netdev-linux: Use "read", not "recv", for tap devices.

[sliver-openvswitch.git] / debian / ovs-monitor-ipsec

diff --git a/debian/ovs-monitor-ipsec b/debian/ovs-monitor-ipsec
index f7bdf1d..9707082 100755 (executable)
--- a/debian/ovs-monitor-ipsec
+++ b/debian/ovs-monitor-ipsec
@@ -399,11 +399,13 @@ def update_ipsec(ipsec, interfaces, new_interfaces):
         orig_vals = interfaces.get(name)
         if orig_vals:
             # Configuration for this host already exists.  Check if it's
-            # changed.
-            if vals == orig_vals:
-                continue
-            else:
+            # changed.  We use set difference, since we want to ignore
+            # any local additions to "orig_vals" that we've made
+            # (e.g. the "peer_cert_file" key).
+            if set(vals.items()) - set(orig_vals.items()):
                 ipsec.del_entry(vals["local_ip"], vals["remote_ip"])
+            else:
+                continue
 
         try:
             ipsec.add_entry(vals["local_ip"], vals["remote_ip"], vals)
@@ -413,9 +415,10 @@ def update_ipsec(ipsec, interfaces, new_interfaces):
 
 def get_ssl_cert(data):
     for ovs_rec in data["Open_vSwitch"].rows.itervalues():
-        ssl = ovs_rec.ssl
-        if ssl and ssl.certificate and ssl.private_key:
-            return (ssl.certificate, ssl.private_key)
+        if ovs_rec.ssl:
+            ssl = ovs_rec.ssl[0]
+            if ssl.certificate and ssl.private_key:
+                return (ssl.certificate, ssl.private_key)
 
     return None