diff options
author | Marek Gradzki <mgradzki@cisco.com> | 2016-10-10 13:18:01 +0200 |
---|---|---|
committer | Marek Gradzki <mgradzki@cisco.com> | 2016-10-10 17:29:45 +0200 |
commit | c45625102fae94f34e53ebba1d039af4059cb6fc (patch) | |
tree | 08b07ecfd5de10d1f7168c4662c7c3a00c743e76 /v3po/api/src/main/yang/v3po.yang | |
parent | 8f6c292af0821fd8a8e8d80aea0e9cf97447a747 (diff) |
Move interface acls to separate yang module
Change-Id: Ia11eacababd62f719e23af5b64b19c5227d56a45
Signed-off-by: Marek Gradzki <mgradzki@cisco.com>
Diffstat (limited to 'v3po/api/src/main/yang/v3po.yang')
-rw-r--r-- | v3po/api/src/main/yang/v3po.yang | 122 |
1 files changed, 10 insertions, 112 deletions
diff --git a/v3po/api/src/main/yang/v3po.yang b/v3po/api/src/main/yang/v3po.yang index 3e981c3ff..b2d0a74ed 100644 --- a/v3po/api/src/main/yang/v3po.yang +++ b/v3po/api/src/main/yang/v3po.yang @@ -32,11 +32,8 @@ module v3po { import yang-ext { prefix "ext"; } - import vpp-classifier { - prefix "vpp-classifier"; - } - import ietf-access-control-list { - prefix "acl"; + import vpp-acl { + prefix "vpp-acl"; } typedef bridge-domain-ref { @@ -137,13 +134,6 @@ module v3po { } } - typedef interface-mode { - type enumeration { - enum "l2"; - enum "l3"; - } - } - grouping bridge-domain-attributes { leaf flood { type boolean; @@ -430,98 +420,6 @@ module v3po { } } - grouping acl-base-attributes { - description - "Defines references to classify tables. - At least one table reference should be specified."; - container l2-acl { - leaf classify-table { - type vpp-classifier:classify-table-ref; - description - "An L2 ACL table"; - } - } - container ip4-acl { - leaf classify-table { - type vpp-classifier:classify-table-ref; - description - "An IPv4 ACL table"; - } - } - container ip6-acl { - leaf classify-table { - type vpp-classifier:classify-table-ref; - description - "An IPv6 ACL table"; - } - } - } - - grouping ietf-acl-base-attributes { - description - "Provides limited support for ietf-acl model."; - - container access-lists { - description - "Defines references to ietf-acl lists. Before assignment to interface, - ACL lists are merged into 3 type of acls (l2, ip4 and ip6) that are supported by vpp. - Then 3 corresponding chains of tables and sessions are created and assigned to the interface - as l2, ip4 and ip6 classify table chains. - User ordering is preserved in each group separately. - - Assignment update/delete removes all created tables and sessions and repeats process described above. - Update/delete of ACL lists referenced here is not permitted (assignment needs to be removed first). - - Read is supported only for acls that were created and assigned by Honeycomb agent - (corresponding metadata are present). - - Limitations (due to vpp limitations): - - egress rules are currently ignored (HONEYCOMB-234) - - L4 rules are currently not supported (limited support will by provided by HONEYCOMB-218) - - mixing L2/L3/L4 rules is currently not supported (limited support will by provided by HONEYCOMB-233) - - L2 only rules on L3 interfaces are not supported (not allowed by vpp, - in the future defining L2/L3 pairs should be partially supported) - - vlan tags are supported only for sub-interfaces defined as exact-match"; - list acl { - key "type name"; - ordered-by user; - - leaf type { - type acl:acl-type; - } - - leaf name { - type acl:access-control-list-ref; - } - } - - leaf default-action { - type enumeration { - enum "deny"; - enum "permit"; - } - default "deny"; - description - "Default action applied to packet that does not match any of rules defined in assigned ACLs. - It is translated to single classify table and applied at the end of assigned chains."; - } - - leaf mode { - type interface-mode; - default l3; - description - "The way ACLs are translated depends on the interface mode. - In case of L2 interfaces (bridge/interconnection) - classify tables are assigned as l2_table using input_acl_set_interface (ether type matching is automatically - added in case of L3 rules). - In case of L3 interfaces, classify tables are assigned as ip4/ip6 tables. - - It is the user responsibility to choose mode that matches target interface. - "; - } - } - } - augment /if:interfaces/if:interface { ext:augment-identifier "vpp-interface-augmentation"; @@ -582,19 +480,19 @@ module v3po { container acl { container ingress { - uses acl-base-attributes; + uses vpp-acl:acl-base-attributes; } container egress { - uses acl-base-attributes; + uses vpp-acl:acl-base-attributes; } } container ietf-acl { container ingress { - uses ietf-acl-base-attributes; + uses vpp-acl:ietf-acl-base-attributes; } container egress { - uses ietf-acl-base-attributes; + uses vpp-acl:ietf-acl-base-attributes; } } } @@ -672,19 +570,19 @@ module v3po { container acl { container ingress { - uses acl-base-attributes; + uses vpp-acl:acl-base-attributes; } container egress { - uses acl-base-attributes; + uses vpp-acl:acl-base-attributes; } } container ietf-acl { container ingress { - uses ietf-acl-base-attributes; + uses vpp-acl:ietf-acl-base-attributes; } container egress { - uses ietf-acl-base-attributes; + uses vpp-acl:ietf-acl-base-attributes; } } } |