前面几篇介绍controller的连接,这篇分析ofservice的创建过程,直接从bridge_configure_remotes函数开始分析。
1、bridge_configure_remotes函数
n_controllers = bridge_get_controllers(br, &controllers);
ocs = xmalloc((n_controllers + 1) * sizeof *ocs);
n_ocs = 0;
bridge_ofproto_controller_for_mgmt(br, &ocs[n_ocs++]); //如果没有配置controller,那么也存在一个controller,punix的连接方式
for (i = 0; i < n_controllers; i++) {
struct ovsrec_controller *c = controllers[i];
if (!strncmp(c->target, "punix:", 6)
|| !strncmp(c->target, "unix:", 5)) {
static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
char *whitelist;
if (!strncmp(c->target, "unix:", 5)) {
/* Connect to a listening socket */
whitelist = xasprintf("unix:%s/", ovs_rundir());
if (strchr(c->target, '/') &&
!equal_pathnames(c->target, whitelist,
strlen(whitelist))) {
/* Absolute path specified, but not in ovs_rundir */
VLOG_ERR_RL(&rl, "bridge %s: Not connecting to socket "
"controller \"%s\" due to possibility for "
"remote exploit. Instead, specify socket "
"in whitelisted \"%s\" or connect to "
"\"unix:%s/%s.mgmt\" (which is always "
"available without special configuration).",
br->name, c->target, whitelist,
ovs_rundir(), br->name);
free(whitelist);
continue;
}
} else {
whitelist = xasprintf("punix:%s/%s.",
ovs_rundir(), br->name);
if (!equal_pathnames(c->target, whitelist, strlen(whitelist))
|| strchr(c->target + strlen(whitelist), '/')) {
/* Prevent remote ovsdb-server users from accessing
* arbitrary Unix domain sockets and overwriting arbitrary
* local files. */
VLOG_ERR_RL(&rl, "bridge %s: Not adding Unix domain socket "
"controller \"%s\" due to possibility of "
"overwriting local files. Instead, specify "
"path in whitelisted format \"%s*\" or "
"connect to \"unix:%s/%s.mgmt\"