> On Jun 28, 2015, at 8:55 PM, Zhang, Chunyu <[email protected]> wrote:
>
> hi justin
>
>>> 3. ovs-ofctl command
>>> in our project , we use nf_conntrack extension :
>>>
>>> static struct nf_ct_ext_type nf_ct_colo_extend __read_mostly = {
>>> .len = sizeof(struct nf_conn_colo),
>>> .move = nf_ct_colo_extend_move,
>>> .destroy = nf_ct_colo_extend_destroy,
>>> .align = __alignof__(struct nf_conn_colo),
>>> .id = NF_CT_EXT_COLO,
>>> };
>>>
>>> if i want to nf_conntrack extension work.
>>> ovs-ofctl command is ?
>>> please give me some example and advise
>>
>> If you use the OVS repo, the man pages for ovs-ofctl were updated. Look for
>> the new "ct" action and "conn_state" match.
>
> I use this:
> ovs-ofctl add-flow ovsbr0
> "in_port=1,conn_state=+trk+new,tcp,action=ct(commit),1"
> ovs-ofctl add-flow ovsbr0
> "in_port=2,conn_state=+trk+new,tcp,action=ct(commit),1"
> ovs-ofctl add-flow ovsbr0
> "in_port=3,conn_state=+trk+new,tcp,action=ct(commit),1"
I don't understand these flows. You can't match on "conn_state" until after
your call to ct(). This is documented in the ovs-ofctl man page:
conn_state=[+flag...][-flag...]
Bitwise match on connection state flags. The flags are only
available after a call to the ct action with the "recirc" flag
set.
Further, you're sending all of your packets to port 1, which I can't imagine is
what you want.
One of the commit messages provides some example flows:
https://github.com/justinpettit/ovs/commit/be947f2
--Justin
_______________________________________________
discuss mailing list
[email protected]
http://openvswitch.org/mailman/listinfo/discuss
