-
Notifications
You must be signed in to change notification settings - Fork 93
unexpected drop with consecutive matches #64
Description
Hi all,
we have found this issue. When writing a policy like match1 >> (match2 >> fwd), two rules are created instead of one:
- The first one, with higher priority, is the expected one.
- The second one is the rule match1 >> drop.
For instance, with match1 selecting all TCP packets and match2 selecting only the ones with dstip equal to 10.0.3.100 on a certain switch we write in Pyretic:
self.policy = (match(ethtype=2048,protocol=packet.TCP_PROTO) >> (match(switch=203178705145866,dstip='10.0.3.100') >> fwd(10)))
we get the following OF flow rules (the created rules are marked with **):
**cookie=0x4, duration=16.134s, table=0, n_packets=0, n_bytes=0, idle_age=16, priority=59999,tcp,nw_dst=10.0.3.100 actions=output:10**
cookie=0x0, duration=16.134s, table=0, n_packets=4, n_bytes=252, idle_age=0, priority=60002,dl_type=0x88cc actions=CONTROLLER:65535
cookie=0x0, duration=16.134s, table=0, n_packets=0, n_bytes=0, idle_age=16, priority=60001,ipv6 actions=drop
cookie=0x4, duration=16.134s, table=0, n_packets=0, n_bytes=0, idle_age=16, priority=60000,tcp,in_port=10,nw_dst=10.0.3.100 actions=IN_PORT
**cookie=0x4, duration=16.134s, table=0, n_packets=16, n_bytes=1420, idle_age=1, priority=59998,tcp actions=drop**
cookie=0x0, duration=16.134s, table=0, n_packets=0, n_bytes=0, idle_age=16, priority=0 actions=CONTROLLER:65535
cookie=0x4, duration=16.134s, table=0, n_packets=6, n_bytes=271, idle_age=1, priority=59997 actions=drop
I don't know if this can help, but we found a previous similar issue:
The difference wrt our case is that the two created matches for issue #28 are equal, so the proposed patch eliminating duplicated rules works. In our case, however, it would not work.
Thank you in advance,
Giovanni