diff --git a/feeds/openflow/openvswitch/Config.in b/feeds/openflow/openvswitch/Config.in new file mode 100644 index 000000000..ba17072f8 --- /dev/null +++ b/feeds/openflow/openvswitch/Config.in @@ -0,0 +1,8 @@ +menu "Configuration" + depends on PACKAGE_openvswitch + + config OPENVSWITCH_WITH_LIBUNBOUND + bool + default y + prompt "Build with libunbound library." +endmenu diff --git a/feeds/openflow/openvswitch/Makefile b/feeds/openflow/openvswitch/Makefile index f906518db..2772b64d5 100644 --- a/feeds/openflow/openvswitch/Makefile +++ b/feeds/openflow/openvswitch/Makefile @@ -17,7 +17,7 @@ include ./openvswitch.mk # PKG_NAME:=openvswitch PKG_VERSION:=$(ovs_version) -PKG_RELEASE:=1 +PKG_RELEASE:=6 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://www.openvswitch.org/releases/ PKG_HASH:=7d5797f2bf2449c6a266149e88f72123540f7fe7f31ad52902057ae8d8f88c38 @@ -40,6 +40,9 @@ include $(INCLUDE_DIR)/package.mk include $(TOPDIR)/feeds/packages/lang/python/python3-host.mk include $(TOPDIR)/feeds/packages/lang/python/python3-package.mk +define Package/openvswitch/config +source "$(SOURCE)/Config.in" +endef ovs_kmod_packages:= ovs_kmod_intree_kernel_patchver_min:=3.10 @@ -150,8 +153,11 @@ $(eval $(call OvsKmodPackageTemplate,openvswitch-lisp-intree)) # ovs_libopenvswitch_title:=Open vSwitch (libopenvswitch.so) ovs_libopenvswitch_hidden:=1 -ovs_libopenvswitch_depends:=+libopenssl +libunbound +!(arc||arceb):libunwind +ovs_libopenvswitch_depends:=+libopenssl +!(arc||arceb):libunwind ovs_libopenvswitch_depends+=+libatomic +ifeq ($(CONFIG_KEEPALIVED_ROUTES),y) +ovs_libopenvswitch_depends+=+libunbound +endif ovs_libopenvswitch_files:=usr/lib/libopenvswitch*.so* $(eval $(call OvsPackageTemplate,libopenvswitch)) @@ -243,6 +249,7 @@ CONFIGURE_ARGS+= \ --disable-silent-rules \ CONFIGURE_VARS += \ + $(if $(CONFIG_OPENVSWITCH_WITH_LIBUNBOUND),,ac_cv_lib_unbound_ub_ctx_create=no) \ ovs_cv_flake8=no \ ovs_cv_python3=$(PYTHON3) \ ovs_cv_python3_host=$(HOST_PYTHON3_BIN) \ diff --git a/feeds/openflow/openvswitch/README.md b/feeds/openflow/openvswitch/README.md index 9008a886b..5cc8bbffe 100644 --- a/feeds/openflow/openvswitch/README.md +++ b/feeds/openflow/openvswitch/README.md @@ -63,17 +63,42 @@ E.g. replace in-tree datapath module with upstream version # UCI configuration options -There are 4 config section types in package openvswitch: +There are 5 config section types in package openvswitch: ovs ovn_northd, ovn_controller & ovs_bridge. Each of these supports a disabled option, which should be set to 0 to launch the respective daemons. +The ovs section section also supports the options below, to configure a set of +SSL CA, certificate and private key. After adding these to Open vSwitch, you +may specify ssl: connection methods for e.g. the OpenFlow controller. Note that +Open vSwitch only reads these files during startup, so it needs to be restarted +after adding or changing these options. + +| Name | Type | Required | Default | Description | +|----------|---------|----------|---------|-----------------------------------| +| disabled | boolean | no | 0 | If set to 1, do not configure SSL | +| ca | string | no | (none) | Path to CA certificate | +| cert | string | no | (none) | Path to certificate | +| key | string | no | (none) | Path to private key | + The ovs_bridge section also supports the options below, for initialising a virtual bridge with an OpenFlow controller. -| Name | Type | Required | Default | Description | -|------------|---------|----------|--------------------------------|------------------------------------------------------------| -| disabled | boolean | no | 0 | If set to true, disable initialisation of the named bridge | -| name | string | no | Inherits UCI config block name | The name of the switch in the OVS daemon | -| controller | string | no | (none) | The endpoint of an OpenFlow controller for this bridge | +| Name | Type | Required | Default | Description | +|-------------|---------|----------|--------------------------------|------------------------------------------------------------| +| disabled | boolean | no | 0 | If set to true, disable initialisation of the named bridge | +| name | string | no | Inherits UCI config block name | The name of the switch in the OVS daemon | +| controller | string | no | (none) | The endpoint of an OpenFlow controller for this bridge | +| datapath_id | string | no | (none) | The OpenFlow datapath ID for this bridge | + +The ovs_port section can be used to add ports to a bridge. It supports the options below. + +| Name | Type | Required | Default | Description +| ---------|---------|----------|---------|------------------------------------------------| +| disabled | boolean | no | 0 | If set to 1, do not add the port to the bridge | +| bridge | string | yes | (none) | Name of the bridge to add the port to | +| port | string | yes | (none) | Name of the port to add to the bridge | +| ofport | integer | no | (none) | OpenFlow port number to be used by the port | +| tag | integer | no | (none) | 802.1Q VLAN tag to set on the port | +| type | string | no | (none) | Port type, e.g. internal, erspan, type, ... | diff --git a/feeds/openflow/openvswitch/files/openvswitch.config b/feeds/openflow/openvswitch/files/openvswitch.config index 88c2ebc25..c812b7dd6 100644 --- a/feeds/openflow/openvswitch/files/openvswitch.config +++ b/feeds/openflow/openvswitch/files/openvswitch.config @@ -1,5 +1,8 @@ config ovs ovs option disabled 1 + option ca '/etc/openvswitch/example_ca.crt' + option cert '/etc/openvswitch/example_cert.crt' + option key '/etc/openvswitch/example_key.crt' config ovn_northd north option disabled 1 @@ -10,4 +13,13 @@ config ovn_controller controller config ovs_bridge option disabled 1 option name 'my-bridge' - option controller 'tcp:192.168.0.1' \ No newline at end of file + option controller 'tcp:192.168.0.1' + option datapath_id '' + +config ovs_port + option disabled 1 + option bridge 'my-bridge' + option port 'ovs-port1' + option ofport '1' + option tag '123' + option type 'internal' diff --git a/feeds/openflow/openvswitch/files/openvswitch.init b/feeds/openflow/openvswitch/files/openvswitch.init index 23b75c38f..229e6869b 100755 --- a/feeds/openflow/openvswitch/files/openvswitch.init +++ b/feeds/openflow/openvswitch/files/openvswitch.init @@ -7,6 +7,8 @@ . /lib/functions/procd.sh START=15 +basescript=$(readlink "$initscript") + ovs_ctl="/usr/share/openvswitch/scripts/ovs-ctl"; [ -x "$ovs_ctl" ] || ovs_ctl=: ovn_ctl="/usr/share/ovn/scripts/ovn-ctl"; [ -x "$ovn_ctl" ] || ovn_ctl=: @@ -59,7 +61,12 @@ ovs_action() { config_foreach "ovs_xx" "$cfgtype" "$action" "$cfgtype" done - config_foreach ovs_bridge_init "ovs_bridge" + case "$action" in + restart|start) + config_foreach ovs_bridge_init "ovs_bridge" + ;; + esac + } ovs_xx() { @@ -83,6 +90,7 @@ ovs_xx() { ovs) "$ovs_ctl" "$action" \ --system-id=random 1000>&- + ovs_set_ssl ;; ovn_*) "$ovn_ctl" "${action}_${cfgtype#ovn_}" @@ -116,6 +124,47 @@ ovs_bridge_port_add() { __port_list="$__port_list ${port} " } +ovs_bridge_port_add_complex() { + local cfg="$1" + local cur_bridge="$2" + + local bridge disabled ofport port tag type + local cur_tag cur_type del_port + + config_get_bool disabled "$cfg" disabled 0 + [ "$disabled" = "0" ] || return + + config_get bridge "$cfg" bridge + [ "$bridge" = "$cur_bridge" ] || return + ovs-vsctl br-exists "$bridge" || return + + config_get port "$cfg" port + [ -n "$port" ] || return + + config_get ofport "$cfg" ofport + + config_get tag "$cfg" tag + if [ -n "$tag" ]; then + if cur_tag="$(ovs-vsctl get port "$port" tag 2>/dev/null)"; then + [ "$tag" = "$cur_tag" ] || del_port=1 + fi + fi + + config_get type "$cfg" type + if [ -n "$type" ]; then + if cur_type="$(ovs-vsctl get interface "$port" type 2>/dev/null)"; then + [ "$type" = "$cur_type" ] || del_port=1 + fi + fi + + [ "${del_port:-0}" -eq 1 ] && ovs-vsctl --if-exists del-port "$bridge" "$port" + + ovs-vsctl --may-exist add-port "$bridge" "$port" ${tag:+tag="$tag"} \ + ${ofport:+ -- set interface "$port" ofport_request="$ofport"} \ + ${type:+ -- set interface "$port" type="$type"} + __port_list="$__port_list ${port} " +} + ovs_bridge_port_cleanup() { for port in `ovs-vsctl list-ports "$name"`; do case "$__port_list" in @@ -125,12 +174,26 @@ ovs_bridge_port_cleanup() { done } +ovs_bridge_validate_datapath_id() { + local dpid="$1" + + if expr "$dpid" : '[[:xdigit:]]\{16\}$' > /dev/null; then + return 0 + elif expr "$dpid" : '0x[[:xdigit:]]\{1,16\}$' > /dev/null; then + return 0 + else + logger -t openvswitch "invalid datapath_id: $dpid" + return 1 + fi +} + ovs_bridge_init() { local cfg="$1" local disabled local name local controller + local datapath_id config_get_bool disabled "$cfg" disabled 0 [ "$disabled" == "0" ] || return @@ -138,7 +201,15 @@ ovs_bridge_init() { config_get name "$cfg" name $cfg ovs-vsctl --may-exist add-br "$name" + config_get datapath_id "$cfg" datapath_id + [ -n "$datapath_id" ] && { + ovs_bridge_validate_datapath_id "$datapath_id" && { + ovs-vsctl --if-exists set bridge "$name" other-config:datapath-id="$datapath_id" + } + } + config_list_foreach "$cfg" "ports" ovs_bridge_port_add + config_foreach ovs_bridge_port_add_complex ovs_port "$name" config_get_bool drop "$cfg" "drop_unknown_ports" 0 [ "$drop" == 1 ] && ovs_bridge_port_cleanup @@ -146,3 +217,14 @@ ovs_bridge_init() { [ -n "$controller" ] && \ ovs-vsctl set-controller "$name" "$controller" } + +ovs_set_ssl() { + local ca="$(uci -q get openvswitch.ovs.ca)" + [ -f "$ca" ] || return + local cert="$(uci get openvswitch.ovs.cert)" + [ -f "$cert" ] || return + local key="$(uci get openvswitch.ovs.key)" + [ -f "$key" ] || return + + ovs-vsctl set-ssl "$key" "$cert" "$ca" +} diff --git a/feeds/openflow/openvswitch/patches/0002-python-separate-host-target-python-for-cross-compile.patch b/feeds/openflow/openvswitch/patches/0002-python-separate-host-target-python-for-cross-compile.patch index 2c86a3048..434b56e67 100644 --- a/feeds/openflow/openvswitch/patches/0002-python-separate-host-target-python-for-cross-compile.patch +++ b/feeds/openflow/openvswitch/patches/0002-python-separate-host-target-python-for-cross-compile.patch @@ -22,7 +22,7 @@ Signed-off-by: Yousong Zhou BUILT_SOURCES = --- a/m4/openvswitch.m4 +++ b/m4/openvswitch.m4 -@@ -383,6 +383,8 @@ else: +@@ -372,6 +372,8 @@ else: AC_MSG_ERROR([Python 3.4 or later is required but not found in $PATH, please install it or set $PYTHON3 to point to it]) fi AC_ARG_VAR([PYTHON3]) diff --git a/feeds/openflow/openvswitch/patches/0004-build-trim-build.patch b/feeds/openflow/openvswitch/patches/0004-build-trim-build.patch index 19ea959ef..3e0eca515 100644 --- a/feeds/openflow/openvswitch/patches/0004-build-trim-build.patch +++ b/feeds/openflow/openvswitch/patches/0004-build-trim-build.patch @@ -10,7 +10,7 @@ Signed-off-by: Yousong Zhou --- a/Makefile.am +++ b/Makefile.am -@@ -475,12 +475,10 @@ dist-docs: +@@ -477,12 +477,10 @@ dist-docs: VERSION=$(VERSION) MAKE='$(MAKE)' $(srcdir)/build-aux/dist-docs $(srcdir) $(docs) .PHONY: dist-docs diff --git a/feeds/openflow/openvswitch/patches/0007-build-only-link-libopenvswitch-with-libunwind-libunb.patch b/feeds/openflow/openvswitch/patches/0007-build-only-link-libopenvswitch-with-libunwind-libunb.patch index 86c1d41bf..1491af51d 100644 --- a/feeds/openflow/openvswitch/patches/0007-build-only-link-libopenvswitch-with-libunwind-libunb.patch +++ b/feeds/openflow/openvswitch/patches/0007-build-only-link-libopenvswitch-with-libunwind-libunb.patch @@ -32,7 +32,7 @@ Signed-off-by: Yousong Zhou Cflags: -I${includedir}/openvswitch --- a/m4/openvswitch.m4 +++ b/m4/openvswitch.m4 -@@ -657,7 +657,8 @@ AC_DEFUN([OVS_CHECK_UNBOUND], +@@ -646,7 +646,8 @@ AC_DEFUN([OVS_CHECK_UNBOUND], [AC_CHECK_LIB(unbound, ub_ctx_create, [HAVE_UNBOUND=yes], [HAVE_UNBOUND=no]) if test "$HAVE_UNBOUND" = yes; then AC_DEFINE([HAVE_UNBOUND], [1], [Define to 1 if unbound is detected.]) @@ -42,7 +42,7 @@ Signed-off-by: Yousong Zhou fi AM_CONDITIONAL([HAVE_UNBOUND], [test "$HAVE_UNBOUND" = yes]) AC_SUBST([HAVE_UNBOUND])]) -@@ -669,7 +670,8 @@ AC_DEFUN([OVS_CHECK_UNWIND], +@@ -658,7 +659,8 @@ AC_DEFUN([OVS_CHECK_UNWIND], [HAVE_UNWIND=no]) if test "$HAVE_UNWIND" = yes; then AC_DEFINE([HAVE_UNWIND], [1], [Define to 1 if unwind is detected.])