[Ryu-devel] [PATCH] ryu/controller/controller: add SSL/TLS support

Wed, 07 Nov 2012 04:26:01 -0800 

We should support SSL/TLS to encrypt OF channel. This patch only
support self-signed certificates. (see the "INSTALL.SSL" in Open vSwitch
source code)

Signed-off-by: OHMURA Kei <[email protected]>
---
 ryu/controller/controller.py |   20 +++++++++++++++++---
 1 file changed, 17 insertions(+), 3 deletions(-)

diff --git a/ryu/controller/controller.py b/ryu/controller/controller.py
index dd5f16b..2953a86 100644
--- a/ryu/controller/controller.py
+++ b/ryu/controller/controller.py
@@ -21,6 +21,7 @@ import gevent
 import traceback
 import random
 import greenlet
+import ssl
 from gevent.server import StreamServer
 from gevent.queue import Queue
 
@@ -42,6 +43,10 @@ FLAGS = gflags.FLAGS
 gflags.DEFINE_string('ofp_listen_host', '', 'openflow listen host')
 gflags.DEFINE_integer('ofp_tcp_listen_port', ofproto_common.OFP_TCP_PORT,
                       'openflow tcp listen port')
+gflags.DEFINE_integer('ofp_ssl_listen_port', ofproto_common.OFP_SSL_PORT,
+                      'openflow ssl listen port')
+gflags.DEFINE_string('ctl_privkey', None, 'controller private key')
+gflags.DEFINE_string('ctl_cert', None, 'controller certificate')
 
 
 class OpenFlowController(object):
@@ -54,9 +59,18 @@ class OpenFlowController(object):
         self.server_loop()
 
     def server_loop(self):
-        server = StreamServer((FLAGS.ofp_listen_host,
-                               FLAGS.ofp_tcp_listen_port),
-                              datapath_connection_factory)
+        if FLAGS.ctl_privkey and FLAGS.ctl_cert is not None:
+            server = StreamServer((FLAGS.ofp_listen_host,
+                                   FLAGS.ofp_ssl_listen_port),
+                                  datapath_connection_factory,
+                                  keyfile=FLAGS.ctl_privkey,
+                                  certfile=FLAGS.ctl_cert,
+                                  ssl_version=ssl.PROTOCOL_TLSv1)
+        else:
+            server = StreamServer((FLAGS.ofp_listen_host,
+                                   FLAGS.ofp_tcp_listen_port),
+                                  datapath_connection_factory)
+
         #LOG.debug('loop')
         server.serve_forever()
 
-- 
1.7.9.5


------------------------------------------------------------------------------
LogMeIn Central: Instant, anywhere, Remote PC access and management.
Stay in control, update software, and manage PCs from one command center
Diagnose problems and improve visibility into emerging IT issues
Automate, monitor and manage. Do more in less time with Central
http://p.sf.net/sfu/logmein12331_d2d
_______________________________________________
Ryu-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/ryu-devel

Reply via email to