Skip to content

Commit

Permalink
[201911][acl] Enable VLAN ID qualifier for ACL rules (sonic-net#1648) (
Browse files Browse the repository at this point in the history
…sonic-net#1651)

Signed-off-by: Danny Allen <[email protected]>
  • Loading branch information
daall authored and Vivek Reddy Karri committed Feb 27, 2021
1 parent d44c2bc commit d7b64a4
Show file tree
Hide file tree
Showing 3 changed files with 22 additions and 0 deletions.
19 changes: 19 additions & 0 deletions orchagent/aclorch.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,9 @@ extern sai_object_id_t gSwitchId;
extern PortsOrch* gPortsOrch;
extern CrmOrch *gCrmOrch;

#define MIN_VLAN_ID 1 // 0 is a reserved VLAN ID
#define MAX_VLAN_ID 4095 // 4096 is a reserved VLAN ID

acl_rule_attr_lookup_t aclMatchLookup =
{
{ MATCH_IN_PORTS, SAI_ACL_ENTRY_ATTR_FIELD_IN_PORTS },
Expand All @@ -43,6 +46,7 @@ acl_rule_attr_lookup_t aclMatchLookup =
{ MATCH_L4_SRC_PORT, SAI_ACL_ENTRY_ATTR_FIELD_L4_SRC_PORT },
{ MATCH_L4_DST_PORT, SAI_ACL_ENTRY_ATTR_FIELD_L4_DST_PORT },
{ MATCH_ETHER_TYPE, SAI_ACL_ENTRY_ATTR_FIELD_ETHER_TYPE },
{ MATCH_VLAN_ID, SAI_ACL_ENTRY_ATTR_FIELD_OUTER_VLAN_ID },
{ MATCH_IP_PROTOCOL, SAI_ACL_ENTRY_ATTR_FIELD_IP_PROTOCOL },
{ MATCH_NEXT_HEADER, SAI_ACL_ENTRY_ATTR_FIELD_IPV6_NEXT_HEADER },
{ MATCH_TCP_FLAGS, SAI_ACL_ENTRY_ATTR_FIELD_TCP_FLAGS },
Expand Down Expand Up @@ -286,6 +290,17 @@ bool AclRule::validateAddMatch(string attr_name, string attr_value)
value.aclfield.data.u16 = to_uint<uint16_t>(attr_value);
value.aclfield.mask.u16 = 0xFFFF;
}
else if (attr_name == MATCH_VLAN_ID)
{
value.aclfield.data.u16 = to_uint<uint16_t>(attr_value);
value.aclfield.mask.u16 = 0xFFF;

if (value.aclfield.data.u16 < MIN_VLAN_ID || value.aclfield.data.u16 > MAX_VLAN_ID)
{
SWSS_LOG_ERROR("Invalid VLAN ID: %s", attr_value.c_str());
return false;
}
}
else if (attr_name == MATCH_DSCP)
{
/* Support both exact value match and value/mask match */
Expand Down Expand Up @@ -1338,6 +1353,10 @@ bool AclTable::create()
table_attrs.push_back(attr);
}

attr.id = SAI_ACL_TABLE_ATTR_FIELD_OUTER_VLAN_ID;
attr.value.booldata = true;
table_attrs.push_back(attr);

attr.id = SAI_ACL_TABLE_ATTR_FIELD_ACL_IP_TYPE;
attr.value.booldata = true;
table_attrs.push_back(attr);
Expand Down
1 change: 1 addition & 0 deletions orchagent/aclorch.h
Original file line number Diff line number Diff line change
Expand Up @@ -47,6 +47,7 @@
#define MATCH_ETHER_TYPE "ETHER_TYPE"
#define MATCH_IP_PROTOCOL "IP_PROTOCOL"
#define MATCH_NEXT_HEADER "NEXT_HEADER"
#define MATCH_VLAN_ID "VLAN_ID"
#define MATCH_TCP_FLAGS "TCP_FLAGS"
#define MATCH_IP_TYPE "IP_TYPE"
#define MATCH_DSCP "DSCP"
Expand Down
2 changes: 2 additions & 0 deletions tests/mock_tests/aclorch_ut.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -149,6 +149,7 @@ namespace aclorch_test
auto v = vector<swss::FieldValueTuple>(
{ { "SAI_ACL_TABLE_ATTR_ACL_BIND_POINT_TYPE_LIST", "2:SAI_ACL_BIND_POINT_TYPE_PORT,SAI_ACL_BIND_POINT_TYPE_LAG" },
{ "SAI_ACL_TABLE_ATTR_FIELD_ETHER_TYPE", "true" },
{ "SAI_ACL_TABLE_ATTR_FIELD_OUTER_VLAN_ID", "true" },
{ "SAI_ACL_TABLE_ATTR_FIELD_ACL_IP_TYPE", "true" },
{ "SAI_ACL_TABLE_ATTR_FIELD_IP_PROTOCOL", "true" },
{ "SAI_ACL_TABLE_ATTR_FIELD_SRC_IP", "true" },
Expand Down Expand Up @@ -437,6 +438,7 @@ namespace aclorch_test
vector<swss::FieldValueTuple> fields;

fields.push_back({ "SAI_ACL_TABLE_ATTR_ACL_BIND_POINT_TYPE_LIST", "2:SAI_ACL_BIND_POINT_TYPE_PORT,SAI_ACL_BIND_POINT_TYPE_LAG" });
fields.push_back({ "SAI_ACL_TABLE_ATTR_FIELD_OUTER_VLAN_ID", "true" });
fields.push_back({ "SAI_ACL_TABLE_ATTR_FIELD_ACL_IP_TYPE", "true" });
fields.push_back({ "SAI_ACL_TABLE_ATTR_FIELD_IP_PROTOCOL", "true" });

Expand Down

0 comments on commit d7b64a4

Please sign in to comment.