Merge pull request opencomputeproject#4 from IGordynskyi/modify-IPAcl…

…Test-new-ACL-model

Modified "saiacl.IPAclTest" test case according to new SAI ACL model

test/saithrift/src/switch_sai.thrift

@@ -33,6 +33,7 @@ typedef i32 sai_thrift_policer_stat_counter_t
 typedef i32 sai_thrift_port_stat_counter_t
 typedef i32 sai_thrift_queue_stat_counter_t
 typedef i32 sai_thrift_pg_stat_counter_t
+typedef i32 sai_thrift_acl_bind_point_type_t
 
 struct sai_thrift_fdb_entry_t {
     1: sai_thrift_mac_t mac_address;
@@ -70,6 +71,11 @@ struct sai_thrift_vlan_list_t {
     2: list<sai_thrift_vlan_id_t> vlan_list;
 }
 
+struct sai_thrift_s32_list_t {
+    1: i32 count;
+    2: list<i32> s32list;
+}
+
 union sai_thrift_acl_mask_t {
     1: byte u8;
     2: byte s8;
@@ -94,6 +100,7 @@ union sai_thrift_acl_data_t {
     9: sai_thrift_ip6_t ip6;
     10: sai_thrift_object_id_t oid;
     11: sai_thrift_object_list_t objlist;
+    12: sai_thrift_s32_list_t bind_point_list;
 }
 
 struct sai_thrift_acl_field_data_t
@@ -167,7 +174,8 @@ union sai_thrift_attribute_value_t {
     18: sai_thrift_acl_field_data_t aclfield;
     19: sai_thrift_acl_action_data_t aclaction;
     20: sai_thrift_u32_list_t u32list;
-    21: sai_thrift_qos_map_list_t qosmap;
+    21: sai_thrift_s32_list_t s32list;
+    22: sai_thrift_qos_map_list_t qosmap;
 }
 
 struct sai_thrift_attribute_t {
@@ -275,13 +283,13 @@ service switch_sai_rpc {
 
     // ACL API
     sai_thrift_object_id_t sai_thrift_create_acl_table(1: list<sai_thrift_attribute_t> thrift_attr_list);
-    sai_thrift_status_t sai_thrift_delete_acl_table(1: sai_thrift_object_id_t acl_table_id);
+    sai_thrift_status_t sai_thrift_remove_acl_table(1: sai_thrift_object_id_t acl_table_id);
 
     sai_thrift_object_id_t sai_thrift_create_acl_entry(1: list<sai_thrift_attribute_t> thrift_attr_list);
-    sai_thrift_status_t sai_thrift_delete_acl_entry(1: sai_thrift_object_id_t acl_entry);
+    sai_thrift_status_t sai_thrift_remove_acl_entry(1: sai_thrift_object_id_t acl_entry);
 
     sai_thrift_object_id_t sai_thrift_create_acl_counter(1: list<sai_thrift_attribute_t> thrift_attr_list);
-    sai_thrift_status_t sai_thrift_delete_acl_counter(1: sai_thrift_object_id_t acl_counter_id);
+    sai_thrift_status_t sai_thrift_remove_acl_counter(1: sai_thrift_object_id_t acl_counter_id);
     list<sai_thrift_attribute_value_t> sai_thrift_get_acl_counter_attribute(
                              1: sai_thrift_object_id_t acl_counter_id,
                              2: list<i32> thrift_attr_ids);

test/saithrift/src/switch_sai_rpc_server.cpp

@@ -194,6 +194,9 @@ class switch_sai_rpcHandler : virtual public switch_sai_rpcIf {
               case SAI_PORT_ATTR_QOS_PFC_PRIORITY_TO_QUEUE_MAP:
                   attr_list[i].value.oid = attribute.value.oid;
                   break;
+              case SAI_PORT_ATTR_INGRESS_ACL:
+                  attr_list[i].value.oid = attribute.value.oid;
+                  break;
               default:
                   break;
           }
@@ -1423,9 +1426,20 @@ sai_thrift_object_id_t sai_thrift_get_cpu_port_id() {
           attribute = (sai_thrift_attribute_t)*it;
           attr_list[i].id = attribute.id;
           switch (attribute.id) {
-            case SAI_ACL_TABLE_ATTR_STAGE:
-            case SAI_ACL_TABLE_ATTR_PRIORITY:
-                attr_list[i].value.u32 = attribute.value.u32;
+            case SAI_ACL_TABLE_ATTR_ACL_STAGE:
+                attr_list[i].value.s32 = attribute.value.s32;
+                break;
+            case SAI_ACL_TABLE_ATTR_ACL_BIND_POINT_TYPE_LIST:
+                {
+                    int count = attribute.value.aclfield.data.bind_point_list.s32list.size();
+                    sai_int32_t *s32_list = NULL;
+                    std::vector<sai_thrift_acl_bind_point_type_t>::const_iterator it = attribute.value.aclfield.data.bind_point_list.s32list.begin();
+                    s32_list = (sai_int32_t *) malloc(sizeof(sai_int32_t) * count);
+                    for(int j = 0; j < count; j++, it++)
+                        *(s32_list + j) = (sai_int32_t) *it;
+                    attr_list[i].value.aclfield.data.bind_point_list.s32list = s32_list;
+                    attr_list[i].value.aclfield.data.bind_point_list.count = count;
+                }
                 break;
             case SAI_ACL_TABLE_ATTR_FIELD_SRC_IPv6:
             case SAI_ACL_TABLE_ATTR_FIELD_DST_IPv6:
@@ -1559,7 +1573,7 @@ sai_thrift_object_id_t sai_thrift_get_cpu_port_id() {
             case SAI_ACL_ENTRY_ATTR_ACTION_COUNTER:
                 attr_list[i].value.aclfield.data.oid = attribute.value.aclfield.data.oid;
                 break;
-            case SAI_ACL_ENTRY_ATTR_PACKET_ACTION:
+            case SAI_ACL_ENTRY_ATTR_ACTION_PACKET_ACTION:
                 attr_list[i].value.aclaction.parameter.u32 = attribute.value.aclaction.parameter.u32;
                 break;
               default:
@@ -1642,14 +1656,14 @@ sai_thrift_object_id_t sai_thrift_get_cpu_port_id() {
       return acl_table;
   }
 
-  sai_thrift_status_t sai_thrift_delete_acl_table(const sai_thrift_object_id_t acl_table_id) {
+  sai_thrift_status_t sai_thrift_remove_acl_table(const sai_thrift_object_id_t acl_table_id) {
       sai_status_t status = SAI_STATUS_SUCCESS;
       sai_acl_api_t *acl_api;
       status = sai_api_query(SAI_API_ACL, (void **) &acl_api);
       if (status != SAI_STATUS_SUCCESS) {
           return status;
       }
-      status = acl_api->delete_acl_table(acl_table_id);
+      status = acl_api->remove_acl_table(acl_table_id);
       return status;
   }
 
@@ -1670,14 +1684,14 @@ sai_thrift_object_id_t sai_thrift_get_cpu_port_id() {
       return acl_entry;
   }
 
-  sai_thrift_status_t sai_thrift_delete_acl_entry(const sai_thrift_object_id_t acl_entry) {
+  sai_thrift_status_t sai_thrift_remove_acl_entry(const sai_thrift_object_id_t acl_entry) {
       sai_status_t status = SAI_STATUS_SUCCESS;
       sai_acl_api_t *acl_api;
       status = sai_api_query(SAI_API_ACL, (void **) &acl_api);
       if (status != SAI_STATUS_SUCCESS) {
           return status;
       }
-      status = acl_api->delete_acl_entry(acl_entry);
+      status = acl_api->remove_acl_entry(acl_entry);
       return status;
   }
 
@@ -1697,15 +1711,15 @@ sai_thrift_object_id_t sai_thrift_get_cpu_port_id() {
       return acl_counter_id;
   }
 
-  sai_thrift_status_t sai_thrift_delete_acl_counter(const sai_thrift_object_id_t acl_counter_id) {
+  sai_thrift_status_t sai_thrift_remove_acl_counter(const sai_thrift_object_id_t acl_counter_id) {
       sai_object_id_t acl_entry = 0ULL;
       sai_acl_api_t *acl_api;
       sai_status_t status = SAI_STATUS_SUCCESS;
       status = sai_api_query(SAI_API_ACL, (void **) &acl_api);
       if (status != SAI_STATUS_SUCCESS) {
           return status;
       }
-      status = acl_api->delete_acl_counter(acl_counter_id);
+      status = acl_api->remove_acl_counter(acl_counter_id);
       return status;
   }
 

test/saithrift/tests/saiacl.py

@@ -25,14 +25,14 @@ def runTest(self):
         print
         print '----------------------------------------------------------------------------------------------'
         print "Sending packet ptf_intf 2 -> ptf_intf 1 (192.168.0.1 ---> 10.10.10.1 [id = 105])"
-        
+
         switch_init(self.client)
         port1 = port_list[1]
         port2 = port_list[2]
         v4_enabled = 1
         v6_enabled = 1
         mac = ''
-        
+
         vr_id = sai_thrift_create_virtual_router(self.client, v4_enabled, v6_enabled)
         rif_id1 = sai_thrift_create_router_interface(self.client, vr_id, 1, port1, 0, v4_enabled, v6_enabled, mac)
         rif_id2 = sai_thrift_create_router_interface(self.client, vr_id, 1, port2, 0, v4_enabled, v6_enabled, mac)
@@ -44,7 +44,7 @@ def runTest(self):
         sai_thrift_create_neighbor(self.client, addr_family, rif_id1, ip_addr1, dmac1)
         nhop1 = sai_thrift_create_nhop(self.client, addr_family, ip_addr1, rif_id1)
         sai_thrift_create_route(self.client, vr_id, addr_family, ip_addr1, ip_mask1, rif_id1)
-        
+
         # send the test packet(s)
         pkt = simple_tcp_packet(eth_dst=router_mac,
             eth_src='00:22:22:22:22:22',
@@ -67,12 +67,14 @@ def runTest(self):
             verify_packets(self, exp_pkt, [1])
         finally:
             print '----------------------------------------------------------------------------------------------'
-        
+
         print "Sending packet ptf_intf 2 -[acl]-> ptf_intf 1 (192.168.0.1 -[acl]-> 10.10.10.1 [id = 105])"
         print 'ACL \'DROP, src 192.168.0.1/255.255.255.0, in_ports[ptf_intf_1,2]\' Applied '
         # setup ACL to block based on Source IP
-
-        action = 1 #Drop
+        table_stage = SAI_ACL_STAGE_INGRESS
+        table_bind_point_list = [SAI_ACL_BIND_POINT_TYPE_PORT]
+        entry_priority = SAI_SWITCH_ATTR_ACL_ENTRY_MINIMUM_PRIORITY
+        action = SAI_PACKET_ACTION_DROP
         in_ports = [port1, port2]
         ip_src = "192.168.0.1"
         ip_src_mask = "255.255.255.0"
@@ -84,8 +86,10 @@ def runTest(self):
         out_ports = None
         ingress_mirror_id = None
         egress_mirror_id = None
-        
+
         acl_table_id = sai_thrift_create_acl_table(self.client,
+            table_stage,
+            table_bind_point_list,
             addr_family,
             ip_src,
             ip_dst,
@@ -94,7 +98,9 @@ def runTest(self):
             out_ports,
             in_port,
             out_port)
-        acl_entry_id = sai_thrift_create_acl_entry(self.client, acl_table_id,
+        acl_entry_id = sai_thrift_create_acl_entry(self.client,
+            acl_table_id,
+            entry_priority,
             action, addr_family,
             ip_src, ip_src_mask,
             ip_dst, ip_dst_mask,
@@ -103,10 +109,16 @@ def runTest(self):
             in_port, out_port,
             ingress_mirror_id,
             egress_mirror_id)
+
+        # bind this ACL table to port1s object id
+        attr_value = sai_thrift_attribute_value_t(oid=acl_table_id)
+        attr = sai_thrift_attribute_t(id=SAI_PORT_ATTR_INGRESS_ACL, value=attr_value)
+        self.client.sai_thrift_set_port_attribute(port1, attr)
+
         try:
             assert acl_table_id > 0, 'acl_entry_id is <= 0'
             assert acl_entry_id > 0, 'acl_entry_id is <= 0'
-            
+
             print '#### ACL \'DROP, src 192.168.0.1/255.255.255.0, in_ports[ptf_intf_1,2]\' Applied ####'
             print '#### Sending ', router_mac, '| 00:22:22:22:22:22 | 10.10.10.1 | 192.168.0.1 | @ ptf_intf 2'
             # send the same packet
@@ -115,11 +127,14 @@ def runTest(self):
             # check for absence of packet here!
             print '#### NOT Expecting 00:11:22:33:44:55 |', router_mac, '| 10.10.10.1 | 192.168.0.1 | @ ptf_intf 1'
             verify_no_packet(self, exp_pkt, 1)
-            #verify_packets(self, exp_pkt, [1])
         finally:
+            # unbind this ACL table from port1s object id
+            attr_value = sai_thrift_attribute_value_t(oid=SAI_NULL_OBJECT_ID)
+            attr = sai_thrift_attribute_t(id=SAI_PORT_ATTR_INGRESS_ACL, value=attr_value)
+            self.client.sai_thrift_set_port_attribute(port1, attr)
             # cleanup ACL
-            self.client.sai_thrift_delete_acl_entry(acl_entry_id)
-            self.client.sai_thrift_delete_acl_table(acl_table_id)
+            self.client.sai_thrift_remove_acl_entry(acl_entry_id)
+            self.client.sai_thrift_remove_acl_table(acl_table_id)
             # cleanup
             sai_thrift_remove_route(self.client, vr_id, addr_family, ip_addr1, ip_mask1, rif_id1)
             self.client.sai_thrift_remove_next_hop(nhop1)