diff options
| author | Justin Pettit <jpettit@ovn.org> | 2016-12-16 17:40:24 -0800 |
|---|---|---|
| committer | Justin Pettit <jpettit@ovn.org> | 2017-07-28 17:00:32 -0700 |
| commit | d383eed5958967fa38661b6ac978be4bdb98dfea (patch) | |
| tree | 7aba43b8f3bef55deebc0d6b1add8101dbf2548e /include | |
| parent | 19536b6a4b2dcf4e469b50eac090bf2442c8dd37 (diff) | |
| download | openvswitch-d383eed5958967fa38661b6ac978be4bdb98dfea.tar.gz | |
ovn: Add support for ACL logging.
Signed-off-by: Justin Pettit <jpettit@ovn.org>
Acked-by: Han Zhou <zhouhan@gmail.com>
Acked-by: Ben Pfaff <blp@ovn.org>
Diffstat (limited to 'include')
| -rw-r--r-- | include/ovn/actions.h | 66 |
1 files changed, 42 insertions, 24 deletions
diff --git a/include/ovn/actions.h b/include/ovn/actions.h index 9e4a5c5ab..0a04af7aa 100644 --- a/include/ovn/actions.h +++ b/include/ovn/actions.h @@ -48,30 +48,31 @@ struct simap; * "ovnact". The structure must have a fixed length, that is, it may not * end with a flexible array member. */ -#define OVNACTS \ - OVNACT(OUTPUT, ovnact_null) \ - OVNACT(NEXT, ovnact_next) \ - OVNACT(LOAD, ovnact_load) \ - OVNACT(MOVE, ovnact_move) \ - OVNACT(EXCHANGE, ovnact_move) \ - OVNACT(DEC_TTL, ovnact_null) \ - OVNACT(CT_NEXT, ovnact_ct_next) \ - OVNACT(CT_COMMIT, ovnact_ct_commit) \ - OVNACT(CT_DNAT, ovnact_ct_nat) \ - OVNACT(CT_SNAT, ovnact_ct_nat) \ - OVNACT(CT_LB, ovnact_ct_lb) \ - OVNACT(CT_CLEAR, ovnact_null) \ - OVNACT(CLONE, ovnact_nest) \ - OVNACT(ARP, ovnact_nest) \ - OVNACT(ND_NA, ovnact_nest) \ - OVNACT(GET_ARP, ovnact_get_mac_bind) \ - OVNACT(PUT_ARP, ovnact_put_mac_bind) \ - OVNACT(GET_ND, ovnact_get_mac_bind) \ - OVNACT(PUT_ND, ovnact_put_mac_bind) \ - OVNACT(PUT_DHCPV4_OPTS, ovnact_put_dhcp_opts) \ - OVNACT(PUT_DHCPV6_OPTS, ovnact_put_dhcp_opts) \ - OVNACT(SET_QUEUE, ovnact_set_queue) \ - OVNACT(DNS_LOOKUP, ovnact_dns_lookup) +#define OVNACTS \ + OVNACT(OUTPUT, ovnact_null) \ + OVNACT(NEXT, ovnact_next) \ + OVNACT(LOAD, ovnact_load) \ + OVNACT(MOVE, ovnact_move) \ + OVNACT(EXCHANGE, ovnact_move) \ + OVNACT(DEC_TTL, ovnact_null) \ + OVNACT(CT_NEXT, ovnact_ct_next) \ + OVNACT(CT_COMMIT, ovnact_ct_commit) \ + OVNACT(CT_DNAT, ovnact_ct_nat) \ + OVNACT(CT_SNAT, ovnact_ct_nat) \ + OVNACT(CT_LB, ovnact_ct_lb) \ + OVNACT(CT_CLEAR, ovnact_null) \ + OVNACT(CLONE, ovnact_nest) \ + OVNACT(ARP, ovnact_nest) \ + OVNACT(ND_NA, ovnact_nest) \ + OVNACT(GET_ARP, ovnact_get_mac_bind) \ + OVNACT(PUT_ARP, ovnact_put_mac_bind) \ + OVNACT(GET_ND, ovnact_get_mac_bind) \ + OVNACT(PUT_ND, ovnact_put_mac_bind) \ + OVNACT(PUT_DHCPV4_OPTS, ovnact_put_dhcp_opts) \ + OVNACT(PUT_DHCPV6_OPTS, ovnact_put_dhcp_opts) \ + OVNACT(SET_QUEUE, ovnact_set_queue) \ + OVNACT(DNS_LOOKUP, ovnact_dns_lookup) \ + OVNACT(LOG, ovnact_log) /* enum ovnact_type, with a member OVNACT_<ENUM> for each action. */ enum OVS_PACKED_ENUM ovnact_type { @@ -265,6 +266,14 @@ struct ovnact_dns_lookup { struct expr_field dst; /* 1-bit destination field. */ }; +/* OVNACT_LOG. */ +struct ovnact_log { + struct ovnact ovnact; + uint8_t verdict; /* One of LOG_VERDICT_*. */ + uint8_t severity; /* One of LOG_SEVERITY_*. */ + char *name; +}; + /* Internal use by the helpers below. */ void ovnact_init(struct ovnact *, enum ovnact_type, size_t len); void *ovnact_put(struct ofpbuf *, enum ovnact_type, size_t len); @@ -400,6 +409,15 @@ enum action_opcode { * */ ACTION_OPCODE_DNS_LOOKUP, + + /* "log(arguments)". + * + * Arguments are as follows: + * - An 8-bit verdict. + * - An 8-bit severity. + * - A variable length string containing the name. + */ + ACTION_OPCODE_LOG, }; /* Header. */ |