[ovs-discuss] BUG:OVS kernel module didn't send gre_key to identify flow type in kernel

Harsh Jain harshjain.prof at gmail.com
Tue Jun 9 02:57:07 UTC 2015


Hi Ansis,

 I used "ip xfrm add policy" command to add policy.
I have not used "ovs-monitor-ipsec".Can it be used to encryt based on GRE key?.
I tested with GRE key value only.I will test weather Port no, based
filtering is supported in OVS or not and revert.


Regards
Harsh jain


Regards
Harsh Jain

On Tue, Jun 9, 2015 at 2:07 AM, Ansis Atteka <aatteka at nicira.com> wrote:
> On Mon, Jun 8, 2015 at 12:19 AM, Harsh Jain <harshjain.prof at gmail.com> wrote:
>> Hi,
>>
>>
>> While trying to encrypt(IPsec policy) packets  based on GRE key
>> received in packets. kernel didn't encrypted the packets received from
>> OVS bridge. The packets forwarded to Desination unencrypted.
>> Kernel treats packet having different keys as same flow type.
>
> It seems that you are not using ovs-monitor-ipsec to install IPsec
> policies for you?
>
>>
>>
>> Kernel Version used : 3.18.14
>> ovs-vswitchd (Open vSwitch) 2.0.1
>> Compiled Apr 16 2014 14:19:17
>> OpenFlow versions 0x1:0x1
>>
>> Fix Applied :  Find attached initial patch.
>>
>> Please confirm if it is bug?.
>
> I think this could be classified as bug for those use cases when one
> wants to install such fine grained IPsec policies based on GRE key.
> BTW I looked in ip-xfrm man page and it has more fields in SELECTOR.
>
>
>>
>>
>> Regards
>> Harsh Jain
>>
>> _______________________________________________
>> discuss mailing list
>> discuss at openvswitch.org
>> http://openvswitch.org/mailman/listinfo/discuss
>>


More information about the discuss mailing list