Skip to content

Commit

Permalink
ovs-monitor-ipsec: Use "require" when adding SPD entries.
Browse files Browse the repository at this point in the history 
Previously, SPD entries were added with a level of "default".  This uses
the system-wide default for the protocol when processing a matching
packet.  Switch the level to "require" so that a SA is always used when
sending the packet.
  • Loading branch information
Justin Pettit committed Jan 20, 2011
1 parent 0671665 commit f916d1c
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions debian/ovs-monitor-ipsec
View file
Original file line number Diff line number Diff line change
Expand Up @@ -317,9 +317,9 @@ class IPsec:
self.call_setkey("spdflush;")

def spd_add(self, local_ip, remote_ip):
cmds = ("spdadd %s %s gre -P out ipsec esp/transport//default;\n" %
cmds = ("spdadd %s %s gre -P out ipsec esp/transport//require;\n" %
(local_ip, remote_ip))
cmds += ("spdadd %s %s gre -P in ipsec esp/transport//default;" %
cmds += ("spdadd %s %s gre -P in ipsec esp/transport//require;" %
(remote_ip, local_ip))
self.call_setkey(cmds)

Expand Down

0 comments on commit f916d1c

Please sign in to comment.