Skip to content

Commit 368b038

Browse files
stepanblyschakstepanblyschak
authored
[sonic-acl] add ACL_TABLE_TYPE table (#9052)
* [sonic-acl] add ACL_TABLE_TYPE table I implemented ACL table type concept. Till this change, there are predefined ACL table types orchagent knows about (L3, L3V6, etc.) and if other orch requires a custom table a new table type needs to be defined in aclorch. This PR addresses this limitation by introducing AclTableType which can be constructed from a set of matches, actions and bpoint types user needs. There is also a new handler for ACL_TABLE_TYPE table which is used for user to define table types. Currently, some of built-in ACL table types that requires special handling are distinguished from others by their names (TABLE_TYPE_MIRROR, TABLE_TYPE_MIRRORV6) and a special handling is performed by an AclOrch. Signed-off-by: Stepan Blyshchak <[email protected]>
1 parent 848a171 commit 368b038

File tree

3 files changed

+240
-1
lines changed

3 files changed

+240
-1
lines changed

src/sonic-yang-models/tests/yang_model_tests/tests/acl.json

+20
Original file line numberDiff line numberDiff line change
@@ -61,5 +61,25 @@
6161
"key": "sonic-acl:services",
6262
"value": ["SNMP"]
6363
}
64+
},
65+
"ACL_TABLE_CUSTOM_TABLE_TYPE": {
66+
"desc": "ACL_TABLE LOAD TABLE TYPE SUCCESSFULLY."
67+
},
68+
"ACL_TABLE_CUSTOM_TABLE_TYPE_NO_MATCHES": {
69+
"desc": "ACL_TABLE LOAD TABLE TYPE WITH NO MATCHES.",
70+
"eStrKey": "MinElements"
71+
},
72+
"ACL_TABLE_CUSTOM_TABLE_TYPE_NO_BIND_POINT_TYPES": {
73+
"desc": "ACL_TABLE LOAD TABLE TYPE WITH NO BIND POINT TYPES.",
74+
"eStrKey": "MinElements"
75+
},
76+
"ACL_TABLE_CUSTOM_TABLE_TYPE_NO_ACTIONS": {
77+
"desc": "ACL_TABLE LOAD TABLE TYPE SUCCESSFULLY WITH NO ACTIONS.",
78+
"eStrKey" : "Verify",
79+
"verify": {
80+
"xpath": "/sonic-acl:sonic-acl/ACL_TABLE_TYPE/ACL_TABLE_TYPE_LIST[ACL_TABLE_TYPE_NAME='CUSTOM_L3']/ACL_TABLE_TYPE_NAME",
81+
"key": "sonic-acl:actions",
82+
"value": [""]
83+
}
6484
}
6585
}

src/sonic-yang-models/tests/yang_model_tests/tests_config/acl.json

+186
Original file line numberDiff line numberDiff line change
@@ -471,5 +471,191 @@
471471
]
472472
}
473473
}
474+
},
475+
"ACL_TABLE_CUSTOM_TABLE_TYPE": {
476+
"sonic-acl:sonic-acl": {
477+
"sonic-acl:ACL_TABLE": {
478+
"ACL_TABLE_LIST": [
479+
{
480+
"ACL_TABLE_NAME": "NO-NSW-PACL-V6",
481+
"policy_desc": "Filter IPv6",
482+
"ports": [
483+
"Ethernet0"
484+
],
485+
"stage": "EGRESS",
486+
"type": "CUSTOM_L3"
487+
}
488+
]
489+
},
490+
"sonic-acl:ACL_TABLE_TYPE": {
491+
"ACL_TABLE_TYPE_LIST": [
492+
{
493+
"ACL_TABLE_TYPE_NAME": "CUSTOM_L3",
494+
"matches": [
495+
"SRC_IP",
496+
"IN_PORTS"
497+
],
498+
"actions": [
499+
"PACKET_ACTION"
500+
],
501+
"bind_points": [
502+
"PORT"
503+
]
504+
}
505+
]
506+
}
507+
},
508+
"sonic-port:sonic-port": {
509+
"sonic-port:PORT": {
510+
"PORT_LIST": [
511+
{
512+
"admin_status": "up",
513+
"alias": "eth0",
514+
"description": "Ethernet0",
515+
"lanes": "0,1,2,3",
516+
"mtu": 9000,
517+
"name": "Ethernet0",
518+
"speed": 25000
519+
}
520+
]
521+
}
522+
}
523+
},
524+
"ACL_TABLE_CUSTOM_TABLE_TYPE_NO_MATCHES": {
525+
"sonic-acl:sonic-acl": {
526+
"sonic-acl:ACL_TABLE": {
527+
"ACL_TABLE_LIST": [
528+
{
529+
"ACL_TABLE_NAME": "NO-NSW-PACL-V6",
530+
"policy_desc": "Filter IPv6",
531+
"ports": [
532+
"Ethernet0"
533+
],
534+
"stage": "EGRESS",
535+
"type": "CUSTOM_L3"
536+
}
537+
]
538+
},
539+
"sonic-acl:ACL_TABLE_TYPE": {
540+
"ACL_TABLE_TYPE_LIST": [
541+
{
542+
"ACL_TABLE_TYPE_NAME": "CUSTOM_L3",
543+
"actions": [
544+
"PACKET_ACTION"
545+
],
546+
"bind_points": [
547+
"PORT"
548+
]
549+
}
550+
]
551+
}
552+
},
553+
"sonic-port:sonic-port": {
554+
"sonic-port:PORT": {
555+
"PORT_LIST": [
556+
{
557+
"admin_status": "up",
558+
"alias": "eth0",
559+
"description": "Ethernet0",
560+
"lanes": "0,1,2,3",
561+
"mtu": 9000,
562+
"name": "Ethernet0",
563+
"speed": 25000
564+
}
565+
]
566+
}
567+
}
568+
},
569+
"ACL_TABLE_CUSTOM_TABLE_TYPE_NO_BIND_POINT_TYPES": {
570+
"sonic-acl:sonic-acl": {
571+
"sonic-acl:ACL_TABLE": {
572+
"ACL_TABLE_LIST": [
573+
{
574+
"ACL_TABLE_NAME": "NO-NSW-PACL-V6",
575+
"policy_desc": "Filter IPv6",
576+
"ports": [
577+
"Ethernet0"
578+
],
579+
"stage": "EGRESS",
580+
"type": "CUSTOM_L3"
581+
}
582+
]
583+
},
584+
"sonic-acl:ACL_TABLE_TYPE": {
585+
"ACL_TABLE_TYPE_LIST": [
586+
{
587+
"ACL_TABLE_TYPE_NAME": "CUSTOM_L3",
588+
"matches": [
589+
"SRC_IP",
590+
"IN_PORTS"
591+
],
592+
"actions": [
593+
"PACKET_ACTION"
594+
]
595+
}
596+
]
597+
}
598+
},
599+
"sonic-port:sonic-port": {
600+
"sonic-port:PORT": {
601+
"PORT_LIST": [
602+
{
603+
"admin_status": "up",
604+
"alias": "eth0",
605+
"description": "Ethernet0",
606+
"lanes": "0,1,2,3",
607+
"mtu": 9000,
608+
"name": "Ethernet0",
609+
"speed": 25000
610+
}
611+
]
612+
}
613+
}
614+
},
615+
"ACL_TABLE_CUSTOM_TABLE_TYPE_NO_ACTIONS": {
616+
"sonic-acl:sonic-acl": {
617+
"sonic-acl:ACL_TABLE": {
618+
"ACL_TABLE_LIST": [
619+
{
620+
"ACL_TABLE_NAME": "NO-NSW-PACL-V6",
621+
"policy_desc": "Filter IPv6",
622+
"ports": [
623+
"Ethernet0"
624+
],
625+
"stage": "EGRESS",
626+
"type": "CUSTOM_L3"
627+
}
628+
]
629+
},
630+
"sonic-acl:ACL_TABLE_TYPE": {
631+
"ACL_TABLE_TYPE_LIST": [
632+
{
633+
"ACL_TABLE_TYPE_NAME": "CUSTOM_L3",
634+
"matches": [
635+
"SRC_IP",
636+
"IN_PORTS"
637+
],
638+
"bind_points": [
639+
"PORT"
640+
]
641+
}
642+
]
643+
}
644+
},
645+
"sonic-port:sonic-port": {
646+
"sonic-port:PORT": {
647+
"PORT_LIST": [
648+
{
649+
"admin_status": "up",
650+
"alias": "eth0",
651+
"description": "Ethernet0",
652+
"lanes": "0,1,2,3",
653+
"mtu": 9000,
654+
"name": "Ethernet0",
655+
"speed": 25000
656+
}
657+
]
658+
}
659+
}
474660
}
475661
}

src/sonic-yang-models/yang-templates/sonic-acl.yang.j2

+34-1
Original file line numberDiff line numberDiff line change
@@ -225,6 +225,34 @@ module sonic-acl {
225225
}
226226
/* end of container ACL_RULE */
227227

228+
container ACL_TABLE_TYPE {
229+
list ACL_TABLE_TYPE_LIST {
230+
key "ACL_TABLE_TYPE_NAME";
231+
232+
leaf ACL_TABLE_TYPE_NAME {
233+
type string;
234+
}
235+
236+
leaf-list matches {
237+
type string;
238+
min-elements 1;
239+
}
240+
241+
leaf-list actions {
242+
type string;
243+
default "";
244+
}
245+
246+
leaf-list bind_points {
247+
type enumeration {
248+
enum PORT;
249+
enum LAG;
250+
}
251+
min-elements 1;
252+
}
253+
}
254+
}
255+
228256
container ACL_TABLE {
229257

230258
description "ACL_TABLE part of config_db.json";
@@ -245,7 +273,12 @@ module sonic-acl {
245273

246274
leaf type {
247275
mandatory true;
248-
type stypes:acl_table_type;
276+
type union {
277+
type leafref {
278+
path "/acl:sonic-acl/acl:ACL_TABLE_TYPE/acl:ACL_TABLE_TYPE_LIST/acl:ACL_TABLE_TYPE_NAME";
279+
}
280+
type stypes:acl_table_type;
281+
}
249282
}
250283

251284
leaf stage {

0 commit comments

Comments
 (0)