[ovs-dev] [PATCH 3/6] debian: Don't require ipsec_local_ip to configure IPsec
Justin Pettit
jpettit at nicira.com
Wed Dec 22 08:04:31 UTC 2010
Commit e97a103 (Open vSwitch: ovs-monitor-ipsec: Add ability to traverse
NATs) removed the requirement that the "ipsec_local_ip" key must be set
to use IPsec, but other code and documentation was not updated to
reflect this. This commit does that.
---
lib/netdev-vport.c | 5 +----
vswitchd/vswitch.xml | 13 +++----------
2 files changed, 4 insertions(+), 14 deletions(-)
diff --git a/lib/netdev-vport.c b/lib/netdev-vport.c
index 5566289..13b1d93 100644
--- a/lib/netdev-vport.c
+++ b/lib/netdev-vport.c
@@ -436,7 +436,6 @@ parse_tunnel_config(const struct netdev_dev *dev, const struct shash *args,
bool is_gre = !strcmp(type, "gre");
struct tnl_port_config config;
struct shash_node *node;
- bool ipsec_ip_set = false;
bool ipsec_mech_set = false;
memset(&config, 0, sizeof config);
@@ -502,8 +501,6 @@ parse_tunnel_config(const struct netdev_dev *dev, const struct shash *args,
if (!strcmp(node->data, "false")) {
config.flags &= ~TNL_F_HDR_CACHE;
}
- } else if (!strcmp(node->name, "ipsec_local_ip")) {
- ipsec_ip_set = true;
} else if (!strcmp(node->name, "ipsec_cert")
|| !strcmp(node->name, "ipsec_psk")) {
ipsec_mech_set = true;
@@ -515,7 +512,7 @@ parse_tunnel_config(const struct netdev_dev *dev, const struct shash *args,
/* IPsec doesn't work when header caching is enabled. Disable it if the
* IPsec local IP address and authentication mechanism have been defined. */
- if (ipsec_ip_set && ipsec_mech_set) {
+ if (ipsec_mech_set) {
VLOG_INFO("%s: header caching disabled due to use of IPsec", name);
config.flags &= ~TNL_F_HDR_CACHE;
}
diff --git a/vswitchd/vswitch.xml b/vswitchd/vswitch.xml
index 7b7a1ac..2f1a2b0 100644
--- a/vswitchd/vswitch.xml
+++ b/vswitchd/vswitch.xml
@@ -938,22 +938,15 @@
<column name="other_config">
Key-value pairs for rarely used interface features. Currently,
- the only keys are for configuring GRE-over-IPsec, which is only
+ the only key is for configuring GRE-over-IPsec, which is only
available through the <code>openvswitch-ipsec</code> package for
- Debian. The currently defined key-value pairs are:
+ Debian. The currently defined key-value pair is:
<dl>
- <dt><code>ipsec_local_ip</code></dt>
- <dd>Required key for GRE-over-IPsec interfaces. Additionally,
- the <ref column="type"/> must be <code>gre</code> and the
- <code>ipsec_psk</code> <ref column="other_config"/> key must
- be set. The <code>in_key</code>, <code>out_key</code>, and
- <code>key</code> <ref column="options"/> must not be
- set.</dd>
<dt><code>ipsec_psk</code></dt>
<dd>Required key for GRE-over-IPsec interfaces. Specifies a
pre-shared key for authentication that must be identical on
both sides of the tunnel. Additionally, the
- <code>ipsec_local_ip</code> key must also be set.</dd>
+ <ref column="type"/> must be <code>gre</code>.</dd>
</dl>
</column>
--
1.7.1
More information about the dev
mailing list