On 15 September 2015 at 23:54, Ben Warren <[email protected]> wrote: > Hi, > > I’m working off Justin Pettit’s ‘conntrack’ tree @ > https://github.com/justinpettit/ovs/tree/conntrack, and can’t seem to get > marks to work. > > Here’s an example of a flow (FTP server) > > === > ovs-ofctl add-flow br0 > "table=3,cookie=0xb0b,priority=32000,ct_state=+new+trk,tcp,tp_dst=21 > actions=ct(commit,alg=ftp,zone=2),resubmit(,4),set_field:9->ct_mark” > === > > which I believe should set the conntrack mark to 9 on packets that meet the > match criteria > > When I connect via FTP and use the conntrack command line, I see the flow, > but no sign of the mark: > > === > # conntrack -E | grep 237 > [NEW] tcp 6 120 SYN_SENT src=10.99.0.17 dst=10.11.10.237 sport=54154 > dport=21 [UNREPLIED] src=10.11.10.237 dst=10.99.0.17 sport=21 dport=54154 > zone=2 helper=ftp > === > > My kernel is pretty vanilla, but marks definitely are seen when set via > iptables. Does it need to be patched to support marks coming from OVS?
The "ct_mark" tests in the testsuite have some examples, perhaps they might help? https://github.com/justinpettit/ovs/blob/conntrack/tests/system-traffic.at#L479 Do you see anything relevant in the logs? Are you seeing packets hit the OpenFlow flows that you expect? The datapath flows may also provide some insight. _______________________________________________ discuss mailing list [email protected] http://openvswitch.org/mailman/listinfo/discuss
