lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 19 Aug 2015 13:30:24 -0700 From: Pravin Shelar <pshelar@...ira.com> To: Joe Stringer <joestringer@...ira.com> Cc: netdev <netdev@...r.kernel.org>, LKML <linux-kernel@...r.kernel.org>, pablo <pablo@...filter.org>, Florian Westphal <fwestpha@...hat.com>, Hannes Sowa <hannes@...hat.com>, Thomas Graf <tgraf@...g.ch>, Justin Pettit <jpettit@...ira.com>, Jesse Gross <jesse@...ira.com>, Andy Zhou <azhou@...ira.com> Subject: Re: [PATCHv4 net-next 05/10] openvswitch: Add conntrack action On Tue, Aug 18, 2015 at 4:39 PM, Joe Stringer <joestringer@...ira.com> wrote: > Expose the kernel connection tracker via OVS. Userspace components can > make use of the "ct()" action, followed by "recirculate", to populate > the conntracking state in the OVS flow key, and subsequently match on > that state. > > Example ODP flows allowing traffic from 1->2, only replies from 2->1: > in_port=1,tcp,action=ct(commit,zone=1),2 > in_port=2,ct_state=-trk,tcp,action=ct(zone=1),recirc(1) > recirc_id=1,in_port=2,ct_state=+trk+est-new,tcp,action=1 > > IP fragments are handled by transparently assembling them as part of the > ct action. The maximum received unit (MRU) size is tracked so that > refragmentation can occur during output. > > IP frag handling contributed by Andy Zhou. > > Signed-off-by: Joe Stringer <joestringer@...ira.com> > Signed-off-by: Justin Pettit <jpettit@...ira.com> > Signed-off-by: Andy Zhou <azhou@...ira.com> Acked-by: Pravin B Shelar <pshelar@...ira.com> -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists