used to control the ACL plugin
*/
-option version = "1.0.1";
+option version = "2.0.0";
import "plugins/acl/acl_types.api";
+import "vnet/interface_types.api";
/** \brief Get the plugin version
@param client_index - opaque cookie to identify the sender
u32 client_index;
u32 context;
u32 acl_index; /* ~0 to add, existing ACL# to replace */
- u8 tag[64]; /* What gets in here gets out in the corresponding tag field when dumping the ACLs. */
+ string tag[64]; /* What gets in here gets out in the corresponding tag field when dumping the ACLs. */
u32 count;
vl_api_acl_rule_t r[count];
+ option vat_help = "<acl-idx> [<ipv4|ipv6>] <permit|permit+reflect|deny|action N> [src IP/plen] [dst IP/plen] [sport X-Y] [dport X-Y] [proto P] [tcpflags FL MASK], ... , ...";
};
/** \brief Reply to add/replace ACL
u32 client_index;
u32 context;
u32 acl_index;
+ option vat_help = "<acl-idx>";
};
/* acl_interface_add_del(_reply) to be deprecated in lieu of acl_interface_set_acl_list */
{
u32 client_index;
u32 context;
- u8 is_add;
+ bool is_add [default=true];
/*
* is_input = 0 => ACL applied on interface egress
* is_input = 1 => ACL applied on interface ingress
*/
- u8 is_input;
- u32 sw_if_index;
+ bool is_input;
+ vl_api_interface_index_t sw_if_index;
u32 acl_index;
+ option vat_help = "<intfc> | sw_if_index <if-idx> [add|del] [input|output] acl <acl-idx>";
};
/** \brief Set the vector of input/output ACLs checked for an interface
{
u32 client_index;
u32 context;
- u32 sw_if_index;
+ vl_api_interface_index_t sw_if_index;
u8 count;
u8 n_input; /* First n_input ACLs are set as a list of input ACLs, the rest are applied as output */
u32 acls[count];
+ option vat_help = "<intfc> | sw_if_index <if-idx> input [acl-idx list] output [acl-idx list]";
};
/** \brief Reply to set the ACL list on an interface
u32 client_index;
u32 context;
u32 acl_index; /* ~0 for all ACLs */
+ option vat_help = "[<acl-idx>]";
};
/** \brief Details about a single ACL contents
{
u32 context;
u32 acl_index;
- u8 tag[64]; /* Same blob that was supplied to us when creating the ACL, one hopes. */
+ string tag[64]; /* Same blob that was supplied to us when creating the ACL, one hopes. */
u32 count;
vl_api_acl_rule_t r[count];
};
{
u32 client_index;
u32 context;
- u32 sw_if_index; /* ~0 for all interfaces */
+ vl_api_interface_index_t sw_if_index; /* ~0 for all interfaces */
+ option vat_help = "[<intfc> | sw_if_index <if-idx>]";
};
/** \brief Details about a single ACL contents
define acl_interface_list_details
{
u32 context;
- u32 sw_if_index;
+ vl_api_interface_index_t sw_if_index;
u8 count;
u8 n_input;
u32 acls[count];
{
u32 client_index;
u32 context;
- u8 tag[64];
+ string tag[64];
u32 count;
vl_api_macip_acl_rule_t r[count];
+ option vat_help = "...";
};
/** \brief Reply to add MACIP ACL
u32 client_index;
u32 context;
u32 acl_index; /* ~0 to add, existing MACIP ACL# to replace */
- u8 tag[64];
+ string tag[64];
u32 count;
vl_api_macip_acl_rule_t r[count];
+ option vat_help = "<acl-idx> [<ipv4|ipv6>] <permit|deny|action N> [count <count>] [src] ip <ipaddress/[plen]> mac <mac> mask <mac_mask>, ... , ...";
};
/** \brief Reply to add/replace MACIP ACL
u32 client_index;
u32 context;
u32 acl_index;
+ option vat_help = "<acl-idx>";
};
/** \brief Add or delete a MACIP ACL to/from interface
{
u32 client_index;
u32 context;
- u8 is_add;
+ bool is_add [default=true];
/* MACIP ACLs are always input */
- u32 sw_if_index;
+ vl_api_interface_index_t sw_if_index;
u32 acl_index;
+ option vat_help = "<intfc> | sw_if_index <if-idx> [add|del] acl <acl-idx>";
};
/** \brief Dump one or all defined MACIP ACLs
u32 client_index;
u32 context;
u32 acl_index; /* ~0 for all ACLs */
+ option vat_help = "[<acl-idx>]";
};
/** \brief Details about one MACIP ACL
{
u32 context;
u32 acl_index;
- u8 tag[64];
+ string tag[64];
u32 count;
vl_api_macip_acl_rule_t r[count];
};
{
u32 client_index;
u32 context;
- u32 sw_if_index; /* ~0 for all interfaces */
+ vl_api_interface_index_t sw_if_index; /* ~0 for all interfaces */
};
/** \brief Details about a single MACIP ACL contents
define macip_acl_interface_list_details
{
u32 context;
- u32 sw_if_index;
+ vl_api_interface_index_t sw_if_index;
u8 count;
u32 acls[count];
};
{
u32 client_index;
u32 context;
- u32 sw_if_index;
+ vl_api_interface_index_t sw_if_index;
u8 count; /* Total number of ethertypes in the whitelist */
u8 n_input; /* first n_input ethertypes are input, the rest - output */
u16 whitelist[count];
+ option vat_help = "<intfc> | sw_if_index <if-idx> input [ethertype list] output [ethertype list]";
};
/** \brief Dump the list(s) of Ethertype whitelists applied to specific or all interfaces
{
u32 client_index;
u32 context;
- u32 sw_if_index; /* ~0 for all interfaces */
+ vl_api_interface_index_t sw_if_index; /* ~0 for all interfaces */
+ option vat_help = "[<intfc> | sw_if_index <if-idx>]";
};
/** \brief Details about ethertype whitelist on a single interface
define acl_interface_etype_whitelist_details
{
u32 context;
- u32 sw_if_index;
+ vl_api_interface_index_t sw_if_index;
u8 count;
u8 n_input; /* first n_input ethertypes are input, the rest - output */
u16 whitelist[count];
u32 client_index;
u32 context;
bool enable;
+ option vat_help = "[disable]";
};