On Thu, Aug 9, 2018 at 3:28 PM, Qiuyu Xiao <qiuyu.xiao....@gmail.com> wrote:
> Hi William, > > ip_route_output_key() calls xfrm_lookup(). xfrm_lookup() needs L4 ports > so that the packet can match IPsec's security policy based on L4 ports. > IPsec security policy for Geneve selects udp packets with dst port 6081. > If no port information, the IPsec stack won't know the packet is a Geneve > packet and the packet won't be encrypted. > > Different dport and sport affect `struct xfrm_state` in the `struct > dst_entry`. > But this structure only matters to the xfrm module. The Linux upstream > VXLAN module already included L4 ports for VXLAN route look up. > > I see, thanks! --William _______________________________________________ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
