1# SPDX-License-Identifier: ((GPL-2.0 WITH Linux-syscall-note) OR BSD-3-Clause) 2--- 3name: ovs_flow 4version: 1 5protocol: genetlink-legacy 6uapi-header: linux/openvswitch.h 7 8doc: >- 9 OVS flow configuration over generic netlink. 10 11definitions: 12 - 13 name: ovs-header 14 type: struct 15 doc: | 16 Header for OVS Generic Netlink messages. 17 members: 18 - 19 name: dp-ifindex 20 type: u32 21 doc: | 22 ifindex of local port for datapath (0 to make a request not specific 23 to a datapath). 24 - 25 name: ovs-flow-stats 26 type: struct 27 members: 28 - 29 name: n-packets 30 type: u64 31 doc: Number of matched packets. 32 - 33 name: n-bytes 34 type: u64 35 doc: Number of matched bytes. 36 - 37 name: ovs-key-ethernet 38 type: struct 39 members: 40 - 41 name: eth-src 42 type: binary 43 len: 6 44 display-hint: mac 45 - 46 name: eth-dst 47 type: binary 48 len: 6 49 display-hint: mac 50 - 51 name: ovs-key-mpls 52 type: struct 53 members: 54 - 55 name: mpls-lse 56 type: u32 57 byte-order: big-endian 58 - 59 name: ovs-key-ipv4 60 type: struct 61 members: 62 - 63 name: ipv4-src 64 type: u32 65 byte-order: big-endian 66 display-hint: ipv4 67 - 68 name: ipv4-dst 69 type: u32 70 byte-order: big-endian 71 display-hint: ipv4 72 - 73 name: ipv4-proto 74 type: u8 75 - 76 name: ipv4-tos 77 type: u8 78 - 79 name: ipv4-ttl 80 type: u8 81 - 82 name: ipv4-frag 83 type: u8 84 enum: ovs-frag-type 85 - 86 name: ovs-key-ipv6 87 type: struct 88 members: 89 - 90 name: ipv6-src 91 type: binary 92 len: 16 93 byte-order: big-endian 94 display-hint: ipv6 95 - 96 name: ipv6-dst 97 type: binary 98 len: 16 99 byte-order: big-endian 100 display-hint: ipv6 101 - 102 name: ipv6-label 103 type: u32 104 byte-order: big-endian 105 - 106 name: ipv6-proto 107 type: u8 108 - 109 name: ipv6-tclass 110 type: u8 111 - 112 name: ipv6-hlimit 113 type: u8 114 - 115 name: ipv6-frag 116 type: u8 117 - 118 name: ovs-key-ipv6-exthdrs 119 type: struct 120 members: 121 - 122 name: hdrs 123 type: u16 124 - 125 name: ovs-frag-type 126 name-prefix: ovs-frag-type- 127 enum-name: ovs-frag-type 128 type: enum 129 entries: 130 - 131 name: none 132 doc: Packet is not a fragment. 133 - 134 name: first 135 doc: Packet is a fragment with offset 0. 136 - 137 name: later 138 doc: Packet is a fragment with nonzero offset. 139 - 140 name: any 141 value: 255 142 - 143 name: ovs-key-tcp 144 type: struct 145 members: 146 - 147 name: tcp-src 148 type: u16 149 byte-order: big-endian 150 - 151 name: tcp-dst 152 type: u16 153 byte-order: big-endian 154 - 155 name: ovs-key-udp 156 type: struct 157 members: 158 - 159 name: udp-src 160 type: u16 161 byte-order: big-endian 162 - 163 name: udp-dst 164 type: u16 165 byte-order: big-endian 166 - 167 name: ovs-key-sctp 168 type: struct 169 members: 170 - 171 name: sctp-src 172 type: u16 173 byte-order: big-endian 174 - 175 name: sctp-dst 176 type: u16 177 byte-order: big-endian 178 - 179 name: ovs-key-icmp 180 type: struct 181 members: 182 - 183 name: icmp-type 184 type: u8 185 - 186 name: icmp-code 187 type: u8 188 - 189 name: ovs-key-arp 190 type: struct 191 members: 192 - 193 name: arp-sip 194 type: u32 195 byte-order: big-endian 196 - 197 name: arp-tip 198 type: u32 199 byte-order: big-endian 200 - 201 name: arp-op 202 type: u16 203 byte-order: big-endian 204 - 205 name: arp-sha 206 type: binary 207 len: 6 208 display-hint: mac 209 - 210 name: arp-tha 211 type: binary 212 len: 6 213 display-hint: mac 214 - 215 name: ovs-key-nd 216 type: struct 217 members: 218 - 219 name: nd-target 220 type: binary 221 len: 16 222 byte-order: big-endian 223 - 224 name: nd-sll 225 type: binary 226 len: 6 227 display-hint: mac 228 - 229 name: nd-tll 230 type: binary 231 len: 6 232 display-hint: mac 233 - 234 name: ovs-key-ct-tuple-ipv4 235 type: struct 236 members: 237 - 238 name: ipv4-src 239 type: u32 240 byte-order: big-endian 241 - 242 name: ipv4-dst 243 type: u32 244 byte-order: big-endian 245 - 246 name: src-port 247 type: u16 248 byte-order: big-endian 249 - 250 name: dst-port 251 type: u16 252 byte-order: big-endian 253 - 254 name: ipv4-proto 255 type: u8 256 - 257 name: ovs-action-push-vlan 258 type: struct 259 members: 260 - 261 name: vlan-tpid 262 type: u16 263 byte-order: big-endian 264 doc: Tag protocol identifier (TPID) to push. 265 - 266 name: vlan-tci 267 type: u16 268 byte-order: big-endian 269 doc: Tag control identifier (TCI) to push. 270 - 271 name: ovs-ufid-flags 272 name-prefix: ovs-ufid-f- 273 enum-name: 274 type: flags 275 entries: 276 - omit-key 277 - omit-mask 278 - omit-actions 279 - 280 name: ovs-action-hash 281 type: struct 282 members: 283 - 284 name: hash-alg 285 type: u32 286 doc: Algorithm used to compute hash prior to recirculation. 287 - 288 name: hash-basis 289 type: u32 290 doc: Basis used for computing hash. 291 - 292 name: ovs-hash-alg 293 enum-name: ovs-hash-alg 294 type: enum 295 doc: | 296 Data path hash algorithm for computing Datapath hash. The algorithm type 297 only specifies the fields in a flow will be used as part of the hash. Each 298 datapath is free to use its own hash algorithm. The hash value will be 299 opaque to the user space daemon. 300 entries: 301 - ovs-hash-alg-l4 302 303 - 304 name: ovs-action-push-mpls 305 type: struct 306 members: 307 - 308 name: mpls-lse 309 type: u32 310 byte-order: big-endian 311 doc: | 312 MPLS label stack entry to push 313 - 314 name: mpls-ethertype 315 type: u32 316 byte-order: big-endian 317 doc: | 318 Ethertype to set in the encapsulating ethernet frame. The only values 319 ethertype should ever be given are ETH_P_MPLS_UC and ETH_P_MPLS_MC, 320 indicating MPLS unicast or multicast. Other are rejected. 321 - 322 name: ovs-action-add-mpls 323 type: struct 324 members: 325 - 326 name: mpls-lse 327 type: u32 328 byte-order: big-endian 329 doc: | 330 MPLS label stack entry to push 331 - 332 name: mpls-ethertype 333 type: u32 334 byte-order: big-endian 335 doc: | 336 Ethertype to set in the encapsulating ethernet frame. The only values 337 ethertype should ever be given are ETH_P_MPLS_UC and ETH_P_MPLS_MC, 338 indicating MPLS unicast or multicast. Other are rejected. 339 - 340 name: tun-flags 341 type: u16 342 doc: | 343 MPLS tunnel attributes. 344 - 345 name: ct-state-flags 346 enum-name: 347 type: flags 348 name-prefix: ovs-cs-f- 349 entries: 350 - 351 name: new 352 doc: Beginning of a new connection. 353 - 354 name: established 355 doc: Part of an existing connenction 356 - 357 name: related 358 doc: Related to an existing connection. 359 - 360 name: reply-dir 361 doc: Flow is in the reply direction. 362 - 363 name: invalid 364 doc: Could not track the connection. 365 - 366 name: tracked 367 doc: Conntrack has occurred. 