Disables the interface. This is equivalent to ``ifconfig down'' on a Unix
system.
.
+.IP \fBforward\fR
+Allows forwarding of traffic on this interface. This is the default posture
+for all ports.
+.
+.IP \fBnoforward\fR
+Disallows forwarding of traffic on this interface.
+.
.IP \fBflood\fR
When a \fIflood\fR action is specified, traffic will be sent out this
interface. This is the default posture for monitored ports.
.
.RE
.
+.IP "\fBget\-frags \fIswitch\fR"
+Prints \fIswitch\fR's fragment handling mode. See \fBset\-frags\fR,
+below, for a description of each fragment handling mode.
+.IP
+The \fBshow\fR command also prints the fragment handling mode among
+its other output.
+.
+.IP "\fBset\-frags \fIswitch frag_mode\fR"
+Configures \fIswitch\fR's treatment of IPv4 and IPv6 fragments. The
+choices for \fIfrag_mode\fR are:
+.RS
+.IP "\fBnormal\fR"
+Fragments pass through the flow table like non-fragmented packets.
+The TCP ports, UDP ports, and ICMP type and code fields are always set
+to 0, even for fragments where that information would otherwise be
+available (fragments with offset 0). This is the default fragment
+handling mode for an OpenFlow switch.
+.IP "\fBdrop\fR"
+Fragments are dropped without passing through the flow table.
+.IP "\fBreassemble\fR"
+The switch reassembles fragments into full IP packets before passing
+them through the flow table. Open vSwitch does not implement this
+fragment handling mode.
+.IP "\fBnx\-match\fR"
+Fragments pass through the flow table like non-fragmented packets.
+The TCP ports, UDP ports, and ICMP type and code fields are available
+for matching for fragments with offset 0, and set to 0 in fragments
+with nonzero offset. This mode is a Nicira extension.
+.RE
+.IP
+See the description of \fBip_frag\fR, below, for a way to match on
+whether a packet is a fragment and on its fragment offset.
+.
.TP
\fBdump\-flows \fIswitch \fR[\fIflows\fR]
Prints to the console all flow entries in \fIswitch\fR's
\fIswitch\fR's tables that match \fIflows\fR. If \fIflows\fR is omitted,
the statistics are aggregated across all flows in the switch's flow
tables. See \fBFlow Syntax\fR, below, for the syntax of \fIflows\fR.
-The output format is descrbed in \fBTable Entry Output\fR.
+The output format is described in \fBTable Entry Output\fR.
.
.IP "\fBqueue\-stats \fIswitch \fR[\fIport \fR[\fIqueue\fR]]"
Prints to the console statistics for the specified \fIqueue\fR on
(\fB*\fR should be quoted to protect it from shell expansion.)
.
.IP \fBin_port=\fIport_no\fR
-Matches physical port \fIport_no\fR. Switch ports are numbered as
+Matches OpenFlow port \fIport_no\fR. Ports are numbered as
displayed by \fBovs\-ofctl show\fR.
+.IP
+(The \fBresubmit\fR action can search OpenFlow flow tables with
+arbitrary \fBin_port\fR values, so flows that match port numbers that
+do not exist from an OpenFlow perspective can still potentially be
+matched.)
.
.IP \fBdl_vlan=\fIvlan\fR
Matches IEEE 802.1q Virtual LAN tag \fIvlan\fR. Specify \fB0xffff\fR
specified as a decimal number between 0 and 255, inclusive. Note that
the two lower reserved bits are ignored for matching purposes.
.IP
-When \fBdl_type\fR is wildcarded or set to a value other than 0x0800,
-0x0806, or 0x86dd, the value of \fBnw_tos\fR is ignored (see \fBFlow
-Syntax\fR above).
+When \fBdl_type\fR is wildcarded or set to a value other than 0x0800 or
+0x86dd, the value of \fBnw_tos\fR is ignored (see \fBFlow Syntax\fR
+above).
+.
+.IP \fBnw_ecn=\fIecn\fR
+Matches \fIecn\fR bits in IP ToS or IPv6 traffic class fields, which is
+specified as a decimal number between 0 and 3, inclusive.
+.IP
+When \fBdl_type\fR is wildcarded or set to a value other than 0x0800 or
+0x86dd, the value of \fBnw_ecn\fR is ignored (see \fBFlow Syntax\fR
+above).
+.
+.IP \fBnw_ttl=\fIttl\fR
+Matches IP TTL or IPv6 hop limit value \fIttl\fR, which is
+specified as a decimal number between 0 and 255, inclusive.
+.IP
+When \fBdl_type\fR is wildcarded or set to a value other than 0x0800 or
+0x86dd, the value of \fBnw_ttl\fR is ignored (see \fBFlow Syntax\fR
+above).
+.IP
.
.IP \fBtp_src=\fIport\fR
.IQ \fBtp_dst=\fIport\fR
.
.IP \fBtable=\fInumber\fR
If specified, limits the flow manipulation and flow dump commands to
-only apply to the table with the given \fInumber\fR.
