OpenVSwitch: update to latest HEAD

Signed-off-by: John Crispin <john@phrozen.org>
2025-10-30 01:52:51 +00:00 · 2021-08-03 08:00:52 +02:00
parent f3b980081e
commit df6b7fea80
8 changed files with 148 additions and 14 deletions
--- a/feeds/openflow/openvswitch/Config.in
+++ b/feeds/openflow/openvswitch/Config.in
@@ -0,0 +1,8 @@
+menu "Configuration"
+	depends on PACKAGE_openvswitch
+
+	config	OPENVSWITCH_WITH_LIBUNBOUND
+		bool
+		default y
+		prompt "Build with libunbound library."
+endmenu
--- a/feeds/openflow/openvswitch/Makefile
+++ b/feeds/openflow/openvswitch/Makefile
@@ -17,7 +17,7 @@ include ./openvswitch.mk
 #
 PKG_NAME:=openvswitch
 PKG_VERSION:=$(ovs_version)
-PKG_RELEASE:=1
+PKG_RELEASE:=6
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://www.openvswitch.org/releases/
 PKG_HASH:=7d5797f2bf2449c6a266149e88f72123540f7fe7f31ad52902057ae8d8f88c38
@@ -40,6 +40,9 @@ include $(INCLUDE_DIR)/package.mk
 include $(TOPDIR)/feeds/packages/lang/python/python3-host.mk
 include $(TOPDIR)/feeds/packages/lang/python/python3-package.mk

+define Package/openvswitch/config
+source "$(SOURCE)/Config.in"
+endef

 ovs_kmod_packages:=
 ovs_kmod_intree_kernel_patchver_min:=3.10
@@ -150,8 +153,11 @@ $(eval $(call OvsKmodPackageTemplate,openvswitch-lisp-intree))
 #
 ovs_libopenvswitch_title:=Open vSwitch (libopenvswitch.so)
 ovs_libopenvswitch_hidden:=1
-ovs_libopenvswitch_depends:=+libopenssl +libunbound +!(arc||arceb):libunwind
+ovs_libopenvswitch_depends:=+libopenssl +!(arc||arceb):libunwind
 ovs_libopenvswitch_depends+=+libatomic
+ifeq ($(CONFIG_KEEPALIVED_ROUTES),y)
+ovs_libopenvswitch_depends+=+libunbound
+endif
 ovs_libopenvswitch_files:=usr/lib/libopenvswitch*.so*
 $(eval $(call OvsPackageTemplate,libopenvswitch))

@@ -243,6 +249,7 @@ CONFIGURE_ARGS+= \
 	--disable-silent-rules \

 CONFIGURE_VARS += \
+	$(if $(CONFIG_OPENVSWITCH_WITH_LIBUNBOUND),,ac_cv_lib_unbound_ub_ctx_create=no) \
 	ovs_cv_flake8=no \
 	ovs_cv_python3=$(PYTHON3) \
 	ovs_cv_python3_host=$(HOST_PYTHON3_BIN) \
--- a/feeds/openflow/openvswitch/README.md
+++ b/feeds/openflow/openvswitch/README.md
@@ -63,17 +63,42 @@ E.g. replace in-tree datapath module with upstream version

 # UCI configuration options

-There are 4 config section types in package openvswitch:
+There are 5 config section types in package openvswitch:
 ovs ovn_northd, ovn_controller & ovs_bridge.

 Each of these supports a disabled option, which should be 
 set to 0 to launch the respective daemons.

+The ovs section section also supports the options below, to configure a set of
+SSL CA, certificate and private key. After adding these to Open vSwitch, you
+may specify ssl: connection methods for e.g. the OpenFlow controller. Note that
+Open vSwitch only reads these files during startup, so it needs to be restarted
+after adding or changing these options.
+
+| Name     | Type    | Required | Default | Description                       |
+|----------|---------|----------|---------|-----------------------------------|
+| disabled | boolean | no       | 0       | If set to 1, do not configure SSL |
+| ca       | string  | no       | (none)  | Path to CA certificate            |
+| cert     | string  | no       | (none)  | Path to certificate               |
+| key      | string  | no       | (none)  | Path to private key               |
+
 The ovs_bridge section also supports the options below,
 for initialising a virtual bridge with an OpenFlow controller.

