from $default. - my (%config) = read_vars("set -a && . '$default' && env"); - - # Subtract. - delete @config{keys %auto_vars}; - - return %config; -} - -sub read_vars { - my ($cmd) = @_; - local @ENV; - if (!open(VARS, '-|', $cmd)) { - print STDERR "$cmd: failed to execute: $!\n"; - return (); - } - my (%config); - while () { - my ($var, $value) = /^([^=]+)=(.*)$/ or next; - $config{$var} = $value; - } - close(VARS); - return %config; -} - -sub shell_escape { - local $_ = $_[0]; - if ($_ eq '') { - return '""'; - } elsif (m&^[-a-zA-Z0-9:./%^_+,]*$&) { - return $_; - } else { - s/'/'\\''/; - return "'$_'"; - } -} - -sub shell_assign { - my ($var, $value) = @_; - return $var . '=' . shell_escape($value); -} - -sub save_config { - my ($file, %config) = @_; - my (@lines); - if (open(FILE, '<', $file)) { - @lines = ; - chomp @lines; - close(FILE); - } - - # Replace all existing variable assignments. - for (my ($i) = 0; $i <= $#lines; $i++) { - local $_ = $lines[$i]; - my ($var, $value) = /^\s*([^=#]+)=(.*)$/ or next; - if (exists($config{$var})) { - $lines[$i] = shell_assign($var, $config{$var}); - delete $config{$var}; - } else { - $lines[$i] = "#$lines[$i]"; - } - } - - # Find a place to put any remaining variable assignments. - VAR: - for my $var (keys(%config)) { - my $assign = shell_assign($var, $config{$var}); - - # Replace the last commented-out variable assignment to $var, if any. - for (my ($i) = $#lines; $i >= 0; $i--) { - local $_ = $lines[$i]; - if (/^\s*#\s*$var=/) { - $lines[$i] = $assign; - next VAR; - } - } - - # Find a place to add the var: after the final commented line - # just after a line that contains "$var:". - for (my ($i) = 0; $i <= $#lines; $i++) { - if ($lines[$i] =~ /^\s*#\s*$var:/) { - for (my ($j) = $i + 1; $j <= $#lines; $j++) { - if ($lines[$j] !~ /^\s*#/) { - splice(@lines, $j, 0, $assign); - next VAR; - } - } - } - } - - # Just append it. - push(@lines, $assign); - } - - open(NEWFILE, '>', "$file.tmp") or die "$file.tmp: create: $!\n"; - print NEWFILE join('', map("$_\n", @lines)); - close(NEWFILE); - rename("$file.tmp", $file) or die "$file.tmp: rename to $file: $!\n"; -} - -sub pki_host_to_uri { - my ($pki_host) = @_; - return "http://$pki_host/openflow/pki"; -} - -sub kill_ofp_discover { - # Delegate this to a subprocess because there is no portable way - # to invoke fcntl(F_GETLK) from Perl. - system("ofp-kill --force $ofp_discover_pidfile"); -} - -sub netdev_names { - return map(/^(\S+)/, split(', ', db_get('netdevs'))); -} - -sub is_valid_vconn { - my ($vconn) = @_; - return scalar($vconn =~ /^(tcp|ssl):([^:]+)(:.*)?/); -} - -sub is_ssl_vconn { - my ($vconn) = @_; - return scalar($vconn =~ /^ssl:/); -} diff --git a/debian/ofp-switch-setup.8 b/debian/ofp-switch-setup.8 deleted file mode 100644 index 50904cfb..00000000 --- a/debian/ofp-switch-setup.8 +++ /dev/null @@ -1,41 +0,0 @@ -.TH ofp-switch-setup 8 "June 2008" "OpenFlow" "OpenFlow Manual" - -.SH NAME -ofp\-switch\-setup \- interactive setup for OpenFlow switch - -.SH SYNOPSIS -.B ofp\-switch\-setup - -.SH DESCRIPTION -The \fBofp\-switch\-setup\fR program is an interactive program that -assists the system administrator in configuring an OpenFlow switch, -including the underlying public key infrastructure (PKI). - -.SH OPTIONS -ofp\-switch\-setup does not accept any command-line options. - -.SH FILES -.IP /etc/default/openflow-switch -Main configuration file for OpenFlow switch. - -.IP /etc/openflow-switch/cacert.pem -Default location of CA certificate for OpenFlow controllers. - -.IP /etc/openflow-switch/of0-cert.pem -Default location of certificate for the OpenFlow switch's private key. - -.IP /etc/openflow-switch/of0-privkey.pem -Default location of the OpenFlow switch's private key. This file -should be readable only by \fBroot\fR. - -.IP /etc/openflow-switch/of0-req.pem -Default location of certificate request for the OpenFlow switch's -certificate. This file is not used after the signed certificate -(typically \fB/etc/openflow-switch/of0-cert.pem\fR, above) has been -obtained from the OpenFlow PKI server. - -.SH "SEE ALSO" - -.BR ofp-pki (8), -.BR dpctl (8), -.BR secchan (8) diff --git a/debian/openflow-common.dirs b/debian/openflow-common.dirs deleted file mode 100644 index 527fe313..00000000 --- a/debian/openflow-common.dirs +++ /dev/null @@ -1 +0,0 @@ -var/log/openflow diff --git a/debian/openflow-common.install b/debian/openflow-common.install deleted file mode 100644 index eed7413e..00000000 --- a/debian/openflow-common.install +++ /dev/null @@ -1,3 +0,0 @@ -_debian/utilities/ofp-parse-leaks usr/bin -_debian/utilities/ofp-pki usr/sbin -_debian/utilities/vlogconf usr/sbin diff --git a/debian/openflow-common.manpages b/debian/openflow-common.manpages deleted file mode 100644 index fbb88201..00000000 --- a/debian/openflow-common.manpages +++ /dev/null @@ -1,2 +0,0 @@ -_debian/utilities/vlogconf.8 -_debian/utilities/ofp-pki.8 diff --git a/debian/openflow-controller.README.Debian b/debian/openflow-controller.README.Debian deleted file mode 100644 index 19d5cb9b..00000000 --- a/debian/openflow-controller.README.Debian +++ /dev/null @@ -1,10 +0,0 @@ -README.Debian for openflow-controller -------------------------------------- - -* To (re)configure the controller, edit /etc/default/openflow-controller - and run "/etc/init.d/openflow-controller restart". - -* To enable OpenFlow switches to automatically discover the location - of the controller, you must install and configure a DHCP server. - The secchan(8) manpage (found in the openflow-switch package) gives - a working example configuration file for the ISC DHCP server. diff --git a/debian/openflow-controller.default b/debian/openflow-controller.default deleted file mode 100644 index 647ebb04..00000000 --- a/debian/openflow-controller.default +++ /dev/null @@ -1,29 +0,0 @@ -# This is a POSIX shell fragment -*- sh -*- - -# LISTEN: What OpenFlow connection methods should the controller listen on? -# -# This is a space-delimited list of connection methods: -# -# * "pssl:[PORT]": Listen for SSL connections on the specified PORT -# (default: 6633). The private key, certificate, and CA certificate -# must be specified below. -# -# * "pctp:[PORT]": Listen for TCP connections on the specified PORT -# (default: 6633). Not recommended for security reasons. -# -LISTEN="pssl:" - -# PRIVKEY: Name of file containing controller's private key. -# Required if SSL enabled. -PRIVKEY=/etc/openflow-controller/privkey.pem - -# CERT: Name of file containing certificate for private key. -# Required if SSL enabled. -CERT=/etc/openflow-controller/cert.pem - -# CACERT: Name of file containing switch CA certificate. -# Required if SSL enabled. -CACERT=/etc/openflow-controller/cacert.pem - -# Additional options to pass to controller, e.g. "--hub" -DAEMON_OPTS="" diff --git a/debian/openflow-controller.dirs b/debian/openflow-controller.dirs deleted file mode 100644 index 0a19a9fc..00000000 --- a/debian/openflow-controller.dirs +++ /dev/null @@ -1 +0,0 @@ -etc/openflow-controller diff --git a/debian/openflow-controller.init b/debian/openflow-controller.init deleted file mode 100755 index 121fd76b..00000000 --- a/debian/openflow-controller.init +++ /dev/null @@ -1,269 +0,0 @@ -#!/bin/sh -# -# Copyright (c) 2007 Javier Fernandez-Sanguino -# -# This is free software; you may redistribute it and/or modify -# it under the terms of the GNU General Public License as -# published by the Free Software Foundation; either version 2, -# or (at your option) any later version. -# -# This is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License with -# the Debian operating system, in /usr/share/common-licenses/GPL; if -# not, write to the Free Software Foundation, Inc., 59 Temple Place, -# Suite 330, Boston, MA 02111-1307 USA -# -### BEGIN INIT INFO -# Provides: openflow-controller -# Required-Start: $network $local_fs -# Required-Stop: -# Should-Start: $named -# Should-Stop: -# Default-Start: 2 3 4 5 -# Default-Stop: 0 1 6 -# Short-Description: OpenFlow controller -### END INIT INFO - -PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin - -DAEMON=/usr/sbin/controller # Introduce the server's location here -NAME=controller # Introduce the short server's name here -DESC=controller # Introduce a short description here -LOGDIR=/var/log/openflow # Log directory to use - -PIDFILE=/var/run/$NAME.pid - -test -x $DAEMON || exit 0 - -. /lib/lsb/init-functions - -# Default options, these can be overriden by the information -# at /etc/default/$NAME -DAEMON_OPTS="" # Additional options given to the server - -DODTIME=10 # Time to wait for the server to die, in seconds - # If this value is set too low you might not - # let some servers to die gracefully and - # 'restart' will not work - -LOGFILE=$LOGDIR/$NAME.log # Server logfile -#DAEMONUSER= # User to run the daemons as. If this value - # is set start-stop-daemon will chuid the server - -# Include defaults if available -default=/etc/default/openflow-controller -if [ -f $default ] ; then - . $default -fi - -# Check that the user exists (if we set a user) -# Does the user exist? -if [ -n "$DAEMONUSER" ] ; then - if getent passwd | grep -q "^$DAEMONUSER:"; then - # Obtain the uid and gid - DAEMONUID=`getent passwd |grep "^$DAEMONUSER:" | awk -F : '{print $3}'` - DAEMONGID=`getent passwd |grep "^$DAEMONUSER:" | awk -F : '{print $4}'` - else - log_failure_msg "The user $DAEMONUSER, required to run $NAME does not exist." - exit 1 - fi -fi - - -set -e - -running_pid() { -# Check if a given process pid's cmdline matches a given name - pid=$1 - name=$2 - [ -z "$pid" ] && return 1 - [ ! -d /proc/$pid ] && return 1 - cmd=`cat /proc/$pid/cmdline | tr "\000" "\n"|head -n 1 |cut -d : -f 1` - # Is this the expected server - [ "$cmd" != "$name" ] && return 1 - return 0 -} - -running() { -# Check if the process is running looking at /proc -# (works for all users) - - # No pidfile, probably no daemon present - [ ! -f "$PIDFILE" ] && return 1 - pid=`cat $PIDFILE` - running_pid $pid $DAEMON || return 1 - return 0 -} - -start_server() { - if [ -z "$LISTEN" ]; then - echo "$default: No connection methods configured, controller disabled" >&2 - exit 0 - fi - - SSL_OPTS= - case $LISTEN in - *ssl*) - : ${PRIVKEY:=/etc/openflow-controller/privkey.pem} - : ${CERT:=/etc/openflow-controller/cert.pem} - : ${CACERT:=/etc/openflow-controller/cacert.pem} - if test ! -e "$PRIVKEY" || test ! -e "$CERT" || - test ! -e "$CACERT"; then - if test ! -e "$PRIVKEY"; then - echo "$PRIVKEY: private key missing" >&2 - fi - if test ! -e "$CERT"; then - echo "$CERT: certificate for private key missing" >&2 - fi - if test ! -e "$CACERT"; then - echo "$CACERT: CA certificate missing" >&2 - fi - exit 1 - fi - SSL_OPTS="--private-key=$PRIVKEY --certificate=$CERT --ca-cert=$CACERT" - ;; - esac - -# Start the process using the wrapper - if [ -z "$DAEMONUSER" ] ; then - start-stop-daemon --start --pidfile $PIDFILE \ - --exec $DAEMON -- --detach --pidfile=$PIDFILE \ - $LISTEN $DAEMON_OPTS $SSL_OPTS - errcode=$? - else -# if we are using a daemonuser then change the user id - start-stop-daemon --start --quiet --pidfile $PIDFILE \ - --chuid $DAEMONUSER --exec $DAEMON -- \ - --detach --pidfile=$PIDFILE $LISTEN $DAEMON_OPTS \ - $SSL_OPTS - errcode=$? - fi - return $errcode -} - -stop_server() { -# Stop the process using the wrapper - if [ -z "$DAEMONUSER" ] ; then - start-stop-daemon --stop --quiet --pidfile $PIDFILE \ - --exec $DAEMON - errcode=$? - else -# if we are using a daemonuser then look for process that match - start-stop-daemon --stop --quiet --pidfile $PIDFILE \ - --user $DAEMONUSER --exec $DAEMON - errcode=$? - fi - - return $errcode -} - -reload_server() { - [ ! -f "$PIDFILE" ] && return 1 - pid=`cat $PIDFILE` # This is the daemon's pid - # Send a SIGHUP - kill -1 $pid - return $? -} - -force_stop() { -# Force the process to die killing it manually - [ ! -e "$PIDFILE" ] && return - if running ; then - kill -15 $pid - # Is it really dead? - sleep "$DIETIME"s - if running ; then - kill -9 $pid - sleep "$DIETIME"s - if running ; then - echo "Cannot kill $NAME (pid=$pid)!" - exit 1 - fi - fi - fi - rm -f $PIDFILE -} - - -case "$1" in - start) - log_daemon_msg "Starting $DESC " "$NAME" - # Check if it's running first - if running ; then - log_progress_msg "apparently already running" - log_end_msg 0 - exit 0 - fi - if start_server && running ; then - # It's ok, the server started and is running - log_end_msg 0 - else - # Either we could not start it or it is not running - # after we did - # NOTE: Some servers might die some time after they start, - # this code does not try to detect this and might give - # a false positive (use 'status' for that) - log_end_msg 1 - fi - ;; - stop) - log_daemon_msg "Stopping $DESC" "$NAME" - if running ; then - # Only stop the server if we see it running - stop_server - log_end_msg $? - else - # If it's not running don't do anything - log_progress_msg "apparently not running" - log_end_msg 0 - exit 0 - fi - ;; - force-stop) - # First try to stop gracefully the program - $0 stop - if running; then - # If it's still running try to kill it more forcefully - log_daemon_msg "Stopping (force) $DESC" "$NAME" - force_stop - log_end_msg $? - fi - ;; - restart|force-reload) - log_daemon_msg "Restarting $DESC" "$NAME" - stop_server - # Wait some sensible amount, some server need this - [ -n "$DIETIME" ] && sleep $DIETIME - start_server - running - log_end_msg $? - ;; - status) - - log_daemon_msg "Checking status of $DESC" "$NAME" - if running ; then - log_progress_msg "running" - log_end_msg 0 - else - log_progress_msg "apparently not running" - log_end_msg 1 - exit 1 - fi - ;; - # Use this if the daemon cannot reload - reload) - log_warning_msg "Reloading $NAME daemon: not implemented, as the daemon" - log_warning_msg "cannot re-read the config file (use restart)." - ;; - *) - N=/etc/init.d/$NAME - echo "Usage: $N {start|stop|force-stop|restart|force-reload|status}" >&2 - exit 1 - ;; -esac - -exit 0 diff --git a/debian/openflow-controller.install b/debian/openflow-controller.install deleted file mode 100644 index 3932ab6a..00000000 --- a/debian/openflow-controller.install +++ /dev/null @@ -1 +0,0 @@ -_debian/controller/controller usr/sbin diff --git a/debian/openflow-controller.manpages b/debian/openflow-controller.manpages deleted file mode 100644 index 3fbaaeaf..00000000 --- a/debian/openflow-controller.manpages +++ /dev/null @@ -1 +0,0 @@ -_debian/controller/controller.8 diff --git a/debian/openflow-controller.postinst b/debian/openflow-controller.postinst deleted file mode 100755 index 93e39116..00000000 --- a/debian/openflow-controller.postinst +++ /dev/null @@ -1,52 +0,0 @@ -#!/bin/sh -# postinst script for openflow-controller -# -# see: dh_installdeb(1) - -set -e - -# summary of how this script can be called: -# * `configure' -# * `abort-upgrade' -# * `abort-remove' `in-favour' -# -# * `abort-remove' -# * `abort-deconfigure' `in-favour' -# `removing' -# -# for details, see http://www.debian.org/doc/debian-policy/ or -# the debian-policy package - - -case "$1" in - configure) - cd /etc/openflow-controller - if ! test -e cacert.pem; then - ln -s /usr/share/openflow/pki/switchca/cacert.pem cacert.pem - fi - if ! test -e privkey.pem || ! test -e cert.pem; then - oldumask=$(umask) - umask 077 - ofp-pki req+sign tmp controller >/dev/null - mv tmp-privkey.pem privkey.pem - mv tmp-cert.pem cert.pem - mv tmp-req.pem req.pem - chmod go+r cert.pem req.pem - umask $oldumask - fi - ;; - - abort-upgrade|abort-remove|abort-deconfigure) - ;; - - *) - echo "postinst called with unknown argument \`$1'" >&2 - exit 1 - ;; -esac - -#DEBHELPER# - -exit 0 - - diff --git a/debian/openflow-datapath-module-_KVERS_.postinst.modules.in b/debian/openflow-datapath-module-_KVERS_.postinst.modules.in deleted file mode 100755 index 6974e13a..00000000 --- a/debian/openflow-datapath-module-_KVERS_.postinst.modules.in +++ /dev/null @@ -1,25 +0,0 @@ -#!/bin/sh -# postinst script for #PACKAGE# -# -# see: dh_installdeb(1) - -set -e - -depmod -a - -#DEBHELPER# - -# If the switch is running, restart it. This ensures that we are using the -# latest kernel module, because the init script will unload and reload the -# module. -# -# (Ideally we'd only want to do this if this package corresponds to the -# running kernel, but I don't know a reliable way to check.) -INIT=/etc/init.d/openflow-switch -if test -x $INIT && $INIT status; then - $INIT restart || true -fi - -exit 0 - - diff --git a/debian/openflow-datapath-source.README.Debian b/debian/openflow-datapath-source.README.Debian deleted file mode 100644 index 59965df9..00000000 --- a/debian/openflow-datapath-source.README.Debian +++ /dev/null @@ -1,31 +0,0 @@ -OpenFlow for Debian -------------------- - -* How do I build this module the Debian way? - - - Building with module-assistant: - - $ module-assistant auto-install openflow - or - $ m-a a-i openflow - - If kernel source or headers are in a non-standard directory, add - the option -k /path/to/kernel/source with the correct path. - - - Building with make-kpkg - - $ cd /usr/src/ - $ tar jxvf openflow.tar.bz2 - $ cd /usr/src/kernel-source-2.6.9 - $ make-kpkg --added-modules=openflow modules - - - Building without make-kpkg - - $ cd /usr/src/ - $ tar jxvf openflow.tar.bz2 - $ cd modules/openflow - $ fakeroot debian/rules kdist_image - - If you run this as root, fakeroot is not needed. - - -- OpenFlow Team , Thu, 12 Jun 2008 16:42:38 -0700 diff --git a/debian/openflow-datapath-source.copyright b/debian/openflow-datapath-source.copyright deleted file mode 100644 index f7bcdda3..00000000 --- a/debian/openflow-datapath-source.copyright +++ /dev/null @@ -1,16 +0,0 @@ -Upstream Authors: - - The Board of Trustees of The Leland Stanford Junior University - -Copyright: - - Copyright (C) 2008 The Board of Trustees of The Leland Stanford - Junior University - -License: - - Files in the datapath/ and its sub-directories are covered under the GNU - General Public License Version 2. - - On Debian systems, the complete text of the GNU General - Public License can be found in `/usr/share/common-licenses/GPL'. diff --git a/debian/openflow-datapath-source.dirs b/debian/openflow-datapath-source.dirs deleted file mode 100644 index 4ddf234a..00000000 --- a/debian/openflow-datapath-source.dirs +++ /dev/null @@ -1 +0,0 @@ -usr/src/modules/openflow-datapath/debian diff --git a/debian/openflow-datapath-source.install b/debian/openflow-datapath-source.install deleted file mode 100644 index a74f13dc..00000000 --- a/debian/openflow-datapath-source.install +++ /dev/null @@ -1,6 +0,0 @@ -debian/changelog usr/src/modules/openflow-datapath/debian -debian/control usr/src/modules/openflow-datapath/debian -debian/compat usr/src/modules/openflow-datapath/debian -debian/*.modules.in usr/src/modules/openflow-datapath/debian -debian/rules usr/src/modules/openflow-datapath/debian -_debian/openflow.tar.gz usr/src/modules/openflow-datapath diff --git a/debian/openflow-pki-server.apache2 b/debian/openflow-pki-server.apache2 deleted file mode 100644 index a341c508..00000000 --- a/debian/openflow-pki-server.apache2 +++ /dev/null @@ -1 +0,0 @@ -Alias /openflow/pki/ /usr/share/openflow/pki/ diff --git a/debian/openflow-pki-server.dirs b/debian/openflow-pki-server.dirs deleted file mode 100644 index 7307777b..00000000 --- a/debian/openflow-pki-server.dirs +++ /dev/null @@ -1 +0,0 @@ -etc/apache2/sites-available diff --git a/debian/openflow-pki-server.install b/debian/openflow-pki-server.install deleted file mode 100644 index cd530ca4..00000000 --- a/debian/openflow-pki-server.install +++ /dev/null @@ -1 +0,0 @@ -_debian/utilities/ofp-pki-cgi usr/lib/cgi-bin diff --git a/debian/openflow-pki-server.postinst b/debian/openflow-pki-server.postinst deleted file mode 100755 index d161a98a..00000000 --- a/debian/openflow-pki-server.postinst +++ /dev/null @@ -1,44 +0,0 @@ -#!/bin/sh -# postinst script for openflow -# -# see: dh_installdeb(1) - -set -e - -# summary of how this script can be called: -# * `configure' -# * `abort-upgrade' -# * `abort-remove' `in-favour' -# -# * `abort-remove' -# * `abort-deconfigure' `in-favour' -# `removing' -# -# for details, see http://www.debian.org/doc/debian-policy/ or -# the debian-policy package - -case "$1" in - configure) - # Enable site under Apache. - a2ensite openflow-pki >/dev/null - if command -v invoke-rc.d >/dev/null 2>&1; then - invoke-rc.d apache2 force-reload || : - else - [ -x /etc/init.d/apache2 ] && /etc/init.d/apache2 force-reload || : - fi - ;; - - abort-upgrade|abort-remove|abort-deconfigure) - ;; - - *) - echo "postinst called with unknown argument \`$1'" >&2 - exit 1 - ;; -esac - -#DEBHELPER# - -exit 0 - - diff --git a/debian/openflow-pki.postinst b/debian/openflow-pki.postinst deleted file mode 100755 index 5cf6515d..00000000 --- a/debian/openflow-pki.postinst +++ /dev/null @@ -1,41 +0,0 @@ -#!/bin/sh -# postinst script for openflow -# -# see: dh_installdeb(1) - -set -e - -# summary of how this script can be called: -# * `configure' -# * `abort-upgrade' -# * `abort-remove' `in-favour' -# -# * `abort-remove' -# * `abort-deconfigure' `in-favour' -# `removing' -# -# for details, see http://www.debian.org/doc/debian-policy/ or -# the debian-policy package - -case "$1" in - configure) - # Create certificate authorities. - if test ! -d /usr/share/openflow/pki; then - ofp-pki init - fi - ;; - - abort-upgrade|abort-remove|abort-deconfigure) - ;; - - *) - echo "postinst called with unknown argument \`$1'" >&2 - exit 1 - ;; -esac - -#DEBHELPER# - -exit 0 - - diff --git a/debian/openflow-switch-config.dirs b/debian/openflow-switch-config.dirs deleted file mode 100644 index 881ded8a..00000000 --- a/debian/openflow-switch-config.dirs +++ /dev/null @@ -1 +0,0 @@ -/usr/share/lintian/overrides diff --git a/debian/openflow-switch-config.install b/debian/openflow-switch-config.install deleted file mode 100644 index 75c50083..00000000 --- a/debian/openflow-switch-config.install +++ /dev/null @@ -1 +0,0 @@ -debian/ofp-switch-setup usr/sbin diff --git a/debian/openflow-switch-config.manpages b/debian/openflow-switch-config.manpages deleted file mode 100644 index e176dad9..00000000 --- a/debian/openflow-switch-config.manpages +++ /dev/null @@ -1 +0,0 @@ -debian/ofp-switch-setup.8 diff --git a/debian/openflow-switch-config.overrides b/debian/openflow-switch-config.overrides deleted file mode 100644 index 4ac77aba..00000000 --- a/debian/openflow-switch-config.overrides +++ /dev/null @@ -1 +0,0 @@ -debconf-is-not-a-registry diff --git a/debian/openflow-switch-config.templates b/debian/openflow-switch-config.templates deleted file mode 100644 index 78761097..00000000 --- a/debian/openflow-switch-config.templates +++ /dev/null @@ -1,228 +0,0 @@ -Template: openflow-switch/netdevs -Type: multiselect -_Choices: ${choices} -_Description: OpenFlow switch network devices: - Choose the network devices that should become part of the OpenFlow - switch. At least two devices must be selected for this machine to be - a useful switch. Unselecting all network devices will disable the - OpenFlow switch entirely. - . - The network devices that you select should not be configured with IP - or IPv6 addresses, even if the switch contacts the controller over - one of the selected network devices. This is because a running - OpenFlow switch takes over network devices at a low level: they - become part of the switch and cannot be used for other purposes. - -Template: openflow-switch/no-netdevs -Type: error -_Description: No network devices were selected. - No network devices were selected for inclusion in the OpenFlow switch. - The switch will be disabled. - -Template: openflow-switch/configured-netdevs -Type: note -_Description: Some Network Devices Have IP or IPv6 Addresses - The following network devices selected to be part of the OpenFlow switch - have IP or IPv6 addresses configured: - . - ${configured-netdevs} - . - This is usually a mistake, even if the switch contacts the controller over - one of the selected network devices. This is because a running - OpenFlow switch takes over network devices at a low level: they - become part of the switch and cannot be used for other purposes. - . - If this is an unintentional mistake, move back and fix the selection, - or de-configure the IP or IPv6 from these network devices. - -Template: openflow-switch/mode -Type: select -_Choices: discovery, in-band, out-of-band -Default: discovery -_Description: Switch-to-controller access method: - The OpenFlow switch must be able to contact the OpenFlow controller over - the network. It can do so in one of three ways: - . - discovery: A single network is used for OpenFlow traffic and other - data traffic; that is, the switch contacts the controller over one of - the network devices selected as OpenFlow switch network devices in - the previous question. The switch automatically determines the - location of the controller using a DHCP request with an - OpenFlow-specific vendor option. This is the most common case. - . - in-band: As above, but the location of the controller is manually - configured. - . - out-of-band: OpenFlow traffic uses a network separate from the data traffic - that it controls. If this is the case, the control network must already - be configured on a network device other than one of those selected as - an OpenFlow switch netdev in the previous question. - -Template: openflow-switch/discover -Type: note -_Description: Preparing to discover controller. - The setup program will now attempt to discover the OpenFlow controller. - Controller discovery may take up to 30 seconds. Please be patient. - . - See secchan(8) for instructions on how to configure a DHCP server for - controller discovery. - -Template: openflow-switch/discovery-failure -Type: error -_Description: Controller discovery failed. - The controller's location could not be determined automatically. - . - Ensure that the OpenFlow DHCP server is properly configured. See - secchan(8) for instructions on how to configure a DHCP server for - controller discovery. - -Template: openflow-switch/discovery-success -Type: boolean -Default: true -_Description: Use discovered settings? - Controller discovery obtained the following settings: - . - Controller location: ${controller-vconn} - . - PKI URL: ${pki-uri} - . - Please verify that these settings are correct. - -Template: openflow-switch/switch-ip -Type: string -Default: dhcp -_Description: Switch IP address: - For in-band communication with the controller, the OpenFlow switch must - be able to determine its own IP address. Its IP address may be configured - statically or dynamically. - . - For static configuration, specify the switch's IP address as a string. - . - For dynamic configuration with DHCP (the most common case), specify "dhcp". - Configuration with DHCP will only work reliably if the network topology - allows the switch to contact the DHCP server before it connects to the - OpenFlow controller. - -Template: openflow-switch/switch-ip-error -Type: error -_Description: The switch IP address is invalid. - The switch IP address must specified as "dhcp" or a valid IP address in - dotted-octet form (e.g. "1.2.3.4"). - -Template: openflow-switch/controller-vconn -Type: string -_Description: Controller location: - Specify how the OpenFlow switch should connect to the OpenFlow controller. - The value should be in form "ssl:HOST[:PORT]" to connect to the controller - over SSL (recommended for security) or "tcp:HOST[:PORT]" to connect over - cleartext TCP. - -Template: openflow-switch/controller-vconn-error -Type: error -_Description: The controller location is invalid. - The controller location must be specifed as "ssl:HOST[:PORT]" to - connect to the controller over SSL (recommended for security) or - "tcp:HOST[:PORT]" to connect over cleartext TCP. - -Template: openflow-switch/pki-uri -Type: string -_Description: OpenFlow PKI server host name or URL: - Specify a URL to the OpenFlow public key infrastructure (PKI). If a - host name or IP address is specified in place of a URL, then - http:///openflow/pki/ will be used, - where is the specified host name or IP address. - . - The OpenFlow PKI is usually on the same machine as the OpenFlow - controller. - . - The setup process will connect to the OpenFlow PKI server over - HTTP, using the system's configured default HTTP proxy (if any). - -Template: openflow-switch/fetch-cacert-failed -Type: error -_Description: The switch CA certificate could not be retrieved. - Retrieval of ${url} failed, with the following status: "${error}". - . - Ensure that the OpenFlow PKI server is correctly configured and - available at ${pki-uri}. If the system is configured to use an HTTP - proxy, also make sure that the HTTP proxy is available and that the - PKI server can be reached through it. - -Template: openflow-switch/verify-controller-ca -Type: select -_Choices: yes, no -Default: yes -_Description: Is ${fingerprint} the controller CA's fingerprint? - If a man-in-the-middle attack is possible in your network - environment, check that the controller CA's fingerprint is really - ${fingerprint}. Answer "yes" if it matches, "no" if - there is a discrepancy. - . - If a man-in-the-middle attack is not a concern, there is no need to - verify the fingerprint. Simply answer "yes". - -Template: openflow-switch/send-cert-req -Type: select -_Choices: yes, no -Default: yes -_Description: Send certificate request to switch CA? - Before it can connect to the controller over SSL, the OpenFlow - switch's key must be signed by the switch certificate authority (CA) - located on the OpenFlow PKI server, which is usually collocated with - the OpenFlow controller. A signing request can be sent to the PKI - server now. - . - Answer "yes" to send a signing request to the switch CA now. This is - ordinarily the correct choice. There is no harm in sending a given - signing request more than once. - . - Answer "no" to skip sending a signing request to the switch CA. - Unless the request has already been sent to the switch CA, manual - sending of the request and signing will be necessary. - -Template: openflow-switch/send-cert-req-failed -Type: error -_Description: The certificate request could not be sent. - Posting to ${url} failed, with the following status: "${error}". - . - Ensure that the OpenFlow PKI server is correctly configured and - available at ${pki-uri}. - -Template: openflow-switch/fetch-switch-cert -Type: select -_Choices: yes, no -_Description: Fetch signed switch certificate from PKI server? - Before it can connect to the controller over SSL, the OpenFlow - switch's key must be signed by the switch certificate authority (CA) - located on the OpenFlow PKI server, which is usually collocated with - the OpenFlow controller. - . - At this point, a signing request has been sent to the switch CA (or - sending a request has been manually skipped), but the signed - certificate has not yet been retrieved. Manual action may need to be - taken at the PKI server to approve the signing request. - . - Answer "yes" to attempt to retrieve the signed switch certificate - from the switch CA. If the switch certificate request has been - signed at the PKI server, this is the correct choice. - . - Answer "no" to postpone switch configuration. The configuration - process must be restarted later, when the switch certificate request - has been signed. - -Template: openflow-switch/fetch-switch-cert-failed -Type: error -_Description: Signed switch certificate could not be retrieved. - The signed switch certificate could not be retrieved from the switch - CA: retrieval of ${url} failed, with the following status: "${error}". - . - This probably indicates that the switch's certificate request has not - yet been signed. If this is the problem, it may be fixed by signing - the certificate request at ${pki-uri}, then trying to fetch the - signed switch certificate again. - -Template: openflow-switch/complete -Type: note -_Description: OpenFlow Switch Setup Finished - Setup of this OpenFlow switch is finished. Complete the setup procedure - to enable the switch. diff --git a/debian/openflow-switch.README.Debian b/debian/openflow-switch.README.Debian deleted file mode 100644 index d9a931c1..00000000 --- a/debian/openflow-switch.README.Debian +++ /dev/null @@ -1,18 +0,0 @@ -README.Debian for openflow-switch ---------------------------------- - -* The switch must be configured before it can be used. To configure - it interactively, install the openflow-switch-config package and run - the ofp-switch-setup program. Alternatively, edit - /etc/default/openflow-switch by hand, then start the switch manually - with "/etc/init.d/openflow-switch start". - -* To use the Linux kernel-based switch implementation, you will need - to build and install the OpenFlow kernel module. To do so, install - the openflow-datapath-source package, then follow the instructions - given in /usr/share/doc/openflow-datapath-source/README.Debian - -* This package does not yet support the userspace datapath-based - switch implementation. - - -- Ben Pfaff , Tue, 6 Jan 2009 13:52:33 -0800 diff --git a/debian/openflow-switch.dirs b/debian/openflow-switch.dirs deleted file mode 100644 index a53002ff..00000000 --- a/debian/openflow-switch.dirs +++ /dev/null @@ -1,2 +0,0 @@ -/etc/openflow-switch -/usr/share/openflow/switch diff --git a/debian/openflow-switch.init b/debian/openflow-switch.init deleted file mode 100755 index 72f4bdf5..00000000 --- a/debian/openflow-switch.init +++ /dev/null @@ -1,428 +0,0 @@ -#! /bin/sh -# -# /etc/init.d/openflow-switch -# -# Written by Miquel van Smoorenburg . -# Modified for Debian by Ian Murdock . -# Further changes by Javier Fernandez-Sanguino -# Modified for openflow-switch. -# -# Version: @(#)skeleton 1.9 26-Feb-2001 miquels@cistron.nl -# -### BEGIN INIT INFO -# Provides: openflow-switch -# Required-Start: $network $named $remote_fs $syslog -# Required-Stop: -# Default-Start: 2 3 4 5 -# Default-Stop: 0 1 6 -# Short-Description: OpenFlow switch -### END INIT INFO - -PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin -DAEMON=/usr/sbin/secchan -NAME=secchan -DESC=secchan - -test -x $DAEMON || exit 0 - -NICIRA_OUI="002320" - -LOGDIR=/var/log/openflow -PIDFILE=/var/run/$NAME.pid -DHCLIENT_PIDFILE=/var/run/dhclient.of0.pid -DODTIME=1 # Time to wait for the server to die, in seconds - # If this value is set too low you might not - # let some servers to die gracefully and - # 'restart' will not work - -# Include secchan defaults if available -unset NETDEVS -unset MODE -unset SWITCH_IP -unset CONTROLLER -unset PRIVKEY -unset CERT -unset CACERT -unset CACERT_MODE -unset MGMT_VCONNS -unset COMMANDS -unset DAEMON_OPTS -unset CORE_LIMIT -unset DATAPATH_ID -default=/etc/default/openflow-switch -if [ -f $default ] ; then - . $default -fi - -set -e - -running_pid() -{ - # Check if a given process pid's cmdline matches a given name - pid=$1 - name=$2 - [ -z "$pid" ] && return 1 - [ ! -d /proc/$pid ] && return 1 - cmd=`cat /proc/$pid/cmdline | tr "\000" "\n"|head -n 1 |cut -d : -f 1` - # Is this the expected child? - case $cmd in - $name|*/$name) - return 0 - ;; - *) - return 1 - ;; - esac -} - -running() -{ -# Check if the process is running looking at /proc -# (works for all users) - - # No pidfile, probably no daemon present - [ ! -f "$PIDFILE" ] && return 1 - # Obtain the pid and check it against the binary name - pid=`cat $PIDFILE` - running_pid $pid $NAME || return 1 - return 0 -} - -force_stop() { -# Forcefully kill the process - [ ! -f "$PIDFILE" ] && return - if running ; then - kill -15 $pid - # Is it really dead? - [ -n "$DODTIME" ] && sleep "$DODTIME"s - if running ; then - kill -9 $pid - [ -n "$DODTIME" ] && sleep "$DODTIME"s - if running ; then - echo "Cannot kill $NAME (pid=$pid)!" - exit 1 - fi - fi - fi - rm -f $PIDFILE - return 0 -} - -must_succeed() { - echo -n "$1: " - shift - if "$@"; then - echo "success." - else - echo " ERROR." - exit 1 - fi -} - -check_op() { - echo -n "$1: " - shift - if "$@"; then - echo "success." - else - echo " ERROR." - fi -} - -configure_ssl() { - if (test "$CACERT_MODE" != secure && test "$CACERT_MODE" != bootstrap) \ - || test ! -e "$PRIVKEY" || test ! -e "$CERT" \ - || (test ! -e "$CACERT" && test "$CACERT_MODE" != bootstrap); then - if test "$CACERT_MODE" != secure && test "$CACERT_MODE" != bootstrap - then - echo "CACERT_MODE is not set to 'secure' or 'bootstrap'" - fi - if test ! -e "$PRIVKEY"; then - echo "$PRIVKEY: private key missing" >&2 - fi - if test ! -e "$CERT"; then - echo "$CERT: certificate for private key missing" >&2 - fi - if test ! -e "$CACERT" && test "$CACERT_MODE" != bootstrap; then - echo "$CACERT: CA certificate missing (and CA certificate bootstrapping not enabled)" >&2 - fi - echo "Run ofp-switch-setup (in the openflow-switch-config package) or edit /etc/default/openflow-switch to configure" >&2 - if test "$MODE" = discovery; then - echo "You may also delete or rename $PRIVKEY to disable SSL requirement" >&2 - fi - exit 1 - fi - - SSL_OPTS="--private-key=$PRIVKEY --certificate=$CERT" - if test ! -e "$CACERT" && test "$CACERT_MODE" = bootstrap; then - SSL_OPTS="$SSL_OPTS --bootstrap-ca-cert=$CACERT" - else - SSL_OPTS="$SSL_OPTS --ca-cert=$CACERT" - fi -} - -check_int_var() { - eval value=\$$1 - if test -n "$value"; then - if expr "X$value" : 'X[0-9][0-9]*$' > /dev/null 2>&1; then - if test $value -lt $2; then - echo "warning: The $1 option may not be set to a value below $2, treating as $2" >&2 - eval $1=$2 - fi - else - echo "warning: The $1 option must be set to a number, ignoring" >&2 - unset $1 - fi - fi -} - -check_new_option() { - case $DAEMON_OPTS in - *$1*) - echo "warning: The $1 option in DAEMON_OPTS may now be set with the $2 variable in $default. The setting in DAEMON_OPTS will override the $2 variable, which will prevent the switch UI from configuring $1." >&2 - ;; - esac -} - -case "$1" in - start) - if test -z "$NETDEVS"; then - echo "$default: No network devices configured, switch disabled" >&2 - echo "Run ofp-switch-setup (in the openflow-switch-config package) or edit /etc/default/openflow-switch to configure" >&2 - exit 0 - fi - if test "$MODE" = discovery; then - unset CONTROLLER - elif test "$MODE" = in-band || test "$MODE" = out-of-band; then - if test -z "$CONTROLLER"; then - echo "$default: No controller configured and not configured for discovery, switch disabled" >&2 - echo "Run ofp-switch-setup (in the openflow-switch-config package) or edit /etc/default/openflow-switch to configure" >&2 - exit 0 - fi - else - echo "$default: MODE must set to 'discovery', 'in-band', or 'out-of-band'" >&2 - echo "Run ofp-switch-setup (in the openflow-switch-config package) or edit /etc/default/openflow-switch to configure" >&2 - exit 1 - fi - : ${PRIVKEY:=/etc/openflow-switch/of0-privkey.pem} - : ${CERT:=/etc/openflow-switch/of0-cert.pem} - : ${CACERT:=/etc/openflow-switch/cacert.pem} - case $CONTROLLER in - '') - # Discovery mode. - if test -e "$PRIVKEY"; then - configure_ssl - fi - ;; - tcp:*) - ;; - ssl:*) - configure_ssl - ;; - *) - echo "$default: CONTROLLER must be in the form 'ssl:HOST[:PORT]' or 'tcp:HOST[:PORT]' when not in discovery mode" >&2 - echo "Run ofp-switch-setup (in the openflow-switch-config package) or edit /etc/default/openflow-switch to configure" >&2 - exit 1 - esac - case $DISCONNECTED_MODE in - ''|switch|drop) ;; - *) echo "$default: warning: DISCONNECTED_MODE is not 'switch' or 'drop'" >&2 ;; - esac - - check_int_var RATE_LIMIT 100 - check_int_var INACTIVITY_PROBE 5 - check_int_var MAX_BACKOFF 1 - - check_new_option --fail DISCONNECTED_MODE - check_new_option --stp STP - check_new_option --rate-limit RATE_LIMIT - check_new_option --inactivity INACTIVITY_PROBE - check_new_option --max-backoff MAX_BACKOFF - case $DAEMON_OPTS in - *--rate-limit*) - echo "$default: --rate-limit may now be set with RATE_LIMIT" >&2 - esac - - echo -n "Loading openflow_mod: " - if grep -q '^openflow_mod$' /proc/modules; then - echo "already loaded, nothing to do." - elif modprobe openflow_mod; then - echo "success." - else - echo "ERROR." - echo "openflow_mod has probably not been built for this kernel." - if ! test -d /usr/share/doc/openflow-datapath-source; then - echo "Install the openflow-datapath-source package, then read" - echo "/usr/share/doc/openflow-datapath-source/README.Debian" - else - echo "For instructions, read" - echo "/usr/share/doc/openflow-datapath-source/README.Debian" - fi - exit 1 - fi - - for netdev in $NETDEVS; do - check_op "Removing IP address from $netdev" ifconfig $netdev 0.0.0.0 - done - - must_succeed "Creating datapath" dpctl adddp of0 $NETDEVS - - xx='[0-9abcdefABCDEF][0-9abcdefABCDEF]' - case $DATAPATH_ID in - '') - # Check if the DMI System UUID contains a Nicira mac address - # that should be used for this datapath. The UUID is assumed - # to be RFC 4122 compliant. - DMIDECODE=`which dmidecode` - if [ -n $DMIDECODE ]; then - UUID_MAC=`$DMIDECODE -s system-uuid | cut -d'-' -f 5` - case $UUID_MAC in - $NICIRA_OUI*) - ifconfig of0 down - must_succeed "Setting of0 MAC address to $UUID_MAC" ifconfig of0 hw ether $UUID_MAC - ifconfig of0 up - ;; - esac - fi - ;; - $xx:$xx:$xx:$xx:$xx:$xx) - ifconfig of0 down - must_succeed "Setting of0 MAC address to $DATAPATH_ID" ifconfig of0 hw ether $DATAPATH_ID - ifconfig of0 up - ;; - *) - echo "DATAPATH_ID is not a valid MAC address in the form XX:XX:XX:XX:XX:XX, ignoring" >&2 - ;; - esac - - if test "$MODE" = in-band; then - if test "$SWITCH_IP" = dhcp; then - must_succeed "Temporarily disabling of0" ifconfig of0 down - else - COMMAND="ifconfig of0 $SWITCH_IP" - if test -n "$SWITCH_NETMASK"; then - COMMAND="$COMMAND netmask $SWITCH_NETMASK" - fi - must_succeed "Configuring of0: $COMMAND" $COMMAND - if test -n "$SWITCH_GATEWAY"; then - # This can fail because the route already exists, - # so we don't insist that it succeed. - COMMAND="route add default gw $SWITCH_GATEWAY" - check_op "Adding default route: $COMMAND" $COMMAND - fi - fi - else - must_succeed "Disabling of0" ifconfig of0 down - fi - - if test -n "$CORE_LIMIT"; then - check_op "Setting core limit to $CORE_LIMIT" ulimit -c "$CORE_LIMIT" - fi - - # Compose secchan options. - set -- - set -- "$@" --verbose=ANY:console:emer --verbose=ANY:syslog:err - set -- "$@" --log-file - set -- "$@" --detach --pidfile=$PIDFILE - for vconn in $MGMT_VCONNS; do - set -- "$@" --listen="$vconn" - done - if test -n "$COMMANDS"; then - set -- "$@" --command-acl="$COMMANDS" - fi - case $STP in - yes) set -- "$@" --stp ;; - no) set -- "$@" --no-stp ;; - esac - case $DISCONNECTED_MODE in - switch) set -- "$@" --fail=open ;; - drop) set -- "$@" --fail=closed ;; - esac - if test -n "$RATE_LIMIT"; then - set -- "$@" --rate-limit=$RATE_LIMIT - fi - if test -n "$INACTIVITY_PROBE"; then - set -- "$@" --inactivity-probe=$INACTIVITY_PROBE - fi - if test -n "$MAX_BACKOFF"; then - set -- "$@" --max-backoff=$MAX_BACKOFF - fi - set -- "$@" $SSL_OPTS $DAEMON_OPTS - if test "$MODE" = out-of-band; then - set -- "$@" --out-of-band - fi - set -- "$@" of0 "$CONTROLLER" - echo -n "Starting $DESC: " - start-stop-daemon --start --quiet --pidfile $PIDFILE \ - --exec $DAEMON -- "$@" - if running; then - echo "$NAME." - else - echo " ERROR." - fi - - if test "$MODE" = in-band && test "$SWITCH_IP" = dhcp; then - echo -n "Starting dhclient on of0: " - start-stop-daemon --start --quiet --pidfile $DHCLIENT_PIDFILE \ - --exec /sbin/dhclient -- -q -pf $DHCLIENT_PIDFILE of0 - if running; then - echo "dhclient." - else - echo " ERROR." - fi - fi - ;; - stop) - if test -e /var/run/dhclient.of0.pid; then - echo -n "Stopping dhclient on of0: " - start-stop-daemon --stop --quiet --oknodo \ - --pidfile $DHCLIENT_PIDFILE --exec /sbin/dhclient - echo "dhclient." - fi - - echo -n "Stopping $DESC: " - start-stop-daemon --stop --quiet --oknodo --pidfile $PIDFILE \ - --exec $DAEMON - echo "$NAME." - - check_op "Deleting datapath" dpctl deldp of0 - check_op "Unloading kernel module" modprobe -r openflow_mod - ;; - force-stop) - echo -n "Forcefully stopping $DESC: " - force_stop - if ! running; then - echo "$NAME." - else - echo " ERROR." - fi - ;; - reload) - ;; - force-reload) - start-stop-daemon --stop --test --quiet --pidfile \ - $PIDFILE --exec $DAEMON \ - && $0 restart \ - || exit 0 - ;; - restart) - $0 stop || true - $0 start - ;; - status) - echo -n "$NAME is " - if running ; then - echo "running" - else - echo " not running." - exit 1 - fi - ;; - *) - N=/etc/init.d/$NAME - echo "Usage: $N {start|stop|restart|force-reload|status|force-stop}" >&2 - exit 1 - ;; -esac - -exit 0 diff --git a/debian/openflow-switch.install b/debian/openflow-switch.install deleted file mode 100644 index e3254fc8..00000000 --- a/debian/openflow-switch.install +++ /dev/null @@ -1,6 +0,0 @@ -_debian/secchan/secchan usr/sbin -_debian/utilities/dpctl usr/sbin -_debian/utilities/ofp-discover usr/sbin -_debian/utilities/ofp-kill usr/sbin -debian/openflow/usr/share/openflow/commands/* usr/share/openflow/commands -debian/commands/* usr/share/openflow/commands diff --git a/debian/openflow-switch.logrotate b/debian/openflow-switch.logrotate deleted file mode 100644 index b2136907..00000000 --- a/debian/openflow-switch.logrotate +++ /dev/null @@ -1,11 +0,0 @@ -/var/log/openflow/secchan.log { - daily - compress - create 640 root adm - delaycompress - missingok - rotate 30 - postrotate - vlogconf --target /var/run/secchan.pid --reopen - endscript -} diff --git a/debian/openflow-switch.manpages b/debian/openflow-switch.manpages deleted file mode 100644 index 51bcc1d6..00000000 --- a/debian/openflow-switch.manpages +++ /dev/null @@ -1,4 +0,0 @@ -_debian/secchan/secchan.8 -_debian/utilities/ofp-discover.8 -_debian/utilities/ofp-kill.8 -_debian/utilities/dpctl.8 diff --git a/debian/openflow-switch.postinst b/debian/openflow-switch.postinst deleted file mode 100755 index 4f96db3a..00000000 --- a/debian/openflow-switch.postinst +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/sh -# postinst script for openflow-switch -# -# see: dh_installdeb(1) - -set -e - -# summary of how this script can be called: -# * `configure' -# * `abort-upgrade' -# * `abort-remove' `in-favour' -# -# * `abort-remove' -# * `abort-deconfigure' `in-favour' -# `removing' -# -# for details, see http://www.debian.org/doc/debian-policy/ or -# the debian-policy package - - -case "$1" in - configure) - DEFAULT=/etc/default/openflow-switch - TEMPLATE=/usr/share/openflow/switch/default.template - if ! test -e $DEFAULT; then - cp $TEMPLATE $DEFAULT - else - for var in $(awk -F'[ :]' '/^# [_A-Z0-9]+:/{print $2}' $TEMPLATE) - do - if ! grep $var $DEFAULT >/dev/null 2>&1; then - echo >> $DEFAULT - sed -n "/$var:/,/$var=/p" $TEMPLATE >> $DEFAULT - fi - done - fi - ;; - - abort-upgrade|abort-remove|abort-deconfigure) - ;; - - *) - echo "postinst called with unknown argument \`$1'" >&2 - exit 1 - ;; -esac - -#DEBHELPER# - -exit 0 - - diff --git a/debian/openflow-switch.postrm b/debian/openflow-switch.postrm deleted file mode 100755 index 20bab0e0..00000000 --- a/debian/openflow-switch.postrm +++ /dev/null @@ -1,43 +0,0 @@ -#!