3

How do I send a flow entry to drop a package using Ryu? I've learned from tutorials how to send package out flow entry:

  1. I define the action: actions = [ofp_parser.OFPActionOutput(ofp.OFPP_FLOOD)]
  2. Then the entry itself: out = ofp_parser.OFPPacketOut(datapath=dp, buffer_id=msg.buffer_id, in_port=msg.in_port,actions=actions)
  3. Send the message to the switch: dp.send_msg(out)

I'm trying to find the documentation to make this code drop the package instead of flooding, without success. I imagine I'll have to change actions on the first step and fp_parser.OFPPacketOut on the second step. I need someone more experienced on Ryu and developing itself to point me to the right direction. Thank you.

sinhayash
  • 2,693
  • 4
  • 19
  • 51
HSC
  • 75
  • 1
  • 8
  • I am new to Ryu, and I also met the same problem. Could you share your code for me? I'm really appreciate it! – Charlie Mar 10 '17 at 15:42

2 Answers2

2

The default disposition of a packet in OpenFlow is to drop the packet. Therefore if you have a Flow Rule that when it matches you want to drop the packet, you should simply have an instruction to CLEAR_ACTIONS and then no other instruction, which means that no other tables will be processed since there is no instruction to process (go to) another table and no actions on it.

Remember to keep in mind your flow priorities. If you have more than one flow rule that will match the packet, the one with the highest priority will be the one to take effect. So your "drop packet" could be hidden behind a higher priority flow rule.

Here is some code that I have that will drop all traffic that matches a given EtherType, assuming that no higher priority packet matches. The function is dependent on a couple of instance variables, namely datapath, proto, and parser.

def dropEthType(self,
                match_eth_type = 0x0800):
    parser = self.parser
    proto = self.proto
    match = parser.OFPMatch(eth_type = match_eth_type)
    instruction = [
        parser.OFPInstructionActions(proto.OFPIT_CLEAR_ACTIONS, [])
        ]
    msg = parser.OFPFlowMod(self.datapath,
                            table_id = OFDPA_FLOW_TABLE_ID_ACL_POLICY,
                            priority = 1,
                            command = proto.OFPFC_ADD,
                            match = match,
                            instructions = instruction
                            )
    self._log("dropEthType : %s" % str(msg))
    reply = api.send_msg(self.ryuapp, msg)
    if reply:
        raise Exception
AlanObject
  • 9,613
  • 19
  • 86
  • 142
  • Alan, didn't work for me, I get the following error File "/home/ubuntu/ryu/ryu/app/experiment.py", line 94, in _packet_in_handler dropout = parser.OFPInstructionActions(type=ofproto.OFPIT_CLEAR_ACTIONS) TypeError: __init__() got an unexpected keyword argument 'type' – HSC Dec 16 '16 at 16:36
  • I have tryed many variants and I still can't get the code to work. I'm using the simple_switch_13.py from ryu to test your suggestion to drop packages comming from an especific mac address on mininet, say 00:00:00:00:00:02, using an if condition. If i user "return" instead of the code you suggested it works but then again I get the packetin message every time and that's what I want to avoid. – HSC Dec 16 '16 at 16:57
  • @HSC look at the edit I just did and see if that helps. – AlanObject Dec 16 '16 at 18:44
  • That worked for me with some small changes, like using datapath.send_msg(msg) instead of api.send_msg(self.ryuapp, msg) and replacing the table_id. Thanks for your help! – HSC Dec 20 '16 at 19:50
0

this solution worked for me with a litte tweaks. thanks.

    # drop some protocols
    drop_eth_types = [ 
        ether_types.ETH_TYPE_ARP,
        ether_types.ETH_TYPE_IPv6    # I added this one within ryu libs
    ]

    if eth.ethertype in drop_eth_types:
        actions = []
        match = parser.OFPMatch(eth_type=eth.ethertype)
        inst = [parser.OFPInstructionActions(ofproto.OFPIT_CLEAR_ACTIONS, actions)]
        mod = parser.OFPFlowMod(datapath=datapath, priority=1, \
                                match=match, instructions=inst)
        datapath.send_msg(mod)
        return
신종혁
  • 21
  • 3