[ovs-discuss] how to use ovs-conntrack

Zhang, Chunyu zhangcy at cn.fujitsu.com
Mon Jun 29 03:55:22 UTC 2015 

hi justin

>> 3. ovs-ofctl command
>> in our project , we use nf_conntrack extension :
>>
>> static struct nf_ct_ext_type nf_ct_colo_extend __read_mostly = {
>>      .len        = sizeof(struct nf_conn_colo),
>>      .move       = nf_ct_colo_extend_move,
>>      .destroy    = nf_ct_colo_extend_destroy,
>>      .align      = __alignof__(struct nf_conn_colo),
>>      .id              = NF_CT_EXT_COLO,
>> };
>>
>> if i want to nf_conntrack extension work.
>> ovs-ofctl command is ?
>> please give me some example and advise
>
>If you use the OVS repo, the man pages for ovs-ofctl were updated.  Look for the new "ct" action and "conn_state" match.

I use this:
ovs-ofctl add-flow ovsbr0   "in_port=1,conn_state=+trk+new,tcp,action=ct(commit),1"
ovs-ofctl add-flow ovsbr0   "in_port=2,conn_state=+trk+new,tcp,action=ct(commit),1"
ovs-ofctl add-flow ovsbr0   "in_port=3,conn_state=+trk+new,tcp,action=ct(commit),1"

and ssh can work now.
thanks.

but i have another questions:

1. why tcp can work
i think tcp also use nf_conntrack.
so i think,  without you patch , tcp can not work.

but the result is :
without you patch, ssh(tcp) can work.
but  nf_conntrack extension can not work.
why ?

2. scp can not work
I use nf_conntrack extension .
I use you patch  && ovs-ofctl  command
ovs-ofctl add-flow ovsbr0   "in_port=1,conn_state=+trk+new,tcp,action=ct(commit),1"
ovs-ofctl add-flow ovsbr0   "in_port=2,conn_state=+trk+new,tcp,action=ct(commit),1"
ovs-ofctl add-flow ovsbr0   "in_port=3,conn_state=+trk+new,tcp,action=ct(commit),1"

I find ssh can work
scp can not work.
why?



>
>> On Jun 24, 2015, at 4:13 AM, Zhang, Chunyu <zhangcy at cn.fujitsu.com> wrote:
>> 
>> hi Justin
>>> 
>>>> On Jun 23, 2015, at 12:37 PM, Zhang, Chunyu <zhangcy at cn.fujitsu.com> wrote:
>>>> 
>>>> i want to use ovs-conntrack.
>>>> i know ovs is in : https://github.com/justinpettit/ovs/tree/conntrack
>>>> i know kernel module should change : https://lkml.org/lkml/2015/3/2/835
>>> 
>>> As I mentioned, I'd recommend using the OVS repo, which has all the parts you need.  It should be rebased against OVS master in the next couple of days.  I imagine an updated kernel portion will be sent out to netdev in the next few weeks.
>> I found 2 ovs repo in Kernel.org git repositories
>> 1. https://git.kernel.org/cgit/linux/kernel/git/pshelar/openvswitch.git/?h=net_next_ovs
>> 2. https://git.kernel.org/cgit/linux/kernel/git/jesse/openvswitch.git/
>> which one you will push ?
>> I git clone net_next_ovs, but not find any kernel patch for ovs-conntrack
>
>I thought I was using the terminology as you originally used.  The code you should be using is here:
>
>	https://github.com/justinpettit/ovs/tree/conntrack
>
>--Justin
>
>

More information about the discuss mailing list