Re: [Ryu-devel] Destroy immortal packets

Iwase Yusuke Mon, 12 Sep 2016 00:46:10 -0700

Hi,

Your code seems to be correct and works correctly on my environment.


$ git diff
diff --git a/ryu/app/simple_switch_13.py b/ryu/app/simple_switch_13.py
index 3e7c598..d275ad6 100644
--- a/ryu/app/simple_switch_13.py
+++ b/ryu/app/simple_switch_13.py
@@ -48,6 +48,16 @@ class SimpleSwitch13(app_manager.RyuApp):
                                            ofproto.OFPCML_NO_BUFFER)]
          self.add_flow(datapath, 0, match, actions)
  
+        match = parser.OFPMatch(eth_type_nxm=0x0800, nw_ttl=0)
+        actions = []
+
+        self.add_flow(datapath, 10, match, actions)
+
+        match = parser.OFPMatch(eth_type_nxm=0x0800)
+        actions = [parser.OFPActionDecNwTtl()]
+
+        self.add_flow(datapath, 5, match, actions)
+
      def add_flow(self, datapath, priority, match, actions, buffer_id=None):
          ofproto = datapath.ofproto
          parser = datapath.ofproto_parser
diff --git a/ryu/ofproto/nicira_ext.py b/ryu/ofproto/nicira_ext.py
index e2fca47..7487b3b 100644
--- a/ryu/ofproto/nicira_ext.py
+++ b/ryu/ofproto/nicira_ext.py
@@ -435,6 +435,10 @@ ip_proto_nxm     Integer 8bit    IP protocol. Needed to 
support Nicira
                                   extensions that require the ip_proto to
                                   be set. (i.e. tcp_flags_nxm)
  tunnel_id_nxm    Integer 64bit   Tunnel identifier.
+nw_ttl           Integer 8bit    IP TTL or IPv6 hop limit value ttl
+                                 (between 0 and 255).
+                                 Requires setting fields:
+                                 eth_type_nxm = [0x0800 (IP)|0x86dd (IPv6)]
  tun_ipv4_src     IPv4 address    Tunnel IPv4 source address.
  tun_ipv4_dst     IPv4 address    Tunnel IPv4 destination address.
  pkt_mark         Integer 32bit   Packet metadata mark.
@@ -484,6 +488,7 @@ oxm_types = [
      oxm_fields.NiciraExtended0('eth_type_nxm', 3, type_desc.Int2),
      oxm_fields.NiciraExtended0('ip_proto_nxm', 6, type_desc.Int1),
      oxm_fields.NiciraExtended1('tunnel_id_nxm', 16, type_desc.Int8),
+    oxm_fields.NiciraExtended1('nw_ttl', 29, type_desc.Int1),
      oxm_fields.NiciraExtended1('tun_ipv4_src', 31, type_desc.IPv4Addr),
      oxm_fields.NiciraExtended1('tun_ipv4_dst', 32, type_desc.IPv4Addr),
      oxm_fields.NiciraExtended1('pkt_mark', 33, type_desc.Int4),


$ sudo mn --controller remote
...(snip)
mininet> sh ovs-ofctl dump-flows s1
NXST_FLOW reply (xid=0x4):
  cookie=0x0, duration=10.851s, table=0, n_packets=0, n_bytes=0, idle_age=10, 
priority=10,ip,nw_ttl=0 actions=drop
  cookie=0x0, duration=10.851s, table=0, n_packets=0, n_bytes=0, idle_age=10, 
priority=5,ip actions=dec_ttl
  cookie=0x0, duration=10.851s, table=0, n_packets=0, n_bytes=0, idle_age=10, 
priority=0 actions=CONTROLLER:65535


Did you "re-install" Ryu after applying my patch?
If you have installed Ryu with git source, it is required to re-install Ryu as 
following.
  # After applying patch, at Ryu top directory
  $ sudo python setup.py install


Thanks,
Iwase


On 2016年09月09日 16:04, Warsang wrote:
> Hello, thank you very much, I have applied the patch. I am now trying to 
> install a rule on switch startup to match all ip packets and decrement ttl or 
> drop all IP packets who have TTL=0
> Is this code correct? Because I only have these two rules on ovs startup when 
> i dump flows:
>
> sudo ovs-ofctl dump-flows 0_0_1 -O OpenFlow14
> OFPST_FLOW reply (OF1.4) (xid=0x2):
>  cookie=0x0, duration=18.703s, table=0, n_packets=10, n_bytes=600, 
> priority=65535,dl_dst=01:80:c2:00:00:0e,dl_type=0x88cc 
> actions=CONTROLLER:65535
>  cookie=0x0, duration=18.705s, table=0, n_packets=2, n_bytes=140, priority=0 
> actions=CONTROLLER:65535
>
> *_
> _*
>
> *_My code:_*
>
>
> @set_ev_cls(ofp_event.EventOFPSwitchFeatures, CONFIG_DISPATCHER)
>     def switch_features_handler(self, ev):
>         datapath = ev.msg.datapath
>         ofproto = datapath.ofproto
>         parser = datapath.ofproto_parser
>
>         # install table-miss flow entry
>         #
>         # We specify NO BUFFER to max_len of the output action due to
>         # OVS bug. At this moment, if we specify a lesser number, e.g.,
>         # 128, OVS will send Packet-In with invalid buffer_id and
>         # truncated packet data. In that case, we cannot output packets
>         # correctly.  The bug has been fixed in OVS v2.1.0.
>         match = parser.OFPMatch()
>         actions = [parser.OFPActionOutput(ofproto.OFPP_CONTROLLER,
> ofproto.OFPCML_NO_BUFFER)]
>         self.add_flow(datapath, 0, match, actions)
>         match = parser.OFPMatch(eth_type_nxm=0x0800,nw_ttl = 0)
>         actions = []
>         self.add_flow(datapath,10,match,actions)
>         match = parser.OFPMatch(eth_type_nxm=0x0800)
>         actions = [parser.OFPActionDecNwTtl()]
>         self.add_flow(datapath,5,match,actions)
>
> Thank you in advance.
>
> On 09/08/16 17:37, Iwase Yusuke wrote:
>> Hi,
>>
>> How about using NXM "nw_ttl" match field to drop packets with TTL=0?
>> But, currently, Ryu does not support this filed,
>> please apply the following patch.
>>
>>
>> $ git diff
>> diff --git a/ryu/app/simple_switch_13.py b/ryu/app/simple_switch_13.py
>> index 3e7c598..baa732c 100644
>> --- a/ryu/app/simple_switch_13.py
>> +++ b/ryu/app/simple_switch_13.py
>> @@ -48,6 +48,10 @@ class SimpleSwitch13(app_manager.RyuApp):
>> ofproto.OFPCML_NO_BUFFER)]
>>          self.add_flow(datapath, 0, match, actions)
>>
>> +        match = parser.OFPMatch(eth_type_nxm=0x0800, nw_ttl=0)
>> +        actions = []  # Drop
>> +        self.add_flow(datapath, 1, match, actions)
>> +
>>      def add_flow(self, datapath, priority, match, actions, buffer_id=None):
>>          ofproto = datapath.ofproto
>>          parser = datapath.ofproto_parser
>> diff --git a/ryu/ofproto/nicira_ext.py b/ryu/ofproto/nicira_ext.py
>> index e2fca47..7487b3b 100644
>> --- a/ryu/ofproto/nicira_ext.py
>> +++ b/ryu/ofproto/nicira_ext.py
>> @@ -435,6 +435,10 @@ ip_proto_nxm     Integer 8bit    IP protocol. Needed to 
>> support Nicira
>>                                   extensions that require the ip_proto to
>>                                   be set. (i.e. tcp_flags_nxm)
>>  tunnel_id_nxm    Integer 64bit   Tunnel identifier.
>> +nw_ttl           Integer 8bit    IP TTL or IPv6 hop limit value ttl
>> +                                 (between 0 and 255).
>> +                                 Requires setting fields:
>> +                                 eth_type_nxm = [0x0800 (IP)|0x86dd (IPv6)]
>>  tun_ipv4_src     IPv4 address    Tunnel IPv4 source address.
>>  tun_ipv4_dst     IPv4 address    Tunnel IPv4 destination address.
>>  pkt_mark         Integer 32bit   Packet metadata mark.
>> @@ -484,6 +488,7 @@ oxm_types = [
>>      oxm_fields.NiciraExtended0('eth_type_nxm', 3, type_desc.Int2),
>>      oxm_fields.NiciraExtended0('ip_proto_nxm', 6, type_desc.Int1),
>>      oxm_fields.NiciraExtended1('tunnel_id_nxm', 16, type_desc.Int8),
>> +    oxm_fields.NiciraExtended1('nw_ttl', 29, type_desc.Int1),
>>      oxm_fields.NiciraExtended1('tun_ipv4_src', 31, type_desc.IPv4Addr),
>>      oxm_fields.NiciraExtended1('tun_ipv4_dst', 32, type_desc.IPv4Addr),
>>      oxm_fields.NiciraExtended1('pkt_mark', 33, type_desc.Int4),
>>
>>
>> e.g.)
>> $ sudo mn --controller remote
>> ...(snip)
>> mininet> sh ovs-ofctl dump-flows s1
>> NXST_FLOW reply (xid=0x4):
>>  cookie=0x0, duration=4.616s, table=0, n_packets=0, n_bytes=0, idle_age=4, 
>> priority=1,ip,nw_ttl=0 actions=drop
>>  cookie=0x0, duration=4.616s, table=0, n_packets=4, n_bytes=280, 
>> idle_age=36, priority=0 actions=CONTROLLER:65535
>>
>>
>> Thanks,
>> Iwase
>>
>>
>> On 2016年09月08日 13:29, Warsang wrote:
>>> Hello all,
>>>
>>> I am running a fat-tree topology. When I ping a host x with h1 it first
>>> send arp discovery with ff:ff:ff:ff:ff:ff as destination. Hence
>>> everytime a switch gets this packet it floods it. Having no TTL these
>>> packets are immortal. My question is the following. What is the proper
>>> way of getting rid of these packets? I thought of decrementing the TTL
>>> every time a packet hits a switch. However I can only drop the packet
>>> with TTL = 0 at my controller and I can't create an OpenFlow rule that
>>> matches all packets with TTL = 0 hence I lose performance having to send
>>> the packets to my controller everytime I want to drop them. What is the
>>> proper way to get rid of these packets?
>>>
>>> Thank you in advance.
>>>
>>> -Warsang
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> _______________________________________________
>>> Ryu-devel mailing list
>>> Ryu-devel@lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/ryu-devel
>>>
>
>
>
>
> ------------------------------------------------------------------------------
>
>
>
> _______________________________________________
> Ryu-devel mailing list
> Ryu-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/ryu-devel
>

------------------------------------------------------------------------------
_______________________________________________
Ryu-devel mailing list
Ryu-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ryu-devel

Re: [Ryu-devel] Destroy immortal packets

Reply via email to