On 30 August 2016 at 02:21, Jesse Gross <je...@kernel.org> wrote: > On Mon, Aug 29, 2016 at 11:57 AM, Ansis Atteka <aatt...@ovn.org> wrote: > > If ipsec_gre tunnel configuration is changed in OVSDB, > > then GRE packets may sometimes exit unencrypted until > > per-tunnel IPsec policies are installed by ovs-monitor-ipsec > > daemon. > > > > This patch fixes this issue by installing single, low > > priority IPsec block policy that drops all GRE packets > > coming out from ipsec_gre tunnels that do not have yet > > their own IPsec policies installed. > > > > This patch depends on to two other recently committed > > patches: > > 1. 574ff4aa (tunneling: get skb marking to work > > properly with tunnels) > > 2. ca3574d5 (IPsec: refactor out some code in > > OVS_MONITOR_IPSEC_START macro) > > > > Signed-off-by: Ansis Atteka <aatt...@ovn.org> > > Reported-by: Steffen Birkeland <steff...@stud.ntnu.no> > > Acked-by: Jesse Gross <je...@kernel.org> >
Thanks for review. I pushed this patch along with the two other patches mentioned in the commit message all the way to OVS 2.5. _______________________________________________ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev