[ovs-dev] connection tracking questions

Nicolas Bouliane nbouliane at digitalocean.com
Thu Oct 31 23:30:29 UTC 2019


I'm manually inserting an entry with the conntrack tool.

# conntrack -I -d -s -p tcp --sport 80 --dport 80
--state ESTABLISHED --status A
SSURED -t 300 --zone 5
conntrack v1.4.4 (conntrack-tools): 1 flow entries have been created.

# conntrack -L
tcp      6 295 ESTABLISHED src= dst= sport=80
dport=80 [UNREPLIED] src= dst= sport=80 dport=80
[ASSURED] mark=0 zone=5 use=1
conntrack v1.4.4 (conntrack-tools): 1 flow entries have been shown.

But when I use dump-conntrack I see nothing:

# ovs-appctl dpctl/dump-conntrack

- Does OVS use the same datastructure as the one used by the conntrack tool
? (I would presume so since all that is abstracted behind netlink?)
- What distinguishes an entry used by the datapath or not ?
- When I use ofproto/trace and hit flows that use the connection tracking:
ct(), does an actual lookup is made even though I'm just tracing ? or it's
just simulated.

thanks !

