Thomas Vachuska | 781d18b | 2014-10-27 10:31:25 -0700 | [diff] [blame] | 1 | /* |
Brian O'Connor | a09fe5b | 2017-08-03 21:12:30 -0700 | [diff] [blame] | 2 | * Copyright 2015-present Open Networking Foundation |
tom | 7ef8ff9 | 2014-09-17 13:08:06 -0700 | [diff] [blame] | 3 | * |
Thomas Vachuska | 4f1a60c | 2014-10-28 13:39:07 -0700 | [diff] [blame] | 4 | * Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | * you may not use this file except in compliance with the License. |
| 6 | * You may obtain a copy of the License at |
tom | 7ef8ff9 | 2014-09-17 13:08:06 -0700 | [diff] [blame] | 7 | * |
Thomas Vachuska | 4f1a60c | 2014-10-28 13:39:07 -0700 | [diff] [blame] | 8 | * http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | * |
| 10 | * Unless required by applicable law or agreed to in writing, software |
| 11 | * distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | * See the License for the specific language governing permissions and |
| 14 | * limitations under the License. |
Thomas Vachuska | 781d18b | 2014-10-27 10:31:25 -0700 | [diff] [blame] | 15 | */ |
tom | 7ef8ff9 | 2014-09-17 13:08:06 -0700 | [diff] [blame] | 16 | |
Brian O'Connor | abafb50 | 2014-12-02 22:26:20 -0800 | [diff] [blame] | 17 | package org.onosproject.openflow.controller.impl; |
tom | 7ef8ff9 | 2014-09-17 13:08:06 -0700 | [diff] [blame] | 18 | |
Brian O'Connor | f7215b8 | 2018-05-10 19:12:44 -0700 | [diff] [blame^] | 19 | import com.google.common.base.MoreObjects; |
Brian O'Connor | ff27850 | 2015-09-22 14:49:52 -0700 | [diff] [blame] | 20 | import com.google.common.base.Strings; |
| 21 | import com.google.common.collect.ImmutableList; |
Brian O'Connor | f7215b8 | 2018-05-10 19:12:44 -0700 | [diff] [blame^] | 22 | import com.google.common.collect.Sets; |
Yuta HIGUCHI | 6ee6b8c | 2017-05-09 14:44:30 -0700 | [diff] [blame] | 23 | import io.netty.bootstrap.ServerBootstrap; |
Brian O'Connor | f7215b8 | 2018-05-10 19:12:44 -0700 | [diff] [blame^] | 24 | import io.netty.channel.Channel; |
Yuta HIGUCHI | 6ee6b8c | 2017-05-09 14:44:30 -0700 | [diff] [blame] | 25 | import io.netty.channel.ChannelOption; |
| 26 | import io.netty.channel.EventLoopGroup; |
| 27 | import io.netty.channel.epoll.EpollEventLoopGroup; |
| 28 | import io.netty.channel.epoll.EpollServerSocketChannel; |
| 29 | import io.netty.channel.group.ChannelGroup; |
| 30 | import io.netty.channel.group.DefaultChannelGroup; |
| 31 | import io.netty.channel.nio.NioEventLoopGroup; |
| 32 | import io.netty.channel.socket.nio.NioServerSocketChannel; |
| 33 | import io.netty.util.concurrent.GlobalEventExecutor; |
Jonathan Hart | a0d1249 | 2015-07-16 12:03:41 -0700 | [diff] [blame] | 34 | import org.onlab.util.ItemNotFoundException; |
| 35 | import org.onosproject.net.DeviceId; |
Brian O'Connor | f69e3e3 | 2018-05-10 02:25:09 -0700 | [diff] [blame] | 36 | import org.onosproject.net.config.NetworkConfigRegistry; |
alshabib | b452fd7 | 2015-04-22 20:46:20 -0700 | [diff] [blame] | 37 | import org.onosproject.net.driver.DefaultDriverData; |
| 38 | import org.onosproject.net.driver.DefaultDriverHandler; |
| 39 | import org.onosproject.net.driver.Driver; |
| 40 | import org.onosproject.net.driver.DriverService; |
Brian O'Connor | f69e3e3 | 2018-05-10 02:25:09 -0700 | [diff] [blame] | 41 | import org.onosproject.openflow.config.OpenFlowDeviceConfig; |
Brian O'Connor | abafb50 | 2014-12-02 22:26:20 -0800 | [diff] [blame] | 42 | import org.onosproject.openflow.controller.Dpid; |
| 43 | import org.onosproject.openflow.controller.driver.OpenFlowAgent; |
| 44 | import org.onosproject.openflow.controller.driver.OpenFlowSwitchDriver; |
tom | 7ef8ff9 | 2014-09-17 13:08:06 -0700 | [diff] [blame] | 45 | import org.projectfloodlight.openflow.protocol.OFDescStatsReply; |
tom | 7ef8ff9 | 2014-09-17 13:08:06 -0700 | [diff] [blame] | 46 | import org.projectfloodlight.openflow.protocol.OFVersion; |
| 47 | import org.slf4j.Logger; |
| 48 | import org.slf4j.LoggerFactory; |
| 49 | |
alshabib | 9b6c19c | 2015-09-26 12:19:27 -0700 | [diff] [blame] | 50 | import javax.net.ssl.KeyManagerFactory; |
| 51 | import javax.net.ssl.SSLContext; |
alshabib | 9b6c19c | 2015-09-26 12:19:27 -0700 | [diff] [blame] | 52 | import javax.net.ssl.TrustManagerFactory; |
| 53 | import java.io.FileInputStream; |
Ray Milkey | 986a47a | 2018-01-25 11:38:51 -0800 | [diff] [blame] | 54 | import java.io.IOException; |
Thomas Vachuska | 6f94ded | 2015-02-21 14:02:38 -0800 | [diff] [blame] | 55 | import java.lang.management.ManagementFactory; |
| 56 | import java.lang.management.RuntimeMXBean; |
Brian O'Connor | f7215b8 | 2018-05-10 19:12:44 -0700 | [diff] [blame^] | 57 | import java.net.InetSocketAddress; |
| 58 | import java.net.SocketAddress; |
Ray Milkey | 986a47a | 2018-01-25 11:38:51 -0800 | [diff] [blame] | 59 | import java.security.KeyManagementException; |
alshabib | 9b6c19c | 2015-09-26 12:19:27 -0700 | [diff] [blame] | 60 | import java.security.KeyStore; |
Ray Milkey | 986a47a | 2018-01-25 11:38:51 -0800 | [diff] [blame] | 61 | import java.security.KeyStoreException; |
| 62 | import java.security.NoSuchAlgorithmException; |
| 63 | import java.security.UnrecoverableKeyException; |
Brian O'Connor | f69e3e3 | 2018-05-10 02:25:09 -0700 | [diff] [blame] | 64 | import java.security.cert.Certificate; |
Ray Milkey | 986a47a | 2018-01-25 11:38:51 -0800 | [diff] [blame] | 65 | import java.security.cert.CertificateException; |
Brian O'Connor | f7215b8 | 2018-05-10 19:12:44 -0700 | [diff] [blame^] | 66 | import java.util.Collection; |
| 67 | import java.util.Collections; |
Brian O'Connor | ff27850 | 2015-09-22 14:49:52 -0700 | [diff] [blame] | 68 | import java.util.Dictionary; |
Brian O'Connor | f7215b8 | 2018-05-10 19:12:44 -0700 | [diff] [blame^] | 69 | import java.util.EnumSet; |
Thomas Vachuska | 6f94ded | 2015-02-21 14:02:38 -0800 | [diff] [blame] | 70 | import java.util.HashMap; |
Brian O'Connor | f7215b8 | 2018-05-10 19:12:44 -0700 | [diff] [blame^] | 71 | import java.util.Iterator; |
Brian O'Connor | ff27850 | 2015-09-22 14:49:52 -0700 | [diff] [blame] | 72 | import java.util.List; |
Thomas Vachuska | 6f94ded | 2015-02-21 14:02:38 -0800 | [diff] [blame] | 73 | import java.util.Map; |
Brian O'Connor | f69e3e3 | 2018-05-10 02:25:09 -0700 | [diff] [blame] | 74 | import java.util.Objects; |
| 75 | import java.util.Optional; |
Brian O'Connor | f7215b8 | 2018-05-10 19:12:44 -0700 | [diff] [blame^] | 76 | import java.util.Set; |
Brian O'Connor | ff27850 | 2015-09-22 14:49:52 -0700 | [diff] [blame] | 77 | import java.util.stream.Collectors; |
| 78 | import java.util.stream.Stream; |
Thomas Vachuska | 6f94ded | 2015-02-21 14:02:38 -0800 | [diff] [blame] | 79 | |
Brian O'Connor | ff27850 | 2015-09-22 14:49:52 -0700 | [diff] [blame] | 80 | import static org.onlab.util.Tools.get; |
Thomas Vachuska | 6f94ded | 2015-02-21 14:02:38 -0800 | [diff] [blame] | 81 | import static org.onlab.util.Tools.groupedThreads; |
Thomas Vachuska | 80b0a80 | 2015-07-17 08:43:30 -0700 | [diff] [blame] | 82 | import static org.onosproject.net.DeviceId.deviceId; |
| 83 | import static org.onosproject.openflow.controller.Dpid.uri; |
Thomas Vachuska | 6f94ded | 2015-02-21 14:02:38 -0800 | [diff] [blame] | 84 | |
tom | 7ef8ff9 | 2014-09-17 13:08:06 -0700 | [diff] [blame] | 85 | |
| 86 | /** |
| 87 | * The main controller class. Handles all setup and network listeners |
tom | 7ef8ff9 | 2014-09-17 13:08:06 -0700 | [diff] [blame] | 88 | */ |
| 89 | public class Controller { |
| 90 | |
Ray Milkey | 9c9cde4 | 2018-01-12 14:22:06 -0800 | [diff] [blame] | 91 | private static final Logger log = LoggerFactory.getLogger(Controller.class); |
alshabib | 9eab22f | 2014-10-20 17:17:31 -0700 | [diff] [blame] | 92 | |
alshabib | 9b6c19c | 2015-09-26 12:19:27 -0700 | [diff] [blame] | 93 | private static final short MIN_KS_LENGTH = 6; |
tom | 7ef8ff9 | 2014-09-17 13:08:06 -0700 | [diff] [blame] | 94 | |
tom | 7ef8ff9 | 2014-09-17 13:08:06 -0700 | [diff] [blame] | 95 | protected HashMap<String, String> controllerNodeIPsCache; |
| 96 | |
| 97 | private ChannelGroup cg; |
| 98 | |
| 99 | // Configuration options |
Brian O'Connor | ff27850 | 2015-09-22 14:49:52 -0700 | [diff] [blame] | 100 | protected List<Integer> openFlowPorts = ImmutableList.of(6633, 6653); |
Yuta HIGUCHI | 8552b17 | 2016-07-25 12:10:08 -0700 | [diff] [blame] | 101 | protected int workerThreads = 0; |
tom | 7ef8ff9 | 2014-09-17 13:08:06 -0700 | [diff] [blame] | 102 | |
| 103 | // Start time of the controller |
| 104 | protected long systemStartTime; |
| 105 | |
| 106 | private OpenFlowAgent agent; |
| 107 | |
Yuta HIGUCHI | 6ee6b8c | 2017-05-09 14:44:30 -0700 | [diff] [blame] | 108 | private EventLoopGroup bossGroup; |
| 109 | private EventLoopGroup workerGroup; |
tom | 7ef8ff9 | 2014-09-17 13:08:06 -0700 | [diff] [blame] | 110 | |
Brian O'Connor | f7215b8 | 2018-05-10 19:12:44 -0700 | [diff] [blame^] | 111 | enum TlsMode { |
| 112 | DISABLED, // TLS is not used for OpenFlow connections |
| 113 | ENABLED, // Clients are required use TLS and present a client certificate |
| 114 | STRICT, // Clients must use TLS, and certificate must match the one specified in netcfg |
| 115 | } |
| 116 | private static final EnumSet<TlsMode> TLS_ENABLED = EnumSet.of(TlsMode.ENABLED, TlsMode.STRICT); |
| 117 | |
| 118 | protected TlsParams tlsParams; |
alshabib | 5162a9d | 2015-12-07 17:49:37 -0800 | [diff] [blame] | 119 | protected SSLContext sslContext; |
Brian O'Connor | f69e3e3 | 2018-05-10 02:25:09 -0700 | [diff] [blame] | 120 | protected KeyStore keyStore; |
alshabib | 9b6c19c | 2015-09-26 12:19:27 -0700 | [diff] [blame] | 121 | |
tom | 7ef8ff9 | 2014-09-17 13:08:06 -0700 | [diff] [blame] | 122 | // Perf. related configuration |
| 123 | protected static final int SEND_BUFFER_SIZE = 4 * 1024 * 1024; |
Yuta HIGUCHI | 2341e60 | 2017-03-08 20:10:08 -0800 | [diff] [blame] | 124 | |
alshabib | b452fd7 | 2015-04-22 20:46:20 -0700 | [diff] [blame] | 125 | private DriverService driverService; |
Brian O'Connor | f69e3e3 | 2018-05-10 02:25:09 -0700 | [diff] [blame] | 126 | private NetworkConfigRegistry netCfgService; |
tom | 7ef8ff9 | 2014-09-17 13:08:06 -0700 | [diff] [blame] | 127 | |
Brian O'Connor | f7215b8 | 2018-05-10 19:12:44 -0700 | [diff] [blame^] | 128 | |
| 129 | |
tom | 7ef8ff9 | 2014-09-17 13:08:06 -0700 | [diff] [blame] | 130 | // ************** |
| 131 | // Initialization |
| 132 | // ************** |
| 133 | |
Brian O'Connor | f7215b8 | 2018-05-10 19:12:44 -0700 | [diff] [blame^] | 134 | private void addListeningPorts(Collection<Integer> ports) { |
| 135 | if (cg == null) { |
| 136 | return; |
| 137 | } |
| 138 | final ServerBootstrap bootstrap = createServerBootStrap(); |
| 139 | bootstrap.option(ChannelOption.SO_REUSEADDR, true); |
| 140 | bootstrap.childOption(ChannelOption.SO_KEEPALIVE, true); |
| 141 | bootstrap.childOption(ChannelOption.TCP_NODELAY, true); |
| 142 | bootstrap.childOption(ChannelOption.SO_SNDBUF, Controller.SEND_BUFFER_SIZE); |
Yuta HIGUCHI | 6ee6b8c | 2017-05-09 14:44:30 -0700 | [diff] [blame] | 143 | // bootstrap.childOption(ChannelOption.WRITE_BUFFER_WATER_MARK, |
| 144 | // new WriteBufferWaterMark(8 * 1024, 32 * 1024)); |
tom | 7ef8ff9 | 2014-09-17 13:08:06 -0700 | [diff] [blame] | 145 | |
Brian O'Connor | f7215b8 | 2018-05-10 19:12:44 -0700 | [diff] [blame^] | 146 | bootstrap.childHandler(new OFChannelInitializer(this, null, sslContext)); |
tom | 7ef8ff9 | 2014-09-17 13:08:06 -0700 | [diff] [blame] | 147 | |
Brian O'Connor | f7215b8 | 2018-05-10 19:12:44 -0700 | [diff] [blame^] | 148 | Set<Integer> existingPorts = cg.stream() |
| 149 | .map(Channel::localAddress) |
| 150 | .filter(InetSocketAddress.class::isInstance) |
| 151 | .map(InetSocketAddress.class::cast) |
| 152 | .map(InetSocketAddress::getPort) |
| 153 | .collect(Collectors.toSet()); |
| 154 | ports.removeAll(existingPorts); |
tom | 7ef8ff9 | 2014-09-17 13:08:06 -0700 | [diff] [blame] | 155 | |
Brian O'Connor | f7215b8 | 2018-05-10 19:12:44 -0700 | [diff] [blame^] | 156 | ports.forEach(port -> { |
| 157 | // TODO revisit if this is best way to listen to multiple ports |
| 158 | cg.add(bootstrap.bind(port).syncUninterruptibly().channel()); |
| 159 | log.info("Listening for OF switch connections on {}", port); |
| 160 | }); |
| 161 | } |
| 162 | |
| 163 | private void removeListeningPorts(Collection<Integer> ports) { |
| 164 | if (cg == null) { |
| 165 | return; |
| 166 | } |
| 167 | Iterator<Channel> itr = cg.iterator(); |
| 168 | while (itr.hasNext()) { |
| 169 | Channel c = itr.next(); |
| 170 | SocketAddress addr = c.localAddress(); |
| 171 | if (addr instanceof InetSocketAddress) { |
| 172 | InetSocketAddress inetAddr = (InetSocketAddress) addr; |
| 173 | Integer port = inetAddr.getPort(); |
| 174 | if (ports.contains(port)) { |
| 175 | log.info("No longer listening for OF switch connections on {}", port); |
| 176 | c.close(); |
| 177 | itr.remove(); |
| 178 | } |
| 179 | } |
| 180 | |
| 181 | } |
tom | 7ef8ff9 | 2014-09-17 13:08:06 -0700 | [diff] [blame] | 182 | } |
| 183 | |
| 184 | private ServerBootstrap createServerBootStrap() { |
| 185 | |
Yuta HIGUCHI | 6ee6b8c | 2017-05-09 14:44:30 -0700 | [diff] [blame] | 186 | int bossThreads = Math.max(1, openFlowPorts.size()); |
| 187 | try { |
| 188 | bossGroup = new EpollEventLoopGroup(bossThreads, groupedThreads("onos/of", "boss-%d", log)); |
| 189 | workerGroup = new EpollEventLoopGroup(workerThreads, groupedThreads("onos/of", "worker-%d", log)); |
| 190 | ServerBootstrap bs = new ServerBootstrap() |
| 191 | .group(bossGroup, workerGroup) |
| 192 | .channel(EpollServerSocketChannel.class); |
| 193 | log.info("Using Epoll transport"); |
| 194 | return bs; |
| 195 | } catch (Throwable e) { |
| 196 | log.debug("Failed to initialize native (epoll) transport: {}", e.getMessage()); |
tom | 7ef8ff9 | 2014-09-17 13:08:06 -0700 | [diff] [blame] | 197 | } |
Yuta HIGUCHI | 6ee6b8c | 2017-05-09 14:44:30 -0700 | [diff] [blame] | 198 | |
| 199 | // Requires 4.1.11 or later |
| 200 | // try { |
| 201 | // bossGroup = new KQueueEventLoopGroup(bossThreads, groupedThreads("onos/of", "boss-%d", log)); |
| 202 | // workerGroup = new KQueueEventLoopGroup(workerThreads, groupedThreads("onos/of", "worker-%d", log)); |
| 203 | // ServerBootstrap bs = new ServerBootstrap() |
| 204 | // .group(bossGroup, workerGroup) |
| 205 | // .channel(KQueueServerSocketChannel.class); |
| 206 | // log.info("Using Kqueue transport"); |
| 207 | // return bs; |
| 208 | // } catch (Throwable e) { |
| 209 | // log.debug("Failed to initialize native (kqueue) transport. ", e.getMessage()); |
| 210 | // } |
| 211 | |
| 212 | bossGroup = new NioEventLoopGroup(bossThreads, groupedThreads("onos/of", "boss-%d", log)); |
| 213 | workerGroup = new NioEventLoopGroup(workerThreads, groupedThreads("onos/of", "worker-%d", log)); |
| 214 | log.info("Using Nio transport"); |
| 215 | return new ServerBootstrap() |
| 216 | .group(bossGroup, workerGroup) |
| 217 | .channel(NioServerSocketChannel.class); |
tom | 7ef8ff9 | 2014-09-17 13:08:06 -0700 | [diff] [blame] | 218 | } |
| 219 | |
Brian O'Connor | ff27850 | 2015-09-22 14:49:52 -0700 | [diff] [blame] | 220 | public void setConfigParams(Dictionary<?, ?> properties) { |
Brian O'Connor | f7215b8 | 2018-05-10 19:12:44 -0700 | [diff] [blame^] | 221 | boolean restartRequired = setOpenFlowPorts(properties); |
| 222 | restartRequired |= setWorkerThreads(properties); |
| 223 | restartRequired |= setTlsParameters(properties); |
| 224 | if (restartRequired) { |
| 225 | restart(); |
tom | 7ef8ff9 | 2014-09-17 13:08:06 -0700 | [diff] [blame] | 226 | } |
Brian O'Connor | f7215b8 | 2018-05-10 19:12:44 -0700 | [diff] [blame^] | 227 | } |
| 228 | |
| 229 | /** |
| 230 | * Gets the list of listening ports from property dict. |
| 231 | * |
| 232 | * @param properties dictionary |
| 233 | * @return true if restart is required |
| 234 | */ |
| 235 | private boolean setWorkerThreads(Dictionary<?, ?> properties) { |
| 236 | List<Integer> oldPorts = this.openFlowPorts; |
| 237 | String ports = get(properties, "openflowPorts"); |
| 238 | List<Integer> newPorts = Collections.emptyList(); |
| 239 | if (!Strings.isNullOrEmpty(ports)) { |
| 240 | newPorts = Stream.of(ports.split(",")) |
| 241 | .map(s -> Integer.parseInt(s)) |
| 242 | .collect(Collectors.toList()); |
| 243 | } |
| 244 | |
| 245 | Set<Integer> portsToAdd = Sets.newHashSet(newPorts); |
| 246 | portsToAdd.removeAll(oldPorts); |
| 247 | addListeningPorts(portsToAdd); |
| 248 | |
| 249 | Set<Integer> portsToRemove = Sets.newHashSet(oldPorts); |
| 250 | portsToRemove.removeAll(newPorts); |
| 251 | removeListeningPorts(portsToRemove); |
| 252 | |
| 253 | this.openFlowPorts = newPorts; |
Brian O'Connor | ff27850 | 2015-09-22 14:49:52 -0700 | [diff] [blame] | 254 | log.debug("OpenFlow ports set to {}", this.openFlowPorts); |
Brian O'Connor | f7215b8 | 2018-05-10 19:12:44 -0700 | [diff] [blame^] | 255 | return false; // restart is never required |
| 256 | } |
| 257 | |
| 258 | /** |
| 259 | * Gets the number of worker threads from property dict. |
| 260 | * |
| 261 | * @param properties dictionary |
| 262 | * @return true if restart is required |
| 263 | */ |
| 264 | private boolean setOpenFlowPorts(Dictionary<?, ?> properties) { |
| 265 | Integer oldValue = this.workerThreads; |