368 - 369 name: src-nat 370 doc: Packet's source address/port was mangled by NAT. 371 - 372 name: dst-nat 373 doc: Packet's destination address/port was mangled by NAT. 374 375attribute-sets: 376 - 377 name: flow-attrs 378 enum-name: ovs-flow-attr 379 name-prefix: ovs-flow-attr- 380 attributes: 381 - 382 name: key 383 type: nest 384 nested-attributes: key-attrs 385 doc: | 386 Nested attributes specifying the flow key. Always present in 387 notifications. Required for all requests (except dumps). 388 - 389 name: actions 390 type: nest 391 nested-attributes: action-attrs 392 doc: | 393 Nested attributes specifying the actions to take for packets that 394 match the key. Always present in notifications. Required for 395 OVS_FLOW_CMD_NEW requests, optional for OVS_FLOW_CMD_SET requests. An 396 OVS_FLOW_CMD_SET without OVS_FLOW_ATTR_ACTIONS will not modify the 397 actions. To clear the actions, an OVS_FLOW_ATTR_ACTIONS without any 398 nested attributes must be given. 399 - 400 name: stats 401 type: binary 402 struct: ovs-flow-stats 403 doc: | 404 Statistics for this flow. Present in notifications if the stats would 405 be nonzero. Ignored in requests. 406 - 407 name: tcp-flags 408 type: u8 409 doc: | 410 An 8-bit value giving the ORed value of all of the TCP flags seen on 411 packets in this flow. Only present in notifications for TCP flows, and 412 only if it would be nonzero. Ignored in requests. 413 - 414 name: used 415 type: u64 416 doc: | 417 A 64-bit integer giving the time, in milliseconds on the system 418 monotonic clock, at which a packet was last processed for this 419 flow. Only present in notifications if a packet has been processed for 420 this flow. Ignored in requests. 421 - 422 name: clear 423 type: flag 424 doc: | 425 If present in a OVS_FLOW_CMD_SET request, clears the last-used time, 426 accumulated TCP flags, and statistics for this flow. Otherwise 427 ignored in requests. Never present in notifications. 428 - 429 name: mask 430 type: nest 431 nested-attributes: key-attrs 432 doc: | 433 Nested attributes specifying the mask bits for wildcarded flow 434 match. Mask bit value '1' specifies exact match with corresponding 435 flow key bit, while mask bit value '0' specifies a wildcarded 436 match. Omitting attribute is treated as wildcarding all corresponding 437 fields. Optional for all requests. If not present, all flow key bits 438 are exact match bits. 439 - 440 name: probe 441 type: binary 442 doc: | 443 Flow operation is a feature probe, error logging should be suppressed. 444 - 445 name: ufid 446 type: binary 447 doc: | 448 A value between 1-16 octets specifying a unique identifier for the 449 flow. Causes the flow to be indexed by this value rather than the 450 value of the OVS_FLOW_ATTR_KEY attribute. Optional for all 451 requests. Present in notifications if the flow was created with this 452 attribute. 453 display-hint: uuid 454 - 455 name: ufid-flags 456 type: u32 457 enum: ovs-ufid-flags 458 doc: | 459 A 32-bit value of ORed flags that provide alternative semantics for 460 flow installation and retrieval. Optional for all requests. 461 - 462 name: pad 463 type: binary 464 465 - 466 name: key-attrs 467 enum-name: ovs-key-attr 468 name-prefix: ovs-key-attr- 469 attributes: 470 - 471 name: encap 472 type: nest 473 nested-attributes: key-attrs 474 - 475 name: priority 476 type: u32 477 - 478 name: in-port 479 type: u32 480 - 481 name: ethernet 482 type: binary 483 struct: ovs-key-ethernet 484 doc: struct ovs_key_ethernet 485 - 486 name: vlan 487 type: u16 488 byte-order: big-endian 489 - 490 name: ethertype 491 type: u16 492 byte-order: big-endian 493 - 494 name: ipv4 495 type: binary 496 struct: ovs-key-ipv4 497 - 498 name: ipv6 499 type: binary 500 struct: ovs-key-ipv6 501 doc: struct ovs_key_ipv6 502 - 503 name: tcp 504 type: binary 505 struct: ovs-key-tcp 506 - 507 name: udp 508 type: binary 509 struct: ovs-key-udp 510 - 511 name: icmp 512 type: binary 513 struct: ovs-key-icmp 514 - 515 name: icmpv6 516 type: binary 517 struct: ovs-key-icmp 518 - 519 name: arp 520 type: binary 521 struct: ovs-key-arp 522 doc: struct ovs_key_arp 523 - 524 name: nd 525 type: binary 526 struct: ovs-key-nd 527 doc: struct ovs_key_nd 528 - 529 name: skb-mark 530 type: u32 531 - 532 name: tunnel 533 type: nest 534 nested-attributes: tunnel-key-attrs 535 - 536 name: sctp 537 type: binary 538 struct: ovs-key-sctp 539 - 540 name: tcp-flags 541 type: u16 542 byte-order: big-endian 543 - 544 name: dp-hash 545 type: u32 546 doc: Value 0 indicates the hash is not computed by the datapath. 547 - 548 name: recirc-id 549 type: u32 550 - 551 name: mpls 552 type: binary 553 struct: ovs-key-mpls 554 - 555 name: ct-state 556 type: u32 557 enum: ct-state-flags 558 enum-as-flags: true 559 - 560 name: ct-zone 561 type: u16 562 doc: connection tracking zone 563 - 564 name: ct-mark 565 type: u32 566 doc: connection tracking mark 567 - 568 name: ct-labels 569 type: binary 570 display-hint: hex 571 doc: 16-octet connection tracking label 572 - 573 name: ct-orig-tuple-ipv4 574 type: binary 575 struct: ovs-key-ct-tuple-ipv4 576 - 577 name: ct-orig-tuple-ipv6 578 type: binary 579 doc: struct ovs_key_ct_tuple_ipv6 580 - 581 name: nsh 582 type: nest 583 nested-attributes: ovs-nsh-key-attrs 584 - 585 name: packet-type 586 type: u32 587 byte-order: big-endian 588 doc: Should not be sent to the kernel 589 - 590 name: nd-extensions 591 type: binary 592 doc: Should not be sent to the kernel 593 - 594 name: tunnel-info 595 type: binary 596 doc: struct ip_tunnel_info 597 - 598 name: ipv6-exthdrs 599 type: binary 600 struct: ovs-key-ipv6-exthdrs 601 doc: struct ovs_key_ipv6_exthdr 602 - 603 name: action-attrs 604 enum-name: ovs-action-attr 605 name-prefix: ovs-action-attr- 606 attributes: 607 - 608 name: output 609 type: u32 610 doc: ovs port number in datapath 611 - 612 name: userspace 613 type: nest 614 nested-attributes: userspace-attrs 615 - 616 name: set 617 type: nest 618 nested-attributes: key-attrs 619 doc: | 620 Replaces the contents of an existing header. The single nested 621 attribute specifies a header to modify and its value. 622 - 623 name: push-vlan 624 type: binary 625 struct: ovs-action-push-vlan 626 doc: Push a new outermost 802.1Q or 802.1ad header onto the packet. 627 - 628 name: pop-vlan 629 type: flag 630 doc: Pop the outermost 802.1Q or 802.1ad header from the packet. 631 - 632 name: sample 633 type: nest 634 nested-attributes: sample-attrs 635 doc: | 636 Probabilistically executes actions, as specified in the nested 637 attributes. 638 - 639 name: recirc 640 type: u32 641 doc: recirc id 642 - 643 name: hash 644 type: binary 645 struct: ovs-action-hash 646 - 647 name: push-mpls 648 type: binary 649 struct: ovs-action-push-mpls 650 doc: | 651 Push a new MPLS label stack entry onto the top of the packets MPLS 652 label stack. Set the ethertype of the encapsulating frame to either 653 ETH_P_MPLS_UC or ETH_P_MPLS_MC to indicate the new packet contents. 