Update test_caclmgrd_syslog case to make it work at dualtor setup

[echuawu]

Description of PR

Update test_caclmgrd_syslog case to make it work at dualtor setup
At dualtor setup there would be "iptables -t nat -A POSTROUTING" instead of "iptables -A INPUT"

Summary:
Fixes # (issue)

Type of change

• Bug fix
• Testbed and Framework(new/improvement)
• New Test case
  • Skipped for non-supported platforms
• Test case improvement

Back port request

• 202012
• 202205
• 202305
• 202311
• 202405
• 202411

Approach

What is the motivation for this PR?

Make the case test_caclmgrd_syslog pass at dualtor setup

How did you do it?

Enhance the cacl match pattern

How did you verify/test it?

Run it in local setup

Any platform specific information?

Supported testbed topology if it's a new test case?

Documentation

[mssonicbld]

/azp run

[azure-pipelines]

Azure Pipelines successfully started running 1 pipeline(s).

[ZhaohuiS]

@echuawu sometimes on Dualtor testbeds, iptables -t nat -A POSTROUTING may not in the output of systemctl status caclmgrd either.

admin@bjw-can-7260-14:~$ sudo systemctl status caclmgrd
● caclmgrd.service - Control Plane ACL configuration daemon
Loaded: loaded (/lib/systemd/system/caclmgrd.service; enabled; preset: enabled)
Active: active (running) since Wed 2025-05-07 09:12:34 UTC; 1h 56min ago
Main PID: 1543976 (caclmgrd)
Tasks: 1 (limit: 9458)
Memory: 15.0M
CGroup: /system.slice/caclmgrd.service
└─1543976 /usr/bin/python3 /usr/local/bin/caclmgrd

May 07 11:09:14 bjw-can-7260-14 caclmgrd[1543976]: mux cable update : '('Ethernet32', 'SET', (('state', 'unknown'),))'
May 07 11:09:14 bjw-can-7260-14 caclmgrd[1617380]: iptables: Bad rule (does a matching rule exist in that chain?).
May 07 11:09:14 bjw-can-7260-14 caclmgrd[1543976]: mux cable update : '('Ethernet24', 'SET', (('state', 'unknown'),))'
May 07 11:09:14 bjw-can-7260-14 caclmgrd[1617381]: iptables: Bad rule (does a matching rule exist in that chain?).
May 07 11:09:14 bjw-can-7260-14 caclmgrd[1543976]: mux cable update : '('Ethernet0', 'SET', (('state', 'unknown'),))'
May 07 11:09:14 bjw-can-7260-14 caclmgrd[1617382]: iptables: Bad rule (does a matching rule exist in that chain?).
May 07 11:09:14 bjw-can-7260-14 caclmgrd[1543976]: mux cable update : '('Ethernet120', 'SET', (('state', 'unknown'),))'
May 07 11:09:14 bjw-can-7260-14 caclmgrd[1617383]: iptables: Bad rule (does a matching rule exist in that chain?).
May 07 11:09:14 bjw-can-7260-14 caclmgrd[1543976]: mux cable update : '('Ethernet184', 'SET', (('state', 'unknown'),))'
May 07 11:09:14 bjw-can-7260-14 caclmgrd[1617384]: iptables: Bad rule (does a matching rule exist in that chain?).
admin@bjw-can-7260-14:~$
So this PR #18257 maybe better to avoid false failure.

[echuawu]

@echuawu sometimes on Dualtor testbeds, iptables -t nat -A POSTROUTING may not in the output of systemctl status caclmgrd either.

admin@bjw-can-7260-14:~$ sudo systemctl status caclmgrd ● caclmgrd.service - Control Plane ACL configuration daemon Loaded: loaded (/lib/systemd/system/caclmgrd.service; enabled; preset: enabled) Active: active (running) since Wed 2025-05-07 09:12:34 UTC; 1h 56min ago Main PID: 1543976 (caclmgrd) Tasks: 1 (limit: 9458) Memory: 15.0M CGroup: /system.slice/caclmgrd.service └─1543976 /usr/bin/python3 /usr/local/bin/caclmgrd

May 07 11:09:14 bjw-can-7260-14 caclmgrd[1543976]: mux cable update : '('Ethernet32', 'SET', (('state', 'unknown'),))' May 07 11:09:14 bjw-can-7260-14 caclmgrd[1617380]: iptables: Bad rule (does a matching rule exist in that chain?). May 07 11:09:14 bjw-can-7260-14 caclmgrd[1543976]: mux cable update : '('Ethernet24', 'SET', (('state', 'unknown'),))' May 07 11:09:14 bjw-can-7260-14 caclmgrd[1617381]: iptables: Bad rule (does a matching rule exist in that chain?). May 07 11:09:14 bjw-can-7260-14 caclmgrd[1543976]: mux cable update : '('Ethernet0', 'SET', (('state', 'unknown'),))' May 07 11:09:14 bjw-can-7260-14 caclmgrd[1617382]: iptables: Bad rule (does a matching rule exist in that chain?). May 07 11:09:14 bjw-can-7260-14 caclmgrd[1543976]: mux cable update : '('Ethernet120', 'SET', (('state', 'unknown'),))' May 07 11:09:14 bjw-can-7260-14 caclmgrd[1617383]: iptables: Bad rule (does a matching rule exist in that chain?). May 07 11:09:14 bjw-can-7260-14 caclmgrd[1543976]: mux cable update : '('Ethernet184', 'SET', (('state', 'unknown'),))' May 07 11:09:14 bjw-can-7260-14 caclmgrd[1617384]: iptables: Bad rule (does a matching rule exist in that chain?). admin@bjw-can-7260-14:~$ So this PR #18257 maybe better to avoid false failure.

Is it something went wrong in this case?

[ZhaohuiS]

No,
Just use a regex match caclmgrd.*iptables or caclmgrd.*mux instead of matching a specific string in the output.

 match = re.search(r'(caclmgrd.*?iptables)', systemctl_output)
 mux_match = re.search(r'(caclmgrd.*?mux)', systemctl_output)
 pytest_assert(match or mux_match, "iptables rules are not applied after restarting caclmgrd")

[mssonicbld]

/azp run

[azure-pipelines]

Azure Pipelines successfully started running 1 pipeline(s).

[echuawu]

No, Just use a regex match caclmgrd.*iptables or caclmgrd.*mux instead of matching a specific string in the output.

 match = re.search(r'(caclmgrd.*?iptables)', systemctl_output)
 mux_match = re.search(r'(caclmgrd.*?mux)', systemctl_output)
 pytest_assert(match or mux_match, "iptables rules are not applied after restarting caclmgrd")

Updated, please approve.