On Fri, Sep 11, 2015 at 12:49:13PM -0700, Justin Pettit wrote:
>
> > On Sep 11, 2015, at 11:36 AM, Ben Pfaff <b...@nicira.com> wrote:
> >
> > Until now, the priority-100 flow for broadcast and multicast packets caused
> > such packets to be delivered to disabled logical ports. This commit makes
> > ovn-northd add a priority-150 flow for each disabled logical port to
> > override that behavior.
> >
> > Found by inspection.
> >
> > Signed-off-by: Ben Pfaff <b...@nicira.com>
> > ---
> > ovn/northd/ovn-northd.c | 22 ++++++++++++++--------
> > 1 file changed, 14 insertions(+), 8 deletions(-)
> >
> > diff --git a/ovn/northd/ovn-northd.c b/ovn/northd/ovn-northd.c
> > index 253ee59..a6572df 100644
> > --- a/ovn/northd/ovn-northd.c
> > +++ b/ovn/northd/ovn-northd.c
> > @@ -863,20 +863,26 @@ build_lflows(struct northd_context *ctx, struct hmap
> > *datapaths,
> > "output;");
> > }
> >
> > - /* Egress table 1: Egress port security (priority 50). */
> > + /* Egress table 1: Egress port security (priority 50).
> > + *
> > + * Also, priority 150 rules for disabled logical ports so that they
> > don't
> > + * even receive multicast or broadcast packets. */
>
> It seems like it might be clearer in the title to indicate both
> priorities being set. Then, in the comment describe both types of
> flows. Not a big deal, though.
OK, I updated the comment to:
/* Egress table 1: Egress port security (priorities 50 and 150).
*
* Priority 50 rules implement port security for enabled logical port.
*
* Priority 150 rules drop packets to disabled logical ports, so that they
* don't even receive multicast or broadcast packets. */
> Acked-by: Justin Pettit <jpet...@nicira.com>
Thanks, I'll apply this in a minute.
_______________________________________________
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev
