diff --git a/sai_p4/instantiations/google/acl_ingress.p4 b/sai_p4/instantiations/google/acl_ingress.p4 index 036d2c54..bb14da5d 100644 --- a/sai_p4/instantiations/google/acl_ingress.p4 +++ b/sai_p4/instantiations/google/acl_ingress.p4 @@ -317,7 +317,7 @@ control acl_ingress(in headers_t headers, // Only allow IP field matches for IP packets. ttl::mask != 0 -> (is_ip == 1 || is_ipv4 == 1 || is_ipv6 == 1); ip_protocol::mask != 0 -> (is_ip == 1 || is_ipv4 == 1 || is_ipv6 == 1); - // Only allow l4_dst_port and l4_src_port matches for TCP/UDP packets. + // Only allow l4_dst_port matches for TCP/UDP packets. l4_dst_port::mask != 0 -> (ip_protocol == 6 || ip_protocol == 17); // Forbid illegal combinations of IP_TYPE fields. is_ip::mask != 0 -> (is_ipv4::mask == 0 && is_ipv6::mask == 0); @@ -328,8 +328,16 @@ control acl_ingress(in headers_t headers, is_ipv6::mask != 0 -> (is_ipv6 == 1); // Only allow icmp_type matches for ICMP packets icmpv6_type::mask != 0 -> ip_protocol == 58; +#ifdef SAI_INSTANTIATION_FABRIC_BORDER_ROUTER + // Only allow l4_dst_port matches for TCP/UDP packets. + l4_src_port::mask != 0 -> (ip_protocol == 6 || ip_protocol == 17); + // Only allow icmp_type matches for ICMP packets + icmp_type::mask != 0 -> ip_protocol == 1; +#endif +#if defined(SAI_INSTANTIATION_TOR) // Only allow arp_tpa matches for ARP packets. arp_tpa::mask != 0 -> ether_type == 0x0806; +#endif ") table acl_ingress_qos_table { key = { @@ -345,15 +353,6 @@ control acl_ingress(in headers_t headers, headers.ethernet.ether_type : ternary @id(4) @name("ether_type") @sai_field(SAI_ACL_TABLE_ATTR_FIELD_ETHER_TYPE); - headers.ethernet.dst_addr : ternary - @id(5) @name("dst_mac") - @sai_field(SAI_ACL_TABLE_ATTR_FIELD_DST_MAC) @format(MAC_ADDRESS); - headers.arp.target_proto_addr : ternary - @id(6) @name("arp_tpa") - @composite_field( - @sai_udf(base=SAI_UDF_BASE_L3, offset=24, length=2), - @sai_udf(base=SAI_UDF_BASE_L3, offset=26, length=2) - ) @format(IPV4_ADDRESS); ttl : ternary @id(7) @name("ttl") @sai_field(SAI_ACL_TABLE_ATTR_FIELD_TTL); @@ -366,12 +365,34 @@ control acl_ingress(in headers_t headers, local_metadata.l4_dst_port : ternary @id(10) @name("l4_dst_port") @sai_field(SAI_ACL_TABLE_ATTR_FIELD_L4_DST_PORT); +#ifdef SAI_INSTANTIATION_FABRIC_BORDER_ROUTER + local_metadata.l4_src_port : ternary + @id(12) @name("l4_src_port") + @sai_field(SAI_ACL_TABLE_ATTR_FIELD_L4_SRC_PORT); + headers.icmp.type : ternary + @id(14) @name("icmp_type") + @sai_field(SAI_ACL_TABLE_ATTR_FIELD_ICMP_TYPE); + local_metadata.route_metadata : optional + @id(15) @name("route_metadata") + @sai_field(SAI_ACL_TABLE_ATTR_FIELD_ROUTE_DST_USER_META); +#endif +#if defined(SAI_INSTANTIATION_TOR) + headers.ethernet.dst_addr : ternary + @id(5) @name("dst_mac") + @sai_field(SAI_ACL_TABLE_ATTR_FIELD_DST_MAC) @format(MAC_ADDRESS); + headers.arp.target_proto_addr : ternary + @id(6) @name("arp_tpa") + @composite_field( + @sai_udf(base=SAI_UDF_BASE_L3, offset=24, length=2), + @sai_udf(base=SAI_UDF_BASE_L3, offset=26, length=2) + ) @format(IPV4_ADDRESS); local_metadata.ingress_port : optional @id(11) @name("in_port") @sai_field(SAI_ACL_TABLE_ATTR_FIELD_IN_PORT); local_metadata.acl_metadata : ternary @id(13) @name("acl_metadata") @sai_field(SAI_ACL_TABLE_ATTR_FIELD_ACL_USER_META); +#endif } actions = { @proto_id(1) set_qos_queue_and_cancel_copy_above_rate_limit(); @@ -663,6 +684,7 @@ control acl_ingress(in headers_t headers, #elif defined(SAI_INSTANTIATION_FABRIC_BORDER_ROUTER) acl_ingress_table.apply(); acl_ingress_counting_table.apply(); + acl_ingress_qos_table.apply(); #elif defined(SAI_INSTANTIATION_TOR) // These tables are currently order agnostic, but we should be careful to // ensure that the ordering is correct if we add new actions or model diff --git a/sai_p4/instantiations/google/fabric_border_router.p4info.pb.txt b/sai_p4/instantiations/google/fabric_border_router.p4info.pb.txt index f9d8f6bf..e9e1ec86 100644 --- a/sai_p4/instantiations/google/fabric_border_router.p4info.pb.txt +++ b/sai_p4/instantiations/google/fabric_border_router.p4info.pb.txt @@ -559,6 +559,127 @@ tables { direct_resource_ids: 352321792 size: 256 } +tables { + preamble { + id: 33554695 + name: "ingress.acl_ingress.acl_ingress_qos_table" + alias: "acl_ingress_qos_table" + annotations: "@sai_acl(INGRESS)" + annotations: "@sai_acl_priority(10)" + annotations: "@p4runtime_role(\"sdn_controller\")" + annotations: "@entry_restriction(\"\n // Forbid using ether_type for IP packets (by convention, use is_ip* instead).\n ether_type != 0x0800 && ether_type != 0x86dd;\n // Only allow IP field matches for IP packets.\n ttl::mask != 0 -> (is_ip == 1 || is_ipv4 == 1 || is_ipv6 == 1);\n ip_protocol::mask != 0 -> (is_ip == 1 || is_ipv4 == 1 || is_ipv6 == 1);\n // Only allow l4_dst_port matches for TCP/UDP packets.\n l4_dst_port::mask != 0 -> (ip_protocol == 6 || ip_protocol == 17);\n // Forbid illegal combinations of IP_TYPE fields.\n is_ip::mask != 0 -> (is_ipv4::mask == 0 && is_ipv6::mask == 0);\n is_ipv4::mask != 0 -> (is_ip::mask == 0 && is_ipv6::mask == 0);\n is_ipv6::mask != 0 -> (is_ip::mask == 0 && is_ipv4::mask == 0);\n // Forbid unsupported combinations of IP_TYPE fields.\n is_ipv4::mask != 0 -> (is_ipv4 == 1);\n is_ipv6::mask != 0 -> (is_ipv6 == 1);\n // Only allow icmp_type matches for ICMP packets\n icmpv6_type::mask != 0 -> ip_protocol == 58;\n\n // Only allow l4_dst_port matches for TCP/UDP packets.\n l4_src_port::mask != 0 -> (ip_protocol == 6 || ip_protocol == 17);\n // Only allow icmp_type matches for ICMP packets\n icmp_type::mask != 0 -> ip_protocol == 1;\n\n\n\n\n\n \")" + } + match_fields { + id: 1 + name: "is_ip" + annotations: "@sai_field(SAI_ACL_TABLE_ATTR_FIELD_ACL_IP_TYPE / IP)" + bitwidth: 1 + match_type: OPTIONAL + } + match_fields { + id: 2 + name: "is_ipv4" + annotations: "@sai_field(SAI_ACL_TABLE_ATTR_FIELD_ACL_IP_TYPE / IPV4ANY)" + bitwidth: 1 + match_type: OPTIONAL + } + match_fields { + id: 3 + name: "is_ipv6" + annotations: "@sai_field(SAI_ACL_TABLE_ATTR_FIELD_ACL_IP_TYPE / IPV6ANY)" + bitwidth: 1 + match_type: OPTIONAL + } + match_fields { + id: 4 + name: "ether_type" + annotations: "@sai_field(SAI_ACL_TABLE_ATTR_FIELD_ETHER_TYPE)" + bitwidth: 16 + match_type: TERNARY + } + match_fields { + id: 7 + name: "ttl" + annotations: "@sai_field(SAI_ACL_TABLE_ATTR_FIELD_TTL)" + bitwidth: 8 + match_type: TERNARY + } + match_fields { + id: 8 + name: "ip_protocol" + annotations: "@sai_field(SAI_ACL_TABLE_ATTR_FIELD_IP_PROTOCOL)" + bitwidth: 8 + match_type: TERNARY + } + match_fields { + id: 9 + name: "icmpv6_type" + annotations: "@sai_field(SAI_ACL_TABLE_ATTR_FIELD_ICMPV6_TYPE)" + bitwidth: 8 + match_type: TERNARY + } + match_fields { + id: 10 + name: "l4_dst_port" + annotations: "@sai_field(SAI_ACL_TABLE_ATTR_FIELD_L4_DST_PORT)" + bitwidth: 16 + match_type: TERNARY + } + match_fields { + id: 12 + name: "l4_src_port" + annotations: "@sai_field(SAI_ACL_TABLE_ATTR_FIELD_L4_SRC_PORT)" + bitwidth: 16 + match_type: TERNARY + } + match_fields { + id: 14 + name: "icmp_type" + annotations: "@sai_field(SAI_ACL_TABLE_ATTR_FIELD_ICMP_TYPE)" + bitwidth: 8 + match_type: TERNARY + } + match_fields { + id: 15 + name: "route_metadata" + annotations: "@sai_field(SAI_ACL_TABLE_ATTR_FIELD_ROUTE_DST_USER_META)" + bitwidth: 6 + match_type: OPTIONAL + } + action_refs { + id: 16777484 + annotations: "@proto_id(1)" + } + action_refs { + id: 16777486 + annotations: "@proto_id(2)" + } + action_refs { + id: 16777475 + annotations: "@proto_id(3)" + } + action_refs { + id: 16777481 + annotations: "@proto_id(4)" + } + action_refs { + id: 16777488 + annotations: "@proto_id(5)" + } + action_refs { + id: 16777489 + annotations: "@proto_id(6)" + } + action_refs { + id: 21257015 + annotations: "@defaultonly" + scope: DEFAULT_ONLY + } + const_default_action_id: 21257015 + direct_resource_ids: 318767367 + direct_resource_ids: 352321794 + size: 511 +} tables { preamble { id: 33554697 @@ -1198,6 +1319,90 @@ actions { } } } +actions { + preamble { + id: 16777484 + name: "ingress.acl_ingress.set_qos_queue_and_cancel_copy_above_rate_limit" + alias: "set_qos_queue_and_cancel_copy_above_rate_limit" + annotations: "@sai_action(SAI_PACKET_ACTION_FORWARD , SAI_PACKET_COLOR_GREEN)" + annotations: "@sai_action(SAI_PACKET_ACTION_COPY_CANCEL , SAI_PACKET_COLOR_RED)" + } + params { + id: 1 + name: "qos_queue" + annotations: "@sai_action_param(QOS_QUEUE)" + type_name { + name: "qos_queue_t" + } + } +} +actions { + preamble { + id: 16777489 + name: "ingress.acl_ingress.set_cpu_and_multicast_queues_and_deny_above_rate_limit" + alias: "set_cpu_and_multicast_queues_and_deny_above_rate_limit" + annotations: "@sai_action(SAI_PACKET_ACTION_FORWARD , SAI_PACKET_COLOR_GREEN)" + annotations: "@sai_action(SAI_PACKET_ACTION_DENY , SAI_PACKET_COLOR_RED)" + annotations: "@unsupported" + } + params { + id: 1 + name: "cpu_queue" + annotations: "@sai_action_param(QOS_QUEUE)" + type_name { + name: "qos_queue_t" + } + } + params { + id: 2 + name: "green_multicast_queue" + annotations: "@sai_action_param(MULTICAST_QOS_QUEUE , SAI_PACKET_COLOR_GREEN)" + type_name { + name: "qos_queue_t" + } + } + params { + id: 3 + name: "red_multicast_queue" + annotations: "@sai_action_param(MULTICAST_QOS_QUEUE , SAI_PACKET_COLOR_RED)" + type_name { + name: "qos_queue_t" + } + } +} +actions { + preamble { + id: 16777486 + name: "ingress.acl_ingress.set_cpu_queue_and_deny_above_rate_limit" + alias: "set_cpu_queue_and_deny_above_rate_limit" + annotations: "@sai_action(SAI_PACKET_ACTION_FORWARD , SAI_PACKET_COLOR_GREEN)" + annotations: "@sai_action(SAI_PACKET_ACTION_DENY , SAI_PACKET_COLOR_RED)" + } + params { + id: 1 + name: "cpu_queue" + annotations: "@sai_action_param(QOS_QUEUE)" + type_name { + name: "qos_queue_t" + } + } +} +actions { + preamble { + id: 16777488 + name: "ingress.acl_ingress.set_cpu_queue" + alias: "set_cpu_queue" + annotations: "@sai_action(SAI_PACKET_ACTION_FORWARD)" + } + params { + id: 1 + name: "cpu_queue" + annotations: "@sai_action_param(QOS_QUEUE)" + type_name { + name: "qos_queue_t" + } + } +} actions { preamble { id: 16777217 @@ -1535,6 +1740,17 @@ direct_counters { } direct_table_id: 33554688 } +direct_counters { + preamble { + id: 318767367 + name: "ingress.acl_ingress.acl_ingress_qos_counter" + alias: "acl_ingress_qos_counter" + } + spec { + unit: BOTH + } + direct_table_id: 33554695 +} direct_counters { preamble { id: 318767369 @@ -1569,6 +1785,18 @@ direct_meters { } direct_table_id: 33554688 } +direct_meters { + preamble { + id: 352321794 + name: "ingress.acl_ingress.acl_ingress_qos_meter" + alias: "acl_ingress_qos_meter" + annotations: "@mode(single_rate_two_color)" + } + spec { + unit: BYTES + } + direct_table_id: 33554695 +} controller_packet_metadata { preamble { id: 81826293 diff --git a/sai_p4/instantiations/google/sai_pd.proto b/sai_p4/instantiations/google/sai_pd.proto index 70fc1f37..377a1a63 100755 --- a/sai_p4/instantiations/google/sai_pd.proto +++ b/sai_p4/instantiations/google/sai_pd.proto @@ -561,7 +561,7 @@ message AclPreIngressMetadataTableEntry { // ## Only allow IP field matches for IP packets. // ttl::mask != 0 -> (is_ip == 1 || is_ipv4 == 1 || is_ipv6 == 1); // ip_protocol::mask != 0 -> (is_ip == 1 || is_ipv4 == 1 || is_ipv6 == 1); -// ## Only allow l4_dst_port and l4_src_port matches for TCP/UDP packets. +// ## Only allow l4_dst_port matches for TCP/UDP packets. // l4_dst_port::mask != 0 -> (ip_protocol == 6 || ip_protocol == 17); // ## Forbid illegal combinations of IP_TYPE fields. // is_ip::mask != 0 -> (is_ipv4::mask == 0 && is_ipv6::mask == 0); @@ -572,8 +572,10 @@ message AclPreIngressMetadataTableEntry { // is_ipv6::mask != 0 -> (is_ipv6 == 1); // ## Only allow icmp_type matches for ICMP packets // icmpv6_type::mask != 0 -> ip_protocol == 58; -// ## Only allow arp_tpa matches for ARP packets. -// arp_tpa::mask != 0 -> ether_type == 0x0806; +// ## Only allow l4_dst_port matches for TCP/UDP packets. +// l4_src_port::mask != 0 -> (ip_protocol == 6 || ip_protocol == 17); +// ## Only allow icmp_type matches for ICMP packets +// icmp_type::mask != 0 -> ip_protocol == 1; message AclIngressQosTableEntry { message Match { Optional is_ip = 1; // optional match / Format::HEX_STRING / 1 bits @@ -587,7 +589,11 @@ message AclIngressQosTableEntry { Ternary icmpv6_type = 9; // ternary match / Format::HEX_STRING / 8 bits Ternary l4_dst_port = 10; // ternary match / Format::HEX_STRING / 16 bits Optional in_port = 11; // optional match / Format::STRING + Ternary l4_src_port = 12; // ternary match / Format::HEX_STRING / 16 bits Ternary acl_metadata = 13; // ternary match / Format::HEX_STRING / 8 bits + Ternary icmp_type = 14; // ternary match / Format::HEX_STRING / 8 bits + Optional route_metadata = + 15; // optional match / Format::HEX_STRING / 6 bits } Match match = 1; message Action { diff --git a/sai_p4/instantiations/google/test_tools/table_entry_generator.cc b/sai_p4/instantiations/google/test_tools/table_entry_generator.cc index 2a3abeec..a6028f40 100644 --- a/sai_p4/instantiations/google/test_tools/table_entry_generator.cc +++ b/sai_p4/instantiations/google/test_tools/table_entry_generator.cc @@ -229,11 +229,8 @@ TableEntryGenerator AclIngressQosTableGenerator( auto base_entry = gutil::ParseTextProto( R"pb(table_name: "acl_ingress_qos_table" matches { - name: "ether_type" - ternary { - value { hex_str: "0x0806" } - mask { hex_str: "0xffff" } - } + name: "is_ipv4" + optional { value { hex_str: "0x1" } } } action { name: "set_qos_queue_and_cancel_copy_above_rate_limit" @@ -244,7 +241,7 @@ TableEntryGenerator AclIngressQosTableGenerator( })pb"); if (!base_entry.ok()) LOG(FATAL) << base_entry.status(); // Crash OK generator.generator = IrMatchFieldAndPriorityGenerator( - table_definition, *base_entry, "arp_tpa"); + table_definition, *base_entry, "ip_protocol"); return generator; } diff --git a/sai_p4/instantiations/google/tor.p4info.pb.txt b/sai_p4/instantiations/google/tor.p4info.pb.txt index bd73629c..46d6a7f9 100644 --- a/sai_p4/instantiations/google/tor.p4info.pb.txt +++ b/sai_p4/instantiations/google/tor.p4info.pb.txt @@ -656,7 +656,7 @@ tables { annotations: "@sai_acl(INGRESS)" annotations: "@sai_acl_priority(10)" annotations: "@p4runtime_role(\"sdn_controller\")" - annotations: "@entry_restriction(\"\n // Forbid using ether_type for IP packets (by convention, use is_ip* instead).\n ether_type != 0x0800 && ether_type != 0x86dd;\n // Only allow IP field matches for IP packets.\n ttl::mask != 0 -> (is_ip == 1 || is_ipv4 == 1 || is_ipv6 == 1);\n ip_protocol::mask != 0 -> (is_ip == 1 || is_ipv4 == 1 || is_ipv6 == 1);\n // Only allow l4_dst_port and l4_src_port matches for TCP/UDP packets.\n l4_dst_port::mask != 0 -> (ip_protocol == 6 || ip_protocol == 17);\n // Forbid illegal combinations of IP_TYPE fields.\n is_ip::mask != 0 -> (is_ipv4::mask == 0 && is_ipv6::mask == 0);\n is_ipv4::mask != 0 -> (is_ip::mask == 0 && is_ipv6::mask == 0);\n is_ipv6::mask != 0 -> (is_ip::mask == 0 && is_ipv4::mask == 0);\n // Forbid unsupported combinations of IP_TYPE fields.\n is_ipv4::mask != 0 -> (is_ipv4 == 1);\n is_ipv6::mask != 0 -> (is_ipv6 == 1);\n // Only allow icmp_type matches for ICMP packets\n icmpv6_type::mask != 0 -> ip_protocol == 58;\n // Only allow arp_tpa matches for ARP packets.\n arp_tpa::mask != 0 -> ether_type == 0x0806;\n \")" + annotations: "@entry_restriction(\"\n // Forbid using ether_type for IP packets (by convention, use is_ip* instead).\n ether_type != 0x0800 && ether_type != 0x86dd;\n // Only allow IP field matches for IP packets.\n ttl::mask != 0 -> (is_ip == 1 || is_ipv4 == 1 || is_ipv6 == 1);\n ip_protocol::mask != 0 -> (is_ip == 1 || is_ipv4 == 1 || is_ipv6 == 1);\n // Only allow l4_dst_port matches for TCP/UDP packets.\n l4_dst_port::mask != 0 -> (ip_protocol == 6 || ip_protocol == 17);\n // Forbid illegal combinations of IP_TYPE fields.\n is_ip::mask != 0 -> (is_ipv4::mask == 0 && is_ipv6::mask == 0);\n is_ipv4::mask != 0 -> (is_ip::mask == 0 && is_ipv6::mask == 0);\n is_ipv6::mask != 0 -> (is_ip::mask == 0 && is_ipv4::mask == 0);\n // Forbid unsupported combinations of IP_TYPE fields.\n is_ipv4::mask != 0 -> (is_ipv4 == 1);\n is_ipv6::mask != 0 -> (is_ipv6 == 1);\n // Only allow icmp_type matches for ICMP packets\n icmpv6_type::mask != 0 -> ip_protocol == 58;\n\n\n\n\n\n\n\n // Only allow arp_tpa matches for ARP packets.\n arp_tpa::mask != 0 -> ether_type == 0x0806;\n\n \")" } match_fields { id: 1 @@ -686,22 +686,6 @@ tables { bitwidth: 16 match_type: TERNARY } - match_fields { - id: 5 - name: "dst_mac" - annotations: "@sai_field(SAI_ACL_TABLE_ATTR_FIELD_DST_MAC)" - annotations: "@format(MAC_ADDRESS)" - bitwidth: 48 - match_type: TERNARY - } - match_fields { - id: 6 - name: "arp_tpa" - annotations: "@composite_field(@ sai_udf ( base = SAI_UDF_BASE_L3 , offset = 24 , length = 2 ) , @ sai_udf ( base = SAI_UDF_BASE_L3 , offset = 26 , length = 2 ))" - annotations: "@format(IPV4_ADDRESS)" - bitwidth: 32 - match_type: TERNARY - } match_fields { id: 7 name: "ttl" @@ -730,6 +714,22 @@ tables { bitwidth: 16 match_type: TERNARY } + match_fields { + id: 5 + name: "dst_mac" + annotations: "@sai_field(SAI_ACL_TABLE_ATTR_FIELD_DST_MAC)" + annotations: "@format(MAC_ADDRESS)" + bitwidth: 48 + match_type: TERNARY + } + match_fields { + id: 6 + name: "arp_tpa" + annotations: "@composite_field(@ sai_udf ( base = SAI_UDF_BASE_L3 , offset = 24 , length = 2 ) , @ sai_udf ( base = SAI_UDF_BASE_L3 , offset = 26 , length = 2 ))" + annotations: "@format(IPV4_ADDRESS)" + bitwidth: 32 + match_type: TERNARY + } match_fields { id: 11 name: "in_port" diff --git a/sai_p4/instantiations/google/unioned_p4info.pb.txt b/sai_p4/instantiations/google/unioned_p4info.pb.txt index 2b6c1fb9..97671f6d 100644 --- a/sai_p4/instantiations/google/unioned_p4info.pb.txt +++ b/sai_p4/instantiations/google/unioned_p4info.pb.txt @@ -569,6 +569,160 @@ tables { direct_resource_ids: 352321792 size: 256 } +tables { + preamble { + id: 33554695 + name: "ingress.acl_ingress.acl_ingress_qos_table" + alias: "acl_ingress_qos_table" + annotations: "@sai_acl(INGRESS)" + annotations: "@sai_acl_priority(10)" + annotations: "@p4runtime_role(\"sdn_controller\")" + annotations: "@entry_restriction(\"\n // Forbid using ether_type for IP packets (by convention, use is_ip* instead).\n ether_type != 0x0800 && ether_type != 0x86dd;\n // Only allow IP field matches for IP packets.\n ttl::mask != 0 -> (is_ip == 1 || is_ipv4 == 1 || is_ipv6 == 1);\n ip_protocol::mask != 0 -> (is_ip == 1 || is_ipv4 == 1 || is_ipv6 == 1);\n // Only allow l4_dst_port matches for TCP/UDP packets.\n l4_dst_port::mask != 0 -> (ip_protocol == 6 || ip_protocol == 17);\n // Forbid illegal combinations of IP_TYPE fields.\n is_ip::mask != 0 -> (is_ipv4::mask == 0 && is_ipv6::mask == 0);\n is_ipv4::mask != 0 -> (is_ip::mask == 0 && is_ipv6::mask == 0);\n is_ipv6::mask != 0 -> (is_ip::mask == 0 && is_ipv4::mask == 0);\n // Forbid unsupported combinations of IP_TYPE fields.\n is_ipv4::mask != 0 -> (is_ipv4 == 1);\n is_ipv6::mask != 0 -> (is_ipv6 == 1);\n // Only allow icmp_type matches for ICMP packets\n icmpv6_type::mask != 0 -> ip_protocol == 58;\n\n // Only allow l4_dst_port matches for TCP/UDP packets.\n l4_src_port::mask != 0 -> (ip_protocol == 6 || ip_protocol == 17);\n // Only allow icmp_type matches for ICMP packets\n icmp_type::mask != 0 -> ip_protocol == 1;\n\n\n\n\n\n \")" + annotations: "@entry_restriction(\"\n // Forbid using ether_type for IP packets (by convention, use is_ip* instead).\n ether_type != 0x0800 && ether_type != 0x86dd;\n // Only allow IP field matches for IP packets.\n ttl::mask != 0 -> (is_ip == 1 || is_ipv4 == 1 || is_ipv6 == 1);\n ip_protocol::mask != 0 -> (is_ip == 1 || is_ipv4 == 1 || is_ipv6 == 1);\n // Only allow l4_dst_port matches for TCP/UDP packets.\n l4_dst_port::mask != 0 -> (ip_protocol == 6 || ip_protocol == 17);\n // Forbid illegal combinations of IP_TYPE fields.\n is_ip::mask != 0 -> (is_ipv4::mask == 0 && is_ipv6::mask == 0);\n is_ipv4::mask != 0 -> (is_ip::mask == 0 && is_ipv6::mask == 0);\n is_ipv6::mask != 0 -> (is_ip::mask == 0 && is_ipv4::mask == 0);\n // Forbid unsupported combinations of IP_TYPE fields.\n is_ipv4::mask != 0 -> (is_ipv4 == 1);\n is_ipv6::mask != 0 -> (is_ipv6 == 1);\n // Only allow icmp_type matches for ICMP packets\n icmpv6_type::mask != 0 -> ip_protocol == 58;\n\n\n\n\n\n\n\n // Only allow arp_tpa matches for ARP packets.