From patchwork Wed Dec 16 12:04:32 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Gray X-Patchwork-Id: 1417095 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.137; helo=fraxinus.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=redhat.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=O68F6z3r; dkim-atps=neutral Received: from fraxinus.osuosl.org (smtp4.osuosl.org [140.211.166.137]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4Cwv295bdtz9sRf for ; Wed, 16 Dec 2020 23:04:49 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by fraxinus.osuosl.org (Postfix) with ESMTP id DA5D285F72; Wed, 16 Dec 2020 12:04:47 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from fraxinus.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3XKVOavT4spy; Wed, 16 Dec 2020 12:04:47 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by fraxinus.osuosl.org (Postfix) with ESMTP id 5CD5B85F6A; Wed, 16 Dec 2020 12:04:47 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 3CCDEC088E; Wed, 16 Dec 2020 12:04:47 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138]) by lists.linuxfoundation.org (Postfix) with ESMTP id 90654C013B for ; Wed, 16 Dec 2020 12:04:45 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id 800278697B for ; Wed, 16 Dec 2020 12:04:45 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ChznJXreBevH for ; Wed, 16 Dec 2020 12:04:44 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by whitealder.osuosl.org (Postfix) with ESMTPS id 105D882FF1 for ; Wed, 16 Dec 2020 12:04:43 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1608120283; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=34NCapkPxyC3bth912Gld0VvUqtfNgkJ9TJc6S2MCLU=; b=O68F6z3r/0lUyUXZ7g2KTSGPDbHt0gXKvkaVWJNycFn3w+7cZl65KERGVrtHGvm8HQgmt4 3OGFOek4hcmchRaH2EPdSCV7jQ9pRyDq0RFMEL8UVGiltqgtquMQJ7OpOmR4J6jzWnvwbg Z+MSA5rHojrVFnKYtIOjEhDREiwRNl4= Received: from mail-wm1-f72.google.com (mail-wm1-f72.google.com [209.85.128.72]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-123-LHBUBSx4MWyWz5jQweZXXA-1; Wed, 16 Dec 2020 07:04:40 -0500 X-MC-Unique: LHBUBSx4MWyWz5jQweZXXA-1 Received: by mail-wm1-f72.google.com with SMTP id u123so692246wmu.5 for ; Wed, 16 Dec 2020 04:04:40 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=34NCapkPxyC3bth912Gld0VvUqtfNgkJ9TJc6S2MCLU=; b=AJC0x1Wq7yZrrIPIFZY2kHqEvH4DLD0mp+hV54zTqHdvxMhMqMpatJP3ZgLnOOTcuj HCiM2TzHFSPJmOZYWlsvEni2v7yreE9w7AVGyS2p086asojv4qacVyR/5jiqSAEVp4VT 2ayiyctdnRox9oQeq/ygLdmrturG4GQn3yAPmSqa9khmLTlc2fSytPeF7c5yW+TB8pJM SYW/kUr3VXwywdNcooj/3hj0vj13JqskSI1mo7FhZn0HyVKpH11Zk89gGoE+tqn2vgMp rVJl4vOZPf9/ex7TrvY/r61+UJRaWBhmjo8Ce7oZGQ/nAicPZYMMvtK88zZny4GPmaDJ 3/lw== X-Gm-Message-State: AOAM533qrmnG6466c7uDEjhu5gxbZupDHaU4jUtnBHQif0pVt84Qu7qB eJuA311nxhNXoHqlKHVysS3s3ZfzZba18sx3Z5pCuRwOLjueTpehwH3+oy10afxxVG6JBTHytNK o/vonXZRXUL+U X-Received: by 2002:adf:9546:: with SMTP id 64mr38369649wrs.343.1608120279759; Wed, 16 Dec 2020 04:04:39 -0800 (PST) X-Google-Smtp-Source: ABdhPJx9G/UygcsyrefoQtfbJMRxLiowvTfw/x2LkOJMlVmpfshrB6Dr6JAsaF8TjPIw22MnsISRIw== X-Received: by 2002:adf:9546:: with SMTP id 64mr38369638wrs.343.1608120279606; Wed, 16 Dec 2020 04:04:39 -0800 (PST) Received: from wsfd-netdev77.ntdv.lab.eng.bos.redhat.com (nat-pool-bos-t.redhat.com. [66.187.233.206]) by smtp.gmail.com with ESMTPSA id b7sm2739536wrv.47.2020.12.16.04.04.38 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 16 Dec 2020 04:04:38 -0800 (PST) From: Mark Gray To: mark.d.gray@redhat.com, dev@openvswitch.org Date: Wed, 16 Dec 2020 07:04:32 -0500 Message-Id: <20201216120435.3453365-2-mark.d.gray@redhat.com> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20201216120435.3453365-1-mark.d.gray@redhat.com> References: <20201216120435.3453365-1-mark.d.gray@redhat.com> MIME-Version: 1.0 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=mark.d.gray@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Subject: [ovs-dev] [PATCH 1/4] ovs-monitor-ipsec: Fix active connection regex X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" Connections are added to IPsec using a connection name that is determined from the OVS port name and the tunnel type. GRE connections take the form: - Other connections take the form: -in- -out- The regex '|' operator parses strings left to right looking for the first match that it can find. '.*' is also greedy. This causes incorrect interface names to be parsed from active connections as other tunnel types are parsed as type GRE. This gives unexpected "is outdated" warnings and the connection is torn down. For example, 'ovn-424242-in-1' will produce an incorrect interface name of 'ovn-424242-in' instead of 'ovn-424242'. There are a number of ways this could be resolved including a cleverer regular expression, or re.findall(). However, this approach was taken as it simplifies the code easing maintainability. Signed-off-by: Mark Gray Acked-by: Eelco Chaudron Acked-by: Flavio Leitner --- ipsec/ovs-monitor-ipsec.in | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/ipsec/ovs-monitor-ipsec.in b/ipsec/ovs-monitor-ipsec.in index b84608a55d8a..1793088d9be1 100755 --- a/ipsec/ovs-monitor-ipsec.in +++ b/ipsec/ovs-monitor-ipsec.in @@ -625,7 +625,10 @@ conn prevent_unencrypted_vxlan continue conn = m.group(1) - m = re.match(r"(.*)(-in-\d+|-out-\d+|-\d+)", conn) + m = re.match(r"(.*)(-in-\d+|-out-\d+)", conn) + if not m: + # GRE connections have format - + m = re.match(r"(.*)(-\d+)", conn) if not m: continue From patchwork Wed Dec 16 12:04:33 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Gray X-Patchwork-Id: 1417097 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.133; helo=hemlock.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=redhat.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=fN8f6UFu; dkim-atps=neutral Received: from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4Cwv2D0zLVz9sSf for ; Wed, 16 Dec 2020 23:04:52 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by hemlock.osuosl.org (Postfix) with ESMTP id A32F18711C; Wed, 16 Dec 2020 12:04:50 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from hemlock.