[ovs-git] [ovn-org/ovn] 662068: Document priority behavior for allow-stateless ACLs

Ihar Hrachyshka noreply at github.com
Wed Jun 9 05:37:06 UTC 2021


  Branch: refs/heads/branch-21.06
  Home:   https://github.com/ovn-org/ovn
  Commit: 6620685ea7eff623ac69090cca214b96e0b55830
      https://github.com/ovn-org/ovn/commit/6620685ea7eff623ac69090cca214b96e0b55830
  Author: Ihar Hrachyshka <ihrachys at redhat.com>
  Date:   2021-06-08 (Tue, 08 Jun 2021)

  Changed paths:
    M northd/ovn-northd.c
    M northd/ovn_northd.dl
    M ovn-nb.xml
    M tests/ovn-northd.at

  Log Message:
  -----------
  Document priority behavior for allow-stateless ACLs

It's complex and probably impossible to split returning traffic for
allow-related ACLs from stateless traffic, we don't fully implement
ACL priority for allow-stateless rules. Meaning, allow-stateless rules
always take precedence over stateful rules regardless of their
relative priority order.

This patch documents this behavior and covers it with explicit test
cases.

Signed-off-by: Ihar Hrachyshka <ihrachys at redhat.com>
Signed-off-by: Han Zhou <hzhou at ovn.org>




More information about the git mailing list