@@ -17,6 +17,10 @@ Post v24.03.0
external-ids, the option is no longer needed as it became effectively
"true" for all scenarios.
- Added DHCPv4 relay support.
+ - The "options:ic-route-blacklist" option in the Northbound NB_Global table
+ has been renamed to "options:ic-route-denylist" in order to comply with
+ inclusive language guidelines. The previous name is still recognized to
+ aid with backwards compatibility.
OVN v24.03.0 - 01 Mar 2024
--------------------------
@@ -1029,24 +1029,27 @@ prefix_is_link_local(struct in6_addr *prefix, unsigned int plen)
}
static bool
-prefix_is_black_listed(const struct smap *nb_options,
- struct in6_addr *prefix,
- unsigned int plen)
+prefix_is_deny_listed(const struct smap *nb_options,
+ struct in6_addr *prefix,
+ unsigned int plen)
{
- const char *blacklist = smap_get(nb_options, "ic-route-blacklist");
- if (!blacklist || !blacklist[0]) {
- return false;
+ const char *denylist = smap_get(nb_options, "ic-route-denylist");
+ if (!denylist || !denylist[0]) {
+ denylist = smap_get(nb_options, "ic-route-blacklist");
+ if (!denylist || !denylist[0]) {
+ return false;
+ }
}
struct in6_addr bl_prefix;
unsigned int bl_plen;
char *cur, *next, *start;
- next = start = xstrdup(blacklist);
+ next = start = xstrdup(denylist);
bool matched = false;
while ((cur = strsep(&next, ",")) && *cur) {
if (!ip46_parse_cidr(cur, &bl_prefix, &bl_plen)) {
static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(5, 1);
VLOG_WARN_RL(&rl, "Bad format in nb_global options:"
- "ic-route-blacklist: %s. CIDR expected.", cur);
+ "ic-route-denylist: %s. CIDR expected.", cur);
continue;
}
@@ -1109,7 +1112,7 @@ route_need_advertise(const char *policy,
return false;
}
- if (prefix_is_black_listed(nb_options, prefix, plen)) {
+ if (prefix_is_deny_listed(nb_options, prefix, plen)) {
return false;
}
return true;
@@ -1281,7 +1284,7 @@ route_need_learn(const struct nbrec_logical_router *lr,
return false;
}
- if (prefix_is_black_listed(nb_options, prefix, plen)) {
+ if (prefix_is_deny_listed(nb_options, prefix, plen)) {
return false;
}
@@ -442,7 +442,7 @@
<code>ic-route-learn</code> is <code>true</code>.
</column>
- <column name="options" key="ic-route-blacklist">
+ <column name="options" key="ic-route-denylist">
A string value contains a list of CIDRs delimited by ",". A route
will not be advertised or learned if the route's prefix belongs to
any of the CIDRs listed.
@@ -354,11 +354,11 @@ add_pmd_of_ports () {
m4_divert_pop([PREPARE_TESTS])
-# OVS_VSWITCHD_STOP([WHITELIST])
+# OVS_VSWITCHD_STOP([ALLOWLIST])
#
# Gracefully stops ovs-vswitchd and ovsdb-server, checking their log files
# for messages with severity WARN or higher and signaling an error if any
-# is present. The optional WHITELIST may contain shell-quoted "sed"
+# is present. The optional ALLOWLIST may contain shell-quoted "sed"
# commands to delete any warnings that are actually expected, e.g.:
#
# OVS_VSWITCHD_STOP(["/expected error/d"])
@@ -57,7 +57,7 @@ m4_define([OVN_CONTROLLER_VTEP_START], [
--ovnsb-db=unix:$ovs_base/ovn-sb/ovn-sb.sock
])
-# OVN_CONTROLLER_VTEP_STOP(WHITELIST, SIM_NAME)
+# OVN_CONTROLLER_VTEP_STOP(ALLOWLIST, SIM_NAME)
#
# $1 - (optional) passed to check_logs()
# $2 - (optional) simulator name
@@ -524,14 +524,14 @@ OVS_WAIT_UNTIL([ovn_as az2 ovn-nbctl lr-route-list lr2 | grep learned | grep 192
ovn_as az1 ovn-nbctl lrp-del lrp-lr1-ls1
OVS_WAIT_WHILE([ovn_as az2 ovn-nbctl lr-route-list lr2 | grep learned | grep 192.168])
