Skip to content

Commit

Permalink
[aclorch] Do not fail ACL rule remove flow if rule already deleted (s…
Browse files Browse the repository at this point in the history
…onic-net#2183)

- What I did
Do not fail ACL rule remove flow if rule already deleted.

- Why I did it
When ACL table that contains rules is being deleted, its rules are being deleted automatically.
In the case when ACL rule handler is called for a rule that was already deleted, handler should do nothing and pass.

- How I verified it
config acl add table -p Ethernet72 -s ingress DATAACL L3
config acl update full /tmp/56521_acl_file.json
config acl add table -p Ethernet72 -s egress DATAACL L3
config acl update full 56521_acl_file.json
docker exec -it syncd sx_api_flex_acl_dump.py => verify ACL rules exist in "ACL Rules" table.

Co-authored-by: liora <liora@nvidia.com>
  • Loading branch information
liorghub and liorghub authored Mar 22, 2022
1 parent bea0b70 commit d80094b
Show file tree
Hide file tree
Showing 2 changed files with 27 additions and 1 deletion.
4 changes: 3 additions & 1 deletion orchagent/aclorch.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -3617,7 +3617,9 @@ bool AclOrch::removeAclRule(string table_id, string rule_id)
auto rule = getAclRule(table_id, rule_id);
if (!rule)
{
return false;
SWSS_LOG_NOTICE("ACL rule [%s] in table [%s] already deleted",
rule_id.c_str(), table_id.c_str());
return true;
}

if (rule->hasCounter())
Expand Down
24 changes: 24 additions & 0 deletions tests/mock_tests/aclorch_ut.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -1719,4 +1719,28 @@ namespace aclorch_test
ASSERT_TRUE(orch->m_aclOrch->removeAclRule(rule->getTableId(), rule->getId()));
}

TEST_F(AclOrchTest, deleteNonExistingRule)
{
string tableId = "acl_table";
string ruleId = "acl_rule";

auto orch = createAclOrch();

// add acl table
auto kvfAclTable = deque<KeyOpFieldsValuesTuple>({{
tableId,
SET_COMMAND,
{
{ ACL_TABLE_DESCRIPTION, "L3 table" },
{ ACL_TABLE_TYPE, TABLE_TYPE_L3 },
{ ACL_TABLE_STAGE, STAGE_INGRESS },
{ ACL_TABLE_PORTS, "1,2" }
}
}});

orch->doAclTableTask(kvfAclTable);

// try to delete non existing acl rule
ASSERT_TRUE(orch->m_aclOrch->removeAclRule(tableId, ruleId));
}
} // namespace nsAclOrchTest

0 comments on commit d80094b

Please sign in to comment.