Hi Joe, Thanks for the response. I have ensured the nf_conntrack_ipv4 module is loaded but still cannot get the commit to work.
I am running Ubuntu 14.04 Kernel version: 3.16.0-30-generic John On Mon, Mar 23, 2015 at 6:27 PM, Joe Stringer <[email protected]> wrote: > Hi John, > > I strongly suspect in this case, conntrack has been unable to identify > the connection. There's two parts to this: Perhaps you need to load > nf_conntrack_ipv4? if that module is not loaded, then conntrack cannot > identify any IP traffic. Separately, to address the crash, the line > with the nf_ct_is_confirmed() call likely needs to check if ct is > non-NULL first. > > One useful datapoint is what kernel version/distro are you running? > I've been testing on the latest net-next, although I should expect it > work on anything back to linux-3.10. Perhaps earlier depending on the > particular features required, YMMV. > > Apologies, there's a few bugs like this which I have found in local > testing but I have not pushed the changes yet. This is in part because > the ongoing development is against the linux tree, so I haven't > backported the current development code to build inside the OVS tree. > > Without the commit, the nf_conntrack tables will not be populated. > > On 23 March 2015 at 09:49, John Hurley <[email protected]> wrote: > > Hi, > > I am interested in using Conntrack within OVS and have installed the > latest > > version from the banch ( > https://github.com/justinpettit/ovs/tree/conntrack). > > > > When I run an example mentioned in the tests: > > > > ovs-ofctl del-flows br0 > > ovs-ofctl add-flow br0 \ > > "in_port=1,conn_state=-trk,tcp,action=ct(commit,zone=9),2" > > ovs-ofctl add-flow br0 \ > > "in_port=2,conn_state=-trk,tcp,action=ct(recirc,zone=9)" > > ovs-ofctl add-flow br0 "in_port=2,conn_state=+trk+est-new,tcp,action=1" > > ovs-ofctl add-flow br0 > "in_port=2,conn_state=+trk-est+new,tcp,action=drop" > > ovs-ofctl add-flow br0 priority=10,action=normal > > > > I am seeing a kernel panic for the 'commit' action. > > I have traced this to the nf_ct_is_confirmed(ct) call on the nf_conntrack > > module. > > If I edit the code to avoid this check I avoid the panic but am getting > an > > error response from calls such as 'nf_ct_get(skb, &ctinfo)'. > > > > It appears that ovs-conntrack is not populating the nf_conntrack tables > for > > me. > > Is there any information on installing/running the ovs-conntrack branch > > specifically or is there anything else that should be done on top of the > > standard OVS installation. > > Doing an lsmod I can see both openvswitch and nf_conntrack modules > running. > > > > Thanks, > > > > John > > > > > > > > > > _______________________________________________ > > discuss mailing list > > [email protected] > > http://openvswitch.org/mailman/listinfo/discuss > > >
_______________________________________________ discuss mailing list [email protected] http://openvswitch.org/mailman/listinfo/discuss
