mir/ovs
2
0
Fork 0
mirror of https://github.com/openvswitch/ovs synced 2025-09-03 07:45:30 +00:00
Code Issues Releases Wiki Activity

DNS: Add basic support for asynchronous DNS resolving

Browse Source 
This patch is a simple implementation for the proposal discussed in
https://mail.openvswitch.org/pipermail/ovs-dev/2017-August/337038.html and
https://mail.openvswitch.org/pipermail/ovs-dev/2017-October/340013.html.

It enables ovs-vswitchd and other utilities to use DNS names when specifying
OpenFlow and OVSDB remotes.

Below are some of the features and limitations of this patch:
    - Resolving is asynchornous in daemon context, avoiding blocking main loop;
    - Resolving is synchronous in general utility context;
    - Both IPv4 and IPv6 are supported;
    - The resolving API is thread-safe;
    - Depends on the unbound library;
    - When multiple ip addresses are returned, only the first one is used;
    - /etc/nsswitch.conf isn't respected as unbound library doesn't look at it;
    - For async-resolving, caller need to retry later; there is no callback.

Signed-off-by: Yifeng Sun <pkusunyifeng@gmail.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
This commit is contained in:
Yifeng Sun
2018-06-26 14:06:21 -07:00
committed by Ben Pfaff
parent def5b366a3
commit 771680d96f
25 changed files with 604 additions and 165 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.travis.yml
View File

@@ -19,6 +19,8 @@ addons:
- python-sphinx - python-sphinx
- libelf-dev - libelf-dev
- selinux-policy-dev - selinux-policy-dev
- libunbound-dev
- libunbound-dev:i386
before_install: ./.travis/${TRAVIS_OS_NAME}-prepare.sh before_install: ./.travis/${TRAVIS_OS_NAME}-prepare.sh

4
Documentation/intro/install/general.rst
View File

@@ -93,6 +93,10 @@ need the following software:
- Python 2.7. You must also have the Python ``six`` library version 1.4.0 - Python 2.7. You must also have the Python ``six`` library version 1.4.0
or later. or later.
- Unbound library, from http://www.unbound.net, is optional but recommended if
you want to enable ovs-vswitchd and other utilities to use DNS names when
specifying OpenFlow and OVSDB remotes. If unbound library is already
installed, then Open vSwitch will automatically build with support for it.
On Linux, you may choose to compile the kernel module that comes with the Open On Linux, you may choose to compile the kernel module that comes with the Open
vSwitch distribution or to use the kernel module built into the Linux kernel vSwitch distribution or to use the kernel module built into the Linux kernel

14
Documentation/ref/ovsdb.7.rst
View File

@@ -379,11 +379,11 @@ the opposite arrangement as well.
OVSDB supports the following active connection methods: OVSDB supports the following active connection methods:
ssl:<ip>:<port> ssl:<host>:<port>
The specified SSL or TLS <port> on the host at the given <ip>. The specified SSL or TLS <port> on the given <host>.
tcp:<ip>:<port> tcp:<host>:<port>
The specified TCP <port> on the host at the given <ip>. The specified TCP <port> on the given <host>.
unix:<file> unix:<file>
On Unix-like systems, connect to the Unix domain server socket named On Unix-like systems, connect to the Unix domain server socket named
@@ -427,9 +427,9 @@ All IP-based connection methods accept IPv4 and IPv6 addresses. To specify an
IPv6 address, wrap it in square brackets, e.g. ``ssl:[::1]:6640``. Passive IPv6 address, wrap it in square brackets, e.g. ``ssl:[::1]:6640``. Passive
IP-based connection methods by default listen for IPv4 connections only; use IP-based connection methods by default listen for IPv4 connections only; use
``[::]`` as the address to accept both IPv4 and IPv6 connections, ``[::]`` as the address to accept both IPv4 and IPv6 connections,
e.g. ``pssl:6640:[::]``. DNS names are not accepted. On Linux, use e.g. ``pssl:6640:[::]``. DNS names are also accepted if built with unbound
``%<device>`` to designate a scope for IPv6 link-level addresses, library. On Linux, use ``%<device>`` to designate a scope for IPv6 link-level
e.g. ``ssl:[fe80::1234%eth0]:6653``. addresses, e.g. ``ssl:[fe80::1234%eth0]:6653``.
The <port> may be omitted from connection methods that use a port number. The The <port> may be omitted from connection methods that use a port number. The
default <port> for TCP-based connection methods is 6640, e.g. ``pssl:`` is default <port> for TCP-based connection methods is 6640, e.g. ``pssl:`` is

2
NEWS
View File

@@ -1,5 +1,7 @@
Post-v2.9.0 Post-v2.9.0
-------------------- --------------------
- ovs-vswitchd and utilities now support DNS names in OpenFlow and
OVSDB remotes.
- ovs-vswitchd: - ovs-vswitchd:
* New options --l7 and --l7-len to "ofproto/trace" command. * New options --l7 and --l7-len to "ofproto/trace" command.
* Previous versions gave OpenFlow tables default names of the form * Previous versions gave OpenFlow tables default names of the form

1
configure.ac
View File

@@ -135,6 +135,7 @@ OVS_CHECK_LINUX_HOST
OVS_LIBTOOL_VERSIONS OVS_LIBTOOL_VERSIONS
OVS_CHECK_CXX OVS_CHECK_CXX
AX_FUNC_POSIX_MEMALIGN AX_FUNC_POSIX_MEMALIGN
OVS_CHECK_UNBOUND
OVS_CHECK_INCLUDE_NEXT([stdio.h string.h]) OVS_CHECK_INCLUDE_NEXT([stdio.h string.h])
AC_CONFIG_FILES([ AC_CONFIG_FILES([

4
debian/control vendored
View File

@@ -16,7 +16,8 @@ Build-Depends: graphviz,
python-all (>= 2.7), python-all (>= 2.7),
python-twisted-conch, python-twisted-conch,
python-zopeinterface, python-zopeinterface,
python-six python-six,
libunbound-dev
Standards-Version: 3.9.3 Standards-Version: 3.9.3
Homepage: http://openvswitch.org/ Homepage: http://openvswitch.org/
@@ -307,6 +308,7 @@ Multi-Arch: same
Depends: Depends:
libopenvswitch (>= ${binary:Version}), libopenvswitch (>= ${binary:Version}),
libssl-dev, libssl-dev,
libunbound-dev,
${misc:Depends} ${misc:Depends}
Conflicts: openvswitch-dev Conflicts: openvswitch-dev
Replaces: openvswitch-dev Replaces: openvswitch-dev

7
lib/automake.mk
View File

@@ -465,6 +465,13 @@ else
lib_libopenvswitch_la_SOURCES += lib/stream-nossl.c lib_libopenvswitch_la_SOURCES += lib/stream-nossl.c
endif endif
lib_libopenvswitch_la_SOURCES += lib/dns-resolve.h
if HAVE_UNBOUND
lib_libopenvswitch_la_SOURCES += lib/dns-resolve.c
else
lib_libopenvswitch_la_SOURCES += lib/dns-resolve-stub.c
endif
pkgconfig_DATA += \ pkgconfig_DATA += \
lib/libopenvswitch.pc \ lib/libopenvswitch.pc \
lib/libsflow.pc lib/libsflow.pc

36
lib/dns-resolve-stub.c Normal file
View File

@@ -0,0 +1,36 @@
/*
* Copyright (c) 2017, 2018 Nicira, Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at:
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include <config.h>
#include "dns-resolve.h"
#include "compiler.h"
void
dns_resolve_init(void)
{
}
bool
dns_resolve(const char *name OVS_UNUSED, char **addr)
{
*addr = NULL;
return false;
}
void
dns_resolve_destroy(void)
{
}

310
lib/dns-resolve.c Normal file
View File

@@ -0,0 +1,310 @@
/*
* Copyright (c) 2017, 2018 Nicira, Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at:
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include <config.h>
#include "dns-resolve.h"
#include <sys/types.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <arpa/nameser.h>
#include <errno.h>
#include <string.h>
#include <unbound.h>
#include "hash.h"
#include "openvswitch/hmap.h"
#include "openvswitch/vlog.h"
#include "timeval.h"
VLOG_DEFINE_THIS_MODULE(dns_resolve);
/* Guard all_reqs__ and resolve_state of each request. */
static struct ovs_mutex dns_mutex__ = OVS_MUTEX_INITIALIZER;
static struct hmap all_reqs__;
static struct ub_ctx *ub_ctx__;
static bool thread_is_daemon;
static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 1);
enum resolve_state {
RESOLVE_INVALID,
RESOLVE_PENDING,
RESOLVE_GOOD,
RESOLVE_ERROR
};
struct resolve_request {
struct hmap_node hmap_node; /* node for all_reqs__ */
char *name; /* the domain name to be resolved */
char *addr; /* the resolved ip address */
enum resolve_state state; /* state of this request */
time_t time; /* resolving time */
struct ub_result *ub_result; /* the stored unbound result */
};
static struct resolve_request *resolve_find_or_new__(const char *name)
OVS_REQUIRES(dns_mutex__);
static bool resolve_check_expire__(struct resolve_request *req)
OVS_REQUIRES(dns_mutex__);
static bool resolve_check_valid__(struct resolve_request *req)
OVS_REQUIRES(dns_mutex__);
static bool resolve_async__(struct resolve_request *req, int qtype)
OVS_REQUIRES(dns_mutex__);
static void resolve_callback__(void *req, int err, struct ub_result *)
OVS_REQUIRES(dns_mutex__);
static bool resolve_result_to_addr__(struct ub_result *result, char **addr);
static bool dns_resolve_sync__(const char *name, char **addr);
/* Pass a true 'is_daemon' if you don't want the DNS-resolving to block the
* running thread.
*/
void
dns_resolve_init(bool is_daemon)
{
ub_ctx__ = ub_ctx_create();
if (ub_ctx__ == NULL) {
VLOG_ERR_RL(&rl, "Failed to create libunbound context, "
"so asynchronous DNS resolving is disabled.");
return;
}
int retval;
#ifdef __linux__
retval = ub_ctx_resolvconf(ub_ctx__, "/etc/resolv.conf");
if (retval != 0) {
VLOG_WARN_RL(&rl, "Failed to read /etc/resolv.conf: %s",
ub_strerror(retval));
}
#endif
/* Handles '/etc/hosts' on Linux and 'WINDIR/etc/hosts' on Windows. */
retval = ub_ctx_hosts(ub_ctx__, NULL);
if (retval != 0) {
VLOG_WARN_RL(&rl, "Failed to read etc/hosts: %s",
ub_strerror(retval));
}
ub_ctx_async(ub_ctx__, true);
hmap_init(&all_reqs__);
thread_is_daemon = is_daemon;
}
/* Returns true on success. Otherwise, returns false and the error information
* can be found in logs. If there is no error information, then the resolving
* is in process and the caller should call again later. The value of '*addr'
* is always nullified if false is returned. If this function is called under
* daemon-context, the resolving will undergo asynchronously. Otherwise, a
* synchronouse resolving will take place.
*
* This function is thread-safe.
*
* The caller is responsible for freeing the returned '*addr'.
*/
bool
dns_resolve(const char *name, char **addr)
OVS_EXCLUDED(dns_mutex__)
{
bool success = false;
if (!thread_is_daemon) {
return dns_resolve_sync__(name, addr);
}
*addr = NULL;
ovs_mutex_lock(&dns_mutex__);
if (ub_ctx__ == NULL) {
goto unlock;
}
/* ub_process is inside lock as it invokes resolve_callback__. */
int retval = ub_process(ub_ctx__);
if (retval != 0) {
VLOG_ERR_RL(&rl, "dns-resolve error: %s", ub_strerror(retval));
goto unlock;
}
struct resolve_request *req;
req = resolve_find_or_new__(name);
if (resolve_check_valid__(req)) {
*addr = xstrdup(req->addr);
success = true;
} else if (req->state != RESOLVE_PENDING) {
success = resolve_async__(req, ns_t_a);
}
unlock:
ovs_mutex_unlock(&dns_mutex__);
return success;
}
void
dns_resolve_destroy(void)
{
if (ub_ctx__ != NULL) {
/* Outstanding requests will be killed. */
ub_ctx_delete(ub_ctx__);
ub_ctx__ = NULL;
struct resolve_request *req;
HMAP_FOR_EACH(req, hmap_node, &all_reqs__) {
ub_resolve_free(req->ub_result);
free(req->addr);
free(req->name);
free(req);
}
hmap_destroy(&all_reqs__);
}
}
static struct resolve_request *
resolve_find_or_new__(const char *name)
OVS_REQUIRES(dns_mutex__)
{
struct resolve_request *req;
HMAP_FOR_EACH_IN_BUCKET(req, hmap_node, hash_string(name, 0),
&all_reqs__) {
if (!strcmp(name, req->name)) {
return req;
}
}
req = xzalloc(sizeof *req);
req->name = xstrdup(name);
req->state = RESOLVE_INVALID;
hmap_insert(&all_reqs__, &req->hmap_node, hash_string(req->name, 0));
return req;
}
static bool
resolve_check_expire__(struct resolve_request *req)
OVS_REQUIRES(dns_mutex__)
{
return time_now() > req->time + req->ub_result->ttl;
}
static bool
resolve_check_valid__(struct resolve_request *req)
OVS_REQUIRES(dns_mutex__)
{
return (req != NULL
&& req->state == RESOLVE_GOOD
&& !resolve_check_expire__(req));
}
static bool
resolve_async__(struct resolve_request *req, int qtype)
OVS_REQUIRES(dns_mutex__)
{
if (qtype == ns_t_a || qtype == ns_t_aaaa) {
int retval;
retval = ub_resolve_async(ub_ctx__, req->name,
qtype, ns_c_in, req,
resolve_callback__, NULL);
if (retval != 0) {
req->state = RESOLVE_ERROR;
return false;
} else {
req->state = RESOLVE_PENDING;
return true;
}
}
return false;
}
static void
resolve_callback__(void *req_, int err, struct ub_result *result)
OVS_REQUIRES(dns_mutex__)
{
struct resolve_request *req = req_;
if (err != 0 || (result->qtype == ns_t_aaaa && !result->havedata)) {
req->state = RESOLVE_ERROR;
VLOG_ERR_RL(&rl, "%s: failed to resolve", req->name);
return;
}
/* IPv4 address is empty, try IPv6. */
if (result->qtype == ns_t_a && !result->havedata) {
ub_resolve_free(result);
resolve_async__(req, ns_t_aaaa);
return;
}
char *addr;
if (!resolve_result_to_addr__(result, &addr)) {
req->state = RESOLVE_ERROR;
VLOG_ERR_RL(&rl, "%s: failed to resolve", req->name);
return;
}
ub_resolve_free(req->ub_result);
free(req->addr);
req->ub_result = result;
req->addr = addr;
req->state = RESOLVE_GOOD;
req->time = time_now();
}
static bool
resolve_result_to_addr__(struct ub_result *result, char **addr)
{
int af = result->qtype == ns_t_a ? AF_INET : AF_INET6;
char buffer[INET6_ADDRSTRLEN];
/* XXX: only the first returned IP is used. */
if (inet_ntop(af, result->data[0], buffer, sizeof buffer)) {
*addr = xstrdup(buffer);
} else {
*addr = NULL;
}
return (*addr != NULL);
}
static bool
dns_resolve_sync__(const char *name, char **addr)
{
*addr = NULL;
if (ub_ctx__ == NULL) {
dns_resolve_init(false);
if (ub_ctx__ == NULL) {
return false;
}
}
struct ub_result *result;
int retval = ub_resolve(ub_ctx__, name, ns_t_a, ns_c_in, &result);
if (retval != 0) {
return false;
} else if (!result->havedata) {
ub_resolve_free(result);
retval = ub_resolve(ub_ctx__, name, ns_t_aaaa, ns_c_in, &result);
if (retval != 0) {
return false;
} else if (!result->havedata) {
ub_resolve_free(result);
return false;
}
}
bool success = resolve_result_to_addr__(result, addr);
ub_resolve_free(result);
return success;
}

26
lib/dns-resolve.h Normal file
View File

@@ -0,0 +1,26 @@
/*
* Copyright (c) 2017, 2018 Nicira, Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at:
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef DNS_RESOLVE_H
#define DNS_RESOLVE_H 1
#include <stdbool.h>
void dns_resolve_init(bool is_daemon);
bool dns_resolve(const char *name, char **addr);
void dns_resolve_destroy(void);
#endif /* dns-resolve.h */

48
lib/socket-util.c
View File

@@ -48,6 +48,7 @@
#include "netlink-protocol.h" #include "netlink-protocol.h"
#include "netlink-socket.h" #include "netlink-socket.h"
#endif #endif
#include "dns-resolve.h"
VLOG_DEFINE_THIS_MODULE(socket_util); VLOG_DEFINE_THIS_MODULE(socket_util);
@@ -56,6 +57,12 @@ static int getsockopt_int(int fd, int level, int option, const char *optname,
static struct sockaddr_in *sin_cast(const struct sockaddr *); static struct sockaddr_in *sin_cast(const struct sockaddr *);
static struct sockaddr_in6 *sin6_cast(const struct sockaddr *); static struct sockaddr_in6 *sin6_cast(const struct sockaddr *);
static const struct sockaddr *sa_cast(const struct sockaddr_storage *); static const struct sockaddr *sa_cast(const struct sockaddr_storage *);
static bool parse_sockaddr_components(struct sockaddr_storage *ss,
char *host_s,
const char *port_s,
uint16_t default_port,
const char *s,
bool resolve_host);
/* Sets 'fd' to non-blocking mode. Returns 0 if successful, otherwise a /* Sets 'fd' to non-blocking mode. Returns 0 if successful, otherwise a
* positive errno value. */ * positive errno value. */
@@ -419,11 +426,31 @@ inet_parse_port_host_tokens(char *s, char **portp, char **hostp)
inet_parse_tokens__(s, 1, hostp, portp); inet_parse_tokens__(s, 1, hostp, portp);
} }
static bool
parse_sockaddr_components_dns(struct sockaddr_storage *ss OVS_UNUSED,
char *host_s,
const char *port_s OVS_UNUSED,
uint16_t default_port OVS_UNUSED,
const char *s OVS_UNUSED)
{
char *tmp_host_s;
dns_resolve(host_s, &tmp_host_s);
if (tmp_host_s != NULL) {
parse_sockaddr_components(ss, tmp_host_s, port_s,
default_port, s, false);
free(tmp_host_s);
return true;
}
return false;
}
static bool static bool
parse_sockaddr_components(struct sockaddr_storage *ss, parse_sockaddr_components(struct sockaddr_storage *ss,
char *host_s, char *host_s,
const char *port_s, uint16_t default_port, const char *port_s, uint16_t default_port,
const char *s) const char *s,
bool resolve_host)
{ {
struct sockaddr_in *sin = sin_cast(sa_cast(ss)); struct sockaddr_in *sin = sin_cast(sa_cast(ss));
int port; int port;
@@ -445,7 +472,6 @@ parse_sockaddr_components(struct sockaddr_storage *ss,
sin6->sin6_family = AF_INET6; sin6->sin6_family = AF_INET6;
sin6->sin6_port = htons(port); sin6->sin6_port = htons(port);
if (!addr || !*addr || !ipv6_parse(addr, &sin6->sin6_addr)) { if (!addr || !*addr || !ipv6_parse(addr, &sin6->sin6_addr)) {
VLOG_ERR("%s: bad IPv6 address \"%s\"", s, addr ? addr : "");
goto exit; goto exit;
} }
@@ -468,13 +494,19 @@ parse_sockaddr_components(struct sockaddr_storage *ss,
sin->sin_family = AF_INET; sin->sin_family = AF_INET;
sin->sin_port = htons(port); sin->sin_port = htons(port);
if (host_s && !ip_parse(host_s, &sin->sin_addr.s_addr)) { if (host_s && !ip_parse(host_s, &sin->sin_addr.s_addr)) {
VLOG_ERR("%s: bad IPv4 address \"%s\"", s, host_s); goto resolve;
goto exit;
} }
} }
return true; return true;
resolve:
if (resolve_host && parse_sockaddr_components_dns(ss, host_s, port_s,
default_port, s)) {
return true;
} else if (!resolve_host) {
VLOG_ERR("%s: bad IP address \"%s\"", s, host_s);
}
exit: exit:
memset(ss, 0, sizeof *ss); memset(ss, 0, sizeof *ss);
return false; return false;
@@ -505,7 +537,8 @@ inet_parse_active(const char *target_, int default_port,
VLOG_ERR("%s: port must be specified", target_); VLOG_ERR("%s: port must be specified", target_);
ok = false; ok = false;
} else { } else {
ok = parse_sockaddr_components(ss, host, port, default_port, target_); ok = parse_sockaddr_components(ss, host, port, default_port,
target_, true);
} }
if (!ok) { if (!ok) {
memset(ss, 0, sizeof *ss); memset(ss, 0, sizeof *ss);
@@ -625,7 +658,8 @@ inet_parse_passive(const char *target_, int default_port,
VLOG_ERR("%s: port must be specified", target_); VLOG_ERR("%s: port must be specified", target_);
ok = false; ok = false;
} else { } else {
ok = parse_sockaddr_components(ss, host, port, default_port, target_); ok = parse_sockaddr_components(ss, host, port, default_port,
target_, true);
} }
if (!ok) { if (!ok) {
memset(ss, 0, sizeof *ss); memset(ss, 0, sizeof *ss);
@@ -747,7 +781,7 @@ inet_parse_address(const char *target_, struct sockaddr_storage *ss)
{ {
char *target = xstrdup(target_); char *target = xstrdup(target_);
char *host = unbracket(target); char *host = unbracket(target);
bool ok = parse_sockaddr_components(ss, host, NULL, 0, target_); bool ok = parse_sockaddr_components(ss, host, NULL, 0, target_, false);
if (!ok) { if (!ok) {
memset(ss, 0, sizeof *ss); memset(ss, 0, sizeof *ss);
} }

8
lib/stream.c
View File

@@ -126,11 +126,11 @@ stream_usage(const char *name, bool active, bool passive,
printf("\n"); printf("\n");
if (active) { if (active) {
printf("Active %s connection methods:\n", name); printf("Active %s connection methods:\n", name);
printf(" tcp:IP:PORT " printf(" tcp:HOST:PORT "
"PORT at remote IP\n"); "PORT at remote HOST\n");
#ifdef HAVE_OPENSSL #ifdef HAVE_OPENSSL
printf(" ssl:IP:PORT " printf(" ssl:HOST:PORT "
"SSL PORT at remote IP\n"); "SSL PORT at remote HOST\n");
#endif #endif
printf(" unix:FILE " printf(" unix:FILE "
"Unix domain socket named FILE\n"); "Unix domain socket named FILE\n");

14
lib/vconn-active.man
View File

@@ -1,10 +1,10 @@
.IP "\fBssl:\fIip\fR[\fB:\fIport\fR]" .IP "\fBssl:\fIhost\fR[\fB:\fIport\fR]"
.IQ "\fBtcp:\fIip\fR[\fB:\fIport\fR]" .IQ "\fBtcp:\fIhost\fR[\fB:\fIport\fR]"
The specified \fIport\fR on the host at the given \fIip\fR, which must The specified \fIport\fR on the given \fIhost\fR, which can
be expressed as an IP address (not a DNS name) in IPv4 or IPv6 address be expressed either as a DNS name (if built with unbound library)
format. Wrap IPv6 addresses in square brackets, or an IP address in IPv4 or IPv6 address format. Wrap IPv6 addresses
e.g. \fBtcp:[::1]:6653\fR. On Linux, use \fB%\fIdevice\fR to in square brackets, e.g. \fBtcp:[::1]:6653\fR. On Linux, use
designate a scope for IPv6 link-level addresses, \fB%\fIdevice\fR to designate a scope for IPv6 link-level addresses,
e.g. \fBtcp:[fe80::1234%eth0]:6653\fR. For \fBssl\fR, the e.g. \fBtcp:[fe80::1234%eth0]:6653\fR. For \fBssl\fR, the
\fB\-\-private\-key\fR, \fB\-\-certificate\fR, and \fB\-\-ca\-cert\fR \fB\-\-private\-key\fR, \fB\-\-certificate\fR, and \fB\-\-ca\-cert\fR
options are mandatory. options are mandatory.

10
lib/vconn-passive.man
View File

@@ -1,12 +1,12 @@
.IP "\fBpssl:\fR[\fIport\fR][\fB:\fIip\fR]" .IP "\fBpssl:\fR[\fIport\fR][\fB:\fIhost\fR]"
.IQ "\fBptcp:\fR[\fIport\fR][\fB:\fIip\fR]" .IQ "\fBptcp:\fR[\fIport\fR][\fB:\fIhost\fR]"
Listens for OpenFlow connections on \fIport\fR. The default Listens for OpenFlow connections on \fIport\fR. The default
\fIport\fR is 6653. By default, connections are allowed from any IPv4 \fIport\fR is 6653. By default, connections are allowed from any IPv4
address. Specify \fIip\fR as an IPv4 address or a bracketed IPv6 address. Specify \fIhost\fR as an IPv4 address or a bracketed IPv6
address (e.g. \fBptcp:6653:[::1]\fR). On Linux, use \fB%\fIdevice\fR address (e.g. \fBptcp:6653:[::1]\fR). On Linux, use \fB%\fIdevice\fR
to designate a scope for IPv6 link-level addresses, to designate a scope for IPv6 link-level addresses,
e.g. \fBptcp:6653:[fe80::1234%eth0]\fR. DNS names may e.g. \fBptcp:6653:[fe80::1234%eth0]\fR. DNS names can
not be used. For \fBpssl\fR, the be used if built with unbound library. For \fBpssl\fR, the
\fB\-\-private\-key\fR,\fB\-\-certificate\fR, and \fB\-\-ca\-cert\fR \fB\-\-private\-key\fR,\fB\-\-certificate\fR, and \fB\-\-ca\-cert\fR
options are mandatory. options are mandatory.
.IP .IP

8
lib/vconn.c
View File

@@ -139,11 +139,11 @@ vconn_usage(bool active, bool passive, bool bootstrap OVS_UNUSED)
printf("\n"); printf("\n");
if (active) { if (active) {
printf("Active OpenFlow connection methods:\n"); printf("Active OpenFlow connection methods:\n");
printf(" tcp:IP[:PORT] " printf(" tcp:HOST[:PORT] "
"PORT (default: %d) at remote IP\n", OFP_PORT); "PORT (default: %d) at remote HOST\n", OFP_PORT);
#ifdef HAVE_OPENSSL #ifdef HAVE_OPENSSL
printf(" ssl:IP[:PORT] " printf(" ssl:HOST[:PORT] "
"SSL PORT (default: %d) at remote IP\n", OFP_PORT); "SSL PORT (default: %d) at remote HOST\n", OFP_PORT);
#endif #endif
printf(" unix:FILE Unix domain socket named FILE\n"); printf(" unix:FILE Unix domain socket named FILE\n");
} }

10
m4/openvswitch.m4
View File

@@ -669,3 +669,13 @@ AC_DEFUN([OVS_CHECK_CXX],
enable_cxx=false enable_cxx=false
fi fi
AM_CONDITIONAL([HAVE_CXX], [$enable_cxx])]) AM_CONDITIONAL([HAVE_CXX], [$enable_cxx])])
dnl Checks for unbound library.
AC_DEFUN([OVS_CHECK_UNBOUND],
[AC_CHECK_LIB(unbound, ub_ctx_create, [HAVE_UNBOUND=yes])
if test "$HAVE_UNBOUND" = yes; then
AC_DEFINE([HAVE_UNBOUND], [1], [Define to 1 if unbound is detected.])
LIBS="$LIBS -lunbound"
fi
AM_CONDITIONAL([HAVE_UNBOUND], [test "$HAVE_UNBOUND" = yes])
AC_SUBST([HAVE_UNBOUND])])

28
ovn/controller-vtep/ovn-controller-vtep.8.xml
View File

@@ -39,28 +39,28 @@
<ul> <ul>
<li> <li>
<p> <p>
<code>ssl:<var>ip</var>:<var>port</var></code> <code>ssl:<var>host</var>:<var>port</var></code>
</p> </p>
<p> <p>
The specified SSL <var>port</var> on the host at the given The specified SSL <var>port</var> on the give <var>host</var>, which
<var>ip</var>, which must be expressed as an IP address (not a DNS can either be a DNS name (if built with unbound library) or an IP
name) in IPv4 or IPv6 address format. If <var>ip</var> is an IPv6 address (IPv4 or IPv6). If <var>host</var> is an IPv6 address, then
address, then wrap <var>ip</var> with square brackets, e.g.: wrap <var>host</var> with square brackets, e.g.: <code>ssl:[::1]:6640</code>.
<code>ssl:[::1]:6640</code>. The <code>--private-key</code>, The <code>--private-key</code>, <code>--certificate</code> and either
<code>--certificate</code> and either of <code>--ca-cert</code> of <code>--ca-cert</code> or <code>--bootstrap-ca-cert</code> options
or <code>--bootstrap-ca-cert</code> options are mandatory when this are mandatory when this form is used.
form is used.
</p> </p>
</li> </li>
<li> <li>
<p> <p>
<code>tcp:<var>ip</var>:<var>port</var></code> <code>tcp:<var>host</var>:<var>port</var></code>
</p> </p>
<p> <p>
Connect to the given TCP <var>port</var> on <var>ip</var>, where Connect to the given TCP <var>port</var> on <var>host</var>, where
<var>ip</var> can be IPv4 or IPv6 address. If <var>ip</var> is an <var>host</var> can be a DNS name (if built with unbound library) or
IPv6 address, then wrap <var>ip</var> with square brackets, e.g.: IP address (IPv4 or IPv6). If <var>host</var> is an IPv6 address,
<code>tcp:[::1]:6640</code>. then wrap <var>host</var> with square brackets,
e.g.: <code>tcp:[::1]:6640</code>.
</p> </p>
</li> </li>
<li> <li>

47
ovn/ovn-nb.xml
View File

@@ -2062,14 +2062,14 @@
The following connection methods are currently supported: The following connection methods are currently supported:
</p> </p>
<dl> <dl>
<dt><code>ssl:<var>ip</var></code>[<code>:<var>port</var></code>]</dt> <dt><code>ssl:<var>host</var></code>[<code>:<var>port</var></code>]</dt>
<dd> <dd>
<p> <p>
The specified SSL <var>port</var> on the host at the given The specified SSL <var>port</var> on the host at the given
<var>ip</var>, which must be expressed as an IP address <var>host</var>, which can either be a DNS name (if built with
(not a DNS name). A valid SSL configuration must be provided unbound library) or an IP address. A valid SSL configuration must
when this form is used, this configuration can be specified be provided when this form is used, this configuration can be
via command-line options or the <ref table="SSL"/> table. specified via command-line options or the <ref table="SSL"/> table.
</p> </p>
<p> <p>
If <var>port</var> is not specified, it defaults to 6640. If <var>port</var> is not specified, it defaults to 6640.
@@ -2080,30 +2080,29 @@
</p> </p>
</dd> </dd>
<dt><code>tcp:<var>ip</var></code>[<code>:<var>port</var></code>]</dt> <dt><code>tcp:<var>host</var></code>[<code>:<var>port</var></code>]</dt>
<dd> <dd>
<p> <p>
The specified TCP <var>port</var> on the host at the given The specified TCP <var>port</var> on the host at the given
<var>ip</var>, which must be expressed as an IP address (not a <var>host</var>, which can either be a DNS name (if built with
DNS name), where <var>ip</var> can be IPv4 or IPv6 address. If unbound library) or an IP address. If <var>host</var> is an IPv6
<var>ip</var> is an IPv6 address, wrap it in square brackets, address, wrap it in square brackets, e.g. <code>tcp:[::1]:6640</code>.
e.g. <code>tcp:[::1]:6640</code>.
</p> </p>
<p> <p>
If <var>port</var> is not specified, it defaults to 6640. If <var>port</var> is not specified, it defaults to 6640.
</p> </p>
</dd> </dd>
<dt><code>pssl:</code>[<var>port</var>][<code>:<var>ip</var></code>]</dt> <dt><code>pssl:</code>[<var>port</var>][<code>:<var>host</var></code>]</dt>
<dd> <dd>
<p> <p>
Listens for SSL connections on the specified TCP <var>port</var>. Listens for SSL connections on the specified TCP <var>port</var>.
Specify 0 for <var>port</var> to have the kernel automatically Specify 0 for <var>port</var> to have the kernel automatically
choose an available port. If <var>ip</var>, which must be choose an available port. If <var>host</var>, which can either
expressed as an IP address (not a DNS name), is specified, then be a DNS name (if built with unbound library) or an IP address,
connections are restricted to the specified local IP address is specified, then connections are restricted to the resolved or
(either IPv4 or IPv6 address). If <var>ip</var> is an IPv6 specified local IPaddress (either IPv4 or IPv6 address). If
address, wrap in square brackets, <var>host</var> is an IPv6 address, wrap in square brackets,
e.g. <code>pssl:6640:[::1]</code>. If <var>ip</var> is not e.g. <code>pssl:6640:[::1]</code>. If <var>host</var> is not
specified then it listens only on IPv4 (but not IPv6) addresses. specified then it listens only on IPv4 (but not IPv6) addresses.
A valid SSL configuration must be provided when this form is used, A valid SSL configuration must be provided when this form is used,
this can be specified either via command-line options or the this can be specified either via command-line options or the
@@ -2117,17 +2116,17 @@
part of Open vSwitch. part of Open vSwitch.
</p> </p>
</dd> </dd>
<dt><code>ptcp:</code>[<var>port</var>][<code>:<var>ip</var></code>]</dt> <dt><code>ptcp:</code>[<var>port</var>][<code>:<var>host</var></code>]</dt>
<dd> <dd>
<p> <p>
Listens for connections on the specified TCP <var>port</var>. Listens for connections on the specified TCP <var>port</var>.
Specify 0 for <var>port</var> to have the kernel automatically Specify 0 for <var>port</var> to have the kernel automatically
choose an available port. If <var>ip</var>, which must be choose an available port. If <var>host</var>, which can either
expressed as an IP address (not a DNS name), is specified, then be a DNS name (if built with unbound library) or an IP address,
connections are restricted to the specified local IP address is specified, then connections are restricted to the resolved or
(either IPv4 or IPv6 address). If <var>ip</var> is an IPv6 specified local IP address (either IPv4 or IPv6 address). If
address, wrap it in square brackets, <var>host</var> is an IPv6 address, wrap it in square brackets,
e.g. <code>ptcp:6640:[::1]</code>. If <var>ip</var> is not e.g. <code>ptcp:6640:[::1]</code>. If <var>host</var> is not
specified then it listens only on IPv4 addresses. specified then it listens only on IPv4 addresses.
</p> </p>
<p> <p>

51
ovn/ovn-sb.xml
View File

@@ -2840,14 +2840,14 @@ tcp.flags = RST;
The following connection methods are currently supported: The following connection methods are currently supported:
</p> </p>
<dl> <dl>
<dt><code>ssl:<var>ip</var></code>[<code>:<var>port</var></code>]</dt> <dt><code>ssl:<var>host</var></code>[<code>:<var>port</var></code>]</dt>
<dd> <dd>
<p> <p>
The specified SSL <var>port</var> on the host at the given The specified SSL <var>port</var> on the given <var>host</var>,
<var>ip</var>, which must be expressed as an IP address which can either be a DNS name (if built with unbound library) or
(not a DNS name). A valid SSL configuration must be provided an IP address. A valid SSL configuration must be provided when
when this form is used, this configuration can be specified this form is used, this configuration can be specified via
via command-line options or the <ref table="SSL"/> table. command-line options or the <ref table="SSL"/> table.
</p> </p>
<p> <p>
If <var>port</var> is not specified, it defaults to 6640. If <var>port</var> is not specified, it defaults to 6640.
@@ -2858,30 +2858,29 @@ tcp.flags = RST;
</p> </p>
</dd> </dd>
<dt><code>tcp:<var>ip</var></code>[<code>:<var>port</var></code>]</dt> <dt><code>tcp:<var>host</var></code>[<code>:<var>port</var></code>]</dt>
<dd> <dd>
<p> <p>
The specified TCP <var>port</var> on the host at the given The specified TCP <var>port</var> on the given <var>host</var>,
<var>ip</var>, which must be expressed as an IP address (not a which can either be a DNS name (if built with unbound library) or
DNS name), where <var>ip</var> can be IPv4 or IPv6 address. If an IP address (IPv4 or IPv6). If <var>host</var> is an IPv6
<var>ip</var> is an IPv6 address, wrap it in square brackets, address, wrap it in square brackets, e.g. <code>tcp:[::1]:6640</code>.
e.g. <code>tcp:[::1]:6640</code>.
</p> </p>
<p> <p>
If <var>port</var> is not specified, it defaults to 6640. If <var>port</var> is not specified, it defaults to 6640.
</p> </p>
</dd> </dd>
<dt><code>pssl:</code>[<var>port</var>][<code>:<var>ip</var></code>]</dt> <dt><code>pssl:</code>[<var>port</var>][<code>:<var>host</var></code>]</dt>
<dd> <dd>
<p> <p>
Listens for SSL connections on the specified TCP <var>port</var>. Listens for SSL connections on the specified TCP <var>port</var>.
Specify 0 for <var>port</var> to have the kernel automatically Specify 0 for <var>port</var> to have the kernel automatically
choose an available port. If <var>ip</var>, which must be choose an available port. If <var>host</var>, which can either
expressed as an IP address (not a DNS name), is specified, then be a DNS name (if built with unbound library) or an IP address,
connections are restricted to the specified local IP address is specified, then connections are restricted to the resolved or
(either IPv4 or IPv6 address). If <var>ip</var> is an IPv6 specified local IP address (either IPv4 or IPv6 address). If
address, wrap in square brackets, <var>host</var> is an IPv6 address, wrap in square brackets,
e.g. <code>pssl:6640:[::1]</code>. If <var>ip</var> is not e.g. <code>pssl:6640:[::1]</code>. If <var>host</var> is not
specified then it listens only on IPv4 (but not IPv6) addresses. specified then it listens only on IPv4 (but not IPv6) addresses.
A valid SSL configuration must be provided when this form is used, A valid SSL configuration must be provided when this form is used,
this can be specified either via command-line options or the this can be specified either via command-line options or the
@@ -2895,17 +2894,17 @@ tcp.flags = RST;
part of Open vSwitch. part of Open vSwitch.
</p> </p>
</dd> </dd>
<dt><code>ptcp:</code>[<var>port</var>][<code>:<var>ip</var></code>]</dt> <dt><code>ptcp:</code>[<var>port</var>][<code>:<var>host</var></code>]</dt>
<dd> <dd>
<p> <p>
Listens for connections on the specified TCP <var>port</var>. Listens for connections on the specified TCP <var>port</var>.
Specify 0 for <var>port</var> to have the kernel automatically Specify 0 for <var>port</var> to have the kernel automatically
choose an available port. If <var>ip</var>, which must be choose an available port. If <var>host</var>, which can either
expressed as an IP address (not a DNS name), is specified, then be a DNS name (if built with unbound library) or an IP address,
connections are restricted to the specified local IP address is specified, then connections are restricted to the resolved or
(either IPv4 or IPv6 address). If <var>ip</var> is an IPv6 specified local IP address (either IPv4 or IPv6 address). If
address, wrap it in square brackets, <var>host</var> is an IPv6 address, wrap it in square brackets,
e.g. <code>ptcp:6640:[::1]</code>. If <var>ip</var> is not e.g. <code>ptcp:6640:[::1]</code>. If <var>host</var> is not
specified then it listens only on IPv4 addresses. specified then it listens only on IPv4 addresses.
</p> </p>
<p> <p>

4
python/ovs/stream.py
View File

@@ -702,8 +702,8 @@ def usage(name):
return """ return """
Active %s connection methods: Active %s connection methods:
unix:FILE Unix domain socket named FILE unix:FILE Unix domain socket named FILE
tcp:IP:PORT TCP socket to IP with port no of PORT tcp:HOST:PORT TCP socket to HOST with port no of PORT
ssl:IP:PORT SSL socket to IP with port no of PORT ssl:HOST:PORT SSL socket to HOST with port no of PORT
Passive %s connection methods: Passive %s connection methods:
punix:FILE Listen on Unix domain socket FILE""" % (name, name) punix:FILE Listen on Unix domain socket FILE""" % (name, name)

3
rhel/openvswitch-fedora.spec.in
View File

@@ -87,8 +87,9 @@ BuildRequires: libpcap-devel numactl-devel
BuildRequires: dpdk-devel >= 17.05.1 BuildRequires: dpdk-devel >= 17.05.1
Provides: %{name}-dpdk = %{version}-%{release} Provides: %{name}-dpdk = %{version}-%{release}
%endif %endif
BuildRequires: unbound unbound-devel
Requires: openssl hostname iproute module-init-tools Requires: openssl hostname iproute module-init-tools unbound
#Upstream kernel commit 4f647e0a3c37b8d5086214128614a136064110c3 #Upstream kernel commit 4f647e0a3c37b8d5086214128614a136064110c3
#Requires: kernel >= 3.15.0-0 #Requires: kernel >= 3.15.0-0

1
rhel/openvswitch.spec.in
View File

@@ -38,6 +38,7 @@ BuildRequires: openssl-devel
BuildRequires: checkpolicy, selinux-policy-devel BuildRequires: checkpolicy, selinux-policy-devel
BuildRequires: autoconf, automake, libtool BuildRequires: autoconf, automake, libtool
BuildRequires: python-sphinx BuildRequires: python-sphinx
BuildRequires: unbound-devel
%bcond_without check %bcond_without check
%bcond_with check_datapath_kernel %bcond_with check_datapath_kernel

3
vswitchd/ovs-vswitchd.c
View File

@@ -51,6 +51,7 @@
#include "openvswitch/vconn.h" #include "openvswitch/vconn.h"
#include "openvswitch/vlog.h" #include "openvswitch/vlog.h"
#include "lib/vswitch-idl.h" #include "lib/vswitch-idl.h"
#include "lib/dns-resolve.h"
VLOG_DEFINE_THIS_MODULE(vswitchd); VLOG_DEFINE_THIS_MODULE(vswitchd);
@@ -81,6 +82,7 @@ main(int argc, char *argv[])
set_program_name(argv[0]); set_program_name(argv[0]);
ovsthread_id_init(); ovsthread_id_init();
dns_resolve_init(true);
ovs_cmdl_proctitle_init(argc, argv); ovs_cmdl_proctitle_init(argc, argv);
service_start(&argc, &argv); service_start(&argc, &argv);
remote = parse_options(argc, argv, &unixctl_path); remote = parse_options(argc, argv, &unixctl_path);
@@ -141,6 +143,7 @@ main(int argc, char *argv[])
service_stop(); service_stop();
vlog_disable_async(); vlog_disable_async();
ovsrcu_exit(); ovsrcu_exit();
dns_resolve_destroy();
return 0; return 0;
} }

94
vswitchd/vswitch.xml
View File

@@ -4431,26 +4431,25 @@ ovs-vsctl add-port br0 p0 -- set Interface p0 type=patch options:peer=p1 \
controllers: controllers:
</p> </p>
<dl> <dl>
<dt><code>ssl:<var>ip</var></code>[<code>:<var>port</var></code>]</dt> <dt><code>ssl:<var>host</var></code>[<code>:<var>port</var></code>]</dt>
<dd> <dd>
<p>The specified SSL <var>port</var> on the host at the <p>The specified SSL <var>port</var> on the host at the
given <var>ip</var>, which must be expressed as an IP given <var>host</var>, which can either be a DNS name (if built
address (not a DNS name). The <ref table="Open_vSwitch" with unbound library) or an IP address. The <ref table="Open_vSwitch"
column="ssl"/> column in the <ref table="Open_vSwitch"/> column="ssl"/> column in the <ref table="Open_vSwitch"/> table must
table must point to a valid SSL configuration when this form point to a valid SSL configuration when this form is used.</p>
is used.</p>
<p>If <var>port</var> is not specified, it defaults to 6653.</p> <p>If <var>port</var> is not specified, it defaults to 6653.</p>
<p>SSL support is an optional feature that is not always built as <p>SSL support is an optional feature that is not always built as
part of Open vSwitch.</p> part of Open vSwitch.</p>
</dd> </dd>
<dt><code>tcp:<var>ip</var></code>[<code>:<var>port</var></code>]</dt> <dt><code>tcp:<var>host</var></code>[<code>:<var>port</var></code>]</dt>
<dd> <dd>
<p> <p>
The specified TCP <var>port</var> on the host at the given The specified TCP <var>port</var> on the host at the given
<var>ip</var>, which must be expressed as an IP address (not a <var>host</var>, which can either be a DNS name (if built with
DNS name), where <var>ip</var> can be IPv4 or IPv6 address. If unbound library) or an IP address (IPv4 or IPv6). If <var>host</var>
<var>ip</var> is an IPv6 address, wrap it in square brackets, is an IPv6 address, wrap it in square brackets, e.g.
e.g. <code>tcp:[::1]:6653</code>. <code>tcp:[::1]:6653</code>.
</p> </p>
<p> <p>
If <var>port</var> is not specified, it defaults to 6653. If <var>port</var> is not specified, it defaults to 6653.
@@ -4462,19 +4461,19 @@ ovs-vsctl add-port br0 p0 -- set Interface p0 type=patch options:peer=p1 \
controllers: controllers:
</p> </p>
<dl> <dl>
<dt><code>pssl:</code>[<var>port</var>][<code>:<var>ip</var></code>]</dt> <dt><code>pssl:</code>[<var>port</var>][<code>:<var>host</var></code>]</dt>
<dd> <dd>
<p> <p>
Listens for SSL connections on the specified TCP <var>port</var>. Listens for SSL connections on the specified TCP <var>port</var>.
If <var>ip</var>, which must be expressed as an IP address (not a If <var>host</var>, which can either be a DNS name (if built with
DNS name), is specified, then connections are restricted to the unbound library) or an IP address, is specified, then connections
specified local IP address (either IPv4 or IPv6). If are restricted to the resolved or specified local IP address
<var>ip</var> is an IPv6 address, wrap it in square brackets, (either IPv4 or IPv6). If <var>host</var> is an IPv6 address,
e.g. <code>pssl:6653:[::1]</code>. wrap it in square brackets, e.g. <code>pssl:6653:[::1]</code>.
</p> </p>
<p> <p>
If <var>port</var> is not specified, it defaults to If <var>port</var> is not specified, it defaults to
6653. If <var>ip</var> is not specified then it listens only on 6653. If <var>host</var> is not specified then it listens only on
IPv4 (but not IPv6) addresses. The IPv4 (but not IPv6) addresses. The
<ref table="Open_vSwitch" column="ssl"/> <ref table="Open_vSwitch" column="ssl"/>
column in the <ref table="Open_vSwitch"/> table must point to a column in the <ref table="Open_vSwitch"/> table must point to a
@@ -4488,16 +4487,17 @@ ovs-vsctl add-port br0 p0 -- set Interface p0 type=patch options:peer=p1 \
part of Open vSwitch. part of Open vSwitch.
</p> </p>
</dd> </dd>
<dt><code>ptcp:</code>[<var>port</var>][<code>:<var>ip</var></code>]</dt> <dt><code>ptcp:</code>[<var>port</var>][<code>:<var>host</var></code>]</dt>
<dd> <dd>
<p> <p>
Listens for connections on the specified TCP <var>port</var>. If Listens for connections on the specified TCP <var>port</var>. If
<var>ip</var>, which must be expressed as an IP address (not a <var>host</var>, which can either be a DNS name (if built with
DNS name), is specified, then connections are restricted to the unbound library) or an IP address, is specified, then connections
specified local IP address (either IPv4 or IPv6). If are restricted to the resolved or specified local IP address
<var>ip</var> is an IPv6 address, wrap it in square brackets, (either IPv4 or IPv6). If <var>host</var> is an IPv6 address, wrap
e.g. <code>ptcp:6653:[::1]</code>. If <var>ip</var> is not it in square brackets, e.g. <code>ptcp:6653:[::1]</code>. If
specified then it listens only on IPv4 addresses. <var>host</var> is not specified then it listens only on IPv4
addresses.
</p> </p>
<p> <p>
If <var>port</var> is not specified, it defaults to 6653. If <var>port</var> is not specified, it defaults to 6653.
@@ -4834,12 +4834,12 @@ ovs-vsctl add-port br0 p0 -- set Interface p0 type=patch options:peer=p1 \
The following connection methods are currently supported: The following connection methods are currently supported:
</p> </p>
<dl> <dl>
<dt><code>ssl:<var>ip</var></code>[<code>:<var>port</var></code>]</dt> <dt><code>ssl:<var>host</var></code>[<code>:<var>port</var></code>]</dt>
<dd> <dd>
<p> <p>
The specified SSL <var>port</var> on the host at the given The specified SSL <var>port</var> on the host at the given
<var>ip</var>, which must be expressed as an IP address <var>host</var>, which can either be a DNS name (if built with
(not a DNS name). The <ref table="Open_vSwitch" unbound library) or an IP address. The <ref table="Open_vSwitch"
column="ssl"/> column in the <ref table="Open_vSwitch"/> column="ssl"/> column in the <ref table="Open_vSwitch"/>
table must point to a valid SSL configuration when this table must point to a valid SSL configuration when this
form is used. form is used.
@@ -4853,30 +4853,30 @@ ovs-vsctl add-port br0 p0 -- set Interface p0 type=patch options:peer=p1 \
</p> </p>
</dd> </dd>
<dt><code>tcp:<var>ip</var></code>[<code>:<var>port</var></code>]</dt> <dt><code>tcp:<var>host</var></code>[<code>:<var>port</var></code>]</dt>
<dd> <dd>
<p> <p>
The specified TCP <var>port</var> on the host at the given The specified TCP <var>port</var> on the host at the given
<var>ip</var>, which must be expressed as an IP address (not a <var>host</var>, which can either be a DNS name (if built with
DNS name), where <var>ip</var> can be IPv4 or IPv6 address. If unbound library) or an IP address (IPv4 or IPv6). If <var>host</var>
<var>ip</var> is an IPv6 address, wrap it in square brackets, is an IPv6 address, wrap it in square brackets, e.g.
e.g. <code>tcp:[::1]:6640</code>. <code>tcp:[::1]:6640</code>.
</p> </p>
<p> <p>
If <var>port</var> is not specified, it defaults to 6640. If <var>port</var> is not specified, it defaults to 6640.
</p> </p>
</dd> </dd>
<dt><code>pssl:</code>[<var>port</var>][<code>:<var>ip</var></code>]</dt> <dt><code>pssl:</code>[<var>port</var>][<code>:<var>host</var></code>]</dt>
<dd> <dd>
<p> <p>
Listens for SSL connections on the specified TCP <var>port</var>. Listens for SSL connections on the specified TCP <var>port</var>.
Specify 0 for <var>port</var> to have the kernel automatically Specify 0 for <var>port</var> to have the kernel automatically
choose an available port. If <var>ip</var>, which must be choose an available port. If <var>host</var>, which can either
expressed as an IP address (not a DNS name), is specified, then be a DNS name (if built with unbound library) or an IP address,
connections are restricted to the specified local IP address is specified, then connections are restricted to the resolved or
(either IPv4 or IPv6 address). If <var>ip</var> is an IPv6 specified local IP address (either IPv4 or IPv6 address). If
address, wrap in square brackets, <var>host</var> is an IPv6 address, wrap in square brackets,
e.g. <code>pssl:6640:[::1]</code>. If <var>ip</var> is not e.g. <code>pssl:6640:[::1]</code>. If <var>host</var> is not
specified then it listens only on IPv4 (but not IPv6) addresses. specified then it listens only on IPv4 (but not IPv6) addresses.
The <ref table="Open_vSwitch" column="ssl"/> column in the <ref The <ref table="Open_vSwitch" column="ssl"/> column in the <ref
table="Open_vSwitch"/> table must point to a valid SSL table="Open_vSwitch"/> table must point to a valid SSL
@@ -4890,17 +4890,17 @@ ovs-vsctl add-port br0 p0 -- set Interface p0 type=patch options:peer=p1 \
part of Open vSwitch. part of Open vSwitch.
</p> </p>
</dd> </dd>
<dt><code>ptcp:</code>[<var>port</var>][<code>:<var>ip</var></code>]</dt> <dt><code>ptcp:</code>[<var>port</var>][<code>:<var>host</var></code>]</dt>
<dd> <dd>
<p> <p>
Listens for connections on the specified TCP <var>port</var>. Listens for connections on the specified TCP <var>port</var>.
Specify 0 for <var>port</var> to have the kernel automatically Specify 0 for <var>port</var> to have the kernel automatically
choose an available port. If <var>ip</var>, which must be choose an available port. If <var>host</var>, which can either
expressed as an IP address (not a DNS name), is specified, then be a DNS name (if built with unbound library) or an IP address,
connections are restricted to the specified local IP address is specified, then connections are restricted to the resolved or
(either IPv4 or IPv6 address). If <var>ip</var> is an IPv6 specified local IP address (either IPv4 or IPv6 address). If
address, wrap it in square brackets, <var>host</var> is an IPv6 address, wrap it in square brackets,
e.g. <code>ptcp:6640:[::1]</code>. If <var>ip</var> is not e.g. <code>ptcp:6640:[::1]</code>. If <var>host</var> is not
specified then it listens only on IPv4 addresses. specified then it listens only on IPv4 addresses.
</p> </p>
<p> <p>

34
vtep/vtep.xml
View File

@@ -116,12 +116,12 @@
The following connection methods are currently supported: The following connection methods are currently supported:
</p> </p>
<dl> <dl>
<dt><code>ssl:<var>ip</var></code>[<code>:<var>port</var></code>]</dt> <dt><code>ssl:<var>host</var></code>[<code>:<var>port</var></code>]</dt>
<dd> <dd>
<p> <p>
The specified SSL <var>port</var> (default: 6640) on the host at The specified SSL <var>port</var> (default: 6640) on the given
the given <var>ip</var>, which must be expressed as an IP address <var>host</var>, which can either be a DNS name (if built with
(not a DNS name). unbound library) or an IP address.
</p> </p>
<p> <p>
SSL key and certificate configuration happens outside the SSL key and certificate configuration happens outside the
@@ -129,27 +129,29 @@
</p> </p>
</dd> </dd>
<dt><code>tcp:<var>ip</var></code>[<code>:<var>port</var></code>]</dt> <dt><code>tcp:<var>host</var></code>[<code>:<var>port</var></code>]</dt>
<dd> <dd>
The specified TCP <var>port</var> (default: 6640) on the host at The specified TCP <var>port</var> (default: 6640) on the given
the given <var>ip</var>, which must be expressed as an IP address <var>host</var>, which can either be a DNS name (if built with
(not a DNS name). unbound library) or an IP address.
</dd> </dd>
<dt><code>pssl:</code>[<var>port</var>][<code>:<var>ip</var></code>]</dt> <dt><code>pssl:</code>[<var>port</var>][<code>:<var>host</var></code>]</dt>
<dd> <dd>
<p> <p>
Listens for SSL connections on the specified TCP <var>port</var> Listens for SSL connections on the specified TCP <var>port</var>
(default: 6640). If <var>ip</var>, which must be expressed as an (default: 6640). If <var>host</var>, which can either be a DNS
IP address (not a DNS name), is specified, then connections are name (if built with unbound library) or an IP address, is
restricted to the specified local IP address. specified, then connections are restricted to the resolved or
specified local IP address.
</p> </p>
</dd> </dd>
<dt><code>ptcp:</code>[<var>port</var>][<code>:<var>ip</var></code>]</dt> <dt><code>ptcp:</code>[<var>port</var>][<code>:<var>host</var></code>]</dt>
<dd> <dd>
Listens for connections on the specified TCP <var>port</var> Listens for connections on the specified TCP <var>port</var>
(default: 6640). If <var>ip</var>, which must be expressed as an (default: 6640). If <var>host</var>, which can either be a DNS
IP address (not a DNS name), is specified, then connections are name (if built with unbound library) or an IP address, is
restricted to the specified local IP address. specified, then connections are restricted to the resolved or
specified local IP address.
</dd> </dd>
</dl> </dl>
</column> </column>