[ovs-dev] [PATCH 1/4] ovs-monitor-ipsec: Fix active connection regex
Mark Gray
mark.d.gray at redhat.com
Wed Dec 16 12:04:32 UTC 2020
Connections are added to IPsec using a connection name
that is determined from the OVS port name and the tunnel
type.
GRE connections take the form:
<iface>-<ver>
Other connections take the form:
<iface>-in-<ver>
<iface>-out-<ver>
The regex '|' operator parses strings left to right looking
for the first match that it can find. '.*' is also greedy. This
causes incorrect interface names to be parsed from active
connections as other tunnel types are parsed as type
GRE. This gives unexpected "is outdated" warnings and the
connection is torn down.
For example,
'ovn-424242-in-1' will produce an incorrect interface name of
'ovn-424242-in' instead of 'ovn-424242'.
There are a number of ways this could be resolved including
a cleverer regular expression, or re.findall(). However, this
approach was taken as it simplifies the code easing maintainability.
Signed-off-by: Mark Gray <mark.d.gray at redhat.com>
---
ipsec/ovs-monitor-ipsec.in | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/ipsec/ovs-monitor-ipsec.in b/ipsec/ovs-monitor-ipsec.in
index b84608a55d8a..1793088d9be1 100755
--- a/ipsec/ovs-monitor-ipsec.in
+++ b/ipsec/ovs-monitor-ipsec.in
@@ -625,7 +625,10 @@ conn prevent_unencrypted_vxlan
continue
conn = m.group(1)
- m = re.match(r"(.*)(-in-\d+|-out-\d+|-\d+)", conn)
+ m = re.match(r"(.*)(-in-\d+|-out-\d+)", conn)
+ if not m:
+ # GRE connections have format <iface>-<ver>
+ m = re.match(r"(.*)(-\d+)", conn)
if not m:
continue
--
2.26.2
More information about the dev
mailing list