From 29f67ebe5807dc37b9cf1f0c2e4695699e7f0dba Mon Sep 17 00:00:00 2001 From: Oleksandr Ivantsiv Date: Fri, 3 Nov 2017 00:09:27 +0200 Subject: [PATCH] [acl-loader]: acl-loader integration. (#1000) * [acl-loader]: acl-loader integration. acl-loader was inplemented based on translate_acl source code. acl-loader can't be tested with unittest. Same testcases will be covered with testbed tests. - Remove translate_acl utility and tests. - Remove mirror template. - Do not run ACL rules and mirror configuration generators. - Adopt minigraph parser to work with acl-loader. * Update sonic-swss-common and sonic-swss submodules. Enable ACL dynamic config feature. * Update sonic-utilities submodule. Include fix for acl-loader incremental update command. * [sonic-cfggen]: Add test for everflow cfggen configuration. --- dockers/docker-orchagent/mirror.json.j2 | 24 --- dockers/docker-orchagent/start.sh | 1 - dockers/docker-orchagent/swssconfig.sh | 16 +- src/sonic-config-engine/minigraph.py | 14 +- src/sonic-config-engine/setup.py | 2 +- .../tests/sample_output/mirror.json | 14 -- .../sample_output/rules_for_dataacl.json | 46 ----- .../sample_output/rules_for_everflow.json | 14 -- .../tests/sample_output/table_dataacl.json | 10 - .../tests/sample_output/table_everflow.json | 10 - src/sonic-config-engine/tests/test_acl.py | 58 ------ src/sonic-config-engine/tests/test_cfggen.py | 21 ++- src/sonic-config-engine/tests/test_j2files.py | 13 +- src/sonic-config-engine/translate_acl | 174 ------------------ src/sonic-swss | 2 +- src/sonic-swss-common | 2 +- src/sonic-utilities | 2 +- 17 files changed, 27 insertions(+), 396 deletions(-) delete mode 100644 dockers/docker-orchagent/mirror.json.j2 delete mode 100644 src/sonic-config-engine/tests/sample_output/mirror.json delete mode 100644 src/sonic-config-engine/tests/sample_output/rules_for_dataacl.json delete mode 100644 src/sonic-config-engine/tests/sample_output/rules_for_everflow.json delete mode 100644 src/sonic-config-engine/tests/sample_output/table_dataacl.json delete mode 100644 src/sonic-config-engine/tests/sample_output/table_everflow.json delete mode 100644 src/sonic-config-engine/tests/test_acl.py delete mode 100755 src/sonic-config-engine/translate_acl diff --git a/dockers/docker-orchagent/mirror.json.j2 b/dockers/docker-orchagent/mirror.json.j2 deleted file mode 100644 index 3a3fc6eed0..0000000000 --- a/dockers/docker-orchagent/mirror.json.j2 +++ /dev/null @@ -1,24 +0,0 @@ -[ -{% if MIRROR_SESSION %} -{% for session in MIRROR_SESSION %} - { - "MIRROR_SESSION_TABLE:{{session}}": { - "src_ip": "{{ MIRROR_SESSION[session]['src_ip'] }}", - "dst_ip": "{{ MIRROR_SESSION[session]['dst_ip'] }}", -{% if onie_switch_asic == "mlnx" %} - "gre_type": "0x6558", - "queue": "1", -{% else %} - "gre_type": "0x88be", - "queue": "0", -{% endif %} - "dscp": "8", - "ttl": "255" - }, - "OP": "SET" - }{% if not loop.last %},{% endif %} - -{% endfor %} -{% endif %} -] - diff --git a/dockers/docker-orchagent/start.sh b/dockers/docker-orchagent/start.sh index bad88111c9..aa4e5b7dae 100755 --- a/dockers/docker-orchagent/start.sh +++ b/dockers/docker-orchagent/start.sh @@ -4,7 +4,6 @@ mkdir -p /etc/swss/config.d/ sonic-cfggen -m /etc/sonic/minigraph.xml -d -t /usr/share/sonic/templates/switch.json.j2 > /etc/swss/config.d/switch.json sonic-cfggen -m /etc/sonic/minigraph.xml -d -t /usr/share/sonic/templates/ipinip.json.j2 > /etc/swss/config.d/ipinip.json -sonic-cfggen -m /etc/sonic/minigraph.xml -d -t /usr/share/sonic/templates/mirror.json.j2 > /etc/swss/config.d/mirror.json sonic-cfggen -m /etc/sonic/minigraph.xml -d -t /usr/share/sonic/templates/ports.json.j2 > /etc/swss/config.d/ports.json export platform=`sonic-cfggen -v platform` diff --git a/dockers/docker-orchagent/swssconfig.sh b/dockers/docker-orchagent/swssconfig.sh index c00d203a71..3458ddae61 100755 --- a/dockers/docker-orchagent/swssconfig.sh +++ b/dockers/docker-orchagent/swssconfig.sh @@ -2,18 +2,6 @@ set -e -function config_acl { - if [ -f "/etc/sonic/acl.json" ]; then - mkdir -p /etc/swss/config.d/acl - rm -rf /etc/swss/config.d/acl/* - translate_acl -m /etc/sonic/minigraph.xml -o /etc/swss/config.d/acl /etc/sonic/acl.json - for filename in /etc/swss/config.d/acl/*.json; do - [ -e "$filename" ] || break - swssconfig $filename - done - fi -} - function fast_reboot { case "$(cat /proc/cmdline)" in *fast-reboot*) @@ -39,7 +27,7 @@ fast_reboot HWSKU=`sonic-cfggen -m /etc/sonic/minigraph.xml -d -v "DEVICE_METADATA['localhost']['hwsku']"` -SWSSCONFIG_ARGS="00-copp.config.json ipinip.json mirror.json ports.json switch.json " +SWSSCONFIG_ARGS="00-copp.config.json ipinip.json ports.json switch.json " if [ "$HWSKU" == "Force10-S6000" ]; then SWSSCONFIG_ARGS+="td2.32ports.buffers.json td2.32ports.qos.json " @@ -56,5 +44,3 @@ for file in $SWSSCONFIG_ARGS; do swssconfig /etc/swss/config.d/$file sleep 1 done - -config_acl diff --git a/src/sonic-config-engine/minigraph.py b/src/sonic-config-engine/minigraph.py index 3e1e603e64..c51b24afed 100644 --- a/src/sonic-config-engine/minigraph.py +++ b/src/sonic-config-engine/minigraph.py @@ -29,7 +29,7 @@ ns3 = "http://www.w3.org/2001/XMLSchema-instance" class minigraph_encoder(json.JSONEncoder): def default(self, obj): if isinstance(obj, ( - ipaddress.IPv4Network, ipaddress.IPv6Network, + ipaddress.IPv4Network, ipaddress.IPv6Network, ipaddress.IPv4Address, ipaddress.IPv6Address )): return str(obj) @@ -129,7 +129,7 @@ def parse_dpg(dpg, hname): intfname = lointf.find(str(QName(ns, "AttachTo"))).text ipprefix = lointf.find(str(QName(ns1, "PrefixStr"))).text lo_intfs[(intfname, ipprefix)] = {} - + mgmtintfs = child.find(str(QName(ns, "ManagementIPInterfaces"))) mgmt_intf = {} for mgmtintf in mgmtintfs.findall(str(QName(ns1, "ManagementIPInterface"))): @@ -175,7 +175,7 @@ def parse_dpg(dpg, hname): aclintfs = child.find(str(QName(ns, "AclInterfaces"))) acls = {} for aclintf in aclintfs.findall(str(QName(ns, "AclInterface"))): - aclname = aclintf.find(str(QName(ns, "InAcl"))).text.lower().replace(" ", "_").replace("-", "_") + aclname = aclintf.find(str(QName(ns, "InAcl"))).text.upper().replace(" ", "_").replace("-", "_") aclattach = aclintf.find(str(QName(ns, "AttachTo"))).text.split(';') acl_intfs = [] is_mirror = False @@ -193,7 +193,7 @@ def parse_dpg(dpg, hname): acl_intfs = port_alias_map.values() break; if acl_intfs: - acls[aclname] = { 'policy_desc': aclname, 'ports': acl_intfs, 'type': 'mirror' if is_mirror else 'L3'} + acls[aclname] = { 'policy_desc': aclname, 'ports': acl_intfs, 'type': 'MIRROR' if is_mirror else 'L3'} return intfs, lo_intfs, mgmt_intf, vlans, pcs, acls return None, None, None, None, None, None @@ -358,7 +358,7 @@ def parse_xml(filename, platform=None, port_config_file=None): port_speeds = parse_deviceinfo(child, hwsku) results = {} - results['DEVICE_METADATA'] = {'localhost': { + results['DEVICE_METADATA'] = {'localhost': { 'bgp_asn': bgp_asn, 'deployment_id': deployment_id, 'hostname': hostname, @@ -423,13 +423,13 @@ def parse_device_desc_xml(filename): (lo_prefix, mgmt_prefix, hostname, hwsku, d_type) = parse_device(root) results = {} - results['DEVICE_METADATA'] = {'localhost': { + results['DEVICE_METADATA'] = {'localhost': { 'hostname': hostname, 'hwsku': hwsku, }} results['LOOPBACK_INTERFACE'] = {('lo', lo_prefix): {}} - + mgmt_intf = {} mgmtipn = ipaddress.IPNetwork(mgmt_prefix) gwaddr = ipaddress.IPAddress(int(mgmtipn.network) + 1) diff --git a/src/sonic-config-engine/setup.py b/src/sonic-config-engine/setup.py index 1bb597f395..296b7a03a6 100755 --- a/src/sonic-config-engine/setup.py +++ b/src/sonic-config-engine/setup.py @@ -16,7 +16,7 @@ setup(name='sonic-config-engine', author_email='taoyl@microsoft.com', url='https://github.com/Azure/sonic-buildimage', py_modules=['portconfig', 'minigraph', 'openconfig_acl', 'sonic_platform'], - scripts=['sonic-cfggen', 'translate_acl'], + scripts=['sonic-cfggen'], install_requires=['lxml', 'jinja2', 'netaddr', 'ipaddr', 'pyyaml', 'pyangbind'], test_suite='setup.get_test_suite', ) diff --git a/src/sonic-config-engine/tests/sample_output/mirror.json b/src/sonic-config-engine/tests/sample_output/mirror.json deleted file mode 100644 index 225235067e..0000000000 --- a/src/sonic-config-engine/tests/sample_output/mirror.json +++ /dev/null @@ -1,14 +0,0 @@ -[ - { - "MIRROR_SESSION_TABLE:everflow0": { - "src_ip": "10.1.0.32", - "dst_ip": "2.2.2.2", - "gre_type": "0x88be", - "queue": "0", - "dscp": "8", - "ttl": "255" - }, - "OP": "SET" - } -] - diff --git a/src/sonic-config-engine/tests/sample_output/rules_for_dataacl.json b/src/sonic-config-engine/tests/sample_output/rules_for_dataacl.json deleted file mode 100644 index 709468f9d9..0000000000 --- a/src/sonic-config-engine/tests/sample_output/rules_for_dataacl.json +++ /dev/null @@ -1,46 +0,0 @@ -[ - { - "ACL_RULE_TABLE:DATAACL:RULE_1":{ - "IP_PROTOCOL":17, - "PACKET_ACTION":"FORWARD", - "SRC_IP":"10.0.0.0/8", - "priority":9999 - }, - "OP":"SET" - }, - { - "ACL_RULE_TABLE:DATAACL:RULE_3":{ - "IP_PROTOCOL":17, - "PACKET_ACTION":"FORWARD", - "SRC_IP":"25.0.0.0/8", - "priority":9997 - }, - "OP":"SET" - }, - { - "ACL_RULE_TABLE:DATAACL:RULE_2":{ - "IP_PROTOCOL":17, - "PACKET_ACTION":"FORWARD", - "SRC_IP":"100.64.0.0/10", - "priority":9998 - }, - "OP":"SET" - }, - { - "ACL_RULE_TABLE:DATAACL:RULE_4":{ - "IP_PROTOCOL":6, - "PACKET_ACTION":"FORWARD", - "TCP_FLAGS":"0x10/0x10", - "priority":9996 - }, - "OP":"SET" - }, - { - "ACL_RULE_TABLE:DATAACL:DEFAULT_RULE":{ - "ETHER_TYPE":"0x0800", - "PACKET_ACTION":"DROP", - "priority":1 - }, - "OP":"SET" - } -] \ No newline at end of file diff --git a/src/sonic-config-engine/tests/sample_output/rules_for_everflow.json b/src/sonic-config-engine/tests/sample_output/rules_for_everflow.json deleted file mode 100644 index 2f39a0dcc4..0000000000 --- a/src/sonic-config-engine/tests/sample_output/rules_for_everflow.json +++ /dev/null @@ -1,14 +0,0 @@ -[ - { - "ACL_RULE_TABLE:EVERFLOW:RULE_1":{ - "DST_IP":"127.0.0.1/32", - "IP_PROTOCOL":6, - "L4_DST_PORT":0, - "L4_SRC_PORT":0, - "MIRROR_ACTION":"everflow", - "SRC_IP":"127.0.0.1/32", - "priority":9999 - }, - "OP":"SET" - } -] \ No newline at end of file diff --git a/src/sonic-config-engine/tests/sample_output/table_dataacl.json b/src/sonic-config-engine/tests/sample_output/table_dataacl.json deleted file mode 100644 index a099680821..0000000000 --- a/src/sonic-config-engine/tests/sample_output/table_dataacl.json +++ /dev/null @@ -1,10 +0,0 @@ -[ - { - "ACL_TABLE:DATAACL":{ - "policy_desc":"dataacl", - "ports":"Ethernet112,Ethernet116,Ethernet120,Ethernet124", - "type":"L3" - }, - "OP":"SET" - } -] \ No newline at end of file diff --git a/src/sonic-config-engine/tests/sample_output/table_everflow.json b/src/sonic-config-engine/tests/sample_output/table_everflow.json deleted file mode 100644 index a4ad52bfe5..0000000000 --- a/src/sonic-config-engine/tests/sample_output/table_everflow.json +++ /dev/null @@ -1,10 +0,0 @@ -[ - { - "ACL_TABLE:EVERFLOW":{ - "policy_desc":"everflow", - "ports":"Ethernet24,Ethernet40,Ethernet20,Ethernet44,Ethernet48,Ethernet28,Ethernet96,Ethernet92,Ethernet76,Ethernet116,Ethernet72,Ethernet112,Ethernet52,Ethernet80,Ethernet56,Ethernet32,Ethernet16,Ethernet36,Ethernet12,Ethernet60,Ethernet8,Ethernet4,Ethernet0,Ethernet64,Ethernet68,Ethernet84,Ethernet88,Ethernet108,Ethernet120,Ethernet104,Ethernet124,Ethernet100", - "type":"mirror" - }, - "OP":"SET" - } -] \ No newline at end of file diff --git a/src/sonic-config-engine/tests/test_acl.py b/src/sonic-config-engine/tests/test_acl.py deleted file mode 100644 index 319b2c1f73..0000000000 --- a/src/sonic-config-engine/tests/test_acl.py +++ /dev/null @@ -1,58 +0,0 @@ -import filecmp -import os -import subprocess - -from unittest import TestCase - -class TestAcl(TestCase): - def setUp(self): - self.test_dir = os.path.dirname(os.path.realpath(__file__)) - self.script_file = os.path.join(self.test_dir, '..', 'sonic-cfggen') - self.acl_script_file = os.path.join(self.test_dir, '..', 'translate_acl') - self.t0_minigraph = os.path.join(self.test_dir, 't0-sample-graph.xml') - self.t0_minigraph_everflow = os.path.join(self.test_dir, 't0-sample-graph-everflow.xml') - self.t0_acl = os.path.join(self.test_dir, 't0-sample-acl.json') - self.t0_port_config = os.path.join(self.test_dir, 't0-sample-port-config.ini') - - def run_script(self, argument): - print 'CMD: sonic-cfggen ' + argument - output = '' - try: - output = subprocess.check_output(self.script_file + ' ' + argument, shell=True, stderr=subprocess.STDOUT) - except subprocess.CalledProcessError, (p): - print 'CalledProcessError: CMD:%s returncode:%s' % (p.cmd, p.returncode) - print p.output - return output - - def run_acl_script(self, argument): - print 'CMD: translate_acl ' + argument - output = '' - try: - output = subprocess.check_output(self.acl_script_file + ' ' + argument, shell=True, stderr=subprocess.STDOUT) - except subprocess.CalledProcessError, (p): - print 'CalledProcessError: CMD:%s returncode:%s' % (p.cmd, p.returncode) - print p.output - return output - - def test_translate_acl(self): - argument = '-m ' + self.t0_minigraph + ' -p ' + self.t0_port_config + ' -o ' + self.test_dir + ' ' + self.t0_acl - self.run_acl_script(argument) - for filename in ['rules_for_dataacl.json','table_dataacl.json']: - sample_output_file = os.path.join(self.test_dir, 'sample_output', filename) - output_file = os.path.join(self.test_dir, filename) - assert filecmp.cmp(sample_output_file, output_file) - - def test_translate_everflow(self): - argument = '-m ' + self.t0_minigraph_everflow + ' -p ' + self.t0_port_config + ' -o ' + self.test_dir + ' ' + self.t0_acl - self.run_acl_script(argument) - for filename in ['rules_for_everflow.json','table_everflow.json']: - sample_output_file = os.path.join(self.test_dir, 'sample_output', filename) - output_file = os.path.join(self.test_dir, filename) - assert filecmp.cmp(sample_output_file, output_file) - - def tearDown(self): - for filename in ['rules_for_dataacl.json','table_dataacl.json','rules_for_everflow.json','table_everflow.json']: - try: - os.remove(os.path.join(self.test_dir, filename)) - except OSError: - pass diff --git a/src/sonic-config-engine/tests/test_cfggen.py b/src/sonic-config-engine/tests/test_cfggen.py index 57172af97c..31663077c4 100644 --- a/src/sonic-config-engine/tests/test_cfggen.py +++ b/src/sonic-config-engine/tests/test_cfggen.py @@ -3,7 +3,7 @@ import subprocess import os class TestCfgGen(TestCase): - + def setUp(self): self.test_dir = os.path.dirname(os.path.realpath(__file__)) self.script_file = os.path.join(self.test_dir, '..', 'sonic-cfggen') @@ -29,7 +29,7 @@ class TestCfgGen(TestCase): argument = '' output = self.run_script(argument) self.assertEqual(output, '') - + def test_device_desc(self): argument = '-v "DEVICE_METADATA[\'localhost\'][\'hwsku\']" -M "' + self.sample_device_desc + '"' output = self.run_script(argument) @@ -44,17 +44,17 @@ class TestCfgGen(TestCase): argument = '-v "DEVICE_METADATA[\'localhost\'][\'hwsku\']" -m "' + self.sample_graph + '"' output = self.run_script(argument) self.assertEqual(output.strip(), 'Force10-Z9100') - + def test_print_data(self): argument = '-m "' + self.sample_graph + '" --print-data' output = self.run_script(argument) self.assertTrue(len(output.strip()) > 0) - + def test_jinja_expression(self): argument = '-m "' + self.sample_graph + '" -v "DEVICE_METADATA[\'localhost\'][\'type\']"' output = self.run_script(argument) self.assertEqual(output.strip(), 'LeafRouter') - + def test_additional_json_data(self): argument = '-a \'{"key1":"value1"}\' -v key1' output = self.run_script(argument) @@ -64,7 +64,7 @@ class TestCfgGen(TestCase): argument = '-v yml_item -y ' + os.path.join(self.test_dir, 'test.yml') output = self.run_script(argument) self.assertEqual(output.strip(), '[\'value1\', \'value2\']') - + def test_render_template(self): argument = '-y ' + os.path.join(self.test_dir, 'test.yml') + ' -t ' + os.path.join(self.test_dir, 'test.j2') output = self.run_script(argument) @@ -73,13 +73,18 @@ class TestCfgGen(TestCase): def test_minigraph_acl(self): argument = '-m "' + self.sample_graph_t0 + '" -p "' + self.port_config + '" -v ACL_TABLE' output = self.run_script(argument) - self.assertEqual(output.strip(), "{'dataacl': {'type': 'L3', 'policy_desc': 'dataacl', 'ports': ['Ethernet112', 'Ethernet116', 'Ethernet120', 'Ethernet124']}}") + self.assertEqual(output.strip(), "{'DATAACL': {'type': 'L3', 'policy_desc': 'DATAACL', 'ports': ['Ethernet112', 'Ethernet116', 'Ethernet120', 'Ethernet124']}}") + + def test_minigraph_everflow(self): + argument = '-m "' + self.sample_graph_t0 + '" -p "' + self.port_config + '" -v MIRROR_SESSION' + output = self.run_script(argument) + self.assertEqual(output.strip(), "{'everflow0': {'src_ip': '10.1.0.32', 'dst_ip': '2.2.2.2'}}") def test_minigraph_interfaces(self): argument = '-m "' + self.sample_graph_simple + '" -p "' + self.port_config + '" -v \'INTERFACE.keys()\'' output = self.run_script(argument) self.assertEqual(output.strip(), "[('Ethernet0', '10.0.0.58/31'), ('Ethernet0', 'FC00::75/126')]") - + def test_minigraph_vlans(self): argument = '-m "' + self.sample_graph_simple + '" -p "' + self.port_config + '" -v VLAN' output = self.run_script(argument) diff --git a/src/sonic-config-engine/tests/test_j2files.py b/src/sonic-config-engine/tests/test_j2files.py index 3d4139d0eb..d1cc0d2a32 100644 --- a/src/sonic-config-engine/tests/test_j2files.py +++ b/src/sonic-config-engine/tests/test_j2files.py @@ -31,14 +31,14 @@ class TestJ2Files(TestCase): argument = '-m ' + self.t0_minigraph + ' -p ' + self.t0_port_config + ' -t ' + alias_map_template output = self.run_script(argument) data = json.loads(output) - self.assertEqual(data["Ethernet4"], "fortyGigE0/4") + self.assertEqual(data["Ethernet4"], "fortyGigE0/4") def test_lldp(self): lldpd_conf_template = os.path.join(self.test_dir, '..', '..', '..', 'dockers', 'docker-lldp-sv2', 'lldpd.conf.j2') argument = '-m ' + self.t0_minigraph + ' -p ' + self.t0_port_config + ' -t ' + lldpd_conf_template + ' > ' + self.output_file self.run_script(argument) self.assertTrue(filecmp.cmp(os.path.join(self.test_dir, 'sample_output', 'lldpd.conf'), self.output_file)) - + def test_teamd(self): def test_render_teamd(self, pc, minigraph, sample_output): @@ -77,15 +77,6 @@ class TestJ2Files(TestCase): assert filecmp.cmp(sample_output_file, self.output_file) - def test_everflow(self): - everflow_file = os.path.join(self.test_dir, '..', '..', '..', 'dockers', 'docker-orchagent', 'mirror.json.j2') - argument = '-m ' + self.t0_minigraph + ' -p ' + self.t0_port_config + ' -t ' + everflow_file + ' > ' + self.output_file - self.run_script(argument) - - sample_output_file = os.path.join(self.test_dir, 'sample_output', 'mirror.json') - - assert filecmp.cmp(sample_output_file, self.output_file) - def test_msn27xx_32ports_buffers(self): buffer_file = os.path.join(self.test_dir, '..', '..', '..', 'dockers', 'docker-orchagent', 'msn27xx.32ports.buffers.json.j2') argument = '-m ' + self.t1_mlnx_minigraph + ' -p ' + self.mlnx_port_config + ' -t ' + buffer_file + ' > ' + self.output_file diff --git a/src/sonic-config-engine/translate_acl b/src/sonic-config-engine/translate_acl deleted file mode 100755 index b8138cf36b..0000000000 --- a/src/sonic-config-engine/translate_acl +++ /dev/null @@ -1,174 +0,0 @@ -#!/usr/bin/env python - -import sys -import os.path -import json -import argparse - -import openconfig_acl -import pyangbind.lib.pybindJSON as pybindJSON -from minigraph import parse_xml - -def dump_json(filename, data): - with open(filename, 'w') as outfile: - json.dump(data, outfile, indent=4, sort_keys=True, separators=(',', ':')) - -def default_deny_rule(table_name): - rule_props = {} - rule_data = {} - rule_data["ACL_RULE_TABLE:"+table_name.upper()+":DEFAULT_RULE"] = rule_props - rule_data["OP"] = "SET" - rule_props["priority"] = 1 - rule_props["ETHER_TYPE"] = "0x0800" - rule_props["PACKET_ACTION"] = "DROP" - return rule_data - -def generate_rule_json(table_name, rule, max_priority, mirror): - rule_idx = rule.config.sequence_id - rule_props = {} - rule_data = {} - rule_data["ACL_RULE_TABLE:"+table_name.upper()+":RULE_"+str(rule_idx)] = rule_props - rule_data["OP"] = "SET" - - rule_props["priority"] = max_priority - rule_idx - if rule.actions.config.forwarding_action == "ACCEPT": - if mirror: - rule_props["MIRROR_ACTION"] = "everflow" - else: - rule_props["PACKET_ACTION"] = "FORWARD" - elif rule.actions.config.forwarding_action == "DROP": - rule_props["PACKET_ACTION"] = "DROP" - elif rule.actions.config.forwarding_action == "REJECT": - rule_props["PACKET_ACTION"] = "DROP" - else: - print "Unknown rule action %s in table %s, rule %d!" % (rule.actions.config.forwarding_action, table_name, rule_idx) - return {} - - ip_protocol_map = { - "IP_TCP" : 6, - "IP_ICMP" : 1, - "IP_UDP" : 17, - "IP_IGMP" : 2, - "IP_PIM" : 103, - "IP_RSVP" : 46, - "IP_GRE" : 47, - "IP_AUTH" : 51, - "IP_L2TP" : 115 - } - - if not rule.ip.config.protocol: - pass - elif ip_protocol_map.has_key(rule.ip.config.protocol): - rule_props["IP_PROTOCOL"] = ip_protocol_map[rule.ip.config.protocol] - else: - try: - int(rule.ip.config.protocol) - except: - print "Unknown rule protocol %s in table %s, rule %d!" % (rule.ip.config.protocol, table_name, rule_idx) - return {} - else: - rule_props["IP_PROTOCOL"] = rule.ip.config.protocol - - if rule.ip.config.source_ip_address != "": - rule_props["SRC_IP"] = rule.ip.config.source_ip_address - if rule.ip.config.destination_ip_address != "": - rule_props["DST_IP"] = rule.ip.config.destination_ip_address - - if rule.transport.config.source_port == "": - pass - elif str(rule.transport.config.source_port).find("..") < 0: - rule_props["L4_SRC_PORT"] = rule.transport.config.source_port - else: - rule_props["L4_SRC_PORT_RANGE"] = str(rule.transport.config.source_port).replace("..", "-") - - if rule.transport.config.destination_port == "": - pass - elif str(rule.transport.config.destination_port).find("..") < 0: - rule_props["L4_DST_PORT"] = rule.transport.config.destination_port - else: - rule_props["L4_DST_PORT_RANGE"] = str(rule.transport.config.destination_port).replace("..", "-") - - tcp_flags = 0x00; - for flag in rule.transport.config.tcp_flags: - if flag == "TCP_FIN": - tcp_flags = tcp_flags | 0x01 - if flag == "TCP_SYN": - tcp_flags = tcp_flags | 0x02 - if flag == "TCP_RST": - tcp_flags = tcp_flags | 0x04 - if flag == "TCP_PSH": - tcp_flags = tcp_flags | 0x08 - if flag == "TCP_ACK": - tcp_flags = tcp_flags | 0x10 - if flag == "TCP_URG": - tcp_flags = tcp_flags | 0x20 - if flag == "TCP_ECE": - tcp_flags = tcp_flags | 0x40 - if flag == "TCP_CWR": - tcp_flags = tcp_flags | 0x80 - if tcp_flags != 0x00: - rule_props["TCP_FLAGS"] = '0x{:02x}/0x{:02x}'.format(tcp_flags, tcp_flags) - return rule_data - -def generate_table_json(aclset, aclname, ports, t_type, max_priority, output_path='.'): - table_name = aclname.replace(" ", "_").replace("-", "_") - #table_name = generate_random_table_name() - mirror = (t_type == 'mirror') - - table_props = {} - table_props["policy_desc"] = table_name - table_props["type"] = t_type - table_props["ports"] = ports - - table_data = [{}] - table_data[0]["ACL_TABLE:"+table_name.upper()] = table_props - table_data[0]["OP"] = "SET" - dump_json(os.path.join(output_path, "table_"+table_name+".json"), table_data) - - rule_data = [] - for aclentryname in aclset.acl_entries.acl_entry: - aclentry = aclset.acl_entries.acl_entry[aclentryname] - rule_props = generate_rule_json(table_name, aclentry, max_priority, mirror) - if rule_props: - rule_data.append(rule_props) - if not mirror: - rule_data.append(default_deny_rule(table_name)) - dump_json(os.path.join(output_path, "rules_for_"+table_name+".json"), rule_data) - -def translate_acl_fixed_port(filename, output_path, port, max_priority): - yang_acl = pybindJSON.load(filename, openconfig_acl, "openconfig_acl") - for aclsetname in yang_acl.acl.acl_sets.acl_set: - aclset = yang_acl.acl.acl_sets.acl_set[aclsetname] - generate_table_json(aclset, aclsetname, port, 'l3', max_priority, output_path) - return - -def translate_acl(filename, output_path, mini_acl, max_priority): - yang_acl = pybindJSON.load(filename, openconfig_acl, "openconfig_acl") - for aclsetname in yang_acl.acl.acl_sets.acl_set: - tablename = aclsetname.replace(" ", "_").replace("-", "_") - if mini_acl.has_key(tablename): - t_type = mini_acl[tablename]['type'] - ports = ','.join(mini_acl[tablename]['ports']) - aclset = yang_acl.acl.acl_sets.acl_set[aclsetname] - generate_table_json(aclset, aclsetname, ports, t_type, max_priority, output_path) - return - -def main(): - parser = argparse.ArgumentParser(description="Translate openconfig ACL json into SONiC ACL jsons") - parser.add_argument('input', metavar='INPUT', help='input json file in openconfig format') - group = parser.add_mutually_exclusive_group(required=True) - group.add_argument('-a', '--attach-to', help='the port(s) that this ACL is attached to') - group.add_argument('-m', '--minigraph', help='read ACL attaching information from minigraph') - parser.add_argument("-p", "--port-config", help="port config file, used with -m") - parser.add_argument('-n', '--max-priority', type=int, default=10000, help='the priority number of the first rule in ACL entries') - parser.add_argument('-o', '--output-path', default='.', help='output directory where SONiC ACL jsons will be generated') - args = parser.parse_args() - if args.attach_to: - translate_acl_fixed_port(args.input, args.output_path, args.port, args.max_priority) - elif args.minigraph: - mini_data = parse_xml(args.minigraph, port_config_file=args.port_config) - if mini_data['ACL_TABLE']: - translate_acl(args.input, args.output_path, mini_data['ACL_TABLE'], args.max_priority) - -if __name__ == "__main__": - main() diff --git a/src/sonic-swss b/src/sonic-swss index 3b7c3e3348..f90a4e1ef3 160000 --- a/src/sonic-swss +++ b/src/sonic-swss @@ -1 +1 @@ -Subproject commit 3b7c3e3348779e1fc7b147a299d22942a34f5cb9 +Subproject commit f90a4e1ef369491b84a048cbf234f4cd3442d552 diff --git a/src/sonic-swss-common b/src/sonic-swss-common index 31142b8fac..2e94b54e36 160000 --- a/src/sonic-swss-common +++ b/src/sonic-swss-common @@ -1 +1 @@ -Subproject commit 31142b8fac1796b7d665ed06609c9fec09c9707f +Subproject commit 2e94b54e3626a4acd73bb3edb2f94d61793ee0e4 diff --git a/src/sonic-utilities b/src/sonic-utilities index 67f8806ce4..1d37c9c199 160000 --- a/src/sonic-utilities +++ b/src/sonic-utilities @@ -1 +1 @@ -Subproject commit 67f8806ce42f2511f170117d70ecfd0e8d205eb5 +Subproject commit 1d37c9c199b7934653f907095bf11e685889df23