Hi Ansis,
On 06/09/15 22:59, Ansis Atteka wrote:
Hi Franck
On 8 June 2015 at 09:34, Franck BAUDIN <franck.bau...@qosmos.com
<mailto:franck.bau...@qosmos.com>> wrote:
Hello,
Conntrack looks in very good progress on
https://github.com/justinpettit/ovs.git
However, I didn't find any code related to "nfqueue" openvswitch
action, neither on
https://github.com/tgraf/ovs.git.
Is the nfqueue action still planned to be implemented for
openvswitch 2.4? Do you need a hand on this topic?
Unfortunately, I am not aware of anyone working actively on this.
There are some difficulties that we see with implementing NFQueue
verdicts properly so that packet processing could be resumed. If you
have design proposal on how to solve this, then I would be glad to
hear your opinion.
Also, do you think that Open vSwitch kernel module's userspace()
action might somehow suffice your use cases so that user-space process
would be able to get packet from kernel-space?
Unfortunately, userspace() is not an option as DPI is not embedded in
ovs-vswitchd. DPI is a standalone userland process.
However, I found another way which is pretty straightforward: I can use
a dedicated vswitch port to get a copy of the traffic I want to analyze
with the DPI. I just need one port per conntrack zone.
Best Regards,
Franck
Ansis
Best Regards,
Franck
_______________________________________________
dev mailing list
dev@openvswitch.org <mailto:dev@openvswitch.org>
http://openvswitch.org/mailman/listinfo/dev
_______________________________________________
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev
