[ovs-discuss] Not hitting flow rules based on udp ports

Matthew.Stevens at ecs.vuw.ac.nz Matthew.Stevens at ecs.vuw.ac.nz
Fri May 20 08:06:52 UTC 2016


Cancel that, using nping to create the udp packets works which blows this
theory out the water.

Cheers

> Hi, I suspect this will become a bug report.
>
> I wish to stop all traffic from a specific udp port. I can do so with tcp,
> but not with udp.
>
> The setup is VirtualBox 5, running Ubuntu 14 and OpenvSwitch 2.0.2. My two
> hosts are on their own VirtualBox instances.
>
> Interestingly I can catch udp port traffic on Mininet, however this
> framework deliberately does not use Mininet.
>
> The flow rule is:
> sudo ovs-ofctl add-flow br0 priority=44000,udp,udp_src=6660,actions=DROP
>
> dump-flows shows the packet counts are not increasing while tcpdump on the
> switch shows the flows are arriving (and leaving). In addition the
> generated flows are definitely udp traffic for this port.
>
> Installing the same rule minus the udp_src=6660, catches all udp flows.
> Using udp,nw_src=x.x.x.x also catches the udp packets unless I add
> udp_src=6660. Changing the udp port number has no impact (tried 6000,
> 6600, 6660).
>
> Catching tcp flows using tcp_src works as expected.
>
> As mentioned specifying udp_src works fine on Mininet, just not on
> VirtualBox. Not sure where to go from here.
>
> Cheers
>
>
> _______________________________________________
> discuss mailing list
> discuss at openvswitch.org
> http://openvswitch.org/mailman/listinfo/discuss
>
>




More information about the discuss mailing list