From 4c2fa71d662cde318940c4cd555aacd687538510 Mon Sep 17 00:00:00 2001 From: Justin Pettit Date: Mon, 29 Nov 2010 18:55:54 -0800 Subject: [PATCH] debian: Don't require ipsec_local_ip to configure IPsec Commit e97a103 (Open vSwitch: ovs-monitor-ipsec: Add ability to traverse NATs) removed the requirement that the "ipsec_local_ip" key must be set to use IPsec, but other code and documentation was not updated to reflect this. This commit does that. --- lib/netdev-vport.c | 5 +---- vswitchd/vswitch.xml | 13 +++---------- 2 files changed, 4 insertions(+), 14 deletions(-) diff --git a/lib/netdev-vport.c b/lib/netdev-vport.c index 55662890f..13b1d930c 100644 --- a/lib/netdev-vport.c +++ b/lib/netdev-vport.c @@ -436,7 +436,6 @@ parse_tunnel_config(const struct netdev_dev *dev, const struct shash *args, bool is_gre = !strcmp(type, "gre"); struct tnl_port_config config; struct shash_node *node; - bool ipsec_ip_set = false; bool ipsec_mech_set = false; memset(&config, 0, sizeof config); @@ -502,8 +501,6 @@ parse_tunnel_config(const struct netdev_dev *dev, const struct shash *args, if (!strcmp(node->data, "false")) { config.flags &= ~TNL_F_HDR_CACHE; } - } else if (!strcmp(node->name, "ipsec_local_ip")) { - ipsec_ip_set = true; } else if (!strcmp(node->name, "ipsec_cert") || !strcmp(node->name, "ipsec_psk")) { ipsec_mech_set = true; @@ -515,7 +512,7 @@ parse_tunnel_config(const struct netdev_dev *dev, const struct shash *args, /* IPsec doesn't work when header caching is enabled. Disable it if the * IPsec local IP address and authentication mechanism have been defined. */ - if (ipsec_ip_set && ipsec_mech_set) { + if (ipsec_mech_set) { VLOG_INFO("%s: header caching disabled due to use of IPsec", name); config.flags &= ~TNL_F_HDR_CACHE; } diff --git a/vswitchd/vswitch.xml b/vswitchd/vswitch.xml index b3f00752a..f78a57945 100644 --- a/vswitchd/vswitch.xml +++ b/vswitchd/vswitch.xml @@ -991,22 +991,15 @@ Key-value pairs for rarely used interface features. Currently, - the only keys are for configuring GRE-over-IPsec, which is only + the only key is for configuring GRE-over-IPsec, which is only available through the openvswitch-ipsec package for - Debian. The currently defined key-value pairs are: + Debian. The currently defined key-value pair is:
-
ipsec_local_ip
-
Required key for GRE-over-IPsec interfaces. Additionally, - the must be gre and the - ipsec_psk key must - be set. The in_key, out_key, and - key must not be - set.
ipsec_psk
Required key for GRE-over-IPsec interfaces. Specifies a pre-shared key for authentication that must be identical on both sides of the tunnel. Additionally, the - ipsec_local_ip key must also be set.
+ must be gre.
-- 2.43.0