Revert "update agent.md"

This reverts commit a7e591f.

Author: oilbeater

AGENTS.md

@@ -11,10 +11,9 @@
 - `make lint` – run `golangci-lint` plus Go “modernize”; auto-fixes when not in CI.  
 - `make ut` – run unit tests: Ginkgo suites in `test/unittest` and `go test` with coverage for `pkg`.  
 
-## General Coding Style
-- Every time after editing code. MUST run `make lint` to detect and fix potential lint issues.
-- When modifying code, try to clean up any related code logic that is no longer needed.
+## Coding Style & Naming Conventions
 - Follow `CODE_STYLE.md`: camelCase identifiers, keep functions short (~100 lines), return/log errors instead of discarding, and prefer `if err := ...; err != nil` patterns.  
+- Run `make lint` to detect and fix potential lint issues.
 
 ## Adding a New Feature
 - Plan first: clarify any uncertainties and confirm the approach before making changes.

pkg/ovs/ovn-nb-acl.go

@@ -328,19 +328,13 @@ func (c *OVNNbClient) CreateGatewayACL(lsName, pgName, gateway, u2oInterconnecti
 	}
 
 	if v6Exists {
-		icmpv6EgressACL, err := c.newACL(parentName, ovnnb.ACLDirectionFromLport, util.EgressAllowPriority, "icmp6", ovnnb.ACLActionAllowStateless, util.NetpolACLTier, options)
+		ndACL, err := c.newACL(parentName, ovnnb.ACLDirectionFromLport, util.EgressAllowPriority, "nd || nd_ra || nd_rs", ovnnb.ACLActionAllowStateless, util.NetpolACLTier, options)
 		if err != nil {
 			klog.Error(err)
-			return fmt.Errorf("new icmpv6 egress acl for %s: %w", parentName, err)
+			return fmt.Errorf("new nd acl for %s: %w", parentName, err)
 		}
 
-		icmpv6IngressACL, err := c.newACL(parentName, ovnnb.ACLDirectionToLport, util.IngressAllowPriority, "icmp6", ovnnb.ACLActionAllowStateless, util.NetpolACLTier)
-		if err != nil {
-			klog.Error(err)
-			return fmt.Errorf("new icmpv6 ingress acl for %s: %w", parentName, err)
-		}
-
-		acls = append(acls, icmpv6EgressACL, icmpv6IngressACL)
+		acls = append(acls, ndACL)
 	}
 
 	if err := c.CreateAcls(parentName, parentType, acls...); err != nil {

pkg/ovs/ovn-nb-acl_test.go

@@ -503,15 +503,14 @@ func (suite *OvnClientTestSuite) testCreateGatewayACL() {
 			checkACL(parent, ovnnb.ACLDirectionFromLport, util.EgressAllowPriority, match, map[string]string{
 				"apply-after-lb": "true",
 			})
-		}
-	}
 
-	expectICMPv6 := func(parent any) {
-		match := "icmp6"
-		checkACL(parent, ovnnb.ACLDirectionFromLport, util.EgressAllowPriority, match, map[string]string{
-			"apply-after-lb": "true",
-		})
-		checkACL(parent, ovnnb.ACLDirectionToLport, util.IngressAllowPriority, match, nil)
+			if ipSuffix == "ip6" {
+				match = "nd || nd_ra || nd_rs"
+				checkACL(parent, ovnnb.ACLDirectionFromLport, util.EgressAllowPriority, match, map[string]string{
+					"apply-after-lb": "true",
+				})
+			}
+		}
 	}
 
 	t.Run("add acl to pg", func(t *testing.T) {
@@ -531,10 +530,9 @@ func (suite *OvnClientTestSuite) testCreateGatewayACL() {
 
 			pg, err := nbClient.GetPortGroup(pgName, false)
 			require.NoError(t, err)
-			require.Len(t, pg.ACLs, 6)
+			require.Len(t, pg.ACLs, 5)
 
 			expect(pg, gateway)
-			expectICMPv6(pg)
 		})
 
 		t.Run("gateway's protocol is dual with u2oInterconnectionIP", func(t *testing.T) {
@@ -552,7 +550,7 @@ func (suite *OvnClientTestSuite) testCreateGatewayACL() {
 
 			pg, err := nbClient.GetPortGroup(pgName, false)
 			require.NoError(t, err)
-			require.Len(t, pg.ACLs, 10)
+			require.Len(t, pg.ACLs, 9)
 
 			expect(pg, gateway)
 			expect(pg, u2oInterconnectionIP)
@@ -612,12 +610,12 @@ func (suite *OvnClientTestSuite) testCreateGatewayACL() {
 
 			pg, err := nbClient.GetPortGroup(pgName, false)
 			require.NoError(t, err)
-			require.Len(t, pg.ACLs, 4)
+			require.Len(t, pg.ACLs, 3)
 
 			expect(pg, gateway)
 		})
 
-		t.Run("gateway's protocol is ipv6 with u2oInterconnectionIP", func(t *testing.T) {
+		t.Run("gateway's protocol is ipv6", func(t *testing.T) {
 			t.Parallel()
 
 			pgName := "test_create_gw_acl_pg_v6_u2oInterconnectionIP"
@@ -632,11 +630,10 @@ func (suite *OvnClientTestSuite) testCreateGatewayACL() {
 
 			pg, err := nbClient.GetPortGroup(pgName, false)
 			require.NoError(t, err)
-			require.Len(t, pg.ACLs, 6)
+			require.Len(t, pg.ACLs, 5)
 
 			expect(pg, gateway)
 			expect(pg, u2oInterconnectionIP)
-			expectICMPv6(pg)
 		})
 	})
 
@@ -657,10 +654,9 @@ func (suite *OvnClientTestSuite) testCreateGatewayACL() {
 
 			ls, err := nbClient.GetLogicalSwitch(lsName, false)
 			require.NoError(t, err)
-			require.Len(t, ls.ACLs, 6)
+			require.Len(t, ls.ACLs, 5)
 
 			expect(ls, gateway)
-			expectICMPv6(ls)
 		})
 	})