@@ -28,6 +28,7 @@
#include "command-line.h"
#include "compiler.h"
+#include "ct-dpif.h"
#include "dirs.h"
#include "dpctl.h"
#include "dpif.h"
@@ -1241,6 +1242,49 @@ dpctl_list_commands(int argc OVS_UNUSED, const char *argv[] OVS_UNUSED,
return 0;
}
+
+static int
+dpctl_dump_conntrack(int argc, const char *argv[],
+ struct dpctl_params *dpctl_p)
+{
+ struct ct_dpif_dump_state *dump;
+ struct ct_dpif_entry cte;
+ uint16_t zone, *pzone = NULL;
+ struct dpif *dpif;
+ char *name;
+ int error;
+
+ if (argc > 1 && ovs_scan(argv[argc - 1], "zone=%"SCNu16, &zone)) {
+ pzone = &zone;
+ argc--;
+ }
+ name = (argc == 2) ? xstrdup(argv[1]) : get_one_dp(dpctl_p);
+ if (!name) {
+ return EINVAL;
+ }
+ error = parsed_dpif_open(name, false, &dpif);
+ free(name);
+ if (error) {
+ dpctl_error(dpctl_p, error, "opening datapath");
+ return error;
+ }
+
+ ct_dpif_dump_start(dpif, &dump, pzone);
+ while (!ct_dpif_dump_next(dump, &cte)) {
+ struct ds s = DS_EMPTY_INITIALIZER;
+
+ ct_dpif_format_entry(&cte, &s, dpctl_p->verbosity,
+ dpctl_p->print_statistics);
+ ct_dpif_entry_uninit(&cte);
+
+ dpctl_print(dpctl_p, "%s\n", ds_cstr(&s));
+ ds_destroy(&s);
+ }
+ ct_dpif_dump_done(dump);
+ dpif_close(dpif);
+ return error;
+}
+
/* Undocumented commands for unit testing. */
@@ -1519,6 +1563,7 @@ static const struct dpctl_command all_commands[] = {
{ "get-flow", "get-flow [dp] ufid", 1, 2, dpctl_get_flow },
{ "del-flow", "del-flow [dp] flow", 1, 2, dpctl_del_flow },
{ "del-flows", "[dp]", 0, 1, dpctl_del_flows },
+ { "dump-conntrack", "[dp]", 0, 2, dpctl_dump_conntrack },
{ "help", "", 0, INT_MAX, dpctl_help },
{ "list-commands", "", 0, INT_MAX, dpctl_list_commands },
@@ -149,3 +149,27 @@ Fetches the flow from \fIdp\fR's flow table with unique identifier \fIufid\fR.
.
.IP "\*(DX\fBdel\-flows\fR [\fIdp\fR]"
Deletes all flow entries from datapath \fIdp\fR's flow table.
+.SS "CONNECTION TRACKING TABLE DEBUGGING COMMANDS"
+The following commands are primarily useful for debugging the connection
+tracking entries in the datapath.
+.
+.PP
+The \fIdp\fR argument to each of these commands is optional when
+exactly one datapath exists, in which case that datapath is the
+default. When multiple datapaths exist, then a datapath name is
+required.
+.
+.PP
+\fBN.B.\fR(Linux specific): the \fIsystem\fR datapaths (i.e. the Linux
+kernel module Open vSwitch datapaths) share a single connection tracking
+table (which is also used by other kernel subsystems, such as iptables,
+nftables and the regular host stack). Therefore, the following commands
+do not apply specifically to one datapath.
+.
+.TP
+.DO "[\fB\-m\fR | \fB\-\-more\fR] [\fB\-s\fR | \fB\-\-statistics\fR]" "\*(DX\fBdump\-conntrack\fR" "[\fIdp\fR] [\fBzone=\fIzone\fR]"
+Prints to the console all the connection entries in the tracker used by
+\fIdp\fR. If \fBzone=\fIzone\fR is specified, only shows the connections
+in \fBzone\fR. With \fB\-\-more\fR, some implementation specific details
+are included. With \fB\-\-statistics\fR timeouts and timestamps are
+added to the output.
It can be used to inspect the connection tracking entries in the datapath. Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com> --- lib/dpctl.c | 45 +++++++++++++++++++++++++++++++++++++++++++++ lib/dpctl.man | 24 ++++++++++++++++++++++++ 2 files changed, 69 insertions(+)