This commit changes the word "blacklist" to "denylist" throughout the code. It also changes the word "whitelist" to "allowlist" throughout the code.
The option "ic-route-blacklist" in the northbound global options has been renamed to "ic-route-denylist", but the old option name is still accepted in order to maintain backwards compatibility. The old option name is no longer documented, however. Signed-off-by: Mark Michelson <mmich...@redhat.com> --- NEWS | 4 ++++ ic/ovn-ic.c | 23 +++++++++++++---------- ovn-nb.xml | 2 +- tests/ofproto-macros.at | 4 ++-- tests/ovn-controller-vtep.at | 2 +- tests/ovn-ic.at | 32 ++++++++++++++++---------------- tests/system-kmod-macros.at | 4 ++-- tests/system-userspace-macros.at | 4 ++-- 8 files changed, 41 insertions(+), 34 deletions(-) diff --git a/NEWS b/NEWS index 3b5e93dc9..b2df43b3a 100644 --- a/NEWS +++ b/NEWS @@ -17,6 +17,10 @@ Post v24.03.0 external-ids, the option is no longer needed as it became effectively "true" for all scenarios. - Added DHCPv4 relay support. + - The "options:ic-route-blacklist" option in the Northbound NB_Global table + has been renamed to "options:ic-route-denylist" in order to comply with + inclusive language guidelines. The previous name is still recognized to + aid with backwards compatibility. OVN v24.03.0 - 01 Mar 2024 -------------------------- diff --git a/ic/ovn-ic.c b/ic/ovn-ic.c index e947323bf..3fd74ecba 100644 --- a/ic/ovn-ic.c +++ b/ic/ovn-ic.c @@ -1029,24 +1029,27 @@ prefix_is_link_local(struct in6_addr *prefix, unsigned int plen) } static bool -prefix_is_black_listed(const struct smap *nb_options, - struct in6_addr *prefix, - unsigned int plen) +prefix_is_deny_listed(const struct smap *nb_options, + struct in6_addr *prefix, + unsigned int plen) { - const char *blacklist = smap_get(nb_options, "ic-route-blacklist"); - if (!blacklist || !blacklist[0]) { - return false; + const char *denylist = smap_get(nb_options, "ic-route-denylist"); + if (!denylist || !denylist[0]) { + denylist = smap_get(nb_options, "ic-route-blacklist"); + if (!denylist || !denylist[0]) { + return false; + } } struct in6_addr bl_prefix; unsigned int bl_plen; char *cur, *next, *start; - next = start = xstrdup(blacklist); + next = start = xstrdup(denylist); bool matched = false; while ((cur = strsep(&next, ",")) && *cur) { if (!ip46_parse_cidr(cur, &bl_prefix, &bl_plen)) { static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(5, 1); VLOG_WARN_RL(&rl, "Bad format in nb_global options:" - "ic-route-blacklist: %s. CIDR expected.", cur); + "ic-route-denylist: %s. CIDR expected.", cur); continue; } @@ -1109,7 +1112,7 @@ route_need_advertise(const char *policy, return false; } - if (prefix_is_black_listed(nb_options, prefix, plen)) { + if (prefix_is_deny_listed(nb_options, prefix, plen)) { return false; } return true; @@ -1281,7 +1284,7 @@ route_need_learn(const struct nbrec_logical_router *lr, return false; } - if (prefix_is_black_listed(nb_options, prefix, plen)) { + if (prefix_is_deny_listed(nb_options, prefix, plen)) { return false; } diff --git a/ovn-nb.xml b/ovn-nb.xml index 3382d4db6..15976b95a 100644 --- a/ovn-nb.xml +++ b/ovn-nb.xml @@ -442,7 +442,7 @@ <code>ic-route-learn</code> is <code>true</code>. </column> - <column name="options" key="ic-route-blacklist"> + <column name="options" key="ic-route-denylist"> A string value contains a list of CIDRs delimited by ",". A route will not be advertised or learned if the route's prefix belongs to any of the CIDRs listed. diff --git a/tests/ofproto-macros.at b/tests/ofproto-macros.at index 31a067c1e..ab73e50d9 100644 --- a/tests/ofproto-macros.at +++ b/tests/ofproto-macros.at @@ -354,11 +354,11 @@ add_pmd_of_ports () { m4_divert_pop([PREPARE_TESTS]) -# OVS_VSWITCHD_STOP([WHITELIST]) +# OVS_VSWITCHD_STOP([ALLOWLIST]) # # Gracefully stops ovs-vswitchd and ovsdb-server, checking their log files # for messages with severity WARN or higher and signaling an error if any -# is present. The optional WHITELIST may contain shell-quoted "sed" +# is present. The optional ALLOWLIST may contain shell-quoted "sed" # commands to delete any warnings that are actually expected, e.g.: # # OVS_VSWITCHD_STOP(["/expected error/d"]) diff --git a/tests/ovn-controller-vtep.at b/tests/ovn-controller-vtep.at index d35dbbd05..ea67c2a5c 100644 --- a/tests/ovn-controller-vtep.at +++ b/tests/ovn-controller-vtep.at @@ -57,7 +57,7 @@ m4_define([OVN_CONTROLLER_VTEP_START], [ --ovnsb-db=unix:$ovs_base/ovn-sb/ovn-sb.sock ]) -# OVN_CONTROLLER_VTEP_STOP(WHITELIST, SIM_NAME) +# OVN_CONTROLLER_VTEP_STOP(ALLOWLIST, SIM_NAME) # # $1 - (optional) passed to check_logs() # $2 - (optional) simulator name diff --git a/tests/ovn-ic.at b/tests/ovn-ic.at index ad24011f2..8e50720b1 100644 --- a/tests/ovn-ic.at +++ b/tests/ovn-ic.at @@ -524,14 +524,14 @@ OVS_WAIT_UNTIL([ovn_as az2 ovn-nbctl lr-route-list lr2 | grep learned | grep 192 ovn_as az1 ovn-nbctl lrp-del lrp-lr1-ls1 OVS_WAIT_WHILE([ovn_as az2 ovn-nbctl lr-route-list lr2 | grep learned | grep 192.168]) -# Test blacklist routes +# Test denylist routes # Add back the directly connected 192.168 route. ovn_as az1 ovn-nbctl lrp-add lr1 lrp-lr1-ls1 aa:aa:aa:aa:bb:01 "192.168.0.1/24" OVS_WAIT_UNTIL([ovn_as az2 ovn-nbctl lr-route-list lr2 | grep learned | grep 192.168]) # Ensure AZ1 learned AZ2's 10.11.2.0 route as well. OVS_WAIT_UNTIL([ovn_as az1 ovn-nbctl lr-route-list lr1 | grep learned | grep 10.11]) # Now black list 10.11.0.0/16 and 192.168.0.0/16 in AZ2. -ovn_as az2 ovn-nbctl set nb_global . options:ic-route-blacklist="10.11.0.0/16,192.168.0.0/16" +ovn_as az2 ovn-nbctl set nb_global . options:ic-route-denylist="10.11.0.0/16,192.168.0.0/16" # AZ2 shouldn't learn 192.168 route any more. OVS_WAIT_WHILE([ovn_as az2 ovn-nbctl lr-route-list lr2 | grep learned | grep 192.168]) # AZ1 shouldn't learn 10.11 any more. @@ -554,8 +554,8 @@ for i in 1 2; do ovn-nbctl set nb_global . options:ic-route-learn=true # Ensure route advertising at AZ level ovn-nbctl set nb_global . options:ic-route-adv=true - # Drop blacklist - ovn-nbctl remove nb_global . options ic-route-blacklist + # Drop denylist + ovn-nbctl remove nb_global . options ic-route-denylist for j in 1 2; do ts=ts$j$j @@ -860,12 +860,12 @@ Route Table rtb1: ovn_as az1 ovn-nbctl lrp-del lrp-lr1-ls1 OVS_WAIT_WHILE([ovn_as az2 ovn-nbctl lr-route-list lr2 | grep learned | grep 192.168]) -# Test blacklist routes +# Test denylist routes # Add back the directly connected 192.168 route. ovn_as az1 ovn-nbctl lrp-add lr1 lrp-lr1-ls1 aa:aa:aa:aa:bb:01 "192.168.0.1/24" OVS_WAIT_UNTIL([ovn_as az2 ovn-nbctl lr-route-list lr2 | grep learned | grep 192.168]) -# Now add 10.11.0.0/16 and 192.168.0.0/16 to blacklist in AZ2. -check ovn_as az2 ovn-nbctl set nb_global . options:ic-route-blacklist="10.11.0.0/16,192.168.0.0/16" +# Now add 10.11.0.0/16 and 192.168.0.0/16 to denylist in AZ2. +check ovn_as az2 ovn-nbctl set nb_global . options:ic-route-denylist="10.11.0.0/16,192.168.0.0/16" # AZ2 shouldn't learn 192.168 route any more. OVS_WAIT_WHILE([ovn_as az2 ovn-nbctl lr-route-list lr2 | grep learned | grep 192.168]) # AZ1 shouldn't learn 10.11 any more. @@ -1324,8 +1324,8 @@ AT_CLEANUP ]) OVN_FOR_EACH_NORTHD([ -AT_SETUP([ovn-ic -- route sync -- IPv6 blacklist filter]) -AT_KEYWORDS([IPv6-route-sync-blacklist]) +AT_SETUP([ovn-ic -- route sync -- IPv6 denylist filter]) +AT_KEYWORDS([IPv6-route-sync-denylist]) ovn_init_ic_db check ovn-ic-nbctl ts-add ts1 @@ -1338,8 +1338,8 @@ for i in 1 2; do check ovn-nbctl set nb_global . options:ic-route-learn=true # Enable route advertising at AZ level check ovn-nbctl set nb_global . options:ic-route-adv=true - # Enable blacklist single filter for IPv6 - check ovn-nbctl set nb_global . options:ic-route-blacklist=" \ + # Enable denylist single filter for IPv6 + check ovn-nbctl set nb_global . options:ic-route-denylist=" \ 2003:db8:1::/64,2004:aaaa::/32,2005:1234::/21" check ovn-ic-nbctl --wait=sb sync @@ -1355,7 +1355,7 @@ for i in 1 2; do check ovn-nbctl lrp-add lr$i lrp-lr$i-p$i 00:00:00:00:00:0$i \ 2002:db8:1::$i/64 - # Create blacklisted LRPs and connect to TS + # Create denylisted LRPs and connect to TS check ovn-nbctl lrp-add lr$i lrp-lr$i-p-ext$i \ 11:11:11:11:11:1$i 2003:db8:1::$i/64 @@ -1381,8 +1381,8 @@ AT_CHECK([ovn_as az1 ovn-nbctl lr-route-list lr1 | for i in 1 2; do ovn_as az$i - # Drop blacklist - check ovn-nbctl remove nb_global . options ic-route-blacklist + # Drop denylist + check ovn-nbctl remove nb_global . options ic-route-denylist done check ovn-ic-nbctl --wait=sb sync @@ -1399,9 +1399,9 @@ for i in 1 2; do ovn_as az$i check ovn-nbctl set nb_global . \ - options:ic-route-blacklist="2003:db8:1::/64,2004:db8:1::/64" + options:ic-route-denylist="2003:db8:1::/64,2004:db8:1::/64" - # Create an 'extra' blacklisted LRP and connect to TS + # Create an 'extra' denylisted LRP and connect to TS check ovn-nbctl lrp-add lr$i lrp-lr$i-p-ext5$i \ 55:55:55:55:55:5$i 2004:db8:1::$i/64 done diff --git a/tests/system-kmod-macros.at b/tests/system-kmod-macros.at index 6f6670199..1c545d082 100644 --- a/tests/system-kmod-macros.at +++ b/tests/system-kmod-macros.at @@ -32,11 +32,11 @@ m4_define([OVS_TRAFFIC_VSWITCHD_START], fi ]) -# OVS_TRAFFIC_VSWITCHD_STOP([WHITELIST], [extra_cmds]) +# OVS_TRAFFIC_VSWITCHD_STOP([ALLOWLIST], [extra_cmds]) # # Gracefully stops ovs-vswitchd and ovsdb-server, checking their log files # for messages with severity WARN or higher and signaling an error if any -# is present. The optional WHITELIST may contain shell-quoted "sed" +# is present. The optional ALLOWLIST may contain shell-quoted "sed" # commands to delete any warnings that are actually expected, e.g.: # # OVS_TRAFFIC_VSWITCHD_STOP(["/expected error/d"]) diff --git a/tests/system-userspace-macros.at b/tests/system-userspace-macros.at index 73ca2cce3..83361c0ce 100644 --- a/tests/system-userspace-macros.at +++ b/tests/system-userspace-macros.at @@ -24,11 +24,11 @@ m4_define([OVS_TRAFFIC_VSWITCHD_START], fi ]) -# OVS_TRAFFIC_VSWITCHD_STOP([WHITELIST], [extra_cmds]) +# OVS_TRAFFIC_VSWITCHD_STOP([ALLOWLIST], [extra_cmds]) # # Gracefully stops ovs-vswitchd and ovsdb-server, checking their log files # for messages with severity WARN or higher and signaling an error if any -# is present. The optional WHITELIST may contain shell-quoted "sed" +# is present. The optional ALLOWLIST may contain shell-quoted "sed" # commands to delete any warnings that are actually expected, e.g.: # # OVS_TRAFFIC_VSWITCHD_STOP(["/expected error/d"]) -- 2.44.0 _______________________________________________ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev