Skip to content

caclmgrd: monitor state_db to update dhcp acl#8477

Merged
1 commit merged intosonic-net:202012from
trzhang11:caclmgrd_202012
Aug 16, 2021
Merged

caclmgrd: monitor state_db to update dhcp acl#8477
1 commit merged intosonic-net:202012from
trzhang11:caclmgrd_202012

Conversation

@ghost
Copy link
Copy Markdown

@ghost ghost commented Aug 14, 2021
edited by ghost
Loading

caclmgrd: monitor mux_cable_table in state_db to update dhcp acl

  • if the state changes to 'standby', add acl to block dhcp packets based on ingress interfaces
  • if the state changes to 'active', delete acl
  • if the state changes to 'unknown', also delete acl to avoid potential disconnect
  • both addition and deletion follow checking the existence of the rules

The change has been verified on a virtual switch based testbed.

Port to 202012 branch from #8222

@ghost ghost requested review from qiluo-msft and tahmed-dev August 14, 2021 01:53
@ghost ghost merged commit feab18a into sonic-net:202012 Aug 16, 2021
@ghost ghost deleted the caclmgrd_202012 branch August 17, 2021 21:13
@bingwang-ms bingwang-ms mentioned this pull request Aug 26, 2021
Merged
4 tasks
lguohan pushed a commit to sonic-net/sonic-mgmt that referenced this pull request Aug 27, 2021
@bingwang-ms
[cacl]: Fix cacl test on dualtor testbed (#4127)
c011005 
PR sonic-net/sonic-buildimage#8477 added some iptable rules for DHCP on dualtor testbed, and the added rule will cause test_cacl_application failed.

This PR addressed the issue by ignoring the dualtor specific rule on dualtor testbed.

Signed-off-by: bingwang <bingwang@microsoft.com>
vmittal-msft pushed a commit to vmittal-msft/sonic-mgmt that referenced this pull request Sep 28, 2021
@bingwang-ms @vmittal-msft
[cacl]: Fix cacl test on dualtor testbed (sonic-net#4127)
5800637 
PR sonic-net/sonic-buildimage#8477 added some iptable rules for DHCP on dualtor testbed, and the added rule will cause test_cacl_application failed.

This PR addressed the issue by ignoring the dualtor specific rule on dualtor testbed.

Signed-off-by: bingwang <bingwang@microsoft.com>
This pull request was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@qiluo-msft qiluo-msft Awaiting requested review from qiluo-msft

Assignees

No one assigned

Labels

Control Plane ACL DHCP Relay

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@tahmed-dev @qiluo-msft