On Thu, Sep 14, 2017 at 03:10:42PM -0600, Miguel Angel Ajo Pelayo wrote: > On Thu, Sep 14, 2017 at 2:58 PM, Ben Pfaff <b...@ovn.org> wrote: > > > On Thu, Sep 14, 2017 at 02:52:48PM -0600, Miguel Angel Ajo Pelayo wrote: > > > Although I see we have code for somehow packing stuff into conjunctions: > > > > > > https://github.com/openvswitch/ovs/blob/1ea2184501d43352ec40764f5eaa3c > > bd07e3fee3/ovn/controller/lflow.c#L298 > > > > > > I don't really understand (yet) what's it doing. Is it may be supposed to > > > cover this case but we got into a bug? > > > > It's a naive, ad hoc algorithm that I implemented knowing at the time > > that I didn't know what was actually important yet. Now that we have an > > example of a case where it's important to get it right, it's time to > > take another look. > > > > Oh, sounds great Ben, thank you for handling this. > > I'm spending some time reading the lflow.c code to understand what we have > now. > > I was wondering if, another improvement we could make in the future is > having ACL_Match sets, or something like that, to reduce the amount of ACL > entries and lflow entries that we generate, and also make it easier for > ovn-controller to group them. They would resemble the idea of security > groups (for rules, not for members) in neutron, but not sure if that's too > specific.
If there are higher-level concepts that often get used in practice, then it makes sense to me to figure out whether there's a clean way to integrate them in a general fashion. _______________________________________________ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
