Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Create ACL table fails due to incorrect check for supported ACL actions #2351

Merged
merged 1 commit into from
Jun 24, 2022
Merged

Create ACL table fails due to incorrect check for supported ACL actions #2351

merged 1 commit into from
Jun 24, 2022

Conversation

rck-innovium
Copy link
Contributor

Create ACL table fails due to incorrect check for supported ACL actions #11235

Fixes sonic-net/sonic-buildimage#11235

Signed-off-by: rck-innovium rck@innovium.com

What I did
Fixed error sonic-net/sonic-buildimage#11235

Why I did it

Egress ACL table creation was failing.

root@sonic-dut:~#config acl add table DATA_EGRESS_IPV4_TEST L3 -s egress

Error:
Jun 23 02:23:09.467384 sonic-dut ERR swss#orchagent: :- validate: Action SAI_ACL_ACTION_TYPE_REDIRECT is not supported on table DATA_EGRESS_IPV4_TEST
Jun 23 02:23:09.467384 sonic-dut ERR swss#orchagent: :- doAclTableTask: Failed to create ACL table DATA_EGRESS_IPV4_TEST, invalid configur

How I verified it

root@sonic-dut:~#config acl add table DATA_EGRESS_IPV4_TEST L3 -s egress

Jun 23 20:49:22.050411 sonic-dut INFO caclmgrd[1278536]: ACL change detected for namespace ''
Jun 23 20:49:22.050473 sonic-dut NOTICE swss#orchagent: :- doAclTableTask: Successfully updated existing ACL table DATA_EGRESS_IPV4_TEST
Jun 23 20:49:22.050546 sonic-dut INFO caclmgrd[1278536]: Spawning ACL update thread for namepsace '' ...
Jun 23 20:49:22.551196 sonic-dut INFO caclmgrd[1278536]: ACL config for namespace '' has not changed for 0.5 seconds. Applying updates ...

root@sonic-dut:~# show acl table DATA_EGRESS_IPV4_TEST
Name                   Type    Binding      Description            Stage
---------------------  ------  -----------  ---------------------  -------
DATA_EGRESS_IPV4_TEST  L3      Ethernet0    DATA_EGRESS_IPV4_TEST  egress
                               Ethernet8
                               Ethernet16
                               Ethernet24
                               Ethernet32
                               Ethernet40
                               Ethernet48
                               Ethernet56
                               Ethernet64
                               Ethernet72
                               Ethernet80
                               Ethernet88
                               Ethernet96
                               Ethernet104
                               Ethernet112
                               Ethernet120
                               Ethernet128
                               Ethernet136
                               Ethernet144
                               Ethernet152
                               Ethernet160
                               Ethernet168
                               Ethernet176
                               Ethernet184
                               Ethernet192
                               Ethernet200
                               Ethernet208
                               Ethernet216
                               Ethernet224
                               Ethernet232
                               Ethernet240
                               Ethernet248
root@sonic-dut:~#

Details if related

@rck-innovium
Create ACL table fails due to incorrect check for supported ACL actio…
82f2efb 
…ns #11235

Signed-off-by: rck-innovium <rck@innovium.com>
@rck-innovium rck-innovium requested a review from prsunny as a code owner June 24, 2022 03:51
@bingwang-ms bingwang-ms merged commit 1b8bd94 into sonic-net:master Jun 24, 2022
@rck-innovium rck-innovium deleted the swss_rck_eacl_fix branch June 24, 2022 16:43
yxieca pushed a commit that referenced this pull request Jun 25, 2022
@rck-innovium @yxieca
Create ACL table fails due to incorrect check for supported ACL actio…
585a69b 
…ns #11235 (#2351)

Signed-off-by: rck-innovium <rck@innovium.com>
@jimmyzhai jimmyzhai mentioned this pull request Jun 26, 2022
Merged
7 tasks
jimmyzhai added a commit to sonic-net/sonic-buildimage that referenced this pull request Jun 27, 2022
@jimmyzhai
advance submodule sonic-swss (#11260)
d18ff26 
2022-06-24 93af69c: [PFC_WD] Avoid applying ZeroBuffer Profiles to ingress PG when a PFC storm is detected (sonic-net/sonic-swss#2304)
2022-06-24 37349cf: [swssconfig] Optimize performance of swssconfig (sonic-net/sonic-swss#2336)
2022-06-24 84e9b07: [fdborch] fix heap-use-after-free in clearFdbEntry() (sonic-net/sonic-swss#2353)
2022-06-24 1b8bd94: Create ACL table fails due to incorrect check for supported ACL actions #11235 (sonic-net/sonic-swss#2351)
2022-06-24 1ed0b4b: [macsec] Refactor the logic of macsec name map (sonic-net/sonic-swss#2348)
2022-06-23 f88f992: [mock_tests] Add Sflow Orch UTs (sonic-net/sonic-swss#2295)
2022-06-23 ec57bf1: [macsec] Update macsec flex counter (sonic-net/sonic-swss#2338)
2022-06-22 6e0fc85: [ACL] Support stage particular match fields (sonic-net/sonic-swss#2341)
2022-06-22 efb4530: [orchagent, DTel]: report session support to set user vrf (sonic-net/sonic-swss#2326)
2022-06-22 d82874d: Fix for "orchagent crashed when trying to delete fdb static entry with swssconfig #11046" (sonic-net/sonic-swss#2332)
2022-06-22 0c789e6: Fix qos map test in vs test (sonic-net/sonic-swss#2343)
2022-06-17 1bb5070: Enhance mock test for dynamic buffer manager for port removing and qos reload flows (sonic-net/sonic-swss#2262)
2022-06-16 700492f: [aclorch] Fix and simplify DTel watchlist tables and entries (sonic-net/sonic-swss#2155)
@rck-innovium
Copy link
Contributor Author

@bingwang-ms @prsunny

Please help in backporting to 202111.
We are not able to create ACL tables on few platforms after the below commit.

commit bb0733aa67ffc4e430e70bcf2db2dc6316172b32
Author: Stepan Blyshchak <38952541+stepanblyschak@users.noreply.github.com>
Date:   Tue Nov 23 04:32:49 2021 +0200

    [aclorch] Add ACL_TABLE_TYPE configuration  (#1982)

    * [aclorch] Add ACL_TABLE_TYPE configuration

Please kindly backport the below 2 pull requests to sonic 202111 branch.

commit 910bfd4d17782a059daf2d81deb87673ae6ca58e
Author: bingwang-ms <66248323+bingwang-ms@users.noreply.github.com>
Date:   Sat May 28 03:04:14 2022 +0800
 
    [ACL] Add default action_list for default ACL table type (#2298)


commit 1b8bd94ef7e44f6089fc12efd456a3caa7aafd3f
Author: Ravindranath C K <rck@innovium.com>
Date:   Fri Jun 24 20:20:52 2022 +0530

    Create ACL table fails due to incorrect check for supported ACL actions #11235 (#2351)

    Signed-off-by: rck-innovium <rck@innovium.com>

@rck-innovium rck-innovium mentioned this pull request Jul 21, 2022
Open
7 tasks
preetham-singh pushed a commit to preetham-singh/sonic-swss that referenced this pull request Aug 6, 2022
@rck-innovium @preetham-singh
Create ACL table fails due to incorrect check for supported ACL actio…
115031c 
…ns #11235 (sonic-net#2351)

Signed-off-by: rck-innovium <rck@innovium.com>
@rck-innovium
Copy link
Contributor Author

@bingwang-ms @prsunny

Please help in backporting to 202111. We are not able to create ACL tables on few platforms after the below commit.

commit bb0733aa67ffc4e430e70bcf2db2dc6316172b32
Author: Stepan Blyshchak <38952541+stepanblyschak@users.noreply.github.com>
Date:   Tue Nov 23 04:32:49 2021 +0200

    [aclorch] Add ACL_TABLE_TYPE configuration  (#1982)

    * [aclorch] Add ACL_TABLE_TYPE configuration

Please kindly backport the below 2 pull requests to sonic 202111 branch.

commit 910bfd4d17782a059daf2d81deb87673ae6ca58e
Author: bingwang-ms <66248323+bingwang-ms@users.noreply.github.com>
Date:   Sat May 28 03:04:14 2022 +0800
 
    [ACL] Add default action_list for default ACL table type (#2298)

commit 1b8bd94ef7e44f6089fc12efd456a3caa7aafd3f
Author: Ravindranath C K <rck@innovium.com>
Date:   Fri Jun 24 20:20:52 2022 +0530

    Create ACL table fails due to incorrect check for supported ACL actions #11235 (#2351)

    Signed-off-by: rck-innovium <rck@innovium.com>

@prsunny

Can you please help backport or let us know if I can do something to get this backported.. This is blocking our basic 202111 ACL features..

@prsunny
Copy link
Collaborator

prsunny commented Aug 11, 2022

This is already labeled for 202111. @judyjoseph , can you please help with cherry-pick?

@kishoreatreya
Copy link

@judyjoseph could you help cherry-pick this to 202111? This has been pending for sometime.

@judyjoseph
Copy link
Contributor

@rck-innovium @kishoreatreya Sorry for delay - Can you check if this PR is applicable in 202111 branch as I see the fix is in AclTable::addMandatoryActions() - and the function is not present in the 202111 codebase.

@rck-innovium
Copy link
Contributor Author

@rck-innovium @kishoreatreya Sorry for delay - Can you check if this PR is applicable in 202111 branch as I see the fix is in AclTable::addMandatoryActions() - and the function is not present in the 202111 codebase.

Hi @judyjoseph

Thanks for looking at this. This PR is applicable for 202111.
The reason is:

  1. There was a commit to **202111 and master ** that breaks ACL table creation on some platforms. Refer commit bb0733a

  2. A fix for this was made in master. Refer commit 910bfd4

  3. The current PR (Create ACL table fails due to incorrect check for supported ACL actions #2351) was made to fix a bug in the above commit it in master. Refer commit 1b8bd94

So, the sequence of backporting required is:

  1. Backport#1 commit 910bfd4

  2. Backport#2 commit 1b8bd94

This has been detailed in an earlier comment here:
#2351 (comment)

judyjoseph pushed a commit to judyjoseph/sonic-swss that referenced this pull request Oct 27, 2022
@rck-innovium @judyjoseph
Create ACL table fails due to incorrect check for supported ACL actio…
15701ee 
…ns #11235 (sonic-net#2351)

Signed-off-by: rck-innovium <rck@innovium.com>
@judyjoseph
Copy link
Contributor

@rck-innovium @kishoreatreya Sorry for delay - Can you check if this PR is applicable in 202111 branch as I see the fix is in AclTable::addMandatoryActions() - and the function is not present in the 202111 codebase.

Hi @judyjoseph

Thanks for looking at this. This PR is applicable for 202111. The reason is:

  1. There was a commit to **202111 and master ** that breaks ACL table creation on some platforms. Refer commit bb0733a
  2. A fix for this was made in master. Refer commit 910bfd4
  3. The current PR (Create ACL table fails due to incorrect check for supported ACL actions #2351) was made to fix a bug in the above commit it in master. Refer commit 1b8bd94

So, the sequence of backporting required is:

  1. Backport#1 commit 910bfd4
  2. Backport#2 commit 1b8bd94

This has been detailed in an earlier comment here: #2351 (comment)

raised a cherry-pick PR #2497

judyjoseph added a commit that referenced this pull request Oct 27, 2022
@judyjoseph
[202111] cherrypick ACL fixes (#2298) and (#2351) (#2497)
7f24448 
[ACL] Add default action_list for default ACL table type (#2298)
Create ACL table fails due to incorrect check for supported ACL actions #11235 (#2351)
@judyjoseph
Copy link
Contributor

Update sonic-swss submodule: sonic-net/sonic-buildimage#12521

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bingwang-ms bingwang-ms bingwang-ms approved these changes

@prsunny prsunny Awaiting requested review from prsunny

Assignees
No one assigned
Labels
Included in 202111 Branch Included in 202205 Branch Request for 202111 Branch Request for 202205 Branch
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Create ACL table fails due to incorrect check for supported ACL actions
6 participants
@rck-innovium @prsunny @kishoreatreya @judyjoseph @bingwang-ms @yxieca