Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[dump] implement ACL modules #2153

Merged
merged 8 commits into from
May 23, 2022
Merged

[dump] implement ACL modules #2153

merged 8 commits into from
May 23, 2022

Conversation

stepanblyschak
Copy link
Contributor

What I did

Implemented ACL dump modules

How I did it

Added dump plugins for acl_rule and acl_table.
Added UT for coverage.
Implemented according to sonic-net/SONiC#983

How to verify it

Run UT, run on the switch mannually.

Previous command output (if the output of a command-line utility has changed)

New command output (if the output of a command-line utility has changed)

admin@sonic:~$ dump state acl_table DATA_L3 -t
+------------------+-----------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| acl_table_name   | DB_NAME   | DUMP                                                                                                                                                                                                      |
+==================+===========+===========================================================================================================================================================================================================+
| DATA_L3          | CONFIG_DB | +-------------------+-----------------------------+                                                                                                                                                       |
|                  |           | | Keys              | field-value pairs           |                                                                                                                                                       |
|                  |           | +===================+=============================+                                                                                                                                                       |
|                  |           | | ACL_TABLE|DATA_L3 | +-------------+-----------+ |                                                                                                                                                       |
|                  |           | |                   | | field       | value     | |                                                                                                                                                       |
|                  |           | |                   | |-------------+-----------| |                                                                                                                                                       |
|                  |           | |                   | | policy_desc | DATA_L3   | |                                                                                                                                                       |
|                  |           | |                   | | ports       | Ethernet0 | |                                                                                                                                                       |
|                  |           | |                   | |             | Ethernet4 | |                                                                                                                                                       |
|                  |           | |                   | | stage       | ingress   | |                                                                                                                                                       |
|                  |           | |                   | | type        | L3        | |                                                                                                                                                       |
|                  |           | |                   | +-------------+-----------+ |                                                                                                                                                       |
|                  |           | +-------------------+-----------------------------+                                                                                                                                                       |
+------------------+-----------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| DATA_L3          | ASIC_DB   | +-----------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------+ |
|                  |           | | Keys                                                                  | field-value pairs                                                                                                             | |
|                  |           | +=======================================================================+===============================================================================================================================+ |
|                  |           | | ASIC_STATE:SAI_OBJECT_TYPE_ACL_TABLE:oid:0x7000000000600              | +---------------------------------------------+-----------------------------------------------------------------------------+ | |
|                  |           | |                                                                       | | field                                       | value                                                                       | | |
|                  |           | |                                                                       | |---------------------------------------------+-----------------------------------------------------------------------------| | |
|                  |           | |                                                                       | | SAI_ACL_TABLE_ATTR_ACL_BIND_POINT_TYPE_LIST | 2:SAI_ACL_BIND_POINT_TYPE_PORT,SAI_ACL_BIND_POINT_TYPE_LAG                  | | |
|                  |           | |                                                                       | | SAI_ACL_TABLE_ATTR_ACL_STAGE                | SAI_ACL_STAGE_INGRESS                                                       | | |
|                  |           | |                                                                       | | SAI_ACL_TABLE_ATTR_FIELD_ACL_IP_TYPE        | true                                                                        | | |
|                  |           | |                                                                       | | SAI_ACL_TABLE_ATTR_FIELD_ACL_RANGE_TYPE     | 2:SAI_ACL_RANGE_TYPE_L4_SRC_PORT_RANGE,SAI_ACL_RANGE_TYPE_L4_DST_PORT_RANGE | | |
|                  |           | |                                                                       | | SAI_ACL_TABLE_ATTR_FIELD_DST_IP             | true                                                                        | | |
|                  |           | |                                                                       | | SAI_ACL_TABLE_ATTR_FIELD_ETHER_TYPE         | true                                                                        | | |
|                  |           | |                                                                       | | SAI_ACL_TABLE_ATTR_FIELD_ICMP_CODE          | true                                                                        | | |
|                  |           | |                                                                       | | SAI_ACL_TABLE_ATTR_FIELD_ICMP_TYPE          | true                                                                        | | |
|                  |           | |                                                                       | | SAI_ACL_TABLE_ATTR_FIELD_IP_PROTOCOL        | true                                                                        | | |
|                  |           | |                                                                       | | SAI_ACL_TABLE_ATTR_FIELD_L4_DST_PORT        | true                                                                        | | |
|                  |           | |                                                                       | | SAI_ACL_TABLE_ATTR_FIELD_L4_SRC_PORT        | true                                                                        | | |
|                  |           | |                                                                       | | SAI_ACL_TABLE_ATTR_FIELD_OUTER_VLAN_ID      | true                                                                        | | |
|                  |           | |                                                                       | | SAI_ACL_TABLE_ATTR_FIELD_SRC_IP             | true                                                                        | | |
|                  |           | |                                                                       | | SAI_ACL_TABLE_ATTR_FIELD_TCP_FLAGS          | true                                                                        | | |
|                  |           | |                                                                       | +---------------------------------------------+-----------------------------------------------------------------------------+ | |
|                  |           | +-----------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------+ |
|                  |           | | ASIC_STATE:SAI_OBJECT_TYPE_ACL_TABLE_GROUP_MEMBER:oid:0xc000000000602 | +----------------------------------------------------+---------------------+                                                  | |
|                  |           | |                                                                       | | field                                              | value               |                                                  | |
|                  |           | |                                                                       | |----------------------------------------------------+---------------------|                                                  | |
|                  |           | |                                                                       | | SAI_ACL_TABLE_GROUP_MEMBER_ATTR_ACL_TABLE_GROUP_ID | oid:0xb0000000005f7 |                                                  | |
|                  |           | |                                                                       | | SAI_ACL_TABLE_GROUP_MEMBER_ATTR_ACL_TABLE_ID       | oid:0x7000000000600 |                                                  | |
|                  |           | |                                                                       | | SAI_ACL_TABLE_GROUP_MEMBER_ATTR_PRIORITY           | 100                 |                                                  | |
|                  |           | |                                                                       | +----------------------------------------------------+---------------------+                                                  | |
|                  |           | +-----------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------+ |
|                  |           | | ASIC_STATE:SAI_OBJECT_TYPE_ACL_TABLE_GROUP_MEMBER:oid:0xc000000000601 | +----------------------------------------------------+---------------------+                                                  | |
|                  |           | |                                                                       | | field                                              | value               |                                                  | |
|                  |           | |                                                                       | |----------------------------------------------------+---------------------|                                                  | |
|                  |           | |                                                                       | | SAI_ACL_TABLE_GROUP_MEMBER_ATTR_ACL_TABLE_GROUP_ID | oid:0xb0000000005f5 |                                                  | |
|                  |           | |                                                                       | | SAI_ACL_TABLE_GROUP_MEMBER_ATTR_ACL_TABLE_ID       | oid:0x7000000000600 |                                                  | |
|                  |           | |                                                                       | | SAI_ACL_TABLE_GROUP_MEMBER_ATTR_PRIORITY           | 100                 |                                                  | |
|                  |           | |                                                                       | +----------------------------------------------------+---------------------+                                                  | |
|                  |           | +-----------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------+ |
|                  |           | | ASIC_STATE:SAI_OBJECT_TYPE_ACL_TABLE_GROUP:oid:0xb0000000005f7        | +---------------------------------------------------+-----------------------------------+                                     | |
|                  |           | |                                                                       | | field                                             | value                             |                                     | |
|                  |           | |                                                                       | |---------------------------------------------------+-----------------------------------|                                     | |
|                  |           | |                                                                       | | SAI_ACL_TABLE_GROUP_ATTR_ACL_BIND_POINT_TYPE_LIST | 1:SAI_ACL_BIND_POINT_TYPE_PORT    |                                     | |
|                  |           | |                                                                       | | SAI_ACL_TABLE_GROUP_ATTR_ACL_STAGE                | SAI_ACL_STAGE_INGRESS             |                                     | |
|                  |           | |                                                                       | | SAI_ACL_TABLE_GROUP_ATTR_TYPE                     | SAI_ACL_TABLE_GROUP_TYPE_PARALLEL |                                     | |
|                  |           | |                                                                       | +---------------------------------------------------+-----------------------------------+                                     | |
|                  |           | +-----------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------+ |
|                  |           | | ASIC_STATE:SAI_OBJECT_TYPE_ACL_TABLE_GROUP:oid:0xb0000000005f5        | +---------------------------------------------------+-----------------------------------+                                     | |
|                  |           | |                                                                       | | field                                             | value                             |                                     | |
|                  |           | |                                                                       | |---------------------------------------------------+-----------------------------------|                                     | |
|                  |           | |                                                                       | | SAI_ACL_TABLE_GROUP_ATTR_ACL_BIND_POINT_TYPE_LIST | 1:SAI_ACL_BIND_POINT_TYPE_PORT    |                                     | |
|                  |           | |                                                                       | | SAI_ACL_TABLE_GROUP_ATTR_ACL_STAGE                | SAI_ACL_STAGE_INGRESS             |                                     | |
|                  |           | |                                                                       | | SAI_ACL_TABLE_GROUP_ATTR_TYPE                     | SAI_ACL_TABLE_GROUP_TYPE_PARALLEL |                                     | |
|                  |           | |                                                                       | +---------------------------------------------------+-----------------------------------+                                     | |
|                  |           | +-----------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------+ |
|                  |           | +---------------------+---------------------+                                                                                                                                                             |
|                  |           | | vid                 | rid                 |                                                                                                                                                             |
|                  |           | +=====================+=====================+                                                                                                                                                             |
|                  |           | | oid:0x7000000000600 | oid:0x100000007     |                                                                                                                                                             |
|                  |           | +---------------------+---------------------+                                                                                                                                                             |
|                  |           | | oid:0xc000000000602 | oid:0x100010000000c |                                                                                                                                                             |
|                  |           | +---------------------+---------------------+                                                                                                                                                             |
|                  |           | | oid:0xc000000000601 | oid:0x10000000c     |                                                                                                                                                             |
|                  |           | +---------------------+---------------------+                                                                                                                                                             |
|                  |           | | oid:0xb0000000005f7 | oid:0x10000000b     |                                                                                                                                                             |
|                  |           | +---------------------+---------------------+                                                                                                                                                             |
|                  |           | | oid:0xb0000000005f5 | oid:0xb             |                                                                                                                                                             |
|                  |           | +---------------------+---------------------+                                                                                                                                                             |
+------------------+-----------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+

