diff options
| author | Ryan Moats <rmoats@us.ibm.com> | 2016-08-15 18:47:29 +0000 |
|---|---|---|
| committer | Ben Pfaff <blp@ovn.org> | 2016-08-15 17:26:15 -0700 |
| commit | 1f4a7252d9e7ee102b76325daca2b7007e5da7f7 (patch) | |
| tree | edcbbe2a8bc31820cdc030a852598ef935ee0199 /utilities | |
| parent | 239fa5bbe6e54abcec9b58b137a566d06edaba49 (diff) | |
| download | openvswitch-1f4a7252d9e7ee102b76325daca2b7007e5da7f7.tar.gz | |
Add read-only option to ovs-dpctl and ovs-ofctl commands.
ovs-dpctl and ovs-ofctl lack a read-only option to prevent
running of commands that perform read-write operations. Add
it and the necessary scaffolding to each.
Signed-off-by: Ryan Moats <rmoats@us.ibm.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Diffstat (limited to 'utilities')
| -rw-r--r-- | utilities/ovs-dpctl.c | 7 | ||||
| -rw-r--r-- | utilities/ovs-ofctl.8.in | 3 | ||||
| -rw-r--r-- | utilities/ovs-ofctl.c | 160 |
3 files changed, 97 insertions, 73 deletions
diff --git a/utilities/ovs-dpctl.c b/utilities/ovs-dpctl.c index 4897ea337..843d305cc 100644 --- a/utilities/ovs-dpctl.c +++ b/utilities/ovs-dpctl.c @@ -77,12 +77,14 @@ parse_options(int argc, char *argv[]) enum { OPT_CLEAR = UCHAR_MAX + 1, OPT_MAY_CREATE, + OPT_READ_ONLY, VLOG_OPTION_ENUMS }; static const struct option long_options[] = { {"statistics", no_argument, NULL, 's'}, {"clear", no_argument, NULL, OPT_CLEAR}, {"may-create", no_argument, NULL, OPT_MAY_CREATE}, + {"read-only", no_argument, NULL, OPT_READ_ONLY}, {"more", no_argument, NULL, 'm'}, {"timeout", required_argument, NULL, 't'}, {"help", no_argument, NULL, 'h'}, @@ -115,6 +117,10 @@ parse_options(int argc, char *argv[]) dpctl_p.may_create = true; break; + case OPT_READ_ONLY: + dpctl_p.read_only = true; + break; + case 'm': dpctl_p.verbosity++; break; @@ -186,6 +192,7 @@ usage(void *userdata OVS_UNUSED) " -m, --more increase verbosity of output\n" "\nOptions for mod-flow:\n" " --may-create create flow if it doesn't exist\n" + " --read-only do not run read/write commands\n" " --clear reset existing stats to zero\n" "\nOther options:\n" " -t, --timeout=SECS give up after SECS seconds\n" diff --git a/utilities/ovs-ofctl.8.in b/utilities/ovs-ofctl.8.in index cccd2656f..b56e5b3f6 100644 --- a/utilities/ovs-ofctl.8.in +++ b/utilities/ovs-ofctl.8.in @@ -2975,6 +2975,9 @@ depending on its configuration. \fB\-\-strict\fR Uses strict matching when running flow modification commands. . +.IP "\fB\-\-read-only\fR" +Do not execute read/write commands. +. .IP "\fB\-\-bundle\fR" Execute flow mods as an OpenFlow 1.4 atomic bundle transaction. .RS diff --git a/utilities/ovs-ofctl.c b/utilities/ovs-ofctl.c index 42d358fce..6fd381842 100644 --- a/utilities/ovs-ofctl.c +++ b/utilities/ovs-ofctl.c @@ -79,6 +79,9 @@ static bool bundle = false; /* --color: Use color markers. */ static bool enable_color; +/* --read-only: Do not execute read only commands. */ +static bool read_only; + /* --strict: Use strict matching for flow mod commands? Additionally