Re: [Ryu-devel] Destroy immortal packets

Thu, 08 Sep 2016 22:07:08 -0700

Hello, thank you very much, I have applied the patch. I am now trying to install a rule on switch startup to match all ip packets and decrement ttl or drop all IP packets who have TTL=0 Is this code correct? Because I only have these two rules on ovs startup when i dump flows: 

sudo ovs-ofctl dump-flows 0_0_1 -O OpenFlow14
OFPST_FLOW reply (OF1.4) (xid=0x2):
cookie=0x0, duration=18.703s, table=0, n_packets=10, n_bytes=600, priority=65535,dl_dst=01:80:c2:00:00:0e,dl_type=0x88cc actions=CONTROLLER:65535 cookie=0x0, duration=18.705s, table=0, n_packets=2, n_bytes=140, priority=0 actions=CONTROLLER:65535 

*_
_*

*_My code:_*


@set_ev_cls(ofp_event.EventOFPSwitchFeatures, CONFIG_DISPATCHER)
    def switch_features_handler(self, ev):
        datapath = ev.msg.datapath
        ofproto = datapath.ofproto
        parser = datapath.ofproto_parser

        # install table-miss flow entry
        #
        # We specify NO BUFFER to max_len of the output action due to
        # OVS bug. At this moment, if we specify a lesser number, e.g.,
        # 128, OVS will send Packet-In with invalid buffer_id and
        # truncated packet data. In that case, we cannot output packets
        # correctly.  The bug has been fixed in OVS v2.1.0.
        match = parser.OFPMatch()
        actions = [parser.OFPActionOutput(ofproto.OFPP_CONTROLLER,
ofproto.OFPCML_NO_BUFFER)]
        self.add_flow(datapath, 0, match, actions)
        match = parser.OFPMatch(eth_type_nxm=0x0800,nw_ttl = 0)
        actions = []
        self.add_flow(datapath,10,match,actions)
        match = parser.OFPMatch(eth_type_nxm=0x0800)
        actions = [parser.OFPActionDecNwTtl()]
        self.add_flow(datapath,5,match,actions)

Thank you in advance.

On 09/08/16 17:37, Iwase Yusuke wrote:

Hi,

How about using NXM "nw_ttl" match field to drop packets with TTL=0?
But, currently, Ryu does not support this filed,
please apply the following patch.


$ git diff
diff --git a/ryu/app/simple_switch_13.py b/ryu/app/simple_switch_13.py
index 3e7c598..baa732c 100644
--- a/ryu/app/simple_switch_13.py
+++ b/ryu/app/simple_switch_13.py
@@ -48,6 +48,10 @@ class SimpleSwitch13(app_manager.RyuApp):
ofproto.OFPCML_NO_BUFFER)]
         self.add_flow(datapath, 0, match, actions)

+        match = parser.OFPMatch(eth_type_nxm=0x0800, nw_ttl=0)
+        actions = []  # Drop
+        self.add_flow(datapath, 1, match, actions)
+

     def add_flow(self, datapath, priority, match, actions, 
buffer_id=None):

         ofproto = datapath.ofproto
         parser = datapath.ofproto_parser
diff --git a/ryu/ofproto/nicira_ext.py b/ryu/ofproto/nicira_ext.py
index e2fca47..7487b3b 100644
--- a/ryu/ofproto/nicira_ext.py
+++ b/ryu/ofproto/nicira_ext.py

@@ -435,6 +435,10 @@ ip_proto_nxm     Integer 8bit    IP protocol. 
Needed to support Nicira

                                  extensions that require the ip_proto to
                                  be set. (i.e. tcp_flags_nxm)
 tunnel_id_nxm    Integer 64bit   Tunnel identifier.
+nw_ttl           Integer 8bit    IP TTL or IPv6 hop limit value ttl
+                                 (between 0 and 255).
+                                 Requires setting fields:

+                                 eth_type_nxm = [0x0800 (IP)|0x86dd 
(IPv6)]

 tun_ipv4_src     IPv4 address    Tunnel IPv4 source address.
 tun_ipv4_dst     IPv4 address    Tunnel IPv4 destination address.
 pkt_mark         Integer 32bit   Packet metadata mark.
@@ -484,6 +488,7 @@ oxm_types = [
     oxm_fields.NiciraExtended0('eth_type_nxm', 3, type_desc.Int2),
     oxm_fields.NiciraExtended0('ip_proto_nxm', 6, type_desc.Int1),
     oxm_fields.NiciraExtended1('tunnel_id_nxm', 16, type_desc.Int8),
+    oxm_fields.NiciraExtended1('nw_ttl', 29, type_desc.Int1),
     oxm_fields.NiciraExtended1('tun_ipv4_src', 31, type_desc.IPv4Addr),
     oxm_fields.NiciraExtended1('tun_ipv4_dst', 32, type_desc.IPv4Addr),
     oxm_fields.NiciraExtended1('pkt_mark', 33, type_desc.Int4),


e.g.)
$ sudo mn --controller remote
...(snip)
mininet> sh ovs-ofctl dump-flows s1
NXST_FLOW reply (xid=0x4):

 cookie=0x0, duration=4.616s, table=0, n_packets=0, n_bytes=0, 
idle_age=4, priority=1,ip,nw_ttl=0 actions=drop
 cookie=0x0, duration=4.616s, table=0, n_packets=4, n_bytes=280, 
idle_age=36, priority=0 actions=CONTROLLER:65535



Thanks,
Iwase


On 2016年09月08日 13:29, Warsang wrote:

Hello all,

I am running a fat-tree topology. When I ping a host x with h1 it first
send arp discovery with ff:ff:ff:ff:ff:ff as destination. Hence
everytime a switch gets this packet it floods it. Having no TTL these
packets are immortal. My question is the following. What is the proper
way of getting rid of these packets? I thought of decrementing the TTL
every time a packet hits a switch. However I can only drop the packet
with TTL = 0 at my controller and I can't create an OpenFlow rule that
matches all packets with TTL = 0 hence I lose performance having to send
the packets to my controller everytime I want to drop them. What is the
proper way to get rid of these packets?

Thank you in advance.

-Warsang



------------------------------------------------------------------------------ 


_______________________________________________
Ryu-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/ryu-devel




------------------------------------------------------------------------------

_______________________________________________
Ryu-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/ryu-devel






















					Reply via email to