Message ID | 20240301200403.2079022-1-mmichels@redhat.com |
---|---|
State | Changes Requested |
Headers | show |
Series | [ovs-dev] acl-log: Properly log the "pass" verdict. | expand |
Context | Check | Description |
---|---|---|
ovsrobot/apply-robot | success | apply and check: success |
ovsrobot/github-robot-_Build_and_Test | success | github build: passed |
ovsrobot/github-robot-_ovn-kubernetes | success | github build: passed |
On Fri, Mar 1, 2024 at 9:05 PM Mark Michelson <mmichels@redhat.com> wrote: > The "pass" verdict was not explicitly defined in the list of verdicts > for ACL logging. This resulted in logs saying "Syntax error at `pass' > unknown verdict." > > This change adds the "pass" verdict explicitly so that it shows up as a > proper log in ovn-controller. > > Reported-at: https://issues.redhat.com/browse/FDP-442 > Signed-off-by: Mark Michelson <mmichels@redhat.com> > --- > lib/acl-log.c | 4 +++- > lib/acl-log.h | 1 + > lib/actions.c | 2 ++ > 3 files changed, 6 insertions(+), 1 deletion(-) > > diff --git a/lib/acl-log.c b/lib/acl-log.c > index 9530dd763..b3eb4bbd0 100644 > --- a/lib/acl-log.c > +++ b/lib/acl-log.c > @@ -34,7 +34,9 @@ log_verdict_to_string(uint8_t verdict) > return "drop"; > } else if (verdict == LOG_VERDICT_REJECT) { > return "reject"; > - } else { > + } else if (verdict == LOG_VERDICT_PASS) { > + return "pass"; > + } else { > return "<unknown>"; > } > } > diff --git a/lib/acl-log.h b/lib/acl-log.h > index da7fa2f02..3973a8e0b 100644 > --- a/lib/acl-log.h > +++ b/lib/acl-log.h > @@ -33,6 +33,7 @@ enum log_verdict { > LOG_VERDICT_ALLOW, > LOG_VERDICT_DROP, > LOG_VERDICT_REJECT, > + LOG_VERDICT_PASS, > LOG_VERDICT_UNKNOWN = UINT8_MAX > }; > > diff --git a/lib/actions.c b/lib/actions.c > index a45874dfb..99aa563f2 100644 > --- a/lib/actions.c > +++ b/lib/actions.c > @@ -3570,6 +3570,8 @@ parse_log_arg(struct action_context *ctx, struct > ovnact_log *log) > log->verdict = LOG_VERDICT_REJECT; > } else if (lexer_match_id(ctx->lexer, "allow")) { > log->verdict = LOG_VERDICT_ALLOW; > + } else if (lexer_match_id(ctx->lexer, "pass")) { > + log->verdict = LOG_VERDICT_PASS; > } else { > lexer_syntax_error(ctx->lexer, "unknown verdict"); > return; > -- > 2.43.0 > > _______________________________________________ > dev mailing list > dev@openvswitch.org > https://mail.openvswitch.org/mailman/listinfo/ovs-dev > > Hi Mark, could you please add a case for this to the "action parsing" test? Thanks, Ales
diff --git a/lib/acl-log.c b/lib/acl-log.c index 9530dd763..b3eb4bbd0 100644 --- a/lib/acl-log.c +++ b/lib/acl-log.c @@ -34,7 +34,9 @@ log_verdict_to_string(uint8_t verdict) return "drop"; } else if (verdict == LOG_VERDICT_REJECT) { return "reject"; - } else { + } else if (verdict == LOG_VERDICT_PASS) { + return "pass"; + } else { return "<unknown>"; } } diff --git a/lib/acl-log.h b/lib/acl-log.h index da7fa2f02..3973a8e0b 100644 --- a/lib/acl-log.h +++ b/lib/acl-log.h @@ -33,6 +33,7 @@ enum log_verdict { LOG_VERDICT_ALLOW, LOG_VERDICT_DROP, LOG_VERDICT_REJECT, + LOG_VERDICT_PASS, LOG_VERDICT_UNKNOWN = UINT8_MAX }; diff --git a/lib/actions.c b/lib/actions.c index a45874dfb..99aa563f2 100644 --- a/lib/actions.c +++ b/lib/actions.c @@ -3570,6 +3570,8 @@ parse_log_arg(struct action_context *ctx, struct ovnact_log *log) log->verdict = LOG_VERDICT_REJECT; } else if (lexer_match_id(ctx->lexer, "allow")) { log->verdict = LOG_VERDICT_ALLOW; + } else if (lexer_match_id(ctx->lexer, "pass")) { + log->verdict = LOG_VERDICT_PASS; } else { lexer_syntax_error(ctx->lexer, "unknown verdict"); return;
The "pass" verdict was not explicitly defined in the list of verdicts for ACL logging. This resulted in logs saying "Syntax error at `pass' unknown verdict." This change adds the "pass" verdict explicitly so that it shows up as a proper log in ovn-controller. Reported-at: https://issues.redhat.com/browse/FDP-442 Signed-off-by: Mark Michelson <mmichels@redhat.com> --- lib/acl-log.c | 4 +++- lib/acl-log.h | 1 + lib/actions.c | 2 ++ 3 files changed, 6 insertions(+), 1 deletion(-)