The daemon library provides a few short options, but these then take
away their availability from programs that wish to use the library.
Since the daemon options are generally going to be called from a script
(which doesn't care how much typing is involved), we'll only provide
long options.
A previous checkin added the cfg_init() function, so we now call it. We
also check the return value of the initial call to cfg_read(), since if
it fails, there's not much point in continuing.
This new abstraction layer allows multiple implementations of network
devices in a single running process. This will be useful, for example, to
support network devices that are simulated entirely in the running process
or that communicate with other processes over Unix domain sockets, etc.
The reimplemented tap device support in this commit has not been tested.
Until now, setting a netflow collector to a DNS name would cause
secchan to attempt to resolve that DNS name each time that the set of
netflow collectors is re-set. For the vswitch, this is every time that
the vswitch reconfigures itself.
Unfortunately, DNS lookup within secchan cannot work as currently
implemented, because it needs both an asynchronous DNS resolver library
and in-band control updates. Currently we have neither. Attempting to
look up DNS anyway just hangs.
This commit disables DNS lookup entirely, and updates the documentation to
change user expectations. DNS still won't work, but at least it won't
hang.
Bug #1609.
OpenFlow 0.9 will change the interpretation of a max_len of 0 in an
OFPP_CONTROLLER output action from "send entire packet" to "send 0 bytes
of packet", but ovs-ofctl documents that specifying no argument or "ALL"
as the argument to a CONTROLLER output action sends the whole packet, so
we need to make that happen.
Soon we will allow for multiple datapath implementations. By allowing
the datapath to choose the port numbers, we possibly simplify some datapath
implementations, and the datapath's clients don't have to guess (or to
check) what port numbers are free, so this seems like a better way to go.
This function is easier for callers to use if they do not have to guess
how many ports are in the group. Since it's not performance critical at
all, introduce these easier semantics.
dpif_id() is often used in error messages, e.g. "dp%u: screwed up". But
soon we will be generalizing the concept of a datapath, so it is better
to have a function that returns a full name, e.g. "%s: screwed up".
Accordingly, this commit replaces dpif_id() by a new function dpif_name()
that does so.
With multiple kinds of datapaths, code should not just use
"dp%u" along with dpif_minor() to print a datapath name, because not all
datapaths can sensibly be named that way. We want to use a function
with a name like dpif_get_name() to retrieve a datapath name for printing
to the user, in which case the existing dpif_get_name() function would be
confusing. So rename the existing one to something more explicit.
The TCP and SSL vconn implementations had a lot of common code to make
and accept TCP connections, which this commit factors out into common
functions in socket-util.c.
Also adds the ability to bind ptcp and pssl vconns to a particular IP
address instead of the wildcard address.
The controller discovery code has always had the capability to whitelist
only certain types of controller locations. Until now, we have only taken
advantage of this when SSL is enabled (so that all OpenFlow connections are
authenticated with SSL if SSL is configured).
However, it occurs to me that making the section of connections entirely
unrestricted is too permissive. An attacker could make the vswitch connect
to an arbitrary Unix domain socket, for example. I don't have a
description of how this is an exploitable security vulnerability, but it
seems entirely too lax.
So: this commit changes the default to allowing only TCP connections to
controller in the non-SSL case.
The glibc 2.7 headers contain a bug that causes strtok_r() to segfault
in some circumstances. Until now, we have been working around this
problem at each invocation, but this depends on the programmer to remember
to do so each time.
This commit instead adds a shim that adds a work-around to the string.h
header itself, so that it is much more difficult to miss the workaround.
