optional \fImask\fR. This represents metadata associated with the connection
that the current packet is part of. Introduced in Open vSwitch 2.5.
.
+.IP \fBct_label=\fIvalue\fR[\fB/\fImask\fR]
+Matches the given 128-bit connection labels \fIvalue\fR either exactly or with
+optional \fImask\fR. This represents metadata associated with the connection
+that the current packet is part of. Introduced in Open vSwitch 2.5.
+.
.PP
Defining IPv6 flows (those with \fBdl_type\fR equal to 0x86dd) requires
support for NXM. The following shorthand notations are available for
committed, then subsequent lookups for packets in this connection will
populate the \fBct_mark\fR flow field when the packet is sent to the
connection tracker with the \fBtable\fR specified.
+.IP \fBset_field:\fIvalue\fR->ct_label\fR
+Store a 128-bit metadata value with the connection. If the connection is
+committed, then subsequent lookups for packets in this connection will
+populate the \fBct_label\fR flow field when the packet is sent to the
+connection tracker with the \fBtable\fR specified.
.RE
.IP
The \fBcommit\fR parameter must be specified to use \fBexec(...)\fR.
.
+.IP \fBalg=\fIalg\fR
+Specify application layer gateway \fIalg\fR to track specific connection
+types. Supported types include:
+.RS
+.IP \fBftp\fR
+Look for negotiation of FTP data connections. If a subsequent FTP data
+connection arrives which is related, the \fBct\fR action will set the
+\fBrel\fR flag in the \fBct_state\fR field for packets sent through \fBct\fR.
+.RE
+.
.RE
.IP
The \fBct\fR action may be used as a primitive to construct stateful firewalls
projects / cascardo / ovs.git / blobdiff