Skip to content

Commit

Permalink
[sonic-acl] add ACL_TABLE_TYPE table (#9052)
Browse files Browse the repository at this point in the history 
* [sonic-acl] add ACL_TABLE_TYPE table

I implemented ACL table type concept. Till this change, there are predefined ACL table types orchagent knows about (L3, L3V6, etc.) and if other orch requires a custom table a new table type needs to be defined in aclorch.
This PR addresses this limitation by introducing AclTableType which can be constructed from a set of matches, actions and bpoint types user needs. There is also a new handler for ACL_TABLE_TYPE table which is used for user to define table types.
Currently, some of built-in ACL table types that requires special handling are distinguished from others by their names (TABLE_TYPE_MIRROR, TABLE_TYPE_MIRRORV6) and a special handling is performed by an AclOrch.
Signed-off-by: Stepan Blyshchak <stepanb@nvidia.com>
  • Loading branch information
@stepanblyschak
stepanblyschak authored Nov 23, 2021
1 parent 848a171 commit 368b038
Show file tree
Hide file tree
Showing 3 changed files with 240 additions and 1 deletion.
20 changes: 20 additions & 0 deletions src/sonic-yang-models/tests/yang_model_tests/tests/acl.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -61,5 +61,25 @@
"key": "sonic-acl:services",
"value": ["SNMP"]
}
},
"ACL_TABLE_CUSTOM_TABLE_TYPE": {
"desc": "ACL_TABLE LOAD TABLE TYPE SUCCESSFULLY."
},
"ACL_TABLE_CUSTOM_TABLE_TYPE_NO_MATCHES": {
"desc": "ACL_TABLE LOAD TABLE TYPE WITH NO MATCHES.",
"eStrKey": "MinElements"
},
"ACL_TABLE_CUSTOM_TABLE_TYPE_NO_BIND_POINT_TYPES": {
"desc": "ACL_TABLE LOAD TABLE TYPE WITH NO BIND POINT TYPES.",
"eStrKey": "MinElements"
},
"ACL_TABLE_CUSTOM_TABLE_TYPE_NO_ACTIONS": {
"desc": "ACL_TABLE LOAD TABLE TYPE SUCCESSFULLY WITH NO ACTIONS.",
"eStrKey" : "Verify",
"verify": {
"xpath": "/sonic-acl:sonic-acl/ACL_TABLE_TYPE/ACL_TABLE_TYPE_LIST[ACL_TABLE_TYPE_NAME='CUSTOM_L3']/ACL_TABLE_TYPE_NAME",
"key": "sonic-acl:actions",
"value": [""]
}
}
}
186 changes: 186 additions & 0 deletions src/sonic-yang-models/tests/yang_model_tests/tests_config/acl.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -471,5 +471,191 @@
]
}
}
},
"ACL_TABLE_CUSTOM_TABLE_TYPE": {
"sonic-acl:sonic-acl": {
"sonic-acl:ACL_TABLE": {
"ACL_TABLE_LIST": [
{
"ACL_TABLE_NAME": "NO-NSW-PACL-V6",
"policy_desc": "Filter IPv6",
"ports": [
"Ethernet0"
],
"stage": "EGRESS",
"type": "CUSTOM_L3"
}
]
},
"sonic-acl:ACL_TABLE_TYPE": {
"ACL_TABLE_TYPE_LIST": [
{
"ACL_TABLE_TYPE_NAME": "CUSTOM_L3",
"matches": [
"SRC_IP",
"IN_PORTS"
],
"actions": [
"PACKET_ACTION"
],
"bind_points": [
"PORT"
]
}
]
}
},
"sonic-port:sonic-port": {
"sonic-port:PORT": {
"PORT_LIST": [
{
"admin_status": "up",
"alias": "eth0",
"description": "Ethernet0",
"lanes": "0,1,2,3",
"mtu": 9000,
"name": "Ethernet0",
"speed": 25000
}
]
}
}
},
"ACL_TABLE_CUSTOM_TABLE_TYPE_NO_MATCHES": {
"sonic-acl:sonic-acl": {
"sonic-acl:ACL_TABLE": {
"ACL_TABLE_LIST": [
{
"ACL_TABLE_NAME": "NO-NSW-PACL-V6",
"policy_desc": "Filter IPv6",
"ports": [
"Ethernet0"
],
"stage": "EGRESS",
"type": "CUSTOM_L3"
}
]
},
"sonic-acl:ACL_TABLE_TYPE": {
"ACL_TABLE_TYPE_LIST": [
{
"ACL_TABLE_TYPE_NAME": "CUSTOM_L3",
"actions": [
"PACKET_ACTION"
],
"bind_points": [
"PORT"
]
}
]
}
},
"sonic-port:sonic-port": {
"sonic-port:PORT": {
"PORT_LIST": [
{
"admin_status": "up",
"alias": "eth0",
"description": "Ethernet0",
"lanes": "0,1,2,3",
"mtu": 9000,
"name": "Ethernet0",
"speed": 25000
}
]
}
}
},
"ACL_TABLE_CUSTOM_TABLE_TYPE_NO_BIND_POINT_TYPES": {
"sonic-acl:sonic-acl": {
"sonic-acl:ACL_TABLE": {
"ACL_TABLE_LIST": [
{
"ACL_TABLE_NAME": "NO-NSW-PACL-V6",
"policy_desc": "Filter IPv6",
"ports": [
"Ethernet0"
],
"stage": "EGRESS",
"type": "CUSTOM_L3"
}
]
},
"sonic-acl:ACL_TABLE_TYPE": {
"ACL_TABLE_TYPE_LIST": [
{
"ACL_TABLE_TYPE_NAME": "CUSTOM_L3",
"matches": [
"SRC_IP",
"IN_PORTS"
],
"actions": [
"PACKET_ACTION"
]
}
]
}
},
"sonic-port:sonic-port": {
"sonic-port:PORT": {
"PORT_LIST": [
{
"admin_status": "up",
"alias": "eth0",
"description": "Ethernet0",
"lanes": "0,1,2,3",
"mtu": 9000,
"name": "Ethernet0",
"speed": 25000
}
]
}
}
},
"ACL_TABLE_CUSTOM_TABLE_TYPE_NO_ACTIONS": {
"sonic-acl:sonic-acl": {
"sonic-acl:ACL_TABLE": {
"ACL_TABLE_LIST": [
{
"ACL_TABLE_NAME": "NO-NSW-PACL-V6",
"policy_desc": "Filter IPv6",
"ports": [
"Ethernet0"
],
"stage": "EGRESS",
"type": "CUSTOM_L3"
}
]
},
"sonic-acl:ACL_TABLE_TYPE": {
"ACL_TABLE_TYPE_LIST": [
{
"ACL_TABLE_TYPE_NAME": "CUSTOM_L3",
"matches": [
"SRC_IP",
"IN_PORTS"
],
"bind_points": [
"PORT"
]
}
]
}
},
"sonic-port:sonic-port": {
"sonic-port:PORT": {
"PORT_LIST": [
{
"admin_status": "up",
"alias": "eth0",
"description": "Ethernet0",
"lanes": "0,1,2,3",
"mtu": 9000,
"name": "Ethernet0",
"speed": 25000
}
]
}
}
}
}
35 changes: 34 additions & 1 deletion src/sonic-yang-models/yang-templates/sonic-acl.yang.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -225,6 +225,34 @@ module sonic-acl {
}
/* end of container ACL_RULE */

container ACL_TABLE_TYPE {
list ACL_TABLE_TYPE_LIST {
key "ACL_TABLE_TYPE_NAME";

leaf ACL_TABLE_TYPE_NAME {
type string;
}

leaf-list matches {
type string;
min-elements 1;
}

leaf-list actions {
type string;
default "";
}

leaf-list bind_points {
type enumeration {
enum PORT;
enum LAG;
}
min-elements 1;
}
}
}

container ACL_TABLE {

description "ACL_TABLE part of config_db.json";
Expand All @@ -245,7 +273,12 @@ module sonic-acl {

leaf type {
mandatory true;
type stypes:acl_table_type;
type union {
type leafref {
path "/acl:sonic-acl/acl:ACL_TABLE_TYPE/acl:ACL_TABLE_TYPE_LIST/acl:ACL_TABLE_TYPE_NAME";
}
type stypes:acl_table_type;
}
}

leaf stage {
Expand Down

0 comments on commit 368b038

Please sign in to comment.