I have one question. In "datapath/linux/compat/include/net/geneve.h", USE_UPSTREAM_TUNNEL decides whether to use Linux upstream kernel function or OVS kernel function to transmit Geneve packet. Currently, it chooses Linux upstream kernel function. How to set USE_UPSTREAM_TUNNEL to use OVS kernel function? Otherwise, even though this patch is applied, IPsec won't work for Geneve tunnel without Linux upstream also being patched?
Thanks, Qiuyu On Thu, Aug 9, 2018 at 3:41 PM, William Tu <u9012...@gmail.com> wrote: > > > On Thu, Aug 9, 2018 at 3:28 PM, Qiuyu Xiao <qiuyu.xiao....@gmail.com> > wrote: > >> Hi William, >> >> ip_route_output_key() calls xfrm_lookup(). xfrm_lookup() needs L4 ports >> so that the packet can match IPsec's security policy based on L4 ports. >> IPsec security policy for Geneve selects udp packets with dst port 6081. >> If no port information, the IPsec stack won't know the packet is a >> Geneve packet and the packet won't be encrypted. >> >> Different dport and sport affect `struct xfrm_state` in the `struct >> dst_entry`. >> But this structure only matters to the xfrm module. The Linux upstream >> VXLAN module already included L4 ports for VXLAN route look up. >> >> > I see, thanks! > > --William > _______________________________________________ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
