Sync to master

.github/ISSUE_TEMPLATE.md

@@ -0,0 +1,60 @@
+<!--
+If you are reporting a new issue, make sure that we do not have any duplicates
+already open. You can ensure this by searching the issue list for this
+repository. If there is a duplicate, please close your issue and add a comment
+to the existing issue instead.
+
+If you suspect your issue is a bug, please edit your issue description to
+include the BUG REPORT INFORMATION shown below. If you fail to provide this
+information within 7 days, we cannot debug your issue and will close it. We
+will, however, reopen it if you later provide the information.
+
+For more information about reporting issues, see
+https://github.com/Azure/SONiC/wiki#report-issues
+
+---------------------------------------------------
+GENERAL SUPPORT INFORMATION
+---------------------------------------------------
+
+The GitHub issue tracker is for bug reports and feature requests.
+General support can be found at the following locations:
+
+- SONiC Support Forums - https://groups.google.com/forum/#!forum/sonicproject
+
+---------------------------------------------------
+BUG REPORT INFORMATION
+---------------------------------------------------
+Use the commands below to provide key information from your environment:
+You do NOT have to include this information if this is a FEATURE REQUEST
+-->
+
+**Description**
+
+<!--
+Briefly describe the problem you are having in a few paragraphs.
+-->
+
+**Steps to reproduce the issue**
+1.
+2.
+3.
+
+**Describe the results you received**
+
+
+**Describe the results you expected**
+
+
+**Additional information you deem important (e.g. issue happens only occasionally)**
+
+
+**Output of `show version`**
+
+```
+(paste your output here)
+```
+
+<!--
+Also attach debug file produced by `sudo generate_dump`
+-->
+

.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,25 @@
+<!--
+Please make sure you've read and understood our contributing guidelines:
+https://github.com/Azure/SONiC/blob/gh-pages/CONTRIBUTING.md
+
+** Make sure all your commits include a signature generated with `git commit -s` **
+
+If this is a bug fix, make sure your description includes "closes #xxxx",
+"fixes #xxxx" or "resolves #xxxx" so that GitHub automatically closes the related
+issue when the PR is merged
+
+Please provide the following information:
+-->
+
+**- What I did**
+
+**- How I did it**
+
+**- How to verify it**
+
+**- Previous command output (if the output of a command-line utility has changed)**
+
+**- New command output (if the output of a command-line utility has changed)**
+
+-->
+

README.md

@@ -7,7 +7,7 @@ Command-line utilities for SONiC
 
 # Contribution guide
 
-All contributors must sign a contribution license agreement before contributions can be accepted.  Contact kasubra@microsoft.com or daloher@microsoft.com.  Later this will be automated.
+All contributors must sign a contribution license agreement (CLA) before contributions can be accepted. This process is now automated via a GitHub bot when submitting new pull request. If the contributor has not yet signed a CLA, the bot will create a comment on the pull request containing a link to electronically sign the CLA.
 
 ### GitHub Workflow
 
@@ -34,7 +34,7 @@ For example:
 >     * Health-Monitor - The idea of the patch is that if something went wrong with the notification channel, 
 >       we will have the option to know about it (Query the LLEN table length).
 >       
->       Signed-off-by: user@dev.null
+>       Signed-off-by: John Doe user@dev.null
 
 
 * Each developer should fork this repository and [add the team as a Contributor](https://help.github.com/articles/adding-collaborators-to-a-personal-repository)

acl_loader/main.py

@@ -1,16 +1,14 @@
-
 #!/usr/bin/env python
 
 import click
-import sys
-import os.path
 import json
-import argparse
 import tabulate
+from natsort import natsorted
 
 import openconfig_acl
 import pyangbind.lib.pybindJSON as pybindJSON
 from swsssdk import ConfigDBConnector
+from swsssdk import SonicV2Connector
 
 
 def info(msg):
@@ -43,6 +41,8 @@ class AclLoader(object):
 
     ACL_TABLE = "ACL_TABLE"
     ACL_RULE = "ACL_RULE"
+    ACL_TABLE_TYPE_MIRROR = "MIRROR"
+    ACL_TABLE_TYPE_CTRLPLANE = "CTRLPLANE"
     MIRROR_SESSION = "MIRROR_SESSION"
     SESSION_PREFIX = "everflow"
 
