Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[minigraph parser]: Allow to bind ACL table to LAGs and VLANs. #1040

Closed
wants to merge 1 commit into from
Closed

[minigraph parser]: Allow to bind ACL table to LAGs and VLANs. #1040

wants to merge 1 commit into from

Conversation

oleksandrivantsiv
Copy link
Collaborator

- What I did
Allowed to bind ACL table to LAGs and VLANs.
Denied to bind ACL table to LAG members.

@oleksandrivantsiv
Copy link
Collaborator Author

Please do not merge. Depends on sonic-net/sonic-swss#349

@oleksandrivantsiv
Copy link
Collaborator Author

retest this please

1 similar comment
@lguohan
Copy link
Collaborator

lguohan commented Oct 25, 2017

retest this please


acl_intfs = [p for p in port_alias_map.values() if p not in deny_list]
acl_intfs += pcs.keys()
acl_intfs += vlans.keys()
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

acl_intfs += vlans.keys() [](start = 20, length = 25)

for erspan rules, I think we should still allow the acl to be bind to the member ports.

The thing I agree is that when a port belongs to a lag, we can only bind the acl to the lag instead of the port. But this should not be extended to vlan and vlan member.

Copy link
Collaborator

@lguohan lguohan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

as comments.

yxieca added a commit to yxieca/sonic-buildimage that referenced this pull request Sep 9, 2019
Submodule src/sonic-sairedis 4ee82cb..1cf2eea:
  > Add acl counter match logic based on acl entry field (sonic-net#511)
  > Add specific comparison logic for ACL counter (sonic-net#484)

Submodule src/sonic-swss 46bc1f4..660530e:
  > Fix VLAN error introduced with new 4.9 kernel behavior (sonic-net#1001)
  > Warmboot Vlan neigh restore fix (sonic-net#1040)

Submodule src/sonic-utilities 11b4cf1..f76fc2c:
  > [warm reboot] Skip ASIC config pre-check if current image does not support it (sonic-net#637)
  > [FastReboot]: Send SIGINT to all teamd before stop (sonic-net#633)
  > [warm/fast reboot] provide strict option to prevent warm reboot under certain conditions (sonic-net#631)

Signed-off-by: Ying Xie <ying.xie@microsoft.com>
yxieca added a commit that referenced this pull request Sep 10, 2019
Submodule src/sonic-sairedis 4ee82cb..1cf2eea:
  > Add acl counter match logic based on acl entry field (#511)
  > Add specific comparison logic for ACL counter (#484)

Submodule src/sonic-swss 46bc1f4..660530e:
  > Fix VLAN error introduced with new 4.9 kernel behavior (#1001)
  > Warmboot Vlan neigh restore fix (#1040)

Submodule src/sonic-utilities 11b4cf1..f76fc2c:
  > [warm reboot] Skip ASIC config pre-check if current image does not support it (#637)
  > [FastReboot]: Send SIGINT to all teamd before stop (#633)
  > [warm/fast reboot] provide strict option to prevent warm reboot under certain conditions (#631)

Signed-off-by: Ying Xie <ying.xie@microsoft.com>
lguohan pushed a commit that referenced this pull request Oct 20, 2019
Sonic-swss-common:

aaa8133 - 2019-10-12 : Add VRF object table in state_db (#312) [Tyler Li]
91aceb1 - 2019-10-11 : [schema] Update schema to support debug counters (#308) [Danny Allen]
9bcd5ca - 2019-09-28 : [multi-DB] fix vs test, should NOT replace old DBConnector API with new DBConnector API since vs test docker has no database_config.josn (#311) [Dong Zhang]
599155a - 2019-09-25 : [multi-DB] Part 2: C++ interface API changes / swsscommon unit test / LOGLEVEL_DB apply new API (#301) [Dong Zhang]
379ac73 - 2019-09-20 : add bulkremove for consumer_table_pops.lua (#306) [Dong Zhang]
6b805d3 - 2019-09-19 : timerfd return 0 with errno =0 - handle as False alarm. (#302) [Renuka Manavalan]
e455891 - 2019-09-03 : Add VLAN_SUB_INTERFACE in CONFIG_DB schema (#284) [Wenda Ni]

Sonic-swss

731a8f5 - 2019-10-17 : [copporch]: fix the endless loop problem when removing copp table group. (#1038) [wangshengjun]
1623219 - 2019-10-14 : Enable C++ unit test during build (#1092) [Qi Luo]
629c9d3 - 2019-10-14 : [vstest]: Revert back to 2 sec, and check if we got more than expected number of syslogs (#1091) [Prince Sunny]
80b2ace - 2019-10-11 : sonic-swss/orchagent: Add new protocol trap name support (#1087) [jpxjlrldgit]
9f765f7 - 2019-10-11 : [aclorch]: Check for existing mirror table only when creating a new table (#1089) [Danny Allen]
4c10260 - 2019-10-11 : [vstest]: Update Route test to check for added entry (#1088) [Prince Sunny]
e658b64 - 2019-10-11 : [chassisorch]: Add everflow feature for chassis (#1024) [Ze Gan]
5b13387 - 2019-10-10 : [changelog]: Revert changelog that was done for passing VS test. (#1080) [Prince Sunny]
90a690d - 2019-10-10 : [aclorch]: Simplify the TCP flags matching code and support exact value match (#1072) [Shuotian Cheng]
3461710 - 2019-10-09 : Single VRF for ingress and egress flows, skip route replication (#1045) [Prince Sunny]
953474a - 2019-10-03 : [swss]: Do not use namespace in header files (#1081) [Wenda Ni]
bd36751 - 2019-10-03 : Change nexthop key to ip & ifname (#977) [tylerlinp]
fee1aaa - 2019-10-02 : [teamsyncd]: Check if LAG exists before removing (#1069) [Shuotian Cheng]
175f3de - 2019-09-30 : Update ECMP NHopGroup for Port Channel oper down (#1030) [Sumukha Tumkur Vani]
182940d - 2019-09-26 : [mirrororch]: Remove mirror session state after it is remvoed (#1066) [Shuotian Cheng]
d823dd1 - 2019-09-20 : [MirrorOrch]: Mirror Session Retention across Warm Reboot (#1054) [Shuotian Cheng]
a5b6e7c - 2019-09-19 : Ignore link local neighbors (#1065) [Prince Sunny]
0ddaba3 - 2019-09-19 : Adopt to signature change of Selectable::readData, which switched (#1061) [Renuka Manavalan]
543bd98 - 2019-09-18 : [aclorch]: Fix table name in counter table for mirror rules (#1060) [Shuotian Cheng]
12c29b4 - 2019-09-19 : Cannot ping to link-local ipv6 interface address of the switch. (#774) [Kiran Kumar Kella]
4d8e08d - 2019-09-18 : change in fpmsyncd to skip the lookup for the Master device name if the route object table value is zero (#1048) [Arvindsrinivasan Lakshmi narasimhan]
da514f5 - 2019-09-18 : Do not update lag mtu from teamsyncd (netlink) (#1053) [Prince Sunny]
3fb22e1 - 2019-09-16 : Check warmboot flag during initialization (#1057) [Prince Sunny]
d98d1e9 - 2019-09-16 : [aclorch]: Egress mirror action support and action ASIC support check (#963) [Stepan Blyshchak]
313ef5c - 2019-09-09 : Warmboot Vlan neigh restore fix (#1040) [Prince Sunny]
5841e06 - 2019-09-06 : Add dot1p to tc mapping support (#871) [Wenda Ni]
39fe568 - 2019-08-30 : [aclorch]: Revise ACL rule creation/removal logs (#1042) [Shuotian Cheng]
c461911 - 2019-08-27 : [copporch]: Fix the typo - mld_v1_done (#1037) [wangshengjun]
34915de - 2019-08-22 : [portsyncd]: Add default catch block in portsyncd (#1033) [SuvarnaMeenakshi]
dc81a21 - 2019-08-20 : [vnet]: Fix FDB related failure in "vnet_bitmap" virtual switch test (#1034) [Volodymyr Samotiy]
5ae4226 - 2019-08-19 : [test]: Adjust stale timer for warm-reboot neighborsync test cases (#1031) [zhenggen-xu]
65cbd55 - 2019-08-16 : [build]: Fix compiling warnings using ARM 32 bit compiler (#1015) [arheneus@marvell.com]
b611808 - 2019-08-16 : [Orchagent]: Fixbug segmentfault at routeorch (#1025) [Ze Gan]
madhanmellanox pushed a commit to madhanmellanox/sonic-buildimage that referenced this pull request Mar 23, 2020
* Send arp request after first Vlan member port is added

* Add wait logic after Vlan member add, nbrmgr to wait for restore complete

* Address comment to pass db as a parameter and open only once
abdosi added a commit that referenced this pull request Aug 14, 2020
 [201911][Python] Migrate applications/scripts to import sonic-py-common
 package (#1040)

Signed-off-by: Abhishek Dosi <abdosi@microsoft.com>
@lguohan lguohan mentioned this pull request Jun 11, 2022
6 tasks
lguohan added a commit to lguohan/sonic-buildimage that referenced this pull request Jun 14, 2022
* 48cccb4 2022-06-13 | do not use sai_query_api_version if vendor sai does not support in VendorSai.cpp (sonic-net#1064) (HEAD, origin/master, origin/HEAD) [Guohan Lu]
* 9b0f773 2022-06-13 | [vslib]: Fixbug in cleanup MACsec device (sonic-net#1059) [Ze Gan]
* cdf9427 2022-06-11 | No sai api version check if vendor sai does not support (sonic-net#1063) (HEAD, origin/master, origin/HEAD) [Guohan Lu]
* 3964cf1 2022-06-09 | [counter] Fix port flex counter  (sonic-net#1052) [Junhua Zhai]
* 2231b7a 2022-06-03 | Purge package sonic-db-cli which depends on libswsscommon (sonic-net#1057) [Qi Luo]
* 7aa09b9 2022-06-01 | Set PR diff code coverage threshold to 80% (sonic-net#1039) [Kamil Cudnik]
* 66a29bc 2022-05-18 | [syncd] Use vendor SAI instead of direct SAI api (sonic-net#1042) [Kamil Cudnik]
* 564bea7 2022-05-18 | [ci] Paralize azure pipeline (sonic-net#1040) [Shilong Liu]
* 57ed180 2022-05-17 | [configure.ac] implement SAI API version check (sonic-net#1000) [Stepan Blyshchak]
* 8894dc7 2022-05-17 | vslib: add support for read-only port capabilities (sonic-net#1038) [Dante (Kuo-Jung) Su]
* 42af975 2022-04-29 | [vslib]: Update packet number of MACsec SA at runtime (sonic-net#1007) [Ze Gan]

Signed-off-by: Guohan Lu <lguohan@gmail.com>
Pterosaur added a commit to Pterosaur/sonic-buildimage that referenced this pull request Jun 14, 2022
b13d7d2 [debian/rules] Fail on script error during package build (sonic-net#1050)
48cccb4 do not use sai_query_api_version if vendor sai does not support in VendorSai.cpp (sonic-net#1064)
9b0f773 [vslib]: Fixbug in cleanup MACsec device (sonic-net#1059)
cdf9427 No sai api version check if vendor sai does not support (sonic-net#1063)
3964cf1 [counter] Fix port flex counter  (sonic-net#1052)
2231b7a Purge package sonic-db-cli which depends on libswsscommon (sonic-net#1057)
7aa09b9 Set PR diff code coverage threshold to 80% (sonic-net#1039)
66a29bc [syncd] Use vendor SAI instead of direct SAI api (sonic-net#1042)
564bea7 [ci] Paralize azure pipeline (sonic-net#1040)
57ed180 [configure.ac] implement SAI API version check (sonic-net#1000)
8894dc7 vslib: add support for read-only port capabilities (sonic-net#1038)
42af975 [vslib]: Update packet number of MACsec SA at runtime (sonic-net#1007)

Signed-off-by: Ze Gan <ganze718@gmail.com>
lguohan added a commit that referenced this pull request Jun 14, 2022
* 48cccb4 2022-06-13 | do not use sai_query_api_version if vendor sai does not support in VendorSai.cpp (#1064) (HEAD, origin/master, origin/HEAD) [Guohan Lu]
* 9b0f773 2022-06-13 | [vslib]: Fixbug in cleanup MACsec device (#1059) [Ze Gan]
* cdf9427 2022-06-11 | No sai api version check if vendor sai does not support (#1063) (HEAD, origin/master, origin/HEAD) [Guohan Lu]
* 3964cf1 2022-06-09 | [counter] Fix port flex counter  (#1052) [Junhua Zhai]
* 2231b7a 2022-06-03 | Purge package sonic-db-cli which depends on libswsscommon (#1057) [Qi Luo]
* 7aa09b9 2022-06-01 | Set PR diff code coverage threshold to 80% (#1039) [Kamil Cudnik]
* 66a29bc 2022-05-18 | [syncd] Use vendor SAI instead of direct SAI api (#1042) [Kamil Cudnik]
* 564bea7 2022-05-18 | [ci] Paralize azure pipeline (#1040) [Shilong Liu]
* 57ed180 2022-05-17 | [configure.ac] implement SAI API version check (#1000) [Stepan Blyshchak]
* 8894dc7 2022-05-17 | vslib: add support for read-only port capabilities (#1038) [Dante (Kuo-Jung) Su]
* 42af975 2022-04-29 | [vslib]: Update packet number of MACsec SA at runtime (#1007) [Ze Gan]

Signed-off-by: Guohan Lu <lguohan@gmail.com>
taras-keryk pushed a commit to taras-keryk/sonic-buildimage that referenced this pull request Jul 22, 2022
1. Setup pipeline without manual effort when checkout new release branch.
2. Use correct branch when downloading artifacts or checkout relative repos.
3. Clear downloaded artifacts to avoid using outdated dependencies.
4. Use commonlib pipeline to download libnl3 and libyang instead of vs image build, to increase success rate.
5. Add weekly build to keep artifacts remaining.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants