From ef5c9e736d3aa23e23e4d7a545f435c941dec245 Mon Sep 17 00:00:00 2001
From: Sonic Build Admin <sonicbld@microsoft.com>
Date: Thu, 29 Jan 2026 18:14:35 +0000
Subject: [PATCH] [ssw][ha] add ACTION_COUNTER to acl table type

<!--
Please make sure you have read and understood the contribution guildlines:
https://github.com/Azure/SONiC/blob/gh-pages/CONTRIBUTING.md

1. Make sure your commit includes a signature generted with `git commit -s`
2. Make sure your commit title follows the correct format: [component]: description
3. Make sure your commit message contains enough details about the change and related tests
4. Make sure your pull request adds related reviewers, asignees, labels

Please also provide the following information in this pull request:
-->

**What I did**

Add action counter to acl table type when creating initializing tunnel termination acl table.

sign-off: Jing Zhang zhangjing@microsoft.com

**Why I did it**
It's added for the acl rules but not for the table today.

**How I verified it**
This change was there for our HA development (on a custom branch) but missed on the master branch. It's verified in many demo sessions.

**Details if related**

Error logs if missing this PR:

```
2025 Dec 12 00:50:02.269248 switch1 ERR syncd#syncd: SAI_LOG|SAI_API_ACL: src/acl/sai_acl_cmd.cpp:86: ACL Table 0x380000000000003 does not support action SAI_ACL_ACTION_TYPE_COUNTER
2025 Dec 12 00:50:02.269248 switch1 ERR syncd#syncd: :- sendApiResponse: api SAI_COMMON_API_CREATE failed in syncd mode: SAI_STATUS_INVALID_PARAMETER
2025 Dec 12 00:50:02.269366 switch1 ERR syncd#syncd: :- processQuadEvent: attr: SAI_ACL_ENTRY_ATTR_TABLE_ID: oid:0x7000000000661
2025 Dec 12 00:50:02.269366 switch1 ERR syncd#syncd: :- processQuadEvent: attr: SAI_ACL_ENTRY_ATTR_PRIORITY: 9998
2025 Dec 12 00:50:02.269384 switch1 ERR syncd#syncd: :- processQuadEvent: attr: SAI_ACL_ENTRY_ATTR_ADMIN_STATE: true
2025 Dec 12 00:50:02.269426 switch1 ERR syncd#syncd: :- processQuadEvent: attr: SAI_ACL_ENTRY_ATTR_ACTION_COUNTER: oid:0x9000000015a72
2025 Dec 12 00:50:02.269426 switch1 ERR syncd#syncd: :- processQuadEvent: attr: SAI_ACL_ENTRY_ATTR_FIELD_DST_IP: 3.2.1.0&mask:255.255.255.255
2025 Dec 12 00:50:02.269426 switch1 ERR syncd#syncd: :- processQuadEvent: attr: SAI_ACL_ENTRY_ATTR_FIELD_TUNNEL_TERMINATED: true
2025 Dec 12 00:50:02.269443 switch1 ERR syncd#syncd: :- processQuadEvent: attr: SAI_ACL_ENTRY_ATTR_ACTION_REDIRECT: oid:0x400000000065c
2025 Dec 12 00:50:02.269711 switch1 ERR swss#orchagent: :- create: create status: SAI_STATUS_INVALID_PARAMETER
2025 Dec 12 00:50:02.269711 switch1 ERR swss#orchagent: :- createRule: Failed to create ACL rule Vnet_55_3.2.1.0/32_TUNN_TERM, rv:-5
```
---
 orchagent/vnetorch.cpp | 8 +++++++-
 tests/test_vnet.py     | 8 ++++++++
 2 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/orchagent/vnetorch.cpp b/orchagent/vnetorch.cpp
index cf5a8739..f41c4af1 100644
--- a/orchagent/vnetorch.cpp
+++ b/orchagent/vnetorch.cpp
@@ -3518,6 +3518,12 @@ void VNetTunnelTermAcl::lazyInit()
     };
     string matches = std::accumulate(std::next(match_list.begin()), match_list.end(), match_list[0], concat);
 
+    vector<string> action_list = {
+        ACTION_REDIRECT_ACTION,
+        ACTION_COUNTER
+    };
+    string actions = std::accumulate(std::next(action_list.begin()), action_list.end(), action_list[0], concat);
+
     vector<string> bpoint_list = {
         BIND_POINT_TYPE_PORT,
         BIND_POINT_TYPE_PORTCHANNEL
@@ -3526,7 +3532,7 @@ void VNetTunnelTermAcl::lazyInit()
 
     vector<FieldValueTuple> fvs = {
         {ACL_TABLE_TYPE_MATCHES, matches},
-        {ACL_TABLE_TYPE_ACTIONS, ACTION_REDIRECT_ACTION},
+        {ACL_TABLE_TYPE_ACTIONS, actions},
         {ACL_TABLE_TYPE_BPOINT_TYPES, bpoints}
     };
 
diff --git a/tests/test_vnet.py b/tests/test_vnet.py
index 3a7db86b..411ed933 100644
--- a/tests/test_vnet.py
+++ b/tests/test_vnet.py
@@ -2687,6 +2687,14 @@ def test_vnet_orch_28(self, dvs, dvs_acl, testlog):
         vnet_obj.fetch_exist_entries(dvs)
         create_vnet_routes(dvs, "100.100.1.1/32", vnet_name, '9.1.0.1,9.1.0.2', ep_monitor='9.1.0.3,9.1.0.4', primary ='9.1.0.1', profile="Test_profile", monitoring='custom', adv_prefix='100.100.1.0/24', check_directly_connected=True)
 
+        # verify acl table action list
+        expected_action_list = [
+            "SAI_ACL_ACTION_TYPE_COUNTER",
+            "SAI_ACL_ACTION_TYPE_REDIRECT"
+        ]
+        acl_table_id = dvs_acl.get_acl_table_ids(1)[0]
+        dvs_acl.verify_acl_table_action_list(acl_table_id, expected_action_list)
+
         # verify tunnel term acl 
         expected_sai_qualifiers = {
             "SAI_ACL_ENTRY_ATTR_FIELD_DST_IP": dvs_acl.get_simple_qualifier_comparator("100.100.1.1&mask:255.255.255.255")