diff options
author | Marek Gradzki <mgradzki@cisco.com> | 2018-04-18 08:19:36 +0200 |
---|---|---|
committer | Marek Gradzki <mgradzki@cisco.com> | 2018-05-02 10:00:35 +0000 |
commit | 9f9d2614ff5bd0d2a1729d1793a9bd6ca3def717 (patch) | |
tree | ef26ca2c2b20f58b77244f8dafec75a5f3346e2d /examples/ncclient/acl | |
parent | 52ca7c2e86cf982bf1cd4aaea8869555fea0aa4a (diff) |
HC2VPP-313: <copy-config> examples using nnclient library
Shows how to configure VPP using nnclient library.
Requires following changes to ODL Netconf (HC2VPP-312):
- <copy-config> support:
https://git.opendaylight.org/gerrit/#/c/69606/
- various fixes to make ODL Netconf compatible with nnclient:
https://git.opendaylight.org/gerrit/#/c/71181/
and ncclient library with the following change:
https://github.com/marekgr/ncclient/commit/fbc31b06daf114c11dcb6bf1bcfac9127b2e0062
Change-Id: I3dceb8ead6e6f558a3c76f6c1c3b0ba5f7c52f93
Signed-off-by: Marek Gradzki <mgradzki@cisco.com>
(cherry picked from commit 2e96f3423a2619cd2aa9d188de513723416c15e6)
Diffstat (limited to 'examples/ncclient/acl')
-rw-r--r-- | examples/ncclient/acl/copy_config_acl.xml | 182 | ||||
-rw-r--r-- | examples/ncclient/acl/copy_config_acl_update.xml | 209 | ||||
-rw-r--r-- | examples/ncclient/acl/expected_config_acl.xml | 183 | ||||
-rw-r--r-- | examples/ncclient/acl/expected_config_acl_update.xml | 209 | ||||
-rwxr-xr-x | examples/ncclient/acl/test_acl.sh | 18 | ||||
-rwxr-xr-x | examples/ncclient/acl/test_acl_update.sh | 20 |
6 files changed, 821 insertions, 0 deletions
diff --git a/examples/ncclient/acl/copy_config_acl.xml b/examples/ncclient/acl/copy_config_acl.xml new file mode 100644 index 000000000..d2177d643 --- /dev/null +++ b/examples/ncclient/acl/copy_config_acl.xml @@ -0,0 +1,182 @@ +<!-- + ~ Copyright (c) 2018 Cisco Systems, Inc. and others. All rights reserved. + ~ + ~ This program and the accompanying materials are made available under the + ~ terms of the Eclipse Public License v1.0 which accompanies this distribution, + ~ and is available at http://www.eclipse.org/legal/epl-v10.html + --> +<config> + <nat-config xmlns="urn:ietf:params:xml:ns:yang:ietf-nat"> + <nat-instances> + <nat-instance> + <id>0</id> + </nat-instance> + </nat-instances> + </nat-config> + <interfaces xmlns="urn:ietf:params:xml:ns:yang:ietf-interfaces"> + <interface> + <name>local0</name> + <type xmlns:x="urn:ietf:params:xml:ns:yang:iana-if-type">x:ethernetCsmacd</type> + <enabled>false</enabled> + </interface> + <interface> + <name>loop1</name> + <description>for testing purposes</description> + <type xmlns:x="urn:opendaylight:params:xml:ns:yang:v3po">x:loopback</type> + <loopback xmlns="urn:opendaylight:params:xml:ns:yang:v3po"> + <mac>00:ff:ff:ff:ff:ff</mac> + </loopback> + <acl xmlns="urn:opendaylight:params:xml:ns:yang:interface:acl"> + <ingress> + <vpp-acls> + <type xmlns:x="urn:opendaylight:params:xml:ns:yang:vpp:acl">x:vpp-acl</type> + <name>tcp-acl</name> + </vpp-acls> + <vpp-acls> + <type xmlns:x="urn:opendaylight:params:xml:ns:yang:vpp:acl">x:vpp-acl</type> + <name>udp-acl</name> + </vpp-acls> + <vpp-macip-acl> + <type xmlns:x="urn:opendaylight:params:xml:ns:yang:vpp:acl">x:vpp-macip-acl</type> + <name>macip-acl</name> + </vpp-macip-acl> + </ingress> + </acl> + </interface> + </interfaces> + <access-lists