[ovs-discuss] icmp paket matching ip packet rule

selen jia selen764 at gmail.com
Sun Apr 8 22:26:44 PDT 2012


hi,
I am looking at the code of openvswitch where to compare rules and packet
we have used memcmp function which compare flow structure of packet and
rule, and so only the more exact rule should match the packet.

On Mon, Apr 9, 2012 at 10:46 AM, Justin Pettit <jpettit at nicira.com> wrote:

> The specificity of the flow doesn't matter; feel free to check the
> OpenFlow 1.0 spec if you'd like.
>
> --Justin
>
>
> On Apr 8, 2012, at 10:09 PM, selen jia <selen764 at gmail.com> wrote:
>
> But icmp rule is more exact and has icmp_type=0  icmp_code=0 and
> nw_proto=1  field as well. So i think all these rule parametres should
> match against packet fields.and icmp rule should match to the icmp(0,0)
> packet and not rule containing just dl_type=0x0800(ip) parameter.
>
> in ovs code we use memcmp(flow,packet_flow) to determine rule matching the
> packet, so i still believe icmp rule should match the packet and not ip rule
>
> On Fri, Apr 6, 2012 at 10:08 PM, Justin Pettit <jpettit at nicira.com> wrote:
>
>> [Adding back the discuss@ mailing list.]
>>
>> If there are overlapping rules at the same priority, a switch is free to
>> choose whichever one it wants.  In the example you gave, an ICMP (0,0)
>> packet would match both rules, since it is both IP and has the correct ICMP
>> type and code.  If you ran a ping, the echo requests and replies would only
>> match the IP rule, since it has different ICMP types.  If you want your
>> special ICMP packets to consistently match the right rule you need to raise
>> its priority relative to the IP rule.
>>
>> --Justin
>>
>>
>> On Apr 6, 2012, at 2:17 AM, selen jia wrote:
>>
>> > That means during add-flow in flow table, rules can be added in any
>> order,there is no defined way how rule is added to flow table.
>> >
>> > On Fri, Apr 6, 2012 at 2:21 PM, Justin Pettit <jpettit at nicira.com>
>> wrote:
>> > I think you need to disambiguate those rules by using a priority.
>>  OpenFlow doesn't distinguish based on which rule is more specific, so
>> switch behavior is undefined in those situations.
>> >
>> > As described in the ovs-ofctl man page, you can use "check_overlap" to
>> see whether this situation will occur at flow insertion time.  The
>> controller may have a similar flag you can set.
>> >
>> > --Justin
>> >
>> >
>> > On Apr 6, 2012, at 1:42 AM, selen jia wrote:
>> >
>> > > hi,
>> > > im using openvswitch 1.2.2 and setting controller ptcp:6633
>> > >
>> > > now from controller i add following flows
>> > > 1. ovs-ofctl add-flow tcp:15.1.2.3 "ip actions=output:2"
>> > > 2. ovs-ofctl add-flow tcp: 15:1.2.3 "icmp icmp_type=0 icmp_code=0
>> actions=output:2"
>> > >
>> > > Now when i send packet with icmp type=0 and icmp code=0 ,
>> > > packet matches rule 1) with ip actions=2 and not with second rule
>>  icmp icmp_type=0 and icmp_code=0
>> > >
>> > > although rule 2 was exact match rule for packet..
>> > >
>> > >
>> > > How ever when i add these two flows from switch ,packet matches icmp
>> rule only.
>> > >
>> > > why is switch behaving this way with random rule insertion and
>> matching? also rule insertion order is different form switch and controller?
>> > > _______________________________________________
>> > > discuss mailing list
>> > > discuss at openvswitch.org
>> > > http://openvswitch.org/mailman/listinfo/discuss
>> >
>> >
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://openvswitch.org/pipermail/discuss/attachments/20120409/e8fd9a0e/attachment.htm>


More information about the discuss mailing list