Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Create ACL table fails due to incorrect check for supported ACL actions #11235

Closed
rck-innovium opened this issue Jun 23, 2022 · 0 comments · Fixed by sonic-net/sonic-swss#2351
Closed

Create ACL table fails due to incorrect check for supported ACL actions #11235

rck-innovium opened this issue Jun 23, 2022 · 0 comments · Fixed by sonic-net/sonic-swss#2351
Assignees
@bingwang-ms

Comments

@rck-innovium
Copy link
Contributor

rck-innovium commented Jun 23, 2022
edited
Loading

The recent change to add mandatory ACL actions has a bug when checking whether the ACL action is supported or not.

Steps to reproduce:

CLI:
config acl add table DATA_EGRESS_IPV4_TEST L3 -s egress

Error:
Jun 23 02:23:09.467384 sonic-dut ERR swss#orchagent: :- validate: Action SAI_ACL_ACTION_TYPE_REDIRECT is not supported on table DATA_EGRESS_IPV4_TEST
Jun 23 02:23:09.467384 sonic-dut ERR swss#orchagent: :- doAclTableTask: Failed to create ACL table DATA_EGRESS_IPV4_TEST, invalid configuration

Root-cause:

Refer: https://github.com/Azure/sonic-swss/blob/ec57bf101651b838156780b93d3300bf16bb7f74/orchagent/aclorch.cpp#L2048

The code is wrongly checking counter_action instead of checking each of the actions in defaultAclActionList.

The right fix is:

diff --git a/orchagent/aclorch.cpp b/orchagent/aclorch.cpp
index c865a7f..9c47b6e 100644
--- a/orchagent/aclorch.cpp
+++ b/orchagent/aclorch.cpp
@@ -2016,7 +2016,7 @@ bool AclTable::addMandatoryActions()
         // Add the default action list
         for (auto action : defaultAclActionList[type.getName()][stage])
         {
-            if (m_pAclOrch->isAclActionSupported(stage, acl_action))
+            if (m_pAclOrch->isAclActionSupported(stage, action))
             {
                 SWSS_LOG_INFO("Added default action for table type %s stage %s",
                                     type.getName().c_str(),

Version

SONiC Software Version: SONiC.202111.Innovium.0-dirty-20220602.094004
Distribution: Debian 11.3
Kernel: 5.10.0-8-2-amd64
Build commit: ca284a1
Build date: Thu Jun 2 18:08:13 UTC 2022
Built by: builder@sonic-xxx
Platform: x86_64-wistron_sw_to3200k-r0
HwSKU: Wistron_sw_to3200k_32x100
ASIC: innovium
ASIC Count: 1
Serial Number: N/A
Model Number: N/A
Hardware Revision: N/A
Uptime: 10:40:32 up 10:26, 2 users, load average: 0.76, 0.55, 0.65
@prsunny prsunny transferred this issue from sonic-net/sonic-swss Jun 23, 2022
@rck-innovium rck-innovium mentioned this issue Jun 24, 2022
Merged
vivekrnv added a commit to vivekrnv/sonic-buildimage that referenced this issue Jun 24, 2022
@vivekrnv
[submodule]update sonic-swss submodule
be4d79b 
93af69c [PFC_WD] Avoid applying ZeroBuffer Profiles to ingress PG when a PFC storm is detected (sonic-net#2304)
37349cf [swssconfig] Optimize performance of swssconfig (sonic-net#2336)
84e9b07 [fdborch] fix heap-use-after-free in clearFdbEntry() (sonic-net#2353)
1b8bd94 Create ACL table fails due to incorrect check for supported ACL actions sonic-net#11235 (sonic-net#2351)
1ed0b4b [macsec] Refactor the logic of macsec name map (sonic-net#2348)
f88f992 [mock_tests] Add Sflow Orch UTs (sonic-net#2295)
ec57bf1 [macsec] Update macsec flex counter (sonic-net#2338)
6e0fc85 [ACL] Support stage particular match fields (sonic-net#2341)
efb4530 [orchagent, DTel]: report session support to set user vrf (sonic-net#2326)
d82874d Fix for "orchagent crashed when trying to delete fdb static entry with swssconfig sonic-net#11046" (sonic-net#2332)
0c789e6 Fix qos map test in vs test (sonic-net#2343)
1bb5070 Enhance mock test for dynamic buffer manager for port removing and qos reload flows (sonic-net#2262)
700492f [aclorch] Fix and simplify DTel watchlist tables and entries (sonic-net#2155)

