On 22 September 2015 at 17:34, Joe Stringer <joestrin...@nicira.com> wrote: > On 18 September 2015 at 10:49, Ben Pfaff <b...@nicira.com> wrote: >> On Thu, Sep 17, 2015 at 04:04:26PM -0700, Joe Stringer wrote: >>> This patch adds a new 128-bit metadata field to the connection tracking >>> interface. When a label is specified as part of the ct action and the >>> connection is committed, the value is saved with the current connection. >>> Subsequent ct lookups with the table specified will expose this metadata >>> as the "ct_label" field in the flow. >>> >>> For example, to allow new connections from port 1->2 and only allow >>> established connections from port 2->1, and to associate a label with >>> those connections: >>> >>> priority=1,action=drop >>> priority=10,arp,action=normal >>> priority=10,icmp,action=normal >>> in_port=1,tcp,action=ct(commit,exec(set_field:1->ct_label)),2 >>> in_port=2,ct_state=-trk,tcp,action=ct(table=1) >>> table=1,in_port=2,ct_state=+trk,ct_label=1,tcp,action=1 >>> >>> Signed-off-by: Joe Stringer <joestrin...@nicira.com> >>> Acked-by: Jarno Rajahalme <jrajaha...@nicira.com> >>> --- >>> v2: Address feedback from v1 >> >> MINIFLOW_GET_U128_PTR seems risky. How you can be sure that both 64-bit >> components of the u128 are present? > > Currently we only check the first 64-bit component. Perhaps we could > expand the following: > > MINIFLOW_IN_MAP(FLOW, FLOW_U64_OFFSET(FIELD)) ? .... > > to check both pieces: > > (MINIFLOW_IN_MAP(FLOW, FLOW_U64_OFFSET(FIELD)) > && MINIFLOW_IN_MAP(FLOW, FLOW_U64_OFFSET(FIELD))) ? ...
I mean.. (MINIFLOW_IN_MAP(FLOW, FLOW_U64_OFFSET(FIELD)) && MINIFLOW_IN_MAP(FLOW, FLOW_U64_OFFSET(FIELD)) + 1) ? ... _______________________________________________ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
