projects / cascardo / ovs.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 965b0d4) | patch
ipsec: unset IPSEC_MARK flag from skb_mark after tunnel packet is decapsulated
authorAnsis Atteka <aatteka@nicira.com>
Thu, 14 Mar 2013 18:53:00 +0000 (11:53 -0700)
committerAnsis Atteka <aatteka@nicira.com>
Mon, 18 Mar 2013 16:22:46 +0000 (09:22 -0700)
commit840d49ae9e8041a4e5005dec9c51623778c2a6f1
tree6bc63401641fba0aae36c3599c16de20c2e83a02tree | snapshot
parent965b0d4b74c8d2cc73de86273963f1fc7b306e12commit | diff
ipsec: unset IPSEC_MARK flag from skb_mark after tunnel packet is decapsulated

After tunnel packet is unencapsulated we should unset IPsec flag from
skb_mark.

Otherwise, IPsec policies would be applied one more time on internal
interfaces, if there is one. This is especially necessary after we
will introduce global, low-priority IPsec drop policy that will make
sure that we never let through marked but unencrypted packets.

Signed-off-by: Ansis Atteka <aatteka@nicira.com>
Issue: 15074
ofproto/ofproto-dpif.c diff | blob | history
ofproto/tunnel.c diff | blob | history
ofproto/tunnel.h diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.