On Thu, Mar 14, 2013 at 2:27 PM, Ansis Atteka <[email protected]> wrote: > After tunnel packet is unencapsulated we should unset IPsec flag from > skb_mark. > > Otherwise, IPsec policies would be applied one more time on internal > interfaces, if there is one. This is especially necessary after we > will introduce global, low-priority IPsec drop policy that will make > sure that we never let through marked but unencrypted packets. > > Signed-off-by: Ansis Atteka <[email protected]> > Issue: 15074
Is it possible to make the IPsec drop policy apply only on outbound packets? _______________________________________________ dev mailing list [email protected] http://openvswitch.org/mailman/listinfo/dev
