From 7ecc849e6ddaa3dd43caaa8d3b8992ad2efa7156 Mon Sep 17 00:00:00 2001 From: Danny Allen Date: Tue, 7 Jul 2020 05:22:58 -0700 Subject: [PATCH] [aclorch] Use IPv6 Next Header internally for protocol number on MLNX platform (#1343) * [aclorch] Use IPv6 Next Header internally for protocol number on MLNX platform Signed-off-by: Danny Allen --- orchagent/aclorch.cpp | 34 ++++++++++++++++++++++++++---- orchagent/aclorch.h | 1 + tests/test_mirror_ipv6_separate.py | 2 +- 3 files changed, 32 insertions(+), 5 deletions(-) diff --git a/orchagent/aclorch.cpp b/orchagent/aclorch.cpp index 11c52c63fecf..f64e6b21cc16 100644 --- a/orchagent/aclorch.cpp +++ b/orchagent/aclorch.cpp @@ -44,6 +44,7 @@ acl_rule_attr_lookup_t aclMatchLookup = { MATCH_L4_DST_PORT, SAI_ACL_ENTRY_ATTR_FIELD_L4_DST_PORT }, { MATCH_ETHER_TYPE, SAI_ACL_ENTRY_ATTR_FIELD_ETHER_TYPE }, { MATCH_IP_PROTOCOL, SAI_ACL_ENTRY_ATTR_FIELD_IP_PROTOCOL }, + { MATCH_NEXT_HEADER, SAI_ACL_ENTRY_ATTR_FIELD_IPV6_NEXT_HEADER }, { MATCH_TCP_FLAGS, SAI_ACL_ENTRY_ATTR_FIELD_TCP_FLAGS }, { MATCH_IP_TYPE, SAI_ACL_ENTRY_ATTR_FIELD_ACL_IP_TYPE }, { MATCH_DSCP, SAI_ACL_ENTRY_ATTR_FIELD_DSCP }, @@ -301,7 +302,7 @@ bool AclRule::validateAddMatch(string attr_name, string attr_value) value.aclfield.mask.u8 = 0x3F; } } - else if (attr_name == MATCH_IP_PROTOCOL) + else if (attr_name == MATCH_IP_PROTOCOL || attr_name == MATCH_NEXT_HEADER) { value.aclfield.data.u8 = to_uint(attr_value); value.aclfield.mask.u8 = 0xFF; @@ -385,6 +386,17 @@ bool AclRule::validateAddMatch(string attr_name, string attr_value) return false; } + // NOTE: Temporary workaround to support matching protocol numbers on MLNX platform. + // In a later SAI version we will transition to using NEXT_HEADER for IPv6 on all platforms. + auto platform_env_var = getenv("platform"); + string platform = platform_env_var ? platform_env_var: ""; + if ((m_tableType == ACL_TABLE_MIRRORV6 || m_tableType == ACL_TABLE_L3V6) + && platform == MLNX_PLATFORM_SUBSTRING + && attr_name == MATCH_IP_PROTOCOL) + { + attr_name = MATCH_NEXT_HEADER; + } + m_matches[aclMatchLookup[attr_name]] = value; return true; @@ -1324,9 +1336,23 @@ bool AclTable::create() attr.value.booldata = true; table_attrs.push_back(attr); - attr.id = SAI_ACL_TABLE_ATTR_FIELD_IP_PROTOCOL; - attr.value.booldata = true; - table_attrs.push_back(attr); + // NOTE: Temporary workaround to support matching protocol numbers on MLNX platform. + // In a later SAI version we will transition to using NEXT_HEADER for IPv6 on all platforms. + auto platform_env_var = getenv("platform"); + string platform = platform_env_var ? platform_env_var: ""; + if ((type == ACL_TABLE_MIRRORV6 || type == ACL_TABLE_L3V6) + && platform == MLNX_PLATFORM_SUBSTRING) + { + attr.id = SAI_ACL_TABLE_ATTR_FIELD_IPV6_NEXT_HEADER; + attr.value.booldata = true; + table_attrs.push_back(attr); + } + else + { + attr.id = SAI_ACL_TABLE_ATTR_FIELD_IP_PROTOCOL; + attr.value.booldata = true; + table_attrs.push_back(attr); + } /* * Type of Tables and Supported Match Types (ASIC database) diff --git a/orchagent/aclorch.h b/orchagent/aclorch.h index 1f6d963b5dc8..5c6dab90a5b5 100644 --- a/orchagent/aclorch.h +++ b/orchagent/aclorch.h @@ -45,6 +45,7 @@ #define MATCH_L4_DST_PORT "L4_DST_PORT" #define MATCH_ETHER_TYPE "ETHER_TYPE" #define MATCH_IP_PROTOCOL "IP_PROTOCOL" +#define MATCH_NEXT_HEADER "NEXT_HEADER" #define MATCH_TCP_FLAGS "TCP_FLAGS" #define MATCH_IP_TYPE "IP_TYPE" #define MATCH_DSCP "DSCP" diff --git a/tests/test_mirror_ipv6_separate.py b/tests/test_mirror_ipv6_separate.py index d8f25fe36e64..9fd733b65aa0 100644 --- a/tests/test_mirror_ipv6_separate.py +++ b/tests/test_mirror_ipv6_separate.py @@ -231,7 +231,7 @@ def test_MirrorV6TableCreation(self, dvs, testlog): # dscp mirror tables. expected_sai_attributes = [ "SAI_ACL_TABLE_ATTR_FIELD_ACL_IP_TYPE", - "SAI_ACL_TABLE_ATTR_FIELD_IP_PROTOCOL", + "SAI_ACL_TABLE_ATTR_FIELD_IPV6_NEXT_HEADER", # NOTE: We use the MLNX2700 VS implementation for this test suite. "SAI_ACL_TABLE_ATTR_FIELD_SRC_IPV6", "SAI_ACL_TABLE_ATTR_FIELD_DST_IPV6", "SAI_ACL_TABLE_ATTR_FIELD_ICMPV6_TYPE",