From 70006d1cbc782e09e330bd9f2838b011dafc66f6 Mon Sep 17 00:00:00 2001 From: bingwang-ms <66248323+bingwang-ms@users.noreply.github.com> Date: Mon, 11 Mar 2024 10:13:12 -0700 Subject: [PATCH 1/6] Fix yang model for ICMP and ICMPV6 (#18311) * Fix yang model for ICMP and ICMPV6 * Change ICMP type and code to 0-255 --- .../tests/yang_model_tests/tests/acl.json | 6 + .../yang_model_tests/tests_config/acl.json | 110 ++++++++++++++++++ .../yang-templates/sonic-acl.yang.j2 | 8 +- 3 files changed, 120 insertions(+), 4 deletions(-) diff --git a/src/sonic-yang-models/tests/yang_model_tests/tests/acl.json b/src/sonic-yang-models/tests/yang_model_tests/tests/acl.json index 779a96d02b..18f053e2a3 100644 --- a/src/sonic-yang-models/tests/yang_model_tests/tests/acl.json +++ b/src/sonic-yang-models/tests/yang_model_tests/tests/acl.json @@ -20,6 +20,12 @@ "ACL_RULE_WITH_VALID_OUT_PORTS": { "desc": "Configure ACL_RULE with valid OUT_PORTS." }, + "ACL_RULE_WITH_VALID_ICMPV4_CODE": { + "desc": "Configure ACL_RULE with valid ICMPV4 type and code." + }, + "ACL_RULE_WITH_VALID_ICMPV6_CODE": { + "desc": "Configure ACL_RULE with valid ICMPV6 type and code." + }, "ACL_TABLE_EMPTY_PORTS": { "desc": "Configure ACL_TABLE with empty ports." }, diff --git a/src/sonic-yang-models/tests/yang_model_tests/tests_config/acl.json b/src/sonic-yang-models/tests/yang_model_tests/tests_config/acl.json index aa908fdb75..6f39ab6e41 100644 --- a/src/sonic-yang-models/tests/yang_model_tests/tests_config/acl.json +++ b/src/sonic-yang-models/tests/yang_model_tests/tests_config/acl.json @@ -590,6 +590,116 @@ } } }, + "ACL_RULE_WITH_VALID_ICMPV4_CODE": { + "sonic-acl:sonic-acl": { + "sonic-acl:ACL_RULE": { + "ACL_RULE_LIST": [ + { + "ACL_TABLE_NAME": "NO-NSW-PACL-V4", + "ICMP_CODE": 0, + "ICMP_TYPE": 0, + "IP_TYPE": "IPV4", + "PACKET_ACTION": "FORWARD", + "PRIORITY": 999960, + "RULE_NAME": "Rule_40" + } + ] + }, + "sonic-acl:ACL_TABLE": { + "ACL_TABLE_LIST": [ + { + "ACL_TABLE_NAME": "NO-NSW-PACL-V4", + "policy_desc": "Filter IPv4", + "ports": [ + "Ethernet0", + "Ethernet1" + ], + "stage": "EGRESS", + "type": "L3" + } + ] + } + }, + "sonic-port:sonic-port": { + "sonic-port:PORT": { + "PORT_LIST": [ + { + "admin_status": "up", + "alias": "eth0", + "description": "Ethernet0", + "lanes": "0,1,2,3", + "mtu": 9000, + "name": "Ethernet0", + "speed": 25000 + }, + { + "admin_status": "up", + "alias": "eth1", + "description": "Ethernet1", + "lanes": "4,5,6,7", + "mtu": 9000, + "name": "Ethernet1", + "speed": 25000 + } + ] + } + } + }, + "ACL_RULE_WITH_VALID_ICMPV6_CODE": { + "sonic-acl:sonic-acl": { + "sonic-acl:ACL_RULE": { + "ACL_RULE_LIST": [ + { + "ACL_TABLE_NAME": "NO-NSW-PACL-V6", + "ICMPV6_CODE": 0, + "ICMPV6_TYPE": 129, + "IP_TYPE": "IPV6", + "PACKET_ACTION": "FORWARD", + "PRIORITY": 999960, + "RULE_NAME": "Rule_40" + } + ] + }, + "sonic-acl:ACL_TABLE": { + "ACL_TABLE_LIST": [ + { + "ACL_TABLE_NAME": "NO-NSW-PACL-V6", + "policy_desc": "Filter IPv6", + "ports": [ + "Ethernet0", + "Ethernet1" + ], + "stage": "EGRESS", + "type": "L3" + } + ] + } + }, + "sonic-port:sonic-port": { + "sonic-port:PORT": { + "PORT_LIST": [ + { + "admin_status": "up", + "alias": "eth0", + "description": "Ethernet0", + "lanes": "0,1,2,3", + "mtu": 9000, + "name": "Ethernet0", + "speed": 25000 + }, + { + "admin_status": "up", + "alias": "eth1", + "description": "Ethernet1", + "lanes": "4,5,6,7", + "mtu": 9000, + "name": "Ethernet1", + "speed": 25000 + } + ] + } + } + }, "ACL_TABLE_DEFAULT_VALUE_STAGE": { "sonic-acl:sonic-acl": { "sonic-acl:ACL_TABLE": { diff --git a/src/sonic-yang-models/yang-templates/sonic-acl.yang.j2 b/src/sonic-yang-models/yang-templates/sonic-acl.yang.j2 index 513c467094..882dbf8ef9 100644 --- a/src/sonic-yang-models/yang-templates/sonic-acl.yang.j2 +++ b/src/sonic-yang-models/yang-templates/sonic-acl.yang.j2 @@ -202,13 +202,13 @@ module sonic-acl { when "not(IP_TYPE) or boolean(IP_TYPE[.='ANY' or .='IP' or .='IPV4' or .='IPv4ANY' or .='ARP'])"; leaf ICMP_TYPE { type uint8 { - range 1..44; + range 0..255; } } leaf ICMP_CODE { type uint8 { - range 1..16; + range 0..255; } } } @@ -217,13 +217,13 @@ module sonic-acl { when "not(IP_TYPE) or boolean(IP_TYPE[.='ANY' or .='IP' or .='IPV6' or .='IPv6ANY'])"; leaf ICMPV6_TYPE { type uint8 { - range 1..44; + range 0..255; } } leaf ICMPV6_CODE { type uint8 { - range 1..16; + range 0..255; } } } From 69d9bf2dce152d059bd32ca07dc5c3ba61422f38 Mon Sep 17 00:00:00 2001 From: jingwenxie Date: Wed, 8 May 2024 12:02:08 +0800 Subject: [PATCH 2/6] [YANG] Add valid v6 address to sonic-dhcp-sever.yang (#18690) #### Why I did it The PR is to allow v6 address in DHCP_SERVER table which was generated from PROD minigraph. This is to pass the YANG validation. #### How I did it Replace ipv4-address with ip-address which is a union of ipv4-address nad ipv6-address #### How to verify it Unit test --- src/sonic-yang-models/tests/files/sample_config_db.json | 3 ++- .../tests/yang_model_tests/tests_config/dhcp_server.json | 6 ++++++ src/sonic-yang-models/yang-models/sonic-dhcp-server.yang | 2 +- 3 files changed, 9 insertions(+), 2 deletions(-) diff --git a/src/sonic-yang-models/tests/files/sample_config_db.json b/src/sonic-yang-models/tests/files/sample_config_db.json index 434200dcef..1dc691510b 100644 --- a/src/sonic-yang-models/tests/files/sample_config_db.json +++ b/src/sonic-yang-models/tests/files/sample_config_db.json @@ -7,7 +7,8 @@ }, "DHCP_SERVER": { "192.0.0.8": {}, - "192.0.0.8": {} + "192.0.0.8": {}, + "2603:10e1:0:6f4::1": {} }, "DNS_NAMESERVER": { "1.1.1.1": {}, diff --git a/src/sonic-yang-models/tests/yang_model_tests/tests_config/dhcp_server.json b/src/sonic-yang-models/tests/yang_model_tests/tests_config/dhcp_server.json index 9fb7ccce99..36bf89af1f 100644 --- a/src/sonic-yang-models/tests/yang_model_tests/tests_config/dhcp_server.json +++ b/src/sonic-yang-models/tests/yang_model_tests/tests_config/dhcp_server.json @@ -8,6 +8,12 @@ }, { "ip": "10.1.9.2" + }, + { + "ip": "2603:10e1:0:6f4::1" + }, + { + "ip": "2603:10e1:0:6f5::1" } ] } diff --git a/src/sonic-yang-models/yang-models/sonic-dhcp-server.yang b/src/sonic-yang-models/yang-models/sonic-dhcp-server.yang index 0ca5e8636c..5f5039ae2d 100644 --- a/src/sonic-yang-models/yang-models/sonic-dhcp-server.yang +++ b/src/sonic-yang-models/yang-models/sonic-dhcp-server.yang @@ -40,7 +40,7 @@ module sonic-dhcp-server { leaf ip { description "IP as DHCP_SERVER"; - type inet:ipv4-address; + type inet:ip-address; } } /* end of list IPS_LIST */ From bfd38df48a5d5a244ed3074e19f1f84b6792f970 Mon Sep 17 00:00:00 2001 From: bingwang-ms <66248323+bingwang-ms@users.noreply.github.com> Date: Tue, 23 Apr 2024 22:01:57 -0700 Subject: [PATCH 3/6] Fix YANG model for ACL (#18693) * Fix YANG model for ACL --- src/sonic-yang-mgmt/tests/test_cfghelp.py | 12 +- .../tests/yang_model_tests/tests/acl.json | 12 + .../yang_model_tests/tests_config/acl.json | 220 ++++++++++++++++++ .../yang-templates/sonic-acl.yang.j2 | 14 +- .../yang-templates/sonic-types.yang.j2 | 2 + 5 files changed, 247 insertions(+), 13 deletions(-) diff --git a/src/sonic-yang-mgmt/tests/test_cfghelp.py b/src/sonic-yang-mgmt/tests/test_cfghelp.py index 70b3a1edb1..4efca817c8 100644 --- a/src/sonic-yang-mgmt/tests/test_cfghelp.py +++ b/src/sonic-yang-mgmt/tests/test_cfghelp.py @@ -111,12 +111,12 @@ Description: ACL_RULE part of config_db.json key - ACL_TABLE_NAME:RULE_NAME -+-----------+-----------------------------------------+-------------+-----------+-------------+ -| Field | Description | Mandatory | Default | Reference | -+===========+=========================================+=============+===========+=============+ -| ICMP_TYPE | Mutually exclusive in group icmp | | | | -| | when IP_TYPE in ANY,IP,IPV4,IPv4ANY,ARP | | | | -+-----------+-----------------------------------------+-------------+-----------+-------------+ ++-----------+-------------------------------------------------+-------------+-----------+-------------+ +| Field | Description | Mandatory | Default | Reference | ++===========+=================================================+=============+===========+=============+ +| ICMP_TYPE | Mutually exclusive in group icmp | | | | +| | when IP_TYPE in ANY,IP,IPV4,IPv4ANY,IPV4ANY,ARP | | | | ++-----------+-------------------------------------------------+-------------+-----------+-------------+ """ diff --git a/src/sonic-yang-models/tests/yang_model_tests/tests/acl.json b/src/sonic-yang-models/tests/yang_model_tests/tests/acl.json index 18f053e2a3..309b64bb06 100644 --- a/src/sonic-yang-models/tests/yang_model_tests/tests/acl.json +++ b/src/sonic-yang-models/tests/yang_model_tests/tests/acl.json @@ -38,6 +38,12 @@ "desc": "Configure non-existing ACL_TABLE in ACL_RULE.", "eStrKey" : "LeafRef" }, + "ACL_RULE_IP_TYPE_SRC_IPV6ANY": { + "desc": "Configure IP_TYPE as ipv6any and SRC_IPV6 in ACL_RULE." + }, + "ACL_RULE_IP_TYPE_DST_IPV4ANY": { + "desc": "Configure IP_TYPE as ipv4any and DST_IP in ACL_RULE." + }, "ACL_RULE_IP_TYPE_SRC_IPV6_MISMATCH": { "desc": "Configure IP_TYPE as ipv4any and SRC_IPV6 in ACL_RULE.", "eStrKey" : "When", @@ -51,6 +57,12 @@ "eStrKey" : "When", "eStr": ["IP_TYPE"] }, + "ACL_RULE_VALID_L4_SRC_PORT_RANGE": { + "desc": "Configure l4_src_port_range as 1024-65535 in