On Mon, Aug 29, 2016 at 11:57 AM, Ansis Atteka <[email protected]> wrote: > If ipsec_gre tunnel configuration is changed in OVSDB, > then GRE packets may sometimes exit unencrypted until > per-tunnel IPsec policies are installed by ovs-monitor-ipsec > daemon. > > This patch fixes this issue by installing single, low > priority IPsec block policy that drops all GRE packets > coming out from ipsec_gre tunnels that do not have yet > their own IPsec policies installed. > > This patch depends on to two other recently committed > patches: > 1. 574ff4aa (tunneling: get skb marking to work > properly with tunnels) > 2. ca3574d5 (IPsec: refactor out some code in > OVS_MONITOR_IPSEC_START macro) > > Signed-off-by: Ansis Atteka <[email protected]> > Reported-by: Steffen Birkeland <[email protected]>
Acked-by: Jesse Gross <[email protected]> _______________________________________________ dev mailing list [email protected] http://openvswitch.org/mailman/listinfo/dev
