On Tue, Mar 1, 2011 at 4:36 PM, Jesse Gross <je...@nicira.com> wrote:
> On Tue, Mar 1, 2011 at 3:39 PM, Valient Gough <vali...@gmail.com> wrote:
>>
>> While adding support for a tunnel with optional tunnel key, I've found
>> problems handling the key configuration. In existing tunnel code, such as
>> GRE, the tunnel determines a key should be added to the packet if either
>> TNL_F_OUT_KEY_ACTION is set, or else out_key is provided. The logic below
>> in tunnel.c will set the ACTION flag if NO key is provided, which means a
>> tunnel with key support will always attempt to insert a key. Patch below.
>
> The two methods of operation are supposed to be mutually exclusive.
> Either the port has a specific key associated with it that is
> implicitly used or one is provided by a flow action. That's why the
> flag is set if no key is provided. In general key 0 is treated as
> equivalent to key not present, so for GRE we don't include it at all
> if the key is permanently zero. If it is a flow based key then we
> always include it in the GRE header for consistency.
>
> Out of curiosity, what protocol are you adding support for?
>
I'm confused about the purpose of this flag. What does it mean to set
TNL_F_OUT_KEY_ACTION but not have a key? How could I configure GRE
without setting a key and without setting TNL_F_OUT_KEY_ACTION?
In vport-gre, gre_build_header, the logic is:
if (mutable->out_key || mutable->flags & TNL_F_OUT_KEY_ACTION)
greh->flags |= GRE_KEY;
if (mutable->out_key)
*options = be64_get_low32(mutable->out_key);
The packet parsing code just looks for GRE_KEY to be set. So that
seems confusing to indicate in the packet that there is a key, but not
write one.
I added key support to vport-capwap. When testing for backward
compatibility with the previous implementation, I was trying to NOT
set a key and NOT set TNL_F_OUT_KEY_ACTION, but it isn't clear how to
do that.
regards,
Valient
_______________________________________________
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev_openvswitch.org
