[ovs-discuss] BUG:OVS kernel module didn't send gre_key to identify flow type in kernel

Ben Pfaff blp at nicira.com
Sat Jun 20 18:56:08 UTC 2015


If you it find more satisfying, you can file an issue in the github
tracker:
        https://github.com/openvswitch/ovs-issues/

On Sat, Jun 20, 2015 at 09:48:39AM +0530, Harsh Jain wrote:
> Hi all,
> 
> How to track weather bug is raised or community has ignored the
> issue.I have not received any mail.
> 
> 
> Regards
> Harsh Jain
> 
> On Wed, Jun 10, 2015 at 10:35 PM, Ansis Atteka <aatteka at nicira.com> wrote:
> > On Mon, Jun 8, 2015 at 7:57 PM, Harsh Jain <harshjain.prof at gmail.com> wrote:
> >> Hi Ansis,
> >>
> >>  I used "ip xfrm add policy" command to add policy.
> >
> >> I have not used "ovs-monitor-ipsec".Can it be used to encryt based on GRE key?.
> > No, ovs-monitor-ipsec can't be used used to install IPsec policies
> > that match on GRE key.
> >
> >> I tested with GRE key value only.I will test weather Port no, based
> >> filtering is supported in OVS or not and revert.
> > Pravin told me that he will look into this patch before applying.
> >
> > One small comment - if gre KEY is not set, shouldn't we set it to 0
> > instead of leaving unset before performing route lookup?
> >
> >>
> >>
> >> Regards
> >> Harsh jain
> >>
> >>
> >> Regards
> >> Harsh Jain
> >>
> >> On Tue, Jun 9, 2015 at 2:07 AM, Ansis Atteka <aatteka at nicira.com> wrote:
> >>> On Mon, Jun 8, 2015 at 12:19 AM, Harsh Jain <harshjain.prof at gmail.com> wrote:
> >>>> Hi,
> >>>>
> >>>>
> >>>> While trying to encrypt(IPsec policy) packets  based on GRE key
> >>>> received in packets. kernel didn't encrypted the packets received from
> >>>> OVS bridge. The packets forwarded to Desination unencrypted.
> >>>> Kernel treats packet having different keys as same flow type.
> >>>
> >>> It seems that you are not using ovs-monitor-ipsec to install IPsec
> >>> policies for you?
> >>>
> >>>>
> >>>>
> >>>> Kernel Version used : 3.18.14
> >>>> ovs-vswitchd (Open vSwitch) 2.0.1
> >>>> Compiled Apr 16 2014 14:19:17
> >>>> OpenFlow versions 0x1:0x1
> >>>>
> >>>> Fix Applied :  Find attached initial patch.
> >>>>
> >>>> Please confirm if it is bug?.
> >>>
> >>> I think this could be classified as bug for those use cases when one
> >>> wants to install such fine grained IPsec policies based on GRE key.
> >>> BTW I looked in ip-xfrm man page and it has more fields in SELECTOR.
> >>>
> >>>
> >>>>
> >>>>
> >>>> Regards
> >>>> Harsh Jain
> >>>>
> >>>> _______________________________________________
> >>>> discuss mailing list
> >>>> discuss at openvswitch.org
> >>>> http://openvswitch.org/mailman/listinfo/discuss
> >>>>
> _______________________________________________
> discuss mailing list
> discuss at openvswitch.org
> http://openvswitch.org/mailman/listinfo/discuss



More information about the discuss mailing list