2 * Licensed under the Apache License, Version 2.0 (the "License");
3 * you may not use this file except in compliance with the License.
4 * You may obtain a copy of the License at:
6 * http://www.apache.org/licenses/LICENSE-2.0
8 * Unless required by applicable law or agreed to in writing, software
9 * distributed under the License is distributed on an "AS IS" BASIS,
10 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
11 * See the License for the specific language governing permissions and
12 * limitations under the License.
22 #include "command-line.h"
23 #include "db-ctl-base.h"
25 #include "fatal-signal.h"
27 #include "ovn/lib/ovn-nb-idl.h"
29 #include "poll-loop.h"
33 #include "stream-ssl.h"
38 #include "openvswitch/vlog.h"
40 VLOG_DEFINE_THIS_MODULE(nbctl);
42 /* --db: The database server to contact. */
43 static const char *db;
45 /* --oneline: Write each command's output as a single line? */
48 /* --dry-run: Do not commit any changes. */
51 /* --timeout: Time to wait for a connection to 'db'. */
54 /* Format for table output. */
55 static struct table_style table_style = TABLE_STYLE_DEFAULT;
57 /* The IDL we're using and the current transaction, if any.
58 * This is for use by nbctl_exit() only, to allow it to clean up.
59 * Other code should use its context arguments. */
60 static struct ovsdb_idl *the_idl;
61 static struct ovsdb_idl_txn *the_idl_txn;
62 OVS_NO_RETURN static void nbctl_exit(int status);
64 static void nbctl_cmd_init(void);
65 OVS_NO_RETURN static void usage(void);
66 static void parse_options(int argc, char *argv[], struct shash *local_options);
67 static const char *nbctl_default_db(void);
68 static void run_prerequisites(struct ctl_command[], size_t n_commands,
70 static void do_nbctl(const char *args, struct ctl_command *, size_t n,
74 main(int argc, char *argv[])
76 extern struct vlog_module VLM_reconnect;
77 struct ovsdb_idl *idl;
78 struct ctl_command *commands;
79 struct shash local_options;
84 set_program_name(argv[0]);
85 fatal_ignore_sigpipe();
86 vlog_set_levels(NULL, VLF_CONSOLE, VLL_WARN);
87 vlog_set_levels(&VLM_reconnect, VLF_ANY_DESTINATION, VLL_WARN);
92 /* Log our arguments. This is often valuable for debugging systems. */
93 args = process_escape_args(argv);
94 VLOG(ctl_might_write_to_db(argv) ? VLL_INFO : VLL_DBG,
95 "Called as %s", args);
97 /* Parse command line. */
98 shash_init(&local_options);
99 parse_options(argc, argv, &local_options);
100 commands = ctl_parse_commands(argc - optind, argv + optind, &local_options,
107 /* Initialize IDL. */
108 idl = the_idl = ovsdb_idl_create(db, &nbrec_idl_class, true, false);
109 run_prerequisites(commands, n_commands, idl);
111 /* Execute the commands.
113 * 'seqno' is the database sequence number for which we last tried to
114 * execute our transaction. There's no point in trying to commit more than
115 * once for any given sequence number, because if the transaction fails
116 * it's because the database changed and we need to obtain an up-to-date
117 * view of the database before we try the transaction again. */
118 seqno = ovsdb_idl_get_seqno(idl);
121 if (!ovsdb_idl_is_alive(idl)) {
122 int retval = ovsdb_idl_get_last_error(idl);
123 ctl_fatal("%s: database connection failed (%s)",
124 db, ovs_retval_to_string(retval));
127 if (seqno != ovsdb_idl_get_seqno(idl)) {
128 seqno = ovsdb_idl_get_seqno(idl);
129 do_nbctl(args, commands, n_commands, idl);
132 if (seqno == ovsdb_idl_get_seqno(idl)) {
140 nbctl_default_db(void)
144 def = getenv("OVN_NB_DB");
146 def = ctl_default_db();
153 parse_options(int argc, char *argv[], struct shash *local_options)
156 OPT_DB = UCHAR_MAX + 1,
166 static const struct option global_long_options[] = {
167 {"db", required_argument, NULL, OPT_DB},
168 {"no-syslog", no_argument, NULL, OPT_NO_SYSLOG},
169 {"dry-run", no_argument, NULL, OPT_DRY_RUN},
170 {"oneline", no_argument, NULL, OPT_ONELINE},
171 {"timeout", required_argument, NULL, 't'},
172 {"help", no_argument, NULL, 'h'},
173 {"commands", no_argument, NULL, OPT_COMMANDS},
174 {"options", no_argument, NULL, OPT_OPTIONS},
175 {"version", no_argument, NULL, 'V'},
177 STREAM_SSL_LONG_OPTIONS,
181 const int n_global_long_options = ARRAY_SIZE(global_long_options) - 1;
182 char *tmp, *short_options;
184 struct option *options;
185 size_t allocated_options;
189 tmp = ovs_cmdl_long_options_to_short_options(global_long_options);
190 short_options = xasprintf("+%s", tmp);
193 /* We want to parse both global and command-specific options here, but
194 * getopt_long() isn't too convenient for the job. We copy our global
195 * options into a dynamic array, then append all of the command-specific
197 options = xmemdup(global_long_options, sizeof global_long_options);
198 allocated_options = ARRAY_SIZE(global_long_options);
199 n_options = n_global_long_options;
200 ctl_add_cmd_options(&options, &n_options, &allocated_options, OPT_LOCAL);
201 table_style.format = TF_LIST;
207 c = getopt_long(argc, argv, short_options, options, &idx);
222 vlog_set_levels(&VLM_nbctl, VLF_SYSLOG, VLL_WARN);
230 if (shash_find(local_options, options[idx].name)) {
231 ctl_fatal("'%s' option specified multiple times",
234 shash_add_nocopy(local_options,
235 xasprintf("--%s", options[idx].name),
236 optarg ? xstrdup(optarg) : NULL);
244 ctl_print_commands();
247 ctl_print_options(global_long_options);
250 ovs_print_version(0, 0);
251 printf("DB Schema %s\n", nbrec_get_db_version());
255 timeout = strtoul(optarg, NULL, 10);
257 ctl_fatal("value %s on -t or --timeout is invalid", optarg);
262 TABLE_OPTION_HANDLERS(&table_style)
263 STREAM_SSL_OPTION_HANDLERS
275 db = nbctl_default_db();
278 for (i = n_global_long_options; options[i].name; i++) {
279 free(CONST_CAST(char *, options[i].name));
288 %s: OVN northbound DB management utility\n\
289 usage: %s [OPTIONS] COMMAND [ARG...]\n\
292 show print overview of database contents\n\
293 show LSWITCH print overview of database contents for LSWITCH\n\
295 Logical switch commands:\n\
296 lswitch-add [LSWITCH] create a logical switch named LSWITCH\n\
297 lswitch-del LSWITCH delete LSWITCH and all its ports\n\
298 lswitch-list print the names of all logical switches\n\
301 acl-add LSWITCH DIRECTION PRIORITY MATCH ACTION [log]\n\
302 add an ACL to LSWITCH\n\
303 acl-del LSWITCH [DIRECTION [PRIORITY MATCH]]\n\
304 remove ACLs from LSWITCH\n\
305 acl-list LSWITCH print ACLs for LSWITCH\n\
307 Logical port commands:\n\
308 lport-add LSWITCH LPORT add logical port LPORT on LSWITCH\n\
309 lport-add LSWITCH LPORT PARENT TAG\n\
310 add logical port LPORT on LSWITCH with PARENT\n\
312 lport-del LPORT delete LPORT from its attached switch\n\
313 lport-list LSWITCH print the names of all logical ports on LSWITCH\n\
314 lport-get-parent LPORT get the parent of LPORT if set\n\
315 lport-get-tag LPORT get the LPORT's tag if set\n\
316 lport-set-addresses LPORT [ADDRESS]...\n\
317 set MAC or MAC+IP addresses for LPORT.\n\
318 lport-get-addresses LPORT get a list of MAC addresses on LPORT\n\
319 lport-set-port-security LPORT [ADDRS]...\n\
320 set port security addresses for LPORT.\n\
321 lport-get-port-security LPORT get LPORT's port security addresses\n\
322 lport-get-up LPORT get state of LPORT ('up' or 'down')\n\
323 lport-set-enabled LPORT STATE\n\
324 set administrative state LPORT\n\
325 ('enabled' or 'disabled')\n\
326 lport-get-enabled LPORT get administrative state LPORT\n\
327 ('enabled' or 'disabled')\n\
328 lport-set-type LPORT TYPE Set the type for LPORT\n\
329 lport-get-type LPORT Get the type for LPORT\n\
330 lport-set-options LPORT KEY=VALUE [KEY=VALUE]...\n\
331 Set options related to the type of LPORT\n\
332 lport-get-options LPORT Get the type specific options for LPORT\n\
337 --db=DATABASE connect to DATABASE\n\
339 -t, --timeout=SECS wait at most SECS seconds\n\
340 --dry-run do not commit changes to database\n\
341 --oneline print exactly one line of output per command\n",
342 program_name, program_name, ctl_get_db_cmd_usage(), nbctl_default_db());
345 --no-syslog equivalent to --verbose=nbctl:syslog:warn\n");
348 -h, --help display this help message\n\
349 -V, --version display version information\n");
353 static const struct nbrec_logical_switch *
354 lswitch_by_name_or_uuid(struct ctl_context *ctx, const char *id)
356 const struct nbrec_logical_switch *lswitch = NULL;
357 bool is_uuid = false;
358 bool duplicate = false;
359 struct uuid lswitch_uuid;
361 if (uuid_from_string(&lswitch_uuid, id)) {
363 lswitch = nbrec_logical_switch_get_for_uuid(ctx->idl,
368 const struct nbrec_logical_switch *iter;
370 NBREC_LOGICAL_SWITCH_FOR_EACH(iter, ctx->idl) {
371 if (strcmp(iter->name, id)) {
375 VLOG_WARN("There is more than one logical switch named '%s'. "
385 if (!lswitch && !duplicate) {
386 VLOG_WARN("lswitch not found for %s: '%s'",
387 is_uuid ? "UUID" : "name", id);
394 print_lswitch(const struct nbrec_logical_switch *lswitch, struct ds *s)
396 ds_put_format(s, " lswitch "UUID_FMT" (%s)\n",
397 UUID_ARGS(&lswitch->header_.uuid), lswitch->name);
399 for (size_t i = 0; i < lswitch->n_ports; i++) {
400 const struct nbrec_logical_port *lport = lswitch->ports[i];
402 ds_put_format(s, " lport %s\n", lport->name);
403 if (lport->parent_name) {
404 ds_put_format(s, " parent: %s\n", lport->parent_name);
407 ds_put_format(s, " tag: %"PRIu64"\n", lport->tag[0]);
409 if (lport->n_addresses) {
410 ds_put_cstr(s, " addresses: [");
411 for (size_t j = 0; j < lport->n_addresses; j++) {
412 ds_put_format(s, "%s\"%s\"",
414 lport->addresses[j]);
416 ds_put_cstr(s, "]\n");
422 nbctl_show(struct ctl_context *ctx)
424 const struct nbrec_logical_switch *lswitch;
426 if (ctx->argc == 2) {
427 lswitch = lswitch_by_name_or_uuid(ctx, ctx->argv[1]);
429 print_lswitch(lswitch, &ctx->output);
432 NBREC_LOGICAL_SWITCH_FOR_EACH(lswitch, ctx->idl) {
433 print_lswitch(lswitch, &ctx->output);
439 nbctl_lswitch_add(struct ctl_context *ctx)
441 struct nbrec_logical_switch *lswitch;
443 lswitch = nbrec_logical_switch_insert(ctx->txn);
444 if (ctx->argc == 2) {
445 nbrec_logical_switch_set_name(lswitch, ctx->argv[1]);
450 nbctl_lswitch_del(struct ctl_context *ctx)
452 const char *id = ctx->argv[1];
453 const struct nbrec_logical_switch *lswitch;
455 lswitch = lswitch_by_name_or_uuid(ctx, id);
460 nbrec_logical_switch_delete(lswitch);
464 nbctl_lswitch_list(struct ctl_context *ctx)
466 const struct nbrec_logical_switch *lswitch;
467 struct smap lswitches;
469 smap_init(&lswitches);
470 NBREC_LOGICAL_SWITCH_FOR_EACH(lswitch, ctx->idl) {
471 smap_add_format(&lswitches, lswitch->name, UUID_FMT " (%s)",
472 UUID_ARGS(&lswitch->header_.uuid), lswitch->name);
474 const struct smap_node **nodes = smap_sort(&lswitches);
475 for (size_t i = 0; i < smap_count(&lswitches); i++) {
476 const struct smap_node *node = nodes[i];
477 ds_put_format(&ctx->output, "%s\n", node->value);
479 smap_destroy(&lswitches);
483 static const struct nbrec_logical_port *
484 lport_by_name_or_uuid(struct ctl_context *ctx, const char *id)
486 const struct nbrec_logical_port *lport = NULL;
487 bool is_uuid = false;
488 struct uuid lport_uuid;
490 if (uuid_from_string(&lport_uuid, id)) {
492 lport = nbrec_logical_port_get_for_uuid(ctx->idl, &lport_uuid);
496 NBREC_LOGICAL_PORT_FOR_EACH(lport, ctx->idl) {
497 if (!strcmp(lport->name, id)) {
504 VLOG_WARN("lport not found for %s: '%s'",
505 is_uuid ? "UUID" : "name", id);
512 nbctl_lport_add(struct ctl_context *ctx)
514 struct nbrec_logical_port *lport;
515 const struct nbrec_logical_switch *lswitch;
518 lswitch = lswitch_by_name_or_uuid(ctx, ctx->argv[1]);
523 if (ctx->argc != 3 && ctx->argc != 5) {
524 /* If a parent_name is specified, a tag must be specified as well. */
525 VLOG_WARN("Invalid arguments to lport-add.");
529 if (ctx->argc == 5) {
531 if (!ovs_scan(ctx->argv[4], "%"SCNd64, &tag) || tag < 0 || tag > 4095) {
532 VLOG_WARN("Invalid tag '%s'", ctx->argv[4]);
537 /* Create the logical port. */
538 lport = nbrec_logical_port_insert(ctx->txn);
539 nbrec_logical_port_set_name(lport, ctx->argv[2]);
540 if (ctx->argc == 5) {
541 nbrec_logical_port_set_parent_name(lport, ctx->argv[3]);
542 nbrec_logical_port_set_tag(lport, &tag, 1);
545 /* Insert the logical port into the logical switch. */
546 nbrec_logical_switch_verify_ports(lswitch);
547 struct nbrec_logical_port **new_ports = xmalloc(sizeof *new_ports *
548 (lswitch->n_ports + 1));
549 memcpy(new_ports, lswitch->ports, sizeof *new_ports * lswitch->n_ports);
550 new_ports[lswitch->n_ports] = lport;
551 nbrec_logical_switch_set_ports(lswitch, new_ports, lswitch->n_ports + 1);
555 /* Removes lport 'lswitch->ports[idx]'. */
557 remove_lport(const struct nbrec_logical_switch *lswitch, size_t idx)
559 const struct nbrec_logical_port *lport = lswitch->ports[idx];
561 /* First remove 'lport' from the array of ports. This is what will
562 * actually cause the logical port to be deleted when the transaction is
563 * sent to the database server (due to garbage collection). */
564 struct nbrec_logical_port **new_ports
565 = xmemdup(lswitch->ports, sizeof *new_ports * lswitch->n_ports);
566 new_ports[idx] = new_ports[lswitch->n_ports - 1];
567 nbrec_logical_switch_verify_ports(lswitch);
568 nbrec_logical_switch_set_ports(lswitch, new_ports, lswitch->n_ports - 1);
571 /* Delete 'lport' from the IDL. This won't have a real effect on the
572 * database server (the IDL will suppress it in fact) but it means that it
573 * won't show up when we iterate with NBREC_LOGICAL_PORT_FOR_EACH later. */
574 nbrec_logical_port_delete(lport);
578 nbctl_lport_del(struct ctl_context *ctx)
580 const struct nbrec_logical_port *lport;
582 lport = lport_by_name_or_uuid(ctx, ctx->argv[1]);
587 /* Find the switch that contains 'lport', then delete it. */
588 const struct nbrec_logical_switch *lswitch;
589 NBREC_LOGICAL_SWITCH_FOR_EACH (lswitch, ctx->idl) {
590 for (size_t i = 0; i < lswitch->n_ports; i++) {
591 if (lswitch->ports[i] == lport) {
592 remove_lport(lswitch, i);
598 VLOG_WARN("logical port %s is not part of any logical switch",
603 nbctl_lport_list(struct ctl_context *ctx)
605 const char *id = ctx->argv[1];
606 const struct nbrec_logical_switch *lswitch;
610 lswitch = lswitch_by_name_or_uuid(ctx, id);
616 for (i = 0; i < lswitch->n_ports; i++) {
617 const struct nbrec_logical_port *lport = lswitch->ports[i];
618 smap_add_format(&lports, lport->name, UUID_FMT " (%s)",
619 UUID_ARGS(&lport->header_.uuid), lport->name);
621 const struct smap_node **nodes = smap_sort(&lports);
622 for (i = 0; i < smap_count(&lports); i++) {
623 const struct smap_node *node = nodes[i];
624 ds_put_format(&ctx->output, "%s\n", node->value);
626 smap_destroy(&lports);
631 nbctl_lport_get_parent(struct ctl_context *ctx)
633 const struct nbrec_logical_port *lport;
635 lport = lport_by_name_or_uuid(ctx, ctx->argv[1]);
640 if (lport->parent_name) {
641 ds_put_format(&ctx->output, "%s\n", lport->parent_name);
646 nbctl_lport_get_tag(struct ctl_context *ctx)
648 const struct nbrec_logical_port *lport;
650 lport = lport_by_name_or_uuid(ctx, ctx->argv[1]);
655 if (lport->n_tag > 0) {
656 ds_put_format(&ctx->output, "%"PRId64"\n", lport->tag[0]);
661 nbctl_lport_set_addresses(struct ctl_context *ctx)
663 const char *id = ctx->argv[1];
664 const struct nbrec_logical_port *lport;
666 lport = lport_by_name_or_uuid(ctx, id);
672 for (i = 2; i < ctx->argc; i++) {
675 if (strcmp(ctx->argv[i], "unknown")
676 && !ovs_scan(ctx->argv[i], ETH_ADDR_SCAN_FMT,
677 ETH_ADDR_SCAN_ARGS(ea))) {
678 VLOG_ERR("Invalid address format (%s). See ovn-nb(5). "
679 "Hint: An Ethernet address must be "
680 "listed before an IP address, together as a single "
681 "argument.", ctx->argv[i]);
686 nbrec_logical_port_set_addresses(lport,
687 (const char **) ctx->argv + 2, ctx->argc - 2);
691 nbctl_lport_get_addresses(struct ctl_context *ctx)
693 const char *id = ctx->argv[1];
694 const struct nbrec_logical_port *lport;
695 struct svec addresses;
699 lport = lport_by_name_or_uuid(ctx, id);
704 svec_init(&addresses);
705 for (i = 0; i < lport->n_addresses; i++) {
706 svec_add(&addresses, lport->addresses[i]);
708 svec_sort(&addresses);
709 SVEC_FOR_EACH(i, mac, &addresses) {
710 ds_put_format(&ctx->output, "%s\n", mac);
712 svec_destroy(&addresses);
716 nbctl_lport_set_port_security(struct ctl_context *ctx)
718 const char *id = ctx->argv[1];
719 const struct nbrec_logical_port *lport;
721 lport = lport_by_name_or_uuid(ctx, id);
726 nbrec_logical_port_set_port_security(lport,
727 (const char **) ctx->argv + 2, ctx->argc - 2);
731 nbctl_lport_get_port_security(struct ctl_context *ctx)
733 const char *id = ctx->argv[1];
734 const struct nbrec_logical_port *lport;
739 lport = lport_by_name_or_uuid(ctx, id);
745 for (i = 0; i < lport->n_port_security; i++) {
746 svec_add(&addrs, lport->port_security[i]);
749 SVEC_FOR_EACH(i, addr, &addrs) {
750 ds_put_format(&ctx->output, "%s\n", addr);
752 svec_destroy(&addrs);
756 nbctl_lport_get_up(struct ctl_context *ctx)
758 const char *id = ctx->argv[1];
759 const struct nbrec_logical_port *lport;
761 lport = lport_by_name_or_uuid(ctx, id);
766 ds_put_format(&ctx->output,
767 "%s\n", (lport->up && *lport->up) ? "up" : "down");
771 nbctl_lport_set_enabled(struct ctl_context *ctx)
773 const char *id = ctx->argv[1];
774 const char *state = ctx->argv[2];
775 const struct nbrec_logical_port *lport;
777 lport = lport_by_name_or_uuid(ctx, id);
782 if (!strcasecmp(state, "enabled")) {
784 nbrec_logical_port_set_enabled(lport, &enabled, 1);
785 } else if (!strcasecmp(state, "disabled")) {
786 bool enabled = false;
787 nbrec_logical_port_set_enabled(lport, &enabled, 1);
789 VLOG_ERR("Invalid state '%s' provided to lport-set-enabled", state);
794 nbctl_lport_get_enabled(struct ctl_context *ctx)
796 const char *id = ctx->argv[1];
797 const struct nbrec_logical_port *lport;
799 lport = lport_by_name_or_uuid(ctx, id);
804 ds_put_format(&ctx->output, "%s\n",
805 !lport->enabled || *lport->enabled ? "enabled" : "disabled");
809 nbctl_lport_set_type(struct ctl_context *ctx)
811 const char *id = ctx->argv[1];
812 const char *type = ctx->argv[2];
813 const struct nbrec_logical_port *lport;
815 lport = lport_by_name_or_uuid(ctx, id);
820 nbrec_logical_port_set_type(lport, type);
824 nbctl_lport_get_type(struct ctl_context *ctx)
826 const char *id = ctx->argv[1];
827 const struct nbrec_logical_port *lport;
829 lport = lport_by_name_or_uuid(ctx, id);
834 ds_put_format(&ctx->output, "%s\n", lport->type);
838 nbctl_lport_set_options(struct ctl_context *ctx)
840 const char *id = ctx->argv[1];
841 const struct nbrec_logical_port *lport;
843 struct smap options = SMAP_INITIALIZER(&options);
845 lport = lport_by_name_or_uuid(ctx, id);
850 for (i = 2; i < ctx->argc; i++) {
852 value = xstrdup(ctx->argv[i]);
853 key = strsep(&value, "=");
855 smap_add(&options, key, value);
860 nbrec_logical_port_set_options(lport, &options);
862 smap_destroy(&options);
866 nbctl_lport_get_options(struct ctl_context *ctx)
868 const char *id = ctx->argv[1];
869 const struct nbrec_logical_port *lport;
870 struct smap_node *node;
872 lport = lport_by_name_or_uuid(ctx, id);
877 SMAP_FOR_EACH(node, &lport->options) {
878 ds_put_format(&ctx->output, "%s=%s\n", node->key, node->value);
888 dir_encode(const char *dir)
890 if (!strcmp(dir, "from-lport")) {
891 return DIR_FROM_LPORT;
892 } else if (!strcmp(dir, "to-lport")) {
900 acl_cmp(const void *acl1_, const void *acl2_)
902 const struct nbrec_acl *const *acl1p = acl1_;
903 const struct nbrec_acl *const *acl2p = acl2_;
904 const struct nbrec_acl *acl1 = *acl1p;
905 const struct nbrec_acl *acl2 = *acl2p;
907 int dir1 = dir_encode(acl1->direction);
908 int dir2 = dir_encode(acl2->direction);
911 return dir1 < dir2 ? -1 : 1;
912 } else if (acl1->priority != acl2->priority) {
913 return acl1->priority > acl2->priority ? -1 : 1;
915 return strcmp(acl1->match, acl2->match);
920 nbctl_acl_list(struct ctl_context *ctx)
922 const struct nbrec_logical_switch *lswitch;
923 const struct nbrec_acl **acls;
926 lswitch = lswitch_by_name_or_uuid(ctx, ctx->argv[1]);
931 acls = xmalloc(sizeof *acls * lswitch->n_acls);
932 for (i = 0; i < lswitch->n_acls; i++) {
933 acls[i] = lswitch->acls[i];
936 qsort(acls, lswitch->n_acls, sizeof *acls, acl_cmp);
938 for (i = 0; i < lswitch->n_acls; i++) {
939 const struct nbrec_acl *acl = acls[i];
940 printf("%10s %5"PRId64" (%s) %s%s\n", acl->direction, acl->priority,
941 acl->match, acl->action, acl->log ? " log" : "");
948 nbctl_acl_add(struct ctl_context *ctx)
950 const struct nbrec_logical_switch *lswitch;
951 const char *action = ctx->argv[5];
952 const char *direction;
955 lswitch = lswitch_by_name_or_uuid(ctx, ctx->argv[1]);
960 /* Validate direction. Only require the first letter. */
961 if (ctx->argv[2][0] == 't') {
962 direction = "to-lport";
963 } else if (ctx->argv[2][0] == 'f') {
964 direction = "from-lport";
966 VLOG_WARN("Invalid direction '%s'", ctx->argv[2]);
970 /* Validate priority. */
971 if (!ovs_scan(ctx->argv[3], "%"SCNd64, &priority) || priority < 0
972 || priority > 32767) {
973 VLOG_WARN("Invalid priority '%s'", ctx->argv[3]);
977 /* Validate action. */
978 if (strcmp(action, "allow") && strcmp(action, "allow-related")
979 && strcmp(action, "drop") && strcmp(action, "reject")) {
980 VLOG_WARN("Invalid action '%s'", action);
984 /* Create the acl. */
985 struct nbrec_acl *acl = nbrec_acl_insert(ctx->txn);
986 nbrec_acl_set_priority(acl, priority);
987 nbrec_acl_set_direction(acl, direction);
988 nbrec_acl_set_match(acl, ctx->argv[4]);
989 nbrec_acl_set_action(acl, action);
990 if (shash_find(&ctx->options, "--log") != NULL) {
991 nbrec_acl_set_log(acl, true);
994 /* Insert the acl into the logical switch. */
995 nbrec_logical_switch_verify_acls(lswitch);
996 struct nbrec_acl **new_acls = xmalloc(sizeof *new_acls *
997 (lswitch->n_acls + 1));
998 memcpy(new_acls, lswitch->acls, sizeof *new_acls * lswitch->n_acls);
999 new_acls[lswitch->n_acls] = acl;
1000 nbrec_logical_switch_set_acls(lswitch, new_acls, lswitch->n_acls + 1);
1005 nbctl_acl_del(struct ctl_context *ctx)
1007 const struct nbrec_logical_switch *lswitch;
1008 const char *direction;
1009 int64_t priority = 0;
1011 lswitch = lswitch_by_name_or_uuid(ctx, ctx->argv[1]);
1016 if (ctx->argc != 2 && ctx->argc != 3 && ctx->argc != 5) {
1017 VLOG_WARN("Invalid number of arguments");
1021 if (ctx->argc == 2) {
1022 /* If direction, priority, and match are not specified, delete
1024 nbrec_logical_switch_verify_acls(lswitch);
1025 nbrec_logical_switch_set_acls(lswitch, NULL, 0);
1029 /* Validate direction. Only require first letter. */
1030 if (ctx->argv[2][0] == 't') {
1031 direction = "to-lport";
1032 } else if (ctx->argv[2][0] == 'f') {
1033 direction = "from-lport";
1035 VLOG_WARN("Invalid direction '%s'", ctx->argv[2]);
1039 /* If priority and match are not specified, delete all ACLs with the
1040 * specified direction. */
1041 if (ctx->argc == 3) {
1042 struct nbrec_acl **new_acls
1043 = xmalloc(sizeof *new_acls * lswitch->n_acls);
1046 for (size_t i = 0; i < lswitch->n_acls; i++) {
1047 if (strcmp(direction, lswitch->acls[i]->direction)) {
1048 new_acls[n_acls++] = lswitch->acls[i];
1052 nbrec_logical_switch_verify_acls(lswitch);
1053 nbrec_logical_switch_set_acls(lswitch, new_acls, n_acls);
1058 /* Validate priority. */
1059 if (!ovs_scan(ctx->argv[3], "%"SCNd64, &priority) || priority < 0
1060 || priority > 32767) {
1061 VLOG_WARN("Invalid priority '%s'", ctx->argv[3]);
1065 /* Remove the matching rule. */
1066 for (size_t i = 0; i < lswitch->n_acls; i++) {
1067 struct nbrec_acl *acl = lswitch->acls[i];
1069 if (priority == acl->priority && !strcmp(ctx->argv[4], acl->match) &&
1070 !strcmp(direction, acl->direction)) {
1071 struct nbrec_acl **new_acls
1072 = xmemdup(lswitch->acls, sizeof *new_acls * lswitch->n_acls);
1073 new_acls[i] = lswitch->acls[lswitch->n_acls - 1];
1074 nbrec_logical_switch_verify_acls(lswitch);
1075 nbrec_logical_switch_set_acls(lswitch, new_acls,
1076 lswitch->n_acls - 1);
1083 static const struct ctl_table_class tables[] = {
1084 {&nbrec_table_logical_switch,
1085 {{&nbrec_table_logical_switch, &nbrec_logical_switch_col_name, NULL},
1086 {NULL, NULL, NULL}}},
1088 {&nbrec_table_logical_port,
1089 {{&nbrec_table_logical_port, &nbrec_logical_port_col_name, NULL},
1090 {NULL, NULL, NULL}}},
1093 {{NULL, NULL, NULL},
1094 {NULL, NULL, NULL}}},
1096 {&nbrec_table_logical_router,
1097 {{&nbrec_table_logical_router, &nbrec_logical_router_col_name, NULL},
1098 {NULL, NULL, NULL}}},
1100 {&nbrec_table_logical_router_port,
1101 {{&nbrec_table_logical_router_port, &nbrec_logical_router_port_col_name,
1103 {NULL, NULL, NULL}}},
1105 {NULL, {{NULL, NULL, NULL}, {NULL, NULL, NULL}}}
1109 run_prerequisites(struct ctl_command *commands, size_t n_commands,
1110 struct ovsdb_idl *idl)
1112 struct ctl_command *c;
1114 for (c = commands; c < &commands[n_commands]; c++) {
1115 if (c->syntax->prerequisites) {
1116 struct ctl_context ctx;
1118 ds_init(&c->output);
1121 ctl_context_init(&ctx, c, idl, NULL, NULL, NULL);
1122 (c->syntax->prerequisites)(&ctx);
1123 ctl_context_done(&ctx, c);
1125 ovs_assert(!c->output.string);
1126 ovs_assert(!c->table);
1132 do_nbctl(const char *args, struct ctl_command *commands, size_t n_commands,
1133 struct ovsdb_idl *idl)
1135 struct ovsdb_idl_txn *txn;
1136 enum ovsdb_idl_txn_status status;
1137 struct ovsdb_symbol_table *symtab;
1138 struct ctl_context ctx;
1139 struct ctl_command *c;
1140 struct shash_node *node;
1143 txn = the_idl_txn = ovsdb_idl_txn_create(idl);
1145 ovsdb_idl_txn_set_dry_run(txn);
1148 ovsdb_idl_txn_add_comment(txn, "ovs-nbctl: %s", args);
1150 symtab = ovsdb_symbol_table_create();
1151 for (c = commands; c < &commands[n_commands]; c++) {
1152 ds_init(&c->output);
1155 ctl_context_init(&ctx, NULL, idl, txn, symtab, NULL);
1156 for (c = commands; c < &commands[n_commands]; c++) {
1157 ctl_context_init_command(&ctx, c);
1158 if (c->syntax->run) {
1159 (c->syntax->run)(&ctx);
1161 ctl_context_done_command(&ctx, c);
1163 if (ctx.try_again) {
1164 ctl_context_done(&ctx, NULL);
1168 ctl_context_done(&ctx, NULL);
1170 SHASH_FOR_EACH (node, &symtab->sh) {
1171 struct ovsdb_symbol *symbol = node->data;
1172 if (!symbol->created) {
1173 ctl_fatal("row id \"%s\" is referenced but never created (e.g. "
1174 "with \"-- --id=%s create ...\")",
1175 node->name, node->name);
1177 if (!symbol->strong_ref) {
1178 if (!symbol->weak_ref) {
1179 VLOG_WARN("row id \"%s\" was created but no reference to it "
1180 "was inserted, so it will not actually appear in "
1181 "the database", node->name);
1183 VLOG_WARN("row id \"%s\" was created but only a weak "
1184 "reference to it was inserted, so it will not "
1185 "actually appear in the database", node->name);
1190 status = ovsdb_idl_txn_commit_block(txn);
1191 if (status == TXN_UNCHANGED || status == TXN_SUCCESS) {
1192 for (c = commands; c < &commands[n_commands]; c++) {
1193 if (c->syntax->postprocess) {
1194 ctl_context_init(&ctx, c, idl, txn, symtab, NULL);
1195 (c->syntax->postprocess)(&ctx);
1196 ctl_context_done(&ctx, c);
1200 error = xstrdup(ovsdb_idl_txn_get_error(txn));
1203 case TXN_UNCOMMITTED:
1204 case TXN_INCOMPLETE:
1208 /* Should not happen--we never call ovsdb_idl_txn_abort(). */
1209 ctl_fatal("transaction aborted");
1219 ctl_fatal("transaction error: %s", error);
1221 case TXN_NOT_LOCKED:
1222 /* Should not happen--we never call ovsdb_idl_set_lock(). */
1223 ctl_fatal("database not locked");
1230 ovsdb_symbol_table_destroy(symtab);
1232 for (c = commands; c < &commands[n_commands]; c++) {
1233 struct ds *ds = &c->output;
1236 table_print(c->table, &table_style);
1237 } else if (oneline) {
1241 for (j = 0; j < ds->length; j++) {
1242 int ch = ds->string[j];
1245 fputs("\\n", stdout);
1249 fputs("\\\\", stdout);
1258 fputs(ds_cstr(ds), stdout);
1260 ds_destroy(&c->output);
1261 table_destroy(c->table);
1264 shash_destroy_free_data(&c->options);
1267 ovsdb_idl_txn_destroy(txn);
1268 ovsdb_idl_destroy(idl);
1273 /* Our transaction needs to be rerun, or a prerequisite was not met. Free
1274 * resources and return so that the caller can try again. */
1276 ovsdb_idl_txn_abort(txn);
1277 ovsdb_idl_txn_destroy(txn);
1280 ovsdb_symbol_table_destroy(symtab);
1281 for (c = commands; c < &commands[n_commands]; c++) {
1282 ds_destroy(&c->output);
1283 table_destroy(c->table);
1289 /* Frees the current transaction and the underlying IDL and then calls
1292 * Freeing the transaction and the IDL is not strictly necessary, but it makes
1293 * for a clean memory leak report from valgrind in the normal case. That makes
1294 * it easier to notice real memory leaks. */
1296 nbctl_exit(int status)
1299 ovsdb_idl_txn_abort(the_idl_txn);
1300 ovsdb_idl_txn_destroy(the_idl_txn);
1302 ovsdb_idl_destroy(the_idl);
1306 static const struct ctl_command_syntax nbctl_commands[] = {
1307 { "show", 0, 1, "[LSWITCH]", NULL, nbctl_show, NULL, "", RO },
1309 /* lswitch commands. */
1310 { "lswitch-add", 0, 1, "[LSWITCH]", NULL, nbctl_lswitch_add,
1312 { "lswitch-del", 1, 1, "LSWITCH", NULL, nbctl_lswitch_del,
1314 { "lswitch-list", 0, 0, "", NULL, nbctl_lswitch_list, NULL, "", RO },
1317 { "acl-add", 5, 5, "LSWITCH DIRECTION PRIORITY MATCH ACTION", NULL,
1318 nbctl_acl_add, NULL, "--log", RW },
1319 { "acl-del", 1, 4, "LSWITCH [DIRECTION [PRIORITY MATCH]]", NULL,
1320 nbctl_acl_del, NULL, "", RW },
1321 { "acl-list", 1, 1, "LSWITCH", NULL, nbctl_acl_list, NULL, "", RO },
1323 /* lport commands. */
1324 { "lport-add", 2, 4, "LSWITCH LPORT [PARENT] [TAG]", NULL, nbctl_lport_add,
1326 { "lport-del", 1, 1, "LPORT", NULL, nbctl_lport_del, NULL, "", RO },
1327 { "lport-list", 1, 1, "LSWITCH", NULL, nbctl_lport_list, NULL, "", RO },
1328 { "lport-get-parent", 1, 1, "LPORT", NULL, nbctl_lport_get_parent, NULL,
1330 { "lport-get-tag", 1, 1, "LPORT", NULL, nbctl_lport_get_tag, NULL, "",
1332 { "lport-set-addresses", 1, INT_MAX, "LPORT [ADDRESS]...", NULL,
1333 nbctl_lport_set_addresses, NULL, "", RW },
1334 { "lport-get-addresses", 1, 1, "LPORT", NULL,
1335 nbctl_lport_get_addresses, NULL,
1337 { "lport-set-port-security", 0, INT_MAX, "LPORT [ADDRS]...", NULL,
1338 nbctl_lport_set_port_security, NULL, "", RW },
1339 { "lport-get-port-security", 1, 1, "LPORT", NULL,
1340 nbctl_lport_get_port_security, NULL, "", RO },
1341 { "lport-get-up", 1, 1, "LPORT", NULL, nbctl_lport_get_up, NULL, "", RO },
1342 { "lport-set-enabled", 2, 2, "LPORT STATE", NULL, nbctl_lport_set_enabled,
1344 { "lport-get-enabled", 1, 1, "LPORT", NULL, nbctl_lport_get_enabled, NULL,
1346 { "lport-set-type", 2, 2, "LPORT TYPE", NULL, nbctl_lport_set_type, NULL,
1348 { "lport-get-type", 1, 1, "LPORT", NULL, nbctl_lport_get_type, NULL, "",
1350 { "lport-set-options", 1, INT_MAX, "LPORT KEY=VALUE [KEY=VALUE]...", NULL,
1351 nbctl_lport_set_options, NULL, "", RW },
1352 { "lport-get-options", 1, 1, "LPORT", NULL, nbctl_lport_get_options, NULL,
1355 {NULL, 0, 0, NULL, NULL, NULL, NULL, "", RO},
1358 /* Registers nbctl and common db commands. */
1360 nbctl_cmd_init(void)
1362 ctl_init(tables, NULL, nbctl_exit);
1363 ctl_register_commands(nbctl_commands);
projects / cascardo / ovs.git / blob