From 5c59002e4ca47cc8d799ede6557a26e557baca85 Mon Sep 17 00:00:00 2001 From: chaos_kao Date: Thu, 28 Jan 2021 13:22:31 +0800 Subject: [PATCH 1/3] Protected interface should not be removed, which bind into ACL table. What I did: Use reference count for protect interface, If interface bind to ACL the reference will increase and vice versa. Why I did it: If interface bind to ACL and remove LAG causes the ACL rule become global rule to match all interfaces. How I verified it: Run the pytest check ACL and Port test case passed. --- orchagent/portsorch.cpp | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/orchagent/portsorch.cpp b/orchagent/portsorch.cpp index 104aeb57f4..38ac3f26e6 100755 --- a/orchagent/portsorch.cpp +++ b/orchagent/portsorch.cpp @@ -1247,6 +1247,12 @@ bool PortsOrch::unbindAclTable(sai_object_id_t port_oid, return false; } + auto it = portOidToName.find(port_oid); + if (it != portOidToName.end()) + { + decreasePortRefCount(it->second); + } + if (!unbindRemoveAclTableGroup(port_oid, acl_table_oid, acl_stage)) { return false; } @@ -1307,6 +1313,12 @@ bool PortsOrch::bindAclTable(sai_object_id_t port_oid, return false; } + auto it = portOidToName.find(port_oid); + if (it != portOidToName.end()) + { + increasePortRefCount(it->second); + } + return true; } From 5dec09361df2604ed0dd004e856f91c9b1c06fb6 Mon Sep 17 00:00:00 2001 From: chaos_kao Date: Thu, 28 Jan 2021 13:22:31 +0800 Subject: [PATCH 2/3] Protected interface should not be removed, which bind into ACL table. What I did: Use reference count for protect interface, If interface bind to ACL the reference will increase and vice versa. Why I did it: If interface bind to ACL and remove LAG causes the ACL rule become global rule to match all interfaces. How I verified it: Run the pytest check ACL and Port test case passed. --- orchagent/portsorch.cpp | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/orchagent/portsorch.cpp b/orchagent/portsorch.cpp index 104aeb57f4..8048fa936f 100755 --- a/orchagent/portsorch.cpp +++ b/orchagent/portsorch.cpp @@ -1247,6 +1247,13 @@ bool PortsOrch::unbindAclTable(sai_object_id_t port_oid, return false; } + + Port port; + if (getPort(port_id, port)) + { + decreasePortRefCount(it->second); + } + if (!unbindRemoveAclTableGroup(port_oid, acl_table_oid, acl_stage)) { return false; } @@ -1307,6 +1314,12 @@ bool PortsOrch::bindAclTable(sai_object_id_t port_oid, return false; } + Port port; + if (getPort(port_id, port)) + { + increasePortRefCount(port.m_alias); + } + return true; } From 3b1557712280485d75d14ef5dc9884f8b8d86e01 Mon Sep 17 00:00:00 2001 From: chaos_kao Date: Thu, 28 Jan 2021 18:32:37 +0800 Subject: [PATCH 3/3] Fix wrong variable name. --- orchagent/portsorch.cpp | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/orchagent/portsorch.cpp b/orchagent/portsorch.cpp index 8048fa936f..2c5ca71894 100755 --- a/orchagent/portsorch.cpp +++ b/orchagent/portsorch.cpp @@ -1249,9 +1249,9 @@ bool PortsOrch::unbindAclTable(sai_object_id_t port_oid, Port port; - if (getPort(port_id, port)) + if (getPort(port_oid, port)) { - decreasePortRefCount(it->second); + decreasePortRefCount(port.m_alias); } if (!unbindRemoveAclTableGroup(port_oid, acl_table_oid, acl_stage)) { @@ -1315,7 +1315,7 @@ bool PortsOrch::bindAclTable(sai_object_id_t port_oid, } Port port; - if (getPort(port_id, port)) + if (getPort(port_oid, port)) { increasePortRefCount(port.m_alias); }