Skip to content

Commit

Permalink
[202205][cherry-pick] Fix mux_acl_rule adding issue (sonic-net#2358)
Browse files Browse the repository at this point in the history
What I did
This PR is to cherry-pick sonic-net#2356 to 202205 branch. The cherry-pick is clean, no conflict is found.
This PR is to fix the issue of adding mux_acl_rule into IngressTableDrop.
The error log is

 Jun 25 08:02:37.159020 svcstr-7050-acs-4 ERR swss#orchagent: :- validateAclRuleMatch: Match SAI_ACL_ENTRY_ATTR_FIELD_IN_PORTS in rule mux_acl_rule is not supported by table IngressTableDrop
PR sonic-net#2341 added support for different matching field in different stage (INGRESS/EGRESS). For example, SAI_ACL_ENTRY_ATTR_FIELD_IN_PORTS is only supported at INGRESS stage.

However, PR sonic-net#2341 only handled one path for creating ACL table, that is by CONFIG_DB entry.
There is a case that addAclTable is directly called from other orch, such as MuxOrch. In that case, the stage dependent matcing field is not added. As a resule, we will see the above error logs.
To address the issue, I moved the call of addStageMandatoryMatchFields from doAclTableTask to addAclTable to ensure addStageMandatoryMatchFields is always called.
Please be noted that addMandatoryActions is called from both doAclTableTask and addAclTable to ensure the validation of ACL table is passing.

Why I did it
To fix ACL rule issue for mux.

How I verified it

Verified by running test_pfcwd
Verified by checking syslog

Signed-off-by: bingwang <[email protected]>
  • Loading branch information
bingwang-ms authored Jun 28, 2022
1 parent ad2d0ad commit 5ab84cf
Showing 1 changed file with 9 additions and 5 deletions.
14 changes: 9 additions & 5 deletions orchagent/aclorch.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -3694,7 +3694,14 @@ bool AclOrch::addAclTable(AclTable &newTable)
return true;
}
}

// Update matching field according to ACL stage
newTable.addStageMandatoryMatchFields();

// Add mandatory ACL action if not present
// We need to call addMandatoryActions here because addAclTable is directly called in other orchs.
// The action_list is already added if the ACL table creation is triggered by CONFIGDD, but calling addMandatoryActions
// twice will make no effect
newTable.addMandatoryActions();
if (createBindAclTable(newTable, table_oid))
{
m_AclTables[table_oid] = newTable;
Expand Down Expand Up @@ -4171,11 +4178,8 @@ void AclOrch::doAclTableTask(Consumer &consumer)
}

newTable.validateAddType(*tableType);

newTable.addStageMandatoryMatchFields();

// Add mandatory ACL action if not present
newTable.addMandatoryActions();

// validate and create/update ACL Table
if (bAllAttributesOk && newTable.validate())
{
Expand Down

0 comments on commit 5ab84cf

Please sign in to comment.