Revision 7ba0e83acc458e8e3c20cc70e31542c0f22f093f authored by John Fastabend on 17 September 2020, 00:39:02 UTC, committed by christarazi on 29 September 2020, 23:45:25 UTC
Currently, enabling IPsec and a feature that uses a from-netdev program type may conflict when both attempt to load on the network facing device. If this happens then init.sh will load the ipsec program from-network and then after that the golang bpf loader will replace it with the from-netdev program. Which could be OK if the from-netdev program handled IPsec decryption correctly. Unfortunately, it doesn't and what we get is dropped ESP (IPsec encryption protocol) packets and broken connections. To fix teach from-netdev how to handle ingress IPsec decryption. And while doing this cleanup the encryption code blocks so encryption/decryption logic is split into from_host and from_network parts. This way encrypt piece is used in from_host and decrypt is used in from_network case. Signed-off-by: John Fastabend <john.fastabend@gmail.com>
1 parent 9ed106a
File | Mode | Size |
---|---|---|
alignchecker | ||
maptool | ||
protobuf | ||
Makefile | -rw-r--r-- | 380 bytes |
go-to-protobuf | -rwxr-xr-x | 163 bytes |
goimports | -rwxr-xr-x | 141 bytes |
protoc-gen-gogo | -rwxr-xr-x | 177 bytes |
tools.go | -rw-r--r-- | 1.1 KB |
Computing file changes ...