X-Git-Url: https://pintos-os.org/cgi-bin/gitweb.cgi?a=blobdiff_plain;f=vswitchd%2Fvswitch.xml;h=293634b6ef5541b4296625a5f1957ffea5813293;hb=59405f317bf13896161d13eb485077f0b33154e7;hp=f78a579455e7fa161f7c97101a973fa5aaba98af;hpb=4c2fa71d662cde318940c4cd555aacd687538510;p=openvswitch
diff --git a/vswitchd/vswitch.xml b/vswitchd/vswitch.xml
index f78a5794..293634b6 100644
--- a/vswitchd/vswitch.xml
+++ b/vswitchd/vswitch.xml
@@ -755,9 +755,122 @@
bypass certain components of the IP stack (such as IP tables)
and it may be useful to disable it if these features are
required or as a debugging measure. Default is enabled, set to
- false to disable. If IPsec is enabled through the
- false to disable.
+
+
+ ipsec_gre
+ An Ethernet over RFC 2890 Generic Routing Encapsulation
+ over IPv4 IPsec tunnel. Each tunnel (including those of type
+ gre) must be uniquely identified by the
+ combination of remote_ip and
+ local_ip. Note that if two ports are defined
+ that are the same except one has an optional identifier and
+ the other does not, the more specific one is matched first.
+ An authentication method of peer_cert or
+ psk must be defined. The following options may
+ be specified in the
+ remote_ip- Required. The tunnel endpoint.
+
+
+ local_ip- Optional. The destination IP that received packets must
+ match. Default is to match all addresses.
+
+
+ peer_cert- Required for certificate authentication. A string
+ containing the peer's certificate in PEM format.
+ Additionally the host's certificate must be specified
+ with the
certificate option.
+
+
+ certificate- Required for certificate authentication. The name of a
+ PEM file containing a certificate that will be presented
+ to the peer during authentication.
+
+
+ private_key- Optional for certificate authentication. The name of
+ a PEM file containing the private key associated with
+
certificate. If certificate
+ contains the private key, this option may be omitted.
+
+
+ psk- Required for pre-shared key authentication. Specifies a
+ pre-shared key for authentication that must be identical on
+ both sides of the tunnel.
+
+
+ in_key- Optional. The GRE key that received packets must contain.
+ It may either be a 32-bit number (no key and a key of 0 are
+ treated as equivalent) or the word
flow. If
+ flow is specified then any key will be accepted
+ and the key will be placed in the tun_id field
+ for matching in the flow table. The ovs-ofctl manual page
+ contains additional information about matching fields in
+ OpenFlow flows. Default is no key.
+
+
+ out_key- Optional. The GRE key to be set on outgoing packets. It may
+ either be a 32-bit number or the word
flow. If
+ flow is specified then the key may be set using
+ the set_tunnel Nicira OpenFlow vendor extension (0
+ is used in the absence of an action). The ovs-ofctl manual
+ page contains additional information about the Nicira OpenFlow
+ vendor extensions. Default is no key.
+
+
+ key- Optional. Shorthand to set
in_key and
+ out_key at the same time.
+
+
+ tos- Optional. The value of the ToS bits to be set on the
+ encapsulating packet. It may also be the word
+
inherit, in which case the ToS will be copied from
+ the inner packet if it is IPv4 or IPv6 (otherwise it will be
+ 0). Note that the ECN fields are always inherited. Default is
+ 0.
+
+
+ ttl- Optional. The TTL to be set on the encapsulating packet.
+ It may also be the word
inherit, in which case the
+ TTL will be copied from the inner packet if it is IPv4 or IPv6
+ (otherwise it will be the system default, typically 64).
+ Default is the system default TTL.
+
+
+ csum- Optional. Compute GRE checksums on outgoing packets.
+ Checksums present on incoming packets will be validated
+ regardless of this setting. Note that GRE checksums
+ impose a significant performance penalty as they cover the
+ entire packet. As the contents of the packet is typically
+ covered by L3 and L4 checksums, this additional checksum only
+ adds value for the GRE and encapsulated Ethernet headers.
+ Default is disabled, set to
true to enable.
+
+
+ pmtud- Optional. Enable tunnel path MTU discovery. If enabled
+ ``ICMP destination unreachable - fragmentation'' needed
+ messages will be generated for IPv4 packets with the DF bit set
+ and IPv6 packets above the minimum MTU if the packet size
+ exceeds the path MTU minus the size of the tunnel headers. It
+ also forces the encapsulating packet DF bit to be set (it is
+ always set if the inner packet implies path MTU discovery).
+ Note that this option causes behavior that is typically
+ reserved for routers and therefore is not entirely in
+ compliance with the IEEE 802.1D specification for bridges.
+ Default is enabled, set to
false to disable.
capwap
@@ -989,18 +1102,17 @@
+
+ Egress interface for tunnels. Currently only relevant for GRE and
+ CAPWAP tunnels. On Linux systems, this column will show the name of
+ the interface which is responsible for routing traffic destined for the
+ configured remote_ip. This could be an internal interface
+ such as a bridge port.
+
+
Key-value pairs for rarely used interface features. Currently,
- the only key is for configuring GRE-over-IPsec, which is only
- available through the openvswitch-ipsec package for
- Debian. The currently defined key-value pair is:
-
- ipsec_psk- Required key for GRE-over-IPsec interfaces. Specifies a
- pre-shared key for authentication that must be identical on
- both sides of the tunnel. Additionally, the
-
gre.
-
+ there are none defined.