Re: [ovs-dev] [PATCH ovn] northd: Add qos packet marking.

Lorenzo Bianconi Thu, 01 Feb 2024 02:45:28 -0800

> Hi Lorenzo,
> 
> I have just a few small comments below.

Hi Mark,


thx for the review.

> 
> On 1/30/24 09:53, Lorenzo Bianconi wrote:
> > Add the capbility to mark (through pkt.mark) incoming/outgoing packets
> > in logical_switch datapath according to user configured QoS rule.
> > 
> > Co-developed-by: Dumitru Ceara <[email protected]>
> > Reported-at: https://issues.redhat.com/browse/FDP-42
> > Signed-off-by: Lorenzo Bianconi <[email protected]>
> > ---
> >   NEWS                      |   2 +
> >   controller/lflow.h        |  15 +-
> >   lib/ovn-util.h            |   2 +-
> >   northd/northd.c           |  55 +++--
> >   northd/ovn-northd.8.xml   |  60 ++++--
> >   ovn-nb.ovsschema          |   9 +-
> >   ovn-nb.xml                |  12 +-
> >   tests/ovn-controller.at   | 308 +++++++++++++--------------
> >   tests/ovn-nbctl.at        |   8 +-
> >   tests/ovn-northd.at       | 103 ++++++---
> >   tests/ovn.at              | 429 +++++++++++++++++++++++---------------
> >   tests/system-ovn.at       |  12 +-
> >   utilities/ovn-nbctl.8.xml |   3 +
> >   utilities/ovn-nbctl.c     |  27 ++-
> >   14 files changed, 627 insertions(+), 418 deletions(-)
> > 
> > diff --git a/NEWS b/NEWS
> > index 6553bd078..7300345f1 100644
> > --- a/NEWS
> > +++ b/NEWS
> > @@ -18,6 +18,8 @@ Post v23.09.0
> >     - Support selecting encapsulation IP based on the source/destination 
> > VIF's
> >       settting. See ovn-controller(8) 'external_ids:ovn-encap-ip' for more
> >       details.
> > +  - Add the capbility to mark (through pkt.mark) incoming/outgoing packets
> 
> s/capbility/capability/

ack, I will fix it.

> 
> > +    in the logical switch datapath according to user configured QoS rule.
> >   OVN v23.09.0 - 15 Sep 2023
> >   --------------------------
> > diff --git a/controller/lflow.h b/controller/lflow.h
> > index 9b7ffa19c..f7f6c7950 100644
> > --- a/controller/lflow.h
> > +++ b/controller/lflow.h
> > @@ -67,17 +67,20 @@ struct uuid;
> >   /* Start of LOG_PIPELINE_LEN tables. */
> >   #define OFTABLE_LOG_INGRESS_PIPELINE      8
> > -#define OFTABLE_OUTPUT_LARGE_PKT_DETECT  37
> > -#define OFTABLE_OUTPUT_LARGE_PKT_PROCESS 38
> > -#define OFTABLE_REMOTE_OUTPUT            39
> > -#define OFTABLE_LOCAL_OUTPUT             40
> > -#define OFTABLE_CHECK_LOOPBACK           41
> > +#define OFTABLE_OUTPUT_LARGE_PKT_DETECT  42
> > +#define OFTABLE_OUTPUT_LARGE_PKT_PROCESS 43
> > +#define OFTABLE_REMOTE_OUTPUT            44
> > +#define OFTABLE_LOCAL_OUTPUT             45
> > +#define OFTABLE_CHECK_LOOPBACK           46
> >   /* Start of the OUTPUT section of the pipeline. */
> >   #define OFTABLE_OUTPUT_INIT OFTABLE_OUTPUT_LARGE_PKT_DETECT

[...]

> > +OVN_FOR_EACH_NORTHD_NO_HV([
> > +AT_SETUP([check OVN QoS mark/meter logical flows])
> > +AT_KEYWORDS([OVN-QoS])
> > +ovn_start
> > +
> > +check ovn-nbctl ls-add ls
> > +check ovn-nbctl qos-add ls from-lport 100 ip4 rate=100 burst=1000
> > +check ovn-nbctl qos-add ls from-lport 101 ip4 mark=15
> > +check ovn-nbctl qos-add ls from-lport 102 ip4 dscp=16
> > +check ovn-nbctl qos-add ls from-lport 103 ip4 dscp=17 mark=18
> > +
> > +check ovn-nbctl qos-add ls to-lport 100 ip4 rate=100 burst=1000
> > +check ovn-nbctl qos-add ls to-lport 101 ip4 mark=15
> > +check ovn-nbctl qos-add ls to-lport 102 ip4 dscp=16
> > +check ovn-nbctl qos-add ls to-lport 103 ip4 dscp=17 mark=18
> > +check ovn-nbctl --wait=sb sync
> > +
> > +AT_CHECK([ovn-sbctl lflow-list ls | grep qos | sort], [0], [dnl
> 
> Remember how you had to adjust a bunch of tests because the table numbers
> changed? It's probably a good idea to mask the table numbers in this test so
> that nobody has to adjust this test the next time the table numbers change.

ack, I will fix it.

Regards,
Lorenzo

> 
> > +  table=10(ls_in_qos_mark     ), priority=0    , match=(1), action=(next;)
> > +  table=10(ls_in_qos_mark     ), priority=102  , match=(ip4), 
> > action=(ip.dscp = 16; next;)
> > +  table=10(ls_in_qos_mark     ), priority=103  , match=(ip4), 
> > action=(ip.dscp = 17; next;)
> > +  table=11(ls_in_qos_meter    ), priority=0    , match=(1), action=(next;)
> > +  table=11(ls_in_qos_meter    ), priority=100  , match=(ip4), 
> > action=(set_meter(100, 1000); next;)
> > +  table=15(ls_in_qos_pkt_mark ), priority=0    , match=(1), action=(next;)
> > +  table=15(ls_in_qos_pkt_mark ), priority=101  , match=(ip4), 
> > action=(pkt.mark = 15; next;)
> > +  table=15(ls_in_qos_pkt_mark ), priority=103  , match=(ip4), 
> > action=(pkt.mark = 18; next;)
> > +  table=6 (ls_out_qos_mark    ), priority=0    , match=(1), action=(next;)
> > +  table=6 (ls_out_qos_mark    ), priority=102  , match=(ip4), 
> > action=(ip.dscp = 16; next;)
> > +  table=6 (ls_out_qos_mark    ), priority=103  , match=(ip4), 
> > action=(ip.dscp = 17; next;)
> > +  table=7 (ls_out_qos_meter   ), priority=0    , match=(1), action=(next;)
> > +  table=7 (ls_out_qos_meter   ), priority=100  , match=(ip4), 
> > action=(set_meter(100, 1000); next;)
> > +  table=9 (ls_out_qos_pkt_mark), priority=0    , match=(1), action=(next;)
> > +  table=9 (ls_out_qos_pkt_mark), priority=101  , match=(ip4), 
> > action=(pkt.mark = 15; next;)
> > +  table=9 (ls_out_qos_pkt_mark), priority=103  , match=(ip4), 
> > action=(pkt.mark = 18; next;)
> > +])
> > +
> > +AT_CLEANUP
> > +])
> > +
> >   AT_SETUP([Tiered ACL logical flows])
> >   AT_KEYWORDS([acl])
> > @@ -9978,10 +10017,10 @@ acl_test() {
> >   }
> >   acl_test from-lport "" ls ls_in_acl_eval ls_in_acl_action 8
> > -acl_test from-lport "--apply-after-lb" ls ls_in_acl_after_lb_eval 
> > ls_in_acl_after_lb_action 18
> > +acl_test from-lport "--apply-after-lb" ls ls_in_acl_after_lb_eval 
> > ls_in_acl_after_lb_action 19
> >   acl_test to-lport "" ls ls_out_acl_eval ls_out_acl_action 4
> >   acl_test from-lport "" pg ls_in_acl_eval ls_in_acl_action 8
> > -acl_test from-lport "--apply-after-lb" pg ls_in_acl_after_lb_eval 
> > ls_in_acl_after_lb_action 18
> > +acl_test from-lport "--apply-after-lb" pg ls_in_acl_after_lb_eval 
> > ls_in_acl_after_lb_action 19
> >   acl_test to-lport "" pg ls_out_acl_eval ls_out_acl_action 4
> >   AT_CLEANUP
> > diff --git a/tests/ovn.at b/tests/ovn.at
> > index 28c6b6c34..9b158e79c 100644
> > --- a/tests/ovn.at
> > +++ b/tests/ovn.at
> > @@ -1025,10 +1025,10 @@ next(pipeline=ingress, table=11);
> >   next(pipeline=egress);
> >       formats as next(pipeline=egress, table=11);
> > -    encodes as resubmit(,53)
> > +    encodes as resubmit(,58)
> >   next(pipeline=egress, table=5);
> > -    encodes as resubmit(,47)
> > +    encodes as resubmit(,52)
> >   next(table=10);
> >       formats as next(10);
> > @@ -9719,18 +9719,18 @@ as hv1
> >   AT_CHECK([ovs-vsctl add-port br-int localvif1 -- set Interface localvif1 
> > external_ids:iface-id=localvif1])
> >   # On hv1, check that there are no flows outputting bcast to tunnel
> > -OVS_WAIT_UNTIL([test `ovs-ofctl dump-flows br-int table=37 | ofctl_strip | 
> > grep output | wc -l` -eq 0])
> > +OVS_WAIT_UNTIL([test `ovs-ofctl dump-flows br-int table=42 | ofctl_strip | 
> > grep output | wc -l` -eq 0])
> >   # On hv2, check that no flow outputs bcast to tunnel to hv1.
> >   as hv2
> > -OVS_WAIT_UNTIL([test `ovs-ofctl dump-flows br-int table=37 | ofctl_strip | 
> > grep output | wc -l` -eq 0])
> > +OVS_WAIT_UNTIL([test `ovs-ofctl dump-flows br-int table=42 | ofctl_strip | 
> > grep output | wc -l` -eq 0])
> >   # Now bind vif2 on hv2.
> >   AT_CHECK([ovs-vsctl add-port br-int localvif2 -- set Interface localvif2 
> > external_ids:iface-id=localvif2])
> >   # At this point, the broadcast flow on vif2 should be deleted.
> > -# because, there is now a localnet vif bound (table=37 programming logic)
> > -OVS_WAIT_UNTIL([test `ovs-ofctl dump-flows br-int table=37 | ofctl_strip | 
> > grep output | wc -l` -eq 0])
> > +# because, there is now a localnet vif bound (table=42 programming logic)
> > +OVS_WAIT_UNTIL([test `ovs-ofctl dump-flows br-int table=42 | ofctl_strip | 
> > grep output | wc -l` -eq 0])
> >   # Verify that the local net patch port exists on hv2.
> >   OVS_WAIT_UNTIL([test `ovs-vsctl show | grep "Port 
> > patch-br-int-to-ln_port" | wc -l` -eq 1])
> > @@ -11544,7 +11544,7 @@ hv1_gw1_ofport=$(as hv1 ovs-vsctl --bare --columns 
> > ofport find Interface name=ov
> >   hv1_gw2_ofport=$(as hv1 ovs-vsctl --bare --columns ofport find Interface 
> > name=ovn-gw2-0)
> >   OVS_WAIT_UNTIL([
> > -    test 1 = $(as hv1 ovs-ofctl dump-flows br-int table=39 | grep -c 
> > "active_backup,ofport,members:$hv1_gw1_ofport,$hv1_gw2_ofport")
> > +    test 1 = $(as hv1 ovs-ofctl dump-flows br-int table=44 | grep -c 
> > "active_backup,ofport,members:$hv1_gw1_ofport,$hv1_gw2_ofport")
> >   ])
> >   test_ip_packet()
> > @@ -11631,7 +11631,7 @@ AT_CHECK(
> >   ])
> >   OVS_WAIT_UNTIL([
> > -    test 1 = $(as hv1 ovs-ofctl dump-flows br-int table=39 | grep -c 
> > "active_backup,ofport,members:$hv1_gw2_ofport,$hv1_gw1_ofport")
> > +    test 1 = $(as hv1 ovs-ofctl dump-flows br-int table=44 | grep -c 
> > "active_backup,ofport,members:$hv1_gw2_ofport,$hv1_gw1_ofport")
> >   ])
> >   test_ip_packet gw2 gw1 0
> > @@ -11810,7 +11810,7 @@ hv1_gw1_ofport=$(as hv1 ovs-vsctl --bare --columns 
> > ofport find Interface name=ov
> >   hv1_gw2_ofport=$(as hv1 ovs-vsctl --bare --columns ofport find Interface 
> > name=ovn-gw2-0)
> >   OVS_WAIT_UNTIL([
> > -    test 1 = $(as hv1 ovs-ofctl dump-flows br-int table=39 | grep -c 
> > "active_backup,ofport,members:$hv1_gw1_ofport,$hv1_gw2_ofport")
> > +    test 1 = $(as hv1 ovs-ofctl dump-flows br-int table=44 | grep -c 
> > "active_backup,ofport,members:$hv1_gw1_ofport,$hv1_gw2_ofport")
> >   ])
> >   test_ip_packet()
> > @@ -11890,7 +11890,7 @@ AT_CHECK([ovn-nbctl --wait=hv \
> >   ])
> >   OVS_WAIT_UNTIL([
> > -    test 1 = $(as hv1 ovs-ofctl dump-flows br-int table=39 | grep -c 
> > "active_backup,ofport,members:$hv1_gw2_ofport,$hv1_gw1_ofport")
> > +    test 1 = $(as hv1 ovs-ofctl dump-flows br-int table=44 | grep -c 
> > "active_backup,ofport,members:$hv1_gw2_ofport,$hv1_gw1_ofport")
> >   ])
> >   test_ip_packet gw2 gw1
> > @@ -12056,12 +12056,12 @@ AT_CAPTURE_FILE([hv2flows])
> >   AT_CHECK(
> >     [# Check that redirect mapping is programmed only on hv2
> > -   grep table=40 hv1flows | grep =0x3,metadata=0x1 | wc -l
> > -   grep table=40 hv2flows | grep =0x3,metadata=0x1 | grep load:0x2- | wc -l
> > +   grep table=45 hv1flows | grep =0x3,metadata=0x1 | wc -l
> > +   grep table=45 hv2flows | grep =0x3,metadata=0x1 | grep load:0x2- | wc -l
> >      # Check that hv1 sends chassisredirect port traffic to hv2
> > -   grep table=39 hv1flows | grep =0x3,metadata=0x1 | grep output | wc -l
> > -   grep table=39 hv2flows | grep =0x3,metadata=0x1 | wc -l
> > +   grep table=44 hv1flows | grep =0x3,metadata=0x1 | grep output | wc -l
> > +   grep table=44 hv2flows | grep =0x3,metadata=0x1 | wc -l
> >      # Check that arp reply on distributed gateway port is only programmed 
> > on hv2
> >      grep arp hv1flows | grep load:0x2- | grep =0x2,metadata=0x1 | wc -l
> > @@ -12578,7 +12578,7 @@ as hv1 ovs-appctl ofproto/trace br-int 
> > in_port=hv1-vif1 $packet
> >   sleep 2
> >   AS_BOX([On hv1, table 40 check that no packet goes via the tunnel port])
> > -OVS_WAIT_FOR_OUTPUT([as hv1 ovs-ofctl dump-flows br-int table=39 \
> > +OVS_WAIT_FOR_OUTPUT([as hv1 ovs-ofctl dump-flows br-int table=44 \
> >   | grep "NXM_NX_TUN_ID" | grep -v n_packets=0 | wc -l], [0], [[0
> >   ]])
> > @@ -13542,20 +13542,20 @@ echo $hv2_gw1_ofport
> >   echo $hv2_gw2_ofport
> >   echo "--- hv1 ---"
> > -as hv1 ovs-ofctl dump-flows br-int table=39
> > +as hv1 ovs-ofctl dump-flows br-int table=44
> >   echo "--- hv2 ---"
> > -as hv2 ovs-ofctl dump-flows br-int table=39
> > +as hv2 ovs-ofctl dump-flows br-int table=44
> >   gw1_chassis=$(fetch_column Chassis _uuid name=gw1)
> >   gw2_chassis=$(fetch_column Chassis _uuid name=gw2)
> > -OVS_WAIT_FOR_OUTPUT([as hv1 ovs-ofctl dump-flows br-int table=39 | \
> > +OVS_WAIT_FOR_OUTPUT([as hv1 ovs-ofctl dump-flows br-int table=44 | \
> >   grep active_backup | grep members:$hv1_gw1_ofport,$hv1_gw2_ofport \
> >   | wc -l], [0], [1
> >   ])
> > -OVS_WAIT_FOR_OUTPUT([as hv2 ovs-ofctl dump-flows br-int table=39 | \
> > +OVS_WAIT_FOR_OUTPUT([as hv2 ovs-ofctl dump-flows br-int table=44 | \
> >   grep active_backup | grep members:$hv2_gw1_ofport,$hv2_gw2_ofport \
> >   | wc -l], [0], [1
> >   ])
> > @@ -13566,15 +13566,15 @@ sleep 10
> >   as gw1 ovs-ofctl dump-flows br-int
> > -OVS_WAIT_FOR_OUTPUT([as gw1 ovs-ofctl dump-flows br-int table=35 | \
> > +OVS_WAIT_FOR_OUTPUT([as gw1 ovs-ofctl dump-flows br-int table=36 | \
> >   grep "dl_dst=00:00:02:01:02:04" | wc -l], [0], [[1
> >   ]])
> > -OVS_WAIT_FOR_OUTPUT([as gw2 ovs-ofctl dump-flows br-int table=35 | \
> > +OVS_WAIT_FOR_OUTPUT([as gw2 ovs-ofctl dump-flows br-int table=36 | \
> >   grep "dl_dst=00:00:02:01:02:04" | wc -l], [0], [[0
> >   ]])
> >   # make sure ARP responder flows for outside router port reside on gw1 too 
> > through ls_in_arp_rsp table
> > -OVS_WAIT_UNTIL([test `as gw1 ovs-ofctl dump-flows br-int table=29 | \
> > +OVS_WAIT_UNTIL([test `as gw1 ovs-ofctl dump-flows br-int table=30 | \
> >   grep arp_tpa=192.168.0.101 | wc -l` -ge 1])
> >   # check that the chassis redirect port has been claimed by the gw1 chassis
> > @@ -13598,12 +13598,12 @@ wait_for_ports_up
> >   check ovn-nbctl --wait=hv sync
> >   # we make sure that the hypervisors noticed, and inverted the slave ports
> > -OVS_WAIT_FOR_OUTPUT([as hv1 ovs-ofctl dump-flows br-int table=39 | \
> > +OVS_WAIT_FOR_OUTPUT([as hv1 ovs-ofctl dump-flows br-int table=44 | \
> >   grep active_backup | grep members:$hv1_gw2_ofport,$hv1_gw1_ofport \
> >   | wc -l], [0], [1
> >   ])
> > -OVS_WAIT_FOR_OUTPUT([as hv2 ovs-ofctl dump-flows br-int table=39 | \
> > +OVS_WAIT_FOR_OUTPUT([as hv2 ovs-ofctl dump-flows br-int table=44 | \
> >   grep active_backup | grep members:$hv2_gw2_ofport,$hv2_gw1_ofport \
> >   | wc -l], [0], [1
> >   ])
> > @@ -13656,10 +13656,10 @@ AT_CHECK([ovs-vsctl --bare --columns bfd find 
> > Interface name=ovn-hv1-0],[0],
> >   ]])
> >   # make sure that flows for handling the outside router port reside on gw2 
> > now
> > -OVS_WAIT_FOR_OUTPUT([as gw2 ovs-ofctl dump-flows br-int table=35 | \
> > +OVS_WAIT_FOR_OUTPUT([as gw2 ovs-ofctl dump-flows br-int table=36 | \
> >   grep "dl_dst=00:00:02:01:02:04" | wc -l], [0], [[1
> >   ]])
> > -OVS_WAIT_FOR_OUTPUT([as gw1 ovs-ofctl dump-flows br-int table=35 | \
> > +OVS_WAIT_FOR_OUTPUT([as gw1 ovs-ofctl dump-flows br-int table=36 | \
> >   grep "dl_dst=00:00:02:01:02:04" | wc -l], [0], [[0
> >   ]])
> > @@ -13671,10 +13671,10 @@ as main ovs-vsctl del-port n1 $port
> >   bfd_dump
> >   # make sure that flows for handling the outside router port reside on gw1 
> > now
> > -OVS_WAIT_FOR_OUTPUT([as gw1 ovs-ofctl dump-flows br-int table=35 | \
> > +OVS_WAIT_FOR_OUTPUT([as gw1 ovs-ofctl dump-flows br-int table=36 | \
> >   grep "dl_dst=00:00:02:01:02:04" | wc -l], [0], [[1
> >   ]])
> > -OVS_WAIT_FOR_OUTPUT([as gw2 ovs-ofctl dump-flows br-int table=35 | \
> > +OVS_WAIT_FOR_OUTPUT([as gw2 ovs-ofctl dump-flows br-int table=36 | \
> >   grep "dl_dst=00:00:02:01:02:04" | wc -l], [0], [[0
> >   ]])
> > @@ -13754,12 +13754,12 @@ ovn-nbctl set Logical_Router_Port outside 
> > ha_chassis_group=$hagrp1_uuid
> >   wait_row_count HA_Chassis_Group 1
> >   wait_row_count HA_Chassis 2
> > -OVS_WAIT_FOR_OUTPUT([as hv1 ovs-ofctl dump-flows br-int table=39 | \
> > +OVS_WAIT_FOR_OUTPUT([as hv1 ovs-ofctl dump-flows br-int table=44 | \
> >   grep active_backup | grep members:$hv1_gw1_ofport,$hv1_gw2_ofport \
> >   | wc -l], [0], [0
> >   ])
> > -OVS_WAIT_FOR_OUTPUT([as hv2 ovs-ofctl dump-flows br-int table=39 | \
> > +OVS_WAIT_FOR_OUTPUT([as hv2 ovs-ofctl dump-flows br-int table=44 | \
> >   grep active_backup | grep members:$hv2_gw1_ofport,$hv2_gw2_ofport \
> >   | wc -l], [0], [0
> >   ])
> > @@ -13777,26 +13777,26 @@ done
> >   # Re-add gw2
> >   as gw2 ovn_attach n1 br-phys 192.168.0.1
> > -OVS_WAIT_FOR_OUTPUT([as hv1 ovs-ofctl dump-flows br-int table=39 | \
> > +OVS_WAIT_FOR_OUTPUT([as hv1 ovs-ofctl dump-flows br-int table=44 | \
> >   grep active_backup | grep members:$hv1_gw1_ofport,$hv1_gw2_ofport \
> >   | wc -l], [0], [1
> >   ])
> > -OVS_WAIT_FOR_OUTPUT([as hv2 ovs-ofctl dump-flows br-int table=39 | \
> > +OVS_WAIT_FOR_OUTPUT([as hv2 ovs-ofctl dump-flows br-int table=44 | \
> >   grep active_backup | grep members:$hv2_gw1_ofport,$hv2_gw2_ofport \
> >   | wc -l], [0], [1
> >   ])
> >   # make sure that flows for handling the outside router port reside on gw1
> > -OVS_WAIT_FOR_OUTPUT([as gw1 ovs-ofctl dump-flows br-int table=35 | \
> > +OVS_WAIT_FOR_OUTPUT([as gw1 ovs-ofctl dump-flows br-int table=36 | \
> >   grep "dl_dst=00:00:02:01:02:04" | wc -l], [0], [[1
> >   ]])
> > -OVS_WAIT_FOR_OUTPUT([as gw2 ovs-ofctl dump-flows br-int table=35 | \
> > +OVS_WAIT_FOR_OUTPUT([as gw2 ovs-ofctl dump-flows br-int table=36 | \
> >   grep "dl_dst:00:00:02:01:02:04" | wc -l], [0], [[0
> >   ]])
> >   # make sure ARP responder flows for outside router port reside on gw1 too
> > -OVS_WAIT_UNTIL([test `as gw1 ovs-ofctl dump-flows br-int table=29 | \
> > +OVS_WAIT_UNTIL([test `as gw1 ovs-ofctl dump-flows br-int table=30 | \
> >   grep arp_tpa=192.168.0.101 | wc -l` -ge 1 ])
> >   # check that the chassis redirect port has been claimed by the gw1 chassis
> > @@ -13810,12 +13810,12 @@ wait_column "$exp_ref_ch_list" HA_Chassis_Group 
> > ref_chassis
> >   # Increase the priority of gw2
> >   ovn-nbctl --wait=sb ha-chassis-group-add-chassis hagrp1 gw2 40
> > -OVS_WAIT_FOR_OUTPUT([as hv1 ovs-ofctl dump-flows br-int table=39 | \
> > +OVS_WAIT_FOR_OUTPUT([as hv1 ovs-ofctl dump-flows br-int table=44 | \
> >   grep active_backup | grep members:$hv1_gw2_ofport,$hv1_gw1_ofport \
> >   | wc -l], [0], [1
> >   ])
> > -OVS_WAIT_FOR_OUTPUT([as hv2 ovs-ofctl dump-flows br-int table=39 | \
> > +OVS_WAIT_FOR_OUTPUT([as hv2 ovs-ofctl dump-flows br-int table=44 | \
> >   grep active_backup | grep members:$hv2_gw2_ofport,$hv2_gw1_ofport \
> >   | wc -l], [0], [1
> >   ])
> > @@ -13860,10 +13860,10 @@ AT_CHECK([ovs-vsctl --bare --columns bfd find 
> > Interface name=ovn-hv1-0],[0],
> >   ]])
> >   # make sure that flows for handling the outside router port reside on gw2 
> > now
> > -OVS_WAIT_FOR_OUTPUT([as gw2 ovs-ofctl dump-flows br-int table=35 | \
> > +OVS_WAIT_FOR_OUTPUT([as gw2 ovs-ofctl dump-flows br-int table=36 | \
> >   grep "dl_dst=00:00:02:01:02:04" | wc -l], [0], [[1
> >   ]])
> > -OVS_WAIT_FOR_OUTPUT([as gw1 ovs-ofctl dump-flows br-int table=35 | \
> > +OVS_WAIT_FOR_OUTPUT([as gw1 ovs-ofctl dump-flows br-int table=36 | \
> >   grep "dl_dst=00:00:02:01:02:04" | wc -l], [0], [[0
> >   ]])
> > @@ -13875,10 +13875,10 @@ as main ovs-vsctl del-port n1 $port
> >   bfd_dump
> >   # make sure that flows for handling the outside router port reside on gw2 
> > now
> > -OVS_WAIT_FOR_OUTPUT([as gw1 ovs-ofctl dump-flows br-int table=35 | \
> > +OVS_WAIT_FOR_OUTPUT([as gw1 ovs-ofctl dump-flows br-int table=36 | \
> >   grep "dl_dst=00:00:02:01:02:04" | wc -l], [0], [[1
> >   ]])
> > -OVS_WAIT_FOR_OUTPUT([as gw2 ovs-ofctl dump-flows br-int table=35 | \
> > +OVS_WAIT_FOR_OUTPUT([as gw2 ovs-ofctl dump-flows br-int table=36 | \
> >   grep "dl_dst=00:00:02:01:02:04" | wc -l], [0], [[0
> >   ]])
> > @@ -16990,7 +16990,7 @@ ovn-sbctl dump-flows sw0 > sw0-flows
> >   AT_CAPTURE_FILE([sw0-flows])
> >   AT_CHECK([grep -E 'ls_out_acl' sw0-flows | grep reject | sed 
> > 's/table=../table=??/' | sort], [0], [dnl
> > -  table=??(ls_out_acl_action  ), priority=1000 , match=(reg8[[18]] == 1), 
> > action=(reg8[[16]] = 0; reg8[[17]] = 0; reg8[[18]] = 0; reg0 = 0; reject { 
> > /* eth.dst <-> eth.src; ip.dst <-> ip.src; is implicit. */ outport <-> 
> > inport; next(pipeline=ingress,table=27); };)
> > +  table=??(ls_out_acl_action  ), priority=1000 , match=(reg8[[18]] == 1), 
> > action=(reg8[[16]] = 0; reg8[[17]] = 0; reg8[[18]] = 0; reg0 = 0; reject { 
> > /* eth.dst <-> eth.src; ip.dst <-> ip.src; is implicit. */ outport <-> 
> > inport; next(pipeline=ingress,table=28); };)
> >   ])
> > @@ -17007,18 +17007,18 @@ send_icmp6_packet 1 1 $eth_src $eth_dst $ipv6_src 
> > $ipv6_dst
> >   # Get total number of ipv4 packets that received on ovs
> >   # sender side
> > -OVS_WAIT_UNTIL([test 1 = `as hv1 ovs-ofctl dump-flows br-int table=46 | 
> > grep priority=2002 | grep ip,metadata=0x1 | grep -c n_packets=1`])
> > +OVS_WAIT_UNTIL([test 1 = `as hv1 ovs-ofctl dump-flows br-int table=51 | 
> > grep priority=2002 | grep ip,metadata=0x1 | grep -c n_packets=1`])
> >   # receiver side
> > -OVS_WAIT_UNTIL([test 1 = `as hv2 ovs-ofctl dump-flows br-int table=46 | 
> > grep priority=2002 | grep ip,metadata=0x1 | grep -c n_packets=1`])
> > +OVS_WAIT_UNTIL([test 1 = `as hv2 ovs-ofctl dump-flows br-int table=51 | 
> > grep priority=2002 | grep ip,metadata=0x1 | grep -c n_packets=1`])
> >   # Get total number of ipv6 packets that received on ovs
> >   # sender side
> > -OVS_WAIT_UNTIL([test 1 = `as hv1 ovs-ofctl dump-flows br-int table=46 | 
> > grep priority=2002 | grep ipv6,metadata=0x1 | grep -c n_packets=1`])
> > +OVS_WAIT_UNTIL([test 1 = `as hv1 ovs-ofctl dump-flows br-int table=51 | 
> > grep priority=2002 | grep ipv6,metadata=0x1 | grep -c n_packets=1`])
> >   # receiver side
> > -OVS_WAIT_UNTIL([test 1 = `as hv2 ovs-ofctl dump-flows br-int table=46 | 
> > grep priority=2002 | grep ipv6,metadata=0x1 | grep -c n_packets=1`])
> > +OVS_WAIT_UNTIL([test 1 = `as hv2 ovs-ofctl dump-flows br-int table=51 | 
> > grep priority=2002 | grep ipv6,metadata=0x1 | grep -c n_packets=1`])
> >   OVN_CLEANUP([hv1], [hv2])
> >   AT_CLEANUP
> > @@ -18702,17 +18702,17 @@ check ovn-nbctl acl-add ls1 to-lport 3 
> > 'ip4.src==10.0.0.1' allow
> >   check ovn-nbctl --wait=hv sync
> >   # Check OVS flows, the less restrictive flows should have been installed.
> > -AT_CHECK([as hv1 ovs-ofctl dump-flows br-int table=46 | ofctl_strip_all |
> > +AT_CHECK([as hv1 ovs-ofctl dump-flows br-int table=51 | ofctl_strip_all |
> >       grep "priority=1003" | \
> >       sed 's/conjunction([[^)]]*)/conjunction()/g' | \
> >       sed 's/conj_id=[[0-9]]*,/conj_id=xxx,/g' | sort], [0], [dnl
> > - table=46, priority=1003,conj_id=xxx,ip,metadata=0x1 
> > actions=load:0x1->OXM_OF_PKT_REG4[[48]],resubmit(,47)
> > - table=46, priority=1003,conj_id=xxx,ip,metadata=0x1 
> > actions=load:0x1->OXM_OF_PKT_REG4[[48]],resubmit(,47)
> > - table=46, priority=1003,ip,metadata=0x1,nw_dst=10.0.0.3 
> > actions=conjunction(),conjunction()
> > - table=46, priority=1003,ip,metadata=0x1,nw_dst=10.0.0.4 
> > actions=conjunction(),conjunction()
> > - table=46, priority=1003,ip,metadata=0x1,nw_src=10.0.0.1 
> > actions=load:0x1->OXM_OF_PKT_REG4[[48]],resubmit(,47)
> > - table=46, priority=1003,ip,metadata=0x1,nw_src=10.0.0.2 
> > actions=conjunction()
> > - table=46, priority=1003,ip,metadata=0x1,nw_src=10.0.0.42 
> > actions=conjunction()
> > + table=51, priority=1003,conj_id=xxx,ip,metadata=0x1 
> > actions=load:0x1->OXM_OF_PKT_REG4[[48]],resubmit(,52)
> > + table=51, priority=1003,conj_id=xxx,ip,metadata=0x1 
> > actions=load:0x1->OXM_OF_PKT_REG4[[48]],resubmit(,52)
> > + table=51, priority=1003,ip,metadata=0x1,nw_dst=10.0.0.3 
> > actions=conjunction(),conjunction()
> > + table=51, priority=1003,ip,metadata=0x1,nw_dst=10.0.0.4 
> > actions=conjunction(),conjunction()
> > + table=51, priority=1003,ip,metadata=0x1,nw_src=10.0.0.1 
> > actions=load:0x1->OXM_OF_PKT_REG4[[48]],resubmit(,52)
> > + table=51, priority=1003,ip,metadata=0x1,nw_src=10.0.0.2 
> > actions=conjunction()
> > + table=51, priority=1003,ip,metadata=0x1,nw_src=10.0.0.42 
> > actions=conjunction()
> >   ])
> >   # Traffic 10.0.0.1, 10.0.0.2 -> 10.0.0.3, 10.0.0.4 should be allowed.
> > @@ -18747,17 +18747,17 @@ check ovn-nbctl acl-del ls1 to-lport 3 
> > 'ip4.src==10.0.0.1 || ip4.src==10.0.0.1'
> >   check ovn-nbctl --wait=hv sync
> >   # Check OVS flows, the second less restrictive allow ACL should have been 
> > installed.
> > -AT_CHECK([as hv1 ovs-ofctl dump-flows br-int table=46 | ofctl_strip_all | \
> > +AT_CHECK([as hv1 ovs-ofctl dump-flows br-int table=51 | ofctl_strip_all | \
> >       grep "priority=1003" | \
> >       sed 's/conjunction([[^)]]*)/conjunction()/g' | \
> >       sed 's/conj_id=[[0-9]]*,/conj_id=xxx,/g' | sort], [0], [dnl
> > - table=46, priority=1003,conj_id=xxx,ip,metadata=0x1 
> > actions=load:0x1->OXM_OF_PKT_REG4[[48]],resubmit(,47)
> > - table=46, priority=1003,conj_id=xxx,ip,metadata=0x1 
> > actions=load:0x1->OXM_OF_PKT_REG4[[48]],resubmit(,47)
> > - table=46, priority=1003,ip,metadata=0x1,nw_dst=10.0.0.3 
> > actions=conjunction(),conjunction()
> > - table=46, priority=1003,ip,metadata=0x1,nw_dst=10.0.0.4 
> > actions=conjunction(),conjunction()
> > - table=46, priority=1003,ip,metadata=0x1,nw_src=10.0.0.1 
> > actions=load:0x1->OXM_OF_PKT_REG4[[48]],resubmit(,47)
> > - table=46, priority=1003,ip,metadata=0x1,nw_src=10.0.0.2 
> > actions=conjunction()
> > - table=46, priority=1003,ip,metadata=0x1,nw_src=10.0.0.42 
> > actions=conjunction()
> > + table=51, priority=1003,conj_id=xxx,ip,metadata=0x1 
> > actions=load:0x1->OXM_OF_PKT_REG4[[48]],resubmit(,52)
> > + table=51, priority=1003,conj_id=xxx,ip,metadata=0x1 
> > actions=load:0x1->OXM_OF_PKT_REG4[[48]],resubmit(,52)
> > + table=51, priority=1003,ip,metadata=0x1,nw_dst=10.0.0.3 
> > actions=conjunction(),conjunction()
> > + table=51, priority=1003,ip,metadata=0x1,nw_dst=10.0.0.4 
> > actions=conjunction(),conjunction()
> > + table=51, priority=1003,ip,metadata=0x1,nw_src=10.0.0.1 
> > actions=load:0x1->OXM_OF_PKT_REG4[[48]],resubmit(,52)
> > + table=51, priority=1003,ip,metadata=0x1,nw_src=10.0.0.2 
> > actions=conjunction()
> > + table=51, priority=1003,ip,metadata=0x1,nw_src=10.0.0.42 
> > actions=conjunction()
> >   ])
> >   # Remove the less restrictive allow ACL.
> > @@ -18765,17 +18765,17 @@ check ovn-nbctl acl-del ls1 to-lport 3 
> > 'ip4.src==10.0.0.1'
> >   check ovn-nbctl --wait=hv sync
> >   # Check OVS flows, the 10.0.0.1 conjunction should have been reinstalled.
> > -AT_CHECK([as hv1 ovs-ofctl dump-flows br-int table=46 | ofctl_strip_all | \
> > +AT_CHECK([as hv1 ovs-ofctl dump-flows br-int table=51 | ofctl_strip_all | \
> >       grep "priority=1003" | \
> >       sed 's/conjunction([[^)]]*)/conjunction()/g' | \
> >       sed 's/conj_id=[[0-9]]*,/conj_id=xxx,/g' | sort], [0], [dnl
> > - table=46, priority=1003,conj_id=xxx,ip,metadata=0x1 
> > actions=load:0x1->OXM_OF_PKT_REG4[[48]],resubmit(,47)
> > - table=46, priority=1003,conj_id=xxx,ip,metadata=0x1 
> > actions=load:0x1->OXM_OF_PKT_REG4[[48]],resubmit(,47)
> > - table=46, priority=1003,ip,metadata=0x1,nw_dst=10.0.0.3 
> > actions=conjunction(),conjunction()
> > - table=46, priority=1003,ip,metadata=0x1,nw_dst=10.0.0.4 
> > actions=conjunction(),conjunction()
> > - table=46, priority=1003,ip,metadata=0x1,nw_src=10.0.0.1 
> > actions=conjunction(),conjunction()
> > - table=46, priority=1003,ip,metadata=0x1,nw_src=10.0.0.2 
> > actions=conjunction()
> > - table=46, priority=1003,ip,metadata=0x1,nw_src=10.0.0.42 
> > actions=conjunction()
> > + table=51, priority=1003,conj_id=xxx,ip,metadata=0x1 
> > actions=load:0x1->OXM_OF_PKT_REG4[[48]],resubmit(,52)
> > + table=51, priority=1003,conj_id=xxx,ip,metadata=0x1 
> > actions=load:0x1->OXM_OF_PKT_REG4[[48]],resubmit(,52)
> > + table=51, priority=1003,ip,metadata=0x1,nw_dst=10.0.0.3 
> > actions=conjunction(),conjunction()
> > + table=51, priority=1003,ip,metadata=0x1,nw_dst=10.0.0.4 
> > actions=conjunction(),conjunction()
> > + table=51, priority=1003,ip,metadata=0x1,nw_src=10.0.0.1 
> > actions=conjunction(),conjunction()
> > + table=51, priority=1003,ip,metadata=0x1,nw_src=10.0.0.2 
> > actions=conjunction()
> > + table=51, priority=1003,ip,metadata=0x1,nw_src=10.0.0.42 
> > actions=conjunction()
> >   ])
> >   # Traffic 10.0.0.1, 10.0.0.2 -> 10.0.0.3, 10.0.0.4 should be allowed.
> > @@ -18805,17 +18805,17 @@ check ovn-nbctl acl-add ls1 to-lport 3 
> > 'ip4.src==10.0.0.1' allow
> >   check ovn-nbctl --wait=hv sync
> >   # Check OVS flows, the less restrictive flows should have been installed.
> > -AT_CHECK([as hv1 ovs-ofctl dump-flows br-int table=46 | ofctl_strip_all | \
> > +AT_CHECK([as hv1 ovs-ofctl dump-flows br-int table=51 | ofctl_strip_all | \
> >      grep "priority=1003" | \
> >      sed 's/conjunction([[^)]]*)/conjunction()/g' | \
> >      sed 's/conj_id=[[0-9]]*,/conj_id=xxx,/g' | sort], [0], [dnl
> > - table=46, priority=1003,conj_id=xxx,ip,metadata=0x1 
> > actions=load:0x1->OXM_OF_PKT_REG4[[48]],resubmit(,47)
> > - table=46, priority=1003,conj_id=xxx,ip,metadata=0x1 
> > actions=load:0x1->OXM_OF_PKT_REG4[[48]],resubmit(,47)
> > - table=46, priority=1003,ip,metadata=0x1,nw_dst=10.0.0.3 
> > actions=conjunction(),conjunction()
> > - table=46, priority=1003,ip,metadata=0x1,nw_dst=10.0.0.4 
> > actions=conjunction(),conjunction()
> > - table=46, priority=1003,ip,metadata=0x1,nw_src=10.0.0.1 
> > actions=load:0x1->OXM_OF_PKT_REG4[[48]],resubmit(,47)
> > - table=46, priority=1003,ip,metadata=0x1,nw_src=10.0.0.2 
> > actions=conjunction()
> > - table=46, priority=1003,ip,metadata=0x1,nw_src=10.0.0.42 
> > actions=conjunction()
> > + table=51, priority=1003,conj_id=xxx,ip,metadata=0x1 
> > actions=load:0x1->OXM_OF_PKT_REG4[[48]],resubmit(,52)
> > + table=51, priority=1003,conj_id=xxx,ip,metadata=0x1 
> > actions=load:0x1->OXM_OF_PKT_REG4[[48]],resubmit(,52)
> > + table=51, priority=1003,ip,metadata=0x1,nw_dst=10.0.0.3 
> > actions=conjunction(),conjunction()
> > + table=51, priority=1003,ip,metadata=0x1,nw_dst=10.0.0.4 
> > actions=conjunction(),conjunction()
> > + table=51, priority=1003,ip,metadata=0x1,nw_src=10.0.0.1 
> > actions=load:0x1->OXM_OF_PKT_REG4[[48]],resubmit(,52)
> > + table=51, priority=1003,ip,metadata=0x1,nw_src=10.0.0.2 
> > actions=conjunction()
> > + table=51, priority=1003,ip,metadata=0x1,nw_src=10.0.0.42 
> > actions=conjunction()
> >   ])
> >   # Add another ACL that overlaps with the existing less restrictive ones.
> > @@ -18826,20 +18826,20 @@ check ovn-nbctl --wait=hv sync
> >   # with an additional conjunction action.
> >   #
> >   # New non-conjunctive flows should be added to match on 'udp'.
> > -AT_CHECK([as hv1 ovs-ofctl dump-flows br-int table=46 | ofctl_strip_all | \
> > +AT_CHECK([as hv1 ovs-ofctl dump-flows br-int table=51 | ofctl_strip_all | \
> >      grep "priority=1003" | \
> >      sed 's/conjunction([[^)]]*)/conjunction()/g' | \
> >      sed 's/conj_id=[[0-9]]*,/conj_id=xxx,/g' | sort], [0], [dnl
> > - table=46, priority=1003,conj_id=xxx,ip,metadata=0x1 
> > actions=load:0x1->OXM_OF_PKT_REG4[[48]],resubmit(,47)
> > - table=46, priority=1003,conj_id=xxx,ip,metadata=0x1 
> > actions=load:0x1->OXM_OF_PKT_REG4[[48]],resubmit(,47)
> > - table=46, priority=1003,conj_id=xxx,ip,metadata=0x1 
> > actions=load:0x1->OXM_OF_PKT_REG4[[48]],resubmit(,47)
> > - table=46, priority=1003,ip,metadata=0x1,nw_dst=10.0.0.3 
> > actions=conjunction(),conjunction(),conjunction()
> > - table=46, priority=1003,ip,metadata=0x1,nw_dst=10.0.0.4 
> > actions=conjunction(),conjunction(),conjunction()
> > - table=46, priority=1003,ip,metadata=0x1,nw_src=10.0.0.1 
> > actions=load:0x1->OXM_OF_PKT_REG4[[48]],resubmit(,47)
> > - table=46, priority=1003,ip,metadata=0x1,nw_src=10.0.0.2 
> > actions=conjunction(),conjunction()
> > - table=46, priority=1003,ip,metadata=0x1,nw_src=10.0.0.42 
> > actions=conjunction()
> > - table=46, priority=1003,udp,metadata=0x1 
> > actions=load:0x1->OXM_OF_PKT_REG4[[48]],resubmit(,47)
> > - table=46, priority=1003,udp6,metadata=0x1 
> > actions=load:0x1->OXM_OF_PKT_REG4[[48]],resubmit(,47)
> > + table=51, priority=1003,conj_id=xxx,ip,metadata=0x1 
> > actions=load:0x1->OXM_OF_PKT_REG4[[48]],resubmit(,52)
> > + table=51, priority=1003,conj_id=xxx,ip,metadata=0x1 
> > actions=load:0x1->OXM_OF_PKT_REG4[[48]],resubmit(,52)
> > + table=51, priority=1003,conj_id=xxx,ip,metadata=0x1 
> > actions=load:0x1->OXM_OF_PKT_REG4[[48]],resubmit(,52)
> > + table=51, priority=1003,ip,metadata=0x1,nw_dst=10.0.0.3 
> > actions=conjunction(),conjunction(),conjunction()
> > + table=51, priority=1003,ip,metadata=0x1,nw_dst=10.0.0.4 
> > actions=conjunction(),conjunction(),conjunction()
> > + table=51, priority=1003,ip,metadata=0x1,nw_src=10.0.0.1 
> > actions=load:0x1->OXM_OF_PKT_REG4[[48]],resubmit(,52)
> > + table=51, priority=1003,ip,metadata=0x1,nw_src=10.0.0.2 
> > actions=conjunction(),conjunction()
> > + table=51, priority=1003,ip,metadata=0x1,nw_src=10.0.0.42 
> > actions=conjunction()
> > + table=51, priority=1003,udp,metadata=0x1 
> > actions=load:0x1->OXM_OF_PKT_REG4[[48]],resubmit(,52)
> > + table=51, priority=1003,udp6,metadata=0x1 
> > actions=load:0x1->OXM_OF_PKT_REG4[[48]],resubmit(,52)
> >   ])
> >   OVN_CLEANUP([hv1])
> > @@ -18894,17 +18894,17 @@ check ovn-nbctl acl-add pg1 to-lport 100 'outport 
> > == @pg1 && ip4.src == $as2' al
> >   wait_for_ports_up
> >   check ovn-nbctl --wait=hv sync
> > -ovs-ofctl dump-flows br-int table=46
> > -AT_CHECK([test `ovs-ofctl dump-flows br-int table=46 | grep -c conj_id` = 
> > 2])
> > +ovs-ofctl dump-flows br-int table=51
> > +AT_CHECK([test `ovs-ofctl dump-flows br-int table=51 | grep -c conj_id` = 
> > 2])
> >   echo -------
> >   # Add another address in as1, so that the 1st ACL will now generate 2 
> > conjunctions.
> >   ovn-nbctl set address_set as1 addresses="10.0.0.1,10.0.0.2"
> >   check ovn-nbctl --wait=hv sync
> > -ovs-ofctl dump-flows br-int table=46
> > +ovs-ofctl dump-flows br-int table=51
> >   # There should be 3 conjunctions in total (2 from 1st ACL + 1 from 2nd 
> > ACL)
> > -AT_CHECK([test `ovs-ofctl dump-flows br-int table=46 | grep -c conj_id` = 
> > 3])
> > +AT_CHECK([test `ovs-ofctl dump-flows br-int table=51 | grep -c conj_id` = 
> > 3])
> >   OVN_CLEANUP([hv1])
> >   AT_CLEANUP
> > @@ -20220,7 +20220,7 @@ wait_for_ports_up ls1-lp_ext1
> >   # There should be a flow in hv2 to drop traffic from ls1-lp_ext1 destined
> >   # to router mac.
> >   AT_CHECK([as hv2 ovs-ofctl dump-flows br-int \
> > -table=34,dl_src=f0:00:00:00:00:03,dl_dst=a0:10:00:00:00:01 | \
> > +table=35,dl_src=f0:00:00:00:00:03,dl_dst=a0:10:00:00:00:01 | \
> >   grep -c "actions=drop"], [0], [1
> >   ])
> >   # Stop ovn-controllers on hv1 and hv3.
> > @@ -21078,7 +21078,7 @@ check ovn-nbctl set logical_router_policy $policy 
> > options:pkt_mark=100
> >   check ovn-nbctl --wait=hv sync
> >   as hv2
> >   # add a flow in egress pipeline to check pkt marking
> > -ovs-ofctl --protocols=OpenFlow13 add-flow br-int 
> > "table=37,priority=200,ip,nw_src=172.16.1.2,pkt_mark=0x64 
> > actions=resubmit(,38)"
> > +ovs-ofctl --protocols=OpenFlow13 add-flow br-int 
> > "table=42,priority=200,ip,nw_src=172.16.1.2,pkt_mark=0x64 
> > actions=resubmit(,43)"
> >   dst_ip=$(ip_to_hex 172 16 2 10)
> >   fip_ip=$(ip_to_hex 172 16 1 2)
> > @@ -21090,7 +21090,7 @@ echo $(get_arp_req f00000010204 $fip_ip 
> > $gw_router_ip) >> expected
> >   send_arp_reply 2 1 $gw_router_mac f00000010204 $gw_router_ip $fip_ip
> >   echo 
> > "${gw_router_mac}f0000001020408004500001c00004000fe0121b4${fip_ip}${dst_ip}${data}"
> >  >> expected
> > -OVS_WAIT_UNTIL([test 1 = `as hv2 ovs-ofctl dump-flows br-int table=37 | 
> > grep pkt_mark=0x64 | grep -c n_packets=1`])
> > +OVS_WAIT_UNTIL([test 1 = `as hv2 ovs-ofctl dump-flows br-int table=42 | 
> > grep pkt_mark=0x64 | grep -c n_packets=1`])
> >   OVN_CHECK_PACKETS([hv2/vif1-tx.pcap], [expected])
> > @@ -21845,19 +21845,19 @@ check_virtual_offlows_present() {
> >       lr0_dp_key=$(printf "%x" $(fetch_column Datapath_Binding tunnel_key 
> > external_ids:name=lr0))
> >       lr0_public_dp_key=$(printf "%x" $(fetch_column Port_Binding 
> > tunnel_key logical_port=lr0-public))
> > -    AT_CHECK_UNQUOTED([as $hv ovs-ofctl dump-flows br-int table=46,ip | 
> > ofctl_strip_all | grep "priority=2000"], [0], [dnl
> > - table=46, priority=2000,ip,metadata=0x$sw0_dp_key 
> > actions=load:0x1->OXM_OF_PKT_REG4[[48]],resubmit(,47)
> > +    AT_CHECK_UNQUOTED([as $hv ovs-ofctl dump-flows br-int table=51,ip | 
> > ofctl_strip_all | grep "priority=2000"], [0], [dnl
> > + table=51, priority=2000,ip,metadata=0x$sw0_dp_key 
> > actions=load:0x1->OXM_OF_PKT_REG4[[48]],resubmit(,52)
> >   ])
> >       AT_CHECK_UNQUOTED([as $hv ovs-ofctl dump-flows br-int table=11 | 
> > ofctl_strip_all | \
> >       grep "priority=92" | grep 172.168.0.50], [0], [dnl
> > - table=11, 
> > priority=92,arp,reg14=0x$lr0_public_dp_key,metadata=0x$lr0_dp_key,arp_tpa=172.168.0.50,arp_op=1
> >  
> > actions=move:NXM_OF_ETH_SRC[[]]->NXM_OF_ETH_DST[[]],mod_dl_src:10:54:00:00:00:10,load:0x2->NXM_OF_ARP_OP[[]],move:NXM_NX_ARP_SHA[[]]->NXM_NX_ARP_THA[[]],load:0x105400000010->NXM_NX_ARP_SHA[[]],push:NXM_OF_ARP_SPA[[]],push:NXM_OF_ARP_TPA[[]],pop:NXM_OF_ARP_SPA[[]],pop:NXM_OF_ARP_TPA[[]],move:NXM_NX_REG14[[]]->NXM_NX_REG15[[]],load:0x1->NXM_NX_REG10[[0]],resubmit(,37)
> > + table=11, 
> > priority=92,arp,reg14=0x$lr0_public_dp_key,metadata=0x$lr0_dp_key,arp_tpa=172.168.0.50,arp_op=1
> >  
> > actions=move:NXM_OF_ETH_SRC[[]]->NXM_OF_ETH_DST[[]],mod_dl_src:10:54:00:00:00:10,load:0x2->NXM_OF_ARP_OP[[]],move:NXM_NX_ARP_SHA[[]]->NXM_NX_ARP_THA[[]],load:0x105400000010->NXM_NX_ARP_SHA[[]],push:NXM_OF_ARP_SPA[[]],push:NXM_OF_ARP_TPA[[]],pop:NXM_OF_ARP_SPA[[]],pop:NXM_OF_ARP_TPA[[]],move:NXM_NX_REG14[[]]->NXM_NX_REG15[[]],load:0x1->NXM_NX_REG10[[0]],resubmit(,42)
> >   ])
> >   }
> >   check_virtual_offlows_not_present() {
> >       hv=$1
> > -    AT_CHECK([as $hv ovs-ofctl dump-flows br-int table=46,ip | 
> > ofctl_strip_all | grep "priority=2000"], [1], [dnl
> > +    AT_CHECK([as $hv ovs-ofctl dump-flows br-int table=51,ip | 
> > ofctl_strip_all | grep "priority=2000"], [1], [dnl
> >   ])
> >       AT_CHECK([as $hv ovs-ofctl dump-flows br-int table=11 | 
> > ofctl_strip_all | \
> > @@ -21884,7 +21884,7 @@ check_row_count Port_Binding 1 logical_port=sw0-vir 
> > virtual_parent=sw0-p1
> >   wait_for_ports_up sw0-vir
> >   check ovn-nbctl --wait=hv sync
> >   AT_CHECK([test 2 = `cat hv1/ovn-controller.log | grep "pinctrl received  
> > packet-in" | \
> > -grep opcode=BIND_VPORT | grep OF_Table_ID=29 | wc -l`])
> > +grep opcode=BIND_VPORT | grep OF_Table_ID=30 | wc -l`])
> >   wait_row_count Port_Binding 1 logical_port=sw0-vir6 chassis=$hv1_ch_uuid
> >   check_row_count Port_Binding 1 logical_port=sw0-vir6 virtual_parent=sw0-p1
> > @@ -24424,7 +24424,7 @@ m4_define([DVR_N_S_PING],
> >      OVN_CHECK_PACKETS_REMOVE_BROADCAST([hv4/vif-north-tx.pcap], 
> > [vif-north.expected])
> >      # Confirm that packets did not go out via tunnel port.
> > -   AT_CHECK([as hv1 ovs-ofctl dump-flows br-int | grep table=39 | grep 
> > NXM_NX_TUN_METADATA0 | grep n_packets=0 | wc -l], [0], [[0
> > +   AT_CHECK([as hv1 ovs-ofctl dump-flows br-int | grep table=44 | grep 
> > NXM_NX_TUN_METADATA0 | grep n_packets=0 | wc -l], [0], [[0
> >   ]])
> >      # Confirm that packet went out via localnet port
> > @@ -28817,22 +28817,22 @@ AT_CHECK([test ! -z $p1_zoneid])
> >   p2_zoneid=$(as hv1 ovs-vsctl get bridge br-int 
> > external_ids:ct-zone-sw0-p2 | sed 's/"//g')
> >   AT_CHECK([test ! -z $p2_zoneid])
> > -AT_CHECK([test $(ovs-ofctl dump-flows br-int 
> > table=40,metadata=${sw0_dpkey},\
> > +AT_CHECK([test $(ovs-ofctl dump-flows br-int 
> > table=45,metadata=${sw0_dpkey},\
> >   reg15=0x${p1_dpkey} | grep REG13 | wc -l) -eq 1])
> > -AT_CHECK([test $(ovs-ofctl dump-flows br-int 
> > table=40,metadata=${sw0_dpkey},\
> > +AT_CHECK([test $(ovs-ofctl dump-flows br-int 
> > table=45,metadata=${sw0_dpkey},\
> >   reg15=0x${p1_dpkey} | grep "load:0x${p1_zoneid}->NXM_NX_REG13" | wc -l) 
> > -eq 1])
> > -AT_CHECK([test $(ovs-ofctl dump-flows br-int 
> > table=40,metadata=${sw1_dpkey},\
> > +AT_CHECK([test $(ovs-ofctl dump-flows br-int 
> > table=45,metadata=${sw1_dpkey},\
> >   reg15=0x${p2_dpkey} | grep REG13 | wc -l) -eq 1])
> > -AT_CHECK([test $(ovs-ofctl dump-flows br-int 
> > table=40,metadata=${sw1_dpkey},\
> > +AT_CHECK([test $(ovs-ofctl dump-flows br-int 
> > table=45,metadata=${sw1_dpkey},\
> >   reg15=0x${p2_dpkey} | grep "load:0x${p2_zoneid}->NXM_NX_REG13" | wc -l) 
> > -eq 1])
> >   ovs-vsctl set interface hv1-vif1 external_ids:iface-id=foo
> >   OVS_WAIT_UNTIL([test x$(ovn-nbctl lsp-get-up sw0-p1) = xdown])
> > -AT_CHECK([test $(ovs-ofctl dump-flows br-int 
> > table=40,metadata=${sw0_dpkey},\
> > +AT_CHECK([test $(ovs-ofctl dump-flows br-int 
> > table=45,metadata=${sw0_dpkey},\
> >   reg15=0x${p1_dpkey} | grep REG13 | wc -l) -eq 0])
> >   p1_zoneid=$(as hv1 ovs-vsctl get bridge br-int 
> > external_ids:ct-zone-sw0-p1 | sed 's/"//g')
> > @@ -28844,16 +28844,16 @@ OVS_WAIT_UNTIL([test x$(ovn-nbctl lsp-get-up 
> > sw0-p1) = xup])
> >   p1_zoneid=$(as hv1 ovs-vsctl get bridge br-int 
> > external_ids:ct-zone-sw0-p1 | sed 's/"//g')
> >   AT_CHECK([test ! -z $p1_zoneid])
> > -AT_CHECK([test $(ovs-ofctl dump-flows br-int 
> > table=40,metadata=${sw0_dpkey},\
> > +AT_CHECK([test $(ovs-ofctl dump-flows br-int 
> > table=45,metadata=${sw0_dpkey},\
> >   reg15=0x${p1_dpkey} | grep REG13 | wc -l) -eq 1])
> > -AT_CHECK([test $(ovs-ofctl dump-flows br-int 
> > table=40,metadata=${sw0_dpkey},\
> > +AT_CHECK([test $(ovs-ofctl dump-flows br-int 
> > table=45,metadata=${sw0_dpkey},\
> >   reg15=0x${p1_dpkey} | grep "load:0x${p1_zoneid}->NXM_NX_REG13" | wc -l) 
> > -eq 1])
> >   ovs-vsctl del-port hv1-vif2
> >   OVS_WAIT_UNTIL([test x$(ovn-nbctl lsp-get-up sw0-p2) = xdown])
> > -AT_CHECK([test $(ovs-ofctl dump-flows br-int 
> > table=40,metadata=${sw0_dpkey},\
> > +AT_CHECK([test $(ovs-ofctl dump-flows br-int 
> > table=45,metadata=${sw0_dpkey},\
> >   reg15=0x${p2_dpkey} | grep REG13 | wc -l) -eq 0])
> >   p2_zoneid=$(as hv1 ovs-vsctl get bridge br-int 
> > external_ids:ct-zone-sw0-p2 | sed 's/"//g')
> > @@ -28861,7 +28861,7 @@ AT_CHECK([test -z $p2_zoneid])
> >   ovn-nbctl lsp-del sw0-p1
> > -OVS_WAIT_UNTIL([test $(ovs-ofctl dump-flows br-int 
> > table=40,metadata=${sw0_dpkey},\
> > +OVS_WAIT_UNTIL([test $(ovs-ofctl dump-flows br-int 
> > table=45,metadata=${sw0_dpkey},\
> >   reg15=0x${p1_dpkey} | grep REG13 | wc -l) -eq 0])
> >   p1_zoneid=$(as hv1 ovs-vsctl get bridge br-int 
> > external_ids:ct-zone-sw0-p1 | sed 's/"//g')
> > @@ -31410,46 +31410,46 @@ AT_CHECK([kill -0 $(cat hv1/ovn-controller.pid)])
> >   check ovn-nbctl --wait=hv sync
> >   # Check OVS flows are installed properly.
