-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow one Service ACL to bind to multiple services #1576
Conversation
can you fix the test failure? |
can you post example output for acl-loader show? |
@lguohan: Sample output added in description of sonic-net/sonic-utilities#236 |
'ports': acl_intfs, | ||
'type': 'CTRLPLANE', | ||
'service': aclservice if aclservice is not None else 'UNKNOWN'} | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
now, we are looking attachto to decide whether it is dataplane or control plane acl, we need to make sure that the attachto interface is really front panel ports. We should ignore loopback or management in that attachto.
* [caclmgrd] Also ignore IP protocol if found in rule; we will only use our predefined protocols
[installer]: Suppress tar xz warning about time stamp in the future, if date is not correctly set (sonic-net#1562) \[sonic-platform-common\] Update submodule (sonic-net#1563) \- Includes the following commits: \- \[bcmshell.py\] Match extra whitespace before prompt in regex (#3) \- add support for qsfp28 eeprom (#2) \[baseimage\]: bring down eth0 before restart networking (sonic-net#1555) cfggen generates new eth0 configuration. Need to first clean existing configuration on eth0 before bring up new configuration on eth0. Thus, we need to first bring down eth0 before putting new configuration into /etc/network/ interfaces \[mellanox\]: Update MLNX SAI pointer (sonic-net#1557) \[minigraph.py\] Add support to parse tacacs server information (sonic-net#1549) \* \[minigraph.py\] Add support to parse tacacs server information \[router advertiser\] Only start radvd process if device role is 'ToRRouter' (sonic-net#1569) \[submodules\]: update sonic-swss (sonic-net#1570) \[submodules\]: update sonic-utilities (sonic-net#1571) \[cfggen\]: ignore acl when its type is not defined (sonic-net#1568) \[installer\]: Umount before delete partition (sonic-net#1575) Use eth0 interface only to generate lldpd SystemId (sonic-net#1577) Allow one Service ACL to bind to multiple services (sonic-net#1576) \* \[caclmgrd\] Also ignore IP protocol if found in rule; we will only use our predefined protocols \[snmp\]: Bind snmpd to all ip addresses (sonic-net#1587) \[device\] Update Arista driver submodule (sonic-net#1585) Watchdog timeout increased \[devices\]: Fix type for qos.json in 7060 and S6100 (sonic-net#1582) \[minigraph\]: ignore minigraph ports which are not in port_config.ini (sonic-net#1593) \[minigraph\] Fix parser on PNG DeviceInterfaceLink Bandwidth (sonic-net#1592) \* \[minigraph\] Fix parser on PNG DeviceInterfaceLink Bandwidth \[Broadcom SAI\] upgrade Broadcom SAI to version 3.1.3.4-10 (sonic-net#1591) \* \[Broadcom SAI\] upgrade Broadcom SAI to version 3.1.3.4-9 Includes configuration files for following devices: \- Quanta 1X1B-32X \- Dell Z9264F \- Inventec D7054Q28B and D7032Q28B \* \[bcm sai\] upgrade sai version to 3.1.3.4-10 include configuration change to 7060 T0. 50G support for Arista 7060 (sonic-net#1580) \* 50G SKU for Arista 7060 Marvell's updates for SONiC 201803 over SAI v1.2 (sonic-net#1588) \[Mellanox\] Add support for a new platform LS-SN2700 \[devices\]: Merge ingress service pools of lossless and lossy traffic for TD2 (sonic-net#1578) \[sonic-utilities\] add pfcstat and queuestat tool (sonic-net#1606) Add support for S6100 switchport LEDs (sonic-net#1610) \[ip-in-ip\]: Fix config template to apply correct platform depended values (sonic-net#1619) \[platform-common\]: Update sonic-platform-common submodule (sonic-net#1620) \[sfputilbase\]: Add logic to parse the title of port_config.ini file \[sonic-cfggen\] Be case insensitive to hostname in minigraph (sonic-net#1614) \[bugfix\]: pass correct port name to led_control.py in ledd \[cfggen\]: Fix build by fixing pyangbind version (sonic-net#1633) \[swss\]: update sonic-swss submodule \* ea34b92 2018-04-24 | Fix tables handling race condition in buffermgr (sonic-net#484) (HEAD -> 201803, origin/201803) \[Andriy Moroz\] \* 53831be 2018-04-19 | \[pfcwd\]: create PFCWD acl instead of L3 ACL (sonic-net#479) \[sihuihan88\] \[radvd\] Ensure at least one interface is specified in radvd.conf before starting radvd (sonic-net#1636) \[updategraph\]: Keep updategraph service active after start (sonic-net#1651) \[docker-lldpd\]: Various fixes (sonic-net#1650) \* We don't need configure anything until we have interfaces created \* Don't run lldpcli for a port, until a port is up and running \* Remove lldpd socket before starting lldpd \* Fix sample files for lldpd configuration \* Another attempt to make the test working \* Quick fix for lldpd paused after start bug \[submodules\]: update swss and utilities modules swss: \* e34104e 2018-04-13 | \[pfcwd\]: support BIG_RED_SWITCH mode (sonic-net#467) (HEAD, origin/201803) \[sihuihan88\] \* 1f857d5 2018-04-25 | \[buffermgr\]: remove the item from consumer queue if invalid (sonic-net#489) \[sihuihan88\] utilities: \* 0b9bb2b 2018-04-26 | Stop services before pushing new config during "load_minigraph" (sonic-net#247) (HEAD, origin/201803) \[Prince Sunny\] \* dc119c9 2018-04-18 | \[show logging\] For following, change 'tail -f' to 'tail -F' in order to retry in the case log is rotated (sonic-net#240) \[Joe LeVeque\] \* 08da428 2018-04-16 | \[pfcwd\]: add cli to enable/disable BIG_RED_SWITCH mode (sonic-net#237) \[sihuihan88\] \[snmp\]: Fix a race between snmpd-config-updater and snmpd (sonic-net#1628) There is a small window in which snmpd might not have registered a callback for SIGHUP and which will result in its death if snmpd-config-updater send this signal meant for a config reload. \[snmpd\]: Fix typo in is_platform_arista (sonic-net#1634) \[mellanox\]: Update SAI version to 1.11.4 and SDK to 4.2.7303 (sonic-net#1655) \[docker-dhcp\]: Fix the sonic build issue (sonic-net#1659) Install the built version of isc-dhcp-client in docker-dhcp-relay \[swss\]: update swss 118b3f0 2018-05-01 | Populate existing interface cache, bring down before configDone \[zebra.conf\] Fix template issue with multiple lo addresses (sonic-net#1662) \* \[zebra.conf\] Fix template issue with multiple lo addresses \* Add unitest for Loopback1 \[swss\]: Change the hash seed to 0 for ToR and 10 for Leaf routers (sonic-net#1667) Due to some ASIC platform limitations, the hash seed range is from 0 to 15. Thus the switch.json.j2 template is updated so that ToRRouter is using hash seed 0 and LeafRouter is using hash seed 10. \[snmp\]: Stop spamming logs with statfs permission denied log message (sonic-net#1668) \[broadcom\]: update broadcom SAI to 3.1.3.4-11 (sonic-net#1670) Provide better ECMP load-balancing via hash seed \[sonic-cfggen\]: fix bgpd and zebra template for sonic-cfggen test I took the original patch (bebb7a0) into 201803 branch need to also adapt the patch since we do not have commit (d423841) in 201803 branch. \[swss\]: update sonic-swss module \[201803 d57f9a1\] \[lua\]: use not to check whether the field exists (sonic-net#492) \[device\] Update arista driver submodule (sonic-net#1674) \[submodule\]: Update submodule sonic-snmpagent (sonic-net#1642) sonic-cfggen supports hwsku parameter (sonic-net#1631) \*Note\*: tuned test data during cherry-pick \[device\] Add PSU utility for platform ly1200 of MiTAC (sonic-net#1673) \[platform/broadcom/sonic-platform-modules-mitac\] Install acpi package for daemon and adjust i2c sequence \[mellanox\]: Update MLNX SAI pointer (sonic-net#1684) 40G profile for Arista 7060 (sonic-net#1677) Update buffers config for Mellanox 27xx devices (sonic-net#1649) \* Update buffers config for Mellanox 27xx devices \* Remove buffers template test for msn27xx \[submodule\]: Update submodule sonic-snmpagent: Improve mib fundamental classes (sonic-net#1689) \[sonic-utilities\]: update sonic utilities submodule \* 951633b 2018-05-04 | \[generate_dump\]: fix a saidump file copy bug (sonic-net#248) (HEAD, origin/201803) \[Kebo Liu\] \* 69baff7 2018-05-03 | \[acl_loader\]: Missing one colon (sonic-net#252) \[Shuotian Cheng\] \* 557248d 2018-05-02 | \[acl-loader\]: Add --table_name option to update full operation (sonic-net#249) \[Shuotian Cheng\] \* a8aadee 2018-04-30 | \[acl-loader\]: Change the header from Rule ID to Table (sonic-net#250) \[Shuotian Cheng\] \[swss\]: update sonic-swss \* b57c376 2018-05-10 | \[teamsyncd\]: Add team_ifindex2ifname return value check (sonic-net#500) (HEAD, origin/201803) \[Shuotian Cheng\] \* 236843f 2018-05-07 | Fix Crm Acl used counter update (sonic-net#496) \[Nadiya\] \[swss\]: update sonic-swss c374357 2018-04-23 | Fix ZeroBufferProfile parameters (sonic-net#485) (HEAD -> 201803) \[Andriy Moroz\] \[platform\]: Fixed Cavium platform modules build. (sonic-net#1694) \[submodule\]: Update submodule sonic-snmpagent: Improve mib fundamental classes: retry after reinit_data() throws (sonic-net#1700) Merge branch 'github-1803' Conflicts: dockers/docker-router-advertiser/start.sh platform/broadcom/sai.mk platform/mellanox/mlnx-sai.mk src/sonic-config-engine/sonic-cfggen src/sonic-config-engine/tests/sample_output/ports.json src/sonic-config-engine/tests/test_cfggen.py src/sonic-platform-daemons src/sonic-snmpagent src/sonic-swss src/sonic-utilities \[baseimage\]: Disable DAD for eth0 explicitly (sonic-net#1701) \[quagga\]: update quagga submodule (sonic-net#1698) \* \[quagga\]: update quagga submodule 0bc6bd6 2018-05-11 | ignore nexthop attribute when NLRI is present (#18) (HEAD, origin/debian/0.99.24.1, origin/HEAD) \[lguohan\] \* add vs bgp test Fix the build error Revert "\[sonic-cfggen\]: fix bgpd and zebra template for sonic-cfggen test" This reverts commit b29d835. Fix the build issue for sonic-cfggen test Merge branch 'github-1803' --5/12 Conflicts: src/sonic-quagga src/sonic-snmpagent RB=1312391 G=lnos-reviewers R=pchaudha,pmao,rmolina,zxu A=
Including below commits: 693a02c 2021-01-08 | [gearbox] Add support for "hwinfo" field (sonic-net#1547) [Baptiste Covolato] 7e3b2c6 2021-01-09 | [Evpn Warmreboot] Added Dependancy check logic in VrfMgr (sonic-net#1466) [nkelapur] a960e2e 2021-01-09 | [Orchagent]: FdbOrch changes for EVPN VXLAN (sonic-net#1275) [Pankaj Jain] 097cfda 2021-01-08 | [swss test] update setup guide for swss tests (sonic-net#1582) [Ying Xie] b42253a 2021-01-05 | Fix for armhf build (sonic-net#1580) [Qi Luo] d8c1465 2021-01-05 | [dvs] Update/disable DVS tests with new FRR 7.5 behavior (sonic-net#1579) [Danny Allen] f6c7422 2021-01-05 | ASIC internal temperature sensors support (sonic-net#1517) [Santhosh Kumar T] 0aa9ef2 2021-01-01 | Simply by auto iterator type, because we will tune the return types of library functions (sonic-net#1577) [Qi Luo] 773238b 2020-12-31 | [build]: Fix format