diff options
| author | Andreas Karis <ak.karis@gmail.com> | 2022-03-02 14:40:05 +0100 |
|---|---|---|
| committer | Ilya Maximets <i.maximets@ovn.org> | 2022-05-04 16:30:21 +0200 |
| commit | e8515c8cc082964f7611e6f03300e614b9b8eaca (patch) | |
| tree | 5580898aff959d682b6d75213e4314664001bbf4 /ipsec | |
| parent | af864cedb0c893bad0c54b7f7f6a73627965b358 (diff) | |
| download | openvswitch-e8515c8cc082964f7611e6f03300e614b9b8eaca.tar.gz | |
ovs-monitor-ipsec: Allow custom options per tunnel.
Tunnels in LibreSwan and OpenSwan allow for many options to be set on a
per tunnel basis. Pass through any options starting with ipsec_ to the
connection in the configuration file. Administrators are responsible for
picking valid key/value pairs.
Signed-off-by: Andreas Karis <ak.karis@gmail.com>
Acked-by: Mike Pattrick <mkp@redhat.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
Diffstat (limited to 'ipsec')
| -rwxr-xr-x | ipsec/ovs-monitor-ipsec.in | 17 |
1 files changed, 16 insertions, 1 deletions
diff --git a/ipsec/ovs-monitor-ipsec.in b/ipsec/ovs-monitor-ipsec.in index c9f3cc5a1..7945162f9 100755 --- a/ipsec/ovs-monitor-ipsec.in +++ b/ipsec/ovs-monitor-ipsec.in @@ -313,6 +313,10 @@ conn prevent_unencrypted_vxlan tmpl = self.auth_tmpl["pki_ca"] auth_section = tmpl.substitute(tunnel.conf) + if "custom_options" in tunnel.conf: + for key, value in tunnel.conf["custom_options"].items(): + auth_section += "\n " + key + "=" + value + vals = tunnel.conf.copy() vals["auth_section"] = auth_section vals["version"] = tunnel.version @@ -550,6 +554,10 @@ conn prevent_unencrypted_vxlan if tunnel.conf["address_family"] == "IPv6": auth_section = self.IPV6_CONN + auth_section + if "custom_options" in tunnel.conf: + for key, value in tunnel.conf["custom_options"].items(): + auth_section += "\n " + key + "=" + value + vals = tunnel.conf.copy() vals["auth_section"] = auth_section vals["version"] = tunnel.version @@ -831,6 +839,7 @@ class IPsecTunnel(object): Remote name: $remote_name CA cert: $ca_cert PSK: $psk + Custom Options: $custom_options """) unixctl_status_tmpl = Template("""\ @@ -874,7 +883,13 @@ class IPsecTunnel(object): "remote_cert": remote_cert, "remote_name": remote_name, "local_name": monitor.conf["pki"]["local_name"], - "psk": options.get("psk")} + "psk": options.get("psk"), + "custom_options": {}} + + # add custom ipsec options to the connection + for key, value in options.items(): + if key.startswith("ipsec_"): + new_conf["custom_options"][key[len("ipsec_"):]] = value if self.conf != new_conf: # Configuration was updated in OVSDB. Validate it and figure |