> > -AT_CHECK([as hv1 ovs-ofctl dump-flows br-int table=46 | ofctl_strip_all | \
> > +AT_CHECK([as hv1 ovs-ofctl dump-flows br-int table=51 | ofctl_strip_all | \
> >       grep "priority=2002" | grep conjunction | \
> >       sed 's/conjunction([[^)]]*)/conjunction()/g' | \
> >       sed 's/reg15=0x[[1-9]]/reg15=0xN/g' | sort], [0], [dnl
> > - table=46, 
> > priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x10/0xfff0
> >  actions=conjunction()
> > - table=46, 
> > priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x100/0xff00
> >  actions=conjunction()
> > - table=46, 
> > priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x1000/0xf000
> >  actions=conjunction()
> > - table=46, 
> > priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x2/0xfffe
> >  actions=conjunction()
> > - table=46, 
> > priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x20/0xffe0
> >  actions=conjunction()
> > - table=46, 
> > priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x200/0xfe00
> >  actions=conjunction()
> > - table=46, 
> > priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x2000/0xe000
> >  actions=conjunction()
> > - table=46, 
> > priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x4/0xfffc
> >  actions=conjunction()
> > - table=46, 
> > priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x40/0xffc0
> >  actions=conjunction()
> > - table=46, 
> > priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x400/0xfc00
> >  actions=conjunction()
> > - table=46, 
> > priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x4000/0xc000
> >  actions=conjunction()
> > - table=46, 
> > priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x8/0xfff8
> >  actions=conjunction()
> > - table=46, 
> > priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x80/0xff80
> >  actions=conjunction()
> > - table=46, 
> > priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x800/0xf800
> >  actions=conjunction()
> > - table=46, 
> > priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x8000/0x8000
> >  actions=conjunction()
> > - table=46, 
> > priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=1
> >  actions=conjunction()
> > - table=46, 
> > priority=2002,udp,reg0=0x100/0x100,reg15=0xN,metadata=0x1,nw_src=192.168.47.4
> >  actions=conjunction()
> > - table=46, 
> > priority=2002,udp,reg0=0x100/0x100,reg15=0xN,metadata=0x1,nw_src=192.168.47.4
> >  actions=conjunction()
> > - table=46, 
> > priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x10/0xfff0
> >  actions=conjunction()
> > - table=46, 
> > priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x100/0xff00
> >  actions=conjunction()
> > - table=46, 
> > priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x1000/0xf000
> >  actions=conjunction()
> > - table=46, 
> > priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x2/0xfffe
> >  actions=conjunction()
> > - table=46, 
> > priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x20/0xffe0
> >  actions=conjunction()
> > - table=46, 
> > priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x200/0xfe00
> >  actions=conjunction()
> > - table=46, 
> > priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x2000/0xe000
> >  actions=conjunction()
> > - table=46, 
> > priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x4/0xfffc
> >  actions=conjunction()
> > - table=46, 
> > priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x40/0xffc0
> >  actions=conjunction()
> > - table=46, 
> > priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x400/0xfc00
> >  actions=conjunction()
> > - table=46, 
> > priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x4000/0xc000
> >  actions=conjunction()
> > - table=46, 
> > priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x8/0xfff8
> >  actions=conjunction()
> > - table=46, 
> > priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x80/0xff80
> >  actions=conjunction()
> > - table=46, 
> > priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x800/0xf800
> >  actions=conjunction()
> > - table=46, 
> > priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x8000/0x8000
> >  actions=conjunction()
> > - table=46, 
> > priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=1 
> > actions=conjunction()
> > - table=46, 
> > priority=2002,udp,reg0=0x80/0x80,reg15=0xN,metadata=0x1,nw_src=192.168.47.4 
> > actions=conjunction()
> > - table=46, 
> > priority=2002,udp,reg0=0x80/0x80,reg15=0xN,metadata=0x1,nw_src=192.168.47.4 
> > actions=conjunction()
> > + table=51, 
> > priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x10/0xfff0
> >  actions=conjunction()
> > + table=51, 
> > priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x100/0xff00
> >  actions=conjunction()
> > + table=51, 
> > priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x1000/0xf000
> >  actions=conjunction()
> > + table=51, 
> > priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x2/0xfffe
> >  actions=conjunction()
> > + table=51, 
> > priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x20/0xffe0
> >  actions=conjunction()
> > + table=51, 
> > priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x200/0xfe00
> >  actions=conjunction()
> > + table=51, 
> > priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x2000/0xe000
> >  actions=conjunction()
> > + table=51, 
> > priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x4/0xfffc
> >  actions=conjunction()
> > + table=51, 
> > priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x40/0xffc0
> >  actions=conjunction()
> > + table=51, 
> > priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x400/0xfc00
> >  actions=conjunction()
> > + table=51, 
> > priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x4000/0xc000
> >  actions=conjunction()
> > + table=51, 
> > priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x8/0xfff8
> >  actions=conjunction()
> > + table=51, 
> > priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x80/0xff80
> >  actions=conjunction()
> > + table=51, 
> > priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x800/0xf800
> >  actions=conjunction()
> > + table=51, 
> > priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x8000/0x8000
> >  actions=conjunction()
> > + table=51, 
> > priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=1
> >  actions=conjunction()
> > + table=51, 
> > priority=2002,udp,reg0=0x100/0x100,reg15=0xN,metadata=0x1,nw_src=192.168.47.4
> >  actions=conjunction()
> > + table=51, 
> > priority=2002,udp,reg0=0x100/0x100,reg15=0xN,metadata=0x1,nw_src=192.168.47.4
> >  actions=conjunction()
> > + table=51, 
> > priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x10/0xfff0
> >  actions=conjunction()
> > + table=51, 
> > priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x100/0xff00
> >  actions=conjunction()
> > + table=51, 
> > priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x1000/0xf000
> >  actions=conjunction()
> > + table=51, 
> > priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x2/0xfffe
> >  actions=conjunction()
> > + table=51, 
> > priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x20/0xffe0
> >  actions=conjunction()
> > + table=51, 
> > priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x200/0xfe00
> >  actions=conjunction()
> > + table=51, 
> > priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x2000/0xe000
> >  actions=conjunction()
> > + table=51, 
> > priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x4/0xfffc
> >  actions=conjunction()
> > + table=51, 
> > priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x40/0xffc0
> >  actions=conjunction()
> > + table=51, 
> > priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x400/0xfc00
> >  actions=conjunction()
> > + table=51, 
> > priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x4000/0xc000
> >  actions=conjunction()
> > + table=51, 
> > priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x8/0xfff8
> >  actions=conjunction()
> > + table=51, 
> > priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x80/0xff80
> >  actions=conjunction()
> > + table=51, 
> > priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x800/0xf800
> >  actions=conjunction()
> > + table=51, 
> > priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x8000/0x8000
> >  actions=conjunction()
> > + table=51, 
> > priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=1 
> > actions=conjunction()
> > + table=51, 
> > priority=2002,udp,reg0=0x80/0x80,reg15=0xN,metadata=0x1,nw_src=192.168.47.4 
> > actions=conjunction()
> > + table=51, 
> > priority=2002,udp,reg0=0x80/0x80,reg15=0xN,metadata=0x1,nw_src=192.168.47.4 
> > actions=conjunction()
> >   ])
> >   OVN_CLEANUP([hv1])
> > @@ -32624,7 +32624,7 @@ ovs-vsctl add-port br-int lsp0-0 -- set interface 
> > lsp0-0 external_ids:iface-id=l
> >   ovs-vsctl add-port br-int lsp0-1 -- set interface lsp0-1 
> > external_ids:iface-id=lsp0-1
> >   check ovn-nbctl --wait=hv sync
> > -AT_CHECK([test $(ovs-ofctl dump-flows br-int table=46 | grep conjunction | 
> > wc -l) == 22])
> > +AT_CHECK([test $(ovs-ofctl dump-flows br-int table=51 | grep conjunction | 
> > wc -l) == 22])
> >   # Save the current lflow_run counter
> >   lflow_run=$(ovn-appctl -t ovn-controller coverage/read-counter lflow_run)
> > @@ -32634,7 +32634,7 @@ lflow_run=$(ovn-appctl -t ovn-controller 
> > coverage/read-counter lflow_run)
> >   # 1. Remove half of the ports from pg1. The excepted conjunction flows 
> > should be:
> >   #    2 + 10 = 12
> >   check ovn-nbctl --wait=hv pg-set-ports pg1 $(for i in 0 1 2 3 4; do for j 
> > in 0 1; do echo lsp${i}-${j}; done; done)
> > -AT_CHECK([test $(ovs-ofctl dump-flows br-int table=46 | grep conjunction | 
> > wc -l) == 12])
> > +AT_CHECK([test $(ovs-ofctl dump-flows br-int table=51 | grep conjunction | 
> > wc -l) == 12])
> >   # 2. Unbind lsp0-0. The there shouldn't be any conjunction flows because 
> > the
> >   #    port group const set should have only one member (lsp0-1). And the 
> > total
> > @@ -32642,25 +32642,25 @@ AT_CHECK([test $(ovs-ofctl dump-flows br-int 
> > table=46 | grep conjunction | wc -l
> >   #    10.
> >   ovs-vsctl del-port br-int lsp0-0
> >   check ovn-nbctl --wait=hv sync
> > -AT_CHECK([test $(ovs-ofctl dump-flows br-int table=46 | grep conjunction | 
> > wc -l) == 0])
> > -AT_CHECK([test $(ovs-ofctl dump-flows br-int table=46 | grep 192.168 | wc 
> > -l) == 10])
> > +AT_CHECK([test $(ovs-ofctl dump-flows br-int table=51 | grep conjunction | 
> > wc -l) == 0])
> > +AT_CHECK([test $(ovs-ofctl dump-flows br-int table=51 | grep 192.168 | wc 
> > -l) == 10])
> >   # 3. Rebind lsp0-0. The expected conjunction flows are back to 12.
> >   ovs-vsctl add-port br-int lsp0-0 -- set interface lsp0-0 
> > external_ids:iface-id=lsp0-0
> >   check ovn-nbctl --wait=hv sync
> > -AT_CHECK([test $(ovs-ofctl dump-flows br-int table=46 | grep conjunction | 
> > wc -l) == 12])
> > +AT_CHECK([test $(ovs-ofctl dump-flows br-int table=51 | grep conjunction | 
> > wc -l) == 12])
> >   # 4. Bind a lsp (lsp9-0) that doesn't belong to pg1, should not see any 
> > change.
> >   ovs-vsctl add-port br-int lsp9-0 -- set interface lsp9-0 
> > external_ids:iface-id=lsp9-0
> >   check ovn-nbctl --wait=hv sync
> > -AT_CHECK([test $(ovs-ofctl dump-flows br-int table=46 | grep conjunction | 
> > wc -l) == 12])
> > +AT_CHECK([test $(ovs-ofctl dump-flows br-int table=51 | grep conjunction | 
> > wc -l) == 12])
> >   # 5. Bind another 2 lsps (lsp1-0 lsp1-1) that belong to pg1 and on a 
> > different
> >   #    LS (ls1), should see conjunction flows doubled (12 x 2 = 24)
> >   ovs-vsctl add-port br-int lsp1-0 -- set interface lsp1-0 
> > external_ids:iface-id=lsp1-0
> >   ovs-vsctl add-port br-int lsp1-1 -- set interface lsp1-1 
> > external_ids:iface-id=lsp1-1
> >   check ovn-nbctl --wait=hv sync
> > -AT_CHECK([test $(ovs-ofctl dump-flows br-int table=46 | grep conjunction | 
> > wc -l) == 24])
> > +AT_CHECK([test $(ovs-ofctl dump-flows br-int table=51 | grep conjunction | 
> > wc -l) == 24])
> >   # 6. Simulate a SB port-group "del and add" notification to 
> > ovn-controller in the
> >   #    same IDL iteration. ovn-controller should still program the same 
> > flows. In
> > @@ -32685,7 +32685,7 @@ for i in $(seq 1 10); do
> >       check ovn-nbctl --wait=hv sync
> >       # Finally check flow count is the same as before.
> > -    AT_CHECK([test $(ovs-ofctl dump-flows br-int table=46 | grep 
> > conjunction | wc -l) == 24])
> > +    AT_CHECK([test $(ovs-ofctl dump-flows br-int table=51 | grep 
> > conjunction | wc -l) == 24])
> >   done
> >   # Make sure all the above was performed with I-P (no recompute)
> > @@ -33093,8 +33093,8 @@ check ovn-nbctl acl-add lsw0 to-lport 1002 'outport 
> > == "lp2" && ip4.src == 10.0.
> >   # The first ACL should be programmed, but the second one shouldn't.
> >   check ovn-nbctl --wait=hv sync
> > -AT_CHECK([ovs-ofctl dump-flows br-int table=46 | grep 10.0.0.111], [0], 
> > [ignore])
> > -AT_CHECK([ovs-ofctl dump-flows br-int table=46 | grep 10.0.0.122], [1], 
> > [ignore])
> > +AT_CHECK([ovs-ofctl dump-flows br-int table=51 | grep 10.0.0.111], [0], 
> > [ignore])
> > +AT_CHECK([ovs-ofctl dump-flows br-int table=51 | grep 10.0.0.122], [1], 
> > [ignore])
> >   # Now create the lport lp2.
> >   check ovn-nbctl lsp-add lsw0 lp2 \
> > @@ -33102,12 +33102,12 @@ check ovn-nbctl lsp-add lsw0 lp2 \
> >   check ovn-nbctl --wait=hv sync
> >   # Now the second ACL should be programmed.
> > -AT_CHECK([ovs-ofctl dump-flows br-int table=46 | grep 10.0.0.122], [0], 
> > [ignore])
> > +AT_CHECK([ovs-ofctl dump-flows br-int table=51 | grep 10.0.0.122], [0], 
> > [ignore])
> >   # Remove the lport lp2 again, the OVS flow for the second ACL should be
> >   # removed.
> >   check ovn-nbctl --wait=hv lsp-del lp2
> > -AT_CHECK([ovs-ofctl dump-flows br-int table=46 | grep 10.0.0.122], [1], 
> > [ignore])
> > +AT_CHECK([ovs-ofctl dump-flows br-int table=51 | grep 10.0.0.122], [1], 
> > [ignore])
> >   # Test similar scenario but when the referenced lport is not bound 
> > locally.
> > @@ -33121,8 +33121,8 @@ check ovn-nbctl acl-add lsw0 to-lport 1002 'inport 
> > == "lp4" && ip4.dst == 10.0.0
> >   # The ACL for lp3 should be programmed, but the one for lp4 shouldn't.
> >   check ovn-nbctl --wait=hv sync
> > -AT_CHECK([ovs-ofctl dump-flows br-int table=46 | grep 10.0.0.133], [0], 
> > [ignore])
> > -AT_CHECK([ovs-ofctl dump-flows br-int table=46 | grep 10.0.0.144], [1], 
> > [ignore])
> > +AT_CHECK([ovs-ofctl dump-flows br-int table=51 | grep 10.0.0.133], [0], 
> > [ignore])
> > +AT_CHECK([ovs-ofctl dump-flows br-int table=51 | grep 10.0.0.144], [1], 
> > [ignore])
> >   # Now create the lport lp4.
> >   check ovn-nbctl lsp-add lsw0 lp4 \
> > @@ -33130,7 +33130,7 @@ check ovn-nbctl lsp-add lsw0 lp4 \
> >   # Now the ACL for lp4 should be programmed.
> >   check ovn-nbctl --wait=hv sync
> > -AT_CHECK([ovs-ofctl dump-flows br-int table=46 | grep 10.0.0.144], [0], 
> > [ignore])
> > +AT_CHECK([ovs-ofctl dump-flows br-int table=51 | grep 10.0.0.144], [0], 
> > [ignore])
> >   OVN_CLEANUP([hv1])
> >   AT_CLEANUP
> > @@ -33493,15 +33493,15 @@ done
> >   check ovn-nbctl --wait=hv sync
> >   # hv0 should see flows for lsp1 but not lsp2
> > -AT_CHECK([as hv1 ovs-ofctl dump-flows br-int table=29 | grep 10.0.1.2], 
> > [0], [ignore])
> > -AT_CHECK([as hv1 ovs-ofctl dump-flows br-int table=29 | grep 10.0.2.2], 
> > [1])
> > +AT_CHECK([as hv1 ovs-ofctl dump-flows br-int table=30 | grep 10.0.1.2], 
> > [0], [ignore])
> > +AT_CHECK([as hv1 ovs-ofctl dump-flows br-int table=30 | grep 10.0.2.2], 
> > [1])
> >   # hv2 should see flows for lsp2 but not lsp1
> > -AT_CHECK([as hv2 ovs-ofctl dump-flows br-int table=29 | grep 10.0.2.2], 
> > [0], [ignore])
> > -AT_CHECK([as hv2 ovs-ofctl dump-flows br-int table=29 | grep 10.0.1.2], 
> > [1])
> > +AT_CHECK([as hv2 ovs-ofctl dump-flows br-int table=30 | grep 10.0.2.2], 
> > [0], [ignore])
> > +AT_CHECK([as hv2 ovs-ofctl dump-flows br-int table=30 | grep 10.0.1.2], 
> > [1])
> >   # Change lrp_lr_ls1 to a regular lrp, hv2 should see flows for lsp1
> >   check ovn-nbctl --wait=hv lrp-del-gateway-chassis lrp_lr_ls1 hv1
> > -AT_CHECK([as hv2 ovs-ofctl dump-flows br-int table=29 | grep 10.0.1.2], 
> > [0], [ignore])
> > +AT_CHECK([as hv2 ovs-ofctl dump-flows br-int table=30 | grep 10.0.1.2], 
> > [0], [ignore])
> >   # Change it back, and trigger recompute to make sure extra flows are 
> > removed
> >   # from hv2 (recompute is needed because currently I-P adds local 
> > datapaths but
> > @@ -33509,11 +33509,11 @@ AT_CHECK([as hv2 ovs-ofctl dump-flows br-int 
> > table=29 | grep 10.0.1.2], [0], [ig
> >   check ovn-nbctl --wait=hv lrp-set-gateway-chassis lrp_lr_ls1 hv1 1
> >   as hv2 check ovn-appctl -t ovn-controller recompute
> >   ovn-nbctl --wait=hv sync
> > -AT_CHECK([as hv2 ovs-ofctl dump-flows br-int table=29 | grep 10.0.1.2], 
> > [1])
> > +AT_CHECK([as hv2 ovs-ofctl dump-flows br-int table=30 | grep 10.0.1.2], 
> > [1])
> >   # Enable dnat_and_snat on lr, and now hv2 should see flows for lsp1.
> >   AT_CHECK([ovn-nbctl --wait=hv --gateway-port=lrp_lr_ls1 lr-nat-add lr 
> > dnat_and_snat 192.168.0.1 10.0.1.3 lsp1 f0:00:00:00:00:03])
> > -AT_CHECK([as hv2 ovs-ofctl dump-flows br-int table=29 | grep 10.0.1.2], 
> > [0], [ignore])
> > +AT_CHECK([as hv2 ovs-ofctl dump-flows br-int table=30 | grep 10.0.1.2], 
> > [0], [ignore])
> >   OVN_CLEANUP([hv1],[hv2])
> >   AT_CLEANUP
> > @@ -34570,7 +34570,7 @@ check ovn-nbctl --wait=hv sync
> >   # Use constants so that if tables or registers change, this test can
> >   # be updated easily.
> >   DNAT_TABLE=15
> > -SNAT_TABLE=45
> > +SNAT_TABLE=50
> >   DNAT_ZONE_REG="NXM_NX_REG11[[0..15]]"
> >   SNAT_ZONE_REG="NXM_NX_REG12[[0..15]]"
> > @@ -37179,7 +37179,7 @@ check ovn-nbctl --wait=hv sync
> >   wait_for_ports_up
> >   OVN_POPULATE_ARP
> > -AT_CHECK([as hv1 ovs-ofctl dump-flows br-int table=40 | grep -c 
> > controller], [0],[dnl
> > +AT_CHECK([as hv1 ovs-ofctl dump-flows br-int table=45 | grep -c 
> > controller], [0],[dnl
> >   9
> >   ])
> > @@ -37275,7 +37275,7 @@ tpa=$(ip_to_hex 10 0 0 10)
> >   send_garp 1 1 $eth_src $eth_dst $spa $tpa
> >   OVS_WAIT_UNTIL([test 1 = `cat hv1/ovn-controller.log | grep "pinctrl 
> > received  packet-in" | \
> > -grep opcode=BIND_VPORT | grep OF_Table_ID=29 | wc -l`])
> > +grep opcode=BIND_VPORT | grep OF_Table_ID=30 | wc -l`])
> >   sleep_controller hv1
> > @@ -37929,3 +37929,86 @@ AT_CHECK([ovn-sbctl --db=ssl:127.0.0.1:$TCP_PORT \
> >   OVS_APP_EXIT_AND_WAIT([ovsdb-server])
> >   AT_CLEANUP
> > +
> > +OVN_FOR_EACH_NORTHD([
> > +AT_SETUP([QoS packet marking])
> > +AT_KEYWORDS([ovn-qos-pkt-marking])
> > +AT_SKIP_IF([test $HAVE_SCAPY = no])
> > +ovn_start
> > +
> > +check ovn-nbctl lr-add lr0
> > +check ovn-nbctl ls-add ls0
> > +check ovn-nbctl ls-add ls1
> > +
> > +check ovn-nbctl lrp-add lr0 lrp0 f0:00:00:00:00:10 10.0.0.254/24
> > +check ovn-nbctl lsp-add ls0 lrp-s0 -- \
> > +    set Logical_Switch_Port lrp-s0 type=router \
> > +    options:router-port=lrp0 addresses='"f0:00:00:00:00:10"'
> > +check ovn-nbctl lrp-add lr0 lrp1 f0:00:00:00:00:20 20.0.0.254/24
> > +check ovn-nbctl lsp-add ls1 lrp-s1 -- \
> > +    set Logical_Switch_Port lrp-s1 type=router \
> > +    options:router-port=lrp1 addresses='"f0:00:00:00:00:20"'
> > +
> > +check ovn-nbctl --wait=sb lsp-add ls0 lp0
> > +check ovn-nbctl lsp-set-addresses lp0 f0:00:00:00:00:01
> > +check ovn-nbctl --wait=sb lsp-add ls0 lp1
> > +check ovn-nbctl lsp-set-addresses lp1 f0:00:00:00:00:02
> > +
> > +check ovn-nbctl --wait=sb lsp-add ls1 lp2
> > +check ovn-nbctl lsp-set-addresses lp2 f0:00:00:00:00:11
> > +check ovn-nbctl --wait=sb sync
> > +
> > +net_add n1
> > +sim_add hv
> > +
> > +as hv
> > +check ovs-vsctl add-br br-phys
> > +ovn_attach n1 br-phys 192.168.0.1
> > +
> > +check ovs-vsctl add-port br-int vif0 -- \
> > +    set Interface vif0 external-ids:iface-id=lp0 \
> > +    options:tx_pcap=hv/vif0-tx.pcap \
> > +    options:rxq_pcap=hv/vif0-rx.pcap \
> > +    ofport-request=1
> > +check ovs-vsctl add-port br-int vif1 -- \
> > +    set Interface vif1 external-ids:iface-id=lp1 \
> > +    options:tx_pcap=hv/vif1-tx.pcap \
> > +    options:rxq_pcap=hv/vif1-rx.pcap \
> > +    ofport-request=2
> > +check ovs-vsctl add-port br-int vif2 -- \
> > +    set Interface vif2 external-ids:iface-id=lp2 \
> > +    options:tx_pcap=hv/vif2-tx.pcap \
> > +    options:rxq_pcap=hv/vif2-rx.pcap \
> > +    ofport-request=3
> > +
> > +# Create QoS rules for packet marking.
> > +check ovn-nbctl qos-add ls0 from-lport 100 "inport==\"lp0\" && udp" mark=48
> > +check ovn-nbctl qos-add ls0 to-lport 100 "outport==\"lrp-s0\" && udp" 
> > mark=49
> > +check_row_count nb:QoS 2
> > +
> > +# Create some flows to count pkt marking.
> > +check ovn-nbctl acl-add ls0 to-lport 1002 "outport==\"lp1\" && pkt.mark == 
> > 48" drop
> > +check ovn-nbctl lr-policy-add lr0 200 "pkt.mark == 49" drop
> > +wait_for_ports_up
> > +check ovn-nbctl --wait=hv sync
> > +
> > +send_udp_packet() {
> > +    local inport=$1 eth_src=$2 eth_dst=$3 ipv4_src=$4 ipv4_dst=$5
> > +    local packet=$(fmt_pkt "Ether(dst='${eth_dst}', src='${eth_src}')/ \
> > +                            IP(src='${ipv4_src}', dst='${ipv4_dst}', 
> > ttl=0x40)/ \
> > +                            UDP(sport=4242, dport=4343)")
> > +    as hv ovs-appctl netdev-dummy/receive vif$inport $packet
> > +}
> > +
> > +ls0_dp_key=$(printf "0x%x" $(fetch_column Datapath_Binding tunnel_key 
> > external_ids:name=ls0))
> > +lr0_dp_key=$(printf "0x%x" $(fetch_column Datapath_Binding tunnel_key 
> > external_ids:name=lr0))
> > +
> > +send_udp_packet 0 f0:00:00:00:00:01 f0:00:00:00:00:02 10.0.0.1 10.0.0.2
> > +OVS_WAIT_UNTIL([test 1 = $(as hv ovs-ofctl dump-flows br-int | grep -E 
> > "pkt_mark=0x30.*metadata=$ls0_dp_key" | grep -c n_packets=1)])
> > +
> > +send_udp_packet 0 f0:00:00:00:00:01 f0:00:00:00:00:10 10.0.0.1 10.0.0.10
> > +OVS_WAIT_UNTIL([test 1 = $(as hv ovs-ofctl dump-flows br-int | grep -E 
> > "pkt_mark=0x31.*metadata=$lr0_dp_key" | grep -c n_packets=1)])
> > +
> > +OVN_CLEANUP([hv])
> > +AT_CLEANUP
> > +])
> > diff --git a/tests/system-ovn.at b/tests/system-ovn.at
> > index cb4124b70..1277f1057 100644
> > --- a/tests/system-ovn.at
> > +++ b/tests/system-ovn.at
> > @@ -2230,7 +2230,7 @@ ovn-nbctl set load_balancer $uuid 
> > vips:'"30.0.0.2:8000"'='"192.168.1.2:80,192.16
> >   ovn-nbctl list load_balancer
> >   ovn-sbctl dump-flows R2
> > -OVS_WAIT_UNTIL([ovs-ofctl -O OpenFlow13 dump-flows br-int table=45 | \
> > +OVS_WAIT_UNTIL([ovs-ofctl -O OpenFlow13 dump-flows br-int table=50 | \
> >   grep 'nat(src=20.0.0.2)'])
> >   check ovs-appctl dpctl/flush-conntrack
> > @@ -2269,7 +2269,7 @@ ovn-nbctl set load_balancer $uuid 
> > vips:'"30.0.0.2:8000"'='"192.168.1.2:80,192.16
> >   ovn-nbctl list load_balancer
> >   ovn-sbctl dump-flows R2
> > -OVS_WAIT_UNTIL([ovs-ofctl -O OpenFlow13 dump-flows br-int table=45 | \
> > +OVS_WAIT_UNTIL([ovs-ofctl -O OpenFlow13 dump-flows br-int table=50 | \
> >   grep 'nat(src=20.0.0.2)'])
> >   rm -f wget*.log
> > @@ -5055,7 +5055,7 @@ OVS_WAIT_UNTIL([
> >   ])
> >   OVS_WAIT_UNTIL([
> > -    n_pkt=$(ovs-ofctl dump-flows br-int table=46 | grep -v n_packets=0 | \
> > +    n_pkt=$(ovs-ofctl dump-flows br-int table=51 | grep -v n_packets=0 | \
> >   grep controller | grep tp_dst=84 -c)
> >       test $n_pkt -eq 1
> >   ])
> > @@ -5302,7 +5302,7 @@ OVS_WAIT_UNTIL([
> >   ])
> >   OVS_WAIT_UNTIL([
> > -    n_pkt=$(ovs-ofctl dump-flows br-int table=46 | grep -v n_packets=0 | \
> > +    n_pkt=$(ovs-ofctl dump-flows br-int table=51 | grep -v n_packets=0 | \
> >   grep controller | grep tp_dst=84 -c)
> >       test $n_pkt -eq 1
> >   ])
> > @@ -8756,7 +8756,7 @@ ovn-sbctl list ip_multicast
> >   wait_igmp_flows_installed()
> >   {
> > -    OVS_WAIT_UNTIL([ovs-ofctl dump-flows br-int table=35 | \
> > +    OVS_WAIT_UNTIL([ovs-ofctl dump-flows br-int table=36 | \
> >       grep 'priority=90' | grep "nw_dst=$1"])
> >   }
> > @@ -11993,7 +11993,7 @@ ovn-nbctl set load_balancer $uuid 
> > vips:'"30.0.0.2:8000"'='"192.168.1.2:12345,192
> >   ovn-nbctl list load_balancer
> >   ovn-sbctl dump-flows R2
> > -OVS_WAIT_UNTIL([ovs-ofctl -O OpenFlow13 dump-flows br-int table=45 | grep 
> > 'nat(src=20.0.0.2)'])
> > +OVS_WAIT_UNTIL([ovs-ofctl -O OpenFlow13 dump-flows br-int table=50 | grep 
> > 'nat(src=20.0.0.2)'])
> >   dnl Test load-balancing that includes L4 ports in NAT.
> >   for i in `seq 1 20`; do
> > diff --git a/utilities/ovn-nbctl.8.xml b/utilities/ovn-nbctl.8.xml
> > index 6f74bd557..f838393a6 100644
> > --- a/utilities/ovn-nbctl.8.xml
> > +++ b/utilities/ovn-nbctl.8.xml
> > @@ -482,6 +482,9 @@
> >             <code>burst=</code><var>burst</var> specifies the burst rate
> >             limit in kilobits.  <code>dscp</code> and/or <code>rate</code>
> >             are required arguments.
> > +          If <code>mark=</code><var>mark</var> is specified, then matching
> > +          packets will be marked (through <code>pkt.mark</code>).
> > +          <var>mark</var> must be a positive integer.
> >           </p>
> >           <p>
> > diff --git a/utilities/ovn-nbctl.c b/utilities/ovn-nbctl.c
> > index 526369b68..0620d333a 100644
> > --- a/utilities/ovn-nbctl.c
> > +++ b/utilities/ovn-nbctl.c
> > @@ -283,7 +283,7 @@ ACL commands:\n\
> >                               print ACLs for SWITCH\n\
> >   \n\
> >   QoS commands:\n\
> > -  qos-add SWITCH DIRECTION PRIORITY MATCH [rate=RATE [burst=BURST]] 
> > [dscp=DSCP]\n\
> > +  qos-add SWITCH DIRECTION PRIORITY MATCH [rate=RATE [burst=BURST]] 
> > [dscp=DSCP] [mark=MARK]\n\
> >                               add an QoS rule to SWITCH\n\
> >     qos-del SWITCH [{DIRECTION | UUID} [PRIORITY MATCH]]\n\
> >                               remove QoS rules from SWITCH\n\
> > @@ -2614,6 +2614,9 @@ nbctl_qos_list(struct ctl_context *ctx)
> >               if (!strcmp(qos_rule->key_action[j], "dscp")) {
> >                   ds_put_format(&ctx->output, " dscp=%"PRId64"",
> >                                 qos_rule->value_action[j]);
> > +            } else if (!strcmp(qos_rule->key_action[j], "mark")) {
> > +                ds_put_format(&ctx->output, " mark=%"PRId64"",
> > +                              qos_rule->value_action[j]);
> >               }
> >           }
> >           ds_put_cstr(&ctx->output, "\n");
> > @@ -2631,6 +2634,7 @@ nbctl_pre_qos_add(struct ctl_context *ctx)
> >       ovsdb_idl_add_column(ctx->idl, &nbrec_qos_col_direction);
> >       ovsdb_idl_add_column(ctx->idl, &nbrec_qos_col_priority);
> >       ovsdb_idl_add_column(ctx->idl, &nbrec_qos_col_match);
> > +    ovsdb_idl_add_column(ctx->idl, &nbrec_qos_col_action);
> >   }
> >   static void
> > @@ -2640,6 +2644,7 @@ nbctl_qos_add(struct ctl_context *ctx)
> >       const char *direction;
> >       int64_t priority;
> >       int64_t dscp = -1;
> > +    int64_t mark = 0;
> >       int64_t rate = 0;
> >       int64_t burst = 0;
> >       char *error;
> > @@ -2669,6 +2674,13 @@ nbctl_qos_add(struct ctl_context *ctx)
> >                   return;
> >               }
> >           }
> > +        else if (!strncmp(ctx->argv[i], "mark=", 5)) {
> > +            if (!ovs_scan(ctx->argv[i] + 5, "%"SCNd64, &mark) || mark < 0) 
> > {
> > +                ctl_error(ctx, "%s: mark must be a positive integer",
> > +                          ctx->argv[i] + 5);
> > +                return;
> > +            }
> > +        }
> >           else if (!strncmp(ctx->argv[i], "rate=", 5)) {
> >               if (!ovs_scan(ctx->argv[i] + 5, "%"SCNd64, &rate)
> >                   || rate < 1 || rate > UINT32_MAX) {
> > @@ -2686,14 +2698,15 @@ nbctl_qos_add(struct ctl_context *ctx)
> >               }
> >           } else {
> >               ctl_error(ctx, "%s: supported arguments are \"dscp=\", 
> > \"rate=\", "
> > -                      "and \"burst=\"", ctx->argv[i]);
> > +                      "\"burst=\" and \"mark=\"", ctx->argv[i]);
> >               return;
> >           }
> >       }
> >       /* Validate rate and dscp. */
> > -    if (-1 == dscp && !rate) {
> > -        ctl_error(ctx, "Either \"rate\" and/or \"dscp\" must be 
> > specified");
> > +    if (-1 == dscp && !rate && !mark) {
> > +        ctl_error(ctx, "Either \"mark\", \"rate\" and/or \"dscp\" must be "
> > +                       "specified");
> >           return;
> >       }
> > @@ -2702,9 +2715,11 @@ nbctl_qos_add(struct ctl_context *ctx)
> >       nbrec_qos_set_priority(qos, priority);
> >       nbrec_qos_set_direction(qos, direction);
> >       nbrec_qos_set_match(qos, ctx->argv[4]);
> > +    if (mark) {
> > +        nbrec_qos_update_action_setkey(qos, "mark", mark);
> > +    }
> >       if (-1 != dscp) {
> > -        const char *dscp_key = "dscp";
> > -        nbrec_qos_set_action(qos, &dscp_key, &dscp, 1);
> > +        nbrec_qos_update_action_setkey(qos, "dscp", dscp);
> >       }
> >       if (rate) {
> >           const char *bandwidth_key[2] = {"rate", "burst"};
> 
_______________________________________________
dev mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH ovn] northd: Add qos packet marking.

Reply via email to