string for size_t (sonic-net#1576) [Qi Luo] 7ba4e43 2020-12-30 | [fgnhgorch] add warm reboot support for fgnhg (sonic-net#1538) [weixchen1215] 4cf6617 2020-12-30 | [ci]: add build for arm64 and armhf (sonic-net#1572) [lguohan] 6ebc0ed 2020-12-29 | [ci]: add azure-pipeline for amd64 (sonic-net#1571) [lguohan] e32b9d0 2020-12-29 | [FDBSYNCD] Added pytest for fdbsyncd (sonic-net#1560) [KISHORE KUNAL] a43f6be 2020-12-30 | [crm] Add support for snat, dnat and ipmc crm resources (sonic-net#1511) [Prabhu Sreenivasan] 7fc3888 2020-12-29 | PY Test script for EVPN L3 VxLAN (sonic-net#1330) [Tapash Das] 6eb36d9 2020-12-27 | vlanmgr changes related to EVPN VxLan warmboot (sonic-net#1460) [anilkpan]
Including below commits: 36f7332 2021-01-14 | modified ERR log to NOTICE log for FDB notification failure after VLAN delete (#1595) [madhanmellanox] c21c883 2021-01-12 | [ci]: download artifacts from master branch build (#1597) [lguohan] a1d03a4 2021-01-12 | [fgnhgorch] Match mode changes for Fine Grained ECMP (#1565) [anish-n] 1b65f3d 2021-01-12 | [ci]: use sonicbld pool (#1594) [lguohan] 48ae866 2021-01-12 | [pfcwd] Update PFC storm detection logic for Mellanox platforms (#1586) [Volodymyr Samotiy] 850001f 2021-01-12 | [FPMSYNCD] Evpn/Vxlan related changes to support FRR7.5(#1585) [KISHORE KUNAL] 64ca9bb 2021-01-12 | [ci]: only copy artifacts when build is successful (#1590) [lguohan] 17d0dae 2021-01-11 | [Fdborch] Fix for arm compilation (#1592) [Prince Sunny] 693a02c 2021-01-08 | [gearbox] Add support for "hwinfo" field (#1547) [Baptiste Covolato] 7e3b2c6 2021-01-09 | [Evpn Warmreboot] Added Dependancy check logic in VrfMgr (#1466) [nkelapur] a960e2e 2021-01-09 | [Orchagent]: FdbOrch changes for EVPN VXLAN (#1275) [Pankaj Jain] 097cfda 2021-01-08 | [swss test] update setup guide for swss tests (#1582) [Ying Xie] b42253a 2021-01-05 | Fix for armhf build (#1580) [Qi Luo] d8c1465 2021-01-05 | [dvs] Update/disable DVS tests with new FRR 7.5 behavior (#1579) [Danny Allen] f6c7422 2021-01-05 | ASIC internal temperature sensors support (#1517) [Santhosh Kumar T] 0aa9ef2 2021-01-01 | Simply by auto iterator type, because we will tune the return types of library functions (#1577) [Qi Luo] 773238b 2020-12-31 | [build]: Fix format string for size_t (#1576) [Qi Luo] 7ba4e43 2020-12-30 | [fgnhgorch] add warm reboot support for fgnhg (#1538) [weixchen1215] 4cf6617 2020-12-30 | [ci]: add build for arm64 and armhf (#1572) [lguohan] 6ebc0ed 2020-12-29 | [ci]: add azure-pipeline for amd64 (#1571) [lguohan] e32b9d0 2020-12-29 | [FDBSYNCD] Added pytest for fdbsyncd (#1560) [KISHORE KUNAL] a43f6be 2020-12-30 | [crm] Add support for snat, dnat and ipmc crm resources (#1511) [Prabhu Sreenivasan] 7fc3888 2020-12-29 | PY Test script for EVPN L3 VxLAN (#1330) [Tapash Das] 6eb36d9 2020-12-27 | vlanmgr changes related to EVPN VxLan warmboot (#1460) [anilkpan] Signed-off-by: Guohan Lu <lguohan@gmail.com>
Including below commits: 36f7332 2021-01-14 | modified ERR log to NOTICE log for FDB notification failure after VLAN delete (#1595) [madhanmellanox] c21c883 2021-01-12 | [ci]: download artifacts from master branch build (#1597) [lguohan] a1d03a4 2021-01-12 | [fgnhgorch] Match mode changes for Fine Grained ECMP (#1565) [anish-n] 1b65f3d 2021-01-12 | [ci]: use sonicbld pool (#1594) [lguohan] 48ae866 2021-01-12 | [pfcwd] Update PFC storm detection logic for Mellanox platforms (#1586) [Volodymyr Samotiy] 850001f 2021-01-12 | [FPMSYNCD] Evpn/Vxlan related changes to support FRR7.5(#1585) [KISHORE KUNAL] 64ca9bb 2021-01-12 | [ci]: only copy artifacts when build is successful (#1590) [lguohan] 17d0dae 2021-01-11 | [Fdborch] Fix for arm compilation (#1592) [Prince Sunny] 693a02c 2021-01-08 | [gearbox] Add support for "hwinfo" field (#1547) [Baptiste Covolato] 7e3b2c6 2021-01-09 | [Evpn Warmreboot] Added Dependancy check logic in VrfMgr (#1466) [nkelapur] a960e2e 2021-01-09 | [Orchagent]: FdbOrch changes for EVPN VXLAN (#1275) [Pankaj Jain] 097cfda 2021-01-08 | [swss test] update setup guide for swss tests (#1582) [Ying Xie] b42253a 2021-01-05 | Fix for armhf build (#1580) [Qi Luo] d8c1465 2021-01-05 | [dvs] Update/disable DVS tests with new FRR 7.5 behavior (#1579) [Danny Allen] f6c7422 2021-01-05 | ASIC internal temperature sensors support (#1517) [Santhosh Kumar T] 0aa9ef2 2021-01-01 | Simply by auto iterator type, because we will tune the return types of library functions (#1577) [Qi Luo] 773238b 2020-12-31 | [build]: Fix format string for size_t (#1576) [Qi Luo] 7ba4e43 2020-12-30 | [fgnhgorch] add warm reboot support for fgnhg (#1538) [weixchen1215] 4cf6617 2020-12-30 | [ci]: add build for arm64 and armhf (#1572) [lguohan] 6ebc0ed 2020-12-29 | [ci]: add azure-pipeline for amd64 (#1571) [lguohan] e32b9d0 2020-12-29 | [FDBSYNCD] Added pytest for fdbsyncd (#1560) [KISHORE KUNAL] a43f6be 2020-12-30 | [crm] Add support for snat, dnat and ipmc crm resources (#1511) [Prabhu Sreenivasan] 7fc3888 2020-12-29 | PY Test script for EVPN L3 VxLAN (#1330) [Tapash Das] 6eb36d9 2020-12-27 | vlanmgr changes related to EVPN VxLan warmboot (#1460) [anilkpan] Signed-off-by: Guohan Lu <lguohan@gmail.com>
We met below error message in armhf build (32-bit) ``` g++ -DHAVE_CONFIG_H -I. -I.. -I ../lib -I .. -I ../warmrestart -I flex_counter -I debug_counter -g -DNDEBUG -std=c++14 -Wall -fPIC -Wno-write-strings -I/usr/include/libnl3 -I/usr/include/swss -Werror -Wno-reorder -Wcast-align -Wcast-qual -Wconversion -Wdisabled-optimization -Wextra -Wfloat-equal -Wformat=2 -Wformat-nonliteral -Wformat-security -Wformat-y2k -Wimport -Winit-self -Winvalid-pch -Wlong-long -Wmissing-field-initializers -Wmissing-format-attribute -Wno-aggregate-return -Wno-padded -Wno-switch-enum -Wno-unused-parameter -Wpacked -Wpointer-arith -Wredundant-decls -Wstack-protector -Wstrict-aliasing=3 -Wswitch -Wswitch-default -Wunreachable-code -Wunused -Wvariadic-macros -Wno-switch-default -Wno-long-long -Wno-redundant-decls -I /usr/include/sai -Wdate-time -D_FORTIFY_SOURCE=2 -g -O2 -fdebug-prefix-map=/__w/1/s=. -fstack-protector-strong -Wformat -Werror=format-security -c -o orchagent-copporch.o `test -f 'copporch.cpp' || echo './'`copporch.cpp In file included from /usr/include/swss/redistran.h:7, from /usr/include/swss/table.h:17, from orch.h:17, from fgnhgorch.h:4, from fgnhgorch.cpp:3: fgnhgorch.cpp: In member function 'virtual bool FgNhgOrch::bake()': /usr/include/swss/logger.h:17:101: error: format '%lu' expects argument of type 'long unsigned int', but argument 5 has type 'std::vector<std::__cxx11::basic_string<char> >::size_type' {aka 'unsigned int'} [-Werror=format=] #define SWSS_LOG_NOTICE(MSG, ...) swss::Logger::getInstance().write(swss::Logger::SWSS_NOTICE, ":- %s: " MSG, __FUNCTION__, ##__VA_ARGS__) fgnhgorch.cpp:117:5: note: in expansion of macro 'SWSS_LOG_NOTICE' SWSS_LOG_NOTICE("Warm reboot: recovering entry %lu from state", keys.size()); ^~~~~~~~~~~~~~~ In file included from /usr/include/c++/8/vector:69, from acltable.h:10, from portsorch.h:6, from portsorch.cpp:1: ```
DO NOT MERGE YET
Requires a submodule update after the following PR is merged: sonic-net/sonic-utilities#236