diff options
| author | Yifeng Sun <pkusunyifeng@gmail.com> | 2018-06-26 14:06:21 -0700 |
|---|---|---|
| committer | Ben Pfaff <blp@ovn.org> | 2018-07-06 13:50:00 -0700 |
| commit | 771680d96fb6f996987630cb85bb749478512268 (patch) | |
| tree | e3fddb4c770f88e405fd82787933216fc5b1ac58 /vtep | |
| parent | def5b366a3626fddc87a449e8447f79a6957d55f (diff) | |
| download | openvswitch-771680d96fb6f996987630cb85bb749478512268.tar.gz | |
DNS: Add basic support for asynchronous DNS resolving
This patch is a simple implementation for the proposal discussed in
https://mail.openvswitch.org/pipermail/ovs-dev/2017-August/337038.html and
https://mail.openvswitch.org/pipermail/ovs-dev/2017-October/340013.html.
It enables ovs-vswitchd and other utilities to use DNS names when specifying
OpenFlow and OVSDB remotes.
Below are some of the features and limitations of this patch:
- Resolving is asynchornous in daemon context, avoiding blocking main loop;
- Resolving is synchronous in general utility context;
- Both IPv4 and IPv6 are supported;
- The resolving API is thread-safe;
- Depends on the unbound library;
- When multiple ip addresses are returned, only the first one is used;
- /etc/nsswitch.conf isn't respected as unbound library doesn't look at it;
- For async-resolving, caller need to retry later; there is no callback.
Signed-off-by: Yifeng Sun <pkusunyifeng@gmail.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Diffstat (limited to 'vtep')
| -rw-r--r-- | vtep/vtep.xml | 34 |
1 files changed, 18 insertions, 16 deletions
diff --git a/vtep/vtep.xml b/vtep/vtep.xml index 62075ca88..927efed5f 100644 --- a/vtep/vtep.xml +++ b/vtep/vtep.xml @@ -116,12 +116,12 @@ The following connection methods are currently supported: </p> <dl> - <dt><code>ssl:<var>ip</var></code>[<code>:<var>port</var></code>]</dt> + <dt><code>ssl:<var>host</var></code>[<code>:<var>port</var></code>]</dt> <dd> <p> - The specified SSL <var>port</var> (default: 6640) on the host at - the given <var>ip</var>, which must be expressed as an IP address - (not a DNS name). + The specified SSL <var>port</var> (default: 6640) on the given + <var>host</var>, which can either be a DNS name (if built with + unbound library) or an IP address. </p> <p> SSL key and certificate configuration happens outside the @@ -129,27 +129,29 @@ </p> </dd> - <dt><code>tcp:<var>ip</var></code>[<code>:<var>port</var></code>]</dt> + <dt><code>tcp:<var>host</var></code>[<code>:<var>port</var></code>]</dt> <dd> - The specified TCP <var>port</var> (default: 6640) on the host at - the given <var>ip</var>, which must be expressed as an IP address - (not a DNS name). + The specified TCP <var>port</var> (default: 6640) on the given + <var>host</var>, which can either be a DNS name (if built with + unbound library) or an IP address. </dd> - <dt><code>pssl:</code>[<var>port</var>][<code>:<var>ip</var></code>]</dt> + <dt><code>pssl:</code>[<var>port</var>][<code>:<var>host</var></code>]</dt> <dd> <p> Listens for SSL connections on the specified TCP <var>port</var> - (default: 6640). If <var>ip</var>, which must be expressed as an - IP address (not a DNS name), is specified, then connections are - restricted to the specified local IP address. + (default: 6640). If <var>host</var>, which can either be a DNS + name (if built with unbound library) or an IP address, is + specified, then connections are restricted to the resolved or + specified local IP address. </p> </dd> - <dt><code>ptcp:</code>[<var>port</var>][<code>:<var>ip</var></code>]</dt> + <dt><code>ptcp:</code>[<var>port</var>][<code>:<var>host</var></code>]</dt> <dd> Listens for connections on the specified TCP <var>port</var> - (default: 6640). If <var>ip</var>, which must be expressed as an - IP address (not a DNS name), is specified, then connections are - restricted to the specified local IP address. + (default: 6640). If <var>host</var>, which can either be a DNS + name (if built with unbound library) or an IP address, is + specified, then connections are restricted to the resolved or + specified local IP address. </dd> </dl> </column> |