2 * Licensed under the Apache License, Version 2.0 (the "License");
3 * you may not use this file except in compliance with the License.
4 * You may obtain a copy of the License at:
6 * http://www.apache.org/licenses/LICENSE-2.0
8 * Unless required by applicable law or agreed to in writing, software
9 * distributed under the License is distributed on an "AS IS" BASIS,
10 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
11 * See the License for the specific language governing permissions and
12 * limitations under the License.
22 #include "command-line.h"
23 #include "db-ctl-base.h"
25 #include "fatal-signal.h"
27 #include "ovn/lib/ovn-nb-idl.h"
29 #include "poll-loop.h"
33 #include "stream-ssl.h"
38 #include "openvswitch/vlog.h"
40 VLOG_DEFINE_THIS_MODULE(nbctl);
42 /* --db: The database server to contact. */
43 static const char *db;
45 /* --oneline: Write each command's output as a single line? */
48 /* --dry-run: Do not commit any changes. */
51 /* --timeout: Time to wait for a connection to 'db'. */
54 /* Format for table output. */
55 static struct table_style table_style = TABLE_STYLE_DEFAULT;
57 /* The IDL we're using and the current transaction, if any.
58 * This is for use by nbctl_exit() only, to allow it to clean up.
59 * Other code should use its context arguments. */
60 static struct ovsdb_idl *the_idl;
61 static struct ovsdb_idl_txn *the_idl_txn;
62 OVS_NO_RETURN static void nbctl_exit(int status);
64 static void nbctl_cmd_init(void);
65 OVS_NO_RETURN static void usage(void);
66 static void parse_options(int argc, char *argv[], struct shash *local_options);
67 static const char *nbctl_default_db(void);
68 static void run_prerequisites(struct ctl_command[], size_t n_commands,
70 static void do_nbctl(const char *args, struct ctl_command *, size_t n,
74 main(int argc, char *argv[])
76 struct ovsdb_idl *idl;
77 struct ctl_command *commands;
78 struct shash local_options;
83 set_program_name(argv[0]);
84 fatal_ignore_sigpipe();
85 vlog_set_levels(NULL, VLF_CONSOLE, VLL_WARN);
86 vlog_set_levels_from_string_assert("reconnect:warn");
91 /* Log our arguments. This is often valuable for debugging systems. */
92 args = process_escape_args(argv);
93 VLOG(ctl_might_write_to_db(argv) ? VLL_INFO : VLL_DBG,
94 "Called as %s", args);
96 /* Parse command line. */
97 shash_init(&local_options);
98 parse_options(argc, argv, &local_options);
99 commands = ctl_parse_commands(argc - optind, argv + optind, &local_options,
106 /* Initialize IDL. */
107 idl = the_idl = ovsdb_idl_create(db, &nbrec_idl_class, true, false);
108 run_prerequisites(commands, n_commands, idl);
110 /* Execute the commands.
112 * 'seqno' is the database sequence number for which we last tried to
113 * execute our transaction. There's no point in trying to commit more than
114 * once for any given sequence number, because if the transaction fails
115 * it's because the database changed and we need to obtain an up-to-date
116 * view of the database before we try the transaction again. */
117 seqno = ovsdb_idl_get_seqno(idl);
120 if (!ovsdb_idl_is_alive(idl)) {
121 int retval = ovsdb_idl_get_last_error(idl);
122 ctl_fatal("%s: database connection failed (%s)",
123 db, ovs_retval_to_string(retval));
126 if (seqno != ovsdb_idl_get_seqno(idl)) {
127 seqno = ovsdb_idl_get_seqno(idl);
128 do_nbctl(args, commands, n_commands, idl);
131 if (seqno == ovsdb_idl_get_seqno(idl)) {
139 nbctl_default_db(void)
143 def = getenv("OVN_NB_DB");
145 def = ctl_default_db();
152 parse_options(int argc, char *argv[], struct shash *local_options)
155 OPT_DB = UCHAR_MAX + 1,
165 static const struct option global_long_options[] = {
166 {"db", required_argument, NULL, OPT_DB},
167 {"no-syslog", no_argument, NULL, OPT_NO_SYSLOG},
168 {"dry-run", no_argument, NULL, OPT_DRY_RUN},
169 {"oneline", no_argument, NULL, OPT_ONELINE},
170 {"timeout", required_argument, NULL, 't'},
171 {"help", no_argument, NULL, 'h'},
172 {"commands", no_argument, NULL, OPT_COMMANDS},
173 {"options", no_argument, NULL, OPT_OPTIONS},
174 {"version", no_argument, NULL, 'V'},
176 STREAM_SSL_LONG_OPTIONS,
180 const int n_global_long_options = ARRAY_SIZE(global_long_options) - 1;
181 char *tmp, *short_options;
183 struct option *options;
184 size_t allocated_options;
188 tmp = ovs_cmdl_long_options_to_short_options(global_long_options);
189 short_options = xasprintf("+%s", tmp);
192 /* We want to parse both global and command-specific options here, but
193 * getopt_long() isn't too convenient for the job. We copy our global
194 * options into a dynamic array, then append all of the command-specific
196 options = xmemdup(global_long_options, sizeof global_long_options);
197 allocated_options = ARRAY_SIZE(global_long_options);
198 n_options = n_global_long_options;
199 ctl_add_cmd_options(&options, &n_options, &allocated_options, OPT_LOCAL);
200 table_style.format = TF_LIST;
206 c = getopt_long(argc, argv, short_options, options, &idx);
221 vlog_set_levels(&VLM_nbctl, VLF_SYSLOG, VLL_WARN);
229 if (shash_find(local_options, options[idx].name)) {
230 ctl_fatal("'%s' option specified multiple times",
233 shash_add_nocopy(local_options,
234 xasprintf("--%s", options[idx].name),
235 optarg ? xstrdup(optarg) : NULL);
243 ctl_print_commands();
246 ctl_print_options(global_long_options);
249 ovs_print_version(0, 0);
250 printf("DB Schema %s\n", nbrec_get_db_version());
254 timeout = strtoul(optarg, NULL, 10);
256 ctl_fatal("value %s on -t or --timeout is invalid", optarg);
261 TABLE_OPTION_HANDLERS(&table_style)
262 STREAM_SSL_OPTION_HANDLERS
274 db = nbctl_default_db();
277 for (i = n_global_long_options; options[i].name; i++) {
278 free(CONST_CAST(char *, options[i].name));
287 %s: OVN northbound DB management utility\n\
288 usage: %s [OPTIONS] COMMAND [ARG...]\n\
291 show print overview of database contents\n\
292 show LSWITCH print overview of database contents for LSWITCH\n\
294 Logical switch commands:\n\
295 lswitch-add [LSWITCH] create a logical switch named LSWITCH\n\
296 lswitch-del LSWITCH delete LSWITCH and all its ports\n\
297 lswitch-list print the names of all logical switches\n\
300 acl-add LSWITCH DIRECTION PRIORITY MATCH ACTION [log]\n\
301 add an ACL to LSWITCH\n\
302 acl-del LSWITCH [DIRECTION [PRIORITY MATCH]]\n\
303 remove ACLs from LSWITCH\n\
304 acl-list LSWITCH print ACLs for LSWITCH\n\
306 Logical port commands:\n\
307 lport-add LSWITCH LPORT add logical port LPORT on LSWITCH\n\
308 lport-add LSWITCH LPORT PARENT TAG\n\
309 add logical port LPORT on LSWITCH with PARENT\n\
311 lport-del LPORT delete LPORT from its attached switch\n\
312 lport-list LSWITCH print the names of all logical ports on LSWITCH\n\
313 lport-get-parent LPORT get the parent of LPORT if set\n\
314 lport-get-tag LPORT get the LPORT's tag if set\n\
315 lport-set-addresses LPORT [ADDRESS]...\n\
316 set MAC or MAC+IP addresses for LPORT.\n\
317 lport-get-addresses LPORT get a list of MAC addresses on LPORT\n\
318 lport-set-port-security LPORT [ADDRS]...\n\
319 set port security addresses for LPORT.\n\
320 lport-get-port-security LPORT get LPORT's port security addresses\n\
321 lport-get-up LPORT get state of LPORT ('up' or 'down')\n\
322 lport-set-enabled LPORT STATE\n\
323 set administrative state LPORT\n\
324 ('enabled' or 'disabled')\n\
325 lport-get-enabled LPORT get administrative state LPORT\n\
326 ('enabled' or 'disabled')\n\
327 lport-set-type LPORT TYPE Set the type for LPORT\n\
328 lport-get-type LPORT Get the type for LPORT\n\
329 lport-set-options LPORT KEY=VALUE [KEY=VALUE]...\n\
330 Set options related to the type of LPORT\n\
331 lport-get-options LPORT Get the type specific options for LPORT\n\
336 --db=DATABASE connect to DATABASE\n\
338 -t, --timeout=SECS wait at most SECS seconds\n\
339 --dry-run do not commit changes to database\n\
340 --oneline print exactly one line of output per command\n",
341 program_name, program_name, ctl_get_db_cmd_usage(), nbctl_default_db());
344 --no-syslog equivalent to --verbose=nbctl:syslog:warn\n");
347 -h, --help display this help message\n\
348 -V, --version display version information\n");
352 static const struct nbrec_logical_switch *
353 lswitch_by_name_or_uuid(struct ctl_context *ctx, const char *id)
355 const struct nbrec_logical_switch *lswitch = NULL;
356 bool is_uuid = false;
357 bool duplicate = false;
358 struct uuid lswitch_uuid;
360 if (uuid_from_string(&lswitch_uuid, id)) {
362 lswitch = nbrec_logical_switch_get_for_uuid(ctx->idl,
367 const struct nbrec_logical_switch *iter;
369 NBREC_LOGICAL_SWITCH_FOR_EACH(iter, ctx->idl) {
370 if (strcmp(iter->name, id)) {
374 VLOG_WARN("There is more than one logical switch named '%s'. "
384 if (!lswitch && !duplicate) {
385 VLOG_WARN("lswitch not found for %s: '%s'",
386 is_uuid ? "UUID" : "name", id);
393 print_lswitch(const struct nbrec_logical_switch *lswitch, struct ds *s)
395 ds_put_format(s, " lswitch "UUID_FMT" (%s)\n",
396 UUID_ARGS(&lswitch->header_.uuid), lswitch->name);
398 for (size_t i = 0; i < lswitch->n_ports; i++) {
399 const struct nbrec_logical_port *lport = lswitch->ports[i];
401 ds_put_format(s, " lport %s\n", lport->name);
402 if (lport->parent_name) {
403 ds_put_format(s, " parent: %s\n", lport->parent_name);
406 ds_put_format(s, " tag: %"PRIu64"\n", lport->tag[0]);
408 if (lport->n_addresses) {
409 ds_put_cstr(s, " addresses: [");
410 for (size_t j = 0; j < lport->n_addresses; j++) {
411 ds_put_format(s, "%s\"%s\"",
413 lport->addresses[j]);
415 ds_put_cstr(s, "]\n");
421 nbctl_show(struct ctl_context *ctx)
423 const struct nbrec_logical_switch *lswitch;
425 if (ctx->argc == 2) {
426 lswitch = lswitch_by_name_or_uuid(ctx, ctx->argv[1]);
428 print_lswitch(lswitch, &ctx->output);
431 NBREC_LOGICAL_SWITCH_FOR_EACH(lswitch, ctx->idl) {
432 print_lswitch(lswitch, &ctx->output);
438 nbctl_lswitch_add(struct ctl_context *ctx)
440 struct nbrec_logical_switch *lswitch;
442 lswitch = nbrec_logical_switch_insert(ctx->txn);
443 if (ctx->argc == 2) {
444 nbrec_logical_switch_set_name(lswitch, ctx->argv[1]);
449 nbctl_lswitch_del(struct ctl_context *ctx)
451 const char *id = ctx->argv[1];
452 const struct nbrec_logical_switch *lswitch;
454 lswitch = lswitch_by_name_or_uuid(ctx, id);
459 nbrec_logical_switch_delete(lswitch);
463 nbctl_lswitch_list(struct ctl_context *ctx)
465 const struct nbrec_logical_switch *lswitch;
466 struct smap lswitches;
468 smap_init(&lswitches);
469 NBREC_LOGICAL_SWITCH_FOR_EACH(lswitch, ctx->idl) {
470 smap_add_format(&lswitches, lswitch->name, UUID_FMT " (%s)",
471 UUID_ARGS(&lswitch->header_.uuid), lswitch->name);
473 const struct smap_node **nodes = smap_sort(&lswitches);
474 for (size_t i = 0; i < smap_count(&lswitches); i++) {
475 const struct smap_node *node = nodes[i];
476 ds_put_format(&ctx->output, "%s\n", node->value);
478 smap_destroy(&lswitches);
482 static const struct nbrec_logical_port *
483 lport_by_name_or_uuid(struct ctl_context *ctx, const char *id)
485 const struct nbrec_logical_port *lport = NULL;
486 bool is_uuid = false;
487 struct uuid lport_uuid;
489 if (uuid_from_string(&lport_uuid, id)) {
491 lport = nbrec_logical_port_get_for_uuid(ctx->idl, &lport_uuid);
495 NBREC_LOGICAL_PORT_FOR_EACH(lport, ctx->idl) {
496 if (!strcmp(lport->name, id)) {
503 VLOG_WARN("lport not found for %s: '%s'",
504 is_uuid ? "UUID" : "name", id);
511 nbctl_lport_add(struct ctl_context *ctx)
513 struct nbrec_logical_port *lport;
514 const struct nbrec_logical_switch *lswitch;
517 lswitch = lswitch_by_name_or_uuid(ctx, ctx->argv[1]);
522 if (ctx->argc != 3 && ctx->argc != 5) {
523 /* If a parent_name is specified, a tag must be specified as well. */
524 VLOG_WARN("Invalid arguments to lport-add.");
528 if (ctx->argc == 5) {
530 if (!ovs_scan(ctx->argv[4], "%"SCNd64, &tag) || tag < 0 || tag > 4095) {
531 VLOG_WARN("Invalid tag '%s'", ctx->argv[4]);
536 /* Create the logical port. */
537 lport = nbrec_logical_port_insert(ctx->txn);
538 nbrec_logical_port_set_name(lport, ctx->argv[2]);
539 if (ctx->argc == 5) {
540 nbrec_logical_port_set_parent_name(lport, ctx->argv[3]);
541 nbrec_logical_port_set_tag(lport, &tag, 1);
544 /* Insert the logical port into the logical switch. */
545 nbrec_logical_switch_verify_ports(lswitch);
546 struct nbrec_logical_port **new_ports = xmalloc(sizeof *new_ports *
547 (lswitch->n_ports + 1));
548 memcpy(new_ports, lswitch->ports, sizeof *new_ports * lswitch->n_ports);
549 new_ports[lswitch->n_ports] = lport;
550 nbrec_logical_switch_set_ports(lswitch, new_ports, lswitch->n_ports + 1);
554 /* Removes lport 'lswitch->ports[idx]'. */
556 remove_lport(const struct nbrec_logical_switch *lswitch, size_t idx)
558 const struct nbrec_logical_port *lport = lswitch->ports[idx];
560 /* First remove 'lport' from the array of ports. This is what will
561 * actually cause the logical port to be deleted when the transaction is
562 * sent to the database server (due to garbage collection). */
563 struct nbrec_logical_port **new_ports
564 = xmemdup(lswitch->ports, sizeof *new_ports * lswitch->n_ports);
565 new_ports[idx] = new_ports[lswitch->n_ports - 1];
566 nbrec_logical_switch_verify_ports(lswitch);
567 nbrec_logical_switch_set_ports(lswitch, new_ports, lswitch->n_ports - 1);
570 /* Delete 'lport' from the IDL. This won't have a real effect on the
571 * database server (the IDL will suppress it in fact) but it means that it
572 * won't show up when we iterate with NBREC_LOGICAL_PORT_FOR_EACH later. */
573 nbrec_logical_port_delete(lport);
577 nbctl_lport_del(struct ctl_context *ctx)
579 const struct nbrec_logical_port *lport;
581 lport = lport_by_name_or_uuid(ctx, ctx->argv[1]);
586 /* Find the switch that contains 'lport', then delete it. */
587 const struct nbrec_logical_switch *lswitch;
588 NBREC_LOGICAL_SWITCH_FOR_EACH (lswitch, ctx->idl) {
589 for (size_t i = 0; i < lswitch->n_ports; i++) {
590 if (lswitch->ports[i] == lport) {
591 remove_lport(lswitch, i);
597 VLOG_WARN("logical port %s is not part of any logical switch",
602 nbctl_lport_list(struct ctl_context *ctx)
604 const char *id = ctx->argv[1];
605 const struct nbrec_logical_switch *lswitch;
609 lswitch = lswitch_by_name_or_uuid(ctx, id);
615 for (i = 0; i < lswitch->n_ports; i++) {
616 const struct nbrec_logical_port *lport = lswitch->ports[i];
617 smap_add_format(&lports, lport->name, UUID_FMT " (%s)",
618 UUID_ARGS(&lport->header_.uuid), lport->name);
620 const struct smap_node **nodes = smap_sort(&lports);
621 for (i = 0; i < smap_count(&lports); i++) {
622 const struct smap_node *node = nodes[i];
623 ds_put_format(&ctx->output, "%s\n", node->value);
625 smap_destroy(&lports);
630 nbctl_lport_get_parent(struct ctl_context *ctx)
632 const struct nbrec_logical_port *lport;
634 lport = lport_by_name_or_uuid(ctx, ctx->argv[1]);
639 if (lport->parent_name) {
640 ds_put_format(&ctx->output, "%s\n", lport->parent_name);
645 nbctl_lport_get_tag(struct ctl_context *ctx)
647 const struct nbrec_logical_port *lport;
649 lport = lport_by_name_or_uuid(ctx, ctx->argv[1]);
654 if (lport->n_tag > 0) {
655 ds_put_format(&ctx->output, "%"PRId64"\n", lport->tag[0]);
660 nbctl_lport_set_addresses(struct ctl_context *ctx)
662 const char *id = ctx->argv[1];
663 const struct nbrec_logical_port *lport;
665 lport = lport_by_name_or_uuid(ctx, id);
671 for (i = 2; i < ctx->argc; i++) {
674 if (strcmp(ctx->argv[i], "unknown")
675 && !ovs_scan(ctx->argv[i], ETH_ADDR_SCAN_FMT,
676 ETH_ADDR_SCAN_ARGS(ea))) {
677 VLOG_ERR("Invalid address format (%s). See ovn-nb(5). "
678 "Hint: An Ethernet address must be "
679 "listed before an IP address, together as a single "
680 "argument.", ctx->argv[i]);
685 nbrec_logical_port_set_addresses(lport,
686 (const char **) ctx->argv + 2, ctx->argc - 2);
690 nbctl_lport_get_addresses(struct ctl_context *ctx)
692 const char *id = ctx->argv[1];
693 const struct nbrec_logical_port *lport;
694 struct svec addresses;
698 lport = lport_by_name_or_uuid(ctx, id);
703 svec_init(&addresses);
704 for (i = 0; i < lport->n_addresses; i++) {
705 svec_add(&addresses, lport->addresses[i]);
707 svec_sort(&addresses);
708 SVEC_FOR_EACH(i, mac, &addresses) {
709 ds_put_format(&ctx->output, "%s\n", mac);
711 svec_destroy(&addresses);
715 nbctl_lport_set_port_security(struct ctl_context *ctx)
717 const char *id = ctx->argv[1];
718 const struct nbrec_logical_port *lport;
720 lport = lport_by_name_or_uuid(ctx, id);
725 nbrec_logical_port_set_port_security(lport,
726 (const char **) ctx->argv + 2, ctx->argc - 2);
730 nbctl_lport_get_port_security(struct ctl_context *ctx)
732 const char *id = ctx->argv[1];
733 const struct nbrec_logical_port *lport;
738 lport = lport_by_name_or_uuid(ctx, id);
744 for (i = 0; i < lport->n_port_security; i++) {
745 svec_add(&addrs, lport->port_security[i]);
748 SVEC_FOR_EACH(i, addr, &addrs) {
749 ds_put_format(&ctx->output, "%s\n", addr);
751 svec_destroy(&addrs);
755 nbctl_lport_get_up(struct ctl_context *ctx)
757 const char *id = ctx->argv[1];
758 const struct nbrec_logical_port *lport;
760 lport = lport_by_name_or_uuid(ctx, id);
765 ds_put_format(&ctx->output,
766 "%s\n", (lport->up && *lport->up) ? "up" : "down");
770 nbctl_lport_set_enabled(struct ctl_context *ctx)
772 const char *id = ctx->argv[1];
773 const char *state = ctx->argv[2];
774 const struct nbrec_logical_port *lport;
776 lport = lport_by_name_or_uuid(ctx, id);
781 if (!strcasecmp(state, "enabled")) {
783 nbrec_logical_port_set_enabled(lport, &enabled, 1);
784 } else if (!strcasecmp(state, "disabled")) {
785 bool enabled = false;
786 nbrec_logical_port_set_enabled(lport, &enabled, 1);
788 VLOG_ERR("Invalid state '%s' provided to lport-set-enabled", state);
793 nbctl_lport_get_enabled(struct ctl_context *ctx)
795 const char *id = ctx->argv[1];
796 const struct nbrec_logical_port *lport;
798 lport = lport_by_name_or_uuid(ctx, id);
803 ds_put_format(&ctx->output, "%s\n",
804 !lport->enabled || *lport->enabled ? "enabled" : "disabled");
808 nbctl_lport_set_type(struct ctl_context *ctx)
810 const char *id = ctx->argv[1];
811 const char *type = ctx->argv[2];
812 const struct nbrec_logical_port *lport;
814 lport = lport_by_name_or_uuid(ctx, id);
819 nbrec_logical_port_set_type(lport, type);
823 nbctl_lport_get_type(struct ctl_context *ctx)
825 const char *id = ctx->argv[1];
826 const struct nbrec_logical_port *lport;
828 lport = lport_by_name_or_uuid(ctx, id);
833 ds_put_format(&ctx->output, "%s\n", lport->type);
837 nbctl_lport_set_options(struct ctl_context *ctx)
839 const char *id = ctx->argv[1];
840 const struct nbrec_logical_port *lport;
842 struct smap options = SMAP_INITIALIZER(&options);
844 lport = lport_by_name_or_uuid(ctx, id);
849 for (i = 2; i < ctx->argc; i++) {
851 value = xstrdup(ctx->argv[i]);
852 key = strsep(&value, "=");
854 smap_add(&options, key, value);
859 nbrec_logical_port_set_options(lport, &options);
861 smap_destroy(&options);
865 nbctl_lport_get_options(struct ctl_context *ctx)
867 const char *id = ctx->argv[1];
868 const struct nbrec_logical_port *lport;
869 struct smap_node *node;
871 lport = lport_by_name_or_uuid(ctx, id);
876 SMAP_FOR_EACH(node, &lport->options) {
877 ds_put_format(&ctx->output, "%s=%s\n", node->key, node->value);
887 dir_encode(const char *dir)
889 if (!strcmp(dir, "from-lport")) {
890 return DIR_FROM_LPORT;
891 } else if (!strcmp(dir, "to-lport")) {
899 acl_cmp(const void *acl1_, const void *acl2_)
901 const struct nbrec_acl *const *acl1p = acl1_;
902 const struct nbrec_acl *const *acl2p = acl2_;
903 const struct nbrec_acl *acl1 = *acl1p;
904 const struct nbrec_acl *acl2 = *acl2p;
906 int dir1 = dir_encode(acl1->direction);
907 int dir2 = dir_encode(acl2->direction);
910 return dir1 < dir2 ? -1 : 1;
911 } else if (acl1->priority != acl2->priority) {
912 return acl1->priority > acl2->priority ? -1 : 1;
914 return strcmp(acl1->match, acl2->match);
919 nbctl_acl_list(struct ctl_context *ctx)
921 const struct nbrec_logical_switch *lswitch;
922 const struct nbrec_acl **acls;
925 lswitch = lswitch_by_name_or_uuid(ctx, ctx->argv[1]);
930 acls = xmalloc(sizeof *acls * lswitch->n_acls);
931 for (i = 0; i < lswitch->n_acls; i++) {
932 acls[i] = lswitch->acls[i];
935 qsort(acls, lswitch->n_acls, sizeof *acls, acl_cmp);
937 for (i = 0; i < lswitch->n_acls; i++) {
938 const struct nbrec_acl *acl = acls[i];
939 printf("%10s %5"PRId64" (%s) %s%s\n", acl->direction, acl->priority,
940 acl->match, acl->action, acl->log ? " log" : "");
947 nbctl_acl_add(struct ctl_context *ctx)
949 const struct nbrec_logical_switch *lswitch;
950 const char *action = ctx->argv[5];
951 const char *direction;
954 lswitch = lswitch_by_name_or_uuid(ctx, ctx->argv[1]);
959 /* Validate direction. Only require the first letter. */
960 if (ctx->argv[2][0] == 't') {
961 direction = "to-lport";
962 } else if (ctx->argv[2][0] == 'f') {
963 direction = "from-lport";
965 VLOG_WARN("Invalid direction '%s'", ctx->argv[2]);
969 /* Validate priority. */
970 if (!ovs_scan(ctx->argv[3], "%"SCNd64, &priority) || priority < 0
971 || priority > 32767) {
972 VLOG_WARN("Invalid priority '%s'", ctx->argv[3]);
976 /* Validate action. */
977 if (strcmp(action, "allow") && strcmp(action, "allow-related")
978 && strcmp(action, "drop") && strcmp(action, "reject")) {
979 VLOG_WARN("Invalid action '%s'", action);
983 /* Create the acl. */
984 struct nbrec_acl *acl = nbrec_acl_insert(ctx->txn);
985 nbrec_acl_set_priority(acl, priority);
986 nbrec_acl_set_direction(acl, direction);
987 nbrec_acl_set_match(acl, ctx->argv[4]);
988 nbrec_acl_set_action(acl, action);
989 if (shash_find(&ctx->options, "--log") != NULL) {
990 nbrec_acl_set_log(acl, true);
993 /* Insert the acl into the logical switch. */
994 nbrec_logical_switch_verify_acls(lswitch);
995 struct nbrec_acl **new_acls = xmalloc(sizeof *new_acls *
996 (lswitch->n_acls + 1));
997 memcpy(new_acls, lswitch->acls, sizeof *new_acls * lswitch->n_acls);
998 new_acls[lswitch->n_acls] = acl;
999 nbrec_logical_switch_set_acls(lswitch, new_acls, lswitch->n_acls + 1);
1004 nbctl_acl_del(struct ctl_context *ctx)
1006 const struct nbrec_logical_switch *lswitch;
1007 const char *direction;
1008 int64_t priority = 0;
1010 lswitch = lswitch_by_name_or_uuid(ctx, ctx->argv[1]);
1015 if (ctx->argc != 2 && ctx->argc != 3 && ctx->argc != 5) {
1016 VLOG_WARN("Invalid number of arguments");
1020 if (ctx->argc == 2) {
1021 /* If direction, priority, and match are not specified, delete
1023 nbrec_logical_switch_verify_acls(lswitch);
1024 nbrec_logical_switch_set_acls(lswitch, NULL, 0);
1028 /* Validate direction. Only require first letter. */
1029 if (ctx->argv[2][0] == 't') {
1030 direction = "to-lport";
1031 } else if (ctx->argv[2][0] == 'f') {
1032 direction = "from-lport";
1034 VLOG_WARN("Invalid direction '%s'", ctx->argv[2]);
1038 /* If priority and match are not specified, delete all ACLs with the
1039 * specified direction. */
1040 if (ctx->argc == 3) {
1041 struct nbrec_acl **new_acls
1042 = xmalloc(sizeof *new_acls * lswitch->n_acls);
1045 for (size_t i = 0; i < lswitch->n_acls; i++) {
1046 if (strcmp(direction, lswitch->acls[i]->direction)) {
1047 new_acls[n_acls++] = lswitch->acls[i];
1051 nbrec_logical_switch_verify_acls(lswitch);
1052 nbrec_logical_switch_set_acls(lswitch, new_acls, n_acls);
1057 /* Validate priority. */
1058 if (!ovs_scan(ctx->argv[3], "%"SCNd64, &priority) || priority < 0
1059 || priority > 32767) {
1060 VLOG_WARN("Invalid priority '%s'", ctx->argv[3]);
1064 /* Remove the matching rule. */
1065 for (size_t i = 0; i < lswitch->n_acls; i++) {
1066 struct nbrec_acl *acl = lswitch->acls[i];
1068 if (priority == acl->priority && !strcmp(ctx->argv[4], acl->match) &&
1069 !strcmp(direction, acl->direction)) {
1070 struct nbrec_acl **new_acls
1071 = xmemdup(lswitch->acls, sizeof *new_acls * lswitch->n_acls);
1072 new_acls[i] = lswitch->acls[lswitch->n_acls - 1];
1073 nbrec_logical_switch_verify_acls(lswitch);
1074 nbrec_logical_switch_set_acls(lswitch, new_acls,
1075 lswitch->n_acls - 1);
1082 static const struct ctl_table_class tables[] = {
1083 {&nbrec_table_logical_switch,
1084 {{&nbrec_table_logical_switch, &nbrec_logical_switch_col_name, NULL},
1085 {NULL, NULL, NULL}}},
1087 {&nbrec_table_logical_port,
1088 {{&nbrec_table_logical_port, &nbrec_logical_port_col_name, NULL},
1089 {NULL, NULL, NULL}}},
1092 {{NULL, NULL, NULL},
1093 {NULL, NULL, NULL}}},
1095 {&nbrec_table_logical_router,
1096 {{&nbrec_table_logical_router, &nbrec_logical_router_col_name, NULL},
1097 {NULL, NULL, NULL}}},
1099 {&nbrec_table_logical_router_port,
1100 {{&nbrec_table_logical_router_port, &nbrec_logical_router_port_col_name,
1102 {NULL, NULL, NULL}}},
1104 {NULL, {{NULL, NULL, NULL}, {NULL, NULL, NULL}}}
1108 run_prerequisites(struct ctl_command *commands, size_t n_commands,
1109 struct ovsdb_idl *idl)
1111 struct ctl_command *c;
1113 for (c = commands; c < &commands[n_commands]; c++) {
1114 if (c->syntax->prerequisites) {
1115 struct ctl_context ctx;
1117 ds_init(&c->output);
1120 ctl_context_init(&ctx, c, idl, NULL, NULL, NULL);
1121 (c->syntax->prerequisites)(&ctx);
1122 ctl_context_done(&ctx, c);
1124 ovs_assert(!c->output.string);
1125 ovs_assert(!c->table);
1131 do_nbctl(const char *args, struct ctl_command *commands, size_t n_commands,
1132 struct ovsdb_idl *idl)
1134 struct ovsdb_idl_txn *txn;
1135 enum ovsdb_idl_txn_status status;
1136 struct ovsdb_symbol_table *symtab;
1137 struct ctl_context ctx;
1138 struct ctl_command *c;
1139 struct shash_node *node;
1142 txn = the_idl_txn = ovsdb_idl_txn_create(idl);
1144 ovsdb_idl_txn_set_dry_run(txn);
1147 ovsdb_idl_txn_add_comment(txn, "ovs-nbctl: %s", args);
1149 symtab = ovsdb_symbol_table_create();
1150 for (c = commands; c < &commands[n_commands]; c++) {
1151 ds_init(&c->output);
1154 ctl_context_init(&ctx, NULL, idl, txn, symtab, NULL);
1155 for (c = commands; c < &commands[n_commands]; c++) {
1156 ctl_context_init_command(&ctx, c);
1157 if (c->syntax->run) {
1158 (c->syntax->run)(&ctx);
1160 ctl_context_done_command(&ctx, c);
1162 if (ctx.try_again) {
1163 ctl_context_done(&ctx, NULL);
1167 ctl_context_done(&ctx, NULL);
1169 SHASH_FOR_EACH (node, &symtab->sh) {
1170 struct ovsdb_symbol *symbol = node->data;
1171 if (!symbol->created) {
1172 ctl_fatal("row id \"%s\" is referenced but never created (e.g. "
1173 "with \"-- --id=%s create ...\")",
1174 node->name, node->name);
1176 if (!symbol->strong_ref) {
1177 if (!symbol->weak_ref) {
1178 VLOG_WARN("row id \"%s\" was created but no reference to it "
1179 "was inserted, so it will not actually appear in "
1180 "the database", node->name);
1182 VLOG_WARN("row id \"%s\" was created but only a weak "
1183 "reference to it was inserted, so it will not "
1184 "actually appear in the database", node->name);
1189 status = ovsdb_idl_txn_commit_block(txn);
1190 if (status == TXN_UNCHANGED || status == TXN_SUCCESS) {
1191 for (c = commands; c < &commands[n_commands]; c++) {
1192 if (c->syntax->postprocess) {
1193 ctl_context_init(&ctx, c, idl, txn, symtab, NULL);
1194 (c->syntax->postprocess)(&ctx);
1195 ctl_context_done(&ctx, c);
1199 error = xstrdup(ovsdb_idl_txn_get_error(txn));
1202 case TXN_UNCOMMITTED:
1203 case TXN_INCOMPLETE:
1207 /* Should not happen--we never call ovsdb_idl_txn_abort(). */
1208 ctl_fatal("transaction aborted");
1218 ctl_fatal("transaction error: %s", error);
1220 case TXN_NOT_LOCKED:
1221 /* Should not happen--we never call ovsdb_idl_set_lock(). */
1222 ctl_fatal("database not locked");
1229 ovsdb_symbol_table_destroy(symtab);
1231 for (c = commands; c < &commands[n_commands]; c++) {
1232 struct ds *ds = &c->output;
1235 table_print(c->table, &table_style);
1236 } else if (oneline) {
1240 for (j = 0; j < ds->length; j++) {
1241 int ch = ds->string[j];
1244 fputs("\\n", stdout);
1248 fputs("\\\\", stdout);
1257 fputs(ds_cstr(ds), stdout);
1259 ds_destroy(&c->output);
1260 table_destroy(c->table);
1263 shash_destroy_free_data(&c->options);
1266 ovsdb_idl_txn_destroy(txn);
1267 ovsdb_idl_destroy(idl);
1272 /* Our transaction needs to be rerun, or a prerequisite was not met. Free
1273 * resources and return so that the caller can try again. */
1275 ovsdb_idl_txn_abort(txn);
1276 ovsdb_idl_txn_destroy(txn);
1279 ovsdb_symbol_table_destroy(symtab);
1280 for (c = commands; c < &commands[n_commands]; c++) {
1281 ds_destroy(&c->output);
1282 table_destroy(c->table);
1288 /* Frees the current transaction and the underlying IDL and then calls
1291 * Freeing the transaction and the IDL is not strictly necessary, but it makes
1292 * for a clean memory leak report from valgrind in the normal case. That makes
1293 * it easier to notice real memory leaks. */
1295 nbctl_exit(int status)
1298 ovsdb_idl_txn_abort(the_idl_txn);
1299 ovsdb_idl_txn_destroy(the_idl_txn);
1301 ovsdb_idl_destroy(the_idl);
1305 static const struct ctl_command_syntax nbctl_commands[] = {
1306 { "show", 0, 1, "[LSWITCH]", NULL, nbctl_show, NULL, "", RO },
1308 /* lswitch commands. */
1309 { "lswitch-add", 0, 1, "[LSWITCH]", NULL, nbctl_lswitch_add,
1311 { "lswitch-del", 1, 1, "LSWITCH", NULL, nbctl_lswitch_del,
1313 { "lswitch-list", 0, 0, "", NULL, nbctl_lswitch_list, NULL, "", RO },
1316 { "acl-add", 5, 5, "LSWITCH DIRECTION PRIORITY MATCH ACTION", NULL,
1317 nbctl_acl_add, NULL, "--log", RW },
1318 { "acl-del", 1, 4, "LSWITCH [DIRECTION [PRIORITY MATCH]]", NULL,
1319 nbctl_acl_del, NULL, "", RW },
1320 { "acl-list", 1, 1, "LSWITCH", NULL, nbctl_acl_list, NULL, "", RO },
1322 /* lport commands. */
1323 { "lport-add", 2, 4, "LSWITCH LPORT [PARENT] [TAG]", NULL, nbctl_lport_add,
1325 { "lport-del", 1, 1, "LPORT", NULL, nbctl_lport_del, NULL, "", RO },
1326 { "lport-list", 1, 1, "LSWITCH", NULL, nbctl_lport_list, NULL, "", RO },
1327 { "lport-get-parent", 1, 1, "LPORT", NULL, nbctl_lport_get_parent, NULL,
1329 { "lport-get-tag", 1, 1, "LPORT", NULL, nbctl_lport_get_tag, NULL, "",
1331 { "lport-set-addresses", 1, INT_MAX, "LPORT [ADDRESS]...", NULL,
1332 nbctl_lport_set_addresses, NULL, "", RW },
1333 { "lport-get-addresses", 1, 1, "LPORT", NULL,
1334 nbctl_lport_get_addresses, NULL,
1336 { "lport-set-port-security", 0, INT_MAX, "LPORT [ADDRS]...", NULL,
1337 nbctl_lport_set_port_security, NULL, "", RW },
1338 { "lport-get-port-security", 1, 1, "LPORT", NULL,
1339 nbctl_lport_get_port_security, NULL, "", RO },
1340 { "lport-get-up", 1, 1, "LPORT", NULL, nbctl_lport_get_up, NULL, "", RO },
1341 { "lport-set-enabled", 2, 2, "LPORT STATE", NULL, nbctl_lport_set_enabled,
1343 { "lport-get-enabled", 1, 1, "LPORT", NULL, nbctl_lport_get_enabled, NULL,
1345 { "lport-set-type", 2, 2, "LPORT TYPE", NULL, nbctl_lport_set_type, NULL,
1347 { "lport-get-type", 1, 1, "LPORT", NULL, nbctl_lport_get_type, NULL, "",
1349 { "lport-set-options", 1, INT_MAX, "LPORT KEY=VALUE [KEY=VALUE]...", NULL,
1350 nbctl_lport_set_options, NULL, "", RW },
1351 { "lport-get-options", 1, 1, "LPORT", NULL, nbctl_lport_get_options, NULL,
1354 {NULL, 0, 0, NULL, NULL, NULL, NULL, "", RO},
1357 /* Registers nbctl and common db commands. */
1359 nbctl_cmd_init(void)
1361 ctl_init(tables, NULL, nbctl_exit);
1362 ctl_register_commands(nbctl_commands);
projects / cascardo / ovs.git / blob