If you want to route a packet through the Linux routing stack, then you should deliver the packet to an "internal" network device with an output action.
On Sun, Apr 08, 2012 at 04:45:53PM +0530, Kaushal Shubhank wrote: > Thanks Justin for the reply. I should have been more clear about the > DROP action that I want to use. > > The action DROP in ebtables in the 'broute' table actually sends the > packet to be routed while ACCEPT sends it to be bridged. The DROP in > ovs-ofctl actually drops the packet. > > By sending the port 80 packets to routing process (by DROPping them > via ebtables), I want to set the 'fwmark' which iptables later will > read and decide the path of the packet. > > I figured action=NORMAL would send the packets to the routing process, > but it seems I am missing something very basic here. Please advise. > > -Kaushal > > On 4/6/12, Justin Pettit <[email protected]> wrote: > > You can drop packets by using the "drop" action. It's equivalent to not > > listing any actions. Keep in mind the rules you've specified overlap, so > > you'll need priorities to disambiguate them. (This was just discussed in > > the "icmp paket matching ip packet rule" thread.) > > > > --Justin > > > > > > On Apr 6, 2012, at 2:57 AM, Kaushal Shubhank wrote: > > > >> Hello, > >> > >> I was reading about OpenVSwitch and really appreciated the concept. I am a > >> newbie and do not have a good understanding of OVS yet. I installed OVS > >> and and I was able to create a bridge reading the instructions. > >> > >> I read that ebtables is useless in case of OVS and ovs-ofctl can do things > >> similar to ebtables. > >> > >> I want to filter packets for port 80 http traffic only. For this when I > >> was using ebtables operating on a Linux bridge. But with ovs I was able to > >> add flow but I am not sure on how to get the ebtables -j DROP type > >> functionality using OVS. > >> > >> The commands which I used with ovs-ofctl ware as follow: > >> > >> ovs-ofctl add-flow br0 "in_port=ANY out_port=ANY action=NORMAL" # for my > >> bridge traffic > >> ovs-ofctl add-flow br0 "in_port=1 tcp, tp_src=80 action=NORMAL" > >> ovs-ofctl add-flow br0 "in_port=2 tcp, tp_dst=80 action=NORMAL" > >> > >> I also tried using action=LOCAL but then I was not able to use port 80 > >> traffic below the bridge. > >> > >> Any help on this will be appreciated. If there is some documentation out > >> there with examples for a similar case kindly redirect me to it. > >> > >> PS: I have no VMs in my system and I was wondering whether I can use the > >> capabilities of OVS bridge which is transparent to VLAN trunk where I can > >> filter port 80 traffic from different VLAN. > >> > >> {Router, Gateway} > >> | | > >> | | > >> | |{VLAN TRUNK} > >> {OVS- BRIDGE} > >> | | > >> | | > >> | |{Local Network} > >> _______________________________________________ > >> discuss mailing list > >> [email protected] > >> http://openvswitch.org/mailman/listinfo/discuss > > > > > _______________________________________________ > discuss mailing list > [email protected] > http://openvswitch.org/mailman/listinfo/discuss _______________________________________________ discuss mailing list [email protected] http://openvswitch.org/mailman/listinfo/discuss
