From ef456291fbb788178ee3859dcb2c5ec3530dd349 Mon Sep 17 00:00:00 2001
From: Abhishek Dosi <abdosi@microsoft.com>
Date: Tue, 17 May 2022 23:03:50 +0000
Subject: [PATCH 1/2] Updated Broadcom SAI version to 3.7.6.1-1

Signed-off-by: Abhishek Dosi <abdosi@microsoft.com>
---
 platform/broadcom/sai.mk | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/platform/broadcom/sai.mk b/platform/broadcom/sai.mk
index 72da818ad628..5faf1681ccce 100644
--- a/platform/broadcom/sai.mk
+++ b/platform/broadcom/sai.mk
@@ -1,8 +1,8 @@
-BRCM_SAI = libsaibcm_3.7.6.1_amd64.deb
-$(BRCM_SAI)_URL = "https://sonicstorage.blob.core.windows.net/packages/bcmsai/3.7/libsaibcm_3.7.6.1_amd64.deb?sv=2015-04-05&sr=b&sig=PXZNHvLaofj6qevZqf3eDUX7SGp%2BJnblyEV%2FkMFcwus%3D&se=2035-04-15T19%3A36%3A16Z&sp=r"
-BRCM_SAI_DEV = libsaibcm-dev_3.7.6.1_amd64.deb
+BRCM_SAI = libsaibcm_3.7.6.1-1_amd64.deb
+$(BRCM_SAI)_URL = "https://sonicstorage.blob.core.windows.net/packages/bcmsai/3.7/libsaibcm_3.7.6.1-1_amd64.deb?sv=2015-04-05&sr=b&sig=NQ1hWKi6zjqigwb%2BDhM239G6AhL0HvktYE7FW79VdmY%3D&se=2030-08-03T23%3A01%3A11Z&sp=r"
+BRCM_SAI_DEV = libsaibcm-dev_3.7.6.1-1_amd64.deb
 $(eval $(call add_derived_package,$(BRCM_SAI),$(BRCM_SAI_DEV)))
-$(BRCM_SAI_DEV)_URL = "https://sonicstorage.blob.core.windows.net/packages/bcmsai/3.7/libsaibcm-dev_3.7.6.1_amd64.deb?sv=2015-04-05&sr=b&sig=S67%2FNP8J2xshBYhDV6NwP7LBnvyUOO1EZKspL1O6bCY%3D&se=2035-04-15T19%3A37%3A50Z&sp=r"
+$(BRCM_SAI_DEV)_URL = "https://sonicstorage.blob.core.windows.net/packages/bcmsai/3.7/libsaibcm-dev_3.7.6.1-1_amd64.deb?sv=2015-04-05&sr=b&sig=aUS4ZFCfD%2Bct29T%2B0xJAtFHfmtX1dTTsxKTyNtOw1O4%3D&se=2030-08-03T23%3A02%3A56Z&sp=r"
 
 SONIC_ONLINE_DEBS += $(BRCM_SAI)
 $(BRCM_SAI_DEV)_DEPENDS += $(BRCM_SAI)

From 450d946e3d0cea79469eba6fb03a82d4bd3e6868 Mon Sep 17 00:00:00 2001
From: Abhishek Dosi <abdosi@microsoft.com>
Date: Mon, 2 May 2022 15:59:52 +0000
Subject: [PATCH 2/2] Added support to create route-map action `set tag <user
 define value>` when the the allow prefix list are mtaches. The tag can ben
 define in constants.yml.

Signed-off-by: Abhishek Dosi <abdosi@microsoft.com>
---
 .../bgpcfgd/managers_allow_list.py            | 17 ++++
 src/sonic-bgpcfgd/tests/test_allow_list.py    | 87 ++++++++++++++++++-
 2 files changed, 102 insertions(+), 2 deletions(-)

diff --git a/src/sonic-bgpcfgd/bgpcfgd/managers_allow_list.py b/src/sonic-bgpcfgd/bgpcfgd/managers_allow_list.py
index 435be91d20d2..18fcacc42c51 100644
--- a/src/sonic-bgpcfgd/bgpcfgd/managers_allow_list.py
+++ b/src/sonic-bgpcfgd/bgpcfgd/managers_allow_list.py
@@ -38,6 +38,7 @@ def __init__(self, common_objs, db, table):
         )
         self.key_re = re.compile(r"^DEPLOYMENT_ID\|\d+\|\S+$|^DEPLOYMENT_ID\|\d+$")
         self.enabled = self.__get_enabled()
+        self.prefix_match_tag = self.__get_routemap_tag()
         self.__load_constant_lists()
 
     def set_handler(self, key, data):
@@ -371,6 +372,8 @@ def __update_allow_route_map_entry(self, af, allow_address_pl_name, community_na
         ]
         if not community_name.endswith(self.EMPTY_COMMUNITY):
             cmds.append(" match community %s" % community_name)
+        elif self.prefix_match_tag:
+            cmds.append(" set tag %s" % self.prefix_match_tag)
         return cmds
 
     def __update_default_route_map_entry(self, route_map_name, default_action_community):
@@ -587,6 +590,20 @@ def __get_route_map_calls(self, rms):
             inside_name = result.group(1)
         return rm_2_call
 
+    def __get_routemap_tag(self):
+        """
+        Find if any user define tag is provided to be used when allow prefifx list is matched
+        :return: string: prefix mix tag if define in constants.yml else None
+        """
+        prefix_match_tag = None
+        if 'bgp' in self.constants and \
+           'allow_list' in self.constants["bgp"] and \
+           'prefix_match_tag' in \
+           self.constants["bgp"]["allow_list"]:
+           prefix_match_tag = \
+              self.constants["bgp"]["allow_list"]["prefix_match_tag"]
+        return prefix_match_tag
+
     @staticmethod
     def __get_peer_group_to_restart(deployment_id, pg_2_rm, rm_2_call):
         """
diff --git a/src/sonic-bgpcfgd/tests/test_allow_list.py b/src/sonic-bgpcfgd/tests/test_allow_list.py
index 5091955eeea0..edb892f64f6f 100644
--- a/src/sonic-bgpcfgd/tests/test_allow_list.py
+++ b/src/sonic-bgpcfgd/tests/test_allow_list.py
@@ -25,8 +25,26 @@
     }
 }
 
+global_constants_with_prefix_match_tag = {
+    "bgp": {
+        "allow_list": {
+            "enabled": True,
+            "default_pl_rules": {
+                "v4": [ "deny 0.0.0.0/0 le 17" ],
+                "v6": [
+                    "deny 0::/0 le 59",
+                    "deny 0::/0 ge 65"
+                ]
+            },
+            "default_action": "permit",
+            "drop_community": "123:123",
+            "prefix_match_tag": "1001"
+        }
+    }
+}
+
 @patch.dict("sys.modules", swsscommon=swsscommon_module_mock)
-def set_del_test(op, args, currect_config, expected_config, update_global_default_action=None):
+def set_del_test(op, args, currect_config, expected_config, update_global_default_action=None, update_constant_prefix_match_tag=False):
     from bgpcfgd.managers_allow_list import BGPAllowListMgr
     set_del_test.push_list_called = False
     def push_list(args):
@@ -44,7 +62,7 @@ def push_list(args):
         'directory': Directory(),
         'cfg_mgr':   cfg_mgr,
         'tf':        TemplateFabric(),
-        'constants': deepcopy(global_constants),
+        'constants': deepcopy(global_constants) if not update_constant_prefix_match_tag else deepcopy(global_constants_with_prefix_match_tag)
     }
 
     mgr = BGPAllowListMgr(common_objs, "CONFIG_DB", "BGP_ALLOWED_PREFIXES")
@@ -91,6 +109,39 @@ def test_set_handler_with_community():
             ' match community COMMUNITY_ALLOW_LIST_DEPLOYMENT_ID_5_COMMUNITY_1010:2020',
         ]
     )
+
+def test_set_handler_with_community_and_prefix_match_tag():
+    set_del_test(
+        "SET",
+        ("DEPLOYMENT_ID|5|1010:2020", {
+                "prefixes_v4": "10.20.30.0/24,30.50.0.0/16",
+                "prefixes_v6": "fc00:20::/64,fc00:30::/64",
+        }),
+        [
+            'route-map ALLOW_LIST_DEPLOYMENT_ID_5_V4 permit 65535',
+            ' set community 123:123 additive',
+            'route-map ALLOW_LIST_DEPLOYMENT_ID_5_V6 permit 65535',
+            ' set community 123:123 additive'
+        ],
+        [
+            'ip prefix-list PL_ALLOW_LIST_DEPLOYMENT_ID_5_COMMUNITY_1010:2020_V4 seq 10 deny 0.0.0.0/0 le 17',
+            'ip prefix-list PL_ALLOW_LIST_DEPLOYMENT_ID_5_COMMUNITY_1010:2020_V4 seq 20 permit 10.20.30.0/24 le 32',
+            'ip prefix-list PL_ALLOW_LIST_DEPLOYMENT_ID_5_COMMUNITY_1010:2020_V4 seq 30 permit 30.50.0.0/16 le 32',
+            'ipv6 prefix-list PL_ALLOW_LIST_DEPLOYMENT_ID_5_COMMUNITY_1010:2020_V6 seq 10 deny ::/0 le 59',
+            'ipv6 prefix-list PL_ALLOW_LIST_DEPLOYMENT_ID_5_COMMUNITY_1010:2020_V6 seq 20 deny ::/0 ge 65',
+            'ipv6 prefix-list PL_ALLOW_LIST_DEPLOYMENT_ID_5_COMMUNITY_1010:2020_V6 seq 30 permit fc00:20::/64 le 128',
+            'ipv6 prefix-list PL_ALLOW_LIST_DEPLOYMENT_ID_5_COMMUNITY_1010:2020_V6 seq 40 permit fc00:30::/64 le 128',
+            'bgp community-list standard COMMUNITY_ALLOW_LIST_DEPLOYMENT_ID_5_COMMUNITY_1010:2020 permit 1010:2020',
+            'route-map ALLOW_LIST_DEPLOYMENT_ID_5_V4 permit 10',
+            ' match ip address prefix-list PL_ALLOW_LIST_DEPLOYMENT_ID_5_COMMUNITY_1010:2020_V4',
+            ' match community COMMUNITY_ALLOW_LIST_DEPLOYMENT_ID_5_COMMUNITY_1010:2020',
+            'route-map ALLOW_LIST_DEPLOYMENT_ID_5_V6 permit 10',
+            ' match ipv6 address prefix-list PL_ALLOW_LIST_DEPLOYMENT_ID_5_COMMUNITY_1010:2020_V6',
+            ' match community COMMUNITY_ALLOW_LIST_DEPLOYMENT_ID_5_COMMUNITY_1010:2020',
+        ],
+        None, True
+    )
+
 def test_set_handler_with_community_and_permit_action():
     set_del_test(
         "SET",
@@ -187,6 +238,38 @@ def test_set_handler_no_community():
             ' match ipv6 address prefix-list PL_ALLOW_LIST_DEPLOYMENT_ID_5_COMMUNITY_empty_V6',
         ]
     )
+
+def test_set_handler_no_community_and_prefix_match_tag():
+    set_del_test(
+        "SET",
+        ("DEPLOYMENT_ID|5", {
+                "prefixes_v4": "20.20.30.0/24,40.50.0.0/16",
+                "prefixes_v6": "fc01:20::/64,fc01:30::/64",
+        }),
+        [
+            'route-map ALLOW_LIST_DEPLOYMENT_ID_5_V4 permit 65535',
+            ' set community 123:123 additive',
+            'route-map ALLOW_LIST_DEPLOYMENT_ID_5_V6 permit 65535',
+            ' set community 123:123 additive',
+        ],
+        [
+            'ip prefix-list PL_ALLOW_LIST_DEPLOYMENT_ID_5_COMMUNITY_empty_V4 seq 10 deny 0.0.0.0/0 le 17',
+            'ip prefix-list PL_ALLOW_LIST_DEPLOYMENT_ID_5_COMMUNITY_empty_V4 seq 20 permit 20.20.30.0/24 le 32',
+            'ip prefix-list PL_ALLOW_LIST_DEPLOYMENT_ID_5_COMMUNITY_empty_V4 seq 30 permit 40.50.0.0/16 le 32',
+            'ipv6 prefix-list PL_ALLOW_LIST_DEPLOYMENT_ID_5_COMMUNITY_empty_V6 seq 10 deny ::/0 le 59',
+            'ipv6 prefix-list PL_ALLOW_LIST_DEPLOYMENT_ID_5_COMMUNITY_empty_V6 seq 20 deny ::/0 ge 65',
+            'ipv6 prefix-list PL_ALLOW_LIST_DEPLOYMENT_ID_5_COMMUNITY_empty_V6 seq 30 permit fc01:20::/64 le 128',
+            'ipv6 prefix-list PL_ALLOW_LIST_DEPLOYMENT_ID_5_COMMUNITY_empty_V6 seq 40 permit fc01:30::/64 le 128',
+            'route-map ALLOW_LIST_DEPLOYMENT_ID_5_V4 permit 30000',
+            ' match ip address prefix-list PL_ALLOW_LIST_DEPLOYMENT_ID_5_COMMUNITY_empty_V4',
+            ' set tag 1001',
+            'route-map ALLOW_LIST_DEPLOYMENT_ID_5_V6 permit 30000',
+            ' match ipv6 address prefix-list PL_ALLOW_LIST_DEPLOYMENT_ID_5_COMMUNITY_empty_V6',
+            ' set tag 1001',
+        ],
+        None,True
+    )
+
 def test_set_handler_no_community_with_permit_action():
     set_del_test(
         "SET",