Skip to content

Commit

Permalink
[aclorch]: Add ICMP type/code match for v4/v6 (sonic-net#868)
Browse files Browse the repository at this point in the history 
Support the following matches:
SAI_ACL_TABLE_ATTR_FIELD_ICMP_TYPE
SAI_ACL_TABLE_ATTR_FIELD_ICMP_CODE
SAI_ACL_TABLE_ATTR_FIELD_ICMPV6_TYPE
SAI_ACL_TABLE_ATTR_FIELD_ICMPV6_CODE

Signed-off-by: Shu0T1an ChenG <[email protected]>
  • Loading branch information
Shuotian Cheng authored May 8, 2019
1 parent a62aa83 commit f889f80
Show file tree
Hide file tree
Showing 3 changed files with 246 additions and 49 deletions.
133 changes: 102 additions & 31 deletions orchagent/aclorch.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,10 @@ acl_rule_attr_lookup_t aclMatchLookup =
{ MATCH_IP_TYPE, SAI_ACL_ENTRY_ATTR_FIELD_ACL_IP_TYPE },
{ MATCH_DSCP, SAI_ACL_ENTRY_ATTR_FIELD_DSCP },
{ MATCH_TC, SAI_ACL_ENTRY_ATTR_FIELD_TC },
{ MATCH_ICMP_TYPE, SAI_ACL_ENTRY_ATTR_FIELD_ICMP_TYPE },
{ MATCH_ICMP_CODE, SAI_ACL_ENTRY_ATTR_FIELD_ICMP_CODE },
{ MATCH_ICMPV6_TYPE, SAI_ACL_ENTRY_ATTR_FIELD_ICMPV6_TYPE },
{ MATCH_ICMPV6_CODE, SAI_ACL_ENTRY_ATTR_FIELD_ICMPV6_CODE },
{ MATCH_L4_SRC_PORT_RANGE, (sai_acl_entry_attr_t)SAI_ACL_RANGE_TYPE_L4_SRC_PORT_RANGE },
{ MATCH_L4_DST_PORT_RANGE, (sai_acl_entry_attr_t)SAI_ACL_RANGE_TYPE_L4_DST_PORT_RANGE },
{ MATCH_TUNNEL_VNI, SAI_ACL_ENTRY_ATTR_FIELD_TUNNEL_VNI },
Expand Down Expand Up @@ -334,6 +338,12 @@ bool AclRule::validateAddMatch(string attr_name, string attr_value)
value.aclfield.data.u8 = to_uint<uint8_t>(attr_value);
value.aclfield.mask.u8 = 0xFF;
}
else if (attr_name == MATCH_ICMP_TYPE || attr_name == MATCH_ICMP_CODE ||
attr_name == MATCH_ICMPV6_TYPE || attr_name == MATCH_ICMPV6_CODE)
{
value.aclfield.data.u8 = to_uint<uint8_t>(attr_value);
value.aclfield.mask.u8 = 0xFF;
}
else if (attr_name == MATCH_TUNNEL_VNI)
{
value.aclfield.data.u32 = to_uint<uint32_t>(attr_value);
Expand Down Expand Up @@ -850,12 +860,19 @@ bool AclRuleL3::validateAddMatch(string attr_name, string attr_value)
{
if (attr_name == MATCH_DSCP)
{
SWSS_LOG_ERROR("DSCP match is not supported for the tables of type L3");
SWSS_LOG_ERROR("DSCP match is not supported for table type L3");
return false;
}

if (attr_name == MATCH_SRC_IPV6 || attr_name == MATCH_DST_IPV6)
{
SWSS_LOG_ERROR("IPv6 address match is not supported for the tables of type L3");
SWSS_LOG_ERROR("IPv6 address match is not supported for table type L3");
return false;
}

if (attr_name == MATCH_ICMPV6_TYPE || attr_name == MATCH_ICMPV6_CODE)
{
SWSS_LOG_ERROR("ICMPv6 match is not supported for table type L3");
return false;
}

Expand Down Expand Up @@ -906,12 +923,19 @@ bool AclRuleL3V6::validateAddMatch(string attr_name, string attr_value)
{
if (attr_name == MATCH_DSCP)
{
SWSS_LOG_ERROR("DSCP match is not supported for the tables of type L3V6");
SWSS_LOG_ERROR("DSCP match is not supported for table type L3V6");
return false;
}

if (attr_name == MATCH_SRC_IP || attr_name == MATCH_DST_IP)
{
SWSS_LOG_ERROR("IPv4 address match is not supported for the tables of type L3V6");
SWSS_LOG_ERROR("IPv4 address match is not supported for table type L3V6");
return false;
}

if (attr_name == MATCH_ICMP_TYPE || attr_name == MATCH_ICMP_CODE)
{
SWSS_LOG_ERROR("ICMPv4 match is not supported for table type L3V6");
return false;
}

Expand Down Expand Up @@ -956,31 +980,40 @@ bool AclRuleMirror::validateAddMatch(string attr_name, string attr_value)

/*
* Type of Tables and Supported Match Types (Configuration)
* |--------------------------------------------------|
* | Match Type | TABLE_MIRROR | TABLE_MIRRORV6 |
* |--------------------------------------------------|
* | MATCH_SRC_IP | √ | |
* | MATCH_DST_IP | √ | |
* |--------------------------------------------------|
* | MATCH_SRC_IPV6 | | √ |
* | MATCH_DST_IPV6 | | √ |
* |--------------------------------------------------|
* | MARTCH_ETHERTYPE | √ | |
* |--------------------------------------------------|
* |---------------------------------------------------|
* | Match Type | TABLE_MIRROR | TABLE_MIRRORV6 |
* |---------------------------------------------------|
* | MATCH_SRC_IP | √ | |
* | MATCH_DST_IP | √ | |
* |---------------------------------------------------|
* | MATCH_ICMP_TYPE | √ | |
* | MATCH_ICMP_CODE | √ | |
* |---------------------------------------------------|
* | MATCH_ICMPV6_TYPE | | √ |
* | MATCH_ICMPV6_CODE | | √ |
* |---------------------------------------------------|
* | MATCH_SRC_IPV6 | | √ |
* | MATCH_DST_IPV6 | | √ |
* |---------------------------------------------------|
* | MARTCH_ETHERTYPE | √ | |
* |---------------------------------------------------|
*/

if (m_tableType == ACL_TABLE_MIRROR &&
(attr_name == MATCH_SRC_IPV6 || attr_name == MATCH_DST_IPV6))
(attr_name == MATCH_SRC_IPV6 || attr_name == MATCH_DST_IPV6 ||
attr_name == MATCH_ICMPV6_TYPE || attr_name == MATCH_ICMPV6_CODE))
{
SWSS_LOG_ERROR("%s match is not supported for the table of type MIRROR",
attr_name.c_str());
return false;
}

if (m_tableType == ACL_TABLE_MIRRORV6 &&
(attr_name == MATCH_SRC_IP || attr_name == MATCH_DST_IP || attr_name == MATCH_ETHER_TYPE))
(attr_name == MATCH_SRC_IP || attr_name == MATCH_DST_IP ||
attr_name == MATCH_ICMP_TYPE || attr_name == MATCH_ICMP_CODE ||
attr_name == MATCH_ETHER_TYPE))
{
SWSS_LOG_ERROR("%s match is not supported for the table of type MIRRORV6",
SWSS_LOG_ERROR("%s match is not supported for the table of type MIRRORv6",
attr_name.c_str());
return false;
}
Expand Down Expand Up @@ -1172,19 +1205,25 @@ bool AclTable::create()

/*
* Type of Tables and Supported Match Types (ASIC database)
* |-----------------------------------------------------------------|
* | | TABLE_MIRROR | TABLE_MIRROR | TABLE_MIRRORV6 |
* | Match Type |----------------------------------------------|
* | | combined | separated |
* |-----------------------------------------------------------------|
* | MATCH_SRC_IP | √ | √ | |
* | MATCH_DST_IP | √ | √ | |
* |-----------------------------------------------------------------|
* | MATCH_SRC_IPV6 | √ | | √ |
* | MATCH_DST_IPV6 | √ | | √ |
* |-----------------------------------------------------------------|
* | MARTCH_ETHERTYPE | √ | √ | |
* |-----------------------------------------------------------------|
* |------------------------------------------------------------------|
* | | TABLE_MIRROR | TABLE_MIRROR | TABLE_MIRRORV6 |
* | Match Type |----------------------------------------------|
* | | combined | separated |
* |------------------------------------------------------------------|
* | MATCH_SRC_IP | √ | √ | |
* | MATCH_DST_IP | √ | √ | |
* |------------------------------------------------------------------|
* | MATCH_ICMP_TYPE | √ | √ | |
* | MATCH_ICMP_CODE | √ | √ | |
* |------------------------------------------------------------------|
* | MATCH_SRC_IPV6 | √ | | √ |
* | MATCH_DST_IPV6 | √ | | √ |
* |------------------------------------------------------------------|
* | MATCH_ICMPV6_TYPE | √ | | √ |
* | MATCH_ICMPV6_CODE | √ | | √ |
* |------------------------------------------------------------------|
* | MARTCH_ETHERTYPE | √ | √ | |
* |------------------------------------------------------------------|
*/

if (type == ACL_TABLE_MIRROR)
Expand All @@ -1197,6 +1236,14 @@ bool AclTable::create()
attr.value.booldata = true;
table_attrs.push_back(attr);

attr.id = SAI_ACL_TABLE_ATTR_FIELD_ICMP_TYPE;
attr.value.booldata = true;
table_attrs.push_back(attr);

attr.id = SAI_ACL_TABLE_ATTR_FIELD_ICMP_CODE;
attr.value.booldata = true;
table_attrs.push_back(attr);

// If the switch supports v6 and requires one single table
if (m_pAclOrch->m_mirrorTableCapabilities[ACL_TABLE_MIRRORV6] &&
m_pAclOrch->m_isCombinedMirrorV6Table)
Expand All @@ -1208,6 +1255,14 @@ bool AclTable::create()
attr.id = SAI_ACL_TABLE_ATTR_FIELD_DST_IPV6;
attr.value.booldata = true;
table_attrs.push_back(attr);

attr.id = SAI_ACL_TABLE_ATTR_FIELD_ICMPV6_TYPE;
attr.value.booldata = true;
table_attrs.push_back(attr);

attr.id = SAI_ACL_TABLE_ATTR_FIELD_ICMPV6_CODE;
attr.value.booldata = true;
table_attrs.push_back(attr);
}
}
else if (type == ACL_TABLE_L3V6 || type == ACL_TABLE_MIRRORV6) // v6 only
Expand All @@ -1219,6 +1274,14 @@ bool AclTable::create()
attr.id = SAI_ACL_TABLE_ATTR_FIELD_DST_IPV6;
attr.value.booldata = true;
table_attrs.push_back(attr);

attr.id = SAI_ACL_TABLE_ATTR_FIELD_ICMPV6_TYPE;
attr.value.booldata = true;
table_attrs.push_back(attr);

attr.id = SAI_ACL_TABLE_ATTR_FIELD_ICMPV6_CODE;
attr.value.booldata = true;
table_attrs.push_back(attr);
}
else // v4 only
{
Expand All @@ -1229,6 +1292,14 @@ bool AclTable::create()
attr.id = SAI_ACL_TABLE_ATTR_FIELD_DST_IP;
attr.value.booldata = true;
table_attrs.push_back(attr);

attr.id = SAI_ACL_TABLE_ATTR_FIELD_ICMP_TYPE;
attr.value.booldata = true;
table_attrs.push_back(attr);

attr.id = SAI_ACL_TABLE_ATTR_FIELD_ICMP_CODE;
attr.value.booldata = true;
table_attrs.push_back(attr);
}

attr.id = SAI_ACL_TABLE_ATTR_FIELD_L4_SRC_PORT;
Expand Down
4 changes: 4 additions & 0 deletions orchagent/aclorch.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,10 @@
#define MATCH_L4_SRC_PORT_RANGE "L4_SRC_PORT_RANGE"
#define MATCH_L4_DST_PORT_RANGE "L4_DST_PORT_RANGE"
#define MATCH_TC "TC"
#define MATCH_ICMP_TYPE "ICMP_TYPE"
#define MATCH_ICMP_CODE "ICMP_CODE"
#define MATCH_ICMPV6_TYPE "ICMPV6_TYPE"
#define MATCH_ICMPV6_CODE "ICMPV6_CODE"
#define MATCH_TUNNEL_VNI "TUNNEL_VNI"
#define MATCH_INNER_ETHER_TYPE "INNER_ETHER_TYPE"
#define MATCH_INNER_IP_PROTOCOL "INNER_IP_PROTOCOL"
Expand Down
Loading

0 comments on commit f889f80

Please sign in to comment.