[ovs-discuss] BUG:OVS kernel module didn't send gre_key to identify flow type in kernel

Harsh Jain harshjain.prof at gmail.com
Sat Jun 20 04:18:39 UTC 2015 

Hi all,

How to track weather bug is raised or community has ignored the
issue.I have not received any mail.


Regards
Harsh Jain

On Wed, Jun 10, 2015 at 10:35 PM, Ansis Atteka <aatteka at nicira.com> wrote:
> On Mon, Jun 8, 2015 at 7:57 PM, Harsh Jain <harshjain.prof at gmail.com> wrote:
>> Hi Ansis,
>>
>>  I used "ip xfrm add policy" command to add policy.
>
>> I have not used "ovs-monitor-ipsec".Can it be used to encryt based on GRE key?.
> No, ovs-monitor-ipsec can't be used used to install IPsec policies
> that match on GRE key.
>
>> I tested with GRE key value only.I will test weather Port no, based
>> filtering is supported in OVS or not and revert.
> Pravin told me that he will look into this patch before applying.
>
> One small comment - if gre KEY is not set, shouldn't we set it to 0
> instead of leaving unset before performing route lookup?
>
>>
>>
>> Regards
>> Harsh jain
>>
>>
>> Regards
>> Harsh Jain
>>
>> On Tue, Jun 9, 2015 at 2:07 AM, Ansis Atteka <aatteka at nicira.com> wrote:
>>> On Mon, Jun 8, 2015 at 12:19 AM, Harsh Jain <harshjain.prof at gmail.com> wrote:
>>>> Hi,
>>>>
>>>>
>>>> While trying to encrypt(IPsec policy) packets  based on GRE key
>>>> received in packets. kernel didn't encrypted the packets received from
>>>> OVS bridge. The packets forwarded to Desination unencrypted.
>>>> Kernel treats packet having different keys as same flow type.
>>>
>>> It seems that you are not using ovs-monitor-ipsec to install IPsec
>>> policies for you?
>>>
>>>>
>>>>
>>>> Kernel Version used : 3.18.14
>>>> ovs-vswitchd (Open vSwitch) 2.0.1
>>>> Compiled Apr 16 2014 14:19:17
>>>> OpenFlow versions 0x1:0x1
>>>>
>>>> Fix Applied :  Find attached initial patch.
>>>>
>>>> Please confirm if it is bug?.
>>>
>>> I think this could be classified as bug for those use cases when one
>>> wants to install such fine grained IPsec policies based on GRE key.
>>> BTW I looked in ip-xfrm man page and it has more fields in SELECTOR.
>>>
>>>
>>>>
>>>>
>>>> Regards
>>>> Harsh Jain
>>>>
>>>> _______________________________________________
>>>> discuss mailing list
>>>> discuss at openvswitch.org
>>>> http://openvswitch.org/mailman/listinfo/discuss
>>>>

More information about the discuss mailing list