From: Justin Pettit Date: Thu, 23 Oct 2008 00:17:50 +0000 (-0700) Subject: Switch default OpenFlow port from 975 and 976 to 6633. X-Git-Url: https://pintos-os.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f1126f43ad62618cf1b6f6ab48d9635fc5cbcad6;p=openvswitch Switch default OpenFlow port from 975 and 976 to 6633. --- diff --git a/INSTALL b/INSTALL index 58b6cbf1..c201b149 100644 --- a/INSTALL +++ b/INSTALL @@ -380,7 +380,7 @@ integrated userspace program. # controller ptcp: & - This command causes the controller to bind to port 975 (the + This command causes the controller to bind to port 6633 (the default) awaiting connections from OpenFlow switches. See controller(8) for details. @@ -469,7 +469,7 @@ Controller Setup On the machine that is to be the OpenFlow controller, start the "controller" program listening for connections from switches on TCP -port 975 (the default), as shown below. (Because it listens on a +port 6633 (the default), as shown below. (Because it listens on a low-numbered port, this command must run as root.) # controller -v ptcp: @@ -495,7 +495,7 @@ userspace datapath-based switches do not have this limitation.) the IP address of the controller as the first argument to the switch program, and the network devices to include in the switch as arguments to the -i option. For example, if the controller is - running on host 192.168.1.2 port 975 (the default port), and eth1 + running on host 192.168.1.2 port 6633 (the default port), and eth1 and eth2 are to be the switch ports, the switch invocation would look like this: @@ -564,7 +564,7 @@ every OpenFlow distribution. 4. Run secchan to start the secure channel connecting the datapath to a remote controller. If the controller is running on host - 192.168.1.2 port 975 (the default port), the secchan invocation + 192.168.1.2 port 6633 (the default port), the secchan invocation would look like this: # secchan unix:/var/run/dp0.sock tcp:192.168.1.2 @@ -657,7 +657,7 @@ The OpenFlow kernel module must be loaded, as described under 4. Run secchan to start the secure channel connecting the datapath to a remote controller. If the controller is running on host - 192.168.1.2 port 975 (the default port), the secchan invocation + 192.168.1.2 port 6633 (the default port), the secchan invocation would look like this: # secchan nl:0 tcp:192.168.1.2 @@ -697,7 +697,7 @@ controllers and one for switches. If you have an established PKI, OpenFlow can use it directly. Otherwise, refer to "Establishing a Public Key Infrastructure" below. -To configure the controller to listen for SSL connections on port 976 +To configure the controller to listen for SSL connections on port 6633 (the default), invoke it as follows: # controller -v pssl: --private-key=PRIVKEY --certificate=CERT \ @@ -712,7 +712,7 @@ with the instructions below, then the invocation would look like: # controller -v pssl: --private-key=ctl-privkey.pem \ --certificate=ctl-cert.pem --ca-cert=pki/switchca/cacert.pem -To configure a switch to connect to a controller running on port 976 +To configure a switch to connect to a controller running on port 6633 (the default) on host 192.168.1.2 over SSL, invoke secchan as follows: # secchan -v DATAPATH ssl:192.168.1.2 --private-key=PRIVKEY \ diff --git a/controller/controller.8.in b/controller/controller.8.in index 1df6b752..26c7c4cb 100644 --- a/controller/controller.8.in +++ b/controller/controller.8.in @@ -19,14 +19,14 @@ one or more of the following OpenFlow connection methods: .TP \fBpssl:\fR[\fIport\fR] Listens for SSL connections from remote OpenFlow switches on -\fIport\fR (default: 976). The \fB--private-key\fR, +\fIport\fR (default: 6633). The \fB--private-key\fR, \fB--certificate\fR, and \fB--ca-cert\fR options are mandatory when this form is used. .TP \fBptcp:\fR[\fIport\fR] Listens for TCP connections from remote OpenFlow switches on -\fIport\fR (default: 975). +\fIport\fR (default: 6633). .TP \fBpunix:\fIfile\fR @@ -42,13 +42,13 @@ module for Linux loaded. .TP \fBssl:\fIhost\fR[\fB:\fIport\fR] -The specified SSL \fIport\fR (default: 976) on the given remote +The specified SSL \fIport\fR (default: 6633) on the given remote \fIhost\fR. The \fB--private-key\fR, \fB--certificate\fR, and \fB--ca-cert\fR options are mandatory when this form is used. .TP \fBtcp:\fIhost\fR[\fB:\fIport\fR] -The specified TCP \fIport\fR (default: 975) on the given remote +The specified TCP \fIport\fR (default: 6633) on the given remote \fIhost\fR. .TP @@ -181,7 +181,7 @@ To connect directly to local datapath 0 over netlink (Linux only): .B % controller nl:0 .TP -To bind locally to port 975 (the default) and wait for incoming connections from OpenFlow switches: +To bind locally to port 6633 (the default) and wait for incoming connections from OpenFlow switches: .B % controller ptcp: diff --git a/debian/openflow-controller.default b/debian/openflow-controller.default index a8275462..3b84b62a 100644 --- a/debian/openflow-controller.default +++ b/debian/openflow-controller.default @@ -5,11 +5,11 @@ # This is a space-delimited list of connection methods: # # * "pssl:[PORT]": Listen for SSL connections on the specified PORT -# (default: 976). The private key, certificate, and CA certificate +# (default: 6633). The private key, certificate, and CA certificate # must be specified below. # # * "pctp:[PORT]": Listen for TCP connections on the specified PORT -# (default: 975). Not recommended for security reasons. +# (default: 6633). Not recommended for security reasons. # # * "nl:DP_IDX": Listen on local datapath DP_IDX. Used only if this # machine is also an OpenFlow switch and not running the secure diff --git a/debian/openflow-switch.default b/debian/openflow-switch.default index a2b19b2c..6088581a 100644 --- a/debian/openflow-switch.default +++ b/debian/openflow-switch.default @@ -60,8 +60,8 @@ SWITCH_IP=dhcp # CONTROLLER: Location of controller. # One of the following formats: -# tcp:HOST[:PORT] via TCP to PORT (default: 975) on HOST -# ssl:HOST[:PORT] via SSL to PORT (default: 976) on HOST +# tcp:HOST[:PORT] via TCP to PORT (default: 6633) on HOST +# ssl:HOST[:PORT] via SSL to PORT (default: 6633) on HOST # The default below assumes that the controller is running locally. # This setting has no effect when MODE is set to 'discovery'. #CONTROLLER="tcp:127.0.0.1" diff --git a/doc/of-spec/openflow-spec-v0.9-draft3.tex b/doc/of-spec/openflow-spec-v0.9-draft3.tex index 81248b03..cbc16fe0 100755 --- a/doc/of-spec/openflow-spec-v0.9-draft3.tex +++ b/doc/of-spec/openflow-spec-v0.9-draft3.tex @@ -293,7 +293,7 @@ If the \verb|DELETE| command is used, the wildcards are \subsection{Switch/Controller Connection} The switch and controller communicate through an SSL connection. The switch must be able to establish the communication at a user-configurable (but otherwise fixed) IP address, using a user-specified port. Traffic to and from the secure channel is not checked against the flow table. Therefore, the switch must identify incoming traffic as local before checking it against the flow table. Future versions of the protocol specification will describe a dynamic controller discovery protocol in which the IP address and port for communicating with the controller is determined at runtime. \\\\ -The SSL connection is initiated by the switch on startup to the controllerÕs server, which is located by default on TCP port 976. The switch and controller mutually authenticate by exchanging certificates signed by a site-specific private key. Each switch must be user-configurable with one certificate for authenticating the controller (controller certificate) and the other for authenticating to the controller (switch certificate). +The SSL connection is initiated by the switch on startup to the controllerÕs server, which is located by default on TCP port 6633. The switch and controller mutually authenticate by exchanging certificates signed by a site-specific private key. Each switch must be user-configurable with one certificate for authenticating the controller (controller certificate) and the other for authenticating to the controller (switch certificate). \subsection{OpenFlow Protocol Overview} The controller configures and manages the switch, and receives events from the switch, via the OpenFlow protocol, on the secure channel. @@ -335,4 +335,4 @@ Symmetric messages are sent without solicitation, in either direction. -\end{document} \ No newline at end of file +\end{document} diff --git a/include/openflow.h b/include/openflow.h index 202fd5a0..3215b192 100644 --- a/include/openflow.h +++ b/include/openflow.h @@ -68,8 +68,8 @@ #define OFP_MAX_TABLE_NAME_LEN 32 #define OFP_MAX_PORT_NAME_LEN 16 -#define OFP_TCP_PORT 975 -#define OFP_SSL_PORT 976 +#define OFP_TCP_PORT 6633 +#define OFP_SSL_PORT 6633 #define OFP_ETH_ALEN 6 /* Bytes in an Ethernet address. */ diff --git a/secchan/secchan.8.in b/secchan/secchan.8.in index 642a31da..beb57b04 100644 --- a/secchan/secchan.8.in +++ b/secchan/secchan.8.in @@ -33,13 +33,13 @@ the OpenFlow controller. It takes one of the following forms: .TP \fBssl:\fIhost\fR[\fB:\fIport\fR] -The specified SSL \fIport\fR (default: 976) on the given remote +The specified SSL \fIport\fR (default: 6633) on the given remote \fIhost\fR. The \fB--private-key\fR, \fB--certificate\fR, and \fB--ca-cert\fR options are mandatory when this form is used. .TP \fBtcp:\fIhost\fR[\fB:\fIport\fR] -The specified TCP \fIport\fR (default: 975) on the given remote +The specified TCP \fIport\fR (default: 6633) on the given remote \fIhost\fR. .TP @@ -310,13 +310,13 @@ multiple connection methods. .RS .TP \fBpssl:\fR[\fIport\fR] -Listens for SSL connections on \fIport\fR (default: 976). The +Listens for SSL connections on \fIport\fR (default: 6633). The \fB--private-key\fR, \fB--certificate\fR, and \fB--ca-cert\fR options are mandatory when this form is used. .TP \fBptcp:\fR[\fIport\fR] -Listens for TCP connections on \fIport\fR (default: 975). +Listens for TCP connections on \fIport\fR (default: 6633). .TP \fBpunix:\fIfile\fR diff --git a/switch/switch.8.in b/switch/switch.8.in index dfa114ad..aa1bbc42 100644 --- a/switch/switch.8.in +++ b/switch/switch.8.in @@ -33,13 +33,13 @@ the OpenFlow controller. It takes one of the following forms: .TP \fBssl:\fIhost\fR[\fB:\fIport\fR] -The specified SSL \fIport\fR (default: 976) on the given remote +The specified SSL \fIport\fR (default: 6633) on the given remote \fIhost\fR. The \fB--private-key\fR, \fB--certificate\fR, and \fB--ca-cert\fR options are mandatory when this form is used. .TP \fBtcp:\fIhost\fR[\fB:\fIport\fR] -The specified TCP \fIport\fR (default: 975) on the given remote +The specified TCP \fIport\fR (default: 6633) on the given remote \fIhost\fR. .TP diff --git a/third-party/README b/third-party/README index 2621cdc3..15f4d647 100644 --- a/third-party/README +++ b/third-party/README @@ -24,7 +24,7 @@ Clearly, tcpdump can only parse unencrypted packets, so you will need to connect the controller and datapath using plain TCP. To look at the traffic, tcpdump will be started in a manner similar to the following: - sudo ./tcpdump -s0 -i eth0 port 975 + sudo ./tcpdump -s0 -i eth0 port 6633 The "-s0" flag indicates that tcpdump should capture the entire packet. If the OpenFlow message is not received in its entirety, "[|openflow]" will diff --git a/utilities/dpctl.8 b/utilities/dpctl.8 index c31ad04a..a1fcd077 100644 --- a/utilities/dpctl.8 +++ b/utilities/dpctl.8 @@ -28,13 +28,13 @@ that the local host has the OpenFlow kernel module for Linux loaded. .TP \fBssl:\fIhost\fR[\fB:\fIport\fR] -The specified SSL \fIport\fR (default: 976) on the given remote +The specified SSL \fIport\fR (default: 6633) on the given remote \fIhost\fR. The \fB--private-key\fR, \fB--certificate\fR, and \fB--ca-cert\fR options are mandatory when this form is used. .TP \fBtcp:\fIhost\fR[\fB:\fIport\fR] -The specified TCP \fIport\fR (default: 975) on the given remote +The specified TCP \fIport\fR (default: 6633) on the given remote \fIhost\fR. .TP