Skip to content

[202211] [cherry-pick] Add status for ACL_TABLE and ACL_RULE in STATE_DB#2749

Merged
StormLiangMS merged 1 commit intosonic-net:202211from
bingwang-ms:improve_show_acl_202211
Mar 24, 2023
Merged

[202211] [cherry-pick] Add status for ACL_TABLE and ACL_RULE in STATE_DB#2749
StormLiangMS merged 1 commit intosonic-net:202211from
bingwang-ms:improve_show_acl_202211

Conversation

@bingwang-ms
Copy link
Copy Markdown
Contributor

@bingwang-ms bingwang-ms commented Mar 20, 2023

What I did

This PR is to backport changes in PR #2667 into 202211 branch.
HLD sonic-net/SONiC#1261
This PR is to enhance show acl table and show acl rule commands.
Currently, show acl table and show acl rule commands read ACL table/rule configuration from CONFIG_DB directly. We don't know whether the ACL table or rule is created successfully.
We improved swss to write the status of ACL table/rule into a STATE_DB table. In this PR, the show command is enhanced to read the status from STATE_DB table.

How I did it

  1. Introduce two tables in STATE_DB
  2. orchgent writes the status to STATE_DB
  3. show commands read the status from STATE_DB.

How to verify it

Verified by copying the new script to a testbed, and check the output.

Previous command output (if the output of a command-line utility has changed)

$ show acl table DATAACL
Name     Type    Binding      Description    Stage     
-------  ------  -----------  -------------  -------   
DATAACL  L3      Ethernet0    DATAACL        ingress   
                 Ethernet4
                 Ethernet8
                 Ethernet12

show acl rule
Table    Rule          Priority    Action    Match               
-------  ------------  ----------  --------  ------------------- 
DATAACL  RULE_1        9999        DROP      DST_IP: 9.5.9.3/32  
                                             ETHER_TYPE: 2048
DATAACL  RULE_2        9998        FORWARD   DST_IP: 10.2.1.2/32 
                                             ETHER_TYPE: 2048
                                             IP_PROTOCOL: 6
                                             L4_DST_PORT: 22

New command output (if the output of a command-line utility has changed)

$ show acl table DATAACL
Name     Type    Binding      Description    Stage      Status
-------  ------  -----------  -------------  -------    -------
DATAACL  L3      Ethernet0    DATAACL        ingress    Active
                 Ethernet4
                 Ethernet8
                 Ethernet12

show acl rule
Table    Rule          Priority    Action    Match                Status
-------  ------------  ----------  --------  -------------------  --------
DATAACL  RULE_1        9999        DROP      DST_IP: 9.5.9.3/32   Active
                                             ETHER_TYPE: 2048
DATAACL  RULE_2        9998        FORWARD   DST_IP: 10.2.1.2/32  Active
                                             ETHER_TYPE: 2048
                                             IP_PROTOCOL: 6
                                             L4_DST_PORT: 22

StormLiangMS
StormLiangMS approved these changes Mar 24, 2023
View reviewed changes
Copy link
Copy Markdown
Contributor

@StormLiangMS StormLiangMS left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@StormLiangMS StormLiangMS merged commit 721e26f into sonic-net:202211 Mar 24, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@StormLiangMS StormLiangMS StormLiangMS approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@bingwang-ms @StormLiangMS