diff options
| author | Ansis Atteka <aatteka@nicira.com> | 2013-02-13 16:48:46 -0800 |
|---|---|---|
| committer | Ansis Atteka <aatteka@nicira.com> | 2013-02-15 13:04:35 -0800 |
| commit | 33b371d752b5a63e4ffd69f6ca7d9d1fe52fe5b6 (patch) | |
| tree | 3686227b5160fea2a7616076f9028f69839ca637 /ofproto | |
| parent | 709aa777119db1fda5ffd57ed0f9daba80f1453a (diff) | |
tunnel: set skb mark for IPsec tunnel packets
The new ovs-monitor-ipsec implementation will use skb marks in
IPsec policies. This patch will configure datapath to use these
skb marks for IPsec tunnel packets.
Issue: 14870
Signed-off-by: Ansis Atteka <aatteka@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>
Diffstat (limited to 'ofproto')
| -rw-r--r-- | ofproto/ofproto-dpif.c | 1 | ||||
| -rw-r--r-- | ofproto/tunnel.c | 9 |
2 files changed, 9 insertions, 1 deletions
diff --git a/ofproto/ofproto-dpif.c b/ofproto/ofproto-dpif.c index b1ec3fb1..8191f811 100644 --- a/ofproto/ofproto-dpif.c +++ b/ofproto/ofproto-dpif.c @@ -5521,6 +5521,7 @@ send_packet(const struct ofport_dpif *ofport, struct ofpbuf *packet) dpif_flow_stats_extract(&flow, packet, time_msec(), &stats); netdev_vport_inc_tx(ofport->up.netdev, &stats); odp_put_tunnel_action(&flow.tunnel, &odp_actions); + odp_put_skb_mark_action(flow.skb_mark, &odp_actions); } else { odp_port = vsp_realdev_to_vlandev(ofproto, ofport->odp_port, flow.vlan_tci); diff --git a/ofproto/tunnel.c b/ofproto/tunnel.c index 5a4607e7..7d45930b 100644 --- a/ofproto/tunnel.c +++ b/ofproto/tunnel.c @@ -34,18 +34,21 @@ * * Ability to generate actions on input for ECN * Ability to generate metadata for packet-outs - * IPsec using skb mark. * VXLAN. * Multicast group management (possibly). * Disallow netdevs with names like "gre64_system" to prevent collisions. */ VLOG_DEFINE_THIS_MODULE(tunnel); +/* skb mark used for IPsec tunnel packets */ +#define IPSEC_MARK 1 + struct tnl_match { ovs_be64 in_key; ovs_be32 ip_src; ovs_be32 ip_dst; uint32_t odp_port; + uint32_t skb_mark; bool in_key_flow; }; @@ -94,6 +97,7 @@ tnl_port_add__(const struct ofport *ofport, uint32_t odp_port, tnl_port->match.in_key = cfg->in_key; tnl_port->match.ip_src = cfg->ip_src; tnl_port->match.ip_dst = cfg->ip_dst; + tnl_port->match.skb_mark = cfg->ipsec ? IPSEC_MARK : 0; tnl_port->match.in_key_flow = cfg->in_key_flow; tnl_port->match.odp_port = odp_port; @@ -183,6 +187,7 @@ tnl_port_receive(struct flow *flow) match.ip_src = flow->tunnel.ip_dst; match.ip_dst = flow->tunnel.ip_src; match.in_key = flow->tunnel.tun_id; + match.skb_mark = flow->skb_mark; tnl_port = tnl_find(&match); if (!tnl_port) { @@ -248,6 +253,7 @@ tnl_port_send(const struct tnl_port *tnl_port, struct flow *flow) flow->tunnel.ip_src = tnl_port->match.ip_src; flow->tunnel.ip_dst = tnl_port->match.ip_dst; + flow->skb_mark = tnl_port->match.skb_mark; if (!cfg->out_key_flow) { flow->tunnel.tun_id = cfg->out_key; @@ -393,6 +399,7 @@ tnl_match_fmt(const struct tnl_match *match, struct ds *ds) } ds_put_format(ds, ", dp port=%"PRIu32, match->odp_port); + ds_put_format(ds, ", skb mark=%"PRIu32, match->skb_mark); } static void |