[config/acl] Support everflow config translation (#468)

sonic-net · Apr 7, 2017 · ebed2d0 · ebed2d0
1 parent 0db9378
commit ebed2d0
Show file tree

Hide file tree

Showing 12 changed files with 567 additions and 18 deletions.
diff --git a/sonic-slave/Dockerfile b/sonic-slave/Dockerfile
@@ -91,6 +91,7 @@ RUN apt-get update && apt-get install -y docutils-common libjs-sphinxdoc libjs-u
 
 # For sonic config engine testing
 RUN apt-get install -y python-lxml python-jinja2 python-netaddr python-ipaddr python-yaml 
+RUN pip install pyangbind
 
 # For templating
 RUN pip install j2cli

diff --git a/src/sonic-config-engine/MANIFEST.in b/src/sonic-config-engine/MANIFEST.in
@@ -1 +1 @@
-recursive-include tests *.j2 *.yml *.xml
+recursive-include tests *.j2 *.yml *.xml *.json
diff --git a/src/sonic-config-engine/minigraph.py b/src/sonic-config-engine/minigraph.py
@@ -218,9 +218,10 @@ def parse_dpg(dpg, hname):
  aclintfs = child.find(str(QName(ns, "AclInterfaces")))
  acls = {}
  for aclintf in aclintfs.findall(str(QName(ns, "AclInterface"))):
- aclname = aclintf.find(str(QName(ns, "InAcl"))).text
+ aclname = aclintf.find(str(QName(ns, "InAcl"))).text.lower().replace(" ", "_").replace("-", "_")
  aclattach = aclintf.find(str(QName(ns, "AttachTo"))).text.split(';')
  acl_intfs = []
+ is_mirror = False
  for member in aclattach:
  member = member.strip()
  if pcs.has_key(member):
@@ -229,9 +230,13 @@ def parse_dpg(dpg, hname):
  print >> sys.stderr, "Warning: ACL " + aclname + " is attached to a Vlan interface, which is currently not supported"
  elif port_alias_map.has_key(member):
  acl_intfs.append(port_alias_map[member])
+ elif member.lower() == 'erspan':
+ is_mirror = True;
+ # Erspan session will be attached to all front panel ports
+ acl_intfs = port_alias_map.values()
+ break;
  if acl_intfs:
- acls[aclname] = acl_intfs
-
+ acls[aclname] = { 'AttachTo': acl_intfs, 'IsMirror': is_mirror }
  return intfs, lo_intfs, mgmt_intf, vlans, pcs, acls
  return None, None, None, None, None, None
 

