summaryrefslogtreecommitdiffstats
path: root/v3po/api
diff options
context:
space:
mode:
authorMarek Gradzki <mgradzki@cisco.com>2016-10-10 13:18:01 +0200
committerMarek Gradzki <mgradzki@cisco.com>2016-10-10 17:29:45 +0200
commitc45625102fae94f34e53ebba1d039af4059cb6fc (patch)
tree08b07ecfd5de10d1f7168c4662c7c3a00c743e76 /v3po/api
parent8f6c292af0821fd8a8e8d80aea0e9cf97447a747 (diff)
Move interface acls to separate yang module
Change-Id: Ia11eacababd62f719e23af5b64b19c5227d56a45 Signed-off-by: Marek Gradzki <mgradzki@cisco.com>
Diffstat (limited to 'v3po/api')
-rw-r--r--v3po/api/src/main/yang/v3po.yang122
-rw-r--r--v3po/api/src/main/yang/vpp-acl.yang116
-rw-r--r--v3po/api/src/main/yang/vpp-vlan.yang11
3 files changed, 133 insertions, 116 deletions
diff --git a/v3po/api/src/main/yang/v3po.yang b/v3po/api/src/main/yang/v3po.yang
index 3e981c3ff..b2d0a74ed 100644
--- a/v3po/api/src/main/yang/v3po.yang
+++ b/v3po/api/src/main/yang/v3po.yang
@@ -32,11 +32,8 @@ module v3po {
import yang-ext {
prefix "ext";
}
- import vpp-classifier {
- prefix "vpp-classifier";
- }
- import ietf-access-control-list {
- prefix "acl";
+ import vpp-acl {
+ prefix "vpp-acl";
}
typedef bridge-domain-ref {
@@ -137,13 +134,6 @@ module v3po {
}
}
- typedef interface-mode {
- type enumeration {
- enum "l2";
- enum "l3";
- }
- }
-
grouping bridge-domain-attributes {
leaf flood {
type boolean;
@@ -430,98 +420,6 @@ module v3po {
}
}
- grouping acl-base-attributes {
- description
- "Defines references to classify tables.
- At least one table reference should be specified.";
- container l2-acl {
- leaf classify-table {
- type vpp-classifier:classify-table-ref;
- description
- "An L2 ACL table";
- }
- }
- container ip4-acl {
- leaf classify-table {
- type vpp-classifier:classify-table-ref;
- description
- "An IPv4 ACL table";
- }
- }
- container ip6-acl {
- leaf classify-table {
- type vpp-classifier:classify-table-ref;
- description
- "An IPv6 ACL table";
- }
- }
- }
-
- grouping ietf-acl-base-attributes {
- description
- "Provides limited support for ietf-acl model.";
-
- container access-lists {
- description
- "Defines references to ietf-acl lists. Before assignment to interface,
- ACL lists are merged into 3 type of acls (l2, ip4 and ip6) that are supported by vpp.
- Then 3 corresponding chains of tables and sessions are created and assigned to the interface
- as l2, ip4 and ip6 classify table chains.
- User ordering is preserved in each group separately.
-
- Assignment update/delete removes all created tables and sessions and repeats process described above.
- Update/delete of ACL lists referenced here is not permitted (assignment needs to be removed first).
-
- Read is supported only for acls that were created and assigned by Honeycomb agent
- (corresponding metadata are present).
-
- Limitations (due to vpp limitations):
- - egress rules are currently ignored (HONEYCOMB-234)
- - L4 rules are currently not supported (limited support will by provided by HONEYCOMB-218)
- - mixing L2/L3/L4 rules is currently not supported (limited support will by provided by HONEYCOMB-233)
- - L2 only rules on L3 interfaces are not supported (not allowed by vpp,
- in the future defining L2/L3 pairs should be partially supported)
- - vlan tags are supported only for sub-interfaces defined as exact-match";
- list acl {
- key "type name";
- ordered-by user;
-
- leaf type {
- type acl:acl-type;
- }
-
- leaf name {
- type acl:access-control-list-ref;
- }
- }
-
- leaf default-action {
- type enumeration {
- enum "deny";
- enum "permit";
- }
- default "deny";
- description
- "Default action applied to packet that does not match any of rules defined in assigned ACLs.
- It is translated to single classify table and applied at the end of assigned chains.";
- }
-
- leaf mode {
- type interface-mode;
- default l3;
- description
- "The way ACLs are translated depends on the interface mode.
- In case of L2 interfaces (bridge/interconnection)
- classify tables are assigned as l2_table using input_acl_set_interface (ether type matching is automatically
- added in case of L3 rules).
- In case of L3 interfaces, classify tables are assigned as ip4/ip6 tables.
-
- It is the user responsibility to choose mode that matches target interface.
