matthew/sonic-buildimage
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

[config/acl] Support everflow config translation (#468)

Browse Source
This commit is contained in:
Taoyu Li 2017-04-07 01:10:05 -07:00 committed by GitHub
parent 0db93789db
commit ebed2d0182
12 changed files with 567 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
sonic-slave/Dockerfile
View File

@ -91,6 +91,7 @@ RUN apt-get update && apt-get install -y docutils-common libjs-sphinxdoc libjs-u
# For sonic config engine testing
RUN apt-get install -y python-lxml python-jinja2 python-netaddr python-ipaddr python-yaml
RUN pip install pyangbind
# For templating
RUN pip install j2cli

2
src/sonic-config-engine/MANIFEST.in
View File

@ -1 +1 @@
recursive-include tests *.j2 *.yml *.xml
recursive-include tests *.j2 *.yml *.xml *.json

11
src/sonic-config-engine/minigraph.py
View File

@ -218,9 +218,10 @@ def parse_dpg(dpg, hname):
aclintfs = child.find(str(QName(ns, "AclInterfaces")))
acls = {}
for aclintf in aclintfs.findall(str(QName(ns, "AclInterface"))):
aclname = aclintf.find(str(QName(ns, "InAcl"))).text
aclname = aclintf.find(str(QName(ns, "InAcl"))).text.lower().replace(" ", "_").replace("-", "_")
aclattach = aclintf.find(str(QName(ns, "AttachTo"))).text.split(';')
acl_intfs = []
is_mirror = False
for member in aclattach:
member = member.strip()
if pcs.has_key(member):
@ -229,9 +230,13 @@ def parse_dpg(dpg, hname):
print >> sys.stderr, "Warning: ACL " + aclname + " is attached to a Vlan interface, which is currently not supported"
elif port_alias_map.has_key(member):
acl_intfs.append(port_alias_map[member])
elif member.lower() == 'erspan':
is_mirror = True;
# Erspan session will be attached to all front panel ports
acl_intfs = port_alias_map.values()
break;
if acl_intfs:
acls[aclname] = acl_intfs
acls[aclname] = { 'AttachTo': acl_intfs, 'IsMirror': is_mirror }
return intfs, lo_intfs, mgmt_intf, vlans, pcs, acls
return None, None, None, None, None, None

29
src/sonic-config-engine/tests/sample_output/rules_for_dataacl.json Normal file
View File

@ -0,0 +1,29 @@
[
{
"ACL_RULE_TABLE:dataacl:Rule_1":{
"IP_PROTOCOL":17,
"PACKET_ACTION":"FORWARD",
"SRC_IP":"10.0.0.0/8",
"priority":9999
},
"OP":"SET"
},
{
"ACL_RULE_TABLE:dataacl:Rule_3":{
"IP_PROTOCOL":17,
"PACKET_ACTION":"FORWARD",
"SRC_IP":"25.0.0.0/8",
"priority":9997
},
"OP":"SET"
},
{
"ACL_RULE_TABLE:dataacl:Rule_2":{
"IP_PROTOCOL":17,
"PACKET_ACTION":"FORWARD",
"SRC_IP":"100.64.0.0/10",
"priority":9998
},
"OP":"SET"
}
]

14
src/sonic-config-engine/tests/sample_output/rules_for_everflow.json Normal file
View File

@ -0,0 +1,14 @@
[
{
"ACL_RULE_TABLE:everflow:Rule_1":{
"DST_IP":"127.0.0.1/32",
"IP_PROTOCOL":6,
"L4_DST_PORT":0,
"L4_SRC_PORT":0,
"MIRROR_ACTION":"everflow",
"SRC_IP":"127.0.0.1/32",
"priority":9999
},
"OP":"SET"
}
]

10
src/sonic-config-engine/tests/sample_output/table_dataacl.json Normal file
View File

@ -0,0 +1,10 @@
[
{
"ACL_TABLE:dataacl":{
"policy_desc":"dataacl",
"ports":"Ethernet112,Ethernet116,Ethernet120,Ethernet124",
"type":"L3"
},
"OP":"SET"
}
]

10
src/sonic-config-engine/tests/sample_output/table_everflow.json Normal file
View File

@ -0,0 +1,10 @@
[
{
"ACL_TABLE:everflow":{
"policy_desc":"everflow",
"ports":"Ethernet24,Ethernet40,Ethernet20,Ethernet44,Ethernet48,Ethernet28,Ethernet96,Ethernet92,Ethernet76,Ethernet116,Ethernet72,Ethernet112,Ethernet52,Ethernet108,Ethernet56,Ethernet32,Ethernet16,Ethernet36,Ethernet12,Ethernet120,Ethernet8,Ethernet4,Ethernet0,Ethernet124,Ethernet68,Ethernet84,Ethernet100,Ethernet80,Ethernet60,Ethernet104,Ethernet64,Ethernet88",
"type":"mirror"
},
"OP":"SET"
}
]

97
src/sonic-config-engine/tests/t0-sample-acl.json Normal file
View File

@ -0,0 +1,97 @@
{
"acl": {
"acl-sets": {
"acl-set": {
"dataacl": {
"acl-entries": {
"acl-entry": {
"1": {
"actions": {
"config": {
"forwarding-action": "ACCEPT"
}
},
"config": {
"sequence-id": 1
},
"ip": {
"config": {
"protocol": "IP_UDP",
"source-ip-address": "10.0.0.0/8"
}
}
},
"2": {
"actions": {
"config": {
"forwarding-action": "ACCEPT"
}
},
"config": {
"sequence-id": 2
},
"ip": {
"config": {
"protocol": "IP_UDP",
"source-ip-address": "100.64.0.0/10"
}
}
},
"3": {
"actions": {
"config": {
"forwarding-action": "ACCEPT"
}
},
"config": {
"sequence-id": 3
},
"ip": {
"config": {
"protocol": "IP_UDP",
"source-ip-address": "25.0.0.0/8"
}
}
}
}
},
"config": {
"name": "dataacl"
}
},
"everflow": {
"acl-entries": {
"acl-entry": {
"1": {
"actions": {
"config": {
"forwarding-action": "ACCEPT"
}
},
"config": {
"sequence-id": 1
},
"ip": {
"config": {
"destination-ip-address": "127.0.0.1/32",
"protocol": "IP_TCP",
"source-ip-address": "127.0.0.1/32"
}
},
"transport": {
"config": {
"destination-port": "0",
"source-port": "0"
}
}
}
}
},
"config": {
"name": "everflow"
}
}
}
}
}
}

320
src/sonic-config-engine/tests/t0-sample-graph-everflow.xml Normal file
View File

@ -0,0 +1,320 @@
<DeviceMiniGraph xmlns="Microsoft.Search.Autopilot.Evolution" xmlns:i="http://www.w3.org/2001/XMLSchema-instance">
<CpgDec>
<IsisRouters xmlns:a="http://schemas.datacontract.org/2004/07/Microsoft.Search.Autopilot.Evolution"/>
<PeeringSessions>
<BGPSession>
<MacSec>false</MacSec>
<StartRouter>switch-t0</StartRouter>
<StartPeer>10.0.0.56</StartPeer>
<EndRouter>ARISTA01T1</EndRouter>
<EndPeer>10.0.0.57</EndPeer>
<Multihop>1</Multihop>
<HoldTime>180</HoldTime>
<KeepAliveTime>60</KeepAliveTime>
</BGPSession>
<BGPSession>
<StartRouter>switch-t0</StartRouter>
<StartPeer>FC00::71</StartPeer>
<EndRouter>ARISTA01T1</EndRouter>
<EndPeer>FC00::72</EndPeer>
<Multihop>1</Multihop>
<HoldTime>180</HoldTime>
<KeepAliveTime>60</KeepAliveTime>
</BGPSession>
<BGPSession>
<MacSec>false</MacSec>
<StartRouter>switch-t0</StartRouter>
<StartPeer>10.0.0.58</StartPeer>
<EndRouter>ARISTA02T1</EndRouter>
<EndPeer>10.0.0.59</EndPeer>
<Multihop>1</Multihop>
<HoldTime>180</HoldTime>
<KeepAliveTime>60</KeepAliveTime>
</BGPSession>
<BGPSession>
<StartRouter>switch-t0</StartRouter>
<StartPeer>FC00::75</StartPeer>
<EndRouter>ARISTA02T1</EndRouter>
<EndPeer>FC00::76</EndPeer>
<Multihop>1</Multihop>
<HoldTime>180</HoldTime>
<KeepAliveTime>60</KeepAliveTime>
</BGPSession>
<BGPSession>
<MacSec>false</MacSec>
<StartRouter>switch-t0</StartRouter>
<StartPeer>10.0.0.60</StartPeer>
<EndRouter>ARISTA03T1</EndRouter>
<EndPeer>10.0.0.61</EndPeer>
<Multihop>1</Multihop>
<HoldTime>180</HoldTime>
<KeepAliveTime>60</KeepAliveTime>
</BGPSession>
<BGPSession>
<StartRouter>switch-t0</StartRouter>
<StartPeer>FC00::79</StartPeer>
<EndRouter>ARISTA03T1</EndRouter>
<EndPeer>FC00::7A</EndPeer>
<Multihop>1</Multihop>
<HoldTime>180</HoldTime>
<KeepAliveTime>60</KeepAliveTime>
</BGPSession>
<BGPSession>
<MacSec>false</MacSec>
<StartRouter>switch-t0</StartRouter>
<StartPeer>10.0.0.62</StartPeer>
<EndRouter>ARISTA04T1</EndRouter>
<EndPeer>10.0.0.63</EndPeer>
<Multihop>1</Multihop>
<HoldTime>180</HoldTime>
<KeepAliveTime>60</KeepAliveTime>
</BGPSession>
<BGPSession>
<StartRouter>switch-t0</StartRouter>
<StartPeer>FC00::7D</StartPeer>
<EndRouter>ARISTA04T1</EndRouter>
<EndPeer>FC00::7E</EndPeer>
<Multihop>1</Multihop>
<HoldTime>180</HoldTime>
<KeepAliveTime>60</KeepAliveTime>
</BGPSession>
</PeeringSessions>
<Routers xmlns:a="http://schemas.datacontract.org/2004/07/Microsoft.Search.Autopilot.Evolution">
<a:BGPRouterDeclaration>
<a:ASN>65100</a:ASN>
<a:Hostname>switch-t0</a:Hostname>
<a:Peers>
<BGPPeer>
<Address>10.0.0.57</Address>
<RouteMapIn i:nil="true"/>
<RouteMapOut i:nil="true"/>
<Vrf i:nil="true"/>
</BGPPeer>
<BGPPeer>
<Address>10.0.0.59</Address>
<RouteMapIn i:nil="true"/>
<RouteMapOut i:nil="true"/>
<Vrf i:nil="true"/>
</BGPPeer>
<BGPPeer>
<Address>10.0.0.61</Address>
<RouteMapIn i:nil="true"/>
<RouteMapOut i:nil="true"/>
<Vrf i:nil="true"/>
</BGPPeer>
<BGPPeer>
<Address>10.0.0.63</Address>
<RouteMapIn i:nil="true"/>
<RouteMapOut i:nil="true"/>
<Vrf i:nil="true"/>
</BGPPeer>
</a:Peers>
<a:RouteMaps/>
</a:BGPRouterDeclaration>
<a:BGPRouterDeclaration>
<a:ASN>64600</a:ASN>
<a:Hostname>ARISTA01T1</a:Hostname>
<a:RouteMaps/>
</a:BGPRouterDeclaration>
<a:BGPRouterDeclaration>
<a:ASN>64600</a:ASN>
<a:Hostname>ARISTA02T1</a:Hostname>
<a:RouteMaps/>
</a:BGPRouterDeclaration>
<a:BGPRouterDeclaration>
<a:ASN>64600</a:ASN>
<a:Hostname>ARISTA03T1</a:Hostname>
<a:RouteMaps/>
</a:BGPRouterDeclaration>
<a:BGPRouterDeclaration>
<a:ASN>64600</a:ASN>
<a:Hostname>ARISTA04T1</a:Hostname>
<a:RouteMaps/>
</a:BGPRouterDeclaration>
</Routers>
</CpgDec>
<DpgDec>
<DeviceDataPlaneInfo>
<IPSecTunnels/>
<LoopbackIPInterfaces xmlns:a="http://schemas.datacontract.org/2004/07/Microsoft.Search.Autopilot.Evolution">
<a:LoopbackIPInterface>
<Name>HostIP</Name>
<AttachTo>Loopback0</AttachTo>
<a:Prefix xmlns:b="Microsoft.Search.Autopilot.Evolution">
<b:IPPrefix>10.1.0.32/32</b:IPPrefix>
</a:Prefix>
<a:PrefixStr>10.1.0.32/32</a:PrefixStr>
</a:LoopbackIPInterface>
<a:LoopbackIPInterface>
<Name>HostIP1</Name>
<AttachTo>Loopback0</AttachTo>
<a:Prefix xmlns:b="Microsoft.Search.Autopilot.Evolution">
<b:IPPrefix>FC00:1::32/128</b:IPPrefix>
</a:Prefix>
<a:PrefixStr>FC00:1::32/128</a:PrefixStr>
</a:LoopbackIPInterface>
</LoopbackIPInterfaces>
<ManagementIPInterfaces xmlns:a="http://schemas.datacontract.org/2004/07/Microsoft.Search.Autopilot.Evolution">
<a:ManagementIPInterface>
<Name>HostIP</Name>
<AttachTo>eth0</AttachTo>
<a:Prefix xmlns:b="Microsoft.Search.Autopilot.Evolution">
<b:IPPrefix>10.0.0.100/24</b:IPPrefix>
</a:Prefix>
<a:PrefixStr>10.0.0.100/24</a:PrefixStr>
</a:ManagementIPInterface>
</ManagementIPInterfaces>
<ManagementVIPInterfaces xmlns:a="http://schemas.datacontract.org/2004/07/Microsoft.Search.Autopilot.Evolution"/>
<MplsInterfaces/>
<MplsTeInterfaces/>
<RsvpInterfaces/>
<Hostname>switch-t0</Hostname>
<PortChannelInterfaces>
<PortChannel>
<Name>PortChannel01</Name>
<AttachTo>fortyGigE0/112</AttachTo>
<SubInterface/>
</PortChannel>
<PortChannel>
<Name>PortChannel02</Name>
<AttachTo>fortyGigE0/116</AttachTo>
<SubInterface/>
</PortChannel>
<PortChannel>
<Name>PortChannel03</Name>
<AttachTo>fortyGigE0/120</AttachTo>
<SubInterface/>
</PortChannel>
<PortChannel>
<Name>PortChannel04</Name>
<AttachTo>fortyGigE0/124</AttachTo>
<SubInterface/>
</PortChannel>
</PortChannelInterfaces>
<VlanInterfaces>
<VlanInterface>
<Name>Vlan1000</Name>
<AttachTo>fortyGigE0/4;fortyGigE0/8;fortyGigE0/12;fortyGigE0/16;fortyGigE0/20;fortyGigE0/24;fortyGigE0/28;fortyGigE0/32;fortyGigE0/36;fortyGigE0/40;fortyGigE0/44;fortyGigE0/48;fortyGigE0/52;fortyGigE0/56;fortyGigE0/60;fortyGigE0/64;fortyGigE0/68;fortyGigE0/72;fortyGigE0/76;fortyGigE0/80;fortyGigE0/84;fortyGigE0/88;fortyGigE0/92;fortyGigE0/96</AttachTo>
<NoDhcpRelay>False</NoDhcpRelay>
<StaticDHCPRelay>0.0.0.0/0</StaticDHCPRelay>
<Type i:nil="true"/>
<VlanID>1000</VlanID>
<Tag>1000</Tag>
<Subnets>192.168.0.0/27</Subnets>
</VlanInterface>
</VlanInterfaces>
<IPInterfaces>
<IPInterface>
<Name i:nil="true"/>
<AttachTo>PortChannel01</AttachTo>
<Prefix>10.0.0.56/31</Prefix>
</IPInterface>
<IPInterface>
<Name i:Name="true"/>
<AttachTo>PortChannel01</AttachTo>
<Prefix>FC00::71/126</Prefix>
</IPInterface>
<IPInterface>
<Name i:nil="true"/>
<AttachTo>PortChannel02</AttachTo>
<Prefix>10.0.0.58/31</Prefix>
</IPInterface>
<IPInterface>
<Name i:Name="true"/>
<AttachTo>PortChannel02</AttachTo>
<Prefix>FC00::75/126</Prefix>
</IPInterface>
<IPInterface>
<Name i:nil="true"/>
<AttachTo>PortChannel03</AttachTo>
<Prefix>10.0.0.60/31</Prefix>
</IPInterface>
<IPInterface>
<Name i:Name="true"/>
<AttachTo>PortChannel03</AttachTo>
<Prefix>FC00::79/126</Prefix>
</IPInterface>
<IPInterface>
<Name i:nil="true"/>
<AttachTo>PortChannel04</AttachTo>
<Prefix>10.0.0.62/31</Prefix>
</IPInterface>
<IPInterface>
<Name i:Name="true"/>
<AttachTo>PortChannel04</AttachTo>
<Prefix>FC00::7D/126</Prefix>
</IPInterface>
<IPInterface>
<Name i:nil="true"/>
<AttachTo>Vlan1000</AttachTo>
<Prefix>192.168.0.1/27</Prefix>
</IPInterface>
</IPInterfaces>
<DataAcls/>
<AclInterfaces>
<AclInterface>
<AttachTo>ERSPAN</AttachTo>
<InAcl>everflow</InAcl>
</AclInterface>
</AclInterfaces>
<DownstreamSummaries/>
<DownstreamSummarySet xmlns:a="http://schemas.datacontract.org/2004/07/Microsoft.Search.Autopilot.Evolution"/>
</DeviceDataPlaneInfo>
</DpgDec>
<PngDec>
<DeviceInterfaceLinks>
<DeviceLinkBase>
<ElementType>DeviceInterfaceLink</ElementType>
<EndDevice>ARISTA01T1</EndDevice>
<EndPort>Ethernet1/1</EndPort>
<StartDevice>switch-t0</StartDevice>
<StartPort>fortyGigE0/112</StartPort>
</DeviceLinkBase>
<DeviceLinkBase>
<ElementType>DeviceInterfaceLink</ElementType>
<EndDevice>ARISTA02T1</EndDevice>
<EndPort>Ethernet1/1</EndPort>
<StartDevice>switch-t0</StartDevice>
<StartPort>fortyGigE0/116</StartPort>
</DeviceLinkBase>
<DeviceLinkBase>
<ElementType>DeviceInterfaceLink</ElementType>
<EndDevice>ARISTA03T1</EndDevice>
<EndPort>Ethernet1/1</EndPort>
<StartDevice>switch-t0</StartDevice>
<StartPort>fortyGigE0/120</StartPort>
</DeviceLinkBase>
<DeviceLinkBase>
<ElementType>DeviceInterfaceLink</ElementType>
<EndDevice>ARISTA04T1</EndDevice>
<EndPort>Ethernet1/1</EndPort>
<StartDevice>switch-t0</StartDevice>
<StartPort>fortyGigE0/124</StartPort>
</DeviceLinkBase>
</DeviceInterfaceLinks>
<Devices>
<Device i:type="ToRRouter">
<Hostname>switch-t0</Hostname>
<HwSku>Force10-S6000</HwSku>
</Device>
<Device i:type="LeafRouter">
<Hostname>ARISTA01T1</Hostname>
<HwSku>Arista</HwSku>
</Device>
<Device i:type="LeafRouter">
<Hostname>ARISTA02T1</Hostname>
<HwSku>Arista</HwSku>
</Device>
<Device i:type="LeafRouter">
<Hostname>ARISTA03T1</Hostname>
<HwSku>Arista</HwSku>
</Device>
<Device i:type="LeafRouter">
<Hostname>ARISTA04T1</Hostname>
<HwSku>Arista</HwSku>
</Device>
</Devices>
</PngDec>
<Hostname>switch-t0</Hostname>
<HwSku>Force10-S6000</HwSku>
</DeviceMiniGraph>

