projects / cascardo / ovs.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: fba6bd1) | patch
ipsec: unset IPSEC_MARK flag from skb_mark after tunnel packet is decapsulated
authorAnsis Atteka <aatteka@nicira.com>
Thu, 14 Mar 2013 18:53:00 +0000 (11:53 -0700)
committerAnsis Atteka <aatteka@nicira.com>
Mon, 18 Mar 2013 16:21:27 +0000 (09:21 -0700)
commit321fa4292766c96b953f0de930c0241251d7e695
tree4a970953471dd8a3ae3cf322c5b1a31e0aca0f3ctree | snapshot
parentfba6bd1d3f5891471daea8bf5da22303c2d889dfcommit | diff
ipsec: unset IPSEC_MARK flag from skb_mark after tunnel packet is decapsulated

After tunnel packet is unencapsulated we should unset IPsec flag from
skb_mark.

Otherwise, IPsec policies would be applied one more time on internal
interfaces, if there is one. This is especially necessary after we
will introduce global, low-priority IPsec drop policy that will make
sure that we never let through marked but unencrypted packets.

Signed-off-by: Ansis Atteka <aatteka@nicira.com>
Issue: 15074
ofproto/ofproto-dpif.c diff | blob | history
ofproto/tunnel.c diff | blob | history
ofproto/tunnel.h diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.