.TP
\fBpssl:\fR[\fIport\fR]
Listens for SSL connections from remote OpenFlow switches on
-\fIport\fR (default: 976). The \fB--private-key\fR,
+\fIport\fR (default: 6633). The \fB--private-key\fR,
\fB--certificate\fR, and \fB--ca-cert\fR options are mandatory when
this form is used.
.TP
\fBptcp:\fR[\fIport\fR]
Listens for TCP connections from remote OpenFlow switches on
-\fIport\fR (default: 975).
+\fIport\fR (default: 6633).
.TP
\fBpunix:\fIfile\fR
.TP
\fBssl:\fIhost\fR[\fB:\fIport\fR]
-The specified SSL \fIport\fR (default: 976) on the given remote
+The specified SSL \fIport\fR (default: 6633) on the given remote
\fIhost\fR. The \fB--private-key\fR, \fB--certificate\fR, and
\fB--ca-cert\fR options are mandatory when this form is used.
.TP
\fBtcp:\fIhost\fR[\fB:\fIport\fR]
-The specified TCP \fIport\fR (default: 975) on the given remote
+The specified TCP \fIport\fR (default: 6633) on the given remote
\fIhost\fR.
.TP
private key to identify a trustworthy switch.
.TP
-\fB-C\fR, \fB--ca-cert=\fIcacert.pem\fR
+\fB-C\fR, \fB--ca-cert=\fIswitch-cacert.pem\fR
Specifies a PEM file containing the CA certificate used to verify that
the switch is connected to a trustworthy controller.
+.TP
+\fB--peer-ca-cert=\fIcontroller-cacert.pem\fR
+Specifies a PEM file that contains one or more additional certificates
+to send to switches. \fIcontroller-cacert.pem\fR should be the CA
+certificate used to sign the controller's own certificate (the
+certificate specified on \fB-c\fR or \fB--certificate\fR).
+
+This option is not useful in normal operation, because the switch must
+already have the controller CA certificate for it to have any
+confidence in the controller's identity. However, this option allows
+a newly installed switch to obtain the controller CA certificate on
+first boot using, e.g., the \fB--bootstrap-ca-cert\fR option to
+\fBsecchan\fR(8).
+
.TP
.BR \-n ", " \-\^\-noflow
By default, the controller sets up a flow in each OpenFlow switch
Causes a file (by default, \fBcontroller.pid\fR) to be created indicating
the PID of the running process. If \fIpidfile\fR is not specified, or
if it does not begin with \fB/\fR, then it is created in
-\fB@rundir@\fR.
+\fB@RUNDIR@\fR.
.TP
\fB-f\fR, \fB--force\fR
.BR \-h ", " \-\^\-help
Prints a brief help message to the console.
-.TP
-\fB-v\fImodule\fR[\fB:\fIfacility\fR[\fB:\fIlevel\fR]], \fB--verbose=\fImodule\fR[\fB:\fIfacility\fR[\fB:\fIlevel\fR]]
-Sets the logging level for \fImodule\fR in \fIfacility\fR to
-\fIlevel\fR. The \fImodule\fR may be any valid module name (as
-displayed by the \fB--list\fR action on \fBvlogconf\fR(8)), or the
-special name \fBANY\fR to set the logging levels for all modules. The
-\fIfacility\fR may be \fBsyslog\fR or \fBconsole\fR to set the levels
-for logging to the system log or to the console, respectively, or
-\fBANY\fR to set the logging levels for both facilities. If it is
-omitted, \fIfacility\fR defaults to \fBANY\fR. The \fIlevel\fR must
-be one of \fBemer\fR, \fBerr\fR, \fBwarn\fR, or \fBdbg\fR, designating
-the minimum severity of a message for it to be logged. If it is
-omitted, \fIlevel\fR defaults to \fBdbg\fR.
-
-.TP
-\fB-v\fR, \fB--verbose\fR
-Sets the maximum logging verbosity level, equivalent to
-\fB--verbose=ANY:ANY:dbg\fR.
+@VLOG_OPTIONS@
.TP
.BR \-V ", " \-\^\-version
.B % controller nl:0
.TP
-To bind locally to port 975 (the default) and wait for incoming connections from OpenFlow switches:
+To bind locally to port 6633 (the default) and wait for incoming connections from OpenFlow switches:
.B % controller ptcp:
.SH "SEE ALSO"
.BR dpctl (8),
-.BR switch (8),
.BR secchan (8),
+.BR udatapath (8),
.BR vlogconf (8)
git://git.onelab.eu / sliver-openvswitch.git / blobdiff