Merge pull request #2684 from fasaxc/v3.18-ignore-log

[v3.18] Ignore log rules in BPF mode.
projectcalico · Feb 18, 2021 · 0d56379 · 0d56379
2 parents 7a73b20 + 94a185e
commit 0d56379
Show file tree

Hide file tree

Showing 3 changed files with 32 additions and 1 deletion.
diff --git a/bpf/polprog/pol_prog_builder.go b/bpf/polprog/pol_prog_builder.go
@@ -369,6 +369,10 @@ func (p *Builder) writePolicyRules(policy Policy, actionLabels map[string]string
 	for ruleIdx, rule := range policy.Rules {
 		log.Debugf("Start of rule %d", ruleIdx)
 		action := strings.ToLower(rule.Action)
+		if action == "log" {
+			log.Debug("Skipping log rule.  Not supported in BPF mode.")
+			continue
+		}
 		p.writeRule(rule, actionLabels[action], destLeg)
 		log.Debugf("End of rule %d", ruleIdx)
 	}

diff --git a/bpf/polprog/pol_prog_builder_test.go b/bpf/polprog/pol_prog_builder_test.go
@@ -72,3 +72,30 @@ func TestPolicySanityCheck(t *testing.T) {
 		t.Log(i, ": ", in)
 	}
 }
+
+func TestLogActionIgnored(t *testing.T) {
+	RegisterTestingT(t)
+	alloc := idalloc.New()
+
+	pg := NewBuilder(alloc, 1, 2, 3)
+	insns, err := pg.Instructions(Rules{
+		Tiers: []Tier{{
+			Name: "default",
+			Policies: []Policy{{
+				Name: "test policy",
+				Rules: []Rule{{Rule: &proto.Rule{
+					Action: "Log",
+				}}},
+			}},
+		}}})
+	Expect(err).NotTo(HaveOccurred())
+
+	pg = NewBuilder(alloc, 1, 2, 3)
+	noOpInsns, err := pg.Instructions(Rules{
+		Tiers: []Tier{{
+			Name:     "default",
+			Policies: []Policy{},
+		}}})
+	Expect(err).NotTo(HaveOccurred())
+	Expect(noOpInsns).To(Equal(insns))
+}
diff --git a/bpf/ut/pol_prog_test.go b/bpf/ut/pol_prog_test.go
@@ -1026,7 +1026,7 @@ var polProgramTests = []polProgramTest{
 			"setB": {"123.0.0.1/32,udp:1024"},
 		},
 	},
-	//ICMP tests
+	// ICMP tests
 	{
 		PolicyName: "allow icmp packet with type 8",
 		Policy: makeRulesSingleTier([]*proto.Rule{{