Are the packets going through your bridge at all? What do "ovs-dpctl show" and "ovs-vsctl show" print? How about "ifconfig"?
On Tue, Feb 03, 2015 at 06:00:35PM -0800, Ashok Chippa wrote: > Okay, here it is: I added a flow as shown below, and I expect the ping from > 1.1.1.1 to 1.1.1.2 to not work... But the ping goes through... it is not > hitting the flow I added, and I cannot tell which flow it is hitting... as > dump-flows shows only one flow... BTW, dump-tables shows -ve count (there > is a bug there, even though it is not critical)... I'm sure you have bigger > fish to fry... :) Please see steps 1 through 4 below: > > 1> ADD FLOW > -------------------- > > root@ashok-vb:/home/achippa/dispatcher# ovs-ofctl add-flow br-int > table=0,priority=9999,icmp,nw_src=1.1.1.1,nw_dst=1.1.1.2,actions=drop > root@ashok-vb:/home/achippa/dispatcher# ovs-ofctl dump-flows br-int > NXST_FLOW reply (xid=0x4): > cookie=0x0, duration=8.242s, table=0, n_packets=0, n_bytes=0, idle_age=8, > priority=9999,icmp,nw_src=1.1.1.1,nw_dst=1.1.1.2 actions=drop > > 2> PING from 1.1.1.1 to 1.1.1.2 > ------------------------------------------ > > root@c643cbf36aee:/# !ping > ping -c 7 1.1.1.2 > PING 1.1.1.2 (1.1.1.2) 56(84) bytes of data. > 64 bytes from 1.1.1.2: icmp_seq=1 ttl=64 time=0.380 ms > 64 bytes from 1.1.1.2: icmp_seq=2 ttl=64 time=0.060 ms > 64 bytes from 1.1.1.2: icmp_seq=3 ttl=64 time=0.110 ms > 64 bytes from 1.1.1.2: icmp_seq=4 ttl=64 time=0.156 ms > 64 bytes from 1.1.1.2: icmp_seq=5 ttl=64 time=0.094 ms > 64 bytes from 1.1.1.2: icmp_seq=6 ttl=64 time=0.063 ms > 64 bytes from 1.1.1.2: icmp_seq=7 ttl=64 time=0.078 ms > > --- 1.1.1.2 ping statistics --- > 7 packets transmitted, 7 received, 0% packet loss, time 5999ms > rtt min/avg/max/mdev = 0.060/0.134/0.380/0.105 ms > > 3> TCPDUMP on the interface(s) connected to 1.1.1.1 or 1.1.1.2 > -------------------------------------------------------------------------------------- > > root@ashok-vb:/home/achippa/dispatcher# tcpdump -i dc2911ce73d24_l > tcpdump: WARNING: dc2911ce73d24_l: no IPv4 address assigned > tcpdump: verbose output suppressed, use -v or -vv for full protocol decode > listening on dc2911ce73d24_l, link-type EN10MB (Ethernet), capture size > 65535 bytes > 17:52:32.682083 IP 1.1.1.1 > 1.1.1.2: ICMP echo request, id 37, seq 1, > length 64 > 17:52:32.682111 IP 1.1.1.2 > 1.1.1.1: ICMP echo reply, id 37, seq 1, length > 64 > 17:52:33.681082 IP 1.1.1.1 > 1.1.1.2: ICMP echo request, id 37, seq 2, > length 64 > 17:52:33.681105 IP 1.1.1.2 > 1.1.1.1: ICMP echo reply, id 37, seq 2, length > 64 > 17:52:34.679962 IP 1.1.1.1 > 1.1.1.2: ICMP echo request, id 37, seq 3, > length 64 > 17:52:34.679990 IP 1.1.1.2 > 1.1.1.1: ICMP echo reply, id 37, seq 3, length > 64 > 17:52:35.679419 IP 1.1.1.1 > 1.1.1.2: ICMP echo request, id 37, seq 4, > length 64 > 17:52:35.679449 IP 1.1.1.2 > 1.1.1.1: ICMP echo reply, id 37, seq 4, length > 64 > 17:52:36.678597 IP 1.1.1.1 > 1.1.1.2: ICMP echo request, id 37, seq 5, > length 64 > 17:52:36.678624 IP 1.1.1.2 > 1.1.1.1: ICMP echo reply, id 37, seq 5, length > 64 > 17:52:37.679530 IP 1.1.1.1 > 1.1.1.2: ICMP echo request, id 37, seq 6, > length 64 > 17:52:37.679561 IP 1.1.1.2 > 1.1.1.1: ICMP echo reply, id 37, seq 6, length > 64 > 17:52:37.682449 ARP, Request who-has 1.1.1.1 tell 1.1.1.2, length 28 > 17:52:37.682796 ARP, Reply 1.1.1.1 is-at ba:f9:6e:e6:67:82 (oui Unknown), > length 28 > 17:52:38.678662 IP 1.1.1.1 > 1.1.1.2: ICMP echo request, id 37, seq 7, > length 64 > 17:52:38.678703 IP 1.1.1.2 > 1.1.1.1: ICMP echo reply, id 37, seq 7, length > 64 > > 4> n_packets is 0 on the flow I added > ------------------------------------------------- > > root@ashok-vb:/home/achippa/dispatcher# ovs-ofctl dump-flows br-int > NXST_FLOW reply (xid=0x4): > cookie=0x0, duration=387.380s, table=0, n_packets=0, n_bytes=0, > idle_age=387, priority=9999,icmp,nw_src=1.1.1.1,nw_dst=1.1.1.2 actions=drop > > You can see, the rule was not hit... which rule is allowing it to go > through? I can't see with any cli command... > > > On Tue, Feb 3, 2015 at 5:44 PM, Ben Pfaff <b...@nicira.com> wrote: > > > So what does all the SHOUTING CAPITAL LETTERS and "THIS IS A BLOCKER FOR > > ME" come from? It sounds like it's not a blocker for you at all, you're > > just fixated on it. > > > > On Tue, Feb 03, 2015 at 05:30:41PM -0800, Ashok Chippa wrote: > > > It's not actually this I seem to be fixated on... I just want to start > > over > > > (with 0 flows) and add some flows and see them take effect... which this > > > bug seems to be preventing me...or so I think, I could be wrong... My > > > packets seem to be hitting a flow that I am not able to see... Keep in > > > mind, I'm still learning... Even after deleting the flows, this count is > > > persistent... so I think the bookkeeping is wrong somewhere... not a > > > critical bug for sure, as long as it does not prevent normal functions > > from > > > working... > > > > > > On Tue, Feb 3, 2015 at 8:38 AM, Ben Pfaff <b...@nicira.com> wrote: > > > > > > > On Tue, Feb 03, 2015 at 12:06:43AM -0800, Ashok Chippa wrote: > > > > > Compiled the patch in and re-installed the .ko: > > > > > > > > > > STILL SEE THIS: > > > > > > > > > > root@ashok-vb:/home/achippa/openvswitch-2.3.0# ovs-ofctl del-flows > > > > br-int > > > > > root@ashok-vb:/home/achippa/openvswitch-2.3.0# ovs-ofctl dump-flows > > > > br-int > > > > > NXST_FLOW reply (xid=0x4): > > > > > root@ashok-vb:/home/achippa/openvswitch-2.3.0# ovs-ofctl dump-tables > > > > br-int > > > > > OFPST_TABLE reply (xid=0x2): 254 tables > > > > > 0: classifier: wild=0x3fffff, max=1000000, active=10 > > <<<<============ > > > > > STILL!!! > > > > > lookup=0, matched=0 > > > > > 1: table1 : wild=0x3fffff, max=1000000, active=0 > > > > > lookup=0, matched=0 > > > > > ... > > > > > > > > > > I JUST CAN'T GET RID OF the ACTIVE_COUNT of 10!!! in dump-tables > > output: > > > > > > > > Why are you so fixated on this? > > > > > > _______________________________________________ discuss mailing list discuss@openvswitch.org http://openvswitch.org/mailman/listinfo/discuss
