Re: [ovs-dev] [PATCH] openvswitch: deprecates support for IPsec tunnel port.

2016-09-24 Thread pravin shelar 
On Fri, Sep 23, 2016 at 11:27 PM, Ansis Atteka  wrote:
>
>
> On 21 September 2016 at 03:26, Pravin B Shelar  wrote:
>>
>> OVS IPsec tunnel support has issues:
>> 1. It only works for GRE.
>> 2. only works on Debian.
>> 3. It does not allow user to match on packet-mark
>>on packet received on tunnel ports.
>>
>> This patch deprecates support for IPsec tunnel port.
>>
>> Signed-off-by: Pravin B Shelar 
>> ---
>> After discussing this patch with Jesse, I have decided to
>> just deprecate this feature and not provide any option
>> to allow external IPsec tunnel management.  The reason is
>> that this the option would again cause compatibility
>> issues when IPsec tunnel port support is removed. Considering
>> this feature is not much used it is better to just
>> deprecate it for OVS 2.6.
>> ---
>>  NEWS | 1 +
>>  debian/changelog | 1 +
>>  debian/control   | 1 +
>>  lib/netdev-vport.c   | 2 ++
>>  vswitchd/vswitch.xml | 3 +++
>>  5 files changed, 8 insertions(+)
>>
>> diff --git a/NEWS b/NEWS
>> index 21ab538..9363e91 100644
>> --- a/NEWS
>> +++ b/NEWS
>> @@ -149,6 +149,7 @@ v2.6.0 - xx xxx 
>>   * Flow based tunnel match and action can be used for IPv6 address
>> using
>> tun_ipv6_src, tun_ipv6_dst fields.
>>   * Added support for IPv6 tunnels, for details checkout FAQ.
>> + * Deprecated support for IPsec tunnels ports.
>> - A wrapper script, 'ovs-tcpdump', to easily port-mirror an OVS port
>> and
>>   watch with tcpdump
>> - Introduce --no-self-confinement flag that allows daemons to work
>> with
>> diff --git a/debian/changelog b/debian/changelog
>> index d73e636..13aae36 100644
>> --- a/debian/changelog
>> +++ b/debian/changelog
>> @@ -108,6 +108,7 @@ openvswitch (2.6.0-1) unstable; urgency=low
>>   * Flow based tunnel match and action can be used for IPv6 address
>> using
>> tun_ipv6_src, tun_ipv6_dst fields.
>>   * Added support for IPv6 tunnels, for details checkout FAQ.
>> + * Deprecated support for IPsec tunnels ports.
>> - A wrapper script, 'ovs-tcpdump', to easily port-mirror an OVS port
>> and
>>   watch with tcpdump
>> - Introduce --no-self-confinement flag that allows daemons to work
>> with
>> diff --git a/debian/control b/debian/control
>> index 6e704f1..da86fe9 100644
>> --- a/debian/control
>> +++ b/debian/control
>> @@ -200,6 +200,7 @@ Description: Open vSwitch GRE-over-IPsec support
>>   .
>>   The ovs-monitor-ipsec script provides support for encrypting GRE
>>   tunnels with IPsec.
>> + IPsec tunnels support is deprecated.
>>
>>  Package: openvswitch-pki
>>  Architecture: all
>> diff --git a/lib/netdev-vport.c b/lib/netdev-vport.c
>> index 8d22cf5..ac31da6 100755
>> --- a/lib/netdev-vport.c
>> +++ b/lib/netdev-vport.c
>> @@ -543,6 +543,8 @@ set_tunnel_config(struct netdev *dev_, const struct
>> smap *args)
>>  static struct ovs_mutex mutex = OVS_MUTEX_INITIALIZER;
>>  static pid_t pid = 0;
>>
>> +VLOG_ERR("%s: OVS IPsec tunnel support is deprecated.", name);
>> +
>>  #ifndef _WIN32
>>  ovs_mutex_lock();
>>  if (pid <= 0) {
>> diff --git a/vswitchd/vswitch.xml b/vswitchd/vswitch.xml
>> index e73023d..6381cc8 100644
>> --- a/vswitchd/vswitch.xml
>> +++ b/vswitchd/vswitch.xml
>> @@ -2008,6 +2008,9 @@
>>
>>  An Ethernet over RFC 2890 Generic Routing Encapsulation over
>> IPv4/IPv6
>>  IPsec tunnel.
>> +IPsec tunnel port are deprecated. The support will be
>> completely
>
>
>
> Here is a small typo that you may want to fix "tunnel port*s* are". Just
> squash it in and push.
>
Thanks for the review. I fixed the patch and pushed it to master and branch 2.6.


> Acked-by: Ansis Atteka 
>
___
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev

Re: [ovs-dev] [PATCH] openvswitch: deprecates support for IPsec tunnel port.

2016-09-24 Thread Ansis Atteka 
On 21 September 2016 at 03:26, Pravin B Shelar  wrote:

> OVS IPsec tunnel support has issues:
> 1. It only works for GRE.
> 2. only works on Debian.
> 3. It does not allow user to match on packet-mark
>on packet received on tunnel ports.
>
> This patch deprecates support for IPsec tunnel port.
>
> Signed-off-by: Pravin B Shelar 
> ---
> After discussing this patch with Jesse, I have decided to
> just deprecate this feature and not provide any option
> to allow external IPsec tunnel management.  The reason is
> that this the option would again cause compatibility
> issues when IPsec tunnel port support is removed. Considering
> this feature is not much used it is better to just
> deprecate it for OVS 2.6.
> ---
>  NEWS | 1 +
>  debian/changelog | 1 +
>  debian/control   | 1 +
>  lib/netdev-vport.c   | 2 ++
>  vswitchd/vswitch.xml | 3 +++
>  5 files changed, 8 insertions(+)
>
> diff --git a/NEWS b/NEWS
> index 21ab538..9363e91 100644
> --- a/NEWS
> +++ b/NEWS
> @@ -149,6 +149,7 @@ v2.6.0 - xx xxx 
>   * Flow based tunnel match and action can be used for IPv6 address
> using
> tun_ipv6_src, tun_ipv6_dst fields.
>   * Added support for IPv6 tunnels, for details checkout FAQ.
> + * Deprecated support for IPsec tunnels ports.
> - A wrapper script, 'ovs-tcpdump', to easily port-mirror an OVS port
> and
>   watch with tcpdump
> - Introduce --no-self-confinement flag that allows daemons to work with
> diff --git a/debian/changelog b/debian/changelog
> index d73e636..13aae36 100644
> --- a/debian/changelog
> +++ b/debian/changelog
> @@ -108,6 +108,7 @@ openvswitch (2.6.0-1) unstable; urgency=low
>   * Flow based tunnel match and action can be used for IPv6 address
> using
> tun_ipv6_src, tun_ipv6_dst fields.
>   * Added support for IPv6 tunnels, for details checkout FAQ.
> + * Deprecated support for IPsec tunnels ports.
> - A wrapper script, 'ovs-tcpdump', to easily port-mirror an OVS port
> and
>   watch with tcpdump
> - Introduce --no-self-confinement flag that allows daemons to work with
> diff --git a/debian/control b/debian/control
> index 6e704f1..da86fe9 100644
> --- a/debian/control
> +++ b/debian/control
> @@ -200,6 +200,7 @@ Description: Open vSwitch GRE-over-IPsec support
>   .
>   The ovs-monitor-ipsec script provides support for encrypting GRE
>   tunnels with IPsec.
> + IPsec tunnels support is deprecated.
>
>  Package: openvswitch-pki
>  Architecture: all
> diff --git a/lib/netdev-vport.c b/lib/netdev-vport.c
> index 8d22cf5..ac31da6 100755
> --- a/lib/netdev-vport.c
> +++ b/lib/netdev-vport.c
> @@ -543,6 +543,8 @@ set_tunnel_config(struct netdev *dev_, const struct
> smap *args)
>  static struct ovs_mutex mutex = OVS_MUTEX_INITIALIZER;
>  static pid_t pid = 0;
>
> +VLOG_ERR("%s: OVS IPsec tunnel support is deprecated.", name);
> +
>  #ifndef _WIN32
>  ovs_mutex_lock();
>  if (pid <= 0) {
> diff --git a/vswitchd/vswitch.xml b/vswitchd/vswitch.xml
> index e73023d..6381cc8 100644
> --- a/vswitchd/vswitch.xml
> +++ b/vswitchd/vswitch.xml
> @@ -2008,6 +2008,9 @@
>
>  An Ethernet over RFC 2890 Generic Routing Encapsulation over
> IPv4/IPv6
>  IPsec tunnel.
> +IPsec tunnel port are deprecated. The support will be
> completely
>


Here is a small typo that you may want to fix "tunnel port*s* are". Just
squash it in and push.

Acked-by: Ansis Atteka 
___
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev