Hi Han, Numan,
@Han I'll post v2 that is rebased against master with fixes you've mentioned
below. Check my comments.
@Numan I've extended system test and added loadbalancer plus a connection check
- seems to be fine, however I'm having a hell of a time trying to figure out
how to use ovn-trace with CT (and also with LB) to understand how packets are
matched by flows.
As far as I understand loadbalancer action ct_lb will perform dnat, changing
the destination IP and port to backend, and the flow I've installed in
lr_in_ip_routing will no longer match it.
In version 2 patch, after pausing system test 149 I've tried a trace like that
to see which flows are matched, but the output doesn't seem to actually show
related flows, and seem to be showing the default matching (without ct and lb).
The command I run is:
ovn-trace --db unix:./ovn-sb/ovn-sb.sock --ct new 'inport=="rp-public" &&
eth.src==00:10:10:01:02:13 && eth.dst==00:00:02:01:02:03 && ip4 &&
ip4.src==172.16.1.100 && ip4.dst==172.16.1.254 && ip.ttl==64 && tcp &&
tcp.dst==90' --lb-dst 192.168.1.2:90
On Wed, Aug 4, 2021, at 20:17, Han Zhou wrote:
>
>
> On Mon, Mar 22, 2021 at 2:16 AM Krzysztof Klimonda
> <[email protected]> wrote:
> >
> > If there are snat entries on the router, and some logical_ip are set to
> > network instead of an IP address then given SNAT is masquerade. In such
> > case ct_snat action is used in lr_in_unsnat table to ensure that the
> > packet is matched against conntrack and destination IP is replaced with
> > one from matching conntrack entry.
> >
> > This however breaks down for new connections sent to router's external IP
> > address. In such case, when packet is checked against conntrack table,
> > there is no match, and its destination IP remains unchanged. This causes a
> > loop in lr_in_ip_routing.
> >
> > This commit installs a new logical flow in lr_in_ip_routing table for
> > routers that have SNAT entry with logical_ip set to network (that being
> > masquerade). This flow drops packets that, after going through conntrack
> > via ct_snat action in lr_in_unsnat table, are not in established or
> > related state (!ct.est && !ct.rel) and which destination IP still matches
> > router's external IP. This prevents vswitchd from looping such packets
> > until their TTL reaches zero, as well as installing bogus flows in
> > datapath that lead to ovs module dropping such packages with "deferred
> > action limit reached, drop recirc action" message.
> >
> > Signed-off-by: Krzysztof Klimonda <[email protected]>
>
> Thanks for the patch. As mentioned in the discussion ML could you post
> more details on how the loop happens?
> Please see some more comments below.
As far as I understood it when writing the patch, there is a problem with how
packets that are not part of conntrack flows are handled by ct_snat action:
When packet arrives and goes through lr_in_unsnat table, the ct_snat action
does not match it to any existing conntrack flow, and destination IP remains
unchaged. The packet then goes through lr_in_ip_routing and because destination
IP is still router IP it is sent to egress only to end up in the same ingress
pipeline, with the same logical flow in lr_in_unsnat table, and with the same
resulting ct_snat action - this results in a loop until ttl is decremented
enough time.
My idea for the fix was to install a route in the router that would drop
packets which, after being unSNATted, still have destination IP of the router.
I've attached two ovn-traces that try to illustrate the fact, although I can't
really figure out how to properly use --ct with ovn-trace to simulate new and
established connections.
I'm also having some weird system test failures with current master where in my
tests ping fails to send first few packages against router IP with EBUSY
(resource temporarily unavailable) being returned from recvfrom
>
> > ---
> > northd/ovn-northd.c | 57 +++++++++++++++++++++++
> > tests/ovn.at | 45 ++++++++++++++++++
> > tests/system-ovn.at | 108 ++++++++++++++++++++++++++++++++++++++++++++
> > 3 files changed, 210 insertions(+)
> >
> > diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c
> > index 4783e43d7..ea7db3d47 100644
> > --- a/northd/ovn-northd.c
> > +++ b/northd/ovn-northd.c
> > @@ -11304,6 +11304,7 @@ build_lrouter_nat_defrag_and_lb(struct ovn_datapath
> > *od,
> > ovs_be32 ip, mask;
> > struct in6_addr ipv6, mask_v6, v6_exact = IN6ADDR_EXACT_INIT;
> > bool is_v6 = false;
> > + bool is_masquerade = false;
> > bool stateless = lrouter_nat_is_stateless(nat);
> > struct nbrec_address_set *allowed_ext_ips =
> > nat->allowed_ext_ips;
> > @@ -11343,9 +11344,15 @@ build_lrouter_nat_defrag_and_lb(struct
> > ovn_datapath *od,
> > if (is_v6) {
> > error = ipv6_parse_masked(nat->logical_ip, &ipv6, &mask_v6);
> > cidr_bits = ipv6_count_cidr_bits(&mask_v6);
> > + if (cidr_bits < 128) {
> > + is_masquerade = true;
> > + }
> > } else {
> > error = ip_parse_masked(nat->logical_ip, &ip, &mask);
> > cidr_bits = ip_count_cidr_bits(mask);
> > + if (cidr_bits < 32) {
> > + is_masquerade = 32;
>
> Typo? s/32/true
Indeed, fixed in v2.
>
> > + }
> > }
> > if (!strcmp(nat->type, "snat")) {
> > if (error) {
> > @@ -11396,6 +11403,56 @@ build_lrouter_nat_defrag_and_lb(struct
> > ovn_datapath *od,
> > build_lrouter_in_dnat_flow(lflows, od, nat, match, actions,
> > distributed,
> > mask, is_v6);
> >
> > + /* When router have SNAT enabled, and logical_ip is a network
> > (router
> > + * is doing masquerade), then we need to make sure that packets
> > + * unrelated to any established connection that still have router's
> > + * external IP as a next hop after going through lr_in_unsnat table
> > + * are dropped properly. Otherwise such packets will loop around
> > + * between tables until their ttl reaches zero - this additionally
> > + * causes kernel module to drop such packages due to recirculation
> > + * limit being exceeded.
> > + *
> > + * Install a logical flow in lr_in_ip_routing table that will
> > + * match packet with router's external IP that have no related
> > + * conntrack entries and drop them. Flow priority must be higher
> > + * than any other flow in lr_in_ip_routing that matches router's
> > + * external IP.
> > + *
> > + * The priority for destination routes is calculated as
> > + * (prefix length * 2) + 1, and there is an additional flow
> > + * for when BFD is in play with priority + 1. Set priority that
> > + * is higher than any other potential routing flow for that
> > + * network, that is (prefix length * 2) + offset, where offset
> > + * is 1 (dst) + 1 (bfd) + 1. */
> > + if (is_masquerade) {
> > + uint16_t priority, prefix_length, offset;
> > +
> > + if (is_v6) {
> > + prefix_length = 128;
> > + } else {
> > + prefix_length = 32;
> > + }
> > + offset = 3;
> > + priority = (prefix_length * 2) + offset;
> > +
> > + ds_clear(match);
> > +
> > + if (is_v6) {
> > + ds_put_format(match,
> > + "ct.new && ip6.dst == %s",
> > + nat->external_ip);
> > + } else {
> > + ds_put_format(match,
> > + "ct.new && ip4.dst == %s",
> > + nat->external_ip);
> > + }
> > +
> In the current upstream code UNSNAT and CT is combined into the same
> stage. So if CT entry is matched it will perform UNSNAT directly. In
> that case I think we don't need to match ct.new or any CT state here,
> because if there is CT entry matched it means the ip.dst is UNSNATted
> already and it won't match the nat->external_ip.
You are right, dropped ct.new from matches in v2.
Regards,
Krzysztof
>
> Thanks,
> Han
>
> > + ovn_lflow_add_unique_with_hint(lflows, od,
> > + S_ROUTER_IN_IP_ROUTING,
> > priority,
> > + ds_cstr(match), "drop;",
> > + &nat->header_);
> > + }
> > +
> > /* ARP resolve for NAT IPs. */
> > if (od->l3dgw_port) {
> > if (!strcmp(nat->type, "snat")) {
> > diff --git a/tests/ovn.at b/tests/ovn.at
> > index b751d6db2..b40eaeaf6 100644
> > --- a/tests/ovn.at
> > +++ b/tests/ovn.at
> > @@ -23220,6 +23220,51 @@ OVN_CLEANUP([hv1])
> > AT_CLEANUP
> > ])
> >
> > +OVN_FOR_EACH_NORTHD([
> > +AT_SETUP([ovn -- SNAT handling of unrelated packets with masquerade"])
> > +ovn_start
> > +
> > +ovn-nbctl lr-add R1
> > +
> > +ovn-nbctl ls-add sw0
> > +ovn-nbctl ls-add public
> > +
> > +ovn-nbctl lsp-add sw0 sw0-port1 \
> > + -- lsp-set-addresses sw0-port1 "00:00:00:01:02:03 192.168.1.3"
> > +
> > +ovn-nbctl lrp-add R1 rp-sw0 00:00:01:01:02:03 192.168.1.1/24
> > +ovn-nbctl lrp-add R1 rp-public 00:00:02:01:02:03 172.16.1.254/24 \
> > + -- lrp-set-gateway-chassis rp-public hv1
> > +
> > +ovn-nbctl lsp-add sw0 sw0-rp -- set Logical_Switch_Port sw0-rp \
> > + type=router options:router-port=rp-sw0 \
> > + -- lsp-set-addresses sw0-rp router
> > +
> > +ovn-nbctl lsp-add public public-rp -- set Logical_Switch_Port public-rp \
> > + type=router options:router-port=rp-public \
> > + -- lsp-set-addresses public-rp router
> > +
> > +AT_CHECK([ovn-nbctl lr-nat-add R1 dnat_and_snat 172.16.1.2 192.168.1.3
> > sw0-port1 00:00:00:01:02:03])
> > +AT_CHECK([ovn-nbctl lr-nat-add R1 dnat 172.16.1.3 192.168.1.4])
> > +AT_CHECK([check ovn-nbctl --wait=sb sync])
> > +
> > +# Before we add second NAT (masquerade) there should be no flows
> > +# in lr_in_ip_routing that match against conntrack state.
> > +AT_CHECK([ovn-sbctl lflow-list | grep -E "lr_in_ip_routing.*ct.new"], [1],
> > [])
> > +
> > +ovn-nbctl lr-nat-add R1 snat 172.16.1.254 192.168.1.0/24
> > +AT_CHECK([check ovn-nbctl --wait=sb sync])
> > +
> > +AT_CHECK([ovn-sbctl lflow-list | grep -E "lr_in_ip_routing.*ct.new.*drop"],
> > +[0], [dnl
> > + table=10(lr_in_ip_routing ), priority=67 dnl
> > +, match=(ct.new && ip4.dst == 172.16.1.254), dnl
> > +action=(drop;)
> > +])
> > +
> > +AT_CLEANUP
> > +])
> > +
> > OVN_FOR_EACH_NORTHD([
> > AT_SETUP([ovn -- ARP replies for SNAT external ips])
> > ovn_start
> > diff --git a/tests/system-ovn.at b/tests/system-ovn.at
> > index 4885303d1..3edd993cd 100644
> > --- a/tests/system-ovn.at
> > +++ b/tests/system-ovn.at
> > @@ -5600,6 +5600,114 @@ OVS_TRAFFIC_VSWITCHD_STOP(["/failed to query port
> > patch-.*/d
> > AT_CLEANUP
> > ])
> >
> > +OVN_FOR_EACH_NORTHD([
> > +AT_SETUP([ovn -- SNAT handling of unrelated packets with masquerade"])
> > +AT_SKIP_IF([test $HAVE_NC = no])
> > +
> > +ovn_start
> > +OVS_TRAFFIC_VSWITCHD_START()
> > +
> > +ADD_BR([br-int])
> > +ADD_BR([br-ext])
> > +
> > +ovs-ofctl add-flow br-ext action=normal
> > +# Set external-ids in br-int needed for ovn-controller
> > +ovs-vsctl \
> > + -- set Open_vSwitch . external-ids:system-id=hv1 \
> > + -- set Open_vSwitch .
> > external-ids:ovn-remote=unix:$ovs_base/ovn-sb/ovn-sb.sock \
> > + -- set Open_vSwitch . external-ids:ovn-encap-type=geneve \
> > + -- set Open_vSwitch . external-ids:ovn-encap-ip=169.0.0.1 \
> > + -- set bridge br-int fail-mode=secure
> > other-config:disable-in-band=true
> > +
> > +# Start ovn-controller
> > +start_daemon ovn-controller
> > +
> > +ovn-nbctl lr-add R1
> > +
> > +ovn-nbctl ls-add sw0
> > +ovn-nbctl ls-add public
> > +
> > +ovn-nbctl lrp-add R1 rp-sw0 00:00:01:01:02:03 192.168.1.1/24
> > +ovn-nbctl lrp-add R1 rp-public 00:00:02:01:02:03 172.16.1.254/24 \
> > + -- lrp-set-gateway-chassis rp-public hv1
> > +
> > +ovn-nbctl lsp-add sw0 sw0-rp -- set Logical_Switch_Port sw0-rp \
> > + type=router options:router-port=rp-sw0 \
> > + -- lsp-set-addresses sw0-rp router
> > +
> > +ovn-nbctl lsp-add public public-rp -- set Logical_Switch_Port public-rp \
> > + type=router options:router-port=rp-public \
> > + -- lsp-set-addresses public-rp router
> > +
> > +ovn-nbctl lr-nat-add R1 snat 172.16.1.254 192.168.1.0/24
> > +
> > +ADD_NAMESPACES(sw01-x)
> > +ADD_VETH(sw01-x, sw01-x, br-int, "192.168.1.2/24", "f0:00:00:01:02:03", \
> > + "192.168.1.1")
> > +ovn-nbctl lsp-add sw0 sw01-x \
> > + -- lsp-set-addresses sw01-x "f0:00:00:01:02:03 192.168.1.2"
> > +
> > +OVS_WAIT_UNTIL([test x$(ovn-nbctl lsp-get-up sw01-x) = xup])
> > +
> > +ADD_NAMESPACES(ext-foo)
> > +ADD_VETH(ext-foo, ext-foo, br-ext, "172.16.1.100/24", "00:10:10:01:02:13",
> > \
> > + "172.16.1.254")
> > +
> > +OVS_WAIT_UNTIL([test "$(ip netns exec ext-foo ip a | grep 172.16 | grep
> > tentative)" = ""])
> > +
> > +AT_CHECK([ovs-vsctl set Open_vSwitch .
> > external-ids:ovn-bridge-mappings=phynet:br-ext])
> > +ovn-nbctl lsp-add public public1 \
> > + -- lsp-set-addresses public1 unknown \
> > + -- lsp-set-type public1 localnet \
> > + -- lsp-set-options public1 network_name=phynet
> > +
> > +ovn-nbctl --wait=hv sync
> > +
> > +# Send ping from ext-foo to router's external IP to verify that incoming
> > ICMP is working
> > +NS_CHECK_EXEC([ext-foo], [ping -q -c 3 -i 0.3 -w 2 172.16.1.254 |
> > FORMAT_PING], \
> > +[0], [dnl
> > +3 packets transmitted, 3 received, 0% packet loss, time 0ms
> > +])
> > +
> > +# Verify that we can establish an outgoing connection from host behind
> > +# SNAT to one on the external network.
> > +NS_CHECK_EXEC([ext-foo], [echo response | nc -l 80 &], [], [])
> > +
> > +NS_CHECK_EXEC([sw01-x], [nc -w 1 172.16.1.100 80], [0], [dnl
> > +response
> > +])
> > +
> > +AT_CHECK([ovs-appctl dpctl/flush-conntrack])
> > +
> > +# Check that incoming packets that are not part of any established
> > +# connection are dropped.
> > +NS_CHECK_EXEC([ext-foo], [nc -w 1 172.16.1.254 80], [1], [])
> > +
> > +# There shouldn't be any entry in conntrack table for that flow.
> > +AT_CHECK([ovs-appctl dpctl/dump-conntrack], [0], [])
> > +
> > +# vswitchd should not complaing about recirculation depth being exceeded,
> > +# which would indicate that packet is not properly dropped, but instead
> > +# loops between vswitchd flow tables until its ttl is down to 0.
> > +AT_CHECK([grep -qE 'Packet dropped. Max recirculation depth exceeded.'
> > ovs-vswitchd.log], [1])
> > +
> > +OVS_APP_EXIT_AND_WAIT([ovn-controller])
> > +
> > +as ovn-sb
> > +OVS_APP_EXIT_AND_WAIT([ovsdb-server])
> > +
> > +as ovn-nb
> > +OVS_APP_EXIT_AND_WAIT([ovsdb-server])
> > +
> > +as northd
> > +OVS_APP_EXIT_AND_WAIT([ovn-northd])
> > +
> > +as
> > +OVS_TRAFFIC_VSWITCHD_STOP(["/.*error receiving.*/d
> > +/.*terminating with signal 15.*/d"])
> > +AT_CLEANUP
> > +])
> > +
> > OVN_FOR_EACH_NORTHD([
> > AT_SETUP([ovn -- ARP resolution for SNAT IP])
> > ovn_start
> > --
> > 2.28.0
> >
> > _______________________________________________
> > dev mailing list
> > [email protected]
> > https://mail.openvswitch.org/mailman/listinfo/ovs-dev
--
Krzysztof Klimonda
[email protected]root@ovn-controller:/home/eouser/sources/ovn# ovn-trace --ovs --db
unix:./ovn-sb/ovn-sb.sock R1 'inport == "rp-public" && eth.src ==
00:10:10:01:02:13 && ip4.src == 172.16.1.100 && eth.dst == 00:00:02:01:02:03 &&
ip4.dst == 172.16.1.254 && tcp.dst == 8000 && ip.ttl == 3'
#
tcp,reg14=0x2,vlan_tci=0x0000,dl_src=00:10:10:01:02:13,dl_dst=00:00:02:01:02:03,nw_src=172.16.1.100,nw_dst=172.16.1.254,nw_tos=0,nw_ecn=0,nw_ttl=3,tp_src=0,tp_dst=8000,tcp_flags=0
ingress(dp="R1", inport="rp-public")
------------------------------------
0. lr_in_admission (ovn-northd.c:9973): eth.dst == 00:00:02:01:02:03 && inport
== "rp-public" && is_chassis_resident("cr-rp-public"), priority 50, uuid
f1519d5e
cookie=0xf1519d5e, duration=16.301s, table=8, n_packets=0, n_bytes=0,
idle_age=16, priority=50,reg14=0x2,metadata=0x1,dl_dst=00:00:02:01:02:03
actions=set_field:0x20102030000000000000000/0xffffffffffff0000000000000000->xxreg0,resubmit(,9)
xreg0[0..47] = 00:00:02:01:02:03;
next;
1. lr_in_lookup_neighbor (ovn-northd.c:10054): 1, priority 0, uuid 5e58c043
cookie=0x5e58c043, duration=16.303s, table=9, n_packets=4, n_bytes=280,
idle_age=6, priority=0,metadata=0x1
actions=set_field:0x4/0x4->xreg4,resubmit(,10)
reg9[2] = 1;
next;
2. lr_in_learn_neighbor (ovn-northd.c:10063): reg9[2] == 1, priority 100, uuid
9ad2d8c1
cookie=0x9ad2d8c1, duration=16.304s, table=10, n_packets=4, n_bytes=280,
idle_age=6, priority=100,reg9=0x4/0x4,metadata=0x1 actions=resubmit(,11)
next;
4. lr_in_unsnat (ovn-northd.c:11860): ip && ip4.dst == 172.16.1.254 && inport
== "rp-public" && is_chassis_resident("cr-rp-public"), priority 100, uuid
c35b8293
cookie=0xc35b8293, duration=16.302s, table=12, n_packets=0, n_bytes=0,
idle_age=16, priority=100,ip,reg14=0x2,metadata=0x1,nw_dst=172.16.1.254
actions=ct(table=13,zone=NXM_NX_REG12[0..15],nat)
ct_snat;
ct_snat /* assuming no un-snat entry, so no change */
-----------------------------------------------------
10. lr_in_ip_routing (ovn-northd.c:8882): ip4.dst == 172.16.1.0/24, priority
49, uuid 4b3b0229
cookie=0x4b3b0229, duration=16.302s, table=18, n_packets=0, n_bytes=0,
idle_age=16, priority=49,ip,metadata=0x1,nw_dst=172.16.1.0/24
actions=dec_ttl(),set_field:0/0xffff00000000->xreg4,move:NXM_OF_IP_DST[]->NXM_NX_XXREG0[96..127],set_field:0xac1001fe0000000000000000/0xffffffff0000000000000000->xxreg0,set_field:00:00:02:01:02:03->eth_src,set_field:0x2->reg15,set_field:0x1/0x1->reg10,resubmit(,19)
ip.ttl--;
reg8[0..15] = 0;
reg0 = ip4.dst;
reg1 = 172.16.1.254;
eth.src = 00:00:02:01:02:03;
outport = "rp-public";
flags.loopback = 1;
next;
11. lr_in_ip_routing_ecmp (ovn-northd.c:10361): reg8[0..15] == 0, priority 150,
uuid 164d36a7
cookie=0x164d36a7, duration=16.302s, table=19, n_packets=0, n_bytes=0,
idle_age=16, priority=150,reg8=0/0xffff,metadata=0x1 actions=resubmit(,20)
next;
12. lr_in_policy (ovn-northd.c:10486): 1, priority 0, uuid f1e3e88e
cookie=0xf1e3e88e, duration=16.303s, table=20, n_packets=0, n_bytes=0,
idle_age=16, priority=0,metadata=0x1
actions=set_field:0/0xffff00000000->xreg4,resubmit(,21)
reg8[0..15] = 0;
next;
13. lr_in_policy_ecmp (ovn-northd.c:10488): reg8[0..15] == 0, priority 150,
uuid 7b787046
cookie=0x7b787046, duration=16.305s, table=21, n_packets=0, n_bytes=0,
idle_age=16, priority=150,reg8=0/0xffff,metadata=0x1 actions=resubmit(,22)
next;
14. lr_in_arp_resolve (ovn-northd.c:12358): outport == "rp-public" && reg0 ==
172.16.1.254, priority 100, uuid 50f843ed
cookie=0x50f843ed, duration=16.302s, table=22, n_packets=0, n_bytes=0,
idle_age=16, priority=100,reg0=0xac1001fe,reg15=0x2,metadata=0x1
actions=set_field:00:00:02:01:02:03->eth_dst,resubmit(,23)
eth.dst = 00:00:02:01:02:03;
next;
17. lr_in_gw_redirect (ovn-northd.c:11095): outport == "rp-public", priority
50, uuid 3007cbea
cookie=0x3007cbea, duration=16.302s, table=25, n_packets=0, n_bytes=0,
idle_age=16, priority=50,reg15=0x2,metadata=0x1
actions=set_field:0x3->reg15,resubmit(,26)
outport = "cr-rp-public";
next;
18. lr_in_arp_request (ovn-northd.c:11178): 1, priority 0, uuid df3d95e6
cookie=0xdf3d95e6, duration=16.303s, table=26, n_packets=0, n_bytes=0,
idle_age=16, priority=0,metadata=0x1 actions=resubmit(,37)
output;
/* Replacing type "chassisredirect" outport "cr-rp-public" with distributed
port "rp-public". */
egress(dp="R1", inport="rp-public", outport="rp-public")
--------------------------------------------------------
0. lr_out_undnat (ovn-northd.c:12266): ip, priority 50, uuid b013adc1
cookie=0xb013adc1, duration=16.306s, table=40, n_packets=0, n_bytes=0,
idle_age=16, priority=50,ipv6,metadata=0x1
actions=set_field:0x1/0x1->reg10,ct(table=41,zone=NXM_NX_REG11[0..15],nat)
cookie=0xb013adc1, duration=16.306s, table=40, n_packets=0, n_bytes=0,
idle_age=16, priority=50,ip,metadata=0x1
actions=set_field:0x1/0x1->reg10,ct(table=41,zone=NXM_NX_REG11[0..15],nat)
flags.loopback = 1;
ct_dnat;
ct_dnat /* assuming no un-dnat entry, so no change */
-----------------------------------------------------
3. lr_out_egr_loop (ovn-northd.c:12447): ip4.dst == 172.16.1.254 && outport ==
"rp-public" && is_chassis_resident("cr-rp-public"), priority 100, uuid a81ac802
cookie=0xa81ac802, duration=16.306s, table=43, n_packets=0, n_bytes=0,
idle_age=16, priority=100,ip,reg15=0x2,metadata=0x1,nw_dst=172.16.1.254
actions=clone(ct_clear,move:NXM_NX_REG15[]->NXM_NX_REG14[],set_field:0->reg15,push:NXM_OF_ETH_SRC[],push:NXM_OF_ETH_DST[],pop:NXM_OF_ETH_SRC[],pop:NXM_OF_ETH_DST[],set_field:0->reg10,set_field:0x1/0x1->reg10,set_field:0/0xffffffff000000000000000000000000->xxreg0,set_field:0/0xffffffff0000000000000000->xxreg0,set_field:0/0xffffffff00000000->xxreg0,set_field:0/0xffffffff->xxreg0,set_field:0/0xffffffff000000000000000000000000->xxreg1,set_field:0/0xffffffff0000000000000000->xxreg1,set_field:0/0xffffffff00000000->xxreg1,set_field:0/0xffffffff->xxreg1,set_field:0/0xffffffff00000000->xreg4,set_field:0/0xffffffff->xreg4,set_field:0x1/0x1->xreg4,resubmit(,8))
clone { ct_clear; inport = outport; outport = ""; eth.dst <-> eth.src;
flags = 0; flags.loopback = 1; reg0 = 0; reg1 = 0; reg2 = 0; reg3 = 0; reg4 =
0; reg5 = 0; reg6 = 0; reg7 = 0; reg8 = 0; reg9 = 0; reg9[0] = 1;
next(pipeline=ingress, table=0); };
clone
-----
ct_clear;
inport = outport;
outport = "";
eth.dst <-> eth.src;
flags = 0;
flags.loopback = 1;
reg0 = 0;
reg1 = 0;
reg2 = 0;
reg3 = 0;
reg4 = 0;
reg5 = 0;
reg6 = 0;
reg7 = 0;
reg8 = 0;
reg9 = 0;
reg9[0] = 1;
next(pipeline=ingress, table=0);
ingress(dp="R1", inport="rp-public")
------------------------------------
0. lr_in_admission (ovn-northd.c:9973): eth.dst == 00:00:02:01:02:03 && inport
== "rp-public" && is_chassis_resident("cr-rp-public"), priority 50, uuid
f1519d5e
cookie=0xf1519d5e, duration=16.305s, table=8, n_packets=0, n_bytes=0,
idle_age=16, priority=50,reg14=0x2,metadata=0x1,dl_dst=00:00:02:01:02:03
actions=set_field:0x20102030000000000000000/0xffffffffffff0000000000000000->xxreg0,resubmit(,9)
xreg0[0..47] = 00:00:02:01:02:03;
next;
1. lr_in_lookup_neighbor (ovn-northd.c:10054): 1, priority 0, uuid 5e58c043
cookie=0x5e58c043, duration=16.307s, table=9, n_packets=4, n_bytes=280,
idle_age=6, priority=0,metadata=0x1
actions=set_field:0x4/0x4->xreg4,resubmit(,10)
reg9[2] = 1;
next;
2. lr_in_learn_neighbor (ovn-northd.c:10063): reg9[2] == 1, priority 100, uuid
9ad2d8c1
cookie=0x9ad2d8c1, duration=16.308s, table=10, n_packets=4, n_bytes=280,
idle_age=6, priority=100,reg9=0x4/0x4,metadata=0x1 actions=resubmit(,11)
next;
4. lr_in_unsnat (ovn-northd.c:11860): ip && ip4.dst == 172.16.1.254 && inport
== "rp-public" && is_chassis_resident("cr-rp-public"), priority 100, uuid
c35b8293
cookie=0xc35b8293, duration=16.306s, table=12, n_packets=0, n_bytes=0,
idle_age=16, priority=100,ip,reg14=0x2,metadata=0x1,nw_dst=172.16.1.254
actions=ct(table=13,zone=NXM_NX_REG12[0..15],nat)
ct_snat;
ct_snat /* assuming no un-snat entry, so no change */
-----------------------------------------------------
10. lr_in_ip_routing (ovn-northd.c:8882): ip4.dst == 172.16.1.0/24, priority
49, uuid 4b3b0229
cookie=0x4b3b0229, duration=16.305s, table=18, n_packets=0, n_bytes=0,
idle_age=16, priority=49,ip,metadata=0x1,nw_dst=172.16.1.0/24
actions=dec_ttl(),set_field:0/0xffff00000000->xreg4,move:NXM_OF_IP_DST[]->NXM_NX_XXREG0[96..127],set_field:0xac1001fe0000000000000000/0xffffffff0000000000000000->xxreg0,set_field:00:00:02:01:02:03->eth_src,set_field:0x2->reg15,set_field:0x1/0x1->reg10,resubmit(,19)
ip.ttl--;
reg8[0..15] = 0;
reg0 = ip4.dst;
reg1 = 172.16.1.254;
eth.src = 00:00:02:01:02:03;
outport = "rp-public";
flags.loopback = 1;
next;
11. lr_in_ip_routing_ecmp (ovn-northd.c:10361): reg8[0..15] == 0, priority 150,
uuid 164d36a7
cookie=0x164d36a7, duration=16.306s, table=19, n_packets=0, n_bytes=0,
idle_age=16, priority=150,reg8=0/0xffff,metadata=0x1 actions=resubmit(,20)
next;
12. lr_in_policy (ovn-northd.c:10486): 1, priority 0, uuid f1e3e88e
cookie=0xf1e3e88e, duration=16.307s, table=20, n_packets=0, n_bytes=0,
idle_age=16, priority=0,metadata=0x1
actions=set_field:0/0xffff00000000->xreg4,resubmit(,21)
reg8[0..15] = 0;
next;
13. lr_in_policy_ecmp (ovn-northd.c:10488): reg8[0..15] == 0, priority 150,
uuid 7b787046
cookie=0x7b787046, duration=16.308s, table=21, n_packets=0, n_bytes=0,
idle_age=16, priority=150,reg8=0/0xffff,metadata=0x1 actions=resubmit(,22)
next;
14. lr_in_arp_resolve (ovn-northd.c:12358): outport == "rp-public" && reg0 ==
172.16.1.254, priority 100, uuid 50f843ed
cookie=0x50f843ed, duration=16.306s, table=22, n_packets=0, n_bytes=0,
idle_age=16, priority=100,reg0=0xac1001fe,reg15=0x2,metadata=0x1
actions=set_field:00:00:02:01:02:03->eth_dst,resubmit(,23)
eth.dst = 00:00:02:01:02:03;
next;
17. lr_in_gw_redirect (ovn-northd.c:11095): outport == "rp-public", priority
50, uuid 3007cbea
cookie=0x3007cbea, duration=16.306s, table=25, n_packets=0, n_bytes=0,
idle_age=16, priority=50,reg15=0x2,metadata=0x1
actions=set_field:0x3->reg15,resubmit(,26)
outport = "cr-rp-public";
