On Tue, Jul 13, 2021 at 1:50 PM Numan Siddique <num...@ovn.org> wrote:
>
> On Fri, Jul 2, 2021 at 4:39 PM Ben Pfaff <b...@ovn.org> wrote:
> >
> > On Wed, Jun 23, 2021 at 08:35:19PM -0400, Ihar Hrachyshka wrote:
> > > This allows L3+ ACLs to match against double tagged vlan traffic on
> > > vlan-passthru switches.
> > >
> > > The default in OVS is vlan-limit=1 for backwards compatibility. This
> > > means packets are not "parsed" deeper than one tag level.
> > >
> > > This patch sets it to 0, which means "parse as deep as OVS supports".
> > > Right now it's effectively the same as setting it to "2", which is the
> > > maximum number of tag levels that OVS supports right now.
> > >
> > > It is already set to 2 in puppet-vswitch that is used in some OpenStack
> > > distributions:
> > >
> > > https://opendev.org/openstack/puppet-vswitch/commit/14011d69c18e628a3466fa71db25cefb7adff425
> > >
> > > Signed-off-by: Ihar Hrachyshka <ihrac...@redhat.com>
> >
> > Thanks! This is a good idea, I think.
> >
> > I think that the following is going to always submit a transaction to
> > update vlan-limit, even if it's already correct. That's going to be
> > wasteful. I think it would be better to check whether it's already set
> > to 0:
>
>
> Hi Ihar,
>
> Does it need a v2 addressing Ben's comments ?
>
Yes, I was busy with another patch till now; I'm sending v2 for
vlan-limit patch tomorrow.
> Thanks
> Numan
>
> >
> > > + /* Enable ACL matching for double tagged traffic. */
> > > + if (ovs_idl_txn) {
> > > + const struct ovsrec_open_vswitch *cfg =
> > > + ovsrec_open_vswitch_table_first(ovs_table);
> > > + ovsrec_open_vswitch_update_other_config_setkey(
> > > + cfg, "vlan-limit", "0");
> > > + }
> > _______________________________________________
> > dev mailing list
> > d...@openvswitch.org
> > https://mail.openvswitch.org/mailman/listinfo/ovs-dev
> >
>
_______________________________________________
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
