[ovs-git] Open vSwitch: ipsec: unset IPSEC_MARK flag from skb_mark after tunnel packet is decapsulated (branch-1.10)
dev at openvswitch.org
dev at openvswitch.org
Mon Mar 18 16:40:54 UTC 2013
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "Open vSwitch".
The branch, branch-1.10 has been updated
via 840d49ae9e8041a4e5005dec9c51623778c2a6f1 (commit)
from 965b0d4b74c8d2cc73de86273963f1fc7b306e12 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 840d49ae9e8041a4e5005dec9c51623778c2a6f1
Diffs: http://openvswitch.org/cgi-bin/gitweb.cgi?p=openvswitch;a=commitdiff;h=840d49ae9e8041a4e5005dec9c51623778c2a6f1
Author: Ansis Atteka <aatteka at nicira.com>
ipsec: unset IPSEC_MARK flag from skb_mark after tunnel packet is decapsulated
After tunnel packet is unencapsulated we should unset IPsec flag from
skb_mark.
Otherwise, IPsec policies would be applied one more time on internal
interfaces, if there is one. This is especially necessary after we
will introduce global, low-priority IPsec drop policy that will make
sure that we never let through marked but unencrypted packets.
Signed-off-by: Ansis Atteka <aatteka at nicira.com>
Issue: 15074
-----------------------------------------------------------------------
Summary of changes:
ofproto/ofproto-dpif.c | 1 +
ofproto/tunnel.c | 3 ---
ofproto/tunnel.h | 3 +++
3 files changed, 4 insertions(+), 3 deletions(-)
hooks/post-receive
--
Open vSwitch
More information about the git
mailing list