</li>
</ul>
- <h3>Ingress Table 3: Destination Lookup</h3>
+ <h3>Ingress Table 3: ARP responder</h3>
+
+ <p>
+ This table implements ARP responder for known IPs. It contains these
+ logical flows:
+ </p>
+
+ <ul>
+ <li>
+ Priority-100 flows to skip ARP responder if inport is of type
+ <code>localnet</code>, and advances directly to table 3.
+ </li>
+
+ <li>
+ <p>
+ Priority-50 flows that matches ARP requests to each known IP address
+ <var>A</var> of logical port <var>P</var>, and respond with ARP
+ replies directly with corresponding Ethernet address <var>E</var>:
+ </p>
+
+ <pre>
+eth.dst = eth.src;
+eth.src = <var>E</var>;
+arp.op = 2; /* ARP reply. */
+arp.tha = arp.sha;
+arp.sha = <var>E</var>;
+arp.tpa = arp.spa;
+arp.spa = <var>A</var>;
+outport = <var>P</var>;
+inport = ""; /* Allow sending out inport. */
+output;
+ </pre>
+
+ <p>
+ These flows are omitted for logical ports (other than router ports)
+ that are down.
+ </p>
+ </li>
+
+ <li>
+ One priority-0 fallback flow that matches all packets and advances to
+ table 4.
+ </li>
+ </ul>
+
+ <h3>Ingress Table 4: Destination Lookup</h3>
<p>
This table implements switching behavior. It contains these logical
<pre>
ip4.dst = ip4.src;
ip4.src = <var>S</var>;
-ip4.ttl = 255;
+ip.ttl = 255;
icmp4.type = 0;
+inport = ""; /* Allow sending out inport. */
next;
</pre>
each individual <code>inport</code>, and use the same actions in
which <var>S</var> is a function of <code>inport</code>.
</p>
-
- <p>
- Not yet implemented.
- </p>
</li>
<li>
arp.tpa = arp.spa;
arp.spa = <var>A</var>;
outport = <var>P</var>;
-inport = \"\"; /* Allow sending out inport. */
+inport = ""; /* Allow sending out inport. */
output;
</pre>
</li>
<p>
ICMP time exceeded. For each router port <var>P</var>, whose IP
address is <var>A</var>, a priority-40 flow with match <code>inport
- == <var>P</var> && ip4.ttl == {0, 1} &&
+ == <var>P</var> && ip.ttl == {0, 1} &&
!ip.later_frag</code> matches packets whose TTL has expired, with the
following actions to send an ICMP time exceeded reply:
</p>
icmp4.code = 0; /* TTL exceeded in transit. */
ip4.dst = ip4.src;
ip4.src = <var>A</var>;
- ip4.ttl = 255;
+ ip.ttl = 255;
next;
};
</pre>
</li>
<li>
- TTL discard. A priority-30 flow with match <code>ip4.ttl == {0,
+ TTL discard. A priority-30 flow with match <code>ip.ttl == {0,
1}</code> and actions <code>drop;</code> drops other packets whose TTL
has expired, that should not receive a ICMP error reply (i.e. fragments
with nonzero offset).
</p>
<pre>
-ip4.ttl--;
+ip.ttl--;
reg0 = <var>G</var>;
next;
</pre>
<p>
- (Ingress table 1 already verified that <code>ip4.ttl--;</code> will
+ (Ingress table 1 already verified that <code>ip.ttl--;</code> will
not yield a TTL exceeded error.)
</p>
icmp4.code = 0; /* Network unreachable. */
ip4.dst = ip4.src;
ip4.src = <var>A</var>;
- ip4.ttl = 255;
+ ip.ttl = 255;
next(2);
};
</pre>