From ddb84fb089802ff89369f57569a70794e7cd3d99 Mon Sep 17 00:00:00 2001 From: Danny Allen Date: Mon, 3 Feb 2020 18:22:18 -0800 Subject: [PATCH] [aclorch] Enable IN_PORTS ACL qualifier on MIRROR tables (#1176) Signed-off-by: Danny Allen --- orchagent/aclorch.cpp | 6 +++ tests/test_mirror_ipv6_combined.py | 73 ++++++++++++++++++++++++++++++ tests/test_mirror_ipv6_separate.py | 68 ++++++++++++++++++++++++++++ 3 files changed, 147 insertions(+) diff --git a/orchagent/aclorch.cpp b/orchagent/aclorch.cpp index 9c7845bc13b9..005c42db4ad0 100644 --- a/orchagent/aclorch.cpp +++ b/orchagent/aclorch.cpp @@ -1379,6 +1379,8 @@ bool AclTable::create() * |------------------------------------------------------------------| * | MARTCH_ETHERTYPE | √ | √ | | * |------------------------------------------------------------------| + * | MATCH_IN_PORTS | √ | √ | | + * |------------------------------------------------------------------| */ if (type == ACL_TABLE_MIRROR) @@ -1399,6 +1401,10 @@ bool AclTable::create() attr.value.booldata = true; table_attrs.push_back(attr); + attr.id = SAI_ACL_TABLE_ATTR_FIELD_IN_PORTS; + attr.value.booldata = true; + table_attrs.push_back(attr); + // If the switch supports v6 and requires one single table if (m_pAclOrch->m_mirrorTableCapabilities[ACL_TABLE_MIRRORV6] && m_pAclOrch->m_isCombinedMirrorV6Table) diff --git a/tests/test_mirror_ipv6_combined.py b/tests/test_mirror_ipv6_combined.py index 90602069b77b..ffd669a953fc 100644 --- a/tests/test_mirror_ipv6_combined.py +++ b/tests/test_mirror_ipv6_combined.py @@ -141,6 +141,79 @@ def remove_mirror_acl_rule(self, table, rule): tbl._del(table + "|" + rule) time.sleep(1) + def test_CombinedMirrorTableCreation(self, dvs, testlog): + self.setup_db(dvs) + + acl_table = "MIRROR_TABLE" + ports = ["Ethernet0", "Ethernet4"] + + # Create the table + self.create_acl_table(acl_table, ports, "MIRROR") + + # Check that the table has been created + tbl = swsscommon.Table(self.adb, "ASIC_STATE:SAI_OBJECT_TYPE_ACL_TABLE") + table_entries = [k for k in tbl.getKeys() if k not in dvs.asicdb.default_acl_tables] + assert len(table_entries) == 1 + + # Get the data from the table + table_id = table_entries[0] + status, attributes = tbl.get(table_id) + assert status + + # TODO: Refactor mirror table tests so that these attributes can be shared between tests for v4, v6, and + # dscp mirror tables. + expected_sai_attributes = [ + "SAI_ACL_TABLE_ATTR_FIELD_ACL_IP_TYPE", + "SAI_ACL_TABLE_ATTR_FIELD_IP_PROTOCOL", + "SAI_ACL_TABLE_ATTR_FIELD_SRC_IP", + "SAI_ACL_TABLE_ATTR_FIELD_DST_IP", + "SAI_ACL_TABLE_ATTR_FIELD_ICMP_TYPE", + "SAI_ACL_TABLE_ATTR_FIELD_ICMP_CODE", + "SAI_ACL_TABLE_ATTR_FIELD_L4_SRC_PORT", + "SAI_ACL_TABLE_ATTR_FIELD_L4_DST_PORT", + "SAI_ACL_TABLE_ATTR_FIELD_TCP_FLAGS", + "SAI_ACL_TABLE_ATTR_FIELD_DSCP", + "SAI_ACL_TABLE_ATTR_FIELD_ETHER_TYPE", + "SAI_ACL_TABLE_ATTR_FIELD_IN_PORTS", + "SAI_ACL_TABLE_ATTR_FIELD_SRC_IPV6", + "SAI_ACL_TABLE_ATTR_FIELD_DST_IPV6", + "SAI_ACL_TABLE_ATTR_FIELD_ICMPV6_TYPE", + "SAI_ACL_TABLE_ATTR_FIELD_ICMPV6_CODE", + ] + + expected_sai_list_attributes = [ + "SAI_ACL_TABLE_ATTR_FIELD_ACL_RANGE_TYPE", + "SAI_ACL_TABLE_ATTR_ACL_BIND_POINT_TYPE_LIST" + ] + + # Check that all of the V6 table attributes have been populated + assert(len(attributes) == (len(expected_sai_attributes) + len(expected_sai_list_attributes) + 1)) + for attribute in attributes: + key = attribute[0] + value = attribute[1] + + if key in expected_sai_attributes: + assert value == "true" + elif key in expected_sai_list_attributes: + count = int(value[0:1]) + list_attrs = value[2:].split(',') + if key == "SAI_ACL_TABLE_ATTR_FIELD_ACL_RANGE_TYPE": + assert set(list_attrs) == set(["SAI_ACL_RANGE_TYPE_L4_DST_PORT_RANGE", "SAI_ACL_RANGE_TYPE_L4_SRC_PORT_RANGE"]) + elif key == "SAI_ACL_TABLE_ATTR_ACL_BIND_POINT_TYPE_LIST": + assert set(list_attrs) == set(["SAI_ACL_BIND_POINT_TYPE_PORT", "SAI_ACL_BIND_POINT_TYPE_LAG"]) + else: + print("Encountered unexpected range attribute on mirror table: {}".format(key)) + assert False + elif key == "SAI_ACL_TABLE_ATTR_ACL_STAGE": + assert value == "SAI_ACL_STAGE_INGRESS" + else: + print("Encountered unexpected attribute on mirror table: {}".format(key)) + assert False + + # Delete the table + self.remove_acl_table(acl_table) + + # Test case - create a MIRROR table and a MIRRORV6 table in combined mode # 0. predefine the VS capability: combined # 1. create a mirror session diff --git a/tests/test_mirror_ipv6_separate.py b/tests/test_mirror_ipv6_separate.py index 5fdd4211c2fa..2e626b0ca4f2 100644 --- a/tests/test_mirror_ipv6_separate.py +++ b/tests/test_mirror_ipv6_separate.py @@ -135,6 +135,74 @@ def remove_mirror_acl_rule(self, table, rule): tbl._del(table + "|" + rule) time.sleep(1) + def test_MirrorTableCreation(self, dvs, testlog): + self.setup_db(dvs) + + acl_table = "MIRROR_TABLE" + ports = ["Ethernet0", "Ethernet4"] + + # Create the table + self.create_acl_table(acl_table, ports, "MIRROR") + + # Check that the table has been created + tbl = swsscommon.Table(self.adb, "ASIC_STATE:SAI_OBJECT_TYPE_ACL_TABLE") + table_entries = [k for k in tbl.getKeys() if k not in dvs.asicdb.default_acl_tables] + assert len(table_entries) == 1 + + # Get the data from the table + table_id = table_entries[0] + status, attributes = tbl.get(table_id) + assert status + + # TODO: Refactor mirror table tests so that these attributes can be shared between tests for v4, v6, and + # dscp mirror tables. + expected_sai_attributes = [ + "SAI_ACL_TABLE_ATTR_FIELD_ACL_IP_TYPE", + "SAI_ACL_TABLE_ATTR_FIELD_IP_PROTOCOL", + "SAI_ACL_TABLE_ATTR_FIELD_SRC_IP", + "SAI_ACL_TABLE_ATTR_FIELD_DST_IP", + "SAI_ACL_TABLE_ATTR_FIELD_ICMP_TYPE", + "SAI_ACL_TABLE_ATTR_FIELD_ICMP_CODE", + "SAI_ACL_TABLE_ATTR_FIELD_L4_SRC_PORT", + "SAI_ACL_TABLE_ATTR_FIELD_L4_DST_PORT", + "SAI_ACL_TABLE_ATTR_FIELD_TCP_FLAGS", + "SAI_ACL_TABLE_ATTR_FIELD_DSCP", + "SAI_ACL_TABLE_ATTR_FIELD_ETHER_TYPE", + "SAI_ACL_TABLE_ATTR_FIELD_IN_PORTS", + ] + + expected_sai_list_attributes = [ + "SAI_ACL_TABLE_ATTR_FIELD_ACL_RANGE_TYPE", + "SAI_ACL_TABLE_ATTR_ACL_BIND_POINT_TYPE_LIST" + ] + + # Check that all of the V6 table attributes have been populated + assert(len(attributes) == (len(expected_sai_attributes) + len(expected_sai_list_attributes) + 1)) + for attribute in attributes: + key = attribute[0] + value = attribute[1] + + if key in expected_sai_attributes: + assert value == "true" + elif key in expected_sai_list_attributes: + count = int(value[0:1]) + list_attrs = value[2:].split(',') + if key == "SAI_ACL_TABLE_ATTR_FIELD_ACL_RANGE_TYPE": + assert set(list_attrs) == set(["SAI_ACL_RANGE_TYPE_L4_DST_PORT_RANGE", "SAI_ACL_RANGE_TYPE_L4_SRC_PORT_RANGE"]) + elif key == "SAI_ACL_TABLE_ATTR_ACL_BIND_POINT_TYPE_LIST": + assert set(list_attrs) == set(["SAI_ACL_BIND_POINT_TYPE_PORT", "SAI_ACL_BIND_POINT_TYPE_LAG"]) + else: + print("Encountered unexpected range attribute on mirror table: {}".format(key)) + assert False + elif key == "SAI_ACL_TABLE_ATTR_ACL_STAGE": + assert value == "SAI_ACL_STAGE_INGRESS" + else: + print("Encountered unexpected attribute on mirror table: {}".format(key)) + assert False + + # Delete the table + self.remove_acl_table(acl_table) + def test_MirrorV6TableCreation(self, dvs, testlog): self.setup_db(dvs)