[ovs-git] [ovn-org/ovn] ea3387: Document priority behavior for allow-stateless ACLs

Ihar Hrachyshka noreply at github.com
Wed Jun 9 05:31:21 UTC 2021


  Branch: refs/heads/master
  Home:   https://github.com/ovn-org/ovn
  Commit: ea3387ef2d2eefec69928889f918ff8872c44ceb
      https://github.com/ovn-org/ovn/commit/ea3387ef2d2eefec69928889f918ff8872c44ceb
  Author: Ihar Hrachyshka <ihrachys at redhat.com>
  Date:   2021-06-08 (Tue, 08 Jun 2021)

  Changed paths:
    M northd/ovn-northd.c
    M northd/ovn_northd.dl
    M ovn-nb.xml
    M tests/ovn-northd.at

  Log Message:
  -----------
  Document priority behavior for allow-stateless ACLs

It's complex and probably impossible to split returning traffic for
allow-related ACLs from stateless traffic, we don't fully implement
ACL priority for allow-stateless rules. Meaning, allow-stateless rules
always take precedence over stateful rules regardless of their
relative priority order.

This patch documents this behavior and covers it with explicit test
cases.

Signed-off-by: Ihar Hrachyshka <ihrachys at redhat.com>
Signed-off-by: Han Zhou <hzhou at ovn.org>




More information about the git mailing list