next;
18. lr_in_arp_request (ovn-northd.c:11178): 1, priority 0, uuid df3d95e6
cookie=0xdf3d95e6, duration=16.307s, table=26, n_packets=0, n_bytes=0,
idle_age=16, priority=0,metadata=0x1 actions=resubmit(,37)
output;
/* Replacing type "chassisredirect" outport "cr-rp-public" with distributed
port "rp-public". */
egress(dp="R1", inport="rp-public", outport="rp-public")
--------------------------------------------------------
0. lr_out_undnat (ovn-northd.c:12266): ip, priority 50, uuid b013adc1
cookie=0xb013adc1, duration=16.310s, table=40, n_packets=0, n_bytes=0,
idle_age=16, priority=50,ipv6,metadata=0x1
actions=set_field:0x1/0x1->reg10,ct(table=41,zone=NXM_NX_REG11[0..15],nat)
cookie=0xb013adc1, duration=16.310s, table=40, n_packets=0, n_bytes=0,
idle_age=16, priority=50,ip,metadata=0x1
actions=set_field:0x1/0x1->reg10,ct(table=41,zone=NXM_NX_REG11[0..15],nat)
flags.loopback = 1;
ct_dnat;
ct_dnat /* assuming no un-dnat entry, so no change */
-----------------------------------------------------
3. lr_out_egr_loop (ovn-northd.c:12447): ip4.dst == 172.16.1.254 && outport ==
"rp-public" && is_chassis_resident("cr-rp-public"), priority 100, uuid a81ac802
cookie=0xa81ac802, duration=16.310s, table=43, n_packets=0, n_bytes=0,
idle_age=16, priority=100,ip,reg15=0x2,metadata=0x1,nw_dst=172.16.1.254
actions=clone(ct_clear,move:NXM_NX_REG15[]->NXM_NX_REG14[],set_field:0->reg15,push:NXM_OF_ETH_SRC[],push:NXM_OF_ETH_DST[],pop:NXM_OF_ETH_SRC[],pop:NXM_OF_ETH_DST[],set_field:0->reg10,set_field:0x1/0x1->reg10,set_field:0/0xffffffff000000000000000000000000->xxreg0,set_field:0/0xffffffff0000000000000000->xxreg0,set_field:0/0xffffffff00000000->xxreg0,set_field:0/0xffffffff->xxreg0,set_field:0/0xffffffff000000000000000000000000->xxreg1,set_field:0/0xffffffff0000000000000000->xxreg1,set_field:0/0xffffffff00000000->xxreg1,set_field:0/0xffffffff->xxreg1,set_field:0/0xffffffff00000000->xreg4,set_field:0/0xffffffff->xreg4,set_field:0x1/0x1->xreg4,resubmit(,8))
clone { ct_clear; inport = outport; outport = ""; eth.dst <-> eth.src;
flags = 0; flags.loopback = 1; reg0 = 0; reg1 = 0; reg2 = 0; reg3 = 0; reg4 =
0; reg5 = 0; reg6 = 0; reg7 = 0; reg8 = 0; reg9 = 0; reg9[0] = 1;
next(pipeline=ingress, table=0); };
clone
-----
ct_clear;
inport = outport;
outport = "";
eth.dst <-> eth.src;
flags = 0;
flags.loopback = 1;
reg0 = 0;
reg1 = 0;
reg2 = 0;
reg3 = 0;
reg4 = 0;
reg5 = 0;
reg6 = 0;
reg7 = 0;
reg8 = 0;
reg9 = 0;
reg9[0] = 1;
next(pipeline=ingress, table=0);
ingress(dp="R1", inport="rp-public")
------------------------------------
0. lr_in_admission (ovn-northd.c:9973): eth.dst == 00:00:02:01:02:03 && inport
== "rp-public" && is_chassis_resident("cr-rp-public"), priority 50, uuid
f1519d5e
cookie=0xf1519d5e, duration=16.309s, table=8, n_packets=0, n_bytes=0,
idle_age=16, priority=50,reg14=0x2,metadata=0x1,dl_dst=00:00:02:01:02:03
actions=set_field:0x20102030000000000000000/0xffffffffffff0000000000000000->xxreg0,resubmit(,9)
xreg0[0..47] = 00:00:02:01:02:03;
next;
1. lr_in_lookup_neighbor (ovn-northd.c:10054): 1, priority 0, uuid 5e58c043
cookie=0x5e58c043, duration=16.311s, table=9, n_packets=4, n_bytes=280,
idle_age=6, priority=0,metadata=0x1
actions=set_field:0x4/0x4->xreg4,resubmit(,10)
reg9[2] = 1;
next;
2. lr_in_learn_neighbor (ovn-northd.c:10063): reg9[2] == 1, priority 100, uuid
9ad2d8c1
cookie=0x9ad2d8c1, duration=16.312s, table=10, n_packets=4, n_bytes=280,
idle_age=6, priority=100,reg9=0x4/0x4,metadata=0x1 actions=resubmit(,11)
next;
3. lr_in_ip_input (ovn-northd.c:11580): inport == "rp-public" && ip4 && ip.ttl
== {0, 1} && !ip.later_frag, priority 40, uuid f73ff738
cookie=0xf73ff738, duration=16.307s, table=11, n_packets=0, n_bytes=0,
idle_age=16, priority=40,ip,reg14=0x2,metadata=0x1,nw_ttl=0,nw_frag=not_later
actions=controller(userdata=00.00.00.0a.00.00.00.00.ff.ff.00.18.00.00.23.20.00.1b.00.00.00.00.04.06.00.30.00.00.00.00.00.00.ff.ff.00.18.00.00.23.20.00.1b.00.00.00.00.02.06.00.30.00.00.00.00.00.00.ff.ff.00.18.00.00.23.20.00.1c.00.00.00.00.04.06.00.30.00.00.00.00.00.00.ff.ff.00.18.00.00.23.20.00.1c.00.00.00.00.02.06.00.30.00.00.00.00.00.00.00.19.00.10.80.00.26.01.0b.00.00.00.00.00.00.00.00.19.00.10.80.00.28.01.00.00.00.00.00.00.00.00.00.1c.00.18.00.20.00.00.00.00.00.00.80.00.16.04.80.00.18.04.00.00.00.00.00.19.00.10.80.00.16.04.ac.10.01.fe.00.00.00.00.00.19.00.10.00.01.3a.01.ff.00.00.00.00.00.00.00.ff.ff.00.10.00.00.23.20.00.0e.ff.f8.0c.00.00.00)
cookie=0xf73ff738, duration=16.307s, table=11, n_packets=0, n_bytes=0,
idle_age=16, priority=40,ip,reg14=0x2,metadata=0x1,nw_ttl=1,nw_frag=not_later
actions=controller(userdata=00.00.00.0a.00.00.00.00.ff.ff.00.18.00.00.23.20.00.1b.00.00.00.00.04.06.00.30.00.00.00.00.00.00.ff.ff.00.18.00.00.23.20.00.1b.00.00.00.00.02.06.00.30.00.00.00.00.00.00.ff.ff.00.18.00.00.23.20.00.1c.00.00.00.00.04.06.00.30.00.00.00.00.00.00.ff.ff.00.18.00.00.23.20.00.1c.00.00.00.00.02.06.00.30.00.00.00.00.00.00.00.19.00.10.80.00.26.01.0b.00.00.00.00.00.00.00.00.19.00.10.80.00.28.01.00.00.00.00.00.00.00.00.00.1c.00.18.00.20.00.00.00.00.00.00.80.00.16.04.80.00.18.04.00.00.00.00.00.19.00.10.80.00.16.04.ac.10.01.fe.00.00.00.00.00.19.00.10.00.01.3a.01.ff.00.00.00.00.00.00.00.ff.ff.00.10.00.00.23.20.00.0e.ff.f8.0c.00.00.00)
icmp4 { eth.dst <-> eth.src; icmp4.type = 11; icmp4.code = 0; ip4.dst =
ip4.src; ip4.src = 172.16.1.254; ip.ttl = 255; next; };
icmp4
-----
eth.dst <-> eth.src;
icmp4.type = 11;
icmp4.code = 0;
ip4.dst = ip4.src;
ip4.src = 172.16.1.254;
ip.ttl = 255;
next;
10. lr_in_ip_routing (ovn-northd.c:8882): ip4.dst == 172.16.1.0/24, priority
49, uuid 4b3b0229
cookie=0x4b3b0229, duration=16.310s, table=18, n_packets=0, n_bytes=0,
idle_age=16, priority=49,ip,metadata=0x1,nw_dst=172.16.1.0/24
actions=dec_ttl(),set_field:0/0xffff00000000->xreg4,move:NXM_OF_IP_DST[]->NXM_NX_XXREG0[96..127],set_field:0xac1001fe0000000000000000/0xffffffff0000000000000000->xxreg0,set_field:00:00:02:01:02:03->eth_src,set_field:0x2->reg15,set_field:0x1/0x1->reg10,resubmit(,19)
ip.ttl--;
reg8[0..15] = 0;
reg0 = ip4.dst;
reg1 = 172.16.1.254;
eth.src = 00:00:02:01:02:03;
outport = "rp-public";
flags.loopback = 1;
next;
11. lr_in_ip_routing_ecmp (ovn-northd.c:10361): reg8[0..15] == 0, priority 150,
uuid 164d36a7
cookie=0x164d36a7, duration=16.310s, table=19, n_packets=0, n_bytes=0,
idle_age=16, priority=150,reg8=0/0xffff,metadata=0x1 actions=resubmit(,20)
next;
12. lr_in_policy (ovn-northd.c:10486): 1, priority 0, uuid f1e3e88e
cookie=0xf1e3e88e, duration=16.311s, table=20, n_packets=0, n_bytes=0,
idle_age=16, priority=0,metadata=0x1
actions=set_field:0/0xffff00000000->xreg4,resubmit(,21)
reg8[0..15] = 0;
next;
13. lr_in_policy_ecmp (ovn-northd.c:10488): reg8[0..15] == 0, priority 150,
uuid 7b787046
cookie=0x7b787046, duration=16.312s, table=21, n_packets=0, n_bytes=0,
idle_age=16, priority=150,reg8=0/0xffff,metadata=0x1 actions=resubmit(,22)
next;
14. lr_in_arp_resolve (ovn-northd.c:10522): ip4, priority 0, uuid 4bc48eb7
cookie=0x4bc48eb7, duration=16.309s, table=22, n_packets=0, n_bytes=0,
idle_age=16, priority=0,ip,metadata=0x1
actions=push:NXM_NX_REG0[],push:NXM_NX_XXREG0[96..127],pop:NXM_NX_REG0[],set_field:00:00:00:00:00:00->eth_dst,resubmit(,66),pop:NXM_NX_REG0[],resubmit(,23)
get_arp(outport, reg0);
/* MAC binding to 00:10:10:01:02:13. */
next;
17. lr_in_gw_redirect (ovn-northd.c:11095): outport == "rp-public", priority
50, uuid 3007cbea
cookie=0x3007cbea, duration=16.310s, table=25, n_packets=0, n_bytes=0,
idle_age=16, priority=50,reg15=0x2,metadata=0x1
actions=set_field:0x3->reg15,resubmit(,26)
outport = "cr-rp-public";
next;
18. lr_in_arp_request (ovn-northd.c:11178): 1, priority 0, uuid df3d95e6
cookie=0xdf3d95e6, duration=16.311s, table=26, n_packets=0, n_bytes=0,
idle_age=16, priority=0,metadata=0x1 actions=resubmit(,37)
output;
/* Replacing type "chassisredirect" outport "cr-rp-public" with distributed
port "rp-public". */
egress(dp="R1", inport="rp-public", outport="rp-public")
--------------------------------------------------------
0. lr_out_undnat (ovn-northd.c:12266): ip, priority 50, uuid b013adc1
cookie=0xb013adc1, duration=16.314s, table=40, n_packets=0, n_bytes=0,
idle_age=16, priority=50,ipv6,metadata=0x1
actions=set_field:0x1/0x1->reg10,ct(table=41,zone=NXM_NX_REG11[0..15],nat)
cookie=0xb013adc1, duration=16.314s, table=40, n_packets=0, n_bytes=0,
idle_age=16, priority=50,ip,metadata=0x1
actions=set_field:0x1/0x1->reg10,ct(table=41,zone=NXM_NX_REG11[0..15],nat)
flags.loopback = 1;
ct_dnat;
ct_dnat /* assuming no un-dnat entry, so no change */
-----------------------------------------------------
4. lr_out_delivery (ovn-northd.c:11225): outport == "rp-public", priority 100,
uuid 4996836e
cookie=0x4996836e, duration=16.311s, table=44, n_packets=0, n_bytes=0,
idle_age=16, priority=100,reg15=0x2,metadata=0x1 actions=resubmit(,64)
output;
/* output to "rp-public", type "patch" */
ingress(dp="public", inport="public-rp")
----------------------------------------
0. ls_in_port_sec_l2 (ovn-northd.c:5049): inport == "public-rp", priority 50,
uuid c4ff48aa
cookie=0xc4ff48aa, duration=16.312s, table=8, n_packets=2, n_bytes=84,
idle_age=4, priority=50,reg14=0x1,metadata=0x3 actions=resubmit(,9)
next;
6. ls_in_pre_lb (ovn-northd.c:5196): ip && inport == "public-rp", priority
110, uuid 485ebe24
cookie=0x485ebe24, duration=16.312s, table=14, n_packets=0, n_bytes=0,
idle_age=16, priority=110,ipv6,reg14=0x1,metadata=0x3 actions=resubmit(,15)
cookie=0x485ebe24, duration=16.312s, table=14, n_packets=0, n_bytes=0,
idle_age=16, priority=110,ip,reg14=0x1,metadata=0x3 actions=resubmit(,15)
next;
22. ls_in_l2_lkup (ovn-northd.c:7083): 1, priority 0, uuid b6f380e7
cookie=0xb6f380e7, duration=16.326s, table=30, n_packets=0, n_bytes=0,
idle_age=16, priority=0,metadata=0x2
actions=set_field:0->reg15,resubmit(,71),resubmit(,31)
cookie=0xb6f380e7, duration=16.325s, table=30, n_packets=0, n_bytes=0,
idle_age=16, priority=0,metadata=0x3
actions=set_field:0->reg15,resubmit(,71),resubmit(,31)
outport = get_fdb(eth.dst);
next;
23. ls_in_l2_unknown (ovn-northd.c:7087): outport == "none", priority 50, uuid
654d4cd8
cookie=0x654d4cd8, duration=16.314s, table=31, n_packets=0, n_bytes=0,
idle_age=16, priority=50,reg15=0,metadata=0x3
actions=set_field:0x8001->reg15,resubmit(,37)
outport = "_MC_unknown";
output;
multicast(dp="public", mcgroup="_MC_unknown")
---------------------------------------------
egress(dp="public", inport="public-rp", outport="public1")
----------------------------------------------------------
0. ls_out_pre_lb (ovn-northd.c:5199): ip && outport == "public1",
priority 110, uuid a5b7efdd
cookie=0xa5b7efdd, duration=16.314s, table=40, n_packets=0,
n_bytes=0, idle_age=16, priority=110,ip,reg15=0x2,metadata=0x3
actions=resubmit(,41)
cookie=0xa5b7efdd, duration=16.314s, table=40, n_packets=0,
n_bytes=0, idle_age=16, priority=110,ipv6,reg15=0x2,metadata=0x3
actions=resubmit(,41)
next;
9. ls_out_port_sec_l2 (ovn-northd.c:5146): outport == "public1",
priority 50, uuid ecd5d125
cookie=0xecd5d125, duration=16.314s, table=49, n_packets=0,
n_bytes=0, idle_age=16, priority=50,reg15=0x2,metadata=0x3 actions=resubmit(,64)
output;
/* output to "public1", type "localnet" */
root@ovn-controller:/home/eouser/sources/ovn#
root@ovn-controller:/home/eouser/sources/ovn# ovn-trace --ovs --db
unix:./ovn-sb/ovn-sb.sock R1 'inport == "rp-public" && eth.src ==
00:10:10:01:02:13 && ip4.src == 172.16.1.100 && eth.dst == 00:00:02:01:02:03 &&
ip4.dst == 172.16.1.254 && tcp.dst == 8000 && ip.ttl == 64'
#
tcp,reg14=0x2,vlan_tci=0x0000,dl_src=00:10:10:01:02:13,dl_dst=00:00:02:01:02:03,nw_src=172.16.1.100,nw_dst=172.16.1.254,nw_tos=0,nw_ecn=0,nw_ttl=64,tp_src=0,tp_dst=8000,tcp_flags=0
ingress(dp="R1", inport="rp-public")
------------------------------------
0. lr_in_admission (ovn-northd.c:9973): eth.dst == 00:00:02:01:02:03 && inport
== "rp-public" && is_chassis_resident("cr-rp-public"), priority 50, uuid
9ab1e61c
cookie=0x9ab1e61c, duration=192.402s, table=8, n_packets=10, n_bytes=877,
idle_age=189, priority=50,reg14=0x2,metadata=0x1,dl_dst=00:00:02:01:02:03
actions=set_field:0x20102030000000000000000/0xffffffffffff0000000000000000->xxreg0,resubmit(,9)
xreg0[0..47] = 00:00:02:01:02:03;
next;
1. lr_in_lookup_neighbor (ovn-northd.c:10054): 1, priority 0, uuid 045f3519
cookie=0x45f3519, duration=192.403s, table=9, n_packets=32, n_bytes=2505,
idle_age=57, priority=0,metadata=0x1
actions=set_field:0x4/0x4->xreg4,resubmit(,10)
reg9[2] = 1;
next;
2. lr_in_learn_neighbor (ovn-northd.c:10063): reg9[2] == 1, priority 100, uuid
585fadf8
cookie=0x585fadf8, duration=192.400s, table=10, n_packets=32, n_bytes=2505,
idle_age=57, priority=100,reg9=0x4/0x4,metadata=0x1 actions=resubmit(,11)
next;
4. lr_in_unsnat (ovn-northd.c:11860): ip && ip4.dst == 172.16.1.254 && inport
== "rp-public" && is_chassis_resident("cr-rp-public"), priority 100, uuid
25058f90
cookie=0x25058f90, duration=192.404s, table=12, n_packets=4, n_bytes=289,
idle_age=189, priority=100,ip,reg14=0x2,metadata=0x1,nw_dst=172.16.1.254
actions=ct(table=13,zone=NXM_NX_REG12[0..15],nat)
ct_snat;
ct_snat /* assuming no un-snat entry, so no change */
-----------------------------------------------------
10. lr_in_ip_routing (ovn-northd.c:12333): ip4.dst == 172.16.1.254, priority
67, uuid 28a24a4b
cookie=0x28a24a4b, duration=192.406s, table=18, n_packets=1, n_bytes=74,
idle_age=189, priority=67,ip,metadata=0x1,nw_dst=172.16.1.254 actions=drop
drop;
root@ovn-controller:/home/eouser/sources/ovn# ovn-trace --ovs --db
unix:./ovn-sb/ovn-sb.sock R1 'inport == "rp-public" && eth.src ==
00:10:10:01:02:13 && ip4.src == 172.16.1.100 && eth.dst == 00:00:02:01:02:03 &&
ip4.dst == 172.16.1.254 && icmp4.type == 8 && ip.ttl == 64'^C
_______________________________________________
dev mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
