Aaron Conole

Recent Posts

Non-root Open vSwitch in RHEL

Non-root Open vSwitch in RHEL

In a few weeks, the Fast Datapath Production channel will update the Open vSwitch version from the 2.7 series to the 2.9 series. This is an important change in more ways than one. A wealth of new features and fixes all related to packet movement will come into play. One that will surely be blamed for all your troubles will be the integration of the `–ovs-user` flag to allow for an unprivileged user to interact with Open vSwitch.

Running as root can solve a lot of pesky problems. Want to write to an arbitrary file? No problem. Want to load kernel modules? Go for it! Want to sniff packets on the wire? Have a packet dump. All of these are great when the person commanding the computer is the rightful owner. But the moment the person in front of the keyboard isn’t the rightful owner, problems occur.

Continue reading “Non-root Open vSwitch in RHEL”

Share
Direct Kernel Open vSwitch Flow Programming

Direct Kernel Open vSwitch Flow Programming

Typically, users will interact with the Open vSwitch kernel datapath by way of the ‘ovs-ofctl’ utility to program OpenFlow rules into the ‘ovs-vswitchd’. However, this isn’t the only mechanism for forwarding packets via the openvswitch kernel module. An additional direct flow-programming interface is available using the ‘ovs-dpctl’ utility to add flows to the kernel. This post will cover influencing the movement of packets through the openvswitch kernel module using the ‘ovs-dpctl’ utility.

Continue reading “Direct Kernel Open vSwitch Flow Programming”

Share