[ovs-dev] [PATCH v6 0/1] ovn: Apply ACL changes to existing connections.
Ben Pfaff
blp at ovn.org
Sun Jul 3 18:40:18 UTC 2016
On Thu, Jun 30, 2016 at 04:14:04PM -0400, Russell Bryant wrote:
> Prior to this commit, once a connection had been committed to the
> connection tracker, the connection would continue to be allowed, even
> if the policy defined in the ACL table changed. This patch changes
> the implementation so that existing connections are affected by policy
> changes.
>
> The implementation is based on the suggested approach in this mailing
> list thread:
>
> http://openvswitch.org/pipermail/dev/2016-February/065716.html
>
> The implementation is covered in much more detail in the commit message
> for patch 3, as well as code comments and doc updates.
>
> v1->v2:
> - Address issue pointed out by Han Zhou where removing and then re-creating
> an ACL did not allow an established connection to continue. The changes
> are in patch 3.
> v2->v3:
> - rebase and resolve conflicts with master.
> - Use ct_label instead of ct_mark.
> - patch 1: add ACK from han, otherwise unchanged
> - patch 2: add support for setting ct_label. v2 only included ct_mark.
> I did not include Han's ACK here because the changes were non trivial.
> - patch 3: add ACK from han. The rest of the changes are trivial
> replacement of ct_mark with ct_label.
> v3->v4:
> - Added tests for additions to the ct_commit() logical flow action.
> - Simplified ct_commit() logical flow action additions as suggested by Ben.
> - Lots of doc cleanup as suggested by Justin.
> v4->v5:
> - Rebase.
> - Support a mask for the value of ct_mark or ct_label in the ct_commit() action.
> - Update ovn-northd to explicitly specify that it is only setting 1 bit
> of ct_label.
> - This version now has all the changes requested by Justin Pettit, so is
> ready for his review.
> v5->v6:
> - Applied patch 1/2 in v5 with minor updates.
> - Rebase final patch.
This seems to have multiple acks, do you want particular review of some
part of it?
More information about the dev
mailing list