[ovs-discuss] add/sub a constant value to tcp sequence number and ack number in ovs

Gal Sagie gal.sagie at gmail.com
Sat Sep 12 14:34:36 UTC 2015


If you want a "transparent" proxy, you don't need TCP termination you can
just forward the packet.
For your question, you can have a match all send to controller flow (lets
say with priority 100), then when you decide you don't need
the traffic to go to the controller you can install a flow with higher
priority for that session. (with forward actions)
(in the mean time your controller can just forward the packets to the
destination after it inspected them or did what ever it is
you want to do)

Another thing you can leverage is that OVS in master branch now has an
integration with conntrack.
You might be able to use it (
http://openvswitch.org/support/ovscon2014/17/1030-conntrack_nat.pdf)

What are you trying to do that require TCP termination?





On Sat, Sep 12, 2015 at 4:21 PM, Seyyed Hesamoddin Ghasemi <
s.hesam.ghasemi at gmail.com> wrote:

> Why not? As I know OVS have access to all header fields in layer 2 to
> layer 4!
> How can I Implement a simple proxy using OVS? I mean, how can get packet
> from a source node and send it to a destination node in a transparent
> manner?
>
> I need to get first 4 packet of a tcp session in the controller (as a
> proxy) and then forward the rest of packets using OVS without intervention
> of the controller and with keep current tcp session. How can I do that?
>
>
> On Sat, Sep 5, 2015 at 10:19 PM, Justin Pettit <jpettit at nicira.com> wrote:
>
>>
>> > On Sep 5, 2015, at 8:53 AM, Seyyed Hesamoddin Ghasemi <
>> s.hesam.ghasemi at gmail.com> wrote:
>> >
>> > Hi every body,
>> > I need to develop a proxy, and for this I should add/sub a constant
>> value to sequence number and ack number in ovs, Could somebody please help
>> me?
>>
>> OVS doesn't provide any visibility into the sequence numbers of TCP
>> packets.
>>
>> --Justin
>>
>>
>>
>
>
> --
> Seyyed Hesamoddin Ghasemi
>
> _______________________________________________
> discuss mailing list
> discuss at openvswitch.org
> http://openvswitch.org/mailman/listinfo/discuss
>
>


-- 
Best Regards ,

The G.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://openvswitch.org/pipermail/ovs-discuss/attachments/20150912/af864c60/attachment-0002.html>


More information about the discuss mailing list