[ovs-dev] [PATCH] ovn-northd: Optimize acl of localnet-port

Russell Bryant russell at ovn.org
Wed Jul 26 21:12:16 UTC 2017 

On Sun, Jul 9, 2017 at 9:51 PM,  <wang.qianyu at zte.com.cn> wrote:
> Localnet port is not an endpoint, and have no security requirements
> to use localnet port at present. So, for performance consideration, we
> could do not use ct for localnet port.
>
> The more specific discussion can be found from
> https://mail.openvswitch.org/pipermail/ovs-dev/2017-July/335048.html
>
> Change-Id: Iac42ceaa3ef1d4e9b34768f802502d8326b7f507
> Signed-off-by: wangqianyu <wang.qianyu at zte.com.cn>
> ---
>  ovn/northd/ovn-northd.8.xml |  4 +++-
>  ovn/northd/ovn-northd.c     | 24 +++++++++++++++++++++++-
>  2 files changed, 26 insertions(+), 2 deletions(-)

Thanks for the patch!  I have applied it to master with some changes
shown below.

I also had to recreate the patch manually as I was not able to apply
it from your email.  This usually happens when copying the patch into
your email client.  The best method for submitting a patch is to use
the "git send-email" command.  If you have trouble getting that to
work for some reason, you can also submit a pull request on github.

My additions to the patch:

diff --git a/AUTHORS.rst b/AUTHORS.rst
index 21a68c140..39ddcb1ef 100644
--- a/AUTHORS.rst
+++ b/AUTHORS.rst
@@ -317,6 +317,7 @@ Tonghao Zhang                   xiangxia.m.yue at gmail.com
 Valient Gough                   vgough at pobox.com
 Venkata Anil Kommaddi           vkommadi at redhat.com
 Vivien Bernet-Rollande          vbr at soprive.net
+wangqianyu                      wang.qianyu at zte.com.cn
 Wang Sheng-Hui                  shhuiw at gmail.com
 Wei Li                          liw at dtdream.com
 Wei Yongjun                     yjwei at cn.fujitsu.com
diff --git a/ovn/ovn-nb.xml b/ovn/ovn-nb.xml
index 1e7346566..61522f140 100644
--- a/ovn/ovn-nb.xml
+++ b/ovn/ovn-nb.xml
@@ -1007,14 +1007,7 @@

       <p>
         Note that you can not create an ACL matching on a port with
-        type=router.
-      </p>
-
-      <p>
-        Note that when <code>localnet</code> port exists in a lswitch, for
-        <code>to-lport</code> direction, the <code>inport</code> works only if
-        the <code>to-lport</code> is located on the same chassis as the
-        <code>inport</code>.
+        type=router or type=localnet.
       </p>
     </column>

More information about the dev mailing list