On Fri, Jul 29, 2016 at 12:47 AM, Mickey Spiegel <mickeys....@gmail.com> wrote:
> > This patch adds a second logical switch ingress ACL stage, and > correspondingly a second logical switch egress ACL stage. This > allows for more than one ACL-based feature to be applied in the > ingress and egress logical switch pipelines. The features > driving the different ACL stages may be configured by different > users, for example an application deployer managing security > groups and a network or security admin configuring network ACLs > or firewall rules. > > Each ACL stage is self contained. The "action" for the > highest-"priority" matching row in an ACL stage determines a > packet's treatment. A separate "action" will be determined in > each ACL stage, according to the ACL rules configured for that > ACL stage. The "priority" values are only relevant within the > context of an ACL stage. > > ACL rules that do not specify an ACL stage are applied to the > default "acl" stage. > > Signed-off-by: Mickey Spiegel <mickeys....@gmail.com> Could you expand on why priorities in a single stage aren't enough to satisfy the use case? -- Russell Bryant _______________________________________________ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
