On Wed, Jun 23, 2021 at 08:35:19PM -0400, Ihar Hrachyshka wrote: > This allows L3+ ACLs to match against double tagged vlan traffic on > vlan-passthru switches. > > The default in OVS is vlan-limit=1 for backwards compatibility. This > means packets are not "parsed" deeper than one tag level. > > This patch sets it to 0, which means "parse as deep as OVS supports". > Right now it's effectively the same as setting it to "2", which is the > maximum number of tag levels that OVS supports right now. > > It is already set to 2 in puppet-vswitch that is used in some OpenStack > distributions: > > https://opendev.org/openstack/puppet-vswitch/commit/14011d69c18e628a3466fa71db25cefb7adff425 > > Signed-off-by: Ihar Hrachyshka <ihrac...@redhat.com>
Thanks! This is a good idea, I think. I think that the following is going to always submit a transaction to update vlan-limit, even if it's already correct. That's going to be wasteful. I think it would be better to check whether it's already set to 0: > + /* Enable ACL matching for double tagged traffic. */ > + if (ovs_idl_txn) { > + const struct ovsrec_open_vswitch *cfg = > + ovsrec_open_vswitch_table_first(ovs_table); > + ovsrec_open_vswitch_update_other_config_setkey( > + cfg, "vlan-limit", "0"); > + } _______________________________________________ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev