From patchwork Tue May 7 20:15:43 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Michelson X-Patchwork-Id: 1932640 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=huysfoIZ; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=2605:bc80:3010::136; helo=smtp3.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=patchwork.ozlabs.org) Received: from smtp3.osuosl.org (smtp3.osuosl.org [IPv6:2605:bc80:3010::136]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4VYqKn4zQcz1xnT for ; Wed, 8 May 2024 06:16:13 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by smtp3.osuosl.org (Postfix) with ESMTP id 61ED160BB4; Tue, 7 May 2024 20:16:09 +0000 (UTC) X-Virus-Scanned: amavis at osuosl.org Received: from smtp3.osuosl.org ([127.0.0.1]) by localhost (smtp3.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP id nsSTiekOWDL6; Tue, 7 May 2024 20:16:05 +0000 (UTC) X-Comment: SPF check N/A for local connections - client-ip=2605:bc80:3010:104::8cd3:938; helo=lists.linuxfoundation.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver= DKIM-Filter: OpenDKIM Filter v2.11.0 smtp3.osuosl.org E597360BC3 Authentication-Results: smtp3.osuosl.org; dkim=fail reason="signature verification failed" (1024-bit key) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=huysfoIZ Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [IPv6:2605:bc80:3010:104::8cd3:938]) by smtp3.osuosl.org (Postfix) with ESMTPS id E597360BC3; Tue, 7 May 2024 20:16:03 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 7A252C0077; Tue, 7 May 2024 20:16:03 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from smtp4.osuosl.org (smtp4.osuosl.org [IPv6:2605:bc80:3010::137]) by lists.linuxfoundation.org (Postfix) with ESMTP id 94593C0DD9 for ; Tue, 7 May 2024 20:16:01 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp4.osuosl.org (Postfix) with ESMTP id 60DDC4085A for ; Tue, 7 May 2024 20:16:01 +0000 (UTC) X-Virus-Scanned: amavis at osuosl.org Received: from smtp4.osuosl.org ([127.0.0.1]) by localhost (smtp4.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP id PNrqaWhI8cXB for ; Tue, 7 May 2024 20:15:58 +0000 (UTC) Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=170.10.133.124; helo=us-smtp-delivery-124.mimecast.com; envelope-from=mmichels@redhat.com; receiver= DMARC-Filter: OpenDMARC Filter v1.4.2 smtp4.osuosl.org 52E6740499 Authentication-Results: smtp4.osuosl.org; dmarc=pass (p=none dis=none) header.from=redhat.com DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org 52E6740499 Authentication-Results: smtp4.osuosl.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=huysfoIZ Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by smtp4.osuosl.org (Postfix) with ESMTPS id 52E6740499 for ; Tue, 7 May 2024 20:15:58 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1715112957; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=J/YbNH15fZlxFKHlOuHhy7UQ7gTXe1XDTCz9f/yV+qM=; b=huysfoIZ92rRhGIZ/we3tiD845/wpIrIhNcit8nxPjHobUVOYj2Mp6kBZjUqzpJbtE+VVU SUOSSQlPq+d64FcL+JL0vciB2n6P1d687Z7FW3plPkgrx6KFu+MRsbyJVB83tI9ppOJJkp 1kWsgSzkA6Jp3fJ7V300Grd7YsAQsic= Received: from mimecast-mx02.redhat.com (mx-ext.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-230-EReOvRjyO3GS8eNZ1sghTQ-1; Tue, 07 May 2024 16:15:54 -0400 X-MC-Unique: EReOvRjyO3GS8eNZ1sghTQ-1 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.rdu2.redhat.com [10.11.54.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 6D96D3802126 for ; Tue, 7 May 2024 20:15:54 +0000 (UTC) Received: from localhost.redhat.com (ovpn-0-20.rdu2.redhat.com [10.22.0.20]) by smtp.corp.redhat.com (Postfix) with ESMTP id 1E2FF3C25 for ; Tue, 7 May 2024 20:15:53 +0000 (UTC) From: Mark Michelson To: dev@openvswitch.org Date: Tue, 7 May 2024 16:15:43 -0400 Message-ID: <20240507201551.1455437-4-mmichels@redhat.com> In-Reply-To: <20240507201551.1455437-1-mmichels@redhat.com> References: <20240507201551.1455437-1-mmichels@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.4.1 on 10.11.54.1 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Subject: [ovs-dev] [PATCH ovn 3/4] Inclusive language substitutions: "blacklist/whitelist". X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" This commit changes the word "blacklist" to "denylist" throughout the code. It also changes the word "whitelist" to "allowlist" throughout the code. The option "ic-route-blacklist" in the northbound global options has been renamed to "ic-route-denylist", but the old option name is still accepted in order to maintain backwards compatibility. The old option name is no longer documented, however. Signed-off-by: Mark Michelson --- NEWS | 4 ++++ ic/ovn-ic.c | 23 +++++++++++++---------- ovn-nb.xml | 2 +- tests/ofproto-macros.at | 4 ++-- tests/ovn-controller-vtep.at | 2 +- tests/ovn-ic.at | 32 ++++++++++++++++---------------- tests/system-kmod-macros.at | 4 ++-- tests/system-userspace-macros.at | 4 ++-- 8 files changed, 41 insertions(+), 34 deletions(-) diff --git a/NEWS b/NEWS index 3b5e93dc9..b2df43b3a 100644 --- a/NEWS +++ b/NEWS @@ -17,6 +17,10 @@ Post v24.03.0 external-ids, the option is no longer needed as it became effectively "true" for all scenarios. - Added DHCPv4 relay support. + - The "options:ic-route-blacklist" option in the Northbound NB_Global table + has been renamed to "options:ic-route-denylist" in order to comply with + inclusive language guidelines. The previous name is still recognized to + aid with backwards compatibility. OVN v24.03.0 - 01 Mar 2024 -------------------------- diff --git a/ic/ovn-ic.c b/ic/ovn-ic.c index e947323bf..3fd74ecba 100644 --- a/ic/ovn-ic.c +++ b/ic/ovn-ic.c @@ -1029,24 +1029,27 @@ prefix_is_link_local(struct in6_addr *prefix, unsigned int plen) } static bool -prefix_is_black_listed(const struct smap *nb_options, - struct in6_addr *prefix, - unsigned int plen) +prefix_is_deny_listed(const struct smap *nb_options, + struct in6_addr *prefix, + unsigned int plen) { - const char *blacklist = smap_get(nb_options, "ic-route-blacklist"); - if (!blacklist || !blacklist[0]) { - return false; + const char *denylist = smap_get(nb_options, "ic-route-denylist"); + if (!denylist || !denylist[0]) { + denylist = smap_get(nb_options, "ic-route-blacklist"); + if (!denylist || !denylist[0]) { + return false; + } } struct in6_addr bl_prefix; unsigned int bl_plen; char *cur, *next, *start; - next = start = xstrdup(blacklist); + next = start = xstrdup(denylist); bool matched = false; while ((cur = strsep(&next, ",")) && *cur) { if (!ip46_parse_cidr(cur, &bl_prefix, &bl_plen)) { static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(5, 1); VLOG_WARN_RL(&rl, "Bad format in nb_global options:" - "ic-route-blacklist: %s. CIDR expected.", cur); + "ic-route-denylist: %s. CIDR expected.", cur); continue; } @@ -1109,7 +1112,7 @@ route_need_advertise(const char *policy, return false; } - if (prefix_is_black_listed(nb_options, prefix, plen)) { + if (prefix_is_deny_listed(nb_options, prefix, plen)) { return false; } return true; @@ -1281,7 +1284,7 @@ route_need_learn(const struct nbrec_logical_router *lr, return false; } - if (prefix_is_black_listed(nb_options, prefix, plen)) { + if (prefix_is_deny_listed(nb_options, prefix, plen)) { return false; } diff --git a/ovn-nb.xml b/ovn-nb.xml index 3382d4db6..15976b95a 100644 --- a/ovn-nb.xml +++ b/ovn-nb.xml @@ -442,7 +442,7 @@ ic-route-learn is true. - + A string value contains a list of CIDRs delimited by ",". A route will not be advertised or learned if the route's prefix belongs to any of the CIDRs listed. diff --git a/tests/ofproto-macros.at b/tests/ofproto-macros.at index 31a067c1e..ab73e50d9 100644 --- a/tests/ofproto-macros.at +++ b/tests/ofproto-macros.at @@ -354,11 +354,11 @@ add_pmd_of_ports () { m4_divert_pop([PREPARE_TESTS]) -# OVS_VSWITCHD_STOP([WHITELIST]) +# OVS_VSWITCHD_STOP([ALLOWLIST]) # # Gracefully stops ovs-vswitchd and ovsdb-server, checking their log files # for messages with severity WARN or higher and signaling an error if any -# is present. The optional WHITELIST may contain shell-quoted "sed" +# is present. The optional ALLOWLIST may contain shell-quoted "sed" # commands to delete any warnings that are actually expected, e.g.: # # OVS_VSWITCHD_STOP(["/expected error/d"]) diff --git a/tests/ovn-controller-vtep.at b/tests/ovn-controller-vtep.at index d35dbbd05..ea67c2a5c 100644 --- a/tests/ovn-controller-vtep.at +++ b/tests/ovn-controller-vtep.at @@ -57,7 +57,7 @@ m4_define([OVN_CONTROLLER_VTEP_START], [ --ovnsb-db=unix:$ovs_base/ovn-sb/ovn-sb.sock ]) -# OVN_CONTROLLER_VTEP_STOP(WHITELIST, SIM_NAME) +# OVN_CONTROLLER_VTEP_STOP(ALLOWLIST, SIM_NAME) # # $1 - (optional) passed to check_logs() # $2 - (optional) simulator name diff --git a/tests/ovn-ic.at b/tests/ovn-ic.at index ad24011f2..8e50720b1 100644 --- a/tests/ovn-ic.at +++ b/tests/ovn-ic.at @@ -524,14 +524,14 @@ OVS_WAIT_UNTIL([ovn_as az2 ovn-nbctl lr-route-list lr2 | grep learned | grep 192 ovn_as az1 ovn-nbctl lrp-del lrp-lr1-ls1 OVS_WAIT_WHILE([ovn_as az2 ovn-nbctl lr-route-list lr2 | grep learned | grep 192.168]) -# Test blacklist routes +# Test denylist routes # Add back the directly connected 192.168 route. ovn_as az1 ovn-nbctl lrp-add lr1 lrp-lr1-ls1 aa:aa:aa:aa:bb:01 "192.168.0.1/24" OVS_WAIT_UNTIL([ovn_as az2 ovn-nbctl lr-route-list lr2 | grep learned | grep 192.168]) # Ensure AZ1 learned AZ2's 10.11.2.0 route as well. OVS_WAIT_UNTIL([ovn_as az1 ovn-nbctl lr-route-list lr1 | grep learned | grep 10.11]) # Now black list 10.11.0.0/16 and 192.168.0.0/16 in AZ2. -ovn_as az2 ovn-nbctl set nb_global . options:ic-route-blacklist="10.11.0.0/16,192.168.0.0/16" +ovn_as az2 ovn-nbctl set nb_global . options:ic-route-denylist="10.11.0.0/16,192.168.0.0/16" # AZ2 shouldn't learn 192.168 route any more. OVS_WAIT_WHILE([ovn_as az2 ovn-nbctl lr-route-list lr2 | grep learned | grep 192.168]) # AZ1 shouldn't learn 10.11 any more. @@ -554,8 +554,8 @@ for i in 1 2; do ovn-nbctl set nb_global . options:ic-route-learn=true # Ensure route advertising at AZ level ovn-nbctl set nb_global . options:ic-route-adv=true - # Drop blacklist - ovn-nbctl remove nb_global . options ic-route-blacklist + # Drop denylist + ovn-nbctl remove nb_global . options ic-route-denylist for j in 1 2; do ts=ts$j$j @@ -860,12 +860,12 @@ Route Table rtb1: ovn_as az1 ovn-nbctl lrp-del lrp-lr1-ls1 OVS_WAIT_WHILE([ovn_as az2 ovn-nbctl lr-route-list lr2 | grep learned | grep 192.168]) -# Test blacklist routes +# Test denylist routes # Add back the directly connected 192.168 route. ovn_as az1 ovn-nbctl lrp-add lr1 lrp-lr1-ls1 aa:aa:aa:aa:bb:01 "192.168.0.1/24" OVS_WAIT_UNTIL([ovn_as az2 ovn-nbctl lr-route-list lr2 | grep learned | grep 192.168]) -# Now add 10.11.0.0/16 and 192.168.0.0/16 to blacklist in AZ2. -check ovn_as az2 ovn-nbctl set nb_global . options:ic-route-blacklist="10.11.0.0/16,192.168.0.0/16" +# Now add 10.11.0.0/16 and 192.168.0.0/16 to denylist in AZ2. +check ovn_as az2 ovn-nbctl set nb_global . options:ic-route-denylist="10.11.0.0/16,192.168.0.0/16" # AZ2 shouldn't learn 192.168 route any more. OVS_WAIT_WHILE([ovn_as az2 ovn-nbctl lr-route-list lr2 | grep learned | grep 192.168]) # AZ1 shouldn't learn 10.11 any more. @@ -1324,8 +1324,8 @@ AT_CLEANUP ]) OVN_FOR_EACH_NORTHD([ -AT_SETUP([ovn-ic -- route sync -- IPv6 blacklist filter]) -AT_KEYWORDS([IPv6-route-sync-blacklist]) +AT_SETUP([ovn-ic -- route sync -- IPv6 denylist filter]) +AT_KEYWORDS([IPv6-route-sync-denylist]) ovn_init_ic_db check ovn-ic-nbctl ts-add ts1 @@ -1338,8 +1338,8 @@ for i in 1 2; do check ovn-nbctl set nb_global . options:ic-route-learn=true # Enable route advertising at AZ level check ovn-nbctl set nb_global . options:ic-route-adv=true - # Enable blacklist single filter for IPv6 - check ovn-nbctl set nb_global . options:ic-route-blacklist=" \ + # Enable denylist single filter for IPv6 + check ovn-nbctl set nb_global . options:ic-route-denylist=" \ 2003:db8:1::/64,2004:aaaa::/32,2005:1234::/21" check ovn-ic-nbctl --wait=sb sync @@ -1355,7 +1355,7 @@ for i in 1 2; do check ovn-nbctl lrp-add lr$i lrp-lr$i-p$i 00:00:00:00:00:0$i \ 2002:db8:1::$i/64 - # Create blacklisted LRPs and connect to TS + # Create denylisted LRPs and connect to TS check ovn-nbctl lrp-add lr$i lrp-lr$i-p-ext$i \ 11:11:11:11:11:1$i 2003:db8:1::$i/64 @@ -1381,8 +1381,8 @@ AT_CHECK([ovn_as az1 ovn-nbctl lr-route-list lr1 | for i in 1 2; do ovn_as az$i - # Drop blacklist - check ovn-nbctl remove nb_global . options ic-route-blacklist + # Drop denylist + check ovn-nbctl remove nb_global . options ic-route-denylist done check ovn-ic-nbctl --wait=sb sync @@ -1399,9 +1399,9 @@ for i in 1 2; do ovn_as az$i check ovn-nbctl set nb_global . \ - options:ic-route-blacklist="2003:db8:1::/64,2004:db8:1::/64" + options:ic-route-denylist="2003:db8:1::/64,2004:db8:1::/64" - # Create an 'extra' blacklisted LRP and connect to TS + # Create an 'extra' denylisted LRP and connect to TS check ovn-nbctl lrp-add lr$i lrp-lr$i-p-ext5$i \ 55:55:55:55:55:5$i 2004:db8:1::$i/64 done diff --git a/tests/system-kmod-macros.at b/tests/system-kmod-macros.at index 6f6670199..1c545d082 100644 --- a/tests/system-kmod-macros.at +++ b/tests/system-kmod-macros.at @@ -32,11 +32,11 @@ m4_define([OVS_TRAFFIC_VSWITCHD_START], fi ]) -# OVS_TRAFFIC_VSWITCHD_STOP([WHITELIST], [extra_cmds]) +# OVS_TRAFFIC_VSWITCHD_STOP([ALLOWLIST], [extra_cmds]) # # Gracefully stops ovs-vswitchd and ovsdb-server, checking their log files # for messages with severity WARN or higher and signaling an error if any -# is present. The optional WHITELIST may contain shell-quoted "sed" +# is present. The optional ALLOWLIST may contain shell-quoted "sed" # commands to delete any warnings that are actually expected, e.g.: # # OVS_TRAFFIC_VSWITCHD_STOP(["/expected error/d"]) diff --git a/tests/system-userspace-macros.at b/tests/system-userspace-macros.at index 73ca2cce3..83361c0ce 100644 --- a/tests/system-userspace-macros.at +++ b/tests/system-userspace-macros.at @@ -24,11 +24,11 @@ m4_define([OVS_TRAFFIC_VSWITCHD_START], fi ]) -# OVS_TRAFFIC_VSWITCHD_STOP([WHITELIST], [extra_cmds]) +# OVS_TRAFFIC_VSWITCHD_STOP([ALLOWLIST], [extra_cmds]) # # Gracefully stops ovs-vswitchd and ovsdb-server, checking their log files # for messages with severity WARN or higher and signaling an error if any -# is present. The optional WHITELIST may contain shell-quoted "sed" +# is present. The optional ALLOWLIST may contain shell-quoted "sed" # commands to delete any warnings that are actually expected, e.g.: # # OVS_TRAFFIC_VSWITCHD_STOP(["/expected error/d"])