[ovs-dev] [PATCH 1/1] datapath: add key support to CAPWAP tunnel

Valient Gough vgough at pobox.com
Mon Jul 11 01:18:31 UTC 2011


Add tunnel key support to CAPWAP vport.  Uses the optional WSI field in a
CAPWAP header to store a 64bit key.  It can also be used without keys, in which
case it is backward compatible with the old code.  Documentation about the
WSI field format is in CAPWAP.txt.

Signed-off-by: Valient Gough <vgough at pobox.com>
---
 datapath/CAPWAP.txt     |   80 ++++++++++++++++++
 datapath/Makefile.am    |    2 +-
 datapath/Modules.mk     |    4 +
 datapath/vport-capwap.c |  209 +++++++++++++++++++++++++++++++++++++---------
 lib/netdev-vport.c      |   12 +--
 vswitchd/vswitch.xml    |   26 ++++++
 6 files changed, 284 insertions(+), 49 deletions(-)
 create mode 100644 datapath/CAPWAP.txt

diff --git a/datapath/CAPWAP.txt b/datapath/CAPWAP.txt
new file mode 100644
index 0000000..151ad59
--- /dev/null
+++ b/datapath/CAPWAP.txt
@@ -0,0 +1,80 @@
+
+References:
+* http://www.rfc-editor.org/rfc/rfc5415.txt
+
+
+The CAPWAP header layout is summarized as follows:
+
+
+        0                   1                   2                   3
+        0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+       |CAPWAP Preamble|  HLEN   |   RID   | WBID    |T|F|L|W|M|K|Flags|
+       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+       |          Fragment ID          |     Frag Offset         |Rsvd |
+       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+       |                 (optional) Radio MAC Address                  |
+       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+       |            (optional) Wireless Specific Information           |
+       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+       |                        Payload ....                           |
+       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+The spec defines an optional Wireless Specific Information field which can be
+used to pass arbitrary data in the encapsulation layer:
+
+   Wireless Specific Information:  This optional field may be used to carry
+      per-packet information.  This field is only present if the
+      'W' bit is set.  The WBID field in the CAPWAP Header is used to
+      identify the format of the WSI optional field. The HLEN field assumes
+      4-byte alignment, and this field MUST be padded with zeroes (0x00) if it
+      is not 4-byte aligned.
+
+      The Wireless-Specific Information field uses the following format:
+
+        0                   1                   2                   3
+        0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+       |    Length     |                Data...
+       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+      Length:  The 8-bit field contains the length of the data field,
+         with a maximum size of 255.
+
+      Data:  Wireless-specific information, defined by the wireless-
+         specific binding specified in the CAPWAP Header's WBID field.
+
+
+   WBID:  A 5-bit field that is the wireless binding identifier.  The
+      identifier will indicate the type of wireless packet associated
+      with the radio.  The following values are defined:
+
+      0 -  Reserved
+      1 -  IEEE 802.11
+      2 -  Reserved
+      3 -  EPCGlobal [EPCGlobal]
+
+      When Open vSwitch uses this field, it writes the value:
+      30 - Open vSwitch data
+
+
+Open vSwitch can make use of this field to pass additional packet routing
+information. When needed, it sets the 'W' bit to indicates the WSI field is
+added, and fills the field as follows:
+
+        0                   1                   2                   3
+        0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+       |  WSI_LEN      |K|      Flags  |             Reserved          |
+       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+       |   (optional) 64bit Tunnel Key                                 |
+       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+       K - flag bit to identify presence of a 64bit tunnel key.
+
+
+Adding WSI fields:  Fields must be written and read in consitent order.  New
+fields may be added, but the existing fields always come first.
+
+
+
diff --git a/datapath/Makefile.am b/datapath/Makefile.am
index e1bd3e6..fb1453c 100644
--- a/datapath/Makefile.am
+++ b/datapath/Makefile.am
@@ -3,7 +3,7 @@ if LINUX_ENABLED
 SUBDIRS += linux
 endif
 
