1# SPDX-License-Identifier: ((GPL-2.0 WITH Linux-syscall-note) OR BSD-3-Clause) 2 3name: ovs_flow 4version: 1 5protocol: genetlink-legacy 6uapi-header: linux/openvswitch.h 7 8doc: 9 OVS flow configuration over generic netlink. 10 11definitions: 12 - 13 name: ovs-header 14 type: struct 15 doc: | 16 Header for OVS Generic Netlink messages. 17 members: 18 - 19 name: dp-ifindex 20 type: u32 21 doc: | 22 ifindex of local port for datapath (0 to make a request not specific 23 to a datapath). 24 - 25 name: ovs-flow-stats 26 type: struct 27 members: 28 - 29 name: n-packets 30 type: u64 31 doc: Number of matched packets. 32 - 33 name: n-bytes 34 type: u64 35 doc: Number of matched bytes. 36 - 37 name: ovs-key-ethernet 38 type: struct 39 members: 40 - 41 name: eth-src 42 type: binary 43 len: 6 44 display-hint: mac 45 - 46 name: eth-dst 47 type: binary 48 len: 6 49 display-hint: mac 50 - 51 name: ovs-key-mpls 52 type: struct 53 members: 54 - 55 name: mpls-lse 56 type: u32 57 byte-order: big-endian 58 - 59 name: ovs-key-ipv4 60 type: struct 61 members: 62 - 63 name: ipv4-src 64 type: u32 65 byte-order: big-endian 66 display-hint: ipv4 67 - 68 name: ipv4-dst 69 type: u32 70 byte-order: big-endian 71 display-hint: ipv4 72 - 73 name: ipv4-proto 74 type: u8 75 - 76 name: ipv4-tos 77 type: u8 78 - 79 name: ipv4-ttl 80 type: u8 81 - 82 name: ipv4-frag 83 type: u8 84 enum: ovs-frag-type 85 - 86 name: ovs-key-ipv6 87 type: struct 88 members: 89 - 90 name: ipv6-src 91 type: binary 92 len: 16 93 byte-order: big-endian 94 display-hint: ipv6 95 - 96 name: ipv6-dst 97 type: binary 98 len: 16 99 byte-order: big-endian 100 display-hint: ipv6 101 - 102 name: ipv6-label 103 type: u32 104 byte-order: big-endian 105 - 106 name: ipv6-proto 107 type: u8 108 - 109 name: ipv6-tclass 110 type: u8 111 - 112 name: ipv6-hlimit 113 type: u8 114 - 115 name: ipv6-frag 116 type: u8 117 - 118 name: ovs-key-ipv6-exthdrs 119 type: struct 120 members: 121 - 122 name: hdrs 123 type: u16 124 - 125 name: ovs-frag-type 126 name-prefix: ovs-frag-type- 127 type: enum 128 entries: 129 - 130 name: none 131 doc: Packet is not a fragment. 132 - 133 name: first 134 doc: Packet is a fragment with offset 0. 135 - 136 name: later 137 doc: Packet is a fragment with nonzero offset. 138 - 139 name: any 140 value: 255 141 - 142 name: ovs-key-tcp 143 type: struct 144 members: 145 - 146 name: tcp-src 147 type: u16 148 byte-order: big-endian 149 - 150 name: tcp-dst 151 type: u16 152 byte-order: big-endian 153 - 154 name: ovs-key-udp 155 type: struct 156 members: 157 - 158 name: udp-src 159 type: u16 160 byte-order: big-endian 161 - 162 name: udp-dst 163 type: u16 164 byte-order: big-endian 165 - 166 name: ovs-key-sctp 167 type: struct 168 members: 169 - 170 name: sctp-src 171 type: u16 172 byte-order: big-endian 173 - 174 name: sctp-dst 175 type: u16 176 byte-order: big-endian 177 - 178 name: ovs-key-icmp 179 type: struct 180 members: 181 - 182 name: icmp-type 183 type: u8 184 - 185 name: icmp-code 186 type: u8 187 - 188 name: ovs-key-arp 189 type: struct 190 members: 191 - 192 name: arp-sip 193 type: u32 194 byte-order: big-endian 195 - 196 name: arp-tip 197 type: u32 198 byte-order: big-endian 199 - 200 name: arp-op 201 type: u16 202 byte-order: big-endian 203 - 204 name: arp-sha 205 type: binary 206 len: 6 207 display-hint: mac 208 - 209 name: arp-tha 210 type: binary 211 len: 6 212 display-hint: mac 213 - 214 name: ovs-key-nd 215 type: struct 216 members: 217 - 218 name: nd_target 219 type: binary 220 len: 16 221 byte-order: big-endian 222 - 223 name: nd-sll 224 type: binary 225 len: 6 226 display-hint: mac 227 - 228 name: nd-tll 229 type: binary 230 len: 6 231 display-hint: mac 232 - 233 name: ovs-key-ct-tuple-ipv4 234 type: struct 235 members: 236 - 237 name: ipv4-src 238 type: u32 239 byte-order: big-endian 240 - 241 name: ipv4-dst 242 type: u32 243 byte-order: big-endian 244 - 245 name: src-port 246 type: u16 247 byte-order: big-endian 248 - 249 name: dst-port 250 type: u16 251 byte-order: big-endian 252 - 253 name: ipv4-proto 254 type: u8 255 - 256 name: ovs-action-push-vlan 257 type: struct 258 members: 259 - 260 name: vlan_tpid 261 type: u16 262 byte-order: big-endian 263 doc: Tag protocol identifier (TPID) to push. 264 - 265 name: vlan_tci 266 type: u16 267 byte-order: big-endian 268 doc: Tag control identifier (TCI) to push. 269 - 270 name: ovs-ufid-flags 271 name-prefix: ovs-ufid-f- 272 type: flags 273 entries: 274 - omit-key 275 - omit-mask 276 - omit-actions 277 - 278 name: ovs-action-hash 279 type: struct 280 members: 281 - 282 name: hash-alg 283 type: u32 284 doc: Algorithm used to compute hash prior to recirculation. 285 - 286 name: hash-basis 287 type: u32 288 doc: Basis used for computing hash. 289 - 290 name: ovs-hash-alg 291 type: enum 292 doc: | 293 Data path hash algorithm for computing Datapath hash. The algorithm type only specifies 294 the fields in a flow will be used as part of the hash. Each datapath is free to use its 295 own hash algorithm. The hash value will be opaque to the user space daemon. 296 entries: 297 - ovs-hash-alg-l4 298 299 - 300 name: ovs-action-push-mpls 301 type: struct 302 members: 303 - 304 name: mpls-lse 305 type: u32 306 byte-order: big-endian 307 doc: | 308 MPLS label stack entry to push 309 - 310 name: mpls-ethertype 311 type: u32 312 byte-order: big-endian 313 doc: | 314 Ethertype to set in the encapsulating ethernet frame. The only values 315 ethertype should ever be given are ETH_P_MPLS_UC and ETH_P_MPLS_MC, 316 indicating MPLS unicast or multicast. Other are rejected. 317 - 318 name: ovs-action-add-mpls 319 type: struct 320 members: 321 - 322 name: mpls-lse 323 type: u32 324 byte-order: big-endian 325 doc: | 326 MPLS label stack entry to push 327 - 328 name: mpls-ethertype 329 type: u32 330 byte-order: big-endian 331 doc: | 332 Ethertype to set in the encapsulating ethernet frame. The only values 333 ethertype should ever be given are ETH_P_MPLS_UC and ETH_P_MPLS_MC, 334 indicating MPLS unicast or multicast. Other are rejected. 335 - 336 name: tun-flags 337 type: u16 338 doc: | 339 MPLS tunnel attributes. 340 - 341 name: ct-state-flags 342 type: flags 343 name-prefix: ovs-cs-f- 344 entries: 345 - 346 name: new 347 doc: Beginning of a new connection. 348 - 349 name: established 350 doc: Part of an existing connenction 351 - 352 name: related 353 doc: Related to an existing connection. 354 - 355 name: reply-dir 356 doc: Flow is in the reply direction. 357 - 358 name: invalid 359 doc: Could not track the connection. 360 - 361 name: tracked 362 doc: Conntrack has occurred. 