Message ID | 20220203141642.331051-1-mheib@redhat.com |
---|---|
State | Accepted |
Headers | show |
Series | [ovs-dev] ovs/ipsec: Libreswan report connection failures to ovs logs | expand |
Context | Check | Description |
---|---|---|
ovsrobot/apply-robot | success | apply and check: success |
ovsrobot/github-robot-_Build_and_Test | fail | github build: failed |
On Thu, Feb 3, 2022 at 9:17 AM Mohammad Heib <mheib@redhat.com> wrote: > > Currently when the user adds an IPsec tunnel port to the > ovs bridge the ovs-monitor-ipsec script will submit a request > to start the IPsec connection for this port and ignores > the request output which can contain an error message. > > This patch captures the request output and prints > the error message to the ovs logs. > > Signed-off-by: Mohammad Heib <mheib@redhat.com> This should make it easier to debug IPSec issues. Acked-by: Mike Pattrick <mkp@redhat.com>
On 2/14/22 17:56, Mike Pattrick wrote: > On Thu, Feb 3, 2022 at 9:17 AM Mohammad Heib <mheib@redhat.com> wrote: >> >> Currently when the user adds an IPsec tunnel port to the >> ovs bridge the ovs-monitor-ipsec script will submit a request >> to start the IPsec connection for this port and ignores >> the request output which can contain an error message. >> >> This patch captures the request output and prints >> the error message to the ovs logs. >> >> Signed-off-by: Mohammad Heib <mheib@redhat.com> > > This should make it easier to debug IPSec issues. > > Acked-by: Mike Pattrick <mkp@redhat.com> Thanks! Applied to master and 2.17. Best regards, Ilya Maximets.
diff --git a/ipsec/ovs-monitor-ipsec.in b/ipsec/ovs-monitor-ipsec.in index a8b0705d9..aa0135b86 100755 --- a/ipsec/ovs-monitor-ipsec.in +++ b/ipsec/ovs-monitor-ipsec.in @@ -708,6 +708,11 @@ conn prevent_unencrypted_vxlan not re.match(r".*need --listen.*", pout): break + if re.match(r".*[F|f]ailed to initiate connection.*", pout): + vlog.err('Failed to initiate connection through' + ' Interface %s.\n' % (conn.split('-')[0])) + vlog.err(pout) + def _nss_clear_database(self): """Remove all OVS IPsec related state from the NSS database""" try:
Currently when the user adds an IPsec tunnel port to the ovs bridge the ovs-monitor-ipsec script will submit a request to start the IPsec connection for this port and ignores the request output which can contain an error message. This patch captures the request output and prints the error message to the ovs logs. Signed-off-by: Mohammad Heib <mheib@redhat.com> --- ipsec/ovs-monitor-ipsec.in | 5 +++++ 1 file changed, 5 insertions(+)