diff options
| author | Joe Stringer <joestringer@nicira.com> | 2015-09-15 14:29:16 -0700 |
|---|---|---|
| committer | Joe Stringer <joestringer@nicira.com> | 2015-10-13 15:34:16 -0700 |
| commit | d787ad39b8eb8fb9136837e1c65d0a18a1056eda (patch) | |
| tree | c233e0ce5d00b526d3316c4c70028b2156f39123 /lib/netlink.h | |
| parent | 9daf23484fb1f0d8fe8bf807a82c3d5b571a3dea (diff) | |
| download | openvswitch-d787ad39b8eb8fb9136837e1c65d0a18a1056eda.tar.gz | |
Add support for connection tracking helper/ALGs.
This patch adds support for specifying a "helper" or ALG to assist
connection tracking for protocols that consist of multiple streams.
Initially, only support for FTP is included.
Below is an example set of flows to allow FTP control connections from
port 1->2 to establish active data connections in the reverse direction:
table=0,priority=1,action=drop
table=0,arp,action=normal
table=0,in_port=1,tcp,action=ct(alg=ftp,commit),2
table=0,in_port=2,tcp,ct_state=-trk,action=ct(table=1)
table=1,in_port=2,tcp,ct_state=+trk+est,action=1
table=1,in_port=2,tcp,ct_state=+trk+rel,action=ct(commit),1
Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
Diffstat (limited to 'lib/netlink.h')
| -rw-r--r-- | lib/netlink.h | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/lib/netlink.h b/lib/netlink.h index eed71dd2e..b931a412f 100644 --- a/lib/netlink.h +++ b/lib/netlink.h @@ -73,6 +73,8 @@ void nl_msg_put_be64(struct ofpbuf *, uint16_t type, ovs_be64 value); void nl_msg_put_in6_addr(struct ofpbuf *msg, uint16_t type, const struct in6_addr *value); void nl_msg_put_odp_port(struct ofpbuf *, uint16_t type, odp_port_t value); +void nl_msg_put_string__(struct ofpbuf *, uint16_t type, const char *value, + size_t len); void nl_msg_put_string(struct ofpbuf *, uint16_t type, const char *value); size_t nl_msg_start_nested(struct ofpbuf *, uint16_t type); |