sonic-net · daall · Mar 7, 2020 · Nov 22, 2019 · Feb 2, 2020 · Feb 11, 2020
diff --git a/orchagent/aclorch.cpp b/orchagent/aclorch.cpp
diff --git a/orchagent/aclorch.h b/orchagent/aclorch.h
@@ -374,6 +374,8 @@ class AclTable {
     bool unbind();
     // Link the ACL table with a port, for future bind or unbind
     void link(sai_object_id_t portOid);
+    // Unlink the ACL table from a port after unbind
+    void unlink(sai_object_id_t portOid);
     // Add or overwrite a rule into the ACL table
     bool add(shared_ptr<AclRule> newRule);
     // Remove a rule from the ACL table
@@ -387,8 +389,13 @@ class AclTable {
 class AclOrch : public Orch, public Observer
 {
 public:
-    AclOrch(vector<TableConnector>& connectors, TableConnector switchTable,
-            PortsOrch *portOrch, MirrorOrch *mirrorOrch, NeighOrch *neighOrch, RouteOrch *routeOrch, DTelOrch *m_dTelOrch = NULL);
+    AclOrch(vector<TableConnector>& connectors,
+            TableConnector          switchTable,
+            PortsOrch               *portOrch,
+            MirrorOrch              *mirrorOrch,
+            NeighOrch               *neighOrch,
+            RouteOrch               *routeOrch,
+            DTelOrch                *m_dTelOrch = NULL);
     ~AclOrch();
     void update(SubjectType, void *);
 
@@ -408,8 +415,9 @@ class AclOrch : public Orch, public Observer
     RouteOrch *m_routeOrch;
     DTelOrch *m_dTelOrch;
 
-    bool addAclTable(AclTable &aclTable, string table_id);
+    bool addAclTable(AclTable &aclTable);
     bool removeAclTable(string table_id);
+    bool updateAclTable(AclTable &currentTable, AclTable &newTable);
     bool addAclRule(shared_ptr<AclRule> aclRule, string table_id);
     bool removeAclRule(string table_id, string rule_id);
 
@@ -442,13 +450,20 @@ class AclOrch : public Orch, public Observer
     static void collectCountersThread(AclOrch *pAclOrch);
 
     bool createBindAclTable(AclTable &aclTable, sai_object_id_t &table_oid);
-    sai_status_t bindAclTable(sai_object_id_t table_oid, AclTable &aclTable, bool bind = true);
+    sai_status_t bindAclTable(AclTable &aclTable, bool bind = true);
     sai_status_t deleteUnbindAclTable(sai_object_id_t table_oid);
 
+    bool isAclTableTypeUpdated(acl_table_type_t table_type, AclTable &aclTable);
     bool processAclTableType(string type, acl_table_type_t &table_type);
+    bool isAclTableStageUpdated(acl_stage_type_t acl_stage, AclTable &aclTable);
     bool processAclTableStage(string stage, acl_stage_type_t &acl_stage);
     bool processAclTablePorts(string portList, AclTable &aclTable);
     bool validateAclTable(AclTable &aclTable);
+    bool updateAclTablePorts(AclTable &newTable, AclTable &curTable);
+    void getAddDeletePorts(AclTable    &newT,
+                           AclTable    &curT,
+                           set<string> &addSet,
+                           set<string> &delSet);
     sai_status_t createDTelWatchListTables();
     sai_status_t deleteDTelWatchListTables();
 

diff --git a/orchagent/pfcactionhandler.cpp b/orchagent/pfcactionhandler.cpp
@@ -299,7 +299,7 @@ void PfcWdAclHandler::createPfcAclTable(sai_object_id_t port, string strTable, b
     aclTable.link(port);
     aclTable.id = strTable;
     aclTable.stage = ingress ? ACL_STAGE_INGRESS : ACL_STAGE_EGRESS;
-    gAclOrch->addAclTable(aclTable, strTable);
+    gAclOrch->addAclTable(aclTable);
 }
 
 void PfcWdAclHandler::createPfcAclRule(shared_ptr<AclRulePfcwd> rule, uint8_t queueId, string strTable)

diff --git a/orchagent/pfcwdorch.cpp b/orchagent/pfcwdorch.cpp
@@ -560,11 +560,8 @@ bool PfcWdSwOrch<DropHandler, ForwardHandler>::registerInWdDb(const Port& port,
                 sai_serialize_object_id(queueId));
     }
 
-    // Create egress ACL table group for each port of pfcwd's interest
-    sai_object_id_t groupId;
-    gPortsOrch->createBindAclTableGroup(port.m_port_id, groupId, ACL_STAGE_INGRESS);
-    gPortsOrch->createBindAclTableGroup(port.m_port_id, groupId, ACL_STAGE_EGRESS);
-
+    // We do NOT need to create ACL table group here. It will be
+    // done when ACL tables are bound to ports
     return true;
 }
 

@@ -9,6 +9,7 @@ extern "C" {
 #include <string>
 #include <vector>
 #include <map>
+#include <bitset>
 
 #define DEFAULT_PORT_VLAN_ID    1
 /*
@@ -48,6 +49,14 @@ class Port
         UNKNOWN
     } ;
 
+    enum Dependency {
+            ACL_DEP,
+            FDB_DEP,
+            INTF_DEP,
+            LAG_DEP,
+            VLAN_DEP
+    };
+
     Port() {};
     Port(std::string alias, Type type) :
             m_alias(alias), m_type(type) {};
@@ -89,6 +98,7 @@ class Port
     sai_object_id_t     m_egress_acl_table_group_id = 0;
     vlan_members_t      m_vlan_members;
     sai_object_id_t     m_parent_port_id = 0;
+    uint32_t            m_dependency_bitmap = 0;
     sai_port_oper_status_t m_oper_status = SAI_PORT_OPER_STATUS_UNKNOWN;
     std::set<std::string> m_members;
     std::set<std::string> m_child_ports;
@@ -108,6 +118,21 @@ class Port
     std::vector<bool> m_queue_lock;
     std::vector<bool> m_priority_group_lock;
 
+    std::unordered_set<sai_object_id_t> m_ingress_acl_tables_uset;
+    std::unordered_set<sai_object_id_t> m_egress_acl_tables_uset;
+
+    inline void set_dependency(Dependency dep)
+    {
+        m_dependency_bitmap |= (1 << dep);
+    }
+    inline void clear_dependency(Dependency dep)
+    {
+        m_dependency_bitmap &= ~(1 << dep);
+    }
+    inline bool has_dependency()
+    {
+        return (m_dependency_bitmap != 0);
+    }
 };
 
 }