From be75dd9958fdedcccf322ec94056506e2112405d Mon Sep 17 00:00:00 2001 From: mssonicbld <79238446+mssonicbld@users.noreply.github.com> Date: Sat, 22 Apr 2023 20:45:11 +0800 Subject: [PATCH] Update check of IP_TYPE from ACL Yang model (#13810) (#14759) --- .../tests/yang_model_tests/tests/acl.json | 3 ++ .../yang_model_tests/tests_config/acl.json | 53 +++++++++++++++++++ .../yang-templates/sonic-acl.yang.j2 | 8 +-- 3 files changed, 60 insertions(+), 4 deletions(-) diff --git a/src/sonic-yang-models/tests/yang_model_tests/tests/acl.json b/src/sonic-yang-models/tests/yang_model_tests/tests/acl.json index 3bfb0611fb..a3d2110479 100644 --- a/src/sonic-yang-models/tests/yang_model_tests/tests/acl.json +++ b/src/sonic-yang-models/tests/yang_model_tests/tests/acl.json @@ -31,6 +31,9 @@ "eStrKey" : "When", "eStr": ["IP_TYPE"] }, + "ACL_RULE_WITHOUT_IP_TYPE": { + "desc": "Configure ACL_RULE without IP_TYPE." + }, "ACL_RULE_ARP_TYPE_DST_IPV6_MISMATCH": { "desc": "Configure IP_TYPE as ARP and DST_IPV6 in ACL_RULE.", "eStrKey" : "When", diff --git a/src/sonic-yang-models/tests/yang_model_tests/tests_config/acl.json b/src/sonic-yang-models/tests/yang_model_tests/tests_config/acl.json index 6c3d3ad3ec..ce5a9839d0 100644 --- a/src/sonic-yang-models/tests/yang_model_tests/tests_config/acl.json +++ b/src/sonic-yang-models/tests/yang_model_tests/tests_config/acl.json @@ -158,6 +158,59 @@ } } }, + "ACL_RULE_WITHOUT_IP_TYPE": { + "sonic-acl:sonic-acl": { + "sonic-acl:ACL_RULE": { + "ACL_RULE_LIST": [ + { + "ACL_TABLE_NAME": "NO-NSW-PACL-V4", + "PACKET_ACTION": "FORWARD", + "PRIORITY": 999980, + "RULE_NAME": "Rule_20", + "SRC_IPV6": "2001::1/64" + } + ] + }, + "sonic-acl:ACL_TABLE": { + "ACL_TABLE_LIST": [ + { + "ACL_TABLE_NAME": "NO-NSW-PACL-V4", + "policy_desc": "Filter IPv4", + "ports": [ + "Ethernet0", + "Ethernet1" + ], + "stage": "EGRESS", + "type": "L3" + } + ] + } + }, + "sonic-port:sonic-port": { + "sonic-port:PORT": { + "PORT_LIST": [ + { + "admin_status": "up", + "alias": "eth0", + "description": "Ethernet0", + "lanes": "0,1,2,3", + "mtu": 9000, + "name": "Ethernet0", + "speed": 25000 + }, + { + "admin_status": "up", + "alias": "eth1", + "description": "Ethernet1", + "lanes": "4,5,6,7", + "mtu": 9000, + "name": "Ethernet1", + "speed": 25000 + } + ] + } + } + }, "ACL_RULE_UNDEFINED_PACKET_ACTION": { "sonic-acl:sonic-acl": { "sonic-acl:ACL_RULE": { diff --git a/src/sonic-yang-models/yang-templates/sonic-acl.yang.j2 b/src/sonic-yang-models/yang-templates/sonic-acl.yang.j2 index 2658016575..360c096880 100644 --- a/src/sonic-yang-models/yang-templates/sonic-acl.yang.j2 +++ b/src/sonic-yang-models/yang-templates/sonic-acl.yang.j2 @@ -106,7 +106,7 @@ module sonic-acl { } } case ip4_prefix { - when "boolean(IP_TYPE[.='ANY' or .='IP' or .='IPV4' or .='IPv4ANY' or .='ARP'])"; + when "not(IP_TYPE) or boolean(IP_TYPE[.='ANY' or .='IP' or .='IPV4' or .='IPv4ANY' or .='ARP'])"; leaf SRC_IP { type inet:ipv4-prefix; } @@ -117,7 +117,7 @@ module sonic-acl { } case ip6_prefix { - when "boolean(IP_TYPE[.='ANY' or .='IP' or .='IPV6' or .='IPv6ANY'])"; + when "not(IP_TYPE) or boolean(IP_TYPE[.='ANY' or .='IP' or .='IPV6' or .='IPv6ANY'])"; leaf SRC_IPV6 { type inet:ipv6-prefix; } @@ -199,7 +199,7 @@ module sonic-acl { choice icmp { case icmp4 { - when "boolean(IP_TYPE[.='ANY' or .='IP' or .='IPV4' or .='IPv4ANY' or .='ARP'])"; + when "not(IP_TYPE) or boolean(IP_TYPE[.='ANY' or .='IP' or .='IPV4' or .='IPv4ANY' or .='ARP'])"; leaf ICMP_TYPE { type uint8 { range 1..44; @@ -214,7 +214,7 @@ module sonic-acl { } case icmp6 { - when "boolean(IP_TYPE[.='ANY' or .='IP' or .='IPV6' or .='IPv6ANY'])"; + when "not(IP_TYPE) or boolean(IP_TYPE[.='ANY' or .='IP' or .='IPV6' or .='IPv6ANY'])"; leaf ICMPV6_TYPE { type uint8 { range 1..44;