58
src/sonic-config-engine/tests/test_acl.py Normal file
View File

@ -0,0 +1,58 @@
import filecmp
import os
import subprocess
from unittest import TestCase
class TestAcl(TestCase):
def setUp(self):
self.test_dir = os.path.dirname(os.path.realpath(__file__))
self.script_file = os.path.join(self.test_dir, '..', 'sonic-cfggen')
self.acl_script_file = os.path.join(self.test_dir, '..', 'translate_acl')
self.t0_minigraph = os.path.join(self.test_dir, 't0-sample-graph.xml')
self.t0_minigraph_everflow = os.path.join(self.test_dir, 't0-sample-graph-everflow.xml')
self.t0_acl = os.path.join(self.test_dir, 't0-sample-acl.json')
self.t0_port_config = os.path.join(self.test_dir, 't0-sample-port-config.ini')
def run_script(self, argument):
print 'CMD: sonic-cfggen ' + argument
output = ''
try:
output = subprocess.check_output(self.script_file + ' ' + argument, shell=True, stderr=subprocess.STDOUT)
except subprocess.CalledProcessError, (p):
print 'CalledProcessError: CMD:%s returncode:%s' % (p.cmd, p.returncode)
print p.output
return output
def run_acl_script(self, argument):
print 'CMD: translate_acl ' + argument
output = ''
try:
output = subprocess.check_output(self.acl_script_file + ' ' + argument, shell=True, stderr=subprocess.STDOUT)
except subprocess.CalledProcessError, (p):
print 'CalledProcessError: CMD:%s returncode:%s' % (p.cmd, p.returncode)
print p.output
return output
def test_translate_acl(self):
argument = '-m ' + self.t0_minigraph + ' -p ' + self.t0_port_config + ' -o ' + self.test_dir + ' ' + self.t0_acl
self.run_acl_script(argument)
for filename in ['rules_for_dataacl.json','table_dataacl.json']:
sample_output_file = os.path.join(self.test_dir, 'sample_output', filename)
output_file = os.path.join(self.test_dir, filename)
assert filecmp.cmp(sample_output_file, output_file)
def test_translate_everflow(self):
argument = '-m ' + self.t0_minigraph_everflow + ' -p ' + self.t0_port_config + ' -o ' + self.test_dir + ' ' + self.t0_acl
self.run_acl_script(argument)
for filename in ['rules_for_everflow.json','table_everflow.json']:
sample_output_file = os.path.join(self.test_dir, 'sample_output', filename)
output_file = os.path.join(self.test_dir, filename)
assert filecmp.cmp(sample_output_file, output_file)
def tearDown(self):
for filename in ['rules_for_dataacl.json','table_dataacl.json','rules_for_everflow.json','table_everflow.json']:
try:
os.remove(os.path.join(self.test_dir, filename))
except OSError:
pass

2
src/sonic-config-engine/tests/test_cfggen.py
View File

@ -60,7 +60,7 @@ class TestCfgGen(TestCase):
def test_minigraph_acl(self):
argument = '-m "' + self.sample_graph_t0 + '" -p "' + self.port_config + '" -v minigraph_acls'
output = self.run_script(argument)
self.assertEqual(output.strip(), "{'DataAcl': ['Ethernet112', 'Ethernet116', 'Ethernet120', 'Ethernet124']}")
self.assertEqual(output.strip(), "{'dataacl': {'IsMirror': False, 'AttachTo': ['Ethernet112', 'Ethernet116', 'Ethernet120', 'Ethernet124']}}")
def test_minigraph_interfaces(self):
argument = '-m "' + self.sample_graph_simple + '" -p "' + self.port_config + '" -v minigraph_interfaces'

31
src/sonic-config-engine/translate_acl
View File

@ -13,7 +13,7 @@ def dump_json(filename, data):
with open(filename, 'w') as outfile:
json.dump(data, outfile, indent=4, sort_keys=True, separators=(',', ':'))
def generate_rule_json(table_name, rule, max_priority):
def generate_rule_json(table_name, rule, max_priority, mirror):
rule_idx = rule.config.sequence_id
rule_props = {}
rule_data = {}
@ -22,7 +22,10 @@ def generate_rule_json(table_name, rule, max_priority):
rule_props["priority"] = max_priority - rule_idx
if rule.actions.config.forwarding_action == "ACCEPT":
rule_props["PACKET_ACTION"] = "FORWARD"
if mirror:
rule_props["MIRROR_ACTION"] = "everflow"
else:
rule_props["PACKET_ACTION"] = "FORWARD"
elif rule.actions.config.forwarding_action == "DROP":
rule_props["PACKET_ACTION"] = "DROP"
elif rule.actions.config.forwarding_action == "REJECT":
@ -97,14 +100,14 @@ def generate_rule_json(table_name, rule, max_priority):
rule_props["TCP_FLAGS"] = '0x{:02x}'.format(tcp_flags)
return rule_data
def generate_table_json(aclset, aclname, port, max_priority, output_path='.'):
def generate_table_json(aclset, aclname, ports, mirror, max_priority, output_path='.'):
table_name = aclname.replace(" ", "_").replace("-", "_")
#table_name = generate_random_table_name()
table_props = {}
table_props["policy_desc"] = table_name
table_props["type"] = "L3"
table_props["ports"] = port
table_props["type"] = "mirror" if mirror else "L3"
table_props["ports"] = ports
table_data = [{}]
table_data[0]["ACL_TABLE:"+table_name] = table_props
@ -114,7 +117,7 @@ def generate_table_json(aclset, aclname, port, max_priority, output_path='.'):
rule_data = []
for aclentryname in aclset.acl_entries.acl_entry:
aclentry = aclset.acl_entries.acl_entry[aclentryname]
rule_props = generate_rule_json(table_name, aclentry, max_priority)
rule_props = generate_rule_json(table_name, aclentry, max_priority, mirror)
if rule_props:
rule_data.append(rule_props)
@ -127,29 +130,31 @@ def translate_acl_fixed_port(filename, output_path, port, max_priority):
generate_table_json(aclset, aclsetname, port, max_priority, output_path)
return
def translate_acl(filename, output_path, attach_to, max_priority):
def translate_acl(filename, output_path, mini_acl, max_priority):
yang_acl = pybindJSON.load(filename, openconfig_acl, "openconfig_acl")
for aclsetname in yang_acl.acl.acl_sets.acl_set:
tablename = aclsetname.replace(" ", "_").replace("-", "_")
if attach_to.has_key(tablename):
port = ','.join(attach_to[tablename])
if mini_acl.has_key(tablename):
is_mirror = mini_acl[tablename]['IsMirror']
ports = ','.join(mini_acl[tablename]['AttachTo'])
aclset = yang_acl.acl.acl_sets.acl_set[aclsetname]
generate_table_json(aclset, aclsetname, port, max_priority, output_path)
generate_table_json(aclset, aclsetname, ports, is_mirror, max_priority, output_path)
return
def main():
parser = argparse.ArgumentParser(description="Translate openconfig ACL json into SONiC ACL jsons")
parser.add_argument('input', metavar='INPUT', help='input json file in openconfig format')
group = parser.add_mutually_exclusive_group(required=True)
group.add_argument('-p', '--port', help='the port(s) that this ACL is attached to')
group.add_argument('-a', '--attach-to', help='the port(s) that this ACL is attached to')
group.add_argument('-m', '--minigraph', help='read ACL attaching information from minigraph')
parser.add_argument("-p", "--port-config", help="port config file, used with -m")
parser.add_argument('-n', '--max-priority', type=int, default=10000, help='the priority number of the first rule in ACL entries')
parser.add_argument('-o', '--output-path', default='.', help='output directory where SONiC ACL jsons will be generated')
args = parser.parse_args()
if args.port:
if args.attach_to:
translate_acl_fixed_port(args.input, args.output_path, args.port, args.max_priority)
elif args.minigraph:
mini_data = parse_xml(args.minigraph)
mini_data = parse_xml(args.minigraph, port_config_file=args.port_config)
if mini_data['minigraph_acls']:
translate_acl(args.input, args.output_path, mini_data['minigraph_acls'], args.max_priority)