+ /* Ingress table 1: ACLs (any priority). */
+ HMAP_FOR_EACH (od, key_node, datapaths) {
+ for (size_t i = 0; i < od->nb->n_acls; i++) {
+ const struct nbrec_acl *acl = od->nb->acls[i];
+ const char *action;
+
+ if (strcmp(acl->direction, "from-lport")) {
+ continue;
+ }
+
+ action = (!strcmp(acl->action, "allow") ||
+ !strcmp(acl->action, "allow-related"))
+ ? "next;" : "drop;";
+ ovn_lflow_add(&lflows, od, P_IN, S_IN_ACL, acl->priority,
+ acl->match, action);
+ }
+ }
+ HMAP_FOR_EACH (od, key_node, datapaths) {
+ ovn_lflow_add(&lflows, od, P_IN, S_IN_ACL, 0, "1", "next;");
+ }
+
+ /* Ingress table 2: Destination lookup, broadcast and multicast handling