[ovs-dev] [PATCH] ovs-monitor-ipsec: Don't reconfigure cert-based authentication as often.
Reid Price
reid at nicira.com
Tue Jan 10 03:14:53 UTC 2012
Diff looks good to me. I assume that vals always contains every key you care about.
-Reid
On Jan 9, 2012, at 18:54, Justin Pettit <jpettit at nicira.com> wrote:
> ovs-monitor-ipsec wakes up when the Interface table is modified. To
> prevent needless reconfiguration, it maintains a dictionary of the
> currently implemented configuration and compares it to any new changes.
> Unfortunately, for certificate-based authentication we create a new
> "peer_cert_file" key in our local dictionary, which always causes the
> comparison to fail. This forces expensive renegotiation for any change
> in the Interface tables. This commit uses set difference to detect
> changes from the previous configuration as opposed to a straight simple
> comparison.
>
> Bug #9103
>
> Signed-off-by: Justin Pettit <jpettit at nicira.com>
> ---
> debian/ovs-monitor-ipsec | 10 ++++++----
> 1 files changed, 6 insertions(+), 4 deletions(-)
>
> diff --git a/debian/ovs-monitor-ipsec b/debian/ovs-monitor-ipsec
> index cb39aae..74646f3 100755
> --- a/debian/ovs-monitor-ipsec
> +++ b/debian/ovs-monitor-ipsec
> @@ -421,11 +421,13 @@ def update_ipsec(ipsec, interfaces, new_interfaces):
> orig_vals = interfaces.get(name)
> if orig_vals:
> # Configuration for this host already exists. Check if it's
> - # changed.
> - if vals == orig_vals:
> - continue
> - else:
> + # changed. We use set difference, since we want to ignore
> + # any local additions to "orig_vals" that we've made
> + # (e.g. the "peer_cert_file" key).
> + if set(vals.items()) - set(orig_vals.items()):
> ipsec.del_entry(vals["local_ip"], vals["remote_ip"])
> + else:
> + continue
>
> try:
> ipsec.add_entry(vals["local_ip"], vals["remote_ip"], vals)
> --
> 1.7.4.1
>
> _______________________________________________
> dev mailing list
> dev at openvswitch.org
> http://openvswitch.org/mailman/listinfo/dev
More information about the dev
mailing list