On Thu, 05 Jul 2018 21:21:52 +0900, Yusuke Iwase wrote: > > [1 <multipart/alternative (7bit)>] > [1.1 <text/plain; utf-8 (quoted-printable)>] > Hi Suresh, > > How about “tcp_flags” match field? > http://ryu.readthedocs.io/en/latest/ofproto_v1_3_ref.html#flow-match-structure > > Thanks, > Iwase > > 2018/07/05 20:31、knet solutions <knetsolutio...@gmail.com>のメール: > > > Hi, I am trying to implement the TCP Statefull firewall. > > > > I can write the application, which looks the TCP Packets for 3 way > > handshaking(Genuine TCP Session Start) and will install the openflow rule > > in datapath(with TCP SRC and DST port). > > > > But how the application, can know the Session Termination (FIN, RST etc), > > to remove the flow. > > > > I guess, in the Openflow match rules we have only TCP Port numbers... > > > > Any suggestions.
AFAIK matching against tcp_flags is supported only by Nicira extension or OpenFlow>=1.5 (EXT-109). The ovs implementation of OpenFlow 1.3 seems to support that, though. (OpenStack's ovs firewall uses that.) -- IWAMOTO Toshihiro ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Ryu-devel mailing list Ryu-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ryu-devel
