On Mon, Apr 10, 2023 at 01:26:11PM -0400, Mark Michelson wrote:
> With this commit, ACLs can now be arranged in hierarchical tiers. A tier
> number can be assigned to an ACL. When evaluating ACLs, we first will
> consider ACLs at tier 0. If no matching ACL is found, then we move to
> tier 1. This continues until a matching ACL is found, or we reach the
> maximum tier. If no match is found, then the default acl action is
> applied.
>
> Signed-off-by: Mark Michelson <[email protected]>
...
> @@ -6744,6 +6774,20 @@ build_acl_action_lflows(struct ovn_datapath *od,
> struct hmap *lflows,
> ds_truncate(actions, verdict_len);
> ds_put_cstr(actions, default_acl_action);
> ovn_lflow_add(lflows, od, stage, 0, "1", ds_cstr(actions));
> +
> + struct ds tier_actions = DS_EMPTY_INITIALIZER;
> + for (size_t j = 0; j < od->max_acl_tier; j++) {
> + ds_clear(match);
> + ds_put_format(match, REG_ACL_TIER " == %"PRIuSIZE, j);
> + ds_clear(&tier_actions);
> + ds_put_format(&tier_actions, REG_ACL_TIER " = %"PRIuSIZE"; "
> + "next(pipeline=%s,table=%"PRIu8");",
> + j + 1, ingress ? "ingress" : "egress",
> + ovn_stage_get_table(stage) - 1);
Hi Mark,
the OVS Robot said that the line above makes it sad.
northd/northd.c:6786:27: error: format specifies type 'unsigned char' but the
argument has type 'int' [-Werror,-Wformat]
ovn_stage_get_table(stage) - 1);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Link:
https://github.com/ovsrobot/ovn/actions/runs/4659733683/jobs/8246946755#step:10:2782
I think the problem is that although ovn_stage_get_table returns uint8_t
the arithmetic results in an integer value.
> + ovn_lflow_add(lflows, od, stage, 500, ds_cstr(match),
> + ds_cstr(&tier_actions));
> + }
> + ds_destroy(&tier_actions);
> }
> }
...
_______________________________________________
dev mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
