Merge pull request #3862 from rkavitha-hcl/acl_actions

StephenWangGoogle · web-flow · commit 34da384fc7cd · 2026-01-06T14:59:07.000-08:00
[P4Orch] Enable ACL Action SET_ACL_META_DATA and packet action COPY_CANCEL and DENY support
diff --git a/orchagent/p4orch/acl_rule_manager.cpp b/orchagent/p4orch/acl_rule_manager.cpp
@@ -1412,7 +1412,9 @@ ReturnCode AclRuleManager::setActionValue(const acl_entry_attr_union_t attr_name
     case SAI_ACL_ENTRY_ATTR_ACTION_SET_DSCP:
     case SAI_ACL_ENTRY_ATTR_ACTION_SET_ECN:
     case SAI_ACL_ENTRY_ATTR_ACTION_SET_INNER_VLAN_PRI:
-    case SAI_ACL_ENTRY_ATTR_ACTION_SET_OUTER_VLAN_PRI: {
+    case SAI_ACL_ENTRY_ATTR_ACTION_SET_OUTER_VLAN_PRI:
+    case SAI_ACL_ENTRY_ATTR_ACTION_SET_ACL_META_DATA: {
+
         try
         {
             value->aclaction.parameter.u8 = to_uint<uint8_t>(attr_value);
@@ -1529,7 +1531,7 @@ ReturnCode AclRuleManager::createAclRule(P4AclRule &acl_rule)
 {
     SWSS_LOG_ENTER();
 
-    // Track if the entry creats a new counter or meter
+    // Track if the entry creates a new counter or meter
     bool created_meter = false;
     bool created_counter = false;
     const auto &table_name_and_rule_key = concatTableNameAndRuleKey(acl_rule.acl_table_name, acl_rule.acl_rule_key);
diff --git a/orchagent/p4orch/acl_util.h b/orchagent/p4orch/acl_util.h
@@ -355,13 +355,17 @@ using P4AclRuleTables = std::map<std::string, std::map<std::string, P4AclRule>>;
 #define P4_ACTION_SET_L4_DST_PORT "SAI_ACL_ENTRY_ATTR_ACTION_SET_L4_DST_PORT"
 #define P4_ACTION_SET_DO_NOT_LEARN "SAI_ACL_ENTRY_ATTR_ACTION_SET_DO_NOT_LEARN"
 #define P4_ACTION_SET_VRF "SAI_ACL_ENTRY_ATTR_ACTION_SET_VRF"
+#define P4_ACTION_SET_ACL_META_DATA "SAI_ACL_ENTRY_ATTR_ACTION_SET_ACL_META_DATA"
 #define P4_ACTION_SET_QOS_QUEUE "QOS_QUEUE"
 
 #define P4_PACKET_ACTION_FORWARD "SAI_PACKET_ACTION_FORWARD"
 #define P4_PACKET_ACTION_DROP "SAI_PACKET_ACTION_DROP"
 #define P4_PACKET_ACTION_COPY "SAI_PACKET_ACTION_COPY"
 #define P4_PACKET_ACTION_PUNT "SAI_PACKET_ACTION_TRAP"
 #define P4_PACKET_ACTION_LOG "SAI_PACKET_ACTION_LOG"
+#define P4_PACKET_ACTION_COPY_CANCEL "SAI_PACKET_ACTION_COPY_CANCEL"
+#define P4_PACKET_ACTION_DENY "SAI_PACKET_ACTION_DENY"
+
 
 #define P4_PACKET_ACTION_REDIRECT "REDIRECT"
 
@@ -428,7 +432,12 @@ using P4AclRuleTables = std::map<std::string, std::map<std::string, P4AclRule>>;
 #define GENL_PACKET_TRAP_GROUP_NAME_PREFIX "trap.group.cpu.queue."
 
 #define EMPTY_STRING ""
-#define P4_CPU_QUEUE_MAX_NUM 8
+
+// TODO :  To avoid existing p4 tests failure, extend the queue
+// temporarily, should set to 7-14 later.
+#define P4_CPU_QUEUE_MIN_NUM 1 // 7
+#define P4_CPU_QUEUE_MAX_NUM 15 // 14
+
 #define IPV6_SINGLE_WORD_BYTES_LENGTH 4
 #define BYTE_BITWIDTH 8
 
@@ -614,6 +623,8 @@ static const acl_packet_action_lookup_t aclPacketActionLookup = {
     {P4_PACKET_ACTION_FORWARD, SAI_PACKET_ACTION_FORWARD}, {P4_PACKET_ACTION_DROP, SAI_PACKET_ACTION_DROP},
     {P4_PACKET_ACTION_COPY, SAI_PACKET_ACTION_COPY},       {P4_PACKET_ACTION_PUNT, SAI_PACKET_ACTION_TRAP},
     {P4_PACKET_ACTION_LOG, SAI_PACKET_ACTION_LOG},
+    {P4_PACKET_ACTION_COPY_CANCEL, SAI_PACKET_ACTION_COPY_CANCEL},
+    {P4_PACKET_ACTION_DENY, SAI_PACKET_ACTION_DENY},
 };
 
 static const acl_rule_attr_lookup_t aclActionLookup = {
@@ -643,6 +654,7 @@ static const acl_rule_attr_lookup_t aclActionLookup = {
     {P4_ACTION_SET_QOS_QUEUE, SAI_ACL_ENTRY_ATTR_ACTION_SET_USER_TRAP_ID},
     {P4_ACTION_SET_DO_NOT_LEARN, SAI_ACL_ENTRY_ATTR_ACTION_SET_DO_NOT_LEARN},
     {P4_ACTION_SET_VRF, SAI_ACL_ENTRY_ATTR_ACTION_SET_VRF},
+    {P4_ACTION_SET_ACL_META_DATA, SAI_ACL_ENTRY_ATTR_ACTION_SET_ACL_META_DATA},
 };
 
 static const acl_packet_color_policer_attr_lookup_t aclPacketColorPolicerAttrLookup = {
diff --git a/orchagent/p4orch/tests/acl_manager_test.cpp b/orchagent/p4orch/tests/acl_manager_test.cpp
@@ -23,6 +23,7 @@
 #include "table.h"
 #include "tokenize.h"
 #include "vrforch.h"
+#include "logger.h"
 
 using ::p4orch::kTableKeyDelimiter;
 
@@ -715,9 +716,34 @@ P4AclTableDefinitionAppDbEntry getDefaultAclTableDefAppDbEntry()
     app_db_entry.action_field_lookup["do_not_learn"].push_back(
         {.sai_action = P4_ACTION_SET_DO_NOT_LEARN, .p4_param_name = EMPTY_STRING});
     app_db_entry.action_field_lookup["set_vrf"].push_back({.sai_action = P4_ACTION_SET_VRF, .p4_param_name = "vrf"});
+    app_db_entry.action_field_lookup["set_metadata"].push_back(
+      {.sai_action = P4_ACTION_SET_ACL_META_DATA,
+       .p4_param_name = "acl_metadata"});
     app_db_entry.action_field_lookup["qos_queue"].push_back(
         {.sai_action = P4_ACTION_SET_QOS_QUEUE, .p4_param_name = "cpu_queue"});
 
+
+    // action/acl_rate_limit_copy = [
+    //   {"action":"SAI_PACKET_ACTION_FORWARD","packet_color":"SAI_PACKET_COLOR_GREEN"},
+    //   {"action":"SAI_PACKET_ACTION_COPY_CANCEL","packet_color":"SAI_PACKET_COLOR_YELLOW"},
+    //   {"action":"SAI_PACKET_ACTION_COPY_CANCEL","packet_color":"SAI_PACKET_COLOR_RED"},
+    //   {"action":"QOS_QUEUE","param":"qos_queue"}
+    // ]
+
+    app_db_entry.packet_action_color_lookup["acl_rate_limit_copy"].push_back(
+      {.packet_action = P4_PACKET_ACTION_FORWARD,
+       .packet_color = P4_PACKET_COLOR_GREEN});
+  app_db_entry.packet_action_color_lookup["acl_rate_limit_copy"].push_back(
+      {.packet_action = P4_PACKET_ACTION_COPY_CANCEL,
+       .packet_color = P4_PACKET_COLOR_YELLOW});
+  app_db_entry.packet_action_color_lookup["acl_rate_limit_copy"].push_back(
+      {.packet_action = P4_PACKET_ACTION_COPY_CANCEL,
+       .packet_color = P4_PACKET_COLOR_RED});
+  app_db_entry.action_field_lookup["acl_rate_limit_copy"].push_back(
+      {.sai_action = P4_ACTION_SET_QOS_QUEUE, .p4_param_name = "qos_queue"});
+
+
+    
     //   "action/acl_trap" = [
     //     {"action": "SAI_PACKET_ACTION_TRAP", "packet_color":
     //     "SAI_PACKET_COLOR_GREEN"},
@@ -2966,6 +2992,124 @@ TEST_F(AclManagerTest, AclRuleWithColorPacketActionsButNoRateLimit)
               acl_rule->action_fvs[SAI_ACL_ENTRY_ATTR_ACTION_SET_USER_TRAP_ID].aclaction.parameter.oid);
 }
 
+TEST_F(AclManagerTest, AclRuleWithColorPacketActionsButWithRateLimit) {
+  ASSERT_NO_FATAL_FAILURE(AddDefaultIngressTable());
+
+  // Create app_db_entry with color packet action, but no rate limit attributes
+  P4AclRuleAppDbEntry app_db_entry;
+  app_db_entry.acl_table_name = kAclIngressTableName;
+  app_db_entry.priority = 100;
+  // ACL rule match fields
+  app_db_entry.match_fvs["ether_type"] = "0x0800";
+  app_db_entry.match_fvs["ipv6_dst"] = "fdf8:f53b:82e4::53";
+  app_db_entry.match_fvs["ether_dst"] = "AA:BB:CC:DD:EE:FF";
+  app_db_entry.match_fvs["ether_src"] = "AA:BB:CC:DD:EE:FF";
+  app_db_entry.match_fvs["ipv6_next_header"] = "1";
+  app_db_entry.match_fvs["src_ipv6_64bit"] = "fdf8:f53b:82e4::";
+  app_db_entry.match_fvs["arp_tpa"] = "0xff112231";
+  app_db_entry.match_fvs["udf2"] = "0x9876 & 0xAAAA";
+  app_db_entry.db_key =
+      "ACL_PUNT_TABLE:{\"match/ether_type\": \"0x0800\",\"match/ipv6_dst\": "
+      "\"fdf8:f53b:82e4::53\",\"match/ether_dst\": \"AA:BB:CC:DD:EE:FF\", "
+      "\"match/ether_src\": \"AA:BB:CC:DD:EE:FF\", \"match/ipv6_next_header\": "
+      "\"1\", \"match/src_ipv6_64bit\": "
+      "\"fdf8:f53b:82e4::\",\"match/arp_tpa\": \"0xff112231\",\"match/udf2\": "
+      "\"0x9876 & 0xAAAA\",\"priority\":100}";
+
+  const auto& acl_rule_key =
+      KeyGenerator::generateAclRuleKey(app_db_entry.match_fvs, "100");
+
+  // Set user defined trap for QOS_QUEUE, and color packet actions in meter
+  int queue_num = 8;
+  app_db_entry.action = "acl_rate_limit_copy";
+  app_db_entry.action_param_fvs["qos_queue"] = std::to_string(queue_num);
+  // Install rule
+  EXPECT_CALL(mock_sai_acl_, create_acl_entry(_, _, _, _))
+      .WillOnce(DoAll(SetArgPointee<0>(kAclIngressRuleOid1),
+                      Return(SAI_STATUS_SUCCESS)));
+
+  EXPECT_CALL(mock_sai_acl_, create_acl_counter(_, _, _, _))
+      .WillOnce(Return(SAI_STATUS_SUCCESS));
+  EXPECT_CALL(
+      mock_sai_policer_,
+      create_policer(
+	  _, Eq(gSwitchId), Eq(9),
+          Truly(std::bind(MatchSaiPolicerAttribute, 9, SAI_METER_TYPE_PACKETS,
+                          SAI_PACKET_ACTION_FORWARD,
+			  SAI_PACKET_ACTION_COPY_CANCEL,
+			  SAI_PACKET_ACTION_COPY_CANCEL,
+                          0x7fffffff, 0x7fffffff, 0x7fffffff, 0x7fffffff,
+                          std::placeholders::_1))))
+      .WillOnce(
+          DoAll(SetArgPointee<0>(kAclMeterOid1), Return(SAI_STATUS_SUCCESS)));
+  EXPECT_EQ(StatusCode::SWSS_RC_SUCCESS,
+            ProcessAddRuleRequest(acl_rule_key, app_db_entry));
+  auto acl_rule = GetAclRule(kAclIngressTableName, acl_rule_key);
+  ASSERT_NE(nullptr, acl_rule);
+  // Check action field value
+  EXPECT_EQ(gUserDefinedTrapStartOid + queue_num - P4_CPU_QUEUE_MIN_NUM + 1,
+            acl_rule->action_fvs[SAI_ACL_ENTRY_ATTR_ACTION_SET_USER_TRAP_ID]
+                .aclaction.parameter.oid);
+}
+
+TEST_F(AclManagerTest, AclRuleWithMockedPacketAction) {
+  ASSERT_NO_FATAL_FAILURE(AddDefaultIngressTable());
+  auto app_db_entry = getDefaultAclRuleAppDbEntryWithoutAction();
+  const auto& acl_rule_key =
+      KeyGenerator::generateAclRuleKey(app_db_entry.match_fvs, "100");
+
+  // set packet action
+  app_db_entry.action = "set_packet_action";
+  app_db_entry.action_param_fvs["packet_action"] =
+      "SAI_PACKET_ACTION_COPY_CANCEL";
+
+  // Install rule
+  EXPECT_CALL(mock_sai_acl_, create_acl_entry(_, _, _, _))
+      .WillOnce(DoAll(SetArgPointee<0>(kAclIngressRuleOid1),
+                      Return(SAI_STATUS_SUCCESS)));
+  EXPECT_CALL(mock_sai_acl_, create_acl_counter(_, _, _, _))
+      .WillOnce(Return(SAI_STATUS_SUCCESS));
+  EXPECT_CALL(mock_sai_policer_, create_policer(_, _, _, _))
+      .WillOnce(
+          DoAll(SetArgPointee<0>(kAclMeterOid1), Return(SAI_STATUS_SUCCESS)));
+  EXPECT_EQ(StatusCode::SWSS_RC_SUCCESS,
+            ProcessAddRuleRequest(acl_rule_key, app_db_entry));
+  auto* acl_rule = GetAclRule(kAclIngressTableName, acl_rule_key);
+  ASSERT_NE(nullptr, acl_rule);
+
+  // Check action field value
+  EXPECT_EQ(SAI_PACKET_ACTION_COPY_CANCEL,
+            acl_rule->action_fvs[SAI_ACL_ENTRY_ATTR_ACTION_PACKET_ACTION]
+                .aclaction.parameter.s32);
+
+  // update packet action
+  app_db_entry.action_param_fvs["packet_action"] = "SAI_PACKET_ACTION_DENY";
+  EXPECT_CALL(mock_sai_acl_,
+              set_acl_entry_attribute(Eq(kAclIngressRuleOid1), _))
+      .WillOnce(Return(SAI_STATUS_SUCCESS));
+  EXPECT_EQ(StatusCode::SWSS_RC_SUCCESS,
+            ProcessUpdateRuleRequest(app_db_entry, *acl_rule));
+  acl_rule = GetAclRule(kAclIngressTableName, acl_rule_key);
+  ASSERT_NE(nullptr, acl_rule);
+
+  // Check action field value
+  EXPECT_EQ(SAI_PACKET_ACTION_DENY,
+            acl_rule->action_fvs[SAI_ACL_ENTRY_ATTR_ACTION_PACKET_ACTION]
+                .aclaction.parameter.s32);
+
+  // Remove rule
+  EXPECT_CALL(mock_sai_acl_, remove_acl_entry(Eq(kAclIngressRuleOid1)))
+      .WillOnce(Return(SAI_STATUS_SUCCESS));
+  EXPECT_CALL(mock_sai_acl_, remove_acl_counter(_))
+      .WillOnce(Return(SAI_STATUS_SUCCESS));
+  EXPECT_CALL(mock_sai_policer_, remove_policer(Eq(kAclMeterOid1)))
+      .WillOnce(Return(SAI_STATUS_SUCCESS));
+  EXPECT_EQ(StatusCode::SWSS_RC_SUCCESS,
+            ProcessDeleteRuleRequest(kAclIngressTableName, acl_rule_key));
+  EXPECT_EQ(nullptr, GetAclRule(kAclIngressTableName, acl_rule_key));
+}
+
+
 #pragma GCC diagnostic warning "-Wdisabled-optimization"
 
