Acl: source and destination match field data AND/OR clarification

[steliosp-arista]

Hello,

I would like to clarify if both source-mac/source-address/source-port and destination-mac/destination-address/destination-port
are defined, are packets filtered if both fields match or if any match?

For example, if /acl/acl-set/acl-entries/acl-entry/transport/config/source-port=10, /acl/acl-set/acl-entries/acl-entry/transport/config/source-port/destination-port=20, should this match packets with

1. source-port=10 AND source-port=20
   OR
2. source-port=10 OR source-port=20

[dplore]

Hi, the intent derived from the description of processing rules in order is:
Separate entries == OR
Because if there is no match, processing proceeds to the next entry.

By deduction, that leaves us with
Single entry == AND

I see this is not explicitly called out in the description though. I'll raise a PR to clarify.

[dplore]

Reviewed in Nov 5, 2024 OC operator meeting. It was mentioned that /acl/acl-sets/acl-set/acl-entries/acl-entry/transport/config/(source,destination)-port-set can also be used to achieve "OR" functionality in a single entry.