Add support for connection tracking helper/ALGs.

This patch adds support for specifying a "helper" or ALG to assist connection tracking for protocols that consist of multiple streams. Initially, only support for FTP is included. Below is an example set of flows to allow FTP control connections from port 1->2 to establish active data connections in the reverse direction: table=0,priority=1,action=drop table=0,arp,action=normal table=0,in_port=1,tcp,action=ct(alg=ftp,commit),2 table=0,in_port=2,tcp,ct_state=-trk,action=ct(table=1) table=1,in_port=2,tcp,ct_state=+trk+est,action=1 table=1,in_port=2,tcp,ct_state=+trk+rel,action=ct(commit),1 Signed-off-by: Joe Stringer <joestringer@nicira.com> Acked-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2025-10-25 15:07:05 +00:00 · 2015-09-15 14:29:16 -07:00
parent 9daf23484f
commit d787ad39b8
16 changed files with 280 additions and 2 deletions
--- a/lib/ofp-actions.h
+++ b/lib/ofp-actions.h
@@ -495,6 +495,7 @@ struct {                                \
    uint16_t flags;                     \
    uint16_t zone_imm;                  \
    struct mf_subfield zone_src;        \
+    uint16_t alg;                       \
    uint8_t recirc_table;               \
 }