found, 1 means that an error occurred, and 2 means that some
differences were found.
.
+.IP "\fBpacket\-out \fIswitch in_port actions packet\fR..."
+Connects to \fIswitch\fR and instructs it to execute the OpenFlow
+\fIactions\fR on each \fIpacket\fR. For the purpose of executing the
+actions, the packets are considered to have arrived on \fIin_port\fR,
+which may be an OpenFlow assigned port number, an OpenFlow port name
+(e.g. \fBeth0\fR), the keyword \fBlocal\fR for the OpenFlow ``local''
+port \fBOFPP_LOCAL\fR, or the keyword \fBnone\fR to indicate that the
+packet was generated by the switch itself.
+.
.SS "OpenFlow Switch Monitoring Commands"
.
.IP "\fBsnoop \fIswitch\fR"
.IQ \fBtp_dst=\fIport\fR
When \fBdl_type\fR and \fBnw_proto\fR specify TCP or UDP, \fBtp_src\fR
and \fBtp_dst\fR match the UDP or TCP source or destination port
-\fIport\fR, respectively. which is specified as a decimal number
+\fIport\fR, respectively, which is specified as a decimal number
between 0 and 65535, inclusive (e.g. 80 to match packets originating
from a HTTP server).
.IP
When \fBdl_type\fR and \fBnw_proto\fR take other values, the values of
these settings are ignored (see \fBFlow Syntax\fR above).
.
+.IP \fBtp_src=\fIport\fB/\fImask\fR
+.IQ \fBtp_dst=\fIport\fB/\fImask\fR
+Bitwise match on TCP (or UDP) source or destination port,
+respectively. The \fIport\fR and \fImask\fR are 16-bit numbers
+written in decimal or in hexadecimal prefixed by \fB0x\fR. Each 1-bit
+in \fImask\fR requires that the corresponding bit in \fIport\fR must
+match. Each 0-bit in \fImask\fR causes the corresponding bit to be
+ignored.
+.IP
+Bitwise matches on transport ports are rarely useful in isolation, but
+a group of them can be used to reduce the number of flows required to
+match on a range of transport ports. For example, suppose that the
+goal is to match TCP source ports 1000 to 1999, inclusive. One way is
+to insert 1000 flows, each of which matches on a single source port.
+Another way is to look at the binary representations of 1000 and 1999,
+as follows:
+.br
+.B "01111101000"
+.br
+.B "11111001111"
+.br
+and then to transform those into a series of bitwise matches that
+accomplish the same results:
+.br
+.B "01111101xxx"
+.br
+.B "0111111xxxx"
+.br
+.B "10xxxxxxxxx"
+.br
+.B "110xxxxxxxx"
+.br
+.B "1110xxxxxxx"
+.br
+.B "11110xxxxxx"
+.br
+.B "1111100xxxx"
+.br
+which become the following when written in the syntax required by
+\fBovs\-ofctl\fR:
+.br
+.B "tcp,tp_src=0x03e8/0xfff8"
+.br
+.B "tcp,tp_src=0x03f0/0xfff0"
+.br
+.B "tcp,tp_src=0x0400/0xfe00"
+.br
+.B "tcp,tp_src=0x0600/0xff00"
+.br
+.B "tcp,tp_src=0x0700/0xff80"
+.br
+.B "tcp,tp_src=0x0780/0xffc0"
+.br
+.B "tcp,tp_src=0x07c0/0xfff0"
+.IP
+Only Open vSwitch 1.6 and later supports bitwise matching on transport
+ports.
+.IP
+Like the exact-match forms of \fBtp_src\fR and \fBtp_dst\fR described
+above, the bitwise match forms apply only when \fBdl_type\fR and
+\fBnw_proto\fR specify TCP or UDP.
+.
.IP \fBicmp_type=\fItype\fR
.IQ \fBicmp_code=\fIcode\fR
When \fBdl_type\fR and \fBnw_proto\fR specify ICMP or ICMPv6, \fItype\fR
.IP \fBtun_id=\fItunnel-id\fR[\fB/\fImask\fR]
Matches tunnel identifier \fItunnel-id\fR. Only packets that arrive
over a tunnel that carries a key (e.g. GRE with the RFC 2890 key
-extension) will have a nonzero tunnel ID. If \fImask\fR is omitted,
-\fItunnel-id\fR is the exact tunnel ID to match; if \fImask\fR is
-specified, then a 1-bit in \fImask\fR indicates that the corresponding
-bit in \fItunnel-id\fR must match exactly, and a 0-bit wildcards that
-bit.
-.IP
-In an attempt to be compatible with more switches, \fBovs\-ofctl\fR will
-prefer to use the ``tunnel ID from cookie'' Nicira extension to NXM.
-The use of this extension comes with three caveats: the top 32 bits of
-the \fBcookie\fR (see below) are used for \fItunnel-id\fR and thus
-unavailable for other use, specifying \fBtun_id\fR on \fBdump\-flows\fR
-or \fBdump\-aggregate\fR has no effect, and \fImask\fR is not supported.
-If any of these caveats apply, \fBovs-ofctl\fR will use NXM.
+extension and a nonzero key value) will have a nonzero tunnel ID.
+If \fImask\fR is omitted, \fItunnel-id\fR is the exact tunnel ID to match;
+if \fImask\fR is specified, then a 1-bit in \fImask\fR indicates that the
+corresponding bit in \fItunnel-id\fR must match exactly, and a 0-bit
+wildcards that bit.
.
.IP "\fBreg\fIidx\fB=\fIvalue\fR[\fB/\fImask\fR]"
Matches \fIvalue\fR either exactly or with optional \fImask\fR in
the \fBadd\-flow\fR and \fBadd\-flows\fR commands. For
\fBmod\-flows\fR and \fBdel\-flows\fR when \fB\-\-strict\fR is
specified, priority must match along with the rest of the flow
-specification. Other commands do not allow priority to be specified.
