Hi Kain, For a flow configured to match "ct_state=+new+est+trk," a packet will be evaluated against all three states. The ct_state will be marked as "new" in the packet metadata only if the connection is not found in the conntrack database. Conversely, ct_state will be marked as "est" if the connection is present in the database and has had traffic in both directions.
Therefore, configuring ct_state as "+new+est+trk" will cause the match to fail, resulting in the packet being dropped if no other flows are configured. Thanks, Amit Shukla From: discuss <ovs-discuss-boun...@openvswitch.org> On Behalf Of Kain TV via discuss Sent: Tuesday, August 6, 2024 2:52 PM To: ovs-discuss@openvswitch.org Subject: [EXTERNAL] [ovs-discuss] ct_state new and est in flow According to the docs openvswitch. org/support/dist-docs/ovs-fields. 7. txt "4. new and est are mutually exclusive. " Why when adding a new flow I can set the ct_state field like this "ct_state=+new+est+trk" ? And what is According to the docs openvswitch.org/support/dist-docs/ovs-fields.7.txt<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.openvswitch.org_support_dist-2Ddocs_ovs-2Dfields.7.txt&d=DwMFaQ&c=nKjWec2b6R0mOyPaz7xtfQ&r=ALGdXl3fZgFGR69VnJLdSnADun7zLaXG1p5Rs7pXihE&m=5sOy2QtJeBrcpOiKI6ieJDc3c1CiqhRbzdnG_fDnncPaWwcwgVEW00ml7lg4S1FL&s=HfuW_fXT-JyRkDllQLeMuU1Pet_dUB3EAmVlxeibaQI&e=> "4. new and est are mutually exclusive." Why when adding a new flow I can set the ct_state field like this "ct_state=+new+est+trk" ? And what is the expected matching behavior if ct_state field is set like above ? Best regards, Kain
_______________________________________________ discuss mailing list disc...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
