summaryrefslogtreecommitdiffstats
path: root/examples/ncclient/acl
diff options
context:
space:
mode:
Diffstat (limited to 'examples/ncclient/acl')
-rw-r--r--examples/ncclient/acl/config_acl.xml196
-rw-r--r--examples/ncclient/acl/config_acl_update.xml204
-rw-r--r--examples/ncclient/acl/config_invalid_acl.xml6
-rw-r--r--examples/ncclient/acl/expected_config_acl.xml196
-rw-r--r--examples/ncclient/acl/expected_config_acl_update.xml204
-rwxr-xr-xexamples/ncclient/acl/test_acl.sh2
-rwxr-xr-xexamples/ncclient/acl/test_acl_update.sh4
7 files changed, 292 insertions, 520 deletions
diff --git a/examples/ncclient/acl/config_acl.xml b/examples/ncclient/acl/config_acl.xml
index ed4d9b4e5..826a83e08 100644
--- a/examples/ncclient/acl/config_acl.xml
+++ b/examples/ncclient/acl/config_acl.xml
@@ -18,59 +18,53 @@
<interface>
<name>loop1</name>
<description>for testing purposes</description>
- <type xmlns:x="urn:opendaylight:params:xml:ns:yang:v3po">x:loopback</type>
- <loopback xmlns="urn:opendaylight:params:xml:ns:yang:v3po">
+ <type xmlns:x="http://fd.io/hc2vpp/yang/v3po">x:loopback</type>
+ <loopback xmlns="http://fd.io/hc2vpp/yang/v3po">
<mac>00:ff:ff:ff:ff:ff</mac>
</loopback>
- <acl xmlns="urn:opendaylight:params:xml:ns:yang:interface:acl">
- <ingress>
- <vpp-acls>
- <type xmlns:x="urn:opendaylight:params:xml:ns:yang:vpp:acl">x:vpp-acl</type>
- <name>tcp-acl</name>
- </vpp-acls>
- <vpp-acls>
- <type xmlns:x="urn:opendaylight:params:xml:ns:yang:vpp:acl">x:vpp-acl</type>
- <name>udp-acl</name>
- </vpp-acls>
- <vpp-macip-acl>
- <type xmlns:x="urn:opendaylight:params:xml:ns:yang:vpp:acl">x:vpp-macip-acl</type>
- <name>macip-acl</name>
- </vpp-macip-acl>
- </ingress>
- </acl>
</interface>
</interfaces>
- <access-lists xmlns="urn:ietf:params:xml:ns:yang:ietf-access-control-list">
+ <acls xmlns="urn:ietf:params:xml:ns:yang:ietf-access-control-list">
<acl>
- <acl-name>macip-acl</acl-name>
- <acl-type xmlns:x="urn:opendaylight:params:xml:ns:yang:vpp:acl">x:vpp-macip-acl</acl-type>
- <access-list-entries>
+ <name>tcp-acl</name>
+ <aces>
<ace>
- <rule-name>macip-rule</rule-name>
+ <name>tcp-rule</name>
<matches>
- <vpp-macip-ace-nodes xmlns="urn:opendaylight:params:xml:ns:yang:vpp:acl">
+ <tcp>
+ <vpp-tcp-ace xmlns="http://fd.io/hc2vpp/yang/vpp/acl">
+ <flags-mask>cwr</flags-mask>
+ </vpp-tcp-ace>
+ <source-port>
+ <lower-port>1</lower-port>
+ <upper-port>5487</upper-port>
+ </source-port>
+ <destination-port>
+ <lower-port>87</lower-port>
+ <upper-port>6745</upper-port>
+ </destination-port>
+ <flags>cwr ece urg</flags>
+ </tcp>
+ <ipv4>
+ <destination-ipv4-network>192.168.2.1/24</destination-ipv4-network>
<source-ipv4-network>192.168.2.2/32</source-ipv4-network>
- <source-mac-address>aa:aa:aa:aa:aa:aa</source-mac-address>
- <source-mac-address-mask>ff:00:00:00:00:00</source-mac-address-mask>
- </vpp-macip-ace-nodes>
+ </ipv4>
</matches>
<actions>
- <permit/>
+ <forwarding>accept</forwarding>
</actions>
</ace>
- </access-list-entries>
+ </aces>
+ <type xmlns:x="http://fd.io/hc2vpp/yang/vpp/acl">x:vpp-acl</type>
</acl>
<acl>
- <acl-name>icmp-v6-acl</acl-name>
- <acl-type xmlns:x="urn:opendaylight:params:xml:ns:yang:vpp:acl">x:vpp-acl</acl-type>
- <access-list-entries>
+ <name>icmp-v6-acl</name>
+ <aces>
<ace>
- <rule-name>imcp-v6-rule</rule-name>
+ <name>imcp-v6-rule</name>
<matches>
- <vpp-ace-nodes xmlns="urn:opendaylight:params:xml:ns:yang:vpp:acl">
- <destination-ipv6-network>2001:0db8:0a0b:12f0:0000:0000:0000:0001/64</destination-ipv6-network>
- <source-ipv6-network>2001:0db8:0a0b:12f0:0000:0000:0000:0002/48</source-ipv6-network>
- <icmp-v6-nodes>
+ <icmp>
+ <vpp-icmp-ace xmlns="http://fd.io/hc2vpp/yang/vpp/acl">
<icmp-type-range>
<last>8</last>
<first>5</first>
@@ -79,84 +73,77 @@
<last>3</last>
<first>1</first>
</icmp-code-range>
- </icmp-v6-nodes>
- </vpp-ace-nodes>
+ </vpp-icmp-ace>
+ </icmp>
+ <ipv6>
+ <destination-ipv6-network>2001:0db8:0a0b:12f0:0000:0000:0000:0001/64</destination-ipv6-network>
+ <source-ipv6-network>2001:0db8:0a0b:12f0:0000:0000:0000:0002/48</source-ipv6-network>
+ </ipv6>
</matches>
<actions>
- <permit/>
+ <forwarding>accept</forwarding>
</actions>
</ace>
- </access-list-entries>
+ </aces>
+ <type xmlns:x="http://fd.io/hc2vpp/yang/vpp/acl">x:vpp-acl</type>
</acl>
<acl>
- <acl-name>udp-acl</acl-name>
- <acl-type xmlns:x="urn:opendaylight:params:xml:ns:yang:vpp:acl">x:vpp-acl</acl-type>
- <access-list-entries>
+ <name>macip-acl</name>
+ <aces>
<ace>
- <rule-name>udp-rule</rule-name>
+ <name>macip-rule</name>
<matches>
- <vpp-ace-nodes xmlns="urn:opendaylight:params:xml:ns:yang:vpp:acl">
- <destination-ipv4-network>192.168.2.1/24</destination-ipv4-network>
+ <eth>
+ <source-mac-address-mask>ff:00:00:00:00:00</source-mac-address-mask>
+ <source-mac-address>aa:aa:aa:aa:aa:aa</source-mac-address>
+ </eth>
+ <ipv4>
<source-ipv4-network>192.168.2.2/32</source-ipv4-network>
- <udp-nodes>
- <source-port-range>
- <upper-port>5487</upper-port>
- <lower-port>1</lower-port>
- </source-port-range>
- <destination-port-range>
- <upper-port>6745</upper-port>
- <lower-port>87</lower-port>
- </destination-port-range>
- </udp-nodes>
- </vpp-ace-nodes>
+ </ipv4>
</matches>
<actions>
- <permit/>
+ <forwarding>accept</forwarding>
</actions>
</ace>
- </access-list-entries>
+ </aces>
+ <type xmlns:x="http://fd.io/hc2vpp/yang/vpp/acl">x:vpp-macip-acl</type>
</acl>
<acl>
- <acl-name>tcp-acl</acl-name>
- <acl-type xmlns:x="urn:opendaylight:params:xml:ns:yang:vpp:acl">x:vpp-acl</acl-type>
- <access-list-entries>
+ <name>udp-acl</name>
+ <aces>
<ace>
- <rule-name>tcp-rule</rule-name>
+ <name>udp-rule</name>
<matches>
- <vpp-ace-nodes xmlns="urn:opendaylight:params:xml:ns:yang:vpp:acl">
+ <udp>
+ <source-port>
+ <lower-port>1</lower-port>
+ <upper-port>5487</upper-port>
+ </source-port>
+ <destination-port>
+ <lower-port>87</lower-port>
+ <upper-port>6745</upper-port>
+ </destination-port>
+ </udp>
+ <ipv4>
<destination-ipv4-network>192.168.2.1/24</destination-ipv4-network>
<source-ipv4-network>192.168.2.2/32</source-ipv4-network>
- <tcp-nodes>
- <source-port-range>
- <upper-port>5487</upper-port>
- <lower-port>1</lower-port>
- </source-port-range>
- <destination-port-range>
- <upper-port>6745</upper-port>
- <lower-port>87</lower-port>
- </destination-port-range>
- <tcp-flags-mask>1</tcp-flags-mask>
- <tcp-flags-value>7</tcp-flags-value>
- </tcp-nodes>
- </vpp-ace-nodes>
+ </ipv4>
</matches>
<actions>
- <permit/>
+ <forwarding>accept</forwarding>
</actions>
</ace>
- </access-list-entries>
+ </aces>
+ <type xmlns:x="http://fd.io/hc2vpp/yang/vpp/acl">x:vpp-acl</type>
</acl>
<acl>
- <acl-name>icmp-acl</acl-name>
- <acl-type xmlns:x="urn:opendaylight:params:xml:ns:yang:vpp:acl">x:vpp-acl</acl-type>
- <access-list-entries>
+ <name>icmp-acl</name>
+ <aces>
<ace>
- <rule-name>imcp-rule</rule-name>
+ <name>imcp-rule</name>
<matches>
- <vpp-ace-nodes xmlns="urn:opendaylight:params:xml:ns:yang:vpp:acl">
- <destination-ipv4-network>192.168.2.1/24</destination-ipv4-network>
- <source-ipv4-network>192.168.2.2/32</source-ipv4-network>
- <icmp-nodes>
+ <icmp>
+ <vpp-icmp-ace xmlns="http://fd.io/hc2vpp/yang/vpp/acl">
<icmp-type-range>
<last>8</last>
<first>5</first>
@@ -165,14 +152,37 @@
<last>3</last>
<first>1</first>
</icmp-code-range>
- </icmp-nodes>
- </vpp-ace-nodes>
+ </vpp-icmp-ace>
+ </icmp>
+ <ipv4>
+ <destination-ipv4-network>192.168.2.1/24</destination-ipv4-network>
+ <source-ipv4-network>192.168.2.2/32</source-ipv4-network>
+ </ipv4>
</matches>
<actions>
- <permit/>
+ <forwarding>accept</forwarding>
</actions>
</ace>
- </access-list-entries>
+ </aces>
+ <type xmlns:x="http://fd.io/hc2vpp/yang/vpp/acl">x:vpp-acl</type>
</acl>
- </access-lists>
+ <attachment-points>
+ <interface>
+ <interface-id>local0</interface-id>
+ <ingress>
+ <acl-sets>
+ <acl-set>
+ <name>tcp-acl</name>
+ </acl-set>
+ <acl-set>
+ <name>udp-acl</name>
+ </acl-set>
+ <acl-set>
+ <name>macip-acl</name>
+ </acl-set>
+ </acl-sets>
+ </ingress>
+ </interface>
+ </attachment-points>
+ </acls>
</config>
diff --git a/examples/ncclient/acl/config_acl_update.xml b/examples/ncclient/acl/config_acl_update.xml
index 379e4f42d..5541e1cdb 100644
--- a/examples/ncclient/acl/config_acl_update.xml
+++ b/examples/ncclient/acl/config_acl_update.xml
@@ -18,188 +18,64 @@
<interface>
<name>loop1</name>
<description>for testing purposes</description>
- <type xmlns:x="urn:opendaylight:params:xml:ns:yang:v3po">x:loopback</type>
- <loopback xmlns="urn:opendaylight:params:xml:ns:yang:v3po">
+ <type xmlns:x="http://fd.io/hc2vpp/yang/v3po">x:loopback</type>
+ <loopback xmlns="http://fd.io/hc2vpp/yang/v3po">
<mac>00:ff:ff:ff:ff:ff</mac>
</loopback>
- <acl xmlns="urn:opendaylight:params:xml:ns:yang:interface:acl">
- <ingress>
- <vpp-macip-acl>
- <type xmlns:x="urn:opendaylight:params:xml:ns:yang:vpp:acl">x:vpp-macip-acl</type>
- <name>macip-acl</name>
- </vpp-macip-acl>
- </ingress>
- </acl>
</interface>
<interface>
<name>loop2</name>
<description>for testing purposes</description>
- <type xmlns:x="urn:opendaylight:params:xml:ns:yang:v3po">x:loopback</type>
- <loopback xmlns="urn:opendaylight:params:xml:ns:yang:v3po">
+ <type xmlns:x="http://fd.io/hc2vpp/yang/v3po">x:loopback</type>
+ <loopback xmlns="http://fd.io/hc2vpp/yang/v3po">
<mac>aa:ff:ff:ff:ff:ff</mac>
</loopback>
- <acl xmlns="urn:opendaylight:params:xml:ns:yang:interface:acl">
- <ingress>
- <vpp-acls>
- <type xmlns:x="urn:opendaylight:params:xml:ns:yang:vpp:acl">x:vpp-acl</type>
- <name>tcp-acl2</name>
- </vpp-acls>
- <vpp-acls>
- <type xmlns:x="urn:opendaylight:params:xml:ns:yang:vpp:acl">x:vpp-acl</type>
- <name>udp-acl</name>
- </vpp-acls>
- </ingress>
- </acl>
</interface>
</interfaces>
- <access-lists xmlns="urn:ietf:params:xml:ns:yang:ietf-access-control-list">
- <acl>
- <acl-name>macip-acl</acl-name>
- <acl-type xmlns:x="urn:opendaylight:params:xml:ns:yang:vpp:acl">x:vpp-macip-acl</acl-type>
- <access-list-entries>
- <ace>
- <rule-name>macip-rule</rule-name>
- <matches>
- <vpp-macip-ace-nodes xmlns="urn:opendaylight:params:xml:ns:yang:vpp:acl">
- <source-ipv4-network>192.168.2.2/32</source-ipv4-network>
- <source-mac-address>aa:aa:aa:aa:aa:aa</source-mac-address>
- <source-mac-address-mask>ff:00:00:00:00:00</source-mac-address-mask>
- </vpp-macip-ace-nodes>
- </matches>
- <actions>
- <permit/>
- </actions>
- </ace>
- </access-list-entries>
- </acl>
+ <acls xmlns="urn:ietf:params:xml:ns:yang:ietf-access-control-list">
<acl>
- <acl-name>icmp-v6-acl</acl-name>
- <acl-type xmlns:x="urn:opendaylight:params:xml:ns:yang:vpp:acl">x:vpp-acl</acl-type>
- <access-list-entries>
+ <name>tcp-acl</name>
+ <aces>
<ace>
- <rule-name>imcp-v6-rule</rule-name>
+ <name>tcp-rule</name>
<matches>
- <vpp-ace-nodes xmlns="urn:opendaylight:params:xml:ns:yang:vpp:acl">
- <destination-ipv6-network>2001:0db8:0a0b:12f0:0000:0000:0000:0001/64
- </destination-ipv6-network>
- <source-ipv6-network>2001:0db8:0a0b:12f0:0000:0000:0000:0002/48</source-ipv6-network>
- <icmp-v6-nodes>
- <icmp-type-range>
- <last>8</last>
- <first>5</first>
- </icmp-type-range>
- <icmp-code-range>
- <last>3</last>
- <first>1</first>
- </icmp-code-range>
- </icmp-v6-nodes>
- </vpp-ace-nodes>
- </matches>
- <actions>
- <permit/>
- </actions>
- </ace>
- </access-list-entries>
- </acl>
- <acl>
- <acl-name>udp-acl</acl-name>
- <acl-type xmlns:x="urn:opendaylight:params:xml:ns:yang:vpp:acl">x:vpp-acl</acl-type>
- <access-list-entries>
- <ace>
- <rule-name>udp-rule</rule-name>
- <matches>
- <vpp-ace-nodes xmlns="urn:opendaylight:params:xml:ns:yang:vpp:acl">
+ <tcp>
+ <vpp-tcp-ace xmlns="http://fd.io/hc2vpp/yang/vpp/acl">
+ <flags-mask>cwr</flags-mask>
+ </vpp-tcp-ace>
+ <source-port>
+ <lower-port>1</lower-port>
+ <upper-port>5487</upper-port>
+ </source-port>
+ <destination-port>
+ <lower-port>87</lower-port>
+ <upper-port>6745</upper-port>
+ </destination-port>
+ <flags>cwr ece urg</flags>
+ </tcp>
+ <ipv4>
<destination-ipv4-network>192.168.2.1/24</destination-ipv4-network>
<source-ipv4-network>192.168.2.2/32</source-ipv4-network>
- <udp-nodes>
- <source-port-range>
- <upper-port>5486</upper-port>
- <lower-port>11</lower-port>
- </source-port-range>
- </udp-nodes>
- </vpp-ace-nodes>
+ </ipv4>
</matches>
<actions>
- <permit/>
+ <forwarding>accept</forwarding>
</actions>
</ace>
- </access-list-entries>
+ </aces>
+ <type xmlns:x="http://fd.io/hc2vpp/yang/vpp/acl">x:vpp-acl</type>
</acl>
- <acl>
- <acl-name>tcp-acl2</acl-name>
- <acl-type xmlns:x="urn:opendaylight:params:xml:ns:yang:vpp:acl">x:vpp-acl</acl-type>
- <access-list-entries>
- <ace>
- <rule-name>tcp-rule</rule-name>
- <matches>
- <vpp-ace-nodes xmlns="urn:opendaylight:params:xml:ns:yang:vpp:acl">
- <destination-ipv4-network>192.168.2.1/24</destination-ipv4-network>
- <source-ipv4-network>192.168.2.2/32</source-ipv4-network>
- <tcp-nodes>
- <source-port-range>
- <upper-port>5487</upper-port>
- <lower-port>1</lower-port>
- </source-port-range>
- <destination-port-range>
- <upper-port>6745</upper-port>
- <lower-port>87</lower-port>
- </destination-port-range>
- <tcp-flags-mask>1</tcp-flags-mask>
- <tcp-flags-value>7</tcp-flags-value>
- </tcp-nodes>
- </vpp-ace-nodes>
- </matches>
- <actions>
- <permit/>
- </actions>
- </ace>
- </access-list-entries>
- </acl>
- <acl>
- <acl-name>icmp-acl</acl-name>
- <acl-type xmlns:x="urn:opendaylight:params:xml:ns:yang:vpp:acl">x:vpp-acl</acl-type>
- <access-list-entries>
- <ace>
- <rule-name>renamed-imcp-rule</rule-name>
- <matches>
- <vpp-ace-nodes xmlns="urn:opendaylight:params:xml:ns:yang:vpp:acl">
- <destination-ipv4-network>192.168.2.1/24</destination-ipv4-network>
- <source-ipv4-network>192.168.2.2/32</source-ipv4-network>
- <icmp-nodes>
- <icmp-type-range>
- <last>8</last>
- <first>5</first>
- </icmp-type-range>
- <icmp-code-range>
- <last>3</last>
- <first>1</first>
- </icmp-code-range>
- </icmp-nodes>
- </vpp-ace-nodes>
- </matches>
- <actions>
- <permit/>
- </actions>
- </ace>
- <ace>
- <rule-name>new-icmp-rule</rule-name>
- <matches>
- <vpp-ace-nodes xmlns="urn:opendaylight:params:xml:ns:yang:vpp:acl">
- <destination-ipv4-network>10.1.1.1/24</destination-ipv4-network>
- <source-ipv4-network>10.2.2.2/32</source-ipv4-network>
- <icmp-nodes>
- <icmp-type-range>
- <first>4</first>
- <last>9</last>
- </icmp-type-range>
- </icmp-nodes>
- </vpp-ace-nodes>
- </matches>
- <actions>
- <permit/>
- </actions>
- </ace>
- </access-list-entries>
- </acl>
- </access-lists>
+ <attachment-points>
+ <interface>
+ <interface-id>loop2</interface-id>
+ <ingress>
+ <acl-sets>
+ <acl-set>
+ <name>tcp-acl</name>
+ </acl-set>
+ </acl-sets>
+ </ingress>
+ </interface>
+ </attachment-points>
+ </acls>
</config>
diff --git a/examples/ncclient/acl/config_invalid_acl.xml b/examples/ncclient/acl/config_invalid_acl.xml
index f1ea8035e..215d9a1b7 100644
--- a/examples/ncclient/acl/config_invalid_acl.xml
+++ b/examples/ncclient/acl/config_invalid_acl.xml
@@ -1,8 +1,8 @@
<config xmlns:xc="urn:ietf:params:xml:ns:netconf:base:1.0">
- <access-lists xmlns="urn:ietf:params:xml:ns:yang:ietf-access-control-list" xc:operation="create">
+ <acls xmlns="urn:ietf:params:xml:ns:yang:ietf-access-control-list" xc:operation="create">
<acl>
<acl-name>acl0</acl-name>
- <acl-type>ipv4-acl</acl-type>
+ <type xmlns:x="http://fd.io/hc2vpp/yang/vpp/acl">x:ipv4-acl</type>
</acl>
- </access-lists>
+ </acls>
</config>
diff --git a/examples/ncclient/acl/expected_config_acl.xml b/examples/ncclient/acl/expected_config_acl.xml
index 54e3d914e..a6f40e63e 100644
--- a/examples/ncclient/acl/expected_config_acl.xml
+++ b/examples/ncclient/acl/expected_config_acl.xml
@@ -33,59 +33,53 @@
<interface>
<name>loop1</name>
<description>for testing purposes</description>
- <type xmlns:x="urn:opendaylight:params:xml:ns:yang:v3po">x:loopback</type>
- <loopback xmlns="urn:opendaylight:params:xml:ns:yang:v3po">
+ <type xmlns:x="http://fd.io/hc2vpp/yang/v3po">x:loopback</type>
+ <loopback xmlns="http://fd.io/hc2vpp/yang/v3po">
<mac>00:ff:ff:ff:ff:ff</mac>
</loopback>
- <acl xmlns="urn:opendaylight:params:xml:ns:yang:interface:acl">
- <ingress>
- <vpp-acls>
- <type xmlns:x="urn:opendaylight:params:xml:ns:yang:vpp:acl">x:vpp-acl</type>
- <name>tcp-acl</name>
- </vpp-acls>
- <vpp-acls>
- <type xmlns:x="urn:opendaylight:params:xml:ns:yang:vpp:acl">x:vpp-acl</type>
- <name>udp-acl</name>
- </vpp-acls>
- <vpp-macip-acl>
- <type xmlns:x="urn:opendaylight:params:xml:ns:yang:vpp:acl">x:vpp-macip-acl</type>
- <name>macip-acl</name>
- </vpp-macip-acl>
- </ingress>
- </acl>
</interface>
</interfaces>
- <access-lists xmlns="urn:ietf:params:xml:ns:yang:ietf-access-control-list">
+ <acls xmlns="urn:ietf:params:xml:ns:yang:ietf-access-control-list">
<acl>
- <acl-name>macip-acl</acl-name>
- <acl-type xmlns:x="urn:opendaylight:params:xml:ns:yang:vpp:acl">x:vpp-macip-acl</acl-type>
- <access-list-entries>
+ <name>tcp-acl</name>
+ <aces>
<ace>
- <rule-name>macip-rule</rule-name>
+ <name>tcp-rule</name>
<matches>
- <vpp-macip-ace-nodes xmlns="urn:opendaylight:params:xml:ns:yang:vpp:acl">
+ <tcp>
+ <vpp-tcp-ace xmlns="http://fd.io/hc2vpp/yang/vpp/acl">
+ <flags-mask>cwr</flags-mask>
+ </vpp-tcp-ace>
+ <source-port>
+ <lower-port>1</lower-port>
+ <upper-port>5487</upper-port>
+ </source-port>
+ <destination-port>
+ <lower-port>87</lower-port>
+ <upper-port>6745</upper-port>
+ </destination-port>
+ <flags>cwr ece urg</flags>
+ </tcp>
+ <ipv4>
+ <destination-ipv4-network>192.168.2.1/24</destination-ipv4-network>
<source-ipv4-network>192.168.2.2/32</source-ipv4-network>
- <source-mac-address>aa:aa:aa:aa:aa:aa</source-mac-address>
- <source-mac-address-mask>ff:00:00:00:00:00</source-mac-address-mask>
- </vpp-macip-ace-nodes>
+ </ipv4>
</matches>
<actions>
- <permit/>
+ <forwarding>accept</forwarding>
</actions>
</ace>
- </access-list-entries>
+ </aces>
+ <type xmlns:x="http://fd.io/hc2vpp/yang/vpp/acl">x:vpp-acl</type>
</acl>
<acl>
- <acl-name>icmp-v6-acl</acl-name>
- <acl-type xmlns:x="urn:opendaylight:params:xml:ns:yang:vpp:acl">x:vpp-acl</acl-type>
- <access-list-entries>
+ <name>icmp-v6-acl</name>
+ <aces>
<ace>
- <rule-name>imcp-v6-rule</rule-name>
+ <name>imcp-v6-rule</name>
<matches>
- <vpp-ace-nodes xmlns="urn:opendaylight:params:xml:ns:yang:vpp:acl">
- <destination-ipv6-network>2001:0db8:0a0b:12f0:0000:0000:0000:0001/64</destination-ipv6-network>
- <source-ipv6-network>2001:0db8:0a0b:12f0:0000:0000:0000:0002/48</source-ipv6-network>
- <icmp-v6-nodes>
+ <icmp>
+ <vpp-icmp-ace xmlns="http://fd.io/hc2vpp/yang/vpp/acl">
<icmp-type-range>
<last>8</last>
<first>5</first>
@@ -94,84 +88,77 @@
<last>3</last>
<first>1</first>
</icmp-code-range>
- </icmp-v6-nodes>
- </vpp-ace-nodes>
+ </vpp-icmp-ace>
+ </icmp>
+ <ipv6>
+ <destination-ipv6-network>2001:0db8:0a0b:12f0:0000:0000:0000:0001/64</destination-ipv6-network>
+ <source-ipv6-network>2001:0db8:0a0b:12f0:0000:0000:0000:0002/48</source-ipv6-network>
+ </ipv6>
</matches>
<actions>
- <permit/>
+ <forwarding>accept</forwarding>
</actions>
</ace>
- </access-list-entries>
+ </aces>
+ <type xmlns:x="http://fd.io/hc2vpp/yang/vpp/acl">x:vpp-acl</type>
</acl>
<acl>
- <acl-name>udp-acl</acl-name>
- <acl-type xmlns:x="urn:opendaylight:params:xml:ns:yang:vpp:acl">x:vpp-acl</acl-type>
- <access-list-entries>
+ <name>macip-acl</name>
+ <aces>
<ace>
- <rule-name>udp-rule</rule-name>
+ <name>macip-rule</name>
<matches>
- <vpp-ace-nodes xmlns="urn:opendaylight:params:xml:ns:yang:vpp:acl">
- <destination-ipv4-network>192.168.2.1/24</destination-ipv4-network>
+ <eth>
+ <source-mac-address-mask>ff:00:00:00:00:00</source-mac-address-mask>
+ <source-mac-address>aa:aa:aa:aa:aa:aa</source-mac-address>
+ </eth>
+ <ipv4>
<source-ipv4-network>192.168.2.2/32</source-ipv4-network>
- <udp-nodes>
- <source-port-range>
- <upper-port>5487</upper-port>
- <lower-port>1</lower-port>
- </source-port-range>
- <destination-port-range>
- <upper-port>6745</upper-port>
- <lower-port>87</lower-port>
- </destination-port-range>
- </udp-nodes>
- </vpp-ace-nodes>
+ </ipv4>
</matches>
<actions>
- <permit/>
+ <forwarding>accept</forwarding>
</actions>
</ace>
- </access-list-entries>
+ </aces>
+ <type xmlns:x="http://fd.io/hc2vpp/yang/vpp/acl">x:vpp-macip-acl</type>
</acl>
<acl>
- <acl-name>tcp-acl</acl-name>
- <acl-type xmlns:x="urn:opendaylight:params:xml:ns:yang:vpp:acl">x:vpp-acl</acl-type>
- <access-list-entries>
+ <name>udp-acl</name>
+ <aces>
<ace>
- <rule-name>tcp-rule</rule-name>
+ <name>udp-rule</name>
<matches>
- <vpp-ace-nodes xmlns="urn:opendaylight:params:xml:ns:yang:vpp:acl">
+ <udp>
+ <source-port>
+ <lower-port>1</lower-port>
+ <upper-port>5487</upper-port>
+ </source-port>
+ <destination-port>
+ <lower-port>87</lower-port>
+ <upper-port>6745</upper-port>
+ </destination-port>
+ </udp>
+ <ipv4>
<destination-ipv4-network>192.168.2.1/24</destination-ipv4-network>
<source-ipv4-network>192.168.2.2/32</source-ipv4-network>
- <tcp-nodes>
- <source-port-range>
- <upper-port>5487</upper-port>
- <lower-port>1</lower-port>
- </source-port-range>
- <destination-port-range>
- <upper-port>6745</upper-port>
- <lower-port>87</lower-port>
- </destination-port-range>
- <tcp-flags-mask>1</tcp-flags-mask>
- <tcp-flags-value>7</tcp-flags-value>
- </tcp-nodes>
- </vpp-ace-nodes>
+ </ipv4>
</matches>
<actions>
- <permit/>
+ <forwarding>accept</forwarding>
</actions>
</ace>
- </access-list-entries>
+ </aces>
+ <type xmlns:x="http://fd.io/hc2vpp/yang/vpp/acl">x:vpp-acl</type>
</acl>
<acl>
- <acl-name>icmp-acl</acl-name>
- <acl-type xmlns:x="urn:opendaylight:params:xml:ns:yang:vpp:acl">x:vpp-acl</acl-type>
- <access-list-entries>
+ <name>icmp-acl</name>
+ <aces>
<ace>
- <rule-name>imcp-rule</rule-name>
+ <name>imcp-rule</name>
<matches>
- <vpp-ace-nodes xmlns="urn:opendaylight:params:xml:ns:yang:vpp:acl">
- <destination-ipv4-network>192.168.2.1/24</destination-ipv4-network>
- <source-ipv4-network>192.168.2.2/32</source-ipv4-network>
- <icmp-nodes>
+ <icmp>
+ <vpp-icmp-ace xmlns="http://fd.io/hc2vpp/yang/vpp/acl">
<icmp-type-range>
<last>8</last>
<first>5</first>
@@ -180,14 +167,37 @@
<last>3</last>
<first>1</first>
</icmp-code-range>
- </icmp-nodes>
- </vpp-ace-nodes>
+ </vpp-icmp-ace>
+ </icmp>
+ <ipv4>
+ <destination-ipv4-network>192.168.2.1/24</destination-ipv4-network>
+ <source-ipv4-network>192.168.2.2/32</source-ipv4-network>
+ </ipv4>
</matches>
<actions>
- <permit/>
+ <forwarding>accept</forwarding>
</actions>
</ace>
- </access-list-entries>
+ </aces>
+ <type xmlns:x="http://fd.io/hc2vpp/yang/vpp/acl">x:vpp-acl</type>
</acl>
- </access-lists>
+ <attachment-points>
+ <interface>
+ <interface-id>local0</interface-id>
+ <ingress>
+ <acl-sets>
+ <acl-set>
+ <name>tcp-acl</name>
+ </acl-set>
+ <acl-set>
+ <name>udp-acl</name>
+ </acl-set>
+ <acl-set>
+ <name>macip-acl</name>
+ </acl-set>
+ </acl-sets>
+ </ingress>
+ </interface>
+ </attachment-points>
+ </acls>
</data>
diff --git a/examples/ncclient/acl/expected_config_acl_update.xml b/examples/ncclient/acl/expected_config_acl_update.xml
index eefef19a5..71013b5f0 100644
--- a/examples/ncclient/acl/expected_config_acl_update.xml
+++ b/examples/ncclient/acl/expected_config_acl_update.xml
@@ -33,188 +33,64 @@
<interface>
<name>loop1</name>
<description>for testing purposes</description>
- <type xmlns:x="urn:opendaylight:params:xml:ns:yang:v3po">x:loopback</type>
- <loopback xmlns="urn:opendaylight:params:xml:ns:yang:v3po">
+ <type xmlns:x="http://fd.io/hc2vpp/yang/v3po">x:loopback</type>
+ <loopback xmlns="http://fd.io/hc2vpp/yang/v3po">
<mac>00:ff:ff:ff:ff:ff</mac>
</loopback>
- <acl xmlns="urn:opendaylight:params:xml:ns:yang:interface:acl">
- <ingress>
- <vpp-macip-acl>
- <type xmlns:x="urn:opendaylight:params:xml:ns:yang:vpp:acl">x:vpp-macip-acl</type>
- <name>macip-acl</name>
- </vpp-macip-acl>
- </ingress>
- </acl>
</interface>
<interface>
<name>loop2</name>
<description>for testing purposes</description>
- <type xmlns:x="urn:opendaylight:params:xml:ns:yang:v3po">x:loopback</type>
- <loopback xmlns="urn:opendaylight:params:xml:ns:yang:v3po">
+ <type xmlns:x="http://fd.io/hc2vpp/yang/v3po">x:loopback</type>
+ <loopback xmlns="http://fd.io/hc2vpp/yang/v3po">
<mac>aa:ff:ff:ff:ff:ff</mac>
</loopback>
- <acl xmlns="urn:opendaylight:params:xml:ns:yang:interface:acl">
- <ingress>
- <vpp-acls>
- <type xmlns:x="urn:opendaylight:params:xml:ns:yang:vpp:acl">x:vpp-acl</type>
- <name>tcp-acl2</name>
- </vpp-acls>
- <vpp-acls>
- <type xmlns:x="urn:opendaylight:params:xml:ns:yang:vpp:acl">x:vpp-acl</type>
- <name>udp-acl</name>
- </vpp-acls>
- </ingress>
- </acl>
</interface>
</interfaces>
- <access-lists xmlns="urn:ietf:params:xml:ns:yang:ietf-access-control-list">
- <acl>
- <acl-name>macip-acl</acl-name>
- <acl-type xmlns:x="urn:opendaylight:params:xml:ns:yang:vpp:acl">x:vpp-macip-acl</acl-type>
- <access-list-entries>
- <ace>
- <rule-name>macip-rule</rule-name>
- <matches>
- <vpp-macip-ace-nodes xmlns="urn:opendaylight:params:xml:ns:yang:vpp:acl">
- <source-ipv4-network>192.168.2.2/32</source-ipv4-network>
- <source-mac-address>aa:aa:aa:aa:aa:aa</source-mac-address>
- <source-mac-address-mask>ff:00:00:00:00:00</source-mac-address-mask>
- </vpp-macip-ace-nodes>
- </matches>
- <actions>
- <permit/>
- </actions>
- </ace>
- </access-list-entries>
- </acl>
+ <acls xmlns="urn:ietf:params:xml:ns:yang:ietf-access-control-list">
<acl>
- <acl-name>icmp-v6-acl</acl-name>
- <acl-type xmlns:x="urn:opendaylight:params:xml:ns:yang:vpp:acl">x:vpp-acl</acl-type>
- <access-list-entries>
+ <name>tcp-acl</name>
+ <aces>
<ace>
- <rule-name>imcp-v6-rule</rule-name>
+ <name>tcp-rule</name>
<matches>
- <vpp-ace-nodes xmlns="urn:opendaylight:params:xml:ns:yang:vpp:acl">
- <destination-ipv6-network>2001:0db8:0a0b:12f0:0000:0000:0000:0001/64
- </destination-ipv6-network>
- <source-ipv6-network>2001:0db8:0a0b:12f0:0000:0000:0000:0002/48</source-ipv6-network>
- <icmp-v6-nodes>
- <icmp-type-range>
- <last>8</last>
- <first>5</first>
- </icmp-type-range>
- <icmp-code-range>
- <last>3</last>
- <first>1</first>
- </icmp-code-range>
- </icmp-v6-nodes>
- </vpp-ace-nodes>
- </matches>
- <actions>
- <permit/>
- </actions>
- </ace>
- </access-list-entries>
- </acl>
- <acl>
- <acl-name>udp-acl</acl-name>
- <acl-type xmlns:x="urn:opendaylight:params:xml:ns:yang:vpp:acl">x:vpp-acl</acl-type>
- <access-list-entries>
- <ace>
- <rule-name>udp-rule</rule-name>
- <matches>
- <vpp-ace-nodes xmlns="urn:opendaylight:params:xml:ns:yang:vpp:acl">
+ <tcp>
+ <vpp-tcp-ace xmlns="http://fd.io/hc2vpp/yang/vpp/acl">
+ <flags-mask>cwr</flags-mask>
+ </vpp-tcp-ace>
+ <source-port>
+ <lower-port>1</lower-port>
+ <upper-port>5487</upper-port>
+ </source-port>
+ <destination-port>
+ <lower-port>87</lower-port>
+ <upper-port>6745</upper-port>
+ </destination-port>
+ <flags>cwr ece urg</flags>
+ </tcp>
+ <ipv4>
<destination-ipv4-network>192.168.2.1/24</destination-ipv4-network>
