Skip to content

Commit

Permalink
[acl] Add new ACL key BTH_OPCODE and AETH_SYNDROME (sonic-net#2617)
Browse files Browse the repository at this point in the history 
- What I did
Add new ACL key BTH_OPCODE and AETH_SYNDROME

- Why I did it
Add new ACL key BTH_OPCODE and AETH_SYNDROME

- How I verified it
Manual test
  • Loading branch information
@Junchao-Mellanox
Junchao-Mellanox authored Jan 29, 2023
1 parent 9d1f66b commit a2a483d
Show file tree
Hide file tree
Showing 3 changed files with 77 additions and 3 deletions.
36 changes: 34 additions & 2 deletions orchagent/aclorch.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -69,7 +69,9 @@ acl_rule_attr_lookup_t aclMatchLookup =
{ MATCH_INNER_ETHER_TYPE, SAI_ACL_ENTRY_ATTR_FIELD_INNER_ETHER_TYPE },
{ MATCH_INNER_IP_PROTOCOL, SAI_ACL_ENTRY_ATTR_FIELD_INNER_IP_PROTOCOL },
{ MATCH_INNER_L4_SRC_PORT, SAI_ACL_ENTRY_ATTR_FIELD_INNER_L4_SRC_PORT },
{ MATCH_INNER_L4_DST_PORT, SAI_ACL_ENTRY_ATTR_FIELD_INNER_L4_DST_PORT }
{ MATCH_INNER_L4_DST_PORT, SAI_ACL_ENTRY_ATTR_FIELD_INNER_L4_DST_PORT },
{ MATCH_BTH_OPCODE, SAI_ACL_ENTRY_ATTR_FIELD_BTH_OPCODE},
{ MATCH_AETH_SYNDROME, SAI_ACL_ENTRY_ATTR_FIELD_AETH_SYNDROME}
};

static acl_range_type_lookup_t aclRangeTypeLookup =
Expand Down Expand Up @@ -970,6 +972,36 @@ bool AclRule::validateAddMatch(string attr_name, string attr_value)
matchData.data.u8 = to_uint<uint8_t>(attr_value);
matchData.mask.u8 = 0xFF;
}
else if (attr_name == MATCH_BTH_OPCODE)
{
auto opcode_data = tokenize(attr_value, '/');

if (opcode_data.size() == 2)
{
matchData.data.u8 = to_uint<uint8_t>(opcode_data[0]);
matchData.mask.u8 = to_uint<uint8_t>(opcode_data[1]);
}
else
{
SWSS_LOG_ERROR("Invalid BTH_OPCODE configuration: %s, expected format <data>/<mask>", attr_value.c_str());
return false;
}
}
else if (attr_name == MATCH_AETH_SYNDROME)
{
auto syndrome_data = tokenize(attr_value, '/');

if (syndrome_data.size() == 2)
{
matchData.data.u8 = to_uint<uint8_t>(syndrome_data[0]);
matchData.mask.u8 = to_uint<uint8_t>(syndrome_data[1]);
}
else
{
SWSS_LOG_ERROR("Invalid AETH_SYNDROME configuration: %s, expected format <data>/<mask>", attr_value.c_str());
return false;
}
}
}
catch (exception &e)
{
Expand Down Expand Up @@ -3796,7 +3828,7 @@ bool AclOrch::addAclTable(AclTable &newTable)
}
// Update matching field according to ACL stage
newTable.addStageMandatoryMatchFields();

// Add mandatory ACL action if not present
// We need to call addMandatoryActions here because addAclTable is directly called in other orchs.
// The action_list is already added if the ACL table creation is triggered by CONFIGDD, but calling addMandatoryActions
Expand Down
2 changes: 2 additions & 0 deletions orchagent/aclorch.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,8 @@
#define MATCH_INNER_IP_PROTOCOL "INNER_IP_PROTOCOL"
#define MATCH_INNER_L4_SRC_PORT "INNER_L4_SRC_PORT"
#define MATCH_INNER_L4_DST_PORT "INNER_L4_DST_PORT"
#define MATCH_BTH_OPCODE "BTH_OPCODE"
#define MATCH_AETH_SYNDROME "AETH_SYNDROME"

#define BIND_POINT_TYPE_PORT "PORT"
#define BIND_POINT_TYPE_PORTCHANNEL "PORTCHANNEL"
Expand Down
42 changes: 41 additions & 1 deletion tests/mock_tests/aclorch_ut.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1409,7 +1409,7 @@ namespace aclorch_test
{
{
ACL_TABLE_TYPE_MATCHES,
string(MATCH_SRC_IP) + comma + MATCH_ETHER_TYPE + comma + MATCH_L4_SRC_PORT_RANGE
string(MATCH_SRC_IP) + comma + MATCH_ETHER_TYPE + comma + MATCH_L4_SRC_PORT_RANGE + comma + MATCH_BTH_OPCODE + comma + MATCH_AETH_SYNDROME
},
{
ACL_TABLE_TYPE_BPOINT_TYPES,
Expand All @@ -1431,6 +1431,8 @@ namespace aclorch_test
{ "SAI_ACL_TABLE_ATTR_FIELD_SRC_IP", "true" },
{ "SAI_ACL_TABLE_ATTR_FIELD_ETHER_TYPE", "true" },
{ "SAI_ACL_TABLE_ATTR_FIELD_ACL_RANGE_TYPE", "1:SAI_ACL_RANGE_TYPE_L4_SRC_PORT_RANGE" },
{ "SAI_ACL_TABLE_ATTR_FIELD_BTH_OPCODE", "true" },
{ "SAI_ACL_TABLE_ATTR_FIELD_AETH_SYNDROME", "true" },
};

ASSERT_TRUE(validateAclTable(
Expand Down Expand Up @@ -1477,6 +1479,42 @@ namespace aclorch_test
// DST_IP is not in the table type
ASSERT_FALSE(orch->getAclRule(aclTableName, aclRuleName));

orch->doAclRuleTask(
deque<KeyOpFieldsValuesTuple>(
{
{
aclTableName + "|" + aclRuleName,
SET_COMMAND,
{
{ ACTION_PACKET_ACTION, PACKET_ACTION_DROP },
{ MATCH_BTH_OPCODE, "0x60" },
}
}
}
)
);

// MATCH_BTH_OPCODE invalid format
ASSERT_FALSE(orch->getAclRule(aclTableName, aclRuleName));

orch->doAclRuleTask(
deque<KeyOpFieldsValuesTuple>(
{
{
aclTableName + "|" + aclRuleName,
SET_COMMAND,
{
{ ACTION_PACKET_ACTION, PACKET_ACTION_DROP },
{ MATCH_AETH_SYNDROME, "0x60" },
}
}
}
)
);

// MATCH_AETH_SYNDROME invalid format
ASSERT_FALSE(orch->getAclRule(aclTableName, aclRuleName));

orch->doAclRuleTask(
deque<KeyOpFieldsValuesTuple>(
{
Expand All @@ -1486,6 +1524,8 @@ namespace aclorch_test
{
{ MATCH_SRC_IP, "1.1.1.1/32" },
{ ACTION_PACKET_ACTION, PACKET_ACTION_DROP },
{ MATCH_BTH_OPCODE, "0x60/0xff" },
{ MATCH_AETH_SYNDROME, "0x60/0x60" },
}
}
}
Expand Down

0 comments on commit a2a483d

Please sign in to comment.