Add connection tracking mark support.

This patch adds a new 32-bit metadata field to the connection tracking interface. When a mark is specified as part of the ct action and the connection is committed, the value is saved with the current connection. Subsequent ct lookups with the table specified will expose this metadata as the "ct_mark" field in the flow. For example, to allow new TCP connections from port 1->2 and only allow established connections from port 2->1, and to associate a mark with those connections: table=0,priority=1,action=drop table=0,arp,action=normal table=0,in_port=1,tcp,action=ct(commit,exec(set_field:1->ct_mark)),2 table=0,in_port=2,ct_state=-trk,tcp,action=ct(table=1) table=1,in_port=2,ct_state=+trk,ct_mark=1,tcp,action=1 Signed-off-by: Joe Stringer <joestringer@nicira.com> Acked-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2025-08-31 14:25:26 +00:00 · 2015-09-18 13:58:00 -07:00
parent 07659514c3
commit 8e53fe8cf7
30 changed files with 550 additions and 43 deletions
--- a/lib/odp-util.h
+++ b/lib/odp-util.h
@@ -122,6 +122,7 @@ void odp_portno_names_destroy(struct hmap *portno_names);
 *  OVS_KEY_ATTR_RECIRC_ID               4    --     4      8
 *  OVS_KEY_ATTR_CT_STATE                4    --     4      8
 *  OVS_KEY_ATTR_CT_ZONE                 2     2     4      8
+ *  OVS_KEY_ATTR_CT_MARK                 4    --     4      8
 *  OVS_KEY_ATTR_ETHERNET               12    --     4     16
 *  OVS_KEY_ATTR_ETHERTYPE               2     2     4      8  (outer VLAN ethertype)
 *  OVS_KEY_ATTR_VLAN                    2     2     4      8
@@ -131,12 +132,12 @@ void odp_portno_names_destroy(struct hmap *portno_names);
 *  OVS_KEY_ATTR_ICMPV6                  2     2     4      8
 *  OVS_KEY_ATTR_ND                     28    --     4     32
 *  ----------------------------------------------------------
- *  total                                                 504
+ *  total                                                 512
 *
 * We include some slack space in case the calculation isn't quite right or we
 * add another field and forget to adjust this value.
 */
-#define ODPUTIL_FLOW_KEY_BYTES 512
+#define ODPUTIL_FLOW_KEY_BYTES 576
 BUILD_ASSERT_DECL(FLOW_WC_SEQ == 34);

 /* A buffer with sufficient size and alignment to hold an nlattr-formatted flow
@@ -172,6 +173,7 @@ struct odp_support {
    /* If true, serialise the corresponding OVS_KEY_ATTR_CONN_* field. */
    bool ct_state;
    bool ct_zone;
+    bool ct_mark;
 };

 struct odp_flow_key_parms {