Charles Chan | 45624b8 | 2015-08-24 00:29:20 +0800 | [diff] [blame] | 266 | |
Brian O'Connor | ff27850 | 2015-09-22 14:49:52 -0700 | [diff] [blame] | 267 | String threads = get(properties, "workerThreads"); |
| 268 | if (!Strings.isNullOrEmpty(threads)) { |
| 269 | this.workerThreads = Integer.parseInt(threads); |
| 270 | } |
tom | 7ef8ff9 | 2014-09-17 13:08:06 -0700 | [diff] [blame] | 271 | log.debug("Number of worker threads set to {}", this.workerThreads); |
Brian O'Connor | f7215b8 | 2018-05-10 19:12:44 -0700 | [diff] [blame^] | 272 | return oldValue != this.workerThreads; // restart if number of threads has changed |
| 273 | } |
| 274 | |
| 275 | private static class TlsParams { |
| 276 | TlsMode mode; |
| 277 | String ksLocation; |
| 278 | String tsLocation; |
| 279 | String ksPwd; |
| 280 | String tsPwd; |
| 281 | //TODO add the hash of the keystore file contents, so that we restart if the keystore has changed |
| 282 | |
| 283 | public char[] ksPwd() { |
| 284 | return ksPwd.toCharArray(); |
| 285 | } |
| 286 | |
| 287 | public char[] tsPwd() { |
| 288 | return tsPwd.toCharArray(); |
| 289 | } |
| 290 | |
| 291 | public boolean isTlsEnabled() { |
| 292 | return TLS_ENABLED.contains(mode); |
| 293 | } |
| 294 | |
| 295 | @Override |
| 296 | public int hashCode() { |
| 297 | return 1; //TODO |
| 298 | } |
| 299 | |
| 300 | @Override |
| 301 | public boolean equals(Object obj) { |
| 302 | if (this == obj) { |
| 303 | return true; |
| 304 | } |
| 305 | if (obj instanceof TlsParams) { |
| 306 | final TlsParams that = (TlsParams) obj; |
| 307 | if (this.getClass() != that.getClass()) { |
| 308 | return false; |
| 309 | } else if (this.mode == that.mode && this.mode == TlsMode.DISABLED) { |
| 310 | // All disabled objects should be equal regardless of other params |
| 311 | return true; |
| 312 | } |
| 313 | return this.mode == that.mode && |
| 314 | Objects.equals(this.ksLocation, that.ksLocation) && |
| 315 | Objects.equals(this.tsLocation, that.tsLocation) && |
| 316 | Objects.equals(this.ksPwd, that.ksPwd) && |
| 317 | Objects.equals(this.tsPwd, that.tsPwd); |
| 318 | } |
| 319 | return false; |
| 320 | } |
| 321 | |
| 322 | @Override |
| 323 | public String toString() { |
| 324 | return MoreObjects.toStringHelper(this) |
| 325 | .add("tlsMode", mode.toString().toLowerCase()) |
| 326 | .add("ksLocation", ksLocation) |
| 327 | .add("tsLocation", tsLocation) |
| 328 | .toString(); |
| 329 | } |
| 330 | } |
| 331 | |
| 332 | /** |
| 333 | * Gets the TLS parameters from the properties dict, but fallback to the old approach of |
| 334 | * system properties if the parameters are missing from the dict. |
| 335 | * |
| 336 | * @param properties dictionary |
| 337 | * @return true if restart is required |
| 338 | */ |
| 339 | private boolean setTlsParameters(Dictionary<?, ?> properties) { |
| 340 | TlsParams oldParams = this.tlsParams; |
| 341 | |
| 342 | TlsParams newParams = new TlsParams(); |
| 343 | String tlsString = get(properties, "tlsMode"); |
| 344 | if (!Strings.isNullOrEmpty(tlsString)) { |
| 345 | try { |
| 346 | newParams.mode = TlsMode.valueOf(tlsString.toUpperCase()); |
| 347 | } catch (IllegalArgumentException e) { |
| 348 | log.info("Invalid TLS mode {}. TLS is disabled.", tlsString); |
| 349 | newParams.mode = TlsMode.DISABLED; |
| 350 | } |
| 351 | } else { |
| 352 | // Fallback to system properties |
| 353 | // TODO this method of configuring TLS is deprecated and should be removed eventually |
| 354 | tlsString = System.getProperty("enableOFTLS"); |
| 355 | newParams.mode = !Strings.isNullOrEmpty(tlsString) && Boolean.parseBoolean(tlsString) ? |
| 356 | TlsMode.ENABLED : TlsMode.DISABLED; |
| 357 | } |
| 358 | |
| 359 | if (newParams.isTlsEnabled()) { |
| 360 | newParams.ksLocation = get(properties, "keyStore"); |
| 361 | if (Strings.isNullOrEmpty(newParams.ksLocation)) { |
| 362 | // Fallback to system properties |
| 363 | // TODO remove this eventually |
| 364 | newParams.ksLocation = System.getProperty("javax.net.ssl.keyStore"); |
| 365 | } |
| 366 | if (Strings.isNullOrEmpty(newParams.ksLocation)) { |
| 367 | newParams.mode = TlsMode.DISABLED; |
| 368 | } |
| 369 | |
| 370 | newParams.tsLocation = get(properties, "trustStore"); |
| 371 | if (Strings.isNullOrEmpty(newParams.tsLocation)) { |
| 372 | // Fallback to system properties |
| 373 | // TODO remove this eventually |
| 374 | newParams.tsLocation = System.getProperty("javax.net.ssl.trustStore"); |
| 375 | } |
| 376 | if (Strings.isNullOrEmpty(newParams.tsLocation)) { |
| 377 | newParams.mode = TlsMode.DISABLED; |
| 378 | } |
| 379 | |
| 380 | newParams.ksPwd = get(properties, "keyStorePassword"); |
| 381 | if (Strings.isNullOrEmpty(newParams.ksPwd)) { |
| 382 | // Fallback to system properties |
| 383 | // TODO remove this eventually |
| 384 | newParams.ksPwd = System.getProperty("javax.net.ssl.keyStorePassword"); |
| 385 | } |
| 386 | if (Strings.isNullOrEmpty(newParams.ksPwd) || MIN_KS_LENGTH > newParams.ksPwd.length()) { |
| 387 | newParams.mode = TlsMode.DISABLED; |
| 388 | } |
| 389 | |
| 390 | newParams.tsPwd = get(properties, "trustStorePassword"); |
| 391 | if (Strings.isNullOrEmpty(newParams.tsPwd)) { |
| 392 | // Fallback to system properties |
| 393 | // TODO remove this eventually |
| 394 | newParams.tsPwd = System.getProperty("javax.net.ssl.trustStorePassword"); |
| 395 | } |
| 396 | if (Strings.isNullOrEmpty(newParams.tsPwd) || MIN_KS_LENGTH > newParams.tsPwd.length()) { |
| 397 | newParams.mode = TlsMode.DISABLED; |
| 398 | } |
| 399 | } |
| 400 | this.tlsParams = newParams; |
| 401 | log.info("OpenFlow TLS Params: {}", tlsParams); |
| 402 | return !Objects.equals(newParams, oldParams); // restart if TLS params change |
tom | 7ef8ff9 | 2014-09-17 13:08:06 -0700 | [diff] [blame] | 403 | } |
| 404 | |
tom | 7ef8ff9 | 2014-09-17 13:08:06 -0700 | [diff] [blame] | 405 | /** |
| 406 | * Initialize internal data structures. |
| 407 | */ |
Jonathan Hart | bbd91d4 | 2015-02-27 11:18:04 -0800 | [diff] [blame] | 408 | public void init() { |
tom | 7ef8ff9 | 2014-09-17 13:08:06 -0700 | [diff] [blame] | 409 | // These data structures are initialized here because other |
| 410 | // module's startUp() might be called before ours |
Jonathan Hart | bbd91d4 | 2015-02-27 11:18:04 -0800 | [diff] [blame] | 411 | this.controllerNodeIPsCache = new HashMap<>(); |
tom | 7ef8ff9 | 2014-09-17 13:08:06 -0700 | [diff] [blame] | 412 | |
tom | 7ef8ff9 | 2014-09-17 13:08:06 -0700 | [diff] [blame] | 413 | this.systemStartTime = System.currentTimeMillis(); |
alshabib | 9b6c19c | 2015-09-26 12:19:27 -0700 | [diff] [blame] | 414 | |
Yuta HIGUCHI | 6ee6b8c | 2017-05-09 14:44:30 -0700 | [diff] [blame] | 415 | cg = new DefaultChannelGroup(GlobalEventExecutor.INSTANCE); |
| 416 | |
Brian O'Connor | f7215b8 | 2018-05-10 19:12:44 -0700 | [diff] [blame^] | 417 | if (tlsParams.isTlsEnabled()) { |
Ray Milkey | 986a47a | 2018-01-25 11:38:51 -0800 | [diff] [blame] | 418 | initSsl(); |
alshabib | 9b6c19c | 2015-09-26 12:19:27 -0700 | [diff] [blame] | 419 | } |
alshabib | 9b6c19c | 2015-09-26 12:19:27 -0700 | [diff] [blame] | 420 | } |
| 421 | |
Ray Milkey | 986a47a | 2018-01-25 11:38:51 -0800 | [diff] [blame] | 422 | private void initSsl() { |
| 423 | try { |
| 424 | TrustManagerFactory tmFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); |
| 425 | KeyStore ts = KeyStore.getInstance("JKS"); |
Brian O'Connor | f7215b8 | 2018-05-10 19:12:44 -0700 | [diff] [blame^] | 426 | ts.load(new FileInputStream(tlsParams.tsLocation), tlsParams.tsPwd()); |
Ray Milkey | 986a47a | 2018-01-25 11:38:51 -0800 | [diff] [blame] | 427 | tmFactory.init(ts); |
alshabib | 9b6c19c | 2015-09-26 12:19:27 -0700 | [diff] [blame] | 428 | |
Ray Milkey | 986a47a | 2018-01-25 11:38:51 -0800 | [diff] [blame] | 429 | KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); |
Brian O'Connor | f69e3e3 | 2018-05-10 02:25:09 -0700 | [diff] [blame] | 430 | keyStore = KeyStore.getInstance("JKS"); |
Brian O'Connor | f7215b8 | 2018-05-10 19:12:44 -0700 | [diff] [blame^] | 431 | keyStore.load(new FileInputStream(tlsParams.ksLocation), tlsParams.ksPwd()); |
| 432 | kmf.init(keyStore, tlsParams.ksPwd()); |
alshabib | 9b6c19c | 2015-09-26 12:19:27 -0700 | [diff] [blame] | 433 | |
Ray Milkey | 986a47a | 2018-01-25 11:38:51 -0800 | [diff] [blame] | 434 | sslContext = SSLContext.getInstance("TLS"); |
| 435 | sslContext.init(kmf.getKeyManagers(), tmFactory.getTrustManagers(), null); |
| 436 | } catch (NoSuchAlgorithmException | KeyStoreException | CertificateException | |
| 437 | IOException | KeyManagementException | UnrecoverableKeyException ex) { |
| 438 | log.error("SSL init failed: {}", ex.getMessage()); |
| 439 | } |
tom | 7ef8ff9 | 2014-09-17 13:08:06 -0700 | [diff] [blame] | 440 | } |
| 441 | |
| 442 | // ************** |
| 443 | // Utility methods |
| 444 | // ************** |
| 445 | |
| 446 | public Map<String, Long> getMemory() { |
Jonathan Hart | bbd91d4 | 2015-02-27 11:18:04 -0800 | [diff] [blame] | 447 | Map<String, Long> m = new HashMap<>(); |
tom | 7ef8ff9 | 2014-09-17 13:08:06 -0700 | [diff] [blame] | 448 | Runtime runtime = Runtime.getRuntime(); |
| 449 | m.put("total", runtime.totalMemory()); |
| 450 | m.put("free", runtime.freeMemory()); |
| 451 | return m; |
| 452 | } |
| 453 | |
| 454 | |
Ray Milkey | dc0ff19 | 2015-11-04 13:49:52 -0800 | [diff] [blame] | 455 | public Long getSystemUptime() { |
tom | 7ef8ff9 | 2014-09-17 13:08:06 -0700 | [diff] [blame] | 456 | RuntimeMXBean rb = ManagementFactory.getRuntimeMXBean(); |
| 457 | return rb.getUptime(); |
| 458 | } |
| 459 | |
Ray Milkey | dc0ff19 | 2015-11-04 13:49:52 -0800 | [diff] [blame] | 460 | public long getSystemStartTime() { |
| 461 | return (this.systemStartTime); |
| 462 | } |
| 463 | |
Brian O'Connor | f69e3e3 | 2018-05-10 02:25:09 -0700 | [diff] [blame] | 464 | public boolean isValidCertificate(Long dpid, Certificate peerCert) { |
Brian O'Connor | f7215b8 | 2018-05-10 19:12:44 -0700 | [diff] [blame^] | 465 | if (!tlsParams.isTlsEnabled()) { |
Brian O'Connor | f69e3e3 | 2018-05-10 02:25:09 -0700 | [diff] [blame] | 466 | return true; |
| 467 | } |
| 468 | |
Brian O'Connor | f7215b8 | 2018-05-10 19:12:44 -0700 | [diff] [blame^] | 469 | if (netCfgService == null) { |
| 470 | // netcfg service not available; accept any cert if not in strict mode |
| 471 | return tlsParams.mode == TlsMode.ENABLED; |
| 472 | } |
| 473 | |
Brian O'Connor | f69e3e3 | 2018-05-10 02:25:09 -0700 | [diff] [blame] | 474 | DeviceId deviceId = DeviceId.deviceId(Dpid.uri(new Dpid(dpid))); |
| 475 | OpenFlowDeviceConfig config = |
| 476 | netCfgService.getConfig(deviceId, OpenFlowDeviceConfig.class); |
| 477 | if (config == null) { |
Brian O'Connor | f7215b8 | 2018-05-10 19:12:44 -0700 | [diff] [blame^] | 478 | // Config not set for device, accept any cert if not in strict mode |
| 479 | return tlsParams.mode == TlsMode.ENABLED; |
Brian O'Connor | f69e3e3 | 2018-05-10 02:25:09 -0700 | [diff] [blame] | 480 | } |
| 481 | |
| 482 | Optional<String> alias = config.keyAlias(); |
| 483 | if (!alias.isPresent()) { |
Brian O'Connor | f7215b8 | 2018-05-10 19:12:44 -0700 | [diff] [blame^] | 484 | // Config for device does not specify a certificate chain, accept any cert if not in strict mode |
| 485 | return tlsParams.mode == TlsMode.ENABLED; |
Brian O'Connor | f69e3e3 | 2018-05-10 02:25:09 -0700 | [diff] [blame] | 486 | } |
| 487 | |
| 488 | try { |
| 489 | Certificate configuredCert = keyStore.getCertificate(alias.get()); |
Brian O'Connor | f7215b8 | 2018-05-10 19:12:44 -0700 | [diff] [blame^] | 490 | //TODO there's probably a better way to compare these |
Brian O'Connor | f69e3e3 | 2018-05-10 02:25:09 -0700 | [diff] [blame] | 491 | return Objects.deepEquals(peerCert, configuredCert); |
| 492 | } catch (KeyStoreException e) { |
| 493 | log.info("failed to load key", e); |
| 494 | } |
| 495 | return false; |
| 496 | } |
| 497 | |
tom | 7ef8ff9 | 2014-09-17 13:08:06 -0700 | [diff] [blame] | 498 | /** |
| 499 | * Forward to the driver-manager to get an IOFSwitch instance. |
Thomas Vachuska | 6f94ded | 2015-02-21 14:02:38 -0800 | [diff] [blame] | 500 | * |
Yuta HIGUCHI | 5c94727 | 2014-11-03 21:39:21 -0800 | [diff] [blame] | 501 | * @param dpid data path id |
| 502 | * @param desc switch description |
Thomas Vachuska | 6f94ded | 2015-02-21 14:02:38 -0800 | [diff] [blame] | 503 | * @param ofv OpenFlow version |
tom | 7ef8ff9 | 2014-09-17 13:08:06 -0700 | [diff] [blame] | 504 | * @return switch instance |
| 505 | */ |
| 506 | protected OpenFlowSwitchDriver getOFSwitchInstance(long dpid, |
alshabib | b452fd7 | 2015-04-22 20:46:20 -0700 | [diff] [blame] | 507 | OFDescStatsReply desc, |
| 508 | OFVersion ofv) { |
Jonathan Hart | a0d1249 | 2015-07-16 12:03:41 -0700 | [diff] [blame] | 509 | Dpid dpidObj = new Dpid(dpid); |
| 510 | |
| 511 | Driver driver; |
| 512 | try { |
