* Following the lookup, the original in_port is restored.
*
* If the modified flow matched in the flow table, then the corresponding
- * actions are executed, except that NXAST_RESUBMIT actions found in the
- * secondary set of actions are ignored. Afterward, actions following
- * NXAST_RESUBMIT in the original set of actions, if any, are executed; any
- * changes made to the packet (e.g. changes to VLAN) by secondary actions
- * persist when those actions are executed, although the original in_port
- * is restored.
+ * actions are executed. Afterward, actions following NXAST_RESUBMIT in
+ * the original set of actions, if any, are executed; any changes made to
+ * the packet (e.g. changes to VLAN) by secondary actions persist when
+ * those actions are executed, although the original in_port is restored.
*
* NXAST_RESUBMIT may be used any number of times within a set of actions.
+ *
+ * NXAST_RESUBMIT may nest to an implementation-defined depth. Beyond this
+ * implementation-defined depth, further NXAST_RESUBMIT actions are simply
+ * ignored. (Open vSwitch 1.0.1 and earlier did not support recursion.)
*/
NXAST_RESUBMIT,
- NXAST_SET_TUNNEL /* Set encapsulating tunnel ID. */
+ /* Set encapsulating tunnel ID. */
+ NXAST_SET_TUNNEL,
+
+ /* Stops processing further actions, if the packet being processed is an
+ * Ethernet+IPv4 ARP packet for which the source Ethernet address inside
+ * the ARP packet differs from the source Ethernet address in the Ethernet
+ * header.
+ *
+ * This is useful because OpenFlow does not provide a way to match on the
+ * Ethernet addresses inside ARP packets, so there is no other way to drop
+ * spoofed ARPs other than sending every packet up to the controller. */
+ NXAST_DROP_SPOOFED_ARP
};
/* Action structure for NXAST_RESUBMIT. */