diff options
| author |   Jarno Rajahalme <jarno@ovn.org> | 2016-03-10 10:54:23 -0800 |
|---|---|---|
| committer |   Pablo Neira Ayuso <pablo@netfilter.org> | 2016-03-14 23:47:29 +0100 |
| commit | 05752523e56502cd9975aec0a2ded465d51a71f3 (patch) | |
| tree | 790e1c4d9855ca15e1104ef9697c342dfe08a780 /net/openvswitch/conntrack.h | |
| parent | openvswitch: Delay conntrack helper call for new connections. (diff) | |
| download | linux-dev-05752523e56502cd9975aec0a2ded465d51a71f3.tar.xz linux-dev-05752523e56502cd9975aec0a2ded465d51a71f3.zip | |
openvswitch: Interface with NAT.
Extend OVS conntrack interface to cover NAT. New nested
OVS_CT_ATTR_NAT attribute may be used to include NAT with a CT action.
A bare OVS_CT_ATTR_NAT only mangles existing and expected connections.
If OVS_NAT_ATTR_SRC or OVS_NAT_ATTR_DST is included within the nested
attributes, new (non-committed/non-confirmed) connections are mangled
according to the rest of the nested attributes.
The corresponding OVS userspace patch series includes test cases (in
tests/system-traffic.at) that also serve as example uses.
This work extends on a branch by Thomas Graf at
https://github.com/tgraf/ovs/tree/nat.
Signed-off-by: Jarno Rajahalme <jarno@ovn.org>
Acked-by: Thomas Graf <tgraf@suug.ch>
Acked-by: Joe Stringer <joe@ovn.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net/openvswitch/conntrack.h')
| -rw-r--r-- | net/openvswitch/conntrack.h | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/net/openvswitch/conntrack.h b/net/openvswitch/conntrack.h index a7544f405c16..8f6230bd6183 100644 --- a/net/openvswitch/conntrack.h +++ b/net/openvswitch/conntrack.h @@ -37,7 +37,8 @@ void ovs_ct_free_action(const struct nlattr *a); #define CT_SUPPORTED_MASK (OVS_CS_F_NEW | OVS_CS_F_ESTABLISHED | \ OVS_CS_F_RELATED | OVS_CS_F_REPLY_DIR | \ - OVS_CS_F_INVALID | OVS_CS_F_TRACKED) + OVS_CS_F_INVALID | OVS_CS_F_TRACKED | \ + OVS_CS_F_SRC_NAT | OVS_CS_F_DST_NAT) #else #include <linux/errno.h> |