[ovs-dev] [PATCH 1/2] netdev-vport: Don't create port when ovs-monitor-ipsec not running.
Justin Pettit
jpettit at nicira.com
Mon Mar 14 20:47:15 UTC 2011
It was suggested by Jesse that it would be better to just not create
IPsec tunnel devices if the ovs-monitor-ipsec daemon is not running. He
had legitimate concerns about users missing the warning message printed
and traffic possibly going out unencrypted.
Suggested-by: Jesse Gross <jesse at nicira.com>
---
lib/netdev-vport.c | 10 ++++++----
1 files changed, 6 insertions(+), 4 deletions(-)
diff --git a/lib/netdev-vport.c b/lib/netdev-vport.c
index 875bf71..8715109 100644
--- a/lib/netdev-vport.c
+++ b/lib/netdev-vport.c
@@ -720,11 +720,13 @@ parse_tunnel_config(const char *name, const char *type,
if (is_ipsec) {
char *file_name = xasprintf("%s/%s", ovs_rundir(),
"ovs-monitor-ipsec.pid");
- if (read_pidfile(file_name) < 0) {
- VLOG_WARN("%s: ovs-monitor-ipsec doesn't appear to be running, "
- "traffic may not pass", name);
- }
+ pid_t pid = read_pidfile(file_name);
free(file_name);
+ if (pid < 0) {
+ VLOG_WARN("%s: IPsec requires the ovs-monitor-ipsec daemon",
+ name);
+ return EINVAL;
+ }
if (shash_find(args, "peer_cert") && shash_find(args, "psk")) {
VLOG_WARN("%s: cannot define both 'peer_cert' and 'psk'", name);
--
1.7.1
More information about the dev
mailing list