+specification. For \fBmod\-flows\fR without \fB\-\-strict\fR,
+priority is only significant if the command creates a new flow, that
+is, non-strict \fBmod\-flows\fR does not match on priority and will
+not change the priority of existing flows. Other commands do not
+allow priority to be specified.
.
.IP \fBpriority=\fIvalue\fR
The priority at which a wildcarded entry will match in comparison to
the flow's priority will default to 32768.
.
.PP
-The \fBadd\-flow\fR and \fBadd\-flows\fR commands support additional
-optional fields:
+The \fBadd\-flow\fR, \fBadd\-flows\fR, and \fBmod\-flows\fR commands
+support the following additional options. These options affect only
+new flows. Thus, for \fBadd\-flow\fR and \fBadd\-flows\fR, these
+options are always significant, but for \fBmod\-flows\fR they are
+significant only if the command creates a new flow, that is, their
+values do not update or affect existing flows.
.
-.TP
-\fBidle_timeout=\fIseconds\fR
+.IP "\fBidle_timeout=\fIseconds\fR"
Causes the flow to expire after the given number of seconds of
-inactivity. A value of 0 (the default) prevents a flow from expiring due to
-inactivity.
+inactivity. A value of 0 (the default) prevents a flow from expiring
+due to inactivity.
.
.IP \fBhard_timeout=\fIseconds\fR
Causes the flow to expire after the given number of seconds,
regardless of activity. A value of 0 (the default) gives the flow no
hard expiration deadline.
.
+.IP "\fBsend_flow_rem\fR"
+Marks the flow with a flag that causes the switch to generate a ``flow
+removed'' message and send it to interested controllers when the flow
+later expires or is removed.
+.
+.IP "\fBcheck_overlap\fR"
+Forces the switch to check that the flow match does not overlap that
+of any different flow with the same priority in the same table. (This
+check is expensive so it is best to avoid it.)
+.
.PP
The \fBdump\-flows\fR, \fBdump\-aggregate\fR, \fBdel\-flow\fR
and \fBdel\-flows\fR commands support one additional optional field:
.
The \fBdump\-tables\fR and \fBdump\-aggregate\fR commands print information
about the entries in a datapath's tables. Each line of output is a
-unique flow entry, which begins with some common information:
+flow entry as described in \fBFlow Syntax\fR, above, plus some
+additional fields:
.
-.IP \fBduration\fR
-The number of seconds the entry has been in the table.
-.
-.IP \fBtable\fR
-The table that contains the flow. When a packet arrives, the switch
-begins searching for an entry at the lowest numbered table. Tables are
-numbered as shown by the \fBdump\-tables\fR command.
-.
-.IP \fBpriority\fR
-The priority of the entry in relation to other entries within the same
-table. A higher value will match before a lower one.
+.IP \fBduration=\fIsecs\fR
+The time, in seconds, that the entry has been in the table.
+\fIsecs\fR includes as much precision as the switch provides, possibly
+to nanosecond resolution.
.
.IP \fBn_packets\fR
The number of packets that have matched the entry.
The total number of bytes from packets that have matched the entry.
.
.PP
-The rest of the line consists of a description of the flow entry as
-described in \fBFlow Syntax\fR, above.
-.
+The following additional fields are included only if the switch is
+Open vSwitch 1.6 or later and the NXM flow format is used to dump the
+flow (see the description of the \fB\-\-flow-format\fR option below).
+The values of these additional fields are approximations only and in
+particular \fBidle_age\fR will sometimes become nonzero even for busy
+flows.
+.
+.IP \fBhard_age=\fIsecs\fR
+The integer number of seconds since the flow was added or modified.
+\fBhard_age\fR is displayed only if it differs from the integer part
+of \fBduration\fR. (This is separate from \fBduration\fR because
+\fBmod\-flows\fR restarts the \fBhard_timeout\fR timer without zeroing
+\fBduration\fR.)
+.
+.IP \fBidle_age=\fIsecs\fR
+The integer number of seconds that have passed without any packets
+passing through the flow.
.
.SH OPTIONS
.TP
.so lib/common.man
.
.SH "RUNTIME MANAGEMENT COMMANDS"
-\fBovs\-appctl\fR(8) can send commands to a running \fBovs\-ofctl\fR process.
-The currently supported commands only apply when executing the \fBmonitor\fR or
-\fBsnoop\fR commands and are described below.
+\fBovs\-appctl\fR(8) can send commands to a running \fBovs\-ofctl\fR
+process. The supported commands are listed below.
+.
.IP "\fBexit\fR"
-Causes \fBovs\-ofctl\fR to gracefully terminate.
+Causes \fBovs\-ofctl\fR to gracefully terminate. This command applies
+only when executing the \fBmonitor\fR or \fBsnoop\fR commands.
+.
+.IP "\fBofctl/set\-output\-file \fIfile\fR"
+Causes all subsequent output to go to \fIfile\fR instead of stderr.
+This command applies only when executing the \fBmonitor\fR or
+\fBsnoop\fR commands.
+.
+.IP "\fBofctl/send \fIofmsg\fR..."
+Sends each \fIofmsg\fR, specified as a sequence of hex digits that
+express an OpenFlow message, on the OpenFlow connection. This command
+is useful only when executing the \fBmonitor\fR command.
+.
+.IP "\fBofctl/barrier\fR"
+Sends an OpenFlow barrier request on the OpenFlow connection and waits
+for a reply. This command is useful only for the \fBmonitor\fR
+command.
+.
.SH EXAMPLES
.
The following examples assume that \fBovs\-vswitchd\fR has a bridge
projects / openvswitch / blobdiff