Skip to content

support ah and esp protocals#775

Open
kinglory wants to merge 2 commits intoiqiyi:develfrom
kinglory:devel
Open

support ah and esp protocals#775
kinglory wants to merge 2 commits intoiqiyi:develfrom
kinglory:devel

Conversation

@kinglory
Copy link

@kinglory kinglory commented Nov 25, 2021

support ah and esp protocals

ywc689
ywc689 reviewed Dec 31, 2021
View reviewed changes
src/ipvs/ip_vs_proto.c
ah_error:
proto_unregister(&dp_vs_proto_ah);
return err;
}
Copy link
Collaborator

@ywc689 ywc689 Dec 31, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please unregister protocols in the reverse order when error occurs. Note the label sequence.

Copy link
Author

@kinglory kinglory Jan 4, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yes, I have fixed it. thank you.

src/ipvs/ip_vs_proto_ah_esp.c
&iph->saddr, &iph->daddr,
htons(PORT_ISAKMP), htons(PORT_ISAKMP),
direct, reverse);

Copy link
Collaborator

@ywc689 ywc689 Dec 31, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does it need to support connection redirection?

Copy link
Author

@kinglory kinglory Jan 4, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it's logic for the first negotiation packages and the process is similar to the kernel ipvs code.

@ywc689
Copy link
Collaborator

ywc689 commented Dec 31, 2021

Does AE/ESP work with DPVS Fullnat?
Can you add an example to DPVS document to show how to use AE/ESP with DPVS?

@ywc689 ywc689 added the pr/codes-need-change problems found in the line-by-line code review and need to be fixed label Dec 31, 2021
@kinglory
Copy link
Author

kinglory commented Jan 4, 2022

Does AE/ESP work with DPVS Fullnat? Can you add an example to DPVS document to show how to use AE/ESP with DPVS?

I tested the code in the DR mode and it worked well when I use the ipsec protocal and I think it can work well in FullNat mode and Tunnel mode. It just helps the dpvs for more protocal support such as ah and esp. The use is totally the same. The users just need to configure the dpvs server in port 500(PORT_ISAKMP) and it can deal with the ipsec process logic.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ywc689 ywc689 ywc689 left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

pr/codes-need-change problems found in the line-by-line code review and need to be fixed

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@kinglory @ywc689