diff --git a/orchagent/aclorch.cpp b/orchagent/aclorch.cpp index 84c56c0dc0ff..9d2fb1de2e46 100644 --- a/orchagent/aclorch.cpp +++ b/orchagent/aclorch.cpp @@ -356,8 +356,41 @@ static acl_table_match_field_lookup_t stageMandatoryMatchFields = } } } + }, + { + TABLE_TYPE_L3, + { + { + ACL_STAGE_INGRESS, + { + SAI_ACL_TABLE_ATTR_FIELD_ACL_RANGE_TYPE + } + }, + { + ACL_STAGE_EGRESS, + { + SAI_ACL_TABLE_ATTR_FIELD_ACL_RANGE_TYPE + } + } + } + }, + { + TABLE_TYPE_L3V6, + { + { + ACL_STAGE_INGRESS, + { + SAI_ACL_TABLE_ATTR_FIELD_ACL_RANGE_TYPE + } + }, + { + ACL_STAGE_EGRESS, + { + SAI_ACL_TABLE_ATTR_FIELD_ACL_RANGE_TYPE + } + } + } } - }; static acl_ip_type_lookup_t aclIpTypeLookup = @@ -2091,6 +2124,29 @@ bool AclTable::addMandatoryActions() return true; } +bool AclTable::addStageMandatoryRangeFields() +{ + SWSS_LOG_ENTER(); + + string platform = getenv("platform") ? getenv("platform") : ""; + auto match = SAI_ACL_TABLE_ATTR_FIELD_ACL_RANGE_TYPE; + + if ((platform == BRCM_PLATFORM_SUBSTRING) && + (stage == ACL_STAGE_EGRESS)) + { + return false; + } + + type.addMatch(make_shared(set{ + {SAI_ACL_RANGE_TYPE_L4_SRC_PORT_RANGE, SAI_ACL_RANGE_TYPE_L4_DST_PORT_RANGE}})); + SWSS_LOG_INFO("Added mandatory match field %s for table type %s stage %d", + sai_serialize_enum(match, &sai_metadata_enum_sai_acl_table_attr_t).c_str(), + type.getName().c_str(), stage); + + return true; +} + + bool AclTable::addStageMandatoryMatchFields() { SWSS_LOG_ENTER(); @@ -2108,10 +2164,17 @@ bool AclTable::addStageMandatoryMatchFields() // Add the stage particular matching fields for (auto match : fields_for_stage[stage]) { - type.addMatch(make_shared(match)); - SWSS_LOG_INFO("Added mandatory match field %s for table type %s stage %d", - sai_serialize_enum(match, &sai_metadata_enum_sai_acl_table_attr_t).c_str(), - type.getName().c_str(), stage); + if (match != SAI_ACL_TABLE_ATTR_FIELD_ACL_RANGE_TYPE) + { + type.addMatch(make_shared(match)); + SWSS_LOG_INFO("Added mandatory match field %s for table type %s stage %d", + sai_serialize_enum(match, &sai_metadata_enum_sai_acl_table_attr_t).c_str(), + type.getName().c_str(), stage); + } + else + { + addStageMandatoryRangeFields(); + } } } } @@ -3035,8 +3098,6 @@ void AclOrch::initDefaultTableTypes() .withMatch(make_shared(SAI_ACL_TABLE_ATTR_FIELD_L4_SRC_PORT)) .withMatch(make_shared(SAI_ACL_TABLE_ATTR_FIELD_L4_DST_PORT)) .withMatch(make_shared(SAI_ACL_TABLE_ATTR_FIELD_TCP_FLAGS)) - .withMatch(make_shared(set{ - {SAI_ACL_RANGE_TYPE_L4_SRC_PORT_RANGE, SAI_ACL_RANGE_TYPE_L4_DST_PORT_RANGE}})) .build() ); @@ -3054,8 +3115,6 @@ void AclOrch::initDefaultTableTypes() .withMatch(make_shared(SAI_ACL_TABLE_ATTR_FIELD_L4_SRC_PORT)) .withMatch(make_shared(SAI_ACL_TABLE_ATTR_FIELD_L4_DST_PORT)) .withMatch(make_shared(SAI_ACL_TABLE_ATTR_FIELD_TCP_FLAGS)) - .withMatch(make_shared(set{ - {SAI_ACL_RANGE_TYPE_L4_SRC_PORT_RANGE, SAI_ACL_RANGE_TYPE_L4_DST_PORT_RANGE}})) .build() ); diff --git a/orchagent/aclorch.h b/orchagent/aclorch.h index 3a71fa7f6c09..4972ec1ac2f7 100644 --- a/orchagent/aclorch.h +++ b/orchagent/aclorch.h @@ -393,6 +393,9 @@ class AclTable // Add stage mandatory matching fields to ACL table bool addStageMandatoryMatchFields(); + // Add stage mandatory range fields to ACL table + bool addStageMandatoryRangeFields(); + // validate AclRule match attribute against rule and table configuration bool validateAclRuleMatch(sai_acl_entry_attr_t matchId, const AclRule& rule) const; // validate AclRule action attribute against rule and table configuration diff --git a/tests/test_acl.py b/tests/test_acl.py index ac7e7fda87a2..618f6eda6fde 100644 --- a/tests/test_acl.py +++ b/tests/test_acl.py @@ -25,11 +25,11 @@ PFCWD_TABLE_NAME = "PFCWD_TEST" PFCWD_BIND_PORTS = ["Ethernet0", "Ethernet4", "Ethernet8", "Ethernet12"] class TestAcl: - @pytest.fixture - def l3_acl_table(self, dvs_acl): + @pytest.fixture(params=['ingress', 'egress']) + def l3_acl_table(self, dvs_acl, request): try: - dvs_acl.create_acl_table(L3_TABLE_NAME, L3_TABLE_TYPE, L3_BIND_PORTS) - yield dvs_acl.get_acl_table_ids(1)[0] + dvs_acl.create_acl_table(L3_TABLE_NAME, L3_TABLE_TYPE, L3_BIND_PORTS, stage=request.param) + yield dvs_acl.get_acl_table_ids(1)[0], request.param finally: dvs_acl.remove_acl_table(L3_TABLE_NAME) dvs_acl.verify_acl_table_count(0) @@ -577,6 +577,20 @@ def test_AclTableMandatoryMatchFields(self, dvs, pfcwd_acl_table): assert match_in_ports else: assert not match_in_ports + + def test_AclTableMandatoryRangeFields(self, dvs, l3_acl_table): + """ + The test case is to verify range qualifier is not applied for egress ACL + """ + table_oid, stage = l3_acl_table + match_range_qualifier = False + entry = dvs.asic_db.wait_for_entry("ASIC_STATE:SAI_OBJECT_TYPE_ACL_TABLE", table_oid) + for k, v in entry.items(): + if k == "SAI_ACL_TABLE_ATTR_FIELD_ACL_RANGE_TYPE" and v == "true": + match_range_qualifier = True + + assert not match_range_qualifier + class TestAclCrmUtilization: @pytest.fixture(scope="class", autouse=True) def configure_crm_polling_interval_for_test(self, dvs):