[ovs-dev] [PATCHv3 09/11] Add support for connection tracking helper/ALGs.

Ben Pfaff blp at nicira.com
Wed Sep 30 15:58:55 UTC 2015


On Tue, Sep 29, 2015 at 01:40:32PM -0700, Joe Stringer wrote:
> This patch adds support for specifying a "helper" or ALG to assist
> connection tracking for protocols that consist of multiple streams.
> Initially, only support for FTP is included.
> 
> Below is an example set of flows to allow FTP control connections from
> port 1->2 to establish active data connections in the reverse direction:
> 
>     table=0,priority=1,action=drop
>     table=0,arp,action=normal
>     table=0,in_port=1,tcp,action=ct(alg=ftp,commit),2
>     table=0,in_port=2,tcp,ct_state=-trk,action=ct(table=1)
>     table=1,in_port=2,tcp,ct_state=+trk+est,action=1
>     table=1,in_port=2,tcp,ct_state=+trk+rel,action=ct(commit),1
> 
> Signed-off-by: Joe Stringer <joestringer at nicira.com>
> Acked-by: Jarno Rajahalme <jrajahalme at nicira.com>

I expected ALGs to be more complicated.  I guess the kernel does all the
heavy lifting for us!  Thanks for writing this.

In put_ct_helper(), this:
            const char *helper = "ftp";

            nl_msg_put_string__(odp_actions, OVS_CT_ATTR_HELPER, helper,
                                strlen(helper));
could be written as:
            nl_msg_put_string(odp_actions, OVS_CT_ATTR_HELPER, "ftp");

In ovs-ofctl.8.in here:
    .IP \fBalg=\fR\fIalg\fR
the \fR in the middle could be removed:
    .IP \fBalg=\fIalg\fR

Acked-by: Ben Pfaff <blp at nicira.com>



More information about the dev mailing list