Skip to content

[release-4.22] OCPBUGS-86291: ebpf: consolidate packet event logs into single line#711

Open
openshift-cherrypick-robot wants to merge 2 commits into
openshift:release-4.22from
openshift-cherrypick-robot:cherry-pick-706-to-release-4.22
Open

[release-4.22] OCPBUGS-86291: ebpf: consolidate packet event logs into single line#711
openshift-cherrypick-robot wants to merge 2 commits into
openshift:release-4.22from
openshift-cherrypick-robot:cherry-pick-706-to-release-4.22

Conversation

@openshift-cherrypick-robot
Copy link
Copy Markdown

@openshift-cherrypick-robot openshift-cherrypick-robot commented May 20, 2026

This is an automated cherry-pick of #706

/assign danwinship

@rameshsahoo11
ebpf: consolidate packet event logs into single line
b4ece79 
Previously, firewall packet events were logged as three separate syslog
messages (rule info, IP addresses, protocol details), making log parsing
and analysis more difficult. This change consolidates all packet event
information into a single log line for better observability.

Changes:
- Merge three separate eventsLogger.Info() calls into one
- Use strings.Builder and fmt.Fprintf for efficient log construction
- Use pipe separators (|) to delimit log sections visually

Example output format:
Before (3 lines):
  ruleId 10 action Drop len 74 if br1
      ipv4 src addr 192.xx.xx.149 dst addr 192.xx.xx.56
      tcp srcPort 56354 dstPort 22

After (1 line):
  ruleId 10 action Drop len 74 if br1 | ipv4 src 192.xx.xx.149 dst 192.xx.xx.56 | tcp srcPort 56354 dstPort 22

This improves log grep-ability, parsing, and integration with log
aggregation tools where single-line entries are preferred.

Signed-off-by: Ramesh Sahoo <rsahoo@redhat.com>
@rameshsahoo11
test: update E2E event regex for consolidated log format
b833c6b 
Update event parsing regex patterns in test/e2e/events/events.go to
match the new single-line log format with pipe delimiters.

Changes:
- Replace newline separators (\n) with pipe delimiters (\s\|\s)
- Remove 'addr' keyword from IP address fields
- Add IP version prefix matching (ipv4|ipv6)
- Use raw string literals (backticks) to avoid escaping backslashes

Old format (multi-line):
  ruleId 10 action Drop len 98 if eth0
    ipv4 src addr 172.20.0.1 dst addr 172.20.0.4
    tcp srcPort 12345 dstPort 8080

New format (single line):
  ruleId 10 action Drop len 98 if eth0 | ipv4 src 172.20.0.1 dst 172.20.0.4 | tcp srcPort 12345 dstPort 8080
@openshift-cherrypick-robot openshift-cherrypick-robot mentioned this pull request May 20, 2026
Merged
@coderabbitai
Copy link
Copy Markdown

coderabbitai Bot commented May 20, 2026

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: bc4696a2-311a-4e6c-8ae6-b91b18bfe2d3

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Comment @coderabbitai help to get the list of available commands and usage tips.

@openshift-ci openshift-ci Bot requested review from abhat and martinkennelly May 20, 2026 16:23
@openshift-ci
Copy link
Copy Markdown
Contributor

openshift-ci Bot commented May 20, 2026

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: openshift-cherrypick-robot
Once this PR has been reviewed and has the lgtm label, please assign danwinship for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci-robot
Copy link
Copy Markdown

openshift-ci-robot commented May 20, 2026

@openshift-cherrypick-robot: Jira Issue OCPBUGS-76699 has been cloned as Jira Issue OCPBUGS-86291. Will retitle bug to link to clone.
/retitle [release-4.22] OCPBUGS-86291: ebpf: consolidate packet event logs into single line

Details

In response to this:

This is an automated cherry-pick of #706

/assign danwinship

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@openshift-ci openshift-ci Bot changed the title [release-4.22] OCPBUGS-76699: ebpf: consolidate packet event logs into single line [release-4.22] OCPBUGS-86291: ebpf: consolidate packet event logs into single line May 20, 2026
@openshift-ci-robot openshift-ci-robot added jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. jira/invalid-bug Indicates that a referenced Jira bug is invalid for the branch this PR is targeting. labels May 20, 2026
@openshift-ci-robot
Copy link
Copy Markdown

openshift-ci-robot commented May 20, 2026

@openshift-cherrypick-robot: This pull request references Jira Issue OCPBUGS-86291, which is invalid:

  • release note text must be set and not match the template OR release note type must be set to "Release Note Not Required". For more information you can reference the OpenShift Bug Process.
  • expected dependent Jira Issue OCPBUGS-76699 to target a version in 5.0.0, but it targets "5.0" instead

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

The bug has been updated to refer to the pull request using the external bug tracker.

Details

In response to this:

This is an automated cherry-pick of #706

/assign danwinship

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@danwinship
Copy link
Copy Markdown

danwinship commented May 20, 2026

/assign @rameshsahoo11
/lgtm
/label backport-risk-assessed

@openshift-ci
Copy link
Copy Markdown
Contributor

openshift-ci Bot commented May 20, 2026

@danwinship: GitHub didn't allow me to assign the following users: rameshsahoo11.

Note that only openshift members with read permissions, repo collaborators and people who have commented on this issue/PR can be assigned. Additionally, issues/PRs can only have 10 assignees at the same time.
For more information please see the contributor guide

Details

In response to this:

/assign @rameshsahoo11
/lgtm
/label backport-risk-assessed

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@openshift-ci openshift-ci Bot added the lgtm Indicates that a PR is ready to be merged. label May 20, 2026
@openshift-ci
Copy link
Copy Markdown
Contributor

openshift-ci Bot commented May 20, 2026

@danwinship: The label(s) backport-risk-assessed cannot be applied or removed, because you are not in one of the allowed teams and are not an allowed user. Must be a member of one of these teams: openshift-patch-managers, openshift-release-oversight, openshift-staff-engineers, openshift-sustaining-engineers

Details

In response to this:

/assign @rameshsahoo11
/lgtm
/label backport-risk-assessed

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@openshift-ci
Copy link
Copy Markdown
Contributor

openshift-ci Bot commented May 20, 2026

@openshift-cherrypick-robot: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/unit-test b833c6b link true /test unit-test

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@abhat abhat Awaiting requested review from abhat

@martinkennelly martinkennelly Awaiting requested review from martinkennelly

Assignees

@danwinship danwinship

Labels

jira/invalid-bug Indicates that a referenced Jira bug is invalid for the branch this PR is targeting. jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. lgtm Indicates that a PR is ready to be merged.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@openshift-cherrypick-robot @openshift-ci-robot @danwinship @rameshsahoo11