diff options
| author | Sairam Venugopal <vsairam@vmware.com> | 2016-04-13 11:54:03 -0700 |
|---|---|---|
| committer | Ben Pfaff <blp@ovn.org> | 2016-04-14 10:11:46 -0700 |
| commit | 792d377d8330606ad122dae5f941e5088c10cf14 (patch) | |
| tree | 233132b3b7fc3b4fb7f0c35a71d51b53d4a364b5 /datapath-windows/ovsext/Actions.c | |
| parent | ce05810425872709ddda9d7755b3348f584849ff (diff) | |
| download | openvswitch-792d377d8330606ad122dae5f941e5088c10cf14.tar.gz | |
datapath-windows: Add Connection Tracking Support
Enable support for Stateful Firewall in Hyper-V by adding a Connection
Tracking module. The module has been ported over from the userspace
implementation patch of a similar name.
The current version of the module supports ct - zone, mark and label for
TCP packets. Support for other packet formats will be added in subsequent
patches.
The conntrack-tcp module is adapted from FreeBSD's pf subsystem and hence
the BSD license. It has been ported over to match OVS Hyper-V coding
style.
Signed-off-by: Sairam Venugopal <vsairam@vmware.com>
Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com>
Co-Authored-by: Daniele Di Proietto <diproiettod@vmware.com>
Acked-by: Nithin Raju <nithin@vmware.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Diffstat (limited to 'datapath-windows/ovsext/Actions.c')
| -rw-r--r-- | datapath-windows/ovsext/Actions.c | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/datapath-windows/ovsext/Actions.c b/datapath-windows/ovsext/Actions.c index 3e5dac902..cf54ae20a 100644 --- a/datapath-windows/ovsext/Actions.c +++ b/datapath-windows/ovsext/Actions.c @@ -17,6 +17,7 @@ #include "precomp.h" #include "Actions.h" +#include "Conntrack.h" #include "Debug.h" #include "Event.h" #include "Flow.h" @@ -1786,6 +1787,28 @@ OvsDoExecuteActions(POVS_SWITCH_CONTEXT switchContext, break; } + case OVS_ACTION_ATTR_CT: + { + if (ovsFwdCtx.destPortsSizeOut > 0 + || ovsFwdCtx.tunnelTxNic != NULL + || ovsFwdCtx.tunnelRxNic != NULL) { + status = OvsOutputBeforeSetAction(&ovsFwdCtx); + if (status != NDIS_STATUS_SUCCESS) { + dropReason = L"OVS-adding destination failed"; + goto dropit; + } + } + + status = OvsExecuteConntrackAction(ovsFwdCtx.curNbl, layers, + key, (const PNL_ATTR)a); + if (status != NDIS_STATUS_SUCCESS) { + OVS_LOG_ERROR("CT Action failed"); + dropReason = L"OVS-conntrack action failed"; + goto dropit; + } + break; + } + case OVS_ACTION_ATTR_RECIRC: { if (ovsFwdCtx.destPortsSizeOut > 0 || ovsFwdCtx.tunnelTxNic != NULL |