diff --git a/acl_loader/main.py b/acl_loader/main.py index e9c61b915d..f8e67cb3a8 100644 --- a/acl_loader/main.py +++ b/acl_loader/main.py @@ -478,14 +478,14 @@ def convert_ip(self, table_name, rule_idx, rule): if rule.ip.config.source_ip_address: source_ip_address = rule.ip.config.source_ip_address - if ipaddress.ip_network(source_ip_address).version == 4: + if ipaddress.ip_network(source_ip_address, strict=False).version == 4: rule_props["SRC_IP"] = source_ip_address else: rule_props["SRC_IPV6"] = source_ip_address if rule.ip.config.destination_ip_address: destination_ip_address = rule.ip.config.destination_ip_address - if ipaddress.ip_network(destination_ip_address).version == 4: + if ipaddress.ip_network(destination_ip_address, strict=False).version == 4: rule_props["DST_IP"] = destination_ip_address else: rule_props["DST_IPV6"] = destination_ip_address @@ -694,12 +694,6 @@ def incremental_update(self): modifications. :return: """ - - # TODO: Until we test ASIC behavior, we cannot assume that we can insert - # dataplane ACLs and shift existing ACLs. Therefore, we perform a full - # update on dataplane ACLs, and only perform an incremental update on - # control plane ACLs. - new_rules = set(self.rules_info.keys()) new_dataplane_rules = set() new_controlplane_rules = set() @@ -721,14 +715,6 @@ def incremental_update(self): else: current_dataplane_rules.add(key) - # Remove all existing dataplane rules - for key in current_dataplane_rules: - self.configdb.mod_entry(self.ACL_RULE, key, None) - # Program for per-asic namespace also if present - for namespace_configdb in self.per_npu_configdb.values(): - namespace_configdb.mod_entry(self.ACL_RULE, key, None) - - # Add all new dataplane rules for key in new_dataplane_rules: self.configdb.mod_entry(self.ACL_RULE, key, self.rules_info[key]) diff --git a/doc/Command-Reference.md b/doc/Command-Reference.md index 5582bc9b56..38f1a21153 100644 --- a/doc/Command-Reference.md +++ b/doc/Command-Reference.md @@ -1356,17 +1356,6 @@ When the optional argument "max_priority" is specified, each rule’s priority This command is used to perform incremental update of ACL rule table. This command gets existing rules from Config DB and compares with rules specified in input file and performs corresponding modifications. -With respect to DATA ACLs, the command does not assume that new dataplane ACLs can be inserted in betweeen by shifting existing ACLs in all ASICs. Therefore, this command performs a full update on dataplane ACLs. -With respect to control plane ACLs, this command performs an incremental update. -If we assume that "file1.json" is the already loaded ACL rules file and if "file2.json" is the input file that is passed as parameter for this command, the following requirements are valid for the input file. -1) First copy the file1.json to file2.json. -2) Remove the unwanted ACL rules from file2.json -3) Add the newly required ACL rules into file2.json. -4) Modify the existing ACL rules (that require changes) in file2.json. - -NOTE: If any ACL rule that is already available in file1.json is required even after this command execution, such rules should remain unalterted in file2.json. Don't remove them. -Note that "incremental" is working like "full". - When "--session_name" optional argument is specified, command sets the session_name for the ACL table with this mirror session name. It fails if the specified mirror session name does not exist. When "--mirror_stage" optional argument is specified, command sets the mirror action to ingress/egress based on this parameter. By default command sets ingress mirror action in case argument is not specified.