> On Aug 31, 2015, at 8:40 PM, Ben Warren <[email protected]> wrote:
>
> It’s exciting to see conntrack support being accepted in the Linux kernel.
> We’ve been building based on the justinpettit/ovs tree and so far it works
> like a charm. Nice work!
Great to hear that it's working for you!
> Two questions:
> 1. Is there a way, apart from parsing the output of ‘ovs-ofctl —version’ to
> determine if the installed .ko supports conntrack? I looked through /proc
> and /sys and didn’t see anything, but am pretty good at missing things.
I'm not aware of one. In ofproto-dpif.c, there are run time checks for a
number of features, including conntrack support. Currently, it just logs a
message, but it might make sense to store that information in OVSDB. Would
that help?
> 2. Any idea when the changes will be merged into ovs mainline? I expect “as
> soon as we can”, but just wondering...
That's basically correct. :-) The issue is that we need to backport it to
older kernels, which could be fairly complicated. Joe Stringer is doing that
work, but he's estimating a month or two. That's subject to change, though, as
he digs into it.
I think his plan is to send out the userspace changes for review soon, though,
which will allow the tip of OVS master to work with a net-next kernel. Based
on our experience using conntrack, there will be a couple of changes to the
OpenFlow interface to conntrack:
- You won't need to provide an immediate value to the zone argument.
Instead, you can point it to a register value.
- Instead of just a "recirc" flag, you can specify a "go-to table"
argument that will make execution continue from the specified table.
I'll send out later this week a link to my personal repo that makes use of
these new conntrack argument for ACL support in OVN.
--Justin
_______________________________________________
discuss mailing list
[email protected]
http://openvswitch.org/mailman/listinfo/discuss
