> On Sep 11, 2015, at 11:36 AM, Ben Pfaff <b...@nicira.com> wrote:
>
> @@ -744,22 +744,23 @@ build_lflows(struct northd_context *ctx, struct hmap
> *datapaths,
>
> /* Port security flows have priority 50 (see below) and will continue
> * to the next table if packet source is acceptable. */
> -
> - /* Otherwise drop the packet. */
> - ovn_lflow_add(&lflows, od, P_IN, S_IN_PORT_SEC, 0, "1", "drop;");
> }
>
> /* Ingress table 0: Ingress port security (priority 50). */
> struct ovn_port *op;
> HMAP_FOR_EACH (op, key_node, ports) {
> + if (!lport_is_enabled(op->nb)) {
> + continue;
> + }
Do you think it's worth mentioning here that this effectively drops packets
coming from disabled ports?
Acked-by: Justin Pettit <jpet...@nicira.com>
--Justin
_______________________________________________
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev
