yahoo-eng-team team mailing list archive

[OpenStack Infra <2089252@xxxxxxxxxxxxxxxxxx>]

Reviewed:  https://review.opendev.org/c/openstack/neutron-vpnaas/+/937216
Committed: https://opendev.org/openstack/neutron-vpnaas/commit/0bac8169cd8421dbc87294f22072142ec0202f53
Submitter: "Zuul (22348)"
Branch:    master

commit 0bac8169cd8421dbc87294f22072142ec0202f53
Author: Trygve Vea <trygve.vea@xxxxxxxxx>
Date:   Thu Dec 5 23:44:51 2024 +0100

    Fix connection status reporting when using LibreSwan 4
    
    The regex-pattern used to check for connection liveness needs to remove
    the IPSec-keyword to correctly detect active connections on LibreSwan 4.
    
    Closes-Bug: #2089252
    Change-Id: I76f04842025e6d676e372e7394a3c5ab04d0d129


** Changed in: neutron
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/2089252

Title:
  neutron-vpnaas: LibreSwan 4 connections not listed as ACTIVE

Status in neutron:
  Fix Released

Bug description:
  The regex that are used to check IPSec connection status is incorrect
  for LibreSwan 4:

  From neutron_vpnaas/services/vpn/device_drivers/ipsec.py
  ```python
      STATUS_IPSEC_SA_ESTABLISHED_RE = (
          r'\d{3} #\d+: "([a-f0-9\-]+).*established.*newest IPSEC')
      STATUS_IPSEC_SA_ESTABLISHED_RE2 = (
          r'\d{3} #\d+: "([a-f0-9\-\/x]+).*established.*newest IPSEC')
  ```

  Removing " IPSEC" is an effective fix, but has not been quality
  checked.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/2089252/+subscriptions