YunTang Hsu via discuss <[email protected]> writes: > Hi, > > I have a kind cluster with Antrea installed. Since I want to use the conntrack > event listener to track the creation/termination of connections, I installed > conntrack CLI in one of Antrea-agen pods. > When I used command “conntrack -E” to listen to events for iperf3 traffic, I > found that not all of the UpdateEvent for tcp state changes can be monitored. > However, I can see the tcp state is changed to “Time_wait” in the conntrack > table (using “conntrack -L”). I can see all the UpdateEvents for a connection > if I use “wget”. Not sure if it is the expected behavior? > The only difference I can notice is that the connection of the iperf3 flow has > a zone=65520, which is the zone used by Antrea. >
Hello, I guess, assuming your datapath implements OVS_CT_ATTR_EVENTMASK, those events are filtered out. This is from ovs-vswitchd.conf.db(5), see ct_eventmask: "True if the datapath’s OVS_ACTION_ATTR_CT action implements the OVS_CT_ATTR_EVENTMASK attribute. When this is true, Open vSwitch uses the event mask feature to limit the kinds of events reported to conntrack update listeners. When Open vSwitch doesn’t limit the event mask, listeners receive reports of numerous usually unimportant events, such as TCP state machine changes, which can waste CPU time." to make them pass, OVS_CT_EVENTMASK_DEFAULT (used for OVS_CT_ATTR_EVENTMASK) should include OVS_CT_EVENT_PROTOINFO, which is not the case. Paolo > I also created an issue for this question in ovs-issues (https://github.com/ > openvswitch/ovs-issues/issues/282). Any comment or suggestion is appreciated. > Thanks. > > Best, > Yun-Tang > _______________________________________________ > discuss mailing list > [email protected] > https://mail.openvswitch.org/mailman/listinfo/ovs-discuss _______________________________________________ discuss mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
