Add support for connection tracking helper/ALGs.

This patch adds support for specifying a "helper" or ALG to assist connection tracking for protocols that consist of multiple streams. Initially, only support for FTP is included. Below is an example set of flows to allow FTP control connections from port 1->2 to establish active data connections in the reverse direction: table=0,priority=1,action=drop table=0,arp,action=normal table=0,in_port=1,tcp,action=ct(alg=ftp,commit),2 table=0,in_port=2,tcp,ct_state=-trk,action=ct(table=1) table=1,in_port=2,tcp,ct_state=+trk+est,action=1 table=1,in_port=2,tcp,ct_state=+trk+rel,action=ct(commit),1 Signed-off-by: Joe Stringer <joestringer@nicira.com> Acked-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
author: Joe Stringer <joestringer@nicira.com> 2015-09-15 14:29:16 -0700
committer: Joe Stringer <joestringer@nicira.com> 2015-10-13 15:34:16 -0700
commit: d787ad39b8eb8fb9136837e1c65d0a18a1056eda (patch)
tree: c233e0ce5d00b526d3316c4c70028b2156f39123 /include/sparse
parent: 9daf23484fb1f0d8fe8bf807a82c3d5b571a3dea (diff)
download: openvswitch-d787ad39b8eb8fb9136837e1c65d0a18a1056eda.tar.gz
1 files changed, 2 insertions, 0 deletions
diff --git a/include/sparse/netinet/in.h b/include/sparse/netinet/in.h
index f66f2056b..1223553ee 100644
--- a/include/sparse/netinet/in.h
+++ b/include/sparse/netinet/in.h
@@ -74,6 +74,8 @@ struct sockaddr_in6 {
 #define IPPROTO_DSTOPTS 60
 #define IPPROTO_SCTP 132
 
+#define IPPORT_FTP 21
+
 /* All the IP options documented in Linux ip(7). */
 #define IP_ADD_MEMBERSHIP 0
 #define IP_DROP_MEMBERSHIP 1
author	Joe Stringer <joestringer@nicira.com>	2015-09-15 14:29:16 -0700
committer	Joe Stringer <joestringer@nicira.com>	2015-10-13 15:34:16 -0700
commit	d787ad39b8eb8fb9136837e1c65d0a18a1056eda (patch)
tree	c233e0ce5d00b526d3316c4c70028b2156f39123 /include/sparse
parent	9daf23484fb1f0d8fe8bf807a82c3d5b571a3dea (diff)
download	openvswitch-d787ad39b8eb8fb9136837e1c65d0a18a1056eda.tar.gz