On Wed, Jun 29, 2016 at 01:17:07AM -0700, Gurucharan Shetty wrote:
> Currently, the only use of stateful services in conntrack is
> OVN ACLs. In table pre-ACL, we send the packet to conntrack
> to track it (to get its status) and to defrag via the ct_next
> action.
>
> As we introduce more
On 30 June 2016 at 01:33, Zong Kai LI wrote:
> >
> > @@ -1377,13 +1381,34 @@ build_pre_acls(struct ovn_datapath *od, struct
> > hmap *lflows,
> > *
> > * Regardless of whether the ACL is "from-lport" or "to-lport",
> > * we need rules in both the
>
> @@ -1377,13 +1381,34 @@ build_pre_acls(struct ovn_datapath *od, struct
> hmap *lflows,
> *
> * Regardless of whether the ACL is "from-lport" or "to-lport",
> * we need rules in both the ingress and egress table, because
> - * the return traffic needs to be
Currently, the only use of stateful services in conntrack is
OVN ACLs. In table pre-ACL, we send the packet to conntrack
to track it (to get its status) and to defrag via the ct_next
action.
As we introduce more stateful services, the ACL feature will
have to share the conntrack module with