From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752161AbbHLViN (ORCPT ); Wed, 12 Aug 2015 17:38:13 -0400 Received: from mail-io0-f177.google.com ([209.85.223.177]:33818 "EHLO mail-io0-f177.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752083AbbHLViI (ORCPT ); Wed, 12 Aug 2015 17:38:08 -0400 MIME-Version: 1.0 In-Reply-To: <1439333961-24474-6-git-send-email-joestringer@nicira.com> References: <1439333961-24474-1-git-send-email-joestringer@nicira.com> <1439333961-24474-6-git-send-email-joestringer@nicira.com> Date: Wed, 12 Aug 2015 14:38:07 -0700 Message-ID: Subject: Re: [PATCHv3 net-next 05/10] openvswitch: Add conntrack action From: Pravin Shelar To: Joe Stringer Cc: netdev , LKML , pablo , Patrick McHardy , Justin Pettit , Andy Zhou , Jesse Gross , Florian Westphal , Hannes Sowa , Thomas Graf Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Aug 11, 2015 at 3:59 PM, Joe Stringer wrote: > Expose the kernel connection tracker via OVS. Userspace components can > make use of the "ct()" action, followed by "recirculate", to populate > the conntracking state in the OVS flow key, and subsequently match on > that state. > > Example ODP flows allowing traffic from 1->2, only replies from 2->1: > in_port=1,tcp,action=ct(commit,zone=1),2 > in_port=2,ct_state=-trk,tcp,action=ct(zone=1),recirc(1) > recirc_id=1,in_port=2,ct_state=+trk+est-new,tcp,action=1 > > IP fragments are handled by transparently assembling them as part of the > ct action. The maximum received unit (MRU) size is tracked so that > refragmentation can occur during output. > > IP frag handling contributed by Andy Zhou. > > Signed-off-by: Joe Stringer > Signed-off-by: Justin Pettit > Signed-off-by: Andy Zhou Acked-by: Pravin B Shelar