diff --git a/src/sonic-config-engine/tests/sample_output/rules_for_dataacl.json b/src/sonic-config-engine/tests/sample_output/rules_for_dataacl.json index 48fa240c9dc..709468f9d94 100644 --- a/src/sonic-config-engine/tests/sample_output/rules_for_dataacl.json +++ b/src/sonic-config-engine/tests/sample_output/rules_for_dataacl.json @@ -1,6 +1,6 @@ [ { - "ACL_RULE_TABLE:dataacl:Rule_1":{ + "ACL_RULE_TABLE:DATAACL:RULE_1":{ "IP_PROTOCOL":17, "PACKET_ACTION":"FORWARD", "SRC_IP":"10.0.0.0/8", @@ -9,7 +9,7 @@ "OP":"SET" }, { - "ACL_RULE_TABLE:dataacl:Rule_3":{ + "ACL_RULE_TABLE:DATAACL:RULE_3":{ "IP_PROTOCOL":17, "PACKET_ACTION":"FORWARD", "SRC_IP":"25.0.0.0/8", @@ -18,7 +18,7 @@ "OP":"SET" }, { - "ACL_RULE_TABLE:dataacl:Rule_2":{ + "ACL_RULE_TABLE:DATAACL:RULE_2":{ "IP_PROTOCOL":17, "PACKET_ACTION":"FORWARD", "SRC_IP":"100.64.0.0/10", @@ -27,12 +27,20 @@ "OP":"SET" }, { - "ACL_RULE_TABLE:dataacl:Rule_4":{ + "ACL_RULE_TABLE:DATAACL:RULE_4":{ "IP_PROTOCOL":6, "PACKET_ACTION":"FORWARD", "TCP_FLAGS":"0x10/0x10", "priority":9996 }, "OP":"SET" + }, + { + "ACL_RULE_TABLE:DATAACL:DEFAULT_RULE":{ + "ETHER_TYPE":"0x0800", + "PACKET_ACTION":"DROP", + "priority":1 + }, + "OP":"SET" } ] \ No newline at end of file diff --git a/src/sonic-config-engine/tests/sample_output/rules_for_everflow.json b/src/sonic-config-engine/tests/sample_output/rules_for_everflow.json index c31965e31e2..2f39a0dcc4a 100644 --- a/src/sonic-config-engine/tests/sample_output/rules_for_everflow.json +++ b/src/sonic-config-engine/tests/sample_output/rules_for_everflow.json @@ -1,6 +1,6 @@ [ { - "ACL_RULE_TABLE:everflow:Rule_1":{ + "ACL_RULE_TABLE:EVERFLOW:RULE_1":{ "DST_IP":"127.0.0.1/32", "IP_PROTOCOL":6, "L4_DST_PORT":0, diff --git a/src/sonic-config-engine/translate_acl b/src/sonic-config-engine/translate_acl index 584db7b6448..696a433730a 100755 --- a/src/sonic-config-engine/translate_acl +++ b/src/sonic-config-engine/translate_acl @@ -13,11 +13,21 @@ def dump_json(filename, data): with open(filename, 'w') as outfile: json.dump(data, outfile, indent=4, sort_keys=True, separators=(',', ':')) +def default_deny_rule(table_name): + rule_props = {} + rule_data = {} + rule_data["ACL_RULE_TABLE:"+table_name.upper()+":DEFAULT_RULE"] = rule_props + rule_data["OP"] = "SET" + rule_props["priority"] = 1 + rule_props["ETHER_TYPE"] = "0x0800" + rule_props["PACKET_ACTION"] = "DROP" + return rule_data + def generate_rule_json(table_name, rule, max_priority, mirror): rule_idx = rule.config.sequence_id rule_props = {} rule_data = {} - rule_data["ACL_RULE_TABLE:"+table_name+":Rule_"+str(rule_idx)] = rule_props + rule_data["ACL_RULE_TABLE:"+table_name.upper()+":RULE_"+str(rule_idx)] = rule_props rule_data["OP"] = "SET" rule_props["priority"] = max_priority - rule_idx @@ -120,7 +130,8 @@ def generate_table_json(aclset, aclname, ports, mirror, max_priority, output_pat rule_props = generate_rule_json(table_name, aclentry, max_priority, mirror) if rule_props: rule_data.append(rule_props) - + if not mirror: + rule_data.append(default_deny_rule(table_name)) dump_json(os.path.join(output_path, "rules_for_"+table_name+".json"), rule_data) def translate_acl_fixed_port(filename, output_path, port, max_priority):