Hi Romain,
I will pulling out your patch on the binding address since it breaks
ptcp:[port]. You need to do some checking of the number of
commandline arguments. Sorry I do not have time to fix it for now, so
to make sure people can move on, I pulled this out for now.
Will try to patch this later.
Thanks for the heads up nonetheless.
Regards
KK
On 9 August 2010 17:47, kk yap <yap...@stanford.edu> wrote:
> Hi All,
>
> I have pushed both Romain's patches (to branches:openflow-1.0 and
> destiny) with matching changes to the usage printout. FYI.
>
> Thanks Romain for the patches.
>
> Regards
> KK
>
> PS>> For those submitting patches, it might help to tar/zip the
> patches 'cos some email system (e.g. web-based Gmail) corrupts the
> patch through line-wrapping. Thanks.
>
> On 5 August 2010 20:25, Romain Lenglet <romain.leng...@berabera.info> wrote:
>> This patch is based on the openflow-1.0 branch.
>>
>> On 8/6/10 12:24, romain.leng...@berabera.info wrote:
>>>
>>> From: Romain Lenglet<romain.leng...@berabera.info>
>>>
>>> Modify the nox_core command line arguments to accept the socket bind
>>> address for the ptcp: and pssl: connection methods. This is
>>> particularly important for the ptcp: method, as it can help improving
>>> security and performance in some cases. For instance, if a controller
>>> connects only to datapaths on the same host, using ptcp: and binding
>>> to 127.0.0.1 limits to connections from the localhost. Otherwise,
>>> pssl: must be used, which is less efficient.
>>> ---
>>> src/include/openflow.hh | 8 ++++++--
>>> src/lib/openflow.cc | 42 +++++++++++++++++++++++++++++-------------
>>> 2 files changed, 35 insertions(+), 15 deletions(-)
>>>
>>> diff --git a/src/include/openflow.hh b/src/include/openflow.hh
>>> index 02e6f9f..5248bbb 100644
>>> --- a/src/include/openflow.hh
>>> +++ b/src/include/openflow.hh
>>> @@ -284,13 +284,15 @@ class Passive_tcp_openflow_connection_factory
>>> : public Openflow_connection_factory
>>> {
>>> public:
>>> - Passive_tcp_openflow_connection_factory(uint16_t port);
>>> + Passive_tcp_openflow_connection_factory(const char* bind_ip,
>>> + uint16_t port);
>>> Openflow_connection* connect(int& error);
>>> void connect_wait();
>>> std::string to_string();
>>> bool passive() { return true; }
>>> private:
>>> Tcp_socket socket;
>>> + ipaddr bind_ip;
>>> uint16_t port;
>>> };
>>>
>>> @@ -314,7 +316,8 @@ class Passive_ssl_openflow_connection_factory
>>> : public Openflow_connection_factory
>>> {
>>> public:
>>> - Passive_ssl_openflow_connection_factory(uint16_t port, const char
>>> *key,
>>> + Passive_ssl_openflow_connection_factory(const char* bind_ip,
>>> + uint16_t port, const char
>>> *key,
>>> const char *cert,
>>> const char *CAfile);
>>> Openflow_connection* connect(int& error);
>>> @@ -324,6 +327,7 @@ public:
>>> private:
>>> boost::shared_ptr<Ssl_config> config;
>>> Ssl_socket socket;
>>> + ipaddr bind_ip;
>>> uint16_t port;
>>> };
>>>
>>> diff --git a/src/lib/openflow.cc b/src/lib/openflow.cc
>>> index 95251bb..0ebc1d0 100644
>>> --- a/src/lib/openflow.cc
>>> +++ b/src/lib/openflow.cc
>>> @@ -1133,11 +1133,20 @@ Openflow_connection_factory*
>>> Openflow_connection_factory::create(
>>> ? atoi(tokens[2].c_str()) : OFP_TCP_PORT;
>>> return new Tcp_openflow_connection_factory(tokens[1],
>>> htons(port));
>>> } else if (tokens[0] == "ptcp") {
>>> - uint16_t port = atoi(tokens[1].c_str());
>>> + if (tokens.size() != 3) {
>>> + log.err("pssl connection name not in the form
>>> ptcp:[IP]:[PORT]");
>>> + exit(EXIT_FAILURE);
>>> + }
>>> + const char* bind_ip = "0.0.0.0";
>>> + if (tokens[1].size()> 0) {
>>> + bind_ip = tokens[1].c_str();
>>> + }
>>> + uint16_t port = atoi(tokens[2].c_str());
>>> if (!port) {
>>> port = OFP_TCP_PORT;
>>> }
>>> - return new Passive_tcp_openflow_connection_factory(htons(port));
>>> + return new Passive_tcp_openflow_connection_factory(bind_ip,
>>> + htons(port));
>>> } else if (tokens[0] == "ssl") {
>>> if (tokens.size() != 6) {
>>> log.err("ssl connection name not in the form
>>> ssl:HOST:[PORT]:KEY:CERT:CAFILE");
>>> @@ -1151,17 +1160,21 @@ Openflow_connection_factory*
>>> Openflow_connection_factory::create(
>>> tokens[1], htons(port), tokens[3].c_str(),
>>> tokens[4].c_str(), tokens[5].c_str());
>>> } else if (tokens[0] == "pssl") {
>>> - if (tokens.size() != 5) {
>>> - log.err("pssl connection name not in the form
>>> pssl:[PORT]:KEY:CERT:CAFILE");
>>> + if (tokens.size() != 6) {
>>> + log.err("pssl connection name not in the form
>>> pssl:[IP]:[PORT]:KEY:CERT:CAFILE");
>>> exit(EXIT_FAILURE);
>>> }
>>> - uint16_t port = atoi(tokens[1].c_str());
>>> + const char* bind_ip = "0.0.0.0";
>>> + if (tokens[1].size()> 0) {
>>> + bind_ip = tokens[1].c_str();
>>> + }
>>> + uint16_t port = atoi(tokens[2].c_str());
>>> if (!port) {
>>> port = OFP_SSL_PORT;
>>> }
>>> return new Passive_ssl_openflow_connection_factory(
>>> - htons(port), tokens[2].c_str(), tokens[3].c_str(),
>>> - tokens[4].c_str());
>>> + bind_ip, htons(port), tokens[3].c_str(), tokens[4].c_str(),
>>> + tokens[5].c_str());
>>> } else if (tokens[0] == "pcap") {
>>> #ifndef HAVE_PCAP
>>> log.err("pcap support not built in. Ensure you have pcap
>>> installed and rebuild");
>>> @@ -1247,11 +1260,12 @@ Tcp_openflow_connection_factory::to_string()
>>> }
>>>
>>> Passive_tcp_openflow_connection_factory
>>> -::Passive_tcp_openflow_connection_factory(uint16_t port_)
>>> - : port(port_)
>>> +::Passive_tcp_openflow_connection_factory(const char* bind_ip_,
>>> + uint16_t port_)
>>> + : bind_ip(bind_ip_), port(port_)
>>> {
>>> socket.set_reuseaddr();
>>> - int error = socket.bind(htonl(INADDR_ANY), port);
>>> + int error = socket.bind(bind_ip, port);
>>> if (error) {
>>> throw errno_exception(error, "bind");
>>> }
>>> @@ -1335,17 +1349,19 @@ Ssl_openflow_connection_factory::to_string()
>>> }
>>>
>>> Passive_ssl_openflow_connection_factory
>>> -::Passive_ssl_openflow_connection_factory(uint16_t port_,
>>> - const char *key, const char
>>> *cert,
>>> +::Passive_ssl_openflow_connection_factory(const char* bind_ip_,
>>> + uint16_t port_, const char
>>> *key,
>>> + const char *cert,
>>> const char *CAfile)
>>> : config(new Ssl_config(Ssl_config::SSLv3 | Ssl_config::TLSv1,
>>> Ssl_config::AUTHENTICATE_SERVER,
>>> Ssl_config::REQUIRE_CLIENT_CERT,
>>> key, cert, CAfile)),
>>> socket(config),
>>> + bind_ip(bind_ip_),
>>> port(port_)
>>> {
>>> - int error = socket.bind(htonl(INADDR_ANY), port);
>>> + int error = socket.bind(bind_ip, port);
>>> if (error) {
>>> throw errno_exception(error, "bind");
>>> }
>>
>> _______________________________________________
>> nox-dev mailing list
>> nox-dev@noxrepo.org
>> http://noxrepo.org/mailman/listinfo/nox-dev_noxrepo.org
>>
>
_______________________________________________
nox-dev mailing list
nox-dev@noxrepo.org
http://noxrepo.org/mailman/listinfo/nox-dev_noxrepo.org
