On Tue, Sep 29, 2015 at 01:40:30PM -0700, Joe Stringer wrote: > This patch adds a new 32-bit metadata field to the connection tracking > interface. When a mark is specified as part of the ct action and the > connection is committed, the value is saved with the current connection. > Subsequent ct lookups with the table specified will expose this metadata > as the "ct_mark" field in the flow. > > For example, to allow new TCP connections from port 1->2 and only allow > established connections from port 2->1, and to associate a mark with those > connections: > > table=0,priority=1,action=drop > table=0,arp,action=normal > table=0,in_port=1,tcp,action=ct(commit,exec(set_field:1->ct_mark)),2 > table=0,in_port=2,ct_state=-trk,tcp,action=ct(table=1) > table=1,in_port=2,ct_state=+trk,ct_mark=1,tcp,action=1 > > Signed-off-by: Joe Stringer <[email protected]> > Acked-by: Jarno Rajahalme <[email protected]> > --- > v3: > - Remove extraneous NXM mask checks > - Simplify ODP action formatting > - Check prerequisites for nested CT actions > - Pass ofp_version to nested CT actions decode > - Fix decode_CT error case where buffer was not pushed > - Always call ofpacts_verify_nested() > - Improve ct nested actions, ct_mark documentation > - Add dpctl, ofctl tests > - Add openflow wire format tests > v2: Only make ct_mark visible after recirculation > - Require COMMIT flag for nested actions > - Address feedback from v1
Acked-by: Ben Pfaff <[email protected]> _______________________________________________ dev mailing list [email protected] http://openvswitch.org/mailman/listinfo/dev
