On Fri, Sep 11, 2015 at 12:57:18PM -0700, Justin Pettit wrote:
>
> > On Sep 11, 2015, at 11:36 AM, Ben Pfaff <b...@nicira.com> wrote:
> >
> > @@ -744,22 +744,23 @@ build_lflows(struct northd_context *ctx, struct hmap
> > *datapaths,
> >
> > /* Port security flows have priority 50 (see below) and will
> > continue
> > * to the next table if packet source is acceptable. */
> > -
> > - /* Otherwise drop the packet. */
> > - ovn_lflow_add(&lflows, od, P_IN, S_IN_PORT_SEC, 0, "1", "drop;");
> > }
> >
> > /* Ingress table 0: Ingress port security (priority 50). */
> > struct ovn_port *op;
> > HMAP_FOR_EACH (op, key_node, ports) {
> > + if (!lport_is_enabled(op->nb)) {
> > + continue;
> > + }
>
> Do you think it's worth mentioning here that this effectively drops packets
> coming from disabled ports?
OK, I added a comment:
if (!lport_is_enabled(op->nb)) {
/* Drop packets from disabled logical ports (since logical flow
* tables are default-drop). */
continue;
}
> Acked-by: Justin Pettit <jpet...@nicira.com>
Thanks, I'll apply this in a minute.
_______________________________________________
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev
