Hi Giorgos,
>From your flow table, it’s very likely that the flow entry you used to drop
>traffic between 2 hosts has a lower priority (=100) than the priorities of the
>other 2 entries (default priority). As mentioned in this, “when adding a flow,
>if the field is not specified, the flow's priority will default to 32768.”
>Therefore, incoming packets will always be matched and forwarded between h1
>and h2 by the first 2 flow entries instead of being drop by the last one.
Hope it helps.
Regards,
Quoc Khanh
From: Giorgos Dimopoulos
Sent: Tuesday, 28 August 2018 10:55 PM
To: ryu-devel@lists.sourceforge.net
Subject: [Ryu-devel] Rule to drop traffic between hosts in mininet doesn'twork
Hello,
I'm running mininet with the following configuration:
sudo mn --topo single,2 --mac --controller remote --switch
ovs,protocols=OpenFlow10
on the host computer I'm running ryu with simple_switch and ofct_rest:
ryu-manager --verbose --app-lists ryu.app.simple_switch,ryu.app.ofctl_rest
then I'm using the REST API to block all traffic from h1 to h2:
curl -X POST -d '{
"dpid": 1,
"cookie": 0,
"table_id": 0,
"priority": 100,
"flags": 1,
"match":{
"nw_src": "10.0.0.1/32",
"nw_dst": "10.0.0.2/32",
"dl_type": 2048
},
"actions":[
]
}' http://localhost:8080/stats/flowentry/add
in mininet the OF rule appears correctly:
mininet> sh ovs-ofctl -O OpenFlow10 dump-flows s1
cookie=0x0, duration=40.692s, table=0, n_packets=4, n_bytes=336,
in_port="s1-eth1",dl_src=00:00:00:00:00:01,dl_dst=00:00:00:00:00:02
actions=output:"s1-eth2"
cookie=0x0, duration=40.687s, table=0, n_packets=3, n_bytes=238,
in_port="s1-eth2",dl_src=00:00:00:00:00:02,dl_dst=00:00:00:00:00:01
actions=output:"s1-eth1"
cookie=0x0, duration=5.286s, table=0, n_packets=0, n_bytes=0,
priority=100,ip,nw_src=10.0.0.1,nw_dst=10.0.0.2 actions=drop
but the rule doesn't work since h1 can still ping h2:
mininet> h1 ping h2
PING 10.0.0.2 (10.0.0.2) 56(84) bytes of data.
64 bytes from 10.0.0.2: icmp_seq=1 ttl=64 time=0.496 ms
64 bytes from 10.0.0.2: icmp_seq=2 ttl=64 time=0.061 ms
64 bytes from 10.0.0.2: icmp_seq=3 ttl=64 time=0.065 ms
am I missing something here?
Thanks in advance!
Giorgos
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Ryu-devel mailing list
Ryu-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ryu-devel
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Ryu-devel mailing list
Ryu-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ryu-devel
