Skip to content

Commit

Permalink
[SAIP4] Add ACL QoS table to FBR instances.
Browse files Browse the repository at this point in the history
  • Loading branch information
@rhalstea @divyagayathri-hcl
rhalstea authored and divyagayathri-hcl committed Oct 17, 2024
1 parent 8193ec1 commit 82d15e0
Show file tree
Hide file tree
Showing 6 changed files with 538 additions and 263 deletions.
42 changes: 32 additions & 10 deletions sai_p4/instantiations/google/acl_ingress.p4
View file
Original file line number Diff line number Diff line change
Expand Up @@ -317,7 +317,7 @@ control acl_ingress(in headers_t headers,
// Only allow IP field matches for IP packets.
ttl::mask != 0 -> (is_ip == 1 || is_ipv4 == 1 || is_ipv6 == 1);
ip_protocol::mask != 0 -> (is_ip == 1 || is_ipv4 == 1 || is_ipv6 == 1);
// Only allow l4_dst_port and l4_src_port matches for TCP/UDP packets.
// Only allow l4_dst_port matches for TCP/UDP packets.
l4_dst_port::mask != 0 -> (ip_protocol == 6 || ip_protocol == 17);
// Forbid illegal combinations of IP_TYPE fields.
is_ip::mask != 0 -> (is_ipv4::mask == 0 && is_ipv6::mask == 0);
Expand All @@ -328,8 +328,16 @@ control acl_ingress(in headers_t headers,
is_ipv6::mask != 0 -> (is_ipv6 == 1);
// Only allow icmp_type matches for ICMP packets
icmpv6_type::mask != 0 -> ip_protocol == 58;
#ifdef SAI_INSTANTIATION_FABRIC_BORDER_ROUTER
// Only allow l4_dst_port matches for TCP/UDP packets.
l4_src_port::mask != 0 -> (ip_protocol == 6 || ip_protocol == 17);
// Only allow icmp_type matches for ICMP packets
icmp_type::mask != 0 -> ip_protocol == 1;
#endif
#if defined(SAI_INSTANTIATION_TOR)
// Only allow arp_tpa matches for ARP packets.
arp_tpa::mask != 0 -> ether_type == 0x0806;
#endif
")
table acl_ingress_qos_table {
key = {
Expand All @@ -345,15 +353,6 @@ control acl_ingress(in headers_t headers,
headers.ethernet.ether_type : ternary
@id(4) @name("ether_type")
@sai_field(SAI_ACL_TABLE_ATTR_FIELD_ETHER_TYPE);
headers.ethernet.dst_addr : ternary
@id(5) @name("dst_mac")
@sai_field(SAI_ACL_TABLE_ATTR_FIELD_DST_MAC) @format(MAC_ADDRESS);
headers.arp.target_proto_addr : ternary
@id(6) @name("arp_tpa")
@composite_field(
@sai_udf(base=SAI_UDF_BASE_L3, offset=24, length=2),
@sai_udf(base=SAI_UDF_BASE_L3, offset=26, length=2)
) @format(IPV4_ADDRESS);
ttl : ternary
@id(7) @name("ttl")
@sai_field(SAI_ACL_TABLE_ATTR_FIELD_TTL);
Expand All @@ -366,12 +365,34 @@ control acl_ingress(in headers_t headers,
local_metadata.l4_dst_port : ternary
@id(10) @name("l4_dst_port")
@sai_field(SAI_ACL_TABLE_ATTR_FIELD_L4_DST_PORT);
#ifdef SAI_INSTANTIATION_FABRIC_BORDER_ROUTER
local_metadata.l4_src_port : ternary
@id(12) @name("l4_src_port")
@sai_field(SAI_ACL_TABLE_ATTR_FIELD_L4_SRC_PORT);
headers.icmp.type : ternary
@id(14) @name("icmp_type")
@sai_field(SAI_ACL_TABLE_ATTR_FIELD_ICMP_TYPE);
local_metadata.route_metadata : optional
@id(15) @name("route_metadata")
@sai_field(SAI_ACL_TABLE_ATTR_FIELD_ROUTE_DST_USER_META);
#endif
#if defined(SAI_INSTANTIATION_TOR)
headers.ethernet.dst_addr : ternary
@id(5) @name("dst_mac")
@sai_field(SAI_ACL_TABLE_ATTR_FIELD_DST_MAC) @format(MAC_ADDRESS);
headers.arp.target_proto_addr : ternary
@id(6) @name("arp_tpa")
@composite_field(
@sai_udf(base=SAI_UDF_BASE_L3, offset=24, length=2),
@sai_udf(base=SAI_UDF_BASE_L3, offset=26, length=2)
) @format(IPV4_ADDRESS);
local_metadata.ingress_port : optional
@id(11) @name("in_port")
@sai_field(SAI_ACL_TABLE_ATTR_FIELD_IN_PORT);
local_metadata.acl_metadata : ternary
@id(13) @name("acl_metadata")
@sai_field(SAI_ACL_TABLE_ATTR_FIELD_ACL_USER_META);
#endif
}
actions = {
@proto_id(1) set_qos_queue_and_cancel_copy_above_rate_limit();
Expand Down Expand Up @@ -663,6 +684,7 @@ control acl_ingress(in headers_t headers,
#elif defined(SAI_INSTANTIATION_FABRIC_BORDER_ROUTER)
acl_ingress_table.apply();
acl_ingress_counting_table.apply();
acl_ingress_qos_table.apply();
#elif defined(SAI_INSTANTIATION_TOR)
// These tables are currently order agnostic, but we should be careful to
// ensure that the ordering is correct if we add new actions or model
Expand Down
228 changes: 228 additions & 0 deletions sai_p4/instantiations/google/fabric_border_router.p4info.pb.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -559,6 +559,127 @@ tables {
direct_resource_ids: 352321792
size: 256
}
tables {
preamble {
id: 33554695
name: "ingress.acl_ingress.acl_ingress_qos_table"
alias: "acl_ingress_qos_table"
annotations: "@sai_acl(INGRESS)"
annotations: "@sai_acl_priority(10)"
annotations: "@p4runtime_role(\"sdn_controller\")"
annotations: "@entry_restriction(\"\n // Forbid using ether_type for IP packets (by convention, use is_ip* instead).\n ether_type != 0x0800 && ether_type != 0x86dd;\n // Only allow IP field matches for IP packets.\n ttl::mask != 0 -> (is_ip == 1 || is_ipv4 == 1 || is_ipv6 == 1);\n ip_protocol::mask != 0 -> (is_ip == 1 || is_ipv4 == 1 || is_ipv6 == 1);\n // Only allow l4_dst_port matches for TCP/UDP packets.\n l4_dst_port::mask != 0 -> (ip_protocol == 6 || ip_protocol == 17);\n // Forbid illegal combinations of IP_TYPE fields.\n is_ip::mask != 0 -> (is_ipv4::mask == 0 && is_ipv6::mask == 0);\n is_ipv4::mask != 0 -> (is_ip::mask == 0 && is_ipv6::mask == 0);\n is_ipv6::mask != 0 -> (is_ip::mask == 0 && is_ipv4::mask == 0);\n // Forbid unsupported combinations of IP_TYPE fields.\n is_ipv4::mask != 0 -> (is_ipv4 == 1);\n is_ipv6::mask != 0 -> (is_ipv6 == 1);\n // Only allow icmp_type matches for ICMP packets\n icmpv6_type::mask != 0 -> ip_protocol == 58;\n\n // Only allow l4_dst_port matches for TCP/UDP packets.\n l4_src_port::mask != 0 -> (ip_protocol == 6 || ip_protocol == 17);\n // Only allow icmp_type matches for ICMP packets\n icmp_type::mask != 0 -> ip_protocol == 1;\n\n\n\n\n\n \")"
}
match_fields {
id: 1
name: "is_ip"
annotations: "@sai_field(SAI_ACL_TABLE_ATTR_FIELD_ACL_IP_TYPE / IP)"
bitwidth: 1
match_type: OPTIONAL
}
match_fields {
id: 2
name: "is_ipv4"
annotations: "@sai_field(SAI_ACL_TABLE_ATTR_FIELD_ACL_IP_TYPE / IPV4ANY)"
bitwidth: 1
match_type: OPTIONAL
}
match_fields {
id: 3
name: "is_ipv6"
annotations: "@sai_field(SAI_ACL_TABLE_ATTR_FIELD_ACL_IP_TYPE / IPV6ANY)"
bitwidth: 1
match_type: OPTIONAL
}
match_fields {
id: 4
name: "ether_type"
annotations: "@sai_field(SAI_ACL_TABLE_ATTR_FIELD_ETHER_TYPE)"
bitwidth: 16
match_type: TERNARY
}
match_fields {
id: 7
name: "ttl"
annotations: "@sai_field(SAI_ACL_TABLE_ATTR_FIELD_TTL)"
bitwidth: 8
match_type: TERNARY
}
match_fields {
id: 8
name: "ip_protocol"
annotations: "@sai_field(SAI_ACL_TABLE_ATTR_FIELD_IP_PROTOCOL)"
bitwidth: 8
match_type: TERNARY
}
match_fields {
id: 9
name: "icmpv6_type"
annotations: "@sai_field(SAI_ACL_TABLE_ATTR_FIELD_ICMPV6_TYPE)"
bitwidth: 8
match_type: TERNARY
}
match_fields {
id: 10
name: "l4_dst_port"
annotations: "@sai_field(SAI_ACL_TABLE_ATTR_FIELD_L4_DST_PORT)"
bitwidth: 16
match_type: TERNARY
}
match_fields {
id: 12
name: "l4_src_port"
annotations: "@sai_field(SAI_ACL_TABLE_ATTR_FIELD_L4_SRC_PORT)"
bitwidth: 16
match_type: TERNARY
}
match_fields {
id: 14
name: "icmp_type"
annotations: "@sai_field(SAI_ACL_TABLE_ATTR_FIELD_ICMP_TYPE)"
bitwidth: 8
match_type: TERNARY
}
match_fields {
id: 15
name: "route_metadata"
annotations: "@sai_field(SAI_ACL_TABLE_ATTR_FIELD_ROUTE_DST_USER_META)"
bitwidth: 6
match_type: OPTIONAL
}
action_refs {
id: 16777484
annotations: "@proto_id(1)"
}
action_refs {
id: 16777486
annotations: "@proto_id(2)"
}
action_refs {
id: 16777475
annotations: "@proto_id(3)"
}
action_refs {
id: 16777481
annotations: "@proto_id(4)"
}
action_refs {
id: 16777488
annotations: "@proto_id(5)"
}
action_refs {
id: 16777489
annotations: "@proto_id(6)"
}
action_refs {
id: 21257015
annotations: "@defaultonly"
scope: DEFAULT_ONLY
}
const_default_action_id: 21257015
direct_resource_ids: 318767367
direct_resource_ids: 352321794
size: 511
}
tables {
preamble {
id: 33554697
Expand Down Expand Up @@ -1198,6 +1319,90 @@ actions {
}
}
}
actions {
preamble {
id: 16777484
name: "ingress.acl_ingress.set_qos_queue_and_cancel_copy_above_rate_limit"
alias: "set_qos_queue_and_cancel_copy_above_rate_limit"
annotations: "@sai_action(SAI_PACKET_ACTION_FORWARD , SAI_PACKET_COLOR_GREEN)"
annotations: "@sai_action(SAI_PACKET_ACTION_COPY_CANCEL , SAI_PACKET_COLOR_RED)"
}
params {
id: 1
name: "qos_queue"
annotations: "@sai_action_param(QOS_QUEUE)"
type_name {
name: "qos_queue_t"
}
}
}
actions {
preamble {
id: 16777489
name: "ingress.acl_ingress.set_cpu_and_multicast_queues_and_deny_above_rate_limit"
alias: "set_cpu_and_multicast_queues_and_deny_above_rate_limit"
annotations: "@sai_action(SAI_PACKET_ACTION_FORWARD , SAI_PACKET_COLOR_GREEN)"
annotations: "@sai_action(SAI_PACKET_ACTION_DENY , SAI_PACKET_COLOR_RED)"
annotations: "@unsupported"
}
params {
id: 1
name: "cpu_queue"
annotations: "@sai_action_param(QOS_QUEUE)"
type_name {
name: "qos_queue_t"
}
}
params {
id: 2
name: "green_multicast_queue"
annotations: "@sai_action_param(MULTICAST_QOS_QUEUE , SAI_PACKET_COLOR_GREEN)"
type_name {
name: "qos_queue_t"
}
}
params {
id: 3
name: "red_multicast_queue"
annotations: "@sai_action_param(MULTICAST_QOS_QUEUE , SAI_PACKET_COLOR_RED)"
type_name {
name: "qos_queue_t"
}
}
}
actions {
preamble {
id: 16777486
name: "ingress.acl_ingress.set_cpu_queue_and_deny_above_rate_limit"
alias: "set_cpu_queue_and_deny_above_rate_limit"
annotations: "@sai_action(SAI_PACKET_ACTION_FORWARD , SAI_PACKET_COLOR_GREEN)"
annotations: "@sai_action(SAI_PACKET_ACTION_DENY , SAI_PACKET_COLOR_RED)"
}
params {
id: 1
name: "cpu_queue"
annotations: "@sai_action_param(QOS_QUEUE)"
type_name {
name: "qos_queue_t"
}
}
}
actions {
preamble {
id: 16777488
name: "ingress.acl_ingress.set_cpu_queue"
alias: "set_cpu_queue"
annotations: "@sai_action(SAI_PACKET_ACTION_FORWARD)"
}
params {
id: 1
name: "cpu_queue"
annotations: "@sai_action_param(QOS_QUEUE)"
type_name {
name: "qos_queue_t"
}
}
}
actions {
preamble {
id: 16777217
Expand Down Expand Up @@ -1535,6 +1740,17 @@ direct_counters {
}
direct_table_id: 33554688
}
direct_counters {
preamble {
id: 318767367
name: "ingress.acl_ingress.acl_ingress_qos_counter"
alias: "acl_ingress_qos_counter"
}
spec {
unit: BOTH
}
direct_table_id: 33554695
}
direct_counters {
preamble {
id: 318767369
Expand Down Expand Up @@ -1569,6 +1785,18 @@ direct_meters {
}
direct_table_id: 33554688
}
direct_meters {
preamble {
id: 352321794
name: "ingress.acl_ingress.acl_ingress_qos_meter"
alias: "acl_ingress_qos_meter"
annotations: "@mode(single_rate_two_color)"
}
spec {
unit: BYTES
}
direct_table_id: 33554695
}
controller_packet_metadata {
preamble {
id: 81826293
Expand Down
12 changes: 9 additions & 3 deletions sai_p4/instantiations/google/sai_pd.proto
View file
Original file line number Diff line number Diff line change
Expand Up @@ -561,7 +561,7 @@ message AclPreIngressMetadataTableEntry {
// ## Only allow IP field matches for IP packets.
// ttl::mask != 0 -> (is_ip == 1 || is_ipv4 == 1 || is_ipv6 == 1);
// ip_protocol::mask != 0 -> (is_ip == 1 || is_ipv4 == 1 || is_ipv6 == 1);
// ## Only allow l4_dst_port and l4_src_port matches for TCP/UDP packets.
// ## Only allow l4_dst_port matches for TCP/UDP packets.
// l4_dst_port::mask != 0 -> (ip_protocol == 6 || ip_protocol == 17);
// ## Forbid illegal combinations of IP_TYPE fields.
// is_ip::mask != 0 -> (is_ipv4::mask == 0 && is_ipv6::mask == 0);
Expand All @@ -572,8 +572,10 @@ message AclPreIngressMetadataTableEntry {
// is_ipv6::mask != 0 -> (is_ipv6 == 1);
// ## Only allow icmp_type matches for ICMP packets
// icmpv6_type::mask != 0 -> ip_protocol == 58;
// ## Only allow arp_tpa matches for ARP packets.
// arp_tpa::mask != 0 -> ether_type == 0x0806;
// ## Only allow l4_dst_port matches for TCP/UDP packets.
// l4_src_port::mask != 0 -> (ip_protocol == 6 || ip_protocol == 17);
// ## Only allow icmp_type matches for ICMP packets
// icmp_type::mask != 0 -> ip_protocol == 1;
message AclIngressQosTableEntry {
message Match {
Optional is_ip = 1; // optional match / Format::HEX_STRING / 1 bits
Expand All @@ -587,7 +589,11 @@ message AclIngressQosTableEntry {
Ternary icmpv6_type = 9; // ternary match / Format::HEX_STRING / 8 bits
Ternary l4_dst_port = 10; // ternary match / Format::HEX_STRING / 16 bits
Optional in_port = 11; // optional match / Format::STRING
Ternary l4_src_port = 12; // ternary match / Format::HEX_STRING / 16 bits
Ternary acl_metadata = 13; // ternary match / Format::HEX_STRING / 8 bits
Ternary icmp_type = 14; // ternary match / Format::HEX_STRING / 8 bits
Optional route_metadata =
15; // optional match / Format::HEX_STRING / 6 bits
}
Match match = 1;
message Action {
Expand Down
9 changes: 3 additions & 6 deletions sai_p4/instantiations/google/test_tools/table_entry_generator.cc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -229,11 +229,8 @@ TableEntryGenerator AclIngressQosTableGenerator(
auto base_entry = gutil::ParseTextProto<pdpi::IrTableEntry>(
R"pb(table_name: "acl_ingress_qos_table"
matches {
name: "ether_type"
ternary {
value { hex_str: "0x0806" }
mask { hex_str: "0xffff" }
}
name: "is_ipv4"
optional { value { hex_str: "0x1" } }
}
action {
name: "set_qos_queue_and_cancel_copy_above_rate_limit"
Expand All @@ -244,7 +241,7 @@ TableEntryGenerator AclIngressQosTableGenerator(
})pb");
if (!base_entry.ok()) LOG(FATAL) << base_entry.status(); // Crash OK
generator.generator = IrMatchFieldAndPriorityGenerator(
table_definition, *base_entry, "arp_tpa");
table_definition, *base_entry, "ip_protocol");
return generator;
}

Expand Down
Loading

0 comments on commit 82d15e0

Please sign in to comment.