From: Justin Pettit <jpettit@nicira.com>
Date: Mon, 14 Mar 2011 20:15:25 +0000 (-0700)
Subject: netdev-vport: Don't create port when ovs-monitor-ipsec not running.
X-Git-Url: https://pintos-os.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e7009c364026d69381cdda23941f99ff040d4948;p=openvswitch

netdev-vport: Don't create port when ovs-monitor-ipsec not running.

It was suggested by Jesse that it would be better to just not create
IPsec tunnel devices if the ovs-monitor-ipsec daemon is not running.  He
had legitimate concerns about users missing the warning message printed
and traffic possibly going out unencrypted.

Suggested-by: Jesse Gross <jesse@nicira.com>
---

diff --git a/lib/netdev-vport.c b/lib/netdev-vport.c
index 875bf71c..8715109b 100644
--- a/lib/netdev-vport.c
+++ b/lib/netdev-vport.c
@@ -720,11 +720,13 @@ parse_tunnel_config(const char *name, const char *type,
     if (is_ipsec) {
         char *file_name = xasprintf("%s/%s", ovs_rundir(),
                 "ovs-monitor-ipsec.pid");
-        if (read_pidfile(file_name) < 0) {
-            VLOG_WARN("%s: ovs-monitor-ipsec doesn't appear to be running, "
-                    "traffic may not pass", name);
-        }
+        pid_t pid = read_pidfile(file_name);
         free(file_name);
+        if (pid < 0) {
+            VLOG_WARN("%s: IPsec requires the ovs-monitor-ipsec daemon",
+                    name);
+            return EINVAL;
+        }
 
         if (shash_find(args, "peer_cert") && shash_find(args, "psk")) {
             VLOG_WARN("%s: cannot define both 'peer_cert' and 'psk'", name);