[ovs-dev] [PATCH] ovn: Fix ACLs for child logical ports.

Justin Pettit jpettit at ovn.org
Fri Dec 11 01:51:39 UTC 2015


Thanks for fixing this.  It might be nice to include a comment such as the following since it's not super obvious from a quick look what's being added:

/* Add child logical port to the set of all local ports. */

Acked-by: Justin Pettit <jpettit at ovn.org>

I'd suggest cherry-picking this to "branch-2.5", too.

--Justin


> On Nov 17, 2015, at 2:00 PM, Russell Bryant <russell at ovn.org> wrote:
> 
> The physical input flows for child logical ports (for the
> container-in-a-VM use case, for example) did not set a conntrack zone
> ID.  The previous code only allocated a zone ID for local VIFs and
> missed doing it for child ports.
> 
> Signed-off-by: Russell Bryant <russell at ovn.org>
> ---
> ovn/controller/binding.c | 7 ++++++-
> 1 file changed, 6 insertions(+), 1 deletion(-)
> 
> diff --git a/ovn/controller/binding.c b/ovn/controller/binding.c
> index 7f31b31..89dca98 100644
> --- a/ovn/controller/binding.c
> +++ b/ovn/controller/binding.c
> @@ -144,7 +144,6 @@ binding_run(struct controller_ctx *ctx, const struct ovsrec_bridge *br_int,
>         /* We have no integration bridge, therefore no local logical ports.
>          * We'll remove our chassis from all port binding records below. */
>     }
> -    update_ct_zones(&lports, ct_zones, ct_zone_bitmap);
>     sset_clone(&all_lports, &lports);
> 
>     ovsdb_idl_txn_add_comment(
> @@ -155,6 +154,9 @@ binding_run(struct controller_ctx *ctx, const struct ovsrec_bridge *br_int,
>         if (sset_find_and_delete(&lports, binding_rec->logical_port) ||
>                 (binding_rec->parent_port && binding_rec->parent_port[0] &&
>                  sset_contains(&all_lports, binding_rec->parent_port))) {
> +            if (binding_rec->parent_port && binding_rec->parent_port[0]) {
> +                sset_add(&all_lports, binding_rec->logical_port);
> +            }
>             if (binding_rec->chassis == chassis_rec) {
>                 continue;
>             }
> @@ -173,6 +175,9 @@ binding_run(struct controller_ctx *ctx, const struct ovsrec_bridge *br_int,
>     SSET_FOR_EACH (name, &lports) {
>         VLOG_DBG("No port binding record for lport %s", name);
>     }
> +
> +    update_ct_zones(&all_lports, ct_zones, ct_zone_bitmap);
> +
>     sset_destroy(&lports);
>     sset_destroy(&all_lports);
> }
> -- 
> 2.5.0
> 




More information about the dev mailing list