- ";
- }
- }
- }
-
augment /if:interfaces/if:interface {
ext:augment-identifier "vpp-interface-augmentation";
@@ -582,19 +480,19 @@ module v3po {
container acl {
container ingress {
- uses acl-base-attributes;
+ uses vpp-acl:acl-base-attributes;
}
container egress {
- uses acl-base-attributes;
+ uses vpp-acl:acl-base-attributes;
}
}
container ietf-acl {
container ingress {
- uses ietf-acl-base-attributes;
+ uses vpp-acl:ietf-acl-base-attributes;
}
container egress {
- uses ietf-acl-base-attributes;
+ uses vpp-acl:ietf-acl-base-attributes;
}
}
}
@@ -672,19 +570,19 @@ module v3po {
container acl {
container ingress {
- uses acl-base-attributes;
+ uses vpp-acl:acl-base-attributes;
}
container egress {
- uses acl-base-attributes;
+ uses vpp-acl:acl-base-attributes;
}
}
container ietf-acl {
container ingress {
- uses ietf-acl-base-attributes;
+ uses vpp-acl:ietf-acl-base-attributes;
}
container egress {
- uses ietf-acl-base-attributes;
+ uses vpp-acl:ietf-acl-base-attributes;
}
}
}
diff --git a/v3po/api/src/main/yang/vpp-acl.yang b/v3po/api/src/main/yang/vpp-acl.yang
new file mode 100644
index 000000000..986d2eee3
--- /dev/null
+++ b/v3po/api/src/main/yang/vpp-acl.yang
@@ -0,0 +1,116 @@
+module vpp-acl {
+ yang-version 1;
+ namespace "urn:opendaylight:params:xml:ns:yang:vpp:acl";
+ prefix "vpp-acl";
+
+ revision "2016-12-14" {
+ description
+ "Initial revision of vpp-acl model.";
+ }
+
+ import ietf-access-control-list {
+ prefix "acl";
+ }
+
+ import vpp-classifier {
+ prefix "vpp-classifier";
+ }
+
+ typedef interface-mode {
+ type enumeration {
+ enum "l2";
+ enum "l3";
+ }
+ }
+ grouping acl-base-attributes {
+ description
+ "Defines references to classify tables.
+ At least one table reference should be specified.";
+ container l2-acl {
+ leaf classify-table {
+ type vpp-classifier:classify-table-ref;
+ description
+ "An L2 ACL table";
+ }
+ }
+ container ip4-acl {
+ leaf classify-table {
+ type vpp-classifier:classify-table-ref;
+ description
+ "An IPv4 ACL table";
+ }
+ }
+ container ip6-acl {
+ leaf classify-table {
+ type vpp-classifier:classify-table-ref;
+ description
+ "An IPv6 ACL table";
+ }
+ }
+ }
+
+ grouping ietf-acl-base-attributes {
+ description
+ "Provides limited support for ietf-acl model.";
+
+ container access-lists {
+ description
+ "Defines references to ietf-acl lists. Before assignment to interface,
+ ACL lists are merged into 3 type of acls (l2, ip4 and ip6) that are supported by vpp.
+ Then 3 corresponding chains of tables and sessions are created and assigned to the interface
+ as l2, ip4 and ip6 classify table chains.
+ User ordering is preserved in each group separately.
+
+ Assignment update/delete removes all created tables and sessions and repeats process described above.
+ Update/delete of ACL lists referenced here is not permitted (assignment needs to be removed first).
+
+ Read is supported only for acls that were created and assigned by Honeycomb agent
+ (corresponding metadata are present).
+
+ Limitations (due to vpp limitations):
+ - egress rules are currently ignored (HONEYCOMB-234)
+ - L4 rules are currently not supported (limited support will by provided by HONEYCOMB-218)
+ - mixing L2/L3/L4 rules is currently not supported (limited support will by provided by HONEYCOMB-233)
+ - L2 only rules on L3 interfaces are not supported (not allowed by vpp,
+ in the future defining L2/L3 pairs should be partially supported)
+ - vlan tags are supported only for sub-interfaces defined as exact-match";
+ list acl {
+ key "type name";
+ ordered-by user;
+
+ leaf type {
+ type acl:acl-type;
+ }
+
+ leaf name {
+ type acl:access-control-list-ref;
+ }
+ }
+
+ leaf default-action {
+ type enumeration {
+ enum "deny";
+ enum "permit";
+ }
+ default "deny";
+ description
+ "Default action applied to packet that does not match any of rules defined in assigned ACLs.
+ It is translated to single classify table and applied at the end of assigned chains.";
+ }
+
+ leaf mode {
+ type interface-mode;
+ default l3;
+ description
+ "The way ACLs are translated depends on the interface mode.
+ In case of L2 interfaces (bridge/interconnection)
+ classify tables are assigned as l2_table using input_acl_set_interface (ether type matching is automatically
+ added in case of L3 rules).
+ In case of L3 interfaces, classify tables are assigned as ip4/ip6 tables.
+
+ It is the user responsibility to choose mode that matches target interface.
+ ";
+ }
+ }
+ }
+} \ No newline at end of file
diff --git a/v3po/api/src/main/yang/vpp-vlan.yang b/v3po/api/src/main/yang/vpp-vlan.yang
index ffe009a2a..cd3d320ee 100644
--- a/v3po/api/src/main/yang/vpp-vlan.yang
+++ b/v3po/api/src/main/yang/vpp-vlan.yang
@@ -33,6 +33,9 @@ module vpp-vlan {
import v3po {
prefix v3po;
}
+ import vpp-acl {
+ prefix vpp-acl;
+ }
typedef sub-interface-status {
type enumeration {
@@ -167,19 +170,19 @@ module vpp-vlan {
container acl {
container ingress {
- uses v3po:acl-base-attributes;
+ uses vpp-acl:acl-base-attributes;
}
container egress {
- uses v3po:acl-base-attributes;
+ uses vpp-acl:acl-base-attributes;
}
}
container ietf-acl {
container ingress {
- uses v3po:ietf-acl-base-attributes;
+ uses vpp-acl:ietf-acl-base-attributes;
}
container egress {
- uses v3po:ietf-acl-base-attributes;
+ uses vpp-acl:ietf-acl-base-attributes;
}
}
}