-# Test blacklist routes
+# Test denylist routes
# Add back the directly connected 192.168 route.
ovn_as az1 ovn-nbctl lrp-add lr1 lrp-lr1-ls1 aa:aa:aa:aa:bb:01 "192.168.0.1/24"
OVS_WAIT_UNTIL([ovn_as az2 ovn-nbctl lr-route-list lr2 | grep learned | grep 192.168])
# Ensure AZ1 learned AZ2's 10.11.2.0 route as well.
OVS_WAIT_UNTIL([ovn_as az1 ovn-nbctl lr-route-list lr1 | grep learned | grep 10.11])
# Now black list 10.11.0.0/16 and 192.168.0.0/16 in AZ2.
-ovn_as az2 ovn-nbctl set nb_global . options:ic-route-blacklist="10.11.0.0/16,192.168.0.0/16"
+ovn_as az2 ovn-nbctl set nb_global . options:ic-route-denylist="10.11.0.0/16,192.168.0.0/16"
# AZ2 shouldn't learn 192.168 route any more.
OVS_WAIT_WHILE([ovn_as az2 ovn-nbctl lr-route-list lr2 | grep learned | grep 192.168])
# AZ1 shouldn't learn 10.11 any more.
@@ -554,8 +554,8 @@ for i in 1 2; do
ovn-nbctl set nb_global . options:ic-route-learn=true
# Ensure route advertising at AZ level
ovn-nbctl set nb_global . options:ic-route-adv=true
- # Drop blacklist
- ovn-nbctl remove nb_global . options ic-route-blacklist
+ # Drop denylist
+ ovn-nbctl remove nb_global . options ic-route-denylist
for j in 1 2; do
ts=ts$j$j
@@ -860,12 +860,12 @@ Route Table rtb1:
ovn_as az1 ovn-nbctl lrp-del lrp-lr1-ls1
OVS_WAIT_WHILE([ovn_as az2 ovn-nbctl lr-route-list lr2 | grep learned | grep 192.168])
-# Test blacklist routes
+# Test denylist routes
# Add back the directly connected 192.168 route.
ovn_as az1 ovn-nbctl lrp-add lr1 lrp-lr1-ls1 aa:aa:aa:aa:bb:01 "192.168.0.1/24"
OVS_WAIT_UNTIL([ovn_as az2 ovn-nbctl lr-route-list lr2 | grep learned | grep 192.168])
-# Now add 10.11.0.0/16 and 192.168.0.0/16 to blacklist in AZ2.
-check ovn_as az2 ovn-nbctl set nb_global . options:ic-route-blacklist="10.11.0.0/16,192.168.0.0/16"
+# Now add 10.11.0.0/16 and 192.168.0.0/16 to denylist in AZ2.
+check ovn_as az2 ovn-nbctl set nb_global . options:ic-route-denylist="10.11.0.0/16,192.168.0.0/16"
# AZ2 shouldn't learn 192.168 route any more.
OVS_WAIT_WHILE([ovn_as az2 ovn-nbctl lr-route-list lr2 | grep learned | grep 192.168])
