+ restore_flows
+
+ restore_interfaces
+
+ "$datadir/scripts/ovs-check-dead-ifs"
+}
+
+## ------- ##
+## restart ##
+## ------- ##
+
+save_interfaces_if_required () {
+ # Save interfaces if we are upgrading from a pre-1.10 branch.
+ case `ovs-appctl version | sed 1q` in
+ "ovs-vswitchd (Open vSwitch) 1."[0-9].*)
+ ifaces=`internal_interfaces`
+ action "Detected internal interfaces: $ifaces" true
+ if action "Saving interface configuration" save_interfaces; then
+ chmod +x "$script_interfaces"
+ fi
+ ;;
+ esac
+}
+
+restart () {
+ if daemon_is_running ovsdb-server && daemon_is_running ovs-vswitchd; then
+ init_restore_scripts
+ save_interfaces_if_required
+ action "Saving flows" ovs_save save-flows "${script_flows}"
+ save_ofports_if_required
+ fi
+
+ # Restart the database first, since a large database may take a
+ # while to load, and we want to minimize forwarding disruption.
+ stop_ovsdb
+ start_ovsdb
+
+ # Restore of ofports, if required, should happen before vswitchd is
+ # restarted.
+ restore_ofports
+
+ stop_forwarding
+ start_forwarding
+
+ # Restore the saved flows.
+ restore_flows
+
+ # Restore the interfaces if required. Return true even if restore fails.
+ restore_interfaces || true
+}
+
+## --------------- ##
+## enable-protocol ##
+## --------------- ##
+
+enable_protocol () {
+ # Translate the protocol name to a number, because "iptables -n -L" prints
+ # some protocols by name (despite the -n) and therefore we need to look for
+ # both forms.
+ #
+ # (iptables -S output is more uniform but old iptables doesn't have it.)
+ protonum=`grep "^$PROTOCOL[ ]" /etc/protocols | awk '{print $2}'`
+ if expr X"$protonum" : X'[0-9]\{1,\}$' > /dev/null; then :; else
+ log_failure_msg "unknown protocol $PROTOCOL"
+ return 1
+ fi
+
+ name=$PROTOCOL
+ match="(\$2 == \"$PROTOCOL\" || \$2 == $protonum)"
+ insert="iptables -I INPUT -p $PROTOCOL"
+ if test X"$DPORT" != X; then
+ name="$name to port $DPORT"
+ match="$match && /dpt:$DPORT/"
+ insert="$insert --dport $DPORT"
+ fi
+ if test X"$SPORT" != X; then
+ name="$name from port $SPORT"
+ match="$match && /spt:$SPORT/"
+ insert="$insert --sport $SPORT"
+ fi
+ insert="$insert -j ACCEPT"
+
+ if (iptables -n -L INPUT) >/dev/null 2>&1; then
+ if iptables -n -L INPUT | awk "$match { n++ } END { exit n == 0 }"
+ then
+ # There's already a rule for this protocol. Don't override it.
+ log_success_msg "iptables already has a rule for $name, not explicitly enabling"
+ else
+ action "Enabling $name with iptables" $insert
+ fi
+ elif (iptables --version) >/dev/null 2>&1; then
+ action "cannot list iptables rules, not adding a rule for $name"