[ovs-dev] [PATCH 0/3] IPsec support for tunneling

Qiuyu Xiao qiuyu.xiao.qyx at gmail.com
Wed Jun 27 20:16:52 UTC 2018


Hi Aaron,

I made some changes to the interface of the ovs-monitor-ipsec
configuration, that is why the tests all failed. I am waiting for Ansis'
review for the patch. If he agrees the change, I will change the test
script as well. That will fix this.

BTW, 0-day robot is really cool! Sorry to trigger so many complaints.

Regards,
Qiuyu

On Wed, Jun 27, 2018 at 12:41 PM, Aaron Conole <aconole at redhat.com> wrote:

> Qiuyu Xiao <qiuyu.xiao.qyx at gmail.com> writes:
>
> > This patch series reintroduce IPsec support for OVS tunneling and adds
> new
> > features to prepare for the OVN IPsec support. The new features are:
> >
> > 1) Add CA-cert based authentication support to ovs-monitor-ipsec.
> > 2) Enable ovs-pki to generate x.509 version 3 certificate.
> >
> > Ansis Atteka (1):
> >   ipsec: reintroduce IPsec support for tunneling
> >
> > Qiuyu Xiao (2):
> >   ipsec: add CA-cert based authentication
> >   ovs-pki: generate x.509 v3 certificate
>
> When the bot tested this, all of the IPSec tests failed.  I had disabled
> the bot's report to the list.
>
> ovs-monitor-ipsec (XFRM)
>
> 876: Parse "ip xfrm policy" output                   FAILED (
> ovs-monitor-ipsec.at:145)
> 877: Parse "ip xfrm state" output                    FAILED (
> ovs-monitor-ipsec.at:175)
>
> ovs-monitor-ipsec (strongSwan)
>
> 878: Ignore non-IPsec tunnels                        FAILED (
> ovs-monitor-ipsec.at:195)
> 879: Parse "ipsec status" output                     FAILED (
> ovs-monitor-ipsec.at:226)
> 880: ipsec_gre with PSK authentication               FAILED (
> ovs-monitor-ipsec.at:243)
> 881: ipsec_stt with PSK authentication               FAILED (
> ovs-monitor-ipsec.at:317)
> 882: ipsec_geneve with PSK authentication            FAILED (
> ovs-monitor-ipsec.at:400)
> 883: ipsec_vxlan with PSK authentication             FAILED (
> ovs-monitor-ipsec.at:483)
> 884: ipsec_gre with PKI authentication (use_ssl_cert) FAILED (
> ovs-monitor-ipsec.at:570)
> 885: ipsec_gre with PKI authentication               FAILED (
> ovs-monitor-ipsec.at:649)
> 886: ipsec_gre and ipsec_stt to two different hosts  FAILED (
> ovs-monitor-ipsec.at:727)
> 887: ipsec_gre and ipsec_stt to the same host        FAILED (
> ovs-monitor-ipsec.at:816)
> 888: Sequence of IPsec tunnel reconfiguration events FAILED (
> ovs-monitor-ipsec.at:907)
>
> I have the complete dist directory saved off (which includes the
> testsuite.dir) if you'd like to see it.
>
> >  Documentation/automake.mk        |    1 +
> >  Documentation/howto/index.rst    |    1 +
> >  Documentation/howto/ipsec.rst    |  259 +++++++
> >  Makefile.am                      |    1 +
> >  debian/automake.mk               |    3 +
> >  debian/control                   |   21 +
> >  debian/openvswitch-ipsec.dirs    |    1 +
> >  debian/openvswitch-ipsec.init    |  189 ++++++
> >  debian/openvswitch-ipsec.install |    1 +
> >  ipsec/automake.mk                |    9 +
> >  ipsec/ovs-monitor-ipsec          |  763 +++++++++++++++++++++
> >  tests/automake.mk                |    1 +
> >  tests/ovs-monitor-ipsec.at       | 1076 ++++++++++++++++++++++++++++++
> >  tests/testsuite.at               |    1 +
> >  utilities/ovs-pki.in             |   18 +-
> >  vswitchd/vswitch.xml             |   83 ++-
> >  16 files changed, 2421 insertions(+), 7 deletions(-)
> >  create mode 100644 Documentation/howto/ipsec.rst
> >  create mode 100644 debian/openvswitch-ipsec.dirs
> >  create mode 100644 debian/openvswitch-ipsec.init
> >  create mode 100644 debian/openvswitch-ipsec.install
> >  create mode 100644 ipsec/automake.mk
> >  create mode 100755 ipsec/ovs-monitor-ipsec
> >  create mode 100644 tests/ovs-monitor-ipsec.at
>


More information about the dev mailing list