ACL_RULE" + }, + "ACL_RULE_VALID_L4_DST_PORT_RANGE": { + "desc": "Configure l4_src_port_range as 0-65535 in ACL_RULE" + }, "ACL_RULE_WRONG_L4_SRC_PORT_RANGE": { "desc": "Configure l4_src_port_range as 99999-99999 in ACL_RULE", "eStrKey" : "Pattern" diff --git a/src/sonic-yang-models/tests/yang_model_tests/tests_config/acl.json b/src/sonic-yang-models/tests/yang_model_tests/tests_config/acl.json index 6f39ab6e41..c50fd8c71a 100644 --- a/src/sonic-yang-models/tests/yang_model_tests/tests_config/acl.json +++ b/src/sonic-yang-models/tests/yang_model_tests/tests_config/acl.json @@ -106,6 +106,114 @@ } } }, + "ACL_RULE_IP_TYPE_SRC_IPV6ANY": { + "sonic-acl:sonic-acl": { + "sonic-acl:ACL_RULE": { + "ACL_RULE_LIST": [ + { + "ACL_TABLE_NAME": "NO-NSW-PACL-V6", + "IP_TYPE": "IPV6ANY", + "PACKET_ACTION": "FORWARD", + "PRIORITY": 999980, + "RULE_NAME": "Rule_20", + "SRC_IPV6": "2001::1/64" + } + ] + }, + "sonic-acl:ACL_TABLE": { + "ACL_TABLE_LIST": [ + { + "ACL_TABLE_NAME": "NO-NSW-PACL-V6", + "policy_desc": "Filter IPv6", + "ports": [ + "Ethernet0", + "Ethernet1" + ], + "stage": "EGRESS", + "type": "L3V6" + } + ] + } + }, + "sonic-port:sonic-port": { + "sonic-port:PORT": { + "PORT_LIST": [ + { + "admin_status": "up", + "alias": "eth0", + "lanes": "0,1,2,3", + "description": "Ethernet0", + "mtu": 9000, + "name": "Ethernet0", + "speed": 25000 + }, + { + "admin_status": "up", + "alias": "eth1", + "lanes": "0,1,2,3", + "description": "Ethernet1", + "mtu": 9000, + "name": "Ethernet1", + "speed": 25000 + } + ] + } + } + }, + "ACL_RULE_IP_TYPE_DST_IPV4ANY": { + "sonic-acl:sonic-acl": { + "sonic-acl:ACL_RULE": { + "ACL_RULE_LIST": [ + { + "ACL_TABLE_NAME": "NO-NSW-PACL-V4", + "IP_TYPE": "IPV4ANY", + "PACKET_ACTION": "FORWARD", + "PRIORITY": 999980, + "RULE_NAME": "Rule_20", + "DST_IP": "192.168.0.1/21" + } + ] + }, + "sonic-acl:ACL_TABLE": { + "ACL_TABLE_LIST": [ + { + "ACL_TABLE_NAME": "NO-NSW-PACL-V4", + "policy_desc": "Filter IPv4", + "ports": [ + "Ethernet0", + "Ethernet1" + ], + "stage": "EGRESS", + "type": "L3" + } + ] + } + }, + "sonic-port:sonic-port": { + "sonic-port:PORT": { + "PORT_LIST": [ + { + "admin_status": "up", + "alias": "eth0", + "lanes": "0,1,2,3", + "description": "Ethernet0", + "mtu": 9000, + "name": "Ethernet0", + "speed": 25000 + }, + { + "admin_status": "up", + "alias": "eth1", + "lanes": "0,1,2,3", + "description": "Ethernet1", + "mtu": 9000, + "name": "Ethernet1", + "speed": 25000 + } + ] + } + } + }, "ACL_RULE_IP_TYPE_SRC_IPV6_MISMATCH": { "sonic-acl:sonic-acl": { "sonic-acl:ACL_RULE": { @@ -428,6 +536,118 @@ } } }, + "ACL_RULE_VALID_L4_SRC_PORT_RANGE": { + "sonic-acl:sonic-acl": { + "sonic-acl:ACL_RULE": { + "ACL_RULE_LIST": [ + { + "ACL_TABLE_NAME": "NO-NSW-PACL-V6", + "DST_IPV6": "2a04:f547:43:320::/64", + "IP_TYPE": "IP", + "L4_SRC_PORT_RANGE": "1024-65535", + "PACKET_ACTION": "FORWARD", + "PRIORITY": 999980, + "RULE_NAME": "Rule_20", + "SRC_IPV6": "2a04:f547:41::/48" + } + ] + }, + "sonic-acl:ACL_TABLE": { + "ACL_TABLE_LIST": [ + { + "ACL_TABLE_NAME": "NO-NSW-PACL-V6", + "policy_desc": "Filter IPv6", + "ports": [ + "Ethernet0", + "Ethernet1" + ], + "stage": "EGRESS", + "type": "L3V6" + } + ] + } + }, + "sonic-port:sonic-port": { + "sonic-port:PORT": { + "PORT_LIST": [ + { + "admin_status": "up", + "alias": "eth0", + "lanes": "0,1,2,3", + "description": "Ethernet0", + "mtu": 9000, + "name": "Ethernet0", + "speed": 25000 + }, + { + "admin_status": "up", + "alias": "eth1", + "lanes": "0,1,2,3", + "description": "Ethernet1", + "mtu": 9000, + "name": "Ethernet1", + "speed": 25000 + } + ] + } + } + }, + "ACL_RULE_VALID_L4_DST_PORT_RANGE": { + "sonic-acl:sonic-acl": { + "sonic-acl:ACL_RULE": { + "ACL_RULE_LIST": [ + { + "ACL_TABLE_NAME": "NO-NSW-PACL-V6", + "DST_IPV6": "2a04:f547:43:320::/64", + "IP_TYPE": "IP", + "L4_DST_PORT_RANGE": "1024-65535", + "PACKET_ACTION": "FORWARD", + "PRIORITY": 999980, + "RULE_NAME": "Rule_20", + "SRC_IPV6": "2a04:f547:41::/48" + } + ] + }, + "sonic-acl:ACL_TABLE": { + "ACL_TABLE_LIST": [ + { + "ACL_TABLE_NAME": "NO-NSW-PACL-V6", + "policy_desc": "Filter IPv6", + "ports": [ + "Ethernet0", + "Ethernet1" + ], + "stage": "EGRESS", + "type": "L3V6" + } + ] + } + }, + "sonic-port:sonic-port": { + "sonic-port:PORT": { + "PORT_LIST": [ + { + "admin_status": "up", + "alias": "eth0", + "lanes": "0,1,2,3", + "description": "Ethernet0", + "mtu": 9000, + "name": "Ethernet0", + "speed": 25000 + }, + { + "admin_status": "up", + "alias": "eth1", + "lanes": "0,1,2,3", + "description": "Ethernet1", + "mtu": 9000, + "name": "Ethernet1", + "speed": 25000 + } + ] + } + } + }, "ACL_RULE_WRONG_L4_SRC_PORT_RANGE": { "sonic-acl:sonic-acl": { "sonic-acl:ACL_RULE": { diff --git a/src/sonic-yang-models/yang-templates/sonic-acl.yang.j2 b/src/sonic-yang-models/yang-templates/sonic-acl.yang.j2 index 882dbf8ef9..ebaffe96e8 100644 --- a/src/sonic-yang-models/yang-templates/sonic-acl.yang.j2 +++ b/src/sonic-yang-models/yang-templates/sonic-acl.yang.j2 @@ -106,7 +106,7 @@ module sonic-acl { } } case ip4_prefix { - when "not(IP_TYPE) or boolean(IP_TYPE[.='ANY' or .='IP' or .='IPV4' or .='IPv4ANY' or .='ARP'])"; + when "not(IP_TYPE) or boolean(IP_TYPE[.='ANY' or .='IP' or .='IPV4' or .='IPv4ANY' or .='IPV4ANY' or .='ARP'])"; leaf SRC_IP { type inet:ipv4-prefix; } @@ -117,7 +117,7 @@ module sonic-acl { } case ip6_prefix { - when "not(IP_TYPE) or boolean(IP_TYPE[.='ANY' or .='IP' or .='IPV6' or .='IPv6ANY'])"; + when "not(IP_TYPE) or boolean(IP_TYPE[.='ANY' or .='IP' or .='IPV6' or .='IPv6ANY' or .='IPV6ANY'])"; leaf SRC_IPV6 { type inet:ipv6-prefix; } @@ -148,7 +148,7 @@ module sonic-acl { case l4_src_port_range { leaf L4_SRC_PORT_RANGE { type string { - pattern '([0-9]{1,4}|[0-5][0-9]{4}|[6][0-4][0-9]{3}|[6][5][0-2][0-9]{2}|[6][5][3][0-5]{2}|[6][5][3][6][0-5])-([0-9]{1,4}|[0-5][0-9]{4}|[6][0-4][0-9]{3}|[6][5][0-2][0-9]{2}|[6][5][3][0-5]{2}|[6][5][3][6][0-5])'; + pattern '([1-9][0-9]{0,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])-([1-9][0-9]{0,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])'; } } } @@ -164,7 +164,7 @@ module sonic-acl { case l4_dst_port_range { leaf L4_DST_PORT_RANGE { type string { - pattern '([0-9]{1,4}|[0-5][0-9]{4}|[6][0-4][0-9]{3}|[6][5][0-2][0-9]{2}|[6][5][3][0-5]{2}|[6][5][3][6][0-5])-([0-9]{1,4}|[0-5][0-9]{4}|[6][0-4][0-9]{3}|[6][5][0-2][0-9]{2}|[6][5][3][0-5]{2}|[6][5][3][6][0-5])'; + pattern '([1-9][0-9]{0,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])-([1-9][0-9]{0,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])'; } } } @@ -172,7 +172,7 @@ module sonic-acl { leaf ETHER_TYPE { type string { - pattern "0x0[6-9a-fA-F][0-9a-fA-F]{2}|0x[1-9a-fA-F][0-9a-fA-F]{3}|153[6-9]|15[4-9][0-9]|1[6-9][0-9][0-9]|[2-9][0-9]{3}|[1-5][0-9]{4}|6553[0-5]|655[0-2][0-9]|65[0-4][0-9]{2}|6[0-4][0-9]{3}"; + pattern "0x0[6-9a-fA-F][0-9a-fA-F]{2}|0x[1-9a-fA-F][0-9a-fA-F]{3}|153[6-9]|15[4-9][0-9]|1[6-9][0-9][0-9]|[2-9][0-9]{3}|[1-5][0-9]{4}|6553[0-5]|655[0-2][0-9]|65[0-4][0-9]{2}|6[0-4][0-9]{3}"; } } @@ -199,7 +199,7 @@ module sonic-acl { choice icmp { case icmp4 { - when "not(IP_TYPE) or boolean(IP_TYPE[.='ANY' or .='IP' or .='IPV4' or .='IPv4ANY' or .='ARP'])"; + when "not(IP_TYPE) or boolean(IP_TYPE[.='ANY' or .='IP' or .='IPV4' or .='IPv4ANY' or .='IPV4ANY' or .='ARP'])"; leaf ICMP_TYPE { type uint8 { range 0..255; @@ -214,7 +214,7 @@ module sonic-acl { } case icmp6 { - when "not(IP_TYPE) or boolean(IP_TYPE[.='ANY' or .='IP' or .='IPV6' or .='IPv6ANY'])"; + when "not(IP_TYPE) or boolean(IP_TYPE[.='ANY' or .='IP' or .='IPV6' or .='IPv6ANY' or .='IPV6ANY'])"; leaf ICMPV6_TYPE { type uint8 { range 0..255; diff --git a/src/sonic-yang-models/yang-templates/sonic-types.yang.j2 b/src/sonic-yang-models/yang-templates/sonic-types.yang.j2 index 4a81da6ed3..88c970b06e 100644 --- a/src/sonic-yang-models/yang-templates/sonic-types.yang.j2 +++ b/src/sonic-yang-models/yang-templates/sonic-types.yang.j2 @@ -76,8 +76,10 @@ module sonic-types { enum IPV4; enum IPV6; enum IPv4ANY; + enum IPV4ANY; enum NON_IP4; enum IPv6ANY; + enum IPV6ANY; enum NON_IPv6; enum ARP; } From abd453fee4c4b973fe5ffde1266a5138cd307536 Mon Sep 17 00:00:00 2001 From: Ze Gan Date: Fri, 22 Mar 2024 07:39:02 +0800 Subject: [PATCH 4/6] [Fixbug 18418] [Yang] MACSEC_PROFILE table does not match yang definition (#18419) ### Why I did it Fix the issue [18418](https://github.com/sonic-net/sonic-buildimage/issues/18418), The YANG model to MACsec fallback cak/ckn is wrong. We should allow the fallback option is empty. ### How I did it Add a condition to check whether the fallback is providered #### How to verify it Check Azp --- .../tests/yang_model_tests/tests_config/macsec.json | 12 ++++++++++++ src/sonic-yang-models/yang-models/sonic-macsec.yang | 4 ++-- 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/src/sonic-yang-models/tests/yang_model_tests/tests_config/macsec.json b/src/sonic-yang-models/tests/yang_model_tests/tests_config/macsec.json index 5c748606ee..89abcb3866 100644 --- a/src/sonic-yang-models/tests/yang_model_tests/tests_config/macsec.json +++ b/src/sonic-yang-models/tests/yang_model_tests/tests_config/macsec.json @@ -30,6 +30,18 @@ "replay_window": 64, "send_sci": "true", "rekey_period": 3600 + }, + { + "name": "test_nofallback", + "priority": 64, + "cipher_suite": "GCM-AES-XPN-256", + "primary_cak": "5207554155500e5d5157786d6c2a3d2031425a5e577e7e727f6b6c03312432262706080a00005b554f4e007975707670725b0a54540c0252445e5d7a29252b046a", + "primary_ckn": "6162636465666768696A6B6C6D6E6F706162636465666768696A6B6C6D6E6F70", + "policy": "security", + "enable_replay_protect": "true", + "replay_window": 64, + "send_sci": "true", + "rekey_period": 3600 } ] } diff --git a/src/sonic-yang-models/yang-models/sonic-macsec.yang b/src/sonic-yang-models/yang-models/sonic-macsec.yang index b3d04b725a..2d76737ee4 100644 --- a/src/sonic-yang-models/yang-models/sonic-macsec.yang +++ b/src/sonic-yang-models/yang-models/sonic-macsec.yang @@ -70,9 +70,9 @@ module sonic-macsec { } } - must "string-length(fallback_cak) = string-length(primary_cak)"; + must "string-length(fallback_cak) = 0 or string-length(fallback_cak) = string-length(primary_cak)"; - must "primary_ckn != fallback_ckn"; + must "string-length(fallback_ckn) = 0 or primary_ckn != fallback_ckn"; leaf policy { type string { From 75793c08ee49889f4a2d326d5a42bfff7a1d77a3 Mon Sep 17 00:00:00 2001 From: mssonicbld <79238446+mssonicbld@users.noreply.github.com> Date: Sat, 11 May 2024 16:01:02 +0800 Subject: [PATCH 5/6] [submodule] Update submodule sonic-utilities to the latest HEAD automatically (#18933) #### Why I did it src/sonic-utilities ``` * a1a5eac8 - (HEAD -> 202305, origin/202305) T2-VOQ-VS: Modified exception handling due to new sonic_platform package support for VS (#3250) (2 days ago) [Deepak Singhal] ``` #### How I did it #### How to verify it #### Description for the changelog --- src/sonic-utilities | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/sonic-utilities b/src/sonic-utilities index f81409023e..a1a5eac814 160000 --- a/src/sonic-utilities +++ b/src/sonic-utilities @@ -1 +1 @@ -Subproject commit f81409023ef5e8666063858b8d5a8b2625929beb +Subproject commit a1a5eac814d3e4c5cb49cf567f077a03bea1a736 From e5e8d425f0c2f3d16bbb65d112553ad54f0b1f05 Mon Sep 17 00:00:00 2001 From: mssonicbld <79238446+mssonicbld@users.noreply.github.com> Date: Sat, 11 May 2024 16:01:08 +0800 Subject: [PATCH 6/6] [submodule] Update submodule sonic-platform-common to the latest HEAD automatically (#18931) #### Why I did it src/sonic-platform-common ``` * 7658e08 - (HEAD -> 202305, origin/202305) Update Innolight package for mock test (#461) (25 hours ago) [Anoop Kamath] * e7011ea - DPinit timeout seen for Innolight transceiver during CMIS init + transceiver OIR causing CMIS init failure (#450) (2 days ago) [Anoop Kamath] * 581a7a0 - Handle page select and remote access check after changing SFP target (#462) (2 days ago) [mihirpat1] ``` #### How I did it #### How to verify it #### Description for the changelog --- src/sonic-platform-common | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/sonic-platform-common b/src/sonic-platform-common index aaa9676f3a..7658e08434 160000 --- a/src/sonic-platform-common +++ b/src/sonic-platform-common @@ -1 +1 @@ -Subproject commit aaa9676f3aa5acc235595355a00c7ab4056c3051 +Subproject commit 7658e08434aa5fe73a741fc157f41c3feccb7964