@@ -80,6 +80,8 @@ def __init__(self):
         self.sessions_db_info = {}
         self.configdb = ConfigDBConnector()
         self.configdb.connect()
+        self.appdb = SonicV2Connector()
+        self.appdb.connect(self.appdb.APPL_DB)
 
         self.read_tables_info()
         self.read_rules_info()
@@ -111,6 +113,11 @@ def read_sessions_info(self):
         :return:
         """
         self.sessions_db_info = self.configdb.get_table(self.MIRROR_SESSION)
+        for key in self.sessions_db_info.keys():
+            app_db_info = self.appdb.get_all(self.appdb.APPL_DB, "{}:{}".format(self.MIRROR_SESSION, key))
+
+            status = app_db_info.get("status", "inactive")
+            self.sessions_db_info[key]["status"] = status
 
     def get_sessions_db_info(self):
         """
@@ -156,11 +163,19 @@ def is_table_valid(self, tname):
 
     def is_table_mirror(self, tname):
         """
-        Check if ACL table type is MIRROR
+        Check if ACL table type is ACL_TABLE_TYPE_MIRROR
+        :param tname: ACL table name
+        :return: True if table type is ACL_TABLE_TYPE_MIRROR else False
+        """
+        return self.tables_db_info[tname]['type'].upper() == self.ACL_TABLE_TYPE_MIRROR
+
+    def is_table_control_plane(self, tname):
+        """
+        Check if ACL table type is ACL_TABLE_TYPE_CTRLPLANE
         :param tname: ACL table name
-        :return: True if table type is MIRROR else False
+        :return: True if table type is ACL_TABLE_TYPE_CTRLPLANE else False
         """
-        return self.tables_db_info[tname]['type'].upper() == "MIRROR"
+        return self.tables_db_info[tname]['type'].upper() == self.ACL_TABLE_TYPE_CTRLPLANE
 
     def load_rules_from_file(self, filename):
         """
@@ -176,7 +191,9 @@ def convert_action(self, table_name, rule_idx, rule):
         rule_props = {}
 
         if rule.actions.config.forwarding_action == "ACCEPT":
-            if self.is_table_mirror(table_name):
+            if self.is_table_control_plane(table_name):
+                rule_props["PACKET_ACTION"] = "ACCEPT"
+            elif self.is_table_mirror(table_name):
                 session_name = self.get_session_name()
                 if not session_name:
                     raise AclLoaderException("Mirroring session does not exist")
@@ -238,6 +255,15 @@ def convert_ipv4(self, table_name, rule_idx, rule):
         return rule_props
 
     def convert_port(self, port):
+        """
+        Convert port field format from openconfig ACL to Config DB schema
+        :param port: String, ACL port number or range in openconfig format
+        :return: Tuple, first value is converted port string,
+            second value is boolean, True if value is a port range, False
+            if it is a single port value
+        """
+        # OpenConfig port range is of the format "####..####", whereas
+        # Config DB format is "####-####"
         if ".." in port:
             return  port.replace("..", "-"), True
         else:
@@ -257,21 +283,21 @@ def convert_transport(self,  table_name, rule_idx, rule):
 
         for flag in rule.transport.config.tcp_flags:
             if flag == "TCP_FIN":
-                tcp_flags = tcp_flags | 0x01
+                tcp_flags |= 0x01
             if flag == "TCP_SYN":
-                tcp_flags = tcp_flags | 0x02
+                tcp_flags |= 0x02
             if flag == "TCP_RST":
-                tcp_flags = tcp_flags | 0x04
+                tcp_flags |= 0x04
             if flag == "TCP_PSH":
-                tcp_flags = tcp_flags | 0x08
+                tcp_flags |= 0x08
             if flag == "TCP_ACK":
-                tcp_flags = tcp_flags | 0x10
+                tcp_flags |= 0x10
             if flag == "TCP_URG":
-                tcp_flags = tcp_flags | 0x20
+                tcp_flags |= 0x20
             if flag == "TCP_ECE":
-                tcp_flags = tcp_flags | 0x40
+                tcp_flags |= 0x40
             if flag == "TCP_CWR":
-                tcp_flags = tcp_flags | 0x80
+                tcp_flags |= 0x80
 
         if tcp_flags:
             rule_props["TCP_FLAGS"] = '0x{:02x}/0x{:02x}'.format(tcp_flags, tcp_flags)
@@ -307,7 +333,7 @@ def deny_rule(self, table_name):
         rule_props = {}
         rule_data = {(table_name, "DEFAULT_RULE"): rule_props}
         rule_props["PRIORITY"] = self.min_priority
-        rule_props["ETHER_TYPE"] = "0x0800"
+        rule_props["ETHER_TYPE"] = self.ethertype_map["ETHERTYPE_IPV4"]
         rule_props["PACKET_ACTION"] = "DROP"
         return rule_data
 