 TEST_F(AclManagerTest, AclRuleWithValidAction)
@@ -4293,7 +4437,7 @@ TEST_F(AclManagerTest, CreateAclRuleWithInvalidActionFails)
     app_db_entry.action_param_fvs.erase("target");
     // Invalid cpu queue number
     app_db_entry.action = "qos_queue";
-    app_db_entry.action_param_fvs["cpu_queue"] = "10";
+    app_db_entry.action_param_fvs["cpu_queue"] = "18";
     EXPECT_EQ(StatusCode::SWSS_RC_INVALID_PARAM, ProcessAddRuleRequest(acl_rule_key, app_db_entry));
     app_db_entry.action_param_fvs["cpu_queue"] = "invalid";
     EXPECT_EQ(StatusCode::SWSS_RC_INVALID_PARAM, ProcessAddRuleRequest(acl_rule_key, app_db_entry));
diff --git a/tests/p4rt/acl.py b/tests/p4rt/acl.py
@@ -42,6 +42,7 @@ class P4RtAclTableDefinitionWrapper(util.DBInterface):
     ACTION_COPY_AND_SET_TC = "action/copy_and_set_tc"
     ACTION_PUNT_AND_SET_TC = "action/punt_and_set_tc"
     ACTION_SET_QOS_QUEUE = "action/qos_queue"
+    ACTION_SET_ACL_RATE_LIMIT_COPY = "action/acl_rate_limit_copy"
     METER_UNIT = "meter/unit"
     COUNTER_UNIT = "counter/unit"
 
diff --git a/tests/p4rt/test_p4rt_acl.py b/tests/p4rt/test_p4rt_acl.py
@@ -176,6 +176,8 @@ def test_AclRulesAddUpdateDelPass(self, dvs, testlog):
         punt_and_set_tc = '[{"action":"SAI_PACKET_ACTION_TRAP","packet_color":"SAI_PACKET_COLOR_RED"},{"action":"SAI_ACL_ENTRY_ATTR_ACTION_SET_TC","param":"traffic_class"}]'
         qos_queue = '[{"action":"SAI_PACKET_ACTION_TRAP"},{"action":"QOS_QUEUE","param":"cpu_queue"}]'
 
+        acl_rate_limit_copy = '[{"action":"SAI_PACKET_ACTION_FORWARD","packet_color":"SAI_PACKET_COLOR_GREEN"},{"action":"SAI_PACKET_ACTION_COPY_CANCEL","packet_color":"SAI_PACKET_COLOR_YELLOW"},{"action":"SAI_PACKET_ACTION_COPY_CANCEL","packet_color":"SAI_PACKET_COLOR_RED"},{"action":"QOS_QUEUE","param":"qos_queue"}]'
+
         attr_list = [
             (self._p4rt_acl_table_definition_obj.STAGE_FIELD, stage),
             (self._p4rt_acl_table_definition_obj.PRIORITY_FIELD, priority),
@@ -201,6 +203,7 @@ def test_AclRulesAddUpdateDelPass(self, dvs, testlog):
                 punt_and_set_tc,
             ),
             (self._p4rt_acl_table_definition_obj.ACTION_SET_QOS_QUEUE, qos_queue),
+	    (self._p4rt_acl_table_definition_obj.ACTION_SET_ACL_RATE_LIMIT_COPY, acl_rate_limit_copy),
             (self._p4rt_acl_table_definition_obj.METER_UNIT, meter_unit),
             (self._p4rt_acl_table_definition_obj.COUNTER_UNIT, counter_unit),
         ]
@@ -1021,6 +1024,107 @@ def test_AclRulesAddUpdateDelPass(self, dvs, testlog):
         ]
         util.verify_attr(fvs, attr_list)
 
+	
+	  # update ACL rule 2 with acl_rate_limit_copy action
+        action = "acl_rate_limit_copy"
+
+        attr_list = [
+            (self._p4rt_acl_rule_obj.ACTION, action),
+            ("param/qos_queue", "7"),
+            (self._p4rt_acl_rule_obj.METER_CIR, meter_cir),
+            (self._p4rt_acl_rule_obj.METER_CBURST, meter_cbs),
+            (self._p4rt_acl_rule_obj.METER_PIR, meter_pir),
+            (self._p4rt_acl_rule_obj.METER_PBURST, meter_pbs),
+        ]
+
+        self._p4rt_acl_rule_obj.set_app_db_entry(
+            table_name_with_rule_key2, attr_list)
+        util.verify_response(
+            self.response_consumer,
+            table_name_with_rule_key2,
+            attr_list,
+            "SWSS_RC_SUCCESS",
+        )
+
+        # query application database for ACL rules
+        acl_rules = util.get_keys(
+            self._p4rt_acl_rule_obj.appl_db,
+            self._p4rt_acl_rule_obj.APP_DB_TBL_NAME + ":" + table_name,
+        )
+        assert len(acl_rules) == len(original_appl_acl_rules) + 3
+
+        # query application database for updated ACL rule
+        (status, fvs) = util.get_key(
+            self._p4rt_acl_rule_obj.appl_db,
+            self._p4rt_acl_table_definition_obj.APP_DB_TBL_NAME,
+            table_name_with_rule_key2,
+        )
+        assert status == True
+        util.verify_attr(fvs, attr_list)
+
+         # query ASIC database for updated ACL meter
+        (status, fvs) = util.get_key(
+            self._p4rt_acl_meter_obj.asic_db,
+            self._p4rt_acl_meter_obj.ASIC_DB_TBL_NAME,
+            meter_asic_db_key2,
+        )
+        assert status == True
+        attr_list = [
+            (
+                self._p4rt_acl_meter_obj.SAI_ATTR_GREEN_PACKET_ACTION,
+                "SAI_PACKET_ACTION_FORWARD",
+            ),
+            (
+                self._p4rt_acl_meter_obj.SAI_ATTR_YELLOW_PACKET_ACTION,
+                "SAI_PACKET_ACTION_COPY_CANCEL",
+            ),
+            (
+                self._p4rt_acl_meter_obj.SAI_ATTR_RED_PACKET_ACTION,
+                "SAI_PACKET_ACTION_COPY_CANCEL",
+            ),
+            (self._p4rt_acl_meter_obj.SAI_ATTR_METER_TYPE, "SAI_METER_TYPE_PACKETS"),
+            (self._p4rt_acl_meter_obj.SAI_ATTR_METER_MODE, "SAI_POLICER_MODE_TR_TCM"),
+            (self._p4rt_acl_meter_obj.SAI_ATTR_METER_CIR, meter_cir),
+            (self._p4rt_acl_meter_obj.SAI_ATTR_METER_CBS, meter_cbs),
+            (self._p4rt_acl_meter_obj.SAI_ATTR_METER_PIR, meter_pir),
+            (self._p4rt_acl_meter_obj.SAI_ATTR_METER_PBS, meter_pbs),
+        ]
+        util.verify_attr(fvs, attr_list)
+
+        # query ASIC database for updated ACL rule
+        (status, fvs) = util.get_key(
+            self._p4rt_acl_rule_obj.asic_db,
+            self._p4rt_acl_rule_obj.ASIC_DB_TBL_NAME,
+            rule_asic_db_key2,
+        )
+        assert status == True
+        attr_list = [
+            (
+                self._p4rt_acl_rule_obj.SAI_ATTR_ACTION_SET_USER_TRAP_ID,
+                user_trap_asic_db_key,
+            ),
+            (
+                self._p4rt_acl_rule_obj.SAI_ATTR_ACTION_PACKET_ACTION,
+                "disabled",
+            ),
+            (self._p4rt_acl_rule_obj.SAI_ATTR_MATCH_ETHER_TYPE, "2048&mask:0xffff"),
+            (
+                self._p4rt_acl_rule_obj.SAI_ATTR_MATCH_IP_TYPE,
+                "SAI_ACL_IP_TYPE_IP&mask:0xffffffffffffffff",
+            ),
+            (
+                self._p4rt_acl_rule_obj.SAI_ATTR_MATCH_DST_MAC,
+                "AA:BB:CC:DD:EE:FF&mask:FF:FF:FF:FF:FF:FF",
+            ),
+            (self._p4rt_acl_rule_obj.SAI_ATTR_TABLE_ID, table_asic_db_key),
+            (self._p4rt_acl_rule_obj.SAI_ATTR_SET_POLICER, meter_asic_db_key2),
+            (self._p4rt_acl_rule_obj.SAI_ATTR_COUNTER, counter_asic_db_key2),
+            (self._p4rt_acl_rule_obj.SAI_ATTR_ADMIN_STATE, "true"),
+            (self._p4rt_acl_rule_obj.SAI_ATTR_PRIORITY, "100"),
+        ]
+        util.verify_attr(fvs, attr_list)
+
+
         # remove ACL rule 3
         self._p4rt_acl_rule_obj.remove_app_db_entry(table_name_with_rule_key3)
         util.verify_response(
