[acl_loader]: add iptype match to the rules for dataplane acl

lguohan · lguohan · commit d55d406bb277 · 2021-04-03T22:55:07.000-07:00
dataplane acl has v4 and v6 type. in case the rule does not
specify the iptype, the acl_loader will automatically add
the match for the iptype based on the table type.

for l3 table, it will add ethertype = 0x800
for l3v6 table, it will add iptype = ipv6any

Signed-off-by: Guohan Lu &lt;lguohan@gmail.com&gt;
diff --git a/acl_loader/main.py b/acl_loader/main.py
@@ -299,6 +299,22 @@ def is_table_mirror(self, tname):
         """
         return self.tables_db_info[tname]['type'].upper().startswith(self.ACL_TABLE_TYPE_MIRROR)
 
+    def is_table_l3v6(self, tname):
+        """
+        Check if ACL table type is L3V6
+        :param tname: ACL table name
+        :return: True if table type is L3V6 else False
+        """
+        return self.tables_db_info[tname]["type"].upper() == "L3V6"
+
+    def is_table_l3(self, tname):
+        """
+        Check if ACL table type is L3
+        :param tname: ACL table name
+        :return: True if table type is L3 else False
+        """
+        return self.tables_db_info[tname]["type"].upper() == "L3"
+
     def is_table_ipv6(self, tname):
         """
         Check if ACL table type is IPv6 (L3V6 or MIRRORV6)
@@ -593,6 +609,12 @@ def convert_rule_to_db_schema(self, table_name, rule):
 
         rule_props["PRIORITY"] = str(self.max_priority - rule_idx)
 
+        # setup default ip type match to dataplane acl (could be overriden by rule later)
+        if self.is_table_l3v6(table_name):
+            rule_props["IP_TYPE"] = "IPV6ANY"  # ETHERTYPE is not supported for DATAACLV6
+        elif self.is_table_l3(table_name):
+            rule_props["ETHER_TYPE"] = str(self.ethertype_map["ETHERTYPE_IPV4"])
+
         deep_update(rule_props, self.convert_action(table_name, rule_idx, rule))
         deep_update(rule_props, self.convert_l2(table_name, rule_idx, rule))
         deep_update(rule_props, self.convert_ip(table_name, rule_idx, rule))
diff --git a/tests/acl_input/acl1.json b/tests/acl_input/acl1.json
@@ -189,6 +189,22 @@
 										"destination-ip-address": "30.0.0.3/32"
 									}
 								}
+							},
+							"3": {
+								"config": {
+									"sequence-id": 3
+								},
+								"actions": {
+									"config": {
+										"forwarding-action": "ACCEPT"
+									}
+								},
+								"l2": {
+									"config": {
+										"vlan-id": "369",
+										"ethertype": "ETHERTYPE_LLDP"
+									}
+								}
 							}
 						}
 					}
@@ -247,4 +263,4 @@
 			}
 		}
 	}
-}
+}
diff --git a/tests/acl_loader_test.py b/tests/acl_loader_test.py
@@ -60,6 +60,7 @@ def test_vlan_id_translation(self, acl_loader):
         assert acl_loader.rules_info[("DATAACL", "RULE_2")]
         assert acl_loader.rules_info[("DATAACL", "RULE_2")] == {
             "VLAN_ID": 369,
+            "ETHER_TYPE": "2048",
             "IP_PROTOCOL": 6,
             "SRC_IP": "20.0.0.2/32",
             "DST_IP": "30.0.0.3/32",
@@ -82,6 +83,17 @@ def test_vlan_id_not_a_number(self, acl_loader):
             acl_loader.rules_info = {}
             acl_loader.load_rules_from_file(os.path.join(test_path, 'acl_input/illegal_vlan_nan.json'))
 
+    def test_ethertype_translation(self, acl_loader):
+        acl_loader.rules_info = {}
+        acl_loader.load_rules_from_file(os.path.join(test_path, 'acl_input/acl1.json'))
+        assert acl_loader.rules_info[("DATAACL", "RULE_3")]
+        assert acl_loader.rules_info[("DATAACL", "RULE_3")] == {
+            "VLAN_ID": 369,
+            "ETHER_TYPE": 35020,
+            "PACKET_ACTION": "FORWARD",
+            "PRIORITY": "9997"
+        }
+
     def test_icmp_translation(self, acl_loader):
         acl_loader.rules_info = {}
         acl_loader.load_rules_from_file(os.path.join(test_path, 'acl_input/acl1.json'))
@@ -92,6 +104,7 @@ def test_icmp_translation(self, acl_loader):
             "IP_PROTOCOL": 1,
             "SRC_IP": "20.0.0.2/32",
             "DST_IP": "30.0.0.3/32",
+            "ETHER_TYPE": "2048",
             "PACKET_ACTION": "FORWARD",
             "PRIORITY": "9999"
         }
@@ -106,6 +119,7 @@ def test_icmpv6_translation(self, acl_loader):
             "IP_PROTOCOL": 58,
             "SRC_IPV6": "::1/128",
             "DST_IPV6": "::1/128",
+            "IP_TYPE": "IPV6ANY",
             "PACKET_ACTION": "FORWARD",
             "PRIORITY": "9999"
         }
@@ -114,6 +128,7 @@ def test_icmpv6_translation(self, acl_loader):
             "IP_PROTOCOL": 58,
             "SRC_IPV6": "::1/128",
             "DST_IPV6": "::1/128",
+            "IP_TYPE": "IPV6ANY",
             "PACKET_ACTION": "FORWARD",
             "PRIORITY": "9900"
         }

Original file line number	Diff line number	Diff line change
`@@ -189,6 +189,22 @@`
`189`	`189`	`"destination-ip-address": "30.0.0.3/32"`
`190`	`190`	`}`
`191`	`191`	`}`
	`192`	`+ },`
	`193`	`+ "3": {`
	`194`	`+ "config": {`
	`195`	`+ "sequence-id": 3`
	`196`	`+ },`
	`197`	`+ "actions": {`
	`198`	`+ "config": {`
	`199`	`+ "forwarding-action": "ACCEPT"`
	`200`	`+ }`
	`201`	`+ },`
	`202`	`+ "l2": {`
	`203`	`+ "config": {`
	`204`	`+ "vlan-id": "369",`
	`205`	`+ "ethertype": "ETHERTYPE_LLDP"`
	`206`	`+ }`
	`207`	`+ }`
`192`	`208`	`}`
`193`	`209`	`}`
`194`	`210`	`}`
`@@ -247,4 +263,4 @@`
`247`	`263`	`}`
`248`	`264`	`}`
`249`	`265`	`}`
`250`		`-}`
	`266`	`+}`