Provided by: openvswitch-switch_2.5.0-0ubuntu1_amd64 bug

NAME

       ovs-dpctl - administer Open vSwitch datapaths

SYNOPSIS

       ovs-dpctl [options] command [switch] [args...]

DESCRIPTION

       The  ovs-dpctl  program  can  create, modify, and delete Open vSwitch datapaths.  A single
       machine may host any number of datapaths.

       This program works only with  datapaths  that  are  implemented  outside  of  ovs-vswitchd
       itself,  such  as  the Linux and Windows kernel-based datapaths.  To manage datapaths that
       are  integrated  into  ovs-vswitchd,  such  as  the  userspace  (netdev)   datapath,   use
       ovs-appctl(8) to invoke the dpctl/* commands, which are documented in ovs-vswitchd(8).

       A  newly  created  datapath  is associated with only one network device, a virtual network
       device sometimes called the datapath's ``local port''.  A newly created datapath  is  not,
       however,  associated  with  any  of  the  host's  other network devices.  To intercept and
       process traffic on a given network device, use the add-if command to explicitly  add  that
       network device to the datapath.

       If ovs-vswitchd(8) is in use, use ovs-vsctl(8) instead of ovs-dpctl.

       Most  ovs-dpctl commands that work with datapaths take an argument that specifies the name
       of the datapath.  Datapath names take the form [type@]name,  where  name  is  the  network
       device  associated  with  the  datapath's  local port.  If type is given, it specifies the
       datapath provider of name, otherwise the default provider system is assumed.

       The following commands manage datapaths.

       add-dp dp [netdev[,option]...]
              Creates datapath dp, with a local port also named dp.  This will fail if a  network
              device dp already exists.

              If  netdevs  are  specified,  ovs-dpctl  adds  them to the new datapath, just as if
              add-if was specified.

       del-dp dp
              Deletes datapath dp.  If dp is  associated  with  any  network  devices,  they  are
              automatically removed.

       add-if dp netdev[,option]...
              Adds  each  netdev  to the set of network devices datapath dp monitors, where dp is
              the name of an existing datapath, and netdev is the  name  of  one  of  the  host's
              network  devices,  e.g.  eth0.  Once a network device has been added to a datapath,
              the datapath has complete ownership of the network device's traffic and the network
              device appears silent to the rest of the system.

              A  netdev  may  be  followed  by  a comma-separated list of options.  The following
              options are currently supported:

              type=type
                     Specifies the type of port to add.  The default type is system.

              port_no=port
                     Requests a specific port number within the datapath.  If this option is  not
                     specified then one will be automatically assigned.

              key=value
                     Adds an arbitrary key-value option to the port's configuration.

              ovs-vswitchd.conf.db(5) documents the available port types and options.

       set-if dp port[,option]...
              Reconfigures  each  port  in dp as specified.  An option of the form key=value adds
              the specified key-value option to the port or overrides an  existing  key's  value.
              An  option  of the form key=, that is, without a value, deletes the key-value named
              key.  The type and port number of a port cannot be changed, so type and port_no are
              only allowed if they match the existing configuration.

       del-if dp netdev...
              Removes each netdev from the list of network devices datapath dp monitors.

       dump-dps
              Prints the name of each configured datapath on a separate line.

       [-s | --statistics] show [dp...]
              Prints  a  summary  of configured datapaths, including their datapath numbers and a
              list of ports connected to each datapath.  (The local port is  identified  as  port
              0.)   If  -s  or  --statistics is specified, then packet and byte counters are also
              printed for each port.

              The datapath numbers consists of flow stats and mega flow mask stats.

              The "lookups" row  displays  three  stats  related  to  flow  lookup  triggered  by
              processing  incoming  packets  in  the  datapath.  "hit" displays number of packets
              matches existing flows. "missed" displays the number of packets  not  matching  any
              existing flow and require user space processing.  "lost" displays number of packets
              destined for user space process but subsequently dropped before reaching userspace.
              The  sum  of  "hit"  and  "miss"  equals  to  the  total number of packets datapath
              processed.

              The "flows" row displays the number of flows in datapath.

              The "masks" row displays the mega flow mask stats. This row is omitted for datapath
              not  implementing  mega  flow. "hit" displays the total number of masks visited for
              matching incoming packets. "total"  displays  number  of  masks  in  the  datapath.
              "hit/pkt"  displays  the  average  number  of  masks  visited per packet; the ratio
              between "hit" and total number of packets processed by the datapath".

              If one or more datapaths are specified, information on  only  those  datapaths  are
              displayed.    Otherwise,   ovs-dpctl  displays  information  about  all  configured
              datapaths.

   DATAPATH FLOW TABLE DEBUGGING COMMANDS
       The following commands are primarily useful for debugging Open vSwitch.   The  flow  table
       entries  (both  matches  and  actions)  that they work with are not OpenFlow flow entries.
       Instead, they are different and considerably simpler flows maintained by the Open  vSwitch
       kernel module.  Use ovs-ofctl(8), instead, to work with OpenFlow flow entries.

       The dp argument to each of these commands is optional when exactly one datapath exists, in
       which case that datapath is the default.  When multiple datapaths exist, then  a  datapath
       name is required.

       [-m | --more] dump-flows [dp] [filter=filter]
              Prints  to the console all flow entries in datapath dp's flow table.  Without -m or
              --more, output omits match fields that  a  flow  wildcards  entirely;  with  -m  or
              --more, output includes all wildcarded fields.

              If  filter=filter  is  specified,  only  displays  the flows that match the filter.
              filter is a flow in the form similiar to that accepted by  ovs-ofctl(8)'s  add-flow
              command.  (This  is  not  an  OpenFlow  flow:  besides  other differences, it never
              contains wildcards.)  The filter is also useful to match wildcarded fields  in  the
              datapath  flow. As an example, filter='tcp,tp_src=100' will match the datapath flow
              containing 'tcp(src=80/0xff00,dst=8080/0xff)'.

       add-flow [dp] flow actions

       [--clear] [--may-create] [-s | --statistics] mod-flow [dp] flow actions
              Adds or modifies a flow in dp's flow  table  that,  when  a  packet  matching  flow
              arrives, causes actions to be executed.

              The  add-flow  command  succeeds  only  if  flow  does  not  already  exist  in dp.
              Contrariwise, mod-flow without  --may-create  only  modifies  the  actions  for  an
              existing  flow.   With  --may-create,  mod-flow  will  add  a new flow or modify an
              existing one.

              If -s or --statistics is  specified,  then  mod-flow  prints  the  modified  flow's
              statistics.   A  flow's  statistics  are  the number of packets and bytes that have
              passed through the flow, the elapsed time since the flow last  processed  a  packet
              (if  ever),  and  (for  TCP flows) the union of the TCP flags processed through the
              flow.

              With --clear, mod-flow zeros out the flow's statistics.  The statistics printed  if
              -s  or  --statistics  is  also  specified  are  those from just before clearing the
              statistics.

       [-s | --statistics] del-flow [dp] flow
              Deletes the flow from dp's flow table that matches flow.  If -s or --statistics  is
              specified, then del-flow prints the deleted flow's statistics.

       get-flow [dp] ufid:ufid
              Fetches  the  flow  from dp's flow table with unique identifier ufid.  ufid must be
              specified as a string of 32 hexadecimal characters.

       del-flows [dp]
              Deletes all flow entries from datapath dp's flow table.

   CONNECTION TRACKING TABLE DEBUGGING COMMANDS
       The following commands are primarily useful for debugging the connection tracking  entries
       in the datapath.

       The dp argument to each of these commands is optional when exactly one datapath exists, in
       which case that datapath is the default.  When multiple datapaths exist, then  a  datapath
       name is required.

       N.B.(Linux  specific):  the  system  datapaths  (i.e. the Linux kernel module Open vSwitch
       datapaths) share a single connection tracking table (which is also used  by  other  kernel
       subsystems,  such  as  iptables,  nftables  and  the  regular host stack).  Therefore, the
       following commands do not apply specifically to one datapath.

       [-m | --more] [-s | --statistics] dump-conntrack [dp] [zone=zone]
              Prints to the console all the connection entries in the tracker  used  by  dp.   If
              zone=zone  is  specified,  only  shows  the connections in zone.  With --more, some
              implementation specific  details  are  included.  With  --statistics  timeouts  and
              timestamps are added to the output.

       flush-conntrack [dp] [zone=zone]
              Flushes  all  the  connection  entries  in the tracker used by dp.  If zone=zone is
              specified, only flushes the connections in zone.

OPTIONS

       -s
       --statistics
              Causes the show command to print packet and byte counters for each port within  the
              datapaths that it shows.

       -m
       --more Increases the verbosity of dump-flows output.

       -t
       --timeout=secs
              Limits  ovs-dpctl  runtime  to approximately secs seconds.  If the timeout expires,
              ovs-dpctl will exit with a SIGALRM signal.

       -v[spec]
       --verbose=[spec]
              Sets logging levels.  Without any spec, sets the log level  for  every  module  and
              destination  to  dbg.   Otherwise,  spec  is a list of words separated by spaces or
              commas or colons, up to one from each category below:

              ·      A valid module name, as displayed by the vlog/list command on ovs-appctl(8),
                     limits the log level change to the specified module.

              ·      syslog,  console,  or  file,  to  limit  the log level change to only to the
                     system log, to the console, or to a file,  respectively.   (If  --detach  is
                     specified, ovs-dpctl closes its standard file descriptors, so logging to the
                     console will have no effect.)

                     On Windows platform, syslog is accepted as a word and is only  useful  along
                     with the --syslog-target option (the word has no effect otherwise).

              ·      off,  emer,  err, warn, info, or dbg, to control the log level.  Messages of
                     the given severity or higher will be logged, and messages of lower  severity
                     will  be filtered out.  off filters out all messages.  See ovs-appctl(8) for
                     a definition of each log level.

              Case is not significant within spec.

              Regardless of the log levels set for file, logging to a file will  not  take  place
              unless --log-file is also specified (see below).

              For  compatibility with older versions of OVS, any is accepted as a word but has no
              effect.

       -v
       --verbose
              Sets the maximum logging verbosity level, equivalent to --verbose=dbg.

       -vPATTERN:destination:pattern
       --verbose=PATTERN:destination:pattern
              Sets the log pattern for destination to pattern.   Refer  to  ovs-appctl(8)  for  a
              description of the valid syntax for pattern.

       -vFACILITY:facility
       --verbose=FACILITY:facility
              Sets  the  RFC5424  facility of the log message. facility can be one of kern, user,
              mail, daemon, auth, syslog, lpr, news, uucp, clock, ftp, ntp, audit, alert, clock2,
              local0, local1, local2, local3, local4, local5, local6 or local7. If this option is
              not specified, daemon is used as the default for the local system syslog and local0
              is  used  while  sending  a  message to the target provided via the --syslog-target
              option.

       --log-file[=file]
              Enables logging to a file.  If file is specified, then it is used as the exact name
              for  the  log  file.   The  default  log  file  name  used  if  file  is omitted is
              /var/log/openvswitch/ovs-dpctl.log.

       --syslog-target=host:port
              Send syslog messages to UDP port on host, in addition to the  system  syslog.   The
              host must be a numerical IP address, not a hostname.

       --syslog-method=method
              Specify  method  how  syslog  messages  should be sent to syslog daemon.  Following
              forms are supported:

              ·      libc, use libc syslog() function.  This is the default  behavior.   Downside
                     of using this options is that libc adds fixed prefix to every message before
                     it is actually sent to the syslog daemon over /dev/log UNIX domain socket.

              ·      unix:file, use UNIX domain socket  directly.   It  is  possible  to  specify
                     arbitrary  message format with this option.  However, rsyslogd 8.9 and older
                     versions use hard coded parser  function  anyway  that  limits  UNIX  domain
                     socket use.  If you want to use arbitrary message format with older rsyslogd
                     versions, then use UDP socket to localhost IP address instead.

              ·      udp:ip:port, use UDP socket.   With  this  method  it  is  possible  to  use
                     arbitrary  message  format  also  with  older rsyslogd.  When sending syslog
                     messages over UDP socket extra precaution needs to be  taken  into  account,
                     for example, syslog daemon needs to be configured to listen on the specified
                     UDP port, accidental iptables rules could be interfering with  local  syslog
                     traffic  and  there  are  some  security  considerations  that  apply to UDP
                     sockets, but do not apply to UNIX domain sockets.

       -h
       --help Prints a brief help message to the console.

       -V
       --version
              Prints version information to the console.

SEE ALSO

       ovs-appctl(8), ovs-vswitchd(8)