Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[202211] [cherry-pick] Add status for ACL_TABLE and ACL_RULE in STATE_DB #2749

Merged
merged 1 commit into from
Mar 24, 2023
Merged

[202211] [cherry-pick] Add status for ACL_TABLE and ACL_RULE in STATE_DB #2749

merged 1 commit into from
Mar 24, 2023

Conversation

bingwang-ms
Copy link
Contributor

What I did

This PR is to backport changes in PR #2667 into 202211 branch.
HLD sonic-net/SONiC#1261
This PR is to enhance show acl table and show acl rule commands.
Currently, show acl table and show acl rule commands read ACL table/rule configuration from CONFIG_DB directly. We don't know whether the ACL table or rule is created successfully.
We improved swss to write the status of ACL table/rule into a STATE_DB table. In this PR, the show command is enhanced to read the status from STATE_DB table.

How I did it

  1. Introduce two tables in STATE_DB
  2. orchgent writes the status to STATE_DB
  3. show commands read the status from STATE_DB.

How to verify it

Verified by copying the new script to a testbed, and check the output.

Previous command output (if the output of a command-line utility has changed)

$ show acl table DATAACL
Name     Type    Binding      Description    Stage     
-------  ------  -----------  -------------  -------   
DATAACL  L3      Ethernet0    DATAACL        ingress   
                 Ethernet4
                 Ethernet8
                 Ethernet12

show acl rule
Table    Rule          Priority    Action    Match               
-------  ------------  ----------  --------  ------------------- 
DATAACL  RULE_1        9999        DROP      DST_IP: 9.5.9.3/32  
                                             ETHER_TYPE: 2048
DATAACL  RULE_2        9998        FORWARD   DST_IP: 10.2.1.2/32 
                                             ETHER_TYPE: 2048
                                             IP_PROTOCOL: 6
                                             L4_DST_PORT: 22

New command output (if the output of a command-line utility has changed)

$ show acl table DATAACL
Name     Type    Binding      Description    Stage      Status
-------  ------  -----------  -------------  -------    -------
DATAACL  L3      Ethernet0    DATAACL        ingress    Active
                 Ethernet4
                 Ethernet8
                 Ethernet12

show acl rule
Table    Rule          Priority    Action    Match                Status
-------  ------------  ----------  --------  -------------------  --------
DATAACL  RULE_1        9999        DROP      DST_IP: 9.5.9.3/32   Active
                                             ETHER_TYPE: 2048
DATAACL  RULE_2        9998        FORWARD   DST_IP: 10.2.1.2/32  Active
                                             ETHER_TYPE: 2048
                                             IP_PROTOCOL: 6
                                             L4_DST_PORT: 22

StormLiangMS
StormLiangMS approved these changes Mar 24, 2023
View reviewed changes
Copy link
Contributor

@StormLiangMS StormLiangMS left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@StormLiangMS StormLiangMS merged commit 721e26f into sonic-net:202211 Mar 24, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@StormLiangMS StormLiangMS StormLiangMS approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@bingwang-ms @StormLiangMS