This patch series introduces IP_DEFRAG actions in both user space and linux
kenrel datapath.
Since IP reassembly is required for conntrack (stateful firewall) to work. It
seems natural
to introduce IP_Defrag action before introducing the conntrack action.
It is not entirely clear whether IP_DEFRAG needs to be an open flow action. It
is at least
convenient for now that we can configure and test defrag datapath action
independent of the
conntrack action. On the other hand, we may deprecate it as an open flow
action down the road.
I have tested with the following rules:
ovs-ofctl add-flow br0 \
"in_port=local,ip,action=ip_defrag(zone=0),normal"
ovs-ofctl add-flow br0 \
"in_port=1,ip,action=ip_defrag(zone=0),local"
The patch series as is has the following limitations.
1. They only handles non-fragmented IP fragments -- Handling IP fragments
requires additional user space
and kernel changes. I plan to work on supporting multiple fragments next.
2. It only handles IPv4 packets.
Andy Zhou (2):
ofp-action: Add IP defragmentation action OFPACT_IP_DEFRAG
datapath: add ip_defag action
datapath/actions.c | 39 ++++++++++-
datapath/flow_netlink.c | 6 +-
datapath/linux/compat/include/linux/openvswitch.h | 14 +++-
lib/dpif-netdev.c | 1 +
lib/dpif.c | 1 +
lib/odp-execute.c | 3 +
lib/odp-util.c | 11 +++
lib/ofp-actions.c | 82 +++++++++++++++++++++++
lib/ofp-actions.h | 10 +++
ofproto/ofproto-dpif-xlate.c | 15 +++++
10 files changed, 179 insertions(+), 3 deletions(-)
--
1.9.1
_______________________________________________
dev mailing list
[email protected]
http://openvswitch.org/mailman/listinfo/dev
