[ovs-dev] [PATCH v5 1/9] datapath: add transport ports in route lookup for geneve

Qiuyu Xiao qiuyu.xiao.qyx at gmail.com
Thu Aug 9 23:13:50 UTC 2018


I have one question. In
"datapath/linux/compat/include/net/geneve.h", USE_UPSTREAM_TUNNEL decides
whether to use Linux upstream kernel function or OVS kernel function to
transmit Geneve packet. Currently, it chooses Linux upstream kernel
function. How to set USE_UPSTREAM_TUNNEL to use OVS kernel function?
Otherwise, even though this patch is applied, IPsec won't work for Geneve
tunnel without Linux upstream also being patched?

Thanks,
Qiuyu

On Thu, Aug 9, 2018 at 3:41 PM, William Tu <u9012063 at gmail.com> wrote:

>
>
> On Thu, Aug 9, 2018 at 3:28 PM, Qiuyu Xiao <qiuyu.xiao.qyx at gmail.com>
> wrote:
>
>> Hi William,
>>
>> ip_route_output_key() calls xfrm_lookup(). xfrm_lookup() needs L4 ports
>> so that the packet can match IPsec's security policy based on L4 ports.
>> IPsec security policy for Geneve selects udp packets with dst port 6081.
>> If no port information, the IPsec stack won't know the packet is a
>> Geneve packet and the packet won't be encrypted.
>>
>> Different dport and sport affect `struct xfrm_state` in the `struct dst_entry`.
>> But this structure only matters to the xfrm module. The Linux upstream
>> VXLAN module already included L4 ports for VXLAN route look up.
>>
>>
> I see, thanks!
>
> --William
>


More information about the dev mailing list