From efee6698cf2914ba47471bc8c5bf3d2ae7c4ab5b Mon Sep 17 00:00:00 2001
From: John Crispin <john@phrozen.org>
Date: Tue, 3 Aug 2021 07:57:34 +0200
Subject: [PATCH] schema: improve OpenFlow support

Signed-off-by: John Crispin <john@phrozen.org>
---
 renderer/renderer.uc                     |  3 +++
 renderer/templates/services/open_flow.uc | 15 +++++++++--
 schema/service.open-flow.yml             | 12 +++++++++
 schemareader.uc                          | 33 ++++++++++++++++++++++++
 ucentral.schema.json                     |  9 +++++++
 5 files changed, 70 insertions(+), 2 deletions(-)

diff --git a/renderer/renderer.uc b/renderer/renderer.uc
index 9d00238..b88484c 100644
--- a/renderer/renderer.uc
+++ b/renderer/renderer.uc
@@ -13,6 +13,8 @@ let conn = ubus ? ubus.connect() : null;
 let capabfile = fs.open("/etc/ucentral/capabilities.json", "r");
 let capab = capabfile ? json(capabfile.read("all")) : null;
 
+let serial = cursor.get("ucentral", "config", "serial");
+
 assert(cursor, "Unable to instantiate uci");
 assert(conn, "Unable to connect to ubus");
 assert(capab, "Unable to load capabilities");
@@ -661,6 +663,7 @@ return {
 			files,
 			shell,
 			routing_table,
+			serial,
 
 			warn: (fmt, ...args) => push(logs, sprintf("[W] (In %s) ", location || '/') + sprintf(fmt, ...args)),
 			info: (fmt, ...args) => push(logs, sprintf("[!] (In %s) ", location || '/') + sprintf(fmt, ...args))
diff --git a/renderer/templates/services/open_flow.uc b/renderer/templates/services/open_flow.uc
index 34188fd..f7948e1 100644
--- a/renderer/templates/services/open_flow.uc
+++ b/renderer/templates/services/open_flow.uc
@@ -9,8 +9,19 @@
 
 set openvswitch.ovs.disabled=0
 
+set openvswitch.ovs.disabled="0"
+set openvswitch.ovs.ca={{ s(files.add_anonymous(location, 'ca', b64dec(open_flow.ca_certificate))) }}
+set openvswitch.ovs.cert={{ s(files.add_anonymous(location, 'cert', b64dec(open_flow.server_certificate))) }}
+set openvswitch.ovs.key={{ s(files.add_anonymous(location, 'key', b64dec(open_flow.private_key))) }}
+
 delete openvswitch.@ovs_bridge[0]
 add openvswitch ovs_bridge
-set openvswitch.@ovs_bridge[-1].controller="tcp:{{open_flow.controller }}"
+set openvswitch.@ovs_bridge[-1].controller="ssl:{{ open_flow.controller }}"
+set openvswitch.@ovs_bridge[-1].datapath_id="0x{{ serial }}"
 set openvswitch.@ovs_bridge[-1].name="br-ovs"
-add_list openvswitch.@ovs_bridge[-1].ports="gw0:internal"
+
+add openvswitch ovs_port
+set openvswitch.@ovs_port[-1].bridge="br-ovs"
+set openvswitch.@ovs_port[-1].port="gw0"
+set openvswitch.@ovs_port[-1].ofport="1"
+set openvswitch.@ovs_port[-1].type="internal"
diff --git a/schema/service.open-flow.yml b/schema/service.open-flow.yml
index b35008e..3e10d20 100644
--- a/schema/service.open-flow.yml
+++ b/schema/service.open-flow.yml
@@ -8,3 +8,15 @@ properties:
     type: string
     uc-format: cidr
     example: 192.168.10.1
+  ca-certificate:
+    description:
+       The local servers CA bundle.
+    type: string
+  server-certificate:
+    description:
+       The local servers certificate.
+    type: string
+  private-key:
+    description:
+      The local servers private key/
+    type: string
diff --git a/schemareader.uc b/schemareader.uc
index f6503c1..7fc0f0f 100644
--- a/schemareader.uc
+++ b/schemareader.uc
@@ -4339,6 +4339,39 @@ function instantiateServiceOpenFlow(location, value, errors) {
 			obj.controller = parseController(location + "/controller", value["controller"], errors);
 		}
 
+		function parseCaCertificate(location, value, errors) {
+			if (type(value) != "string")
+				push(errors, [ location, "must be of type string" ]);
+
+			return value;
+		}
+
+		if (exists(value, "ca-certificate")) {
+			obj.ca_certificate = parseCaCertificate(location + "/ca-certificate", value["ca-certificate"], errors);
+		}
+
+		function parseServerCertificate(location, value, errors) {
+			if (type(value) != "string")
+				push(errors, [ location, "must be of type string" ]);
+
+			return value;
+		}
+
+		if (exists(value, "server-certificate")) {
+			obj.server_certificate = parseServerCertificate(location + "/server-certificate", value["server-certificate"], errors);
+		}
+
+		function parsePrivateKey(location, value, errors) {
+			if (type(value) != "string")
+				push(errors, [ location, "must be of type string" ]);
+
+			return value;
+		}
+
+		if (exists(value, "private-key")) {
+			obj.private_key = parsePrivateKey(location + "/private-key", value["private-key"], errors);
+		}
+
 		return obj;
 	}
 
diff --git a/ucentral.schema.json b/ucentral.schema.json
index bde3e30..3b63b29 100644
--- a/ucentral.schema.json
+++ b/ucentral.schema.json
@@ -1644,6 +1644,15 @@
                     "type": "string",
                     "uc-format": "cidr",
                     "example": "192.168.10.1"
+                },
+                "ca-certificate": {
+                    "type": "string"
+                },
+                "server-certificate": {
+                    "type": "string"
+                },
+                "private-key": {
+                    "type": "string"
                 }
             }
         },