enhance J3 ACL trap ARP packets to high priority cpu queue

Summary: This is part of the work to replace rx reason traps by ACL on J3, see https://docs.google.com/document/d/1PFuccXRI10zIdiDyUKyCAbKtJHJNOcDqYzkRlMgxN6Y/edit?usp=sharing for details. This diffs enhanced fboss ACL to trap ARP packets to high priority cpu queue on J3 and remove ARP rx reason traps from copp hw tets. Reviewed By: shri-khare Differential Revision: D62778870 Privacy Context Container: L1125642 fbshipit-source-id: 166fa0393658b960443825c3a4d476e59ea7a360
facebook · Sep 17, 2024 · 498bea5 · 498bea5
1 parent 7b6ff58
commit 498bea5
Show file tree

Hide file tree

Showing 5 changed files with 37 additions and 5 deletions.
diff --git a/fboss/agent/hw/bcm/BcmFieldProcessorFBConvertors.cpp b/fboss/agent/hw/bcm/BcmFieldProcessorFBConvertors.cpp
@@ -141,6 +141,9 @@ bcm_field_IpType_t cfgIpTypeToBcmIpType(cfg::IpType cfgIpType) {
       return bcmFieldIpTypeIpv4Any;
     case cfg::IpType::IP6:
       return bcmFieldIpTypeIpv6;
+    case cfg::IpType::ARP_REQUEST:
+    case cfg::IpType::ARP_REPLY:
+      break;
   }
   // should return in one of the cases
   throw FbossError("Unsupported IP Type option");

diff --git a/fboss/agent/hw/bcm/tests/BcmFieldProcessorFBConvertorsTests.cpp b/fboss/agent/hw/bcm/tests/BcmFieldProcessorFBConvertorsTests.cpp
@@ -45,7 +45,11 @@ TEST(FPBcmConvertors, cfgIpFragToFromBcm) {
 }
 
 TEST(FPBcmConvertors, ipTypeToFromBcm) {
-  for (auto cfgIpType : apache::thrift::TEnumTraits<cfg::IpType>::values) {
+  for (auto cfgIpType :
+       {cfg::IpType::ANY,
+        cfg::IpType::IP,
+        cfg::IpType::IP4,
+        cfg::IpType::IP6}) {
     auto bcmIpType = cfgIpTypeToBcmIpType(cfgIpType);
     EXPECT_EQ(cfgIpType, bcmIpTypeToCfgIpType(bcmIpType));
   }

diff --git a/fboss/agent/hw/sai/switch/SaiAclTableManager.cpp b/fboss/agent/hw/sai/switch/SaiAclTableManager.cpp
@@ -275,6 +275,10 @@ sai_acl_ip_type_t SaiAclTableManager::cfgIpTypeToSaiIpType(
       return SAI_ACL_IP_TYPE_IPV4ANY;
     case cfg::IpType::IP6:
       return SAI_ACL_IP_TYPE_IPV6ANY;
+    case cfg::IpType::ARP_REQUEST:
+      return SAI_ACL_IP_TYPE_ARP_REQUEST;
+    case cfg::IpType::ARP_REPLY:
+      return SAI_ACL_IP_TYPE_ARP_REPLY;
   }
   // should return in one of the cases
   throw FbossError("Unsupported IP Type option");
@@ -289,6 +293,7 @@ uint16_t SaiAclTableManager::cfgEtherTypeToSaiEtherType(
     case cfg::EtherType::EAPOL:
     case cfg::EtherType::MACSEC:
     case cfg::EtherType::LLDP:
+    case cfg::EtherType::ARP:
       return static_cast<uint16_t>(cfgEtherType);
   }
   // should return in one of the cases

diff --git a/fboss/agent/switch_config.thrift b/fboss/agent/switch_config.thrift
@@ -223,6 +223,8 @@ enum IpType {
   IP = 1,
   IP4 = 2,
   IP6 = 3,
+  ARP_REQUEST = 4,
+  ARP_REPLY = 5,
 }
 
 enum EtherType {
@@ -232,6 +234,7 @@ enum EtherType {
   EAPOL = 0x888E,
   MACSEC = 0x88E5,
   LLDP = 0x88CC,
+  ARP = 0x0806,
 }
 
 struct Ttl {

diff --git a/fboss/agent/test/utils/CoppTestUtils.cpp b/fboss/agent/test/utils/CoppTestUtils.cpp
@@ -475,6 +475,24 @@ void addHighPriAclForBgp(
       {cfg::EtherType::IPv4, cfg::EtherType::IPv6});
 }
 
+void addHighPriAclForArp(
+    cfg::ToCpuAction toCpuAction,
+    int highPriQueueId,
+    std::vector<std::pair<cfg::AclEntry, cfg::MatchAction>>& acls,
+    bool isSai) {
+  cfg::AclEntry acl1;
+  acl1.etherType() = cfg::EtherType::ARP;
+  acl1.ipType() = cfg::IpType::ARP_REQUEST;
+  acl1.name() = folly::to<std::string>("cpuPolicing-high-arp-request-acl");
+  auto action = createQueueMatchAction(highPriQueueId, isSai, toCpuAction);
+  acls.push_back(std::make_pair(acl1, action));
+  cfg::AclEntry acl2;
+  acl2.etherType() = cfg::EtherType::ARP;
+  acl2.ipType() = cfg::IpType::ARP_REPLY;
+  acl2.name() = folly::to<std::string>("cpuPolicing-high-arp-reply-acl");
+  acls.push_back(std::make_pair(acl2, action));
+}
+
 void addMidPriAclForLldp(
     cfg::ToCpuAction toCpuAction,
     int midPriQueueId,
@@ -713,6 +731,9 @@ std::vector<std::pair<cfg::AclEntry, cfg::MatchAction>> defaultCpuAclsForSai(
         hwAsic, cfg::ToCpuAction::TRAP, acls, true /*isSai*/);
 
     if (hwAsic->isSupported(HwAsic::Feature::NO_RX_REASON_TRAP)) {
+      addHighPriAclForArp(
+
+          cfg::ToCpuAction::TRAP, getCoppHighPriQueueId(hwAsic), acls, true);
       addHighPriAclForBgp(
           hwAsic,
           cfg::ToCpuAction::TRAP,
@@ -965,10 +986,6 @@ std::vector<cfg::PacketRxReasonToQueue> getCoppRxReasonToQueuesForSai(
   if (hwAsic->isSupported(HwAsic::Feature::NO_RX_REASON_TRAP)) {
     // TODO(daiweix): remove these rx reason traps and replace them by ACLs
     rxReasonToQueues = {
-        ControlPlane::makeRxReasonToQueueEntry(
-            cfg::PacketRxReason::ARP, coppHighPriQueueId),
-        ControlPlane::makeRxReasonToQueueEntry(
-            cfg::PacketRxReason::ARP_RESPONSE, coppHighPriQueueId),
         ControlPlane::makeRxReasonToQueueEntry(
             cfg::PacketRxReason::NDP, coppHighPriQueueId),
         ControlPlane::makeRxReasonToQueueEntry(