Add support for handling control plane ACLs (sonic-net#416)

Author: jleveque

orchagent/aclorch.cpp

@@ -52,8 +52,9 @@ acl_rule_attr_lookup_t aclL3ActionLookup =
 
 static acl_table_type_lookup_t aclTableTypeLookUp =
 {
-    { TABLE_TYPE_L3,     ACL_TABLE_L3 },
-    { TABLE_TYPE_MIRROR, ACL_TABLE_MIRROR }
+    { TABLE_TYPE_L3,        ACL_TABLE_L3 },
+    { TABLE_TYPE_MIRROR,    ACL_TABLE_MIRROR },
+    { TABLE_TYPE_CTRLPLANE, ACL_TABLE_CTRLPLANE }
 };
 
 static acl_stage_type_lookup_t aclStageLookUp =
@@ -856,7 +857,8 @@ void AclRuleMirror::update(SubjectType type, void *cntx)
 
 bool AclTable::validate()
 {
-    if (type == ACL_TABLE_UNKNOWN) return false;
+    // Control plane ACLs are handled by a separate process
+    if (type == ACL_TABLE_UNKNOWN || type == ACL_TABLE_CTRLPLANE) return false;
     if (ports.empty()) return false;
     return true;
 }

orchagent/aclorch.h

@@ -22,8 +22,9 @@
 #define TABLE_TYPE        "TYPE"
 #define TABLE_PORTS       "PORTS"
 
-#define TABLE_TYPE_L3     "L3"
-#define TABLE_TYPE_MIRROR "MIRROR"
+#define TABLE_TYPE_L3        "L3"
+#define TABLE_TYPE_MIRROR    "MIRROR"
+#define TABLE_TYPE_CTRLPLANE "CTRLPLANE"
 
 #define RULE_PRIORITY           "PRIORITY"
 #define MATCH_SRC_IP            "SRC_IP"
@@ -63,7 +64,8 @@ typedef enum
 {
     ACL_TABLE_UNKNOWN,
     ACL_TABLE_L3,
-    ACL_TABLE_MIRROR
+    ACL_TABLE_MIRROR,
+    ACL_TABLE_CTRLPLANE
 } acl_table_type_t;
 
 typedef map<string, acl_table_type_t> acl_table_type_lookup_t;