[caclmgrd] Fix application of IPv6 service ACL rules#3917
Merged
jleveque merged 1 commit intosonic-net:masterfrom Dec 19, 2019
jleveque:fix_caclmgrd_v6
Merged
[caclmgrd] Fix application of IPv6 service ACL rules#3917jleveque merged 1 commit intosonic-net:masterfrom jleveque:fix_caclmgrd_v6
jleveque merged 1 commit intosonic-net:masterfrom
jleveque:fix_caclmgrd_v6
Conversation
Contributor
Author
|
Retest vsimage please |
lguohan
approved these changes
Dec 19, 2019
abdosi
pushed a commit
that referenced
this pull request
Jan 3, 2020
yxieca
pushed a commit
that referenced
this pull request
Jan 6, 2020
mssonicbld
added a commit
that referenced
this pull request
Jul 23, 2025
…atically (#22686) #### Why I did it src/sonic-utilities ``` * e18640e - (HEAD -> master, origin/master, origin/HEAD) Switchport mode update for 'show interfaces status' (#3788) (3 hours ago) [Shivashankar C R] * 809646a - Revert "Addition of prober_type in config and show commands for muxcable (#3884)" (#3979) (17 hours ago) [Xin Wang] * 3db35d5 - `vnet_route_check.py` should not report VNET routes in APP DB but not in STATE DB and ASIC DB as mismatches (#3990) (26 hours ago) [mramezani95] * 8647356 - [show][config][plugin] add processing of ModuleNotFoundError with log_warning (#3832) (32 hours ago) [Maksym Kovalchuk] * 20976de - fix show bgp cli on multiple asic device (#3981) (5 days ago) [Liping Xu] * 46c82ab - [db_migrator] Fix parse_xml fails when minigraph has SonicQosProfile (#3972) (6 days ago) [Xin Wang] * 1c3f789 - Fix route_check.py to ignore local p2p IP prefixes (#3882) (7 days ago) [prabhataravind] * 898a037 - Make 'show interface errors' lookup the correct oper_error_status count published by OA (#3956) (8 days ago) [Bobby McGonigle] * eda6ada - [sonic-package-manager] Save tag that was used to install the application (#3917) (8 days ago) [DavidZagury] * c409594 - [SPM] Add support for configuring systemd service Type in package manifests (#3946) (8 days ago) [DavidZagury] * 09b4292 - [trim]: Add Packet Trimming Asym DSCP CLI (#3920) (9 days ago) [Nazarii Hnydyn] * f751730 - Lodoga-Prime: lodogaprime platform support (#3954) (13 days ago) [NobutomoNakano] * 0424ae0 - Add GCU Support for SKU Mellanox-SN4280-C48/O8C40/O8V40 (#3964) (13 days ago) [Sai Rama Mohan Reddy S] * 57b9846 - fix issue #22476 remove quagga in show bgp cmd (#3947) (2 weeks ago) [Liping Xu] * 5d11fc5 - Fix comparison error when replace (#3941) (3 weeks ago) [jingwenxie] * f6d6d9a - Fix for 22138: Chassisd does not wait for the execution to complete for previous admin state change requests - Replaces PR: #3845 (#3937) (4 weeks ago) [rameshraghupathy] * be72304 - [YANG] remove uses clause handling, now part of sonic-yang-mgmt (#3814) (4 weeks ago) [Brad House] * 19a6b3c - Switch to using chrony instead of ntpd : gcu - services_validator.py (#3929) (4 weeks ago) [Anukul Verma] * 5db9c27 - Fixed cli command for ECN config on voq switch (#3928) (4 weeks ago) [saksarav-nokia] * 020f9d0 - Improved GCU's field validation logic for the WRED_PROFILE table (#3910) (4 weeks ago) [mramezani95] * f15e2d0 - feat: support specific BP port info for show int (#3926) (4 weeks ago) [Chenyang Wang] * 5a59f19 - [multi-asic] Fix the 'config reload' flow in case when multiple golden_config.json files provided (#3895) (5 weeks ago) [Vadym Hlushko] * 82ec8f4 - fix show cmd for bgp (#3922) (5 weeks ago) [Liping Xu] * e0f9da4 - Skip checking offload flags for static routes/sids in route check and add check_sids (#3919) (5 weeks ago) [Changrong Wu] * 5ea861d - [copp]: Added CoPP show configuration commands (#3863) (6 weeks ago) [Ravi Minnikanti(Marvell)] * 9fd8c3c - [sfputil] Use host lane mask as part of rx-output enable/disable (#3911) (6 weeks ago) [mihirpat1] * 3e157a2 - Support reboot cause: Kernel Panic - Out of memory (#3918) (6 weeks ago) [byu343] * 49d36ff - [gcu]: Add marvell-teralynx platform to gcu field validator (#3881) (6 weeks ago) [Ravi Minnikanti(Marvell)] * 8415aee - [Mellanox] Collect sai.xml to sysdump (#3903) (6 weeks ago) [Sai Rama Mohan Reddy S] * 6e26c8d - [intfstat] Align output format between cached/non-cached scenarios (#3902) (6 weeks ago) [Yair Raviv] * 57d825e - Add version_202411_02 function (#3864) (6 weeks ago) [Ben Levi] * d5051cd - [Smartswitch][reboot] Addition of pre shutdown and post startup function calls (#3900) (7 weeks ago) [Gagan Punathil Ellath] * b3509b9 - Add CLI show commands to view bgp network, neighbors and summary on per-vrf basis (#3866) (7 weeks ago) [Navdha Jindal] * dfa51d3 - Upgrade portstat to support nonzero option and sort heterogeneous interfaces names (#3894) (7 weeks ago) [Changrong Wu] * ba255b6 - Issue #22407: ConfigReload fails when RADIUS statistics is enabled (#3860) (8 weeks ago) [Anders Linn] * 7116edf - Fix warm-reboot script so it can be run via reboot DBus service (#3872) (8 weeks ago) [jkmar] * 2f1c4e0 - config: Modify AAA config commands to use pass_db decorator (#3755) (8 weeks ago) [Anders Linn] * d6d866f - show command for icmp echo offload sessions (#3889) (8 weeks ago) [manamand2020] * 1b3498c - add TH5-512 hwsku into gcu support list (#3896) (8 weeks ago) [Dashuai Zhang] * b106a82 - Addition of prober_type in config and show commands for muxcable (#3884) (9 weeks ago) [harjotsinghpawra] * 733bdde - [smartswitch] Fix incorrect reboot status check and improve debug logging in reboot scripts (#3888) (9 weeks ago) [Vasundhara Volam] * 60110fa - feat: support namespace arg for show mac (#3873) (9 weeks ago) [Chenyang Wang] * aeba823 - feat: support namespace arg for show bfd (#3885) (9 weeks ago) [Chenyang Wang] ``` #### How I did it #### How to verify it #### Description for the changelog
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Caclmgrd was written with the understanding that the "SRC_IP" field of the rule properties would contain either a v4 or v6 IP address, thus we examined the IP address in that field to make an educated guess as to whether the table which contained that rule contained v4 or v6 addresses.
However, this PR: sonic-net/sonic-utilities#377 broke the logic in caclmgrd, because it now causes the acl-loader application to perform the same check and if the IP address is a v4 address, it inserts it into the "SRC_IP" field as it did previously. However, if the IP address is a v6 address, it inserts the address into a new "SRC_IPV6" field, leaving the "SRC_IP" field empty, which caused the logic in caclmgrd to fail to determine tables which contain IPv6 addresses, therefore not applying IPv6 service ACLs. This was noticed via log messages like the following:
This PR now adapts to the new acl-loader logic, and determines whether the table contains v4 or v6 address based on whether the rules in the table contain "SRC_IP"/"DST_IP" fields (v4), or "SRC_IPV6"/"DST_IPV6" fields (v6).