From f916d1ccdc02843d1564c9c227b3b8aead8b3a06 Mon Sep 17 00:00:00 2001
From: Justin Pettit <jpettit@nicira.com>
Date: Tue, 18 Jan 2011 00:01:24 -0800
Subject: [PATCH] ovs-monitor-ipsec: Use "require" when adding SPD entries.

Previously, SPD entries were added with a level of "default".  This uses
the system-wide default for the protocol when processing a matching
packet.  Switch the level to "require" so that a SA is always used when
sending the packet.
---
 debian/ovs-monitor-ipsec | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/debian/ovs-monitor-ipsec b/debian/ovs-monitor-ipsec
index 07ad3982..12ff9f5f 100755
--- a/debian/ovs-monitor-ipsec
+++ b/debian/ovs-monitor-ipsec
@@ -317,9 +317,9 @@ class IPsec:
         self.call_setkey("spdflush;")
 
     def spd_add(self, local_ip, remote_ip):
-        cmds = ("spdadd %s %s gre -P out ipsec esp/transport//default;\n" %
+        cmds = ("spdadd %s %s gre -P out ipsec esp/transport//require;\n" %
                     (local_ip, remote_ip))
-        cmds += ("spdadd %s %s gre -P in ipsec esp/transport//default;" %
+        cmds += ("spdadd %s %s gre -P in ipsec esp/transport//require;" %
                     (remote_ip, local_ip))
         self.call_setkey(cmds)
 
-- 
2.30.2