[acl-loader] Failed to load ACL rules matching L4 port range larger than 60000

[lizhijianrd]

Description

When I use acl-loader to load data-plane ACL rules matching L4 port range larger than 60000, it sometimes fails with Yang validation error. I did some initial investigate and found at sonic-config-engine/openconfig_acl.py#L2408, it uses regex to validate the L4 port number. But the regex is wrong. For example, a valid port number 62170 cannot match regex (6[0-5][0-5][0-3][0-5]|[0-5]?[0-9]?[0-9]?[0-9]?[0-9]?).

Steps to reproduce the issue:

1. Create a L3V6 dataplane ACL table for test: sudo config acl add table SAMPLE_ACL_TABLE L3V6 -p Ethernet1,Ethernet2 -s ingress.
2. Save below content to file acl_rules.json on DUT:

{
    "acl": {
        "acl-sets": {
            "acl-set": {
                "SAMPLE_ACL_TABLE": {
                    "acl-entries": {
                        "acl-entry": {
                            "RULE_3000": {
                                "config": {
                                    "sequence-id": 3000
                                },
                                "actions": {
                                    "config": {
                                        "forwarding-action": "ACCEPT"
                                    }
                                },
                                "transport": {
                                    "config": {
                                        "source-port": "10275..62170",
                                        "destination-port": "34348..62227"
                                    }
                                }
                            }
                        }
                    }
                }
            }
        }
    }
}

3. Load above ACL rules: acl-loader update full --table_name SAMPLE_ACL_TABLE acl_rules.json.

Describe the results you received:

Receive below error at step 3:

Traceback (most recent call last):
  File "/usr/local/lib/python3.9/dist-packages/openconfig_acl.py", line 2408, in _set_source_port
    t = YANGDynClass(v,base=[RestrictedClassType(base_type=six.text_type, restriction_dict={u'pattern': u'^(6[0-5][0-5][0-3][0-5]|[0-5]?[0-9]?[0-9]?[0-9]?[0-9]?)\\.\\.(6[0-5][0-5][0-3][0-5]|[0-5]?[0-9]?[0-9]?[0-9]?[0-9]?)$'}),RestrictedClassType(base_type=RestrictedClassType(base_type=int, restriction_dict={'range': ['0..65535']},int_size=16), restriction_dict={u'range': [u'0..65535']}),RestrictedClassType(base_type=six.text_type,                                     restriction_type="dict_key",                                     restriction_arg={u'ANY': {}},),], is_leaf=True, yang_name="source-port", parent=self, path_helper=self._path_helper, extmethods=self._extmethods, register_paths=True, namespace='http://openconfig.net/yang/acl', defining_module='openconfig-acl', yang_type='oc-pkt-match-types:port-num-range', is_config=True)
  File "/usr/local/lib/python3.9/dist-packages/pyangbind/lib/yangtypes.py", line 922, in YANGDynClass
    raise TypeError("did not find a valid type using the argument as a" +
TypeError: did not find a valid type using the argument as a hint