xmlns="urn:ietf:params:xml:ns:yang:ietf-access-control-list"> + <acl> + <acl-name>macip-acl</acl-name> + <acl-type xmlns:x="urn:opendaylight:params:xml:ns:yang:vpp:acl">x:vpp-macip-acl</acl-type> + <access-list-entries> + <ace> + <rule-name>macip-rule</rule-name> + <matches> + <vpp-macip-ace-nodes xmlns="urn:opendaylight:params:xml:ns:yang:vpp:acl"> + <source-ipv4-network>192.168.2.2/32</source-ipv4-network> + <source-mac-address>aa:aa:aa:aa:aa:aa</source-mac-address> + <source-mac-address-mask>ff:00:00:00:00:00</source-mac-address-mask> + </vpp-macip-ace-nodes> + </matches> + <actions> + <permit/> + </actions> + </ace> + </access-list-entries> + </acl> + <acl> + <acl-name>icmp-v6-acl</acl-name> + <acl-type xmlns:x="urn:opendaylight:params:xml:ns:yang:vpp:acl">x:vpp-acl</acl-type> + <access-list-entries> + <ace> + <rule-name>imcp-v6-rule</rule-name> + <matches> + <vpp-ace-nodes xmlns="urn:opendaylight:params:xml:ns:yang:vpp:acl"> + <destination-ipv6-network>2001:0db8:0a0b:12f0:0000:0000:0000:0001/64</destination-ipv6-network> + <source-ipv6-network>2001:0db8:0a0b:12f0:0000:0000:0000:0002/48</source-ipv6-network> + <icmp-v6-nodes> + <icmp-type-range> + <last>8</last> + <first>5</first> + </icmp-type-range> + <icmp-code-range> + <last>3</last> + <first>1</first> + </icmp-code-range> + </icmp-v6-nodes> + </vpp-ace-nodes> + </matches> + <actions> + <permit/> + </actions> + </ace> + </access-list-entries> + </acl> + <acl> + <acl-name>udp-acl</acl-name> + <acl-type xmlns:x="urn:opendaylight:params:xml:ns:yang:vpp:acl">x:vpp-acl</acl-type> + <access-list-entries> + <ace> + <rule-name>udp-rule</rule-name> + <matches> + <vpp-ace-nodes xmlns="urn:opendaylight:params:xml:ns:yang:vpp:acl"> + <destination-ipv4-network>192.168.2.1/24</destination-ipv4-network> + <source-ipv4-network>192.168.2.2/32</source-ipv4-network> + <udp-nodes> + <source-port-range> + <upper-port>5487</upper-port> + <lower-port>1</lower-port> + </source-port-range> + <destination-port-range> + <upper-port>6745</upper-port> + <lower-port>87</lower-port> + </destination-port-range> + </udp-nodes> + </vpp-ace-nodes> + </matches> + <actions> + <permit/> + </actions> + </ace> + </access-list-entries> + </acl> + <acl> + <acl-name>tcp-acl</acl-name> + <acl-type xmlns:x="urn:opendaylight:params:xml:ns:yang:vpp:acl">x:vpp-acl</acl-type> + <access-list-entries> + <ace> + <rule-name>tcp-rule</rule-name> + <matches> + <vpp-ace-nodes xmlns="urn:opendaylight:params:xml:ns:yang:vpp:acl"> + <destination-ipv4-network>192.168.2.1/24</destination-ipv4-network> + <source-ipv4-network>192.168.2.2/32</source-ipv4-network> + <tcp-nodes> + <source-port-range> + <upper-port>5487</upper-port> + <lower-port>1</lower-port> + </source-port-range> + <destination-port-range> + <upper-port>6745</upper-port> + <lower-port>87</lower-port> + </destination-port-range> + <tcp-flags-mask>1</tcp-flags-mask> + <tcp-flags-value>7</tcp-flags-value> + </tcp-nodes> + </vpp-ace-nodes> + </matches> + <actions> + <permit/> + </actions> + </ace> + </access-list-entries> + </acl> + <acl> + <acl-name>icmp-acl</acl-name> + <acl-type xmlns:x="urn:opendaylight:params:xml:ns:yang:vpp:acl">x:vpp-acl</acl-type> + <access-list-entries> + <ace> + <rule-name>imcp-rule</rule-name> + <matches> + <vpp-ace-nodes xmlns="urn:opendaylight:params:xml:ns:yang:vpp:acl"> + <destination-ipv4-network>192.168.2.1/24</destination-ipv4-network> + <source-ipv4-network>192.168.2.2/32</source-ipv4-network> + <icmp-nodes> + <icmp-type-range> + <last>8</last> + <first>5</first> + </icmp-type-range> + <icmp-code-range> + <last>3</last> + <first>1</first> + </icmp-code-range> + </icmp-nodes> + </vpp-ace-nodes> + </matches> + <actions> + <permit/> + </actions> + </ace> + </access-list-entries> + </acl> + </access-lists> +</config> diff --git a/examples/ncclient/acl/copy_config_acl_update.xml b/examples/ncclient/acl/copy_config_acl_update.xml new file mode 100644 index 000000000..1a30ece94 --- /dev/null +++ b/examples/ncclient/acl/copy_config_acl_update.xml @@ -0,0 +1,209 @@ +<!-- + ~ Copyright (c) 2018 Cisco Systems, Inc. and others. All rights reserved. + ~ + ~ This program and the accompanying materials are made available under the + ~ terms of the Eclipse Public License v1.0 which accompanies this distribution, + ~ and is available at http://www.eclipse.org/legal/epl-v10.html + --> +<config> + <nat-config xmlns="urn:ietf:params:xml:ns:yang:ietf-nat"> + <nat-instances> + <nat-instance> + <id>0</id> + </nat-instance> + </nat-instances> + </nat-config> + <interfaces xmlns="urn:ietf:params:xml:ns:yang:ietf-interfaces"> + <interface> + <name>local0</name> + <type xmlns:x="urn:ietf:params:xml:ns:yang:iana-if-type">x:ethernetCsmacd</type> + <enabled>false</enabled> + </interface> + <interface> + <name>loop1</name> + <description>for testing purposes</description> + <type xmlns:x="urn:opendaylight:params:xml:ns:yang:v3po">x:loopback</type> + <loopback xmlns="urn:opendaylight:params:xml:ns:yang:v3po"> + <mac>00:ff:ff:ff:ff:ff</mac> + </loopback> + <acl xmlns="urn:opendaylight:params:xml:ns:yang:interface:acl"> + <ingress> + <vpp-macip-acl> + <type xmlns:x="urn:opendaylight:params:xml:ns:yang:vpp:acl">x:vpp-macip-acl</type> + <name>macip-acl</name> + </vpp-macip-acl> + </ingress> + </acl> + </interface> + <interface> + <name>loop2</name> + <description>for testing purposes</description> + <type xmlns:x="urn:opendaylight:params:xml:ns:yang:v3po">x:loopback</type> + <loopback xmlns="urn:opendaylight:params:xml:ns:yang:v3po"> + <mac>aa:ff:ff:ff:ff:ff</mac> + </loopback> + <acl xmlns="urn:opendaylight:params:xml:ns:yang:interface:acl"> + <ingress> + <vpp-acls> + <type xmlns:x="urn:opendaylight:params:xml:ns:yang:vpp:acl">x:vpp-acl</type> + <name>tcp-acl2</name> + </vpp-acls> + <vpp-acls> + <type xmlns:x="urn:opendaylight:params:xml:ns:yang:vpp:acl">x:vpp-acl</type> + <name>udp-acl</name> + </vpp-acls> + </ingress> + </acl> + </interface> + </interfaces> + <access-lists xmlns="urn:ietf:params:xml:ns:yang:ietf-access-control-list"> + <acl> + <acl-name>macip-acl</acl-name> + <acl-type xmlns:x="urn:opendaylight:params:xml:ns:yang:vpp:acl">x:vpp-macip-acl</acl-type> + <access-list-entries> + <ace> + <rule-name>macip-rule</rule-name> + <matches> + <vpp-macip-ace-nodes xmlns="urn:opendaylight:params:xml:ns:yang:vpp:acl"> + <source-ipv4-network>192.168.2.2/32</source-ipv4-network> + <source-mac-address>aa:aa:aa:aa:aa:aa</source-mac-address> + <source-mac-address-mask>ff:00:00:00:00:00</source-mac-address-mask> + </vpp-macip-ace-nodes> + </matches> + <actions> + <permit/> + </actions> + </ace> + </access-list-entries> + </acl> + <acl> + <acl-name>icmp-v6-acl</acl-name> + <acl-type xmlns:x="urn:opendaylight:params:xml:ns:yang:vpp:acl">x:vpp-acl</acl-type> + <access-list-entries> + <ace> + <rule-name>imcp-v6-rule</rule-name> + <matches> + <vpp-ace-nodes xmlns="urn:opendaylight:params:xml:ns:yang:vpp:acl"> + <destination-ipv6-network>2001:0db8:0a0b:12f0:0000:0000:0000:0001/64 + </destination-ipv6-network> + <source-ipv6-network>2001:0db8:0a0b:12f0:0000:0000:0000:0002/48</source-ipv6-network> + <icmp-v6-nodes> + <icmp-type-range> + <last>8</last> + <first>5</first> + </icmp-type-range> + <icmp-code-range> + <last>3</last> + <first>1</first> + </icmp-code-range> + </icmp-v6-nodes> + </vpp-ace-nodes> + </matches> + <actions> + <permit/> + </actions> + </ace> + </access-list-entries> + </acl> + <acl> + <acl-name>udp-acl</acl-name> + <acl-type xmlns:x="urn:opendaylight:params:xml:ns:yang:vpp:acl">x:vpp-acl</acl-type> + <access-list-entries> + <ace> + <rule-name>udp-rule</rule-name> + <matches> + <vpp-ace-nodes xmlns="urn:opendaylight:params:xml:ns:yang:vpp:acl"> + <destination-ipv4-network>192.168.2.1/24</destination-ipv4-network> + <source-ipv4-network>192.168.2.2/32</source-ipv4-network> + <udp-nodes> + <source-port-range> + <upper-port>5486</upper-port> + <lower-port>11</lower-port> + </source-port-range> + </udp-nodes> + </vpp-ace-nodes> + </matches> + <actions> + <permit/> + </actions> + </ace> + </access-list-entries> + </acl> + <acl> + <acl-name>tcp-acl2</acl-name> + <acl-type xmlns:x="urn:opendaylight:params:xml:ns:yang:vpp:acl">x:vpp-acl</acl-type> + <access-list-entries> + <ace> + <rule-name>tcp-rule</rule-name> + <matches> + <vpp-ace-nodes xmlns="urn:opendaylight:params:xml:ns:yang:vpp:acl"> + <destination-ipv4-network>192.168.2.1/24</destination-ipv4-network> + <source-ipv4-network>192.168.2.2/32</source-ipv4-network> + <tcp-nodes> + <source-port-range> + <upper-port>5487</upper-port> + <lower-port>1</lower-port> + </source-port-range> + <destination-port-range> + <upper-port>6745</upper-port> + <lower-port>87</lower-port> + </destination-port-range> + <tcp-flags-mask>1</tcp-flags-mask> + <tcp-flags-value>7</tcp-flags-value> + </tcp-nodes> + </vpp-ace-nodes> + </matches> + <actions> + <permit/> + </actions> + </ace> + </access-list-entries> + </acl> + <acl> + <acl-name>icmp-acl</acl-name> + <acl-type xmlns:x="urn:opendaylight:params:xml:ns:yang:vpp:acl">x:vpp-acl</acl-type> + <access-list-entries> + <ace> + <rule-name>renamed-imcp-rule</rule-name> + <matches> + <vpp-ace-nodes xmlns="urn:opendaylight:params:xml:ns:yang:vpp:acl"> + <destination-ipv4-network>192.168.2.1/24</destination-ipv4-network> + <source-ipv4-network>192.168.2.2/32</source-ipv4-network> + <icmp-nodes> + <icmp-type-range> + <last>8</last> + <first>5</first> + </icmp-type-range> + <icmp-code-range> + <last>3</last> + <first>1</first> + </icmp-code-range> + </icmp-nodes> + </vpp-ace-nodes> + </matches> + <actions> + <permit/> + </actions> + </ace> + <ace> + <rule-name>new-icmp-rule</rule-name> + <matches> + <vpp-ace-nodes xmlns="urn:opendaylight:params:xml:ns:yang:vpp:acl"> + <destination-ipv4-network>10.1.1.1/24</destination-ipv4-network> + <source-ipv4-network>10.2.2.2/32</source-ipv4-network> + <icmp-nodes> + <icmp-type-range> + <first>4</first> + <last>9</last> + </icmp-type-range> + </icmp-nodes> + </vpp-ace-nodes> + </matches> + <actions> + <permit/> + </actions> + </ace> + </access-list-entries> + </acl> + </access-lists> +</config> diff --git a/examples/ncclient/acl/expected_config_acl.xml b/examples/ncclient/acl/expected_config_acl.xml new file mode 100644 index 000000000..735e0f43d --- /dev/null +++ b/examples/ncclient/acl/expected_config_acl.xml @@ -0,0 +1,183 @@ +<!