Re: [PATCH net-next] openvswitch: Pass on secpath details for internal port rx.
From: Eelco Chaudron
Date: Mon Nov 04 2024 - 02:58:29 EST
On 1 Nov 2024, at 21:47, Aaron Conole wrote:
> Clearing the secpath for internal ports will cause packet drops when
> ipsec offload or early SW ipsec decrypt are used. Systems that rely
> on these will not be able to actually pass traffic via openvswitch.
>
> There is still an open issue for a flow miss packet - this is because
> we drop the extensions during upcall and there is no facility to
> restore such data (and it is non-trivial to add such functionality
> to the upcall interface). That means that when a flow miss occurs,
> there will still be packet drops. With this patch, when a flow is
> found then traffic which has an associated xfrm extension will
> properly flow.
>
> Signed-off-by: Aaron Conole <aconole@xxxxxxxxxx>
Thanks for debugging and fixing this. The change looks good to me.
Acked-by: Eelco Chaudron <echaudro@xxxxxxxxxx>