Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[acl-loader] Only add default deny rule when table is L3 or L3V6 #2796

Merged
merged 8 commits into from
Apr 20, 2023
Merged
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Next Next commit
Only add default deny rule when table is L3 or MIRROR
lizhijianrd committed Apr 11, 2023

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
commit 58a0b2dfb4c600f87b9583cf7739cee21ea48edf
10 changes: 9 additions & 1 deletion acl_loader/main.py
Original file line number Diff line number Diff line change
@@ -354,6 +354,14 @@ def is_table_l3(self, tname):
"""
return self.tables_db_info[tname]["type"].upper() == "L3"

def is_table_ipv4(self, tname):
"""
Check if ACL table type is IPv4 (L3 or MIRROR)
:param tname: ACL table name
:return: True if table type is IPv4 else False
"""
return self.tables_db_info[tname]["type"].upper() in ("L3", "MIRROR")

def is_table_ipv6(self, tname):
"""
Check if ACL table type is IPv6 (L3V6 or MIRRORV6)
@@ -679,7 +687,7 @@ def deny_rule(self, table_name):
rule_props["PACKET_ACTION"] = "DROP"
if self.is_table_ipv6(table_name):
rule_props["IP_TYPE"] = "IPV6ANY" # ETHERTYPE is not supported for DATAACLV6
else:
elif self.is_table_ipv4(table_name):
rule_props["ETHER_TYPE"] = str(self.ethertype_map["ETHERTYPE_IPV4"])
return rule_data