On 30 August 2016 at 02:21, Jesse Gross <[email protected]> wrote: > On Mon, Aug 29, 2016 at 11:57 AM, Ansis Atteka <[email protected]> wrote: > > If ipsec_gre tunnel configuration is changed in OVSDB, > > then GRE packets may sometimes exit unencrypted until > > per-tunnel IPsec policies are installed by ovs-monitor-ipsec > > daemon. > > > > This patch fixes this issue by installing single, low > > priority IPsec block policy that drops all GRE packets > > coming out from ipsec_gre tunnels that do not have yet > > their own IPsec policies installed. > > > > This patch depends on to two other recently committed > > patches: > > 1. 574ff4aa (tunneling: get skb marking to work > > properly with tunnels) > > 2. ca3574d5 (IPsec: refactor out some code in > > OVS_MONITOR_IPSEC_START macro) > > > > Signed-off-by: Ansis Atteka <[email protected]> > > Reported-by: Steffen Birkeland <[email protected]> > > Acked-by: Jesse Gross <[email protected]> >
Thanks for review. I pushed this patch along with the two other patches mentioned in the commit message all the way to OVS 2.5. _______________________________________________ dev mailing list [email protected] http://openvswitch.org/mailman/listinfo/dev
