OCPBUGS-76699: ebpf: consolidate packet event logs into single line by rameshsahoo11 · Pull Request #706 · openshift/ingress-node-firewall

rameshsahoo11 · 2026-04-02T09:37:05Z

Previously, firewall packet events were logged as three separate syslog messages (rule info, IP addresses, protocol details), making log parsing and analysis more difficult. This change consolidates all packet event information into a single log line for better observability.

Changes:

Merge three separate eventsLogger.Info() calls into one
Use pipe separators (|) to delimit log sections visually
Change independent if statements to if-else if chains to ensure only one IP layer and one protocol layer is logged per packet
Simplify log format: "src addr"/"dst addr" -> "src"/"dst"

Example output format:
Before (3 lines):

  2026-02-06 09:04:59 +0000 UTC worker1.example.com ruleId 10 action Drop len 74 if br1
  2026-02-06 09:04:59 +0000 UTC worker1.example.com     ipv4 src addr 192.XX.XX.149 dst addr 192.XX.XX.56
  2026-02-06 09:04:59 +0000 UTC worker1.example.com     tcp srcPort 56354 dstPort 22

After (1 line):
2026-02-06 09:04:59 +0000 UTC ruleId 10 action Drop len 74 if br1 | ipv4 src 192.xx.xx.149 dst 192.xx.xx.56 | tcp srcPort 56354 dstPort 22

This improves log grep-ability, parsing, and integration with log aggregation tools where single-line entries are preferred.

Test result from ovnkind cluster after appling the fix

$ kubectl logs -c events ingress-node-firewall-daemon-w756x
2026-04-02 08:58:19 +0000 UTC ovn-worker ruleId 10 action Drop len 74 if breth0 | ipv4 src 10.xx.0.1 dst 10.xx.0.16 | tcp srcPort 54600 dstPort 5000
2026-04-02 09:03:45 +0000 UTC ovn-worker ruleId 10 action Drop len 74 if breth0 | ipv4 src 10.xx.0.1 dst 10.xx.0.16 | tcp srcPort 37006 dstPort 5000

Summary by CodeRabbit

Bug Fixes
- Consolidated ingress firewall event logging so each packet event is emitted as a single, unified log message containing rule ID, action, packet length, interface, and protocol/transport details.
- Improved error handling so failures for the consolidated log write are captured once with the full message.
- Updated event parsing to match the new single-line, pipe-delimited log format for transport and ICMP events.

coderabbitai · 2026-04-02T09:37:22Z

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 022d8618-1683-44dc-ba72-bf6e997cc8fe

📥 Commits

Reviewing files that changed from the base of the PR and between afa2cce and 89ac802.

📒 Files selected for processing (2)

pkg/ebpf/ingress_node_firewall_events.go
test/e2e/events/events.go

✅ Files skipped from review due to trivial changes (1)

test/e2e/events/events.go

Walkthrough

Consolidated ingress node firewall event logging: multiple per-field syslog calls replaced by constructing a single composite log message (ruleId, action, pktLen, interface, and one mutually-exclusive protocol detail branch for IPv4/IPv6 + transport/ICMP) and emitting it once.

Changes

Cohort / File(s)	Summary
Event Logging Consolidation `pkg/ebpf/ingress_node_firewall_events.go`	Replaced multiple sequential `eventsLogger.Info` calls and per-call error handling with a single `strings.Builder`-constructed `logMsg`; selects IPv4 vs IPv6 then a single transport/ICMP branch via `if/else if`, and emits one `eventsLogger.Info(logMsg.String())`.
Event Tests (regex updates) `test/e2e/events/events.go`	Updated transport and ICMP parsing regular expressions to expect a single-line, pipe-delimited log format that includes an `inf` token followed by `

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

🚥 Pre-merge checks | ✅ 11 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (11 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and specifically summarizes the main change: consolidating packet event logs into a single line format.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names	✅ Passed	The custom check for stable and deterministic Ginkgo test names is not applicable to this pull request. The PR only modifies pkg/ebpf/ingress_node_firewall_events.go and test/e2e/events/events.go, neither containing any Ginkgo test declarations.
Test Structure And Quality	✅ Passed	The modified file is a utility module containing event parsing helper functions with regex pattern updates, not Ginkgo test code with test blocks, lifecycle hooks, timeouts, or assertions.
Microshift Test Compatibility	✅ Passed	PR does not add new Ginkgo e2e tests; only updates regex patterns in helper utility function to support new consolidated log format.
Single Node Openshift (Sno) Test Compatibility	✅ Passed	PR updates helper functions and regex patterns in event-parsing utility file to match new single-line log format; no new Ginkgo e2e tests are added.
Topology-Aware Scheduling Compatibility	✅ Passed	PR modifies only event logging consolidation and test regex patterns with no scheduling constraints or deployment manifest changes affecting topology assumptions.
Ote Binary Stdout Contract	✅ Passed	No process-level code (main, init, TestMain, BeforeSuite, etc.) found in modified files; logging uses structured logger not direct stdout writes.
Ipv6 And Disconnected Network Test Compatibility	✅ Passed	This PR modifies test/e2e/events/events.go, a helper utility module that provides event parsing functions for existing tests, not a test file itself. No new Ginkgo e2e tests are added. The regex patterns already support both IPv4 and IPv6 address families with no hardcoded IPv4-only assumptions or external connectivity requirements.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

Create PR with unit tests

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

_{Review rate limit: 0/1 reviews remaining, refill in 60 minutes.}

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

openshift-ci · 2026-04-02T09:38:17Z

Hi @rameshsahoo111. Thanks for your PR.

I'm waiting for a openshift member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work.

Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

rameshsahoo11 · 2026-04-02T09:43:04Z

Internal Jira - https://redhat.atlassian.net/browse/OCPBUGS-76699

meinali566 · 2026-04-02T10:06:16Z

/cc

rameshsahoo11 · 2026-04-02T11:03:28Z

@Meina-rh thank you for your review. With the current code (using else if): From a networking perspective, a single packet can ONLY be either IPv4 OR IPv6, never both. This is fundamental to how IP works:
  - An IPv4 packet has an IPv4 header
  - An IPv6 packet has an IPv6 header
  - A packet cannot have both IPv4 AND IPv6 headers simultaneously

  So the current code with else if correctly handles both:
  - If packet is IPv4 → logs IPv4, skips IPv6 check (because it's impossible to also be IPv6)
  - If packet is IPv6 → logs IPv6

  In a dual-stack cluster:
  - Some packets are IPv4 (logged as IPv4)
  - Some packets are IPv6 (logged as IPv6)
  - Each individual packet is one or the other

I confirmed that IPV6 logging is also correctly logged;

2026-04-02 10:56:22 +0000 UTC ovn-worker ruleId 10 action Drop len 94 if breth0 | ipv6 src fc00:f853:ccd:e793::1 dst fc00:f853:ccd:e793::10 | tcp srcPort 46692 dstPort 5000
2026-04-02 10:59:57 +0000 UTC ovn-worker ruleId 10 action Drop len 74 if breth0 | ipv4 src 10.89.0.1 dst 10.89.0.16 | tcp srcPort 33192 dstPort 5000
2026-04-02 11:00:10 +0000 UTC ovn-worker ruleId 10 action Drop len 94 if breth0 | ipv6 src fc00:f853:ccd:e793::1 dst fc00:f853:ccd:e793::10 | tcp srcPort 42782 dstPort 5000
2026-04-02 11:00:11 +0000 UTC ovn-worker ruleId 10 action Drop len 94 if breth0 | ipv6 src fc00:f853:ccd:e793::1 dst fc00:f853:ccd:e793::10 | tcp srcPort 42782 dstPort 5000

Requesting you to further review and my original change and update.

meinali566 · 2026-04-02T11:21:02Z

@rameshsahoo111 thanks for your explaining, I forgot it's from packet.
LGTM

meinali566 · 2026-04-02T11:22:01Z

/ok-to-test

rameshsahoo11 · 2026-04-02T12:59:27Z

Unit test is failing because ./testbin/setup-envtest.sh is failing to download kubebuilder-tools. Requesting someone to fix CI failure.

# wget https://storage.googleapis.com/kubebuilder-tools/kubebuilder-tools-1.19.2-linux-amd64.tar.gz
HTTP ERROR response 403  [https://storage.googleapis.com/kubebuilder-tools/kubebuilder-tools-1.19.2-linux-amd64.tar.gz]
kubebuilder-tools-1. 100% [================================================================================================================================================================>]     298     --.-KB/s
                          [Files: 0  Bytes: 298  [414 B/s] Redirects: 0  Todo: 0  Errors: 1

meinali566 · 2026-04-03T06:40:41Z

/retest-required

rameshsahoo11 · 2026-04-03T11:16:17Z

Verified with all test cases and the below are the result. Requesting someone to fix the CI failure.

IngressNodeFirewall Rules

apiVersion: ingressnodefirewall.openshift.io/v1alpha1
kind: IngressNodeFirewall
metadata:
  name: ingressnodefirewall
spec:
  interfaces:
  - breth0
  nodeSelector:
    matchLabels:
      kubernetes.io/hostname: ovn-worker
  ingress:
  - sourceCIDRs:
      - 0.0.0.0/0
      - ::/0
    rules:
    - order: 10
      protocolConfig:
        protocol: TCP
        tcp:
          ports: "5000-5001"
      action: Deny
    - order: 11
      protocolConfig:
        protocol: UDP
        udp:
          ports: "5000-5001"
      action: Deny
    - order: 12
      protocolConfig:
        protocol: ICMP
        icmp:
          icmpType: 8 #ICMP Echo request
      action: Deny
    - order: 13
      protocolConfig:
        protocol: ICMPv6
        icmpv6:
          icmpType: 128 #ICMPV6 Echo request
      action: Deny
    - order: 14
      protocolConfig:
        protocol: SCTP
        sctp:
          ports: "6000-6001"
      action: Deny

Test Result

[SCTP TEST]

Server Listen;
 socat -v SCTP6-LISTEN:6000,fork,ipv6only=0 -

SCTP Client connect;
echo "Hello Ramesh"|socat - SCTP:10.89.0.16:6000
echo "Hello Ramesh"|socat - SCTP:[fc00:f853:ccd:e793::10]:6000

[TCP/UDP TEST]
nc -l 5000
curl --retry 0 --fail --max-time 1 -v telnet://10.89.0.16:5000 --connect-timeout 1
curl --retry 0 --fail --max-time 1 -v telnet://[fc00:f853:ccd:e793::10]:5000 --connect-timeout 1

nc -lu 5000 
nc -zu 10.89.0.16 5000
nc -6 -zu fc00:f853:ccd:e793::10 5000

[ICMP Test]
ping -c1 10.89.0.16
ping6 -c1 fc00:f853:ccd:e793::10

# oc logs -c events ingress-node-firewall-daemon-h44gk 
[TCP]
2026-04-03 10:53:58 +0000 UTC ovn-worker ruleId 10 action Drop len 74 if breth0 | ipv4 src 10.89.0.1 dst 10.89.0.16 | tcp srcPort 58444 dstPort 5000
2026-04-03 10:55:17 +0000 UTC ovn-worker ruleId 10 action Drop len 94 if breth0 | ipv6 src fc00:f853:ccd:e793::1 dst fc00:f853:ccd:e793::10 | tcp srcPort 40772 dstPort 5000

[UDP]
2026-04-03 10:56:18 +0000 UTC ovn-worker ruleId 11 action Drop len 43 if breth0 | ipv4 src 10.89.0.1 dst 10.89.0.16 | udp srcPort 52237 dstPort 5000
2026-04-03 10:56:44 +0000 UTC ovn-worker ruleId 11 action Drop len 63 if breth0 | ipv6 src fc00:f853:ccd:e793::1 dst fc00:f853:ccd:e793::10 | udp srcPort 50747 dstPort 5000

[SCTP]
2026-04-03 10:59:27 +0000 UTC ovn-worker ruleId 14 action Drop len 98 if breth0 | ipv4 src 10.89.0.1 dst 10.89.0.16 | sctp srcPort 58063 dstPort 6000
2026-04-03 10:59:30 +0000 UTC ovn-worker ruleId 14 action Drop len 98 if breth0 | ipv4 src 10.89.0.1 dst 10.89.0.16 | sctp srcPort 58063 dstPort 6000
2026-04-03 10:59:36 +0000 UTC ovn-worker ruleId 14 action Drop len 98 if breth0 | ipv4 src 10.89.0.1 dst 10.89.0.16 | sctp srcPort 58063 dstPort 6000
2026-04-03 11:00:20 +0000 UTC ovn-worker ruleId 14 action Drop len 102 if breth0 | ipv6 src fc00:f853:ccd:e793::1 dst fc00:f853:ccd:e793::10 | sctp srcPort 36912 dstPort 6000
2026-04-03 11:00:23 +0000 UTC ovn-worker ruleId 14 action Drop len 102 if breth0 | ipv6 src fc00:f853:ccd:e793::1 dst fc00:f853:ccd:e793::10 | sctp srcPort 36912 dstPort 6000
2026-04-03 11:00:30 +0000 UTC ovn-worker ruleId 14 action Drop len 102 if breth0 | ipv6 src fc00:f853:ccd:e793::1 dst fc00:f853:ccd:e793::10 | sctp srcPort 36912 dstPort 6000

[ICMP]
2026-04-03 11:00:58 +0000 UTC ovn-worker ruleId 12 action Drop len 98 if breth0 | ipv4 src 10.89.0.1 dst 10.89.0.16 | icmpv4 type 8 code 0
2026-04-03 11:01:20 +0000 UTC ovn-worker ruleId 13 action Drop len 118 if breth0 | ipv6 src fc00:f853:ccd:e793::1 dst fc00:f853:ccd:e793::10 | icmpv6 type 128 code 0

openshift-ci-robot · 2026-04-03T14:15:17Z

@rameshsahoo111: This pull request references Jira Issue OCPBUGS-76699, which is invalid:

expected the bug to target the "4.22.0" version, but no target version was set

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

The bug has been updated to refer to the pull request using the external bug tracker.

Details

In response to this:

Previously, firewall packet events were logged as three separate syslog messages (rule info, IP addresses, protocol details), making log parsing and analysis more difficult. This change consolidates all packet event information into a single log line for better observability.

Changes:

Merge three separate eventsLogger.Info() calls into one

Use pipe separators (|) to delimit log sections visually

Change independent if statements to if-else if chains to ensure only one IP layer and one protocol layer is logged per packet

Simplify log format: "src addr"/"dst addr" -> "src"/"dst"

Example output format:
Before (3 lines):
 2026-02-06 09:04:59 +0000 UTC worker1.example.com ruleId 10 action Drop len 74 if br1
 2026-02-06 09:04:59 +0000 UTC worker1.example.com     ipv4 src addr 192.XX.XX.149 dst addr 192.XX.XX.56
 2026-02-06 09:04:59 +0000 UTC worker1.example.com     tcp srcPort 56354 dstPort 22
After (1 line):
2026-02-06 09:04:59 +0000 UTC ruleId 10 action Drop len 74 if br1 | ipv4 src 192.xx.xx.149 dst 192.xx.xx.56 | tcp srcPort 56354 dstPort 22

This improves log grep-ability, parsing, and integration with log aggregation tools where single-line entries are preferred.

Test result from ovnkind cluster after appling the fix
$ kubectl logs -c events ingress-node-firewall-daemon-w756x
2026-04-02 08:58:19 +0000 UTC ovn-worker ruleId 10 action Drop len 74 if breth0 | ipv4 src 10.xx.0.1 dst 10.xx.0.16 | tcp srcPort 54600 dstPort 5000
2026-04-02 09:03:45 +0000 UTC ovn-worker ruleId 10 action Drop len 74 if breth0 | ipv4 src 10.xx.0.1 dst 10.xx.0.16 | tcp srcPort 37006 dstPort 5000

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

rameshsahoo11 · 2026-04-06T05:27:38Z

/jira-refresh

rameshsahoo11 · 2026-04-06T05:28:02Z

/jira refresh

openshift-ci-robot · 2026-04-06T05:28:10Z

@rameshsahoo111: This pull request references Jira Issue OCPBUGS-76699, which is valid. The bug has been moved to the POST state.

3 validation(s) were run on this bug

bug is open, matching expected state (open)
bug target version (4.22.0) matches configured target version for branch (4.22.0)
bug is in the state New, which is one of the valid states (NEW, ASSIGNED, POST)

Requesting review from QA contact:
/cc @anuragthehatter

Details

In response to this:

/jira refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

rameshsahoo11 · 2026-04-06T12:58:16Z

/retest-required

meinali566 · 2026-04-07T08:43:20Z

/testwith openshift/ingress-node-firewall/master/unit-test #705

danwinship · 2026-05-12T16:24:10Z

/retest

danwinship · 2026-05-12T16:25:39Z

/lgtm

danwinship · 2026-05-13T11:39:01Z

hm, no lgtm-means-approve here?
/approve

openshift-ci · 2026-05-13T11:39:22Z

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: danwinship, rameshsahoo11

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

~~OWNERS~~ [danwinship]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

openshift-ci-robot · 2026-05-14T05:42:47Z

@rameshsahoo11: /verified by <reason> requires at least one verification method to be identified (it can be a comma delimited list). It can specify a test name or a GitHub @username (an engineer that performed the pre-merge verification). See https://docs.ci.openshift.org/docs/architecture/jira/#premerge-verification for more information.

Details

In response to this:

/verified manually by logs

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

rameshsahoo11 · 2026-05-14T05:45:59Z

/verified by logs manually

openshift-ci-robot · 2026-05-14T05:46:09Z

@rameshsahoo11: Jira verification commands are restricted to collaborators for this repo.

Details

In response to this:

/verified by logs manually

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

rameshsahoo11 · 2026-05-14T05:52:05Z

@danwinship I'm not a collaborator for this report as I get Jira verification commands are restricted to collaborators for this repo. Can you assist?

anuragthehatter · 2026-05-18T16:59:43Z

/verified by @anuragthehatter

openshift-ci-robot · 2026-05-18T16:59:55Z

@anuragthehatter: This PR has been marked as verified by @anuragthehatter.

Details

In response to this:

/verified by @anuragthehatter

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

anuragthehatter · 2026-05-18T18:00:41Z

/jira refresh

openshift-ci-robot · 2026-05-18T18:00:46Z

@anuragthehatter: This pull request references Jira Issue OCPBUGS-76699, which is invalid:

expected the bug to target either version "5.0." or "openshift-5.0.", but it targets "4.22" instead

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

Details

In response to this:

/jira refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

danwinship · 2026-05-18T18:01:42Z

Need to fix the jira/invalid-bug label:

@rameshsahoo11: This pull request references Jira Issue OCPBUGS-76699, which is invalid:
* expected the bug to target either version "5.0._" or "openshift-5.0._", but it targets "4.22" instead

Change your bug to target 5.0, do /jira refresh, and then backport the fix to 4.22 (if we still care about having it in 4.22)

rameshsahoo11 · 2026-05-19T05:41:18Z

/jira refresh

openshift-ci-robot · 2026-05-19T05:41:24Z

@rameshsahoo11: This pull request references Jira Issue OCPBUGS-76699, which is valid.

3 validation(s) were run on this bug

bug is open, matching expected state (open)
bug target version (5.0.0) matches configured target version for branch (5.0.0)
bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, POST)

Requesting review from QA contact:
/cc @anuragthehatter

Details

In response to this:

/jira refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

rameshsahoo11 · 2026-05-19T05:46:11Z

Thanks @danwinship and @anuragthehatter for your assistance. The invalid jira flags has been removed after I set the target version to 5.0 as suggested. @anuragthehatter kindly review it again and do the needful.

openshift-ci · 2026-05-19T08:07:01Z

@rameshsahoo11: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

openshift-ci-robot · 2026-05-19T08:08:30Z

@rameshsahoo11: Jira Issue OCPBUGS-76699: All pull requests linked via external trackers have merged:

openshift/ingress-node-firewall#706

All linked pull requests have the verified tag. Jira Issue OCPBUGS-76699 has been moved to the VERIFIED state.

Details

In response to this:

Previously, firewall packet events were logged as three separate syslog messages (rule info, IP addresses, protocol details), making log parsing and analysis more difficult. This change consolidates all packet event information into a single log line for better observability.

Changes:

Merge three separate eventsLogger.Info() calls into one

Use pipe separators (|) to delimit log sections visually

Change independent if statements to if-else if chains to ensure only one IP layer and one protocol layer is logged per packet

Simplify log format: "src addr"/"dst addr" -> "src"/"dst"

Example output format:
Before (3 lines):
 2026-02-06 09:04:59 +0000 UTC worker1.example.com ruleId 10 action Drop len 74 if br1
 2026-02-06 09:04:59 +0000 UTC worker1.example.com     ipv4 src addr 192.XX.XX.149 dst addr 192.XX.XX.56
 2026-02-06 09:04:59 +0000 UTC worker1.example.com     tcp srcPort 56354 dstPort 22
After (1 line):
2026-02-06 09:04:59 +0000 UTC ruleId 10 action Drop len 74 if br1 | ipv4 src 192.xx.xx.149 dst 192.xx.xx.56 | tcp srcPort 56354 dstPort 22

This improves log grep-ability, parsing, and integration with log aggregation tools where single-line entries are preferred.

Test result from ovnkind cluster after appling the fix
$ kubectl logs -c events ingress-node-firewall-daemon-w756x
2026-04-02 08:58:19 +0000 UTC ovn-worker ruleId 10 action Drop len 74 if breth0 | ipv4 src 10.xx.0.1 dst 10.xx.0.16 | tcp srcPort 54600 dstPort 5000
2026-04-02 09:03:45 +0000 UTC ovn-worker ruleId 10 action Drop len 74 if breth0 | ipv4 src 10.xx.0.1 dst 10.xx.0.16 | tcp srcPort 37006 dstPort 5000
Summary by CodeRabbit

Bug Fixes

Consolidated ingress firewall event logging so each packet event is emitted as a single, unified log message containing rule ID, action, packet length, interface, and protocol/transport details.

Improved error handling so failures for the consolidated log write are captured once with the full message.

Updated event parsing to match the new single-line, pipe-delimited log format for transport and ICMP events.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

rameshsahoo11 · 2026-05-20T13:45:08Z

/cherry-pick release-4.22

openshift-cherrypick-robot · 2026-05-20T13:45:18Z

@rameshsahoo11: only openshift org members may request cherry picks. If you are already part of the org, make sure to change your membership to public. Otherwise you can still do the cherry-pick manually.

Details

In response to this:

/cherry-pick release-4.22

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

danwinship · 2026-05-20T16:22:08Z

/cherry-pick release-4.22

openshift-cherrypick-robot · 2026-05-20T16:22:55Z

@danwinship: new pull request created: #711

Details

In response to this:

/cherry-pick release-4.22

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

openshift-ci Bot requested review from martinkennelly and tssurya April 2, 2026 09:38

openshift-ci Bot added the needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. label Apr 2, 2026

openshift-ci Bot requested a review from meinali566 April 2, 2026 10:06

This comment was marked as low quality.

Sign in to view

openshift-ci Bot added ok-to-test Indicates a non-member PR verified by an org member that is safe to test. and removed needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. labels Apr 2, 2026

rameshsahoo11 changed the title ~~ebpf: consolidate packet event logs into single line~~ OCPBUGS-76699 - ebpf: consolidate packet event logs into single line Apr 3, 2026

rameshsahoo11 changed the title ~~OCPBUGS-76699 - ebpf: consolidate packet event logs into single line~~ OCPBUGS-76699: ebpf: consolidate packet event logs into single line Apr 3, 2026

openshift-ci-robot added jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. jira/invalid-bug Indicates that a referenced Jira bug is invalid for the branch this PR is targeting. labels Apr 3, 2026

openshift-ci-robot added jira/valid-bug Indicates that a referenced Jira bug is valid for the branch this PR is targeting. and removed jira/invalid-bug Indicates that a referenced Jira bug is invalid for the branch this PR is targeting. labels Apr 6, 2026

openshift-ci Bot requested a review from anuragthehatter April 6, 2026 05:28

openshift-ci Bot assigned danwinship May 12, 2026

openshift-ci Bot added the lgtm Indicates that a PR is ready to be merged. label May 12, 2026

openshift-ci Bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label May 13, 2026

openshift-ci-robot added the verified Signifies that the PR passed pre-merge verification criteria label May 18, 2026

openshift-ci-robot added jira/valid-bug Indicates that a referenced Jira bug is valid for the branch this PR is targeting. and removed jira/invalid-bug Indicates that a referenced Jira bug is invalid for the branch this PR is targeting. labels May 19, 2026

openshift-merge-bot Bot merged commit 2394cf2 into openshift:master May 19, 2026
9 checks passed

openshift-cherrypick-robot mentioned this pull request May 20, 2026

[release-4.22] OCPBUGS-86291: ebpf: consolidate packet event logs into single line #711

Open

Conversation

rameshsahoo11 commented Apr 2, 2026 • edited by coderabbitai Bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Summary by CodeRabbit

Uh oh!

coderabbitai Bot commented Apr 2, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Walkthrough

Changes

Estimated code review effort

❌ Failed checks (1 warning)

Uh oh!

openshift-ci Bot commented Apr 2, 2026

Uh oh!

rameshsahoo11 commented Apr 2, 2026

Uh oh!

meinali566 commented Apr 2, 2026

Uh oh!

This comment was marked as low quality.

Uh oh!

rameshsahoo11 commented Apr 2, 2026

Uh oh!

meinali566 commented Apr 2, 2026

Uh oh!

meinali566 commented Apr 2, 2026

Uh oh!

rameshsahoo11 commented Apr 2, 2026

Uh oh!

meinali566 commented Apr 3, 2026

Uh oh!

rameshsahoo11 commented Apr 3, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

IngressNodeFirewall Rules

Test Result

Uh oh!

openshift-ci-robot commented Apr 3, 2026

Uh oh!

rameshsahoo11 commented Apr 6, 2026

Uh oh!

rameshsahoo11 commented Apr 6, 2026

Uh oh!

openshift-ci-robot commented Apr 6, 2026

Uh oh!

rameshsahoo11 commented Apr 6, 2026

Uh oh!

meinali566 commented Apr 7, 2026

Uh oh!

danwinship commented May 12, 2026

Uh oh!

danwinship commented May 12, 2026

Uh oh!

danwinship commented May 13, 2026

Uh oh!

openshift-ci Bot commented May 13, 2026

Uh oh!

openshift-ci-robot commented May 14, 2026

Uh oh!

rameshsahoo11 commented May 14, 2026

Uh oh!

openshift-ci-robot commented May 14, 2026

Uh oh!

rameshsahoo11 commented May 14, 2026

Uh oh!

anuragthehatter commented May 18, 2026

Uh oh!

openshift-ci-robot commented May 18, 2026

Uh oh!

anuragthehatter commented May 18, 2026

Uh oh!

openshift-ci-robot commented May 18, 2026

Uh oh!

danwinship commented May 18, 2026

Uh oh!

rameshsahoo11 commented May 19, 2026

Uh oh!

openshift-ci-robot commented May 19, 2026

Uh oh!

rameshsahoo11 commented May 19, 2026

Uh oh!

openshift-ci Bot commented May 19, 2026

rameshsahoo11 commented Apr 2, 2026 •

edited by coderabbitai Bot

Loading

coderabbitai Bot commented Apr 2, 2026 •

edited

Loading

rameshsahoo11 commented Apr 3, 2026 •

edited

Loading