From: Thomas Graf <tgraf@suug.ch>
To: Florian Westphal <fw@strlen.de>
Cc: Jarno Rajahalme <jrajahalme@nicira.com>,
netdev@vger.kernel.org, dev@openvswitch.org
Subject: Re: [RFC PATCH 5/5] openvswitch: Interface with NAT.
Date: Wed, 21 Oct 2015 13:30:54 +0200 [thread overview]
Message-ID: <20151021113054.GB17991@pox.localdomain> (raw)
In-Reply-To: <20151021093459.GA31323@breakpoint.cc>
On 10/21/15 at 11:34am, Florian Westphal wrote:
> Jarno Rajahalme <jrajahalme@nicira.com> wrote:
> > #define OVS_CS_F_REPLY_DIR 0x08 /* Flow is in the reply direction. */
> > #define OVS_CS_F_INVALID 0x10 /* Could not track connection. */
> > #define OVS_CS_F_TRACKED 0x20 /* Conntrack has occurred. */
> > +#define OVS_CS_F_SRC_NAT 0x40 /* Packet's source address/port was
> > + mangled by NAT. */
> > +#define OVS_CS_F_DST_NAT 0x80 /* Packet's destination address/port
> > + was mangled by NAT. */
>
> I'm blind -- how does ovs deal with change of output device and the
> ether dst mac as result of a l3 dst translation?
I assume you are referring to rewriting of L2 and the forwarding decision
after NAT. As NAT is performed in combination with conntrack, the packet
is recirculated and hits the flow table again after NAT. That 2nd
stage flow must take are of performing L3 by rewriting L2, decrementing
TTL, etc.
Is this what you are referring to?
next prev parent reply other threads:[~2015-10-21 11:30 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-10-20 22:20 [RFC PATCH 1/5] netfilter: Remove IP_CT_NEW_REPLY definition Jarno Rajahalme
2015-10-20 22:20 ` [RFC PATCH 2/5] netfilter: Factor out nf_ct_get_info() Jarno Rajahalme
[not found] ` <1445379629-112880-2-git-send-email-jrajahalme-l0M0P4e3n4LQT0dZR+AlfA@public.gmane.org>
2015-10-21 8:50 ` Thomas Graf
2015-10-21 10:45 ` Pablo Neira Ayuso
2015-10-21 20:43 ` Jarno Rajahalme
2015-10-21 21:38 ` Jarno Rajahalme
2015-10-20 22:20 ` [RFC PATCH 3/5] netfilter: Allow calling into nat helper without skb_dst Jarno Rajahalme
[not found] ` <1445379629-112880-3-git-send-email-jrajahalme-l0M0P4e3n4LQT0dZR+AlfA@public.gmane.org>
2015-10-21 10:44 ` Pablo Neira Ayuso
2015-10-21 20:44 ` Jarno Rajahalme
[not found] ` <1445379629-112880-1-git-send-email-jrajahalme-l0M0P4e3n4LQT0dZR+AlfA@public.gmane.org>
2015-10-20 22:20 ` [RFC PATCH 4/5] openvswitch: conntrack netlink API updates Jarno Rajahalme
2015-10-21 10:41 ` Pablo Neira Ayuso
2015-10-21 11:18 ` Thomas Graf
2015-10-20 22:20 ` [RFC PATCH 5/5] openvswitch: Interface with NAT Jarno Rajahalme
[not found] ` <1445379629-112880-5-git-send-email-jrajahalme-l0M0P4e3n4LQT0dZR+AlfA@public.gmane.org>
2015-10-21 9:34 ` Florian Westphal
2015-10-21 11:30 ` Thomas Graf [this message]
2015-10-21 14:42 ` Florian Westphal
2015-10-21 10:59 ` Thomas Graf
2015-10-21 21:04 ` Jarno Rajahalme
2015-10-21 23:30 ` Thomas Graf
2015-10-20 22:28 ` [RFC PATCH 1/5] netfilter: Remove IP_CT_NEW_REPLY definition Jarno Rajahalme
2015-10-21 8:33 ` [ovs-dev] " Thomas Graf
[not found] ` <20151021083323.GB15539-4EA/1caXOu0mYvmMESoHnA@public.gmane.org>
2015-10-21 20:15 ` Jarno Rajahalme
2015-10-21 23:32 ` [ovs-dev] " Thomas Graf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20151021113054.GB17991@pox.localdomain \
--to=tgraf@suug.ch \
--cc=dev@openvswitch.org \
--cc=fw@strlen.de \
--cc=jrajahalme@nicira.com \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).