[ovs-discuss] conntrack marks in ovs not showing up

Joe Stringer joestringer at nicira.com
Fri Sep 18 04:18:41 UTC 2015


On 15 September 2015 at 23:54, Ben Warren <ben at skyportsystems.com> wrote:
> Hi,
>
> I’m working off Justin Pettit’s ‘conntrack’ tree @ https://github.com/justinpettit/ovs/tree/conntrack, and can’t seem to get marks to work.
>
> Here’s an example of a flow (FTP server)
>
> ===
> ovs-ofctl add-flow br0 "table=3,cookie=0xb0b,priority=32000,ct_state=+new+trk,tcp,tp_dst=21 actions=ct(commit,alg=ftp,zone=2),resubmit(,4),set_field:9->ct_mark”
> ===
>
> which I believe should set the conntrack mark to 9 on packets that meet the match criteria
>
> When I connect via FTP and use the conntrack command line, I see the flow, but no sign of the mark:
>
> ===
> # conntrack -E | grep 237
>     [NEW] tcp      6 120 SYN_SENT src=10.99.0.17 dst=10.11.10.237 sport=54154 dport=21 [UNREPLIED] src=10.11.10.237 dst=10.99.0.17 sport=21 dport=54154 zone=2 helper=ftp
> ===
>
> My kernel is pretty vanilla, but marks definitely are seen when set via iptables.  Does it need to be patched to support marks coming from OVS?

The "ct_mark" tests in the testsuite have some examples, perhaps they
might help?
https://github.com/justinpettit/ovs/blob/conntrack/tests/system-traffic.at#L479

Do you see anything relevant in the logs?

Are you seeing packets hit the OpenFlow flows that you expect?

The datapath flows may also provide some insight.



More information about the discuss mailing list