SwSS Changes for DHCP DoS Mitigation Feature #3130
Conversation
asraza07
changed the title
asraza07
changed the title
|
@Yarden-Z Hi Yarden, Can you please help review this code. Thanks in advance! |
muhammadalihussnain
force-pushed
the
dhcp_dos_mitigation_swss
branch
from
b761b27 to
d22882a
Compare
tests/conftest.py
Outdated
| @@ -231,7 +231,7 @@ def __init__(self, ctn_name: str, pid: int, i: int): | |||
| # bring up link in the virtual switch | |||
| ensure_system(f"nsenter -t {pid} -n ip link set dev {self.pifname} up") | |||
|
|
|||
| # disable arp, so no neigh on physical interfaces | |||
| # disable arp, so no neigh on physical interfaces0 / 21 files viewed | |||
There was a problem hiding this comment.
The comment is not right. Please fix
tests/conftest.py
Outdated
| @@ -1432,7 +1432,7 @@ def get_state_db(self) -> DVSDatabase: | |||
| return self.state_db | |||
|
|
|||
| def change_port_breakout_mode(self, intf_name, target_mode, options=""): | |||
| cmd = f"config interface breakout {intf_name} {target_mode} -y {options}" | |||
| cmd = f"config interface breakout {intf_name} {target_mode} -y {options}"py | |||
There was a problem hiding this comment.
what is the additional "py" at the end?
There was a problem hiding this comment.
this py was added mistakenly
tests/dvslib/dvs_database.py
Outdated
| @@ -146,7 +146,7 @@ def wait_for_entry( | |||
| """Wait for the entry stored at `key` in the specified table to exist and retrieve it. | |||
|
|
|||
| Args: | |||
| table_name: The name of the table where the entry is stored. | |||
| table_name: The name of the table where theentry is stored. | |||
There was a problem hiding this comment.
Please fix stray characters
tests/dvslib/dvs_database.py
Outdated
| @@ -251,7 +248,7 @@ def access_function(): | |||
|
|
|||
| return result | |||
|
|
|||
| def wait_for_field_negative_match( | |||
| def wait_for_field_negative_match( | |||
There was a problem hiding this comment.
Please fix stray characters
tests/test_interface.py
Outdated
| @@ -220,7 +220,7 @@ def test_PortInterfaceAddRemoveIpv6Address(self, dvs, testlog): | |||
| if route["dest"] == "fc00::/126": | |||
| assert False | |||
| if route["dest"] == "fc00::1/128": | |||
| assert False | |||
| assert False | |||
There was a problem hiding this comment.
Fix trailing whitespaces
cfgmgr/portmgr.cpp
Outdated
| else if (fvField(i) == "admin_status") | ||
| { | ||
| admin_status = fvValue(i); | ||
| } | ||
| } |
There was a problem hiding this comment.
The latest set of changes lgtm. This branch seems to be out-of-date with master. Could you please fix? Once done, please request @prsunny to help merge if there are no other concerns.
|
/azp run |
|
Azure Pipelines successfully started running 1 pipeline(s). |
|
@prsunny , PR has been approved. Please help to merge code PR. Thanks in advance |
|
@prsunny please help merge this PR, pending for long!Thanks! |
|
/azp run |
|
Azure Pipelines successfully started running 1 pipeline(s). |
|
Commenter does not have sufficient privileges for PR 3130 in repo sonic-net/sonic-swss |
1 similar comment
|
Commenter does not have sufficient privileges for PR 3130 in repo sonic-net/sonic-swss |
|
@asraza07 , can you resolve conflicts? Also Please provide the merge sequence. Does this PR has any dependency on sonic-buildimage PR. |
| } | ||
| if (!dhcp_rate_limit.empty()) | ||
| { | ||
| setPortDHCPMitigationRate(alias, dhcp_rate_limit); |
There was a problem hiding this comment.
This should be set only if there is explicit configuration of dhcp_rate_limit. It should stay the same as today (no kernel TC) if there is no config.
| @@ -283,6 +284,7 @@ def create_interface_n_fg_ecmp_config(dvs, nh_range_start, nh_range_end, fg_nhg_ | |||
| dvs.port_admin_set(if_name_key, "up") | |||
| shutdown_link(dvs, app_db, i) | |||
| startup_link(dvs, app_db, i) | |||
| time.sleep(5) | |||
There was a problem hiding this comment.
Please don't change any tests not part of this feature
| @@ -2293,4 +2299,4 @@ def test_portChannelInterfaceLoopbackActionForward(self, dvs, testlog): | |||
| # Add Dummy always-pass test at end as workaroud | |||
| # for issue when Flaky fail on final test it invokes module tear-down before retrying | |||
| def test_nonflaky_dummy(): | |||
| pass | |||
| pass | |||
There was a problem hiding this comment.
Revert non relevant changes.
| # try to remove this port | ||
| config_db.delete_entry('PORT', PORT_A) | ||
| num = asic_db.wait_for_n_keys("ASIC_STATE:SAI_OBJECT_TYPE_PORT", | ||
| num_of_ports-1, | ||
| polling_config = PollingConfig(polling_interval = 1, timeout = 5.00, strict = True)) | ||
| polling_config = PollingConfig(polling_interval = 1, timeout = 10.00, strict = True)) |
What I did
Added support for DHCP DoS Mitigation feature via kernel through PortMgrd
Why I did it
DHCP Mitigation Rate attribute added to config_db needed a path to appl_db and kernel configurations. This was done through PortMgrd