\n arp_tpa::mask != 0 -> ether_type == 0x0806;\n\n \")" + } + match_fields { + id: 1 + name: "is_ip" + annotations: "@sai_field(SAI_ACL_TABLE_ATTR_FIELD_ACL_IP_TYPE / IP)" + bitwidth: 1 + match_type: OPTIONAL + } + match_fields { + id: 2 + name: "is_ipv4" + annotations: "@sai_field(SAI_ACL_TABLE_ATTR_FIELD_ACL_IP_TYPE / IPV4ANY)" + bitwidth: 1 + match_type: OPTIONAL + } + match_fields { + id: 3 + name: "is_ipv6" + annotations: "@sai_field(SAI_ACL_TABLE_ATTR_FIELD_ACL_IP_TYPE / IPV6ANY)" + bitwidth: 1 + match_type: OPTIONAL + } + match_fields { + id: 4 + name: "ether_type" + annotations: "@sai_field(SAI_ACL_TABLE_ATTR_FIELD_ETHER_TYPE)" + bitwidth: 16 + match_type: TERNARY + } + match_fields { + id: 7 + name: "ttl" + annotations: "@sai_field(SAI_ACL_TABLE_ATTR_FIELD_TTL)" + bitwidth: 8 + match_type: TERNARY + } + match_fields { + id: 8 + name: "ip_protocol" + annotations: "@sai_field(SAI_ACL_TABLE_ATTR_FIELD_IP_PROTOCOL)" + bitwidth: 8 + match_type: TERNARY + } + match_fields { + id: 9 + name: "icmpv6_type" + annotations: "@sai_field(SAI_ACL_TABLE_ATTR_FIELD_ICMPV6_TYPE)" + bitwidth: 8 + match_type: TERNARY + } + match_fields { + id: 10 + name: "l4_dst_port" + annotations: "@sai_field(SAI_ACL_TABLE_ATTR_FIELD_L4_DST_PORT)" + bitwidth: 16 + match_type: TERNARY + } + match_fields { + id: 12 + name: "l4_src_port" + annotations: "@sai_field(SAI_ACL_TABLE_ATTR_FIELD_L4_SRC_PORT)" + bitwidth: 16 + match_type: TERNARY + } + match_fields { + id: 14 + name: "icmp_type" + annotations: "@sai_field(SAI_ACL_TABLE_ATTR_FIELD_ICMP_TYPE)" + bitwidth: 8 + match_type: TERNARY + } + match_fields { + id: 15 + name: "route_metadata" + annotations: "@sai_field(SAI_ACL_TABLE_ATTR_FIELD_ROUTE_DST_USER_META)" + bitwidth: 6 + match_type: OPTIONAL + } + match_fields { + id: 5 + name: "dst_mac" + annotations: "@sai_field(SAI_ACL_TABLE_ATTR_FIELD_DST_MAC)" + annotations: "@format(MAC_ADDRESS)" + bitwidth: 48 + match_type: TERNARY + } + match_fields { + id: 6 + name: "arp_tpa" + annotations: "@composite_field(@ sai_udf ( base = SAI_UDF_BASE_L3 , offset = 24 , length = 2 ) , @ sai_udf ( base = SAI_UDF_BASE_L3 , offset = 26 , length = 2 ))" + annotations: "@format(IPV4_ADDRESS)" + bitwidth: 32 + match_type: TERNARY + } + match_fields { + id: 11 + name: "in_port" + annotations: "@sai_field(SAI_ACL_TABLE_ATTR_FIELD_IN_PORT)" + match_type: OPTIONAL + type_name { + name: "port_id_t" + } + } + match_fields { + id: 13 + name: "acl_metadata" + annotations: "@sai_field(SAI_ACL_TABLE_ATTR_FIELD_ACL_USER_META)" + bitwidth: 8 + match_type: TERNARY + } + action_refs { + id: 16777484 + annotations: "@proto_id(1)" + } + action_refs { + id: 16777486 + annotations: "@proto_id(2)" + } + action_refs { + id: 16777475 + annotations: "@proto_id(3)" + } + action_refs { + id: 16777481 + annotations: "@proto_id(4)" + } + action_refs { + id: 16777488 + annotations: "@proto_id(5)" + } + action_refs { + id: 16777489 + annotations: "@proto_id(6)" + } + action_refs { + id: 21257015 + annotations: "@defaultonly" + scope: DEFAULT_ONLY + } + const_default_action_id: 21257015 + direct_resource_ids: 318767367 + direct_resource_ids: 352321794 + size: 511 +} tables { preamble { id: 33554697 @@ -1316,138 +1470,6 @@ tables { direct_resource_ids: 318767365 size: 127 } -tables { - preamble { - id: 33554695 - name: "ingress.acl_ingress.acl_ingress_qos_table" - alias: "acl_ingress_qos_table" - annotations: "@sai_acl(INGRESS)" - annotations: "@sai_acl_priority(10)" - annotations: "@p4runtime_role(\"sdn_controller\")" - annotations: "@entry_restriction(\"\n // Forbid using ether_type for IP packets (by convention, use is_ip* instead).\n ether_type != 0x0800 && ether_type != 0x86dd;\n // Only allow IP field matches for IP packets.\n ttl::mask != 0 -> (is_ip == 1 || is_ipv4 == 1 || is_ipv6 == 1);\n ip_protocol::mask != 0 -> (is_ip == 1 || is_ipv4 == 1 || is_ipv6 == 1);\n // Only allow l4_dst_port and l4_src_port matches for TCP/UDP packets.\n l4_dst_port::mask != 0 -> (ip_protocol == 6 || ip_protocol == 17);\n // Forbid illegal combinations of IP_TYPE fields.\n is_ip::mask != 0 -> (is_ipv4::mask == 0 && is_ipv6::mask == 0);\n is_ipv4::mask != 0 -> (is_ip::mask == 0 && is_ipv6::mask == 0);\n is_ipv6::mask != 0 -> (is_ip::mask == 0 && is_ipv4::mask == 0);\n // Forbid unsupported combinations of IP_TYPE fields.\n is_ipv4::mask != 0 -> (is_ipv4 == 1);\n is_ipv6::mask != 0 -> (is_ipv6 == 1);\n // Only allow icmp_type matches for ICMP packets\n icmpv6_type::mask != 0 -> ip_protocol == 58;\n // Only allow arp_tpa matches for ARP packets.\n arp_tpa::mask != 0 -> ether_type == 0x0806;\n \")" - } - match_fields { - id: 1 - name: "is_ip" - annotations: "@sai_field(SAI_ACL_TABLE_ATTR_FIELD_ACL_IP_TYPE / IP)" - bitwidth: 1 - match_type: OPTIONAL - } - match_fields { - id: 2 - name: "is_ipv4" - annotations: "@sai_field(SAI_ACL_TABLE_ATTR_FIELD_ACL_IP_TYPE / IPV4ANY)" - bitwidth: 1 - match_type: OPTIONAL - } - match_fields { - id: 3 - name: "is_ipv6" - annotations: "@sai_field(SAI_ACL_TABLE_ATTR_FIELD_ACL_IP_TYPE / IPV6ANY)" - bitwidth: 1 - match_type: OPTIONAL - } - match_fields { - id: 4 - name: "ether_type" - annotations: "@sai_field(SAI_ACL_TABLE_ATTR_FIELD_ETHER_TYPE)" - bitwidth: 16 - match_type: TERNARY - } - match_fields { - id: 5 - name: "dst_mac" - annotations: "@sai_field(SAI_ACL_TABLE_ATTR_FIELD_DST_MAC)" - annotations: "@format(MAC_ADDRESS)" - bitwidth: 48 - match_type: TERNARY - } - match_fields { - id: 6 - name: "arp_tpa" - annotations: "@composite_field(@ sai_udf ( base = SAI_UDF_BASE_L3 , offset = 24 , length = 2 ) , @ sai_udf ( base = SAI_UDF_BASE_L3 , offset = 26 , length = 2 ))" - annotations: "@format(IPV4_ADDRESS)" - bitwidth: 32 - match_type: TERNARY - } - match_fields { - id: 7 - name: "ttl" - annotations: "@sai_field(SAI_ACL_TABLE_ATTR_FIELD_TTL)" - bitwidth: 8 - match_type: TERNARY - } - match_fields { - id: 8 - name: "ip_protocol" - annotations: "@sai_field(SAI_ACL_TABLE_ATTR_FIELD_IP_PROTOCOL)" - bitwidth: 8 - match_type: TERNARY - } - match_fields { - id: 9 - name: "icmpv6_type" - annotations: "@sai_field(SAI_ACL_TABLE_ATTR_FIELD_ICMPV6_TYPE)" - bitwidth: 8 - match_type: TERNARY - } - match_fields { - id: 10 - name: "l4_dst_port" - annotations: "@sai_field(SAI_ACL_TABLE_ATTR_FIELD_L4_DST_PORT)" - bitwidth: 16 - match_type: TERNARY - } - match_fields { - id: 11 - name: "in_port" - annotations: "@sai_field(SAI_ACL_TABLE_ATTR_FIELD_IN_PORT)" - match_type: OPTIONAL - type_name { - name: "port_id_t" - } - } - match_fields { - id: 13 - name: "acl_metadata" - annotations: "@sai_field(SAI_ACL_TABLE_ATTR_FIELD_ACL_USER_META)" - bitwidth: 8 - match_type: TERNARY - } - action_refs { - id: 16777484 - annotations: "@proto_id(1)" - } - action_refs { - id: 16777486 - annotations: "@proto_id(2)" - } - action_refs { - id: 16777475 - annotations: "@proto_id(3)" - } - action_refs { - id: 16777481 - annotations: "@proto_id(4)" - } - action_refs { - id: 16777488 - annotations: "@proto_id(5)" - } - action_refs { - id: 16777489 - annotations: "@proto_id(6)" - } - action_refs { - id: 21257015 - annotations: "@defaultonly" - scope: DEFAULT_ONLY - } - const_default_action_id: 21257015 - direct_resource_ids: 318767367 - direct_resource_ids: 352321794 - size: 511 -} tables { preamble { id: 33554696 @@ -1818,6 +1840,90 @@ actions { } } } +actions { + preamble { + id: 16777484 + name: "ingress.acl_ingress.set_qos_queue_and_cancel_copy_above_rate_limit" + alias: "set_qos_queue_and_cancel_copy_above_rate_limit" + annotations: "@sai_action(SAI_PACKET_ACTION_FORWARD , SAI_PACKET_COLOR_GREEN)" + annotations: "@sai_action(SAI_PACKET_ACTION_COPY_CANCEL , SAI_PACKET_COLOR_RED)" + } + params { + id: 1 + name: "qos_queue" + annotations: "@sai_action_param(QOS_QUEUE)" + type_name { + name: "qos_queue_t" + } + } +} +actions { + preamble { + id: 16777489 + name: "ingress.acl_ingress.set_cpu_and_multicast_queues_and_deny_above_rate_limit" + alias: "set_cpu_and_multicast_queues_and_deny_above_rate_limit" + annotations: "@sai_action(SAI_PACKET_ACTION_FORWARD , SAI_PACKET_COLOR_GREEN)" + annotations: "@sai_action(SAI_PACKET_ACTION_DENY , SAI_PACKET_COLOR_RED)" + annotations: "@unsupported" + } + params { + id: 1 + name: "cpu_queue" + annotations: "@sai_action_param(QOS_QUEUE)" + type_name { + name: "qos_queue_t" + } + } + params { + id: 2 + name: "green_multicast_queue" + annotations: "@sai_action_param(MULTICAST_QOS_QUEUE , SAI_PACKET_COLOR_GREEN)" + type_name { + name: "qos_queue_t" + } + } + params { + id: 3 + name: "red_multicast_queue" + annotations: "@sai_action_param(MULTICAST_QOS_QUEUE , SAI_PACKET_COLOR_RED)" + type_name { + name: "qos_queue_t" + } + } +} +actions { + preamble { + id: 16777486 + name: "ingress.acl_ingress.set_cpu_queue_and_deny_above_rate_limit" + alias: "set_cpu_queue_and_deny_above_rate_limit" + annotations: "@sai_action(SAI_PACKET_ACTION_FORWARD , SAI_PACKET_COLOR_GREEN)" + annotations: "@sai_action(SAI_PACKET_ACTION_DENY , SAI_PACKET_COLOR_RED)" + } + params { + id: 1 + name: "cpu_queue" + annotations: "@sai_action_param(QOS_QUEUE)" + type_name { + name: "qos_queue_t" + } + } +} +actions { + preamble { + id: 16777488 + name: "ingress.acl_ingress.set_cpu_queue" + alias: "set_cpu_queue" + annotations: "@sai_action(SAI_PACKET_ACTION_FORWARD)" + } + params { + id: 1 + name: "cpu_queue" + annotations: "@sai_action_param(QOS_QUEUE)" + type_name { + name: "qos_queue_t" + } + } +} actions { preamble { id: 16777217 @@ -2190,90 +2296,6 @@ actions { bitwidth: 8 } } -actions { - preamble { - id: 16777484 - name: "ingress.acl_ingress.set_qos_queue_and_cancel_copy_above_rate_limit" - alias: "set_qos_queue_and_cancel_copy_above_rate_limit" - annotations: "@sai_action(SAI_PACKET_ACTION_FORWARD , SAI_PACKET_COLOR_GREEN)" - annotations: "@sai_action(SAI_PACKET_ACTION_COPY_CANCEL , SAI_PACKET_COLOR_RED)" - } - params { - id: 1 - name: "qos_queue" - annotations: "@sai_action_param(QOS_QUEUE)" - type_name { - name: "qos_queue_t" - } - } -} -actions { - preamble { - id: 16777489 - name: "ingress.acl_ingress.set_cpu_and_multicast_queues_and_deny_above_rate_limit" - alias: "set_cpu_and_multicast_queues_and_deny_above_rate_limit" - annotations: "@sai_action(SAI_PACKET_ACTION_FORWARD , SAI_PACKET_COLOR_GREEN)" - annotations: "@sai_action(SAI_PACKET_ACTION_DENY , SAI_PACKET_COLOR_RED)" - annotations: "@unsupported" - } - params { - id: 1 - name: "cpu_queue" - annotations: "@sai_action_param(QOS_QUEUE)" - type_name { - name: "qos_queue_t" - } - } - params { - id: 2 - name: "green_multicast_queue" - annotations: "@sai_action_param(MULTICAST_QOS_QUEUE , SAI_PACKET_COLOR_GREEN)" - type_name { - name: "qos_queue_t" - } - } - params { - id: 3 - name: "red_multicast_queue" - annotations: "@sai_action_param(MULTICAST_QOS_QUEUE , SAI_PACKET_COLOR_RED)" - type_name { - name: "qos_queue_t" - } - } -} -actions { - preamble { - id: 16777486 - name: "ingress.acl_ingress.set_cpu_queue_and_deny_above_rate_limit" - alias: "set_cpu_queue_and_deny_above_rate_limit" - annotations: "@sai_action(SAI_PACKET_ACTION_FORWARD , SAI_PACKET_COLOR_GREEN)" - annotations: "@sai_action(SAI_PACKET_ACTION_DENY , SAI_PACKET_COLOR_RED)" - } - params { - id: 1 - name: "cpu_queue" - annotations: "@sai_action_param(QOS_QUEUE)" - type_name { - name: "qos_queue_t" - } - } -} -actions { - preamble { - id: 16777488 - name: "ingress.acl_ingress.set_cpu_queue" - alias: "set_cpu_queue" - annotations: "@sai_action(SAI_PACKET_ACTION_FORWARD)" - } - params { - id: 1 - name: "cpu_queue" - annotations: "@sai_action_param(QOS_QUEUE)" - type_name { - name: "qos_queue_t" - } - } -} actions { preamble { id: 16777485 @@ -2331,6 +2353,17 @@ direct_counters { } direct_table_id: 33554688 } +direct_counters { + preamble { + id: 318767367 + name: "ingress.acl_ingress.acl_ingress_qos_counter" + alias: "acl_ingress_qos_counter" + } + spec { + unit: BOTH + } + direct_table_id: 33554695 +} direct_counters { preamble { id: 318767369 @@ -2386,17 +2419,6 @@ direct_counters { } direct_table_id: 33554694 } -direct_counters { - preamble { - id: 318767367 - name: "ingress.acl_ingress.acl_ingress_qos_counter" - alias: "acl_ingress_qos_counter" - } - spec { - unit: BOTH - } - direct_table_id: 33554695 -} direct_counters { preamble { id: 318767368