Skip to content

Commit

Permalink
[aclorch] Use IPv6 Next Header internally for protocol number on MLNX…
Browse files Browse the repository at this point in the history 
… platform (sonic-net#1343)

* [aclorch] Use IPv6 Next Header internally for protocol number on MLNX platform

Signed-off-by: Danny Allen <daall@microsoft.com>
  • Loading branch information
@daall
daall authored Jul 7, 2020
1 parent 82d36c4 commit 94c622f
Show file tree
Hide file tree
Showing 3 changed files with 32 additions and 5 deletions.
34 changes: 30 additions & 4 deletions orchagent/aclorch.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,7 @@ acl_rule_attr_lookup_t aclMatchLookup =
{ MATCH_L4_DST_PORT, SAI_ACL_ENTRY_ATTR_FIELD_L4_DST_PORT },
{ MATCH_ETHER_TYPE, SAI_ACL_ENTRY_ATTR_FIELD_ETHER_TYPE },
{ MATCH_IP_PROTOCOL, SAI_ACL_ENTRY_ATTR_FIELD_IP_PROTOCOL },
{ MATCH_NEXT_HEADER, SAI_ACL_ENTRY_ATTR_FIELD_IPV6_NEXT_HEADER },
{ MATCH_TCP_FLAGS, SAI_ACL_ENTRY_ATTR_FIELD_TCP_FLAGS },
{ MATCH_IP_TYPE, SAI_ACL_ENTRY_ATTR_FIELD_ACL_IP_TYPE },
{ MATCH_DSCP, SAI_ACL_ENTRY_ATTR_FIELD_DSCP },
Expand Down Expand Up @@ -302,7 +303,7 @@ bool AclRule::validateAddMatch(string attr_name, string attr_value)
value.aclfield.mask.u8 = 0x3F;
}
}
else if (attr_name == MATCH_IP_PROTOCOL)
else if (attr_name == MATCH_IP_PROTOCOL || attr_name == MATCH_NEXT_HEADER)
{
value.aclfield.data.u8 = to_uint<uint8_t>(attr_value);
value.aclfield.mask.u8 = 0xFF;
Expand Down Expand Up @@ -386,6 +387,17 @@ bool AclRule::validateAddMatch(string attr_name, string attr_value)
return false;
}

// NOTE: Temporary workaround to support matching protocol numbers on MLNX platform.
// In a later SAI version we will transition to using NEXT_HEADER for IPv6 on all platforms.
auto platform_env_var = getenv("platform");
string platform = platform_env_var ? platform_env_var: "";
if ((m_tableType == ACL_TABLE_MIRRORV6 || m_tableType == ACL_TABLE_L3V6)
&& platform == MLNX_PLATFORM_SUBSTRING
&& attr_name == MATCH_IP_PROTOCOL)
{
attr_name = MATCH_NEXT_HEADER;
}

m_matches[aclMatchLookup[attr_name]] = value;

return true;
Expand Down Expand Up @@ -1354,9 +1366,23 @@ bool AclTable::create()
attr.value.booldata = true;
table_attrs.push_back(attr);

attr.id = SAI_ACL_TABLE_ATTR_FIELD_IP_PROTOCOL;
attr.value.booldata = true;
table_attrs.push_back(attr);
// NOTE: Temporary workaround to support matching protocol numbers on MLNX platform.
// In a later SAI version we will transition to using NEXT_HEADER for IPv6 on all platforms.
auto platform_env_var = getenv("platform");
string platform = platform_env_var ? platform_env_var: "";
if ((type == ACL_TABLE_MIRRORV6 || type == ACL_TABLE_L3V6)
&& platform == MLNX_PLATFORM_SUBSTRING)
{
attr.id = SAI_ACL_TABLE_ATTR_FIELD_IPV6_NEXT_HEADER;
attr.value.booldata = true;
table_attrs.push_back(attr);
}
else
{
attr.id = SAI_ACL_TABLE_ATTR_FIELD_IP_PROTOCOL;
attr.value.booldata = true;
table_attrs.push_back(attr);
}

/*
* Type of Tables and Supported Match Types (ASIC database)
Expand Down
1 change: 1 addition & 0 deletions orchagent/aclorch.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,7 @@
#define MATCH_L4_DST_PORT "L4_DST_PORT"
#define MATCH_ETHER_TYPE "ETHER_TYPE"
#define MATCH_IP_PROTOCOL "IP_PROTOCOL"
#define MATCH_NEXT_HEADER "NEXT_HEADER"
#define MATCH_TCP_FLAGS "TCP_FLAGS"
#define MATCH_IP_TYPE "IP_TYPE"
#define MATCH_DSCP "DSCP"
Expand Down
2 changes: 1 addition & 1 deletion tests/test_mirror_ipv6_separate.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -230,7 +230,7 @@ def test_MirrorV6TableCreation(self, dvs, testlog):
# dscp mirror tables.
expected_sai_attributes = [
"SAI_ACL_TABLE_ATTR_FIELD_ACL_IP_TYPE",
"SAI_ACL_TABLE_ATTR_FIELD_IP_PROTOCOL",
"SAI_ACL_TABLE_ATTR_FIELD_IPV6_NEXT_HEADER", # NOTE: We use the MLNX2700 VS implementation for this test suite.
"SAI_ACL_TABLE_ATTR_FIELD_SRC_IPV6",
"SAI_ACL_TABLE_ATTR_FIELD_DST_IPV6",
"SAI_ACL_TABLE_ATTR_FIELD_ICMPV6_TYPE",
Expand Down

0 comments on commit 94c622f

Please sign in to comment.