admin@sonic:~$ dump state acl_rule 'DATA_L3|R1' -t
+-----------------+-----------+----------------------------------------------------------------------------------------------------------------------------------------------------------+
| acl_rule_name   | DB_NAME   | DUMP                                                                                                                                                     |
+=================+===========+==========================================================================================================================================================+
| DATA_L3|R1      | CONFIG_DB | +---------------------+---------------------------------+                                                                                                |
|                 |           | | Keys                | field-value pairs               |                                                                                                |
|                 |           | +=====================+=================================+                                                                                                |
|                 |           | | ACL_RULE|DATA_L3|R1 | +-------------------+---------+ |                                                                                                |
|                 |           | |                     | | field             | value   | |                                                                                                |
|                 |           | |                     | |-------------------+---------| |                                                                                                |
|                 |           | |                     | | L4_DST_PORT_RANGE | 90-95   | |                                                                                                |
|                 |           | |                     | | L4_SRC_PORT_RANGE | 80-100  | |                                                                                                |
|                 |           | |                     | | PACKET_ACTION     | FORWARD | |                                                                                                |
|                 |           | |                     | | PRIORITY          | 9995    | |                                                                                                |
|                 |           | |                     | +-------------------+---------+ |                                                                                                |
|                 |           | +---------------------+---------------------------------+                                                                                                |
+-----------------+-----------+----------------------------------------------------------------------------------------------------------------------------------------------------------+
| DATA_L3|R1      | ASIC_DB   | +------------------------------------------------------------+-----------------------------------------------------------------------------------------+ |
|                 |           | | Keys                                                       | field-value pairs                                                                       | |
|                 |           | +============================================================+=========================================================================================+ |
|                 |           | | ASIC_STATE:SAI_OBJECT_TYPE_ACL_COUNTER:oid:0x9000000000606 | +------------------------------------------+---------------------+                      | |
|                 |           | |                                                            | | field                                    | value               |                      | |
|                 |           | |                                                            | |------------------------------------------+---------------------|                      | |
|                 |           | |                                                            | | SAI_ACL_COUNTER_ATTR_ENABLE_BYTE_COUNT   | true                |                      | |
|                 |           | |                                                            | | SAI_ACL_COUNTER_ATTR_ENABLE_PACKET_COUNT | true                |                      | |
|                 |           | |                                                            | | SAI_ACL_COUNTER_ATTR_TABLE_ID            | oid:0x7000000000600 |                      | |
|                 |           | |                                                            | +------------------------------------------+---------------------+                      | |
|                 |           | +------------------------------------------------------------+-----------------------------------------------------------------------------------------+ |
|                 |           | | ASIC_STATE:SAI_OBJECT_TYPE_ACL_ENTRY:oid:0x8000000000609   | +-----------------------------------------+-------------------------------------------+ | |
|                 |           | |                                                            | | field                                   | value                                     | | |
|                 |           | |                                                            | |-----------------------------------------+-------------------------------------------| | |
|                 |           | |                                                            | | SAI_ACL_ENTRY_ATTR_ACTION_COUNTER       | oid:0x9000000000606                       | | |
|                 |           | |                                                            | | SAI_ACL_ENTRY_ATTR_ACTION_PACKET_ACTION | SAI_PACKET_ACTION_FORWARD                 | | |
|                 |           | |                                                            | | SAI_ACL_ENTRY_ATTR_ADMIN_STATE          | true                                      | | |
|                 |           | |                                                            | | SAI_ACL_ENTRY_ATTR_FIELD_ACL_RANGE_TYPE | 2:oid:0xa000000000607,oid:0xa000000000608 | | |
|                 |           | |                                                            | | SAI_ACL_ENTRY_ATTR_PRIORITY             | 9995                                      | | |
|                 |           | |                                                            | | SAI_ACL_ENTRY_ATTR_TABLE_ID             | oid:0x7000000000600                       | | |
|                 |           | |                                                            | +-----------------------------------------+-------------------------------------------+ | |
|                 |           | +------------------------------------------------------------+-----------------------------------------------------------------------------------------+ |
|                 |           | | ASIC_STATE:SAI_OBJECT_TYPE_ACL_RANGE:oid:0xa000000000607   | +--------------------------+--------------------------------------+                     | |
|                 |           | |                                                            | | field                    | value                                |                     | |
|                 |           | |                                                            | |--------------------------+--------------------------------------|                     | |
|                 |           | |                                                            | | SAI_ACL_RANGE_ATTR_LIMIT | 80,100                               |                     | |
|                 |           | |                                                            | | SAI_ACL_RANGE_ATTR_TYPE  | SAI_ACL_RANGE_TYPE_L4_SRC_PORT_RANGE |                     | |
|                 |           | |                                                            | +--------------------------+--------------------------------------+                     | |
|                 |           | +------------------------------------------------------------+-----------------------------------------------------------------------------------------+ |
|                 |           | | ASIC_STATE:SAI_OBJECT_TYPE_ACL_RANGE:oid:0xa000000000608   | +--------------------------+--------------------------------------+                     | |
|                 |           | |                                                            | | field                    | value                                |                     | |
|                 |           | |                                                            | |--------------------------+--------------------------------------|                     | |
|                 |           | |                                                            | | SAI_ACL_RANGE_ATTR_LIMIT | 90,95                                |                     | |
|                 |           | |                                                            | | SAI_ACL_RANGE_ATTR_TYPE  | SAI_ACL_RANGE_TYPE_L4_DST_PORT_RANGE |                     | |
|                 |           | |                                                            | +--------------------------+--------------------------------------+                     | |
|                 |           | +------------------------------------------------------------+-----------------------------------------------------------------------------------------+ |
|                 |           | +---------------------+--------------------+                                                                                                             |
|                 |           | | vid                 | rid                |                                                                                                             |
|                 |           | +=====================+====================+                                                                                                             |
|                 |           | | oid:0x9000000000606 | oid:0x600000070009 |                                                                                                             |
|                 |           | +---------------------+--------------------+                                                                                                             |
|                 |           | | oid:0x8000000000609 | oid:0x100010008    |                                                                                                             |
|                 |           | +---------------------+--------------------+                                                                                                             |
|                 |           | | oid:0xa000000000607 | oid:0xa            |                                                                                                             |
|                 |           | +---------------------+--------------------+                                                                                                             |
|                 |           | | oid:0xa000000000608 | oid:0x20000000a    |                                                                                                             |
|                 |           | +---------------------+--------------------+                                                                                                             |
+-----------------+-----------+----------------------------------------------------------------------------------------------------------------------------------------------------------+

@stepanblyschak
[dump] implement ACL modules
7ba39fd 
Signed-off-by: Stepan Blyschak <stepanb@nvidia.com>
@stepanblyschak
fix review comments
b69a0f7 
Signed-off-by: Stepan Blyschak <stepanb@nvidia.com>
@stepanblyschak
review comments
c0fc915 
Signed-off-by: Stepan Blyschak <stepanb@nvidia.com>
@stepanblyschak
use raw_to_typed
3a66f08 
Signed-off-by: Stepan Blyschak <stepanb@nvidia.com>
@stepanblyschak
Merge branch 'master' of https://github.com/Azure/sonic-utilities int…
bf9188f 
…o dump-acl
@stepanblyschak
internal review fixes
0ff5de4 
Signed-off-by: Stepan Blyschak <stepanb@nvidia.com>
@lgtm-com
Copy link

lgtm-com bot commented May 6, 2022

This pull request introduces 1 alert when merging 0ff5de4 into 1143869 - view on LGTM.com

new alerts:

  • 1 for Unused import

@stepanblyschak
remove unused import
a4e5614 
Signed-off-by: Stepan Blyschak <stepanb@nvidia.com>
@liat-grozovik
Copy link
Collaborator

@vivekreddynv could you please help to review?

vivekrnv
vivekrnv suggested changes May 12, 2022
View reviewed changes
dump/match_infra.py Outdated
@@ -267,15 +279,21 @@ def __init__(self, pool=None):
def clear_cache(self, ns):
self.conn_pool(ns)

def get_redis_source_adapter(self, db):
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Argument can be removed

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, fixed

@stepanblyschak
fix review comment
94ad60b 
Signed-off-by: Stepan Blyschak <stepanb@nvidia.com>
@liat-grozovik liat-grozovik merged commit 2f53bd4 into sonic-net:master May 23, 2022
dprital added a commit to dprital/sonic-buildimage that referenced this pull request May 25, 2022
@dprital
[submodule] Update sonic-utilities submodule
657dd81 
Update sonic-utilities submodule pointer to include the following:
* [GCU] Handling type1 lists ([sonic-net#2171](sonic-net/sonic-utilities#2171))
* [yang] extend ConfigMgmt constructor to pass YANG options ([sonic-net#2118](sonic-net/sonic-utilities#2118))
* [dump] implement ACL modules ([sonic-net#2153](sonic-net/sonic-utilities#2153))
* show commands for SYSTEM READY ([sonic-net#1851](sonic-net/sonic-utilities#1851))
* [GCU] Handling non-compliant leaf-list with string values ([sonic-net#2174](sonic-net/sonic-utilities#2174))
* Add sonic-delayed.target to Application Extension .timer file generator ([sonic-net#2176](sonic-net/sonic-utilities#2176))
* [portconfig] Allow to configure interface mtu for physical ports ([#l](https://github.com/Azure/sonic-utilities/pull/l))
* Broadcast Unknown-multicast and Unknown-unicast Storm-control  ([sonic-net#928](sonic-net/sonic-utilities#928))
* sonic-utils: initial support for link-training ([sonic-net#2071](sonic-net/sonic-utilities#2071))
* [portchannel] Added ACL/PBH binding checks to the port before getting added to portchannel ([sonic-net#2151](sonic-net/sonic-utilities#2151))
* Modify override testcase to cover PORT admin_status ([sonic-net#2165](sonic-net/sonic-utilities#2165))
* [GCU] Validate peer_group_range ip_range are correct ([sonic-net#2145](sonic-net/sonic-utilities#2145))
* [auto-ts] add memory check ([sonic-net#2116](sonic-net/sonic-utilities#2116))
* support new interface types CR8/SR8/KR8/LR8 which are brougnt by SAI V.1.10.2 ([sonic-net#2167](sonic-net/sonic-utilities#2167))
* [scripts/fast-reboot] Add option to include ssd-upgrader-part boot option with SONiC partition ([sonic-net#2150](sonic-net/sonic-utilities#2150))
* [config reload] Fix invalid rstrip. ([sonic-net#2157](sonic-net/sonic-utilities#2157))
* Accept 0 for queue and dscp ([sonic-net#2162](sonic-net/sonic-utilities#2162))

Signed-off-by: dprital <drorp@nvidia.com>
@dprital dprital mentioned this pull request May 25, 2022
Closed
6 tasks
This was referenced Jun 9, 2022
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bingwang-ms bingwang-ms bingwang-ms approved these changes

@vivekrnv vivekrnv vivekrnv approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@stepanblyschak @liat-grozovik @vivekrnv @bingwang-ms