git.agner.ch Git - linux-drm-fsl-dcu.git/commit

author	Joe Stringer <joestringer@nicira.com>
	Wed, 26 Aug 2015 18:31:53 +0000 (11:31 -0700)
committer	David S. Miller <davem@davemloft.net>
	Thu, 27 Aug 2015 18:40:43 +0000 (11:40 -0700)
commit	cae3a2627520c3795b54533c5328b77af3405dbe
tree	11d4fe2287105c7009e4c1c27d5d722658d2374b	tree \| snapshot
parent	c2ac667358708d7cce64c78f58af6adf4c1e848b	commit \| diff

openvswitch: Allow attaching helpers to ct action

Add support for using conntrack helpers to assist protocol detection.
The new OVS_CT_ATTR_HELPER attribute of the CT action specifies a helper
to be used for this connection. If no helper is specified, then helpers
will be automatically applied as per the sysctl configuration of
net.netfilter.nf_conntrack_helper.

The helper may be specified as part of the conntrack action, eg:
ct(helper=ftp). Initial packets for related connections should be
committed to allow later packets for the flow to be considered
established.

Example ovs-ofctl flows allowing FTP connections from ports 1->2:
in_port=1,tcp,action=ct(helper=ftp,commit),2
in_port=2,tcp,ct_state=-trk,action=ct(recirc)
in_port=2,tcp,ct_state=+trk-new+est,action=1
in_port=2,tcp,ct_state=+trk+rel,action=1

Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Thomas Graf <tgraf@suug.ch>
Acked-by: Pravin B Shelar <pshelar@nicira.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

include/uapi/linux/openvswitch.h		diff \| blob \| history
net/openvswitch/conntrack.c		diff \| blob \| history