I noticed that by default the openvswitch kernel module will forward an
incoming packet out on all ports.
I tried to overwrite this by introducing a controller that should drop
all packets.
But I didn't get it to work. Could anyone please let me know what I
missed here?

>From the screen output below you can see that there is a packet arrived
on port1 and is still being forwarded out on port 2 and 0.
The ovs-dpctl show a missed but the ovs-ofctl show a match.
Is this something to do with the actions=NORMAL? And how do I change it?

Below is how I setup my openvswitch and the controller:

insmod datapath/linux/openvswitch_mod.ko
ovsdb-tool create /usr/local/etc/openvswitch/conf.db
ovsdb-server --remote=punix:/usr/local/var/run/openvswitch/db.sock
--remote=db:Open_vSwitch,manager_options --pidfile --detach
ovs-vsctl --no-wait init
ovs-vswitchd --pidfile --detach
ovs-vsctl add-br br0
ovs-vsctl add-port br0 eth4
ovs-vsctl add-port br0 eth5
touch /usr/local/var/run/openvswitch/controller.sock
ovs-controller --noflow --pidfile --detach
ovs-vsctl set-controller br0

Here is the screen output:

host1:/# ovs-ofctl dump-flows br0
NXST_FLOW reply (xid=0x4):
 cookie=0x0, duration=12512.233s, table=0, n_packets=0, n_bytes=0,
priority=0 actions=NORMAL

host1:/# ovs-dpctl dump-flows br0
packets:0, bytes:0, used:never, actions:2,0

host1:/# ovs-dpctl show br0
system at br0:
    lookups: hit:0 missed:7 lost:0
    flows: 0
    port 0: br0 (internal)
    port 1: eth4
    port 2: eth5

host1:/# ovs-ofctl dump-tables br0
OFPST_TABLE reply (xid=0x1): 255 tables
  0: classifier: wild=0x3fffff, max=1000000, active=1
               lookup=7, matched=7

Best regards,
Voravit T.

