environments: OpenFlow, which exposes flow-based forwarding state,
and the OVSDB management protocol, which exposes switch port state.
In addition to the switch implementation itself, Open vSwitch
- includes tools (ovs-controller, ovs-ofctl, ovs-vsctl) that developers
- can script and extend to provide distributed vswitch capabilities
- that are closely integrated with their virtualization management
- platform.
+ includes tools (ovs-ofctl, ovs-vsctl) that developers can script and
+ extend to provide distributed vswitch capabilities that are closely
+ integrated with their virtualization management platform.
Q: Why doesn't Open vSwitch support distribution?
% ovs-pki req+sign ctl controller
ctl-privkey.pem and ctl-cert.pem would need to be copied to the
-controller for its use at runtime. If you were to use ovs-controller,
+controller for its use at runtime. If you were to use test-controller,
the simple OpenFlow controller included with Open vSwitch, then the
--private-key and --certificate options, respectively, would point to
these files.
deletes all of the bridges at boot time, controller configuration only
persists until XenServer reboot. The configuration database manager
can, however, configure controllers for bridges. See the BUGS section
-of ovs-controller(8) for more information on this topic.
+of test-controller(8) for more information on this topic.
* The Open vSwitch startup script automatically adds a firewall rule
to allow GRE traffic. This rule is needed for the XenServer feature
- Support for Linux kernels up to 3.11
- ovs-dpctl:
The "show" command also displays mega flow mask stats.
+ - ovs-controller has been renamed test-controller. It is no longer
+ packaged or installed by default, because too many users assumed
+ incorrectly that ovs-controller was a necessary or desirable part
+ of an Open vSwitch deployment.
v2.0.0 - 15 Oct 2013
Open vSwitch also provides some tools:
- * ovs-controller, a simple OpenFlow controller.
-
* ovs-ofctl, a utility for querying and controlling OpenFlow
switches and controllers.
/openvswitch
/openvswitch-common
/openvswitch-common.copyright
-/openvswitch-controller
/openvswitch-datapath-source
/openvswitch-datapath-dkms
/openvswitch-dbg
debian/openvswitch-common.docs \
debian/openvswitch-common.install \
debian/openvswitch-common.manpages \
- debian/openvswitch-controller.README.Debian \
- debian/openvswitch-controller.default \
- debian/openvswitch-controller.dirs \
- debian/openvswitch-controller.init \
- debian/openvswitch-controller.install \
- debian/openvswitch-controller.manpages \
- debian/openvswitch-controller.postinst \
- debian/openvswitch-controller.postrm \
debian/openvswitch-datapath-module-_KVERS_.postinst.modules.in \
debian/openvswitch-datapath-dkms.postinst \
debian/openvswitch-datapath-dkms.prerm \
openvswitch (2.0.90-1) unstable; urgency=low
[ Open vSwitch team ]
+ * The openvswitch-controller package has been removed, because too many
+ users assumed incorrectly that ovs-controller was a necessary or
+ desirable part of an Open vSwitch deployment.
* New upstream version
- - Nothing yet! Try NEWS...
+ - Try NEWS for more details...
-- Open vSwitch team <dev@openvswitch.org> Wed, 28 Aug 2013 16:17:38 -0700
to support distribution across multiple physical servers similar to
VMware's vNetwork distributed vswitch or Cisco's Nexus 1000V.
.
- openvswitch-common provides components required by both openvswitch-switch
- and openvswitch-controller.
+ openvswitch-common provides components required by both openvswitch-switch.
Package: openvswitch-switch
Architecture: linux-any
Open vSwitch switches and controllers, reducing the risk of
man-in-the-middle attacks on the Open vSwitch network infrastructure.
-Package: openvswitch-controller
-Architecture: linux-any
-Depends:
- ${shlibs:Depends}, openvswitch-common (= ${binary:Version}),
- openvswitch-pki (= ${source:Version}), ${misc:Depends}
-Description: Open vSwitch controller implementation
- Open vSwitch is a production quality, multilayer, software-based,
- Ethernet virtual switch. It is designed to enable massive network
- automation through programmatic extension, while still supporting
- standard management interfaces and protocols (e.g. NetFlow, IPFIX,
- sFlow, SPAN, RSPAN, CLI, LACP, 802.1ag). In addition, it is designed
- to support distribution across multiple physical servers similar to
- VMware's vNetwork distributed vswitch or Cisco's Nexus 1000V.
- .
- The Open vSwitch controller enables OpenFlow switches that connect to it
- to act as MAC-learning Ethernet switches.
-
Package: openvswitch-dbg
Section: debug
Architecture: linux-any
Depends:
${shlibs:Depends}, ${misc:Depends},
openvswitch-common (= ${binary:Version}),
- openvswitch-controller (= ${binary:Version}),
openvswitch-switch (= ${binary:Version})
Description: Debug symbols for Open vSwitch packages
Open vSwitch is a production quality, multilayer, software-based,
+++ /dev/null
-README.Debian for openvswitch-controller
--------------------------------------
-
-* To (re)configure the controller, edit /etc/default/openvswitch-controller
- and run "/etc/init.d/openvswitch-controller restart".
-
- -- Ben Pfaff <blp@nicira.com>, Fri, 4 Mar 2011 14:28:53 -0800
+++ /dev/null
-# This is a POSIX shell fragment -*- sh -*-
-
-# LISTEN: What OpenFlow connection methods should the controller listen on?
-#
-# This is a space-delimited list of connection methods:
-#
-# * "pssl:[PORT]": Listen for SSL connections on the specified PORT
-# (default: 6633). The private key, certificate, and CA certificate
-# must be specified below.
-#
-# * "ptcp:[PORT]": Listen for TCP connections on the specified PORT
-# (default: 6633). Not recommended for security reasons.
-#
-LISTEN="pssl:"
-
-# PRIVKEY: Name of file containing controller's private key.
-# Required if SSL enabled.
-PRIVKEY=/etc/openvswitch-controller/privkey.pem
-
-# CERT: Name of file containing certificate for private key.
-# Required if SSL enabled.
-CERT=/etc/openvswitch-controller/cert.pem
-
-# CACERT: Name of file containing switch CA certificate.
-# Required if SSL enabled.
-CACERT=/etc/openvswitch-controller/cacert.pem
-
-# Additional options to pass to controller, e.g. "--hub"
-DAEMON_OPTS=""
+++ /dev/null
-etc/openvswitch-controller
+++ /dev/null
-#!/bin/sh
-#
-# Copyright (c) 2011 Nicira, Inc.
-# Copyright (c) 2007, 2009 Javier Fernandez-Sanguino <jfs@debian.org>
-#
-# This is free software; you may redistribute it and/or modify
-# it under the terms of the GNU General Public License as
-# published by the Free Software Foundation; either version 2,
-# or (at your option) any later version.
-#
-# This is distributed in the hope that it will be useful, but
-# WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License with
-# the Debian operating system, in /usr/share/common-licenses/GPL; if
-# not, write to the Free Software Foundation, Inc., 59 Temple Place,
-# Suite 330, Boston, MA 02111-1307 USA
-#
-### BEGIN INIT INFO
-# Provides: openvswitch-controller
-# Required-Start: $network $local_fs $remote_fs
-# Required-Stop: $remote_fs
-# Should-Start: $named
-# Should-Stop:
-# Default-Start: 2 3 4 5
-# Default-Stop: 0 1 6
-# Short-Description: Open vSwitch controller
-# Description: The Open vSwitch controller enables OpenFlow switches that connect to it
-# to act as MAC-learning Ethernet switches.
-### END INIT INFO
-
-PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
-
-DAEMON=/usr/bin/ovs-controller # Introduce the server's location here
-NAME=ovs-controller # Introduce the short server's name here
-DESC=ovs-controller # Introduce a short description here
-LOGDIR=/var/log/openvswitch # Log directory to use
-
-PIDFILE=/var/run/openvswitch/$NAME.pid
-
-test -x $DAEMON || exit 0
-
-. /lib/lsb/init-functions
-
-# Default options, these can be overriden by the information
-# at /etc/default/openvswitch-controller
-DAEMON_OPTS="" # Additional options given to the server
-
-DODTIME=10 # Time to wait for the server to die, in seconds
- # If this value is set too low you might not
- # let some servers to die gracefully and
- # 'restart' will not work
-
-LOGFILE=$LOGDIR/$NAME.log # Server logfile
-#DAEMONUSER= # User to run the daemons as. If this value
- # is set start-stop-daemon will chuid the server
-
-# Include defaults if available
-default=/etc/default/openvswitch-controller
-if [ -f $default ] ; then
- . $default
-fi
-
-# Check that the user exists (if we set a user)
-# Does the user exist?
-if [ -n "$DAEMONUSER" ] ; then
- if getent passwd | grep -q "^$DAEMONUSER:"; then
- # Obtain the uid and gid
- DAEMONUID=`getent passwd |grep "^$DAEMONUSER:" | awk -F : '{print $3}'`
- DAEMONGID=`getent passwd |grep "^$DAEMONUSER:" | awk -F : '{print $4}'`
- else
- log_failure_msg "The user $DAEMONUSER, required to run $NAME does not exist."
- exit 1
- fi
-fi
-
-
-set -e
-
-running_pid() {
-# Check if a given process pid's cmdline matches a given name
- pid=$1
- name=$2
- [ -z "$pid" ] && return 1
- [ ! -d /proc/$pid ] && return 1
- cmd=`cat /proc/$pid/cmdline | tr "\000" "\n"|head -n 1 |cut -d : -f 1`
- # Is this the expected server
- [ "$cmd" != "$name" ] && return 1
- return 0
-}
-
-running() {
-# Check if the process is running looking at /proc
-# (works for all users)
-
- # No pidfile, probably no daemon present
- [ ! -f "$PIDFILE" ] && return 1
- pid=`cat $PIDFILE`
- running_pid $pid $DAEMON || return 1
- return 0
-}
-
-start_server() {
- if [ -z "$LISTEN" ]; then
- echo "$default: No connection methods configured, controller disabled" >&2
- exit 0
- fi
-
- if [ ! -d /var/run/openvswitch ]; then
- install -d -m 755 -o root -g root /var/run/openvswitch
- fi
-
- SSL_OPTS=
- case $LISTEN in
- *ssl*)
- : ${PRIVKEY:=/etc/openvswitch-controller/privkey.pem}
- : ${CERT:=/etc/openvswitch-controller/cert.pem}
- : ${CACERT:=/etc/openvswitch-controller/cacert.pem}
- if test ! -e "$PRIVKEY" || test ! -e "$CERT" ||
- test ! -e "$CACERT"; then
- if test ! -e "$PRIVKEY"; then
- echo "$PRIVKEY: private key missing" >&2
- fi
- if test ! -e "$CERT"; then
- echo "$CERT: certificate for private key missing" >&2
- fi
- if test ! -e "$CACERT"; then
- echo "$CACERT: CA certificate missing" >&2
- fi
- exit 1
- fi
- SSL_OPTS="--private-key=$PRIVKEY --certificate=$CERT --ca-cert=$CACERT"
- ;;
- esac
-
-# Start the process using the wrapper
- if [ -z "$DAEMONUSER" ] ; then
- start-stop-daemon --start --pidfile $PIDFILE \
- --exec $DAEMON -- --detach --pidfile=$PIDFILE \
- $LISTEN $DAEMON_OPTS $SSL_OPTS
- errcode=$?
- else
-# if we are using a daemonuser then change the user id
- start-stop-daemon --start --quiet --pidfile $PIDFILE \
- --chuid $DAEMONUSER --exec $DAEMON -- \
- --detach --pidfile=$PIDFILE $LISTEN $DAEMON_OPTS \
- $SSL_OPTS
- errcode=$?
- fi
- return $errcode
-}
-
-stop_server() {
-# Stop the process using the wrapper
- if [ -z "$DAEMONUSER" ] ; then
- start-stop-daemon --stop --quiet --pidfile $PIDFILE \
- --exec $DAEMON
- errcode=$?
- else
-# if we are using a daemonuser then look for process that match
- start-stop-daemon --stop --quiet --pidfile $PIDFILE \
- --user $DAEMONUSER --exec $DAEMON
- errcode=$?
- fi
-
- return $errcode
-}
-
-reload_server() {
- [ ! -f "$PIDFILE" ] && return 1
- pid=`cat $PIDFILE` # This is the daemon's pid
- # Send a SIGHUP
- kill -1 $pid
- return $?
-}
-
-force_stop() {
-# Force the process to die killing it manually
- [ ! -e "$PIDFILE" ] && return
- if running ; then
- kill -15 $pid
- # Is it really dead?
- sleep "$DODTIME"
- if running ; then
- kill -9 $pid
- sleep "$DODTIME"
- if running ; then
- echo "Cannot kill $NAME (pid=$pid)!"
- exit 1
- fi
- fi
- fi
- rm -f $PIDFILE
-}
-
-
-case "$1" in
- start)
- log_daemon_msg "Starting $DESC " "$NAME"
- # Check if it's running first
- if running ; then
- log_progress_msg "apparently already running"
- log_end_msg 0
- exit 0
- fi
- if start_server && running ; then
- # It's ok, the server started and is running
- log_end_msg 0
- else
- # Either we could not start it or it is not running
- # after we did
- # NOTE: Some servers might die some time after they start,
- # this code does not try to detect this and might give
- # a false positive (use 'status' for that)
- log_end_msg 1
- fi
- ;;
- stop)
- log_daemon_msg "Stopping $DESC" "$NAME"
- if running ; then
- # Only stop the server if we see it running
- stop_server
- log_end_msg $?
- else
- # If it's not running don't do anything
- log_progress_msg "apparently not running"
- log_end_msg 0
- exit 0
- fi
- ;;
- force-stop)
- # First try to stop gracefully the program
- $0 stop
- if running; then
- # If it's still running try to kill it more forcefully
- log_daemon_msg "Stopping (force) $DESC" "$NAME"
- force_stop
- log_end_msg $?
- fi
- ;;
- restart|force-reload)
- log_daemon_msg "Restarting $DESC" "$NAME"
- if running; then
- stop_server
- # Wait some sensible amount, some server need this.
- [ -n "$DODTIME" ] && sleep $DODTIME
- fi
- start_server
- running
- log_end_msg $?
- ;;
- status)
-
- log_daemon_msg "Checking status of $DESC" "$NAME"
- if running ; then
- log_progress_msg "running"
- log_end_msg 0
- else
- log_progress_msg "apparently not running"
- log_end_msg 1
- exit 1
- fi
- ;;
- # Use this if the daemon cannot reload
- reload)
- log_warning_msg "Reloading $NAME daemon: not implemented, as the daemon"
- log_warning_msg "cannot re-read the config file (use restart)."
- ;;
- *)
- N=/etc/init.d/openvswitch-controller
- echo "Usage: $N {start|stop|force-stop|restart|force-reload|status}" >&2
- exit 1
- ;;
-esac
-
-exit 0
+++ /dev/null
-usr/bin/ovs-controller
+++ /dev/null
-_debian/utilities/ovs-controller.8
+++ /dev/null
-#!/bin/sh
-# postinst script for openvswitch-controller
-#
-# see: dh_installdeb(1)
-
-set -e
-
-# summary of how this script can be called:
-# * <postinst> `configure' <most-recently-configured-version>
-# * <old-postinst> `abort-upgrade' <new version>
-# * <conflictor's-postinst> `abort-remove' `in-favour' <package>
-# <new-version>
-# * <postinst> `abort-remove'
-# * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
-# <failed-install-package> <version> `removing'
-# <conflicting-package> <version>
-# for details, see http://www.debian.org/doc/debian-policy/ or
-# the debian-policy package
-
-
-case "$1" in
- configure)
- cd /etc/openvswitch-controller
-
- # If cacert.pem is a symlink to the old location for cacert.pem,
- # remove it so that we can symlink it to the new location.
- if test -h cacert.pem && \
- test X"`readlink cacert.pem`" = X/usr/share/openvswitch/pki/switchca/cacert.pem; then
- rm -f cacert.pem
- fi
-
- if ! test -e cacert.pem; then
- ln -s /var/lib/openvswitch/pki/switchca/cacert.pem cacert.pem
- fi
- if ! test -e privkey.pem || ! test -e cert.pem; then
- oldumask=$(umask)
- umask 077
- ovs-pki req+sign tmp controller >/dev/null
- mv tmp-privkey.pem privkey.pem
- mv tmp-cert.pem cert.pem
- mv tmp-req.pem req.pem
- chmod go+r cert.pem req.pem
- umask $oldumask
- fi
- ;;
-
- abort-upgrade|abort-remove|abort-deconfigure)
- ;;
-
- *)
- echo "postinst called with unknown argument \`$1'" >&2
- exit 1
- ;;
-esac
-
-#DEBHELPER#
-
-exit 0
-
-
+++ /dev/null
-#!/bin/sh
-# postrm script for openvswitch-controller
-#
-# see: dh_installdeb(1)
-
-set -e
-
-# summary of how this script can be called:
-# * <postrm> `remove'
-# * <postrm> `purge'
-# * <old-postrm> `upgrade' <new-version>
-# * <new-postrm> `failed-upgrade' <old-version>
-# * <new-postrm> `abort-install'
-# * <new-postrm> `abort-install' <old-version>
-# * <new-postrm> `abort-upgrade' <old-version>
-# * <disappearer's-postrm> `disappear' <overwriter>
-# <overwriter-version>
-# for details, see http://www.debian.org/doc/debian-policy/ or
-# the debian-policy package
-
-
-case "$1" in
- purge)
- if cd /etc/openvswitch-controller; then
- rm -f cacert.pem cert.pem privkey.pem req.pem
- rm -f tmp-privkey.pem tmp-cert.pem tmp-req.pem
- fi
- ;;
-
- remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
- ;;
-
- *)
- echo "postrm called with unknown argument \`$1'" >&2
- exit 1
- ;;
-esac
-
-# dh_installdeb will replace this with shell code automatically
-# generated by other debhelper scripts.
-
-#DEBHELPER#
-
-exit 0
.IP
This option is only useful if the SSL peer sends its CA certificate as
part of the SSL certificate chain. The SSL protocol does not require
-the server to send the CA certificate, but
-\fB\*(SN\fR(8) can be configured to do so with the
-\fB\-\-peer\-ca\-cert\fR option.
+the server to send the CA certificate.
.IP
This option is mutually exclusive with \fB\-C\fR and
\fB\-\-ca\-cert\fR.
lib/vlog-syn.man:
lib/vlog.man:
-utilities/bugtool/ovs-bugtool.8: \
- utilities/bugtool/ovs-bugtool.8.in
-utilities/bugtool/ovs-bugtool.8.in:
-
-utilities/ovs-appctl.8: \
- utilities/ovs-appctl.8.in \
- lib/common.man
-utilities/ovs-appctl.8.in:
-lib/common.man:
-
-utilities/ovs-benchmark.1: \
- utilities/ovs-benchmark.1.in \
- lib/ovs.tmac
-utilities/ovs-benchmark.1.in:
-lib/ovs.tmac:
-
-utilities/ovs-controller.8: \
- utilities/ovs-controller.8.in \
+tests/test-controller.8: \
+ tests/test-controller.8.in \
lib/common.man \
lib/daemon.man \
lib/ssl-peer-ca-cert.man \
lib/vconn-active.man \
lib/vconn-passive.man \
lib/vlog.man
-utilities/ovs-controller.8.in:
+tests/test-controller.8.in:
lib/common.man:
lib/daemon.man:
lib/ssl-peer-ca-cert.man:
lib/vconn-passive.man:
lib/vlog.man:
+utilities/bugtool/ovs-bugtool.8: \
+ utilities/bugtool/ovs-bugtool.8.in
+utilities/bugtool/ovs-bugtool.8.in:
+
+utilities/ovs-appctl.8: \
+ utilities/ovs-appctl.8.in \
+ lib/common.man
+utilities/ovs-appctl.8.in:
+lib/common.man:
+
+utilities/ovs-benchmark.1: \
+ utilities/ovs-benchmark.1.in \
+ lib/ovs.tmac
+utilities/ovs-benchmark.1.in:
+lib/ovs.tmac:
+
utilities/ovs-dpctl-top.8: \
utilities/ovs-dpctl-top.8.in
utilities/ovs-dpctl-top.8.in:
.TH ovsdb\-client 1 "@VERSION@" "Open vSwitch" "Open vSwitch Manual"
.\" This program's name:
.ds PN ovsdb\-client
-.\" SSL peer program's name:
-.ds SN ovsdb\-server
.
.SH NAME
ovsdb\-client \- command-line interface to \fBovsdb-server\fR(1)
.TH ovsdb\-server 1 "@VERSION@" "Open vSwitch" "Open vSwitch Manual"
.\" This program's name:
.ds PN ovsdb\-server
-.\" SSL peer program's name:
-.ds SN ovsdb\-client
.
.SH NAME
ovsdb\-server \- Open vSwitch database server
/usr/bin/ovs-vsctl
/usr/bin/ovsdb-client
/usr/bin/ovsdb-tool
-/usr/bin/ovs-controller
/usr/bin/ovs-pki
/usr/bin/ovs-test
/usr/bin/ovs-l3ping
/usr/bin/vtep-ctl
-%doc /usr/share/man/man8/ovs-controller.8.gz
%doc /usr/share/man/man8/ovs-pki.8.gz
%doc /usr/share/man/man1/ovsdb-client.1.gz
%doc /usr/share/man/man1/ovsdb-server.1.gz
# Get rid of stuff we don't want to make RPM happy.
rm \
- $RPM_BUILD_ROOT/usr/bin/ovs-controller \
- $RPM_BUILD_ROOT/usr/share/man/man8/ovs-controller.8 \
$RPM_BUILD_ROOT/usr/bin/ovs-test \
$RPM_BUILD_ROOT/usr/bin/ovs-l3ping \
$RPM_BUILD_ROOT/usr/share/man/man8/ovs-test.8 \
/test-bundle
/test-byte-order
/test-classifier
+/test-controller.8
+/test-controller
/test-csum
/test-file_name
/test-flows
tests_test_classifier_SOURCES = tests/test-classifier.c
tests_test_classifier_LDADD = lib/libopenvswitch.a $(SSL_LIBS)
+noinst_PROGRAMS += tests/test-controller
+MAN_ROOTS += tests/test-controller.8.in
+DISTCLEANFILES += utilities/test-controller.8
+noinst_man_MANS += tests/test-controller.8
+tests_test_controller_SOURCES = tests/test-controller.c
+tests_test_controller_LDADD = lib/libopenvswitch.a $(SSL_LIBS)
+
noinst_PROGRAMS += tests/test-csum
tests_test_csum_SOURCES = tests/test-csum.c
tests_test_csum_LDADD = lib/libopenvswitch.a $(SSL_LIBS)
--- /dev/null
+ .\" -*- nroff -*-
+.de IQ
+. br
+. ns
+. IP "\\$1"
+..
+.TH test\-controller 8 "@VERSION@" "Open vSwitch" "Open vSwitch Manual"
+.ds PN test\-controller
+.
+.SH NAME
+test\-controller \- simple OpenFlow controller for testing
+.
+.SH SYNOPSIS
+.B test\-controller
+[\fIoptions\fR] \fImethod\fR \fB[\fImethod\fR]\&...
+.
+.SH DESCRIPTION
+.PP
+\fBtest\-controller\fR is a simple OpenFlow controller. It is very
+easy to set up, so it may be suitable for initial testing of
+connectivity between an OpenFlow switch and a controller. It may also
+be useful for developer testing and debugging of some Open vSwitch
+features.
+.PP
+\fBtest\-controller\fR is not a general-purpose OpenFlow controller.
+It does not make sense to deploy it routinely or in production.
+\fBtest\-controller\fR does not provide any features that are not
+built into Open vSwitch, and lacks many that are built in to Open
+vSwitch, so adding it to an Open vSwitch deployment actually reduces
+functionality and performance while increasing latency.
+.PP
+\fBtest\-controller\fR manages any number of remote switches over
+OpenFlow protocol, causing them to function as L2 MAC-learning
+switches or hub. The switches it controls are specified as one or
+more of the following OpenFlow connection methods:
+.
+.RS
+.so lib/vconn-passive.man
+.so lib/vconn-active.man
+.RE
+.
+.SH OPTIONS
+.IP "\fB\-n\fR"
+.IQ "\fB\-\-noflow\fR"
+By default, \fBtest\-controller\fR sets up a flow in each OpenFlow switch
+whenever it receives a packet whose destination is known due through
+MAC learning. This option disables flow setup, so that every packet
+in the network passes through the controller.
+.IP
+This option is most useful for debugging. It reduces switching
+performance, so it should not be used in production.
+.
+.TP
+\fB\-\-max\-idle=\fIsecs\fR|\fBpermanent\fR
+Sets \fIsecs\fR as the number of seconds that a flow set up by the
+controller will remain in the switch's flow table without any matching
+packets being seen. If \fBpermanent\fR is specified, which is not
+recommended, flows will never expire. The default is 60 seconds.
+.IP
+This option has no effect when \fB\-n\fR (or \fB\-\-noflow\fR) is in use
+(because the controller does not set up flows in that case).
+.
+.IP "\fB\-H\fR"
+.IQ "\fB\-\-hub\fR"
+By default, the controller acts as an L2 MAC-learning switch. This
+option changes its behavior to that of a hub that floods packets on
+all but the incoming port.
+.IP
+If \fB\-H\fR (or \fB\-\-hub\fR) and \fB\-n\fR (or \fB\-\-noflow\fR) are used
+together, then the cumulative effect is that every packet passes
+through the controller and every packet is flooded.
+.IP
+This option is most useful for debugging. It reduces switching
+performance, so it should not be used in production.
+.
+.IP "\fB\-w\fR[\fIwildcard_mask\fR]"
+.IQ "\fB\-\-wildcards\fR[\fB=\fIwildcard_mask\fR]\fR"
+By default, \fBtest\-controller\fR sets up exact-match flows. This
+option allows it to set up wildcarded flows, which may reduce
+flow setup latency by causing less traffic to be sent up to the
+controller.
+.IP
+The optional \fIwildcard_mask\fR is an OpenFlow wildcard bitmask in
+hexadecimal that specifies the fields to wildcard. If no
+\fIwildcard_mask\fR is specified, the default value 0x2820F0 is used
+which specifies L2-only switching and wildcards L3 and L4 fields.
+Another interesting value is 0x2000EC, which specifies L3-only
+switching and wildcards L2 and L4 fields.
+.IP
+This option has no effect when \fB\-n\fR (or \fB\-\-noflow\fR) is in use
+(because the controller does not set up flows in that case).
+.
+.IP "\fB\-N\fR"
+.IQ "\fB\-\-normal\fR"
+By default, \fBtest\-controller\fR directs packets to a particular port
+or floods them. This option causes it to direct non-flooded packets
+to the OpenFlow \fBOFPP_NORMAL\fR port. This allows the switch itself
+to make decisions about packet destinations. Support for
+\fBOFPP_NORMAL\fR is optional in OpenFlow, so this option may not well
+with some non-Open vSwitch switches.
+.
+.IP "\fB\-\-mute\fR"
+Prevents test\-controller from replying to any OpenFlow messages sent
+to it by switches.
+.IP
+This option is only for debugging the Open vSwitch implementation of
+``fail open'' mode. It must not be used in production.
+.
+.IP "\fB\-q \fIid\fR"
+.IQ "\fB\-\-queue=\fIid\fR"
+By default, \fBtest\-controller\fR uses the default OpenFlow queue for
+sending packets and setting up flows. Use one of these options,
+supplying \fIid\fR as an OpenFlow queue ID as a decimal number, to
+instead use that specific queue.
+.IP
+This option is incompatible with \fB\-N\fR or \fB\-\-normal\fR and
+with \fB\-H\fR or \fB\-\-hub\fR. If more than one is specified then
+this option takes precedence.
+.IP
+This option may be useful for testing or debugging quality of service
+setups.
+.
+.IP "\fB\-Q \fIport-name\fB:\fIqueue-id\fR"
+.IP "\fB\-\-port\-queue \fIport-name\fB:\fIqueue-id\fR"
+Configures packets received on the port named \fIport-name\fR
+(e.g. \fBeth0\fR) to be output on OpenFlow queue ID \fIqueue-id\fR
+(specified as a decimal number). For the specified port, this option
+overrides the default specified on \fB\-q\fR or \fB\-\-queue\fR.
+.IP
+This option may be specified any number of times with different
+\fIport-name\fR arguments.
+.IP
+This option is incompatible with \fB\-N\fR or \fB\-\-normal\fR and
+with \fB\-H\fR or \fB\-\-hub\fR. If more than one is specified then
+this option takes precedence.
+.IP
+This option may be useful for testing or debugging quality of service
+setups.
+.
+.IP "\fB\-\-with\-flows \fIfile\fR"
+When a switch connects, push the flow entries as described in
+\fIfile\fR. Each line in \fIfile\fR is a flow entry in the format
+described for the \fBadd\-flows\fR command in the \fBFlow Syntax\fR
+section of the \fBovs\-ofctl\fR(8) man page.
+.IP
+Use this option more than once to add flows from multiple files.
+.
+.SS "Public Key Infrastructure Options"
+.so lib/ssl.man
+.so lib/ssl-peer-ca-cert.man
+.ds DD
+.so lib/daemon.man
+.so lib/vlog.man
+.so lib/unixctl.man
+.so lib/common.man
+.so so lib/ofp-version.man
+.
+.SH EXAMPLES
+.PP
+To bind locally to port 6633 (the default) and wait for incoming
+connections from OpenFlow switches:
+.IP
+\fB% test\-controller ptcp:\fR
+.PP
+In the future, the default port number will change to 6653, which is the
+IANA-defined value.
+.SH "BUGS"
+.PP
+Configuring a Citrix XenServer to connect to a particular controller
+only points the remote OVSDB management connection to that controller.
+It does not also configure OpenFlow connections, because the manager
+is expected to do that over the management protocol.
+\fBtest\-controller\fR is not an Open vSwitch manager and does not know
+how to do that.
+.PP
+As a stopgap workaround, \fBovs\-vsctl\fR can wait for an OVSDB
+connection and set the controller, e.g.:
+.IP
+\fB% ovs\-vsctl \-t0 \-\-db=pssl: \-\-certificate=cert.pem
+\-\-ca\-cert=none \-\-private\-key=privkey.pem
+\-\-peer\-ca\-cert=cacert.pem set\-controller ssl:\fIip\fR
+.SH "SEE ALSO"
+.
+.BR ovs\-appctl (8),
+.BR ovs\-ofctl (8),
+.BR ovs\-dpctl (8)
--- /dev/null
+/*
+ * Copyright (c) 2008, 2009, 2010, 2011, 2012, 2013 Nicira, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <config.h>
+
+#include <errno.h>
+#include <getopt.h>
+#include <limits.h>
+#include <signal.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+
+#include "command-line.h"
+#include "compiler.h"
+#include "daemon.h"
+#include "learning-switch.h"
+#include "ofp-parse.h"
+#include "ofp-version-opt.h"
+#include "ofpbuf.h"
+#include "openflow/openflow.h"
+#include "poll-loop.h"
+#include "rconn.h"
+#include "simap.h"
+#include "stream-ssl.h"
+#include "timeval.h"
+#include "unixctl.h"
+#include "util.h"
+#include "vconn.h"
+#include "vlog.h"
+#include "socket-util.h"
+#include "ofp-util.h"
+
+VLOG_DEFINE_THIS_MODULE(controller);
+
+#define MAX_SWITCHES 16
+#define MAX_LISTENERS 16
+
+struct switch_ {
+ struct lswitch *lswitch;
+};
+
+/* -H, --hub: Learn the ports on which MAC addresses appear? */
+static bool learn_macs = true;
+
+/* -n, --noflow: Set up flows? (If not, every packet is processed at the
+ * controller.) */
+static bool set_up_flows = true;
+
+/* -N, --normal: Use "NORMAL" action instead of explicit port? */
+static bool action_normal = false;
+
+/* -w, --wildcard: 0 to disable wildcard flow entries, an OFPFW10_* bitmask to
+ * enable specific wildcards, or UINT32_MAX to use the default wildcards. */
+static uint32_t wildcards = 0;
+
+/* --max-idle: Maximum idle time, in seconds, before flows expire. */
+static int max_idle = 60;
+
+/* --mute: If true, accept connections from switches but do not reply to any
+ * of their messages (for debugging fail-open mode). */
+static bool mute = false;
+
+/* -q, --queue: default OpenFlow queue, none if UINT32_MAX. */
+static uint32_t default_queue = UINT32_MAX;
+
+/* -Q, --port-queue: map from port name to port number. */
+static struct simap port_queues = SIMAP_INITIALIZER(&port_queues);
+
+/* --with-flows: Flows to send to switch. */
+static struct ofputil_flow_mod *default_flows;
+static size_t n_default_flows;
+static enum ofputil_protocol usable_protocols;
+
+/* --unixctl: Name of unixctl socket, or null to use the default. */
+static char *unixctl_path = NULL;
+
+static void new_switch(struct switch_ *, struct vconn *);
+static void parse_options(int argc, char *argv[]);
+static void usage(void) NO_RETURN;
+
+int
+main(int argc, char *argv[])
+{
+ struct unixctl_server *unixctl;
+ struct switch_ switches[MAX_SWITCHES];
+ struct pvconn *listeners[MAX_LISTENERS];
+ int n_switches, n_listeners;
+ int retval;
+ int i;
+
+ proctitle_init(argc, argv);
+ set_program_name(argv[0]);
+ parse_options(argc, argv);
+ signal(SIGPIPE, SIG_IGN);
+
+ if (argc - optind < 1) {
+ ovs_fatal(0, "at least one vconn argument required; "
+ "use --help for usage");
+ }
+
+ n_switches = n_listeners = 0;
+ for (i = optind; i < argc; i++) {
+ const char *name = argv[i];
+ struct vconn *vconn;
+
+ retval = vconn_open(name, get_allowed_ofp_versions(), DSCP_DEFAULT,
+ &vconn);
+ if (!retval) {
+ if (n_switches >= MAX_SWITCHES) {
+ ovs_fatal(0, "max %d switch connections", n_switches);
+ }
+ new_switch(&switches[n_switches++], vconn);
+ continue;
+ } else if (retval == EAFNOSUPPORT) {
+ struct pvconn *pvconn;
+ retval = pvconn_open(name, get_allowed_ofp_versions(),
+ DSCP_DEFAULT, &pvconn);
+ if (!retval) {
+ if (n_listeners >= MAX_LISTENERS) {
+ ovs_fatal(0, "max %d passive connections", n_listeners);
+ }
+ listeners[n_listeners++] = pvconn;
+ }
+ }
+ if (retval) {
+ VLOG_ERR("%s: connect: %s", name, ovs_strerror(retval));
+ }
+ }
+ if (n_switches == 0 && n_listeners == 0) {
+ ovs_fatal(0, "no active or passive switch connections");
+ }
+
+ daemonize_start();
+
+ retval = unixctl_server_create(unixctl_path, &unixctl);
+ if (retval) {
+ exit(EXIT_FAILURE);
+ }
+
+ daemonize_complete();
+
+ while (n_switches > 0 || n_listeners > 0) {
+ /* Accept connections on listening vconns. */
+ for (i = 0; i < n_listeners && n_switches < MAX_SWITCHES; ) {
+ struct vconn *new_vconn;
+
+ retval = pvconn_accept(listeners[i], &new_vconn);
+ if (!retval || retval == EAGAIN) {
+ if (!retval) {
+ new_switch(&switches[n_switches++], new_vconn);
+ }
+ i++;
+ } else {
+ pvconn_close(listeners[i]);
+ listeners[i] = listeners[--n_listeners];
+ }
+ }
+
+ /* Do some switching work. . */
+ for (i = 0; i < n_switches; ) {
+ struct switch_ *this = &switches[i];
+ lswitch_run(this->lswitch);
+ if (lswitch_is_alive(this->lswitch)) {
+ i++;
+ } else {
+ lswitch_destroy(this->lswitch);
+ switches[i] = switches[--n_switches];
+ }
+ }
+
+ unixctl_server_run(unixctl);
+
+ /* Wait for something to happen. */
+ if (n_switches < MAX_SWITCHES) {
+ for (i = 0; i < n_listeners; i++) {
+ pvconn_wait(listeners[i]);
+ }
+ }
+ for (i = 0; i < n_switches; i++) {
+ struct switch_ *sw = &switches[i];
+ lswitch_wait(sw->lswitch);
+ }
+ unixctl_server_wait(unixctl);
+ poll_block();
+ }
+
+ return 0;
+}
+
+static void
+new_switch(struct switch_ *sw, struct vconn *vconn)
+{
+ struct lswitch_config cfg;
+ struct rconn *rconn;
+
+ rconn = rconn_create(60, 0, DSCP_DEFAULT, get_allowed_ofp_versions());
+ rconn_connect_unreliably(rconn, vconn, NULL);
+
+ cfg.mode = (action_normal ? LSW_NORMAL
+ : learn_macs ? LSW_LEARN
+ : LSW_FLOOD);
+ cfg.wildcards = wildcards;
+ cfg.max_idle = set_up_flows ? max_idle : -1;
+ cfg.default_flows = default_flows;
+ cfg.n_default_flows = n_default_flows;
+ cfg.usable_protocols = usable_protocols;
+ cfg.default_queue = default_queue;
+ cfg.port_queues = &port_queues;
+ cfg.mute = mute;
+ sw->lswitch = lswitch_create(rconn, &cfg);
+}
+
+static void
+add_port_queue(char *s)
+{
+ char *save_ptr = NULL;
+ char *port_name;
+ char *queue_id;
+
+ port_name = strtok_r(s, ":", &save_ptr);
+ queue_id = strtok_r(NULL, "", &save_ptr);
+ if (!queue_id) {
+ ovs_fatal(0, "argument to -Q or --port-queue should take the form "
+ "\"<port-name>:<queue-id>\"");
+ }
+
+ if (!simap_put(&port_queues, port_name, atoi(queue_id))) {
+ ovs_fatal(0, "<port-name> arguments for -Q or --port-queue must "
+ "be unique");
+ }
+}
+
+static void
+parse_options(int argc, char *argv[])
+{
+ enum {
+ OPT_MAX_IDLE = UCHAR_MAX + 1,
+ OPT_PEER_CA_CERT,
+ OPT_MUTE,
+ OPT_WITH_FLOWS,
+ OPT_UNIXCTL,
+ VLOG_OPTION_ENUMS,
+ DAEMON_OPTION_ENUMS,
+ OFP_VERSION_OPTION_ENUMS
+ };
+ static const struct option long_options[] = {
+ {"hub", no_argument, NULL, 'H'},
+ {"noflow", no_argument, NULL, 'n'},
+ {"normal", no_argument, NULL, 'N'},
+ {"wildcards", optional_argument, NULL, 'w'},
+ {"max-idle", required_argument, NULL, OPT_MAX_IDLE},
+ {"mute", no_argument, NULL, OPT_MUTE},
+ {"queue", required_argument, NULL, 'q'},
+ {"port-queue", required_argument, NULL, 'Q'},
+ {"with-flows", required_argument, NULL, OPT_WITH_FLOWS},
+ {"unixctl", required_argument, NULL, OPT_UNIXCTL},
+ {"help", no_argument, NULL, 'h'},
+ DAEMON_LONG_OPTIONS,
+ OFP_VERSION_LONG_OPTIONS,
+ VLOG_LONG_OPTIONS,
+ STREAM_SSL_LONG_OPTIONS,
+ {"peer-ca-cert", required_argument, NULL, OPT_PEER_CA_CERT},
+ {NULL, 0, NULL, 0},
+ };
+ char *short_options = long_options_to_short_options(long_options);
+
+ for (;;) {
+ int indexptr;
+ char *error;
+ int c;
+
+ c = getopt_long(argc, argv, short_options, long_options, &indexptr);
+ if (c == -1) {
+ break;
+ }
+
+ switch (c) {
+ case 'H':
+ learn_macs = false;
+ break;
+
+ case 'n':
+ set_up_flows = false;
+ break;
+
+ case OPT_MUTE:
+ mute = true;
+ break;
+
+ case 'N':
+ action_normal = true;
+ break;
+
+ case 'w':
+ wildcards = optarg ? strtol(optarg, NULL, 16) : UINT32_MAX;
+ break;
+
+ case OPT_MAX_IDLE:
+ if (!strcmp(optarg, "permanent")) {
+ max_idle = OFP_FLOW_PERMANENT;
+ } else {
+ max_idle = atoi(optarg);
+ if (max_idle < 1 || max_idle > 65535) {
+ ovs_fatal(0, "--max-idle argument must be between 1 and "
+ "65535 or the word 'permanent'");
+ }
+ }
+ break;
+
+ case 'q':
+ default_queue = atoi(optarg);
+ break;
+
+ case 'Q':
+ add_port_queue(optarg);
+ break;
+
+ case OPT_WITH_FLOWS:
+ error = parse_ofp_flow_mod_file(optarg, OFPFC_ADD, &default_flows,
+ &n_default_flows,
+ &usable_protocols, false);
+ if (error) {
+ ovs_fatal(0, "%s", error);
+ }
+ break;
+
+ case OPT_UNIXCTL:
+ unixctl_path = optarg;
+ break;
+
+ case 'h':
+ usage();
+
+ VLOG_OPTION_HANDLERS
+ OFP_VERSION_OPTION_HANDLERS
+ DAEMON_OPTION_HANDLERS
+
+ STREAM_SSL_OPTION_HANDLERS
+
+ case OPT_PEER_CA_CERT:
+ stream_ssl_set_peer_ca_cert_file(optarg);
+ break;
+
+ case '?':
+ exit(EXIT_FAILURE);
+
+ default:
+ abort();
+ }
+ }
+ free(short_options);
+
+ if (!simap_is_empty(&port_queues) || default_queue != UINT32_MAX) {
+ if (action_normal) {
+ ovs_error(0, "queue IDs are incompatible with -N or --normal; "
+ "not using OFPP_NORMAL");
+ action_normal = false;
+ }
+
+ if (!learn_macs) {
+ ovs_error(0, "queue IDs are incompatible with -H or --hub; "
+ "not acting as hub");
+ learn_macs = true;
+ }
+ }
+}
+
+static void
+usage(void)
+{
+ printf("%s: OpenFlow controller\n"
+ "usage: %s [OPTIONS] METHOD\n"
+ "where METHOD is any OpenFlow connection method.\n",
+ program_name, program_name);
+ vconn_usage(true, true, false);
+ daemon_usage();
+ ofp_version_usage();
+ vlog_usage();
+ printf("\nOther options:\n"
+ " -H, --hub act as hub instead of learning switch\n"
+ " -n, --noflow pass traffic, but don't add flows\n"
+ " --max-idle=SECS max idle time for new flows\n"
+ " -N, --normal use OFPP_NORMAL action\n"
+ " -w, --wildcards[=MASK] wildcard (specified) bits in flows\n"
+ " -q, --queue=QUEUE-ID OpenFlow queue ID to use for output\n"
+ " -Q PORT-NAME:QUEUE-ID use QUEUE-ID for frames from PORT-NAME\n"
+ " --with-flows FILE use the flows from FILE\n"
+ " --unixctl=SOCKET override default control socket name\n"
+ " -h, --help display this help message\n"
+ " -V, --version display version information\n");
+ exit(EXIT_SUCCESS);
+}
/ovs-cfg-mod
/ovs-cfg-mod.8
/ovs-check-dead-ifs
-/ovs-controller
-/ovs-controller.8
/ovs-ctl
/ovs-dpctl
/ovs-dpctl.8
bin_PROGRAMS += \
utilities/ovs-appctl \
- utilities/ovs-controller \
utilities/ovs-dpctl \
utilities/ovs-ofctl \
utilities/ovs-vsctl
MAN_ROOTS += \
utilities/ovs-appctl.8.in \
utilities/ovs-benchmark.1.in \
- utilities/ovs-controller.8.in \
utilities/ovs-ctl.8 \
utilities/ovs-dpctl.8.in \
utilities/ovs-dpctl-top.8.in \
utilities/ovs-ctl \
utilities/ovs-benchmark.1 \
utilities/ovs-check-dead-ifs \
- utilities/ovs-controller.8 \
utilities/ovs-dpctl.8 \
utilities/ovs-dpctl-top \
utilities/ovs-dpctl-top.8 \
man_MANS += \
utilities/ovs-appctl.8 \
utilities/ovs-benchmark.1 \
- utilities/ovs-controller.8 \
utilities/ovs-dpctl.8 \
utilities/ovs-dpctl-top.8 \
utilities/ovs-l3ping.8 \
utilities_ovs_appctl_SOURCES = utilities/ovs-appctl.c
utilities_ovs_appctl_LDADD = lib/libopenvswitch.a $(SSL_LIBS)
-utilities_ovs_controller_SOURCES = utilities/ovs-controller.c
-utilities_ovs_controller_LDADD = lib/libopenvswitch.a $(SSL_LIBS)
-
utilities_ovs_dpctl_SOURCES = utilities/ovs-dpctl.c
utilities_ovs_dpctl_LDADD = lib/libopenvswitch.a $(SSL_LIBS)
