[ovs-dev] [PATCH v4 2/2] ovn: Apply ACL changes to existing connections.
Russell Bryant
russell at ovn.org
Wed May 25 12:30:22 UTC 2016
On Sun, May 22, 2016 at 2:35 AM, Justin Pettit <jpettit at ovn.org> wrote:
>
> > On May 21, 2016, at 6:35 AM, Russell Bryant <russell at ovn.org> wrote:
> >
> >
> > On Sat, May 21, 2016 at 2:13 AM, Han Zhou <zhouhan at gmail.com> wrote:
> > Russell, shall this be merged?
> >
> > Eventually. :-) I'm just way behind from being out. I do plan to
> finish this.
> >
> > I owe another revision of this series for Justin to review. I need to
> apply some doc suggestions he had.
> >
> > Justin had also requested a change so that we were explicitly setting a
> single bit of ct_label and not the whole field. There were some issues in
> that area in the past, but I think they're all resolved now. I should
> probably go ahead and fix that before posting another revision.
>
> As an FYI, a few of us have been trying to find a way to have ovs-vswitchd
> revalidate conntrack entries just like it does for megaflows. It's really
> tricky, but we think we have it narrowed down to a couple of options. If
> we can do that, it should be a bit cleaner and have fewer corner cases
> (e.g., immediately reject reply traffic and related flows). I think we'll
> know this week whether it's viable or not.
>
Would we have a flow to delete conntrack entries in that case?
--
Russell Bryant
More information about the dev
mailing list