From b4b1c234c34dc98e54830e99c1715bdecf40f1e4 Mon Sep 17 00:00:00 2001 From: Danny Allen Date: Thu, 25 Feb 2021 09:53:16 -0800 Subject: [PATCH] [201911][acl] Enable VLAN ID qualifier for ACL rules (#1648) (#1651) Signed-off-by: Danny Allen pollPeriod Conf change handled --- orchagent/aclorch.cpp | 19 +++++++++++++++++++ orchagent/aclorch.h | 1 + orchagent/txportmonorch.cpp | 1 + tests/mock_tests/aclorch_ut.cpp | 2 ++ 4 files changed, 23 insertions(+) diff --git a/orchagent/aclorch.cpp b/orchagent/aclorch.cpp index 6ea8f44e33a..84db02df470 100644 --- a/orchagent/aclorch.cpp +++ b/orchagent/aclorch.cpp @@ -32,6 +32,9 @@ extern sai_object_id_t gSwitchId; extern PortsOrch* gPortsOrch; extern CrmOrch *gCrmOrch; +#define MIN_VLAN_ID 1 // 0 is a reserved VLAN ID +#define MAX_VLAN_ID 4095 // 4096 is a reserved VLAN ID + acl_rule_attr_lookup_t aclMatchLookup = { { MATCH_IN_PORTS, SAI_ACL_ENTRY_ATTR_FIELD_IN_PORTS }, @@ -43,6 +46,7 @@ acl_rule_attr_lookup_t aclMatchLookup = { MATCH_L4_SRC_PORT, SAI_ACL_ENTRY_ATTR_FIELD_L4_SRC_PORT }, { MATCH_L4_DST_PORT, SAI_ACL_ENTRY_ATTR_FIELD_L4_DST_PORT }, { MATCH_ETHER_TYPE, SAI_ACL_ENTRY_ATTR_FIELD_ETHER_TYPE }, + { MATCH_VLAN_ID, SAI_ACL_ENTRY_ATTR_FIELD_OUTER_VLAN_ID }, { MATCH_IP_PROTOCOL, SAI_ACL_ENTRY_ATTR_FIELD_IP_PROTOCOL }, { MATCH_NEXT_HEADER, SAI_ACL_ENTRY_ATTR_FIELD_IPV6_NEXT_HEADER }, { MATCH_TCP_FLAGS, SAI_ACL_ENTRY_ATTR_FIELD_TCP_FLAGS }, @@ -286,6 +290,17 @@ bool AclRule::validateAddMatch(string attr_name, string attr_value) value.aclfield.data.u16 = to_uint(attr_value); value.aclfield.mask.u16 = 0xFFFF; } + else if (attr_name == MATCH_VLAN_ID) + { + value.aclfield.data.u16 = to_uint(attr_value); + value.aclfield.mask.u16 = 0xFFF; + + if (value.aclfield.data.u16 < MIN_VLAN_ID || value.aclfield.data.u16 > MAX_VLAN_ID) + { + SWSS_LOG_ERROR("Invalid VLAN ID: %s", attr_value.c_str()); + return false; + } + } else if (attr_name == MATCH_DSCP) { /* Support both exact value match and value/mask match */ @@ -1338,6 +1353,10 @@ bool AclTable::create() table_attrs.push_back(attr); } + attr.id = SAI_ACL_TABLE_ATTR_FIELD_OUTER_VLAN_ID; + attr.value.booldata = true; + table_attrs.push_back(attr); + attr.id = SAI_ACL_TABLE_ATTR_FIELD_ACL_IP_TYPE; attr.value.booldata = true; table_attrs.push_back(attr); diff --git a/orchagent/aclorch.h b/orchagent/aclorch.h index a8b70dfe326..b2739fcec24 100644 --- a/orchagent/aclorch.h +++ b/orchagent/aclorch.h @@ -47,6 +47,7 @@ #define MATCH_ETHER_TYPE "ETHER_TYPE" #define MATCH_IP_PROTOCOL "IP_PROTOCOL" #define MATCH_NEXT_HEADER "NEXT_HEADER" +#define MATCH_VLAN_ID "VLAN_ID" #define MATCH_TCP_FLAGS "TCP_FLAGS" #define MATCH_IP_TYPE "IP_TYPE" #define MATCH_DSCP "DSCP" diff --git a/orchagent/txportmonorch.cpp b/orchagent/txportmonorch.cpp index 00f11401c8b..d74953151fd 100644 --- a/orchagent/txportmonorch.cpp +++ b/orchagent/txportmonorch.cpp @@ -269,6 +269,7 @@ int TxPortMonOrch::handlePeriodUpdate(const vector& data){ if (restart){ this->startTimer(m_pollPeriod); + this->pollErrorStatistics(); // When restarted Update the current stats SWSS_LOG_INFO("TxPortMonOrch::handlePeriodUpdate TX_ERR poll timer restarted with interval %d\n", m_pollPeriod); } } diff --git a/tests/mock_tests/aclorch_ut.cpp b/tests/mock_tests/aclorch_ut.cpp index d08fb3a212c..97d07326447 100644 --- a/tests/mock_tests/aclorch_ut.cpp +++ b/tests/mock_tests/aclorch_ut.cpp @@ -149,6 +149,7 @@ namespace aclorch_test auto v = vector( { { "SAI_ACL_TABLE_ATTR_ACL_BIND_POINT_TYPE_LIST", "2:SAI_ACL_BIND_POINT_TYPE_PORT,SAI_ACL_BIND_POINT_TYPE_LAG" }, { "SAI_ACL_TABLE_ATTR_FIELD_ETHER_TYPE", "true" }, + { "SAI_ACL_TABLE_ATTR_FIELD_OUTER_VLAN_ID", "true" }, { "SAI_ACL_TABLE_ATTR_FIELD_ACL_IP_TYPE", "true" }, { "SAI_ACL_TABLE_ATTR_FIELD_IP_PROTOCOL", "true" }, { "SAI_ACL_TABLE_ATTR_FIELD_SRC_IP", "true" }, @@ -437,6 +438,7 @@ namespace aclorch_test vector fields; fields.push_back({ "SAI_ACL_TABLE_ATTR_ACL_BIND_POINT_TYPE_LIST", "2:SAI_ACL_BIND_POINT_TYPE_PORT,SAI_ACL_BIND_POINT_TYPE_LAG" }); + fields.push_back({ "SAI_ACL_TABLE_ATTR_FIELD_OUTER_VLAN_ID", "true" }); fields.push_back({ "SAI_ACL_TABLE_ATTR_FIELD_ACL_IP_TYPE", "true" }); fields.push_back({ "SAI_ACL_TABLE_ATTR_FIELD_IP_PROTOCOL", "true" });