[ovs-dev] [PATCH 6/6] vswitch: Add support for IPsec certificate authentication.

Justin Pettit jpettit at nicira.com
Thu Dec 23 17:38:15 UTC 2010


On Dec 23, 2010, at 9:28 AM, Ben Pfaff wrote:

> On Wed, Dec 22, 2010 at 06:21:24PM -0800, Justin Pettit wrote:
>> 
>> Yes, this is a weakness.  I had already checked with our controller
>> team, and it's not a problem with how they set up ports.  I have it on
>> my to-do list to fix, so I'll try to get that cleaned up before too
>> long.
> 
> Isn't it an easy fix?  Change:
>            # Configuration for this host already exists.  If
>            # it has changed, this is an error.
>            if vals != orig_vals:
>                s_log.warning("configuration changed for %s, need to delete "
>                        "interface first" % name)
>            continue
> to:
>            ipsec.del_entry(vals["local_ip"], vals["remote_ip"])
> 
> Maybe there's more to it than that?

Yeah, that occurred to me last night, and I was planning to add it before I pushed.  I think an older design had issues with that, but it should be fine now.

Thanks,

--Justin






More information about the dev mailing list