[Ryu-devel] [PATCH v2] ryu/controller/controller: add TLS support

Sun, 11 Nov 2012 19:46:20 -0800 

This patch supports TLS connection to encrypt OF channel.

Signed-off-by: OHMURA Kei <[email protected]>
---
 ryu/controller/controller.py |   31 ++++++++++++++++++++++++++++---
 1 file changed, 28 insertions(+), 3 deletions(-)

diff --git a/ryu/controller/controller.py b/ryu/controller/controller.py
index dd5f16b..1e456bf 100644
--- a/ryu/controller/controller.py
+++ b/ryu/controller/controller.py
@@ -21,6 +21,7 @@ import gevent
 import traceback
 import random
 import greenlet
+import ssl
 from gevent.server import StreamServer
 from gevent.queue import Queue
 
@@ -42,6 +43,11 @@ FLAGS = gflags.FLAGS
 gflags.DEFINE_string('ofp_listen_host', '', 'openflow listen host')
 gflags.DEFINE_integer('ofp_tcp_listen_port', ofproto_common.OFP_TCP_PORT,
                       'openflow tcp listen port')
+gflags.DEFINE_integer('ofp_ssl_listen_port', ofproto_common.OFP_SSL_PORT,
+                      'openflow ssl listen port')
+gflags.DEFINE_string('ctl_privkey', None, 'controller private key')
+gflags.DEFINE_string('ctl_cert', None, 'controller certificate')
+gflags.DEFINE_string('ca_certs', None, 'CA certificates')
 
 
 class OpenFlowController(object):
@@ -54,9 +60,28 @@ class OpenFlowController(object):
         self.server_loop()
 
     def server_loop(self):
-        server = StreamServer((FLAGS.ofp_listen_host,
-                               FLAGS.ofp_tcp_listen_port),
-                              datapath_connection_factory)
+        if FLAGS.ctl_privkey and FLAGS.ctl_cert is not None:
+            if FLAGS.ca_certs is not None:
+                server = StreamServer((FLAGS.ofp_listen_host,
+                                       FLAGS.ofp_ssl_listen_port),
+                                      datapath_connection_factory,
+                                      keyfile=FLAGS.ctl_privkey,
+                                      certfile=FLAGS.ctl_cert,
+                                      cert_reqs=ssl.CERT_REQUIRED,
+                                      ca_certs=FLAGS.ca_certs,
+                                      ssl_version=ssl.PROTOCOL_TLSv1)
+            else:
+                server = StreamServer((FLAGS.ofp_listen_host,
+                                       FLAGS.ofp_ssl_listen_port),
+                                      datapath_connection_factory,
+                                      keyfile=FLAGS.ctl_privkey,
+                                      certfile=FLAGS.ctl_cert,
+                                      ssl_version=ssl.PROTOCOL_TLSv1)
+        else:
+            server = StreamServer((FLAGS.ofp_listen_host,
+                                   FLAGS.ofp_tcp_listen_port),
+                                  datapath_connection_factory)
+
         #LOG.debug('loop')
         server.serve_forever()
 
-- 
1.7.9.5


------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_nov
_______________________________________________
Ryu-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/ryu-devel

Reply via email to