Lines Matching full:flow
8 flow-level packet processing on selected network devices. It can be
10 VLAN processing, network access control, flow-based network control,
15 within a bridge). Each datapath also has associated with it a "flow
22 extracting its flow key and looking it up in the flow table. If there
23 is a matching flow, it executes the associated actions. If there is
25 its processing, userspace will likely set up a flow to handle further
29 Flow key compatibility
35 versions to parse additional protocols as part of the flow key. It
39 applications to work with any version of the flow key, past or future.
43 flow key that it parsed from the packet. Userspace then extracts its
44 own notion of a flow key from the packet and compares it against the
47 - If userspace's notion of the flow key for the packet matches the
50 - If the kernel's flow key includes more fields than the userspace
51 version of the flow key, for example if the kernel decoded IPv6
54 necessary. Userspace can still set up a flow in the usual way,
55 as long as it uses the kernel-provided flow key to do it.
57 - If the userspace flow key includes more fields than the
60 forward the packet manually, without setting up a flow in the
62 that the kernel considers part of the flow must go to userspace,
65 forwarding behavior, then it could set up a flow anyway.)
67 How flow keys evolve over time is important to making this work, so
71 Flow key format
74 A flow key is passed over a Netlink socket as a sequence of Netlink
83 flow key attributes. For informal explanatory purposes here, we write
85 and nesting. For example, the following could represent a flow key
97 Wildcarded flow key format
100 A wildcarded flow is described with two sequences of Netlink attributes
101 passed over the Netlink socket. A flow key, exactly as described above, and an
102 optional corresponding flow mask.
104 A wildcarded flow can represent a group of exact match flows. Each '1' bit
105 in the mask specifies a exact match with the corresponding bit in the flow key.
107 of a incoming packet. Using wildcarded flow can improve the flow set up rate
112 match flow, or reduce the number of don't care bits in the kernel to less than
114 that the kernel does not implement will simply result in additional flow setups.
116 nor supply flow mask attributes.
121 flow table (and therefore not attempt to determine wildcard changes at all)
126 identify the flow for all future operations. However, when reporting the
127 mask of an installed flow, the mask should include any restrictions imposed
132 can match at most one flow, wildcarded or not. The current implementation
137 Unique flow identifiers
141 flow identification is a unique flow identifier, or "UFID". UFIDs are optional
144 User space programs that support UFID are expected to provide it during flow
145 setup in addition to the flow, then refer to the flow using the UFID for all
147 flow key if a UFID is specified.
150 Basic rule for evolving flow keys
155 "Flow key compatibility" above.
160 New network protocol support must only supplement existing flow
162 flow key attributes.
169 packet. The flow key for any packet with an 802.1Q header would look
174 Naively, to add VLAN support, it makes sense to add a new "vlan" flow
178 flow key much like this::
183 has not been updated to understand the new "vlan" flow key attribute.
184 The application could, following the flow compatibility rules above,
186 assume that the flow contained IP packets. This is a bad assumption
187 (the flow only contains IP packets if one parses and skips over the
198 Notice how the "eth_type", "ip", and "tcp" flow key attributes are
219 header, so that the TCP header is missing. The flow key for this
227 after the Ethernet type. The flow key for this packet would include
236 Thus, the flow key in this second example unambiguously indicates a
242 The other rules for flow keys are much less subtle:
248 - When the kernel sends a given flow key to userspace, it always
250 compare entire flow keys that it may not be able to fully