On Wed, Jan 22, 2014 at 06:00:19PM +0200, Philip Roth wrote:
> Hey guys,
> I'm noticing an interesting phenomena that I can't explain.
> I have a flow in openvswitch that looks like that:
>
> ovs-ofctl add-flow sw0
> "table=0,priority=100,in_port=1,ip,actions=resubmit(,1),resubmit(,2),resubmit(,3)"
>
> if I send a packet and I have a drop rule in table 1:
>
> ovs-ofctl add-flow sw0 table=1,priority=0,actions=drop"
>
> the packet still goes through to table 2 and 3. BUT if I have an exit rule:
>
> ovs-ofctl add-flow sw0 table=1,priority=0,actions=exit"
>
> everything works great. I read in the man page that exit stops further
> actions.
> but if I drop the packet, how does it survive and pass to the next table?
The FAQ covers this.
Q: How do I make a flow drop packets?
A: To drop a packet is to receive it without forwarding it. OpenFlow
explicitly specifies forwarding actions. Thus, a flow with an
empty set of actions does not forward packets anywhere, causing
them to be dropped. You can specify an empty set of actions with
"actions=" on the ovs-ofctl command line. For example:
ovs-ofctl add-flow br0 priority=65535,actions=
would cause every packet entering switch br0 to be dropped.
You can write "drop" explicitly if you like. The effect is the
same. Thus, the following command also causes every packet
entering switch br0 to be dropped:
ovs-ofctl add-flow br0 priority=65535,actions=drop
"drop" is not an action, either in OpenFlow or Open vSwitch.
Rather, it is only a way to say that there are no actions.
_______________________________________________
dev mailing list
[email protected]
http://openvswitch.org/mailman/listinfo/dev
