-
Notifications
You must be signed in to change notification settings - Fork 89
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Submit python model #426
Open
saad-mzhr
wants to merge
22
commits into
sonic-net:main
Choose a base branch
from
saad-mzhr:dev_python_model
base: main
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Open
Submit python model #426
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
saad-mzhr
requested review from
mhanif,
vijasrin,
marian-pritsak,
chrispsommers,
reshmaintel and
budgrise
August 25, 2023 01:29
hi @saad-mzhr - did you want me to keep this Open in the DASH Community? |
hi @saad-mzhr - did you want me to keep this Open in the DASH Community? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is an attempt to translate P4 model to python so that Stateful Features (firewall, metering, ST) and Complex Match Types (ternary/range list) can be implemented.
Current State:
This model incorporates all the features in the existing P4 model and adds on top of it:
Note that P4 model is not rewritten from scratch. Instead, it is translated word to word so as to preserve all the effort that has been put in the P4 model.
Directory/File Structure:
There is only a single folder (python_model) that directly holds all the files needed at runtime. There is a sub-directory called "python_model/tests" that stores regression tests used during development. This sub-directory is not used at runtime.
Main directory (python_model) has 2 types of files:
Testing:
https://github.com/sonic-net/DASH/blob/main/documentation/general/sdn-pipeline-basic-elements.md#acl-actions
Right now, mostly white box testing is being done over debugger for better visibility.
Steps to run:
Python 3.10.12
VSCODE 1.81.1
Python dev extensions in VSCODE
This program tests basic Stateful Firewall functionality. It configures inbound/outbound tables with appropriate values.
It also creates 2 ACL groups for inbound and outbound. Outbound ACLs have "Allow All" policy. Inbound ACLs have "Deny All" policy. The program first sends an outbound UDP packet. It is allowed by the firewall. Pipeline returns a transformed version of the packet (Use debugger to follow the packet flow).
Next, the program sends a corresponding inbound packet (UDP response). Even though the Inbound ACL has a "Deny All" policy, but this response packet will still be allowed in because of the flow table.
Also, if you send the response packet after a long enough interval (>5 seconds), response packet will be dropped because the connection has timed out.
Some points about the code: