Looks good to me. Thanks for tracking this down! --Justin
On Mar 8, 2012, at 5:17 PM, Ansis Atteka wrote: > If Open vSwitch has IPSEC tunnel (with certificates) and Interface > table was updated, then ovs-monitor-ipsec daemon would incorrectly > remove and readd all existing IPSEC tunnels. > > The root cause for this issue was that "peer_cert_file" key was present in > interfaces dictionary, but it was missing in new_interfaces dictionary. > > Signed-off-by: Ansis Atteka <[email protected]> > Reported-by: Niklas Andersson <[email protected]> > --- > debian/ovs-monitor-ipsec | 7 ++++--- > 1 files changed, 4 insertions(+), 3 deletions(-) > > diff --git a/debian/ovs-monitor-ipsec b/debian/ovs-monitor-ipsec > index ac2cd7e..fc69268 100755 > --- a/debian/ovs-monitor-ipsec > +++ b/debian/ovs-monitor-ipsec > @@ -216,12 +216,10 @@ path certificate "%s"; > > # The peer's certificate comes to us in PEM format as a string. > # Write that string to a file for Racoon to use. > - peer_cert_file = "%s/ovs-%s.pem" % (self.cert_dir, host) > - f = open(root_prefix + peer_cert_file, "w") > + f = open(root_prefix + vals["peer_cert_file"], "w") > f.write(vals["peer_cert"]) > f.close() > > - vals["peer_cert_file"] = peer_cert_file > > self.cert_hosts[host] = vals > self.commit() > @@ -489,8 +487,11 @@ def main(): > vlog.warn("no valid SSL entry for %s" % name) > continue > > + peer_cert_name = "ovs-%s.pem" % > (options.get("remote_ip")) > entry["certificate"] = ssl_cert[0] > entry["private_key"] = ssl_cert[1] > + entry["peer_cert_file"] = (Racoon.cert_dir + "/" + > + peer_cert_name) > > new_interfaces[name] = entry > > -- > 1.7.9 > > _______________________________________________ > dev mailing list > [email protected] > http://openvswitch.org/mailman/listinfo/dev _______________________________________________ dev mailing list [email protected] http://openvswitch.org/mailman/listinfo/dev
