bool is_gre = !strcmp(type, "gre");
struct tnl_port_config config;
struct shash_node *node;
- bool ipsec_ip_set = false;
bool ipsec_mech_set = false;
memset(&config, 0, sizeof config);
if (!strcmp(node->data, "false")) {
config.flags &= ~TNL_F_HDR_CACHE;
}
- } else if (!strcmp(node->name, "ipsec_local_ip")) {
- ipsec_ip_set = true;
} else if (!strcmp(node->name, "ipsec_cert")
|| !strcmp(node->name, "ipsec_psk")) {
ipsec_mech_set = true;
/* IPsec doesn't work when header caching is enabled. Disable it if the
* IPsec local IP address and authentication mechanism have been defined. */
- if (ipsec_ip_set && ipsec_mech_set) {
+ if (ipsec_mech_set) {
VLOG_INFO("%s: header caching disabled due to use of IPsec", name);
config.flags &= ~TNL_F_HDR_CACHE;
}
<column name="other_config">
Key-value pairs for rarely used interface features. Currently,
- the only keys are for configuring GRE-over-IPsec, which is only
+ the only key is for configuring GRE-over-IPsec, which is only
available through the <code>openvswitch-ipsec</code> package for
- Debian. The currently defined key-value pairs are:
+ Debian. The currently defined key-value pair is:
<dl>
- <dt><code>ipsec_local_ip</code></dt>
- <dd>Required key for GRE-over-IPsec interfaces. Additionally,
- the <ref column="type"/> must be <code>gre</code> and the
- <code>ipsec_psk</code> <ref column="other_config"/> key must
- be set. The <code>in_key</code>, <code>out_key</code>, and
- <code>key</code> <ref column="options"/> must not be
- set.</dd>
<dt><code>ipsec_psk</code></dt>
<dd>Required key for GRE-over-IPsec interfaces. Specifies a
pre-shared key for authentication that must be identical on
both sides of the tunnel. Additionally, the
- <code>ipsec_local_ip</code> key must also be set.</dd>
+ <ref column="type"/> must be <code>gre</code>.</dd>
</dl>
</column>
projects / openvswitch / commitdiff