Skip to content

Commit bb0733a

Browse files
stepanblyschakstepanblyschak
authored
[aclorch] Add ACL_TABLE_TYPE configuration (sonic-net#1982)
* [aclorch] Add ACL_TABLE_TYPE configuration Added an API to create a table with configurable ACL table type (matches, bpoints, actions). Implemented a handler for new ACL_TABLE_TYPE CONFIG DB table. Implemented UT for the above. HLD: sonic-net/SONiC#867 DEPENDS ON: sonic-net/sonic-swss-common#546 sonic-net/sonic-sairedis#957 I implemented ACL table type concept. Till this change, there are predefined ACL table types orchagent knows about (L3, L3V6, etc.) and if other orch requires a custom table a new table type needs to be defined in aclorch. This PR addresses this limitation by introducing AclTableType which can be constructed from a set of matches, actions and bpoint types user needs. There is also a new handler for ACL_TABLE_TYPE table which is used for user to define table types. Currently, some of built-in ACL table types that requires special handling are distinguished from others by their names (TABLE_TYPE_MIRROR, TABLE_TYPE_MIRRORV6) and a special handling is performed by an AclOrch. Signed-off-by: Stepan Blyshchak <[email protected]>
1 parent 59cab5d commit bb0733a

18 files changed

+1673
-1214
lines changed

doc/Configuration.md

+40
Original file line numberDiff line numberDiff line change
@@ -286,6 +286,46 @@ and migration plan
286286
287287
```
288288

289+
***ACL table type configuration example***
290+
```
291+
{
292+
"ACL_TABLE_TYPE": {
293+
"CUSTOM_L3": {
294+
"MATCHES": [
295+
"IN_PORTS",
296+
"OUT_PORTS",
297+
"SRC_IP"
298+
],
299+
"ACTIONS": [
300+
"PACKET_ACTION",
301+
"MIRROR_INGRESS_ACTION"
302+
],
303+
"BIND_POINTS": [
304+
"PORT",
305+
"LAG"
306+
]
307+
}
308+
},
309+
"ACL_TABLE": {
310+
"DATAACL": {
311+
"STAGE": "INGRESS",
312+
"TYPE": "CUSTOM_L3",
313+
"PORTS": [
314+
"Ethernet0",
315+
"PortChannel1"
316+
]
317+
}
318+
},
319+
"ACL_RULE": {
320+
"DATAACL|RULE0": {
321+
"PRIORITY": "999",
322+
"PACKET_ACTION": "DROP",
323+
"SRC_IP": "1.1.1.1/32",
324+
}
325+
}
326+
}
327+
```
328+
289329
### BGP Sessions
290330

291331
BGP session configuration is defined in **BGP_NEIGHBOR** table. BGP

doc/swss-schema.md

+23-1
Original file line numberDiff line numberDiff line change
@@ -569,15 +569,37 @@ It's possible to create separate configuration files for different ASIC platform
569569

570570
----------------------------------------------
571571

572+
### ACL\_TABLE\_TYPE
573+
Stores a definition of table - set of matches, actions and bind point types. ACL_TABLE references a key inside this table in "type" field.
574+
575+
```
576+
key: ACL_TABLE_TYPE:name ; key of the ACL table type entry. The name is arbitary name user chooses.
577+
; field = value
578+
matches = match-list ; list of matches for this table, matches are same as in ACL_RULE table.
579+
actions = action-list ; list of actions for this table, actions are same as in ACL_RULE table.
580+
bind_points = bind-points-list ; list of bind point types for this table.
581+
582+
; values annotation
583+
match = 1*64VCHAR
584+
match-list = [1-max-matches]*match
585+
action = 1*64VCHAR
586+
action-list = [1-max-actions]*action
587+
bind-point = port/lag
588+
bind-points-list = [1-max-bind-points]*bind-point
589+
```
590+
572591
### ACL\_TABLE
573592
Stores information about ACL tables on the switch. Port names are defined in [port_config.ini](../portsyncd/port_config.ini).
574593

575594
key = ACL_TABLE:name ; acl_table_name must be unique
576595
;field = value
577596
policy_desc = 1*255VCHAR ; name of the ACL policy table description
578-
type = "mirror"/"l3"/"l3v6" ; type of acl table, every type of
597+
type = 1*255VCHAR ; type of acl table, every type of
579598
; table defines the match/action a
580599
; specific set of match and actions.
600+
; There are pre-defined table types like
601+
; "MIRROR", "MIRRORV6", "MIRROR_DSCP",
602+
; "L3", "L3V6", "MCLAG", "PFCWD", "DROP".
581603
ports = [0-max_ports]*port_name ; the ports to which this ACL
582604
; table is applied, can be emtry
583605
; value annotations

0 commit comments

Comments
 (0)