[ovs-dev] [PATCH] ovs-monitor-ipsec: Don't reconfigure cert-based authentication as often.

Justin Pettit jpettit at nicira.com
Tue Jan 10 18:23:10 UTC 2012


On Jan 10, 2012, at 9:45 AM, Ben Pfaff wrote:

> On Mon, Jan 09, 2012 at 06:54:34PM -0800, Justin Pettit wrote:
>> ovs-monitor-ipsec wakes up when the Interface table is modified.  To
>> prevent needless reconfiguration, it maintains a dictionary of the
>> currently implemented configuration and compares it to any new changes.
>> Unfortunately, for certificate-based authentication we create a new
>> "peer_cert_file" key in our local dictionary, which always causes the
>> comparison to fail.  This forces expensive renegotiation for any change
>> in the Interface tables.  This commit uses set difference to detect
>> changes from the previous configuration as opposed to a straight simple
>> comparison.
>> 
>> Bug #9103
>> 
>> Signed-off-by: Justin Pettit <jpettit at nicira.com>
> 
> I had to think about the set logic for a minute but in the end I
> decided that this was correct.

Thanks, Ben and Reid.  I pushed this.

--Justin





More information about the dev mailing list