Skip to content

Commit

Permalink
DST_PORT is configuralbe in json config file for EXTERNAL_CLIENT_ACL
Browse files Browse the repository at this point in the history
Signed-off-by: Zhaohui Sun <[email protected]>
  • Loading branch information
ZhaohuiS committed Aug 23, 2022
1 parent c7d3833 commit bd7b172
Showing 1 changed file with 15 additions and 2 deletions.
17 changes: 15 additions & 2 deletions scripts/caclmgrd
Original file line number Diff line number Diff line change
Expand Up @@ -82,7 +82,6 @@ class ControlPlaneAclManager(daemon_base.DaemonBase):
},
"EXTERNAL_CLIENT": {
"ip_protocols": ["tcp"],
"dst_ports": ["8081"],
"multi_asic_ns_to_host_fwd":True
},
"ANY": {
Expand Down Expand Up @@ -550,7 +549,8 @@ class ControlPlaneAclManager(daemon_base.DaemonBase):

# Obtain default IP protocol(s) and destination port(s) for this service
ip_protocols = self.ACL_SERVICES[acl_service]["ip_protocols"]
dst_ports = self.ACL_SERVICES[acl_service]["dst_ports"]
if "dst_ports" in self.ACL_SERVICES[acl_service]:
dst_ports = self.ACL_SERVICES[acl_service]["dst_ports"]

acl_rules = {}

Expand All @@ -576,6 +576,19 @@ class ControlPlaneAclManager(daemon_base.DaemonBase):
elif self.is_rule_ipv4(rule_props):
table_ip_version = 4

# Read DST_PORT info from Config DB, insert it back to ACL_SERVICES
if acl_service == 'EXTERNAL_CLIENT' and "L4_DST_PORT" in rule_props:
dst_ports = [rule_props["L4_DST_PORT"]]
self.ACL_SERVICES[acl_service]["dst_ports"] = dst_ports
elif acl_service == 'EXTERNAL_CLIENT' and "L4_DST_PORT_RANGE" in rule_props:
dst_ports = []
port_ranges = rule_props["L4_DST_PORT_RANGE"].split("-")
port_start = int(port_ranges[0])
port_end = int(port_ranges[1])
for port in range(port_start, port_end + 1):
dst_ports.append(port)
self.ACL_SERVICES[acl_service]["dst_ports"] = dst_ports

if (self.is_rule_ipv6(rule_props) and (table_ip_version == 4)):
self.log_error("CtrlPlane ACL table {} is a IPv4 based table and rule {} is a IPV6 rule! Ignoring rule."
.format(table_name, rule_id))
Expand Down

0 comments on commit bd7b172

Please sign in to comment.