conntrack: Add support for NAT.

Extend OVS conntrack interface to cover NAT. New nested NAT action may be included with a CT action. A bare NAT action only mangles existing connections. If a NAT action with src or dst range attribute is included, new (non-committed) connections are mangled according to the NAT attributes. This work extends on a branch by Thomas Graf at https://github.com/tgraf/ovs/tree/nat. Signed-off-by: Jarno Rajahalme <jarno@ovn.org> Acked-by: Ben Pfaff <blp@ovn.org>
2025-10-27 15:18:06 +00:00 · 2015-11-24 15:47:56 -08:00
parent 2fa3e06d35
commit 9ac0aadab9
12 changed files with 1579 additions and 39 deletions
--- a/lib/packets.h
+++ b/lib/packets.h
@@ -725,10 +725,13 @@ BUILD_ASSERT_DECL(TCP_HEADER_LEN == sizeof(struct tcp_header));
 #define CS_REPLY_DIR         0x08
 #define CS_INVALID           0x10
 #define CS_TRACKED           0x20
+#define CS_SRC_NAT           0x40
+#define CS_DST_NAT           0x80

 /* Undefined connection state bits. */
 #define CS_SUPPORTED_MASK    (CS_NEW | CS_ESTABLISHED | CS_RELATED \
-                              | CS_INVALID | CS_REPLY_DIR | CS_TRACKED)
+                              | CS_INVALID | CS_REPLY_DIR | CS_TRACKED \
+                              | CS_SRC_NAT | CS_DST_NAT)
 #define CS_UNSUPPORTED_MASK  (~(uint32_t)CS_SUPPORTED_MASK)

 #define ARP_HRD_ETHERNET 1
@@ -951,6 +954,8 @@ struct vxlanhdr {
 #define VXLAN_FLAGS 0x08000000  /* struct vxlanhdr.vx_flags required value. */

 void ipv6_format_addr(const struct in6_addr *addr, struct ds *);
+void ipv6_format_addr_bracket(const struct in6_addr *addr, struct ds *,
+                              bool bracket);
 void ipv6_format_mapped(const struct in6_addr *addr, struct ds *);
 void ipv6_format_masked(const struct in6_addr *addr,
                        const struct in6_addr *mask, struct ds *);