Skip to content

Commit ebed2d0

Browse files
taoyl-mstaoyl-ms
authored
[config/acl] Support everflow config translation (#468)
1 parent 0db9378 commit ebed2d0

12 files changed

+567
-18
lines changed

sonic-slave/Dockerfile

+1
Original file line numberDiff line numberDiff line change
@@ -91,6 +91,7 @@ RUN apt-get update && apt-get install -y docutils-common libjs-sphinxdoc libjs-u
9191

9292
# For sonic config engine testing
9393
RUN apt-get install -y python-lxml python-jinja2 python-netaddr python-ipaddr python-yaml
94+
RUN pip install pyangbind
9495

9596
# For templating
9697
RUN pip install j2cli

src/sonic-config-engine/MANIFEST.in

+1-1
Original file line numberDiff line numberDiff line change
@@ -1 +1 @@
1-
recursive-include tests *.j2 *.yml *.xml
1+
recursive-include tests *.j2 *.yml *.xml *.json

src/sonic-config-engine/minigraph.py

+8-3
Original file line numberDiff line numberDiff line change
@@ -218,9 +218,10 @@ def parse_dpg(dpg, hname):
218218
aclintfs = child.find(str(QName(ns, "AclInterfaces")))
219219
acls = {}
220220
for aclintf in aclintfs.findall(str(QName(ns, "AclInterface"))):
221-
aclname = aclintf.find(str(QName(ns, "InAcl"))).text
221+
aclname = aclintf.find(str(QName(ns, "InAcl"))).text.lower().replace(" ", "_").replace("-", "_")
222222
aclattach = aclintf.find(str(QName(ns, "AttachTo"))).text.split(';')
223223
acl_intfs = []
224+
is_mirror = False
224225
for member in aclattach:
225226
member = member.strip()
226227
if pcs.has_key(member):
@@ -229,9 +230,13 @@ def parse_dpg(dpg, hname):
229230
print >> sys.stderr, "Warning: ACL " + aclname + " is attached to a Vlan interface, which is currently not supported"
230231
elif port_alias_map.has_key(member):
231232
acl_intfs.append(port_alias_map[member])
233+
elif member.lower() == 'erspan':
234+
is_mirror = True;
235+
# Erspan session will be attached to all front panel ports
236+
acl_intfs = port_alias_map.values()
237+
break;
232238
if acl_intfs:
233-
acls[aclname] = acl_intfs
234-
239+
acls[aclname] = { 'AttachTo': acl_intfs, 'IsMirror': is_mirror }
235240
return intfs, lo_intfs, mgmt_intf, vlans, pcs, acls
236241
return None, None, None, None, None, None
237242

src/sonic-config-engine/tests/sample_output/rules_for_dataacl.json

+29
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,29 @@
1+
[
2+
{
3+
"ACL_RULE_TABLE:dataacl:Rule_1":{
4+
"IP_PROTOCOL":17,
5+
"PACKET_ACTION":"FORWARD",
6+
"SRC_IP":"10.0.0.0/8",
7+
"priority":9999
8+
},
9+
"OP":"SET"
10+
},
11+
{
12+
"ACL_RULE_TABLE:dataacl:Rule_3":{
13+
"IP_PROTOCOL":17,
14+
"PACKET_ACTION":"FORWARD",
15+
"SRC_IP":"25.0.0.0/8",
16+
"priority":9997
17+
},
18+
"OP":"SET"
19+
},
20+
{
21+
"ACL_RULE_TABLE:dataacl:Rule_2":{
22+
"IP_PROTOCOL":17,
23+
"PACKET_ACTION":"FORWARD",
24+
"SRC_IP":"100.64.0.0/10",
25+
"priority":9998
26+
},
27+
"OP":"SET"
28+
}
29+
]

