@@ -399,7 +399,7 @@
must be either <code>switch</code> or <code>port-group</code>.
</p>
<dl>
- <dt>[<code>--type=</code>{<code>switch</code> | <code>port-group</code>}] [<code>--log</code>] [<code>--meter=</code><var>meter</var>] [<code>--severity=</code><var>severity</var>] [<code>--name=</code><var>name</var>] [<code>--label=</code><var>label</var>] [<code>--may-exist</code>] [<code>--apply-after-lb</code>] <code>acl-add</code> <var>entity</var> <var>direction</var> <var>priority</var> <var>match</var> <var>verdict</var></dt>
+ <dt>[<code>--type=</code>{<code>switch</code> | <code>port-group</code>}] [<code>--log</code>] [<code>--meter=</code><var>meter</var>] [<code>--severity=</code><var>severity</var>] [<code>--name=</code><var>name</var>] [<code>--label=</code><var>label</var>] [<code>--sample=</code><var>sample</var>] [<code>--may-exist</code>] [<code>--apply-after-lb</code>] <code>acl-add</code> <var>entity</var> <var>direction</var> <var>priority</var> <var>match</var> <var>verdict</var></dt>
<dd>
<p>
Adds the specified ACL to <var>entity</var>. <var>direction</var>
@@ -424,6 +424,11 @@
names a meter configured by <code>meter-add</code>.
</p>
+ <p>
+ The <code>--sample</code> enables ACL sampling. A valid uuid of a
+ row of the <ref table="Sample"/> table must be provided.
+ </p>
+
<p>
The <code>--apply-after-lb</code> option sets
<code>apply-after-lb=true</code> in the <code>options</code> column
@@ -2154,6 +2154,7 @@ nbctl_pre_acl_list(struct ctl_context *ctx)
ovsdb_idl_add_column(ctx->idl, &nbrec_acl_col_severity);
ovsdb_idl_add_column(ctx->idl, &nbrec_acl_col_meter);
ovsdb_idl_add_column(ctx->idl, &nbrec_acl_col_label);
+ ovsdb_idl_add_column(ctx->idl, &nbrec_acl_col_sample);
ovsdb_idl_add_column(ctx->idl, &nbrec_acl_col_options);
}
@@ -2205,6 +2206,7 @@ nbctl_acl_add(struct ctl_context *ctx)
const char *severity = shash_find_data(&ctx->options, "--severity");
const char *name = shash_find_data(&ctx->options, "--name");
const char *meter = shash_find_data(&ctx->options, "--meter");
+ const char *sample = shash_find_data(&ctx->options, "--sample");
if (log || severity || name || meter) {
nbrec_acl_set_log(acl, true);
}
@@ -2221,6 +2223,22 @@ nbctl_acl_add(struct ctl_context *ctx)
if (meter) {
nbrec_acl_set_meter(acl, meter);
}
+ if (sample) {
+ const struct nbrec_sample *sample_elem = NULL;
+ struct uuid sample_uuid;
+
+ if (uuid_from_string(&sample_uuid, sample)) {
+ sample_elem = nbrec_sample_get_for_uuid(ctx->idl, &sample_uuid);
+ if (!sample_elem) {
+ ctl_error(ctx, "sample record not found");
+ return;
+ }
+ nbrec_acl_set_sample(acl, sample_elem);
+ } else {
+ ctl_error(ctx, "a valid uuid must be provided");
+ return;
+ }
+ }
/* Set the ACL label */
const char *label = shash_find_data(&ctx->options, "--label");
@@ -7319,7 +7337,7 @@ static const struct ctl_command_syntax nbctl_commands[] = {
{ "acl-add", 5, 6, "{SWITCH | PORTGROUP} DIRECTION PRIORITY MATCH ACTION",
nbctl_pre_acl, nbctl_acl_add, NULL,
"--log,--may-exist,--type=,--name=,--severity=,--meter=,--label=,"
- "--apply-after-lb", RW },
+ "--apply-after-lb,--sample", RW },
{ "acl-del", 1, 4, "{SWITCH | PORTGROUP} [DIRECTION [PRIORITY MATCH]]",
nbctl_pre_acl, nbctl_acl_del, NULL, "--type=", RW },
{ "acl-list", 1, 1, "{SWITCH | PORTGROUP}",
Signed-off-by: Adrian Moreno <amorenoz@redhat.com> --- utilities/ovn-nbctl.8.xml | 7 ++++++- utilities/ovn-nbctl.c | 20 +++++++++++++++++++- 2 files changed, 25 insertions(+), 2 deletions(-)