[ovs-dev] [PATCH v2 0/3] ovn: Apply ACL changes to existing connections.
Russell Bryant
russell at ovn.org
Sun Mar 20 00:31:30 UTC 2016
On Wed, Mar 9, 2016 at 1:51 PM, Russell Bryant <russell at ovn.org> wrote:
> Prior to this commit, once a connection had been committed to the
> connection tracker, the connection would continue to be allowed, even
> if the policy defined in the ACL table changed. This patch changes
> the implementation so that existing connections are affected by policy
> changes.
>
> The implementation is based on the suggested approach in this mailing
> list thread:
>
> http://openvswitch.org/pipermail/dev/2016-February/065716.html
>
> The implementation is covered in much more detail in the commit message
> for patch 3, as well as code comments and doc updates.
>
> v1->v2:
> - Address issue pointed out by Han Zhou where removing and then
> re-creating
> an ACL did not allow an established connection to continue. The changes
> are in patch 3.
>
> Russell Bryant (3):
> ovn: Update ACL flow docs.
> ovn: Add ct_commit(ct_mark=INTEGER); action.
> ovn: Apply ACL changes to existing connections.
>
This series needs a rebase. I'm also adding ct_label support and switching
patch 3 to use ct_label, at jpettit's recommendation.
I will post a v3 this week.
--
Russell Bryant
More information about the dev
mailing list