ovn: Adopt consistent naming, by renaming "Bindings" to "Binding".

[cascardo/ovs.git] / ovn / ovn-nb.xml

diff --git a/ovn/ovn-nb.xml b/ovn/ovn-nb.xml
index bd9f8a2..b15aeac 100644 (file)
--- a/ovn/ovn-nb.xml
+++ b/ovn/ovn-nb.xml
@@ -119,7 +119,7 @@
       This column is populated by <code>ovn-northd</code>, rather than by
       the CMS plugin as is most of this database.  When a logical port is bound
       to a physical location in the OVN Southbound database <ref
-      db="OVN_Southbound" table="Bindings"/> table, <code>ovn-northd</code>
+      db="OVN_Southbound" table="Binding"/> table, <code>ovn-northd</code>
       sets this column to <code>true</code>; otherwise, or if the port
       becomes unbound later, it sets it to <code>false</code>.  This
       allows the CMS to wait for a VM's (or container's) networking to
@@ -137,21 +137,20 @@
 
     <column name="port_security">
       <p>
-        A set of L2 (Ethernet) or L3 (IPv4 or IPv6) addresses or L2+L3 pairs
+        A set of L2 (Ethernet) addresses
         from which the logical port is allowed to send packets and to which it
         is allowed to receive packets.  If this column is empty, all addresses
-        are permitted.
+        are permitted.  Logical ports are always allowed to receive packets
+        addressed to multicast and broadcast addresses.
       </p>
 
       <p>
-        Each member of the set is a comma- or space-separated list.  A single
-        set member may have an Ethernet address, an IPv4 address, and an IPv6
-        address, or any subset.  Order is not significant.
+        Each member of the set is an Ethernet address in the form
+        <var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>.
       </p>
 
       <p>
-        TBD: exact semantics.  For now only Ethernet port security is
-        implemented.
+       This specification will be extended to support L3 port security.
       </p>
     </column>
 
@@ -220,12 +219,24 @@
           ICMP unreachable message for other IP-based protocols.
         </li>
       </ul>
+
+      <p>
+       Only <code>allow</code> and <code>drop</code> are implemented:
+       <code>allow-related</code> is currently treated as <code>allow</code>,
+       and <code>reject</code> as <code>drop</code>.
+      </p>
     </column>
 
     <column name="log">
-      If set to <code>true</code>, packets that match the ACL will trigger a
-      log message on the transport node or nodes that perform ACL processing.
-      Logging may be combined with any <ref column="action"/>.
+      <p>
+       If set to <code>true</code>, packets that match the ACL will trigger a
+       log message on the transport node or nodes that perform ACL processing.
+       Logging may be combined with any <ref column="action"/>.
+      </p>
+
+      <p>
+       Logging is not yet implemented.
+      </p>
     </column>
 
     <group title="Common Columns">