-EXTRA_DIST = $(dist_headers) $(dist_sources)
+EXTRA_DIST = $(dist_headers) $(dist_sources) $(dist_extras)
 
 # Suppress warnings about GNU extensions in Modules.mk files.
 AUTOMAKE_OPTIONS = -Wno-portability
diff --git a/datapath/Modules.mk b/datapath/Modules.mk
index 587569f..894c41d 100644
--- a/datapath/Modules.mk
+++ b/datapath/Modules.mk
@@ -45,8 +45,12 @@ openvswitch_headers = \
 	vport-internal_dev.h \
 	vport-netdev.h
 
+openvswitch_extras = \
+	CAPWAP.txt
+
 dist_sources = $(foreach module,$(dist_modules),$($(module)_sources))
 dist_headers = $(foreach module,$(dist_modules),$($(module)_headers))
+dist_extras = $(foreach module,$(dist_modules),$($(module)_extras))
 build_sources = $(foreach module,$(build_modules),$($(module)_sources))
 build_headers = $(foreach module,$(build_modules),$($(module)_headers))
 build_links = $(notdir $(build_sources))
diff --git a/datapath/vport-capwap.c b/datapath/vport-capwap.c
index f0bb327..c338685 100644
--- a/datapath/vport-capwap.c
+++ b/datapath/vport-capwap.c
@@ -42,21 +42,62 @@
  * statically create them and we can do very fast parsing by checking all 12
  * fields in one go.
  */
-#define CAPWAP_BEGIN_HLEN __cpu_to_be32(0x00100000)
-#define CAPWAP_BEGIN_WBID __cpu_to_be32(0x00000200)
 #define CAPWAP_BEGIN_FRAG __cpu_to_be32(0x00000080)
-#define CAPWAP_BEGIN_LAST __cpu_to_be32(0x00000040)
+#define CAPWAP_BEGIN_FRAG_LAST __cpu_to_be32(0x00000040)
+#define CAPWAP_BEGIN_HLEN_2 __cpu_to_be32(0x00100000)
+#define CAPWAP_BEGIN_HLEN_5 __cpu_to_be32(0x00280000)
+#define CAPWAP_BEGIN_HLEN_MASK __cpu_to_be32(0x00F80000)
+
+/*  Old capwap code is hard-coded to look for a WBID value of 2.
+ *  When we insert WSI field, use WBID value of 30, which has been
+ *  proposed for all "experimental" usage - users with no reserved WBID value
+ *  of their own.
+*/
+#define CAPWAP_WBID_30   __cpu_to_be32(0x00003C00)
+#define CAPWAP_WBID_2    __cpu_to_be32(0x00000200)
+#define CAPWAP_WBID_MASK __cpu_to_be32(0x00003E00)
 
-#define NO_FRAG_HDR (CAPWAP_BEGIN_HLEN | CAPWAP_BEGIN_WBID)
-#define FRAG_HDR (NO_FRAG_HDR | CAPWAP_BEGIN_FRAG)
-#define FRAG_LAST_HDR (FRAG_HDR | CAPWAP_BEGIN_LAST)
+/*
+ * CAPWAP allows an optional 'Wireless Specific Information' field, which is
+ * length prefixed and can contain any data.  If keys are configured for the
+ * vport, then the key will be placed in the WSI field and recovered by the
+ * receiver.
+ */
+#define CAPWAP_FLAG_WSI  __cpu_to_be32(0x00000020)
+
+#define FRAG_HDR (CAPWAP_BEGIN_FRAG)
+#define FRAG_LAST_HDR (FRAG_HDR | CAPWAP_BEGIN_FRAG_LAST)
+
+/* Keyed packet, WBID 30, and length long enough to include WSI key */
+#define CAPWAP_KEYED (CAPWAP_WBID_30 | CAPWAP_FLAG_WSI | CAPWAP_BEGIN_HLEN_5)
+/* A backward-compatible packet, WBID 2 and length of 2 words (no WSI fields) */
+#define CAPWAP_WO_WSI (CAPWAP_WBID_2 | CAPWAP_BEGIN_HLEN_2)
+#define CAPWAP_COMPAT_MASK (CAPWAP_WBID_MASK | CAPWAP_BEGIN_HLEN_MASK)
 
 struct capwaphdr {
 	__be32 begin;
 	__be16 frag_id;
+	/* low 3 bits of frag_off are reserved */
 	__be16 frag_off;
 };
 
+/*
+ * We use the WSI field to hold additional tunnel data.
+ * The first eight bits store the size of the wsi data in bytes.
+ */
+struct capwaphdr_wsi {
+	u8 wsi_len;
+	u8 flags;
+	__be16 reserved_padding;
+};
+
+struct capwaphdr_wsi_key {
+	__be64 key;
+};
+
+/* Flag indicating a 64bit key is stored in WSI data field */
+#define CAPWAP_WSI_FLAG_KEY64 0x80
+
 static inline struct capwaphdr *capwap_hdr(const struct sk_buff *skb)
 {
 	return (struct capwaphdr *)(udp_hdr(skb) + 1);
@@ -70,7 +111,11 @@ static inline struct capwaphdr *capwap_hdr(const struct sk_buff *skb)
  */
 #define FRAG_OFF_MASK (~0x7U)
 
-#define CAPWAP_HLEN (sizeof(struct udphdr) + sizeof(struct capwaphdr))
+/*
+ * The minimum header length.  The header may be longer if the optional
+ * WSI field is used.
+ */
+#define CAPWAP_MIN_HLEN (sizeof(struct udphdr) + sizeof(struct capwaphdr))
 
 struct frag_match {
 	__be32 saddr;
@@ -89,7 +134,7 @@ struct frag_skb_cb {
 #define FRAG_CB(skb) ((struct frag_skb_cb *)(skb)->cb)
 
 static struct sk_buff *fragment(struct sk_buff *, const struct vport *,
-				struct dst_entry *);
+				struct dst_entry *dst, unsigned int hlen);
 static void defrag_init(void);
 static void defrag_exit(void);
 static struct sk_buff *defrag(struct sk_buff *, bool frag_last);
@@ -117,18 +162,19 @@ static struct socket *capwap_rcv_socket;
 
 static int capwap_hdr_len(const struct tnl_mutable_config *mutable)
 {
+	int size = CAPWAP_MIN_HLEN;
+
 	/* CAPWAP has no checksums. */
 	if (mutable->flags & TNL_F_CSUM)
 		return -EINVAL;
 
-	/* CAPWAP has no keys, so check that the configuration for keys is the
-	 * default if no key-specific attributes are used.
-	 */
-	if ((mutable->flags & (TNL_F_IN_KEY_MATCH | TNL_F_OUT_KEY_ACTION)) !=
-	    (TNL_F_IN_KEY_MATCH | TNL_F_OUT_KEY_ACTION))
-		return -EINVAL;
+        /* if keys are specified, then add WSI field */
+	if (mutable->out_key || (mutable->flags & TNL_F_OUT_KEY_ACTION)) {
+		size += sizeof(struct capwaphdr_wsi) +
+			sizeof(struct capwaphdr_wsi_key);
+	}
 
-	return CAPWAP_HLEN;
+	return size;
 }
 
 static void capwap_build_header(const struct vport *vport,
@@ -142,9 +188,31 @@ static void capwap_build_header(const struct vport *vport,
 	udph->dest = htons(CAPWAP_DST_PORT);
 	udph->check = 0;
 