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CLwW38eZLoPe; Wed, 16 Dec 2020 12:04:50 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by hemlock.osuosl.org (Postfix) with ESMTP id 101498710F; Wed, 16 Dec 2020 12:04:50 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 9E968C1D9F; Wed, 16 Dec 2020 12:04:49 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138]) by lists.linuxfoundation.org (Postfix) with ESMTP id C4841C088E for ; Wed, 16 Dec 2020 12:04:47 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id A0CF286974 for ; Wed, 16 Dec 2020 12:04:47 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id L7577nlptOm6 for ; Wed, 16 Dec 2020 12:04:46 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by whitealder.osuosl.org (Postfix) with ESMTPS id 559C686976 for ; Wed, 16 Dec 2020 12:04:45 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1608120284; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=BgHddIWV1R2ZzlhW2YxY7adKeRkWfU8SZtd4T8k3ZP0=; b=fN8f6UFuQ32wvbKDTbFO1P9sKyJY+eyBt8o0d0SBVQCcVzzzeotRChuNDL+YZXupq1Hhcw vzkJ1A98aV9ljtQHqoOPlAhMGwCW4eS1biRtmvAL5RpkCS1nj6xxl4haHkD5bZtmqcU3nZ hr2r5G5pLproMPEnUn46sG7kKXm4+iU= Received: from mail-wm1-f72.google.com (mail-wm1-f72.google.com [209.85.128.72]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-51-81VHq-ljMrizDGgQMA8Yww-1; Wed, 16 Dec 2020 07:04:43 -0500 X-MC-Unique: 81VHq-ljMrizDGgQMA8Yww-1 Received: by mail-wm1-f72.google.com with SMTP id c2so868254wme.0 for ; Wed, 16 Dec 2020 04:04:42 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=BgHddIWV1R2ZzlhW2YxY7adKeRkWfU8SZtd4T8k3ZP0=; b=AuWKkMq1swbdfl1KidpJ7y0C187XP0enEjxp1r7Q6RIhgNO1tFnER7lWIwmp1fLTad u5iHNKBItCN5t5WB7marogJJluh17HizxG5jt6Y+uZmm3xv8u1+sO5Ljvk/6WgAe+NSI KoFjoqW5rM1nHIFLnitwvuJuQjL1mpzSv12xfrIBSlq4I+mdbdLD7KJOl8OP/E+a7oH3 YOlNkAhS02i9LUPvjMQeiwRrAtQ6D6zxnjpTVHApOTurmM5uJizT6GwjvAhtGGzSRkW0 bm3yGN3PhqG3Om5jP2xsltO11yiPoDIIeeuqGbsXLgnfdB3fhQ2VZEXmEmENR3jtfpH1 ntzw== X-Gm-Message-State: AOAM530kVA2n3L0fp3b3P6Qg27fsXcj8JyxXblZ1nNWRTcrM9gKKW2CV hSXOvgpQPVSarovWA0bL/dQcI5qyAhuuVQ8YTmV2kqsJl2GyxjwSouLp7n6TbibOIydm1QXYQ+h DIHg77ZkhbfoS X-Received: by 2002:adf:eb07:: with SMTP id s7mr37876402wrn.414.1608120281857; Wed, 16 Dec 2020 04:04:41 -0800 (PST) X-Google-Smtp-Source: ABdhPJypOryNpQwPOvtBlR1l/NEQt3jUsokQXL8xzxUpPjnLhd7qLmYbUk1iT8phN1S6wN8HpfrO2w== X-Received: by 2002:adf:eb07:: with SMTP id s7mr37876392wrn.414.1608120281724; Wed, 16 Dec 2020 04:04:41 -0800 (PST) Received: from wsfd-netdev77.ntdv.lab.eng.bos.redhat.com (nat-pool-bos-t.redhat.com. [66.187.233.206]) by smtp.gmail.com with ESMTPSA id b7sm2739536wrv.47.2020.12.16.04.04.39 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 16 Dec 2020 04:04:40 -0800 (PST) From: Mark Gray To: mark.d.gray@redhat.com, dev@openvswitch.org Date: Wed, 16 Dec 2020 07:04:33 -0500 Message-Id: <20201216120435.3453365-3-mark.d.gray@redhat.com> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20201216120435.3453365-1-mark.d.gray@redhat.com> References: <20201216120435.3453365-1-mark.d.gray@redhat.com> MIME-Version: 1.0 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=mark.d.gray@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Subject: [ovs-dev] [PATCH 2/4] ovs-ctl: Check for ovs-monitor-ipsec pidfile before exit X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" Check for pidfile before attempting 'exit'. If pidfile does not exist, we cannot cleanly exit so kill process. Signed-off-by: Mark Gray Acked-by: Eelco Chaudron --- utilities/ovs-ctl.in | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/utilities/ovs-ctl.in b/utilities/ovs-ctl.in index 8c5cd703274e..0441c0aee2c1 100644 --- a/utilities/ovs-ctl.in +++ b/utilities/ovs-ctl.in @@ -254,7 +254,11 @@ stop_forwarding () { } stop_ovs_ipsec () { - ${bindir}/ovs-appctl -t ovs-monitor-ipsec exit || return 1 + if test -f ${rundir}/ovs-monitor-ipsec.pid; then + ${bindir}/ovs-appctl -t ovs-monitor-ipsec exit || return 1 + else + pkill ovs-monitor-ipsec + fi return 0 } From patchwork Wed Dec 16 12:04:34 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Gray X-Patchwork-Id: 1417098 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.137; helo=fraxinus.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=redhat.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=R2f6FD3E; dkim-atps=neutral Received: from fraxinus.osuosl.org (smtp4.osuosl.org [140.211.166.137]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4Cwv2G5LzTz9s1l for ; Wed, 16 Dec 2020 23:04:54 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by fraxinus.osuosl.org (Postfix) with ESMTP id 5CF9685FFD; Wed, 16 Dec 2020 12:04:53 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from fraxinus.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id H7YKZE3shKV2; Wed, 16 Dec 2020 12:04:52 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by fraxinus.osuosl.org (Postfix) with ESMTP id 0263585FA5; Wed, 16 Dec 2020 12:04:52 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id C7665C1D9F; Wed, 16 Dec 2020 12:04:51 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138]) by lists.linuxfoundation.org (Postfix) with ESMTP id A4599C1DA0 for ; Wed, 16 Dec 2020 12:04:49 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id 8DAC286976 for ; Wed, 16 Dec 2020 12:04:49 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YU6FOEcvfbSs for ; Wed, 16 Dec 2020 12:04:47 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by whitealder.osuosl.org (Postfix) with ESMTPS id 457C58697C for ; Wed, 16 Dec 2020 12:04:47 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1608120286; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=/pHETdOeDQBoOLPpUX139zuvmv62lxHu0ioRoqaRzzw=; b=R2f6FD3EB6aM+7Sch2oLcqacFX+7Y+KJvGiyKxXmEU9/LBG7UysH2r0IDXci2Ua+6F3SrD kymwV5wkvhnp4Z5TALCZX/i8yxFJYqYuuS960pYR5uBivU3WszFWDlBVuEs1fKB6o4qfPg 10oHh+ApbkT7pW21p6LyuFidezU7LGo= Received: from mail-wr1-f71.google.com (mail-wr1-f71.google.com [209.85.221.71]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-457-Khe8Oj4aNVK8lwPX_7Sxrg-1; Wed, 16 Dec 2020 07:04:44 -0500 X-MC-Unique: Khe8Oj4aNVK8lwPX_7Sxrg-1 Received: by mail-wr1-f71.google.com with SMTP id r11so9386139wrs.23 for ; Wed, 16 Dec 2020 04:04:44 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=/pHETdOeDQBoOLPpUX139zuvmv62lxHu0ioRoqaRzzw=; b=LeKtST/kPq4o566AjO5qTgnzsk44sVSjsDhBEw1Mz9B6gB1uhgUuwK0xW+W2IDqf20 tRYkSGDBFsUqMCzb655pQin/rmpXkHbH17Ep+A8B90BEHk4N6vgEyq+uzRDfkgEX6ary J5RwI6WmjlXI5V9VQUG+MDLZxYG4wDkjNhS2ZrsziQjDuZafZ7y9kEkke5vHSo4QsNrL lWk9qBJ46HLL/iRiPlpXhdqfqpIZSFSYc4mpnIY+R761gO69DnECfI+lFlzNdvSKTa3b Q8+FLMn5acMEHEX2N8pIv+LxmKEGKNvkg3ZmuHXtWZhEUq3359u+FBPbDkV9ExMD+kEO TjMA== X-Gm-Message-State: AOAM533khTlJUdejJjwIkIBKNAwAzIgiL/RFFtOlME0ykb8R8OyEcbbO MBFMcS6xpXfGnV+BT7phYTKuMH6VvHUvCwDg0b6gZBo04CMnpyaz5hzzMEQQqY4BNMh8LzKQvce GWNGHwpTz/052 X-Received: by 2002:adf:e54a:: with SMTP id z10mr38634227wrm.1.1608120283657; Wed, 16 Dec 2020 04:04:43 -0800 (PST) X-Google-Smtp-Source: ABdhPJytz1tzdwhT7uj3puJuYagSdurt/Vb+GkKCoIOI6b1MP4wjvrixB0neX43C3vmtJT1DSQ3TMQ== X-Received: by 2002:adf:e54a:: with SMTP id z10mr38634220wrm.1.1608120283531; Wed, 16 Dec 2020 04:04:43 -0800 (PST) Received: from wsfd-netdev77.ntdv.lab.eng.bos.redhat.com (nat-pool-bos-t.redhat.com. [66.187.233.206]) by smtp.gmail.com with ESMTPSA id b7sm2739536wrv.47.2020.12.16.04.04.41 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 16 Dec 2020 04:04:42 -0800 (PST) From: Mark Gray To: mark.d.gray@redhat.com, dev@openvswitch.org Date: Wed, 16 Dec 2020 07:04:34 -0500 Message-Id: <20201216120435.3453365-4-mark.d.gray@redhat.com> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20201216120435.3453365-1-mark.d.gray@redhat.com> References: <20201216120435.3453365-1-mark.d.gray@redhat.com> MIME-Version: 1.0 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=mark.d.gray@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Subject: [ovs-dev] [PATCH 3/4] ovs-monitor-ipsec: Allow exit of ipsec daemon maintaining state X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" When 'ovs-monitor-ipsec' exits, it clears all persistent state (i.e. active ipsec connections, /etc/ipsec.conf, certs/keys). In some use-cases, we may want to exit and maintain state so that ipsec connectivity is maintained. One example of this is during an upgrade. This will require the caller to clear this persistent state when appropriate (e.g. before 'ovs-monitor-ipsec') is restarted. Signed-off-by: Mark Gray --- ipsec/ovs-monitor-ipsec.in | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/ipsec/ovs-monitor-ipsec.in b/ipsec/ovs-monitor-ipsec.in index 1793088d9be1..cac42d7b2b31 100755 --- a/ipsec/ovs-monitor-ipsec.in +++ b/ipsec/ovs-monitor-ipsec.in @@ -1146,6 +1146,11 @@ def unixctl_refresh(conn, unused_argv, unused_aux): monitor.ike_helper.refresh(monitor) conn.reply(None) +def unixctl_exit_noflush(conn, unused_argv, unused_aux): + global exiting + # Do not clear persistent state + exiting = True + conn.reply(None) def unixctl_exit(conn, unused_argv, unused_aux): global monitor @@ -1205,6 +1210,7 @@ def main(): ovs.unixctl.command_register("tunnels/show", "", 0, 0, unixctl_show, None) ovs.unixctl.command_register("refresh", "", 0, 0, unixctl_refresh, None) + ovs.unixctl.command_register("exit/noflush", "", 0, 0, unixctl_exit_noflush, None) ovs.unixctl.command_register("exit", "", 0, 0, unixctl_exit, None) error, unixctl_server = ovs.unixctl.server.UnixctlServer.create(None) From patchwork Wed Dec 16 12:04:35 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Gray X-Patchwork-Id: 1417099 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.138; helo=whitealder.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=redhat.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=OV8ChgAg; dkim-atps=neutral Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4Cwv2r14wtz9sSf for ; Wed, 16 Dec 2020 23:05:24 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id B16C3869A0; Wed, 16 Dec 2020 12:05:22 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 92IdUTMT7lLJ; Wed, 16 Dec 2020 12:05:17 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by whitealder.osuosl.org (Postfix) with ESMTP id 28C728697C; Wed, 16 Dec 2020 12:05:08 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 17822C088E; Wed, 16 Dec 2020 12:05:08 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136]) by lists.linuxfoundation.org (Postfix) with ESMTP id 22E53C163C for ; Wed, 16 Dec 2020 12:05:06 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by silver.osuosl.org (Postfix) with ESMTP id 031E3228E2 for ; Wed, 16 Dec 2020 12:05:06 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from silver.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id R5tejN4Htjvd for ; Wed, 16 Dec 2020 12:04:51 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by silver.osuosl.org (Postfix) with ESMTPS id 4551822708 for ; Wed, 16 Dec 2020 12:04:50 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1608120289; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=lBvdjbcoHfql2gkrtUaTWKZH9+qZGPRvUKuB9i6bFRk=; b=OV8ChgAg0VM4hXLZY/Jv+kyNcFDA8QyYKAqnvOQvkvShhe1kMpguAPAC+g3oTjoHeTqiOB GiuA7EzjHcmWxjLWgKHpbMxaXfBYHTXcM961mDfXXsXJugyR9fGBw2SyCqaOmAEStZ5WlF 39F8DnV1bWJdfHx8YcJVnxbBQ3vm/H0= Received: from mail-wm1-f70.google.com (mail-wm1-f70.google.com [209.85.128.70]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-23--l0mmaNGMYC0tLLzN13ATg-1; Wed, 16 Dec 2020 07:04:47 -0500 X-MC-Unique: -l0mmaNGMYC0tLLzN13ATg-1 Received: by mail-wm1-f70.google.com with SMTP id 4so698121wmj.2 for ; Wed, 16 Dec 2020 04:04:46 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=lBvdjbcoHfql2gkrtUaTWKZH9+qZGPRvUKuB9i6bFRk=; b=dWQeyh4Zz7J6ELJ0RV29vYfzi3wedExXKzhHTKJTwVKtfHgt8NEUhwXBcUH2kJo2hX 7zMjANL5i6zhO7FkO6kbgwjOfKvvuoZ3XWcJzZJk6153tPh3x77rVwYME5VUTIPdr0zV x7mHgYKWvfD0d+3aFj+MTydOeJZdOzRpy3Ov23XmTXJDubsH5Jp8HnPgpflYfcrkJiow qFNx6vTqy58qLGOdjDjEuEsvfCIvewSMfGQNnqq0JgTBimJ5J3PvpszATtrg4JHQ+4ev I1R7VgtlRRhvGIcP2+2QpwZiShJRRweG1SD8KPGjZlndz5stopJjtkzZgvkddQhuZC0q iFjA== X-Gm-Message-State: AOAM530DTKsflM4SVNjDlKw0ESv47Bb7kcDK88/Iy+NOEao5MinhpCzR irg3anPM38FpJVlg2ZGkqT/zEo+haZocg9IUdulTUyd8KMoKZOvwTNfl4VZy60IXGkI64StJoqz LNX3KKVgzjvLT X-Received: by 2002:adf:ec92:: with SMTP id z18mr38690691wrn.166.1608120285567; Wed, 16 Dec 2020 04:04:45 -0800 (PST) X-Google-Smtp-Source: ABdhPJyUuF0rpLGby8UhBSYk5ugAgb+bEoAc0rYFfe4kH8hd1WmZ3CMrK9MpygXFh+lqlV7H9j/Zzw== X-Received: by 2002:adf:ec92:: with SMTP id z18mr38690670wrn.166.1608120285333; Wed, 16 Dec 2020 04:04:45 -0800 (PST) Received: from wsfd-netdev77.ntdv.lab.eng.bos.redhat.com (nat-pool-bos-t.redhat.com. [66.187.233.206]) by smtp.gmail.com with ESMTPSA id b7sm2739536wrv.47.2020.12.16.04.04.43 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 16 Dec 2020 04:04:44 -0800 (PST) From: Mark Gray To: mark.d.gray@redhat.com, dev@openvswitch.org Date: Wed, 16 Dec 2020 