Hi Daniele/Ben, Thanks for the reply. But I am still confused about the current state of conntrack implementation in ovs. Sometimes back I saw Justine has published that he has integrated the conntrack in ovs2.5. But not able to find it. Does he only handle it for the kernel space and not for the userspace? Because, when I tried to get it from ovs-2.5 branch its not there for user space handling. Does he planning something on this separately. Any idea?
I am looking for conntrack in OVS+DPDK setup. So, What is the current state of this development (I am referring to repository of Daniele Di Proietto). Is it having fully supported conntrack tool for userspace there. Is it still calling the netfilter related apis. I like to get more insight of this. Do you have any kind of writeup. Regards, Sourabh Bansal -----Original Message----- From: Daniele Di Proietto [mailto:diproiet...@vmware.com] Sent: Saturday, January 30, 2016 8:34 AM To: Sourabh Bansal (WT01 - NEP) <sourabh.ban...@wipro.com> Cc: discuss@openvswitch.org; Ben Pfaff <b...@ovn.org> Subject: Re: [ovs-discuss] Issue while using Firewall/conntrack with OVS 2.5 + DPDK 2.2.0 in user mode On 29/01/2016 15:14, "Ben Pfaff" <b...@ovn.org> wrote: >On Fri, Jan 29, 2016 at 12:02:04PM +0000, sourabh.ban...@wipro.com wrote: >> Hi OVS Folk, >> >> I checked out OVS 2.5 branch code from git hub and building ovs 2.5 >>with DPDK 2.2.0 on Centos OS 7, kernel 3.18.22 and its building >>successfully with below commands: >> >> ./configure --with-dpdk=/home../DPDK/x86_64-ivshmem-linuxapp-gcc >> >> But I am not able to see Firewall (conntrack) related commands support. >>As shown below: >> >> [root@Potasium ovs-branch-2.5]# ./utilities/ovs-ofctl add-flow br0 >>table=1,in_port=2,ip,ct_state=+new,action=1 >> OFPT_ERROR (xid=0x6): OFPBMC_BAD_MASK NXT_FLOW_MOD (xid=0x6): >> (***truncated to 64 bytes from 80***) >> 00000000 01 04 00 50 00 00 00 06-00 00 23 20 00 00 00 0d >>|...P......# ....| >> 00000010 00 00 00 00 00 00 00 00-01 00 00 00 00 00 80 00 >>|................| >> 00000020 ff ff ff ff ff ff 00 00-00 18 00 00 00 00 00 00 >>|................| >> 00000030 00 00 00 02 00 02 00 00-06 02 08 00 00 01 d3 08 >>|................| >> >> I am getting above highlighted error and no flow is getting added. I >>used many options as specified in ovs-ofctl man page. >> >> Then I found below command to configure OVS with linux. >> ./configure --with-dpdk=$DPDK_BUILD --with-linux=/lib/modules/`uname >>-r`/build >> >> It's building successfully but facing same issues while adding flows >>with ovs-ofctl command using ct_state flags or ct. >> >> [root@Potasium ovs-branch-2.5]# ./ovs-branch-2.5/utilities/ovs-ofctl >>add-flow br0 in_port=1,tcp,ct_state=+trk-new,actions=ct,output:2 >> OFPT_ERROR (xid=0x4): OFPBMC_BAD_MASK NXT_FLOW_MOD (xid=0x4): >> (***truncated to 64 bytes from 112***) >> 00000000 01 04 00 70 00 00 00 04-00 00 23 20 00 00 00 0d >>|...p......# ....| >> 00000010 00 00 00 00 00 00 00 00-00 00 00 00 00 00 80 00 >>|................| >> 00000020 ff ff ff ff ff ff 00 00-00 1d 00 00 00 00 00 00 >>|................| >> 00000030 00 00 00 02 00 01 00 00-06 02 08 00 00 00 0c 01 >>|................| >> >> So, my questions are: >> How to confirm whether conntrack is built and running with OVS + DPDK? >>I can see the netlink_conntrack.o file in /lib dir. >> Is Conntrack running in user mode with OVS and dpdk? >> Am I using the right commands of connection tracker? > >The FAQ has feature support information: > >### Q: Are all features available with all datapaths? > >A: Open vSwitch supports different datapaths on different platforms. Each > datapath has a different feature set: the following tables try to >summarize > the status. > > Supported datapaths: > > * *Linux upstream*: The datapath implemented by the kernel module >shipped > with Linux upstream. Since features have been >gradually > introduced into the kernel, the table mentions >the first > Linux release whose OVS module supports the >feature. > > * *Linux OVS tree*: The datapath implemented by the Linux kernel module > distributed with the OVS source tree. Some >features of > this module rely on functionality not available >in older > kernels: in this case the minumum Linux version >(against > which the feature can be compiled) is listed. > > * *Userspace*: Also known as DPDK, dpif-netdev or dummy datapath. It >is the > only datapath that works on NetBSD and FreeBSD. > > * *Hyper-V*: Also known as the Windows datapath. > > The following table lists the datapath supported features from > an Open vSwitch user's perspective. > >Feature | Linux upstream | Linux OVS tree | Userspace | >Hyper-V | >----------------------|:--------------:|:--------------:|:---------:|:- >----------------------|--- >---:| >Connection tracking | 4.3 | 3.10 | NO | >NO | You can find a first version of the userspace connection tracker here: http://openvswitch.org/pipermail/dev/2015-November/062228.html I still need to handle some feedback and send out a v2, I hope I can do it soon The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments. WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email. www.wipro.com _______________________________________________ discuss mailing list discuss@openvswitch.org http://openvswitch.org/mailman/listinfo/discuss