-	cwh->begin = NO_FRAG_HDR;
 	cwh->frag_id = 0;
 	cwh->frag_off = 0;
+
+	if (mutable->out_key || (mutable->flags & TNL_F_OUT_KEY_ACTION)) {
+		struct capwaphdr_wsi *wsi = (struct capwaphdr_wsi *)(cwh + 1);
+
+		cwh->begin = CAPWAP_KEYED;
+
+		/* -1 for wsi_len byte, not included in length as per spec */
+		wsi->wsi_len = sizeof(struct capwaphdr_wsi) - 1
+			+ sizeof(struct capwaphdr_wsi_key);
+		wsi->flags = CAPWAP_WSI_FLAG_KEY64;
+		wsi->reserved_padding = 0;
+
+		if (mutable->out_key) {
+			struct capwaphdr_wsi_key *opt = (struct capwaphdr_wsi_key *)(wsi + 1);
+			opt->key = mutable->out_key;
+		} else {
+			/* key left intentionally blank, to be filled in
+			   by capwap_update_header */
+		}
+	} else {
+		/* make packet readable by old capwap code */
+		cwh->begin = CAPWAP_WO_WSI;
+	}
 }
 
 static struct sk_buff *capwap_update_header(const struct vport *vport,
@@ -154,31 +222,88 @@ static struct sk_buff *capwap_update_header(const struct vport *vport,
 {
 	struct udphdr *udph = udp_hdr(skb);
 
+	if (mutable->flags & TNL_F_OUT_KEY_ACTION) {
+		/* first field in WSI is key */
+		struct capwaphdr *cwh = (struct capwaphdr *)(udph + 1);
+		struct capwaphdr_wsi *wsi = (struct capwaphdr_wsi *)(cwh + 1);
+		struct capwaphdr_wsi_key *opt = (struct capwaphdr_wsi_key *)(wsi + 1);
+
+		opt->key = OVS_CB(skb)->tun_id;
+	}
+
 	udph->len = htons(skb->len - skb_transport_offset(skb));
 
-	if (unlikely(skb->len - skb_network_offset(skb) > dst_mtu(dst)))
-		skb = fragment(skb, vport, dst);
+	if (unlikely(skb->len - skb_network_offset(skb) > dst_mtu(dst))) {
+		unsigned int hlen = skb_transport_offset(skb) + capwap_hdr_len(mutable);
+		skb = fragment(skb, vport, dst, hlen);
+	}
 
 	return skb;
 }
 
-static inline struct sk_buff *process_capwap_proto(struct sk_buff *skb)
+static int process_capwap_wsi(struct sk_buff *skb, __be64 *key)
 {
 	struct capwaphdr *cwh = capwap_hdr(skb);
+	struct capwaphdr_wsi *wsi;
+	int min_wsi_len = sizeof(struct capwaphdr_wsi);
+	int wsi_len;
+
+	/* ensure we have at least a minimal wsi header */
+	if (unlikely(!pskb_may_pull(skb, CAPWAP_MIN_HLEN + min_wsi_len + ETH_HLEN)))
+		return 1;
+
+	/* read wsi header to find out how big it really is */
+	wsi = (struct capwaphdr_wsi *)(cwh + 1);
+	/* +1 for length byte not included in wsi_len */
+	wsi_len = 1 + (unsigned int)wsi->wsi_len;
+	if (unlikely(!pskb_may_pull(skb, CAPWAP_MIN_HLEN + wsi_len + ETH_HLEN)))
+		return 1;
+
+	/* parse wsi field */
+	if (wsi->flags & CAPWAP_WSI_FLAG_KEY64) {
+		struct capwaphdr_wsi_key *opt = (struct capwaphdr_wsi_key *)(wsi + 1);
+		if (unlikely(wsi_len <= sizeof(struct capwaphdr_wsi_key)))
+			return 1;
+
+		*key = opt->key;
+	}
 
-	if (likely(cwh->begin == NO_FRAG_HDR))
-		return skb;
-	else if (cwh->begin == FRAG_HDR)
-		return defrag(skb, false);
-	else if (cwh->begin == FRAG_LAST_HDR)
-		return defrag(skb, true);
-	else {
-		if (net_ratelimit())
-			pr_warn("unparsable packet receive on capwap socket\n");
+	return 0;
+}
 
