On Mon, Aug 29, 2016 at 11:57 AM, Ansis Atteka <aatt...@ovn.org> wrote: > If ipsec_gre tunnel configuration is changed in OVSDB, > then GRE packets may sometimes exit unencrypted until > per-tunnel IPsec policies are installed by ovs-monitor-ipsec > daemon. > > This patch fixes this issue by installing single, low > priority IPsec block policy that drops all GRE packets > coming out from ipsec_gre tunnels that do not have yet > their own IPsec policies installed. > > This patch depends on to two other recently committed > patches: > 1. 574ff4aa (tunneling: get skb marking to work > properly with tunnels) > 2. ca3574d5 (IPsec: refactor out some code in > OVS_MONITOR_IPSEC_START macro) > > Signed-off-by: Ansis Atteka <aatt...@ovn.org> > Reported-by: Steffen Birkeland <steff...@stud.ntnu.no>
Acked-by: Jesse Gross <je...@kernel.org> _______________________________________________ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
