From: Justin Pettit Date: Tue, 30 Nov 2010 02:55:54 +0000 (-0800) Subject: debian: Don't require ipsec_local_ip to configure IPsec X-Git-Url: https://pintos-os.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4c2fa71d662cde318940c4cd555aacd687538510;p=openvswitch debian: Don't require ipsec_local_ip to configure IPsec Commit e97a103 (Open vSwitch: ovs-monitor-ipsec: Add ability to traverse NATs) removed the requirement that the "ipsec_local_ip" key must be set to use IPsec, but other code and documentation was not updated to reflect this. This commit does that. --- diff --git a/lib/netdev-vport.c b/lib/netdev-vport.c index 55662890..13b1d930 100644 --- a/lib/netdev-vport.c +++ b/lib/netdev-vport.c @@ -436,7 +436,6 @@ parse_tunnel_config(const struct netdev_dev *dev, const struct shash *args, bool is_gre = !strcmp(type, "gre"); struct tnl_port_config config; struct shash_node *node; - bool ipsec_ip_set = false; bool ipsec_mech_set = false; memset(&config, 0, sizeof config); @@ -502,8 +501,6 @@ parse_tunnel_config(const struct netdev_dev *dev, const struct shash *args, if (!strcmp(node->data, "false")) { config.flags &= ~TNL_F_HDR_CACHE; } - } else if (!strcmp(node->name, "ipsec_local_ip")) { - ipsec_ip_set = true; } else if (!strcmp(node->name, "ipsec_cert") || !strcmp(node->name, "ipsec_psk")) { ipsec_mech_set = true; @@ -515,7 +512,7 @@ parse_tunnel_config(const struct netdev_dev *dev, const struct shash *args, /* IPsec doesn't work when header caching is enabled. Disable it if the * IPsec local IP address and authentication mechanism have been defined. */ - if (ipsec_ip_set && ipsec_mech_set) { + if (ipsec_mech_set) { VLOG_INFO("%s: header caching disabled due to use of IPsec", name); config.flags &= ~TNL_F_HDR_CACHE; } diff --git a/vswitchd/vswitch.xml b/vswitchd/vswitch.xml index b3f00752..f78a5794 100644 --- a/vswitchd/vswitch.xml +++ b/vswitchd/vswitch.xml @@ -991,22 +991,15 @@ Key-value pairs for rarely used interface features. Currently, - the only keys are for configuring GRE-over-IPsec, which is only + the only key is for configuring GRE-over-IPsec, which is only available through the openvswitch-ipsec package for - Debian. The currently defined key-value pairs are: + Debian. The currently defined key-value pair is:
-
ipsec_local_ip
-
Required key for GRE-over-IPsec interfaces. Additionally, - the must be gre and the - ipsec_psk key must - be set. The in_key, out_key, and - key must not be - set.
ipsec_psk
Required key for GRE-over-IPsec interfaces. Specifies a pre-shared key for authentication that must be identical on both sides of the tunnel. Additionally, the - ipsec_local_ip key must also be set.
+ must be gre.