Hi, The two threads :
http://openvswitch.org/pipermail/discuss/2015-October/019201.html http://openvswitch.org/pipermail/dev/2015-October/061629.html discuss about kernel not supporting connection tracking and OVS rejecting conntrack flows with "bad field" error. But in my case I was able to added the following flows with ct-state in the match filed: table=0,in_port=1,tcp,action=ct(commit,exec(set_field:1->ct_label)),2 table=0,in_port=2,ct_state=-trk,tcp,action=ct(table=1) but the flow below is not accepted by OVS and returns bad field error: table=1,in_port=2,ct_state=+trk,ct_label=1,tcp,action=1 Thanks, Ravi -----Original Message----- From: Joe Stringer [mailto:[email protected]] Sent: Monday, October 26, 2015 10:22 PM To: Kenchappa, Ravindra Cc: [email protected] Subject: Re: [ovs-discuss] OVS: not able to add conntack flow rules On 25 October 2015 at 21:45, Kenchappa, Ravindra <[email protected]> wrote: > Hi, > > I have downloaded and installed OVS 2.4.90 > (https://github.com/justinpettit/ovs/tree/conntrack) and trying to add > conntrack flows via ovs-ofctl. I am able to add few sample flows and I > am getting errors when tried to added the following flow: > > raveek:~/devstack$ sudo ovs-ofctl add-flow br-int > table=1,in_port=2,ct_state=+est,tcp,action=1 > OFPT_ERROR (xid=0x6): OFPBMC_BAD_FIELD NXT_FLOW_MOD (xid=0x6): > (truncated to 64 bytes from 88) > 00000000 01 04 00 58 00 00 00 06-00 00 23 20 00 00 00 0d |...X......# > ....| > 00000010 00 00 00 00 00 00 00 00-01 00 00 00 00 00 80 00 > |................| > 00000020 ff ff ff ff ff ff 00 00-00 1d 00 00 00 00 00 00 > |................| > 00000030 00 00 00 02 00 02 00 00-06 02 08 00 00 00 0c 01 > |................| > > raveek:~/devstack$ sudo ovs-ofctl add-flow br-int > table=20,in_port=2,ct_state=+trk+new,tcp,action=drop > OFPT_ERROR (xid=0x6): OFPBMC_BAD_FIELD NXT_FLOW_MOD (xid=0x6): > (truncated to 64 bytes from 80) > 00000000 01 04 00 50 00 00 00 06-00 00 23 20 00 00 00 0d |...P......# > ....| > 00000010 00 00 00 00 00 00 00 00-14 00 00 00 00 00 80 00 > |................| > 00000020 ff ff ff ff ff ff 00 00-00 1d 00 00 00 00 00 00 > |................| > 00000030 00 00 00 02 00 02 00 00-06 02 08 00 00 00 0c 01 > |................| raveek::~/devstack$ > > Here is the flow table looks like. > > raveek:~/devstack$ sudo ovs-ofctl dump-flows br-int -Oopenflow13 > OFPST_FLOW reply (OF1.3) (xid=0x2): > cookie=0x0, duration=98.291s, table=0, n_packets=0, n_bytes=0, > dl_type=0x88cc actions=CONTROLLER:65535 cookie=0x0, duration=28.391s, > table=0, n_packets=0, n_bytes=0, arp actions=NORMAL cookie=0x0, > duration=28.368s, table=0, n_packets=0, n_bytes=0, > ct_state=-trk,tcp,in_port=1 actions=ct(commit,zone=9),output:2 > cookie=0x0, duration=28.346s, table=0, n_packets=0, n_bytes=0, > ct_state=-trk,tcp,in_port=2 actions=ct(table=1,zone=9) cookie=0x0, > duration=98.291s, table=0, n_packets=0, n_bytes=0, priority=0 > actions=goto_table:20 > cookie=0x0, duration=28.410s, table=0, n_packets=0, n_bytes=0, > priority=1 actions=drop cookie=0x0, duration=98.288s, table=20, > n_packets=0, n_bytes=0, priority=0 > actions=goto_table:30 > cookie=0x0, duration=98.288s, table=30, n_packets=0, n_bytes=0, > priority=0 > actions=goto_table:40 > cookie=0x0, duration=98.288s, table=40, n_packets=0, n_bytes=0, > priority=0 > actions=goto_table:50 > cookie=0x0, duration=98.291s, table=50, n_packets=0, n_bytes=0, > priority=0 > actions=goto_table:60 > cookie=0x0, duration=98.288s, table=60, n_packets=0, n_bytes=0, > priority=0 > actions=goto_table:70 > cookie=0x0, duration=98.288s, table=70, n_packets=0, n_bytes=0, > priority=0 > actions=goto_table:80 > cookie=0x0, duration=98.289s, table=80, n_packets=0, n_bytes=0, > priority=0 > actions=goto_table:90 > cookie=0x0, duration=98.288s, table=90, n_packets=0, n_bytes=0, > priority=0 > actions=goto_table:100 > cookie=0x0, duration=98.288s, table=100, n_packets=0, n_bytes=0, > priority=0 > actions=goto_table:110 > cookie=0x0, duration=98.291s, table=110, n_packets=0, n_bytes=0, > priority=0 actions=drop > > raveek::~/devstack$ > > Could you please help me in identifying the problem? There have been multiple questions like this recently on this mailinglist, see those threads: http://openvswitch.org/pipermail/discuss/2015-October/019201.html http://openvswitch.org/pipermail/dev/2015-October/061629.html _______________________________________________ discuss mailing list [email protected] http://openvswitch.org/mailman/listinfo/discuss
