From a8f5a97999eaf65929798f950411e9621eac4706 Mon Sep 17 00:00:00 2001
From: Eelco Chaudron <echaudro@redhat.com>
Date: Tue, 4 Feb 2025 09:54:46 +0100
Subject: [PATCH] netdev-vport: Ignore ipsec_ tunnel option prefix for all
 tunnels.

All ipsec_* tunnel options are reported as invalid options.
This patch ensures that all of them are ignored, just like
the other IPSec related options.

Fixes: e8515c8cc082 ("ovs-monitor-ipsec: Allow custom options per tunnel.")
Reported-at: https://issues.redhat.com/browse/FDP-797
Acked-by: Simon Horman <horms@ovn.org>
Signed-off-by: Eelco Chaudron <echaudro@redhat.com>
---
 lib/netdev-vport.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/lib/netdev-vport.c b/lib/netdev-vport.c
index 234a4ebe127..2c07d34c047 100644
--- a/lib/netdev-vport.c
+++ b/lib/netdev-vport.c
@@ -840,7 +840,8 @@ set_tunnel_config(struct netdev *dev_, const struct smap *args, char **errp)
             }
         } else if (!strcmp(node->key, "remote_cert") ||
                    !strcmp(node->key, "remote_name") ||
-                   !strcmp(node->key, "psk")) {
+                   !strcmp(node->key, "psk") ||
+                   !strncmp(node->key, "ipsec_", strlen("ipsec_"))) {
             /* When configuring OVS for IPsec, these keys may be set in the
                tunnel port's 'options' column. 'ovs-vswitchd' does not directly
                use them, but they are read by 'ovs-monitor-ipsec'. In order to