-- + ~ Copyright (c) 2018 Cisco Systems, Inc. and others. All rights reserved. + ~ + ~ This program and the accompanying materials are made available under the + ~ terms of the Eclipse Public License v1.0 which accompanies this distribution, + ~ and is available at http://www.eclipse.org/legal/epl-v10.html + --> +<data xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> + <nat-config xmlns="urn:ietf:params:xml:ns:yang:ietf-nat"> + <nat-instances> + <nat-instance> + <id>0</id> + </nat-instance> + </nat-instances> + </nat-config> + <interfaces xmlns="urn:ietf:params:xml:ns:yang:ietf-interfaces"> + <interface> + <name>local0</name> + <type xmlns:x="urn:ietf:params:xml:ns:yang:iana-if-type">x:ethernetCsmacd</type> + <enabled>false</enabled> + </interface> + <interface> + <name>loop1</name> + <description>for testing purposes</description> + <type xmlns:x="urn:opendaylight:params:xml:ns:yang:v3po">x:loopback</type> + <loopback xmlns="urn:opendaylight:params:xml:ns:yang:v3po"> + <mac>00:ff:ff:ff:ff:ff</mac> + </loopback> + <acl xmlns="urn:opendaylight:params:xml:ns:yang:interface:acl"> + <ingress> + <vpp-acls> + <type xmlns:x="urn:opendaylight:params:xml:ns:yang:vpp:acl">x:vpp-acl</type> + <name>tcp-acl</name> + </vpp-acls> + <vpp-acls> + <type xmlns:x="urn:opendaylight:params:xml:ns:yang:vpp:acl">x:vpp-acl</type> + <name>udp-acl</name> + </vpp-acls> + <vpp-macip-acl> + <type xmlns:x="urn:opendaylight:params:xml:ns:yang:vpp:acl">x:vpp-macip-acl</type> + <name>macip-acl</name> + </vpp-macip-acl> + </ingress> + </acl> + </interface> + </interfaces> + <access-lists xmlns="urn:ietf:params:xml:ns:yang:ietf-access-control-list"> + <acl> + <acl-name>macip-acl</acl-name> + <acl-type xmlns:x="urn:opendaylight:params:xml:ns:yang:vpp:acl">x:vpp-macip-acl</acl-type> + <access-list-entries> + <ace> + <rule-name>macip-rule</rule-name> + <matches> + <vpp-macip-ace-nodes xmlns="urn:opendaylight:params:xml:ns:yang:vpp:acl"> + <source-ipv4-network>192.168.2.2/32</source-ipv4-network> + <source-mac-address>aa:aa:aa:aa:aa:aa</source-mac-address> + <source-mac-address-mask>ff:00:00:00:00:00</source-mac-address-mask> + </vpp-macip-ace-nodes> + </matches> + <actions> + <permit/> + </actions> + </ace> + </access-list-entries> + </acl> + <acl> + <acl-name>icmp-v6-acl</acl-name> + <acl-type xmlns:x="urn:opendaylight:params:xml:ns:yang:vpp:acl">x:vpp-acl</acl-type> + <access-list-entries> + <ace> + <rule-name>imcp-v6-rule</rule-name> + <matches> + <vpp-ace-nodes xmlns="urn:opendaylight:params:xml:ns:yang:vpp:acl"> + <destination-ipv6-network>2001:0db8:0a0b:12f0:0000:0000:0000:0001/64 + </destination-ipv6-network> + <source-ipv6-network>2001:0db8:0a0b:12f0:0000:0000:0000:0002/48</source-ipv6-network> + <icmp-v6-nodes> + <icmp-type-range> + <last>8</last> + <first>5</first> + </icmp-type-range> + <icmp-code-range> + <last>3</last> + <first>1</first> + </icmp-code-range> + </icmp-v6-nodes> + </vpp-ace-nodes> + </matches> + <actions> + <permit/> + </actions> + </ace> + </access-list-entries> + </acl> + <acl> + <acl-name>udp-acl</acl-name> + <acl-type