Skip to content

Commit

Permalink
[acl]: Add support of ACL table bind to LAG and VLAN. (sonic-net#349)
Browse files Browse the repository at this point in the history
  • Loading branch information
@oleksandrivantsiv @lguohan
oleksandrivantsiv authored and lguohan committed Dec 19, 2017
1 parent 78a4866 commit 1a7e1cd
Show file tree
Hide file tree
Showing 2 changed files with 132 additions and 19 deletions.
60 changes: 51 additions & 9 deletions orchagent/aclorch.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -878,10 +878,39 @@ bool AclTable::create()
SAI_ACL_RANGE_TYPE_L4_SRC_PORT_RANGE
};

attr.id = SAI_ACL_TABLE_ATTR_ACL_BIND_POINT_TYPE_LIST;
set<sai_acl_bind_point_type_t> binds;
for (const auto& portid_pair : ports)
{
Port port;
if (!gPortsOrch->getPort(portid_pair.first, port))
{
continue;
}

switch (port.m_type)
{
case Port::PHY:
binds.insert(SAI_ACL_BIND_POINT_TYPE_PORT);
break;
case Port::VLAN:
binds.insert(SAI_ACL_BIND_POINT_TYPE_VLAN);
break;
case Port::LAG:
binds.insert(SAI_ACL_BIND_POINT_TYPE_LAG);
break;
default:
return SAI_STATUS_FAILURE;
}
}

vector<int32_t> bpoint_list;
bpoint_list.push_back(SAI_ACL_BIND_POINT_TYPE_PORT);
attr.value.s32list.count = 1;
for (auto bind : binds)
{
bpoint_list.push_back(bind);
}

attr.id = SAI_ACL_TABLE_ATTR_ACL_BIND_POINT_TYPE_LIST;
attr.value.s32list.count = static_cast<uint32_t>(bpoint_list.size());
attr.value.s32list.list = bpoint_list.data();
table_attrs.push_back(attr);

Expand Down Expand Up @@ -1608,13 +1637,26 @@ bool AclOrch::processPorts(string portsList, std::function<void (sai_object_id_t
return false;
}

if (port.m_type != Port::PHY)
switch (port.m_type)
{
SWSS_LOG_ERROR("Failed to process port. Incorrect port %s type %d", alias.c_str(), port.m_type);
return false;
}

inserter(port.m_port_id);
case Port::PHY:
if (port.m_lag_member_id != SAI_NULL_OBJECT_ID)
{
SWSS_LOG_ERROR("Failed to process port. Bind table to LAG member %s is not allowed", alias.c_str());
return false;
}
inserter(port.m_port_id);
break;
case Port::LAG:
inserter(port.m_lag_id);
break;
case Port::VLAN:
inserter(port.m_vlan_info.vlan_oid);
break;
default:
SWSS_LOG_ERROR("Failed to process port. Incorrect port %s type %d", alias.c_str(), port.m_type);
return false;
}
}

return true;
Expand Down
91 changes: 81 additions & 10 deletions orchagent/portsorch.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -309,6 +309,13 @@ bool PortsOrch::getPort(sai_object_id_t id, Port &port)
return true;
}
break;
case Port::VLAN:
if (portIter.second.m_vlan_info.vlan_oid == id)
{
port = portIter.second;
return true;
}
break;
default:
continue;
}
Expand Down Expand Up @@ -435,7 +442,30 @@ bool PortsOrch::bindAclTable(sai_object_id_t id, sai_object_id_t table_oid, sai_
{
bool ingress = acl_stage == ACL_STAGE_INGRESS ? true : false;
// If port ACL table group does not exist, create one
sai_object_id_t bp_list[] = { SAI_ACL_BIND_POINT_TYPE_PORT };

Port p;
if (!getPort(id, p))
{
return false;
}

sai_acl_bind_point_type_t bind_type;
switch (p.m_type) {
case Port::PHY:
bind_type = SAI_ACL_BIND_POINT_TYPE_PORT;
break;
case Port::LAG:
bind_type = SAI_ACL_BIND_POINT_TYPE_LAG;
break;
case Port::VLAN:
bind_type = SAI_ACL_BIND_POINT_TYPE_VLAN;
break;
default:
SWSS_LOG_ERROR("Failed to bind ACL table to port %s with unknown type %d", p.m_alias.c_str(), p.m_type);
return false;
}

sai_object_id_t bp_list[] = { bind_type };

vector<sai_attribute_t> group_attrs;
sai_attribute_t group_attr;
Expand Down Expand Up @@ -469,17 +499,58 @@ bool PortsOrch::bindAclTable(sai_object_id_t id, sai_object_id_t table_oid, sai_
port.m_egress_acl_table_group_id = groupOid;
}

// Bind this ACL group to port OID
sai_attribute_t port_attr;
port_attr.id = ingress ? SAI_PORT_ATTR_INGRESS_ACL : SAI_PORT_ATTR_EGRESS_ACL;
port_attr.value.oid = groupOid;
switch (port.m_type)
{
case Port::PHY:
{
// Bind this ACL group to physical port
sai_attribute_t port_attr;
port_attr.id = ingress ? SAI_PORT_ATTR_INGRESS_ACL : SAI_PORT_ATTR_EGRESS_ACL;
port_attr.value.oid = groupOid;

status = sai_port_api->set_port_attribute(port.m_port_id, &port_attr);
if (status != SAI_STATUS_SUCCESS)
status = sai_port_api->set_port_attribute(port.m_port_id, &port_attr);
if (status != SAI_STATUS_SUCCESS)
{
SWSS_LOG_ERROR("Failed to bind port %s to ACL table group %lx, rv:%d",
port.m_alias.c_str(), groupOid, status);
return status;
}
break;
}
case Port::LAG:
{
SWSS_LOG_ERROR("Failed to bind port %lx(%s) to ACL table group %lx, rv:%d",
port.m_port_id, port.m_alias.c_str(), groupOid, status);
return false;
// Bind this ACL group to LAG
sai_attribute_t lag_attr;
lag_attr.id = ingress ? SAI_LAG_ATTR_INGRESS_ACL : SAI_LAG_ATTR_EGRESS_ACL;
lag_attr.value.oid = groupOid;

status = sai_lag_api->set_lag_attribute(port.m_lag_id, &lag_attr);
if (status != SAI_STATUS_SUCCESS)
{
SWSS_LOG_ERROR("Failed to bind LAG %s to ACL table group %lx, rv:%d",
port.m_alias.c_str(), groupOid, status);
return status;
}
break;
}
case Port::VLAN:
// Bind this ACL group to VLAN
sai_attribute_t vlan_attr;
vlan_attr.id = ingress ? SAI_VLAN_ATTR_INGRESS_ACL : SAI_VLAN_ATTR_EGRESS_ACL;
vlan_attr.value.oid = groupOid;

status = sai_vlan_api->set_vlan_attribute(port.m_vlan_info.vlan_oid, &vlan_attr);
if (status != SAI_STATUS_SUCCESS)
{
SWSS_LOG_ERROR("Failed to bind VLAN %s to ACL table group %lx, rv:%d",
port.m_alias.c_str(), groupOid, status);
return status;
}

break;
default:
SWSS_LOG_ERROR("Failed to bind %s port with type %d", port.m_alias.c_str(), port.m_type);
return SAI_STATUS_FAILURE;
}

SWSS_LOG_NOTICE("Create ACL table group and bind port %s to it", port.m_alias.c_str());
Expand Down

0 comments on commit 1a7e1cd

Please sign in to comment.