On Mon, 15 Aug 2016 12:08:04 +0300, a...@vadai.me wrote: > > Any objection to the following? > > # ENCAP rule > tc filter add dev $ETH protocol ip parent ffff: prio 10 \ > flower ip_proto 1 \ > action set_tunnel_key src_ip 11.11.0.1 dst_ip 11.11.0.2 key_id > 11 dst_port 4789 \
Ability to control few tun_flags (e.g. TUNNEL_CSUM, TUNNEL_DONT_FRAGMENT) might be useful too. > # DECAP rule > tc filter add dev $VXLAN protocol ip parent ffff: prio 10 \ > flower \ > enc_src_ip 11.11.0.2 enc_dst_ip 11.11.0.1 enc_key_id 11 > \ > ip_proto 1 \ You might want to match the tunnel's udp port as well, for symmetry.
