hi kk; thanks for the response - apologies for the delay, i've been away in china and unable to do any further testing. i've now done so - responses/results inline. any further help would be great- no doubt i'll be doing something stupid with how i've got things configured, but i can't see it yet :/
On 14 May 2010 20:38, kk yap <[email protected]> wrote: > On 14 May 2010 12:23, Richard Mortier <[email protected]> wrote: ... >> however, in neither case are packets dropped - if i test by pinging >> one of the interfaces against which ofdatapath is running then tcpdump >> still shows me the ECHO request and reply; similarly if i try >> connecting to a simple client/server TCP app, the handshake and data >> transfer still occurs. ie., it looks like traffic still flows >> unimpeded in and out of eth0. > > This is strange. Either method should work. For the first method, > you need to make sure nox.xml is correctly configured. what did you mean by this? in any case, i've tried putting my script in as a filter entry for the packet_in event, and removing it - doing so appears to have no effect. > For the > second method, check that you have a flow entry by using dpctl > dump-flows. i have now done this; a flow entry is certainly being created, both when i'm testing with ping and when i test using curl against a dummy http server on tcp/9090. i also observe it's byte and packet counters being updated. >> (1) is what i'm trying to do possible? (and if not, can someone explain >> why?) > > Definitely this can be done. can you give any more info as to how this ends up being implemented when i use the userspace ofdatapath and ofprotocol? on the assumption that the openflow flow entries get mapped into netfilter rules, i also poked around a bit with tc, ip and iptables - tc showed a new qdisc for tap0, but the other two didn't show any differences after the flow was installed. if openflow flow entries don't get mapped into netfilter in this case, then how are packets actually dropped on a flow with no actions? fwiw, here're the command lines i'm using to run the various components: $ sudo ofdatapath -D -vANY:syslog:dbg -P/tmp/ofdatapath.pid -i eth0 punix:/var/run/dp0.sock $ sudo ofprotocol -Fclosed -D --log-file=/tmp/ofprotocol.log -vANY:syslog:dbg -P/tmp/ofprotocol.pid tcp:localhost:2525 unix:/var/run/dp0.sock $ ./nox_core -i ptcp:2525 homework ...where homework.py lives in nox.git/src/nox/coreapps/examples/homework.py, and i've added the following stanza to nox.git/src/nox/coreapps/examples/meta.xml: <component> <name>homework</name> <dependency> <name>python</name> </dependency> <python>nox.coreapps.examples.homework</python> </component> the relevant function in homework.py (most of which is the usual boilerplate) is simply: """ def packet_in(dpid, inport, reason, len, bufid, packet): ## Homework.send_openflow(dpid, bufid, packet.arr, openflow.OFPP_FLOOD, inport) flow = extract_flow(packet) if not ((packet.type == packet.IP_TYPE and packet.next.protocol == 1) or (9090 in (flow['tp_dst'], flow['tp_src']))): return CONTINUE flow[core.IN_PORT] = inport flow[core.TP_SRC] = 0 ppf((flow.keys())) actions = [] ## should have effect of dropping all matching ppf(("PI, installing...", dpid, inport, reason, len, bufid, flow)) rv = Homework.install_datapath_flow( dpid, flow, IDLE_TIMEOUT, openflow.OFP_FLOW_PERMANENT, actions, bufid, openflow.OFP_DEFAULT_PRIORITY, inport, packet.arr) ppf(("PI1, installed...", rv)) return STOP """ ppf is just a relabelling of pprint.pprint; rv is always None; as i mention above, the flow entry *does* seem to be installed. when i uncomment the first line (the OFPP_FLOOD), then i see the incoming packet also appear on the tap0 device. >> (3) as i understand it, the openflow kernel module is not currently >> supported in NOX 0.8/Openflow 1.0; are there plans to bring this back, >> and if so, what's the timeline? > > use OpenvSwitch? thanks! i'll investigate that once i've got something working with the userspace components then (since you say that what i'm trying to do ought to work with the userspace components :) cheers, -- Richard Mortier [email protected] _______________________________________________ nox-dev mailing list [email protected] http://noxrepo.org/mailman/listinfo/nox-dev_noxrepo.org
