From 1b4e04861acfcf50a1a64491c7f0ab8f41b9cc11 Mon Sep 17 00:00:00 2001 From: Zhijian Li Date: Thu, 21 Sep 2023 10:33:18 +0000 Subject: [PATCH 1/2] update --- acl_loader/main.py | 8 +++++++ tests/acl_input/acl1.json | 44 ++++++++++++++++++++++++++++++++++++++- 2 files changed, 51 insertions(+), 1 deletion(-) diff --git a/acl_loader/main.py b/acl_loader/main.py index 5bacfe7d8f..e81e05d9b7 100644 --- a/acl_loader/main.py +++ b/acl_loader/main.py @@ -598,6 +598,14 @@ def convert_icmp(self, table_name, rule_idx, rule): is_rule_v6 = True except Exception as e: pass + else: + # get the IP version type using IP_PROTOCOL. + try: + ip_protocol = rule.ip.config.protocol + if ip_protocol == "IP_ICMPV6" or int(ip_protocol) == self.ip_protocol_map["IP_ICMPV6"]: + is_rule_v6 = True + except Exception as e: + pass type_key = "ICMPV6_TYPE" if is_rule_v6 else "ICMP_TYPE" code_key = "ICMPV6_CODE" if is_rule_v6 else "ICMP_CODE" diff --git a/tests/acl_input/acl1.json b/tests/acl_input/acl1.json index 4bcd8049be..586661bbc8 100644 --- a/tests/acl_input/acl1.json +++ b/tests/acl_input/acl1.json @@ -235,7 +235,7 @@ } } }, - "2": { + "100": { "config": { "sequence-id": 100 }, @@ -285,6 +285,27 @@ } } } + }, + "2": { + "actions": { + "config": { + "forwarding-action": "ACCEPT" + } + }, + "config": { + "sequence-id": 2 + }, + "ip": { + "config": { + "protocol": "1" + } + }, + "icmp": { + "config": { + "type": "136", + "code": "0" + } + } } } }, @@ -310,6 +331,27 @@ "destination-ip-address": "fc02::/64" } } + }, + "2": { + "actions": { + "config": { + "forwarding-action": "ACCEPT" + } + }, + "config": { + "sequence-id": 2 + }, + "ip": { + "config": { + "protocol": "58" + } + }, + "icmp": { + "config": { + "type": "136", + "code": "0" + } + } } } }, From 6c8748b7f4e80a9fec8fbec2ce249ce47b7e135c Mon Sep 17 00:00:00 2001 From: Zhijian Li Date: Thu, 21 Sep 2023 14:25:48 +0000 Subject: [PATCH 2/2] update --- tests/acl_loader_test.py | 27 +++++++++++++++++++++++++-- 1 file changed, 25 insertions(+), 2 deletions(-) diff --git a/tests/acl_loader_test.py b/tests/acl_loader_test.py index c4d2e0b9ea..599e47461a 100644 --- a/tests/acl_loader_test.py +++ b/tests/acl_loader_test.py @@ -150,7 +150,6 @@ def test_icmp_translation(self, acl_loader): def test_icmpv6_translation(self, acl_loader): acl_loader.rules_info = {} acl_loader.load_rules_from_file(os.path.join(test_path, 'acl_input/acl1.json')) - print(acl_loader.rules_info) assert acl_loader.rules_info[("DATAACL_2", "RULE_1")] == { "ICMPV6_TYPE": 1, "ICMPV6_CODE": 0, @@ -171,6 +170,30 @@ def test_icmpv6_translation(self, acl_loader): "PRIORITY": "9900" } + def test_icmp_translation_in_custom_acl_table_type(self, acl_loader): + acl_loader.rules_info = {} + acl_loader.load_rules_from_file(os.path.join(test_path, 'acl_input/acl1.json')) + assert acl_loader.rules_info[("BMC_ACL_NORTHBOUND", "RULE_2")] + assert acl_loader.rules_info[("BMC_ACL_NORTHBOUND", "RULE_2")] == { + "ICMP_TYPE": 136, + "ICMP_CODE": 0, + "IP_PROTOCOL": 1, + "PACKET_ACTION": "FORWARD", + "PRIORITY": "9998" + } + + def test_icmpv6_translation_in_custom_acl_table_type(self, acl_loader): + acl_loader.rules_info = {} + acl_loader.load_rules_from_file(os.path.join(test_path, 'acl_input/acl1.json')) + assert acl_loader.rules_info[("BMC_ACL_NORTHBOUND_V6", "RULE_2")] + assert acl_loader.rules_info[("BMC_ACL_NORTHBOUND_V6", "RULE_2")] == { + "ICMPV6_TYPE": 136, + "ICMPV6_CODE": 0, + "IP_PROTOCOL": 58, + "PACKET_ACTION": "FORWARD", + "PRIORITY": "9998" + } + def test_ingress_default_deny_rule(self, acl_loader): acl_loader.set_mirror_stage("ingress") acl_loader.get_session_name = mock.MagicMock(return_value="everflow_session_mock") @@ -250,7 +273,7 @@ def ttest_icmp_fields_with_non_icmpv6_protocol(self, acl_loader): assert not acl_loader.rules_info.get("RULE_1") - def test_icmp_fields_with_non_tcp_protocol(self, acl_loader): + def test_tcp_fields_with_non_tcp_protocol(self, acl_loader): acl_loader.rules_info = {} acl_loader.load_rules_from_file(os.path.join(test_path, 'acl_input/tcp_bad_protocol_number.json')) assert not acl_loader.rules_info.get("RULE_1")