Skip to content

swss: Support for L2 table in ACL #2554

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

swss: Support for L2 table in ACL #2554

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
632a286
swss: Support for L2 table in ACL
ArthiGovindaraj Dec 1, 2022
748812d
Added VS test coverage
ArthiGovindaraj Dec 9, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
75 changes: 74 additions & 1 deletion orchagent/aclorch.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -69,7 +69,11 @@ acl_rule_attr_lookup_t aclMatchLookup =
{ MATCH_INNER_ETHER_TYPE, SAI_ACL_ENTRY_ATTR_FIELD_INNER_ETHER_TYPE },
{ MATCH_INNER_IP_PROTOCOL, SAI_ACL_ENTRY_ATTR_FIELD_INNER_IP_PROTOCOL },
{ MATCH_INNER_L4_SRC_PORT, SAI_ACL_ENTRY_ATTR_FIELD_INNER_L4_SRC_PORT },
{ MATCH_INNER_L4_DST_PORT, SAI_ACL_ENTRY_ATTR_FIELD_INNER_L4_DST_PORT }
{ MATCH_INNER_L4_DST_PORT, SAI_ACL_ENTRY_ATTR_FIELD_INNER_L4_DST_PORT },
{ MATCH_SRC_MAC, SAI_ACL_ENTRY_ATTR_FIELD_SRC_MAC },
{ MATCH_DST_MAC, SAI_ACL_ENTRY_ATTR_FIELD_DST_MAC },
{ MATCH_OUTER_VLAN_PRI, SAI_ACL_ENTRY_ATTR_FIELD_OUTER_VLAN_PRI},
{ MATCH_OUTER_VLAN_CFI, SAI_ACL_ENTRY_ATTR_FIELD_OUTER_VLAN_CFI}
};

static acl_range_type_lookup_t aclRangeTypeLookup =
Expand Down Expand Up @@ -195,6 +199,26 @@ static acl_table_action_list_lookup_t defaultAclActionList =
}
}
},
{
// L2
TABLE_TYPE_L2,
{
{
ACL_STAGE_INGRESS,
{
SAI_ACL_ACTION_TYPE_PACKET_ACTION,
SAI_ACL_ACTION_TYPE_REDIRECT
}
},
{
ACL_STAGE_EGRESS,
{
SAI_ACL_ACTION_TYPE_PACKET_ACTION,
SAI_ACL_ACTION_TYPE_REDIRECT
}
}
}
},
{
// MIRROR
TABLE_TYPE_MIRROR,
Expand Down Expand Up @@ -926,6 +950,41 @@ bool AclRule::validateAddMatch(string attr_name, string attr_value)
matchData.data.u8 = to_uint<uint8_t>(attr_value);
matchData.mask.u8 = 0xFF;
}
else if (attr_name == MATCH_SRC_MAC || attr_name == MATCH_DST_MAC)
{
auto mask_and_value = tokenize(attr_value, '/');
MacAddress mac(mask_and_value[0]);
memcpy(matchData.data.mac, mac.getMac(), sizeof(sai_mac_t));
if (mask_and_value.size() > 1)
{
MacAddress mask(mask_and_value[1]);
memcpy(matchData.mask.mac, mask.getMac(), sizeof(sai_mac_t));
}
else
{
const sai_mac_t mac_mask = {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF};
memcpy(matchData.mask.mac, mac_mask, sizeof(sai_mac_t));
}
}
else if (attr_name == MATCH_OUTER_VLAN_PRI)
{
auto vlan_pri = tokenize(attr_value, '/');

matchData.data.u8 = to_uint<uint8_t>(vlan_pri[0], 0, 0x7);
if (vlan_pri.size() > 1)
{
matchData.mask.u8 = to_uint<uint8_t>(vlan_pri[1], 0, 0x7);
}
else
{
matchData.mask.u8 = 0x7;
}
}
else if (attr_name == MATCH_OUTER_VLAN_CFI)
{
matchData.data.u8 = to_uint<uint8_t>(attr_value);
matchData.mask.u8 = 0x1;
}
}
catch (exception &e)
{
Expand Down Expand Up @@ -3048,6 +3107,20 @@ void AclOrch::initDefaultTableTypes()
.build()
);

addAclTableType(
builder.withName(TABLE_TYPE_L2)
.withBindPointType(SAI_ACL_BIND_POINT_TYPE_PORT)
.withBindPointType(SAI_ACL_BIND_POINT_TYPE_LAG)
.withMatch(make_shared<AclTableMatch>(SAI_ACL_TABLE_ATTR_FIELD_DST_MAC))
.withMatch(make_shared<AclTableMatch>(SAI_ACL_TABLE_ATTR_FIELD_SRC_MAC))
.withMatch(make_shared<AclTableMatch>(SAI_ACL_TABLE_ATTR_FIELD_ETHER_TYPE))
.withMatch(make_shared<AclTableMatch>(SAI_ACL_TABLE_ATTR_FIELD_OUTER_VLAN_ID))
.withMatch(make_shared<AclTableMatch>(SAI_ACL_TABLE_ATTR_FIELD_OUTER_VLAN_PRI))
.withMatch(make_shared<AclTableMatch>(SAI_ACL_TABLE_ATTR_FIELD_OUTER_VLAN_CFI))
.withMatch(make_shared<AclTableMatch>(SAI_ACL_TABLE_ATTR_FIELD_ACL_IP_TYPE))
.build()
);

addAclTableType(
builder.withName(TABLE_TYPE_MCLAG)
.withBindPointType(SAI_ACL_BIND_POINT_TYPE_PORT)
Expand Down
4 changes: 4 additions & 0 deletions orchagent/aclorch.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,10 @@
#define MATCH_INNER_IP_PROTOCOL "INNER_IP_PROTOCOL"
#define MATCH_INNER_L4_SRC_PORT "INNER_L4_SRC_PORT"
#define MATCH_INNER_L4_DST_PORT "INNER_L4_DST_PORT"
#define MATCH_SRC_MAC "SRC_MAC"
#define MATCH_DST_MAC "DST_MAC"
#define MATCH_OUTER_VLAN_PRI "VLAN_PCP"
#define MATCH_OUTER_VLAN_CFI "VLAN_DEI"

#define BIND_POINT_TYPE_PORT "PORT"
#define BIND_POINT_TYPE_PORTCHANNEL "PORTCHANNEL"
Expand Down
1 change: 1 addition & 0 deletions orchagent/acltable.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,7 @@ extern "C" {
#define TABLE_TYPE_MCLAG "MCLAG"
#define TABLE_TYPE_MUX "MUX"
#define TABLE_TYPE_DROP "DROP"
#define TABLE_TYPE_L2 "L2"

typedef enum
{
Expand Down