Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[config/acl] Support everflow config translation #468

Merged
merged 5 commits into from
Apr 7, 2017
Merged

[config/acl] Support everflow config translation #468

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
d4aa596
[config/acl] Support everflow config translation
taoyl-ms Apr 1, 2017
a3ae2ba
Add more error message for test
taoyl-ms Apr 3, 2017
87a9d36
Merge branch 'master' into taoyl/mirror-cfg
taoyl-ms Apr 4, 2017
7b20462
Set up test enviroment to fix test fail
taoyl-ms Apr 5, 2017
6f8ace4
Resolve CR comments
taoyl-ms Apr 6, 2017
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions sonic-slave/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -91,6 +91,7 @@ RUN apt-get update && apt-get install -y docutils-common libjs-sphinxdoc libjs-u

# For sonic config engine testing
RUN apt-get install -y python-lxml python-jinja2 python-netaddr python-ipaddr python-yaml
RUN pip install pyangbind

# For templating
RUN pip install j2cli
Expand Down
2 changes: 1 addition & 1 deletion src/sonic-config-engine/MANIFEST.in
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1 +1 @@
recursive-include tests *.j2 *.yml *.xml
recursive-include tests *.j2 *.yml *.xml *.json
11 changes: 8 additions & 3 deletions src/sonic-config-engine/minigraph.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -218,9 +218,10 @@ def parse_dpg(dpg, hname):
aclintfs = child.find(str(QName(ns, "AclInterfaces")))
acls = {}
for aclintf in aclintfs.findall(str(QName(ns, "AclInterface"))):
aclname = aclintf.find(str(QName(ns, "InAcl"))).text
aclname = aclintf.find(str(QName(ns, "InAcl"))).text.lower().replace(" ", "_").replace("-", "_")
Copy link
Collaborator

@lguohan lguohan Apr 6, 2017
edited by taoyl-ms
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

what's the reason to change the aclname? #ByDesign

Copy link
Contributor Author

@taoyl-ms taoyl-ms Apr 6, 2017
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

To keep consistency with the name in acl.json #Closed

aclattach = aclintf.find(str(QName(ns, "AttachTo"))).text.split(';')
acl_intfs = []
is_mirror = False
for member in aclattach:
member = member.strip()
if pcs.has_key(member):
Expand All @@ -229,9 +230,13 @@ def parse_dpg(dpg, hname):
print >> sys.stderr, "Warning: ACL " + aclname + " is attached to a Vlan interface, which is currently not supported"
elif port_alias_map.has_key(member):
acl_intfs.append(port_alias_map[member])
elif member.lower() == 'erspan':
Copy link
Collaborator

@lguohan lguohan Apr 6, 2017
edited by taoyl-ms
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

add comment here? If it is erspan, then attach the acl to all front panel ports. #Resolved

is_mirror = True;
# Erspan session will be attached to all front panel ports
acl_intfs = port_alias_map.values()
break;
if acl_intfs:
acls[aclname] = acl_intfs

acls[aclname] = { 'AttachTo': acl_intfs, 'IsMirror': is_mirror }
return intfs, lo_intfs, mgmt_intf, vlans, pcs, acls
return None, None, None, None, None, None, None, None

Expand Down
29 changes: 29 additions & 0 deletions src/sonic-config-engine/tests/sample_output/rules_for_dataacl.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
[
{
"ACL_RULE_TABLE:dataacl:Rule_1":{
"IP_PROTOCOL":17,
"PACKET_ACTION":"FORWARD",
"SRC_IP":"10.0.0.0/8",
"priority":9999
},
"OP":"SET"
},
{
"ACL_RULE_TABLE:dataacl:Rule_3":{
"IP_PROTOCOL":17,
"PACKET_ACTION":"FORWARD",
"SRC_IP":"25.0.0.0/8",
"priority":9997
},
"OP":"SET"
},
{
"ACL_RULE_TABLE:dataacl:Rule_2":{
"IP_PROTOCOL":17,
"PACKET_ACTION":"FORWARD",
"SRC_IP":"100.64.0.0/10",
"priority":9998
},
"OP":"SET"
}
]
14 changes: 14 additions & 0 deletions src/sonic-config-engine/tests/sample_output/rules_for_everflow.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
[
{
"ACL_RULE_TABLE:everflow:Rule_1":{
"DST_IP":"127.0.0.1/32",
"IP_PROTOCOL":6,
"L4_DST_PORT":0,
"L4_SRC_PORT":0,
"MIRROR_ACTION":"everflow",
"SRC_IP":"127.0.0.1/32",
"priority":9999
},
"OP":"SET"
}
]
10 changes: 10 additions & 0 deletions src/sonic-config-engine/tests/sample_output/table_dataacl.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
[
{
"ACL_TABLE:dataacl":{
"policy_desc":"dataacl",
"ports":"Ethernet112,Ethernet116,Ethernet120,Ethernet124",
"type":"L3"
},
"OP":"SET"
}
]
10 changes: 10 additions & 0 deletions src/sonic-config-engine/tests/sample_output/table_everflow.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
[
{
"ACL_TABLE:everflow":{
"policy_desc":"everflow",
"ports":"Ethernet24,Ethernet40,Ethernet20,Ethernet44,Ethernet48,Ethernet28,Ethernet96,Ethernet92,Ethernet76,Ethernet116,Ethernet72,Ethernet112,Ethernet52,Ethernet108,Ethernet56,Ethernet32,Ethernet16,Ethernet36,Ethernet12,Ethernet120,Ethernet8,Ethernet4,Ethernet0,Ethernet124,Ethernet68,Ethernet84,Ethernet100,Ethernet80,Ethernet60,Ethernet104,Ethernet64,Ethernet88",
"type":"mirror"
},
"OP":"SET"
}
]
97 changes: 97 additions & 0 deletions src/sonic-config-engine/tests/t0-sample-acl.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,97 @@
{
"acl": {
"acl-sets": {
"acl-set": {
"dataacl": {
"acl-entries": {
"acl-entry": {
"1": {
"actions": {
"config": {
"forwarding-action": "ACCEPT"
}
},
"config": {
"sequence-id": 1
},
"ip": {
"config": {
"protocol": "IP_UDP",
"source-ip-address": "10.0.0.0/8"
}
}
},
"2": {
"actions": {
"config": {
"forwarding-action": "ACCEPT"
}
},
"config": {
"sequence-id": 2
},
"ip": {
"config": {
"protocol": "IP_UDP",
"source-ip-address": "100.64.0.0/10"
}
}
},
"3": {
"actions": {
"config": {
"forwarding-action": "ACCEPT"
}
},
"config": {
"sequence-id": 3
},
"ip": {
"config": {
"protocol": "IP_UDP",
"source-ip-address": "25.0.0.0/8"
}
}
}
}
},
"config": {
"name": "dataacl"
}
},
"everflow": {
"acl-entries": {
"acl-entry": {
"1": {
"actions": {
"config": {
"forwarding-action": "ACCEPT"
}
},
"config": {
"sequence-id": 1
},
"ip": {
"config": {
"destination-ip-address": "127.0.0.1/32",
"protocol": "IP_TCP",
"source-ip-address": "127.0.0.1/32"
}
},
"transport": {
"config": {
"destination-port": "0",
"source-port": "0"
}
}
}
}
},
"config": {
"name": "everflow"
}
}
}
}
}
}
Loading