xmlns:x="urn:opendaylight:params:xml:ns:yang:vpp:acl">x:vpp-acl</acl-type> + <access-list-entries> + <ace> + <rule-name>udp-rule</rule-name> + <matches> + <vpp-ace-nodes xmlns="urn:opendaylight:params:xml:ns:yang:vpp:acl"> + <destination-ipv4-network>192.168.2.1/24</destination-ipv4-network> + <source-ipv4-network>192.168.2.2/32</source-ipv4-network> + <udp-nodes> + <source-port-range> + <upper-port>5487</upper-port> + <lower-port>1</lower-port> + </source-port-range> + <destination-port-range> + <upper-port>6745</upper-port> + <lower-port>87</lower-port> + </destination-port-range> + </udp-nodes> + </vpp-ace-nodes> + </matches> + <actions> + <permit/> + </actions> + </ace> + </access-list-entries> + </acl> + <acl> + <acl-name>tcp-acl</acl-name> + <acl-type xmlns:x="urn:opendaylight:params:xml:ns:yang:vpp:acl">x:vpp-acl</acl-type> + <access-list-entries> + <ace> + <rule-name>tcp-rule</rule-name> + <matches> + <vpp-ace-nodes xmlns="urn:opendaylight:params:xml:ns:yang:vpp:acl"> + <destination-ipv4-network>192.168.2.1/24</destination-ipv4-network> + <source-ipv4-network>192.168.2.2/32</source-ipv4-network> + <tcp-nodes> + <source-port-range> + <upper-port>5487</upper-port> + <lower-port>1</lower-port> + </source-port-range> + <destination-port-range> + <upper-port>6745</upper-port> + <lower-port>87</lower-port> + </destination-port-range> + <tcp-flags-mask>1</tcp-flags-mask> + <tcp-flags-value>7</tcp-flags-value> + </tcp-nodes> + </vpp-ace-nodes> + </matches> + <actions> + <permit/> + </actions> + </ace> + </access-list-entries> + </acl> + <acl> + <acl-name>icmp-acl</acl-name> + <acl-type xmlns:x="urn:opendaylight:params:xml:ns:yang:vpp:acl">x:vpp-acl</acl-type> + <access-list-entries> + <ace> + <rule-name>imcp-rule</rule-name> + <matches> + <vpp-ace-nodes xmlns="urn:opendaylight:params:xml:ns:yang:vpp:acl"> + <destination-ipv4-network>192.168.2.1/24</destination-ipv4-network> + <source-ipv4-network>192.168.2.2/32</source-ipv4-network> + <icmp-nodes> + <icmp-type-range> + <last>8</last> + <first>5</first> + </icmp-type-range> + <icmp-code-range> + <last>3</last> + <first>1</first> + </icmp-code-range> + </icmp-nodes> + </vpp-ace-nodes> + </matches> + <actions> + <permit/> + </actions> + </ace> + </access-list-entries> + </acl> + </access-lists> +</data> diff --git a/examples/ncclient/acl/expected_config_acl_update.xml b/examples/ncclient/acl/expected_config_acl_update.xml new file mode 100644 index 000000000..17f76ff69 --- /dev/null +++ b/examples/ncclient/acl/expected_config_acl_update.xml @@ -0,0 +1,209 @@ +<!-- + ~ Copyright (c) 2018 Cisco Systems, Inc. and others. All rights reserved. + ~ + ~ This program and the accompanying materials are made available under the + ~ terms of the Eclipse Public License v1.0 which accompanies this distribution, + ~ and is available at http://www.eclipse.org/legal/epl-v10.html + --> +<data xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> + <nat-config xmlns="urn:ietf:params:xml:ns:yang:ietf-nat"> + <nat-instances> + <nat-instance> + <id>0</id> + </nat-instance> + </nat-instances> + </nat-config> + <interfaces xmlns="urn:ietf:params:xml:ns:yang:ietf-interfaces"> + <interface> + <name>local0</name> + <type xmlns:x="urn:ietf:params:xml:ns:yang:iana-if-type">x:ethernetCsmacd</type> + <enabled>false</enabled> + </interface> + <interface> + <name>loop1</name> + <description>for testing purposes</description> + <type xmlns:x="urn:opendaylight:params:xml:ns:yang:v3po">x:loopback</type> + <loopback xmlns="urn:opendaylight:params:xml:ns:yang:v3po"> + <mac>00:ff:ff:ff:ff:ff</mac> + </loopback> + <acl xmlns="urn:opendaylight:params:xml:ns:yang:interface:acl"> + <ingress> + <vpp-macip-acl> + <type xmlns:x="urn:opendaylight:params:xml:ns:yang:vpp:acl">x:vpp-macip-acl</type> + <name>macip-acl</name> + </vpp-macip-acl> + </ingress> + </acl> + </interface> + <interface> + <name>loop2</name> + <description>for testing purposes</description> + <type xmlns:x="urn:opendaylight:params:xml:ns:yang:v3po">x:loopback</type> + <loopback xmlns="urn:opendaylight:params:xml:ns:yang:v3po"> + <mac>aa:ff:ff:ff:ff:ff</mac> + </loopback> + <acl xmlns="urn:opendaylight:params:xml:ns:yang:interface:acl"> + <ingress> + <vpp-acls> + <type xmlns:x="urn:opendaylight:params:xml:ns:yang:vpp:acl">x:vpp-acl</type> + <name>tcp-acl2</name> + </vpp-acls> + <vpp-acls> + <type xmlns:x="urn:opendaylight:params:xml:ns:yang:vpp:acl">x:vpp-acl</type> + <name>udp-acl</name> + </vpp-acls> + </ingress> + </acl> + </interface> + </interfaces> + <access-lists xmlns="urn:ietf:params:xml:ns:yang:ietf-access-control-list"> + <acl> + <acl-name>macip-acl</acl-name> + <acl-type xmlns:x="urn:opendaylight:params:xml:ns:yang:vpp:acl">x:vpp-macip-acl</acl-type> + <access-list-entries> + <ace> + <rule-name>macip-rule</rule-name> + <matches> + <vpp-macip-ace-nodes xmlns="urn:opendaylight:params:xml:ns:yang:vpp:acl"> + <source-ipv4-network>192.168.2.2/32</source-ipv4-network> + <source-mac-address>aa:aa:aa:aa:aa:aa</source-mac-address> + <source-mac-address-mask>ff:00:00:00:00:00</source-mac-address-mask> + </vpp-macip-ace-nodes> + </matches> + <actions> + <permit/> + </actions> + </ace> + </access-list-entries> + </acl> + <acl> + <acl-name>icmp-v6-acl</acl-name> + <acl-type xmlns:x="urn:opendaylight:params:xml:ns:yang:vpp:acl">x:vpp-acl</acl-type> + <access-list-entries> + <ace> + <rule-name>imcp-v6-rule</rule-name> + <matches> + <vpp-ace-nodes xmlns="urn:opendaylight:params:xml:ns:yang:vpp:acl"> + <destination-ipv6-network>2001:0db8:0a0b:12f0:0000:0000:0000:0001/64 + </destination-ipv6-network> + <source-ipv6-network>2001:0db8:0a0b:12f0:0000:0000:0000:0002/48</source-ipv6-network> + <icmp-v6-nodes> + <icmp-type-range> + <last>8</last> + <first>5</first> + </icmp-type-range> + <icmp-code-range> + <last>3</last> + <first>1</first> + </icmp-code-range> + </icmp-v6-nodes> + </vpp-ace-nodes> + </matches> + <actions> + <permit/> + </actions> + </ace> + </access-list-entries> + </acl> + <acl> + <acl-name>udp-acl</acl-name> + <acl-type xmlns:x="urn:opendaylight:params:xml:ns:yang:vpp:acl">x:vpp-acl</acl-type> + <access-list-entries> + <ace> + <rule-name>udp-rule</rule-name> + <matches> + <vpp-ace-nodes xmlns="urn:opendaylight:params:xml:ns:yang:vpp:acl"> + <destination-ipv4-network>192.168.2.1/24</destination-ipv4-network> + <source-ipv4-network>192.168.2.2/32</source-ipv4-network> + <udp-nodes> + <source-port-range> + <upper-port>5486</upper-port> + <lower-port>11</lower-port> + </source-port-range> + </udp-nodes> + </vpp-ace-nodes> + </matches> + <actions> + <permit/> + </actions> + </ace> + </access-list-entries> + </acl> + <acl> + <acl-name>tcp-acl2</acl-name> + <acl-type xmlns:x="urn:opendaylight:params:xml:ns:yang:vpp:acl">x:vpp-acl</acl-type> + <access-list-entries> + <ace> + <rule-name>tcp-rule</rule-name> + <matches> + <vpp-ace-nodes xmlns="urn:opendaylight:params:xml:ns:yang:vpp:acl"> + <destination-ipv4-network>192.168.2.1/24</destination-ipv4-network> + <source-ipv4-network>192.168.2.2/32</source-ipv4-network> + <tcp-nodes> + <source-port-range> + <upper-port>5487</upper-port> + <lower-port>1</lower-port> + </source-port-range> + <destination-port-range> + <upper-port>6745</upper-port> + <lower-port>87</lower-port> + </destination-port-range> + <tcp-flags-mask>1</tcp-flags-mask> + <tcp-flags-value>7</tcp-flags-value> + </tcp-nodes> + </vpp-ace-nodes> + </matches> + <actions> + <permit/> + </actions> + </ace> + </access-list-entries> + </acl> + <acl> + <acl-name>icmp-acl</acl-name> + <acl-type xmlns:x="urn:opendaylight:params:xml:ns:yang:vpp:acl">x:vpp-acl</acl-type> + <access-list-entries> + <ace> + <rule-name>renamed-imcp-rule</rule-name> + <matches> + <vpp-ace-nodes xmlns="urn:opendaylight:params:xml:ns:yang:vpp:acl"> + <destination-ipv4-network>192.168.2.1/24</destination-ipv4-network> + <source-ipv4-network>192.168.2.2/32</source-ipv4-network> + <icmp-nodes> + <icmp-type-range> + <last>8</last> + <first>5</first> + </icmp-type-range> + <icmp-code-range> + <last>3</last> + <first>1</first> + </icmp-code-range> + </icmp-nodes> + </vpp-ace-nodes> + </matches> + <actions> + <permit/> + </actions> + </ace> + <ace> + <rule-name>new-icmp-rule</rule-name> + <matches> + <vpp-ace-nodes xmlns="urn:opendaylight:params:xml:ns:yang:vpp:acl"> + <destination-ipv4-network>10.1.1.1/24</destination-ipv4-network> + <source-ipv4-network>10.2.2.2/32</source-ipv4-network> + <icmp-nodes> + <icmp-type-range> + <first>4</first> + <last>9</last> + </icmp-type-range> + </icmp-nodes> + </vpp-ace-nodes> + </matches> + <actions> + <permit/> + </actions> + </ace> + </access-list-entries> + </acl> + </access-lists> +</data> diff --git a/examples/ncclient/acl/test_acl.sh b/examples/ncclient/acl/test_acl.sh new file mode 100755 index 000000000..aedb842af --- /dev/null +++ b/examples/ncclient/acl/test_acl.sh @@ -0,0 +1,18 @@ +#!/bin/bash +# +# Copyright (c) 2018 Cisco and/or its affiliates. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at: +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +DIR_NAME=$(dirname $0) + +${DIR_NAME}/../test_copy_config.sh ${DIR_NAME}/copy_config_acl.xml ${DIR_NAME}/expected_config_acl.xml diff --git a/examples/ncclient/acl/test_acl_update.sh b/examples/ncclient/acl/test_acl_update.sh new file mode 100755 index 000000000..6dedbfeaa --- /dev/null +++ b/examples/ncclient/acl/test_acl_update.sh @@ -0,0 +1,20 @@ +#!/bin/bash +# +# Copyright (c) 2018 Cisco and/or its affiliates. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at: +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +DIR_NAME=$(dirname $0) + +${DIR_NAME}/../test_copy_config.sh ${DIR_NAME}/copy_config_acl.xml ${DIR_NAME}/expected_config_acl.xml + +${DIR_NAME}/../test_copy_config.sh ${DIR_NAME}/copy_config_acl_update.xml ${DIR_NAME}/expected_config_acl_update.xml |