X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=vswitchd%2Fvswitch.xml;h=4cc29da03b7f975bc86c6cf27f0feadacf6e3a17;hb=e16a28b5854823e2d67099d49f7690235162b555;hp=7b7a1ac928666a8399fa1e1d8bb84c872af204af;hpb=e58de0e38647f0ee62a8862e3565e5b788a03a7e;p=sliver-openvswitch.git

diff --git a/vswitchd/vswitch.xml b/vswitchd/vswitch.xml
index 7b7a1ac92..4cc29da03 100644
--- a/vswitchd/vswitch.xml
+++ b/vswitchd/vswitch.xml
@@ -28,12 +28,6 @@
         choose key names that are likely to be unique.  The currently
         defined common key-value pairs are:
         <dl>
-          <dt><code>system-type</code></dt>
-          <dd>An identifier for the switch type, such as
-            <code>XenServer</code> or <code>KVM</code>.</dd>
-          <dt><code>system-version</code></dt>
-          <dd>The version of the switch software, such as
-            <code>5.6.0</code> on XenServer.</dd>
           <dt><code>system-id</code></dt>
           <dd>A unique identifier for the Open vSwitch's physical host.
             The form of the identifier depends on the type of the host.
@@ -201,6 +195,65 @@
       </column>
     </group>
 
+    <group title="Version Reporting">
+      <p>
+	These columns report the types and versions of the hardware and
+	software running Open vSwitch.  We recommend in general that software
+	should test whether specific features are supported instead of relying
+	on version number checks.  These values are primarily intended for
+	reporting to human administrators.
+      </p>
+
+      <column name="ovs_version">
+	The Open vSwitch version number, e.g. <code>1.1.0pre2</code>.
+	If Open vSwitch was configured with a build number, then it is
+	also included, e.g. <code>1.1.0pre2+build4948</code>.
+      </column>
+
+      <column name="db_version">
+	<p>
+          The database schema version number in the form
+          <code><var>major</var>.<var>minor</var>.<var>tweak</var></code>,
+          e.g. <code>1.2.3</code>.  Whenever the database schema is changed in
+          a non-backward compatible way (e.g. deleting a column or a table),
+          <var>major</var> is incremented.  When the database schema is changed
+          in a backward compatible way (e.g. adding a new column),
+          <var>minor</var> is incremented.  When the database schema is changed
+          cosmetically (e.g. reindenting its syntax), <var>tweak</var> is
+          incremented.
+        </p>
+
+        <p>
+          The schema version is part of the database schema, so it can also be
+          retrieved by fetching the schema using the Open vSwitch database
+          protocol.
+        </p>
+      </column>
+
+      <column name="system_type">
+        <p>
+	  An identifier for the type of system on top of which Open vSwitch
+	  runs, e.g. <code>XenServer</code> or <code>KVM</code>.
+	</p>
+	<p>
+	  System integrators are responsible for choosing and setting an
+	  appropriate value for this column.
+	</p>
+      </column>
+
+      <column name="system_version">
+        <p>
+	  The version of the system identified by <ref column="system_type"/>,
+	  e.g. <code>5.5.0-24648p</code> on XenServer 5.5.0 build 24648.
+	</p>
+	<p>
+	  System integrators are responsible for choosing and setting an
+	  appropriate value for this column.
+	</p>
+      </column>
+	
+    </group>
+
     <group title="Database Configuration">
       <p>
         These columns primarily configure the Open vSwitch database
@@ -702,9 +755,100 @@
                 bypass certain components of the IP stack (such as IP tables)
                 and it may be useful to disable it if these features are
                 required or as a debugging measure.  Default is enabled, set to
-                <code>false</code> to disable.  If IPsec is enabled through the
-                <ref column="other_config"/> parameters, header caching will be
-                automatically disabled.</dd>
+                <code>false</code> to disable.</dd>
+            </dl>
+          </dd>
+          <dt><code>ipsec_gre</code></dt>
+          <dd>An Ethernet over RFC 2890 Generic Routing Encapsulation over
+             IPv4 IPsec tunnel.  Each tunnel (including those of type
+             <code>gre</code>) must be uniquely identified by the
+             combination of <code>remote_ip</code> and
+             <code>local_ip</code>.  Note that if two ports are defined
+             that are the same except one has an optional identifier and
+             the other does not, the more specific one is matched first.
+             The following options may be specified in the 
+             <ref column="options"/> column:
+            <dl>
+              <dt><code>remote_ip</code></dt>
+              <dd>Required.  The tunnel endpoint.</dd>
+            </dl>
+            <dl>
+              <dt><code>local_ip</code></dt>
+              <dd>Optional.  The destination IP that received packets must
+                match.  Default is to match all addresses.</dd>
+            </dl>
+            <dl>
+              <dt><code>ipsec_psk</code></dt>
+              <dd>Required.  Specifies a pre-shared key for authentication 
+                that must be identical on both sides of the tunnel.</dd>
+            </dl>
+            <dl>
+              <dt><code>in_key</code></dt>
+              <dd>Optional.  The GRE key that received packets must contain.
+                It may either be a 32-bit number (no key and a key of 0 are
+                treated as equivalent) or the word <code>flow</code>.  If
+                <code>flow</code> is specified then any key will be accepted
+                and the key will be placed in the <code>tun_id</code> field
+                for matching in the flow table.  The ovs-ofctl manual page
+                contains additional information about matching fields in
+                OpenFlow flows.  Default is no key.</dd>
+            </dl>
+            <dl>
+              <dt><code>out_key</code></dt>
+              <dd>Optional.  The GRE key to be set on outgoing packets.  It may
+                either be a 32-bit number or the word <code>flow</code>.  If
+                <code>flow</code> is specified then the key may be set using
+                the <code>set_tunnel</code> Nicira OpenFlow vendor extension (0
+                is used in the absence of an action).  The ovs-ofctl manual
+                page contains additional information about the Nicira OpenFlow
+                vendor extensions.  Default is no key.</dd>
+            </dl>
+            <dl>
+              <dt><code>key</code></dt>
+              <dd>Optional.  Shorthand to set <code>in_key</code> and
+                <code>out_key</code> at the same time.</dd>
+            </dl>
+            <dl>
+              <dt><code>tos</code></dt>
+              <dd>Optional.  The value of the ToS bits to be set on the
+                encapsulating packet.  It may also be the word
+                <code>inherit</code>, in which case the ToS will be copied from
+                the inner packet if it is IPv4 or IPv6 (otherwise it will be
+                0).  Note that the ECN fields are always inherited.  Default is
+                0.</dd>
+            </dl>
+            <dl>
+              <dt><code>ttl</code></dt>
+              <dd>Optional.  The TTL to be set on the encapsulating packet.
+                It may also be the word <code>inherit</code>, in which case the
+                TTL will be copied from the inner packet if it is IPv4 or IPv6
+                (otherwise it will be the system default, typically 64).
+                Default is the system default TTL.</dd>
+            </dl>
+            <dl>
+              <dt><code>csum</code></dt>
+              <dd>Optional.  Compute GRE checksums on outgoing packets.
+                Checksums present on incoming packets will be validated
+                regardless of this setting.  Note that GRE checksums
+                impose a significant performance penalty as they cover the
+                entire packet.  As the contents of the packet is typically
+                covered by L3 and L4 checksums, this additional checksum only
+                adds value for the GRE and encapsulated Ethernet headers.
+                Default is disabled, set to <code>true</code> to enable.</dd>
+            </dl>
+            <dl>
+              <dt><code>pmtud</code></dt>
+              <dd>Optional.  Enable tunnel path MTU discovery.  If enabled
+                ``ICMP destination unreachable - fragmentation'' needed
+                messages will be generated for IPv4 packets with the DF bit set
+                and IPv6 packets above the minimum MTU if the packet size
+                exceeds the path MTU minus the size of the tunnel headers.  It
+                also forces the encapsulating packet DF bit to be set (it is
+                always set if the inner packet implies path MTU discovery).
+                Note that this option causes behavior that is typically
+                reserved for routers and therefore is not entirely in
+                compliance with the IEEE 802.1D specification for bridges.
+                Default is enabled, set to <code>false</code> to disable.</dd>
             </dl>
           </dd>
           <dt><code>capwap</code></dt>
@@ -938,23 +1082,7 @@
 
       <column name="other_config">
         Key-value pairs for rarely used interface features.  Currently,
-        the only keys are for configuring GRE-over-IPsec, which is only
-        available through the <code>openvswitch-ipsec</code> package for
-        Debian.  The currently defined key-value pairs are:
-        <dl>
-          <dt><code>ipsec_local_ip</code></dt>
-          <dd>Required key for GRE-over-IPsec interfaces.  Additionally,
-            the <ref column="type"/> must be <code>gre</code> and the
-            <code>ipsec_psk</code> <ref column="other_config"/> key must
-            be set.  The <code>in_key</code>, <code>out_key</code>, and
-            <code>key</code> <ref column="options"/> must not be
-            set.</dd>
-          <dt><code>ipsec_psk</code></dt>
-          <dd>Required key for GRE-over-IPsec interfaces.  Specifies a
-            pre-shared key for authentication that must be identical on
-            both sides of the tunnel.  Additionally, the
-            <code>ipsec_local_ip</code> key must also be set.</dd>
-        </dl>
+        there are none defined.
       </column>
 
       <column name="statistics">