src/sonic-config-engine/tests/sample_output/rules_for_everflow.json

+14
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,14 @@
1+
[
2+
{
3+
"ACL_RULE_TABLE:everflow:Rule_1":{
4+
"DST_IP":"127.0.0.1/32",
5+
"IP_PROTOCOL":6,
6+
"L4_DST_PORT":0,
7+
"L4_SRC_PORT":0,
8+
"MIRROR_ACTION":"everflow",
9+
"SRC_IP":"127.0.0.1/32",
10+
"priority":9999
11+
},
12+
"OP":"SET"
13+
}
14+
]

src/sonic-config-engine/tests/sample_output/table_dataacl.json

+10
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,10 @@
1+
[
2+
{
3+
"ACL_TABLE:dataacl":{
4+
"policy_desc":"dataacl",
5+
"ports":"Ethernet112,Ethernet116,Ethernet120,Ethernet124",
6+
"type":"L3"
7+
},
8+
"OP":"SET"
9+
}
10+
]

src/sonic-config-engine/tests/sample_output/table_everflow.json

+10
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,10 @@
1+
[
2+
{
3+
"ACL_TABLE:everflow":{
4+
"policy_desc":"everflow",
5+
"ports":"Ethernet24,Ethernet40,Ethernet20,Ethernet44,Ethernet48,Ethernet28,Ethernet96,Ethernet92,Ethernet76,Ethernet116,Ethernet72,Ethernet112,Ethernet52,Ethernet108,Ethernet56,Ethernet32,Ethernet16,Ethernet36,Ethernet12,Ethernet120,Ethernet8,Ethernet4,Ethernet0,Ethernet124,Ethernet68,Ethernet84,Ethernet100,Ethernet80,Ethernet60,Ethernet104,Ethernet64,Ethernet88",
6+
"type":"mirror"
7+
},
8+
"OP":"SET"
9+
}
10+
]

src/sonic-config-engine/tests/t0-sample-acl.json

+97
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,97 @@
1+
{
2+
"acl": {
3+
"acl-sets": {
4+
"acl-set": {
5+
"dataacl": {
6+
"acl-entries": {
7+
"acl-entry": {
8+
"1": {
9+
"actions": {
10+
"config": {
11+
"forwarding-action": "ACCEPT"
12+
}
13+
},
14+
"config": {
15+
"sequence-id": 1
16+
},
17+
"ip": {
18+
"config": {
19+
"protocol": "IP_UDP",
20+
"source-ip-address": "10.0.0.0/8"
21+
}
22+
}
23+
},
24+
"2": {
25+
"actions": {
26+
"config": {
27+
"forwarding-action": "ACCEPT"
28+
}
29+
},
30+
"config": {
31+
"sequence-id": 2
32+
},
33+
"ip": {
34+
"config": {
35+
"protocol": "IP_UDP",
36+
"source-ip-address": "100.64.0.0/10"
37+
}
38+
}
39+
},
40+
"3": {
41+
"actions": {
42+
"config": {
43+
"forwarding-action": "ACCEPT"
44+
}
45+
},
46+
"config": {
47+
"sequence-id": 3
48+
},
49+
"ip": {
50+
"config": {
51+
"protocol": "IP_UDP",
52+
"source-ip-address": "25.0.0.0/8"
53+
}
54+
}
55+
}
56+
}
57+
},
58+
"config": {
59+
"name": "dataacl"
60+
}
61+
},
62+
"everflow": {
63+
"acl-entries": {
64+
"acl-entry": {
65+
"1": {
66+
"actions": {
67+
"config": {
68+
"forwarding-action": "ACCEPT"
69+
}
70+
},
71+
"config": {
72+
"sequence-id": 1
73+
},
74+
"ip": {
75+
"config": {
76+
"destination-ip-address": "127.0.0.1/32",
77+
"protocol": "IP_TCP",
78+
"source-ip-address": "127.0.0.1/32"
79+
}
80+
},
81+
"transport": {
82+
"config": {
83+
"destination-port": "0",
84+
"source-port": "0"
85+
}
86+
}
87+
}
88+
}
89+
},
90+
"config": {
91+
"name": "everflow"
92+
}
93+
}
94+
}
95+
}
96+
}
97+
}

0 commit comments

Comments
 (0)