Hi,
On 10/01/14 22:30, Thomas Graf wrote:
On 10/01/14 at 10:08am, Justin Pettit wrote:
On October 1, 2014 at 9:32:40 AM, Gustavo Miotto ([email protected])
wrote:
Hi Franck,
First of all, thanks for your help. I messed up on the Netfilter and OVS.
I have one more doubt, if you can help me I will be very grateful. My
project aims to add Application layer support to OpenFlow, adding one more
field in the flow table; I would like to know if it is viable to create
this support in the ovs (using regex or anything else that matches
application headers like Http). Any help will be appreciated.
Currently, this is not possible. Thomas Graf (cc'd) and I spoke last night
about possibly leveraging some components from the Linux kernel to provide some
limited L7 matching. He may be able to provide some additional details if
you're interested in working on this before we get the chance.
What we discussed in particular is leveraging what already exists in
the kernel in lib/textsearch.c. It's a extendible text search API
that works on non linear SKBs which would be required for L7.
I don't think that extending OF matcher with a regex match will help to
recognize an L7 application, because all of the packets of the flow
would have to match the regex. For instance, to recognize HTTP, let's
say that you search for "GET ", with the following OF matcher:
in_port=1,tcp,tp_dst=80,regex="GET /"
You will only match the first HTTP packet, as the following one won't
include "GET ". In other words, a stateless match is not a viable
solution here.
Best regards,
Franck
_______________________________________________
discuss mailing list
[email protected]
http://openvswitch.org/mailman/listinfo/discuss
