[ovs-dev] [RFC 3/8] ovn-northd: Introduce pre-stateful table.

[Ben Pfaff]

On Sun, Feb 28, 2016 at 10:33:19PM -0800, Gurucharan Shetty wrote:
> Currently, the only use of stateful services in conntrack is
> OVN ACLs. In table pre-ACL, we send the packet to conntrack
> to track it (to get its status) via the ct_next action.
> 
> As we introduce more stateful services, the ACL feature will
> have to share the conntrack module with others. As
> preparation for more stateful features like NAT and
> loadbalancing, this commit introduces a new pre-stateful
> table that is responsible to send packets through conntrack
> via ct_next action. If pre-ACL table needs to send a packet
> through conntrack, it just sets the 'reg0' as 1.
> Pre-stateful table in-turn will send the packet to conntrack
> if 'reg0' is 1.
> 
> Signed-off-by: Gurucharan Shetty <guru at ovn.org>

I noticed that STATEFUL is often written in all-caps like that,
especially in "pre-STATEFUL", but I don't know why.

The documentation says that packets get sent to the connection tracker
but not that they advance to the next table afterward, which I think
they do:

+    <p>
+      Ingress table 2 prepares flows for all possible stateful processing
+      in next tables.  It contains a priority-0 flow that simply moves
+      traffic to table 3.  A priority-100 flow sends the packets to connection
+      tracker based on a hint provided by the previous tables (with a match
+      for reg0 == 1).
+    </p>

Acked-by: Ben Pfaff <blp at ovn.org>