mir/openvswitch
2
0
Fork 0
mirror of https://github.com/openvswitch/ovs synced 2025-10-29 15:28:56 +00:00
Code Issues Releases Wiki Activity
Files
57c8677b511908b3120df3cbf44244423cfefc34
openvswitch/debian/openvswitch-switch.init
Ben Pfaff c50c79431e debian: Do not change iptables rules by default. 
Debian kernel maintainer Bastian Blank writes, at
http://bugs.debian.org/680537:

   The netfilter rules are a shared resource. There is no synchronization,
   so the admin have the last word. As kernel maintainer, I see it similar
   to a configuration file, so §10.7 policy applies.

   The purpose of openvswitch is to provide support for switching, not to
   setup filter rules. This means it violates the principle of least
   surprise.

I believe that the argument by analogy to configuration files is weak,
given that the Debian policy section in question is very specifically about
files, not about general principles.  On the other hand, Debian does not
install any firewall by default, so the presence of a rule that blocks GRE
traffic is a sign that the administrator has taken an explicit action to
install a firewall that blocks GRE, and therefore it is rather rude to
override this.  Therefore, this patch simply turns off this behavior on
Debian, given that in ordinary Debian installations it will have no
adverse effect on Open vSwitch.

Debian bug #680537.
CC: 680537@bugs.debian.org
Reported-by: Bastian Blank <waldi@debian.org>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Simon Horman <horms@verge.net.au>
2012-07-18 10:23:32 -07:00

112 lines
2.9 KiB
Bash
Executable File
Raw Blame History

#! /bin/sh
#
# Copyright (C) 2011, 2012 Nicira, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at:
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
### BEGIN INIT INFO
# Provides: openvswitch-switch
# Required-Start: $network $named $remote_fs $syslog
# Required-Stop: $remote_fs
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Open vSwitch switch
# Description: openvswitch-switch provides the userspace components and utilities for
# the Open vSwitch kernel-based switch.
### END INIT INFO
(test -x /usr/sbin/ovs-vswitchd && test -x /usr/sbin/ovsdb-server) || exit 0
. /usr/share/openvswitch/scripts/ovs-lib
test -e /etc/default/openvswitch-switch && . /etc/default/openvswitch-switch
if test X"$BRCOMPAT" = Xyes && test ! -x /usr/sbin/ovs-brcompatd; then
BRCOMPAT=no
log_warning_msg "ovs-brcompatd missing, disabling bridge compatibility"
fi
ovs_ctl () {
set /usr/share/openvswitch/scripts/ovs-ctl "$@"
if test X"$BRCOMPAT" = Xyes; then
set "$@" --brcompat
fi
"$@"
}
load_kmod () {
ovs_ctl load-kmod || exit $?
}
start () {
if ovs_ctl load-kmod; then
:
else
echo "Module has probably not been built for this kernel."
if ! test -d /usr/share/doc/openvswitch-datapath-source; then
echo "Install the openvswitch-datapath-source package, then read"
else
echo "For instructions, read"
fi
echo "/usr/share/doc/openvswitch-datapath-source/README.Debian"
if test X"$OVS_MISSING_KMOD_OK" = Xyes; then
# We're being invoked by the package postinst. Do not
# fail package installation just because the kernel module
# is not available.
exit 0
fi
fi
set ovs_ctl ${1-start} --system-id=random
if test X"$FORCE_COREFILES" != X; then
set "$@" --force-corefiles="$FORCE_COREFILES"
fi
set "$@" $OVS_CTL_OPTS
"$@" || exit $?
}
stop () {
ovs_ctl stop
}
case $1 in
start)
start
;;
stop | force-stop)
stop
;;
reload | force-reload)
# The OVS daemons keep up-to-date.
;;
restart)
stop
start
;;
status)
ovs_ctl status
exit $?
;;
force-reload-kmod)
start force-reload-kmod
;;
load-kmod)
load_kmod
;;
*)
echo "Usage: $0 {start|stop|restart|force-reload|status|force-stop|force-reload-kmod|load-kmod}" >&2
exit 1
;;
esac
exit 0
Reference in New Issue View Git Blame Copy Permalink