Hi,
While trying to encrypt(IPsec policy) packets based on GRE key received in packets. kernel didn't encrypted the packets received from OVS bridge. The packets forwarded to Desination unencrypted. Kernel treats packet having different keys as same flow type. Kernel Version used : 3.18.14 ovs-vswitchd (Open vSwitch) 2.0.1 Compiled Apr 16 2014 14:19:17 OpenFlow versions 0x1:0x1 Fix Applied : Find attached initial patch. Please confirm if it is bug?. Regards Harsh Jain
--- vport-gre.c 2015-06-08 12:40:45.146776110 +0530 +++ /home/aricent/linux-3.18.14/net/openvswitch/vport-gre.c 2015-06-05 17:31:50.622627842 +0530 @@ -152,7 +152,8 @@ fl.flowi4_tos = RT_TOS(tun_key->ipv4_tos); fl.flowi4_mark = skb->mark; fl.flowi4_proto = IPPROTO_GRE; - + if(tun_key->tun_flags & TUNNEL_KEY) + fl.fl4_gre_key = be64_get_low32(tun_key->tun_id); rt = ip_route_output_key(net, &fl); if (IS_ERR(rt)) return PTR_ERR(rt); @@ -284,4 +285,3 @@ .get_name = gre_get_name, .send = gre_tnl_send, }; -
_______________________________________________ discuss mailing list [email protected] http://openvswitch.org/mailman/listinfo/discuss
