[ovs-discuss] SYN packet mirroring

Justin Pettit jpettit at ovn.org
Thu May 25 17:26:29 UTC 2017

> On May 25, 2017, at 2:10 AM, Avi Cohen (A) <avi.cohen at huawei.com> wrote:
> Hi All,
> I need to capture all received SYN packets from all interfaces and to mirror/output to a specific interface in addition to the operational interface that these packets should be forwarded.
> Can I do it with a single dpctl  add-flow cli command ?  and not modify the 'operational' flows that are used to normally connect TCP clients to TCP servers ?

No, if you run ovs-vswitchd, it will be confused when flows are added with ovs-dpctl, and delete them.  Also, I don't think that would work, since the kernel module will only apply actions from a single flow, so you'll either send the SYN packet to your collector or forward it appropriately, but not both.

You should be able to construct what you want pretty easily with ovs-ofctl flows, though.


More information about the discuss mailing list