-\fInumber\fR is a number between 0 and 254, inclusive.
+only apply to the table with the given \fInumber\fR between 0 and 254.
.
-Behavior varies if \fBtable\fR is not specified. For flow table
+Behavior varies if \fBtable\fR is not specified (equivalent to
+specifying 255 as \fInumber\fR). For flow table
modification commands without \fB\-\-strict\fR, the switch will choose
the table for these commands to operate on. For flow table
modification commands with \fB\-\-strict\fR, the command will operate
.IP \fBvlan_tci=\fItci\fR[\fB/\fImask\fR]
Matches modified VLAN TCI \fItci\fR. If \fImask\fR is omitted,
\fItci\fR is the exact VLAN TCI to match; if \fImask\fR is specified,
-then a 1-bit in \fItci\fR indicates that the corresponding bit in
+then a 1-bit in \fImask\fR indicates that the corresponding bit in
\fItci\fR must match exactly, and a 0-bit wildcards that bit. Both
\fItci\fR and \fImask\fR are 16-bit values that are decimal by
default; use a \fB0x\fR prefix to specify them in hexadecimal.
Some of these matching possibilities can also be achieved with
\fBdl_vlan\fR and \fBdl_vlan_pcp\fR.
.
+.IP \fBip_frag=\fIfrag_type\fR
+When \fBdl_type\fR specifies IP or IPv6, \fIfrag_type\fR
+specifies what kind of IP fragments or non-fragments to match. The
+following values of \fIfrag_type\fR are supported:
+.RS
+.IP "\fBno\fR"
+Matches only non-fragmented packets.
+.IP "\fByes\fR"
+Matches all fragments.
+.IP "\fBfirst\fR"
+Matches only fragments with offset 0.
+.IP "\fBlater\fR"
+Matches only fragments with nonzero offset.
+.IP "\fBnot_later\fR"
+Matches non-fragmented packets and fragments with zero offset.
+.RE
+.IP
+The \fBip_frag\fR match type is likely to be most useful in
+\fBnx\-match\fR mode. See the description of the \fBset\-frags\fR
+command, above, for more details.
+.
.IP \fBarp_sha=\fIxx\fB:\fIxx\fB:\fIxx\fB:\fIxx\fB:\fIxx\fB:\fIxx\fR
.IQ \fBarp_tha=\fIxx\fB:\fIxx\fB:\fIxx\fB:\fIxx\fB:\fIxx\fB:\fIxx\fR
When \fBdl_type\fR specifies ARP, \fBarp_sha\fR and \fBarp_tha\fR match
restricting a match to an IPv6 address prefix. A netmask is specified
as a CIDR block (e.g. \fB2001:db8:3c4d:1::/64\fR).
.
+.IP \fBipv6_label=\fIlabel\fR
+When \fBdl_type\fR is 0x86dd (possibly via shorthand, e.g., \fBipv6\fR
+or \fBtcp6\fR), matches IPv6 flow label \fIlabel\fR.
+.
.IP \fBnd_target=\fIipv6\fR
When \fBdl_type\fR, \fBnw_proto\fR, and \fBicmp_type\fR specify
IPv6 Neighbor Discovery (ICMPv6 type 135 or 136), matches the target address
keep the learned flows separate from the primary flow table 0.)
.RE
.
+.IP "\fBexit\fR"
+This action causes Open vSwitch to immediately halt execution of further
+actions. Those actions which have already been executed are unaffected. Any
+further actions, including those which may be in other tables, or different
+levels of the \fBresubmit\fR call stack, are ignored.
+.
.PP
-The \fBadd\-flow\fR, \fBadd\-flows\fR, and \fBmod\-flows\fR commands
-support an additional optional field:
+An opaque identifier called a cookie can be used as a handle to identify
+a set of flows:
.
-.IP \fBcookie=\fIvalue\fR
+.IP \fBcookie=\fIvalue\fR[\fB/\fImask\fR]
.
-A cookie is an opaque identifier that can be associated with the flow.
-\fIvalue\fR can be any 64-bit number and need not be unique among
-flows. If this field is omitted, these commands set a default cookie
-value of 0.
+A cookie can be associated with a flow using the \fBadd-flow\fR and
+\fBadd-flows\fR commands. \fIvalue\fR can be any 64-bit number and need
+not be unique among flows. If this field is omitted, a default cookie
+value of 0 is used.
+.IP
+When using NXM, the cookie can be used as a handle for querying,
+modifying, and deleting flows. In addition to \fIvalue\fR, an optional
+\fImask\fR may be supplied for the \fBdel-flows\fR, \fBmod-flows\fR,
+\fBdump-flows\fR, and \fBdump-aggregate\fR commands to limit matching
+cookies. A 1-bit in \fImask\fR indicates that the corresponding bit in
+\fIcookie\fR must match exactly, and a 0-bit wildcards that bit.
.
.PP
The following additional field sets the priority for flows added by
projects / openvswitch / blobdiff