[ovs-dev] set_field:222->pkt_mark does not take effect

Ben Pfaff blp at nicira.com
Wed Sep 17 21:00:37 UTC 2014


As it turns out, when output goes through a tunnel, the pkt_mark comes
from the tunnel configuration.  Currently, OVS forces it to 1 for IPSEC
tunnel traffic and 0 for other tunnel traffic.  This could be changed,
and it probably should, because it is surprising, but this is the first
that I've noticed this interaction.

On Wed, Sep 17, 2014 at 11:32:20AM -0700, Ben Pfaff wrote:
> OK, this may be a bug.  I'll try to investigate soon.
> 
> On Wed, Sep 17, 2014 at 11:53:16PM +0530, Nirmalanand Jebakumar wrote:
> > Hi Ben,
> > 
> > The ovs-dpctl command output does not show any skb_mark being set for the
> > datapath flow:
> > 
> > # ovs-dpctl dump-flows
> > skb_priority(0),in_port(4),eth(src=52:54:00:74:f9:41,dst=52:54:00:aa:93:9e),eth_type(0x0800),ipv4(src=
> > 2.2.2.3/255.255.255.255,dst=2.2.2.2/255.255.255.255,proto=1/0xff,tos=0/0x3,ttl=64/0,frag=no/0xff),icmp(type=8,code=0),
> > packets:3499, bytes:342902, used:0.571s,
> > actions:set(tunnel(tun_id=0xde,src=0.0.0.0,dst=1.1.1.128,tos=0x0,ttl=64,flags(df,key))),2
> > 
> > 
> > Regards,
> > Nirmal
> > 
> > On Wed, Sep 17, 2014 at 10:50 PM, Ben Pfaff <blp at nicira.com> wrote:
> > 
> > > On Wed, Sep 17, 2014 at 05:12:20PM +0530, Nirmalanand Jebakumar wrote:
> > > > In this link below, I read that pkt_mark is supported as a MATCH field.
> > > > Does OVS support pkt_mark as a SET action?
> > >
> > > Yes.
> > >
> > > > The command I ran is
> > > > /usr/bin/ovs-ofctl add-flow -O Openflow13 br0 "
> > > > hard_timeout=3600,idle_timeout=30,table=1,priority=10,cookie=2,in_port=3,
> > > >
> > > dl_type=0x800,nw_dst=2.2.2.2,dl_dst=52:54:00:aa:93:9e,actions=set_tunnel:222,
> > > > set_field:1.1.1.128->tun_dst,set_field:222->pkt_mark,output:1"
> > > >
> > > > No errors were seen with the CLI and I see packet count getting
> > > incremented
> > > > for the flow in the dump-flows output:
> > > > cookie=2, duration=33.059s, table=1, n_packets=34, n_bytes=3332,
> > > > idle_timeout=30, hard_timeout=3600,
> > > > priority=10,ip,in_port=3,dl_dst=52:54:00:aa:93:9e,nw_dst=2.2.2.2
> > > > actions=set_tunnel:0xde,load:0x1010180->NXM_NX_TUN_IPV4_DST[],
> > > > load:0xde->NXM_NX_PKT_MARK[],output:1
> > > >
> > > > Later, set the ToS & CoS using iptables command:
> > > > iptables -I POSTROUTING -o eth1.1 -m mark --mark 222 -t mangle -j TOS
> > > > --set-tos 104
> > > >
> > > > iptables -I POSTROUTING -o eth1.1 -m mark --mark 222  -t mangle -j
> > > CLASSIFY
> > > > --set-class 0:2
> > > >
> > > > But in the final packet, I do not notice any ToS/CoS values set?
> > >
> > > This is a situation where looking at the generated kernel datapath flows
> > > would be helpful.  In your above setup, please run "ovs-dpctl
> > > dump-flows" while packets are passing through the flow, and look for
> > > datapath flows that correspond to the OpenFlow flows above.  Do the
> > > datapath flows show pkt_mark (or skb_mark) being set?
> > >



More information about the dev mailing list