openvswitch: Allow external IPsec tunnel management.

OVS GRE IPsec tunnel support has multiple issues, Therefore
it was deprecated in OVS 2.6.

Following patch removes support for GRE IPsec and allows external
IPsec tunnel management for any type of tunnel not just GRE.
e.g. user can encrypt Geneve or VxLan traffic.

It can be done by using openflow pipeline to set skb-mark
and using IPsec keying daemons to implement IPsec tunnels.
This packet can be matched for the skb-mark to encrypt
selective tunnel traffic.

VMware-BZ: 1710701
Signed-off-by: Pravin B Shelar <pshelar@ovn.org>
Acked-by: Ansis Atteka <aatteka@ovn.org>

1 files changed, 0 insertions, 7 deletions

diff --git a/ofproto/ofproto-dpif-sflow.c b/ofproto/ofproto-dpif-sflow.c
index 11d3a53d2..9ea885141 100644
--- a/ofproto/ofproto-dpif-sflow.c
+++ b/ofproto/ofproto-dpif-sflow.c
@@ -61,7 +61,6 @@ enum dpif_sflow_tunnel_type {
     DPIF_SFLOW_TUNNEL_VXLAN,
     DPIF_SFLOW_TUNNEL_GRE,
     DPIF_SFLOW_TUNNEL_LISP,
-    DPIF_SFLOW_TUNNEL_IPSEC_GRE,
     DPIF_SFLOW_TUNNEL_GENEVE
 };
 
@@ -582,8 +581,6 @@ dpif_sflow_tunnel_type(struct ofport *ofport) {
     if (type) {
 	if (strcmp(type, "gre") == 0) {
 	    return DPIF_SFLOW_TUNNEL_GRE;
-	} else if (strcmp(type, "ipsec_gre") == 0) {
-	    return DPIF_SFLOW_TUNNEL_IPSEC_GRE;
 	} else if (strcmp(type, "vxlan") == 0) {
 	    return DPIF_SFLOW_TUNNEL_VXLAN;
 	} else if (strcmp(type, "lisp") == 0) {
@@ -606,10 +603,6 @@ dpif_sflow_tunnel_proto(enum dpif_sflow_tunnel_type tunnel_type)
         ipproto = IPPROTO_GRE;
         break;
 
-    case DPIF_SFLOW_TUNNEL_IPSEC_GRE:
-        ipproto = IPPROTO_ESP;
-        break;
-
     case DPIF_SFLOW_TUNNEL_VXLAN:
     case DPIF_SFLOW_TUNNEL_LISP:
     case DPIF_SFLOW_TUNNEL_GENEVE: