static void
usage(void)
{
printf("%s: Open vSwitch daemon\n"
"usage: %s [OPTIONS] [DATABASE]\n"
"where DATABASE is a socket on which ovsdb-server is listening\n"
" (default: \"unix:%s/db.sock\").\n",
program_name, program_name, ovs_rundir());
stream_usage("DATABASE", true, false, true);
daemon_usage();
vlog_usage();
printf("\nOther options:\n"
" --unixctl=SOCKET override default control socket name\n"
" -h, --help display this help message\n"
" -V, --version display version information\n");
leak_checker_usage();
exit(EXIT_SUCCESS);
}
static void
usage(void)
{
printf("%s: Open vSwitch daemon\n"
"usage: %s [OPTIONS] [DATABASE]\n"
"where DATABASE is a socket on which ovsdb-server is listening\n"
" (default: \"unix:%s/db.sock\").\n",
program_name, program_name, ovs_rundir());
stream_usage("DATABASE", true, false, true);
daemon_usage();
vlog_usage();
printf("\nDPDK options:\n"
" --dpdk options Initialize DPDK datapath.\n"
" --cuse_dev_name BASENAME override default character device name\n"
" for use with userspace vHost.\n");
printf("\nOther options:\n"
" --unixctl=SOCKET override default control socket name\n"
" -h, --help display this help message\n"
" -V, --version display version information\n");
exit(EXIT_SUCCESS);
}
static void
usage(void)
{
printf("%s: userspace OpenFlow switch\n"
"usage: %s [OPTIONS] CONTROLLER\n"
"where CONTROLLER is an active OpenFlow connection method.\n",
program_name, program_name);
vconn_usage(true, true, true);
printf("\nConfiguration options:\n"
" -i, --interfaces=NETDEV[,NETDEV]...\n"
" add specified initial switch ports\n"
" -d, --datapath-id=ID Use ID as the OpenFlow switch ID\n"
" (ID must consist of 12 hex digits)\n"
" --max-backoff=SECS max time between controller connection\n"
" attempts (default: 15 seconds)\n"
" -l, --listen=METHOD allow management connections on METHOD\n"
" (a passive OpenFlow connection method)\n");
daemon_usage();
vlog_usage();
printf("\nOther options:\n"
" -h, --help display this help message\n"
" -V, --version display version information\n");
exit(EXIT_SUCCESS);
}
static void
test_jsonrpc_main(int argc, char *argv[])
{
struct ovs_cmdl_context ctx = { .argc = 0, };
ovs_cmdl_proctitle_init(argc, argv);
set_program_name(argv[0]);
service_start(&argc, &argv);
parse_options(argc, argv);
ctx.argc = argc - optind;
ctx.argv = argv + optind;
ovs_cmdl_run_command(&ctx, get_all_commands());
}
static void
parse_options(int argc, char *argv[])
{
enum {
OPT_BOOTSTRAP_CA_CERT = UCHAR_MAX + 1,
DAEMON_OPTION_ENUMS
};
static const struct option long_options[] = {
{"verbose", optional_argument, NULL, 'v'},
{"help", no_argument, NULL, 'h'},
DAEMON_LONG_OPTIONS,
{"bootstrap-ca-cert", required_argument, NULL, OPT_BOOTSTRAP_CA_CERT},
STREAM_SSL_LONG_OPTIONS,
{NULL, 0, NULL, 0},
};
char *short_options = ovs_cmdl_long_options_to_short_options(long_options);
for (;;) {
int c = getopt_long(argc, argv, short_options, long_options, NULL);
if (c == -1) {
break;
}
switch (c) {
case 'h':
usage();
case 'v':
vlog_set_verbosity(optarg);
break;
DAEMON_OPTION_HANDLERS
STREAM_SSL_OPTION_HANDLERS
case OPT_BOOTSTRAP_CA_CERT:
stream_ssl_set_ca_cert_file(optarg, true);
break;
case '?':
exit(EXIT_FAILURE);
default:
abort();
}
}
free(short_options);
}
static void
usage(void)
{
printf("%s: JSON-RPC test utility\n"
"usage: %s [OPTIONS] COMMAND [ARG...]\n"
" listen LOCAL listen for connections on LOCAL\n"
" request REMOTE METHOD PARAMS send request, print reply\n"
" notify REMOTE METHOD PARAMS send notification and exit\n",
program_name, program_name);
stream_usage("JSON-RPC", true, true, true);
daemon_usage();
vlog_usage();
printf("\nOther options:\n"
" -h, --help display this help message\n");
exit(EXIT_SUCCESS);
}
int
main(int argc, char *argv[])
{
struct unixctl_server *unixctl;
bool exiting;
int retval;
ovs_cmdl_proctitle_init(argc, argv);
set_program_name(argv[0]);
parse_options(argc, argv);
fatal_ignore_sigpipe();
daemonize_start();
retval = unixctl_server_create(NULL, &unixctl);
if (retval) {
exit(EXIT_FAILURE);
}
unixctl_command_register("exit", "", 0, 0, ovn_controller_exit, &exiting);
daemonize_complete();
ovsrec_init();
sbrec_init();
ofctrl_init();
lflow_init();
/* Connect to OVS OVSDB instance. We do not monitor all tables by
* default, so modules must register their interest explicitly. */
struct idl_loop ovs_idl_loop = IDL_LOOP_INITIALIZER(
ovsdb_idl_create(ovs_remote, &ovsrec_idl_class, false, true));
ovsdb_idl_add_table(ovs_idl_loop.idl, &ovsrec_table_open_vswitch);
ovsdb_idl_add_column(ovs_idl_loop.idl,
&ovsrec_open_vswitch_col_external_ids);
chassis_register_ovs_idl(ovs_idl_loop.idl);
encaps_register_ovs_idl(ovs_idl_loop.idl);
binding_register_ovs_idl(ovs_idl_loop.idl);
physical_register_ovs_idl(ovs_idl_loop.idl);
get_initial_snapshot(ovs_idl_loop.idl);
/* Connect to OVN SB database. */
char *ovnsb_remote = get_ovnsb_remote(ovs_idl_loop.idl);
struct idl_loop ovnsb_idl_loop = IDL_LOOP_INITIALIZER(
ovsdb_idl_create(ovnsb_remote, &sbrec_idl_class, true, true));
get_initial_snapshot(ovnsb_idl_loop.idl);
/* Main loop. */
exiting = false;
while (!exiting) {
struct controller_ctx ctx = {
.ovs_idl = ovs_idl_loop.idl,
.ovs_idl_txn = idl_loop_run(&ovs_idl_loop),
.ovnsb_idl = ovnsb_idl_loop.idl,
.ovnsb_idl_txn = idl_loop_run(&ovnsb_idl_loop),
};
const struct ovsrec_bridge *br_int = get_br_int(ctx.ovs_idl);
const char *chassis_id = get_chassis_id(ctx.ovs_idl);
if (chassis_id) {
chassis_run(&ctx, chassis_id);
encaps_run(&ctx, br_int, chassis_id);
binding_run(&ctx, br_int, chassis_id);
}
if (br_int) {
struct hmap flow_table = HMAP_INITIALIZER(&flow_table);
lflow_run(&ctx, &flow_table);
if (chassis_id) {
physical_run(&ctx, br_int, chassis_id, &flow_table);
}
ofctrl_run(br_int, &flow_table);
hmap_destroy(&flow_table);
}
unixctl_server_run(unixctl);
unixctl_server_wait(unixctl);
if (exiting) {
poll_immediate_wake();
}
idl_loop_commit_and_wait(&ovnsb_idl_loop);
idl_loop_commit_and_wait(&ovs_idl_loop);
if (br_int) {
ofctrl_wait();
}
poll_block();
}
/* It's time to exit. Clean up the databases. */
bool done = false;
while (!done) {
struct controller_ctx ctx = {
.ovs_idl = ovs_idl_loop.idl,
.ovs_idl_txn = idl_loop_run(&ovs_idl_loop),
.ovnsb_idl = ovnsb_idl_loop.idl,
.ovnsb_idl_txn = idl_loop_run(&ovnsb_idl_loop),
};
const struct ovsrec_bridge *br_int = get_br_int(ctx.ovs_idl);
const char *chassis_id = get_chassis_id(ctx.ovs_idl);
/* Run all of the cleanup functions, even if one of them returns false.
* We're done if all of them return true. */
done = binding_cleanup(&ctx, chassis_id);
done = chassis_cleanup(&ctx, chassis_id) && done;
done = encaps_cleanup(&ctx, br_int) && done;
if (done) {
poll_immediate_wake();
}
idl_loop_commit_and_wait(&ovnsb_idl_loop);
idl_loop_commit_and_wait(&ovs_idl_loop);
poll_block();
}
unixctl_server_destroy(unixctl);
lflow_destroy();
ofctrl_destroy();
idl_loop_destroy(&ovs_idl_loop);
idl_loop_destroy(&ovnsb_idl_loop);
free(ovnsb_remote);
free(ovs_remote);
exit(retval);
}
static void
parse_options(int argc, char *argv[])
{
enum {
OPT_PEER_CA_CERT = UCHAR_MAX + 1,
VLOG_OPTION_ENUMS,
DAEMON_OPTION_ENUMS
};
static struct option long_options[] = {
{"help", no_argument, NULL, 'h'},
{"version", no_argument, NULL, 'V'},
VLOG_LONG_OPTIONS,
DAEMON_LONG_OPTIONS,
STREAM_SSL_LONG_OPTIONS,
{"peer-ca-cert", required_argument, NULL, OPT_PEER_CA_CERT},
{NULL, 0, NULL, 0}
};
char *short_options = ovs_cmdl_long_options_to_short_options(long_options);
for (;;) {
int c;
c = getopt_long(argc, argv, short_options, long_options, NULL);
if (c == -1) {
break;
}
switch (c) {
case 'h':
usage();
case 'V':
ovs_print_version(OFP13_VERSION, OFP13_VERSION);
exit(EXIT_SUCCESS);
VLOG_OPTION_HANDLERS
DAEMON_OPTION_HANDLERS
STREAM_SSL_OPTION_HANDLERS
case OPT_PEER_CA_CERT:
stream_ssl_set_peer_ca_cert_file(optarg);
break;
case '?':
exit(EXIT_FAILURE);
default:
abort();
}
}
free(short_options);
argc -= optind;
argv += optind;
if (argc == 0) {
ovs_remote = xasprintf("unix:%s/db.sock", ovs_rundir());
} else if (argc == 1) {
ovs_remote = xstrdup(argv[0]);
} else {
VLOG_FATAL("exactly zero or one non-option argument required; "
"use --help for usage");
}
}
static void
usage(void)
{
printf("%s: OVN controller\n"
"usage %s [OPTIONS] [OVS-DATABASE]\n"
"where OVS-DATABASE is a socket on which the OVS OVSDB server is listening.\n",
program_name, program_name);
stream_usage("OVS-DATABASE", true, false, false);
daemon_usage();
vlog_usage();
printf("\nOther options:\n"
" -h, --help display this help message\n"
" -V, --version display version information\n");
exit(EXIT_SUCCESS);
}
static void
ovn_controller_exit(struct unixctl_conn *conn, int argc OVS_UNUSED,
const char *argv[] OVS_UNUSED, void *exiting_)
{
bool *exiting = exiting_;
*exiting = true;
unixctl_command_reply(conn, NULL);
}
int daemon_main(int argc, char *argv[])
{
int opt;
bool fork_flag = false;
bool replace_flag = false;
bool patch_sepolicy = true;
enum {
OPT_ALLOW_ROOT_CLIENT = 1000,
OPT_NO_PATCH_SEPOLICY = 1001,
OPT_SIGSTOP_WHEN_READY = 1002,
OPT_LOG_TO_KMSG = 1003,
OPT_LOG_TO_STDIO = 1004,
OPT_NO_UNSHARE = 1005,
};
static struct option long_options[] = {
{"daemonize", no_argument, 0, 'd'},
{"replace", no_argument, 0, 'r'},
{"help", no_argument, 0, 'h'},
{"allow-root-client", no_argument, 0, OPT_ALLOW_ROOT_CLIENT},
{"no-patch-sepolicy", no_argument, 0, OPT_NO_PATCH_SEPOLICY},
{"sigstop-when-ready", no_argument, 0, OPT_SIGSTOP_WHEN_READY},
{"log-to-kmsg", no_argument, 0, OPT_LOG_TO_KMSG},
{"log-to-stdio", no_argument, 0, OPT_LOG_TO_STDIO},
{"no-unshare", no_argument, 0, OPT_NO_UNSHARE},
{0, 0, 0, 0}
};
int long_index = 0;
while ((opt = getopt_long(argc, argv, "drh", long_options, &long_index)) != -1) {
switch (opt) {
case 'd':
fork_flag = true;
break;
case 'r':
replace_flag = true;
break;
case 'h':
daemon_usage(0);
return EXIT_SUCCESS;
case OPT_ALLOW_ROOT_CLIENT:
allow_root_client = true;
break;
case OPT_NO_PATCH_SEPOLICY:
patch_sepolicy = false;
break;
case OPT_SIGSTOP_WHEN_READY:
sigstop_when_ready = true;
break;
case OPT_LOG_TO_KMSG:
log_to_kmsg = true;
break;
case OPT_LOG_TO_STDIO:
log_to_stdio = true;
break;
case OPT_NO_UNSHARE:
no_unshare = true;
break;
default:
daemon_usage(1);
return EXIT_FAILURE;
}
}
// There should be no other arguments
if (argc - optind != 0) {
daemon_usage(1);
return EXIT_FAILURE;
}
if (!no_unshare && unshare(CLONE_NEWNS) < 0) {
fprintf(stderr, "unshare() failed: %s\n", strerror(errno));
return EXIT_FAILURE;
}
if (patch_sepolicy) {
patch_loaded_sepolicy(SELinuxPatch::MAIN);
}
if (!switch_context(MB_EXEC_CONTEXT)) {
fprintf(stderr, "Failed to switch context; %s may not run properly",
argv[0]);
}
if (replace_flag) {
PROCTAB *proc = openproc(PROC_FILLCOM | PROC_FILLSTAT);
if (proc) {
pid_t curpid = getpid();
while (proc_t *info = readproc(proc, nullptr)) {
// NOTE: Can't check 'strcmp(info->cmd, "mbtool") == 0' (which
// is the basename of /proc/<pid>/cmd) because the binary is not
// always called "mbtool". For example, when run via SignedExec,
// it's just called "binary".
// If we can read the cmdline and argc >= 2
if (info->cmdline && info->cmdline[0] && info->cmdline[1]) {
const char *name = strrchr(info->cmdline[0], '/');
if (name) {
++name;
} else {
name = info->cmdline[0];
}
if (strcmp(name, "mbtool") == 0 // This is mbtool
&& strstr(info->cmdline[1], "daemon") // And it's a daemon process
&& info->tid != curpid) { // And we're not killing ourself
// Kill the daemon process
LOGV("Killing PID %d", info->tid);
kill(info->tid, SIGTERM);
}
}
freeproc(info);
}
closeproc(proc);
}
// Give processes a chance to exit
usleep(500000);
}
if (fork_flag) {
run_daemon_fork();
} else {
return (daemon_init() && run_daemon())
? EXIT_SUCCESS : EXIT_FAILURE;
}
}
int daemon_main(int argc, char *argv[])
{
int opt;
bool fork_flag = false;
bool replace_flag = false;
static struct option long_options[] = {
{"daemonize", no_argument, 0, 'd'},
{"replace", no_argument, 0, 'r'},
{"help", no_argument, 0, 'h'},
{0, 0, 0, 0}
};
int long_index = 0;
while ((opt = getopt_long(argc, argv, "drh", long_options, &long_index)) != -1) {
switch (opt) {
case 'd':
fork_flag = true;
break;
case 'r':
replace_flag = true;
break;
case 'h':
daemon_usage(0);
return EXIT_SUCCESS;
default:
daemon_usage(1);
return EXIT_FAILURE;
}
}
// There should be no other arguments
if (argc - optind != 0) {
daemon_usage(1);
return EXIT_FAILURE;
}
// Patch SELinux policy to make init permissive
patch_loaded_sepolicy();
// Allow untrusted_app to connect to our daemon
patch_sepolicy_daemon();
// Set version property if we're the system mbtool (i.e. launched by init)
// Possible to override this with another program by double forking, letting
// 2nd child reparent to init, and then calling execve("/mbtool", ...), but
// meh ...
if (getppid() == 1) {
if (!util::set_property("ro.multiboot.version", get_mbtool_version())) {
std::printf("Failed to set 'ro.multiboot.version' to '%s'\n",
get_mbtool_version());
}
}
if (replace_flag) {
PROCTAB *proc = openproc(PROC_FILLCOM | PROC_FILLSTAT);
if (proc) {
pid_t curpid = getpid();
while (proc_t *info = readproc(proc, nullptr)) {
if (strcmp(info->cmd, "mbtool") == 0 // This is mbtool
&& info->cmdline // And we can see the command line
&& info->cmdline[1] // And argc > 1
&& strstr(info->cmdline[1], "daemon") // And it's a daemon process
&& info->tid != curpid) { // And we're not killing ourself
// Kill the daemon process
std::printf("Killing PID %d\n", info->tid);
kill(info->tid, SIGTERM);
}
freeproc(info);
}
closeproc(proc);
}
// Give processes a chance to exit
usleep(500000);
}
// Set up logging
if (!util::mkdir_parent(MULTIBOOT_LOG_DAEMON, 0775) && errno != EEXIST) {
fprintf(stderr, "Failed to create parent directory of %s: %s\n",
MULTIBOOT_LOG_DAEMON, strerror(errno));
return EXIT_FAILURE;
}
autoclose::file fp(autoclose::fopen(MULTIBOOT_LOG_DAEMON, "w"));
if (!fp) {
fprintf(stderr, "Failed to open log file %s: %s\n",
MULTIBOOT_LOG_DAEMON, strerror(errno));
return EXIT_FAILURE;
}
fix_multiboot_permissions();
// mbtool logging
log::log_set_logger(std::make_shared<log::StdioLogger>(fp.get(), true));
if (fork_flag) {
run_daemon_fork();
} else {
return run_daemon() ? EXIT_SUCCESS : EXIT_FAILURE;
}
}