-| Name       | Type    | Required | Default                        | Description                                                |
-|------------|---------|----------|--------------------------------|------------------------------------------------------------|
-| disabled   | boolean | no       | 0                              | If set to true, disable initialisation of the named bridge |
-| name       | string  | no       | Inherits UCI config block name | The name of the switch in the OVS daemon                   |
-| controller | string  | no       | (none)                         | The endpoint of an OpenFlow controller for this bridge     |
+| Name        | Type    | Required | Default                        | Description                                                |
+|-------------|---------|----------|--------------------------------|------------------------------------------------------------|
+| disabled    | boolean | no       | 0                              | If set to true, disable initialisation of the named bridge |
+| name        | string  | no       | Inherits UCI config block name | The name of the switch in the OVS daemon                   |
+| controller  | string  | no       | (none)                         | The endpoint of an OpenFlow controller for this bridge     |
+| datapath_id | string  | no       | (none)                         | The OpenFlow datapath ID for this bridge                   |
+
+The ovs_port section can be used to add ports to a bridge. It supports the options below.
+
+| Name     | Type    | Required | Default | Description
+| ---------|---------|----------|---------|------------------------------------------------|
+| disabled | boolean | no       | 0       | If set to 1, do not add the port to the bridge |
+| bridge   | string  | yes      | (none)  | Name of the bridge to add the port to          |
+| port     | string  | yes      | (none)  | Name of the port to add to the bridge          |
+| ofport   | integer | no       | (none)  | OpenFlow port number to be used by the port    |
+| tag      | integer | no       | (none)  | 802.1Q VLAN tag to set on the port             |
+| type     | string  | no       | (none)  | Port type, e.g. internal, erspan, type, ...    |
--- a/feeds/openflow/openvswitch/files/openvswitch.config
+++ b/feeds/openflow/openvswitch/files/openvswitch.config
@@ -1,5 +1,8 @@
 config ovs ovs
 	option disabled 1
+	option ca '/etc/openvswitch/example_ca.crt'
+	option cert '/etc/openvswitch/example_cert.crt'
+	option key '/etc/openvswitch/example_key.crt'

 config ovn_northd north
 	option disabled 1
@@ -10,4 +13,13 @@ config ovn_controller controller
 config ovs_bridge
 	option disabled 1
 	option name 'my-bridge'
-	option controller 'tcp:192.168.0.1'
+	option controller 'tcp:192.168.0.1'
+	option datapath_id ''
+
+config ovs_port
+	option disabled 1
+	option bridge 'my-bridge'
+	option port 'ovs-port1'
+	option ofport '1'
+	option tag '123'
+	option type 'internal'
--- a/feeds/openflow/openvswitch/files/openvswitch.init
+++ b/feeds/openflow/openvswitch/files/openvswitch.init
@@ -7,6 +7,8 @@
 . /lib/functions/procd.sh
 START=15

+basescript=$(readlink "$initscript")
+
 ovs_ctl="/usr/share/openvswitch/scripts/ovs-ctl"; [ -x "$ovs_ctl" ] || ovs_ctl=:
 ovn_ctl="/usr/share/ovn/scripts/ovn-ctl"; [ -x "$ovn_ctl" ] || ovn_ctl=:

@@ -59,7 +61,12 @@ ovs_action() {
 		config_foreach "ovs_xx" "$cfgtype" "$action" "$cfgtype"
 	done

-	config_foreach ovs_bridge_init "ovs_bridge"
+	case "$action" in
+		restart|start)
+			config_foreach ovs_bridge_init "ovs_bridge"
+			;;
+	esac
+
 }

 ovs_xx() {
@@ -83,6 +90,7 @@ ovs_xx() {
 		ovs)
 			"$ovs_ctl" "$action" \
 				--system-id=random 1000>&-
+			ovs_set_ssl
 			;;
 		ovn_*)
 			"$ovn_ctl" "${action}_${cfgtype#ovn_}"
@@ -116,6 +124,47 @@ ovs_bridge_port_add() {
 	__port_list="$__port_list ${port} "
 }

+ovs_bridge_port_add_complex() {
+	local cfg="$1"
+	local cur_bridge="$2"
+
+	local bridge disabled ofport port tag type
+	local cur_tag cur_type del_port
+
+	config_get_bool disabled "$cfg" disabled 0
+	[ "$disabled" = "0" ] || return
+
+	config_get bridge "$cfg" bridge
+	[ "$bridge" = "$cur_bridge" ] || return
+	ovs-vsctl br-exists "$bridge" || return
+
+	config_get port "$cfg" port
+	[ -n "$port" ] || return
+
+	config_get ofport "$cfg" ofport
+
+	config_get tag "$cfg" tag
+	if [ -n "$tag" ]; then
+		if cur_tag="$(ovs-vsctl get port "$port" tag 2>/dev/null)"; then
+			[ "$tag" = "$cur_tag" ] || del_port=1
+		fi
+	fi
+
+	config_get type "$cfg" type
+	if [ -n "$type" ]; then
+		if cur_type="$(ovs-vsctl get interface "$port" type 2>/dev/null)"; then
+			[ "$type" = "$cur_type" ] || del_port=1
+		fi
+	fi
+
+	[ "${del_port:-0}" -eq 1 ] && ovs-vsctl --if-exists del-port "$bridge" "$port"
+
+	ovs-vsctl --may-exist add-port "$bridge" "$port" ${tag:+tag="$tag"} \
+		${ofport:+ -- set interface "$port" ofport_request="$ofport"} \
+		${type:+ -- set interface "$port" type="$type"}
+	__port_list="$__port_list ${port} "
+}
+
 ovs_bridge_port_cleanup() {
 	for port in `ovs-vsctl list-ports "$name"`; do
 		case "$__port_list" in
@@ -125,12 +174,26 @@ ovs_bridge_port_cleanup() {
 	done
 }

+ovs_bridge_validate_datapath_id() {
+	local dpid="$1"
+
+	if expr "$dpid" : '[[:xdigit:]]\{16\}$' > /dev/null; then
+		return 0
+	elif expr "$dpid" : '0x[[:xdigit:]]\{1,16\}$' > /dev/null; then
+		return 0
+	else
+		logger -t openvswitch "invalid datapath_id: $dpid"
+		return 1
+	fi
+}
+
 ovs_bridge_init() {
 	local cfg="$1"

 	local disabled
 	local name
 	local controller
+	local datapath_id

 	config_get_bool disabled "$cfg" disabled 0
 	[ "$disabled" == "0" ] || return
@@ -138,7 +201,15 @@ ovs_bridge_init() {
 	config_get name "$cfg" name $cfg
 	ovs-vsctl --may-exist add-br "$name"

+	config_get datapath_id "$cfg" datapath_id
+	[ -n "$datapath_id" ] && {
+		ovs_bridge_validate_datapath_id "$datapath_id" && {
+			ovs-vsctl --if-exists set bridge "$name" other-config:datapath-id="$datapath_id"
+		}
+	}
+
 	config_list_foreach "$cfg" "ports" ovs_bridge_port_add
+	config_foreach ovs_bridge_port_add_complex ovs_port "$name"
 	config_get_bool drop "$cfg" "drop_unknown_ports" 0
 	[ "$drop" == 1 ] && ovs_bridge_port_cleanup

@@ -146,3 +217,14 @@ ovs_bridge_init() {
 	[ -n "$controller" ] && \
 		ovs-vsctl set-controller "$name" "$controller"
 }
+
+ovs_set_ssl() {
+	local ca="$(uci -q get openvswitch.ovs.ca)"
+	[ -f "$ca" ] || return
+	local cert="$(uci get openvswitch.ovs.cert)"
+	[ -f "$cert" ] || return
+	local key="$(uci get openvswitch.ovs.key)"
+	[ -f "$key" ] || return
+
+	ovs-vsctl set-ssl "$key" "$cert" "$ca"
+}
--- a/feeds/openflow/openvswitch/patches/0002-python-separate-host-target-python-for-cross-compile.patch
+++ b/feeds/openflow/openvswitch/patches/0002-python-separate-host-target-python-for-cross-compile.patch
@@ -22,7 +22,7 @@ Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
 BUILT_SOURCES =
 --- a/m4/openvswitch.m4
 +++ b/m4/openvswitch.m4
-@@ -383,6 +383,8 @@ else:
+@@ -372,6 +372,8 @@ else:
      AC_MSG_ERROR([Python 3.4 or later is required but not found in $PATH, please install it or set $PYTHON3 to point to it])
    fi
    AC_ARG_VAR([PYTHON3])
--- a/feeds/openflow/openvswitch/patches/0004-build-trim-build.patch
+++ b/feeds/openflow/openvswitch/patches/0004-build-trim-build.patch
@@ -10,7 +10,7 @@ Signed-off-by: Yousong Zhou <zhouyousong@yunionyun.com>

 --- a/Makefile.am
 +++ b/Makefile.am
-@@ -475,12 +475,10 @@ dist-docs:
+@@ -477,12 +477,10 @@ dist-docs:
 	VERSION=$(VERSION) MAKE='$(MAKE)' $(srcdir)/build-aux/dist-docs $(srcdir) $(docs)
 .PHONY: dist-docs
 
--- a/feeds/openflow/openvswitch/patches/0007-build-only-link-libopenvswitch-with-libunwind-libunb.patch
+++ b/feeds/openflow/openvswitch/patches/0007-build-only-link-libopenvswitch-with-libunwind-libunb.patch
@@ -32,7 +32,7 @@ Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
 Cflags: -I${includedir}/openvswitch
 --- a/m4/openvswitch.m4
 +++ b/m4/openvswitch.m4
-@@ -657,7 +657,8 @@ AC_DEFUN([OVS_CHECK_UNBOUND],
+@@ -646,7 +646,8 @@ AC_DEFUN([OVS_CHECK_UNBOUND],
   [AC_CHECK_LIB(unbound, ub_ctx_create, [HAVE_UNBOUND=yes], [HAVE_UNBOUND=no])
    if test "$HAVE_UNBOUND" = yes; then
      AC_DEFINE([HAVE_UNBOUND], [1], [Define to 1 if unbound is detected.])
@@ -42,7 +42,7 @@ Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
    fi
    AM_CONDITIONAL([HAVE_UNBOUND], [test "$HAVE_UNBOUND" = yes])
    AC_SUBST([HAVE_UNBOUND])])
-@@ -669,7 +670,8 @@ AC_DEFUN([OVS_CHECK_UNWIND],
+@@ -658,7 +659,8 @@ AC_DEFUN([OVS_CHECK_UNWIND],
    [HAVE_UNWIND=no])
    if test "$HAVE_UNWIND" = yes; then
      AC_DEFINE([HAVE_UNWIND], [1], [Define to 1 if unwind is detected.])