[ovs-discuss] [Potential Spoof] Discrepancy between ofproto/trace output and dpctl dump-flows output

Amar Padmanabhan amarpadmanabhan at fb.com
Wed Dec 6 06:38:23 UTC 2017


oh, I think I remember that output to slow_path doesn’t show up in the ofproto/trace. Don’t remember why though
- Amar

From: <ovs-discuss-bounces at openvswitch.org> on behalf of Amar Padmanabhan <amarpadmanabhan at fb.com>
Date: Tuesday, December 5, 2017 at 9:59 PM
To: "ovs-discuss at openvswitch.org" <ovs-discuss at openvswitch.org>, Ben Pfaff <blp at ovn.org>
Cc: Jacky Tian <xjtian at fb.com>
Subject: [Potential Spoof] [ovs-discuss] Discrepancy between ofproto/trace output and dpctl dump-flows output

Hi,
We are debugging a setup and are seeing something that we are finding it hard to explain.

1 - Here is the ovs-dpctl dump-flows output.
recirc_id(0),in_port(3),eth_type(0x0800),ipv4(dst=192.168.128.0/255.255.255.0,frag=no), packets:550, bytes:53900, used:0.364s, actions:userspace(pid=3276048382,slow_path(controller))

2 - We are now trying to trace this flow and are not seeing the output to controller flow getting hit in the trace.
sudo ovs-appctl ofproto/trace "in_port(3),eth_type(0x0800),ipv4(dst=192.168.128.0/255.255.255.0,frag=no)"
Flow: packet_type=(1,0x800),in_port=32770,nw_src=0.0.0.0,nw_dst=192.168.128.0,nw_proto=0,nw_tos=0,nw_ecn=0,nw_ttl=0
bridge("gtp_br0")
-----------------
0. priority 0 resubmit(,1)
1. in_port=32770, priority 10 set_field:0->metadata resubmit(,2)
2. priority 0 resubmit(,3)
3. No match. drop Final flow: unchanged Megaflow: recirc_id=0,packet_type=(1,0x800),in_port=32770,nw_frag=no Datapath actions: drop ---> Why isn’t the output to controller flow getting hit?


3 - We are also seeing the flow counts go up for the output to controller flow per the ofctl dump-flows output (pasting relevant flows)

NXST_FLOW reply (xid=0x4): cookie=0x0, duration=1482.245s, table=0, n_packets=1408, n_bytes=148464, idle_age=1, priority=0 actions=resubmit(,1)
cookie=0x0, duration=1482.244s, table=1, n_packets=1283, n_bytes=123662, idle_age=1, priority=10,in_port=32770 actions=set_field:0->metadata,resubmit(,2)
cookie=0x0, duration=1482.244s, table=2, n_packets=1247, n_bytes=122150, idle_age=1, priority=0 actions=resubmit(,3)
cookie=0x0, duration=1482.245s, table=3, n_packets=1245, n_bytes=122010, idle_age=1, priority=0,ip,metadata=0,nw_dst=192.168.128.0/24 actions=CONTROLLER:65535 ---> Notice that this is getting hit as well

4 - Misc info:
ovs-vsctl (Open vSwitch) 2.8.0
DB Schema 7.15.0

ovs-appctl dpif/show
gtp_br0:
        gtp0 32768/4: (gtp: key=flow, remote_ip=flow)
        gtp_br0 65534/1: (internal)
        int_nat_peer 32770/3: (system)
        veth0_ovs 32769/2: (system)

Also, Whoever improved the output of ofproto/trace thanks a ton!

Thanks in advance!
Amar
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20171206/d6ee65b8/attachment-0001.html>


More information about the discuss mailing list