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
# Copyright (c) 2005, 2007 XenSource Ltd.
-# Copyright (c) 2010, 2011, 2012 Nicira, Inc.
+# Copyright (c) 2010, 2011, 2012, 2013 Nicira, Inc.
#
# To add new entries to the bugtool, you need to:
OPENVSWITCH_LOG_DIR = '@LOGDIR@/'
OPENVSWITCH_DEFAULT_SWITCH = '/etc/default/openvswitch-switch' # Debian
OPENVSWITCH_SYSCONFIG_SWITCH = '/etc/sysconfig/openvswitch' # RHEL
-OPENVSWITCH_DEFAULT_CONTROLLER = '/etc/default/openvswitch-controller'
OPENVSWITCH_CONF_DB = '@DBDIR@/conf.db'
OPENVSWITCH_COMPACT_DB = '@DBDIR@/bugtool-compact-conf.db'
OPENVSWITCH_VSWITCHD_PID = '@RUNDIR@/ovs-vswitchd.pid'
+++ /dev/null
-.\" -*- nroff -*-
-.de IQ
-. br
-. ns
-. IP "\\$1"
-..
-.TH ovs\-controller 8 "@VERSION@" "Open vSwitch" "Open vSwitch Manual"
-.ds PN ovs\-controller
-.
-.SH NAME
-ovs\-controller \- simple OpenFlow controller reference implementation
-.
-.SH SYNOPSIS
-.B ovs\-controller
-[\fIoptions\fR] \fImethod\fR \fB[\fImethod\fR]\&...
-.
-.SH DESCRIPTION
-\fBovs\-controller\fR manages any number of remote switches over OpenFlow
-protocol, causing them to function as L2 MAC-learning switches or hub.
-.PP
-\fBovs\-controller\fR controls one or more OpenFlow switches, specified as
-one or more of the following OpenFlow connection methods:
-.
-.RS
-.so lib/vconn-passive.man
-.so lib/vconn-active.man
-.RE
-.
-.SH OPTIONS
-.IP "\fB\-n\fR"
-.IQ "\fB\-\-noflow\fR"
-By default, \fBovs\-controller\fR sets up a flow in each OpenFlow switch
-whenever it receives a packet whose destination is known due through
-MAC learning. This option disables flow setup, so that every packet
-in the network passes through the controller.
-.IP
-This option is most useful for debugging. It reduces switching
-performance, so it should not be used in production.
-.
-.TP
-\fB\-\-max\-idle=\fIsecs\fR|\fBpermanent\fR
-Sets \fIsecs\fR as the number of seconds that a flow set up by the
-controller will remain in the switch's flow table without any matching
-packets being seen. If \fBpermanent\fR is specified, which is not
-recommended, flows will never expire. The default is 60 seconds.
-.IP
-This option has no effect when \fB\-n\fR (or \fB\-\-noflow\fR) is in use
-(because the controller does not set up flows in that case).
-.
-.IP "\fB\-H\fR"
-.IQ "\fB\-\-hub\fR"
-By default, the controller acts as an L2 MAC-learning switch. This
-option changes its behavior to that of a hub that floods packets on
-all but the incoming port.
-.IP
-If \fB\-H\fR (or \fB\-\-hub\fR) and \fB\-n\fR (or \fB\-\-noflow\fR) are used
-together, then the cumulative effect is that every packet passes
-through the controller and every packet is flooded.
-.IP
-This option is most useful for debugging. It reduces switching
-performance, so it should not be used in production.
-.
-.IP "\fB\-w\fR[\fIwildcard_mask\fR]"
-.IQ "\fB\-\-wildcards\fR[\fB=\fIwildcard_mask\fR]\fR"
-By default, \fBovs\-controller\fR sets up exact-match flows. This
-option allows it to set up wildcarded flows, which may reduce
-flow setup latency by causing less traffic to be sent up to the
-controller.
-.IP
-The optional \fIwildcard_mask\fR is an OpenFlow wildcard bitmask in
-hexadecimal that specifies the fields to wildcard. If no
-\fIwildcard_mask\fR is specified, the default value 0x2820F0 is used
-which specifies L2-only switching and wildcards L3 and L4 fields.
-Another interesting value is 0x2000EC, which specifies L3-only
-switching and wildcards L2 and L4 fields.
-.IP
-This option has no effect when \fB\-n\fR (or \fB\-\-noflow\fR) is in use
-(because the controller does not set up flows in that case).
-.
-.IP "\fB\-N\fR"
-.IQ "\fB\-\-normal\fR"
-By default, \fBovs\-controller\fR directs packets to a particular port
-or floods them. This option causes it to direct non-flooded packets
-to the OpenFlow \fBOFPP_NORMAL\fR port. This allows the switch itself
-to make decisions about packet destinations. Support for
-\fBOFPP_NORMAL\fR is optional in OpenFlow, so this option may not well
-with some non-Open vSwitch switches.
-.
-.IP "\fB\-\-mute\fR"
-Prevents ovs\-controller from replying to any OpenFlow messages sent
-to it by switches.
-.IP
-This option is only for debugging the Open vSwitch implementation of
-``fail open'' mode. It must not be used in production.
-.
-.IP "\fB\-q \fIid\fR"
-.IQ "\fB\-\-queue=\fIid\fR"
-By default, \fBovs\-controller\fR uses the default OpenFlow queue for
-sending packets and setting up flows. Use one of these options,
-supplying \fIid\fR as an OpenFlow queue ID as a decimal number, to
-instead use that specific queue.
-.IP
-This option is incompatible with \fB\-N\fR or \fB\-\-normal\fR and
-with \fB\-H\fR or \fB\-\-hub\fR. If more than one is specified then
-this option takes precedence.
-.IP
-This option may be useful for testing or debugging quality of service
-setups.
-.
-.IP "\fB\-Q \fIport-name\fB:\fIqueue-id\fR"
-.IP "\fB\-\-port\-queue \fIport-name\fB:\fIqueue-id\fR"
-Configures packets received on the port named \fIport-name\fR
-(e.g. \fBeth0\fR) to be output on OpenFlow queue ID \fIqueue-id\fR
-(specified as a decimal number). For the specified port, this option
-overrides the default specified on \fB\-q\fR or \fB\-\-queue\fR.
-.IP
-This option may be specified any number of times with different
-\fIport-name\fR arguments.
