Merge pull request sonic-net#3894 from divyagayathri-hcl/acl_vrf_id_oid

[P4Orch] Update ACL VRF ID to use oid instead of u16.

Author: StephenWangGoogle

orchagent/p4orch/acl_rule_manager.cpp

@@ -860,7 +860,6 @@ ReturnCode AclRuleManager::setMatchValue(const acl_entry_attr_union_t attr_name,
         case SAI_ACL_ENTRY_ATTR_FIELD_IP_IDENTIFICATION:
         case SAI_ACL_ENTRY_ATTR_FIELD_OUTER_VLAN_ID:
         case SAI_ACL_ENTRY_ATTR_FIELD_INNER_VLAN_ID:
-        case SAI_ACL_ENTRY_ATTR_FIELD_VRF_ID:
         case SAI_ACL_ENTRY_ATTR_FIELD_INNER_ETHER_TYPE:
         case SAI_ACL_ENTRY_ATTR_FIELD_INNER_L4_SRC_PORT:
         case SAI_ACL_ENTRY_ATTR_FIELD_INNER_L4_DST_PORT: {
@@ -1030,6 +1029,20 @@ ReturnCode AclRuleManager::setMatchValue(const acl_entry_attr_union_t attr_name,
             value->aclfield.mask.u32 = 0xFFFFFFFF;
             break;
         }
+        case SAI_ACL_ENTRY_ATTR_FIELD_VRF_ID: {
+          const std::vector<std::string>& value_and_mask =
+              tokenize(attr_value, kDataMaskDelimiter);
+          const std::string vrf_id = trim(value_and_mask[0]);
+          if (vrf_id.empty() || !m_vrfOrch->isVRFexists(vrf_id)) {
+            return ReturnCode(StatusCode::SWSS_RC_NOT_FOUND)
+                   << "VRF ID " << QuotedVar(vrf_id) << " was not found.";
+          }
+          value->aclfield.data.oid = m_vrfOrch->getVRFid(vrf_id);
+          if (value_and_mask.size() > 1) {
+            SWSS_LOG_INFO("Mask ignored for VRF ID.");
+          }
+          break;
+        }
         case SAI_ACL_ENTRY_ATTR_FIELD_IPMC_NPU_META_DST_HIT:
         {
             const std::vector<std::string>& value_and_mask =

orchagent/p4orch/acl_util.cpp

@@ -929,7 +929,6 @@ bool isDiffMatchFieldValue(const acl_entry_attr_union_t attr_name, const sai_att
     case SAI_ACL_ENTRY_ATTR_FIELD_IP_IDENTIFICATION:
     case SAI_ACL_ENTRY_ATTR_FIELD_OUTER_VLAN_ID:
     case SAI_ACL_ENTRY_ATTR_FIELD_INNER_VLAN_ID:
-    case SAI_ACL_ENTRY_ATTR_FIELD_VRF_ID:
     case SAI_ACL_ENTRY_ATTR_FIELD_INNER_ETHER_TYPE:
     case SAI_ACL_ENTRY_ATTR_FIELD_INNER_L4_SRC_PORT:
     case SAI_ACL_ENTRY_ATTR_FIELD_INNER_L4_DST_PORT: {
@@ -955,6 +954,9 @@ bool isDiffMatchFieldValue(const acl_entry_attr_union_t attr_name, const sai_att
         return memcmp(value.aclfield.data.mac, old_value.aclfield.data.mac, sizeof(sai_mac_t)) ||
                memcmp(value.aclfield.mask.mac, old_value.aclfield.mask.mac, sizeof(sai_mac_t));
     }
+    case SAI_ACL_ENTRY_ATTR_FIELD_VRF_ID: {
+      return value.aclfield.data.oid != old_value.aclfield.data.oid;
+    }
     case SAI_ACL_ENTRY_ATTR_FIELD_IPMC_NPU_META_DST_HIT:
     {
         return value.aclfield.data.booldata != old_value.aclfield.data.booldata;

orchagent/p4orch/acl_util.h

@@ -540,7 +540,7 @@ static const acl_table_attr_format_lookup_t aclMatchTableAttrFormatLookup = {
     {SAI_ACL_TABLE_ATTR_FIELD_IPV6_NEXT_HEADER, Format::HEX_STRING},
     {SAI_ACL_TABLE_ATTR_FIELD_ROUTE_DST_USER_META, Format::HEX_STRING},
     {SAI_ACL_TABLE_ATTR_FIELD_ACL_USER_META, Format::HEX_STRING},
-    {SAI_ACL_TABLE_ATTR_FIELD_VRF_ID, Format::HEX_STRING},
+    {SAI_ACL_TABLE_ATTR_FIELD_VRF_ID, Format::STRING},
     {SAI_ACL_TABLE_ATTR_FIELD_IPMC_NPU_META_DST_HIT, Format::HEX_STRING},
 };
 

orchagent/p4orch/tests/acl_manager_test.cpp

@@ -637,8 +637,7 @@ P4AclTableDefinitionAppDbEntry getDefaultAclTableDefAppDbEntry()
     app_db_entry.match_field_lookup["inner_vlan_id"] = BuildMatchFieldJsonStrKindSaiField(P4_MATCH_INNER_VLAN_ID);
     app_db_entry.match_field_lookup["inner_vlan_cfi"] = BuildMatchFieldJsonStrKindSaiField(P4_MATCH_INNER_VLAN_CFI);
     app_db_entry.match_field_lookup["vrf_id"] =
-        BuildMatchFieldJsonStrKindSaiField(P4_MATCH_VRF_ID, P4_FORMAT_HEX_STRING,
-                                           /*bitwidth=*/16);
+        BuildMatchFieldJsonStrKindSaiField(P4_MATCH_VRF_ID, P4_FORMAT_STRING);
     app_db_entry.match_field_lookup["ipmc_table_hit"] =
         BuildMatchFieldJsonStrKindSaiField(P4_MATCH_IPMC_TABLE_HIT,
                                            P4_FORMAT_HEX_STRING, /*bitwidth=*/1);
@@ -2721,6 +2720,14 @@ TEST_F(AclManagerTest, CreateAclRuleWithInvalidSaiMatchFails)
     app_db_entry.match_fvs.erase("arp_tpa");
     acl_table->udf_group_attr_index_lookup = saved_udf_group_attr_index_lookup;
 
+    // ACL rule has invalid VRF ID.
+    app_db_entry.match_fvs["vrf_id"] = "invalid";
+    acl_rule_key =
+        KeyGenerator::generateAclRuleKey(app_db_entry.match_fvs, "100");
+    EXPECT_EQ(StatusCode::SWSS_RC_NOT_FOUND,
+              ProcessAddRuleRequest(acl_rule_key, app_db_entry));
+    app_db_entry.match_fvs.erase("vrf_id");
+
     // ACL rule has undefined match field
     app_db_entry.match_fvs["undefined"] = "1";
     acl_rule_key = KeyGenerator::generateAclRuleKey(app_db_entry.match_fvs, "100");
@@ -2800,7 +2807,7 @@ TEST_F(AclManagerTest, AclRuleWithValidMatchFields)
     app_db_entry.match_fvs["inner_vlan_pri"] = "200";
     app_db_entry.match_fvs["inner_vlan_id"] = "200";
     app_db_entry.match_fvs["inner_vlan_cfi"] = "200";
-    app_db_entry.match_fvs["vrf_id"] = "0x777";
+    app_db_entry.match_fvs["vrf_id"] = gVrfName;
     app_db_entry.match_fvs["ipmc_table_hit"] = "0x1";
 
     const auto &acl_rule_key = KeyGenerator::generateAclRuleKey(app_db_entry.match_fvs, "100");
@@ -2898,8 +2905,9 @@ TEST_F(AclManagerTest, AclRuleWithValidMatchFields)
     EXPECT_EQ(SAI_ACL_IP_FRAG_HEAD, acl_rule->match_fvs[SAI_ACL_ENTRY_ATTR_FIELD_ACL_IP_FRAG].aclfield.data.u32);
     EXPECT_EQ(SAI_PACKET_VLAN_SINGLE_OUTER_TAG,
               acl_rule->match_fvs[SAI_ACL_ENTRY_ATTR_FIELD_PACKET_VLAN].aclfield.data.u32);
-    EXPECT_EQ(0x777, acl_rule->match_fvs[SAI_ACL_ENTRY_ATTR_FIELD_VRF_ID].aclfield.data.u16);
-    EXPECT_EQ(0xFFFF, acl_rule->match_fvs[SAI_ACL_ENTRY_ATTR_FIELD_VRF_ID].aclfield.mask.u16);
+    EXPECT_EQ(
+        gVrfOid,
+        acl_rule->match_fvs[SAI_ACL_ENTRY_ATTR_FIELD_VRF_ID].aclfield.data.oid);
     EXPECT_EQ(true,
               acl_rule->match_fvs[SAI_ACL_ENTRY_ATTR_FIELD_IPMC_NPU_META_DST_HIT]
                   .aclfield.data.booldata);
@@ -5155,12 +5163,13 @@ TEST_F(AclManagerTest, AclRuleVerifyStateTest)
     attributes.push_back(swss::FieldValueTuple{"meter/pir", "200"});
     attributes.push_back(swss::FieldValueTuple{"meter/pburst", "200"});
     attributes.push_back(swss::FieldValueTuple{"controller_metadata", "..."});
-    const auto &acl_rule_json_key = "{\"match/ether_type\":\"0x0800\",\"match/"
-                                    "ipv6_dst\":\"fdf8:f53b:82e4::53 & "
-                                    "fdf8:f53b:82e4::53\",\"match/arp_tpa\": \"0xff112231\", "
-                                    "\"match/in_ports\": \"Ethernet1,Ethernet2\", \"match/out_ports\": "
-                                    "\"Ethernet4,Ethernet5\", \"priority\":15,\"match/ipmc_table_hit\":"
-                                    "\"0x1\"}";
+    const auto& acl_rule_json_key =
+        "{\"match/ether_type\":\"0x0800\",\"match/"
+        "ipv6_dst\":\"fdf8:f53b:82e4::53 & "
+        "fdf8:f53b:82e4::53\",\"match/arp_tpa\": \"0xff112231\", "
+        "\"match/in_ports\": \"Ethernet1,Ethernet2\", \"match/out_ports\": "
+        "\"Ethernet4,Ethernet5\", \"priority\":15,\"match/ipmc_table_hit\":"
+        "\"0x1\",\"match/vrf_id\":\"b4-traffic\"}";
     const auto &rule_tuple_key = std::string(kAclIngressTableName) + kTableKeyDelimiter + acl_rule_json_key;
     EnqueueRuleTuple(std::string(kAclIngressTableName),
                      swss::KeyOpFieldsValuesTuple({rule_tuple_key, SET_COMMAND, attributes}));
@@ -5182,21 +5191,37 @@ TEST_F(AclManagerTest, AclRuleVerifyStateTest)
     table.set(
         "SAI_OBJECT_TYPE_ACL_ENTRY:oid:0x3e9",
         std::vector<swss::FieldValueTuple>{
-            swss::FieldValueTuple{"SAI_ACL_ENTRY_ATTR_TABLE_ID", "oid:0x7000000000606"},
+            swss::FieldValueTuple{"SAI_ACL_ENTRY_ATTR_TABLE_ID",
+                                  "oid:0x7000000000606"},
             swss::FieldValueTuple{"SAI_ACL_ENTRY_ATTR_PRIORITY", "15"},
             swss::FieldValueTuple{"SAI_ACL_ENTRY_ATTR_ADMIN_STATE", "true"},
-            swss::FieldValueTuple{"SAI_ACL_ENTRY_ATTR_FIELD_DST_IPV6", "fdf8:f53b:82e4::53&mask:fdf8:f53b:82e4::53"},
-            swss::FieldValueTuple{"SAI_ACL_ENTRY_ATTR_FIELD_ETHER_TYPE", "2048&mask:0xffff"},
-            swss::FieldValueTuple{"SAI_ACL_ENTRY_ATTR_FIELD_ACL_IP_TYPE",
-                                  "SAI_ACL_IP_TYPE_ANY&mask:0xffffffffffffffff"},
-            swss::FieldValueTuple{"SAI_ACL_ENTRY_ATTR_USER_DEFINED_FIELD_GROUP_MIN", "2:255,17&mask:2:0xff,0xff"},
-            swss::FieldValueTuple{"SAI_ACL_ENTRY_ATTR_FIELD_IPMC_NPU_META_DST_HIT", "true"},
-            swss::FieldValueTuple{"SAI_ACL_ENTRY_ATTR_USER_DEFINED_FIELD_GROUP_1", "2:34,49&mask:2:0xff,0xff"},
-            swss::FieldValueTuple{"SAI_ACL_ENTRY_ATTR_FIELD_IN_PORTS", "2:oid:0x112233,oid:0x1fed3"},
-            swss::FieldValueTuple{"SAI_ACL_ENTRY_ATTR_FIELD_OUT_PORTS", "2:oid:0x9988,oid:0x56789abcdef"},
-            swss::FieldValueTuple{"SAI_ACL_ENTRY_ATTR_ACTION_MIRROR_INGRESS", "1:oid:0x2329"},
-            swss::FieldValueTuple{"SAI_ACL_ENTRY_ATTR_ACTION_SET_POLICER", "oid:0x7d1"},
-            swss::FieldValueTuple{"SAI_ACL_ENTRY_ATTR_ACTION_COUNTER", "oid:0xbb9"}});
+            swss::FieldValueTuple{"SAI_ACL_ENTRY_ATTR_FIELD_DST_IPV6",
+                                  "fdf8:f53b:82e4::53&mask:fdf8:f53b:82e4::53"},
+            swss::FieldValueTuple{"SAI_ACL_ENTRY_ATTR_FIELD_ETHER_TYPE",
+                                  "2048&mask:0xffff"},
+            swss::FieldValueTuple{
+                "SAI_ACL_ENTRY_ATTR_FIELD_ACL_IP_TYPE",
+                "SAI_ACL_IP_TYPE_ANY&mask:0xffffffffffffffff"},
+            swss::FieldValueTuple{
+                "SAI_ACL_ENTRY_ATTR_USER_DEFINED_FIELD_GROUP_MIN",
+                "2:255,17&mask:2:0xff,0xff"},
+            swss::FieldValueTuple{"SAI_ACL_ENTRY_ATTR_FIELD_VRF_ID",
+                                  "oid:0x6f"},
+            swss::FieldValueTuple{
+                "SAI_ACL_ENTRY_ATTR_FIELD_IPMC_NPU_META_DST_HIT", "true"},
+            swss::FieldValueTuple{
+                "SAI_ACL_ENTRY_ATTR_USER_DEFINED_FIELD_GROUP_1",
+                "2:34,49&mask:2:0xff,0xff"},
+            swss::FieldValueTuple{"SAI_ACL_ENTRY_ATTR_FIELD_IN_PORTS",
+                                  "2:oid:0x112233,oid:0x1fed3"},
+            swss::FieldValueTuple{"SAI_ACL_ENTRY_ATTR_FIELD_OUT_PORTS",
+                                  "2:oid:0x9988,oid:0x56789abcdef"},
+            swss::FieldValueTuple{"SAI_ACL_ENTRY_ATTR_ACTION_MIRROR_INGRESS",
+                                  "1:oid:0x2329"},
+            swss::FieldValueTuple{"SAI_ACL_ENTRY_ATTR_ACTION_SET_POLICER",
+                                  "oid:0x7d1"},
+            swss::FieldValueTuple{"SAI_ACL_ENTRY_ATTR_ACTION_COUNTER",
+                                  "oid:0xbb9"}});
     table.set("SAI_OBJECT_TYPE_ACL_COUNTER:oid:0xbb9",
               std::vector<swss::FieldValueTuple>{
                   swss::FieldValueTuple{"SAI_ACL_COUNTER_ATTR_TABLE_ID", "oid:0x7000000000606"},
@@ -5221,38 +5246,47 @@ TEST_F(AclManagerTest, AclRuleVerifyStateTest)
     EXPECT_FALSE(VerifyRuleState(std::string(APP_P4RT_TABLE_NAME) + ":invalid", attributes).empty());
     EXPECT_FALSE(VerifyRuleState(std::string(APP_P4RT_TABLE_NAME) + ":invalid:invalid", attributes).empty());
     EXPECT_FALSE(VerifyRuleState(std::string(APP_P4RT_TABLE_NAME) + ":ACL_PUNT_TABLE:invalid", attributes).empty());
-    EXPECT_FALSE(VerifyRuleState(std::string(APP_P4RT_TABLE_NAME) +
-                                     ":ACL_PUNT_TABLE:{\"match/ether_type\":\"0x0800\",\"match/"
-                                     "ipv6_dst\":\"fdf8:f53b:82e4::53 & "
-                                     "fdf8:f53b:82e4::53\",\"priority\":0,\"match/ipmc_table_hit\":"
-                                     "\"0x1\"}",
-                                 attributes)
-                     .empty());
-    EXPECT_FALSE(VerifyRuleState(std::string(APP_P4RT_TABLE_NAME) +
-                                     ":ACL_PUNT_TABLE:{\"match/ether_type\":\"0x0800\",\"match/"
-                                     "ipv6_dst\":\"127.0.0.1/24\",\"priority\":15,"
-                                     "\"match/ipmc_table_hit\":\"0x1\"}",
-                                 attributes)
-                     .empty());
+    EXPECT_FALSE(
+        VerifyRuleState(
+            std::string(APP_P4RT_TABLE_NAME) +
+                ":ACL_PUNT_TABLE:{\"match/ether_type\":\"0x0800\",\"match/"
+                "ipv6_dst\":\"fdf8:f53b:82e4::53 & "
+                "fdf8:f53b:82e4::53\",\"priority\":0,\"match/ipmc_table_hit\":"
+                "\"0x1\",\"match/vrf_id\":\"b4-traffic\"}",
+            attributes)
+            .empty());
+    EXPECT_FALSE(
+        VerifyRuleState(
+            std::string(APP_P4RT_TABLE_NAME) +
+                ":ACL_PUNT_TABLE:{\"match/ether_type\":\"0x0800\",\"match/"
+                "ipv6_dst\":\"127.0.0.1/24\",\"priority\":15,"
+                "\"match/ipmc_table_hit\":\"0x1\",\"match/"
+                "vrf_id\":\"b4-traffic\"}",
+            attributes)
+            .empty());
 
     // Verification should fail if entry does not exist.
-    EXPECT_FALSE(VerifyRuleState(std::string(APP_P4RT_TABLE_NAME) +
-                                     ":ACL_PUNT_TABLE:{\"match/ether_type\":\"0x0800\",\"match/"
-                                     "ipv6_dst\":\"fdf8:f53b:82e4::54 & "
-                                     "fdf8:f53b:82e4::54\",\"priority\":15,\"match/ipmc_table_hit\":"
-                                     "\"0x1\"}",
-                                 attributes)
-                     .empty());
+    EXPECT_FALSE(
+        VerifyRuleState(
+            std::string(APP_P4RT_TABLE_NAME) +
+                ":ACL_PUNT_TABLE:{\"match/ether_type\":\"0x0800\",\"match/"
+                "ipv6_dst\":\"fdf8:f53b:82e4::54 & "
+                "fdf8:f53b:82e4::54\",\"priority\":15,\"match/ipmc_table_hit\":"
+                "\"0x1\",\"match/vrf_id\":\"b4-traffic\"}",
+            attributes)
+            .empty());
 
     // Verification should fail with invalid attribute.
     EXPECT_FALSE(VerifyTableState(db_key, std::vector<swss::FieldValueTuple>{{kAction, "invalid"}}).empty());
 
     auto *acl_table = GetAclTable(kAclIngressTableName);
     EXPECT_NE(acl_table, nullptr);
-    const auto &acl_rule_key = "match/arp_tpa=0xff112231:match/ether_type=0x0800:match/"
-                               "in_ports=Ethernet1,Ethernet2:match/ipmc_table_hit=0x1:"
-                               "match/ipv6_dst=fdf8:f53b:82e4::53 & "
-                               "fdf8:f53b:82e4::53:match/out_ports=Ethernet4,Ethernet5:priority=15";
+    const auto& acl_rule_key =
+        "match/arp_tpa=0xff112231:match/ether_type=0x0800:match/"
+        "in_ports=Ethernet1,Ethernet2:match/ipmc_table_hit=0x1:"
+        "match/ipv6_dst=fdf8:f53b:82e4::53 & "
+        "fdf8:f53b:82e4::53:match/out_ports=Ethernet4,Ethernet5:match/"
+        "vrf_id=b4-traffic:priority=15";
     auto *acl_rule = GetAclRule(kAclIngressTableName, acl_rule_key);
     ASSERT_NE(acl_rule, nullptr);