From 53dbf9b12117e82e5da65ff03e9b114512ae77d0 Mon Sep 17 00:00:00 2001
From: Periyasamy Palanisamy <pepalani@redhat.com>
Date: Wed, 27 Aug 2025 15:18:20 +0200
Subject: [PATCH] Skip _stackmanager execution for libreswan 5.3+

The _stackmanager binary was removed in libreswan 5.3 and is no
longer required for prerequisite checks. This commit conditionally
runs _stackmanager only when the binary is present on the system.

Signed-off-by: Periyasamy Palanisamy <pepalani@redhat.com>
---
 .../network/ovn-kubernetes/common/ipsec-containerized.yaml | 7 +++++--
 bindata/network/ovn-kubernetes/common/ipsec-host.yaml      | 7 +++++--
 2 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/bindata/network/ovn-kubernetes/common/ipsec-containerized.yaml b/bindata/network/ovn-kubernetes/common/ipsec-containerized.yaml
index a799ea3013..5d1c66018e 100644
--- a/bindata/network/ovn-kubernetes/common/ipsec-containerized.yaml
+++ b/bindata/network/ovn-kubernetes/common/ipsec-containerized.yaml
@@ -262,8 +262,11 @@ spec:
           ulimit -n 1024
 
           /usr/libexec/ipsec/addconn --config /etc/ipsec.conf --checkconfig
-          # Check kernel modules
-          /usr/libexec/ipsec/_stackmanager start
+          # Check kernel modules only for libreswan version <= 5.2. The _stackmanager binary is
+          # removed from 5.3 onwards, so this check is not needed on later versions.
+          if [ -e /usr/libexec/ipsec/_stackmanager ]; then
+            /usr/libexec/ipsec/_stackmanager start
+          fi
           # Check nss database status
           /usr/sbin/ipsec --checknss
           # Start the pluto IKE daemon
diff --git a/bindata/network/ovn-kubernetes/common/ipsec-host.yaml b/bindata/network/ovn-kubernetes/common/ipsec-host.yaml
index b3bac55327..7e3464268c 100644
--- a/bindata/network/ovn-kubernetes/common/ipsec-host.yaml
+++ b/bindata/network/ovn-kubernetes/common/ipsec-host.yaml
@@ -273,8 +273,11 @@ spec:
           ulimit -n 1024
 
           /usr/libexec/ipsec/addconn --config /etc/ipsec.conf --checkconfig
-          # Check kernel modules
-          /usr/libexec/ipsec/_stackmanager start
+          # Check kernel modules only for libreswan version <= 5.2. The _stackmanager binary is
+          # removed from 5.3 onwards, so this check is not needed on later versions.
+          if [ -e /usr/libexec/ipsec/_stackmanager ]; then
+            /usr/libexec/ipsec/_stackmanager start
+          fi
           # Check nss database status
           /usr/sbin/ipsec --checknss