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/local/bin/acl-loader", line 8, in <module>
    sys.exit(cli())
  File "/usr/local/lib/python3.9/dist-packages/click/core.py", line 764, in __call__
    return self.main(*args, **kwargs)
  File "/usr/local/lib/python3.9/dist-packages/click/core.py", line 717, in main
    rv = self.invoke(ctx)
  File "/usr/local/lib/python3.9/dist-packages/click/core.py", line 1137, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/usr/local/lib/python3.9/dist-packages/click/core.py", line 1137, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/usr/local/lib/python3.9/dist-packages/click/core.py", line 956, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "/usr/local/lib/python3.9/dist-packages/click/core.py", line 555, in invoke
    return callback(*args, **kwargs)
  File "/usr/local/lib/python3.9/dist-packages/click/decorators.py", line 17, in new_func
    return f(get_current_context(), *args, **kwargs)
  File "/usr/local/lib/python3.9/dist-packages/acl_loader/main.py", line 1094, in full
    acl_loader.load_rules_from_file(filename)
  File "/usr/local/lib/python3.9/dist-packages/acl_loader/main.py", line 391, in load_rules_from_file
    self.yang_acl = AclLoader.parse_acl_json(filename)
  File "/usr/local/lib/python3.9/dist-packages/acl_loader/main.py", line 375, in parse_acl_json
    yang_acl = pybindJSON.load(filename, openconfig_acl, "openconfig_acl")
  File "/usr/local/lib/python3.9/dist-packages/pyangbind/lib/pybindJSON.py", line 77, in load
    return loads(f, parent_pymod, yang_module, path_helper=path_helper,
  File "/usr/local/lib/python3.9/dist-packages/pyangbind/lib/pybindJSON.py", line 57, in loads
    return pybindJSONDecoder.load_json(d, parent_pymod, yang_base,
  File "/usr/local/lib/python3.9/dist-packages/pyangbind/lib/serialise.py", line 270, in load_json
    pybindJSONDecoder.load_json(d[key], chobj, yang_base, obj=chobj,
  File "/usr/local/lib/python3.9/dist-packages/pyangbind/lib/serialise.py", line 270, in load_json
    pybindJSONDecoder.load_json(d[key], chobj, yang_base, obj=chobj,
  File "/usr/local/lib/python3.9/dist-packages/pyangbind/lib/serialise.py", line 308, in load_json
    pybindJSONDecoder.load_json(d[key][child_key], parent, yang_base,
  File "/usr/local/lib/python3.9/dist-packages/pyangbind/lib/serialise.py", line 270, in load_json
    pybindJSONDecoder.load_json(d[key], chobj, yang_base, obj=chobj,
  File "/usr/local/lib/python3.9/dist-packages/pyangbind/lib/serialise.py", line 308, in load_json
    pybindJSONDecoder.load_json(d[key][child_key], parent, yang_base,
  File "/usr/local/lib/python3.9/dist-packages/pyangbind/lib/serialise.py", line 270, in load_json
    pybindJSONDecoder.load_json(d[key], chobj, yang_base, obj=chobj,
  File "/usr/local/lib/python3.9/dist-packages/pyangbind/lib/serialise.py", line 270, in load_json
    pybindJSONDecoder.load_json(d[key], chobj, yang_base, obj=chobj,
  File "/usr/local/lib/python3.9/dist-packages/pyangbind/lib/serialise.py", line 344, in load_json
    set_method(d[key], load=True)
  File "/usr/local/lib/python3.9/dist-packages/openconfig_acl.py", line 2410, in _set_source_port
    raise ValueError({
ValueError: {'error-string': 'source_port must be of a type compatible with oc-pkt-match-types:port-num-range', 'defined-type': 'oc-pkt-match-types:port-num-range', 'generated-type': 'YANGDynClass(base=[RestrictedClassType(base_type=six.text_type, restriction_dict={u\'pattern\': u\'^(6[0-5][0-5][0-3][0-5]|[0-5]?[0-9]?[0-9]?[0-9]?[0-9]?)\\.\\.(6[0-5][0-5][0-3][0-5]|[0-5]?[0-9]?[0-9]?[0-9]?[0-9]?)$\'}),RestrictedClassType(base_type=RestrictedClassType(base_type=int, restriction_dict={\'range\': [\'0..65535\']},int_size=16), restriction_dict={u\'range\': [u\'0..65535\']}),RestrictedClassType(base_type=six.text_type,                                     restriction_type="dict_key",                                     restriction_arg={u\'ANY\': {}},),], is_leaf=True, yang_name="source-port", parent=self, path_helper=self._path_helper, extmethods=self._extmethods, register_paths=True, namespace=\'http://openconfig.net/yang/acl\', defining_module=\'openconfig-acl\', yang_type=\'oc-pkt-match-types:port-num-range\', is_config=True)'}

Describe the results you expected:

Expect acl-loader can load this ACL rule correctly.

Output of show version:

Can repro this issue on master, 202305 and 202205.

Output of show techsupport:

Additional information you deem important (e.g. issue happens only occasionally):

[lizhijianrd]

@qiluo-msft Can you please help to triage this issue?