On Fri, Jul 2, 2021 at 4:39 PM Ben Pfaff <b...@ovn.org> wrote: > > On Wed, Jun 23, 2021 at 08:35:19PM -0400, Ihar Hrachyshka wrote: > > This allows L3+ ACLs to match against double tagged vlan traffic on > > vlan-passthru switches. > > > > The default in OVS is vlan-limit=1 for backwards compatibility. This > > means packets are not "parsed" deeper than one tag level. > > > > This patch sets it to 0, which means "parse as deep as OVS supports". > > Right now it's effectively the same as setting it to "2", which is the > > maximum number of tag levels that OVS supports right now. > > > > It is already set to 2 in puppet-vswitch that is used in some OpenStack > > distributions: > > > > https://opendev.org/openstack/puppet-vswitch/commit/14011d69c18e628a3466fa71db25cefb7adff425 > > > > Signed-off-by: Ihar Hrachyshka <ihrac...@redhat.com> > > Thanks! This is a good idea, I think. > > I think that the following is going to always submit a transaction to > update vlan-limit, even if it's already correct. That's going to be > wasteful. I think it would be better to check whether it's already set > to 0:
Hi Ihar, Does it need a v2 addressing Ben's comments ? Thanks Numan > > > + /* Enable ACL matching for double tagged traffic. */ > > + if (ovs_idl_txn) { > > + const struct ovsrec_open_vswitch *cfg = > > + ovsrec_open_vswitch_table_first(ovs_table); > > + ovsrec_open_vswitch_update_other_config_setkey( > > + cfg, "vlan-limit", "0"); > > + } > _______________________________________________ > dev mailing list > d...@openvswitch.org > https://mail.openvswitch.org/mailman/listinfo/ovs-dev > _______________________________________________ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev