On Wed, Mar 9, 2016 at 1:51 PM, Russell Bryant <russ...@ovn.org> wrote:
> Prior to this commit, once a connection had been committed to the > connection tracker, the connection would continue to be allowed, even > if the policy defined in the ACL table changed. This patch changes > the implementation so that existing connections are affected by policy > changes. > > The implementation is based on the suggested approach in this mailing > list thread: > > http://openvswitch.org/pipermail/dev/2016-February/065716.html > > The implementation is covered in much more detail in the commit message > for patch 3, as well as code comments and doc updates. > > v1->v2: > - Address issue pointed out by Han Zhou where removing and then > re-creating > an ACL did not allow an established connection to continue. The changes > are in patch 3. > > Russell Bryant (3): > ovn: Update ACL flow docs. > ovn: Add ct_commit(ct_mark=INTEGER); action. > ovn: Apply ACL changes to existing connections. > This series needs a rebase. I'm also adding ct_label support and switching patch 3 to use ct_label, at jpettit's recommendation. I will post a v3 this week. -- Russell Bryant _______________________________________________ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
