[ovs-git] Open vSwitch: vswitch: Provide option to pull cert from SSL table (master)
dev at openvswitch.org
dev at openvswitch.org
Wed Dec 29 00:27:57 UTC 2010
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "Open vSwitch".
The branch, master has been updated
via ef7ee76a416cb9fa489651bb365d6f80673a1a82 (commit)
via d8eba262c73af89c2913ca88d6295d52fb8864f7 (commit)
via 3c52fa7b69609ca8fcfc8de7426f7ebbcba493eb (commit)
via fe4838bc70077fa8350b05cad77c7ce658ad2285 (commit)
via e16a28b5854823e2d67099d49f7690235162b555 (commit)
via 4c2fa71d662cde318940c4cd555aacd687538510 (commit)
via 0ae60917fcc827f69c6e12c2f1afd170178f5668 (commit)
via dd851cbbcc5a1b3c8ad5c10a47ddca1c510c1879 (commit)
from 5397a37788602c329b98de45a1dfdf899c7ea3b9 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit ef7ee76a416cb9fa489651bb365d6f80673a1a82
Diffs: http://openvswitch.org/cgi-bin/gitweb.cgi?p=openvswitch;a=commitdiff;h=ef7ee76a416cb9fa489651bb365d6f80673a1a82
Author: Justin Pettit <jpettit at nicira.com>
vswitch: Provide option to pull cert from SSL table
Introduce "use_ssl_cert" option to "ipsec_gre" interface types, which
will pull certificate and private key options from the SSL table. In
the future, multiple SSL entries will be supported through the
configuration database, so use of this option is strongly discouraged as
this "feature" will be retired.
commit d8eba262c73af89c2913ca88d6295d52fb8864f7
Diffs: http://openvswitch.org/cgi-bin/gitweb.cgi?p=openvswitch;a=commitdiff;h=d8eba262c73af89c2913ca88d6295d52fb8864f7
Author: Justin Pettit <jpettit at nicira.com>
debian: Require ipsec-tools version 0.8~alpha20101208.
There have been a number of important bug fixes since 0.8~alpha20090903,
so require at least the newer package.
commit 3c52fa7b69609ca8fcfc8de7426f7ebbcba493eb
Diffs: http://openvswitch.org/cgi-bin/gitweb.cgi?p=openvswitch;a=commitdiff;h=3c52fa7b69609ca8fcfc8de7426f7ebbcba493eb
Author: Justin Pettit <jpettit at nicira.com>
vswitch: Add support for IPsec certificate authentication.
Previously, it was possible to fake configuring the use of certificate
authentication for IPsec, but it really just used a static pre-shared key
behind the scenes. This commit publicly mentions certificate
authentication and finally does the real work behind the scenes.
commit fe4838bc70077fa8350b05cad77c7ce658ad2285
Diffs: http://openvswitch.org/cgi-bin/gitweb.cgi?p=openvswitch;a=commitdiff;h=fe4838bc70077fa8350b05cad77c7ce658ad2285
Author: Justin Pettit <jpettit at nicira.com>
vswitch: Remove unnecessary iface_get_options function
Since GRE-over-IPsec is a proper tunnel type and no longer configured
through "other_config", we can remove this function that folded an
interface's "other_confg" into "options".
commit e16a28b5854823e2d67099d49f7690235162b555
Diffs: http://openvswitch.org/cgi-bin/gitweb.cgi?p=openvswitch;a=commitdiff;h=e16a28b5854823e2d67099d49f7690235162b555
Author: Justin Pettit <jpettit at nicira.com>
vswitch: Use "ipsec_gre" vport instead of "gre" with "other_config"
Previously, a GRE-over-IPsec tunnel was created as an interface with a
"type" of "gre" and the "other_config" column with "ipsec_cert" or
"ipsec_psk" set. This could lead to a potential security problem if a user
intended to create a GRE-over-IPsec tunnel, but misconfigured the
"ipsec_*" config and created an unencrypted GRE tunnel.
This commit defines an "ipsec_gre" tunnel type, which should prevent
users from inadvertently establishing insecure tunnels.
commit 4c2fa71d662cde318940c4cd555aacd687538510
Diffs: http://openvswitch.org/cgi-bin/gitweb.cgi?p=openvswitch;a=commitdiff;h=4c2fa71d662cde318940c4cd555aacd687538510
Author: Justin Pettit <jpettit at nicira.com>
debian: Don't require ipsec_local_ip to configure IPsec
Commit e97a103 (Open vSwitch: ovs-monitor-ipsec: Add ability to traverse
NATs) removed the requirement that the "ipsec_local_ip" key must be set
to use IPsec, but other code and documentation was not updated to
reflect this. This commit does that.
commit 0ae60917fcc827f69c6e12c2f1afd170178f5668
Diffs: http://openvswitch.org/cgi-bin/gitweb.cgi?p=openvswitch;a=commitdiff;h=0ae60917fcc827f69c6e12c2f1afd170178f5668
Author: Justin Pettit <jpettit at nicira.com>
ovs-dpctl: Print extended information about vports.
When "ovs-dpctl show" is run, return additional information about the
port. For example, tunnel ports will print the remote_ip, local_ip, and
in_key when defined.
commit dd851cbbcc5a1b3c8ad5c10a47ddca1c510c1879
Diffs: http://openvswitch.org/cgi-bin/gitweb.cgi?p=openvswitch;a=commitdiff;h=dd851cbbcc5a1b3c8ad5c10a47ddca1c510c1879
Author: Justin Pettit <jpettit at nicira.com>
datapath: Return vport configuration when queried.
Additional configuration is passed down to the kernel in the "config"
array of an odp_port when a vport is created. This information is not
returned when a vport is queried, though. This information is useful
for debugging, since it may be used to distinguish ports based on
additional data, such as the peer in tunnels. In a forthcoming patch, it
will be essential to distinguish between plain GRE and GRE over IPsec.
Signed-off-by: Justin Pettit <jpettit at nicira.com>
Acked-by: Jesse Gross <jesse at nicira.com>
-----------------------------------------------------------------------
Summary of changes:
datapath/datapath.c | 1 +
datapath/tunnel.c | 9 +
datapath/tunnel.h | 1 +
datapath/vport-capwap.c | 1 +
datapath/vport-gre.c | 1 +
datapath/vport-netdev.h | 1 +
datapath/vport-patch.c | 71 +++++++--
datapath/vport.c | 16 ++
datapath/vport.h | 3 +
debian/control | 4 +-
debian/ovs-monitor-ipsec | 341 +++++++++++++++++++++++++++++++-----------
include/openvswitch/tunnel.h | 1 +
lib/dpif-linux.c | 28 +++-
lib/netdev-vport.c | 63 +++++++--
lib/odp-util.c | 30 ++++
lib/odp-util.h | 1 +
utilities/ovs-dpctl.c | 10 +-
vswitchd/bridge.c | 32 +----
vswitchd/vswitch.xml | 137 ++++++++++++++---
19 files changed, 574 insertions(+), 177 deletions(-)
hooks/post-receive
--
Open vSwitch
More information about the git
mailing list