-		kfree_skb(skb);
-		return NULL;
+static inline struct sk_buff *process_capwap_proto(struct sk_buff *skb,
+		                                   __be64 *key)
+{
+	struct capwaphdr *cwh = capwap_hdr(skb);
+	int hdr_len = CAPWAP_MIN_HLEN;
+
+	if ((cwh->begin & CAPWAP_WBID_MASK) != CAPWAP_WBID_30) {
+		if (unlikely((cwh->begin & CAPWAP_COMPAT_MASK) != CAPWAP_WO_WSI))
+			goto error;
+	} else if (cwh->begin & CAPWAP_FLAG_WSI) {
+		struct capwaphdr_wsi *wsi = (struct capwaphdr_wsi *)(cwh + 1);
+		hdr_len += 1 + (unsigned int)wsi->wsi_len;
+
+		if (unlikely(process_capwap_wsi(skb, key)))
+			goto error;
 	}
+
+	__skb_pull(skb, hdr_len);
+	skb_postpull_rcsum(skb, skb_transport_header(skb), hdr_len + ETH_HLEN);
+
+	if (likely((cwh->begin & CAPWAP_BEGIN_FRAG) == 0)) {
+		return skb;
+	} else {
+		bool last_frag = (__force bool)(cwh->begin & CAPWAP_BEGIN_FRAG_LAST);
+		return defrag(skb, last_frag);
+	}
+
+error:
+	if (net_ratelimit())
+		pr_warn("unparsable packet receive on capwap socket\n");
+
+	kfree_skb(skb);
+	return NULL;
 }
 
 /* Called with rcu_read_lock and BH disabled. */
@@ -187,25 +312,28 @@ static int capwap_rcv(struct sock *sk, struct sk_buff *skb)
 	struct vport *vport;
 	const struct tnl_mutable_config *mutable;
 	struct iphdr *iph;
+	__be64 key = 0;
 
-	if (unlikely(!pskb_may_pull(skb, CAPWAP_HLEN + ETH_HLEN)))
+	if (unlikely(!pskb_may_pull(skb, CAPWAP_MIN_HLEN + ETH_HLEN)))
 		goto error;
 
-	__skb_pull(skb, CAPWAP_HLEN);
-	skb_postpull_rcsum(skb, skb_transport_header(skb), CAPWAP_HLEN + ETH_HLEN);
-
-	skb = process_capwap_proto(skb);
+	skb = process_capwap_proto(skb, &key);
 	if (unlikely(!skb))
 		goto out;
 
 	iph = ip_hdr(skb);
-	vport = tnl_find_port(iph->daddr, iph->saddr, 0,
-			      TNL_T_PROTO_CAPWAP | TNL_T_KEY_EXACT, &mutable);
+	vport = tnl_find_port(iph->daddr, iph->saddr, key,
+			      TNL_T_PROTO_CAPWAP | TNL_T_KEY_EITHER, &mutable);
 	if (unlikely(!vport)) {
 		icmp_send(skb, ICMP_DEST_UNREACH, ICMP_PORT_UNREACH, 0);
 		goto error;
 	}
 
+	if (mutable->flags & TNL_F_IN_KEY_MATCH)
+		OVS_CB(skb)->tun_id = key;
+	else
+		OVS_CB(skb)->tun_id = 0;
+
 	tnl_rcv(vport, skb, iph->tos);
 	goto out;
 
@@ -290,10 +418,9 @@ static void copy_skb_metadata(struct sk_buff *from, struct sk_buff *to)
 }
 
 static struct sk_buff *fragment(struct sk_buff *skb, const struct vport *vport,
-				struct dst_entry *dst)
+				struct dst_entry *dst, unsigned int hlen)
 {
 	struct tnl_vport *tnl_vport = tnl_vport_priv(vport);
-	unsigned int hlen = skb_transport_offset(skb) + CAPWAP_HLEN;
 	unsigned int headroom;
 	unsigned int max_frame_len = dst_mtu(dst) + skb_network_offset(skb);
 	struct sk_buff *result = NULL, *list_cur = NULL;
@@ -352,9 +479,9 @@ static struct sk_buff *fragment(struct sk_buff *skb, const struct vport *vport,
 
 		cwh = capwap_hdr(skb2);
 		if (remaining > frag_size)
-			cwh->begin = FRAG_HDR;
+			cwh->begin |= FRAG_HDR;
 		else
-			cwh->begin = FRAG_LAST_HDR;
+			cwh->begin |= FRAG_LAST_HDR;
 		cwh->frag_id = frag_id;
 		cwh->frag_off = htons(offset);
 
diff --git a/lib/netdev-vport.c b/lib/netdev-vport.c
index b9c1bfe..9ca636d 100644
--- a/lib/netdev-vport.c
+++ b/lib/netdev-vport.c
@@ -668,9 +668,9 @@ parse_tunnel_config(const char *name, const char *type,
                     || !strcmp(node->name, "private_key")
                     || !strcmp(node->name, "use_ssl_cert"))) {
             /* Ignore options not used by the netdev. */
-        } else if (is_gre && (!strcmp(node->name, "key") ||
-                              !strcmp(node->name, "in_key") ||
-                              !strcmp(node->name, "out_key"))) {
+        } else if (!strcmp(node->name, "key") ||
+                   !strcmp(node->name, "in_key") ||
+                   !strcmp(node->name, "out_key")) {
             /* Handled separately below. */
         } else {
             VLOG_WARN("%s: unknown %s argument '%s'", name, type, node->name);
@@ -700,10 +700,8 @@ parse_tunnel_config(const char *name, const char *type,
         }
     }
 
-    if (is_gre) {
-        set_key(args, "in_key", ODP_TUNNEL_ATTR_IN_KEY, options);
-        set_key(args, "out_key", ODP_TUNNEL_ATTR_OUT_KEY, options);
-    }
+    set_key(args, "in_key", ODP_TUNNEL_ATTR_IN_KEY, options);
+    set_key(args, "out_key", ODP_TUNNEL_ATTR_OUT_KEY, options);
 
     if (!daddr) {
         VLOG_ERR("%s: %s type requires valid 'remote_ip' argument",
diff --git a/vswitchd/vswitch.xml b/vswitchd/vswitch.xml
index 6199938..5f74e84 100644
--- a/vswitchd/vswitch.xml
+++ b/vswitchd/vswitch.xml
@@ -1056,6 +1056,32 @@
                 Default is the system default TTL.</dd>
             </dl>
             <dl>
+              <dt><code>in_key</code></dt>
+              <dd>Optional.  The WSI key that received packets must contain.
+                It may either be a 64-bit number (no key and a key of 0 are
+                treated as equivalent) or the word <code>flow</code>.  If
+                <code>flow</code> is specified then any key will be accepted
+                and the key will be placed in the <code>tun_id</code> field
+                for matching in the flow table.  The ovs-ofctl manual page
+                contains additional information about matching fields in
+                OpenFlow flows.  Default is no key.</dd>
+            </dl>
+            <dl>
+              <dt><code>out_key</code></dt>
+              <dd>Optional.  The WSI key to be set on outgoing packets.  It may
+                either be a 64-bit number or the word <code>flow</code>.  If
+                <code>flow</code> is specified then the key may be set using
+                the <code>set_tunnel</code> Nicira OpenFlow vendor extension (0
+                is used in the absence of an action).  The ovs-ofctl manual
+                page contains additional information about the Nicira OpenFlow
+                vendor extensions.  Default is no key.</dd>
+            </dl>
+            <dl>
+              <dt><code>key</code></dt>
+              <dd>Optional.  Shorthand to set <code>in_key</code> and
+                <code>out_key</code> at the same time.</dd>
+            </dl>
+            <dl>
               <dt><code>df_inherit</code></dt>
               <dd>Optional.  If enabled, the Don't Fragment bit will be copied
                 from the inner IP headers (those of the encapsulated traffic)
-- 
1.7.6




More information about the dev mailing list