On 10/07/14 at 09:47am, Franck Baudin wrote: > One non intrusive way to extend the flow key is to run the regex before the > key lookup, and to extend the flow key with the result and not the regex > itself. For instance, the regex result is a 32 bits, encoding the list of > the matching regex. > > It's like loading the skb->mark (already part of the flow key) with a value > reflecting the matching result. This is very simple from an implementation > perspective at the flow table level.
I see where you are going with this but running a textsearch on every packet received is very expensive. In order for the textsearch to be effective, the most efficient algorithm must be selected and from/to offsets must be provided to avoid searching in the entire payload of the packet. What comes to mind here is to have a textsearch() action taking all of the above attributes which results in the bitmask you describe followed by a recirculation to match on the result in another flow. I think this would make for an excellent topic for the OVS fall conference. Are you attending? This would make for an excellent talk & discussion. _______________________________________________ discuss mailing list [email protected] http://openvswitch.org/mailman/listinfo/discuss
