summaryrefslogtreecommitdiffstats
path: root/acl
AgeCommit message (Collapse)AuthorFilesLines
2017-03-08HC2VPP-91: fix acl orderingMarek Gradzki4-18/+18
Acl assignment should be added after interface creation (and removed in reverse order). Change-Id: Ieb915b8909ce39549e6f8312a92e065d59303e8d Signed-off-by: Marek Gradzki <mgradzki@cisco.com>
2017-02-21Fixed parents for acl/dhcp aggregator modulesJan Srnicek1-2/+2
Change-Id: I2231d16434ec769891069d66c92bd7cb7891a447 Signed-off-by: Jan Srnicek <jsrnicek@cisco.com>
2017-02-07Fixed use of structural readers in testsJan Srnicek1-13/+16
ioam plugin disabled till ioam team provides fix for HC2VPP-63 Change-Id: Ibf4970283c4dfefabc73634e522786d74ad32889 Signed-off-by: Jan Srnicek <jsrnicek@cisco.com>
2017-01-26Fix mac-ip acl assignment readMarek Gradzki7-48/+345
Now unassigned acls are filtered out. As a bonus acl plugin coverage was raised above 80%. Change-Id: Ia71be2086d0baadfbffc1f1263bab67f555c0687 Signed-off-by: Marek Gradzki <mgradzki@cisco.com>
2017-01-18HONEYCOMB-330: fix acl tag handlingMarek Gradzki14-45/+59
Acl tag in vpp's acl plugin is an ascii tag, so it should not be handled as hex string. Change-Id: I801d5b72a4c20f78246288ea63d914b0b9f3564b Signed-off-by: Marek Gradzki <mgradzki@cisco.com>
2017-01-16HC2VPP-38 / HONEYCOMB-336 - removed mandatory from ace-ip-versionJan Srnicek8-49/+656
Removed mandatory statements Fixed multiple NPE Change-Id: I30af417b0594d9634a9352f7721285257fbcee1e Signed-off-by: Jan Srnicek <jsrnicek@cisco.com>
2017-01-11Bump of jvpp version to 17.04Jan Srnicek1-1/+1
Depends on https://gerrit.fd.io/r/#/c/4632/ Nsh stays on 17.01, till owner provides higher version Change-Id: I1f51699b6809d30dd0272301ebb1074a42863618 Signed-off-by: Jan Srnicek <jsrnicek@cisco.com>
2017-01-11Fix NPE in L3 rulesMarek Gradzki5-17/+130
Patch introduces proper handling for IP adresses, which are optional. Change-Id: Ib009207b4b241d3e2b8c665a35bb1ff87b4a12ac Signed-off-by: Marek Gradzki <mgradzki@cisco.com> (cherry picked from commit e0b4359b39acfe8a583089117a0c2485b85ff7e4)
2017-01-10Fixing NPE in TCP/UDP L4 rulesMarek Gradzki3-17/+106
Change-Id: Iae90f081c0add7ad9f6dd22229df683c6d395e78 Signed-off-by: Tomas Cechvala <tcechval@cisco.com> Signed-off-by: Marek Gradzki <mgradzki@cisco.com>
2017-01-10HC2VPP-31: fix vpp-ace translation with no protocol setMarek Gradzki4-2/+46
Change-Id: I9d319ae3d04d90c7652828b0cb382ad142f9d2b6 Signed-off-by: Marek Gradzki <mgradzki@cisco.com> (cherry picked from commit 1b7a019ae9ceeddee496b20f83c095ffcb87b6c2)
2017-01-05Bump hc2vpp versoin to 17.04Marek Gradzki3-6/+6
Also updates version of honeycomb dependencies. Vpp API version bump moved to separate commit due to issues with jvpp jars. Change-Id: Id336393b00fe05e8ecee9b547dcfc6a49e1a98ec Signed-off-by: Marek Gradzki <mgradzki@cisco.com>
2017-01-04HONEYCOMB-310: readers&initializers for vpp and macip aclsMarek Gradzki30-155/+1122
Change-Id: I8892479123091e43bf191c544b6628d6254be564 Signed-off-by: Marek Gradzki <mgradzki@cisco.com>
2016-12-23HONEYCOMB-310: initializers for interface acl assignmentMarek Gradzki7-13/+109
Change-Id: I6dcc1ef1abc9d314906d6d4fcc746dcfd28ec5fc Signed-off-by: Marek Gradzki <mgradzki@cisco.com>
2016-12-22Fix non existing tag handling for mac-ip customizerMarek Gradzki3-21/+134
Change-Id: I717ea660a773cfd3b56010dbfe1e5691bde32de8 Signed-off-by: Marek Gradzki <mgradzki@cisco.com>
2016-12-22Fix ingress/egress acl assignment readMarek Gradzki9-230/+364
Ingress and egress acls are not anymore mixed on the same list when reading interface state Change-Id: I2f775db4482e61593aa9689afcb687f7db7b4e73 Signed-off-by: Marek Gradzki <mgradzki@cisco.com>
2016-12-21Fix interface read when alcs are not configuredMarek Gradzki4-2/+218
Change-Id: Id780d9f503901d551f5a9d5693ca0a28cf596a5c Signed-off-by: Marek Gradzki <mgradzki@cisco.com>
2016-12-20HONEYCOMB-310: postman collection for acl pluginMarek Gradzki1-0/+223
Change-Id: I4eb0c7df35577488259e48da7b32ae0a6c47de56 Signed-off-by: Marek Gradzki <mgradzki@cisco.com>
2016-12-20HONEYCOMB-310: translation layer for acl pluginJan Srnicek41-0/+3563
Not covered by this patch (moved to subsequent commits): - postman collection - distinguish ingress/egress ACLs while reading assigned acls - proper support for acl tag - unit tests improvements - read for acls (not necessarily assigned) - initializers Change-Id: I5a198ce1a6e20d0b1d95b4d2d83d0464fb86580c Signed-off-by: Jan Srnicek <jsrnicek@cisco.com> Signed-off-by: Marek Gradzki <mgradzki@cisco.com>
2016-12-16HONEYCOMB-321 - Acl model fix to not break yang specificationJan Srnicek1-27/+41
Prevents breaking 7.9.2. The choice's case Statement from Yang RFC Change-Id: I1895afbdd6c2209262575925463dcfde7d2c649d Signed-off-by: Jan Srnicek <jsrnicek@cisco.com>
2016-12-14Acl model improvementsJan Srnicek1-5/+16
Adds case to cover other protocol numbers Adds constraint to not allow stateless mac-ip acl's Change-Id: I9feeba5ac6b6480282cac62e5479c433c92c8d99 Signed-off-by: Jan Srnicek <jsrnicek@cisco.com>
2016-12-09Allow setting icmp code range for alc'sJan Srnicek1-16/+25
Change-Id: I712f25f70f1a6186b9fe888f7a560616cfd9aeb6 Signed-off-by: Jan Srnicek <jsrnicek@cisco.com>
2016-12-08HONEYCOMB-304: yang model for the acl pluginMarek Gradzki6-0/+423
Change-Id: Ic5d11961d5e620d171cd6e320879fd3de507b055 Signed-off-by: Marek Gradzki <mgradzki@cisco.com> Signed-off-by: Jan Srnicek <jsrnicek@cisco.com>