if test X"$MLOCKALL" != Xno; then
set "$@" --mlockall
fi
- start_daemon "$VSWITCHD_PRIORITY" "$@"
+ start_daemon "$OVS_VSWITCHD_PRIORITY" "$@"
fi
}
chmod +x "$script"
for dp in `ovs-dpctl dump-dps`; do
- action "Removing datapath: $dp" "$dpctl" del-dp "$dp"
+ action "Removing datapath: $dp" ovs-dpctl del-dp "$dp"
done
if test -e /sys/module/openvswitch_mod; then
$log -f "$script"
}
+## --------------- ##
+## enable-protocol ##
+## --------------- ##
+
+enable_protocol () {
+ # Translate the protocol name to a number, because "iptables -n -L" prints
+ # some protocols by name (despite the -n) and therefore we need to look for
+ # both forms.
+ #
+ # (iptables -S output is more uniform but old iptables doesn't have it.)
+ protonum=`grep "^$PROTOCOL[ ]" /etc/protocols | awk '{print $2}'`
+ if expr X"$protonum" : X'[0-9]\{1,\}$' > /dev/null; then :; else
+ log_failure_msg "unknown protocol $PROTOCOL"
+ return 1
+ fi
+
+ name=$PROTOCOL
+ match="(\$2 == \"$PROTOCOL\" || \$2 == $protonum)"
+ insert="iptables -I INPUT -p $PROTOCOL"
+ if test X"$DPORT" != X; then
+ name="$name to port $DPORT"
+ match="$match && /dpt:$DPORT/"
+ insert="$insert --dport $DPORT"
+ fi
+ if test X"$SPORT" != X; then
+ name="$name from port $SPORT"
+ match="$match && /spt:$SPORT/"
+ insert="$insert --sport $SPORT"
+ fi
+ insert="$insert -j ACCEPT"
+
+ if (iptables -n -L INPUT) >/dev/null 2>&1; then
+ if iptables -n -L INPUT | awk "$match { n++ } END { exit n == 0 }"
+ then
+ # There's already a rule for this protocol. Don't override it.
+ log_success_msg "iptables already has a rule for $name, not explicitly enabling"
+ else
+ action "Enabling $name with iptables" $insert
+ fi
+ elif (iptables --version) >/dev/null 2>&1; then
+ action "cannot list iptables rules, not adding a rule for $name"
+ else
+ action "iptables binary not installed, not adding a rule for $name"
+ fi
+}
+
## ---- ##
## main ##
## ---- ##
DB_SOCK=$rundir/db.sock
DB_SCHEMA=$datadir/vswitch.ovsschema
+ PROTOCOL=gre
+ DPORT=
+ SPORT=
+
if (lsb_release --id) >/dev/null 2>&1; then
SYSTEM_TYPE=`lsb_release --id -s`
system_release=`lsb_release --release -s`
version print versions of Open vSwitch daemons
force-reload-kmod save OVS network device state, stop OVS, unload kernel
module, reload kernel module, start OVS, restore state
+ enable-protocol enable protocol specified in options with iptables
help display this help message
One of the following options should be specified when starting Open vSwitch:
--db-sock=SOCKET JSON-RPC socket name (default: $DB_SOCK)
--db-schema=FILE database schema file name (default: $DB_SCHEMA)
+Options for enable-protocol:
+ --protocol=PROTOCOL protocol to enable with iptables (default: gre)
+ --sport=PORT source port to match (for tcp or udp protocol)
+ --dport=PORT ddestination port to match (for tcp or udp protocol)
+
Other options:
-h, --help display this help message
-V, --version display version information
force-reload-kmod)
force_reload_kmod
;;
+ enable-protocol)
+ enable_protocol
+ ;;
help)
usage
;;
git://git.onelab.eu / sliver-openvswitch.git / blobdiff