Hi Thomas,
On 10/08/14 15:59, Thomas Graf wrote:
I think you should even consider proposing a talk on this! This is
exactly why we have the conference. A quick intro to the problem
statement and the relation to the connection tracking is enough and we
can dive right into the discussion.
Here is my proposal:
Problem statement :
How to extend the datapath with a packet content matcher (regex at least),
in order to achieve at least a basic L7 classification, knowing that:
* L7 classification is related to a network conversation made of two
OpenFlow
flows: client to server and server to client.
* L7 classification is done thanks to a specific pattern found often
in the very
first payload packets, for instance "GET " for HTTP. Following
packets won't
include the same pattern, but still belong to the same HTTP
conversation.
Conntacker relationship :
Conntrack is not related to a packet but, as above, to a network
conversation.
Beside the NEW/ESTABLISHED/RELATED/INVALID flags, we could store the L7
classification result close-by, and extend the flow key as done for the
conntracker. So the conntracker may be a placeholder for L7 classification
processing and classification result storage.
Best Regards,
Franck
_______________________________________________
discuss mailing list
[email protected]
http://openvswitch.org/mailman/listinfo/discuss
