On Tue, Jun 19, 2018 at 2:53 PM, Daniel Alvarez Sanchez <dalva...@redhat.com> wrote: > > > > On Tue, Jun 19, 2018 at 10:37 PM, Daniel Alvarez Sanchez < dalva...@redhat.com> wrote: >> >> Sorry, the problem seems to be that this ACL is not added in the Port Groups case for some reason (I checked wrong lflows log I had): > > s/ACL/Logical Flow >> >> >> _uuid : 5a1bce6c-e4ed-4a1f-8150-cb855bbac037 >> actions : "reg0[0] = 1; next;" >> external_ids : {source="ovn-northd.c:2931", stage-name=ls_in_pre_acl} >> logical_datapath : 0cf12eb0-fdb3-4087-98b0-9c52cafd0bdf >> match : ip >> pipeline : ingress >> priority : 100 >> >> >> Apparently, this code is not getting triggered for the Port Group case: >> https://github.com/openvswitch/ovs/blob/master/ovn/northd/ovn-northd.c#L2930 >> >> >> > The problem is that build_pre_acls() [0] function checks if the Logical Switch has stateful > ACLs but since we're now applying ACLs on Port Groups, it'll always return false > and it won't apply the pre ACLs for conntrack. > > [0] https://github.com/openvswitch/ovs/blob/master/ovn/northd/ovn-northd.c#L2852
Yes, thanks Daniel for finding the problem! I am checking why the test case didn't find out. I will work on the fix asap. Thanks, Han
_______________________________________________ discuss mailing list disc...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-discuss