Skip to content

Commit

Permalink
[ACL] Support ACTION_COUNTER action in custom ACL table type (sonic-n…
Browse files Browse the repository at this point in the history
…et#2550)

* Support COUNTER action in custom ACL

Signed-off-by: bingwang <bingwang@microsoft.com>
  • Loading branch information
bingwang-ms authored Dec 2, 2022
1 parent 1a74604 commit ec507a4
Show file tree
Hide file tree
Showing 4 changed files with 44 additions and 4 deletions.
13 changes: 13 additions & 0 deletions orchagent/aclorch.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -107,6 +107,11 @@ static acl_rule_attr_lookup_t aclDTelActionLookup =
{ ACTION_DTEL_REPORT_ALL_PACKETS, SAI_ACL_ENTRY_ATTR_ACTION_DTEL_REPORT_ALL_PACKETS }
};

static acl_rule_attr_lookup_t aclOtherActionLookup =
{
{ ACTION_COUNTER, SAI_ACL_ENTRY_ATTR_ACTION_COUNTER}
};

static acl_packet_action_lookup_t aclPacketActionLookup =
{
{ PACKET_ACTION_FORWARD, SAI_PACKET_ACTION_FORWARD },
Expand Down Expand Up @@ -635,6 +640,7 @@ bool AclTableTypeParser::parseAclTableTypeActions(const std::string& value, AclT
auto l3Action = aclL3ActionLookup.find(action);
auto mirrorAction = aclMirrorStageLookup.find(action);
auto dtelAction = aclDTelActionLookup.find(action);
auto otherAction = aclOtherActionLookup.find(action);

if (l3Action != aclL3ActionLookup.end())
{
Expand All @@ -648,11 +654,16 @@ bool AclTableTypeParser::parseAclTableTypeActions(const std::string& value, AclT
{
saiActionAttr = dtelAction->second;
}
else if (otherAction != aclOtherActionLookup.end())
{
saiActionAttr = otherAction->second;
}
else
{
SWSS_LOG_ERROR("Unknown action %s", action.c_str());
return false;
}
SWSS_LOG_INFO("Added action %s", action.c_str());

builder.withAction(AclEntryActionToAclAction(saiActionAttr));
}
Expand Down Expand Up @@ -4439,10 +4450,12 @@ void AclOrch::doAclTableTypeTask(Consumer &consumer)
}

addAclTableType(builder.build());
SWSS_LOG_NOTICE("Created ACL table type %s", key.c_str());
}
else if (op == DEL_COMMAND)
{
removeAclTableType(key);
SWSS_LOG_NOTICE("Removed ACL table type %s", key.c_str());
}
else
{
Expand Down
1 change: 1 addition & 0 deletions orchagent/aclorch.h
Original file line number Diff line number Diff line change
Expand Up @@ -65,6 +65,7 @@
#define ACTION_DTEL_TAIL_DROP_REPORT_ENABLE "TAIL_DROP_REPORT_ENABLE"
#define ACTION_DTEL_FLOW_SAMPLE_PERCENT "FLOW_SAMPLE_PERCENT"
#define ACTION_DTEL_REPORT_ALL_PACKETS "REPORT_ALL_PACKETS"
#define ACTION_COUNTER "COUNTER"

#define PACKET_ACTION_FORWARD "FORWARD"
#define PACKET_ACTION_DROP "DROP"
Expand Down
27 changes: 25 additions & 2 deletions tests/dvslib/dvs_acl.py
Original file line number Diff line number Diff line change
Expand Up @@ -54,18 +54,21 @@ def create_acl_table_type(
self,
name: str,
matches: List[str],
bpoint_types: List[str]
bpoint_types: List[str],
actions: List[str]
) -> None:
"""Create a new ACL table type in Config DB.
Args:
name: The name for the new ACL table type.
matches: A list of matches to use in ACL table.
bpoint_types: A list of bind point types to use in ACL table.
actions: A list of actions to use in ACL table
"""
table_type_attrs = {
"matches@": ",".join(matches),
"bind_points@": ",".join(bpoint_types)
"bind_points@": ",".join(bpoint_types),
"actions@": ",".join(actions)
}

self.config_db.create_entry(self.CDB_ACL_TABLE_TYPE_NAME, name, table_type_attrs)
Expand Down Expand Up @@ -306,6 +309,26 @@ def verify_acl_table_port_binding(

self.verify_acl_table_group_members(acl_table_id, acl_table_group_ids, num_tables)


def verify_acl_table_action_list(
self,
acl_table_id: str,
expected_action_list: List[str],
) -> None:
"""Verify that the ACL table has specified action list.
Args:
acl_table_id: The ACL table that is being checked.
expected_action_list: The expected action list set to the given ACL table.
"""
fvs = self.asic_db.wait_for_entry(self.ADB_ACL_TABLE_NAME, acl_table_id)
action_list_str = fvs.get('SAI_ACL_TABLE_ATTR_ACL_ACTION_TYPE_LIST')
action_count, actions = action_list_str.split(':')
action_list = actions.split(',')
assert (int(action_count) == len(action_list))
for action in expected_action_list:
assert action in action_list


def create_acl_rule(
self,
table_name: str,
Expand Down
7 changes: 5 additions & 2 deletions tests/test_acl_egress_table.py
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,8 @@
"VLAN_ID"
]
CUSTOM_TABLE_TYPE_BPOINT_TYPES = ["PORT","PORTCHANNEL"]
CUSTOM_TABLE_TYPE_ACTIONS = ["PACKET_ACTION,COUNTER"]
EXPECTED_ACTION_LIST = ['SAI_ACL_ACTION_TYPE_PACKET_ACTION','SAI_ACL_ACTION_TYPE_COUNTER']
TABLE_NAME = "EGRESS_TEST"
BIND_PORTS = ["Ethernet0", "Ethernet4"]
RULE_NAME = "EGRESS_TEST_RULE"
Expand All @@ -23,7 +25,7 @@ class TestEgressAclTable:
@pytest.fixture
def egress_acl_table(self, dvs_acl):
try:
dvs_acl.create_acl_table_type(TABLE_TYPE, CUSTOM_TABLE_TYPE_MATCHES, CUSTOM_TABLE_TYPE_BPOINT_TYPES)
dvs_acl.create_acl_table_type(TABLE_TYPE, CUSTOM_TABLE_TYPE_MATCHES, CUSTOM_TABLE_TYPE_BPOINT_TYPES, CUSTOM_TABLE_TYPE_ACTIONS)
dvs_acl.create_acl_table(TABLE_NAME, TABLE_TYPE, BIND_PORTS, stage="egress")
yield dvs_acl.get_acl_table_ids(1)[0]
finally:
Expand All @@ -33,14 +35,15 @@ def egress_acl_table(self, dvs_acl):

def test_EgressAclTableCreationDeletion(self, dvs_acl):
try:
dvs_acl.create_acl_table_type(TABLE_TYPE, CUSTOM_TABLE_TYPE_MATCHES, CUSTOM_TABLE_TYPE_BPOINT_TYPES)
dvs_acl.create_acl_table_type(TABLE_TYPE, CUSTOM_TABLE_TYPE_MATCHES, CUSTOM_TABLE_TYPE_BPOINT_TYPES, CUSTOM_TABLE_TYPE_ACTIONS)
dvs_acl.create_acl_table(TABLE_NAME, TABLE_TYPE, BIND_PORTS, stage="egress")

acl_table_id = dvs_acl.get_acl_table_ids(1)[0]
acl_table_group_ids = dvs_acl.get_acl_table_group_ids(len(BIND_PORTS))

dvs_acl.verify_acl_table_group_members(acl_table_id, acl_table_group_ids, 1)
dvs_acl.verify_acl_table_port_binding(acl_table_id, BIND_PORTS, 1, stage="egress")
dvs_acl.verify_acl_table_action_list(acl_table_id, EXPECTED_ACTION_LIST)
finally:
dvs_acl.remove_acl_table(TABLE_NAME)
dvs_acl.remove_acl_table_type(TABLE_TYPE)
Expand Down

0 comments on commit ec507a4

Please sign in to comment.