On Thu, Jan 22, 2015 at 05:34:15PM +0530, nitish nagesh wrote:
> I am trying to add L4 port range matching capability to our switch
> (internally uses OVS code). I have used experimenter match fields in the
> Flow Mod to get these. Once i receive them, after parsing the experimenter
> OXM's, i store them in the "flow" structure. I have added new fields to
> store them, something like this:
>
> struct flow {
> .
> .
> .
> struct port_range pr;
> .
> .
> };
>
> struct port_range
> {
> ovs_be16 begin;
> ovs_be16 end;
> };
>
> Note that when i receive a port range in the flow-mod, i would NOT
> populate the tp_src or tp_dst fields.
>
> However i am facing issues when it comes to matching packets to this rule.
> As my understanding goes, OVS creates a hash of all the field values in the
> "flow" structure as received in the flow-mod and stores them in the
> classifier. A network packet would never match this rule, as it doesnt have
> a port-range and hence the hash would always fail.
>
> I was thinking if there's an easy way to achieve this with minimal
> changes to the code. My knowledge about OVS code is limited, hence
> requesting for help. Please comment.
Implementing port ranges this way is kind of an uphill battle. I'd
suggest using multiple flows that bitwise match on the tp_src or tp_dst
fields, as described in ovs-ofctl(8):
tcp_src=port/mask
tcp_dst=port/mask
udp_src=port/mask
udp_dst=port/mask
sctp_src=port/mask
sctp_dst=port/mask
Bitwise match on TCP (or UDP or SCTP) source or destination
port. The port and mask are 16-bit numbers written in decimal
or in hexadecimal prefixed by 0x. Each 1-bit in mask requires
that the corresponding bit in port must match. Each 0-bit in
mask causes the corresponding bit to be ignored.
Bitwise matches on transport ports are rarely useful in isola‐
tion, but a group of them can be used to reduce the number of
flows required to match on a range of transport ports. For
example, suppose that the goal is to match TCP source ports 1000
to 1999, inclusive. One way is to insert 1000 flows, each of
which matches on a single source port. Another way is to look
at the binary representations of 1000 and 1999, as follows:
01111101000
11111001111
and then to transform those into a series of bitwise matches
that accomplish the same results:
01111101xxx
0111111xxxx
10xxxxxxxxx
110xxxxxxxx
1110xxxxxxx
11110xxxxxx
1111100xxxx
which become the following when written in the syntax required
by ovs-ofctl:
tcp,tcp_src=0x03e8/0xfff8
tcp,tcp_src=0x03f0/0xfff0
tcp,tcp_src=0x0400/0xfe00
tcp,tcp_src=0x0600/0xff00
tcp,tcp_src=0x0700/0xff80
tcp,tcp_src=0x0780/0xffc0
tcp,tcp_src=0x07c0/0xfff0
Only Open vSwitch 1.6 and later supports bitwise matching on
transport ports.
Like the exact-match forms described above, the bitwise match
forms apply only when dl_type and nw_proto specify TCP or UDP or
SCTP.
_______________________________________________
discuss mailing list
[email protected]
http://openvswitch.org/mailman/listinfo/discuss
