xref: /linux/Documentation/netlink/specs/ovs_flow.yaml (revision 221013afb459e5deb8bd08e29b37050af5586d1c)
1# SPDX-License-Identifier: ((GPL-2.0 WITH Linux-syscall-note) OR BSD-3-Clause)
2
3name: ovs_flow
4version: 1
5protocol: genetlink-legacy
6uapi-header: linux/openvswitch.h
7
8doc:
9  OVS flow configuration over generic netlink.
10
11definitions:
12  -
13    name: ovs-header
14    type: struct
15    doc: |
16      Header for OVS Generic Netlink messages.
17    members:
18      -
19        name: dp-ifindex
20        type: u32
21        doc: |
22          ifindex of local port for datapath (0 to make a request not specific
23          to a datapath).
24  -
25    name: ovs-flow-stats
26    type: struct
27    members:
28      -
29        name: n-packets
30        type: u64
31        doc: Number of matched packets.
32      -
33        name: n-bytes
34        type: u64
35        doc: Number of matched bytes.
36  -
37    name: ovs-key-ethernet
38    type: struct
39    members:
40      -
41        name: eth-src
42        type: binary
43        len: 6
44        display-hint: mac
45      -
46        name: eth-dst
47        type: binary
48        len: 6
49        display-hint: mac
50  -
51    name: ovs-key-mpls
52    type: struct
53    members:
54      -
55        name: mpls-lse
56        type: u32
57        byte-order: big-endian
58  -
59    name: ovs-key-ipv4
60    type: struct
61    members:
62      -
63        name: ipv4-src
64        type: u32
65        byte-order: big-endian
66        display-hint: ipv4
67      -
68        name: ipv4-dst
69        type: u32
70        byte-order: big-endian
71        display-hint: ipv4
72      -
73        name: ipv4-proto
74        type: u8
75      -
76        name: ipv4-tos
77        type: u8
78      -
79        name: ipv4-ttl
80        type: u8
81      -
82        name: ipv4-frag
83        type: u8
84        enum: ovs-frag-type
85  -
86    name: ovs-key-ipv6
87    type: struct
88    members:
89      -
90        name: ipv6-src
91        type: binary
92        len: 16
93        byte-order: big-endian
94        display-hint: ipv6
95      -
96        name: ipv6-dst
97        type: binary
98        len: 16
99        byte-order: big-endian
100        display-hint: ipv6
101      -
102        name: ipv6-label
103        type: u32
104        byte-order: big-endian
105      -
106        name: ipv6-proto
107        type: u8
108      -
109        name: ipv6-tclass
110        type: u8
111      -
112        name: ipv6-hlimit
113        type: u8
114      -
115        name: ipv6-frag
116        type: u8
117  -
118    name: ovs-key-ipv6-exthdrs
119    type: struct
120    members:
121      -
122        name: hdrs
123        type: u16
124  -
125    name: ovs-frag-type
126    name-prefix: ovs-frag-type-
127    enum-name: ovs-frag-type
128    type: enum
129    entries:
130      -
131        name: none
132        doc: Packet is not a fragment.
133      -
134        name: first
135        doc: Packet is a fragment with offset 0.
136      -
137        name: later
138        doc: Packet is a fragment with nonzero offset.
139      -
140        name: any
141        value: 255
142  -
143    name: ovs-key-tcp
144    type: struct
145    members:
146      -
147        name: tcp-src
148        type: u16
149        byte-order: big-endian
150      -
151        name: tcp-dst
152        type: u16
153        byte-order: big-endian
154  -
155    name: ovs-key-udp
156    type: struct
157    members:
158      -
159        name: udp-src
160        type: u16
161        byte-order: big-endian
162      -
163        name: udp-dst
164        type: u16
165        byte-order: big-endian
166  -
167    name: ovs-key-sctp
168    type: struct
169    members:
170      -
171        name: sctp-src
172        type: u16
173        byte-order: big-endian
174      -
175        name: sctp-dst
176        type: u16
177        byte-order: big-endian
178  -
179    name: ovs-key-icmp
180    type: struct
181    members:
182      -
183        name: icmp-type
184        type: u8
185      -
186        name: icmp-code
187        type: u8
188  -
189    name: ovs-key-arp
190    type: struct
191    members:
192      -
193        name: arp-sip
194        type: u32
195        byte-order: big-endian
196      -
197        name: arp-tip
198        type: u32
199        byte-order: big-endian
200      -
201        name: arp-op
202        type: u16
203        byte-order: big-endian
204      -
205        name: arp-sha
206        type: binary
207        len: 6
208        display-hint: mac
209      -
210        name: arp-tha
211        type: binary
212        len: 6
213        display-hint: mac
214  -
215    name: ovs-key-nd
216    type: struct
217    members:
218      -
219        name: nd_target
220        type: binary
221        len: 16
222        byte-order: big-endian
223      -
224        name: nd-sll
225        type: binary
226        len: 6
227        display-hint: mac
228      -
229        name: nd-tll
230        type: binary
231        len: 6
232        display-hint: mac
233  -
234    name: ovs-key-ct-tuple-ipv4
235    type: struct
236    members:
237      -
238        name: ipv4-src
239        type: u32
240        byte-order: big-endian
241      -
242        name: ipv4-dst
243        type: u32
244        byte-order: big-endian
245      -
246        name: src-port
247        type: u16
248        byte-order: big-endian
249      -
250        name: dst-port
251        type: u16
252        byte-order: big-endian
253      -
254        name: ipv4-proto
255        type: u8
256  -
257    name: ovs-action-push-vlan
258    type: struct
259    members:
260      -
261        name: vlan_tpid
262        type: u16
263        byte-order: big-endian
264        doc: Tag protocol identifier (TPID) to push.
265      -
266        name: vlan_tci
267        type: u16
268        byte-order: big-endian
269        doc: Tag control identifier (TCI) to push.
270  -
271    name: ovs-ufid-flags
272    name-prefix: ovs-ufid-f-
273    enum-name:
274    type: flags
275    entries:
276      - omit-key
277      - omit-mask
278      - omit-actions
279  -
280    name: ovs-action-hash
281    type: struct
282    members:
283      -
284        name: hash-alg
285        type: u32
286        doc: Algorithm used to compute hash prior to recirculation.
287      -
288        name: hash-basis
289        type: u32
290        doc: Basis used for computing hash.
291  -
292    name: ovs-hash-alg
293    enum-name: ovs-hash-alg
294    type: enum
295    doc: |
296      Data path hash algorithm for computing Datapath hash. The algorithm type only specifies
297      the fields in a flow will be used as part of the hash. Each datapath is free to use its
298      own hash algorithm. The hash value will be opaque to the user space daemon.
299    entries:
300      - ovs-hash-alg-l4
301
302  -
303    name: ovs-action-push-mpls
304    type: struct
305    members:
306      -
307        name: mpls-lse
308        type: u32
309        byte-order: big-endian
310        doc: |
311          MPLS label stack entry to push
312      -
313        name: mpls-ethertype
314        type: u32
315        byte-order: big-endian
316        doc: |
317          Ethertype to set in the encapsulating ethernet frame.  The only values
318          ethertype should ever be given are ETH_P_MPLS_UC and ETH_P_MPLS_MC,
319          indicating MPLS unicast or multicast. Other are rejected.
320  -
321    name: ovs-action-add-mpls
322    type: struct
323    members:
324      -
325        name: mpls-lse
326        type: u32
327        byte-order: big-endian
328        doc: |
329          MPLS label stack entry to push
330      -
331        name: mpls-ethertype
332        type: u32
333        byte-order: big-endian
334        doc: |
335          Ethertype to set in the encapsulating ethernet frame.  The only values
336          ethertype should ever be given are ETH_P_MPLS_UC and ETH_P_MPLS_MC,
337          indicating MPLS unicast or multicast. Other are rejected.
338      -
339        name: tun-flags
340        type: u16
341        doc: |
342          MPLS tunnel attributes.
343  -
344    name: ct-state-flags
345    enum-name:
346    type: flags
347    name-prefix: ovs-cs-f-
348    entries:
349      -
350        name: new
351        doc: Beginning of a new connection.
352      -
353        name: established
354        doc: Part of an existing connenction
355      -
356        name: related
357        doc: Related to an existing connection.
358      -
359        name: reply-dir
360        doc: Flow is in the reply direction.
361      -
362        name: invalid
363        doc: Could not track the connection.
364      -
365        name: tracked
366        doc: Conntrack has occurred.
367      -
368        name: src-nat
369        doc: Packet's source address/port was mangled by NAT.
370      -
371        name: dst-nat
372        doc: Packet's destination address/port was mangled by NAT.
373
374attribute-sets:
375  -
376    name: flow-attrs
377    enum-name: ovs-flow-attr
378    name-prefix: ovs-flow-attr-
379    attributes:
380      -
381        name: key
382        type: nest
383        nested-attributes: key-attrs
384        doc: |
385          Nested attributes specifying the flow key. Always present in
386          notifications. Required for all requests (except dumps).
387      -
388        name: actions
389        type: nest
390        nested-attributes: action-attrs
391        doc: |
392          Nested attributes specifying the actions to take for packets that
393          match the key. Always present in notifications. Required for
394          OVS_FLOW_CMD_NEW requests, optional for OVS_FLOW_CMD_SET requests.  An
395          OVS_FLOW_CMD_SET without OVS_FLOW_ATTR_ACTIONS will not modify the
396          actions.  To clear the actions, an OVS_FLOW_ATTR_ACTIONS without any
397          nested attributes must be given.
398      -
399        name: stats
400        type: binary
401        struct: ovs-flow-stats
402        doc: |
403          Statistics for this flow. Present in notifications if the stats would
404          be nonzero. Ignored in requests.
405      -
406        name: tcp-flags
407        type: u8
408        doc: |
409          An 8-bit value giving the ORed value of all of the TCP flags seen on
410          packets in this flow. Only present in notifications for TCP flows, and
411          only if it would be nonzero. Ignored in requests.
412      -
413        name: used
414        type: u64
415        doc: |
416          A 64-bit integer giving the time, in milliseconds on the system
417          monotonic clock, at which a packet was last processed for this
418          flow. Only present in notifications if a packet has been processed for
419          this flow. Ignored in requests.
420      -
421        name: clear
422        type: flag
423        doc: |
424          If present in a OVS_FLOW_CMD_SET request, clears the last-used time,
425          accumulated TCP flags, and statistics for this flow.  Otherwise
426          ignored in requests. Never present in notifications.
427      -
428        name: mask
429        type: nest
430        nested-attributes: key-attrs
431        doc: |
432          Nested attributes specifying the mask bits for wildcarded flow
433          match. Mask bit value '1' specifies exact match with corresponding
434          flow key bit, while mask bit value '0' specifies a wildcarded
435          match. Omitting attribute is treated as wildcarding all corresponding
436          fields. Optional for all requests. If not present, all flow key bits
437          are exact match bits.
438      -
439        name: probe
440        type: binary
441        doc: |
442          Flow operation is a feature probe, error logging should be suppressed.
443      -
444        name: ufid
445        type: binary
446        doc: |
447          A value between 1-16 octets specifying a unique identifier for the
448          flow. Causes the flow to be indexed by this value rather than the
449          value of the OVS_FLOW_ATTR_KEY attribute. Optional for all
450          requests. Present in notifications if the flow was created with this
451          attribute.
452        display-hint: uuid
453      -
454        name: ufid-flags
455        type: u32
456        enum: ovs-ufid-flags
457        doc: |
458          A 32-bit value of ORed flags that provide alternative semantics for
459          flow installation and retrieval. Optional for all requests.
