If I have these two rules installed on a switch, which one should be executed according to OpenFlow switch specifications? OVS executes the first although the second has higher priority:
First Rule:
cookie=0x20000002000000,
duration=14647.575s,
table=0,
n_packets=1297621,
n_bytes=145897910,
idle_timeout=65535,
priority=1,
udp,
in_port=3,
dl_src=02:6d:f3:c1:b4:7b,
dl_dst=02:54:ab:ce:ba:0f,
nw_src=10.10.10.6,
nw_dst=10.10.10.1,
tp_src=46329,
tp_dst=1000
actions=output:1
Second Rule:
cookie=0xa000004039d1ae,
duration=164.680s,
table=0,
n_packets=0,
n_bytes=0,
send_flow_rem
priority=9999,
udp,
in_port=ANY,
nw_src=10.10.10.6,
nw_dst=10.10.10.1,
tp_dst=1000
actions=set_field:10.10.10.6->ip_src,
output:1
Although this is not currently documented, ANY as a value for in_port should only be used for flow mod (delete) and flow stats requests. To match packets regardless of their port, you can simply remove in_port=ANY from your OpenFlow rule.
This behavior is not documented, but several places in the source code mention it. First, OFPP_ANY is defined as a synonym of OFPP_NONE. The comment above mentions that it should only be used to match OpenFlow rules. Finally, the comment for OFPP_NONE definition states that OFPP_NONE means Not associated with any port.
I think this should be properly documented or ovs-ofctl should reject that value when used improperly. I'll raise the issue on the ovs-dev mailing list and will update this post depending on the answer.