[cfggen] Add tool to translate openconfig acl into sonic format #388
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
stcheng
reviewed
Mar 9, 2017
| rule_props["PACKET_ACTION"] = "FORWARD" | ||
| elif rule.actions.config.forwarding_action == "DROP": | ||
| rule_props["PACKET_ACTION"] = "DROP" | ||
| elif rule.actions.config.forwarding_action == "REJECT": |
There was a problem hiding this comment.
i'm just curious what they do for the reject action. any difference from the drop? #Closed
There was a problem hiding this comment.
By openconfig definition, REJECT is to "Drop the packet and send an ICMP error message to the source". We don't support ICMP error message right now, of course. #Closed
taoyl-ms
force-pushed
the
taoyl/pyangbind
branch
2 times, most recently
from
07cd100
to
38d19ce
Compare
taoyl-ms
force-pushed
the
taoyl/pyangbind
branch
from
38d19ce
to
b7486c2
Compare
lguohan
reviewed
Mar 13, 2017
| if flag == "TCP_SYN": | ||
| tcp_flags = tcp_flags | 0x02 | ||
| if flag == "TCP_FIN": | ||
| tcp_flags = tcp_flags | 0x01 |
There was a problem hiding this comment.
probably swap the order of SYN and FIN? #Resolved
lguohan
reviewed
Mar 13, 2017
| table_props = {} | ||
| table_props["policy_desc"] = table_name | ||
| table_props["type"] = "L3" | ||
| table_props["ports"] = "Ethernet0" |
There was a problem hiding this comment.
why is this Ethernet0? #Resolved
lguohan
reviewed
Mar 13, 2017
|
|
||
|
|
||
| def main(): | ||
| translate(sys.argv[1]) |
There was a problem hiding this comment.
rename to translate_acl for better clarity? #Resolved
lguohan
reviewed
Mar 13, 2017
|
|
||
| {% if docker_config_engine_debs != '' %} |
There was a problem hiding this comment.
-> {% if docker_config_engine_debs.strip() -%} #Resolved
lguohan
reviewed
Mar 13, 2017
| RUN dpkg -i \ | ||
| {% for deb in docker_config_engine_debs.split(' ') -%} | ||
| debs/{{ deb }}{{' '}} | ||
| {%- endfor %} | ||
| {%- endif -%} | ||
|
|
||
| {% if docker_config_engine_whls != '' %} |
lguohan
reviewed
Mar 13, 2017
| sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install \ | ||
| python-dev \ |
There was a problem hiding this comment.
also need to remove python-dev later? #Resolved
There was a problem hiding this comment.
It's in base image. Do we also care a lot about size here? I prefer we keep it for easier usage of pip.
In reply to: 105694773 [](ancestors = 105694773)
There was a problem hiding this comment.
we care about size since some switch only have 2G disk, what's the size we are talking about? #Resolved
lguohan
reviewed
Mar 13, 2017
| rule_data["ACL_RULE_TABLE:"+table_name+":Rule_"+str(rule_idx)] = rule_props | ||
| rule_data["OP"] = "SET" | ||
|
|
||
| rule_props["priority"] = 10000 - rule_idx |
There was a problem hiding this comment.
make 10000 as a parameter with default value, it should not be hardcoded in the code. #Resolved
lguohan
reviewed
Mar 13, 2017
| elif rule.ip.config.protocol == "IP_AUTH": | ||
| rule_props["IP_PROTOCOL"] = "51" | ||
| elif rule.ip.config.protocol == "IP_L2TP": | ||
| rule_props["IP_PROTOCOL"] = "115" |
There was a problem hiding this comment.
better to create a map for such translation? #Resolved
lguohan
reviewed
Mar 13, 2017
| print "Unknown rule action %s in table %s, rule %d!" % (rule.actions.config.forwarding_action, table_name, rule_idx) | ||
| return {} | ||
|
|
||
| if rule.ip.config.protocol == "": |
There was a problem hiding this comment.
compare with "" does not look like a good practice. check below
lguohan
reviewed
Mar 13, 2017
| table_data = [{}] | ||
| table_data[0]["ACL_TABLE:"+table_name] = table_props | ||
| table_data[0]["OP"] = "SET" | ||
| dump_json("table_"+table_name+".json", table_data) |
There was a problem hiding this comment.
which directory do we put them into? can you add an option to specify the output directory? #Resolved
|
what's the license for openconfig_acl.py? can we import the whole github instead of this one file? How do we plan to maintain this file? #Resolved |
|
This file is not in openconfig github. It is an auto-generated file by pyangbind taking openconfig and ietf-config github as input. We can also rerun the generation process during every build, but I doubt if we really have the need to do that as it will quite complicate the build process. In reply to: 286154088 [](ancestors = 286154088) |
|
ok, can you put comments in the file, to describe how this file is generated? #Resolved |
taoyl-ms
force-pushed
the
taoyl/pyangbind
branch
from
8e18b73
to
4a3c0e1
Compare
taoyl-ms
force-pushed
the
taoyl/pyangbind
branch
from
4a3c0e1
to
fa2ff78
Compare
lguohan
approved these changes
Mar 17, 2017
stcheng
pushed a commit
that referenced
this pull request
Mar 20, 2017
lguohan
added a commit
to lguohan/sonic-buildimage
that referenced
this pull request
Dec 3, 2018
* cd97c60 2018-12-03 | Add support for recreate host interfaces tap devices on warm start (sonic-net#392) [Kamil Cudnik] * b4a7160 2018-12-03 | Drain asic queue before processing shutdown request (sonic-net#388) [Kamil Cudnik] Signed-off-by: Guohan Lu <[email protected]>
yxieca
added a commit
to yxieca/sonic-buildimage
that referenced
this pull request
Dec 5, 2018
- [warm boot] introduce command line options to warm/fast reboot scripts (sonic-net#399) - Use -d instead of -m in config qos (sonic-net#388) Signed-off-by: Ying Xie <[email protected]>
lguohan
pushed a commit
that referenced
this pull request
Dec 5, 2018
- [warm boot] introduce command line options to warm/fast reboot scripts (#399) - Use -d instead of -m in config qos (#388) Signed-off-by: Ying Xie <[email protected]>
Kalimuthu-Velappan
pushed a commit
to Kalimuthu-Velappan/sonic-buildimage
that referenced
this pull request
Sep 12, 2019
madhanmellanox
pushed a commit
to madhanmellanox/sonic-buildimage
that referenced
this pull request
Mar 23, 2020
…onic-net#358)" (sonic-net#371)" (sonic-net#388) This reverts commit 8fc09d0.
dmytroxshevchuk
pushed a commit
to dmytroxshevchuk/sonic-buildimage
that referenced
this pull request
Aug 31, 2020
qiluo-msft
added a commit
to qiluo-msft/sonic-buildimage
that referenced
this pull request
Nov 19, 2020
Update the sonic-swss-common submodule. The following are the commits in the submodule. ``` 95f9e11 2020-11-19 | [pyext] allow to catch exceptions raised in python (sonic-net#415) [Stepan Blyshchak] 5a718f9 2020-11-18 | [swig] translate C++ `del` to python `delete` (sonic-net#416) [Qi Luo] 40b255b 2020-11-12 | Fix: SWIG dict.get() should have optional default value parameter (sonic-net#413) [Qi Luo] 91e484d 2020-11-07 | Reduce notice logging (sonic-net#412) [Qi Luo] f5945ae 2020-11-05 | Mux Cable schema definitions for interaction between linkmanager and xcvrd (sonic-net#411) [vdahiya12] 602f9c2 2020-11-05 | [lua] load lua script on demand (sonic-net#409) [Dong Zhang] d88412b 2020-11-04 | Rename hdel to del when using multiple keys as param (sonic-net#410) [Kamil Cudnik] e0c229a 2020-11-04 | CHASSIS_STATE_DB on control-card for chassis state (sonic-net#395) [mprabhu-nokia] a4e3ac8 2020-11-04 | Chassisd config table to store admin state (sonic-net#388) [mprabhu-nokia] ```
qiluo-msft
added a commit
that referenced
this pull request
Nov 19, 2020
Update the sonic-swss-common submodule. The following are the commits in the submodule. ``` 95f9e11 2020-11-19 | [pyext] allow to catch exceptions raised in python (#415) [Stepan Blyshchak] 5a718f9 2020-11-18 | [swig] translate C++ `del` to python `delete` (#416) [Qi Luo] 40b255b 2020-11-12 | Fix: SWIG dict.get() should have optional default value parameter (#413) [Qi Luo] 91e484d 2020-11-07 | Reduce notice logging (#412) [Qi Luo] f5945ae 2020-11-05 | Mux Cable schema definitions for interaction between linkmanager and xcvrd (#411) [vdahiya12] 602f9c2 2020-11-05 | [lua] load lua script on demand (#409) [Dong Zhang] d88412b 2020-11-04 | Rename hdel to del when using multiple keys as param (#410) [Kamil Cudnik] e0c229a 2020-11-04 | CHASSIS_STATE_DB on control-card for chassis state (#395) [mprabhu-nokia] a4e3ac8 2020-11-04 | Chassisd config table to store admin state (#388) [mprabhu-nokia] ```
santhosh-kt
pushed a commit
to santhosh-kt/sonic-buildimage
that referenced
this pull request
Feb 25, 2021
Update the sonic-swss-common submodule. The following are the commits in the submodule. ``` 95f9e11 2020-11-19 | [pyext] allow to catch exceptions raised in python (sonic-net#415) [Stepan Blyshchak] 5a718f9 2020-11-18 | [swig] translate C++ `del` to python `delete` (sonic-net#416) [Qi Luo] 40b255b 2020-11-12 | Fix: SWIG dict.get() should have optional default value parameter (sonic-net#413) [Qi Luo] 91e484d 2020-11-07 | Reduce notice logging (sonic-net#412) [Qi Luo] f5945ae 2020-11-05 | Mux Cable schema definitions for interaction between linkmanager and xcvrd (sonic-net#411) [vdahiya12] 602f9c2 2020-11-05 | [lua] load lua script on demand (sonic-net#409) [Dong Zhang] d88412b 2020-11-04 | Rename hdel to del when using multiple keys as param (sonic-net#410) [Kamil Cudnik] e0c229a 2020-11-04 | CHASSIS_STATE_DB on control-card for chassis state (sonic-net#395) [mprabhu-nokia] a4e3ac8 2020-11-04 | Chassisd config table to store admin state (sonic-net#388) [mprabhu-nokia] ```
mssonicbld
added a commit
that referenced
this pull request
Sep 25, 2023
… automatically (#16676) #### Why I did it src/sonic-platform-common ``` * c63abc0 - (HEAD -> master, origin/master, origin/HEAD) [Credo][Ycable] Remove the thread locker protection from the thread-safe APIs (#388) (21 hours ago) [Xinyu Lin] ``` #### How I did it #### How to verify it #### Description for the changelog
mssonicbld
added a commit
that referenced
this pull request
Nov 3, 2023
… automatically (#17084) #### Why I did it src/sonic-platform-common ``` * e7325db - (HEAD -> 202305, origin/202305) Fix SSD health percentage issue for vendor Virtium (#407) (#408) (11 hours ago) [Stephen Sun] * 87e33ab - [Credo][Ycable] Remove the thread locker protection from the thread-safe APIs (#388) (11 hours ago) [Xinyu Lin] ``` #### How I did it #### How to verify it #### Description for the changelog
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.