-.IP
-This option is incompatible with \fB\-N\fR or \fB\-\-normal\fR and
-with \fB\-H\fR or \fB\-\-hub\fR. If more than one is specified then
-this option takes precedence.
-.IP
-This option may be useful for testing or debugging quality of service
-setups.
-.
-.IP "\fB\-\-with\-flows \fIfile\fR"
-When a switch connects, push the flow entries as described in
-\fIfile\fR. Each line in \fIfile\fR is a flow entry in the format
-described for the \fBadd\-flows\fR command in the \fBFlow Syntax\fR
-section of the \fBovs\-ofctl\fR(8) man page.
-.IP
-Use this option more than once to add flows from multiple files.
-.
-.SS "Public Key Infrastructure Options"
-.so lib/ssl.man
-.so lib/ssl-peer-ca-cert.man
-.ds DD
-.so lib/daemon.man
-.so lib/vlog.man
-.so lib/unixctl.man
-.so lib/common.man
-.so so lib/ofp-version.man
-.
-.SH EXAMPLES
-.PP
-To bind locally to port 6633 (the default) and wait for incoming
-connections from OpenFlow switches:
-.IP
-\fB% ovs\-controller ptcp:\fR
-.PP
-In the future, the default port number will change to 6653, which is the
-IANA-defined value.
-.SH "BUGS"
-.PP
-Configuring a Citrix XenServer to connect to a particular controller
-only points the remote OVSDB management connection to that controller.
-It does not also configure OpenFlow connections, because the manager
-is expected to do that over the management protocol.
-\fBovs\-controller\fR is not an Open vSwitch manager and does not know
-how to do that.
-.PP
-As a stopgap workaround, \fBovs\-vsctl\fR can wait for an OVSDB
-connection and set the controller, e.g.:
-.IP
-\fB% ovs\-vsctl \-t0 \-\-db=pssl: \-\-certificate=cert.pem
-\-\-ca\-cert=none \-\-private\-key=privkey.pem
-\-\-peer\-ca\-cert=cacert.pem set\-controller ssl:\fIip\fR
-.SH "SEE ALSO"
-.
-.BR ovs\-appctl (8),
-.BR ovs\-ofctl (8),
-.BR ovs\-dpctl (8)
+++ /dev/null
-/*
- * Copyright (c) 2008, 2009, 2010, 2011, 2012, 2013 Nicira, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at:
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include <config.h>
-
-#include <errno.h>
-#include <getopt.h>
-#include <limits.h>
-#include <signal.h>
-#include <stdlib.h>
-#include <stdio.h>
-#include <string.h>
-
-#include "command-line.h"
-#include "compiler.h"
-#include "daemon.h"
-#include "learning-switch.h"
-#include "ofp-parse.h"
-#include "ofp-version-opt.h"
-#include "ofpbuf.h"
-#include "openflow/openflow.h"
-#include "poll-loop.h"
-#include "rconn.h"
-#include "simap.h"
-#include "stream-ssl.h"
-#include "timeval.h"
-#include "unixctl.h"
-#include "util.h"
-#include "vconn.h"
-#include "vlog.h"
-#include "socket-util.h"
-#include "ofp-util.h"
-
-VLOG_DEFINE_THIS_MODULE(controller);
-
-#define MAX_SWITCHES 16
-#define MAX_LISTENERS 16
-
-struct switch_ {
- struct lswitch *lswitch;
-};
-
-/* -H, --hub: Learn the ports on which MAC addresses appear? */
-static bool learn_macs = true;
-
-/* -n, --noflow: Set up flows? (If not, every packet is processed at the
- * controller.) */
-static bool set_up_flows = true;
-
-/* -N, --normal: Use "NORMAL" action instead of explicit port? */
-static bool action_normal = false;
-
-/* -w, --wildcard: 0 to disable wildcard flow entries, an OFPFW10_* bitmask to
- * enable specific wildcards, or UINT32_MAX to use the default wildcards. */
-static uint32_t wildcards = 0;
-
-/* --max-idle: Maximum idle time, in seconds, before flows expire. */
-static int max_idle = 60;
-
-/* --mute: If true, accept connections from switches but do not reply to any
- * of their messages (for debugging fail-open mode). */
-static bool mute = false;
-
-/* -q, --queue: default OpenFlow queue, none if UINT32_MAX. */
-static uint32_t default_queue = UINT32_MAX;
-
-/* -Q, --port-queue: map from port name to port number. */
-static struct simap port_queues = SIMAP_INITIALIZER(&port_queues);
-
-/* --with-flows: Flows to send to switch. */
-static struct ofputil_flow_mod *default_flows;
-static size_t n_default_flows;
-static enum ofputil_protocol usable_protocols;
-
-/* --unixctl: Name of unixctl socket, or null to use the default. */
-static char *unixctl_path = NULL;
-
-static void new_switch(struct switch_ *, struct vconn *);
-static void parse_options(int argc, char *argv[]);
-static void usage(void) NO_RETURN;
-
-int
-main(int argc, char *argv[])
-{
- struct unixctl_server *unixctl;
- struct switch_ switches[MAX_SWITCHES];
- struct pvconn *listeners[MAX_LISTENERS];
- int n_switches, n_listeners;
- int retval;
- int i;
-
- proctitle_init(argc, argv);
- set_program_name(argv[0]);
- parse_options(argc, argv);
- signal(SIGPIPE, SIG_IGN);
-
- if (argc - optind < 1) {
- ovs_fatal(0, "at least one vconn argument required; "
- "use --help for usage");
- }
-
- n_switches = n_listeners = 0;
- for (i = optind; i < argc; i++) {
- const char *name = argv[i];
- struct vconn *vconn;
-
- retval = vconn_open(name, get_allowed_ofp_versions(), DSCP_DEFAULT,
- &vconn);
- if (!retval) {
- if (n_switches >= MAX_SWITCHES) {
- ovs_fatal(0, "max %d switch connections", n_switches);
- }
- new_switch(&switches[n_switches++], vconn);
- continue;
- } else if (retval == EAFNOSUPPORT) {
- struct pvconn *pvconn;
- retval = pvconn_open(name, get_allowed_ofp_versions(),
- DSCP_DEFAULT, &pvconn);
- if (!retval) {
- if (n_listeners >= MAX_LISTENERS) {
- ovs_fatal(0, "max %d passive connections", n_listeners);
- }
- listeners[n_listeners++] = pvconn;
- }
- }
- if (retval) {
- VLOG_ERR("%s: connect: %s", name, ovs_strerror(retval));
- }
- }
- if (n_switches == 0 && n_listeners == 0) {
- ovs_fatal(0, "no active or passive switch connections");
- }
-
- daemonize_start();
-
- retval = unixctl_server_create(unixctl_path, &unixctl);
- if (retval) {
- exit(EXIT_FAILURE);
- }
-
- daemonize_complete();
-
- while (n_switches > 0 || n_listeners > 0) {
- /* Accept connections on listening vconns. */
- for (i = 0; i < n_listeners && n_switches < MAX_SWITCHES; ) {
- struct vconn *new_vconn;
-
- retval = pvconn_accept(listeners[i], &new_vconn);
- if (!retval || retval == EAGAIN) {
- if (!retval) {
- new_switch(&switches[n_switches++], new_vconn);
- }
- i++;
- } else {
- pvconn_close(listeners[i]);
- listeners[i] = listeners[--n_listeners];
- }
- }
-
- /* Do some switching work. . */
- for (i = 0; i < n_switches; ) {
- struct switch_ *this = &switches[i];
- lswitch_run(this->lswitch);
- if (lswitch_is_alive(this->lswitch)) {
- i++;
- } else {
- lswitch_destroy(this->lswitch);
- switches[i] = switches[--n_switches];
- }
- }
-
- unixctl_server_run(unixctl);
-
- /* Wait for something to happen. */
- if (n_switches < MAX_SWITCHES) {
- for (i = 0; i < n_listeners; i++) {
- pvconn_wait(listeners[i]);
- }
- }
- for (i = 0; i < n_switches; i++) {
- struct switch_ *sw = &switches[i];
- lswitch_wait(sw->lswitch);
- }
- unixctl_server_wait(unixctl);
- poll_block();
- }
-
- return 0;
-}
-
-static void
-new_switch(struct switch_ *sw, struct vconn *vconn)
-{
- struct lswitch_config cfg;
- struct rconn *rconn;
-
- rconn = rconn_create(60, 0, DSCP_DEFAULT, get_allowed_ofp_versions());
- rconn_connect_unreliably(rconn, vconn, NULL);
-
- cfg.mode = (action_normal ? LSW_NORMAL
- : learn_macs ? LSW_LEARN
- : LSW_FLOOD);
- cfg.wildcards = wildcards;
- cfg.max_idle = set_up_flows ? max_idle : -1;
- cfg.default_flows = default_flows;
- cfg.n_default_flows = n_default_flows;
- cfg.usable_protocols = usable_protocols;
- cfg.default_queue = default_queue;
- cfg.port_queues = &port_queues;
- cfg.mute = mute;
- sw->lswitch = lswitch_create(rconn, &cfg);
-}
-
-static void
-add_port_queue(char *s)
-{
- char *save_ptr = NULL;
- char *port_name;
- char *queue_id;
-
- port_name = strtok_r(s, ":", &save_ptr);
- queue_id = strtok_r(NULL, "", &save_ptr);
- if (!queue_id) {
- ovs_fatal(0, "argument to -Q or --port-queue should take the form "
- "\"<port-name>:<queue-id>\"");
- }
-
- if (!simap_put(&port_queues, port_name, atoi(queue_id))) {
- ovs_fatal(0, "<port-name> arguments for -Q or --port-queue must "
- "be unique");
- }
-}
-
-static void
-parse_options(int argc, char *argv[])
-{
- enum {
- OPT_MAX_IDLE = UCHAR_MAX + 1,
- OPT_PEER_CA_CERT,
- OPT_MUTE,
- OPT_WITH_FLOWS,
- OPT_UNIXCTL,
- VLOG_OPTION_ENUMS,
- DAEMON_OPTION_ENUMS,
- OFP_VERSION_OPTION_ENUMS
- };
- static const struct option long_options[] = {
- {"hub", no_argument, NULL, 'H'},
- {"noflow", no_argument, NULL, 'n'},
- {"normal", no_argument, NULL, 'N'},
- {"wildcards", optional_argument, NULL, 'w'},
- {"max-idle", required_argument, NULL, OPT_MAX_IDLE},
- {"mute", no_argument, NULL, OPT_MUTE},
- {"queue", required_argument, NULL, 'q'},
- {"port-queue", required_argument, NULL, 'Q'},
- {"with-flows", required_argument, NULL, OPT_WITH_FLOWS},
- {"unixctl", required_argument, NULL, OPT_UNIXCTL},
- {"help", no_argument, NULL, 'h'},
- DAEMON_LONG_OPTIONS,
- OFP_VERSION_LONG_OPTIONS,
- VLOG_LONG_OPTIONS,
- STREAM_SSL_LONG_OPTIONS,
- {"peer-ca-cert", required_argument, NULL, OPT_PEER_CA_CERT},
- {NULL, 0, NULL, 0},
- };
- char *short_options = long_options_to_short_options(long_options);
-
- for (;;) {
- int indexptr;
- char *error;
- int c;
-
- c = getopt_long(argc, argv, short_options, long_options, &indexptr);
- if (c == -1) {
- break;
- }
-
- switch (c) {
- case 'H':
- learn_macs = false;
- break;
-
- case 'n':
- set_up_flows = false;
- break;
-
- case OPT_MUTE:
- mute = true;
- break;
-
- case 'N':
- action_normal = true;
- break;
-
- case 'w':
- wildcards = optarg ? strtol(optarg, NULL, 16) : UINT32_MAX;
- break;
-
- case OPT_MAX_IDLE:
- if (!strcmp(optarg, "permanent")) {
- max_idle = OFP_FLOW_PERMANENT;
- } else {
- max_idle = atoi(optarg);
- if (max_idle < 1 || max_idle > 65535) {
- ovs_fatal(0, "--max-idle argument must be between 1 and "
- "65535 or the word 'permanent'");
- }
- }
- break;
-
- case 'q':
- default_queue = atoi(optarg);
- break;
-
- case 'Q':
- add_port_queue(optarg);
- break;
-
- case OPT_WITH_FLOWS:
- error = parse_ofp_flow_mod_file(optarg, OFPFC_ADD, &default_flows,
- &n_default_flows,
- &usable_protocols, false);
- if (error) {
- ovs_fatal(0, "%s", error);
- }
- break;
-
- case OPT_UNIXCTL:
- unixctl_path = optarg;
- break;
-
- case 'h':
- usage();
-
- VLOG_OPTION_HANDLERS
- OFP_VERSION_OPTION_HANDLERS
- DAEMON_OPTION_HANDLERS
-
- STREAM_SSL_OPTION_HANDLERS
-
- case OPT_PEER_CA_CERT:
- stream_ssl_set_peer_ca_cert_file(optarg);
- break;
-
- case '?':
- exit(EXIT_FAILURE);
-
- default:
- abort();
- }
- }
- free(short_options);
-
- if (!simap_is_empty(&port_queues) || default_queue != UINT32_MAX) {
- if (action_normal) {
- ovs_error(0, "queue IDs are incompatible with -N or --normal; "
- "not using OFPP_NORMAL");
- action_normal = false;
- }
-
- if (!learn_macs) {
- ovs_error(0, "queue IDs are incompatible with -H or --hub; "
- "not acting as hub");
- learn_macs = true;
- }
- }
-}
-
-static void
-usage(void)
-{
- printf("%s: OpenFlow controller\n"
- "usage: %s [OPTIONS] METHOD\n"
- "where METHOD is any OpenFlow connection method.\n",
- program_name, program_name);
- vconn_usage(true, true, false);
- daemon_usage();
- ofp_version_usage();
- vlog_usage();
- printf("\nOther options:\n"
- " -H, --hub act as hub instead of learning switch\n"
- " -n, --noflow pass traffic, but don't add flows\n"
- " --max-idle=SECS max idle time for new flows\n"
- " -N, --normal use OFPP_NORMAL action\n"
- " -w, --wildcards[=MASK] wildcard (specified) bits in flows\n"
- " -q, --queue=QUEUE-ID OpenFlow queue ID to use for output\n"
- " -Q PORT-NAME:QUEUE-ID use QUEUE-ID for frames from PORT-NAME\n"
- " --with-flows FILE use the flows from FILE\n"
- " --unixctl=SOCKET override default control socket name\n"
- " -h, --help display this help message\n"
- " -V, --version display version information\n");
- exit(EXIT_SUCCESS);
-}
.SH "SEE ALSO"
.
.BR ovs\-appctl (8),
-.BR ovs\-controller (8),
.BR ovs\-vswitchd (8)
.BR ovs\-vswitchd.conf.db (8)
.IP "\fB\-h\fR"
.IQ "\fB\-\^\-help\fR"
Prints a help usage message and exits.
-
-.SH "SEE ALSO"
-
-.BR ovs\-controller (8).
.TH ovs\-vsctl 8 "@VERSION@" "Open vSwitch" "Open vSwitch Manual"
.\" This program's name:
.ds PN ovs\-vsctl
-.\" SSL peer program's name:
-.ds SN ovsdb\-server
.
.SH NAME
ovs\-vsctl \- utility for querying and configuring \fBovs\-vswitchd\fR
.PP
This option is only useful if the controller sends its CA certificate
as part of the SSL certificate chain. The SSL protocol does not
-require the controller to send the CA certificate, but
-\fBovs\-controller\fR(8) can be configured to do so with the
-\fB\-\-peer\-ca\-cert\fR option.
+require the controller to send the CA certificate.
.
.SS "Database Commands"
.
.TH ovs\-vswitchd 8 "@VERSION@" "Open vSwitch" "Open vSwitch Manual"
.\" This program's name:
.ds PN ovs\-vswitchd
-.\" SSL peer program's name:
-.ds SN ovs\-controller
.
.SH NAME
ovs\-vswitchd \- Open vSwitch daemon
.TH vtep\-ctl 8 "March 2013" "Open vSwitch" "Open vSwitch Manual"
.\" This program's name:
.ds PN vtep\-ctl
-.\" SSL peer program's name:
-.ds SN ovsdb\-server
.
.SH NAME
vtep\-ctl \- utility for querying and configuring a VTEP database
# Get rid of stuff we don't want to make RPM happy.
rm \
$RPM_BUILD_ROOT/usr/bin/ovs-benchmark \
- $RPM_BUILD_ROOT/usr/bin/ovs-controller \
$RPM_BUILD_ROOT/usr/bin/ovs-l3ping \
$RPM_BUILD_ROOT/usr/bin/ovs-pki \
$RPM_BUILD_ROOT/usr/bin/ovs-test \
$RPM_BUILD_ROOT/usr/share/man/man1/ovs-benchmark.1 \
- $RPM_BUILD_ROOT/usr/share/man/man8/ovs-controller.8 \
$RPM_BUILD_ROOT/usr/share/man/man8/ovs-l3ping.8 \
$RPM_BUILD_ROOT/usr/share/man/man8/ovs-pki.8 \
$RPM_BUILD_ROOT/usr/share/man/man8/ovs-test.8
projects / cascardo / ovs.git / commitdiff