Family ovs_flow
netlink specification¶
Summary¶
OVS flow configuration over generic netlink.
Operations¶
get¶
Get / dump OVS flow configuration and state
- value
3
- attribute-set
flow-attrs
- do
- request
- attributes
[
key
,ufid
,ufid-flags
]
- reply
- attributes
[
key
,ufid
,mask
,stats
,actions
]
- dump
- request
- attributes
[
key
,ufid
,ufid-flags
]
- reply
- attributes
[
key
,ufid
,mask
,stats
,actions
]
new¶
Create OVS flow configuration in a data path
- value
1
- attribute-set
flow-attrs
- do
- request
- attributes
[
key
,ufid
,mask
,actions
]
Multicast groups¶
ovs_flow
Definitions¶
ovs-header¶
- type
struct
- doc
Header for OVS Generic Netlink messages.
- members
- dp-ifindex
ifindex of local port for datapath (0 to make a request not specificto a datapath).
ovs-flow-stats¶
- type
struct
- members
- n-packets
Number of matched packets.
- n-bytes
Number of matched bytes.
ovs-key-ethernet¶
- type
struct
- members
- eth-src
- eth-dst
ovs-key-mpls¶
- type
struct
- members
- mpls-lse
ovs-key-ipv4¶
- type
struct
- members
- ipv4-src
- ipv4-dst
- ipv4-proto
- ipv4-tos
- ipv4-ttl
- ipv4-frag
ovs-key-ipv6¶
- type
struct
- members
- ipv6-src
- ipv6-dst
- ipv6-label
- ipv6-proto
- ipv6-tclass
- ipv6-hlimit
- ipv6-frag
ovs-key-ipv6-exthdrs¶
- type
struct
- members
- hdrs
ovs-frag-type¶
- name-prefix
ovs-frag-type-
- enum-name
ovs-frag-type
- type
enum
- entries
- none
Packet is not a fragment.
- first
Packet is a fragment with offset 0.
- later
Packet is a fragment with nonzero offset.
- any
ovs-key-tcp¶
- type
struct
- members
- tcp-src
- tcp-dst
ovs-key-udp¶
- type
struct
- members
- udp-src
- udp-dst
ovs-key-sctp¶
- type
struct
- members
- sctp-src
- sctp-dst
ovs-key-icmp¶
- type
struct
- members
- icmp-type
- icmp-code
ovs-key-arp¶
- type
struct
- members
- arp-sip
- arp-tip
- arp-op
- arp-sha
- arp-tha
ovs-key-nd¶
- type
struct
- members
- nd_target
- nd-sll
- nd-tll
ovs-key-ct-tuple-ipv4¶
- type
struct
- members
- ipv4-src
- ipv4-dst
- src-port
- dst-port
- ipv4-proto
ovs-action-push-vlan¶
- type
struct
- members
- vlan_tpid
Tag protocol identifier (TPID) to push.
- vlan_tci
Tag control identifier (TCI) to push.
ovs-ufid-flags¶
- name-prefix
ovs-ufid-f-
- enum-name
None
- type
flags
- entries
omit-key
omit-mask
omit-actions
ovs-action-hash¶
- type
struct
- members
- hash-alg
Algorithm used to compute hash prior to recirculation.
- hash-basis
Basis used for computing hash.
ovs-hash-alg¶
- enum-name
ovs-hash-alg
- type
enum
- doc
Data path hash algorithm for computing Datapath hash. The algorithm type only specifiesthe fields in a flow will be used as part of the hash. Each datapath is free to use itsown hash algorithm. The hash value will be opaque to the user space daemon.
- entries
ovs-hash-alg-l4
ovs-action-push-mpls¶
- type
struct
- members
- mpls-lse
MPLS label stack entry to push
- mpls-ethertype
Ethertype to set in the encapsulating ethernet frame. The only valuesethertype should ever be given are ETH_P_MPLS_UC and ETH_P_MPLS_MC,indicating MPLS unicast or multicast. Other are rejected.
ovs-action-add-mpls¶
- type
struct
- members
- mpls-lse
MPLS label stack entry to push
- mpls-ethertype
Ethertype to set in the encapsulating ethernet frame. The only valuesethertype should ever be given are ETH_P_MPLS_UC and ETH_P_MPLS_MC,indicating MPLS unicast or multicast. Other are rejected.
- tun-flags
MPLS tunnel attributes.
ct-state-flags¶
- enum-name
None
- type
flags
- name-prefix
ovs-cs-f-
- entries
- new
Beginning of a new connection.
- established
Part of an existing connenction
- related
Related to an existing connection.
- reply-dir
Flow is in the reply direction.
- invalid
Could not track the connection.
- tracked
Conntrack has occurred.
- src-nat
Packet's source address/port was mangled by NAT.
- dst-nat
Packet's destination address/port was mangled by NAT.
