2 * Licensed under the Apache License, Version 2.0 (the "License");
3 * you may not use this file except in compliance with the License.
4 * You may obtain a copy of the License at:
6 * http://www.apache.org/licenses/LICENSE-2.0
8 * Unless required by applicable law or agreed to in writing, software
9 * distributed under the License is distributed on an "AS IS" BASIS,
10 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
11 * See the License for the specific language governing permissions and
12 * limitations under the License.
22 #include "command-line.h"
23 #include "db-ctl-base.h"
25 #include "fatal-signal.h"
27 #include "ovn/lib/ovn-nb-idl.h"
28 #include "poll-loop.h"
32 #include "stream-ssl.h"
37 #include "openvswitch/vlog.h"
39 VLOG_DEFINE_THIS_MODULE(nbctl);
41 /* --db: The database server to contact. */
42 static const char *db;
44 /* --oneline: Write each command's output as a single line? */
47 /* --dry-run: Do not commit any changes. */
50 /* --timeout: Time to wait for a connection to 'db'. */
53 /* Format for table output. */
54 static struct table_style table_style = TABLE_STYLE_DEFAULT;
56 /* The IDL we're using and the current transaction, if any.
57 * This is for use by nbctl_exit() only, to allow it to clean up.
58 * Other code should use its context arguments. */
59 static struct ovsdb_idl *the_idl;
60 static struct ovsdb_idl_txn *the_idl_txn;
61 OVS_NO_RETURN static void nbctl_exit(int status);
63 static void nbctl_cmd_init(void);
64 OVS_NO_RETURN static void usage(void);
65 static void parse_options(int argc, char *argv[], struct shash *local_options);
66 static const char *nbctl_default_db(void);
67 static void run_prerequisites(struct ctl_command[], size_t n_commands,
69 static void do_nbctl(const char *args, struct ctl_command *, size_t n,
73 main(int argc, char *argv[])
75 extern struct vlog_module VLM_reconnect;
76 struct ovsdb_idl *idl;
77 struct ctl_command *commands;
78 struct shash local_options;
83 set_program_name(argv[0]);
84 fatal_ignore_sigpipe();
85 vlog_set_levels(NULL, VLF_CONSOLE, VLL_WARN);
86 vlog_set_levels(&VLM_reconnect, VLF_ANY_DESTINATION, VLL_WARN);
91 /* Log our arguments. This is often valuable for debugging systems. */
92 args = process_escape_args(argv);
93 VLOG(ctl_might_write_to_db(argv) ? VLL_INFO : VLL_DBG,
94 "Called as %s", args);
96 /* Parse command line. */
97 shash_init(&local_options);
98 parse_options(argc, argv, &local_options);
99 commands = ctl_parse_commands(argc - optind, argv + optind, &local_options,
106 /* Initialize IDL. */
107 idl = the_idl = ovsdb_idl_create(db, &nbrec_idl_class, true, false);
108 run_prerequisites(commands, n_commands, idl);
110 /* Execute the commands.
112 * 'seqno' is the database sequence number for which we last tried to
113 * execute our transaction. There's no point in trying to commit more than
114 * once for any given sequence number, because if the transaction fails
115 * it's because the database changed and we need to obtain an up-to-date
116 * view of the database before we try the transaction again. */
117 seqno = ovsdb_idl_get_seqno(idl);
120 if (!ovsdb_idl_is_alive(idl)) {
121 int retval = ovsdb_idl_get_last_error(idl);
122 ctl_fatal("%s: database connection failed (%s)",
123 db, ovs_retval_to_string(retval));
126 if (seqno != ovsdb_idl_get_seqno(idl)) {
127 seqno = ovsdb_idl_get_seqno(idl);
128 do_nbctl(args, commands, n_commands, idl);
131 if (seqno == ovsdb_idl_get_seqno(idl)) {
139 nbctl_default_db(void)
143 def = getenv("OVN_NB_DB");
145 def = ctl_default_db();
152 parse_options(int argc, char *argv[], struct shash *local_options)
155 OPT_DB = UCHAR_MAX + 1,
165 static const struct option global_long_options[] = {
166 {"db", required_argument, NULL, OPT_DB},
167 {"no-syslog", no_argument, NULL, OPT_NO_SYSLOG},
168 {"dry-run", no_argument, NULL, OPT_DRY_RUN},
169 {"oneline", no_argument, NULL, OPT_ONELINE},
170 {"timeout", required_argument, NULL, 't'},
171 {"help", no_argument, NULL, 'h'},
172 {"commands", no_argument, NULL, OPT_COMMANDS},
173 {"options", no_argument, NULL, OPT_OPTIONS},
174 {"version", no_argument, NULL, 'V'},
176 STREAM_SSL_LONG_OPTIONS,
180 const int n_global_long_options = ARRAY_SIZE(global_long_options) - 1;
181 char *tmp, *short_options;
183 struct option *options;
184 size_t allocated_options;
188 tmp = ovs_cmdl_long_options_to_short_options(global_long_options);
189 short_options = xasprintf("+%s", tmp);
192 /* We want to parse both global and command-specific options here, but
193 * getopt_long() isn't too convenient for the job. We copy our global
194 * options into a dynamic array, then append all of the command-specific
196 options = xmemdup(global_long_options, sizeof global_long_options);
197 allocated_options = ARRAY_SIZE(global_long_options);
198 n_options = n_global_long_options;
199 ctl_add_cmd_options(&options, &n_options, &allocated_options, OPT_LOCAL);
200 table_style.format = TF_LIST;
206 c = getopt_long(argc, argv, short_options, options, &idx);
221 vlog_set_levels(&VLM_nbctl, VLF_SYSLOG, VLL_WARN);
229 if (shash_find(local_options, options[idx].name)) {
230 ctl_fatal("'%s' option specified multiple times",
233 shash_add_nocopy(local_options,
234 xasprintf("--%s", options[idx].name),
235 optarg ? xstrdup(optarg) : NULL);
243 ctl_print_commands();
246 ctl_print_options(global_long_options);
249 ovs_print_version(0, 0);
250 printf("DB Schema %s\n", nbrec_get_db_version());
254 timeout = strtoul(optarg, NULL, 10);
256 ctl_fatal("value %s on -t or --timeout is invalid", optarg);
261 TABLE_OPTION_HANDLERS(&table_style)
262 STREAM_SSL_OPTION_HANDLERS
273 db = nbctl_default_db();
276 for (i = n_global_long_options; options[i].name; i++) {
277 free(CONST_CAST(char *, options[i].name));
286 %s: OVN northbound DB management utility\n\
287 usage: %s [OPTIONS] COMMAND [ARG...]\n\
290 show print overview of database contents\n\
291 show LSWITCH print overview of database contents for LSWITCH\n\
293 Logical switch commands:\n\
294 lswitch-add [LSWITCH] create a logical switch named LSWITCH\n\
295 lswitch-del LSWITCH delete LSWITCH and all its ports\n\
296 lswitch-list print the names of all logical switches\n\
299 acl-add LSWITCH DIRECTION PRIORITY MATCH ACTION [log]\n\
300 add an ACL to LSWITCH\n\
301 acl-del LSWITCH [DIRECTION [PRIORITY MATCH]]\n\
302 remove ACLs from LSWITCH\n\
303 acl-list LSWITCH print ACLs for LSWITCH\n\
305 Logical port commands:\n\
306 lport-add LSWITCH LPORT add logical port LPORT on LSWITCH\n\
307 lport-add LSWITCH LPORT PARENT TAG\n\
308 add logical port LPORT on LSWITCH with PARENT\n\
310 lport-del LPORT delete LPORT from its attached switch\n\
311 lport-list LSWITCH print the names of all logical ports on LSWITCH\n\
312 lport-get-parent LPORT get the parent of LPORT if set\n\
313 lport-get-tag LPORT get the LPORT's tag if set\n\
314 lport-set-addresses LPORT [ADDRESS]...\n\
315 set addresses for LPORT.\n\
316 lport-get-addresses LPORT get a list of MAC addresses on LPORT\n\
317 lport-set-port-security LPORT [ADDRS]...\n\
318 set port security addresses for LPORT.\n\
319 lport-get-port-security LPORT get LPORT's port security addresses\n\
320 lport-get-up LPORT get state of LPORT ('up' or 'down')\n\
321 lport-set-enabled LPORT STATE\n\
322 set administrative state LPORT\n\
323 ('enabled' or 'disabled')\n\
324 lport-get-enabled LPORT get administrative state LPORT\n\
325 ('enabled' or 'disabled')\n\
326 lport-set-type LPORT TYPE Set the type for LPORT\n\
327 lport-get-type LPORT Get the type for LPORT\n\
328 lport-set-options LPORT KEY=VALUE [KEY=VALUE]...\n\
329 Set options related to the type of LPORT\n\
330 lport-get-options LPORT Get the type specific options for LPORT\n\