diff --git a/src/sonic-config-engine/tests/sample_output/rules_for_dataacl.json b/src/sonic-config-engine/tests/sample_output/rules_for_dataacl.json
@@ -0,0 +1,29 @@
+[
+ {
+ "ACL_RULE_TABLE:dataacl:Rule_1":{
+ "IP_PROTOCOL":17,
+ "PACKET_ACTION":"FORWARD",
+ "SRC_IP":"10.0.0.0/8",
+ "priority":9999
+ },
+ "OP":"SET"
+ },
+ {
+ "ACL_RULE_TABLE:dataacl:Rule_3":{
+ "IP_PROTOCOL":17,
+ "PACKET_ACTION":"FORWARD",
+ "SRC_IP":"25.0.0.0/8",
+ "priority":9997
+ },
+ "OP":"SET"
+ },
+ {
+ "ACL_RULE_TABLE:dataacl:Rule_2":{
+ "IP_PROTOCOL":17,
+ "PACKET_ACTION":"FORWARD",
+ "SRC_IP":"100.64.0.0/10",
+ "priority":9998
+ },
+ "OP":"SET"
+ }
+]
diff --git a/src/sonic-config-engine/tests/sample_output/rules_for_everflow.json b/src/sonic-config-engine/tests/sample_output/rules_for_everflow.json
@@ -0,0 +1,14 @@
+[
+ {
+ "ACL_RULE_TABLE:everflow:Rule_1":{
+ "DST_IP":"127.0.0.1/32",
+ "IP_PROTOCOL":6,
+ "L4_DST_PORT":0,
+ "L4_SRC_PORT":0,
+ "MIRROR_ACTION":"everflow",
+ "SRC_IP":"127.0.0.1/32",
+ "priority":9999
+ },
+ "OP":"SET"
+ }
+]
diff --git a/src/sonic-config-engine/tests/sample_output/table_dataacl.json b/src/sonic-config-engine/tests/sample_output/table_dataacl.json
@@ -0,0 +1,10 @@
+[
+ {
+ "ACL_TABLE:dataacl":{
+ "policy_desc":"dataacl",
+ "ports":"Ethernet112,Ethernet116,Ethernet120,Ethernet124",
+ "type":"L3"
+ },
+ "OP":"SET"
+ }
+]
diff --git a/src/sonic-config-engine/tests/sample_output/table_everflow.json b/src/sonic-config-engine/tests/sample_output/table_everflow.json
@@ -0,0 +1,10 @@
+[
+ {
+ "ACL_TABLE:everflow":{
+ "policy_desc":"everflow",
+ "ports":"Ethernet24,Ethernet40,Ethernet20,Ethernet44,Ethernet48,Ethernet28,Ethernet96,Ethernet92,Ethernet76,Ethernet116,Ethernet72,Ethernet112,Ethernet52,Ethernet108,Ethernet56,Ethernet32,Ethernet16,Ethernet36,Ethernet12,Ethernet120,Ethernet8,Ethernet4,Ethernet0,Ethernet124,Ethernet68,Ethernet84,Ethernet100,Ethernet80,Ethernet60,Ethernet104,Ethernet64,Ethernet88",
+ "type":"mirror"
+ },
+ "OP":"SET"
+ }
+]
diff --git a/src/sonic-config-engine/tests/t0-sample-acl.json b/src/sonic-config-engine/tests/t0-sample-acl.json
@@ -0,0 +1,97 @@
+{
+ "acl": {
+ "acl-sets": {
+ "acl-set": {
+ "dataacl": {
+ "acl-entries": {
+ "acl-entry": {
+ "1": {
+ "actions": {
+ "config": {
+ "forwarding-action": "ACCEPT"
+ }
+ }, 
+ "config": {
+ "sequence-id": 1
+ }, 
+ "ip": {
+ "config": {
+ "protocol": "IP_UDP", 
+ "source-ip-address": "10.0.0.0/8"
+ }
+ }
+ }, 
+ "2": {
+ "actions": {
+ "config": {
+ "forwarding-action": "ACCEPT"
+ }
+ }, 
+ "config": {
+ "sequence-id": 2
+ }, 
+ "ip": {
+ "config": {
+ "protocol": "IP_UDP", 
+ "source-ip-address": "100.64.0.0/10"
+ }
+ }
+ }, 
+ "3": {
+ "actions": {
+ "config": {
+ "forwarding-action": "ACCEPT"
+ }
+ }, 
+ "config": {
+ "sequence-id": 3
+ }, 
+ "ip": {
+ "config": {
+ "protocol": "IP_UDP", 
+ "source-ip-address": "25.0.0.0/8"
+ }
+ }
+ }
+ }
+ }, 
+ "config": {
+ "name": "dataacl"
+ }
+ }, 
+ "everflow": {
+ "acl-entries": {
+ "acl-entry": {
+ "1": {
+ "actions": {
+ "config": {
+ "forwarding-action": "ACCEPT"
+ }
+ }, 
+ "config": {
+ "sequence-id": 1
+ }, 
+ "ip": {
+ "config": {
+ "destination-ip-address": "127.0.0.1/32", 
+ "protocol": "IP_TCP", 
+ "source-ip-address": "127.0.0.1/32"
+ }
+ }, 
+ "transport": {
+ "config": {
+ "destination-port": "0", 
+ "source-port": "0"
+ }
+ }
+ }
+ }
+ }, 
+ "config": {
+ "name": "everflow"
+ }
+ }
+ }
+ }
+ }
+}