netdev-vport: Ignore ipsec_ tunnel option prefix for all tunnels.

All ipsec_* tunnel options are reported as invalid options. This patch ensures that all of them are ignored, just like the other IPSec related options. Fixes: e8515c8 ("ovs-monitor-ipsec: Allow custom options per tunnel.") Reported-at: https://issues.redhat.com/browse/FDP-797 Acked-by: Simon Horman <horms@ovn.org> Signed-off-by: Eelco Chaudron <echaudro@redhat.com>
openvswitch · Feb 10, 2025 · a8f5a97 · a8f5a97
1 parent d386b55
commit a8f5a97
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/lib/netdev-vport.c b/lib/netdev-vport.c
@@ -840,7 +840,8 @@ set_tunnel_config(struct netdev *dev_, const struct smap *args, char **errp)
             }
         } else if (!strcmp(node->key, "remote_cert") ||
                    !strcmp(node->key, "remote_name") ||
-                   !strcmp(node->key, "psk")) {
+                   !strcmp(node->key, "psk") ||
+                   !strncmp(node->key, "ipsec_", strlen("ipsec_"))) {
             /* When configuring OVS for IPsec, these keys may be set in the
                tunnel port's 'options' column. 'ovs-vswitchd' does not directly
                use them, but they are read by 'ovs-monitor-ipsec'. In order to