Loading...

XML

Word

Printable

Type: Bug
Resolution: Obsolete
Priority: Undefined
Fix Version/s: None
Affects Version/s: None
Component/s: ovn23.06
Labels:
- fast-datapath-rhel-9

Story Points:
1
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Ready:
False
Pool Team:

rhel-sst-network-fastdatapath
Intelligence Requested:
Market:
Sub-System Group:

ssg_networking

SFDC Cases Links:
SFDC Cases Counter:
SFDC Cases Open:

2024-03-01T19:42:52.182Z|00182|lflow|WARN|error parsing actions "log(name="ANP:harry-potter:Egress:2", severity=alert, verdict=pass, meter="acl-logging__952541b6-a236-44e7-9ecc-2312fa5b805b"); next;": Syntax error at `pass' unknown verdict.

ACL:

_uuid               : afbd6cc9-1abc-4795-aa73-0fa3cda2568f
action              : pass
direction           : from-lport
external_ids        : {direction=Egress, gress-index="2", "k8s.ovn.org/id"="default-network-controller:AdminNetworkPolicy:harry-potter:Egress:2:None", "k8s.ovn.org/name"=harry-potter, "k8s.ovn.org/owner-controller"=default-network-controller, "k8s.ovn.org/owner-type"=AdminNetworkPolicy, port-policy-protocol=None}
label               : 0
log                 : true
match               : "((ip4.dst == $a5088817789461188379)) && inport == @a3602609661093065011"
meter               : acl-logging
name                : "ANP:harry-potter:Egress:2"
options             : {apply-after-lb="true"}
priority            : 28998
severity            : alert
tier                : 1

lflow-list:

sh-5.2# ovn-sbctl lflow-list | grep log
  table=18(ls_in_acl_after_lb_eval), priority=30000, match=(reg8[30..31] == 1 && reg0[7] == 1 && (((ip4.dst == $a10866219164408727385)) && inport == @a3602609661093065011)), action=(log(name="ANP:harry-potter:Egress:0", severity=alert, verdict=allow, meter="acl-logging__c2678566-6874-4484-8e76-8cd816641654"); reg8[16] = 1; reg0[1] = 1; next;)
  table=18(ls_in_acl_after_lb_eval), priority=30000, match=(reg8[30..31] == 1 && reg0[8] == 1 && (((ip4.dst == $a10866219164408727385)) && inport == @a3602609661093065011)), action=(log(name="ANP:harry-potter:Egress:0", severity=alert, verdict=allow, meter="acl-logging__c2678566-6874-4484-8e76-8cd816641654"); reg8[16] = 1; next;)
  table=18(ls_in_acl_after_lb_eval), priority=29999, match=(reg8[30..31] == 1 && reg0[10] == 1 && (((ip4.dst == $a423418325518039268)) && inport == @a3602609661093065011)), action=(log(name="ANP:harry-potter:Egress:1", severity=alert, verdict=drop, meter="acl-logging__6d15a178-e3cf-4b11-bd3b-03ac662f8426"); reg8[17] = 1; ct_commit { ct_mark.blocked = 1; }; next;)
  table=18(ls_in_acl_after_lb_eval), priority=29999, match=(reg8[30..31] == 1 && reg0[9] == 1 && (((ip4.dst == $a423418325518039268)) && inport == @a3602609661093065011)), action=(log(name="ANP:harry-potter:Egress:1", severity=alert, verdict=drop, meter="acl-logging__6d15a178-e3cf-4b11-bd3b-03ac662f8426"); reg8[17] = 1; next;)
  table=18(ls_in_acl_after_lb_eval), priority=29998, match=(reg8[30..31] == 1 && (((ip4.dst == $a5088817789461188379)) && inport == @a3602609661093065011)), action=(log(name="ANP:harry-potter:Egress:2", severity=alert, verdict=pass, meter="acl-logging__952541b6-a236-44e7-9ecc-2312fa5b805b"); next;)

clones

FDP-442 ovn-controller is not logging ACL whose verdict is of type Pass

Dev Complete

Assignee:: Mark Michelson

Reporter:: OVN Team

QA Contact:: Jianlin Shi

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 2024/04/05 4:06 AM

Updated:: 2024/10/29 6:33 PM

Resolved:: 2024/10/29 6:33 PM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates