[ovs-dev] [PATCH 3/6] debian: Don't require ipsec_local_ip to configure IPsec

Justin Pettit jpettit at nicira.com
Wed Dec 22 08:04:31 UTC 2010


Commit e97a103 (Open vSwitch: ovs-monitor-ipsec: Add ability to traverse
NATs) removed the requirement that the "ipsec_local_ip" key must be set
to use IPsec, but other code and documentation was not updated to
reflect this.  This commit does that.
---
 lib/netdev-vport.c   |    5 +----
 vswitchd/vswitch.xml |   13 +++----------
 2 files changed, 4 insertions(+), 14 deletions(-)

diff --git a/lib/netdev-vport.c b/lib/netdev-vport.c
index 5566289..13b1d93 100644
--- a/lib/netdev-vport.c
+++ b/lib/netdev-vport.c
@@ -436,7 +436,6 @@ parse_tunnel_config(const struct netdev_dev *dev, const struct shash *args,
     bool is_gre = !strcmp(type, "gre");
     struct tnl_port_config config;
     struct shash_node *node;
-    bool ipsec_ip_set = false;
     bool ipsec_mech_set = false;
 
     memset(&config, 0, sizeof config);
@@ -502,8 +501,6 @@ parse_tunnel_config(const struct netdev_dev *dev, const struct shash *args,
             if (!strcmp(node->data, "false")) {
                 config.flags &= ~TNL_F_HDR_CACHE;
             }
-        } else if (!strcmp(node->name, "ipsec_local_ip")) {
-            ipsec_ip_set = true;
         } else if (!strcmp(node->name, "ipsec_cert")
                    || !strcmp(node->name, "ipsec_psk")) {
             ipsec_mech_set = true;
@@ -515,7 +512,7 @@ parse_tunnel_config(const struct netdev_dev *dev, const struct shash *args,
 
    /* IPsec doesn't work when header caching is enabled.  Disable it if the
     * IPsec local IP address and authentication mechanism have been defined. */
-    if (ipsec_ip_set && ipsec_mech_set) {
+    if (ipsec_mech_set) {
         VLOG_INFO("%s: header caching disabled due to use of IPsec", name);
         config.flags &= ~TNL_F_HDR_CACHE;
     }
diff --git a/vswitchd/vswitch.xml b/vswitchd/vswitch.xml
index 7b7a1ac..2f1a2b0 100644
--- a/vswitchd/vswitch.xml
+++ b/vswitchd/vswitch.xml
@@ -938,22 +938,15 @@
 
       <column name="other_config">
         Key-value pairs for rarely used interface features.  Currently,
-        the only keys are for configuring GRE-over-IPsec, which is only
+        the only key is for configuring GRE-over-IPsec, which is only
         available through the <code>openvswitch-ipsec</code> package for
-        Debian.  The currently defined key-value pairs are:
+        Debian.  The currently defined key-value pair is:
         <dl>
-          <dt><code>ipsec_local_ip</code></dt>
-          <dd>Required key for GRE-over-IPsec interfaces.  Additionally,
-            the <ref column="type"/> must be <code>gre</code> and the
-            <code>ipsec_psk</code> <ref column="other_config"/> key must
-            be set.  The <code>in_key</code>, <code>out_key</code>, and
-            <code>key</code> <ref column="options"/> must not be
-            set.</dd>
           <dt><code>ipsec_psk</code></dt>
           <dd>Required key for GRE-over-IPsec interfaces.  Specifies a
             pre-shared key for authentication that must be identical on
             both sides of the tunnel.  Additionally, the
-            <code>ipsec_local_ip</code> key must also be set.</dd>
+            <ref column="type"/> must be <code>gre</code>.</dd>
         </dl>
       </column>
 
-- 
1.7.1





More information about the dev mailing list