[ovs-discuss] another bug?
Ashok Chippa
a.n.chippa at gmail.com
Wed Feb 4 01:19:08 UTC 2015
Thank you...
root at ashok-vb:/home/achippa/dispatcher# ovs-ofctl dump-flows br-int
NXST_FLOW reply (xid=0x4):
cookie=0x0, duration=176.280s, table=0, n_packets=0, n_bytes=0,
idle_age=176, priority=9999,ip,nw_src=1.1.1.1,nw_dst=1.1.1.2 actions=drop
On Tue, Feb 3, 2015 at 8:37 AM, Ben Pfaff <blp at nicira.com> wrote:
> On Tue, Feb 03, 2015 at 01:20:48AM -0800, Ashok Chippa wrote:
> > I added a flow to table0, but the flow is not shown correctly... Is this
> a
> > bug?
> >
> > root at ashok-vb:/home/achippa/openvswitch-2.3.0# ovs-ofctl del-flows
> br-int
> > root at ashok-vb:/home/achippa/openvswitch-2.3.0# ovs-ofctl dump-flows
> br-int
> > NXST_FLOW reply (xid=0x4):
> > root at ashok-vb:/home/achippa/openvswitch-2.3.0#
> > root at ashok-vb:/home/achippa/openvswitch-2.3.0#
> > root at ashok-vb:/home/achippa/openvswitch-2.3.0#
> > root at ashok-vb:/home/achippa/openvswitch-2.3.0# ovs-ofctl add-flow br-int
> > table=0,priority=9999,nw_src=1.1.1.1,nw_dst=1.1.1.2,actions=DROP
> > 2015-02-03T09:14:06Z|00001|ofp_util|INFO|normalization changed ofp_match,
> > details:
> > 2015-02-03T09:14:06Z|00002|ofp_util|INFO| pre:
> nw_src=1.1.1.1,nw_dst=1.1.1.2
> > 2015-02-03T09:14:06Z|00003|ofp_util|INFO|post:
> > root at ashok-vb:/home/achippa/openvswitch-2.3.0# ovs-ofctl dump-flows
> br-int
> > NXST_FLOW reply (xid=0x4):
> > cookie=0x0, duration=8.642s, table=0, n_packets=0, n_bytes=0,
> idle_age=8,
> > priority=9999 actions=drop
> >
> > I ping 1.1.1.2 from 1.1.1.1 and the traffic passes through...!! What am I
> > missing?
>
> Please read the FAQ.
>
> ### Q: I ran "ovs-ofctl add-flow br0 nw_dst=192.168.0.1,actions=drop"
> but I got a funny message like this:
>
> ofp_util|INFO|normalization changed ofp_match, details:
> ofp_util|INFO| pre: nw_dst=192.168.0.1
> ofp_util|INFO|post:
>
> and when I ran "ovs-ofctl dump-flows br0" I saw that my nw_dst
> match had disappeared, so that the flow ends up matching every
> packet.
>
> A: The term "normalization" in the log message means that a flow
> cannot match on an L3 field without saying what L3 protocol is in
> use. The "ovs-ofctl" command above didn't specify an L3 protocol,
> so the L3 field match was dropped.
>
> In this case, the L3 protocol could be IP or ARP. A correct
> command for each possibility is, respectively:
>
> ovs-ofctl add-flow br0 ip,nw_dst=192.168.0.1,actions=drop
>
> and
>
> ovs-ofctl add-flow br0 arp,nw_dst=192.168.0.1,actions=drop
>
> Similarly, a flow cannot match on an L4 field without saying what
> L4 protocol is in use. For example, the flow match "tp_src=1234"
> is, by itself, meaningless and will be ignored. Instead, to match
> TCP source port 1234, write "tcp,tp_src=1234", or to match UDP
> source port 1234, write "udp,tp_src=1234".
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://openvswitch.org/pipermail/ovs-discuss/attachments/20150203/6acfaa6b/attachment-0002.html>
More information about the discuss
mailing list