333 --db=DATABASE connect to DATABASE\n\
335 -t, --timeout=SECS wait at most SECS seconds\n\
336 --dry-run do not commit changes to database\n\
337 --oneline print exactly one line of output per command\n",
338 program_name, program_name, nbctl_default_db());
341 --no-syslog equivalent to --verbose=nbctl:syslog:warn\n");
344 -h, --help display this help message\n\
345 -V, --version display version information\n");
349 static const struct nbrec_logical_switch *
350 lswitch_by_name_or_uuid(struct ctl_context *ctx, const char *id)
352 const struct nbrec_logical_switch *lswitch = NULL;
353 bool is_uuid = false;
354 bool duplicate = false;
355 struct uuid lswitch_uuid;
357 if (uuid_from_string(&lswitch_uuid, id)) {
359 lswitch = nbrec_logical_switch_get_for_uuid(ctx->idl,
364 const struct nbrec_logical_switch *iter;
366 NBREC_LOGICAL_SWITCH_FOR_EACH(iter, ctx->idl) {
367 if (strcmp(iter->name, id)) {
371 VLOG_WARN("There is more than one logical switch named '%s'. "
381 if (!lswitch && !duplicate) {
382 VLOG_WARN("lswitch not found for %s: '%s'",
383 is_uuid ? "UUID" : "name", id);
390 print_lswitch(const struct nbrec_logical_switch *lswitch, struct ds *s)
392 ds_put_format(s, " lswitch "UUID_FMT" (%s)\n",
393 UUID_ARGS(&lswitch->header_.uuid), lswitch->name);
395 for (size_t i = 0; i < lswitch->n_ports; i++) {
396 const struct nbrec_logical_port *lport = lswitch->ports[i];
398 ds_put_format(s, " lport %s\n", lport->name);
399 if (lport->parent_name) {
400 ds_put_format(s, " parent: %s\n", lport->parent_name);
403 ds_put_format(s, " tag: %"PRIu64"\n", lport->tag[0]);
405 if (lport->n_addresses) {
406 ds_put_cstr(s, " addresses:");
407 for (size_t j = 0; j < lport->n_addresses; j++) {
408 ds_put_format(s, " %s", lport->addresses[j]);
410 ds_put_char(s, '\n');
416 nbctl_show(struct ctl_context *ctx)
418 const struct nbrec_logical_switch *lswitch;
420 if (ctx->argc == 2) {
421 lswitch = lswitch_by_name_or_uuid(ctx, ctx->argv[1]);
423 print_lswitch(lswitch, &ctx->output);
426 NBREC_LOGICAL_SWITCH_FOR_EACH(lswitch, ctx->idl) {
427 print_lswitch(lswitch, &ctx->output);
433 nbctl_lswitch_add(struct ctl_context *ctx)
435 struct nbrec_logical_switch *lswitch;
437 lswitch = nbrec_logical_switch_insert(ctx->txn);
438 if (ctx->argc == 2) {
439 nbrec_logical_switch_set_name(lswitch, ctx->argv[1]);
444 nbctl_lswitch_del(struct ctl_context *ctx)
446 const char *id = ctx->argv[1];
447 const struct nbrec_logical_switch *lswitch;
449 lswitch = lswitch_by_name_or_uuid(ctx, id);
454 nbrec_logical_switch_delete(lswitch);
458 nbctl_lswitch_list(struct ctl_context *ctx)
460 const struct nbrec_logical_switch *lswitch;
461 struct smap lswitches;
463 smap_init(&lswitches);
464 NBREC_LOGICAL_SWITCH_FOR_EACH(lswitch, ctx->idl) {
465 smap_add_format(&lswitches, lswitch->name, UUID_FMT " (%s)",
466 UUID_ARGS(&lswitch->header_.uuid), lswitch->name);
468 const struct smap_node **nodes = smap_sort(&lswitches);
469 for (size_t i = 0; i < smap_count(&lswitches); i++) {
470 const struct smap_node *node = nodes[i];
471 ds_put_format(&ctx->output, "%s\n", node->value);
473 smap_destroy(&lswitches);
477 static const struct nbrec_logical_port *
478 lport_by_name_or_uuid(struct ctl_context *ctx, const char *id)
480 const struct nbrec_logical_port *lport = NULL;
481 bool is_uuid = false;
482 struct uuid lport_uuid;
484 if (uuid_from_string(&lport_uuid, id)) {
486 lport = nbrec_logical_port_get_for_uuid(ctx->idl, &lport_uuid);
490 NBREC_LOGICAL_PORT_FOR_EACH(lport, ctx->idl) {
491 if (!strcmp(lport->name, id)) {
498 VLOG_WARN("lport not found for %s: '%s'",
499 is_uuid ? "UUID" : "name", id);
506 nbctl_lport_add(struct ctl_context *ctx)
508 struct nbrec_logical_port *lport;
509 const struct nbrec_logical_switch *lswitch;
512 lswitch = lswitch_by_name_or_uuid(ctx, ctx->argv[1]);
517 if (ctx->argc != 3 && ctx->argc != 5) {
518 /* If a parent_name is specified, a tag must be specified as well. */
519 VLOG_WARN("Invalid arguments to lport-add.");
523 if (ctx->argc == 5) {
525 if (!ovs_scan(ctx->argv[4], "%"SCNd64, &tag) || tag < 0 || tag > 4095) {
526 VLOG_WARN("Invalid tag '%s'", ctx->argv[4]);
531 /* Create the logical port. */
532 lport = nbrec_logical_port_insert(ctx->txn);
533 nbrec_logical_port_set_name(lport, ctx->argv[2]);
534 if (ctx->argc == 5) {
535 nbrec_logical_port_set_parent_name(lport, ctx->argv[3]);
536 nbrec_logical_port_set_tag(lport, &tag, 1);
539 /* Insert the logical port into the logical switch. */
540 nbrec_logical_switch_verify_ports(lswitch);
541 struct nbrec_logical_port **new_ports = xmalloc(sizeof *new_ports *
542 (lswitch->n_ports + 1));
543 memcpy(new_ports, lswitch->ports, sizeof *new_ports * lswitch->n_ports);
544 new_ports[lswitch->n_ports] = lport;
545 nbrec_logical_switch_set_ports(lswitch, new_ports, lswitch->n_ports + 1);
549 /* Removes lport 'lswitch->ports[idx]'. */
551 remove_lport(const struct nbrec_logical_switch *lswitch, size_t idx)
553 const struct nbrec_logical_port *lport = lswitch->ports[idx];
555 /* First remove 'lport' from the array of ports. This is what will
556 * actually cause the logical port to be deleted when the transaction is
557 * sent to the database server (due to garbage collection). */
558 struct nbrec_logical_port **new_ports
559 = xmemdup(lswitch->ports, sizeof *new_ports * lswitch->n_ports);
560 new_ports[idx] = new_ports[lswitch->n_ports - 1];
561 nbrec_logical_switch_verify_ports(lswitch);
562 nbrec_logical_switch_set_ports(lswitch, new_ports, lswitch->n_ports - 1);
565 /* Delete 'lport' from the IDL. This won't have a real effect on the
566 * database server (the IDL will suppress it in fact) but it means that it
567 * won't show up when we iterate with NBREC_LOGICAL_PORT_FOR_EACH later. */
568 nbrec_logical_port_delete(lport);
572 nbctl_lport_del(struct ctl_context *ctx)
574 const struct nbrec_logical_port *lport;
576 lport = lport_by_name_or_uuid(ctx, ctx->argv[1]);
581 /* Find the switch that contains 'lport', then delete it. */
582 const struct nbrec_logical_switch *lswitch;
583 NBREC_LOGICAL_SWITCH_FOR_EACH (lswitch, ctx->idl) {
584 for (size_t i = 0; i < lswitch->n_ports; i++) {
585 if (lswitch->ports[i] == lport) {
586 remove_lport(lswitch, i);
592 VLOG_WARN("logical port %s is not part of any logical switch",
597 nbctl_lport_list(struct ctl_context *ctx)
599 const char *id = ctx->argv[1];
600 const struct nbrec_logical_switch *lswitch;
604 lswitch = lswitch_by_name_or_uuid(ctx, id);
610 for (i = 0; i < lswitch->n_ports; i++) {
611 const struct nbrec_logical_port *lport = lswitch->ports[i];
612 smap_add_format(&lports, lport->name, UUID_FMT " (%s)",
613 UUID_ARGS(&lport->header_.uuid), lport->name);
615 const struct smap_node **nodes = smap_sort(&lports);
616 for (i = 0; i < smap_count(&lports); i++) {
617 const struct smap_node *node = nodes[i];
618 ds_put_format(&ctx->output, "%s\n", node->value);
620 smap_destroy(&lports);
625 nbctl_lport_get_parent(struct ctl_context *ctx)
627 const struct nbrec_logical_port *lport;
629 lport = lport_by_name_or_uuid(ctx, ctx->argv[1]);
634 if (lport->parent_name) {
635 ds_put_format(&ctx->output, "%s\n", lport->parent_name);
640 nbctl_lport_get_tag(struct ctl_context *ctx)
642 const struct nbrec_logical_port *lport;
644 lport = lport_by_name_or_uuid(ctx, ctx->argv[1]);
649 if (lport->n_tag > 0) {
650 ds_put_format(&ctx->output, "%"PRId64"\n", lport->tag[0]);
655 nbctl_lport_set_addresses(struct ctl_context *ctx)
657 const char *id = ctx->argv[1];
658 const struct nbrec_logical_port *lport;
660 lport = lport_by_name_or_uuid(ctx, id);
665 nbrec_logical_port_set_addresses(lport,
666 (const char **) ctx->argv + 2, ctx->argc - 2);
670 nbctl_lport_get_addresses(struct ctl_context *ctx)
672 const char *id = ctx->argv[1];
673 const struct nbrec_logical_port *lport;
674 struct svec addresses;
678 lport = lport_by_name_or_uuid(ctx, id);
683 svec_init(&addresses);
684 for (i = 0; i < lport->n_addresses; i++) {
685 svec_add(&addresses, lport->addresses[i]);
687 svec_sort(&addresses);
688 SVEC_FOR_EACH(i, mac, &addresses) {
689 ds_put_format(&ctx->output, "%s\n", mac);
691 svec_destroy(&addresses);
695 nbctl_lport_set_port_security(struct ctl_context *ctx)
697 const char *id = ctx->argv[1];
698 const struct nbrec_logical_port *lport;
700 lport = lport_by_name_or_uuid(ctx, id);
705 nbrec_logical_port_set_port_security(lport,
706 (const char **) ctx->argv + 2, ctx->argc - 2);
710 nbctl_lport_get_port_security(struct ctl_context *ctx)
712 const char *id = ctx->argv[1];
713 const struct nbrec_logical_port *lport;
718 lport = lport_by_name_or_uuid(ctx, id);
724 for (i = 0; i < lport->n_port_security; i++) {
725 svec_add(&addrs, lport->port_security[i]);
728 SVEC_FOR_EACH(i, addr, &addrs) {
729 ds_put_format(&ctx->output, "%s\n", addr);
731 svec_destroy(&addrs);
735 nbctl_lport_get_up(struct ctl_context *ctx)
737 const char *id = ctx->argv[1];
738 const struct nbrec_logical_port *lport;
740 lport = lport_by_name_or_uuid(ctx, id);
745 ds_put_format(&ctx->output,
746 "%s\n", (lport->up && *lport->up) ? "up" : "down");
750 nbctl_lport_set_enabled(struct ctl_context *ctx)
752 const char *id = ctx->argv[1];
753 const char *state = ctx->argv[2];
754 const struct nbrec_logical_port *lport;
756 lport = lport_by_name_or_uuid(ctx, id);
761 if (!strcasecmp(state, "enabled")) {
763 nbrec_logical_port_set_enabled(lport, &enabled, 1);
764 } else if (!strcasecmp(state, "disabled")) {
765 bool enabled = false;
766 nbrec_logical_port_set_enabled(lport, &enabled, 1);
768 VLOG_ERR("Invalid state '%s' provided to lport-set-enabled", state);
773 nbctl_lport_get_enabled(struct ctl_context *ctx)
775 const char *id = ctx->argv[1];
776 const struct nbrec_logical_port *lport;
778 lport = lport_by_name_or_uuid(ctx, id);
783 ds_put_format(&ctx->output, "%s\n",
784 !lport->enabled || *lport->enabled ? "enabled" : "disabled");
788 nbctl_lport_set_type(struct ctl_context *ctx)
790 const char *id = ctx->argv[1];
791 const char *type = ctx->argv[2];
792 const struct nbrec_logical_port *lport;
794 lport = lport_by_name_or_uuid(ctx, id);
799 nbrec_logical_port_set_type(lport, type);
803 nbctl_lport_get_type(struct ctl_context *ctx)
805 const char *id = ctx->argv[1];
806 const struct nbrec_logical_port *lport;
808 lport = lport_by_name_or_uuid(ctx, id);
813 ds_put_format(&ctx->output, "%s\n", lport->type);
817 nbctl_lport_set_options(struct ctl_context *ctx)
819 const char *id = ctx->argv[1];
820 const struct nbrec_logical_port *lport;
822 struct smap options = SMAP_INITIALIZER(&options);
824 lport = lport_by_name_or_uuid(ctx, id);
829 for (i = 2; i < ctx->argc; i++) {
831 value = xstrdup(ctx->argv[i]);
832 key = strsep(&value, "=");
834 smap_add(&options, key, value);
839 nbrec_logical_port_set_options(lport, &options);
841 smap_destroy(&options);
845 nbctl_lport_get_options(struct ctl_context *ctx)
847 const char *id = ctx->argv[1];
848 const struct nbrec_logical_port *lport;
849 struct smap_node *node;
851 lport = lport_by_name_or_uuid(ctx, id);
856 SMAP_FOR_EACH(node, &lport->options) {
857 ds_put_format(&ctx->output, "%s=%s\n", node->key, node->value);
867 dir_encode(const char *dir)
869 if (!strcmp(dir, "from-lport")) {
870 return DIR_FROM_LPORT;
871 } else if (!strcmp(dir, "to-lport")) {
879 acl_cmp(const void *acl1_, const void *acl2_)
881 const struct nbrec_acl *const *acl1p = acl1_;
882 const struct nbrec_acl *const *acl2p = acl2_;
883 const struct nbrec_acl *acl1 = *acl1p;
884 const struct nbrec_acl *acl2 = *acl2p;
886 int dir1 = dir_encode(acl1->direction);
887 int dir2 = dir_encode(acl2->direction);
890 return dir1 < dir2 ? -1 : 1;
891 } else if (acl1->priority != acl2->priority) {
892 return acl1->priority > acl2->priority ? -1 : 1;
894 return strcmp(acl1->match, acl2->match);
899 nbctl_acl_list(struct ctl_context *ctx)
901 const struct nbrec_logical_switch *lswitch;
902 const struct nbrec_acl **acls;
905 lswitch = lswitch_by_name_or_uuid(ctx, ctx->argv[1]);
910 acls = xmalloc(sizeof *acls * lswitch->n_acls);
911 for (i = 0; i < lswitch->n_acls; i++) {
912 acls[i] = lswitch->acls[i];
915 qsort(acls, lswitch->n_acls, sizeof *acls, acl_cmp);
917 for (i = 0; i < lswitch->n_acls; i++) {
918 const struct nbrec_acl *acl = acls[i];
919 printf("%10s %5"PRId64" (%s) %s%s\n", acl->direction, acl->priority,
920 acl->match, acl->action, acl->log ? " log" : "");
927 nbctl_acl_add(struct ctl_context *ctx)
929 const struct nbrec_logical_switch *lswitch;
930 const char *action = ctx->argv[5];
931 const char *direction;
934 lswitch = lswitch_by_name_or_uuid(ctx, ctx->argv[1]);
939 /* Validate direction. Only require the first letter. */
940 if (ctx->argv[2][0] == 't') {
941 direction = "to-lport";
942 } else if (ctx->argv[2][0] == 'f') {
943 direction = "from-lport";
945 VLOG_WARN("Invalid direction '%s'", ctx->argv[2]);
949 /* Validate priority. */
950 if (!ovs_scan(ctx->argv[3], "%"SCNd64, &priority) || priority < 1
951 || priority > 65535) {
952 VLOG_WARN("Invalid priority '%s'", ctx->argv[3]);
956 /* Validate action. */
957 if (strcmp(action, "allow") && strcmp(action, "allow-related")
958 && strcmp(action, "drop") && strcmp(action, "reject")) {
959 VLOG_WARN("Invalid action '%s'", action);
963 /* Create the acl. */
964 struct nbrec_acl *acl = nbrec_acl_insert(ctx->txn);
965 nbrec_acl_set_priority(acl, priority);
966 nbrec_acl_set_direction(acl, direction);
967 nbrec_acl_set_match(acl, ctx->argv[4]);
968 nbrec_acl_set_action(acl, action);
969 if (shash_find(&ctx->options, "--log") != NULL) {
970 nbrec_acl_set_log(acl, true);
973 /* Insert the acl into the logical switch. */
974 nbrec_logical_switch_verify_acls(lswitch);
975 struct nbrec_acl **new_acls = xmalloc(sizeof *new_acls *
976 (lswitch->n_acls + 1));
977 memcpy(new_acls, lswitch->acls, sizeof *new_acls * lswitch->n_acls);
978 new_acls[lswitch->n_acls] = acl;
979 nbrec_logical_switch_set_acls(lswitch, new_acls, lswitch->n_acls + 1);
984 nbctl_acl_del(struct ctl_context *ctx)
986 const struct nbrec_logical_switch *lswitch;
987 const char *direction;
988 int64_t priority = 0;
990 lswitch = lswitch_by_name_or_uuid(ctx, ctx->argv[1]);
995 if (ctx->argc != 2 && ctx->argc != 3 && ctx->argc != 5) {
996 VLOG_WARN("Invalid number of arguments");
1000 if (ctx->argc == 2) {
1001 /* If direction, priority, and match are not specified, delete
1003 nbrec_logical_switch_verify_acls(lswitch);
1004 nbrec_logical_switch_set_acls(lswitch, NULL, 0);
1008 /* Validate direction. Only require first letter. */
1009 if (ctx->argv[2][0] == 't') {
1010 direction = "to-lport";
1011 } else if (ctx->argv[2][0] == 'f') {
1012 direction = "from-lport";
1014 VLOG_WARN("Invalid direction '%s'", ctx->argv[2]);
1018 /* If priority and match are not specified, delete all ACLs with the
1019 * specified direction. */
1020 if (ctx->argc == 3) {
1021 struct nbrec_acl **new_acls
1022 = xmalloc(sizeof *new_acls * lswitch->n_acls);
1025 for (size_t i = 0; i < lswitch->n_acls; i++) {
1026 if (strcmp(direction, lswitch->acls[i]->direction)) {
1027 new_acls[n_acls++] = lswitch->acls[i];
1031 nbrec_logical_switch_verify_acls(lswitch);
1032 nbrec_logical_switch_set_acls(lswitch, new_acls, n_acls);
1037 /* Validate priority. */
1038 if (!ovs_scan(ctx->argv[3], "%"SCNd64, &priority) || priority < 1
1039 || priority > 65535) {
1040 VLOG_WARN("Invalid priority '%s'", ctx->argv[3]);
1044 /* Remove the matching rule. */
1045 for (size_t i = 0; i < lswitch->n_acls; i++) {
1046 struct nbrec_acl *acl = lswitch->acls[i];
1048 if (priority == acl->priority && !strcmp(ctx->argv[4], acl->match) &&
1049 !strcmp(direction, acl->direction)) {
1050 struct nbrec_acl **new_acls
1051 = xmemdup(lswitch->acls, sizeof *new_acls * lswitch->n_acls);
1052 new_acls[i] = lswitch->acls[lswitch->n_acls - 1];
1053 nbrec_logical_switch_verify_acls(lswitch);
1054 nbrec_logical_switch_set_acls(lswitch, new_acls,
1055 lswitch->n_acls - 1);
1062 static const struct ctl_table_class tables[] = {
1063 {&nbrec_table_logical_switch,
1064 {{&nbrec_table_logical_switch, &nbrec_logical_switch_col_name, NULL},
1065 {NULL, NULL, NULL}}},
1067 {&nbrec_table_logical_port,
1068 {{&nbrec_table_logical_port, &nbrec_logical_port_col_name, NULL},
1069 {NULL, NULL, NULL}}},
1072 {{NULL, NULL, NULL},
1073 {NULL, NULL, NULL}}},
1075 {&nbrec_table_logical_router,
1076 {{&nbrec_table_logical_router, &nbrec_logical_router_col_name, NULL},
1077 {NULL, NULL, NULL}}},
1079 {&nbrec_table_logical_router_port,
1080 {{&nbrec_table_logical_router_port, &nbrec_logical_router_port_col_name,
1082 {NULL, NULL, NULL}}},
1084 {NULL, {{NULL, NULL, NULL}, {NULL, NULL, NULL}}}
1088 run_prerequisites(struct ctl_command *commands, size_t n_commands,
1089 struct ovsdb_idl *idl)
1091 struct ctl_command *c;
1093 for (c = commands; c < &commands[n_commands]; c++) {
1094 if (c->syntax->prerequisites) {
1095 struct ctl_context ctx;
1097 ds_init(&c->output);
1100 ctl_context_init(&ctx, c, idl, NULL, NULL, NULL);
1101 (c->syntax->prerequisites)(&ctx);
1102 ctl_context_done(&ctx, c);
1104 ovs_assert(!c->output.string);
1105 ovs_assert(!c->table);
1111 do_nbctl(const char *args, struct ctl_command *commands, size_t n_commands,
1112 struct ovsdb_idl *idl)
1114 struct ovsdb_idl_txn *txn;
1115 enum ovsdb_idl_txn_status status;
1116 struct ovsdb_symbol_table *symtab;
1117 struct ctl_context ctx;
1118 struct ctl_command *c;
1119 struct shash_node *node;
1122 txn = the_idl_txn = ovsdb_idl_txn_create(idl);
1124 ovsdb_idl_txn_set_dry_run(txn);
1127 ovsdb_idl_txn_add_comment(txn, "ovs-nbctl: %s", args);
1129 symtab = ovsdb_symbol_table_create();
1130 for (c = commands; c < &commands[n_commands]; c++) {
1131 ds_init(&c->output);
1134 ctl_context_init(&ctx, NULL, idl, txn, symtab, NULL);
1135 for (c = commands; c < &commands[n_commands]; c++) {
1136 ctl_context_init_command(&ctx, c);
1137 if (c->syntax->run) {
1138 (c->syntax->run)(&ctx);
1140 ctl_context_done_command(&ctx, c);
1142 if (ctx.try_again) {
1143 ctl_context_done(&ctx, NULL);
1147 ctl_context_done(&ctx, NULL);
1149 SHASH_FOR_EACH (node, &symtab->sh) {
1150 struct ovsdb_symbol *symbol = node->data;
1151 if (!symbol->created) {
1152 ctl_fatal("row id \"%s\" is referenced but never created (e.g. "
1153 "with \"-- --id=%s create ...\")",
1154 node->name, node->name);
1156 if (!symbol->strong_ref) {
1157 if (!symbol->weak_ref) {
1158 VLOG_WARN("row id \"%s\" was created but no reference to it "
1159 "was inserted, so it will not actually appear in "
1160 "the database", node->name);
1162 VLOG_WARN("row id \"%s\" was created but only a weak "
1163 "reference to it was inserted, so it will not "
1164 "actually appear in the database", node->name);
1169 status = ovsdb_idl_txn_commit_block(txn);
1170 if (status == TXN_UNCHANGED || status == TXN_SUCCESS) {
1171 for (c = commands; c < &commands[n_commands]; c++) {
1172 if (c->syntax->postprocess) {
1173 ctl_context_init(&ctx, c, idl, txn, symtab, NULL);
1174 (c->syntax->postprocess)(&ctx);
1175 ctl_context_done(&ctx, c);
1179 error = xstrdup(ovsdb_idl_txn_get_error(txn));
1182 case TXN_UNCOMMITTED:
1183 case TXN_INCOMPLETE:
1187 /* Should not happen--we never call ovsdb_idl_txn_abort(). */
1188 ctl_fatal("transaction aborted");
1198 ctl_fatal("transaction error: %s", error);
1200 case TXN_NOT_LOCKED:
1201 /* Should not happen--we never call ovsdb_idl_set_lock(). */
1202 ctl_fatal("database not locked");
1209 ovsdb_symbol_table_destroy(symtab);
1211 for (c = commands; c < &commands[n_commands]; c++) {
1212 struct ds *ds = &c->output;
1215 table_print(c->table, &table_style);
1216 } else if (oneline) {
1220 for (j = 0; j < ds->length; j++) {
1221 int ch = ds->string[j];
1224 fputs("\\n", stdout);
1228 fputs("\\\\", stdout);
1237 fputs(ds_cstr(ds), stdout);
1239 ds_destroy(&c->output);
1240 table_destroy(c->table);
1243 shash_destroy_free_data(&c->options);
1246 ovsdb_idl_txn_destroy(txn);
1247 ovsdb_idl_destroy(idl);
1252 /* Our transaction needs to be rerun, or a prerequisite was not met. Free
1253 * resources and return so that the caller can try again. */
1255 ovsdb_idl_txn_abort(txn);
1256 ovsdb_idl_txn_destroy(txn);
1259 ovsdb_symbol_table_destroy(symtab);
1260 for (c = commands; c < &commands[n_commands]; c++) {
1261 ds_destroy(&c->output);
1262 table_destroy(c->table);
1268 /* Frees the current transaction and the underlying IDL and then calls
1271 * Freeing the transaction and the IDL is not strictly necessary, but it makes
1272 * for a clean memory leak report from valgrind in the normal case. That makes
1273 * it easier to notice real memory leaks. */
1275 nbctl_exit(int status)
1278 ovsdb_idl_txn_abort(the_idl_txn);
1279 ovsdb_idl_txn_destroy(the_idl_txn);
1281 ovsdb_idl_destroy(the_idl);
1285 static const struct ctl_command_syntax nbctl_commands[] = {
1286 { "show", 0, 1, "[LSWITCH]", NULL, nbctl_show, NULL, "", RO },
1288 /* lswitch commands. */
1289 { "lswitch-add", 0, 1, "[LSWITCH]", NULL, nbctl_lswitch_add,
1291 { "lswitch-del", 1, 1, "LSWITCH", NULL, nbctl_lswitch_del,
1293 { "lswitch-list", 0, 0, "", NULL, nbctl_lswitch_list, NULL, "", RO },
1296 { "acl-add", 5, 5, "LSWITCH DIRECTION PRIORITY MATCH ACTION", NULL,
1297 nbctl_acl_add, NULL, "--log", RW },
1298 { "acl-del", 1, 4, "LSWITCH [DIRECTION [PRIORITY MATCH]]", NULL,
1299 nbctl_acl_del, NULL, "", RW },
1300 { "acl-list", 1, 1, "LSWITCH", NULL, nbctl_acl_list, NULL, "", RO },
1302 /* lport commands. */
1303 { "lport-add", 2, 4, "LSWITCH LPORT [PARENT] [TAG]", NULL, nbctl_lport_add,
1305 { "lport-del", 1, 1, "LPORT", NULL, nbctl_lport_del, NULL, "", RO },
1306 { "lport-list", 1, 1, "LSWITCH", NULL, nbctl_lport_list, NULL, "", RO },
1307 { "lport-get-parent", 1, 1, "LPORT", NULL, nbctl_lport_get_parent, NULL,
1309 { "lport-get-tag", 1, 1, "LPORT", NULL, nbctl_lport_get_tag, NULL, "",
1311 { "lport-set-addresses", 1, INT_MAX, "LPORT [ADDRESS]...", NULL,
1312 nbctl_lport_set_addresses, NULL, "", RW },
1313 { "lport-get-addresses", 1, 1, "LPORT", NULL,
1314 nbctl_lport_get_addresses, NULL,
1316 { "lport-set-port-security", 0, INT_MAX, "LPORT [ADDRS]...", NULL,
1317 nbctl_lport_set_port_security, NULL, "", RW },
1318 { "lport-get-port-security", 1, 1, "LPORT", NULL,
1319 nbctl_lport_get_port_security, NULL, "", RO },
1320 { "lport-get-up", 1, 1, "LPORT", NULL, nbctl_lport_get_up, NULL, "", RO },
1321 { "lport-set-enabled", 2, 2, "LPORT STATE", NULL, nbctl_lport_set_enabled,
1323 { "lport-get-enabled", 1, 1, "LPORT", NULL, nbctl_lport_get_enabled, NULL,
1325 { "lport-set-type", 2, 2, "LPORT TYPE", NULL, nbctl_lport_set_type, NULL,
1327 { "lport-get-type", 1, 1, "LPORT", NULL, nbctl_lport_get_type, NULL, "",
1329 { "lport-set-options", 1, INT_MAX, "LPORT KEY=VALUE [KEY=VALUE]...", NULL,
1330 nbctl_lport_set_options, NULL, "", RW },
1331 { "lport-get-options", 1, 1, "LPORT", NULL, nbctl_lport_get_options, NULL,
1334 {NULL, 0, 0, NULL, NULL, NULL, NULL, "", RO},
1337 /* Registers nbctl and common db commands. */
1339 nbctl_cmd_init(void)
1341 ctl_init(tables, NULL, nbctl_exit);
1342 ctl_register_commands(nbctl_commands);