Signed-off-by: Vivek Reddy Karri <vkarri@nvidia.com>
yxieca added a commit to yxieca/sonic-buildimage that referenced this issue Jun 25, 2022
@yxieca
[202205][swss][swss-common][linkmgrd] advance submodule head
945fc15 
swss:
* ad2d0ad 2022-06-24 | [PFC_WD] Avoid applying ZeroBuffer Profiles to ingress PG when a PFC storm is detected (sonic-net#2304) (HEAD -> 202205) [Vivek R]
* ef75554 2022-06-25 | [swssconfig] Optimize performance of swssconfig (sonic-net#2336) [Junchao-Mellanox]
* d9e9ba8 2022-06-24 | [fdborch] fix heap-use-after-free in clearFdbEntry() (sonic-net#2353) [Yakiv Huryk]
* 585a69b 2022-06-24 | Create ACL table fails due to incorrect check for supported ACL actions sonic-net#11235 (sonic-net#2351) [Ravindranath C K]
* 0d19560 2022-06-24 | [macsec] Refactor the logic of macsec name map (sonic-net#2348) [Junhua Zhai]
* 111dfc2 2022-06-23 | [macsec] Update macsec flex counter (sonic-net#2338) (HEAD -> 202205, github/202205) [Junhua Zhai]

swss-common:
* 0213d55 2022-06-23 | [portcounter] Check if counter ID exists before arithmetic operation  (sonic-net#632) (HEAD -> 202205, github/202205) [Junhua Zhai]
* c21c47e 2022-06-14 | [counter] Add counter table (sonic-net#622) [Junhua Zhai]

utilities:
* 430cd65 2022-06-23 | [202205] [generate dump] Move the Core/Log collection to the End of process Execution and removed default timeout  (sonic-net#2230) (github/202205) [Vivek R]

linkmgrd:
* 59334be 2022-06-24 | Remove exception throwing when initializing missing loopback interface (sonic-net#90) (HEAD -> 202205) [Jing Zhang]

Signed-off-by: Ying Xie <ying.xie@microsoft.com>
@yxieca yxieca mentioned this issue Jun 25, 2022
Merged
@jimmyzhai jimmyzhai mentioned this issue Jun 26, 2022
Merged
7 tasks
yxieca added a commit that referenced this issue Jun 27, 2022
@yxieca
[202205][swss][swss-common][linkmgrd] advance submodule head (#11254)
ae66e14 
swss:
* ad2d0ad 2022-06-24 | [PFC_WD] Avoid applying ZeroBuffer Profiles to ingress PG when a PFC storm is detected (#2304) (HEAD -> 202205) [Vivek R]
* ef75554 2022-06-25 | [swssconfig] Optimize performance of swssconfig (#2336) [Junchao-Mellanox]
* d9e9ba8 2022-06-24 | [fdborch] fix heap-use-after-free in clearFdbEntry() (#2353) [Yakiv Huryk]
* 585a69b 2022-06-24 | Create ACL table fails due to incorrect check for supported ACL actions #11235 (#2351) [Ravindranath C K]
* 0d19560 2022-06-24 | [macsec] Refactor the logic of macsec name map (#2348) [Junhua Zhai]
* 111dfc2 2022-06-23 | [macsec] Update macsec flex counter (#2338) (HEAD -> 202205, github/202205) [Junhua Zhai]

swss-common:
* 0213d55 2022-06-23 | [portcounter] Check if counter ID exists before arithmetic operation  (#632) (HEAD -> 202205, github/202205) [Junhua Zhai]
* c21c47e 2022-06-14 | [counter] Add counter table (#622) [Junhua Zhai]

utilities:
* 430cd65 2022-06-23 | [202205] [generate dump] Move the Core/Log collection to the End of process Execution and removed default timeout  (#2230) (github/202205) [Vivek R]

linkmgrd:
* 59334be 2022-06-24 | Remove exception throwing when initializing missing loopback interface (#90) (HEAD -> 202205) [Jing Zhang]

