From abdfe47476cc1a192e329f428b3740a3fae8390d Mon Sep 17 00:00:00 2001 From: Justin Pettit Date: Thu, 15 Jul 2010 23:37:35 -0700 Subject: [PATCH] vswitchd: Don't act as learning switch in secure mode with no controllers Don't act as a learning switch when the fail-mode is "secure" and no controllers are defined. This allows the bridge to come up in a state where it won't pass any traffic until a controller has told it to do so. --- ofproto/ofproto.c | 6 ++++++ ofproto/ofproto.h | 1 + vswitchd/bridge.c | 25 +++++++++++++++++-------- vswitchd/vswitch.xml | 5 +++-- 4 files changed, 27 insertions(+), 10 deletions(-) diff --git a/ofproto/ofproto.c b/ofproto/ofproto.c index 69004bc4..52e4fe3b 100644 --- a/ofproto/ofproto.c +++ b/ofproto/ofproto.c @@ -889,6 +889,12 @@ ofproto_has_controller(const struct ofproto *ofproto) return !hmap_is_empty(&ofproto->controllers); } +enum ofproto_fail_mode +ofproto_get_fail_mode(const struct ofproto *p) +{ + return p->fail_mode; +} + void ofproto_get_listeners(const struct ofproto *ofproto, struct svec *listeners) { diff --git a/ofproto/ofproto.h b/ofproto/ofproto.h index 56c54f5f..507c5656 100644 --- a/ofproto/ofproto.h +++ b/ofproto/ofproto.h @@ -121,6 +121,7 @@ int ofproto_set_stp(struct ofproto *, bool enable_stp); /* Configuration querying. */ uint64_t ofproto_get_datapath_id(const struct ofproto *); bool ofproto_has_controller(const struct ofproto *); +enum ofproto_fail_mode ofproto_get_fail_mode(const struct ofproto *); void ofproto_get_listeners(const struct ofproto *, struct svec *); void ofproto_get_snoops(const struct ofproto *, struct svec *); void ofproto_get_all_flows(struct ofproto *p, struct ds *); diff --git a/vswitchd/bridge.c b/vswitchd/bridge.c index 507c70ce..12bad0bb 100644 --- a/vswitchd/bridge.c +++ b/vswitchd/bridge.c @@ -1497,6 +1497,10 @@ bridge_reconfigure_one(struct bridge *br) || !strcmp(br->cfg->fail_mode, "standalone") ? OFPROTO_FAIL_STANDALONE : OFPROTO_FAIL_SECURE; + if ((ofproto_get_fail_mode(br->ofproto) != fail_mode) + && !ofproto_has_controller(br->ofproto)) { + ofproto_flush_flows(br->ofproto); + } ofproto_set_fail_mode(br->ofproto, fail_mode); /* Delete all flows if we're switching from connected to standalone or vice @@ -1552,14 +1556,19 @@ bridge_reconfigure_remotes(struct bridge *br, /* Clear out controllers. */ ofproto_set_controllers(br->ofproto, NULL, 0); - /* Set up a flow that matches every packet and directs them to - * OFPP_NORMAL (which goes to us). */ - memset(&action, 0, sizeof action); - action.type = htons(OFPAT_OUTPUT); - action.output.len = htons(sizeof action); - action.output.port = htons(OFPP_NORMAL); - memset(&flow, 0, sizeof flow); - ofproto_add_flow(br->ofproto, &flow, OVSFW_ALL, 0, &action, 1, 0); + /* If there are no controllers and the bridge is in standalone + * mode, set up a flow that matches every packet and directs + * them to OFPP_NORMAL (which goes to us). Otherwise, the + * switch is in secure mode and we won't pass any traffic until + * a controller has been defined and it tells us to do so. */ + if (ofproto_get_fail_mode(br->ofproto) == OFPROTO_FAIL_STANDALONE) { + memset(&action, 0, sizeof action); + action.type = htons(OFPAT_OUTPUT); + action.output.len = htons(sizeof action); + action.output.port = htons(OFPP_NORMAL); + memset(&flow, 0, sizeof flow); + ofproto_add_flow(br->ofproto, &flow, OVSFW_ALL, 0, &action, 1, 0); + } } else { struct ofproto_controller *ocs; size_t i; diff --git a/vswitchd/vswitch.xml b/vswitchd/vswitch.xml index f5e010ba..af85477c 100644 --- a/vswitchd/vswitch.xml +++ b/vswitchd/vswitch.xml @@ -151,8 +151,9 @@ standalone behavior.
secure
Open vSwitch will not set up flows on its own when the - controller connection fails. It will continue retry - connecting to the controller forever.
+ controller connection fails or when no controllers are + defined. The bridge will continue to retry connecting to + any defined controllers forever.

If this value is unset, the default is implementation-specific.

-- 2.30.2