From 078fdbb100b54e17a7971d17e06ba9058c5e69f0 Mon Sep 17 00:00:00 2001
From: Andriy Yurkiv <ayurkiv@nvidia.com>
Date: Tue, 29 Nov 2022 16:08:50 +0200
Subject: [PATCH] ACL fix proposal

Signed-off-by: Andriy Yurkiv <ayurkiv@nvidia.com>
---
 orchagent/aclorch.cpp |  1 +
 orchagent/aclorch.h   |  1 +
 orchagent/muxorch.cpp | 13 ++++++++++---
 3 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/orchagent/aclorch.cpp b/orchagent/aclorch.cpp
index c34ef4d338..b3866532bd 100644
--- a/orchagent/aclorch.cpp
+++ b/orchagent/aclorch.cpp
@@ -3078,6 +3078,7 @@ void AclOrch::initDefaultTableTypes()
         builder.withName(TABLE_TYPE_DROP)
             .withBindPointType(SAI_ACL_BIND_POINT_TYPE_PORT)
             .withMatch(make_shared<AclTableMatch>(SAI_ACL_TABLE_ATTR_FIELD_TC))
+            .withMatch(make_shared<AclTableMatch>(SAI_ACL_TABLE_ATTR_FIELD_IN_PORTS))
             .build()
     );
 
diff --git a/orchagent/aclorch.h b/orchagent/aclorch.h
index 737f5516a0..a7ca25ee84 100644
--- a/orchagent/aclorch.h
+++ b/orchagent/aclorch.h
@@ -92,6 +92,7 @@
 
 #define MLNX_MAX_RANGES_COUNT   16
 #define INGRESS_TABLE_DROP      "IngressTableDrop"
+#define EGRESS_TABLE_DROP       "EgressTableDrop"
 #define RULE_OPER_ADD           0
 #define RULE_OPER_DELETE        1
 
diff --git a/orchagent/muxorch.cpp b/orchagent/muxorch.cpp
index 296d5a3cf3..74cb8f715b 100644
--- a/orchagent/muxorch.cpp
+++ b/orchagent/muxorch.cpp
@@ -49,6 +49,13 @@ extern sai_router_interface_api_t* sai_router_intfs_api;
 #define MUX_HW_STATE_UNKNOWN "unknown"
 #define MUX_HW_STATE_ERROR "error"
 
+
+static inline bool isIngressAcl()
+{
+    string platform = getenv("platform") ? getenv("platform") : "";
+    return platform != MLNX_PLATFORM_SUBSTRING;
+}
+
 const map<std::pair<MuxState, MuxState>, MuxStateChange> muxStateTransition =
 {
     { { MuxState::MUX_STATE_INIT, MuxState::MUX_STATE_ACTIVE}, MuxStateChange::MUX_STATE_INIT_ACTIVE
@@ -753,7 +760,7 @@ MuxAclHandler::MuxAclHandler(sai_object_id_t port, string alias)
     SWSS_LOG_ENTER();
 
     // There is one handler instance per MUX port
-    string table_name = MUX_ACL_TABLE_NAME;
+    string table_name = isIngressAcl() ? MUX_ACL_TABLE_NAME : EGRESS_TABLE_DROP;
     string rule_name = MUX_ACL_RULE_NAME;
 
     port_ = port;
@@ -791,7 +798,7 @@ MuxAclHandler::MuxAclHandler(sai_object_id_t port, string alias)
 MuxAclHandler::~MuxAclHandler(void)
 {
     SWSS_LOG_ENTER();
-    string table_name = MUX_ACL_TABLE_NAME;
+    string table_name = isIngressAcl() ? MUX_ACL_TABLE_NAME : EGRESS_TABLE_DROP;
     string rule_name = MUX_ACL_RULE_NAME;
 
     SWSS_LOG_NOTICE("Un-Binding port %" PRIx64 "", port_);
@@ -837,7 +844,7 @@ void MuxAclHandler::createMuxAclTable(sai_object_id_t port, string strTable)
     auto dropType = gAclOrch->getAclTableType(TABLE_TYPE_DROP);
     assert(dropType);
     acl_table.validateAddType(*dropType);
-    acl_table.stage = ACL_STAGE_INGRESS;
+    acl_table.stage = isIngressAcl() ? ACL_STAGE_INGRESS : ACL_STAGE_EGRESS;
     gAclOrch->addAclTable(acl_table);
     bindAllPorts(acl_table);
 }