[yang] SONiC MAC ACL Yang model update to add support for Source MAC, Destination MAC, Ethertype pattern update, VLAN_ID, PCP, DEI fields (#7917)
#### Why I did it Currently only IP ACL and related model is defined. Support for MAC ACL is missing. Added support for it. #### How I did it ACL_RULE table is added with new MAC ACL related fields namely Source MAC, Destination MAC, Ethertype (Pattern updated to match any valid Ethertypes), VLAN, PCP, DEI #### How to verify it Yang model tests are attached.
This commit is contained in:
parent
d683688d41
commit
6f406b91ba
@ -81,5 +81,21 @@
|
|||||||
"key": "sonic-acl:actions",
|
"key": "sonic-acl:actions",
|
||||||
"value": [""]
|
"value": [""]
|
||||||
}
|
}
|
||||||
|
},
|
||||||
|
"ACL_TABLE_L2_ACL_FIELDS": {
|
||||||
|
"desc": "Configure L2 ACL with proper rule fields"
|
||||||
|
},
|
||||||
|
"ACL_TABLE_L3_RULE_WITH_L2_FIELDS": {
|
||||||
|
"desc": "Configure L2 Address in L3 ACL.",
|
||||||
|
"eStrKey" : "When",
|
||||||
|
"eStr": ["type"]
|
||||||
|
},
|
||||||
|
"ACL_RULE_L2_INVALID_MAC": {
|
||||||
|
"desc": "Configure invalid MAC address format.",
|
||||||
|
"eStrKey" : "Pattern"
|
||||||
|
},
|
||||||
|
"ACL_RULE_L2_INVALID_ETHER": {
|
||||||
|
"desc": "Configure invalid MAC address format.",
|
||||||
|
"eStrKey" : "Pattern"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -657,5 +657,123 @@
|
|||||||
]
|
]
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
},
|
||||||
|
"ACL_TABLE_L2_ACL_FIELDS": {
|
||||||
|
"sonic-acl:sonic-acl": {
|
||||||
|
"sonic-acl:ACL_RULE": {
|
||||||
|
"ACL_RULE_LIST": [
|
||||||
|
{
|
||||||
|
"ACL_TABLE_NAME": "L2ACL",
|
||||||
|
"SRC_MAC": "00:00:AB:CD:EF:00/FF:FF:FF:00:00:00",
|
||||||
|
"DST_MAC": "00:00:AB:CD:EF:FF/FF:FF:FF:FF:FF:FF",
|
||||||
|
"ETHER_TYPE": "0x0800",
|
||||||
|
"PCP": "5/5",
|
||||||
|
"DEI": "0",
|
||||||
|
"PACKET_ACTION": "FORWARD",
|
||||||
|
"PRIORITY": 999980,
|
||||||
|
"RULE_NAME": "Rule_20"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"sonic-acl:ACL_TABLE": {
|
||||||
|
"ACL_TABLE_LIST": [
|
||||||
|
{
|
||||||
|
"ACL_TABLE_NAME": "L2ACL",
|
||||||
|
"policy_desc": "L2ACL Test",
|
||||||
|
"ports": [ "" ],
|
||||||
|
"stage": "INGRESS",
|
||||||
|
"type": "L2"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"ACL_TABLE_L3_RULE_WITH_L2_FIELDS": {
|
||||||
|
"sonic-acl:sonic-acl": {
|
||||||
|
"sonic-acl:ACL_RULE": {
|
||||||
|
"ACL_RULE_LIST": [
|
||||||
|
{
|
||||||
|
"ACL_TABLE_NAME": "L3ACL-MAC-FIELDS",
|
||||||
|
"SRC_MAC": "00:00:AB:CD:EF:00/FF:FF:FF:00:00:00",
|
||||||
|
"DST_MAC": "00:00:AB:CD:EF:FF/FF:FF:FF:FF:FF:FF",
|
||||||
|
"ETHER_TYPE": "0x0800",
|
||||||
|
"PCP": "5/5",
|
||||||
|
"DEI": "0",
|
||||||
|
"PACKET_ACTION": "FORWARD",
|
||||||
|
"PRIORITY": 999980,
|
||||||
|
"RULE_NAME": "Rule_20"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"sonic-acl:ACL_TABLE": {
|
||||||
|
"ACL_TABLE_LIST": [
|
||||||
|
{
|
||||||
|
"ACL_TABLE_NAME": "L3ACL-MAC-FIELDS",
|
||||||
|
"policy_desc": "L2ACL Test",
|
||||||
|
"ports": [ "" ],
|
||||||
|
"stage": "INGRESS",
|
||||||
|
"type": "L3"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"ACL_RULE_L2_INVALID_MAC": {
|
||||||
|
"sonic-acl:sonic-acl": {
|
||||||
|
"sonic-acl:ACL_RULE": {
|
||||||
|
"ACL_RULE_LIST": [
|
||||||
|
{
|
||||||
|
"ACL_TABLE_NAME": "L2ACL_INVALID_MAC",
|
||||||
|
"SRC_MAC": "00.00.AB.CD.EF.00/FF.FF.FF.00.00.00",
|
||||||
|
"DST_MAC": "00.00.AB.CD.EF.FF/FF.FF.FF.FF.FF.FF",
|
||||||
|
"ETHER_TYPE": "0x0800",
|
||||||
|
"PCP": "5/5",
|
||||||
|
"DEI": "0",
|
||||||
|
"PACKET_ACTION": "FORWARD",
|
||||||
|
"PRIORITY": 999980,
