Fwd: How flowi4 variable fl->u.ip4.fl4_gre_key variable updates in kernel code for GRE

Harsh Jain harshjain.prof at gmail.com
Wed Jun 3 12:13:58 EDT 2015

Hi All,

In which function kernel fills the GRE key value in
"fl->u.ip4.fl4_gre_key"  struct flowi4.I am trying to apply IPSEC
encrytion policy based on GRE key in packet.
The function "xfrm_flowi_sport" prints uli->gre_key = 0 for GRE packets.

Is it a bug in kernel code?.

Harsh Jain

---------- Forwarded message ----------
From: Harsh Jain <harshjain.prof at gmail.com>
Date: Mon, Jun 1, 2015 at 1:57 AM
Subject: Packet encryption based on gre key value with ip xfrm command
To: Kernelnewbies <kernelnewbies at kernelnewbies.org>


I am trying to encrypt Gre packet have specific key values in GRE
header with following command

ip xfrm policy add src dst proto gre key 3 dir
in tmpl src dst proto esp reqid 16387 mode

But it is not working. If I remove the "key 3" from above system
encrypt all GRE packets.

I tried with kernel version 3.18 and iproute2 version.2.4.

 I got iproute2 patch file having changes to support filtering based
on keys but didn't find corresponding kernel patch.
How to encrypt Packets based on GRE key value.?

Harsh Jain

More information about the Kernelnewbies mailing list