If IPsec policy uses skb mark, then we have to do route look up
with skb mark as well.
Issue: 14870
Signed-off-by: Ansis Atteka <aatt...@nicira.com>
---
datapath/tunnel.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/datapath/tunnel.c b/datapath/tunnel.c
index 6193891..5564d32 100644
--- a/datapath/tunnel.c
+++ b/datapath/tunnel.c
@@ -360,7 +360,7 @@ void ovs_tnl_rcv(struct vport *vport, struct sk_buff *skb)
static struct rtable *find_route(struct net *net,
__be32 *saddr, __be32 daddr, u8 ipproto,
- u8 tos)
+ u8 tos, u32 skb_mark)
{
struct rtable *rt;
/* Tunnel configuration keeps DSCP part of TOS bits, But Linux
@@ -381,6 +381,7 @@ static struct rtable *find_route(struct net *net,
struct flowi4 fl = { .daddr = daddr,
.saddr = *saddr,
.flowi4_tos = RT_TOS(tos),
+ .flowi4_mark = skb_mark,
.flowi4_proto = ipproto };
rt = ip_route_output_key(net, &fl);
@@ -609,7 +610,7 @@ int ovs_tnl_send(struct vport *vport, struct sk_buff *skb)
/* Route lookup */
rt = find_route(port_key_get_net(&mutable->key), &saddr, daddr,
- tnl_vport->tnl_ops->ipproto, tos);
+ tnl_vport->tnl_ops->ipproto, tos, skb->mark);
if (IS_ERR(rt))
goto error_free;
@@ -773,7 +774,7 @@ static int tnl_set_config(struct net *net, struct nlattr
*options,
rt = find_route(port_key_get_net(&mutable->key),
&saddr, mutable->key.daddr,
- tnl_ops->ipproto, mutable->tos);
+ tnl_ops->ipproto, mutable->tos, 0);
if (IS_ERR(rt))
return -EADDRNOTAVAIL;
dev = rt_dst(rt).dev;
--
1.7.9.5
_______________________________________________
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev
