used to control the ACL plugin
*/
-option version = "1.0.1";
+option version = "2.0.0";
import "plugins/acl/acl_types.api";
+import "vnet/interface_types.api";
/** \brief Get the plugin version
@param client_index - opaque cookie to identify the sender
u32 client_index;
u32 context;
u32 acl_index; /* ~0 to add, existing ACL# to replace */
- u8 tag[64]; /* What gets in here gets out in the corresponding tag field when dumping the ACLs. */
+ string tag[64]; /* What gets in here gets out in the corresponding tag field when dumping the ACLs. */
u32 count;
vl_api_acl_rule_t r[count];
- option vat_help = "<acl-idx> [<ipv4|ipv6> <permit|permit+reflect|deny|action N> [src IP/plen] [dst IP/plen] [sport X-Y] [dport X-Y] [proto P] [tcpflags FL MASK], ... , ...";
+ option vat_help = "<acl-idx> <permit|permit+reflect|deny|action N> [src IP/plen] [dst IP/plen] [sport X-Y] [dport X-Y] [proto P] [tcpflags FL MASK], ... , ...";
};
/** \brief Reply to add/replace ACL
{
u32 client_index;
u32 context;
- u8 is_add;
+ bool is_add [default=true];
/*
* is_input = 0 => ACL applied on interface egress
* is_input = 1 => ACL applied on interface ingress
*/
- u8 is_input;
- u32 sw_if_index;
+ bool is_input;
+ vl_api_interface_index_t sw_if_index;
u32 acl_index;
option vat_help = "<intfc> | sw_if_index <if-idx> [add|del] [input|output] acl <acl-idx>";
};
{
u32 client_index;
u32 context;
- u32 sw_if_index;
+ vl_api_interface_index_t sw_if_index;
u8 count;
u8 n_input; /* First n_input ACLs are set as a list of input ACLs, the rest are applied as output */
u32 acls[count];
{
u32 context;
u32 acl_index;
- u8 tag[64]; /* Same blob that was supplied to us when creating the ACL, one hopes. */
+ string tag[64]; /* Same blob that was supplied to us when creating the ACL, one hopes. */
u32 count;
vl_api_acl_rule_t r[count];
};
/** \brief Dump the list(s) of ACL applied to specific or all interfaces
@param client_index - opaque cookie to identify the sender
@param context - sender context, to match reply w/ request
- @param sw_if_index - interface to dump the ACL list for
+ @param sw_if_index - interface for which to dump the ACL list. Default: 0xffffffff (All interfaces)
*/
define acl_interface_list_dump
{
u32 client_index;
u32 context;
- u32 sw_if_index; /* ~0 for all interfaces */
+ vl_api_interface_index_t sw_if_index [default=0xffffffff];
option vat_help = "[<intfc> | sw_if_index <if-idx>]";
};
define acl_interface_list_details
{
u32 context;
- u32 sw_if_index;
+ vl_api_interface_index_t sw_if_index;
u8 count;
u8 n_input;
u32 acls[count];
{
u32 client_index;
u32 context;
- u8 tag[64];
+ string tag[64];
u32 count;
vl_api_macip_acl_rule_t r[count];
option vat_help = "...";
/** \brief Add/Replace a MACIP ACL
@param client_index - opaque cookie to identify the sender
@param context - sender context, to match reply w/ request
- @param acl_index - an existing MACIP ACL entry (0..0xfffffffe) to replace, or 0xffffffff to make new MACIP ACL
+ @param acl_index - an existing MACIP ACL entry (0..0xfffffffe) to replace, or 0xffffffff to make new MACIP ACL Default: 0xffffffff
@param tag - descriptive value for this MACIP ACL
@param count - number of rules in this MACIP ACL
@param r - vector of MACIP ACL rules
{
u32 client_index;
u32 context;
- u32 acl_index; /* ~0 to add, existing MACIP ACL# to replace */
- u8 tag[64];
+ u32 acl_index [default=0xffffffff]; /* ~0 to add, existing MACIP ACL# to replace */
+ string tag[64];
u32 count;
vl_api_macip_acl_rule_t r[count];
- option vat_help = "<acl-idx> [<ipv4|ipv6> <permit|deny|action N> [count <count>] [src] ip <ipaddress/[plen]> mac <mac> mask <mac_mask>, ... , ...";
+ option vat_help = "<acl-idx> <permit|deny|action N> [count <count>] [src] ip <ipaddress/[plen]> mac <mac> mask <mac_mask>, ... , ...";
};
/** \brief Reply to add/replace MACIP ACL
{
u32 client_index;
u32 context;
- u8 is_add;
+ bool is_add [default=true];
/* MACIP ACLs are always input */
- u32 sw_if_index;
+ vl_api_interface_index_t sw_if_index;
u32 acl_index;
option vat_help = "<intfc> | sw_if_index <if-idx> [add|del] acl <acl-idx>";
};
/** \brief Dump one or all defined MACIP ACLs
@param client_index - opaque cookie to identify the sender
@param context - sender context, to match reply w/ request
- @param acl_index - MACIP ACL index or ~0 to dump all MACIP ACLs
+ @param acl_index - MACIP ACL index or ~0 to dump all MACIP ACLs Default: 0xffffffff
*/
define macip_acl_dump
{
u32 client_index;
u32 context;
- u32 acl_index; /* ~0 for all ACLs */
+ u32 acl_index [default=0xffffffff]; /* ~0 for all ACLs */
option vat_help = "[<acl-idx>]";
};
{
u32 context;
u32 acl_index;
- u8 tag[64];
+ string tag[64];
u32 count;
vl_api_macip_acl_rule_t r[count];
};
{
u32 client_index;
u32 context;
- u32 sw_if_index; /* ~0 for all interfaces */
+ vl_api_interface_index_t sw_if_index; /* ~0 for all interfaces */
};
/** \brief Details about a single MACIP ACL contents
define macip_acl_interface_list_details
{
u32 context;
- u32 sw_if_index;
+ vl_api_interface_index_t sw_if_index;
u8 count;
u32 acls[count];
};
{
u32 client_index;
u32 context;
- u32 sw_if_index;
+ vl_api_interface_index_t sw_if_index;
u8 count; /* Total number of ethertypes in the whitelist */
u8 n_input; /* first n_input ethertypes are input, the rest - output */
u16 whitelist[count];
{
u32 client_index;
u32 context;
- u32 sw_if_index; /* ~0 for all interfaces */
+ vl_api_interface_index_t sw_if_index; /* ~0 for all interfaces */
option vat_help = "[<intfc> | sw_if_index <if-idx>]";
};
define acl_interface_etype_whitelist_details
{
u32 context;
- u32 sw_if_index;
+ vl_api_interface_index_t sw_if_index;
u8 count;
u8 n_input; /* first n_input ethertypes are input, the rest - output */
u16 whitelist[count];