-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[acl-loader] Failed to load ACL rules matching L4 port range larger than 60000 #16189
Comments
@qiluo-msft Can you please help to triage this issue? |
11 tasks
yxieca
pushed a commit
that referenced
this issue
Aug 30, 2023
How I did it Fix the regex for L4 port range in openconfig_acl.py. How to verify it Build image and install on Arista-720DT DUT, then try the repro steps in #16189 and confirmed the ACL rule be setup correctly:
11 tasks
mssonicbld
pushed a commit
to mssonicbld/sonic-buildimage
that referenced
this issue
Aug 30, 2023
How I did it Fix the regex for L4 port range in openconfig_acl.py. How to verify it Build image and install on Arista-720DT DUT, then try the repro steps in sonic-net#16189 and confirmed the ACL rule be setup correctly:
11 tasks
mssonicbld
pushed a commit
to mssonicbld/sonic-buildimage
that referenced
this issue
Aug 30, 2023
How I did it Fix the regex for L4 port range in openconfig_acl.py. How to verify it Build image and install on Arista-720DT DUT, then try the repro steps in sonic-net#16189 and confirmed the ACL rule be setup correctly:
mssonicbld
pushed a commit
that referenced
this issue
Aug 30, 2023
How I did it Fix the regex for L4 port range in openconfig_acl.py. How to verify it Build image and install on Arista-720DT DUT, then try the repro steps in #16189 and confirmed the ACL rule be setup correctly:
11 tasks
mssonicbld
pushed a commit
to mssonicbld/sonic-buildimage
that referenced
this issue
Sep 3, 2023
How I did it Fix the regex for L4 port range in openconfig_acl.py. How to verify it Build image and install on Arista-720DT DUT, then try the repro steps in sonic-net#16189 and confirmed the ACL rule be setup correctly:
yxieca
pushed a commit
that referenced
this issue
Sep 6, 2023
How I did it Fix the regex for L4 port range in openconfig_acl.py. How to verify it Build image and install on Arista-720DT DUT, then try the repro steps in #16189 and confirmed the ACL rule be setup correctly: Co-authored-by: Zhijian Li <[email protected]>
sonic-otn
pushed a commit
to sonic-otn/sonic-buildimage
that referenced
this issue
Sep 20, 2023
How I did it Fix the regex for L4 port range in openconfig_acl.py. How to verify it Build image and install on Arista-720DT DUT, then try the repro steps in sonic-net#16189 and confirmed the ACL rule be setup correctly:
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description
When I use
acl-loader
to load data-plane ACL rules matching L4 port range larger than 60000, it sometimes fails with Yang validation error. I did some initial investigate and found at sonic-config-engine/openconfig_acl.py#L2408, it uses regex to validate the L4 port number. But the regex is wrong. For example, a valid port number62170
cannot match regex(6[0-5][0-5][0-3][0-5]|[0-5]?[0-9]?[0-9]?[0-9]?[0-9]?)
.Steps to reproduce the issue:
L3V6
dataplane ACL table for test:sudo config acl add table SAMPLE_ACL_TABLE L3V6 -p Ethernet1,Ethernet2 -s ingress
.acl_rules.json
on DUT:acl-loader update full --table_name SAMPLE_ACL_TABLE acl_rules.json
.Describe the results you received:
Receive below error at step 3:
Describe the results you expected:
Expect
acl-loader
can load this ACL rule correctly.Output of
show version
:Can repro this issue on master, 202305 and 202205.
Output of
show techsupport
:Additional information you deem important (e.g. issue happens only occasionally):
The text was updated successfully, but these errors were encountered: