+++ /dev/null
-module ietf-access-control-list {
- yang-version 1.1;
- namespace "urn:ietf:params:xml:ns:yang:ietf-access-control-list";
- prefix acl;
- import ietf-yang-types {
- prefix yang;
- }
- import ietf-packet-fields {
- prefix packet-fields;
- }
- organization "IETF NETMOD (NETCONF Data Modeling Language)
- Working Group";
- contact
- "WG Web: http://tools.ietf.org/wg/netmod/
- WG Chair: Juergen Schoenwaelder
- WG Chair: Tom Nadeau
- Editor: Dean Bogdanovic
- Editor: Kiran Agrahara Sreenivasa
- Editor: Lisa Huang
- Editor: Dana Blair
- description
- "This YANG module defines a component that describing the
- configuration of Access Control Lists (ACLs).
- Copyright (c) 2015 IETF Trust and the persons identified as
- the document authors. All rights reserved.
- Redistribution and use in source and binary forms, with or
- without modification, is permitted pursuant to, and subject
- to the license terms contained in, the Simplified BSD
- License set forth in Section 4.c of the IETF Trust's Legal
- Provisions Relating to IETF Documents
- (http://trustee.ietf.org/license-info).
- This version of this YANG module is part of RFC XXXX; see
- the RFC itself for full legal notices.";
- revision 2016-07-08 {
- description
- "Base model for Network Access Control List (ACL).";
- reference
- "RFC XXXX: Network Access Control List (ACL)
- YANG Data Model";
- }
- identity acl-base {
- description
- "Base Access Control List type for all Access Control List type
- identifiers.";
- }
- identity ipv4-acl {
- base acl:acl-base;
- description
- "ACL that primarily matches on fields from the IPv4 header
- (e.g. IPv4 destination address) and layer 4 headers (e.g. TCP
- destination port). An acl of type ipv4-acl does not contain
- matches on fields in the ethernet header or the IPv6 header.";
- }
- identity ipv6-acl {
- base acl:acl-base;
- description
- "ACL that primarily matches on fields from the IPv6 header
- (e.g. IPv6 destination address) and layer 4 headers (e.g. TCP
- destination port). An acl of type ipv6-acl does not contain
- matches on fields in the ethernet header or the IPv4 header.";
- }
- identity eth-acl {
- base acl:acl-base;
- description
- "ACL that primarily matches on fields in the ethernet header,
- like 10/100/1000baseT or WiFi Access Control List. An acl of
- type eth-acl does not contain matches on fields in the IPv4
- header, IPv6 header or layer 4 headers.";
- }
- typedef acl-type {
- type identityref {
- base acl:acl-base;
- }
- description
- "This type is used to refer to an Access Control List
- (ACL) type";
- }
- /*
- HC2VPP-290: access-control-list-ref was modified to fix pyang errors
- TODO(HC2VPP-291): bump ietf-access-control-list version to resolve the issue
- */
- typedef access-control-list-ref {
- type leafref {
- path "/acl:access-lists/acl:acl/acl:acl-name";
- }
- description
- "This type is used by data models that need to reference an
- Access Control List";
- }
- container access-lists {
- description
- "This is a top level container for Access Control Lists.
- It can have one or more Access Control Lists.";
- list acl {
- key "acl-type acl-name";
- description
- "An Access Control List(ACL) is an ordered list of
- Access List Entries (ACE). Each Access Control Entry has a
- list of match criteria and a list of actions.
- Since there are several kinds of Access Control Lists
- implemented with different attributes for
- different vendors, this
- model accommodates customizing Access Control Lists for
- each kind and for each vendor.";
- leaf acl-name {
- type string;
- description
- "The name of access-list. A device MAY restrict the length
- and value of this name, possibly space and special
- characters are not allowed.";
- }
- leaf acl-type {
- type acl-type;
- description
- "Type of access control list. Indicates the primary intended
- type of match criteria (e.g. ethernet, IPv4, IPv6, mixed, etc)
- used in the list instance.";
- }
- container acl-oper-data {
- config false;
- description
- "Overall Access Control List operational data";
- }
- container access-list-entries {
- description
- "The access-list-entries container contains
- a list of access-list-entries(ACE).";
- list ace {
- key "rule-name";
- ordered-by user;
- description
- "List of access list entries(ACE)";
- leaf rule-name {
- type string;
- description
- "A unique name identifying this Access List
- Entry(ACE).";
- }
- container matches {
- description
- "Definitions for match criteria for this Access List
- Entry.";
- choice ace-type {
- description
- "Type of access list entry.";
- case ace-ip {
- description "IP Access List Entry.";
- choice ace-ip-version {
- description
- "IP version used in this Access List Entry.";
- case ace-ipv4 {
- uses packet-fields:acl-ipv4-header-fields;
- }
- case ace-ipv6 {
- uses packet-fields:acl-ipv6-header-fields;
- }
- }
- uses packet-fields:acl-ip-header-fields;
- }
- case ace-eth {
- description
- "Ethernet Access List entry.";
- uses packet-fields:acl-eth-header-fields;
- }
- }
- }
- container actions {
- description
- "Definitions of action criteria for this Access List
- Entry.";
- choice packet-handling {
- default "deny";
- description
- "Packet handling action.";
- case deny {
- leaf deny {
- type empty;
- description
- "Deny action.";
- }
- }
- case permit {
- leaf permit {
- type empty;
- description
- "Permit action.";
- }
- }
- }
- }
- container ace-oper-data {
- config false;
- description
- "Operational data for this Access List Entry.";
- leaf match-counter {
- type yang:counter64;
- description
- "Number of matches for this Access List Entry";
- }
- }
- }
- }
- }
- }
-}
--- /dev/null
+module ietf-access-control-list {
+ yang-version 1.1;
+ namespace "urn:ietf:params:xml:ns:yang:ietf-access-control-list";
+ prefix acl;
+
+ import ietf-yang-types {
+ prefix yang;
+ reference
+ "RFC 6991 - Common YANG Data Types.";
+ }
+
+ import ietf-packet-fields {
+ prefix pf;
+ reference
+ "RFC XXXX - Network ACL YANG Model.";
+ }
+
+ import ietf-interfaces {
+ prefix if;
+ reference
+ "RFC 8343 - A YANG Data Model for Interface Management.";
+ }
+
+ organization
+ "IETF NETMOD (Network Modeling Language)
+ Working Group";
+
+ contact
+ "WG Web: http://tools.ietf.org/wg/netmod/
+
+ Editor: Mahesh Jethanandani
+ Editor: Lisa Huang
+ Editor: Sonal Agarwal
+ Editor: Dana Blair
+
+ description
+ "This YANG module defines a component that describe the
+ configuration of Access Control Lists (ACLs).
+
+ Copyright (c) 2018 IETF Trust and the persons identified as
+ the document authors. All rights reserved.
+ Redistribution and use in source and binary forms, with or
+ without modification, is permitted pursuant to, and subject
+ to the license terms contained in, the Simplified BSD
+ License set forth in Section 4.c of the IETF Trust's Legal
+ Provisions Relating to IETF Documents
+ (http://trustee.ietf.org/license-info).
+
+ This version of this YANG module is part of RFC XXXX; see
+ the RFC itself for full legal notices.";
+
+ revision 2018-10-01 {
+ description
+ "Initial version.";
+ reference
+ "RFC XXX: Network Access Control List (ACL) YANG Data Model.";
+ }
+
+ /*
+ * Identities
+ */
+ /*
+ * Forwarding actions for a packet
+ */
+ identity forwarding-action {
+ description
+ "Base identity for actions in the forwarding category";
+ }
+
+ identity accept {
+ base forwarding-action;
+ description
+ "Accept the packet";
+ }
+
+ identity drop {
+ base forwarding-action;
+ description
+ "Drop packet without sending any ICMP error message";
+ }
+
+ identity reject {
+ base forwarding-action;
+ description
+ "Drop the packet and send an ICMP error message to the source";
+ }
+
+ /*
+ * Logging actions for a packet
+ */
+ identity log-action {
+ description
+ "Base identity for defining the destination for logging actions";
+ }
+
+ identity log-syslog {
+ base log-action;
+ description
+ "System log (syslog) the information for the packet";
+ }
+
+ identity log-none {
+ base log-action;
+ description
+ "No logging for the packet";
+ }
+
+ /*
+ * ACL type identities
+ */
+ identity acl-base {
+ description
+ "Base Access Control List type for all Access Control List type
+ identifiers.";
+ }
+
+ identity ipv4-acl-type {
+ base acl:acl-base;
+ if-feature "ipv4";
+ description
+ "An ACL that matches on fields from the IPv4 header
+ (e.g. IPv4 destination address) and layer 4 headers (e.g. TCP
+ destination port). An acl of type ipv4 does not contain
+ matches on fields in the ethernet header or the IPv6 header.";
+ }
+
+ identity ipv6-acl-type {
+ base acl:acl-base;
+ if-feature "ipv6";
+ description
+ "An ACL that matches on fields from the IPv6 header
+ (e.g. IPv6 destination address) and layer 4 headers (e.g. TCP
+ destination port). An acl of type ipv6 does not contain
+ matches on fields in the ethernet header or the IPv4 header.";
+ }
+
+ identity eth-acl-type {
+ base acl:acl-base;
+ if-feature "eth";
+ description
+ "An ACL that matches on fields in the ethernet header,
+ like 10/100/1000baseT or WiFi Access Control List. An acl of
+ type ethernet does not contain matches on fields in the IPv4
+ header, IPv6 header or layer 4 headers.";
+ }
+
+ identity mixed-eth-ipv4-acl-type {
+ base "acl:eth-acl-type";
+ base "acl:ipv4-acl-type";
+ if-feature "mixed-eth-ipv4";
+ description
+ "An ACL that contains a mix of entries that
+ match on fields in ethernet headers,
+ entries that match on IPv4 headers.
+ Matching on layer 4 header fields may also exist in the
+ list.";
+ }
+ identity mixed-eth-ipv6-acl-type {
+ base "acl:eth-acl-type";
+ base "acl:ipv6-acl-type";
+ if-feature "mixed-eth-ipv6";
+ description
+ "ACL that contains a mix of entries that
+ match on fields in ethernet headers, entries
+ that match on fields in IPv6 headers. Matching on
+ layer 4 header fields may also exist in the list.";
+ }
+
+ identity mixed-eth-ipv4-ipv6-acl-type {
+ base "acl:eth-acl-type";
+ base "acl:ipv4-acl-type";
+ base "acl:ipv6-acl-type";
+ if-feature "mixed-eth-ipv4-ipv6";
+ description
+ "ACL that contains a mix of entries that
+ match on fields in ethernet headers, entries
+ that match on fields in IPv4 headers, and entries
+ that match on fields in IPv6 headers. Matching on
+ layer 4 header fields may also exist in the list.";
+ }
+
+ /*
+ * Features
+ */
+
+ /*
+ * Features supported by device
+ */
+ feature match-on-eth {
+ description
+ "The device can support matching on ethernet headers.";
+ }
+
+ feature match-on-ipv4 {
+ description
+ "The device can support matching on IPv4 headers.";
+ }
+
+ feature match-on-ipv6 {
+ description
+ "The device can support matching on IPv6 headers.";
+ }
+
+ feature match-on-tcp {
+ description
+ "The device can support matching on TCP headers.";
+ }
+
+ feature match-on-udp {
+ description
+ "The device can support matching on UDP headers.";
+ }
+
+ feature match-on-icmp {
+ description
+ "The device can support matching on ICMP (v4 and v6) headers.";
+ }
+
+ /*
+ * Header classifications combinations supported by
+ * device
+ */
+ feature eth {
+ if-feature "match-on-eth";
+ description
+ "Plain Ethernet ACL supported";
+ }
+
+ feature ipv4 {
+ if-feature "match-on-ipv4";
+ description
+ "Plain IPv4 ACL supported";
+ }
+
+ feature ipv6 {
+ if-feature "match-on-ipv6";
+ description
+ "Plain IPv6 ACL supported";
+ }
+
+ feature mixed-eth-ipv4 {
+ if-feature "match-on-eth and match-on-ipv4";
+ description
+ "Ethernet and IPv4 ACL combinations supported";
+ }
+
+ feature mixed-eth-ipv6 {
+ if-feature "match-on-eth and match-on-ipv6";
+ description
+ "Ethernet and IPv6 ACL combinations supported";
+ }
+
+ feature mixed-eth-ipv4-ipv6 {
+ if-feature "match-on-eth and match-on-ipv4
+ and match-on-ipv6";
+ description
+ "Ethernet, IPv4 and IPv6 ACL combinations supported.";
+ }
+
+ /*
+ * Stats Features
+ */
+ feature interface-stats {
+ description
+ "ACL counters are available and reported only per interface";
+ }
+
+ feature acl-aggregate-stats {
+ description
+ "ACL counters are aggregated over all interfaces, and reported
+ only per ACL entry";
+ }
+
+ /*
+ * Attachment point features
+ */
+ feature interface-attachment {
+ description
+ "ACLs are set on interfaces.";
+ }
+
+ /*
+ * Typedefs
+ */
+ typedef acl-type {
+ type identityref {
+ base acl-base;
+ }
+ description
+ "This type is used to refer to an Access Control List
+ (ACL) type";
+ }
+
+ /*
+ * Groupings
+ */
+ grouping acl-counters {
+ description
+ "Common grouping for ACL counters";
+
+ leaf matched-packets {
+ type yang:counter64;
+ config false;
+ description
+ "Count of the number of packets matching the current ACL
+ entry.
+
+ An implementation should provide this counter on a
+ per-interface per-ACL-entry basis if possible.
+
+ If an implementation only supports ACL counters on a per
+ entry basis (i.e., not broken out per interface), then the
+ value should be equal to the aggregate count across all
+ interfaces.
+
+ An implementation that provides counters on a per entry per
+ interface basis is not required to also provide an aggregate
+ count, e.g., per entry -- the user is expected to be able
+ implement the required aggregation if such a count is
+ needed.";
+ }
+
+ leaf matched-octets {
+ type yang:counter64;
+ config false;
+ description
+ "Count of the number of octets (bytes) matching the current
+ ACL entry.
+
+ An implementation should provide this counter on a
+ per-interface per-ACL-entry if possible.
+
+ If an implementation only supports ACL counters per entry
+ (i.e., not broken out per interface), then the value
+ should be equal to the aggregate count across all interfaces.
+
+ An implementation that provides counters per entry per
+ interface is not required to also provide an aggregate count,
+ e.g., per entry -- the user is expected to be able implement
+ the required aggregation if such a count is needed.";
+ }
+ }
+
+ /*
+ * Configuration data nodes
+ */
+ container acls {
+ description
+ "This is a top level container for Access Control Lists.
+ It can have one or more acl nodes.";
+ list acl {
+ key "name";
+ description
+ "An Access Control List (ACL) is an ordered list of
+ Access Control Entries (ACE). Each ACE has a
+ list of match criteria and a list of actions.
+ Since there are several kinds of Access Control Lists
+ implemented with different attributes for
+ different vendors, this model accommodates customizing
+ Access Control Lists for each kind and, for each vendor.";
+ leaf name {
+ type string {
+ length "1..64";
+ }
+ description
+ "The name of access list. A device MAY restrict the length
+ and value of this name, possibly space and special
+ characters are not allowed.";
+ }
+ leaf type {
+ type acl-type;
+ description
+ "Type of access control list. Indicates the primary intended
+ type of match criteria (e.g. ethernet, IPv4, IPv6, mixed,
+ etc) used in the list instance.";
+ }
+ container aces {
+ description
+ "The aces container contains one or more ace nodes.";
+ list ace {
+ key "name";
+ ordered-by user;
+ description
+ "List of Access Control Entries (ACEs)";
+ leaf name {
+ type string {
+ length "1..64";
+ }
+ description
+ "A unique name identifying this Access Control
+ Entry (ACE).";
+ }
+
+ container matches {
+ description
+ "The rules in this set determine what fields will be
+ matched upon before any action is taken on them.
+ The rules are selected based on the feature set
+ defined by the server and the acl-type defined.
+ If no matches are defined in a particular container,
+ then any packet will match that container. If no
+ matches are specified at all in an ACE, then any
+ packet will match the ACE.";
+
+ choice l2 {
+ container eth {
+ when "derived-from-or-self(/acls/acl/type, " +
+ "'acl:eth-acl-type')";
+ if-feature match-on-eth;
+ uses pf:acl-eth-header-fields;
+ description
+ "Rule set that matches ethernet headers.";
+ }
+ description
+ "Match layer 2 headers, for example ethernet
+ header fields.";
+ }
+
+ choice l3 {
+ container ipv4 {
+ when "derived-from-or-self(/acls/acl/type, " +
+ "'acl:ipv4-acl-type')";
+ if-feature match-on-ipv4;
+ uses pf:acl-ip-header-fields;
+ uses pf:acl-ipv4-header-fields;
+ description
+ "Rule set that matches IPv4 headers.";
+ }
+
+ container ipv6 {
+ when "derived-from-or-self(/acls/acl/type, " +
+ "'acl:ipv6-acl-type')";
+ if-feature match-on-ipv6;
+ uses pf:acl-ip-header-fields;
+ uses pf:acl-ipv6-header-fields;
+ description
+ "Rule set that matches IPv6 headers.";
+ }
+ description
+ "Choice of either ipv4 or ipv6 headers";
+ }
+
+ choice l4 {
+ container tcp {
+ if-feature match-on-tcp;
+ uses pf:acl-tcp-header-fields;
+ container source-port {
+ choice source-port {
+ case range-or-operator {
+ uses pf:port-range-or-operator;
+ description
+ "Source port definition from range or
+ operator.";
+ }
+ description
+ "Choice of source port definition using
+ range/operator or a choice to support future
+ 'case' statements, such as one enabling a
+ group of source ports to be referenced.";
+ }
+ description
+ "Source port definition.";
+ }
+ container destination-port {
+ choice destination-port {
+ case range-or-operator {
+ uses pf:port-range-or-operator;
+ description
+ "Destination port definition from range or
+ operator.";
+ }
+ description
+ "Choice of destination port definition using
+ range/operator or a choice to support future
+ 'case' statements, such as one enabling a
+ group of destination ports to be referenced.";
+ }
+ description
+ "Destination port definition.";
+ }
+ description
+ "Rule set that matches TCP headers.";
+ }
+
+ container udp {
+ if-feature match-on-udp;
+ uses pf:acl-udp-header-fields;
+ container source-port {
+ choice source-port {
+ case range-or-operator {
+ uses pf:port-range-or-operator;
+ description
+ "Source port definition from range or
+ operator.";
+ }
+ description
+ "Choice of source port definition using
+ range/operator or a choice to support future
+ 'case' statements, such as one enabling a
+ group of source ports to be referenced.";
+ }
+ description
+ "Source port definition.";
+ }
+ container destination-port {
+ choice destination-port {
+ case range-or-operator {
+ uses pf:port-range-or-operator;
+ description
+ "Destination port definition from range or
+ operator.";
+ }
+ description
+ "Choice of destination port definition using
+ range/operator or a choice to support future
+ 'case' statements, such as one enabling a
+ group of destination ports to be referenced.";
+ }
+ description
+ "Destination port definition.";
+ }
+ description
+ "Rule set that matches UDP headers.";
+ }
+
+ container icmp {
+ if-feature match-on-icmp;
+ uses pf:acl-icmp-header-fields;
+ description
+ "Rule set that matches ICMP headers.";
+ }
+ description
+ "Choice of TCP, UDP or ICMP headers.";
+ }
+
+ leaf egress-interface {
+ type if:interface-ref;
+ description
+ "Egress interface. This should not be used if this ACL
+ is attached as an egress ACL (or the value should
+ equal the interface to which the ACL is attached).";
+ }
+
+ leaf ingress-interface {
+ type if:interface-ref;
+ description
+ "Ingress interface. This should not be used if this ACL
+ is attached as an ingress ACL (or the value should
+ equal the interface to which the ACL is attached)";
+ }
+ }
+
+ container actions {
+ description
+ "Definitions of action for this ace entry";
+ leaf forwarding {
+ type identityref {
+ base forwarding-action;
+ }
+ mandatory true;
+ description
+ "Specifies the forwarding action per ace entry";
+ }
+
+ leaf logging {
+ type identityref {
+ base log-action;
+ }
+ default log-none;
+ description
+ "Specifies the log action and destination for
+ matched packets. Default value is not to log the
+ packet.";
+ }
+ }
+ container statistics {
+ if-feature "acl-aggregate-stats";
+ config false;
+ description
+ "Statistics gathered across all attachment points for the
+ given ACL.";
+ uses acl-counters;
+ }
+ }
+ }
+ }
+ container attachment-points {
+ description
+ "Enclosing container for the list of
+ attachment-points on which ACLs are set";
+
+ /*
+ * Groupings
+ */
+ grouping interface-acl {
+ description
+ "Grouping for per-interface ingress ACL data";
+
+ container acl-sets {
+ description
+ "Enclosing container the list of ingress ACLs on the
+ interface";
+
+ list acl-set {
+ key "name";
+ ordered-by user;
+ description
+ "List of ingress ACLs on the interface";
+
+ leaf name {
+ type leafref {
+ path "/acls/acl/name";
+ }
+ description
+ "Reference to the ACL name applied on ingress";
+ }
+
+ list ace-statistics {
+ if-feature "interface-stats";
+ key "name";
+ config false;
+ description
+ "List of Access Control Entries (ACEs)";
+ leaf name {
+ type leafref {
+ path "/acls/acl/aces/ace/name";
+ }
+ description
+ "The ace name";
+ }
+ uses acl-counters;
+ }
+ }
+ }
+ }
+
+ list interface {
+ if-feature interface-attachment;
+ key "interface-id";
+ description
+ "List of interfaces on which ACLs are set";
+
+ leaf interface-id {
+ type if:interface-ref;
+ description
+ "Reference to the interface id list key";
+ }
+
+ container ingress {
+ uses interface-acl;
+ description
+ "The ACLs applied to ingress interface";
+ }
+ container egress {
+ uses interface-acl;
+ description
+ "The ACLs applied to egress interface";
+ }
+ }
+ }
+ }
+}
--- /dev/null
+module ietf-ethertypes {
+ namespace "urn:ietf:params:xml:ns:yang:ietf-ethertypes";
+ prefix ethertypes;
+
+ organization
+ "IETF NETMOD (NETCONF Data Modeling Language)";
+
+ contact
+ "WG Web: <http://tools.ietf.org/wg/netmod/>
+
+ Editor: Mahesh Jethanandani
+
+ description
+ "This module contains the common definitions for the
+ Ethertype used by different modules. It is a
+ placeholder module, till such time that IEEE
+ starts a project to define these Ethertypes
+ and publishes a standard.
+
+ At that time this module can be deprecated.";
+
+ revision 2018-10-01 {
+ description
+ "Initial revision.";
+ reference
+ "RFC XXXX: IETF Ethertype YANG Data Module.";
+ }
+
+ typedef ethertype {
+ type union {
+ type uint16;
+ type enumeration {
+ enum ipv4 {
+ value 2048;
+ description
+ "Internet Protocol version 4 (IPv4) with a
+ hex value of 0x0800.";
+ reference
+ "RFC 791: Internet Protocol.";
+ }
+ enum arp {
+ value 2054;
+ description
+ "Address Resolution Protocol (ARP) with a
+ hex value of 0x0806.";
+ reference
+ "RFC 826: An Ethernet Address Resolution Protocol.";
+ }
+ enum wlan {
+ value 2114;
+ description
+ "Wake-on-LAN. Hex value of 0x0842.";
+ }
+ enum trill {
+ value 8947;
+ description
+ "Transparent Interconnection of Lots of Links.
+ Hex value of 0x22F3.";
+ reference
+ "RFC 6325: Routing Bridges (RBridges): Base Protocol
+ Specification.";
+ }
+ enum srp {
+ value 8938;
+ description
+ "Stream Reservation Protocol. Hex value of
+ 0x22EA.";
+ reference
+ "IEEE 801.1Q-2011.";
+ }
+ enum decnet {
+ value 24579;
+ description
+ "DECnet Phase IV. Hex value of 0x6003.";
+ }
+ enum rarp {
+ value 32821;
+ description
+ "Reverse Address Resolution Protocol.
+ Hex value 0x8035.";
+ reference
+ "RFC 903. A Reverse Address Resolution Protocol.";
+ }
+ enum appletalk {
+ value 32923;
+ description
+ "Appletalk (Ethertalk). Hex value 0x809B.";
+ }
+ enum aarp {
+ value 33011;
+ description
+ "Appletalk Address Resolution Protocol. Hex value
+ of 0x80F3.";
+ }
+ enum vlan {
+ value 33024;
+ description
+ "VLAN-tagged frame (802.1Q) and Shortest Path
+ Bridging IEEE 802.1aq with NNI compatibility.
+ Hex value 0x8100.";
+ reference
+ "802.1Q.";
+ }
+ enum ipx {
+ value 33079;
+ description
+ "Internetwork Packet Exchange (IPX). Hex value
+ of 0x8137.";
+ }
+ enum qnx {
+ value 33284;
+ description
+ "QNX Qnet. Hex value of 0x8204.";
+ }
+ enum ipv6 {
+ value 34525;
+ description
+ "Internet Protocol Version 6 (IPv6). Hex value
+ of 0x86DD.";
+ reference
+ "RFC 8200: Internet Protocol, Version 6 (IPv6)
+ Specification
+ RFC 8201: Path MTU Discovery for IPv6.";
+ }
+ enum efc {
+ value 34824;
+ description
+ "Ethernet flow control using pause frames.
+ Hex value of 0x8808";
+ reference
+ "IEEE Std. 802.1Qbb.";
+ }
+ enum esp {
+ value 34825;
+ description
+ "Ethernet Slow Protocol. Hex value of 0x8809.";
+ reference
+ "IEEE Std. 802.3-2015";
+ }
+ enum cobranet {
+ value 34841;
+ description
+ "CobraNet. Hex value of 0x";
+ }
+ enum mpls-unicast {
+ value 34887;
+ description
+ "MultiProtocol Label Switch (MPLS) unicast traffic.
+ Hex value of 0x8847.";
+ reference
+ "RFC 3031: Multiprotocol Label Switching Architecture.";
+ }
+ enum mpls-multicast {
+ value 34888;
+ description
+ "MultiProtocol Label Switch (MPLS) multicast traffic.
+ Hex value of 0x8848.";
+ reference
+ "RFC 3031: Multiprotocol Label Switching Architecture.";
+ }
+ enum pppoe-discovery {
+ value 34915;
+ description
+ "Point-to-Point Protocol over Ethernet. Used during
+ the discovery process. Hex value of 0x8863.";
+ reference
+ "RFC 2516: A method for Transmitting PPP over Ethernet
+ PPPoE.";
+ }
+ enum pppoe-session {
+ value 34916;
+ description
+ "Point-to-Point Protocol over Ethernet. Used during
+ session stage. Hex value of 0x8864.";
+ reference
+ "RFC 2516: A method for Transmitting PPP over Ethernet
+ PPPoE.";
+ }
+ enum intel-ans {
+ value 34925;
+ description
+ "Intel Advanced Networking Services. Hex value of
+ 0x886D.";
+ }
+ enum jumbo-frames {
+ value 34928;
+ description
+ "Jumbo frames or Ethernet frames with more than
+ 1500 bytes of payload, upto 9000 bytes.";
+ }
+ enum homeplug {
+ value 34939;
+ description
+ "Family name for the various power line
+ communications. Hex value of 0x887B.";
+ }
+ enum eap {
+ value 34958;
+ description
+ "Ethernet Access Protocol (EAP) over LAN. Hex value
+ of 0x888E.";
+ reference
+ "IEEE 802.1X";
+ }
+ enum profinet {
+ value 34962;
+ description
+ "PROcess FIeld Net (PROFINET). Hex value of 0x8892.";
+ }
+ enum hyperscsi {
+ value 34970;
+ description
+ "SCSI over Ethernet. Hex value of 0x889A";
+ }
+ enum aoe {
+ value 34978;
+ description
+ "Advanced Technology Advancement (ATA) over Ethernet.
+ Hex value of 0x88A2.";
+ }
+ enum ethercat {
+ value 34980;
+ description
+ "Ethernet for Control Automation Technology (EtherCAT).
+ Hex value of 0x88A4.";
+ }
+ enum provider-bridging {
+ value 34984;
+ description
+ "Provider Bridging (802.1ad) and Shortest Path Bridging
+ (801.1aq). Hex value of 0x88A8.";
+ reference
+ "IEEE 802.1ad, IEEE 802.1aq).";
+ }
+ enum ethernet-powerlink {
+ value 34987;
+ description
+ "Ethernet Powerlink. Hex value of 0x88AB.";
+ }
+ enum goose {
+ value 35000;
+ description
+ "Generic Object Oriented Substation Event (GOOSE).
+ Hex value of 0x88B8.";
+ reference
+ "IEC/ISO 8802-2 and 8802-3.";
+ }
+ enum gse {
+ value 35001;
+ description
+ "Generic Substation Events. Hex value of 88B9.";
+ reference
+ "IEC 61850.";
+ }
+ enum sv {
+ value 35002;
+ description
+ "Sampled Value Transmission. Hex value of 0x88BA.";
+ reference
+ "IEC 61850.";
+ }
+ enum lldp {
+ value 35020;
+ description
+ "Link Layer Discovery Protocol (LLDP). Hex value of
+ 0x88CC.";
+ reference
+ "IEEE 802.1AB.";
+ }
+ enum sercos {
+ value 35021;
+ description
+ "Sercos Interface. Hex value of 0x88CD.";
+ }
+ enum wsmp {
+ value 35036;
+ description
+ "WAVE Short Message Protocl (WSMP). Hex value of
+ 0x88DC.";
+ }
+ enum homeplug-av-mme {
+ value 35041;
+ description
+ "HomePlug AV MME. Hex value of 88E1.";
+ }
+ enum mrp {
+ value 35043;
+ description
+ "Media Redundancy Protocol (MRP). Hex value of
+ 0x88E3.";
+ reference
+ "IEC62439-2.";
+ }
+ enum macsec {
+ value 35045;
+ description
+ "MAC Security. Hex value of 0x88E5.";
+ reference
+ "IEEE 802.1AE.";
+ }
+ enum pbb {
+ value 35047;
+ description
+ "Provider Backbone Bridges (PBB). Hex value of
+ 0x88E7.";
+ reference
+ "IEEE 802.1ah.";
+ }
+ enum cfm {
+ value 35074;
+ description
+ "Connectivity Fault Management (CFM). Hex value of
+ 0x8902.";
+ reference
+ "IEEE 802.1ag.";
+ }
+ enum fcoe {
+ value 35078;
+ description
+ "Fiber Channel over Ethernet (FCoE). Hex value of
+ 0x8906.";
+ reference
+ "T11 FC-BB-5.";
+ }
+ enum fcoe-ip {
+ value 35092;
+ description
+ "FCoE Initialization Protocol. Hex value of 0x8914.";
+ }
+ enum roce {
+ value 35093;
+ description
+ "RDMA over Converged Ethernet (RoCE). Hex value of
+ 0x8915.";
+ }
+ enum tte {
+ value 35101;
+ description
+ "TTEthernet Protocol Control Frame (TTE). Hex value
+ of 0x891D.";
+ reference
+ "SAE AS6802.";
+ }
+ enum hsr {
+ value 35119;
+ description
+ "High-availability Seamless Redundancy (HSR). Hex
+ value of 0x892F.";
+ reference
+ "IEC 62439-3:2016.";
+ }
+ }
+ }
+ description
+ "The uint16 type placeholder is defined to enable
+ users to manage their own ethertypes not
+ covered by the module. Otherwise the module contains
+ enum definitions for the more commonly used ethertypes.";
+ }
+}
+++ /dev/null
-module ietf-packet-fields {
- yang-version 1.1;
- namespace "urn:ietf:params:xml:ns:yang:ietf-packet-fields";
- prefix packet-fields;
- import ietf-inet-types {
- prefix inet;
- }
- import ietf-yang-types {
- prefix yang;
- }
- organization "IETF NETMOD (NETCONF Data Modeling Language) Working
- Group";
- contact
- "WG Web: http://tools.ietf.org/wg/netmod/
- WG Chair: Juergen Schoenwaelder
- WG Chair: Tom Nadeau
- Editor: Dean Bogdanovic
- Editor: Kiran Agrahara Sreenivasa
- Editor: Lisa Huang
- Editor: Dana Blair
- description
- "This YANG module defines groupings that are used by
- ietf-access-control-list YANG module. Their usage is not
- limited to ietf-access-control-list and can be
- used anywhere as applicable.
- Copyright (c) 2015 IETF Trust and the persons identified as
- the document authors. All rights reserved.
- Redistribution and use in source and binary forms, with or
- without modification, is permitted pursuant to, and subject
- to the license terms contained in, the Simplified BSD
- License set forth in Section 4.c of the IETF Trust's Legal
- Provisions Relating to IETF Documents
- (http://trustee.ietf.org/license-info).
- This version of this YANG module is part of RFC XXXX; see
- the RFC itself for full legal notices.";
- revision 2016-07-08 {
- description
- "Initial version of packet fields used by
- ietf-access-control-list";
- reference
- "RFC XXXX: Network Access Control List (ACL)
- YANG Data Model";
- }
- grouping acl-transport-header-fields {
- description
- "Transport header fields";
- container source-port-range {
- presence "Enables setting source port range";
- description
- "Inclusive range representing source ports to be used.
- When only lower-port is present, it represents a single port.";
- leaf lower-port {
- type inet:port-number;
- mandatory true;
- description
- "Lower boundary for port.";
- }
- leaf upper-port {
- type inet:port-number;
- must ". >= ../lower-port" {
- error-message
- "The upper-port must be greater than or equal to lower-port";
- }
- description
- "Upper boundary for port . If existing, the upper port
- must be greater or equal to lower-port.";
- }
- }
- container destination-port-range {
- presence "Enables setting destination port range";
- description
- "Inclusive range representing destination ports to be used. When
- only lower-port is present, it represents a single port.";
- leaf lower-port {
- type inet:port-number;
- mandatory true;
- description
- "Lower boundary for port.";
- }
- leaf upper-port {
- type inet:port-number;
- must ". >= ../lower-port" {
- error-message
- "The upper-port must be greater than or equal to lower-port";
- }
-
- description
- "Upper boundary for port. If existing, the upper port must
- be greater or equal to lower-port";
- }
- }
- }
- grouping acl-ip-header-fields {
- description
- "IP header fields common to ipv4 and ipv6";
- leaf dscp {
- type inet:dscp;
- description
- "Value of dscp.";
- }
- leaf protocol {
- type uint8;
- description
- "Internet Protocol number.";
- }
- uses acl-transport-header-fields;
- }
- grouping acl-ipv4-header-fields {
- description
- "Fields in IPv4 header.";
- leaf destination-ipv4-network {
- type inet:ipv4-prefix;
- description
- "Destination IPv4 address prefix.";
- }
- leaf source-ipv4-network {
- type inet:ipv4-prefix;
- description
- "Source IPv4 address prefix.";
- }
- }
- grouping acl-ipv6-header-fields {
- description
- "Fields in IPv6 header";
- leaf destination-ipv6-network {
- type inet:ipv6-prefix;
- description
- "Destination IPv6 address prefix.";
- }
- leaf source-ipv6-network {
- type inet:ipv6-prefix;
- description
- "Source IPv6 address prefix.";
- }
- leaf flow-label {
- type inet:ipv6-flow-label;
- description
- "IPv6 Flow label.";
- }
- reference
- "RFC 4291: IP Version 6 Addressing Architecture
- RFC 4007: IPv6 Scoped Address Architecture
- RFC 5952: A Recommendation for IPv6 Address Text Representation";
- }
- grouping acl-eth-header-fields {
- description
- "Fields in Ethernet header.";
- leaf destination-mac-address {
- type yang:mac-address;
- description
- "Destination IEEE 802 MAC address.";
- }
- leaf destination-mac-address-mask {
- type yang:mac-address;
- description
- "Destination IEEE 802 MAC address mask.";
- }
- leaf source-mac-address {
- type yang:mac-address;
- description
- "Source IEEE 802 MAC address.";
- }
- leaf source-mac-address-mask {
- type yang:mac-address;
- description
- "Source IEEE 802 MAC address mask.";
- }
- reference
- "IEEE 802: IEEE Standard for Local and Metropolitan Area
- Networks: Overview and Architecture.";
- }
-
-}
\ No newline at end of file
--- /dev/null
+module ietf-packet-fields {
+ yang-version 1.1;
+ namespace "urn:ietf:params:xml:ns:yang:ietf-packet-fields";
+ prefix packet-fields;
+
+ import ietf-inet-types {
+ prefix inet;
+ reference
+ "RFC 6991 - Common YANG Data Types.";
+ }
+
+ import ietf-yang-types {
+ prefix yang;
+ reference
+ "RFC 6991 - Common YANG Data Types.";
+ }
+
+ import ietf-ethertypes {
+ prefix eth;
+ reference
+ "RFC XXXX - Network ACL YANG Model.";
+ }
+
+ organization
+ "IETF NETMOD (Network Modeling Language) Working
+ Group";
+
+ contact
+ "WG Web: http://tools.ietf.org/wg/netmod/
+
+ Editor: Mahesh Jethanandani
+ Editor: Lisa Huang
+ Editor: Sonal Agarwal
+ Editor: Dana Blair
+
+ description
+ "This YANG module defines groupings that are used by
+ ietf-access-control-list YANG module. Their usage is not
+ limited to ietf-access-control-list and can be
+ used anywhere as applicable.
+
+ Copyright (c) 2018 IETF Trust and the persons identified as
+ the document authors. All rights reserved.
+ Redistribution and use in source and binary forms, with or
+ without modification, is permitted pursuant to, and subject
+ to the license terms contained in, the Simplified BSD
+ License set forth in Section 4.c of the IETF Trust's Legal
+ Provisions Relating to IETF Documents
+ (http://trustee.ietf.org/license-info).
+
+ This version of this YANG module is part of RFC XXXX; see
+ the RFC itself for full legal notices.";
+
+ revision 2018-10-01 {
+ description
+ "Initial version.";
+ reference
+ "RFC XXX: Network Access Control List (ACL) YANG Data Model.";
+ }
+
+ /*
+ * Typedefs
+ */
+ typedef operator {
+ type enumeration {
+ enum lte {
+ description
+ "Less than or equal.";
+ }
+ enum gte {
+ description
+ "Greater than or equal.";
+ }
+ enum eq {
+ description
+ "Equal to.";
+ }
+ enum neq {
+ description
+ "Not equal to.";
+ }
+ }
+ description
+ "The source and destination port range definitions
+ can be further qualified using an operator. An
+ operator is needed only if lower-port is specified
+ and upper-port is not specified. The operator
+ therefore further qualifies lower-port only.";
+ }
+
+ /*
+ * Groupings
+ */
+ grouping port-range-or-operator {
+ choice port-range-or-operator {
+ case range {
+ leaf lower-port {
+ type inet:port-number;
+ must ". <= ../upper-port" {
+ error-message
+ "The lower-port must be less than or equal to
+ upper-port.";
+ }
+ mandatory true;
+ description
+ "Lower boundry for a port.";
+ }
+ leaf upper-port {
+ type inet:port-number;
+ mandatory true;
+ description
+ "Upper boundry for port.";
+ }
+ }
+ case operator {
+ leaf operator {
+ type operator;
+ default eq;
+ description
+ "Operator to be applied on the port below.";
+ }
+ leaf port {
+ type inet:port-number;
+ mandatory true;
+ description
+ "Port number along with operator on which to
+ match.";
+ }
+ }
+ description
+ "Choice of specifying a port range or a single
+ port along with an operator.";
+ }
+ description
+ "Grouping for port definitions in the form of a
+ choice statement.";
+ }
+
+ grouping acl-ip-header-fields {
+ description
+ "IP header fields common to ipv4 and ipv6";
+ reference
+ "RFC 791: Internet Protocol.";
+
+ leaf dscp {
+ type inet:dscp;
+ description
+ "Differentiated Services Code Point.";
+ reference
+ "RFC 2474: Definition of Differentiated services field
+ (DS field) in the IPv4 and IPv6 headers.";
+ }
+
+ leaf ecn {
+ type uint8 {
+ range 0..3;
+ }
+ description
+ "Explicit Congestion Notification.";
+ reference
+ "RFC 3168: Explicit Congestion Notification.";
+ }
+
+ leaf length {
+ type uint16;
+ description
+ "In IPv4 header field, this field is known as the Total Length.
+ Total Length is the length of the datagram, measured in octets,
+ including internet header and data.
+
+ In IPv6 header field, this field is known as the Payload
+ Length, the length of the IPv6 payload, i.e. the rest of
+ the packet following the IPv6 header, in octets.";
+ reference
+ "RFC 791: Internet Protocol,
+ RFC 8200: Internet Protocol, Version 6 (IPv6) Specification.";
+ }
+
+ leaf ttl {
+ type uint8;
+ description
+ "This field indicates the maximum time the datagram is allowed
+ to remain in the internet system. If this field contains the
+ value zero, then the datagram must be dropped.
+
+ In IPv6, this field is known as the Hop Limit.";
+ reference
+ "RFC 791: Internet Protocol,
+ RFC 8200: Internet Protocol, Version 6 (IPv6) Specification.";
+ }
+
+ leaf protocol {
+ type uint8;
+ description
+ "Internet Protocol number. Refers to the protocol of the
+ payload. In IPv6, this field is known as 'next-header,
+ and if extension headers are present, the protocol is
+ present in the 'upper-layer' header.";
+ reference
+ "RFC 791: Internet Protocol,
+ RFC 8200: Internet Protocol, Version 6 (IPv6) Specification.";
+ }
+ }
+
+ grouping acl-ipv4-header-fields {
+ description
+ "Fields in IPv4 header.";
+
+ leaf ihl {
+ type uint8 {
+ range "5..60";
+ }
+ description
+ "An IPv4 header field, the Internet Header Length (IHL) is
+ the length of the internet header in 32 bit words, and
+ thus points to the beginning of the data. Note that the
+ minimum value for a correct header is 5.";
+ }
+
+ leaf flags {
+ type bits {
+ bit reserved {
+ position 0;
+ description
+ "Reserved. Must be zero.";
+ }
+ bit fragment {
+ position 1;
+ description
+ "Setting value to 0 indicates may fragment, while setting
+ the value to 1 indicates do not fragment.";
+ }
+ bit more {
+ position 2;
+ description
+ "Setting the value to 0 indicates this is the last fragment,
+ and setting the value to 1 indicates more fragments are
+ coming.";
+ }
+ }
+ description
+ "Bit definitions for the flags field in IPv4 header.";
+ }
+
+ leaf offset {
+ type uint16 {
+ range "20..65535";
+ }
+ description
+ "The fragment offset is measured in units of 8 octets (64 bits).
+ The first fragment has offset zero. The length is 13 bits";
+ }
+
+ leaf identification {
+ type uint16;
+ description
+ "An identifying value assigned by the sender to aid in
+ assembling the fragments of a datagram.";
+ }
+
+ choice destination-network {
+ case destination-ipv4-network {
+ leaf destination-ipv4-network {
+ type inet:ipv4-prefix;
+ description
+ "Destination IPv4 address prefix.";
+ }
+ }
+ description
+ "Choice of specifying a destination IPv4 address or
+ referring to a group of IPv4 destination addresses.";
+ }
+ choice source-network {
+ case source-ipv4-network {
+ leaf source-ipv4-network {
+ type inet:ipv4-prefix;
+ description
+ "Source IPv4 address prefix.";
+ }
+ }
+ description
+ "Choice of specifying a source IPv4 address or
+ referring to a group of IPv4 source addresses.";
+ }
+ }
+
+ grouping acl-ipv6-header-fields {
+ description
+ "Fields in IPv6 header";
+
+ choice destination-network {
+ case destination-ipv6-network {
+ leaf destination-ipv6-network {
+ type inet:ipv6-prefix;
+ description
+ "Destination IPv6 address prefix.";
+ }
+ }
+ description
+ "Choice of specifying a destination IPv6 address
+ or referring to a group of IPv6 destination
+ addresses.";
+ }
+
+ choice source-network {
+ case source-ipv6-network {
+ leaf source-ipv6-network {
+ type inet:ipv6-prefix;
+ description
+ "Source IPv6 address prefix.";
+ }
+ }
+ description
+ "Choice of specifying a source IPv6 address or
+ referring to a group of IPv6 source addresses.";
+ }
+
+ leaf flow-label {
+ type inet:ipv6-flow-label;
+ description
+ "IPv6 Flow label.";
+ }
+ reference
+ "RFC 4291: IP Version 6 Addressing Architecture
+ RFC 4007: IPv6 Scoped Address Architecture
+ RFC 5952: A Recommendation for IPv6 Address Text
+ Representation";
+ }
+
+ grouping acl-eth-header-fields {
+ description
+ "Fields in Ethernet header.";
+
+ leaf destination-mac-address {
+ type yang:mac-address;
+ description
+ "Destination IEEE 802 MAC address.";
+ }
+ leaf destination-mac-address-mask {
+ type yang:mac-address;
+ description
+ "Destination IEEE 802 MAC address mask.";
+ }
+ leaf source-mac-address {
+ type yang:mac-address;
+ description
+ "Source IEEE 802 MAC address.";
+ }
+ leaf source-mac-address-mask {
+ type yang:mac-address;
+ description
+ "Source IEEE 802 MAC address mask.";
+ }
+ leaf ethertype {
+ type eth:ethertype;
+ description
+ "The Ethernet Type (or Length) value represented
+ in the canonical order defined by IEEE 802.
+ The canonical representation uses lowercase
+ characters.";
+ reference
+ "IEEE 802-2014 Clause 9.2";
+ }
+ reference
+ "IEEE 802: IEEE Standard for Local and Metropolitan
+ Area Networks: Overview and Architecture.";
+ }
+
+ grouping acl-tcp-header-fields {
+ description
+ "Collection of TCP header fields that can be used to
+ setup a match filter.";
+
+ leaf sequence-number {
+ type uint32;
+ description
+ "Sequence number that appears in the packet.";
+ }
+
+ leaf acknowledgement-number {
+ type uint32;
+ description
+ "The acknowledgement number that appears in the
+ packet.";
+ }
+
+ leaf data-offset {
+ type uint8 {
+ range "5..15";
+ }
+ description
+ "Specifies the size of the TCP header in 32-bit
+ words. The minimum size header is 5 words and
+ the maximum is 15 words thus giving the minimum
+ size of 20 bytes and maximum of 60 bytes,
+ allowing for up to 40 bytes of options in the
+ header.";
+ }
+
+ leaf reserved {
+ type uint8;
+ description
+ "Reserved for future use.";
+ }
+
+ leaf flags {
+ type bits {
+ bit cwr {
+ position 1;
+ description
+ "Congestion Window Reduced (CWR) flag is set by
+ the sending host to indicate that it received
+ a TCP segment with the ECE flag set and had
+ responded in congestion control mechanism.";
+ reference
+ "RFC 3168: The Addition of Explicit Congestion
+ Notification (ECN) to IP.";
+ }
+ bit ece {
+ position 2;
+ description
+ "ECN-Echo has a dual role, depending on the value
+ of the SYN flag. It indicates:
+ If the SYN flag is set (1), that the TCP peer is ECN
+ capable. If the SYN flag is clear (0), that a packet
+ with Congestion Experienced flag set (ECN=11) in IP
+ header was received during normal transmission
+ (added to header by RFC 3168). This serves as an
+ indication of network congestion (or impending
+ congestion) to the TCP sender.";
+ reference
+ "RFC 3168: The Addition of Explicit Congestion
+ Notification (ECN) to IP.";
+ }
+ bit urg {
+ position 3;
+ description
+ "Indicates that the Urgent pointer field is significant.";
+ }
+ bit ack {
+ position 4;
+ description
+ "Indicates that the Acknowledgment field is significant.
+ All packets after the initial SYN packet sent by the
+ client should have this flag set.";
+ }
+ bit psh {
+ position 5;
+ description
+ "Push function. Asks to push the buffered data to the
+ receiving application.";
+ }
+ bit rst {
+ position 6;
+ description
+ "Reset the connection.";
+ }
+ bit syn {
+ position 7;
+ description
+ "Synchronize sequence numbers. Only the first packet
+ sent from each end should have this flag set. Some
+ other flags and fields change meaning based on this
+ flag, and some are only valid for when it is set,
+ and others when it is clear.";
+ }
+ bit fin {
+ position 8;
+ description
+ "Last package from sender.";
+ }
+ }
+ description
+ "Also known as Control Bits. Contains 9 1-bit flags.";
+ reference
+ "RFC 793: Transmission Control Protocol (TCP).";
+ }
+
+ leaf window-size {
+ type uint16;
+ units "bytes";
+ description
+ "The size of the receive window, which specifies
+ the number of window size units beyond the segment
+ identified by the sequence number in the acknowledgment
+ field that the sender of this segment is currently
+ willing to receive.";
+ }
+
+ leaf urgent-pointer {
+ type uint16;
+ description
+ "This field is an offset from the sequence number
+ indicating the last urgent data byte.";
+ }
+
+ leaf options {
+ type binary {
+ length "1..40";
+ }
+ description
+ "The length of this field is determined by the
+ data offset field. Options have up to three
+ fields: Option-Kind (1 byte), Option-Length
+ (1 byte), Option-Data (variable). The Option-Kind
+ field indicates the type of option, and is the
+ only field that is not optional. Depending on
+ what kind of option we are dealing with,
+ the next two fields may be set: the Option-Length
+ field indicates the total length of the option,
+ and the Option-Data field contains the value of
+ the option, if applicable.";
+ }
+ }
+
+ grouping acl-udp-header-fields {
+ description
+ "Collection of UDP header fields that can be used
+ to setup a match filter.";
+
+ leaf length {
+ type uint16;
+ description
+ "A field that specifies the length in bytes of
+ the UDP header and UDP data. The minimum
+ length is 8 bytes because that is the length of
+ the header. The field size sets a theoretical
+ limit of 65,535 bytes (8 byte header + 65,527
+ bytes of data) for a UDP datagram. However the
+ actual limit for the data length, which is
+ imposed by the underlying IPv4 protocol, is
+ 65,507 bytes (65,535 minus 8 byte UDP header
+ minus 20 byte IP header).
+
+ In IPv6 jumbograms it is possible to have
+ UDP packets of size greater than 65,535 bytes.
+ RFC 2675 specifies that the length field is set
+ to zero if the length of the UDP header plus
+ UDP data is greater than 65,535.";
+ }
+ }
+
+ grouping acl-icmp-header-fields {
+ description
+ "Collection of ICMP header fields that can be
+ used to setup a match filter.";
+
+ leaf type {
+ type uint8;
+ description
+ "Also known as Control messages.";
+ reference
+ "RFC 792: Internet Control Message Protocol (ICMP),
+ RFC 4443: Internet Control Message Protocol (ICMPv6)
+ for Internet Protocol Version 6 (IPv6)
+ Specifciation.";
+ }
+
+ leaf code {
+ type uint8;
+ description
+ "ICMP subtype. Also known as Control messages.";
+ reference
+ "RFC 792: Internet Control Message Protocol (ICMP),
+ RFC 4443: Internet Control Message Protocol (ICMPv6)
+ for Internet Protocol Version 6 (IPv6)
+ Specifciation.";
+ }
+
+ leaf rest-of-header {
+ type binary;
+ description
+ "Unbounded in length, the contents vary based on the
+ ICMP type and code. Also referred to as 'Message Body'
+ in ICMPv6.";
+ reference
+ "RFC 792: Internet Control Message Protocol (ICMP),
+ RFC 4443: Internet Control Message Protocol (ICMPv6)
+ for Internet Protocol Version 6 (IPv6)
+ Specifciation.";
+ }
+ }
+}
+++ /dev/null
-module interface-acl {
- yang-version 1;
- namespace "urn:opendaylight:params:xml:ns:yang:interface:acl";
- prefix "ifc-acl";
-
- import ietf-interfaces {
- prefix "if";
- }
-
- import yang-ext {
- prefix "ext";
- }
-
- import ietf-access-control-list {
- prefix "acl";
- }
-
- organization
- "FD.io - The Fast Data Project";
-
- contact
- "Hc2vpp Wiki <https://wiki.fd.io/view/Hc2vpp>
-
- description
- "This module contains a collection of YANG definitions for
- applying ACLs on VPP interfaces.
- Uses ACL implementation provided by ACL plugin of VPP.
-
- Copyright (c) 2016 Cisco and/or its affiliates.
-
- Licensed under the Apache License, Version 2.0 (the 'License');
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at:
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an 'AS IS' BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.";
-
- revision "2016-12-14" {
- description "Initial revision of interface-acl model";
- }
-
- grouping vpp-acls-base-attributes {
- description
- "List of ACLs of vpp-acl type"; // TODO(HC2VPP-201): express constraint in the model if possible
- list vpp-acls {
- key "type name";
- ordered-by user;
-
- leaf type {
- type acl:acl-type;
- }
-
- // FIXME(HC2VPP-290): define leafref in interface-acl or bump ietf-access-control-list
- leaf name {
- type acl:access-control-list-ref;
- }
- }
- }
-
- grouping vpp-macip-acls-base-attributes {
- container vpp-macip-acl {
- description
- "ACL of vpp-macip-acl type"; // TODO(HC2VPP-201): express constraint in the model if possible
-
- leaf type {
- type acl:acl-type;
- }
-
- leaf name {
- type acl:access-control-list-ref;
- }
- }
- }
-
- grouping interface-acl-attributes {
- container acl {
- container ingress {
- uses vpp-acls-base-attributes;
- uses vpp-macip-acls-base-attributes;
- }
- container egress {
- uses vpp-acls-base-attributes;
- }
- }
- }
-
- augment /if:interfaces/if:interface {
- ext:augment-identifier "vpp-acl-interface-augmentation";
- uses interface-acl-attributes;
- }
-
- augment /if:interfaces-state/if:interface {
- ext:augment-identifier "vpp-acl-interface-state-augmentation";
- uses interface-acl-attributes;
- }
-
-}
\ No newline at end of file
module vpp-acl-context {
yang-version 1;
- namespace "urn:opendaylight:params:xml:ns:yang:vpp:acl:context";
+ namespace "http://fd.io/hc2vpp/yang/vpp/acl/context";
prefix "vac";
import naming-context {
+++ /dev/null
-module vpp-acl {
- yang-version 1;
- namespace "urn:opendaylight:params:xml:ns:yang:vpp:acl";
- prefix "vpp-acl";
-
- import ietf-access-control-list {
- prefix "acl";
- }
-
- import yang-ext {
- prefix "ext";
- }
-
- import ietf-packet-fields {
- prefix packet-fields;
- }
-
- import ietf-inet-types {
- prefix inet;
- }
-
- import ietf-yang-types {
- prefix yang;
- }
-
- organization
- "FD.io - The Fast Data Project";
-
- contact
- "Hc2vpp Wiki <https://wiki.fd.io/view/Hc2vpp>
-
- description
- "This module contains a collection of YANG definitions
- that extend ietf-access-control-list module
- with VPP specific features provided by the VPP ACL plugin.
-
- Copyright (c) 2016-2017 Cisco and/or its affiliates.
-
- Licensed under the Apache License, Version 2.0 (the 'License');
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at:
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an 'AS IS' BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.";
-
- revision "2017-06-15" {
- description
- "Renamed stateful/permit leaf to permit-and-reflect";
- }
-
- revision "2016-12-14" {
- description
- "Initial revision of vpp-acl model.";
- }
-
- augment /acl:access-lists/acl:acl/acl:access-list-entries/acl:ace/acl:actions/acl:packet-handling {
- ext:augment-identifier "stateful-acl-action-augmentation";
- when "../acl:matches/acl:ace-type = 'vpp-acl:vpp-acl'";
- case stateful {
- leaf permit-and-reflect {
- type empty;
- description
- "Permits egress TCP/UDP traffic and ingress in reverse direction by creating reflexive ACEs.";
- }
- }
- }
-
- identity vpp-acl {
- base acl:acl-base;
- description
- "ACL that contains only aces of vpp-ace type.";
- }
-
- identity vpp-macip-acl {
- base acl:acl-base;
- description
- "ACL that contains only aces of vpp-macip-acl type.";
- }
-
- grouping value-range {
- description "Defines value range with first and last value defined";
-
- leaf first {
- type uint8;
- mandatory true;
- description "Lower boundary for range";
- }
-
- leaf last {
- type uint8;
- mandatory true;
- description "Upper boundary for range";
- must "last >= first";
- }
- }
-
- grouping acl-icmp-header-fields {
- description
- "ICMP header fields";
- container icmp-type-range {
- presence "Enables setting icmp-type";
- description
- "Inclusive range representing icmp types to be used.";
- uses value-range;
- }
-
- container icmp-code-range {
- presence "Enables setting icmp-code";
- description
- "Inclusive range representing icmp codes to be used.";
- uses value-range;
- }
- }
-
- grouping acl-tcp-header-fields {
- description
- "TCP header fields";
- leaf tcp-flags-mask {
- description
- "Binary mask for tcp flags to match. MSB order (FIN at position 0).
- Applied as logical AND to tcp flags field of the packet being matched,
- before it is compared with tcp-flags-value.";
- type uint8;
- }
- leaf tcp-flags-value {
- description
- "Binary value for tcp flags to match. MSB order (FIN at position 0).
- Before tcp-flags-value is compared with tcp flags field of the packet being matched,
- tcp-flags-mask is applied to packet field value.";
- type uint8;
- }
- }
-
- grouping acl-other-protocol-fields {
- description "Used for any other protocol than TCP/UDP/ICMP/ICMPv6";
- leaf protocol {
- must "protocol != 1 and protocol != 6 and protocol != 17 and protocol != 58";
- type uint8;
- description "Internet Protocol number.";
- }
- }
-
- grouping acl-ip-protocol-header-fields {
- description
- "Defines header fields for TCP/UDP or ICMP protocols";
- choice ip-protocol {
- case icmp {
- container icmp-nodes {
- uses acl-icmp-header-fields;
- }
- }
- case icmp-v6 {
- container icmp-v6-nodes {
- uses acl-icmp-header-fields;
- }
- }
- case udp {
- container udp-nodes {
- uses packet-fields:acl-transport-header-fields;
- }
- }
- case tcp {
- container tcp-nodes {
- uses packet-fields:acl-transport-header-fields;
- uses acl-tcp-header-fields;
- }
- }
- case other {
- container other-nodes {
- uses acl-other-protocol-fields;
- }
- }
- }
- }
-
- augment /acl:access-lists/acl:acl/acl:access-list-entries/acl:ace/acl:matches/acl:ace-type {
- ext:augment-identifier "vpp-acl-type-augmentation";
- case vpp-ace {
- description
- "Access List entry that can define:
- - IP4/IP6 src/dst ip prefix- Internet Protocol number
- - Internet Protocol number
- - selected L4 headers:
- * ICMP (type range)
- * UDP (port range)
- * TCP (port range, flags mask, flags value)";
- container vpp-ace-nodes {
- choice ace-ip-version {
- description
- "IP version used in this Access List Entry.";
- case ace-ipv4 {
- uses packet-fields:acl-ipv4-header-fields;
- }
- case ace-ipv6 {
- uses packet-fields:acl-ipv6-header-fields;
- }
- }
- uses acl-ip-protocol-header-fields;
- }
- }
- }
-
- grouping vpp-macip-ace-eth-header-fields {
- description
- "Fields in Ethernet header supported by vpp-macip rule";
- leaf source-mac-address {
- type yang:mac-address;
- description
- "Source IEEE 802 MAC address.
- Before source-mac-address is compared with source mac address field of the packet being matched,
- source-mac-address-mask is applied to packet field value.";
- }
- leaf source-mac-address-mask {
- type yang:mac-address;
- description
- "Source IEEE 802 MAC address mask.
- Applied as logical AND with source mac address field of the packet being matched,
- before it is compared with source-mac-address.";
- }
- }
-
- grouping vpp-macip-ace-ipv4-header-fields {
- description
- "Fields in IPv4 header supported by vpp-macip rule";
- leaf source-ipv4-network {
- type inet:ipv4-prefix;
- description
- "Source IPv4 address prefix.";
- }
- }
-
- grouping vpp-macip-ace-ipv6-header-fields {
- description
- "Fields in IPv6 header supported by vpp-macip rule";
- leaf source-ipv6-network {
- type inet:ipv6-prefix;
- description
- "Source IPv6 address prefix.";
- }
- }
-
- augment /acl:access-lists/acl:acl/acl:access-list-entries/acl:ace/acl:matches/acl:ace-type {
- ext:augment-identifier "vpp-macip-acl-type-augmentation";
- case vpp-macip-ace {
- description
- "Access List entry that can define:
- - IP4/IP6 src ip prefix
- - src MAC address mask
- - src MAC address value
- - can be used only for static ACLs.";
- container vpp-macip-ace-nodes {
- choice ace-ip-version {
- description
- "IP version used in this Access List Entry.";
- case ace-ipv4 {
- uses vpp-macip-ace-ipv4-header-fields;
- }
- case ace-ipv6 {
- uses vpp-macip-ace-ipv6-header-fields;
- }
- }
- uses vpp-macip-ace-eth-header-fields;
- }
- }
- }
-
- augment /acl:access-lists/acl:acl {
- ext:augment-identifier "vpp-acl-augmentation";
- leaf tag {
- type string {
- length 1..63;
- }
- description
- "ASCII tag that can be used as a placeholder for ACL metadata. Value is stored in vpp,
- and returned in read requests. No processing involved.";
- }
- }
-}
\ No newline at end of file
--- /dev/null
+module vpp-acl {
+ yang-version 1;
+ namespace "http://fd.io/hc2vpp/yang/vpp/acl";
+ prefix "vpp-acl";
+
+ import ietf-access-control-list {
+ prefix "acl";
+ }
+
+ import yang-ext {
+ prefix "ext";
+ }
+
+ import ietf-packet-fields {
+ prefix packet-fields;
+ }
+
+ import ietf-inet-types {
+ prefix inet;
+ }
+
+ import ietf-yang-types {
+ prefix yang;
+ }
+
+ organization
+ "FD.io - The Fast Data Project";
+
+ contact
+ "Hc2vpp Wiki <https://wiki.fd.io/view/Hc2vpp>
+
+ description
+ "This module contains a collection of YANG definitions
+ that extend ietf-access-control-list module
+ with VPP specific features provided by the VPP ACL plugin.
+
+ Copyright (c) 2016-2017 Cisco and/or its affiliates.
+
+ Licensed under the Apache License, Version 2.0 (the 'License');
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at:
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an 'AS IS' BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.";
+
+ revision "2018-10-22" {
+ description
+ "Updated vpp dependencies to match changes in ietf-access-control-list@2018-10-01 yang model.";
+ }
+
+ revision "2017-06-15" {
+ description
+ "Renamed stateful/permit leaf to permit-and-reflect";
+ }
+
+ revision "2016-12-14" {
+ description
+ "Initial revision of vpp-acl model.";
+ }
+
+ identity vpp-acl {
+ base acl:acl-base;
+ description
+ "ACL that contains only aces of vpp-ace type.";
+ }
+
+ identity vpp-macip-acl {
+ base acl:acl-base;
+ description
+ "ACL that contains only aces of vpp-macip-acl type.";
+ }
+
+ identity accept-and-reflect {
+ base acl:forwarding-action;
+ description
+ "Permits egress TCP/UDP traffic and ingress in reverse direction by creating reflexive ACEs.";
+ }
+
+ grouping value-range {
+ description "Defines value range with first and last value defined";
+
+ leaf first {
+ type uint8;
+ mandatory true;
+ description "Lower boundary for range";
+ }
+
+ leaf last {
+ type uint8;
+ mandatory true;
+ description "Upper boundary for range";
+ must "last >= first";
+ }
+ }
+
+ grouping acl-icmp-header-fields {
+ description
+ "ICMP header fields";
+ container icmp-type-range {
+ presence "Enables setting icmp-type";
+ description
+ "Inclusive range representing icmp types to be used.";
+ uses value-range;
+ }
+
+ container icmp-code-range {
+ presence "Enables setting icmp-code";
+ description
+ "Inclusive range representing icmp codes to be used.";
+ uses value-range;
+ }
+ }
+
+ grouping acl-tcp-header-fields {
+
+ description "ICMP header fields";
+
+ leaf flags-mask {
+ type bits {
+ bit cwr {
+ position 1;
+ description
+ "Congestion Window Reduced (CWR) flag is set by
+ the sending host to indicate that it received
+ a TCP segment with the ECE flag set and had
+ responded in congestion control mechanism.";
+ reference
+ "RFC 3168: The Addition of Explicit Congestion
+ Notification (ECN) to IP.";
+ }
+ bit ece {
+ position 2;
+ description
+ "ECN-Echo has a dual role, depending on the value
+ of the SYN flag. It indicates:
+ If the SYN flag is set (1), that the TCP peer is ECN
+ capable. If the SYN flag is clear (0), that a packet
+ with Congestion Experienced flag set (ECN=11) in IP
+ header was received during normal transmission
+ (added to header by RFC 3168). This serves as an
+ indication of network congestion (or impending
+ congestion) to the TCP sender.";
+ reference
+ "RFC 3168: The Addition of Explicit Congestion
+ Notification (ECN) to IP.";
+ }
+ bit urg {
+ position 3;
+ description
+ "Indicates that the Urgent pointer field is significant.";
+ }
+ bit ack {
+ position 4;
+ description
+ "Indicates that the Acknowledgment field is significant.
+ All packets after the initial SYN packet sent by the
+ client should have this flag set.";
+ }
+ bit psh {
+ position 5;
+ description
+ "Push function. Asks to push the buffered data to the
+ receiving application.";
+ }
+ bit rst {
+ position 6;
+ description
+ "Reset the connection.";
+ }
+ bit syn {
+ position 7;
+ description
+ "Synchronize sequence numbers. Only the first packet
+ sent from each end should have this flag set. Some
+ other flags and fields change meaning based on this
+ flag, and some are only valid for when it is set,
+ and others when it is clear.";
+ }
+ bit fin {
+ position 8;
+ description
+ "Last package from sender.";
+ }
+ }
+ description
+ "Also known as Control Bits. Contains 9 1-bit flags.";
+ reference
+ "RFC 793: Transmission Control Protocol (TCP).";
+ }
+ }
+
+ augment /acl:acls/acl:acl/acl:aces/acl:ace/acl:matches/acl:l4/acl:icmp/acl:icmp {
+ ext:augment-identifier "vpp-icmp-ace-augmentation";
+ container vpp-icmp-ace {
+ description
+ "Access List entry that can define:
+ - icmp code range fields
+ - icmp type range fields.";
+ uses acl-icmp-header-fields;
+ }
+ }
+
+ augment /acl:acls/acl:acl/acl:aces/acl:ace/acl:matches/acl:l4/acl:tcp/acl:tcp {
+ ext:augment-identifier "vpp-tcp-ace-augmentation";
+ container vpp-tcp-ace {
+ description
+ "Access List entry that can define:
+ - Flag mask";
+ uses acl-tcp-header-fields;
+ }
+ }
+
+ augment /acl:acls/acl:acl {
+ ext:augment-identifier "vpp-acl-augmentation";
+ leaf tag {
+ type string {
+ length 1..63;
+ }
+ description
+ "ASCII tag that can be used as a placeholder for ACL metadata. Value is stored in vpp,
+ and returned in read requests. No processing involved.";
+ }
+ }
+}
\ No newline at end of file
--- /dev/null
+/*
+ * Copyright (c) 2018 Cisco and/or its affiliates.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+
+package io.fd.hc2vpp.acl;
+
+import com.google.common.collect.ImmutableSet;
+import java.util.Set;
+import org.opendaylight.yang.gen.v1.http.fd.io.hc2vpp.yang.vpp.acl.rev181022.VppAclAugmentation;
+import org.opendaylight.yang.gen.v1.http.fd.io.hc2vpp.yang.vpp.acl.rev181022.VppIcmpAceAugmentation;
+import org.opendaylight.yang.gen.v1.http.fd.io.hc2vpp.yang.vpp.acl.rev181022.VppTcpAceAugmentation;
+import org.opendaylight.yang.gen.v1.http.fd.io.hc2vpp.yang.vpp.acl.rev181022.acl.icmp.header.fields.IcmpCodeRange;
+import org.opendaylight.yang.gen.v1.http.fd.io.hc2vpp.yang.vpp.acl.rev181022.acl.icmp.header.fields.IcmpTypeRange;
+import org.opendaylight.yang.gen.v1.http.fd.io.hc2vpp.yang.vpp.acl.rev181022.acls.acl.aces.ace.matches.l4.icmp.icmp.VppIcmpAce;
+import org.opendaylight.yang.gen.v1.http.fd.io.hc2vpp.yang.vpp.acl.rev181022.acls.acl.aces.ace.matches.l4.tcp.tcp.VppTcpAce;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.Acls;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.Acl;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.AttachmentPoints;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.Aces;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.Ace;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.Actions;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.Matches;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l2.eth.Eth;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l3.ipv4.Ipv4;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l3.ipv6.Ipv6;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l4.icmp.Icmp;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l4.tcp.Tcp;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l4.tcp.tcp.DestinationPort;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l4.tcp.tcp.SourcePort;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l4.udp.Udp;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points.Interface;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points._interface.Egress;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points._interface.Ingress;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points._interface.acl.AclSets;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points._interface.acl.acl.sets.AclSet;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.Interfaces;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.InterfacesState;
+import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
+
+public class AclIIds {
+ public final static InstanceIdentifier<Acls> ACLS = InstanceIdentifier.create(Acls.class);
+ public final static InstanceIdentifier<Acl> ACLS_ACL = ACLS.child(Acl.class);
+ public final static InstanceIdentifier<Acl> ACL = InstanceIdentifier.create(Acl.class);
+
+ public final static InstanceIdentifier<AttachmentPoints> ACLS_AP = ACLS.child(AttachmentPoints.class);
+ public final static InstanceIdentifier<Interface> ACLS_AP_INT = ACLS_AP.child(Interface.class);
+ public static final InstanceIdentifier<Ingress> ACLS_AP_INT_ING = ACLS_AP_INT.child(Ingress.class);
+ public static final InstanceIdentifier<AclSets> ACLS_AP_INT_ING_ACLS = ACLS_AP_INT_ING.child(AclSets.class);
+ public static final InstanceIdentifier<AclSet> ACLS_AP_INT_ING_ACLS_ACL = ACLS_AP_INT_ING_ACLS.child(AclSet.class);
+ public static final InstanceIdentifier<Egress> ACLS_AP_INT_EGR = ACLS_AP_INT.child(Egress.class);
+ public static final InstanceIdentifier<AclSets> ACLS_AP_INT_EGR_ACLS = ACLS_AP_INT_EGR.child(AclSets.class);
+ public static final InstanceIdentifier<AclSet> ACLS_AP_INT_EGR_ACLS_ACL = ACLS_AP_INT_EGR_ACLS.child(AclSet.class);
+ public final static InstanceIdentifier<Interface> IFC_ACL = InstanceIdentifier.create(Interface.class);
+ public final static InstanceIdentifier<org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.interfaces.Interface>
+ IFC = InstanceIdentifier.create(Interfaces.class)
+ .child(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.interfaces.Interface.class);
+ public static final InstanceIdentifier<org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.interfaces.state.Interface>
+ IFC_STATE = InstanceIdentifier.create(InterfacesState.class)
+ .child(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.interfaces.state.Interface.class);
+
+
+ public static Set<InstanceIdentifier<?>> vppAclChildren(final InstanceIdentifier<Acl> parentId) {
+ final InstanceIdentifier<Matches> matchesIid =
+ parentId.child(Aces.class).child(Ace.class).child(Matches.class);
+ return ImmutableSet.of(
+ parentId.augmentation(VppAclAugmentation.class),
+ parentId.child(Aces.class),
+ parentId.child(Aces.class).child(Ace.class),
+ parentId.child(Aces.class).child(Ace.class).child(Actions.class),
+ matchesIid,
+ matchesIid.child(Eth.class),
+ matchesIid.child(Ipv4.class),
+ matchesIid.child(Ipv6.class),
+ matchesIid.child(Tcp.class),
+ matchesIid.child(Tcp.class).augmentation(VppTcpAceAugmentation.class),
+ matchesIid.child(Tcp.class).augmentation(VppTcpAceAugmentation.class).child(VppTcpAce.class),
+ matchesIid.child(Tcp.class).child(DestinationPort.class),
+ matchesIid.child(Tcp.class).child(SourcePort.class),
+ matchesIid.child(Udp.class),
+ matchesIid.child(Udp.class).child(
+ org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l4.udp.udp.DestinationPort.class),
+ matchesIid.child(Udp.class).child(
+ org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l4.udp.udp.SourcePort.class),
+ matchesIid.child(Icmp.class),
+ matchesIid.child(Icmp.class).augmentation(VppIcmpAceAugmentation.class),
+ matchesIid.child(Icmp.class).augmentation(VppIcmpAceAugmentation.class).child(VppIcmpAce.class),
+ matchesIid.child(Icmp.class).augmentation(VppIcmpAceAugmentation.class).child(VppIcmpAce.class)
+ .child(IcmpTypeRange.class),
+ matchesIid.child(Icmp.class).augmentation(VppIcmpAceAugmentation.class).child(VppIcmpAce.class)
+ .child(IcmpCodeRange.class)
+ );
+ }
+
+ public static Set<InstanceIdentifier<?>> aclHandledChildren(final InstanceIdentifier<Interface> parentId) {
+ return ImmutableSet.of(
+ parentId.child(Ingress.class),
+ parentId.child(Ingress.class).child(AclSets.class),
+ parentId.child(Ingress.class).child(AclSets.class).child(AclSet.class),
+ parentId.child(Egress.class),
+ parentId.child(Egress.class).child(AclSets.class),
+ parentId.child(Egress.class).child(AclSets.class).child(AclSet.class));
+ }
+}
import io.fd.hc2vpp.acl.read.factory.InterfaceAclReaderFactory;
import io.fd.hc2vpp.acl.util.AclContextManager;
import io.fd.hc2vpp.acl.util.AclContextManagerImpl;
+import io.fd.hc2vpp.acl.write.factory.AclWriterFactory;
import io.fd.hc2vpp.acl.write.factory.InterfaceAclWriterFactory;
-import io.fd.hc2vpp.acl.write.factory.VppAclWriterFactory;
import io.fd.honeycomb.translate.read.ReaderFactory;
import io.fd.honeycomb.translate.write.WriterFactory;
import io.fd.vpp.jvpp.acl.future.FutureJVppAclFacade;
final Multibinder<WriterFactory> writerFactoryMultibinder =
Multibinder.newSetBinder(binder(), WriterFactory.class);
- writerFactoryMultibinder.addBinding().to(VppAclWriterFactory.class);
+ writerFactoryMultibinder.addBinding().to(AclWriterFactory.class);
writerFactoryMultibinder.addBinding().to(InterfaceAclWriterFactory.class);
final Multibinder<ReaderFactory> readerFactoryMultibinder =
--- /dev/null
+/*
+ * Copyright (c) 2016 Cisco and/or its affiliates.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.fd.hc2vpp.acl.read;
+
+import com.google.common.base.Optional;
+import com.google.common.collect.ImmutableSet;
+import io.fd.hc2vpp.acl.util.AclContextManager;
+import io.fd.hc2vpp.acl.util.FutureJVppAclCustomizer;
+import io.fd.hc2vpp.common.translate.util.JvppReplyConsumer;
+import io.fd.hc2vpp.common.translate.util.NamingContext;
+import io.fd.honeycomb.translate.MappingContext;
+import io.fd.honeycomb.translate.ModificationCache;
+import io.fd.honeycomb.translate.read.ReadContext;
+import io.fd.honeycomb.translate.read.ReadFailedException;
+import io.fd.honeycomb.translate.util.read.cache.DumpCacheManager;
+import io.fd.honeycomb.translate.util.read.cache.DumpCacheManager.DumpCacheManagerBuilder;
+import io.fd.honeycomb.translate.util.read.cache.EntityDumpExecutor;
+import io.fd.honeycomb.translate.util.read.cache.TypeAwareIdentifierCacheKeyFactory;
+import io.fd.vpp.jvpp.acl.dto.AclDetailsReplyDump;
+import io.fd.vpp.jvpp.acl.dto.AclDump;
+import io.fd.vpp.jvpp.acl.dto.AclInterfaceListDetails;
+import io.fd.vpp.jvpp.acl.dto.AclInterfaceListDetailsReplyDump;
+import io.fd.vpp.jvpp.acl.dto.AclInterfaceListDump;
+import io.fd.vpp.jvpp.acl.future.FutureJVppAclFacade;
+import java.util.Arrays;
+import java.util.stream.Stream;
+import javax.annotation.Nonnull;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points.Interface;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points._interface.acl.acl.sets.AclSet;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points._interface.acl.acl.sets.AclSetBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points._interface.acl.acl.sets.AclSetKey;
+import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
+
+abstract class AbstractAclCustomizer extends FutureJVppAclCustomizer implements JvppReplyConsumer {
+
+ final NamingContext interfaceContext;
+ final AclContextManager standardAclContext;
+
+ final DumpCacheManager<AclInterfaceListDetailsReplyDump, Integer> aclReferenceDumpManager;
+ final DumpCacheManager<AclDetailsReplyDump, Integer> aclDumpManager;
+
+ protected AbstractAclCustomizer(@Nonnull final FutureJVppAclFacade jVppAclFacade,
+ @Nonnull final NamingContext interfaceContext,
+ @Nonnull final AclContextManager standardAclContext) {
+ super(jVppAclFacade);
+ this.interfaceContext = interfaceContext;
+ this.standardAclContext = standardAclContext;
+
+ aclReferenceDumpManager =
+ new DumpCacheManagerBuilder<AclInterfaceListDetailsReplyDump, Integer>()
+ .withExecutor(createAclReferenceDumpExecutor())
+ // Key needs to contain interface ID to distinguish dumps between interfaces
+ .withCacheKeyFactory(
+ new TypeAwareIdentifierCacheKeyFactory(AclInterfaceListDetailsReplyDump.class,
+ ImmutableSet.of(Interface.class)))
+ .build();
+
+ aclDumpManager = new DumpCacheManagerBuilder<AclDetailsReplyDump, Integer>()
+ .withExecutor(createAclExecutor())
+ .acceptOnly(AclDetailsReplyDump.class)
+ .build();
+ }
+
+ private EntityDumpExecutor<AclDetailsReplyDump, Integer> createAclExecutor() {
+ return (identifier, params) -> {
+ AclDump request = new AclDump();
+ request.aclIndex = params;
+ return getReplyForRead(getjVppAclFacade().aclDump(request).toCompletableFuture(), identifier);
+ };
+ }
+
+ private EntityDumpExecutor<AclInterfaceListDetailsReplyDump, Integer> createAclReferenceDumpExecutor() {
+ return (identifier, params) -> {
+ AclInterfaceListDump dumpRequest = new AclInterfaceListDump();
+ dumpRequest.swIfIndex = params;
+ return getReplyForRead(getjVppAclFacade().aclInterfaceListDump(dumpRequest).toCompletableFuture(),
+ identifier);
+ };
+ }
+
+ Stream<AclSetKey> getStandardAclSetKeys(@Nonnull final ReadContext readContext,
+ final Optional<AclInterfaceListDetailsReplyDump> dumpReply,
+ final boolean isIngress) {
+ if (dumpReply.isPresent() && !dumpReply.get().aclInterfaceListDetails.isEmpty()) {
+ // if dumpReply is present, then aclInterfaceListDetails contains single element (actually it should not be
+ // dump message in vpp)
+ final AclInterfaceListDetails aclDetails = dumpReply.get().aclInterfaceListDetails.get(0);
+
+ if (isIngress) {
+ return Arrays.stream(aclDetails.acls).limit(aclDetails.nInput)
+ .mapToObj(aclIndex -> standardAclContext.getAclName(aclIndex, readContext.getMappingContext()))
+ .map(AclSetKey::new);
+ } else {
+ return Arrays.stream(aclDetails.acls).skip(aclDetails.nInput)
+ .mapToObj(aclIndex -> standardAclContext.getAclName(aclIndex, readContext.getMappingContext()))
+ .map(AclSetKey::new);
+ }
+ } else {
+ return Stream.empty();
+ }
+ }
+
+ void parseStandardAclSet(@Nonnull final InstanceIdentifier<AclSet> instanceIdentifier,
+ @Nonnull final AclSetBuilder aclSetBuilder, final String aclName,
+ final MappingContext mappingContext, final ModificationCache modificationCache)
+ throws ReadFailedException {
+ final int aclIndex = standardAclContext.getAclIndex(aclName, mappingContext);
+
+ final Optional<AclDetailsReplyDump> dumpReply =
+ aclDumpManager.getDump(instanceIdentifier, modificationCache, aclIndex);
+
+ if (dumpReply.isPresent() && !dumpReply.get().aclDetails.isEmpty()) {
+ aclSetBuilder.setName(aclName);
+ } else {
+ throw new ReadFailedException(instanceIdentifier,
+ new IllegalArgumentException(String.format("Acl with name %s not found", aclName)));
+ }
+ }
+}
+++ /dev/null
-/*
- * Copyright (c) 2016 Cisco and/or its affiliates.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at:
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package io.fd.hc2vpp.acl.read;
-
-import com.google.common.base.Optional;
-import com.google.common.collect.ImmutableSet;
-import io.fd.hc2vpp.acl.util.AclContextManager;
-import io.fd.hc2vpp.acl.util.FutureJVppAclCustomizer;
-import io.fd.hc2vpp.common.translate.util.ByteDataTranslator;
-import io.fd.hc2vpp.common.translate.util.JvppReplyConsumer;
-import io.fd.hc2vpp.common.translate.util.NamingContext;
-import io.fd.honeycomb.translate.read.ReadContext;
-import io.fd.honeycomb.translate.read.ReadFailedException;
-import io.fd.honeycomb.translate.spi.read.Initialized;
-import io.fd.honeycomb.translate.spi.read.InitializingListReaderCustomizer;
-import io.fd.honeycomb.translate.util.read.cache.DumpCacheManager;
-import io.fd.honeycomb.translate.util.read.cache.DumpCacheManager.DumpCacheManagerBuilder;
-import io.fd.honeycomb.translate.util.read.cache.EntityDumpExecutor;
-import io.fd.honeycomb.translate.util.read.cache.TypeAwareIdentifierCacheKeyFactory;
-import io.fd.vpp.jvpp.acl.dto.AclDetailsReplyDump;
-import io.fd.vpp.jvpp.acl.dto.AclDump;
-import io.fd.vpp.jvpp.acl.dto.AclInterfaceListDetails;
-import io.fd.vpp.jvpp.acl.dto.AclInterfaceListDetailsReplyDump;
-import io.fd.vpp.jvpp.acl.dto.AclInterfaceListDump;
-import io.fd.vpp.jvpp.acl.future.FutureJVppAclFacade;
-import java.util.Collections;
-import java.util.List;
-import java.util.stream.Collectors;
-import java.util.stream.IntStream;
-import javax.annotation.Nonnull;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.Interfaces;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.interfaces.state.Interface;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214.VppAclInterfaceAugmentation;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214._interface.acl.attributes.Acl;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214.vpp.acls.base.attributes.VppAcls;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214.vpp.acls.base.attributes.VppAclsBuilder;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214.vpp.acls.base.attributes.VppAclsKey;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.VppAcl;
-import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
-
-abstract class AbstractVppAclCustomizer extends FutureJVppAclCustomizer
- implements InitializingListReaderCustomizer<VppAcls, VppAclsKey, VppAclsBuilder>, JvppReplyConsumer,
- ByteDataTranslator {
-
- private final NamingContext interfaceContext;
- private final AclContextManager standardAclContext;
-
- private final DumpCacheManager<AclInterfaceListDetailsReplyDump, Integer> aclReferenceDumpManager;
- private final DumpCacheManager<AclDetailsReplyDump, Integer> aclDumpManager;
-
- protected AbstractVppAclCustomizer(@Nonnull final FutureJVppAclFacade jVppAclFacade,
- @Nonnull final NamingContext interfaceContext,
- @Nonnull final AclContextManager standardAclContext) {
- super(jVppAclFacade);
- this.interfaceContext = interfaceContext;
- this.standardAclContext = standardAclContext;
-
- aclReferenceDumpManager =
- new DumpCacheManagerBuilder<AclInterfaceListDetailsReplyDump, Integer>()
- .withExecutor(createAclReferenceDumpExecutor())
- // Key needs to contain interface ID to distinguish dumps between interfaces
- .withCacheKeyFactory(new TypeAwareIdentifierCacheKeyFactory(AclInterfaceListDetailsReplyDump.class,
- ImmutableSet.of(Interface.class)))
- .build();
-
- aclDumpManager = new DumpCacheManagerBuilder<AclDetailsReplyDump, Integer>()
- .withExecutor(createAclExecutor())
- .acceptOnly(AclDetailsReplyDump.class)
- .build();
- }
-
- protected static InstanceIdentifier<Acl> getAclCfgId(
- final InstanceIdentifier<Acl> id) {
- return InstanceIdentifier.create(Interfaces.class).child(
- org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.interfaces.Interface.class,
- new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.interfaces.InterfaceKey(
- id.firstKeyOf(Interface.class).getName())).augmentation(VppAclInterfaceAugmentation.class)
- .child(Acl.class);
- }
-
- private EntityDumpExecutor<AclDetailsReplyDump, Integer> createAclExecutor() {
- return (identifier, params) -> {
- AclDump request = new AclDump();
- request.aclIndex = params;
- return getReplyForRead(getjVppAclFacade().aclDump(request).toCompletableFuture(), identifier);
- };
- }
-
- private EntityDumpExecutor<AclInterfaceListDetailsReplyDump, Integer> createAclReferenceDumpExecutor() {
- return (identifier, params) -> {
- AclInterfaceListDump dumpRequest = new AclInterfaceListDump();
- dumpRequest.swIfIndex = params;
- return getReplyForRead(getjVppAclFacade().aclInterfaceListDump(dumpRequest).toCompletableFuture(),
- identifier);
- };
- }
-
- @Nonnull
- @Override
- public final List<VppAclsKey> getAllIds(@Nonnull final InstanceIdentifier<VppAcls> id,
- @Nonnull final ReadContext context)
- throws ReadFailedException {
-
- final String parentInterfaceName = id.firstKeyOf(Interface.class).getName();
- final int parentInterfaceIndex = interfaceContext.getIndex(parentInterfaceName, context.getMappingContext());
-
- final Optional<AclInterfaceListDetailsReplyDump> dumpReply =
- aclReferenceDumpManager.getDump(id, context.getModificationCache(), parentInterfaceIndex);
-
- if (dumpReply.isPresent() && !dumpReply.get().aclInterfaceListDetails.isEmpty()) {
- // if dumpReply is present, then aclInterfaceListDetails contains single element (actually it should not be
- // dump message in vpp)
- final AclInterfaceListDetails aclDetails = dumpReply.get().aclInterfaceListDetails.get(0);
- return filterAcls(aclDetails)
- .mapToObj(aclIndex -> standardAclContext.getAclName(aclIndex, context.getMappingContext()))
- .map(aclName -> new VppAclsKey(aclName, VppAcl.class))
- .collect(Collectors.toList());
- } else {
- return Collections.emptyList();
- }
- }
-
- /**
- * Streams ids of ACLs.
- *
- * @param aclDetails describes ACLs assigned to interface
- * @return sequence of acl ids
- */
- protected abstract IntStream filterAcls(@Nonnull final AclInterfaceListDetails aclDetails);
-
- @Nonnull
- @Override
- public final VppAclsBuilder getBuilder(@Nonnull final InstanceIdentifier<VppAcls> id) {
- return new VppAclsBuilder();
- }
-
- @Override
- public final void readCurrentAttributes(@Nonnull final InstanceIdentifier<VppAcls> id,
- @Nonnull final VppAclsBuilder builder,
- @Nonnull final ReadContext ctx) throws ReadFailedException {
- final VppAclsKey vppAclsKey = id.firstKeyOf(VppAcls.class);
- final String aclName = vppAclsKey.getName();
- final int aclIndex = standardAclContext.getAclIndex(aclName, ctx.getMappingContext());
-
- final Optional<AclDetailsReplyDump> dumpReply =
- aclDumpManager.getDump(id, ctx.getModificationCache(), aclIndex);
-
- if (dumpReply.isPresent() && !dumpReply.get().aclDetails.isEmpty()) {
- builder.setName(aclName);
- builder.setType(vppAclsKey.getType());
- } else {
- throw new ReadFailedException(id,
- new IllegalArgumentException(String.format("Acl with name %s not found", aclName)));
- }
- }
-
- @Nonnull
- @Override
- public Initialized<VppAcls> init(@Nonnull final InstanceIdentifier<VppAcls> id,
- @Nonnull final VppAcls vppAcls,
- @Nonnull final ReadContext readContext) {
- return Initialized.create(getCfgId(id), vppAcls);
- }
-
- protected abstract InstanceIdentifier<VppAcls> getCfgId(final InstanceIdentifier<VppAcls> id);
-}
import java.util.List;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.AccessListsBuilder;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.AclBase;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.Acl;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.AclBuilder;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.AclKey;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.AccessListEntriesBuilder;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.VppAcl;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.VppAclAugmentation;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.VppAclAugmentationBuilder;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.VppMacipAcl;
+import org.opendaylight.yang.gen.v1.http.fd.io.hc2vpp.yang.vpp.acl.rev181022.VppAclAugmentation;
+import org.opendaylight.yang.gen.v1.http.fd.io.hc2vpp.yang.vpp.acl.rev181022.VppAclAugmentationBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.AclsBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.Acl;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.AclBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.AclKey;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.AcesBuilder;
import org.opendaylight.yangtools.concepts.Builder;
import org.opendaylight.yangtools.yang.binding.DataObject;
import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
if (vppAclDump.isPresent()) {
vppAclDump.get().aclDetails.stream()
.map(details -> standardAclContext.getAclName(details.aclIndex, context.getMappingContext()))
- .forEach(name -> keys.add(new AclKey(name, VppAcl.class)));
+ .forEach(name -> keys.add(new AclKey(name)));
}
final Optional<MacipAclDetailsReplyDump> macipAclDump =
if (macipAclDump.isPresent()) {
macipAclDump.get().macipAclDetails.stream()
.map(details -> macipAclContext.getAclName(details.aclIndex, context.getMappingContext()))
- .forEach(name -> keys.add(new AclKey(name, VppMacipAcl.class)));
+ .forEach(name -> keys.add(new AclKey(name)));
}
return keys;
@Override
public void merge(@Nonnull final Builder<? extends DataObject> builder, @Nonnull final List<Acl> readData) {
- ((AccessListsBuilder)builder).setAcl(readData);
+ ((AclsBuilder) builder).setAcl(readData);
}
@Nonnull
@Nonnull final ReadContext ctx) throws ReadFailedException {
final AclKey key = id.firstKeyOf(Acl.class);
builder.withKey(key);
- final Class<? extends AclBase> aclType = key.getAclType();
- final String name = key.getAclName();
+ final String name = key.getName();
- if (aclType.equals(VppAcl.class)) {
+ if (standardAclContext.containsAcl(name, ctx.getMappingContext())) {
final int index = standardAclContext.getAclIndex(name, ctx.getMappingContext());
final Optional<AclDetailsReplyDump> dump = vppAclDumpManager.getDump(id, ctx.getModificationCache(), index);
if (detail.isPresent()) {
final AclDetails aclDetails = detail.get();
setTag(builder, aclDetails.tag);
- builder.setAccessListEntries(new AccessListEntriesBuilder()
+ builder.setAces(new AcesBuilder()
.setAce(toStandardAces(name, aclDetails.r, standardAclContext, ctx.getMappingContext()))
.build());
}
}
- } else if (aclType.equals(VppMacipAcl.class)) {
+ } else if (macipAclContext.containsAcl(name, ctx.getMappingContext())) {
final int index = macipAclContext.getAclIndex(name, ctx.getMappingContext());
final Optional<MacipAclDetailsReplyDump> dump =
macipAclDumpManager.getDump(id, ctx.getModificationCache(), index);
final MacipAclDetails macipAclDetails = detail.get();
setTag(builder, macipAclDetails.tag);
if (detail.isPresent()) {
- builder.setAccessListEntries(new AccessListEntriesBuilder()
+ builder.setAces(new AcesBuilder()
.setAce(toMacIpAces(name, macipAclDetails.r, macipAclContext, ctx.getMappingContext()))
.build());
}
}
} else {
- throw new IllegalArgumentException("Unsupported acl type: " + aclType);
+ throw new IllegalArgumentException("Unsupported acl: " + id);
}
}
--- /dev/null
+/*
+ * Copyright (c) 2016 Cisco and/or its affiliates.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+
+package io.fd.hc2vpp.acl.read;
+
+import com.google.common.base.Optional;
+import io.fd.hc2vpp.acl.util.AclContextManager;
+import io.fd.hc2vpp.common.translate.util.JvppReplyConsumer;
+import io.fd.hc2vpp.common.translate.util.NamingContext;
+import io.fd.honeycomb.translate.MappingContext;
+import io.fd.honeycomb.translate.ModificationCache;
+import io.fd.honeycomb.translate.read.ReadContext;
+import io.fd.honeycomb.translate.read.ReadFailedException;
+import io.fd.honeycomb.translate.spi.read.Initialized;
+import io.fd.honeycomb.translate.spi.read.InitializingListReaderCustomizer;
+import io.fd.vpp.jvpp.acl.dto.AclInterfaceListDetailsReplyDump;
+import io.fd.vpp.jvpp.acl.future.FutureJVppAclFacade;
+import java.util.List;
+import java.util.stream.Collectors;
+import javax.annotation.Nonnull;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points.Interface;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points._interface.acl.AclSetsBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points._interface.acl.acl.sets.AclSet;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points._interface.acl.acl.sets.AclSetBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points._interface.acl.acl.sets.AclSetKey;
+import org.opendaylight.yangtools.concepts.Builder;
+import org.opendaylight.yangtools.yang.binding.DataObject;
+import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
+
+public class EgressAclCustomizer extends AbstractAclCustomizer
+ implements InitializingListReaderCustomizer<AclSet, AclSetKey, AclSetBuilder>, JvppReplyConsumer {
+
+ public EgressAclCustomizer(final FutureJVppAclFacade futureAclFacade, final NamingContext interfaceContext,
+ final AclContextManager standardAclContext) {
+ super(futureAclFacade, interfaceContext, standardAclContext);
+ }
+
+ @Nonnull
+ @Override
+ public Initialized<? extends DataObject> init(@Nonnull final InstanceIdentifier<AclSet> instanceIdentifier,
+ @Nonnull final AclSet aclSet,
+ @Nonnull final ReadContext readContext) {
+ return Initialized.create(instanceIdentifier, aclSet);
+ }
+
+ @Nonnull
+ @Override
+ public List<AclSetKey> getAllIds(@Nonnull final InstanceIdentifier<AclSet> instanceIdentifier,
+ @Nonnull final ReadContext readContext) throws ReadFailedException {
+ final String parentInterfaceName = instanceIdentifier.firstKeyOf(Interface.class).getInterfaceId();
+ final int parentInterfaceIndex =
+ interfaceContext.getIndex(parentInterfaceName, readContext.getMappingContext());
+
+ //TODO stdDumpReply keys need to be filtered as egress only
+ final Optional<AclInterfaceListDetailsReplyDump> stdDumpReply =
+ aclReferenceDumpManager
+ .getDump(instanceIdentifier, readContext.getModificationCache(), parentInterfaceIndex);
+
+ return getStandardAclSetKeys(readContext, stdDumpReply, false).collect(Collectors.toList());
+ }
+
+ @Override
+ public void merge(@Nonnull final Builder<? extends DataObject> builder, @Nonnull final List<AclSet> list) {
+ ((AclSetsBuilder) builder).setAclSet(list);
+ }
+
+ @Nonnull
+ @Override
+ public AclSetBuilder getBuilder(@Nonnull final InstanceIdentifier<AclSet> instanceIdentifier) {
+ return new AclSetBuilder();
+ }
+
+ @Override
+ public void readCurrentAttributes(@Nonnull final InstanceIdentifier<AclSet> instanceIdentifier,
+ @Nonnull final AclSetBuilder aclSetBuilder,
+ @Nonnull final ReadContext readContext)
+ throws ReadFailedException {
+ final AclSetKey vppAclsKey = instanceIdentifier.firstKeyOf(AclSet.class);
+ final String aclName = vppAclsKey.getName();
+ final MappingContext mappingContext = readContext.getMappingContext();
+ ModificationCache modificationCache = readContext.getModificationCache();
+
+ if (standardAclContext.containsAcl(aclName, mappingContext)) {
+ parseStandardAclSet(instanceIdentifier, aclSetBuilder, aclName, mappingContext, modificationCache);
+ }
+
+ }
+}
+++ /dev/null
-/*
- * Copyright (c) 2016 Cisco and/or its affiliates.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at:
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package io.fd.hc2vpp.acl.read;
-
-import io.fd.hc2vpp.acl.util.AclContextManager;
-import io.fd.hc2vpp.common.translate.util.NamingContext;
-import io.fd.honeycomb.translate.util.RWUtils;
-import io.fd.vpp.jvpp.acl.dto.AclInterfaceListDetails;
-import io.fd.vpp.jvpp.acl.future.FutureJVppAclFacade;
-import java.util.Arrays;
-import java.util.List;
-import java.util.stream.IntStream;
-import javax.annotation.Nonnull;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214._interface.acl.attributes.Acl;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214._interface.acl.attributes.acl.Egress;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214._interface.acl.attributes.acl.EgressBuilder;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214.vpp.acls.base.attributes.VppAcls;
-import org.opendaylight.yangtools.concepts.Builder;
-import org.opendaylight.yangtools.yang.binding.DataObject;
-import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
-
-public final class EgressVppAclCustomizer extends AbstractVppAclCustomizer {
-
- public EgressVppAclCustomizer(@Nonnull final FutureJVppAclFacade jVppAclFacade,
- @Nonnull final NamingContext interfaceContext,
- @Nonnull final AclContextManager standardAclContext) {
- super(jVppAclFacade, interfaceContext, standardAclContext);
- }
-
- @Override
- protected IntStream filterAcls(@Nonnull final AclInterfaceListDetails aclDetails) {
- return Arrays.stream(aclDetails.acls).skip(aclDetails.nInput);
- }
-
- @Override
- public void merge(@Nonnull final Builder<? extends DataObject> builder, @Nonnull final List<VppAcls> readData) {
- EgressBuilder.class.cast(builder).setVppAcls(readData);
- }
-
- @Override
- protected InstanceIdentifier<VppAcls> getCfgId(
- final InstanceIdentifier<VppAcls> id) {
- return getAclCfgId(RWUtils.cutId(id, Acl.class)).child(Egress.class)
- .child(VppAcls.class, id.firstKeyOf(VppAcls.class));
- }
-}
--- /dev/null
+/*
+ * Copyright (c) 2016 Cisco and/or its affiliates.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+
+package io.fd.hc2vpp.acl.read;
+
+import com.google.common.annotations.VisibleForTesting;
+import com.google.common.base.Optional;
+import com.google.common.collect.ImmutableSet;
+import com.google.common.collect.Streams;
+import io.fd.hc2vpp.acl.util.AclContextManager;
+import io.fd.hc2vpp.common.translate.util.JvppReplyConsumer;
+import io.fd.hc2vpp.common.translate.util.NamingContext;
+import io.fd.honeycomb.translate.MappingContext;
+import io.fd.honeycomb.translate.ModificationCache;
+import io.fd.honeycomb.translate.read.ReadContext;
+import io.fd.honeycomb.translate.read.ReadFailedException;
+import io.fd.honeycomb.translate.spi.read.Initialized;
+import io.fd.honeycomb.translate.spi.read.InitializingListReaderCustomizer;
+import io.fd.honeycomb.translate.util.read.cache.DumpCacheManager;
+import io.fd.honeycomb.translate.util.read.cache.EntityDumpExecutor;
+import io.fd.honeycomb.translate.util.read.cache.TypeAwareIdentifierCacheKeyFactory;
+import io.fd.vpp.jvpp.acl.dto.AclInterfaceListDetailsReplyDump;
+import io.fd.vpp.jvpp.acl.dto.MacipAclDetailsReplyDump;
+import io.fd.vpp.jvpp.acl.dto.MacipAclDump;
+import io.fd.vpp.jvpp.acl.dto.MacipAclInterfaceGet;
+import io.fd.vpp.jvpp.acl.dto.MacipAclInterfaceGetReply;
+import io.fd.vpp.jvpp.acl.dto.MacipAclInterfaceListDetails;
+import io.fd.vpp.jvpp.acl.dto.MacipAclInterfaceListDetailsReplyDump;
+import io.fd.vpp.jvpp.acl.dto.MacipAclInterfaceListDump;
+import io.fd.vpp.jvpp.acl.future.FutureJVppAclFacade;
+import java.util.Arrays;
+import java.util.List;
+import java.util.stream.Collectors;
+import java.util.stream.Stream;
+import javax.annotation.Nonnull;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points.Interface;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points._interface.acl.AclSetsBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points._interface.acl.acl.sets.AclSet;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points._interface.acl.acl.sets.AclSetBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points._interface.acl.acl.sets.AclSetKey;
+import org.opendaylight.yangtools.concepts.Builder;
+import org.opendaylight.yangtools.yang.binding.DataObject;
+import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class IngressAclCustomizer extends AbstractAclCustomizer
+ implements InitializingListReaderCustomizer<AclSet, AclSetKey, AclSetBuilder>, JvppReplyConsumer {
+ @VisibleForTesting
+ protected static final int ACL_NOT_ASSIGNED = -1;
+ private static final Logger LOG = LoggerFactory.getLogger(IngressAclCustomizer.class);
+
+ private final AclContextManager macIpAclContext;
+
+ private final DumpCacheManager<MacipAclDetailsReplyDump, Integer> macIpAclDumpManager;
+ private final DumpCacheManager<MacipAclInterfaceGetReply, Void> interfaceMacIpAclDumpManager;
+ private final DumpCacheManager<MacipAclInterfaceListDetailsReplyDump, Integer> macAclReferenceDumpManager;
+
+ public IngressAclCustomizer(final FutureJVppAclFacade futureAclFacade, final NamingContext interfaceContext,
+ final AclContextManager standardAclContext, final AclContextManager macIpAClContext) {
+ super(futureAclFacade, interfaceContext, standardAclContext);
+ this.macIpAclContext = macIpAClContext;
+
+ macAclReferenceDumpManager =
+ new DumpCacheManager.DumpCacheManagerBuilder<MacipAclInterfaceListDetailsReplyDump, Integer>()
+ .withExecutor(createMacIpAclReferenceDumpExecutor())
+ // Key needs to contain interface ID to distinguish dumps between interfaces
+ .withCacheKeyFactory(
+ new TypeAwareIdentifierCacheKeyFactory(MacipAclInterfaceListDetailsReplyDump.class,
+ ImmutableSet.of(Interface.class)))
+ .build();
+
+ // for dumping of Mac-ip details
+ macIpAclDumpManager = new DumpCacheManager.DumpCacheManagerBuilder<MacipAclDetailsReplyDump, Integer>()
+ .withExecutor(createMacIpDumpExecutor())
+ .acceptOnly(MacipAclDetailsReplyDump.class)
+ .build();
+
+ // for dumping of reference on interface
+ interfaceMacIpAclDumpManager = new DumpCacheManager.DumpCacheManagerBuilder<MacipAclInterfaceGetReply, Void>()
+ .withExecutor(createInterfaceMacIpDumpExecutor())
+ .acceptOnly(MacipAclInterfaceGetReply.class)
+ .build();
+ }
+
+ @Nonnull
+ @Override
+ public Initialized<? extends DataObject> init(@Nonnull final InstanceIdentifier<AclSet> instanceIdentifier,
+ @Nonnull final AclSet aclSet,
+ @Nonnull final ReadContext readContext) {
+ return Initialized.create(instanceIdentifier, aclSet);
+ }
+
+ @Nonnull
+ @Override
+ public List<AclSetKey> getAllIds(@Nonnull final InstanceIdentifier<AclSet> instanceIdentifier,
+ @Nonnull final ReadContext readContext) throws ReadFailedException {
+ final String parentInterfaceName = instanceIdentifier.firstKeyOf(Interface.class).getInterfaceId();
+ final int parentInterfaceIndex =
+ interfaceContext.getIndex(parentInterfaceName, readContext.getMappingContext());
+
+ //TODO stdDumpReply keys need to be filtered as ingress only
+ final Optional<AclInterfaceListDetailsReplyDump> stdDumpReply =
+ aclReferenceDumpManager
+ .getDump(instanceIdentifier, readContext.getModificationCache(), parentInterfaceIndex);
+ final Optional<MacipAclInterfaceListDetailsReplyDump> macipDumpReply =
+ macAclReferenceDumpManager
+ .getDump(instanceIdentifier, readContext.getModificationCache(), parentInterfaceIndex);
+
+ Stream<AclSetKey> macIpAclSetKeys = getMacIpAclSetKeys(readContext, macipDumpReply);
+ Stream<AclSetKey> standardAclSetKeys = getStandardAclSetKeys(readContext, stdDumpReply, true);
+
+ return Streams.concat(standardAclSetKeys, macIpAclSetKeys).distinct().collect(Collectors.toList());
+ }
+
+ @Override
+ public void merge(@Nonnull final Builder<? extends DataObject> builder, @Nonnull final List<AclSet> list) {
+ ((AclSetsBuilder) builder).setAclSet(list);
+ }
+
+ @Nonnull
+ @Override
+ public AclSetBuilder getBuilder(@Nonnull final InstanceIdentifier<AclSet> instanceIdentifier) {
+ return new AclSetBuilder();
+ }
+
+ @Override
+ public void readCurrentAttributes(@Nonnull final InstanceIdentifier<AclSet> instanceIdentifier,
+ @Nonnull final AclSetBuilder aclSetBuilder,
+ @Nonnull final ReadContext readContext) throws ReadFailedException {
+ final AclSetKey vppAclsKey = instanceIdentifier.firstKeyOf(AclSet.class);
+ final String interfaceName = instanceIdentifier.firstKeyOf(Interface.class).getInterfaceId();
+ final String aclName = vppAclsKey.getName();
+ final MappingContext mappingContext = readContext.getMappingContext();
+ ModificationCache modificationCache = readContext.getModificationCache();
+
+ if (standardAclContext.containsAcl(aclName, mappingContext)) {
+ parseStandardAclSet(instanceIdentifier, aclSetBuilder, aclName, mappingContext, modificationCache);
+ } else if (macIpAclContext.containsAcl(aclName, mappingContext)) {
+ parseMacIpAclSet(instanceIdentifier, aclSetBuilder, interfaceName, mappingContext, modificationCache);
+ }
+ }
+
+ public void parseMacIpAclSet(@Nonnull final InstanceIdentifier<AclSet> instanceIdentifier,
+ @Nonnull final AclSetBuilder aclSetBuilder,
+ final String interfaceName, final MappingContext mappingContext,
+ final ModificationCache modificationCache)
+ throws ReadFailedException {
+ final Optional<MacipAclInterfaceGetReply> interfacesMacIpDumpReply =
+ interfaceMacIpAclDumpManager.getDump(instanceIdentifier, modificationCache);
+ final int interfaceIndex = interfaceContext.getIndex(interfaceName, mappingContext);
+ MacipAclInterfaceGetReply reply = interfacesMacIpDumpReply.get();
+ if (reply.acls == null || reply.acls.length == 0) {
+ LOG.debug("No MacACls found for interface. Iid: {}", instanceIdentifier);
+ return;
+ }
+ final int aclIndex = reply.acls[interfaceIndex];
+ if (aclIndex != ACL_NOT_ASSIGNED) {
+ final Optional<MacipAclDetailsReplyDump> macIpDumpReply =
+ macIpAclDumpManager.getDump(instanceIdentifier, modificationCache, aclIndex);
+
+ if (macIpDumpReply.isPresent() && !macIpDumpReply.get().macipAclDetails.isEmpty()) {
+ aclSetBuilder.setName(macIpAclContext.getAclName(aclIndex, mappingContext));
+ } else {
+ // this is invalid state(Interface in VPP will act as "deny-all" for security reasons), but generally
+ // it should not happen
+ throw new ReadFailedException(instanceIdentifier,
+ new IllegalStateException(String.format("ACE with index %s not found in VPP", aclIndex)));
+ }
+ }
+ }
+
+ private EntityDumpExecutor<MacipAclInterfaceListDetailsReplyDump, Integer> createMacIpAclReferenceDumpExecutor() {
+ return (identifier, params) -> {
+ MacipAclInterfaceListDump dumpRequest = new MacipAclInterfaceListDump();
+ dumpRequest.swIfIndex = params;
+ return getReplyForRead(getjVppAclFacade().macipAclInterfaceListDump(dumpRequest).toCompletableFuture(),
+ identifier);
+ };
+ }
+
+ private EntityDumpExecutor<MacipAclDetailsReplyDump, Integer> createMacIpDumpExecutor() {
+ return (identifier, params) -> {
+ MacipAclDump request = new MacipAclDump();
+ request.aclIndex = params;
+
+ return getReplyForRead(getjVppAclFacade().macipAclDump(request).toCompletableFuture(), identifier);
+ };
+ }
+
+ private EntityDumpExecutor<MacipAclInterfaceGetReply, Void> createInterfaceMacIpDumpExecutor() {
+ return (identifier, params) -> getReplyForRead(
+ getjVppAclFacade().macipAclInterfaceGet(new MacipAclInterfaceGet()).toCompletableFuture(),
+ identifier);
+ }
+
+
+ private Stream<AclSetKey> getMacIpAclSetKeys(@Nonnull final ReadContext readContext,
+ final Optional<MacipAclInterfaceListDetailsReplyDump> dumpReply) {
+ if (dumpReply.isPresent() && !dumpReply.get().macipAclInterfaceListDetails.isEmpty()) {
+ // if dumpReply is present, then aclInterfaceListDetails contains single element (actually it should not be
+ // dump message in vpp)
+ final MacipAclInterfaceListDetails aclDetails = dumpReply.get().macipAclInterfaceListDetails.get(0);
+
+ return Arrays.stream(aclDetails.acls).limit(aclDetails.count)
+ .mapToObj(aclIndex -> macIpAclContext.getAclName(aclIndex, readContext.getMappingContext()))
+ .map(AclSetKey::new);
+ } else {
+ return Stream.empty();
+ }
+ }
+}
+++ /dev/null
-/*
- * Copyright (c) 2016 Cisco and/or its affiliates.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at:
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package io.fd.hc2vpp.acl.read;
-
-import io.fd.hc2vpp.acl.util.AclContextManager;
-import io.fd.hc2vpp.common.translate.util.NamingContext;
-import io.fd.honeycomb.translate.util.RWUtils;
-import io.fd.vpp.jvpp.acl.dto.AclInterfaceListDetails;
-import io.fd.vpp.jvpp.acl.future.FutureJVppAclFacade;
-import java.util.Arrays;
-import java.util.List;
-import java.util.stream.IntStream;
-import javax.annotation.Nonnull;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214._interface.acl.attributes.Acl;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214._interface.acl.attributes.acl.Ingress;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214._interface.acl.attributes.acl.IngressBuilder;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214.vpp.acls.base.attributes.VppAcls;
-import org.opendaylight.yangtools.concepts.Builder;
-import org.opendaylight.yangtools.yang.binding.DataObject;
-import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
-
-public final class IngressVppAclCustomizer extends AbstractVppAclCustomizer {
-
- public IngressVppAclCustomizer(@Nonnull final FutureJVppAclFacade jVppAclFacade,
- @Nonnull final NamingContext interfaceContext,
- @Nonnull final AclContextManager standardAclContext) {
- super(jVppAclFacade, interfaceContext, standardAclContext);
- }
-
- @Override
- protected IntStream filterAcls(@Nonnull final AclInterfaceListDetails aclDetails) {
- return Arrays.stream(aclDetails.acls).limit(aclDetails.nInput);
- }
-
- @Override
- public void merge(@Nonnull final Builder<? extends DataObject> builder, @Nonnull final List<VppAcls> readData) {
- IngressBuilder.class.cast(builder).setVppAcls(readData);
- }
-
- @Override
- protected InstanceIdentifier<VppAcls> getCfgId(
- final InstanceIdentifier<VppAcls> id) {
- return getAclCfgId(RWUtils.cutId(id, Acl.class)).child(Ingress.class)
- .child(VppAcls.class, id.firstKeyOf(VppAcls.class));
- }
-}
--- /dev/null
+/*
+ * Copyright (c) 2018 Cisco and/or its affiliates.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+
+package io.fd.hc2vpp.acl.read;
+
+import com.google.common.base.Optional;
+import com.google.common.collect.Streams;
+import io.fd.hc2vpp.acl.util.FutureJVppAclCustomizer;
+import io.fd.hc2vpp.common.translate.util.JvppReplyConsumer;
+import io.fd.hc2vpp.common.translate.util.NamingContext;
+import io.fd.honeycomb.translate.read.ReadContext;
+import io.fd.honeycomb.translate.read.ReadFailedException;
+import io.fd.honeycomb.translate.spi.read.Initialized;
+import io.fd.honeycomb.translate.spi.read.InitializingListReaderCustomizer;
+import io.fd.honeycomb.translate.util.read.cache.DumpCacheManager;
+import io.fd.vpp.jvpp.acl.dto.AclInterfaceListDetailsReplyDump;
+import io.fd.vpp.jvpp.acl.dto.AclInterfaceListDump;
+import io.fd.vpp.jvpp.acl.dto.MacipAclInterfaceListDetailsReplyDump;
+import io.fd.vpp.jvpp.acl.dto.MacipAclInterfaceListDump;
+import io.fd.vpp.jvpp.acl.future.FutureJVppAclFacade;
+import java.util.Collection;
+import java.util.List;
+import java.util.stream.Collectors;
+import java.util.stream.Stream;
+import javax.annotation.Nonnull;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.AttachmentPointsBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points.Interface;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points.InterfaceBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points.InterfaceKey;
+import org.opendaylight.yangtools.concepts.Builder;
+import org.opendaylight.yangtools.yang.binding.DataObject;
+import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
+
+public class InterfaceAclCustomizer extends FutureJVppAclCustomizer implements
+ InitializingListReaderCustomizer<Interface, InterfaceKey, InterfaceBuilder>, JvppReplyConsumer {
+ private final NamingContext interfaceContext;
+
+ private final DumpCacheManager<MacipAclInterfaceListDetailsReplyDump, Void> macipAclInterfaceListDumpManager;
+ private final DumpCacheManager<AclInterfaceListDetailsReplyDump, Void> aclInterfaceListDumpManager;
+
+ public InterfaceAclCustomizer(final FutureJVppAclFacade futureAclFacade, final NamingContext interfaceContext) {
+ super(futureAclFacade);
+ this.interfaceContext = interfaceContext;
+
+ //list all standard ACL interfaces
+ AclInterfaceListDump aclInterfaceListDump = new AclInterfaceListDump();
+ aclInterfaceListDump.swIfIndex = -1;
+ aclInterfaceListDumpManager =
+ new DumpCacheManager.DumpCacheManagerBuilder<AclInterfaceListDetailsReplyDump, Void>()
+ .withExecutor((identifier, params) -> getReplyForRead(
+ getjVppAclFacade().aclInterfaceListDump(aclInterfaceListDump).toCompletableFuture(),
+ identifier))
+ .acceptOnly(AclInterfaceListDetailsReplyDump.class)
+ .build();
+
+ //list all macIp ACL interfaces
+ MacipAclInterfaceListDump macipAclInterfaceListDump = new MacipAclInterfaceListDump();
+ macipAclInterfaceListDump.swIfIndex = 0;
+ macipAclInterfaceListDumpManager =
+ new DumpCacheManager.DumpCacheManagerBuilder<MacipAclInterfaceListDetailsReplyDump, Void>()
+ .withExecutor((identifier, params) -> getReplyForRead(
+ getjVppAclFacade().macipAclInterfaceListDump(macipAclInterfaceListDump)
+ .toCompletableFuture(),
+ identifier))
+ .acceptOnly(MacipAclInterfaceListDetailsReplyDump.class)
+ .build();
+ }
+
+ @Nonnull
+ @Override
+ public Initialized<? extends DataObject> init(@Nonnull final InstanceIdentifier<Interface> instanceIdentifier,
+ @Nonnull final Interface anInterface,
+ @Nonnull final ReadContext readContext) {
+ return Initialized.create(instanceIdentifier, anInterface);
+ }
+
+ @Nonnull
+ @Override
+ public List<InterfaceKey> getAllIds(@Nonnull final InstanceIdentifier<Interface> instanceIdentifier,
+ @Nonnull final ReadContext readContext) throws ReadFailedException {
+ final Optional<AclInterfaceListDetailsReplyDump> stdIfcDumpReply =
+ aclInterfaceListDumpManager.getDump(instanceIdentifier, readContext.getModificationCache());
+
+ final Optional<MacipAclInterfaceListDetailsReplyDump> macIpIfcDumpReply =
+ macipAclInterfaceListDumpManager.getDump(instanceIdentifier, readContext.getModificationCache());
+
+ Stream<InterfaceKey> stdAclIfcKeys = stdIfcDumpReply.asSet().stream()
+ .map(dump -> dump.aclInterfaceListDetails)
+ .flatMap(Collection::stream)
+ .filter(aclInterfaceListDetails -> aclInterfaceListDetails.acls.length != 0)
+ .map(details -> getInterfaceKey(readContext, details.swIfIndex));
+
+ Stream<InterfaceKey> macIpAclIfcKeys = macIpIfcDumpReply.asSet().stream()
+ .map(dump -> dump.macipAclInterfaceListDetails)
+ .flatMap(Collection::stream)
+ .map(details -> getInterfaceKey(readContext, details.swIfIndex));
+ return Streams.concat(stdAclIfcKeys, macIpAclIfcKeys).distinct().collect(Collectors.toList());
+ }
+
+ private InterfaceKey getInterfaceKey(@Nonnull final ReadContext readContext, final int swIfIndex) {
+ return new InterfaceKey(interfaceContext.getName(swIfIndex, readContext.getMappingContext()));
+ }
+
+ @Override
+ public void merge(@Nonnull final Builder<? extends DataObject> builder, @Nonnull final List<Interface> list) {
+ ((AttachmentPointsBuilder) builder).setInterface(list);
+ }
+
+ @Nonnull
+ @Override
+ public InterfaceBuilder getBuilder(@Nonnull final InstanceIdentifier<Interface> instanceIdentifier) {
+ return new InterfaceBuilder();
+ }
+
+ @Override
+ public void readCurrentAttributes(@Nonnull final InstanceIdentifier<Interface> instanceIdentifier,
+ @Nonnull final InterfaceBuilder interfaceBuilder,
+ @Nonnull final ReadContext readContext)
+ throws ReadFailedException {
+ interfaceBuilder.withKey(instanceIdentifier.firstKeyOf(Interface.class));
+ }
+}
+++ /dev/null
-/*
- * Copyright (c) 2016 Cisco and/or its affiliates.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at:
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package io.fd.hc2vpp.acl.read;
-
-import static io.fd.hc2vpp.acl.read.AbstractVppAclCustomizer.getAclCfgId;
-
-import com.google.common.annotations.VisibleForTesting;
-import com.google.common.base.Optional;
-import io.fd.hc2vpp.acl.util.AclContextManager;
-import io.fd.hc2vpp.acl.util.FutureJVppAclCustomizer;
-import io.fd.hc2vpp.common.translate.util.ByteDataTranslator;
-import io.fd.hc2vpp.common.translate.util.JvppReplyConsumer;
-import io.fd.hc2vpp.common.translate.util.NamingContext;
-import io.fd.honeycomb.translate.MappingContext;
-import io.fd.honeycomb.translate.ModificationCache;
-import io.fd.honeycomb.translate.read.ReadContext;
-import io.fd.honeycomb.translate.read.ReadFailedException;
-import io.fd.honeycomb.translate.spi.read.Initialized;
-import io.fd.honeycomb.translate.spi.read.InitializingReaderCustomizer;
-import io.fd.honeycomb.translate.util.RWUtils;
-import io.fd.honeycomb.translate.util.read.cache.DumpCacheManager;
-import io.fd.honeycomb.translate.util.read.cache.EntityDumpExecutor;
-import io.fd.vpp.jvpp.acl.dto.MacipAclDetailsReplyDump;
-import io.fd.vpp.jvpp.acl.dto.MacipAclDump;
-import io.fd.vpp.jvpp.acl.dto.MacipAclInterfaceGet;
-import io.fd.vpp.jvpp.acl.dto.MacipAclInterfaceGetReply;
-import io.fd.vpp.jvpp.acl.future.FutureJVppAclFacade;
-import javax.annotation.Nonnull;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.interfaces.state.Interface;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214._interface.acl.attributes.Acl;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214._interface.acl.attributes.acl.Ingress;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214._interface.acl.attributes.acl.IngressBuilder;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214.vpp.macip.acls.base.attributes.VppMacipAcl;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214.vpp.macip.acls.base.attributes.VppMacipAclBuilder;
-import org.opendaylight.yangtools.concepts.Builder;
-import org.opendaylight.yangtools.yang.binding.DataObject;
-import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-public class VppMacIpAclCustomizer extends FutureJVppAclCustomizer
- implements InitializingReaderCustomizer<VppMacipAcl, VppMacipAclBuilder>, JvppReplyConsumer, ByteDataTranslator {
-
- private static final Logger LOG = LoggerFactory.getLogger(VppMacIpAclCustomizer.class);
- @VisibleForTesting
- protected static final int ACL_NOT_ASSIGNED = -1;
-
- private final DumpCacheManager<MacipAclDetailsReplyDump, Integer> macIpAclDumpManager;
- private final DumpCacheManager<MacipAclInterfaceGetReply, Void> interfaceMacIpAclDumpManager;
- private final NamingContext interfaceContext;
- private final AclContextManager macIpAclContext;
-
- public VppMacIpAclCustomizer(@Nonnull final FutureJVppAclFacade jVppAclFacade,
- @Nonnull final NamingContext interfaceContext,
- @Nonnull final AclContextManager macIpAclContext) {
- super(jVppAclFacade);
-
- // for dumping of Mac-ip details
- macIpAclDumpManager = new DumpCacheManager.DumpCacheManagerBuilder<MacipAclDetailsReplyDump, Integer>()
- .withExecutor(createMacIpDumpExecutor())
- .acceptOnly(MacipAclDetailsReplyDump.class)
- .build();
-
- // for dumping of reference on interface
- interfaceMacIpAclDumpManager = new DumpCacheManager.DumpCacheManagerBuilder<MacipAclInterfaceGetReply, Void>()
- .withExecutor(createInterfaceMacIpDumpExecutor())
- .acceptOnly(MacipAclInterfaceGetReply.class)
- .build();
- this.interfaceContext = interfaceContext;
- this.macIpAclContext = macIpAclContext;
- }
-
- private static InstanceIdentifier<VppMacipAcl> getCfgId(
- final InstanceIdentifier<VppMacipAcl> id) {
- return getAclCfgId(RWUtils.cutId(id, Acl.class)).child(Ingress.class).child(VppMacipAcl.class);
- }
-
- private EntityDumpExecutor<MacipAclDetailsReplyDump, Integer> createMacIpDumpExecutor() {
- return (identifier, params) -> {
- MacipAclDump request = new MacipAclDump();
- request.aclIndex = params;
-
- return getReplyForRead(getjVppAclFacade().macipAclDump(request).toCompletableFuture(), identifier);
- };
- }
-
- private EntityDumpExecutor<MacipAclInterfaceGetReply, Void> createInterfaceMacIpDumpExecutor() {
- return (identifier, params) -> getReplyForRead(
- getjVppAclFacade().macipAclInterfaceGet(new MacipAclInterfaceGet()).toCompletableFuture(),
- identifier);
- }
-
- @Nonnull
- @Override
- public VppMacipAclBuilder getBuilder(@Nonnull final InstanceIdentifier<VppMacipAcl> id) {
- return new VppMacipAclBuilder();
- }
-
- @Override
- public void readCurrentAttributes(@Nonnull final InstanceIdentifier<VppMacipAcl> id,
- @Nonnull final VppMacipAclBuilder builder,
- @Nonnull final ReadContext ctx) throws ReadFailedException {
- final String interfaceName = id.firstKeyOf(Interface.class).getName();
- final MappingContext mappingContext = ctx.getMappingContext();
- final int interfaceIndex = interfaceContext.getIndex(interfaceName, mappingContext);
- final ModificationCache modificationCache = ctx.getModificationCache();
- final Optional<MacipAclInterfaceGetReply> interfacesMacIpDumpReply =
- interfaceMacIpAclDumpManager.getDump(id, modificationCache);
-
- if (interfacesMacIpDumpReply.isPresent() && interfaceIndex < interfacesMacIpDumpReply.get().count) {
- final int aclIndex = interfacesMacIpDumpReply.get().acls[interfaceIndex];
- if (aclIndex != ACL_NOT_ASSIGNED) {
- final Optional<MacipAclDetailsReplyDump> macIpDumpReply =
- macIpAclDumpManager.getDump(id, modificationCache, aclIndex);
-
- if (macIpDumpReply.isPresent() && !macIpDumpReply.get().macipAclDetails.isEmpty()) {
- builder.setName(macIpAclContext.getAclName(aclIndex, mappingContext));
- builder.setType(
- org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.VppMacipAcl.class);
- return;
- } else {
- // this is invalid state(Interface in VPP will act as "deny-all" for security reasons), but generally
- // it should not happen
- throw new ReadFailedException(id,
- new IllegalStateException(String.format("ACE with index %s not found in VPP", aclIndex)));
- }
- }
- }
- // this is valid state, so just logging
- LOG.debug("No Mac-ip ACL specified for Interface name={},index={}", interfaceName, interfaceIndex);
- }
-
- @Override
- public void merge(@Nonnull final Builder<? extends DataObject> parentBuilder,
- @Nonnull final VppMacipAcl readValue) {
- IngressBuilder.class.cast(parentBuilder).setVppMacipAcl(readValue);
- }
-
- @Nonnull
- @Override
- public Initialized<? extends DataObject> init(@Nonnull final InstanceIdentifier<VppMacipAcl> id,
- @Nonnull final VppMacipAcl readValue,
- @Nonnull final ReadContext ctx) {
- return Initialized.create(getCfgId(id), readValue);
- }
-}
package io.fd.hc2vpp.acl.read.factory;
-import static io.fd.hc2vpp.acl.read.factory.InterfaceAclReaderFactory.ACL_EGRESS_IID;
-import static io.fd.hc2vpp.acl.read.factory.InterfaceAclReaderFactory.ACL_INGRESS_IID;
+import static io.fd.hc2vpp.acl.AclIIds.vppAclChildren;
import com.google.common.collect.ImmutableSet;
import com.google.inject.Inject;
import com.google.inject.name.Named;
+import io.fd.hc2vpp.acl.AclIIds;
import io.fd.hc2vpp.acl.AclModule;
import io.fd.hc2vpp.acl.read.AclCustomizer;
import io.fd.hc2vpp.acl.util.AclContextManager;
-import io.fd.hc2vpp.acl.util.factory.AclFactory;
import io.fd.honeycomb.translate.impl.read.GenericInitListReader;
import io.fd.honeycomb.translate.read.ReaderFactory;
import io.fd.honeycomb.translate.read.registry.ModifiableReaderRegistryBuilder;
import io.fd.vpp.jvpp.acl.future.FutureJVppAclFacade;
import javax.annotation.Nonnull;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.AccessLists;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.AccessListsBuilder;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.Acl;
-import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.AclsBuilder;
-public class AclReaderFactory implements ReaderFactory, AclFactory {
+public class AclReaderFactory implements ReaderFactory {
@Inject
private FutureJVppAclFacade futureAclFacade;
@Named(AclModule.MAC_IP_ACL_CONTEXT_NAME)
private AclContextManager macIpAClContext;
- private static final InstanceIdentifier<AccessLists> ACLS_ID = InstanceIdentifier.create(AccessLists.class);
- private static final InstanceIdentifier<Acl> ACL_ID = ACLS_ID.child(Acl.class);
-
@Override
public void init(@Nonnull final ModifiableReaderRegistryBuilder registry) {
- registry.addStructuralReader(ACLS_ID, AccessListsBuilder.class);
+ registry.addStructuralReader(AclIIds.ACLS, AclsBuilder.class);
- registry.subtreeAddBefore(vppAclChildren(InstanceIdentifier.create(Acl.class)),
- new GenericInitListReader<>(ACL_ID,
+ registry.subtreeAddBefore(vppAclChildren(AclIIds.ACL),
+ new GenericInitListReader<>(AclIIds.ACLS_ACL,
new AclCustomizer(futureAclFacade, standardAclContext, macIpAClContext)),
- ImmutableSet.of(ACL_INGRESS_IID, ACL_EGRESS_IID));
+ ImmutableSet.of(AclIIds.ACLS_AP_INT_ING, AclIIds.ACLS_AP_INT_EGR));
}
}
import com.google.inject.Inject;
import com.google.inject.name.Named;
+import io.fd.hc2vpp.acl.AclIIds;
import io.fd.hc2vpp.acl.AclModule;
-import io.fd.hc2vpp.acl.read.EgressVppAclCustomizer;
-import io.fd.hc2vpp.acl.read.IngressVppAclCustomizer;
-import io.fd.hc2vpp.acl.read.VppMacIpAclCustomizer;
+import io.fd.hc2vpp.acl.read.InterfaceAclCustomizer;
+import io.fd.hc2vpp.acl.read.EgressAclCustomizer;
+import io.fd.hc2vpp.acl.read.IngressAclCustomizer;
import io.fd.hc2vpp.acl.util.AclContextManager;
import io.fd.hc2vpp.common.translate.util.NamingContext;
import io.fd.honeycomb.translate.impl.read.GenericInitListReader;
-import io.fd.honeycomb.translate.impl.read.GenericInitReader;
import io.fd.honeycomb.translate.read.ReaderFactory;
import io.fd.honeycomb.translate.read.registry.ModifiableReaderRegistryBuilder;
import io.fd.vpp.jvpp.acl.future.FutureJVppAclFacade;
import javax.annotation.Nonnull;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.InterfacesState;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.interfaces.state.Interface;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214.VppAclInterfaceStateAugmentation;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214.VppAclInterfaceStateAugmentationBuilder;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214._interface.acl.attributes.Acl;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214._interface.acl.attributes.AclBuilder;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214._interface.acl.attributes.acl.Egress;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214._interface.acl.attributes.acl.EgressBuilder;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214._interface.acl.attributes.acl.Ingress;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214._interface.acl.attributes.acl.IngressBuilder;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214.vpp.acls.base.attributes.VppAcls;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214.vpp.macip.acls.base.attributes.VppMacipAcl;
-import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.AttachmentPointsBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points._interface.EgressBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points._interface.IngressBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points._interface.acl.AclSetsBuilder;
public class InterfaceAclReaderFactory implements ReaderFactory {
@Named("interface-context")
private NamingContext interfaceContext;
- private static final InstanceIdentifier<Interface>
- IFC_ID = InstanceIdentifier.create(InterfacesState.class).child(Interface.class);
- private static final InstanceIdentifier<VppAclInterfaceStateAugmentation> VPP_ACL_AUG_IID =
- IFC_ID.augmentation(VppAclInterfaceStateAugmentation.class);
- static final InstanceIdentifier<Acl> ACL_IID = VPP_ACL_AUG_IID.child(Acl.class);
- static final InstanceIdentifier<Ingress> ACL_INGRESS_IID = ACL_IID.child(Ingress.class);
- static final InstanceIdentifier<Egress> ACL_EGRESS_IID = ACL_IID.child(Egress.class);
-
@Override
public void init(@Nonnull final ModifiableReaderRegistryBuilder registry) {
- registry.addStructuralReader(VPP_ACL_AUG_IID, VppAclInterfaceStateAugmentationBuilder.class);
- registry.addStructuralReader(ACL_IID, AclBuilder.class);
+ registry.addStructuralReader(AclIIds.ACLS_AP, AttachmentPointsBuilder.class);
+
+ registry.addAfter(new GenericInitListReader<>(AclIIds.ACLS_AP_INT,
+ new InterfaceAclCustomizer(futureAclFacade, interfaceContext)),
+ AclIIds.IFC_STATE);
- registry.addStructuralReader(ACL_INGRESS_IID, IngressBuilder.class);
- registry.addAfter(new GenericInitListReader<>(ACL_INGRESS_IID.child(VppAcls.class),
- new IngressVppAclCustomizer(futureAclFacade, interfaceContext, standardAclContext)), IFC_ID);
- registry.addAfter(new GenericInitReader<>(ACL_INGRESS_IID.child(VppMacipAcl.class),
- new VppMacIpAclCustomizer(futureAclFacade, interfaceContext, macIpAClContext)), IFC_ID);
+ registry.addStructuralReader(AclIIds.ACLS_AP_INT_ING, IngressBuilder.class);
+ registry.addStructuralReader(AclIIds.ACLS_AP_INT_EGR, EgressBuilder.class);
+ registry.addStructuralReader(AclIIds.ACLS_AP_INT_ING_ACLS, AclSetsBuilder.class);
+ registry.addStructuralReader(AclIIds.ACLS_AP_INT_EGR_ACLS, AclSetsBuilder.class);
- registry.addStructuralReader(ACL_EGRESS_IID, EgressBuilder.class);
- registry.addAfter(new GenericInitListReader<>(ACL_EGRESS_IID.child(VppAcls.class),
- new EgressVppAclCustomizer(futureAclFacade, interfaceContext, standardAclContext)), IFC_ID);
+ registry.addAfter(new GenericInitListReader<>(AclIIds.ACLS_AP_INT_ING_ACLS_ACL,
+ new IngressAclCustomizer(futureAclFacade, interfaceContext, standardAclContext, macIpAClContext)),
+ AclIIds.ACLS_AP_INT);
+ registry.addAfter(new GenericInitListReader<>(AclIIds.ACLS_AP_INT_EGR_ACLS_ACL,
+ new EgressAclCustomizer(futureAclFacade, interfaceContext, standardAclContext)), AclIIds.ACLS_AP_INT);
}
}
import io.fd.honeycomb.translate.MappingContext;
import java.util.List;
import javax.annotation.Nonnull;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.Ace;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.Ace;
/**
* Manages metadata for acl plugin
import java.util.stream.Collector;
import javax.annotation.Nonnull;
import javax.annotation.concurrent.ThreadSafe;
+import org.opendaylight.yang.gen.v1.http.fd.io.hc2vpp.yang.vpp.acl.context.rev170104.VppAclContextAugmentation;
+import org.opendaylight.yang.gen.v1.http.fd.io.hc2vpp.yang.vpp.acl.context.rev170104.vpp.acl.context.attributes.VppAclMappings;
+import org.opendaylight.yang.gen.v1.http.fd.io.hc2vpp.yang.vpp.acl.context.rev170104.vpp.acl.context.attributes.vpp.acl.mappings.VppAclContext;
+import org.opendaylight.yang.gen.v1.http.fd.io.hc2vpp.yang.vpp.acl.context.rev170104.vpp.acl.context.attributes.vpp.acl.mappings.VppAclContextKey;
+import org.opendaylight.yang.gen.v1.http.fd.io.hc2vpp.yang.vpp.acl.context.rev170104.vpp.acl.context.attributes.vpp.acl.mappings.vpp.acl.context.AclMapping;
+import org.opendaylight.yang.gen.v1.http.fd.io.hc2vpp.yang.vpp.acl.context.rev170104.vpp.acl.context.attributes.vpp.acl.mappings.vpp.acl.context.AclMappingBuilder;
+import org.opendaylight.yang.gen.v1.http.fd.io.hc2vpp.yang.vpp.acl.context.rev170104.vpp.acl.context.attributes.vpp.acl.mappings.vpp.acl.context.AclMappingKey;
+import org.opendaylight.yang.gen.v1.http.fd.io.hc2vpp.yang.vpp.acl.context.rev170104.vpp.acl.context.attributes.vpp.acl.mappings.vpp.acl.context.acl.mapping.AceMapping;
+import org.opendaylight.yang.gen.v1.http.fd.io.hc2vpp.yang.vpp.acl.context.rev170104.vpp.acl.context.attributes.vpp.acl.mappings.vpp.acl.context.acl.mapping.AceMappingBuilder;
+import org.opendaylight.yang.gen.v1.http.fd.io.hc2vpp.yang.vpp.acl.context.rev170104.vpp.acl.context.attributes.vpp.acl.mappings.vpp.acl.context.acl.mapping.AceMappingKey;
import org.opendaylight.yang.gen.v1.urn.honeycomb.params.xml.ns.yang.naming.context.rev160513.Contexts;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.Ace;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.context.rev170104.VppAclContextAugmentation;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.context.rev170104.vpp.acl.context.attributes.VppAclMappings;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.context.rev170104.vpp.acl.context.attributes.vpp.acl.mappings.VppAclContext;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.context.rev170104.vpp.acl.context.attributes.vpp.acl.mappings.VppAclContextKey;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.context.rev170104.vpp.acl.context.attributes.vpp.acl.mappings.vpp.acl.context.AclMapping;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.context.rev170104.vpp.acl.context.attributes.vpp.acl.mappings.vpp.acl.context.AclMappingBuilder;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.context.rev170104.vpp.acl.context.attributes.vpp.acl.mappings.vpp.acl.context.AclMappingKey;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.context.rev170104.vpp.acl.context.attributes.vpp.acl.mappings.vpp.acl.context.acl.mapping.AceMapping;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.context.rev170104.vpp.acl.context.attributes.vpp.acl.mappings.vpp.acl.context.acl.mapping.AceMappingBuilder;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.context.rev170104.vpp.acl.context.attributes.vpp.acl.mappings.vpp.acl.context.acl.mapping.AceMappingKey;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.Ace;
import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
import org.opendaylight.yangtools.yang.binding.KeyedInstanceIdentifier;
final List<AceMapping> mappings = new ArrayList<>(aces.size());
int aceIndex = 0;
for (final Ace ace : aces) {
- mappings.add(new AceMappingBuilder().setName(ace.getRuleName()).setIndex(aceIndex++).build());
+ mappings.add(new AceMappingBuilder().setName(ace.getName()).setIndex(aceIndex++).build());
}
aclMapping.setAceMapping(mappings);
ctx.put(mappingIid, aclMapping.build());
package io.fd.hc2vpp.acl.util.ace;
+import com.google.common.base.Preconditions;
import io.fd.hc2vpp.acl.util.AclContextManager;
import io.fd.hc2vpp.acl.util.ace.extractor.MacIpAceDataExtractor;
import io.fd.hc2vpp.acl.util.ace.extractor.StandardAceDataExtractor;
import java.util.List;
import java.util.stream.Collectors;
import javax.annotation.Nonnull;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.Ace;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.AceBuilder;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.AceKey;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.ace.MatchesBuilder;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.access.lists.acl.access.list.entries.ace.matches.ace.type.VppAce;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.access.lists.acl.access.list.entries.ace.matches.ace.type.VppAceBuilder;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.access.lists.acl.access.list.entries.ace.matches.ace.type.VppMacipAce;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.access.lists.acl.access.list.entries.ace.matches.ace.type.VppMacipAceBuilder;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.access.lists.acl.access.list.entries.ace.matches.ace.type.vpp.ace.VppAceNodesBuilder;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.access.lists.acl.access.list.entries.ace.matches.ace.type.vpp.macip.ace.VppMacipAceNodesBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.Ace;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.AceBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.AceKey;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.MatchesBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.L3;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l2.EthBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l2.eth.Eth;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l3.ipv4.Ipv4;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l3.ipv6.Ipv6;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev181001.acl.ipv4.header.fields.SourceNetwork;
/**
* Convert between Ace's and vpp rules.
default MacipAclRule[] toMacIpAclRules(@Nonnull final List<Ace> aces) {
return aces.stream()
+ .filter(ace -> ace.getMatches() != null && ace.getMatches().getL2() != null)
+ .filter(ace -> ace.getMatches().getL2().getImplementedInterface()
+ .equals(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l2.Eth.class))
.map(ace -> {
- final VppMacipAce macIpAce = fromMacIpAce(ace);
-
MacipAclRule rule = new MacipAclRule();
+ org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l2.Eth
+ l2 =
+ (org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l2.Eth) ace
+ .getMatches().getL2();
+
+ Eth eth = Preconditions
+ .checkNotNull(l2.getEth(), "Cannot parse eth for MacIpAcl ACE rule: {}", ace);
- rule.srcMac = sourceMacAsBytes(macIpAce);
- rule.srcMacMask = sourceMacMaskAsBytes(macIpAce);
+ rule.srcMac = sourceMacAsBytes(eth.getSourceMacAddress());
+ rule.srcMacMask = sourceMacMaskAsBytes(eth.getSourceMacAddressMask());
rule.isPermit = macIpAction(ace);
- if (macIpIsIpv6(macIpAce)) {
- rule.isIpv6 = 1;
- rule.srcIpAddr = ipv6Address(macIpAce);
- rule.srcIpPrefixLen = ipv6AddressPrefix(macIpAce);
+ L3 l3 = ace.getMatches().getL3();
+
+ if (l3 != null && l3.getImplementedInterface()
+ .equals(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l3.Ipv4.class)) {
+ Ipv4 ipv4 =
+ ((org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l3.Ipv4) l3)
+ .getIpv4();
+ if (ipv4 != null && ipv4.getSourceNetwork() != null) {
+ // IPv4 is set for MacIpAcl
+ SourceNetwork sourceNetwork = ipv4.getSourceNetwork();
+ rule.isIpv6 = 0;
+ rule.srcIpAddr = ipv4Address(sourceNetwork);
+ rule.srcIpPrefixLen = ipv4AddressPrefix(sourceNetwork);
+ }
+ } else if (l3 != null && l3.getImplementedInterface()
+ .equals(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l3.Ipv6.class)) {
+ Ipv6 ipv6 =
+ ((org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l3.Ipv6) l3)
+ .getIpv6();
+ if (ipv6 != null && ipv6.getSourceNetwork() != null) {
+ // IPv6 is set for MacIpAcl
+ org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev181001.acl.ipv6.header.fields.SourceNetwork
+ sourceNetwork = ipv6.getSourceNetwork();
+ rule.isIpv6 = 1;
+ rule.srcIpAddr = ipv6Address(sourceNetwork);
+ rule.srcIpPrefixLen = ipv6AddressPrefix(sourceNetwork);
+ }
} else {
+ // No IP is set for MacIpAcl
rule.isIpv6 = 0;
- rule.srcIpAddr = ipv4Address(macIpAce);
- rule.srcIpPrefixLen = ipv4AddressPrefix(macIpAce);
+ rule.srcIpAddr = new byte[4];
+ rule.srcIpPrefixLen = 0;
}
return rule;
default AclRule[] toStandardAclRules(@Nonnull final List<Ace> aces) {
return aces.stream()
+ .filter(ace -> ace.getMatches() != null)
.map(ace -> {
- final VppAce standardAce = fromStandardAce(ace);
-
// pre-bind rule with protocol based attributes (if present)
- AclRule rule = createPreBindRule(standardAce);
+ AclRule rule = createPreBindRule(ace);
rule.isPermit = standardAction(ace);
- if (standardIsIpv6(standardAce, ace.getMatches())) {
+ if (standardIsIpv6(ace.getMatches())) {
rule.isIpv6 = 1;
- rule.srcIpAddr = ipv6SourceAddress(standardAce);
- rule.srcIpPrefixLen = ipv6SourceAddressPrefix(standardAce);
- rule.dstIpAddr = ipv6DestinationAddress(standardAce);
- rule.dstIpPrefixLen = ipv6DestinationAddressPrefix(standardAce);
+ rule.srcIpAddr = ipv6SourceAddress(ace.getMatches());
+ rule.srcIpPrefixLen = ipv6SourceAddressPrefix(ace.getMatches());
+ rule.dstIpAddr = ipv6DestinationAddress(ace.getMatches());
+ rule.dstIpPrefixLen = ipv6DestinationAddressPrefix(ace.getMatches());
} else {
rule.isIpv6 = 0;
- rule.srcIpAddr = ipv4SourceAddress(standardAce);
- rule.srcIpPrefixLen = ipv4SourceAddressPrefix(standardAce);
- rule.dstIpAddr = ipv4DestinationAddress(standardAce);
- rule.dstIpPrefixLen = ipv4DestinationAddressPrefix(standardAce);
+ rule.srcIpAddr = ipv4SourceAddress(ace.getMatches());
+ rule.srcIpPrefixLen = ipv4SourceAddressPrefix(ace.getMatches());
+ rule.dstIpAddr = ipv4DestinationAddress(ace.getMatches());
+ rule.dstIpPrefixLen = ipv4DestinationAddressPrefix(ace.getMatches());
}
return rule;
int i = 0;
for (final MacipAclRule rule : rules) {
final AceBuilder ace = new AceBuilder();
- final VppMacipAceBuilder aceType = new VppMacipAceBuilder();
- final VppMacipAceNodesBuilder nodes = new VppMacipAceNodesBuilder();
- nodes.setAceIpVersion(ipVersion(rule));
- nodes.setSourceMacAddress(sourceMac(rule));
- nodes.setSourceMacAddressMask(sourceMacMask(rule));
- aceType.setVppMacipAceNodes(nodes.build());
-
- ace.setMatches(new MatchesBuilder().setAceType(aceType.build()).build());
+ ace.setMatches(
+ new MatchesBuilder()
+ .setL3(parseMacIpAceL3(rule))
+ .setL2(new EthBuilder()
+ .setEth(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l2.eth.EthBuilder()
+ .setSourceMacAddress(sourceMac(rule))
+ .setSourceMacAddressMask(sourceMacMask(rule))
+ .build())
+ .build())
+ .build());
ace.setActions(actions(rule.isPermit));
final String aceName = macipAclContext.getAceName(aclName, i++, mappingContext);
- ace.setRuleName(aceName);
+ ace.setName(aceName);
ace.withKey(new AceKey(aceName));
aces.add(ace.build());
int i = 0;
for (final AclRule rule : rules) {
final AceBuilder ace = new AceBuilder();
- final VppAceBuilder aceType = new VppAceBuilder();
- final VppAceNodesBuilder nodes = new VppAceNodesBuilder();
- nodes.setAceIpVersion(ipVersion(rule));
- nodes.setIpProtocol(parseProtocol(rule));
- aceType.setVppAceNodes(nodes.build());
-
- ace.setMatches(new MatchesBuilder().setAceType(aceType.build()).build());
+ ace.setMatches(new MatchesBuilder()
+ .setL3(parseStandardAceL3(rule))
+ .setL4(parseProtocol(rule))
+ .build());
ace.setActions(actions(rule.isPermit));
final String aceName = standardAclContext.getAceName(aclName, i++, mappingContext);
- ace.setRuleName(aceName);
+ ace.setName(aceName);
ace.withKey(new AceKey(aceName));
aces.add(ace.build());
}
import io.fd.vpp.jvpp.acl.types.MacipAclRule;
import java.util.Optional;
import javax.annotation.Nonnull;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.Ace;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.ace.Matches;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.ace.actions.PacketHandling;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.ace.actions.packet.handling.Deny;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.ace.actions.packet.handling.Permit;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.Accept;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.Ace;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.Actions;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.L3;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l3.Ipv4;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l3.Ipv4Builder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l3.Ipv6;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l3.Ipv6Builder;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.Ipv4Prefix;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.Ipv6Prefix;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev181001.acl.ipv4.header.fields.SourceNetwork;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev181001.acl.ipv4.header.fields.source.network.SourceIpv4Network;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev181001.acl.ipv4.header.fields.source.network.SourceIpv4NetworkBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev181001.acl.ipv6.header.fields.source.network.SourceIpv6Network;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev181001.acl.ipv6.header.fields.source.network.SourceIpv6NetworkBuilder;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.yang.types.rev130715.MacAddress;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.VppMacipAceEthHeaderFields;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.VppMacipAceIpv4HeaderFields;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.VppMacipAceIpv6HeaderFields;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.access.lists.acl.access.list.entries.ace.matches.ace.type.VppMacipAce;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.access.lists.acl.access.list.entries.ace.matches.ace.type.vpp.macip.ace.VppMacipAceNodes;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.access.lists.acl.access.list.entries.ace.matches.ace.type.vpp.macip.ace.vpp.macip.ace.nodes.AceIpVersion;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.access.lists.acl.access.list.entries.ace.matches.ace.type.vpp.macip.ace.vpp.macip.ace.nodes.ace.ip.version.AceIpv4Builder;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.access.lists.acl.access.list.entries.ace.matches.ace.type.vpp.macip.ace.vpp.macip.ace.nodes.ace.ip.version.AceIpv6;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.access.lists.acl.access.list.entries.ace.matches.ace.type.vpp.macip.ace.vpp.macip.ace.nodes.ace.ip.version.AceIpv6Builder;
public interface MacIpAceDataExtractor extends AddressExtractor, MacTranslator {
- default VppMacipAce fromMacIpAce(@Nonnull final Ace ace) {
- return Optional.ofNullable(ace.getMatches())
- .map(Matches::getAceType)
- .map(VppMacipAce.class::cast)
- .orElseThrow(
- () -> new IllegalArgumentException(String.format("Unable to create VppMacipAce from %s", ace)));
- }
-
- default boolean macIpIsIpv6(@Nonnull final VppMacipAce ace) {
- return Optional.ofNullable(ace.getVppMacipAceNodes())
- .map(VppMacipAceNodes::getAceIpVersion)
- .map(aceIpVersion -> aceIpVersion instanceof AceIpv6)
- .orElse(false);
- }
-
- default byte[] sourceMacAsBytes(@Nonnull final VppMacipAce ace) {
- return macToByteArray(Optional.ofNullable(ace.getVppMacipAceNodes())
- .map(VppMacipAceEthHeaderFields::getSourceMacAddress)
+ default byte[] sourceMacAsBytes(final MacAddress mac) {
+ return macToByteArray(Optional.ofNullable(mac)
.map(MacAddress::getValue)
.orElse(Impl.DEFAULT_MAC));
}
- default byte[] sourceMacMaskAsBytes(@Nonnull final VppMacipAce ace) {
- return macToByteArray(Optional.ofNullable(ace.getVppMacipAceNodes())
- .map(VppMacipAceEthHeaderFields::getSourceMacAddressMask)
+ default byte[] sourceMacMaskAsBytes(final MacAddress mac) {
+ return macToByteArray(Optional.ofNullable(mac)
.map(MacAddress::getValue)
.orElse(Impl.DEFAULT_MAC_MASK));
}
- default byte[] ipv4Address(@Nonnull final VppMacipAce ace) {
- return extractIp4Address(extractV4NetworkAddressOrNull(ace));
+ default byte[] ipv4Address(@Nonnull final SourceNetwork network) {
+ return extractIp4Address(extractV4NetworkAddressOrNull(network));
}
- default byte ipv4AddressPrefix(@Nonnull final VppMacipAce ace) {
- return extractIp4AddressPrefix(extractV4NetworkAddressOrNull(ace));
+ default byte ipv4AddressPrefix(@Nonnull final SourceNetwork network) {
+ return extractIp4AddressPrefix(extractV4NetworkAddressOrNull(network));
}
- static Ipv4Prefix extractV4NetworkAddressOrNull(final @Nonnull VppMacipAce ace) {
- return Optional.ofNullable(ace.getVppMacipAceNodes())
- .map(VppMacipAceNodes::getAceIpVersion)
- .map(VppMacipAceIpv4HeaderFields.class::cast)
- .map(VppMacipAceIpv4HeaderFields::getSourceIpv4Network)
+ static Ipv4Prefix extractV4NetworkAddressOrNull(final @Nonnull SourceNetwork network) {
+ return Optional.of(network).filter(net -> net instanceof SourceIpv4Network)
+ .map(SourceIpv4Network.class::cast)
+ .map(SourceIpv4Network::getSourceIpv4Network)
.orElse(null);
}
- default byte[] ipv6Address(@Nonnull final VppMacipAce ace) {
- return extractIp6Address(extractV6NetworkAddressOrNull(ace));
+ default byte[] ipv6Address(
+ @Nonnull final org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev181001.acl.ipv6.header.fields.SourceNetwork network) {
+ return extractIp6Address(extractV6NetworkAddressOrNull(network));
}
- default byte ipv6AddressPrefix(@Nonnull final VppMacipAce ace) {
- return extractIp6AddressPrefix(extractV6NetworkAddressOrNull(ace));
+ default byte ipv6AddressPrefix(
+ @Nonnull final org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev181001.acl.ipv6.header.fields.SourceNetwork network) {
+ return extractIp6AddressPrefix(extractV6NetworkAddressOrNull(network));
}
- default Ipv6Prefix extractV6NetworkAddressOrNull(@Nonnull final VppMacipAce ace) {
- return Optional.ofNullable(ace.getVppMacipAceNodes())
- .map(VppMacipAceNodes::getAceIpVersion)
- .map(VppMacipAceIpv6HeaderFields.class::cast)
- .map(VppMacipAceIpv6HeaderFields::getSourceIpv6Network)
+ default Ipv6Prefix extractV6NetworkAddressOrNull(
+ @Nonnull final org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev181001.acl.ipv6.header.fields.SourceNetwork network) {
+ return Optional.of(network).filter(net -> net instanceof SourceIpv6Network)
+ .map(SourceIpv6Network.class::cast)
+ .map(SourceIpv6Network::getSourceIpv6Network)
.orElse(null);
}
*/
default byte macIpAction(@Nonnull final Ace ace) {
// action choice itself has default, but nothing stops us from not defining actions container itself
- final PacketHandling action = Optional.ofNullable(ace.getActions()).orElseThrow(
- () -> new IllegalArgumentException(String.format("Unable to extract Action from %s", ace)))
- .getPacketHandling();
- if (action instanceof Permit) {
- return 1;
- } else if (action instanceof Deny) {
- return 0;
+ Actions actions = Optional.ofNullable(ace.getActions()).orElseThrow(
+ () -> new IllegalArgumentException(String.format("Unable to extract Action from %s", ace)));
+ if (actions.getForwarding() != null) {
+ if (ace.getActions().getForwarding().equals(Accept.class)) {
+ return 1;
+ } else {
+ return 0;
+ }
} else {
throw new IllegalArgumentException(
- String.format("Unsupported packet-handling action %s for ACE %s", action, ace));
+ String.format("Unsupported packet-handling action %s for ACE %s", actions, ace));
}
}
- default AceIpVersion ipVersion(@Nonnull final MacipAclRule rule) {
+ default L3 parseMacIpAceL3(@Nonnull final MacipAclRule rule) {
if (rule.isIpv6 == 0) {
- return ip4Ace(rule);
+ return ip4L3(rule);
} else {
- return ip6Ace(rule);
+ return ip6L3(rule);
}
}
- default AceIpVersion ip4Ace(@Nonnull final MacipAclRule rule) {
- final AceIpv4Builder ipVersion = new AceIpv4Builder();
+ default Ipv4 ip4L3(@Nonnull final MacipAclRule rule) {
+ final Ipv4Builder ipv4Builder = new Ipv4Builder();
+
if (rule.srcIpAddr != null && rule.srcIpAddr.length != 0) {
- ipVersion.setSourceIpv4Network(toIpv4Prefix(truncateIp4Array(rule.srcIpAddr), rule.srcIpPrefixLen));
+ ipv4Builder.setIpv4(
+ new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l3.ipv4.Ipv4Builder()
+ .setSourceNetwork(new SourceIpv4NetworkBuilder()
+ .setSourceIpv4Network(
+ toIpv4Prefix(truncateIp4Array(rule.srcIpAddr), rule.srcIpPrefixLen))
+ .build())
+ .build());
}
- return ipVersion.build();
+ return ipv4Builder.build();
}
- default AceIpVersion ip6Ace(@Nonnull final MacipAclRule rule) {
- final AceIpv6Builder ipVersion = new AceIpv6Builder();
+ default Ipv6 ip6L3(@Nonnull final MacipAclRule rule) {
+ final Ipv6Builder ipv6Builder = new Ipv6Builder();
if (rule.srcIpAddr != null && rule.srcIpAddr.length != 0) {
- ipVersion.setSourceIpv6Network(toIpv6Prefix(rule.srcIpAddr, rule.srcIpPrefixLen));
+ ipv6Builder.setIpv6(
+ new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l3.ipv6.Ipv6Builder()
+ .setSourceNetwork(new SourceIpv6NetworkBuilder()
+ .setSourceIpv6Network(toIpv6Prefix(rule.srcIpAddr, rule.srcIpPrefixLen))
+ .build())
+ .build());
}
- return ipVersion.build();
+ return ipv6Builder.build();
}
default MacAddress sourceMac(@Nonnull final MacipAclRule rule) {
import java.util.Optional;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.Ace;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.ace.Actions;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.ace.ActionsBuilder;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.ace.Matches;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.ace.actions.PacketHandling;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.ace.actions.packet.handling.Deny;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.ace.actions.packet.handling.DenyBuilder;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.ace.actions.packet.handling.Permit;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.ace.actions.packet.handling.PermitBuilder;
+import org.opendaylight.yang.gen.v1.http.fd.io.hc2vpp.yang.vpp.acl.rev181022.AcceptAndReflect;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.Accept;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.Drop;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.ForwardingAction;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.Reject;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.Ace;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.Actions;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.ActionsBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.Matches;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.L3;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l3.Ipv4;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l3.Ipv4Builder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l3.Ipv6;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l3.Ipv6Builder;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.Ipv4Prefix;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.Ipv6Prefix;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev160708.AclIpv4HeaderFields;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev160708.AclIpv6HeaderFields;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.AclIpProtocolHeaderFields;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.access.lists.acl.access.list.entries.ace.actions.packet.handling.Stateful;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.access.lists.acl.access.list.entries.ace.actions.packet.handling.StatefulBuilder;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.access.lists.acl.access.list.entries.ace.matches.ace.type.VppAce;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.access.lists.acl.access.list.entries.ace.matches.ace.type.vpp.ace.VppAceNodes;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.access.lists.acl.access.list.entries.ace.matches.ace.type.vpp.ace.vpp.ace.nodes.AceIpVersion;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.access.lists.acl.access.list.entries.ace.matches.ace.type.vpp.ace.vpp.ace.nodes.ace.ip.version.AceIpv4Builder;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.access.lists.acl.access.list.entries.ace.matches.ace.type.vpp.ace.vpp.ace.nodes.ace.ip.version.AceIpv6;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.access.lists.acl.access.list.entries.ace.matches.ace.type.vpp.ace.vpp.ace.nodes.ace.ip.version.AceIpv6Builder;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.acl.ip.protocol.header.fields.ip.protocol.IcmpV6;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev181001.AclIpv4HeaderFields;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev181001.AclIpv6HeaderFields;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev181001.acl.ipv4.header.fields.destination.network.DestinationIpv4Network;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev181001.acl.ipv4.header.fields.destination.network.DestinationIpv4NetworkBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev181001.acl.ipv4.header.fields.source.network.SourceIpv4Network;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev181001.acl.ipv4.header.fields.source.network.SourceIpv4NetworkBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev181001.acl.ipv6.header.fields.destination.network.DestinationIpv6Network;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev181001.acl.ipv6.header.fields.destination.network.DestinationIpv6NetworkBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev181001.acl.ipv6.header.fields.source.network.SourceIpv6Network;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev181001.acl.ipv6.header.fields.source.network.SourceIpv6NetworkBuilder;
public interface StandardAceDataExtractor extends AddressExtractor, ProtoPreBindRuleProducer, IpProtocolReader {
/**
* Allowed packet-processing actions for Acl's
*/
- Map<Class<? extends PacketHandling>, Integer> ACTION_VALUE_PAIRS = ImmutableMap.of(Deny.class, 0, Permit.class, 1,
- Stateful.class, 2);
-
- default VppAce fromStandardAce(@Nonnull final Ace ace) {
- return Optional.ofNullable(ace.getMatches())
- .map(Matches::getAceType)
- .map(VppAce.class::cast)
- .orElseThrow(() -> new IllegalArgumentException(String.format("Unable to create VppAce from %s", ace)));
- }
-
- default boolean standardIsIpv6(@Nonnull final VppAce ace, @Nullable final Matches matches) {
- final Optional<AceIpVersion> aceIpVersion = Optional.ofNullable(matches)
- .map(Matches::getAceType)
- .map(VppAce.class::cast)
- .map(VppAce::getVppAceNodes)
- .map(VppAceNodes::getAceIpVersion);
-
- // tries to detect version by ace-ip-version
- if(aceIpVersion.isPresent()){
- return aceIpVersion
- .map(version -> version instanceof AceIpv6)
- .orElse(false);
- }
+ Map<Class<? extends ForwardingAction>, Integer> ACTION_VALUE_PAIRS =
+ ImmutableMap.of(Drop.class, 0, Reject.class, 0, Accept.class, 1, AcceptAndReflect.class, 2);
- // otherwise goes by ip-protocol
- return Optional.ofNullable(ace.getVppAceNodes())
- .map(AclIpProtocolHeaderFields::getIpProtocol)
- .map(ipProtocol -> ipProtocol instanceof IcmpV6)
- .orElse(false);
+ default boolean standardIsIpv6(@Nullable final Matches matches) {
+ return Optional.ofNullable(matches)
+ .map(Matches::getL3)
+ .filter(l3 -> l3.getImplementedInterface().equals(Ipv6.class))
+ .map(Ipv6.class::cast)
+ .map(Ipv6::getIpv6)
+ .isPresent();
}
- default byte[] ipv4SourceAddress(@Nonnull final VppAce ace) {
- return extractIp4Address(
- extractV4SourceAddressOrNull(ace));
+ default byte[] ipv4SourceAddress(@Nonnull final Matches matches) {
+ return extractIp4Address(extractV4SourceAddressOrNull(matches));
}
- default byte ipv4SourceAddressPrefix(@Nonnull final VppAce ace) {
- return extractIp4AddressPrefix(
- extractV4SourceAddressOrNull(ace));
+ default byte ipv4SourceAddressPrefix(@Nonnull final Matches matches) {
+ return extractIp4AddressPrefix(extractV4SourceAddressOrNull(matches));
}
- static Ipv4Prefix extractV4SourceAddressOrNull(@Nonnull final VppAce ace) {
- return Optional.ofNullable(ace.getVppAceNodes())
- .map(VppAceNodes::getAceIpVersion)
- .map(AclIpv4HeaderFields.class::cast)
- .map(AclIpv4HeaderFields::getSourceIpv4Network)
+ static Ipv4Prefix extractV4SourceAddressOrNull(@Nonnull final Matches matches) {
+ return getIpv4Optional(matches)
+ .map(AclIpv4HeaderFields::getSourceNetwork)
+ .filter(network -> network instanceof SourceIpv4Network)
+ .map(SourceIpv4Network.class::cast)
+ .map(SourceIpv4Network::getSourceIpv4Network)
.orElse(null);
}
- default byte[] ipv4DestinationAddress(@Nonnull final VppAce ace) {
- return extractIp4Address(extractV4DestinationAddressOrNull(ace));
+ default byte[] ipv4DestinationAddress(@Nonnull final Matches matches) {
+ return extractIp4Address(extractV4DestinationAddressOrNull(matches));
}
- default byte ipv4DestinationAddressPrefix(@Nonnull final VppAce ace) {
- return extractIp4AddressPrefix(extractV4DestinationAddressOrNull(ace));
+ default byte ipv4DestinationAddressPrefix(@Nonnull final Matches matches) {
+ return extractIp4AddressPrefix(extractV4DestinationAddressOrNull(matches));
}
- static Ipv4Prefix extractV4DestinationAddressOrNull(@Nonnull final VppAce ace) {
- return Optional.ofNullable(ace.getVppAceNodes())
- .map(VppAceNodes::getAceIpVersion)
- .map(AclIpv4HeaderFields.class::cast)
- .map(AclIpv4HeaderFields::getDestinationIpv4Network)
+ static Ipv4Prefix extractV4DestinationAddressOrNull(@Nonnull final Matches matches) {
+ return getIpv4Optional(matches)
+ .map(AclIpv4HeaderFields::getDestinationNetwork)
+ .filter(destinationNetwork -> destinationNetwork instanceof DestinationIpv4Network)
+ .map(DestinationIpv4Network.class::cast)
+ .map(DestinationIpv4Network::getDestinationIpv4Network)
.orElse(null);
}
- default byte[] ipv6SourceAddress(@Nonnull final VppAce ace) {
- return extractIp6Address(extractV6SourceAddressOrNull(ace));
+ static Optional<org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l3.ipv4.Ipv4> getIpv4Optional(
+ @Nonnull final Matches matches) {
+ return Optional.ofNullable(matches.getL3())
+ .filter(l3 -> l3.getImplementedInterface().equals(Ipv4.class))
+ .map(Ipv4.class::cast)
+ .map(Ipv4::getIpv4);
+ }
+
+ default byte[] ipv6SourceAddress(@Nonnull final Matches matches) {
+ return extractIp6Address(extractV6SourceAddressOrNull(matches));
}
- default byte ipv6SourceAddressPrefix(@Nonnull final VppAce ace) {
- return extractIp6AddressPrefix(extractV6SourceAddressOrNull(ace));
+ default byte ipv6SourceAddressPrefix(@Nonnull final Matches matches) {
+ return extractIp6AddressPrefix(extractV6SourceAddressOrNull(matches));
}
- static Ipv6Prefix extractV6SourceAddressOrNull(@Nonnull final VppAce ace) {
- return Optional.ofNullable(ace.getVppAceNodes())
- .map(VppAceNodes::getAceIpVersion)
- .map(AclIpv6HeaderFields.class::cast)
- .map(AclIpv6HeaderFields::getSourceIpv6Network)
+ static Ipv6Prefix extractV6SourceAddressOrNull(@Nonnull final Matches matches) {
+ return getIpv6Optional(matches)
+ .map(AclIpv6HeaderFields::getSourceNetwork)
+ .filter(sourceNetwork -> sourceNetwork instanceof SourceIpv6Network)
+ .map(SourceIpv6Network.class::cast)
+ .map(SourceIpv6Network::getSourceIpv6Network)
.orElse(null);
}
- default byte[] ipv6DestinationAddress(@Nonnull final VppAce ace) {
- return extractIp6Address(extractV6DestinationAddressOrNull(ace));
+ default byte[] ipv6DestinationAddress(@Nonnull final Matches matches) {
+ return extractIp6Address(extractV6DestinationAddressOrNull(matches));
}
- default byte ipv6DestinationAddressPrefix(@Nonnull final VppAce ace) {
- return extractIp6AddressPrefix(extractV6DestinationAddressOrNull(ace));
+ default byte ipv6DestinationAddressPrefix(@Nonnull final Matches matches) {
+ return extractIp6AddressPrefix(extractV6DestinationAddressOrNull(matches));
}
- static Ipv6Prefix extractV6DestinationAddressOrNull(@Nonnull final VppAce ace) {
- return Optional.ofNullable(ace.getVppAceNodes())
- .map(VppAceNodes::getAceIpVersion)
- .map(AclIpv6HeaderFields.class::cast)
- .map(AclIpv6HeaderFields::getDestinationIpv6Network)
+ static Ipv6Prefix extractV6DestinationAddressOrNull(@Nonnull final Matches matches) {
+ return getIpv6Optional(matches)
+ .map(AclIpv6HeaderFields::getDestinationNetwork)
+ .filter(destinationNetwork -> destinationNetwork instanceof DestinationIpv6Network)
+ .map(DestinationIpv6Network.class::cast)
+ .map(DestinationIpv6Network::getDestinationIpv6Network)
.orElse(null);
}
+ static Optional<org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l3.ipv6.Ipv6> getIpv6Optional(
+ @Nonnull final Matches matches) {
+ return Optional.ofNullable(matches.getL3())
+ .filter(l3 -> l3.getImplementedInterface().equals(Ipv6.class))
+ .map(Ipv6.class::cast)
+ .map(Ipv6::getIpv6);
+ }
+
default byte standardAction(@Nonnull final Ace ace) {
- // default == deny
- final PacketHandling action = Optional.ofNullable(ace.getActions())
+ Class<? extends ForwardingAction> forwarding = Optional.ofNullable(ace.getActions())
.orElseThrow(() -> new IllegalArgumentException(String.format("Unable to extract Action from %s", ace)))
- .getPacketHandling();
+ .getForwarding();
return ACTION_VALUE_PAIRS.get(ACTION_VALUE_PAIRS.keySet().stream()
- .filter(aClass -> aClass.isInstance(action))
+ .filter(aClass -> aClass.equals(forwarding))
.findAny()
.orElseThrow(() -> new IllegalArgumentException(
- String.format("Unsupported packet-handling action %s for ACE %s", action,
- ace.getRuleName())))).byteValue();
+ String.format("Unsupported packet-handling action %s for ACE %s", forwarding,
+ ace.getName())))).byteValue();
}
- default AceIpVersion ipVersion(@Nonnull final AclRule rule) {
+ default L3 parseStandardAceL3(@Nonnull final AclRule rule) {
if (rule.isIpv6 == 0) {
return ip4Ace(rule);
} else {
}
}
- default AceIpVersion ip4Ace(@Nonnull final AclRule rule) {
- final AceIpv4Builder ipVersion = new AceIpv4Builder();
+ default org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l3.Ipv4 ip4Ace(
+ @Nonnull final AclRule rule) {
+ Ipv4Builder ipv4Builder = new Ipv4Builder();
+ org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l3.ipv4.Ipv4Builder
+ ip4Builder =
+ new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l3.ipv4.Ipv4Builder();
if (rule.srcIpAddr != null && rule.srcIpAddr.length != 0) {
- ipVersion.setSourceIpv4Network(toIpv4Prefix(truncateIp4Array(rule.srcIpAddr), rule.srcIpPrefixLen));
+ ip4Builder.setSourceNetwork(new SourceIpv4NetworkBuilder()
+ .setSourceIpv4Network(toIpv4Prefix(truncateIp4Array(rule.srcIpAddr), rule.srcIpPrefixLen))
+ .build());
}
if (rule.dstIpAddr != null && rule.dstIpAddr.length != 0) {
- ipVersion.setDestinationIpv4Network(toIpv4Prefix(truncateIp4Array(rule.dstIpAddr), rule.dstIpPrefixLen));
+ ip4Builder.setDestinationNetwork(new DestinationIpv4NetworkBuilder()
+ .setDestinationIpv4Network(toIpv4Prefix(truncateIp4Array(rule.dstIpAddr), rule.dstIpPrefixLen))
+ .build());
}
- return ipVersion.build();
+ return ipv4Builder.setIpv4(ip4Builder.build()).build();
}
- default AceIpVersion ip6Ace(@Nonnull final AclRule rule) {
- final AceIpv6Builder ipVersion = new AceIpv6Builder();
+ default org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l3.Ipv6 ip6Ace(
+ @Nonnull final AclRule rule) {
+ Ipv6Builder ipv6Builder = new Ipv6Builder();
+ org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l3.ipv6.Ipv6Builder
+ ip6Builder =
+ new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l3.ipv6.Ipv6Builder();
+
if (rule.srcIpAddr != null && rule.srcIpAddr.length != 0) {
- ipVersion.setSourceIpv6Network(toIpv6Prefix(rule.srcIpAddr, rule.srcIpPrefixLen));
+ ip6Builder.setSourceNetwork(new SourceIpv6NetworkBuilder()
+ .setSourceIpv6Network(toIpv6Prefix(rule.srcIpAddr, rule.srcIpPrefixLen))
+ .build());
}
if (rule.dstIpAddr != null && rule.dstIpAddr.length != 0) {
- ipVersion.setDestinationIpv6Network(toIpv6Prefix(rule.dstIpAddr, rule.dstIpPrefixLen));
+ ip6Builder.setDestinationNetwork(new DestinationIpv6NetworkBuilder()
+ .setDestinationIpv6Network(toIpv6Prefix(rule.dstIpAddr, rule.dstIpPrefixLen))
+ .build());
}
- return ipVersion.build();
+ return ipv6Builder.setIpv6(ip6Builder.build()).build();
}
default Actions actions(final byte isPermit) {
final ActionsBuilder actions = new ActionsBuilder();
switch (isPermit) {
case 0:
- actions.setPacketHandling(new DenyBuilder().setDeny(true).build());
+ actions.setForwarding(Drop.class);
break;
case 1:
- actions.setPacketHandling(new PermitBuilder().setPermit(true).build());
- break;
- case 2:
- actions.setPacketHandling(new StatefulBuilder().setPermitAndReflect(true).build());
+ actions.setForwarding(Accept.class);
break;
+
default:
throw new IllegalArgumentException("Unsupported action: " + isPermit);
}
package io.fd.hc2vpp.acl.util.acl;
+import com.google.common.base.Preconditions;
+import io.fd.hc2vpp.acl.write.AclValidator;
import java.nio.charset.StandardCharsets;
import java.util.List;
import java.util.Optional;
import javax.annotation.Nonnull;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.Acl;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.Ace;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.ace.Matches;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.VppAclAugmentation;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.access.lists.acl.access.list.entries.ace.matches.ace.type.VppAce;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.access.lists.acl.access.list.entries.ace.matches.ace.type.VppMacipAce;
+import org.opendaylight.yang.gen.v1.http.fd.io.hc2vpp.yang.vpp.acl.rev181022.VppAcl;
+import org.opendaylight.yang.gen.v1.http.fd.io.hc2vpp.yang.vpp.acl.rev181022.VppAclAugmentation;
+import org.opendaylight.yang.gen.v1.http.fd.io.hc2vpp.yang.vpp.acl.rev181022.VppMacipAcl;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.AclBase;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.Ipv4AclType;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.Acl;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.Ace;
/**
* Extracts data from Acls.
public interface AclDataExtractor {
/**
- * Checks if provided {@link Acl} has aces of type {@link VppAce}
+ * Checks if provided {@link Acl} has aces of type {@link Ipv4AclType} or {@link VppAcl}
*/
default boolean isStandardAcl(@Nonnull final Acl acl) {
- return acl.getAccessListEntries().getAce().stream()
- .map(Ace::getMatches)
- .map(Matches::getAceType)
- .filter(aceType -> aceType instanceof VppAce)
- .findAny()
- .isPresent();
+ Class<? extends AclBase> type =
+ Preconditions.checkNotNull(acl.getType(), "Type is not set for ACL:{}", acl);
+ return type.equals(VppAcl.class);
}
/**
- * Checks if provided {@link Acl} has aces of type {@link VppMacipAce}
+ * Checks if provided {@link Acl} has aces of type {@link VppMacipAcl}
*/
default boolean isMacIpAcl(@Nonnull final Acl acl) {
- return acl.getAccessListEntries().getAce().stream()
- .map(Ace::getMatches)
- .map(Matches::getAceType)
- .filter(aceType -> aceType instanceof VppMacipAce)
- .findAny()
- .isPresent();
+ Class<? extends AclBase> type =
+ Preconditions.checkNotNull(acl.getType(), "Type is not set for ACL:{}", acl);
+ return type.equals(VppMacipAcl.class);
}
default List<Ace> getAces(@Nonnull final Acl acl) {
- return Optional.ofNullable(acl.getAccessListEntries()).orElseThrow(() ->
+ return Optional.ofNullable(acl.getAces()).orElseThrow(() ->
new IllegalArgumentException(String.format("Unable to extract aces from %s", acl))).getAce();
}
+++ /dev/null
-/*
- * Copyright (c) 2017 Cisco and/or its affiliates.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at:
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package io.fd.hc2vpp.acl.util.factory;
-
-import com.google.common.collect.ImmutableSet;
-import java.util.Set;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.Acl;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.AccessListEntries;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.Ace;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.ace.Actions;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.ace.Matches;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev160708.acl.transport.header.fields.DestinationPortRange;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev160708.acl.transport.header.fields.SourcePortRange;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.VppAclAugmentation;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.access.lists.acl.access.list.entries.ace.matches.ace.type.vpp.ace.VppAceNodes;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.access.lists.acl.access.list.entries.ace.matches.ace.type.vpp.macip.ace.VppMacipAceNodes;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.acl.icmp.header.fields.IcmpCodeRange;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.acl.icmp.header.fields.IcmpTypeRange;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.acl.ip.protocol.header.fields.ip.protocol.icmp.IcmpNodes;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.acl.ip.protocol.header.fields.ip.protocol.icmp.v6.IcmpV6Nodes;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.acl.ip.protocol.header.fields.ip.protocol.other.OtherNodes;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.acl.ip.protocol.header.fields.ip.protocol.tcp.TcpNodes;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.acl.ip.protocol.header.fields.ip.protocol.udp.UdpNodes;
-import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
-
-public interface AclFactory {
-
- default Set<InstanceIdentifier<?>> vppAclChildren(final InstanceIdentifier<Acl> parentId) {
- final InstanceIdentifier<Matches> matchesIid =
- parentId.child(AccessListEntries.class).child(Ace.class).child(Matches.class);
- return ImmutableSet.of(
- parentId.augmentation(VppAclAugmentation.class),
- parentId.child(AccessListEntries.class),
- parentId.child(AccessListEntries.class).child(Ace.class),
- parentId.child(AccessListEntries.class).child(Ace.class).child(Matches.class),
- parentId.child(AccessListEntries.class).child(Ace.class).child(Actions.class),
- matchesIid,
- matchesIid.child(VppMacipAceNodes.class),
- matchesIid.child(VppAceNodes.class),
- matchesIid.child(VppAceNodes.class).child(IcmpNodes.class),
- matchesIid.child(VppAceNodes.class).child(IcmpNodes.class).child(IcmpCodeRange.class),
- matchesIid.child(VppAceNodes.class).child(IcmpNodes.class).child(IcmpTypeRange.class),
- matchesIid.child(VppAceNodes.class).child(IcmpV6Nodes.class),
- matchesIid.child(VppAceNodes.class).child(IcmpV6Nodes.class).child(IcmpCodeRange.class),
- matchesIid.child(VppAceNodes.class).child(IcmpV6Nodes.class).child(IcmpTypeRange.class),
- matchesIid.child(VppAceNodes.class).child(UdpNodes.class),
- matchesIid.child(VppAceNodes.class).child(UdpNodes.class).child(SourcePortRange.class),
- matchesIid.child(VppAceNodes.class).child(UdpNodes.class).child(DestinationPortRange.class),
- matchesIid.child(VppAceNodes.class).child(TcpNodes.class),
- matchesIid.child(VppAceNodes.class).child(TcpNodes.class).child(SourcePortRange.class),
- matchesIid.child(VppAceNodes.class).child(TcpNodes.class).child(DestinationPortRange.class),
- matchesIid.child(VppAceNodes.class).child(OtherNodes.class)
-
- );
- }
-
-}
import static io.fd.hc2vpp.acl.util.protocol.ProtoPreBindRuleProducer.TCP_INDEX;
import static io.fd.hc2vpp.acl.util.protocol.ProtoPreBindRuleProducer.UDP_INDEX;
+import com.google.common.annotations.VisibleForTesting;
import io.fd.vpp.jvpp.acl.types.AclRule;
+import org.opendaylight.yang.gen.v1.http.fd.io.hc2vpp.yang.vpp.acl.rev181022.VppIcmpAceAugmentation;
+import org.opendaylight.yang.gen.v1.http.fd.io.hc2vpp.yang.vpp.acl.rev181022.VppIcmpAceAugmentationBuilder;
+import org.opendaylight.yang.gen.v1.http.fd.io.hc2vpp.yang.vpp.acl.rev181022.VppTcpAceAugmentation;
+import org.opendaylight.yang.gen.v1.http.fd.io.hc2vpp.yang.vpp.acl.rev181022.VppTcpAceAugmentationBuilder;
+import org.opendaylight.yang.gen.v1.http.fd.io.hc2vpp.yang.vpp.acl.rev181022.acl.icmp.header.fields.IcmpCodeRange;
+import org.opendaylight.yang.gen.v1.http.fd.io.hc2vpp.yang.vpp.acl.rev181022.acl.icmp.header.fields.IcmpCodeRangeBuilder;
+import org.opendaylight.yang.gen.v1.http.fd.io.hc2vpp.yang.vpp.acl.rev181022.acl.icmp.header.fields.IcmpTypeRange;
+import org.opendaylight.yang.gen.v1.http.fd.io.hc2vpp.yang.vpp.acl.rev181022.acl.icmp.header.fields.IcmpTypeRangeBuilder;
+import org.opendaylight.yang.gen.v1.http.fd.io.hc2vpp.yang.vpp.acl.rev181022.acls.acl.aces.ace.matches.l4.icmp.icmp.VppIcmpAceBuilder;
+import org.opendaylight.yang.gen.v1.http.fd.io.hc2vpp.yang.vpp.acl.rev181022.acls.acl.aces.ace.matches.l4.tcp.tcp.VppTcpAceBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.L4;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l4.Icmp;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l4.IcmpBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l4.Tcp;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l4.TcpBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l4.Udp;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l4.UdpBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l4.tcp.tcp.DestinationPortBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l4.tcp.tcp.SourcePortBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l4.tcp.tcp.source.port.source.port.RangeOrOperatorBuilder;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.PortNumber;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev160708.acl.transport.header.fields.DestinationPortRange;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev160708.acl.transport.header.fields.DestinationPortRangeBuilder;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev160708.acl.transport.header.fields.SourcePortRange;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev160708.acl.transport.header.fields.SourcePortRangeBuilder;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.acl.icmp.header.fields.IcmpCodeRange;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.acl.icmp.header.fields.IcmpCodeRangeBuilder;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.acl.icmp.header.fields.IcmpTypeRange;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.acl.icmp.header.fields.IcmpTypeRangeBuilder;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.acl.ip.protocol.header.fields.IpProtocol;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.acl.ip.protocol.header.fields.ip.protocol.Icmp;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.acl.ip.protocol.header.fields.ip.protocol.IcmpBuilder;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.acl.ip.protocol.header.fields.ip.protocol.IcmpV6;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.acl.ip.protocol.header.fields.ip.protocol.IcmpV6Builder;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.acl.ip.protocol.header.fields.ip.protocol.Other;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.acl.ip.protocol.header.fields.ip.protocol.OtherBuilder;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.acl.ip.protocol.header.fields.ip.protocol.Tcp;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.acl.ip.protocol.header.fields.ip.protocol.TcpBuilder;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.acl.ip.protocol.header.fields.ip.protocol.Udp;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.acl.ip.protocol.header.fields.ip.protocol.UdpBuilder;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.acl.ip.protocol.header.fields.ip.protocol.icmp.IcmpNodesBuilder;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.acl.ip.protocol.header.fields.ip.protocol.icmp.v6.IcmpV6NodesBuilder;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.acl.ip.protocol.header.fields.ip.protocol.other.OtherNodesBuilder;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.acl.ip.protocol.header.fields.ip.protocol.tcp.TcpNodesBuilder;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.acl.ip.protocol.header.fields.ip.protocol.udp.UdpNodesBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev181001.AclTcpHeaderFields;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev181001.port.range.or.operator.PortRangeOrOperator;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev181001.port.range.or.operator.port.range.or.operator.Range;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev181001.port.range.or.operator.port.range.or.operator.RangeBuilder;
/**
* Utility for parsing IpProtocol DO based on data returned by vpp as {@link AclRule}.
*/
public interface IpProtocolReader {
- default IpProtocol parseProtocol(final AclRule rule) {
+ default L4 parseProtocol(final AclRule rule) {
switch (rule.proto) {
+ case ICMPV6_INDEX:
case ICMP_INDEX: {
return Impl.parseIcmp(rule);
}
case UDP_INDEX: {
return Impl.parseUdp(rule);
}
-
- case ICMPV6_INDEX: {
- return Impl.parseIcmp6(rule);
- }
- default: {
- return Impl.parse(rule);
- }
}
+ return null;
}
class Impl {
}
private static Icmp parseIcmp(final AclRule rule) {
- final IcmpNodesBuilder nodes = new IcmpNodesBuilder();
- nodes.setIcmpCodeRange(parseIcmpCodeRange(rule));
- nodes.setIcmpTypeRange(parseIcmpTypeRange(rule));
- return new IcmpBuilder().setIcmpNodes(nodes.build()).build();
+ return new IcmpBuilder().setIcmp(
+ new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l4.icmp.IcmpBuilder()
+ .addAugmentation(VppIcmpAceAugmentation.class,
+ new VppIcmpAceAugmentationBuilder()
+ .setVppIcmpAce(new VppIcmpAceBuilder()
+ .setIcmpCodeRange(parseIcmpCodeRange(rule))
+ .setIcmpTypeRange(parseIcmpTypeRange(rule))
+ .build())
+ .build())
+ .build())
+ .build();
}
- private static DestinationPortRange parseDstPortRange(final AclRule rule) {
- return new DestinationPortRangeBuilder()
- .setLowerPort(new PortNumber(Short.toUnsignedInt(rule.dstportOrIcmpcodeFirst)))
- .setUpperPort(new PortNumber(Short.toUnsignedInt(rule.dstportOrIcmpcodeLast))).build();
+ private static PortRangeOrOperator parseDstPortRange(final AclRule rule) {
+ return new RangeBuilder()
+ .setLowerPort(new PortNumber(Short.toUnsignedInt(rule.dstportOrIcmpcodeFirst)))
+ .setUpperPort(new PortNumber(Short.toUnsignedInt(rule.dstportOrIcmpcodeLast))).build();
}
- private static SourcePortRange parseSrcPortRange(final AclRule rule) {
- return new SourcePortRangeBuilder()
+ private static Range parseSrcPortRange(final AclRule rule) {
+ return new RangeBuilder()
.setLowerPort(new PortNumber(Short.toUnsignedInt(rule.srcportOrIcmptypeFirst)))
.setUpperPort(new PortNumber(Short.toUnsignedInt(rule.srcportOrIcmptypeLast))).build();
}
private static Tcp parseTcp(final AclRule rule) {
- final TcpNodesBuilder nodes = new TcpNodesBuilder();
- nodes.setDestinationPortRange(parseDstPortRange(rule));
- nodes.setSourcePortRange(parseSrcPortRange(rule));
- nodes.setTcpFlagsMask((short) Byte.toUnsignedInt(rule.tcpFlagsMask));
- nodes.setTcpFlagsValue((short) Byte.toUnsignedInt(rule.tcpFlagsValue));
- return new TcpBuilder().setTcpNodes(nodes.build()).build();
+ return new TcpBuilder().setTcp(
+ new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l4.tcp.TcpBuilder()
+ .setFlags(parseTcpFlags((short) Byte.toUnsignedInt(rule.tcpFlagsValue)))
+ .addAugmentation(VppTcpAceAugmentation.class, new VppTcpAceAugmentationBuilder()
+ .setVppTcpAce(new VppTcpAceBuilder()
+ .setFlagsMask(
+ parseTcpFlagsMask((short) Byte.toUnsignedInt(rule.tcpFlagsMask)))
+ .build())
+ .build())
+ .setSourcePort(new SourcePortBuilder()
+ .setSourcePort(new RangeOrOperatorBuilder()
+ .setPortRangeOrOperator(parseSrcPortRange(rule))
+ .build())
+ .build())
+ .setDestinationPort(new DestinationPortBuilder()
+ .setDestinationPort(
+ new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l4.tcp.tcp.destination.port.destination.port.RangeOrOperatorBuilder()
+ .setPortRangeOrOperator(parseDstPortRange(rule))
+ .build())
+ .build())
+ .build())
+ .build();
}
- private static Udp parseUdp(final AclRule rule) {
- final UdpNodesBuilder nodes = new UdpNodesBuilder();
- nodes.setDestinationPortRange(parseDstPortRange(rule));
- nodes.setSourcePortRange(parseSrcPortRange(rule));
- return new UdpBuilder().setUdpNodes(nodes.build()).build();
+ @VisibleForTesting
+ private static org.opendaylight.yang.gen.v1.http.fd.io.hc2vpp.yang.vpp.acl.rev181022.AclTcpHeaderFields.FlagsMask parseTcpFlagsMask(
+ final short tcpFlagsMask) {
+ // Flags from bit on position 1 to 8
+ final Boolean cwr = (tcpFlagsMask & 0b00000001) == 1;
+ final Boolean ece = (tcpFlagsMask & 0b00000010) >> 1 == 1;
+ final Boolean urg = (tcpFlagsMask & 0b00000100) >> 2 == 1;
+ final Boolean ack = (tcpFlagsMask & 0b00001000) >> 3 == 1;
+ final Boolean psh = (tcpFlagsMask & 0b00010000) >> 4 == 1;
+ final Boolean rst = (tcpFlagsMask & 0b00100000) >> 5 == 1;
+ final Boolean syn = (tcpFlagsMask & 0b01000000) >> 6 == 1;
+ final Boolean fin = (tcpFlagsMask & 0b10000000) >> 7 == 1;
+
+ return new org.opendaylight.yang.gen.v1.http.fd.io.hc2vpp.yang.vpp.acl.rev181022.AclTcpHeaderFields.FlagsMask(
+ ack, cwr, ece, fin, psh, rst, syn, urg);
}
- private static IcmpV6 parseIcmp6(final AclRule rule) {
- final IcmpV6NodesBuilder nodes = new IcmpV6NodesBuilder();
- nodes.setIcmpCodeRange(parseIcmpCodeRange(rule));
- nodes.setIcmpTypeRange(parseIcmpTypeRange(rule));
- return new IcmpV6Builder().setIcmpV6Nodes(nodes.build()).build();
+ @VisibleForTesting
+ private static AclTcpHeaderFields.Flags parseTcpFlags(final short tcpFlagsValue) {
+ // Flags from bit on position 1 to 8
+ final Boolean cwr = (tcpFlagsValue & 0b00000001) == 1;
+ final Boolean ece = (tcpFlagsValue & 0b00000010) >> 1 == 1;
+ final Boolean urg = (tcpFlagsValue & 0b00000100) >> 2 == 1;
+ final Boolean ack = (tcpFlagsValue & 0b00001000) >> 3 == 1;
+ final Boolean psh = (tcpFlagsValue & 0b00010000) >> 4 == 1;
+ final Boolean rst = (tcpFlagsValue & 0b00100000) >> 5 == 1;
+ final Boolean syn = (tcpFlagsValue & 0b01000000) >> 6 == 1;
+ final Boolean fin = (tcpFlagsValue & 0b10000000) >> 7 == 1;
+
+ return new AclTcpHeaderFields.Flags(ack, cwr, ece, fin, psh, rst, syn, urg);
}
- private static Other parse(final AclRule rule) {
- final OtherNodesBuilder nodes = new OtherNodesBuilder();
- nodes.setProtocol((short) Short.toUnsignedInt(rule.proto));
- return new OtherBuilder().setOtherNodes(nodes.build()).build();
+ private static Udp parseUdp(final AclRule rule) {
+ return new UdpBuilder().setUdp(
+ new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l4.udp.UdpBuilder()
+ .setSourcePort(
+ new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l4.udp.udp.SourcePortBuilder()
+ .setSourcePort(
+ new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l4.udp.udp.source.port.source.port.RangeOrOperatorBuilder()
+ .setPortRangeOrOperator(parseSrcPortRange(rule))
+ .build())
+ .build())
+ .setDestinationPort(
+ new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l4.udp.udp.DestinationPortBuilder()
+ .setDestinationPort(
+ new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l4.udp.udp.destination.port.destination.port.RangeOrOperatorBuilder()
+ .setPortRangeOrOperator(parseDstPortRange(rule))
+ .build())
+ .build())
+ .build())
+ .build();
}
}
}
package io.fd.hc2vpp.acl.util.protocol;
-import static com.google.common.base.Preconditions.checkArgument;
-import static io.fd.hc2vpp.acl.util.protocol.ProtoPreBindRuleProducer.ProtocolPair.pair;
-
-import com.google.common.collect.ImmutableSet;
+import com.google.common.base.Preconditions;
import io.fd.vpp.jvpp.acl.types.AclRule;
-import java.util.Optional;
-import java.util.Set;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
+import org.opendaylight.yang.gen.v1.http.fd.io.hc2vpp.yang.vpp.acl.rev181022.ValueRange;
+import org.opendaylight.yang.gen.v1.http.fd.io.hc2vpp.yang.vpp.acl.rev181022.VppIcmpAceAugmentation;
+import org.opendaylight.yang.gen.v1.http.fd.io.hc2vpp.yang.vpp.acl.rev181022.VppTcpAceAugmentation;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.Ace;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.L4;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l3.Ipv6;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l4.icmp.Icmp;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l4.tcp.Tcp;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l4.tcp.tcp.destination.port.DestinationPort;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l4.tcp.tcp.source.port.SourcePort;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l4.tcp.tcp.source.port.source.port.RangeOrOperator;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l4.udp.Udp;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.PortNumber;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev160708.acl.transport.header.fields.DestinationPortRange;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev160708.acl.transport.header.fields.SourcePortRange;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.ValueRange;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.access.lists.acl.access.list.entries.ace.matches.ace.type.VppAce;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.access.lists.acl.access.list.entries.ace.matches.ace.type.vpp.ace.VppAceNodes;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.acl.ip.protocol.header.fields.IpProtocol;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.acl.ip.protocol.header.fields.ip.protocol.Icmp;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.acl.ip.protocol.header.fields.ip.protocol.IcmpV6;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.acl.ip.protocol.header.fields.ip.protocol.Other;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.acl.ip.protocol.header.fields.ip.protocol.Tcp;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.acl.ip.protocol.header.fields.ip.protocol.Udp;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.acl.ip.protocol.header.fields.ip.protocol.icmp.IcmpNodes;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.acl.ip.protocol.header.fields.ip.protocol.icmp.v6.IcmpV6Nodes;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.acl.ip.protocol.header.fields.ip.protocol.tcp.TcpNodes;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.acl.ip.protocol.header.fields.ip.protocol.udp.UdpNodes;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev181001.AclTcpHeaderFields;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev181001.port.range.or.operator.PortRangeOrOperator;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev181001.port.range.or.operator.port.range.or.operator.Range;
+import org.opendaylight.yangtools.yang.binding.DataContainer;
/**
* Creates ACL rules pre-bind with protocol-related fields.<br>
int TCP_INDEX = 6;
int UDP_INDEX = 17;
int ICMPV6_INDEX = 58;
- short MAX_PORT_NUMBER = (short)65535;
-
- Set<ProtocolPair> PROTOCOL_PAIRS = ImmutableSet.of(pair(Icmp.class, ICMP_INDEX), pair(Tcp.class, TCP_INDEX),
- pair(Udp.class, UDP_INDEX), pair(IcmpV6.class, ICMPV6_INDEX));
-
- class ProtocolPair {
- private final Class<? extends IpProtocol> protocolClass;
- private final int index;
+ short MAX_PORT_NUMBER = (short) 65535;
- private ProtocolPair(final Class<? extends IpProtocol> protocolClass, final int index) {
- this.protocolClass = protocolClass;
- this.index = index;
- }
-
- static ProtocolPair pair(@Nonnull final Class<? extends IpProtocol> protocolClass, @Nonnull final int index) {
- return new ProtocolPair(protocolClass, index);
- }
+ static AclRule bindIcmpVppFields(AclRule rule, Icmp icmp) {
+ VppIcmpAceAugmentation vppIcmp = icmp.augmentation(VppIcmpAceAugmentation.class);
+ Preconditions.checkNotNull(vppIcmp.getVppIcmpAce(), "Cannot determine VPP ICMP attributes!");
+ final ValueRange typesRange = vppIcmp.getVppIcmpAce().getIcmpTypeRange();
+ final ValueRange codesRange = vppIcmp.getVppIcmpAce().getIcmpCodeRange();
- boolean match(@Nonnull final Class<? extends IpProtocol> protocolClass) {
- return this.protocolClass.isAssignableFrom(protocolClass);
+ if (typesRange != null) {
+ rule.srcportOrIcmptypeFirst = Preconditions.checkNotNull(typesRange.getFirst());
+ rule.srcportOrIcmptypeLast = Preconditions.checkNotNull(typesRange.getLast());
}
- int getIndex() {
- return this.index;
+ if (codesRange != null) {
+ rule.dstportOrIcmpcodeFirst = Preconditions.checkNotNull(codesRange.getFirst());
+ rule.dstportOrIcmpcodeLast = Preconditions.checkNotNull(codesRange.getLast());
}
- }
-
- static byte protocol(final IpProtocol ipProtocol) {
- final Optional<ProtocolPair> optPair = PROTOCOL_PAIRS.stream()
- .filter(protocolPair -> protocolPair.match(ipProtocol.getClass()))
- .findAny();
-
- if (!optPair.isPresent()) {
- if (Other.class.isAssignableFrom(ipProtocol.getClass())) {
- return Other.class.cast(ipProtocol).getOtherNodes().getProtocol().byteValue();
- }
-
- throw new IllegalArgumentException(String.format("Unsupported Protocol Type %s", ipProtocol.getClass()));
- }
- return (byte) optPair.get().getIndex();
- }
-
- static AclRule bindIcmpNodes(AclRule rule, VppAce ace) {
- final VppAceNodes vppAceNodes = ace.getVppAceNodes();
- checkArgument(vppAceNodes.getIpProtocol() instanceof Icmp);
- final IcmpNodes icmp = Icmp.class.cast(vppAceNodes.getIpProtocol()).getIcmpNodes();
- final ValueRange typesRange = icmp.getIcmpTypeRange();
- final ValueRange codesRange = icmp.getIcmpCodeRange();
-
- rule.srcportOrIcmptypeFirst = typesRange.getFirst();
- rule.srcportOrIcmptypeLast = typesRange.getLast();
- rule.dstportOrIcmpcodeFirst = codesRange.getFirst();
- rule.dstportOrIcmpcodeLast = codesRange.getLast();
return rule;
}
- static AclRule bindIcmpv6Nodes(AclRule rule, VppAce ace) {
- final VppAceNodes vppAceNodes = ace.getVppAceNodes();
- checkArgument(vppAceNodes.getIpProtocol() instanceof IcmpV6);
- final IcmpV6Nodes icmpV6 = IcmpV6.class.cast(vppAceNodes.getIpProtocol()).getIcmpV6Nodes();
- final ValueRange typesRange = icmpV6.getIcmpTypeRange();
- final ValueRange codesRange = icmpV6.getIcmpCodeRange();
-
- rule.srcportOrIcmptypeFirst = typesRange.getFirst();
- rule.srcportOrIcmptypeLast = typesRange.getLast();
- rule.dstportOrIcmpcodeFirst = codesRange.getFirst();
- rule.dstportOrIcmpcodeLast = codesRange.getLast();
-
- return rule;
- }
-
- static void bindSourcePortRange(@Nonnull final AclRule rule, @Nullable final SourcePortRange sourcePortRange) {
+ static void bindSourcePortRange(@Nonnull final AclRule rule, @Nullable final PortRangeOrOperator sourcePortRange) {
// allow all ports by default:
rule.srcportOrIcmptypeFirst = 0;
rule.srcportOrIcmptypeLast = MAX_PORT_NUMBER;
- if(sourcePortRange != null) {
+ if (sourcePortRange != null) {
// lower port is mandatory
- rule.srcportOrIcmptypeFirst = portNumber(sourcePortRange.getLowerPort());
+ Preconditions.checkArgument(sourcePortRange instanceof Range);
+ Range portRange = (Range) sourcePortRange;
+ Preconditions.checkNotNull(portRange.getLowerPort(), "Lower port is mandatory!");
+ rule.srcportOrIcmptypeFirst = portNumber(portRange.getLowerPort());
- if (sourcePortRange.getUpperPort() != null) {
- rule.srcportOrIcmptypeLast = portNumber(sourcePortRange.getUpperPort());
+ if (portRange.getUpperPort() != null) {
+ rule.srcportOrIcmptypeLast = portNumber(portRange.getUpperPort());
} else {
// if upper port is missing, set lower port value as end of checked range:
rule.srcportOrIcmptypeLast = rule.srcportOrIcmptypeFirst;
}
}
- static void bindDestinationPortRange(@Nonnull final AclRule rule, @Nullable final DestinationPortRange destinationPortRange) {
+ static void bindDestinationPortRange(@Nonnull final AclRule rule,
+ @Nullable final PortRangeOrOperator destinationPortRange) {
// allow all ports by default:
rule.dstportOrIcmpcodeFirst = 0;
rule.dstportOrIcmpcodeLast = MAX_PORT_NUMBER;
- if(destinationPortRange != null) {
+ if (destinationPortRange != null) {
// lower port is mandatory
- rule.dstportOrIcmpcodeFirst = portNumber(destinationPortRange.getLowerPort());
+ Preconditions.checkArgument(destinationPortRange instanceof Range);
+ Range portRange = (Range) destinationPortRange;
+ Preconditions.checkNotNull(portRange.getLowerPort(), "Lower port is mandatory!");
+ rule.dstportOrIcmpcodeFirst = portNumber(portRange.getLowerPort());
- if (destinationPortRange.getUpperPort() != null) {
- rule.dstportOrIcmpcodeLast = portNumber(destinationPortRange.getUpperPort());
+ if (portRange.getUpperPort() != null) {
+ rule.dstportOrIcmpcodeLast = portNumber(portRange.getUpperPort());
} else {
// if upper port is missing, set lower port value as end of checked range:
rule.dstportOrIcmpcodeLast = rule.dstportOrIcmpcodeFirst;
}
}
- static AclRule bindTcpNodes(AclRule rule, VppAce ace) {
- final VppAceNodes vppAceNodes = ace.getVppAceNodes();
- checkArgument(vppAceNodes.getIpProtocol() instanceof Tcp);
+ static AclRule bindTcpAttributes(AclRule rule, Tcp tcp) {
+ SourcePort srcPort = Preconditions.checkNotNull(tcp.getSourcePort()).getSourcePort();
+ if (srcPort instanceof RangeOrOperator) {
+ bindSourcePortRange(rule, ((RangeOrOperator) srcPort).getPortRangeOrOperator());
+ }
- final TcpNodes tcp = Tcp.class.cast(vppAceNodes.getIpProtocol()).getTcpNodes();
- bindSourcePortRange(rule, tcp.getSourcePortRange());
- bindDestinationPortRange(rule, tcp.getDestinationPortRange());
+ DestinationPort dstPort = Preconditions.checkNotNull(tcp.getDestinationPort()).getDestinationPort();
+ if (dstPort instanceof org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l4.tcp.tcp.destination.port.destination.port.RangeOrOperator) {
+ bindDestinationPortRange(rule,
+ ((org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l4.tcp.tcp.destination.port.destination.port.RangeOrOperator) dstPort)
+ .getPortRangeOrOperator());
+ }
+ AclTcpHeaderFields.Flags flags = tcp.getFlags();
- if(tcp.getTcpFlagsMask() != null) {
- rule.tcpFlagsMask = tcp.getTcpFlagsMask().byteValue();
+ if (flags != null) {
+ rule.tcpFlagsValue = parseTcpFlagsValue(flags);
}
- if(tcp.getTcpFlagsValue() != null) {
- rule.tcpFlagsValue = tcp.getTcpFlagsValue().byteValue();
+
+ VppTcpAceAugmentation vppTcpAceAugmentation = tcp.augmentation(VppTcpAceAugmentation.class);
+ if (vppTcpAceAugmentation != null && vppTcpAceAugmentation.getVppTcpAce() != null &&
+ vppTcpAceAugmentation.getVppTcpAce().getFlagsMask() != null) {
+ rule.tcpFlagsMask = parseTcpFlagsMask(vppTcpAceAugmentation.getVppTcpAce().getFlagsMask());
}
+
return rule;
}
- static AclRule bindUdpNodes(AclRule rule, VppAce ace) {
- final VppAceNodes vppAceNodes = ace.getVppAceNodes();
- checkArgument(vppAceNodes.getIpProtocol() instanceof Udp);
+ static byte parseTcpFlagsValue(AclTcpHeaderFields.Flags flags) {
+ int fin = flags.isFin() ? 1 : 0;
+ int syn = flags.isSyn() ? 1 : 0;
+ int rst = flags.isRst() ? 1 : 0;
+ int psh = flags.isPsh() ? 1 : 0;
+ int ack = flags.isAck() ? 1 : 0;
+ int urg = flags.isUrg() ? 1 : 0;
+ int ece = flags.isEce() ? 1 : 0;
+ int cwr = flags.isCwr() ? 1 : 0;
+ String strFlags = String.format("%d%d%d%d%d%d%d%d", fin, syn, rst, psh, ack, urg, ece, cwr);
+ return Byte.parseByte(strFlags, 2);
+ }
+
+ static byte parseTcpFlagsMask(
+ org.opendaylight.yang.gen.v1.http.fd.io.hc2vpp.yang.vpp.acl.rev181022.AclTcpHeaderFields.FlagsMask flags) {
+ int fin = flags.isFin() ? 1 : 0;
+ int syn = flags.isSyn() ? 1 : 0;
+ int rst = flags.isRst() ? 1 : 0;
+ int psh = flags.isPsh() ? 1 : 0;
+ int ack = flags.isAck() ? 1 : 0;
+ int urg = flags.isUrg() ? 1 : 0;
+ int ece = flags.isEce() ? 1 : 0;
+ int cwr = flags.isCwr() ? 1 : 0;
+ String strFlags = String.format("%d%d%d%d%d%d%d%d", fin, syn, rst, psh, ack, urg, ece, cwr);
+ return Byte.parseByte(strFlags, 2);
+ }
+
+ static AclRule bindUdpAttributes(AclRule rule, Udp udp) {
+ org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l4.udp.udp.source.port.SourcePort
+ srcPort = Preconditions.checkNotNull(udp.getSourcePort()).getSourcePort();
+
+ if (srcPort instanceof org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l4.udp.udp.source.port.source.port.RangeOrOperator) {
+ bindSourcePortRange(rule,
+ ((org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l4.udp.udp.source.port.source.port.RangeOrOperator) srcPort)
+ .getPortRangeOrOperator());
+ }
+
+ org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l4.udp.udp.destination.port.DestinationPort
+ dstPort = Preconditions.checkNotNull(udp.getDestinationPort()).getDestinationPort();
- final UdpNodes udp = Udp.class.cast(vppAceNodes.getIpProtocol()).getUdpNodes();
- bindSourcePortRange(rule, udp.getSourcePortRange());
- bindDestinationPortRange(rule, udp.getDestinationPortRange());
+ if (dstPort instanceof org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l4.udp.udp.destination.port.destination.port.RangeOrOperator) {
+ bindDestinationPortRange(rule,
+ ((org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l4.udp.udp.destination.port.destination.port.RangeOrOperator) dstPort)
+ .getPortRangeOrOperator());
+ }
return rule;
}
* @param vppAce rule to be processed
* @return AclRule with protocol filled protocol fields
*/
- default AclRule createPreBindRule(@Nonnull final VppAce vppAce) {
+ default AclRule createPreBindRule(@Nonnull final Ace vppAce) {
AclRule rule = new AclRule();
-
- final IpProtocol ipProtocol = vppAce.getVppAceNodes().getIpProtocol();
- if (ipProtocol == null) {
+ L4 l4 = Preconditions.checkNotNull(vppAce.getMatches(), "Matches are not defined for ACE: {}!", vppAce).getL4();
+ if (l4 == null) {
// returns AclRule with rule.proto set to 0 (protocol fields will be ignored by vpp)
return rule;
}
- rule.proto = protocol(ipProtocol);
-
- switch (rule.proto) {
- case ICMP_INDEX: {
- return bindIcmpNodes(rule, vppAce);
- }
-
- case TCP_INDEX: {
- return bindTcpNodes(rule, vppAce);
- }
-
- case UDP_INDEX: {
- return bindUdpNodes(rule, vppAce);
- }
+ if (l4.getImplementedInterface()
+ .equals(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l4.Icmp.class)) {
+ return getIcmpAclRule(vppAce, rule,
+ (org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l4.Icmp) l4);
+ } else if (l4.getImplementedInterface()
+ .equals(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l4.Tcp.class)) {
+ return getTcpAclRule(rule,
+ (org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l4.Tcp) l4);
+ } else if (l4.getImplementedInterface()
+ .equals(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l4.Udp.class)) {
+ return getUdpAclRule(rule,
+ (org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l4.Udp) l4);
+ } else {
+ return bindDefaultNodes(rule);
+ }
+ }
- case ICMPV6_INDEX: {
- return bindIcmpv6Nodes(rule, vppAce);
- }
- default: {
- return bindDefaultNodes(rule);
- }
+ default AclRule getIcmpAclRule(@Nonnull final Ace vppAce, final AclRule rule,
+ final org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l4.Icmp l4) {
+ if (vppAce.getMatches().getL3() == null) {
+ rule.proto = ICMP_INDEX;
+ } else {
+ Class<? extends DataContainer> ipVersion = vppAce.getMatches().getL3().getImplementedInterface();
+ rule.proto = (byte) (ipVersion.equals(Ipv6.class) ? ICMPV6_INDEX : ICMP_INDEX);
}
+ Icmp icmp = l4.getIcmp();
+ return icmp != null ? bindIcmpVppFields(rule, icmp) : bindDefaultNodes(rule);
}
+ default AclRule getUdpAclRule(final AclRule rule,
+ final org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l4.Udp l4) {
+ rule.proto = UDP_INDEX;
+ Udp udp = l4.getUdp();
+ return udp != null ? bindUdpAttributes(rule, udp) : bindDefaultNodes(rule);
+ }
+
+ default AclRule getTcpAclRule(final AclRule rule,
+ final org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l4.Tcp l4) {
+ rule.proto = TCP_INDEX;
+ Tcp tcp = l4.getTcp();
+ return tcp != null ? bindTcpAttributes(rule, tcp) : bindDefaultNodes(rule);
+ }
}
import io.fd.hc2vpp.acl.util.AclContextManager;
import io.fd.hc2vpp.acl.util.FutureJVppAclCustomizer;
import io.fd.hc2vpp.acl.util.acl.AclDataExtractor;
-import io.fd.hc2vpp.acl.util.acl.AclWriter;
-import io.fd.honeycomb.translate.MappingContext;
+import io.fd.hc2vpp.acl.write.request.AclAddReplaceRequest;
import io.fd.honeycomb.translate.spi.write.ListWriterCustomizer;
import io.fd.honeycomb.translate.write.WriteContext;
import io.fd.honeycomb.translate.write.WriteFailedException;
import io.fd.vpp.jvpp.acl.future.FutureJVppAclFacade;
import javax.annotation.Nonnull;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.Acl;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.AclKey;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.Acl;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.AclKey;
import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
-public class VppAclCustomizer extends FutureJVppAclCustomizer
- implements ListWriterCustomizer<Acl, AclKey>, AclDataExtractor, AclWriter {
+public class AclCustomizer extends FutureJVppAclCustomizer
+ implements ListWriterCustomizer<Acl, AclKey>, AclDataExtractor {
private final AclContextManager standardAclContext;
private final AclContextManager macIpAclContext;
- public VppAclCustomizer(@Nonnull final FutureJVppAclFacade jVppAclFacade,
- @Nonnull final AclContextManager standardAclContext,
- @Nonnull final AclContextManager macIpAclContext) {
+ public AclCustomizer(@Nonnull final FutureJVppAclFacade jVppAclFacade,
+ @Nonnull final AclContextManager standardAclContext,
+ @Nonnull final AclContextManager macIpAclContext) {
super(jVppAclFacade);
this.standardAclContext = standardAclContext;
this.macIpAclContext = macIpAclContext;
@Override
public void writeCurrentAttributes(@Nonnull final InstanceIdentifier<Acl> id, @Nonnull final Acl dataAfter,
@Nonnull final WriteContext writeContext) throws WriteFailedException {
- final MappingContext mappingContext = writeContext.getMappingContext();
-
+ AclAddReplaceRequest request = new AclAddReplaceRequest(getjVppAclFacade(), writeContext.getMappingContext());
if (isStandardAcl(dataAfter)) {
- addStandardAcl(getjVppAclFacade(), id, dataAfter, standardAclContext, mappingContext);
+ request.addStandardAcl(id, dataAfter, standardAclContext);
} else if (isMacIpAcl(dataAfter)) {
- addMacIpAcl(getjVppAclFacade(), id, dataAfter, macIpAclContext, mappingContext);
+ request.addMacIpAcl(id, dataAfter, macIpAclContext);
} else {
// double check, first one done by validation
throw new WriteFailedException.CreateFailedException(id, dataAfter,
public void updateCurrentAttributes(@Nonnull final InstanceIdentifier<Acl> id, @Nonnull final Acl dataBefore,
@Nonnull final Acl dataAfter, @Nonnull final WriteContext writeContext)
throws WriteFailedException {
- final MappingContext mappingContext = writeContext.getMappingContext();
+ AclAddReplaceRequest request = new AclAddReplaceRequest(getjVppAclFacade(), writeContext.getMappingContext());
if (isStandardAcl(dataAfter)) {
- updateStandardAcl(getjVppAclFacade(), id, dataAfter, standardAclContext, mappingContext);
+ request.updateStandardAcl(id, dataAfter, standardAclContext);
} else if (isMacIpAcl(dataAfter)) {
synchronized (macIpAclContext) {
// there is no direct support for update of mac-ip acl, but only one is allowed per interface
// so it is atomic from vpp standpoint. Enclosed in synchronized block to prevent issues with
// multiple threads managing naming context
- deleteMacIpAcl(getjVppAclFacade(), id, dataBefore, macIpAclContext, mappingContext);
- addMacIpAcl(getjVppAclFacade(), id, dataAfter, macIpAclContext, mappingContext);
+ request.deleteMacIpAcl(id, dataBefore, macIpAclContext);
+ request.addMacIpAcl(id, dataAfter, macIpAclContext);
}
} else {
// double check, first one done by validation
@Override
public void deleteCurrentAttributes(@Nonnull final InstanceIdentifier<Acl> id, @Nonnull final Acl dataBefore,
@Nonnull final WriteContext writeContext) throws WriteFailedException {
- final MappingContext mappingContext = writeContext.getMappingContext();
+ AclAddReplaceRequest request = new AclAddReplaceRequest(getjVppAclFacade(), writeContext.getMappingContext());
if (isStandardAcl(dataBefore)) {
- deleteStandardAcl(getjVppAclFacade(), id, dataBefore, standardAclContext, mappingContext);
+ request.deleteStandardAcl(id, dataBefore, standardAclContext);
} else if (isMacIpAcl(dataBefore)) {
- deleteMacIpAcl(getjVppAclFacade(), id, dataBefore, macIpAclContext, mappingContext);
+ request.deleteMacIpAcl(id, dataBefore, macIpAclContext);
} else {
// double check, first one done by validation
throw new WriteFailedException.DeleteFailedException(id,
--- /dev/null
+/*
+ * Copyright (c) 2018 Cisco and/or its affiliates.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.fd.hc2vpp.acl.write;
+
+import static com.google.common.base.Preconditions.checkArgument;
+import static com.google.common.base.Preconditions.checkState;
+
+import com.google.common.annotations.VisibleForTesting;
+import com.google.common.base.Optional;
+import com.google.common.base.Preconditions;
+import com.google.common.collect.ImmutableSet;
+import io.fd.hc2vpp.acl.AclIIds;
+import io.fd.hc2vpp.acl.util.acl.AclDataExtractor;
+import io.fd.honeycomb.translate.write.DataValidationFailedException.CreateValidationFailedException;
+import io.fd.honeycomb.translate.write.DataValidationFailedException.DeleteValidationFailedException;
+import io.fd.honeycomb.translate.write.DataValidationFailedException.UpdateValidationFailedException;
+import io.fd.honeycomb.translate.write.Validator;
+import io.fd.honeycomb.translate.write.WriteContext;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Objects;
+import java.util.Set;
+import java.util.stream.Collectors;
+import javax.annotation.Nonnull;
+import org.opendaylight.yang.gen.v1.http.fd.io.hc2vpp.yang.vpp.acl.rev181022.VppAcl;
+import org.opendaylight.yang.gen.v1.http.fd.io.hc2vpp.yang.vpp.acl.rev181022.VppMacipAcl;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.AclBase;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.Acl;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.AttachmentPoints;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.Aces;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.Ace;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.Matches;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.L3;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l2.Eth;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l3.Ipv4;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l3.Ipv6;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points.Interface;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points._interface.acl.AclSets;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points._interface.acl.acl.sets.AclSet;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev181001.acl.ipv4.header.fields.source.network.SourceIpv4Network;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev181001.acl.ipv6.header.fields.source.network.SourceIpv6Network;
+import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
+
+public final class AclValidator implements Validator<Acl>, AclDataExtractor {
+
+ private static final Set<Class<? extends AclBase>> SUPPORTED_ACL_TYPES =
+ ImmutableSet.of(VppAcl.class, VppMacipAcl.class);
+
+ @Override
+ public void validateWrite(final InstanceIdentifier<Acl> id, final Acl dataAfter, final WriteContext ctx)
+ throws CreateValidationFailedException {
+ try {
+ validateAcl(dataAfter);
+ } catch (RuntimeException e) {
+ throw new CreateValidationFailedException(id, dataAfter, e);
+ }
+ }
+
+ @Override
+ public void validateUpdate(final InstanceIdentifier<Acl> id, final Acl dataBefore, final Acl dataAfter,
+ final WriteContext ctx) throws UpdateValidationFailedException {
+ try {
+ validateAcl(dataAfter);
+ } catch (RuntimeException e) {
+ throw new UpdateValidationFailedException(id, dataBefore, dataAfter, e);
+ }
+ }
+
+ @Override
+ public void validateDelete(final InstanceIdentifier<Acl> id, final Acl dataBefore, final WriteContext ctx)
+ throws DeleteValidationFailedException {
+ try {
+ validateAcl(dataBefore);
+ final List<String> references = checkAclReferenced(ctx, dataBefore);
+ // references must be check, to not leave dead references in configuration
+ checkState(references.isEmpty(),
+ "%s cannot be removed, it is referenced in following interfaces %s", dataBefore, references);
+ } catch (RuntimeException e) {
+ throw new DeleteValidationFailedException(id, e);
+ }
+ }
+
+ private static void validateAcl(@Nonnull final Acl acl) {
+ hasAceList(acl);
+ isSupportedAclType(acl);
+ hasConsistentAceTypeForAclType(acl);
+ }
+
+ private static void hasAceList(final Acl acl) {
+ final Aces accessListEntries = acl.getAces();
+ checkArgument(accessListEntries != null, "The access-list-entries container is not defined.");
+ final List<Ace> ace = accessListEntries.getAce();
+ checkArgument(ace != null, "The ace list is not defined.");
+ checkArgument(!ace.isEmpty(), "The ace list is empty.");
+ }
+
+ private static void isSupportedAclType(final Acl acl) {
+ checkArgument(SUPPORTED_ACL_TYPES.contains(acl.getType()),
+ "Unsupported Acl type %s detected for acl %s, allowed types are %s", acl.getType(),
+ acl.getName(), SUPPORTED_ACL_TYPES);
+ }
+
+ private static void hasConsistentAceTypeForAclType(final Acl acl) {
+ Class<? extends AclBase> type = acl.getType();
+ Preconditions.checkNotNull(type, "Cannot resolve Acl type for validation of Acl: {}", acl);
+ Preconditions.checkNotNull(acl.getAces(), "ACEs are missing for validation of Acl: {}", acl);
+ Preconditions.checkNotNull(acl.getAces().getAce(), "List of ACEs is null for validation of Acl: {}", acl);
+ if (type.equals(VppAcl.class)) {
+ Set<Ace> unsupportedVppAcls =
+ acl.getAces().getAce().stream().filter(ace -> !isVppAce(ace)).collect(Collectors.toSet());
+ checkArgument(unsupportedVppAcls.isEmpty(), "Detected unsupported ace types [%s] for ACL %s",
+ unsupportedVppAcls, acl.getName());
+ }
+
+ if (type.equals(VppMacipAcl.class)) {
+ Set<Ace> unsupportedVppMacipAclAcls =
+ acl.getAces().getAce().stream().filter(ace -> !isVppMacipAclAce(ace)).collect(Collectors.toSet());
+ checkArgument(unsupportedVppMacipAclAcls.isEmpty(), "Detected unsupported ace types [%s] for ACL %s",
+ unsupportedVppMacipAclAcls, acl.getName());
+ }
+ }
+
+ private static boolean isVppMacipAclAce(final Ace ace) {
+ Matches matches = Preconditions
+ .checkNotNull(ace.getMatches(), "Cannot validate VppMacipAcl type for Ace: {}, matches are not defined",
+ ace);
+ if (matches.getL2() == null || !(matches.getL2() instanceof Eth)) {
+ return false;
+ }
+
+ org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l2.eth.Eth
+ eth = ((Eth) matches.getL2()).getEth();
+ if (eth == null) {
+ return false;
+ }
+
+ return true;
+ }
+
+ private static boolean isVppAce(final Ace ace) {
+ Matches matches = Preconditions
+ .checkNotNull(ace.getMatches(), "Cannot validate VppMacipAcl type for Ace: {}, matches are not defined",
+ ace);
+ L3 l3 = matches.getL3();
+ if (l3 == null || (!(l3 instanceof Ipv4)) && (!(l3 instanceof Ipv6))) {
+ return false;
+ }
+
+ if (l3 instanceof Ipv4) {
+ org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l3.ipv4.Ipv4
+ ipv4 = ((Ipv4) l3).getIpv4();
+ if (ipv4 == null || ipv4.getSourceNetwork() == null ||
+ !(ipv4.getSourceNetwork() instanceof SourceIpv4Network)) {
+ return false;
+ }
+ }
+
+ if (l3 instanceof Ipv6) {
+ org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l3.ipv6.Ipv6
+ ipv6 = ((Ipv6) l3).getIpv6();
+ if (ipv6 == null || ipv6.getSourceNetwork() == null ||
+ !(ipv6.getSourceNetwork() instanceof SourceIpv6Network)) {
+ return false;
+ }
+ }
+
+ return true;
+ }
+
+ @VisibleForTesting
+ static List<String> checkAclReferenced(@Nonnull final WriteContext writeContext, @Nonnull final Acl acl) {
+ Preconditions.checkNotNull(acl.getType(), "Cannot validate acl: {}, type is not set.", acl);
+ if (!acl.getType().equals(VppAcl.class) && !acl.getType().equals(VppMacipAcl.class)) {
+ throw new IllegalArgumentException(String.format("Acl type %s not supported", acl.getType()));
+ }
+
+ Optional<AttachmentPoints> attachmentPointsOpt = writeContext.readAfter(AclIIds.ACLS_AP);
+ if (!attachmentPointsOpt.isPresent() || attachmentPointsOpt.get().getInterface() == null) {
+ return Collections.emptyList();
+ }
+
+ final List<Interface> interfaces = attachmentPointsOpt.get().getInterface();
+ if (interfaces == null) {
+ return Collections.emptyList();
+ }
+ final String aclName = acl.getName();
+
+ HashMap<String, AclSets> sets = getIngressAclSets(interfaces);
+ sets.putAll(getEgressAclSets(interfaces));
+ List<String> referencedIfcs = new ArrayList<>();
+ sets.forEach((ifc, aclSets) -> {
+ if (aclSets.getAclSet() != null) {
+ if (aclSets.getAclSet().stream()
+ .map(AclSet::getName)
+ .filter(Objects::nonNull)
+ .anyMatch(name -> name.equalsIgnoreCase(aclName))) {
+ referencedIfcs.add(ifc);
+ }
+ }
+ });
+ return referencedIfcs.stream().distinct().collect(Collectors.toList());
+ }
+
+ private static HashMap<String, AclSets> getEgressAclSets(final List<Interface> interfaces) {
+ HashMap<String, AclSets> map = new HashMap<>();
+ interfaces.stream().filter(anInterface -> anInterface.getEgress() != null)
+ .forEach(anInterface -> map.put(anInterface.getInterfaceId(), anInterface.getEgress().getAclSets()));
+ return map;
+ }
+
+ private static HashMap<String, AclSets> getIngressAclSets(final List<Interface> interfaces) {
+ HashMap<String, AclSets> map = new HashMap<>();
+ interfaces.stream().filter(anInterface -> anInterface.getIngress() != null)
+ .forEach(anInterface -> map.put(anInterface.getInterfaceId(), anInterface.getIngress().getAclSets()));
+ return map;
+ }
+}
package io.fd.hc2vpp.acl.write;
