X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=utilities%2Fovs-ofctl.8.in;h=9923715904235ef754267dadea811e09ae92342e;hb=cfc50ae514f805dcd9c14589f21158185424daf6;hp=3fcbe7c6be364150914308a713de2b371ddb1536;hpb=0e19706066f34523854cbce50c05c367e700c451;p=sliver-openvswitch.git diff --git a/utilities/ovs-ofctl.8.in b/utilities/ovs-ofctl.8.in index 3fcbe7c6b..992371590 100644 --- a/utilities/ovs-ofctl.8.in +++ b/utilities/ovs-ofctl.8.in @@ -58,6 +58,10 @@ information on its flow tables and ports. \fBdump\-tables \fIswitch\fR Prints to the console statistics for each of the flow tables used by \fIswitch\fR. +.TP +\fBdump\-table\-features \fIswitch\fR +Prints to the console features for each of the flow tables used by +\fIswitch\fR. . .TP \fBdump\-ports \fIswitch\fR [\fInetdev\fR] @@ -382,7 +386,8 @@ between a switch and its controller. When a switch has more than one controller configured, only the traffic to and from a single controller is output. If none of the controllers is configured as a master or a slave (using a Nicira -extension to OpenFlow), then a controller is chosen arbitrarily among +extension to OpenFlow 1.0 or 1.1, or a standard request in OpenFlow +1.2 or later), then a controller is chosen arbitrarily among them. If there is a master controller, it is chosen; otherwise, if there are any controllers that are not masters or slaves, one is chosen arbitrarily; otherwise, a slave controller is chosen @@ -486,6 +491,21 @@ series of OpenFlow messages in the binary format used on an OpenFlow connection, and prints them to the console. This can be useful for printing OpenFlow messages captured from a TCP stream. . +.IP "\fBofp\-parse\-pcap\fR \fIfile\fR [\fIport\fR...]" +Reads \fIfile\fR, which must be in the PCAP format used by network +capture tools such as \fBtcpdump\fR or \fBwireshark\fR, extracts all +the TCP streams for OpenFlow connections, and prints the OpenFlow +messages in those connections in human-readable format on +\fBstdout\fR. +.IP +OpenFlow connections are distinguished by TCP port number. +Non-OpenFlow packets are ignored. By default, data on TCP ports 6633 +and 6653 are considered to be OpenFlow. Specify one or more +\fIport\fR arguments to override the default. +.IP +This command cannot usefully print SSL encrypted traffic. It does not +understand IPv6. +. .SS "Flow Syntax" .PP Some \fBovs\-ofctl\fR commands accept an argument that describes a flow or @@ -727,33 +747,41 @@ above, the bitwise match forms apply only when \fBdl_type\fR and \fBnw_proto\fR specify TCP or UDP or SCTP. . .IP \fBtcp_flags=\fIflags\fB/\fImask\fR +.IQ \fBtcp_flags=\fR[\fB+\fIflag\fR...][\fB-\fIflag\fR...] Bitwise match on TCP flags. The \fIflags\fR and \fImask\fR are 16-bit numbers written in decimal or in hexadecimal prefixed by \fB0x\fR. Each 1-bit in \fImask\fR requires that the corresponding bit in \fIflags\fR must match. Each 0-bit in \fImask\fR causes the corresponding bit to be ignored. .IP +Alternatively, the flags can be specified by their symbolic names +(listed below), each preceded by either \fB+\fR for a flag that must +be set, or \fB\-\fR for a flag that must be unset, without any other +delimiters between the flags. Flags not mentioned are wildcarded. +For example, \fBtcp,tcp_flags=+syn\-ack\fR matches TCP SYNs that are +not ACKs. +.IP TCP protocol currently defines 9 flag bits, and additional 3 bits are reserved (must be transmitted as zero), see RFCs 793, 3168, and 3540. The flag bits are, numbering from the least significant bit: .RS -.IP "\fB0: FIN\fR" +.IP "\fB0: fin\fR" No more data from sender. -.IP "\fB1: SYN\fR" +.IP "\fB1: syn\fR" Synchronize sequence numbers. -.IP "\fB2: RST\fR" +.IP "\fB2: rst\fR" Reset the connection. -.IP "\fB3: PSH\fR" +.IP "\fB3: psh\fR" Push function. -.IP "\fB4: ACK\fR" +.IP "\fB4: ack\fR" Acknowledgement field significant. -.IP "\fB5: URG\fR" +.IP "\fB5: urg\fR" Urgent pointer field significant. -.IP "\fB6: ECE\fR" +.IP "\fB6: ece\fR" ECN Echo. -.IP "\fB7: CWR\fR" +.IP "\fB7: cwr\fR" Congestion Windows Reduced. -.IP "\fB8: NS\fR" +.IP "\fB8: ns\fR" Nonce Sum. .IP "\fB9-11:\fR" Reserved. @@ -922,12 +950,32 @@ The \fBip_frag\fR match type is likely to be most useful in \fBnx\-match\fR mode. See the description of the \fBset\-frags\fR command, above, for more details. . +.IP \fBarp_spa=\fIip\fR[\fB/\fInetmask\fR] +.IQ \fBarp_tpa=\fIip\fR[\fB/\fInetmask\fR] +When \fBdl_type\fR specifies either ARP or RARP, \fBarp_spa\fR and +\fBarp_tpa\fR match the source and target IPv4 address, respectively. +An address may be specified as an IP address or host name +(e.g. \fB192.168.1.1\fR or \fBwww.example.com\fR). The optional +\fInetmask\fR allows restricting a match to an IPv4 address prefix. +The netmask may be specified as a dotted quad +(e.g. \fB192.168.1.0/255.255.255.0\fR) or as a CIDR block +(e.g. \fB192.168.1.0/24\fR). +. .IP \fBarp_sha=\fIxx\fB:\fIxx\fB:\fIxx\fB:\fIxx\fB:\fIxx\fB:\fIxx\fR .IQ \fBarp_tha=\fIxx\fB:\fIxx\fB:\fIxx\fB:\fIxx\fB:\fIxx\fB:\fIxx\fR When \fBdl_type\fR specifies either ARP or RARP, \fBarp_sha\fR and \fBarp_tha\fR match the source and target hardware address, respectively. An -address is specified as 6 pairs of hexadecimal digits delimited by colons. +address is specified as 6 pairs of hexadecimal digits delimited by colons +(e.g. \fB00:0A:E4:25:6B:B0\fR). +. +.IP \fBarp_sha=\fIxx\fB:\fIxx\fB:\fIxx\fB:\fIxx\fB:\fIxx\fB:\fIxx\fB/\fIxx\fB:\fIxx\fB:\fIxx\fB:\fIxx\fB:\fIxx\fB:\fIxx\fR +.IQ \fBarp_tha=\fIxx\fB:\fIxx\fB:\fIxx\fB:\fIxx\fB:\fIxx\fB:\fIxx\fB/\fIxx\fB:\fIxx\fB:\fIxx\fB:\fIxx\fB:\fIxx\fB:\fIxx\fR +When \fBdl_type\fR specifies either ARP or RARP, \fBarp_sha\fR and +\fBarp_tha\fR match the source and target hardware address, respectively. An +address is specified as 6 pairs of hexadecimal digits delimited by colons +(e.g. \fB00:0A:E4:25:6B:B0\fR), with a wildcard mask following the slash. . + .IP \fBipv6_src=\fIipv6\fR[\fB/\fInetmask\fR] .IQ \fBipv6_dst=\fIipv6\fR[\fB/\fInetmask\fR] When \fBdl_type\fR is 0x86dd (possibly via shorthand, e.g., \fBipv6\fR @@ -966,6 +1014,30 @@ Neighbor Advertisement (ICMPv6 type 136), matches the target link\-layer address option. An address is specified as 6 pairs of hexadecimal digits delimited by colons. . +.IP \fBmpls_bos=\fIbos\fR +When \fBdl_type\fR is 0x8847 or 0x8848 (possibly via shorthand e.g., +\fBmpls\fR or \fBmplsm\fR), matches the bottom-of-stack bit of the +outer-most MPLS label stack entry. Valid values are 0 and 1. +.IP +If 1 then for a packet with a well-formed MPLS label stack the +bottom-of-stack bit indicates that the outer label stack entry is also +the inner-most label stack entry and thus that is that there is only one +label stack entry present. Conversely, if 0 then for a packet with a +well-formed MPLS label stack the bottom-of-stack bit indicates that the +outer label stack entry is not the inner-most label stack entry and +thus there is more than one label stack entry present. +. +.IP \fBmpls_label=\fIlabel\fR +When \fBdl_type\fR is 0x8847 or 0x8848 (possibly via shorthand e.g., +\fBmpls\fR or \fBmplsm\fR), matches the label of the outer +MPLS label stack entry. The label is a 20-bit value that is decimal by default; +use a \fB0x\fR prefix to specify them in hexadecimal. +. +.IP \fBmpls_tc=\fItc\fR +When \fBdl_type\fR is 0x8847 or 0x8848 (possibly via shorthand e.g., +\fBmpls\fR or \fBmplsm\fR), matches the traffic-class of the outer +MPLS label stack entry. Valid values are between 0 (lowest) and 7 (highest). +. .IP \fBtun_id=\fItunnel-id\fR[\fB/\fImask\fR] .IQ \fBtunnel_id=\fItunnel-id\fR[\fB/\fImask\fR] Matches tunnel identifier \fItunnel-id\fR. Only packets that arrive @@ -1035,31 +1107,28 @@ command to be used as input for other commands that parse flows. The \fBadd\-flow\fR, \fBadd\-flows\fR, and \fBmod\-flows\fR commands require an additional field, which must be the final field specified: . -.IP \fBactions=\fR[\fItarget\fR][\fB,\fItarget\fR...]\fR +.IP \fBactions=\fR[\fIaction\fR][\fB,\fIaction\fR...]\fR Specifies a comma-separated list of actions to take on a packet when the -flow entry matches. If no \fItarget\fR is specified, then packets -matching the flow are dropped. The \fItarget\fR may be an OpenFlow port -number designating the physical port on which to output the packet, or one -of the following keywords: +flow entry matches. If no \fIaction\fR is specified, then packets +matching the flow are dropped. The following forms of \fIaction\fR +are supported: . .RS -.IP \fBoutput:\fIport\fR -Outputs the packet to \fIport\fR, which must be an OpenFlow port -number or keyword (e.g. \fBLOCAL\fR). +.IP \fIport\fR +.IQ \fBoutput:\fIport\fR +Outputs the packet to OpenFlow port number \fIport\fR. If \fIport\fR +is the packet's input port, the packet is not output. . .IP \fBoutput:\fIsrc\fB[\fIstart\fB..\fIend\fB] Outputs the packet to the OpenFlow port number read from \fIsrc\fR, which must be an NXM field as described above. For example, \fBoutput:NXM_NX_REG0[16..31]\fR outputs to the OpenFlow port number -written in the upper half of register 0. This form of \fBoutput\fR -uses an OpenFlow extension that is not supported by standard OpenFlow -switches. -. -.IP \fBenqueue:\fIport\fB:\fIqueue\fR -Enqueues the packet on the specified \fIqueue\fR within port -\fIport\fR, which must be an OpenFlow port number or keyword -(e.g. \fBLOCAL\fR).. The number of supported queues depends on the -switch; some OpenFlow implementations do not support queuing at all. +written in the upper half of register 0. If the port number is the +packet's input port, the packet is not output. +.IP +This form of \fBoutput\fR was added in Open vSwitch 1.3.0. This form +of \fBoutput\fR uses an OpenFlow extension that is not supported by +standard OpenFlow switches. . .IP \fBnormal\fR Subjects the packet to the device's normal L2/L3 processing. (This @@ -1075,6 +1144,13 @@ tree protocol). Outputs the packet on all switch physical ports other than the port on which it was received. . +.IP \fBlocal\fR +Outputs the packet on the ``local port,'' which corresponds to the +network device that has the same name as the bridge. +. +.IP \fBin_port\fR +Outputs the packet on the port from which it was received. +. .IP \fBcontroller(\fIkey\fB=\fIvalue\fR...\fB) Sends the packet to the OpenFlow controller as a ``packet in'' message. The supported key-value pairs are: @@ -1095,6 +1171,7 @@ controller connection will only have a nonzero connection ID if its controller uses the \fBNXT_SET_CONTROLLER_ID\fR Nicira extension to OpenFlow. .RE +.IP Any \fIreason\fR other than \fBaction\fR and any nonzero \fIcontroller-id\fR uses a Nicira vendor extension that, as of this writing, is only known to be implemented by Open vSwitch (version 1.6 @@ -1105,12 +1182,11 @@ or later). Shorthand for \fBcontroller()\fR or \fBcontroller(max_len=\fInbytes\fB)\fR, respectively. . -.IP \fBlocal\fR -Outputs the packet on the ``local port,'' which corresponds to the -network device that has the same name as the bridge. -. -.IP \fBin_port\fR -Outputs the packet on the port from which it was received. +.IP \fBenqueue(\fIport\fB,\fIqueue\fB)\fR +Enqueues the packet on the specified \fIqueue\fR within port +\fIport\fR, which must be an OpenFlow port number or keyword +(e.g. \fBLOCAL\fR). The number of supported queues depends on the +switch; some OpenFlow implementations do not support queuing at all. . .IP \fBdrop\fR Discards the packet, so no further processing or forwarding takes place. @@ -1138,14 +1214,14 @@ allows isn't supported at the moment.) A priority of zero and the tag of zero are used for the new tag. . .IP \fBpush_mpls\fR:\fIethertype\fR -If the packet does not already contain any MPLS labels, changes the -packet's Ethertype to \fIethertype\fR, which must be either the MPLS -unicast Ethertype \fB0x8847\fR or the MPLS multicast Ethertype -\fB0x8848\fR, and then pushes an initial label stack entry. The label -stack entry's default label is 2 if the packet contains IPv6 and 0 -otherwise, its default traffic control value is the low 3 bits of the -packet's DSCP value (0 if the packet is not IP), and its TTL is copied -from the IP TTL (64 if the packet is not IP). +Changes the packet's Ethertype to \fIethertype\fR, which must be either +\fB0x8847\fR or \fB0x8848\fR, and pushes an MPLS LSE. +.IP +If the packet does not already contain any MPLS labels then an initial +label stack entry is pushed. The label stack entry's label is 2 if the +packet contains IPv6 and 0 otherwise, its default traffic control value is +the low 3 bits of the packet's DSCP value (0 if the packet is not IP), and +its TTL is copied from the IP TTL (64 if the packet is not IP). .IP If the packet does already contain an MPLS label, pushes a new outermost label as a copy of the existing outermost label. @@ -1252,6 +1328,15 @@ invalid ttl packets. If controller ids are not specified, the ``packet_in'' message will be sent only to the controllers having controller id zero which have registered for the invalid ttl packets. . +.IP \fBset_mpls_label\fR:\fIlabel\fR +Set the label of the outer MPLS label stack entry of a packet. +\fIlabel\fR should be a 20-bit value that is decimal by default; +use a \fB0x\fR prefix to specify them in hexadecimal. +. +.IP \fBset_mpls_tc\fR:\fItc\fR +Set the traffic-class of the outer MPLS label stack entry of a packet. +\fItc\fR should be a in the range 0 to 7 inclusive. +. .IP \fBset_mpls_ttl\fR:\fIttl\fR Set the TTL of the outer MPLS label stack entry of a packet. \fIttl\fR should be in the range 0 to 255 inclusive. @@ -1318,7 +1403,7 @@ value just popped. Writes the literal \fIvalue\fR into the field \fIdst\fR, which should be specified as a name used for matching. (This is similar to \fBload\fR but more closely matches the set-field action defined in -Open Flow 1.2 and above.) +OpenFlow 1.2 and above.) . .IP Example: \fBset_field:00:11:22:33:44:55->eth_src\fR. @@ -1894,6 +1979,11 @@ format. .IQ "\fBOXM-OpenFlow13\fR" These are the standard OXM (OpenFlow Extensible Match) flow format in OpenFlow 1.2 and 1.3, respectively. +.IP "\fBOXM-OpenFlow14\fR" +The standard OXM (OpenFlow Extensible Match) flow format in OpenFlow +1.4. OpenFlow 1.4 is not yet well supported; in particular, the +implementation is unsafe, such that sending an unsupported message in +OpenFlow 1.4 to \fBovs\-vswitchd\fR can cause it to crash. .RE . .IP @@ -1901,13 +1991,15 @@ OpenFlow 1.2 and 1.3, respectively. collections of flow formats: .RS .IP "\fBany\fR" -Any supported flow format. +Any supported flow format except \fBOXM-OpenFlow14\fR, which is not +yet well supported (see above). .IP "\fBOpenFlow10\fR" \fBOpenFlow10\-table_id\fR or \fBOpenFlow10+table_id\fR. .IP "\fBNXM\fR" \fBNXM\-table_id\fR or \fBNXM+table_id\fR. .IP "\fBOXM\fR" -\fBOXM-OpenFlow12\fR or \fBOXM-OpenFlow13\fR. +\fBOXM-OpenFlow12\fR or \fBOXM-OpenFlow13\fR. \fBOXM-OpenFlow14\fR is +not included because it is not yet well supported (see above). .RE . .IP @@ -1945,7 +2037,8 @@ affects the \fBmonitor\fR command. . .IP "\fB\-\-timestamp\fR" Print a timestamp before each received packet. This option only -affects the \fBmonitor\fR and \fBsnoop\fR commands. +affects the \fBmonitor\fR, \fBsnoop\fR, and \fBofp\-parse\-pcap\fR +commands. . .IP "\fB\-m\fR" .IQ "\fB\-\-more\fR" @@ -2029,6 +2122,5 @@ Prints the flow entries in the switch. .SH "SEE ALSO" . .BR ovs\-appctl (8), -.BR ovs\-controller (8), .BR ovs\-vswitchd (8) .BR ovs\-vswitchd.conf.db (8)