aboutsummaryrefslogtreecommitdiffstats
path: root/src/plugins/acl/acl.api
diff options
context:
space:
mode:
authorPaul Vinciguerra <pvinci@vinciconsulting.com>2019-07-23 11:56:30 -0400
committerAndrew Yourtchenko <ayourtch@gmail.com>2019-07-29 07:19:40 +0000
commitbb2e5221a72911bc52be178cfdd22be0ba1b1ca8 (patch)
treecb18025d59af0052c5515e1b0964c7fad378f8ed /src/plugins/acl/acl.api
parent99c358d62ab5106c710da23c563cd1b529a68f5a (diff)
api acl: breakout acl_types.api for reuse by others
Type: refactor Change-Id: I40518ccddcb78e58f7e6a098c27d9ec53e5a1146 Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
Diffstat (limited to 'src/plugins/acl/acl.api')
-rw-r--r--src/plugins/acl/acl.api81
1 files changed, 2 insertions, 79 deletions
diff --git a/src/plugins/acl/acl.api b/src/plugins/acl/acl.api
index 0c230c5fd54..b35267d28ed 100644
--- a/src/plugins/acl/acl.api
+++ b/src/plugins/acl/acl.api
@@ -21,6 +21,8 @@
option version = "1.0.1";
+import "plugins/acl/acl_types.api";
+
/** \brief Get the plugin version
@param client_index - opaque cookie to identify the sender
@param context - sender context, to match reply w/ request
@@ -90,85 +92,6 @@ define acl_plugin_get_conn_table_max_entries_reply
u64 conn_table_max_entries;
};
-/** \brief Access List Rule entry
- @param is_permit - deny (0), permit (1), or permit+reflect(2) action on this rule.
- @param is_ipv6 - IP addresses in this rule are IPv6 (1) or IPv4 (0)
- @param src_ip_addr - Source prefix value
- @param src_ip_prefix_len - Source prefix length
- @param dst_ip_addr - Destination prefix value
- @param dst_ip_prefix_len - Destination prefix length
- @param proto - L4 protocol (http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml)
- @param srcport_or_icmptype_first - beginning of source port or ICMP4/6 type range
- @param srcport_or_icmptype_last - end of source port or ICMP4/6 type range
- @param dstport_or_icmpcode_first - beginning of destination port or ICMP4/6 code range
- @param dstport_or_icmpcode_last - end of destination port or ICMP4/6 code range
- @param tcp_flags_mask - if proto==6, match masked TCP flags with this value
- @param tcp_flags_value - if proto==6, mask to AND the TCP flags in the packet with
-*/
-
-typeonly manual_print define acl_rule
-{
- u8 is_permit;
- u8 is_ipv6;
- u8 src_ip_addr[16];
- u8 src_ip_prefix_len;
- u8 dst_ip_addr[16];
- u8 dst_ip_prefix_len;
-/*
- * L4 protocol. IANA number. 1 = ICMP, 58 = ICMPv6, 6 = TCP, 17 = UDP.
- * 0 => ignore L4 and ignore the ports/tcpflags when matching.
- */
- u8 proto;
-/*
- * If the L4 protocol is TCP or UDP, the below
- * hold ranges of ports, else if the L4 is ICMP/ICMPv6
- * they hold ranges of ICMP(v6) types/codes.
- *
- * Ranges are inclusive, i.e. to match "any" TCP/UDP port,
- * use first=0,last=65535. For ICMP(v6),
- * use first=0,last=255.
- */
- u16 srcport_or_icmptype_first;
- u16 srcport_or_icmptype_last;
- u16 dstport_or_icmpcode_first;
- u16 dstport_or_icmpcode_last;
-/*
- * for proto = 6, this matches if the
- * TCP flags in the packet, ANDed with tcp_flags_mask,
- * is equal to tcp_flags_value.
- */
- u8 tcp_flags_mask;
- u8 tcp_flags_value;
-};
-
-/** \brief MACIP Access List Rule entry
- @param is_permit - deny (0), permit (1) action on this rule.
- @param is_ipv6 - IP addresses in this rule are IPv6 (1) or IPv4 (0)
- @param src_mac - match masked source MAC address against this value
- @param src_mac_mask - AND source MAC address with this value before matching
- @param src_ip_addr - Source prefix value
- @param src_ip_prefix_len - Source prefix length
-*/
-
-typeonly manual_print define macip_acl_rule
-{
- u8 is_permit;
- u8 is_ipv6;
-/*
- * The source mac of the packet ANDed with src_mac_mask.
- * The source ip[46] address in the packet is matched
- * against src_ip_addr, with src_ip_prefix_len set to 0.
- *
- * For better performance, minimize the number of
- * (src_mac_mask, src_ip_prefix_len) combinations
- * in a MACIP ACL.
- */
- u8 src_mac[6];
- u8 src_mac_mask[6];
- u8 src_ip_addr[16];
- u8 src_ip_prefix_len;
-};
-
/** \brief Replace an existing ACL in-place or create a new ACL
@param client_index - opaque cookie to identify the sender
@param context - sender context, to match reply w/ request