[ovs-discuss] PATCH does not work

Ashok Chippa a.n.chippa at gmail.com
Wed Feb 4 02:00:35 UTC 2015 

Okay, here it is: I added a flow as shown below, and I expect the ping from
1.1.1.1 to 1.1.1.2 to not work... But the ping goes through... it is not
hitting the flow I added, and I cannot tell which flow it is hitting... as
dump-flows shows only one flow... BTW, dump-tables shows -ve count (there
is a bug there, even though it is not critical)... I'm sure you have bigger
fish to fry... :)    Please see steps 1 through 4 below:

1> ADD FLOW
--------------------

root at ashok-vb:/home/achippa/dispatcher# ovs-ofctl add-flow br-int
table=0,priority=9999,icmp,nw_src=1.1.1.1,nw_dst=1.1.1.2,actions=drop
root at ashok-vb:/home/achippa/dispatcher# ovs-ofctl dump-flows br-int
NXST_FLOW reply (xid=0x4):
 cookie=0x0, duration=8.242s, table=0, n_packets=0, n_bytes=0, idle_age=8,
priority=9999,icmp,nw_src=1.1.1.1,nw_dst=1.1.1.2 actions=drop

2> PING from 1.1.1.1 to 1.1.1.2
------------------------------------------

root at c643cbf36aee:/# !ping
ping -c 7 1.1.1.2
PING 1.1.1.2 (1.1.1.2) 56(84) bytes of data.
64 bytes from 1.1.1.2: icmp_seq=1 ttl=64 time=0.380 ms
64 bytes from 1.1.1.2: icmp_seq=2 ttl=64 time=0.060 ms
64 bytes from 1.1.1.2: icmp_seq=3 ttl=64 time=0.110 ms
64 bytes from 1.1.1.2: icmp_seq=4 ttl=64 time=0.156 ms
64 bytes from 1.1.1.2: icmp_seq=5 ttl=64 time=0.094 ms
64 bytes from 1.1.1.2: icmp_seq=6 ttl=64 time=0.063 ms
64 bytes from 1.1.1.2: icmp_seq=7 ttl=64 time=0.078 ms

--- 1.1.1.2 ping statistics ---
7 packets transmitted, 7 received, 0% packet loss, time 5999ms
rtt min/avg/max/mdev = 0.060/0.134/0.380/0.105 ms

3> TCPDUMP on the interface(s) connected to 1.1.1.1 or 1.1.1.2
--------------------------------------------------------------------------------------

root at ashok-vb:/home/achippa/dispatcher# tcpdump -i dc2911ce73d24_l
tcpdump: WARNING: dc2911ce73d24_l: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on dc2911ce73d24_l, link-type EN10MB (Ethernet), capture size
65535 bytes
17:52:32.682083 IP 1.1.1.1 > 1.1.1.2: ICMP echo request, id 37, seq 1,
length 64
17:52:32.682111 IP 1.1.1.2 > 1.1.1.1: ICMP echo reply, id 37, seq 1, length
64
17:52:33.681082 IP 1.1.1.1 > 1.1.1.2: ICMP echo request, id 37, seq 2,
length 64
17:52:33.681105 IP 1.1.1.2 > 1.1.1.1: ICMP echo reply, id 37, seq 2, length
64
17:52:34.679962 IP 1.1.1.1 > 1.1.1.2: ICMP echo request, id 37, seq 3,
length 64
17:52:34.679990 IP 1.1.1.2 > 1.1.1.1: ICMP echo reply, id 37, seq 3, length
64
17:52:35.679419 IP 1.1.1.1 > 1.1.1.2: ICMP echo request, id 37, seq 4,
length 64
17:52:35.679449 IP 1.1.1.2 > 1.1.1.1: ICMP echo reply, id 37, seq 4, length
64
17:52:36.678597 IP 1.1.1.1 > 1.1.1.2: ICMP echo request, id 37, seq 5,
length 64
17:52:36.678624 IP 1.1.1.2 > 1.1.1.1: ICMP echo reply, id 37, seq 5, length
64
17:52:37.679530 IP 1.1.1.1 > 1.1.1.2: ICMP echo request, id 37, seq 6,
length 64
17:52:37.679561 IP 1.1.1.2 > 1.1.1.1: ICMP echo reply, id 37, seq 6, length
64
17:52:37.682449 ARP, Request who-has 1.1.1.1 tell 1.1.1.2, length 28
17:52:37.682796 ARP, Reply 1.1.1.1 is-at ba:f9:6e:e6:67:82 (oui Unknown),
length 28
17:52:38.678662 IP 1.1.1.1 > 1.1.1.2: ICMP echo request, id 37, seq 7,
length 64
17:52:38.678703 IP 1.1.1.2 > 1.1.1.1: ICMP echo reply, id 37, seq 7, length
64

4> n_packets is 0 on the flow I added
-------------------------------------------------

root at ashok-vb:/home/achippa/dispatcher# ovs-ofctl dump-flows br-int
NXST_FLOW reply (xid=0x4):
 cookie=0x0, duration=387.380s, table=0, n_packets=0, n_bytes=0,
idle_age=387, priority=9999,icmp,nw_src=1.1.1.1,nw_dst=1.1.1.2 actions=drop

You can see, the rule was not hit... which rule is allowing it to go
through? I can't see with any cli command...


On Tue, Feb 3, 2015 at 5:44 PM, Ben Pfaff <blp at nicira.com> wrote:

> So what does all the SHOUTING CAPITAL LETTERS and "THIS IS A BLOCKER FOR
> ME" come from?  It sounds like it's not a blocker for you at all, you're
> just fixated on it.
>
> On Tue, Feb 03, 2015 at 05:30:41PM -0800, Ashok Chippa wrote:
> > It's not actually this I seem to be fixated on... I just want to start
> over
> > (with 0 flows) and add some flows and see them take effect... which this
> > bug seems to be preventing me...or so I think, I could be wrong... My
> > packets seem to be hitting a flow that I am not able to see... Keep in
> > mind, I'm still learning... Even after deleting the flows, this count is
> > persistent... so I think the bookkeeping is wrong somewhere... not a
> > critical bug for sure, as long as it does not prevent normal functions
> from
> > working...
> >
> > On Tue, Feb 3, 2015 at 8:38 AM, Ben Pfaff <blp at nicira.com> wrote:
> >
> > > On Tue, Feb 03, 2015 at 12:06:43AM -0800, Ashok Chippa wrote:
> > > > Compiled the patch in and re-installed the .ko:
> > > >
> > > > STILL SEE THIS:
> > > >
> > > > root at ashok-vb:/home/achippa/openvswitch-2.3.0# ovs-ofctl del-flows
> > > br-int
> > > > root at ashok-vb:/home/achippa/openvswitch-2.3.0# ovs-ofctl dump-flows
> > > br-int
> > > > NXST_FLOW reply (xid=0x4):
> > > > root at ashok-vb:/home/achippa/openvswitch-2.3.0# ovs-ofctl dump-tables
> > > br-int
> > > > OFPST_TABLE reply (xid=0x2): 254 tables
> > > >   0: classifier: wild=0x3fffff, max=1000000, active=10
>  <<<<============
> > > > STILL!!!
> > > >                lookup=0, matched=0
> > > >   1: table1  : wild=0x3fffff, max=1000000, active=0
> > > >                lookup=0, matched=0
> > > > ...
> > > >
> > > > I JUST CAN'T GET RID OF the ACTIVE_COUNT of 10!!! in dump-tables
> output:
> > >
> > > Why are you so fixated on this?
> > >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://openvswitch.org/pipermail/ovs-discuss/attachments/20150203/c26cf20d/attachment-0002.html>

More information about the discuss mailing list