Fix ACL rule creation in packet trimming tests (Broadcom) by rgarofano-arista · Pull Request #21448 · sonic-net/sonic-mgmt

rgarofano-arista · 2025-11-26T21:50:25Z

Description of PR

Summary:
Fixes # (issue)

Type of change

Back port request

Approach

What is the motivation for this PR?

Packet trimming tests use acl for verifying that the disable trim action works. We couldn't get this testcase to pass on Broadcom th5. One of the issues was that acl rules weren't being created.

How did you do it?

After inspecting the sairedis logs, it was discovered that it was trying and failing to create a counter for the acl rules the test is trying to create. This is because the action list specified in the configuration does not include a counter, but the orchagent seems to attempt to create one anyways. By adding a counter to the action list we no longer fail to create the ACL rule.

How did you verify/test it?

Confirmed test_acl_action_with_trimming testcase was passing with the change.

Any platform specific information?

Supported testbed topology if it's a new test case?

Documentation

mssonicbld · 2025-11-26T21:50:32Z

/azp run

azure-pipelines · 2025-11-26T21:50:46Z

Azure Pipelines successfully started running 1 pipeline(s).

mssonicbld · 2025-11-28T00:38:16Z

/azp run

azure-pipelines · 2025-11-28T00:38:29Z

Azure Pipelines successfully started running 1 pipeline(s).

sdszhang · 2025-11-30T23:32:51Z

@rgarofano-arista pls fix the pr checker failure.

mssonicbld · 2025-12-01T17:44:14Z

/azp run

azure-pipelines · 2025-12-01T17:44:28Z

Azure Pipelines successfully started running 1 pipeline(s).

Broadcom SAI will complain if this configuration isn't provided, leading to no acl rules being created. Signed-off-by: Ryan Garofano <rgarofano@arista.com>

mssonicbld · 2025-12-01T17:45:26Z

/azp run

azure-pipelines · 2025-12-01T17:45:41Z

Azure Pipelines successfully started running 1 pipeline(s).

r12f · 2025-12-11T05:53:13Z

the test change it not broadcom only, but seems to be reasonable. + @nazariig and @dgsudharsan to double confirm.

nazariig · 2025-12-11T16:44:03Z

the test change it not broadcom only, but seems to be reasonable. + @nazariig and @dgsudharsan to double confirm.

@rgarofano-arista the change looks to me redundant: should be working without specifying action explicitly

Please double check:
https://github.com/sonic-net/sonic-swss/blob/master/orchagent/aclorch.cpp#L2559

bool AclTable::addMandatoryActions()
...
    sai_acl_action_type_t acl_action = SAI_ACL_ACTION_TYPE_COUNTER;
    if (m_pAclOrch->isAclActionSupported(stage, acl_action))
    {
        SWSS_LOG_INFO("Add counter acl action");
        type.addAction(acl_action);
    }
...

r12f · 2025-12-27T22:48:23Z

Change to 202412: Azure/sonic-mgmt.msft#882

r12f · 2025-12-27T22:52:15Z

hey Ryan @rgarofano-arista do you mind to help check Nazarii's comment above? 202412 also has this change, so the ACL tables should be ok, but maybe something override this logic in swss?

rgarofano-arista · 2026-01-06T18:55:52Z

Yes, SWSS is trying to create the counter without the config. However the SAI complains, failing to create the counter if the config is not present.

StormLiangMS · 2026-01-30T12:22:07Z

hi @nazariig what I heard is that this PR would cause failure on nVidia platform, could you confirm? @rgarofano-arista @r12f FYI.

kperumalbfn · 2026-02-05T20:57:18Z

@rgarofano-arista could you check if SAI capability query fails for ACL counter?

rgarofano-arista · 2026-02-11T01:33:48Z

hey Ryan @rgarofano-arista do you mind to help check Nazarii's comment above? 202412 also has this change, so the ACL tables should be ok, but maybe something override this logic in swss?

@r12f This function only adds the counter action if the action list is not empty (see https://github.com/sonic-net/sonic-swss/blob/0ad109f7e573f44e73bc80021efd9701440a06da/orchagent/aclorch.cpp#L2575). In the packet trimming test we are specifying the action list in the configuration, hence we need to add the counter to the action list in the config. How is this working for Mellanox without this change?

nazariig · 2026-02-11T16:17:54Z

@rgarofano-arista we have tested this change. Looks good. No further concerns

bingwang-ms · 2026-02-16T06:56:44Z

hey Ryan @rgarofano-arista do you mind to help check Nazarii's comment above? 202412 also has this change, so the ACL tables should be ok, but maybe something override this logic in swss?

@r12f This function only adds the counter action if the action list is not empty (see https://github.com/sonic-net/sonic-swss/blob/0ad109f7e573f44e73bc80021efd9701440a06da/orchagent/aclorch.cpp#L2575). In the packet trimming test we are specifying the action list in the configuration, hence we need to add the counter to the action list in the config. How is this working for Mellanox without this change?

@rgarofano-arista I think we may need to improve orchagent to handle this scenario. If counter is a mandatory and missing it leads to crash, it should be better to be handled in orchagent.

mssonicbld · 2026-02-19T17:20:17Z

Cherry-pick PR to msft-202412: Azure/sonic-mgmt.msft#1029

r12f · 2026-02-19T17:23:12Z

Previous manual pick to 202412: Azure/sonic-mgmt.msft#882

Broadcom SAI will complain if this configuration isn't provided, leading to no acl rules being created. Signed-off-by: Ryan Garofano <rgarofano@arista.com> Signed-off-by: Zhuohui Tan <zhuohui.tan@amd.com>

Broadcom SAI will complain if this configuration isn't provided, leading to no acl rules being created. Signed-off-by: Ryan Garofano <rgarofano@arista.com> Signed-off-by: mssonicbld <sonicbld@microsoft.com>

mssonicbld · 2026-02-23T03:08:12Z

Cherry-pick PR to 202511: #22534

Broadcom SAI will complain if this configuration isn't provided, leading to no acl rules being created. Signed-off-by: Ryan Garofano <rgarofano@arista.com> Signed-off-by: mssonicbld <sonicbld@microsoft.com> Co-authored-by: Ryan Garofano <rgarofano@arista.com>

rgarofano-arista force-pushed the fix-acl-rule-creation branch from 74cec36 to 833c0c3 Compare November 28, 2025 00:38

github-actions bot requested review from nikamirrr, wangxin and yxieca November 28, 2025 00:38

rgarofano-arista force-pushed the fix-acl-rule-creation branch from 833c0c3 to cc2ce63 Compare December 1, 2025 17:44

github-actions bot requested a review from developfast December 1, 2025 17:44

Add counter to packet trimming acl config

3b15771

Broadcom SAI will complain if this configuration isn't provided, leading to no acl rules being created. Signed-off-by: Ryan Garofano <rgarofano@arista.com>

rgarofano-arista force-pushed the fix-acl-rule-creation branch from cc2ce63 to 3b15771 Compare December 1, 2025 17:45

davidm-arista added Request for msft-202412 Branch Request for 202511 branch Request to backport a change to 202511 branch labels Dec 18, 2025

sdszhang approved these changes Feb 10, 2026

View reviewed changes

sdszhang self-requested a review February 10, 2026 00:51

nazariig approved these changes Feb 11, 2026

View reviewed changes

nazariig requested review from nhe-NV and roy-sror February 11, 2026 16:18

sdszhang approved these changes Feb 12, 2026

View reviewed changes

bingwang-ms merged commit d74cf05 into sonic-net:master Feb 16, 2026
18 checks passed

r12f added the Approved for msft-202412 Branch label Feb 19, 2026

mssonicbld mentioned this pull request Feb 19, 2026

[action] [PR:21448] Fix ACL rule creation in packet trimming tests (Broadcom) Azure/sonic-mgmt.msft#1029

Merged

11 tasks

mssonicbld added the Created PR to msft-202412 Branch label Feb 19, 2026

mssonicbld added Included in msft-202412 Branch and removed Created PR to msft-202412 Branch labels Feb 19, 2026

vmittal-msft added the Approved for 202511 branch label Feb 23, 2026

mssonicbld added the Created PR to 202511 branch label Feb 23, 2026

mssonicbld mentioned this pull request Feb 23, 2026

[action] [PR:21448] Fix ACL rule creation in packet trimming tests (Broadcom) #22534

Merged

11 tasks

mssonicbld added Included in 202511 branch and removed Created PR to 202511 branch labels Feb 23, 2026

Comments

Conversation

rgarofano-arista commented Nov 26, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Description of PR

Type of change

Back port request

Approach

What is the motivation for this PR?

How did you do it?

How did you verify/test it?

Any platform specific information?

Supported testbed topology if it's a new test case?

Documentation

Uh oh!

mssonicbld commented Nov 26, 2025

Uh oh!

azure-pipelines bot commented Nov 26, 2025

Uh oh!

mssonicbld commented Nov 28, 2025

Uh oh!

azure-pipelines bot commented Nov 28, 2025

Uh oh!

sdszhang commented Nov 30, 2025

Uh oh!

mssonicbld commented Dec 1, 2025

Uh oh!

azure-pipelines bot commented Dec 1, 2025

Uh oh!

mssonicbld commented Dec 1, 2025

Uh oh!

azure-pipelines bot commented Dec 1, 2025

Uh oh!

r12f commented Dec 11, 2025

Uh oh!

nazariig commented Dec 11, 2025

Uh oh!

r12f commented Dec 27, 2025

Uh oh!

r12f commented Dec 27, 2025

Uh oh!

rgarofano-arista commented Jan 6, 2026

Uh oh!

StormLiangMS commented Jan 30, 2026

Uh oh!

kperumalbfn commented Feb 5, 2026

Uh oh!

rgarofano-arista commented Feb 11, 2026

Uh oh!

nazariig commented Feb 11, 2026

Uh oh!

Uh oh!

bingwang-ms commented Feb 16, 2026

Uh oh!

mssonicbld commented Feb 19, 2026

Uh oh!

r12f commented Feb 19, 2026

Uh oh!

mssonicbld commented Feb 23, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

10 participants

rgarofano-arista commented Nov 26, 2025 •

edited

Loading