Re: [ovs-dev] [PATCH v2] ovs-monitor-ipsec: Detect correctly IPSEC configuration changes

Thu, 08 Mar 2012 19:22:52 -0800 

Looks good to me, thanks.

Ethan

On Thu, Mar 8, 2012 at 19:18, Ansis Atteka <aatt...@nicira.com> wrote:
> If Open vSwitch has IPSEC tunnel (with certificates) and Interface
> table was updated, then ovs-monitor-ipsec daemon would incorrectly
> remove and readd all existing IPSEC tunnels.
>
> The root cause for this issue was that "peer_cert_file" key was present in
> interfaces dictionary, but it was missing in new_interfaces dictionary.
>
> v2: Do not fail buildtests
>
> Signed-off-by: Ansis Atteka <aatt...@nicira.com>
> Reported-by: Niklas Andersson <nanders...@nicira.com>
> ---
>  debian/ovs-monitor-ipsec |    7 +++----
>  1 files changed, 3 insertions(+), 4 deletions(-)
>
> diff --git a/debian/ovs-monitor-ipsec b/debian/ovs-monitor-ipsec
> index 9707082..981f0a2 100755
> --- a/debian/ovs-monitor-ipsec
> +++ b/debian/ovs-monitor-ipsec
> @@ -216,13 +216,10 @@ path certificate "%s";
>
>         # The peer's certificate comes to us in PEM format as a string.
>         # Write that string to a file for Racoon to use.
> -        peer_cert_file = "%s/ovs-%s.pem" % (self.cert_dir, host)
> -        f = open(root_prefix + peer_cert_file, "w")
> +        f = open(root_prefix + vals["peer_cert_file"], "w")
>         f.write(vals["peer_cert"])
>         f.close()
>
> -        vals["peer_cert_file"] = peer_cert_file
> -
>         self.cert_hosts[host] = vals
>         self.commit()
>
> @@ -467,6 +464,7 @@ def main():
>             if rec.type == "ipsec_gre":
>                 name = rec.name
>                 options = rec.options
> +                peer_cert_name = "ovs-%s.pem" % (options.get("remote_ip"))
>                 entry = {
>                     "remote_ip": options.get("remote_ip"),
>                     "local_ip": options.get("local_ip", "0.0.0.0/0"),
> @@ -474,6 +472,7 @@ def main():
>                     "private_key": options.get("private_key"),
>                     "use_ssl_cert": options.get("use_ssl_cert"),
>                     "peer_cert": options.get("peer_cert"),
> +                    "peer_cert_file": Racoon.cert_dir + "/" + peer_cert_name,
>                     "psk": options.get("psk")}
>
>                 if entry["peer_cert"] and entry["psk"]:
> --
> 1.7.9
>
> _______________________________________________
> dev mailing list
> dev@openvswitch.org
> http://openvswitch.org/mailman/listinfo/dev
_______________________________________________
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev

Reply via email to