On 23 Dec 2020, at 16:29, Eelco Chaudron wrote:
On 21 Dec 2020, at 14:12, Mark Gray wrote:
As 'ovs-vswitchd' does not understand IPsec tunnel options, it
gives a warning message. This can be safely suppressed.
Signed-off-by: Mark Gray
Reviewed and tested.
Acked-by: Eelco Chaudron
I
On 24/12/2020 08:19, Eelco Chaudron wrote:
>
>
> On 23 Dec 2020, at 16:29, Eelco Chaudron wrote:
>
>> On 21 Dec 2020, at 14:12, Mark Gray wrote:
>>
>>> As 'ovs-vswitchd' does not understand IPsec tunnel options, it
>>> gives a warning message. This can be safely suppressed.
>>>
>>> Signed-off-by
This patchset contains a number of fixes and
improvements to the OVS IPsec daemon.
Mark Gray (4):
ovs-monitor-ipsec: Fix active connection regex
ovs-ctl: Check for ovs-monitor-ipsec pidfile before exit
ovs-monitor-ipsec: Allow exit of ipsec daemon maintaining state
ovs-monitor-ipsec: Add o
Connections are added to IPsec using a connection name
that is determined from the OVS port name and the tunnel
type.
GRE connections take the form:
-
Other connections take the form:
-in-
-out-
The regex '|' operator parses strings left to right looking
for the first match that it can find
When 'ovs-monitor-ipsec' exits, it clears all persistent state (i.e.
active ipsec connections, /etc/ipsec.conf, certs/keys). In some
use-cases, we may want to exit and maintain state so that ipsec
connectivity is maintained. One example of this is during an
upgrade. This will require the caller to
Check for pidfile before attempting 'exit'. If pidfile does
not exist, we cannot cleanly exit so kill process.
Signed-off-by: Mark Gray
Acked-by: Eelco Chaudron
---
v2: Use 'stop_daemon'
utilities/ovs-ctl.in | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/utilities/ovs-c
Signed-off-by: Mark Gray
Acked-by: Eelco Chaudron
---
v2: Fixed all flake8 errors
ipsec/ovs-monitor-ipsec.in | 11 ---
utilities/ovs-ctl.in | 8
2 files changed, 16 insertions(+), 3 deletions(-)
diff --git a/ipsec/ovs-monitor-ipsec.in b/ipsec/ovs-monitor-ipsec.in
index
As 'ovs-vswitchd' does not understand IPsec tunnel options, it
gives a warning message. This can be safely suppressed.
Reported at: https://bugzilla.redhat.com/show_bug.cgi?id=1906701
Signed-off-by: Mark Gray
Acked-by: Eelco Chaudron
Acked-by: Flavio Leitner
---
v2: rebase
lib/netdev-vport.c
In the libreswan case, 'ovs-monitor-ipsec' sets
'left' to '%defaultroute' which will use the local address
of the default route interface as the source IP address. In
multihomed environments, this may not be correct if the user
wants to specify what the source IP address is. In OVS, this
can be set
In Libreswan case, 'ovs-monitor-ipsec' incorrectly configures
'leftcert' and 'rightcert' names for self-signed certificates.
This patch resolves that.
Reported-at: https://bugzilla.redhat.com/show_bug.cgi?id=1906280
Signed-off-by: Mark Gray
Acked-by: Eelco Chaudron
---
v2: Added "Reported-at" t
On Thu, Dec 24, 2020 at 04:38:56AM -0500, Mark Gray wrote:
> Check for pidfile before attempting 'exit'. If pidfile does
> not exist, we cannot cleanly exit so kill process.
Hi Mark,
It looks like the commit message needs update, otherwise the
patch looks okay to me.
fbl
>
> Signed-off-by: Ma
On Thu, Dec 24, 2020 at 04:38:57AM -0500, Mark Gray wrote:
> When 'ovs-monitor-ipsec' exits, it clears all persistent state (i.e.
> active ipsec connections, /etc/ipsec.conf, certs/keys). In some
> use-cases, we may want to exit and maintain state so that ipsec
> connectivity is maintained. One exa
On Thu, Dec 24, 2020 at 04:38:58AM -0500, Mark Gray wrote:
> Signed-off-by: Mark Gray
> Acked-by: Eelco Chaudron
> ---
Acked-by: Flavio Leitner
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Hi All,
My first post, so please be gentle on me :)
We have an app that wants to add a lot of openflow rules quickly. To speed
things up, the app is creating multiple threads to do its logic and then
call into ovs library code directly. I am getting the below assert about
50% of time on fast mach
Signed-off-by: Justin Pettit
---
Documentation/internals/security.rst | 11 +++
1 file changed, 7 insertions(+), 4 deletions(-)
diff --git a/Documentation/internals/security.rst
b/Documentation/internals/security.rst
index f6a31ad01116..8b4e5c3f4d5d 100644
--- a/Documentation/internals/
On Thu, Dec 24, 2020 at 07:57:01AM -0500, Mark Gray wrote:
> In the libreswan case, 'ovs-monitor-ipsec' sets
> 'left' to '%defaultroute' which will use the local address
> of the default route interface as the source IP address. In
> multihomed environments, this may not be correct if the user
> wa
On Thu, Dec 24, 2020 at 07:59:38AM -0500, Mark Gray wrote:
> In Libreswan case, 'ovs-monitor-ipsec' incorrectly configures
> 'leftcert' and 'rightcert' names for self-signed certificates.
> This patch resolves that.
>
> Reported-at: https://bugzilla.redhat.com/show_bug.cgi?id=1906280
> Signed-off-
On Thu, Dec 24, 2020 at 10:58:08AM -0800, Justin Pettit wrote:
> Signed-off-by: Justin Pettit
> ---
LGTM
Acked-by: Flavio Leitner
fbl
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
18 matches
Mail list logo