Reputation: 75
Ryu Controller Drop Packet
How do I send a flow entry to drop a package using Ryu? I've learned from tutorials how to send package out flow entry:
- I define the action:
actions = [ofp_parser.OFPActionOutput(ofp.OFPP_FLOOD)] - Then the entry itself:
out = ofp_parser.OFPPacketOut(datapath=dp, buffer_id=msg.buffer_id, in_port=msg.in_port,actions=actions) - Send the message to the switch:
dp.send_msg(out)
I'm trying to find the documentation to make this code drop the package instead of flooding, without success. I imagine I'll have to change actions on the first step and fp_parser.OFPPacketOut on the second step. I need someone more experienced on Ryu and developing itself to point me to the right direction. Thank you.
Upvotes: 3
Views: 6800
Answers (2)
Reputation: 21
this solution worked for me with a litte tweaks. thanks.
# drop some protocols
drop_eth_types = [
ether_types.ETH_TYPE_ARP,
ether_types.ETH_TYPE_IPv6 # I added this one within ryu libs
]
if eth.ethertype in drop_eth_types:
actions = []
match = parser.OFPMatch(eth_type=eth.ethertype)
inst = [parser.OFPInstructionActions(ofproto.OFPIT_CLEAR_ACTIONS, actions)]
mod = parser.OFPFlowMod(datapath=datapath, priority=1, \
match=match, instructions=inst)
datapath.send_msg(mod)
return
Upvotes: 0
Reputation: 9973
The default disposition of a packet in OpenFlow is to drop the packet. Therefore if you have a Flow Rule that when it matches you want to drop the packet, you should simply have an instruction to CLEAR_ACTIONS and then no other instruction, which means that no other tables will be processed since there is no instruction to process (go to) another table and no actions on it.
Remember to keep in mind your flow priorities. If you have more than one flow rule that will match the packet, the one with the highest priority will be the one to take effect. So your "drop packet" could be hidden behind a higher priority flow rule.
Here is some code that I have that will drop all traffic that matches a given EtherType, assuming that no higher priority packet matches. The function is dependent on a couple of instance variables, namely datapath, proto, and parser.
def dropEthType(self,
match_eth_type = 0x0800):
parser = self.parser
proto = self.proto
match = parser.OFPMatch(eth_type = match_eth_type)
instruction = [
parser.OFPInstructionActions(proto.OFPIT_CLEAR_ACTIONS, [])
]
msg = parser.OFPFlowMod(self.datapath,
table_id = OFDPA_FLOW_TABLE_ID_ACL_POLICY,
priority = 1,
command = proto.OFPFC_ADD,
match = match,
instructions = instruction
)
self._log("dropEthType : %s" % str(msg))
reply = api.send_msg(self.ryuapp, msg)
if reply:
raise Exception
Upvotes: 2
Related Questions
- Understanding Ryu OpenFlow Controller, mininet, WireShark and tcpdump
- Keyerror when handling the EventOFPFlowStatsReply message in the Ryu Controller
- Ryu controller drop packets after fixed number of packets or time
- Monitor Mininet OpenFLow Traffic in WireShark with RYU Controller
- How to change the attributions to make the actions of ryu drop the packet?
- ryu (SDN) traffic controller from (example) Host 1
- How I can identify a packet from the Ryu-controller to OF switch?
- Connection of RYU controller and Flowvisor
- Ryu controller - [Errno 32] Broken pipe
- python - ryu handling packets using a switch after flow was added to switch