On 3 Oct 2025, at 10:32, Ratheesh Kannoth wrote:
>> From: Eelco Chaudron <[email protected]> >> Cc: [email protected] >> Subject: [EXTERNAL] Re: ovs CT > > >> I guess it’s always good to look at the unit tests there are tons of good >> examples. >> For example: > >> https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_openvswitch_ovs_blob_2c4596732bff2dc353341873e3e1403814726eda_tests_system-2Dtraffic.at-> >> >> 23L6122&d=DwIFaQ&c=nKjWec2b6R0mOyPaz7xtfQ&r=aekcsyBCH00_LewrEDcQBzsRw8KCpUR0vZb_auTHk4M&m=qZ7MmlO8C9PuSmpV4kJSJdDRAVyqro9Wm-Oh3OvMfxoP2uLExXmjvzZCuQesA1P1&s=z_jHxEc3NES2wI5XbPhqeryfW9VKXGIfigfR3fdOh8c&e= >> //Eelco > > Thanks. OVS logs were showing the issue. CONNTRAC ZONE should be enabled in > kernel. > > One more related question. If I use below commad, ARP packets will pushes a > offload rule pushed for ARP packets. > But there is no rule push for TCP packets. Will ovs userspace APPwill push > a offload rule when connection is committed or established ? I’ve not been looking how conntrack was implemented using TC, but here is nice presentation I googled; https://www.youtube.com/watch?v=sst35r4cRsI > ovs-ofctl add-flow br0 "table=0,priority=10,arp,action=normal" > ovs-ofctl add-flow br0 > "table=0,priority=100,tcp,ct_state=-trk,action=ct(table=1)" > ovs-ofctl add-flow br0 > "table=1,in_port=2,tcp,ct_state=+trk+new,action=ct(commit),1" > ovs-ofctl add-flow br0 "table=1,in_port=1,tcp,ct_state=+trk+est,action=2" > ovs-ofctl add-flow br0 "table=1,in_port=2,tcp,ct_state=+trk+est,action=1" > ovs-vsctl set Open_vSwitch . other_config:tc-policy=skip_sw > ovs-vsctl set Open_vSwitch . other_config:hw-offload=true > > -Ratheesh _______________________________________________ discuss mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
