From ec17841ea4b35e707f51b582fea8ea4d6613cb05 Mon Sep 17 00:00:00 2001 From: Santhosh Manohar Date: Wed, 15 Jun 2016 04:10:23 -0700 Subject: [PATCH] Switch overlay encryption to use IPSec susbsystem keys Signed-off-by: Santhosh Manohar --- libnetwork/agent.go | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/libnetwork/agent.go b/libnetwork/agent.go index eaab2893c0..64710ff11d 100644 --- a/libnetwork/agent.go +++ b/libnetwork/agent.go @@ -102,7 +102,7 @@ func (c *controller) handleKeyChange(keys []*types.EncryptionKey) error { deleted = cKey.Key } - if cKey.Subsystem == subsysGossip /* subsysIPSec */ { + if cKey.Subsystem == subsysIPSec { drvEnc.Prune = cKey.Key drvEnc.PruneTag = cKey.LamportTime } @@ -128,7 +128,7 @@ func (c *controller) handleKeyChange(keys []*types.EncryptionKey) error { a.networkDB.SetKey(key.Key) } - if key.Subsystem == subsysGossip /*subsysIPSec*/ { + if key.Subsystem == subsysIPSec { drvEnc.Key = key.Key drvEnc.Tag = key.LamportTime } @@ -138,7 +138,7 @@ func (c *controller) handleKeyChange(keys []*types.EncryptionKey) error { key, tag := c.getPrimaryKeyTag(subsysGossip) a.networkDB.SetPrimaryKey(key) - //key, tag = c.getPrimaryKeyTag(subsysIPSec) + key, tag = c.getPrimaryKeyTag(subsysIPSec) drvEnc.Primary = key drvEnc.PrimaryTag = tag @@ -317,17 +317,12 @@ func (c *controller) agentInit(bindAddrOrInterface string) error { return nil } - drvEnc := discoverapi.DriverEncryptionConfig{} - - keys, tags := c.getKeys(subsysGossip) // getKeys(subsysIPSec) - drvEnc.Keys = keys - drvEnc.Tags = tags - bindAddr, err := resolveAddr(bindAddrOrInterface) if err != nil { return err } + keys, tags := c.getKeys(subsysGossip) hostname, _ := os.Hostname() nDB, err := networkdb.New(&networkdb.Config{ BindAddr: bindAddr, @@ -350,6 +345,11 @@ func (c *controller) agentInit(bindAddrOrInterface string) error { go c.handleTableEvents(ch, c.handleEpTableEvent) + drvEnc := discoverapi.DriverEncryptionConfig{} + keys, tags = c.getKeys(subsysIPSec) + drvEnc.Keys = keys + drvEnc.Tags = tags + c.drvRegistry.WalkDrivers(func(name string, driver driverapi.Driver, capability driverapi.Capability) bool { err := driver.DiscoverNew(discoverapi.EncryptionKeysConfig, drvEnc) if err != nil { @@ -380,7 +380,7 @@ func (c *controller) agentDriverNotify(d driverapi.Driver) { }) drvEnc := discoverapi.DriverEncryptionConfig{} - keys, tags := c.getKeys(subsysGossip) // getKeys(subsysIPSec) + keys, tags := c.getKeys(subsysIPSec) drvEnc.Keys = keys drvEnc.Tags = tags