Hi, my knowledge about OVS openflow/datapath actions implementation is quite limited, so I'd like to ask you for help. Basically my problem boils down to how to share with `sample` action some data, which is available just after execution of action `ct` (NAT translation in my case).
TL;DR Details: There is already available patch, which introduces NAT support in OVS userspace: https://mail.openvswitch.org/pipermail/ovs-dev/2017-February/328888.html I'm playing with this patch, because I'd like to expose via sFlow following data: """ /* Extended NAT Data Packet header records report addresses as seen at the sFlowDataSource. The extended_nat structure reports on translated source and/or destination addesses for this packet. If an address was not translated it should be equal to that reported for the header. */ /* opaque = flow_data; enterprise = 0; format = 1007 */ struct extended_nat { address src_address; /* Source address */ address dst_address; /* Destination address */ } """ As can be seen `src_address` and `dst_address` should contain ip addresses translated by NAT. In case of many-to-one Source NAT translation: ovs-ofctl add-flow br0 idle_timeout=0,in_port=2,ip,action="ct(commit,zone=1,nat(src=10.0.0.2)),1" there is no problem, because sFlow `src_address` can be taken from the action definition `src` attribute. However in many-to-many Source NAT translation: ovs-ofctl add-flow br0 idle_timeout=0,in_port=2,ip,action="ct(commit,zone=1,nat(src=10.0.0.1-10.0.0.255)),1" from the action definition can be taken only specified range of ip addresses. Unfortunately the eventually selected ip address for translation is not available here. OVS sFlow monitoring is composed from `sample` and `userspace` actions. So having sFlow and NAT enabled following actions are involved: # ovs-appctl dpctl/dump-flows [...] actions:sample(sample=1.0%,actions(userspace(pid=0,sFlow(vid=0,pcp=0,output=2147483649),actions))), ct(commit,zone=1,nat(src=10.0.0.1-10.0.0.255)),2 `sample` action is executed always before `ct`, so the NAT translation is not visible in sFlow upcall. When I changed the order and `ct` was executed before `sample` then in sFlow upcall there was received the packet after NAT translation, so there was lost original source IP address. The only idea I came up with is to execute `sample` action after `ct` (NAT), but this `sample` action should take as input original packet before NAT translation and translated ip address by NAT in `user_action_cookie`. If you have any suggestions or some other idea how to approach this problem please share with me. Br, Robert _______________________________________________ discuss mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
