[ovs-dev] [PATCH] ovn-northd: Apply pre ACLs when using Port Groups

Han Zhou zhouhan at gmail.com
Wed Jun 20 02:15:18 UTC 2018


On Tue, Jun 19, 2018 at 5:49 PM, Ben Pfaff <blp at ovn.org> wrote:
>
> On Tue, Jun 19, 2018 at 05:27:20PM -0700, Han Zhou wrote:
> > All looks good to me except that the test case "ovn -- ACLs on Port
Groups"
> > is broken with this change. I think it is because conntrack is not
> > supported in the dummy datapath and so the stateful ACL would not work
in
> > the test suites, and it was passing just because of this bug. So, to fix
> > the test case, you need below change:
>
> I would have guessed that conntrack works OK in the dummy datapath
> because dpif-netdev supports conntrack.

Ah, I admit that I am ignorant on this. I need to study more on it to
understand why this test case doesn't work. Is there any
tool/documentation/example on how to debug the dummy datapath conntrack,
such as dumping the conntrack table entries?

Thanks,
Han


More information about the dev mailing list