adaraiseh
commented
9 months ago ietf-access-control-list yang module doesn't support matching on vlan id
Open adaraiseh opened 10 months ago
adaraiseh
commented
9 months ago ietf-access-control-list yang module doesn't support matching on vlan id
ietf-access-control list doesn't seem to support matching on 802.1q, we might need to augment matching.
Note for netlink: In the SW datapath, the indicated protocol matches on the outermost EtherType. If the packet is VLAN tagged, the protocol value needs to be 802.1q, not ip, even if IP is what is inside the VLAN tag. Matching on the inner IP is then done through flower vlan_ethtype key. This is unlike the HW datapath, where both protocol ip and protocol 802.1q would match.