From bf1d5db448edc1ae352960f14bca9ccb41612186 Mon Sep 17 00:00:00 2001 From: Jan Srnicek Date: Wed, 8 Mar 2017 14:01:34 +0100 Subject: HC2VPP-7 - split vpp-classifiers to separate module Split vpp-classifiers and vpp-classifiers acls' to separate modules. Contains TODO's for future change of dependencies Change-Id: I94f92ce2ec8960c67bd406f085f2fe928079ee23 Signed-off-by: Jan Srnicek --- .../classifier/rev161214/OpaqueIndexBuilder.java | 39 ---- .../vpp/classifier/rev161214/VppNodeBuilder.java | 40 ---- .../src/main/yang/ietf-access-control-list.yang | 208 -------------------- v3po/api/src/main/yang/ietf-packet-fields.yang | 180 ----------------- v3po/api/src/main/yang/v3po.yang | 39 ---- v3po/api/src/main/yang/vpp-classfier-acl.yang | 163 ---------------- v3po/api/src/main/yang/vpp-classifier-context.yang | 68 ------- v3po/api/src/main/yang/vpp-classifier.yang | 215 --------------------- v3po/api/src/main/yang/vpp-vlan.yang | 21 -- 9 files changed, 973 deletions(-) delete mode 100644 v3po/api/src/main/java/org/opendaylight/yang/gen/v1/urn/opendaylight/params/xml/ns/yang/vpp/classifier/rev161214/OpaqueIndexBuilder.java delete mode 100644 v3po/api/src/main/java/org/opendaylight/yang/gen/v1/urn/opendaylight/params/xml/ns/yang/vpp/classifier/rev161214/VppNodeBuilder.java delete mode 100644 v3po/api/src/main/yang/ietf-access-control-list.yang delete mode 100644 v3po/api/src/main/yang/ietf-packet-fields.yang delete mode 100644 v3po/api/src/main/yang/vpp-classfier-acl.yang delete mode 100644 v3po/api/src/main/yang/vpp-classifier-context.yang delete mode 100644 v3po/api/src/main/yang/vpp-classifier.yang (limited to 'v3po/api') diff --git a/v3po/api/src/main/java/org/opendaylight/yang/gen/v1/urn/opendaylight/params/xml/ns/yang/vpp/classifier/rev161214/OpaqueIndexBuilder.java b/v3po/api/src/main/java/org/opendaylight/yang/gen/v1/urn/opendaylight/params/xml/ns/yang/vpp/classifier/rev161214/OpaqueIndexBuilder.java deleted file mode 100644 index d633dc61c..000000000 --- a/v3po/api/src/main/java/org/opendaylight/yang/gen/v1/urn/opendaylight/params/xml/ns/yang/vpp/classifier/rev161214/OpaqueIndexBuilder.java +++ /dev/null @@ -1,39 +0,0 @@ -/* - * Copyright (c) 2017 Cisco and/or its affiliates. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at: - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.classifier.rev161214; - -/** - * The purpose of generated class in src/main/java for Union types is to create new instances of unions from a string representation. - * In some cases it is very difficult to automate it since there can be unions such as (uint32 - uint16), or (string - uint32). - * - * The reason behind putting it under src/main/java is: - * This class is generated in form of a stub and needs to be finished by the user. This class is generated only once to prevent - * loss of user code. - * - */ -public class OpaqueIndexBuilder { - - public static OpaqueIndex getDefaultInstance(java.lang.String defaultValue) { - try { - final long value = Long.parseLong(defaultValue); // u32 value - return new OpaqueIndex(value); - } catch (NumberFormatException e) { - return new OpaqueIndex(VppNodeBuilder.getDefaultInstance(defaultValue)); - } - } - -} diff --git a/v3po/api/src/main/java/org/opendaylight/yang/gen/v1/urn/opendaylight/params/xml/ns/yang/vpp/classifier/rev161214/VppNodeBuilder.java b/v3po/api/src/main/java/org/opendaylight/yang/gen/v1/urn/opendaylight/params/xml/ns/yang/vpp/classifier/rev161214/VppNodeBuilder.java deleted file mode 100644 index ad124ab85..000000000 --- a/v3po/api/src/main/java/org/opendaylight/yang/gen/v1/urn/opendaylight/params/xml/ns/yang/vpp/classifier/rev161214/VppNodeBuilder.java +++ /dev/null @@ -1,40 +0,0 @@ -/* - * Copyright (c) 2017 Cisco and/or its affiliates. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at: - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.classifier.rev161214; - -/** - * The purpose of generated class in src/main/java for Union types is to create new instances of unions from a string representation. - * In some cases it is very difficult to automate it since there can be unions such as (uint32 - uint16), or (string - uint32). - * - * The reason behind putting it under src/main/java is: - * This class is generated in form of a stub and needs to be finished by the user. This class is generated only once to prevent - * loss of user code. - * - */ -public class VppNodeBuilder { - - public static VppNode getDefaultInstance(java.lang.String defaultValue) { - if (PacketHandlingAction.Deny.toString().equalsIgnoreCase(defaultValue)) { - return new VppNode(PacketHandlingAction.Deny); - } else if (PacketHandlingAction.Permit.toString().equalsIgnoreCase(defaultValue)) { - return new VppNode(PacketHandlingAction.Permit); - } else { - return new VppNode(new VppNodeName(defaultValue)); - } - } - -} diff --git a/v3po/api/src/main/yang/ietf-access-control-list.yang b/v3po/api/src/main/yang/ietf-access-control-list.yang deleted file mode 100644 index 3083ee2a0..000000000 --- a/v3po/api/src/main/yang/ietf-access-control-list.yang +++ /dev/null @@ -1,208 +0,0 @@ -module ietf-access-control-list { - yang-version 1.1; - namespace "urn:ietf:params:xml:ns:yang:ietf-access-control-list"; - prefix acl; - import ietf-yang-types { - prefix yang; - } - import ietf-packet-fields { - prefix packet-fields; - } - organization "IETF NETMOD (NETCONF Data Modeling Language) - Working Group"; - contact - "WG Web: http://tools.ietf.org/wg/netmod/ - WG List: netmod@ietf.org - WG Chair: Juergen Schoenwaelder - j.schoenwaelder@jacobs-university.de - WG Chair: Tom Nadeau - tnadeau@lucidvision.com - Editor: Dean Bogdanovic - ivandean@gmail.com - Editor: Kiran Agrahara Sreenivasa - kkoushik@cisco.com - Editor: Lisa Huang - lyihuang16@gmail.com - Editor: Dana Blair - dblair@cisco.com"; - description - "This YANG module defines a component that describing the - configuration of Access Control Lists (ACLs). - Copyright (c) 2015 IETF Trust and the persons identified as - the document authors. All rights reserved. - Redistribution and use in source and binary forms, with or - without modification, is permitted pursuant to, and subject - to the license terms contained in, the Simplified BSD - License set forth in Section 4.c of the IETF Trust's Legal - Provisions Relating to IETF Documents - (http://trustee.ietf.org/license-info). - This version of this YANG module is part of RFC XXXX; see - the RFC itself for full legal notices."; - revision 2016-07-08 { - description - "Base model for Network Access Control List (ACL)."; - reference - "RFC XXXX: Network Access Control List (ACL) - YANG Data Model"; - } - identity acl-base { - description - "Base Access Control List type for all Access Control List type - identifiers."; - } - identity ipv4-acl { - base acl:acl-base; - description - "ACL that primarily matches on fields from the IPv4 header - (e.g. IPv4 destination address) and layer 4 headers (e.g. TCP - destination port). An acl of type ipv4-acl does not contain - matches on fields in the ethernet header or the IPv6 header."; - } - identity ipv6-acl { - base acl:acl-base; - description - "ACL that primarily matches on fields from the IPv6 header - (e.g. IPv6 destination address) and layer 4 headers (e.g. TCP - destination port). An acl of type ipv6-acl does not contain - matches on fields in the ethernet header or the IPv4 header."; - } - identity eth-acl { - base acl:acl-base; - description - "ACL that primarily matches on fields in the ethernet header, - like 10/100/1000baseT or WiFi Access Control List. An acl of - type eth-acl does not contain matches on fields in the IPv4 - header, IPv6 header or layer 4 headers."; - } - typedef acl-type { - type identityref { - base acl:acl-base; - } - description - "This type is used to refer to an Access Control List - (ACL) type"; - } - typedef access-control-list-ref { - type leafref { - path "/access-lists/acl/acl-name"; - } - description - "This type is used by data models that need to reference an - Access Control List"; - } - container access-lists { - description - "This is a top level container for Access Control Lists. - It can have one or more Access Control Lists."; - list acl { - key "acl-type acl-name"; - description - "An Access Control List(ACL) is an ordered list of - Access List Entries (ACE). Each Access Control Entry has a - list of match criteria and a list of actions. - Since there are several kinds of Access Control Lists - implemented with different attributes for - different vendors, this - model accommodates customizing Access Control Lists for - each kind and for each vendor."; - leaf acl-name { - type string; - description - "The name of access-list. A device MAY restrict the length - and value of this name, possibly space and special - characters are not allowed."; - } - leaf acl-type { - type acl-type; - description - "Type of access control list. Indicates the primary intended - type of match criteria (e.g. ethernet, IPv4, IPv6, mixed, etc) - used in the list instance."; - } - container acl-oper-data { - config false; - description - "Overall Access Control List operational data"; - } - container access-list-entries { - description - "The access-list-entries container contains - a list of access-list-entries(ACE)."; - list ace { - key "rule-name"; - ordered-by user; - description - "List of access list entries(ACE)"; - leaf rule-name { - type string; - description - "A unique name identifying this Access List - Entry(ACE)."; - } - container matches { - description - "Definitions for match criteria for this Access List - Entry."; - choice ace-type { - description - "Type of access list entry."; - case ace-ip { - description "IP Access List Entry."; - choice ace-ip-version { - description - "IP version used in this Access List Entry."; - case ace-ipv4 { - uses packet-fields:acl-ipv4-header-fields; - } - case ace-ipv6 { - uses packet-fields:acl-ipv6-header-fields; - } - } - uses packet-fields:acl-ip-header-fields; - } - case ace-eth { - description - "Ethernet Access List entry."; - uses packet-fields:acl-eth-header-fields; - } - } - } - container actions { - description - "Definitions of action criteria for this Access List - Entry."; - choice packet-handling { - default "deny"; - description - "Packet handling action."; - case deny { - leaf deny { - type empty; - description - "Deny action."; - } - } - case permit { - leaf permit { - type empty; - description - "Permit action."; - } - } - } - } - container ace-oper-data { - config false; - description - "Operational data for this Access List Entry."; - leaf match-counter { - type yang:counter64; - description - "Number of matches for this Access List Entry"; - } - } - } - } - } - } -} diff --git a/v3po/api/src/main/yang/ietf-packet-fields.yang b/v3po/api/src/main/yang/ietf-packet-fields.yang deleted file mode 100644 index 0b1ce5cdd..000000000 --- a/v3po/api/src/main/yang/ietf-packet-fields.yang +++ /dev/null @@ -1,180 +0,0 @@ -module ietf-packet-fields { - yang-version 1.1; - namespace "urn:ietf:params:xml:ns:yang:ietf-packet-fields"; - prefix packet-fields; - import ietf-inet-types { - prefix inet; - } - import ietf-yang-types { - prefix yang; - } - organization "IETF NETMOD (NETCONF Data Modeling Language) Working - Group"; - contact - "WG Web: http://tools.ietf.org/wg/netmod/ - WG List: netmod@ietf.org - WG Chair: Juergen Schoenwaelder - j.schoenwaelder@jacobs-university.de - WG Chair: Tom Nadeau - tnadeau@lucidvision.com - Editor: Dean Bogdanovic - deanb@juniper.net - Editor: Kiran Agrahara Sreenivasa - kkoushik@cisco.com - Editor: Lisa Huang - lyihuang16@gmail.com - Editor: Dana Blair - dblair@cisco.com"; - description - "This YANG module defines groupings that are used by - ietf-access-control-list YANG module. Their usage is not - limited to ietf-access-control-list and can be - used anywhere as applicable. - Copyright (c) 2015 IETF Trust and the persons identified as - the document authors. All rights reserved. - Redistribution and use in source and binary forms, with or - without modification, is permitted pursuant to, and subject - to the license terms contained in, the Simplified BSD - License set forth in Section 4.c of the IETF Trust's Legal - Provisions Relating to IETF Documents - (http://trustee.ietf.org/license-info). - This version of this YANG module is part of RFC XXXX; see - the RFC itself for full legal notices."; - revision 2016-07-08 { - description - "Initial version of packet fields used by - ietf-access-control-list"; - reference - "RFC XXXX: Network Access Control List (ACL) - YANG Data Model"; - } - grouping acl-transport-header-fields { - description - "Transport header fields"; - container source-port-range { - presence "Enables setting source port range"; - description - "Inclusive range representing source ports to be used. - When only lower-port is present, it represents a single port."; - leaf lower-port { - type inet:port-number; - mandatory true; - description - "Lower boundary for port."; - } - leaf upper-port { - type inet:port-number; - must ". >= ../lower-port" { - error-message - "The upper-port must be greater than or equal to lower-port"; - } - description - "Upper boundary for port . If existing, the upper port - must be greater or equal to lower-port."; - } - } - container destination-port-range { - presence "Enables setting destination port range"; - description - "Inclusive range representing destination ports to be used. When - only lower-port is present, it represents a single port."; - leaf lower-port { - type inet:port-number; - mandatory true; - description - "Lower boundary for port."; - } - leaf upper-port { - type inet:port-number; - must ". >= ../lower-port" { - error-message - "The upper-port must be greater than or equal to lower-port"; - } - - description - "Upper boundary for port. If existing, the upper port must - be greater or equal to lower-port"; - } - } - } - grouping acl-ip-header-fields { - description - "IP header fields common to ipv4 and ipv6"; - leaf dscp { - type inet:dscp; - description - "Value of dscp."; - } - leaf protocol { - type uint8; - description - "Internet Protocol number."; - } - uses acl-transport-header-fields; - } - grouping acl-ipv4-header-fields { - description - "Fields in IPv4 header."; - leaf destination-ipv4-network { - type inet:ipv4-prefix; - description - "Destination IPv4 address prefix."; - } - leaf source-ipv4-network { - type inet:ipv4-prefix; - description - "Source IPv4 address prefix."; - } - } - grouping acl-ipv6-header-fields { - description - "Fields in IPv6 header"; - leaf destination-ipv6-network { - type inet:ipv6-prefix; - description - "Destination IPv6 address prefix."; - } - leaf source-ipv6-network { - type inet:ipv6-prefix; - description - "Source IPv6 address prefix."; - } - leaf flow-label { - type inet:ipv6-flow-label; - description - "IPv6 Flow label."; - } - reference - "RFC 4291: IP Version 6 Addressing Architecture - RFC 4007: IPv6 Scoped Address Architecture - RFC 5952: A Recommendation for IPv6 Address Text Representation"; - } - grouping acl-eth-header-fields { - description - "Fields in Ethernet header."; - leaf destination-mac-address { - type yang:mac-address; - description - "Destination IEEE 802 MAC address."; - } - leaf destination-mac-address-mask { - type yang:mac-address; - description - "Destination IEEE 802 MAC address mask."; - } - leaf source-mac-address { - type yang:mac-address; - description - "Source IEEE 802 MAC address."; - } - leaf source-mac-address-mask { - type yang:mac-address; - description - "Source IEEE 802 MAC address mask."; - } - reference - "IEEE 802: IEEE Standard for Local and Metropolitan Area - Networks: Overview and Architecture."; - } - -} \ No newline at end of file diff --git a/v3po/api/src/main/yang/v3po.yang b/v3po/api/src/main/yang/v3po.yang index 14ca14d92..f5f6b3293 100644 --- a/v3po/api/src/main/yang/v3po.yang +++ b/v3po/api/src/main/yang/v3po.yang @@ -36,9 +36,6 @@ module v3po { import yang-ext { prefix "ext"; } - import vpp-classfier-acl { - prefix "vpp-classfier-acl"; - } typedef bridge-domain-ref { type leafref { @@ -583,24 +580,6 @@ module v3po { uses vxlan-gpe-base-attributes; } - container acl { - container ingress { - uses vpp-classfier-acl:acl-base-attributes; - } - container egress { - uses vpp-classfier-acl:acl-base-attributes; - } - } - - container ietf-acl { - container ingress { - uses vpp-classfier-acl:ietf-acl-base-attributes; - } - container egress { - uses vpp-classfier-acl:ietf-acl-base-attributes; - } - } - container span { uses span-attributes; } @@ -678,24 +657,6 @@ module v3po { uses l2-base-attributes; } - container acl { - container ingress { - uses vpp-classfier-acl:acl-base-attributes; - } - container egress { - uses vpp-classfier-acl:acl-base-attributes; - } - } - - container ietf-acl { - container ingress { - uses vpp-classfier-acl:ietf-acl-base-attributes; - } - container egress { - uses vpp-classfier-acl:ietf-acl-base-attributes; - } - } - container span { uses span-attributes; } diff --git a/v3po/api/src/main/yang/vpp-classfier-acl.yang b/v3po/api/src/main/yang/vpp-classfier-acl.yang deleted file mode 100644 index 42550d95d..000000000 --- a/v3po/api/src/main/yang/vpp-classfier-acl.yang +++ /dev/null @@ -1,163 +0,0 @@ -module vpp-classfier-acl { - yang-version 1; - namespace "urn:opendaylight:params:xml:ns:yang:vpp:classfier:acl"; - prefix "vpp-classfier-acl"; - - revision "2016-12-14" { - description - "Initial revision of vpp-classfier-acl model."; - } - - import ietf-access-control-list { - prefix "acl"; - } - - import vpp-classifier { - prefix "vpp-classifier"; - } - - import yang-ext { - prefix "ext"; - } - - import ietf-packet-fields { - prefix packet-fields; - } - - identity mixed-acl { - base acl:acl-base; - description - "ACL that can match on any of L2/L3/L4 fields."; - } - - typedef interface-mode { - type enumeration { - enum "l2"; - enum "l3"; - } - } - - grouping acl-base-attributes { - description - "Defines references to classify tables. - At least one table reference should be specified."; - container l2-acl { - leaf classify-table { - type vpp-classifier:classify-table-ref; - description - "An L2 ACL table"; - } - } - container ip4-acl { - leaf classify-table { - type vpp-classifier:classify-table-ref; - description - "An IPv4 ACL table"; - } - } - container ip6-acl { - leaf classify-table { - type vpp-classifier:classify-table-ref; - description - "An IPv6 ACL table"; - } - } - } - - grouping ietf-acl-base-attributes { - description - "Provides limited support for ietf-acl model."; - - container access-lists { - description - "Defines references to ietf-acl lists. - ACLs are translated into classify tables and sessions when assigned to interface. - - In case of L2 interfaces, acls are translated into a chain of classify tables and assigned as L2 table. - In case of L3 interfaces, acls are translated into ip4 and ip6 chains (eth only rules go to both chains, - rest - depending on ip-version). - User ordering is preserved in both cases. - - Assignment update/delete removes all created tables and sessions and repeats process described above. - Update/delete of ACL lists referenced here is not permitted (assignment needs to be removed first). - - Read is supported only for acls that were created and assigned by Honeycomb agent - (corresponding metadata is present). - - Extensions: - - mixing ACEs of different type in one list is permited - - mixing L2/L3/L4 rules in one ACE is permited - - Limitations (due to vpp limitations): - - egress rules are currently ignored (HONEYCOMB-234) - - L4 rules support is limited (every port pair from provided ranges is translated to single classify - session; which can very slow or even crash vpp if ranges are big, see HONEYCOMB-260) - - ace-ip-version needs to be provided for all aces (consequence of posibility to mix ACEs of different types, - and vpp classfier api limitation: common header fields for IP4/IP6 have different offsets) - - L2 rules on L3 interfaces are applied only to IP traffic (vpp classfier limitation) - - vlan tags are supported only for sub-interfaces defined as exact-match"; - - list acl { - key "type name"; - ordered-by user; - - leaf type { - type acl:acl-type; - } - - leaf name { - type acl:access-control-list-ref; - } - } - - leaf default-action { - type enumeration { - enum "deny"; - enum "permit"; - } - default "deny"; - description - "Default action applied to packet that does not match any of rules defined in assigned ACLs. - It is translated to single classify table and applied at the end of assigned chains."; - } - - leaf mode { - type interface-mode; - default l3; - description - "The way ACLs are translated depends on the interface mode. - In case of L2 interfaces (bridge/interconnection) - classify tables are assigned as l2_table using input_acl_set_interface (ether type matching is automatically - added in case of L3 rules). - In case of L3 interfaces, classify tables are assigned as ip4/ip6 tables. - - It is the user responsibility to choose mode that matches target interface. - "; - } - } - } - - augment /acl:access-lists/acl:acl/acl:access-list-entries/acl:ace/acl:matches/acl:ace-type { - ext:augment-identifier "vpp-classfier-acl-type-augmentation"; - case ace-ip-and-eth { - description - "Access List entry that can define both ip and eth rules."; - container ace-ip-and-eth-nodes { - - choice ace-ip-version { - description - "IP version used in this Access List Entry."; - mandatory true; - case ace-ipv4 { - uses packet-fields:acl-ipv4-header-fields; - } - case ace-ipv6 { - uses packet-fields:acl-ipv6-header-fields; - } - } - uses packet-fields:acl-ip-header-fields; - uses packet-fields:acl-eth-header-fields; - } - } - } -} \ No newline at end of file diff --git a/v3po/api/src/main/yang/vpp-classifier-context.yang b/v3po/api/src/main/yang/vpp-classifier-context.yang deleted file mode 100644 index 01eae862d..000000000 --- a/v3po/api/src/main/yang/vpp-classifier-context.yang +++ /dev/null @@ -1,68 +0,0 @@ -module vpp-classifier-context { - yang-version 1; - namespace "urn:opendaylight:params:xml:ns:yang:vpp:classifier"; - prefix "vpp-classifier-context"; - - description - "This module contains vpp classfier metadata definition"; - - revision "2016-09-09" { - description - "Initial revision."; - } - - container vpp-classifier-context { - - config "false"; - - description - "Classify tables and sessions contain relative node indexes. Management agent like Honeycomb, - needs to use node names instead (indexes might change after vpp restart). - VPP does not provide relative index to node name conversion (https://jira.fd.io/browse/VPP-219), - also finding base node that is needed to perform the conversion - is not allways possible (https://jira.fd.io/browse/VPP-220). - - Therefore Honeycomb needs to provide relative node to index mapping. - "; - - list classify-table-context { - key "name"; - unique "index"; - - leaf name { - type string; - description - "Name of the classify table."; - } - - leaf index { - type int32; - description - "Classify table index used by VPP."; - } - - leaf classifier-node-name { - type string; - description - "Name of VPP node the table is defined for."; - } - - list node-context { - key "name"; - unique "index"; - - leaf name { - type string; - description - "Name of vpp node (neighbour of classifier-node-name)"; - } - - leaf index { - type int32; - description - "Inted of the vpp node relative to classifier-node-name"; - } - } - } - } -} \ No newline at end of file diff --git a/v3po/api/src/main/yang/vpp-classifier.yang b/v3po/api/src/main/yang/vpp-classifier.yang deleted file mode 100644 index beb4def85..000000000 --- a/v3po/api/src/main/yang/vpp-classifier.yang +++ /dev/null @@ -1,215 +0,0 @@ -module vpp-classifier { - yang-version 1; - namespace "urn:opendaylight:params:xml:ns:yang:vpp:classifier"; - prefix "vpp-classifier"; - - revision "2016-12-14" { - description - "This revision adds the following new features: - - updates order of union types for opaque-index"; - } - - revision "2015-06-03" { - description - "Initial revision of model for VPP packet classifier. - The model can be used ony to implement ACLs. - Other classify table usages are not supported yet, - see https://jira.fd.io/browse/VPP-203 for details."; - reference - "https://wiki.fd.io/view/VPP/Introduction_To_N-tuple_Classifiers"; - } - - import ietf-yang-types { - prefix "yang"; - } - - typedef classify-table-ref { - type leafref { - path "/vpp-classifier:vpp-classifier/classify-table/name"; - } - description - "This type is used by data models that need to reference - configured classify tables."; - } - - typedef packet-handling-action { - type enumeration { - enum "deny" { - // by VPP convention, first neighbour node (at index 0) is a drop node - value 0; - } - enum "permit" { - value -1; // indicates that the next node not set - } - } - } - - typedef vpp-node-name { - type string; - } - - typedef vpp-node { - type union { - type packet-handling-action; - type vpp-node-name; - } - description - "Defines VPP node reference using packet handling action or relative node name - (if definition in terms of packet handling action is not possible)."; - } - - typedef opaque-index { - type union { - type uint32; - type vpp-node; - } - description - "Defines opaque-index type - metadata that can be attached to session-hit packets. - Vpp nodes can't be referenced by index, because node indexes might change after vpp restart."; - } - - grouping classify-session-attributes { - description - "Defines