[mirror_ovs.git] / lib / dpctl.man

.TP
\*(DX\fBadd\-dp \fIdp\fR [\fInetdev\fR[\fB,\fIoption\fR]...]
Creates datapath \fIdp\fR, with a local port also named \fIdp\fR.
This will fail if a network device \fIdp\fR already exists.
.IP
If \fInetdev\fRs are specified, \fB\*(PN\fR adds them to the
new datapath, just as if \fBadd\-if\fR was specified.
.
.TP
\*(DX\fBdel\-dp \fIdp\fR
Deletes datapath \fIdp\fR.  If \fIdp\fR is associated with any network
devices, they are automatically removed.
.
.TP
\*(DX\fBadd\-if \fIdp netdev\fR[\fB,\fIoption\fR]...
Adds each \fInetdev\fR to the set of network devices datapath
\fIdp\fR monitors, where \fIdp\fR is the name of an existing
datapath, and \fInetdev\fR is the name of one of the host's
network devices, e.g. \fBeth0\fR.  Once a network device has been added
to a datapath, the datapath has complete ownership of the network device's
traffic and the network device appears silent to the rest of the
system.
.IP
A \fInetdev\fR may be followed by a comma-separated list of options.
The following options are currently supported:
.
.RS
.IP "\fBtype=\fItype\fR"
Specifies the type of port to add.  The default type is \fBsystem\fR.
.IP "\fBport_no=\fIport\fR"
Requests a specific port number within the datapath.  If this option is
not specified then one will be automatically assigned.
.IP "\fIkey\fB=\fIvalue\fR"
Adds an arbitrary key-value option to the port's configuration.
.RE
.IP
\fBovs\-vswitchd.conf.db\fR(5) documents the available port types and
options.
.
.IP "\*(DX\fBset\-if \fIdp port\fR[\fB,\fIoption\fR]..."
Reconfigures each \fIport\fR in \fIdp\fR as specified.  An
\fIoption\fR of the form \fIkey\fB=\fIvalue\fR adds the specified
key-value option to the port or overrides an existing key's value.  An
\fIoption\fR of the form \fIkey\fB=\fR, that is, without a value,
deletes the key-value named \fIkey\fR.  The type and port number of a
port cannot be changed, so \fBtype\fR and \fBport_no\fR are only allowed if
they match the existing configuration.
.TP
\*(DX\fBdel\-if \fIdp netdev\fR...
Removes each \fInetdev\fR from the list of network devices datapath
\fIdp\fR monitors.
.
.TP
\*(DX\fBdump\-dps\fR
Prints the name of each configured datapath on a separate line.
.
.TP
.DO "[\fB\-s\fR | \fB\-\-statistics\fR]" "\*(DX\fBshow" "\fR[\fIdp\fR...]"
Prints a summary of configured datapaths, including their datapath
numbers and a list of ports connected to each datapath.  (The local
port is identified as port 0.)  If \fB\-s\fR or \fB\-\-statistics\fR
is specified, then packet and byte counters are also printed for each
port.
.IP
The datapath numbers consists of flow stats and mega flow mask stats.
.IP
The "lookups" row displays three stats related to flow lookup triggered
by processing incoming packets in the datapath. "hit" displays number
of packets matches existing flows. "missed" displays the number of
packets not matching any existing flow and require user space processing.
"lost" displays number of packets destined for user space process but
subsequently dropped before reaching userspace. The sum of "hit" and "miss"
equals to the total number of packets datapath processed.
.IP
The "flows" row displays the number of flows in datapath.
.IP
The "masks" row displays the mega flow mask stats. This row is omitted
for datapath not implementing mega flow. "hit" displays the total number
of masks visited for matching incoming packets. "total" displays number of
masks in the datapath. "hit/pkt" displays the average number of masks
visited per packet; the ratio between "hit" and total number of
packets processed by the datapath".
.IP
If one or more datapaths are specified, information on only those
datapaths are displayed.  Otherwise, \fB\*(PN\fR displays information
about all configured datapaths.
.SS "DATAPATH FLOW TABLE DEBUGGING COMMANDS"
The following commands are primarily useful for debugging Open
vSwitch.  The flow table entries (both matches and actions) that they
work with are not OpenFlow flow entries.  Instead, they are different
and considerably simpler flows maintained by the Open vSwitch kernel
module.  Use \fBovs\-ofctl\fR(8), instead, to work with OpenFlow flow
entries.
.
.PP
The \fIdp\fR argument to each of these commands is optional when
exactly one datapath exists, in which case that datapath is the
default.  When multiple datapaths exist, then a datapath name is
required.
.
.TP
.DO "[\fB\-m \fR| \fB\-\-more\fR]" \*(DX\fBdump\-flows\fR "[\fIdp\fR] [\fBfilter=\fIfilter\fR]"
Prints to the console all flow entries in datapath \fIdp\fR's flow
table.  Without \fB\-m\fR or \fB\-\-more\fR, output omits match fields
that a flow wildcards entirely; with \fB\-m\fR or \fB\-\-more\fR,
output includes all wildcarded fields.
.IP
If \fBfilter=\fIfilter\fR is specified, only displays the flows
that match the \fIfilter\fR. \fIfilter\fR is a flow in the form similiar
to that accepted by \fBovs\-ofctl\fR(8)'s \fBadd\-flow\fR command. (This is
not an OpenFlow flow: besides other differences, it never contains wildcards.)
The \fIfilter\fR is also useful to match wildcarded fields in the datapath
flow. As an example, \fBfilter='tcp,tp_src=100'\fR will match the
datapath flow containing '\fBtcp(src=80/0xff00,dst=8080/0xff)\fR'.
.
.IP "\*(DX\fBadd\-flow\fR [\fIdp\fR] \fIflow actions\fR"
.TP
.DO "[\fB\-\-clear\fR] [\fB\-\-may-create\fR] [\fB\-s\fR | \fB\-\-statistics\fR]" "\*(DX\fBmod\-flow\fR" "[\fIdp\fR] \fIflow actions\fR"
Adds or modifies a flow in \fIdp\fR's flow table that, when a packet
matching \fIflow\fR arrives, causes \fIactions\fR to be executed.
.IP
The \fBadd\-flow\fR command succeeds only if \fIflow\fR does not
already exist in \fIdp\fR.  Contrariwise, \fBmod\-flow\fR without
\fB\-\-may\-create\fR only modifies the actions for an existing flow.
With \fB\-\-may\-create\fR, \fBmod\-flow\fR will add a new flow or
modify an existing one.
.IP
If \fB\-s\fR or \fB\-\-statistics\fR is specified, then
\fBmod\-flow\fR prints the modified flow's statistics.  A flow's
statistics are the number of packets and bytes that have passed
through the flow, the elapsed time since the flow last processed a
packet (if ever), and (for TCP flows) the union of the TCP flags
processed through the flow.
.IP
With \fB\-\-clear\fR, \fBmod\-flow\fR zeros out the flow's
statistics.  The statistics printed if \fB\-s\fR or
\fB\-\-statistics\fR is also specified are those from just before
clearing the statistics.
.
.TP
.DO "[\fB\-s\fR | \fB\-\-statistics\fR]" "\*(DX\fBdel\-flow\fR" "[\fIdp\fR] \fIflow\fR"
Deletes the flow from \fIdp\fR's flow table that matches \fIflow\fR.
If \fB\-s\fR or \fB\-\-statistics\fR is specified, then
\fBdel\-flow\fR prints the deleted flow's statistics.
.
.IP "\*(DX\fBget\-flow\fR [\fIdp\fR] ufid:\fIufid\fR"
Fetches the flow from \fIdp\fR's flow table with unique identifier \fIufid\fR.
\fIufid\fR must be specified as a string of 32 hexadecimal characters.
.
.IP "\*(DX\fBdel\-flows\fR [\fIdp\fR]"
Deletes all flow entries from datapath \fIdp\fR's flow table.
.SS "CONNECTION TRACKING TABLE DEBUGGING COMMANDS"
The following commands are primarily useful for debugging the connection
tracking entries in the datapath.
.
.PP
The \fIdp\fR argument to each of these commands is optional when
exactly one datapath exists, in which case that datapath is the
default.  When multiple datapaths exist, then a datapath name is
required.
.
.PP
\fBN.B.\fR(Linux specific): the \fIsystem\fR datapaths (i.e. the Linux
kernel module Open vSwitch datapaths) share a single connection tracking
table (which is also used by other kernel subsystems, such as iptables,
nftables and the regular host stack).  Therefore, the following commands
do not apply specifically to one datapath.
.
.TP
.DO "[\fB\-m\fR | \fB\-\-more\fR] [\fB\-s\fR | \fB\-\-statistics\fR]" "\*(DX\fBdump\-conntrack\fR" "[\fIdp\fR] [\fBzone=\fIzone\fR]"
Prints to the console all the connection entries in the tracker used by
\fIdp\fR.  If \fBzone=\fIzone\fR is specified, only shows the connections
in \fBzone\fR.  With \fB\-\-more\fR, some implementation specific details
are included. With \fB\-\-statistics\fR timeouts and timestamps are
added to the output.
.
.TP
\*(DX\fBflush\-conntrack\fR [\fIdp\fR] [\fBzone=\fIzone\fR]
Flushes all the connection entries in the tracker used by \fIdp\fR.
If \fBzone=\fIzone\fR is specified, only flushes the connections in
\fBzone\fR.
Commit	Line	Data
fceef209 DDP	1	.TP
	2	\*(DX\fBadd\-dp \fIdp\fR [\fInetdev\fR[\fB,\fIoption\fR]...]
	3	Creates datapath \fIdp\fR, with a local port also named \fIdp\fR.
	4	This will fail if a network device \fIdp\fR already exists.
	5	.IP
	6	If \fInetdev\fRs are specified, \fB\*(PN\fR adds them to the
	7	new datapath, just as if \fBadd\-if\fR was specified.
	8	.
	9	.TP
	10	\*(DX\fBdel\-dp \fIdp\fR
	11	Deletes datapath \fIdp\fR. If \fIdp\fR is associated with any network
	12	devices, they are automatically removed.
	13	.
	14	.TP
	15	\*(DX\fBadd\-if \fIdp netdev\fR[\fB,\fIoption\fR]...
	16	Adds each \fInetdev\fR to the set of network devices datapath
	17	\fIdp\fR monitors, where \fIdp\fR is the name of an existing
	18	datapath, and \fInetdev\fR is the name of one of the host's
	19	network devices, e.g. \fBeth0\fR. Once a network device has been added
	20	to a datapath, the datapath has complete ownership of the network device's
	21	traffic and the network device appears silent to the rest of the
	22	system.
	23	.IP
	24	A \fInetdev\fR may be followed by a comma-separated list of options.
	25	The following options are currently supported:
	26	.
	27	.RS
	28	.IP "\fBtype=\fItype\fR"
	29	Specifies the type of port to add. The default type is \fBsystem\fR.
	30	.IP "\fBport_no=\fIport\fR"
	31	Requests a specific port number within the datapath. If this option is
	32	not specified then one will be automatically assigned.
	33	.IP "\fIkey\fB=\fIvalue\fR"
	34	Adds an arbitrary key-value option to the port's configuration.
	35	.RE
	36	.IP
	37	\fBovs\-vswitchd.conf.db\fR(5) documents the available port types and
	38	options.
	39	.
	40	.IP "\*(DX\fBset\-if \fIdp port\fR[\fB,\fIoption\fR]..."
	41	Reconfigures each \fIport\fR in \fIdp\fR as specified. An
	42	\fIoption\fR of the form \fIkey\fB=\fIvalue\fR adds the specified
	43	key-value option to the port or overrides an existing key's value. An
	44	\fIoption\fR of the form \fIkey\fB=\fR, that is, without a value,
	45	deletes the key-value named \fIkey\fR. The type and port number of a
	46	port cannot be changed, so \fBtype\fR and \fBport_no\fR are only allowed if
	47	they match the existing configuration.
	48	.TP
	49	\*(DX\fBdel\-if \fIdp netdev\fR...
	50	Removes each \fInetdev\fR from the list of network devices datapath
	51	\fIdp\fR monitors.
	52	.
	53	.TP
	54	\*(DX\fBdump\-dps\fR
	55	Prints the name of each configured datapath on a separate line.
	56	.
	57	.TP
	58	.DO "[\fB\-s\fR \| \fB\-\-statistics\fR]" "\*(DX\fBshow" "\fR[\fIdp\fR...]"
	59	Prints a summary of configured datapaths, including their datapath
	60	numbers and a list of ports connected to each datapath. (The local
	61	port is identified as port 0.) If \fB\-s\fR or \fB\-\-statistics\fR
	62	is specified, then packet and byte counters are also printed for each
	63	port.
	64	.IP
65	The datapath numbers consists of flow stats and mega flow mask stats.
66	.IP
67	The "lookups" row displays three stats related to flow lookup triggered
68	by processing incoming packets in the datapath. "hit" displays number
69	of packets matches existing flows. "missed" displays the number of
70	packets not matching any existing flow and require user space processing.
71	"lost" displays number of packets destined for user space process but
72	subsequently dropped before reaching userspace. The sum of "hit" and "miss"
73	equals to the total number of packets datapath processed.
74	.IP
75	The "flows" row displays the number of flows in datapath.
76	.IP
77	The "masks" row displays the mega flow mask stats. This row is omitted
78	for datapath not implementing mega flow. "hit" displays the total number
79	of masks visited for matching incoming packets. "total" displays number of
80	masks in the datapath. "hit/pkt" displays the average number of masks
81	visited per packet; the ratio between "hit" and total number of
82	packets processed by the datapath".
83	.IP
84	If one or more datapaths are specified, information on only those
85	datapaths are displayed. Otherwise, \fB\*(PN\fR displays information
86	about all configured datapaths.
87	.SS "DATAPATH FLOW TABLE DEBUGGING COMMANDS"
88	The following commands are primarily useful for debugging Open
89	vSwitch. The flow table entries (both matches and actions) that they
90	work with are not OpenFlow flow entries. Instead, they are different
91	and considerably simpler flows maintained by the Open vSwitch kernel
92	module. Use \fBovs\-ofctl\fR(8), instead, to work with OpenFlow flow
93	entries.
94	.
95	.PP
96	The \fIdp\fR argument to each of these commands is optional when
97	exactly one datapath exists, in which case that datapath is the
98	default. When multiple datapaths exist, then a datapath name is
99	required.
100	.
101	.TP
102	.DO "[\fB\-m \fR\| \fB\-\-more\fR]" \*(DX\fBdump\-flows\fR "[\fIdp\fR] [\fBfilter=\fIfilter\fR]"
103	Prints to the console all flow entries in datapath \fIdp\fR's flow
104	table. Without \fB\-m\fR or \fB\-\-more\fR, output omits match fields
105	that a flow wildcards entirely; with \fB\-m\fR or \fB\-\-more\fR,
106	output includes all wildcarded fields.
107	.IP
108	If \fBfilter=\fIfilter\fR is specified, only displays the flows
109	that match the \fIfilter\fR. \fIfilter\fR is a flow in the form similiar
110	to that accepted by \fBovs\-ofctl\fR(8)'s \fBadd\-flow\fR command. (This is
111	not an OpenFlow flow: besides other differences, it never contains wildcards.)
112	The \fIfilter\fR is also useful to match wildcarded fields in the datapath
113	flow. As an example, \fBfilter='tcp,tp_src=100'\fR will match the
114	datapath flow containing '\fBtcp(src=80/0xff00,dst=8080/0xff)\fR'.
115	.
116	.IP "\*(DX\fBadd\-flow\fR [\fIdp\fR] \fIflow actions\fR"
117	.TP
118	.DO "[\fB\-\-clear\fR] [\fB\-\-may-create\fR] [\fB\-s\fR \| \fB\-\-statistics\fR]" "\*(DX\fBmod\-flow\fR" "[\fIdp\fR] \fIflow actions\fR"
119	Adds or modifies a flow in \fIdp\fR's flow table that, when a packet
120	matching \fIflow\fR arrives, causes \fIactions\fR to be executed.
121	.IP
122	The \fBadd\-flow\fR command succeeds only if \fIflow\fR does not
123	already exist in \fIdp\fR. Contrariwise, \fBmod\-flow\fR without
124	\fB\-\-may\-create\fR only modifies the actions for an existing flow.
125	With \fB\-\-may\-create\fR, \fBmod\-flow\fR will add a new flow or
126	modify an existing one.
127	.IP
128	If \fB\-s\fR or \fB\-\-statistics\fR is specified, then
d0c4f1dc	129	\fBmod\-flow\fR prints the modified flow's statistics. A flow's
fceef209 DDP	130	statistics are the number of packets and bytes that have passed
	131	through the flow, the elapsed time since the flow last processed a
	132	packet (if ever), and (for TCP flows) the union of the TCP flags
	133	processed through the flow.
	134	.IP
d0c4f1dc	135	With \fB\-\-clear\fR, \fBmod\-flow\fR zeros out the flow's
fceef209 DDP	136	statistics. The statistics printed if \fB\-s\fR or
	137	\fB\-\-statistics\fR is also specified are those from just before
	138	clearing the statistics.
	139	.
	140	.TP
	141	.DO "[\fB\-s\fR \| \fB\-\-statistics\fR]" "\*(DX\fBdel\-flow\fR" "[\fIdp\fR] \fIflow\fR"
	142	Deletes the flow from \fIdp\fR's flow table that matches \fIflow\fR.
	143	If \fB\-s\fR or \fB\-\-statistics\fR is specified, then
d0c4f1dc	144	\fBdel\-flow\fR prints the deleted flow's statistics.
fceef209	145	.
818650e6 JS	146	.IP "\*(DX\fBget\-flow\fR [\fIdp\fR] ufid:\fIufid\fR"
	147	Fetches the flow from \fIdp\fR's flow table with unique identifier \fIufid\fR.
	148	\fIufid\fR must be specified as a string of 32 hexadecimal characters.
	149	.
fceef209 DDP	150	.IP "\*(DX\fBdel\-flows\fR [\fIdp\fR]"
fceef209 DDP	151	Deletes all flow entries from datapath \fIdp\fR's flow table.
dffae65f DDP	152	.SS "CONNECTION TRACKING TABLE DEBUGGING COMMANDS"
	153	The following commands are primarily useful for debugging the connection
	154	tracking entries in the datapath.
	155	.
	156	.PP
	157	The \fIdp\fR argument to each of these commands is optional when
	158	exactly one datapath exists, in which case that datapath is the
	159	default. When multiple datapaths exist, then a datapath name is
	160	required.
	161	.
	162	.PP
	163	\fBN.B.\fR(Linux specific): the \fIsystem\fR datapaths (i.e. the Linux
	164	kernel module Open vSwitch datapaths) share a single connection tracking
	165	table (which is also used by other kernel subsystems, such as iptables,
	166	nftables and the regular host stack). Therefore, the following commands
	167	do not apply specifically to one datapath.
	168	.
	169	.TP
	170	.DO "[\fB\-m\fR \| \fB\-\-more\fR] [\fB\-s\fR \| \fB\-\-statistics\fR]" "\*(DX\fBdump\-conntrack\fR" "[\fIdp\fR] [\fBzone=\fIzone\fR]"
	171	Prints to the console all the connection entries in the tracker used by
	172	\fIdp\fR. If \fBzone=\fIzone\fR is specified, only shows the connections
	173	in \fBzone\fR. With \fB\-\-more\fR, some implementation specific details
	174	are included. With \fB\-\-statistics\fR timeouts and timestamps are
	175	added to the output.
7f278d1f DDP	176	.
7f278d1f DDP	177	.TP
8b6716ae	178	\*(DX\fBflush\-conntrack\fR [\fIdp\fR] [\fBzone=\fIzone\fR]
7f278d1f DDP	179	Flushes all the connection entries in the tracker used by \fIdp\fR.
	180	If \fBzone=\fIzone\fR is specified, only flushes the connections in
	181	\fBzone\fR.