Signed-off-by: Ying Xie <ying.xie@microsoft.com>
jimmyzhai added a commit that referenced this issue Jun 27, 2022
@jimmyzhai
advance submodule sonic-swss (#11260)
d18ff26 
2022-06-24 93af69c: [PFC_WD] Avoid applying ZeroBuffer Profiles to ingress PG when a PFC storm is detected (sonic-net/sonic-swss#2304)
2022-06-24 37349cf: [swssconfig] Optimize performance of swssconfig (sonic-net/sonic-swss#2336)
2022-06-24 84e9b07: [fdborch] fix heap-use-after-free in clearFdbEntry() (sonic-net/sonic-swss#2353)
2022-06-24 1b8bd94: Create ACL table fails due to incorrect check for supported ACL actions #11235 (sonic-net/sonic-swss#2351)
2022-06-24 1ed0b4b: [macsec] Refactor the logic of macsec name map (sonic-net/sonic-swss#2348)
2022-06-23 f88f992: [mock_tests] Add Sflow Orch UTs (sonic-net/sonic-swss#2295)
2022-06-23 ec57bf1: [macsec] Update macsec flex counter (sonic-net/sonic-swss#2338)
2022-06-22 6e0fc85: [ACL] Support stage particular match fields (sonic-net/sonic-swss#2341)
2022-06-22 efb4530: [orchagent, DTel]: report session support to set user vrf (sonic-net/sonic-swss#2326)
2022-06-22 d82874d: Fix for "orchagent crashed when trying to delete fdb static entry with swssconfig #11046" (sonic-net/sonic-swss#2332)
2022-06-22 0c789e6: Fix qos map test in vs test (sonic-net/sonic-swss#2343)
2022-06-17 1bb5070: Enhance mock test for dynamic buffer manager for port removing and qos reload flows (sonic-net/sonic-swss#2262)
2022-06-16 700492f: [aclorch] Fix and simplify DTel watchlist tables and entries (sonic-net/sonic-swss#2155)
prsunny pushed a commit that referenced this issue Jun 28, 2022
@vivekrnv
[submodule]update sonic-swss submodule (#11253)
8dbfb0a 
Swss commits:

93af69c [PFC_WD] Avoid applying ZeroBuffer Profiles to ingress PG when a PFC storm is detected (#2304)
37349cf [swssconfig] Optimize performance of swssconfig (#2336)
84e9b07 [fdborch] fix heap-use-after-free in clearFdbEntry() (#2353)
1b8bd94 Create ACL table fails due to incorrect check for supported ACL actions #11235 (#2351)
1ed0b4b [macsec] Refactor the logic of macsec name map (#2348)
f88f992 [mock_tests] Add Sflow Orch UTs (#2295)
ec57bf1 [macsec] Update macsec flex counter (#2338)
6e0fc85 [ACL] Support stage particular match fields (#2341)
efb4530 [orchagent, DTel]: report session support to set user vrf (#2326)
d82874d Fix for "orchagent crashed when trying to delete fdb static entry with swssconfig #11046" (#2332)
0c789e6 Fix qos map test in vs test (#2343)
1bb5070 Enhance mock test for dynamic buffer manager for port removing and qos reload flows (#2262)
700492f [aclorch] Fix and simplify DTel watchlist tables and entries (#2155)

