-
Notifications
You must be signed in to change notification settings - Fork 93
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Submit python model #426
base: main
Are you sure you want to change the base?
Submit python model #426
Conversation
|
hi @saad-mzhr - did you want me to keep this Open in the DASH Community? |
hi @saad-mzhr - did you want me to keep this Open in the DASH Community? |
no update here 10/9/2024 |
hi @FarhatUllah999 - did you want to pick up this PR from Saad? Let me know, thank you - Kristina |
Hi @KrisNey-MSFT - Yes I have picked up this task from Saad. I have few priority tasks that's why I couldn't work on this PR. Let me prioritize this work soon. |
Ok, thank you Farhat 😊
From: FarhatUllah999 ***@***.***>
Sent: Friday, October 25, 2024 1:19 AM
To: sonic-net/DASH ***@***.***>
Cc: Kristina Moore ***@***.***>; Mention ***@***.***>
Subject: Re: [sonic-net/DASH] Submit python model (PR #426)
hi @FarhatUllah999<https://github.com/FarhatUllah999> - did you want to pick up this PR from Saad? Let me know, thank you - Kristina
Hi @KrisNey-MSFT<https://github.com/KrisNey-MSFT> - Yes I have picked up this task from Saad. I have few priority tasks that's why I couldn't work on this PR. Let me prioritize this work soon.
—
Reply to this email directly, view it on GitHub<#426 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AFJSI6B7FUVMAFPNM7XSL63Z5H5ILAVCNFSM6AAAAABJK2HIBKVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDIMZXGE4DCNJTGE>.
You are receiving this because you were mentioned.Message ID: ***@***.******@***.***>>
|
hi @FarhatUllah999 - are you still looking for a review for this one? Thx! |
This is an attempt to translate P4 model to python so that Stateful Features (firewall, metering, ST) and Complex Match Types (ternary/range list) can be implemented.
Current State:
This model incorporates all the features in the existing P4 model and adds on top of it:
Note that P4 model is not rewritten from scratch. Instead, it is translated word to word so as to preserve all the effort that has been put in the P4 model.
Directory/File Structure:
There is only a single folder (python_model) that directly holds all the files needed at runtime. There is a sub-directory called "python_model/tests" that stores regression tests used during development. This sub-directory is not used at runtime.
Main directory (python_model) has 2 types of files:
Testing:
https://github.com/sonic-net/DASH/blob/main/documentation/general/sdn-pipeline-basic-elements.md#acl-actions
Right now, mostly white box testing is being done over debugger for better visibility.
Steps to run:
Python 3.10.12
VSCODE 1.81.1
Python dev extensions in VSCODE
This program tests basic Stateful Firewall functionality. It configures inbound/outbound tables with appropriate values.
It also creates 2 ACL groups for inbound and outbound. Outbound ACLs have "Allow All" policy. Inbound ACLs have "Deny All" policy. The program first sends an outbound UDP packet. It is allowed by the firewall. Pipeline returns a transformed version of the packet (Use debugger to follow the packet flow).
Next, the program sends a corresponding inbound packet (UDP response). Even though the Inbound ACL has a "Deny All" policy, but this response packet will still be allowed in because of the flow table.
Also, if you send the response packet after a long enough interval (>5 seconds), response packet will be dropped because the connection has timed out.
Some points about the code: