- SHASH_FOR_EACH (node, args) {
- if (!strcmp(node->name, "remote_ip")) {
- struct in_addr in_addr;
- if (lookup_ip(node->data, &in_addr)) {
- VLOG_WARN("%s: bad %s 'remote_ip'", name, type);
- } else {
- config.daddr = in_addr.s_addr;
- }
- } else if (!strcmp(node->name, "local_ip")) {
- struct in_addr in_addr;
- if (lookup_ip(node->data, &in_addr)) {
- VLOG_WARN("%s: bad %s 'local_ip'", name, type);
- } else {
- config.saddr = in_addr.s_addr;
- }
- } else if (!strcmp(node->name, "key") && is_gre) {
- if (!strcmp(node->data, "flow")) {
- config.flags |= TNL_F_IN_KEY_MATCH;
- config.flags |= TNL_F_OUT_KEY_ACTION;
- } else {
- uint64_t key = strtoull(node->data, NULL, 0);
- config.out_key = config.in_key = htonll(key);
- }
- } else if (!strcmp(node->name, "in_key") && is_gre) {
- if (!strcmp(node->data, "flow")) {
- config.flags |= TNL_F_IN_KEY_MATCH;
- } else {
- config.in_key = htonll(strtoull(node->data, NULL, 0));
- }
- } else if (!strcmp(node->name, "out_key") && is_gre) {
- if (!strcmp(node->data, "flow")) {
- config.flags |= TNL_F_OUT_KEY_ACTION;
- } else {
- config.out_key = htonll(strtoull(node->data, NULL, 0));
- }
- } else if (!strcmp(node->name, "tos")) {
- if (!strcmp(node->data, "inherit")) {
- config.flags |= TNL_F_TOS_INHERIT;
- } else {
- config.tos = atoi(node->data);
- }
- } else if (!strcmp(node->name, "ttl")) {
- if (!strcmp(node->data, "inherit")) {
- config.flags |= TNL_F_TTL_INHERIT;
- } else {
- config.ttl = atoi(node->data);
- }
- } else if (!strcmp(node->name, "csum") && is_gre) {
- if (!strcmp(node->data, "true")) {
- config.flags |= TNL_F_CSUM;
- }
- } else if (!strcmp(node->name, "pmtud")) {
- if (!strcmp(node->data, "false")) {
- config.flags &= ~TNL_F_PMTUD;
- }
- } else if (!strcmp(node->name, "header_cache")) {
- if (!strcmp(node->data, "false")) {
- config.flags &= ~TNL_F_HDR_CACHE;
- }
- } else if (!strcmp(node->name, "peer_cert") && is_ipsec) {
- if (shash_find(args, "certificate")) {
- ipsec_mech_set = true;
- } else {
- const char *use_ssl_cert;
-
- /* If the "use_ssl_cert" is true, then "certificate" and
- * "private_key" will be pulled from the SSL table. The
- * use of this option is strongly discouraged, since it
- * will like be removed when multiple SSL configurations
- * are supported by OVS.
- */
- use_ssl_cert = shash_find_data(args, "use_ssl_cert");
- if (!use_ssl_cert || strcmp(use_ssl_cert, "true")) {
- VLOG_WARN("%s: 'peer_cert' requires 'certificate' argument",
- name);
- return EINVAL;
- }
- ipsec_mech_set = true;
- }
- } else if (!strcmp(node->name, "psk") && is_ipsec) {
- ipsec_mech_set = true;
- } else if (is_ipsec
- && (!strcmp(node->name, "certificate")
- || !strcmp(node->name, "private_key")
- || !strcmp(node->name, "use_ssl_cert"))) {
- /* Ignore options not used by the netdev. */
- } else {
- VLOG_WARN("%s: unknown %s argument '%s'",
- name, type, node->name);
- }
- }
-
- if (is_ipsec) {
- if (shash_find(args, "peer_cert") && shash_find(args, "psk")) {
- VLOG_WARN("%s: cannot define both 'peer_cert' and 'psk'", name);
- return EINVAL;
- }
-
- if (!ipsec_mech_set) {
- VLOG_WARN("%s: IPsec requires an 'peer_cert' or psk' argument",
- name);
- return EINVAL;
- }
- }