流規則組成

每條流規則由一系列欄位組成，分為基本欄位、條件欄位和動作欄位三部分：

• 基本欄位包括生效時間duration_sec、所屬表項table_id、優先順序priority、處理的資料包數n_packets，空閒超時時間idle_timeout等，空閒超時時間idle_timeout以秒為單位，超過設定的空閒超時時間後該流規則將被自動刪除，空閒超時時間設定為0表示該流規則永不過期，idle_timeout將不包含於ovs-ofctl dump-flows brname的輸出中。

• 條件欄位包括輸入埠號in_port、源目的mac地址dl_src/dl_dst、源目的ip地址nw_src/nw_dst、資料包型別dl_type、網路層協議型別nw_proto等，可以為這些欄位的任意組合，但在網路分層結構中底層的欄位未給出確定值時上層的欄位不允許給確定值，即一條流規則中允許底層協議欄位指定為確定值，高層協議欄位指定為萬用字元(不指定即為匹配任何值)，而不允許高層協議欄位指定為確定值，而底層協議欄位卻為萬用字元(不指定即為匹配任何值)，否則，ovs-vswitchd 中的流規則將全部丟失，網路無法連線。

• 動作欄位包括正常轉發normal、定向到某交換機埠output：port、丟棄drop、更改源目的mac地址mod_dl_src/mod_dl_dst等，一條流規則可有多個動作，動作執行按指定的先後順序依次完成。

條件欄位介紹

in_port=port
Matches OpenFlow port port
dl_vlan=vlan
Matches IEEE 802.1q Virtual LAN tag vlan.
dl_vlan_pcp=priority
Matches IEEE 802.1q Priority Code Point (PCP) priority, which is specified as a value between 0 and 7, inclusive. A higher value indicates a higher frame priority level.
dl_src=xx:xx:xx:xx:xx:xx

dl_dst=xx:xx:xx:xx:xx:xx
Matches an Ethernet source (or destination) address specified as 6 pairs of hexadecimal digits delimited by colons (e.g. 00:0A:E4:25:6B:B0).
dl_src=xx:xx:xx:xx:xx:xx/xx:xx:xx:xx:xx:xx
dl_dst=xx:xx:xx:xx:xx:xx/xx:xx:xx:xx:xx:xx
Matches an Ethernet destination address specified as 6 pairs of hexadecimal digits delimited by colons (e.g. 00:0A:E4:25:6B:B0), with a wildcard mask following the slash.
01:00:00:00:00:00 Match only the multicast bit. Thus, dl_dst=01:00:00:00:00:00/01:00:00:00:00:00 matches all multicast (including broadcast) Ethernet packets, and dl_dst=00:00:00:00:00:00/01:00:00:00:00:00 matches all unicast Ethernet packets.
ff:ff:ff:ff:ff:ff Exact match (equivalent to omitting the mask).
00:00:00:00:00:00 Wildcard all bits (equivalent to dl_dst=*.)
dl_type=ethertype
Matches Ethernet protocol type ethertype, which is specified as an integer between 0 and 65535
nw_src=ip[/netmask]
nw_dst=ip[/netmask]
When dl_type is 0x0800 (possibly via shorthand, e.g. ip or tcp), matches IPv4 source (or destination) address ip, which may be specified as an IP address or host name
When dl_type=0x0806 or arp is specified, matches the ar_spa or ar_tpa field, respectively, in
ARP packets for IPv4 and Ethernet.
When dl_type=0x8035 or rarp is specified, matches the ar_spa or ar_tpa field, respectively, in
RARP packets for IPv4 and Ethernet.
nw_proto=proto
When ip or dl_type=0x0800 is specified, matches IP protocol type proto, which is specified as a decimal number between 0 and 255, inclusive (e.g. 1 to match ICMP packets or 6 to match TCP packets).
When ipv6 or dl_type=0x86dd is specified, matches IPv6 header type proto, which is specified as a decimal number between 0 and 255, inclusive (e.g. 58 to match ICMPv6 packets or 6 to match TCP).
When arp or dl_type=0x0806 is specified, matches the lower 8 bits of the ARP opcode.
When rarp or dl_type=0x8035 is specified, matches the lower 8 bits of the ARP opcode.
nw_tos=tos
Matches IP ToS/DSCP or IPv6 traffic class field tos, which is specified as a decimal number between 0 and 255, inclusive.
nw_ecn=ecn
Matches ecn bits in IP ToS or IPv6 traffic class fields, which is specified as a decimal number between 0 and 3, inclusive.
nw_ttl=ttl
Matches IP TTL or IPv6 hop limit value ttl, which is specified as a decimal number between 0 and 255, inclusive.
tp_src=port
tp_dst=port
When dl_type and nw_proto specify TCP or UDP, tp_src and tp_dst match the UDP or TCP source or destination port port
icmp_type=type
icmp_code=code
When dl_type and nw_proto specify ICMP or ICMPv6, type matches the ICMP type and code matches the ICMP code.
table=number
If specified, limits the flow manipulation and flow dump commands to only apply to the table with the given number between 0 and 254.
vlan_tci=tci[/mask]
Matches modified VLAN TCI tci. If mask is omitted, tci is the exact VLAN TCI to match; if mask is specified, then a 1-bit in mask indicates that the corresponding bit in tci must match exactly, and a 0-bit wildcards that bit.
ip_frag=frag_type
When dl_type specifies IP or IPv6, frag_type specifies what kind of IP fragments or non-fragments to match.
The following values of frag_type are supported:
no Matches only non-fragmented packets.
yes Matches all fragments.
first Matches only fragments with offset 0.
later Matches only fragments with nonzero offset.
not_later Matches non-fragmented packets and fragments with zero offset.
arp_sha=xx:xx:xx:xx:xx:xx
arp_tha=xx:xx:xx:xx:xx:xx
When dl_type specifies either ARP or RARP, arp_sha and arp_tha match the source and target hardware address, respectively.
tun_id=tunnel-id[/mask]
Matches tunnel identifier tunnel-id. Only packets that arrive over a tunnel that carries a key (e.g. GRE with the RFC 2890 key extension and a nonzero key value) will have a nonzero tunnel ID.

動作欄位介紹

output:port
Outputs the packet to port
output:src[start..end]
Outputs the packet to the OpenFlow port number read from src, which must be an NXM field as described above. For example, output:NXM_NX_REG0[16..31] outputs to the OpenFlow port number written in the upper half of register 0.
enqueue:port:queue
Enqueues the packet on the specified queue within port port
normal
Subjects the packet to the device’s normal L2/L3 processing.
flood
Outputs the packet on all switch physical ports other than the port on which it was received and any ports on which flooding is disabled
all
Outputs the packet on all switch physical ports other than the port on which it was received.
controller(key=value…)
Sends the packet to the OpenFlow controller as a ‘‘packet in’’ message. The supported key-value pairs are:
max_len=nbytes : Limit to nbytes the number of bytes of the packet to send to the controller. By default the entire packet is sent.
reason=reason: Specify reason as the reason for sending the message in the ‘‘packet in’’ message. The supported reasons are action (the default), no_match, and invalid_ttl.
id=controller-id : Specify controller-id
in_port
Outputs the packet on the port from which it was received.
drop
Discards the packet, so no further processing or forwarding takes place.
mod_vlan_vid:vlan_vid
Modifies the VLAN id on a packet.
mod_vlan_pcp:vlan_pcp
Modifies the VLAN priority on a packet.
strip_vlan
Strips the VLAN tag from a packet if it is present.
push_vlan:ethertype
Push a new VLAN tag onto the packet.
push_mpls:ethertype
If the packet does not already contain any MPLS labels, changes the packet’s Ethertype to ethertype, which must be either the MPLS unicast Ethertype 0x8847 or the MPLS multicast Ethertype 0x8848, and then pushes an initial label stack entry.
pop_mpls:ethertype
Strips the outermost MPLS label stack entry.
mod_dl_src:mac
Sets the source Ethernet address to mac.
mod_dl_dst:mac
Sets the destination Ethernet address to mac.
mod_nw_src:ip
Sets the IPv4 source address to ip.
mod_nw_dst:ip
Sets the IPv4 destination address to ip.
mod_tp_src:port
Sets the TCP or UDP source port to port.
mod_tp_dst:port
Sets the TCP or UDP destination port to port.
mod_nw_tos:tos
Sets the IPv4 ToS/DSCP field to tos, which must be a multiple of 4 between 0 and 255.
resubmit([port],[table])
Re-searches this OpenFlow flow table (or the table whose number is specified by table) with the in_port field replaced by port (if port is specified)
set_tunnel:id
set_tunnel64:id
If outputting to a port that encapsulates the packet in a tunnel and supports an identifier (such as GRE), sets the identifier to id.
set_queue:queue
Sets the queue that should be used to queue when packets are output.
pop_queue
Restores the queue to the value it was before any set_queue actions were applied.
dec_ttl
dec_ttl[(id1,id2)]
Decrement TTL of IPv4 packet or hop limit of IPv6 packet.
set_mpls_ttl:ttl
Set the TTL of the outer MPLS label stack entry of a packet. ttl should be in the range 0 to 255 inclusive.
dec_mpls_ttl
Decrement TTL of the outer MPLS label stack entry of a packet.
move:src[start..end]−>dst[start..end]
Copies the named bits from field src to field dst. src and dst must be NXM field names as defined in nicira−ext.h, e.g. NXM_OF_UDP_SRC or NXM_NX_REG0.
Examples: move:NXM_NX_REG0[0..5]−>NXM_NX_REG1[26..31] copies the six bits numbered 0 through 5, inclusive, in register 0 into bits 26 through 31, inclusive; move:NXM_NX_REG0[0..15]−>NXM_OF_VLAN_TCI[] copies the least significant 16 bits of register 0 into the VLAN TCI field.
load:value−>dst[start..end]
Writes value to bits start through end, inclusive, in field dst.
Example: load:55−>NXM_NX_REG2[0..5] loads value 55 (bit pattern 110111) into bits 0 through 5, inclusive, in register 2.
push:src[start..end]
Pushes start to end bits inclusive, in fields on top of the stack.
Example: push:NXM_NX_REG2[0..5] push the value stored in register 2 bits 0 through 5, inclusive, on to the internal stack.
pop:dst[start..end]
Pops from the top of the stack, retrieves the start to end bits inclusive, from the value popped and store them into the corresponding bits in dst.
Example: pop:NXM_NX_REG2[0..5] pops the value from top of the stack. Set register 2 bits 0 through 5, inclusive, based on bits 0 through 5 from the value just popped.
set_field:value−>dst
Writes the literal value into the field dst, which should be specified as a name used for matching.
Example: set_field:fe80:0123:4567:890a:a6ba:dbff:fefe:59fa−>ipv6_src
learn(argument[,argument]…)
This action adds or modifies a flow in an OpenFlow table, similar to ovs−ofctl −−strict mod−flows. The arguments specify the flow’s match fields, actions, and other properties, as follows
idle_timeout=seconds
hard_timeout=seconds
priority=value
These key-value pairs have the same meaning as in the usual ovs−ofctl flow syntax.
fin_idle_timeout=seconds
fin_hard_timeout=seconds
Adds a fin_timeout action with the specified arguments to the new flow.
table=number
The table in which the new flow should be inserted. Specify a decimal number between 0 and 254. The default, if table is unspecified, is table 1.
field=value
field[start..end]=src[start..end]
field[start..end]
Adds a match criterion to the new flow.
load:value−>dst[start..end]
load:src[start..end]−>dst[start..end]
Adds a load action to the new flow.
output:field[start..end]
Add an output action to the new flow’s actions, that outputs to the OpenFlow port taken from field[start..end], which must be an NXM field as described above.