[ovs-dev] [PATCH 4/6] vswitch: Use "ipsec_gre" vport instead of "gre" with "other_config"

Jesse Gross jesse at nicira.com
Wed Dec 22 23:29:14 UTC 2010


On Wed, Dec 22, 2010 at 3:04 AM, Justin Pettit <jpettit at nicira.com> wrote:
>                 if vals["ipsec_cert"]:
>                     ipsec.ipsec_cert_update(vals["local_ip"],
>                             vals["remote_ip"], vals["ipsec_cert"])
> -                elif vals["ipsec_psk"]:
> +                else vals["ipsec_psk"]:
>                     ipsec.ipsec_psk_update(vals["local_ip"],
>                             vals["remote_ip"], vals["ipsec_psk"])

Should that else still have vals["ipsec_psk"] after it?

> diff --git a/include/openvswitch/tunnel.h b/include/openvswitch/tunnel.h
> index d545e40..128d43b 100644
> --- a/include/openvswitch/tunnel.h
> +++ b/include/openvswitch/tunnel.h
> @@ -50,6 +50,7 @@
>  #define TNL_F_TTL_INHERIT      (1 << 5) /* Inherit the TTL from the inner packet. */
>  #define TNL_F_PMTUD            (1 << 6) /* Enable path MTU discovery. */
>  #define TNL_F_HDR_CACHE                (1 << 7) /* Enable tunnel header caching. */
> +#define TNL_F_IS_IPSEC         (1 << 8) /* Traffic is IPsec encrypted. */

TNL_F_IPSEC would be more consistent with the others and shorter.

>
>  /* This goes in the "config" member of struct odp_port for tunnel vports. */
>  struct tnl_port_config {
> diff --git a/lib/dpif-linux.c b/lib/dpif-linux.c
> index 870e03e..9ce4282 100644
> --- a/lib/dpif-linux.c
> +++ b/lib/dpif-linux.c
>  static void
> -translate_vport_type_to_netdev_type(char *type, size_t size)
> +translate_vport_type_to_netdev_type(struct odp_port *port)
>  {
> +    char *type = port->type;
> +
>     if (!strcmp(type, "netdev")) {
> -        ovs_strlcpy(type, "system", size);
> +        ovs_strlcpy(type, "system", sizeof port->type);
> +    } else if (!strcmp(type, "gre")) {
> +        struct tnl_port_config config;
> +
> +        memcpy(&config, port->config, sizeof config);

Again, I'm not sure why this is being copied.

> @@ -254,7 +268,7 @@ dpif_linux_port_add(struct dpif *dpif, struct netdev *netdev,
>     memset(&port, 0, sizeof port);
>     strncpy(port.devname, name, sizeof port.devname);
>     strncpy(port.type, type, sizeof port.type);
> -    translate_netdev_type_to_vport_type(port.type, sizeof port.type);
> +    translate_netdev_type_to_vport_type(&port);
>     netdev_vport_get_config(netdev, port.config);

Nothing needs this now but it might make sense to put the call to
netdev_vport_get_config() before the translate call.  This way we
don't have to worry about uninitialized memory if we need the config.

> diff --git a/lib/odp-util.c b/lib/odp-util.c
> index e1ea976..8aeb98d 100644
> --- a/lib/odp-util.c
> +++ b/lib/odp-util.c
> @@ -220,6 +220,7 @@ void
>  format_odp_port_type(struct ds *ds, const struct odp_port *p)
>  {
>     if (!strcmp(p->type, "gre")
> +            || !strcmp(p->type, "ipsec_gre")
>             || !strcmp(p->type, "capwap")) {
>         struct tnl_port_config config;

This won't properly translate the type to ipsec_gre.




More information about the dev mailing list