On 6 March 2017 at 16:22, Jarno Rajahalme <[email protected]> wrote:
> Add resubmit option to use the conntrack original direction tuple
> swapped with the corresponding packet header fields during the lookup.
> This could allow the same ACL table be used for admitting return
> and/or related traffic as is used for admitting the original direction
> traffic.
>
> Signed-off-by: Jarno Rajahalme <[email protected]>
> ---
I think that this new resubmit action should be rejected from OVS if
the datapath doesn't support ct_orig_tuple.
check_actions() in ofproto-dpif.c checks some of the CT actions, this
could check the resubmit action, using support->ct_orig_tuple and
return an error.
Minor style comments below.
> @@ -3961,10 +3983,12 @@ encode_RESUBMIT(const struct ofpact_resubmit
> *resubmit,
> uint16_t in_port = ofp_to_u16(resubmit->in_port);
>
> if (resubmit->table_id == 0xff
> - && resubmit->ofpact.raw != NXAST_RAW_RESUBMIT_TABLE) {
> + && resubmit->ofpact.raw == NXAST_RAW_RESUBMIT) {
> put_NXAST_RESUBMIT(out, in_port);
> } else {
> - struct nx_action_resubmit *nar = put_NXAST_RESUBMIT_TABLE(out);
> + struct nx_action_resubmit *nar;
> + nar = resubmit->with_ct_orig
> + ? put_NXAST_RESUBMIT_TABLE_CT(out) :
> put_NXAST_RESUBMIT_TABLE(out);
IMO easier to parse if the '?' and ':' are lined up, but I guess
that's not actually defined in style guide..
> @@ -3487,6 +3533,17 @@ xlate_table_action(struct xlate_ctx *ctx, ofp_port_t
> in_port, uint8_t table_id,
>
> ctx->table_id = table_id;
>
> + /* Swap packet fields with CT 5-tuple if requested. */
> + if (with_ct_orig) {
> + /* Do not swap if there is no CT tuple, or if key is not IP. */
> + if (ctx->xin->flow.ct_nw_proto == 0 ||
If the line is too big, || usually begins the next line, indented to
align below the first character after the opening ( of the current
indentation of if condition.
_______________________________________________
dev mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
