Forged and tampered data frames should be identified and filtered out to ensure network security and efficiency. However， the existing schemes usually fail to work when verification devices are attacked or maliciously controlled in the Software Defined Network （SDN）. To solve the above problem， a blockchain-based data frame security verification mechanism was proposed. Firstly， a Proof of Frame Forwarding （PoFF） consensus algorithm was designed and used to build a lightweight blockchain system. Then， an efficient data frame security verifying scheme for SDN data frame was proposed on the basis of this blockchain system. Finally， a flexible semi-random verifying scheme was presented to balance the verification efficiency and the resource cost. Simulation results show that compared with the hash chain based verifying scheme， the proposed scheme decreases the missed detection rate significantly when an equal proportion of switches are maliciously controlled. Specifically， when the proportion is 40%， the decrease effect is very obvious， the missed detection rate can still be kept no more than 32% in the basic verification mode， and can be further reduced to 7% with the assistance of the semi-random verifying scheme. Both are much lower than the missed detection rate of 72% in the hash chain based verifying scheme， and the resource overhead and communication cost introduced by the proposed mechanism are within a reasonable range. Additionally， the proposed scheme can still maintain good verification performance and efficiency even when the SDN controller is completely unable to work.