ipsec: Libreswan report connection failures to ovs logs.

Currently when the user adds an IPsec tunnel port to the ovs bridge the ovs-monitor-ipsec script will submit a request to start the IPsec connection for this port and ignores the request output which can contain an error message. This patch captures the request output and prints the error message to the ovs logs. Signed-off-by: Mohammad Heib <mheib@redhat.com> Acked-by: Mike Pattrick <mkp@redhat.com> Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
author: Mohammad Heib <mheib@redhat.com> 2022-02-03 16:16:42 +0200
committer: Ilya Maximets <i.maximets@ovn.org> 2022-03-04 20:07:15 +0100
commit: 02cff6b2d4957781eb9d04b17403e5de945cea63 (patch)
tree: 327a12ec696072c9abbb855ecabce1249e24f008 /ipsec
parent: 9016592ca09043d5c10f424fb6c8717f270fdfaf (diff)
download: openvswitch-02cff6b2d4957781eb9d04b17403e5de945cea63.tar.gz
1 files changed, 5 insertions, 0 deletions
diff --git a/ipsec/ovs-monitor-ipsec.in b/ipsec/ovs-monitor-ipsec.in
index a8b0705d9..aa0135b86 100755
--- a/ipsec/ovs-monitor-ipsec.in
+++ b/ipsec/ovs-monitor-ipsec.in
@@ -708,6 +708,11 @@ conn prevent_unencrypted_vxlan
                     not re.match(r".*need --listen.*", pout):
                 break
 
+        if re.match(r".*[F|f]ailed to initiate connection.*", pout):
+            vlog.err('Failed to initiate connection through'
+                    ' Interface %s.\n' % (conn.split('-')[0]))
+            vlog.err(pout)
+
     def _nss_clear_database(self):
         """Remove all OVS IPsec related state from the NSS database"""
         try:
author	Mohammad Heib <mheib@redhat.com>	2022-02-03 16:16:42 +0200
committer	Ilya Maximets <i.maximets@ovn.org>	2022-03-04 20:07:15 +0100
commit	02cff6b2d4957781eb9d04b17403e5de945cea63 (patch)
tree	327a12ec696072c9abbb855ecabce1249e24f008 /ipsec
parent	9016592ca09043d5c10f424fb6c8717f270fdfaf (diff)
download	openvswitch-02cff6b2d4957781eb9d04b17403e5de945cea63.tar.gz