On Sun, Sep 17, 2017 at 05:03:19PM +0530, Vikrant Aggarwal wrote: > 0. ls_in_port_sec_l2 (ovn-northd.c:2979): inport == > "4c72cee2-35b7-4bcd-8c77-135a22d16df1" && eth.src == {fa:16:3e:55:3f:be}, > priority 50, uuid b6b8d57a > next; > 1. ls_in_port_sec_ip (ovn-northd.c:2113): inport == > "4c72cee2-35b7-4bcd-8c77-135a22d16df1" && eth.src == fa:16:3e:55:3f:be && > ip4.src == {10.10.10.4}, priority 90, uuid ba02f466 > next; > 3. ls_in_pre_acl (ovn-northd.c:2397): ip, priority 100, uuid 25d55e7b > reg0[0] = 1; > next; > 5. ls_in_pre_stateful (ovn-northd.c:2515): reg0[0] == 1, priority 100, > uuid b84a160f > ct_next; > *** ct_* actions not implemented
ovn-trace in Open vSwitch 2.7 doesn't support the ct_* actions, which means that tracing through a distributed firewall tends to end up this way. ovn-trace in Open vSwitch 2.8 does support these actions, so you'll see more success there. _______________________________________________ discuss mailing list disc...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-discuss