# AZ1 shouldn't learn 10.11 any more.
@@ -1324,8 +1324,8 @@ AT_CLEANUP
])
OVN_FOR_EACH_NORTHD([
-AT_SETUP([ovn-ic -- route sync -- IPv6 blacklist filter])
-AT_KEYWORDS([IPv6-route-sync-blacklist])
+AT_SETUP([ovn-ic -- route sync -- IPv6 denylist filter])
+AT_KEYWORDS([IPv6-route-sync-denylist])
ovn_init_ic_db
check ovn-ic-nbctl ts-add ts1
@@ -1338,8 +1338,8 @@ for i in 1 2; do
check ovn-nbctl set nb_global . options:ic-route-learn=true
# Enable route advertising at AZ level
check ovn-nbctl set nb_global . options:ic-route-adv=true
- # Enable blacklist single filter for IPv6
- check ovn-nbctl set nb_global . options:ic-route-blacklist=" \
+ # Enable denylist single filter for IPv6
+ check ovn-nbctl set nb_global . options:ic-route-denylist=" \
2003:db8:1::/64,2004:aaaa::/32,2005:1234::/21"
check ovn-ic-nbctl --wait=sb sync
@@ -1355,7 +1355,7 @@ for i in 1 2; do
check ovn-nbctl lrp-add lr$i lrp-lr$i-p$i 00:00:00:00:00:0$i \
2002:db8:1::$i/64
- # Create blacklisted LRPs and connect to TS
+ # Create denylisted LRPs and connect to TS
check ovn-nbctl lrp-add lr$i lrp-lr$i-p-ext$i \
11:11:11:11:11:1$i 2003:db8:1::$i/64
@@ -1381,8 +1381,8 @@ AT_CHECK([ovn_as az1 ovn-nbctl lr-route-list lr1 |
for i in 1 2; do
ovn_as az$i
- # Drop blacklist
- check ovn-nbctl remove nb_global . options ic-route-blacklist
+ # Drop denylist
+ check ovn-nbctl remove nb_global . options ic-route-denylist
done
check ovn-ic-nbctl --wait=sb sync
@@ -1399,9 +1399,9 @@ for i in 1 2; do
ovn_as az$i
check ovn-nbctl set nb_global . \
- options:ic-route-blacklist="2003:db8:1::/64,2004:db8:1::/64"
+ options:ic-route-denylist="2003:db8:1::/64,2004:db8:1::/64"
- # Create an 'extra' blacklisted LRP and connect to TS
+ # Create an 'extra' denylisted LRP and connect to TS
check ovn-nbctl lrp-add lr$i lrp-lr$i-p-ext5$i \
55:55:55:55:55:5$i 2004:db8:1::$i/64
done
@@ -32,11 +32,11 @@ m4_define([OVS_TRAFFIC_VSWITCHD_START],
fi
])
-# OVS_TRAFFIC_VSWITCHD_STOP([WHITELIST], [extra_cmds])
+# OVS_TRAFFIC_VSWITCHD_STOP([ALLOWLIST], [extra_cmds])
#
# Gracefully stops ovs-vswitchd and ovsdb-server, checking their log files
# for messages with severity WARN or higher and signaling an error if any
-# is present. The optional WHITELIST may contain shell-quoted "sed"
+# is present. The optional ALLOWLIST may contain shell-quoted "sed"
# commands to delete any warnings that are actually expected, e.g.:
#
# OVS_TRAFFIC_VSWITCHD_STOP(["/expected error/d"])
@@ -24,11 +24,11 @@ m4_define([OVS_TRAFFIC_VSWITCHD_START],
fi
])
-# OVS_TRAFFIC_VSWITCHD_STOP([WHITELIST], [extra_cmds])
+# OVS_TRAFFIC_VSWITCHD_STOP([ALLOWLIST], [extra_cmds])
#
# Gracefully stops ovs-vswitchd and ovsdb-server, checking their log files
# for messages with severity WARN or higher and signaling an error if any
-# is present. The optional WHITELIST may contain shell-quoted "sed"
+# is present. The optional ALLOWLIST may contain shell-quoted "sed"
# commands to delete any warnings that are actually expected, e.g.:
#
# OVS_TRAFFIC_VSWITCHD_STOP(["/expected error/d"])
This commit changes the word "blacklist" to "denylist" throughout the code. It also changes the word "whitelist" to "allowlist" throughout the code. The option "ic-route-blacklist" in the northbound global options has been renamed to "ic-route-denylist", but the old option name is still accepted in order to maintain backwards compatibility. The old option name is no longer documented, however. Signed-off-by: Mark Michelson <mmichels@redhat.com> --- NEWS | 4 ++++ ic/ovn-ic.c | 23 +++++++++++++---------- ovn-nb.xml | 2 +- tests/ofproto-macros.at | 4 ++-- tests/ovn-controller-vtep.at | 2 +- tests/ovn-ic.at | 32 ++++++++++++++++---------------- tests/system-kmod-macros.at | 4 ++-- tests/system-userspace-macros.at | 4 ++-- 8 files changed, 41 insertions(+), 34 deletions(-)