|
||||||
|
"RULE_NAME": "Rule_20"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"sonic-acl:ACL_TABLE": {
|
||||||
|
"ACL_TABLE_LIST": [
|
||||||
|
{
|
||||||
|
"ACL_TABLE_NAME": "L2ACL_INVALID_MAC",
|
||||||
|
"policy_desc": "L2ACL Test",
|
||||||
|
"ports": [ "" ],
|
||||||
|
"stage": "INGRESS",
|
||||||
|
"type": "L2"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"ACL_RULE_L2_INVALID_ETHER": {
|
||||||
|
"sonic-acl:sonic-acl": {
|
||||||
|
"sonic-acl:ACL_RULE": {
|
||||||
|
"ACL_RULE_LIST": [
|
||||||
|
{
|
||||||
|
"ACL_TABLE_NAME": "L2ACL_INVALID_ETHER",
|
||||||
|
"SRC_MAC": "00.00.AB.CD.EF.00/FF.FF.FF.00.00.00",
|
||||||
|
"DST_MAC": "00.00.AB.CD.EF.FF/FF.FF.FF.FF.FF.FF",
|
||||||
|
"ETHER_TYPE": "64",
|
||||||
|
"PACKET_ACTION": "FORWARD",
|
||||||
|
"PRIORITY": 999980,
|
||||||
|
"RULE_NAME": "Rule_20"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"sonic-acl:ACL_TABLE": {
|
||||||
|
"ACL_TABLE_LIST": [
|
||||||
|
{
|
||||||
|
"ACL_TABLE_NAME": "L2ACL_INVALID_ETHER",
|
||||||
|
"policy_desc": "L2ACL Test",
|
||||||
|
"ports": [ "" ],
|
||||||
|
"stage": "INGRESS",
|
||||||
|
"type": "L2"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -75,8 +75,16 @@ module sonic-acl {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
choice ip_prefix {
|
choice src_dst_address {
|
||||||
|
case l2_src_dst_address {
|
||||||
|
when "(/acl:sonic-acl/acl:ACL_TABLE/acl:ACL_TABLE_LIST[ACL_TABLE_NAME=current()/acl:ACL_TABLE_NAME]/acl:type = 'L2')";
|
||||||
|
leaf SRC_MAC {
|
||||||
|
type stypes:mac-addr-and-mask;
|
||||||
|
}
|
||||||
|
leaf DST_MAC {
|
||||||
|
type stypes:mac-addr-and-mask;
|
||||||
|
}
|
||||||
|
}
|
||||||
case ip4_prefix {
|
case ip4_prefix {
|
||||||
when "boolean(IP_TYPE[.='ANY' or .='IP' or .='IPV4' or .='IPv4ANY' or .='ARP'])";
|
when "boolean(IP_TYPE[.='ANY' or .='IP' or .='IPV4' or .='IPv4ANY' or .='ARP'])";
|
||||||
leaf SRC_IP {
|
leaf SRC_IP {
|
||||||
@ -144,7 +152,7 @@ module sonic-acl {
|
|||||||
|
|
||||||
leaf ETHER_TYPE {
|
leaf ETHER_TYPE {
|
||||||
type string {
|
type string {
|
||||||
pattern "(0x88CC|0x8100|0x8915|0x0806|0x0800|0x86DD|0x8847)";
|
pattern "0x0[6-9a-fA-F][0-9a-fA-F]{2}|0x[1-9a-fA-F][0-9a-fA-F]{3}";
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -220,6 +228,26 @@ module sonic-acl {
|
|||||||
leaf INNER_L4_DST_PORT {
|
leaf INNER_L4_DST_PORT {
|
||||||
type uint16;
|
type uint16;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
leaf VLAN_ID {
|
||||||
|
type uint16 {
|
||||||
|
range 1..4094;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
leaf PCP {
|
||||||
|
when "(/acl:sonic-acl/acl:ACL_TABLE/acl:ACL_TABLE_LIST[ACL_TABLE_NAME=current()/../acl:ACL_TABLE_NAME]/acl:type = 'L2')";
|
||||||
|
type string {
|
||||||
|
pattern "[0-7]|[0-7]/[0-7]";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
leaf DEI {
|
||||||
|
when "(/acl:sonic-acl/acl:ACL_TABLE/acl:ACL_TABLE_LIST[ACL_TABLE_NAME=current()/../acl:ACL_TABLE_NAME]/acl:type = 'L2')";
|
||||||
|
type uint8 {
|
||||||
|
range "0..1";
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
/* end of ACL_RULE_LIST */
|
/* end of ACL_RULE_LIST */
|
||||||
}
|
}
|
||||||
|
@ -217,6 +217,11 @@ module sonic-types {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
typedef mac-addr-and-mask {
|
||||||
|
type string {
|
||||||
|
pattern "[0-9a-fA-F]{2}(:[0-9a-fA-F]{2}){5}|[0-9a-fA-F]{2}(:[0-9a-fA-F]{2}){5}/[0-9a-fA-F]{2}(:[0-9a-fA-F]{2}){5}";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
/* Required for CVL */
|
/* Required for CVL */
|
||||||
|
Loading…
Reference in New Issue
Block a user