[sonic-cfggen]: translate_acl tool adds TCP mask#697
Merged
lguohan merged 1 commit intosonic-net:masterfrom Jun 13, 2017
stcheng:acl
Merged
[sonic-cfggen]: translate_acl tool adds TCP mask#697lguohan merged 1 commit intosonic-net:masterfrom stcheng:acl
lguohan merged 1 commit intosonic-net:masterfrom
stcheng:acl
Conversation
In orchagent, the TCP_FLAGS expects both value and mask as the input. Right now, translate_acl tool only support one TCP flag and generate the ACL with both value and mask equal to the flag. This rule will match packets that have this specific flag set regardless of the other flags.
lguohan
approved these changes
Jun 13, 2017
lguohan
pushed a commit
that referenced
this pull request
Oct 24, 2019
c12c443 - 2019-10-22 : [command reference] add warm reboot command document (#704) [Ying Xie] e25cf29 - 2019-10-22 : [PR template] Add reminder to add/modify/remove unit tests as appropriate (#708) [Joe LeVeque] 66eafce - 2019-10-19 : [Command Reference] Unify style and formatting; Fix organization; Other fixes (#707) [Joe LeVeque] f32a450 - 2019-10-19 : [generate_dump] Make regex more specific for disabling/enabling logrotate (#701) [Kalimuthu-Velappan] d77c411 - 2019-10-18 : [netstat]: Fix for negative output values of counters after clear counters operation (#697) [lyndonsiao] fc324f2 - 2019-10-18 : [neighbor_advertiser]: Adapt to different mirror ACL table names (#703) [Shuotian Cheng] 342f3a1 - 2019-10-08 : [intfstat,portstat] fix table_as_json (#691) [Mykola F] 5564d87 - 2019-10-07 : [acl-loader] egress mirror action support and action ASIC support check (#575) [Stepan Blyshchak]
madhanmellanox
pushed a commit
to madhanmellanox/sonic-buildimage
that referenced
this pull request
Mar 23, 2020
Signed-off-by: Andriy Moroz <[email protected]>
stepanblyschak
pushed a commit
to stepanblyschak/sonic-buildimage
that referenced
this pull request
May 10, 2021
…nters operation (sonic-net#697) Immediately after a clear counter operation, the difference between new counter and old counter is negative. Returning 0 in this situation
mssonicbld
added a commit
that referenced
this pull request
Nov 13, 2025
…D automatically (#24447) #### Why I did it src/sonic-platform-daemons ``` * 3384fec - (HEAD -> master, origin/master, origin/HEAD) [Port-breakout] Fix Unable to find key NPU_SI_SETTINGS_SYNC_STATUS syslog error (#622) (6 days ago) [Keshav Gupta] * 7ae74d5 - Skip setting lpmode of a xcvr if it's not supported (#697) (7 days ago) [kewei-arista] ``` #### How I did it #### How to verify it #### Description for the changelog
ashutosh-agrawal
pushed a commit
to AnantKishorSharma/sonic-buildimage
that referenced
this pull request
Nov 30, 2025
…D automatically (sonic-net#24447) #### Why I did it src/sonic-platform-daemons ``` * 3384fec - (HEAD -> master, origin/master, origin/HEAD) [Port-breakout] Fix Unable to find key NPU_SI_SETTINGS_SYNC_STATUS syslog error (sonic-net#622) (6 days ago) [Keshav Gupta] * 7ae74d5 - Skip setting lpmode of a xcvr if it's not supported (sonic-net#697) (7 days ago) [kewei-arista] ``` #### How I did it #### How to verify it #### Description for the changelog
FengPan-Frank
pushed a commit
to FengPan-Frank/sonic-buildimage
that referenced
this pull request
Dec 4, 2025
…D automatically (sonic-net#24447) #### Why I did it src/sonic-platform-daemons ``` * 3384fec - (HEAD -> master, origin/master, origin/HEAD) [Port-breakout] Fix Unable to find key NPU_SI_SETTINGS_SYNC_STATUS syslog error (sonic-net#622) (6 days ago) [Keshav Gupta] * 7ae74d5 - Skip setting lpmode of a xcvr if it's not supported (sonic-net#697) (7 days ago) [kewei-arista] ``` #### How I did it #### How to verify it #### Description for the changelog Signed-off-by: Feng Pan <[email protected]>
xwjiang-ms
pushed a commit
to xwjiang-ms/sonic-buildimage
that referenced
this pull request
Dec 22, 2025
…D automatically (sonic-net#24447) #### Why I did it src/sonic-platform-daemons ``` * 3384fec - (HEAD -> master, origin/master, origin/HEAD) [Port-breakout] Fix Unable to find key NPU_SI_SETTINGS_SYNC_STATUS syslog error (sonic-net#622) (6 days ago) [Keshav Gupta] * 7ae74d5 - Skip setting lpmode of a xcvr if it's not supported (sonic-net#697) (7 days ago) [kewei-arista] ``` #### How I did it #### How to verify it #### Description for the changelog Signed-off-by: xiaweijiang <[email protected]>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
In orchagent, the TCP_FLAGS expects both value and mask as the input.
Right now, translate_acl tool only support one TCP flag and generate
the ACL with both value and mask equal to the flag. This rule will
match packets that have this specific flag set regardless of the other
flags.