On Sun, Jul 3, 2016 at 1:40 PM, Ben Pfaff <b...@ovn.org> wrote: > On Thu, Jun 30, 2016 at 04:14:04PM -0400, Russell Bryant wrote: > > Prior to this commit, once a connection had been committed to the > > connection tracker, the connection would continue to be allowed, even > > if the policy defined in the ACL table changed. This patch changes > > the implementation so that existing connections are affected by policy > > changes. > > > > The implementation is based on the suggested approach in this mailing > > list thread: > > > > http://openvswitch.org/pipermail/dev/2016-February/065716.html > > > > The implementation is covered in much more detail in the commit message > > for patch 3, as well as code comments and doc updates. > > > > v1->v2: > > - Address issue pointed out by Han Zhou where removing and then > re-creating > > an ACL did not allow an established connection to continue. The > changes > > are in patch 3. > > v2->v3: > > - rebase and resolve conflicts with master. > > - Use ct_label instead of ct_mark. > > - patch 1: add ACK from han, otherwise unchanged > > - patch 2: add support for setting ct_label. v2 only included ct_mark. > > I did not include Han's ACK here because the changes were non trivial. > > - patch 3: add ACK from han. The rest of the changes are trivial > > replacement of ct_mark with ct_label. > > v3->v4: > > - Added tests for additions to the ct_commit() logical flow action. > > - Simplified ct_commit() logical flow action additions as suggested by > Ben. > > - Lots of doc cleanup as suggested by Justin. > > v4->v5: > > - Rebase. > > - Support a mask for the value of ct_mark or ct_label in the > ct_commit() action. > > - Update ovn-northd to explicitly specify that it is only setting 1 bit > > of ct_label. > > - This version now has all the changes requested by Justin Pettit, so is > > ready for his review. > > v5->v6: > > - Applied patch 1/2 in v5 with minor updates. > > - Rebase final patch. > > This seems to have multiple acks, do you want particular review of some > part of it? >
Justin asked to review it before I push it. I think it's in conflict again though ... -- Russell Bryant _______________________________________________ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
