We haven't posted one of these in a while, although development has been ongoing on the following branch (includes WIP datapath backport):
https://github.com/justinpettit/ovs.git conntrack --- Looking over the previous RFC I could find, there are several changes: - Support for conntrack zones, connmark, connlabel, connhelper (FTP-only) - Match "invalid" connection states - More unit tests for the kernel module - Hashed out the semantics for various corner cases - Various bug fixes Items that are still WIP: - IP fragmentation - Better OpenFlow error reporting, ie detection of error cases in flow mods Many of the patches have examples of how to use the new conntrack functionality, and there are also several tests added to tests/kmod-traffic.at which include rulesets to implement different firewall behaviours. Patches 1-3 are refactoring, and could be reviewed for merging. Patches 4-8 add support for various conntrack features. This is largely bridging OpenFlow to the datapath conntrack API. Neither userspace nor kernel datapath implementations are provided at this stage. Patches 9-10 fix&test the interaction with conntrack across multiple bridges. These are separated for ease of review, but will be combined into earlier patches in later submission of this series. Joe Stringer (9): odp-util: Refactor ovs_u128 handling functions. ofproto-dpif: Refactor feature support structure. odp-execute: Refactor determining dpif assistance. userspace: Add support for conntrack zones. userspace: Add support for conntrack marks. userspace: Add support for conntrack labels. userspace: Add support for conntrack ALGs. xlate: Clear conntrack fields when traversing peers. tests: Test conntrack between multiple bridges. Justin Pettit (1): userspace: Add support for connection tracking. NEWS | 6 + build-aux/extract-ofp-fields | 5 +- datapath/flow_netlink.c | 2 +- datapath/linux/compat/include/linux/openvswitch.h | 45 ++ include/openvswitch/types.h | 7 - lib/dpif-netdev.c | 25 +- lib/dpif.c | 1 + lib/flow.c | 71 ++- lib/flow.h | 23 +- lib/match.c | 113 ++++- lib/match.h | 10 + lib/meta-flow.c | 230 ++++++++++ lib/meta-flow.h | 77 ++++ lib/netlink.c | 11 + lib/netlink.h | 2 + lib/nx-match.c | 30 +- lib/odp-execute.c | 70 ++- lib/odp-util.c | 335 +++++++++++++- lib/odp-util.h | 10 +- lib/ofp-actions.c | 112 +++++ lib/ofp-actions.h | 28 ++ lib/ofp-parse.c | 14 + lib/ofp-parse.h | 1 + lib/ofp-print.c | 14 + lib/ofp-util.c | 21 +- lib/packets.c | 21 + lib/packets.h | 17 + lib/util.h | 17 + ofproto/ofproto-dpif-rid.c | 80 ++-- ofproto/ofproto-dpif-rid.h | 17 +- ofproto/ofproto-dpif-xlate.c | 201 +++++--- ofproto/ofproto-dpif-xlate.h | 7 +- ofproto/ofproto-dpif.c | 132 ++++-- ofproto/ofproto-dpif.h | 22 + ofproto/ofproto-unixctl.man | 4 + python/ovs/daemon.py | 6 +- tests/automake.mk | 1 + tests/dpif-netdev.at | 2 +- tests/kmod-macros.at | 12 + tests/kmod-traffic.at | 507 ++++++++++++++++++++- tests/ofproto-dpif.at | 4 +- tests/ofproto.at | 8 +- tests/test-conntrack.py | 71 +++ tests/test-hash.c | 10 +- utilities/ovs-ofctl.8.in | 72 +++ 45 files changed, 2259 insertions(+), 215 deletions(-) create mode 100755 tests/test-conntrack.py -- 1.7.10.4 _______________________________________________ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
