On 4/13/21 9:28 PM, Flavio Leitner wrote: > On Tue, Apr 13, 2021 at 01:06:40PM -0400, Mark Gray wrote: >> This patch fixes an issue where, depending on timing fluctuations, >> each node has not fully loaded all connections before the other >> node begins to establish a connection. In this failure case, the >> "ovs-monitor-ipsec" instance on the "left" node may `ipsec auto --start` >> a connection which then gets rejected by the "right" side. Almost, >> simulaneously, the "right" side may initiate a connection that gets >> rejected by the "left" side. This can happen as, for all tunnels except >> for GRE, each node has two connections (an "in" connection and an "out" >> connection) that get added one after the other. If the "in" connection >> "starts" on both sides, the "out" connection from the other node >> may not be available causing the connection to fail. At this point, >> "Libreswan" will wait to retry the connection. In the interim, the >> OVS system test times out. This race manifests itself more frequently >> in a virtualized environment. >> >> This patch resolves this issue by waiting for the "left" node to load >> all connections before starting the "right" side. This will cause >> the "left" side to fail to establish a connection with the "right" >> side (as the "right" side connections have not been loaded) but will >> cause the "right" side to succeed to establish a connection as all >> connections will have been loaded on the "left" side. >> >> Reported-at: >> https://mail.openvswitch.org/pipermail/ovs-dev/2021-April/381857.html >> Fixes: 8fc62df8b135 ("ipsec: Introduce IPsec system tests for Libreswan.") >> Signed-off-by: Mark Gray <[email protected]> >> --- > > Thanks for following up with a testsuite fix. > > The patch survived a loop testing (-k ipsec) 500 times. > > Tested-by: Flavio Leitner <[email protected]> > Acked-by: Flavio Leitner <[email protected]>
Thanks! Applied. Best regards, Ilya Maximets. _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
