Re: [ovs-dev] [PATCH 4/7] ovn-northd: Introduce stateful table.

Thu, 30 Jun 2016 07:59:21 -0700 

On 30 June 2016 at 01:41, Zong Kai LI <zealo...@gmail.com> wrote:

> >
> > @@ -1429,9 +1432,9 @@ build_acls(struct ovn_datapath *od, struct hmap
> > *lflows)
> >           * and then its return traffic would not have an associated
> >           * conntrack entry and would return "+invalid". */
> >          ovn_lflow_add(lflows, od, S_SWITCH_IN_ACL, 1, "ip",
> > -                      "ct_commit; next;");
> > +                      REGBIT_CONNTRACK_COMMIT" = 1; next;");
> >          ovn_lflow_add(lflows, od, S_SWITCH_OUT_ACL, 1, "ip",
> > -                      "ct_commit; next;");
> > +                      REGBIT_CONNTRACK_COMMIT" = 1; next;");
> >
> >
> Just like I commented in patch 3, try to directly resubmit non-stateful
> stuff to ARP_RSP table, for they will meet just another "next;" in stateful
> table.
>
> A future commit in this series introduces a new table "lb" between "ACLs"
and "stateful" table. If I do the jump, I will miss any load balancing
rules. Ditto for all your other comments.


>          /* Ingress and Egress ACL Table (Priority 65535).
> >           *
> > @@ -1484,7 +1487,9 @@ build_acls(struct ovn_datapath *od, struct hmap
> > *lflows)
> >               * direction may not have any stateful rules, the server's
> >               * may and then its return traffic would not have an
> >               * associated conntrack entry and would return "+invalid".
> */
> > -            const char *actions = has_stateful ? "ct_commit; next;" :
> > "next;";
> > +            const char *actions = has_stateful
> > +                                    ? REGBIT_CONNTRACK_COMMIT" = 1;
> next;"
> > +                                    : "next;";
> >
>
> ditto, try to using resubmit.
>
>
> > static void
> > +build_stateful(struct ovn_datapath *od, struct hmap *lflows)
> > +{
> > +    /* Ingress and Egress stateful Table (Priority 0): Packets are
> > +     * allowed by default. */
> > +    ovn_lflow_add(lflows, od, S_SWITCH_IN_STATEFUL, 0, "1", "next;");
> > +    ovn_lflow_add(lflows, od, S_SWITCH_OUT_STATEFUL, 0, "1", "next;");
> >
>
> if we allow non-stateful stuff to skip PRE_STATEFUL and STATEFUL table, we
> will don't need the default next action in the two tables.
>
> Thanks,
> Zong Kai, LI
> _______________________________________________
> dev mailing list
> dev@openvswitch.org
> http://openvswitch.org/mailman/listinfo/dev
>
_______________________________________________
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev

Reply via email to