Sho SHIMIZU | bc82ebb | 2015-08-25 10:15:21 -0700 | [diff] [blame] | 513 | driver = driverService.getDriver(DeviceId.deviceId(Dpid.uri(dpidObj))); |
Jonathan Hart | a0d1249 | 2015-07-16 12:03:41 -0700 | [diff] [blame] | 514 | } catch (ItemNotFoundException e) { |
| 515 | driver = driverService.getDriver(desc.getMfrDesc(), desc.getHwDesc(), desc.getSwDesc()); |
| 516 | } |
alshabib | b452fd7 | 2015-04-22 20:46:20 -0700 | [diff] [blame] | 517 | |
Jonathan Hart | a33134e | 2016-07-27 17:33:35 -0700 | [diff] [blame] | 518 | if (driver == null) { |
Yuta HIGUCHI | 6ee6b8c | 2017-05-09 14:44:30 -0700 | [diff] [blame] | 519 | log.error("No OpenFlow driver for {} : {}", dpidObj, desc); |
Jonathan Hart | a33134e | 2016-07-27 17:33:35 -0700 | [diff] [blame] | 520 | return null; |
alshabib | b452fd7 | 2015-04-22 20:46:20 -0700 | [diff] [blame] | 521 | } |
alshabib | b452fd7 | 2015-04-22 20:46:20 -0700 | [diff] [blame] | 522 | |
Yuta HIGUCHI | 6ee6b8c | 2017-05-09 14:44:30 -0700 | [diff] [blame] | 523 | log.info("Driver '{}' assigned to device {}", driver.name(), dpidObj); |
Jonathan Hart | a33134e | 2016-07-27 17:33:35 -0700 | [diff] [blame] | 524 | |
| 525 | if (!driver.hasBehaviour(OpenFlowSwitchDriver.class)) { |
| 526 | log.error("Driver {} does not support OpenFlowSwitchDriver behaviour", driver.name()); |
| 527 | return null; |
| 528 | } |
| 529 | |
| 530 | DefaultDriverHandler handler = |
| 531 | new DefaultDriverHandler(new DefaultDriverData(driver, deviceId(uri(dpidObj)))); |
| 532 | OpenFlowSwitchDriver ofSwitchDriver = |
| 533 | driver.createBehaviour(handler, OpenFlowSwitchDriver.class); |
| 534 | ofSwitchDriver.init(dpidObj, desc, ofv); |
| 535 | ofSwitchDriver.setAgent(agent); |
| 536 | ofSwitchDriver.setRoleHandler(new RoleManager(ofSwitchDriver)); |
Jonathan Hart | a33134e | 2016-07-27 17:33:35 -0700 | [diff] [blame] | 537 | return ofSwitchDriver; |
tom | 7ef8ff9 | 2014-09-17 13:08:06 -0700 | [diff] [blame] | 538 | } |
| 539 | |
Brian O'Connor | f69e3e3 | 2018-05-10 02:25:09 -0700 | [diff] [blame] | 540 | @Deprecated |
alshabib | b452fd7 | 2015-04-22 20:46:20 -0700 | [diff] [blame] | 541 | public void start(OpenFlowAgent ag, DriverService driverService) { |
Brian O'Connor | f69e3e3 | 2018-05-10 02:25:09 -0700 | [diff] [blame] | 542 | start(ag, driverService, null); |
| 543 | } |
| 544 | |
| 545 | public void start(OpenFlowAgent ag, DriverService driverService, |
| 546 | NetworkConfigRegistry netCfgService) { |
tom | 7ef8ff9 | 2014-09-17 13:08:06 -0700 | [diff] [blame] | 547 | log.info("Starting OpenFlow IO"); |
| 548 | this.agent = ag; |
alshabib | b452fd7 | 2015-04-22 20:46:20 -0700 | [diff] [blame] | 549 | this.driverService = driverService; |
Brian O'Connor | f69e3e3 | 2018-05-10 02:25:09 -0700 | [diff] [blame] | 550 | this.netCfgService = netCfgService; |
Jonathan Hart | bbd91d4 | 2015-02-27 11:18:04 -0800 | [diff] [blame] | 551 | this.init(); |
Brian O'Connor | f7215b8 | 2018-05-10 19:12:44 -0700 | [diff] [blame^] | 552 | this.addListeningPorts(this.openFlowPorts); |
tom | 7ef8ff9 | 2014-09-17 13:08:06 -0700 | [diff] [blame] | 553 | } |
| 554 | |
| 555 | |
| 556 | public void stop() { |
| 557 | log.info("Stopping OpenFlow IO"); |
Brian O'Connor | f7215b8 | 2018-05-10 19:12:44 -0700 | [diff] [blame^] | 558 | if (cg != null) { |
| 559 | cg.close(); |
| 560 | cg = null; |
| 561 | } |
Yuta HIGUCHI | 6ee6b8c | 2017-05-09 14:44:30 -0700 | [diff] [blame] | 562 | |
| 563 | // Shut down all event loops to terminate all threads. |
| 564 | bossGroup.shutdownGracefully(); |
| 565 | workerGroup.shutdownGracefully(); |
| 566 | |
| 567 | // Wait until all threads are terminated. |
| 568 | try { |
| 569 | bossGroup.terminationFuture().sync(); |
| 570 | workerGroup.terminationFuture().sync(); |
| 571 | } catch (InterruptedException e) { |
| 572 | log.warn("Interrupted while stopping", e); |
| 573 | Thread.currentThread().interrupt(); |
| 574 | } |
tom | 7ef8ff9 | 2014-09-17 13:08:06 -0700 | [diff] [blame] | 575 | } |
| 576 | |
Brian O'Connor | f7215b8 | 2018-05-10 19:12:44 -0700 | [diff] [blame^] | 577 | private void restart() { |
| 578 | // only restart if we are already running |
| 579 | if (cg != null) { |
| 580 | stop(); |
| 581 | start(this.agent, this.driverService, this.netCfgService); |
| 582 | } |
| 583 | } |
| 584 | |
tom | 7ef8ff9 | 2014-09-17 13:08:06 -0700 | [diff] [blame] | 585 | } |