Signed-off-by: Vivek Reddy Karri <vkarri@nvidia.com>
robertvolkmann pushed a commit to robertvolkmann/sonic-buildimage that referenced this issue Jul 26, 2022
@yxieca @robertvolkmann
[202205][swss][swss-common][linkmgrd] advance submodule head (sonic-n…
5cf0399 
…et#11254)

swss:
* ad2d0ad 2022-06-24 | [PFC_WD] Avoid applying ZeroBuffer Profiles to ingress PG when a PFC storm is detected (sonic-net#2304) (HEAD -> 202205) [Vivek R]
* ef75554 2022-06-25 | [swssconfig] Optimize performance of swssconfig (sonic-net#2336) [Junchao-Mellanox]
* d9e9ba8 2022-06-24 | [fdborch] fix heap-use-after-free in clearFdbEntry() (sonic-net#2353) [Yakiv Huryk]
* 585a69b 2022-06-24 | Create ACL table fails due to incorrect check for supported ACL actions sonic-net#11235 (sonic-net#2351) [Ravindranath C K]
* 0d19560 2022-06-24 | [macsec] Refactor the logic of macsec name map (sonic-net#2348) [Junhua Zhai]
* 111dfc2 2022-06-23 | [macsec] Update macsec flex counter (sonic-net#2338) (HEAD -> 202205, github/202205) [Junhua Zhai]

swss-common:
* 0213d55 2022-06-23 | [portcounter] Check if counter ID exists before arithmetic operation  (sonic-net#632) (HEAD -> 202205, github/202205) [Junhua Zhai]
* c21c47e 2022-06-14 | [counter] Add counter table (sonic-net#622) [Junhua Zhai]

utilities:
* 430cd65 2022-06-23 | [202205] [generate dump] Move the Core/Log collection to the End of process Execution and removed default timeout  (sonic-net#2230) (github/202205) [Vivek R]

linkmgrd:
* 59334be 2022-06-24 | Remove exception throwing when initializing missing loopback interface (sonic-net#90) (HEAD -> 202205) [Jing Zhang]

Signed-off-by: Ying Xie <ying.xie@microsoft.com>
skbarista pushed a commit to skbarista/sonic-buildimage that referenced this issue Aug 17, 2022
@yxieca @skbarista
[202205][swss][swss-common][linkmgrd] advance submodule head (sonic-n…
3e02fa7 
…et#11254)

swss:
* ad2d0ad 2022-06-24 | [PFC_WD] Avoid applying ZeroBuffer Profiles to ingress PG when a PFC storm is detected (sonic-net#2304) (HEAD -> 202205) [Vivek R]
* ef75554 2022-06-25 | [swssconfig] Optimize performance of swssconfig (sonic-net#2336) [Junchao-Mellanox]
* d9e9ba8 2022-06-24 | [fdborch] fix heap-use-after-free in clearFdbEntry() (sonic-net#2353) [Yakiv Huryk]
* 585a69b 2022-06-24 | Create ACL table fails due to incorrect check for supported ACL actions sonic-net#11235 (sonic-net#2351) [Ravindranath C K]
* 0d19560 2022-06-24 | [macsec] Refactor the logic of macsec name map (sonic-net#2348) [Junhua Zhai]
* 111dfc2 2022-06-23 | [macsec] Update macsec flex counter (sonic-net#2338) (HEAD -> 202205, github/202205) [Junhua Zhai]

swss-common:
* 0213d55 2022-06-23 | [portcounter] Check if counter ID exists before arithmetic operation  (sonic-net#632) (HEAD -> 202205, github/202205) [Junhua Zhai]
* c21c47e 2022-06-14 | [counter] Add counter table (sonic-net#622) [Junhua Zhai]

utilities:
* 430cd65 2022-06-23 | [202205] [generate dump] Move the Core/Log collection to the End of process Execution and removed default timeout  (sonic-net#2230) (github/202205) [Vivek R]

linkmgrd:
* 59334be 2022-06-24 | Remove exception throwing when initializing missing loopback interface (sonic-net#90) (HEAD -> 202205) [Jing Zhang]

Signed-off-by: Ying Xie <ying.xie@microsoft.com>
vivekrnv pushed a commit to vivekrnv/sonic-buildimage that referenced this issue Aug 26, 2022
@rck-innovium
Create ACL table fails due to incorrect check for supported ACL actions
1b8bd94 
sonic-net#11235 (sonic-net#2351)

Signed-off-by: rck-innovium <rck@innovium.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@bingwang-ms bingwang-ms

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Create ACL table fails due to incorrect check for supported ACL actions rck-innovium/sonic-swss
2 participants
@rck-innovium @bingwang-ms