• <var id="lvoaz"></var>
      1. <output id="lvoaz"></output>
          ovs-dpctl(8)                  Open vSwitch Manual                 ovs-dpctl(8)
                 ovs-dpctl - administer Open vSwitch datapaths
                 ovs-dpctl [options] command [switch] [args...]
                 The ovs-dpctl program can create, modify, and delete Open vSwitch data‐
                 paths.  A single machine may host any number of datapaths.
                 This program works only with datapaths that are implemented outside  of
                 ovs-vswitchd  itself,  such as the Linux and Windows kernel-based data‐
                 paths.  To manage datapaths that are integrated into ovs-vswitchd, such
                 as  the  userspace  (netdev)  datapath, use ovs-appctl(8) to invoke the
                 dpctl/* commands, which are documented in ovs-vswitchd(8).
                 A newly created datapath is associated with only one network device,  a
                 virtual  network device sometimes called the datapath's ``local port''.
                 A newly created datapath is not, however, associated with  any  of  the
                 host's  other  network  devices.  To intercept and process traffic on a
                 given network device, use the add-if command  to  explicitly  add  that
                 network device to the datapath.
                 If ovs-vswitchd(8) is in use, use ovs-vsctl(8) instead of ovs-dpctl.
                 Most  ovs-dpctl commands that work with datapaths take an argument that
                 specifies the name of the  datapath.   Datapath  names  take  the  form
                 [type@]name, where name is the network device associated with the data‐
                 path's local port.   If  type  is  given,  it  specifies  the  datapath
                 provider of name, otherwise the default provider system is assumed.
                 The following commands manage datapaths.
                 add-dp dp [netdev[,option]...]
                        Creates datapath dp, with a local port also named dp.  This will
                        fail if a network device dp already exists.
                        If netdevs are specified, ovs-dpctl adds them to the  new  data‐
                        path, just as if add-if was specified.
                 del-dp dp
                        Deletes  datapath  dp.   If  dp  is  associated with any network
                        devices, they are automatically removed.
                 add-if dp netdev[,option]...
                        Adds each netdev to the set of network devices datapath dp moni‐
                        tors,  where  dp is the name of an existing datapath, and netdev
                        is the name of one of the host's  network  devices,  e.g.  eth0.
                        Once a network device has been added to a datapath, the datapath
                        has complete ownership of the network device's traffic  and  the
                        network device appears silent to the rest of the system.
                        A  netdev  may be followed by a comma-separated list of options.
                        The following options are currently supported:
                               Specifies the type of port to add.  The default  type  is
                               Requests  a specific port number within the datapath.  If
                               this option is not specified then one will  be  automati‐
                               cally assigned.
                               Adds an arbitrary key-value option to the port's configu‐
                        ovs-vswitchd.conf.db(5) documents the available port  types  and
                 set-if dp port[,option]...
                        Reconfigures  each  port  in  dp as specified.  An option of the
                        form key=value adds the specified key-value option to  the  port
                        or  overrides  an  existing  key's value.  An option of the form
                        key=, that is, without a value, deletes the key-value named key.
                        The  type  and  port number of a port cannot be changed, so type
                        and port_no are only allowed if they match the existing configu‐
                 del-if dp netdev...
                        Removes each netdev from the list of network devices datapath dp
                        Prints the name of each configured datapath on a separate line.
                 [-s | --statistics] show [dp...]
                        Prints a summary of configured datapaths, including their  data‐
                        path  numbers  and  a  list of ports connected to each datapath.
                        (The local port is identified as port 0.)  If -s or --statistics
                        is specified, then packet and byte counters are also printed for
                        each port.
                        The datapath numbers consists of flow stats and mega  flow  mask
                        The  "lookups"  row  displays three stats related to flow lookup
                        triggered by processing incoming packets in the datapath.  "hit"
                        displays number of packets matches existing flows. "missed" dis‐
                        plays the number of packets not matching any existing  flow  and
                        require  user space processing.  "lost" displays number of pack‐
                        ets destined for user space  process  but  subsequently  dropped
                        before reaching userspace. The sum of "hit" and "miss" equals to
                        the total number of packets datapath processed.
                        The "flows" row displays the number of flows in datapath.
                        The "masks" row displays the mega flow mask stats. This  row  is
                        omitted  for datapath not implementing mega flow. "hit" displays
                        the total number of masks visited for matching incoming packets.
                        "total" displays number of masks in the datapath. "hit/pkt" dis‐
                        plays the average number of masks visited per packet; the  ratio
                        between "hit" and total number of packets processed by the data‐
                        If one or more datapaths  are  specified,  information  on  only
                        those  datapaths  are  displayed.  Otherwise, ovs-dpctl displays
                        information about all configured datapaths.
                 The following commands are primarily useful for debugging Open vSwitch.
                 The  flow  table entries (both matches and actions) that they work with
                 are not OpenFlow flow entries.  Instead, they are different and consid‐
                 erably simpler flows maintained by the Open vSwitch kernel module.  Use
                 ovs-ofctl(8), instead, to work with OpenFlow flow entries.
                 The dp argument to each of these commands is optional when exactly  one
                 datapath exists, in which case that datapath is the default.  When mul‐
                 tiple datapaths exist, then a datapath name is required.
                 [-m | --more] dump-flows [dp] [filter=filter]
                        Prints to the console all flow entries in datapath dp's flow ta‐
                        ble.   Without  -m  or  --more, output omits match fields that a
                        flow wildcards entirely; with -m or --more, output includes  all
                        wildcarded fields.
                        If  filter=filter  is  specified,  only  displays the flows that
                        match the filter. filter is a flow in the form similiar to  that
                        accepted  by  ovs-ofctl(8)'s  add-flow  command. (This is not an
                        OpenFlow flow: besides  other  differences,  it  never  contains
                        wildcards.)   The  filter  is  also  useful  to match wildcarded
                        fields   in   the   datapath   flow.   As   an   example,   fil
                        ter='tcp,tp_src=100'  will  match  the  datapath flow containing
                 add-flow [dp] flow actions
                 [--clear] [--may-create] [-s | --statistics] mod-flow [dp] flow actions
                        Adds or modifies a flow in dp's flow table that, when  a  packet
                        matching flow arrives, causes actions to be executed.
                        The  add-flow  command  succeeds  only  if flow does not already
                        exist in dp.  Contrariwise, mod-flow without  --may-create  only
                        modifies  the  actions for an existing flow.  With --may-create,
                        mod-flow will add a new flow or modify an existing one.
                        If -s or --statistics is specified,  then  mod-flow  prints  the
                        modified  flow's statistics.  A flow's statistics are the number
                        of packets and bytes that have  passed  through  the  flow,  the
                        elapsed  time  since the flow last processed a packet (if ever),
                        and (for TCP flows) the union of the TCP flags processed through
                        the flow.
                        With  --clear,  mod-flow  zeros  out the flow's statistics.  The
                        statistics printed if -s or --statistics is also  specified  are
                        those from just before clearing the statistics.
                 [-s | --statistics] del-flow [dp] flow
                        Deletes  the flow from dp's flow table that matches flow.  If -s
                        or --statistics is specified, then del-flow prints  the  deleted
                        flow's statistics.
                 get-flow [dp] ufid:ufid
                        Fetches  the  flow  from  dp's flow table with unique identifier
                        ufid.  ufid must be specified as  a  string  of  32  hexadecimal
                 del-flows [dp]
                        Deletes all flow entries from datapath dp's flow table.
                 The  following  commands are primarily useful for debugging the connec‐
                 tion tracking entries in the datapath.
                 The dp argument to each of these commands is optional when exactly  one
                 datapath exists, in which case that datapath is the default.  When mul‐
                 tiple datapaths exist, then a datapath name is required.
                 N.B.(Linux specific): the system datapaths (i.e. the Linux kernel  mod‐
                 ule  Open  vSwitch  datapaths) share a single connection tracking table
                 (which is also used by other kernel subsystems, such as iptables, nfta‐
                 bles and the regular host stack).  Therefore, the following commands do
                 not apply specifically to one datapath.
                 [-m | --more] [-s | --statistics] dump-conntrack [dp] [zone=zone]
                        Prints to the console all the connection entries in the  tracker
                        used  by  dp.  If zone=zone is specified, only shows the connec‐
                        tions  in  zone.   With  --more,  some  implementation  specific
                        details  are included. With --statistics timeouts and timestamps
                        are added to the output.
                 flush-conntrack [dp] [zone=zone]
                        Flushes all the connection entries in the tracker  used  by  dp.
                        If zone=zone is specified, only flushes the connections in zone.
                        Causes  the  show  command to print packet and byte counters for
                        each port within the datapaths that it shows.
                 --more Increases the verbosity of dump-flows output.
                        Limits ovs-dpctl runtime to approximately secs seconds.  If  the
                        timeout expires, ovs-dpctl will exit with a SIGALRM signal.
                        Sets  logging  levels.  Without any spec, sets the log level for
                        every module and destination to dbg.  Otherwise, spec is a  list
                        of words separated by spaces or commas or colons, up to one from
                        each category below:
                        ·      A valid module name, as displayed by the  vlog/list  com‐
                               mand on ovs-appctl(8), limits the log level change to the
                               specified module.
                        ·      syslog, console, or file, to limit the log  level  change
                               to  only to the system log, to the console, or to a file,
                               respectively.   (If  --detach  is  specified,   ovs-dpctl
                               closes  its  standard file descriptors, so logging to the
                               console will have no effect.)
                               On Windows platform, syslog is accepted as a word and  is
                               only  useful  along  with the --syslog-target option (the
                               word has no effect otherwise).
                        ·      off, emer, err, warn, info, or dbg, to  control  the  log
                               level.   Messages of the given severity or higher will be
                               logged, and messages of lower severity will  be  filtered
                               out.   off  filters  out all messages.  See ovs-appctl(8)
                               for a definition of each log level.
                        Case is not significant within spec.
                        Regardless of the log levels set for file,  logging  to  a  file
                        will  not  take  place  unless --log-file is also specified (see
                        For compatibility with older versions of OVS, any is accepted as
                        a word but has no effect.
                        Sets  the  maximum logging verbosity level, equivalent to --ver
                        Sets the log pattern  for  destination  to  pattern.   Refer  to
                        ovs-appctl(8) for a description of the valid syntax for pattern.
                        Sets  the  RFC5424  facility of the log message. facility can be
                        one of kern, user, mail, daemon, auth, syslog, lpr, news,  uucp,
                        clock,  ftp,  ntp, audit, alert, clock2, local0, local1, local2,
                        local3, local4, local5, local6 or local7. If this option is  not
                        specified,  daemon  is  used as the default for the local system
                        syslog and local0 is used while sending a message to the  target
                        provided via the --syslog-target option.
                        Enables  logging  to  a  file.  If file is specified, then it is
                        used as the exact name for the log file.  The default  log  file
                        name    used    if    file   is   omitted   is   //var/log/open
                        Send syslog messages to UDP port on host,  in  addition  to  the
                        system  syslog.   The host must be a numerical IP address, not a
                        Specify method how syslog messages should be sent to syslog dae‐
                        mon.  Following forms are supported:
                        ·      libc,  use  libc  syslog() function.  This is the default
                               behavior.  Downside of using this options  is  that  libc
                               adds  fixed prefix to every message before it is actually
                               sent to the  syslog  daemon  over  /dev/log  UNIX  domain
                        ·      unix:file, use UNIX domain socket directly.  It is possi‐
                               ble to specify arbitrary message format with this option.
                               However,  rsyslogd  8.9 and older versions use hard coded
                               parser function anyway that  limits  UNIX  domain  socket
                               use.   If  you  want to use arbitrary message format with
                               older rsyslogd versions, then use UDP socket to localhost
                               IP address instead.
                        ·      udp:ip:port, use UDP socket.  With this method it is pos‐
                               sible to use arbitrary message  format  also  with  older
                               rsyslogd.   When  sending syslog messages over UDP socket
                               extra precaution needs to  be  taken  into  account,  for
                               example,  syslog  daemon needs to be configured to listen
                               on the specified  UDP  port,  accidental  iptables  rules
                               could  be interfering with local syslog traffic and there
                               are some security considerations that apply to UDP  sock‐
                               ets, but do not apply to UNIX domain sockets.
                 --help Prints a brief help message to the console.
                        Prints version information to the console.
          SEE ALSO
                 ovs-appctl(8), ovs-vswitchd(8)
          Open vSwitch                         2.5.1                        ovs-dpctl(8)