Hi All, I ran some tests by using the source code at https://github.com/ddiproietto/ovs/tree/userconntrack_20151115
I could use the add-flow commands, the only thing was to remember the " " like in the following sudo $OVS_DIR/utilities/ovs-ofctl add-flow br0 "table=0,in_port=1,tcp, ct_state=-trk,action=ct(commit,zone=9),2" Antonio > -----Original Message----- > From: discuss [mailto:[email protected]] On Behalf Of > Daniele Di Proietto > Sent: Saturday, January 30, 2016 3:04 AM > To: [email protected] > Cc: [email protected] > Subject: Re: [ovs-discuss] Issue while using Firewall/conntrack with OVS 2.5 + > DPDK 2.2.0 in user mode > > > > On 29/01/2016 15:14, "Ben Pfaff" <[email protected]> wrote: > > >On Fri, Jan 29, 2016 at 12:02:04PM +0000, [email protected] > wrote: > >> Hi OVS Folk, > >> > >> I checked out OVS 2.5 branch code from git hub and building ovs 2.5 > >>with DPDK 2.2.0 on Centos OS 7, kernel 3.18.22 and its building > >>successfully with below commands: > >> > >> ./configure --with-dpdk=/home../DPDK/x86_64-ivshmem-linuxapp-gcc > >> > >> But I am not able to see Firewall (conntrack) related commands support. > >>As shown below: > >> > >> [root@Potasium ovs-branch-2.5]# ./utilities/ovs-ofctl add-flow br0 > >>table=1,in_port=2,ip,ct_state=+new,action=1 > >> OFPT_ERROR (xid=0x6): OFPBMC_BAD_MASK > >> NXT_FLOW_MOD (xid=0x6): > >> (***truncated to 64 bytes from 80***) > >> 00000000 01 04 00 50 00 00 00 06-00 00 23 20 00 00 00 0d |...P......# > >>....| > >> 00000010 00 00 00 00 00 00 00 00-01 00 00 00 00 00 80 00 > >>|................| > >> 00000020 ff ff ff ff ff ff 00 00-00 18 00 00 00 00 00 00 > >>|................| > >> 00000030 00 00 00 02 00 02 00 00-06 02 08 00 00 01 d3 08 > >>|................| > >> > >> I am getting above highlighted error and no flow is getting added. I > >>used many options as specified in ovs-ofctl man page. > >> > >> Then I found below command to configure OVS with linux. > >> ./configure --with-dpdk=$DPDK_BUILD --with-linux=/lib/modules/`uname > >>-r`/build > >> > >> It's building successfully but facing same issues while adding flows > >>with ovs-ofctl command using ct_state flags or ct. > >> > >> [root@Potasium ovs-branch-2.5]# ./ovs-branch-2.5/utilities/ovs-ofctl > >>add-flow br0 in_port=1,tcp,ct_state=+trk-new,actions=ct,output:2 > >> OFPT_ERROR (xid=0x4): OFPBMC_BAD_MASK > >> NXT_FLOW_MOD (xid=0x4): > >> (***truncated to 64 bytes from 112***) > >> 00000000 01 04 00 70 00 00 00 04-00 00 23 20 00 00 00 0d |...p......# > >>....| > >> 00000010 00 00 00 00 00 00 00 00-00 00 00 00 00 00 80 00 > >>|................| > >> 00000020 ff ff ff ff ff ff 00 00-00 1d 00 00 00 00 00 00 > >>|................| > >> 00000030 00 00 00 02 00 01 00 00-06 02 08 00 00 00 0c 01 > >>|................| > >> > >> So, my questions are: > >> How to confirm whether conntrack is built and running with OVS + DPDK? > >>I can see the netlink_conntrack.o file in /lib dir. > >> Is Conntrack running in user mode with OVS and dpdk? > >> Am I using the right commands of connection tracker? > > > >The FAQ has feature support information: > > > >### Q: Are all features available with all datapaths? > > > >A: Open vSwitch supports different datapaths on different platforms. Each > > datapath has a different feature set: the following tables try to > >summarize > > the status. > > > > Supported datapaths: > > > > * *Linux upstream*: The datapath implemented by the kernel module > >shipped > > with Linux upstream. Since features have been > >gradually > > introduced into the kernel, the table mentions the > >first > > Linux release whose OVS module supports the > >feature. > > > > * *Linux OVS tree*: The datapath implemented by the Linux kernel module > > distributed with the OVS source tree. Some > >features of > > this module rely on functionality not available in > >older > > kernels: in this case the minumum Linux version > >(against > > which the feature can be compiled) is listed. > > > > * *Userspace*: Also known as DPDK, dpif-netdev or dummy datapath. It > >is the > > only datapath that works on NetBSD and FreeBSD. > > > > * *Hyper-V*: Also known as the Windows datapath. > > > > The following table lists the datapath supported features from > > an Open vSwitch user's perspective. > > > >Feature | Linux upstream | Linux OVS tree | Userspace | > >Hyper-V | > >----------------------|:--------------:|:--------------:|:---------:|:---- > >---:| > >Connection tracking | 4.3 | 3.10 | NO | > >NO | > > You can find a first version of the userspace connection tracker here: > > http://openvswitch.org/pipermail/dev/2015-November/062228.html > > I still need to handle some feedback and send out a v2, I hope I can do it > soon > > _______________________________________________ > discuss mailing list > [email protected] > http://openvswitch.org/mailman/listinfo/discuss _______________________________________________ discuss mailing list [email protected] http://openvswitch.org/mailman/listinfo/discuss
