[ovs-git] [openvswitch/ovs] 008414: ovs-monitor-ipsec: Fix active connection regex.

Mark Gray noreply at github.com
Tue Jan 5 20:13:24 UTC 2021


  Branch: refs/heads/branch-2.11
  Home:   https://github.com/openvswitch/ovs
  Commit: 008414b6f08b26213bcfce211437b39bbe695272
      https://github.com/openvswitch/ovs/commit/008414b6f08b26213bcfce211437b39bbe695272
  Author: Mark Gray <mark.d.gray at redhat.com>
  Date:   2021-01-05 (Tue, 05 Jan 2021)

  Changed paths:
    M ipsec/ovs-monitor-ipsec.in

  Log Message:
  -----------
  ovs-monitor-ipsec: Fix active connection regex.

Connections are added to IPsec using a connection name
that is determined from the OVS port name and the tunnel
type.

GRE connections take the form:
  <iface>-<ver>
Other connections take the form:
  <iface>-in-<ver>
  <iface>-out-<ver>

The regex '|' operator parses strings left to right looking
for the first match that it can find. '.*' is also greedy. This
causes incorrect interface names to be parsed from active
connections as other tunnel types are parsed as type
GRE. This gives unexpected "is outdated" warnings and the
connection is torn down.

For example,

'ovn-424242-in-1' will produce an incorrect interface name of
'ovn-424242-in' instead of 'ovn-424242'.

There are a number of ways this could be resolved including
a cleverer regular expression, or re.findall(). However, this
approach was taken as it simplifies the code easing maintainability.

Fixes: 22c5eafb6efa ("ipsec: reintroduce IPsec support for tunneling")
Reported-at: https://bugzilla.redhat.com/show_bug.cgi?id=1908789
Signed-off-by: Mark Gray <mark.d.gray at redhat.com>
Acked-by: Eelco Chaudron <echaudro at redhat.com>
Acked-by: Flavio Leitner <fbl at sysclose.org>
Signed-off-by: Ilya Maximets <i.maximets at ovn.org>




More information about the git mailing list