Skip to content

Commit

Permalink
[sonic-cfggen]: translate_acl tool adds TCP mask (#697)
Browse files Browse the repository at this point in the history 
In orchagent, the TCP_FLAGS expects both value and mask as the input.
Right now, translate_acl tool only support one TCP flag and generate
the ACL with both value and mask equal to the flag. This rule will
match packets that have this specific flag set regardless of the other
flags.
  • Loading branch information
@lguohan
Shuotian Cheng authored and lguohan committed Jun 13, 2017
1 parent d9cf398 commit 023a5b9
Show file tree
Hide file tree
Showing 3 changed files with 52 additions and 21 deletions.
9 changes: 9 additions & 0 deletions src/sonic-config-engine/tests/sample_output/rules_for_dataacl.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,5 +25,14 @@
"priority":9998
},
"OP":"SET"
},
{
"ACL_RULE_TABLE:dataacl:Rule_4":{
"IP_PROTOCOL":6,
"PACKET_ACTION":"FORWARD",
"TCP_FLAGS":"0x10/0x10",
"priority":9996
},
"OP":"SET"
}
]
62 changes: 42 additions & 20 deletions src/sonic-config-engine/tests/t0-sample-acl.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,55 +10,77 @@
"config": {
"forwarding-action": "ACCEPT"
}
},
},
"config": {
"sequence-id": 1
},
},
"ip": {
"config": {
"protocol": "IP_UDP",
"protocol": "IP_UDP",
"source-ip-address": "10.0.0.0/8"
}
}
},
},
"2": {
"actions": {
"config": {
"forwarding-action": "ACCEPT"
}
},
},
"config": {
"sequence-id": 2
},
},
"ip": {
"config": {
"protocol": "IP_UDP",
"protocol": "IP_UDP",
"source-ip-address": "100.64.0.0/10"
}
}
},
},
"3": {
"actions": {
"config": {
"forwarding-action": "ACCEPT"
}
},
},
"config": {
"sequence-id": 3
},
},
"ip": {
"config": {
"protocol": "IP_UDP",
"protocol": "IP_UDP",
"source-ip-address": "25.0.0.0/8"
}
}
},
"4": {
"actions": {
"config": {
"forwarding-action": "ACCEPT"
}
},
"config": {
"sequence-id": 4
},
"ip": {
"config": {
"protocol": "IP_TCP"
}
},
"transport": {
"config": {
"tcp-flags": [
"TCP_ACK"
]
}
}
}
}
},
},
"config": {
"name": "dataacl"
}
},
},
"everflow": {
"acl-entries": {
"acl-entry": {
Expand All @@ -67,26 +89,26 @@
"config": {
"forwarding-action": "ACCEPT"
}
},
},
"config": {
"sequence-id": 1
},
},
"ip": {
"config": {
"destination-ip-address": "127.0.0.1/32",
"protocol": "IP_TCP",
"destination-ip-address": "127.0.0.1/32",
"protocol": "IP_TCP",
"source-ip-address": "127.0.0.1/32"
}
},
},
"transport": {
"config": {
"destination-port": "0",
"destination-port": "0",
"source-port": "0"
}
}
}
}
},
},
"config": {
"name": "everflow"
}
Expand Down
2 changes: 1 addition & 1 deletion src/sonic-config-engine/translate_acl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -97,7 +97,7 @@ def generate_rule_json(table_name, rule, max_priority, mirror):
if flag == "TCP_CWR":
tcp_flags = tcp_flags | 0x80
if tcp_flags != 0x00:
rule_props["TCP_FLAGS"] = '0x{:02x}'.format(tcp_flags)
rule_props["TCP_FLAGS"] = '0x{:02x}/0x{:02x}'.format(tcp_flags, tcp_flags)
return rule_data

def generate_table_json(aclset, aclname, ports, mirror, max_priority, output_path='.'):
Expand Down

0 comments on commit 023a5b9

Please sign in to comment.