When OVS says nw_proto=11, it means decimal 11, which is not correct for UDP.
On Mon, Jun 27, 2016 at 02:54:45PM +0100, Hssan Driss wrote: > Hi everyone, > > Yes, as a matter of fact, on Floodlight ACL choosing UDP protocol is > translated into 11. Is that decimal or hex ? > There might be a confusion though ! 0x11 = 17 (dec) > And Since I'm using SIP on default 5060 port shall I precise it ? > > In addition, I tried adding the flow on the switch manually using dpctl > commands as below : > > # sudo dpctl add-flow unix:/var/run/dp0.sock > in_port=*,dl_vlan=*,dl_src=*,dl_dst=*,dl_type=*,nw_src=192.168.2.2,nw_dst=*,nw_proto=17,tp_src=*,tp_dst=5060,icmp_type=*,icmp_code=*,actions= > > I get : > > # sudo dpctl dump-flows unix:/var/run/dp0.sock > stats_reply (xid=0x54e91f95): flags=none type=1(flow) > cookie=0, duration_sec=1s, duration_nsec=552000000s, table_id=0, > priority=32768, n_packets=0, n_bytes=0, > idle_timeout=60,hard_timeout=0,actions= > > And packets are blocked ! but can't get why the flow rule doesn't exactly > match the rule added ! > > Thanks in advance for your help ! > > Kind Regards, > Hssan > > > On Fri, Jun 24, 2016 at 4:25 PM, Hssan Driss <hssan.dr...@gmail.com> wrote: > > > Hi everyone, > > > > I'm working on SDN lab. When intend to block SIP Client IP. We are pushing > > the blocking order based on the Src-ip address to Floodlight controller > > through REST API. Which is translated on a switch level : > > > > # dpctl dump-flows unix:/var/run/dp0.sock > > stats_reply (xid=0x79853a73): flags=none type=1(flow) > > cookie=45035999707555269, duration_sec=9s, duration_nsec=451000000s, > > table_id=0, priority=29999, n_packets=0, n_bytes=0, > > idle_timeout=0,hard_timeout=0,ip,nw_src=192.168.2.2,nw_proto=11,tp_src=0,tp_dst=0,actions= > > cookie=4503599627370496, duration_sec=39s, duration_nsec=677000000s, > > table_id=0, priority=100, n_packets=514, n_bytes=231936, > > idle_timeout=5,hard_timeout=0,in_port=4,dl_src=00:21:9b:88:04:66,dl_dst=18:03:73:b5:78:4d,actions=output:3 > > cookie=4503599627370496, duration_sec=39s, duration_nsec=677000000s, > > table_id=0, priority=100, n_packets=685, n_bytes=383282, > > idle_timeout=5,hard_timeout=0,in_port=3,dl_src=18:03:73:b5:78:4d,dl_dst=00:21:9b:88:04:66,actions=output:4 > > > > SIP Client is on 192.168.2.2 > > > > The flow rule is placed on the switch flow table. However, the Proxy still > > receives the packets from that client. > > How can I debug and fix this ? > > Below my is topology! > > > > > > > > Controller Floodlight > > _________|________ > > | | | > > Netfpga ____OVS ___Netfpga > > | | | > > SIP Proxy SIP > > Client1 Client2 > > > > > > Thanks in advance, > > Best Regards, > > Hssan > > > > > _______________________________________________ > openflow-discuss mailing list > openflow-discuss@lists.stanford.edu > https://mailman.stanford.edu/mailman/listinfo/openflow-discuss _______________________________________________ openflow-discuss mailing list openflow-discuss@lists.stanford.edu https://mailman.stanford.edu/mailman/listinfo/openflow-discuss
