On 2 August 2016 at 12:01, Russell Bryant <russ...@ovn.org> wrote: > > On Tue, Aug 2, 2016 at 1:29 PM, Guru Shetty <g...@ovn.org> wrote: > >> The 2 ct_commit for deletion of firewall rules will likely be tricky. This >> will need unit tests. >> > > I don't think I understand the concern. Can you expand a bit on what you > mean by "2 ct_commit for deletion of firewall rules"? >
My memory on how ct_commit(ct_label=1) works is a little hazy. There are 2 stages now. So whenever a firewall rule is deleted for an established connection, the default ct_commit(ct_label=1) will get hit and the connection is dropped. The same thing happens in the second stage for any removed firewall rule. In the second stage when a firewall rule is deleted ct_label is also set which will reflect in the first stage. Does not this cause confusion with the logic? > > > -- > Russell Bryant > _______________________________________________ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
