diff --git a/src/sonic-yang-models/tests/yang_model_tests/tests/acl.json b/src/sonic-yang-models/tests/yang_model_tests/tests/acl.json index aa53606298a2..47a7a996bea5 100644 --- a/src/sonic-yang-models/tests/yang_model_tests/tests/acl.json +++ b/src/sonic-yang-models/tests/yang_model_tests/tests/acl.json @@ -81,5 +81,21 @@ "key": "sonic-acl:actions", "value": [""] } + }, + "ACL_TABLE_L2_ACL_FIELDS": { + "desc": "Configure L2 ACL with proper rule fields" + }, + "ACL_TABLE_L3_RULE_WITH_L2_FIELDS": { + "desc": "Configure L2 Address in L3 ACL.", + "eStrKey" : "When", + "eStr": ["type"] + }, + "ACL_RULE_L2_INVALID_MAC": { + "desc": "Configure invalid MAC address format.", + "eStrKey" : "Pattern" + }, + "ACL_RULE_L2_INVALID_ETHER": { + "desc": "Configure invalid MAC address format.", + "eStrKey" : "Pattern" } } diff --git a/src/sonic-yang-models/tests/yang_model_tests/tests_config/acl.json b/src/sonic-yang-models/tests/yang_model_tests/tests_config/acl.json index d22d372a5ea0..7a054a187223 100644 --- a/src/sonic-yang-models/tests/yang_model_tests/tests_config/acl.json +++ b/src/sonic-yang-models/tests/yang_model_tests/tests_config/acl.json @@ -657,5 +657,123 @@ ] } } + }, + "ACL_TABLE_L2_ACL_FIELDS": { + "sonic-acl:sonic-acl": { + "sonic-acl:ACL_RULE": { + "ACL_RULE_LIST": [ + { + "ACL_TABLE_NAME": "L2ACL", + "SRC_MAC": "00:00:AB:CD:EF:00/FF:FF:FF:00:00:00", + "DST_MAC": "00:00:AB:CD:EF:FF/FF:FF:FF:FF:FF:FF", + "ETHER_TYPE": "0x0800", + "PCP": "5/5", + "DEI": "0", + "PACKET_ACTION": "FORWARD", + "PRIORITY": 999980, + "RULE_NAME": "Rule_20" + } + ] + }, + "sonic-acl:ACL_TABLE": { + "ACL_TABLE_LIST": [ + { + "ACL_TABLE_NAME": "L2ACL", + "policy_desc": "L2ACL Test", + "ports": [ "" ], + "stage": "INGRESS", + "type": "L2" + } + ] + } + } + }, + "ACL_TABLE_L3_RULE_WITH_L2_FIELDS": { + "sonic-acl:sonic-acl": { + "sonic-acl:ACL_RULE": { + "ACL_RULE_LIST": [ + { + "ACL_TABLE_NAME": "L3ACL-MAC-FIELDS", + "SRC_MAC": "00:00:AB:CD:EF:00/FF:FF:FF:00:00:00", + "DST_MAC": "00:00:AB:CD:EF:FF/FF:FF:FF:FF:FF:FF", + "ETHER_TYPE": "0x0800", + "PCP": "5/5", + "DEI": "0", + "PACKET_ACTION": "FORWARD", + "PRIORITY": 999980, + "RULE_NAME": "Rule_20" + } + ] + }, + "sonic-acl:ACL_TABLE": { + "ACL_TABLE_LIST": [ + { + "ACL_TABLE_NAME": "L3ACL-MAC-FIELDS", + "policy_desc": "L2ACL Test", + "ports": [ "" ], + "stage": "INGRESS", + "type": "L3" + } + ] + } + } + }, + "ACL_RULE_L2_INVALID_MAC": { + "sonic-acl:sonic-acl": { + "sonic-acl:ACL_RULE": { + "ACL_RULE_LIST": [ + { + "ACL_TABLE_NAME": "L2ACL_INVALID_MAC", + "SRC_MAC": "00.00.AB.CD.EF.00/FF.FF.FF.00.00.00", + "DST_MAC": "00.00.AB.CD.EF.FF/FF.FF.FF.FF.FF.FF", + "ETHER_TYPE": "0x0800", + "PCP": "5/5", + "DEI": "0", + "PACKET_ACTION": "FORWARD", + "PRIORITY": 999980, + "RULE_NAME": "Rule_20" + } + ] + }, + "sonic-acl:ACL_TABLE": { + "ACL_TABLE_LIST": [ + { + "ACL_TABLE_NAME": "L2ACL_INVALID_MAC", + "policy_desc": "L2ACL Test", + "ports": [ "" ], + "stage": "INGRESS", + "type": "L2" + } + ] + } + } + }, + "ACL_RULE_L2_INVALID_ETHER": { + "sonic-acl:sonic-acl": { + "sonic-acl:ACL_RULE": { + "ACL_RULE_LIST": [ + { + "ACL_TABLE_NAME": "L2ACL_INVALID_ETHER", + "SRC_MAC": "00.00.AB.CD.EF.00/FF.FF.FF.00.00.00", + "DST_MAC": "00.00.AB.CD.EF.FF/FF.FF.FF.FF.FF.FF", + "ETHER_TYPE": "64", + "PACKET_ACTION": "FORWARD", + "PRIORITY": 999980, + "RULE_NAME": "Rule_20" + } + ] + }, + "sonic-acl:ACL_TABLE": { + "ACL_TABLE_LIST": [ + { + "ACL_TABLE_NAME": "L2ACL_INVALID_ETHER", + "policy_desc": "L2ACL Test", + "ports": [ "" ], + "stage": "INGRESS", + "type": "L2" + } + ] + } + } } } diff --git a/src/sonic-yang-models/yang-templates/sonic-acl.yang.j2 b/src/sonic-yang-models/yang-templates/sonic-acl.yang.j2 index 1374b840cbfa..f3a43c60b3df 100644 --- a/src/sonic-yang-models/yang-templates/sonic-acl.yang.j2 +++ b/src/sonic-yang-models/yang-templates/sonic-acl.yang.j2 @@ -75,8 +75,16 @@ module sonic-acl { } } - choice ip_prefix { - + choice src_dst_address { + case l2_src_dst_address { + when "(/acl:sonic-acl/acl:ACL_TABLE/acl:ACL_TABLE_LIST[ACL_TABLE_NAME=current()/acl:ACL_TABLE_NAME]/acl:type = 'L2')"; + leaf SRC_MAC { + type stypes:mac-addr-and-mask; + } + leaf DST_MAC { + type stypes:mac-addr-and-mask; + } + } case ip4_prefix { when "boolean(IP_TYPE[.='ANY' or .='IP' or .='IPV4' or .='IPv4ANY' or .='ARP'])"; leaf SRC_IP { @@ -144,7 +152,7 @@ module sonic-acl { leaf ETHER_TYPE { type string { - pattern "(0x88CC|0x8100|0x8915|0x0806|0x0800|0x86DD|0x8847)"; + pattern "0x0[6-9a-fA-F][0-9a-fA-F]{2}|0x[1-9a-fA-F][0-9a-fA-F]{3}"; } } @@ -220,6 +228,26 @@ module sonic-acl { leaf INNER_L4_DST_PORT { type uint16; } + + leaf VLAN_ID { + type uint16 { + range 1..4094; + } + } + + leaf PCP { + when "(/acl:sonic-acl/acl:ACL_TABLE/acl:ACL_TABLE_LIST[ACL_TABLE_NAME=current()/../acl:ACL_TABLE_NAME]/acl:type = 'L2')"; + type string { + pattern "[0-7]|[0-7]/[0-7]"; + } + } + + leaf DEI { + when "(/acl:sonic-acl/acl:ACL_TABLE/acl:ACL_TABLE_LIST[ACL_TABLE_NAME=current()/../acl:ACL_TABLE_NAME]/acl:type = 'L2')"; + type uint8 { + range "0..1"; + } + } } /* end of ACL_RULE_LIST */ } diff --git a/src/sonic-yang-models/yang-templates/sonic-types.yang.j2 b/src/sonic-yang-models/yang-templates/sonic-types.yang.j2 index 021cf7a0757e..8896a2312e31 100644 --- a/src/sonic-yang-models/yang-templates/sonic-types.yang.j2 +++ b/src/sonic-yang-models/yang-templates/sonic-types.yang.j2 @@ -217,6 +217,11 @@ module sonic-types { } } + typedef mac-addr-and-mask { + type string { + pattern "[0-9a-fA-F]{2}(:[0-9a-fA-F]{2}){5}|[0-9a-fA-F]{2}(:[0-9a-fA-F]{2}){5}/[0-9a-fA-F]{2}(:[0-9a-fA-F]{2}){5}"; + } + } /* Required for CVL */