I'm trying to figure out what the proper semantics are supposed to be for resubmit with in_ports, which is being used in some of the OpenStack neutron firewalling flows.
If we define the following flow table: table=0 in_port=1,actions=resubmit:0 table=0 in_port=0,actions=goto_table:1 table=1 in_port=0 actions=2 ... (default drop) Is the resubmit using port 0 supposed to apply to only the next lookup, or all subsequent lookups? As a data point, packets ingressing port 1 with the above table on OVS-2.3 would match the first two rules, then miss in table 1 and be dropped. While this particular case might look a bit odd, mixing resubmit and goto_table, it has further repercussions when we start adding recirculation into the mix due to things like conntrack. The above example is just the minimal case for argument's sake, but I can provide a more full example if someone thinks it would help the discussion. _______________________________________________ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
