POF表项指令和动作的合法性检测

Validity Check of Instructions and Actions of POF Entries

POF协议是SDN的一种南向接口协议,相较于经典的OpenFlow协议具有协议无关、灵活性强的特点。在关于POF协议的最近研究中,学者们为POF增加了比较和跳转等动作和指令,使得每个表项可以实现的功能更为强大。但指令数量和功能的增加也为软件交换机对于表项指令和动作的解释执行过程带来了更大的不稳定性。本文旨在通过对表项的静态检查提前发现使得软件交换机崩溃的情形,从而提高系统的鲁棒性。首先分析POF表项动作和指令的特点,并设计检测方案的架构;接着提出基于控制流图的检测算法,用于发现表项中的指令错误、不可达指令和循环块;进一步地,针对出现的循环块,提出一种基于强连通分量的检测算法,用于判断循环块的合法性。在POF交换机上的实验表明,本文所述方案可以准确检测出常见的表项错误,为软件交换机的可靠性提供保证。同时,不同于通常的检测程序,本文的检测方案在设计时着重考虑检测效率,整体检测方案具有线性复杂度,可以实现对流表表项的实时检测。

The POF protocol is a southbound interface protocol of SDN.Compared with the classic OpenFlow protocol,POF is protocol-independent and flexible.In recent research on the POF protocol,scholars have added actions and instructions such as comparison and jump to the POF,making each table entry more powerful.However,the increase in the number of instructions and functions has also brought greater instability to the interpretation and execution of entry instructions and actions by software switches.The purpose of this article is to improve the robustness of the system by statically checking for situations that cause software switches to crash in advance.We first analyze the characteristics of the POF matching action table and design a specific detection scheme.Then a control flow graph-based detection algorithm is proposed to find instruction errors,unreachable instructions,and loop blocks in the entries.Further,for a cyclic block,a detection algorithm based on a strongly connected component is proposed to determine the validity of the cyclic block.Experiments on POF switches show that the scheme described in this article can accurately detect common entry errors and provide reliability for software switches.At the same time,the detection is light and fast,so that it can detect flow table entries in real time.