Hi Quoc, thanks a lot for clarifying this. I did try to add the flow
with the default priority but that didn't work either.
It seems that the two first flows are always prioritized over the one
that I'm adding. It only works when I lower the priorities of the first
two flows.
Is there any way to add the new flow and override the others without
having to modify their priorities?
Thanks!
Giorgos
On 29/08/18 01:06, quockhanh...@gmail.com wrote:
Hi Giorgos,
From your flow table, it’s very likely that the flow entry you used to
drop traffic between 2 hosts has a lower priority (=100) than the
priorities of the other 2 entries (*default priority*). As mentioned
in this
<http://www.openvswitch.org/support/dist-docs/ovs-ofctl.8.html>, “when
adding a flow, if the field is not specified, *the flow's priority
will default to 32768*.” Therefore, incoming packets will always be
matched and forwarded between h1 and h2 by the first 2 flow entries
instead of being drop by the last one.
Hope it helps.
Regards,
Quoc Khanh
*From: *Giorgos Dimopoulos <mailto:gior...@talaia.io>
*Sent: *Tuesday, 28 August 2018 10:55 PM
*To: *ryu-devel@lists.sourceforge.net
<mailto:ryu-devel@lists.sourceforge.net>
*Subject: *[Ryu-devel] Rule to drop traffic between hosts in mininet
doesn'twork
Hello,
I'm running mininet with the following configuration:
sudo mn --topo single,2 --mac --controller remote --switch
ovs,protocols=OpenFlow10
on the host computer I'm running ryu with simple_switch and ofct_rest:
ryu-manager --verbose --app-lists ryu.app.simple_switch,ryu.app.ofctl_rest
then I'm using the REST API to block all traffic from h1 to h2:
curl -X POST -d '{
"dpid": 1,
"cookie": 0,
"table_id": 0,
"priority": 100,
"flags": 1,
"match":{
"nw_src": "10.0.0.1/32",
"nw_dst": "10.0.0.2/32",
"dl_type": 2048
},
"actions":[
]
}' http://localhost:8080/stats/flowentry/add
in mininet the OF rule appears correctly:
mininet> sh ovs-ofctl -O OpenFlow10 dump-flows s1
cookie=0x0, duration=40.692s, table=0, n_packets=4, n_bytes=336,
in_port="s1-eth1",dl_src=00:00:00:00:00:01,dl_dst=00:00:00:00:00:02
actions=output:"s1-eth2"
cookie=0x0, duration=40.687s, table=0, n_packets=3, n_bytes=238,
in_port="s1-eth2",dl_src=00:00:00:00:00:02,dl_dst=00:00:00:00:00:01
actions=output:"s1-eth1"
cookie=0x0, duration=5.286s, table=0, n_packets=0, n_bytes=0,
priority=100,ip,nw_src=10.0.0.1,nw_dst=10.0.0.2 actions=drop
but the rule doesn't work since h1 can still ping h2:
mininet> h1 ping h2
PING 10.0.0.2 (10.0.0.2) 56(84) bytes of data.
64 bytes from 10.0.0.2: icmp_seq=1 ttl=64 time=0.496 ms
64 bytes from 10.0.0.2: icmp_seq=2 ttl=64 time=0.061 ms
64 bytes from 10.0.0.2: icmp_seq=3 ttl=64 time=0.065 ms
am I missing something here?
Thanks in advance!
Giorgos
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Ryu-devel mailing list
Ryu-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ryu-devel
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Ryu-devel mailing list
Ryu-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ryu-devel
