Re: [ovs-dev] [PATCH v2] ovs-monitor-ipsec: Detect correctly IPSEC configuration changes

Thu, 08 Mar 2012 22:59:28 -0800 

Thanks pushed into 1.[3456] and master.

On Thu, Mar 8, 2012 at 7:22 PM, Ethan Jackson <et...@nicira.com> wrote:

> Looks good to me, thanks.
>
> Ethan
>
> On Thu, Mar 8, 2012 at 19:18, Ansis Atteka <aatt...@nicira.com> wrote:
> > If Open vSwitch has IPSEC tunnel (with certificates) and Interface
> > table was updated, then ovs-monitor-ipsec daemon would incorrectly
> > remove and readd all existing IPSEC tunnels.
> >
> > The root cause for this issue was that "peer_cert_file" key was present
> in
> > interfaces dictionary, but it was missing in new_interfaces dictionary.
> >
> > v2: Do not fail buildtests
> >
> > Signed-off-by: Ansis Atteka <aatt...@nicira.com>
> > Reported-by: Niklas Andersson <nanders...@nicira.com>
> > ---
> >  debian/ovs-monitor-ipsec |    7 +++----
> >  1 files changed, 3 insertions(+), 4 deletions(-)
> >
> > diff --git a/debian/ovs-monitor-ipsec b/debian/ovs-monitor-ipsec
> > index 9707082..981f0a2 100755
> > --- a/debian/ovs-monitor-ipsec
> > +++ b/debian/ovs-monitor-ipsec
> > @@ -216,13 +216,10 @@ path certificate "%s";
> >
> >         # The peer's certificate comes to us in PEM format as a string.
> >         # Write that string to a file for Racoon to use.
> > -        peer_cert_file = "%s/ovs-%s.pem" % (self.cert_dir, host)
> > -        f = open(root_prefix + peer_cert_file, "w")
> > +        f = open(root_prefix + vals["peer_cert_file"], "w")
> >         f.write(vals["peer_cert"])
> >         f.close()
> >
> > -        vals["peer_cert_file"] = peer_cert_file
> > -
> >         self.cert_hosts[host] = vals
> >         self.commit()
> >
> > @@ -467,6 +464,7 @@ def main():
> >             if rec.type == "ipsec_gre":
> >                 name = rec.name
> >                 options = rec.options
> > +                peer_cert_name = "ovs-%s.pem" %
> (options.get("remote_ip"))
> >                 entry = {
> >                     "remote_ip": options.get("remote_ip"),
> >                     "local_ip": options.get("local_ip", "0.0.0.0/0"),
> > @@ -474,6 +472,7 @@ def main():
> >                     "private_key": options.get("private_key"),
> >                     "use_ssl_cert": options.get("use_ssl_cert"),
> >                     "peer_cert": options.get("peer_cert"),
> > +                    "peer_cert_file": Racoon.cert_dir + "/" +
> peer_cert_name,
> >                     "psk": options.get("psk")}
> >
> >                 if entry["peer_cert"] and entry["psk"]:
> > --
> > 1.7.9
> >
> > _______________________________________________
> > dev mailing list
> > dev@openvswitch.org
> > http://openvswitch.org/mailman/listinfo/dev
>

_______________________________________________
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev

Reply via email to