Age | Commit message (Collapse) | Author | Files | Lines |
|
Change-Id: I2912f1265af7487ceed1be01ac489ba765311a97
Signed-off-by: Marek Gradzki <mgradzki@cisco.com>
|
|
* can be used in combination with any other L2/L3 rule.
* assumes no ip options / extension headers
* provides naive implementation (vpp classfier api limitation):
every (src, dst) is mapped to single classify session.
Change-Id: Id6aa249b3e19f0aa47b9e15b5477d56bc70bee0e
Signed-off-by: Marek Gradzki <mgradzki@cisco.com>
|
|
In case of L2 interfaces, acls are translated into
a chain of classify tables and assigned as L2 table.
In case of L3 interfaces, acls are translated into
ip4 and ip6 chains (eth only rules go to
both chains, rest - depending on ip-version).
Limitations:
- it is not possible to define L3 rule without specifying ip-version
(common header fields for IP4/IP6 have different offsets),
- eth rules on L3 interfaces are applied only to IP traffic
(vpp classfier limitation).
Change-Id: I7ca2648cabad8c6e936cf71a51e06596a42891e8
Signed-off-by: Marek Gradzki <mgradzki@cisco.com>
|
|
It was translated to version field,
but should be to protocol/next header field.
Change-Id: I0cf23fdd43246bcc559f61d97701c9153e9b3607
Signed-off-by: Marek Gradzki <mgradzki@cisco.com>
|
|
Change-Id: Ia11eacababd62f719e23af5b64b19c5227d56a45
Signed-off-by: Marek Gradzki <mgradzki@cisco.com>
|
|
- adds classify table on the end of each of the 3 chains to enforce ordering
- updates v3po.yang with default-action leaf
- updates postman collection
Change-Id: If54abec1a6516eaf87aae0e5da9382a6e5dee1f3
Signed-off-by: Marek Gradzki <mgradzki@cisco.com>
|
|
Sets revision date to 14.12.2016 - API freeze for HC 1.17.01
Updated models:
- lisp.yang
- v3po.yang
- vpp-vlan.yang
- pbb-types.yang
- vpp-pbb.yang
Change-Id: Ib2b962c7756748ac357141ffbc6f5bc6668c97e3
Signed-off-by: Marek Gradzki <mgradzki@cisco.com>
|
|
Change-Id: Idde761d0c0c2c4d96555ef94dbdaa87fad889493
Signed-off-by: Jan Srnicek <jsrnicek@cisco.com>
|
|
- L2 only rules for L3 interfaces are not allowed by vpp
- describes other limitations of ietf-acl model implementation
Change-Id: If7e79e4bbfe3113b82e3411d9a951c409799a29f
Signed-off-by: Marek Gradzki <mgradzki@cisco.com>
|
|
- marks existing ACL support as ingress
- updates postman collection
Change-Id: I7ae39cb6698d9aafbe932d57725f138194b52e70
Signed-off-by: Maros Marsalek <mmarsale@cisco.com>
Signed-off-by: Marek Gradzki <mgradzki@cisco.com>
|