[yang] SONiC MAC ACL Yang model update to add support for Source MAC, Destination MAC, Ethertype pattern update, VLAN_ID, PCP, DEI fields (#7917)

#### Why I did it
Currently only IP ACL and related model is defined. Support for MAC ACL is missing. Added support for it.

#### How I did it
ACL_RULE table is added with new MAC ACL related fields namely Source MAC, Destination MAC, Ethertype (Pattern updated to match any valid Ethertypes), VLAN, PCP, DEI

#### How to verify it
Yang model tests are attached.
This commit is contained in:
Abhishek 2021-12-09 11:19:16 -08:00 committed by Judy Joseph
parent d683688d41
commit 6f406b91ba
4 changed files with 170 additions and 3 deletions

View File

@ -81,5 +81,21 @@
"key": "sonic-acl:actions", "key": "sonic-acl:actions",
"value": [""] "value": [""]
} }
},
"ACL_TABLE_L2_ACL_FIELDS": {
"desc": "Configure L2 ACL with proper rule fields"
},
"ACL_TABLE_L3_RULE_WITH_L2_FIELDS": {
"desc": "Configure L2 Address in L3 ACL.",
"eStrKey" : "When",
"eStr": ["type"]
},
"ACL_RULE_L2_INVALID_MAC": {
"desc": "Configure invalid MAC address format.",
"eStrKey" : "Pattern"
},
"ACL_RULE_L2_INVALID_ETHER": {
"desc": "Configure invalid MAC address format.",
"eStrKey" : "Pattern"
} }
} }

View File

@ -657,5 +657,123 @@
] ]
} }
} }
},
"ACL_TABLE_L2_ACL_FIELDS": {
"sonic-acl:sonic-acl": {
"sonic-acl:ACL_RULE": {
"ACL_RULE_LIST": [
{
"ACL_TABLE_NAME": "L2ACL",
"SRC_MAC": "00:00:AB:CD:EF:00/FF:FF:FF:00:00:00",
"DST_MAC": "00:00:AB:CD:EF:FF/FF:FF:FF:FF:FF:FF",
"ETHER_TYPE": "0x0800",
"PCP": "5/5",
"DEI": "0",
"PACKET_ACTION": "FORWARD",
"PRIORITY": 999980,
"RULE_NAME": "Rule_20"
}
]
},
"sonic-acl:ACL_TABLE": {
"ACL_TABLE_LIST": [
{
"ACL_TABLE_NAME": "L2ACL",
"policy_desc": "L2ACL Test",
"ports": [ "" ],
"stage": "INGRESS",
"type": "L2"
}
]
}
}
},
"ACL_TABLE_L3_RULE_WITH_L2_FIELDS": {
"sonic-acl:sonic-acl": {
"sonic-acl:ACL_RULE": {
"ACL_RULE_LIST": [
{
"ACL_TABLE_NAME": "L3ACL-MAC-FIELDS",
"SRC_MAC": "00:00:AB:CD:EF:00/FF:FF:FF:00:00:00",
"DST_MAC": "00:00:AB:CD:EF:FF/FF:FF:FF:FF:FF:FF",
"ETHER_TYPE": "0x0800",
"PCP": "5/5",
"DEI": "0",
"PACKET_ACTION": "FORWARD",
"PRIORITY": 999980,
"RULE_NAME": "Rule_20"
}
]
},
"sonic-acl:ACL_TABLE": {
"ACL_TABLE_LIST": [
{
"ACL_TABLE_NAME": "L3ACL-MAC-FIELDS",
"policy_desc": "L2ACL Test",
"ports": [ "" ],
"stage": "INGRESS",
"type": "L3"
}
]
}
}
},
"ACL_RULE_L2_INVALID_MAC": {
"sonic-acl:sonic-acl": {
"sonic-acl:ACL_RULE": {
"ACL_RULE_LIST": [
{
"ACL_TABLE_NAME": "L2ACL_INVALID_MAC",
"SRC_MAC": "00.00.AB.CD.EF.00/FF.FF.FF.00.00.00",
"DST_MAC": "00.00.AB.CD.EF.FF/FF.FF.FF.FF.FF.FF",
"ETHER_TYPE": "0x0800",
"PCP": "5/5",
"DEI": "0",
"PACKET_ACTION": "FORWARD",
"PRIORITY": 999980,
"RULE_NAME": "Rule_20"
}
]
},
"sonic-acl:ACL_TABLE": {
"ACL_TABLE_LIST": [
{
"ACL_TABLE_NAME": "L2ACL_INVALID_MAC",
"policy_desc": "L2ACL Test",
"ports": [ "" ],
"stage": "INGRESS",
"type": "L2"
}
]
}
}
},
"ACL_RULE_L2_INVALID_ETHER": {
"sonic-acl:sonic-acl": {
"sonic-acl:ACL_RULE": {
"ACL_RULE_LIST": [
{
"ACL_TABLE_NAME": "L2ACL_INVALID_ETHER",
"SRC_MAC": "00.00.AB.CD.EF.00/FF.FF.FF.00.00.00",
"DST_MAC": "00.00.AB.CD.EF.FF/FF.FF.FF.FF.FF.FF",
"ETHER_TYPE": "64",
"PACKET_ACTION": "FORWARD",
"PRIORITY": 999980,
"RULE_NAME": "Rule_20"
}
]
},
"sonic-acl:ACL_TABLE": {
"ACL_TABLE_LIST": [
{
"ACL_TABLE_NAME": "L2ACL_INVALID_ETHER",
"policy_desc": "L2ACL Test",
"ports": [ "" ],
"stage": "INGRESS",
"type": "L2"
}
]
}
}
} }
} }

View File

@ -75,8 +75,16 @@ module sonic-acl {
} }
} }
choice ip_prefix { choice src_dst_address {
case l2_src_dst_address {
when "(/acl:sonic-acl/acl:ACL_TABLE/acl:ACL_TABLE_LIST[ACL_TABLE_NAME=current()/acl:ACL_TABLE_NAME]/acl:type = 'L2')";
leaf SRC_MAC {
type stypes:mac-addr-and-mask;
}
leaf DST_MAC {
type stypes:mac-addr-and-mask;
}
}
case ip4_prefix { case ip4_prefix {
when "boolean(IP_TYPE[.='ANY' or .='IP' or .='IPV4' or .='IPv4ANY' or .='ARP'])"; when "boolean(IP_TYPE[.='ANY' or .='IP' or .='IPV4' or .='IPv4ANY' or .='ARP'])";
leaf SRC_IP { leaf SRC_IP {
@ -144,7 +152,7 @@ module sonic-acl {
leaf ETHER_TYPE { leaf ETHER_TYPE {
type string { type string {
pattern "(0x88CC|0x8100|0x8915|0x0806|0x0800|0x86DD|0x8847)"; pattern "0x0[6-9a-fA-F][0-9a-fA-F]{2}|0x[1-9a-fA-F][0-9a-fA-F]{3}";
} }
} }
@ -220,6 +228,26 @@ module sonic-acl {
leaf INNER_L4_DST_PORT { leaf INNER_L4_DST_PORT {
type uint16; type uint16;
} }
leaf VLAN_ID {
type uint16 {
range 1..4094;
}
}
leaf PCP {
when "(/acl:sonic-acl/acl:ACL_TABLE/acl:ACL_TABLE_LIST[ACL_TABLE_NAME=current()/../acl:ACL_TABLE_NAME]/acl:type = 'L2')";
type string {
pattern "[0-7]|[0-7]/[0-7]";
}
}
leaf DEI {
when "(/acl:sonic-acl/acl:ACL_TABLE/acl:ACL_TABLE_LIST[ACL_TABLE_NAME=current()/../acl:ACL_TABLE_NAME]/acl:type = 'L2')";
type uint8 {
range "0..1";
}
}
} }
/* end of ACL_RULE_LIST */ /* end of ACL_RULE_LIST */
} }

View File

@ -217,6 +217,11 @@ module sonic-types {
} }
} }
typedef mac-addr-and-mask {
type string {
pattern "[0-9a-fA-F]{2}(:[0-9a-fA-F]{2}){5}|[0-9a-fA-F]{2}(:[0-9a-fA-F]{2}){5}/[0-9a-fA-F]{2}(:[0-9a-fA-F]{2}){5}";
}
}
/* Required for CVL */ /* Required for CVL */