@@ -339,9 +365,9 @@ def full_update(self):
         :return:
         """
         for key in self.rules_db_info.keys():
-            self.configdb.set_entry(self.ACL_RULE, key, None)
+            self.configdb.mod_entry(self.ACL_RULE, key, None)
 
-        self.configdb.set_config({self.ACL_RULE: self.rules_info})
+        self.configdb.mod_config({self.ACL_RULE: self.rules_info})
 
     def incremental_update(self):
         """
@@ -358,15 +384,28 @@ def incremental_update(self):
         existing_rules = new_rules.intersection(current_rules)
 
         for key in removed_rules:
-            self.configdb.set_entry(self.ACL_RULE, key, None)
+            self.configdb.mod_entry(self.ACL_RULE, key, None)
 
         for key in added_rules:
-            self.configdb.set_entry(self.ACL_RULE, key, self.rules_info[key])
+            self.configdb.mod_entry(self.ACL_RULE, key, self.rules_info[key])
 
         for key in existing_rules:
             if cmp(self.rules_info[key], self.rules_db_info[key]):
-                self.configdb.set_entry(self.ACL_RULE, key, None)
-                self.configdb.set_entry(self.ACL_RULE, key, self.rules_info[key])
+                self.configdb.mod_entry(self.ACL_RULE, key, None)
+                self.configdb.mod_entry(self.ACL_RULE, key, self.rules_info[key])
+
+
+    def delete(self, table=None, rule=None):
+        """
+        :param table:
+        :param rule:
+        :return:
+        """
+        for key in self.rules_db_info.iterkeys():
+            if not table or table == key[0]:
+                if not rule or rule == key[1]:
+                    self.configdb.set_entry(self.ACL_RULE, key, None)
+
 
     def show_table(self, table_name):
         """
@@ -384,7 +423,7 @@ def show_table(self, table_name):
             if not val["ports"]:
                 data.append([key, val["type"], "", val["policy_desc"]])
             else:
-                ports = sorted(val["ports"], )
+                ports = natsorted(val["ports"])
                 data.append([key, val["type"], ports[0], val["policy_desc"]])
 
                 if len(ports) > 1:
@@ -399,14 +438,14 @@ def show_session(self, session_name):
         :param session_name: Optional. Mirror session name. Filter sessions by specified name.
         :return:
         """
-        header = ("Name", "SRC IP", "DST IP", "GRE", "DSCP", "TTL", "Queue")
+        header = ("Name", "Status", "SRC IP", "DST IP", "GRE", "DSCP", "TTL", "Queue")
 
         data = []
         for key, val in self.get_sessions_db_info().iteritems():
             if session_name and key != session_name:
                 continue
 
-            data.append([key, val["src_ip"], val["dst_ip"],
+            data.append([key, val["status"], val["src_ip"], val["dst_ip"],
                          val.get("gre_type", ""), val.get("dscp", ""),
                          val.get("ttl", ""), val.get("queue", "")])
 
@@ -419,7 +458,7 @@ def show_rule(self, table_name, rule_id):
         :param rule_id: Optional. ACL rule name. Filter rule by specified rule name.
         :return:
         """
-        header = ("Rule ID", "Table Name", "Priority", "Action", "Match")
+        header = ("Rule ID", "Rule Name", "Priority", "Action", "Match")
 
         ignore_list = ["PRIORITY", "PACKET_ACTION", "MIRROR_ACTION"]
 
@@ -576,6 +615,19 @@ def incremental(ctx, filename, session_name, max_priority):
     acl_loader.incremental_update()
 
 
+@cli.command()
+@click.argument('table', required=False)
+@click.argument('rule', required=False)
+@click.pass_context
+def delete(ctx, table, rule):
+    """
+    Delete ACL rules.
+    """
+    acl_loader = ctx.obj["acl_loader"]
+
+    acl_loader.delete(table, rule)
+
+
 if __name__ == "__main__":
     try:
         cli()