summaryrefslogtreecommitdiffstats
path: root/examples/ncclient/acl/config_acl_update.xml
diff options
context:
space:
mode:
Diffstat (limited to 'examples/ncclient/acl/config_acl_update.xml')
-rw-r--r--examples/ncclient/acl/config_acl_update.xml204
1 files changed, 40 insertions, 164 deletions
diff --git a/examples/ncclient/acl/config_acl_update.xml b/examples/ncclient/acl/config_acl_update.xml
index 379e4f42d..5541e1cdb 100644
--- a/examples/ncclient/acl/config_acl_update.xml
+++ b/examples/ncclient/acl/config_acl_update.xml
@@ -18,188 +18,64 @@
<interface>
<name>loop1</name>
<description>for testing purposes</description>
- <type xmlns:x="urn:opendaylight:params:xml:ns:yang:v3po">x:loopback</type>
- <loopback xmlns="urn:opendaylight:params:xml:ns:yang:v3po">
+ <type xmlns:x="http://fd.io/hc2vpp/yang/v3po">x:loopback</type>
+ <loopback xmlns="http://fd.io/hc2vpp/yang/v3po">
<mac>00:ff:ff:ff:ff:ff</mac>
</loopback>
- <acl xmlns="urn:opendaylight:params:xml:ns:yang:interface:acl">
- <ingress>
- <vpp-macip-acl>
- <type xmlns:x="urn:opendaylight:params:xml:ns:yang:vpp:acl">x:vpp-macip-acl</type>
- <name>macip-acl</name>
- </vpp-macip-acl>
- </ingress>
- </acl>
</interface>
<interface>
<name>loop2</name>
<description>for testing purposes</description>
- <type xmlns:x="urn:opendaylight:params:xml:ns:yang:v3po">x:loopback</type>
- <loopback xmlns="urn:opendaylight:params:xml:ns:yang:v3po">
+ <type xmlns:x="http://fd.io/hc2vpp/yang/v3po">x:loopback</type>
+ <loopback xmlns="http://fd.io/hc2vpp/yang/v3po">
<mac>aa:ff:ff:ff:ff:ff</mac>
</loopback>
- <acl xmlns="urn:opendaylight:params:xml:ns:yang:interface:acl">
- <ingress>
- <vpp-acls>
- <type xmlns:x="urn:opendaylight:params:xml:ns:yang:vpp:acl">x:vpp-acl</type>
- <name>tcp-acl2</name>
- </vpp-acls>
- <vpp-acls>
- <type xmlns:x="urn:opendaylight:params:xml:ns:yang:vpp:acl">x:vpp-acl</type>
- <name>udp-acl</name>
- </vpp-acls>
- </ingress>
- </acl>
</interface>
</interfaces>
- <access-lists xmlns="urn:ietf:params:xml:ns:yang:ietf-access-control-list">
- <acl>
- <acl-name>macip-acl</acl-name>
- <acl-type xmlns:x="urn:opendaylight:params:xml:ns:yang:vpp:acl">x:vpp-macip-acl</acl-type>
- <access-list-entries>
- <ace>
- <rule-name>macip-rule</rule-name>
- <matches>
- <vpp-macip-ace-nodes xmlns="urn:opendaylight:params:xml:ns:yang:vpp:acl">
- <source-ipv4-network>192.168.2.2/32</source-ipv4-network>
- <source-mac-address>aa:aa:aa:aa:aa:aa</source-mac-address>
- <source-mac-address-mask>ff:00:00:00:00:00</source-mac-address-mask>
- </vpp-macip-ace-nodes>
- </matches>
- <actions>
- <permit/>
- </actions>
- </ace>
- </access-list-entries>
- </acl>
+ <acls xmlns="urn:ietf:params:xml:ns:yang:ietf-access-control-list">
<acl>
- <acl-name>icmp-v6-acl</acl-name>
- <acl-type xmlns:x="urn:opendaylight:params:xml:ns:yang:vpp:acl">x:vpp-acl</acl-type>
- <access-list-entries>
+ <name>tcp-acl</name>
+ <aces>
<ace>
- <rule-name>imcp-v6-rule</rule-name>
+ <name>tcp-rule</name>
<matches>
- <vpp-ace-nodes xmlns="urn:opendaylight:params:xml:ns:yang:vpp:acl">
- <destination-ipv6-network>2001:0db8:0a0b:12f0:0000:0000:0000:0001/64
- </destination-ipv6-network>
- <source-ipv6-network>2001:0db8:0a0b:12f0:0000:0000:0000:0002/48</source-ipv6-network>
- <icmp-v6-nodes>
- <icmp-type-range>
- <last>8</last>
- <first>5</first>
- </icmp-type-range>
- <icmp-code-range>
- <last>3</last>
- <first>1</first>
- </icmp-code-range>
- </icmp-v6-nodes>
- </vpp-ace-nodes>
- </matches>
- <actions>
- <permit/>
- </actions>
- </ace>
- </access-list-entries>
- </acl>
- <acl>
- <acl-name>udp-acl</acl-name>
- <acl-type xmlns:x="urn:opendaylight:params:xml:ns:yang:vpp:acl">x:vpp-acl</acl-type>
- <access-list-entries>
- <ace>
- <rule-name>udp-rule</rule-name>
- <matches>
- <vpp-ace-nodes xmlns="urn:opendaylight:params:xml:ns:yang:vpp:acl">
+ <tcp>
+ <vpp-tcp-ace xmlns="http://fd.io/hc2vpp/yang/vpp/acl">
+ <flags-mask>cwr</flags-mask>
+ </vpp-tcp-ace>
+ <source-port>
+ <lower-port>1</lower-port>
+ <upper-port>5487</upper-port>
+ </source-port>
+ <destination-port>
+ <lower-port>87</lower-port>
+ <upper-port>6745</upper-port>
+ </destination-port>
+ <flags>cwr ece urg</flags>
+ </tcp>
+ <ipv4>
<destination-ipv4-network>192.168.2.1/24</destination-ipv4-network>
<source-ipv4-network>192.168.2.2/32</source-ipv4-network>
- <udp-nodes>
- <source-port-range>
- <upper-port>5486</upper-port>
- <lower-port>11</lower-port>
- </source-port-range>
- </udp-nodes>
- </vpp-ace-nodes>
+ </ipv4>
</matches>
<actions>
- <permit/>
+ <forwarding>accept</forwarding>
</actions>
</ace>
- </access-list-entries>
+ </aces>
+ <type xmlns:x="http://fd.io/hc2vpp/yang/vpp/acl">x:vpp-acl</type>
</acl>
- <acl>
- <acl-name>tcp-acl2</acl-name>
- <acl-type xmlns:x="urn:opendaylight:params:xml:ns:yang:vpp:acl">x:vpp-acl</acl-type>
- <access-list-entries>
- <ace>
- <rule-name>tcp-rule</rule-name>
- <matches>
- <vpp-ace-nodes xmlns="urn:opendaylight:params:xml:ns:yang:vpp:acl">
- <destination-ipv4-network>192.168.2.1/24</destination-ipv4-network>
- <source-ipv4-network>192.168.2.2/32</source-ipv4-network>
- <tcp-nodes>
- <source-port-range>
- <upper-port>5487</upper-port>
- <lower-port>1</lower-port>
- </source-port-range>
- <destination-port-range>
- <upper-port>6745</upper-port>
- <lower-port>87</lower-port>
- </destination-port-range>
- <tcp-flags-mask>1</tcp-flags-mask>
- <tcp-flags-value>7</tcp-flags-value>
- </tcp-nodes>
- </vpp-ace-nodes>
- </matches>
- <actions>
- <permit/>
- </actions>
- </ace>
- </access-list-entries>
- </acl>
- <acl>
- <acl-name>icmp-acl</acl-name>
- <acl-type xmlns:x="urn:opendaylight:params:xml:ns:yang:vpp:acl">x:vpp-acl</acl-type>
- <access-list-entries>
- <ace>
- <rule-name>renamed-imcp-rule</rule-name>
- <matches>
- <vpp-ace-nodes xmlns="urn:opendaylight:params:xml:ns:yang:vpp:acl">
- <destination-ipv4-network>192.168.2.1/24</destination-ipv4-network>
- <source-ipv4-network>192.168.2.2/32</source-ipv4-network>
- <icmp-nodes>
- <icmp-type-range>
- <last>8</last>
- <first>5</first>
- </icmp-type-range>
- <icmp-code-range>
- <last>3</last>
- <first>1</first>
- </icmp-code-range>
- </icmp-nodes>
- </vpp-ace-nodes>
- </matches>
- <actions>
- <permit/>
- </actions>
- </ace>
- <ace>
- <rule-name>new-icmp-rule</rule-name>
- <matches>
- <vpp-ace-nodes xmlns="urn:opendaylight:params:xml:ns:yang:vpp:acl">
- <destination-ipv4-network>10.1.1.1/24</destination-ipv4-network>
- <source-ipv4-network>10.2.2.2/32</source-ipv4-network>
- <icmp-nodes>
- <icmp-type-range>
- <first>4</first>
- <last>9</last>
- </icmp-type-range>
- </icmp-nodes>
- </vpp-ace-nodes>
- </matches>
- <actions>
- <permit/>
- </actions>
- </ace>
- </access-list-entries>
- </acl>
- </access-lists>
+ <attachment-points>
+ <interface>
+ <interface-id>loop2</interface-id>
+ <ingress>
+ <acl-sets>
+ <acl-set>
+ <name>tcp-acl</name>
+ </acl-set>
+ </acl-sets>
+ </ingress>
+ </interface>
+ </attachment-points>
+ </acls>
</config>