[ovs.git] / debian / patches / fix-ovs-monitor-ipsec.patch

Description: Fix ovs-monitor-ipsec
 Open subprocesses in the text mode.
 Use valid strongSwan configuration.
 Use python3 dictionary iterators.
Forwarded: no
Author: Jakub Safarik <jsfrk@protonmail.com>
Last-Update: 2019-09-29
--- a/ipsec/ovs-monitor-ipsec.in
+++ b/ipsec/ovs-monitor-ipsec.in
@@ -99,7 +99,8 @@
         the IPsec policy."""
         policies = {}
         proc = subprocess.Popen([self.IP, 'xfrm', 'policy'],
-                                stdout=subprocess.PIPE)
+                                stdout=subprocess.PIPE,
+                                universal_newlines=True)
         while True:
             line = proc.stdout.readline().strip()
             if line == '':
@@ -122,7 +123,8 @@
         is SELECTOR."""
         securities = {}
         proc = subprocess.Popen([self.IP, 'xfrm', 'state'],
-                                stdout=subprocess.PIPE)
+                                stdout=subprocess.PIPE,
+                                universal_newlines=True)
         while True:
             line = proc.stdout.readline().strip()
             if line == '':
@@ -145,10 +147,18 @@
     """This class does StrongSwan specific configurations."""
 
     STRONGSWAN_CONF = """%s
-charon.plugins.kernel-netlink.set_proto_port_transport_sa = yes
-charon.plugins.kernel-netlink.xfrm_ack_expires = 10
-charon.load_modular = yes
-charon.plugins.gcm.load = yes
+charon {
+    plugins {
+        kernel-netlink {
+            set_proto_port_transport_sa = yes
+            xfrm_ack_expires = 10
+        }
+        gcm {
+            load = yes
+        }
+    }
+    load_modular = yes
+}
 """ % (FILE_HEADER)
 
     CONF_HEADER = """%s
@@ -243,7 +253,9 @@
         sample line from the parsed outpus as <value>. """
 
         conns = {}
-        proc = subprocess.Popen([self.IPSEC, 'status'], stdout=subprocess.PIPE)
+        proc = subprocess.Popen([self.IPSEC, 'status'],
+                                stdout=subprocess.PIPE,
+                                universal_newlines=True)
 
         while True:
             line = proc.stdout.readline().strip()
@@ -340,7 +352,7 @@
         # about possibility of ovs-monitor-ipsec to block for each tunnel
         # while strongSwan sends IKE messages over Internet.
         conns_dict = self.get_active_conns()
-        for ifname, conns in conns_dict.iteritems():
+        for ifname, conns in conns_dict.items():
             tunnel = monitor.tunnels.get(ifname)
             for conn in conns:
                 # IPsec "connection" names that we choose in strongswan
@@ -536,7 +548,7 @@
 
         # Delete old connections
         conns_dict = self.get_active_conns()
-        for ifname, conns in conns_dict.iteritems():
+        for ifname, conns in conns_dict.items():
             tunnel = monitor.tunnels.get(ifname)
 
             for conn in conns:
@@ -989,7 +1001,7 @@
         skb_mark = None
         is_valid = False
 
-        for row in data["Open_vSwitch"].rows.itervalues():
+        for row in data["Open_vSwitch"].rows.values():
             pki[0] = row.other_config.get("certificate")
             pki[1] = row.other_config.get("private_key")
             pki[2] = row.other_config.get("ca_cert")
@@ -1016,7 +1028,7 @@
         table."""
         ifaces = set()
 
-        for row in data["Interface"].rows.itervalues():
+        for row in data["Interface"].rows.values():
             if not self.is_tunneling_type_supported(row.type):
                 continue
             if not self.is_ipsec_required(row.options):
@@ -1047,7 +1059,7 @@
             return
         s = ""
         conns = self.ike_helper.get_active_conns()
-        for name, tunnel in self.tunnels.iteritems():
+        for name, tunnel in self.tunnels.items():
             s += tunnel.show(policies, securities, conns)
         unix_conn.reply(s)
 
@@ -1064,7 +1076,7 @@
         if self.ike_helper.config_global(self):
             needs_refresh = True
 
-        for name, tunnel in self.tunnels.iteritems():
+        for name, tunnel in self.tunnels.items():
             if tunnel.last_refreshed_version != tunnel.version:
                 tunnel.last_refreshed_version = tunnel.version
                 needs_refresh = True
Commit	Line	Data
9a25910a TL	1	Description: Fix ovs-monitor-ipsec
	2	Open subprocesses in the text mode.
	3	Use valid strongSwan configuration.
	4	Use python3 dictionary iterators.
	5	Forwarded: no
	6	Author: Jakub Safarik <jsfrk@protonmail.com>
	7	Last-Update: 2019-09-29
	8	--- a/ipsec/ovs-monitor-ipsec.in
	9	+++ b/ipsec/ovs-monitor-ipsec.in
	10	@@ -99,7 +99,8 @@
	11	the IPsec policy."""
	12	policies = {}
	13	proc = subprocess.Popen([self.IP, 'xfrm', 'policy'],
	14	- stdout=subprocess.PIPE)
	15	+ stdout=subprocess.PIPE,
	16	+ universal_newlines=True)
	17	while True:
	18	line = proc.stdout.readline().strip()
	19	if line == '':
	20	@@ -122,7 +123,8 @@
	21	is SELECTOR."""
	22	securities = {}
	23	proc = subprocess.Popen([self.IP, 'xfrm', 'state'],
	24	- stdout=subprocess.PIPE)
	25	+ stdout=subprocess.PIPE,
	26	+ universal_newlines=True)
	27	while True:
	28	line = proc.stdout.readline().strip()
	29	if line == '':
	30	@@ -145,10 +147,18 @@
	31	"""This class does StrongSwan specific configurations."""
	32
	33	STRONGSWAN_CONF = """%s
	34	-charon.plugins.kernel-netlink.set_proto_port_transport_sa = yes
	35	-charon.plugins.kernel-netlink.xfrm_ack_expires = 10
	36	-charon.load_modular = yes
	37	-charon.plugins.gcm.load = yes
	38	+charon {
	39	+ plugins {
	40	+ kernel-netlink {
	41	+ set_proto_port_transport_sa = yes
	42	+ xfrm_ack_expires = 10
	43	+ }
	44	+ gcm {
	45	+ load = yes
	46	+ }
	47	+ }
	48	+ load_modular = yes
	49	+}
	50	""" % (FILE_HEADER)
	51
	52	CONF_HEADER = """%s
	53	@@ -243,7 +253,9 @@
	54	sample line from the parsed outpus as <value>. """
	55
	56	conns = {}
	57	- proc = subprocess.Popen([self.IPSEC, 'status'], stdout=subprocess.PIPE)
	58	+ proc = subprocess.Popen([self.IPSEC, 'status'],
	59	+ stdout=subprocess.PIPE,
	60	+ universal_newlines=True)
	61
	62	while True:
	63	line = proc.stdout.readline().strip()
	64	@@ -340,7 +352,7 @@
65	# about possibility of ovs-monitor-ipsec to block for each tunnel
66	# while strongSwan sends IKE messages over Internet.
67	conns_dict = self.get_active_conns()
68	- for ifname, conns in conns_dict.iteritems():
69	+ for ifname, conns in conns_dict.items():
70	tunnel = monitor.tunnels.get(ifname)
71	for conn in conns:
72	# IPsec "connection" names that we choose in strongswan
73	@@ -536,7 +548,7 @@
74
75	# Delete old connections
76	conns_dict = self.get_active_conns()
77	- for ifname, conns in conns_dict.iteritems():
78	+ for ifname, conns in conns_dict.items():
79	tunnel = monitor.tunnels.get(ifname)
80
81	for conn in conns:
82	@@ -989,7 +1001,7 @@
83	skb_mark = None
84	is_valid = False
85
86	- for row in data["Open_vSwitch"].rows.itervalues():
87	+ for row in data["Open_vSwitch"].rows.values():
88	pki[0] = row.other_config.get("certificate")
89	pki[1] = row.other_config.get("private_key")
90	pki[2] = row.other_config.get("ca_cert")
91	@@ -1016,7 +1028,7 @@
92	table."""
93	ifaces = set()
94
95	- for row in data["Interface"].rows.itervalues():
96	+ for row in data["Interface"].rows.values():
97	if not self.is_tunneling_type_supported(row.type):
98	continue
99	if not self.is_ipsec_required(row.options):
100	@@ -1047,7 +1059,7 @@
101	return
102	s = ""
103	conns = self.ike_helper.get_active_conns()
104	- for name, tunnel in self.tunnels.iteritems():
105	+ for name, tunnel in self.tunnels.items():
106	s += tunnel.show(policies, securities, conns)
107	unix_conn.reply(s)
108
109	@@ -1064,7 +1076,7 @@
110	if self.ike_helper.config_global(self):
111	needs_refresh = True
112
113	- for name, tunnel in self.tunnels.iteritems():
114	+ for name, tunnel in self.tunnels.items():
115	if tunnel.last_refreshed_version != tunnel.version:
116	tunnel.last_refreshed_version = tunnel.version
117	needs_refresh = True