Attribute sets¶
flow-attrs¶
key (nest
)¶
- nested-attributes
key-attrs
- doc
Nested attributes specifying the flow key. Always present innotifications. Required for all requests (except dumps).
actions (nest
)¶
- nested-attributes
action-attrs
- doc
Nested attributes specifying the actions to take for packets thatmatch the key. Always present in notifications. Required forOVS_FLOW_CMD_NEW requests, optional for OVS_FLOW_CMD_SET requests. AnOVS_FLOW_CMD_SET without OVS_FLOW_ATTR_ACTIONS will not modify theactions. To clear the actions, an OVS_FLOW_ATTR_ACTIONS without anynested attributes must be given.
stats (binary
)¶
- struct
ovs-flow-stats
- doc
Statistics for this flow. Present in notifications if the stats wouldbe nonzero. Ignored in requests.
tcp-flags (u8
)¶
- doc
An 8-bit value giving the ORed value of all of the TCP flags seen onpackets in this flow. Only present in notifications for TCP flows, andonly if it would be nonzero. Ignored in requests.
used (u64
)¶
- doc
A 64-bit integer giving the time, in milliseconds on the systemmonotonic clock, at which a packet was last processed for thisflow. Only present in notifications if a packet has been processed forthis flow. Ignored in requests.
clear (flag
)¶
- doc
If present in a OVS_FLOW_CMD_SET request, clears the last-used time,accumulated TCP flags, and statistics for this flow. Otherwiseignored in requests. Never present in notifications.
mask (nest
)¶
- nested-attributes
key-attrs
- doc
Nested attributes specifying the mask bits for wildcarded flowmatch. Mask bit value '1' specifies exact match with correspondingflow key bit, while mask bit value '0' specifies a wildcardedmatch. Omitting attribute is treated as wildcarding all correspondingfields. Optional for all requests. If not present, all flow key bitsare exact match bits.
probe (binary
)¶
- doc
Flow operation is a feature probe, error logging should be suppressed.
ufid (binary
)¶
- doc
A value between 1-16 octets specifying a unique identifier for theflow. Causes the flow to be indexed by this value rather than thevalue of the OVS_FLOW_ATTR_KEY attribute. Optional for allrequests. Present in notifications if the flow was created with thisattribute.
- display-hint
uuid
ufid-flags (u32
)¶
- enum
ovs-ufid-flags
- doc
A 32-bit value of ORed flags that provide alternative semantics forflow installation and retrieval. Optional for all requests.
pad (binary
)¶
key-attrs¶
encap (nest
)¶
- nested-attributes
key-attrs
priority (u32
)¶
in-port (u32
)¶
ethernet (binary
)¶
- struct
ovs-key-ethernet
- doc
struct ovs_key_ethernet
vlan (u16
)¶
- byte-order
big-endian
ethertype (u16
)¶
- byte-order
big-endian
ipv4 (binary
)¶
- struct
ovs-key-ipv4
ipv6 (binary
)¶
- struct
ovs-key-ipv6
- doc
struct ovs_key_ipv6
tcp (binary
)¶
- struct
ovs-key-tcp
udp (binary
)¶
- struct
ovs-key-udp
icmp (binary
)¶
- struct
ovs-key-icmp
icmpv6 (binary
)¶
- struct
ovs-key-icmp
arp (binary
)¶
- struct
ovs-key-arp
- doc
struct ovs_key_arp
nd (binary
)¶
- struct
ovs-key-nd
- doc
struct ovs_key_nd
skb-mark (u32
)¶
tunnel (nest
)¶
- nested-attributes
tunnel-key-attrs
sctp (binary
)¶
- struct
ovs-key-sctp
tcp-flags (u16
)¶
- byte-order
big-endian
dp-hash (u32
)¶
- doc
Value 0 indicates the hash is not computed by the datapath.
recirc-id (u32
)¶
mpls (binary
)¶
- struct
ovs-key-mpls
ct-state (u32
)¶
- enum
ct-state-flags
- enum-as-flags
True
ct-zone (u16
)¶
- doc
connection tracking zone
ct-mark (u32
)¶
- doc
connection tracking mark
ct-labels (binary
)¶
- display-hint
hex
- doc
16-octet connection tracking label
ct-orig-tuple-ipv4 (binary
)¶
- struct
ovs-key-ct-tuple-ipv4
ct-orig-tuple-ipv6 (binary
)¶
- doc
struct ovs_key_ct_tuple_ipv6
nsh (nest
)¶
- nested-attributes
ovs-nsh-key-attrs
packet-type (u32
)¶
- byte-order
big-endian
- doc
Should not be sent to the kernel
nd-extensions (binary
)¶
- doc
Should not be sent to the kernel
tunnel-info (binary
)¶
- doc
struct ip_tunnel_info
ipv6-exthdrs (binary
)¶
- struct
ovs-key-ipv6-exthdrs
- doc
struct ovs_key_ipv6_exthdr
action-attrs¶
output (u32
)¶
- doc
ovs port number in datapath
userspace (nest
)¶
- nested-attributes
userspace-attrs
set (nest
)¶
- nested-attributes
key-attrs
- doc
Replaces the contents of an existing header. The single nested attribute specifies a header to modify and its value.
push-vlan (binary
)¶
- struct
ovs-action-push-vlan
- doc
Push a new outermost 802.1Q or 802.1ad header onto the packet.
pop-vlan (flag
)¶
- doc
Pop the outermost 802.1Q or 802.1ad header from the packet.
sample (nest
)¶
- nested-attributes
sample-attrs
- doc
Probabilistically executes actions, as specified in the nested attributes.
recirc (u32
)¶
- doc
recirc id
hash (binary
)¶
- struct
ovs-action-hash
push-mpls (binary
)¶
- struct
ovs-action-push-mpls
- doc
Push a new MPLS label stack entry onto the top of the packets MPLSlabel stack. Set the ethertype of the encapsulating frame to eitherETH_P_MPLS_UC or ETH_P_MPLS_MC to indicate the new packet contents.
pop-mpls (u16
)¶
- byte-order
big-endian
- doc
ethertype
set-masked (nest
)¶
- nested-attributes
key-attrs
- doc
Replaces the contents of an existing header. A nested attributespecifies a header to modify, its value, and a mask. For every bit setin the mask, the corresponding bit value is copied from the value tothe packet header field, rest of the bits are left unchanged. Thenon-masked value bits must be passed in as zeroes. Masking is notsupported for the OVS_KEY_ATTR_TUNNEL attribute.
ct (nest
)¶
- nested-attributes
ct-attrs
- doc
Track the connection. Populate the conntrack-related entriesin the flow key.
trunc (u32
)¶
- doc
struct ovs_action_trunc is a u32 max length
push-eth (binary
)¶
- doc
struct ovs_action_push_eth
pop-eth (flag
)¶
ct-clear (flag
)¶
push-nsh (nest
)¶
- nested-attributes
ovs-nsh-key-attrs
- doc
Push NSH header to the packet.
pop-nsh (flag
)¶
- doc
Pop the outermost NSH header off the packet.
meter (u32
)¶
- doc
Run packet through a meter, which may drop the packet, or modify thepacket (e.g., change the DSCP field)
clone (nest
)¶
- nested-attributes
action-attrs
- doc
Make a copy of the packet and execute a list of actions withoutaffecting the original packet and key.
check-pkt-len (nest
)¶
- nested-attributes
check-pkt-len-attrs
- doc
Check the packet length and execute a set of actions if greater thanthe specified packet length, else execute another set of actions.
add-mpls (binary
)¶
- struct
ovs-action-add-mpls
- doc
Push a new MPLS label stack entry at the start of the packet or at thestart of the l3 header depending on the value of l3 tunnel flag in thetun_flags field of this OVS_ACTION_ATTR_ADD_MPLS argument.
dec-ttl (nest
)¶
- nested-attributes
dec-ttl-attrs
tunnel-key-attrs¶
id (u64
)¶
- byte-order
big-endian
- value
0
ipv4-src (u32
)¶
- byte-order
big-endian
ipv4-dst (u32
)¶
- byte-order
big-endian
tos (u8
)¶
ttl (u8
)¶
dont-fragment (flag
)¶
csum (flag
)¶
oam (flag
)¶
geneve-opts (binary
)¶
- sub-type
u32
tp-src (u16
)¶
- byte-order
big-endian
tp-dst (u16
)¶
- byte-order
big-endian
vxlan-opts (nest
)¶
- nested-attributes
vxlan-ext-attrs
ipv6-src (binary
)¶
- doc
struct in6_addr source IPv6 address
ipv6-dst (binary
)¶
- doc
struct in6_addr destination IPv6 address
pad (binary
)¶
erspan-opts (binary
)¶
- doc
struct erspan_metadata
ipv4-info-bridge (flag
)¶
check-pkt-len-attrs¶
pkt-len (u16
)¶
actions-if-greater (nest
)¶
- nested-attributes
action-attrs
actions-if-less-equal (nest
)¶
- nested-attributes
action-attrs
sample-attrs¶
probability (u32
)¶
actions (nest
)¶
- nested-attributes
action-attrs
userspace-attrs¶
pid (u32
)¶
userdata (binary
)¶
egress-tun-port (u32
)¶
actions (flag
)¶
ovs-nsh-key-attrs¶
base (binary
)¶
md1 (binary
)¶
md2 (binary
)¶
ct-attrs¶
commit (flag
)¶
zone (u16
)¶
mark (binary
)¶
labels (binary
)¶
helper (string
)¶
nat (nest
)¶
- nested-attributes
nat-attrs
force-commit (flag
)¶
eventmask (u32
)¶
timeout (string
)¶
nat-attrs¶
src (flag
)¶
dst (flag
)¶
ip-min (binary
)¶
ip-max (binary
)¶
proto-min (u16
)¶
proto-max (u16
)¶
persistent (flag
)¶
proto-hash (flag
)¶
proto-random (flag
)¶
dec-ttl-attrs¶
action (nest
)¶
- nested-attributes
action-attrs