classify session attributes that are mapped to classify_add_del_session - and classify_session_details messages parameters."; - - leaf hit_next { - type vpp-node; - mandatory true; - description - "Vpp node to which packet will be send when it produces a match."; - } - leaf opaque_index { - type opaque-index; - } - leaf advance { - type int32; - default 0; - description - "Nodes like ip4/6-classify use the parameter to \"consume\" networking layer. - Example: tunnel decapsulation."; - } - } - - grouping classify-table-base-attributes { - description - "Defines classify table attributes that are mapped to classify_add_del_table message parameters."; - - leaf classifier-node { - type vpp-node-name; - description - "Name of VPP node the table is defined for."; - } - leaf nbuckets { - mandatory true; - type uint32; - description - "Used by classifier hashing algorithm. It is not possible to resize the bucket array, - therefore suggested value is approximate number of expected entries."; - } - leaf skip_n_vectors { - type uint32; - default 0; - description - "Number of 16 byte vectors to be skipped before applying mask."; - } - leaf next_table { - type classify-table-ref; - description - "Reference to the next classify table. Required when multiple table chaining is used."; - } - leaf miss_next { - mandatory true; - type vpp-node; - description - "Vpp node to which packet will be send when it falis to produce a match"; - } - leaf mask { - type yang:hex-string; - mandatory true; - description - "Defines match mask (multiple of 16 bytes)"; - } - - list classify-session { - key "match"; - - leaf match { - type yang:hex-string; - description - "Defines actual value to be matched that is - a byte vector, which length is multiple of 16 bytes"; - - must "string-length(match) = string-length(../../mask)" { - error-message - "Match length is not equal to classify table mask length."; - description - "Match length must be equal to classify table mask length."; - } - } - - uses classify-session-attributes; - } - } - - grouping classify-table-config-attributes { - description - "Defines classify table config only attributes (present in classify_add_del_table message - but not in classify_table_info_reply)."; - - // TODO(HC2VPP-10): move to classify-table-base-attributes - // after https://jira.fd.io/browse/VPP-208 is fixed - leaf memory_size { - type uint32; - // mandatory true; // TODO(HC2VPP-10): uncomment - description - "Memory size for classify table and its entries."; - } - } - - grouping classify-table-operational-attributes { - description - "Defines classify table operational attributes (present in classify_table_info_reply message - but not in classify_add_del_table)."; - - leaf active_sessions { - type uint32; - config false; - description - "Number of sessions defined for the classify table."; - } - } - - container vpp-classifier { - list classify-table { - key "name"; - - leaf name { - type string; - description - "Hides classify table identifier managed by vpp."; - } - - uses classify-table-base-attributes; - uses classify-table-config-attributes; - } - } - - container vpp-classifier-state { - config false; - - list classify-table { - key "name"; - - leaf name { - type string; - description - "Hides classify table identifier managed by vpp."; - } - - uses classify-table-base-attributes; - uses classify-table-operational-attributes; - } - } - -} diff --git a/v3po/api/src/main/yang/vpp-vlan.yang b/v3po/api/src/main/yang/vpp-vlan.yang index 383e70f1a..f4fac56b8 100644 --- a/v3po/api/src/main/yang/vpp-vlan.yang +++ b/v3po/api/src/main/yang/vpp-vlan.yang @@ -33,9 +33,6 @@ module vpp-vlan { import v3po { prefix v3po; } - import vpp-classfier-acl { - prefix vpp-classfier-acl; - } typedef sub-interface-status { type enumeration { @@ -167,24 +164,6 @@ module vpp-vlan { uses tag-rewrite; } } - - container acl { - container ingress { - uses vpp-classfier-acl:acl-base-attributes; - } - container egress { - uses vpp-classfier-acl:acl-base-attributes; - } - } - - container ietf-acl { - container ingress { - uses vpp-classfier-acl:ietf-acl-base-attributes; - } - container egress { - uses vpp-classfier-acl:ietf-acl-base-attributes; - } - } } grouping sub-interface-config-attributes { -- cgit 1.2.3-korg