packages/net/openvswitch/files, branch masterMirror of packages feedhttps://git.openwrt.org/feed/packages/atom?h=master2021-11-19T06:15:42Zopenvswitch: bring up member ports2021-11-19T06:15:42ZStijn Tintel2021-10-29T18:27:56Zurn:sha1:596051c77e8470e856ca200686b4fb55359e027a
Open vSwitch does not bring up ports automatically. This is not a
problem for wireless ports, or for ports configured in
/etc/config/network, but other ports will be down, and require manual
interaction to be brought up. Configuring them with proto none will
cause netifd to do some actions on them, which might cause undefined
results, and will also bloat the UCI config file.
The cleanest solution is to bring all member ports up as part of the
init script.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
openvswitch: add option for failure mode2021-09-23T01:15:34ZStijn Tintel2021-09-21T11:58:15Zurn:sha1:9e45d4534807d372cbb22b1fa734b4d79b42a8a9
When Open vSwitch is configured to use a controller, but is unable to
connect to it, Open vSwitch will setup flows to allow all traffic, if
the failure mode is not configured, or set to standalone.
As this might be a security hazard, it is also possible to configure
Open vSwitch in a secure failure mode. Enabling this mode causes Open
vSwitch to drop all traffic if it is unable to connect to the
controller.
Redirect stderr of the command to /dev/null as it does not support the
--if-exists option.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
openvswitch: add option for OpenFlow datapath desc2021-09-22T12:40:45ZStijn Tintel2021-08-23T13:33:19Zurn:sha1:c05103da92ecb00545d591840eae688452f350c2
Add a UCI config option to set the OpenFlow datapath description. This
allows setting a human readable description of the bridge, e.g.
"Building x, Floor y, AP z", which makes it easier to recognize the AP.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
openvswitch: add SSL support2021-07-29T09:30:39ZStijn Tintel2021-07-27T10:00:15Zurn:sha1:653716eb19121752ad041a3faffc61777698e82a
Open vSwitch supports SSL to connect to an OpenFlow controller. This is
recommended for security. Expand the UCI ovs config section to allow
configuring SSL CA, certificate and private key.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
openvswitch: add missing basescript variable2021-07-29T09:30:22ZStijn Tintel2021-07-28T14:48:41Zurn:sha1:2430c4ef82a58d9a2903785a8edef7392f49bea2
The Open vSwitch init script does not set USE_PROCD=1. Instead, it
defines most of the functions and variables that would be set when
USE_PROCD is set to 1, but with some minor changes.
The basescript variable however, which is used when calling
procd_open_service and procd_kill, is not set. As a result, basename of
the contents of the initscript variable is used as the service name. As
the service is automatically started via its symlink in /etc/rc.d,
S15openvswitch, the service name is S15openvswitch.
Set the basescript variable so that the service name is openvswitch.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
openvswitch: support setting OpenFlow datapath ID2021-07-29T08:02:34ZStijn Tintel2021-07-26T16:04:19Zurn:sha1:4a4c1634e61a670a6bbbcd6cac467b62e48dbff3
By default, Open vSwitch will generate the OpenFlow datapath ID of a
bridge based on the MAC address of one of its ports. Due to this, it's
possible that the datapath ID changes when new ports are added. When the
datapath ID changes, Open vSwitch disconnects from the controller, as
there is no way to notify the controller that the datapath ID has
changed.
Add an option to set the datapath ID so that the above situation can be
avoided. The option takes either exactly 16 hex characters, or when
prefixed with 0x, between 1 and 16 hex characters.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
openvswitch: allow complex port configurations2021-07-23T09:16:29ZStijn Tintel2021-07-20T14:07:52Zurn:sha1:eff5adb9a3a3e754ca7c2b496606356589eee0a8
The current way to add ports to an Open vSwitch bridge does not allow
complex port configurations. Use a dedicated uci config section per port
instead of the current port:type syntax. This way we can easily support
more features like setting the VLAN tag or the OpenFlow port number.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
openvswitch: only init bridges when (re)starting2021-07-23T09:16:29ZStijn Tintel2021-07-20T17:22:49Zurn:sha1:a5648280b3377d6779c281c4af8352dc42f9ac58
Calling the ovs_bridge_init function when stopping the service will
result in ovs-vsctl being called after ovsdb-server has been shut down.
This causes the following error:
ovs-vsctl: unix:/var/run/openvswitch/db.sock: database connection failed (No such file or directory)
Calling the ovs_bridge_init function when requesting the service status
has no added value.
Only call ovs_bridge_init during start or restart to fix this.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
openvswitch: close flock fd when starting openvswitch services2021-07-20T12:26:55ZFelix Fietkau2021-07-20T12:26:54Zurn:sha1:ec56b98a7ec031b6cc119202617ecbfe98c810aa
Fixes deadlock with multiple init script calls
Signed-off-by: Felix Fietkau <nbd@nbd.name>
openvswitch: add support for definining bridge ports in the config2021-06-23T13:49:28ZFelix Fietkau2021-06-23T13:46:34Zurn:sha1:1038ac123558b960e7b661f1133b5a920173345e
Add limited procd support to handle config reload
Option drop_unknown_ports can be used to ensure that only configured ports
are part of the bridge
Signed-off-by: Felix Fietkau <nbd@nbd.name>