On Mon, Jun 19, 2017 at 03:11:23PM -0700, Joe Stringer wrote: > On 19 June 2017 at 14:08, Keith Holleman via discuss > <[email protected]> wrote: > > > > Went to add a match rule based on packet length and couldn't find the right > > term or syntax. Then I searched the ovs-ofctl man page and couldn't find > > anything. Even more surprising was that I couldn't find an example of this > > previously being asked on any OVS discussion groups. Couldn't find it in > > the FAQ either. I know in stating so many places looked I will inevitably > > get proven wrong but I did try. > > > > So.....can you add a rule via ovs-ofctl to match on a packet's length? > > Probably tricky because it would have to have greater-than and less-than > > semantics and that doesn't play well with the fixed-length matches of > > OpenFlow. Are there any extensions that enable this? Or any pointers to > > previous discussions about it? > > I don't think there's any such support. The matching in the datapath > is based on unique bit patterns and masks, so if you wanted to render > range semantics into that then you would practically end up generating > several matches, one for each bitpattern within the range. I could > imagine that if the packet length were matchable then worst case we > could end up generating a different datapath flow for each possible > packet length (or at least one per power-of-two bit up to the argument > for lt/gt).
A arbitrary integer range over an N-bit field requires no more than 2N bitwise matches. The OpenFlow working group declined to define this kind of match on the basis, among others, that the length of a packet is rather difficult to define. Also, no one seemed to have a really good use case for it. The main one raised was some kind of vague "security" justification. _______________________________________________ discuss mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
