On Mon, Sep 26, 2016 at 1:15 PM, pravin shelar <pshe...@ovn.org> wrote: > On Mon, Sep 26, 2016 at 11:49 AM, Ansis Atteka <ansisatt...@gmail.com> wrote: >> >> >> On 26 September 2016 at 03:48, Pravin B Shelar <pshe...@ovn.org> wrote: >>> >>> OVS GRE IPsec tunnel support has multiple issues, Therefore >> >> s/issues,/issues. >>> >>> it was deprecated in OVS 2.6. >>> >>> Following patch removes support GRE IPsec and allow external >> >> s/support/support for >> s/allow/allows >>> >>> IPsec tunnel management for any type of tunnel not just GRE. >>> >>> e.g. user can encrpt Geneve or VxLan traffic. >> >> s/encrpt/encrypt >>> >>> >>> It can be done by using openflow pipeline to set skb-mark >>> and using xfrm to implement IPsec tunnels. xfrm can match >>> on the skb-mark to encrypt selective tunnel traffic. >> >> >> Some folks may misinterpret the paragraph above that we are recommending >> them to use XFRM *directly* as an alternative. XFRM is just NetLink >> interface to linux kernel to install IPsec keys after these keys have been >> negotiated by IPsec keying daemon, such as strongSwan, openSwan/libreswan or >> racoon. >> >> Instead I would recommend users to use one of the IPsec keying daemons >> rather than XFRM directly. >> > ok, sounds good, I will update commit msg. > >>> VMware-BZ: 1710701 >>> Signed-off-by: Pravin B Shelar <pshe...@ovn.org> >>> --- >>> This is targeted for OVS master branch only. >>> --- >>> NEWS | 1 + >>> README.md | 2 +- >>> >>> debian/automake.mk | 7 - >>> debian/control | 24 -- >>> debian/openvswitch-ipsec.dirs | 1 - >>> debian/openvswitch-ipsec.init | 203 ---------------- >>> debian/openvswitch-ipsec.install | 1 - >>> debian/ovs-monitor-ipsec | 507 >>> --------------------------------------- >>> lib/netdev-vport.c | 67 +----- >>> lib/netdev.h | 1 - >>> ofproto/ofproto-dpif-ipfix.c | 15 -- >>> ofproto/ofproto-dpif-sflow.c | 7 - >>> ofproto/tunnel.c | 13 - >>> tests/automake.mk | 1 - >>> tests/ofproto-macros.at | 49 ---- >>> tests/ovn-controller.at | 2 +- >>> tests/ovs-monitor-ipsec.at | 271 --------------------- >>> tests/testsuite.at | 1 - >>> tests/tunnel-push-pop-ipv6.at | 2 +- >>> tests/tunnel-push-pop.at | 2 +- >>> tests/tunnel.at | 87 +------ >>> utilities/bugtool/ovs-bugtool.in | 2 +- >>> utilities/ovs-appctl.8.in | 4 +- >>> vswitchd/vswitch.xml | 57 +---- >>> 24 files changed, 23 insertions(+), 1304 deletions(-) >>> delete mode 100644 debian/openvswitch-ipsec.dirs >>> delete mode 100755 debian/openvswitch-ipsec.init >>> delete mode 100644 debian/openvswitch-ipsec.install >>> delete mode 100755 debian/ovs-monitor-ipsec >>> delete mode 100644 tests/ovs-monitor-ipsec.at >> >> >> Assuming you were able to build all other debian packages with "fakeroot >> debian/rules binary" after removing and editing those files, then >> Acked-by: Ansis Atteka <aatt...@ovn.org> >> > Thanks for review. > >> Let me know, if you want me to independently verify that as well? > > I will test this but it will be nice if you verify it independently.
I tested it on Debian, It was pretty straight forward to build Debian packages. I did not see any issue with the patch. so I pushed the patch to master. Thanks. _______________________________________________ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
