[cfggen] Add tool to translate openconfig acl into sonic format#388
Merged
taoyl-ms merged 7 commits intosonic-net:masterfrom Mar 17, 2017
Merged
[cfggen] Add tool to translate openconfig acl into sonic format#388taoyl-ms merged 7 commits intosonic-net:masterfrom
taoyl-ms merged 7 commits intosonic-net:masterfrom
Conversation
stcheng
reviewed
Mar 9, 2017
Contributor
There was a problem hiding this comment.
i'm just curious what they do for the reject action. any difference from the drop? #Closed
Contributor
Author
There was a problem hiding this comment.
By openconfig definition, REJECT is to "Drop the packet and send an ICMP error message to the source". We don't support ICMP error message right now, of course. #Closed
07cd100 to
38d19ce
Compare
38d19ce to
b7486c2
Compare
lguohan
reviewed
Mar 13, 2017
| if flag == "TCP_SYN": | ||
| tcp_flags = tcp_flags | 0x02 | ||
| if flag == "TCP_FIN": | ||
| tcp_flags = tcp_flags | 0x01 |
Collaborator
There was a problem hiding this comment.
probably swap the order of SYN and FIN? #Resolved
lguohan
reviewed
Mar 13, 2017
| table_props = {} | ||
| table_props["policy_desc"] = table_name | ||
| table_props["type"] = "L3" | ||
| table_props["ports"] = "Ethernet0" |
Collaborator
There was a problem hiding this comment.
why is this Ethernet0? #Resolved
lguohan
reviewed
Mar 13, 2017
|
|
||
|
|
||
| def main(): | ||
| translate(sys.argv[1]) |
Collaborator
There was a problem hiding this comment.
rename to translate_acl for better clarity? #Resolved
lguohan
reviewed
Mar 13, 2017
| debs/ | ||
| {%- endif -%} | ||
|
|
||
| {% if docker_config_engine_debs != '' %} |
Collaborator
There was a problem hiding this comment.
-> {% if docker_config_engine_debs.strip() -%} #Resolved
lguohan
reviewed
Mar 13, 2017
| {%- endfor %} | ||
| {%- endif -%} | ||
|
|
||
| {% if docker_config_engine_whls != '' %} |
lguohan
reviewed
Mar 13, 2017
| # TODO: pip-install instead of apt-get after config engine wrapped into a wheel, even better use pip implicitly installing dependencies | ||
| # Install dependencies for SONiC config engine | ||
| sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install \ | ||
| python-dev \ |
Collaborator
There was a problem hiding this comment.
also need to remove python-dev later? #Resolved
Contributor
Author
There was a problem hiding this comment.
It's in base image. Do we also care a lot about size here? I prefer we keep it for easier usage of pip.
In reply to: 105694773 [](ancestors = 105694773)
Collaborator
There was a problem hiding this comment.
we care about size since some switch only have 2G disk, what's the size we are talking about? #Resolved
lguohan
reviewed
Mar 13, 2017
| rule_data["ACL_RULE_TABLE:"+table_name+":Rule_"+str(rule_idx)] = rule_props | ||
| rule_data["OP"] = "SET" | ||
|
|
||
| rule_props["priority"] = 10000 - rule_idx |
Collaborator
There was a problem hiding this comment.
make 10000 as a parameter with default value, it should not be hardcoded in the code. #Resolved
lguohan
reviewed
Mar 13, 2017
| elif rule.ip.config.protocol == "IP_AUTH": | ||
| rule_props["IP_PROTOCOL"] = "51" | ||
| elif rule.ip.config.protocol == "IP_L2TP": | ||
| rule_props["IP_PROTOCOL"] = "115" |
Collaborator
There was a problem hiding this comment.
better to create a map for such translation? #Resolved
lguohan
reviewed
Mar 13, 2017
| print "Unknown rule action %s in table %s, rule %d!" % (rule.actions.config.forwarding_action, table_name, rule_idx) | ||
| return {} | ||
|
|
||
| if rule.ip.config.protocol == "": |
Collaborator
There was a problem hiding this comment.
compare with "" does not look like a good practice. check below
lguohan
reviewed
Mar 13, 2017
| table_data = [{}] | ||
| table_data[0]["ACL_TABLE:"+table_name] = table_props | ||
| table_data[0]["OP"] = "SET" | ||
| dump_json("table_"+table_name+".json", table_data) |
Collaborator
There was a problem hiding this comment.
which directory do we put them into? can you add an option to specify the output directory? #Resolved
Collaborator
|
what's the license for openconfig_acl.py? can we import the whole github instead of this one file? How do we plan to maintain this file? #Resolved |
Contributor
Author
|
This file is not in openconfig github. It is an auto-generated file by pyangbind taking openconfig and ietf-config github as input. We can also rerun the generation process during every build, but I doubt if we really have the need to do that as it will quite complicate the build process. In reply to: 286154088 [](ancestors = 286154088) |
Collaborator
|
ok, can you put comments in the file, to describe how this file is generated? #Resolved |
8e18b73 to
4a3c0e1
Compare
4a3c0e1 to
fa2ff78
Compare
lguohan
approved these changes
Mar 17, 2017
stcheng
pushed a commit
that referenced
this pull request
Mar 20, 2017
lguohan
added a commit
to lguohan/sonic-buildimage
that referenced
this pull request
Dec 3, 2018
* cd97c60 2018-12-03 | Add support for recreate host interfaces tap devices on warm start (sonic-net#392) [Kamil Cudnik] * b4a7160 2018-12-03 | Drain asic queue before processing shutdown request (sonic-net#388) [Kamil Cudnik] Signed-off-by: Guohan Lu <gulv@microsoft.com>
yxieca
added a commit
to yxieca/sonic-buildimage
that referenced
this pull request
Dec 5, 2018
- [warm boot] introduce command line options to warm/fast reboot scripts (sonic-net#399) - Use -d instead of -m in config qos (sonic-net#388) Signed-off-by: Ying Xie <ying.xie@microsoft.com>
lguohan
pushed a commit
that referenced
this pull request
Dec 5, 2018
Kalimuthu-Velappan
pushed a commit
to Kalimuthu-Velappan/sonic-buildimage
that referenced
this pull request
Sep 12, 2019
madhanmellanox
pushed a commit
to madhanmellanox/sonic-buildimage
that referenced
this pull request
Mar 23, 2020
…onic-net#358)" (sonic-net#371)" (sonic-net#388) This reverts commit 8fc09d0.
dmytroxshevchuk
pushed a commit
to dmytroxshevchuk/sonic-buildimage
that referenced
this pull request
Aug 31, 2020
qiluo-msft
added a commit
to qiluo-msft/sonic-buildimage
that referenced
this pull request
Nov 19, 2020
Update the sonic-swss-common submodule. The following are the commits in the submodule. ``` 95f9e11 2020-11-19 | [pyext] allow to catch exceptions raised in python (sonic-net#415) [Stepan Blyshchak] 5a718f9 2020-11-18 | [swig] translate C++ `del` to python `delete` (sonic-net#416) [Qi Luo] 40b255b 2020-11-12 | Fix: SWIG dict.get() should have optional default value parameter (sonic-net#413) [Qi Luo] 91e484d 2020-11-07 | Reduce notice logging (sonic-net#412) [Qi Luo] f5945ae 2020-11-05 | Mux Cable schema definitions for interaction between linkmanager and xcvrd (sonic-net#411) [vdahiya12] 602f9c2 2020-11-05 | [lua] load lua script on demand (sonic-net#409) [Dong Zhang] d88412b 2020-11-04 | Rename hdel to del when using multiple keys as param (sonic-net#410) [Kamil Cudnik] e0c229a 2020-11-04 | CHASSIS_STATE_DB on control-card for chassis state (sonic-net#395) [mprabhu-nokia] a4e3ac8 2020-11-04 | Chassisd config table to store admin state (sonic-net#388) [mprabhu-nokia] ```
