Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[acl-loader] Add support for matching on ICMP and VLAN info #1469

Merged
merged 7 commits into from
Mar 3, 2021
Merged

[acl-loader] Add support for matching on ICMP and VLAN info #1469

merged 7 commits into from
Mar 3, 2021

Conversation

daall
Copy link
Contributor

@daall daall commented Feb 28, 2021

  • Add ICMP and VLAN fields
  • Add new unit test cases

Signed-off-by: Danny Allen daall@microsoft.com

What I did

I added support for loading rules that match on VLAN ID and ICMP type/code in acl-loader.

How I did it

These fields were added to the model in sonic-net/sonic-buildimage#6896. This PR extracts those fields so that users can use them in their rules.

How to verify it

Updated unit tests. Can also verify locally that existing acl.json files can still be loaded, and those using the new fields add the correct output to config DB.

Previous command output (if the output of a command-line utility has changed)

New command output (if the output of a command-line utility has changed)

@daall
[acl-loader] Add support for matching on ICMP and VLAN info
fbbfa11 
- Add ICMP and VLAN fields
- Add new unit test cases

Signed-off-by: Danny Allen <daall@microsoft.com>
@daall daall requested review from lguohan and qiluo-msft February 28, 2021 23:12
@daall
Copy link
Contributor Author

daall commented Feb 28, 2021
edited
Loading

depends on https://sonic-jenkins.westus2.cloudapp.azure.com/job/vs/job/buildimage-vs-all/596/console and https://dev.azure.com/mssonic/build/_build/results?buildId=5495&view=results

qiluo-msft
qiluo-msft reviewed Feb 28, 2021
View reviewed changes
qiluo-msft
qiluo-msft reviewed Feb 28, 2021
View reviewed changes
qiluo-msft
qiluo-msft reviewed Feb 28, 2021
View reviewed changes
qiluo-msft
qiluo-msft reviewed Feb 28, 2021
View reviewed changes
qiluo-msft
qiluo-msft reviewed Feb 28, 2021
View reviewed changes
@daall daall mentioned this pull request Mar 1, 2021
Merged
4 tasks
qiluo-msft
qiluo-msft previously approved these changes Mar 1, 2021
View reviewed changes
@daall daall mentioned this pull request Mar 2, 2021
Merged
4 tasks
@daall
Copy link
Contributor Author

daall commented Mar 3, 2021

retest this please

qiluo-msft
qiluo-msft reviewed Mar 3, 2021
View reviewed changes
acl_loader/main.py Outdated
type_key = "ICMPV6_TYPE" if is_table_v6 else "ICMP_TYPE"
code_key = "ICMPV6_CODE" if is_table_v6 else "ICMP_CODE"

if rule.icmp.config.type or rule.icmp.config.type == 0:
Copy link
Contributor

@qiluo-msft qiluo-msft Mar 3, 2021
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

rule.icmp.config.type [](start = 11, length = 21)

Is it possible that rule.icmp.config.type == "null"?
Do you have a test case to make sure "null" is handled correctly?

Copy link
Contributor Author

@daall daall Mar 3, 2021
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

"null" is a string so it will give an error when we try to cast it (which we do check). The user shouldn't ever be passing null explicitly, we just have the value defined in the yang model so that the user is able to pass 0 as a valid ICMP type/code.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Understood. To make code more readable, you may check rule.icmp.config.type == "null" first, if not equal, rule.icmp.config.type must be an integer, no need to cast.

In reply to: 586069013 [](ancestors = 586069013)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

OK, that sounds good to me.

qiluo-msft
qiluo-msft reviewed Mar 3, 2021
View reviewed changes
qiluo-msft
qiluo-msft reviewed Mar 3, 2021
View reviewed changes
@daall
Copy link
Contributor Author

daall commented Mar 3, 2021

/azp run

@azure-pipelines
Copy link

Azure Pipelines successfully started running 1 pipeline(s).

@daall daall merged commit 38c8e00 into sonic-net:master Mar 3, 2021
@daall daall deleted the acl_loader_new_fields branch March 3, 2021 21:14
@daall daall mentioned this pull request Mar 3, 2021
Merged
yxieca pushed a commit that referenced this pull request Mar 4, 2021
@daall @yxieca
[acl-loader] Add support for matching on ICMP and VLAN info (#1469)
a1df1b4 
- Add ICMP and VLAN fields
- Add new unit test cases

Signed-off-by: Danny Allen <daall@microsoft.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@qiluo-msft qiluo-msft qiluo-msft approved these changes

@lguohan lguohan Awaiting requested review from lguohan

Assignees
No one assigned
Labels
acl-loader/aclshow Enhancement Included in 202012 Branch Request for 202012 Branch
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@daall @qiluo-msft @yxieca