done
}
+save_interfaces () {
+ "$datadir/scripts/ovs-save" $ifaces > "$script"
+}
+
force_reload_kmod () {
ifaces=`internal_interfaces`
action "Detected internal interfaces: $ifaces" true
stop
script=`mktemp`
- action "Save interface configuration to $script" true
- if "$datadir/scripts/ovs-save" $ifaces > "$script"; then
+ trap 'rm -f "$script"' 0 1 2 13 15
+ if action "Saving interface configuration" save_interfaces; then
:
else
log_warning_msg "Failed to save configuration, not replacing kernel module"
chmod +x "$script"
for dp in `ovs-dpctl dump-dps`; do
- action "Removing datapath: $dp" "$dpctl" del-dp "$dp"
+ action "Removing datapath: $dp" ovs-dpctl del-dp "$dp"
done
if test -e /sys/module/openvswitch_mod; then
start
- action "Restore interface configuration from $script" "$script"
+ action "Restoring interface configuration" "$script"
+ rc=$?
+ if test $rc = 0; then
+ level=debug
+ else
+ level=err
+ fi
+ log="logger -p daemon.$level -t ovs-save"
+ $log "force-reload-kmod interface restore script exited with status $rc:"
+ $log -f "$script"
+}
+
+## --------------- ##
+## enable-protocol ##
+## --------------- ##
+
+enable_protocol () {
+ # Translate the protocol name to a number, because "iptables -n -L" prints
+ # some protocols by name (despite the -n) and therefore we need to look for
+ # both forms.
+ #
+ # (iptables -S output is more uniform but old iptables doesn't have it.)
+ protonum=`grep "^$PROTOCOL[ ]" /etc/protocols | awk '{print $2}'`
+ if expr X"$protonum" : X'[0-9]\{1,\}$' > /dev/null; then :; else
+ log_failure_msg "unknown protocol $PROTOCOL"
+ return 1
+ fi
+
+ name=$PROTOCOL
+ match="(\$2 == \"$PROTOCOL\" || \$2 == $protonum)"
+ insert="iptables -I INPUT -p $PROTOCOL"
+ if test X"$DPORT" != X; then
+ name="$name to port $DPORT"
+ match="$match && /dpt:$DPORT/"
+ insert="$insert --dport $DPORT"
+ fi
+ if test X"$SPORT" != X; then
+ name="$name from port $SPORT"
+ match="$match && /spt:$SPORT/"
+ insert="$insert --sport $SPORT"
+ fi
+ insert="$insert -j ACCEPT"
+
+ if (iptables -n -L INPUT) >/dev/null 2>&1; then
+ if iptables -n -L INPUT | awk "$match { n++ } END { exit n == 0 }"
+ then
+ # There's already a rule for this protocol. Don't override it.
+ log_success_msg "iptables already has a rule for $name, not explicitly enabling"
+ else
+ action "Enabling $name with iptables" $insert
+ fi
+ elif (iptables --version) >/dev/null 2>&1; then
+ action "cannot list iptables rules, not adding a rule for $name"
+ else
+ action "iptables binary not installed, not adding a rule for $name"
+ fi
}
## ---- ##
DB_SOCK=$rundir/db.sock
DB_SCHEMA=$datadir/vswitch.ovsschema
+ PROTOCOL=gre
+ DPORT=
+ SPORT=
+
if (lsb_release --id) >/dev/null 2>&1; then
SYSTEM_TYPE=`lsb_release --id -s`
system_release=`lsb_release --release -s`
version print versions of Open vSwitch daemons
force-reload-kmod save OVS network device state, stop OVS, unload kernel
module, reload kernel module, start OVS, restore state
+ enable-protocol enable protocol specified in options with iptables
help display this help message
One of the following options should be specified when starting Open vSwitch:
--db-sock=SOCKET JSON-RPC socket name (default: $DB_SOCK)
--db-schema=FILE database schema file name (default: $DB_SCHEMA)
+Options for enable-protocol:
+ --protocol=PROTOCOL protocol to enable with iptables (default: gre)
+ --sport=PORT source port to match (for tcp or udp protocol)
+ --dport=PORT ddestination port to match (for tcp or udp protocol)
+
Other options:
-h, --help display this help message
-V, --version display version information
force-reload-kmod)
force_reload_kmod
;;
+ enable-protocol)
+ enable_protocol
+ ;;
help)
usage
;;
git://git.onelab.eu / sliver-openvswitch.git / blobdiff