07:04:35 -0500 Message-Id: <20201216120435.3453365-5-mark.d.gray@redhat.com> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20201216120435.3453365-1-mark.d.gray@redhat.com> References: <20201216120435.3453365-1-mark.d.gray@redhat.com> MIME-Version: 1.0 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=mark.d.gray@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Subject: [ovs-dev] [PATCH 4/4] ovs-monitor-ipsec: Add option to not restart IKE daemon X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" Signed-off-by: Mark Gray --- ipsec/ovs-monitor-ipsec.in | 10 +++++++--- utilities/ovs-ctl.in | 8 ++++++++ 2 files changed, 15 insertions(+), 3 deletions(-) diff --git a/ipsec/ovs-monitor-ipsec.in b/ipsec/ovs-monitor-ipsec.in index cac42d7b2b31..7bdf9d56030d 100755 --- a/ipsec/ovs-monitor-ipsec.in +++ b/ipsec/ovs-monitor-ipsec.in @@ -922,7 +922,7 @@ class IPsecTunnel(object): class IPsecMonitor(object): """This class monitors and configures IPsec tunnels""" - def __init__(self, root_prefix, ike_daemon): + def __init__(self, root_prefix, ike_daemon, restart): self.IPSEC = root_prefix + "/usr/sbin/ipsec" self.tunnels = {} @@ -952,7 +952,9 @@ class IPsecMonitor(object): not os.access(self.IPSEC, os.X_OK): vlog.err("IKE daemon is not installed in the system.") - self.ike_helper.restart_ike_daemon() + if restart: + vlog.info("Restarting IKE daemon") + self.ike_helper.restart_ike_daemon() def is_tunneling_type_supported(self, tunnel_type): """Returns True if we know how to configure IPsec for these @@ -1177,6 +1179,8 @@ def main(): parser.add_argument("--ike-daemon", metavar="IKE-DAEMON", help="The IKE daemon used for IPsec tunnels" " (either libreswan or strongswan).") + parser.add_argument("--no-restart-ike-daemon", action='store_true', + help="Don't restart the IKE daemon on startup.") ovs.vlog.add_args(parser) ovs.daemon.add_args(parser) @@ -1189,7 +1193,7 @@ def main(): root_prefix = args.root_prefix if args.root_prefix else "" xfrm = XFRM(root_prefix) - monitor = IPsecMonitor(root_prefix, args.ike_daemon) + monitor = IPsecMonitor(root_prefix, args.ike_daemon, not args.no_restart_ike_daemon) remote = args.database schema_helper = ovs.db.idl.SchemaHelper() diff --git a/utilities/ovs-ctl.in b/utilities/ovs-ctl.in index 0441c0aee2c1..5177497f6c2f 100644 --- a/utilities/ovs-ctl.in +++ b/utilities/ovs-ctl.in @@ -230,9 +230,14 @@ start_forwarding () { } start_ovs_ipsec () { + if test X$RESTART_IKE_DAEMON = Xno; then + no_restart="--no-restart-ike-daemon" + fi + ${datadir}/scripts/ovs-monitor-ipsec \ --pidfile=${rundir}/ovs-monitor-ipsec.pid \ --ike-daemon=$IKE_DAEMON \ + $no_restart \ --log-file --detach --monitor unix:${rundir}/db.sock || return 1 return 0 } @@ -345,6 +350,7 @@ set_defaults () { SPORT= IKE_DAEMON= + RESTART_IKE_DAEMON=yes type_file=$etcdir/system-type.conf version_file=$etcdir/system-version.conf @@ -428,6 +434,8 @@ Options for "enable-protocol": Option for "start-ovs-ipsec": --ike-daemon=IKE_DAEMON the IKE daemon for ipsec tunnels (either libreswan or strongswan) + --no-restart-ike-daemon + do not restart the IKE daemon on startup Other options: -h, --help display this help message