diff --git a/test/saithrift/src/switch_sai.thrift b/test/saithrift/src/switch_sai.thrift index e7d426f98..824767826 100644 --- a/test/saithrift/src/switch_sai.thrift +++ b/test/saithrift/src/switch_sai.thrift @@ -33,6 +33,7 @@ typedef i32 sai_thrift_policer_stat_counter_t typedef i32 sai_thrift_port_stat_counter_t typedef i32 sai_thrift_queue_stat_counter_t typedef i32 sai_thrift_pg_stat_counter_t +typedef i32 sai_thrift_acl_bind_point_type_t struct sai_thrift_fdb_entry_t { 1: sai_thrift_mac_t mac_address; @@ -70,6 +71,11 @@ struct sai_thrift_vlan_list_t { 2: list vlan_list; } +struct sai_thrift_s32_list_t { + 1: i32 count; + 2: list s32list; +} + union sai_thrift_acl_mask_t { 1: byte u8; 2: byte s8; @@ -94,6 +100,7 @@ union sai_thrift_acl_data_t { 9: sai_thrift_ip6_t ip6; 10: sai_thrift_object_id_t oid; 11: sai_thrift_object_list_t objlist; + 12: sai_thrift_s32_list_t bind_point_list; } struct sai_thrift_acl_field_data_t @@ -167,7 +174,8 @@ union sai_thrift_attribute_value_t { 18: sai_thrift_acl_field_data_t aclfield; 19: sai_thrift_acl_action_data_t aclaction; 20: sai_thrift_u32_list_t u32list; - 21: sai_thrift_qos_map_list_t qosmap; + 21: sai_thrift_s32_list_t s32list; + 22: sai_thrift_qos_map_list_t qosmap; } struct sai_thrift_attribute_t { @@ -275,13 +283,13 @@ service switch_sai_rpc { // ACL API sai_thrift_object_id_t sai_thrift_create_acl_table(1: list thrift_attr_list); - sai_thrift_status_t sai_thrift_delete_acl_table(1: sai_thrift_object_id_t acl_table_id); + sai_thrift_status_t sai_thrift_remove_acl_table(1: sai_thrift_object_id_t acl_table_id); sai_thrift_object_id_t sai_thrift_create_acl_entry(1: list thrift_attr_list); - sai_thrift_status_t sai_thrift_delete_acl_entry(1: sai_thrift_object_id_t acl_entry); + sai_thrift_status_t sai_thrift_remove_acl_entry(1: sai_thrift_object_id_t acl_entry); sai_thrift_object_id_t sai_thrift_create_acl_counter(1: list thrift_attr_list); - sai_thrift_status_t sai_thrift_delete_acl_counter(1: sai_thrift_object_id_t acl_counter_id); + sai_thrift_status_t sai_thrift_remove_acl_counter(1: sai_thrift_object_id_t acl_counter_id); list sai_thrift_get_acl_counter_attribute( 1: sai_thrift_object_id_t acl_counter_id, 2: list thrift_attr_ids); diff --git a/test/saithrift/src/switch_sai_rpc_server.cpp b/test/saithrift/src/switch_sai_rpc_server.cpp index 307c6f1b8..30aec3cea 100644 --- a/test/saithrift/src/switch_sai_rpc_server.cpp +++ b/test/saithrift/src/switch_sai_rpc_server.cpp @@ -194,6 +194,9 @@ class switch_sai_rpcHandler : virtual public switch_sai_rpcIf { case SAI_PORT_ATTR_QOS_PFC_PRIORITY_TO_QUEUE_MAP: attr_list[i].value.oid = attribute.value.oid; break; + case SAI_PORT_ATTR_INGRESS_ACL: + attr_list[i].value.oid = attribute.value.oid; + break; default: break; } @@ -1423,9 +1426,20 @@ sai_thrift_object_id_t sai_thrift_get_cpu_port_id() { attribute = (sai_thrift_attribute_t)*it; attr_list[i].id = attribute.id; switch (attribute.id) { - case SAI_ACL_TABLE_ATTR_STAGE: - case SAI_ACL_TABLE_ATTR_PRIORITY: - attr_list[i].value.u32 = attribute.value.u32; + case SAI_ACL_TABLE_ATTR_ACL_STAGE: + attr_list[i].value.s32 = attribute.value.s32; + break; + case SAI_ACL_TABLE_ATTR_ACL_BIND_POINT_TYPE_LIST: + { + int count = attribute.value.aclfield.data.bind_point_list.s32list.size(); + sai_int32_t *s32_list = NULL; + std::vector::const_iterator it = attribute.value.aclfield.data.bind_point_list.s32list.begin(); + s32_list = (sai_int32_t *) malloc(sizeof(sai_int32_t) * count); + for(int j = 0; j < count; j++, it++) + *(s32_list + j) = (sai_int32_t) *it; + attr_list[i].value.aclfield.data.bind_point_list.s32list = s32_list; + attr_list[i].value.aclfield.data.bind_point_list.count = count; + } break; case SAI_ACL_TABLE_ATTR_FIELD_SRC_IPv6: case SAI_ACL_TABLE_ATTR_FIELD_DST_IPv6: @@ -1559,7 +1573,7 @@ sai_thrift_object_id_t sai_thrift_get_cpu_port_id() { case SAI_ACL_ENTRY_ATTR_ACTION_COUNTER: attr_list[i].value.aclfield.data.oid = attribute.value.aclfield.data.oid; break; - case SAI_ACL_ENTRY_ATTR_PACKET_ACTION: + case SAI_ACL_ENTRY_ATTR_ACTION_PACKET_ACTION: attr_list[i].value.aclaction.parameter.u32 = attribute.value.aclaction.parameter.u32; break; default: @@ -1642,14 +1656,14 @@ sai_thrift_object_id_t sai_thrift_get_cpu_port_id() { return acl_table; } - sai_thrift_status_t sai_thrift_delete_acl_table(const sai_thrift_object_id_t acl_table_id) { + sai_thrift_status_t sai_thrift_remove_acl_table(const sai_thrift_object_id_t acl_table_id) { sai_status_t status = SAI_STATUS_SUCCESS; sai_acl_api_t *acl_api; status = sai_api_query(SAI_API_ACL, (void **) &acl_api); if (status != SAI_STATUS_SUCCESS) { return status; } - status = acl_api->delete_acl_table(acl_table_id); + status = acl_api->remove_acl_table(acl_table_id); return status; } @@ -1670,14 +1684,14 @@ sai_thrift_object_id_t sai_thrift_get_cpu_port_id() { return acl_entry; } - sai_thrift_status_t sai_thrift_delete_acl_entry(const sai_thrift_object_id_t acl_entry) { + sai_thrift_status_t sai_thrift_remove_acl_entry(const sai_thrift_object_id_t acl_entry) { sai_status_t status = SAI_STATUS_SUCCESS; sai_acl_api_t *acl_api; status = sai_api_query(SAI_API_ACL, (void **) &acl_api); if (status != SAI_STATUS_SUCCESS) { return status; } - status = acl_api->delete_acl_entry(acl_entry); + status = acl_api->remove_acl_entry(acl_entry); return status; } @@ -1697,7 +1711,7 @@ sai_thrift_object_id_t sai_thrift_get_cpu_port_id() { return acl_counter_id; } - sai_thrift_status_t sai_thrift_delete_acl_counter(const sai_thrift_object_id_t acl_counter_id) { + sai_thrift_status_t sai_thrift_remove_acl_counter(const sai_thrift_object_id_t acl_counter_id) { sai_object_id_t acl_entry = 0ULL; sai_acl_api_t *acl_api; sai_status_t status = SAI_STATUS_SUCCESS; @@ -1705,7 +1719,7 @@ sai_thrift_object_id_t sai_thrift_get_cpu_port_id() { if (status != SAI_STATUS_SUCCESS) { return status; } - status = acl_api->delete_acl_counter(acl_counter_id); + status = acl_api->remove_acl_counter(acl_counter_id); return status; } diff --git a/test/saithrift/tests/saiacl.py b/test/saithrift/tests/saiacl.py index 9e1462f3f..74c503ed3 100644 --- a/test/saithrift/tests/saiacl.py +++ b/test/saithrift/tests/saiacl.py @@ -25,14 +25,14 @@ def runTest(self): print print '----------------------------------------------------------------------------------------------' print "Sending packet ptf_intf 2 -> ptf_intf 1 (192.168.0.1 ---> 10.10.10.1 [id = 105])" - + switch_init(self.client) port1 = port_list[1] port2 = port_list[2] v4_enabled = 1 v6_enabled = 1 mac = '' - + vr_id = sai_thrift_create_virtual_router(self.client, v4_enabled, v6_enabled) rif_id1 = sai_thrift_create_router_interface(self.client, vr_id, 1, port1, 0, v4_enabled, v6_enabled, mac) rif_id2 = sai_thrift_create_router_interface(self.client, vr_id, 1, port2, 0, v4_enabled, v6_enabled, mac) @@ -44,7 +44,7 @@ def runTest(self): sai_thrift_create_neighbor(self.client, addr_family, rif_id1, ip_addr1, dmac1) nhop1 = sai_thrift_create_nhop(self.client, addr_family, ip_addr1, rif_id1) sai_thrift_create_route(self.client, vr_id, addr_family, ip_addr1, ip_mask1, rif_id1) - + # send the test packet(s) pkt = simple_tcp_packet(eth_dst=router_mac, eth_src='00:22:22:22:22:22', @@ -67,12 +67,14 @@ def runTest(self): verify_packets(self, exp_pkt, [1]) finally: print '----------------------------------------------------------------------------------------------' - + print "Sending packet ptf_intf 2 -[acl]-> ptf_intf 1 (192.168.0.1 -[acl]-> 10.10.10.1 [id = 105])" print 'ACL \'DROP, src 192.168.0.1/255.255.255.0, in_ports[ptf_intf_1,2]\' Applied ' # setup ACL to block based on Source IP - - action = 1 #Drop + table_stage = SAI_ACL_STAGE_INGRESS + table_bind_point_list = [SAI_ACL_BIND_POINT_TYPE_PORT] + entry_priority = SAI_SWITCH_ATTR_ACL_ENTRY_MINIMUM_PRIORITY + action = SAI_PACKET_ACTION_DROP in_ports = [port1, port2] ip_src = "192.168.0.1" ip_src_mask = "255.255.255.0" @@ -84,8 +86,10 @@ def runTest(self): out_ports = None ingress_mirror_id = None egress_mirror_id = None - + acl_table_id = sai_thrift_create_acl_table(self.client, + table_stage, + table_bind_point_list, addr_family, ip_src, ip_dst, @@ -94,7 +98,9 @@ def runTest(self): out_ports, in_port, out_port) - acl_entry_id = sai_thrift_create_acl_entry(self.client, acl_table_id, + acl_entry_id = sai_thrift_create_acl_entry(self.client, + acl_table_id, + entry_priority, action, addr_family, ip_src, ip_src_mask, ip_dst, ip_dst_mask, @@ -103,10 +109,16 @@ def runTest(self): in_port, out_port, ingress_mirror_id, egress_mirror_id) + + # bind this ACL table to port1s object id + attr_value = sai_thrift_attribute_value_t(oid=acl_table_id) + attr = sai_thrift_attribute_t(id=SAI_PORT_ATTR_INGRESS_ACL, value=attr_value) + self.client.sai_thrift_set_port_attribute(port1, attr) + try: assert acl_table_id > 0, 'acl_entry_id is <= 0' assert acl_entry_id > 0, 'acl_entry_id is <= 0' - + print '#### ACL \'DROP, src 192.168.0.1/255.255.255.0, in_ports[ptf_intf_1,2]\' Applied ####' print '#### Sending ', router_mac, '| 00:22:22:22:22:22 | 10.10.10.1 | 192.168.0.1 | @ ptf_intf 2' # send the same packet @@ -115,11 +127,14 @@ def runTest(self): # check for absence of packet here! print '#### NOT Expecting 00:11:22:33:44:55 |', router_mac, '| 10.10.10.1 | 192.168.0.1 | @ ptf_intf 1' verify_no_packet(self, exp_pkt, 1) - #verify_packets(self, exp_pkt, [1]) finally: + # unbind this ACL table from port1s object id + attr_value = sai_thrift_attribute_value_t(oid=SAI_NULL_OBJECT_ID) + attr = sai_thrift_attribute_t(id=SAI_PORT_ATTR_INGRESS_ACL, value=attr_value) + self.client.sai_thrift_set_port_attribute(port1, attr) # cleanup ACL - self.client.sai_thrift_delete_acl_entry(acl_entry_id) - self.client.sai_thrift_delete_acl_table(acl_table_id) + self.client.sai_thrift_remove_acl_entry(acl_entry_id) + self.client.sai_thrift_remove_acl_table(acl_table_id) # cleanup sai_thrift_remove_route(self.client, vr_id, addr_family, ip_addr1, ip_mask1, rif_id1) self.client.sai_thrift_remove_next_hop(nhop1) diff --git a/test/saithrift/tests/switch.py b/test/saithrift/tests/switch.py index 4bd8033b8..4adc9a0fb 100644 --- a/test/saithrift/tests/switch.py +++ b/test/saithrift/tests/switch.py @@ -400,59 +400,78 @@ def sai_thrift_create_hostif(client, rif_or_port_id, intf_name): hif_id = client.sai_thrift_create_hostif(attr_list) return hif_id -def sai_thrift_create_acl_table(client, addr_family, +def sai_thrift_create_acl_table(client, + table_stage, + table_bind_point_list, + addr_family, ip_src, ip_dst, ip_proto, in_ports, out_ports, in_port, out_port): - #print "aaa" + acl_attr_list = [] + + if table_stage != None: + attribute_value = sai_thrift_attribute_value_t(s32=table_stage) + attribute = sai_thrift_attribute_t(id=SAI_ACL_TABLE_ATTR_STAGE, + value=attribute_value) + acl_attr_list.append(attribute) + + if table_bind_point_list != None: + acl_table_bind_point_list = sai_thrift_s32_list_t(count=len(table_bind_point_list), s32list=table_bind_point_list) + attribute_value = sai_thrift_attribute_value_t(aclfield=sai_thrift_acl_field_data_t(data = sai_thrift_acl_data_t(bind_point_list=acl_table_bind_point_list))) + attribute = sai_thrift_attribute_t(id=SAI_ACL_TABLE_ATTR_ACL_BIND_POINT_TYPE_LIST, + value=attribute_value) + acl_attr_list.append(attribute) + if ip_src != None: attribute_value = sai_thrift_attribute_value_t(booldata=1) attribute = sai_thrift_attribute_t(id=SAI_ACL_TABLE_ATTR_FIELD_SRC_IP, value=attribute_value) acl_attr_list.append(attribute) + if ip_dst != None: attribute_value = sai_thrift_attribute_value_t(booldata=1) attribute = sai_thrift_attribute_t(id=SAI_ACL_TABLE_ATTR_FIELD_DST_IP, value=attribute_value) acl_attr_list.append(attribute) + if ip_proto != None: attribute_value = sai_thrift_attribute_value_t(booldata=1) attribute = sai_thrift_attribute_t(id=SAI_ACL_TABLE_ATTR_FIELD_IP_PROTOCOL, value=attribute_value) acl_attr_list.append(attribute) + if in_ports: attribute_value = sai_thrift_attribute_value_t(booldata=1) attribute = sai_thrift_attribute_t(id=SAI_ACL_TABLE_ATTR_FIELD_IN_PORTS, value=attribute_value) acl_attr_list.append(attribute) + if out_ports: attribute_value = sai_thrift_attribute_value_t(booldata=1) attribute = sai_thrift_attribute_t(id=SAI_ACL_TABLE_ATTR_FIELD_OUT_PORTS, value=attribute_value) acl_attr_list.append(attribute) + if in_port != None: attribute_value = sai_thrift_attribute_value_t(booldata=1) attribute = sai_thrift_attribute_t(id=SAI_ACL_TABLE_ATTR_FIELD_IN_PORT, value=attribute_value) acl_attr_list.append(attribute) + if out_port != None: attribute_value = sai_thrift_attribute_value_t(booldata=1) attribute = sai_thrift_attribute_t(id=SAI_ACL_TABLE_ATTR_FIELD_OUT_PORT, value=attribute_value) acl_attr_list.append(attribute) - attribute_value = sai_thrift_attribute_value_t(u32=0) #TODO: Expose stage as function parameter - attribute = sai_thrift_attribute_t(id=SAI_ACL_TABLE_ATTR_STAGE, value=attribute_value) - acl_attr_list.append(attribute) - - #print "bbb" acl_table_id = client.sai_thrift_create_acl_table(acl_attr_list) - #print acl_table_id return acl_table_id -def sai_thrift_create_acl_entry(client, acl_table_id, +def sai_thrift_create_acl_entry(client, + acl_table_id, + entry_priority, action, addr_family, ip_src, ip_src_mask, ip_dst, ip_dst_mask, @@ -462,17 +481,18 @@ def sai_thrift_create_acl_entry(client, acl_table_id, ingress_mirror, egress_mirror): acl_attr_list = [] - #OID + #ACL table OID attribute_value = sai_thrift_attribute_value_t(oid=acl_table_id) attribute = sai_thrift_attribute_t(id=SAI_ACL_ENTRY_ATTR_TABLE_ID, value=attribute_value) acl_attr_list.append(attribute) #Priority - attribute_value = sai_thrift_attribute_value_t(aclfield=sai_thrift_acl_field_data_t(data = sai_thrift_acl_data_t(u32=10))) - attribute = sai_thrift_attribute_t(id=SAI_ACL_ENTRY_ATTR_PRIORITY, - value=attribute_value) - acl_attr_list.append(attribute) + if entry_priority != None: + attribute_value = sai_thrift_attribute_value_t(aclfield=sai_thrift_acl_field_data_t(data = sai_thrift_acl_data_t(u32=entry_priority))) + attribute = sai_thrift_attribute_t(id=SAI_ACL_ENTRY_ATTR_PRIORITY, + value=attribute_value) + acl_attr_list.append(attribute) #Ip source if ip_src != None: @@ -497,12 +517,14 @@ def sai_thrift_create_acl_entry(client, acl_table_id, value=attribute_value) acl_attr_list.append(attribute) + #Input port if in_port != None: attribute_value = sai_thrift_attribute_value_t(aclfield=sai_thrift_acl_field_data_t(data = sai_thrift_acl_data_t(oid=in_port))) attribute = sai_thrift_attribute_t(id=SAI_ACL_ENTRY_ATTR_FIELD_IN_PORT, value=attribute_value) acl_attr_list.append(attribute) + #Output port if out_port != None: attribute_value = sai_thrift_attribute_value_t(aclfield=sai_thrift_acl_field_data_t(data = sai_thrift_acl_data_t(oid=out_port))) attribute = sai_thrift_attribute_t(id=SAI_ACL_ENTRY_ATTR_FIELD_OUT_PORT, @@ -510,22 +532,23 @@ def sai_thrift_create_acl_entry(client, acl_table_id, acl_attr_list.append(attribute) #Packet action - if action == 1: - #Drop - attribute_value = sai_thrift_attribute_value_t(aclaction=sai_thrift_acl_action_data_t(parameter = sai_thrift_acl_data_t(u32=0))) - attribute = sai_thrift_attribute_t(id=SAI_ACL_ENTRY_ATTR_PACKET_ACTION, + if action != None: + attribute_value = sai_thrift_attribute_value_t(aclaction=sai_thrift_acl_action_data_t(parameter = sai_thrift_acl_data_t(u32=action))) + attribute = sai_thrift_attribute_t(id=SAI_ACL_ENTRY_ATTR_ACTION_PACKET_ACTION, value=attribute_value) acl_attr_list.append(attribute) - elif action == 2: - #Ingress mirroring - if ingress_mirror != None: - attribute_value = sai_thrift_attribute_value_t(aclaction=sai_thrift_acl_action_data_t(parameter = sai_thrift_acl_data_t(oid=ingress_mirror))) - attribute = sai_thrift_attribute_t(id=SAI_ACL_ENTRY_ATTR_ACTION_MIRROR_INGRESS, value=attribute_value) - acl_attr_list.append(attribute) - elif egress_mirror != None: - attribute_value = sai_thrift_attribute_value_t(aclaction=sai_thrift_acl_action_data_t(parameter = sai_thrift_acl_data_t(oid=egress_mirror))) - attribute = sai_thrift_attribute_t(id=SAI_ACL_ENTRY_ATTR_ACTION_MIRROR_EGRESS, value=attribute_value) - acl_attr_list.append(attribute) + + #Ingress mirroring + if ingress_mirror != None: + attribute_value = sai_thrift_attribute_value_t(aclfield=sai_thrift_acl_field_data_t(data = sai_thrift_acl_data_t(oid=ingress_mirror))) + attribute = sai_thrift_attribute_t(id=SAI_ACL_ENTRY_ATTR_ACTION_MIRROR_INGRESS, value=attribute_value) + acl_attr_list.append(attribute) + + #Egress mirroring + if egress_mirror != None: + attribute_value = sai_thrift_attribute_value_t(aclfield=sai_thrift_acl_field_data_t(data = sai_thrift_acl_data_t(oid=egress_mirror))) + attribute = sai_thrift_attribute_t(id=SAI_ACL_ENTRY_ATTR_ACTION_MIRROR_EGRESS, value=attribute_value) + acl_attr_list.append(attribute) acl_entry_id = client.sai_thrift_create_acl_entry(acl_attr_list) return acl_entry_id @@ -569,7 +592,7 @@ def sai_thrift_create_mirror_session(client, mirror_type, port, #vlan priority attribute5_value = sai_thrift_attribute_value_t(u16=vlan_priority) - attribute4 = sai_thrift_attribute_t(id=SAI_MIRROR_SESSION_ATTR_VLAN_PRI, + attribute5 = sai_thrift_attribute_t(id=SAI_MIRROR_SESSION_ATTR_VLAN_PRI, value=attribute5_value) mirror_attr_list.append(attribute5) elif mirror_type == SAI_MIRROR_TYPE_ENHANCED_REMOTE: