Skip to content

Commit 453dd78

Browse files
qiluo-msftqiluo-msft
committed
Revert "[minigraph parser] Fix minigraph parser issue when handling LAG related ACL table configuration (sonic-net#1712)"
This reverts commit d7ed638.
1 parent 9943dba commit 453dd78

3 files changed

Lines changed: 5 additions & 19 deletions

File tree

src/sonic-config-engine/minigraph.py

Lines changed: 3 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -149,15 +149,12 @@ def parse_dpg(dpg, hname):
149149
pcintfs = child.find(str(QName(ns, "PortChannelInterfaces")))
150150
pc_intfs = []
151151
pcs = {}
152-
intfs_inpc = [] # List to hold all the LAG member interfaces
153152
for pcintf in pcintfs.findall(str(QName(ns, "PortChannel"))):
154153
pcintfname = pcintf.find(str(QName(ns, "Name"))).text
155154
pcintfmbr = pcintf.find(str(QName(ns, "AttachTo"))).text
156155
pcmbr_list = pcintfmbr.split(';')
157-
pc_intfs.append(pcintfname)
158156
for i, member in enumerate(pcmbr_list):
159157
pcmbr_list[i] = port_alias_map.get(member, member)
160-
intfs_inpc.append(pcmbr_list[i])
161158
if pcintf.find(str(QName(ns, "Fallback"))) != None:
162159
pcs[pcintfname] = {'members': pcmbr_list, 'fallback': pcintf.find(str(QName(ns, "Fallback"))).text}
163160
else:
@@ -205,26 +202,15 @@ def parse_dpg(dpg, hname):
205202
for member in aclattach:
206203
member = member.strip()
207204
if pcs.has_key(member):
208-
# If try to attach ACL to a LAG interface then we shall add the LAG to
209-
# to acl_intfs directly instead of break it into member ports, ACL attach
210-
# to LAG will be applied to all the LAG members internally by SAI/SDK
211-
acl_intfs.append(member)
205+
acl_intfs.extend(pcs[member]['members']) # For ACL attaching to port channels, we break them into port channel members
212206
elif vlans.has_key(member):
213207
print >> sys.stderr, "Warning: ACL " + aclname + " is attached to a Vlan interface, which is currently not supported"
214208
elif port_alias_map.has_key(member):
215209
acl_intfs.append(port_alias_map[member])
216-
# Give a warning if trying to attach ACL to a LAG member interface, correct way is to attach ACL to the LAG interface
217-
if port_alias_map[member] in intfs_inpc:
218-
print >> sys.stderr, "Warning: ACL " + aclname + " is attached to a LAG member interface " + port_alias_map[member] + ", instead of LAG interface"
219210
elif member.lower() == 'erspan':
220211
is_mirror = True;
221-
# Erspan session will be attached to all front panel ports,
222-
# if panel ports is a member port of LAG, should add the LAG
223-
# to acl table instead of the panel ports
224-
acl_intfs = pc_intfs
225-
for panel_port in port_alias_map.values():
226-
if panel_port not in intfs_inpc:
227-
acl_intfs.append(panel_port)
212+
# Erspan session will be attached to all front panel ports
213+
acl_intfs = port_alias_map.values()
228214
break;
229215
if acl_intfs:
230216
acls[aclname] = {'policy_desc': aclname,

src/sonic-config-engine/tests/test_cfggen.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -83,7 +83,7 @@ def test_minigraph_acl(self):
8383
"Warning: ignore interface 'fortyGigE0/2' in DEVICE_NEIGHBOR as it is not in the port_config.ini\n"
8484
"{'SSH_ACL': {'services': ['SSH'], 'type': 'CTRLPLANE', 'policy_desc': 'SSH_ACL'},"
8585
" 'SNMP_ACL': {'services': ['SNMP'], 'type': 'CTRLPLANE', 'policy_desc': 'SNMP_ACL'},"
86-
" 'DATAACL': {'type': 'L3', 'policy_desc': 'DATAACL', 'ports': ['PortChannel01', 'PortChannel02', 'PortChannel03', 'PortChannel04']},"
86+
" 'DATAACL': {'type': 'L3', 'policy_desc': 'DATAACL', 'ports': ['Ethernet112', 'Ethernet116', 'Ethernet120', 'Ethernet124']},"
8787
" 'NTP_ACL': {'services': ['NTP'], 'type': 'CTRLPLANE', 'policy_desc': 'NTP_ACL'},"
8888
" 'ROUTER_PROTECT': {'services': ['SSH', 'SNMP'], 'type': 'CTRLPLANE', 'policy_desc': 'ROUTER_PROTECT'}}")
8989

src/sonic-swss

0 commit comments

Comments
 (0)