Add tunnel key support to CAPWAP vport. Uses the optional WSI field in a CAPWAP header to store a 64bit key. It can also be used without keys, in which case it is backward compatible with the old code. Documentation about the WSI field format is in CAPWAP.txt.
more capwap fixes Signed-off-by: Valient Gough <vgo...@pobox.com> --- datapath/CAPWAP.txt | 80 +++++++++++++++++ datapath/Makefile.am | 2 +- datapath/Modules.mk | 4 + datapath/vport-capwap.c | 218 ++++++++++++++++++++++++++++++++++++++--------- lib/netdev-vport.c | 12 +-- vswitchd/vswitch.xml | 26 ++++++ 6 files changed, 294 insertions(+), 48 deletions(-) create mode 100644 datapath/CAPWAP.txt diff --git a/datapath/CAPWAP.txt b/datapath/CAPWAP.txt new file mode 100644 index 0000000..151ad59 --- /dev/null +++ b/datapath/CAPWAP.txt @@ -0,0 +1,80 @@ + +References: +* http://www.rfc-editor.org/rfc/rfc5415.txt + + +The CAPWAP header layout is summarized as follows: + + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + |CAPWAP Preamble| HLEN | RID | WBID |T|F|L|W|M|K|Flags| + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Fragment ID | Frag Offset |Rsvd | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | (optional) Radio MAC Address | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | (optional) Wireless Specific Information | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Payload .... | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + +The spec defines an optional Wireless Specific Information field which can be +used to pass arbitrary data in the encapsulation layer: + + Wireless Specific Information: This optional field may be used to carry + per-packet information. This field is only present if the + 'W' bit is set. The WBID field in the CAPWAP Header is used to + identify the format of the WSI optional field. The HLEN field assumes + 4-byte alignment, and this field MUST be padded with zeroes (0x00) if it + is not 4-byte aligned. + + The Wireless-Specific Information field uses the following format: + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Length | Data... + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + Length: The 8-bit field contains the length of the data field, + with a maximum size of 255. + + Data: Wireless-specific information, defined by the wireless- + specific binding specified in the CAPWAP Header's WBID field. + + + WBID: A 5-bit field that is the wireless binding identifier. The + identifier will indicate the type of wireless packet associated + with the radio. The following values are defined: + + 0 - Reserved + 1 - IEEE 802.11 + 2 - Reserved + 3 - EPCGlobal [EPCGlobal] + + When Open vSwitch uses this field, it writes the value: + 30 - Open vSwitch data + + +Open vSwitch can make use of this field to pass additional packet routing +information. When needed, it sets the 'W' bit to indicates the WSI field is +added, and fills the field as follows: + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | WSI_LEN |K| Flags | Reserved | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | (optional) 64bit Tunnel Key | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + K - flag bit to identify presence of a 64bit tunnel key. + + +Adding WSI fields: Fields must be written and read in consitent order. New +fields may be added, but the existing fields always come first. + + + diff --git a/datapath/Makefile.am b/datapath/Makefile.am index e1bd3e6..fb1453c 100644 --- a/datapath/Makefile.am +++ b/datapath/Makefile.am @@ -3,7 +3,7 @@ if LINUX_ENABLED SUBDIRS += linux endif -EXTRA_DIST = $(dist_headers) $(dist_sources) +EXTRA_DIST = $(dist_headers) $(dist_sources) $(dist_extras) # Suppress warnings about GNU extensions in Modules.mk files. AUTOMAKE_OPTIONS = -Wno-portability diff --git a/datapath/Modules.mk b/datapath/Modules.mk index 587569f..894c41d 100644 --- a/datapath/Modules.mk +++ b/datapath/Modules.mk @@ -45,8 +45,12 @@ openvswitch_headers = \ vport-internal_dev.h \ vport-netdev.h +openvswitch_extras = \ + CAPWAP.txt + dist_sources = $(foreach module,$(dist_modules),$($(module)_sources)) dist_headers = $(foreach module,$(dist_modules),$($(module)_headers)) +dist_extras = $(foreach module,$(dist_modules),$($(module)_extras)) build_sources = $(foreach module,$(build_modules),$($(module)_sources)) build_headers = $(foreach module,$(build_modules),$($(module)_headers)) build_links = $(notdir $(build_sources)) diff --git a/datapath/vport-capwap.c b/datapath/vport-capwap.c index f0bb327..d136a67 100644 --- a/datapath/vport-capwap.c +++ b/datapath/vport-capwap.c @@ -42,21 +42,55 @@ * statically create them and we can do very fast parsing by checking all 12 * fields in one go. */ -#define CAPWAP_BEGIN_HLEN __cpu_to_be32(0x00100000) -#define CAPWAP_BEGIN_WBID __cpu_to_be32(0x00000200) #define CAPWAP_BEGIN_FRAG __cpu_to_be32(0x00000080) -#define CAPWAP_BEGIN_LAST __cpu_to_be32(0x00000040) +#define CAPWAP_BEGIN_FRAG_LAST __cpu_to_be32(0x00000040) +#define CAPWAP_BEGIN_HLEN_2 __cpu_to_be32(0x00100000) +#define CAPWAP_BEGIN_HLEN_5 __cpu_to_be32(0x00280000) + +/* Old capwap code is hard-coded to look for a WBID value of 2. + * When we insert WSI field, use WBID value of 30, which has been + * proposed for all "experimental" usage - users with no reserved WBID value + * of their own. +*/ +#define CAPWAP_WBID_30 __cpu_to_be32(0x00003C00) +#define CAPWAP_WBID_2 __cpu_to_be32(0x00000200) +#define CAPWAP_WBID_MASK __cpu_to_be32(0x00003E00) -#define NO_FRAG_HDR (CAPWAP_BEGIN_HLEN | CAPWAP_BEGIN_WBID) -#define FRAG_HDR (NO_FRAG_HDR | CAPWAP_BEGIN_FRAG) -#define FRAG_LAST_HDR (FRAG_HDR | CAPWAP_BEGIN_LAST) +/* + * CAPWAP allows an optional 'Wireless Specific Information' field, which is + * length prefixed and can contain any data. If keys are configured for the + * vport, then the key will be placed in the WSI field and recovered by the + * receiver. + */ +#define CAPWAP_FLAG_WSI __cpu_to_be32(0x00000020) +#define FRAG_HDR (CAPWAP_BEGIN_FRAG) +#define FRAG_LAST_HDR (FRAG_HDR | CAPWAP_BEGIN_FRAG_LAST) + struct capwaphdr { __be32 begin; __be16 frag_id; + /* low 3 bits of frag_off are reserved */ __be16 frag_off; }; +/* + * We use the WSI field to hold additional tunnel data. + * The first eight bits store the size of the wsi data in bytes. + */ +struct capwaphdr_wsi { + u8 wsi_len; + u8 flags; + __be16 reserved_padding; +}; + +struct capwaphdr_wsi_key { + __be64 key; +}; + +/* Flag indicating a 64bit key is stored in WSI data field */ +#define CAPWAP_WSI_FLAG_KEY64 0x80 + static inline struct capwaphdr *capwap_hdr(const struct sk_buff *skb) { return (struct capwaphdr *)(udp_hdr(skb) + 1); @@ -70,7 +104,11 @@ static inline struct capwaphdr *capwap_hdr(const struct sk_buff *skb) */ #define FRAG_OFF_MASK (~0x7U) -#define CAPWAP_HLEN (sizeof(struct udphdr) + sizeof(struct capwaphdr)) +/* + * The minimum header length. The header may be longer if the optional + * WSI field is used. + */ +#define CAPWAP_MIN_HLEN (sizeof(struct udphdr) + sizeof(struct capwaphdr)) struct frag_match { __be32 saddr; @@ -89,7 +127,7 @@ struct frag_skb_cb { #define FRAG_CB(skb) ((struct frag_skb_cb *)(skb)->cb) static struct sk_buff *fragment(struct sk_buff *, const struct vport *, - struct dst_entry *); + struct dst_entry *dst, const struct tnl_mutable_config *mutable); static void defrag_init(void); static void defrag_exit(void); static struct sk_buff *defrag(struct sk_buff *, bool frag_last); @@ -117,18 +155,19 @@ static struct socket *capwap_rcv_socket; static int capwap_hdr_len(const struct tnl_mutable_config *mutable) { + int size = CAPWAP_MIN_HLEN; + /* CAPWAP has no checksums. */ if (mutable->flags & TNL_F_CSUM) return -EINVAL; - /* CAPWAP has no keys, so check that the configuration for keys is the - * default if no key-specific attributes are used. - */ - if ((mutable->flags & (TNL_F_IN_KEY_MATCH | TNL_F_OUT_KEY_ACTION)) != - (TNL_F_IN_KEY_MATCH | TNL_F_OUT_KEY_ACTION)) - return -EINVAL; + /* if keys are specified, then add WSI field */ + if (mutable->out_key || (mutable->flags & TNL_F_OUT_KEY_ACTION)) { + size += sizeof(struct capwaphdr_wsi) + + sizeof(struct capwaphdr_wsi_key); + } - return CAPWAP_HLEN; + return size; } static void capwap_build_header(const struct vport *vport, @@ -142,9 +181,36 @@ static void capwap_build_header(const struct vport *vport, udph->dest = htons(CAPWAP_DST_PORT); udph->check = 0; - cwh->begin = NO_FRAG_HDR; + cwh->begin = 0; cwh->frag_id = 0; cwh->frag_off = 0; + + if (mutable->out_key || (mutable->flags & TNL_F_OUT_KEY_ACTION)) { + struct capwaphdr_wsi *wsi = (struct capwaphdr_wsi *)(cwh + 1); + + cwh->begin |= CAPWAP_FLAG_WSI | CAPWAP_WBID_30; + + wsi->wsi_len = sizeof(struct capwaphdr_wsi) - 1; + wsi->flags = 0; + wsi->reserved_padding = 0; + + if (mutable->out_key) { + struct capwaphdr_wsi_key *opt = (struct capwaphdr_wsi_key *)(wsi + 1); + opt->key = mutable->out_key; + + wsi->wsi_len += sizeof(struct capwaphdr_wsi_key); + wsi->flags |= CAPWAP_WSI_FLAG_KEY64; + } else { + /* space left intentionally blank, to be filled in + by capwap_update_header */ + } + + /* set hlen field, easy since we only support 1 option. */ + cwh->begin |= CAPWAP_BEGIN_HLEN_5; + } else { + /* make packet readable by old capwap code */ + cwh->begin |= CAPWAP_WBID_2 | CAPWAP_BEGIN_HLEN_2; + } } static struct sk_buff *capwap_update_header(const struct vport *vport, @@ -154,10 +220,21 @@ static struct sk_buff *capwap_update_header(const struct vport *vport, { struct udphdr *udph = udp_hdr(skb); + if (mutable->flags & TNL_F_OUT_KEY_ACTION) { + /* first field in WSI is key */ + struct capwaphdr *cwh = (struct capwaphdr *)(udph + 1); + struct capwaphdr_wsi *wsi = (struct capwaphdr_wsi *)(cwh + 1); + struct capwaphdr_wsi_key *key = (struct capwaphdr_wsi_key *)(wsi + 1); + + wsi->wsi_len += sizeof(struct capwaphdr_wsi_key); + wsi->flags |= CAPWAP_WSI_FLAG_KEY64; + key->key = OVS_CB(skb)->tun_id; + } + udph->len = htons(skb->len - skb_transport_offset(skb)); if (unlikely(skb->len - skb_network_offset(skb) > dst_mtu(dst))) - skb = fragment(skb, vport, dst); + skb = fragment(skb, vport, dst, mutable); return skb; } @@ -166,19 +243,39 @@ static inline struct sk_buff *process_capwap_proto(struct sk_buff *skb) { struct capwaphdr *cwh = capwap_hdr(skb); - if (likely(cwh->begin == NO_FRAG_HDR)) + if (likely((cwh->begin & CAPWAP_BEGIN_FRAG) == 0)) return skb; - else if (cwh->begin == FRAG_HDR) - return defrag(skb, false); - else if (cwh->begin == FRAG_LAST_HDR) - return defrag(skb, true); else { - if (net_ratelimit()) - pr_warn("unparsable packet receive on capwap socket\n"); + bool last_frag = (cwh->begin & CAPWAP_BEGIN_FRAG_LAST); + return defrag(skb, last_frag); + } +} - kfree_skb(skb); - return NULL; +static int process_capwap_wsi(struct sk_buff *skb, __be64 *key) +{ + struct capwaphdr *cwh = capwap_hdr(skb); + struct capwaphdr_wsi *wsi; + int min_wsi_len = sizeof(struct capwaphdr_wsi); + int wsi_len; + + /* ensure we have at least a minimal wsi header */ + if (unlikely(!pskb_may_pull(skb, ETH_HLEN + CAPWAP_MIN_HLEN + min_wsi_len))) + return 0; + + /* read wsi header to find out how big it really is */ + wsi = (struct capwaphdr_wsi *)(cwh + 1); + wsi_len = 1 + (unsigned int)wsi->wsi_len; + if (unlikely(!pskb_may_pull(skb, ETH_HLEN + CAPWAP_MIN_HLEN + wsi_len))) + return 0; + + /* parse wsi field */ + if ((wsi->flags & CAPWAP_WSI_FLAG_KEY64) && + (wsi_len > sizeof(struct capwaphdr_wsi_key))) { + struct capwaphdr_wsi_key *opt = (struct capwaphdr_wsi_key *)(wsi + 1); + *key = opt->key; } + + return 1; } /* Called with rcu_read_lock and BH disabled. */ @@ -187,25 +284,44 @@ static int capwap_rcv(struct sock *sk, struct sk_buff *skb) struct vport *vport; const struct tnl_mutable_config *mutable; struct iphdr *iph; + struct capwaphdr *cwh; + int hdr_len = CAPWAP_MIN_HLEN; + __be64 key = 0; - if (unlikely(!pskb_may_pull(skb, CAPWAP_HLEN + ETH_HLEN))) + if (unlikely(!pskb_may_pull(skb, hdr_len + ETH_HLEN))) goto error; - __skb_pull(skb, CAPWAP_HLEN); - skb_postpull_rcsum(skb, skb_transport_header(skb), CAPWAP_HLEN + ETH_HLEN); - skb = process_capwap_proto(skb); if (unlikely(!skb)) goto out; iph = ip_hdr(skb); - vport = tnl_find_port(iph->daddr, iph->saddr, 0, - TNL_T_PROTO_CAPWAP | TNL_T_KEY_EXACT, &mutable); + cwh = capwap_hdr(skb); + if (cwh->begin & CAPWAP_FLAG_WSI && ( + cwh->begin & CAPWAP_WBID_MASK) == CAPWAP_WBID_30) { + + if (likely(process_capwap_wsi(skb, &key))) { + struct capwaphdr_wsi *wsi = (struct capwaphdr_wsi *)(cwh + 1); + hdr_len += 1 + (unsigned int)wsi->wsi_len; + } else + goto error; + } + + vport = tnl_find_port(iph->daddr, iph->saddr, key, + TNL_T_PROTO_CAPWAP | TNL_T_KEY_EITHER, &mutable); if (unlikely(!vport)) { icmp_send(skb, ICMP_DEST_UNREACH, ICMP_PORT_UNREACH, 0); goto error; } + if (mutable->flags & TNL_F_IN_KEY_MATCH) + OVS_CB(skb)->tun_id = key; + else + OVS_CB(skb)->tun_id = 0; + + __skb_pull(skb, hdr_len); + skb_postpull_rcsum(skb, skb_transport_header(skb), hdr_len + ETH_HLEN); + tnl_rcv(vport, skb, iph->tos); goto out; @@ -290,10 +406,11 @@ static void copy_skb_metadata(struct sk_buff *from, struct sk_buff *to) } static struct sk_buff *fragment(struct sk_buff *skb, const struct vport *vport, - struct dst_entry *dst) + struct dst_entry *dst, const struct tnl_mutable_config *mutable) { struct tnl_vport *tnl_vport = tnl_vport_priv(vport); - unsigned int hlen = skb_transport_offset(skb) + CAPWAP_HLEN; + unsigned int capwap_len = capwap_hdr_len(mutable); + unsigned int hlen = skb_transport_offset(skb) + capwap_len; unsigned int headroom; unsigned int max_frame_len = dst_mtu(dst) + skb_network_offset(skb); struct sk_buff *result = NULL, *list_cur = NULL; @@ -301,6 +418,11 @@ static struct sk_buff *fragment(struct sk_buff *skb, const struct vport *vport, unsigned int offset; __be16 frag_id; + if (unlikely(capwap_len <= 0)) { + pr_warn("invalid capwap header length: %d", capwap_len); + goto error; + } + if (hlen + ~FRAG_OFF_MASK + 1 > max_frame_len) { if (net_ratelimit()) pr_warn("capwap link mtu (%d) is less than minimum packet (%d)\n", @@ -352,9 +474,9 @@ static struct sk_buff *fragment(struct sk_buff *skb, const struct vport *vport, cwh = capwap_hdr(skb2); if (remaining > frag_size) - cwh->begin = FRAG_HDR; + cwh->begin |= FRAG_HDR; else - cwh->begin = FRAG_LAST_HDR; + cwh->begin |= FRAG_LAST_HDR; cwh->frag_id = frag_id; cwh->frag_off = htons(offset); @@ -406,6 +528,7 @@ static struct frag_queue *queue_find(struct frag_match *match) return ifq_cast(ifq); } +/* FIXME: fragment reassembly is broken */ static struct sk_buff *frag_reasm(struct frag_queue *fq, struct net_device *dev) { struct sk_buff *head = fq->ifq.fragments; @@ -473,6 +596,7 @@ static struct sk_buff *frag_reasm(struct frag_queue *fq, struct net_device *dev) return head; } +/* FIXME: fragment reassembly is broken */ static struct sk_buff *frag_queue(struct frag_queue *fq, struct sk_buff *skb, u16 offset, bool frag_last) { @@ -487,6 +611,7 @@ static struct sk_buff *frag_queue(struct frag_queue *fq, struct sk_buff *skb, goto error; end = offset + skb->len; + pr_warn("offset = %d, skb->len = %d\n", offset, skb->len); if (frag_last) { /* @@ -498,18 +623,23 @@ static struct sk_buff *frag_queue(struct frag_queue *fq, struct sk_buff *skb, fq->ifq.last_in |= INET_FRAG_LAST_IN; fq->ifq.len = end; + pr_warn("recevied last fragment, len = %d\n", end); } else { /* Fragments should align to 8 byte chunks. */ - if (end & ~FRAG_OFF_MASK) + if (end & ~FRAG_OFF_MASK) { + pr_warn("!end alignment\n"); goto error; + } if (end > fq->ifq.len) { /* * Shouldn't have data past the end, if we already * have one. */ - if (fq->ifq.last_in & INET_FRAG_LAST_IN) + if (fq->ifq.last_in & INET_FRAG_LAST_IN) { + pr_warn("data past end\n"); goto error; + } fq->ifq.len = end; } @@ -527,12 +657,16 @@ static struct sk_buff *frag_queue(struct frag_queue *fq, struct sk_buff *skb, * Overlapping fragments aren't allowed. We shouldn't start before * the end of the previous fragment. */ - if (prev && FRAG_CB(prev)->offset + prev->len > offset) + if (prev && FRAG_CB(prev)->offset + prev->len > offset) { + pr_warn("overlapping fragments\n"); goto error; + } /* We also shouldn't end after the beginning of the next fragment. */ - if (next && end > FRAG_CB(next)->offset) + if (next && end > FRAG_CB(next)->offset) { + pr_warn("end after beginning\n"); goto error; + } FRAG_CB(skb)->offset = offset; @@ -552,6 +686,9 @@ static struct sk_buff *frag_queue(struct frag_queue *fq, struct sk_buff *skb, if (offset == 0) fq->ifq.last_in |= INET_FRAG_FIRST_IN; + pr_warn("last_in = %d\n", fq->ifq.last_in); + pr_warn("meat = %d, ifq.len = %d\n", fq->ifq.meat, fq->ifq.len); + /* If we have all fragments do reassembly. */ if (fq->ifq.last_in == (INET_FRAG_FIRST_IN | INET_FRAG_LAST_IN) && fq->ifq.meat == fq->ifq.len) @@ -561,6 +698,7 @@ static struct sk_buff *frag_queue(struct frag_queue *fq, struct sk_buff *skb, list_move_tail(&fq->ifq.lru_list, &fq->ifq.net->lru_list); write_unlock(&frag_state.lock); + pr_warn("don't have all fragments\n"); return NULL; error: diff --git a/lib/netdev-vport.c b/lib/netdev-vport.c index b9c1bfe..9ca636d 100644 --- a/lib/netdev-vport.c +++ b/lib/netdev-vport.c @@ -668,9 +668,9 @@ parse_tunnel_config(const char *name, const char *type, || !strcmp(node->name, "private_key") || !strcmp(node->name, "use_ssl_cert"))) { /* Ignore options not used by the netdev. */ - } else if (is_gre && (!strcmp(node->name, "key") || - !strcmp(node->name, "in_key") || - !strcmp(node->name, "out_key"))) { + } else if (!strcmp(node->name, "key") || + !strcmp(node->name, "in_key") || + !strcmp(node->name, "out_key")) { /* Handled separately below. */ } else { VLOG_WARN("%s: unknown %s argument '%s'", name, type, node->name); @@ -700,10 +700,8 @@ parse_tunnel_config(const char *name, const char *type, } } - if (is_gre) { - set_key(args, "in_key", ODP_TUNNEL_ATTR_IN_KEY, options); - set_key(args, "out_key", ODP_TUNNEL_ATTR_OUT_KEY, options); - } + set_key(args, "in_key", ODP_TUNNEL_ATTR_IN_KEY, options); + set_key(args, "out_key", ODP_TUNNEL_ATTR_OUT_KEY, options); if (!daddr) { VLOG_ERR("%s: %s type requires valid 'remote_ip' argument", diff --git a/vswitchd/vswitch.xml b/vswitchd/vswitch.xml index 6199938..5f74e84 100644 --- a/vswitchd/vswitch.xml +++ b/vswitchd/vswitch.xml @@ -1056,6 +1056,32 @@ Default is the system default TTL.</dd> </dl> <dl> + <dt><code>in_key</code></dt> + <dd>Optional. The WSI key that received packets must contain. + It may either be a 64-bit number (no key and a key of 0 are + treated as equivalent) or the word <code>flow</code>. If + <code>flow</code> is specified then any key will be accepted + and the key will be placed in the <code>tun_id</code> field + for matching in the flow table. The ovs-ofctl manual page + contains additional information about matching fields in + OpenFlow flows. Default is no key.</dd> + </dl> + <dl> + <dt><code>out_key</code></dt> + <dd>Optional. The WSI key to be set on outgoing packets. It may + either be a 64-bit number or the word <code>flow</code>. If + <code>flow</code> is specified then the key may be set using + the <code>set_tunnel</code> Nicira OpenFlow vendor extension (0 + is used in the absence of an action). The ovs-ofctl manual + page contains additional information about the Nicira OpenFlow + vendor extensions. Default is no key.</dd> + </dl> + <dl> + <dt><code>key</code></dt> + <dd>Optional. Shorthand to set <code>in_key</code> and + <code>out_key</code> at the same time.</dd> + </dl> + <dl> <dt><code>df_inherit</code></dt> <dd>Optional. If enabled, the Don't Fragment bit will be copied from the inner IP headers (those of the encapsulated traffic) -- 1.7.6 _______________________________________________ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
