openvswitch: Interface with NAT. Extend OVS conntrack interface to cover NAT. New nested OVS_CT_ATTR_NAT attribute may be used to include NAT with a CT action. A bare OVS_CT_ATTR_NAT only mangles existing and expected connections. If OVS_NAT_ATTR_SRC or OVS_NAT_ATTR_DST is included within the nested attributes, new (non-committed/non-confirmed) connections are mangled according to the rest of the nested attributes. The corresponding OVS userspace patch series includes test cases (in tests/system-traffic.at) that also serve as example uses. This work extends on a branch by Thomas Graf at https://github.com/tgraf/ovs/tree/nat. Signed-off-by: Jarno Rajahalme <jarno@ovn.org> Acked-by: Thomas Graf <tgraf@suug.ch> Acked-by: Joe Stringer <joe@ovn.org> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

commit: 05752523e56502cd9975aec0a2ded465d51a71f3 [log] [tgz]
author: Jarno Rajahalme <jarno@ovn.org> Thu Mar 10 10:54:23 2016 -0800
committer: Pablo Neira Ayuso <pablo@netfilter.org> Mon Mar 14 23:47:29 2016 +0100
tree: 790e1c4d9855ca15e1104ef9697c342dfe08a780
parent: 28b6e0c1ace45779c60e7cefe6d469b7ecb520b8 [diff] [blame]
diff --git a/net/openvswitch/Kconfig b/net/openvswitch/Kconfig
index cd5fd9d..234a733 100644
--- a/net/openvswitch/Kconfig
+++ b/net/openvswitch/Kconfig

@@ -6,7 +6,8 @@
 	tristate "Open vSwitch"
 	depends on INET
 	depends on !NF_CONNTRACK || \
-		   (NF_CONNTRACK && (!NF_DEFRAG_IPV6 || NF_DEFRAG_IPV6))
+		   (NF_CONNTRACK && ((!NF_DEFRAG_IPV6 || NF_DEFRAG_IPV6) && \
+				     (!NF_NAT || NF_NAT)))
 	select LIBCRC32C
 	select MPLS
 	select NET_MPLS_GSO
commit	05752523e56502cd9975aec0a2ded465d51a71f3	[log] [tgz]
author	Jarno Rajahalme <jarno@ovn.org>	Thu Mar 10 10:54:23 2016 -0800
committer	Pablo Neira Ayuso <pablo@netfilter.org>	Mon Mar 14 23:47:29 2016 +0100
tree	790e1c4d9855ca15e1104ef9697c342dfe08a780
parent	28b6e0c1ace45779c60e7cefe6d469b7ecb520b8 [diff] [blame]