Re: [nox-dev] dropping packets

Mon, 12 Jul 2010 07:25:24 -0700 

Hi guys,
I don't think I made it clear in the previous post. The code in the previous post only gets called when the flow is identified as HTTP. Then I am trying to block that particular flow. I know it would make more sense to write general rule and send the command from the install method. I am just doing this initially to see if I can get any packets dropped. 

Thanks Again
Iain

On Jul 12 2010, i...@cs.nott.ac.uk wrote:


Hi Everyone,


I am running NOX and openflow on the same machine. I am coding the NOX 
controller in C++. I am trying to write code to selectively drop packets. 
For a quick test I tried to write code that would drop HTTP (i.e. tcp dst 
port 80) packets.



The code correctly identifies the HTTP packet and it calls the 
send_openflow_command with no action. However the packets are not getting 
dropped. Below is initialisation of the openflow mod structure. Which is 
sent in the command.


        // setup the header
        ofm.header.version = OFP_VERSION;
        ofm.header.type = OFPT_FLOW_MOD;                
        ofm.header.length = htons(sizeof ofm);  // no extended action data
        
        // match the flow - therefore no wild-cards!
        ofm.match.wildcards = htonl(0);
        ofm.match.in_port = htons(flow.in_port);                
        ofm.match.dl_vlan = flow.dl_vlan;
        memcpy(ofm.match.dl_src,flow.dl_src.octet,sizeof ofm.match.dl_src);
        memcpy(ofm.match.dl_dst,flow.dl_dst.octet,sizeof ofm.match.dl_dst);
        ofm.match.dl_type = flow.dl_type;       
        ofm.match.nw_src = flow.nw_src;
        ofm.match.nw_dst = flow.nw_dst;
        ofm.match.nw_proto = flow.nw_proto;
        ofm.match.tp_src = flow.tp_src;
        ofm.match.tp_dst = flow.tp_dst;
        

         // add an entry - initalise entry housekeeping variables (see 
page 28 of OF spec)

        ofm.command = htons(OFPFC_ADD);
        ofm.buffer_id = htonl(packetid);        
        ofm.idle_timeout = htons(OFP_FLOW_PERMANENT);
        ofm.hard_timeout = htons(OFP_FLOW_PERMANENT);                           
        ofm.priority = htons(OFP_DEFAULT_PRIORITY);
        ofm.flags = OFPFF_CHECK_OVERLAP;


When I run dpctl dump-flows on the switch I get 

  cookie=14431522174269325312, duration_sec=15s, 
duration_nsec=832000000s, table_id=0, priority=65535, n_packets=3, 
n_bytes=222, 
idle_timeout=0,hard_timeout=0,tcp,in_port=1,dl_vlan=0xffff,dl_vlan_pcp=0x00,dl_src=00:07:e9:ae:04:c7,dl_dst=00:13:d3:c0:46:f2,nw_src=192.168.1.1,nw_dst=91.189.88.31,nw_tos=0x00,tp_src=58891,tp_dst=80,actions=



Any ideas on what I am doing wrong?

thanks in advance
Iain




_______________________________________________
nox-dev mailing list
nox-dev@noxrepo.org
http://noxrepo.org/mailman/listinfo/nox-dev_noxrepo.org



_______________________________________________
nox-dev mailing list
nox-dev@noxrepo.org
http://noxrepo.org/mailman/listinfo/nox-dev_noxrepo.org






















					Reply via email to