-/* Copyright (c) 2008, 2009, 2010, 2011, 2012 Nicira, Inc.
+/* Copyright (c) 2008, 2009, 2010, 2011, 2012, 2013 Nicira, Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
#include <config.h>
#include "bridge.h"
-#include <assert.h>
#include <errno.h>
#include <inttypes.h>
#include <stdlib.h>
#include "meta-flow.h"
#include "netdev.h"
#include "ofp-print.h"
+#include "ofp-util.h"
#include "ofpbuf.h"
#include "ofproto/ofproto.h"
#include "poll-loop.h"
static void bridge_configure_flow_eviction_threshold(struct bridge *);
static void bridge_configure_netflow(struct bridge *);
static void bridge_configure_forward_bpdu(struct bridge *);
-static void bridge_configure_mac_idle_time(struct bridge *);
+static void bridge_configure_mac_table(struct bridge *);
static void bridge_configure_sflow(struct bridge *, int *sflow_bridge_number);
static void bridge_configure_stp(struct bridge *);
static void bridge_configure_tables(struct bridge *);
+static void bridge_configure_dp_desc(struct bridge *);
static void bridge_configure_remotes(struct bridge *,
const struct sockaddr_in *managers,
size_t n_managers);
static void iface_configure_lacp(struct iface *, struct lacp_slave_settings *);
static bool iface_create(struct bridge *, struct if_cfg *, int ofp_port);
+static bool iface_is_internal(const struct ovsrec_interface *iface,
+ const struct ovsrec_bridge *br);
static const char *iface_get_type(const struct ovsrec_interface *,
const struct ovsrec_bridge *);
static void iface_destroy(struct iface *);
static void iface_refresh_stats(struct iface *);
static void iface_refresh_status(struct iface *);
static bool iface_is_synthetic(const struct iface *);
+static int64_t iface_pick_ofport(const struct ovsrec_interface *);
/* Linux VLAN device support (e.g. "eth0.10" for VLAN 10.)
*
iface_hint = xmalloc(sizeof *iface_hint);
iface_hint->br_name = br_cfg->name;
iface_hint->br_type = br_cfg->datapath_type;
- iface_hint->ofp_port = if_cfg->n_ofport_request ?
- *if_cfg->ofport_request : OFPP_NONE;
+ iface_hint->ofp_port = iface_pick_ofport(if_cfg);
shash_add(&iface_hints, if_cfg->name, iface_hint);
}
COVERAGE_INC(bridge_reconfigure);
- assert(!reconfiguring);
+ ovs_assert(!reconfiguring);
reconfiguring = true;
/* Destroy "struct bridge"s, "struct port"s, and "struct iface"s according
struct bridge *br;
bool done;
- assert(reconfiguring);
+ ovs_assert(reconfiguring);
done = bridge_reconfigure_ofp();
/* Complete the configuration. */
bridge_configure_mirrors(br);
bridge_configure_flow_eviction_threshold(br);
bridge_configure_forward_bpdu(br);
- bridge_configure_mac_idle_time(br);
+ bridge_configure_mac_table(br);
bridge_configure_remotes(br, managers, n_managers);
bridge_configure_netflow(br);
bridge_configure_sflow(br, &sflow_bridge_number);
bridge_configure_stp(br);
bridge_configure_tables(br);
+ bridge_configure_dp_desc(br);
}
free(managers);
daemonize_complete();
reconfiguring = false;
- VLOG_INFO("%s (Open vSwitch) %s", program_name, VERSION);
+ VLOG_INFO_ONCE("%s (Open vSwitch) %s", program_name, VERSION);
}
return done;
free(dpid_string);
}
+/* Returns a bitmap of "enum ofputil_protocol"s that are allowed for use with
+ * 'br'. */
+static uint32_t
+bridge_get_allowed_versions(struct bridge *br)
+{
+ if (!br->cfg->n_protocols)
+ return 0;
+
+ return ofputil_versions_from_strings(br->cfg->protocols,
+ br->cfg->n_protocols);
+}
+
/* Set NetFlow configuration on 'br'. */
static void
bridge_configure_netflow(struct bridge *br)
{
struct bridge *br = iface->port->bridge;
- assert(iface->ofp_port < 0 && ofp_port >= 0);
+ ovs_assert(iface->ofp_port < 0 && ofp_port >= 0);
iface->ofp_port = ofp_port;
hmap_insert(&br->ifaces, &iface->ofp_port_node, hash_int(ofp_port, 0));
iface_set_ofport(iface->cfg, ofp_port);
* configured as the user requested, so we must destroy it. */
return false;
} else {
- /* It's the right type and configured correctly. keep it. */
+ /* It's the right type and configured correctly. Keep it. */
iface_set_ofp_port(iface, ofp_port);
return true;
}
br->name, iface_cfg->name, *ofp_portp);
}
- if (port_cfg->vlan_mode && !strcmp(port_cfg->vlan_mode, "splinter")) {
+ if ((port_cfg->vlan_mode && !strcmp(port_cfg->vlan_mode, "splinter"))
+ || iface_is_internal(iface_cfg, br->cfg)) {
netdev_turn_flags_on(netdev, NETDEV_UP, true);
}
* internal datastructures may not be consistent. Eventually, when port
* additions and deletions are cheaper, these calls should be removed. */
bridge_run_fast();
- assert(!iface_lookup(br, iface_cfg->name));
+ ovs_assert(!iface_lookup(br, iface_cfg->name));
error = iface_do_create(br, if_cfg, &ofp_port, &netdev);
bridge_run_fast();
if (error) {
+ iface_set_ofport(iface_cfg, -1);
iface_clear_db_record(iface_cfg);
ok = false;
goto done;
false));
}
-/* Set MAC aging time for 'br'. */
+/* Set MAC learning table configuration for 'br'. */
static void
-bridge_configure_mac_idle_time(struct bridge *br)
+bridge_configure_mac_table(struct bridge *br)
{
const char *idle_time_str;
int idle_time;
+ const char *mac_table_size_str;
+ int mac_table_size;
+
idle_time_str = smap_get(&br->cfg->other_config, "mac-aging-time");
idle_time = (idle_time_str && atoi(idle_time_str)
? atoi(idle_time_str)
: MAC_ENTRY_DEFAULT_IDLE_TIME);
- ofproto_set_mac_idle_time(br->ofproto, idle_time);
+
+ mac_table_size_str = smap_get(&br->cfg->other_config, "mac-table-size");
+ mac_table_size = (mac_table_size_str && atoi(mac_table_size_str)
+ ? atoi(mac_table_size_str)
+ : MAC_DEFAULT_MAX);
+
+ ofproto_set_mac_table_config(br->ofproto, idle_time, mac_table_size);
}
static void
found_addr = true;
}
}
- if (found_addr) {
- VLOG_DBG("bridge %s: using bridge Ethernet address "ETH_ADDR_FMT,
- br->name, ETH_ADDR_ARGS(ea));
- } else {
- static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 10);
+
+ if (!found_addr) {
memcpy(ea, br->default_ea, ETH_ADDR_LEN);
*hw_addr_iface = NULL;
- VLOG_WARN_RL(&rl, "bridge %s: using default bridge Ethernet "
- "address "ETH_ADDR_FMT, br->name, ETH_ADDR_ARGS(ea));
}
hmapx_destroy(&mirror_output_ports);
smap_init(&smap);
- if (!netdev_get_drv_info(iface->netdev, &smap)) {
+ if (!netdev_get_status(iface->netdev, &smap)) {
ovsrec_interface_set_status(iface->cfg, &smap);
} else {
ovsrec_interface_set_status(iface->cfg, NULL);
#define IFACE_STAT(MEMBER, NAME) values[i++] = stats.MEMBER;
IFACE_STATS;
#undef IFACE_STAT
- assert(i == ARRAY_SIZE(keys));
+ ovs_assert(i == ARRAY_SIZE(keys));
ovsrec_interface_set_statistics(iface->cfg, keys, values,
ARRAY_SIZE(keys));
void
bridge_run(void)
{
- static const struct ovsrec_open_vswitch null_cfg;
+ static struct ovsrec_open_vswitch null_cfg;
const struct ovsrec_open_vswitch *cfg;
struct ovsdb_idl_txn *reconf_txn = NULL;
struct sset types;
bool vlan_splinters_changed;
struct bridge *br;
- ovsrec_open_vswitch_init((struct ovsrec_open_vswitch *) &null_cfg);
+ ovsrec_open_vswitch_init(&null_cfg);
/* (Re)configure if necessary. */
if (!reconfiguring) {
{
struct bridge *br;
- assert(!bridge_lookup(br_cfg->name));
+ ovs_assert(!bridge_lookup(br_cfg->name));
br = xzalloc(sizeof *br);
br->name = xstrdup(br_cfg->name);
if_cfg->cfg = cfg;
if_cfg->parent = parent;
- if_cfg->ofport = cfg->n_ofport_request ? *cfg->ofport_request : OFPP_NONE;
+ if_cfg->ofport = iface_pick_ofport(cfg);
hmap_insert(&br->if_cfg_todo, &if_cfg->hmap_node,
hash_string(if_cfg->cfg->name, 0));
}
struct shash new_ports;
size_t i;
- assert(hmap_is_empty(&br->if_cfg_todo));
+ ovs_assert(hmap_is_empty(&br->if_cfg_todo));
/* Collect new ports. */
shash_init(&new_ports);
}
if (!netdev_set_in4(netdev, ip, mask)) {
VLOG_INFO("bridge %s: configured IP address "IP_FMT", netmask "IP_FMT,
- br->name, IP_ARGS(&ip.s_addr), IP_ARGS(&mask.s_addr));
+ br->name, IP_ARGS(ip.s_addr), IP_ARGS(mask.s_addr));
}
/* Configure the default gateway. */
&& gateway.s_addr) {
if (!netdev_add_router(netdev, gateway)) {
VLOG_INFO("bridge %s: configured gateway "IP_FMT,
- br->name, IP_ARGS(&gateway.s_addr));
+ br->name, IP_ARGS(gateway.s_addr));
}
}
}
/* Returns true if 'a' and 'b' are the same except that any number of slashes
* in either string are treated as equal to any number of slashes in the other,
- * e.g. "x///y" is equal to "x/y". */
+ * e.g. "x///y" is equal to "x/y".
+ *
+ * Also, if 'b_stoplen' bytes from 'b' are found to be equal to corresponding
+ * bytes from 'a', the function considers this success. Specify 'b_stoplen' as
+ * SIZE_MAX to compare all of 'a' to all of 'b' rather than just a prefix of
+ * 'b' against a prefix of 'a'.
+ */
static bool
-equal_pathnames(const char *a, const char *b)
+equal_pathnames(const char *a, const char *b, size_t b_stoplen)
{
- while (*a == *b) {
+ const char *b_start = b;
+ while (b - b_start < b_stoplen && *a == *b) {
if (*a == '/') {
a += strspn(a, "/");
b += strspn(b, "/");
static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
char *whitelist;
- whitelist = xasprintf("unix:%s/%s.controller",
+ if (!strncmp(c->target, "unix:", 5)) {
+ /* Connect to a listening socket */
+ whitelist = xasprintf("unix:%s/", ovs_rundir());
+ if (!equal_pathnames(c->target, whitelist,
+ strlen(whitelist))) {
+ VLOG_ERR_RL(&rl, "bridge %s: Not connecting to socket "
+ "controller \"%s\" due to possibility for "
+ "remote exploit. Instead, specify socket "
+ "in whitelisted \"%s\" or connect to "
+ "\"unix:%s/%s.mgmt\" (which is always "
+ "available without special configuration).",
+ br->name, c->target, whitelist,
ovs_rundir(), br->name);
- if (!equal_pathnames(c->target, whitelist)) {
- /* Prevent remote ovsdb-server users from accessing arbitrary
- * Unix domain sockets and overwriting arbitrary local
- * files. */
- VLOG_ERR_RL(&rl, "bridge %s: Not adding Unix domain socket "
- "controller \"%s\" due to possibility for remote "
