On 2/8/22 18:25, Numan Siddique wrote: > On Wed, Feb 2, 2022 at 5:17 PM Mark Michelson <[email protected]> wrote: >> >> Acked-by: Mark Michelson <[email protected]> >> >> On 2/2/22 12:26, Dumitru Ceara wrote: >>> It's useful to differentiate between ingress and egress pipelines in the >>> ACL logs. To achieve this we expand the "log()" logical action and pass >>> an optional direction. >>> >>> This behavior change is implemented in a backwards compatible way such >>> that it doesn't break existing deployments even in the case when >>> ovn-northd gets updated before ovn-controller. >>> >>> To achieve this, ovn-northd determines first if all chassis in the >>> cluster have been upgraded to a version that supports the new "log()" >>> action format. >>> >>> Reported-at: https://bugzilla.redhat.com/show_bug.cgi?id=1992641 >>> Signed-off-by: Dumitru Ceara <[email protected]> >>> --- >>> v2: Add the "direction" after the "verdict" and "severity" fields in the >>> ACL logs. > > Hi Dumitru, > > Thanks for the patch. The patch LGTM. > > I've an alternate suggestion to log the direction. > When the packet is received by ovn-controller, it can determine the > open flow table id from the table_id field of 'struct > ofputil_packet_in'. > From the open flow table id, it should be simple enough to figure out > if this is from ingress or egress direction. > > If we take this approach, we don't have to make any changes to the > 'acl_log' OVN action. > > Let me know what you think. >
You're right this is way better, thanks for the suggestion! I sent a v3: http://patchwork.ozlabs.org/project/ovn/list/?series=285670 Thanks, Dumitru _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
