Hi Lorenzo,
I agree vti is very limiting! I am glad to hear about xfrmi.
I saw two tunnels between gateways send traffic using VTI. So I am curious
what is different in your case. Or are you dealing with something else?
Here are a couple of outputs from libreswan testing
this is the verbose
copy geniv when cloning the xfrm state.
x->geniv was not copied to the new state and migration would fail.
xfrm_do_migrate
..
xfrm_state_clone()
..
..
esp_init_aead()
crypto_alloc_aead()
crypto_alloc_tfm()
crypto_find_alg() return EAGAIN and failed
Signed-off-by: Ant
UPDATE_SA
message to migrate the IPsec SA. The change could be a change UDP
encapsulation port, IP address, or both.
Reported-by: Paul Wouters <pwout...@redhat.com>
Signed-off-by: Antony Antony <ant...@phenome.org>
Reviewed-by: Richard Guy Briggs <r...@tricolour.ca>
---
include/n
Add XFRMA_ENCAP, UDP encapsulation port, to km_migrate announcement
to userland. Only add if XFRMA_ENCAP was in user migrate request.
Signed-off-by: Antony Antony <ant...@phenome.org>
Reviewed-by: Richard Guy Briggs <r...@tricolour.ca>
---
Changes in v2:
- fixed pfkey_
Add XFRMA_ENCAP, UDP encapsulation port, to km_migrate announcement
to userland. Only add if XFRMA_ENCAP was in user migrate request.
Signed-off-by: Antony Antony <ant...@phenome.org>
---
include/net/xfrm.h | 5 +++--
net/key/af_key.c | 3 ++-
net/xfrm/xfrm_policy.c | 2 +-
ne
address, port, or both could
change. With this patch xfrm_do_migrate will also support port change
if necessary.
Antony Antony (2):
xfrm: extend MIGRATE with UDP encapsulation port
xfrm: add UDP encapsulation port in migrate message
include/net/xfrm.h | 11 +++
net/key/af_key.c
UPDATE_SA
message to migrate the IPsec SA. The change could be a change UDP
encapsulation port, IP address, or both.
Reported-by: Paul Wouters <pwout...@redhat.com>
Signed-off-by: Antony Antony <ant...@phenome.org>
---
include/net/xfrm.h | 6 --
net/key/af_key.c | 2
i=0xca1c282d,seq=0x1),
length 136
IP 10.0.0.53.4500 > 10.0.10.46.4500: UDP-encap: ESP(spi=0x43ef462d,seq=0x7d2),
length 136
IP 10.0.10.46.4500 > 10.0.0.53.4500: UDP-encap: ESP(spi=0xca1c282d,seq=0x2),
length 136
Signed-off-by: Antony Antony <ant...@phenome.org>
---
Changes in v2:
-
i=0xca1c282d,seq=0x1),
length 136
IP 10.0.0.53.4500 > 10.0.10.46.4500: UDP-encap: ESP(spi=0x43ef462d,seq=0x7d2),
length 136
IP 10.0.10.46.4500 > 10.0.0.53.4500: UDP-encap: ESP(spi=0xca1c282d,seq=0x2),
length 136
The attached patch fix it by copying replay and preplay.
regards,
-antony