[caclmgrd] Add check for valid ethertype in IPv4/v6 rules

[anilkpan]

Added check for valid ethertype in IPv4/v6 rule.

- Why I did it
Added check for valid ethertype in IPv4/v6 rule.

- How I did it

- How to verify it

- Which release branch to backport (provide reason below if selected)

• 201811
• 201911
• 202006

- Description for the changelog
[caclmgrd] Add check for valid ethertype in IPv4/v6 rules

This was done to support stop all SSH sessions for IPv4 and IPv6 only. One option was to use source IP as 0.0.0.0/0 or ::/0 but now we just need to use Ether type or IP type instead of 0 for SIP and DIP.

• Added a validation for IPv4/6 ethertype to restrict the IPv4/6 rules to only these ethertypes.

- A picture of a cute animal (not mandatory but encouraged)

[jleveque]

@anilkpan: Your description should be the PR title (e.g., [caclmgrd] Add check for valid ethertype in IPv4/v6 rules). Can you please update that and then add more information to the description as to what you changed and why?

[ben-gale]

@anilkpan , @jleveque - can we get this one moving please? Time is of the essence! Firstly, Anil pls update the PR title as Joe suggests, and provide the extra info requested. In the meantime, I would hope that there is sufficient information (and the PR is small enough) that Joe can proceed with the review anyway?

[jleveque]

In the meantime, I would hope that there is sufficient information (and the PR is small enough) that Joe can proceed with the review anyway?

It's difficult to review the code when I don't fully understand why the change was necessary and exactly what it is intended to do.

[anilkpan]

@jleveque @ben-gale This was done to support stop all SSH sessions for IPv4 and IPv6 only. One option was to use source IP as 0.0.0.0/0 or ::/0 but now we just need to use Ether type or IP type instead of 0 for SIP and DIP.

[jleveque]

@anilkpan: Can you please update the PR title and description?

[jleveque]

As comments. Also, please update the PR title to be more descriptive.

[jleveque]

Retest broadcom please

[jleveque]

Retest vsimage please

[lguohan]

i think this change breaks the sonic-mgmt cacl test, please check see if we need to fix the test, and if this behavior is back-compatibile.

[anilkpan]

retest this please

[anilkpan]

retest this please

[jleveque]

Retest vsimage please

[anilkpan]

retest this please

[jleveque]

Retest vsimage please

[anilkpan]

retest vsimage please

[anilkpan]

retest vsimage please

[anilkpan]

@jleveque @ben-gale The vsimage test is failing even without my changes in this PR.

[ben-gale]

@jleveque @ben-gale The vsimage test is failing even without my changes in this PR.

Yep - I see this same failure in many other PRs in the repo - @jleveque, @lguohan - who can debug/fix this please?

[lguohan]

@ben-gale , we have created an issue to track this. sonic-net/sonic-mgmt#2743

[ben-gale]

retest vsimage please

[ben-gale]

retest vsimage please

[ben-gale]

retest vsimage please

[lguohan]

/Azurepipelines run

[azure-pipelines]

Azure Pipelines successfully started running 1 pipeline(s).