-
-/* Returns true if 'nd_args' is equivalent to 'args', otherwise false.
- * Typically, 'nd_args' is the result of a call to unparse_tunnel_config()
- * and 'args' is the original definition of the port.
- *
- * IPsec key configuration is handled by an external program, so it is not
- * pushed down into the kernel module. Thus, when the "unparse_config"
- * method is called on an existing IPsec-based vport, a simple
- * comparison with the returned data will not match the original
- * configuration. This function ignores configuration about keys when
- * doing a comparison.
- */
-static bool
-config_equal_ipsec(const struct shash *nd_args, const struct shash *args)
-{
- struct shash tmp1, tmp2;
- bool result;
-
- smap_clone(&tmp1, nd_args);
- smap_clone(&tmp2, args);
-
- shash_find_and_delete(&tmp1, "psk");
- shash_find_and_delete(&tmp2, "psk");
- shash_find_and_delete(&tmp1, "peer_cert");
- shash_find_and_delete(&tmp2, "peer_cert");
- shash_find_and_delete(&tmp1, "certificate");
- shash_find_and_delete(&tmp2, "certificate");
- shash_find_and_delete(&tmp1, "private_key");
- shash_find_and_delete(&tmp2, "private_key");
- shash_find_and_delete(&tmp1, "use_ssl_cert");
- shash_find_and_delete(&tmp2, "use_ssl_cert");
-
- result = smap_equal(&tmp1, &tmp2);
- smap_destroy(&tmp1);
- smap_destroy(&tmp2);
-
- return result;
-}