- "exploit. Instead, specify whitelisted \"%s\" or "
- "connect to \"unix:%s/%s.mgmt\" (which is always "
- "available without special configuration).",
- br->name, c->target, whitelist,
- ovs_rundir(), br->name);
- free(whitelist);
- continue;
+ free(whitelist);
+ continue;
+ }
+ } else {
+ whitelist = xasprintf("punix:%s/%s.controller",
+ ovs_rundir(), br->name);
+ if (!equal_pathnames(c->target, whitelist, SIZE_MAX)) {
+ /* Prevent remote ovsdb-server users from accessing
+ * arbitrary Unix domain sockets and overwriting arbitrary
+ * local files. */
+ VLOG_ERR_RL(&rl, "bridge %s: Not adding Unix domain socket "
+ "controller \"%s\" due to possibility of "
+ "overwriting local files. Instead, specify "
+ "whitelisted \"%s\" or connect to "
+ "\"unix:%s/%s.mgmt\" (which is always "
+ "available without special configuration).",
+ br->name, c->target, whitelist,
+ ovs_rundir(), br->name);
+ free(whitelist);
+ continue;
+ }
}
free(whitelist);
n_ocs++;
}
- ofproto_set_controllers(br->ofproto, ocs, n_ocs);
+ ofproto_set_controllers(br->ofproto, ocs, n_ocs,
+ bridge_get_allowed_versions(br));
free(ocs[0].target); /* From bridge_ofproto_controller_for_mgmt(). */
free(ocs);
br->cfg->key_flow_tables[j]);
}
}
+
+static void
+bridge_configure_dp_desc(struct bridge *br)
+{
+ ofproto_set_dp_desc(br->ofproto,
+ smap_get(&br->cfg->other_config, "dp-desc"));
+}
\f
/* Port functions. */
\f
/* Interface functions. */
+static bool
+iface_is_internal(const struct ovsrec_interface *iface,
+ const struct ovsrec_bridge *br)
+{
+ /* The local port and "internal" ports are always "internal". */
+ return !strcmp(iface->type, "internal") || !strcmp(iface->name, br->name);
+}
+
/* Returns the correct network device type for interface 'iface' in bridge
* 'br'. */
static const char *
iface_get_type(const struct ovsrec_interface *iface,
const struct ovsrec_bridge *br)
{
- /* The local port always has type "internal" unless the bridge is of
- * type "dummy". Other ports take their type from the database and
- * default to "system" if none is specified. */
- if (!strcmp(iface->name, br->name)) {
- return !strcmp(br->datapath_type, "dummy") ? "dummy" : "internal";
+ const char *type;
+
+ /* The local port always has type "internal". Other ports take
+ * their type from the database and default to "system" if none is
+ * specified. */
+ if (iface_is_internal(iface, br)) {
+ type = "internal";
} else {
- return iface->type[0] ? iface->type : "system";
+ type = iface->type[0] ? iface->type : "system";
}
+
+ return ofproto_port_open_type(br->datapath_type, type);
}
static void
iface_clear_db_record(const struct ovsrec_interface *if_cfg)
{
if (!ovsdb_idl_row_is_synthetic(&if_cfg->header_)) {
- iface_set_ofport(if_cfg, -1);
ovsrec_interface_set_status(if_cfg, NULL);
ovsrec_interface_set_admin_state(if_cfg, NULL);
ovsrec_interface_set_duplex(if_cfg, NULL);
return ovsdb_idl_row_is_synthetic(&iface->cfg->header_);
}
+static int64_t
+iface_pick_ofport(const struct ovsrec_interface *cfg)
+{
+ int64_t ofport = cfg->n_ofport ? *cfg->ofport : OFPP_NONE;
+ return cfg->n_ofport_request ? *cfg->ofport_request : ofport;
+}
+
\f
/* Port mirroring. */
git://git.onelab.eu / sliver-openvswitch.git / blobdiff