<source-ipv4-network>192.168.2.2/32</source-ipv4-network>
- <udp-nodes>
- <source-port-range>
- <upper-port>5486</upper-port>
- <lower-port>11</lower-port>
- </source-port-range>
- </udp-nodes>
- </vpp-ace-nodes>
+ </ipv4>
</matches>
<actions>
- <permit/>
+ <forwarding>accept</forwarding>
</actions>
</ace>
- </access-list-entries>
+ </aces>
+ <type xmlns:x="http://fd.io/hc2vpp/yang/vpp/acl">x:vpp-acl</type>
</acl>
- <acl>
- <acl-name>tcp-acl2</acl-name>
- <acl-type xmlns:x="urn:opendaylight:params:xml:ns:yang:vpp:acl">x:vpp-acl</acl-type>
- <access-list-entries>
- <ace>
- <rule-name>tcp-rule</rule-name>
- <matches>
- <vpp-ace-nodes xmlns="urn:opendaylight:params:xml:ns:yang:vpp:acl">
- <destination-ipv4-network>192.168.2.1/24</destination-ipv4-network>
- <source-ipv4-network>192.168.2.2/32</source-ipv4-network>
- <tcp-nodes>
- <source-port-range>
- <upper-port>5487</upper-port>
- <lower-port>1</lower-port>
- </source-port-range>
- <destination-port-range>
- <upper-port>6745</upper-port>
- <lower-port>87</lower-port>
- </destination-port-range>
- <tcp-flags-mask>1</tcp-flags-mask>
- <tcp-flags-value>7</tcp-flags-value>
- </tcp-nodes>
- </vpp-ace-nodes>
- </matches>
- <actions>
- <permit/>
- </actions>
- </ace>
- </access-list-entries>
- </acl>
- <acl>
- <acl-name>icmp-acl</acl-name>
- <acl-type xmlns:x="urn:opendaylight:params:xml:ns:yang:vpp:acl">x:vpp-acl</acl-type>
- <access-list-entries>
- <ace>
- <rule-name>renamed-imcp-rule</rule-name>
- <matches>
- <vpp-ace-nodes xmlns="urn:opendaylight:params:xml:ns:yang:vpp:acl">
- <destination-ipv4-network>192.168.2.1/24</destination-ipv4-network>
- <source-ipv4-network>192.168.2.2/32</source-ipv4-network>
- <icmp-nodes>
- <icmp-type-range>
- <last>8</last>
- <first>5</first>
- </icmp-type-range>
- <icmp-code-range>
- <last>3</last>
- <first>1</first>
- </icmp-code-range>
- </icmp-nodes>
- </vpp-ace-nodes>
- </matches>
- <actions>
- <permit/>
- </actions>
- </ace>
- <ace>
- <rule-name>new-icmp-rule</rule-name>
- <matches>
- <vpp-ace-nodes xmlns="urn:opendaylight:params:xml:ns:yang:vpp:acl">
- <destination-ipv4-network>10.1.1.1/24</destination-ipv4-network>
- <source-ipv4-network>10.2.2.2/32</source-ipv4-network>
- <icmp-nodes>
- <icmp-type-range>
- <first>4</first>
- <last>9</last>
- </icmp-type-range>
- </icmp-nodes>
- </vpp-ace-nodes>
- </matches>
- <actions>
- <permit/>
- </actions>
- </ace>
- </access-list-entries>
- </acl>
- </access-lists>
+ <attachment-points>
+ <interface>
+ <interface-id>loop2</interface-id>
+ <ingress>
+ <acl-sets>
+ <acl-set>
+ <name>tcp-acl</name>
+ </acl-set>
+ </acl-sets>
+ </ingress>
+ </interface>
+ </attachment-points>
+ </acls>
</data>
diff --git a/examples/ncclient/acl/test_acl.sh b/examples/ncclient/acl/test_acl.sh
index e55296ebd..f9610695c 100755
--- a/examples/ncclient/acl/test_acl.sh
+++ b/examples/ncclient/acl/test_acl.sh
@@ -15,4 +15,4 @@
DIR_NAME=$(dirname $0)
-${DIR_NAME}/../test_copy_config.sh ${DIR_NAME}/config_acl.xml ${DIR_NAME}/expected_config_acl.xml
+${DIR_NAME}/../test_copy_config.sh ${DIR_NAME}/config_acl.xml ${DIR_NAME}/expected_config_acl.xml *
diff --git a/examples/ncclient/acl/test_acl_update.sh b/examples/ncclient/acl/test_acl_update.sh
index cb62c183e..2a266dbb7 100755
--- a/examples/ncclient/acl/test_acl_update.sh
+++ b/examples/ncclient/acl/test_acl_update.sh
@@ -15,6 +15,6 @@
DIR_NAME=$(dirname $0)
-${DIR_NAME}/../test_copy_config.sh ${DIR_NAME}/config_acl.xml ${DIR_NAME}/expected_config_acl.xml
+${DIR_NAME}/../test_copy_config.sh ${DIR_NAME}/config_acl.xml ${DIR_NAME}/expected_config_acl.xml *
-${DIR_NAME}/../test_copy_config.sh ${DIR_NAME}/config_acl_update.xml ${DIR_NAME}/expected_config_acl_update.xml
+${DIR_NAME}/../test_copy_config.sh ${DIR_NAME}/config_acl_update.xml ${DIR_NAME}/expected_config_acl_update.xml *