On May 9, 2018 3:11:19 PM PDT, Han Zhou <[email protected]> wrote: >On Wed, May 9, 2018 at 11:13 AM, Ben Pfaff <[email protected]> wrote: >> >> On Sun, Apr 22, 2018 at 09:52:35AM -0700, Han Zhou wrote: >> > The new option --port-group is supported for ovn-nbctl ACL related >> > commands. User can now ovn-nbctl to add/delete/list ACLs on port >> > groups. E.g. >> > >> > ovn-nbctl --port-group acl-add port_group1 to-lport 1000 \ >> > 'outport == @port_group1 && ip4.src == $port_group1_ip4' \ >> > allow-related >> > >> > Signed-off-by: Han Zhou <[email protected]> >> >> Thanks for working on making ovn-nbctl more useful here. >> >> The documentation is pretty inconsistent about whether it mentions >> --port-group. >> >> I think that in most cases the names of port groups and lswitches are >> going to be different. As a user interface convenience, I suggest >that >> there be *two* options: --port-group and --lswitch (or whatever). If >> either one is given, then the command works with that kind of entity. >> If neither one is given, then the command works with whichever one >> actually exists with the given name, or exits with an error if both >> exist. >> >This is a good suggestion. Then would it be better to have just one >option >e.g. --acl-type (or just --type), and the value can be "port-group" or >"lswitch"? If the option is not provided, the command works with >whichever >exists or error out if both exist. What do you think? > >Thanks, >Han
Sure, that's fine too. _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
