-/* Copyright (c) 2008, 2009, 2010, 2011, 2012 Nicira, Inc.
+/* Copyright (c) 2008, 2009, 2010, 2011, 2012, 2013 Nicira, Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
static void bridge_configure_flow_eviction_threshold(struct bridge *);
static void bridge_configure_netflow(struct bridge *);
static void bridge_configure_forward_bpdu(struct bridge *);
-static void bridge_configure_mac_idle_time(struct bridge *);
+static void bridge_configure_mac_table(struct bridge *);
static void bridge_configure_sflow(struct bridge *, int *sflow_bridge_number);
static void bridge_configure_stp(struct bridge *);
static void bridge_configure_tables(struct bridge *);
+static void bridge_configure_dp_desc(struct bridge *);
static void bridge_configure_remotes(struct bridge *,
const struct sockaddr_in *managers,
size_t n_managers);
bridge_configure_mirrors(br);
bridge_configure_flow_eviction_threshold(br);
bridge_configure_forward_bpdu(br);
- bridge_configure_mac_idle_time(br);
+ bridge_configure_mac_table(br);
bridge_configure_remotes(br, managers, n_managers);
bridge_configure_netflow(br);
bridge_configure_sflow(br, &sflow_bridge_number);
bridge_configure_stp(br);
bridge_configure_tables(br);
+ bridge_configure_dp_desc(br);
}
free(managers);
daemonize_complete();
reconfiguring = false;
- VLOG_INFO("%s (Open vSwitch) %s", program_name, VERSION);
+ VLOG_INFO_ONCE("%s (Open vSwitch) %s", program_name, VERSION);
}
return done;
false));
}
-/* Set MAC aging time for 'br'. */
+/* Set MAC learning table configuration for 'br'. */
static void
-bridge_configure_mac_idle_time(struct bridge *br)
+bridge_configure_mac_table(struct bridge *br)
{
const char *idle_time_str;
int idle_time;
+ const char *mac_table_size_str;
+ int mac_table_size;
+
idle_time_str = smap_get(&br->cfg->other_config, "mac-aging-time");
idle_time = (idle_time_str && atoi(idle_time_str)
? atoi(idle_time_str)
: MAC_ENTRY_DEFAULT_IDLE_TIME);
- ofproto_set_mac_idle_time(br->ofproto, idle_time);
+
+ mac_table_size_str = smap_get(&br->cfg->other_config, "mac-table-size");
+ mac_table_size = (mac_table_size_str && atoi(mac_table_size_str)
+ ? atoi(mac_table_size_str)
+ : MAC_DEFAULT_MAX);
+
+ ofproto_set_mac_table_config(br->ofproto, idle_time, mac_table_size);
}
static void
found_addr = true;
}
}
- if (found_addr) {
- VLOG_DBG("bridge %s: using bridge Ethernet address "ETH_ADDR_FMT,
- br->name, ETH_ADDR_ARGS(ea));
- } else {
- static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 10);
+
+ if (!found_addr) {
memcpy(ea, br->default_ea, ETH_ADDR_LEN);
*hw_addr_iface = NULL;
- VLOG_WARN_RL(&rl, "bridge %s: using default bridge Ethernet "
- "address "ETH_ADDR_FMT, br->name, ETH_ADDR_ARGS(ea));
}
hmapx_destroy(&mirror_output_ports);
smap_init(&smap);
- if (!netdev_get_drv_info(iface->netdev, &smap)) {
+ if (!netdev_get_status(iface->netdev, &smap)) {
ovsrec_interface_set_status(iface->cfg, &smap);
} else {
ovsrec_interface_set_status(iface->cfg, NULL);
void
bridge_run(void)
{
- static const struct ovsrec_open_vswitch null_cfg;
+ static struct ovsrec_open_vswitch null_cfg;
const struct ovsrec_open_vswitch *cfg;
struct ovsdb_idl_txn *reconf_txn = NULL;
struct sset types;
bool vlan_splinters_changed;
struct bridge *br;
- ovsrec_open_vswitch_init((struct ovsrec_open_vswitch *) &null_cfg);
+ ovsrec_open_vswitch_init(&null_cfg);
/* (Re)configure if necessary. */
if (!reconfiguring) {
}
if (!netdev_set_in4(netdev, ip, mask)) {
VLOG_INFO("bridge %s: configured IP address "IP_FMT", netmask "IP_FMT,
- br->name, IP_ARGS(&ip.s_addr), IP_ARGS(&mask.s_addr));
+ br->name, IP_ARGS(ip.s_addr), IP_ARGS(mask.s_addr));
}
/* Configure the default gateway. */
&& gateway.s_addr) {
if (!netdev_add_router(netdev, gateway)) {
VLOG_INFO("bridge %s: configured gateway "IP_FMT,
- br->name, IP_ARGS(&gateway.s_addr));
+ br->name, IP_ARGS(gateway.s_addr));
}
}
}
/* Returns true if 'a' and 'b' are the same except that any number of slashes
* in either string are treated as equal to any number of slashes in the other,
- * e.g. "x///y" is equal to "x/y". */
+ * e.g. "x///y" is equal to "x/y".
