[ACL] Support ACTION_COUNTER action in custom ACL table type (#2550)

bingwang-ms · web-flow · commit ec507a4b2b4b · 2022-12-02T09:03:32.000+08:00
* Support COUNTER action in custom ACL

Signed-off-by: bingwang &lt;bingwang@microsoft.com&gt;
diff --git a/orchagent/aclorch.cpp b/orchagent/aclorch.cpp
@@ -107,6 +107,11 @@ static acl_rule_attr_lookup_t aclDTelActionLookup =
     { ACTION_DTEL_REPORT_ALL_PACKETS,       SAI_ACL_ENTRY_ATTR_ACTION_DTEL_REPORT_ALL_PACKETS }
 };
 
+static acl_rule_attr_lookup_t aclOtherActionLookup = 
+{
+    { ACTION_COUNTER,                       SAI_ACL_ENTRY_ATTR_ACTION_COUNTER}
+};
+
 static acl_packet_action_lookup_t aclPacketActionLookup =
 {
     { PACKET_ACTION_FORWARD, SAI_PACKET_ACTION_FORWARD },
@@ -635,6 +640,7 @@ bool AclTableTypeParser::parseAclTableTypeActions(const std::string& value, AclT
         auto l3Action = aclL3ActionLookup.find(action);
         auto mirrorAction = aclMirrorStageLookup.find(action);
         auto dtelAction = aclDTelActionLookup.find(action);
+        auto otherAction = aclOtherActionLookup.find(action);
 
         if (l3Action != aclL3ActionLookup.end())
         {
@@ -648,11 +654,16 @@ bool AclTableTypeParser::parseAclTableTypeActions(const std::string& value, AclT
         {
             saiActionAttr = dtelAction->second;
         }
+        else if (otherAction != aclOtherActionLookup.end())
+        {
+            saiActionAttr = otherAction->second;
+        }
         else
         {
             SWSS_LOG_ERROR("Unknown action %s", action.c_str());
             return false;
         }
+        SWSS_LOG_INFO("Added action %s", action.c_str());
 
         builder.withAction(AclEntryActionToAclAction(saiActionAttr));
     }
@@ -4439,10 +4450,12 @@ void AclOrch::doAclTableTypeTask(Consumer &consumer)
             }
 
             addAclTableType(builder.build());
+            SWSS_LOG_NOTICE("Created ACL table type %s", key.c_str());
         }
         else if (op == DEL_COMMAND)
         {
             removeAclTableType(key);
+            SWSS_LOG_NOTICE("Removed ACL table type %s", key.c_str());
         }
         else
         {
diff --git a/orchagent/aclorch.h b/orchagent/aclorch.h
@@ -65,6 +65,7 @@
 #define ACTION_DTEL_TAIL_DROP_REPORT_ENABLE "TAIL_DROP_REPORT_ENABLE"
 #define ACTION_DTEL_FLOW_SAMPLE_PERCENT     "FLOW_SAMPLE_PERCENT"
 #define ACTION_DTEL_REPORT_ALL_PACKETS      "REPORT_ALL_PACKETS"
+#define ACTION_COUNTER                      "COUNTER"
 
 #define PACKET_ACTION_FORWARD     "FORWARD"
 #define PACKET_ACTION_DROP        "DROP"
diff --git a/tests/dvslib/dvs_acl.py b/tests/dvslib/dvs_acl.py
@@ -54,18 +54,21 @@ def create_acl_table_type(
             self,
             name: str,
             matches: List[str],
-            bpoint_types: List[str]
+            bpoint_types: List[str],
+            actions: List[str]
     ) -> None:
         """Create a new ACL table type in Config DB.
 
         Args:
             name: The name for the new ACL table type.
             matches: A list of matches to use in ACL table.
             bpoint_types: A list of bind point types to use in ACL table.
+            actions: A list of actions to use in ACL table
         """
         table_type_attrs = {
             "matches@": ",".join(matches),
-            "bind_points@": ",".join(bpoint_types)
+            "bind_points@": ",".join(bpoint_types),
+            "actions@": ",".join(actions)
         }
 
         self.config_db.create_entry(self.CDB_ACL_TABLE_TYPE_NAME, name, table_type_attrs)
@@ -306,6 +309,26 @@ def verify_acl_table_port_binding(
 
         self.verify_acl_table_group_members(acl_table_id, acl_table_group_ids, num_tables)
 
+    
+    def verify_acl_table_action_list(
+            self,
+            acl_table_id: str,
+            expected_action_list: List[str],
+    ) -> None:
+        """Verify that the ACL table has specified action list.
+        Args:
+            acl_table_id: The ACL table that is being checked.
+            expected_action_list: The expected action list set to the given ACL table.
+        """
+        fvs = self.asic_db.wait_for_entry(self.ADB_ACL_TABLE_NAME, acl_table_id)
+        action_list_str = fvs.get('SAI_ACL_TABLE_ATTR_ACL_ACTION_TYPE_LIST')
+        action_count, actions = action_list_str.split(':')
+        action_list = actions.split(',')
+        assert (int(action_count) == len(action_list))
+        for action in expected_action_list:
+            assert action in action_list
+    
+            
     def create_acl_rule(
             self,
             table_name: str,
diff --git a/tests/test_acl_egress_table.py b/tests/test_acl_egress_table.py
@@ -14,6 +14,8 @@
     "VLAN_ID"
 ]
 CUSTOM_TABLE_TYPE_BPOINT_TYPES = ["PORT","PORTCHANNEL"]
+CUSTOM_TABLE_TYPE_ACTIONS = ["PACKET_ACTION,COUNTER"]
+EXPECTED_ACTION_LIST = ['SAI_ACL_ACTION_TYPE_PACKET_ACTION','SAI_ACL_ACTION_TYPE_COUNTER']
 TABLE_NAME = "EGRESS_TEST"
 BIND_PORTS = ["Ethernet0", "Ethernet4"]
 RULE_NAME = "EGRESS_TEST_RULE"
@@ -23,7 +25,7 @@ class TestEgressAclTable:
     @pytest.fixture
     def egress_acl_table(self, dvs_acl):
         try:
-            dvs_acl.create_acl_table_type(TABLE_TYPE, CUSTOM_TABLE_TYPE_MATCHES, CUSTOM_TABLE_TYPE_BPOINT_TYPES)
+            dvs_acl.create_acl_table_type(TABLE_TYPE, CUSTOM_TABLE_TYPE_MATCHES, CUSTOM_TABLE_TYPE_BPOINT_TYPES, CUSTOM_TABLE_TYPE_ACTIONS)
             dvs_acl.create_acl_table(TABLE_NAME, TABLE_TYPE, BIND_PORTS, stage="egress")
             yield dvs_acl.get_acl_table_ids(1)[0]
         finally:
@@ -33,14 +35,15 @@ def egress_acl_table(self, dvs_acl):
 
     def test_EgressAclTableCreationDeletion(self, dvs_acl):
         try:
-            dvs_acl.create_acl_table_type(TABLE_TYPE, CUSTOM_TABLE_TYPE_MATCHES, CUSTOM_TABLE_TYPE_BPOINT_TYPES)
+            dvs_acl.create_acl_table_type(TABLE_TYPE, CUSTOM_TABLE_TYPE_MATCHES, CUSTOM_TABLE_TYPE_BPOINT_TYPES, CUSTOM_TABLE_TYPE_ACTIONS)
             dvs_acl.create_acl_table(TABLE_NAME, TABLE_TYPE, BIND_PORTS, stage="egress")
 
             acl_table_id = dvs_acl.get_acl_table_ids(1)[0]
             acl_table_group_ids = dvs_acl.get_acl_table_group_ids(len(BIND_PORTS))
 
             dvs_acl.verify_acl_table_group_members(acl_table_id, acl_table_group_ids, 1)
             dvs_acl.verify_acl_table_port_binding(acl_table_id, BIND_PORTS, 1, stage="egress")
+            dvs_acl.verify_acl_table_action_list(acl_table_id, EXPECTED_ACTION_LIST)
         finally:
             dvs_acl.remove_acl_table(TABLE_NAME)
             dvs_acl.remove_acl_table_type(TABLE_TYPE)

Original file line number	Diff line number	Diff line change
`@@ -107,6 +107,11 @@ static acl_rule_attr_lookup_t aclDTelActionLookup =`
`107`	`107`	`{ ACTION_DTEL_REPORT_ALL_PACKETS, SAI_ACL_ENTRY_ATTR_ACTION_DTEL_REPORT_ALL_PACKETS }`
`108`	`108`	`};`
`109`	`109`
	`110`	`+static acl_rule_attr_lookup_t aclOtherActionLookup =`
	`111`	`+{`
	`112`	`+ { ACTION_COUNTER, SAI_ACL_ENTRY_ATTR_ACTION_COUNTER}`
	`113`	`+};`
	`114`	`+`
`110`	`115`	`static acl_packet_action_lookup_t aclPacketActionLookup =`
`111`	`116`	`{`
`112`	`117`	`{ PACKET_ACTION_FORWARD, SAI_PACKET_ACTION_FORWARD },`
`@@ -635,6 +640,7 @@ bool AclTableTypeParser::parseAclTableTypeActions(const std::string& value, AclT`
`635`	`640`	`auto l3Action = aclL3ActionLookup.find(action);`
`636`	`641`	`auto mirrorAction = aclMirrorStageLookup.find(action);`
`637`	`642`	`auto dtelAction = aclDTelActionLookup.find(action);`
	`643`	`+ auto otherAction = aclOtherActionLookup.find(action);`
`638`	`644`
`639`	`645`	`if (l3Action != aclL3ActionLookup.end())`
`640`	`646`	`{`
`@@ -648,11 +654,16 @@ bool AclTableTypeParser::parseAclTableTypeActions(const std::string& value, AclT`
`648`	`654`	`{`
`649`	`655`	`saiActionAttr = dtelAction->second;`
`650`	`656`	`}`
	`657`	`+ else if (otherAction != aclOtherActionLookup.end())`
	`658`	`+ {`
	`659`	`+ saiActionAttr = otherAction->second;`
	`660`	`+ }`
`651`	`661`	`else`
`652`	`662`	`{`
`653`	`663`	`SWSS_LOG_ERROR("Unknown action %s", action.c_str());`
`654`	`664`	`return false;`
`655`	`665`	`}`
	`666`	`+ SWSS_LOG_INFO("Added action %s", action.c_str());`
`656`	`667`
`657`	`668`	`builder.withAction(AclEntryActionToAclAction(saiActionAttr));`
`658`	`669`	`}`
`@@ -4439,10 +4450,12 @@ void AclOrch::doAclTableTypeTask(Consumer &consumer)`
`4439`	`4450`	`}`
`4440`	`4451`
`4441`	`4452`	`addAclTableType(builder.build());`
	`4453`	`+ SWSS_LOG_NOTICE("Created ACL table type %s", key.c_str());`
`4442`	`4454`	`}`
`4443`	`4455`	`else if (op == DEL_COMMAND)`
`4444`	`4456`	`{`
`4445`	`4457`	`removeAclTableType(key);`
	`4458`	`+ SWSS_LOG_NOTICE("Removed ACL table type %s", key.c_str());`
`4446`	`4459`	`}`
`4447`	`4460`	`else`
`4448`	`4461`	`{`