From dffae65fea4deb9e8ce157bf30f7ffa3479bef49 Mon Sep 17 00:00:00 2001
From: Daniele Di Proietto <diproiettod@vmware.com>
Date: Wed, 28 Oct 2015 11:38:00 -0700
Subject: [PATCH] dpctl: Add 'conntrack-dump' command.

It can be used to inspect the connection tracking entries in the
datapath.

Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com>
Acked-by: Joe Stringer <joe@ovn.org>
---
 lib/dpctl.c           | 51 +++++++++++++++++++++++++++++++++++++++++++
 lib/dpctl.man         | 24 ++++++++++++++++++++
 utilities/ovs-dpctl.c |  1 +
 3 files changed, 76 insertions(+)

diff --git a/lib/dpctl.c b/lib/dpctl.c
index 26de23fff..7d3a95871 100644
--- a/lib/dpctl.c
+++ b/lib/dpctl.c
@@ -28,6 +28,7 @@
 
 #include "command-line.h"
 #include "compiler.h"
+#include "ct-dpif.h"
 #include "dirs.h"
 #include "dpctl.h"
 #include "dpif.h"
@@ -1241,6 +1242,55 @@ dpctl_list_commands(int argc OVS_UNUSED, const char *argv[] OVS_UNUSED,
 
     return 0;
 }
+
+static int
+dpctl_dump_conntrack(int argc, const char *argv[],
+                     struct dpctl_params *dpctl_p)
+{
+    struct ct_dpif_dump_state *dump;
+    struct ct_dpif_entry cte;
+    uint16_t zone, *pzone = NULL;
+    struct dpif *dpif;
+    char *name;
+    int error;
+
+    if (argc > 1 && ovs_scan(argv[argc - 1], "zone=%"SCNu16, &zone)) {
+        pzone = &zone;
+        argc--;
+    }
+    name = (argc == 2) ? xstrdup(argv[1]) : get_one_dp(dpctl_p);
+    if (!name) {
+        return EINVAL;
+    }
+    error = parsed_dpif_open(name, false, &dpif);
+    free(name);
+    if (error) {
+        dpctl_error(dpctl_p, error, "opening datapath");
+        return error;
+    }
+
+    error = ct_dpif_dump_start(dpif, &dump, pzone);
+    if (error) {
+        dpctl_error(dpctl_p, error, "starting conntrack dump");
+        dpif_close(dpif);
+        return error;
+    }
+
+    while (!ct_dpif_dump_next(dump, &cte)) {
+        struct ds s = DS_EMPTY_INITIALIZER;
+
+        ct_dpif_format_entry(&cte, &s, dpctl_p->verbosity,
+                             dpctl_p->print_statistics);
+        ct_dpif_entry_uninit(&cte);
+
+        dpctl_print(dpctl_p, "%s\n", ds_cstr(&s));
+        ds_destroy(&s);
+    }
+    ct_dpif_dump_done(dump);
+    dpif_close(dpif);
+    return error;
+}
+
 
 /* Undocumented commands for unit testing. */
 
@@ -1519,6 +1569,7 @@ static const struct dpctl_command all_commands[] = {
     { "get-flow", "get-flow [dp] ufid", 1, 2, dpctl_get_flow },
     { "del-flow", "del-flow [dp] flow", 1, 2, dpctl_del_flow },
     { "del-flows", "[dp]", 0, 1, dpctl_del_flows },
+    { "dump-conntrack", "[dp] [zone=N]", 0, 2, dpctl_dump_conntrack },
     { "help", "", 0, INT_MAX, dpctl_help },
     { "list-commands", "", 0, INT_MAX, dpctl_list_commands },
 
diff --git a/lib/dpctl.man b/lib/dpctl.man
index 8b0fcfe34..54c3e8efe 100644
--- a/lib/dpctl.man
+++ b/lib/dpctl.man
@@ -149,3 +149,27 @@ Fetches the flow from \fIdp\fR's flow table with unique identifier \fIufid\fR.
 .
 .IP "\*(DX\fBdel\-flows\fR [\fIdp\fR]"
 Deletes all flow entries from datapath \fIdp\fR's flow table.
+.SS "CONNECTION TRACKING TABLE DEBUGGING COMMANDS"
+The following commands are primarily useful for debugging the connection
+tracking entries in the datapath.
+.
+.PP
+The \fIdp\fR argument to each of these commands is optional when
+exactly one datapath exists, in which case that datapath is the
+default.  When multiple datapaths exist, then a datapath name is
+required.
+.
+.PP
+\fBN.B.\fR(Linux specific): the \fIsystem\fR datapaths (i.e. the Linux
+kernel module Open vSwitch datapaths) share a single connection tracking
+table (which is also used by other kernel subsystems, such as iptables,
+nftables and the regular host stack).  Therefore, the following commands
+do not apply specifically to one datapath.
+.
+.TP
+.DO "[\fB\-m\fR | \fB\-\-more\fR] [\fB\-s\fR | \fB\-\-statistics\fR]" "\*(DX\fBdump\-conntrack\fR" "[\fIdp\fR] [\fBzone=\fIzone\fR]"
+Prints to the console all the connection entries in the tracker used by
+\fIdp\fR.  If \fBzone=\fIzone\fR is specified, only shows the connections
+in \fBzone\fR.  With \fB\-\-more\fR, some implementation specific details
+are included. With \fB\-\-statistics\fR timeouts and timestamps are
+added to the output.
diff --git a/utilities/ovs-dpctl.c b/utilities/ovs-dpctl.c
index c43066d26..a0e4aea4d 100644
--- a/utilities/ovs-dpctl.c
+++ b/utilities/ovs-dpctl.c
@@ -171,6 +171,7 @@ usage(void *userdata OVS_UNUSED)
            "  get-flow [DP] ufid:UFID    fetch flow corresponding to UFID\n"
            "  del-flow [DP] FLOW         delete FLOW from DP\n"
            "  del-flows [DP]             delete all flows from DP\n"
+           "  dump-conntrack [DP]        display conntrack entries\n"
            "Each IFACE on add-dp, add-if, and set-if may be followed by\n"
            "comma-separated options.  See ovs-dpctl(8) for syntax, or the\n"
            "Interface table in ovs-vswitchd.conf.db(5) for an options list.\n"
-- 
2.20.1