Hi Moisés,
The architecture for DPI integration on OVS that has been presented during OVS
fall conference:
http://www.openvswitch.org/support/ovscon2014/17/1100-OVS-L7-matchers-v1-1.pptx
This architecture relies on conntracker and nfqueue actions to be added very
soon in openvswitch 2.
Hi,
Is there anybody still working on NSH support? Since April, nothing
seems moving
(http://openvswitch.org/pipermail/dev/2014-April/038851.html): did I
miss something?
Thanks,
Franck
___
discuss mailing list
discuss@openvswitch.org
http://openvsw
Hi Thomas,
On 10/08/14 15:59, Thomas Graf wrote:
I think you should even consider proposing a talk on this! This is
exactly why we have the conference. A quick intro to the problem
statement and the relation to the connection tracking is enough and we
can dive right into the discussion.
Here
Hi Thomas,
On 10/07/14 16:53, Thomas Graf wrote:
On 10/07/14 at 09:47am, Franck Baudin wrote:
One non intrusive way to extend the flow key is to run the regex before the
key lookup, and to extend the flow key with the result and not the regex
itself. For instance, the regex result is a 32 bits
Hi Thomas,
On 10/06/14 01:41, Thomas Graf wrote:
On 10/02/14 at 03:45pm, Franck Baudin wrote:
Good idea! This should be enough for, to reuse Justin's denomination, a
"limited L7 matching": protocols like DNS, Skype or BitTorrent cannot be
recognized with regex only.
How to you
On 10/02/14 15:09, Thomas Graf wrote:
We can combine it with the connection tracker which will allow to
maintain state between the first and subsequent packets. This could be
equivalent to what CONNMARK is already doing, the initial regexp flow
setting would define the mark value for all packe
Hi,
On 10/01/14 22:30, Thomas Graf wrote:
On 10/01/14 at 10:08am, Justin Pettit wrote:
On October 1, 2014 at 9:32:40 AM, Gustavo Miotto (gustavomio...@gmail.com)
wrote:
Hi Franck,
First of all, thanks for your help. I messed up on the Netfilter and OVS.
I have one more doubt, if you can help
Hi Gustavo,
On 09/29/14 15:35, Gustavo Miotto wrote:
But my ideia was to increase OVS match support up to L7, then I
thought about using this L7-filter to create these matches insides ovs
code. L7-filter install this new match inside netfilter, so if I
install it in the linux kernel before ins
Hi Justin,
Do you plan to expose the ct->mark (CONNMARK) as an OpenFlow matcher, as it was
done for the sk_buff->mark (pkt_mark)?
With an application aware conntrack-engine (thanks to ALGs or to a DPI engine)
storing the "Application ID" in the connmark, we could then use compact
matchers base
Hi Thomas,
> I see you are coding as root. I too like to live dangerously ;-)
I work with several GIT repos & backups, so danger is limited :-)
> Did you consider reversing the API and allowing for external modules to
> register a callback function for a specific hook? That would allow for
> mu
Hi Justin,
Thanks for your feedback!
> - It requires OVS to link against the library. We don't want to link
> against third-party libraries, and I don't think this will work for most
> distributions anyway, unless you're planning to upstream a library to the
> various Linux distributions.
Hi,
Please find attached a patch proposal adding a DPI engine in openvswitch. The
patch doesn't include the DPI engine and has been tested with Qosmos ixEngine,
but is not tight to Qosmos in any way: see lib/dpi.h and lib/dpi.c in the patch.
This tiny patch demonstrates how to inject just enoug
12 matches
Mail list logo
