.\" -*- nroff -*-
-.de IQ
-. br
-. ns
-. IP "\\$1"
-..
+.so lib/ovs.tmac
.TH ovs\-ofctl 8 "@VERSION@" "Open vSwitch" "Open vSwitch Manual"
.ds PN ovs\-ofctl
.
\fBdump\-table\-desc \fIswitch\fR
Prints to the console configuration for each of the flow tables used
by \fIswitch\fR for OpenFlow 1.4+.
-.IP "\fBmod\-table \fIswitch\fR \fItable_id\fR \fIsetting\fR"
-This command configures flow table settings for OpenFlow table
-\fItable_id\fR within \fIswitch\fR. The available settings depend on
+.IP "\fBmod\-table \fIswitch\fR \fItable\fR \fIsetting\fR"
+This command configures flow table settings in \fIswitch\fR for
+OpenFlow table \fItable\fR, which may be expressed as a number or
+(unless \fB\-\-no\-names\fR is specified) a name.
+.IP
+The available settings depend on
the OpenFlow version in use. In OpenFlow 1.1 and 1.2 (which must be
enabled with the \fB\-O\fR option) only, \fBmod\-table\fR configures
behavior when no flow is found when a packet is looked up in a flow
handles packets that do not match any flow in the last table.)
.RE
.IP
+In OpenFlow 1.3 and later (which must be enabled with the \fB\-O\fR
+option) and Open vSwitch 2.11 and later only, \fBmod\-table\fR can
+change the name of a table:
+.RS
+.IP \fBname:\fInew-name\fR
+Changes the name of the table to \fInew-name\fR. Use an empty
+\fInew-name\fR to clear the name. (This will be ineffective if the
+name is set via the \fBname\fR column in the \fBFlow_Table\fR table in
+the \fBOpen_vSwitch\fR database as described in
+\fBovs\-vswitchd.conf.db\fR(5).)
+.RE
+.IP
In OpenFlow 1.4 and later (which must be enabled with the \fB\-O\fR
option) only, \fBmod\-table\fR configures the behavior when a
controller attempts to add a flow to a flow table that is full. The
\fBovs-vswitchd.conf.db\fR(5).
.IP \fBnoevict\fR
Refuse to add the new flow. (Eviction might still be enabled through
-the \fBoverflow_policy\fR oclumn in the \fBFlow_Table\fR table
+the \fBoverflow_policy\fR column in the \fBFlow_Table\fR table
documented in \fBovs-vswitchd.conf.db\fR(5).)
+.IP \fBvacancy:\fIlow\fB,\fIhigh\fR
+Enables sending vacancy events to controllers using \fBTABLE_STATUS\fR
+messages, based on percentage thresholds \fIlow\fR and \fIhigh\fR.
+.IP \fBnovacancy\fR
+Disables vacancy events.
.RE
.
.TP
.
.IP "\fBmod\-port \fIswitch\fR \fIport\fR \fIaction\fR"
Modify characteristics of port \fBport\fR in \fIswitch\fR. \fIport\fR
-may be an OpenFlow port number or name or the keyword \fBLOCAL\fR (the
+may be an OpenFlow port number or name (unless \fB\-\-no\-names\fR is
+specified) or the keyword \fBLOCAL\fR (the
preferred way to refer to the OpenFlow local port). The \fIaction\fR
may be any one of the following:
.
.RS
.IQ \fBup\fR
.IQ \fBdown\fR
-Enable or disable the interface. This is equivalent to \fBifconfig
-up\fR or \fBifconfig down\fR on a Unix system.
+Enable or disable the interface. This is equivalent to \fBip
+link set up\fR or \fBip link set down\fR on a Unix system.
.
.IP \fBstp\fR
.IQ \fBno\-stp\fR
with nonzero offset. This mode is a Nicira extension.
.RE
.IP
-See the description of \fBip_frag\fR, below, for a way to match on
-whether a packet is a fragment and on its fragment offset.
+See the description of \fBip_frag\fR, in \fBovs\-fields\fR(7), for a way to
+match on whether a packet is a fragment and on its fragment offset.
.
.TP
\fBdump\-flows \fIswitch \fR[\fIflows\fR]
.IP
By default, \fBovs\-ofctl\fR prints flow entries in the same order
that the switch sends them, which is unlikely to be intuitive or
-consistent. See the description of \fB\-\-sort\fR and \fB\-\-rsort\fR,
-under \fBOPTIONS\fR below, to influence the display order.
+consistent. Use \fB\-\-sort\fR and \fB\-\-rsort\fR to control display
+order. The \fB\-\-names\fR/\fB\-\-no\-names\fR and
+\fB\-\-stats\fR/\fB\-\-no\-stats\fR options also affect output
+formatting. See the descriptions of these options, under
+\fBOPTIONS\fR below, for more information
.
.TP
\fBdump\-aggregate \fIswitch \fR[\fIflows\fR]
\fIport\fR is omitted, then statistics are printed for \fIqueue\fR on
every port where it exists.
.
-.SS "OpenFlow 1.1+ Group Table Commands"
-.
-The following commands work only with switches that support OpenFlow
-1.1 or later. Because support for OpenFlow 1.1 and later is still
-experimental in Open vSwitch, it is necessary to explicitly enable
-these protocol versions in \fBovs\-ofctl\fR (using \fB\-O\fR) and in
-the switch itself (with the \fBprotocols\fR column in the \fBBridge\fR
-table). For more information, see ``Q: What versions of OpenFlow does
-Open vSwitch support?'' in the Open vSwitch FAQ.
-.
-.IP "\fBdump\-groups \fIswitch\fR [\fIgroup\fR]"
-Prints group entries in \fIswitch\fR's tables to console. To dump
-only a specific group, specify its number as \fIgroup\fR. Otherwise,
-if \fIgroup\fR is omitted, or if it is specified as \fBALL\fR, then
-all groups are printed. Each line of output is a group entry as
-described in \fBGroup Syntax\fR below.
+.IP "\fBqueue\-get\-config \fIswitch [\fIport \fR[\fIqueue\fR]]"
+Prints to the console the configuration of \fIqueue\fR on \fIport\fR
+in \fIswitch\fR. If \fIport\fR is omitted or \fBANY\fR, reports
+queues for all port. If \fIqueue\fR is omitted or \fBANY\fR, reports
+all queues. For OpenFlow 1.3 and earlier, the output always includes
+all queues, ignoring \fIqueue\fR if specified.
.IP
-Only OpenFlow 1.5 and later support dumping a specific group. Earlier
-versions of OpenFlow always dump all groups.
-.
-.IP "\fBdump\-group\-features \fIswitch"
-Prints to the console the group features of the \fIswitch\fR.
-.
-.IP "\fBdump\-group-stats \fIswitch \fR[\fIgroups\fR]"
-Prints to the console statistics for the specified \fIgroups in the
-\fIswitch\fR's tables. If \fIgroups\fR is omitted then statistics for all
-groups are printed. See \fBGroup Syntax\fR, below, for the syntax of
-\fIgroups\fR.
-.
-.SS "OpenFlow 1.3+ Switch Meter Table Commands"
-.
-These commands manage the meter table in an OpenFlow switch. In each
-case, \fImeter\fR specifies a meter entry in the format described in
-\fBMeter Syntax\fR, below.
-.
-.PP
-OpenFlow 1.3 introduced support for meters, so these commands only
-work with switches that support OpenFlow 1.3 or later. The caveats
-described for groups in the previous section also apply to meters.
+This command has limited usefulness, because ports often have no
+configured queues and because the OpenFlow protocol provides only very
+limited information about the configuration of a queue.
.
-.IP "\fBadd\-meter \fIswitch meter\fR"
-Add a meter entry to \fIswitch\fR's tables. The \fImeter\fR syntax is
-described in section \fBMeter Syntax\fR, below.
-.
-.IP "\fBmod\-meter \fIswitch meter\fR"
-Modify an existing meter.
-.
-.IP "\fBdel\-meters \fIswitch\fR"
-.IQ "\fBdel\-meter \fIswitch\fR [\fImeter\fR]"
-Delete entries from \fIswitch\fR's meter table. \fImeter\fR can specify
-a single meter with syntax \fBmeter=\fIid\fR, or all meters with syntax
-\fBmeter=all\fR.
-.
-.IP "\fBdump\-meters \fIswitch\fR"
-.IQ "\fBdump\-meter \fIswitch\fR [\fImeter\fR]"
-Print meter configuration. \fImeter\fR can specify a single meter with
-syntax \fBmeter=\fIid\fR, or all meters with syntax \fBmeter=all\fR.
+.IP "\fBdump\-ipfix\-bridge \fIswitch\fR"
+Prints to the console the statistics of bridge IPFIX for \fIswitch\fR.
+If bridge IPFIX is configured on the \fIswitch\fR, IPFIX statistics
+can be retrieved. Otherwise, error message will be printed.
+.IP
+This command uses an Open vSwitch extension that is only in Open
+vSwitch 2.6 and later.
.
-.IP "\fBmeter\-stats \fIswitch\fR [\fImeter\fR]"
-Print meter statistics. \fImeter\fR can specify a single meter with
-syntax \fBmeter=\fIid\fR, or all meters with syntax \fBmeter=all\fR.
+.IP "\fBdump\-ipfix\-flow \fIswitch\fR"
+Prints to the console the statistics of flow-based IPFIX for
+\fIswitch\fR. If flow-based IPFIX is configured on the \fIswitch\fR,
+statistics of all the collector set ids on the \fIswitch\fR will be
+printed. Otherwise, print error message.
+.IP
+Refer to \fBovs\-vswitchd.conf.db\fR(5) for more details on configuring
+flow based IPFIX and collector set ids.
+.IP
+This command uses an Open vSwitch extension that is only in Open
+vSwitch 2.6 and later.
.
-.IP "\fBmeter\-features \fIswitch\fR"
-Print meter features.
+.IP "\fBct\-flush\-zone \fIswitch zone\fR
+Flushes the connection tracking entries in \fIzone\fR on \fIswitch\fR.
+.IP
+This command uses an Open vSwitch extension that is only in Open
+vSwitch 2.6 and later.
.
.SS "OpenFlow Switch Flow Table Commands"
.
.IP
With \fB\-\-readd\fR, \fBovs\-ofctl\fR adds all the flows from
\fIfile\fR, even those that exist with the same actions, cookie, and
-timeout in \fIswitch\fR. This resets all the flow packet and byte
-counters to 0, which can be useful for debugging.
+timeout in \fIswitch\fR. In OpenFlow 1.0 and 1.1, re-adding a flow
+always resets the flow's packet and byte counters to 0, and in
+OpenFlow 1.2 and later, it does so only if the \fBreset_counts\fR flag
+is set.
.
.IP "\fBdiff\-flows \fIsource1 source2\fR"
Reads flow entries from \fIsource1\fR and \fIsource2\fR and prints the
found, 1 means that an error occurred, and 2 means that some
differences were found.
.
-.IP "\fBpacket\-out \fIswitch in_port actions packet\fR..."
-Connects to \fIswitch\fR and instructs it to execute the OpenFlow
-\fIactions\fR on each \fIpacket\fR. Each \fBpacket\fR is specified as a
-series of hex digits. For the purpose of executing the
-actions, the packets are considered to have arrived on \fIin_port\fR,
-which may be an OpenFlow port number or name (e.g. \fBeth0\fR), the
-keyword \fBLOCAL\fR (the preferred way to refer to the OpenFlow
-``local'' port), or the keyword \fBNONE\fR to indicate that the packet
-was generated by the switch itself.
+.IP "\fBpacket\-out \fIswitch\fR \fIpacket-out\fR"
+Connects to \fIswitch\fR and instructs it to execute the
+\fIpacket-out\fR OpenFlow message, specified as defined in
+\fBPacket\-Out Syntax\fR section.
.
-.SS "OpenFlow Switch Group Table Commands"
+.SS "Group Table Commands"
.
These commands manage the group table in an OpenFlow switch. In each
case, \fIgroup\fR specifies a group entry in the format described in
\fBGroup Syntax\fR, below, and \fIfile\fR is a text file that contains
-zero or more groups in the same syntax, one per line.
-
-.IP "\fBadd\-group \fIswitch group\fR"
-.IQ "\fBadd\-group \fIswitch \fB\- < \fIfile\fR"
-.IQ "\fBadd\-groups \fIswitch file\fR"
+zero or more groups in the same syntax, one per line, and the optional
+\fB\-\-bundle\fR option operates the command as a single atomic
+transation, see option \fB\-\-bundle\fR, below.
+.PP
+The group commands work only with switches that support OpenFlow 1.1
+or later or the Open vSwitch group extensions to OpenFlow 1.0 (added
+in Open vSwitch 2.9.90). For OpenFlow 1.1 or later, it is necessary
+to explicitly enable these protocol versions in \fBovs\-ofctl\fR
+(using \fB\-O\fR). For more information, see ``Q: What versions of
+OpenFlow does Open vSwitch support?'' in the Open vSwitch FAQ.
+.
+.IP "[\fB\-\-bundle\fR] \fBadd\-group \fIswitch group\fR"
+.IQ "[\fB\-\-bundle\fR] \fBadd\-group \fIswitch \fB\- < \fIfile\fR"
+.IQ "[\fB\-\-bundle\fR] \fBadd\-groups \fIswitch file\fR"
Add each group entry to \fIswitch\fR's tables.
.
-.IP "\fBmod\-group \fIswitch group\fR"
-.IQ "\fBmod\-group \fIswitch \fB\- < \fIfile\fR"
-Modify the action buckets in entries from \fIswitch\fR's tables for
-each group entry.
+Each group specification (e.g., each line in \fIfile\fR) may start
+with \fBadd\fR, \fBmodify\fR, \fBadd_or_mod\fR, \fBdelete\fR,
+\fBinsert_bucket\fR, or \fBremove_bucket\fR keyword to specify whether
+a flow is to be added, modified, or deleted, or whether a group bucket
+is to be added or removed. For backwards compatibility a group
+specification without one of these keywords is treated as a group add.
+All group mods are executed in the order specified.
.
-.IP "\fBdel\-groups \fIswitch\fR"
-.IQ "\fBdel\-groups \fIswitch \fR[\fIgroup\fR]"
-.IQ "\fBdel\-groups \fIswitch \fB\- < \fIfile\fR"
+.IP "[\fB\-\-bundle\fR] [\fB\-\-may\-create\fR] \fBmod\-group \fIswitch group\fR"
+.IQ "[\fB\-\-bundle\fR] [\fB\-\-may\-create\fR] \fBmod\-group \fIswitch \fB\- < \fIfile\fR"
+Modify the action buckets in entries from \fIswitch\fR's tables for
+each group entry. If a specified group does not already exist, then
+without \fB\-\-may\-create\fR, this command has no effect; with
+\fB\-\-may\-create\fR, it creates a new group. The
+\fB\-\-may\-create\fR option uses an Open vSwitch extension to
+OpenFlow only implemented in Open vSwitch 2.6 and later.
+.
+.IP "[\fB\-\-bundle\fR] \fBdel\-groups \fIswitch\fR"
+.IQ "[\fB\-\-bundle\fR] \fBdel\-groups \fIswitch \fR[\fIgroup\fR]"
+.IQ "[\fB\-\-bundle\fR] \fBdel\-groups \fIswitch \fB\- < \fIfile\fR"
Deletes entries from \fIswitch\fR's group table. With only a
\fIswitch\fR argument, deletes all groups. Otherwise, deletes the group
for each group entry.
.
-.IP "\fBinsert\-buckets \fIswitch group\fR"
-.IQ "\fBinsert\-buckets \fIswitch \fB\- < \fIfile\fR"
+.IP "[\fB\-\-bundle\fR] \fBinsert\-buckets \fIswitch group\fR"
+.IQ "[\fB\-\-bundle\fR] \fBinsert\-buckets \fIswitch \fB\- < \fIfile\fR"
Add buckets to an existing group present in the \fIswitch\fR's group table.
If no \fIcommand_bucket_id\fR is present in the group specification then all
buckets of the group are removed.
.
-.IP "\fBremove\-buckets \fIswitch group\fR"
-.IQ "\fBremove\-buckets \fIswitch \fB\- < \fIfile\fR"
+.IP "[\fB\-\-bundle\fR] \fBremove\-buckets \fIswitch group\fR"
+.IQ "[\fB\-\-bundle\fR] \fBremove\-buckets \fIswitch \fB\- < \fIfile\fR"
Remove buckets to an existing group present in the \fIswitch\fR's group table.
If no \fIcommand_bucket_id\fR is present in the group specification then all
buckets of the group are removed.
.
-.SS "OpenFlow Switch Geneve Option Table Commands"
+.IP "\fBdump\-groups \fIswitch\fR [\fIgroup\fR]"
+Prints group entries in \fIswitch\fR's tables to console. To dump
+only a specific group, specify its number as \fIgroup\fR. Otherwise,
+if \fIgroup\fR is omitted, or if it is specified as \fBALL\fR, then
+all groups are printed.
+.IP
+Only OpenFlow 1.5 and later support dumping a specific group. Earlier
+versions of OpenFlow always dump all groups.
+.
+.IP "\fBdump\-group\-features \fIswitch"
+Prints to the console the group features of the \fIswitch\fR.
+.
+.IP "\fBdump\-group\-stats \fIswitch \fR[\fIgroup\fR]"
+Prints to the console statistics for the specified \fIgroup\fR in
+\fIswitch\fR's tables. If \fIgroup\fR is omitted then statistics for all
+groups are printed.
+.
+.SS "OpenFlow 1.3+ Switch Meter Table Commands"
+.
+These commands manage the meter table in an OpenFlow switch. In each
+case, \fImeter\fR specifies a meter entry in the format described in
+\fBMeter Syntax\fR, below.
+.
+.PP
+OpenFlow 1.3 introduced support for meters, so these commands only work
+with switches that support OpenFlow 1.3 or later. It is necessary to
+explicitly enable these protocol versions in \fBovs\-ofctl\fR (using
+\fB\-O\fR) and in the switch itself (with the \fBprotocols\fR column in
+the \fBBridge\fR table). For more information, see ``Q: What versions
+of OpenFlow does Open vSwitch support?'' in the Open vSwitch FAQ.
+.
+.IP "\fBadd\-meter \fIswitch meter\fR"
+Add a meter entry to \fIswitch\fR's tables. The \fImeter\fR syntax is
+described in section \fBMeter Syntax\fR, below.
+.
+.IP "\fBmod\-meter \fIswitch meter\fR"
+Modify an existing meter.
+.
+.IP "\fBdel\-meters \fIswitch\fR [\fImeter\fR]"
+Delete entries from \fIswitch\fR's meter table. To delete only a
+specific meter, specify its number as \fImeter\fR. Otherwise, if
+\fImeter\fR is omitted, or if it is specified as \fBall\fR, then all
+meters are deleted.
+.
+.IP "\fBdump\-meters \fIswitch\fR [\fImeter\fR]"
+Print entries from \fIswitch\fR's meter table. To print only a
+specific meter, specify its number as \fImeter\fR. Otherwise, if
+\fImeter\fR is omitted, or if it is specified as \fBall\fR, then all
+meters are printed.
+.
+.IP "\fBmeter\-stats \fIswitch\fR [\fImeter\fR]"
+Print meter statistics. \fImeter\fR can specify a single meter with
+syntax \fBmeter=\fIid\fR, or all meters with syntax \fBmeter=all\fR.
+.
+.IP "\fBmeter\-features \fIswitch\fR"
+Print meter features.
.
-Open vSwitch maintains a mapping table between Geneve options (defined
-by <class, type, length>) and an NXM field \fBtun_metadata\fIn\fR,
+.SS OpenFlow Switch Bundle Command
+.
+Transactional updates to both flow and group tables can be made with
+the \fBbundle\fR command. \fIfile\fR is a text file that contains
+zero or more flow mods, group mods, or packet-outs in \fBFlow
+Syntax\fR, \fBGroup Syntax\fR, or \fBPacket\-Out Syntax\fR, each line
+preceded by \fBflow\fR, \fBgroup\fR, or \fBpacket\-out\fR keyword,
+correspondingly. The \fBflow\fR keyword may be optionally followed by
+one of the keywords \fBadd\fR, \fBmodify\fR, \fBmodify_strict\fR,
+\fBdelete\fR, or \fBdelete_strict\fR, of which the \fBadd\fR is
+assumed if a bare \fBflow\fR is given. Similarly, the \fBgroup\fR
+keyword may be optionally followed by one of the keywords \fBadd\fR,
+\fBmodify\fR, \fBadd_or_mod\fR, \fBdelete\fR, \fBinsert_bucket\fR, or
+\fBremove_bucket\fR, of which the \fBadd\fR is assumed if a bare
+\fBgroup\fR is given.
+.
+.IP "\fBbundle \fIswitch file\fR"
+Execute all flow and group mods in \fIfile\fR as a single atomic
+transaction against \fIswitch\fR's tables. All bundled mods are
+executed in the order specified.
+.
+.SS "OpenFlow Switch Tunnel TLV Table Commands"
+.
+Open vSwitch maintains a mapping table between tunnel option TLVs (defined
+by <class, type, length>) and NXM fields \fBtun_metadata\fIn\fR,
where \fIn\fR ranges from 0 to 63, that can be operated on for the
-purposes of matches, actions, etc. This mapping must be explicitly
-specified by the user through the following commands.
+purposes of matches, actions, etc. This TLV table can be used for
+Geneve option TLVs or other protocols with options in same TLV format
+as Geneve options. This mapping must be explicitly specified by the user
+through the following commands.
-A Geneve option mapping is specified with the syntax
+A TLV mapping is specified with the syntax
\fB{class=\fIclass\fB,type=\fItype\fB,len=\fIlength\fB}->tun_metadata\fIn\fR.
When an option mapping exists for a given \fBtun_metadata\fIn\fR,
matching on the defined field becomes possible, e.g.:
.RS
-ovs-ofctl add-geneve-map br0 "{class=0xffff,type=0,len=4}->tun_metadata0"
+ovs-ofctl add-tlv-map br0 "{class=0xffff,type=0,len=4}->tun_metadata0"
.PP
ovs-ofctl add-flow br0 tun_metadata0=1234,actions=controller
.RE
A mapping should not be changed while it is in active
use by a flow. The result of doing so is undefined.
-Currently, the Geneve mapping table is shared between all OpenFlow
-switches in a given instance of Open vSwitch. This restriction will
-be lifted in the future to allow for easier management.
-
These commands are Nicira extensions to OpenFlow and require Open vSwitch
2.5 or later.
-.IP "\fBadd\-geneve\-map \fIswitch option\fR[\fB,\fIoption\fR]..."
+.IP "\fBadd\-tlv\-map \fIswitch option\fR[\fB,\fIoption\fR]..."
Add each \fIoption\fR to \fIswitch\fR's tables. Duplicate fields are
rejected.
.
-.IP "\fBdel\-geneve\-map \fIswitch \fR[\fIoption\fR[\fB,\fIoption\fR]]..."
-Delete each \fIoption\fR from \fIswitch\fR's table, or all Geneve option
+.IP "\fBdel\-tlv\-map \fIswitch \fR[\fIoption\fR[\fB,\fIoption\fR]]..."
+Delete each \fIoption\fR from \fIswitch\fR's table, or all option TLV
mapping if no \fIoption\fR is specified.
Fields that aren't mapped are ignored.
.
-.IP "\fBdump\-geneve\-map \fIswitch\fR"
+.IP "\fBdump\-tlv\-map \fIswitch\fR"
Show the currently mapped fields in the switch's option table as well
as switch capabilities.
.
configuration'' message at connection setup time that requests
\fBINVALID_TTL_TO_CONTROLLER\fR, so that \fBovs\-ofctl monitor\fR can
receive ``packet-in'' messages when TTL reaches zero on \fBdec_ttl\fR action.
+Only OpenFlow 1.1 and 1.2 support \fBinvalid_ttl\fR; Open vSwitch also
+implements it for OpenFlow 1.0 as an extension.
.IP
\fBwatch:\fR[\fB\fIspec\fR...] causes \fBovs\-ofctl\fR to send a
``monitor request'' Nicira extension message to the switch at
COMMANDS\fR.)
.IP "\fB!actions\fR"
Do not report actions as part of flow updates.
-.IP "\fBtable=\fInumber\fR"
-Limits the monitoring to the table with the given \fInumber\fR between
-0 and 254. By default, all tables are monitored.
+.IP "\fBtable=\fItable\fR"
+Limits the monitoring to the table with the given \fItable\fR, which
+may be expressed as a number between 0 and 254 or (unless
+\fB\-\-no\-names\fR is specified) a name. By default, all tables are
+monitored.
.IP "\fBout_port=\fIport\fR"
If set, only flows that output to \fIport\fR are monitored. The
\fIport\fR may be an OpenFlow port number or keyword
.SS "Flow Syntax"
.PP
Some \fBovs\-ofctl\fR commands accept an argument that describes a flow or
-flows. Such flow descriptions comprise a series
+flows. Such flow descriptions comprise a series of
\fIfield\fB=\fIvalue\fR assignments, separated by commas or white
space. (Embedding spaces into a flow description normally requires
quoting to prevent the shell from breaking the description into
\fBtcp_src\fR. \fBovs\-ofctl\fR will warn about
flows not in normal form.
.PP
-The following field assignments describe how a flow matches a packet.
-If any of these assignments is omitted from the flow syntax, the field
-is treated as a wildcard; thus, if all of them are omitted, the
-resulting flow matches all packets. The string \fB*\fR may be specified
-to explicitly mark any of these fields as a wildcard.
-(\fB*\fR should be quoted to protect it from shell expansion.)
-.
-.IP \fBin_port=\fIport\fR
-Matches OpenFlow port \fIport\fR, which may be an OpenFlow port number
-or keyword (e.g. \fBLOCAL\fR).
-\fBovs\-ofctl show\fR.
-.IP
-(The \fBresubmit\fR action can search OpenFlow flow tables with
-arbitrary \fBin_port\fR values, so flows that match port numbers that
-do not exist from an OpenFlow perspective can still potentially be
-matched.)
-.
-.IP \fBdl_vlan=\fIvlan\fR
-Matches IEEE 802.1q Virtual LAN tag \fIvlan\fR. Specify \fB0xffff\fR
-as \fIvlan\fR to match packets that are not tagged with a Virtual LAN;
-otherwise, specify a number between 0 and 4095, inclusive, as the
-12-bit VLAN ID to match.
-.
-.IP \fBdl_vlan_pcp=\fIpriority\fR
-Matches IEEE 802.1q Priority Code Point (PCP) \fIpriority\fR, which is
-specified as a value between 0 and 7, inclusive. A higher value
-indicates a higher frame priority level.
-.
-.IP \fBdl_src=\fIxx\fB:\fIxx\fB:\fIxx\fB:\fIxx\fB:\fIxx\fB:\fIxx\fR
-.IQ \fBdl_dst=\fIxx\fB:\fIxx\fB:\fIxx\fB:\fIxx\fB:\fIxx\fB:\fIxx\fR
-Matches an Ethernet source (or destination) address specified as 6
-pairs of hexadecimal digits delimited by colons
-(e.g. \fB00:0A:E4:25:6B:B0\fR).
-.
-.IP \fBdl_src=\fIxx\fB:\fIxx\fB:\fIxx\fB:\fIxx\fB:\fIxx\fB:\fIxx\fB/\fIxx\fB:\fIxx\fB:\fIxx\fB:\fIxx\fB:\fIxx\fB:\fIxx\fR
-.IQ \fBdl_dst=\fIxx\fB:\fIxx\fB:\fIxx\fB:\fIxx\fB:\fIxx\fB:\fIxx\fB/\fIxx\fB:\fIxx\fB:\fIxx\fB:\fIxx\fB:\fIxx\fB:\fIxx\fR
-Matches an Ethernet destination address specified as 6 pairs of
-hexadecimal digits delimited by colons (e.g. \fB00:0A:E4:25:6B:B0\fR),
-with a wildcard mask following the slash. Open vSwitch 1.8 and later
-support arbitrary masks for source and/or destination. Earlier
-versions only support masking the destination with the following masks:
-.RS
-.IP \fB01:00:00:00:00:00\fR
-Match only the multicast bit. Thus,
-\fBdl_dst=01:00:00:00:00:00/01:00:00:00:00:00\fR matches all multicast
-(including broadcast) Ethernet packets, and
-\fBdl_dst=00:00:00:00:00:00/01:00:00:00:00:00\fR matches all unicast
-Ethernet packets.
-.IP \fBfe:ff:ff:ff:ff:ff\fR
-Match all bits except the multicast bit. This is probably not useful.
-.IP \fBff:ff:ff:ff:ff:ff\fR
-Exact match (equivalent to omitting the mask).
-.IP \fB00:00:00:00:00:00\fR
-Wildcard all bits (equivalent to \fBdl_dst=*\fR.)
-.RE
-.
-.IP \fBdl_type=\fIethertype\fR
-Matches Ethernet protocol type \fIethertype\fR, which is specified as an
-integer between 0 and 65535, inclusive, either in decimal or as a
-hexadecimal number prefixed by \fB0x\fR (e.g. \fB0x0806\fR to match ARP
-packets).
-.
-.IP \fBnw_src=\fIip\fR[\fB/\fInetmask\fR]
-.IQ \fBnw_dst=\fIip\fR[\fB/\fInetmask\fR]
-When \fBdl_type\fR is 0x0800 (possibly via shorthand, e.g. \fBip\fR
-or \fBtcp\fR), matches IPv4 source (or destination) address \fIip\fR,
-which may be specified as an IP address or host name
-(e.g. \fB192.168.1.1\fR or \fBwww.example.com\fR). The optional
-\fInetmask\fR allows restricting a match to an IPv4 address prefix.
-The netmask may be specified as a dotted quad
-(e.g. \fB192.168.1.0/255.255.255.0\fR) or as a CIDR block
-(e.g. \fB192.168.1.0/24\fR). Open vSwitch 1.8 and later support
-arbitrary dotted quad masks; earlier versions support only CIDR masks,
-that is, the dotted quads that are equivalent to some CIDR block.
-.IP
-When \fBdl_type=0x0806\fR or \fBarp\fR is specified, matches the
-\fBar_spa\fR or \fBar_tpa\fR field, respectively, in ARP packets for
-IPv4 and Ethernet.
-.IP
-When \fBdl_type=0x8035\fR or \fBrarp\fR is specified, matches the
-\fBar_spa\fR or \fBar_tpa\fR field, respectively, in RARP packets for
-IPv4 and Ethernet.
-.IP
-When \fBdl_type\fR is wildcarded or set to a value other than 0x0800,
-0x0806, or 0x8035, the values of \fBnw_src\fR and \fBnw_dst\fR are ignored
-(see \fBFlow Syntax\fR above).
-.
-.IP \fBnw_proto=\fIproto\fR
-.IQ \fBip_proto=\fIproto\fR
-When \fBip\fR or \fBdl_type=0x0800\fR is specified, matches IP
-protocol type \fIproto\fR, which is specified as a decimal number
-between 0 and 255, inclusive (e.g. 1 to match ICMP packets or 6 to match
-TCP packets).
-.IP
-When \fBipv6\fR or \fBdl_type=0x86dd\fR is specified, matches IPv6
-header type \fIproto\fR, which is specified as a decimal number between
-0 and 255, inclusive (e.g. 58 to match ICMPv6 packets or 6 to match
-TCP). The header type is the terminal header as described in the
-\fBDESIGN\fR document.
-.IP
-When \fBarp\fR or \fBdl_type=0x0806\fR is specified, matches the lower
-8 bits of the ARP opcode. ARP opcodes greater than 255 are treated as
-0.
-.IP
-When \fBrarp\fR or \fBdl_type=0x8035\fR is specified, matches the lower
-8 bits of the ARP opcode. ARP opcodes greater than 255 are treated as
-0.
-.IP
-When \fBdl_type\fR is wildcarded or set to a value other than 0x0800,
-0x0806, 0x8035 or 0x86dd, the value of \fBnw_proto\fR is ignored (see
-\fBFlow Syntax\fR above).
-.
-.IP \fBnw_tos=\fItos\fR
-Matches IP ToS/DSCP or IPv6 traffic class field \fItos\fR, which is
-specified as a decimal number between 0 and 255, inclusive. Note that
-the two lower reserved bits are ignored for matching purposes.
-.IP
-When \fBdl_type\fR is wildcarded or set to a value other than 0x0800 or
-0x86dd, the value of \fBnw_tos\fR is ignored (see \fBFlow Syntax\fR
-above).
-.
-.IP \fBip_dscp=\fIdscp\fR
-Matches IP ToS/DSCP or IPv6 traffic class field \fIdscp\fR, which is
-specified as a decimal number between 0 and 63, inclusive.
-.IP
-When \fBdl_type\fR is wildcarded or set to a value other than 0x0800 or
-0x86dd, the value of \fBip_dscp\fR is ignored (see \fBFlow Syntax\fR
-above).
-.
-.IP \fBnw_ecn=\fIecn\fR
-.IQ \fBip_ecn=\fIecn\fR
-Matches \fIecn\fR bits in IP ToS or IPv6 traffic class fields, which is
-specified as a decimal number between 0 and 3, inclusive.
-.IP
-When \fBdl_type\fR is wildcarded or set to a value other than 0x0800 or
-0x86dd, the value of \fBnw_ecn\fR is ignored (see \fBFlow Syntax\fR
-above).
-.
-.IP \fBnw_ttl=\fIttl\fR
-Matches IP TTL or IPv6 hop limit value \fIttl\fR, which is
-specified as a decimal number between 0 and 255, inclusive.
-.IP
-When \fBdl_type\fR is wildcarded or set to a value other than 0x0800 or
-0x86dd, the value of \fBnw_ttl\fR is ignored (see \fBFlow Syntax\fR
-above).
-.IP
-.
-.IP \fBtcp_src=\fIport\fR
-.IQ \fBtcp_dst=\fIport\fR
-.IQ \fBudp_src=\fIport\fR
-.IQ \fBudp_dst=\fIport\fR
-.IQ \fBsctp_src=\fIport\fR
-.IQ \fBsctp_dst=\fIport\fR
-Matches a TCP, UDP, or SCTP source or destination port \fIport\fR,
-which is specified as a decimal number between 0 and 65535, inclusive.
-.IP
-When \fBdl_type\fR and \fBnw_proto\fR are wildcarded or set to values
-that do not indicate an appropriate protocol, the values of these
-settings are ignored (see \fBFlow Syntax\fR above).
-.
-.IP \fBtcp_src=\fIport\fB/\fImask\fR
-.IQ \fBtcp_dst=\fIport\fB/\fImask\fR
-.IQ \fBudp_src=\fIport\fB/\fImask\fR
-.IQ \fBudp_dst=\fIport\fB/\fImask\fR
-.IQ \fBsctp_src=\fIport\fB/\fImask\fR
-.IQ \fBsctp_dst=\fIport\fB/\fImask\fR
-Bitwise match on TCP (or UDP or SCTP) source or destination port.
-The \fIport\fR and \fImask\fR are 16-bit numbers
-written in decimal or in hexadecimal prefixed by \fB0x\fR. Each 1-bit
-in \fImask\fR requires that the corresponding bit in \fIport\fR must
-match. Each 0-bit in \fImask\fR causes the corresponding bit to be
-ignored.
-.IP
-Bitwise matches on transport ports are rarely useful in isolation, but
-a group of them can be used to reduce the number of flows required to
-match on a range of transport ports. For example, suppose that the
-goal is to match TCP source ports 1000 to 1999, inclusive. One way is
-to insert 1000 flows, each of which matches on a single source port.
-Another way is to look at the binary representations of 1000 and 1999,
-as follows:
-.br
-.B "01111101000"
-.br
-.B "11111001111"
-.br
-and then to transform those into a series of bitwise matches that
-accomplish the same results:
-.br
-.B "01111101xxx"
-.br
-.B "0111111xxxx"
-.br
-.B "10xxxxxxxxx"
-.br
-.B "110xxxxxxxx"
-.br
-.B "1110xxxxxxx"
-.br
-.B "11110xxxxxx"
-.br
-.B "1111100xxxx"
-.br
-which become the following when written in the syntax required by
-\fBovs\-ofctl\fR:
-.br
-.B "tcp,tcp_src=0x03e8/0xfff8"
-.br
-.B "tcp,tcp_src=0x03f0/0xfff0"
-.br
-.B "tcp,tcp_src=0x0400/0xfe00"
-.br
-.B "tcp,tcp_src=0x0600/0xff00"
-.br
-.B "tcp,tcp_src=0x0700/0xff80"
-.br
-.B "tcp,tcp_src=0x0780/0xffc0"
-.br
-.B "tcp,tcp_src=0x07c0/0xfff0"
-.IP
-Only Open vSwitch 1.6 and later supports bitwise matching on transport
-ports.
-.IP
-Like the exact-match forms described
-above, the bitwise match forms apply only when \fBdl_type\fR and
-\fBnw_proto\fR specify TCP or UDP or SCTP.
-.
-.IP \fBtp_src=\fIport\fR
-.IQ \fBtp_dst=\fIport\fR
-These are deprecated generic forms of L4 port matches. In new code,
-please use the TCP-, UDP-, or SCTP-specific forms described above.
-.
-.IP \fBtcp_flags=\fIflags\fB/\fImask\fR
-.IQ \fBtcp_flags=\fR[\fB+\fIflag\fR...][\fB-\fIflag\fR...]
-Bitwise match on TCP flags. The \fIflags\fR and \fImask\fR are 16-bit
-numbers written in decimal or in hexadecimal prefixed by \fB0x\fR.
-Each 1-bit in \fImask\fR requires that the corresponding bit in
-\fIflags\fR must match. Each 0-bit in \fImask\fR causes the corresponding
-bit to be ignored.
-.IP
-Alternatively, the flags can be specified by their symbolic names
-(listed below), each preceded by either \fB+\fR for a flag that must
-be set, or \fB\-\fR for a flag that must be unset, without any other
-delimiters between the flags. Flags not mentioned are wildcarded.
-For example, \fBtcp,tcp_flags=+syn\-ack\fR matches TCP SYNs that are
-not ACKs.
-.IP
-TCP protocol currently defines 9 flag bits, and additional 3 bits are
-reserved (must be transmitted as zero), see RFCs 793, 3168, and 3540.
-The flag bits are, numbering from the least significant bit:
-.RS
-.IP "\fB0: fin\fR"
-No more data from sender.
-.IP "\fB1: syn\fR"
-Synchronize sequence numbers.
-.IP "\fB2: rst\fR"
-Reset the connection.
-.IP "\fB3: psh\fR"
-Push function.
-.IP "\fB4: ack\fR"
-Acknowledgement field significant.
-.IP "\fB5: urg\fR"
-Urgent pointer field significant.
-.IP "\fB6: ece\fR"
-ECN Echo.
-.IP "\fB7: cwr\fR"
-Congestion Windows Reduced.
-.IP "\fB8: ns\fR"
-Nonce Sum.
-.IP "\fB9-11:\fR"
-Reserved.
-.IP "\fB12-15:\fR"
-Not matchable, must be zero.
-.RE
-.IP \fBicmp_type=\fItype\fR
-.IQ \fBicmp_code=\fIcode\fR
-When \fBdl_type\fR and \fBnw_proto\fR specify ICMP or ICMPv6, \fItype\fR
-matches the ICMP type and \fIcode\fR matches the ICMP code. Each is
-specified as a decimal number between 0 and 255, inclusive.
-.IP
-When \fBdl_type\fR and \fBnw_proto\fR take other values, the values of
-these settings are ignored (see \fBFlow Syntax\fR above).
-.
-.IP \fBtable=\fInumber\fR
-For flow dump commands, limits the flows dumped to those in the table
-with the given \fInumber\fR between 0 and 254. If not specified (or if
-255 is specified as \fInumber\fR), then flows in all tables are
+\fBovs\-fields\fR(7) describes the supported fields and how to match
+them. In addition to match fields, commands that operate on flows
+accept a few additional key-value pairs:
+.
+.IP \fBtable=\fItable\fR
+For flow dump commands, limits the flows dumped to those in
+\fItable\fR, which may be expressed as a number between 0 and 255 or
+(unless \fB\-\-no\-names\fR is specified) a name. If not specified
+(or if 255 is specified as \fItable\fR), then flows in all tables are
dumped.
.
.IP
flow table modification commands, to operate on all flow tables, with
the behavior described above for OpenFlow 1.0.
.RE
-.
-.IP \fBmetadata=\fIvalue\fR[\fB/\fImask\fR]
-Matches \fIvalue\fR either exactly or with optional \fImask\fR in the metadata
-field. \fIvalue\fR and \fImask\fR are 64-bit integers, by default in decimal
-(use a \fB0x\fR prefix to specify hexadecimal). Arbitrary \fImask\fR values
-are allowed: a 1-bit in \fImask\fR indicates that the corresponding bit in
-\fIvalue\fR must match exactly, and a 0-bit wildcards that bit. Matching on
-metadata was added in Open vSwitch 1.8.
-.
-.PP
-The following shorthand notations are also available:
-.
-.IP \fBip\fR
-Same as \fBdl_type=0x0800\fR.
-.
-.IP \fBipv6\fR
-Same as \fBdl_type=0x86dd\fR.
-.
-.IP \fBicmp\fR
-Same as \fBdl_type=0x0800,nw_proto=1\fR.
-.
-.IP \fBicmp6\fR
-Same as \fBdl_type=0x86dd,nw_proto=58\fR.
-.
-.IP \fBtcp\fR
-Same as \fBdl_type=0x0800,nw_proto=6\fR.
-.
-.IP \fBtcp6\fR
-Same as \fBdl_type=0x86dd,nw_proto=6\fR.
-.
-.IP \fBudp\fR
-Same as \fBdl_type=0x0800,nw_proto=17\fR.
-.
-.IP \fBudp6\fR
-Same as \fBdl_type=0x86dd,nw_proto=17\fR.
-.
-.IP \fBsctp\fR
-Same as \fBdl_type=0x0800,nw_proto=132\fR.
-.
-.IP \fBsctp6\fR
-Same as \fBdl_type=0x86dd,nw_proto=132\fR.
-.
-.IP \fBarp\fR
-Same as \fBdl_type=0x0806\fR.
-.
-.IP \fBrarp\fR
-Same as \fBdl_type=0x8035\fR.
-.
-.IP \fBmpls\fR
-Same as \fBdl_type=0x8847\fR.
-.
-.IP \fBmplsm\fR
-Same as \fBdl_type=0x8848\fR.
-.
-.PP
-The following field assignments require support for the NXM (Nicira
-Extended Match) extension to OpenFlow. When one of these is specified,
-\fBovs\-ofctl\fR will automatically attempt to negotiate use of this
-extension. If the switch does not support NXM, then \fBovs\-ofctl\fR
-will report a fatal error.
-.
-.IP \fBvlan_tci=\fItci\fR[\fB/\fImask\fR]
-Matches modified VLAN TCI \fItci\fR. If \fImask\fR is omitted,
-\fItci\fR is the exact VLAN TCI to match; if \fImask\fR is specified,
-then a 1-bit in \fImask\fR indicates that the corresponding bit in
-\fItci\fR must match exactly, and a 0-bit wildcards that bit. Both
-\fItci\fR and \fImask\fR are 16-bit values that are decimal by
-default; use a \fB0x\fR prefix to specify them in hexadecimal.
-.
-.IP
-The value that \fBvlan_tci\fR matches against is 0 for a packet that
-has no 802.1Q header. Otherwise, it is the TCI value from the 802.1Q
-header with the CFI bit (with value \fB0x1000\fR) forced to 1.
-.IP
-Examples:
-.RS
-.IP \fBvlan_tci=0\fR
-Match only packets without an 802.1Q header.
-.IP \fBvlan_tci=0xf123\fR
-Match packets tagged with priority 7 in VLAN 0x123.
-.IP \fBvlan_tci=0x1123/0x1fff\fR
-Match packets tagged with VLAN 0x123 (and any priority).
-.IP \fBvlan_tci=0x5000/0xf000\fR
-Match packets tagged with priority 2 (in any VLAN).
-.IP \fBvlan_tci=0/0xfff\fR
-Match packets with no 802.1Q header or tagged with VLAN 0 (and any
-priority).
-.IP \fBvlan_tci=0x5000/0xe000\fR
-Match packets with no 802.1Q header or tagged with priority 2 (in any
-VLAN).
-.IP \fBvlan_tci=0/0xefff\fR
-Match packets with no 802.1Q header or tagged with VLAN 0 and priority
-0.
-.RE
-.IP
-Some of these matching possibilities can also be achieved with
-\fBdl_vlan\fR and \fBdl_vlan_pcp\fR.
-.
-.IP \fBip_frag=\fIfrag_type\fR
-When \fBdl_type\fR specifies IP or IPv6, \fIfrag_type\fR
-specifies what kind of IP fragments or non-fragments to match. The
-following values of \fIfrag_type\fR are supported:
-.RS
-.IP "\fBno\fR"
-Matches only non-fragmented packets.
-.IP "\fByes\fR"
-Matches all fragments.
-.IP "\fBfirst\fR"
-Matches only fragments with offset 0.
-.IP "\fBlater\fR"
-Matches only fragments with nonzero offset.
-.IP "\fBnot_later\fR"
-Matches non-fragmented packets and fragments with zero offset.
-.RE
-.IP
-The \fBip_frag\fR match type is likely to be most useful in
-\fBnx\-match\fR mode. See the description of the \fBset\-frags\fR
-command, above, for more details.
-.
-.IP \fBarp_spa=\fIip\fR[\fB/\fInetmask\fR]
-.IQ \fBarp_tpa=\fIip\fR[\fB/\fInetmask\fR]
-When \fBdl_type\fR specifies either ARP or RARP, \fBarp_spa\fR and
-\fBarp_tpa\fR match the source and target IPv4 address, respectively.
-An address may be specified as an IP address or host name
-(e.g. \fB192.168.1.1\fR or \fBwww.example.com\fR). The optional
-\fInetmask\fR allows restricting a match to an IPv4 address prefix.
-The netmask may be specified as a dotted quad
-(e.g. \fB192.168.1.0/255.255.255.0\fR) or as a CIDR block
-(e.g. \fB192.168.1.0/24\fR).
-.
-.IP \fBarp_sha=\fIxx\fB:\fIxx\fB:\fIxx\fB:\fIxx\fB:\fIxx\fB:\fIxx\fR
-.IQ \fBarp_tha=\fIxx\fB:\fIxx\fB:\fIxx\fB:\fIxx\fB:\fIxx\fB:\fIxx\fR
-When \fBdl_type\fR specifies either ARP or RARP, \fBarp_sha\fR and
-\fBarp_tha\fR match the source and target hardware address, respectively. An
-address is specified as 6 pairs of hexadecimal digits delimited by colons
-(e.g. \fB00:0A:E4:25:6B:B0\fR).
-.
-.IP \fBarp_sha=\fIxx\fB:\fIxx\fB:\fIxx\fB:\fIxx\fB:\fIxx\fB:\fIxx\fB/\fIxx\fB:\fIxx\fB:\fIxx\fB:\fIxx\fB:\fIxx\fB:\fIxx\fR
-.IQ \fBarp_tha=\fIxx\fB:\fIxx\fB:\fIxx\fB:\fIxx\fB:\fIxx\fB:\fIxx\fB/\fIxx\fB:\fIxx\fB:\fIxx\fB:\fIxx\fB:\fIxx\fB:\fIxx\fR
-When \fBdl_type\fR specifies either ARP or RARP, \fBarp_sha\fR and
-\fBarp_tha\fR match the source and target hardware address, respectively. An
-address is specified as 6 pairs of hexadecimal digits delimited by colons
-(e.g. \fB00:0A:E4:25:6B:B0\fR), with a wildcard mask following the slash.
-.
-
-.IP \fBipv6_src=\fIipv6\fR[\fB/\fInetmask\fR]
-.IQ \fBipv6_dst=\fIipv6\fR[\fB/\fInetmask\fR]
-When \fBdl_type\fR is 0x86dd (possibly via shorthand, e.g., \fBipv6\fR
-or \fBtcp6\fR), matches IPv6 source (or destination) address \fIipv6\fR,
-which may be specified as defined in RFC 2373. The preferred format is
-\fIx\fB:\fIx\fB:\fIx\fB:\fIx\fB:\fIx\fB:\fIx\fB:\fIx\fB:\fIx\fR, where
-\fIx\fR are the hexadecimal values of the eight 16-bit pieces of the
-address. A single instance of \fB::\fR may be used to indicate multiple
-groups of 16-bits of zeros. The optional \fInetmask\fR allows
-restricting a match to an IPv6 address prefix. A netmask is specified
-as an IPv6 address (e.g. \fB2001:db8:3c4d:1::/ffff:ffff:ffff:ffff::\fR)
-or a CIDR block (e.g. \fB2001:db8:3c4d:1::/64\fR). Open vSwitch 1.8
-and later support arbitrary masks; earlier versions support only CIDR
-masks, that is, CIDR block and IPv6 addresses that are equivalent to
-CIDR blocks.
-.
-.IP \fBipv6_label=\fIlabel\fR
-When \fBdl_type\fR is 0x86dd (possibly via shorthand, e.g., \fBipv6\fR
-or \fBtcp6\fR), matches IPv6 flow label \fIlabel\fR.
-.
-.IP \fBnd_target=\fIipv6\fR[\fB/\fInetmask\fR]
-When \fBdl_type\fR, \fBnw_proto\fR, and \fBicmp_type\fR specify
-IPv6 Neighbor Discovery (ICMPv6 type 135 or 136), matches the target address
-\fIipv6\fR. \fIipv6\fR is in the same format described earlier for the
-\fBipv6_src\fR and \fBipv6_dst\fR fields.
-.
-.IP \fBnd_sll=\fIxx\fB:\fIxx\fB:\fIxx\fB:\fIxx\fB:\fIxx\fB:\fIxx\fR
-When \fBdl_type\fR, \fBnw_proto\fR, and \fBicmp_type\fR specify IPv6
-Neighbor Solicitation (ICMPv6 type 135), matches the source link\-layer
-address option. An address is specified as 6 pairs of hexadecimal
-digits delimited by colons.
-.
