diff --git a/orchagent/aclorch.cpp b/orchagent/aclorch.cpp index 472ff70def5d..89f77ab9dccd 100644 --- a/orchagent/aclorch.cpp +++ b/orchagent/aclorch.cpp @@ -3188,6 +3188,7 @@ void AclOrch::initDefaultTableTypes() builder.withName(TABLE_TYPE_DROP) .withBindPointType(SAI_ACL_BIND_POINT_TYPE_PORT) .withMatch(make_shared(SAI_ACL_TABLE_ATTR_FIELD_TC)) + .withMatch(make_shared(SAI_ACL_TABLE_ATTR_FIELD_IN_PORTS)) .build() ); diff --git a/orchagent/aclorch.h b/orchagent/aclorch.h index c62a68991ac0..d9dd292785cc 100644 --- a/orchagent/aclorch.h +++ b/orchagent/aclorch.h @@ -95,6 +95,7 @@ #define MLNX_MAX_RANGES_COUNT 16 #define INGRESS_TABLE_DROP "IngressTableDrop" +#define EGRESS_TABLE_DROP "EgressTableDrop" #define RULE_OPER_ADD 0 #define RULE_OPER_DELETE 1 diff --git a/orchagent/muxorch.cpp b/orchagent/muxorch.cpp index 8c807341c545..79641374b4c2 100644 --- a/orchagent/muxorch.cpp +++ b/orchagent/muxorch.cpp @@ -791,8 +791,14 @@ MuxAclHandler::MuxAclHandler(sai_object_id_t port, string alias) { SWSS_LOG_ENTER(); + string value; + shared_ptr m_config_db = shared_ptr(new DBConnector("CONFIG_DB", 0)); + unique_ptr m_systemDefaultsTable = unique_ptr
(new Table(m_config_db.get(), "SYSTEM_DEFAULTS")); + m_systemDefaultsTable->hget("mux_tunnel_egress_acl", "status", value); + is_ingress_acl_ = value != "enabled"; + // There is one handler instance per MUX port - string table_name = MUX_ACL_TABLE_NAME; + string table_name = is_ingress_acl_ ? MUX_ACL_TABLE_NAME : EGRESS_TABLE_DROP; string rule_name = MUX_ACL_RULE_NAME; port_ = port; @@ -830,7 +836,7 @@ MuxAclHandler::MuxAclHandler(sai_object_id_t port, string alias) MuxAclHandler::~MuxAclHandler(void) { SWSS_LOG_ENTER(); - string table_name = MUX_ACL_TABLE_NAME; + string table_name = is_ingress_acl_ ? MUX_ACL_TABLE_NAME : EGRESS_TABLE_DROP; string rule_name = MUX_ACL_RULE_NAME; SWSS_LOG_NOTICE("Un-Binding port %" PRIx64 "", port_); @@ -876,7 +882,7 @@ void MuxAclHandler::createMuxAclTable(sai_object_id_t port, string strTable) auto dropType = gAclOrch->getAclTableType(TABLE_TYPE_DROP); assert(dropType); acl_table.validateAddType(*dropType); - acl_table.stage = ACL_STAGE_INGRESS; + acl_table.stage = is_ingress_acl_ ? ACL_STAGE_INGRESS : ACL_STAGE_EGRESS; gAclOrch->addAclTable(acl_table); bindAllPorts(acl_table); } diff --git a/orchagent/muxorch.h b/orchagent/muxorch.h index d2590168cc12..8b7e3c95691d 100644 --- a/orchagent/muxorch.h +++ b/orchagent/muxorch.h @@ -55,6 +55,7 @@ class MuxAclHandler // class shared dict: ACL table name -> ACL table static std::map acl_table_; sai_object_id_t port_ = SAI_NULL_OBJECT_ID; + bool is_ingress_acl_ = true; string alias_; };