[ovs-dev] [PATCH 6/6] vswitch: Add support for IPsec certificate authentication.
Justin Pettit
jpettit at nicira.com
Thu Dec 23 17:38:15 UTC 2010
On Dec 23, 2010, at 9:28 AM, Ben Pfaff wrote:
> On Wed, Dec 22, 2010 at 06:21:24PM -0800, Justin Pettit wrote:
>>
>> Yes, this is a weakness. I had already checked with our controller
>> team, and it's not a problem with how they set up ports. I have it on
>> my to-do list to fix, so I'll try to get that cleaned up before too
>> long.
>
> Isn't it an easy fix? Change:
> # Configuration for this host already exists. If
> # it has changed, this is an error.
> if vals != orig_vals:
> s_log.warning("configuration changed for %s, need to delete "
> "interface first" % name)
> continue
> to:
> ipsec.del_entry(vals["local_ip"], vals["remote_ip"])
>
> Maybe there's more to it than that?
Yeah, that occurred to me last night, and I was planning to add it before I pushed. I think an older design had issues with that, but it should be fine now.
Thanks,
--Justin
More information about the dev
mailing list