/bin/sh -# postrm script for openflow-switch -# -# see: dh_installdeb(1) - -set -e - -# summary of how this script can be called: -# * `remove' -# * `purge' -# * `upgrade' -# * `failed-upgrade' -# * `abort-install' -# * `abort-install' -# * `abort-upgrade' -# * `disappear' -# -# for details, see http://www.debian.org/doc/debian-policy/ or -# the debian-policy package - - -case "$1" in - purge) - rm -f /etc/default/openflow-switch - ;; - - remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) - ;; - - *) - echo "postrm called with unknown argument \`$1'" >&2 - exit 1 - ;; -esac - -# dh_installdeb will replace this with shell code automatically -# generated by other debhelper scripts. - -#DEBHELPER# - -exit 0 - - diff --git a/debian/openflow-switch.template b/debian/openflow-switch.template deleted file mode 100644 index 1cc9a4f4..00000000 --- a/debian/openflow-switch.template +++ /dev/null @@ -1,165 +0,0 @@ -# This is a POSIX shell fragment -*- sh -*- - -# To configure the secure channel, fill in the following properly and -# uncomment them. Afterward, the secure channel will come up -# automatically at boot time. It can be started immediately with -# /etc/init.d/openflow-switch start -# Alternatively, use the ofp-switch-setup program (from the -# openflow-switch-config package) to do everything automatically. - -# NETDEVS: Which network devices should the OpenFlow switch include? -# -# List the network devices that should become part of the OpenFlow -# switch, separated by spaces. At least two devices must be selected -# for this machine to be a useful switch. Unselecting all network -# devices will disable the OpenFlow switch entirely. -# -# The network devices that you select should not be configured with IP -# or IPv6 addresses, even if the switch contacts the controller over -# one of the selected network devices. This is because a running -# OpenFlow switch takes over network devices at a low level: they -# become part of the switch and cannot be used for other purposes. -#NETDEVS="" - -# MODE: The OpenFlow switch has three modes that determine how it -# reaches the controller: -# -# * in-band with discovery: A single network is used for OpenFlow -# traffic and other data traffic; that is, the switch contacts the -# controller over one of the network devices selected as OpenFlow -# switch ports. The switch automatically determines the location of -# the controller using a DHCP request with an OpenFlow-specific -# vendor option. This is the most common case. -# -# * in-band: As above, but the location of the controller is manually -# configured. -# -# * out-of-band: OpenFlow traffic uses a network separate from the -# data traffic that it controls. If this is the case, the control -# network must already be configured on a network device other than -# one of those selected as an OpenFlow switch port in the previous -# question. -# -# Set MODE to 'discovery', 'in-band', or 'out-of-band' for these -# respective cases. -MODE=discovery - -# SWITCH_IP: In 'in-band' mode, the switch's IP address may be -# configured statically or dynamically: -# -# * For static configuration, specify the switch's IP address as a -# string. In this case you may also set SWITCH_NETMASK and -# SWITCH_GATEWAY appropriately (see below). -# -# * For dynamic configuration with DHCP (the most common case), -# specify "dhcp". Configuration with DHCP will only work reliably -# if the network topology allows the switch to contact the DHCP -# server before it connects to the OpenFlow controller. -# -# This setting has no effect unless MODE is set to 'in-band'. -SWITCH_IP=dhcp - -# SWITCH_NETMASK: IP netmask to use in 'in-band' mode when the switch -# IP address is not 'dhcp'. -#SWITCH_NETMASK=255.255.255.0 - -# SWITCH_GATEWAY: IP gateway to use in 'in-band' mode when the switch -# IP address is not 'dhcp'. -#SWITCH_GATEWAY=192.168.1.1 - -# CONTROLLER: Location of controller. -# One of the following formats: -# tcp:HOST[:PORT] via TCP to PORT (default: 6633) on HOST -# ssl:HOST[:PORT] via SSL to PORT (default: 6633) on HOST -# The default below assumes that the controller is running locally. -# This setting has no effect when MODE is set to 'discovery'. -#CONTROLLER="tcp:127.0.0.1" - -# PRIVKEY: Name of file containing switch's private key. -# Required if SSL enabled. -#PRIVKEY=/etc/openflow-switch/of0-privkey.pem - -# CERT: Name of file containing certificate for private key. -# Required if SSL enabled. -#CERT=/etc/openflow-switch/of0-cert.pem - -# CACERT: Name of file containing controller CA certificate. -# Required if SSL enabled. -#CACERT=/etc/openflow-switch/cacert.pem - -# CACERT_MODE: Two modes are available: -# -# * secure: The controller CA certificate named in CACERT above must exist. -# (You must copy it manually from the PKI server or another trusted source.) -# -# * bootstrap: If the controller CA certificate named in CACERT above does -# not exist, the switch will obtain it from the controller the first time -# it connects and save a copy to the file named in CACERT. This is insecure, -# in the same way that initial connections with ssh are insecure, but -# it is convenient. -# -# Set CACERT_MODE to 'secure' or 'bootstrap' for these respective cases. -#CACERT_MODE=secure - -# MGMT_VCONNS: List of vconns (space-separated) on which secchan -# should listen for management connections from dpctl, etc. -# openflow-switchui by default connects to -# unix:/var/run/secchan.mgmt, so do not disable this if you want to -# use openflow-switchui. -MGMT_VCONNS="punix:/var/run/secchan.mgmt" - -# COMMANDS: Access control list for the commands that can be executed -# remotely over the OpenFlow protocol, as a comma-separated list of -# shell glob patterns. Negative patterns (beginning with !) act as a -# blacklist. To be executable, a command name must match one positive -# pattern and not match any negative patterns. -#COMMANDS="reboot,update" - -# DISCONNECTED_MODE: Switch behavior when attempts to connect to the -# controller repeatedly fail, either 'switch', to act as an L2 switch -# in this case, or 'drop', to drop all packets (except those necessary -# to connect to the controller). If unset, the default is 'drop'. -#DISCONNECTED_MODE=switch - -# STP: Enable or disabled 802.1D-1998 Spanning Tree Protocol. Set to -# 'yes' to enable STP, 'no' to disable it. If unset, secchan's -# current default is 'no' (but this may change in the future). -#STP=no - -# RATE_LIMIT: Maximum number of received frames, that do not match any -# existing switch flow, to forward up to the controller per second. -# The valid range is 100 and up. If unset, this rate will not be -# limited. -#RATE_LIMIT=1000 - -# INACTIVITY_PROBE: The maximum number of seconds of inactivity on the -# controller connection before secchan sends an inactivity probe -# message to the controller. The valid range is 5 and up. If unset, -# secchan defaults to 15 seconds. -#INACTIVITY_PROBE=5 - -# MAX_BACKOFF: The maximum time that secchan will wait between -# attempts to connect to the controller. The valid range is 1 and up. -# If unset, secchan defaults to 15 seconds. -#MAX_BACKOFF=15 - -# DAEMON_OPTS: Additional options to pass to secchan, e.g. "--fail=open" -DAEMON_OPTS="" - -# CORE_LIMIT: Maximum size for core dumps. -# -# Leaving this unset will use the system default. Setting it to 0 -# will disable core dumps. Setting it to "unlimited" will dump all -# core files regardless of size. -#CORE_LIMIT=unlimited - -# DATAPATH_ID: Identifier for this switch. -# -# By default, the switch checks if the DMI System UUID contains a Nicira -# mac address to use as a datapath ID. If not, then the switch generates -# a new, random datapath ID every time it starts up. By setting this -# value, the supplied datapath ID will always be used. -# -# Set DATAPATH_ID to a MAC address in the form XX:XX:XX:XX:XX:XX where each -# X is a hexadecimal digit (0-9 or a-f). -#DATAPATH_ID=XX:XX:XX:XX:XX:XX diff --git a/debian/openvswitch-common.dirs b/debian/openvswitch-common.dirs new file mode 100644 index 00000000..be9ed2f0 --- /dev/null +++ b/debian/openvswitch-common.dirs @@ -0,0 +1 @@ +var/log/openvswitch diff --git a/debian/openvswitch-common.install b/debian/openvswitch-common.install new file mode 100644 index 00000000..6dd50e37 --- /dev/null +++ b/debian/openvswitch-common.install @@ -0,0 +1,3 @@ +_debian/utilities/ovs-parse-leaks usr/bin +_debian/utilities/ovs-pki usr/sbin +_debian/utilities/vlogconf usr/sbin diff --git a/debian/openvswitch-common.manpages b/debian/openvswitch-common.manpages new file mode 100644 index 00000000..4994a1e3 --- /dev/null +++ b/debian/openvswitch-common.manpages @@ -0,0 +1,2 @@ +_debian/utilities/vlogconf.8 +_debian/utilities/ovs-pki.8 diff --git a/debian/openvswitch-controller.README.Debian b/debian/openvswitch-controller.README.Debian new file mode 100644 index 00000000..18819a79 --- /dev/null +++ b/debian/openvswitch-controller.README.Debian @@ -0,0 +1,12 @@ +README.Debian for openvswitch-controller +------------------------------------- + +* To (re)configure the controller, edit /etc/default/openvswitch-controller + and run "/etc/init.d/openvswitch-controller restart". + +* To enable OpenFlow switches to automatically discover the location + of the controller, you must install and configure a DHCP server. + The secchan(8) manpage (found in the openvswitch-switch package) gives + a working example configuration file for the ISC DHCP server. + + -- Ben Pfaff , Mon, 11 May 2009 13:26:38 -0700 diff --git a/debian/openvswitch-controller.default b/debian/openvswitch-controller.default new file mode 100644 index 00000000..1d9f9261 --- /dev/null +++ b/debian/openvswitch-controller.default @@ -0,0 +1,29 @@ +# This is a POSIX shell fragment -*- sh -*- + +# LISTEN: What OpenFlow connection methods should the controller listen on? +# +# This is a space-delimited list of connection methods: +# +# * "pssl:[PORT]": Listen for SSL connections on the specified PORT +# (default: 6633). The private key, certificate, and CA certificate +# must be specified below. +# +# * "pctp:[PORT]": Listen for TCP connections on the specified PORT +# (default: 6633). Not recommended for security reasons. +# +LISTEN="pssl:" + +# PRIVKEY: Name of file containing controller's private key. +# Required if SSL enabled. +PRIVKEY=/etc/openvswitch-controller/privkey.pem + +# CERT: Name of file containing certificate for private key. +# Required if SSL enabled. +CERT=/etc/openvswitch-controller/cert.pem + +# CACERT: Name of file containing switch CA certificate. +# Required if SSL enabled. +CACERT=/etc/openvswitch-controller/cacert.pem + +# Additional options to pass to controller, e.g. "--hub" +DAEMON_OPTS="" diff --git a/debian/openvswitch-controller.dirs b/debian/openvswitch-controller.dirs new file mode 100644 index 00000000..4ada77c6 --- /dev/null +++ b/debian/openvswitch-controller.dirs @@ -0,0 +1 @@ +etc/openvswitch-controller diff --git a/debian/openvswitch-controller.init b/debian/openvswitch-controller.init new file mode 100755 index 00000000..c4716a92 --- /dev/null +++ b/debian/openvswitch-controller.init @@ -0,0 +1,269 @@ +#!/bin/sh +# +# Copyright (c) 2007, 2009 Javier Fernandez-Sanguino +# +# This is free software; you may redistribute it and/or modify +# it under the terms of the GNU General Public License as +# published by the Free Software Foundation; either version 2, +# or (at your option) any later version. +# +# This is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License with +# the Debian operating system, in /usr/share/common-licenses/GPL; if +# not, write to the Free Software Foundation, Inc., 59 Temple Place, +# Suite 330, Boston, MA 02111-1307 USA +# +### BEGIN INIT INFO +# Provides: openvswitch-controller +# Required-Start: $network $local_fs +# Required-Stop: +# Should-Start: $named +# Should-Stop: +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: OpenVSwitch controller +### END INIT INFO + +PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin + +DAEMON=/usr/sbin/controller # Introduce the server's location here +NAME=controller # Introduce the short server's name here +DESC=controller # Introduce a short description here +LOGDIR=/var/log/openvswitch # Log directory to use + +PIDFILE=/var/run/$NAME.pid + +test -x $DAEMON || exit 0 + +. /lib/lsb/init-functions + +# Default options, these can be overriden by the information +# at /etc/default/$NAME +DAEMON_OPTS="" # Additional options given to the server + +DODTIME=10 # Time to wait for the server to die, in seconds + # If this value is set too low you might not + # let some servers to die gracefully and + # 'restart' will not work + +LOGFILE=$LOGDIR/$NAME.log # Server logfile +#DAEMONUSER= # User to run the daemons as. If this value + # is set start-stop-daemon will chuid the server + +# Include defaults if available +default=/etc/default/openvswitch-controller +if [ -f $default ] ; then + . $default +fi + +# Check that the user exists (if we set a user) +# Does the user exist? +if [ -n "$DAEMONUSER" ] ; then + if getent passwd | grep -q "^$DAEMONUSER:"; then + # Obtain the uid and gid + DAEMONUID=`getent passwd |grep "^$DAEMONUSER:" | awk -F : '{print $3}'` + DAEMONGID=`getent passwd |grep "^$DAEMONUSER:" | awk -F : '{print $4}'` + else + log_failure_msg "The user $DAEMONUSER, required to run $NAME does not exist." + exit 1 + fi +fi + + +set -e + +running_pid() { +# Check if a given process pid's cmdline matches a given name + pid=$1 + name=$2 + [ -z "$pid" ] && return 1 + [ ! -d /proc/$pid ] && return 1 + cmd=`cat /proc/$pid/cmdline | tr "\000" "\n"|head -n 1 |cut -d : -f 1` + # Is this the expected server + [ "$cmd" != "$name" ] && return 1 + return 0 +} + +running() { +# Check if the process is running looking at /proc +# (works for all users) + + # No pidfile, probably no daemon present + [ ! -f "$PIDFILE" ] && return 1 + pid=`cat $PIDFILE` + running_pid $pid $DAEMON || return 1 + return 0 +} + +start_server() { + if [ -z "$LISTEN" ]; then + echo "$default: No connection methods configured, controller disabled" >&2 + exit 0 + fi + + SSL_OPTS= + case $LISTEN in + *ssl*) + : ${PRIVKEY:=/etc/openvswitch-controller/privkey.pem} + : ${CERT:=/etc/openvswitch-controller/cert.pem} + : ${CACERT:=/etc/openvswitch-controller/cacert.pem} + if test ! -e "$PRIVKEY" || test ! -e "$CERT" || + test ! -e "$CACERT"; then + if test ! -e "$PRIVKEY"; then + echo "$PRIVKEY: private key missing" >&2 + fi + if test ! -e "$CERT"; then + echo "$CERT: certificate for private key missing" >&2 + fi + if test ! -e "$CACERT"; then + echo "$CACERT: CA certificate missing" >&2 + fi + exit 1 + fi + SSL_OPTS="--private-key=$PRIVKEY --certificate=$CERT --ca-cert=$CACERT" + ;; + esac + +# Start the process using the wrapper + if [ -z "$DAEMONUSER" ] ; then + start-stop-daemon --start --pidfile $PIDFILE \ + --exec $DAEMON -- --detach --pidfile=$PIDFILE \ + $LISTEN $DAEMON_OPTS $SSL_OPTS + errcode=$? + else +# if we are using a daemonuser then change the user id + start-stop-daemon --start --quiet --pidfile $PIDFILE \ + --chuid $DAEMONUSER --exec $DAEMON -- \ + --detach --pidfile=$PIDFILE $LISTEN $DAEMON_OPTS \ + $SSL_OPTS + errcode=$? + fi + return $errcode +} + +stop_server() { +# Stop the process using the wrapper + if [ -z "$DAEMONUSER" ] ; then + start-stop-daemon --stop --quiet --pidfile $PIDFILE \ + --exec $DAEMON + errcode=$? + else +# if we are using a daemonuser then look for process that match + start-stop-daemon --stop --quiet --pidfile $PIDFILE \ + --user $DAEMONUSER --exec $DAEMON + errcode=$? + fi + + return $errcode +} + +reload_server() { + [ ! -f "$PIDFILE" ] && return 1 + pid=`cat $PIDFILE` # This is the daemon's pid + # Send a SIGHUP + kill -1 $pid + return $? +} + +force_stop() { +# Force the process to die killing it manually + [ ! -e "$PIDFILE" ] && return + if running ; then + kill -15 $pid + # Is it really dead? + sleep "$DIETIME"s + if running ; then + kill -9 $pid + sleep "$DIETIME"s + if running ; then + echo "Cannot kill $NAME (pid=$pid)!" + exit 1 + fi + fi + fi + rm -f $PIDFILE +} + + +case "$1" in + start) + log_daemon_msg "Starting $DESC " "$NAME" + # Check if it's running first + if running ; then + log_progress_msg "apparently already running" + log_end_msg 0 + exit 0 + fi + if start_server && running ; then + # It's ok, the server started and is running + log_end_msg 0 + else + # Either we could not start it or it is not running + # after we did + # NOTE: Some servers might die some time after they start, + # this code does not try to detect this and might give + # a false positive (use 'status' for that) + log_end_msg 1 + fi + ;; + stop) + log_daemon_msg "Stopping $DESC" "$NAME" + if running ; then + # Only stop the server if we see it running + stop_server + log_end_msg $? + else + # If it's not running don't do anything + log_progress_msg "apparently not running" + log_end_msg 0 + exit 0 + fi + ;; + force-stop) + # First try to stop gracefully the program + $0 stop + if running; then + # If it's still running try to kill it more forcefully + log_daemon_msg "Stopping (force) $DESC" "$NAME" + force_stop + log_end_msg $? + fi + ;; + restart|force-reload) + log_daemon_msg "Restarting $DESC" "$NAME" + stop_server + # Wait some sensible amount, some server need this + [ -n "$DIETIME" ] && sleep $DIETIME + start_server + running + log_end_msg $? + ;; + status) + + log_daemon_msg "Checking status of $DESC" "$NAME" + if running ; then + log_progress_msg "running" + log_end_msg 0 + else + log_progress_msg "apparently not running" + log_end_msg 1 + exit 1 + fi + ;; + # Use this if the daemon cannot reload + reload) + log_warning_msg "Reloading $NAME daemon: not implemented, as the daemon" + log_warning_msg "cannot re-read the config file (use restart)." + ;; + *) + N=/etc/init.d/$NAME + echo "Usage: $N {start|stop|force-stop|restart|force-reload|status}" >&2 + exit 1 + ;; +esac + +exit 0 diff --git a/debian/openvswitch-controller.install b/debian/openvswitch-controller.install new file mode 100644 index 00000000..3932ab6a --- /dev/null +++ b/debian/openvswitch-controller.install @@ -0,0 +1 @@ +_debian/controller/controller usr/sbin diff --git a/debian/openvswitch-controller.manpages b/debian/openvswitch-controller.manpages new file mode 100644 index 00000000..3fbaaeaf --- /dev/null +++ b/debian/openvswitch-controller.manpages @@ -0,0 +1 @@ +_debian/controller/controller.8 diff --git a/debian/openvswitch-controller.postinst b/debian/openvswitch-controller.postinst new file mode 100755 index 00000000..51acfb1a --- /dev/null +++ b/debian/openvswitch-controller.postinst @@ -0,0 +1,52 @@ +#!/bin/sh +# postinst script for openvswitch-controller +# +# see: dh_installdeb(1) + +set -e + +# summary of how this script can be called: +# * `configure' +# * `abort-upgrade' +# * `abort-remove' `in-favour' +# +# * `abort-remove' +# * `abort-deconfigure' `in-favour' +# `removing' +# +# for details, see http://www.debian.org/doc/debian-policy/ or +# the debian-policy package + + +case "$1" in + configure) + cd /etc/openvswitch-controller + if ! test -e cacert.pem; then + ln -s /usr/share/openvswitch/pki/switchca/cacert.pem cacert.pem + fi + if ! test -e privkey.pem || ! test -e cert.pem; then + oldumask=$(umask) + umask 077 + ovs-pki req+sign tmp controller >/dev/null + mv tmp-privkey.pem privkey.pem + mv tmp-cert.pem cert.pem + mv tmp-req.pem req.pem + chmod go+r cert.pem req.pem + umask $oldumask + fi + ;; + + abort-upgrade|abort-remove|abort-deconfigure) + ;; + + *) + echo "postinst called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +#DEBHELPER# + +exit 0 + + diff --git a/debian/openvswitch-datapath-module-_KVERS_.postinst.modules.in b/debian/openvswitch-datapath-module-_KVERS_.postinst.modules.in new file mode 100755 index 00000000..02683008 --- /dev/null +++ b/debian/openvswitch-datapath-module-_KVERS_.postinst.modules.in @@ -0,0 +1,25 @@ +#!/bin/sh +# postinst script for #PACKAGE# +# +# see: dh_installdeb(1) + +set -e + +depmod -a + +#DEBHELPER# + +# If the switch is running, restart it. This ensures that we are using the +# latest kernel module, because the init script will unload and reload the +# module. +# +# (Ideally we'd only want to do this if this package corresponds to the +# running kernel, but I don't know a reliable way to check.) +INIT=/etc/init.d/openvswitch-switch +if test -x $INIT && $INIT status; then + $INIT restart || true +fi + +exit 0 + + diff --git a/debian/openvswitch-datapath-source.README.Debian b/debian/openvswitch-datapath-source.README.Debian new file mode 100644 index 00000000..171aa9bd --- /dev/null +++ b/debian/openvswitch-datapath-source.README.Debian @@ -0,0 +1,31 @@ +OpenVSwitch for Debian +---------------------- + +* How do I build this module the Debian way? + + - Building with module-assistant: + + $ module-assistant auto-install openvswitch + or + $ m-a a-i openvswitch + + If kernel source or headers are in a non-standard directory, add + the option -k /path/to/kernel/source with the correct path. + + - Building with make-kpkg + + $ cd /usr/src/ + $ tar jxvf openvswitch.tar.bz2 + $ cd /usr/src/kernel-source-2.6.9 + $ make-kpkg --added-modules=openvswitch modules + + - Building without make-kpkg + + $ cd /usr/src/ + $ tar jxvf openvswitch.tar.bz2 + $ cd modules/openvswitch + $ fakeroot debian/rules kdist_image + + If you run this as root, fakeroot is not needed. + + -- Ben Pfaff , Mon, 11 May 2009 13:27:50 -0700 diff --git a/debian/openvswitch-datapath-source.copyright b/debian/openvswitch-datapath-source.copyright new file mode 100644 index 00000000..f7bcdda3 --- /dev/null +++ b/debian/openvswitch-datapath-source.copyright @@ -0,0 +1,16 @@ +Upstream Authors: + + The Board of Trustees of The Leland Stanford Junior University + +Copyright: + + Copyright (C) 2008 The Board of Trustees of The Leland Stanford + Junior University + +License: + + Files in the datapath/ and its sub-directories are covered under the GNU + General Public License Version 2. + + On Debian systems, the complete text of the GNU General + Public License can be found in `/usr/share/common-licenses/GPL'. diff --git a/debian/openvswitch-datapath-source.dirs b/debian/openvswitch-datapath-source.dirs new file mode 100644 index 00000000..e5a7d6b0 --- /dev/null +++ b/debian/openvswitch-datapath-source.dirs @@ -0,0 +1 @@ +usr/src/modules/openvswitch-datapath/debian diff --git a/debian/openvswitch-datapath-source.install b/debian/openvswitch-datapath-source.install new file mode 100644 index 00000000..d1acc894 --- /dev/null +++ b/debian/openvswitch-datapath-source.install @@ -0,0 +1,6 @@ +debian/changelog usr/src/modules/openvswitch-datapath/debian +debian/control usr/src/modules/openvswitch-datapath/debian +debian/compat usr/src/modules/openvswitch-datapath/debian +debian/*.modules.in usr/src/modules/openvswitch-datapath/debian +debian/rules usr/src/modules/openvswitch-datapath/debian +_debian/openvswitch.tar.gz usr/src/modules/openvswitch-datapath diff --git a/debian/openvswitch-pki-server.apache2 b/debian/openvswitch-pki-server.apache2 new file mode 100644 index 00000000..d0bc8ba9 --- /dev/null +++ b/debian/openvswitch-pki-server.apache2 @@ -0,0 +1 @@ +Alias /openvswitch/pki/ /usr/share/openvswitch/pki/ diff --git a/debian/openvswitch-pki-server.dirs b/debian/openvswitch-pki-server.dirs new file mode 100644 index 00000000..7307777b --- /dev/null +++ b/debian/openvswitch-pki-server.dirs @@ -0,0 +1 @@ +etc/apache2/sites-available diff --git a/debian/openvswitch-pki-server.install b/debian/openvswitch-pki-server.install new file mode 100644 index 00000000..5af75da0 --- /dev/null +++ b/debian/openvswitch-pki-server.install @@ -0,0 +1 @@ +_debian/utilities/ovs-pki-cgi usr/lib/cgi-bin diff --git a/debian/openvswitch-pki-server.postinst b/debian/openvswitch-pki-server.postinst new file mode 100755 index 00000000..d161a98a --- /dev/null +++ b/debian/openvswitch-pki-server.postinst @@ -0,0 +1,44 @@ +#!/bin/sh +# postinst script for openflow +# +# see: dh_installdeb(1) + +set -e + +# summary of how this script can be called: +# * `configure' +# * `abort-upgrade' +# * `abort-remove' `in-favour' +# +# * `abort-remove' +# * `abort-deconfigure' `in-favour' +# `removing' +# +# for details, see http://www.debian.org/doc/debian-policy/ or +# the debian-policy package + +case "$1" in + configure) + # Enable site under Apache. + a2ensite openflow-pki >/dev/null + if command -v invoke-rc.d >/dev/null 2>&1; then + invoke-rc.d apache2 force-reload || : + else + [ -x /etc/init.d/apache2 ] && /etc/init.d/apache2 force-reload || : + fi + ;; + + abort-upgrade|abort-remove|abort-deconfigure) + ;; + + *) + echo "postinst called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +#DEBHELPER# + +exit 0 + + diff --git a/debian/openvswitch-pki.postinst b/debian/openvswitch-pki.postinst new file mode 100755 index 00000000..a75a314f --- /dev/null +++ b/debian/openvswitch-pki.postinst @@ -0,0 +1,41 @@ +#!/bin/sh +# postinst script for openvswitch +# +# see: dh_installdeb(1) + +set -e + +# summary of how this script can be called: +# * `configure' +# * `abort-upgrade' +# * `abort-remove' `in-favour' +# +# * `abort-remove' +# * `abort-deconfigure' `in-favour' +# `removing' +# +# for details, see http://www.debian.org/doc/debian-policy/ or +# the debian-policy package + +case "$1" in + configure) + # Create certificate authorities. + if test ! -d /usr/share/openvswitch/pki; then + ovs-pki init + fi + ;; + + abort-upgrade|abort-remove|abort-deconfigure) + ;; + + *) + echo "postinst called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +#DEBHELPER# + +exit 0 + + diff --git a/debian/openvswitch-switch-config.dirs b/debian/openvswitch-switch-config.dirs new file mode 100644 index 00000000..881ded8a --- /dev/null +++ b/debian/openvswitch-switch-config.dirs @@ -0,0 +1 @@ +/usr/share/lintian/overrides diff --git a/debian/openvswitch-switch-config.install b/debian/openvswitch-switch-config.install new file mode 100644 index 00000000..c8cbf17f --- /dev/null +++ b/debian/openvswitch-switch-config.install @@ -0,0 +1 @@ +debian/ovs-switch-setup usr/sbin diff --git a/debian/openvswitch-switch-config.manpages b/debian/openvswitch-switch-config.manpages new file mode 100644 index 00000000..0e122793 --- /dev/null +++ b/debian/openvswitch-switch-config.manpages @@ -0,0 +1 @@ +debian/ovs-switch-setup.8 diff --git a/debian/openvswitch-switch-config.overrides b/debian/openvswitch-switch-config.overrides new file mode 100644 index 00000000..4ac77aba --- /dev/null +++ b/debian/openvswitch-switch-config.overrides @@ -0,0 +1 @@ +debconf-is-not-a-registry diff --git a/debian/openvswitch-switch-config.templates b/debian/openvswitch-switch-config.templates new file mode 100644 index 00000000..24bf0352 --- /dev/null +++ b/debian/openvswitch-switch-config.templates @@ -0,0 +1,228 @@ +Template: openvswitch-switch/netdevs +Type: multiselect +_Choices: ${choices} +_Description: OpenFlow switch network devices: + Choose the network devices that should become part of the OpenFlow + switch. At least two devices must be selected for this machine to be + a useful switch. Unselecting all network devices will disable the + OpenFlow switch entirely. + . + The network devices that you select should not be configured with IP + or IPv6 addresses, even if the switch contacts the controller over + one of the selected network devices. This is because a running + OpenFlow switch takes over network devices at a low level: they + become part of the switch and cannot be used for other purposes. + +Template: openvswitch-switch/no-netdevs +Type: error +_Description: No network devices were selected. + No network devices were selected for inclusion in the OpenFlow switch. + The switch will be disabled. + +Template: openvswitch-switch/configured-netdevs +Type: note +_Description: Some Network Devices Have IP or IPv6 Addresses + The following network devices selected to be part of the OpenFlow switch + have IP or IPv6 addresses configured: + . + ${configured-netdevs} + . + This is usually a mistake, even if the switch contacts the controller over + one of the selected network devices. This is because a running + OpenFlow switch takes over network devices at a low level: they + become part of the switch and cannot be used for other purposes. + . + If this is an unintentional mistake, move back and fix the selection, + or de-configure the IP or IPv6 from these network devices. + +Template: openvswitch-switch/mode +Type: select +_Choices: discovery, in-band, out-of-band +Default: discovery +_Description: Switch-to-controller access method: + The OpenFlow switch must be able to contact the OpenFlow controller over + the network. It can do so in one of three ways: + . + discovery: A single network is used for OpenFlow traffic and other + data traffic; that is, the switch contacts the controller over one of + the network devices selected as OpenFlow switch network devices in + the previous question. The switch automatically determines the + location of the controller using a DHCP request with an + OpenFlow-specific vendor option. This is the most common case. + . + in-band: As above, but the location of the controller is manually + configured. + . + out-of-band: OpenFlow traffic uses a network separate from the data traffic + that it controls. If this is the case, the control network must already + be configured on a network device other than one of those selected as + an OpenFlow switch netdev in the previous question. + +Template: openvswitch-switch/discover +Type: note +_Description: Preparing to discover controller. + The setup program will now attempt to discover the OpenFlow controller. + Controller discovery may take up to 30 seconds. Please be patient. + . + See secchan(8) for instructions on how to configure a DHCP server for + controller discovery. + +Template: openvswitch-switch/discovery-failure +Type: error +_Description: Controller discovery failed. + The controller's location could not be determined automatically. + . + Ensure that the OpenFlow DHCP server is properly configured. See + secchan(8) for instructions on how to configure a DHCP server for + controller discovery. + +Template: openvswitch-switch/discovery-success +Type: boolean +Default: true +_Description: Use discovered settings? + Controller discovery obtained the following settings: + . + Controller location: ${controller-vconn} + . + PKI URL: ${pki-uri} + . + Please verify that these settings are correct. + +Template: openvswitch-switch/switch-ip +Type: string +Default: dhcp +_Description: Switch IP address: + For in-band communication with the controller, the OpenFlow switch must + be able to determine its own IP address. Its IP address may be configured + statically or dynamically. + . + For static configuration, specify the switch's IP address as a string. + . + For dynamic configuration with DHCP (the most common case), specify "dhcp". + Configuration with DHCP will only work reliably if the network topology + allows the switch to contact the DHCP server before it connects to the + OpenFlow controller. + +Template: openvswitch-switch/switch-ip-error +Type: error +_Description: The switch IP address is invalid. + The switch IP address must specified as "dhcp" or a valid IP address in + dotted-octet form (e.g. "1.2.3.4"). + +Template: openvswitch-switch/controller-vconn +Type: string +_Description: Controller location: + Specify how the OpenFlow switch should connect to the OpenFlow controller. + The value should be in form "ssl:HOST[:PORT]" to connect to the controller + over SSL (recommended for security) or "tcp:HOST[:PORT]" to connect over + cleartext TCP. + +Template: openvswitch-switch/controller-vconn-error +Type: error +_Description: The controller location is invalid. + The controller location must be specifed as "ssl:HOST[:PORT]" to + connect to the controller over SSL (recommended for security) or + "tcp:HOST[:PORT]" to connect over cleartext TCP. + +Template: openvswitch-switch/pki-uri +Type: string +_Description: OpenFlow PKI server host name or URL: + Specify a URL to the OpenFlow public key infrastructure (PKI). If a + host name or IP address is specified in place of a URL, then + http:///openvswitch/pki/ will be used, + where is the specified host name or IP address. + . + The OpenFlow PKI is usually on the same machine as the OpenFlow + controller. + . + The setup process will connect to the OpenFlow PKI server over + HTTP, using the system's configured default HTTP proxy (if any). + +Template: openvswitch-switch/fetch-cacert-failed +Type: error +_Description: The switch CA certificate could not be retrieved. + Retrieval of ${url} failed, with the following status: "${error}". + . + Ensure that the OpenFlow PKI server is correctly configured and + available at ${pki-uri}. If the system is configured to use an HTTP + proxy, also make sure that the HTTP proxy is available and that the + PKI server can be reached through it. + +Template: openvswitch-switch/verify-controller-ca +Type: select +_Choices: yes, no +Default: yes +_Description: Is ${fingerprint} the controller CA's fingerprint? + If a man-in-the-middle attack is possible in your network + environment, check that the controller CA's fingerprint is really + ${fingerprint}. Answer "yes" if it matches, "no" if + there is a discrepancy. + . + If a man-in-the-middle attack is not a concern, there is no need to + verify the fingerprint. Simply answer "yes". + +Template: openvswitch-switch/send-cert-req +Type: select +_Choices: yes, no +Default: yes +_Description: Send certificate request to switch CA? + Before it can connect to the controller over SSL, the OpenFlow + switch's key must be signed by the switch certificate authority (CA) + located on the OpenFlow PKI server, which is usually collocated with + the OpenFlow controller. A signing request can be sent to the PKI + server now. + . + Answer "yes" to send a signing request to the switch CA now. This is + ordinarily the correct choice. There is no harm in sending a given + signing request more than once. + . + Answer "no" to skip sending a signing request to the switch CA. + Unless the request has already been sent to the switch CA, manual + sending of the request and signing will be necessary. + +Template: openvswitch-switch/send-cert-req-failed +Type: error +_Description: The certificate request could not be sent. + Posting to ${url} failed, with the following status: "${error}". + . + Ensure that the OpenFlow PKI server is correctly configured and + available at ${pki-uri}. + +Template: openvswitch-switch/fetch-switch-cert +Type: select +_Choices: yes, no +_Description: Fetch signed switch certificate from PKI server? + Before it can connect to the controller over SSL, the OpenFlow + switch's key must be signed by the switch certificate authority (CA) + located on the OpenFlow PKI server, which is usually collocated with + the OpenFlow controller. + . + At this point, a signing request has been sent to the switch CA (or + sending a request has been manually skipped), but the signed + certificate has not yet been retrieved. Manual action may need to be + taken at the PKI server to approve the signing request. + . + Answer "yes" to attempt to retrieve the signed switch certificate + from the switch CA. If the switch certificate request has been + signed at the PKI server, this is the correct choice. + . + Answer "no" to postpone switch configuration. The configuration + process must be restarted later, when the switch certificate request + has been signed. + +Template: openvswitch-switch/fetch-switch-cert-failed +Type: error +_Description: Signed switch certificate could not be retrieved. + The signed switch certificate could not be retrieved from the switch + CA: retrieval of ${url} failed, with the following status: "${error}". + . + This probably indicates that the switch's certificate request has not + yet been signed. If this is the problem, it may be fixed by signing + the certificate request at ${pki-uri}, then trying to fetch the + signed switch certificate again. + +Template: openvswitch-switch/complete +Type: note +_Description: OpenFlow Switch Setup Finished + Setup of this OpenFlow switch is finished. Complete the setup procedure + to enable the switch. diff --git a/debian/openvswitch-switch.README.Debian b/debian/openvswitch-switch.README.Debian new file mode 100644 index 00000000..7c5e08d8 --- /dev/null +++ b/debian/openvswitch-switch.README.Debian @@ -0,0 +1,18 @@ +README.Debian for openvswitch-switch +--------------------------------- + +* The switch must be configured before it can be used. To configure + it interactively, install the openvswitch-switch-config package and run + the ovs-switch-setup program. Alternatively, edit + /etc/default/openvswitch-switch by hand, then start the switch manually + with "/etc/init.d/openvswitch-switch start". + +* To use the Linux kernel-based switch implementation, you will need + to build and install the OpenVSwitch kernel module. To do so, install + the openvswitch-datapath-source package, then follow the instructions + given in /usr/share/doc/openvswitch-datapath-source/README.Debian + +* This package does not yet support the userspace datapath-based + switch implementation. + + -- Ben Pfaff , Mon, 11 May 2009 13:29:43 -0700 diff --git a/debian/openvswitch-switch.dirs b/debian/openvswitch-switch.dirs new file mode 100644 index 00000000..b4a52873 --- /dev/null +++ b/debian/openvswitch-switch.dirs @@ -0,0 +1,2 @@ +/etc/openvswitch-switch +/usr/share/openvswitch/switch diff --git a/debian/openvswitch-switch.init b/debian/openvswitch-switch.init new file mode 100755 index 00000000..45a87d25 --- /dev/null +++ b/debian/openvswitch-switch.init @@ -0,0 +1,428 @@ +#! /bin/sh +# +# /etc/init.d/openvswitch-switch +# +# Written by Miquel van Smoorenburg . +# Modified for Debian by Ian Murdock . +# Further changes by Javier Fernandez-Sanguino +# Modified for openvswitch-switch. +# +# Version: @(#)skeleton 1.9 26-Feb-2001 miquels@cistron.nl +# +### BEGIN INIT INFO +# Provides: openvswitch-switch +# Required-Start: $network $named $remote_fs $syslog +# Required-Stop: +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: OpenVSwitch switch +### END INIT INFO + +PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin +DAEMON=/usr/sbin/secchan +NAME=secchan +DESC=secchan + +test -x $DAEMON || exit 0 + +NICIRA_OUI="002320" + +LOGDIR=/var/log/openvswitch +PIDFILE=/var/run/$NAME.pid +DHCLIENT_PIDFILE=/var/run/dhclient.of0.pid +DODTIME=1 # Time to wait for the server to die, in seconds + # If this value is set too low you might not + # let some servers to die gracefully and + # 'restart' will not work + +# Include secchan defaults if available +unset NETDEVS +unset MODE +unset SWITCH_IP +unset CONTROLLER +unset PRIVKEY +unset CERT +unset CACERT +unset CACERT_MODE +unset MGMT_VCONNS +unset COMMANDS +unset DAEMON_OPTS +unset CORE_LIMIT +unset DATAPATH_ID +default=/etc/default/openvswitch-switch +if [ -f $default ] ; then + . $default +fi + +set -e + +running_pid() +{ + # Check if a given process pid's cmdline matches a given name + pid=$1 + name=$2 + [ -z "$pid" ] && return 1 + [ ! -d /proc/$pid ] && return 1 + cmd=`cat /proc/$pid/cmdline | tr "\000" "\n"|head -n 1 |cut -d : -f 1` + # Is this the expected child? + case $cmd in + $name|*/$name) + return 0 + ;; + *) + return 1 + ;; + esac +} + +running() +{ +# Check if the process is running looking at /proc +# (works for all users) + + # No pidfile, probably no daemon present + [ ! -f "$PIDFILE" ] && return 1 + # Obtain the pid and check it against the binary name + pid=`cat $PIDFILE` + running_pid $pid $NAME || return 1 + return 0 +} + +force_stop() { +# Forcefully kill the process + [ ! -f "$PIDFILE" ] && return + if running ; then + kill -15 $pid + # Is it really dead? + [ -n "$DODTIME" ] && sleep "$DODTIME"s + if running ; then + kill -9 $pid + [ -n "$DODTIME" ] && sleep "$DODTIME"s + if running ; then + echo "Cannot kill $NAME (pid=$pid)!" + exit 1 + fi + fi + fi + rm -f $PIDFILE + return 0 +} + +must_succeed() { + echo -n "$1: " + shift + if "$@"; then + echo "success." + else + echo " ERROR." + exit 1 + fi +} + +check_op() { + echo -n "$1: " + shift + if "$@"; then + echo "success." + else + echo " ERROR." + fi +} + +configure_ssl() { + if (test "$CACERT_MODE" != secure && test "$CACERT_MODE" != bootstrap) \ + || test ! -e "$PRIVKEY" || test ! -e "$CERT" \ + || (test ! -e "$CACERT" && test "$CACERT_MODE" != bootstrap); then + if test "$CACERT_MODE" != secure && test "$CACERT_MODE" != bootstrap + then + echo "CACERT_MODE is not set to 'secure' or 'bootstrap'" + fi + if test ! -e "$PRIVKEY"; then + echo "$PRIVKEY: private key missing" >&2 + fi + if test ! -e "$CERT"; then + echo "$CERT: certificate for private key missing" >&2 + fi + if test ! -e "$CACERT" && test "$CACERT_MODE" != bootstrap; then + echo "$CACERT: CA certificate missing (and CA certificate bootstrapping not enabled)" >&2 + fi + echo "Run ovs-switch-setup (in the openvswitch-switch-config package) or edit /etc/default/openvswitch-switch to configure" >&2 + if test "$MODE" = discovery; then + echo "You may also delete or rename $PRIVKEY to disable SSL requirement" >&2 + fi + exit 1 + fi + + SSL_OPTS="--private-key=$PRIVKEY --certificate=$CERT" + if test ! -e "$CACERT" && test "$CACERT_MODE" = bootstrap; then + SSL_OPTS="$SSL_OPTS --bootstrap-ca-cert=$CACERT" + else + SSL_OPTS="$SSL_OPTS --ca-cert=$CACERT" + fi +} + +check_int_var() { + eval value=\$$1 + if test -n "$value"; then + if expr "X$value" : 'X[0-9][0-9]*$' > /dev/null 2>&1; then + if test $value -lt $2; then + echo "warning: The $1 option may not be set to a value below $2, treating as $2" >&2 + eval $1=$2 + fi + else + echo "warning: The $1 option must be set to a number, ignoring" >&2 + unset $1 + fi + fi +} + +check_new_option() { + case $DAEMON_OPTS in + *$1*) + echo "warning: The $1 option in DAEMON_OPTS may now be set with the $2 variable in $default. The setting in DAEMON_OPTS will override the $2 variable, which will prevent the switch UI from configuring $1." >&2 + ;; + esac +} + +case "$1" in + start) + if test -z "$NETDEVS"; then + echo "$default: No network devices configured, switch disabled" >&2 + echo "Run ovs-switch-setup (in the openvswitch-switch-config package) or edit /etc/default/openvswitch-switch to configure" >&2 + exit 0 + fi + if test "$MODE" = discovery; then + unset CONTROLLER + elif test "$MODE" = in-band || test "$MODE" = out-of-band; then + if test -z "$CONTROLLER"; then + echo "$default: No controller configured and not configured for discovery, switch disabled" >&2 + echo "Run ovs-switch-setup (in the openvswitch-switch-config package) or edit /etc/default/openvswitch-switch to configure" >&2 + exit 0 + fi + else + echo "$default: MODE must set to 'discovery', 'in-band', or 'out-of-band'" >&2 + echo "Run ovs-switch-setup (in the openvswitch-switch-config package) or edit /etc/default/openvswitch-switch to configure" >&2 + exit 1 + fi + : ${PRIVKEY:=/etc/openvswitch-switch/of0-privkey.pem} + : ${CERT:=/etc/openvswitch-switch/of0-cert.pem} + : ${CACERT:=/etc/openvswitch-switch/cacert.pem} + case $CONTROLLER in + '') + # Discovery mode. + if test -e "$PRIVKEY"; then + configure_ssl + fi + ;; + tcp:*) + ;; + ssl:*) + configure_ssl + ;; + *) + echo "$default: CONTROLLER must be in the form 'ssl:HOST[:PORT]' or 'tcp:HOST[:PORT]' when not in discovery mode" >&2 + echo "Run ovs-switch-setup (in the openvswitch-switch-config package) or edit /etc/default/openvswitch-switch to configure" >&2 + exit 1 + esac + case $DISCONNECTED_MODE in + ''|switch|drop) ;; + *) echo "$default: warning: DISCONNECTED_MODE is not 'switch' or 'drop'" >&2 ;; + esac + + check_int_var RATE_LIMIT 100 + check_int_var INACTIVITY_PROBE 5 + check_int_var MAX_BACKOFF 1 + + check_new_option --fail DISCONNECTED_MODE + check_new_option --stp STP + check_new_option --rate-limit RATE_LIMIT + check_new_option --inactivity INACTIVITY_PROBE + check_new_option --max-backoff MAX_BACKOFF + case $DAEMON_OPTS in + *--rate-limit*) + echo "$default: --rate-limit may now be set with RATE_LIMIT" >&2 + esac + + echo -n "Loading openvswitch_mod: " + if grep -q '^openvswitch_mod$' /proc/modules; then + echo "already loaded, nothing to do." + elif modprobe openvswitch_mod; then + echo "success." + else + echo "ERROR." + echo "openvswitch_mod has probably not been built for this kernel." + if ! test -d /usr/share/doc/openvswitch-datapath-source; then + echo "Install the openvswitch-datapath-source package, then read" + echo "/usr/share/doc/openvswitch-datapath-source/README.Debian" + else + echo "For instructions, read" + echo "/usr/share/doc/openvswitch-datapath-source/README.Debian" + fi + exit 1 + fi + + for netdev in $NETDEVS; do + check_op "Removing IP address from $netdev" ifconfig $netdev 0.0.0.0 + done + + must_succeed "Creating datapath" dpctl adddp of0 $NETDEVS + + xx='[0-9abcdefABCDEF][0-9abcdefABCDEF]' + case $DATAPATH_ID in + '') + # Check if the DMI System UUID contains a Nicira mac address + # that should be used for this datapath. The UUID is assumed + # to be RFC 4122 compliant. + DMIDECODE=`which dmidecode` + if [ -n $DMIDECODE ]; then + UUID_MAC=`$DMIDECODE -s system-uuid | cut -d'-' -f 5` + case $UUID_MAC in + $NICIRA_OUI*) + ifconfig of0 down + must_succeed "Setting of0 MAC address to $UUID_MAC" ifconfig of0 hw ether $UUID_MAC + ifconfig of0 up + ;; + esac + fi + ;; + $xx:$xx:$xx:$xx:$xx:$xx) + ifconfig of0 down + must_succeed "Setting of0 MAC address to $DATAPATH_ID" ifconfig of0 hw ether $DATAPATH_ID + ifconfig of0 up + ;; + *) + echo "DATAPATH_ID is not a valid MAC address in the form XX:XX:XX:XX:XX:XX, ignoring" >&2 + ;; + esac + + if test "$MODE" = in-band; then + if test "$SWITCH_IP" = dhcp; then + must_succeed "Temporarily disabling of0" ifconfig of0 down + else + COMMAND="ifconfig of0 $SWITCH_IP" + if test -n "$SWITCH_NETMASK"; then + COMMAND="$COMMAND netmask $SWITCH_NETMASK" + fi + must_succeed "Configuring of0: $COMMAND" $COMMAND + if test -n "$SWITCH_GATEWAY"; then + # This can fail because the route already exists, + # so we don't insist that it succeed. + COMMAND="route add default gw $SWITCH_GATEWAY" + check_op "Adding default route: $COMMAND" $COMMAND + fi + fi + else + must_succeed "Disabling of0" ifconfig of0 down + fi + + if test -n "$CORE_LIMIT"; then + check_op "Setting core limit to $CORE_LIMIT" ulimit -c "$CORE_LIMIT" + fi + + # Compose secchan options. + set -- + set -- "$@" --verbose=ANY:console:emer --verbose=ANY:syslog:err + set -- "$@" --log-file + set -- "$@" --detach --pidfile=$PIDFILE + for vconn in $MGMT_VCONNS; do + set -- "$@" --listen="$vconn" + done + if test -n "$COMMANDS"; then + set -- "$@" --command-acl="$COMMANDS" + fi + case $STP in + yes) set -- "$@" --stp ;; + no) set -- "$@" --no-stp ;; + esac + case $DISCONNECTED_MODE in + switch) set -- "$@" --fail=open ;; + drop) set -- "$@" --fail=closed ;; + esac + if test -n "$RATE_LIMIT"; then + set -- "$@" --rate-limit=$RATE_LIMIT + fi + if test -n "$INACTIVITY_PROBE"; then + set -- "$@" --inactivity-probe=$INACTIVITY_PROBE + fi + if test -n "$MAX_BACKOFF"; then + set -- "$@" --max-backoff=$MAX_BACKOFF + fi + set -- "$@" $SSL_OPTS $DAEMON_OPTS + if test "$MODE" = out-of-band; then + set -- "$@" --out-of-band + fi + set -- "$@" of0 "$CONTROLLER" + echo -n "Starting $DESC: " + start-stop-daemon --start --quiet --pidfile $PIDFILE \ + --exec $DAEMON -- "$@" + if running; then + echo "$NAME." + else + echo " ERROR." + fi + + if test "$MODE" = in-band && test "$SWITCH_IP" = dhcp; then + echo -n "Starting dhclient on of0: " + start-stop-daemon --start --quiet --pidfile $DHCLIENT_PIDFILE \ + --exec /sbin/dhclient -- -q -pf $DHCLIENT_PIDFILE of0 + if running; then + echo "dhclient." + else + echo " ERROR." + fi + fi + ;; + stop) + if test -e /var/run/dhclient.of0.pid; then + echo -n "Stopping dhclient on of0: " + start-stop-daemon --stop --quiet --oknodo \ + --pidfile $DHCLIENT_PIDFILE --exec /sbin/dhclient + echo "dhclient." + fi + + echo -n "Stopping $DESC: " + start-stop-daemon --stop --quiet --oknodo --pidfile $PIDFILE \ + --exec $DAEMON + echo "$NAME." + + check_op "Deleting datapath" dpctl deldp of0 + check_op "Unloading kernel module" modprobe -r openvswitch_mod + ;; + force-stop) + echo -n "Forcefully stopping $DESC: " + force_stop + if ! running; then + echo "$NAME." + else + echo " ERROR." + fi + ;; + reload) + ;; + force-reload) + start-stop-daemon --stop --test --quiet --pidfile \ + $PIDFILE --exec $DAEMON \ + && $0 restart \ + || exit 0 + ;; + restart) + $0 stop || true + $0 start + ;; + status) + echo -n "$NAME is " + if running ; then + echo "running" + else + echo " not running." + exit 1 + fi + ;; + *) + N=/etc/init.d/$NAME + echo "Usage: $N {start|stop|restart|force-reload|status|force-stop}" >&2 + exit 1 + ;; +esac + +exit 0 diff --git a/debian/openvswitch-switch.install b/debian/openvswitch-switch.install new file mode 100644 index 00000000..a43c9c60 --- /dev/null +++ b/debian/openvswitch-switch.install @@ -0,0 +1,6 @@ +_debian/secchan/secchan usr/sbin +_debian/utilities/dpctl usr/sbin +_debian/utilities/ovs-discover usr/sbin +_debian/utilities/ovs-kill usr/sbin +debian/openvswitch/usr/share/openvswitch/commands/* usr/share/openvswitch/commands +debian/commands/* usr/share/openvswitch/commands diff --git a/debian/openvswitch-switch.logrotate b/debian/openvswitch-switch.logrotate new file mode 100644 index 00000000..5c253088 --- /dev/null +++ b/debian/openvswitch-switch.logrotate @@ -0,0 +1,11 @@ +/var/log/openvswitch/secchan.log { + daily + compress + create 640 root adm + delaycompress + missingok + rotate 30 + postrotate + vlogconf --target /var/run/secchan.pid --reopen + endscript +} diff --git a/debian/openvswitch-switch.manpages b/debian/openvswitch-switch.manpages new file mode 100644 index 00000000..80bfd9fd --- /dev/null +++ b/debian/openvswitch-switch.manpages @@ -0,0 +1,4 @@ +_debian/secchan/secchan.8 +_debian/utilities/ovs-discover.8 +_debian/utilities/ovs-kill.8 +_debian/utilities/dpctl.8 diff --git a/debian/openvswitch-switch.postinst b/debian/openvswitch-switch.postinst new file mode 100755 index 00000000..74b52ba9 --- /dev/null +++ b/debian/openvswitch-switch.postinst @@ -0,0 +1,51 @@ +#!/bin/sh +# postinst script for openvswitch-switch +# +# see: dh_installdeb(1) + +set -e + +# summary of how this script can be called: +# * `configure' +# * `abort-upgrade' +# * `abort-remove' `in-favour' +# +# * `abort-remove' +# * `abort-deconfigure' `in-favour' +# `removing' +# +# for details, see http://www.debian.org/doc/debian-policy/ or +# the debian-policy package + + +case "$1" in + configure) + DEFAULT=/etc/default/openvswitch-switch + TEMPLATE=/usr/share/openvswitch/switch/default.template + if ! test -e $DEFAULT; then + cp $TEMPLATE $DEFAULT + else + for var in $(awk -F'[ :]' '/^# [_A-Z0-9]+:/{print $2}' $TEMPLATE) + do + if ! grep $var $DEFAULT >/dev/null 2>&1; then + echo >> $DEFAULT + sed -n "/$var:/,/$var=/p" $TEMPLATE >> $DEFAULT + fi + done + fi + ;; + + abort-upgrade|abort-remove|abort-deconfigure) + ;; + + *) + echo "postinst called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +#DEBHELPER# + +exit 0 + + diff --git a/debian/openvswitch-switch.postrm b/debian/openvswitch-switch.postrm new file mode 100755 index 00000000..19e8ebe4 --- /dev/null +++ b/debian/openvswitch-switch.postrm @@ -0,0 +1,43 @@ +#!/bin/sh +# postrm script for openvswitch-switch +# +# see: dh_installdeb(1) + +set -e + +# summary of how this script can be called: +# * `remove' +# * `purge' +# * `upgrade' +# * `failed-upgrade' +# * `abort-install' +# * `abort-install' +# * `abort-upgrade' +# * `disappear' +# +# for details, see http://www.debian.org/doc/debian-policy/ or +# the debian-policy package + + +case "$1" in + purge) + rm -f /etc/default/openvswitch-switch + ;; + + remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) + ;; + + *) + echo "postrm called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 + + diff --git a/debian/openvswitch-switch.template b/debian/openvswitch-switch.template new file mode 100644 index 00000000..704a3bbd --- /dev/null +++ b/debian/openvswitch-switch.template @@ -0,0 +1,165 @@ +# This is a POSIX shell fragment -*- sh -*- + +# To configure the secure channel, fill in the following properly and +# uncomment them. Afterward, the secure channel will come up +# automatically at boot time. It can be started immediately with +# /etc/init.d/openvswitch-switch start +# Alternatively, use the ovs-switch-setup program (from the +# openvswitch-switch-config package) to do everything automatically. + +# NETDEVS: Which network devices should the OpenFlow switch include? +# +# List the network devices that should become part of the OpenFlow +# switch, separated by spaces. At least two devices must be selected +# for this machine to be a useful switch. Unselecting all network +# devices will disable the OpenFlow switch entirely. +# +# The network devices that you select should not be configured with IP +# or IPv6 addresses, even if the switch contacts the controller over +# one of the selected network devices. This is because a running +# OpenVSwitch switch takes over network devices at a low level: they +# become part of the switch and cannot be used for other purposes. +#NETDEVS="" + +# MODE: The OpenFlow switch has three modes that determine how it +# reaches the controller: +# +# * in-band with discovery: A single network is used for OpenFlow +# traffic and other data traffic; that is, the switch contacts the +# controller over one of the network devices selected as OpenFlow +# switch ports. The switch automatically determines the location of +# the controller using a DHCP request with an OpenFlow-specific +# vendor option. This is the most common case. +# +# * in-band: As above, but the location of the controller is manually +# configured. +# +# * out-of-band: OpenFlow traffic uses a network separate from the +# data traffic that it controls. If this is the case, the control +# network must already be configured on a network device other than +# one of those selected as an OpenVSwitch switch port in the previous +# question. +# +# Set MODE to 'discovery', 'in-band', or 'out-of-band' for these +# respective cases. +MODE=discovery + +# SWITCH_IP: In 'in-band' mode, the switch's IP address may be +# configured statically or dynamically: +# +# * For static configuration, specify the switch's IP address as a +# string. In this case you may also set SWITCH_NETMASK and +# SWITCH_GATEWAY appropriately (see below). +# +# * For dynamic configuration with DHCP (the most common case), +# specify "dhcp". Configuration with DHCP will only work reliably +# if the network topology allows the switch to contact the DHCP +# server before it connects to the OpenFlow controller. +# +# This setting has no effect unless MODE is set to 'in-band'. +SWITCH_IP=dhcp + +# SWITCH_NETMASK: IP netmask to use in 'in-band' mode when the switch +# IP address is not 'dhcp'. +#SWITCH_NETMASK=255.255.255.0 + +# SWITCH_GATEWAY: IP gateway to use in 'in-band' mode when the switch +# IP address is not 'dhcp'. +#SWITCH_GATEWAY=192.168.1.1 + +# CONTROLLER: Location of controller. +# One of the following formats: +# tcp:HOST[:PORT] via TCP to PORT (default: 6633) on HOST +# ssl:HOST[:PORT] via SSL to PORT (default: 6633) on HOST +# The default below assumes that the controller is running locally. +# This setting has no effect when MODE is set to 'discovery'. +#CONTROLLER="tcp:127.0.0.1" + +# PRIVKEY: Name of file containing switch's private key. +# Required if SSL enabled. +#PRIVKEY=/etc/openvswitch-switch/of0-privkey.pem + +# CERT: Name of file containing certificate for private key. +# Required if SSL enabled. +#CERT=/etc/openvswitch-switch/of0-cert.pem + +# CACERT: Name of file containing controller CA certificate. +# Required if SSL enabled. +#CACERT=/etc/openvswitch-switch/cacert.pem + +# CACERT_MODE: Two modes are available: +# +# * secure: The controller CA certificate named in CACERT above must exist. +# (You must copy it manually from the PKI server or another trusted source.) +# +# * bootstrap: If the controller CA certificate named in CACERT above does +# not exist, the switch will obtain it from the controller the first time +# it connects and save a copy to the file named in CACERT. This is insecure, +# in the same way that initial connections with ssh are insecure, but +# it is convenient. +# +# Set CACERT_MODE to 'secure' or 'bootstrap' for these respective cases. +#CACERT_MODE=secure + +# MGMT_VCONNS: List of vconns (space-separated) on which secchan +# should listen for management connections from dpctl, etc. +# openvswitch-switchui by default connects to +# unix:/var/run/secchan.mgmt, so do not disable this if you want to +# use openvswitch-switchui. +MGMT_VCONNS="punix:/var/run/secchan.mgmt" + +# COMMANDS: Access control list for the commands that can be executed +# remotely over the OpenFlow protocol, as a comma-separated list of +# shell glob patterns. Negative patterns (beginning with !) act as a +# blacklist. To be executable, a command name must match one positive +# pattern and not match any negative patterns. +#COMMANDS="reboot,update" + +# DISCONNECTED_MODE: Switch behavior when attempts to connect to the +# controller repeatedly fail, either 'switch', to act as an L2 switch +# in this case, or 'drop', to drop all packets (except those necessary +# to connect to the controller). If unset, the default is 'drop'. +#DISCONNECTED_MODE=switch + +# STP: Enable or disabled 802.1D-1998 Spanning Tree Protocol. Set to +# 'yes' to enable STP, 'no' to disable it. If unset, secchan's +# current default is 'no' (but this may change in the future). +#STP=no + +# RATE_LIMIT: Maximum number of received frames, that do not match any +# existing switch flow, to forward up to the controller per second. +# The valid range is 100 and up. If unset, this rate will not be +# limited. +#RATE_LIMIT=1000 + +# INACTIVITY_PROBE: The maximum number of seconds of inactivity on the +# controller connection before secchan sends an inactivity probe +# message to the controller. The valid range is 5 and up. If unset, +# secchan defaults to 15 seconds. +#INACTIVITY_PROBE=5 + +# MAX_BACKOFF: The maximum time that secchan will wait between +# attempts to connect to the controller. The valid range is 1 and up. +# If unset, secchan defaults to 15 seconds. +#MAX_BACKOFF=15 + +# DAEMON_OPTS: Additional options to pass to secchan, e.g. "--fail=open" +DAEMON_OPTS="" + +# CORE_LIMIT: Maximum size for core dumps. +# +# Leaving this unset will use the system default. Setting it to 0 +# will disable core dumps. Setting it to "unlimited" will dump all +# core files regardless of size. +#CORE_LIMIT=unlimited + +# DATAPATH_ID: Identifier for this switch. +# +# By default, the switch checks if the DMI System UUID contains a Nicira +# mac address to use as a datapath ID. If not, then the switch generates +# a new, random datapath ID every time it starts up. By setting this +# value, the supplied datapath ID will always be used. +# +# Set DATAPATH_ID to a MAC address in the form XX:XX:XX:XX:XX:XX where each +# X is a hexadecimal digit (0-9 or a-f). +#DATAPATH_ID=XX:XX:XX:XX:XX:XX diff --git a/debian/ovs-switch-setup b/debian/ovs-switch-setup new file mode 100755 index 00000000..39a9dc96 --- /dev/null +++ b/debian/ovs-switch-setup @@ -0,0 +1,615 @@ +#! /usr/bin/perl + +use POSIX; +use Debconf::Client::ConfModule ':all'; +use HTTP::Request; +use LWP::UserAgent; +use Digest::SHA1 'sha1_hex'; +use strict; +use warnings; + +# XXX should support configuring SWITCH_NETMASK and SWITCH_GATEWAY +# when the mode is in-band. + +my $debconf_owner = 'openvswitch-switch'; + +my $default = '/etc/default/openvswitch-switch'; +my $template = '/usr/share/openvswitch/switch/default.template'; +my $etc = '/etc/openvswitch-switch'; +my $rundir = '/var/run'; +my $privkey_file = "$etc/of0-privkey.pem"; +my $req_file = "$etc/of0-req.pem"; +my $cert_file = "$etc/of0-cert.pem"; +my $cacert_file = "$etc/cacert.pem"; +my $ovs_discover_pidfile = "$rundir/ovs-discover.pid"; + +my $ua = LWP::UserAgent->new; +$ua->timeout(10); +$ua->env_proxy; + +system("/etc/init.d/openvswitch-switch stop 1>&2"); +kill_ovs_discover(); + +version('2.0'); +capb('backup'); +title('OpenVSwitch Switch Setup'); + +my (%netdevs) = find_netdevs(); +db_subst('netdevs', 'choices', + join(', ', map($netdevs{$_}, sort(keys(%netdevs))))); +db_set('netdevs', join(', ', grep(!/IP/, values(%netdevs)))); + +my %oldconfig; +if (-e $default) { + %oldconfig = load_config($default); + + my (%map) = + (NETDEVS => sub { + db_set('netdevs', join(', ', map($netdevs{$_}, + grep(exists $netdevs{$_}, split)))) + }, + MODE => sub { + db_set('mode', + $_ eq 'in-band' || $_ eq 'out-of-band' ? $_ : 'discovery') + }, + SWITCH_IP => sub { db_set('switch-ip', $_) }, + CONTROLLER => sub { db_set('controller-vconn', $_) }, + PRIVKEY => sub { $privkey_file = $_ }, + CERT => sub { $cert_file = $_ }, + CACERT => sub { $cacert_file = $_ }, + ); + + for my $key (keys(%map)) { + local $_ = $oldconfig{$key}; + &{$map{$key}}() if defined && !/^\s*$/; + } +} elsif (-e $template) { + %oldconfig = load_config($template); +} + +my $cacert_preverified = -e $cacert_file; +my ($req, $req_fingerprint); + +my %options; + +my (@states) = + (sub { + # User backed up from first dialog box. + exit(10); + }, + sub { + # Prompt for ports to include in switch. + db_input('netdevs'); + return; + }, + sub { + # Validate the chosen ports. + my (@netdevs) = split(', ', db_get('netdevs')); + if (!@netdevs) { + # No ports chosen. Disable switch. + db_input('no-netdevs'); + return 'prev' if db_go(); + return 'done'; + } elsif (my (@conf_netdevs) = grep(/IP/, @netdevs)) { + # Point out that some ports have configured IP addresses. + db_subst('configured-netdevs', 'configured-netdevs', + join(', ', @conf_netdevs)); + db_input('configured-netdevs'); + return; + } else { + # Otherwise proceed. + return 'skip'; + } + }, + sub { + # Discovery or in-band or out-of-band controller? + db_input('mode'); + return; + }, + sub { + return 'skip' if db_get('mode') ne 'discovery'; + for (;;) { + # Notify user that we are going to do discovery. + db_input('discover'); + return 'prev' if db_go(); + print STDERR "Please wait up to 30 seconds for discovery...\n"; + + # Make sure that there's no running discovery process. + kill_ovs_discover(); + + # Do discovery. + %options = (); + open(DISCOVER, '-|', 'ovs-discover --timeout=30 --pidfile ' + . join(' ', netdev_names())); + while () { + chomp; + if (my ($name, $value) = /^([^=]+)=(.*)$/) { + if ($value =~ /^"(.*)"$/) { + $value = $1; + $value =~ s/\\([0-7][0-7][0-7])/chr($1)/ge; + } else { + $value =~ s/^(0x[[:xdigit:]]+)$/hex($1)/e; + $value = '' if $value eq 'empty'; + next if $value eq 'null'; # Shouldn't happen. + } + $options{$name} = $value; + } + last if /^$/; + } + + # Check results. + my $vconn = $options{'ovs-controller-vconn'}; + my $pki_uri = $options{'ovs-pki-uri'}; + return 'next' + if (defined($vconn) + && is_valid_vconn($vconn) + && (!is_ssl_vconn($vconn) || defined($pki_uri))); + + # Try again? + kill_ovs_discover(); + db_input('discovery-failure'); + db_go(); + } + }, + sub { + return 'skip' if db_get('mode') ne 'discovery'; + + my $vconn = $options{'ovs-controller-vconn'}; + my $pki_uri = $options{'ovs-pki-uri'}; + db_subst('discovery-success', 'controller-vconn', $vconn); + db_subst('discovery-success', + 'pki-uri', is_ssl_vconn($vconn) ? $pki_uri : "no PKI in use"); + db_input('discovery-success'); + return 'prev' if db_go(); + db_set('controller-vconn', $vconn); + db_set('pki-uri', $pki_uri); + return 'next'; + }, + sub { + return 'skip' if db_get('mode') ne 'in-band'; + for (;;) { + db_input('switch-ip'); + return 'prev' if db_go(); + + my $ip = db_get('switch-ip'); + return 'next' if $ip =~ /^dhcp|\d+\.\d+.\d+.\d+$/i; + + db_input('switch-ip-error'); + db_go(); + } + }, + sub { + return 'skip' if db_get('mode') eq 'discovery'; + for (;;) { + my $old_vconn = db_get('controller-vconn'); + db_input('controller-vconn'); + return 'prev' if db_go(); + + my $vconn = db_get('controller-vconn'); + if (is_valid_vconn($vconn)) { + if ($old_vconn ne $vconn || db_get('pki-uri') eq '') { + db_set('pki-uri', pki_host_to_uri($2)); + } + return 'next'; + } + + db_input('controller-vconn-error'); + db_go(); + } + }, + sub { + return 'skip' if !ssl_enabled(); + + if (! -e $privkey_file) { + my $old_umask = umask(077); + run_cmd("ovs-pki req $etc/of0 >&2 2>/dev/null"); + chmod(0644, $req_file) or die "$req_file: chmod: $!\n"; + umask($old_umask); + } + + if (! -e $cert_file) { + open(REQ, '<', $req_file) or die "$req_file: open: $!\n"; + $req = join('', ); + close(REQ); + $req_fingerprint = sha1_hex($req); + } + return 'skip'; + }, + sub { + return 'skip' if !ssl_enabled(); + return 'skip' if -e $cacert_file && -e $cert_file; + + db_input('pki-uri'); + return 'prev' if db_go(); + return; + }, + sub { + return 'skip' if !ssl_enabled(); + return 'skip' if -e $cacert_file; + + my $pki_uri = db_get('pki-uri'); + if ($pki_uri !~ /:/) { + $pki_uri = pki_host_to_uri($pki_uri); + } else { + # Trim trailing slashes. + $pki_uri =~ s%/+$%%; + } + db_set('pki-uri', $pki_uri); + + my $url = "$pki_uri/controllerca/cacert.pem"; + my $response = $ua->get($url, ':content_file' => $cacert_file); + if ($response->is_success) { + return 'next'; + } + + db_subst('fetch-cacert-failed', 'url', $url); + db_subst('fetch-cacert-failed', 'error', $response->status_line); + db_subst('fetch-cacert-failed', 'pki-uri', $pki_uri); + db_input('fetch-cacert-failed'); + db_go(); + return 'prev'; + }, + sub { + return 'skip' if !ssl_enabled(); + return 'skip' if -e $cert_file; + + for (;;) { + db_set('send-cert-req', 'yes'); + db_input('send-cert-req'); + return 'prev' if db_go(); + return 'next' if db_get('send-cert-req') eq 'no'; + + my $pki_uri = db_get('pki-uri'); + my ($pki_base_uri) = $pki_uri =~ m%^([^/]+://[^/]+)/%; + my $url = "$pki_base_uri/cgi-bin/ovs-pki-cgi"; + my $response = $ua->post($url, {'type' => 'switch', + 'req' => $req}); + return 'next' if $response->is_success; + + db_subst('send-cert-req-failed', 'url', $url); + db_subst('send-cert-req-failed', 'error', + $response->status_line); + db_subst('send-cert-req-failed', 'pki-uri', $pki_uri); + db_input('send-cert-req-failed'); + db_go(); + } + }, + sub { + return 'skip' if !ssl_enabled(); + return 'skip' if $cacert_preverified; + + my ($cacert_fingerprint) = x509_fingerprint($cacert_file); + db_subst('verify-controller-ca', 'fingerprint', $cacert_fingerprint); + db_input('verify-controller-ca'); + return 'prev' if db_go(); + return 'next' if db_get('verify-controller-ca') eq 'yes'; + unlink($cacert_file); + return 'prev'; + }, + sub { + return 'skip' if !ssl_enabled(); + return 'skip' if -e $cert_file; + + for (;;) { + db_set('fetch-switch-cert', 'yes'); + db_input('fetch-switch-cert'); + return 'prev' if db_go(); + exit(1) if db_get('fetch-switch-cert') eq 'no'; + + my $pki_uri = db_get('pki-uri'); + my $url = "$pki_uri/switchca/certs/$req_fingerprint-cert.pem"; + my $response = $ua->get($url, ':content_file' => $cert_file); + if ($response->is_success) { + return 'next'; + } + + db_subst('fetch-switch-cert-failed', 'url', $url); + db_subst('fetch-switch-cert-failed', 'error', + $response->status_line); + db_subst('fetch-switch-cert-failed', 'pki-uri', $pki_uri); + db_input('fetch-switch-cert-failed'); + db_go(); + } + }, + sub { + db_input('complete'); + db_go(); + return; + }, + sub { + return 'done'; + }, +); + +my $state = 1; +my $direction = 1; +for (;;) { + my $ret = &{$states[$state]}(); + $ret = db_go() ? 'prev' : 'next' if !defined $ret; + if ($ret eq 'next') { + $direction = 1; + } elsif ($ret eq 'prev') { + $direction = -1; + } elsif ($ret eq 'skip') { + # Nothing to do. + } elsif ($ret eq 'done') { + last; + } else { + die "unknown ret $ret"; + } + $state += $direction; +} + +my %config = %oldconfig; +$config{NETDEVS} = join(' ', netdev_names()); +$config{MODE} = db_get('mode'); +if (db_get('mode') eq 'in-band') { + $config{SWITCH_IP} = db_get('switch-ip'); +} +if (db_get('mode') ne 'discovery') { + $config{CONTROLLER} = db_get('controller-vconn'); +} +$config{PRIVKEY} = $privkey_file; +$config{CERT} = $cert_file; +$config{CACERT} = $cacert_file; +save_config($default, %config); + +dup2(2, 1); # Get stdout back. +kill_ovs_discover(); +system("/etc/init.d/openvswitch-switch start"); + +sub ssl_enabled { + return is_ssl_vconn(db_get('controller-vconn')); +} + +sub db_subst { + my ($question, $key, $value) = @_; + $question = "$debconf_owner/$question"; + my ($ret, $seen) = subst($question, $key, $value); + if ($ret && $ret != 30) { + die "Error substituting $value for $key in debconf question " + . "$question: $seen"; + } +} + +sub db_set { + my ($question, $value) = @_; + $question = "$debconf_owner/$question"; + my ($ret, $seen) = set($question, $value); + if ($ret && $ret != 30) { + die "Error setting debconf question $question to $value: $seen"; + } +} + +sub db_get { + my ($question) = @_; + $question = "$debconf_owner/$question"; + my ($ret, $seen) = get($question); + if ($ret) { + die "Error getting debconf question $question answer: $seen"; + } + return $seen; +} + +sub db_fset { + my ($question, $flag, $value) = @_; + $question = "$debconf_owner/$question"; + my ($ret, $seen) = fset($question, $flag, $value); + if ($ret && $ret != 30) { + die "Error setting debconf question $question flag $flag to $value: " + . "$seen"; + } +} + +sub db_fget { + my ($question, $flag) = @_; + $question = "$debconf_owner/$question"; + my ($ret, $seen) = fget($question, $flag); + if ($ret) { + die "Error getting debconf question $question flag $flag: $seen"; + } + return $seen; +} + +sub db_input { + my ($question) = @_; + db_fset($question, "seen", "false"); + + $question = "$debconf_owner/$question"; + my ($ret, $seen) = input('high', $question); + if ($ret && $ret != 30) { + die "Error requesting debconf question $question: $seen"; + } + return $ret; +} + +sub db_go { + my ($ret, $seen) = go(); + if (!defined($ret)) { + exit(1); # Cancel button was pushed. + } + if ($ret && $ret != 30) { + die "Error asking debconf questions: $seen"; + } + return $ret; +} + +sub run_cmd { + my ($cmd) = @_; + return if system($cmd) == 0; + + if ($? == -1) { + die "$cmd: failed to execute: $!\n"; + } elsif ($? & 127) { + die sprintf("$cmd: child died with signal %d, %s coredump\n", + ($? & 127), ($? & 128) ? 'with' : 'without'); + } else { + die sprintf("$cmd: child exited with value %d\n", $? >> 8); + } +} + +sub x509_fingerprint { + my ($file) = @_; + my $cmd = "openssl x509 -noout -in $file -fingerprint"; + open(OPENSSL, '-|', $cmd) or die "$cmd: failed to execute: $!\n"; + my $line = ; + close(OPENSSL); + my ($fingerprint) = $line =~ /SHA1 Fingerprint=(.*)/; + return $line if !defined $fingerprint; + $fingerprint =~ s/://g; + return $fingerprint; +} + +sub find_netdevs { + my ($netdev, %netdevs); + open(IFCONFIG, "/sbin/ifconfig -a|") or die "ifconfig failed: $!"; + while () { + if (my ($nd) = /^([^\s]+)/) { + $netdev = $nd; + $netdevs{$netdev} = "$netdev"; + if (my ($hwaddr) = /HWaddr (\S+)/) { + $netdevs{$netdev} .= " (MAC: $hwaddr)"; + } + } elsif (my ($ip4) = /^\s*inet addr:(\S+)/) { + $netdevs{$netdev} .= " (IP: $ip4)"; + } elsif (my ($ip6) = /^\s*inet6 addr:(\S+)/) { + $netdevs{$netdev} .= " (IPv6: $ip6)"; + } + } + foreach my $nd (keys(%netdevs)) { + delete $netdevs{$nd} if $nd eq 'lo' || $nd =~ /^wmaster/; + } + close(IFCONFIG); + return %netdevs; +} + +sub load_config { + my ($file) = @_; + + # Get the list of the variables that the shell sets automatically. + my (%auto_vars) = read_vars("set -a && env"); + + # Get the variables from $default. + my (%config) = read_vars("set -a && . '$default' && env"); + + # Subtract. + delete @config{keys %auto_vars}; + + return %config; +} + +sub read_vars { + my ($cmd) = @_; + local @ENV; + if (!open(VARS, '-|', $cmd)) { + print STDERR "$cmd: failed to execute: $!\n"; + return (); + } + my (%config); + while () { + my ($var, $value) = /^([^=]+)=(.*)$/ or next; + $config{$var} = $value; + } + close(VARS); + return %config; +} + +sub shell_escape { + local $_ = $_[0]; + if ($_ eq '') { + return '""'; + } elsif (m&^[-a-zA-Z0-9:./%^_+,]*$&) { + return $_; + } else { + s/'/'\\''/; + return "'$_'"; + } +} + +sub shell_assign { + my ($var, $value) = @_; + return $var . '=' . shell_escape($value); +} + +sub save_config { + my ($file, %config) = @_; + my (@lines); + if (open(FILE, '<', $file)) { + @lines = ; + chomp @lines; + close(FILE); + } + + # Replace all existing variable assignments. + for (my ($i) = 0; $i <= $#lines; $i++) { + local $_ = $lines[$i]; + my ($var, $value) = /^\s*([^=#]+)=(.*)$/ or next; + if (exists($config{$var})) { + $lines[$i] = shell_assign($var, $config{$var}); + delete $config{$var}; + } else { + $lines[$i] = "#$lines[$i]"; + } + } + + # Find a place to put any remaining variable assignments. + VAR: + for my $var (keys(%config)) { + my $assign = shell_assign($var, $config{$var}); + + # Replace the last commented-out variable assignment to $var, if any. + for (my ($i) = $#lines; $i >= 0; $i--) { + local $_ = $lines[$i]; + if (/^\s*#\s*$var=/) { + $lines[$i] = $assign; + next VAR; + } + } + + # Find a place to add the var: after the final commented line + # just after a line that contains "$var:". + for (my ($i) = 0; $i <= $#lines; $i++) { + if ($lines[$i] =~ /^\s*#\s*$var:/) { + for (my ($j) = $i + 1; $j <= $#lines; $j++) { + if ($lines[$j] !~ /^\s*#/) { + splice(@lines, $j, 0, $assign); + next VAR; + } + } + } + } + + # Just append it. + push(@lines, $assign); + } + + open(NEWFILE, '>', "$file.tmp") or die "$file.tmp: create: $!\n"; + print NEWFILE join('', map("$_\n", @lines)); + close(NEWFILE); + rename("$file.tmp", $file) or die "$file.tmp: rename to $file: $!\n"; +} + +sub pki_host_to_uri { + my ($pki_host) = @_; + return "http://$pki_host/openvswitch/pki"; +} + +sub kill_ovs_discover { + # Delegate this to a subprocess because there is no portable way + # to invoke fcntl(F_GETLK) from Perl. + system("ovs-kill --force $ovs_discover_pidfile"); +} + +sub netdev_names { + return map(/^(\S+)/, split(', ', db_get('netdevs'))); +} + +sub is_valid_vconn { + my ($vconn) = @_; + return scalar($vconn =~ /^(tcp|ssl):([^:]+)(:.*)?/); +} + +sub is_ssl_vconn { + my ($vconn) = @_; + return scalar($vconn =~ /^ssl:/); +} diff --git a/debian/ovs-switch-setup.8 b/debian/ovs-switch-setup.8 new file mode 100644 index 00000000..f369587c --- /dev/null +++ b/debian/ovs-switch-setup.8 @@ -0,0 +1,41 @@ +.TH ovs-switch-setup 8 "June 2008" "OpenVSwitch" "OpenVSwitch Manual" + +.SH NAME +ovs\-switch\-setup \- interactive setup for OpenVSwitch switch + +.SH SYNOPSIS +.B ovs\-switch\-setup + +.SH DESCRIPTION +The \fBovs\-switch\-setup\fR program is an interactive program that +assists the system administrator in configuring an OpenVSwitch switch, +including the underlying public key infrastructure (PKI). + +.SH OPTIONS +ovs\-switch\-setup does not accept any command-line options. + +.SH FILES +.IP /etc/default/openvswitch-switch +Main configuration file for OpenVSwitch switch. + +.IP /etc/openvswitch-switch/cacert.pem +Default location of CA certificate for OpenFlow controllers. + +.IP /etc/openvswitch-switch/of0-cert.pem +Default location of certificate for the OpenVSwitch switch's private key. + +.IP /etc/openvswitch-switch/of0-privkey.pem +Default location of the OpenVSwitch switch's private key. This file +should be readable only by \fBroot\fR. + +.IP /etc/openvswitch-switch/of0-req.pem +Default location of certificate request for the OpenVSwitch switch's +certificate. This file is not used after the signed certificate +(typically \fB/etc/openvswitch-switch/of0-cert.pem\fR, above) has been +obtained from the OpenFlow PKI server. + +.SH "SEE ALSO" + +.BR ovs-pki (8), +.BR dpctl (8), +.BR secchan (8) diff --git a/debian/po/POTFILES.in b/debian/po/POTFILES.in index e3ea07e3..865bf94c 100644 --- a/debian/po/POTFILES.in +++ b/debian/po/POTFILES.in @@ -1 +1 @@ -[type: gettext/rfc822deb] openflow-switch-config.templates +[type: gettext/rfc822deb] openvswitch-switch-config.templates diff --git a/debian/po/templates.pot b/debian/po/templates.pot index 443a1ce0..119e5587 100644 --- a/debian/po/templates.pot +++ b/debian/po/templates.pot @@ -7,8 +7,8 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" -"Report-Msgid-Bugs-To: openflow-dev@lists.stanford.edu\n" -"POT-Creation-Date: 2008-10-31 10:13-0700\n" +"Report-Msgid-Bugs-To: ovs-dev@openvswitch.org\n" +"POT-Creation-Date: 2009-05-11 13:38-0700\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" @@ -18,19 +18,19 @@ msgstr "" #. Type: multiselect #. Choices -#: ../openflow-switch-config.templates:1001 +#: ../openvswitch-switch-config.templates:1001 msgid "${choices}" msgstr "" #. Type: multiselect #. Description -#: ../openflow-switch-config.templates:1002 +#: ../openvswitch-switch-config.templates:1002 msgid "OpenFlow switch network devices:" msgstr "" #. Type: multiselect #. Description -#: ../openflow-switch-config.templates:1002 +#: ../openvswitch-switch-config.templates:1002 msgid "" "Choose the network devices that should become part of the OpenFlow switch. " "At least two devices must be selected for this machine to be a useful " @@ -40,7 +40,7 @@ msgstr "" #. Type: multiselect #. Description -#: ../openflow-switch-config.templates:1002 +#: ../openvswitch-switch-config.templates:1002 msgid "" "The network devices that you select should not be configured with IP or IPv6 " "addresses, even if the switch contacts the controller over one of the " @@ -51,13 +51,13 @@ msgstr "" #. Type: error #. Description -#: ../openflow-switch-config.templates:2001 +#: ../openvswitch-switch-config.templates:2001 msgid "No network devices were selected." msgstr "" #. Type: error #. Description -#: ../openflow-switch-config.templates:2001 +#: ../openvswitch-switch-config.templates:2001 msgid "" "No network devices were selected for inclusion in the OpenFlow switch. The " "switch will be disabled." @@ -65,13 +65,13 @@ msgstr "" #. Type: note #. Description -#: ../openflow-switch-config.templates:3001 +#: ../openvswitch-switch-config.templates:3001 msgid "Some Network Devices Have IP or IPv6 Addresses" msgstr "" #. Type: note #. Description -#: ../openflow-switch-config.templates:3001 +#: ../openvswitch-switch-config.templates:3001 msgid "" "The following network devices selected to be part of the OpenFlow switch " "have IP or IPv6 addresses configured:" @@ -79,13 +79,13 @@ msgstr "" #. Type: note #. Description -#: ../openflow-switch-config.templates:3001 +#: ../openvswitch-switch-config.templates:3001 msgid "${configured-netdevs}" msgstr "" #. Type: note #. Description -#: ../openflow-switch-config.templates:3001 +#: ../openvswitch-switch-config.templates:3001 msgid "" "This is usually a mistake, even if the switch contacts the controller over " "one of the selected network devices. This is because a running OpenFlow " @@ -95,7 +95,7 @@ msgstr "" #. Type: note #. Description -#: ../openflow-switch-config.templates:3001 +#: ../openvswitch-switch-config.templates:3001 msgid "" "If this is an unintentional mistake, move back and fix the selection, or de-" "configure the IP or IPv6 from these network devices." @@ -103,19 +103,19 @@ msgstr "" #. Type: select #. Choices -#: ../openflow-switch-config.templates:4001 +#: ../openvswitch-switch-config.templates:4001 msgid "discovery, in-band, out-of-band" msgstr "" #. Type: select #. Description -#: ../openflow-switch-config.templates:4002 +#: ../openvswitch-switch-config.templates:4002 msgid "Switch-to-controller access method:" msgstr "" #. Type: select #. Description -#: ../openflow-switch-config.templates:4002 +#: ../openvswitch-switch-config.templates:4002 msgid "" "The OpenFlow switch must be able to contact the OpenFlow controller over the " "network. It can do so in one of three ways:" @@ -123,7 +123,7 @@ msgstr "" #. Type: select #. Description -#: ../openflow-switch-config.templates:4002 +#: ../openvswitch-switch-config.templates:4002 msgid "" "discovery: A single network is used for OpenFlow traffic and other data " "traffic; that is, the switch contacts the controller over one of the network " @@ -135,14 +135,14 @@ msgstr "" #. Type: select #. Description -#: ../openflow-switch-config.templates:4002 +#: ../openvswitch-switch-config.templates:4002 msgid "" "in-band: As above, but the location of the controller is manually configured." msgstr "" #. Type: select #. Description -#: ../openflow-switch-config.templates:4002 +#: ../openvswitch-switch-config.templates:4002 msgid "" "out-of-band: OpenFlow traffic uses a network separate from the data traffic " "that it controls. If this is the case, the control network must already be " @@ -152,13 +152,13 @@ msgstr "" #. Type: note #. Description -#: ../openflow-switch-config.templates:5001 +#: ../openvswitch-switch-config.templates:5001 msgid "Preparing to discover controller." msgstr "" #. Type: note #. Description -#: ../openflow-switch-config.templates:5001 +#: ../openvswitch-switch-config.templates:5001 msgid "" "The setup program will now attempt to discover the OpenFlow controller. " "Controller discovery may take up to 30 seconds. Please be patient." @@ -166,7 +166,7 @@ msgstr "" #. Type: note #. Description -#: ../openflow-switch-config.templates:5001 +#: ../openvswitch-switch-config.templates:5001 msgid "" "See secchan(8) for instructions on how to configure a DHCP server for " "controller discovery." @@ -174,19 +174,19 @@ msgstr "" #. Type: error #. Description -#: ../openflow-switch-config.templates:6001 +#: ../openvswitch-switch-config.templates:6001 msgid "Controller discovery failed." msgstr "" #. Type: error #. Description -#: ../openflow-switch-config.templates:6001 +#: ../openvswitch-switch-config.templates:6001 msgid "The controller's location could not be determined automatically." msgstr "" #. Type: error #. Description -#: ../openflow-switch-config.templates:6001 +#: ../openvswitch-switch-config.templates:6001 msgid "" "Ensure that the OpenFlow DHCP server is properly configured. See secchan(8) " "for instructions on how to configure a DHCP server for controller discovery." @@ -194,43 +194,43 @@ msgstr "" #. Type: boolean #. Description -#: ../openflow-switch-config.templates:7001 +#: ../openvswitch-switch-config.templates:7001 msgid "Use discovered settings?" msgstr "" #. Type: boolean #. Description -#: ../openflow-switch-config.templates:7001 +#: ../openvswitch-switch-config.templates:7001 msgid "Controller discovery obtained the following settings:" msgstr "" #. Type: boolean #. Description -#: ../openflow-switch-config.templates:7001 +#: ../openvswitch-switch-config.templates:7001 msgid "Controller location: ${controller-vconn}" msgstr "" #. Type: boolean #. Description -#: ../openflow-switch-config.templates:7001 +#: ../openvswitch-switch-config.templates:7001 msgid "PKI URL: ${pki-uri}" msgstr "" #. Type: boolean #. Description -#: ../openflow-switch-config.templates:7001 +#: ../openvswitch-switch-config.templates:7001 msgid "Please verify that these settings are correct." msgstr "" #. Type: string #. Description -#: ../openflow-switch-config.templates:8001 +#: ../openvswitch-switch-config.templates:8001 msgid "Switch IP address:" msgstr "" #. Type: string #. Description -#: ../openflow-switch-config.templates:8001 +#: ../openvswitch-switch-config.templates:8001 msgid "" "For in-band communication with the controller, the OpenFlow switch must be " "able to determine its own IP address. Its IP address may be configured " @@ -239,13 +239,13 @@ msgstr "" #. Type: string #. Description -#: ../openflow-switch-config.templates:8001 +#: ../openvswitch-switch-config.templates:8001 msgid "For static configuration, specify the switch's IP address as a string." msgstr "" #. Type: string #. Description -#: ../openflow-switch-config.templates:8001 +#: ../openvswitch-switch-config.templates:8001 msgid "" "For dynamic configuration with DHCP (the most common case), specify \"dhcp" "\". Configuration with DHCP will only work reliably if the network topology " @@ -255,13 +255,13 @@ msgstr "" #. Type: error #. Description -#: ../openflow-switch-config.templates:9001 +#: ../openvswitch-switch-config.templates:9001 msgid "The switch IP address is invalid." msgstr "" #. Type: error #. Description -#: ../openflow-switch-config.templates:9001 +#: ../openvswitch-switch-config.templates:9001 msgid "" "The switch IP address must specified as \"dhcp\" or a valid IP address in " "dotted-octet form (e.g. \"1.2.3.4\")." @@ -269,13 +269,13 @@ msgstr "" #. Type: string #. Description -#: ../openflow-switch-config.templates:10001 +#: ../openvswitch-switch-config.templates:10001 msgid "Controller location:" msgstr "" #. Type: string #. Description -#: ../openflow-switch-config.templates:10001 +#: ../openvswitch-switch-config.templates:10001 msgid "" "Specify how the OpenFlow switch should connect to the OpenFlow controller. " "The value should be in form \"ssl:HOST[:PORT]\" to connect to the controller " @@ -285,13 +285,13 @@ msgstr "" #. Type: error #. Description -#: ../openflow-switch-config.templates:11001 +#: ../openvswitch-switch-config.templates:11001 msgid "The controller location is invalid." msgstr "" #. Type: error #. Description -#: ../openflow-switch-config.templates:11001 +#: ../openvswitch-switch-config.templates:11001 msgid "" "The controller location must be specifed as \"ssl:HOST[:PORT]\" to connect " "to the controller over SSL (recommended for security) or \"tcp:HOST[:PORT]\" " @@ -300,30 +300,30 @@ msgstr "" #. Type: string #. Description -#: ../openflow-switch-config.templates:12001 +#: ../openvswitch-switch-config.templates:12001 msgid "OpenFlow PKI server host name or URL:" msgstr "" #. Type: string #. Description -#: ../openflow-switch-config.templates:12001 +#: ../openvswitch-switch-config.templates:12001 msgid "" "Specify a URL to the OpenFlow public key infrastructure (PKI). If a host " "name or IP address is specified in place of a URL, then http:///" -"openflow/pki/ will be used, where is the specified host name or IP " +"openvswitch/pki/ will be used, where is the specified host name or IP " "address." msgstr "" #. Type: string #. Description -#: ../openflow-switch-config.templates:12001 +#: ../openvswitch-switch-config.templates:12001 msgid "" "The OpenFlow PKI is usually on the same machine as the OpenFlow controller." msgstr "" #. Type: string #. Description -#: ../openflow-switch-config.templates:12001 +#: ../openvswitch-switch-config.templates:12001 msgid "" "The setup process will connect to the OpenFlow PKI server over HTTP, using " "the system's configured default HTTP proxy (if any)." @@ -331,19 +331,19 @@ msgstr "" #. Type: error #. Description -#: ../openflow-switch-config.templates:13001 +#: ../openvswitch-switch-config.templates:13001 msgid "The switch CA certificate could not be retrieved." msgstr "" #. Type: error #. Description -#: ../openflow-switch-config.templates:13001 +#: ../openvswitch-switch-config.templates:13001 msgid "Retrieval of ${url} failed, with the following status: \"${error}\"." msgstr "" #. Type: error #. Description -#: ../openflow-switch-config.templates:13001 +#: ../openvswitch-switch-config.templates:13001 msgid "" "Ensure that the OpenFlow PKI server is correctly configured and available at " "${pki-uri}. If the system is configured to use an HTTP proxy, also make " @@ -357,21 +357,21 @@ msgstr "" #. Choices #. Type: select #. Choices -#: ../openflow-switch-config.templates:14001 -#: ../openflow-switch-config.templates:15001 -#: ../openflow-switch-config.templates:17001 +#: ../openvswitch-switch-config.templates:14001 +#: ../openvswitch-switch-config.templates:15001 +#: ../openvswitch-switch-config.templates:17001 msgid "yes, no" msgstr "" #. Type: select #. Description -#: ../openflow-switch-config.templates:14002 +#: ../openvswitch-switch-config.templates:14002 msgid "Is ${fingerprint} the controller CA's fingerprint?" msgstr "" #. Type: select #. Description -#: ../openflow-switch-config.templates:14002 +#: ../openvswitch-switch-config.templates:14002 msgid "" "If a man-in-the-middle attack is possible in your network environment, check " "that the controller CA's fingerprint is really ${fingerprint}. Answer \"yes" @@ -380,7 +380,7 @@ msgstr "" #. Type: select #. Description -#: ../openflow-switch-config.templates:14002 +#: ../openvswitch-switch-config.templates:14002 msgid "" "If a man-in-the-middle attack is not a concern, there is no need to verify " "the fingerprint. Simply answer \"yes\"." @@ -388,13 +388,13 @@ msgstr "" #. Type: select #. Description -#: ../openflow-switch-config.templates:15002 +#: ../openvswitch-switch-config.templates:15002 msgid "Send certificate request to switch CA?" msgstr "" #. Type: select #. Description -#: ../openflow-switch-config.templates:15002 +#: ../openvswitch-switch-config.templates:15002 msgid "" "Before it can connect to the controller over SSL, the OpenFlow switch's key " "must be signed by the switch certificate authority (CA) located on the " @@ -404,7 +404,7 @@ msgstr "" #. Type: select #. Description -#: ../openflow-switch-config.templates:15002 +#: ../openvswitch-switch-config.templates:15002 msgid "" "Answer \"yes\" to send a signing request to the switch CA now. This is " "ordinarily the correct choice. There is no harm in sending a given signing " @@ -413,7 +413,7 @@ msgstr "" #. Type: select #. Description -#: ../openflow-switch-config.templates:15002 +#: ../openvswitch-switch-config.templates:15002 msgid "" "Answer \"no\" to skip sending a signing request to the switch CA. Unless the " "request has already been sent to the switch CA, manual sending of the " @@ -422,19 +422,19 @@ msgstr "" #. Type: error #. Description -#: ../openflow-switch-config.templates:16001 +#: ../openvswitch-switch-config.templates:16001 msgid "The certificate request could not be sent." msgstr "" #. Type: error #. Description -#: ../openflow-switch-config.templates:16001 +#: ../openvswitch-switch-config.templates:16001 msgid "Posting to ${url} failed, with the following status: \"${error}\"." msgstr "" #. Type: error #. Description -#: ../openflow-switch-config.templates:16001 +#: ../openvswitch-switch-config.templates:16001 msgid "" "Ensure that the OpenFlow PKI server is correctly configured and available at " "${pki-uri}." @@ -442,13 +442,13 @@ msgstr "" #. Type: select #. Description -#: ../openflow-switch-config.templates:17002 +#: ../openvswitch-switch-config.templates:17002 msgid "Fetch signed switch certificate from PKI server?" msgstr "" #. Type: select #. Description -#: ../openflow-switch-config.templates:17002 +#: ../openvswitch-switch-config.templates:17002 msgid "" "Before it can connect to the controller over SSL, the OpenFlow switch's key " "must be signed by the switch certificate authority (CA) located on the " @@ -458,7 +458,7 @@ msgstr "" #. Type: select #. Description -#: ../openflow-switch-config.templates:17002 +#: ../openvswitch-switch-config.templates:17002 msgid "" "At this point, a signing request has been sent to the switch CA (or sending " "a request has been manually skipped), but the signed certificate has not yet " @@ -468,7 +468,7 @@ msgstr "" #. Type: select #. Description -#: ../openflow-switch-config.templates:17002 +#: ../openvswitch-switch-config.templates:17002 msgid "" "Answer \"yes\" to attempt to retrieve the signed switch certificate from the " "switch CA. If the switch certificate request has been signed at the PKI " @@ -477,7 +477,7 @@ msgstr "" #. Type: select #. Description -#: ../openflow-switch-config.templates:17002 +#: ../openvswitch-switch-config.templates:17002 msgid "" "Answer \"no\" to postpone switch configuration. The configuration process " "must be restarted later, when the switch certificate request has been signed." @@ -485,13 +485,13 @@ msgstr "" #. Type: error #. Description -#: ../openflow-switch-config.templates:18001 +#: ../openvswitch-switch-config.templates:18001 msgid "Signed switch certificate could not be retrieved." msgstr "" #. Type: error #. Description -#: ../openflow-switch-config.templates:18001 +#: ../openvswitch-switch-config.templates:18001 msgid "" "The signed switch certificate could not be retrieved from the switch CA: " "retrieval of ${url} failed, with the following status: \"${error}\"." @@ -499,7 +499,7 @@ msgstr "" #. Type: error #. Description -#: ../openflow-switch-config.templates:18001 +#: ../openvswitch-switch-config.templates:18001 msgid "" "This probably indicates that the switch's certificate request has not yet " "been signed. If this is the problem, it may be fixed by signing the " @@ -509,13 +509,13 @@ msgstr "" #. Type: note #. Description -#: ../openflow-switch-config.templates:19001 +#: ../openvswitch-switch-config.templates:19001 msgid "OpenFlow Switch Setup Finished" msgstr "" #. Type: note #. Description -#: ../openflow-switch-config.templates:19001 +#: ../openvswitch-switch-config.templates:19001 msgid "" "Setup of this OpenFlow switch is finished. Complete the setup procedure to " "enable the switch." diff --git a/debian/rules b/debian/rules index 9348a005..1eea4a26 100755 --- a/debian/rules +++ b/debian/rules @@ -17,7 +17,7 @@ export DH_OPTIONS # prefix of the target package name -PACKAGE=openflow-datapath-module +PACKAGE=openvswitch-datapath-module # modifieable for experiments or debugging m-a MA_DIR ?= /usr/share/modass # load generic variable handling @@ -56,7 +56,7 @@ build-arch-stamp: configure-stamp build-indep: build-indep-stamp build-indep-stamp: configure-stamp - $(MAKE) -C _debian dist distdir=openflow + $(MAKE) -C _debian dist distdir=openvswitch $(ext_build_indep) touch $@ @@ -72,7 +72,7 @@ clean: kdist_clean: dh_clean - rm -rf openflow + rm -rf openvswitch kdist_config: prep-deb-files @@ -81,11 +81,11 @@ binary-modules: prep-deb-files dh_testdir dh_testroot dh_clean -k - tar xzf openflow.tar.gz - cd openflow && ./configure --with-l26=$(KSRC) $(DATAPATH_CONFIGURE_OPTS) --with-build-number=$(BUILD_NUMBER) - cd openflow && $(MAKE) -C datapath/linux-2.6 + tar xzf openvswitch.tar.gz + cd openvswitch && ./configure --with-l26=$(KSRC) $(DATAPATH_CONFIGURE_OPTS) --with-build-number=$(BUILD_NUMBER) + cd openvswitch && $(MAKE) -C datapath/linux-2.6 install -d -m755 $(DSTDIR) - install -m644 openflow/datapath/linux-2.6/*_mod.ko $(DSTDIR)/ + install -m644 openvswitch/datapath/linux-2.6/*_mod.ko $(DSTDIR)/ dh_installdocs dh_installchangelogs dh_compress @@ -102,8 +102,8 @@ install-indep: build-indep dh_clean -k -i dh_installdirs -i dh_install -i - cd debian/openflow-datapath-source/usr/src && tar -c modules | bzip2 -9 > openflow-datapath.tar.bz2 && rm -rf modules - install -m644 debian/openflow-pki-server.apache2 debian/openflow-pki-server/etc/apache2/sites-available/openflow-pki + cd debian/openvswitch-datapath-source/usr/src && tar -c modules | bzip2 -9 > openvswitch-datapath.tar.bz2 && rm -rf modules + install -m644 debian/openvswitch-pki-server.apache2 debian/openvswitch-pki-server/etc/apache2/sites-available/openvswitch-pki install -m1777 -d debian/corekeeper/var/log/core $(ext_install_indep) @@ -112,9 +112,9 @@ install-arch: build-arch dh_testroot dh_clean -k -s dh_installdirs -s - $(MAKE) -C _debian DESTDIR=$(CURDIR)/debian/openflow install - cp debian/openflow-switch-config.overrides debian/openflow-switch-config/usr/share/lintian/overrides/openflow-switch-config - cp debian/openflow-switch.template debian/openflow-switch/usr/share/openflow/switch/default.template + $(MAKE) -C _debian DESTDIR=$(CURDIR)/debian/openvswitch install + cp debian/openvswitch-switch-config.overrides debian/openvswitch-switch-config/usr/share/lintian/overrides/openvswitch-switch-config + cp debian/openvswitch-switch.template debian/openvswitch-switch/usr/share/openvswitch/switch/default.template dh_install -s $(ext_install_arch) @@ -133,7 +133,7 @@ binary-common: dh_installcron dh_installman dh_link - dh_strip --dbg-package=openflow-dbg + dh_strip --dbg-package=openvswitch-dbg dh_compress dh_fixperms -X var/log/core dh_perl diff --git a/include/automake.mk b/include/automake.mk index 581c1085..a1316c4a 100644 --- a/include/automake.mk +++ b/include/automake.mk @@ -1 +1,2 @@ include include/openflow/automake.mk +include include/openvswitch/automake.mk diff --git a/include/openflow/automake.mk b/include/openflow/automake.mk index 5fe485c9..d4731550 100644 --- a/include/openflow/automake.mk +++ b/include/openflow/automake.mk @@ -1,7 +1,4 @@ noinst_HEADERS += \ - include/openflow/brcompat-netlink.h \ - include/openflow/datapath-protocol.h \ include/openflow/openflow-mgmt.h \ include/openflow/nicira-ext.h \ - include/openflow/openflow.h \ - include/openflow/openflow-netlink.h + include/openflow/openflow.h diff --git a/include/openflow/brcompat-netlink.h b/include/openflow/brcompat-netlink.h deleted file mode 100644 index 1f10f2dc..00000000 --- a/include/openflow/brcompat-netlink.h +++ /dev/null @@ -1,73 +0,0 @@ -/* Copyright (c) 2008, 2009 The Board of Trustees of The Leland Stanford - * Junior University - * - * We are making the OpenFlow specification and associated documentation - * (Software) available for public use and benefit with the expectation - * that others will use, modify and enhance the Software and contribute - * those enhancements back to the community. However, since we would - * like to make the Software available for broadest use, with as few - * restrictions as possible permission is hereby granted, free of - * charge, to any person obtaining a copy of this Software to deal in - * the Software under the copyrights without restriction, including - * without limitation the rights to use, copy, modify, merge, publish, - * distribute, sublicense, and/or sell copies of the Software, and to - * permit persons to whom the Software is furnished to do so, subject to - * the following conditions: - * - * The above copyright notice and this permission notice shall be - * included in all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, - * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF - * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND - * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS - * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN - * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN - * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE - * SOFTWARE. - * - * The name and trademarks of copyright holder(s) may NOT be used in - * advertising or publicity pertaining to the Software or any - * derivatives without specific, written prior permission. - */ - -#ifndef OPENFLOW_BRCOMPAT_NETLINK_H -#define OPENFLOW_BRCOMPAT_NETLINK_H 1 - -#define BRC_GENL_FAMILY_NAME "brcompat" - -/* Attributes that can be attached to the datapath's netlink messages. */ -enum { - BRC_GENL_A_UNSPEC, - BRC_GENL_A_DP_NAME, /* Datapath name. */ - BRC_GENL_A_PORT_NAME, /* Interface name. */ - BRC_GENL_A_ERR_CODE, /* Positive error code. */ - BRC_GENL_A_MC_GROUP, /* Generic netlink multicast group. */ - BRC_GENL_A_PROC_DIR, /* Name of subdirectory in /proc. */ - BRC_GENL_A_PROC_NAME, /* Name of file in /proc. */ - BRC_GENL_A_PROC_DATA, /* Contents of file in /proc. */ - - __BRC_GENL_A_MAX, - BRC_GENL_A_MAX = __BRC_GENL_A_MAX - 1 -}; - -/* Commands that can be executed on the datapath's netlink interface. */ -enum brc_genl_command { - BRC_GENL_C_UNSPEC, - - /* - * "K:" messages are sent by the kernel to userspace. - * "U:" messages are sent by userspace to the kernel. - */ - BRC_GENL_C_DP_ADD, /* K: Datapath created. */ - BRC_GENL_C_DP_DEL, /* K: Datapath destroyed. */ - BRC_GENL_C_DP_RESULT, /* U: Result of datapath command from vswitchd. */ - BRC_GENL_C_PORT_ADD, /* K: Port added to datapath. */ - BRC_GENL_C_PORT_DEL, /* K: Port removed from datapath. */ - BRC_GENL_C_QUERY_MC, /* U: Get multicast group for brcompat. */ - BRC_GENL_C_SET_PROC, /* U: Set contents of file in /proc. */ - - __BRC_GENL_C_MAX, - BRC_GENL_C_MAX = __BRC_GENL_C_MAX - 1 -}; -#endif /* openflow/brcompat-netlink.h */ diff --git a/include/openflow/datapath-protocol.h b/include/openflow/datapath-protocol.h deleted file mode 100644 index cf5075ec..00000000 --- a/include/openflow/datapath-protocol.h +++ /dev/null @@ -1,339 +0,0 @@ -/* Copyright (c) 2009 The Board of Trustees of The Leland Stanford - * Junior University - * - * We are making the OpenFlow specification and associated documentation - * (Software) available for public use and benefit with the expectation - * that others will use, modify and enhance the Software and contribute - * those enhancements back to the community. However, since we would - * like to make the Software available for broadest use, with as few - * restrictions as possible permission is hereby granted, free of - * charge, to any person obtaining a copy of this Software to deal in - * the Software under the copyrights without restriction, including - * without limitation the rights to use, copy, modify, merge, publish, - * distribute, sublicense, and/or sell copies of the Software, and to - * permit persons to whom the Software is furnished to do so, subject to - * the following conditions: - * - * The above copyright notice and this permission notice shall be - * included in all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, - * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF - * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND - * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS - * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN - * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN - * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE - * SOFTWARE. - * - * The name and trademarks of copyright holder(s) may NOT be used in - * advertising or publicity pertaining to the Software or any - * derivatives without specific, written prior permission. - */ - -/* Protocol between secchan and datapath. */ - -#ifndef OPENFLOW_DATAPATH_PROTOCOL_H -#define OPENFLOW_DATAPATH_PROTOCOL_H 1 - -#ifdef __KERNEL__ -#include -#else -#include -#endif -#include - -#define ODP_MAX 256 /* Maximum number of datapaths. */ - -#define ODP_DP_CREATE _IO('O', 0) -#define ODP_DP_DESTROY _IO('O', 1) -#define ODP_DP_STATS _IOW('O', 2, struct odp_stats) - -#define ODP_GET_DROP_FRAGS _IOW('O', 3, int) -#define ODP_SET_DROP_FRAGS _IOR('O', 4, int) - -#define ODP_GET_LISTEN_MASK _IOW('O', 5, int) -#define ODP_SET_LISTEN_MASK _IOR('O', 6, int) - -#define ODP_PORT_ADD _IOR('O', 7, struct odp_port) -#define ODP_PORT_DEL _IOR('O', 8, int) -#define ODP_PORT_QUERY _IOWR('O', 9, struct odp_port) -#define ODP_PORT_LIST _IOWR('O', 10, struct odp_portvec) - -#define ODP_PORT_GROUP_SET _IOR('O', 11, struct odp_port_group) -#define ODP_PORT_GROUP_GET _IOWR('O', 12, struct odp_port_group) - -#define ODP_FLOW_GET _IOWR('O', 13, struct odp_flow) -#define ODP_FLOW_GET_MULTIPLE _IOWR('O', 14, struct odp_flowvec) -#define ODP_FLOW_LIST _IOWR('O', 15, struct odp_flowvec) - -#define ODP_FLOW_FLUSH _IO('O', 16) -#define ODP_FLOW_PUT _IOWR('O', 17, struct odp_flow) -#define ODP_FLOW_DEL _IOWR('O', 18, struct odp_flow) - -#define ODP_EXECUTE _IOR('O', 19, struct odp_execute) - -#define ODP_SNAT_ADD_PORT _IOR('O', 20, struct odp_snat_config) -#define ODP_SNAT_DEL_PORT _IOR('O', 21, int) - -struct odp_stats { - /* Flows. */ - __u32 n_flows; /* Number of flows in flow table. */ - __u32 cur_capacity; /* Current flow table capacity. */ - __u32 max_capacity; /* Maximum expansion of flow table capacity. */ - - /* Ports. */ - __u32 n_ports; /* Current number of ports. */ - __u32 max_ports; /* Maximum supported number of ports. */ - __u16 max_groups; /* Maximum number of port groups. */ - __u16 reserved; - - /* Lookups. */ - __u64 n_frags; /* Number of dropped IP fragments. */ - __u64 n_hit; /* Number of flow table matches. */ - __u64 n_missed; /* Number of flow table misses. */ - __u64 n_lost; /* Number of misses not sent to userspace. */ - - /* Queues. */ - __u16 max_miss_queue; /* Max length of ODPL_MISS queue. */ - __u16 max_action_queue; /* Max length of ODPL_ACTION queue. */ -}; - -/* Logical ports. */ -#define ODPP_LOCAL ((__u16)0) -#define ODPP_NONE ((__u16)-1) - -/* Listening channels. */ -#define _ODPL_MISS_NR 0 /* Packet missed in flow table. */ -#define ODPL_MISS (1 << _ODPL_MISS_NR) -#define _ODPL_ACTION_NR 1 /* Packet output to ODPP_CONTROLLER. */ -#define ODPL_ACTION (1 << _ODPL_ACTION_NR) -#define ODPL_ALL (ODPL_MISS | ODPL_ACTION) - -/* Format of messages read from datapath fd. */ -struct odp_msg { - __u32 type; /* _ODPL_MISS_NR or _ODPL_ACTION_NR. */ - __u32 length; /* Message length, including header. */ - __u16 port; /* Port on which frame was received. */ - __u16 reserved; - __u32 arg; /* Argument value specified in action. */ - /* Followed by packet data. */ -}; - -struct odp_port { - char devname[16]; /* IFNAMSIZ */ - __u16 port; - __u16 reserved1; - __u32 reserved2; -}; - -struct odp_portvec { - struct odp_port *ports; - int n_ports; -}; - -struct odp_port_group { - __u16 *ports; - __u16 n_ports; /* Number of ports. */ - __u16 group; /* Group number. */ -}; - -struct odp_flow_stats { - __u64 n_packets; /* Number of matched packets. */ - __u64 n_bytes; /* Number of matched bytes. */ - __u64 used_sec; /* Time last used. */ - __u32 used_nsec; - __u8 tcp_flags; - __u8 ip_tos; - __u16 reserved; -}; - -struct odp_flow_key { - __be32 nw_src; /* IP source address. */ - __be32 nw_dst; /* IP destination address. */ - __u16 in_port; /* Input switch port. */ - __be16 dl_vlan; /* Input VLAN. */ - __be16 dl_type; /* Ethernet frame type. */ - __be16 tp_src; /* TCP/UDP source port. */ - __be16 tp_dst; /* TCP/UDP destination port. */ - __u8 dl_src[ETH_ALEN]; /* Ethernet source address. */ - __u8 dl_dst[ETH_ALEN]; /* Ethernet destination address. */ - __u8 nw_proto; /* IP protocol. */ - __u8 reserved; /* Pad to 64 bits. */ -}; - -struct odp_flow { - struct odp_flow_stats stats; - struct odp_flow_key key; - union odp_action *actions; - __u32 n_actions; -}; - -/* Flags for ODP_FLOW_PUT. */ -#define ODPPF_CREATE (1 << 0) /* Allow creating a new flow. */ -#define ODPPF_MODIFY (1 << 1) /* Allow modifying an existing flow. */ -#define ODPPF_ZERO_STATS (1 << 2) /* Zero the stats of an existing flow. */ - -/* ODP_FLOW_PUT argument. */ -struct odp_flow_put { - struct odp_flow flow; - __u32 flags; -}; - -struct odp_flowvec { - struct odp_flow *flows; - int n_flows; -}; - -/* The VLAN id is 12 bits, so we can use the entire 16 bits to indicate - * special conditions. All ones is used to match that no VLAN id was - * set. */ -#define ODP_VLAN_NONE 0xffff - -/* Action types. */ -#define ODPAT_OUTPUT 0 /* Output to switch port. */ -#define ODPAT_OUTPUT_GROUP 1 /* Output to all ports in group. */ -#define ODPAT_CONTROLLER 2 /* Send copy to controller. */ -#define ODPAT_SET_VLAN_VID 3 /* Set the 802.1q VLAN id. */ -#define ODPAT_SET_VLAN_PCP 4 /* Set the 802.1q priority. */ -#define ODPAT_STRIP_VLAN 5 /* Strip the 802.1q header. */ -#define ODPAT_SET_DL_SRC 6 /* Ethernet source address. */ -#define ODPAT_SET_DL_DST 7 /* Ethernet destination address. */ -#define ODPAT_SET_NW_SRC 8 /* IP source address. */ -#define ODPAT_SET_NW_DST 9 /* IP destination address. */ -#define ODPAT_SET_TP_SRC 10 /* TCP/UDP source port. */ -#define ODPAT_SET_TP_DST 11 /* TCP/UDP destination port. */ -#define ODPAT_SNAT 12 /* Source NAT. */ -#define ODPAT_N_ACTIONS 13 - -struct odp_action_output { - __u16 type; /* ODPAT_OUTPUT. */ - __u16 port; /* Output port. */ - __u16 reserved1; - __u16 reserved2; -}; - -struct odp_action_output_group { - __u16 type; /* ODPAT_OUTPUT_GROUP. */ - __u16 group; /* Group number. */ - __u16 reserved1; - __u16 reserved2; -}; - -struct odp_action_controller { - __u16 type; /* ODPAT_OUTPUT_CONTROLLER. */ - __u16 reserved; - __u32 arg; /* Copied to struct odp_msg 'arg' member. */ -}; - -/* Action structure for ODPAT_SET_VLAN_VID. */ -struct odp_action_vlan_vid { - __u16 type; /* ODPAT_SET_VLAN_VID. */ - __be16 vlan_vid; /* VLAN id. */ - __u16 reserved1; - __u16 reserved2; -}; - -/* Action structure for ODPAT_SET_VLAN_PCP. */ -struct odp_action_vlan_pcp { - __u16 type; /* ODPAT_SET_VLAN_PCP. */ - __u8 vlan_pcp; /* VLAN priority. */ - __u8 reserved1; - __u16 reserved2; - __u16 reserved3; -}; - -/* Action structure for ODPAT_SET_DL_SRC/DST. */ -struct odp_action_dl_addr { - __u16 type; /* ODPAT_SET_DL_SRC/DST. */ - __u8 dl_addr[ETH_ALEN]; /* Ethernet address. */ -}; - -/* Action structure for ODPAT_SET_NW_SRC/DST. */ -struct odp_action_nw_addr { - __u16 type; /* ODPAT_SET_TW_SRC/DST. */ - __u16 reserved; - __be32 nw_addr; /* IP address. */ -}; - -/* Action structure for ODPAT_SET_TP_SRC/DST. */ -struct odp_action_tp_port { - __u16 type; /* ODPAT_SET_TP_SRC/DST. */ - __be16 tp_port; /* TCP/UDP port. */ - __u16 reserved1; - __u16 reserved2; -}; - -struct odp_action_snat { - __u16 type; /* ODPAT_SNAT. */ - __u16 port; /* Output port. */ - __u16 reserved1; - __u16 reserved2; -}; - -union odp_action { - __u16 type; - struct odp_action_output output; - struct odp_action_output_group output_group; - struct odp_action_controller controller; - struct odp_action_vlan_vid vlan_vid; - struct odp_action_vlan_pcp vlan_pcp; - struct odp_action_dl_addr dl_addr; - struct odp_action_nw_addr nw_addr; - struct odp_action_tp_port tp_port; - struct odp_action_snat snat; -}; - -struct odp_execute { - __u16 in_port; - __u16 reserved1; - __u32 reserved2; - - union odp_action *actions; - __u32 n_actions; - - const void *data; - __u32 length; -}; - -/* Values below this cutoff are 802.3 packets and the two bytes - * following MAC addresses are used as a frame length. Otherwise, the - * two bytes are used as the Ethernet type. - */ -#define ODP_DL_TYPE_ETH2_CUTOFF 0x0600 - -/* Value of dl_type to indicate that the frame does not include an - * Ethernet type. - */ -#define ODP_DL_TYPE_NOT_ETH_TYPE 0x05ff - -/* The VLAN id is 12-bits, so we can use the entire 16 bits to indicate - * special conditions. All ones indicates that no VLAN id was set. - */ -#define ODP_VLAN_NONE 0xffff - -/* Configuration for source-NATing */ -struct odp_snat_config { - __u16 port; - - /* Time to cache MAC addresses of SNAT'd hosts in seconds (0=default). */ - __u16 mac_timeout; - - /* Range of IP addresses to impersonate. Set both values to the same to - * support a single address. */ - __be32 ip_start, ip_end; - - /* Range of transport ports that should be used as new source port. A - * value of zero lets the kernel choose. */ - __be16 tcp_start, tcp_end; - __be16 udp_start, udp_end; - - /* MAC address to use for ARP requests for a SNAT IP address that comes in - * on a different interface than 'port'. A value of all zeros silently - * drops those ARP requests. Requests that arrive on 'port' get a response - * with the mac address of the datapath device. */ - __u8 mac_addr[ETH_ALEN]; - __u16 reserved; -}; - -#endif /* openflow/datapath-protocol.h */ diff --git a/include/openflow/openflow-netlink.h b/include/openflow/openflow-netlink.h deleted file mode 100644 index 18b2b139..00000000 --- a/include/openflow/openflow-netlink.h +++ /dev/null @@ -1,66 +0,0 @@ -/* Copyright (c) 2008, 2009 The Board of Trustees of The Leland Stanford - * Junior University - * - * We are making the OpenFlow specification and associated documentation - * (Software) available for public use and benefit with the expectation - * that others will use, modify and enhance the Software and contribute - * those enhancements back to the community. However, since we would - * like to make the Software available for broadest use, with as few - * restrictions as possible permission is hereby granted, free of - * charge, to any person obtaining a copy of this Software to deal in - * the Software under the copyrights without restriction, including - * without limitation the rights to use, copy, modify, merge, publish, - * distribute, sublicense, and/or sell copies of the Software, and to - * permit persons to whom the Software is furnished to do so, subject to - * the following conditions: - * - * The above copyright notice and this permission notice shall be - * included in all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, - * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF - * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND - * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS - * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN - * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN - * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE - * SOFTWARE. - * - * The name and trademarks of copyright holder(s) may NOT be used in - * advertising or publicity pertaining to the Software or any - * derivatives without specific, written prior permission. - */ - -#ifndef OPENFLOW_OPENFLOW_NETLINK_H -#define OPENFLOW_OPENFLOW_NETLINK_H 1 - -#define DP_GENL_FAMILY_NAME "OpenFlow" - -/* Attributes that can be attached to the datapath's netlink messages. */ -enum { - DP_GENL_A_UNSPEC, - DP_GENL_A_DP_IDX, /* Datapath device index. */ - DP_GENL_A_PORTNAME, /* Device name for datapath port. */ - DP_GENL_A_MC_GROUP, /* Generic netlink multicast group. */ - DP_GENL_A_OPENFLOW, /* OpenFlow packet. */ - DP_GENL_A_DP_NAME, /* Datapath device name. */ - - __DP_GENL_A_MAX, - DP_GENL_A_MAX = __DP_GENL_A_MAX - 1 -}; - -/* Commands that can be executed on the datapath's netlink interface. */ -enum dp_genl_command { - DP_GENL_C_UNSPEC, - DP_GENL_C_ADD_DP, /* Create datapath. */ - DP_GENL_C_DEL_DP, /* Destroy datapath. */ - DP_GENL_C_QUERY_DP, /* Get multicast group for datapath. */ - DP_GENL_C_ADD_PORT, /* Add port to datapath. */ - DP_GENL_C_DEL_PORT, /* Remove port from datapath. */ - DP_GENL_C_OPENFLOW, /* Encapsulated OpenFlow protocol. */ - - __DP_GENL_C_MAX, - DP_GENL_C_MAX = __DP_GENL_C_MAX - 1 -}; - -#endif /* openflow/openflow-netlink.h */ diff --git a/include/openvswitch/automake.mk b/include/openvswitch/automake.mk new file mode 100644 index 00000000..889a21f5 --- /dev/null +++ b/include/openvswitch/automake.mk @@ -0,0 +1,4 @@ +noinst_HEADERS += \ + include/openvswitch/brcompat-netlink.h \ + include/openvswitch/datapath-protocol.h + diff --git a/include/openvswitch/brcompat-netlink.h b/include/openvswitch/brcompat-netlink.h new file mode 100644 index 00000000..457f865d --- /dev/null +++ b/include/openvswitch/brcompat-netlink.h @@ -0,0 +1,73 @@ +/* Copyright (c) 2008, 2009 The Board of Trustees of The Leland Stanford + * Junior University + * + * We are making the OpenFlow specification and associated documentation + * (Software) available for public use and benefit with the expectation + * that others will use, modify and enhance the Software and contribute + * those enhancements back to the community. However, since we would + * like to make the Software available for broadest use, with as few + * restrictions as possible permission is hereby granted, free of + * charge, to any person obtaining a copy of this Software to deal in + * the Software under the copyrights without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS + * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN + * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + * + * The name and trademarks of copyright holder(s) may NOT be used in + * advertising or publicity pertaining to the Software or any + * derivatives without specific, written prior permission. + */ + +#ifndef OPENVSWITCH_BRCOMPAT_NETLINK_H +#define OPENVSWITCH_BRCOMPAT_NETLINK_H 1 + +#define BRC_GENL_FAMILY_NAME "brcompat" + +/* Attributes that can be attached to the datapath's netlink messages. */ +enum { + BRC_GENL_A_UNSPEC, + BRC_GENL_A_DP_NAME, /* Datapath name. */ + BRC_GENL_A_PORT_NAME, /* Interface name. */ + BRC_GENL_A_ERR_CODE, /* Positive error code. */ + BRC_GENL_A_MC_GROUP, /* Generic netlink multicast group. */ + BRC_GENL_A_PROC_DIR, /* Name of subdirectory in /proc. */ + BRC_GENL_A_PROC_NAME, /* Name of file in /proc. */ + BRC_GENL_A_PROC_DATA, /* Contents of file in /proc. */ + + __BRC_GENL_A_MAX, + BRC_GENL_A_MAX = __BRC_GENL_A_MAX - 1 +}; + +/* Commands that can be executed on the datapath's netlink interface. */ +enum brc_genl_command { + BRC_GENL_C_UNSPEC, + + /* + * "K:" messages are sent by the kernel to userspace. + * "U:" messages are sent by userspace to the kernel. + */ + BRC_GENL_C_DP_ADD, /* K: Datapath created. */ + BRC_GENL_C_DP_DEL, /* K: Datapath destroyed. */ + BRC_GENL_C_DP_RESULT, /* U: Result of datapath command from vswitchd. */ + BRC_GENL_C_PORT_ADD, /* K: Port added to datapath. */ + BRC_GENL_C_PORT_DEL, /* K: Port removed from datapath. */ + BRC_GENL_C_QUERY_MC, /* U: Get multicast group for brcompat. */ + BRC_GENL_C_SET_PROC, /* U: Set contents of file in /proc. */ + + __BRC_GENL_C_MAX, + BRC_GENL_C_MAX = __BRC_GENL_C_MAX - 1 +}; +#endif /* openvswitch/brcompat-netlink.h */ diff --git a/include/openvswitch/datapath-protocol.h b/include/openvswitch/datapath-protocol.h new file mode 100644 index 00000000..e2bbaa9f --- /dev/null +++ b/include/openvswitch/datapath-protocol.h @@ -0,0 +1,339 @@ +/* Copyright (c) 2009 The Board of Trustees of The Leland Stanford + * Junior University + * + * We are making the OpenFlow specification and associated documentation + * (Software) available for public use and benefit with the expectation + * that others will use, modify and enhance the Software and contribute + * those enhancements back to the community. However, since we would + * like to make the Software available for broadest use, with as few + * restrictions as possible permission is hereby granted, free of + * charge, to any person obtaining a copy of this Software to deal in + * the Software under the copyrights without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS + * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN + * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + * + * The name and trademarks of copyright holder(s) may NOT be used in + * advertising or publicity pertaining to the Software or any + * derivatives without specific, written prior permission. + */ + +/* Protocol between secchan and datapath. */ + +#ifndef OPENVSWITCH_DATAPATH_PROTOCOL_H +#define OPENVSWITCH_DATAPATH_PROTOCOL_H 1 + +#ifdef __KERNEL__ +#include +#else +#include +#endif +#include + +#define ODP_MAX 256 /* Maximum number of datapaths. */ + +#define ODP_DP_CREATE _IO('O', 0) +#define ODP_DP_DESTROY _IO('O', 1) +#define ODP_DP_STATS _IOW('O', 2, struct odp_stats) + +#define ODP_GET_DROP_FRAGS _IOW('O', 3, int) +#define ODP_SET_DROP_FRAGS _IOR('O', 4, int) + +#define ODP_GET_LISTEN_MASK _IOW('O', 5, int) +#define ODP_SET_LISTEN_MASK _IOR('O', 6, int) + +#define ODP_PORT_ADD _IOR('O', 7, struct odp_port) +#define ODP_PORT_DEL _IOR('O', 8, int) +#define ODP_PORT_QUERY _IOWR('O', 9, struct odp_port) +#define ODP_PORT_LIST _IOWR('O', 10, struct odp_portvec) + +#define ODP_PORT_GROUP_SET _IOR('O', 11, struct odp_port_group) +#define ODP_PORT_GROUP_GET _IOWR('O', 12, struct odp_port_group) + +#define ODP_FLOW_GET _IOWR('O', 13, struct odp_flow) +#define ODP_FLOW_GET_MULTIPLE _IOWR('O', 14, struct odp_flowvec) +#define ODP_FLOW_LIST _IOWR('O', 15, struct odp_flowvec) + +#define ODP_FLOW_FLUSH _IO('O', 16) +#define ODP_FLOW_PUT _IOWR('O', 17, struct odp_flow) +#define ODP_FLOW_DEL _IOWR('O', 18, struct odp_flow) + +#define ODP_EXECUTE _IOR('O', 19, struct odp_execute) + +#define ODP_SNAT_ADD_PORT _IOR('O', 20, struct odp_snat_config) +#define ODP_SNAT_DEL_PORT _IOR('O', 21, int) + +struct odp_stats { + /* Flows. */ + __u32 n_flows; /* Number of flows in flow table. */ + __u32 cur_capacity; /* Current flow table capacity. */ + __u32 max_capacity; /* Maximum expansion of flow table capacity. */ + + /* Ports. */ + __u32 n_ports; /* Current number of ports. */ + __u32 max_ports; /* Maximum supported number of ports. */ + __u16 max_groups; /* Maximum number of port groups. */ + __u16 reserved; + + /* Lookups. */ + __u64 n_frags; /* Number of dropped IP fragments. */ + __u64 n_hit; /* Number of flow table matches. */ + __u64 n_missed; /* Number of flow table misses. */ + __u64 n_lost; /* Number of misses not sent to userspace. */ + + /* Queues. */ + __u16 max_miss_queue; /* Max length of ODPL_MISS queue. */ + __u16 max_action_queue; /* Max length of ODPL_ACTION queue. */ +}; + +/* Logical ports. */ +#define ODPP_LOCAL ((__u16)0) +#define ODPP_NONE ((__u16)-1) + +/* Listening channels. */ +#define _ODPL_MISS_NR 0 /* Packet missed in flow table. */ +#define ODPL_MISS (1 << _ODPL_MISS_NR) +#define _ODPL_ACTION_NR 1 /* Packet output to ODPP_CONTROLLER. */ +#define ODPL_ACTION (1 << _ODPL_ACTION_NR) +#define ODPL_ALL (ODPL_MISS | ODPL_ACTION) + +/* Format of messages read from datapath fd. */ +struct odp_msg { + __u32 type; /* _ODPL_MISS_NR or _ODPL_ACTION_NR. */ + __u32 length; /* Message length, including header. */ + __u16 port; /* Port on which frame was received. */ + __u16 reserved; + __u32 arg; /* Argument value specified in action. */ + /* Followed by packet data. */ +}; + +struct odp_port { + char devname[16]; /* IFNAMSIZ */ + __u16 port; + __u16 reserved1; + __u32 reserved2; +}; + +struct odp_portvec { + struct odp_port *ports; + int n_ports; +}; + +struct odp_port_group { + __u16 *ports; + __u16 n_ports; /* Number of ports. */ + __u16 group; /* Group number. */ +}; + +struct odp_flow_stats { + __u64 n_packets; /* Number of matched packets. */ + __u64 n_bytes; /* Number of matched bytes. */ + __u64 used_sec; /* Time last used. */ + __u32 used_nsec; + __u8 tcp_flags; + __u8 ip_tos; + __u16 reserved; +}; + +struct odp_flow_key { + __be32 nw_src; /* IP source address. */ + __be32 nw_dst; /* IP destination address. */ + __u16 in_port; /* Input switch port. */ + __be16 dl_vlan; /* Input VLAN. */ + __be16 dl_type; /* Ethernet frame type. */ + __be16 tp_src; /* TCP/UDP source port. */ + __be16 tp_dst; /* TCP/UDP destination port. */ + __u8 dl_src[ETH_ALEN]; /* Ethernet source address. */ + __u8 dl_dst[ETH_ALEN]; /* Ethernet destination address. */ + __u8 nw_proto; /* IP protocol. */ + __u8 reserved; /* Pad to 64 bits. */ +}; + +struct odp_flow { + struct odp_flow_stats stats; + struct odp_flow_key key; + union odp_action *actions; + __u32 n_actions; +}; + +/* Flags for ODP_FLOW_PUT. */ +#define ODPPF_CREATE (1 << 0) /* Allow creating a new flow. */ +#define ODPPF_MODIFY (1 << 1) /* Allow modifying an existing flow. */ +#define ODPPF_ZERO_STATS (1 << 2) /* Zero the stats of an existing flow. */ + +/* ODP_FLOW_PUT argument. */ +struct odp_flow_put { + struct odp_flow flow; + __u32 flags; +}; + +struct odp_flowvec { + struct odp_flow *flows; + int n_flows; +}; + +/* The VLAN id is 12 bits, so we can use the entire 16 bits to indicate + * special conditions. All ones is used to match that no VLAN id was + * set. */ +#define ODP_VLAN_NONE 0xffff + +/* Action types. */ +#define ODPAT_OUTPUT 0 /* Output to switch port. */ +#define ODPAT_OUTPUT_GROUP 1 /* Output to all ports in group. */ +#define ODPAT_CONTROLLER 2 /* Send copy to controller. */ +#define ODPAT_SET_VLAN_VID 3 /* Set the 802.1q VLAN id. */ +#define ODPAT_SET_VLAN_PCP 4 /* Set the 802.1q priority. */ +#define ODPAT_STRIP_VLAN 5 /* Strip the 802.1q header. */ +#define ODPAT_SET_DL_SRC 6 /* Ethernet source address. */ +#define ODPAT_SET_DL_DST 7 /* Ethernet destination address. */ +#define ODPAT_SET_NW_SRC 8 /* IP source address. */ +#define ODPAT_SET_NW_DST 9 /* IP destination address. */ +#define ODPAT_SET_TP_SRC 10 /* TCP/UDP source port. */ +#define ODPAT_SET_TP_DST 11 /* TCP/UDP destination port. */ +#define ODPAT_SNAT 12 /* Source NAT. */ +#define ODPAT_N_ACTIONS 13 + +struct odp_action_output { + __u16 type; /* ODPAT_OUTPUT. */ + __u16 port; /* Output port. */ + __u16 reserved1; + __u16 reserved2; +}; + +struct odp_action_output_group { + __u16 type; /* ODPAT_OUTPUT_GROUP. */ + __u16 group; /* Group number. */ + __u16 reserved1; + __u16 reserved2; +}; + +struct odp_action_controller { + __u16 type; /* ODPAT_OUTPUT_CONTROLLER. */ + __u16 reserved; + __u32 arg; /* Copied to struct odp_msg 'arg' member. */ +}; + +/* Action structure for ODPAT_SET_VLAN_VID. */ +struct odp_action_vlan_vid { + __u16 type; /* ODPAT_SET_VLAN_VID. */ + __be16 vlan_vid; /* VLAN id. */ + __u16 reserved1; + __u16 reserved2; +}; + +/* Action structure for ODPAT_SET_VLAN_PCP. */ +struct odp_action_vlan_pcp { + __u16 type; /* ODPAT_SET_VLAN_PCP. */ + __u8 vlan_pcp; /* VLAN priority. */ + __u8 reserved1; + __u16 reserved2; + __u16 reserved3; +}; + +/* Action structure for ODPAT_SET_DL_SRC/DST. */ +struct odp_action_dl_addr { + __u16 type; /* ODPAT_SET_DL_SRC/DST. */ + __u8 dl_addr[ETH_ALEN]; /* Ethernet address. */ +}; + +/* Action structure for ODPAT_SET_NW_SRC/DST. */ +struct odp_action_nw_addr { + __u16 type; /* ODPAT_SET_TW_SRC/DST. */ + __u16 reserved; + __be32 nw_addr; /* IP address. */ +}; + +/* Action structure for ODPAT_SET_TP_SRC/DST. */ +struct odp_action_tp_port { + __u16 type; /* ODPAT_SET_TP_SRC/DST. */ + __be16 tp_port; /* TCP/UDP port. */ + __u16 reserved1; + __u16 reserved2; +}; + +struct odp_action_snat { + __u16 type; /* ODPAT_SNAT. */ + __u16 port; /* Output port. */ + __u16 reserved1; + __u16 reserved2; +}; + +union odp_action { + __u16 type; + struct odp_action_output output; + struct odp_action_output_group output_group; + struct odp_action_controller controller; + struct odp_action_vlan_vid vlan_vid; + struct odp_action_vlan_pcp vlan_pcp; + struct odp_action_dl_addr dl_addr; + struct odp_action_nw_addr nw_addr; + struct odp_action_tp_port tp_port; + struct odp_action_snat snat; +}; + +struct odp_execute { + __u16 in_port; + __u16 reserved1; + __u32 reserved2; + + union odp_action *actions; + __u32 n_actions; + + const void *data; + __u32 length; +}; + +/* Values below this cutoff are 802.3 packets and the two bytes + * following MAC addresses are used as a frame length. Otherwise, the + * two bytes are used as the Ethernet type. + */ +#define ODP_DL_TYPE_ETH2_CUTOFF 0x0600 + +/* Value of dl_type to indicate that the frame does not include an + * Ethernet type. + */ +#define ODP_DL_TYPE_NOT_ETH_TYPE 0x05ff + +/* The VLAN id is 12-bits, so we can use the entire 16 bits to indicate + * special conditions. All ones indicates that no VLAN id was set. + */ +#define ODP_VLAN_NONE 0xffff + +/* Configuration for source-NATing */ +struct odp_snat_config { + __u16 port; + + /* Time to cache MAC addresses of SNAT'd hosts in seconds (0=default). */ + __u16 mac_timeout; + + /* Range of IP addresses to impersonate. Set both values to the same to + * support a single address. */ + __be32 ip_start, ip_end; + + /* Range of transport ports that should be used as new source port. A + * value of zero lets the kernel choose. */ + __be16 tcp_start, tcp_end; + __be16 udp_start, udp_end; + + /* MAC address to use for ARP requests for a SNAT IP address that comes in + * on a different interface than 'port'. A value of all zeros silently + * drops those ARP requests. Requests that arrive on 'port' get a response + * with the mac address of the datapath device. */ + __u8 mac_addr[ETH_ALEN]; + __u16 reserved; +}; + +#endif /* openvswitch/datapath-protocol.h */ diff --git a/lib/automake.mk b/lib/automake.mk index e76881aa..853ef0aa 100644 --- a/lib/automake.mk +++ b/lib/automake.mk @@ -1,6 +1,6 @@ -noinst_LIBRARIES += lib/libopenflow.a +noinst_LIBRARIES += lib/libopenvswitch.a -lib_libopenflow_a_SOURCES = \ +lib_libopenvswitch_a_SOURCES = \ lib/backtrace.c \ lib/backtrace.h \ lib/bitmap.c \ @@ -109,7 +109,7 @@ lib_libopenflow_a_SOURCES = \ lib/xtoxll.h if HAVE_NETLINK -lib_libopenflow_a_SOURCES += \ +lib_libopenvswitch_a_SOURCES += \ lib/dpif.c \ lib/dpif.h \ lib/netlink-protocol.h \ @@ -118,9 +118,9 @@ lib_libopenflow_a_SOURCES += \ endif if HAVE_OPENSSL -lib_libopenflow_a_SOURCES += \ +lib_libopenvswitch_a_SOURCES += \ lib/vconn-ssl.c -nodist_lib_libopenflow_a_SOURCES = lib/dhparams.c +nodist_lib_libopenvswitch_a_SOURCES = lib/dhparams.c lib/dhparams.c: lib/dh1024.pem lib/dh2048.pem lib/dh4096.pem (echo '#include "lib/dhparams.h"' && \ openssl dhparam -C -in $(srcdir)/lib/dh1024.pem -noout && \ @@ -147,9 +147,9 @@ EXTRA_DIST += \ CLEANFILES += lib/dirs.c lib/dirs.c: Makefile ($(ro_c) && \ - echo 'const char ofp_pkgdatadir[] = "$(pkgdatadir$)";' && \ - echo 'const char ofp_rundir[] = "@RUNDIR@";' && \ - echo 'const char ofp_logdir[] = "@LOGDIR@";') > lib/dirs.c.tmp + echo 'const char ovs_pkgdatadir[] = "$(pkgdatadir$)";' && \ + echo 'const char ovs_rundir[] = "@RUNDIR@";' && \ + echo 'const char ovs_logdir[] = "@LOGDIR@";') > lib/dirs.c.tmp mv lib/dirs.c.tmp lib/dirs.c install-data-local: diff --git a/lib/daemon.c b/lib/daemon.c index 83465493..038ec17f 100644 --- a/lib/daemon.c +++ b/lib/daemon.c @@ -59,9 +59,9 @@ static bool force; char * make_pidfile_name(const char *name) { - return (!name ? xasprintf("%s/%s.pid", ofp_rundir, program_name) + return (!name ? xasprintf("%s/%s.pid", ovs_rundir, program_name) : *name == '/' ? xstrdup(name) - : xasprintf("%s/%s", ofp_rundir, name)); + : xasprintf("%s/%s", ovs_rundir, name)); } /* Sets up a following call to daemonize() to create a pidfile named 'name'. @@ -135,7 +135,7 @@ die_if_already_running(void) pid_t pid = already_running(); if (pid) { if (!force) { - ofp_fatal(0, "%s: already running as pid %ld", + ovs_fatal(0, "%s: already running as pid %ld", get_pidfile(), (long int) pid); } else { VLOG_WARN("%s: %s already running as pid %ld", @@ -206,7 +206,7 @@ daemonize(void) char c = 0; int fds[2]; if (pipe(fds) < 0) { - ofp_fatal(errno, "pipe failed"); + ovs_fatal(errno, "pipe failed"); } switch (fork()) { @@ -215,7 +215,7 @@ daemonize(void) close(fds[1]); fatal_signal_fork(); if (read(fds[0], &c, 1) != 1) { - ofp_fatal(errno, "daemon child failed to signal startup"); + ovs_fatal(errno, "daemon child failed to signal startup"); } exit(0); @@ -231,7 +231,7 @@ daemonize(void) case -1: /* Error. */ - ofp_fatal(errno, "could not fork"); + ovs_fatal(errno, "could not fork"); break; } } else { @@ -247,7 +247,7 @@ daemon_usage(void) " -D, --detach run in background as daemon\n" " -P, --pidfile[=FILE] create pidfile (default: %s/%s.pid)\n" " -f, --force with -P, start even if already running\n", - ofp_rundir, program_name); + ovs_rundir, program_name); } /* Opens and reads a PID from 'pidfile'. Returns the nonnegative PID if diff --git a/lib/dirs.h b/lib/dirs.h index f5de08ad..c45054f5 100644 --- a/lib/dirs.h +++ b/lib/dirs.h @@ -1,4 +1,4 @@ -/* Copyright (c) 2008 The Board of Trustees of The Leland Stanford +/* Copyright (c) 2008, 2009 The Board of Trustees of The Leland Stanford * Junior University * * We are making the OpenFlow specification and associated documentation @@ -34,8 +34,8 @@ #ifndef DIRS_H #define DIRS_H 1 -extern const char ofp_pkgdatadir[]; /* /usr/local/share/openflow */ -extern const char ofp_rundir[]; /* /usr/local/var/run */ -extern const char ofp_logdir[]; /* /usr/local/var/log */ +extern const char ovs_pkgdatadir[]; /* /usr/local/share/openvswitch */ +extern const char ovs_rundir[]; /* /usr/local/var/run */ +extern const char ovs_logdir[]; /* /usr/local/var/log */ #endif /* dirs.h */ diff --git a/lib/dpif.c b/lib/dpif.c index f30b0bba..de49e832 100644 --- a/lib/dpif.c +++ b/lib/dpif.c @@ -78,7 +78,7 @@ static int get_minor_from_name(const char *name, unsigned int *minor); static int name_to_minor(const char *name, unsigned int *minor); static int lookup_minor(const char *name, unsigned int *minor); static int open_by_minor(unsigned int minor, struct dpif *); -static int make_openflow_device(unsigned int minor, char **fnp); +static int make_openvswitch_device(unsigned int minor, char **fnp); static void check_rw_odp_flow(struct odp_flow *); int @@ -844,7 +844,7 @@ dpifmon_wait(struct dpifmon *mon) nl_sock_wait(mon->sock, POLLIN); } -static int get_openflow_major(void); +static int get_openvswitch_major(void); static int get_major(const char *target, int default_major); static int @@ -875,14 +875,15 @@ lookup_minor(const char *name, unsigned int *minor) goto error_close_sock; } - if (strcmp(drvinfo.driver, "openflow")) { - VLOG_WARN("%s is not an openflow device", name); + if (strcmp(drvinfo.driver, "openvswitch")) { + VLOG_WARN("%s is not an openvswitch device", name); error = EOPNOTSUPP; goto error_close_sock; } if (!isdigit(drvinfo.bus_info[0])) { - VLOG_WARN("%s ethtool info does not contain an openflow minor", name); + VLOG_WARN("%s ethtool info does not contain an openvswitch minor", + name); error = EPROTOTYPE; goto error_close_sock; } @@ -898,9 +899,9 @@ error: } static int -make_openflow_device(unsigned int minor, char **fnp) +make_openvswitch_device(unsigned int minor, char **fnp) { - dev_t dev = makedev(get_openflow_major(), minor); + dev_t dev = makedev(get_openvswitch_major(), minor); const char dirname[] = "/dev/net"; struct stat s; char fn[128]; @@ -958,14 +959,14 @@ success: static int -get_openflow_major(void) +get_openvswitch_major(void) { - static unsigned int openflow_major; - if (!openflow_major) { + static unsigned int openvswitch_major; + if (!openvswitch_major) { enum { DEFAULT_MAJOR = 248 }; - openflow_major = get_major("openflow", DEFAULT_MAJOR); + openvswitch_major = get_major("openvswitch", DEFAULT_MAJOR); } - return openflow_major; + return openvswitch_major; } static int @@ -1045,7 +1046,7 @@ open_by_minor(unsigned int minor, struct dpif *dpif) dpif->minor = -1; dpif->fd = -1; - error = make_openflow_device(minor, &fn); + error = make_openvswitch_device(minor, &fn); if (error) { return error; } diff --git a/lib/dpif.h b/lib/dpif.h index 3e96e536..a540deff 100644 --- a/lib/dpif.h +++ b/lib/dpif.h @@ -39,7 +39,7 @@ * generalize to multiple types of local datapaths, but the implementation only * supports the openflow kernel module. */ -#include "openflow/datapath-protocol.h" +#include "openvswitch/datapath-protocol.h" #include #include #include diff --git a/lib/fatal-signal.c b/lib/fatal-signal.c index 0bfa35bc..852fa6d7 100644 --- a/lib/fatal-signal.c +++ b/lib/fatal-signal.c @@ -108,11 +108,11 @@ fatal_signal_block(void) sigaddset(&fatal_signal_set, sig_nr); if (sigaction(sig_nr, NULL, &old_sa)) { - ofp_fatal(errno, "sigaction"); + ovs_fatal(errno, "sigaction"); } if (old_sa.sa_handler == SIG_DFL && signal(sig_nr, fatal_signal_handler) == SIG_ERR) { - ofp_fatal(errno, "signal"); + ovs_fatal(errno, "signal"); } } atexit(atexit_handler); diff --git a/lib/flow.c b/lib/flow.c index d2545d5f..b9f20ca7 100644 --- a/lib/flow.c +++ b/lib/flow.c @@ -41,8 +41,8 @@ #include "dynamic-string.h" #include "hash.h" #include "ofpbuf.h" -#include "openflow/datapath-protocol.h" #include "openflow/openflow.h" +#include "openvswitch/datapath-protocol.h" #include "packets.h" #include "vlog.h" diff --git a/lib/flow.h b/lib/flow.h index 59d6f36e..caefa870 100644 --- a/lib/flow.h +++ b/lib/flow.h @@ -39,8 +39,8 @@ #include #include "openflow/openflow.h" #include "hash.h" -#include "openflow/datapath-protocol.h" #include "openflow/openflow.h" +#include "openvswitch/datapath-protocol.h" #include "util.h" struct ds; diff --git a/lib/netdev.c b/lib/netdev.c index 0935efa2..9768abee 100644 --- a/lib/netdev.c +++ b/lib/netdev.c @@ -372,7 +372,7 @@ netdev_open_tap(const char *name, struct netdev **netdevp) tap_fd = open(tap_dev, O_RDWR); if (tap_fd < 0) { - ofp_error(errno, "opening \"%s\" failed", tap_dev); + ovs_error(errno, "opening \"%s\" failed", tap_dev); return errno; } @@ -383,14 +383,14 @@ netdev_open_tap(const char *name, struct netdev **netdevp) } if (ioctl(tap_fd, TUNSETIFF, &ifr) < 0) { int error = errno; - ofp_error(error, "ioctl(TUNSETIFF) on \"%s\" failed", tap_dev); + ovs_error(error, "ioctl(TUNSETIFF) on \"%s\" failed", tap_dev); close(tap_fd); return error; } error = set_nonblocking(tap_fd); if (error) { - ofp_error(error, "set_nonblocking on \"%s\" failed", tap_dev); + ovs_error(error, "set_nonblocking on \"%s\" failed", tap_dev); close(tap_fd); return error; } @@ -1387,12 +1387,12 @@ init_netdev(void) af_inet_sock = socket(AF_INET, SOCK_DGRAM, 0); if (af_inet_sock < 0) { - ofp_fatal(errno, "socket(AF_INET)"); + ovs_fatal(errno, "socket(AF_INET)"); } error = nl_sock_create(NETLINK_ROUTE, 0, 0, 0, &rtnl_sock); if (error) { - ofp_fatal(error, "socket(AF_NETLINK, NETLINK_ROUTE)"); + ovs_fatal(error, "socket(AF_NETLINK, NETLINK_ROUTE)"); } /* Decide on the netdev_get_stats() implementation to use. Netlink is diff --git a/lib/odp-util.h b/lib/odp-util.h index 16b85cd2..e84bb4d8 100644 --- a/lib/odp-util.h +++ b/lib/odp-util.h @@ -36,8 +36,8 @@ #include #include -#include "openflow/datapath-protocol.h" #include "openflow/openflow.h" +#include "openvswitch/datapath-protocol.h" struct ds; diff --git a/lib/ofp-print.c b/lib/ofp-print.c index 1883049d..3b78feeb 100644 --- a/lib/ofp-print.c +++ b/lib/ofp-print.c @@ -82,14 +82,14 @@ ofp_packet_to_string(const void *data, size_t len, size_t total_len UNUSED) pcap = tmpfile(); if (!pcap) { - ofp_error(errno, "tmpfile"); + ovs_error(errno, "tmpfile"); return xstrdup(""); } pcap_write_header(pcap); pcap_write(pcap, &buf); fflush(pcap); if (ferror(pcap)) { - ofp_error(errno, "error writing temporary file"); + ovs_error(errno, "error writing temporary file"); } rewind(pcap); @@ -98,7 +98,7 @@ ofp_packet_to_string(const void *data, size_t len, size_t total_len UNUSED) tcpdump = popen(command, "r"); fclose(pcap); if (!tcpdump) { - ofp_error(errno, "exec(\"%s\")", command); + ovs_error(errno, "exec(\"%s\")", command); return xstrdup(""); } @@ -109,9 +109,9 @@ ofp_packet_to_string(const void *data, size_t len, size_t total_len UNUSED) status = pclose(tcpdump); if (WIFEXITED(status)) { if (WEXITSTATUS(status)) - ofp_error(0, "tcpdump exited with status %d", WEXITSTATUS(status)); + ovs_error(0, "tcpdump exited with status %d", WEXITSTATUS(status)); } else if (WIFSIGNALED(status)) { - ofp_error(0, "tcpdump exited with signal %d", WTERMSIG(status)); + ovs_error(0, "tcpdump exited with signal %d", WTERMSIG(status)); } return ds_cstr(&ds); } diff --git a/lib/process.c b/lib/process.c index 755ad2e1..13d03fc7 100644 --- a/lib/process.c +++ b/lib/process.c @@ -92,7 +92,7 @@ process_init(void) /* Create notification pipe. */ if (pipe(fds)) { - ofp_fatal(errno, "could not create pipe"); + ovs_fatal(errno, "could not create pipe"); } set_nonblocking(fds[0]); set_nonblocking(fds[1]); @@ -103,7 +103,7 @@ process_init(void) sigemptyset(&sa.sa_mask); sa.sa_flags = SA_NOCLDSTOP | SA_RESTART; if (sigaction(SIGCHLD, &sa, NULL)) { - ofp_fatal(errno, "sigaction(SIGCHLD) failed"); + ovs_fatal(errno, "sigaction(SIGCHLD) failed"); } } @@ -421,7 +421,7 @@ block_sigchld(sigset_t *oldsigs) sigemptyset(&sigchld); sigaddset(&sigchld, SIGCHLD); if (sigprocmask(SIG_BLOCK, &sigchld, oldsigs)) { - ofp_fatal(errno, "sigprocmask"); + ovs_fatal(errno, "sigprocmask"); } } @@ -429,6 +429,6 @@ static void unblock_sigchld(const sigset_t *oldsigs) { if (sigprocmask(SIG_SETMASK, oldsigs, NULL)) { - ofp_fatal(errno, "sigprocmask"); + ovs_fatal(errno, "sigprocmask"); } } diff --git a/lib/queue.c b/lib/queue.c index 33e50067..525b1c90 100644 --- a/lib/queue.c +++ b/lib/queue.c @@ -38,11 +38,11 @@ #include "leak-checker.h" #include "ofpbuf.h" -static void check_queue(struct ofp_queue *q); +static void check_queue(struct ovs_queue *q); /* Initializes 'q' as an empty packet queue. */ void -queue_init(struct ofp_queue *q) +queue_init(struct ovs_queue *q) { q->n = 0; q->head = NULL; @@ -51,7 +51,7 @@ queue_init(struct ofp_queue *q) /* Destroys 'q' and all of the packets that it contains. */ void -queue_destroy(struct ofp_queue *q) +queue_destroy(struct ovs_queue *q) { struct ofpbuf *cur, *next; for (cur = q->head; cur != NULL; cur = next) { @@ -62,7 +62,7 @@ queue_destroy(struct ofp_queue *q) /* Removes and destroys all of the packets in 'q', rendering it empty. */ void -queue_clear(struct ofp_queue *q) +queue_clear(struct ovs_queue *q) { queue_destroy(q); queue_init(q); @@ -75,7 +75,7 @@ queue_clear(struct ofp_queue *q) * passed to a function for possible consumption (and destruction) and only * dropped from the queue if that function actually accepts it. */ void -queue_advance_head(struct ofp_queue *q, struct ofpbuf *next) +queue_advance_head(struct ovs_queue *q, struct ofpbuf *next) { assert(q->n); assert(q->head); @@ -88,7 +88,7 @@ queue_advance_head(struct ofp_queue *q, struct ofpbuf *next) /* Appends 'b' to the tail of 'q'. */ void -queue_push_tail(struct ofp_queue *q, struct ofpbuf *b) +queue_push_tail(struct ovs_queue *q, struct ofpbuf *b) { check_queue(q); leak_checker_claim(b); @@ -108,7 +108,7 @@ queue_push_tail(struct ofp_queue *q, struct ofpbuf *b) * it. The caller must free the buffer (with ofpbuf_delete()) when it is no * longer needed. */ struct ofpbuf * -queue_pop_head(struct ofp_queue *q) +queue_pop_head(struct ovs_queue *q) { struct ofpbuf *head = q->head; queue_advance_head(q, head->next); @@ -117,7 +117,7 @@ queue_pop_head(struct ofp_queue *q) /* Checks the internal integrity of 'q'. For use in debugging. */ static void -check_queue(struct ofp_queue *q UNUSED) +check_queue(struct ovs_queue *q UNUSED) { #if 0 struct ofpbuf *iter; diff --git a/lib/queue.h b/lib/queue.h index 8221c447..4d1e0aef 100644 --- a/lib/queue.h +++ b/lib/queue.h @@ -1,4 +1,4 @@ -/* Copyright (c) 2008 The Board of Trustees of The Leland Stanford +/* Copyright (c) 2008, 2009 The Board of Trustees of The Leland Stanford * Junior University * * We are making the OpenFlow specification and associated documentation @@ -35,17 +35,17 @@ #define QUEUE_H 1 /* Packet queue. */ -struct ofp_queue { +struct ovs_queue { int n; /* Number of queued packets. */ struct ofpbuf *head; /* First queued packet, null if n == 0. */ struct ofpbuf *tail; /* Last queued packet, null if n == 0. */ }; -void queue_init(struct ofp_queue *); -void queue_destroy(struct ofp_queue *); -void queue_clear(struct ofp_queue *); -void queue_advance_head(struct ofp_queue *, struct ofpbuf *next); -void queue_push_tail(struct ofp_queue *, struct ofpbuf *); -struct ofpbuf *queue_pop_head(struct ofp_queue *); +void queue_init(struct ovs_queue *); +void queue_destroy(struct ovs_queue *); +void queue_clear(struct ovs_queue *); +void queue_advance_head(struct ovs_queue *, struct ofpbuf *next); +void queue_push_tail(struct ovs_queue *, struct ofpbuf *); +struct ofpbuf *queue_pop_head(struct ovs_queue *); #endif /* queue.h */ diff --git a/lib/random.c b/lib/random.c index 14be87e5..f1275aaa 100644 --- a/lib/random.c +++ b/lib/random.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2008 The Board of Trustees of The Leland Stanford +/* Copyright (c) 2008, 2009 The Board of Trustees of The Leland Stanford * Junior University * * We are making the OpenFlow specification and associated documentation @@ -48,7 +48,7 @@ random_init(void) struct timeval tv; inited = true; if (gettimeofday(&tv, NULL) < 0) { - ofp_fatal(errno, "gettimeofday"); + ovs_fatal(errno, "gettimeofday"); } srand(tv.tv_sec ^ tv.tv_usec); } diff --git a/lib/rconn.c b/lib/rconn.c index b0453422..9564007a 100644 --- a/lib/rconn.c +++ b/lib/rconn.c @@ -84,7 +84,7 @@ struct rconn { char *name; bool reliable; - struct ofp_queue txq; + struct ovs_queue txq; int backoff; int max_backoff; diff --git a/lib/signals.c b/lib/signals.c index 93327b1f..c47ebd0f 100644 --- a/lib/signals.c +++ b/lib/signals.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2008 The Board of Trustees of The Leland Stanford +/* Copyright (c) 2008, 2009 The Board of Trustees of The Leland Stanford * Junior University * * We are making the OpenFlow specification and associated documentation @@ -75,7 +75,7 @@ signal_init(void) if (!inited) { inited = true; if (pipe(fds)) { - ofp_fatal(errno, "could not create pipe"); + ovs_fatal(errno, "could not create pipe"); } set_nonblocking(fds[0]); set_nonblocking(fds[1]); @@ -100,7 +100,7 @@ signal_register(int signr) sigemptyset(&sa.sa_mask); sa.sa_flags = SA_RESTART; if (sigaction(signr, &sa, NULL)) { - ofp_fatal(errno, "sigaction(%d) failed", signr); + ovs_fatal(errno, "sigaction(%d) failed", signr); } /* Return structure. */ diff --git a/lib/timeval.c b/lib/timeval.c index 0755e0d2..84384f71 100644 --- a/lib/timeval.c +++ b/lib/timeval.c @@ -86,7 +86,7 @@ time_init(void) sigemptyset(&sa.sa_mask); sa.sa_flags = SA_RESTART; if (sigaction(SIGALRM, &sa, NULL)) { - ofp_fatal(errno, "sigaction(SIGALRM) failed"); + ovs_fatal(errno, "sigaction(SIGALRM) failed"); } /* Set up periodic timer. */ @@ -94,7 +94,7 @@ time_init(void) itimer.it_interval.tv_usec = TIME_UPDATE_INTERVAL * 1000; itimer.it_value = itimer.it_interval; if (setitimer(ITIMER_REAL, &itimer, NULL)) { - ofp_fatal(errno, "setitimer failed"); + ovs_fatal(errno, "setitimer failed"); } } @@ -234,7 +234,7 @@ block_sigalrm(sigset_t *oldsigs) sigemptyset(&sigalrm); sigaddset(&sigalrm, SIGALRM); if (sigprocmask(SIG_BLOCK, &sigalrm, oldsigs)) { - ofp_fatal(errno, "sigprocmask"); + ovs_fatal(errno, "sigprocmask"); } } @@ -242,7 +242,7 @@ static void unblock_sigalrm(const sigset_t *oldsigs) { if (sigprocmask(SIG_SETMASK, oldsigs, NULL)) { - ofp_fatal(errno, "sigprocmask"); + ovs_fatal(errno, "sigprocmask"); } } diff --git a/lib/unixctl.c b/lib/unixctl.c index 4bf1c7a4..269d5493 100644 --- a/lib/unixctl.c +++ b/lib/unixctl.c @@ -204,10 +204,10 @@ unixctl_server_create(const char *path, struct unixctl_server **serverp) if (path[0] == '/') { server->path = xstrdup(path); } else { - server->path = xasprintf("%s/%s", ofp_rundir, path); + server->path = xasprintf("%s/%s", ovs_rundir, path); } } else { - server->path = xasprintf("%s/%s.%ld.ctl", ofp_rundir, + server->path = xasprintf("%s/%s.%ld.ctl", ovs_rundir, program_name, (long int) getpid()); } @@ -464,7 +464,7 @@ unixctl_server_destroy(struct unixctl_server *server) /* Connects to a Vlog server socket. 'path' should be the name of a Vlog * server socket. If it does not start with '/', it will be prefixed with - * ofp_rundir (e.g. /var/run). + * ovs_rundir (e.g. /var/run). * * Returns 0 if successful, otherwise a positive errno value. If successful, * sets '*clientp' to the new unixctl_client, otherwise to NULL. */ @@ -481,7 +481,7 @@ unixctl_client_create(const char *path, struct unixctl_client **clientp) if (path[0] == '/') { client->connect_path = xstrdup(path); } else { - client->connect_path = xasprintf("%s/%s", ofp_rundir, path); + client->connect_path = xasprintf("%s/%s", ovs_rundir, path); } client->bind_path = xasprintf("/tmp/vlog.%ld.%d", (long int) getpid(), counter++); diff --git a/lib/util.c b/lib/util.c index d39a9318..0c9d87bc 100644 --- a/lib/util.c +++ b/lib/util.c @@ -45,7 +45,7 @@ const char *program_name; void out_of_memory(void) { - ofp_fatal(0, "virtual memory exhausted"); + ovs_fatal(0, "virtual memory exhausted"); } void * @@ -154,7 +154,7 @@ strlcpy(char *dst, const char *src, size_t size) } void -ofp_fatal(int err_no, const char *format, ...) +ovs_fatal(int err_no, const char *format, ...) { va_list args; @@ -170,7 +170,7 @@ ofp_fatal(int err_no, const char *format, ...) } void -ofp_error(int err_no, const char *format, ...) +ovs_error(int err_no, const char *format, ...) { int save_errno = errno; va_list args; @@ -199,7 +199,7 @@ void set_program_name(const char *argv0) * byte in 'buf'. If 'ascii' is true then the corresponding ASCII characters * are also rendered alongside. */ void -ofp_hex_dump(FILE *stream, const void *buf_, size_t size, +ovs_hex_dump(FILE *stream, const void *buf_, size_t size, uintptr_t ofs, bool ascii) { const uint8_t *buf = buf_; diff --git a/lib/util.h b/lib/util.h index cf6cd6b1..ec657927 100644 --- a/lib/util.h +++ b/lib/util.h @@ -112,10 +112,10 @@ void *x2nrealloc(void *p, size_t *n, size_t s); void strlcpy(char *dst, const char *src, size_t size); #endif -void ofp_fatal(int err_no, const char *format, ...) +void ovs_fatal(int err_no, const char *format, ...) PRINTF_FORMAT(2, 3) NO_RETURN; -void ofp_error(int err_no, const char *format, ...) PRINTF_FORMAT(2, 3); -void ofp_hex_dump(FILE *, const void *, size_t, uintptr_t offset, bool ascii); +void ovs_error(int err_no, const char *format, ...) PRINTF_FORMAT(2, 3); +void ovs_hex_dump(FILE *, const void *, size_t, uintptr_t offset, bool ascii); bool str_to_int(const char *, int base, int *); bool str_to_long(const char *, int base, long *); diff --git a/lib/vconn-ssl.c b/lib/vconn-ssl.c index 9318f705..77841d7d 100644 --- a/lib/vconn-ssl.c +++ b/lib/vconn-ssl.c @@ -303,7 +303,7 @@ ssl_open(const char *name, char *suffix, struct vconn **vconnp) host_name = strtok_r(suffix, "::", &save_ptr); port_string = strtok_r(NULL, "::", &save_ptr); if (!host_name) { - ofp_error(0, "%s: bad peer name format", name); + ovs_error(0, "%s: bad peer name format", name); return EAFNOSUPPORT; } @@ -1002,7 +1002,7 @@ tmp_dh_callback(SSL *ssl UNUSED, int is_export UNUSED, int keylength) if (!dh->dh) { dh->dh = dh->constructor(); if (!dh->dh) { - ofp_fatal(ENOMEM, "out of memory constructing " + ovs_fatal(ENOMEM, "out of memory constructing " "Diffie-Hellman parameters"); } } diff --git a/lib/vconn-tcp.c b/lib/vconn-tcp.c index ed6072ab..a3b32bff 100644 --- a/lib/vconn-tcp.c +++ b/lib/vconn-tcp.c @@ -88,7 +88,7 @@ tcp_open(const char *name, char *suffix, struct vconn **vconnp) host_name = strtok_r(suffix, "::", &save_ptr); port_string = strtok_r(NULL, "::", &save_ptr); if (!host_name) { - ofp_error(0, "%s: bad peer name format", name); + ovs_error(0, "%s: bad peer name format", name); return EAFNOSUPPORT; } diff --git a/lib/vlog-modules.def b/lib/vlog-modules.def index f0f52f5b..33a7d106 100644 --- a/lib/vlog-modules.def +++ b/lib/vlog-modules.def @@ -27,7 +27,7 @@ VLOG_MODULE(mgmt) VLOG_MODULE(netdev) VLOG_MODULE(netflow) VLOG_MODULE(netlink) -VLOG_MODULE(ofp_discover) +VLOG_MODULE(ovs_discover) VLOG_MODULE(ofproto) VLOG_MODULE(pktbuf) VLOG_MODULE(pcap) diff --git a/lib/vlog.c b/lib/vlog.c index c6452ad6..8c7e38c1 100644 --- a/lib/vlog.c +++ b/lib/vlog.c @@ -288,7 +288,7 @@ vlog_set_log_file(const char *file_name) old_log_file_name = log_file_name; log_file_name = (file_name ? xstrdup(file_name) - : xasprintf("%s/%s.log", ofp_logdir, program_name)); + : xasprintf("%s/%s.log", ovs_logdir, program_name)); free(old_log_file_name); file_name = NULL; /* Might have been freed. */ @@ -394,7 +394,7 @@ vlog_set_verbosity(const char *arg) if (arg) { char *msg = vlog_set_levels_from_string(arg); if (msg) { - ofp_fatal(0, "processing \"%s\": %s", arg, msg); + ovs_fatal(0, "processing \"%s\": %s", arg, msg); } } else { vlog_set_levels(VLM_ANY_MODULE, VLF_ANY_FACILITY, VLL_DBG); @@ -724,5 +724,5 @@ vlog_usage(void) " -v, --verbose set maximum verbosity level\n" " --log-file[=FILE] enable logging to specified FILE\n" " (default: %s/%s.log)\n", - ofp_logdir, program_name); + ovs_logdir, program_name); } diff --git a/m4/libopenflow.m4 b/m4/libopenflow.m4 deleted file mode 100644 index e0023f1b..00000000 --- a/m4/libopenflow.m4 +++ /dev/null @@ -1,194 +0,0 @@ -# -*- autoconf -*- - -# Copyright (c) 2008, 2009 The Board of Trustees of The Leland Stanford -# Junior University -# -# We are making the OpenFlow specification and associated documentation -# (Software) available for public use and benefit with the expectation -# that others will use, modify and enhance the Software and contribute -# those enhancements back to the community. However, since we would -# like to make the Software available for broadest use, with as few -# restrictions as possible permission is hereby granted, free of -# charge, to any person obtaining a copy of this Software to deal in -# the Software under the copyrights without restriction, including -# without limitation the rights to use, copy, modify, merge, publish, -# distribute, sublicense, and/or sell copies of the Software, and to -# permit persons to whom the Software is furnished to do so, subject to -# the following conditions: -# -# The above copyright notice and this permission notice shall be -# included in all copies or substantial portions of the Software. -# -# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, -# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND -# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS -# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN -# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN -# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -# SOFTWARE. -# -# The name and trademarks of copyright holder(s) may NOT be used in -# advertising or publicity pertaining to the Software or any -# derivatives without specific, written prior permission. - -dnl Checks for --enable-ndebug and defines NDEBUG if it is specified. -AC_DEFUN([OFP_CHECK_NDEBUG], - [AC_ARG_ENABLE( - [ndebug], - [AC_HELP_STRING([--enable-ndebug], - [Disable debugging features for max performance])], - [case "${enableval}" in - (yes) ndebug=true ;; - (no) ndebug=false ;; - (*) AC_MSG_ERROR([bad value ${enableval} for --enable-ndebug]) ;; - esac], - [ndebug=false]) - AM_CONDITIONAL([NDEBUG], [test x$ndebug = xtrue])]) - -dnl Checks for Netlink support. -AC_DEFUN([OFP_CHECK_NETLINK], - [AC_CHECK_HEADER([linux/netlink.h], - [HAVE_NETLINK=yes], - [HAVE_NETLINK=no], - [#include - #include - ]) - AM_CONDITIONAL([HAVE_NETLINK], [test "$HAVE_NETLINK" = yes]) - if test "$HAVE_NETLINK" = yes; then - AC_DEFINE([HAVE_NETLINK], [1], - [Define to 1 if Netlink protocol is available.]) - fi]) - -dnl Checks for OpenSSL, if --enable-ssl is passed in. -AC_DEFUN([OFP_CHECK_OPENSSL], - [AC_ARG_ENABLE( - [ssl], - [AC_HELP_STRING([--enable-ssl], - [Enable ssl support (requires libssl)])], - [case "${enableval}" in - (yes) ssl=true ;; - (no) ssl=false ;; - (*) AC_MSG_ERROR([bad value ${enableval} for --enable-ssl]) ;; - esac], - [ssl=false]) - - if test "$ssl" = true; then - dnl Make sure that pkg-config is installed. - m4_pattern_forbid([PKG_CHECK_MODULES]) - PKG_CHECK_MODULES([SSL], [libssl], - [HAVE_OPENSSL=yes], - [HAVE_OPENSSL=no - AC_MSG_WARN([Cannot find libssl: - - $SSL_PKG_ERRORS - - OpenFlow will not support SSL connections.])]) - - fi - AM_CONDITIONAL([HAVE_OPENSSL], [test "$HAVE_OPENSSL" = yes]) - if test "$HAVE_OPENSSL" = yes; then - AC_DEFINE([HAVE_OPENSSL], [1], [Define to 1 if OpenSSL is installed.]) - fi]) - -dnl Checks for --enable-snat and defines SUPPORT_SNAT if it is specified. -AC_DEFUN([OFP_CHECK_SNAT], - [AC_ARG_ENABLE( - [snat], - [AC_HELP_STRING([--enable-snat], - [Enable support for source-NAT action])], - [case "${enableval}" in - (yes) snat=true ;; - (no) snat=false ;; - (*) AC_MSG_ERROR([bad value ${enableval} for --enable-snat]) ;; - esac], - [snat=false]) - AM_CONDITIONAL([SUPPORT_SNAT], [test x$snat = xtrue]) - if test x$snat = xtrue; then - AC_DEFINE([SUPPORT_SNAT], [1], [Define to 1 if SNAT is desired.]) - SUPPORT_SNAT=-DSUPPORT_SNAT - AC_SUBST([SUPPORT_SNAT]) - fi]) - -dnl Checks for libraries needed by lib/fault.c. -AC_DEFUN([OFP_CHECK_FAULT_LIBS], - [AC_CHECK_LIB([dl], [dladdr], [FAULT_LIBS=-ldl]) - AC_SUBST([FAULT_LIBS])]) - -dnl Checks for libraries needed by lib/socket-util.c. -AC_DEFUN([OFP_CHECK_SOCKET_LIBS], - [AC_CHECK_LIB([socket], [connect]) - AC_SEARCH_LIBS([gethostbyname], [resolv], [RESOLVER_LIBS=-lresolv])]) - -dnl Checks for the directory in which to store the PKI. -AC_DEFUN([OFP_CHECK_PKIDIR], - [AC_ARG_WITH( - [pkidir], - AC_HELP_STRING([--with-pkidir=DIR], - [PKI hierarchy directory [[DATADIR/openflow/pki]]]), - [PKIDIR=$withval], - [PKIDIR='${pkgdatadir}/pki']) - AC_SUBST([PKIDIR])]) - -dnl Checks for the directory in which to store pidfiles. -AC_DEFUN([OFP_CHECK_RUNDIR], - [AC_ARG_WITH( - [rundir], - AC_HELP_STRING([--with-rundir=DIR], - [directory used for pidfiles [[LOCALSTATEDIR/run]]]), - [RUNDIR=$withval], - [RUNDIR='${localstatedir}/run']) - AC_SUBST([RUNDIR])]) - -dnl Checks for the directory in which to store logs. -AC_DEFUN([OFP_CHECK_LOGDIR], - [AC_ARG_WITH( - [logdir], - AC_HELP_STRING([--with-logdir=DIR], - [directory used for logs [[LOCALSTATEDIR/log/PACKAGE]]]), - [LOGDIR=$withval], - [LOGDIR='${localstatedir}/log/${PACKAGE}']) - AC_SUBST([LOGDIR])]) - -dnl Checks for __malloc_hook, etc., supported by glibc. -AC_DEFUN([OFP_CHECK_MALLOC_HOOKS], - [AC_CACHE_CHECK( - [whether libc supports hooks for malloc and related functions], - [ofp_cv_malloc_hooks], - [AC_COMPILE_IFELSE( - [AC_LANG_PROGRAM( - [#include - ], - [(void) __malloc_hook; - (void) __realloc_hook; - (void) __free_hook;])], - [ofp_cv_malloc_hooks=yes], - [ofp_cv_malloc_hooks=no])]) - if test $ofp_cv_malloc_hooks = yes; then - AC_DEFINE([HAVE_MALLOC_HOOKS], [1], - [Define to 1 if you have __malloc_hook, __realloc_hook, and - __free_hook in .]) - fi]) - -dnl Checks for valgrind/valgrind.h. -AC_DEFUN([OFP_CHECK_VALGRIND], - [AC_CHECK_HEADERS([valgrind/valgrind.h])]) - -dnl Runs the checks required to include the headers in include/ and -dnl link against lib/libopenflow.a. -AC_DEFUN([OFP_CHECK_LIBOPENFLOW], - [AC_REQUIRE([AC_USE_SYSTEM_EXTENSIONS]) - AC_REQUIRE([AC_C_BIGENDIAN]) - AC_REQUIRE([OFP_CHECK_NDEBUG]) - AC_REQUIRE([OFP_CHECK_NETLINK]) - AC_REQUIRE([OFP_CHECK_OPENSSL]) - AC_REQUIRE([OFP_CHECK_SNAT]) - AC_REQUIRE([OFP_CHECK_FAULT_LIBS]) - AC_REQUIRE([OFP_CHECK_SOCKET_LIBS]) - AC_REQUIRE([OFP_CHECK_PKIDIR]) - AC_REQUIRE([OFP_CHECK_RUNDIR]) - AC_REQUIRE([OFP_CHECK_LOGDIR]) - AC_REQUIRE([OFP_CHECK_MALLOC_HOOKS]) - AC_REQUIRE([OFP_CHECK_VALGRIND]) - AC_CHECK_FUNCS([strlcpy])]) - diff --git a/m4/libopenvswitch.m4 b/m4/libopenvswitch.m4 new file mode 100644 index 00000000..2a603f4a --- /dev/null +++ b/m4/libopenvswitch.m4 @@ -0,0 +1,194 @@ +# -*- autoconf -*- + +# Copyright (c) 2008, 2009 The Board of Trustees of The Leland Stanford +# Junior University +# +# We are making the OpenFlow specification and associated documentation +# (Software) available for public use and benefit with the expectation +# that others will use, modify and enhance the Software and contribute +# those enhancements back to the community. However, since we would +# like to make the Software available for broadest use, with as few +# restrictions as possible permission is hereby granted, free of +# charge, to any person obtaining a copy of this Software to deal in +# the Software under the copyrights without restriction, including +# without limitation the rights to use, copy, modify, merge, publish, +# distribute, sublicense, and/or sell copies of the Software, and to +# permit persons to whom the Software is furnished to do so, subject to +# the following conditions: +# +# The above copyright notice and this permission notice shall be +# included in all copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND +# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS +# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN +# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN +# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +# SOFTWARE. +# +# The name and trademarks of copyright holder(s) may NOT be used in +# advertising or publicity pertaining to the Software or any +# derivatives without specific, written prior permission. + +dnl Checks for --enable-ndebug and defines NDEBUG if it is specified. +AC_DEFUN([OVS_CHECK_NDEBUG], + [AC_ARG_ENABLE( + [ndebug], + [AC_HELP_STRING([--enable-ndebug], + [Disable debugging features for max performance])], + [case "${enableval}" in + (yes) ndebug=true ;; + (no) ndebug=false ;; + (*) AC_MSG_ERROR([bad value ${enableval} for --enable-ndebug]) ;; + esac], + [ndebug=false]) + AM_CONDITIONAL([NDEBUG], [test x$ndebug = xtrue])]) + +dnl Checks for Netlink support. +AC_DEFUN([OVS_CHECK_NETLINK], + [AC_CHECK_HEADER([linux/netlink.h], + [HAVE_NETLINK=yes], + [HAVE_NETLINK=no], + [#include + #include + ]) + AM_CONDITIONAL([HAVE_NETLINK], [test "$HAVE_NETLINK" = yes]) + if test "$HAVE_NETLINK" = yes; then + AC_DEFINE([HAVE_NETLINK], [1], + [Define to 1 if Netlink protocol is available.]) + fi]) + +dnl Checks for OpenSSL, if --enable-ssl is passed in. +AC_DEFUN([OVS_CHECK_OPENSSL], + [AC_ARG_ENABLE( + [ssl], + [AC_HELP_STRING([--enable-ssl], + [Enable ssl support (requires libssl)])], + [case "${enableval}" in + (yes) ssl=true ;; + (no) ssl=false ;; + (*) AC_MSG_ERROR([bad value ${enableval} for --enable-ssl]) ;; + esac], + [ssl=false]) + + if test "$ssl" = true; then + dnl Make sure that pkg-config is installed. + m4_pattern_forbid([PKG_CHECK_MODULES]) + PKG_CHECK_MODULES([SSL], [libssl], + [HAVE_OPENSSL=yes], + [HAVE_OPENSSL=no + AC_MSG_WARN([Cannot find libssl: + + $SSL_PKG_ERRORS + + OpenFlow connections over SSL will not be supported.])]) + + fi + AM_CONDITIONAL([HAVE_OPENSSL], [test "$HAVE_OPENSSL" = yes]) + if test "$HAVE_OPENSSL" = yes; then + AC_DEFINE([HAVE_OPENSSL], [1], [Define to 1 if OpenSSL is installed.]) + fi]) + +dnl Checks for --enable-snat and defines SUPPORT_SNAT if it is specified. +AC_DEFUN([OVS_CHECK_SNAT], + [AC_ARG_ENABLE( + [snat], + [AC_HELP_STRING([--enable-snat], + [Enable support for source-NAT action])], + [case "${enableval}" in + (yes) snat=true ;; + (no) snat=false ;; + (*) AC_MSG_ERROR([bad value ${enableval} for --enable-snat]) ;; + esac], + [snat=false]) + AM_CONDITIONAL([SUPPORT_SNAT], [test x$snat = xtrue]) + if test x$snat = xtrue; then + AC_DEFINE([SUPPORT_SNAT], [1], [Define to 1 if SNAT is desired.]) + SUPPORT_SNAT=-DSUPPORT_SNAT + AC_SUBST([SUPPORT_SNAT]) + fi]) + +dnl Checks for libraries needed by lib/fault.c. +AC_DEFUN([OVS_CHECK_FAULT_LIBS], + [AC_CHECK_LIB([dl], [dladdr], [FAULT_LIBS=-ldl]) + AC_SUBST([FAULT_LIBS])]) + +dnl Checks for libraries needed by lib/socket-util.c. +AC_DEFUN([OVS_CHECK_SOCKET_LIBS], + [AC_CHECK_LIB([socket], [connect]) + AC_SEARCH_LIBS([gethostbyname], [resolv], [RESOLVER_LIBS=-lresolv])]) + +dnl Checks for the directory in which to store the PKI. +AC_DEFUN([OVS_CHECK_PKIDIR], + [AC_ARG_WITH( + [pkidir], + AC_HELP_STRING([--with-pkidir=DIR], + [PKI hierarchy directory [[DATADIR/openvswitch/pki]]]), + [PKIDIR=$withval], + [PKIDIR='${pkgdatadir}/pki']) + AC_SUBST([PKIDIR])]) + +dnl Checks for the directory in which to store pidfiles. +AC_DEFUN([OVS_CHECK_RUNDIR], + [AC_ARG_WITH( + [rundir], + AC_HELP_STRING([--with-rundir=DIR], + [directory used for pidfiles [[LOCALSTATEDIR/run]]]), + [RUNDIR=$withval], + [RUNDIR='${localstatedir}/run']) + AC_SUBST([RUNDIR])]) + +dnl Checks for the directory in which to store logs. +AC_DEFUN([OVS_CHECK_LOGDIR], + [AC_ARG_WITH( + [logdir], + AC_HELP_STRING([--with-logdir=DIR], + [directory used for logs [[LOCALSTATEDIR/log/PACKAGE]]]), + [LOGDIR=$withval], + [LOGDIR='${localstatedir}/log/${PACKAGE}']) + AC_SUBST([LOGDIR])]) + +dnl Checks for __malloc_hook, etc., supported by glibc. +AC_DEFUN([OVS_CHECK_MALLOC_HOOKS], + [AC_CACHE_CHECK( + [whether libc supports hooks for malloc and related functions], + [ovs_cv_malloc_hooks], + [AC_COMPILE_IFELSE( + [AC_LANG_PROGRAM( + [#include + ], + [(void) __malloc_hook; + (void) __realloc_hook; + (void) __free_hook;])], + [ovs_cv_malloc_hooks=yes], + [ovs_cv_malloc_hooks=no])]) + if test $ovs_cv_malloc_hooks = yes; then + AC_DEFINE([HAVE_MALLOC_HOOKS], [1], + [Define to 1 if you have __malloc_hook, __realloc_hook, and + __free_hook in .]) + fi]) + +dnl Checks for valgrind/valgrind.h. +AC_DEFUN([OVS_CHECK_VALGRIND], + [AC_CHECK_HEADERS([valgrind/valgrind.h])]) + +dnl Runs the checks required to include the headers in include/ and +dnl link against lib/libopenvswitch.a. +AC_DEFUN([OVS_CHECK_LIBOPENVSWITCH], + [AC_REQUIRE([AC_USE_SYSTEM_EXTENSIONS]) + AC_REQUIRE([AC_C_BIGENDIAN]) + AC_REQUIRE([OVS_CHECK_NDEBUG]) + AC_REQUIRE([OVS_CHECK_NETLINK]) + AC_REQUIRE([OVS_CHECK_OPENSSL]) + AC_REQUIRE([OVS_CHECK_SNAT]) + AC_REQUIRE([OVS_CHECK_FAULT_LIBS]) + AC_REQUIRE([OVS_CHECK_SOCKET_LIBS]) + AC_REQUIRE([OVS_CHECK_PKIDIR]) + AC_REQUIRE([OVS_CHECK_RUNDIR]) + AC_REQUIRE([OVS_CHECK_LOGDIR]) + AC_REQUIRE([OVS_CHECK_MALLOC_HOOKS]) + AC_REQUIRE([OVS_CHECK_VALGRIND]) + AC_CHECK_FUNCS([strlcpy])]) + diff --git a/secchan/automake.mk b/secchan/automake.mk index d3e4e819..cf24b353 100644 --- a/secchan/automake.mk +++ b/secchan/automake.mk @@ -4,7 +4,7 @@ man_MANS += secchan/secchan.8 secchan_secchan_SOURCES = secchan/main.c secchan_secchan_LDADD = \ secchan/libsecchan.a \ - lib/libopenflow.a \ + lib/libopenvswitch.a \ $(FAULT_LIBS) \ $(SSL_LIBS) diff --git a/secchan/commands/reboot b/secchan/commands/reboot index 4d5145cd..42fd10c1 100755 --- a/secchan/commands/reboot +++ b/secchan/commands/reboot @@ -1,3 +1,3 @@ #! /bin/sh -ofp-kill --force --signal=USR1 ofp-switchui.pid +ovs-kill --force --signal=USR1 ovs-switchui.pid reboot diff --git a/secchan/executer.c b/secchan/executer.c index 5f39c0f5..a1d2bade 100644 --- a/secchan/executer.c +++ b/secchan/executer.c @@ -499,7 +499,7 @@ executer_create(const char *command_acl, const char *command_dir, e->command_acl = xstrdup(command_acl); e->command_dir = (command_dir ? xstrdup(command_dir) - : xasprintf("%s/commands", ofp_pkgdatadir)); + : xasprintf("%s/commands", ovs_pkgdatadir)); e->n_children = 0; *executerp = e; return 0; diff --git a/secchan/main.c b/secchan/main.c index 334e3196..dc046819 100644 --- a/secchan/main.c +++ b/secchan/main.c @@ -149,25 +149,25 @@ main(int argc, char *argv[]) /* Start listening for vlogconf requests. */ error = unixctl_server_create(NULL, &unixctl); if (error) { - ofp_fatal(error, "Could not listen for unixctl connections"); + ovs_fatal(error, "Could not listen for unixctl connections"); } - VLOG_INFO("OpenFlow reference implementation version %s", VERSION BUILDNR); + VLOG_INFO("OpenVSwitch version %s", VERSION BUILDNR); VLOG_INFO("OpenFlow protocol version 0x%02x", OFP_VERSION); /* Start OpenFlow processing. */ error = ofproto_create(s.dp_name, NULL, NULL, &ofproto); if (error) { - ofp_fatal(error, "could not initialize openflow switch"); + ovs_fatal(error, "could not initialize openflow switch"); } error = ofproto_set_in_band(ofproto, s.in_band); if (error) { - ofp_fatal(error, "failed to configure in-band control"); + ovs_fatal(error, "failed to configure in-band control"); } error = ofproto_set_discovery(ofproto, s.discovery, s.accept_controller_re, s.update_resolv_conf); if (error) { - ofp_fatal(error, "failed to configure controller discovery"); + ovs_fatal(error, "failed to configure controller discovery"); } if (s.datapath_id) { ofproto_set_datapath_id(ofproto, s.datapath_id); @@ -178,16 +178,16 @@ main(int argc, char *argv[]) ofproto_set_desc(ofproto, s.mfr_desc, s.hw_desc, s.sw_desc, s.serial_desc); error = ofproto_set_listeners(ofproto, &s.listeners); if (error) { - ofp_fatal(error, "failed to configure management connections"); + ovs_fatal(error, "failed to configure management connections"); } error = ofproto_set_snoops(ofproto, &s.snoops); if (error) { - ofp_fatal(error, + ovs_fatal(error, "failed to configure controller snooping connections"); } error = ofproto_set_netflow(ofproto, &s.netflow); if (error) { - ofp_fatal(error, "failed to configure NetFlow collectors"); + ovs_fatal(error, "failed to configure NetFlow collectors"); } ofproto_set_failure(ofproto, s.fail_mode == FAIL_OPEN); ofproto_set_probe_interval(ofproto, s.probe_interval); @@ -195,24 +195,24 @@ main(int argc, char *argv[]) ofproto_set_rate_limit(ofproto, s.rate_limit, s.burst_limit); error = ofproto_set_stp(ofproto, s.enable_stp); if (error) { - ofp_fatal(error, "failed to configure STP"); + ovs_fatal(error, "failed to configure STP"); } error = ofproto_set_remote_execution(ofproto, s.command_acl, s.command_dir); if (error) { - ofp_fatal(error, "failed to configure remote command execution"); + ovs_fatal(error, "failed to configure remote command execution"); } if (!s.discovery) { error = ofproto_set_controller(ofproto, s.controller_name); if (error) { - ofp_fatal(error, "failed to configure controller"); + ovs_fatal(error, "failed to configure controller"); } } while (ofproto_is_alive(ofproto)) { error = ofproto_run(ofproto); if (error) { - ofp_fatal(error, "unrecoverable datapath error"); + ovs_fatal(error, "unrecoverable datapath error"); } unixctl_server_run(unixctl); @@ -331,12 +331,12 @@ parse_options(int argc, char *argv[], struct ofsettings *s) case OPT_DATAPATH_ID: if (strlen(optarg) != 12 || strspn(optarg, "0123456789abcdefABCDEF") != 12) { - ofp_fatal(0, "argument to --datapath-id must be " + ovs_fatal(0, "argument to --datapath-id must be " "exactly 12 hex digits"); } s->datapath_id = strtoll(optarg, NULL, 16); if (!s->datapath_id) { - ofp_fatal(0, "argument to --datapath-id must be nonzero"); + ovs_fatal(0, "argument to --datapath-id must be nonzero"); } break; @@ -370,7 +370,7 @@ parse_options(int argc, char *argv[], struct ofsettings *s) } else if (!strcmp(optarg, "closed")) { s->fail_mode = FAIL_CLOSED; } else { - ofp_fatal(0, "-f or --fail argument must be \"open\" " + ovs_fatal(0, "-f or --fail argument must be \"open\" " "or \"closed\""); } break; @@ -378,7 +378,7 @@ parse_options(int argc, char *argv[], struct ofsettings *s) case OPT_INACTIVITY_PROBE: s->probe_interval = atoi(optarg); if (s->probe_interval < 5) { - ofp_fatal(0, "--inactivity-probe argument must be at least 5"); + ovs_fatal(0, "--inactivity-probe argument must be at least 5"); } break; @@ -388,7 +388,7 @@ parse_options(int argc, char *argv[], struct ofsettings *s) } else { s->max_idle = atoi(optarg); if (s->max_idle < 1 || s->max_idle > 65535) { - ofp_fatal(0, "--max-idle argument must be between 1 and " + ovs_fatal(0, "--max-idle argument must be between 1 and " "65535 or the word 'permanent'"); } } @@ -397,7 +397,7 @@ parse_options(int argc, char *argv[], struct ofsettings *s) case OPT_MAX_BACKOFF: s->max_backoff = atoi(optarg); if (s->max_backoff < 1) { - ofp_fatal(0, "--max-backoff argument must be at least 1"); + ovs_fatal(0, "--max-backoff argument must be at least 1"); } else if (s->max_backoff > 3600) { s->max_backoff = 3600; } @@ -407,7 +407,7 @@ parse_options(int argc, char *argv[], struct ofsettings *s) if (optarg) { s->rate_limit = atoi(optarg); if (s->rate_limit < 1) { - ofp_fatal(0, "--rate-limit argument must be at least 1"); + ovs_fatal(0, "--rate-limit argument must be at least 1"); } } else { s->rate_limit = 1000; @@ -417,7 +417,7 @@ parse_options(int argc, char *argv[], struct ofsettings *s) case OPT_BURST_LIMIT: s->burst_limit = atoi(optarg); if (s->burst_limit < 1) { - ofp_fatal(0, "--burst-limit argument must be at least 1"); + ovs_fatal(0, "--burst-limit argument must be at least 1"); } break; @@ -454,12 +454,12 @@ parse_options(int argc, char *argv[], struct ofsettings *s) case OPT_MGMT_ID: if (strlen(optarg) != 12 || strspn(optarg, "0123456789abcdefABCDEF") != 12) { - ofp_fatal(0, "argument to --mgmt-id must be " + ovs_fatal(0, "argument to --mgmt-id must be " "exactly 12 hex digits"); } s->mgmt_id = strtoll(optarg, NULL, 16); if (!s->mgmt_id) { - ofp_fatal(0, "argument to --mgmt-id must be nonzero"); + ovs_fatal(0, "argument to --mgmt-id must be nonzero"); } break; @@ -505,7 +505,7 @@ parse_options(int argc, char *argv[], struct ofsettings *s) argc -= optind; argv += optind; if (argc < 1 || argc > 2) { - ofp_fatal(0, "need one or two non-option arguments; " + ovs_fatal(0, "need one or two non-option arguments; " "use --help for usage"); } @@ -521,7 +521,7 @@ parse_options(int argc, char *argv[], struct ofsettings *s) /* Mode of operation. */ s->discovery = s->controller_name == NULL; if (s->discovery && !s->in_band) { - ofp_fatal(0, "Cannot perform discovery with out-of-band control"); + ovs_fatal(0, "Cannot perform discovery with out-of-band control"); } /* Rate limiting. */ @@ -533,7 +533,7 @@ parse_options(int argc, char *argv[], struct ofsettings *s) static void usage(void) { - printf("%s: secure channel, a relay for OpenFlow messages.\n" + printf("%s: an OpenFlow switch implementation.\n" "usage: %s [OPTIONS] DATAPATH [CONTROLLER]\n" "DATAPATH is a local datapath (e.g. \"dp0\").\n" "CONTROLLER is an active OpenFlow connection method; if it is\n" @@ -574,7 +574,7 @@ usage(void) "\nRemote command execution options:\n" " --command-acl=[!]GLOB[,[!]GLOB...] set allowed/denied commands\n" " --command-dir=DIR set command dir (default: %s/commands)\n", - ofp_pkgdatadir); + ovs_pkgdatadir); daemon_usage(); vlog_usage(); printf("\nOther options:\n" diff --git a/secchan/netflow.c b/secchan/netflow.c index f2edd58b..99285a0e 100644 --- a/secchan/netflow.c +++ b/secchan/netflow.c @@ -133,11 +133,11 @@ open_collector(char *dst) host_name = strtok_r(dst, "::", &save_ptr); port_string = strtok_r(NULL, "::", &save_ptr); if (!host_name) { - ofp_error(0, "%s: bad peer name format", dst); + ovs_error(0, "%s: bad peer name format", dst); return -EAFNOSUPPORT; } if (!port_string) { - ofp_error(0, "%s: bad port format", dst); + ovs_error(0, "%s: bad port format", dst); return -EAFNOSUPPORT; } diff --git a/secchan/ofproto.c b/secchan/ofproto.c index b3bc065b..7a582478 100644 --- a/secchan/ofproto.c +++ b/secchan/ofproto.c @@ -52,10 +52,10 @@ #include "odp-util.h" #include "ofp-print.h" #include "ofpbuf.h" -#include "openflow/datapath-protocol.h" #include "openflow/nicira-ext.h" #include "openflow/openflow.h" #include "openflow/openflow-mgmt.h" +#include "openvswitch/datapath-protocol.h" #include "packets.h" #include "pinsched.h" #include "pktbuf.h" diff --git a/secchan/pinsched.c b/secchan/pinsched.c index 124aab42..9aa048d2 100644 --- a/secchan/pinsched.c +++ b/secchan/pinsched.c @@ -52,7 +52,7 @@ struct pinsched { int burst_limit; /* Maximum token bucket size, in packets. */ /* One queue per physical port. */ - struct port_array queues; /* Array of "struct ofp_queue *". */ + struct port_array queues; /* Array of "struct ovs_queue *". */ int n_queued; /* Sum over queues[*].n. */ unsigned int last_tx_port; /* Last port checked in round-robin. */ @@ -78,7 +78,7 @@ struct pinsched { }; static struct ofpbuf * -dequeue_packet(struct pinsched *ps, struct ofp_queue *q, +dequeue_packet(struct pinsched *ps, struct ovs_queue *q, unsigned int port_no) { struct ofpbuf *packet = queue_pop_head(q); @@ -94,11 +94,11 @@ dequeue_packet(struct pinsched *ps, struct ofp_queue *q, static void drop_packet(struct pinsched *ps) { - struct ofp_queue *longest; /* Queue currently selected as longest. */ + struct ovs_queue *longest; /* Queue currently selected as longest. */ int n_longest; /* # of queues of same length as 'longest'. */ unsigned int longest_port_no; unsigned int port_no; - struct ofp_queue *q; + struct ovs_queue *q; ps->n_queue_dropped++; @@ -129,7 +129,7 @@ drop_packet(struct pinsched *ps) static struct ofpbuf * get_tx_packet(struct pinsched *ps) { - struct ofp_queue *q = port_array_next(&ps->queues, &ps->last_tx_port); + struct ovs_queue *q = port_array_next(&ps->queues, &ps->last_tx_port); if (!q) { q = port_array_first(&ps->queues, &ps->last_tx_port); } @@ -175,7 +175,7 @@ pinsched_send(struct pinsched *ps, uint16_t port_no, cb(packet, aux); } else { /* Otherwise queue it up for the periodic callback to drain out. */ - struct ofp_queue *q; + struct ovs_queue *q; /* We are called with a buffer obtained from dpif_recv() that has much * more allocated space than actual content most of the time. Since @@ -268,7 +268,7 @@ void pinsched_destroy(struct pinsched *ps) { if (ps) { - struct ofp_queue *queue; + struct ovs_queue *queue; unsigned int port_no; PORT_ARRAY_FOR_EACH (queue, &ps->queues, port_no) { diff --git a/secchan/secchan.8.in b/secchan/secchan.8.in index 0bf1293a..1e8ffd82 100644 --- a/secchan/secchan.8.in +++ b/secchan/secchan.8.in @@ -1,4 +1,4 @@ -.TH secchan 8 "March 2009" "OpenFlow" "OpenFlow Manual" +.TH secchan 8 "March 2009" "OpenVSwitch" "OpenVSwitch Manual" .ds PN secchan .SH NAME @@ -462,9 +462,9 @@ require the controller to send the CA certificate, but .SH "SEE ALSO" .BR dpctl (8), -.BR ofp-discover (8), +.BR ovs-discover (8), .BR controller (8), -.BR ofp-pki (8), +.BR ovs-pki (8), .BR udatapath (8), .BR vlogconf (8), .BR vswitchd.conf (5) diff --git a/tests/automake.mk b/tests/automake.mk index 78b8c6ac..dd208fc5 100644 --- a/tests/automake.mk +++ b/tests/automake.mk @@ -1,23 +1,23 @@ TESTS += tests/test-classifier noinst_PROGRAMS += tests/test-classifier tests_test_classifier_SOURCES = tests/test-classifier.c -tests_test_classifier_LDADD = lib/libopenflow.a +tests_test_classifier_LDADD = lib/libopenvswitch.a TESTS += tests/test-flows.sh noinst_PROGRAMS += tests/test-flows tests_test_flows_SOURCES = tests/test-flows.c -tests_test_flows_LDADD = lib/libopenflow.a +tests_test_flows_LDADD = lib/libopenvswitch.a dist_check_SCRIPTS = tests/test-flows.sh tests/flowgen.pl TESTS += tests/test-hmap noinst_PROGRAMS += tests/test-hmap tests_test_hmap_SOURCES = tests/test-hmap.c -tests_test_hmap_LDADD = lib/libopenflow.a +tests_test_hmap_LDADD = lib/libopenvswitch.a TESTS += tests/test-list noinst_PROGRAMS += tests/test-list tests_test_list_SOURCES = tests/test-list.c -tests_test_list_LDADD = lib/libopenflow.a +tests_test_list_LDADD = lib/libopenvswitch.a TESTS += tests/test-type-props noinst_PROGRAMS += tests/test-type-props @@ -25,14 +25,14 @@ tests_test_type_props_SOURCES = tests/test-type-props.c noinst_PROGRAMS += tests/test-dhcp-client tests_test_dhcp_client_SOURCES = tests/test-dhcp-client.c -tests_test_dhcp_client_LDADD = lib/libopenflow.a $(FAULT_LIBS) +tests_test_dhcp_client_LDADD = lib/libopenvswitch.a $(FAULT_LIBS) TESTS += tests/test-stp.sh EXTRA_DIST += tests/test-stp.sh noinst_PROGRAMS += tests/test-stp tests_test_stp_SOURCES = tests/test-stp.c -tests_test_stp_LDADD = lib/libopenflow.a +tests_test_stp_LDADD = lib/libopenvswitch.a stp_files = \ tests/test-stp-ieee802.1d-1998 \ tests/test-stp-ieee802.1d-2004-fig17.4 \ diff --git a/tests/test-dhcp-client.c b/tests/test-dhcp-client.c index f8a1f427..459fc9ab 100644 --- a/tests/test-dhcp-client.c +++ b/tests/test-dhcp-client.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2008 The Board of Trustees of The Leland Stanford +/* Copyright (c) 2008, 2009 The Board of Trustees of The Leland Stanford * Junior University * * We are making the OpenFlow specification and associated documentation @@ -75,13 +75,13 @@ main(int argc, char *argv[]) argc -= optind; argv += optind; if (argc != 1) { - ofp_fatal(0, "exactly one non-option argument required; " + ovs_fatal(0, "exactly one non-option argument required; " "use --help for help"); } error = dhclient_create(argv[0], modify_dhcp_request, NULL, NULL, &cli); if (error) { - ofp_fatal(error, "dhclient_create failed"); + ovs_fatal(error, "dhclient_create failed"); } dhclient_init(cli, request_ip.s_addr); fatal_signal_add_hook(release, cli, true); @@ -149,7 +149,7 @@ parse_options(int argc, char *argv[]) switch (c) { case OPT_REQUEST_IP: if (!inet_aton(optarg, &request_ip)) { - ofp_fatal(0, + ovs_fatal(0, "--request-ip argument is not a valid IP address"); } break; @@ -187,7 +187,7 @@ parse_options(int argc, char *argv[]) static void usage(void) { - printf("%s: standalone program for testing OpenFlow DHCP client.\n" + printf("%s: standalone program for testing OpenVSwitch DHCP client.\n" "usage: %s [OPTIONS] NETDEV\n" "where NETDEV is a network device (e.g. eth0).\n" "\nDHCP options:\n" diff --git a/tests/test-flows.c b/tests/test-flows.c index 89895e41..663c5a6d 100644 --- a/tests/test-flows.c +++ b/tests/test-flows.c @@ -29,12 +29,12 @@ main(int argc UNUSED, char *argv[]) flows = stdin; pcap = fdopen(3, "rb"); if (!pcap) { - ofp_fatal(errno, "failed to open fd 3 for reading"); + ovs_fatal(errno, "failed to open fd 3 for reading"); } retval = pcap_read_header(pcap); if (retval) { - ofp_fatal(retval > 0 ? retval : 0, "reading pcap header failed"); + ovs_fatal(retval > 0 ? retval : 0, "reading pcap header failed"); } while (fread(&expected_match, sizeof expected_match, 1, flows)) { @@ -46,9 +46,9 @@ main(int argc UNUSED, char *argv[]) retval = pcap_read(pcap, &packet); if (retval == EOF) { - ofp_fatal(0, "unexpected end of file reading pcap file"); + ovs_fatal(0, "unexpected end of file reading pcap file"); } else if (retval) { - ofp_fatal(retval, "error reading pcap file"); + ovs_fatal(retval, "error reading pcap file"); } flow_extract(packet, 1, &flow); diff --git a/tests/test-stp.c b/tests/test-stp.c index ddb7db7e..4f5165a1 100644 --- a/tests/test-stp.c +++ b/tests/test-stp.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2008 The Board of Trustees of The Leland Stanford +/* Copyright (c) 2008, 2009 The Board of Trustees of The Leland Stanford * Junior University * * We are making the OpenFlow specification and associated documentation @@ -454,13 +454,13 @@ main(int argc, char *argv[]) int i; if (argc != 2) { - ofp_fatal(0, "usage: test-stp INPUT.STP\n"); + ovs_fatal(0, "usage: test-stp INPUT.STP\n"); } file_name = argv[1]; input_file = fopen(file_name, "r"); if (!input_file) { - ofp_fatal(errno, "error opening \"%s\"", file_name); + ovs_fatal(errno, "error opening \"%s\"", file_name); } tc = new_test_case(); diff --git a/utilities/.gitignore b/utilities/.gitignore index 534ef34d..7d824f90 100644 --- a/utilities/.gitignore +++ b/utilities/.gitignore @@ -5,13 +5,13 @@ /dpctl /dpctl.8 /nlmon -/ofp-discover -/ofp-discover.8 -/ofp-kill -/ofp-kill.8 -/ofp-parse-leaks -/ofp-pki -/ofp-pki-cgi -/ofp-pki.8 +/ovs-discover +/ovs-discover.8 +/ovs-kill +/ovs-kill.8 +/ovs-parse-leaks +/ovs-pki +/ovs-pki-cgi +/ovs-pki.8 /vlogconf /vlogconf.8 diff --git a/utilities/automake.mk b/utilities/automake.mk index aa8e9f87..45d694c9 100644 --- a/utilities/automake.mk +++ b/utilities/automake.mk @@ -2,55 +2,55 @@ bin_PROGRAMS += \ utilities/vlogconf \ utilities/cfg-mod \ utilities/dpctl \ - utilities/ofp-discover \ - utilities/ofp-kill + utilities/ovs-discover \ + utilities/ovs-kill noinst_PROGRAMS += utilities/nlmon -bin_SCRIPTS += utilities/ofp-pki -noinst_SCRIPTS += utilities/ofp-pki-cgi utilities/ofp-parse-leaks +bin_SCRIPTS += utilities/ovs-pki +noinst_SCRIPTS += utilities/ovs-pki-cgi utilities/ovs-parse-leaks EXTRA_DIST += \ utilities/cfg-mod.8.in \ utilities/dpctl.8.in \ - utilities/ofp-discover.8.in \ - utilities/ofp-kill.8.in \ - utilities/ofp-parse-leaks.in \ - utilities/ofp-pki-cgi.in \ - utilities/ofp-pki.8.in \ - utilities/ofp-pki.in \ + utilities/ovs-discover.8.in \ + utilities/ovs-kill.8.in \ + utilities/ovs-parse-leaks.in \ + utilities/ovs-pki-cgi.in \ + utilities/ovs-pki.8.in \ + utilities/ovs-pki.in \ utilities/vlogconf.8.in DISTCLEANFILES += \ utilities/cfg-mod.8 \ utilities/dpctl.8 \ - utilities/ofp-discover.8 \ - utilities/ofp-kill.8 \ - utilities/ofp-parse-leaks \ - utilities/ofp-pki \ - utilities/ofp-pki.8 \ - utilities/ofp-pki-cgi \ + utilities/ovs-discover.8 \ + utilities/ovs-kill.8 \ + utilities/ovs-parse-leaks \ + utilities/ovs-pki \ + utilities/ovs-pki.8 \ + utilities/ovs-pki-cgi \ utilities/vlogconf.8 man_MANS += \ utilities/cfg-mod.8 \ utilities/dpctl.8 \ - utilities/ofp-discover.8 \ - utilities/ofp-kill.8 \ - utilities/ofp-pki.8 \ + utilities/ovs-discover.8 \ + utilities/ovs-kill.8 \ + utilities/ovs-pki.8 \ utilities/vlogconf.8 utilities_cfg_mod_SOURCES = utilities/cfg-mod.c -utilities_cfg_mod_LDADD = lib/libopenflow.a +utilities_cfg_mod_LDADD = lib/libopenvswitch.a utilities_dpctl_SOURCES = utilities/dpctl.c -utilities_dpctl_LDADD = lib/libopenflow.a $(FAULT_LIBS) $(SSL_LIBS) +utilities_dpctl_LDADD = lib/libopenvswitch.a $(FAULT_LIBS) $(SSL_LIBS) utilities_vlogconf_SOURCES = utilities/vlogconf.c -utilities_vlogconf_LDADD = lib/libopenflow.a +utilities_vlogconf_LDADD = lib/libopenvswitch.a -utilities_ofp_discover_SOURCES = utilities/ofp-discover.c -utilities_ofp_discover_LDADD = lib/libopenflow.a +utilities_ovs_discover_SOURCES = utilities/ovs-discover.c +utilities_ovs_discover_LDADD = lib/libopenvswitch.a -utilities_ofp_kill_SOURCES = utilities/ofp-kill.c -utilities_ofp_kill_LDADD = lib/libopenflow.a +utilities_ovs_kill_SOURCES = utilities/ovs-kill.c +utilities_ovs_kill_LDADD = lib/libopenvswitch.a utilities_nlmon_SOURCES = utilities/nlmon.c -utilities_nlmon_LDADD = lib/libopenflow.a +utilities_nlmon_LDADD = lib/libopenvswitch.a diff --git a/utilities/cfg-mod.8.in b/utilities/cfg-mod.8.in index 1cb8d6d9..f97727d7 100644 --- a/utilities/cfg-mod.8.in +++ b/utilities/cfg-mod.8.in @@ -1,4 +1,4 @@ -.TH cfg-mod 8 "April 2009" "OpenFlow" "OpenFlow Manual" +.TH cfg-mod 8 "April 2009" "OpenVSwitch" "OpenVSwitch Manual" .ds PN cfg-mod . .SH NAME diff --git a/utilities/cfg-mod.c b/utilities/cfg-mod.c index 5cb1767a..0e3de885 100644 --- a/utilities/cfg-mod.c +++ b/utilities/cfg-mod.c @@ -62,13 +62,13 @@ open_config(char *config_file) error = cfg_set_file(config_file); if (error) { - ofp_fatal(error, "failed to add configuration file \"%s\"", + ovs_fatal(error, "failed to add configuration file \"%s\"", config_file); } error = cfg_lock(NULL, 0); if (error) { - ofp_fatal(error, "could not lock configuration file\n"); + ovs_fatal(error, "could not lock configuration file\n"); } } @@ -119,7 +119,7 @@ int main(int argc, char *argv[]) if ((option > UCHAR_MAX || !strchr("Fh?", option)) && config_set == false) { - ofp_fatal(0, "no config file specified (use --help for help)"); + ovs_fatal(0, "no config file specified (use --help for help)"); } switch (option) { @@ -166,7 +166,7 @@ int main(int argc, char *argv[]) free(short_options); if (optind != argc) { - ofp_fatal(0, "non-option arguments not accepted " + ovs_fatal(0, "non-option arguments not accepted " "(use --help for help)"); } diff --git a/utilities/dpctl.8.in b/utilities/dpctl.8.in index 9397ee60..4c6b6882 100644 --- a/utilities/dpctl.8.in +++ b/utilities/dpctl.8.in @@ -1,8 +1,8 @@ -.TH dpctl 8 "March 2009" "OpenFlow" "OpenFlow Manual" +.TH dpctl 8 "March 2009" "OpenVSwitch" "OpenVSwitch Manual" .ds PN dpctl .SH NAME -dpctl \- administer OpenFlow switches and datapaths +dpctl \- administer OpenVSwitch datapaths and OpenFlow switches .SH SYNOPSIS .B dpctl @@ -11,18 +11,18 @@ dpctl \- administer OpenFlow switches and datapaths .SH DESCRIPTION The .B dpctl -program is a command line tool primarily for monitoring and -administering OpenFlow switches. It is able to show the current state -of a switch, including features, configuration, and table entries. +program is a command line tool for monitoring and administering +OpenVSwitch datapaths and OpenFlow switches. .B dpctl -can also add, delete, and modify OpenFlow reference implementation -datapaths. +can add, delete, and modify OpenVSwitch datapaths. It can also show +the current state of an OpenFlow switch, including features, +configuration, and table entries. -.SS "Datapath Commands" +.SS "OpenVSwitch Datapath Commands" -The \fBdpctl\fR program can create, modify, and delete datapaths -supported by the OpenFlow reference implementation. A -single machine may host up to 256 datapaths (numbered 0 to 255). +The \fBdpctl\fR program can create, modify, and delete OpenVSwitch +datapaths. A single machine may host up to 256 datapaths (numbered 0 +to 255). A newly created datapath is associated with only one network device, a virtual network device sometimes called the datapath's ``local port''. @@ -104,17 +104,16 @@ about all configured datapaths. Prints to the console all flow entries in datapath \fIdp\fR's flow table. -This command is primarily useful for debugging the OpenFlow reference -implementation. The flow table entries that it displays are not +This command is primarily useful for debugging OpenVSwitch. The flow +table entries that it displays are not OpenFlow flow entries. Instead, they are different and considerably -simpler flows maintained by the datapaths used by the OpenFlow -reference implementation. +simpler flows maintained by the OpenVSwitch kernel module. .IP "\fBdp-del-flows \fIdp\fR" Deletes all flow entries from datapath \fIdp\fR's flow table. -This command is primarily useful for debugging the OpenFlow reference -implementation. As discussed in \fBdp-dump-flows\fR, these entries are +This command is primarily useful for debugging OpenVSwitch. As +discussed in \fBdp-dump-flows\fR, these entries are not OpenFlow flow entries. By deleting them, the process that set them up may be confused about their disappearance. @@ -125,8 +124,8 @@ that \fBsecchan\fR or \fBvswitch\fR is controlling: group 0 contains all ports except those disabled by STP, and group 1 contains all ports. Additional groups might be used in the future. -This command is primarily useful for debugging the OpenFlow reference -implementation. OpenFlow does not have a concept of port groups. +This command is primarily useful for debugging OpenVSwitch. OpenFlow +does not have a concept of port groups. .SS "OpenFlow Switch Management Commands" diff --git a/utilities/dpctl.c b/utilities/dpctl.c index 62dba7ab..6247af71 100644 --- a/utilities/dpctl.c +++ b/utilities/dpctl.c @@ -108,30 +108,30 @@ int main(int argc, char *argv[]) argc -= optind; argv += optind; if (argc < 1) - ofp_fatal(0, "missing command name; use --help for help"); + ovs_fatal(0, "missing command name; use --help for help"); for (p = all_commands; p->name != NULL; p++) { if (!strcmp(p->name, argv[0])) { int n_arg = argc - 1; if (n_arg < p->min_args) - ofp_fatal(0, "'%s' command requires at least %d arguments", + ovs_fatal(0, "'%s' command requires at least %d arguments", p->name, p->min_args); else if (n_arg > p->max_args) - ofp_fatal(0, "'%s' command takes at most %d arguments", + ovs_fatal(0, "'%s' command takes at most %d arguments", p->name, p->max_args); else { p->handler(&s, argc, argv); if (ferror(stdout)) { - ofp_fatal(0, "write to stdout failed"); + ovs_fatal(0, "write to stdout failed"); } if (ferror(stderr)) { - ofp_fatal(0, "write to stderr failed"); + ovs_fatal(0, "write to stderr failed"); } exit(0); } } } - ofp_fatal(0, "unknown command '%s'; use --help for help", argv[0]); + ovs_fatal(0, "unknown command '%s'; use --help for help", argv[0]); return 0; } @@ -169,7 +169,7 @@ parse_options(int argc, char *argv[], struct settings *s) case 't': timeout = strtoul(optarg, NULL, 10); if (timeout <= 0) { - ofp_fatal(0, "value %s on -t or --timeout is not at least 1", + ovs_fatal(0, "value %s on -t or --timeout is not at least 1", optarg); } else { time_alarm(timeout); @@ -207,9 +207,9 @@ parse_options(int argc, char *argv[], struct settings *s) static void usage(void) { - printf("%s: OpenFlow switch management utility\n" + printf("%s: OpenVSwitch datapath and OpenFlow switch management utility\n" "usage: %s [OPTIONS] COMMAND [ARG...]\n" - "\nFor datapaths:\n" + "\nFor OpenVSwitch datapaths:\n" " adddp DP [IFACE...] add new datapath DP (with IFACES)\n" " deldp DP delete local datapath DP\n" " addif DP IFACE... add each IFACE as a port on DP\n" @@ -369,7 +369,7 @@ get_free_port(struct dpif *dpif) next_portno: ; } - ofp_fatal(0, "no free datapath ports"); + ovs_fatal(0, "no free datapath ports"); } static void @@ -388,7 +388,7 @@ do_add_port(const struct settings *s UNUSED, int argc UNUSED, char *argv[]) devname = strtok_r(argv[i], "@@", &save_ptr); if (!devname) { - ofp_error(0, "%s is not a valid network device name", argv[i]); + ovs_error(0, "%s is not a valid network device name", argv[i]); continue; } @@ -402,7 +402,7 @@ do_add_port(const struct settings *s UNUSED, int argc UNUSED, char *argv[]) error = dpif_port_add(&dpif, devname, port); if (error) { - ofp_error(error, "adding %s as port %"PRIu16" of %s failed", + ovs_error(error, "adding %s as port %"PRIu16" of %s failed", devname, port, argv[1]); failure = true; } @@ -429,7 +429,7 @@ get_port_number(struct dpif *dpif, const char *name, uint16_t *port) } } free(ports); - ofp_error(0, "no port named %s", name); + ovs_error(0, "no port named %s", name); return false; } @@ -455,7 +455,7 @@ do_del_port(const struct settings *s UNUSED, int argc UNUSED, char *argv[]) error = dpif_port_del(&dpif, port); if (error) { - ofp_error(error, "deleting port %s from %s failed", name, argv[1]); + ovs_error(error, "deleting port %s from %s failed", name, argv[1]); failure = true; } } @@ -510,7 +510,7 @@ do_dp_show(const struct settings *s UNUSED, int argc UNUSED, char *argv[]) if (!error) { show_dpif(&dpif); } else { - ofp_error(error, "opening datapath %s failed", name); + ovs_error(error, "opening datapath %s failed", name); failure = true; } } @@ -526,7 +526,7 @@ do_dp_show(const struct settings *s UNUSED, int argc UNUSED, char *argv[]) if (!error) { show_dpif(&dpif); } else if (error != ENODEV) { - ofp_error(error, "opening datapath %s failed", name); + ovs_error(error, "opening datapath %s failed", name); failure = true; } } @@ -635,12 +635,12 @@ open_vconn(const char *name, struct vconn **vconnp) VLOG_INFO("datapath %s is named %s", name, dpif_name); } - socket_name = xasprintf("%s/%s.mgmt", ofp_rundir, dpif_name); + socket_name = xasprintf("%s/%s.mgmt", ovs_rundir, dpif_name); if (stat(socket_name, &s)) { - ofp_fatal(errno, "cannot connect to %s: stat failed on %s", + ovs_fatal(errno, "cannot connect to %s: stat failed on %s", name, socket_name); } else if (!S_ISSOCK(s.st_mode)) { - ofp_fatal(0, "cannot connect to %s: %s is not a socket", + ovs_fatal(0, "cannot connect to %s: %s is not a socket", name, socket_name); } @@ -651,7 +651,7 @@ open_vconn(const char *name, struct vconn **vconnp) free(socket_name); free(vconn_name); } else { - ofp_fatal(0, "%s is not a valid connection method", name); + ovs_fatal(0, "%s is not a valid connection method", name); } } @@ -759,14 +759,14 @@ do_status(const struct settings *s UNUSED, int argc, char *argv[]) vconn_close(vconn); if (b->size < sizeof *reply) { - ofp_fatal(0, "short reply (%zu bytes)", b->size); + ovs_fatal(0, "short reply (%zu bytes)", b->size); } reply = b->data; if (reply->header.type != OFPT_VENDOR || reply->vendor != ntohl(NX_VENDOR_ID) || reply->subtype != ntohl(NXT_STATUS_REPLY)) { ofp_print(stderr, b->data, b->size, 2); - ofp_fatal(0, "bad reply"); + ovs_fatal(0, "bad reply"); } fwrite(reply + 1, b->size - sizeof *reply, 1, stdout); @@ -794,7 +794,7 @@ str_to_u32(const char *str) errno = 0; value = strtoul(str, &tail, 0); if (errno == EINVAL || errno == ERANGE || *tail) { - ofp_fatal(0, "invalid numeric format %s", str); + ovs_fatal(0, "invalid numeric format %s", str); } return value; } @@ -804,7 +804,7 @@ str_to_mac(const char *str, uint8_t mac[6]) { if (sscanf(str, "%"SCNx8":%"SCNx8":%"SCNx8":%"SCNx8":%"SCNx8":%"SCNx8, &mac[0], &mac[1], &mac[2], &mac[3], &mac[4], &mac[5]) != 6) { - ofp_fatal(0, "invalid mac address %s", str); + ovs_fatal(0, "invalid mac address %s", str); } } @@ -820,7 +820,7 @@ str_to_ip(const char *str_, uint32_t *ip) name = strtok_r(str, "//", &save_ptr); retval = name ? lookup_ip(name, &in_addr) : EINVAL; if (retval) { - ofp_fatal(0, "%s: could not convert to IP address", str); + ovs_fatal(0, "%s: could not convert to IP address", str); } *ip = in_addr.s_addr; @@ -843,14 +843,14 @@ str_to_ip(const char *str_, uint32_t *ip) /* Verify that the rest of the bits are 1-bits. */ for (; i < 32; i++) { if (!(nm & (1u << i))) { - ofp_fatal(0, "%s: %s is not a valid netmask", + ovs_fatal(0, "%s: %s is not a valid netmask", str, netmask); } } } else { int prefix = atoi(netmask); if (prefix <= 0 || prefix > 32) { - ofp_fatal(0, "%s: network prefix bits not between 1 and 32", + ovs_fatal(0, "%s: network prefix bits not between 1 and 32", str); } n_wild = 32 - prefix; @@ -933,7 +933,7 @@ str_to_action(char *str, struct ofpbuf *b) uint16_t port; if (drop) { - ofp_fatal(0, "Drop actions must not be followed by other actions"); + ovs_fatal(0, "Drop actions must not be followed by other actions"); } /* Arguments are separated by colons */ @@ -966,7 +966,7 @@ str_to_action(char *str, struct ofpbuf *b) * an action. */ drop = true; if (n_actions) { - ofp_fatal(0, "Drop actions must not be preceded by other " + ovs_fatal(0, "Drop actions must not be preceded by other " "actions"); } #ifdef SUPPORT_SNAT @@ -974,7 +974,7 @@ str_to_action(char *str, struct ofpbuf *b) struct nx_action_snat *sa; if (str_to_u32(arg) > OFPP_MAX) { - ofp_fatal(0, "Invalid nat port: %s\n", arg); + ovs_fatal(0, "Invalid nat port: %s\n", arg); } sa = put_action(b, sizeof *sa, OFPAT_VENDOR); @@ -996,7 +996,7 @@ str_to_action(char *str, struct ofpbuf *b) } else if (strspn(act, "0123456789") == strlen(act)) { put_output_action(b, str_to_u32(act)); } else { - ofp_fatal(0, "Unknown action: %s", act); + ovs_fatal(0, "Unknown action: %s", act); } } } @@ -1095,13 +1095,13 @@ str_to_flow(char *string, struct ofp_match *match, struct ofpbuf *actions, if (actions) { char *act_str = strstr(string, "action"); if (!act_str) { - ofp_fatal(0, "must specify an action"); + ovs_fatal(0, "must specify an action"); } *(act_str-1) = '\0'; act_str = strchr(act_str, '='); if (!act_str) { - ofp_fatal(0, "must specify an action"); + ovs_fatal(0, "must specify an action"); } act_str++; @@ -1127,7 +1127,7 @@ str_to_flow(char *string, struct ofp_match *match, struct ofpbuf *actions, value = strtok_r(NULL, ", \t\r\n", &save_ptr); if (!value) { - ofp_fatal(0, "field %s missing value", name); + ovs_fatal(0, "field %s missing value", name); } if (table_idx && !strcmp(name, "table")) { @@ -1162,7 +1162,7 @@ str_to_flow(char *string, struct ofp_match *match, struct ofpbuf *actions, } } } else { - ofp_fatal(0, "unknown keyword %s", name); + ovs_fatal(0, "unknown keyword %s", name); } } } @@ -1292,7 +1292,7 @@ do_add_flows(const struct settings *s UNUSED, int argc UNUSED, char *argv[]) file = fopen(argv[2], "r"); if (file == NULL) { - ofp_fatal(errno, "%s: open", argv[2]); + ovs_fatal(errno, "%s: open", argv[2]); } open_vconn(argv[1], &vconn); @@ -1435,7 +1435,7 @@ do_probe(const struct settings *s UNUSED, int argc UNUSED, char *argv[]) open_vconn(argv[1], &vconn); run(vconn_transact(vconn, request, &reply), "talking to %s", argv[1]); if (reply->size != sizeof(struct ofp_header)) { - ofp_fatal(0, "reply does not match request"); + ovs_fatal(0, "reply does not match request"); } ofpbuf_delete(reply); vconn_close(vconn); @@ -1486,7 +1486,7 @@ do_mod_port(const struct settings *s UNUSED, int argc UNUSED, char *argv[]) } } if (port_idx == n_ports) { - ofp_fatal(0, "couldn't find monitored port: %s", argv[2]); + ovs_fatal(0, "couldn't find monitored port: %s", argv[2]); } opm = make_openflow(sizeof(struct ofp_port_mod), OFPT_PORT_MOD, &request); @@ -1512,7 +1512,7 @@ do_mod_port(const struct settings *s UNUSED, int argc UNUSED, char *argv[]) opm->mask |= htonl(OFPPC_NO_FLOOD); opm->config |= htonl(OFPPC_NO_FLOOD); } else { - ofp_fatal(0, "unknown mod-port command '%s'", argv[3]); + ovs_fatal(0, "unknown mod-port command '%s'", argv[3]); } send_openflow_buffer(vconn, request); @@ -1531,7 +1531,7 @@ do_ping(const struct settings *s UNUSED, int argc, char *argv[]) payload = argc > 2 ? atoi(argv[2]) : 64; if (payload > max_payload) { - ofp_fatal(0, "payload must be between 0 and %zu bytes", max_payload); + ovs_fatal(0, "payload must be between 0 and %zu bytes", max_payload); } open_vconn(argv[1], &vconn); @@ -1581,7 +1581,7 @@ do_benchmark(const struct settings *s UNUSED, int argc UNUSED, char *argv[]) payload_size = atoi(argv[2]); if (payload_size > max_payload) { - ofp_fatal(0, "payload must be between 0 and %zu bytes", max_payload); + ovs_fatal(0, "payload must be between 0 and %zu bytes", max_payload); } message_size = sizeof(struct ofp_header) + payload_size; @@ -1641,14 +1641,14 @@ do_execute(const struct settings *s UNUSED, int argc, char *argv[]) run(vconn_recv_xid(vconn, xid, &reply), "recv_xid"); if (reply->size < sizeof *ncr) { - ofp_fatal(0, "reply is too short (%zu bytes < %zu bytes)", + ovs_fatal(0, "reply is too short (%zu bytes < %zu bytes)", reply->size, sizeof *ncr); } ncr = reply->data; if (ncr->nxh.header.type != OFPT_VENDOR || ncr->nxh.vendor != htonl(NX_VENDOR_ID) || ncr->nxh.subtype != htonl(NXT_COMMAND_REPLY)) { - ofp_fatal(0, "reply is invalid"); + ovs_fatal(0, "reply is invalid"); } status = ntohl(ncr->status); diff --git a/utilities/nlmon.c b/utilities/nlmon.c index 78801b7e..eb1be60a 100644 --- a/utilities/nlmon.c +++ b/utilities/nlmon.c @@ -32,7 +32,7 @@ main(int argc UNUSED, char *argv[]) error = nl_sock_create(NETLINK_ROUTE, RTNLGRP_LINK, 0, 0, &sock); if (error) { - ofp_fatal(error, "could not create rtnetlink socket"); + ovs_fatal(error, "could not create rtnetlink socket"); } for (;;) { @@ -42,9 +42,9 @@ main(int argc UNUSED, char *argv[]) if (error == EAGAIN) { /* Nothing to do. */ } else if (error == ENOBUFS) { - ofp_error(0, "network monitor socket overflowed"); + ovs_error(0, "network monitor socket overflowed"); } else if (error) { - ofp_fatal(error, "error on network monitor socket"); + ovs_fatal(error, "error on network monitor socket"); } else { struct nlattr *attrs[ARRAY_SIZE(rtnlgrp_link_policy)]; struct nlmsghdr *nlh; @@ -53,7 +53,7 @@ main(int argc UNUSED, char *argv[]) nlh = ofpbuf_at(buf, 0, NLMSG_HDRLEN); iim = ofpbuf_at(buf, NLMSG_HDRLEN, sizeof *iim); if (!iim) { - ofp_error(0, "received bad rtnl message (no ifinfomsg)"); + ovs_error(0, "received bad rtnl message (no ifinfomsg)"); ofpbuf_delete(buf); continue; } @@ -61,7 +61,7 @@ main(int argc UNUSED, char *argv[]) if (!nl_policy_parse(buf, NLMSG_HDRLEN + sizeof(struct ifinfomsg), rtnlgrp_link_policy, attrs, ARRAY_SIZE(rtnlgrp_link_policy))) { - ofp_error(0, "received bad rtnl message (policy)"); + ovs_error(0, "received bad rtnl message (policy)"); ofpbuf_delete(buf); continue; } diff --git a/utilities/ofp-discover.8.in b/utilities/ofp-discover.8.in deleted file mode 100644 index 671248a6..00000000 --- a/utilities/ofp-discover.8.in +++ /dev/null @@ -1,118 +0,0 @@ -.TH ofp\-discover 8 "May 2008" "OpenFlow" "OpenFlow Manual" -.ds PN ofp\-discover - -.SH NAME -ofp\-discover \- controller discovery utility - -.SH SYNOPSIS -.B ofp\-discover -[\fIoptions\fR] \fInetdev\fR [\fInetdev\fR...] - -.SH DESCRIPTION -The \fBofp\-discover\fR program attempts to discover the location of -an OpenFlow controller on one of the network devices listed on the -command line. It repeatedly broadcasts a DHCP request with vendor -class identifier \fBOpenFlow\fR on each network device until it -receives an acceptable DHCP response. It will accept any valid DHCP -reply that has the same vendor class identifier and includes a -vendor-specific option with code 1 whose contents are a string -specifying the location of the controller in the same format used on -the \fBsecchan\fR command line (e.g. \fBssl:192.168.0.1\fR). - -When \fBofp\-discover\fR receives an acceptable response, it prints -the details of the response on \fBstdout\fR. Then, by default, it -configures the network device on which the response was received with -the received IP address, netmask, and default gateway, and detaches -itself to the background. - -.SH OPTIONS -.TP -\fB--accept-vconn=\fIregex\fR -By default, \fBofp\-discover\fR accepts any controller location -advertised over DHCP. With this option, only controllers whose names -match POSIX extended regular expression \fIregex\fR will be accepted. -Specifying \fBssl:.*\fR for \fIregex\fR, for example, would cause only -SSL controller connections to be accepted. - -The \fIregex\fR is implicitly anchored at the beginning of the -controller location string, as if it begins with \fB^\fR. - -.TP -\fB--exit-without-bind\fR -By default, \fBofp\-discover\fR binds the network device that receives -the first acceptable response to the IP address received over DHCP. -With this option, the configuration of the network device is not -changed at all, except to bring it up if it is initially down, and -\fBofp\-discover\fR will exit immediately after it receives an -acceptable DHCP response. - -This option is mutually exclusive with \fB--exit-after-bind\fR and -\fB--no-detach\fR. - -.TP -\fB--exit-after-bind\fR -By default, after it receives an acceptable DHCP response, -\fBofp\-discover\fR detaches itself from the foreground session and -runs in the background maintaining the DHCP lease as necessary. With -this option, \fBofp\-discover\fR will exit immediately after it -receives an acceptable DHCP response and configures the network device -with the received IP address. The address obtained via DHCP could -therefore be used past the expiration of its lease. - -This option is mutually exclusive with \fB--exit-without-bind\fR and -\fB--no-detach\fR. - -.TP -\fB--no-detach\fR -By default, \fBofp\-discover\fR runs in the foreground until it obtains -an acceptable DHCP response, then it detaches itself from the -foreground session and run as a background process. This option -prevents \fBofp\-discover\fR from detaching, causing it to run in the -foreground even after it obtains a DHCP response. - -This option is mutually exclusive with \fB--exit-without-bind\fR and -\fB--exit-after-bind\fR. - -.TP -\fB-P\fR[\fIpidfile\fR], \fB--pidfile\fR[\fB=\fIpidfile\fR] -Causes a file (by default, \fBofp\-discover.pid\fR) to be created indicating -the PID of the running process. If \fIpidfile\fR is not specified, or -if it does not begin with \fB/\fR, then it is created in -\fB@RUNDIR@\fR. - -The \fIpidfile\fR is created when \fBofp\-discover\fR detaches, so -this this option has no effect when one of \fB--exit-without-bind\fR, -\fB--exit-after-bind\fR, or \fB--no-detach\fR is also given. - -.TP -\fB-f\fR, \fB--force\fR -By default, when \fB-P\fR or \fB--pidfile\fR is specified and the -specified pidfile already exists and is locked by a running process, -\fBcontroller\fR refuses to start. Specify \fB-f\fR or \fB--force\fR -to cause it to instead overwrite the pidfile. - -When \fB-P\fR or \fB--pidfile\fR is not specified, this option has no -effect. - -.so lib/vlog.man -.so lib/common.man - -.SH BUGS - -If the network devices specified on the command line have been added -to an OpenFlow switch with \fBdpctl addif\fR, then controller -discovery will fail because \fBofp\-discover\fR will not be able to -see DHCP responses, even though tools such as \fBtcpdump\fR(8) and -\fBwireshark\fR(1) can see them on the wire. This is because of the -structure of the Linux kernel networking stack, which hands packets -first to programs that listen for all arriving packets, then to -OpenFlow, then to programs that listen for a specific kind of packet. -OpenFlow consumes all the packets handed to it, so tools like -\fBtcpdump\fR that look at all packets will see packets arriving on -OpenFlow interfaces, but \fRofp\-discover\fR, which listens only for -arriving IP packets, will not. - -.SH "SEE ALSO" - -.BR secchan (8), -.BR ofp-pki (8) diff --git a/utilities/ofp-discover.c b/utilities/ofp-discover.c deleted file mode 100644 index 48627a34..00000000 --- a/utilities/ofp-discover.c +++ /dev/null @@ -1,423 +0,0 @@ -/* Copyright (c) 2008, 2009 The Board of Trustees of The Leland Stanford - * Junior University - * - * We are making the OpenFlow specification and associated documentation - * (Software) available for public use and benefit with the expectation - * that others will use, modify and enhance the Software and contribute - * those enhancements back to the community. However, since we would - * like to make the Software available for broadest use, with as few - * restrictions as possible permission is hereby granted, free of - * charge, to any person obtaining a copy of this Software to deal in - * the Software under the copyrights without restriction, including - * without limitation the rights to use, copy, modify, merge, publish, - * distribute, sublicense, and/or sell copies of the Software, and to - * permit persons to whom the Software is furnished to do so, subject to - * the following conditions: - * - * The above copyright notice and this permission notice shall be - * included in all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, - * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF - * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND - * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS - * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN - * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN - * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE - * SOFTWARE. - * - * The name and trademarks of copyright holder(s) may NOT be used in - * advertising or publicity pertaining to the Software or any - * derivatives without specific, written prior permission. - */ - -#include -#include -#include -#include -#include -#include -#include -#include "command-line.h" -#include "daemon.h" -#include "dhcp-client.h" -#include "dhcp.h" -#include "dirs.h" -#include "dynamic-string.h" -#include "fatal-signal.h" -#include "netdev.h" -#include "poll-loop.h" -#include "timeval.h" -#include "unixctl.h" -#include "util.h" - -#include "vlog.h" -#define THIS_MODULE VLM_ofp_discover - -struct iface { - const char *name; - struct dhclient *dhcp; -}; - -/* The interfaces that we serve. */ -static struct iface *ifaces; -static int n_ifaces; - -/* --accept-vconn: Regular expression specifying the class of controller vconns - * that we will accept during autodiscovery. */ -static const char *accept_controller_re = ".*"; -static regex_t accept_controller_regex; - -/* --exit-without-bind: Exit after discovering the controller, without binding - * the network device to an IP address? */ -static bool exit_without_bind; - -/* --exit-after-bind: Exit after discovering the controller, after binding the - * network device to an IP address? */ -static bool exit_after_bind; - -static bool iface_init(struct iface *, const char *netdev_name); -static void release_ifaces(void *aux UNUSED); - -static void parse_options(int argc, char *argv[]); -static void usage(void) NO_RETURN; - -static void modify_dhcp_request(struct dhcp_msg *, void *aux); -static bool validate_dhcp_offer(const struct dhcp_msg *, void *aux); - -int -main(int argc, char *argv[]) -{ - struct unixctl_server *unixctl; - int retval; - int i; - - set_program_name(argv[0]); - time_init(); - vlog_init(); - parse_options(argc, argv); - - argc -= optind; - argv += optind; - if (argc < 1) { - ofp_fatal(0, "need at least one non-option argument; " - "use --help for usage"); - } - - ifaces = xmalloc(argc * sizeof *ifaces); - n_ifaces = 0; - for (i = 0; i < argc; i++) { - if (iface_init(&ifaces[n_ifaces], argv[i])) { - n_ifaces++; - } - } - if (!n_ifaces) { - ofp_fatal(0, "failed to initialize any DHCP clients"); - } - - for (i = 0; i < n_ifaces; i++) { - struct iface *iface = &ifaces[i]; - dhclient_init(iface->dhcp, 0); - } - fatal_signal_add_hook(release_ifaces, NULL, true); - - retval = regcomp(&accept_controller_regex, accept_controller_re, - REG_NOSUB | REG_EXTENDED); - if (retval) { - size_t length = regerror(retval, &accept_controller_regex, NULL, 0); - char *buffer = xmalloc(length); - regerror(retval, &accept_controller_regex, buffer, length); - ofp_fatal(0, "%s: %s", accept_controller_re, buffer); - } - - retval = unixctl_server_create(NULL, &unixctl); - if (retval) { - ofp_fatal(retval, "Could not listen for unixctl connections"); - } - - die_if_already_running(); - - signal(SIGPIPE, SIG_IGN); - for (;;) { - fatal_signal_block(); - for (i = 0; i < n_ifaces; i++) { - struct iface *iface = &ifaces[i]; - dhclient_run(iface->dhcp); - if (dhclient_changed(iface->dhcp)) { - bool is_bound = dhclient_is_bound(iface->dhcp); - int j; - - /* Configure network device. */ - if (!exit_without_bind) { - dhclient_configure_netdev(iface->dhcp); - dhclient_update_resolv_conf(iface->dhcp); - } - - if (is_bound) { - static bool detached = false; - struct ds ds; - - /* Disable timeout, since discovery was successful. */ - time_alarm(0); - - /* Print discovered parameters. */ - ds_init(&ds); - dhcp_msg_to_string(dhclient_get_config(iface->dhcp), - true, &ds); - fputs(ds_cstr(&ds), stdout); - putchar('\n'); - fflush(stdout); - ds_destroy(&ds); - - /* Exit if the user requested it. */ - if (exit_without_bind) { - VLOG_DBG("exiting because of successful binding on %s " - "and --exit-without-bind specified", - iface->name); - exit(0); - } - if (exit_after_bind) { - VLOG_DBG("exiting because of successful binding on %s " - "and --exit-after-bind specified", - iface->name); - exit(0); - } - - /* Detach into background, if we haven't already. */ - if (!detached) { - detached = true; - daemonize(); - } - } - - /* We only want an address on a single one of our interfaces. - * So: if we have an address on this interface, stop looking - * for one on the others; if we don't have an address on this - * interface, start looking everywhere. */ - for (j = 0; j < n_ifaces; j++) { - struct iface *if2 = &ifaces[j]; - if (iface != if2) { - if (is_bound) { - dhclient_release(if2->dhcp); - } else { - dhclient_init(if2->dhcp, 0); - } - } - } - } - } - unixctl_server_run(unixctl); - for (i = 0; i < n_ifaces; i++) { - struct iface *iface = &ifaces[i]; - dhclient_wait(iface->dhcp); - } - unixctl_server_wait(unixctl); - fatal_signal_unblock(); - poll_block(); - } - - return 0; -} - -static bool -iface_init(struct iface *iface, const char *netdev_name) -{ - int retval; - - iface->name = netdev_name; - iface->dhcp = NULL; - - if (exit_after_bind) { - /* Bring this interface up permanently, so that the bound address - * persists past program termination. */ - struct netdev *netdev; - - retval = netdev_open(iface->name, NETDEV_ETH_TYPE_NONE, &netdev); - if (retval) { - ofp_error(retval, "Could not open %s device", iface->name); - return false; - } - retval = netdev_turn_flags_on(netdev, NETDEV_UP, true); - if (retval) { - ofp_error(retval, "Could not bring %s device up", iface->name); - return false; - } - netdev_close(netdev); - } - - retval = dhclient_create(iface->name, modify_dhcp_request, - validate_dhcp_offer, NULL, &iface->dhcp); - if (retval) { - ofp_error(retval, "%s: failed to initialize DHCP client", iface->name); - return false; - } - - return true; -} - -static void -release_ifaces(void *aux UNUSED) -{ - int i; - - for (i = 0; i < n_ifaces; i++) { - struct dhclient *dhcp = ifaces[i].dhcp; - dhclient_release(dhcp); - if (dhclient_changed(dhcp)) { - dhclient_configure_netdev(dhcp); - } - } -} - -static void -modify_dhcp_request(struct dhcp_msg *msg, void *aux UNUSED) -{ - dhcp_msg_put_string(msg, DHCP_CODE_VENDOR_CLASS, "OpenFlow"); -} - -static bool -validate_dhcp_offer(const struct dhcp_msg *msg, void *aux UNUSED) -{ - static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(60, 60); - char *vconn_name; - bool accept; - - vconn_name = dhcp_msg_get_string(msg, DHCP_CODE_OFP_CONTROLLER_VCONN); - if (!vconn_name) { - VLOG_WARN_RL(&rl, "rejecting DHCP offer missing controller vconn"); - return false; - } - accept = !regexec(&accept_controller_regex, vconn_name, 0, NULL, 0); - free(vconn_name); - return accept; -} - -static void -parse_options(int argc, char *argv[]) -{ - enum { - OPT_ACCEPT_VCONN = UCHAR_MAX + 1, - OPT_EXIT_WITHOUT_BIND, - OPT_EXIT_AFTER_BIND, - OPT_NO_DETACH, - }; - static struct option long_options[] = { - {"accept-vconn", required_argument, 0, OPT_ACCEPT_VCONN}, - {"exit-without-bind", no_argument, 0, OPT_EXIT_WITHOUT_BIND}, - {"exit-after-bind", no_argument, 0, OPT_EXIT_AFTER_BIND}, - {"no-detach", no_argument, 0, OPT_NO_DETACH}, - {"timeout", required_argument, 0, 't'}, - {"pidfile", optional_argument, 0, 'P'}, - {"force", no_argument, 0, 'f'}, - {"verbose", optional_argument, 0, 'v'}, - {"help", no_argument, 0, 'h'}, - {"version", no_argument, 0, 'V'}, - {0, 0, 0, 0}, - }; - char *short_options = long_options_to_short_options(long_options); - bool detach_after_bind = true; - - for (;;) { - unsigned long int timeout; - int c; - - c = getopt_long(argc, argv, short_options, long_options, NULL); - if (c == -1) { - break; - } - - switch (c) { - case OPT_ACCEPT_VCONN: - accept_controller_re = (optarg[0] == '^' - ? optarg - : xasprintf("^%s", optarg)); - break; - - case OPT_EXIT_WITHOUT_BIND: - exit_without_bind = true; - break; - - case OPT_EXIT_AFTER_BIND: - exit_after_bind = true; - break; - - case OPT_NO_DETACH: - detach_after_bind = false; - break; - - case 'P': - set_pidfile(optarg); - break; - - case 'f': - ignore_existing_pidfile(); - break; - - case 't': - timeout = strtoul(optarg, NULL, 10); - if (timeout <= 0) { - ofp_fatal(0, "value %s on -t or --timeout is not at least 1", - optarg); - } else { - time_alarm(timeout); - } - signal(SIGALRM, SIG_DFL); - break; - - case 'h': - usage(); - - case 'V': - printf("%s %s compiled "__DATE__" "__TIME__"\n", - program_name, VERSION BUILDNR); - exit(EXIT_SUCCESS); - - case 'v': - vlog_set_verbosity(optarg); - break; - - case '?': - exit(EXIT_FAILURE); - - default: - abort(); - } - } - free(short_options); - - if ((exit_without_bind + exit_after_bind + !detach_after_bind) > 1) { - ofp_fatal(0, "--exit-without-bind, --exit-after-bind, and --no-detach " - "are mutually exclusive"); - } - if (detach_after_bind) { - set_detach(); - } -} - -static void -usage(void) -{ - printf("%s: a tool for discovering OpenFlow controllers.\n" - "usage: %s [OPTIONS] NETDEV [NETDEV...]\n" - "where each NETDEV is a network device on which to perform\n" - "controller discovery.\n" - "\nOrdinarily, ofp-discover runs in the foreground until it\n" - "obtains an IP address and discovers an OpenFlow controller via\n" - "DHCP, then it prints information about the controller to stdout\n" - "and detaches to the background to maintain the IP address lease.\n" - "\nNetworking options:\n" - " --accept-vconn=REGEX accept matching discovered controllers\n" - " --exit-without-bind exit after discovery, without binding\n" - " --exit-after-bind exit after discovery, after binding\n" - " --no-detach do not detach after discovery\n", - program_name, program_name); - vlog_usage(); - printf("\nOther options:\n" - " -t, --timeout=SECS give up discovery after SECS seconds\n" - " -P, --pidfile[=FILE] create pidfile (default: %s/%s.pid)\n" - " -f, --force with -P, start even if already running\n" - " -h, --help display this help message\n" - " -V, --version display version information\n", - ofp_rundir, program_name); - exit(EXIT_SUCCESS); -} diff --git a/utilities/ofp-kill.8.in b/utilities/ofp-kill.8.in deleted file mode 100644 index 691e210f..00000000 --- a/utilities/ofp-kill.8.in +++ /dev/null @@ -1,60 +0,0 @@ -.TH ofp\-kill 8 "May 2008" "OpenFlow" "OpenFlow Manual" -.ds PN ofp\-kill - -.SH NAME -ofp\-kill \- kills processes given their pidfiles - -.SH SYNOPSIS -.B ofp\-kill -[\fIoptions\fR] \fIpidfile\fR [\fIpidfile\fR...] - -.SH DESCRIPTION -The \fBofp\-kill\fR program reads each \fIpidfile\fR specified on the -command line and sends a signal to the program associated with it, if -any. It reads one line of text from \fIpidfile\fR, which must contain -the PID of the process to kill as a text string. It then uses -\fBfcntl\fR(2) to verify that a process with the PID from the file -owns a lock on \fIpidfile\fR before it sends the signal. - -A \fIpidfile\fR whose name begins with \fB/\fR is used literally. -Otherwise, \fB@RUNDIR@/\fR is prefixed. - -This program exists for use by \fBofp\-switch\-setup\fR, which cannot -easily implement its functionality since Perl has no portable -interface to \fBfcntl\fR-based file locking. - -.SH OPTIONS -.TP -\fB-s \fInumber\fR|\fIname\fR, \fB\-\^\-signal=\fInumber\fR|\fIname\fR -Sets the signal to be sent to each process. Signals may be given by -number (e.g. \fB1\fR) or by name (e.g. \fBHUP\fR or \fBSIGHUP\fR). -By default, \fBSIGTERM\fR is sent. - -.TP -\fB-f\fR, \fB\-\^\-force\fR -Causes \fBofp\-kill\fR to ignore all errors without printing a message -to \fBstderr\fR, and to exit with return code 0. - -.so lib/common.man - -.SH "EXIT CODE" - -Without \fB-f\fR or \fB\-\^\-force\fR, \fBofp\-kill\fR exits with -status 0 if at least one \fIpidfile\fR was given and the process -represented by every \fIpidfile\fR was signaled successfully, -otherwise with status 1. - -With \fB-f\fR or \fB\-\^\-force\fR, \fBofp\-kill\fR always exits with -status 0. - -.SH BUGS - -There is a race between verifying the lock on \fIpidfile\fR and -actually killing the process. - -\fBofp\-kill\fR does not wait for the signaled processes to die before -exiting. - -.SH "SEE ALSO" - -.BR ofp\-switch\-setup (8) diff --git a/utilities/ofp-kill.c b/utilities/ofp-kill.c deleted file mode 100644 index 0ad04343..00000000 --- a/utilities/ofp-kill.c +++ /dev/null @@ -1,228 +0,0 @@ -/* Copyright (c) 2008 The Board of Trustees of The Leland Stanford - * Junior University - * - * We are making the OpenFlow specification and associated documentation - * (Software) available for public use and benefit with the expectation - * that others will use, modify and enhance the Software and contribute - * those enhancements back to the community. However, since we would - * like to make the Software available for broadest use, with as few - * restrictions as possible permission is hereby granted, free of - * charge, to any person obtaining a copy of this Software to deal in - * the Software under the copyrights without restriction, including - * without limitation the rights to use, copy, modify, merge, publish, - * distribute, sublicense, and/or sell copies of the Software, and to - * permit persons to whom the Software is furnished to do so, subject to - * the following conditions: - * - * The above copyright notice and this permission notice shall be - * included in all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, - * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF - * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND - * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS - * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN - * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN - * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE - * SOFTWARE. - * - * The name and trademarks of copyright holder(s) may NOT be used in - * advertising or publicity pertaining to the Software or any - * derivatives without specific, written prior permission. - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include "command-line.h" -#include "daemon.h" -#include "timeval.h" -#include "util.h" -#include "vlog.h" - -/* -s, --signal: signal to send. */ -static int sig_nr = SIGTERM; - -/* -f, --force: ignore errors. */ -static bool force; - -static void cond_error(int err_no, const char *, ...) PRINTF_FORMAT(2, 3); - -static void parse_options(int argc, char *argv[]); -static void usage(void); - -int -main(int argc, char *argv[]) -{ - bool ok = true; - int i; - - set_program_name(argv[0]); - time_init(); - vlog_init(); - parse_options(argc, argv); - - argc -= optind; - argv += optind; - if (argc < 1) { - if (!force) { - ofp_fatal(0, "need at least one non-option argument; " - "use --help for usage"); - } - } - - for (i = 0; i < argc; i++) { - char *pidfile; - pid_t pid; - - pidfile = make_pidfile_name(argv[i]); - pid = read_pidfile(pidfile); - if (pid >= 0) { - if (kill(pid, sig_nr) < 0) { - cond_error(errno, "%s: kill(%ld)", pidfile, (long int) pid); - } - } else { - cond_error(-pid, "could not read %s", pidfile); - } - free(pidfile); - } - - return ok || force ? EXIT_SUCCESS : EXIT_FAILURE; -} - -static void -parse_options(int argc, char *argv[]) -{ - static struct option long_options[] = { - {"signal", required_argument, 0, 's'}, - {"force", no_argument, 0, 'f'}, - {"help", no_argument, 0, 'h'}, - {"version", no_argument, 0, 'V'}, - {0, 0, 0, 0}, - }; - char *short_options = long_options_to_short_options(long_options); - - for (;;) { - int c; - - c = getopt_long(argc, argv, short_options, long_options, NULL); - if (c == -1) { - break; - } - - switch (c) { - case 's': - if (atoi(optarg) || !strcmp(optarg, "0")) { - sig_nr = atoi(optarg); - } else { - struct signal_name { - const char *name; - int number; - }; - - static const struct signal_name signals[] = { -#define SIGNAL(NAME) { #NAME, NAME } - SIGNAL(SIGABRT), - SIGNAL(SIGALRM), - SIGNAL(SIGBUS), - SIGNAL(SIGCHLD), - SIGNAL(SIGCONT), - SIGNAL(SIGFPE), - SIGNAL(SIGHUP), - SIGNAL(SIGILL), - SIGNAL(SIGINT), - SIGNAL(SIGKILL), - SIGNAL(SIGPIPE), - SIGNAL(SIGQUIT), - SIGNAL(SIGSEGV), - SIGNAL(SIGSTOP), - SIGNAL(SIGTERM), - SIGNAL(SIGTSTP), - SIGNAL(SIGTTIN), - SIGNAL(SIGTTOU), - SIGNAL(SIGUSR1), - SIGNAL(SIGUSR2), -#ifdef SIGPOLL - SIGNAL(SIGPOLL), -#endif - SIGNAL(SIGPROF), - SIGNAL(SIGSYS), - SIGNAL(SIGTRAP), - SIGNAL(SIGURG), - SIGNAL(SIGVTALRM), - SIGNAL(SIGXCPU), - SIGNAL(SIGXFSZ), -#undef SIGNAL - }; - int i; - - for (i = 0; i < ARRAY_SIZE(signals); i++) { - const struct signal_name *s = &signals[i]; - if (!strcmp(optarg, s->name) - || !strcmp(optarg, s->name + 3)) { - sig_nr = s->number; - goto got_name; - } - } - ofp_fatal(0, "unknown signal \"%s\"", optarg); - got_name: ; - } - break; - - case 'f': - force = true; - break; - - case 'h': - usage(); - - case 'V': - printf("%s %s compiled "__DATE__" "__TIME__"\n", - program_name, VERSION BUILDNR); - exit(EXIT_SUCCESS); - - case '?': - exit(EXIT_FAILURE); - - default: - abort(); - } - } - free(short_options); -} - -static void -usage(void) -{ - printf("%s: kills a program using a pidfile\n" - "usage: %s [OPTIONS] PIDFILE [PIDFILE...]\n" - "where each PIDFILE is a pidfile created by an OpenFlow daemon.\n" - "\nOptions:\n" - " -s, --signal=NUMBER|NAME signal to send (default: TERM)\n" - " -f, --force ignore errors\n" - " -h, --help display this help message\n" - " -V, --version display version information\n", - program_name, program_name); - exit(EXIT_SUCCESS); -} - -static void -cond_error(int err_no, const char *format, ...) -{ - if (!force) { - va_list args; - - fprintf(stderr, "%s: ", program_name); - va_start(args, format); - vfprintf(stderr, format, args); - va_end(args); - if (err_no != 0) - fprintf(stderr, " (%s)", strerror(err_no)); - putc('\n', stderr); - } -} diff --git a/utilities/ofp-parse-leaks.in b/utilities/ofp-parse-leaks.in deleted file mode 100755 index 059c8509..00000000 --- a/utilities/ofp-parse-leaks.in +++ /dev/null @@ -1,285 +0,0 @@ -#! @PERL@ - -use strict; -use warnings; - -if (grep($_ eq '--help', @ARGV)) { - print < 1; -die "$0: $ARGV[0] does not exist" if @ARGV > 0 && ! -e $ARGV[0]; - -our ($binary); -our ($a2l) = search_path("addr2line"); -my ($no_syms) = "symbols will not be translated"; -if (!@ARGV) { - print "no binary specified; $no_syms\n"; -} elsif (! -e $ARGV[0]) { - print "$ARGV[0] does not exist; $no_syms"; -} elsif (!defined($a2l)) { - print "addr2line not found in PATH; $no_syms"; -} else { - $binary = $ARGV[0]; -} - -our ($objdump) = search_path("objdump"); -print "objdump not found; dynamic library symbols will not be translated\n" - if !defined($objdump); - -our %blocks; -our @segments; -while () { - my $ptr = "((?:0x)?[0-9a-fA-F]+|\\(nil\\))"; - my $callers = ":((?: $ptr)+)"; - if (/^malloc\((\d+)\) -> $ptr$callers$/) { - allocated($., $2, $1, $3); - } elsif (/^claim\($ptr\)$callers$/) { - claimed($., $1, $2); - } elsif (/realloc\($ptr, (\d+)\) -> $ptr$callers$/) { - my ($callers) = $4; - freed($., $1, $callers); - allocated($., $3, $2, $callers); - } elsif (/^free\($ptr\)$callers$/) { - freed($., $1, $2); - } elsif (/^segment: $ptr-$ptr $ptr [-r][-w][-x][sp] (.*)/) { - add_segment(hex($1), hex($2), hex($3), $4); - } else { - print "stdin:$.: syntax error\n"; - } -} -if (%blocks) { - my $n_blocks = scalar(keys(%blocks)); - my $n_bytes = 0; - $n_bytes += $_->{SIZE} foreach values(%blocks); - print "$n_bytes bytes in $n_blocks blocks not freed at end of run\n"; - my %blocks_by_callers; - foreach my $block (values(%blocks)) { - my ($trimmed_callers) = trim_callers($block->{CALLERS}); - push (@{$blocks_by_callers{$trimmed_callers}}, $block); - } - foreach my $callers (sort {@{$b} <=> @{$a}} (values(%blocks_by_callers))) { - $n_blocks = scalar(@{$callers}); - $n_bytes = 0; - $n_bytes += $_->{SIZE} foreach @{$callers}; - print "$n_bytes bytes in these $n_blocks blocks were not freed:\n"; - my $i = 0; - my $max = 5; - foreach my $block (sort {$a->{LINE} <=> $b->{LINE}} (@{$callers})) { - printf "\t%d-byte block at 0x%08x allocated on stdin:%d\n", - $block->{SIZE}, $block->{BASE}, $block->{LINE}; - last if $i++ > $max; - } - print "\t...and ", $n_blocks - $max, " others...\n" - if $n_blocks > $max; - print "The blocks listed above were allocated by:\n"; - print_callers("\t", ${$callers}[0]->{CALLERS}); - } -} -sub interp_pointer { - my ($s_ptr) = @_; - return $s_ptr eq '(nil)' ? 0 : hex($s_ptr); -} - -sub allocated { - my ($line, $s_base, $size, $callers) = @_; - my ($base) = interp_pointer($s_base); - return if !$base; - my ($info) = {LINE => $line, - BASE => $base, - SIZE => $size, - CALLERS => $callers}; - if (exists($blocks{$base})) { - print "In-use address returned by allocator:\n"; - print "\tInitial allocation:\n"; - print_block("\t\t", $blocks{$base}); - print "\tNew allocation:\n"; - print_block("\t\t", $info); - } - $blocks{$base} = $info; -} - -sub claimed { - my ($line, $s_base, $callers) = @_; - my ($base) = interp_pointer($s_base); - return if !$base; - if (exists($blocks{$base})) { - $blocks{$base}{LINE} = $line; - $blocks{$base}{CALLERS} = $callers; - } else { - printf "Claim asserted on not-in-use block 0x%08x by:\n", $base; - print_callers('', $callers); - } -} - -sub freed { - my ($line, $s_base, $callers) = @_; - my ($base) = interp_pointer($s_base); - return if !$base; - - if (!delete($blocks{$base})) { - printf "Bad free of not-allocated address 0x%08x on stdin:%d by:\n", $base, $line; - print_callers('', $callers); - } -} - -sub print_block { - my ($prefix, $info) = @_; - printf '%s%d-byte block at 0x%08x allocated on stdin:%d by:' . "\n", - $prefix, $info->{SIZE}, $info->{BASE}, $info->{LINE}; - print_callers($prefix, $info->{CALLERS}); -} - -sub print_callers { - my ($prefix, $callers) = @_; - foreach my $pc (split(' ', $callers)) { - print "$prefix\t", lookup_pc($pc), "\n"; - } -} - -our (%cache); -sub lookup_pc { - my ($s_pc) = @_; - if (defined($binary)) { - my ($pc) = hex($s_pc); - my ($output) = "$s_pc: "; - if (!exists($cache{$pc})) { - open(A2L, "$a2l -fe $binary --demangle $s_pc|"); - chomp(my $function = ); - chomp(my $line = ); - close(A2L); - if ($function eq '??') { - ($function, $line) = lookup_pc_by_segment($pc); - } - $line =~ s/^(\.\.\/)*//; - $line = "..." . substr($line, -25) if length($line) > 28; - $cache{$pc} = "$s_pc: $function ($line)"; - } - return $cache{$pc}; - } else { - return "$s_pc"; - } -} - -sub trim_callers { - my ($in) = @_; - my (@out); - foreach my $pc (split(' ', $in)) { - my $xlated = lookup_pc($pc); - if ($xlated =~ /\?\?/) { - push(@out, "...") if !@out || $out[$#out] ne '...'; - } else { - push(@out, $pc); - } - } - return join(' ', @out); -} - -sub search_path { - my ($target) = @_; - for my $dir (split (':', $ENV{PATH})) { - my ($file) = "$dir/$target"; - return $file if -e $file; - } - return undef; -} - -sub add_segment { - my ($vm_start, $vm_end, $vm_pgoff, $file) = @_; - for (my $i = 0; $i <= $#segments; $i++) { - my ($s) = $segments[$i]; - next if $vm_end <= $s->{START} || $vm_start >= $s->{END}; - if ($vm_start <= $s->{START} && $vm_end >= $s->{END}) { - splice(@segments, $i, 1); - --$i; - } else { - $s->{START} = $vm_end if $vm_end > $s->{START}; - $s->{END} = $vm_start if $vm_start <= $s->{END}; - } - } - push(@segments, {START => $vm_start, - END => $vm_end, - PGOFF => $vm_pgoff, - FILE => $file}); - @segments = sort { $a->{START} <=> $b->{START} } @segments; -} - -sub binary_search { - my ($array, $value) = @_; - my $l = 0; - my $r = $#{$array}; - while ($l <= $r) { - my $m = int(($l + $r) / 2); - my $e = $array->[$m]; - if ($value < $e->{START}) { - $r = $m - 1; - } elsif ($value >= $e->{END}) { - $l = $m + 1; - } else { - return $e; - } - } - return undef; -} - -sub read_sections { - my ($file) = @_; - my (@sections); - open(OBJDUMP, "$objdump -h $file|"); - while () { - my $ptr = "([0-9a-fA-F]+)"; - my ($name, $size, $vma, $lma, $file_off) - = /^\s*\d+\s+(\S+)\s+$ptr\s+$ptr\s+$ptr\s+$ptr/ - or next; - push(@sections, {START => hex($file_off), - END => hex($file_off) + hex($size), - NAME => $name}); - } - close(OBJDUMP); - return [sort { $a->{START} <=> $b->{START} } @sections ]; -} - -our %file_to_sections; -sub segment_to_section { - my ($file, $file_offset) = @_; - if (!defined($file_to_sections{$file})) { - $file_to_sections{$file} = read_sections($file); - } - return binary_search($file_to_sections{$file}, $file_offset); -} - -sub address_to_segment { - my ($pc) = @_; - return binary_search(\@segments, $pc); -} - -sub lookup_pc_by_segment { - return ('??', 0) if !defined($objdump); - - my ($pc) = @_; - my ($segment) = address_to_segment($pc); - return ('??', 0) if !defined($segment) || $segment->{FILE} eq ''; - - my ($file_offset) = $pc - $segment->{START} + $segment->{PGOFF}; - my ($section) = segment_to_section($segment->{FILE}, $file_offset); - return ('??', 0) if !defined($section); - - my ($section_offset) = $file_offset - $section->{START}; - open(A2L, sprintf("%s -fe %s --demangle --section=$section->{NAME} 0x%x|", - $a2l, $segment->{FILE}, $section_offset)); - chomp(my $function = ); - chomp(my $line = ); - close(A2L); - - return ($function, $line); -} - -# Local Variables: -# mode: perl -# End: diff --git a/utilities/ofp-pki-cgi.in b/utilities/ofp-pki-cgi.in deleted file mode 100755 index 837b3f92..00000000 --- a/utilities/ofp-pki-cgi.in +++ /dev/null @@ -1,41 +0,0 @@ -#! @PERL@ - -use CGI; -use Digest::SHA1; -use Fcntl; - -$CGI::POST_MAX = 65536; # Limit POSTs to 64 kB. - -use strict; -use warnings; - -my $pkidir = '@PKIDIR@'; -my $q = new CGI; - -die unless $q->request_method() eq 'POST'; - -my $type = $q->param('type'); -die unless defined $type; -die unless $type eq 'switch' or $type eq 'controller'; - -my $req = $q->param('req'); -die unless defined $req; -die unless $req =~ /^-----BEGIN CERTIFICATE REQUEST-----$/m; -die unless $req =~ /^-----END CERTIFICATE REQUEST-----$/m; - -my $digest = Digest::SHA1::sha1_hex($req); -my $incoming = "$pkidir/${type}ca/incoming"; -my $dst = "$incoming/$digest-req.pem"; - -sysopen(REQUEST, "$dst.tmp", O_RDWR | O_CREAT | O_EXCL, 0600) - or die "sysopen $dst.tmp: $!"; -print REQUEST $req; -close(REQUEST) or die "close $dst.tmp: $!"; - -rename("$dst.tmp", $dst) or die "rename $dst.tmp to $dst: $!"; - -print $q->header('text/html', '204 No response'); - -# Local Variables: -# mode: perl -# End: diff --git a/utilities/ofp-pki.8.in b/utilities/ofp-pki.8.in deleted file mode 100644 index 99572da3..00000000 --- a/utilities/ofp-pki.8.in +++ /dev/null @@ -1,325 +0,0 @@ -.TH ofp\-pki 8 "May 2008" "OpenFlow" "OpenFlow Manual" - -.SH NAME -ofp\-pki \- OpenFlow public key infrastructure management utility - -.SH SYNOPSIS -\fBofp\-pki\fR [\fIOPTIONS\fR] \fICOMMAND\fR [\fIARGS\fR] -.sp -Stand\-alone commands with their arguments: -.br -\fBofp\-pki\fR \fBinit\fR -.br -\fBofp\-pki\fR \fBreq\fR \fINAME\fR -.br -\fBofp\-pki\fR \fBsign\fR \fINAME\fR [\fITYPE\fR] -.br -\fBofp\-pki\fR \fBreq+sign\fR \fINAME\fR [\fITYPE\fR] -.br -\fBofp\-pki\fR \fBverify\fR \fINAME\fR [\fITYPE\fR] -.br -\fBofp\-pki\fR \fBfingerprint\fR \fIFILE\fR -.br -\fBofp\-pki\fR \self-sign\fR \fINAME\fR -.sp -The following additional commands manage an online PKI: -.br -\fBofp\-pki\fR \fBls\fR [\fIPREFIX\fR] [\fITYPE\fR] -.br -\fBofp\-pki\fR \fBflush\fR [\fITYPE\fR] -.br -\fBofp\-pki\fR \fBreject\fR \fIPREFIX\fR [\fITYPE\fR] -.br -\fBofp\-pki\fR \fBapprove\fR \fIPREFIX\fR [\fITYPE\fR] -.br -\fBofp\-pki\fR \fBprompt\fR [\fITYPE\fR] -.br -\fBofp\-pki\fR \fBexpire\fR [\fIAGE\fR] -.sp -Each \fITYPE\fR above is a certificate type, either \fBswitch\fR -(default) or \fBcontroller\fR. -.sp -The available options are: -.br -[\fB\-k\fR \fItype\fR | \fB\-\^\-key=\fItype\fR] -[\fB\-B\fR \fInbits\fR | \fB\-\^\-bits=\fInbits\fR] -[\fB\-D\fR \fIfile\fR | \fB\-\^\-dsaparam=\fIfile\fR] -[\fB\-b\fR | \fB\-\^\-batch\fR] -[\fB\-f\fR | \fB\-\^\-force\fR] -[\fB\-d\fR \fIdir\fR | \fB\-\^\-dir=\fR\fIdir\fR] -[\fB\-l\fR \fIfile\fR | \fB\-\^\-log=\fIfile\fR] -[\fB\-h\fR | \fB\-\^\-help\fR] -.br -Some options do not apply to every command. - -.SH DESCRIPTION -The \fBofp\-pki\fR program sets up and manages a public key -infrastructure for use with OpenFlow. It is intended to be a simple -interface for organizations that do not have an established public key -infrastructure. Other PKI tools can substitute for or supplement the -use of \fBofp\-pki\fR. - -\fBofp\-pki\fR uses \fBopenssl\fR(1) for certificate management and key -generation. - -.SH "OFFLINE COMMANDS" - -The following \fBofp\-pki\fR commands support manual PKI -administration: - -.TP -\fBinit\fR -Initializes a new PKI (by default in directory \fB@PKIDIR@\fR) and populates -it with a pair of certificate authorities for controllers and -switches. - -This command should ideally be run on a high\-security machine separate -from any OpenFlow controller or switch, called the CA machine. The -files \fBpki/controllerca/cacert.pem\fR and -\fBpki/switchca/cacert.pem\fR that it produces will need to be copied -over to the OpenFlow switches and controllers, respectively. Their -contents may safely be made public. - -By default, \fBofp\-pki\fR generates 2048\-bit RSA keys. The \fB\-B\fR -or \fB\-\^\-bits\fR option (see below) may be used to override the key -length. The \fB\-k dsa\fR or \fB\-\^\-key=dsa\fR option may be used to use -DSA in place of RSA. If DSA is selected, the \fBdsaparam.pem\fR file -generated in the new PKI hierarchy must be copied to any machine on -which the \fBreq\fR command (see below) will be executed. Its -contents may safely be made public. - -Other files generated by \fBinit\fR may remain on the CA machine. -The files \fBpki/controllerca/private/cakey.pem\fR and -\fBpki/switchca/private/cakey.pem\fR have particularly sensitive -contents that should not be exposed. - -.TP -\fBreq\fR \fINAME\fR -Generates a new private key named \fINAME\fR\fB\-privkey.pem\fR and -corresponding certificate request named \fINAME\fR\fB\-req.pem\fR. -The private key can be intended for use by a switch or a controller. - -This command should ideally be run on the switch or controller that -will use the private key to identify itself. The file -\fINAME\fR\fB\-req.pem\fR must be copied to the CA machine for signing -with the \fBsign\fR command (below). - -This command will output a fingerprint to stdout as its final step. -Write down the fingerprint and take it to the CA machine before -continuing with the \fBsign\fR step. - -When RSA keys are in use (as is the default), \fBreq\fR, unlike the -rest of \fBofp\-pki\fR's commands, does not need access to a PKI -hierarchy created by \fBofp\-pki init\fR. The \fB\-B\fR or -\fB\-\^\-bits\fR option (see below) may be used to specify the number of -bits in the generated RSA key. - -When DSA keys are used (as specified with \fB\-\^\-key=dsa\fR), \fBreq\fR -needs access to the \fBdsaparam.pem\fR file created as part of the PKI -hierarchy (but not to other files in that tree). By default, -\fBofp\-pki\fR looks for this file in \fB@PKIDIR@/dsaparam.pem\fR, but -the \fB\-D\fR or \fB\-\^\-dsaparam\fR option (see below) may be used to -specify an alternate location. - -\fINAME\fR\fB\-privkey.pem\fR has sensitive contents that should not be -exposed. \fINAME\fR\fB\-req.pem\fR may be safely made public. - -.TP -\fBsign\fR \fINAME\fR [\fITYPE\fR] -Signs the certificate request named \fINAME\fR\fB\-req.pem\fR that was -produced in the previous step, producing a certificate named -\fINAME\fR\fB\-cert.pem\fR. \fITYPE\fR, either \fBswitch\fR (default) or -\fBcontroller\fR, indicates the use for which the key is being -certified. - -This command must be run on the CA machine. - -The command will output a fingerprint to stdout and request that you -verify that it is the same fingerprint output by the \fBreq\fR -command. This ensures that the request being signed is the same one -produced by \fBreq\fR. (The \fB\-b\fR or \fB\-\^\-batch\fR option -suppresses the verification step.) - -The file \fINAME\fR\fB\-cert.pem\fR will need to be copied back to the -switch or controller for which it is intended. Its contents may -safely be made public. - -.TP -\fBreq+sign\fR \fINAME\fR [\fITYPE\fR] -Combines the \fBreq\fR and \fBsign\fR commands into a single step, -outputting all the files produced by each. The -\fINAME\fR\fB\-privkey.pem\fR and \fINAME\fR\fB\-cert.pem\fR files must -be copied securely to the switch or controller. -\fINAME\fR\fB\-privkey.pem\fR has sensitive contents and must not be -exposed in transit. Afterward, it should be deleted from the CA -machine. - -This combined method is, theoretically, less secure than the -individual steps performed separately on two different machines, -because there is additional potential for exposure of the private -key. However, it is also more convenient. - -.TP -\fBverify\fR \fINAME\fR [\fITYPE\fR] -Verifies that \fINAME\fR\fB\-cert.pem\fR is a valid certificate for the -given \fITYPE\fR of use, either \fBswitch\fR (default) or -\fBcontroller\fR. If the certificate is valid for this use, it prints -the message ``\fINAME\fR\fB\-cert.pem\fR: OK''; otherwise, it prints an -error message. - -.TP -\fBfingerprint\fR \fIFILE\fR -Prints the fingerprint for \fIFILE\fR. If \fIFILE\fR is a -certificate, then this is the SHA\-1 digest of the DER encoded version -of the certificate; otherwise, it is the SHA\-1 digest of the entire -file. - -.TP -\fBself-sign\fR \fINAME\fR -Signs the certificate request named \fINAME\fB\-req.pem\fR using the -private key \fINAME\fB-privkey.pem\fR, producing a self-signed -certificate named \fINAMEfB\-cert.pem\fR. The input files should have -been produced with \fBofp\-pki req\fR. - -Some controllers accept such self-signed certificates. - -.SH "ONLINE COMMANDS" - -An OpenFlow PKI can be administered online, in conjunction with -.BR ofp\-pki\-cgi (8) -and a web server such as Apache: - -.IP \(bu -The web server exports the contents of the PKI via HTTP. All files in -a PKI hierarchy files may be made public, except for the files -\fBpki/controllerca/private/cakey.pem\fR and -\fBpki/switchca/private/cakey.pem\fR, which must not be exposed. - -.IP \(bu -\fBofp\-pki\-cgi\fR allows newly generated certificate requests for -controllers and switches to be uploaded into the -\fBpki/controllerca/incoming\fR and \fBpki/switchca/incoming\fR -directories, respectively. Uploaded certificate requests are stored -in those directories under names of the form -\fIFINGERPRINT\fB\-req.pem\fR, which \fIFINGERPRINT\fR is the SHA\-1 -hash of the file. - -.IP \(bu -These \fBofp\-pki\fR commands allow incoming certificate requests to -be approved or rejected, in a form are suitable for use by humans or -other software. - -.PP -The following \fBofp\-pki\fR commands support online administration: - -.TP -\fBofp\-pki\fR \fBls\fR [\fIPREFIX\fR] [\fITYPE\fR] -Lists all of the incoming certificate requests of the given \fITYPE\fR -(either \fBswitch\fR, the default, or \fBcontroller\fR). If -\fIPREFIX\fR, which must be at least 4 characters long, is specified, -it causes the list to be limited to files whose names begin with -\fIPREFIX\fR. This is useful, for example, to avoid typing in an -entire fingerprint when checking that a specific certificate request -has been received. - -.TP -\fBofp\-pki\fR \fBflush\fR [\fITYPE\fR] -Deletes all certificate requests of the given \fITYPE\fR. - -.TP -\fBofp\-pki\fR \fBreject\fR \fIPREFIX\fR [\fITYPE\fR] -Rejects the certificate request whose name begins with \fIPREFIX\fR, -which must be at least 4 characters long, of the given type (either -\fBswitch\fR, the default, or \fBcontroller\fR). \fIPREFIX\fR must -match exactly one certificate request; its purpose is to allow the -user to type fewer characters, not to match multiple certificate -requests. - -.TP -\fBofp\-pki\fR \fBapprove\fR \fIPREFIX\fR [\fITYPE\fR] -Approves the certificate request whose name begins with \fIPREFIX\fR, -which must be at least 4 characters long, of the given \fITYPE\fR -(either \fBswitch\fR, the default, or \fBcontroller\fR). \fIPREFIX\fR -must match exactly one certificate request; its purpose is to allow -the user to type fewer characters, not to match multiple certificate -requests. - -The command will output a fingerprint to stdout and request that you -verify that it is correct. (The \fB\-b\fR or \fB\-\^\-batch\fR option -suppresses the verification step.) - -.TP -\fBofp\-pki\fR \fBprompt\fR [\fITYPE\fR] -Prompts the user for each incoming certificate request of the given -\fITYPE\fR (either \fBswitch\fR, the default, or \fBcontroller\fR). -Based on the certificate request's fingerprint, the user is given the -option of approving, rejecting, or skipping the certificate request. - -.TP -\fBofp\-pki\fR \fBexpire\fR [\fIAGE\fR] - -Rejects all the incoming certificate requests, of either type, that is -older than \fIAGE\fR, which must in one of the forms \fIN\fBs\fR, -\fIN\fBmin\fR, \fIN\fBh\fR, \fIN\fBday\fR. The default is \fB1day\fR. - -.SH OPTIONS -.TP -\fB\-k\fR \fItype\fR | \fB\-\^\-key=\fItype\fR -For the \fBinit\fR command, sets the public key algorithm to use for -the new PKI hierarchy. For the \fBreq\fR and \fBreq+sign\fR commands, -sets the public key algorithm to use for the key to be generated, -which must match the value specified on \fBinit\fR. With other -commands, the value has no effect. - -The \fItype\fR may be \fBrsa\fR (the default) or \fBdsa\fR. - -.TP -\fB\-B\fR \fInbits\fR | \fB\-\^\-bits=\fInbits\fR -Sets the number of bits in the key to be generated. When RSA keys are -in use, this option affects only the \fBinit\fR, \fBreq\fR, and -\fBreq+sign\fR commands, and the same value should be given each time. -With DSA keys are in use, this option affects only the \fBinit\fR -command. - -The value must be at least 1024. The default is 2048. - -.TP -\fB\-D\fR \fIfile\fR | \fB\-\^\-dsaparam=\fIfile\fR -Specifies an alternate location for the \fBdsaparam.pem\fR file -required by the \fBreq\fR and \fBreq+sign\fR commands. This option -affects only these commands, and only when DSA keys are used. - -The default is \fBdsaparam.pem\fR under the PKI hierarchy. - -.TP -\fB\-b\fR | \fB\-\^\-batch\fR -Suppresses the interactive verification of fingerprints that the -\fBsign\fR and \fBapprove\fR commands by default require. - -.TP -\fB\-d\fR \fIdir\fR | \fB\-\^\-dir=\fR\fIdir\fR -Specifies the location of the PKI hierarchy to be used or created by -the command (default: \fB@PKIDIR@\fR). All commands, except \fBreq\fR, -need access to a PKI hierarchy. - -.TP -\fB\-f\fR | \fB\-\^\-force\fR -By default, \fBofp\-pki\fR will not overwrite existing files or -directories. This option overrides this behavior. - -.TP -\fB\-l\fR \fIfile\fR | \fB\-\^\-log=\fIfile\fR -Sets the log file to \fIfile\fR. Default: -\fB@LOGDIR@/ofp\-pki.log\fR. - -.TP -\fB\-h\fR | \fB\-\^\-help\fR -Prints a help usage message and exits. - -.SH "SEE ALSO" - -.BR controller (8), -.BR dpctl (8), -.BR ofp\-pki\-cgi (8), -.BR secchan (8), -.BR udatapath (8) diff --git a/utilities/ofp-pki.in b/utilities/ofp-pki.in deleted file mode 100755 index 7d51469b..00000000 --- a/utilities/ofp-pki.in +++ /dev/null @@ -1,583 +0,0 @@ -#! /bin/sh - -set -e - -pkidir='@PKIDIR@' -command= -prev= -force=no -batch=no -log='@LOGDIR@/ofp-pki.log' -keytype=rsa -bits=2048 -for option; do - # This option-parsing mechanism borrowed from a Autoconf-generated - # configure script under the following license: - - # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001, - # 2002, 2003, 2004, 2005, 2006 Free Software Foundation, Inc. - # This configure script is free software; the Free Software Foundation - # gives unlimited permission to copy, distribute and modify it. - - # If the previous option needs an argument, assign it. - if test -n "$prev"; then - eval $prev=\$option - prev= - continue - fi - case $option in - *=*) optarg=`expr "X$option" : '[^=]*=\(.*\)'` ;; - *) optarg=yes ;; - esac - - case $dashdash$option in - --) - dashdash=yes ;; - -h|--help) - cat <&2 - exit 1 - ;; - *) - if test -z "$command"; then - command=$option - elif test -z "${arg1+set}"; then - arg1=$option - elif test -z "${arg2+set}"; then - arg2=$option - else - echo "$option: only two arguments may be specified" >&2 - exit 1 - fi - ;; - esac - shift -done -if test -n "$prev"; then - option=--`echo $prev | sed 's/_/-/g'` - { echo "$as_me: error: missing argument to $option" >&2 - { (exit 1); exit 1; }; } -fi -if test -z "$command"; then - echo "$0: missing command name; use --help for help" >&2 - exit 1 -fi -if test "$keytype" != rsa && test "$keytype" != dsa; then - echo "$0: argument to -k or --key must be rsa or dsa" - exit 1 -fi -if test "$bits" -lt 1024; then - echo "$0: argument to -B or --bits must be at least 1024" - exit 1 -fi -if test -z "$dsaparam"; then - dsaparam=$pkidir/dsaparam.pem -fi -case $log in - /*) ;; - *) $log="$PWD/$log" ;; -esac - -if test "$command" = "init"; then - if test -e "$pkidir" && test "$force" != "yes"; then - echo "$0: $pkidir already exists and --force not specified" >&2 - exit 1 - fi - - if test ! -d "$pkidir"; then - mkdir -p "$pkidir" - fi - cd "$pkidir" - exec 3>>$log - - if test $keytype = dsa && test ! -e dsaparam.pem; then - echo "Generating DSA parameters, please wait..." >&2 - openssl dsaparam -out dsaparam.pem $bits 1>&3 2>&3 - fi - - # Create the CAs. - for ca in controllerca switchca; do - echo "Creating $ca..." >&2 - oldpwd=$PWD - mkdir -p $ca - cd $ca - - mkdir -p certs crl newcerts - mkdir -p -m 0700 private - mkdir -p -m 0733 incoming - touch index.txt - test -e crlnumber || echo 01 > crlnumber - test -e serial || echo 01 > serial - - # Put DSA parameters in directory. - if test $keytype = dsa && test ! -e dsaparam.pem; then - cp ../dsaparam.pem . - fi - - # Write CA configuration file. - if test ! -e ca.cnf; then - sed "s/@ca@/$ca/g" > ca.cnf <<'EOF' -[ req ] -prompt = no -distinguished_name = req_distinguished_name - -[ req_distinguished_name ] -C = US -ST = CA -L = Palo Alto -O = OpenFlow -OU = @ca@ -CN = OpenFlow @ca@ CA Certificate - -[ ca ] -default_ca = the_ca - -[ the_ca ] -dir = . # top dir -database = $dir/index.txt # index file. -new_certs_dir = $dir/newcerts # new certs dir -certificate = $dir/cacert.pem # The CA cert -serial = $dir/serial # serial no file -private_key = $dir/private/cakey.pem# CA private key -RANDFILE = $dir/private/.rand # random number file -default_days = 365 # how long to certify for -default_crl_days= 30 # how long before next CRL -default_md = md5 # md to use -policy = policy # default policy -email_in_dn = no # Don't add the email into cert DN -name_opt = ca_default # Subject name display option -cert_opt = ca_default # Certificate display option -copy_extensions = none # Don't copy extensions from request - -# For the CA policy -[ policy ] -countryName = optional -stateOrProvinceName = optional -organizationName = match -organizationalUnitName = optional -commonName = supplied -emailAddress = optional -EOF - fi - - # Create certificate authority. - if test $keytype = dsa; then - newkey=dsa:dsaparam.pem - else - newkey=rsa:$bits - fi - openssl req -config ca.cnf -nodes \ - -newkey $newkey -keyout private/cakey.pem -out careq.pem \ - 1>&3 2>&3 - openssl ca -config ca.cnf -create_serial -out cacert.pem \ - -days 1095 -batch -keyfile private/cakey.pem -selfsign \ - -infiles careq.pem 1>&3 2>&3 - chmod 0700 private/cakey.pem - - cd "$oldpwd" - done - exit 0 -fi - -one_arg() { - if test -z "$arg1" || test -n "$arg2"; then - echo "$0: $command must have exactly one argument; use --help for help" >&2 - exit 1 - fi -} - -zero_or_one_args() { - if test -n "$arg2"; then - echo "$0: $command must have zero or one arguments; use --help for help" >&2 - exit 1 - fi -} - -one_or_two_args() { - if test -z "$arg1"; then - echo "$0: $command must have one or two arguments; use --help for help" >&2 - exit 1 - fi -} - -must_not_exist() { - if test -e "$1" && test "$force" != "yes"; then - echo "$0: $1 already exists and --force not supplied" >&2 - exit 1 - fi -} - -resolve_prefix() { - test -n "$type" || exit 123 # Forgot to call check_type? - - case $1 in - ????*) - ;; - *) - echo "Prefix $arg1 is too short (less than 4 hex digits)" - exit 0 - ;; - esac - - fingerprint=$(cd "$pkidir/${type}ca/incoming" && echo "$1"*-req.pem - | sed 's/-req\.pem$//') - case $fingerprint in - "${1}*") - echo "No certificate requests matching $1" - exit 1 - ;; - *" "*) - echo "$1 matches more than one certificate request:" - echo $fingerprint | sed 's/ /\ -/g' - exit 1 - ;; - *) - # Nothing to do. - ;; - esac - req="$pkidir/${type}ca/incoming/$fingerprint-req.pem" - cert="$pkidir/${type}ca/certs/$fingerprint-cert.pem" -} - -make_tmpdir() { - TMP=/tmp/ofp-pki.tmp$$ - rm -rf $TMP - trap "rm -rf $TMP" 0 - mkdir -m 0700 $TMP -} - -fingerprint() { - local file=$1 - local name=${1-$2} - local date=$(date -r $file) - local fingerprint - if grep -q -e '-BEGIN CERTIFICATE-' "$file"; then - fingerprint=$(openssl x509 -noout -in "$file" -fingerprint | - sed 's/SHA1 Fingerprint=//' | tr -d ':') - else - fingerprint=$(sha1sum "$file" | awk '{print $1}') - fi - printf "$name\\t$date\\n" - case $file in - $fingerprint*) - printf "\\t(correct fingerprint in filename)\\n" - ;; - *) - printf "\\tfingerprint $fingerprint\\n" - ;; - esac -} - -verify_fingerprint() { - fingerprint "$@" - if test $batch != yes; then - echo "Does fingerprint match? (yes/no)" - read answer - if test "$answer" != yes; then - echo "Match failure, aborting" >&2 - exit 1 - fi - fi -} - -check_type() { - if test x = x"$1"; then - type=switch - elif test "$1" = switch || test "$1" = controller; then - type=$1 - else - echo "$0: type argument must be 'switch' or 'controller'" >&2 - exit 1 - fi -} - -parse_age() { - number=$(echo $1 | sed 's/^\([0-9]\+\)\([[:alpha:]]\+\)/\1/') - unit=$(echo $1 | sed 's/^\([0-9]\+\)\([[:alpha:]]\+\)/\2/') - case $unit in - s) - factor=1 - ;; - min) - factor=60 - ;; - h) - factor=3600 - ;; - day) - factor=86400 - ;; - *) - echo "$1: age not in the form Ns, Nmin, Nh, Nday (e.g. 1day)" >&2 - exit 1 - ;; - esac - echo $(($number * $factor)) -} - -must_exist() { - if test ! -e "$1"; then - echo "$0: $1 does not exist" >&2 - exit 1 - fi -} - -pkidir_must_exist() { - if test ! -e "$pkidir"; then - echo "$0: $pkidir does not exist (need to run 'init' or use '--dir'?)" >&2 - exit 1 - elif test ! -d "$pkidir"; then - echo "$0: $pkidir is not a directory" >&2 - exit 1 - fi -} - -make_request() { - must_not_exist "$arg1-privkey.pem" - must_not_exist "$arg1-req.pem" - make_tmpdir - cat > "$TMP/req.cnf" <&3 2>&3 -} - -sign_request() { - must_exist "$1" - must_not_exist "$2" - pkidir_must_exist - - (cd "$pkidir/${type}ca" && - openssl ca -config ca.cnf -batch -in /dev/stdin) \ - < "$1" > "$2.tmp$$" 2>&3 - mv "$2.tmp$$" "$2" -} - -glob() { - local files=$(echo $1) - if test "$files" != "$1"; then - echo "$files" - fi -} - -exec 3>>$log || true -if test "$command" = req; then - one_arg - - make_request "$arg1" - fingerprint "$arg1-req.pem" -elif test "$command" = sign; then - one_or_two_args - check_type "$arg2" - verify_fingerprint "$arg1-req.pem" - - sign_request "$arg1-req.pem" "$arg2-cert.pem" -elif test "$command" = req+sign; then - one_or_two_args - check_type "$arg2" - - pkidir_must_exist - make_request "$arg1" - sign_request "$arg1-req.pem" "$arg1-cert.pem" - fingerprint "$arg1-req.pem" -elif test "$command" = verify; then - one_or_two_args - must_exist "$arg1-cert.pem" - check_type "$arg2" - - pkidir_must_exist - openssl verify -CAfile "$pkidir/${type}ca/cacert.pem" "$arg1-cert.pem" -elif test "$command" = fingerprint; then - one_arg - - fingerprint "$arg1" -elif test "$command" = self-sign; then - one_arg - must_exist "$arg1-req.pem" - must_exist "$arg1-privkey.pem" - must_not_exist "$arg1-cert.pem" - - openssl x509 -in "$arg1-req.pem" -out "$arg1-cert.pem" \ - -signkey "$arg1-privkey.pem" -req -text 2>&3 -elif test "$command" = ls; then - check_type "$arg2" - - cd "$pkidir/${type}ca/incoming" - for file in $(glob "$arg1*-req.pem"); do - fingerprint $file - done -elif test "$command" = flush; then - check_type "$arg1" - - rm -f "$pkidir/${type}ca/incoming/"* -elif test "$command" = reject; then - one_or_two_args - check_type "$arg2" - resolve_prefix "$arg1" - - rm -f "$req" -elif test "$command" = approve; then - one_or_two_args - check_type "$arg2" - resolve_prefix "$arg1" - - make_tmpdir - cp "$req" "$TMP/$req" - verify_fingerprint "$TMP/$req" - sign_request "$TMP/$req" - rm -f "$req" "$TMP/$req" -elif test "$command" = prompt; then - zero_or_one_args - check_type "$arg1" - - make_tmpdir - cd "$pkidir/${type}ca/incoming" - for req in $(glob "*-req.pem"); do - cp "$req" "$TMP/$req" - - cert=$(echo "$pkidir/${type}ca/certs/$req" | - sed 's/-req.pem/-cert.pem/') - if test -f $cert; then - echo "Request $req already approved--dropping duplicate request" - rm -f "$req" "$TMP/$req" - continue - fi - - echo - echo - fingerprint "$TMP/$req" "$req" - printf "Disposition for this request (skip/approve/reject)? " - read answer - case $answer in - approve) - echo "Approving $req" - sign_request "$TMP/$req" "$cert" - rm -f "$req" "$TMP/$req" - ;; - r*) - echo "Rejecting $req" - rm -f "$req" "$TMP/$req" - ;; - *) - echo "Skipping $req" - ;; - esac - done -elif test "$command" = expire; then - zero_or_one_args - cutoff=$(($(date +%s) - $(parse_age ${arg1-1day}))) - for type in switch controller; do - cd "$pkidir/${type}ca/incoming" || exit 1 - for file in $(glob "*"); do - time=$(date -r "$file" +%s) - if test "$time" -lt "$cutoff"; then - rm -f "$file" - fi - done - done -else - echo "$0: $command command unknown; use --help for help" >&2 - exit 1 -fi diff --git a/utilities/ovs-discover.8.in b/utilities/ovs-discover.8.in new file mode 100644 index 00000000..12a950e8 --- /dev/null +++ b/utilities/ovs-discover.8.in @@ -0,0 +1,118 @@ +.TH ovs\-discover 8 "May 2008" "OpenVSwitch" "OpenVSwitch Manual" +.ds PN ovs\-discover + +.SH NAME +ovs\-discover \- controller discovery utility + +.SH SYNOPSIS +.B ovs\-discover +[\fIoptions\fR] \fInetdev\fR [\fInetdev\fR...] + +.SH DESCRIPTION +The \fBovs\-discover\fR program attempts to discover the location of +an OpenFlow controller on one of the network devices listed on the +command line. It repeatedly broadcasts a DHCP request with vendor +class identifier \fBOpenFlow\fR on each network device until it +receives an acceptable DHCP response. It will accept any valid DHCP +reply that has the same vendor class identifier and includes a +vendor-specific option with code 1 whose contents are a string +specifying the location of the controller in the same format used on +the \fBsecchan\fR command line (e.g. \fBssl:192.168.0.1\fR). + +When \fBovs\-discover\fR receives an acceptable response, it prints +the details of the response on \fBstdout\fR. Then, by default, it +configures the network device on which the response was received with +the received IP address, netmask, and default gateway, and detaches +itself to the background. + +.SH OPTIONS +.TP +\fB--accept-vconn=\fIregex\fR +By default, \fBovs\-discover\fR accepts any controller location +advertised over DHCP. With this option, only controllers whose names +match POSIX extended regular expression \fIregex\fR will be accepted. +Specifying \fBssl:.*\fR for \fIregex\fR, for example, would cause only +SSL controller connections to be accepted. + +The \fIregex\fR is implicitly anchored at the beginning of the +controller location string, as if it begins with \fB^\fR. + +.TP +\fB--exit-without-bind\fR +By default, \fBovs\-discover\fR binds the network device that receives +the first acceptable response to the IP address received over DHCP. +With this option, the configuration of the network device is not +changed at all, except to bring it up if it is initially down, and +\fBovs\-discover\fR will exit immediately after it receives an +acceptable DHCP response. + +This option is mutually exclusive with \fB--exit-after-bind\fR and +\fB--no-detach\fR. + +.TP +\fB--exit-after-bind\fR +By default, after it receives an acceptable DHCP response, +\fBovs\-discover\fR detaches itself from the foreground session and +runs in the background maintaining the DHCP lease as necessary. With +this option, \fBovs\-discover\fR will exit immediately after it +receives an acceptable DHCP response and configures the network device +with the received IP address. The address obtained via DHCP could +therefore be used past the expiration of its lease. + +This option is mutually exclusive with \fB--exit-without-bind\fR and +\fB--no-detach\fR. + +.TP +\fB--no-detach\fR +By default, \fBovs\-discover\fR runs in the foreground until it obtains +an acceptable DHCP response, then it detaches itself from the +foreground session and run as a background process. This option +prevents \fBovs\-discover\fR from detaching, causing it to run in the +foreground even after it obtains a DHCP response. + +This option is mutually exclusive with \fB--exit-without-bind\fR and +\fB--exit-after-bind\fR. + +.TP +\fB-P\fR[\fIpidfile\fR], \fB--pidfile\fR[\fB=\fIpidfile\fR] +Causes a file (by default, \fBovs\-discover.pid\fR) to be created indicating +the PID of the running process. If \fIpidfile\fR is not specified, or +if it does not begin with \fB/\fR, then it is created in +\fB@RUNDIR@\fR. + +The \fIpidfile\fR is created when \fBovs\-discover\fR detaches, so +this this option has no effect when one of \fB--exit-without-bind\fR, +\fB--exit-after-bind\fR, or \fB--no-detach\fR is also given. + +.TP +\fB-f\fR, \fB--force\fR +By default, when \fB-P\fR or \fB--pidfile\fR is specified and the +specified pidfile already exists and is locked by a running process, +\fBcontroller\fR refuses to start. Specify \fB-f\fR or \fB--force\fR +to cause it to instead overwrite the pidfile. + +When \fB-P\fR or \fB--pidfile\fR is not specified, this option has no +effect. + +.so lib/vlog.man +.so lib/common.man + +.SH BUGS + +If the network devices specified on the command line have been added +to an OpenVSwitch datapath with \fBdpctl addif\fR, then controller +discovery will fail because \fBovs\-discover\fR will not be able to +see DHCP responses, even though tools such as \fBtcpdump\fR(8) and +\fBwireshark\fR(1) can see them on the wire. This is because of the +structure of the Linux kernel networking stack, which hands packets +first to programs that listen for all arriving packets, then to +OpenVSwitch, then to programs that listen for a specific kind of packet. +OpenVSwitch consumes all the packets handed to it, so tools like +\fBtcpdump\fR that look at all packets will see packets arriving on +OpenVSwitch interfaces, but \fRovs\-discover\fR, which listens only for +arriving IP packets, will not. + +.SH "SEE ALSO" + +.BR secchan (8), +.BR ovs-pki (8) diff --git a/utilities/ovs-discover.c b/utilities/ovs-discover.c new file mode 100644 index 00000000..82c8aae1 --- /dev/null +++ b/utilities/ovs-discover.c @@ -0,0 +1,423 @@ +/* Copyright (c) 2008, 2009 The Board of Trustees of The Leland Stanford + * Junior University + * + * We are making the OpenFlow specification and associated documentation + * (Software) available for public use and benefit with the expectation + * that others will use, modify and enhance the Software and contribute + * those enhancements back to the community. However, since we would + * like to make the Software available for broadest use, with as few + * restrictions as possible permission is hereby granted, free of + * charge, to any person obtaining a copy of this Software to deal in + * the Software under the copyrights without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS + * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN + * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + * + * The name and trademarks of copyright holder(s) may NOT be used in + * advertising or publicity pertaining to the Software or any + * derivatives without specific, written prior permission. + */ + +#include +#include +#include +#include +#include +#include +#include +#include "command-line.h" +#include "daemon.h" +#include "dhcp-client.h" +#include "dhcp.h" +#include "dirs.h" +#include "dynamic-string.h" +#include "fatal-signal.h" +#include "netdev.h" +#include "poll-loop.h" +#include "timeval.h" +#include "unixctl.h" +#include "util.h" + +#include "vlog.h" +#define THIS_MODULE VLM_ovs_discover + +struct iface { + const char *name; + struct dhclient *dhcp; +}; + +/* The interfaces that we serve. */ +static struct iface *ifaces; +static int n_ifaces; + +/* --accept-vconn: Regular expression specifying the class of controller vconns + * that we will accept during autodiscovery. */ +static const char *accept_controller_re = ".*"; +static regex_t accept_controller_regex; + +/* --exit-without-bind: Exit after discovering the controller, without binding + * the network device to an IP address? */ +static bool exit_without_bind; + +/* --exit-after-bind: Exit after discovering the controller, after binding the + * network device to an IP address? */ +static bool exit_after_bind; + +static bool iface_init(struct iface *, const char *netdev_name); +static void release_ifaces(void *aux UNUSED); + +static void parse_options(int argc, char *argv[]); +static void usage(void) NO_RETURN; + +static void modify_dhcp_request(struct dhcp_msg *, void *aux); +static bool validate_dhcp_offer(const struct dhcp_msg *, void *aux); + +int +main(int argc, char *argv[]) +{ + struct unixctl_server *unixctl; + int retval; + int i; + + set_program_name(argv[0]); + time_init(); + vlog_init(); + parse_options(argc, argv); + + argc -= optind; + argv += optind; + if (argc < 1) { + ovs_fatal(0, "need at least one non-option argument; " + "use --help for usage"); + } + + ifaces = xmalloc(argc * sizeof *ifaces); + n_ifaces = 0; + for (i = 0; i < argc; i++) { + if (iface_init(&ifaces[n_ifaces], argv[i])) { + n_ifaces++; + } + } + if (!n_ifaces) { + ovs_fatal(0, "failed to initialize any DHCP clients"); + } + + for (i = 0; i < n_ifaces; i++) { + struct iface *iface = &ifaces[i]; + dhclient_init(iface->dhcp, 0); + } + fatal_signal_add_hook(release_ifaces, NULL, true); + + retval = regcomp(&accept_controller_regex, accept_controller_re, + REG_NOSUB | REG_EXTENDED); + if (retval) { + size_t length = regerror(retval, &accept_controller_regex, NULL, 0); + char *buffer = xmalloc(length); + regerror(retval, &accept_controller_regex, buffer, length); + ovs_fatal(0, "%s: %s", accept_controller_re, buffer); + } + + retval = unixctl_server_create(NULL, &unixctl); + if (retval) { + ovs_fatal(retval, "Could not listen for unixctl connections"); + } + + die_if_already_running(); + + signal(SIGPIPE, SIG_IGN); + for (;;) { + fatal_signal_block(); + for (i = 0; i < n_ifaces; i++) { + struct iface *iface = &ifaces[i]; + dhclient_run(iface->dhcp); + if (dhclient_changed(iface->dhcp)) { + bool is_bound = dhclient_is_bound(iface->dhcp); + int j; + + /* Configure network device. */ + if (!exit_without_bind) { + dhclient_configure_netdev(iface->dhcp); + dhclient_update_resolv_conf(iface->dhcp); + } + + if (is_bound) { + static bool detached = false; + struct ds ds; + + /* Disable timeout, since discovery was successful. */ + time_alarm(0); + + /* Print discovered parameters. */ + ds_init(&ds); + dhcp_msg_to_string(dhclient_get_config(iface->dhcp), + true, &ds); + fputs(ds_cstr(&ds), stdout); + putchar('\n'); + fflush(stdout); + ds_destroy(&ds); + + /* Exit if the user requested it. */ + if (exit_without_bind) { + VLOG_DBG("exiting because of successful binding on %s " + "and --exit-without-bind specified", + iface->name); + exit(0); + } + if (exit_after_bind) { + VLOG_DBG("exiting because of successful binding on %s " + "and --exit-after-bind specified", + iface->name); + exit(0); + } + + /* Detach into background, if we haven't already. */ + if (!detached) { + detached = true; + daemonize(); + } + } + + /* We only want an address on a single one of our interfaces. + * So: if we have an address on this interface, stop looking + * for one on the others; if we don't have an address on this + * interface, start looking everywhere. */ + for (j = 0; j < n_ifaces; j++) { + struct iface *if2 = &ifaces[j]; + if (iface != if2) { + if (is_bound) { + dhclient_release(if2->dhcp); + } else { + dhclient_init(if2->dhcp, 0); + } + } + } + } + } + unixctl_server_run(unixctl); + for (i = 0; i < n_ifaces; i++) { + struct iface *iface = &ifaces[i]; + dhclient_wait(iface->dhcp); + } + unixctl_server_wait(unixctl); + fatal_signal_unblock(); + poll_block(); + } + + return 0; +} + +static bool +iface_init(struct iface *iface, const char *netdev_name) +{ + int retval; + + iface->name = netdev_name; + iface->dhcp = NULL; + + if (exit_after_bind) { + /* Bring this interface up permanently, so that the bound address + * persists past program termination. */ + struct netdev *netdev; + + retval = netdev_open(iface->name, NETDEV_ETH_TYPE_NONE, &netdev); + if (retval) { + ovs_error(retval, "Could not open %s device", iface->name); + return false; + } + retval = netdev_turn_flags_on(netdev, NETDEV_UP, true); + if (retval) { + ovs_error(retval, "Could not bring %s device up", iface->name); + return false; + } + netdev_close(netdev); + } + + retval = dhclient_create(iface->name, modify_dhcp_request, + validate_dhcp_offer, NULL, &iface->dhcp); + if (retval) { + ovs_error(retval, "%s: failed to initialize DHCP client", iface->name); + return false; + } + + return true; +} + +static void +release_ifaces(void *aux UNUSED) +{ + int i; + + for (i = 0; i < n_ifaces; i++) { + struct dhclient *dhcp = ifaces[i].dhcp; + dhclient_release(dhcp); + if (dhclient_changed(dhcp)) { + dhclient_configure_netdev(dhcp); + } + } +} + +static void +modify_dhcp_request(struct dhcp_msg *msg, void *aux UNUSED) +{ + dhcp_msg_put_string(msg, DHCP_CODE_VENDOR_CLASS, "OpenFlow"); +} + +static bool +validate_dhcp_offer(const struct dhcp_msg *msg, void *aux UNUSED) +{ + static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(60, 60); + char *vconn_name; + bool accept; + + vconn_name = dhcp_msg_get_string(msg, DHCP_CODE_OFP_CONTROLLER_VCONN); + if (!vconn_name) { + VLOG_WARN_RL(&rl, "rejecting DHCP offer missing controller vconn"); + return false; + } + accept = !regexec(&accept_controller_regex, vconn_name, 0, NULL, 0); + free(vconn_name); + return accept; +} + +static void +parse_options(int argc, char *argv[]) +{ + enum { + OPT_ACCEPT_VCONN = UCHAR_MAX + 1, + OPT_EXIT_WITHOUT_BIND, + OPT_EXIT_AFTER_BIND, + OPT_NO_DETACH, + }; + static struct option long_options[] = { + {"accept-vconn", required_argument, 0, OPT_ACCEPT_VCONN}, + {"exit-without-bind", no_argument, 0, OPT_EXIT_WITHOUT_BIND}, + {"exit-after-bind", no_argument, 0, OPT_EXIT_AFTER_BIND}, + {"no-detach", no_argument, 0, OPT_NO_DETACH}, + {"timeout", required_argument, 0, 't'}, + {"pidfile", optional_argument, 0, 'P'}, + {"force", no_argument, 0, 'f'}, + {"verbose", optional_argument, 0, 'v'}, + {"help", no_argument, 0, 'h'}, + {"version", no_argument, 0, 'V'}, + {0, 0, 0, 0}, + }; + char *short_options = long_options_to_short_options(long_options); + bool detach_after_bind = true; + + for (;;) { + unsigned long int timeout; + int c; + + c = getopt_long(argc, argv, short_options, long_options, NULL); + if (c == -1) { + break; + } + + switch (c) { + case OPT_ACCEPT_VCONN: + accept_controller_re = (optarg[0] == '^' + ? optarg + : xasprintf("^%s", optarg)); + break; + + case OPT_EXIT_WITHOUT_BIND: + exit_without_bind = true; + break; + + case OPT_EXIT_AFTER_BIND: + exit_after_bind = true; + break; + + case OPT_NO_DETACH: + detach_after_bind = false; + break; + + case 'P': + set_pidfile(optarg); + break; + + case 'f': + ignore_existing_pidfile(); + break; + + case 't': + timeout = strtoul(optarg, NULL, 10); + if (timeout <= 0) { + ovs_fatal(0, "value %s on -t or --timeout is not at least 1", + optarg); + } else { + time_alarm(timeout); + } + signal(SIGALRM, SIG_DFL); + break; + + case 'h': + usage(); + + case 'V': + printf("%s %s compiled "__DATE__" "__TIME__"\n", + program_name, VERSION BUILDNR); + exit(EXIT_SUCCESS); + + case 'v': + vlog_set_verbosity(optarg); + break; + + case '?': + exit(EXIT_FAILURE); + + default: + abort(); + } + } + free(short_options); + + if ((exit_without_bind + exit_after_bind + !detach_after_bind) > 1) { + ovs_fatal(0, "--exit-without-bind, --exit-after-bind, and --no-detach " + "are mutually exclusive"); + } + if (detach_after_bind) { + set_detach(); + } +} + +static void +usage(void) +{ + printf("%s: a tool for discovering OpenFlow controllers.\n" + "usage: %s [OPTIONS] NETDEV [NETDEV...]\n" + "where each NETDEV is a network device on which to perform\n" + "controller discovery.\n" + "\nOrdinarily, ovs-discover runs in the foreground until it\n" + "obtains an IP address and discovers an OpenFlow controller via\n" + "DHCP, then it prints information about the controller to stdout\n" + "and detaches to the background to maintain the IP address lease.\n" + "\nNetworking options:\n" + " --accept-vconn=REGEX accept matching discovered controllers\n" + " --exit-without-bind exit after discovery, without binding\n" + " --exit-after-bind exit after discovery, after binding\n" + " --no-detach do not detach after discovery\n", + program_name, program_name); + vlog_usage(); + printf("\nOther options:\n" + " -t, --timeout=SECS give up discovery after SECS seconds\n" + " -P, --pidfile[=FILE] create pidfile (default: %s/%s.pid)\n" + " -f, --force with -P, start even if already running\n" + " -h, --help display this help message\n" + " -V, --version display version information\n", + ovs_rundir, program_name); + exit(EXIT_SUCCESS); +} diff --git a/utilities/ovs-kill.8.in b/utilities/ovs-kill.8.in new file mode 100644 index 00000000..447c676c --- /dev/null +++ b/utilities/ovs-kill.8.in @@ -0,0 +1,60 @@ +.TH ovs\-kill 8 "May 2008" "OpenVSwitch" "OpenVSwitch Manual" +.ds PN ovs\-kill + +.SH NAME +ovs\-kill \- kills processes given their pidfiles + +.SH SYNOPSIS +.B ovs\-kill +[\fIoptions\fR] \fIpidfile\fR [\fIpidfile\fR...] + +.SH DESCRIPTION +The \fBovs\-kill\fR program reads each \fIpidfile\fR specified on the +command line and sends a signal to the program associated with it, if +any. It reads one line of text from \fIpidfile\fR, which must contain +the PID of the process to kill as a text string. It then uses +\fBfcntl\fR(2) to verify that a process with the PID from the file +owns a lock on \fIpidfile\fR before it sends the signal. + +A \fIpidfile\fR whose name begins with \fB/\fR is used literally. +Otherwise, \fB@RUNDIR@/\fR is prefixed. + +This program exists for use by \fBovs\-switch\-setup\fR, which cannot +easily implement its functionality since Perl has no portable +interface to \fBfcntl\fR-based file locking. + +.SH OPTIONS +.TP +\fB-s \fInumber\fR|\fIname\fR, \fB\-\^\-signal=\fInumber\fR|\fIname\fR +Sets the signal to be sent to each process. Signals may be given by +number (e.g. \fB1\fR) or by name (e.g. \fBHUP\fR or \fBSIGHUP\fR). +By default, \fBSIGTERM\fR is sent. + +.TP +\fB-f\fR, \fB\-\^\-force\fR +Causes \fBovs\-kill\fR to ignore all errors without printing a message +to \fBstderr\fR, and to exit with return code 0. + +.so lib/common.man + +.SH "EXIT CODE" + +Without \fB-f\fR or \fB\-\^\-force\fR, \fBovs\-kill\fR exits with +status 0 if at least one \fIpidfile\fR was given and the process +represented by every \fIpidfile\fR was signaled successfully, +otherwise with status 1. + +With \fB-f\fR or \fB\-\^\-force\fR, \fBovs\-kill\fR always exits with +status 0. + +.SH BUGS + +There is a race between verifying the lock on \fIpidfile\fR and +actually killing the process. + +\fBovs\-kill\fR does not wait for the signaled processes to die before +exiting. + +.SH "SEE ALSO" + +.BR ovs\-switch\-setup (8) diff --git a/utilities/ovs-kill.c b/utilities/ovs-kill.c new file mode 100644 index 00000000..153e431d --- /dev/null +++ b/utilities/ovs-kill.c @@ -0,0 +1,228 @@ +/* Copyright (c) 2008, 2009 The Board of Trustees of The Leland Stanford + * Junior University + * + * We are making the OpenFlow specification and associated documentation + * (Software) available for public use and benefit with the expectation + * that others will use, modify and enhance the Software and contribute + * those enhancements back to the community. However, since we would + * like to make the Software available for broadest use, with as few + * restrictions as possible permission is hereby granted, free of + * charge, to any person obtaining a copy of this Software to deal in + * the Software under the copyrights without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS + * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN + * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + * + * The name and trademarks of copyright holder(s) may NOT be used in + * advertising or publicity pertaining to the Software or any + * derivatives without specific, written prior permission. + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include "command-line.h" +#include "daemon.h" +#include "timeval.h" +#include "util.h" +#include "vlog.h" + +/* -s, --signal: signal to send. */ +static int sig_nr = SIGTERM; + +/* -f, --force: ignore errors. */ +static bool force; + +static void cond_error(int err_no, const char *, ...) PRINTF_FORMAT(2, 3); + +static void parse_options(int argc, char *argv[]); +static void usage(void); + +int +main(int argc, char *argv[]) +{ + bool ok = true; + int i; + + set_program_name(argv[0]); + time_init(); + vlog_init(); + parse_options(argc, argv); + + argc -= optind; + argv += optind; + if (argc < 1) { + if (!force) { + ovs_fatal(0, "need at least one non-option argument; " + "use --help for usage"); + } + } + + for (i = 0; i < argc; i++) { + char *pidfile; + pid_t pid; + + pidfile = make_pidfile_name(argv[i]); + pid = read_pidfile(pidfile); + if (pid >= 0) { + if (kill(pid, sig_nr) < 0) { + cond_error(errno, "%s: kill(%ld)", pidfile, (long int) pid); + } + } else { + cond_error(-pid, "could not read %s", pidfile); + } + free(pidfile); + } + + return ok || force ? EXIT_SUCCESS : EXIT_FAILURE; +} + +static void +parse_options(int argc, char *argv[]) +{ + static struct option long_options[] = { + {"signal", required_argument, 0, 's'}, + {"force", no_argument, 0, 'f'}, + {"help", no_argument, 0, 'h'}, + {"version", no_argument, 0, 'V'}, + {0, 0, 0, 0}, + }; + char *short_options = long_options_to_short_options(long_options); + + for (;;) { + int c; + + c = getopt_long(argc, argv, short_options, long_options, NULL); + if (c == -1) { + break; + } + + switch (c) { + case 's': + if (atoi(optarg) || !strcmp(optarg, "0")) { + sig_nr = atoi(optarg); + } else { + struct signal_name { + const char *name; + int number; + }; + + static const struct signal_name signals[] = { +#define SIGNAL(NAME) { #NAME, NAME } + SIGNAL(SIGABRT), + SIGNAL(SIGALRM), + SIGNAL(SIGBUS), + SIGNAL(SIGCHLD), + SIGNAL(SIGCONT), + SIGNAL(SIGFPE), + SIGNAL(SIGHUP), + SIGNAL(SIGILL), + SIGNAL(SIGINT), + SIGNAL(SIGKILL), + SIGNAL(SIGPIPE), + SIGNAL(SIGQUIT), + SIGNAL(SIGSEGV), + SIGNAL(SIGSTOP), + SIGNAL(SIGTERM), + SIGNAL(SIGTSTP), + SIGNAL(SIGTTIN), + SIGNAL(SIGTTOU), + SIGNAL(SIGUSR1), + SIGNAL(SIGUSR2), +#ifdef SIGPOLL + SIGNAL(SIGPOLL), +#endif + SIGNAL(SIGPROF), + SIGNAL(SIGSYS), + SIGNAL(SIGTRAP), + SIGNAL(SIGURG), + SIGNAL(SIGVTALRM), + SIGNAL(SIGXCPU), + SIGNAL(SIGXFSZ), +#undef SIGNAL + }; + int i; + + for (i = 0; i < ARRAY_SIZE(signals); i++) { + const struct signal_name *s = &signals[i]; + if (!strcmp(optarg, s->name) + || !strcmp(optarg, s->name + 3)) { + sig_nr = s->number; + goto got_name; + } + } + ovs_fatal(0, "unknown signal \"%s\"", optarg); + got_name: ; + } + break; + + case 'f': + force = true; + break; + + case 'h': + usage(); + + case 'V': + printf("%s %s compiled "__DATE__" "__TIME__"\n", + program_name, VERSION BUILDNR); + exit(EXIT_SUCCESS); + + case '?': + exit(EXIT_FAILURE); + + default: + abort(); + } + } + free(short_options); +} + +static void +usage(void) +{ + printf("%s: kills a program using a pidfile\n" + "usage: %s [OPTIONS] PIDFILE [PIDFILE...]\n" + "where PIDFILE is a pidfile created by an OpenVSwitch daemon.\n" + "\nOptions:\n" + " -s, --signal=NUMBER|NAME signal to send (default: TERM)\n" + " -f, --force ignore errors\n" + " -h, --help display this help message\n" + " -V, --version display version information\n", + program_name, program_name); + exit(EXIT_SUCCESS); +} + +static void +cond_error(int err_no, const char *format, ...) +{ + if (!force) { + va_list args; + + fprintf(stderr, "%s: ", program_name); + va_start(args, format); + vfprintf(stderr, format, args); + va_end(args); + if (err_no != 0) + fprintf(stderr, " (%s)", strerror(err_no)); + putc('\n', stderr); + } +} diff --git a/utilities/ovs-parse-leaks.in b/utilities/ovs-parse-leaks.in new file mode 100755 index 00000000..31f7eaa8 --- /dev/null +++ b/utilities/ovs-parse-leaks.in @@ -0,0 +1,285 @@ +#! @PERL@ + +use strict; +use warnings; + +if (grep($_ eq '--help', @ARGV)) { + print < 1; +die "$0: $ARGV[0] does not exist" if @ARGV > 0 && ! -e $ARGV[0]; + +our ($binary); +our ($a2l) = search_path("addr2line"); +my ($no_syms) = "symbols will not be translated"; +if (!@ARGV) { + print "no binary specified; $no_syms\n"; +} elsif (! -e $ARGV[0]) { + print "$ARGV[0] does not exist; $no_syms"; +} elsif (!defined($a2l)) { + print "addr2line not found in PATH; $no_syms"; +} else { + $binary = $ARGV[0]; +} + +our ($objdump) = search_path("objdump"); +print "objdump not found; dynamic library symbols will not be translated\n" + if !defined($objdump); + +our %blocks; +our @segments; +while () { + my $ptr = "((?:0x)?[0-9a-fA-F]+|\\(nil\\))"; + my $callers = ":((?: $ptr)+)"; + if (/^malloc\((\d+)\) -> $ptr$callers$/) { + allocated($., $2, $1, $3); + } elsif (/^claim\($ptr\)$callers$/) { + claimed($., $1, $2); + } elsif (/realloc\($ptr, (\d+)\) -> $ptr$callers$/) { + my ($callers) = $4; + freed($., $1, $callers); + allocated($., $3, $2, $callers); + } elsif (/^free\($ptr\)$callers$/) { + freed($., $1, $2); + } elsif (/^segment: $ptr-$ptr $ptr [-r][-w][-x][sp] (.*)/) { + add_segment(hex($1), hex($2), hex($3), $4); + } else { + print "stdin:$.: syntax error\n"; + } +} +if (%blocks) { + my $n_blocks = scalar(keys(%blocks)); + my $n_bytes = 0; + $n_bytes += $_->{SIZE} foreach values(%blocks); + print "$n_bytes bytes in $n_blocks blocks not freed at end of run\n"; + my %blocks_by_callers; + foreach my $block (values(%blocks)) { + my ($trimmed_callers) = trim_callers($block->{CALLERS}); + push (@{$blocks_by_callers{$trimmed_callers}}, $block); + } + foreach my $callers (sort {@{$b} <=> @{$a}} (values(%blocks_by_callers))) { + $n_blocks = scalar(@{$callers}); + $n_bytes = 0; + $n_bytes += $_->{SIZE} foreach @{$callers}; + print "$n_bytes bytes in these $n_blocks blocks were not freed:\n"; + my $i = 0; + my $max = 5; + foreach my $block (sort {$a->{LINE} <=> $b->{LINE}} (@{$callers})) { + printf "\t%d-byte block at 0x%08x allocated on stdin:%d\n", + $block->{SIZE}, $block->{BASE}, $block->{LINE}; + last if $i++ > $max; + } + print "\t...and ", $n_blocks - $max, " others...\n" + if $n_blocks > $max; + print "The blocks listed above were allocated by:\n"; + print_callers("\t", ${$callers}[0]->{CALLERS}); + } +} +sub interp_pointer { + my ($s_ptr) = @_; + return $s_ptr eq '(nil)' ? 0 : hex($s_ptr); +} + +sub allocated { + my ($line, $s_base, $size, $callers) = @_; + my ($base) = interp_pointer($s_base); + return if !$base; + my ($info) = {LINE => $line, + BASE => $base, + SIZE => $size, + CALLERS => $callers}; + if (exists($blocks{$base})) { + print "In-use address returned by allocator:\n"; + print "\tInitial allocation:\n"; + print_block("\t\t", $blocks{$base}); + print "\tNew allocation:\n"; + print_block("\t\t", $info); + } + $blocks{$base} = $info; +} + +sub claimed { + my ($line, $s_base, $callers) = @_; + my ($base) = interp_pointer($s_base); + return if !$base; + if (exists($blocks{$base})) { + $blocks{$base}{LINE} = $line; + $blocks{$base}{CALLERS} = $callers; + } else { + printf "Claim asserted on not-in-use block 0x%08x by:\n", $base; + print_callers('', $callers); + } +} + +sub freed { + my ($line, $s_base, $callers) = @_; + my ($base) = interp_pointer($s_base); + return if !$base; + + if (!delete($blocks{$base})) { + printf "Bad free of not-allocated address 0x%08x on stdin:%d by:\n", $base, $line; + print_callers('', $callers); + } +} + +sub print_block { + my ($prefix, $info) = @_; + printf '%s%d-byte block at 0x%08x allocated on stdin:%d by:' . "\n", + $prefix, $info->{SIZE}, $info->{BASE}, $info->{LINE}; + print_callers($prefix, $info->{CALLERS}); +} + +sub print_callers { + my ($prefix, $callers) = @_; + foreach my $pc (split(' ', $callers)) { + print "$prefix\t", lookup_pc($pc), "\n"; + } +} + +our (%cache); +sub lookup_pc { + my ($s_pc) = @_; + if (defined($binary)) { + my ($pc) = hex($s_pc); + my ($output) = "$s_pc: "; + if (!exists($cache{$pc})) { + open(A2L, "$a2l -fe $binary --demangle $s_pc|"); + chomp(my $function = ); + chomp(my $line = ); + close(A2L); + if ($function eq '??') { + ($function, $line) = lookup_pc_by_segment($pc); + } + $line =~ s/^(\.\.\/)*//; + $line = "..." . substr($line, -25) if length($line) > 28; + $cache{$pc} = "$s_pc: $function ($line)"; + } + return $cache{$pc}; + } else { + return "$s_pc"; + } +} + +sub trim_callers { + my ($in) = @_; + my (@out); + foreach my $pc (split(' ', $in)) { + my $xlated = lookup_pc($pc); + if ($xlated =~ /\?\?/) { + push(@out, "...") if !@out || $out[$#out] ne '...'; + } else { + push(@out, $pc); + } + } + return join(' ', @out); +} + +sub search_path { + my ($target) = @_; + for my $dir (split (':', $ENV{PATH})) { + my ($file) = "$dir/$target"; + return $file if -e $file; + } + return undef; +} + +sub add_segment { + my ($vm_start, $vm_end, $vm_pgoff, $file) = @_; + for (my $i = 0; $i <= $#segments; $i++) { + my ($s) = $segments[$i]; + next if $vm_end <= $s->{START} || $vm_start >= $s->{END}; + if ($vm_start <= $s->{START} && $vm_end >= $s->{END}) { + splice(@segments, $i, 1); + --$i; + } else { + $s->{START} = $vm_end if $vm_end > $s->{START}; + $s->{END} = $vm_start if $vm_start <= $s->{END}; + } + } + push(@segments, {START => $vm_start, + END => $vm_end, + PGOFF => $vm_pgoff, + FILE => $file}); + @segments = sort { $a->{START} <=> $b->{START} } @segments; +} + +sub binary_search { + my ($array, $value) = @_; + my $l = 0; + my $r = $#{$array}; + while ($l <= $r) { + my $m = int(($l + $r) / 2); + my $e = $array->[$m]; + if ($value < $e->{START}) { + $r = $m - 1; + } elsif ($value >= $e->{END}) { + $l = $m + 1; + } else { + return $e; + } + } + return undef; +} + +sub read_sections { + my ($file) = @_; + my (@sections); + open(OBJDUMP, "$objdump -h $file|"); + while () { + my $ptr = "([0-9a-fA-F]+)"; + my ($name, $size, $vma, $lma, $file_off) + = /^\s*\d+\s+(\S+)\s+$ptr\s+$ptr\s+$ptr\s+$ptr/ + or next; + push(@sections, {START => hex($file_off), + END => hex($file_off) + hex($size), + NAME => $name}); + } + close(OBJDUMP); + return [sort { $a->{START} <=> $b->{START} } @sections ]; +} + +our %file_to_sections; +sub segment_to_section { + my ($file, $file_offset) = @_; + if (!defined($file_to_sections{$file})) { + $file_to_sections{$file} = read_sections($file); + } + return binary_search($file_to_sections{$file}, $file_offset); +} + +sub address_to_segment { + my ($pc) = @_; + return binary_search(\@segments, $pc); +} + +sub lookup_pc_by_segment { + return ('??', 0) if !defined($objdump); + + my ($pc) = @_; + my ($segment) = address_to_segment($pc); + return ('??', 0) if !defined($segment) || $segment->{FILE} eq ''; + + my ($file_offset) = $pc - $segment->{START} + $segment->{PGOFF}; + my ($section) = segment_to_section($segment->{FILE}, $file_offset); + return ('??', 0) if !defined($section); + + my ($section_offset) = $file_offset - $section->{START}; + open(A2L, sprintf("%s -fe %s --demangle --section=$section->{NAME} 0x%x|", + $a2l, $segment->{FILE}, $section_offset)); + chomp(my $function = ); + chomp(my $line = ); + close(A2L); + + return ($function, $line); +} + +# Local Variables: +# mode: perl +# End: diff --git a/utilities/ovs-pki-cgi.in b/utilities/ovs-pki-cgi.in new file mode 100755 index 00000000..837b3f92 --- /dev/null +++ b/utilities/ovs-pki-cgi.in @@ -0,0 +1,41 @@ +#! @PERL@ + +use CGI; +use Digest::SHA1; +use Fcntl; + +$CGI::POST_MAX = 65536; # Limit POSTs to 64 kB. + +use strict; +use warnings; + +my $pkidir = '@PKIDIR@'; +my $q = new CGI; + +die unless $q->request_method() eq 'POST'; + +my $type = $q->param('type'); +die unless defined $type; +die unless $type eq 'switch' or $type eq 'controller'; + +my $req = $q->param('req'); +die unless defined $req; +die unless $req =~ /^-----BEGIN CERTIFICATE REQUEST-----$/m; +die unless $req =~ /^-----END CERTIFICATE REQUEST-----$/m; + +my $digest = Digest::SHA1::sha1_hex($req); +my $incoming = "$pkidir/${type}ca/incoming"; +my $dst = "$incoming/$digest-req.pem"; + +sysopen(REQUEST, "$dst.tmp", O_RDWR | O_CREAT | O_EXCL, 0600) + or die "sysopen $dst.tmp: $!"; +print REQUEST $req; +close(REQUEST) or die "close $dst.tmp: $!"; + +rename("$dst.tmp", $dst) or die "rename $dst.tmp to $dst: $!"; + +print $q->header('text/html', '204 No response'); + +# Local Variables: +# mode: perl +# End: diff --git a/utilities/ovs-pki.8.in b/utilities/ovs-pki.8.in new file mode 100644 index 00000000..d088c9a7 --- /dev/null +++ b/utilities/ovs-pki.8.in @@ -0,0 +1,325 @@ +.TH ovs\-pki 8 "May 2008" "OpenVSwitch" "OpenVSwitch Manual" + +.SH NAME +ovs\-pki \- OpenFlow public key infrastructure management utility + +.SH SYNOPSIS +\fBovs\-pki\fR [\fIOPTIONS\fR] \fICOMMAND\fR [\fIARGS\fR] +.sp +Stand\-alone commands with their arguments: +.br +\fBovs\-pki\fR \fBinit\fR +.br +\fBovs\-pki\fR \fBreq\fR \fINAME\fR +.br +\fBovs\-pki\fR \fBsign\fR \fINAME\fR [\fITYPE\fR] +.br +\fBovs\-pki\fR \fBreq+sign\fR \fINAME\fR [\fITYPE\fR] +.br +\fBovs\-pki\fR \fBverify\fR \fINAME\fR [\fITYPE\fR] +.br +\fBovs\-pki\fR \fBfingerprint\fR \fIFILE\fR +.br +\fBovs\-pki\fR \self-sign\fR \fINAME\fR +.sp +The following additional commands manage an online PKI: +.br +\fBovs\-pki\fR \fBls\fR [\fIPREFIX\fR] [\fITYPE\fR] +.br +\fBovs\-pki\fR \fBflush\fR [\fITYPE\fR] +.br +\fBovs\-pki\fR \fBreject\fR \fIPREFIX\fR [\fITYPE\fR] +.br +\fBovs\-pki\fR \fBapprove\fR \fIPREFIX\fR [\fITYPE\fR] +.br +\fBovs\-pki\fR \fBprompt\fR [\fITYPE\fR] +.br +\fBovs\-pki\fR \fBexpire\fR [\fIAGE\fR] +.sp +Each \fITYPE\fR above is a certificate type, either \fBswitch\fR +(default) or \fBcontroller\fR. +.sp +The available options are: +.br +[\fB\-k\fR \fItype\fR | \fB\-\^\-key=\fItype\fR] +[\fB\-B\fR \fInbits\fR | \fB\-\^\-bits=\fInbits\fR] +[\fB\-D\fR \fIfile\fR | \fB\-\^\-dsaparam=\fIfile\fR] +[\fB\-b\fR | \fB\-\^\-batch\fR] +[\fB\-f\fR | \fB\-\^\-force\fR] +[\fB\-d\fR \fIdir\fR | \fB\-\^\-dir=\fR\fIdir\fR] +[\fB\-l\fR \fIfile\fR | \fB\-\^\-log=\fIfile\fR] +[\fB\-h\fR | \fB\-\^\-help\fR] +.br +Some options do not apply to every command. + +.SH DESCRIPTION +The \fBovs\-pki\fR program sets up and manages a public key +infrastructure for use with OpenFlow. It is intended to be a simple +interface for organizations that do not have an established public key +infrastructure. Other PKI tools can substitute for or supplement the +use of \fBovs\-pki\fR. + +\fBovs\-pki\fR uses \fBopenssl\fR(1) for certificate management and key +generation. + +.SH "OFFLINE COMMANDS" + +The following \fBovs\-pki\fR commands support manual PKI +administration: + +.TP +\fBinit\fR +Initializes a new PKI (by default in directory \fB@PKIDIR@\fR) and populates +it with a pair of certificate authorities for controllers and +switches. + +This command should ideally be run on a high\-security machine separate +from any OpenFlow controller or switch, called the CA machine. The +files \fBpki/controllerca/cacert.pem\fR and +\fBpki/switchca/cacert.pem\fR that it produces will need to be copied +over to the OpenFlow switches and controllers, respectively. Their +contents may safely be made public. + +By default, \fBovs\-pki\fR generates 2048\-bit RSA keys. The \fB\-B\fR +or \fB\-\^\-bits\fR option (see below) may be used to override the key +length. The \fB\-k dsa\fR or \fB\-\^\-key=dsa\fR option may be used to use +DSA in place of RSA. If DSA is selected, the \fBdsaparam.pem\fR file +generated in the new PKI hierarchy must be copied to any machine on +which the \fBreq\fR command (see below) will be executed. Its +contents may safely be made public. + +Other files generated by \fBinit\fR may remain on the CA machine. +The files \fBpki/controllerca/private/cakey.pem\fR and +\fBpki/switchca/private/cakey.pem\fR have particularly sensitive +contents that should not be exposed. + +.TP +\fBreq\fR \fINAME\fR +Generates a new private key named \fINAME\fR\fB\-privkey.pem\fR and +corresponding certificate request named \fINAME\fR\fB\-req.pem\fR. +The private key can be intended for use by a switch or a controller. + +This command should ideally be run on the switch or controller that +will use the private key to identify itself. The file +\fINAME\fR\fB\-req.pem\fR must be copied to the CA machine for signing +with the \fBsign\fR command (below). + +This command will output a fingerprint to stdout as its final step. +Write down the fingerprint and take it to the CA machine before +continuing with the \fBsign\fR step. + +When RSA keys are in use (as is the default), \fBreq\fR, unlike the +rest of \fBovs\-pki\fR's commands, does not need access to a PKI +hierarchy created by \fBovs\-pki init\fR. The \fB\-B\fR or +\fB\-\^\-bits\fR option (see below) may be used to specify the number of +bits in the generated RSA key. + +When DSA keys are used (as specified with \fB\-\^\-key=dsa\fR), \fBreq\fR +needs access to the \fBdsaparam.pem\fR file created as part of the PKI +hierarchy (but not to other files in that tree). By default, +\fBovs\-pki\fR looks for this file in \fB@PKIDIR@/dsaparam.pem\fR, but +the \fB\-D\fR or \fB\-\^\-dsaparam\fR option (see below) may be used to +specify an alternate location. + +\fINAME\fR\fB\-privkey.pem\fR has sensitive contents that should not be +exposed. \fINAME\fR\fB\-req.pem\fR may be safely made public. + +.TP +\fBsign\fR \fINAME\fR [\fITYPE\fR] +Signs the certificate request named \fINAME\fR\fB\-req.pem\fR that was +produced in the previous step, producing a certificate named +\fINAME\fR\fB\-cert.pem\fR. \fITYPE\fR, either \fBswitch\fR (default) or +\fBcontroller\fR, indicates the use for which the key is being +certified. + +This command must be run on the CA machine. + +The command will output a fingerprint to stdout and request that you +verify that it is the same fingerprint output by the \fBreq\fR +command. This ensures that the request being signed is the same one +produced by \fBreq\fR. (The \fB\-b\fR or \fB\-\^\-batch\fR option +suppresses the verification step.) + +The file \fINAME\fR\fB\-cert.pem\fR will need to be copied back to the +switch or controller for which it is intended. Its contents may +safely be made public. + +.TP +\fBreq+sign\fR \fINAME\fR [\fITYPE\fR] +Combines the \fBreq\fR and \fBsign\fR commands into a single step, +outputting all the files produced by each. The +\fINAME\fR\fB\-privkey.pem\fR and \fINAME\fR\fB\-cert.pem\fR files must +be copied securely to the switch or controller. +\fINAME\fR\fB\-privkey.pem\fR has sensitive contents and must not be +exposed in transit. Afterward, it should be deleted from the CA +machine. + +This combined method is, theoretically, less secure than the +individual steps performed separately on two different machines, +because there is additional potential for exposure of the private +key. However, it is also more convenient. + +.TP +\fBverify\fR \fINAME\fR [\fITYPE\fR] +Verifies that \fINAME\fR\fB\-cert.pem\fR is a valid certificate for the +given \fITYPE\fR of use, either \fBswitch\fR (default) or +\fBcontroller\fR. If the certificate is valid for this use, it prints +the message ``\fINAME\fR\fB\-cert.pem\fR: OK''; otherwise, it prints an +error message. + +.TP +\fBfingerprint\fR \fIFILE\fR +Prints the fingerprint for \fIFILE\fR. If \fIFILE\fR is a +certificate, then this is the SHA\-1 digest of the DER encoded version +of the certificate; otherwise, it is the SHA\-1 digest of the entire +file. + +.TP +\fBself-sign\fR \fINAME\fR +Signs the certificate request named \fINAME\fB\-req.pem\fR using the +private key \fINAME\fB-privkey.pem\fR, producing a self-signed +certificate named \fINAMEfB\-cert.pem\fR. The input files should have +been produced with \fBovs\-pki req\fR. + +Some controllers accept such self-signed certificates. + +.SH "ONLINE COMMANDS" + +An OpenFlow PKI can be administered online, in conjunction with +.BR ovs\-pki\-cgi (8) +and a web server such as Apache: + +.IP \(bu +The web server exports the contents of the PKI via HTTP. All files in +a PKI hierarchy files may be made public, except for the files +\fBpki/controllerca/private/cakey.pem\fR and +\fBpki/switchca/private/cakey.pem\fR, which must not be exposed. + +.IP \(bu +\fBovs\-pki\-cgi\fR allows newly generated certificate requests for +controllers and switches to be uploaded into the +\fBpki/controllerca/incoming\fR and \fBpki/switchca/incoming\fR +directories, respectively. Uploaded certificate requests are stored +in those directories under names of the form +\fIFINGERPRINT\fB\-req.pem\fR, which \fIFINGERPRINT\fR is the SHA\-1 +hash of the file. + +.IP \(bu +These \fBovs\-pki\fR commands allow incoming certificate requests to +be approved or rejected, in a form are suitable for use by humans or +other software. + +.PP +The following \fBovs\-pki\fR commands support online administration: + +.TP +\fBovs\-pki\fR \fBls\fR [\fIPREFIX\fR] [\fITYPE\fR] +Lists all of the incoming certificate requests of the given \fITYPE\fR +(either \fBswitch\fR, the default, or \fBcontroller\fR). If +\fIPREFIX\fR, which must be at least 4 characters long, is specified, +it causes the list to be limited to files whose names begin with +\fIPREFIX\fR. This is useful, for example, to avoid typing in an +entire fingerprint when checking that a specific certificate request +has been received. + +.TP +\fBovs\-pki\fR \fBflush\fR [\fITYPE\fR] +Deletes all certificate requests of the given \fITYPE\fR. + +.TP +\fBovs\-pki\fR \fBreject\fR \fIPREFIX\fR [\fITYPE\fR] +Rejects the certificate request whose name begins with \fIPREFIX\fR, +which must be at least 4 characters long, of the given type (either +\fBswitch\fR, the default, or \fBcontroller\fR). \fIPREFIX\fR must +match exactly one certificate request; its purpose is to allow the +user to type fewer characters, not to match multiple certificate +requests. + +.TP +\fBovs\-pki\fR \fBapprove\fR \fIPREFIX\fR [\fITYPE\fR] +Approves the certificate request whose name begins with \fIPREFIX\fR, +which must be at least 4 characters long, of the given \fITYPE\fR +(either \fBswitch\fR, the default, or \fBcontroller\fR). \fIPREFIX\fR +must match exactly one certificate request; its purpose is to allow +the user to type fewer characters, not to match multiple certificate +requests. + +The command will output a fingerprint to stdout and request that you +verify that it is correct. (The \fB\-b\fR or \fB\-\^\-batch\fR option +suppresses the verification step.) + +.TP +\fBovs\-pki\fR \fBprompt\fR [\fITYPE\fR] +Prompts the user for each incoming certificate request of the given +\fITYPE\fR (either \fBswitch\fR, the default, or \fBcontroller\fR). +Based on the certificate request's fingerprint, the user is given the +option of approving, rejecting, or skipping the certificate request. + +.TP +\fBovs\-pki\fR \fBexpire\fR [\fIAGE\fR] + +Rejects all the incoming certificate requests, of either type, that is +older than \fIAGE\fR, which must in one of the forms \fIN\fBs\fR, +\fIN\fBmin\fR, \fIN\fBh\fR, \fIN\fBday\fR. The default is \fB1day\fR. + +.SH OPTIONS +.TP +\fB\-k\fR \fItype\fR | \fB\-\^\-key=\fItype\fR +For the \fBinit\fR command, sets the public key algorithm to use for +the new PKI hierarchy. For the \fBreq\fR and \fBreq+sign\fR commands, +sets the public key algorithm to use for the key to be generated, +which must match the value specified on \fBinit\fR. With other +commands, the value has no effect. + +The \fItype\fR may be \fBrsa\fR (the default) or \fBdsa\fR. + +.TP +\fB\-B\fR \fInbits\fR | \fB\-\^\-bits=\fInbits\fR +Sets the number of bits in the key to be generated. When RSA keys are +in use, this option affects only the \fBinit\fR, \fBreq\fR, and +\fBreq+sign\fR commands, and the same value should be given each time. +With DSA keys are in use, this option affects only the \fBinit\fR +command. + +The value must be at least 1024. The default is 2048. + +.TP +\fB\-D\fR \fIfile\fR | \fB\-\^\-dsaparam=\fIfile\fR +Specifies an alternate location for the \fBdsaparam.pem\fR file +required by the \fBreq\fR and \fBreq+sign\fR commands. This option +affects only these commands, and only when DSA keys are used. + +The default is \fBdsaparam.pem\fR under the PKI hierarchy. + +.TP +\fB\-b\fR | \fB\-\^\-batch\fR +Suppresses the interactive verification of fingerprints that the +\fBsign\fR and \fBapprove\fR commands by default require. + +.TP +\fB\-d\fR \fIdir\fR | \fB\-\^\-dir=\fR\fIdir\fR +Specifies the location of the PKI hierarchy to be used or created by +the command (default: \fB@PKIDIR@\fR). All commands, except \fBreq\fR, +need access to a PKI hierarchy. + +.TP +\fB\-f\fR | \fB\-\^\-force\fR +By default, \fBovs\-pki\fR will not overwrite existing files or +directories. This option overrides this behavior. + +.TP +\fB\-l\fR \fIfile\fR | \fB\-\^\-log=\fIfile\fR +Sets the log file to \fIfile\fR. Default: +\fB@LOGDIR@/ovs\-pki.log\fR. + +.TP +\fB\-h\fR | \fB\-\^\-help\fR +Prints a help usage message and exits. + +.SH "SEE ALSO" + +.BR controller (8), +.BR dpctl (8), +.BR ovs\-pki\-cgi (8), +.BR secchan (8), +.BR udatapath (8) diff --git a/utilities/ovs-pki.in b/utilities/ovs-pki.in new file mode 100755 index 00000000..2e288a95 --- /dev/null +++ b/utilities/ovs-pki.in @@ -0,0 +1,583 @@ +#! /bin/sh + +set -e + +pkidir='@PKIDIR@' +command= +prev= +force=no +batch=no +log='@LOGDIR@/ovs-pki.log' +keytype=rsa +bits=2048 +for option; do + # This option-parsing mechanism borrowed from a Autoconf-generated + # configure script under the following license: + + # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001, + # 2002, 2003, 2004, 2005, 2006, 2009 Free Software Foundation, Inc. + # This configure script is free software; the Free Software Foundation + # gives unlimited permission to copy, distribute and modify it. + + # If the previous option needs an argument, assign it. + if test -n "$prev"; then + eval $prev=\$option + prev= + continue + fi + case $option in + *=*) optarg=`expr "X$option" : '[^=]*=\(.*\)'` ;; + *) optarg=yes ;; + esac + + case $dashdash$option in + --) + dashdash=yes ;; + -h|--help) + cat <&2 + exit 1 + ;; + *) + if test -z "$command"; then + command=$option + elif test -z "${arg1+set}"; then + arg1=$option + elif test -z "${arg2+set}"; then + arg2=$option + else + echo "$option: only two arguments may be specified" >&2 + exit 1 + fi + ;; + esac + shift +done +if test -n "$prev"; then + option=--`echo $prev | sed 's/_/-/g'` + { echo "$as_me: error: missing argument to $option" >&2 + { (exit 1); exit 1; }; } +fi +if test -z "$command"; then + echo "$0: missing command name; use --help for help" >&2 + exit 1 +fi +if test "$keytype" != rsa && test "$keytype" != dsa; then + echo "$0: argument to -k or --key must be rsa or dsa" + exit 1 +fi +if test "$bits" -lt 1024; then + echo "$0: argument to -B or --bits must be at least 1024" + exit 1 +fi +if test -z "$dsaparam"; then + dsaparam=$pkidir/dsaparam.pem +fi +case $log in + /*) ;; + *) $log="$PWD/$log" ;; +esac + +if test "$command" = "init"; then + if test -e "$pkidir" && test "$force" != "yes"; then + echo "$0: $pkidir already exists and --force not specified" >&2 + exit 1 + fi + + if test ! -d "$pkidir"; then + mkdir -p "$pkidir" + fi + cd "$pkidir" + exec 3>>$log + + if test $keytype = dsa && test ! -e dsaparam.pem; then + echo "Generating DSA parameters, please wait..." >&2 + openssl dsaparam -out dsaparam.pem $bits 1>&3 2>&3 + fi + + # Create the CAs. + for ca in controllerca switchca; do + echo "Creating $ca..." >&2 + oldpwd=$PWD + mkdir -p $ca + cd $ca + + mkdir -p certs crl newcerts + mkdir -p -m 0700 private + mkdir -p -m 0733 incoming + touch index.txt + test -e crlnumber || echo 01 > crlnumber + test -e serial || echo 01 > serial + + # Put DSA parameters in directory. + if test $keytype = dsa && test ! -e dsaparam.pem; then + cp ../dsaparam.pem . + fi + + # Write CA configuration file. + if test ! -e ca.cnf; then + sed "s/@ca@/$ca/g" > ca.cnf <<'EOF' +[ req ] +prompt = no +distinguished_name = req_distinguished_name + +[ req_distinguished_name ] +C = US +ST = CA +L = Palo Alto +O = OpenVSwitch +OU = @ca@ +CN = OpenVSwitch @ca@ CA Certificate + +[ ca ] +default_ca = the_ca + +[ the_ca ] +dir = . # top dir +database = $dir/index.txt # index file. +new_certs_dir = $dir/newcerts # new certs dir +certificate = $dir/cacert.pem # The CA cert +serial = $dir/serial # serial no file +private_key = $dir/private/cakey.pem# CA private key +RANDFILE = $dir/private/.rand # random number file +default_days = 365 # how long to certify for +default_crl_days= 30 # how long before next CRL +default_md = md5 # md to use +policy = policy # default policy +email_in_dn = no # Don't add the email into cert DN +name_opt = ca_default # Subject name display option +cert_opt = ca_default # Certificate display option +copy_extensions = none # Don't copy extensions from request + +# For the CA policy +[ policy ] +countryName = optional +stateOrProvinceName = optional +organizationName = match +organizationalUnitName = optional +commonName = supplied +emailAddress = optional +EOF + fi + + # Create certificate authority. + if test $keytype = dsa; then + newkey=dsa:dsaparam.pem + else + newkey=rsa:$bits + fi + openssl req -config ca.cnf -nodes \ + -newkey $newkey -keyout private/cakey.pem -out careq.pem \ + 1>&3 2>&3 + openssl ca -config ca.cnf -create_serial -out cacert.pem \ + -days 1095 -batch -keyfile private/cakey.pem -selfsign \ + -infiles careq.pem 1>&3 2>&3 + chmod 0700 private/cakey.pem + + cd "$oldpwd" + done + exit 0 +fi + +one_arg() { + if test -z "$arg1" || test -n "$arg2"; then + echo "$0: $command must have exactly one argument; use --help for help" >&2 + exit 1 + fi +} + +zero_or_one_args() { + if test -n "$arg2"; then + echo "$0: $command must have zero or one arguments; use --help for help" >&2 + exit 1 + fi +} + +one_or_two_args() { + if test -z "$arg1"; then + echo "$0: $command must have one or two arguments; use --help for help" >&2 + exit 1 + fi +} + +must_not_exist() { + if test -e "$1" && test "$force" != "yes"; then + echo "$0: $1 already exists and --force not supplied" >&2 + exit 1 + fi +} + +resolve_prefix() { + test -n "$type" || exit 123 # Forgot to call check_type? + + case $1 in + ????*) + ;; + *) + echo "Prefix $arg1 is too short (less than 4 hex digits)" + exit 0 + ;; + esac + + fingerprint=$(cd "$pkidir/${type}ca/incoming" && echo "$1"*-req.pem + | sed 's/-req\.pem$//') + case $fingerprint in + "${1}*") + echo "No certificate requests matching $1" + exit 1 + ;; + *" "*) + echo "$1 matches more than one certificate request:" + echo $fingerprint | sed 's/ /\ +/g' + exit 1 + ;; + *) + # Nothing to do. + ;; + esac + req="$pkidir/${type}ca/incoming/$fingerprint-req.pem" + cert="$pkidir/${type}ca/certs/$fingerprint-cert.pem" +} + +make_tmpdir() { + TMP=/tmp/ovs-pki.tmp$$ + rm -rf $TMP + trap "rm -rf $TMP" 0 + mkdir -m 0700 $TMP +} + +fingerprint() { + local file=$1 + local name=${1-$2} + local date=$(date -r $file) + local fingerprint + if grep -q -e '-BEGIN CERTIFICATE-' "$file"; then + fingerprint=$(openssl x509 -noout -in "$file" -fingerprint | + sed 's/SHA1 Fingerprint=//' | tr -d ':') + else + fingerprint=$(sha1sum "$file" | awk '{print $1}') + fi + printf "$name\\t$date\\n" + case $file in + $fingerprint*) + printf "\\t(correct fingerprint in filename)\\n" + ;; + *) + printf "\\tfingerprint $fingerprint\\n" + ;; + esac +} + +verify_fingerprint() { + fingerprint "$@" + if test $batch != yes; then + echo "Does fingerprint match? (yes/no)" + read answer + if test "$answer" != yes; then + echo "Match failure, aborting" >&2 + exit 1 + fi + fi +} + +check_type() { + if test x = x"$1"; then + type=switch + elif test "$1" = switch || test "$1" = controller; then + type=$1 + else + echo "$0: type argument must be 'switch' or 'controller'" >&2 + exit 1 + fi +} + +parse_age() { + number=$(echo $1 | sed 's/^\([0-9]\+\)\([[:alpha:]]\+\)/\1/') + unit=$(echo $1 | sed 's/^\([0-9]\+\)\([[:alpha:]]\+\)/\2/') + case $unit in + s) + factor=1 + ;; + min) + factor=60 + ;; + h) + factor=3600 + ;; + day) + factor=86400 + ;; + *) + echo "$1: age not in the form Ns, Nmin, Nh, Nday (e.g. 1day)" >&2 + exit 1 + ;; + esac + echo $(($number * $factor)) +} + +must_exist() { + if test ! -e "$1"; then + echo "$0: $1 does not exist" >&2 + exit 1 + fi +} + +pkidir_must_exist() { + if test ! -e "$pkidir"; then + echo "$0: $pkidir does not exist (need to run 'init' or use '--dir'?)" >&2 + exit 1 + elif test ! -d "$pkidir"; then + echo "$0: $pkidir is not a directory" >&2 + exit 1 + fi +} + +make_request() { + must_not_exist "$arg1-privkey.pem" + must_not_exist "$arg1-req.pem" + make_tmpdir + cat > "$TMP/req.cnf" <&3 2>&3 +} + +sign_request() { + must_exist "$1" + must_not_exist "$2" + pkidir_must_exist + + (cd "$pkidir/${type}ca" && + openssl ca -config ca.cnf -batch -in /dev/stdin) \ + < "$1" > "$2.tmp$$" 2>&3 + mv "$2.tmp$$" "$2" +} + +glob() { + local files=$(echo $1) + if test "$files" != "$1"; then + echo "$files" + fi +} + +exec 3>>$log || true +if test "$command" = req; then + one_arg + + make_request "$arg1" + fingerprint "$arg1-req.pem" +elif test "$command" = sign; then + one_or_two_args + check_type "$arg2" + verify_fingerprint "$arg1-req.pem" + + sign_request "$arg1-req.pem" "$arg2-cert.pem" +elif test "$command" = req+sign; then + one_or_two_args + check_type "$arg2" + + pkidir_must_exist + make_request "$arg1" + sign_request "$arg1-req.pem" "$arg1-cert.pem" + fingerprint "$arg1-req.pem" +elif test "$command" = verify; then + one_or_two_args + must_exist "$arg1-cert.pem" + check_type "$arg2" + + pkidir_must_exist + openssl verify -CAfile "$pkidir/${type}ca/cacert.pem" "$arg1-cert.pem" +elif test "$command" = fingerprint; then + one_arg + + fingerprint "$arg1" +elif test "$command" = self-sign; then + one_arg + must_exist "$arg1-req.pem" + must_exist "$arg1-privkey.pem" + must_not_exist "$arg1-cert.pem" + + openssl x509 -in "$arg1-req.pem" -out "$arg1-cert.pem" \ + -signkey "$arg1-privkey.pem" -req -text 2>&3 +elif test "$command" = ls; then + check_type "$arg2" + + cd "$pkidir/${type}ca/incoming" + for file in $(glob "$arg1*-req.pem"); do + fingerprint $file + done +elif test "$command" = flush; then + check_type "$arg1" + + rm -f "$pkidir/${type}ca/incoming/"* +elif test "$command" = reject; then + one_or_two_args + check_type "$arg2" + resolve_prefix "$arg1" + + rm -f "$req" +elif test "$command" = approve; then + one_or_two_args + check_type "$arg2" + resolve_prefix "$arg1" + + make_tmpdir + cp "$req" "$TMP/$req" + verify_fingerprint "$TMP/$req" + sign_request "$TMP/$req" + rm -f "$req" "$TMP/$req" +elif test "$command" = prompt; then + zero_or_one_args + check_type "$arg1" + + make_tmpdir + cd "$pkidir/${type}ca/incoming" + for req in $(glob "*-req.pem"); do + cp "$req" "$TMP/$req" + + cert=$(echo "$pkidir/${type}ca/certs/$req" | + sed 's/-req.pem/-cert.pem/') + if test -f $cert; then + echo "Request $req already approved--dropping duplicate request" + rm -f "$req" "$TMP/$req" + continue + fi + + echo + echo + fingerprint "$TMP/$req" "$req" + printf "Disposition for this request (skip/approve/reject)? " + read answer + case $answer in + approve) + echo "Approving $req" + sign_request "$TMP/$req" "$cert" + rm -f "$req" "$TMP/$req" + ;; + r*) + echo "Rejecting $req" + rm -f "$req" "$TMP/$req" + ;; + *) + echo "Skipping $req" + ;; + esac + done +elif test "$command" = expire; then + zero_or_one_args + cutoff=$(($(date +%s) - $(parse_age ${arg1-1day}))) + for type in switch controller; do + cd "$pkidir/${type}ca/incoming" || exit 1 + for file in $(glob "*"); do + time=$(date -r "$file" +%s) + if test "$time" -lt "$cutoff"; then + rm -f "$file" + fi + done + done +else + echo "$0: $command command unknown; use --help for help" >&2 + exit 1 +fi diff --git a/utilities/vlogconf.8.in b/utilities/vlogconf.8.in index 7cbd374e..0c251929 100644 --- a/utilities/vlogconf.8.in +++ b/utilities/vlogconf.8.in @@ -4,11 +4,11 @@ . ns . IP "\\$1" .. -.TH vlogconf 8 "April 2009" "OpenFlow" "OpenFlow Manual" +.TH vlogconf 8 "April 2009" "OpenVSwitch" "OpenVSwitch Manual" .ds PN vlogconf .SH NAME -vlogconf \- configuration utility for OpenFlow logging in userspace +vlogconf \- configuration utility for OpenVSwitch logging in userspace .SH SYNOPSIS \fBvlogconf\fR [\fB-h\fR | \fB--help\fR] [\fItarget\fR...] [\fIaction\fR...] @@ -27,8 +27,8 @@ The available \fIaction\fR options are: .SH DESCRIPTION The \fBvlogconf\fR program configures the logging system used by -OpenFlow userspace programs. The logging configuration may be modified -while OpenFlow programs are running. +OpenVSwitch userspace programs. The logging configuration may be modified +while OpenVSwitch programs are running. \fBvlogconf\fR applies one or more actions to each of one or more target processes. Targets may be specified using: diff --git a/utilities/vlogconf.c b/utilities/vlogconf.c index 1ce01bda..d091dd08 100644 --- a/utilities/vlogconf.c +++ b/utilities/vlogconf.c @@ -167,7 +167,7 @@ int main(int argc, char *argv[]) break; } if (!strchr("th", option) && n_clients == 0) { - ofp_fatal(0, "no targets specified (use --help for help)"); + ovs_fatal(0, "no targets specified (use --help for help)"); } else { ++n_actions; } diff --git a/vswitchd/automake.mk b/vswitchd/automake.mk index 2bd8ac0e..4b31be29 100644 --- a/vswitchd/automake.mk +++ b/vswitchd/automake.mk @@ -21,7 +21,7 @@ vswitchd_vswitchd_SOURCES = \ vswitchd/xenserver.h vswitchd_vswitchd_LDADD = \ secchan/libsecchan.a \ - lib/libopenflow.a \ + lib/libopenvswitch.a \ $(FAULT_LIBS) \ $(SSL_LIBS) @@ -29,7 +29,7 @@ vswitchd_brcompatd_SOURCES = \ vswitchd/brcompatd.c vswitchd_brcompatd_LDADD = \ - lib/libopenflow.a \ + lib/libopenvswitch.a \ $(FAULT_LIBS) EXTRA_DIST += vswitchd/vswitchd.conf.5.in \ diff --git a/vswitchd/brcompatd.8.in b/vswitchd/brcompatd.8.in index 7cc8149e..7566f6d7 100644 --- a/vswitchd/brcompatd.8.in +++ b/vswitchd/brcompatd.8.in @@ -1,4 +1,4 @@ -.TH brcompatd 8 "March 2009" "OpenFlow" "OpenFlow Manual" +.TH brcompatd 8 "March 2009" "OpenVSwitch" "OpenVSwitch Manual" .ds PN brcompatd . .SH NAME @@ -47,4 +47,4 @@ loaded. .BR vswitchd (8), .BR vswitchd.conf (5), .BR vlogconf (8), -\fBINSTALL\fR in the OpenFlow distribution. +\fBINSTALL\fR in the OpenVSwitch distribution. diff --git a/vswitchd/brcompatd.c b/vswitchd/brcompatd.c index 929f8387..f2d06d0d 100644 --- a/vswitchd/brcompatd.c +++ b/vswitchd/brcompatd.c @@ -33,7 +33,6 @@ #include #include -#include "openflow/brcompat-netlink.h" #include "cfg.h" #include "command-line.h" #include "daemon.h" @@ -44,6 +43,7 @@ #include "netdev.h" #include "netlink.h" #include "ofpbuf.h" +#include "openvswitch/brcompat-netlink.h" #include "poll-loop.h" #include "process.h" #include "signals.h" @@ -579,17 +579,17 @@ main(int argc, char *argv[]) retval = unixctl_server_create(NULL, &unixctl); if (retval) { - ofp_fatal(retval, "could not listen for vlog connections"); + ovs_fatal(retval, "could not listen for vlog connections"); } if (brc_open(&brc_sock)) { - ofp_fatal(0, "could not open brcompat socket. Check " + ovs_fatal(0, "could not open brcompat socket. Check " "\"brcompat\" kernel module."); } if (prune_timeout) { if (nl_sock_create(NETLINK_ROUTE, RTNLGRP_LINK, 0, 0, &rtnl_sock)) { - ofp_fatal(0, "could not create rtnetlink socket"); + ovs_fatal(0, "could not create rtnetlink socket"); } } @@ -702,14 +702,14 @@ parse_options(int argc, char *argv[]) argv += optind; if (argc != 1) { - ofp_fatal(0, "config file is only non-option argument; " + ovs_fatal(0, "config file is only non-option argument; " "use --help for usage"); } config_file = argv[0]; error = cfg_set_file(config_file); if (error) { - ofp_fatal(error, "failed to add configuration file \"%s\"", + ovs_fatal(error, "failed to add configuration file \"%s\"", config_file); } } diff --git a/vswitchd/bridge.c b/vswitchd/bridge.c index 410d28f3..24c74769 100644 --- a/vswitchd/bridge.c +++ b/vswitchd/bridge.c @@ -34,7 +34,6 @@ #include #include #include -#include #include #include #include @@ -777,8 +776,7 @@ bridge_create(const char *name) error = ofproto_create(name, &bridge_ofhooks, br, &br->ofproto); if (error) { - VLOG_ERR("failed to create OpenFlow switch %s: %s", - name, strerror(error)); + VLOG_ERR("failed to create switch %s: %s", name, strerror(error)); dpif_delete(&br->dpif); dpif_close(&br->dpif); free(br); @@ -1108,7 +1106,7 @@ bridge_reconfigure_one(struct bridge *br) cfg_get_all_strings(&listeners, "bridge.%s.openflow.listeners", br->name); if (!listeners.n) { svec_add_nocopy(&listeners, xasprintf("punix:%s/%s.mgmt", - ofp_rundir, br->name)); + ovs_rundir, br->name)); } else if (listeners.n == 1 && !strcmp(listeners.names[0], "none")) { svec_clear(&listeners); } @@ -1129,7 +1127,7 @@ bridge_reconfigure_one(struct bridge *br) cfg_get_all_strings(&snoops, "bridge.%s.openflow.snoops", br->name); if (!snoops.n) { svec_add_nocopy(&snoops, xasprintf("punix:%s/%s.snoop", - ofp_rundir, br->name)); + ovs_rundir, br->name)); } else if (snoops.n == 1 && !strcmp(snoops.names[0], "none")) { svec_clear(&snoops); } @@ -1390,8 +1388,8 @@ swap_dst(struct dst *p, struct dst *q) /* Moves all the dsts with vlan == 'vlan' to the front of the 'n_dsts' in * 'dsts'. (This may help performance by reducing the number of VLAN changes - * that we push over OpenFlow. We could in fact fully sort the array by vlan, - * but in most cases there are at most two different vlan tags so that's + * that we push to the datapath. We could in fact fully sort the array by + * vlan, but in most cases there are at most two different vlan tags so that's * possibly overkill.) */ static void partition_dsts(struct dst *dsts, size_t n_dsts, int vlan) diff --git a/vswitchd/etc/init.d/vswitch b/vswitchd/etc/init.d/vswitch index 737ec8c4..bee066c5 100755 --- a/vswitchd/etc/init.d/vswitch +++ b/vswitchd/etc/init.d/vswitch @@ -131,8 +131,8 @@ function remove_all_dp { } function insert_modules_if_required { - if ! lsmod | grep -q "openflow_mod"; then - action "Inserting openflow module" insmod $VSWITCH_BASE/kernel_modules/openflow_mod.ko + if ! lsmod | grep -q "openvswitch_mod"; then + action "Inserting openvswitch module" insmod $VSWITCH_BASE/kernel_modules/openvswitch_mod.ko fi if [ -n "$BRCOMPATD_PIDFILE" ] && ! lsmod | grep -q "brcompat_mod"; then action "Inserting brcompat module" insmod $VSWITCH_BASE/kernel_modules/brcompat_mod.ko @@ -143,8 +143,8 @@ function remove_modules { if lsmod | grep -q "brcompat_mod"; then action "Removing brcompat module" rmmod brcompat_mod.ko fi - if lsmod | grep -q "openflow_mod"; then - action "Removing openflow module" rmmod openflow_mod.ko + if lsmod | grep -q "openvswitch_mod"; then + action "Removing openvswitch module" rmmod openvswitch_mod.ko fi } diff --git a/vswitchd/etc/sysconfig/vswitch.example b/vswitchd/etc/sysconfig/vswitch.example index 4fd57598..6600d151 100644 --- a/vswitchd/etc/sysconfig/vswitch.example +++ b/vswitchd/etc/sysconfig/vswitch.example @@ -1,7 +1,7 @@ ### Configuration options for vswitch # VSWITCH_BASE: Root directory where vswitch binaries are installed -# VSWITCH_BASE=/root/vswitch/openflow/build +# VSWITCH_BASE=/root/vswitch/openvswitch/build # ENABLE_BRCOMPAT: If 'y' than emulate linux bridging interfaces # using the brcompat kernel module and brcompatd daemon diff --git a/vswitchd/proc-net-compat.c b/vswitchd/proc-net-compat.c index 9b564785..cd4324a7 100644 --- a/vswitchd/proc-net-compat.c +++ b/vswitchd/proc-net-compat.c @@ -27,7 +27,7 @@ #include "netlink-protocol.h" #include "netlink.h" #include "ofpbuf.h" -#include "openflow/brcompat-netlink.h" +#include "openvswitch/brcompat-netlink.h" #include "hmap.h" #include "shash.h" #include "svec.h" diff --git a/vswitchd/vswitchd.8.in b/vswitchd/vswitchd.8.in index 4a2b4953..e85a7f14 100644 --- a/vswitchd/vswitchd.8.in +++ b/vswitchd/vswitchd.8.in @@ -1,23 +1,23 @@ -.TH vswitchd 8 "March 2009" "OpenFlow" "OpenFlow Manual" +.TH vswitchd 8 "March 2009" "OpenVSwitch" "OpenVSwitch Manual" .ds PN vswitchd . .SH NAME -vswitchd \- OpenFlow-based virtual switch daemon +vswitchd \- virtual switch daemon . .SH SYNOPSIS .B vswitchd \fIconfig\fR . .SH DESCRIPTION -A daemon that manages and controls any number of OpenFlow-based -virtual switches on the local machine. +A daemon that manages and controls any number of virtual switches on +the local machine. .PP The mandatory \fIconfig\fR argument specifies a configuration file. For a description of \fBvswitchd\fR configuration syntax, see \fBvswitchd.conf\fR(5). .PP At startup or upon receipt of a \fBSIGHUP\fR signal, \fBvswitchd\fR -reads the configuration file. It sets up OpenFlow datapaths and then +reads the configuration file. It sets up OpenVSwitch datapaths and then operates switching across each bridge described in its configuration files. If a logfile was specified on the command line it will also be opened or reopened. @@ -50,19 +50,18 @@ Connectivity to an external OpenFlow controller, such as NOX. .PP Only a single instance of \fBvswitchd\fR is intended to run at a time. A single \fBvswitchd\fR can manage any number of virtual switches, up -to the maximum number of datapaths supported by the OpenFlow -implementation. +to the maximum number of supported OpenVSwitch datapaths. .PP -\fBvswitchd\fR does all the necessary management of OpenFlow datapaths +\fBvswitchd\fR does all the necessary management of OpenVSwitch datapaths itself. Thus, external tools, such \fBdpctl\fR(8), are not needed for managing datapaths in conjunction with \fBvswitchd\fR, and their use to modify datapaths when \fBvswitchd\fR is running can interfere with its operation. (\fBdpctl\fR may still be useful for diagnostics.) .PP -An OpenFlow datapath kernel module must be loaded for \fBvswitchd\fR +An OpenVSwitch datapath kernel module must be loaded for \fBvswitchd\fR to be useful. Please refer to the \fBINSTALL\fR file included in the -OpenFlow source distribution for instructions on how to build and load -the OpenFlow kernel module. +OpenVSwitch distribution for instructions on how to build and load +the OpenVSwitch kernel module. .PP .SH OPTIONS .IP "\fB--fake-proc-net\fR" @@ -79,7 +78,7 @@ to be loaded. . .SH "BUGS" . -Only OpenFlow kernel-based datapaths are currently supported. In the +Only OpenVSwitch kernel-based datapaths are currently supported. In the future, this restriction may be lifted. .PP Only Linux 2.6.\fIx\fR is currently supported. @@ -88,4 +87,4 @@ Only Linux 2.6.\fIx\fR is currently supported. .BR vswitchd.conf (5), .BR brcompatd (8), .BR vlogconf (8), -\fBINSTALL\fR in the OpenFlow distribution. +\fBINSTALL\fR in the OpenVSwitch distribution. diff --git a/vswitchd/vswitchd.c b/vswitchd/vswitchd.c index e10ee3a2..abd54356 100644 --- a/vswitchd/vswitchd.c +++ b/vswitchd/vswitchd.c @@ -87,7 +87,7 @@ main(int argc, char *argv[]) retval = unixctl_server_create(NULL, &unixctl); if (retval) { - ofp_fatal(retval, "could not listen for control connections"); + ovs_fatal(retval, "could not listen for control connections"); } unixctl_command_register("vswitchd/reload", reload); @@ -196,7 +196,7 @@ parse_options(int argc, char *argv[]) case OPT_FAKE_PROC_NET: error = proc_net_compat_init(); if (error) { - ofp_fatal(error, "failed to initialize /proc/net " + ovs_fatal(error, "failed to initialize /proc/net " "compatibility"); } break; @@ -225,14 +225,14 @@ parse_options(int argc, char *argv[]) argv += optind; if (argc != 1) { - ofp_fatal(0, "config file is only non-option argument; " + ovs_fatal(0, "config file is only non-option argument; " "use --help for usage"); } config_file = argv[0]; error = cfg_set_file(config_file); if (error) { - ofp_fatal(error, "failed to add configuration file \"%s\"", + ovs_fatal(error, "failed to add configuration file \"%s\"", config_file); } } diff --git a/vswitchd/vswitchd.conf.5.in b/vswitchd/vswitchd.conf.5.in index a6fc8c96..e9103c7f 100644 --- a/vswitchd/vswitchd.conf.5.in +++ b/vswitchd/vswitchd.conf.5.in @@ -16,7 +16,7 @@ . RE . PP .. -.TH vswitchd.conf 5 "April 2009" "OpenFlow" "OpenFlow Manual" +.TH vswitchd.conf 5 "April 2009" "OpenVSwitch" "OpenVSwitch Manual" . .SH NAME vswitchd.conf \- configuration file for \fBvswitchd\fR