-
Notifications
You must be signed in to change notification settings - Fork 3.8k
cilium policy trace should prompt user to specify --dport #1940
Copy link
Copy link
Closed
Labels
area/daemonImpacts operation of the Cilium daemon.Impacts operation of the Cilium daemon.good-first-issueGood starting point for new developers, which requires minimal understanding of Cilium.Good starting point for new developers, which requires minimal understanding of Cilium.staleThe stale bot thinks this issue is old. Add "pinned" label to prevent this from becoming stale.The stale bot thinks this issue is old. Add "pinned" label to prevent this from becoming stale.
Description
Metadata
Metadata
Assignees
Labels
area/daemonImpacts operation of the Cilium daemon.Impacts operation of the Cilium daemon.good-first-issueGood starting point for new developers, which requires minimal understanding of Cilium.Good starting point for new developers, which requires minimal understanding of Cilium.staleThe stale bot thinks this issue is old. Add "pinned" label to prevent this from becoming stale.The stale bot thinks this issue is old. Add "pinned" label to prevent this from becoming stale.
When a user performs
cilium policy trace -s ... -d ...and there are L3-dependent l4 policies in place, it only traces l3, and prints a message likeRule restricts traffic to specific L4 destinations; deferring policy decision to L4 policy stageandLabel verdict: undecided. There's no prompt to perform a more thorough trace.It would be more user-friendly if we reported that l4 policies are skipped and prompt the user to specify
--dportin the case when it's not specified.