We need to have a priority-0 logical datapath flow to act as a catch-all.
The easiest way to make sure that it doesn't overlap with NB-provided ACLs
is to prohibit them from using priority 0.
Maybe we should restrict ACLs to some smaller range of priorities to allow
for higher- and lower- priority flows in the logical datapath table. I
haven't carefully thought it through.
Signed-off-by: Ben Pfaff <b...@nicira.com>
---
ovn/ovn-nb.ovsschema | 2 +-
ovn/ovn-nb.xml | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/ovn/ovn-nb.ovsschema b/ovn/ovn-nb.ovsschema
index 8b1e09a..fe69d31 100644
--- a/ovn/ovn-nb.ovsschema
+++ b/ovn/ovn-nb.ovsschema
@@ -40,7 +40,7 @@
"refTable": "Logical_Switch",
"refType": "strong"}}},
"priority": {"type": {"key": {"type": "integer",
- "minInteger": 0,
+ "minInteger": 1,
"maxInteger": 65535}}},
"match": {"type": "string"},
"action": {"type": {"key": {"type": "string",
diff --git a/ovn/ovn-nb.xml b/ovn/ovn-nb.xml
index 2d0632e..6985f5e 100644
--- a/ovn/ovn-nb.xml
+++ b/ovn/ovn-nb.xml
@@ -167,7 +167,7 @@
the highest-<ref column="priority"/> matching row in this table
determines a packet's treatment. If no row matches, packets are allowed
by default. (Default-deny treatment is possible: add a rule with <ref
- column="priority"/> 0, <code>true</code> as <ref column="match"/>, and
+ column="priority"/> 1, <code>1</code> as <ref column="match"/>, and
<code>deny</code> as <ref column="action"/>.)
</p>
--
2.1.3
_______________________________________________
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev
