|
AllowOrDeny::Deny => { |
|
return Ok(LayerResult::Deny { |
|
name: self.name, |
|
reason: DenyReason::Action, |
|
}); |
|
} |
A few lines above, we bump the aforementioned kstat in response to an explicit Action::Deny. We should generally be doing this regardless of what path was taken to decide upon a packet drop, particularly since we only see hits on any rule with a more complex action like the overlay layer has.
It would be better still to get #744 revived even if I don't yet have the time to plumb it into omicron.
opte/lib/opte/src/engine/layer.rs
Lines 1235 to 1240 in d777d6b
A few lines above, we bump the aforementioned kstat in response to an explicit
Action::Deny. We should generally be doing this regardless of what path was taken to decide upon a packet drop, particularly since we only seehits on any rule with a more complex action like theoverlaylayer has.It would be better still to get #744 revived even if I don't yet have the time to plumb it into omicron.