netdev-vport: Don't create port when ovs-monitor-ipsec not running.

[sliver-openvswitch.git] / lib / netdev-vport.c

diff --git a/lib/netdev-vport.c b/lib/netdev-vport.c
index c6d4db8..8715109 100644 (file)
--- a/lib/netdev-vport.c
+++ b/lib/netdev-vport.c
@@ -26,6 +26,8 @@
 #include <sys/ioctl.h>
 
 #include "byte-order.h"
+#include "daemon.h"
+#include "dirs.h"
 #include "dpif-linux.h"
 #include "hash.h"
 #include "hmap.h"
@@ -706,8 +708,8 @@ parse_tunnel_config(const char *name, const char *type,
                     || !strcmp(node->name, "private_key")
                     || !strcmp(node->name, "use_ssl_cert"))) {
             /* Ignore options not used by the netdev. */
-        } else if (is_gre && (!strcmp(node->name, "key") &&
-                              !strcmp(node->name, "in_key") &&
+        } else if (is_gre && (!strcmp(node->name, "key") ||
+                              !strcmp(node->name, "in_key") ||
                               !strcmp(node->name, "out_key"))) {
             /* Handled separately below. */
         } else {
@@ -716,6 +718,16 @@ parse_tunnel_config(const char *name, const char *type,
     }
 
     if (is_ipsec) {
+        char *file_name = xasprintf("%s/%s", ovs_rundir(),
+                "ovs-monitor-ipsec.pid");
+        pid_t pid = read_pidfile(file_name);
+        free(file_name);
+        if (pid < 0) {
+            VLOG_WARN("%s: IPsec requires the ovs-monitor-ipsec daemon",
+                    name);
+            return EINVAL;
+        }
+
         if (shash_find(args, "peer_cert") && shash_find(args, "psk")) {
             VLOG_WARN("%s: cannot define both 'peer_cert' and 'psk'", name);
             return EINVAL;