Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[yang] In ACL_RULE PRIORITY is mandatory and also PACKET_ACTION for CTRLPLANE ACLs #10248

Merged
merged 1 commit into from
Mar 23, 2022

Conversation

ghooo
Copy link
Contributor

@ghooo ghooo commented Mar 16, 2022

Why I did it

Fixes sonic-net/sonic-utilities#2049

from caclmgr:

  • PRIORITY is a required field code
  • PACKET_ACTION is a required field code

I think PRIORITY is a required field for ACLs not only CTRLPLANE ACLs

How I did it

Check code.

How to verify it

Unit-test

Which release branch to backport (provide reason below if selected)

  • 201811
  • 201911
  • 202006
  • 202012
  • 202106
  • 202111

Description for the changelog

Link to config_db schema for YANG module changes

A picture of a cute animal (not mandatory but encouraged)

@ghooo ghooo requested a review from qiluo-msft as a code owner March 16, 2022 03:43
@wen587 wen587 self-requested a review March 16, 2022 04:25
@wen587
Copy link
Contributor

wen587 commented Mar 16, 2022

LGTM

@ghooo ghooo changed the title [yang] In ACL_RULE PRIORITY is mandatory and PACKET_ACTION for CTRLPLANE ACLs [yang] In ACL_RULE PRIORITY is mandatory and also PACKET_ACTION for CTRLPLANE ACLs Mar 16, 2022
@qiluo-msft qiluo-msft requested a review from bingwang-ms March 18, 2022 00:24
@@ -69,6 +69,9 @@ module sonic-acl {
type stypes:packet_action;
}

/* Validating 'PACKET_ACTION' exist if ACL type is 'CTRLPLANE' */
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@bingwang-ms Is PACKET_ACTION mandatory for data plane ACL?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No, PACKET_ACTION is not mandatory for data plane ACL.
For example, we can have below config for an ACL rule

# redis-cli -n 4 hgetall "ACL_RULE|EVERFLOW|RULE_3"             
1) "PRIORITY"
2) "9997"
3) "MIRROR_INGRESS_ACTION"
4) "session_1"
5) "L4_SRC_PORT"
6) "4661"

@ghooo ghooo merged commit 874d7fc into sonic-net:master Mar 23, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

[GCU or caclmgrd] GCU CACL update might broke caclmgrd
4 participants