654 - 655 name: pop-mpls 656 type: u16 657 byte-order: big-endian 658 doc: ethertype 659 - 660 name: set-masked 661 type: nest 662 nested-attributes: key-attrs 663 doc: | 664 Replaces the contents of an existing header. A nested attribute 665 specifies a header to modify, its value, and a mask. For every bit set 666 in the mask, the corresponding bit value is copied from the value to 667 the packet header field, rest of the bits are left unchanged. The 668 non-masked value bits must be passed in as zeroes. Masking is not 669 supported for the OVS_KEY_ATTR_TUNNEL attribute. 670 - 671 name: ct 672 type: nest 673 nested-attributes: ct-attrs 674 doc: | 675 Track the connection. Populate the conntrack-related entries 676 in the flow key. 677 - 678 name: trunc 679 type: u32 680 doc: struct ovs_action_trunc is a u32 max length 681 - 682 name: push-eth 683 type: binary 684 doc: struct ovs_action_push_eth 685 - 686 name: pop-eth 687 type: flag 688 - 689 name: ct-clear 690 type: flag 691 - 692 name: push-nsh 693 type: nest 694 nested-attributes: ovs-nsh-key-attrs 695 doc: | 696 Push NSH header to the packet. 697 - 698 name: pop-nsh 699 type: flag 700 doc: | 701 Pop the outermost NSH header off the packet. 702 - 703 name: meter 704 type: u32 705 doc: | 706 Run packet through a meter, which may drop the packet, or modify the 707 packet (e.g., change the DSCP field) 708 - 709 name: clone 710 type: nest 711 nested-attributes: action-attrs 712 doc: | 713 Make a copy of the packet and execute a list of actions without 714 affecting the original packet and key. 715 - 716 name: check-pkt-len 717 type: nest 718 nested-attributes: check-pkt-len-attrs 719 doc: | 720 Check the packet length and execute a set of actions if greater than 721 the specified packet length, else execute another set of actions. 722 - 723 name: add-mpls 724 type: binary 725 struct: ovs-action-add-mpls 726 doc: | 727 Push a new MPLS label stack entry at the start of the packet or at the 728 start of the l3 header depending on the value of l3 tunnel flag in the 729 tun_flags field of this OVS_ACTION_ATTR_ADD_MPLS argument. 730 - 731 name: dec-ttl 732 type: nest 733 nested-attributes: dec-ttl-attrs 734 - 735 name: psample 736 type: nest 737 nested-attributes: psample-attrs 738 doc: | 739 Sends a packet sample to psample for external observation. 740 - 741 name: tunnel-key-attrs 742 enum-name: ovs-tunnel-key-attr 743 name-prefix: ovs-tunnel-key-attr- 744 attributes: 745 - 746 name: id 747 type: u64 748 byte-order: big-endian 749 value: 0 750 - 751 name: ipv4-src 752 type: u32 753 byte-order: big-endian 754 - 755 name: ipv4-dst 756 type: u32 757 byte-order: big-endian 758 - 759 name: tos 760 type: u8 761 - 762 name: ttl 763 type: u8 764 - 765 name: dont-fragment 766 type: flag 767 - 768 name: csum 769 type: flag 770 - 771 name: oam 772 type: flag 773 - 774 name: geneve-opts 775 type: binary 776 sub-type: u32 777 - 778 name: tp-src 779 type: u16 780 byte-order: big-endian 781 - 782 name: tp-dst 783 type: u16 784 byte-order: big-endian 785 - 786 name: vxlan-opts 787 type: nest 788 nested-attributes: vxlan-ext-attrs 789 - 790 name: ipv6-src 791 type: binary 792 doc: | 793 struct in6_addr source IPv6 address 794 - 795 name: ipv6-dst 796 type: binary 797 doc: | 798 struct in6_addr destination