mirror of
https://github.com/openvswitch/ovs
synced 2025-10-25 15:07:05 +00:00
d787ad39b8
This patch adds support for specifying a "helper" or ALG to assist
connection tracking for protocols that consist of multiple streams.
Initially, only support for FTP is included.
Below is an example set of flows to allow FTP control connections from
port 1->2 to establish active data connections in the reverse direction:
table=0,priority=1,action=drop
table=0,arp,action=normal
table=0,in_port=1,tcp,action=ct(alg=ftp,commit),2
table=0,in_port=2,tcp,ct_state=-trk,action=ct(table=1)
table=1,in_port=2,tcp,ct_state=+trk+est,action=1
table=1,in_port=2,tcp,ct_state=+trk+rel,action=ct(commit),1
Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
105 lines
4.1 KiB
C
105 lines
4.1 KiB
C
/*
|
|
* Copyright (c) 2010, 2011, 2012, 2013, 2014, 2015 Nicira, Inc.
|
|
*
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
* you may not use this file except in compliance with the License.
|
|
* You may obtain a copy of the License at:
|
|
*
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
*
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
* See the License for the specific language governing permissions and
|
|
* limitations under the License.
|
|
*/
|
|
|
|
/* OpenFlow protocol string to flow parser. */
|
|
|
|
#ifndef OFP_PARSE_H
|
|
#define OFP_PARSE_H 1
|
|
|
|
#include <stdbool.h>
|
|
#include <stdint.h>
|
|
#include <stdio.h>
|
|
#include "compiler.h"
|
|
#include "openvswitch/types.h"
|
|
#include "packets.h"
|
|
|
|
struct flow;
|
|
struct ofpbuf;
|
|
struct ofputil_flow_mod;
|
|
struct ofputil_flow_monitor_request;
|
|
struct ofputil_flow_stats_request;
|
|
struct ofputil_group_mod;
|
|
struct ofputil_meter_mod;
|
|
struct ofputil_table_mod;
|
|
struct ofputil_geneve_table_mod;
|
|
struct simap;
|
|
enum ofputil_protocol;
|
|
|
|
char *parse_ofp_str(struct ofputil_flow_mod *, int command, const char *str_,
|
|
enum ofputil_protocol *usable_protocols)
|
|
OVS_WARN_UNUSED_RESULT;
|
|
|
|
char *parse_ofp_flow_mod_str(struct ofputil_flow_mod *, const char *string,
|
|
int command,
|
|
enum ofputil_protocol *usable_protocols)
|
|
OVS_WARN_UNUSED_RESULT;
|
|
|
|
char *parse_ofp_table_mod(struct ofputil_table_mod *,
|
|
const char *table_id, const char *flow_miss_handling,
|
|
uint32_t *usable_versions)
|
|
OVS_WARN_UNUSED_RESULT;
|
|
|
|
char *parse_ofp_flow_mod_file(const char *file_name, int command,
|
|
struct ofputil_flow_mod **fms, size_t *n_fms,
|
|
enum ofputil_protocol *usable_protocols)
|
|
OVS_WARN_UNUSED_RESULT;
|
|
|
|
char *parse_ofp_flow_stats_request_str(struct ofputil_flow_stats_request *,
|
|
bool aggregate, const char *string,
|
|
enum ofputil_protocol *usable_protocols)
|
|
OVS_WARN_UNUSED_RESULT;
|
|
|
|
char *parse_ofp_exact_flow(struct flow *flow, struct flow *mask, const char *s,
|
|
const struct simap *portno_names);
|
|
|
|
char *parse_ofp_meter_mod_str(struct ofputil_meter_mod *, const char *string,
|
|
int command,
|
|
enum ofputil_protocol *usable_protocols)
|
|
OVS_WARN_UNUSED_RESULT;
|
|
|
|
char *parse_flow_monitor_request(struct ofputil_flow_monitor_request *,
|
|
const char *,
|
|
enum ofputil_protocol *usable_protocols)
|
|
OVS_WARN_UNUSED_RESULT;
|
|
|
|
char *parse_ofp_group_mod_file(const char *file_name, uint16_t command,
|
|
struct ofputil_group_mod **gms, size_t *n_gms,
|
|
enum ofputil_protocol *usable_protocols)
|
|
OVS_WARN_UNUSED_RESULT;
|
|
|
|
char *parse_ofp_group_mod_str(struct ofputil_group_mod *, uint16_t command,
|
|
const char *string,
|
|
enum ofputil_protocol *usable_protocols)
|
|
OVS_WARN_UNUSED_RESULT;
|
|
|
|
char *parse_ofp_geneve_table_mod_str(struct ofputil_geneve_table_mod *,
|
|
uint16_t command, const char *string,
|
|
enum ofputil_protocol *usable_protocols)
|
|
OVS_WARN_UNUSED_RESULT;
|
|
|
|
char *str_to_u8(const char *str, const char *name, uint8_t *valuep)
|
|
OVS_WARN_UNUSED_RESULT;
|
|
char *str_to_u16(const char *str, const char *name, uint16_t *valuep)
|
|
OVS_WARN_UNUSED_RESULT;
|
|
char *str_to_u32(const char *str, uint32_t *valuep) OVS_WARN_UNUSED_RESULT;
|
|
char *str_to_u64(const char *str, uint64_t *valuep) OVS_WARN_UNUSED_RESULT;
|
|
char *str_to_be64(const char *str, ovs_be64 *valuep) OVS_WARN_UNUSED_RESULT;
|
|
char *str_to_mac(const char *str, struct eth_addr *mac) OVS_WARN_UNUSED_RESULT;
|
|
char *str_to_ip(const char *str, ovs_be32 *ip) OVS_WARN_UNUSED_RESULT;
|
|
char *str_to_connhelper(const char *str, uint16_t *alg) OVS_WARN_UNUSED_RESULT;
|
|
|
|
#endif /* ofp-parse.h */
|