matthew/sonic-buildimage
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[sonic-acl] add ACL_TABLE_TYPE table (#9052)

Browse Source 
* [sonic-acl] add ACL_TABLE_TYPE table

I implemented ACL table type concept. Till this change, there are predefined ACL table types orchagent knows about (L3, L3V6, etc.) and if other orch requires a custom table a new table type needs to be defined in aclorch.
This PR addresses this limitation by introducing AclTableType which can be constructed from a set of matches, actions and bpoint types user needs. There is also a new handler for ACL_TABLE_TYPE table which is used for user to define table types.
Currently, some of built-in ACL table types that requires special handling are distinguished from others by their names (TABLE_TYPE_MIRROR, TABLE_TYPE_MIRRORV6) and a special handling is performed by an AclOrch.
Signed-off-by: Stepan Blyshchak <stepanb@nvidia.com>
This commit is contained in:
Stepan Blyshchak 2021-11-23 04:33:42 +02:00 committed by GitHub
parent 848a1710b0
commit 368b038b75
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 240 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
src/sonic-yang-models/tests/yang_model_tests/tests/acl.json
View File

@ -61,5 +61,25 @@
"key": "sonic-acl:services",
"value": ["SNMP"]
}
},
"ACL_TABLE_CUSTOM_TABLE_TYPE": {
"desc": "ACL_TABLE LOAD TABLE TYPE SUCCESSFULLY."
},
"ACL_TABLE_CUSTOM_TABLE_TYPE_NO_MATCHES": {
"desc": "ACL_TABLE LOAD TABLE TYPE WITH NO MATCHES.",
"eStrKey": "MinElements"
},
"ACL_TABLE_CUSTOM_TABLE_TYPE_NO_BIND_POINT_TYPES": {
"desc": "ACL_TABLE LOAD TABLE TYPE WITH NO BIND POINT TYPES.",
"eStrKey": "MinElements"
},
"ACL_TABLE_CUSTOM_TABLE_TYPE_NO_ACTIONS": {
"desc": "ACL_TABLE LOAD TABLE TYPE SUCCESSFULLY WITH NO ACTIONS.",
"eStrKey" : "Verify",
"verify": {
"xpath": "/sonic-acl:sonic-acl/ACL_TABLE_TYPE/ACL_TABLE_TYPE_LIST[ACL_TABLE_TYPE_NAME='CUSTOM_L3']/ACL_TABLE_TYPE_NAME",
"key": "sonic-acl:actions",
"value": [""]
}
}
}

186
src/sonic-yang-models/tests/yang_model_tests/tests_config/acl.json
View File

@ -471,5 +471,191 @@
]
}
}
},
"ACL_TABLE_CUSTOM_TABLE_TYPE": {
"sonic-acl:sonic-acl": {
"sonic-acl:ACL_TABLE": {
"ACL_TABLE_LIST": [
{
"ACL_TABLE_NAME": "NO-NSW-PACL-V6",
"policy_desc": "Filter IPv6",
"ports": [
"Ethernet0"
],
"stage": "EGRESS",
"type": "CUSTOM_L3"
}
]
},
"sonic-acl:ACL_TABLE_TYPE": {
"ACL_TABLE_TYPE_LIST": [
{
"ACL_TABLE_TYPE_NAME": "CUSTOM_L3",
"matches": [
"SRC_IP",
"IN_PORTS"
],
"actions": [
"PACKET_ACTION"
],
"bind_points": [
"PORT"
]
}
]
}
},
"sonic-port:sonic-port": {
"sonic-port:PORT": {
"PORT_LIST": [
{
"admin_status": "up",
"alias": "eth0",
"description": "Ethernet0",
"lanes": "0,1,2,3",
"mtu": 9000,
"name": "Ethernet0",
"speed": 25000
}
]
}
}
},
"ACL_TABLE_CUSTOM_TABLE_TYPE_NO_MATCHES": {
"sonic-acl:sonic-acl": {
"sonic-acl:ACL_TABLE": {
"ACL_TABLE_LIST": [
{
"ACL_TABLE_NAME": "NO-NSW-PACL-V6",
"policy_desc": "Filter IPv6",
"ports": [
"Ethernet0"
],
"stage": "EGRESS",
"type": "CUSTOM_L3"
}
]
},
"sonic-acl:ACL_TABLE_TYPE": {
"ACL_TABLE_TYPE_LIST": [
{
"ACL_TABLE_TYPE_NAME": "CUSTOM_L3",
"actions": [
"PACKET_ACTION"
],
"bind_points": [
"PORT"
]
}
]
}
},
"sonic-port:sonic-port": {
"sonic-port:PORT": {
"PORT_LIST": [
{
"admin_status": "up",
"alias": "eth0",
"description": "Ethernet0",
"lanes": "0,1,2,3",
"mtu": 9000,
"name": "Ethernet0",
"speed": 25000
}
]
}
}
},
"ACL_TABLE_CUSTOM_TABLE_TYPE_NO_BIND_POINT_TYPES": {
"sonic-acl:sonic-acl": {
"sonic-acl:ACL_TABLE": {
"ACL_TABLE_LIST": [
{
"ACL_TABLE_NAME": "NO-NSW-PACL-V6",
"policy_desc": "Filter IPv6",
"ports": [
"Ethernet0"
],
"stage": "EGRESS",
"type": "CUSTOM_L3"
}
]
},
"sonic-acl:ACL_TABLE_TYPE": {
"ACL_TABLE_TYPE_LIST": [
{
"ACL_TABLE_TYPE_NAME": "CUSTOM_L3",
"matches": [
"SRC_IP",
"IN_PORTS"
],
"actions": [
"PACKET_ACTION"
]
}
]
}
},
"sonic-port:sonic-port": {
"sonic-port:PORT": {
"PORT_LIST": [
{
"admin_status": "up",
"alias": "eth0",
"description": "Ethernet0",
"lanes": "0,1,2,3",
"mtu": 9000,
"name": "Ethernet0",
"speed": 25000
}
]
}
}
},
"ACL_TABLE_CUSTOM_TABLE_TYPE_NO_ACTIONS": {
"sonic-acl:sonic-acl": {
"sonic-acl:ACL_TABLE": {
"ACL_TABLE_LIST": [
{
"ACL_TABLE_NAME": "NO-NSW-PACL-V6",
"policy_desc": "Filter IPv6",
"ports": [
"Ethernet0"
],
"stage": "EGRESS",
"type": "CUSTOM_L3"
}
]
},
"sonic-acl:ACL_TABLE_TYPE": {
"ACL_TABLE_TYPE_LIST": [
{
"ACL_TABLE_TYPE_NAME": "CUSTOM_L3",
"matches": [
"SRC_IP",
"IN_PORTS"
],
"bind_points": [
"PORT"
]
}
]
}
},
"sonic-port:sonic-port": {
"sonic-port:PORT": {
"PORT_LIST": [
{
"admin_status": "up",
"alias": "eth0",
"description": "Ethernet0",
"lanes": "0,1,2,3",
"mtu": 9000,
"name": "Ethernet0",
"speed": 25000
}
]
}
}
}
}

35
src/sonic-yang-models/yang-templates/sonic-acl.yang.j2
View File

@ -225,6 +225,34 @@ module sonic-acl {
}
/* end of container ACL_RULE */
container ACL_TABLE_TYPE {
list ACL_TABLE_TYPE_LIST {
key "ACL_TABLE_TYPE_NAME";
leaf ACL_TABLE_TYPE_NAME {
type string;
}
leaf-list matches {
type string;
min-elements 1;
}
leaf-list actions {
type string;
default "";
}
leaf-list bind_points {
type enumeration {
enum PORT;
enum LAG;
}
min-elements 1;
}
}
}
container ACL_TABLE {
description "ACL_TABLE part of config_db.json";
@ -245,7 +273,12 @@ module sonic-acl {
leaf type {
mandatory true;
type stypes:acl_table_type;
type union {
type leafref {
path "/acl:sonic-acl/acl:ACL_TABLE_TYPE/acl:ACL_TABLE_TYPE_LIST/acl:ACL_TABLE_TYPE_NAME";
}
type stypes:acl_table_type;
}
}
leaf stage {