unexpected drop with consecutive matches

Hi all,

we have found this issue. When writing a policy like match1 >> (match2 >> fwd), two rules are created instead of one:

The first one, with higher priority, is the expected one.
The second one is the rule match1 >> drop.

For instance, with match1 selecting all TCP packets and match2 selecting only the ones with dstip equal to 10.0.3.100 on a certain switch we write in Pyretic:

self.policy = (match(ethtype=2048,protocol=packet.TCP_PROTO) >> (match(switch=203178705145866,dstip='10.0.3.100') >> fwd(10)))

we get the following OF flow rules (the created rules are marked with **):

 **cookie=0x4, duration=16.134s, table=0, n_packets=0, n_bytes=0, idle_age=16, priority=59999,tcp,nw_dst=10.0.3.100 actions=output:10**
 cookie=0x0, duration=16.134s, table=0, n_packets=4, n_bytes=252, idle_age=0, priority=60002,dl_type=0x88cc actions=CONTROLLER:65535
 cookie=0x0, duration=16.134s, table=0, n_packets=0, n_bytes=0, idle_age=16, priority=60001,ipv6 actions=drop
 cookie=0x4, duration=16.134s, table=0, n_packets=0, n_bytes=0, idle_age=16, priority=60000,tcp,in_port=10,nw_dst=10.0.3.100 actions=IN_PORT
 **cookie=0x4, duration=16.134s, table=0, n_packets=16, n_bytes=1420, idle_age=1, priority=59998,tcp actions=drop**
 cookie=0x0, duration=16.134s, table=0, n_packets=0, n_bytes=0, idle_age=16, priority=0 actions=CONTROLLER:65535
 cookie=0x4, duration=16.134s, table=0, n_packets=6, n_bytes=271, idle_age=1, priority=59997 actions=drop

I don't know if this can help, but we found a previous similar issue:

https://github.com/frenetic-lang/pyretic/issues/28

The difference wrt our case is that the two created matches for issue #28 are equal, so the proposed patch eliminating duplicated rules works. In our case, however, it would not work.

Thank you in advance, Giovanni

frenetic-lang / pyretic

unexpected drop with consecutive matches #64