363 - 364 name: src-nat 365 doc: Packet's source address/port was mangled by NAT. 366 - 367 name: dst-nat 368 doc: Packet's destination address/port was mangled by NAT. 369 370attribute-sets: 371 - 372 name: flow-attrs 373 enum-name: ovs-flow-attr 374 name-prefix: ovs-flow-attr- 375 attributes: 376 - 377 name: key 378 type: nest 379 nested-attributes: key-attrs 380 doc: | 381 Nested attributes specifying the flow key. Always present in 382 notifications. Required for all requests (except dumps). 383 - 384 name: actions 385 type: nest 386 nested-attributes: action-attrs 387 doc: | 388 Nested attributes specifying the actions to take for packets that 389 match the key. Always present in notifications. Required for 390 OVS_FLOW_CMD_NEW requests, optional for OVS_FLOW_CMD_SET requests. An 391 OVS_FLOW_CMD_SET without OVS_FLOW_ATTR_ACTIONS will not modify the 392 actions. To clear the actions, an OVS_FLOW_ATTR_ACTIONS without any 393 nested attributes must be given. 394 - 395 name: stats 396 type: binary 397 struct: ovs-flow-stats 398 doc: | 399 Statistics for this flow. Present in notifications if the stats would 400 be nonzero. Ignored in requests. 401 - 402 name: tcp-flags 403 type: u8 404 doc: | 405 An 8-bit value giving the ORed value of all of the TCP flags seen on 406 packets in this flow. Only present in notifications for TCP flows, and 407 only if it would be nonzero. Ignored in requests. 408 - 409 name: used 410 type: u64 411 doc: | 412 A 64-bit integer giving the time, in milliseconds on the system 413 monotonic clock, at which a packet was last processed for this 414 flow. Only present in notifications if a packet has been processed for 415 this flow. Ignored in requests. 416 - 417 name: clear 418 type: flag 419 doc: | 420 If present in a OVS_FLOW_CMD_SET request, clears the last-used time, 421 accumulated TCP flags, and statistics for this flow. Otherwise 422 ignored in requests. Never present in notifications. 423 - 424 name: mask 425 type: nest 426 nested-attributes: key-attrs 427 doc: | 428 Nested attributes specifying the mask bits for wildcarded flow 429 match. Mask bit value '1' specifies exact match with corresponding 430 flow key bit, while mask bit value '0' specifies a wildcarded 431 match. Omitting attribute is treated as wildcarding all corresponding 432 fields. Optional for all requests. If not present, all flow key bits 433 are exact match bits. 434 - 435 name: probe 436 type: binary 437 doc: | 438 Flow operation is a feature probe, error logging should be suppressed. 439 - 440 name: ufid 441 type: binary 442 doc: | 443 A value between 1-16 octets specifying a unique identifier for the 444 flow. Causes the flow to be indexed by this value rather than the 445 value of the OVS_FLOW_ATTR_KEY attribute. Optional for all 446 requests. Present in notifications if the flow was created with this 447 attribute. 448 display-hint: uuid 449 - 450 name: ufid-flags 451 type: u32 452 enum: ovs-ufid-flags 453 doc: | 454 A 32-bit value of ORed flags that provide alternative semantics for 455 flow installation and retrieval. Optional for all requests. 456 - 457 name: pad 458 type: binary 459 460 - 461 name: key-attrs 462 enum-name: ovs-key-attr 463 name-prefix: ovs-key-attr- 464 attributes: 465 - 466 name: encap 467 type: nest 468 nested-attributes: key-attrs 469 - 470 name: priority 471 type: u32 472 - 473 name: in-port 474 type: u32 475 - 476 name: ethernet 477 type: binary 478 struct: ovs-key-ethernet 479 doc: struct ovs_key_ethernet 480 - 481 name: vlan 482 type: u16 483 byte-order: big-endian 484 - 485 name: ethertype 486 type: u16 487 byte-order: big-endian 488 - 489 name: ipv4 490 type: binary 491 struct: ovs-key-ipv4 492 - 493 name: ipv6 494 type: binary 495 struct: ovs-key-ipv6 496 doc: struct ovs_key_ipv6 497 - 498 name: tcp 499 type: binary 500 struct: ovs-key-tcp 501 - 502 name: udp 503 type: binary 504 struct: ovs-key-udp 505 - 506 name: icmp 507 type: binary 508 struct: ovs-key-icmp 509 - 510 name: icmpv6 511 type: binary 512 struct: ovs-key-icmp 513 - 514 name: arp 515 type: binary 516 struct: ovs-key-arp 517 doc: struct ovs_key_arp 518 - 519 name: nd 520 type: binary 521 struct: ovs-key-nd 522 doc: struct ovs_key_nd 523 - 524 name: skb-mark 525 type: u32 526 - 527 name: tunnel 528 type: nest 529 nested-attributes: tunnel-key-attrs 530 - 531 name: sctp 532 type: binary 533 struct: ovs-key-sctp 534 - 535 name: tcp-flags 536 type: u16 537 byte-order: big-endian 538 - 539 name: dp-hash 540 type: u32 541 doc: Value 0 indicates the hash is not computed by the datapath. 542 - 543 name: recirc-id 544 type: u32 545 - 546 name: mpls 547 type: binary 548 struct: ovs-key-mpls 549 - 550 name: ct-state 551 type: u32 552 enum: ct-state-flags 553 enum-as-flags: true 554 - 555 name: ct-zone 556 type: u16 557 doc: connection tracking zone 558 - 559 name: ct-mark 560 type: u32 561 doc: connection tracking mark 562 - 563 name: ct-labels 564 type: binary 565 display-hint: hex 566 doc: 16-octet connection tracking label 567 - 568 name: ct-orig-tuple-ipv4 569 type: binary 570 struct: ovs-key-ct-tuple-ipv4 571 - 572 name: ct-orig-tuple-ipv6 573 type: binary 574 doc: struct ovs_key_ct_tuple_ipv6 575 - 576 name: nsh 577 type: nest 578 nested-attributes: ovs-nsh-key-attrs 579 - 580 name: packet-type 581 type: u32 582 byte-order: big-endian 583 doc: Should not be sent to the kernel 584 - 585 name: nd-extensions 586 type: binary 587 doc: Should not be sent to the kernel 588 - 589 name: tunnel-info 590 type: binary 591 doc: struct ip_tunnel_info 592 - 593 name: ipv6-exthdrs 594 type: binary 595 struct: ovs-key-ipv6-exthdrs 596 doc: struct ovs_key_ipv6_exthdr 597 - 598 name: action-attrs 599 enum-name: ovs-action-attr 600 name-prefix: ovs-action-attr- 601 attributes: 602 - 603 name: output 604 type: u32 605 doc: ovs port number in datapath 606 - 607 name: userspace 608 type: nest 609 nested-attributes: userspace-attrs 610 - 611 name: set 612 type: nest 613 nested-attributes: key-attrs 614 doc: Replaces the contents of an existing header. The single nested attribute specifies a header to modify and its value. 615 - 616 name: push-vlan 617 type: binary 618 struct: ovs-action-push-vlan 619 doc: Push a new outermost 802.1Q or 802.1ad header onto the packet. 620 - 621 name: pop-vlan 622 type: flag 623 doc: Pop the outermost 802.1Q or 802.1ad header from the packet. 624 - 625 name: sample 626 type: nest 627 nested-attributes: sample-attrs 628 doc: | 629 Probabilistically executes actions, as specified in the nested attributes. 630 - 631 name: recirc 632 type: u32 633 doc: recirc id 634 - 635 name: hash 636 type: binary 637 struct: ovs-action-hash 638 - 639 name: push-mpls 640 type: binary 641 struct: ovs-action-push-mpls 642 doc: | 643 Push a new MPLS label stack entry onto the top of the packets MPLS 644 label stack. Set the ethertype of the encapsulating frame to either 645 ETH_P_MPLS_UC or ETH_P_MPLS_MC to indicate the new packet contents. 646 - 647 name: pop-mpls 648 type: u16 649 byte-order: big-endian 650 doc: ethertype 651 - 652 name: set-masked 653 type: nest 654 nested-attributes: key-attrs 655 doc: | 656 Replaces the contents of an existing header. A nested attribute 657 specifies a header to modify, its value, and a mask. For every bit set 658 in the mask, the corresponding bit value is copied from the value to 659 the packet header field, rest of the bits are left unchanged. The 660 non-masked value bits must be passed in as zeroes. Masking is not 661 supported for the OVS_KEY_ATTR_TUNNEL attribute. 662 - 663 name: ct 664 type: nest 665 nested-attributes: ct-attrs 666 doc: | 667 Track the connection. Populate the conntrack-related entries 668 in the flow key. 669 - 670 name: trunc 671 type: u32 672 doc: struct ovs_action_trunc is a u32 max length 673 - 674 name: push-eth 675 type: binary 676 doc: struct ovs_action_push_eth 677 - 678 name: pop-eth 679 type: flag 680 - 681 name: ct-clear 682 type: flag 683 - 684 name: push-nsh 685 type: nest 686 nested-attributes: ovs-nsh-key-attrs 687 doc: | 688 Push NSH header to the packet. 689 - 690 name: pop-nsh 691 type: flag 692 doc: | 693 Pop the outermost NSH header off the packet. 694 - 695 name: meter 696 type: u32 697 doc: | 698 Run packet through a meter, which may drop the packet, or modify the 699 packet (e.g., change the DSCP field) 700 - 701 name: clone 702 type: nest 703 nested-attributes: action-attrs 704 doc: | 705 Make a copy of the packet and execute a list of actions without 706 affecting the original packet and key. 707 - 708 name: check-pkt-len 709 type: nest 710 nested-attributes: check-pkt-len-attrs 711 doc: | 712 Check the packet length and execute a set of actions if greater than 713 the specified packet length, else execute another set of actions. 714 - 715 name: add-mpls 716 type: binary 717 struct: ovs-action-add-mpls 718 doc: | 719 Push a new MPLS label stack entry at the start of the packet or at the 720 start of the l3 header depending on the value of l3 tunnel flag in the 721 tun_flags field of this OVS_ACTION_ATTR_ADD_MPLS argument. 722 - 723 name: dec-ttl 724 type: nest 725 nested-attributes: dec-ttl-attrs 726 - 727 name: tunnel-key-attrs 728 enum-name: ovs-tunnel-key-attr 729 name-prefix: ovs-tunnel-key-attr- 730 attributes: 731 - 732 name: id 733 type: u64 734 byte-order: big-endian 735 value: 0 736 - 737 name: ipv4-src 738 type: u32 739 byte-order: big-endian 740 - 741 name: ipv4-dst 742 type: u32 743 byte-order: big-endian 744 - 745 name: tos 746 type: u8 747 - 748 name: ttl 749 type: u8 750 - 751 name: dont-fragment 752 type: flag 753 - 754 name: csum 755 type: flag 756 - 757 name: oam 758 type: flag 759 - 760 name: geneve-opts 761 type: binary 762 sub-type: u32 763 - 764 name: tp-src 765 type: u16 766 byte-order: big-endian 767 - 768 name: tp-dst 769 type: u16 770 byte-order: big-endian 771 - 772 name: vxlan-opts 773 type: nest 774 nested-attributes: vxlan-ext-attrs 775 - 776 name: ipv6-src 777 type: binary 778 doc: | 779 struct in6_addr source IPv6 address 780 - 781 name: ipv6-dst 782 type: binary 783 doc: | 784 struct in6_addr destination IPv6 address 785 - 786 name: pad 787 type: binary 788 - 789 name: erspan-opts 790 type: binary 791 doc: | 792 struct erspan_metadata 793 - 794 name: ipv4-info-bridge 795 type: flag 796 - 797 name: check-pkt-len-attrs 798 enum-name: ovs-check-pkt-len-attr 799 name-prefix: ovs-check-pkt-len-attr- 800 attributes: 801 - 802 name: pkt-len 803 type: u16 804 - 805 name: actions-if-greater 806 type: nest 807 nested-attributes: action-attrs 808 - 809 name: actions-if-less-equal 810 type: nest 811 nested-attributes: action-attrs 812 - 813 name: sample-attrs 814 enum-name: ovs-sample-attr 815 name-prefix: ovs-sample-attr- 816 attributes: 817 - 818 name: probability 819 type: u32 820 - 821 name: actions 822 type: nest 823 nested-attributes: action-attrs 824 - 825 name: userspace-attrs 826 enum-name: ovs-userspace-attr 827 name-prefix: ovs-userspace-attr- 828 attributes: 829 - 830 name: pid 831 type: u32 832 - 833 name: userdata 834 type: binary 835 - 836 name: egress-tun-port 837 type: u32 838 - 839 name: actions 840 type: flag 841 - 842 name: ovs-nsh-key-attrs 843 enum-name: ovs-nsh-key-attr 844 name-prefix: ovs-nsh-key-attr- 845 attributes: 846 - 847 name: base 848 type: binary 849 - 850 name: md1 851 type: binary 852 - 853 name: md2 854 type: binary 855 - 856 name: ct-attrs 857 enum-name: ovs-ct-attr 858 name-prefix: ovs-ct-attr- 859 attributes: 860 - 861 name: commit 862 type: flag 863 - 864 name: zone 865 type: u16 866 - 867 name: mark 868 type: binary 869 - 870 name: labels 871 type: binary 872 - 873 name: helper 874 type: string 875 - 876 name: nat 877 type: nest 878 nested-attributes: nat-attrs 879 - 880 name: force-commit 881 type: flag 882 - 883 name: eventmask 884 type: u32 885 - 886 name: timeout 887 type: string 888 - 889 name: nat-attrs 890 enum-name: ovs-nat-attr 891 name-prefix: ovs-nat-attr- 892 attributes: 893 - 894 name: src 895 type: flag 896 - 897 name: dst 898 type: flag 899 - 900 name: ip-min 901 type: binary 902 - 903 name: ip-max 904 type: binary 905 - 906 name: proto-min 907 type: u16 908 - 909 name: proto-max 910 type: u16 911 - 912 name: persistent 913 type: flag 914 - 915 name: proto-hash 916 type: flag 917 - 918 name: proto-random 919 type: flag 920 - 921 name: dec-ttl-attrs 922 enum-name: ovs-dec-ttl-attr 923 name-prefix: ovs-dec-ttl-attr- 924 attributes: 925 - 926 name: action 927 type: nest 928 nested-attributes: action-attrs 929 - 930 name: vxlan-ext-attrs 931 enum-name: ovs-vxlan-ext- 932 name-prefix: ovs-vxlan-ext- 933 attributes: 934 - 935 name: gbp 936 type: u32 937 938operations: 939 name-prefix: ovs-flow-cmd- 940 fixed-header: ovs-header 941 list: 942 - 943 name: get 944 doc: Get / dump OVS flow configuration and state 945 value: 3 946 attribute-set: flow-attrs 947 do: &flow-get-op 948 request: 949 attributes: 950 - dp-ifindex 951 - key 952 - ufid 953 - ufid-flags 954 reply: 955 attributes: 956 - dp-ifindex 957 - key 958 - ufid 959 - mask 960 - stats 961 - actions 962 dump: *flow-get-op 963 - 964 name: new 965 doc: Create OVS flow configuration in a data path 966 value: 1 967 attribute-set: flow-attrs 968 do: 969 request: 970 attributes: 971 - dp-ifindex 972 - key 973 - ufid 974 - mask 975 - actions 976 977mcast-groups: 978 list: 979 - 980 name: ovs_flow 981