From: Justin Pettit Date: Tue, 18 Jan 2011 08:01:24 +0000 (-0800) Subject: ovs-monitor-ipsec: Use "require" when adding SPD entries. X-Git-Url: https://pintos-os.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f916d1ccdc02843d1564c9c227b3b8aead8b3a06;p=openvswitch ovs-monitor-ipsec: Use "require" when adding SPD entries. Previously, SPD entries were added with a level of "default". This uses the system-wide default for the protocol when processing a matching packet. Switch the level to "require" so that a SA is always used when sending the packet. --- diff --git a/debian/ovs-monitor-ipsec b/debian/ovs-monitor-ipsec index 07ad3982..12ff9f5f 100755 --- a/debian/ovs-monitor-ipsec +++ b/debian/ovs-monitor-ipsec @@ -317,9 +317,9 @@ class IPsec: self.call_setkey("spdflush;") def spd_add(self, local_ip, remote_ip): - cmds = ("spdadd %s %s gre -P out ipsec esp/transport//default;\n" % + cmds = ("spdadd %s %s gre -P out ipsec esp/transport//require;\n" % (local_ip, remote_ip)) - cmds += ("spdadd %s %s gre -P in ipsec esp/transport//default;" % + cmds += ("spdadd %s %s gre -P in ipsec esp/transport//require;" % (remote_ip, local_ip)) self.call_setkey(cmds)