Re: [pox-dev] Match structure in flows

Mon, 20 May 2013 12:11:31 -0700 

What you're doing wrong is not clear in the OpenFlow 1.0 spec.  1.0.1 clarified 
it, and Open vSwitch's documentation is also fairly clear on the subject.

Matches have prerequisites.  Basically, you can't match on something from a 
deeper layer without matching on the appropriate thing in the shallower layer 
first.  So, for example, you can't match on fields in an IP header without 
first matching that the Ethernet frame type is actually IP.  Similarly, you 
can't match on TCP or UDP port numbers without first specifying that the IP 
protocol is TCP or UDP.

In your case, this means your match also needs to match for dl_type = 
pkt.ethernet.IP_TYPE (0x0800), and nw_proto = pkt.ipv4.TCP_PROTOCOL.

-- Murphy

On May 20, 2013, at 12:00 PM, Alex wrote:

> Hello everyone.
> 
> I'm using MIninet 2.0, POX and Open vSwitch, and I try to implement NAT/PAT 
> function in switch. But I faced with one problem: when I send ofp_flow_mod 
> message, like this:
> 
> ip_packet = packet.payload
> tcp_packet = ip_packet.payload
> new_src_port = random.randint(4096, 65533)
> 
> back_msg = of.ofp_flow_mod()
> back_msg.cookie = 12
> back_msg.match.in_port = port
> back_msg.match.nw_dst = IPAddr("10.0.2.1") 
> back_msg.match.tp_dst = new_src_port
> back_msg.actions.append(of.ofp_action_output(port = event.port))
> back_msg.actions.append(of.ofp_action_nw_addr.set_dst(ip_packet.srcip))
> back_msg.actions.append(of.ofp_action_tp_port.set_dst(tcp_packet.srcport))
> back_msg.idle_timeout = 120
> self.connection.send(back_msg)
> 
> and then I check flow with command:
>  ovs-ofctl dump-flows tcp:127.0.0.1:6635
> 
> And the only flow with cookie = 12 has only 1 match field instead of 3, that 
> I specify in match structure, but all actions are correct:
> 
> cookie=0xc, duration=5.999s, table=0, n_packets=6, n_bytes=1637, 
> idle_timeout=120,in_port=2 
> actions=output:1,mod_nw_dst:10.0.1.1,mod_tp_dst:57830
> 
> I've added log.debug message, that could help to find problem, but it looks 
> ok:
> log.debug('Back message with match structure: port -  %i, IP-dest - %s, 
> TCP-port dst - %i' % (port, back_msg.match.nw_dst, back_msg.match.tp_dst))
> 
> DEBUG:ext.lab_4:Back message with match structure: port -  2, IP-dest - 
> 10.0.2.1, TCP-port dst - 51920
> 
> I send one more ofp_flow_mod message in the same event handler, but I use 
> ofp_match.from_packet() method and it works fine.
> 
> Thanks,
> Alex.

Reply via email to