On 30 September 2015 at 08:58, Ben Pfaff <b...@nicira.com> wrote: > On Tue, Sep 29, 2015 at 01:40:32PM -0700, Joe Stringer wrote: >> This patch adds support for specifying a "helper" or ALG to assist >> connection tracking for protocols that consist of multiple streams. >> Initially, only support for FTP is included. >> >> Below is an example set of flows to allow FTP control connections from >> port 1->2 to establish active data connections in the reverse direction: >> >> table=0,priority=1,action=drop >> table=0,arp,action=normal >> table=0,in_port=1,tcp,action=ct(alg=ftp,commit),2 >> table=0,in_port=2,tcp,ct_state=-trk,action=ct(table=1) >> table=1,in_port=2,tcp,ct_state=+trk+est,action=1 >> table=1,in_port=2,tcp,ct_state=+trk+rel,action=ct(commit),1 >> >> Signed-off-by: Joe Stringer <joestrin...@nicira.com> >> Acked-by: Jarno Rajahalme <jrajaha...@nicira.com> > > I expected ALGs to be more complicated. I guess the kernel does all the > heavy lifting for us! Thanks for writing this.
Sure thing. Indeed the complexity is in the kernel. > In put_ct_helper(), this: > const char *helper = "ftp"; > > nl_msg_put_string__(odp_actions, OVS_CT_ATTR_HELPER, helper, > strlen(helper)); > could be written as: > nl_msg_put_string(odp_actions, OVS_CT_ATTR_HELPER, "ftp"); > > In ovs-ofctl.8.in here: > .IP \fBalg=\fR\fIalg\fR > the \fR in the middle could be removed: > .IP \fBalg=\fIalg\fR > > Acked-by: Ben Pfaff <b...@nicira.com> Thanks, I'll fix these up. _______________________________________________ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
