diff options
| author | Joe Stringer <joestringer@nicira.com> | 2015-09-18 13:58:00 -0700 |
|---|---|---|
| committer | Joe Stringer <joestringer@nicira.com> | 2015-10-13 15:34:15 -0700 |
| commit | 8e53fe8cf7a178cf9702fb1bb916f4645058e5e7 (patch) | |
| tree | 1eeee5cf97d09d7ed99f4fdd52aaf2bbbe0500a2 /lib/meta-flow.c | |
| parent | 07659514c3c1e8998a4935a998b627d716c559f9 (diff) | |
| download | openvswitch-8e53fe8cf7a178cf9702fb1bb916f4645058e5e7.tar.gz | |
Add connection tracking mark support.
This patch adds a new 32-bit metadata field to the connection tracking
interface. When a mark is specified as part of the ct action and the
connection is committed, the value is saved with the current connection.
Subsequent ct lookups with the table specified will expose this metadata
as the "ct_mark" field in the flow.
For example, to allow new TCP connections from port 1->2 and only allow
established connections from port 2->1, and to associate a mark with those
connections:
table=0,priority=1,action=drop
table=0,arp,action=normal
table=0,in_port=1,tcp,action=ct(commit,exec(set_field:1->ct_mark)),2
table=0,in_port=2,ct_state=-trk,tcp,action=ct(table=1)
table=1,in_port=2,ct_state=+trk,ct_mark=1,tcp,action=1
Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
Diffstat (limited to 'lib/meta-flow.c')
| -rw-r--r-- | lib/meta-flow.c | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/lib/meta-flow.c b/lib/meta-flow.c index 2ac2ec9cb..ebc76ee7a 100644 --- a/lib/meta-flow.c +++ b/lib/meta-flow.c @@ -218,6 +218,8 @@ mf_is_all_wild(const struct mf_field *mf, const struct flow_wildcards *wc) return !wc->masks.ct_state; case MFF_CT_ZONE: return !wc->masks.ct_zone; + case MFF_CT_MARK: + return !wc->masks.ct_mark; CASE_MFF_REGS: return !wc->masks.regs[mf->id - MFF_REG0]; CASE_MFF_XREGS: @@ -502,6 +504,7 @@ mf_is_value_valid(const struct mf_field *mf, const union mf_value *value) case MFF_SKB_PRIORITY: case MFF_PKT_MARK: case MFF_CT_ZONE: + case MFF_CT_MARK: CASE_MFF_REGS: CASE_MFF_XREGS: case MFF_ETH_SRC: @@ -660,6 +663,10 @@ mf_get_value(const struct mf_field *mf, const struct flow *flow, value->be16 = htons(flow->ct_zone); break; + case MFF_CT_MARK: + value->be32 = htonl(flow->ct_mark); + break; + CASE_MFF_REGS: value->be32 = htonl(flow->regs[mf->id - MFF_REG0]); break; @@ -900,6 +907,10 @@ mf_set_value(const struct mf_field *mf, match_set_ct_zone(match, ntohs(value->be16)); break; + case MFF_CT_MARK: + match_set_ct_mark(match, ntohl(value->be32)); + break; + CASE_MFF_REGS: match_set_reg(match, mf->id - MFF_REG0, ntohl(value->be32)); break; @@ -1192,6 +1203,10 @@ mf_set_flow_value(const struct mf_field *mf, flow->ct_zone = ntohs(value->be16); break; + case MFF_CT_MARK: + flow->ct_mark = ntohl(value->be32); + break; + CASE_MFF_REGS: flow->regs[mf->id - MFF_REG0] = ntohl(value->be32); break; @@ -1491,6 +1506,11 @@ mf_set_wild(const struct mf_field *mf, struct match *match, char **err_str) match->wc.masks.ct_zone = 0; break; + case MFF_CT_MARK: + match->flow.ct_mark = 0; + match->wc.masks.ct_mark = 0; + break; + CASE_MFF_REGS: match_set_reg_masked(match, mf->id - MFF_REG0, 0, 0); break; @@ -1762,6 +1782,10 @@ mf_set(const struct mf_field *mf, match_set_ct_state_masked(match, ntohl(value->be32), ntohl(mask->be32)); break; + case MFF_CT_MARK: + match_set_ct_mark_masked(match, ntohl(value->be32), ntohl(mask->be32)); + break; + case MFF_ETH_DST: match_set_dl_dst_masked(match, value->mac, mask->mac); break; |