Conversation
Pterosaur
requested review from
abdosi,
judyjoseph and
neethajohn
as code owners
Pterosaur
force-pushed
the
dash_acl
branch
11 times, most recently
from
0cc18b9 to
c88ec82
Compare
Pterosaur
force-pushed
the
dash_acl
branch
5 times, most recently
from
60901af to
2d35a7e
Compare
orchagent/dash/dashaclorch.cpp
Outdated
| attrs.back().id = SAI_DASH_ACL_RULE_ATTR_DASH_ACL_GROUP_ID; | ||
| attrs.back().value.oid = acl_group->m_dash_acl_group_id; | ||
|
|
||
| acl_rule.m_status = m_dash_acl_rule_bulker.create_entry(&acl_rule.m_dash_acl_rule_id, static_cast<uint32_t>(attrs.size()), attrs.data()); |
There was a problem hiding this comment.
same question as above re: bulk operations
orchagent/dash/dashaclorch.cpp
Outdated
| } | ||
| else | ||
| { | ||
| getAclGroup(group_id)->m_rule_count--; |
There was a problem hiding this comment.
Might be a good idea to add an error log here?
prsunny
left a comment
prsunny
left a comment
There was a problem hiding this comment.
You would need to maintain a ref count b/w eni and acl group to prevent deleting group while it is already bind to an ENI.
orchagent/dash/dashaclorch.cpp
Outdated
| else | ||
| { | ||
| // Update the ACL group's attributes | ||
| for (const auto &attr : attrs) |
There was a problem hiding this comment.
ACL group update is for what scenario? Is this only to set the ip_version, say changing from ipv4 to ipv6? if so, its not a valid case. can you check if this is required?
There was a problem hiding this comment.
OK, I removed the update block.
orchagent/dash/dashaclorch.cpp
Outdated
| // The member rules of group should be removed first | ||
| if (acl_group->m_rule_count != 0) | ||
| { | ||
| SWSS_LOG_WARN("ACL group %s still has %d rules", key.c_str(), acl_group->m_rule_count); |
There was a problem hiding this comment.
Please change this to info, else this log will be continuously generated. Please address this for all task_retries.
| } | ||
|
|
||
| // The member rules of group should be removed first | ||
| if (acl_group->m_rule_count != 0) |
There was a problem hiding this comment.
You should also check if this group is 'bind' to some ENI. If so, we cannot delete the group. User must first unbind the group before deleting.
There was a problem hiding this comment.
Done. Add a ref count to check that.
orchagent/dash/dashaclorch.cpp
Outdated
| auto acl_group = getAclGroup(group_id); | ||
| if (acl_group == nullptr) | ||
| { | ||
| SWSS_LOG_WARN("ACL group %s doesn't exist, waiting for group creating before creating rule %s", group_id.c_str(), rule_id.c_str()); |
There was a problem hiding this comment.
As suggested, please change to INFO
orchagent/dash/dashaclorch.cpp
Outdated
| // If the attributes don't have default value, just skip and wait for the user to set the value at the next message | ||
| if (!acl_rule.m_protocols) | ||
| { | ||
| const static vector<uint8_t> all_protocols = { |
There was a problem hiding this comment.
This is prone to error and hard to see if you missed some value. Suggest generating it through a lambda function.
| bool update_action = false; | ||
| update_action |= updateValue(data, "action", acl_rule.m_action); | ||
| update_action |= updateValue(data, "terminating", acl_rule.m_terminating); | ||
| if (update_action || (acl_rule.m_action && acl_rule.m_terminating && !is_existing)) |
There was a problem hiding this comment.
I see that is_existing is repeated all around? Please move this to a section for new create vs set.
There was a problem hiding this comment.
Here is an optimization I want.
I would always only pass these updated attributes to the SAI. But how can I know which attributes are updated if I move this to another section? I have no idea only if I introduce another repeated code to check and add them one by one to the attrs.
orchagent/dash/dashaclorch.cpp
Outdated
| } | ||
| else | ||
| { | ||
| // Update the ACL group's attributes |
There was a problem hiding this comment.
ACL Rule's attribute -> Typo
|
|
||
| bool is_existing = acl_rule.m_dash_acl_rule_id != SAI_NULL_OBJECT_ID; | ||
|
|
||
| if (!is_existing) |
There was a problem hiding this comment.
how about ref count in this case? do we need to decrement?
There was a problem hiding this comment.
In my opinion, a ACL rule can only be added to only one ACL group. So that the ref count is always one. If yes, why we need a count to record it?
orchagent/dash/dashaclorch.cpp
Outdated
| auto eni_entry = m_dash_orch->getEni(eni); | ||
| if (eni_entry == nullptr) | ||
| { | ||
| SWSS_LOG_WARN("eni %s cannot be found", eni.c_str()); |
| attr.id = getSaiStage(direction, *(acl_group->m_ip_version), stage); | ||
| attr.value.oid = acl_group->m_dash_acl_group_id; | ||
| } | ||
| else |
There was a problem hiding this comment.
What would be a case where updateValue fails?
There was a problem hiding this comment.
If the input string isn't valid or the new value equals than the old one.
Pterosaur
force-pushed
the
dash_acl
branch
9 times, most recently
from
bbf5032 to
2466354
Compare
Signed-off-by: Ze Gan <ganze718@gmail.com>
Pterosaur
force-pushed
the
dash_acl
branch
6 times, most recently
from
6fbe409 to
22552e4
Compare
Signed-off-by: Ze Gan <ganze718@gmail.com>
| else | ||
| { | ||
| SWSS_LOG_ERROR( | ||
| "Unknown task : %s - %s", |
There was a problem hiding this comment.
Might be a good idea to include the actual task/key in this message as well to help with debugging
There was a problem hiding this comment.
I believe all actual tasks/key have been logged in /var/log/swss/swss.rec by lib swsscommon so that we don't need repeated recording.
| if (task_status == task_need_retry) | ||
| { | ||
| SWSS_LOG_DEBUG( | ||
| "Task %s - %s need retry", |
| { | ||
| if (task_status != task_success) | ||
| { | ||
| SWSS_LOG_WARN("Task %s - %s fail", |
| else | ||
| { | ||
| SWSS_LOG_DEBUG( | ||
| "Task %s - %s success", |
3 participants
What I did
Add DASH ACL orchagent implementation.
Why I did it
DASH needs ACL function.
How I verified it
Details if related