sonic-net · lguohan · Dec 19, 2017 · Dec 5, 2017 · Dec 16, 2017 · lguohan
@@ -878,10 +878,39 @@ bool AclTable::create()
           SAI_ACL_RANGE_TYPE_L4_SRC_PORT_RANGE
         };
 
-    attr.id = SAI_ACL_TABLE_ATTR_ACL_BIND_POINT_TYPE_LIST;
+    set<sai_acl_bind_point_type_t> binds;
+    for (const auto& portid_pair : ports)
+    {
+        Port port;
+        if (!gPortsOrch->getPort(portid_pair.first, port))
+        {
+         continue;
+        }
+
+        switch (port.m_type)
+        {
+        case Port::PHY:
+            binds.insert(SAI_ACL_BIND_POINT_TYPE_PORT);
+            break;
+        case Port::VLAN:
+            binds.insert(SAI_ACL_BIND_POINT_TYPE_VLAN);
+            break;
+        case Port::LAG:
+            binds.insert(SAI_ACL_BIND_POINT_TYPE_LAG);
+            break;
+        default:
+            return SAI_STATUS_FAILURE;
+        }
+    }
+
     vector<int32_t> bpoint_list;
-    bpoint_list.push_back(SAI_ACL_BIND_POINT_TYPE_PORT);
-    attr.value.s32list.count = 1;
+    for (auto bind : binds)
+    {
+        bpoint_list.push_back(bind);
+    }
+
+    attr.id = SAI_ACL_TABLE_ATTR_ACL_BIND_POINT_TYPE_LIST;
+    attr.value.s32list.count = static_cast<uint32_t>(bpoint_list.size());
     attr.value.s32list.list = bpoint_list.data();
     table_attrs.push_back(attr);
 
@@ -1608,13 +1637,26 @@ bool AclOrch::processPorts(string portsList, std::function<void (sai_object_id_t
             return false;
         }
 
-        if (port.m_type != Port::PHY)
+        switch (port.m_type)
         {
-            SWSS_LOG_ERROR("Failed to process port. Incorrect port %s type %d", alias.c_str(), port.m_type);
-            return false;
-        }
-
-        inserter(port.m_port_id);
+        case Port::PHY:
+            if (port.m_lag_member_id != SAI_NULL_OBJECT_ID)
+            {
+                SWSS_LOG_ERROR("Failed to process port. Bind table to LAG member %s is not allowed", alias.c_str());
+                return false;
+            }
+            inserter(port.m_port_id);
+            break;
+        case Port::LAG:
+            inserter(port.m_lag_id);
+            break;
+        case Port::VLAN:
+            inserter(port.m_vlan_info.vlan_oid);
+            break;
+        default:
+          SWSS_LOG_ERROR("Failed to process port. Incorrect port %s type %d", alias.c_str(), port.m_type);
+          return false;
+      }
     }
 
     return true;

@@ -309,6 +309,13 @@ bool PortsOrch::getPort(sai_object_id_t id, Port &port)
                 return true;
             }
             break;
+        case Port::VLAN:
+            if (portIter.second.m_vlan_info.vlan_oid == id)
+            {
+                port = portIter.second;
+                return true;
+            }
+            break;
         default:
             continue;
         }
@@ -435,7 +442,30 @@ bool PortsOrch::bindAclTable(sai_object_id_t id, sai_object_id_t table_oid, sai_
     {
         bool ingress = acl_stage == ACL_STAGE_INGRESS ? true : false;
         // If port ACL table group does not exist, create one
-        sai_object_id_t bp_list[] = { SAI_ACL_BIND_POINT_TYPE_PORT };
+
+        Port p;
+        if (!getPort(id, p))
+        {
+            return false;
+        }
+
+        sai_acl_bind_point_type_t bind_type;
+        switch (p.m_type) {
+            case Port::PHY:
+                bind_type = SAI_ACL_BIND_POINT_TYPE_PORT;
+                break;
+            case Port::LAG:
+                bind_type = SAI_ACL_BIND_POINT_TYPE_LAG;
+                break;
+            case Port::VLAN:
+                bind_type = SAI_ACL_BIND_POINT_TYPE_VLAN;
+                break;
+            default:
+                SWSS_LOG_ERROR("Failed to bind ACL table to port %s with unknown type %d", p.m_alias.c_str(), p.m_type);
+                return false;
+        }
+
+        sai_object_id_t bp_list[] = { bind_type };
 
         vector<sai_attribute_t> group_attrs;
         sai_attribute_t group_attr;
@@ -469,17 +499,58 @@ bool PortsOrch::bindAclTable(sai_object_id_t id, sai_object_id_t table_oid, sai_
             port.m_egress_acl_table_group_id = groupOid;
         }
 
-        // Bind this ACL group to port OID
-        sai_attribute_t port_attr;
-        port_attr.id = ingress ? SAI_PORT_ATTR_INGRESS_ACL : SAI_PORT_ATTR_EGRESS_ACL;
-        port_attr.value.oid = groupOid;
+        switch (port.m_type)
+        {
+        case Port::PHY:
+        {
+            // Bind this ACL group to physical port
+            sai_attribute_t port_attr;
+            port_attr.id = ingress ? SAI_PORT_ATTR_INGRESS_ACL : SAI_PORT_ATTR_EGRESS_ACL;
+            port_attr.value.oid = groupOid;
 
-        status = sai_port_api->set_port_attribute(port.m_port_id, &port_attr);
-        if (status != SAI_STATUS_SUCCESS)
+            status = sai_port_api->set_port_attribute(port.m_port_id, &port_attr);
+            if (status != SAI_STATUS_SUCCESS)
+            {
+                SWSS_LOG_ERROR("Failed to bind port %s to ACL table group %lx, rv:%d",
+                        port.m_alias.c_str(), groupOid, status);
+                return status;
+            }
+            break;
+        }
+        case Port::LAG:
         {
-            SWSS_LOG_ERROR("Failed to bind port %lx(%s) to ACL table group %lx, rv:%d",
-                    port.m_port_id, port.m_alias.c_str(), groupOid, status);
-            return false;
+            // Bind this ACL group to LAG
+            sai_attribute_t lag_attr;
+	        lag_attr.id = ingress ? SAI_LAG_ATTR_INGRESS_ACL : SAI_LAG_ATTR_EGRESS_ACL;
+            lag_attr.value.oid = groupOid;
+
+            status = sai_lag_api->set_lag_attribute(port.m_lag_id, &lag_attr);
+            if (status != SAI_STATUS_SUCCESS)
+            {
+                SWSS_LOG_ERROR("Failed to bind LAG %s to ACL table group %lx, rv:%d",
+                        port.m_alias.c_str(), groupOid, status);
+                return status;
+            }
+            break;
+        }
+        case Port::VLAN:
+            // Bind this ACL group to VLAN
+            sai_attribute_t vlan_attr;
+            vlan_attr.id = ingress ? SAI_VLAN_ATTR_INGRESS_ACL : SAI_VLAN_ATTR_EGRESS_ACL;
+            vlan_attr.value.oid = groupOid;
+
+            status = sai_vlan_api->set_vlan_attribute(port.m_vlan_info.vlan_oid, &vlan_attr);
+            if (status != SAI_STATUS_SUCCESS)
+            {
+                SWSS_LOG_ERROR("Failed to bind VLAN %s to ACL table group %lx, rv:%d",
+                        port.m_alias.c_str(), groupOid, status);
+                return status;
+            }
+
+            break;
+        default:
+            SWSS_LOG_ERROR("Failed to bind %s port with type %d", port.m_alias.c_str(), port.m_type);
+            return SAI_STATUS_FAILURE;
         }
 
         SWSS_LOG_NOTICE("Create ACL table group and bind port %s to it", port.m_alias.c_str());