Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[action] [PR:17553] Update backend_acl.py to specify ACL table name #17668

Merged
merged 1 commit into from
Jan 4, 2024

Conversation

mssonicbld
Copy link
Collaborator

Why I did it

Fix #17552 .

PR #14229 added a service for loading backend ACL rules. There is an issue in below code in backend_acl.py.

if os.path.isfile(BACKEND_ACL_FILE):
run_command(['acl-loader', 'update', 'incremental', BACKEND_ACL_FILE])

Because table_name is not specified when calling acl-loader, the ACL rules loaded previously will be cleared.

Work item tracking
  • Microsoft ADO 26167588:

How I did it

Specify the ACL table name DATAACL when calling acl-loader.

How to verify it

The change is verified by running on a physical testbed. The previously loaded ACL rules are not cleared after this change.

admin@str2-7050qx-32s-acs-02:/usr/share/sonic/templates$ show acl rule
Table Rule Priority Action Match
-------- ------------ ---------- -------- ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
SNMP_ACL RULE_1 9999 ACCEPT SRC_IP: 10.20.0.0/16
DATAACL RULE_1 9999 FORWARD ETHER_TYPE: 2048
 IN_PORTS: Ethernet12,Ethernet16,Ethernet20,Ethernet24,Ethernet28,Ethernet32,Ethernet36,Ethernet4,Ethernet40,Ethernet44,Ethernet48,Ethernet52,Ethernet56,Ethernet60,Ethernet64,Ethernet68,Ethernet72,Ethernet76,Ethernet8
 VLAN_ID: 1000
SNMP_ACL RULE_2 9998 ACCEPT SRC_IP: 10.154.232.0/21
SNMP_ACL RULE_3 9997 ACCEPT SRC_IP: 25.65.16.0/20
SNMP_ACL RULE_4 9996 ACCEPT SRC_IP: 25.66.128.0/17
SNMP_ACL RULE_5 9995 ACCEPT SRC_IP: 100.126.0.0/16
SNMP_ACL RULE_6 9994 ACCEPT SRC_IP: 100.127.64.0/18
......

Which release branch to backport (provide reason below if selected)

  • 201811
  • 201911
  • 202006
  • 202012
  • 202106
  • 202111
  • 202205
  • 202211
  • 202305

Tested branch (Please provide the tested image version)

  • 20201231.118

Description for the changelog

Update backend_acl.py to specify ACL table name.

Link to config_db schema for YANG module changes

No schema change.

A picture of a cute animal (not mandatory but encouraged)

@mssonicbld
Copy link
Collaborator Author

Original PR: #17553

@mssonicbld mssonicbld merged commit c5473c1 into sonic-net:202311 Jan 4, 2024
18 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants