查看 Open vSwitch 中的端口信息。从输出结果中,可以获得交换机对应的 datapath ID (dpid),以及每个端口的 OpenFlow 端口编号,端口名称,当前状态等等。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23
$ ovs-ofctl show ovs-switch OFPT_FEATURES_REPLY (xid=0x2): dpid:00001232a237ea45 n_tables:254, n_buffers:256 capabilities: FLOW_STATS TABLE_STATS PORT_STATS QUEUE_STATS ARP_MATCH_IP actions: OUTPUT SET_VLAN_VID SET_VLAN_PCP STRIP_VLAN SET_DL_SRC SET_DL_DST SET_NW_SRC SET_NW_DST SET_NW_TOS SET_TP_SRC SET_TP_DST ENQUEUE 100(p0): addr:54:01:00:00:00:00 config: PORT_DOWN state: LINK_DOWN speed: 0 Mbps now, 0 Mbps max 101(p1): addr:54:01:00:00:00:00 config: PORT_DOWN state: LINK_DOWN speed: 0 Mbps now, 0 Mbps max 102(p2): addr:54:01:00:00:00:00 config: PORT_DOWN state: LINK_DOWN speed: 0 Mbps now, 0 Mbps max LOCAL(ovs-switch): addr:12:32:a2:37:ea:45 config: 0 state: 0 speed: 0 Mbps now, 0 Mbps max OFPT_GET_CONFIG_REPLY (xid=0x4): frags=normal miss_send_len=0
如果想获得网络接口的 OpenFlow 编号,也可以在 OVS 的数据库中查询
1 2
$ ovs-vsctl get Interface p0 ofport 100
查看 datapath 的信息
1 2 3 4 5 6 7 8 9
$ ovs-dpctl show system@ovs-system: lookups: hit:12173 missed:712 lost:0 flows: 0 port 0: ovs-system (internal) port 1: ovs-switch (internal) port 2: p0 (internal) port 3: p1 (internal) port 4: p2 (internal)
屏蔽数据包
屏蔽所有进入 OVS 的以太网广播数据包
1
$ ovs-ofctl add-flow ovs-switch "table=0, dl_src=01:00:00:00:00:00/01:00:00:00:00:00, actions=drop"
屏蔽 STP 协议的广播数据包
1
$ ovs-ofctl add-flow ovs-switch "table=0, dl_dst=01:80:c2:00:00:00/ff:ff:ff:ff:ff:f0, actions=drop"
修改数据包
添加新的 OpenFlow 条目,修改从端口 p0 收到的数据包的源地址为 9.181.137.1
1 2
$ ovs-ofctl add-flow ovs-switch "priority=1 idle_timeout=0,\ in_port=100,actions=mod_nw_src:9.181.137.1,normal"
从端口 p0(192.168.1.100)发送测试数据到端口 p1(192.168.1.101)
1
$ ip netns exec ns0 ping 192.168.1.101
在接收端口 p1 监控数据,发现接收到的数据包的来源已经被修改为 9.181.137.1
1 2 3 4 5
$ ip netns exec ns1 tcpdump -i p1 icmp tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on p1, link-type EN10MB (Ethernet), capture size 65535 bytes 15:59:16.885770 IP 9.181.137.1 > 192.168.1.101: ICMP echo request, id 23111, seq 457, length 64 15:59:17.893809 IP 9.181.137.1 > 192.168.1.101: ICMP echo request, id 23111, seq 458, length 64
重定向数据包
添加新的 OpenFlow 条目,重定向所有的 ICMP 数据包到端口 p2
1
$ ovs-ofctl add-flow ovs-switch idle_timeout=0,dl_type=0x0800,nw_proto=1,actions=output:102
从端口 p0 (192.168.1.100)发送数据到端口 p1(192.168.1.101)
1
$ ip netns exec ns0 ping 192.168.1.101
在端口 p2 上监控数据,发现数据包已被转发到端口 p2
1 2 3 4 5
$ ip netns exec ns3 tcpdump -i p2 icmp tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on p2, link-type EN10MB (Ethernet), capture size 65535 bytes 16:07:35.677770 IP 192.168.1.100 > 192.168.1.101: ICMP echo request, id 23147, seq 25, length 64 16:07:36.685824 IP 192.168.1.100 > 192.168.1.101: ICMP echo request, id 23147, seq 26, length 64
修改数据包的 VLAN Tag