460      -
461        name: pad
462        type: binary
463
464  -
465    name: key-attrs
466    enum-name: ovs-key-attr
467    name-prefix: ovs-key-attr-
468    attributes:
469      -
470        name: encap
471        type: nest
472        nested-attributes: key-attrs
473      -
474        name: priority
475        type: u32
476      -
477        name: in-port
478        type: u32
479      -
480        name: ethernet
481        type: binary
482        struct: ovs-key-ethernet
483        doc: struct ovs_key_ethernet
484      -
485        name: vlan
486        type: u16
487        byte-order: big-endian
488      -
489        name: ethertype
490        type: u16
491        byte-order: big-endian
492      -
493        name: ipv4
494        type: binary
495        struct: ovs-key-ipv4
496      -
497        name: ipv6
498        type: binary
499        struct: ovs-key-ipv6
500        doc: struct ovs_key_ipv6
501      -
502        name: tcp
503        type: binary
504        struct: ovs-key-tcp
505      -
506        name: udp
507        type: binary
508        struct: ovs-key-udp
509      -
510        name: icmp
511        type: binary
512        struct: ovs-key-icmp
513      -
514        name: icmpv6
515        type: binary
516        struct: ovs-key-icmp
517      -
518        name: arp
519        type: binary
520        struct: ovs-key-arp
521        doc: struct ovs_key_arp
522      -
523        name: nd
524        type: binary
525        struct: ovs-key-nd
526        doc: struct ovs_key_nd
527      -
528        name: skb-mark
529        type: u32
530      -
531        name: tunnel
532        type: nest
533        nested-attributes: tunnel-key-attrs
534      -
535        name: sctp
536        type: binary
537        struct: ovs-key-sctp
538      -
539        name: tcp-flags
540        type: u16
541        byte-order: big-endian
542      -
543        name: dp-hash
544        type: u32
545        doc: Value 0 indicates the hash is not computed by the datapath.
546      -
547        name: recirc-id
548        type: u32
549      -
550        name: mpls
551        type: binary
552        struct: ovs-key-mpls
553      -
554        name: ct-state
555        type: u32
556        enum: ct-state-flags
557        enum-as-flags: true
558      -
559        name: ct-zone
560        type: u16
561        doc: connection tracking zone
562      -
563        name: ct-mark
564        type: u32
565        doc: connection tracking mark
566      -
567        name: ct-labels
568        type: binary
569        display-hint: hex
570        doc: 16-octet connection tracking label
571      -
572        name: ct-orig-tuple-ipv4
573        type: binary
574        struct: ovs-key-ct-tuple-ipv4
575      -
576        name: ct-orig-tuple-ipv6
577        type: binary
578        doc: struct ovs_key_ct_tuple_ipv6
579      -
580        name: nsh
581        type: nest
582        nested-attributes: ovs-nsh-key-attrs
583      -
584        name: packet-type
585        type: u32
586        byte-order: big-endian
587        doc: Should not be sent to the kernel
588      -
589        name: nd-extensions
590        type: binary
591        doc: Should not be sent to the kernel
592      -
593        name: tunnel-info
594        type: binary
595        doc: struct ip_tunnel_info
596      -
597        name: ipv6-exthdrs
598        type: binary
599        struct: ovs-key-ipv6-exthdrs
600        doc: struct ovs_key_ipv6_exthdr
601  -
602    name: action-attrs
603    enum-name: ovs-action-attr
604    name-prefix: ovs-action-attr-
605    attributes:
606      -
607        name: output
608        type: u32
609        doc: ovs port number in datapath
610      -
611        name: userspace
612        type: nest
613        nested-attributes: userspace-attrs
614      -
615        name: set
616        type: nest
617        nested-attributes: key-attrs
618        doc: Replaces the contents of an existing header. The single nested attribute specifies a header to modify and its value.
619      -
620        name: push-vlan
621        type: binary
622        struct: ovs-action-push-vlan
623        doc: Push a new outermost 802.1Q or 802.1ad header onto the packet.
624      -
625        name: pop-vlan
626        type: flag
627        doc: Pop the outermost 802.1Q or 802.1ad header from the packet.
