On Wed, May 9, 2018 at 11:13 AM, Ben Pfaff <[email protected]> wrote: > > On Sun, Apr 22, 2018 at 09:52:35AM -0700, Han Zhou wrote: > > The new option --port-group is supported for ovn-nbctl ACL related > > commands. User can now ovn-nbctl to add/delete/list ACLs on port > > groups. E.g. > > > > ovn-nbctl --port-group acl-add port_group1 to-lport 1000 \ > > 'outport == @port_group1 && ip4.src == $port_group1_ip4' \ > > allow-related > > > > Signed-off-by: Han Zhou <[email protected]> > > Thanks for working on making ovn-nbctl more useful here. > > The documentation is pretty inconsistent about whether it mentions > --port-group. > > I think that in most cases the names of port groups and lswitches are > going to be different. As a user interface convenience, I suggest that > there be *two* options: --port-group and --lswitch (or whatever). If > either one is given, then the command works with that kind of entity. > If neither one is given, then the command works with whichever one > actually exists with the given name, or exits with an error if both > exist. > This is a good suggestion. Then would it be better to have just one option e.g. --acl-type (or just --type), and the value can be "port-group" or "lswitch"? If the option is not provided, the command works with whichever exists or error out if both exist. What do you think?
Thanks, Han _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
