From e7009c364026d69381cdda23941f99ff040d4948 Mon Sep 17 00:00:00 2001 From: Justin Pettit Date: Mon, 14 Mar 2011 13:15:25 -0700 Subject: [PATCH] netdev-vport: Don't create port when ovs-monitor-ipsec not running. It was suggested by Jesse that it would be better to just not create IPsec tunnel devices if the ovs-monitor-ipsec daemon is not running. He had legitimate concerns about users missing the warning message printed and traffic possibly going out unencrypted. Suggested-by: Jesse Gross --- lib/netdev-vport.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/lib/netdev-vport.c b/lib/netdev-vport.c index 875bf71c..8715109b 100644 --- a/lib/netdev-vport.c +++ b/lib/netdev-vport.c @@ -720,11 +720,13 @@ parse_tunnel_config(const char *name, const char *type, if (is_ipsec) { char *file_name = xasprintf("%s/%s", ovs_rundir(), "ovs-monitor-ipsec.pid"); - if (read_pidfile(file_name) < 0) { - VLOG_WARN("%s: ovs-monitor-ipsec doesn't appear to be running, " - "traffic may not pass", name); - } + pid_t pid = read_pidfile(file_name); free(file_name); + if (pid < 0) { + VLOG_WARN("%s: IPsec requires the ovs-monitor-ipsec daemon", + name); + return EINVAL; + } if (shash_find(args, "peer_cert") && shash_find(args, "psk")) { VLOG_WARN("%s: cannot define both 'peer_cert' and 'psk'", name); -- 2.30.2