From f1126f43ad62618cf1b6f6ab48d9635fc5cbcad6 Mon Sep 17 00:00:00 2001 From: Justin Pettit Date: Wed, 22 Oct 2008 17:17:50 -0700 Subject: [PATCH] Switch default OpenFlow port from 975 and 976 to 6633. --- INSTALL | 14 +++++++------- controller/controller.8.in | 10 +++++----- debian/openflow-controller.default | 4 ++-- debian/openflow-switch.default | 4 ++-- doc/of-spec/openflow-spec-v0.9-draft3.tex | 4 ++-- include/openflow.h | 4 ++-- secchan/secchan.8.in | 8 ++++---- switch/switch.8.in | 4 ++-- third-party/README | 2 +- utilities/dpctl.8 | 4 ++-- 10 files changed, 29 insertions(+), 29 deletions(-) diff --git a/INSTALL b/INSTALL index 58b6cbf1d..c201b1499 100644 --- a/INSTALL +++ b/INSTALL @@ -380,7 +380,7 @@ integrated userspace program. # controller ptcp: & - This command causes the controller to bind to port 975 (the + This command causes the controller to bind to port 6633 (the default) awaiting connections from OpenFlow switches. See controller(8) for details. @@ -469,7 +469,7 @@ Controller Setup On the machine that is to be the OpenFlow controller, start the "controller" program listening for connections from switches on TCP -port 975 (the default), as shown below. (Because it listens on a +port 6633 (the default), as shown below. (Because it listens on a low-numbered port, this command must run as root.) # controller -v ptcp: @@ -495,7 +495,7 @@ userspace datapath-based switches do not have this limitation.) the IP address of the controller as the first argument to the switch program, and the network devices to include in the switch as arguments to the -i option. For example, if the controller is - running on host 192.168.1.2 port 975 (the default port), and eth1 + running on host 192.168.1.2 port 6633 (the default port), and eth1 and eth2 are to be the switch ports, the switch invocation would look like this: @@ -564,7 +564,7 @@ every OpenFlow distribution. 4. Run secchan to start the secure channel connecting the datapath to a remote controller. If the controller is running on host - 192.168.1.2 port 975 (the default port), the secchan invocation + 192.168.1.2 port 6633 (the default port), the secchan invocation would look like this: # secchan unix:/var/run/dp0.sock tcp:192.168.1.2 @@ -657,7 +657,7 @@ The OpenFlow kernel module must be loaded, as described under 4. Run secchan to start the secure channel connecting the datapath to a remote controller. If the controller is running on host - 192.168.1.2 port 975 (the default port), the secchan invocation + 192.168.1.2 port 6633 (the default port), the secchan invocation would look like this: # secchan nl:0 tcp:192.168.1.2 @@ -697,7 +697,7 @@ controllers and one for switches. If you have an established PKI, OpenFlow can use it directly. Otherwise, refer to "Establishing a Public Key Infrastructure" below. -To configure the controller to listen for SSL connections on port 976 +To configure the controller to listen for SSL connections on port 6633 (the default), invoke it as follows: # controller -v pssl: --private-key=PRIVKEY --certificate=CERT \ @@ -712,7 +712,7 @@ with the instructions below, then the invocation would look like: # controller -v pssl: --private-key=ctl-privkey.pem \ --certificate=ctl-cert.pem --ca-cert=pki/switchca/cacert.pem -To configure a switch to connect to a controller running on port 976 +To configure a switch to connect to a controller running on port 6633 (the default) on host 192.168.1.2 over SSL, invoke secchan as follows: # secchan -v DATAPATH ssl:192.168.1.2 --private-key=PRIVKEY \ diff --git a/controller/controller.8.in b/controller/controller.8.in index 1df6b7528..26c7c4cb3 100644 --- a/controller/controller.8.in +++ b/controller/controller.8.in @@ -19,14 +19,14 @@ one or more of the following OpenFlow connection methods: .TP \fBpssl:\fR[\fIport\fR] Listens for SSL connections from remote OpenFlow switches on -\fIport\fR (default: 976). The \fB--private-key\fR, +\fIport\fR (default: 6633). The \fB--private-key\fR, \fB--certificate\fR, and \fB--ca-cert\fR options are mandatory when this form is used. .TP \fBptcp:\fR[\fIport\fR] Listens for TCP connections from remote OpenFlow switches on -\fIport\fR (default: 975). +\fIport\fR (default: 6633). .TP \fBpunix:\fIfile\fR @@ -42,13 +42,13 @@ module for Linux loaded. .TP \fBssl:\fIhost\fR[\fB:\fIport\fR] -The specified SSL \fIport\fR (default: 976) on the given remote +The specified SSL \fIport\fR (default: 6633) on the given remote \fIhost\fR. The \fB--private-key\fR, \fB--certificate\fR, and \fB--ca-cert\fR options are mandatory when this form is used. .TP \fBtcp:\fIhost\fR[\fB:\fIport\fR] -The specified TCP \fIport\fR (default: 975) on the given remote +The specified TCP \fIport\fR (default: 6633) on the given remote \fIhost\fR. .TP @@ -181,7 +181,7 @@ To connect directly to local datapath 0 over netlink (Linux only): .B % controller nl:0 .TP -To bind locally to port 975 (the default) and wait for incoming connections from OpenFlow switches: +To bind locally to port 6633 (the default) and wait for incoming connections from OpenFlow switches: .B % controller ptcp: diff --git a/debian/openflow-controller.default b/debian/openflow-controller.default index a82754625..3b84b62a9 100644 --- a/debian/openflow-controller.default +++ b/debian/openflow-controller.default @@ -5,11 +5,11 @@ # This is a space-delimited list of connection methods: # # * "pssl:[PORT]": Listen for SSL connections on the specified PORT -# (default: 976). The private key, certificate, and CA certificate +# (default: 6633). The private key, certificate, and CA certificate # must be specified below. # # * "pctp:[PORT]": Listen for TCP connections on the specified PORT -# (default: 975). Not recommended for security reasons. +# (default: 6633). Not recommended for security reasons. # # * "nl:DP_IDX": Listen on local datapath DP_IDX. Used only if this # machine is also an OpenFlow switch and not running the secure diff --git a/debian/openflow-switch.default b/debian/openflow-switch.default index a2b19b2ca..6088581a8 100644 --- a/debian/openflow-switch.default +++ b/debian/openflow-switch.default @@ -60,8 +60,8 @@ SWITCH_IP=dhcp # CONTROLLER: Location of controller. # One of the following formats: -# tcp:HOST[:PORT] via TCP to PORT (default: 975) on HOST -# ssl:HOST[:PORT] via SSL to PORT (default: 976) on HOST +# tcp:HOST[:PORT] via TCP to PORT (default: 6633) on HOST +# ssl:HOST[:PORT] via SSL to PORT (default: 6633) on HOST # The default below assumes that the controller is running locally. # This setting has no effect when MODE is set to 'discovery'. #CONTROLLER="tcp:127.0.0.1" diff --git a/doc/of-spec/openflow-spec-v0.9-draft3.tex b/doc/of-spec/openflow-spec-v0.9-draft3.tex index 81248b033..cbc16fe08 100755 --- a/doc/of-spec/openflow-spec-v0.9-draft3.tex +++ b/doc/of-spec/openflow-spec-v0.9-draft3.tex @@ -293,7 +293,7 @@ If the \verb|DELETE| command is used, the wildcards are \subsection{Switch/Controller Connection} The switch and controller communicate through an SSL connection. The switch must be able to establish the communication at a user-configurable (but otherwise fixed) IP address, using a user-specified port. Traffic to and from the secure channel is not checked against the flow table. Therefore, the switch must identify incoming traffic as local before checking it against the flow table. Future versions of the protocol specification will describe a dynamic controller discovery protocol in which the IP address and port for communicating with the controller is determined at runtime. \\\\ -The SSL connection is initiated by the switch on startup to the controllerÕs server, which is located by default on TCP port 976. The switch and controller mutually authenticate by exchanging certificates signed by a site-specific private key. Each switch must be user-configurable with one certificate for authenticating the controller (controller certificate) and the other for authenticating to the controller (switch certificate). +The SSL connection is initiated by the switch on startup to the controllerÕs server, which is located by default on TCP port 6633. The switch and controller mutually authenticate by exchanging certificates signed by a site-specific private key. Each switch must be user-configurable with one certificate for authenticating the controller (controller certificate) and the other for authenticating to the controller (switch certificate). \subsection{OpenFlow Protocol Overview} The controller configures and manages the switch, and receives events from the switch, via the OpenFlow protocol, on the secure channel. @@ -335,4 +335,4 @@ Symmetric messages are sent without solicitation, in either direction. -\end{document} \ No newline at end of file +\end{document} diff --git a/include/openflow.h b/include/openflow.h index 202fd5a01..3215b192f 100644 --- a/include/openflow.h +++ b/include/openflow.h @@ -68,8 +68,8 @@ #define OFP_MAX_TABLE_NAME_LEN 32 #define OFP_MAX_PORT_NAME_LEN 16 -#define OFP_TCP_PORT 975 -#define OFP_SSL_PORT 976 +#define OFP_TCP_PORT 6633 +#define OFP_SSL_PORT 6633 #define OFP_ETH_ALEN 6 /* Bytes in an Ethernet address. */ diff --git a/secchan/secchan.8.in b/secchan/secchan.8.in index 642a31daa..beb57b047 100644 --- a/secchan/secchan.8.in +++ b/secchan/secchan.8.in @@ -33,13 +33,13 @@ the OpenFlow controller. It takes one of the following forms: .TP \fBssl:\fIhost\fR[\fB:\fIport\fR] -The specified SSL \fIport\fR (default: 976) on the given remote +The specified SSL \fIport\fR (default: 6633) on the given remote \fIhost\fR. The \fB--private-key\fR, \fB--certificate\fR, and \fB--ca-cert\fR options are mandatory when this form is used. .TP \fBtcp:\fIhost\fR[\fB:\fIport\fR] -The specified TCP \fIport\fR (default: 975) on the given remote +The specified TCP \fIport\fR (default: 6633) on the given remote \fIhost\fR. .TP @@ -310,13 +310,13 @@ multiple connection methods. .RS .TP \fBpssl:\fR[\fIport\fR] -Listens for SSL connections on \fIport\fR (default: 976). The +Listens for SSL connections on \fIport\fR (default: 6633). The \fB--private-key\fR, \fB--certificate\fR, and \fB--ca-cert\fR options are mandatory when this form is used. .TP \fBptcp:\fR[\fIport\fR] -Listens for TCP connections on \fIport\fR (default: 975). +Listens for TCP connections on \fIport\fR (default: 6633). .TP \fBpunix:\fIfile\fR diff --git a/switch/switch.8.in b/switch/switch.8.in index dfa114adf..aa1bbc425 100644 --- a/switch/switch.8.in +++ b/switch/switch.8.in @@ -33,13 +33,13 @@ the OpenFlow controller. It takes one of the following forms: .TP \fBssl:\fIhost\fR[\fB:\fIport\fR] -The specified SSL \fIport\fR (default: 976) on the given remote +The specified SSL \fIport\fR (default: 6633) on the given remote \fIhost\fR. The \fB--private-key\fR, \fB--certificate\fR, and \fB--ca-cert\fR options are mandatory when this form is used. .TP \fBtcp:\fIhost\fR[\fB:\fIport\fR] -The specified TCP \fIport\fR (default: 975) on the given remote +The specified TCP \fIport\fR (default: 6633) on the given remote \fIhost\fR. .TP diff --git a/third-party/README b/third-party/README index 2621cdc3f..15f4d647e 100644 --- a/third-party/README +++ b/third-party/README @@ -24,7 +24,7 @@ Clearly, tcpdump can only parse unencrypted packets, so you will need to connect the controller and datapath using plain TCP. To look at the traffic, tcpdump will be started in a manner similar to the following: - sudo ./tcpdump -s0 -i eth0 port 975 + sudo ./tcpdump -s0 -i eth0 port 6633 The "-s0" flag indicates that tcpdump should capture the entire packet. If the OpenFlow message is not received in its entirety, "[|openflow]" will diff --git a/utilities/dpctl.8 b/utilities/dpctl.8 index c31ad04a8..a1fcd0777 100644 --- a/utilities/dpctl.8 +++ b/utilities/dpctl.8 @@ -28,13 +28,13 @@ that the local host has the OpenFlow kernel module for Linux loaded. .TP \fBssl:\fIhost\fR[\fB:\fIport\fR] -The specified SSL \fIport\fR (default: 976) on the given remote +The specified SSL \fIport\fR (default: 6633) on the given remote \fIhost\fR. The \fB--private-key\fR, \fB--certificate\fR, and \fB--ca-cert\fR options are mandatory when this form is used. .TP \fBtcp:\fIhost\fR[\fB:\fIport\fR] -The specified TCP \fIport\fR (default: 975) on the given remote +The specified TCP \fIport\fR (default: 6633) on the given remote \fIhost\fR. .TP -- 2.43.0