[ovs-dev] [PATCHv4 08/11] Add connection tracking label support.
Ben Pfaff
blp at nicira.com
Mon Oct 5 22:31:11 UTC 2015
On Fri, Oct 02, 2015 at 02:16:15PM -0700, Joe Stringer wrote:
> This patch adds a new 128-bit metadata field to the connection tracking
> interface. When a label is specified as part of the ct action and the
> connection is committed, the value is saved with the current connection.
> Subsequent ct lookups with the table specified will expose this metadata
> as the "ct_label" field in the flow.
>
> For example, to allow new TCP connections from port 1->2 and only allow
> established connections from port 2->1, and to associate a label with
> those connections:
>
> table=0,priority=1,action=drop
> table=0,arp,action=normal
> table=0,in_port=1,tcp,action=ct(commit,exec(set_field:1->ct_label)),2
> table=0,in_port=2,ct_state=-trk,tcp,action=ct(table=1)
> table=1,in_port=2,ct_state=+trk,ct_label=1,tcp,action=1
>
> Signed-off-by: Joe Stringer <joestringer at nicira.com>
> Acked-by: Jarno Rajahalme <jrajahalme at nicira.com>
Acked-by: Ben Pfaff <blp at nicira.com>
More information about the dev
mailing list