From mboxrd@z Thu Jan 1 00:00:00 1970 From: David Miller Subject: Re: [PATCH 0/5 net-next v4] VXLAN Group Policy Extension Date: Wed, 14 Jan 2015 15:37:44 -0500 (EST) Message-ID: <20150114.153744.360580056667123059.davem@davemloft.net> References: Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Cc: jesse@nicira.com, stephen@networkplumber.org, pshelar@nicira.com, therbert@google.com, alexei.starovoitov@gmail.com, nicolas.dichtel@6wind.com, netdev@vger.kernel.org, dev@openvswitch.org To: tgraf@suug.ch Return-path: Received: from shards.monkeyblade.net ([149.20.54.216]:45157 "EHLO shards.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751225AbbANUhs (ORCPT ); Wed, 14 Jan 2015 15:37:48 -0500 In-Reply-To: Sender: netdev-owner@vger.kernel.org List-ID: From: Thomas Graf Date: Tue, 13 Jan 2015 17:20:41 +0100 > Implements supports for the Group Policy VXLAN extension [0] to provide > a lightweight and simple security label mechanism across network peers > based on VXLAN. The security context and associated metadata is mapped > to/from skb->mark. This allows further mapping to a SELinux context > using SECMARK, to implement ACLs directly with nftables, iptables, OVS, > tc, etc. > > The extension is disabled by default and should be run on a distinct > port in mixed Linux VXLAN VTEP environments. Liberal VXLAN VTEPs > which ignore unknown reserved bits will be able to receive VXLAN-GBP > frames. Thomas, unfortunately Tom's vxlan RCO patches were ready before your's in my queue so I applied his work first. You'll have to therefore respin this series on top of it. Thanks.