[ovs-dev] [PATCH] ovs-monitor-ipsec: Don't reconfigure cert-based authentication as often.
Justin Pettit
jpettit at nicira.com
Tue Jan 10 18:23:10 UTC 2012
On Jan 10, 2012, at 9:45 AM, Ben Pfaff wrote:
> On Mon, Jan 09, 2012 at 06:54:34PM -0800, Justin Pettit wrote:
>> ovs-monitor-ipsec wakes up when the Interface table is modified. To
>> prevent needless reconfiguration, it maintains a dictionary of the
>> currently implemented configuration and compares it to any new changes.
>> Unfortunately, for certificate-based authentication we create a new
>> "peer_cert_file" key in our local dictionary, which always causes the
>> comparison to fail. This forces expensive renegotiation for any change
>> in the Interface tables. This commit uses set difference to detect
>> changes from the previous configuration as opposed to a straight simple
>> comparison.
>>
>> Bug #9103
>>
>> Signed-off-by: Justin Pettit <jpettit at nicira.com>
>
> I had to think about the set logic for a minute but in the end I
> decided that this was correct.
Thanks, Ben and Reid. I pushed this.
--Justin
More information about the dev
mailing list