Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Backport-202205][acl-loader] Only add default deny rule when table is L3 or L3V6 (#2796) #2826

Merged
merged 1 commit into from
May 4, 2023
Merged

[Backport-202205][acl-loader] Only add default deny rule when table is L3 or L3V6 (#2796) #2826

merged 1 commit into from
May 4, 2023

Conversation

lizhijianrd
Copy link
Contributor

@lizhijianrd lizhijianrd commented May 4, 2023
edited
Loading

Backport #2796 to 202205 branch.

What I did

  1. Update acl-loader to only add default deny rule when table is L3 or L3V6.
  2. Update unittest to cover it.

How I did it

Update function deny_rule and return {} if table is not L3 or L3V6.

How to verify it

  1. Update unittest and run all testcases to verify.
  2. Built the package and installed on DUT to verify.

Unittest results on 202205 branch:

tests/acl_loader_test.py::TestAclLoader::test_acl_empty PASSED                                                                [  0%]
tests/acl_loader_test.py::TestAclLoader::test_valid PASSED                                                                    [  0%]
tests/acl_loader_test.py::TestAclLoader::test_invalid PASSED                                                                  [  0%]
tests/acl_loader_test.py::TestAclLoader::test_validate_mirror_action PASSED                                                   [  1%]
tests/acl_loader_test.py::TestAclLoader::test_vlan_id_translation PASSED                                                      [  1%]
tests/acl_loader_test.py::TestAclLoader::test_vlan_id_lower_bound PASSED                                                      [  1%]
tests/acl_loader_test.py::TestAclLoader::test_vlan_id_upper_bound PASSED                                                      [  1%]
tests/acl_loader_test.py::TestAclLoader::test_vlan_id_not_a_number PASSED                                                     [  1%]
tests/acl_loader_test.py::TestAclLoader::test_ethertype_translation PASSED                                                    [  1%]
tests/acl_loader_test.py::TestAclLoader::test_icmp_translation PASSED                                                         [  1%]
tests/acl_loader_test.py::TestAclLoader::test_icmpv6_translation PASSED                                                       [  1%]
tests/acl_loader_test.py::TestAclLoader::test_ingress_default_deny_rule PASSED                                                [  1%]
tests/acl_loader_test.py::TestAclLoader::test_egress_no_default_deny_rule PASSED                                              [  1%]
tests/acl_loader_test.py::TestAclLoader::test_icmp_type_lower_bound PASSED                                                    [  1%]
tests/acl_loader_test.py::TestAclLoader::test_icmp_type_upper_bound PASSED                                                    [  1%]
tests/acl_loader_test.py::TestAclLoader::test_icmp_type_not_a_number PASSED                                                   [  1%]
tests/acl_loader_test.py::TestAclLoader::test_icmp_code_lower_bound PASSED                                                    [  1%]
tests/acl_loader_test.py::TestAclLoader::test_icmp_code_upper_bound PASSED                                                    [  1%]
tests/acl_loader_test.py::TestAclLoader::test_icmp_code_not_a_number PASSED                                                   [  1%]
tests/acl_loader_test.py::TestAclLoader::test_icmp_fields_with_non_icmp_protocol PASSED                                       [  1%]
tests/acl_loader_test.py::TestAclLoader::test_icmp_fields_with_non_tcp_protocol PASSED                                        [  1%]
tests/acl_loader_test.py::TestAclLoader::test_incremental_update PASSED                                                       [  1%]

----------- coverage: platform linux, python 3.9.2-final-0 -----------
Name                                                   Stmts   Miss Branch BrPart  Cover
----------------------------------------------------------------------------------------
acl_loader/__init__.py                                     0      0      0      0   100%
acl_loader/main.py                                       638    167    284     49    69%
...
----------------------------------------------------------------------------------------
TOTAL                                                  38668  11513  13845   1937    67%
Coverage HTML written to dir htmlcov
Coverage XML written to file coverage.xml

====================================================== short test summary info ======================================================
FAILED tests/disk_check_test.py::TestDiskCheck::test_readonly - assert 1 == 0
FAILED tests/drops_group_test.py::TestDropCounters::test_show_counts - AssertionError: assert ('    IFACE    STATE    RX_ERR    RX...
FAILED tests/drops_group_test.py::TestDropCounters::test_show_counts_with_group - AssertionError: assert ('\n'\n '          DEVICE...
FAILED tests/drops_group_test.py::TestDropCounters::test_show_counts_with_type - AssertionError: assert ('    IFACE    STATE    RX...
================================ 4 failed, 2044 passed, 3 skipped, 19 warnings in 508.01s (0:08:28) =================================

@lizhijianrd
[acl-loader] Only add default deny rule when table is L3 or L3V6 (son…
5a03b0d 
…ic-net#2796)

What I did
1. Update acl-loader to only add default deny rule when table is L3 or L3V6.
2. Update unittest to cover it.

How I did it
Update function deny_rule and return {} if table is not L3 or L3V6.

How to verify it
1. Update unittest and run all testcases to verify.
2. Built the package and installed on DUT to verify.

Signed-off-by: Zhijian Li <[email protected]>
@yxieca yxieca merged commit f6359bc into sonic-net:202205 May 4, 2023
@lizhijianrd lizhijianrd deleted the backport-acl-loader-202205 branch May 5, 2023 02:13
@lizhijianrd lizhijianrd mentioned this pull request May 7, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@yxieca yxieca yxieca approved these changes

@bingwang-ms bingwang-ms Awaiting requested review from bingwang-ms

@Blueve Blueve Awaiting requested review from Blueve

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@lizhijianrd @yxieca