IPv6 address 799 - 800 name: pad 801 type: binary 802 - 803 name: erspan-opts 804 type: binary 805 doc: | 806 struct erspan_metadata 807 - 808 name: ipv4-info-bridge 809 type: flag 810 - 811 name: check-pkt-len-attrs 812 enum-name: ovs-check-pkt-len-attr 813 name-prefix: ovs-check-pkt-len-attr- 814 attributes: 815 - 816 name: pkt-len 817 type: u16 818 - 819 name: actions-if-greater 820 type: nest 821 nested-attributes: action-attrs 822 - 823 name: actions-if-less-equal 824 type: nest 825 nested-attributes: action-attrs 826 - 827 name: sample-attrs 828 enum-name: ovs-sample-attr 829 name-prefix: ovs-sample-attr- 830 attributes: 831 - 832 name: probability 833 type: u32 834 - 835 name: actions 836 type: nest 837 nested-attributes: action-attrs 838 - 839 name: userspace-attrs 840 enum-name: ovs-userspace-attr 841 name-prefix: ovs-userspace-attr- 842 attributes: 843 - 844 name: pid 845 type: u32 846 - 847 name: userdata 848 type: binary 849 - 850 name: egress-tun-port 851 type: u32 852 - 853 name: actions 854 type: flag 855 - 856 name: ovs-nsh-key-attrs 857 enum-name: ovs-nsh-key-attr 858 name-prefix: ovs-nsh-key-attr- 859 attributes: 860 - 861 name: base 862 type: binary 863 - 864 name: md1 865 type: binary 866 - 867 name: md2 868 type: binary 869 - 870 name: ct-attrs 871 enum-name: ovs-ct-attr 872 name-prefix: ovs-ct-attr- 873 attributes: 874 - 875 name: commit 876 type: flag 877 - 878 name: zone 879 type: u16 880 - 881 name: mark 882 type: binary 883 - 884 name: labels 885 type: binary 886 - 887 name: helper 888 type: string 889 - 890 name: nat 891 type: nest 892 nested-attributes: nat-attrs 893 - 894 name: force-commit 895 type: flag 896 - 897 name: eventmask 898 type: u32 899 - 900 name: timeout 901 type: string 902 - 903 name: nat-attrs 904 enum-name: ovs-nat-attr 905 name-prefix: ovs-nat-attr- 906 attributes: 907 - 908 name: src 909 type: flag 910 - 911 name: dst 912 type: flag 913 - 914 name: ip-min 915 type: binary 916 - 917 name: ip-max 918 type: binary 919 - 920 name: proto-min 921 type: u16 922 - 923 name: proto-max 924 type: u16 925 - 926 name: persistent 927 type: flag 928 - 929 name: proto-hash 930 type: flag 931 - 932 name: proto-random 933 type: flag 934 - 935 name: dec-ttl-attrs 936 enum-name: ovs-dec-ttl-attr 937 name-prefix: ovs-dec-ttl-attr- 938 attributes: 939 - 940 name: action 941 type: nest 942 nested-attributes: action-attrs 943 - 944 name: vxlan-ext-attrs 945 enum-name: ovs-vxlan-ext- 946 name-prefix: ovs-vxlan-ext- 947 attributes: 948 - 949 name: gbp 950 type: u32 951 - 952 name: psample-attrs 953 enum-name: ovs-psample-attr 954 name-prefix: ovs-psample-attr- 955 attributes: 956 - 957 name: group 958 type: u32 959 - 960 name: cookie 961 type: binary 962 963operations: 964 name-prefix: ovs-flow-cmd- 965 fixed-header: ovs-header 966 list: 967 - 968 name: get 969 doc: Get / dump OVS flow configuration and state 970 value: 3 971 attribute-set: flow-attrs 972 do: &flow-get-op 973 request: 974 attributes: 975 - key 976 - ufid 977 - ufid-flags 978 reply: 979 attributes: 980 - key 981 - ufid 982 - mask 983 - stats 984 - actions 985 dump: *flow-get-op 986 - 987 name: new 988 doc: Create OVS flow configuration in a data path 989 value: 1 990 attribute-set: flow-attrs 991 do: 992 request: 993 attributes: 994 - key 995 - ufid 996 - mask 997 - actions 998 999mcast-groups: 1000 list: 1001 - 1002 name: ovs_flow 1003