[ovs-discuss] [Potential Spoof] Discrepancy between ofproto/trace output and dpctl dump-flows output

Ben Pfaff blp at ovn.org
Wed Dec 6 18:17:28 UTC 2017 

For packets that go to the slow path, the trace is supposed to show what
happens when the packet is processed in the slow path and then note why
it goes to the slow path.  That wasn't happening in your case because of
that formatting/parsing mismatch.

On Wed, Dec 06, 2017 at 06:38:23AM +0000, Amar Padmanabhan wrote:
> oh, I think I remember that output to slow_path doesn’t show up in the ofproto/trace. Don’t remember why though
> - Amar
> 
> From: <ovs-discuss-bounces at openvswitch.org> on behalf of Amar Padmanabhan <amarpadmanabhan at fb.com>
> Date: Tuesday, December 5, 2017 at 9:59 PM
> To: "ovs-discuss at openvswitch.org" <ovs-discuss at openvswitch.org>, Ben Pfaff <blp at ovn.org>
> Cc: Jacky Tian <xjtian at fb.com>
> Subject: [Potential Spoof] [ovs-discuss] Discrepancy between ofproto/trace output and dpctl dump-flows output
> 
> Hi,
> We are debugging a setup and are seeing something that we are finding it hard to explain.
> 
> 1 - Here is the ovs-dpctl dump-flows output.
> recirc_id(0),in_port(3),eth_type(0x0800),ipv4(dst=192.168.128.0/255.255.255.0,frag=no), packets:550, bytes:53900, used:0.364s, actions:userspace(pid=3276048382,slow_path(controller))
> 
> 2 - We are now trying to trace this flow and are not seeing the output to controller flow getting hit in the trace.
> sudo ovs-appctl ofproto/trace "in_port(3),eth_type(0x0800),ipv4(dst=192.168.128.0/255.255.255.0,frag=no)"
> Flow: packet_type=(1,0x800),in_port=32770,nw_src=0.0.0.0,nw_dst=192.168.128.0,nw_proto=0,nw_tos=0,nw_ecn=0,nw_ttl=0
> bridge("gtp_br0")
> -----------------
> 0. priority 0 resubmit(,1)
> 1. in_port=32770, priority 10 set_field:0->metadata resubmit(,2)
> 2. priority 0 resubmit(,3)
> 3. No match. drop Final flow: unchanged Megaflow: recirc_id=0,packet_type=(1,0x800),in_port=32770,nw_frag=no Datapath actions: drop ---> Why isn’t the output to controller flow getting hit?
> 
> 
> 3 - We are also seeing the flow counts go up for the output to controller flow per the ofctl dump-flows output (pasting relevant flows)
> 
> NXST_FLOW reply (xid=0x4): cookie=0x0, duration=1482.245s, table=0, n_packets=1408, n_bytes=148464, idle_age=1, priority=0 actions=resubmit(,1)
> cookie=0x0, duration=1482.244s, table=1, n_packets=1283, n_bytes=123662, idle_age=1, priority=10,in_port=32770 actions=set_field:0->metadata,resubmit(,2)
> cookie=0x0, duration=1482.244s, table=2, n_packets=1247, n_bytes=122150, idle_age=1, priority=0 actions=resubmit(,3)
> cookie=0x0, duration=1482.245s, table=3, n_packets=1245, n_bytes=122010, idle_age=1, priority=0,ip,metadata=0,nw_dst=192.168.128.0/24 actions=CONTROLLER:65535 ---> Notice that this is getting hit as well
> 
> 4 - Misc info:
> ovs-vsctl (Open vSwitch) 2.8.0
> DB Schema 7.15.0
> 
> ovs-appctl dpif/show
> gtp_br0:
>         gtp0 32768/4: (gtp: key=flow, remote_ip=flow)
>         gtp_br0 65534/1: (internal)
>         int_nat_peer 32770/3: (system)
>         veth0_ovs 32769/2: (system)
> 
> Also, Whoever improved the output of ofproto/trace thanks a ton!
> 
> Thanks in advance!
> Amar

More information about the discuss mailing list