]>
Commit | Line | Data |
---|---|---|
a9b4a41a BP |
1 | .\" -*- nroff -*- |
2 | .de IQ | |
3 | . br | |
4 | . ns | |
5 | . IP "\\$1" | |
6 | .. | |
d2cb6c95 | 7 | .TH ovs\-ofctl 8 "@VERSION@" "Open vSwitch" "Open vSwitch Manual" |
064af421 | 8 | .ds PN ovs\-ofctl |
a9b4a41a | 9 | . |
064af421 BP |
10 | .SH NAME |
11 | ovs\-ofctl \- administer OpenFlow switches | |
a9b4a41a | 12 | . |
064af421 BP |
13 | .SH SYNOPSIS |
14 | .B ovs\-ofctl | |
15 | [\fIoptions\fR] \fIcommand \fR[\fIswitch\fR] [\fIargs\fR\&...] | |
a9b4a41a | 16 | . |
064af421 BP |
17 | .SH DESCRIPTION |
18 | The | |
19 | .B ovs\-ofctl | |
20 | program is a command line tool for monitoring and administering | |
21 | OpenFlow switches. It can also show the current state of an OpenFlow | |
22 | switch, including features, configuration, and table entries. | |
0d8e9638 | 23 | It should work with any OpenFlow switch, not just Open vSwitch. |
a9b4a41a | 24 | . |
064af421 | 25 | .SS "OpenFlow Switch Management Commands" |
a9b4a41a | 26 | .PP |
064af421 BP |
27 | These commands allow \fBovs\-ofctl\fR to monitor and administer an OpenFlow |
28 | switch. It is able to show the current state of a switch, including | |
29 | features, configuration, and table entries. | |
a9b4a41a | 30 | .PP |
064af421 BP |
31 | Most of these commands take an argument that specifies the method for |
32 | connecting to an OpenFlow switch. The following connection methods | |
33 | are supported: | |
a9b4a41a | 34 | . |
064af421 | 35 | .RS |
84ee7bcf BP |
36 | .so lib/vconn-active.man |
37 | . | |
064af421 BP |
38 | .IP "\fIfile\fR" |
39 | This is short for \fBunix:\fIfile\fR, as long as \fIfile\fR does not | |
40 | contain a colon. | |
84ee7bcf | 41 | . |
1a6f1e2a JG |
42 | .IP \fIbridge\fR |
43 | This is short for \fBunix:@RUNDIR@/\fIbridge\fB.mgmt\fR, as long as | |
44 | \fIbridge\fR does not contain a colon. | |
45 | . | |
46 | .IP [\fItype\fB@\fR]\fIdp\fR | |
47 | Attempts to look up the bridge associated with \fIdp\fR and open as | |
48 | above. If \fItype\fR is given, it specifies the datapath provider of | |
49 | \fIdp\fR, otherwise the default provider \fBsystem\fR is assumed. | |
064af421 | 50 | .RE |
a9b4a41a | 51 | . |
064af421 BP |
52 | .TP |
53 | \fBshow \fIswitch\fR | |
54 | Prints to the console information on \fIswitch\fR, including | |
55 | information on its flow tables and ports. | |
a9b4a41a | 56 | . |
064af421 | 57 | .TP |
4e312e69 | 58 | \fBdump\-tables \fIswitch\fR |
064af421 BP |
59 | Prints to the console statistics for each of the flow tables used by |
60 | \fIswitch\fR. | |
a9b4a41a | 61 | . |
064af421 | 62 | .TP |
4e312e69 | 63 | \fBdump\-ports \fIswitch\fR [\fInetdev\fR] |
abaad8cf JP |
64 | Prints to the console statistics for network devices associated with |
65 | \fIswitch\fR. If \fInetdev\fR is specified, only the statistics | |
66 | associated with that device will be printed. \fInetdev\fR can be an | |
67 | OpenFlow assigned port number or device name, e.g. \fBeth0\fR. | |
a9b4a41a | 68 | . |
064af421 | 69 | .TP |
2be393ed JP |
70 | \fBdump\-ports\-desc \fIswitch\fR |
71 | Prints to the console detailed information about network devices | |
72 | associated with \fIswitch\fR (version 1.7 or later). This is a subset | |
73 | of the information provided by the \fBshow\fR command. | |
74 | . | |
c6100d92 BP |
75 | .IP "\fBmod\-port \fIswitch\fR \fIport\fR \fIaction\fR" |
76 | Modify characteristics of port \fBport\fR in \fIswitch\fR. \fIport\fR | |
77 | may be an OpenFlow port number or name or the keyword \fBLOCAL\fR (the | |
78 | preferred way to refer to the OpenFlow local port). The \fIaction\fR | |
79 | may be any one of the following: | |
a9b4a41a | 80 | . |
064af421 | 81 | .RS |
28124950 BP |
82 | .IQ \fBup\fR |
83 | .IQ \fBdown\fR | |
84 | Enable or disable the interface. This is equivalent to \fBifconfig | |
85 | up\fR or \fBifconfig down\fR on a Unix system. | |
86 | . | |
87 | .IP \fBstp\fR | |
88 | .IQ \fBno\-stp\fR | |
89 | Enable or disable 802.1D spanning tree protocol (STP) on the | |
90 | interface. OpenFlow implementations that don't support STP will | |
91 | refuse to enable it. | |
92 | . | |
93 | .IP \fBreceive\fR | |
94 | .IQ \fBno\-receive\fR | |
95 | .IQ \fBreceive\-stp\fR | |
96 | .IQ \fBno\-receive\-stp\fR | |
97 | Enable or disable OpenFlow processing of packets received on this | |
98 | interface. When packet processing is disabled, packets will be | |
99 | dropped instead of being processed through the OpenFlow table. The | |
100 | \fBreceive\fR or \fBno\-receive\fR setting applies to all packets | |
101 | except 802.1D spanning tree packets, which are separately controlled | |
102 | by \fBreceive\-stp\fR or \fBno\-receive\-stp\fR. | |
a9b4a41a | 103 | . |
451256f6 | 104 | .IP \fBforward\fR |
28124950 BP |
105 | .IQ \fBno\-forward\fR |
106 | Allow or disallow forwarding of traffic to this interface. By | |
107 | default, forwarding is enabled. | |
451256f6 | 108 | . |
064af421 | 109 | .IP \fBflood\fR |
28124950 BP |
110 | .IQ \fBno\-flood\fR |
111 | Controls whether an OpenFlow \fBflood\fR action will send traffic out | |
112 | this interface. By default, flooding is enabled. Disabling flooding | |
113 | is primarily useful to prevent loops when a spanning tree protocol is | |
114 | not in use. | |
115 | . | |
116 | .IP \fBpacket\-in\fR | |
117 | .IQ \fBno\-packet\-in\fR | |
118 | Controls whether packets received on this interface that do not match | |
119 | a flow table entry generate a ``packet in'' message to the OpenFlow | |
120 | controller. By default, ``packet in'' messages are enabled. | |
064af421 | 121 | .RE |
28124950 BP |
122 | .IP |
123 | The \fBshow\fR command displays (among other information) the | |
124 | configuration that \fBmod\-port\fR changes. | |
a9b4a41a | 125 | . |
7257b535 BP |
126 | .IP "\fBget\-frags \fIswitch\fR" |
127 | Prints \fIswitch\fR's fragment handling mode. See \fBset\-frags\fR, | |
128 | below, for a description of each fragment handling mode. | |
129 | .IP | |
130 | The \fBshow\fR command also prints the fragment handling mode among | |
131 | its other output. | |
132 | . | |
133 | .IP "\fBset\-frags \fIswitch frag_mode\fR" | |
134 | Configures \fIswitch\fR's treatment of IPv4 and IPv6 fragments. The | |
135 | choices for \fIfrag_mode\fR are: | |
136 | .RS | |
137 | .IP "\fBnormal\fR" | |
138 | Fragments pass through the flow table like non-fragmented packets. | |
139 | The TCP ports, UDP ports, and ICMP type and code fields are always set | |
140 | to 0, even for fragments where that information would otherwise be | |
141 | available (fragments with offset 0). This is the default fragment | |
142 | handling mode for an OpenFlow switch. | |
143 | .IP "\fBdrop\fR" | |
144 | Fragments are dropped without passing through the flow table. | |
145 | .IP "\fBreassemble\fR" | |
146 | The switch reassembles fragments into full IP packets before passing | |
147 | them through the flow table. Open vSwitch does not implement this | |
148 | fragment handling mode. | |
149 | .IP "\fBnx\-match\fR" | |
150 | Fragments pass through the flow table like non-fragmented packets. | |
151 | The TCP ports, UDP ports, and ICMP type and code fields are available | |
152 | for matching for fragments with offset 0, and set to 0 in fragments | |
153 | with nonzero offset. This mode is a Nicira extension. | |
154 | .RE | |
155 | .IP | |
156 | See the description of \fBip_frag\fR, below, for a way to match on | |
157 | whether a packet is a fragment and on its fragment offset. | |
158 | . | |
064af421 | 159 | .TP |
4e312e69 | 160 | \fBdump\-flows \fIswitch \fR[\fIflows\fR] |
064af421 BP |
161 | Prints to the console all flow entries in \fIswitch\fR's |
162 | tables that match \fIflows\fR. If \fIflows\fR is omitted, all flows | |
163 | in the switch are retrieved. See \fBFlow Syntax\fR, below, for the | |
bdcc5925 | 164 | syntax of \fIflows\fR. The output format is described in |
064af421 | 165 | \fBTable Entry Output\fR. |
a9b4a41a | 166 | . |
bdcc5925 BP |
167 | .IP |
168 | By default, \fBovs\-ofctl\fR prints flow entries in the same order | |
169 | that the switch sends them, which is unlikely to be intuitive or | |
170 | consistent. See the description of \fB\-\-sort\fR and \fB\-\-rsort\fR, | |
171 | under \fBOPTIONS\fR below, to influence the display order. | |
172 | . | |
064af421 | 173 | .TP |
4e312e69 | 174 | \fBdump\-aggregate \fIswitch \fR[\fIflows\fR] |
bdcc5925 | 175 | Prints to the console aggregate statistics for flows in |
064af421 BP |
176 | \fIswitch\fR's tables that match \fIflows\fR. If \fIflows\fR is omitted, |
177 | the statistics are aggregated across all flows in the switch's flow | |
178 | tables. See \fBFlow Syntax\fR, below, for the syntax of \fIflows\fR. | |
3845a3fd | 179 | The output format is described in \fBTable Entry Output\fR. |
a9b4a41a | 180 | . |
d2805da2 BP |
181 | .IP "\fBqueue\-stats \fIswitch \fR[\fIport \fR[\fIqueue\fR]]" |
182 | Prints to the console statistics for the specified \fIqueue\fR on | |
c6100d92 BP |
183 | \fIport\fR within \fIswitch\fR. \fIport\fR can be an OpenFlow port |
184 | number or name, the keyword \fBLOCAL\fR (the preferred way to refer to | |
185 | the OpenFlow local port), or the keyword \fBALL\fR. Either of | |
186 | \fIport\fR or \fIqueue\fR or both may be omitted (or equivalently the | |
187 | keyword \fBALL\fR). If both are omitted, statistics are printed for | |
188 | all queues on all ports. If only \fIqueue\fR is omitted, then | |
189 | statistics are printed for all queues on \fIport\fR; if only | |
190 | \fIport\fR is omitted, then statistics are printed for \fIqueue\fR on | |
191 | every port where it exists. | |
d2805da2 | 192 | . |
4989c59f BP |
193 | .SS "OpenFlow Switch Flow Table Commands" |
194 | . | |
195 | These commands manage the flow table in an OpenFlow switch. In each | |
196 | case, \fIflow\fR specifies a flow entry in the format described in | |
197 | \fBFlow Syntax\fR, below, and \fIfile\fR is a text file that contains | |
198 | zero or more flows in the same syntax, one per line. | |
199 | . | |
200 | .IP "\fBadd\-flow \fIswitch flow\fR" | |
201 | .IQ "\fBadd\-flow \fIswitch \fB\- < \fIfile\fR" | |
202 | .IQ "\fBadd\-flows \fIswitch file\fR" | |
203 | Add each flow entry to \fIswitch\fR's tables. | |
204 | . | |
205 | .IP "[\fB\-\-strict\fR] \fBmod\-flows \fIswitch flow\fR" | |
206 | .IQ "[\fB\-\-strict\fR] \fBmod\-flows \fIswitch \fB\- < \fIfile\fR" | |
207 | Modify the actions in entries from \fIswitch\fR's tables that match | |
208 | the specified flows. With \fB\-\-strict\fR, wildcards are not treated | |
209 | as active for matching purposes. | |
210 | . | |
211 | .IP "\fBdel\-flows \fIswitch\fR" | |
212 | .IQ "[\fB\-\-strict\fR] \fBdel\-flows \fIswitch \fR[\fIflow\fR]" | |
213 | .IQ "[\fB\-\-strict\fR] \fBdel\-flows \fIswitch \fB\- < \fIfile\fR" | |
214 | Deletes entries from \fIswitch\fR's flow table. With only a | |
215 | \fIswitch\fR argument, deletes all flows. Otherwise, deletes flow | |
216 | entries that match the specified flows. With \fB\-\-strict\fR, | |
217 | wildcards are not treated as active for matching purposes. | |
a9b4a41a | 218 | . |
c4ea79bf | 219 | .IP "[\fB\-\-readd\fR] \fBreplace\-flows \fIswitch file\fR" |
0199c526 BP |
220 | Reads flow entries from \fIfile\fR (or \fBstdin\fR if \fIfile\fR is |
221 | \fB\-\fR) and queries the flow table from \fIswitch\fR. Then it fixes | |
222 | up any differences, adding flows from \fIflow\fR that are missing on | |
223 | \fIswitch\fR, deleting flows from \fIswitch\fR that are not in | |
224 | \fIfile\fR, and updating flows in \fIswitch\fR whose actions, cookie, | |
225 | or timeouts differ in \fIfile\fR. | |
226 | . | |
c4ea79bf BP |
227 | .IP |
228 | With \fB\-\-readd\fR, \fBovs\-ofctl\fR adds all the flows from | |
229 | \fIfile\fR, even those that exist with the same actions, cookie, and | |
230 | timeout in \fIswitch\fR. This resets all the flow packet and byte | |
231 | counters to 0, which can be useful for debugging. | |
232 | . | |
0199c526 BP |
233 | .IP "\fBdiff\-flows \fIsource1 source2\fR" |
234 | Reads flow entries from \fIsource1\fR and \fIsource2\fR and prints the | |
235 | differences. A flow that is in \fIsource1\fR but not in \fIsource2\fR | |
236 | is printed preceded by a \fB\-\fR, and a flow that is in \fIsource2\fR | |
237 | but not in \fIsource1\fR is printed preceded by a \fB+\fR. If a flow | |
238 | exists in both \fIsource1\fR and \fIsource2\fR with different actions, | |
239 | cookie, or timeouts, then both versions are printed preceded by | |
240 | \fB\-\fR and \fB+\fR, respectively. | |
241 | .IP | |
242 | \fIsource1\fR and \fIsource2\fR may each name a file or a switch. If | |
243 | a name begins with \fB/\fR or \fB.\fR, then it is considered to be a | |
244 | file name. A name that contains \fB:\fR is considered to be a switch. | |
245 | Otherwise, it is a file if a file by that name exists, a switch if | |
246 | not. | |
247 | .IP | |
248 | For this command, an exit status of 0 means that no differences were | |
249 | found, 1 means that an error occurred, and 2 means that some | |
250 | differences were found. | |
251 | . | |
0c3d5fc8 BP |
252 | .IP "\fBpacket\-out \fIswitch in_port actions packet\fR..." |
253 | Connects to \fIswitch\fR and instructs it to execute the OpenFlow | |
254 | \fIactions\fR on each \fIpacket\fR. For the purpose of executing the | |
255 | actions, the packets are considered to have arrived on \fIin_port\fR, | |
c6100d92 BP |
256 | which may be an OpenFlow port number or name (e.g. \fBeth0\fR), the |
257 | keyword \fBLOCAL\fR (the preferred way to refer to the OpenFlow | |
258 | ``local'' port), or the keyword \fBNONE\fR to indicate that the packet | |
259 | was generated by the switch itself. | |
0c3d5fc8 | 260 | . |
4989c59f BP |
261 | .SS "OpenFlow Switch Monitoring Commands" |
262 | . | |
0caf6bde BP |
263 | .IP "\fBsnoop \fIswitch\fR" |
264 | Connects to \fIswitch\fR and prints to the console all OpenFlow | |
265 | messages received. Unlike other \fBovs\-ofctl\fR commands, if | |
266 | \fIswitch\fR is the name of a bridge, then the \fBsnoop\fR command | |
267 | connects to a Unix domain socket named | |
268 | \fB@RUNDIR@/\fIbridge\fB.snoop\fR. \fBovs\-vswitchd\fR listens on | |
269 | such a socket for each bridge and sends to it all of the OpenFlow | |
270 | messages sent to or received from its configured OpenFlow controller. | |
271 | Thus, this command can be used to view OpenFlow protocol activity | |
272 | between a switch and its controller. | |
273 | .IP | |
274 | When a switch has more than one controller configured, only the | |
e2bfacb6 BP |
275 | traffic to and from a single controller is output. If none of the |
276 | controllers is configured as a master or a slave (using a Nicira | |
277 | extension to OpenFlow), then a controller is chosen arbitrarily among | |
278 | them. If there is a master controller, it is chosen; otherwise, if | |
279 | there are any controllers that are not masters or slaves, one is | |
280 | chosen arbitrarily; otherwise, a slave controller is chosen | |
281 | arbitrarily. This choice is made once at connection time and does not | |
282 | change as controllers reconfigure their roles. | |
283 | .IP | |
284 | If a switch has no controller configured, or if | |
0caf6bde BP |
285 | the configured controller is disconnected, no traffic is sent, so |
286 | monitoring will not show any traffic. | |
287 | . | |
2b07c8b1 | 288 | .IP "\fBmonitor \fIswitch\fR [\fImiss-len\fR] [\fBinvalid_ttl\fR] [\fBwatch:\fR[\fIspec\fR...]]" |
064af421 | 289 | Connects to \fIswitch\fR and prints to the console all OpenFlow |
045b2e5c BP |
290 | messages received. Usually, \fIswitch\fR should specify the name of a |
291 | bridge in the \fBovs\-vswitchd\fR database. | |
a9b4a41a | 292 | .IP |
064af421 BP |
293 | If \fImiss-len\fR is provided, \fBovs\-ofctl\fR sends an OpenFlow ``set |
294 | configuration'' message at connection setup time that requests | |
0caf6bde BP |
295 | \fImiss-len\fR bytes of each packet that misses the flow table. Open vSwitch |
296 | does not send these and other asynchronous messages to an | |
064af421 | 297 | \fBovs\-ofctl monitor\fR client connection unless a nonzero value is |
0caf6bde BP |
298 | specified on this argument. (Thus, if \fImiss\-len\fR is not |
299 | specified, very little traffic will ordinarily be printed.) | |
a9b4a41a | 300 | .IP |
f0fd1a17 PS |
301 | If \fBinvalid_ttl\fR is passed, \fBovs\-ofctl\fR sends an OpenFlow ``set |
302 | configuration'' message at connection setup time that requests | |
5484c47a BP |
303 | \fBINVALID_TTL_TO_CONTROLLER\fR, so that \fBovs\-ofctl monitor\fR can |
304 | receive ``packet-in'' messages when TTL reaches zero on \fBdec_ttl\fR action. | |
f0fd1a17 | 305 | .IP |
2b07c8b1 BP |
306 | \fBwatch:\fR[\fB\fIspec\fR...] causes \fBovs\-ofctl\fR to send a |
307 | ``monitor request'' Nicira extension message to the switch at | |
308 | connection setup time. This message causes the switch to send | |
309 | information about flow table changes as they occur. The following | |
310 | comma-separated \fIspec\fR syntax is available: | |
311 | .RS | |
312 | .IP "\fB!initial\fR" | |
313 | Do not report the switch's initial flow table contents. | |
314 | .IP "\fB!add\fR" | |
315 | Do not report newly added flows. | |
316 | .IP "\fB!delete\fR" | |
317 | Do not report deleted flows. | |
318 | .IP "\fB!modify\fR" | |
319 | Do not report modifications to existing flows. | |
320 | .IP "\fB!own\fR" | |
321 | Abbreviate changes made to the flow table by \fBovs\-ofctl\fR's own | |
322 | connection to the switch. (These could only occur using the | |
323 | \fBofctl/send\fR command described below under \fBRUNTIME MANAGEMENT | |
324 | COMMANDS\fR.) | |
325 | .IP "\fB!actions\fR" | |
326 | Do not report actions as part of flow updates. | |
327 | .IP "\fBtable=\fInumber\fR" | |
328 | Limits the monitoring to the table with the given \fInumber\fR between | |
329 | 0 and 254. By default, all tables are monitored. | |
330 | .IP "\fBout_port=\fIport\fR" | |
c6100d92 BP |
331 | If set, only flows that output to \fIport\fR are monitored. The |
332 | \fIport\fR may be an OpenFlow port number or keyword | |
333 | (e.g. \fBLOCAL\fR). | |
2b07c8b1 BP |
334 | .IP "\fIfield\fB=\fIvalue\fR" |
335 | Monitors only flows that have \fIfield\fR specified as the given | |
336 | \fIvalue\fR. Any syntax valid for matching on \fBdump\-flows\fR may | |
337 | be used. | |
338 | .RE | |
339 | .IP | |
064af421 | 340 | This command may be useful for debugging switch or controller |
2b07c8b1 BP |
341 | implementations. With \fBwatch:\fR, it is particularly useful for |
342 | observing how a controller updates flow tables. | |
a9b4a41a | 343 | . |
064af421 | 344 | .SS "OpenFlow Switch and Controller Commands" |
a9b4a41a | 345 | . |
064af421 BP |
346 | The following commands, like those in the previous section, may be |
347 | applied to OpenFlow switches, using any of the connection methods | |
348 | described in that section. Unlike those commands, these may also be | |
349 | applied to OpenFlow controllers. | |
a9b4a41a | 350 | . |
064af421 BP |
351 | .TP |
352 | \fBprobe \fItarget\fR | |
353 | Sends a single OpenFlow echo-request message to \fItarget\fR and waits | |
4e312e69 | 354 | for the response. With the \fB\-t\fR or \fB\-\-timeout\fR option, this |
064af421 BP |
355 | command can test whether an OpenFlow switch or controller is up and |
356 | running. | |
a9b4a41a | 357 | . |
064af421 BP |
358 | .TP |
359 | \fBping \fItarget \fR[\fIn\fR] | |
360 | Sends a series of 10 echo request packets to \fItarget\fR and times | |
361 | each reply. The echo request packets consist of an OpenFlow header | |
362 | plus \fIn\fR bytes (default: 64) of randomly generated payload. This | |
363 | measures the latency of individual requests. | |
a9b4a41a | 364 | . |
064af421 BP |
365 | .TP |
366 | \fBbenchmark \fItarget n count\fR | |
367 | Sends \fIcount\fR echo request packets that each consist of an | |
368 | OpenFlow header plus \fIn\fR bytes of payload and waits for each | |
369 | response. Reports the total time required. This is a measure of the | |
370 | maximum bandwidth to \fItarget\fR for round-trips of \fIn\fR-byte | |
371 | messages. | |
a9b4a41a | 372 | . |
064af421 | 373 | .SS "Flow Syntax" |
a9b4a41a | 374 | .PP |
064af421 BP |
375 | Some \fBovs\-ofctl\fR commands accept an argument that describes a flow or |
376 | flows. Such flow descriptions comprise a series | |
377 | \fIfield\fB=\fIvalue\fR assignments, separated by commas or white | |
378 | space. (Embedding spaces into a flow description normally requires | |
379 | quoting to prevent the shell from breaking the description into | |
380 | multiple arguments.) | |
a9b4a41a | 381 | .PP |
0b3f2725 BP |
382 | Flow descriptions should be in \fBnormal form\fR. This means that a |
383 | flow may only specify a value for an L3 field if it also specifies a | |
384 | particular L2 protocol, and that a flow may only specify an L4 field | |
385 | if it also specifies particular L2 and L3 protocol types. For | |
386 | example, if the L2 protocol type \fBdl_type\fR is wildcarded, then L3 | |
387 | fields \fBnw_src\fR, \fBnw_dst\fR, and \fBnw_proto\fR must also be | |
388 | wildcarded. Similarly, if \fBdl_type\fR or \fBnw_proto\fR (the L3 | |
389 | protocol type) is wildcarded, so must be \fBtp_dst\fR and | |
390 | \fBtp_src\fR, which are L4 fields. \fBovs\-ofctl\fR will warn about | |
391 | flows not in normal form. | |
392 | .PP | |
064af421 BP |
393 | The following field assignments describe how a flow matches a packet. |
394 | If any of these assignments is omitted from the flow syntax, the field | |
395 | is treated as a wildcard; thus, if all of them are omitted, the | |
bedde04c GS |
396 | resulting flow matches all packets. The string \fB*\fR may be specified |
397 | to explicitly mark any of these fields as a wildcard. | |
064af421 | 398 | (\fB*\fR should be quoted to protect it from shell expansion.) |
a9b4a41a | 399 | . |
c6100d92 BP |
400 | .IP \fBin_port=\fIport\fR |
401 | Matches OpenFlow port \fIport\fR, which may be an OpenFlow port number | |
402 | or keyword (e.g. \fBLOCAL\fR). | |
403 | \fBovs\-ofctl show\fR. | |
03a8a29e BP |
404 | .IP |
405 | (The \fBresubmit\fR action can search OpenFlow flow tables with | |
406 | arbitrary \fBin_port\fR values, so flows that match port numbers that | |
407 | do not exist from an OpenFlow perspective can still potentially be | |
408 | matched.) | |
a9b4a41a | 409 | . |
064af421 | 410 | .IP \fBdl_vlan=\fIvlan\fR |
f30f26be JP |
411 | Matches IEEE 802.1q Virtual LAN tag \fIvlan\fR. Specify \fB0xffff\fR |
412 | as \fIvlan\fR to match packets that are not tagged with a Virtual LAN; | |
064af421 BP |
413 | otherwise, specify a number between 0 and 4095, inclusive, as the |
414 | 12-bit VLAN ID to match. | |
a9b4a41a | 415 | . |
959a2ecd JP |
416 | .IP \fBdl_vlan_pcp=\fIpriority\fR |
417 | Matches IEEE 802.1q Priority Code Point (PCP) \fIpriority\fR, which is | |
418 | specified as a value between 0 and 7, inclusive. A higher value | |
419 | indicates a higher frame priority level. | |
a9b4a41a | 420 | . |
ed951f15 BP |
421 | .IP \fBdl_src=\fIxx\fB:\fIxx\fB:\fIxx\fB:\fIxx\fB:\fIxx\fB:\fIxx\fR |
422 | .IQ \fBdl_dst=\fIxx\fB:\fIxx\fB:\fIxx\fB:\fIxx\fB:\fIxx\fB:\fIxx\fR | |
423 | Matches an Ethernet source (or destination) address specified as 6 | |
424 | pairs of hexadecimal digits delimited by colons | |
425 | (e.g. \fB00:0A:E4:25:6B:B0\fR). | |
426 | . | |
73c0ce34 JS |
427 | .IP \fBdl_src=\fIxx\fB:\fIxx\fB:\fIxx\fB:\fIxx\fB:\fIxx\fB:\fIxx\fB/\fIxx\fB:\fIxx\fB:\fIxx\fB:\fIxx\fB:\fIxx\fB:\fIxx\fR |
428 | .IQ \fBdl_dst=\fIxx\fB:\fIxx\fB:\fIxx\fB:\fIxx\fB:\fIxx\fB:\fIxx\fB/\fIxx\fB:\fIxx\fB:\fIxx\fB:\fIxx\fB:\fIxx\fB:\fIxx\fR | |
cb8ca532 BP |
429 | Matches an Ethernet destination address specified as 6 pairs of |
430 | hexadecimal digits delimited by colons (e.g. \fB00:0A:E4:25:6B:B0\fR), | |
73c0ce34 JS |
431 | with a wildcard mask following the slash. Open vSwitch 1.8 and later |
432 | support arbitrary masks for source and/or destination. Earlier | |
433 | versions only support masking the destination with the following masks: | |
cb8ca532 BP |
434 | .RS |
435 | .IP \fB01:00:00:00:00:00\fR | |
436 | Match only the multicast bit. Thus, | |
437 | \fBdl_dst=01:00:00:00:00:00/01:00:00:00:00:00\fR matches all multicast | |
438 | (including broadcast) Ethernet packets, and | |
439 | \fBdl_dst=00:00:00:00:00:00/01:00:00:00:00:00\fR matches all unicast | |
440 | Ethernet packets. | |
441 | .IP \fBfe:ff:ff:ff:ff:ff\fR | |
442 | Match all bits except the multicast bit. This is probably not useful. | |
443 | .IP \fBff:ff:ff:ff:ff:ff\fR | |
444 | Exact match (equivalent to omitting the mask). | |
445 | .IP \fB00:00:00:00:00:00\fR | |
446 | Wildcard all bits (equivalent to \fBdl_dst=*\fR.) | |
447 | .RE | |
448 | . | |
064af421 BP |
449 | .IP \fBdl_type=\fIethertype\fR |
450 | Matches Ethernet protocol type \fIethertype\fR, which is specified as an | |
451 | integer between 0 and 65535, inclusive, either in decimal or as a | |
452 | hexadecimal number prefixed by \fB0x\fR (e.g. \fB0x0806\fR to match ARP | |
453 | packets). | |
a9b4a41a | 454 | . |
064af421 | 455 | .IP \fBnw_src=\fIip\fR[\fB/\fInetmask\fR] |
ed951f15 BP |
456 | .IQ \fBnw_dst=\fIip\fR[\fB/\fInetmask\fR] |
457 | When \fBdl_type\fR is 0x0800 (possibly via shorthand, e.g. \fBip\fR | |
458 | or \fBtcp\fR), matches IPv4 source (or destination) address \fIip\fR, | |
459 | which may be specified as an IP address or host name | |
460 | (e.g. \fB192.168.1.1\fR or \fBwww.example.com\fR). The optional | |
461 | \fInetmask\fR allows restricting a match to an IPv4 address prefix. | |
462 | The netmask may be specified as a dotted quad | |
463 | (e.g. \fB192.168.1.0/255.255.255.0\fR) or as a CIDR block | |
c08201d6 BP |
464 | (e.g. \fB192.168.1.0/24\fR). Open vSwitch 1.8 and later support |
465 | arbitrary dotted quad masks; earlier versions support only CIDR masks, | |
466 | that is, the dotted quads that are equivalent to some CIDR block. | |
ed951f15 BP |
467 | .IP |
468 | When \fBdl_type=0x0806\fR or \fBarp\fR is specified, matches the | |
469 | \fBar_spa\fR or \fBar_tpa\fR field, respectively, in ARP packets for | |
470 | IPv4 and Ethernet. | |
471 | .IP | |
8087f5ff MM |
472 | When \fBdl_type=0x8035\fR or \fBrarp\fR is specified, matches the |
473 | \fBar_spa\fR or \fBar_tpa\fR field, respectively, in RARP packets for | |
474 | IPv4 and Ethernet. | |
475 | .IP | |
476 | When \fBdl_type\fR is wildcarded or set to a value other than 0x0800, | |
477 | 0x0806, or 0x8035, the values of \fBnw_src\fR and \fBnw_dst\fR are ignored | |
0b3f2725 | 478 | (see \fBFlow Syntax\fR above). |
a9b4a41a | 479 | . |
064af421 | 480 | .IP \fBnw_proto=\fIproto\fR |
ed951f15 BP |
481 | When \fBip\fR or \fBdl_type=0x0800\fR is specified, matches IP |
482 | protocol type \fIproto\fR, which is specified as a decimal number | |
d31f1109 JP |
483 | between 0 and 255, inclusive (e.g. 1 to match ICMP packets or 6 to match |
484 | TCP packets). | |
485 | .IP | |
486 | When \fBipv6\fR or \fBdl_type=0x86dd\fR is specified, matches IPv6 | |
487 | header type \fIproto\fR, which is specified as a decimal number between | |
488 | 0 and 255, inclusive (e.g. 58 to match ICMPv6 packets or 6 to match | |
489 | TCP). The header type is the terminal header as described in the | |
490 | \fBDESIGN\fR document. | |
ed951f15 BP |
491 | .IP |
492 | When \fBarp\fR or \fBdl_type=0x0806\fR is specified, matches the lower | |
493 | 8 bits of the ARP opcode. ARP opcodes greater than 255 are treated as | |
494 | 0. | |
495 | .IP | |
8087f5ff MM |
496 | When \fBrarp\fR or \fBdl_type=0x8035\fR is specified, matches the lower |
497 | 8 bits of the ARP opcode. ARP opcodes greater than 255 are treated as | |
498 | 0. | |
499 | .IP | |
d31f1109 | 500 | When \fBdl_type\fR is wildcarded or set to a value other than 0x0800, |
8087f5ff MM |
501 | 0x0806, 0x8035 or 0x86dd, the value of \fBnw_proto\fR is ignored (see |
502 | \fBFlow Syntax\fR above). | |
a9b4a41a | 503 | . |
834377ea | 504 | .IP \fBnw_tos=\fItos\fR |
d31f1109 JP |
505 | Matches IP ToS/DSCP or IPv6 traffic class field \fItos\fR, which is |
506 | specified as a decimal number between 0 and 255, inclusive. Note that | |
507 | the two lower reserved bits are ignored for matching purposes. | |
ed951f15 | 508 | .IP |
5c0ceb0a JP |
509 | When \fBdl_type\fR is wildcarded or set to a value other than 0x0800 or |
510 | 0x86dd, the value of \fBnw_tos\fR is ignored (see \fBFlow Syntax\fR | |
511 | above). | |
a9b4a41a | 512 | . |
530180fd JP |
513 | .IP \fBnw_ecn=\fIecn\fR |
514 | Matches \fIecn\fR bits in IP ToS or IPv6 traffic class fields, which is | |
515 | specified as a decimal number between 0 and 3, inclusive. | |
516 | .IP | |
517 | When \fBdl_type\fR is wildcarded or set to a value other than 0x0800 or | |
518 | 0x86dd, the value of \fBnw_ecn\fR is ignored (see \fBFlow Syntax\fR | |
519 | above). | |
520 | . | |
a61680c6 JP |
521 | .IP \fBnw_ttl=\fIttl\fR |
522 | Matches IP TTL or IPv6 hop limit value \fIttl\fR, which is | |
523 | specified as a decimal number between 0 and 255, inclusive. | |
524 | .IP | |
525 | When \fBdl_type\fR is wildcarded or set to a value other than 0x0800 or | |
526 | 0x86dd, the value of \fBnw_ttl\fR is ignored (see \fBFlow Syntax\fR | |
527 | above). | |
528 | .IP | |
529 | . | |
064af421 | 530 | .IP \fBtp_src=\fIport\fR |
ed951f15 BP |
531 | .IQ \fBtp_dst=\fIport\fR |
532 | When \fBdl_type\fR and \fBnw_proto\fR specify TCP or UDP, \fBtp_src\fR | |
533 | and \fBtp_dst\fR match the UDP or TCP source or destination port | |
73f33563 | 534 | \fIport\fR, respectively, which is specified as a decimal number |
ed951f15 | 535 | between 0 and 65535, inclusive (e.g. 80 to match packets originating |
064af421 | 536 | from a HTTP server). |
ed951f15 BP |
537 | .IP |
538 | When \fBdl_type\fR and \fBnw_proto\fR take other values, the values of | |
0b3f2725 | 539 | these settings are ignored (see \fBFlow Syntax\fR above). |
a9b4a41a | 540 | . |
73f33563 BP |
541 | .IP \fBtp_src=\fIport\fB/\fImask\fR |
542 | .IQ \fBtp_dst=\fIport\fB/\fImask\fR | |
543 | Bitwise match on TCP (or UDP) source or destination port, | |
544 | respectively. The \fIport\fR and \fImask\fR are 16-bit numbers | |
545 | written in decimal or in hexadecimal prefixed by \fB0x\fR. Each 1-bit | |
546 | in \fImask\fR requires that the corresponding bit in \fIport\fR must | |
547 | match. Each 0-bit in \fImask\fR causes the corresponding bit to be | |
548 | ignored. | |
549 | .IP | |
550 | Bitwise matches on transport ports are rarely useful in isolation, but | |
551 | a group of them can be used to reduce the number of flows required to | |
552 | match on a range of transport ports. For example, suppose that the | |
553 | goal is to match TCP source ports 1000 to 1999, inclusive. One way is | |
edcbeb4d | 554 | to insert 1000 flows, each of which matches on a single source port. |
73f33563 BP |
555 | Another way is to look at the binary representations of 1000 and 1999, |
556 | as follows: | |
557 | .br | |
558 | .B "01111101000" | |
559 | .br | |
560 | .B "11111001111" | |
561 | .br | |
562 | and then to transform those into a series of bitwise matches that | |
563 | accomplish the same results: | |
564 | .br | |
565 | .B "01111101xxx" | |
566 | .br | |
567 | .B "0111111xxxx" | |
568 | .br | |
569 | .B "10xxxxxxxxx" | |
570 | .br | |
571 | .B "110xxxxxxxx" | |
572 | .br | |
573 | .B "1110xxxxxxx" | |
574 | .br | |
575 | .B "11110xxxxxx" | |
576 | .br | |
577 | .B "1111100xxxx" | |
578 | .br | |
579 | which become the following when written in the syntax required by | |
580 | \fBovs\-ofctl\fR: | |
581 | .br | |
582 | .B "tcp,tp_src=0x03e8/0xfff8" | |
583 | .br | |
584 | .B "tcp,tp_src=0x03f0/0xfff0" | |
585 | .br | |
586 | .B "tcp,tp_src=0x0400/0xfe00" | |
587 | .br | |
588 | .B "tcp,tp_src=0x0600/0xff00" | |
589 | .br | |
590 | .B "tcp,tp_src=0x0700/0xff80" | |
591 | .br | |
592 | .B "tcp,tp_src=0x0780/0xffc0" | |
593 | .br | |
594 | .B "tcp,tp_src=0x07c0/0xfff0" | |
595 | .IP | |
596 | Only Open vSwitch 1.6 and later supports bitwise matching on transport | |
597 | ports. | |
598 | .IP | |
599 | Like the exact-match forms of \fBtp_src\fR and \fBtp_dst\fR described | |
edcbeb4d | 600 | above, the bitwise match forms apply only when \fBdl_type\fR and |
73f33563 BP |
601 | \fBnw_proto\fR specify TCP or UDP. |
602 | . | |
064af421 | 603 | .IP \fBicmp_type=\fItype\fR |
ed951f15 | 604 | .IQ \fBicmp_code=\fIcode\fR |
d31f1109 JP |
605 | When \fBdl_type\fR and \fBnw_proto\fR specify ICMP or ICMPv6, \fItype\fR |
606 | matches the ICMP type and \fIcode\fR matches the ICMP code. Each is | |
607 | specified as a decimal number between 0 and 255, inclusive. | |
ed951f15 BP |
608 | .IP |
609 | When \fBdl_type\fR and \fBnw_proto\fR take other values, the values of | |
0b3f2725 | 610 | these settings are ignored (see \fBFlow Syntax\fR above). |
71e17a7a | 611 | . |
6c1491fb BP |
612 | .IP \fBtable=\fInumber\fR |
613 | If specified, limits the flow manipulation and flow dump commands to | |
68c59d15 | 614 | only apply to the table with the given \fInumber\fR between 0 and 254. |
6c1491fb | 615 | . |
68c59d15 BP |
616 | Behavior varies if \fBtable\fR is not specified (equivalent to |
617 | specifying 255 as \fInumber\fR). For flow table | |
6c1491fb BP |
618 | modification commands without \fB\-\-strict\fR, the switch will choose |
619 | the table for these commands to operate on. For flow table | |
620 | modification commands with \fB\-\-strict\fR, the command will operate | |
621 | on any single matching flow in any table; it will do nothing if there | |
622 | are matches in more than one table. The \fBdump-flows\fR and | |
623 | \fBdump-aggregate\fR commands will gather statistics about flows from | |
624 | all tables. | |
625 | .IP | |
626 | When this field is specified in \fBadd-flow\fR, \fBadd-flows\fR, | |
627 | \fBmod-flows\fR and \fBdel-flows\fR commands, it activates a Nicira | |
628 | extension to OpenFlow, which as of this writing is only known to be | |
629 | implemented by Open vSwitch. | |
630 | . | |
54fa24c5 JS |
631 | .IP \fBmetadata=\fIvalue\fR[\fB/\fImask\fR] |
632 | Matches \fIvalue\fR either exactly or with optional \fImask\fR in the metadata | |
633 | field. \fIvalue\fR and \fImask\fR are 64-bit integers, by default in decimal | |
634 | (use a \fB0x\fR prefix to specify hexadecimal). Arbitrary \fImask\fR values | |
635 | are allowed: a 1-bit in \fImask\fR indicates that the corresponding bit in | |
636 | \fIvalue\fR must match exactly, and a 0-bit wildcards that bit. Matching on | |
637 | metadata was added in Open vSwitch 1.8. | |
638 | . | |
71e17a7a | 639 | .PP |
d31f1109 JP |
640 | The following shorthand notations are also available: |
641 | . | |
642 | .IP \fBip\fR | |
643 | Same as \fBdl_type=0x0800\fR. | |
644 | . | |
645 | .IP \fBicmp\fR | |
646 | Same as \fBdl_type=0x0800,nw_proto=1\fR. | |
647 | . | |
648 | .IP \fBtcp\fR | |
649 | Same as \fBdl_type=0x0800,nw_proto=6\fR. | |
650 | . | |
651 | .IP \fBudp\fR | |
652 | Same as \fBdl_type=0x0800,nw_proto=17\fR. | |
653 | . | |
654 | .IP \fBarp\fR | |
655 | Same as \fBdl_type=0x0806\fR. | |
656 | . | |
8087f5ff MM |
657 | .IP \fBrarp\fR |
658 | Same as \fBdl_type=0x8035\fR. | |
659 | . | |
d31f1109 | 660 | .PP |
71e17a7a JP |
661 | The following field assignments require support for the NXM (Nicira |
662 | Extended Match) extension to OpenFlow. When one of these is specified, | |
663 | \fBovs\-ofctl\fR will automatically attempt to negotiate use of this | |
664 | extension. If the switch does not support NXM, then \fBovs\-ofctl\fR | |
665 | will report a fatal error. | |
666 | . | |
33d8c6b4 BP |
667 | .IP \fBvlan_tci=\fItci\fR[\fB/\fImask\fR] |
668 | Matches modified VLAN TCI \fItci\fR. If \fImask\fR is omitted, | |
669 | \fItci\fR is the exact VLAN TCI to match; if \fImask\fR is specified, | |
a8600e1a | 670 | then a 1-bit in \fImask\fR indicates that the corresponding bit in |
33d8c6b4 BP |
671 | \fItci\fR must match exactly, and a 0-bit wildcards that bit. Both |
672 | \fItci\fR and \fImask\fR are 16-bit values that are decimal by | |
673 | default; use a \fB0x\fR prefix to specify them in hexadecimal. | |
674 | . | |
675 | .IP | |
676 | The value that \fBvlan_tci\fR matches against is 0 for a packet that | |
677 | has no 802.1Q header. Otherwise, it is the TCI value from the 802.1Q | |
678 | header with the CFI bit (with value \fB0x1000\fR) forced to 1. | |
679 | .IP | |
680 | Examples: | |
681 | .RS | |
682 | .IP \fBvlan_tci=0\fR | |
683 | Match only packets without an 802.1Q header. | |
684 | .IP \fBvlan_tci=0xf123\fR | |
685 | Match packets tagged with priority 7 in VLAN 0x123. | |
686 | .IP \fBvlan_tci=0x1123/0x1fff\fR | |
687 | Match packets tagged with VLAN 0x123 (and any priority). | |
688 | .IP \fBvlan_tci=0x5000/0xf000\fR | |
689 | Match packets tagged with priority 2 (in any VLAN). | |
690 | .IP \fBvlan_tci=0/0xfff\fR | |
691 | Match packets with no 802.1Q header or tagged with VLAN 0 (and any | |
692 | priority). | |
693 | .IP \fBvlan_tci=0x5000/0xe000\fR | |
694 | Match packets with no 802.1Q header or tagged with priority 2 (in any | |
695 | VLAN). | |
696 | .IP \fBvlan_tci=0/0xefff\fR | |
697 | Match packets with no 802.1Q header or tagged with VLAN 0 and priority | |
698 | 0. | |
699 | .RE | |
700 | .IP | |
701 | Some of these matching possibilities can also be achieved with | |
702 | \fBdl_vlan\fR and \fBdl_vlan_pcp\fR. | |
703 | . | |
7257b535 BP |
704 | .IP \fBip_frag=\fIfrag_type\fR |
705 | When \fBdl_type\fR specifies IP or IPv6, \fIfrag_type\fR | |
706 | specifies what kind of IP fragments or non-fragments to match. The | |
707 | following values of \fIfrag_type\fR are supported: | |
708 | .RS | |
709 | .IP "\fBno\fR" | |
710 | Matches only non-fragmented packets. | |
711 | .IP "\fByes\fR" | |
712 | Matches all fragments. | |
713 | .IP "\fBfirst\fR" | |
714 | Matches only fragments with offset 0. | |
715 | .IP "\fBlater\fR" | |
716 | Matches only fragments with nonzero offset. | |
717 | .IP "\fBnot_later\fR" | |
718 | Matches non-fragmented packets and fragments with zero offset. | |
719 | .RE | |
720 | .IP | |
721 | The \fBip_frag\fR match type is likely to be most useful in | |
722 | \fBnx\-match\fR mode. See the description of the \fBset\-frags\fR | |
723 | command, above, for more details. | |
724 | . | |
bad68a99 JP |
725 | .IP \fBarp_sha=\fIxx\fB:\fIxx\fB:\fIxx\fB:\fIxx\fB:\fIxx\fB:\fIxx\fR |
726 | .IQ \fBarp_tha=\fIxx\fB:\fIxx\fB:\fIxx\fB:\fIxx\fB:\fIxx\fB:\fIxx\fR | |
8087f5ff MM |
727 | When \fBdl_type\fR specifies either ARP or RARP, \fBarp_sha\fR and |
728 | \fBarp_tha\fR match the source and target hardware address, respectively. An | |
729 | address is specified as 6 pairs of hexadecimal digits delimited by colons. | |
bad68a99 | 730 | . |
d31f1109 JP |
731 | .IP \fBipv6_src=\fIipv6\fR[\fB/\fInetmask\fR] |
732 | .IQ \fBipv6_dst=\fIipv6\fR[\fB/\fInetmask\fR] | |
733 | When \fBdl_type\fR is 0x86dd (possibly via shorthand, e.g., \fBipv6\fR | |
734 | or \fBtcp6\fR), matches IPv6 source (or destination) address \fIipv6\fR, | |
735 | which may be specified as defined in RFC 2373. The preferred format is | |
736 | \fIx\fB:\fIx\fB:\fIx\fB:\fIx\fB:\fIx\fB:\fIx\fB:\fIx\fB:\fIx\fR, where | |
737 | \fIx\fR are the hexadecimal values of the eight 16-bit pieces of the | |
738 | address. A single instance of \fB::\fR may be used to indicate multiple | |
739 | groups of 16-bits of zeros. The optional \fInetmask\fR allows | |
740 | restricting a match to an IPv6 address prefix. A netmask is specified | |
ff0b06ee BP |
741 | as an IPv6 address (e.g. \fB2001:db8:3c4d:1::/ffff:ffff:ffff:ffff::\fR) |
742 | or a CIDR block (e.g. \fB2001:db8:3c4d:1::/64\fR). Open vSwitch 1.8 | |
743 | and later support arbitrary masks; earlier versions support only CIDR | |
744 | masks, that is, CIDR block and IPv6 addresses that are equivalent to | |
745 | CIDR blocks. | |
d31f1109 | 746 | . |
fa8223b7 JP |
747 | .IP \fBipv6_label=\fIlabel\fR |
748 | When \fBdl_type\fR is 0x86dd (possibly via shorthand, e.g., \fBipv6\fR | |
749 | or \fBtcp6\fR), matches IPv6 flow label \fIlabel\fR. | |
750 | . | |
47284b1f | 751 | .IP \fBnd_target=\fIipv6\fR[\fB/\fInetmask\fR] |
685a51a5 JP |
752 | When \fBdl_type\fR, \fBnw_proto\fR, and \fBicmp_type\fR specify |
753 | IPv6 Neighbor Discovery (ICMPv6 type 135 or 136), matches the target address | |
754 | \fIipv6\fR. \fIipv6\fR is in the same format described earlier for the | |
755 | \fBipv6_src\fR and \fBipv6_dst\fR fields. | |
756 | . | |
757 | .IP \fBnd_sll=\fIxx\fB:\fIxx\fB:\fIxx\fB:\fIxx\fB:\fIxx\fB:\fIxx\fR | |
758 | When \fBdl_type\fR, \fBnw_proto\fR, and \fBicmp_type\fR specify IPv6 | |
759 | Neighbor Solicitation (ICMPv6 type 135), matches the source link\-layer | |
760 | address option. An address is specified as 6 pairs of hexadecimal | |
761 | digits delimited by colons. | |
762 | . | |
763 | .IP \fBnd_tll=\fIxx\fB:\fIxx\fB:\fIxx\fB:\fIxx\fB:\fIxx\fB:\fIxx\fR | |
764 | When \fBdl_type\fR, \fBnw_proto\fR, and \fBicmp_type\fR specify IPv6 | |
765 | Neighbor Advertisement (ICMPv6 type 136), matches the target link\-layer | |
766 | address option. An address is specified as 6 pairs of hexadecimal | |
767 | digits delimited by colons. | |
768 | . | |
8368c090 BP |
769 | .IP \fBtun_id=\fItunnel-id\fR[\fB/\fImask\fR] |
770 | Matches tunnel identifier \fItunnel-id\fR. Only packets that arrive | |
4c5df7f7 | 771 | over a tunnel that carries a key (e.g. GRE with the RFC 2890 key |
bcb90943 SH |
772 | extension and a nonzero key value) will have a nonzero tunnel ID. |
773 | If \fImask\fR is omitted, \fItunnel-id\fR is the exact tunnel ID to match; | |
774 | if \fImask\fR is specified, then a 1-bit in \fImask\fR indicates that the | |
775 | corresponding bit in \fItunnel-id\fR must match exactly, and a 0-bit | |
776 | wildcards that bit. | |
71e17a7a | 777 | . |
0ad90c84 JR |
778 | .IP \fBtun_src=\fIip\fR[\fB/\fInetmask\fR] |
779 | .IQ \fBtun_dst=\fIip\fR[\fB/\fInetmask\fR] | |
780 | Matches tunnel IPv4 source (or destination) address \fIip\fR. Only packets | |
781 | that arrive over a tunnel will have nonzero tunnel addresses. | |
782 | The address may be specified as an IP address or host name | |
783 | (e.g. \fB192.168.1.1\fR or \fBwww.example.com\fR). The optional | |
784 | \fInetmask\fR allows restricting a match to a masked IPv4 address. | |
785 | The netmask may be specified as a dotted quad | |
786 | (e.g. \fB192.168.1.0/255.255.255.0\fR) or as a CIDR block | |
787 | (e.g. \fB192.168.1.0/24\fR). | |
788 | . | |
00b1c62f BP |
789 | .IP "\fBreg\fIidx\fB=\fIvalue\fR[\fB/\fImask\fR]" |
790 | Matches \fIvalue\fR either exactly or with optional \fImask\fR in | |
791 | register number \fIidx\fR. The valid range of \fIidx\fR depends on | |
792 | the switch. \fIvalue\fR and \fImask\fR are 32-bit integers, by | |
793 | default in decimal (use a \fB0x\fR prefix to specify hexadecimal). | |
794 | Arbitrary \fImask\fR values are allowed: a 1-bit in \fImask\fR | |
795 | indicates that the corresponding bit in \fIvalue\fR must match | |
796 | exactly, and a 0-bit wildcards that bit. | |
797 | .IP | |
798 | When a packet enters an OpenFlow switch, all of the registers are set | |
799 | to 0. Only explicit Nicira extension actions change register values. | |
a9b4a41a | 800 | . |
064af421 | 801 | .PP |
d31f1109 JP |
802 | Defining IPv6 flows (those with \fBdl_type\fR equal to 0x86dd) requires |
803 | support for NXM. The following shorthand notations are available for | |
804 | IPv6-related flows: | |
a9b4a41a | 805 | . |
d31f1109 JP |
806 | .IP \fBipv6\fR |
807 | Same as \fBdl_type=0x86dd\fR. | |
a9b4a41a | 808 | . |
d31f1109 JP |
809 | .IP \fBtcp6\fR |
810 | Same as \fBdl_type=0x86dd,nw_proto=6\fR. | |
a9b4a41a | 811 | . |
d31f1109 JP |
812 | .IP \fBudp6\fR |
813 | Same as \fBdl_type=0x86dd,nw_proto=17\fR. | |
a9b4a41a | 814 | . |
d31f1109 JP |
815 | .IP \fBicmp6\fR |
816 | Same as \fBdl_type=0x86dd,nw_proto=58\fR. | |
a9b4a41a | 817 | . |
064af421 | 818 | .PP |
2c6d8411 BP |
819 | Finally, field assignments to \fBduration\fR, \fBn_packets\fR, or |
820 | \fBn_bytes\fR are ignored to allow output from the \fBdump\-flows\fR | |
821 | command to be used as input for other commands that parse flows. | |
822 | . | |
823 | .PP | |
c821124b BP |
824 | The \fBadd\-flow\fR, \fBadd\-flows\fR, and \fBmod\-flows\fR commands |
825 | require an additional field, which must be the final field specified: | |
a9b4a41a | 826 | . |
064af421 BP |
827 | .IP \fBactions=\fR[\fItarget\fR][\fB,\fItarget\fR...]\fR |
828 | Specifies a comma-separated list of actions to take on a packet when the | |
829 | flow entry matches. If no \fItarget\fR is specified, then packets | |
c6100d92 | 830 | matching the flow are dropped. The \fItarget\fR may be an OpenFlow port |
064af421 BP |
831 | number designating the physical port on which to output the packet, or one |
832 | of the following keywords: | |
a9b4a41a | 833 | . |
064af421 | 834 | .RS |
c6100d92 BP |
835 | .IP \fBoutput:\fIport\fR |
836 | Outputs the packet to \fIport\fR, which must be an OpenFlow port | |
837 | number or keyword (e.g. \fBLOCAL\fR). | |
838 | . | |
839 | .IP \fBoutput:\fIsrc\fB[\fIstart\fB..\fIend\fB] | |
840 | Outputs the packet to the OpenFlow port number read from \fIsrc\fR, | |
841 | which must be an NXM field as described above. For example, | |
842 | \fBoutput:NXM_NX_REG0[16..31]\fR outputs to the OpenFlow port number | |
843 | written in the upper half of register 0. This form of \fBoutput\fR | |
844 | uses an OpenFlow extension that is not supported by standard OpenFlow | |
845 | switches. | |
846 | . | |
847 | .IP \fBenqueue:\fIport\fB:\fIqueue\fR | |
5682f723 | 848 | Enqueues the packet on the specified \fIqueue\fR within port |
c6100d92 BP |
849 | \fIport\fR, which must be an OpenFlow port number or keyword |
850 | (e.g. \fBLOCAL\fR).. The number of supported queues depends on the | |
851 | switch; some OpenFlow implementations do not support queuing at all. | |
5682f723 | 852 | . |
064af421 BP |
853 | .IP \fBnormal\fR |
854 | Subjects the packet to the device's normal L2/L3 processing. (This | |
855 | action is not implemented by all OpenFlow switches.) | |
a9b4a41a | 856 | . |
064af421 BP |
857 | .IP \fBflood\fR |
858 | Outputs the packet on all switch physical ports other than the port on | |
859 | which it was received and any ports on which flooding is disabled | |
860 | (typically, these would be ports disabled by the IEEE 802.1D spanning | |
861 | tree protocol). | |
a9b4a41a | 862 | . |
064af421 BP |
863 | .IP \fBall\fR |
864 | Outputs the packet on all switch physical ports other than the port on | |
865 | which it was received. | |
a9b4a41a | 866 | . |
a7349929 | 867 | .IP \fBcontroller(\fIkey\fB=\fIvalue\fR...\fB) |
064af421 | 868 | Sends the packet to the OpenFlow controller as a ``packet in'' |
a7349929 BP |
869 | message. The supported key-value pairs are: |
870 | .RS | |
871 | .IP "\fBmax_len=\fInbytes\fR" | |
872 | Limit to \fInbytes\fR the number of bytes of the packet to send to | |
873 | the controller. By default the entire packet is sent. | |
874 | .IP "\fBreason=\fIreason\fR" | |
875 | Specify \fIreason\fR as the reason for sending the message in the | |
876 | ``packet in'' message. The supported reasons are \fBaction\fR (the | |
877 | default), \fBno_match\fR, and \fBinvalid_ttl\fR. | |
878 | .IP "\fBid=\fIcontroller-id\fR" | |
879 | Specify \fIcontroller-id\fR, a 16-bit integer, as the connection ID of | |
880 | the OpenFlow controller or controllers to which the ``packet in'' | |
881 | message should be sent. The default is zero. Zero is also the | |
882 | default connection ID for each controller connection, and a given | |
883 | controller connection will only have a nonzero connection ID if its | |
884 | controller uses the \fBNXT_SET_CONTROLLER_ID\fR Nicira extension to | |
885 | OpenFlow. | |
886 | .RE | |
887 | Any \fIreason\fR other than \fBaction\fR and any nonzero | |
888 | \fIcontroller-id\fR uses a Nicira vendor extension that, as of this | |
889 | writing, is only known to be implemented by Open vSwitch (version 1.6 | |
890 | or later). | |
891 | . | |
892 | .IP \fBcontroller\fR | |
893 | .IQ \fBcontroller\fR[\fB:\fInbytes\fR] | |
894 | Shorthand for \fBcontroller()\fR or | |
895 | \fBcontroller(max_len=\fInbytes\fB)\fR, respectively. | |
a9b4a41a | 896 | . |
064af421 BP |
897 | .IP \fBlocal\fR |
898 | Outputs the packet on the ``local port,'' which corresponds to the | |
045b2e5c | 899 | network device that has the same name as the bridge. |
a9b4a41a | 900 | . |
64c1e8af JP |
901 | .IP \fBin_port\fR |
902 | Outputs the packet on the port from which it was received. | |
903 | . | |
064af421 BP |
904 | .IP \fBdrop\fR |
905 | Discards the packet, so no further processing or forwarding takes place. | |
906 | If a drop action is used, no other actions may be specified. | |
a9b4a41a | 907 | . |
064af421 BP |
908 | .IP \fBmod_vlan_vid\fR:\fIvlan_vid\fR |
909 | Modifies the VLAN id on a packet. The VLAN tag is added or modified | |
910 | as necessary to match the value specified. If the VLAN tag is added, | |
911 | a priority of zero is used (see the \fBmod_vlan_pcp\fR action to set | |
912 | this). | |
a9b4a41a | 913 | . |
064af421 BP |
914 | .IP \fBmod_vlan_pcp\fR:\fIvlan_pcp\fR |
915 | Modifies the VLAN priority on a packet. The VLAN tag is added or modified | |
916 | as necessary to match the value specified. Valid values are between 0 | |
917 | (lowest) and 7 (highest). If the VLAN tag is added, a vid of zero is used | |
918 | (see the \fBmod_vlan_vid\fR action to set this). | |
a9b4a41a | 919 | . |
064af421 BP |
920 | .IP \fBstrip_vlan\fR |
921 | Strips the VLAN tag from a packet if it is present. | |
a9b4a41a | 922 | . |
3e34fbdd IY |
923 | .IP \fBpush_vlan\fR:\fIethertype\fR |
924 | Push a new VLAN tag onto the packet. Ethertype is used as the the Ethertype | |
925 | for the tag. Only ethertype 0x8100 should be used. (0x88a8 which the spec | |
926 | allows isn't supported at the moment.) | |
927 | A priority of zero and the tag of zero are used for the new tag. | |
928 | . | |
b02475c5 SH |
929 | .IP \fBpush_mpls\fR:\fIethertype\fR |
930 | If the packet does not already contain any MPLS labels, changes the | |
931 | packet's Ethertype to \fIethertype\fR, which must be either the MPLS | |
932 | unicast Ethertype \fB0x8847\fR or the MPLS multicast Ethertype | |
933 | \fB0x8848\fR, and then pushes an initial label stack entry. The label | |
934 | stack entry's default label is 2 if the packet contains IPv6 and 0 | |
935 | otherwise, its default traffic control value is the low 3 bits of the | |
936 | packet's DSCP value (0 if the packet is not IP), and its TTL is copied | |
937 | from the IP TTL (64 if the packet is not IP). | |
938 | .IP | |
939 | If the packet does already contain an MPLS label, pushes a new | |
940 | outermost label as a copy of the existing outermost label. | |
941 | .IP | |
942 | There are some limitations in the implementation. \fBpush_mpls\fR | |
943 | followed by another \fBpush_mpls\fR will result in the first | |
944 | \fBpush_mpls\fR being discarded. | |
945 | . | |
946 | .IP \fBpop_mpls\fR:\fIethertype\fR | |
947 | Strips the outermost MPLS label stack entry. If the MPLS label | |
948 | stripped was the only one, changes the ethertype of a packet to | |
949 | \fIethertype\fR, which should not ordinarily be an MPLS Ethertype. | |
950 | . | |
951 | .IP | |
952 | There are some limitations in the implementation. \fBpop_mpls\fR | |
953 | followed by another \fBpush_mpls\fR without an intermediate | |
954 | \fBpush_mpls\fR will result in the first \fBpush_mpls\fR being | |
955 | discarded. | |
956 | . | |
064af421 BP |
957 | .IP \fBmod_dl_src\fB:\fImac\fR |
958 | Sets the source Ethernet address to \fImac\fR. | |
a9b4a41a | 959 | . |
064af421 BP |
960 | .IP \fBmod_dl_dst\fB:\fImac\fR |
961 | Sets the destination Ethernet address to \fImac\fR. | |
a9b4a41a | 962 | . |
e423eca6 JP |
963 | .IP \fBmod_nw_src\fB:\fIip\fR |
964 | Sets the IPv4 source address to \fIip\fR. | |
a9b4a41a | 965 | . |
e423eca6 JP |
966 | .IP \fBmod_nw_dst\fB:\fIip\fR |
967 | Sets the IPv4 destination address to \fIip\fR. | |
a9b4a41a | 968 | . |
e423eca6 JP |
969 | .IP \fBmod_tp_src\fB:\fIport\fR |
970 | Sets the TCP or UDP source port to \fIport\fR. | |
a9b4a41a | 971 | . |
e423eca6 JP |
972 | .IP \fBmod_tp_dst\fB:\fIport\fR |
973 | Sets the TCP or UDP destination port to \fIport\fR. | |
a9b4a41a | 974 | . |
959a2ecd | 975 | .IP \fBmod_nw_tos\fB:\fItos\fR |
9c86c22e BP |
976 | Sets the IPv4 ToS/DSCP field to \fItos\fR, which must be a multiple of |
977 | 4 between 0 and 255. This action does not modify the two least | |
978 | significant bits of the ToS field (the ECN bits). | |
659586ef JG |
979 | .RE |
980 | .IP | |
981 | The following actions are Nicira vendor extensions that, as of this writing, are | |
982 | only known to be implemented by Open vSwitch: | |
983 | . | |
984 | .RS | |
985 | . | |
3a2fe1f3 | 986 | .IP \fBresubmit\fB:\fIport\fR |
29901626 BP |
987 | .IQ \fBresubmit\fB(\fR[\fIport\fR]\fB,\fR[\fItable\fR]\fB) |
988 | Re-searches this OpenFlow flow table (or the table whose number is | |
989 | specified by \fItable\fR) with the \fBin_port\fR field replaced by | |
990 | \fIport\fR (if \fIport\fR is specified) and executes the actions | |
991 | found, if any, in addition to any other actions in this flow entry. | |
992 | .IP | |
993 | Recursive \fBresubmit\fR actions are obeyed up to an | |
994 | implementation-defined maximum depth. Open vSwitch 1.0.1 and earlier | |
995 | did not support recursion; Open vSwitch before 1.2.90 did not support | |
996 | \fItable\fR. | |
659586ef JG |
997 | . |
998 | .IP \fBset_tunnel\fB:\fIid\fR | |
b9298d3f BP |
999 | .IQ \fBset_tunnel64\fB:\fIid\fR |
1000 | If outputting to a port that encapsulates the packet in a tunnel and | |
5a6861aa | 1001 | supports an identifier (such as GRE), sets the identifier to \fIid\fR. |
b9298d3f BP |
1002 | If the \fBset_tunnel\fR form is used and \fIid\fR fits in 32 bits, |
1003 | then this uses an action extension that is supported by Open vSwitch | |
1004 | 1.0 and later. Otherwise, if \fIid\fR is a 64-bit value, it requires | |
1005 | Open vSwitch 1.1 or later. | |
3a2fe1f3 | 1006 | . |
eedc0097 JP |
1007 | .IP \fBset_queue\fB:\fIqueue\fR |
1008 | Sets the queue that should be used to \fIqueue\fR when packets are | |
1009 | output. The number of supported queues depends on the switch; some | |
1010 | OpenFlow implementations do not support queuing at all. | |
1011 | . | |
1012 | .IP \fBpop_queue\fR | |
1013 | Restores the queue to the value it was before any \fBset_queue\fR | |
1014 | actions were applied. | |
1015 | . | |
f0fd1a17 | 1016 | .IP \fBdec_ttl\fR |
c2d967a5 | 1017 | .IQ \fBdec_ttl\fB[\fR(\fIid1,id2\fI)\fR]\fR |
f0fd1a17 PS |
1018 | Decrement TTL of IPv4 packet or hop limit of IPv6 packet. If the |
1019 | TTL or hop limit is initially zero, no decrement occurs. Instead, | |
1020 | a ``packet-in'' message with reason code \fBOFPR_INVALID_TTL\fR is | |
1021 | sent to each connected controller that has enabled receiving them, | |
c2d967a5 MM |
1022 | if any. Processing the current set of actions then stops. However, |
1023 | if the current set of actions was reached through ``resubmit'' then | |
1024 | remaining actions in outer levels resume processing. This action | |
1025 | also optionally supports the ability to specify a list of valid | |
1026 | controller ids. Each of controllers in the list will receive the | |
1027 | ``packet_in'' message only if they have registered to receive the | |
1028 | invalid ttl packets. If controller ids are not specified, the | |
1029 | ``packet_in'' message will be sent only to the controllers having | |
1030 | controller id zero which have registered for the invalid ttl packets. | |
f0fd1a17 | 1031 | . |
0f3f3c3d SH |
1032 | .IP \fBset_mpls_ttl\fR:\fIttl\fR |
1033 | Set the TTL of the outer MPLS label stack entry of a packet. | |
1034 | \fIttl\fR should be in the range 0 to 255 inclusive. | |
1035 | . | |
b676167a SH |
1036 | .IP \fBdec_mpls_ttl\fR |
1037 | Decrement TTL of the outer MPLS label stack entry of a packet. If the TTL | |
1038 | is initially zero, no decrement occurs. Instead, a ``packet-in'' message | |
1039 | with reason code \fBOFPR_INVALID_TTL\fR is sent to each connected | |
1040 | controller with controller id zer that has enabled receiving them. | |
1041 | Processing the current set of actions then stops. However, if the current | |
1042 | set of actions was reached through ``resubmit'' then remaining actions in | |
1043 | outer levels resume processing. | |
1044 | . | |
96fc46e8 BP |
1045 | .IP \fBnote:\fR[\fIhh\fR]... |
1046 | Does nothing at all. Any number of bytes represented as hex digits | |
1047 | \fIhh\fR may be included. Pairs of hex digits may be separated by | |
1048 | periods for readability. | |
e0631927 BP |
1049 | The \fBnote\fR action's format doesn't include an exact length for its |
1050 | payload, so the provided bytes will be padded on the right by enough | |
1051 | bytes with value 0 to make the total number 6 more than a multiple of | |
1052 | 8. | |
f393f81e | 1053 | . |
5a6861aa | 1054 | .IP "\fBmove:\fIsrc\fB[\fIstart\fB..\fIend\fB]\->\fIdst\fB[\fIstart\fB..\fIend\fB]\fR" |
f393f81e BP |
1055 | Copies the named bits from field \fIsrc\fR to field \fIdst\fR. |
1056 | \fIsrc\fR and \fIdst\fR must be NXM field names as defined in | |
1057 | \fBnicira\-ext.h\fR, e.g. \fBNXM_OF_UDP_SRC\fR or \fBNXM_NX_REG0\fR. | |
1058 | Each \fIstart\fR and \fIend\fR pair, which are inclusive, must specify | |
1059 | the same number of bits and must fit within its respective field. | |
1060 | Shorthands for \fB[\fIstart\fB..\fIend\fB]\fR exist: use | |
1061 | \fB[\fIbit\fB]\fR to specify a single bit or \fB[]\fR to specify an | |
1062 | entire field. | |
1063 | .IP | |
1064 | Examples: \fBmove:NXM_NX_REG0[0..5]\->NXM_NX_REG1[26..31]\fR copies the | |
1065 | six bits numbered 0 through 5, inclusive, in register 0 into bits 26 | |
1066 | through 31, inclusive; | |
5a6861aa | 1067 | \fBmove:NXM_NX_REG0[0..15]\->NXM_OF_VLAN_TCI[]\fR copies the least |
f393f81e BP |
1068 | significant 16 bits of register 0 into the VLAN TCI field. |
1069 | . | |
1070 | .IP "\fBload:\fIvalue\fB\->\fIdst\fB[\fIstart\fB..\fIend\fB]" | |
1071 | Writes \fIvalue\fR to bits \fIstart\fR through \fIend\fR, inclusive, | |
5a6861aa | 1072 | in field \fIdst\fR. |
f393f81e BP |
1073 | .IP |
1074 | Example: \fBload:55\->NXM_NX_REG2[0..5]\fR loads value 55 (bit pattern | |
1075 | \fB110111\fR) into bits 0 through 5, inclusive, in register 2. | |
53ddd40a | 1076 | . |
bd85dac1 AZ |
1077 | .IP "\fBpush:\fIsrc\fB[\fIstart\fB..\fIend\fB]" |
1078 | Pushes \fIstart\fR to \fIend\fR bits inclusive, in fields | |
1079 | on top of the stack. | |
1080 | .IP | |
1081 | Example: \fBpush:NXM_NX_REG2[0..5]\fR push the value stored in register | |
1082 | 2 bits 0 through 5, inclusive, on to the internal stack. | |
1083 | . | |
1084 | .IP "\fBpop:\fIdst\fB[\fIstart\fB..\fIend\fB]" | |
1085 | Pops from the top of the stack, retrieves the \fIstart\fR to \fIend\fR bits | |
1086 | inclusive, from the value popped and store them into the corresponding | |
1087 | bits in \fIdst\fR. | |
1088 | . | |
1089 | .IP | |
1090 | Example: \fBpop:NXM_NX_REG2[0..5]\fR pops the value from top of the stack. | |
1091 | Set register 2 bits 0 through 5, inclusive, based on bits 0 through 5 from the | |
1092 | value just popped. | |
1093 | . | |
f5c45121 SH |
1094 | .IP "\fBset_field:\fIvalue\fB\->\fIdst" |
1095 | Writes the literal \fIvalue\fR into the field \fIdst\fR, which should | |
1096 | be specified as a name used for matching. (This is similar to | |
1097 | \fBload\fR but more closely matches the set-field action defined in | |
1098 | Open Flow 1.2 and above.) | |
1099 | . | |
1100 | .IP | |
1101 | Example: \fBset_field:fe80:0123:4567:890a:a6ba:dbff:fefe:59fa\->ipv6_src\fR | |
1102 | . | |
53ddd40a BP |
1103 | .IP "\fBmultipath(\fIfields\fB, \fIbasis\fB, \fIalgorithm\fB, \fIn_links\fB, \fIarg\fB, \fIdst\fB[\fIstart\fB..\fIend\fB])\fR" |
1104 | Hashes \fIfields\fR using \fIbasis\fR as a universal hash parameter, | |
1105 | then the applies multipath link selection \fIalgorithm\fR (with | |
1106 | parameter \fIarg\fR) to choose one of \fIn_links\fR output links | |
1107 | numbered 0 through \fIn_links\fR minus 1, and stores the link into | |
43edca57 | 1108 | \fIdst\fB[\fIstart\fB..\fIend\fB]\fR, which must be an NXM field as |
53ddd40a BP |
1109 | described above. |
1110 | .IP | |
1111 | Currently, \fIfields\fR must be either \fBeth_src\fR or | |
1112 | \fBsymmetric_l4\fR and \fIalgorithm\fR must be one of \fBmodulo_n\fR, | |
1113 | \fBhash_threshold\fR, \fBhrw\fR, and \fBiter_hash\fR. Only | |
1114 | the \fBiter_hash\fR algorithm uses \fIarg\fR. | |
1115 | .IP | |
1116 | Refer to \fBnicira\-ext.h\fR for more details. | |
3b6a2571 | 1117 | . |
daff3353 EJ |
1118 | .IP "\fBbundle(\fIfields\fB, \fIbasis\fB, \fIalgorithm\fB, \fIslave_type\fB, slaves:[\fIs1\fB, \fIs2\fB, ...])\fR" |
1119 | Hashes \fIfields\fR using \fIbasis\fR as a universal hash parameter, then | |
1120 | applies the bundle link selection \fIalgorithm\fR to choose one of the listed | |
1121 | slaves represented as \fIslave_type\fR. Currently the only supported | |
1122 | \fIslave_type\fR is \fBofport\fR. Thus, each \fIs1\fR through \fIsN\fR should | |
1123 | be an OpenFlow port number. Outputs to the selected slave. | |
1124 | .IP | |
1125 | Currently, \fIfields\fR must be either \fBeth_src\fR or \fBsymmetric_l4\fR and | |
1126 | \fIalgorithm\fR must be one of \fBhrw\fR and \fBactive_backup\fR. | |
1127 | .IP | |
1128 | Example: \fBbundle(eth_src,0,hrw,ofport,slaves:4,8)\fR uses an Ethernet source | |
1129 | hash with basis 0, to select between OpenFlow ports 4 and 8 using the Highest | |
1130 | Random Weight algorithm. | |
1131 | .IP | |
1132 | Refer to \fBnicira\-ext.h\fR for more details. | |
a368bb53 EJ |
1133 | . |
1134 | .IP "\fBbundle_load(\fIfields\fB, \fIbasis\fB, \fIalgorithm\fB, \fIslave_type\fB, \fIdst\fB[\fIstart\fB..\fIend\fB], slaves:[\fIs1\fB, \fIs2\fB, ...])\fR" | |
1135 | Has the same behavior as the \fBbundle\fR action, with one exception. Instead | |
1136 | of outputting to the selected slave, it writes its selection to | |
1137 | \fIdst\fB[\fIstart\fB..\fIend\fB]\fR, which must be an NXM field as described | |
1138 | above. | |
1139 | .IP | |
2638c6dc BP |
1140 | Example: \fBbundle_load(eth_src, 0, hrw, ofport, NXM_NX_REG0[], |
1141 | slaves:4, 8)\fR uses an Ethernet source hash with basis 0, to select | |
1142 | between OpenFlow ports 4 and 8 using the Highest Random Weight | |
1143 | algorithm, and writes the selection to \fBNXM_NX_REG0[]\fR. | |
a368bb53 EJ |
1144 | .IP |
1145 | Refer to \fBnicira\-ext.h\fR for more details. | |
75a75043 BP |
1146 | . |
1147 | .IP "\fBlearn(\fIargument\fR[\fB,\fIargument\fR]...\fB)\fR" | |
1148 | This action adds or modifies a flow in an OpenFlow table, similar to | |
1149 | \fBovs\-ofctl \-\-strict mod\-flows\fR. The arguments specify the | |
1150 | flow's match fields, actions, and other properties, as follows. At | |
1151 | least one match criterion and one action argument should ordinarily be | |
1152 | specified. | |
1153 | .RS | |
1154 | .IP \fBidle_timeout=\fIseconds\fR | |
1155 | .IQ \fBhard_timeout=\fIseconds\fR | |
1156 | .IQ \fBpriority=\fIvalue\fR | |
1157 | These key-value pairs have the same meaning as in the usual | |
1158 | \fBovs\-ofctl\fR flow syntax. | |
1159 | . | |
0e553d9c BP |
1160 | .IP \fBfin_idle_timeout=\fIseconds\fR |
1161 | .IQ \fBfin_hard_timeout=\fIseconds\fR | |
1162 | Adds a \fBfin_timeout\fR action with the specified arguments to the | |
1163 | new flow. This feature was added in Open vSwitch 1.5.90. | |
1164 | . | |
75a75043 BP |
1165 | .IP \fBtable=\fInumber\fR |
1166 | The table in which the new flow should be inserted. Specify a decimal | |
1167 | number between 0 and 254. The default, if \fBtable\fR is unspecified, | |
1168 | is table 1. | |
1169 | . | |
1170 | .IP \fIfield\fB=\fIvalue\fR | |
1171 | .IQ \fIfield\fB[\fIstart\fB..\fIend\fB]=\fIsrc\fB[\fIstart\fB..\fIend\fB]\fR | |
1172 | .IQ \fIfield\fB[\fIstart\fB..\fIend\fB]\fR | |
1173 | Adds a match criterion to the new flow. | |
1174 | .IP | |
1175 | The first form specifies that \fIfield\fR must match the literal | |
1176 | \fIvalue\fR, e.g. \fBdl_type=0x0800\fR. All of the fields and values | |
1177 | for \fBovs\-ofctl\fR flow syntax are available with their usual | |
1178 | meanings. | |
1179 | .IP | |
1180 | The second form specifies that \fIfield\fB[\fIstart\fB..\fIend\fB]\fR | |
1181 | in the new flow must match \fIsrc\fB[\fIstart\fB..\fIend\fB]\fR taken | |
1182 | from the flow currently being processed. | |
1183 | .IP | |
1184 | The third form is a shorthand for the second form. It specifies that | |
1185 | \fIfield\fB[\fIstart\fB..\fIend\fB]\fR in the new flow must match | |
1186 | \fIfield\fB[\fIstart\fB..\fIend\fB]\fR taken from the flow currently | |
1187 | being processed. | |
1188 | . | |
1189 | .IP \fBload:\fIvalue\fB\->\fIdst\fB[\fIstart\fB..\fIend\fB] | |
1190 | .IQ \fBload:\fIsrc\fB[\fIstart\fB..\fIend\fB]\->\fIdst\fB[\fIstart\fB..\fIend\fB] | |
1191 | . | |
1192 | Adds a \fBload\fR action to the new flow. | |
1193 | .IP | |
1194 | The first form loads the literal \fIvalue\fR into bits \fIstart\fR | |
1195 | through \fIend\fR, inclusive, in field \fIdst\fR. Its syntax is the | |
1196 | same as the \fBload\fR action described earlier in this section. | |
1197 | .IP | |
1198 | The second form loads \fIsrc\fB[\fIstart\fB..\fIend\fB]\fR, a value | |
1199 | from the flow currently being processed, into bits \fIstart\fR | |
1200 | through \fIend\fR, inclusive, in field \fIdst\fR. | |
1201 | . | |
1202 | .IP \fBoutput:\fIfield\fB[\fIstart\fB..\fIend\fB]\fR | |
1203 | Add an \fBoutput\fR action to the new flow's actions, that outputs to | |
1204 | the OpenFlow port taken from \fIfield\fB[\fIstart\fB..\fIend\fB]\fR, | |
1205 | which must be an NXM field as described above. | |
1206 | .RE | |
1207 | .IP | |
1208 | For best performance, segregate learned flows into a table (using | |
1209 | \fBtable=\fInumber\fR) that is not used for any other flows except | |
1210 | possibly for a lowest-priority ``catch-all'' flow, that is, a flow | |
1211 | with no match criteria. (This is why the default \fBtable\fR is 1, to | |
1212 | keep the learned flows separate from the primary flow table 0.) | |
a9b4a41a | 1213 | . |
8dd54666 IY |
1214 | .RS |
1215 | .IP \fBapply_actions(\fR[\fIaction\fR][\fB,\fIaction\fR...]\fB) | |
1216 | Applies the specific action(s) immediately. The syntax of actions are same | |
1217 | to \fBactions=\fR field. | |
1218 | . | |
b19e8793 IY |
1219 | .IP \fBclear_actions\fR |
1220 | Clears all the actions in the action set immediately. | |
1221 | . | |
4cceacb9 JS |
1222 | .IP \fBwrite_metadata\fB:\fIvalue\fR[/\fImask\fR] |
1223 | Updates the metadata field for the flow. If \fImask\fR is omitted, the | |
1224 | metadata field is set exactly to \fIvalue\fR; if \fImask\fR is specified, then | |
1225 | a 1-bit in \fImask\fR indicates that the corresponding bit in the metadata | |
1226 | field will be replaced with the corresponding bit from \fIvalue\fR. Both | |
1227 | \fIvalue\fR and \fImask\fR are 64-bit values that are decimal by default; use | |
1228 | a \fB0x\fR prefix to specify them in hexadecimal. | |
1229 | . | |
8dd54666 IY |
1230 | .IP \fBgoto_table\fR:\fItable\fR |
1231 | Indicates the next table in the process pipeline. | |
1232 | .RE | |
1233 | . | |
0e553d9c BP |
1234 | .IP "\fBfin_timeout(\fIargument\fR[\fB,\fIargument\fR]\fB)" |
1235 | This action changes the idle timeout or hard timeout, or both, of this | |
1236 | OpenFlow rule when the rule matches a TCP packet with the FIN or RST | |
1237 | flag. When such a packet is observed, the action reduces the rule's | |
1238 | timeouts to those specified on the action. If the rule's existing | |
1239 | timeout is already shorter than the one that the action specifies, | |
1240 | then that timeout is unaffected. | |
1241 | .IP | |
1242 | \fIargument\fR takes the following forms: | |
1243 | .RS | |
1244 | .IP "\fBidle_timeout=\fIseconds\fR" | |
1245 | Causes the flow to expire after the given number of seconds of | |
1246 | inactivity. | |
1247 | . | |
1248 | .IP "\fBhard_timeout=\fIseconds\fR" | |
1249 | Causes the flow to expire after the given number of seconds, | |
1250 | regardless of activity. (\fIseconds\fR specifies time since the | |
1251 | flow's creation, not since the receipt of the FIN or RST.) | |
1252 | .RE | |
1253 | .IP | |
1254 | This action was added in Open vSwitch 1.5.90. | |
29089a54 RL |
1255 | . |
1256 | .IP "\fBsample(\fIargument\fR[\fB,\fIargument\fR]...\fB)\fR" | |
1257 | Samples packets and sends one sample for every sampled packet. | |
1258 | .IP | |
1259 | \fIargument\fR takes the following forms: | |
1260 | .RS | |
1261 | .IP "\fBprobability=\fIpackets\fR" | |
1262 | The number of sampled packets out of 65535. Must be greater or equal to 1. | |
1263 | .IP "\fBcollector_set_id=\fIid\fR" | |
1264 | The unsigned 32-bit integer identifier of the set of sample collectors | |
1265 | to send sampled packets to. Defaults to 0. | |
1266 | .IP "\fBobs_domain_id=\fIid\fR" | |
1267 | When sending samples to IPFIX collectors, the unsigned 32-bit integer | |
1268 | Observation Domain ID sent in every IPFIX flow record. Defaults to 0. | |
1269 | .IP "\fBobs_point_id=\fIid\fR" | |
1270 | When sending samples to IPFIX collectors, the unsigned 32-bit integer | |
1271 | Observation Point ID sent in every IPFIX flow record. Defaults to 0. | |
1272 | .RE | |
1273 | .IP | |
1274 | Refer to \fBovs\-vswitchd.conf.db\fR(8) for more details on | |
1275 | configuring sample collector sets. | |
1276 | .IP | |
1277 | This action was added in Open vSwitch 1.10.90. | |
1278 | . | |
848e8809 EJ |
1279 | .IP "\fBexit\fR" |
1280 | This action causes Open vSwitch to immediately halt execution of further | |
1281 | actions. Those actions which have already been executed are unaffected. Any | |
1282 | further actions, including those which may be in other tables, or different | |
1283 | levels of the \fBresubmit\fR call stack, are ignored. | |
24362cd6 | 1284 | .RE |
848e8809 | 1285 | . |
064af421 | 1286 | .PP |
e729e793 JP |
1287 | An opaque identifier called a cookie can be used as a handle to identify |
1288 | a set of flows: | |
1289 | . | |
623e1caf JP |
1290 | .IP \fBcookie=\fIvalue\fR |
1291 | . | |
1292 | A cookie can be associated with a flow using the \fBadd\-flow\fR, | |
1293 | \fBadd\-flows\fR, and \fBmod\-flows\fR commands. \fIvalue\fR can be any | |
1294 | 64-bit number and need not be unique among flows. If this field is | |
1295 | omitted, a default cookie value of 0 is used. | |
1296 | . | |
1297 | .IP \fBcookie=\fIvalue\fR\fB/\fImask\fR | |
e729e793 | 1298 | . |
e729e793 | 1299 | When using NXM, the cookie can be used as a handle for querying, |
623e1caf JP |
1300 | modifying, and deleting flows. \fIvalue\fR and \fImask\fR may be |
1301 | supplied for the \fBdel\-flows\fR, \fBmod\-flows\fR, \fBdump\-flows\fR, and | |
1302 | \fBdump\-aggregate\fR commands to limit matching cookies. A 1-bit in | |
1303 | \fImask\fR indicates that the corresponding bit in \fIcookie\fR must | |
1304 | match exactly, and a 0-bit wildcards that bit. A mask of \-1 may be used | |
1305 | to exactly match a cookie. | |
1306 | .IP | |
1307 | The \fBmod\-flows\fR command can update the cookies of flows that | |
1308 | match a cookie by specifying the \fIcookie\fR field twice (once with a | |
1309 | mask for matching and once without to indicate the new value): | |
1310 | .RS | |
1311 | .IP "\fBovs\-ofctl mod\-flows br0 cookie=1,actions=normal\fR" | |
1312 | Change all flows' cookies to 1 and change their actions to \fBnormal\fR. | |
1313 | .IP "\fBovs\-ofctl mod\-flows br0 cookie=1/\-1,cookie=2,actions=normal\fR" | |
1314 | Update cookies with a value of 1 to 2 and change their actions to | |
1315 | \fBnormal\fR. | |
1316 | .RE | |
1317 | .IP | |
1318 | The ability to match on cookies was added in Open vSwitch 1.5.0. | |
8cce2125 JP |
1319 | . |
1320 | .PP | |
4b6b46ce BP |
1321 | The following additional field sets the priority for flows added by |
1322 | the \fBadd\-flow\fR and \fBadd\-flows\fR commands. For | |
1323 | \fBmod\-flows\fR and \fBdel\-flows\fR when \fB\-\-strict\fR is | |
1324 | specified, priority must match along with the rest of the flow | |
623e1caf | 1325 | specification. For \fBmod-flows\fR without \fB\-\-strict\fR, |
fdb3539e BP |
1326 | priority is only significant if the command creates a new flow, that |
1327 | is, non-strict \fBmod\-flows\fR does not match on priority and will | |
1328 | not change the priority of existing flows. Other commands do not | |
1329 | allow priority to be specified. | |
a9b4a41a | 1330 | . |
064af421 BP |
1331 | .IP \fBpriority=\fIvalue\fR |
1332 | The priority at which a wildcarded entry will match in comparison to | |
1333 | others. \fIvalue\fR is a number between 0 and 65535, inclusive. A higher | |
1334 | \fIvalue\fR will match before a lower one. An exact-match entry will always | |
1335 | have priority over an entry containing wildcards, so it has an implicit | |
1336 | priority value of 65535. When adding a flow, if the field is not specified, | |
1337 | the flow's priority will default to 32768. | |
4530afba BP |
1338 | .IP |
1339 | OpenFlow leaves behavior undefined when two or more flows with the | |
1340 | same priority can match a single packet. Some users expect | |
1341 | ``sensible'' behavior, such as more specific flows taking precedence | |
1342 | over less specific flows, but OpenFlow does not specify this and Open | |
1343 | vSwitch does not implement it. Users should therefore take care to | |
1344 | use priorities to ensure the behavior that they expect. | |
a9b4a41a | 1345 | . |
064af421 | 1346 | .PP |
fdb3539e BP |
1347 | The \fBadd\-flow\fR, \fBadd\-flows\fR, and \fBmod\-flows\fR commands |
1348 | support the following additional options. These options affect only | |
1349 | new flows. Thus, for \fBadd\-flow\fR and \fBadd\-flows\fR, these | |
1350 | options are always significant, but for \fBmod\-flows\fR they are | |
1351 | significant only if the command creates a new flow, that is, their | |
a993007b | 1352 | values do not update or affect existing flows. |
a9b4a41a | 1353 | . |
fdb3539e | 1354 | .IP "\fBidle_timeout=\fIseconds\fR" |
064af421 | 1355 | Causes the flow to expire after the given number of seconds of |
fdb3539e BP |
1356 | inactivity. A value of 0 (the default) prevents a flow from expiring |
1357 | due to inactivity. | |
a9b4a41a | 1358 | . |
064af421 BP |
1359 | .IP \fBhard_timeout=\fIseconds\fR |
1360 | Causes the flow to expire after the given number of seconds, | |
1361 | regardless of activity. A value of 0 (the default) gives the flow no | |
1362 | hard expiration deadline. | |
a9b4a41a | 1363 | . |
a993007b BP |
1364 | .IP "\fBsend_flow_rem\fR" |
1365 | Marks the flow with a flag that causes the switch to generate a ``flow | |
1366 | removed'' message and send it to interested controllers when the flow | |
1367 | later expires or is removed. | |
1368 | . | |
1369 | .IP "\fBcheck_overlap\fR" | |
1370 | Forces the switch to check that the flow match does not overlap that | |
1371 | of any different flow with the same priority in the same table. (This | |
1372 | check is expensive so it is best to avoid it.) | |
1373 | . | |
064af421 | 1374 | .PP |
4e312e69 BP |
1375 | The \fBdump\-flows\fR, \fBdump\-aggregate\fR, \fBdel\-flow\fR |
1376 | and \fBdel\-flows\fR commands support one additional optional field: | |
a9b4a41a | 1377 | . |
064af421 BP |
1378 | .TP |
1379 | \fBout_port=\fIport\fR | |
c6100d92 BP |
1380 | If set, a matching flow must include an output action to \fIport\fR, |
1381 | which must an OpenFlow port number or name (e.g. \fBlocal\fR). | |
a9b4a41a | 1382 | . |
064af421 | 1383 | .SS "Table Entry Output" |
a9b4a41a | 1384 | . |
4e312e69 | 1385 | The \fBdump\-tables\fR and \fBdump\-aggregate\fR commands print information |
064af421 | 1386 | about the entries in a datapath's tables. Each line of output is a |
f27f2134 BP |
1387 | flow entry as described in \fBFlow Syntax\fR, above, plus some |
1388 | additional fields: | |
a9b4a41a | 1389 | . |
f27f2134 BP |
1390 | .IP \fBduration=\fIsecs\fR |
1391 | The time, in seconds, that the entry has been in the table. | |
1392 | \fIsecs\fR includes as much precision as the switch provides, possibly | |
1393 | to nanosecond resolution. | |
a9b4a41a | 1394 | . |
064af421 BP |
1395 | .IP \fBn_packets\fR |
1396 | The number of packets that have matched the entry. | |
a9b4a41a | 1397 | . |
064af421 BP |
1398 | .IP \fBn_bytes\fR |
1399 | The total number of bytes from packets that have matched the entry. | |
a9b4a41a | 1400 | . |
064af421 | 1401 | .PP |
f27f2134 BP |
1402 | The following additional fields are included only if the switch is |
1403 | Open vSwitch 1.6 or later and the NXM flow format is used to dump the | |
1404 | flow (see the description of the \fB\-\-flow-format\fR option below). | |
1405 | The values of these additional fields are approximations only and in | |
1406 | particular \fBidle_age\fR will sometimes become nonzero even for busy | |
1407 | flows. | |
1408 | . | |
1409 | .IP \fBhard_age=\fIsecs\fR | |
1410 | The integer number of seconds since the flow was added or modified. | |
1411 | \fBhard_age\fR is displayed only if it differs from the integer part | |
1412 | of \fBduration\fR. (This is separate from \fBduration\fR because | |
1413 | \fBmod\-flows\fR restarts the \fBhard_timeout\fR timer without zeroing | |
1414 | \fBduration\fR.) | |
1415 | . | |
1416 | .IP \fBidle_age=\fIsecs\fR | |
1417 | The integer number of seconds that have passed without any packets | |
1418 | passing through the flow. | |
a9b4a41a | 1419 | . |
064af421 BP |
1420 | .SH OPTIONS |
1421 | .TP | |
4e312e69 | 1422 | \fB\-\-strict\fR |
064af421 | 1423 | Uses strict matching when running flow modification commands. |
a9b4a41a | 1424 | . |
a53a8efa SH |
1425 | .so lib/ofp-version.man |
1426 | . | |
27527aa0 BP |
1427 | .IP "\fB\-F \fIformat\fR[\fB,\fIformat\fR...]" |
1428 | .IQ "\fB\-\-flow\-format=\fIformat\fR[\fB,\fIformat\fR...]" | |
1429 | \fBovs\-ofctl\fR supports the following individual flow formats, any | |
1430 | number of which may be listed as \fIformat\fR: | |
88ca35ee | 1431 | .RS |
27527aa0 BP |
1432 | .IP "\fBOpenFlow10\-table_id\fR" |
1433 | This is the standard OpenFlow 1.0 flow format. All OpenFlow switches | |
1434 | and all versions of Open vSwitch support this flow format. | |
88ca35ee | 1435 | . |
27527aa0 BP |
1436 | .IP "\fBOpenFlow10+table_id\fR" |
1437 | This is the standard OpenFlow 1.0 flow format plus a Nicira extension | |
1438 | that allows \fBovs\-ofctl\fR to specify the flow table in which a | |
1439 | particular flow should be placed. Open vSwitch 1.2 and later supports | |
1440 | this flow format. | |
1441 | . | |
1442 | .IP "\fBNXM\-table_id\fR (Nicira Extended Match)" | |
88ca35ee BP |
1443 | This Nicira extension to OpenFlow is flexible and extensible. It |
1444 | supports all of the Nicira flow extensions, such as \fBtun_id\fR and | |
27527aa0 BP |
1445 | registers. Open vSwitch 1.1 and later supports this flow format. |
1446 | . | |
1447 | .IP "\fBNXM+table_id\fR (Nicira Extended Match)" | |
1448 | This combines Nicira Extended match with the ability to place a flow | |
1449 | in a specific table. Open vSwitch 1.2 and later supports this flow | |
1450 | format. | |
e71bff1b BP |
1451 | . |
1452 | .IP "\fBOXM-OpenFlow12\fR" | |
1453 | .IQ "\fBOXM-OpenFlow13\fR" | |
1454 | These are the standard OXM (OpenFlow Extensible Match) flow format in | |
1455 | OpenFlow 1.2 and 1.3, respectively. | |
88ca35ee | 1456 | .RE |
27527aa0 | 1457 | . |
88ca35ee | 1458 | .IP |
27527aa0 BP |
1459 | \fBovs\-ofctl\fR also supports the following abbreviations for |
1460 | collections of flow formats: | |
1461 | .RS | |
1462 | .IP "\fBany\fR" | |
1463 | Any supported flow format. | |
1464 | .IP "\fBOpenFlow10\fR" | |
1465 | \fBOpenFlow10\-table_id\fR or \fBOpenFlow10+table_id\fR. | |
1466 | .IP "\fBNXM\fR" | |
1467 | \fBNXM\-table_id\fR or \fBNXM+table_id\fR. | |
e71bff1b BP |
1468 | .IP "\fBOXM\fR" |
1469 | \fBOXM-OpenFlow12\fR or \fBOXM-OpenFlow13\fR. | |
27527aa0 | 1470 | .RE |
4f564f8d | 1471 | . |
27527aa0 BP |
1472 | .IP |
1473 | For commands that modify the flow table, \fBovs\-ofctl\fR by default | |
1474 | negotiates the most widely supported flow format that supports the | |
1475 | flows being added. For commands that query the flow table, | |
1476 | \fBovs\-ofctl\fR by default uses the most advanced format supported by | |
1477 | the switch. | |
1478 | .IP | |
1479 | This option, where \fIformat\fR is a comma-separated list of one or | |
1480 | more of the formats listed above, limits \fBovs\-ofctl\fR's choice of | |
1481 | flow format. If a command cannot work as requested using one of the | |
1482 | specified flow formats, \fBovs\-ofctl\fR will report a fatal error. | |
54834960 EJ |
1483 | . |
1484 | .IP "\fB\-P \fIformat\fR" | |
1485 | .IQ "\fB\-\-packet\-in\-format=\fIformat\fR" | |
1486 | \fBovs\-ofctl\fR supports the following packet_in formats, in order of | |
1487 | increasing capability: | |
1488 | .RS | |
1489 | .IP "\fBopenflow10\fR" | |
1490 | This is the standard OpenFlow 1.0 packet in format. It should be supported by | |
1491 | all OpenFlow switches. | |
1492 | . | |
1493 | .IP "\fBnxm\fR (Nicira Extended Match)" | |
1494 | This packet_in format includes flow metadata encoded using the NXM format. | |
1495 | . | |
1496 | .RE | |
1497 | .IP | |
1498 | Usually, \fBovs\-ofctl\fR prefers the \fBnxm\fR packet_in format, but will | |
1499 | allow the switch to choose its default if \fBnxm\fR is unsupported. When | |
1500 | \fIformat\fR is one of the formats listed in the above table, \fBovs\-ofctl\fR | |
1501 | will insist on the selected format. If the switch does not support the | |
1502 | requested format, \fBovs\-ofctl\fR will report a fatal error. This option only | |
ca8526e0 | 1503 | affects the \fBmonitor\fR command. |
54834960 | 1504 | . |
0c9560b7 BP |
1505 | .IP "\fB\-\-timestamp\fR" |
1506 | Print a timestamp before each received packet. This option only | |
1507 | affects the \fBmonitor\fR and \fBsnoop\fR commands. | |
1508 | . | |
4f564f8d BP |
1509 | .IP "\fB\-m\fR" |
1510 | .IQ "\fB\-\-more\fR" | |
1511 | Increases the verbosity of OpenFlow messages printed and logged by | |
1512 | \fBovs\-ofctl\fR commands. Specify this option more than once to | |
1513 | increase verbosity further. | |
1eb85ef5 | 1514 | . |
bdcc5925 BP |
1515 | .IP \fB\-\-sort\fR[\fB=\fIfield\fR] |
1516 | .IQ \fB\-\-rsort\fR[\fB=\fIfield\fR] | |
1517 | Display output sorted by flow \fIfield\fR in ascending | |
1518 | (\fB\-\-sort\fR) or descending (\fB\-\-rsort\fR) order, where | |
1519 | \fIfield\fR is any of the fields that are allowed for matching or | |
1520 | \fBpriority\fR to sort by priority. When \fIfield\fR is omitted, the | |
1521 | output is sorted by priority. Specify these options multiple times to | |
1522 | sort by multiple fields. | |
1523 | .IP | |
1524 | Any given flow will not necessarily specify a value for a given | |
1525 | field. This requires special treatement: | |
1526 | .RS | |
1527 | .IP \(bu | |
1528 | A flow that does not specify any part of a field that is used for sorting is | |
1529 | sorted after all the flows that do specify the field. For example, | |
1530 | \fB\-\-sort=tcp_src\fR will sort all the flows that specify a TCP | |
1531 | source port in ascending order, followed by the flows that do not | |
1532 | specify a TCP source port at all. | |
1533 | .IP \(bu | |
1534 | A flow that only specifies some bits in a field is sorted as if the | |
1535 | wildcarded bits were zero. For example, \fB\-\-sort=nw_src\fR would | |
1536 | sort a flow that specifies \fBnw_src=192.168.0.0/24\fR the same as | |
1537 | \fBnw_src=192.168.0.0\fR. | |
1538 | .RE | |
1539 | .IP | |
1540 | These options currently affect only \fBdump\-flows\fR output. | |
1541 | . | |
1eb85ef5 EJ |
1542 | .ds DD \ |
1543 | \fBovs\-ofctl\fR detaches only when executing the \fBmonitor\fR or \ | |
1544 | \fBsnoop\fR commands. | |
1545 | .so lib/daemon.man | |
ac300505 | 1546 | .SS "Public Key Infrastructure Options" |
84ee7bcf | 1547 | .so lib/ssl.man |
064af421 BP |
1548 | .so lib/vlog.man |
1549 | .so lib/common.man | |
a9b4a41a | 1550 | . |
1eb85ef5 | 1551 | .SH "RUNTIME MANAGEMENT COMMANDS" |
96761f58 BP |
1552 | \fBovs\-appctl\fR(8) can send commands to a running \fBovs\-ofctl\fR |
1553 | process. The supported commands are listed below. | |
1554 | . | |
1eb85ef5 | 1555 | .IP "\fBexit\fR" |
96761f58 BP |
1556 | Causes \fBovs\-ofctl\fR to gracefully terminate. This command applies |
1557 | only when executing the \fBmonitor\fR or \fBsnoop\fR commands. | |
1558 | . | |
1e1d00a5 BP |
1559 | .IP "\fBofctl/set\-output\-file \fIfile\fR" |
1560 | Causes all subsequent output to go to \fIfile\fR instead of stderr. | |
1561 | This command applies only when executing the \fBmonitor\fR or | |
1562 | \fBsnoop\fR commands. | |
1563 | . | |
96761f58 BP |
1564 | .IP "\fBofctl/send \fIofmsg\fR..." |
1565 | Sends each \fIofmsg\fR, specified as a sequence of hex digits that | |
1566 | express an OpenFlow message, on the OpenFlow connection. This command | |
1567 | is useful only when executing the \fBmonitor\fR command. | |
1568 | . | |
bb638b9a BP |
1569 | .IP "\fBofctl/barrier\fR" |
1570 | Sends an OpenFlow barrier request on the OpenFlow connection and waits | |
1571 | for a reply. This command is useful only for the \fBmonitor\fR | |
1572 | command. | |
1573 | . | |
064af421 | 1574 | .SH EXAMPLES |
a9b4a41a | 1575 | . |
045b2e5c BP |
1576 | The following examples assume that \fBovs\-vswitchd\fR has a bridge |
1577 | named \fBbr0\fR configured. | |
a9b4a41a | 1578 | . |
064af421 | 1579 | .TP |
045b2e5c | 1580 | \fBovs\-ofctl dump\-tables br0\fR |
064af421 BP |
1581 | Prints out the switch's table stats. (This is more interesting after |
1582 | some traffic has passed through.) | |
a9b4a41a | 1583 | . |
064af421 | 1584 | .TP |
045b2e5c | 1585 | \fBovs\-ofctl dump\-flows br0\fR |
064af421 | 1586 | Prints the flow entries in the switch. |
a9b4a41a | 1587 | . |
064af421 | 1588 | .SH "SEE ALSO" |
a9b4a41a | 1589 | . |
064af421 BP |
1590 | .BR ovs\-appctl (8), |
1591 | .BR ovs\-controller (8), | |
1592 | .BR ovs\-vswitchd (8) | |
29089a54 | 1593 | .BR ovs\-vswitchd.conf.db (8) |