git.proxmox.com Git - mirror

author	Mark Gray <mark.d.gray@redhat.com>
	Mon, 4 Jan 2021 08:45:18 +0000 (03:45 -0500)
committer	Ilya Maximets <i.maximets@ovn.org>
	Tue, 5 Jan 2021 18:36:39 +0000 (19:36 +0100)
commit	2ee0f4485a7c9d4f250a2d2986cd5b0058ddaba0
tree	64d8930aab4cc6961d112366e86c51f0c2fa3884	tree
parent	6d2a5be5f67024bc133a090e792f816f9dd8c030	commit \| diff

ovs-monitor-ipsec: Fix active connection regex.

Connections are added to IPsec using a connection name
that is determined from the OVS port name and the tunnel
type.

GRE connections take the form:
  <iface>-<ver>
Other connections take the form:
  <iface>-in-<ver>
  <iface>-out-<ver>

The regex '|' operator parses strings left to right looking
for the first match that it can find. '.*' is also greedy. This
causes incorrect interface names to be parsed from active
connections as other tunnel types are parsed as type
GRE. This gives unexpected "is outdated" warnings and the
connection is torn down.

For example,

'ovn-424242-in-1' will produce an incorrect interface name of
'ovn-424242-in' instead of 'ovn-424242'.

There are a number of ways this could be resolved including
a cleverer regular expression, or re.findall(). However, this
approach was taken as it simplifies the code easing maintainability.

Fixes: 22c5eafb6efa ("ipsec: reintroduce IPsec support for tunneling")
Reported-at: https://bugzilla.redhat.com/show_bug.cgi?id=1908789
Signed-off-by: Mark Gray <mark.d.gray@redhat.com>
Acked-by: Eelco Chaudron <echaudro@redhat.com>
Acked-by: Flavio Leitner <fbl@sysclose.org>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>