ofp-util: Work on decoding OF1.1 flow_mods.

[openvswitch] / INSTALL.userspace

diff --git a/INSTALL.userspace b/INSTALL.userspace
index a0c6a266c3b022ecd265a8afa937d6abea8e79de..10511b1653912bd1539c9db40c9433f04dd7e7e2 100644 (file)
--- a/INSTALL.userspace
+++ b/INSTALL.userspace
@@ -31,19 +31,34 @@ The tun device must also exist as /dev/net/tun.  If it does not exist,
 then create /dev/net (if necessary) with "mkdir /dev/net", then create
 /dev/net/tun with "mknod /dev/net/tun c 10 200".
 
-Using the Userspace Datapath
-----------------------------
+Using the Userspace Datapath with ovs-vswitchd
+----------------------------------------------
 
-To use ovs-vswitchd in userspace mode, give the bridge a name that
-begins with "netdev:" in the configuration file.  For example:
+To use ovs-vswitchd in userspace mode, create a bridge with datapath_type
+"netdev" in the configuration database.  For example:
 
-    bridge.netdev:br0.port=eth0
-    bridge.netdev:br0.port=eth1
-    bridge.netdev:br0.port=eth2
+    ovs-vsctl add-br br0
+    ovs-vsctl set bridge br0 datapath_type=netdev
+    ovs-vsctl add-port br0 eth0
+    ovs-vsctl add-port br0 eth1
+    ovs-vsctl add-port br0 eth2
 
 ovs-vswitchd will create a TAP device as the bridge's local interface,
-named the same as the bridge minus the "netdev:" prefix, as well as
-for each configured internal interface.
+named the same as the bridge, as well as for each configured internal
+interface.
+
+Firewall Rules
+--------------
+
+On Linux, when a physical interface is in use by the userspace
+datapath, packets received on the interface still also pass into the
+kernel TCP/IP stack.  This can cause surprising and incorrect
+behavior.  You can use "iptables" to avoid this behavior, by using it
+to drop received packets.  For example, to drop packets received on
+eth0:
+
+    iptables -A INPUT -i eth0 -j DROP
+    iptables -A FORWARD -i eth0 -j DROP
 
 Bug Reporting
 -------------