[ovs-dev] [PATCH v5 1/9] datapath: add transport ports in route lookup for geneve

William Tu u9012063 at gmail.com
Thu Aug 9 22:41:09 UTC 2018


On Thu, Aug 9, 2018 at 3:28 PM, Qiuyu Xiao <qiuyu.xiao.qyx at gmail.com> wrote:

> Hi William,
>
> ip_route_output_key() calls xfrm_lookup(). xfrm_lookup() needs L4 ports
> so that the packet can match IPsec's security policy based on L4 ports.
> IPsec security policy for Geneve selects udp packets with dst port 6081.
> If no port information, the IPsec stack won't know the packet is a Geneve
> packet and the packet won't be encrypted.
>
> Different dport and sport affect `struct xfrm_state` in the `struct dst_entry`.
> But this structure only matters to the xfrm module. The Linux upstream
> VXLAN module already included L4 ports for VXLAN route look up.
>
>
I see, thanks!

--William


More information about the dev mailing list