-.IP \fBnd_tll=\fIxx\fB:\fIxx\fB:\fIxx\fB:\fIxx\fB:\fIxx\fB:\fIxx\fR
-When \fBdl_type\fR, \fBnw_proto\fR, and \fBicmp_type\fR specify IPv6
-Neighbor Advertisement (ICMPv6 type 136), matches the target link\-layer
-address option. An address is specified as 6 pairs of hexadecimal
-digits delimited by colons.
-.
-.IP \fBmpls_bos=\fIbos\fR
-When \fBdl_type\fR is 0x8847 or 0x8848 (possibly via shorthand e.g.,
-\fBmpls\fR or \fBmplsm\fR), matches the bottom-of-stack bit of the
-outer-most MPLS label stack entry. Valid values are 0 and 1.
-.IP
-If 1 then for a packet with a well-formed MPLS label stack the
-bottom-of-stack bit indicates that the outer label stack entry is also
-the inner-most label stack entry and thus that is that there is only one
-label stack entry present. Conversely, if 0 then for a packet with a
-well-formed MPLS label stack the bottom-of-stack bit indicates that the
-outer label stack entry is not the inner-most label stack entry and
-thus there is more than one label stack entry present.
-.
-.IP \fBmpls_label=\fIlabel\fR
-When \fBdl_type\fR is 0x8847 or 0x8848 (possibly via shorthand e.g.,
-\fBmpls\fR or \fBmplsm\fR), matches the label of the outer
-MPLS label stack entry. The label is a 20-bit value that is decimal by default;
-use a \fB0x\fR prefix to specify them in hexadecimal.
-.
-.IP \fBmpls_tc=\fItc\fR
-When \fBdl_type\fR is 0x8847 or 0x8848 (possibly via shorthand e.g.,
-\fBmpls\fR or \fBmplsm\fR), matches the traffic-class of the outer
-MPLS label stack entry. Valid values are between 0 (lowest) and 7 (highest).
-.
-.IP \fBtun_id=\fItunnel-id\fR[\fB/\fImask\fR]
-.IQ \fBtunnel_id=\fItunnel-id\fR[\fB/\fImask\fR]
-Matches tunnel identifier \fItunnel-id\fR. Only packets that arrive
-over a tunnel that carries a key (e.g. GRE with the RFC 2890 key
-extension and a nonzero key value) will have a nonzero tunnel ID.
-If \fImask\fR is omitted, \fItunnel-id\fR is the exact tunnel ID to match;
-if \fImask\fR is specified, then a 1-bit in \fImask\fR indicates that the
-corresponding bit in \fItunnel-id\fR must match exactly, and a 0-bit
-wildcards that bit.
-.
-.IP \fBtun_flags=\fIflags\fR
-Matches flags indicating various aspects of the tunnel encapsulation. Currently,
-there is only one flag defined:
-.IP
-\fBoam\fR: The tunnel protocol indicated that this is an OAM control packet.
-.IP
-Flags can be prefixed by \fB+\fR or \fB-\fR to indicate that the flag should
-be matched as either present or not present, respectively. In addition, flags
-can be specified without a prefix and separated by \fB|\fR to indicate an exact
-match.
-.IP
-Note that it is possible for newer version of Open vSwitch to introduce
-additional flags with varying meaning. It is therefore not recommended to use
-an exact match on this field since the behavior of these new flags is unknown
-and should be ignored.
-.IP
-For non-tunneled packets, the value is 0.
-.IP
-This field was introduced in Open vSwitch 2.5.
-.
-.IP \fBtun_src=\fIip\fR[\fB/\fInetmask\fR]
-.IQ \fBtun_dst=\fIip\fR[\fB/\fInetmask\fR]
-Matches tunnel IPv4 source (or destination) address \fIip\fR. Only packets
-that arrive over a tunnel will have nonzero tunnel addresses.
-The address may be specified as an IP address or host name
-(e.g. \fB192.168.1.1\fR or \fBwww.example.com\fR). The optional
-\fInetmask\fR allows restricting a match to a masked IPv4 address.
-The netmask may be specified as a dotted quad
-(e.g. \fB192.168.1.0/255.255.255.0\fR) or as a CIDR block
-(e.g. \fB192.168.1.0/24\fR).
-.
-.IP \fBtun_gbp_id=\fIvalue\fR[\fB/\fImask\fR]
-.IQ \fBtun_gbp_flags=\fIvalue\fR[\fB/\fImask\fR]
-Matches the group policy identifier and flags in the VXLAN header. Only
-packets that arrive over a VXLAN tunnel with the "gbp" extension
-enabled can have this field set. The fields may also be referred to by
-NXM_NX_TUN_GBP_ID[] (16 bits) and NXM_NX_TUN_GBP_FLAGS[] (8 bits) in
-the context of field manipulation actions. If these fields are set and
-the packet matched by the flow is encapsulated in a VXLAN-GBP tunnel,
-then the policy identifier and flags are transmitted to the destination
-VXLAN tunnel endpoint.
-.IP
-The \fBtun_gbp_flags\fR field has the following format:
-.IP
-.in +2
-\f(CR+-+-+-+-+-+-+-+-+\fR
-.br
-\f(CR|-|D|-|-|A|-|-|-|\fR
-.br
-\f(CR+-+-+-+-+-+-+-+-+\fR
-
-.B D :=
-Don't Learn bit. When set, this bit indicates that the egress
-tunnel endpoint MUST NOT learn the source address of the encapsulated
-frame.
-
-.B A :=
-Indicates that the group policy has already been applied to
-this packet. Policies MUST NOT be applied by devices when the A bit is
-set.
-.in -2
-.IP
-For more information, please see the corresponding IETF draft:
-https://tools.ietf.org/html/draft-smith-vxlan-group-policy
-.
-.IP "\fBtun_metadata\fIidx\fR[\fB=\fIvalue\fR[\fB/\fImask\fR]]"
-Matches \fIvalue\fR either exactly or with optional \fImask\fR in
-tunnel metadata field number \fIidx\fR (numbered from 0 to 63).
-The act of specifying a field implies a match on the existence
-of that field in the packet in addition to the masked value. As
-a shorthand, it is possible to specify only the field name to
-simply match on an option being present.
-.IP
-Tunnel metadata fields can be dynamically assigned onto the data
-contained in the options of Geneve packets using the commands
-described in the section \fBOpenFlow Switch Geneve Option Table
-Commands\fR. Once assigned, the length of the field is variable
-according to the size of the option. Before updating a mapping in
-the option table, flows with references to it should be removed,
-otherwise the result is non-deterministic.
-.IP
-These fields were introduced in Open vSwitch 2.5.
-.
-.IP "\fBreg\fIidx\fB=\fIvalue\fR[\fB/\fImask\fR]"
-Matches \fIvalue\fR either exactly or with optional \fImask\fR in
-register number \fIidx\fR. The valid range of \fIidx\fR depends on
-the switch. \fIvalue\fR and \fImask\fR are 32-bit integers, by
-default in decimal (use a \fB0x\fR prefix to specify hexadecimal).
-Arbitrary \fImask\fR values are allowed: a 1-bit in \fImask\fR
-indicates that the corresponding bit in \fIvalue\fR must match
-exactly, and a 0-bit wildcards that bit.
-.IP
-When a packet enters an OpenFlow switch, all of the registers are set
-to 0. Only explicit actions change register values.
-.
-.IP "\fBxreg\fIidx\fB=\fIvalue\fR[\fB/\fImask\fR]"
-Matches \fIvalue\fR either exactly or with optional \fImask\fR in
-64-bit ``extended register'' number \fIidx\fR. Each of the 64-bit
-extended registers overlays two of the 32-bit registers: \fBxreg0\fR
-overlays \fBreg0\fR and \fBreg1\fR, with \fBreg0\fR supplying the
-most-significant bits of \fBxreg0\fR and \fBreg1\fR the
-least-significant. \fBxreg1\fR similarly overlays \fBreg2\fR and
-\fBreg3\fR, and so on.
-.IP
-These fields were added in Open vSwitch 2.3 to conform with the
-OpenFlow 1.5 specification. OpenFlow 1.5 calls these fields
-just the ``packet registers,'' but Open vSwitch already had 32-bit
-registers by that name, which is why Open vSwitch refers to the
-standard registers as ``extended registers''.
-.
-.IP \fBpkt_mark=\fIvalue\fR[\fB/\fImask\fR]
-Matches packet metadata mark \fIvalue\fR either exactly or with optional
-\fImask\fR. The mark is associated data that may be passed into other
-system components in order to facilitate interaction between subsystems.
-On Linux this corresponds to the skb mark but the exact implementation is
-platform-dependent.
-.
-.IP \fBactset_output=\fIport\fR
-Matches the output port currently in the OpenFlow action set, where
-\fIport\fR may be an OpenFlow port number or keyword
-(e.g. \fBLOCAL\fR). If there is no output port in the OpenFlow action
-set, or if the output port will be ignored (e.g. because there is an
-output group in the OpenFlow action set), then the value will be
-\fBUNSET\fR.
-.IP
-This field was introduced in Open vSwitch 2.4 to conform with the
-OpenFlow 1.5 specification.
-.
-.IP \fBconj_id=\fIvalue\fR
-Matches the given 32-bit \fIvalue\fR against the conjunction ID. This
-is used only with the \fBconjunction\fR action (see below).
-.IP
-This field was introduced in Open vSwitch 2.4.
-.
-.IP \fBct_state=\fIflags\fB/\fImask\fR
-.IQ \fBct_state=\fR[\fB+\fIflag\fR...][\fB-\fIflag\fR...]
-Bitwise match on connection state flags. This is used with the \fBct\fR
-action (see below).
-.IP
-The \fBct_state\fR field provides information from a connection tracking
-module. It describes whether the packet has previously traversed the
-connection tracker (tracked, or trk) and, if it has been tracked, any
-additional information that the connection tracker was able to provide about
-the connection that the current packet belongs to.
-.IP
-Individual packets may be in one of two states: Untracked or tracked. When the
-\fBct\fR action is executed on a packet, it becomes tracked for the the
-remainder of OpenFlow pipeline processing. Once a packet has become tracked,
-the state of its corresponding connection may be determined. Note that the
-\fBct_state\fR is only significant for the current \fBct_zone\fR.
-.IP
-Connections may be in one of two states: uncommitted or committed. Connections
-are uncommitted by default. To determine ongoing information about a
-connection, like whether the connection is established or not, the connection
-must be committed. When the \fBct\fR action is executed on a packet with the
-\fBcommit\fR parameter, the connection will become committed and will remain in
-this state until the end of the connection. Committed connections store state
-beyond the duration of packet processing.
-.IP
-The \fIflags\fR and \fImask\fR are 32-bit numbers written in decimal or
-in hexadecimal prefixed by \fB0x\fR. Each 1-bit in \fImask\fR requires
-that the corresponding bit in \fIflags\fR must match. Each 0-bit in
-\fImask\fR causes the corresponding bit to be ignored.
-.IP
-Alternatively, the flags can be specified by their symbolic names
-(listed below), each preceded by either \fB+\fR for a flag that must
-be set, or \fB\-\fR for a flag that must be unset, without any other
-delimiters between the flags. Flags not mentioned are wildcarded. For
-example, \fBtcp,ct_state=+trk\-new\fR matches TCP packets that
-have been run through the connection tracker and do not establish a new
-flow.
-.IP
-The following flags describe the state of the tracking:
-.RS
-.IP "\fB0x80: trk\fR"
-This packet is tracked, meaning that it has previously traversed the connection
-tracker. If this flag is not set, then no other flags will be set. If this flag
-is set, then the packet is tracked and other flags may also be set.
-.IP "\fB0x40: rpl\fR"
-The flow is in the reply direction, meaning it did not initiate the
-connection. This flag may only be present for committed connections.
-.IP "\fB0x20: inv\fR"
-The state is invalid, meaning that the connection tracker couldn't identify the
-connection. This flag is a catch-all for any problems that the connection
-tracker may have, for example:
-.RS
-.PP
-- L3/L4 protocol handler is not loaded/unavailable. With the Linux kernel
-datapath, this may mean that the "nf_conntrack_ipv4" or "nf_conntrack_ipv6"
-modules are not loaded.
-.PP
-- L3/L4 protocol handler determines that the packet is malformed.
-.PP
-- Packets are unexpected length for protocol.
-.RE
-.IP "\fB0x01: new\fR"
-This is the beginning of a new connection. This flag may only be present for
-uncommitted connections.
-.IP "\fB0x02: est\fR"
-This is part of an already existing connection. This flag may only be present
-for committed connections.
-.IP "\fB0x04: rel\fR"
-This is a connection that is related to an existing connection, for
-instance ICMP "destination unreachable" messages or FTP data connections. This
-flag may only be present for committed connections.
-.PP
-This field was introduced in Open vSwitch 2.5.
-.RE
-.
-.PP
-The following fields are associated with the connection tracker and will only
-be populated for tracked packets. The \fBct\fR action will populate these
-fields, and allows modification of some of the below fields.
-.IP \fBct_zone=\fIzone
-Matches the given 16-bit connection \fIzone\fR exactly. This represents the
-most recent connection tracking context that \fBct\fR was executed in. Each
-zone is an independent connection tracking context, so if you wish to track
-the same packet in multiple contexts then you must use the \fBct\fR action
-multiple times. Introduced in Open vSwitch 2.5.
-.
-.IP \fBct_mark=\fIvalue\fR[\fB/\fImask\fR]
-Matches the given 32-bit connection mark \fIvalue\fR either exactly or with
-optional \fImask\fR. This represents metadata associated with the connection
-that the current packet is part of. Introduced in Open vSwitch 2.5.
-.
-.IP \fBct_label=\fIvalue\fR[\fB/\fImask\fR]
-Matches the given 128-bit connection labels \fIvalue\fR either exactly or with
-optional \fImask\fR. This represents metadata associated with the connection
-that the current packet is part of. Introduced in Open vSwitch 2.5.
-.
-.PP
-Defining IPv6 flows (those with \fBdl_type\fR equal to 0x86dd) requires
-support for NXM. The following shorthand notations are available for
-IPv6-related flows:
-.
-.IP \fBipv6\fR
-Same as \fBdl_type=0x86dd\fR.
-.
-.IP \fBtcp6\fR
-Same as \fBdl_type=0x86dd,nw_proto=6\fR.
-.
-.IP \fBudp6\fR
-Same as \fBdl_type=0x86dd,nw_proto=17\fR.
-.
-.IP \fBsctp6\fR
-Same as \fBdl_type=0x86dd,nw_proto=132\fR.
-.
-.IP \fBicmp6\fR
-Same as \fBdl_type=0x86dd,nw_proto=58\fR.
-.
-.PP
-Finally, field assignments to \fBduration\fR, \fBn_packets\fR, or
-\fBn_bytes\fR are ignored to allow output from the \fBdump\-flows\fR
-command to be used as input for other commands that parse flows.
+.IP "\fBduration=\fR..."
+.IQ "\fBn_packet=\fR..."
+.IQ "\fBn_bytes=\fR..."
+\fBovs\-ofctl\fR ignores assignments to these ``fields'' to allow
+output from the \fBdump\-flows\fR command to be used as input for
+other commands that parse flows.
.
.PP
The \fBadd\-flow\fR, \fBadd\-flows\fR, and \fBmod\-flows\fR commands
require an additional field, which must be the final field specified:
.
.IP \fBactions=\fR[\fIaction\fR][\fB,\fIaction\fR...]\fR
-Specifies a comma-separated list of actions to take on a packet when the
-flow entry matches. If no \fIaction\fR is specified, then packets
-matching the flow are dropped. The following forms of \fIaction\fR
-are supported:
-.
-.RS
-.IP \fIport\fR
-.IQ \fBoutput:\fIport\fR
-Outputs the packet to OpenFlow port number \fIport\fR. If \fIport\fR
-is the packet's input port, the packet is not output.
-.
-.IP \fBoutput:\fIsrc\fB[\fIstart\fB..\fIend\fB]
-Outputs the packet to the OpenFlow port number read from \fIsrc\fR,
-which must be an NXM field as described above. For example,
-\fBoutput:NXM_NX_REG0[16..31]\fR outputs to the OpenFlow port number
-written in the upper half of register 0. If the port number is the
-packet's input port, the packet is not output.
-.IP
-This form of \fBoutput\fR was added in Open vSwitch 1.3.0. This form
-of \fBoutput\fR uses an OpenFlow extension that is not supported by
-standard OpenFlow switches.
-.
-.IP \fBgroup:\fIgroup_id\fR
-Outputs the packet to the OpenFlow group \fIgroup_id\fR. Group tables
-are only supported in OpenFlow 1.1+. See Group Syntax for more details.
-.
-.IP \fBnormal\fR
-Subjects the packet to the device's normal L2/L3 processing. (This
-action is not implemented by all OpenFlow switches.)
-.
-.IP \fBflood\fR
-Outputs the packet on all switch physical ports other than the port on
-which it was received and any ports on which flooding is disabled
-(typically, these would be ports disabled by the IEEE 802.1D spanning
-tree protocol).
-.
-.IP \fBall\fR
-Outputs the packet on all switch physical ports other than the port on
-which it was received.
-.
-.IP \fBlocal\fR
-Outputs the packet on the ``local port,'' which corresponds to the
-network device that has the same name as the bridge.
-.
-.IP \fBin_port\fR
-Outputs the packet on the port from which it was received.
-.
-.IP \fBcontroller(\fIkey\fB=\fIvalue\fR...\fB)
-Sends the packet to the OpenFlow controller as a ``packet in''
-message. The supported key-value pairs are:
-.RS
-.IP "\fBmax_len=\fInbytes\fR"
-Limit to \fInbytes\fR the number of bytes of the packet to send to
-the controller. By default the entire packet is sent.
-.IP "\fBreason=\fIreason\fR"
-Specify \fIreason\fR as the reason for sending the message in the
-``packet in'' message. The supported reasons are \fBaction\fR (the
-default), \fBno_match\fR, and \fBinvalid_ttl\fR.
-.IP "\fBid=\fIcontroller-id\fR"
-Specify \fIcontroller-id\fR, a 16-bit integer, as the connection ID of
-the OpenFlow controller or controllers to which the ``packet in''
-message should be sent. The default is zero. Zero is also the
-default connection ID for each controller connection, and a given
-controller connection will only have a nonzero connection ID if its
-controller uses the \fBNXT_SET_CONTROLLER_ID\fR Nicira extension to
-OpenFlow.
-.RE
-.IP
-Any \fIreason\fR other than \fBaction\fR and any nonzero
-\fIcontroller-id\fR uses a Nicira vendor extension that, as of this
-writing, is only known to be implemented by Open vSwitch (version 1.6
-or later).
-.
-.IP \fBcontroller\fR
-.IQ \fBcontroller\fR[\fB:\fInbytes\fR]
-Shorthand for \fBcontroller()\fR or
-\fBcontroller(max_len=\fInbytes\fB)\fR, respectively.
-.
-.IP \fBenqueue(\fIport\fB,\fIqueue\fB)\fR
-Enqueues the packet on the specified \fIqueue\fR within port
-\fIport\fR, which must be an OpenFlow port number or keyword
-(e.g. \fBLOCAL\fR). The number of supported queues depends on the
-switch; some OpenFlow implementations do not support queuing at all.
-.
-.IP \fBdrop\fR
-Discards the packet, so no further processing or forwarding takes place.
-If a drop action is used, no other actions may be specified.
-.
-.IP \fBmod_vlan_vid\fR:\fIvlan_vid\fR
-Modifies the VLAN id on a packet. The VLAN tag is added or modified
-as necessary to match the value specified. If the VLAN tag is added,
-a priority of zero is used (see the \fBmod_vlan_pcp\fR action to set
-this).
-.
-.IP \fBmod_vlan_pcp\fR:\fIvlan_pcp\fR
-Modifies the VLAN priority on a packet. The VLAN tag is added or modified
-as necessary to match the value specified. Valid values are between 0
-(lowest) and 7 (highest). If the VLAN tag is added, a vid of zero is used
-(see the \fBmod_vlan_vid\fR action to set this).
-.
-.IP \fBstrip_vlan\fR
-Strips the VLAN tag from a packet if it is present.
-.
-.IP \fBpush_vlan\fR:\fIethertype\fR
-Push a new VLAN tag onto the packet. Ethertype is used as the Ethertype
-for the tag. Only ethertype 0x8100 should be used. (0x88a8 which the spec
-allows isn't supported at the moment.)
-A priority of zero and the tag of zero are used for the new tag.
-.
-.IP \fBpush_mpls\fR:\fIethertype\fR
-Changes the packet's Ethertype to \fIethertype\fR, which must be either
-\fB0x8847\fR or \fB0x8848\fR, and pushes an MPLS LSE.
-.IP
-If the packet does not already contain any MPLS labels then an initial
-label stack entry is pushed. The label stack entry's label is 2 if the
-packet contains IPv6 and 0 otherwise, its default traffic control value is
-the low 3 bits of the packet's DSCP value (0 if the packet is not IP), and
-its TTL is copied from the IP TTL (64 if the packet is not IP).
-.IP
-If the packet does already contain an MPLS label, pushes a new
-outermost label as a copy of the existing outermost label.
-.IP
-A limitation of the implementation is that processing of actions will stop
-if \fBpush_mpls\fR follows another \fBpush_mpls\fR unless there is a
-\fBpop_mpls\fR in between.
-.
-.IP \fBpop_mpls\fR:\fIethertype\fR
-Strips the outermost MPLS label stack entry.
-Currently the implementation restricts \fIethertype\fR to a non-MPLS Ethertype
-and thus \fBpop_mpls\fR should only be applied to packets with
-an MPLS label stack depth of one. A further limitation is that processing of
-actions will stop if \fBpop_mpls\fR follows another \fBpop_mpls\fR unless
-there is a \fBpush_mpls\fR in between.
-.
-.IP \fBmod_dl_src\fB:\fImac\fR
-Sets the source Ethernet address to \fImac\fR.
-.
-.IP \fBmod_dl_dst\fB:\fImac\fR
-Sets the destination Ethernet address to \fImac\fR.
-.
-.IP \fBmod_nw_src\fB:\fIip\fR
-Sets the IPv4 source address to \fIip\fR.
-.
-.IP \fBmod_nw_dst\fB:\fIip\fR
-Sets the IPv4 destination address to \fIip\fR.
-.
-.IP \fBmod_tp_src\fB:\fIport\fR
-Sets the TCP or UDP or SCTP source port to \fIport\fR.
-.
-.IP \fBmod_tp_dst\fB:\fIport\fR
-Sets the TCP or UDP or SCTP destination port to \fIport\fR.
-.
-.IP \fBmod_nw_tos\fB:\fItos\fR
-Sets the DSCP bits in the IPv4 ToS/DSCP or IPv6 traffic class field to
-\fItos\fR, which must be a multiple of 4 between 0 and 255. This action
-does not modify the two least significant bits of the ToS field (the ECN bits).
-.
-.IP \fBmod_nw_ecn\fB:\fIecn\fR
-Sets the ECN bits in the IPv4 ToS or IPv6 traffic class field to \fIecn\fR,
-which must be a value between 0 and 3, inclusive. This action does not modify
-the six most significant bits of the field (the DSCP bits).
-.IP
-Requires OpenFlow 1.1 or later.
-.
-.IP \fBmod_nw_ttl\fB:\fIttl\fR
-Sets the IPv4 TTL or IPv6 hop limit field to \fIttl\fR, which is specified as
-a decimal number between 0 and 255, inclusive. Switch behavior when setting
-\fIttl\fR to zero is not well specified, though.
-.IP
-Requires OpenFlow 1.1 or later.
-.RE
-.IP
-The following actions are Nicira vendor extensions that, as of this writing, are
-only known to be implemented by Open vSwitch:
-.
-.RS
-.
-.IP \fBresubmit\fB:\fIport\fR
-.IQ \fBresubmit\fB(\fR[\fIport\fR]\fB,\fR[\fItable\fR]\fB)
-Re-searches this OpenFlow flow table (or the table whose number is
-specified by \fItable\fR) with the \fBin_port\fR field replaced by
-\fIport\fR (if \fIport\fR is specified) and executes the actions
-found, if any, in addition to any other actions in this flow entry.
-.IP
-Recursive \fBresubmit\fR actions are obeyed up to an
-implementation-defined maximum depth. Open vSwitch 1.0.1 and earlier
-did not support recursion; Open vSwitch before 1.2.90 did not support
-\fItable\fR.
-.
-.IP \fBset_tunnel\fB:\fIid\fR
-.IQ \fBset_tunnel64\fB:\fIid\fR
-If outputting to a port that encapsulates the packet in a tunnel and
-supports an identifier (such as GRE), sets the identifier to \fIid\fR.
-If the \fBset_tunnel\fR form is used and \fIid\fR fits in 32 bits,
-then this uses an action extension that is supported by Open vSwitch
-1.0 and later. Otherwise, if \fIid\fR is a 64-bit value, it requires
-Open vSwitch 1.1 or later.
-.
-.IP \fBset_queue\fB:\fIqueue\fR
-Sets the queue that should be used to \fIqueue\fR when packets are
-output. The number of supported queues depends on the switch; some
-OpenFlow implementations do not support queuing at all.
-.
-.IP \fBpop_queue\fR
-Restores the queue to the value it was before any \fBset_queue\fR
-actions were applied.
-.
-.IP \fBct\fR
-.IQ \fBct\fB(\fR[\fIargument\fR][\fB,\fIargument\fR...]\fB)
-Send the packet through the connection tracker. Refer to the \fBct_state\fR
-documentation above for possible packet and connection states. The following
-arguments are supported:
-
-.RS
-.IP \fBcommit\fR
-.RS
-Commit the connection to the connection tracking module. Information about the
-connection will be stored beyond the lifetime of the packet in the pipeline.
-Some \fBct_state\fR flags are only available for committed connections.
-.RE
-.IP \fBtable=\fInumber\fR
-Fork pipeline processing in two. The original instance of the packet will
-continue processing the current actions list as an untracked packet. An
-additional instance of the packet will be sent to the connection tracker, which
-will be re-injected into the OpenFlow pipeline to resume processing in table
-\fInumber\fR, with the \fBct_state\fR and other ct match fields set. If the
-\fBtable\fR is not specified, then the packet is submitted to the connection
-tracker, but the pipeline does not fork and the ct match fields are not
-populated. It is strongly recommended to specify a table later than the current
-table to prevent loops.
-.IP \fBzone=\fIvalue\fR
-.IQ \fBzone=\fIsrc\fB[\fIstart\fB..\fIend\fB]\fR
-A 16-bit context id that can be used to isolate connections into separate
-domains, allowing overlapping network addresses in different zones. If a zone
-is not provided, then the default is to use zone zero. The \fBzone\fR may be
-specified either as an immediate 16-bit \fIvalue\fR, or may be provided from an
-NXM field \fIsrc\fR. The \fIstart\fR and \fIend\fR pair are inclusive, and must
-specify a 16-bit range within the field.
-.IP \fBexec\fB(\fR[\fIaction\fR][\fB,\fIaction\fR...]\fB)\fR
-Perform actions within the context of connection tracking. These actions
-are in the same format as the actions accepted as part of a flow, however
-there are additional restrictions applied. For instance, only actions which
-modify the ct fields are accepted within the \fBexec\fR action. Furthermore,
-some actions may only be performed in this context, for instance modifying the
-ct_mark field:
-.
-.RS
-.IP \fBset_field:\fIvalue\fR->ct_mark\fR
-Store a 32-bit metadata value with the connection. If the connection is
-committed, then subsequent lookups for packets in this connection will
-populate the \fBct_mark\fR flow field when the packet is sent to the
-connection tracker with the \fBtable\fR specified.
-.IP \fBset_field:\fIvalue\fR->ct_label\fR
-Store a 128-bit metadata value with the connection. If the connection is
-committed, then subsequent lookups for packets in this connection will
-populate the \fBct_label\fR flow field when the packet is sent to the
-connection tracker with the \fBtable\fR specified.
-.RE
-.IP
-The \fBcommit\fR parameter must be specified to use \fBexec(...)\fR.
-.
-.IP \fBalg=\fIalg\fR
-Specify application layer gateway \fIalg\fR to track specific connection
-types. Supported types include:
-.RS
-.IP \fBftp\fR
-Look for negotiation of FTP data connections. If a subsequent FTP data
-connection arrives which is related, the \fBct\fR action will set the
-\fBrel\fR flag in the \fBct_state\fR field for packets sent through \fBct\fR.
-.RE
-.
-.RE
-.IP
-The \fBct\fR action may be used as a primitive to construct stateful firewalls
-by selectively committing some traffic, then matching the \fBct_state\fR to
-allow established connections while denying new connections. The following
-flows provide an example of how to implement a simple firewall that allows new
-connections from port 1 to port 2, and only allows established connections to
-send traffic from port 2 to port 1:
- \fBtable=0,priority=1,action=drop
- table=0,priority=10,arp,action=normal
- table=0,priority=100,ip,ct_state=-trk,action=ct(table=1)
- table=1,in_port=1,ip,ct_state=+trk+new,action=ct(commit),2
- table=1,in_port=1,ip,ct_state=+trk+est,action=2
- table=1,in_port=2,ip,ct_state=+trk+new,action=drop
- table=1,in_port=2,ip,ct_state=+trk+est,action=1\fR
-.IP
-If \fBct\fR is executed on IP (or IPv6) fragments, then the message is
-implicitly reassembled before sending to the connection tracker and
-refragmented upon \fBoutput\fR, to the original maximum received fragment size.
-Reassembly occurs within the context of the \fBzone\fR. Pipeline processing
-for the initial fragments is halted; When the final fragment is received,
-the message is assembled and pipeline processing will continue for that flow.
-Because packet ordering is not guaranteed by IP protocols, it is not possible
-to determine which IP fragment will cause message reassembly (and therefore
-continue pipeline processing). As such, it is strongly recommended that
-multiple flows should not execute \fBct\fR to reassemble fragments from the
-same IP message.
-.IP
-Currently, connection tracking is only available on Linux kernels with the
-nf_conntrack module loaded.
-.
-.RE
-.
-.IP \fBdec_ttl\fR
-.IQ \fBdec_ttl\fB[\fR(\fIid1,id2\fI)\fR]\fR
-Decrement TTL of IPv4 packet or hop limit of IPv6 packet. If the
-TTL or hop limit is initially zero or decrementing would make it so, no
-decrement occurs, as packets reaching TTL zero must be rejected. Instead,
-a ``packet-in'' message with reason code \fBOFPR_INVALID_TTL\fR is
-sent to each connected controller that has enabled receiving them,
-if any. Processing the current set of actions then stops. However,
-if the current set of actions was reached through ``resubmit'' then
-remaining actions in outer levels resume processing. This action
-also optionally supports the ability to specify a list of valid
-controller ids. Each of controllers in the list will receive the
-``packet_in'' message only if they have registered to receive the
-invalid ttl packets. If controller ids are not specified, the
-``packet_in'' message will be sent only to the controllers having
-controller id zero which have registered for the invalid ttl packets.
-.
-.IP \fBset_mpls_label\fR:\fIlabel\fR
-Set the label of the outer MPLS label stack entry of a packet.
-\fIlabel\fR should be a 20-bit value that is decimal by default;
-use a \fB0x\fR prefix to specify them in hexadecimal.
-.
-.IP \fBset_mpls_tc\fR:\fItc\fR
-Set the traffic-class of the outer MPLS label stack entry of a packet.
-\fItc\fR should be a in the range 0 to 7 inclusive.
-.
-.IP \fBset_mpls_ttl\fR:\fIttl\fR
-Set the TTL of the outer MPLS label stack entry of a packet.
-\fIttl\fR should be in the range 0 to 255 inclusive.
-.
-.IP \fBdec_mpls_ttl\fR
-Decrement TTL of the outer MPLS label stack entry of a packet. If the TTL
-is initially zero or decrementing would make it so, no decrement occurs.
-Instead, a ``packet-in'' message with reason code \fBOFPR_INVALID_TTL\fR
-is sent to the main controller (id zero), if it has enabled receiving them.
-Processing the current set of actions then stops. However, if the current
-set of actions was reached through ``resubmit'' then remaining actions in
-outer levels resume processing.
-.
-.IP \fBnote:\fR[\fIhh\fR]...
-Does nothing at all. Any number of bytes represented as hex digits
-\fIhh\fR may be included. Pairs of hex digits may be separated by
-periods for readability.
-The \fBnote\fR action's format doesn't include an exact length for its
-payload, so the provided bytes will be padded on the right by enough
-bytes with value 0 to make the total number 6 more than a multiple of
-8.
-.
-.IP "\fBmove:\fIsrc\fB[\fIstart\fB..\fIend\fB]\->\fIdst\fB[\fIstart\fB..\fIend\fB]\fR"
-Copies the named bits from field \fIsrc\fR to field \fIdst\fR.
-\fIsrc\fR and \fIdst\fR must be NXM field names as defined in
-\fBnicira\-ext.h\fR, e.g. \fBNXM_OF_UDP_SRC\fR or \fBNXM_NX_REG0\fR.
-Each \fIstart\fR and \fIend\fR pair, which are inclusive, must specify
-the same number of bits and must fit within its respective field.
-Shorthands for \fB[\fIstart\fB..\fIend\fB]\fR exist: use
-\fB[\fIbit\fB]\fR to specify a single bit or \fB[]\fR to specify an
-entire field.
-.IP
-Examples: \fBmove:NXM_NX_REG0[0..5]\->NXM_NX_REG1[26..31]\fR copies the
-six bits numbered 0 through 5, inclusive, in register 0 into bits 26
-through 31, inclusive;
-\fBmove:NXM_NX_REG0[0..15]\->NXM_OF_VLAN_TCI[]\fR copies the least
-significant 16 bits of register 0 into the VLAN TCI field.
-.IP
-In OpenFlow 1.0 through 1.4, \fBmove\fR ordinarily uses an Open
-vSwitch extension to OpenFlow. In OpenFlow 1.5, \fBmove\fR uses the
-OpenFlow 1.5 standard \fBcopy_field\fR action. The ONF has
-also made \fBcopy_field\fR available as an extension to OpenFlow 1.3.
-Open vSwitch 2.4 and later understands this extension and uses it if a
-controller uses it, but for backward compatibility with older versions
-of Open vSwitch, \fBovs\-ofctl\fR does not use it.
-.
-.IP "\fBset_field:\fIvalue\fR[/\fImask\fR]\fB\->\fIdst"
-.IQ "\fBload:\fIvalue\fB\->\fIdst\fB[\fIstart\fB..\fIend\fB]"
-Loads a literal value into a field or part of a field. With
-\fBset_field\fR, \fBvalue\fR and the optional \fBmask\fR are given in
-the customary syntax for field \fIdst\fR, which is expressed as a
-field name. For example, \fBset_field:00:11:22:33:44:55->eth_src\fR
-sets the Ethernet source address to 00:11:22:33:44:55. With
-\fBload\fR, \fIvalue\fR must be an integer value (in decimal or
-prefixed by \fB0x\fR for hexadecimal) and \fIdst\fR is the NXM or OXM
-name for the field. For example,
-\fBload:0x001122334455->OXM_OF_ETH_DST[]\fR has the same effect as the
-prior \fBset_field\fR example.
-.IP
-The two forms exist for historical reasons. Open vSwitch 1.1
-introduced \fBNXAST_REG_LOAD\fR as a Nicira extension to OpenFlow 1.0
-and used \fBload\fR to express it. Later, OpenFlow 1.2 introduced a
-standard \fBOFPAT_SET_FIELD\fR action that was restricted to loading
-entire fields, so Open vSwitch added the form \fBset_field\fR with
-this restriction. OpenFlow 1.5 extended \fBOFPAT_SET_FIELD\fR to the
-point that it became a superset of \fBNXAST_REG_LOAD\fR. Open vSwitch
-translates either syntax as necessary for the OpenFlow version in use:
-in OpenFlow 1.0 and 1.1, \fBNXAST_REG_LOAD\fR; in OpenFlow 1.2, 1.3,
-and 1.4, \fBNXAST_REG_LOAD\fR for \fBload\fR or for loading a
-subfield, \fBOFPAT_SET_FIELD\fR otherwise; and OpenFlow 1.5 and later,
-\fBOFPAT_SET_FIELD\fR.
-.
-.IP "\fBpush:\fIsrc\fB[\fIstart\fB..\fIend\fB]"
-Pushes \fIstart\fR to \fIend\fR bits inclusive, in fields
-on top of the stack.
-.IP
-Example: \fBpush:NXM_NX_REG2[0..5]\fR push the value stored in register
-2 bits 0 through 5, inclusive, on to the internal stack.
-.
-.IP "\fBpop:\fIdst\fB[\fIstart\fB..\fIend\fB]"
-Pops from the top of the stack, retrieves the \fIstart\fR to \fIend\fR bits
-inclusive, from the value popped and store them into the corresponding
-bits in \fIdst\fR.
-.
-.IP
-Example: \fBpop:NXM_NX_REG2[0..5]\fR pops the value from top of the stack.
-Set register 2 bits 0 through 5, inclusive, based on bits 0 through 5 from the
-value just popped.
-.
-.
-.IP "\fBmultipath(\fIfields\fB, \fIbasis\fB, \fIalgorithm\fB, \fIn_links\fB, \fIarg\fB, \fIdst\fB[\fIstart\fB..\fIend\fB])\fR"
-Hashes \fIfields\fR using \fIbasis\fR as a universal hash parameter,
-then the applies multipath link selection \fIalgorithm\fR (with
-parameter \fIarg\fR) to choose one of \fIn_links\fR output links
-numbered 0 through \fIn_links\fR minus 1, and stores the link into
-\fIdst\fB[\fIstart\fB..\fIend\fB]\fR, which must be an NXM field as
-described above.
-.IP
-\fIfields\fR must be one of the following:
-.RS
-.IP \fBeth_src\fR
-Hashes Ethernet source address only.
-.IP \fBsymmetric_l4\fR
-Hashes Ethernet source, destination, and type, VLAN ID, IPv4/IPv6
-source, destination, and protocol, and TCP or SCTP (but not UDP)
-ports. The hash is computed so that pairs of corresponding flows in
-each direction hash to the same value, in environments where L2 paths
-are the same in each direction. UDP ports are not included in the
-hash to support protocols such as VXLAN that use asymmetric ports in
-each direction.
-.IP \fBsymmetric_l3l4\fR
-Hashes IPv4/IPv6 source, destination, and protocol, and TCP or SCTP
-(but not UDP) ports. Like \fBsymmetric_l4\fR, this is a symmetric
-hash, but by excluding L2 headers it is more effective in environments
-with asymmetric L2 paths (e.g. paths involving VRRP IP addresses on a
-router). Not an effective hash function for protocols other than IPv4
-and IPv6, which hash to a constant zero.
-.IP \fBsymmetric_l3l4+udp\fR
-Like \fBsymmetric_l3l4+udp\fR, but UDP ports are included in the hash.
-This is a more effective hash when asymmetric UDP protocols such as
-VXLAN are not a consideration.
-.RE
-.IP
-\fIalgorithm\fR must be one of \fBmodulo_n\fR,
-\fBhash_threshold\fR, \fBhrw\fR, and \fBiter_hash\fR. Only
-the \fBiter_hash\fR algorithm uses \fIarg\fR.
-.IP
-Refer to \fBnicira\-ext.h\fR for more details.
-.
-.IP "\fBbundle(\fIfields\fB, \fIbasis\fB, \fIalgorithm\fB, \fIslave_type\fB, slaves:[\fIs1\fB, \fIs2\fB, ...])\fR"
-Hashes \fIfields\fR using \fIbasis\fR as a universal hash parameter, then
-applies the bundle link selection \fIalgorithm\fR to choose one of the listed
-slaves represented as \fIslave_type\fR. Currently the only supported
-\fIslave_type\fR is \fBofport\fR. Thus, each \fIs1\fR through \fIsN\fR should
-be an OpenFlow port number. Outputs to the selected slave.
-.IP
-Currently, \fIfields\fR must be either \fBeth_src\fR, \fBsymmetric_l4\fR, \fBsymmetric_l3l4\fR, or \fBsymmetric_l3l4+udp\fR,
-and \fIalgorithm\fR must be one of \fBhrw\fR and \fBactive_backup\fR.
-.IP
-Example: \fBbundle(eth_src,0,hrw,ofport,slaves:4,8)\fR uses an Ethernet source
-hash with basis 0, to select between OpenFlow ports 4 and 8 using the Highest
-Random Weight algorithm.
-.IP
-Refer to \fBnicira\-ext.h\fR for more details.
-.
-.IP "\fBbundle_load(\fIfields\fB, \fIbasis\fB, \fIalgorithm\fB, \fIslave_type\fB, \fIdst\fB[\fIstart\fB..\fIend\fB], slaves:[\fIs1\fB, \fIs2\fB, ...])\fR"
-Has the same behavior as the \fBbundle\fR action, with one exception. Instead
-of outputting to the selected slave, it writes its selection to
-\fIdst\fB[\fIstart\fB..\fIend\fB]\fR, which must be an NXM field as described
-above.
-.IP
-Example: \fBbundle_load(eth_src, 0, hrw, ofport, NXM_NX_REG0[],
-slaves:4, 8)\fR uses an Ethernet source hash with basis 0, to select
-between OpenFlow ports 4 and 8 using the Highest Random Weight
-algorithm, and writes the selection to \fBNXM_NX_REG0[]\fR.
-.IP
-Refer to \fBnicira\-ext.h\fR for more details.
-.
-.IP "\fBlearn(\fIargument\fR[\fB,\fIargument\fR]...\fB)\fR"
-This action adds or modifies a flow in an OpenFlow table, similar to
-\fBovs\-ofctl \-\-strict mod\-flows\fR. The arguments specify the
-flow's match fields, actions, and other properties, as follows. At
-least one match criterion and one action argument should ordinarily be
-specified.
-.RS
-.IP \fBidle_timeout=\fIseconds\fR
-.IQ \fBhard_timeout=\fIseconds\fR
-.IQ \fBpriority=\fIvalue\fR
-.IQ \fBcookie=\fIvalue\fR
-.IQ \fBsend_flow_rem\fR
-These arguments have the same meaning as in the usual \fBovs\-ofctl\fR
-flow syntax.
-.
-.IP \fBfin_idle_timeout=\fIseconds\fR
-.IQ \fBfin_hard_timeout=\fIseconds\fR
-Adds a \fBfin_timeout\fR action with the specified arguments to the
-new flow. This feature was added in Open vSwitch 1.5.90.
-.
-.IP \fBtable=\fInumber\fR
-The table in which the new flow should be inserted. Specify a decimal
-number between 0 and 254. The default, if \fBtable\fR is unspecified,
-is table 1.
-.
-.IP \fBdelete_learned\fR
-This flag enables deletion of the learned flows when the flow with the
-\fBlearn\fR action is removed. Specifically, when the last
-\fBlearn\fR action with this flag and particular \fBtable\fR and
-\fBcookie\fR values is removed, the switch deletes all of the flows in
-the specified table with the specified cookie.
-.
-.IP
-This flag was added in Open vSwitch 2.4.
-.
-.IP \fIfield\fB=\fIvalue\fR
-.IQ \fIfield\fB[\fIstart\fB..\fIend\fB]=\fIsrc\fB[\fIstart\fB..\fIend\fB]\fR
-.IQ \fIfield\fB[\fIstart\fB..\fIend\fB]\fR
-Adds a match criterion to the new flow.
-.IP
-The first form specifies that \fIfield\fR must match the literal
-\fIvalue\fR, e.g. \fBdl_type=0x0800\fR. All of the fields and values
-for \fBovs\-ofctl\fR flow syntax are available with their usual
-meanings.
-.IP
-The second form specifies that \fIfield\fB[\fIstart\fB..\fIend\fB]\fR
-in the new flow must match \fIsrc\fB[\fIstart\fB..\fIend\fB]\fR taken
-from the flow currently being processed.
-.IP
-The third form is a shorthand for the second form. It specifies that
-\fIfield\fB[\fIstart\fB..\fIend\fB]\fR in the new flow must match
-\fIfield\fB[\fIstart\fB..\fIend\fB]\fR taken from the flow currently
-being processed.
-.
-.IP \fBload:\fIvalue\fB\->\fIdst\fB[\fIstart\fB..\fIend\fB]
-.IQ \fBload:\fIsrc\fB[\fIstart\fB..\fIend\fB]\->\fIdst\fB[\fIstart\fB..\fIend\fB]
-.
-Adds a \fBload\fR action to the new flow.
-.IP
-The first form loads the literal \fIvalue\fR into bits \fIstart\fR
-through \fIend\fR, inclusive, in field \fIdst\fR. Its syntax is the
-same as the \fBload\fR action described earlier in this section.
-.IP
-The second form loads \fIsrc\fB[\fIstart\fB..\fIend\fB]\fR, a value
-from the flow currently being processed, into bits \fIstart\fR
-through \fIend\fR, inclusive, in field \fIdst\fR.
-.
-.IP \fBoutput:\fIfield\fB[\fIstart\fB..\fIend\fB]\fR
-Add an \fBoutput\fR action to the new flow's actions, that outputs to
-the OpenFlow port taken from \fIfield\fB[\fIstart\fB..\fIend\fB]\fR,
-which must be an NXM field as described above.
-.RE
-.IP
-For best performance, segregate learned flows into a table (using
-\fBtable=\fInumber\fR) that is not used for any other flows except
-possibly for a lowest-priority ``catch-all'' flow, that is, a flow
-with no match criteria. (This is why the default \fBtable\fR is 1, to
-keep the learned flows separate from the primary flow table 0.)
-.RE
-.
-.RS
-.
-.IP \fBclear_actions\fR
-Clears all the actions in the action set immediately.
-.
-.IP \fBwrite_actions(\fR[\fIaction\fR][\fB,\fIaction\fR...]\fB)
-Add the specific actions to the action set. The syntax of
-\fIactions\fR is the same as in the \fBactions=\fR field. The action
-set is carried between flow tables and then executed at the end of the
-pipeline.
-.
-.IP
-The actions in the action set are applied in the following order, as
-required by the OpenFlow specification, regardless of the order in
-which they were added to the action set. Except as specified
-otherwise below, the action set only holds at most a single action of
-each type. When more than one action of a single type is written to
-the action set, the one written later replaces the earlier action:
-.
-.RS
-.IP 1.
-\fBstrip_vlan\fR
-.IQ
-\fBpop_mpls\fR
-.
-.IP 2.
-\fBpush_mpls\fR
-.
-.IP 3.
-\fBpush_vlan\fR
-.
-.IP 4.
-\fBdec_ttl\fR
-.IQ
-\fBdec_mpls_ttl\fR
-.
-.IP 5.
-\fBload\fR
-.IQ
-\fBmove\fR
-.IQ
-\fBmod_dl_dst\fR
-.IQ
-\fBmod_dl_src\fR
-.IQ
-\fBmod_nw_dst\fR
-.IQ
-\fBmod_nw_src\fR
-.IQ
-\fBmod_nw_tos\fR
-.IQ
-\fBmod_nw_ecn\fR
-.IQ
-\fBmod_nw_ttl\fR
-.IQ
-\fBmod_tp_dst\fR
-.IQ
-\fBmod_tp_src\fR
-.IQ
-\fBmod_vlan_pcp\fR
-.IQ
-\fBmod_vlan_vid\fR
-.IQ
-\fBset_field\fR
-.IQ
-\fBset_tunnel\fR
-.IQ
-\fBset_tunnel64\fR
-.IQ
-The action set can contain any number of these actions, with
-cumulative effect. They will be applied in the order as added.
-That is, when multiple actions modify the same part of a field,
-the later modification takes effect, and when they modify
-different parts of a field (or different fields), then both
-modifications are applied.
-.
-.IP 6.
-\fBset_queue\fR
-.
-.IP 7.
-\fBgroup\fR
-.IQ
-\fBoutput\fR
-.IQ
-\fBresubmit\fR
-.IQ
-If more than one of these actions is present, then the one listed
-earliest above is executed and the others are ignored, regardless of
-the order in which they were added to the action set. (If none of these
-actions is present, the action set has no real effect, because the
-modified packet is not sent anywhere and thus the modifications are
-not visible.)
-.RE
-.IP
-Only the actions listed above may be written to the action set.
-.
-.IP \fBwrite_metadata\fB:\fIvalue\fR[/\fImask\fR]
-Updates the metadata field for the flow. If \fImask\fR is omitted, the
-metadata field is set exactly to \fIvalue\fR; if \fImask\fR is specified, then
-a 1-bit in \fImask\fR indicates that the corresponding bit in the metadata
-field will be replaced with the corresponding bit from \fIvalue\fR. Both
-\fIvalue\fR and \fImask\fR are 64-bit values that are decimal by default; use
-a \fB0x\fR prefix to specify them in hexadecimal.
-.
-.IP \fBmeter\fR:\fImeter_id\fR
-Apply the \fImeter_id\fR before any other actions. If a meter band rate is
-exceeded, the packet may be dropped, or modified, depending on the meter
-band type. See the description of the \fBMeter Table Commands\fR, above,
-for more details.
-.
-.IP \fBgoto_table\fR:\fItable\fR
-Indicates the next table in the process pipeline.
-.
-.IP "\fBfin_timeout(\fIargument\fR[\fB,\fIargument\fR]\fB)"
-This action changes the idle timeout or hard timeout, or both, of this
-OpenFlow rule when the rule matches a TCP packet with the FIN or RST
-flag. When such a packet is observed, the action reduces the rule's
-timeouts to those specified on the action. If the rule's existing
-timeout is already shorter than the one that the action specifies,
-then that timeout is unaffected.
-.IP
-\fIargument\fR takes the following forms:
-.RS
-.IP "\fBidle_timeout=\fIseconds\fR"
-Causes the flow to expire after the given number of seconds of
-inactivity.
-.
-.IP "\fBhard_timeout=\fIseconds\fR"
-Causes the flow to expire after the given number of seconds,
-regardless of activity. (\fIseconds\fR specifies time since the
-flow's creation, not since the receipt of the FIN or RST.)
-.RE
-.IP
-This action was added in Open vSwitch 1.5.90.
-.
-.IP "\fBsample(\fIargument\fR[\fB,\fIargument\fR]...\fB)\fR"
-Samples packets and sends one sample for every sampled packet.
-.IP
-\fIargument\fR takes the following forms:
-.RS
-.IP "\fBprobability=\fIpackets\fR"
-The number of sampled packets out of 65535. Must be greater or equal to 1.
-.IP "\fBcollector_set_id=\fIid\fR"
-The unsigned 32-bit integer identifier of the set of sample collectors
-to send sampled packets to. Defaults to 0.
-.IP "\fBobs_domain_id=\fIid\fR"
-When sending samples to IPFIX collectors, the unsigned 32-bit integer
-Observation Domain ID sent in every IPFIX flow record. Defaults to 0.
-.IP "\fBobs_point_id=\fIid\fR"
-When sending samples to IPFIX collectors, the unsigned 32-bit integer
-Observation Point ID sent in every IPFIX flow record. Defaults to 0.
-.RE
-.IP
-Refer to \fBovs\-vswitchd.conf.db\fR(8) for more details on
-configuring sample collector sets.
-.IP
-This action was added in Open vSwitch 1.10.90.
-.
-.IP "\fBexit\fR"
-This action causes Open vSwitch to immediately halt execution of
-further actions. Those actions which have already been executed are
-unaffected. Any further actions, including those which may be in
-other tables, or different levels of the \fBresubmit\fR call stack,
-are ignored. Actions in the action set is still executed (specify
-\fBclear_actions\fR before \fBexit\fR to discard them).
-.
-.IP "\fBconjunction(\fIid\fB, \fIk\fB/\fIn\fR\fB)\fR"
-An individual OpenFlow flow can match only a single value for each
-field. However, situations often arise where one wants to match one
-of a set of values within a field or fields. For matching a single
-field against a set, it is straightforward and efficient to add
-multiple flows to the flow table, one for each value in the set. For
-example, one might use the following flows to send packets with IP
-source address \fIa\fR, \fIb\fR, \fIc\fR, or \fId\fR to the OpenFlow
-controller:
-.RS +1in
-.br
-\fBip,ip_src=\fIa\fB actions=controller\fR
-.br
-\fBip,ip_src=\fIb\fB actions=controller\fR
-.br
-\fBip,ip_src=\fIc\fB actions=controller\fR
-.br
-\fBip,ip_src=\fId\fB actions=controller\fR
-.br
-.RE
-.IP
-Similarly, these flows send packets with IP destination address
-\fIe\fR, \fIf\fR, \fIg\fR, or \fIh\fR to the OpenFlow controller:
-.RS +1in
-.br
-\fBip,ip_dst=\fIe\fB actions=controller\fR
-.br
-\fBip,ip_dst=\fIf\fB actions=controller\fR
-.br
-\fBip,ip_dst=\fIg\fB actions=controller\fR
-.br
-\fBip,ip_dst=\fIh\fB actions=controller\fR
-.br
-.RE
-.IP
-Installing all of the above flows in a single flow table yields a
-disjunctive effect: a packet is sent to the controller if \fBip_src\fR
-\[mo] {\fIa\fR,\fIb\fR,\fIc\fR,\fId\fR} or \fBip_dst\fR \[mo]
-{\fIe\fR,\fIf\fR,\fIg\fR,\fIh\fR} (or both). (Pedantically, if both
-of the above sets of flows are present in the flow table, they should
-have different priorities, because OpenFlow says that the results are
-undefined when two flows with same priority can both match a single
-packet.)
-.IP
-Suppose, on the other hand, one wishes to match conjunctively, that
-is, to send a packet to the controller only if both \fBip_src\fR \[mo]
-{\fIa\fR,\fIb\fR,\fIc\fR,\fId\fR} and \fBip_dst\fR \[mo]
-{\fIe\fR,\fIf\fR,\fIg\fR,\fIh\fR}. This requires 4 \[mu] 4 = 16
-flows, one for each possible pairing of \fBip_src\fR and \fBip_dst\fR.
-That is acceptable for our small example, but it does not gracefully
-extend to larger sets or greater numbers of dimensions.
-.IP
-The \fBconjunction\fR action is a solution for conjunctive matches
-that is built into Open vSwitch. A \fBconjunction\fR action ties
-groups of individual OpenFlow flows into higher-level ``conjunctive
-flows''. Each group corresponds to one dimension, and each flow
-within the group matches one possible value for the dimension. A
-packet that matches one flow from each group matches the conjunctive
-flow.
-.IP
-To implement a conjunctive flow with \fBconjunction\fR, assign the
-conjunctive flow a 32-bit \fIid\fR, which must be unique within an
-OpenFlow table. Assign each of the \fIn\fR \[>=] 2 dimensions a
-unique number from 1 to \fIn\fR; the ordering is unimportant. Add one
-flow to the OpenFlow flow table for each possible value of each
-dimension with \fBconjunction(\fIid, \fIk\fB/\fIn\fB)\fR as the flow's
-actions, where \fIk\fR is the number assigned to the flow's dimension.
-Together, these flows specify the conjunctive flow's match condition.
-When the conjunctive match condition is met, Open vSwitch looks up one
-more flow that specifies the conjunctive flow's actions and receives
-its statistics. This flow is found by setting \fBconj_id\fR to the
-specified \fIid\fR and then again searching the flow table.
-.IP
-The following flows provide an example. Whenever the IP source is one
-of the values in the flows that match on the IP source (dimension 1 of
-2), \fIand\fR the IP destination is one of the values in the flows
-that match on IP destination (dimension 2 of 2), Open vSwitch searches
-for a flow that matches \fBconj_id\fR against the conjunction ID
-(1234), finding the first flow listed below.
-.RS +1in
-.br
-.B "conj_id=1234 actions=controller"
-.br
-.B "ip,ip_src=10.0.0.1 actions=conjunction(1234, 1/2)"
-.br
-.B "ip,ip_src=10.0.0.4 actions=conjunction(1234, 1/2)"
-.br
-.B "ip,ip_src=10.0.0.6 actions=conjunction(1234, 1/2)"
-.br
-.B "ip,ip_src=10.0.0.7 actions=conjunction(1234, 1/2)"
-.br
-.B "ip,ip_dst=10.0.0.2 actions=conjunction(1234, 2/2)"
-.br
-.B "ip,ip_dst=10.0.0.5 actions=conjunction(1234, 2/2)"
-.br
-.B "ip,ip_dst=10.0.0.7 actions=conjunction(1234, 2/2)"
-.br
-.B "ip,ip_dst=10.0.0.8 actions=conjunction(1234, 2/2)"
-.RE
-.IP
-Many subtleties exist:
-.RS
-.IP \(bu
-In the example above, every flow in a single dimension has the same
-form, that is, dimension 1 matches on \fBip_src\fR, dimension 2 on
-\fBip_dst\fR, but this is not a requirement. Different flows within a
-dimension may match on different bits within a field (e.g. IP network
-prefixes of different lengths, or TCP/UDP port ranges as bitwise
-matches), or even on entirely different fields (e.g. to match packets
-for TCP source port 80 or TCP destination port 80).
-.IP \(bu
-The flows within a dimension can vary their matches across more than
-one field, e.g. to match only specific pairs of IP source and
-destination addresses or L4 port numbers.
-.IP \(bu
-A flow may have multiple \fBconjunction\fR actions, with different
-\fIid\fR values. This is useful for multiple conjunctive flows with
-overlapping sets. If one conjunctive flow matches packets with both
-\fBip_src\fR \[mo] {\fIa\fR,\fIb\fR} and \fBip_dst\fR \[mo]
-{\fId\fR,\fIe\fR} and a second conjunctive flow matches \fBip_src\fR
-\[mo] {\fIb\fR,\fIc\fR} and \fBip_dst\fR \[mo] {\fIf\fR,\fIg\fR}, for
-example, then the flow that matches \fBip_src=\fIb\fR would have two
-\fBconjunction\fR actions, one for each conjunctive flow. The order
-of \fBconjunction\fR actions within a list of actions is not
-significant.
-.IP \(bu
-A flow with \fBconjunction\fR actions may also include \fBnote\fR
-actions for annotations, but not any other kind of actions. (They
-would not be useful because they would never be executed.)
-.IP \(bu
-All of the flows that constitute a conjunctive flow with a given
-\fIid\fR must have the same priority. (Flows with the same \fIid\fR
-but different priorities are currently treated as different
-conjunctive flows, that is, currently \fIid\fR values need only be
-unique within an OpenFlow table at a given priority. This behavior
-isn't guaranteed to stay the same in later releases, so please use
-\fIid\fR values unique within an OpenFlow table.)
-.IP \(bu
-Conjunctive flows must not overlap with each other, at a given
-priority, that is, any given packet must be able to match at most one
-conjunctive flow at a given priority. Overlapping conjunctive flows
-yield unpredictable results.
-.IP \(bu
-Following a conjunctive flow match, the search for the flow with
-\fBconj_id=\fIid\fR is done in the same general-purpose way as other flow
-table searches, so one can use flows with \fBconj_id=\fIid\fR to act
-differently depending on circumstances. (One exception is that the
-search for the \fBconj_id=\fIid\fR flow itself ignores conjunctive flows,
-to avoid recursion.) If the search with \fBconj_id=\fIid\fR fails, Open
-vSwitch acts as if the conjunctive flow had not matched at all, and
-continues searching the flow table for other matching flows.
-.IP \(bu
-OpenFlow prerequisite checking occurs for the flow with
-\fBconj_id=\fIid\fR in the same way as any other flow, e.g. in an
-OpenFlow 1.1+ context, putting a \fBmod_nw_src\fR action into the
-example above would require adding an \fBip\fR match, like this:
-.RS +1in
-.br
-.B "conj_id=1234,ip actions=mod_nw_src:1.2.3.4,controller"
-.br
-.RE
-.IP \(bu
-OpenFlow prerequisite checking also occurs for the individual flows
-that comprise a conjunctive match in the same way as any other flow.
-.IP \(bu
-The flows that constitute a conjunctive flow do not have useful
-statistics. They are never updated with byte or packet counts, and so
-on. (For such a flow, therefore, the idle and hard timeouts work much
-the same way.)
-.IP \(bu
-Conjunctive flows can be a useful building block for negation, that
-is, inequality matches like \fBtcp_src\fR \[!=] 80. To implement an
-inequality match, convert it to a pair of range matches, e.g. 0 \[<=]
-\fBtcp_src\ < 80 and 80 < \fBtcp_src\fR \[<=] 65535, then convert each
-of the range matches into a collection of bitwise matches as explained
-above in the description of \fBtcp_src\fR.
-.IP \(bu
-Sometimes there is a choice of which flows include a particular match.
-For example, suppose that we added an extra constraint to our example,
-to match on \fBip_src\fR \[mo] {\fIa\fR,\fIb\fR,\fIc\fR,\fId\fR} and
-\fBip_dst\fR \[mo] {\fIe\fR,\fIf\fR,\fIg\fR,\fIh\fR} and \fBtcp_dst\fR
-= \fIi\fR. One way to implement this is to add the new constraint to
-the \fBconj_id\fR flow, like this:
-.RS +1in
-.br
-\fBconj_id=1234,tcp,tcp_dst=\fIi\fB actions=mod_nw_src:1.2.3.4,controller\fR
-.br
-.RE
-.IP
-\fIbut this is not recommended\fR because of the cost of the extra
-flow table lookup. Instead, add the constraint to the individual
-flows, either in one of the dimensions or (slightly better) all of
-them.
-.IP \(bu
-A conjunctive match must have \fIn\fR \[>=] 2 dimensions (otherwise a
-conjunctive match is not necessary). Open vSwitch enforces this.
-.IP \(bu
-Each dimension within a conjunctive match should ordinarily have more
-than one flow. Open vSwitch does not enforce this.
-.RE
-.IP
-The \fBconjunction\fR action and \fBconj_id\fR field were introduced
-in Open vSwitch 2.4.
-.RE
-.
+Specifies a comma-separated list of actions to take on a packet when
+the flow entry matches. If no \fIaction\fR is specified, then packets
+matching the flow are dropped. See \fBovs\-actions\fR(7) for details
+on the syntax and semantics of actions.
+K
.PP
An opaque identifier called a cookie can be used as a handle to identify
a set of flows:
of any different flow with the same priority in the same table. (This
check is expensive so it is best to avoid it.)
.
+.IP "\fBreset_counts\fR"
+When this flag is specified on a flow being added to a switch, and the
+switch already has a flow with an identical match, an OpenFlow 1.2 (or
+later) switch resets the flow's packet and byte counters to 0.
+Without the flag, the packet and byte counters are preserved.
+.IP
+OpenFlow 1.0 and 1.1 switches always reset counters in this situation,
+as if \fBreset_counts\fR were always specified.
+.IP
+Open vSwitch 1.10 added support for \fBreset_counts\fR.
+.
+.IP "\fBno_packet_counts\fR"
+.IQ "\fBno_byte_counts\fR"
+Adding these flags to a flow advises an OpenFlow 1.3 (or later) switch
+that the controller does not need packet or byte counters,
+respectively, for the flow. Some switch implementations might achieve
+higher performance or reduce resource consumption when these flags are
+used. These flags provide no benefit to the Open vSwitch software
+switch implementation.
+.IP
+OpenFlow 1.2 and earlier do not support these flags.
+.IP
+Open vSwitch 1.10 added support for \fBno_packet_counts\fR and
+\fBno_byte_counts\fR.
+.
.PP
The \fBdump\-flows\fR, \fBdump\-aggregate\fR, \fBdel\-flow\fR
-and \fBdel\-flows\fR commands support one additional optional field:
+and \fBdel\-flows\fR commands support these additional optional fields:
.
.TP
\fBout_port=\fIport\fR
If set, a matching flow must include an output action to \fIport\fR,
which must be an OpenFlow port number or name (e.g. \fBlocal\fR).
.
+.TP
+\fBout_group=\fIgroup\fR
+If set, a matching flow must include an \fBgroup\fR action naming
+\fIgroup\fR, which must be an OpenFlow group number. This field
+is supported in Open vSwitch 2.5 and later and requires OpenFlow 1.1
+or later.
+.
.SS "Table Entry Output"
.
The \fBdump\-tables\fR and \fBdump\-aggregate\fR commands print information
The integer number of seconds that have passed without any packets
passing through the flow.
.
+.SS "Packet\-Out Syntax"
+.PP
+\fBovs\-ofctl bundle\fR command accepts packet-outs to be specified in
+the bundle file. Each packet-out comprises of a series of
+\fIfield\fB=\fIvalue\fR assignments, separated by commas or white
+space. (Embedding spaces into a packet-out description normally
+requires quoting to prevent the shell from breaking the description
+into multiple arguments.). Unless noted otherwise only the last
+instance of each field is honoured. This same syntax is also
+supported by the \fBovs\-ofctl packet-out\fR command.
+.PP
+.IP \fBin_port=\fIport\fR
+The port number to be considered the in_port when processing actions.
+This can be any valid OpenFlow port number, or any of the \fBLOCAL\fR,
+\fBCONTROLLER\fR, or \fBNONE\fR.
+.
+This field is required.
+
+.IP \fIpipeline_field\fR=\fIvalue\fR
+Optionally, user can specify a list of pipeline fields for a packet-out
+message. The supported pipeline fields includes \fBtunnel fields\fR and
+\fBregister fields\fR as defined in \fBovs\-fields\fR(7).
+
+.IP \fBpacket=\fIhex-string\fR
+The actual packet to send, expressed as a string of hexadecimal bytes.
+.
+This field is required.
+
+.IP \fBactions=\fR[\fIaction\fR][\fB,\fIaction\fR...]\fR
+The syntax of actions are identical to the \fBactions=\fR field
+described in \fBFlow Syntax\fR above. Specifying \fBactions=\fR is
+optional, but omitting actions is interpreted as a drop, so the packet
+will not be sent anywhere from the switch.
+.
+\fBactions\fR must be specified at the end of each line, like for flow mods.
+.RE
+.
.SS "Group Syntax"
.PP
Some \fBovs\-ofctl\fR commands accept an argument that describes a group or
.IP \fBall\fR
Execute all buckets in the group.
.IP \fBselect\fR
-Execute one bucket in the group.
-The switch should select the bucket in such a way that should implement
-equal load sharing is achieved. The switch may optionally select the
-bucket based on bucket weights.
+Execute one bucket in the group, balancing across the buckets
+according to their weights. To select a bucket, for each live bucket,
+Open vSwitch hashes flow data with the bucket ID and multiplies by the
+bucket weight to obtain a ``score,'' and then selects the bucket with
+the highest score. Use \fBselection_method\fR to control the flow
+data used for selection.
.IP \fBindirect\fR
Executes the one bucket in the group.
.IP \fBff\fR
This is a string of 1 to 15 bytes in length known to lower layers.
This field is optional for \fBadd\-group\fR, \fBadd\-groups\fR and
\fBmod\-group\fR commands on groups of type \fBselect\fR. Prohibited
-otherwise. The default value is the empty string.
+otherwise. If no selection method is specified, Open vSwitch up to
+release 2.9 applies the \fBhash\fR method with default fields. From
+2.10 onwards Open vSwitch defaults to the \fBdp_hash\fR method with symmetric
+L3/L4 hash algorithm, unless the weighted group buckets cannot be mapped to
+a maximum of 64 dp_hash values with sufficient accuracy.
+In those rare cases Open vSwitch 2.10 and later fall back to the \fBhash\fR
+method with the default set of hash fields.
+.RS
+.IP \fBdp_hash\fR
+Use a datapath computed hash value. The hash algorithm varies accross
+different datapath implementations. \fBdp_hash\fR uses the upper 32
+bits of the \fBselection_method_param\fR as the datapath hash
+algorithm selector. The supported values are \fB0\fR (corresponding to
+hash computation over the IP 5-tuple) and \fB1\fR (corresponding to a
+\fIsymmetric\fR hash computation over the IP 5-tuple). Selecting specific
+fields with the \fBfields\fR option is not supported with \fBdp_hash\fR).
+The lower 32 bits are used as the hash basis.
+.IP
+Using \fBdp_hash\fR has the advantage that it does not require the
+generated datapath flows to exact match any additional packet header
+fields. For example, even if multiple TCP connections thus hashed to
+different select group buckets have different source port numbers,
+generally all of them would be handled with a small set of already
+established datapath flows, resulting in less latency for TCP SYN
+packets. The downside is that the shared datapath flows must match
+each packet twice, as the datapath hash value calculation happens only
+when needed, and a second match is required to match some bits of its
+value. This double-matching incurs a small additional latency cost
+for each packet, but this latency is orders of magnitude less than the
+latency of creating new datapath flows for new TCP connections.
+.IP \fBhash\fR
+Use a hash computed over the fields specified with the \fBfields\fR
+option, see below. If no hash fields are specified, \fBhash\fR defaults
+to a symmetric hash over the combination of MAC addresses, VLAN tags,
+Ether type, IP addresses and L4 port numbers. \fBhash\fR uses the
+\fBselection_method_param\fR as the hash basis.
+.IP
+Note that the hashed fields become exact matched by the datapath
+flows. For example, if the TCP source port is hashed, the created
+datapath flows will match the specific TCP source port value present
+in the packet received. Since each TCP connection generally has a
+different source port value, a separate datapath flow will be need to
+be inserted for each TCP connection thus hashed to a select group
+bucket.
+.RE
.IP
-This option will use a Netronome OpenFlow extension which is only supported
+This option uses a Netronome OpenFlow extension which is only supported
when using Open vSwitch 2.4 and later with OpenFlow 1.5 and later.
.IP \fBselection_method_param\fR=\fIparam\fR
the \fBselection_method\fR field is specified as a non-empty string.
Prohibited otherwise. The default value is zero.
.IP
-This option will use a Netronome OpenFlow extension which is only supported
+This option uses a Netronome OpenFlow extension which is only supported
when using Open vSwitch 2.4 and later with OpenFlow 1.5 and later.
-.IP \fBfields\fR=\fIparam\fR
+.IP \fBfields\fR=\fIfield\fR
+.IQ \fBfields(\fIfield\fR[\fB=\fImask\fR]\fR...\fB)\fR
The field parameters to selection method selected by the
-\fBselection_method\fR field. The syntax is described in \fBFlow Syntax\fR
-with the additional restrictions that if a value is provided it is
-treated as a wildcard mask and wildcard masks following a slash are
-prohibited. The pre-requisites of fields must be provided by any flows that
-output to the group. The use of the fields is defined by the lower-layer
-that implements the \fBselection_method\fR. They are optional if the
-\fBselection_method\fR field is specified as a non-empty string.
-Prohibited otherwise. The default is no fields.
+\fBselection_method\fR field. The syntax is described in \fBFlow
+Syntax\fR with the additional restrictions that if a value is provided
+it is treated as a wildcard mask and wildcard masks following a slash
+are prohibited. The pre-requisites of fields must be provided by any
+flows that output to the group. The use of the fields is defined by
+the lower-layer that implements the \fBselection_method\fR. They are
+optional if the \fBselection_method\fR field is specified as ``hash',
+prohibited otherwise. The default is no fields.
.IP
This option will use a Netronome OpenFlow extension which is only supported
when using Open vSwitch 2.4 and later with OpenFlow 1.5 and later.
ids when they are not specified.
.IP \fBactions=\fR[\fIaction\fR][\fB,\fIaction\fR...]\fR
The syntax of actions are identical to the \fBactions=\fR field described in
-\fBFlow Syntax\fR above. Specyfing \fBactions=\fR is optional, any unknown
+\fBFlow Syntax\fR above. Specifying \fBactions=\fR is optional, any unknown
bucket parameter will be interpreted as an action.
.IP \fBweight=\fIvalue\fR
The relative weight of the bucket as an integer. This may be used by the switch
Port used to determine liveness of group.
This or the \fBwatch_group\fR field is required
for groups whose \fBtype\fR is \fBff\fR or \fBfast_failover\fR.
+This or the \fBwatch_group\fR field can also be used
+for groups whose \fBtype\fR is \fBselect\fR.
.IP \fBwatch_group=\fIgroup_id\fR
Group identifier of group used to determine liveness of group.
This or the \fBwatch_port\fR field is required
for groups whose \fBtype\fR is \fBff\fR or \fBfast_failover\fR.
+This or the \fBwatch_port\fR field can also be used
+for groups whose \fBtype\fR is \fBselect\fR.
.RE
.
.SS "Meter Syntax"
of each field is honoured.
.PP
.IP \fBmeter=\fIid\fR
-The integer meter id of the meter.
+The identifier for the meter. An integer is used to specify a
+user-defined meter. In addition, the keywords "all", "controller", and
+"slowpath", are also supported as virtual meters. The "controller" and
+"slowpath" virtual meters apply to packets sent to the controller and to
+the OVS userspace, respectively.
+.IP
When this field is specified in \fBdel-meter\fR, \fBdump-meter\fR, or
-\fBmeter-stats\fR, the keyword "all" may be used to designate all meters.
-.
-This field is required, exept for \fBmeter-stats\fR, which dumps all stats
-when this field is not specified.
-
+\fBmeter-stats\fR, the keyword "all" may be used to designate all
+meters. This field is required, except for \fBmeter-stats\fR, which
+dumps all stats when this field is not specified.
.IP \fBkbps\fR
.IQ \fBpktps\fR
-The unit for the meter band rate parameters, either kilobits per second, or
-packets per second, respectively. One of these must be specified. The burst
-size unit corresponds to the rate unit by dropping the "per second", i.e.,
-burst is in units of kilobits or packets, respectively.
+The unit for the \fBrate\fR and \fBburst_size\fR band parameters.
+\fBkbps\fR specifies kilobits per second, and \fBpktps\fR specifies
+packets per second. A unit is required for the \fBadd-meter\fR and
+\fBmod-meter\fR commands.
.IP \fBburst\fR
-Specify burst size for all bands, or none of them, if this flag is not given.
+If set, enables burst support for meter bands through the \fBburst_size\fR
+parameter.
.IP \fBstats\fR
-Collect meter and band statistics.
+If set, enables the collection of meter and band statistics.
.IP \fBbands\fR=\fIband_parameters\fR
The \fBadd-meter\fR and \fBmod-meter\fR commands require at least one
.IP "The other \fIband_parameters\fR are:"
.IP \fBrate=\fIvalue\fR
The relative rate limit for this band, in kilobits per second or packets per
-second, depending on the meter flags defined above.
+second, depending on whether \fBkbps\fR or \fBpktps\fR was specified.
.IP \fBburst_size=\fIsize\fR
-The maximum burst allowed for the band. If \fBpktps\fR is specified,
-then \fIsize\fR is a packet count, otherwise it is in kilobits. If
-unspecified, the switch is free to select some reasonable value
-depending on its configuration.
+If \fBburst\fR is specified for the meter entry, configures the maximum
+burst allowed for the band in kilobits or packets, depending on whether
+\fBkbps\fR or \fBpktps\fR was specified. If unspecified, the switch is
+free to select some reasonable value depending on its configuration.
.RE
.
.SH OPTIONS
\fB\-\-strict\fR
Uses strict matching when running flow modification commands.
.
+.IP "\fB\-\-names\fR"
+.IQ "\fB\-\-no\-names\fR"
+Every OpenFlow port has a name and a number, and every OpenFlow flow
+table has a number and sometimes a name. By default, \fBovs\-ofctl\fR
+commands accept both port and table names and numbers, and they
+display port and table names if \fBovs\-ofctl\fR is running on an
+interactive console, numbers otherwise. With \fB\-\-names\fR,
+\fBovs\-ofctl\fR commands both accept and display port and table
+names; with \fB\-\-no\-names\fR, commands neither accept nor display
+port and table names.
+.IP
+If a port or table name contains special characters or might be
+confused with a keyword within a flow, it may be enclosed in double
+quotes (escaped from the shell). If necessary, JSON-style escape
+sequences may be used inside quotes, as specified in RFC 7159. When
+it displays port and table names, \fBovs\-ofctl\fR quotes any name
+that does not start with a letter followed by letters or digits.
+.IP
+Open vSwitch added support for port names and these options. Open
+vSwitch 2.10 added support for table names. Earlier versions always
+behaved as if \fB\-\-no\-names\fR were specified.
+.IP
+Open vSwitch does not place its own limit on the length of port names,
+but OpenFlow 1.0 to 1.5 limit port names to 15 bytes and OpenFlow 1.6
+limits them to 63 bytes. Because \fRovs\-ofctl\fR uses OpenFlow to
+retrieve the mapping between port names and numbers, names longer than
+this limit will be truncated for both display and acceptance.
+Truncation can also cause long names that are different to appear to
+be the same; when a switch has two ports with the same (truncated)
+name, \fBovs\-ofctl\fR refuses to display or accept the name, using
+the number instead.
+.IP
+OpenFlow and Open vSwitch limit table names to 32 bytes.
+.
+.IP "\fB\-\-stats\fR"
+.IQ "\fB\-\-no\-stats\fR"
+The \fBdump\-flows\fR command by default, or with \fB\-\-stats\fR,
+includes flow duration, packet and byte counts, and idle and hard age
+in its output. With \fB\-\-no\-stats\fR, it omits all of these, as
+well as cookie values and table IDs if they are zero.
+.
+.IP "\fB\-\-read-only\fR"
+Do not execute read/write commands.
+.
.IP "\fB\-\-bundle\fR"
Execute flow mods as an OpenFlow 1.4 atomic bundle transaction.
.RS
.IP "\fBOXM-OpenFlow12\fR"
.IQ "\fBOXM-OpenFlow13\fR"
.IQ "\fBOXM-OpenFlow14\fR"
+.IQ "\fBOXM-OpenFlow15\fR"
+.IQ "\fBOXM-OpenFlow16\fR"
These are the standard OXM (OpenFlow Extensible Match) flow format in
-OpenFlow 1.2, 1.3, and 1.4, respectively.
+OpenFlow 1.2 and later.
.RE
.
.IP
.
.IP "\fB\-P \fIformat\fR"
.IQ "\fB\-\-packet\-in\-format=\fIformat\fR"
-\fBovs\-ofctl\fR supports the following packet_in formats, in order of
+\fBovs\-ofctl\fR supports the following ``packet-in'' formats, in order of
increasing capability:
.RS
-.IP "\fBopenflow10\fR"
-This is the standard OpenFlow 1.0 packet in format. It should be supported by
-all OpenFlow switches.
-.
-.IP "\fBnxm\fR (Nicira Extended Match)"
-This packet_in format includes flow metadata encoded using the NXM format.
+.IP "\fBstandard\fR"
+This uses the \fBOFPT_PACKET_IN\fR message, the standard ``packet-in''
+message for any given OpenFlow version. Every OpenFlow switch that
+supports a given OpenFlow version supports this format.
+.
+.IP "\fBnxt_packet_in\fR"
+This uses the \fBNXT_PACKET_IN\fR message, which adds many of the
+capabilities of the OpenFlow 1.1 and later ``packet-in'' messages
+before those OpenFlow versions were available in Open vSwitch. Open
+vSwitch 1.1 and later support this format. Only Open vSwitch 2.6 and
+later, however, support it for OpenFlow 1.1 and later (but there is
+little reason to use it with those versions of OpenFlow).
+.
+.IP "\fBnxt_packet_in2\fR"
+This uses the \fBNXT_PACKET_IN2\fR message, which is extensible and
+should avoid the need to define new formats later. In particular,
+this format supports passing arbitrary user-provided data to a
+controller using the \fBuserdata\fB option on the \fBcontroller\fR
+action. Open vSwitch 2.6 and later support this format.
.
.RE
.IP
-Usually, \fBovs\-ofctl\fR prefers the \fBnxm\fR packet_in format, but will
-allow the switch to choose its default if \fBnxm\fR is unsupported. When
-\fIformat\fR is one of the formats listed in the above table, \fBovs\-ofctl\fR
-will insist on the selected format. If the switch does not support the
-requested format, \fBovs\-ofctl\fR will report a fatal error. This option only
-affects the \fBmonitor\fR command.
+Without this option, \fBovs\-ofctl\fR prefers \fBnxt_packet_in2\fR if
+the switch supports it. Otherwise, if OpenFlow 1.0 is in use,
+\fBovs\-ofctl\fR prefers \fBnxt_packet_in\fR if the switch supports
+it. Otherwise, \fBovs\-ofctl\fR falls back to the \fBstandard\fR
+packet-in format. When this option is specified, \fBovs\-ofctl\fR
+insists on the selected format. If the switch does not support the
+requested format, \fBovs\-ofctl\fR will report a fatal error.
+.IP
+Before version 2.6, Open vSwitch called \fBstandard\fR format
+\fBopenflow10\fR and \fBnxt_packet_in\fR format \fBnxm\fR, and
+\fBovs\-ofctl\fR still accepts these names as synonyms. (The name
+\fBopenflow10\fR was a misnomer because this format actually varies
+from one OpenFlow version to another; it is not consistently OpenFlow
+1.0 format. Similarly, when \fBnxt_packet_in2\fR was introduced, the
+name \fBnxm\fR became confusing because it also uses OXM/NXM.)
+.
+.IP
+This option affects only the \fBmonitor\fR command.
.
.IP "\fB\-\-timestamp\fR"
Print a timestamp before each received packet. This option only
.IP
These options currently affect only \fBdump\-flows\fR output.
.
+.SS "Daemon Options"
.ds DD \
\fBovs\-ofctl\fR detaches only when executing the \fBmonitor\fR or \
\fBsnoop\fR commands.
.SS "Public Key Infrastructure Options"
.so lib/ssl.man
.so lib/vlog.man
+.so lib/colors.man
.so lib/common.man
.
.SH "RUNTIME MANAGEMENT COMMANDS"
express an OpenFlow message, on the OpenFlow connection. This command
is useful only when executing the \fBmonitor\fR command.
.
+.IP "\fBofctl/packet\-out \fIpacket-out\fR"
+Sends an OpenFlow PACKET_OUT message specified in \fBPacket\-Out
+Syntax\fR, on the OpenFlow connection. See \fBPacket\-Out Syntax\fR
+section for more information. This command is useful only when
+executing the \fBmonitor\fR command.
+.
.IP "\fBofctl/barrier\fR"
Sends an OpenFlow barrier request on the OpenFlow connection and waits
for a reply. This command is useful only for the \fBmonitor\fR
\fBovs\-ofctl dump\-flows br0\fR
Prints the flow entries in the switch.
.
+.TP
+\fBovs\-ofctl add\-flow table=0 actions=learn(table=1,hard_timeout=10, NXM_OF_VLAN_TCI[0..11],output:NXM_OF_IN_PORT[]), resubmit(,1)\fR
+\fBovs\-ofctl add\-flow table=1 priority=0 actions=flood\fR
+Implements a level 2 MAC learning switch using the learn.
+.
+.TP
+\fBovs\-ofctl add\-flow br0 'table=0,priority=0 actions=load:3->NXM_NX_REG0[0..15],learn(table=0,priority=1,idle_timeout=10,NXM_OF_ETH_SRC[],NXM_OF_VLAN_TCI[0..11],output:NXM_NX_REG0[0..15]),output:2\fR
+In this use of a learn action, the first packet from each source MAC
+will be sent to port 2. Subsequent packets will be output to port 3,
+with an idle timeout of 10 seconds. NXM field names and match field
+names are both accepted, e.g. \fBNXM_NX_REG0\fR or \fBreg0\fR for the
+first register, and empty brackets may be omitted.
+.IP
+Additional examples may be found documented as part of related sections.
+.
.SH "SEE ALSO"
.
+.BR ovs\-fields (7),
+.BR ovs\-actions (7),
.BR ovs\-appctl (8),
-.BR ovs\-vswitchd (8)
+.BR ovs\-vswitchd (8),
.BR ovs\-vswitchd.conf.db (8)
projects / mirror_ovs.git / blobdiff