Skip to content

[action] [PR:17553] Update backend_acl.py to specify ACL table name#17668

Merged
mssonicbld merged 1 commit intosonic-net:202311from
mssonicbld:cherry/202311/17553
Jan 4, 2024
Merged

[action] [PR:17553] Update backend_acl.py to specify ACL table name#17668
mssonicbld merged 1 commit intosonic-net:202311from
mssonicbld:cherry/202311/17553

Conversation

@mssonicbld
Copy link
Collaborator

@mssonicbld mssonicbld commented Jan 3, 2024

Why I did it

Fix #17552 .

PR #14229 added a service for loading backend ACL rules. There is an issue in below code in backend_acl.py.

sonic-buildimage/files/image_config/backend_acl/backend_acl.py

Lines 80 to 81 in 2ba3c90

if os.path.isfile(BACKEND_ACL_FILE):
run_command(['acl-loader', 'update', 'incremental', BACKEND_ACL_FILE])

Because table_name is not specified when calling acl-loader, the ACL rules loaded previously will be cleared.

Work item tracking
  • Microsoft ADO 26167588:

How I did it

Specify the ACL table name DATAACL when calling acl-loader.

How to verify it

The change is verified by running on a physical testbed. The previously loaded ACL rules are not cleared after this change.

admin@str2-7050qx-32s-acs-02:/usr/share/sonic/templates$ show acl rule
Table Rule Priority Action Match
-------- ------------ ---------- -------- ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
SNMP_ACL RULE_1 9999 ACCEPT SRC_IP: 10.20.0.0/16
DATAACL RULE_1 9999 FORWARD ETHER_TYPE: 2048
 IN_PORTS: Ethernet12,Ethernet16,Ethernet20,Ethernet24,Ethernet28,Ethernet32,Ethernet36,Ethernet4,Ethernet40,Ethernet44,Ethernet48,Ethernet52,Ethernet56,Ethernet60,Ethernet64,Ethernet68,Ethernet72,Ethernet76,Ethernet8
 VLAN_ID: 1000
SNMP_ACL RULE_2 9998 ACCEPT SRC_IP: 10.154.232.0/21
SNMP_ACL RULE_3 9997 ACCEPT SRC_IP: 25.65.16.0/20
SNMP_ACL RULE_4 9996 ACCEPT SRC_IP: 25.66.128.0/17
SNMP_ACL RULE_5 9995 ACCEPT SRC_IP: 100.126.0.0/16
SNMP_ACL RULE_6 9994 ACCEPT SRC_IP: 100.127.64.0/18
......

Which release branch to backport (provide reason below if selected)

  • 201811
  • 201911
  • 202006
  • 202012
  • 202106
  • 202111
  • 202205
  • 202211
  • 202305

Tested branch (Please provide the tested image version)

  • 20201231.118

Description for the changelog

Update backend_acl.py to specify ACL table name.

Link to config_db schema for YANG module changes

No schema change.

A picture of a cute animal (not mandatory but encouraged)

@mssonicbld mssonicbld requested a review from lguohan as a code owner January 3, 2024 22:56
@mssonicbld mssonicbld mentioned this pull request Jan 3, 2024
Merged
10 tasks
@mssonicbld
Copy link
Collaborator Author

mssonicbld commented Jan 3, 2024

Original PR: #17553

@mssonicbld mssonicbld merged commit c5473c1 into sonic-net:202311 Jan 4, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@lguohan lguohan Awaiting requested review from lguohan lguohan is a code owner

Assignees

No one assigned

Labels

automerge

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@mssonicbld @bingwang-ms