[ovs-discuss] icmp paket matching ip packet rule

selen jia selen764 at gmail.com
Sun Apr 8 22:40:06 PDT 2012


when i change the priority it matches with higher priority flow,
but priority check is applied after  matching rule is selected using memcmp

On Mon, Apr 9, 2012 at 11:01 AM, Justin Pettit <jpettit at nicira.com> wrote:

> So what happens when you change the priority?
>
> --Justin
>
>
> On Apr 8, 2012, at 10:26 PM, selen jia <selen764 at gmail.com> wrote:
>
> hi,
> I am looking at the code of openvswitch where to compare rules and packet
> we have used memcmp function which compare flow structure of packet and
> rule, and so only the more exact rule should match the packet.
>
> On Mon, Apr 9, 2012 at 10:46 AM, Justin Pettit <jpettit at nicira.com> wrote:
>
>> The specificity of the flow doesn't matter; feel free to check the
>> OpenFlow 1.0 spec if you'd like.
>>
>> --Justin
>>
>>
>> On Apr 8, 2012, at 10:09 PM, selen jia <selen764 at gmail.com> wrote:
>>
>> But icmp rule is more exact and has icmp_type=0  icmp_code=0 and
>> nw_proto=1  field as well. So i think all these rule parametres should
>> match against packet fields.and icmp rule should match to the icmp(0,0)
>> packet and not rule containing just dl_type=0x0800(ip) parameter.
>>
>> in ovs code we use memcmp(flow,packet_flow) to determine rule matching
>> the packet, so i still believe icmp rule should match the packet and not ip
>> rule
>>
>> On Fri, Apr 6, 2012 at 10:08 PM, Justin Pettit <jpettit at nicira.com>wrote:
>>
>>> [Adding back the discuss@ mailing list.]
>>>
>>> If there are overlapping rules at the same priority, a switch is free to
>>> choose whichever one it wants.  In the example you gave, an ICMP (0,0)
>>> packet would match both rules, since it is both IP and has the correct ICMP
>>> type and code.  If you ran a ping, the echo requests and replies would only
>>> match the IP rule, since it has different ICMP types.  If you want your
>>> special ICMP packets to consistently match the right rule you need to raise
>>> its priority relative to the IP rule.
>>>
>>> --Justin
>>>
>>>
>>> On Apr 6, 2012, at 2:17 AM, selen jia wrote:
>>>
>>> > That means during add-flow in flow table, rules can be added in any
>>> order,there is no defined way how rule is added to flow table.
>>> >
>>> > On Fri, Apr 6, 2012 at 2:21 PM, Justin Pettit <jpettit at nicira.com>
>>> wrote:
>>> > I think you need to disambiguate those rules by using a priority.
>>>  OpenFlow doesn't distinguish based on which rule is more specific, so
>>> switch behavior is undefined in those situations.
>>> >
>>> > As described in the ovs-ofctl man page, you can use "check_overlap" to
>>> see whether this situation will occur at flow insertion time.  The
>>> controller may have a similar flag you can set.
>>> >
>>> > --Justin
>>> >
>>> >
>>> > On Apr 6, 2012, at 1:42 AM, selen jia wrote:
>>> >
>>> > > hi,
>>> > > im using openvswitch 1.2.2 and setting controller ptcp:6633
>>> > >
>>> > > now from controller i add following flows
>>> > > 1. ovs-ofctl add-flow tcp:15.1.2.3 "ip actions=output:2"
>>> > > 2. ovs-ofctl add-flow tcp: 15:1.2.3 "icmp icmp_type=0 icmp_code=0
>>> actions=output:2"
>>> > >
>>> > > Now when i send packet with icmp type=0 and icmp code=0 ,
>>> > > packet matches rule 1) with ip actions=2 and not with second rule
>>>  icmp icmp_type=0 and icmp_code=0
>>> > >
>>> > > although rule 2 was exact match rule for packet..
>>> > >
>>> > >
>>> > > How ever when i add these two flows from switch ,packet matches icmp
>>> rule only.
>>> > >
>>> > > why is switch behaving this way with random rule insertion and
>>> matching? also rule insertion order is different form switch and controller?
>>> > > _______________________________________________
>>> > > discuss mailing list
>>> > > discuss at openvswitch.org
>>> > > http://openvswitch.org/mailman/listinfo/discuss
>>> >
>>> >
>>>
>>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://openvswitch.org/pipermail/discuss/attachments/20120409/7270ca19/attachment-0001.htm>


More information about the discuss mailing list