+ *
+ * Also, if 'b_stoplen' bytes from 'b' are found to be equal to corresponding
+ * bytes from 'a', the function considers this success. Specify 'b_stoplen' as
+ * SIZE_MAX to compare all of 'a' to all of 'b' rather than just a prefix of
+ * 'b' against a prefix of 'a'.
+ */
static bool
-equal_pathnames(const char *a, const char *b)
+equal_pathnames(const char *a, const char *b, size_t b_stoplen)
{
- while (*a == *b) {
+ const char *b_start = b;
+ while (b - b_start < b_stoplen && *a == *b) {
if (*a == '/') {
a += strspn(a, "/");
b += strspn(b, "/");
static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
char *whitelist;
- whitelist = xasprintf("unix:%s/%s.controller",
+ if (!strncmp(c->target, "unix:", 5)) {
+ /* Connect to a listening socket */
+ whitelist = xasprintf("unix:%s/", ovs_rundir());
+ if (!equal_pathnames(c->target, whitelist,
+ strlen(whitelist))) {
+ VLOG_ERR_RL(&rl, "bridge %s: Not connecting to socket "
+ "controller \"%s\" due to possibility for "
+ "remote exploit. Instead, specify socket "
+ "in whitelisted \"%s\" or connect to "
+ "\"unix:%s/%s.mgmt\" (which is always "
+ "available without special configuration).",
+ br->name, c->target, whitelist,
ovs_rundir(), br->name);
- if (!equal_pathnames(c->target, whitelist)) {
- /* Prevent remote ovsdb-server users from accessing arbitrary
- * Unix domain sockets and overwriting arbitrary local
- * files. */
- VLOG_ERR_RL(&rl, "bridge %s: Not adding Unix domain socket "
- "controller \"%s\" due to possibility for remote "
- "exploit. Instead, specify whitelisted \"%s\" or "
- "connect to \"unix:%s/%s.mgmt\" (which is always "
- "available without special configuration).",
- br->name, c->target, whitelist,
- ovs_rundir(), br->name);
- free(whitelist);
- continue;
+ free(whitelist);
+ continue;
+ }
+ } else {
+ whitelist = xasprintf("punix:%s/%s.controller",
+ ovs_rundir(), br->name);
+ if (!equal_pathnames(c->target, whitelist, SIZE_MAX)) {
+ /* Prevent remote ovsdb-server users from accessing
+ * arbitrary Unix domain sockets and overwriting arbitrary
+ * local files. */
+ VLOG_ERR_RL(&rl, "bridge %s: Not adding Unix domain socket "
+ "controller \"%s\" due to possibility of "
+ "overwriting local files. Instead, specify "
+ "whitelisted \"%s\" or connect to "
+ "\"unix:%s/%s.mgmt\" (which is always "
+ "available without special configuration).",
+ br->name, c->target, whitelist,
+ ovs_rundir(), br->name);
+ free(whitelist);
+ continue;
+ }
}
free(whitelist);
br->cfg->key_flow_tables[j]);
}
}
+
+static void
+bridge_configure_dp_desc(struct bridge *br)
+{
+ ofproto_set_dp_desc(br->ofproto,
+ smap_get(&br->cfg->other_config, "dp-desc"));
+}
\f
/* Port functions. */