[acl] Add new ACL key BTH_OPCODE and AETH_SYNDROME (sonic-net#2617)

- What I did
Add new ACL key BTH_OPCODE and AETH_SYNDROME

- Why I did it
Add new ACL key BTH_OPCODE and AETH_SYNDROME

- How I verified it
Manual test

Author: Junchao-Mellanox

orchagent/aclorch.cpp

@@ -69,7 +69,9 @@ acl_rule_attr_lookup_t aclMatchLookup =
     { MATCH_INNER_ETHER_TYPE,  SAI_ACL_ENTRY_ATTR_FIELD_INNER_ETHER_TYPE },
     { MATCH_INNER_IP_PROTOCOL, SAI_ACL_ENTRY_ATTR_FIELD_INNER_IP_PROTOCOL },
     { MATCH_INNER_L4_SRC_PORT, SAI_ACL_ENTRY_ATTR_FIELD_INNER_L4_SRC_PORT },
-    { MATCH_INNER_L4_DST_PORT, SAI_ACL_ENTRY_ATTR_FIELD_INNER_L4_DST_PORT }
+    { MATCH_INNER_L4_DST_PORT, SAI_ACL_ENTRY_ATTR_FIELD_INNER_L4_DST_PORT },
+    { MATCH_BTH_OPCODE,        SAI_ACL_ENTRY_ATTR_FIELD_BTH_OPCODE},
+    { MATCH_AETH_SYNDROME,     SAI_ACL_ENTRY_ATTR_FIELD_AETH_SYNDROME}
 };
 
 static acl_range_type_lookup_t aclRangeTypeLookup =
@@ -970,6 +972,36 @@ bool AclRule::validateAddMatch(string attr_name, string attr_value)
             matchData.data.u8 = to_uint<uint8_t>(attr_value);
             matchData.mask.u8 = 0xFF;
         }
+        else if (attr_name == MATCH_BTH_OPCODE)
+        {
+            auto opcode_data = tokenize(attr_value, '/');
+
+            if (opcode_data.size() == 2)
+            {
+                matchData.data.u8 = to_uint<uint8_t>(opcode_data[0]);
+                matchData.mask.u8 = to_uint<uint8_t>(opcode_data[1]);
+            }
+            else
+            {
+                SWSS_LOG_ERROR("Invalid BTH_OPCODE configuration: %s, expected format <data>/<mask>", attr_value.c_str());
+                return false;
+            }
+        }
+        else if (attr_name == MATCH_AETH_SYNDROME)
+        {
+            auto syndrome_data = tokenize(attr_value, '/');
+
+            if (syndrome_data.size() == 2)
+            {
+                matchData.data.u8 = to_uint<uint8_t>(syndrome_data[0]);
+                matchData.mask.u8 = to_uint<uint8_t>(syndrome_data[1]);
+            }
+            else
+            {
+                SWSS_LOG_ERROR("Invalid AETH_SYNDROME configuration: %s, expected format <data>/<mask>", attr_value.c_str());
+                return false;
+            }
+        }
     }
     catch (exception &e)
     {
@@ -3796,7 +3828,7 @@ bool AclOrch::addAclTable(AclTable &newTable)
     }
     // Update matching field according to ACL stage
     newTable.addStageMandatoryMatchFields();
-    
+
     // Add mandatory ACL action if not present
     // We need to call addMandatoryActions here because addAclTable is directly called in other orchs.
     // The action_list is already added if the ACL table creation is triggered by CONFIGDD, but calling addMandatoryActions

orchagent/aclorch.h

@@ -49,6 +49,8 @@
 #define MATCH_INNER_IP_PROTOCOL "INNER_IP_PROTOCOL"
 #define MATCH_INNER_L4_SRC_PORT "INNER_L4_SRC_PORT"
 #define MATCH_INNER_L4_DST_PORT "INNER_L4_DST_PORT"
+#define MATCH_BTH_OPCODE        "BTH_OPCODE"
+#define MATCH_AETH_SYNDROME     "AETH_SYNDROME"
 
 #define BIND_POINT_TYPE_PORT "PORT"
 #define BIND_POINT_TYPE_PORTCHANNEL "PORTCHANNEL"

tests/mock_tests/aclorch_ut.cpp

@@ -1409,7 +1409,7 @@ namespace aclorch_test
                         {
                             {
                                 ACL_TABLE_TYPE_MATCHES,
-                                string(MATCH_SRC_IP) +  comma + MATCH_ETHER_TYPE + comma + MATCH_L4_SRC_PORT_RANGE
+                                string(MATCH_SRC_IP) +  comma + MATCH_ETHER_TYPE + comma + MATCH_L4_SRC_PORT_RANGE + comma + MATCH_BTH_OPCODE + comma + MATCH_AETH_SYNDROME
                             },
                             {
                                 ACL_TABLE_TYPE_BPOINT_TYPES,
@@ -1431,6 +1431,8 @@ namespace aclorch_test
             { "SAI_ACL_TABLE_ATTR_FIELD_SRC_IP", "true" },
             { "SAI_ACL_TABLE_ATTR_FIELD_ETHER_TYPE", "true" },
             { "SAI_ACL_TABLE_ATTR_FIELD_ACL_RANGE_TYPE", "1:SAI_ACL_RANGE_TYPE_L4_SRC_PORT_RANGE" },
+            { "SAI_ACL_TABLE_ATTR_FIELD_BTH_OPCODE", "true" },
+            { "SAI_ACL_TABLE_ATTR_FIELD_AETH_SYNDROME", "true" },
         };
 
         ASSERT_TRUE(validateAclTable(
@@ -1477,6 +1479,42 @@ namespace aclorch_test
         // DST_IP is not in the table type
         ASSERT_FALSE(orch->getAclRule(aclTableName, aclRuleName));
 
+        orch->doAclRuleTask(
+            deque<KeyOpFieldsValuesTuple>(
+                {
+                    {
+                        aclTableName + "|" + aclRuleName,
+                        SET_COMMAND,
+                        {
+                            { ACTION_PACKET_ACTION, PACKET_ACTION_DROP },
+                            { MATCH_BTH_OPCODE, "0x60" },
+                        }
+                    }
+                }
+            )
+        );
+
+        // MATCH_BTH_OPCODE invalid format
+        ASSERT_FALSE(orch->getAclRule(aclTableName, aclRuleName));
+
+        orch->doAclRuleTask(
+            deque<KeyOpFieldsValuesTuple>(
+                {
+                    {
+                        aclTableName + "|" + aclRuleName,
+                        SET_COMMAND,
+                        {
+                            { ACTION_PACKET_ACTION, PACKET_ACTION_DROP },
+                            { MATCH_AETH_SYNDROME, "0x60" },
+                        }
+                    }
+                }
+            )
+        );
+
+        // MATCH_AETH_SYNDROME invalid format
+        ASSERT_FALSE(orch->getAclRule(aclTableName, aclRuleName));
+
         orch->doAclRuleTask(
             deque<KeyOpFieldsValuesTuple>(
                 {
@@ -1486,6 +1524,8 @@ namespace aclorch_test
                         {
                             { MATCH_SRC_IP, "1.1.1.1/32" },
                             { ACTION_PACKET_ACTION, PACKET_ACTION_DROP },
+                            { MATCH_BTH_OPCODE, "0x60/0xff" },
+                            { MATCH_AETH_SYNDROME, "0x60/0x60" },
                         }
                     }
                 }