查看 Open vSwitch 中的端口信息。从输出结果中,可以获得交换机对应的 datapath ID (dpid),以及每个端口的 OpenFlow 端口编号,端口名称,当前状态等等。
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
$ ovs-ofctl show ovs-switch
OFPT_FEATURES_REPLY (xid=0x2): dpid:00001232a237ea45
n_tables:254, n_buffers:256
capabilities: FLOW_STATS TABLE_STATS PORT_STATS QUEUE_STATS ARP_MATCH_IP
actions: OUTPUT SET_VLAN_VID SET_VLAN_PCP STRIP_VLAN SET_DL_SRC SET_DL_DST
SET_NW_SRC SET_NW_DST SET_NW_TOS SET_TP_SRC SET_TP_DST ENQUEUE
100(p0): addr:54:01:00:00:00:00
config: PORT_DOWN
state: LINK_DOWN
speed: 0 Mbps now, 0 Mbps max
101(p1): addr:54:01:00:00:00:00
config: PORT_DOWN
state: LINK_DOWN
speed: 0 Mbps now, 0 Mbps max
102(p2): addr:54:01:00:00:00:00
config: PORT_DOWN
state: LINK_DOWN
speed: 0 Mbps now, 0 Mbps max
LOCAL(ovs-switch): addr:12:32:a2:37:ea:45
config: 0
state: 0
speed: 0 Mbps now, 0 Mbps max
OFPT_GET_CONFIG_REPLY (xid=0x4): frags=normal miss_send_len=0
如果想获得网络接口的 OpenFlow 编号,也可以在 OVS 的数据库中查询
1
2
$ ovs-vsctl get Interface p0 ofport
100
查看 datapath 的信息
1
2
3
4
5
6
7
8
9
$ ovs-dpctl show
system@ovs-system:
lookups: hit:12173 missed:712 lost:0
flows: 0
port 0: ovs-system (internal)
port 1: ovs-switch (internal)
port 2: p0 (internal)
port 3: p1 (internal)
port 4: p2 (internal)
屏蔽数据包
屏蔽所有进入 OVS 的以太网广播数据包
1
$ ovs-ofctl add-flow ovs-switch "table=0, dl_src=01:00:00:00:00:00/01:00:00:00:00:00, actions=drop"
屏蔽 STP 协议的广播数据包
1
$ ovs-ofctl add-flow ovs-switch "table=0, dl_dst=01:80:c2:00:00:00/ff:ff:ff:ff:ff:f0, actions=drop"
修改数据包
添加新的 OpenFlow 条目,修改从端口 p0 收到的数据包的源地址为 9.181.137.1
1
2
$ ovs-ofctl add-flow ovs-switch "priority=1 idle_timeout=0,\
in_port=100,actions=mod_nw_src:9.181.137.1,normal"
从端口 p0(192.168.1.100)发送测试数据到端口 p1(192.168.1.101)
1
$ ip netns exec ns0 ping 192.168.1.101
在接收端口 p1 监控数据,发现接收到的数据包的来源已经被修改为 9.181.137.1
1
2
3
4
5
$ ip netns exec ns1 tcpdump -i p1 icmp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on p1, link-type EN10MB (Ethernet), capture size 65535 bytes
15:59:16.885770 IP 9.181.137.1 > 192.168.1.101: ICMP echo request, id 23111, seq 457, length 64
15:59:17.893809 IP 9.181.137.1 > 192.168.1.101: ICMP echo request, id 23111, seq 458, length 64
重定向数据包
添加新的 OpenFlow 条目,重定向所有的 ICMP 数据包到端口 p2
1
$ ovs-ofctl add-flow ovs-switch idle_timeout=0,dl_type=0x0800,nw_proto=1,actions=output:102
从端口 p0 (192.168.1.100)发送数据到端口 p1(192.168.1.101)
1
$ ip netns exec ns0 ping 192.168.1.101
在端口 p2 上监控数据,发现数据包已被转发到端口 p2
1
2
3
4
5
$ ip netns exec ns3 tcpdump -i p2 icmp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on p2, link-type EN10MB (Ethernet), capture size 65535 bytes
16:07:35.677770 IP 192.168.1.100 > 192.168.1.101: ICMP echo request, id 23147, seq 25, length 64
16:07:36.685824 IP 192.168.1.100 > 192.168.1.101: ICMP echo request, id 23147, seq 26, length 64
修改数据包的 VLAN Tag