sonic-net
diff --git a/‎.artifactignore‎
Lines changed: 2 additions & 0 deletions b/‎.artifactignore‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎.coveragerc‎
Lines changed: 29 additions & 0 deletions b/‎.coveragerc‎
Lines changed: 29 additions & 0 deletions
diff --git a/‎.github/ISSUE_TEMPLATE.md‎
Lines changed: 0 additions & 60 deletions b/‎.github/ISSUE_TEMPLATE.md‎
Lines changed: 0 additions & 60 deletions
diff --git a/‎.github/PULL_REQUEST_TEMPLATE.md‎
Lines changed: 0 additions & 32 deletions b/‎.github/PULL_REQUEST_TEMPLATE.md‎
Lines changed: 0 additions & 32 deletions
diff --git a/‎.github/issue_template.md‎
Lines changed: 60 additions & 0 deletions b/‎.github/issue_template.md‎
Lines changed: 60 additions & 0 deletions
diff --git a/‎.github/pull_request_template.md‎
Lines changed: 32 additions & 0 deletions b/‎.github/pull_request_template.md‎
Lines changed: 32 additions & 0 deletions
diff --git a/‎acl_loader/main.py‎
Lines changed: 78 additions & 10 deletions b/‎acl_loader/main.py‎
Lines changed: 78 additions & 10 deletions
@@ -0,0 +1,2 @@
+**/*
+!dist/*.whl
@@ -0,0 +1,29 @@
+[run]
+branch = True
+source =
+    acl_loader
+    clear
+    config
+    connect
+    consutil
+    counterpoll
+    crm
+    debug
+    fdbutil
+    fwutil
+    pcieutil
+    pddf_fanutil
+    pddf_ledutil
+    pddf_psuutil
+    pddf_thermalutil
+    pfc
+    pfcwd
+    psuutil
+    scripts
+    sfputil
+    show
+    sonic_installer
+    ssdutil
+    undebug
+    utilities_common
+    watchdogutil
@@ -0,0 +1,60 @@
+<!--
+    If you are reporting a new issue, make sure that we do not have any duplicates
+    already open. You can ensure this by searching the issue list for this
+    repository. If there is a duplicate, please close your issue and add a comment
+    to the existing issue instead.
+
+    If you suspect your issue is a bug, please edit your issue description to
+    include the BUG REPORT INFORMATION shown below. If you fail to provide this
+    information within 7 days, we cannot debug your issue and will close it. We
+    will, however, reopen it if you later provide the information.
+
+    For more information about reporting issues, see
+    https://github.com/Azure/SONiC/wiki#report-issues
+
+    ---------------------------------------------------
+    GENERAL SUPPORT INFORMATION
+    ---------------------------------------------------
+
+    The GitHub issue tracker is for bug reports and feature requests.
+    General support can be found at the following locations:
+
+    - SONiC Support Forums - https://groups.google.com/forum/#!forum/sonicproject
+
+    ---------------------------------------------------
+    BUG REPORT INFORMATION
+    ---------------------------------------------------
+    Use the commands below to provide key information from your environment:
+    You do NOT have to include this information if this is a FEATURE REQUEST
+-->
+
+#### Description
+
+<!--
+     Briefly describe the problem you are having in a few paragraphs.
+-->
+
+## Steps to reproduce the issue
+1.
+2.
+3.
+
+#### Describe the results you received
+
+
+#### Describe the results you expected
+
+
+#### Additional information you deem important (e.g. issue happens only occasionally)
+
+
+#### Output of `show version`
+
+```
+(paste your output here)
+```
+
+<!--
+     Also attach debug file produced by `sudo generate_dump`
+-->
+
@@ -0,0 +1,32 @@
+<!--
+    Please make sure you've read and understood our contributing guidelines:
+    https://github.com/Azure/SONiC/blob/gh-pages/CONTRIBUTING.md
+
+    ** Make sure all your commits include a signature generated with `git commit -s` **
+
+    If this is a bug fix, make sure your description includes "closes #xxxx",
+    "fixes #xxxx" or "resolves #xxxx" so that GitHub automatically closes the related
+    issue when the PR is merged.
+
+    If you are adding/modifying/removing any command or utility script, please also
+    make sure to add/modify/remove any unit tests from the tests
+    directory as appropriate.
+
+    If you are modifying or removing an existing 'show', 'config' or 'sonic-clear'
+    subcommand, or you are adding a new subcommand, please make sure you also
+    update the Command Line Reference Guide (doc/Command-Reference.md) to reflect
+    your changes.
+
+    Please provide the following information:
+-->
+
+#### What I did
+
+#### How I did it
+
+#### How to verify it
+
+#### Previous command output (if the output of a command-line utility has changed)
+
+#### New command output (if the output of a command-line utility has changed)
+
@@ -9,9 +9,8 @@
 import tabulate
 import pyangbind.lib.pybindJSON as pybindJSON
 from natsort import natsorted
-from sonic_py_common import device_info
-from swsssdk import ConfigDBConnector, SonicDBConfig
-from swsscommon.swsscommon import SonicV2Connector
+from sonic_py_common import device_info, multi_asic
+from swsscommon.swsscommon import SonicV2Connector, ConfigDBConnector, SonicDBConfig
 
 
 def info(msg):
@@ -104,6 +103,7 @@ class AclLoader(object):
         "IP_RSVP": 46,
         "IP_GRE": 47,
         "IP_AUTH": 51,
+        "IP_ICMPV6": 58,
         "IP_L2TP": 115
     }
 
@@ -115,8 +115,13 @@ def __init__(self):
         self.tables_db_info = {}
         self.rules_db_info = {}
         self.rules_info = {}
-        # Load global db config. This call is no-op in single npu platforms
-        SonicDBConfig.load_sonic_global_db_config()
+
+        if multi_asic.is_multi_asic():
+            # Load global db config
+            SonicDBConfig.load_sonic_global_db_config()
+        else:
+            SonicDBConfig.initialize()
+
         self.sessions_db_info = {}
         self.configdb = ConfigDBConnector()
         self.configdb.connect()
@@ -286,6 +291,14 @@ def is_table_mirror(self, tname):
         """
         return self.tables_db_info[tname]['type'].upper().startswith(self.ACL_TABLE_TYPE_MIRROR)
 
+    def is_table_ipv6(self, tname):
+        """
+        Check if ACL table type is IPv6 (L3V6 or MIRRORV6)
+        :param tname: ACL table name
+        :return: True if table type is IPv6 else False
+        """
+        return self.tables_db_info[tname]["type"].upper() in ("L3V6", "MIRRORV6")
+
     def is_table_control_plane(self, tname):
         """
         Check if ACL table type is ACL_TABLE_TYPE_CTRLPLANE
@@ -405,9 +418,18 @@ def convert_l2(self, table_name, rule_idx, rule):
             else:
                 try:
                     rule_props["ETHER_TYPE"] = int(rule.l2.config.ethertype)
-                except:
-                    raise AclLoaderException("Failed to convert ethertype %s table %s rule %s" % (
-                        rule.l2.config.ethertype, table_name, rule_idx))
+                except Exception as e:
+                    raise AclLoaderException(
+                        "Failed to convert ethertype %s; table %s rule %s; exception=%s" %
+                        (rule.l2.config.ethertype, table_name, rule_idx, str(e)))
+
+        if rule.l2.config.vlan_id != "" and rule.l2.config.vlan_id != "null":
+            vlan_id = rule.l2.config.vlan_id
+
+            if vlan_id <= 0 or vlan_id >= 4096:
+                raise AclLoaderException("VLAN ID %d is out of bounds (0, 4096)" % (vlan_id))
+
+            rule_props["VLAN_ID"] = vlan_id
 
         return rule_props
 
@@ -418,7 +440,12 @@ def convert_ip(self, table_name, rule_idx, rule):
         # so there isn't currently a good way to check if the user defined proto=0 or not.
         if rule.ip.config.protocol:
             if rule.ip.config.protocol in self.ip_protocol_map:
-                rule_props["IP_PROTOCOL"] = self.ip_protocol_map[rule.ip.config.protocol]
+                # Special case: ICMP has different protocol numbers for IPv4 and IPv6, so if we receive
+                # "IP_ICMP" we need to pick the correct protocol number for the IP version
+                if rule.ip.config.protocol == "IP_ICMP" and self.is_table_ipv6(table_name):
+                    rule_props["IP_PROTOCOL"] = self.ip_protocol_map["IP_ICMPV6"]
+                else:
+                    rule_props["IP_PROTOCOL"] = self.ip_protocol_map[rule.ip.config.protocol]
             else:
                 try:
                     int(rule.ip.config.protocol)
@@ -449,6 +476,31 @@ def convert_ip(self, table_name, rule_idx, rule):
 
         return rule_props
 
+    def convert_icmp(self, table_name, rule_idx, rule):
+        rule_props = {}
+
+        is_table_v6 = self.is_table_ipv6(table_name)
+        type_key = "ICMPV6_TYPE" if is_table_v6 else "ICMP_TYPE"
+        code_key = "ICMPV6_CODE" if is_table_v6 else "ICMP_CODE"
+
+        if rule.icmp.config.type != "" and rule.icmp.config.type != "null":
+            icmp_type = rule.icmp.config.type
+
+            if icmp_type < 0 or icmp_type > 255:
+                raise AclLoaderException("ICMP type %d is out of bounds [0, 255]" % (icmp_type))
+
+            rule_props[type_key] = icmp_type
+
+        if rule.icmp.config.code != "" and rule.icmp.config.code != "null":
+            icmp_code = rule.icmp.config.code
+
+            if icmp_code < 0 or icmp_code > 255:
+                raise AclLoaderException("ICMP code %d is out of bounds [0, 255]" % (icmp_code))
+
+            rule_props[code_key] = icmp_code
+
+        return rule_props
+
     def convert_port(self, port):
         """
         Convert port field format from openconfig ACL to Config DB schema
@@ -507,6 +559,19 @@ def convert_input_interface(self, table_name, rule_idx, rule):
 
         return rule_props
 
+    def validate_rule_fields(self, rule_props):
+        protocol = rule_props.get("IP_PROTOCOL")
+
+        if protocol:
+            if "TCP_FLAGS" in rule_props and protocol != 6:
+                raise AclLoaderException("IP_PROTOCOL={} is not TCP, but TCP flags were provided".format(protocol))
+
+            if ("ICMP_TYPE" in rule_props or "ICMP_CODE" in rule_props) and protocol != 1:
+                raise AclLoaderException("IP_PROTOCOL={} is not ICMP, but ICMP fields were provided".format(protocol))
+
+            if ("ICMPV6_TYPE" in rule_props or "ICMPV6_CODE" in rule_props) and protocol != 58:
+                raise AclLoaderException("IP_PROTOCOL={} is not ICMPV6, but ICMPV6 fields were provided".format(protocol))
+
     def convert_rule_to_db_schema(self, table_name, rule):
         """
         Convert rules format from openconfig ACL to Config DB schema
@@ -523,9 +588,12 @@ def convert_rule_to_db_schema(self, table_name, rule):
         deep_update(rule_props, self.convert_action(table_name, rule_idx, rule))
         deep_update(rule_props, self.convert_l2(table_name, rule_idx, rule))
         deep_update(rule_props, self.convert_ip(table_name, rule_idx, rule))
+        deep_update(rule_props, self.convert_icmp(table_name, rule_idx, rule))
         deep_update(rule_props, self.convert_transport(table_name, rule_idx, rule))
         deep_update(rule_props, self.convert_input_interface(table_name, rule_idx, rule))
 
+        self.validate_rule_fields(rule_props)
+
         return rule_data
 
     def deny_rule(self, table_name):
@@ -538,7 +606,7 @@ def deny_rule(self, table_name):
         rule_data = {(table_name, "DEFAULT_RULE"): rule_props}
         rule_props["PRIORITY"] = str(self.min_priority)
         rule_props["PACKET_ACTION"] = "DROP"
-        if 'v6' in table_name.lower():
+        if self.is_table_ipv6(table_name):
             rule_props["IP_TYPE"] = "IPV6ANY"  # ETHERTYPE is not supported for DATAACLV6
         else:
             rule_props["ETHER_TYPE"] = str(self.ethertype_map["ETHERTYPE_IPV4"])