kotovalexarian-likes-github/moby--moby
1
0
Fork 0
mirror of https://github.com/moby/moby.git synced 2022-11-09 12:21:53 -05:00
Code Releases Activity

Merge pull request #1294 from sanimej/ipseckeys

Browse source 
Switch overlay encryption to use IPSec subsystem keys
This commit is contained in:
Alessandro Boch 2016-06-29 17:23:34 -07:00 committed by GitHub
commit e942cb3dd6
1 changed files with 10 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
libnetwork/agent.go
View file

@ -102,7 +102,7 @@ func (c *controller) handleKeyChange(keys []*types.EncryptionKey) error {
deleted = cKey.Key deleted = cKey.Key
} }
if cKey.Subsystem == subsysGossip /* subsysIPSec */ { if cKey.Subsystem == subsysIPSec {
drvEnc.Prune = cKey.Key drvEnc.Prune = cKey.Key
drvEnc.PruneTag = cKey.LamportTime drvEnc.PruneTag = cKey.LamportTime
} }
@ -128,7 +128,7 @@ func (c *controller) handleKeyChange(keys []*types.EncryptionKey) error {
a.networkDB.SetKey(key.Key) a.networkDB.SetKey(key.Key)
} }
if key.Subsystem == subsysGossip /*subsysIPSec*/ { if key.Subsystem == subsysIPSec {
drvEnc.Key = key.Key drvEnc.Key = key.Key
drvEnc.Tag = key.LamportTime drvEnc.Tag = key.LamportTime
} }
@ -138,7 +138,7 @@ func (c *controller) handleKeyChange(keys []*types.EncryptionKey) error {
key, tag := c.getPrimaryKeyTag(subsysGossip) key, tag := c.getPrimaryKeyTag(subsysGossip)
a.networkDB.SetPrimaryKey(key) a.networkDB.SetPrimaryKey(key)
//key, tag = c.getPrimaryKeyTag(subsysIPSec) key, tag = c.getPrimaryKeyTag(subsysIPSec)
drvEnc.Primary = key drvEnc.Primary = key
drvEnc.PrimaryTag = tag drvEnc.PrimaryTag = tag
@ -317,17 +317,12 @@ func (c *controller) agentInit(bindAddrOrInterface string) error {
return nil return nil
} }
drvEnc := discoverapi.DriverEncryptionConfig{}
keys, tags := c.getKeys(subsysGossip) // getKeys(subsysIPSec)
drvEnc.Keys = keys
drvEnc.Tags = tags
bindAddr, err := resolveAddr(bindAddrOrInterface) bindAddr, err := resolveAddr(bindAddrOrInterface)
if err != nil { if err != nil {
return err return err
} }
keys, tags := c.getKeys(subsysGossip)
hostname, _ := os.Hostname() hostname, _ := os.Hostname()
nDB, err := networkdb.New(&networkdb.Config{ nDB, err := networkdb.New(&networkdb.Config{
BindAddr: bindAddr, BindAddr: bindAddr,
@ -350,6 +345,11 @@ func (c *controller) agentInit(bindAddrOrInterface string) error {
go c.handleTableEvents(ch, c.handleEpTableEvent) go c.handleTableEvents(ch, c.handleEpTableEvent)
drvEnc := discoverapi.DriverEncryptionConfig{}
keys, tags = c.getKeys(subsysIPSec)
drvEnc.Keys = keys
drvEnc.Tags = tags
c.drvRegistry.WalkDrivers(func(name string, driver driverapi.Driver, capability driverapi.Capability) bool { c.drvRegistry.WalkDrivers(func(name string, driver driverapi.Driver, capability driverapi.Capability) bool {
err := driver.DiscoverNew(discoverapi.EncryptionKeysConfig, drvEnc) err := driver.DiscoverNew(discoverapi.EncryptionKeysConfig, drvEnc)
if err != nil { if err != nil {
@ -380,7 +380,7 @@ func (c *controller) agentDriverNotify(d driverapi.Driver) {
}) })
drvEnc := discoverapi.DriverEncryptionConfig{} drvEnc := discoverapi.DriverEncryptionConfig{}
keys, tags := c.getKeys(subsysGossip) // getKeys(subsysIPSec) keys, tags := c.getKeys(subsysIPSec)
drvEnc.Keys = keys drvEnc.Keys = keys
drvEnc.Tags = tags drvEnc.Tags = tags