Re: [net] vxlan: fix vxlan6_get_route() adding a call to xfrm_lookup_route()

From: Sabrina Dubroca
Date: Wed Jan 15 2020 - 16:16:36 EST

Next message: Khalid Aziz: "Re: [RFC PATCH] PCI, kdump: Clear bus master bit upon shutdown in kdump kernel"
Previous message: Paul Cercueil: "Re: [PATCH v4 3/5] remoteproc: Add prepare/unprepare callbacks"
In reply to: Andrea Mayer: "[net] vxlan: fix vxlan6_get_route() adding a call to xfrm_lookup_route()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

2020-01-15, 20:22:31 +0100, Andrea Mayer wrote:
> currently IPSEC cannot be used to encrypt/decrypt IPv6 vxlan traffic.
> The problem is that the vxlan module uses the vxlan6_get_route()
> function to find out the route for transmitting an IPv6 packet, which in
> turn uses ip6_dst_lookup() available in ip6_output.c.
> Unfortunately ip6_dst_lookup() does not perform any xfrm route lookup,
> so the xfrm framework cannot be used with vxlan6.

That's not the case anymore, since commit 6c8991f41546 ("net:
ipv6_stub: use ip6_dst_lookup_flow instead of ip6_dst_lookup").

Can you retest on the latest net tree?

Thanks.

--
Sabrina

Next message: Khalid Aziz: "Re: [RFC PATCH] PCI, kdump: Clear bus master bit upon shutdown in kdump kernel"
Previous message: Paul Cercueil: "Re: [PATCH v4 3/5] remoteproc: Add prepare/unprepare callbacks"
In reply to: Andrea Mayer: "[net] vxlan: fix vxlan6_get_route() adding a call to xfrm_lookup_route()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]