On Tue, Jul 13, 2021 at 1:50 PM Numan Siddique <num...@ovn.org> wrote: > > On Fri, Jul 2, 2021 at 4:39 PM Ben Pfaff <b...@ovn.org> wrote: > > > > On Wed, Jun 23, 2021 at 08:35:19PM -0400, Ihar Hrachyshka wrote: > > > This allows L3+ ACLs to match against double tagged vlan traffic on > > > vlan-passthru switches. > > > > > > The default in OVS is vlan-limit=1 for backwards compatibility. This > > > means packets are not "parsed" deeper than one tag level. > > > > > > This patch sets it to 0, which means "parse as deep as OVS supports". > > > Right now it's effectively the same as setting it to "2", which is the > > > maximum number of tag levels that OVS supports right now. > > > > > > It is already set to 2 in puppet-vswitch that is used in some OpenStack > > > distributions: > > > > > > https://opendev.org/openstack/puppet-vswitch/commit/14011d69c18e628a3466fa71db25cefb7adff425 > > > > > > Signed-off-by: Ihar Hrachyshka <ihrac...@redhat.com> > > > > Thanks! This is a good idea, I think. > > > > I think that the following is going to always submit a transaction to > > update vlan-limit, even if it's already correct. That's going to be > > wasteful. I think it would be better to check whether it's already set > > to 0: > > > Hi Ihar, > > Does it need a v2 addressing Ben's comments ? >
Yes, I was busy with another patch till now; I'm sending v2 for vlan-limit patch tomorrow. > Thanks > Numan > > > > > > + /* Enable ACL matching for double tagged traffic. */ > > > + if (ovs_idl_txn) { > > > + const struct ovsrec_open_vswitch *cfg = > > > + ovsrec_open_vswitch_table_first(ovs_table); > > > + ovsrec_open_vswitch_update_other_config_setkey( > > > + cfg, "vlan-limit", "0"); > > > + } > > _______________________________________________ > > dev mailing list > > d...@openvswitch.org > > https://mail.openvswitch.org/mailman/listinfo/ovs-dev > > > _______________________________________________ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev