Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[202205] Added changes in caclmgrd for chassis #14816

Merged
merged 1 commit into from
May 2, 2023
Merged

[202205] Added changes in caclmgrd for chassis #14816

merged 1 commit into from
May 2, 2023

Conversation

abdosi
Copy link
Contributor

@abdosi abdosi commented Apr 24, 2023

What/Why I did:

  1. Allow traffic with source and destination as chassis eth1-midplane ip. Needed for Supervisor Redis-db connection (Redis packet has source and destination ip as eth1-midpane) after we load acl.json that has catch-all drop rule. Changes are generic and not specific to supervisor and applies on LC also.

  2. Made multi_asic_ns_to_host_fwd as False for ACL service for External Client. This flag is needed for service SSH and SNMP where traffic can come in namespace over front-panel ports and we need to send the traffic in host where corresponding docker/service are running. There is no use-case of External client service for multi-asic as of now. Having flag as True creates failure when we try to load acl.json.

How I verify:
Manual Verification
UT updated accordingly.

@abdosi
Added changes for chassis:
33ea0cf 
1. Allow traffic with source and destination as chassis eth1-midplane ip.
Needed for Supervisor Redis-db connection after we load acl.json that
has catch-all drop rule

2. Made multi_asic_ns_to_host_fwd as False for ACL service for External
Client. This flag is needed for service SSH and SNMP where traffic can
come in namespace over front-panel ports and we need to send the traffic
in host where corresponding docker/service are running. There is no
use-case of External client service for multi-asic as of now. Having
flag as True creates failure when we try to load acl.json.

Signed-off-by: Abhishek Dosi <abdosi@microsoft.com>
@abdosi abdosi requested a review from lguohan as a code owner April 24, 2023 02:33
@abdosi abdosi changed the title Added changes in caclmgrd for chassis [202205] Added changes in caclmgrd for chassis Apr 24, 2023
@abdosi abdosi requested a review from judyjoseph April 24, 2023 02:33
@abdosi abdosi merged commit 9ca6b9c into sonic-net:202205 May 2, 2023
@abdosi abdosi deleted the midplane branch May 2, 2023 17:55
@rlhui
Copy link
Contributor

rlhui commented May 5, 2023

Thanks. Please add comments why this PR is on 202205 only. Is there another PR for master and how about 202211 branch?

@mlok-nokia mlok-nokia mentioned this pull request May 26, 2023
Closed
6 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@judyjoseph judyjoseph judyjoseph approved these changes

@lguohan lguohan Awaiting requested review from lguohan lguohan is a code owner

Assignees

@abdosi abdosi

Labels
None yet
Projects
SONiC Chassis
Archived in project
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@abdosi @rlhui @judyjoseph