qiluo-msft
added a commit
that referenced
this pull request
Nov 19, 2020
Update the sonic-swss-common submodule. The following are the commits in the submodule. ``` 95f9e11 2020-11-19 | [pyext] allow to catch exceptions raised in python (#415) [Stepan Blyshchak] 5a718f9 2020-11-18 | [swig] translate C++ `del` to python `delete` (#416) [Qi Luo] 40b255b 2020-11-12 | Fix: SWIG dict.get() should have optional default value parameter (#413) [Qi Luo] 91e484d 2020-11-07 | Reduce notice logging (#412) [Qi Luo] f5945ae 2020-11-05 | Mux Cable schema definitions for interaction between linkmanager and xcvrd (#411) [vdahiya12] 602f9c2 2020-11-05 | [lua] load lua script on demand (#409) [Dong Zhang] d88412b 2020-11-04 | Rename hdel to del when using multiple keys as param (#410) [Kamil Cudnik] e0c229a 2020-11-04 | CHASSIS_STATE_DB on control-card for chassis state (#395) [mprabhu-nokia] a4e3ac8 2020-11-04 | Chassisd config table to store admin state (#388) [mprabhu-nokia] ```
santhosh-kt
pushed a commit
to santhosh-kt/sonic-buildimage
that referenced
this pull request
Feb 25, 2021
Update the sonic-swss-common submodule. The following are the commits in the submodule. ``` 95f9e11 2020-11-19 | [pyext] allow to catch exceptions raised in python (sonic-net#415) [Stepan Blyshchak] 5a718f9 2020-11-18 | [swig] translate C++ `del` to python `delete` (sonic-net#416) [Qi Luo] 40b255b 2020-11-12 | Fix: SWIG dict.get() should have optional default value parameter (sonic-net#413) [Qi Luo] 91e484d 2020-11-07 | Reduce notice logging (sonic-net#412) [Qi Luo] f5945ae 2020-11-05 | Mux Cable schema definitions for interaction between linkmanager and xcvrd (sonic-net#411) [vdahiya12] 602f9c2 2020-11-05 | [lua] load lua script on demand (sonic-net#409) [Dong Zhang] d88412b 2020-11-04 | Rename hdel to del when using multiple keys as param (sonic-net#410) [Kamil Cudnik] e0c229a 2020-11-04 | CHASSIS_STATE_DB on control-card for chassis state (sonic-net#395) [mprabhu-nokia] a4e3ac8 2020-11-04 | Chassisd config table to store admin state (sonic-net#388) [mprabhu-nokia] ```
mssonicbld
added a commit
that referenced
this pull request
Sep 25, 2023
… automatically (#16676) #### Why I did it src/sonic-platform-common ``` * c63abc0 - (HEAD -> master, origin/master, origin/HEAD) [Credo][Ycable] Remove the thread locker protection from the thread-safe APIs (#388) (21 hours ago) [Xinyu Lin] ``` #### How I did it #### How to verify it #### Description for the changelog
mssonicbld
added a commit
that referenced
this pull request
Nov 3, 2023
… automatically (#17084) #### Why I did it src/sonic-platform-common ``` * e7325db - (HEAD -> 202305, origin/202305) Fix SSD health percentage issue for vendor Virtium (#407) (#408) (11 hours ago) [Stephen Sun] * 87e33ab - [Credo][Ycable] Remove the thread locker protection from the thread-safe APIs (#388) (11 hours ago) [Xinyu Lin] ``` #### How I did it #### How to verify it #### Description for the changelog
jianyuewu
pushed a commit
to jianyuewu/sonic-buildimage
that referenced
this pull request
May 7, 2025
…afe APIs (sonic-net#388) Signed-off-by: Xinyu <xinyu0123@gmail.com> Co-authored-by: Prince George <45705344+prgeor@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.