diff --git a/SOURCES/openvswitch-2.15.0.patch b/SOURCES/openvswitch-2.15.0.patch index ca2fd7e..0cf4c21 100644 --- a/SOURCES/openvswitch-2.15.0.patch +++ b/SOURCES/openvswitch-2.15.0.patch @@ -104,6 +104,96 @@ index 1f2b7a3668..8b5d075840 100644 openvswitch (2.15.0-1) unstable; urgency=low * New upstream version +diff --git a/ipsec/ovs-monitor-ipsec.in b/ipsec/ovs-monitor-ipsec.in +index 64111768b3..668507fd37 100755 +--- a/ipsec/ovs-monitor-ipsec.in ++++ b/ipsec/ovs-monitor-ipsec.in +@@ -14,6 +14,7 @@ + # limitations under the License. + + import argparse ++import ipaddress + import re + import subprocess + import sys +@@ -413,6 +414,11 @@ conn prevent_unencrypted_vxlan + leftprotoport=udp/4789 + mark={0} + ++""" ++ ++ IPV6_CONN = """\ ++ hostaddrfamily=ipv6 ++ clientaddrfamily=ipv6 + """ + + auth_tmpl = {"psk": Template("""\ +@@ -520,6 +526,9 @@ conn prevent_unencrypted_vxlan + else: + auth_section = self.auth_tmpl["pki_ca"].substitute(tunnel.conf) + ++ if tunnel.conf["address_family"] == "IPv6": ++ auth_section = self.IPV6_CONN + auth_section ++ + vals = tunnel.conf.copy() + vals["auth_section"] = auth_section + vals["version"] = tunnel.version +@@ -756,6 +765,7 @@ class IPsecTunnel(object): + Tunnel Type: $tunnel_type + Local IP: $local_ip + Remote IP: $remote_ip ++ Address Family: $address_family + SKB mark: $skb_mark + Local cert: $certificate + Local name: $local_name +@@ -797,6 +807,9 @@ class IPsecTunnel(object): + "tunnel_type": row.type, + "local_ip": options.get("local_ip", "%defaultroute"), + "remote_ip": options.get("remote_ip"), ++ "address_family": self._get_conn_address_family( ++ options.get("remote_ip"), ++ options.get("local_ip")), + "skb_mark": monitor.conf["skb_mark"], + "certificate": monitor.conf["pki"]["certificate"], + "private_key": monitor.conf["pki"]["private_key"], +@@ -865,6 +878,17 @@ class IPsecTunnel(object): + + return header + conf + status + spds + sas + cons + "\n" + ++ def _get_conn_address_family(self, remote_ip, local_ip): ++ remote = address_family(remote_ip) ++ local = address_family(local_ip) ++ ++ if local is None: ++ return remote ++ elif local != remote: ++ return None ++ else: ++ return remote ++ + def _is_valid_tunnel_conf(self): + """This function verifies if IPsec tunnel has valid configuration + set in 'conf'. If it is valid, then it returns True. Otherwise, +@@ -1120,6 +1144,19 @@ class IPsecMonitor(object): + return m.group(1) + + ++def address_family(address): ++ try: ++ ip = ipaddress.ip_address(address) ++ ipstr = str(type(ip)) ++ # ipaddress has inconsistencies with what exceptions are raised: ++ # https://mail.openvswitch.org/pipermail/ovs-dev/2021-April/381696.html ++ except (ValueError, ipaddress.AddressValueError): ++ return None ++ if ipstr.find('v6') != -1: ++ return "IPv6" ++ return "IPv4" ++ ++ + def unixctl_xfrm_policies(conn, unused_argv, unused_aux): + global xfrm + policies = xfrm.get_policies() diff --git a/lib/dpif-netdev.c b/lib/dpif-netdev.c index 4381c618f1..251788b049 100644 --- a/lib/dpif-netdev.c diff --git a/SPECS/openvswitch2.15.spec b/SPECS/openvswitch2.15.spec index f021b9f..31e6fef 100644 --- a/SPECS/openvswitch2.15.spec +++ b/SPECS/openvswitch2.15.spec @@ -57,7 +57,7 @@ Summary: Open vSwitch Group: System Environment/Daemons daemon/database/utilities URL: http://www.openvswitch.org/ Version: 2.15.0 -Release: 8%{?dist} +Release: 9%{?dist} # Nearly all of openvswitch is ASL 2.0. The bugtool is LGPLv2+, and the # lib/sflow*.[ch] files are SISSL @@ -697,6 +697,10 @@ exit 0 %endif %changelog +* Thu Apr 01 2021 Open vSwitch CI - 2.15.0-9 +- Merging upstream branch-2.15 + [504b67ec8d91641bafdf73b29456b3447b396bda] + * Thu Apr 01 2021 Open vSwitch CI - 2.15.0-8 - Merging upstream branch-2.15 [147a0970bec73a4133ac1fbeebb0cd16887f2e21]