Hi Ashoka, Have worked on OF1.0, so can tell you from OF1.0 perspective.
(https://www.opennetworking.org/images/stories/downloads/sdn-resources/onf-specifications/openflow/openflow-spec-v1.0.0.pdf) If an OF switch wants to sends a packet to the controller, it uses PACKET_IN message type. Thanks Maurice From: Ashok Chippa <a.n.chi...@gmail.com<mailto:a.n.chi...@gmail.com>> Date: Wednesday, December 17, 2014 5:36 PM To: "discuss@openvswitch.org<mailto:discuss@openvswitch.org>" <discuss@openvswitch.org<mailto:discuss@openvswitch.org>> Subject: Re: [ovs-discuss] Firewall questions Including my previous questions: > > I am trying to takeover Table0 for Firewall function. Have couple of > questions: > > 1) On a table-miss in Table0, I would like to punt the packet to user space, > for DPI/FW processing. > There must be a way to punt the packet to user space? However, I do not > see an action like PUNT_TO_CPU (or some such) in the > documentation (on a cursory review). How do I punt the packet to user > space? > > 2) The Firewall installs a new flow (with action=drop or permit (go to the > next table)). However, > I would like to re-inject the packet (the one that caused the table miss) > back at the beginning of the pipeline. Is there a way to do this? > (RECIRC?) > > Appreciate your help. [https://ssl.gstatic.com/ui/v1/icons/mail/images/cleardot.gif] Any responses are appreciated. Checked the spec, and I do not see an action to punt the packet to controller. In section 5.12 of openflow-spec 1.3, I see the following actions: output, set-queue, drop, group, push-tag/pop-tag, set-field, change-ttl. I see no send-to-controller or some such to punt the packet to the controller. Is this not supported?!!! Please advice. Also, are there any plans to support command completion in ovs-vsctl, ovs-ofctl, ovs-appctl etc. ctl commands? Thanks, Ashok On Tue, Dec 16, 2014 at 4:43 PM, Ashok Chippa <a.n.chi...@gmail.com<mailto:a.n.chi...@gmail.com>> wrote: Hi, I am trying to takeover Table0 for Firewall function. Have couple of questions: 1) On a table-miss in Table0, I would like to punt the packet to user space, for DPI/FW processing. There must be a way to punt the packet to user space? However, I do not see an action like PUNT_TO_CPU (or some such) in the documentation (on a cursory review). How do I punt the packet to user space? 2) The Firewall installs a new flow (with action=drop or permit (go to the next table)). However, I would like to re-inject the packet (the one that caused the table miss) back at the beginning of the pipeline. Is there a way to do this? (RECIRC?) Appreciate your help. Ashok
_______________________________________________ discuss mailing list discuss@openvswitch.org http://openvswitch.org/mailman/listinfo/discuss
