2. Conntrack Library

2.1. Introduction

DAO-Conntrack is a high-performance, DPDK-based connection tracking library. It is a user-space library built on top of DPDK (Data Plane Development Kit) that replicates and extends the functionality of the Linux kernel’s Conntrack (Connection Tracking) subsystem. It monitors the state of network connections (e.g., TCP, ICMP) by maintaining a connection table in memory. Designed for fast packet processing, DAO-Conntrack enables stateful inspection, and advanced traffic filtering at scale. Its DPDK-based architecture ensures low-latency, high-throughput connection tracking suitable for modern, cloud-native, and data center environments.

2.2. What it does

DAO Conntrack is a stateful packet processing engine that:

• Tracks network connections (TCP, ICMP, etc.) in both directions.

• Maintains a hash-based connection table with fast lookups.

• Uses RCU (Read-Copy-Update) for safe, lock-free memory reclamation.

• Periodically cleans up expired connections in a background thread.

• Provides real-time statistics and connection dumps for observability.

2.3. How to use it

2.3.1. Initialization

Call dao_conntrack_init() during application startup.

dao_conntrack_init(&qsbr_obj);

2.3.2. Packet Processing

For each burst of packets:

dao_conntrack_execute(pkts, num_pkts, commit);

• pkts: Array of rte_mbuf*.

• commit: Whether to commit new connections to the table.

2.3.3. Connection Cleanup

Runs automatically in a background thread every ~200ms. You can also trigger it manually.

conn_cleanup();

2.3.4. Shutdown

Call dao_conntrack_fini() to clean up.

dao_conntrack_fini();

2.3.5. Debugging & Monitoring

Dump active connections:

dao_conntrack_dump();

Dump statistics:

dao_conntrack_stats_dump();