Okay, here it is: I added a flow as shown below, and I expect the ping from 1.1.1.1 to 1.1.1.2 to not work... But the ping goes through... it is not hitting the flow I added, and I cannot tell which flow it is hitting... as dump-flows shows only one flow... BTW, dump-tables shows -ve count (there is a bug there, even though it is not critical)... I'm sure you have bigger fish to fry... :) Please see steps 1 through 4 below:
1> ADD FLOW -------------------- root@ashok-vb:/home/achippa/dispatcher# ovs-ofctl add-flow br-int table=0,priority=9999,icmp,nw_src=1.1.1.1,nw_dst=1.1.1.2,actions=drop root@ashok-vb:/home/achippa/dispatcher# ovs-ofctl dump-flows br-int NXST_FLOW reply (xid=0x4): cookie=0x0, duration=8.242s, table=0, n_packets=0, n_bytes=0, idle_age=8, priority=9999,icmp,nw_src=1.1.1.1,nw_dst=1.1.1.2 actions=drop 2> PING from 1.1.1.1 to 1.1.1.2 ------------------------------------------ root@c643cbf36aee:/# !ping ping -c 7 1.1.1.2 PING 1.1.1.2 (1.1.1.2) 56(84) bytes of data. 64 bytes from 1.1.1.2: icmp_seq=1 ttl=64 time=0.380 ms 64 bytes from 1.1.1.2: icmp_seq=2 ttl=64 time=0.060 ms 64 bytes from 1.1.1.2: icmp_seq=3 ttl=64 time=0.110 ms 64 bytes from 1.1.1.2: icmp_seq=4 ttl=64 time=0.156 ms 64 bytes from 1.1.1.2: icmp_seq=5 ttl=64 time=0.094 ms 64 bytes from 1.1.1.2: icmp_seq=6 ttl=64 time=0.063 ms 64 bytes from 1.1.1.2: icmp_seq=7 ttl=64 time=0.078 ms --- 1.1.1.2 ping statistics --- 7 packets transmitted, 7 received, 0% packet loss, time 5999ms rtt min/avg/max/mdev = 0.060/0.134/0.380/0.105 ms 3> TCPDUMP on the interface(s) connected to 1.1.1.1 or 1.1.1.2 -------------------------------------------------------------------------------------- root@ashok-vb:/home/achippa/dispatcher# tcpdump -i dc2911ce73d24_l tcpdump: WARNING: dc2911ce73d24_l: no IPv4 address assigned tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on dc2911ce73d24_l, link-type EN10MB (Ethernet), capture size 65535 bytes 17:52:32.682083 IP 1.1.1.1 > 1.1.1.2: ICMP echo request, id 37, seq 1, length 64 17:52:32.682111 IP 1.1.1.2 > 1.1.1.1: ICMP echo reply, id 37, seq 1, length 64 17:52:33.681082 IP 1.1.1.1 > 1.1.1.2: ICMP echo request, id 37, seq 2, length 64 17:52:33.681105 IP 1.1.1.2 > 1.1.1.1: ICMP echo reply, id 37, seq 2, length 64 17:52:34.679962 IP 1.1.1.1 > 1.1.1.2: ICMP echo request, id 37, seq 3, length 64 17:52:34.679990 IP 1.1.1.2 > 1.1.1.1: ICMP echo reply, id 37, seq 3, length 64 17:52:35.679419 IP 1.1.1.1 > 1.1.1.2: ICMP echo request, id 37, seq 4, length 64 17:52:35.679449 IP 1.1.1.2 > 1.1.1.1: ICMP echo reply, id 37, seq 4, length 64 17:52:36.678597 IP 1.1.1.1 > 1.1.1.2: ICMP echo request, id 37, seq 5, length 64 17:52:36.678624 IP 1.1.1.2 > 1.1.1.1: ICMP echo reply, id 37, seq 5, length 64 17:52:37.679530 IP 1.1.1.1 > 1.1.1.2: ICMP echo request, id 37, seq 6, length 64 17:52:37.679561 IP 1.1.1.2 > 1.1.1.1: ICMP echo reply, id 37, seq 6, length 64 17:52:37.682449 ARP, Request who-has 1.1.1.1 tell 1.1.1.2, length 28 17:52:37.682796 ARP, Reply 1.1.1.1 is-at ba:f9:6e:e6:67:82 (oui Unknown), length 28 17:52:38.678662 IP 1.1.1.1 > 1.1.1.2: ICMP echo request, id 37, seq 7, length 64 17:52:38.678703 IP 1.1.1.2 > 1.1.1.1: ICMP echo reply, id 37, seq 7, length 64 4> n_packets is 0 on the flow I added ------------------------------------------------- root@ashok-vb:/home/achippa/dispatcher# ovs-ofctl dump-flows br-int NXST_FLOW reply (xid=0x4): cookie=0x0, duration=387.380s, table=0, n_packets=0, n_bytes=0, idle_age=387, priority=9999,icmp,nw_src=1.1.1.1,nw_dst=1.1.1.2 actions=drop You can see, the rule was not hit... which rule is allowing it to go through? I can't see with any cli command... On Tue, Feb 3, 2015 at 5:44 PM, Ben Pfaff <b...@nicira.com> wrote: > So what does all the SHOUTING CAPITAL LETTERS and "THIS IS A BLOCKER FOR > ME" come from? It sounds like it's not a blocker for you at all, you're > just fixated on it. > > On Tue, Feb 03, 2015 at 05:30:41PM -0800, Ashok Chippa wrote: > > It's not actually this I seem to be fixated on... I just want to start > over > > (with 0 flows) and add some flows and see them take effect... which this > > bug seems to be preventing me...or so I think, I could be wrong... My > > packets seem to be hitting a flow that I am not able to see... Keep in > > mind, I'm still learning... Even after deleting the flows, this count is > > persistent... so I think the bookkeeping is wrong somewhere... not a > > critical bug for sure, as long as it does not prevent normal functions > from > > working... > > > > On Tue, Feb 3, 2015 at 8:38 AM, Ben Pfaff <b...@nicira.com> wrote: > > > > > On Tue, Feb 03, 2015 at 12:06:43AM -0800, Ashok Chippa wrote: > > > > Compiled the patch in and re-installed the .ko: > > > > > > > > STILL SEE THIS: > > > > > > > > root@ashok-vb:/home/achippa/openvswitch-2.3.0# ovs-ofctl del-flows > > > br-int > > > > root@ashok-vb:/home/achippa/openvswitch-2.3.0# ovs-ofctl dump-flows > > > br-int > > > > NXST_FLOW reply (xid=0x4): > > > > root@ashok-vb:/home/achippa/openvswitch-2.3.0# ovs-ofctl dump-tables > > > br-int > > > > OFPST_TABLE reply (xid=0x2): 254 tables > > > > 0: classifier: wild=0x3fffff, max=1000000, active=10 > <<<<============ > > > > STILL!!! > > > > lookup=0, matched=0 > > > > 1: table1 : wild=0x3fffff, max=1000000, active=0 > > > > lookup=0, matched=0 > > > > ... > > > > > > > > I JUST CAN'T GET RID OF the ACTIVE_COUNT of 10!!! in dump-tables > output: > > > > > > Why are you so fixated on this? > > > >
_______________________________________________ discuss mailing list discuss@openvswitch.org http://openvswitch.org/mailman/listinfo/discuss