governs * use of nx_pull_match() instead of nx_pull_match_loose() in parse-nx-match. */ @@ -142,7 +145,11 @@ main(int argc, char *argv[]) ctx.argv = argv + optind; daemon_become_new_user(false); - ovs_cmdl_run_command(&ctx, get_all_commands()); + if (read_only) { + ovs_cmdl_run_command_read_only(&ctx, get_all_commands()); + } else { + ovs_cmdl_run_command(&ctx, get_all_commands()); + } return 0; } @@ -180,6 +187,7 @@ parse_options(int argc, char *argv[]) OPT_BUNDLE, OPT_COLOR, OPT_MAY_CREATE, + OPT_READ_ONLY, DAEMON_OPTION_ENUMS, OFP_VERSION_OPTION_ENUMS, VLOG_OPTION_ENUMS @@ -200,6 +208,7 @@ parse_options(int argc, char *argv[]) {"bundle", no_argument, NULL, OPT_BUNDLE}, {"color", optional_argument, NULL, OPT_COLOR}, {"may-create", no_argument, NULL, OPT_MAY_CREATE}, + {"read-only", no_argument, NULL, OPT_READ_ONLY}, DAEMON_LONG_OPTIONS, OFP_VERSION_LONG_OPTIONS, VLOG_LONG_OPTIONS, @@ -281,6 +290,10 @@ parse_options(int argc, char *argv[]) strict = true; break; + case OPT_READ_ONLY: + read_only = true; + break; + case OPT_READD: readd = true; break; @@ -452,6 +465,7 @@ usage(void) vlog_usage(); printf("\nOther options:\n" " --strict use strict match for flow commands\n" + " --read-only do not execute read/write commands\n" " --readd replace flows that haven't changed\n" " -F, --flow-format=FORMAT force particular flow format\n" " -P, --packet-in-format=FRMT force particular packet in format\n" @@ -4120,136 +4134,136 @@ ofctl_parse_key_value(struct ovs_cmdl_context *ctx) static const struct ovs_cmdl_command all_commands[] = { { "show", "switch", - 1, 1, ofctl_show }, + 1, 1, ofctl_show, OVS_RO }, { "monitor", "switch [misslen] [invalid_ttl] [watch:[...]]", - 1, 3, ofctl_monitor }, + 1, 3, ofctl_monitor, OVS_RO }, { "snoop", "switch", - 1, 1, ofctl_snoop }, + 1, 1, ofctl_snoop, OVS_RO }, { "dump-desc", "switch", - 1, 1, ofctl_dump_desc }, + 1, 1, ofctl_dump_desc, OVS_RO }, { "dump-tables", "switch", - 1, 1, ofctl_dump_tables }, + 1, 1, ofctl_dump_tables, OVS_RO }, { "dump-table-features", "switch", - 1, 1, ofctl_dump_table_features }, + 1, 1, ofctl_dump_table_features, OVS_RO }, { "dump-table-desc", "switch", - 1, 1, ofctl_dump_table_desc }, + 1, 1, ofctl_dump_table_desc, OVS_RO }, { "dump-flows", "switch", - 1, 2, ofctl_dump_flows }, + 1, 2, ofctl_dump_flows, OVS_RO }, { "dump-aggregate", "switch", - 1, 2, ofctl_dump_aggregate }, + 1, 2, ofctl_dump_aggregate, OVS_RO }, { "queue-stats", "switch [port [queue]]", - 1, 3, ofctl_queue_stats }, + 1, 3, ofctl_queue_stats, OVS_RO }, { "queue-get-config", "switch [port [queue]]", - 1, 3, ofctl_queue_get_config }, + 1, 3, ofctl_queue_get_config, OVS_RO }, { "add-flow", "switch flow", - 2, 2, ofctl_add_flow }, + 2, 2, ofctl_add_flow, OVS_RW }, { "add-flows", "switch file", - 2, 2, ofctl_add_flows }, + 2, 2, ofctl_add_flows, OVS_RW }, { "mod-flows", "switch flow", - 2, 2, ofctl_mod_flows }, + 2, 2, ofctl_mod_flows, OVS_RW }, { "del-flows", "switch [flow]", - 1, 2, ofctl_del_flows }, + 1, 2, ofctl_del_flows, OVS_RW }, { "replace-flows", "switch file", - 2, 2, ofctl_replace_flows }, + 2, 2, ofctl_replace_flows, OVS_RW }, { "diff-flows", "source1 source2", - 2, 2, ofctl_diff_flows }, + 2, 2, ofctl_diff_flows, OVS_RW }, { "add-meter", "switch meter", - 2, 2, ofctl_add_meter }, + 2, 2, ofctl_add_meter, OVS_RW }, { "mod-meter", "switch meter", - 2, 2, ofctl_mod_meter }, + 2, 2, ofctl_mod_meter, OVS_RW }, { "del-meter", "switch meter", - 2, 2, ofctl_del_meters }, + 2, 2, ofctl_del_meters, OVS_RW }, { "del-meters", "switch", - 1, 1, ofctl_del_meters }, + 1, 1, ofctl_del_meters, OVS_RW }, { "dump-meter", "switch meter", - 2, 2, ofctl_dump_meters }, + 2, 2, ofctl_dump_meters, OVS_RO }, { "dump-meters", "switch", - 1, 1, ofctl_dump_meters }, + 1, 1, ofctl_dump_meters, OVS_RO }, { "meter-stats", "switch [meter]", - 1, 2, ofctl_meter_stats }, + 1, 2, ofctl_meter_stats, OVS_RO }, { "meter-features", "switch", - 1, 1, ofctl_meter_features }, + 1, 1, ofctl_meter_features, OVS_RO }, { "packet-out", "switch in_port actions packet...", - 4, INT_MAX, ofctl_packet_out }, + 4, INT_MAX, ofctl_packet_out, OVS_RW }, { "dump-ports", "switch [port]", - 1, 2, ofctl_dump_ports }, + 1, 2, ofctl_dump_ports, OVS_RO }, { "dump-ports-desc", "switch [port]", - 1, 2, ofctl_dump_ports_desc }, + 1, 2, ofctl_dump_ports_desc, OVS_RO }, { "mod-port", "switch iface act", - 3, 3, ofctl_mod_port }, + 3, 3, ofctl_mod_port, OVS_RW }, { "mod-table", "switch mod", - 3, 3, ofctl_mod_table }, + 3, 3, ofctl_mod_table, OVS_RW }, { "get-frags", "switch", - 1, 1, ofctl_get_frags }, + 1, 1, ofctl_get_frags, OVS_RO }, { "set-frags", "switch frag_mode", - 2, 2, ofctl_set_frags }, + 2, 2, ofctl_set_frags, OVS_RW }, { "probe", "target", - 1, 1, ofctl_probe }, + 1, 1, ofctl_probe, OVS_RO }, { "ping", "target [n]", - 1, 2, ofctl_ping }, + 1, 2, ofctl_ping, OVS_RO }, { "benchmark", "target n count", - 3, 3, ofctl_benchmark }, + 3, 3, ofctl_benchmark, OVS_RO }, { "dump-ipfix-bridge", "switch", - 1, 1, ofctl_dump_ipfix_bridge}, + 1, 1, ofctl_dump_ipfix_bridge, OVS_RO }, { "dump-ipfix-flow", "switch", - 1, 1, ofctl_dump_ipfix_flow}, + 1, 1, ofctl_dump_ipfix_flow, OVS_RO }, { "ofp-parse", "file", - 1, 1, ofctl_ofp_parse }, + 1, 1, ofctl_ofp_parse, OVS_RW }, { "ofp-parse-pcap", "pcap", - 1, INT_MAX, ofctl_ofp_parse_pcap }, + 1, INT_MAX, ofctl_ofp_parse_pcap, OVS_RW }, { "add-group", "switch group", - 1, 2, ofctl_add_group }, + 1, 2, ofctl_add_group, OVS_RW }, { "add-groups", "switch file", - 1, 2, ofctl_add_groups }, + 1, 2, ofctl_add_groups, OVS_RW }, { "mod-group", "switch group", - 1, 2, ofctl_mod_group }, + 1, 2, ofctl_mod_group, OVS_RW }, { "del-groups", "switch [group]", - 1, 2, ofctl_del_groups }, + 1, 2, ofctl_del_groups, OVS_RW }, { "insert-buckets", "switch [group]", - 1, 2, ofctl_insert_bucket }, + 1, 2, ofctl_insert_bucket, OVS_RW }, { "remove-buckets", "switch [group]", - 1, 2, ofctl_remove_bucket }, + 1, 2, ofctl_remove_bucket, OVS_RW }, { "dump-groups", "switch [group]", - 1, 2, ofctl_dump_group_desc }, + 1, 2, ofctl_dump_group_desc, OVS_RO }, { "dump-group-stats", "switch [group]", - 1, 2, ofctl_dump_group_stats }, + 1, 2, ofctl_dump_group_stats, OVS_RO }, { "dump-group-features", "switch", - 1, 1, ofctl_dump_group_features }, + 1, 1, ofctl_dump_group_features, OVS_RO }, { "bundle", "switch file", - 2, 2, ofctl_bundle }, + 2, 2, ofctl_bundle, OVS_RW }, { "add-tlv-map", "switch map", - 2, 2, ofctl_add_tlv_map }, + 2, 2, ofctl_add_tlv_map, OVS_RO }, { "del-tlv-map", "switch [map]", - 1, 2, ofctl_del_tlv_map }, + 1, 2, ofctl_del_tlv_map, OVS_RO }, { "dump-tlv-map", "switch", - 1, 1, ofctl_dump_tlv_map }, - { "help", NULL, 0, INT_MAX, ofctl_help }, - { "list-commands", NULL, 0, INT_MAX, ofctl_list_commands }, + 1, 1, ofctl_dump_tlv_map, OVS_RO }, + { "help", NULL, 0, INT_MAX, ofctl_help, OVS_RO }, + { "list-commands", NULL, 0, INT_MAX, ofctl_list_commands, OVS_RO }, /* Undocumented commands for testing. */ - { "parse-flow", NULL, 1, 1, ofctl_parse_flow }, - { "parse-flows", NULL, 1, 1, ofctl_parse_flows }, - { "parse-nx-match", NULL, 0, 0, ofctl_parse_nxm }, - { "parse-nxm", NULL, 0, 0, ofctl_parse_nxm }, - { "parse-oxm", NULL, 1, 1, ofctl_parse_oxm }, - { "parse-actions", NULL, 1, 1, ofctl_parse_actions }, - { "parse-instructions", NULL, 1, 1, ofctl_parse_instructions }, - { "parse-ofp10-match", NULL, 0, 0, ofctl_parse_ofp10_match }, - { "parse-ofp11-match", NULL, 0, 0, ofctl_parse_ofp11_match }, - { "parse-pcap", NULL, 1, INT_MAX, ofctl_parse_pcap }, - { "check-vlan", NULL, 2, 2, ofctl_check_vlan }, - { "print-error", NULL, 1, 1, ofctl_print_error }, - { "encode-error-reply", NULL, 2, 2, ofctl_encode_error_reply }, - { "ofp-print", NULL, 1, 2, ofctl_ofp_print }, - { "encode-hello", NULL, 1, 1, ofctl_encode_hello }, - { "parse-key-value", NULL, 1, INT_MAX, ofctl_parse_key_value }, - - { NULL, NULL, 0, 0, NULL }, + { "parse-flow", NULL, 1, 1, ofctl_parse_flow, OVS_RW }, + { "parse-flows", NULL, 1, 1, ofctl_parse_flows, OVS_RW }, + { "parse-nx-match", NULL, 0, 0, ofctl_parse_nxm, OVS_RW }, + { "parse-nxm", NULL, 0, 0, ofctl_parse_nxm, OVS_RW }, + { "parse-oxm", NULL, 1, 1, ofctl_parse_oxm, OVS_RW }, + { "parse-actions", NULL, 1, 1, ofctl_parse_actions, OVS_RW }, + { "parse-instructions", NULL, 1, 1, ofctl_parse_instructions, OVS_RW }, + { "parse-ofp10-match", NULL, 0, 0, ofctl_parse_ofp10_match, OVS_RW }, + { "parse-ofp11-match", NULL, 0, 0, ofctl_parse_ofp11_match, OVS_RW }, + { "parse-pcap", NULL, 1, INT_MAX, ofctl_parse_pcap, OVS_RW }, + { "check-vlan", NULL, 2, 2, ofctl_check_vlan, OVS_RW }, + { "print-error", NULL, 1, 1, ofctl_print_error, OVS_RW }, + { "encode-error-reply", NULL, 2, 2, ofctl_encode_error_reply, OVS_RW }, + { "ofp-print", NULL, 1, 2, ofctl_ofp_print, OVS_RW }, + { "encode-hello", NULL, 1, 1, ofctl_encode_hello, OVS_RW }, + { "parse-key-value", NULL, 1, INT_MAX, ofctl_parse_key_value, OVS_RW }, + + { NULL, NULL, 0, 0, NULL, OVS_RO }, }; static const struct ovs_cmdl_command *get_all_commands(void) |