These names are more meaningful, so we prefer them.
-e 's,[@]PERL[@],$(PERL),g' > $@
include lib/automake.mk
-include secchan/automake.mk
+include ofproto/automake.mk
include utilities/automake.mk
include tests/automake.mk
include include/automake.mk
to be installed on a Citrix XenServer host as a drop-in
replacement for its switch, with additional functionality.
- * vlog-appctl, a utility that can control Open vSwitch daemons,
+ * ovs-appctl, a utility that can control Open vSwitch daemons,
adjusting their logging levels among other uses.
Open vSwitch also provides an OpenFlow implementation and tools for
those interested in OpenFlow but not additional Open vSwitch features:
- * secchan, a program that implements a simple OpenFlow switch
- (without the special features provided by ovs-vswitchd) using
- the same kernel module as ovs-vswitchd.
+ * ovs-openflowd, a program that implements a simple OpenFlow
+ switch (without the special features provided by ovs-vswitchd)
+ using the same kernel module as ovs-vswitchd.
* ovs-controller, a simple OpenFlow controller.
Recommends: openvswitch-switch
Depends: ${shlibs:Depends}, ${misc:Depends}
Description: Monitor utility for Open vSwitch switches
- The ovs-monitor utility included in this package monitors the secure
- channel and datapath. If either become unresponsive, the switch is
- rebooted.
+ The ovs-monitor utility included in this package monitors the
+ ovs-openflowd process and the kernel datapath. If either become
+ unresponsive, it reboots the machine.
Package: openvswitch-wdt
Architecture: any
* To enable OpenFlow switches to automatically discover the location
of the controller, you must install and configure a DHCP server.
- The secchan(8) manpage (found in the openvswitch-switch package) gives
- a working example configuration file for the ISC DHCP server.
+ The ovs-openflowd(8) manpage (found in the openvswitch-switch
+ package) gives a working example configuration file for the ISC DHCP
+ server.
- -- Ben Pfaff <blp@nicira.com>, Mon, 11 May 2009 13:26:38 -0700
+ -- Ben Pfaff <blp@nicira.com>, Wed, 8 Jul 2009 09:39:53 -0700
# it reboots the system. A value of zero disables the monitor.
THRESHOLD=3
-# INTERVAL: The number of seconds to wait between probing secchan and
-# the datapath.
+# INTERVAL: The number of seconds to wait between probing
+# ovs-openflowd and the datapath.
INTERVAL=1
# LOG_FILE: File to log messages related to monitoring.
LOG_FILE="/var/log/openvswitch/monitor"
-# SWITCH_VCONN: The vconn used to connect to the switch (secchan).
-# The secchan must be configured to listen to this vconn. The default
-# here set is also listened to by default by the openvswitch-switch
-# package, so ordinarily there is no need to modify this.
-SWITCH_VCONN="/var/run/secchan.mgmt"
+# SWITCH_VCONN: The vconn used to connect to the switch
+# (ovs-openflowd). The ovs-openflowd must be configured to listen to
+# this vconn. The default here set is also listened to by default by
+# the openvswitch-switch package, so ordinarily there is no need to
+# modify this.
+SWITCH_VCONN="/var/run/ovs-openflowd.mgmt"
The setup program will now attempt to discover the OpenFlow controller.
Controller discovery may take up to 30 seconds. Please be patient.
.
- See secchan(8) for instructions on how to configure a DHCP server for
+ See ovs-openflowd(8) for instructions on how to configure a DHCP server for
controller discovery.
Template: openvswitch-switch/discovery-failure
The controller's location could not be determined automatically.
.
Ensure that the OpenFlow DHCP server is properly configured. See
- secchan(8) for instructions on how to configure a DHCP server for
+ ovs-openflowd(8) for instructions on how to configure a DHCP server for
controller discovery.
Template: openvswitch-switch/discovery-success
### END INIT INFO
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
-DAEMON=/usr/sbin/secchan
-NAME=secchan
-DESC=secchan
+DAEMON=/usr/sbin/ovs-openflowd
+NAME=ovs-openflowd
+DESC=ovs-openflowd
test -x $DAEMON || exit 0
# let some servers to die gracefully and
# 'restart' will not work
-# Include secchan defaults if available
+# Include ovs-openflowd defaults if available
unset NETDEVS
unset MODE
unset SWITCH_IP
check_op "Setting core limit to $CORE_LIMIT" ulimit -c "$CORE_LIMIT"
fi
- # Compose secchan options.
+ # Compose ovs-openflowd options.
set --
set -- "$@" --verbose=ANY:console:emer --verbose=ANY:syslog:err
set -- "$@" --log-file
-_debian/secchan/secchan usr/sbin
+_debian/utilities/ovs-openflowd usr/sbin
_debian/utilities/ovs-dpctl usr/sbin
_debian/utilities/ovs-discover usr/sbin
_debian/utilities/ovs-kill usr/sbin
-/var/log/openvswitch/secchan.log {
+/var/log/openvswitch/ovs-openflowd.log {
daily
compress
create 640 root adm
missingok
rotate 30
postrotate
- ovs-appctl --target /var/run/secchan.pid --reopen
+ ovs-appctl --target /var/run/ovs-openflowd.pid --reopen
endscript
}
-_debian/secchan/secchan.8
+_debian/utilities/ovs-openflowd.8
_debian/utilities/ovs-discover.8
_debian/utilities/ovs-dpctl.8
_debian/utilities/ovs-kill.8
# This is a POSIX shell fragment -*- sh -*-
-# To configure the secure channel, fill in the following properly and
-# uncomment them. Afterward, the secure channel will come up
+# To configure the OpenFlow switch, fill in the following properly and
+# uncomment them. Afterward, the switch will come up
# automatically at boot time. It can be started immediately with
# /etc/init.d/openvswitch-switch start
# Alternatively, use the ovs-switch-setup program (from the
# Set CACERT_MODE to 'secure' or 'bootstrap' for these respective cases.
#CACERT_MODE=secure
-# MGMT_VCONNS: List of vconns (space-separated) on which secchan
+# MGMT_VCONNS: List of vconns (space-separated) on which ovs-openflowd
# should listen for management connections from ovs-ofctl, etc.
# openvswitch-switchui by default connects to
-# unix:/var/run/secchan.mgmt, so do not disable this if you want to
+# unix:/var/run/ovs-openflowd.mgmt, so do not disable this if you want to
# use openvswitch-switchui.
-MGMT_VCONNS="punix:/var/run/secchan.mgmt"
+MGMT_VCONNS="punix:/var/run/ovs-openflowd.mgmt"
# COMMANDS: Access control list for the commands that can be executed
# remotely over the OpenFlow protocol, as a comma-separated list of
#DISCONNECTED_MODE=switch
# STP: Enable or disabled 802.1D-1998 Spanning Tree Protocol. Set to
-# 'yes' to enable STP, 'no' to disable it. If unset, secchan's
+# 'yes' to enable STP, 'no' to disable it. If unset, ovs-openflowd's
# current default is 'no' (but this may change in the future).
#STP=no
#RATE_LIMIT=1000
# INACTIVITY_PROBE: The maximum number of seconds of inactivity on the
-# controller connection before secchan sends an inactivity probe
+# controller connection before ovs-openflowd sends an inactivity probe
# message to the controller. The valid range is 5 and up. If unset,
-# secchan defaults to 15 seconds.
+# ovs-openflowd defaults to 15 seconds.
#INACTIVITY_PROBE=5
-# MAX_BACKOFF: The maximum time that secchan will wait between
+# MAX_BACKOFF: The maximum time that ovs-openflowd will wait between
# attempts to connect to the controller. The valid range is 1 and up.
-# If unset, secchan defaults to 15 seconds.
+# If unset, ovs-openflowd defaults to 15 seconds.
#MAX_BACKOFF=15
-# DAEMON_OPTS: Additional options to pass to secchan, e.g. "--fail=open"
+# DAEMON_OPTS: Additional options to pass to ovs-openflowd, e.g. "--fail=open"
DAEMON_OPTS=""
# CORE_LIMIT: Maximum size for core dumps.
# This is a POSIX shell fragment -*- sh -*-
-# To configure the switch monitor, modify the following. Afterward,
-# the secure channel will come up automatically at boot time. It can
+# To configure the switch UI, modify the following. Afterward,
+# the switch UI will come up automatically at boot time. It can
# be restarted immediately with
# /etc/init.d/openvswitch-switchui start
# sourced by /etc/init.d/openvswitch-switchui
# installed at /etc/default/openvswitch-switchui by the maintainer scripts
-# SWITCH_VCONN: The vconn used to connect to the switch (secchan).
-# The secchan must be configured to listen to this vconn. The default
+# SWITCH_VCONN: The vconn used to connect to the switch (ovs-openflowd).
+# The ovs-openflowd must be configured to listen to this vconn. The default
# here set is also listened to by default by the openvswitch-switch
# package, so ordinarily there is no need to modify this.
-SWITCH_VCONN="unix:/var/run/secchan.mgmt"
+SWITCH_VCONN="unix:/var/run/ovs-openflowd.mgmt"
# EZIO3_DEVICE: To display the switch monitor on an EZIO3 (aka
# MTB-134) 16x2 LCD displays found on server appliances made by
.BR ovs\-dpctl (8),
.BR ovs-pki (8),
-.BR secchan (8)
+.BR ovs-openflowd (8)
#. Description
#: ../openvswitch-switch-config.templates:5001
msgid ""
-"See secchan(8) for instructions on how to configure a DHCP server for "
+"See ovs-openflowd(8) for instructions on how to configure a DHCP server for "
"controller discovery."
msgstr ""
#. Description
#: ../openvswitch-switch-config.templates:6001
msgid ""
-"Ensure that the OpenFlow DHCP server is properly configured. See secchan(8) "
+"Ensure that the OpenFlow DHCP server is properly configured. See ovs-openflowd(8) "
"for instructions on how to configure a DHCP server for controller discovery."
msgstr ""
static void show_flows(struct rconn *);
static void show_dpid_ip(struct rconn *, const struct dict *);
-static void show_secchan_state(const struct dict *);
+static void show_ofproto_state(const struct dict *);
static void show_fail_open_state(const struct dict *);
static void show_discovery_state(const struct dict *);
static void show_remote_state(const struct dict *);
if (!show_reboot_state()) {
show_flows(rconn);
show_dpid_ip(rconn, dict);
- show_secchan_state(dict);
+ show_ofproto_state(dict);
show_fail_open_state(dict);
show_discovery_state(dict);
show_remote_state(dict);
}
static void
-show_secchan_state(const struct dict *dict)
+show_ofproto_state(const struct dict *dict)
{
static struct message *msg;
const char *is_connected;
* ----------------------------------------------------------------------
*/
-/* Protocol between secchan and datapath. */
+/* Protocol between userspace and kernel datapath. */
#ifndef OPENVSWITCH_DATAPATH_PROTOCOL_H
#define OPENVSWITCH_DATAPATH_PROTOCOL_H 1
lib/unixctl.c \
lib/util.c \
lib/vconn.c \
- secchan/ofproto.c \
- secchan/pktbuf.c \
+ ofproto/ofproto.c \
+ ofproto/pktbuf.c \
vswitchd/bridge.c \
vswitchd/mgmt.c \
vswitchd/ovs-brcompatd.c
time_t last_admitted;
/* These values are simply for statistics reporting, not used directly by
- * anything internal to the rconn (or the secchan for that matter). */
+ * anything internal to the rconn (or ofproto for that matter). */
unsigned int packets_received;
unsigned int n_attempted_connections, n_successful_connections;
time_t creation_time;
VLOG_MODULE(ofctl)
VLOG_MODULE(ovs_discover)
VLOG_MODULE(ofproto)
+VLOG_MODULE(openflowd)
VLOG_MODULE(pktbuf)
VLOG_MODULE(pcap)
VLOG_MODULE(poll_loop)
VLOG_MODULE(port_watcher)
VLOG_MODULE(proc_net_compat)
VLOG_MODULE(process)
-VLOG_MODULE(secchan)
VLOG_MODULE(rconn)
VLOG_MODULE(stp)
-VLOG_MODULE(stp_secchan)
VLOG_MODULE(stats)
VLOG_MODULE(status)
VLOG_MODULE(svec)
/Makefile
/Makefile.in
-/secchan
-/secchan.8
--- /dev/null
+# Copyright (C) 2009 Nicira Networks, Inc.
+#
+# Copying and distribution of this file, with or without modification,
+# are permitted in any medium without royalty provided the copyright
+# notice and this notice are preserved. This file is offered as-is,
+# without warranty of any kind.
+
+noinst_LIBRARIES += ofproto/libofproto.a
+ofproto_libofproto_a_SOURCES = \
+ ofproto/discovery.c \
+ ofproto/discovery.h \
+ ofproto/executer.c \
+ ofproto/executer.h \
+ ofproto/fail-open.c \
+ ofproto/fail-open.h \
+ ofproto/in-band.c \
+ ofproto/in-band.h \
+ ofproto/netflow.c \
+ ofproto/netflow.h \
+ ofproto/ofproto.c \
+ ofproto/ofproto.h \
+ ofproto/pktbuf.c \
+ ofproto/pktbuf.h \
+ ofproto/pinsched.c \
+ ofproto/pinsched.h \
+ ofproto/status.c \
+ ofproto/status.h
+
+include ofproto/commands/automake.mk
commandsdir = ${pkgdatadir}/commands
dist_commands_SCRIPTS = \
- secchan/commands/reboot
+ ofproto/commands/reboot
/* Returns true if 'cmd' is allowed by 'acl', which is a command-separated
* access control list in the format described for --command-acl in
- * secchan(8). */
+ * ovs-openflowd(8). */
static bool
executer_is_permitted(const char *acl_, const char *cmd)
{
#define IB_BASE_PRIORITY 18181800
enum {
- IBR_FROM_LOCAL_PORT, /* Sent by secure channel. */
- IBR_TO_LOCAL_PORT, /* Sent to secure channel. */
+ IBR_FROM_LOCAL_PORT, /* Sent by ofproto local port. */
+ IBR_TO_LOCAL_PORT, /* Sent to ofproto local port. */
IBR_ARP_FROM_CTL, /* ARP from the controller. */
IBR_TO_CTL_OFP_SRC, /* To controller, OpenFlow source port. */
IBR_TO_CTL_OFP_DST, /* To controller, OpenFlow dest port. */
controller_mac = get_controller_mac(in_band);
local_mac = get_local_mac(in_band);
- /* Switch traffic sent by the secure channel. */
+ /* Switch traffic sent from the local port. */
memset(&flow, 0, sizeof flow);
flow.in_port = ODPP_LOCAL;
setup_flow(in_band, IBR_FROM_LOCAL_PORT, &flow, OFPFW_IN_PORT,
OFPP_NORMAL);
- /* Deliver traffic sent to the secure channel to the local port. */
+ /* Deliver traffic sent to the local port. */
if (local_mac) {
memset(&flow, 0, sizeof flow);
memcpy(flow.dl_dst, local_mac, ETH_ADDR_LEN);
struct in_band;
struct ofproto;
struct rconn;
-struct secchan;
struct settings;
struct switch_status;
return true;
}
- /* Rules with priority higher than UINT16_MAX are set up by secchan itself
+ /* Rules with priority higher than UINT16_MAX are set up by ofproto itself
* (e.g. by in-band control) and are intentionally hidden from the
* controller. */
if (rule->cr.priority > UINT16_MAX) {
struct nicira_header;
struct rconn;
-struct secchan;
struct ofproto;
struct status_reply;
+++ /dev/null
-# Copyright (C) 2009 Nicira Networks, Inc.
-#
-# Copying and distribution of this file, with or without modification,
-# are permitted in any medium without royalty provided the copyright
-# notice and this notice are preserved. This file is offered as-is,
-# without warranty of any kind.
-
-bin_PROGRAMS += secchan/secchan
-man_MANS += secchan/secchan.8
-
-secchan_secchan_SOURCES = secchan/main.c
-secchan_secchan_LDADD = \
- secchan/libsecchan.a \
- lib/libopenvswitch.a \
- $(FAULT_LIBS) \
- $(SSL_LIBS)
-
-noinst_LIBRARIES += secchan/libsecchan.a
-secchan_libsecchan_a_SOURCES = \
- secchan/discovery.c \
- secchan/discovery.h \
- secchan/executer.c \
- secchan/executer.h \
- secchan/fail-open.c \
- secchan/fail-open.h \
- secchan/in-band.c \
- secchan/in-band.h \
- secchan/netflow.c \
- secchan/netflow.h \
- secchan/ofproto.c \
- secchan/ofproto.h \
- secchan/pktbuf.c \
- secchan/pktbuf.h \
- secchan/pinsched.c \
- secchan/pinsched.h \
- secchan/status.c \
- secchan/status.h
-
-EXTRA_DIST += secchan/secchan.8.in
-DISTCLEANFILES += secchan/secchan.8
-
-include secchan/commands/automake.mk
"\nDHCP options:\n"
" --request-ip=IP request specified IP address (default:\n"
" do not request a specific IP)\n"
- " --vendor-class=STRING use STRING as vendor class (default:\n"
- " none); use OpenFlow to imitate secchan\n"
+ " --vendor-class=STRING use STRING as vendor class; use\n"
+ " OpenFlow to imitate ovs-openflowd\n"
" --no-resolv-conf do not update /etc/resolv.conf\n",
program_name, program_name);
vlog_usage();
/ovs-kill.8
/ovs-ofctl
/ovs-ofctl.8
+/ovs-openflowd
+/ovs-openflowd.8
/ovs-parse-leaks
/ovs-pki
/ovs-pki-cgi
utilities/ovs-dpctl \
utilities/ovs-kill \
utilities/ovs-ofctl \
+ utilities/ovs-openflowd \
utilities/ovs-wdt
noinst_PROGRAMS += utilities/nlmon
bin_SCRIPTS += utilities/ovs-pki
utilities/ovs-dpctl.8.in \
utilities/ovs-kill.8.in \
utilities/ovs-ofctl.8.in \
+ utilities/ovs-openflowd.8.in \
utilities/ovs-parse-leaks.in \
utilities/ovs-pki-cgi.in \
utilities/ovs-pki.8.in \
utilities/ovs-dpctl.8 \
utilities/ovs-kill.8 \
utilities/ovs-ofctl.8 \
+ utilities/ovs-openflowd.8 \
utilities/ovs-parse-leaks \
utilities/ovs-pki \
utilities/ovs-pki.8 \
utilities/ovs-dpctl.8 \
utilities/ovs-kill.8 \
utilities/ovs-ofctl.8 \
+ utilities/ovs-openflowd.8 \
utilities/ovs-pki.8
utilities_ovs_appctl_SOURCES = utilities/ovs-appctl.c
utilities_ovs_ofctl_SOURCES = utilities/ovs-ofctl.c
utilities_ovs_ofctl_LDADD = lib/libopenvswitch.a $(FAULT_LIBS) $(SSL_LIBS)
+utilities_ovs_openflowd_SOURCES = utilities/ovs-openflowd.c
+utilities_ovs_openflowd_LDADD = \
+ ofproto/libofproto.a \
+ lib/libopenvswitch.a \
+ $(FAULT_LIBS) \
+ $(SSL_LIBS)
+
utilities_ovs_wdt_SOURCES = utilities/ovs-wdt.c
utilities_nlmon_SOURCES = utilities/nlmon.c
.RS
.IP \fB%A\fR
-The name of the application logging the message, e.g. \fBsecchan\fR.
+The name of the application logging the message, e.g. \fBovs-vswitchd\fR.
.IP \fB%c\fR
The name of the module (as shown by \fBovs\-appctl --list\fR) logging
.BR ovs\-controller (8),
.BR ovs\-dpctl (8),
-.BR secchan (8)
+.BR ovs\-openflowd (8)
confidence in the controller's identity. However, this option allows
a newly installed switch to obtain the controller CA certificate on
first boot using, e.g., the \fB--bootstrap-ca-cert\fR option to
-\fBsecchan\fR(8).
+\fBovs\-openflowd\fR(8).
.IP "\fB-n\fR, \fB--noflow\fR"
By default, \fBovs\-controller\fR sets up a flow in each OpenFlow switch
This option affects only flows set up by the OpenFlow controller. In
some configurations, the switch can set up some flows
on its own. To set the idle time for those flows, pass
-\fB--max-idle\fR to \fBsecchan\fR (on the switch).
+\fB--max-idle\fR to \fBovs\-openflowd\fR (on the switch).
This option has no effect when \fB-n\fR (or \fB--noflow\fR) is in use
(because the controller does not set up flows in that case).
.SH "SEE ALSO"
-.BR secchan (8),
+.BR ovs\-openflowd (8),
.BR ovs\-appctl (8),
.BR ovs\-dpctl (8)
reply that has the same vendor class identifier and includes a
vendor-specific option with code 1 whose contents are a string
specifying the location of the controller in the same format used on
-the \fBsecchan\fR command line (e.g. \fBssl:192.168.0.1\fR).
+the \fBovs\-openflowd\fR command line (e.g. \fBssl:192.168.0.1\fR).
When \fBovs\-discover\fR receives an acceptable response, it prints
the details of the response on \fBstdout\fR. Then, by default, it
.SH "SEE ALSO"
-.BR secchan (8),
-.BR ovs-pki (8)
+.BR ovs\-openflowd (8),
+.BR ovs\-pki (8)
.IP "\fBdump-groups \fIdp\fR"
Prints to the console the sets of port groups maintained by datapath
\fIdp\fR. Ordinarily there are at least 2 port groups in a datapath
-that \fBsecchan\fR or \fBvswitch\fR is controlling: group 0 contains
+that \fBovs\-openflowd\fR or \fBovs\-vswitch\fR is controlling: group
+0 contains
all ports except those disabled by STP, and group 1 contains all
-ports. Additional groups might be used in the future.
+ports. Additional or different groups might be used in the future.
This command is primarily useful for debugging Open vSwitch. OpenFlow
does not have a concept of port groups.
Adds two network devices to the new datapath.
.PP
-At this point one would ordinarily start \fBsecchan\fR(8) on
+At this point one would ordinarily start \fBovs\-openflowd\fR(8) on
\fBdp0\fR, transforming \fBdp0\fR into an OpenFlow switch. Then, when
the switch and the datapath is no longer needed:
.SH "SEE ALSO"
-.BR secchan (8),
.BR ovs\-appctl (8),
+.BR ovs\-openflowd (8),
.BR ovs\-vswitchd (8)
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
-SECCHAN_PID=/var/run/secchan.pid
-SECCHAN_SOCK=/var/run/secchan.mgmt
+OPENFLOWD_PID=/var/run/ovs-openflowd.pid
+OPENFLOWD_SOCK=/var/run/ovs-openflowd.mgmt
LOG_FILE=/var/log/openflow/monitor
INTERVAL=1
FAIL_THRESH=3
echo
echo "OPTIONS:"
echo " -h Show this message"
- echo " -p PID file for secchan (default: $SECCHAN_PID)"
- echo " -s Unix socket for secchan (default: $SECCHAN_SOCK)"
+ echo " -p PID file for ovs-openflowd (default: $OPENFLOWD_PID)"
+ echo " -s Unix socket for ovs-openflowd (default: $OPENFLOWD_SOCK)"
echo " -l File to log messages (default: $LOG_FILE)"
echo " -i Interval to send probes in seconds (default: $INTERVAL)"
echo " -c Number of failed probes before reboot (default: $FAIL_THRESH)"
;;
p)
- SECCHAN_PID=$OPTARG
+ OPENFLOWD_PID=$OPTARG
;;
s)
- SECCHAN_SOCK=$OPTARG
+ OPENFLOWD_SOCK=$OPTARG
;;
l)
done
-if [ ! -f $SECCHAN_PID ]; then
- log "No secchan pid file: ${SECCHAN_PID}"
- echo "No secchan pid file: ${SECCHAN_PID}"
+if [ ! -f $OPENFLOWD_PID ]; then
+ log "No ovs-openflowd pid file: ${OPENFLOWD_PID}"
+ echo "No ovs-openflowd pid file: ${OPENFLOWD_PID}"
fi
-if [ ! -S $SECCHAN_SOCK ]; then
- log "No secchan sock file: ${SECCHAN_SOCK}"
- echo "No secchan sock file: ${SECCHAN_SOCK}"
+if [ ! -S $OPENFLOWD_SOCK ]; then
+ log "No ovs-openflowd sock file: ${OPENFLOWD_SOCK}"
+ echo "No ovs-openflowd sock file: ${OPENFLOWD_SOCK}"
fi
if [ ! -d `dirname $LOG_FILE` ]; then
fi
let DP_DOWN=0
-let SECCHAN_DOWN=0
+let OPENFLOWD_DOWN=0
log "===== Starting Monitor ===="
while `/bin/true`; do
- # Only check for liveness if the secchan's PID file exists. The PID
- # file is removed when secchan is brought down gracefully.
- if [ -f $SECCHAN_PID ]; then
- pid=`cat $SECCHAN_PID`
+ # Only check for liveness if ovs-openflowd's PID file exists. The PID
+ # file is removed when ovs-openflowd is brought down gracefully.
+ if [ -f $OPENFLOWD_PID ]; then
+ pid=`cat $OPENFLOWD_PID`
if [ -d /proc/$pid ]; then
- # Check if the secchan and datapath still can communicate
- if [ -S $SECCHAN_SOCK ]; then
- ovs-ofctl probe -t 2 unix:$SECCHAN_SOCK
+ # Check if the ovs-openflowd and datapath still can communicate
+ if [ -S $OPENFLOWD_SOCK ]; then
+ ovs-ofctl probe -t 2 unix:$OPENFLOWD_SOCK
if [ $? -ne 0 ]; then
log "datapath probe failed"
let DP_DOWN++
let DP_DOWN=0
fi
fi
- let SECCHAN_DOWN=0
+ let OPENFLOWD_DOWN=0
else
- log "secchan probe failed"
- let SECCHAN_DOWN++
+ log "ovs-openflowd probe failed"
+ let OPENFLOWD_DOWN++
fi
fi
- if [ $SECCHAN_DOWN -ge $FAIL_THRESH ]; then
- log "Failed to probe secchan after ${SECCHAN_DOWN} tries...rebooting!"
+ if [ $OPENFLOWD_DOWN -ge $FAIL_THRESH ]; then
+ log "Failed to probe ovs-openflowd after ${OPENFLOWD_DOWN} tries...rebooting!"
reboot
fi
\fBmonitor \fIswitch\fR [\fImiss-len\fR [\fIsend-exp]]
Connects to \fIswitch\fR and prints to the console all OpenFlow
messages received. Usually, \fIswitch\fR should specify a connection
-named on \fBsecchan\fR(8)'s \fB-l\fR or \fB--listen\fR command line
+named on \fBovs\-openflowd\fR(8)'s \fB-l\fR or \fB--listen\fR command line
option.
If \fImiss-len\fR is provided, \fBovs\-ofctl\fR sends an OpenFlow ``set
.IP \fBlocal\fR
Outputs the packet on the ``local port,'' which corresponds to the
\fBof\fIn\fR network device (see \fBCONTACTING THE CONTROLLER\fR in
-\fBsecchan\fR(8) for information on the \fBof\fIn\fR network device).
+\fBovs\-openflowd\fR(8) for information on the \fBof\fIn\fR network device).
.IP \fBdrop\fR
Discards the packet, so no further processing or forwarding takes place.
host has been configured to listen for management connections on a
Unix domain socket named \fB@RUNDIR@/openflow.sock\fR, e.g. by
specifying \fB--listen=punix:@RUNDIR@/openflow.sock\fR on the
-\fBsecchan\fR(8) command line.
+\fBovs\-openflowd\fR(8) command line.
.TP
\fBovs\-ofctl dump-tables unix:@RUNDIR@/openflow.sock\fR
-.TH secchan 8 "March 2009" "Open vSwitch" "Open vSwitch Manual"
-.ds PN secchan
+.TH ovs\-openflowd 8 "March 2009" "Open vSwitch" "Open vSwitch Manual"
+.ds PN ovs\-openflowd
.SH NAME
-secchan \- OpenFlow switch implementation
+ovs\-openflowd \- OpenFlow switch implementation
.SH SYNOPSIS
-.B secchan
+.B ovs\-openflowd
[\fIoptions\fR] \fIdatapath\fR [\fIcontroller\fR]
.SH DESCRIPTION
-The \fBsecchan\fR program implements an OpenFlow switch using a
-flow-based datapath. \fBsecchan\fR connects to an OpenFlow controller
+The \fBovs\-openflowd\fR program implements an OpenFlow switch using a
+flow-based datapath. \fBovs\-openflowd\fR connects to an OpenFlow controller
over TCP or SSL.
The mandatory \fIdatapath\fR argument argument specifies the local datapath
.RE
.PP
-If \fIcontroller\fR is omitted, \fBsecchan\fR attempts to discover the
+If \fIcontroller\fR is omitted, \fBovs\-openflowd\fR attempts to discover the
location of the controller automatically (see below).
.SS "Contacting the Controller"
any of the network devices added to the datapath with \fBovs\-dpctl
add\-if\fR in its communication with the controller.
-To use \fBsecchan\fR in a network with out-of-band control, specify
-\fB--out-of-band\fR on the \fBsecchan\fR command line. The control
-network must be configured separately, before or after \fBsecchan\fR
+To use \fBovs\-openflowd\fR in a network with out-of-band control, specify
+\fB--out-of-band\fR on the \fBovs\-openflowd\fR command line. The control
+network must be configured separately, before or after \fBovs\-openflowd\fR
is started.
.IP in-band
out-of-band control, because it is not necessary to maintain two
independent networks.
-In-band control is the default for \fBsecchan\fR, so no special
+In-band control is the default for \fBovs\-openflowd\fR, so no special
command-line option is required.
With in-band control, the location of the controller can be configured
.RS
.IP "controller discovery"
-To make \fBsecchan\fR discover the location of the controller
+To make \fBovs\-openflowd\fR discover the location of the controller
automatically, do not specify the location of the controller on the
-\fBsecchan\fR command line.
+\fBovs\-openflowd\fR command line.
-In this mode, \fBsecchan\fR will broadcast a DHCP request with vendor
+In this mode, \fBovs\-openflowd\fR will broadcast a DHCP request with vendor
class identifier \fBOpenFlow\fR across the network devices added to
the datapath with \fBovs\-dpctl add\-if\fR. It will accept any valid DHCP
reply that has the same vendor class identifier and includes a
vendor-specific option with code 1 whose contents are a string
specifying the location of the controller in the same format used on
-the \fBsecchan\fR command line (e.g. \fBssl:192.168.0.1\fR).
+the \fBovs\-openflowd\fR command line (e.g. \fBssl:192.168.0.1\fR).
The DHCP reply may also, optionally, include a vendor-specific option
with code 2 whose contents are a string specifying the URI to the base
of the OpenFlow PKI (e.g. \fBhttp://192.168.0.1/openflow/pki\fR).
This URI is used only for bootstrapping the OpenFlow PKI at initial
-switch setup; \fBsecchan\fR does not use it at all.
+switch setup; \fBovs\-openflowd\fR does not use it at all.
The following ISC DHCP server configuration file assigns the IP
address range 192.168.0.20 through 192.168.0.30 to OpenFlow switches
.IP "manual configuration"
To configure in-band control manually, specify the location of the
-controller on the \fBsecchan\fR command line as the \fIcontroller\fR
+controller on the \fBovs\-openflowd\fR command line as the \fIcontroller\fR
argument. You must also configure the network device for the OpenFlow
-``local port'' to allow \fBsecchan\fR to connect to that controller.
-The OpenFlow local port is a virtual network port that \fBsecchan\fR
+``local port'' to allow \fBovs\-openflowd\fR to connect to that controller.
+The OpenFlow local port is a virtual network port that \fBovs\-openflowd\fR
bridges to the physical switch ports. The name of the local port for
a given \fIdatapath\fR may be seen by running \fBovs\-dpctl show
\fIdatapath\fR; the local port is listed as port 0 in \fBshow\fR's
output.
.IP
-Before \fBsecchan\fR starts, the local port network device is not
+Before \fBovs\-openflowd\fR starts, the local port network device is not
bridged to any physical network, so the next step depends on whether
connectivity is required to configure the device's IP address. If the
switch has a static IP address, you may configure its IP address now
with a command such as
.B ifconfig of0 192.168.1.1
-and then invoke \fBsecchan\fR.
+and then invoke \fBovs\-openflowd\fR.
On the other hand, if the switch does not have a static IP address,
e.g. it obtains its IP address dynamically via DHCP, the DHCP client
-will not be able to contact the DHCP server until the secure channel
-has started up. Thus, start \fBsecchan\fR without configuring
+will not be able to contact the DHCP server until the OpenFlow switch
+has started up. Thus, start \fBovs\-openflowd\fR without configuring
the local port network device, and start the DHCP client afterward.
.RE
.SS "Controller Discovery Options"
.TP
\fB--accept-vconn=\fIregex\fR
-When \fBsecchan\fR performs controller discovery (see \fBContacting
+When \fBovs\-openflowd\fR performs controller discovery (see \fBContacting
the Controller\fR, above, for more information about controller
discovery), it validates the controller location obtained via DHCP
with a POSIX extended regular expression. Only controllers whose
.TP
\fB--no-resolv-conf\fR
-When \fBsecchan\fR performs controller discovery (see \fBContacting
+When \fBovs\-openflowd\fR performs controller discovery (see \fBContacting
the Controller\fR, above, for more information about controller
discovery), by default it overwrites the system's
\fB/etc/resolv.conf\fR with domain information and DNS servers
using a hostname, rather than an IP address, and the network's DNS
servers ever change, this behavior is essential. But because it also
interferes with any administrator or process that manages
-\fB/etc/resolv.conf\fR, when this option is specified, \fBsecchan\fR
+\fB/etc/resolv.conf\fR, when this option is specified, \fBovs\-openflowd\fR
will not modify \fB/etc/resolv.conf\fR.
-\fBsecchan\fR will only modify \fBresolv.conf\fR if the DHCP response
+\fBovs\-openflowd\fR will only modify \fBresolv.conf\fR if the DHCP response
that it receives specifies one or more DNS servers.
When controller discovery is not performed, this option has no effect.
controller stays down long enough, no packets can pass through the
switch at all.
-If this option is set to \fBopen\fR (the default), \fBsecchan\fR will
+If this option is set to \fBopen\fR (the default), \fBovs\-openflowd\fR will
take over responsibility for setting up flows in the local datapath
when no message has been received from the controller for three times
the inactivity probe interval (see below), or 45 seconds by default.
-In this ``fail open'' mode, \fBsecchan\fR causes the datapath to act
-like an ordinary MAC-learning switch. \fBsecchan\fR will continue to
+In this ``fail open'' mode, \fBovs\-openflowd\fR causes the datapath to act
+like an ordinary MAC-learning switch. \fBovs\-openflowd\fR will continue to
retry connection to the controller in the background and, when the
connection succeeds, it discontinues its fail-open behavior.
-If this option is set to \fBclosed\fR, then \fBsecchan\fR will not
+If this option is set to \fBclosed\fR, then \fBovs\-openflowd\fR will not
set up flows on its own when the controller connection fails.
.TP
\fB--inactivity-probe=\fIsecs\fR
-When the secure channel is connected to the controller, the secure
-channel waits for a message to be received from the controller for
+When the OpenFlow switch is connected to the controller, the
+switch waits for a message to be received from the controller for
\fIsecs\fR seconds before it sends a inactivity probe to the
controller. After sending the inactivity probe, if no response is
-received for an additional \fIsecs\fR seconds, the secure channel
+received for an additional \fIsecs\fR seconds, the switch
assumes that the connection has been broken and attempts to reconnect.
The default is 15 seconds, and the minimum value is 5 seconds.
.TP
\fB--max-idle=\fIsecs\fR|\fBpermanent\fR
Sets \fIsecs\fR as the number of seconds that a flow set up by the
-secure channel will remain in the switch's flow table without any
+OpenFlow switch will remain in the switch's flow table without any
matching packets being seen. If \fBpermanent\fR is specified, which
-is not recommended, flows set up by the secure channel will never
+is not recommended, flows set up by the switch will never
expire. The default is 15 seconds.
-Most flows are set up by the OpenFlow controller, not by the secure
-channel. This option affects only the following flows, which the
-secure channel sets up itself:
+Most flows are set up by the OpenFlow controller, not by the
+switch. This option affects only the following flows, which the
+OpenFlow switch sets up itself:
.RS
.IP \(bu
-When \fB--fail=open\fR is specified, flows set up when the secure
-channel has not been able to contact the controller for the configured
+When \fB--fail=open\fR is specified, flows set up when the
+switch has not been able to contact the controller for the configured
fail-open delay.
.IP \(bu
.TP
\fB--in-band\fR, \fB--out-of-band\fR
-Configures \fBsecchan\fR to operate in in-band or out-of-band control
+Configures \fBovs\-openflowd\fR to operate in in-band or out-of-band control
mode (see \fBContacting the Controller\fR above). When neither option
is given, the default is in-band control.
English letters, digits, and the underscore and hyphen characters are
unconditionally disallowed.
-When the whitelist and blacklist permit a command name, \fBsecchan\fR
+When the whitelist and blacklist permit a command name, \fBovs\-openflowd\fR
looks for a program with the same name as the command in the commands
directory (see below). Other directories are not searched.
.TP
\fB--bootstrap-ca-cert=\fIcacert.pem\fR
When \fIcacert.pem\fR exists, this option has the same effect as
-\fB-C\fR or \fB--ca-cert\fR. If it does not exist, then \fBsecchan\fR
+\fB-C\fR or \fB--ca-cert\fR. If it does not exist, then \fBovs\-openflowd\fR
will attempt to obtain the CA certificate from the controller on its
first SSL connection and save it to the named PEM file. If it is
successful, it will immediately drop the connection and reconnect, and
#include "compiler.h"
#include "daemon.h"
#include "dirs.h"
-#include "discovery.h"
#include "dpif.h"
-#include "fail-open.h"
#include "fault.h"
-#include "in-band.h"
#include "leak-checker.h"
#include "list.h"
#include "netdev.h"
#include "ofpbuf.h"
-#include "ofproto.h"
+#include "ofproto/ofproto.h"
#include "openflow/openflow.h"
#include "packets.h"
#include "poll-loop.h"
#include "rconn.h"
-#include "status.h"
#include "svec.h"
#include "timeval.h"
#include "unixctl.h"
#include "vconn.h"
#include "vlog.h"
-#define THIS_MODULE VLM_secchan
+#define THIS_MODULE VLM_openflowd
/* Behavior when the connection to the controller fails. */
enum fail_mode {
"usage: %s [OPTIONS] DATAPATH [CONTROLLER]\n"
"DATAPATH is a local datapath (e.g. \"dp0\").\n"
"CONTROLLER is an active OpenFlow connection method; if it is\n"
- "omitted, then secchan performs controller discovery.\n",
+ "omitted, then ovs-openflowd performs controller discovery.\n",
program_name, program_name);
vconn_usage(true, true, true);
printf("\nOpenFlow options:\n"
" closed: drop all packets\n"
" open (default): act as learning switch\n"
" --inactivity-probe=SECS time between inactivity probes\n"
- " --max-idle=SECS max idle for flows set up by secchan\n"
+ " --max-idle=SECS max idle for flows set up by switch\n"
" --max-backoff=SECS max time between controller connection\n"
" attempts (default: 15 seconds)\n"
" -l, --listen=METHOD allow management connections on METHOD\n"
.SH "SEE ALSO"
-.BR controller (8),
-.BR ovs\-pki\-cgi (8),
-.BR secchan (8)
+.BR ovs\-controller (8),
+.BR ovs\-openflowd (8),
+.BR ovs\-pki\-cgi (8)
vswitchd/xenserver.c \
vswitchd/xenserver.h
vswitchd_ovs_vswitchd_LDADD = \
- secchan/libsecchan.a \
+ ofproto/libofproto.a \
lib/libopenvswitch.a \
$(FAULT_LIBS) \
$(SSL_LIBS)
#include "odp-util.h"
#include "ofp-print.h"
#include "ofpbuf.h"
+#include "ofproto/ofproto.h"
#include "packets.h"
#include "poll-loop.h"
#include "port-array.h"
#include "proc-net-compat.h"
#include "process.h"
-#include "secchan/ofproto.h"
#include "socket-util.h"
#include "stp.h"
#include "svec.h"
.TP
\fBdiscover\fR
Use controller discovery to find the local OpenFlow controller.
-Refer to \fBsecchan\fR(8) for information on how to configure a DHCP
+Refer to \fB\ovs\-openflowd\fR(8) for information on how to configure a DHCP
server to support controller discovery. The following additional
options control the discovery process:
.
By default, or if this is set to \fBtrue\fR, \fBovs\-vswitchd\fR connects
to the controller in-band. If this is set to \fBfalse\fR,
\fBovs\-vswitchd\fR connects to the controller out-of-band. Refer to
-\fBsecchan\fR(8) for a description of in-band and out-of-band control.
+\fBovs\-openflowd\fR(8) for a description of in-band and out-of-band control.
.IP "\fBbridge.\fIname\fB.controller.ip=\fIip\fR"
If specified, the IP address to configure on the bridge's local port.
.IP "\fBbridge.\fIname\fB.controller.netmask=\fInetmask\fR"
message to be received from the controller for \fIsecs\fR seconds
before it sends a inactivity probe to the controller. After sending
the inactivity probe, if no response is received for an additional
-\fIsecs\fR seconds, the secure channel assumes that the connection has
+\fIsecs\fR seconds, \fBovs-vswitchd\fR assumes that the connection has
been broken and attempts to reconnect.
.IP
Changing the inactivity probe interval also changes the interval
$RPM_BUILD_ROOT/root/vswitch/bin/ovs-controller \
$RPM_BUILD_ROOT/root/vswitch/bin/ovs-discover \
$RPM_BUILD_ROOT/root/vswitch/bin/ovs-kill \
+ $RPM_BUILD_ROOT/root/vswitch/bin/ovs-openflowd \
$RPM_BUILD_ROOT/root/vswitch/bin/ovs-pki \
$RPM_BUILD_ROOT/root/vswitch/bin/ovs-switchui \
$RPM_BUILD_ROOT/root/vswitch/bin/ovs-wdt \
- $RPM_BUILD_ROOT/root/vswitch/bin/secchan \
$RPM_BUILD_ROOT/root/vswitch/kernel_modules/veth_mod.ko \
$RPM_BUILD_ROOT/root/vswitch/sbin/ovs-monitor \
$RPM_BUILD_ROOT/root/vswitch/share/man/man8/ovs-controller.8 \
$RPM_BUILD_ROOT/root/vswitch/share/man/man8/ovs-discover.8 \
$RPM_BUILD_ROOT/root/vswitch/share/man/man8/ovs-kill.8 \
+ $RPM_BUILD_ROOT/root/vswitch/share/man/man8/ovs-openflowd.8 \
$RPM_BUILD_ROOT/root/vswitch/share/man/man8/ovs-pki.8 \
- $RPM_BUILD_ROOT/root/vswitch/share/man/man8/secchan.8 \
$RPM_BUILD_ROOT/root/vswitch/share/openvswitch
%clean