628      -
629        name: sample
630        type: nest
631        nested-attributes: sample-attrs
632        doc: |
633          Probabilistically executes actions, as specified in the nested attributes.
634      -
635        name: recirc
636        type: u32
637        doc: recirc id
638      -
639        name: hash
640        type: binary
641        struct: ovs-action-hash
642      -
643        name: push-mpls
644        type: binary
645        struct: ovs-action-push-mpls
646        doc: |
647          Push a new MPLS label stack entry onto the top of the packets MPLS
648          label stack. Set the ethertype of the encapsulating frame to either
649          ETH_P_MPLS_UC or ETH_P_MPLS_MC to indicate the new packet contents.
650      -
651        name: pop-mpls
652        type: u16
653        byte-order: big-endian
654        doc: ethertype
655      -
656        name: set-masked
657        type: nest
658        nested-attributes: key-attrs
659        doc: |
660          Replaces the contents of an existing header. A nested attribute
661          specifies a header to modify, its value, and a mask. For every bit set
662          in the mask, the corresponding bit value is copied from the value to
663          the packet header field, rest of the bits are left unchanged. The
664          non-masked value bits must be passed in as zeroes. Masking is not
665          supported for the OVS_KEY_ATTR_TUNNEL attribute.
666      -
667        name: ct
668        type: nest
669        nested-attributes: ct-attrs
670        doc: |
671          Track the connection. Populate the conntrack-related entries
672          in the flow key.
673      -
674        name: trunc
675        type: u32
676        doc: struct ovs_action_trunc is a u32 max length
677      -
678        name: push-eth
679        type: binary
680        doc: struct ovs_action_push_eth
681      -
682        name: pop-eth
683        type: flag
684      -
685        name: ct-clear
686        type: flag
687      -
688        name: push-nsh
689        type: nest
690        nested-attributes: ovs-nsh-key-attrs
691        doc: |
692          Push NSH header to the packet.
693      -
694        name: pop-nsh
695        type: flag
696        doc: |
697          Pop the outermost NSH header off the packet.
698      -
699        name: meter
700        type: u32
701        doc: |
702          Run packet through a meter, which may drop the packet, or modify the
703          packet (e.g., change the DSCP field)
704      -
705        name: clone
706        type: nest
707        nested-attributes: action-attrs
708        doc: |
709          Make a copy of the packet and execute a list of actions without
710          affecting the original packet and key.
711      -
712        name: check-pkt-len
713        type: nest
714        nested-attributes: check-pkt-len-attrs
715        doc: |
716          Check the packet length and execute a set of actions if greater than
717          the specified packet length, else execute another set of actions.
718      -
719        name: add-mpls
720        type: binary
721        struct: ovs-action-add-mpls
722        doc: |
723          Push a new MPLS label stack entry at the start of the packet or at the
724          start of the l3 header depending on the value of l3 tunnel flag in the
725          tun_flags field of this OVS_ACTION_ATTR_ADD_MPLS argument.
726      -
727        name: dec-ttl
728        type: nest
729        nested-attributes: dec-ttl-attrs
730      -
731        name: psample
732        type: nest
733        nested-attributes: psample-attrs
734        doc: |
735          Sends a packet sample to psample for external observation.
736  -
737    name: tunnel-key-attrs
738    enum-name: ovs-tunnel-key-attr
739    name-prefix: ovs-tunnel-key-attr-
740    attributes:
741      -
742        name: id
743        type: u64
744        byte-order: big-endian
745        value: 0
746      -
747        name: ipv4-src
748        type: u32
749        byte-order: big-endian
750      -
751        name: ipv4-dst
752        type: u32
753        byte-order: big-endian
754      -
755        name: tos
756        type: u8
757      -
758        name: ttl
759        type: u8
760      -
761        name: dont-fragment
762        type: flag
763      -
764        name: csum
765        type: flag
766      -
767        name: oam
768        type: flag
769      -
770        name: geneve-opts
771        type: binary
772        sub-type: u32
773      -
774        name: tp-src
775        type: u16
776        byte-order: big-endian
777      -
778        name: tp-dst
779        type: u16
780        byte-order: big-endian
781      -
782        name: vxlan-opts
783        type: nest
784        nested-attributes: vxlan-ext-attrs
785      -
786        name: ipv6-src
787        type: binary
788        doc: |
789          struct in6_addr source IPv6 address
790      -
791        name: ipv6-dst
792        type: binary
793        doc: |
794          struct in6_addr destination IPv6 address
795      -
796        name: pad
797        type: binary
798      -
799        name: erspan-opts
800        type: binary
801        doc: |
802          struct erspan_metadata
803      -
804        name: ipv4-info-bridge
805        type: flag
806  -
807    name: check-pkt-len-attrs
808    enum-name: ovs-check-pkt-len-attr
809    name-prefix: ovs-check-pkt-len-attr-
810    attributes:
811      -
812        name: pkt-len
813        type: u16
814      -
815        name: actions-if-greater
816        type: nest
817        nested-attributes: action-attrs
818      -
819        name: actions-if-less-equal
820        type: nest
821        nested-attributes: action-attrs
822  -
823    name: sample-attrs
824    enum-name: ovs-sample-attr
825    name-prefix: ovs-sample-attr-
826    attributes:
827      -
828        name: probability
829        type: u32
830      -
831        name: actions
832        type: nest
833        nested-attributes: action-attrs
834  -
835    name: userspace-attrs
836    enum-name: ovs-userspace-attr
837    name-prefix: ovs-userspace-attr-
838    attributes:
839      -
840        name: pid
841        type: u32
842      -
843        name: userdata
844        type: binary
845      -
846        name: egress-tun-port
847        type: u32
848      -
849        name: actions
850        type: flag
851  -
852    name: ovs-nsh-key-attrs
853    enum-name: ovs-nsh-key-attr
854    name-prefix: ovs-nsh-key-attr-
855    attributes:
856      -
857        name: base
858        type: binary
859      -
860        name: md1
861        type: binary
862      -
863        name: md2
864        type: binary
865  -
866    name: ct-attrs
867    enum-name: ovs-ct-attr
868    name-prefix: ovs-ct-attr-
869    attributes:
870      -
871        name: commit
872        type: flag
873      -
874        name: zone
875        type: u16
876      -
877        name: mark
878        type: binary
879      -
880        name: labels
881        type: binary
882      -
883        name: helper
884        type: string
885      -
886        name: nat
887        type: nest
888        nested-attributes: nat-attrs
889      -
890        name: force-commit
891        type: flag
892      -
893        name: eventmask
894        type: u32
895      -
896        name: timeout
897        type: string
898  -
899    name: nat-attrs
900    enum-name: ovs-nat-attr
901    name-prefix: ovs-nat-attr-
902    attributes:
903      -
904        name: src
905        type: flag
906      -
907        name: dst
908        type: flag
909      -
910        name: ip-min
911        type: binary
912      -
913        name: ip-max
914        type: binary
915      -
916        name: proto-min
917        type: u16
918      -
919        name: proto-max
920        type: u16
921      -
922        name: persistent
923        type: flag
924      -
925        name: proto-hash
926        type: flag
927      -
928        name: proto-random
929        type: flag
930  -
931    name: dec-ttl-attrs
932    enum-name: ovs-dec-ttl-attr
933    name-prefix: ovs-dec-ttl-attr-
934    attributes:
935      -
936        name: action
937        type: nest
938        nested-attributes: action-attrs
939  -
940    name: vxlan-ext-attrs
941    enum-name: ovs-vxlan-ext-
942    name-prefix: ovs-vxlan-ext-
943    attributes:
944      -
945        name: gbp
946        type: u32
947  -
948    name: psample-attrs
949    enum-name: ovs-psample-attr
950    name-prefix: ovs-psample-attr-
951    attributes:
952      -
953        name: group
954        type: u32
955      -
956        name: cookie
957        type: binary
958
959operations:
960  name-prefix: ovs-flow-cmd-
961  fixed-header: ovs-header
962  list:
963    -
964      name: get
965      doc: Get / dump OVS flow configuration and state
966      value: 3
967      attribute-set: flow-attrs
968      do: &flow-get-op
969        request:
970          attributes:
971            - key
972            - ufid
973            - ufid-flags
974        reply:
975          attributes:
976            - key
977            - ufid
978            - mask
979            - stats
980            - actions
981      dump: *flow-get-op
982    -
983      name: new
984      doc: Create OVS flow configuration in a data path
985      value: 1
986      attribute-set: flow-attrs
987      do:
988        request:
989          attributes:
990            - key
991            - ufid
992            - mask
993            - actions
994
995mcast-groups:
996  list:
997    -
998      name: ovs_flow
999