+import static io.fd.hc2vpp.acl.write.request.MacIpInterfaceAssignmentRequest.deleteExisting;
import static java.util.stream.Collectors.toList;
import io.fd.hc2vpp.acl.util.AclContextManager;
import io.fd.hc2vpp.acl.util.FutureJVppAclCustomizer;
-import io.fd.hc2vpp.acl.util.iface.acl.AclInterfaceAssignmentRequest;
+import io.fd.hc2vpp.acl.write.request.AclInterfaceAssignmentRequest;
+import io.fd.hc2vpp.acl.write.request.MacIpInterfaceAssignmentRequest;
import io.fd.hc2vpp.common.translate.util.NamingContext;
+import io.fd.honeycomb.translate.MappingContext;
import io.fd.honeycomb.translate.spi.write.WriterCustomizer;
import io.fd.honeycomb.translate.write.WriteContext;
import io.fd.honeycomb.translate.write.WriteFailedException;
import io.fd.vpp.jvpp.acl.future.FutureJVppAclFacade;
import java.util.Collections;
import java.util.List;
+import java.util.stream.Collectors;
import javax.annotation.Nonnull;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214.VppAclsBaseAttributes;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214._interface.acl.attributes.Acl;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214.vpp.acls.base.attributes.VppAcls;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points.Interface;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points._interface.acl.AclSets;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points._interface.acl.acl.sets.AclSet;
import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
/**
* Handles acl assignments(only standard ones, mac-ip have dedicated customizer)
*/
-public class InterfaceAclCustomizer extends FutureJVppAclCustomizer implements WriterCustomizer<Acl> {
+public class InterfaceAclCustomizer extends FutureJVppAclCustomizer implements WriterCustomizer<Interface> {
private final NamingContext interfaceContext;
private final AclContextManager standardAclContext;
+ private final AclContextManager macIpAclContext;
public InterfaceAclCustomizer(@Nonnull final FutureJVppAclFacade jVppAclFacade,
@Nonnull final NamingContext interfaceContext,
- @Nonnull final AclContextManager standardAclContext) {
+ @Nonnull final AclContextManager standardAclContext,
+ @Nonnull final AclContextManager macIpAclContext) {
super(jVppAclFacade);
this.interfaceContext = interfaceContext;
this.standardAclContext = standardAclContext;
+ this.macIpAclContext = macIpAclContext;
+ }
+
+ private static List<String> getAclNames(final AclSets acls) {
+ if (acls == null || acls.getAclSet() == null) {
+ return Collections.emptyList();
+ } else {
+ return acls.getAclSet().stream().map(AclSet::getName).collect(toList());
+ }
}
@Override
- public void writeCurrentAttributes(@Nonnull final InstanceIdentifier<Acl> id, @Nonnull final Acl dataAfter,
+ public void writeCurrentAttributes(@Nonnull final InstanceIdentifier<Interface> id,
+ @Nonnull final Interface dataAfter,
@Nonnull final WriteContext writeContext) throws WriteFailedException {
- AclInterfaceAssignmentRequest.create(writeContext.getMappingContext())
- .standardAclContext(standardAclContext)
- .interfaceContext(interfaceContext)
- .identifier(id)
- .inputAclNames(getAclNames(dataAfter.getIngress()))
- .outputAclNames(getAclNames(dataAfter.getEgress()))
- .executeAsCreate(getjVppAclFacade());
+ AclSets egress = dataAfter.getEgress() != null ? dataAfter.getEgress().getAclSets() : null;
+ AclSets ingress = dataAfter.getIngress() != null ? dataAfter.getIngress().getAclSets() : null;
+ List<String> macIngress = parseMacRules(getAclNames(ingress), writeContext.getMappingContext());
+ List<String> standardIngress = parseStandardRules(getAclNames(ingress), writeContext.getMappingContext());
+ List<String> standardEgress = parseStandardRules(getAclNames(egress), writeContext.getMappingContext());
+
+ // Process standard ACLs
+ if (!standardIngress.isEmpty() || !standardEgress.isEmpty()) {
+ AclInterfaceAssignmentRequest.create(writeContext.getMappingContext())
+ .standardAclContext(standardAclContext)
+ .interfaceContext(interfaceContext)
+ .identifier(id)
+ .inputAclNames(standardIngress)
+ .outputAclNames(standardEgress)
+ .executeAsCreate(getjVppAclFacade());
+ }
+ // Process mac ACLs
+ if (!macIngress.isEmpty()) {
+ addMacAcls(id, writeContext, macIngress);
+ }
}
@Override
- public void updateCurrentAttributes(@Nonnull final InstanceIdentifier<Acl> id, @Nonnull final Acl dataBefore,
- @Nonnull final Acl dataAfter, @Nonnull final WriteContext writeContext)
+ public void updateCurrentAttributes(@Nonnull final InstanceIdentifier<Interface> id,
+ @Nonnull final Interface dataBefore,
+ @Nonnull final Interface dataAfter, @Nonnull final WriteContext writeContext)
throws WriteFailedException {
+ AclSets egress = dataAfter.getEgress() != null ? dataAfter.getEgress().getAclSets() : null;
+ AclSets ingress = dataAfter.getIngress() != null ? dataAfter.getIngress().getAclSets() : null;
+ List<String> standardIngress = parseStandardRules(getAclNames(ingress), writeContext.getMappingContext());
+ List<String> standardEgress = parseStandardRules(getAclNames(egress), writeContext.getMappingContext());
+
+ // update standard ACLs
AclInterfaceAssignmentRequest.create(writeContext.getMappingContext())
.standardAclContext(standardAclContext)
.interfaceContext(interfaceContext)
.identifier(id)
- .inputAclNames(getAclNames(dataAfter.getIngress()))
- .outputAclNames(getAclNames(dataAfter.getEgress()))
+ .inputAclNames(standardIngress)
+ .outputAclNames(standardEgress)
.executeAsUpdate(getjVppAclFacade(), dataBefore, dataAfter);
+
+ // Process mac ACLs
+ AclSets ingressBefore = dataBefore.getIngress() != null ? dataBefore.getIngress().getAclSets() : null;
+ List<String> macIngressAfter = parseMacRules(getAclNames(ingress), writeContext.getMappingContext());
+ List<String> macIngressBefore = parseMacRules(getAclNames(ingressBefore), writeContext.getMappingContext());
+ List<String> added =
+ macIngressAfter.stream().filter(acl -> !macIngressBefore.contains(acl)).collect(Collectors.toList());
+ List<String> removed =
+ macIngressBefore.stream().filter(acl -> !macIngressAfter.contains(acl)).collect(Collectors.toList());
+
+ if (!removed.isEmpty()) {
+ deleteMacACLs(id, writeContext, removed);
+ }
+
+ if (!added.isEmpty()) {
+ addMacAcls(id, writeContext, added);
+ }
}
@Override
- public void deleteCurrentAttributes(@Nonnull final InstanceIdentifier<Acl> id, @Nonnull final Acl dataBefore,
- @Nonnull final WriteContext writeContext) throws WriteFailedException {
- AclInterfaceAssignmentRequest.create(writeContext.getMappingContext())
- .standardAclContext(standardAclContext)
- .interfaceContext(interfaceContext)
- .identifier(id)
- .executeAsDelete(getjVppAclFacade());
+ public void deleteCurrentAttributes(@Nonnull final InstanceIdentifier<Interface> id,
+ @Nonnull final Interface dataBefore, @Nonnull final WriteContext writeContext)
+ throws WriteFailedException {
+ AclSets ingress = dataBefore.getIngress() != null ? dataBefore.getIngress().getAclSets() : null;
+ List<String> standardIngress = parseStandardRules(getAclNames(ingress), writeContext.getMappingContext());
+ List<String> macIngress = parseMacRules(getAclNames(ingress), writeContext.getMappingContext());
+
+ //Process standard ACLs
+ if (!standardIngress.isEmpty()) {
+ AclInterfaceAssignmentRequest.create(writeContext.getMappingContext())
+ .standardAclContext(standardAclContext)
+ .interfaceContext(interfaceContext)
+ .identifier(id)
+ .executeAsDelete(getjVppAclFacade());
+ }
+
+ // Process mac ACLs
+ if (!macIngress.isEmpty()) {
+ deleteMacACLs(id, writeContext, macIngress);
+ }
}
- private static List<String> getAclNames(final VppAclsBaseAttributes acls) {
- if (acls == null || acls.getVppAcls() == null) {
- return Collections.emptyList();
- } else {
- return acls.getVppAcls().stream().map(VppAcls::getName).collect(toList());
+ private List<String> parseMacRules(final List<String> ingress, final MappingContext mappingContext) {
+ return ingress.stream()
+ .filter(aclName -> macIpAclContext.containsAcl(aclName, mappingContext)).collect(Collectors.toList());
+ }
+
+ private List<String> parseStandardRules(final List<String> ingress, final MappingContext mappingContext) {
+ return ingress.stream()
+ .filter(aclName -> standardAclContext.containsAcl(aclName, mappingContext))
+ .collect(Collectors.toList());
+ }
+
+
+ private void addMacAcls(@Nonnull final InstanceIdentifier<Interface> id,
+ @Nonnull final WriteContext writeContext, final List<String> added)
+ throws WriteFailedException {
+ for (String macAcl : added) {
+ MacIpInterfaceAssignmentRequest.addNew(writeContext.getMappingContext())
+ .identifier(id)
+ .aclName(macAcl)
+ .macIpAclContext(macIpAclContext)
+ .interfaceContext(interfaceContext)
+ .execute(getjVppAclFacade());
}
}
+ private void deleteMacACLs(@Nonnull final InstanceIdentifier<Interface> id,
+ @Nonnull final WriteContext writeContext, final List<String> macAcls)
+ throws WriteFailedException {
+ for (String macAcl : macAcls) {
+ deleteExisting(writeContext.getMappingContext())
+ .identifier(id)
+ .aclName(macAcl)
+ .macIpAclContext(macIpAclContext)
+ .interfaceContext(interfaceContext)
+ .execute(getjVppAclFacade());
+ }
+ }
}
+++ /dev/null
-/*
- * Copyright (c) 2016 Cisco and/or its affiliates.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at:
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package io.fd.hc2vpp.acl.write;
-
-import static io.fd.hc2vpp.acl.util.iface.macip.MacIpInterfaceAssignmentRequest.addNew;
-import static io.fd.hc2vpp.acl.util.iface.macip.MacIpInterfaceAssignmentRequest.deleteExisting;
-
-import io.fd.hc2vpp.acl.util.AclContextManager;
-import io.fd.hc2vpp.acl.util.FutureJVppAclCustomizer;
-import io.fd.hc2vpp.common.translate.util.NamingContext;
-import io.fd.honeycomb.translate.spi.write.WriterCustomizer;
-import io.fd.honeycomb.translate.write.WriteContext;
-import io.fd.honeycomb.translate.write.WriteFailedException;
-import io.fd.vpp.jvpp.acl.future.FutureJVppAclFacade;
-import javax.annotation.Nonnull;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214.vpp.macip.acls.base.attributes.VppMacipAcl;
-import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
-
-public class InterfaceAclMacIpCustomizer extends FutureJVppAclCustomizer implements WriterCustomizer<VppMacipAcl> {
-
- private final AclContextManager macIpAclContext;
- private final NamingContext interfaceContext;
-
- public InterfaceAclMacIpCustomizer(@Nonnull final FutureJVppAclFacade jVppAclFacade,
- @Nonnull final AclContextManager macIpAclContext,
- @Nonnull final NamingContext interfaceContext) {
- super(jVppAclFacade);
- this.macIpAclContext = macIpAclContext;
- this.interfaceContext = interfaceContext;
- }
-
- @Override
- public void writeCurrentAttributes(@Nonnull final InstanceIdentifier<VppMacipAcl> id,
- @Nonnull final VppMacipAcl dataAfter,
- @Nonnull final WriteContext writeContext) throws WriteFailedException {
- addNew(writeContext.getMappingContext())
- .identifier(id)
- .aclName(dataAfter.getName())
- .macIpAclContext(macIpAclContext)
- .interfaceContext(interfaceContext)
- .execute(getjVppAclFacade());
- }
-
- @Override
- public void deleteCurrentAttributes(@Nonnull final InstanceIdentifier<VppMacipAcl> id,
- @Nonnull final VppMacipAcl dataBefore,
- @Nonnull final WriteContext writeContext) throws WriteFailedException {
- deleteExisting(writeContext.getMappingContext())
- .identifier(id)
- .aclName(dataBefore.getName())
- .macIpAclContext(macIpAclContext)
- .interfaceContext(interfaceContext)
- .execute(getjVppAclFacade());
- }
-}
+++ /dev/null
-/*
- * Copyright (c) 2018 Cisco and/or its affiliates.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at:
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package io.fd.hc2vpp.acl.write;
-
-import static com.google.common.base.Preconditions.checkArgument;
-import static com.google.common.base.Preconditions.checkNotNull;
-import static com.google.common.base.Preconditions.checkState;
-import static java.lang.String.format;
-import static java.util.Collections.emptyList;
-import static java.util.Optional.ofNullable;
-
-import com.google.common.annotations.VisibleForTesting;
-import com.google.common.base.Optional;
-import com.google.common.collect.ImmutableMap;
-import com.google.common.collect.ImmutableSet;
-import io.fd.hc2vpp.acl.util.acl.AclDataExtractor;
-import io.fd.honeycomb.translate.write.DataValidationFailedException.CreateValidationFailedException;
-import io.fd.honeycomb.translate.write.DataValidationFailedException.DeleteValidationFailedException;
-import io.fd.honeycomb.translate.write.DataValidationFailedException.UpdateValidationFailedException;
-import io.fd.honeycomb.translate.write.Validator;
-import io.fd.honeycomb.translate.write.WriteContext;
-import java.util.Collections;
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
-import java.util.stream.Collectors;
-import javax.annotation.Nonnull;
-import javax.annotation.Nullable;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.AclBase;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.Acl;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.AccessListEntries;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.Ace;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.ace.Matches;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.ace.matches.AceType;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.Interfaces;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.interfaces.Interface;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214.InterfaceAclAttributes;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214.VppAclInterfaceAugmentation;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214.VppAclsBaseAttributes;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214.VppMacipAclsBaseAttributes;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.VppAcl;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.VppMacipAcl;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.access.lists.acl.access.list.entries.ace.matches.ace.type.VppAce;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.access.lists.acl.access.list.entries.ace.matches.ace.type.VppMacipAce;
-import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
-
-public final class VppAclValidator implements Validator<Acl>, AclDataExtractor {
-
- private static final Set<Class<? extends AclBase>> SUPPORTED_ACL_TYPES =
- ImmutableSet.of(VppAcl.class, VppMacipAcl.class);
- private static final Map<Class<? extends AclBase>, Class<? extends AceType>> ACL_ACE_PAIRS =
- ImmutableMap.of(VppAcl.class, VppAce.class, VppMacipAcl.class, VppMacipAce.class);
-
- @Override
- public void validateWrite(final InstanceIdentifier<Acl> id, final Acl dataAfter, final WriteContext ctx)
- throws CreateValidationFailedException {
- try {
- validateAcl(dataAfter);
- } catch (RuntimeException e) {
- throw new CreateValidationFailedException(id, dataAfter, e);
- }
- }
-
- @Override
- public void validateUpdate(final InstanceIdentifier<Acl> id, final Acl dataBefore, final Acl dataAfter,
- final WriteContext ctx) throws UpdateValidationFailedException {
- try {
- validateAcl(dataAfter);
- } catch (RuntimeException e) {
- throw new UpdateValidationFailedException(id, dataBefore, dataAfter, e);
- }
- }
-
- @Override
- public void validateDelete(final InstanceIdentifier<Acl> id, final Acl dataBefore, final WriteContext ctx)
- throws DeleteValidationFailedException {
- try {
- validateAcl(dataBefore);
- final List<Interface> references = checkAclReferenced(ctx, dataBefore);
- // references must be check, to not leave dead references in configuration
- checkState(references.isEmpty(),
- "%s cannot be removed, it is referenced in following interfaces %s", dataBefore, references);
- } catch (RuntimeException e) {
- throw new DeleteValidationFailedException(id, e);
- }
- }
-
- private static void validateAcl(@Nonnull final Acl acl) {
- hasAceList(acl);
- isSupportedAclType(acl);
- hasConsistentAceTypeForAclType(acl);
- }
-
- private static void hasAceList(final Acl acl) {
- final AccessListEntries accessListEntries = acl.getAccessListEntries();
- checkArgument(accessListEntries != null, "The access-list-entries container is not defined.");
- final List<Ace> ace = accessListEntries.getAce();
- checkArgument(ace != null, "The ace list is not defined.");
- checkArgument(!ace.isEmpty(), "The ace list is empty.");
- }
-
- private static void isSupportedAclType(final Acl acl) {
- checkArgument(SUPPORTED_ACL_TYPES.contains(acl.getAclType()),
- "Unsupported Acl type %s detected for acl %s, allowed types are %s", acl.getAclType(),
- acl.getAclName(), SUPPORTED_ACL_TYPES);
- }
-
- private static void hasConsistentAceTypeForAclType(final Acl acl) {
- checkTypesSame(acl.getAccessListEntries().getAce(), acl.getAclName(),
- checkNotNull(ACL_ACE_PAIRS.get(acl.getAclType()), "Unsupported ACL type %s for ACL %s",
- acl.getAclType(), acl.getAclName()));
- }
-
- private static void checkTypesSame(final List<Ace> aces, final String aclName,
- final Class<? extends AceType> aceType) {
- final Set<AceType> unsupportedAceTypes = aces.stream()
- .map(Ace::getMatches)
- .map(Matches::getAceType)
- .filter(aceType::equals)
- .collect(Collectors.toSet());
- checkArgument(unsupportedAceTypes.isEmpty(), "Detected unsupported ace types [%s] for ACL %s, expected %s",
- unsupportedAceTypes, aclName, aceType);
- }
-
- @VisibleForTesting
- static List<Interface> checkAclReferenced(@Nonnull final WriteContext writeContext,
- @Nonnull final Acl acl) {
- final Optional<Interfaces> readAfter = writeContext.readAfter(InstanceIdentifier.create(Interfaces.class));
- if (!readAfter.isPresent() || readAfter.get().getInterface() == null) {
- return Collections.emptyList();
- }
-
- final List<Interface> interfaces = readAfter.get().getInterface();
- final Class<? extends AclBase> aclType = acl.getAclType();
- final String aclName = acl.getAclName();
-
- if (aclType.equals(VppAcl.class)) {
- return interfaces.stream()
- .filter(iface -> ofNullable(iface.augmentation(VppAclInterfaceAugmentation.class))
- .map(InterfaceAclAttributes::getAcl)
- .filter(references ->
- checkVppAcls(references.getIngress(), aclName) ||
- checkVppAcls(references.getEgress(), aclName)).isPresent()
- ).collect(Collectors.toList());
- } else if (aclType.equals(VppMacipAcl.class)) {
- return interfaces.stream()
- .filter(iface -> ofNullable(iface.augmentation(VppAclInterfaceAugmentation.class))
- .map(InterfaceAclAttributes::getAcl)
- .map(aclAttr -> aclAttr.getIngress())
- .map(VppMacipAclsBaseAttributes::getVppMacipAcl)
- .filter(vppMacipAcl -> vppMacipAcl.getName().equals(aclName))
- .isPresent())
- .collect(Collectors.toList());
- } else {
- throw new IllegalArgumentException(format("Acl type %s not supported", aclType));
- }
- }
-
- private static boolean checkVppAcls(@Nullable final VppAclsBaseAttributes attrs, @Nonnull final String name) {
- return ofNullable(attrs).map(VppAclsBaseAttributes::getVppAcls)
- .orElse(emptyList())
- .stream().anyMatch(acl -> acl.getName().equals(name));
- }
-}
/**
* Created by jsrnicek on 12.12.2016.
*/
-class AbstractAclWriterFactory {
+abstract class AbstractAclWriterFactory {
@Inject
- protected FutureJVppAclFacade futureAclFacade;
+ FutureJVppAclFacade futureAclFacade;
@Inject
@Named(AclModule.STANDARD_ACL_CONTEXT_NAME)
@Inject
@Named(AclModule.MAC_IP_ACL_CONTEXT_NAME)
- protected AclContextManager macIpAClContext;
+ protected AclContextManager macIpAclContext;
@Inject
@Named("interface-context")
--- /dev/null
+/*
+ * Copyright (c) 2016 Cisco and/or its affiliates.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.fd.hc2vpp.acl.write.factory;
+
+import io.fd.hc2vpp.acl.AclIIds;
+import io.fd.hc2vpp.acl.write.AclCustomizer;
+import io.fd.hc2vpp.acl.write.AclValidator;
+import io.fd.honeycomb.translate.impl.write.GenericListWriter;
+import io.fd.honeycomb.translate.write.WriterFactory;
+import io.fd.honeycomb.translate.write.registry.ModifiableWriterRegistryBuilder;
+import javax.annotation.Nonnull;
+
+public class AclWriterFactory extends AbstractAclWriterFactory implements WriterFactory {
+
+ @Override
+ public void init(@Nonnull final ModifiableWriterRegistryBuilder registry) {
+
+ registry.subtreeAddBefore(AclIIds.vppAclChildren(AclIIds.ACL),
+ new GenericListWriter<>(AclIIds.ACLS_ACL,
+ new AclCustomizer(futureAclFacade, standardAclContext, macIpAclContext),
+ new AclValidator()
+ ),
+ AclIIds.aclHandledChildren(AclIIds.IFC_ACL));
+ }
+}
package io.fd.hc2vpp.acl.write.factory;
import com.google.common.collect.ImmutableSet;
+import io.fd.hc2vpp.acl.AclIIds;
import io.fd.hc2vpp.acl.write.InterfaceAclCustomizer;
-import io.fd.hc2vpp.acl.write.InterfaceAclMacIpCustomizer;
import io.fd.honeycomb.translate.impl.write.GenericWriter;
import io.fd.honeycomb.translate.write.WriterFactory;
import io.fd.honeycomb.translate.write.registry.ModifiableWriterRegistryBuilder;
import java.util.Set;
import javax.annotation.Nonnull;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.Interfaces;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.interfaces.Interface;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214.VppAclInterfaceAugmentation;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214._interface.acl.attributes.Acl;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214._interface.acl.attributes.acl.Egress;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214._interface.acl.attributes.acl.Ingress;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214.vpp.acls.base.attributes.VppAcls;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214.vpp.macip.acls.base.attributes.VppMacipAcl;
import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
public class InterfaceAclWriterFactory extends AbstractAclWriterFactory implements WriterFactory {
- static final InstanceIdentifier<Acl> ACL_IID =
- InstanceIdentifier.create(Interfaces.class).child(Interface.class)
- .augmentation(VppAclInterfaceAugmentation.class).child(Acl.class);
- private static final InstanceIdentifier<Interface> IFC_ID =
- InstanceIdentifier.create(Interfaces.class).child(Interface.class);
-
-
@Override
public void init(@Nonnull final ModifiableWriterRegistryBuilder registry) {
- registry.subtreeAddAfter(aclHandledChildren(InstanceIdentifier.create(Acl.class)),
- new GenericWriter<>(ACL_IID,
- new InterfaceAclCustomizer(futureAclFacade, interfaceContext, standardAclContext)), IFC_ID);
-
- registry.addAfter(new GenericWriter<>(ACL_IID.child(Ingress.class).child(VppMacipAcl.class),
- new InterfaceAclMacIpCustomizer(futureAclFacade, macIpAClContext, interfaceContext)), IFC_ID);
+ registry.subtreeAddAfter(AclIIds.aclHandledChildren(AclIIds.IFC_ACL),
+ new GenericWriter<>(AclIIds.ACLS_AP_INT,
+ new InterfaceAclCustomizer(futureAclFacade, interfaceContext, standardAclContext,
+ macIpAclContext)),
+ aclRequiredIids());
}
- static Set<InstanceIdentifier<?>> aclHandledChildren(final InstanceIdentifier<Acl> parentId) {
- return ImmutableSet.of(parentId.child(Ingress.class),
- parentId.child(Ingress.class).child(VppAcls.class),
- parentId.child(Egress.class),
- parentId.child(Egress.class).child(VppAcls.class));
+ static Set<InstanceIdentifier<?>> aclRequiredIids() {
+ return ImmutableSet.of(AclIIds.IFC, AclIIds.IFC_ACL, AclIIds.ACLS_ACL);
}
}
+++ /dev/null
-/*
- * Copyright (c) 2016 Cisco and/or its affiliates.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at:
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package io.fd.hc2vpp.acl.write.factory;
-
-import static io.fd.hc2vpp.acl.write.factory.InterfaceAclWriterFactory.ACL_IID;
-import static io.fd.hc2vpp.acl.write.factory.InterfaceAclWriterFactory.aclHandledChildren;
-
-import io.fd.hc2vpp.acl.util.factory.AclFactory;
-import io.fd.hc2vpp.acl.write.VppAclCustomizer;
-import io.fd.hc2vpp.acl.write.VppAclValidator;
-import io.fd.honeycomb.translate.impl.write.GenericListWriter;
-import io.fd.honeycomb.translate.write.WriterFactory;
-import io.fd.honeycomb.translate.write.registry.ModifiableWriterRegistryBuilder;
-import javax.annotation.Nonnull;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.AccessLists;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.Acl;
-import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
-
-public class VppAclWriterFactory extends AbstractAclWriterFactory implements WriterFactory, AclFactory {
-
- @Override
- public void init(@Nonnull final ModifiableWriterRegistryBuilder registry) {
- final InstanceIdentifier<AccessLists> rootNode = InstanceIdentifier.create(AccessLists.class);
-
- registry.subtreeAddBefore(vppAclChildren(InstanceIdentifier.create(Acl.class)),
- new GenericListWriter<>(rootNode.child(Acl.class),
- new VppAclCustomizer(futureAclFacade, standardAclContext, macIpAClContext),
- new VppAclValidator()
- ),
- aclHandledChildren(ACL_IID));
- }
-}
* limitations under the License.
*/
-package io.fd.hc2vpp.acl.util.acl;
+package io.fd.hc2vpp.acl.write.request;
import io.fd.hc2vpp.acl.util.AclContextManager;
import io.fd.hc2vpp.acl.util.ace.AceConverter;
+import io.fd.hc2vpp.acl.util.acl.AclDataExtractor;
import io.fd.hc2vpp.common.translate.util.JvppReplyConsumer;
import io.fd.honeycomb.translate.MappingContext;
import io.fd.honeycomb.translate.write.WriteFailedException;
import io.fd.vpp.jvpp.acl.future.FutureJVppAclFacade;
import java.util.List;
import javax.annotation.Nonnull;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.Acl;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.Ace;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.Acl;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.Ace;
import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
-/**
- * Write standard and mac-ip acls
- */
-public interface AclWriter extends AclDataExtractor, AceConverter, JvppReplyConsumer {
+public class AclAddReplaceRequest implements AclDataExtractor, AceConverter, JvppReplyConsumer {
int ACL_INDEX_CREATE_NEW = -1;
+ private final FutureJVppAclFacade futureFacade;
+ private final MappingContext mappingContext;
+
+ public AclAddReplaceRequest(@Nonnull final FutureJVppAclFacade futureFacade,
+ @Nonnull final MappingContext mappingContext) {
+ this.futureFacade = futureFacade;
+ this.mappingContext = mappingContext;
+ }
- default void addStandardAcl(@Nonnull final FutureJVppAclFacade futureFacade,
- @Nonnull final InstanceIdentifier<Acl> id, @Nonnull final Acl acl,
- @Nonnull final AclContextManager standardAclContext,
- @Nonnull final MappingContext mappingContext) throws WriteFailedException {
+
+ public void addStandardAcl(@Nonnull final InstanceIdentifier<Acl> id, @Nonnull final Acl acl,
+ @Nonnull final AclContextManager standardAclContext) throws WriteFailedException {
final AclAddReplace request = new AclAddReplace();
getReplyForWrite(futureFacade.aclAddReplace(request).toCompletableFuture(), id);
// maps new acl to returned index
- standardAclContext.addAcl(reply.aclIndex, acl.getAclName(), aces, mappingContext);
+ standardAclContext.addAcl(reply.aclIndex, acl.getName(), aces, mappingContext);
}
// according to vpp team, this was tested extensively, and should work
- default void updateStandardAcl(@Nonnull final FutureJVppAclFacade futureFacade,
- @Nonnull final InstanceIdentifier<Acl> id, @Nonnull final Acl acl,
- @Nonnull final AclContextManager standardAclContext,
- @Nonnull final MappingContext mappingContext) throws WriteFailedException {
+ public void updateStandardAcl(@Nonnull final InstanceIdentifier<Acl> id, @Nonnull final Acl acl,
+ @Nonnull final AclContextManager standardAclContext) throws WriteFailedException {
final AclAddReplace request = new AclAddReplace();
request.tag = getAclTag(acl);
// by setting existing index, request is resolved as update
- request.aclIndex = standardAclContext.getAclIndex(acl.getAclName(), mappingContext);
+ request.aclIndex = standardAclContext.getAclIndex(acl.getName(), mappingContext);
final List<Ace> aces = getAces(acl);
request.r = toStandardAclRules(aces);
request.count = request.r.length;
- final AclAddReplaceReply reply = getReplyForWrite(futureFacade.aclAddReplace(request).toCompletableFuture(), id);
+ final AclAddReplaceReply reply =
+ getReplyForWrite(futureFacade.aclAddReplace(request).toCompletableFuture(), id);
// overwrites existing acl metadata (aces might have been changed):
- standardAclContext.addAcl(reply.aclIndex, acl.getAclName(), aces, mappingContext);
+ standardAclContext.addAcl(reply.aclIndex, acl.getName(), aces, mappingContext);
}
- default void deleteStandardAcl(@Nonnull final FutureJVppAclFacade futureFacade,
- @Nonnull final InstanceIdentifier<Acl> id, @Nonnull final Acl acl,
- @Nonnull final AclContextManager standardAclContext,
- @Nonnull final MappingContext mappingContext) throws WriteFailedException {
+ public void deleteStandardAcl(@Nonnull final InstanceIdentifier<Acl> id, @Nonnull final Acl acl,
+ @Nonnull final AclContextManager standardAclContext) throws WriteFailedException {
final AclDel request = new AclDel();
- final String aclName = acl.getAclName();
+ final String aclName = acl.getName();
request.aclIndex = standardAclContext.getAclIndex(aclName, mappingContext);
getReplyForDelete(futureFacade.aclDel(request).toCompletableFuture(), id);
standardAclContext.removeAcl(aclName, mappingContext);
}
- default void addMacIpAcl(@Nonnull final FutureJVppAclFacade futureFacade,
- @Nonnull final InstanceIdentifier<Acl> id, @Nonnull final Acl acl,
- @Nonnull final AclContextManager macIpAclContext,
- @Nonnull final MappingContext mappingContext) throws WriteFailedException {
+ public void addMacIpAcl(@Nonnull final InstanceIdentifier<Acl> id, @Nonnull final Acl acl,
+ @Nonnull final AclContextManager macIpAclContext) throws WriteFailedException {
final MacipAclAdd request = new MacipAclAdd();
request.tag = getAclTag(acl);
final MacipAclAddReply reply = getReplyForWrite(futureFacade.macipAclAdd(request).toCompletableFuture(), id);
// map mac-ip acl to returned index
- macIpAclContext.addAcl(reply.aclIndex, acl.getAclName(), aces, mappingContext);
+ macIpAclContext.addAcl(reply.aclIndex, acl.getName(), aces, mappingContext);
}
- default void deleteMacIpAcl(@Nonnull final FutureJVppAclFacade futureFacade,
- @Nonnull final InstanceIdentifier<Acl> id, @Nonnull final Acl acl,
- @Nonnull final AclContextManager macIpAclContext,
- @Nonnull final MappingContext mappingContext) throws WriteFailedException {
+ public void deleteMacIpAcl(@Nonnull final InstanceIdentifier<Acl> id, @Nonnull final Acl acl,
+ @Nonnull final AclContextManager macIpAclContext) throws WriteFailedException {
final MacipAclDel request = new MacipAclDel();
- final String aclName = acl.getAclName();
+ final String aclName = acl.getName();
request.aclIndex = macIpAclContext.getAclIndex(aclName, mappingContext);
getReplyForDelete(futureFacade.macipAclDel(request).toCompletableFuture(), id);
*/
-package io.fd.hc2vpp.acl.util.iface.acl;
+package io.fd.hc2vpp.acl.write.request;
import static com.google.common.base.Preconditions.checkNotNull;
import java.util.List;
import java.util.stream.Stream;
import javax.annotation.Nonnull;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.interfaces.Interface;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214._interface.acl.attributes.Acl;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points.Interface;
import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
private static final Logger LOG = LoggerFactory.getLogger(AclInterfaceAssignmentRequest.class);
private final MappingContext mappingContext;
- private InstanceIdentifier<Acl> identifier;
+ private InstanceIdentifier<org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points.Interface>
+ identifier;
private List<String> inputAclNames = Collections.emptyList();
private List<String> outputAclNames = Collections.emptyList();
private AclContextManager standardAclContext;
}
public AclInterfaceAssignmentRequest identifier(
- @Nonnull final InstanceIdentifier<Acl> identifier) {
+ @Nonnull final InstanceIdentifier<org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points.Interface> identifier) {
this.identifier = identifier;
return this;
}
public void executeAsCreate(@Nonnull final FutureJVppAclFacade api) throws WriteFailedException {
checkValidRequest();
- final String interfaceName = identifier.firstKeyOf(Interface.class).getName();
+ final String interfaceName = identifier.firstKeyOf(Interface.class).getInterfaceId();
// locking on mapping context, to prevent modifying of mappings (for both contexts) during binding/execution of request
synchronized (mappingContext) {
}
}
- public void executeAsUpdate(@Nonnull final FutureJVppAclFacade api, final Acl before, final Acl after)
+ public void executeAsUpdate(@Nonnull final FutureJVppAclFacade api,
+ final org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points.Interface before,
+ final org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points.Interface after)
throws WriteFailedException {
checkValidRequest();
- final String interfaceName = identifier.firstKeyOf(Interface.class).getName();
+ final String interfaceName = identifier.firstKeyOf(Interface.class).getInterfaceId();
// locking on mapping context, to prevent modifying of mappings (for both contexts) during binding/execution of request
synchronized (mappingContext) {
public void executeAsDelete(@Nonnull final FutureJVppAclFacade api) throws WriteFailedException {
checkValidRequest();
- final String interfaceName = identifier.firstKeyOf(Interface.class).getName();
+ final String interfaceName = identifier.firstKeyOf(Interface.class).getInterfaceId();
// locking on mapping context, to prevent modifying of mappings (for both contexts) during binding/execution of request
synchronized (mappingContext) {
*/
-package io.fd.hc2vpp.acl.util.iface.macip;
+package io.fd.hc2vpp.acl.write.request;
import static com.google.common.base.Preconditions.checkNotNull;
import io.fd.vpp.jvpp.acl.dto.MacipAclInterfaceAddDel;
import io.fd.vpp.jvpp.acl.future.FutureJVppAclFacade;
import javax.annotation.Nonnull;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.interfaces.Interface;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214.vpp.macip.acls.base.attributes.VppMacipAcl;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points.Interface;
import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
private final boolean isNew;
private final MappingContext mappingContext;
- private InstanceIdentifier<VppMacipAcl> identifier;
+ private InstanceIdentifier<org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points.Interface>
+ identifier;
private String aclName;
private AclContextManager macIpAclContext;
private NamingContext interfaceContext;
return new MacIpInterfaceAssignmentRequest(false, mappingContext);
}
- public MacIpInterfaceAssignmentRequest identifier(@Nonnull final InstanceIdentifier<VppMacipAcl> identifier) {
+ public MacIpInterfaceAssignmentRequest identifier(
+ @Nonnull final InstanceIdentifier<org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points.Interface> identifier) {
this.identifier = identifier;
return this;
}
synchronized (mappingContext) {
checkValidRequest();
- final String interfaceName = identifier.firstKeyOf(Interface.class).getName();
+ final String interfaceName = identifier.firstKeyOf(Interface.class).getInterfaceId();
MacipAclInterfaceAddDel request = new MacipAclInterfaceAddDel();
request.isAdd = booleanToByte(isNew);
.getInstance(),
org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.$YangModuleInfoImpl
.getInstance(),
- org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev160708.$YangModuleInfoImpl
+ org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev181001.$YangModuleInfoImpl
.getInstance(),
- org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.$YangModuleInfoImpl
+ org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.$YangModuleInfoImpl
.getInstance(),
- org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214.$YangModuleInfoImpl
- .getInstance(),
- org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.$YangModuleInfoImpl
+ org.opendaylight.yang.gen.v1.http.fd.io.hc2vpp.yang.vpp.acl.rev181022.$YangModuleInfoImpl
.getInstance()));
return context;
}
import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.when;
+import io.fd.hc2vpp.acl.AclIIds;
import io.fd.hc2vpp.acl.util.AclContextManager;
import io.fd.hc2vpp.common.test.read.InitializingListReaderCustomizerTest;
import io.fd.hc2vpp.common.translate.util.NamingContext;
import io.fd.vpp.jvpp.acl.dto.AclInterfaceListDetails;
import io.fd.vpp.jvpp.acl.dto.AclInterfaceListDetailsReplyDump;
import io.fd.vpp.jvpp.acl.dto.AclInterfaceListDump;
+import io.fd.vpp.jvpp.acl.dto.MacipAclInterfaceGetReply;
+import io.fd.vpp.jvpp.acl.dto.MacipAclInterfaceListDetails;
+import io.fd.vpp.jvpp.acl.dto.MacipAclInterfaceListDetailsReplyDump;
import io.fd.vpp.jvpp.acl.future.FutureJVppAclFacade;
import java.util.ArrayList;
+import java.util.Collections;
import javax.annotation.Nonnull;
import org.junit.Test;
import org.mockito.Mock;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.InterfacesState;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.interfaces.state.Interface;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.interfaces.state.InterfaceKey;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214.VppAclInterfaceStateAugmentation;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214._interface.acl.attributes.Acl;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214.vpp.acls.base.attributes.VppAcls;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214.vpp.acls.base.attributes.VppAclsBuilder;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214.vpp.acls.base.attributes.VppAclsKey;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.VppAcl;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points.Interface;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points.InterfaceKey;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points._interface.acl.acl.sets.AclSet;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points._interface.acl.acl.sets.AclSetBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points._interface.acl.acl.sets.AclSetKey;
import org.opendaylight.yangtools.concepts.Builder;
import org.opendaylight.yangtools.yang.binding.DataObject;
import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
+import org.opendaylight.yangtools.yang.binding.KeyedInstanceIdentifier;
-public abstract class AbstractVppAclCustomizerTest
- extends InitializingListReaderCustomizerTest<VppAcls, VppAclsKey, VppAclsBuilder> {
+public abstract class AbstractAclCustomizerTest
+ extends InitializingListReaderCustomizerTest<AclSet, AclSetKey, AclSetBuilder> {
protected static final String IF_NAME = "eth1";
protected static final int IF_ID = 1;
+ protected static final int ACL_ID = 1;
+ protected static final int ACL_MAC_ID = 2;
+ private static final String ACL_NAME = "acl-name";
+ private static final String ACL_MAC_NAME = "acl-mac-name";
protected static final String IF_NAME_NO_ACL = "eth2";
protected static final int IF_ID_NO_ACL = 2;
@Mock
protected AclContextManager standardAclContext;
- protected AbstractVppAclCustomizerTest(final Class<? extends Builder<? extends DataObject>> parentBuilderClass) {
- super(VppAcls.class, parentBuilderClass);
+ @Mock
+ protected AclContextManager macIpAclContext;
+
+ protected AbstractAclCustomizerTest(final Class<? extends Builder<? extends DataObject>> parentBuilderClass) {
+ super(AclSet.class, parentBuilderClass);
}
- protected static InstanceIdentifier<Acl> getAclId(final String ifName) {
- return InstanceIdentifier.create(InterfacesState.class).child(Interface.class, new InterfaceKey(ifName))
- .augmentation(VppAclInterfaceStateAugmentation.class).child(Acl.class);
+ protected static KeyedInstanceIdentifier<Interface, InterfaceKey> getAclId(final String ifName) {
+ return AclIIds.ACLS_AP.child(Interface.class, new InterfaceKey(ifName));
}
@Override
protected void setUp() throws Exception {
defineMapping(mappingContext, IF_NAME, IF_ID, IFC_CTX_NAME);
defineMapping(mappingContext, IF_NAME_NO_ACL, IF_ID_NO_ACL, IFC_CTX_NAME);
+ when(macIpAclContext.getAclName(ACL_MAC_ID, mappingContext)).thenReturn(ACL_MAC_NAME);
+ when(standardAclContext.getAclName(ACL_ID, mappingContext)).thenReturn(ACL_NAME);
+ when(macIpAclContext.containsAcl(ACL_MAC_NAME, mappingContext)).thenReturn(true);
+ when(standardAclContext.containsAcl(ACL_NAME, mappingContext)).thenReturn(true);
+ final MacipAclInterfaceListDetailsReplyDump macReply = macAaclInterfaceDump(0);
+ when(aclApi.macipAclInterfaceListDump(any())).thenReturn(future(macReply));
+ final AclInterfaceListDetailsReplyDump reply = aclInterfaceDump((byte) 0);
+ when(aclApi.aclInterfaceListDump(any())).thenReturn(future(reply));
}
@Test
public void testGetAllIdsNoAclConfigured() throws ReadFailedException {
- final AclInterfaceListDetailsReplyDump reply = aclInterfaceDump((byte) 0);
- when(aclApi.aclInterfaceListDump(any())).thenReturn(future(reply));
assertTrue(getCustomizer().getAllIds(getWildcardedIid(IF_NAME), ctx).isEmpty());
}
@Test
public void testRead() throws ReadFailedException {
final String aclName = "acl-name";
- final Class<VppAcl> aclType = VppAcl.class;
defineMapping(mappingContext, aclName, 1, ACL_CTX_NAME);
final AclDetailsReplyDump reply = new AclDetailsReplyDump();
reply.aclDetails.add(detail);
when(aclApi.aclDump(any())).thenReturn(future(reply));
- final VppAclsBuilder builder = mock(VppAclsBuilder.class);
- getCustomizer().readCurrentAttributes(getIid(IF_NAME, new VppAclsKey(aclName, aclType)), builder, ctx);
+ final AclSetBuilder builder = mock(AclSetBuilder.class);
+ getCustomizer().readCurrentAttributes(getIid(IF_NAME, new AclSetKey(aclName)), builder, ctx);
verify(builder).setName(aclName);
- verify(builder).setType(aclType);
}
@Test
public void testReadAllTwoIfacesInOneTx() throws ReadFailedException {
final AclInterfaceListDetailsReplyDump reply = aclInterfaceDump((byte) 2, "acl1", "acl2", "acl3");
+ final MacipAclInterfaceListDetailsReplyDump macReply = macAaclInterfaceDump(0);
+ final MacipAclInterfaceListDetailsReplyDump macReply2 = macAaclInterfaceDump(1);
+ final MacipAclInterfaceGetReply interfaceGet = macipAclInterfaceGetReply();
+
+
when(aclApi.aclInterfaceListDump(aclInterfaceRequest(IF_ID))).thenReturn(future(reply));
+ when(aclApi.macipAclInterfaceListDump(any())).thenReturn(future(macReply));
+ when(aclApi.macipAclInterfaceGet(any())).thenReturn(future(interfaceGet));
when(aclApi.aclInterfaceListDump(aclInterfaceRequest(IF_ID_NO_ACL)))
- .thenReturn(future(aclInterfaceDump((byte) 0)));
+ .thenReturn(future(aclInterfaceDump((byte) 0)));
// read all for interface with defined ACLs:
assertFalse(getCustomizer().getAllIds(getWildcardedIid(IF_NAME), ctx).isEmpty());
assertEquals(0, getCustomizer().getAllIds(getWildcardedIid(IF_NAME_NO_ACL), ctx).size());
}
+ protected MacipAclInterfaceGetReply macipAclInterfaceGetReply(final String... aclNames) {
+ final MacipAclInterfaceGetReply reply = new MacipAclInterfaceGetReply();
+ reply.acls = new int[aclNames.length];
+ for (int i = 0; i < aclNames.length; ++i) {
+ defineMapping(mappingContext, aclNames[i], i, ACL_CTX_NAME);
+ reply.acls[i] = i;
+ }
+ reply.count = (byte) aclNames.length;
+ return reply;
+ }
+
@Test
public void testInit() {
final String aclName = "acl-name";
- final Class<VppAcl> aclType = VppAcl.class;
defineMapping(mappingContext, aclName, 1, ACL_CTX_NAME);
- final VppAcls readValue = new VppAclsBuilder().build();
+ final AclSet readValue = new AclSetBuilder().build();
final Initialized<? extends DataObject> cfgValue =
- getCustomizer().init(getIid(IF_NAME, new VppAclsKey(aclName, aclType)), readValue, ctx);
+ getCustomizer().init(getIid(IF_NAME, new AclSetKey(aclName)), readValue, ctx);
assertEquals(readValue, cfgValue.getData());
- assertNotNull(cfgValue.getId().firstKeyOf(
- org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.interfaces.Interface.class));
- assertEquals(cfgValue.getId().getTargetType(), VppAcls.class);
+ assertNotNull(cfgValue.getId().firstKeyOf(Interface.class));
+ assertEquals(cfgValue.getId().getTargetType(), AclSet.class);
}
protected AclInterfaceListDump aclInterfaceRequest(final int swIfIndex) {
defineMapping(mappingContext, aclNames[i], i, ACL_CTX_NAME);
details.acls[i] = i;
}
+ details.count = (byte) aclNames.length;
details.nInput = nInput;
reply.aclInterfaceListDetails.add(details);
return reply;
}
- protected abstract InstanceIdentifier<VppAcls> getWildcardedIid(@Nonnull final String ifName);
+ protected MacipAclInterfaceListDetailsReplyDump macAaclInterfaceDump(int swIfIndex, final String... aclNames) {
+ final MacipAclInterfaceListDetailsReplyDump assignedAcls = new MacipAclInterfaceListDetailsReplyDump();
+
+ MacipAclInterfaceListDetails details = new MacipAclInterfaceListDetails();
+ details.swIfIndex = swIfIndex;
+ details.count = (byte) aclNames.length;
+ details.acls = new int[aclNames.length];
+ for (int i = 0; i < aclNames.length; ++i) {
+ defineMapping(mappingContext, aclNames[i], i, ACL_CTX_NAME);
+ details.acls[i] = i;
+ }
+
+ assignedAcls.macipAclInterfaceListDetails.add(details);
+ assignedAcls.macipAclInterfaceListDetails = Collections.singletonList(details);
+
+ return assignedAcls;
+ }
+
+ protected abstract InstanceIdentifier<AclSet> getWildcardedIid(@Nonnull final String ifName);
- protected abstract InstanceIdentifier<VppAcls> getIid(@Nonnull final String ifName, @Nonnull final VppAclsKey key);
+ protected abstract InstanceIdentifier<AclSet> getIid(@Nonnull final String ifName, @Nonnull final AclSetKey key);
}
\ No newline at end of file
import java.util.List;
import org.junit.Test;
import org.mockito.Mock;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.AccessLists;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.AccessListsBuilder;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.Acl;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.AclBuilder;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.AclKey;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.Ace;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.ace.actions.packet.handling.Deny;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.VppAcl;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.VppMacipAcl;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.access.lists.acl.access.list.entries.ace.matches.ace.type.VppAce;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.access.lists.acl.access.list.entries.ace.matches.ace.type.vpp.ace.VppAceNodes;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.acl.ip.protocol.header.fields.ip.protocol.Other;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.Acls;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.AclsBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.Drop;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.Acl;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.AclBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.AclKey;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.Ace;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.L4;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l4.Icmp;
import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
import org.opendaylight.yangtools.yang.binding.KeyedInstanceIdentifier;
private static final String MACIP_ACL_NAME = "vpp-macip-acl";
private static final String MACIP_ACE_NAME = "vpp-macip-ace";
private static final int MACIP_ACL_INDEX = 456;
- private static final short PROTOCOL = 2;
+ private static final short PROTOCOL = 1;
@Mock
private FutureJVppAclFacade aclApi;
@Mock
@Mock
private AclContextManager macipAclContext;
private KeyedInstanceIdentifier<Acl, AclKey> ACL_IID =
- InstanceIdentifier.create(AccessLists.class).child(Acl.class, new AclKey(
- ACL_NAME, VppAcl.class));
+ InstanceIdentifier.create(Acls.class).child(Acl.class, new AclKey(ACL_NAME));
private KeyedInstanceIdentifier<Acl, AclKey> MACIP_ACL_IID =
- InstanceIdentifier.create(AccessLists.class).child(Acl.class, new AclKey(MACIP_ACL_NAME, VppMacipAcl.class));
+ InstanceIdentifier.create(Acls.class).child(Acl.class, new AclKey(MACIP_ACL_NAME));
public AclCustomizerTest() {
- super(Acl.class, AccessListsBuilder.class);
+ super(Acl.class, AclsBuilder.class);
}
@Override
when(standardAclContext.getAclName(ACL_INDEX, mappingContext)).thenReturn(ACL_NAME);
when(standardAclContext.getAclIndex(ACL_NAME, mappingContext)).thenReturn(ACL_INDEX);
when(standardAclContext.getAceName(ACL_NAME, 0, mappingContext)).thenReturn(ACE_NAME);
+ when(standardAclContext.containsAcl(ACL_NAME, mappingContext)).thenReturn(true);
when(macipAclContext.getAclName(MACIP_ACL_INDEX, mappingContext)).thenReturn(MACIP_ACL_NAME);
when(macipAclContext.getAclIndex(MACIP_ACL_NAME, mappingContext)).thenReturn(MACIP_ACL_INDEX);
when(macipAclContext.getAceName(MACIP_ACL_NAME, 0, mappingContext)).thenReturn(MACIP_ACE_NAME);
+ when(macipAclContext.containsAcl(MACIP_ACL_NAME, mappingContext)).thenReturn(true);
}
@Test
public void testGetAllIds() throws ReadFailedException {
- final List<AclKey> allIds = getCustomizer().getAllIds(InstanceIdentifier.create(AccessLists.class).child(Acl.class), ctx);
+ final List<AclKey> allIds =
+ getCustomizer().getAllIds(InstanceIdentifier.create(Acls.class).child(Acl.class), ctx);
assertEquals(2, allIds.size());
assertEquals(ACL_IID.getKey(), allIds.get(0));
assertEquals(MACIP_ACL_IID.getKey(), allIds.get(1));
final AclBuilder builder = new AclBuilder();
getCustomizer().readCurrentAttributes(ACL_IID, builder, ctx);
assertEquals(ACL_IID.getKey(), builder.key());
- final List<Ace> aces = builder.getAccessListEntries().getAce();
+ final List<Ace> aces = builder.getAces().getAce();
assertEquals(1, aces.size());
final Ace ace = aces.get(0);
- assertEquals(ACE_NAME, ace.key().getRuleName());
- assertTrue(ace.getActions().getPacketHandling() instanceof Deny);
- final VppAceNodes nodes = ((VppAce) (ace.getMatches().getAceType())).getVppAceNodes();
- assertEquals(PROTOCOL, ((Other) nodes.getIpProtocol()).getOtherNodes().getProtocol().shortValue());
-
+ assertEquals(ACE_NAME, ace.key().getName());
+ assertTrue(ace.getActions().getForwarding().equals(Drop.class));
+ final L4 l4 = ((ace.getMatches())).getL4();
+ assertEquals(Icmp.class, l4.getImplementedInterface());
}
@Test
final AclBuilder builder = new AclBuilder();
getCustomizer().readCurrentAttributes(MACIP_ACL_IID, builder, ctx);
assertEquals(MACIP_ACL_IID.getKey(), builder.key());
- final List<Ace> aces = builder.getAccessListEntries().getAce();
+ final List<Ace> aces = builder.getAces().getAce();
assertEquals(1, aces.size());
final Ace ace = aces.get(0);
- assertEquals(MACIP_ACE_NAME, ace.key().getRuleName());
- assertTrue(ace.getActions().getPacketHandling() instanceof Deny);
+ assertEquals(MACIP_ACE_NAME, ace.key().getName());
+ assertTrue(ace.getActions().getForwarding().equals(Drop.class));
}
}
\ No newline at end of file
import io.fd.vpp.jvpp.acl.dto.AclInterfaceListDetailsReplyDump;
import javax.annotation.Nonnull;
import org.junit.Test;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214._interface.acl.attributes.acl.Egress;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214._interface.acl.attributes.acl.EgressBuilder;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214.vpp.acls.base.attributes.VppAcls;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214.vpp.acls.base.attributes.VppAclsKey;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points._interface.Egress;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points._interface.acl.AclSets;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points._interface.acl.AclSetsBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points._interface.acl.acl.sets.AclSet;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points._interface.acl.acl.sets.AclSetKey;
import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
+import org.opendaylight.yangtools.yang.binding.KeyedInstanceIdentifier;
-public class EgressVppAclCustomizerTest extends AbstractVppAclCustomizerTest {
+public class EgressAclCustomizerTest extends AbstractAclCustomizerTest {
- public EgressVppAclCustomizerTest() {
- super(EgressBuilder.class);
+ public EgressAclCustomizerTest() {
+ super(AclSetsBuilder.class);
}
@Override
- protected EgressVppAclCustomizer initCustomizer() {
- return new EgressVppAclCustomizer(aclApi, interfaceContext, standardAclContext);
+ protected EgressAclCustomizer initCustomizer() {
+ return new EgressAclCustomizer(aclApi, interfaceContext, standardAclContext);
}
@Test
}
@Override
- protected InstanceIdentifier<VppAcls> getWildcardedIid(@Nonnull final String ifName) {
- return getAclId(ifName).child(Egress.class).child(VppAcls.class);
+ protected InstanceIdentifier<AclSet> getWildcardedIid(@Nonnull final String ifName) {
+ return getAclId(ifName).child(Egress.class).child(AclSets.class).child(AclSet.class);
}
- @Override
- protected InstanceIdentifier<VppAcls> getIid(@Nonnull final String ifName, @Nonnull final VppAclsKey key) {
- return getAclId(ifName).child(Egress.class).child(VppAcls.class, key);
+ protected KeyedInstanceIdentifier<AclSet, AclSetKey> getIid(@Nonnull final String ifName,
+ @Nonnull final AclSetKey key) {
+ return getAclId(ifName).child(Egress.class).child(AclSets.class).child(AclSet.class, key);
}
}
\ No newline at end of file
package io.fd.hc2vpp.acl.read;
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertTrue;
+import static io.fd.vpp.jvpp.Assertions.assertEquals;
+import static junit.framework.TestCase.assertTrue;
import static org.mockito.Mockito.when;
import io.fd.honeycomb.translate.read.ReadFailedException;
import io.fd.vpp.jvpp.acl.dto.AclInterfaceListDetailsReplyDump;
import javax.annotation.Nonnull;
import org.junit.Test;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214._interface.acl.attributes.acl.Ingress;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214._interface.acl.attributes.acl.IngressBuilder;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214.vpp.acls.base.attributes.VppAcls;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214.vpp.acls.base.attributes.VppAclsKey;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points._interface.Ingress;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points._interface.acl.AclSets;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points._interface.acl.AclSetsBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points._interface.acl.acl.sets.AclSet;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points._interface.acl.acl.sets.AclSetKey;
import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
-public class IngressVppAclCustomizerTest extends AbstractVppAclCustomizerTest {
+public class IngressAclCustomizerTest extends AbstractAclCustomizerTest {
- public IngressVppAclCustomizerTest() {
- super(IngressBuilder.class);
+ public IngressAclCustomizerTest() {
+ super(AclSetsBuilder.class);
}
@Override
- protected IngressVppAclCustomizer initCustomizer() {
- return new IngressVppAclCustomizer(aclApi, interfaceContext, standardAclContext);
+ protected IngressAclCustomizer initCustomizer() {
+ return new IngressAclCustomizer(aclApi, interfaceContext, standardAclContext, macIpAclContext);
}
+
@Test
public void testGetAllIdsNoInputAclConfigured() throws ReadFailedException {
final AclInterfaceListDetailsReplyDump reply = aclInterfaceDump((byte) 0, "acl1");
}
@Override
- protected InstanceIdentifier<VppAcls> getWildcardedIid(@Nonnull final String ifName) {
- return getAclId(ifName).child(Ingress.class).child(VppAcls.class);
+ protected InstanceIdentifier<AclSet> getWildcardedIid(@Nonnull final String ifName) {
+ return getAclId(ifName).child(Ingress.class).child(AclSets.class).child(AclSet.class);
}
@Override
- protected InstanceIdentifier<VppAcls> getIid(@Nonnull final String ifName, @Nonnull final VppAclsKey key) {
- return getAclId(ifName).child(Ingress.class).child(VppAcls.class, key);
+ protected InstanceIdentifier<AclSet> getIid(@Nonnull final String ifName, @Nonnull final AclSetKey key) {
+ return getAclId(ifName).child(Ingress.class).child(AclSets.class).child(AclSet.class, key);
}
}
\ No newline at end of file
--- /dev/null
+/*
+ * Copyright (c) 2016 Cisco and/or its affiliates.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.fd.hc2vpp.acl.read;
+
+import static io.fd.hc2vpp.acl.read.IngressAclCustomizer.ACL_NOT_ASSIGNED;
+import static junit.framework.TestCase.assertEquals;
+import static junit.framework.TestCase.assertNotNull;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertTrue;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.verifyZeroInteractions;
+import static org.mockito.Mockito.when;
+
+import io.fd.hc2vpp.common.translate.util.NamingContext;
+import io.fd.honeycomb.translate.read.ReadFailedException;
+import io.fd.honeycomb.translate.spi.read.Initialized;
+import io.fd.vpp.jvpp.acl.dto.AclInterfaceListDetailsReplyDump;
+import io.fd.vpp.jvpp.acl.dto.MacipAclDetails;
+import io.fd.vpp.jvpp.acl.dto.MacipAclDetailsReplyDump;
+import io.fd.vpp.jvpp.acl.dto.MacipAclDump;
+import io.fd.vpp.jvpp.acl.dto.MacipAclInterfaceGetReply;
+import io.fd.vpp.jvpp.acl.dto.MacipAclInterfaceListDetailsReplyDump;
+import io.fd.vpp.jvpp.acl.future.FutureJVppAclFacade;
+import javax.annotation.Nonnull;
+import org.junit.Assert;
+import org.junit.Test;
+import org.mockito.Mock;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points.Interface;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points._interface.Ingress;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points._interface.acl.AclSets;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points._interface.acl.AclSetsBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points._interface.acl.acl.sets.AclSet;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points._interface.acl.acl.sets.AclSetBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points._interface.acl.acl.sets.AclSetKey;
+import org.opendaylight.yangtools.yang.binding.DataObject;
+import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
+
+public class MacIpAclCustomizerTest extends AbstractAclCustomizerTest {
+
+ protected static final String IF_NAME_NO_ACL = "eth2";
+ protected static final int IF_ID_NO_ACL = 1;
+ protected static final String IFC_CTX_NAME = "interface-context";
+ private static final String IF_NAME = "eth1";
+ private static final int IF_ID = 1;
+ private static final String ACL_NAME = "acl-name";
+ private static final int ACL_ID = 1;
+ @Mock
+ protected FutureJVppAclFacade aclApi;
+ protected NamingContext interfaceContext = new NamingContext("iface", IFC_CTX_NAME);
+
+ public MacIpAclCustomizerTest() {
+ super(AclSetsBuilder.class);
+ }
+
+ @Override
+ protected IngressAclCustomizer initCustomizer() {
+ return new IngressAclCustomizer(aclApi, interfaceContext, standardAclContext, macIpAclContext);
+ }
+
+ @Override
+ protected void setUp() {
+ defineMapping(mappingContext, IF_NAME, IF_ID, IFC_CTX_NAME);
+ defineMapping(mappingContext, IF_NAME_NO_ACL, IF_ID_NO_ACL, IFC_CTX_NAME);
+ when(macIpAclContext.getAclName(ACL_ID, mappingContext)).thenReturn(ACL_NAME);
+ when(macIpAclContext.containsAcl(ACL_NAME, mappingContext)).thenReturn(true);
+ when(standardAclContext.containsAcl(ACL_NAME, mappingContext)).thenReturn(false);
+ final AclInterfaceListDetailsReplyDump reply = aclInterfaceDump((byte) 0);
+ when(aclApi.aclInterfaceListDump(any())).thenReturn(future(reply));
+ final MacipAclInterfaceListDetailsReplyDump macReply = macAaclInterfaceDump(1, "acl-name");
+ when(aclApi.macipAclInterfaceListDump(any())).thenReturn(future(macReply));
+ }
+
+
+ @Test
+ public void testRead() throws ReadFailedException {
+ final AclSetBuilder builder = mock(AclSetBuilder.class);
+
+ final MacipAclInterfaceGetReply assignedAcls = new MacipAclInterfaceGetReply();
+ assignedAcls.count = 2;
+ assignedAcls.acls = new int[]{ACL_NOT_ASSIGNED, ACL_ID};
+ when(aclApi.macipAclInterfaceGet(any())).thenReturn(future(assignedAcls));
+
+ final MacipAclDump request = new MacipAclDump();
+ request.aclIndex = ACL_ID;
+ final MacipAclDetailsReplyDump reply = new MacipAclDetailsReplyDump();
+ final MacipAclDetails details = new MacipAclDetails();
+ details.aclIndex = ACL_ID;
+ reply.macipAclDetails.add(details);
+ when(aclApi.macipAclDump(request)).thenReturn(future(reply));
+
+ getCustomizer().readCurrentAttributes(getIid(IF_NAME_NO_ACL, new AclSetKey(ACL_NAME)), builder, ctx);
+ verify(builder).setName(ACL_NAME);
+ }
+
+ @Test
+ public void testReadNotAssigned() throws ReadFailedException {
+ final AclSetBuilder builder = mock(AclSetBuilder.class);
+
+ final MacipAclInterfaceGetReply assignedAcls = new MacipAclInterfaceGetReply();
+ // pretending we have 3 interfaces, IF_NAME does not have MacipAcl assigned
+ assignedAcls.count = 3;
+ assignedAcls.acls = new int[]{ACL_NOT_ASSIGNED, ACL_NOT_ASSIGNED, ACL_NOT_ASSIGNED};
+ when(aclApi.macipAclInterfaceGet(any())).thenReturn(future(assignedAcls));
+
+ final MacipAclDump request = new MacipAclDump();
+ request.aclIndex = ACL_ID;
+ final MacipAclDetailsReplyDump reply = new MacipAclDetailsReplyDump();
+ final MacipAclDetails details = new MacipAclDetails();
+ details.aclIndex = ACL_ID;
+ reply.macipAclDetails.add(details);
+ when(aclApi.macipAclDump(request)).thenReturn(future(reply));
+
+ getCustomizer().readCurrentAttributes(getIid(IF_NAME_NO_ACL, new AclSetKey(ACL_NAME)), builder, ctx);
+ verifyZeroInteractions(builder);
+ }
+
+ @Test
+ public void testReadNoAcls() throws ReadFailedException {
+ final AclSetBuilder builder = mock(AclSetBuilder.class);
+ final MacipAclInterfaceGetReply assignedAcls = new MacipAclInterfaceGetReply();
+ assignedAcls.count = 0;
+ assignedAcls.acls = new int[0];
+ when(aclApi.macipAclInterfaceGet(any())).thenReturn(future(assignedAcls));
+ getCustomizer().readCurrentAttributes(getIid(IF_NAME_NO_ACL, new AclSetKey(ACL_NAME)), builder, ctx);
+ verifyZeroInteractions(builder);
+ }
+
+ @Test
+ public void testGetAllIdsNoAclConfigured() throws ReadFailedException {
+ final MacipAclInterfaceListDetailsReplyDump macReply = macAaclInterfaceDump(1);
+ when(aclApi.macipAclInterfaceListDump(any())).thenReturn(future(macReply));
+ assertTrue(getCustomizer().getAllIds(getWildcardedIid(IF_NAME_NO_ACL), ctx).isEmpty());
+ }
+
+ @Test
+ public void testReadAllTwoIfacesInOneTx() throws ReadFailedException {
+ final MacipAclInterfaceListDetailsReplyDump macReply = macAaclInterfaceDump(1);
+ final MacipAclInterfaceGetReply interfaceGet = macipAclInterfaceGetReply();
+ // read all for interface with defined ACLs:
+ assertFalse(getCustomizer().getAllIds(getWildcardedIid(IF_NAME), ctx).isEmpty());
+ // read all for interface without ACLs defined:
+ when(aclApi.macipAclInterfaceListDump(any())).thenReturn(future(macReply));
+ when(aclApi.macipAclInterfaceGet(any())).thenReturn(future(interfaceGet));
+ Assert.assertEquals(0, getCustomizer().getAllIds(getWildcardedIid(IF_NAME_NO_ACL), ctx).size());
+ }
+
+ @Test
+ public void testInit() {
+ final AclSet readValue = new AclSetBuilder().build();
+ final Initialized<? extends DataObject>
+ cfgValue = getCustomizer().init(getWildcardedIid(IF_NAME), readValue, ctx);
+ assertEquals(cfgValue.getData(), readValue);
+ assertNotNull(cfgValue.getId().firstKeyOf(Interface.class));
+ assertEquals(cfgValue.getId().getTargetType(), AclSet.class);
+
+ }
+
+ @Override
+ protected InstanceIdentifier<AclSet> getWildcardedIid(@Nonnull final String ifName) {
+ return getAclId(ifName).child(Ingress.class).child(AclSets.class).child(AclSet.class);
+ }
+
+ @Override
+ protected InstanceIdentifier<AclSet> getIid(@Nonnull final String ifName, @Nonnull final AclSetKey key) {
+ return getAclId(ifName).child(Ingress.class).child(AclSets.class).child(AclSet.class, key);
+ }
+}
\ No newline at end of file
+++ /dev/null
-/*
- * Copyright (c) 2016 Cisco and/or its affiliates.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at:
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package io.fd.hc2vpp.acl.read;
-
-import static io.fd.hc2vpp.acl.read.VppMacIpAclCustomizer.ACL_NOT_ASSIGNED;
-import static io.fd.hc2vpp.acl.read.AbstractVppAclCustomizerTest.getAclId;
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertNotNull;
-import static org.mockito.ArgumentMatchers.any;
-import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.verifyZeroInteractions;
-import static org.mockito.Mockito.when;
-
-import io.fd.hc2vpp.acl.util.AclContextManager;
-import io.fd.hc2vpp.common.test.read.InitializingReaderCustomizerTest;
-import io.fd.hc2vpp.common.translate.util.NamingContext;
-import io.fd.honeycomb.translate.read.ReadFailedException;
-import io.fd.honeycomb.translate.spi.read.Initialized;
-import io.fd.vpp.jvpp.acl.dto.MacipAclDetails;
-import io.fd.vpp.jvpp.acl.dto.MacipAclDetailsReplyDump;
-import io.fd.vpp.jvpp.acl.dto.MacipAclDump;
-import io.fd.vpp.jvpp.acl.dto.MacipAclInterfaceGetReply;
-import io.fd.vpp.jvpp.acl.future.FutureJVppAclFacade;
-import javax.annotation.Nonnull;
-import org.junit.Test;
-import org.mockito.Mock;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.AclBase;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.interfaces.Interface;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214._interface.acl.attributes.acl.Ingress;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214._interface.acl.attributes.acl.IngressBuilder;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214.vpp.macip.acls.base.attributes.VppMacipAcl;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214.vpp.macip.acls.base.attributes.VppMacipAclBuilder;
-import org.opendaylight.yangtools.yang.binding.DataObject;
-import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
-
-public class VppMacIpAclCustomizerTest extends InitializingReaderCustomizerTest<VppMacipAcl, VppMacipAclBuilder> {
-
- protected static final String IF_NAME_NO_ACL = "eth2";
- protected static final int IF_ID_NO_ACL = 2;
- protected static final String IFC_CTX_NAME = "interface-context";
- private static final String IF_NAME = "eth1";
- private static final int IF_ID = 1;
- private static final String ACL_NAME = "acl-name";
- private static final int ACL_ID = 1;
- private static final Class<? extends AclBase> ACL_TYPE =
- org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.VppMacipAcl.class;
- @Mock
- protected FutureJVppAclFacade aclApi;
- protected NamingContext interfaceContext = new NamingContext("iface", IFC_CTX_NAME);
- @Mock
- protected AclContextManager macIpAclContext;
-
- public VppMacIpAclCustomizerTest() {
- super(VppMacipAcl.class, IngressBuilder.class);
- }
-
- @Override
- protected VppMacIpAclCustomizer initCustomizer() {
- return new VppMacIpAclCustomizer(aclApi, interfaceContext, macIpAclContext);
- }
-
- @Override
- protected void setUp() {
- defineMapping(mappingContext, IF_NAME, IF_ID, IFC_CTX_NAME);
- defineMapping(mappingContext, IF_NAME_NO_ACL, IF_ID_NO_ACL, IFC_CTX_NAME);
- when(macIpAclContext.getAclName(ACL_ID, mappingContext)).thenReturn(ACL_NAME);
- }
-
- @Test
- public void testRead() throws ReadFailedException {
- final VppMacipAclBuilder builder = mock(VppMacipAclBuilder.class);
-
- final MacipAclInterfaceGetReply assignedAcls = new MacipAclInterfaceGetReply();
- assignedAcls.count = 2;
- assignedAcls.acls = new int[] {ACL_NOT_ASSIGNED, ACL_ID};
- when(aclApi.macipAclInterfaceGet(any())).thenReturn(future(assignedAcls));
-
- final MacipAclDump request = new MacipAclDump();
- request.aclIndex = ACL_ID;
- final MacipAclDetailsReplyDump reply = new MacipAclDetailsReplyDump();
- final MacipAclDetails details = new MacipAclDetails();
- details.aclIndex = ACL_ID;
- reply.macipAclDetails.add(details);
- when(aclApi.macipAclDump(request)).thenReturn(future(reply));
-
- getCustomizer().readCurrentAttributes(getIid(IF_NAME), builder, ctx);
- verify(builder).setName(ACL_NAME);
- verify(builder).setType(ACL_TYPE);
- }
-
- @Test
- public void testReadNotAssigned() throws ReadFailedException {
- final VppMacipAclBuilder builder = mock(VppMacipAclBuilder.class);
-
- final MacipAclInterfaceGetReply assignedAcls = new MacipAclInterfaceGetReply();
- // pretending we have 3 interfaces, IF_NAME does not have MacipAcl assigned
- assignedAcls.count = 3;
- assignedAcls.acls = new int[] {ACL_NOT_ASSIGNED, ACL_NOT_ASSIGNED, ACL_ID};
- when(aclApi.macipAclInterfaceGet(any())).thenReturn(future(assignedAcls));
-
- final MacipAclDump request = new MacipAclDump();
- request.aclIndex = ACL_ID;
- final MacipAclDetailsReplyDump reply = new MacipAclDetailsReplyDump();
- final MacipAclDetails details = new MacipAclDetails();
- details.aclIndex = ACL_ID;
- reply.macipAclDetails.add(details);
- when(aclApi.macipAclDump(request)).thenReturn(future(reply));
-
- getCustomizer().readCurrentAttributes(getIid(IF_NAME), builder, ctx);
- verifyZeroInteractions(builder);
- }
-
- @Test
- public void testReadNoAcls() throws ReadFailedException {
- final VppMacipAclBuilder builder = mock(VppMacipAclBuilder.class);
- when(aclApi.macipAclInterfaceGet(any())).thenReturn(future(new MacipAclInterfaceGetReply()));
- getCustomizer().readCurrentAttributes(getIid(IF_NAME_NO_ACL), builder, ctx);
- verifyZeroInteractions(builder);
- }
-
- @Test
- public void testInit() {
- final VppMacipAcl readValue = new VppMacipAclBuilder().build();
- final Initialized<? extends DataObject> cfgValue = getCustomizer().init(getIid(IF_NAME), readValue, ctx);
- assertEquals(cfgValue.getData(), readValue);
- assertNotNull(cfgValue.getId().firstKeyOf(Interface.class));
- assertEquals(cfgValue.getId().getTargetType(), VppMacipAcl.class);
-
- }
-
- protected InstanceIdentifier<VppMacipAcl> getIid(@Nonnull final String ifName) {
- return getAclId(ifName).child(Ingress.class).child(VppMacipAcl.class);
- }
-
-}
\ No newline at end of file
package io.fd.hc2vpp.acl.util.ace.extractor;
import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertNull;
import static org.junit.Assert.assertTrue;
import io.fd.vpp.jvpp.acl.types.MacipAclRule;
import java.util.Arrays;
import org.junit.Test;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.AceBuilder;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.ace.ActionsBuilder;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.ace.MatchesBuilder;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.ace.actions.packet.handling.DenyBuilder;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.ace.actions.packet.handling.PermitBuilder;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.access.lists.acl.access.list.entries.ace.matches.ace.type.VppMacipAce;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.access.lists.acl.access.list.entries.ace.matches.ace.type.VppMacipAceBuilder;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.access.lists.acl.access.list.entries.ace.matches.ace.type.vpp.macip.ace.VppMacipAceNodesBuilder;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.access.lists.acl.access.list.entries.ace.matches.ace.type.vpp.macip.ace.vpp.macip.ace.nodes.AceIpVersion;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.access.lists.acl.access.list.entries.ace.matches.ace.type.vpp.macip.ace.vpp.macip.ace.nodes.ace.ip.version.AceIpv4;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.access.lists.acl.access.list.entries.ace.matches.ace.type.vpp.macip.ace.vpp.macip.ace.nodes.ace.ip.version.AceIpv4Builder;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.access.lists.acl.access.list.entries.ace.matches.ace.type.vpp.macip.ace.vpp.macip.ace.nodes.ace.ip.version.AceIpv6;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.access.lists.acl.access.list.entries.ace.matches.ace.type.vpp.macip.ace.vpp.macip.ace.nodes.ace.ip.version.AceIpv6Builder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.Accept;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.Drop;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.AceBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.ActionsBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.L3;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l3.Ipv4;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l3.Ipv6;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev181001.acl.ipv4.header.fields.source.network.SourceIpv4Network;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev181001.acl.ipv4.header.fields.source.network.SourceIpv4NetworkBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev181001.acl.ipv6.header.fields.source.network.SourceIpv6Network;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev181001.acl.ipv6.header.fields.source.network.SourceIpv6NetworkBuilder;
public class MacIpAceDataExtractorTest extends AceDataExtractorTestCase implements MacIpAceDataExtractor, CommonTests {
- @Test
- public void testFromMacIpAce() {
- verifyExceptionalCase(() -> fromMacIpAce(new AceBuilder().build()), IllegalArgumentException.class);
- verifyExceptionalCase(() -> fromMacIpAce(new AceBuilder().setMatches(new MatchesBuilder().build()).build()),
- IllegalArgumentException.class);
-
- final VppMacipAce macipAce = new VppMacipAceBuilder().build();
- assertEquals(macipAce, fromMacIpAce(new AceBuilder().setMatches(new MatchesBuilder()
- .setAceType(macipAce).build()).build()));
- }
-
- @Test
- public void testMacIpIsIpv6() {
- assertFalse(macIpIsIpv6(new VppMacipAceBuilder().build()));
- assertFalse(macIpIsIpv6(
- new VppMacipAceBuilder().setVppMacipAceNodes(new VppMacipAceNodesBuilder().build()).build()));
- assertFalse(macIpIsIpv6(new VppMacipAceBuilder().setVppMacipAceNodes(
- new VppMacipAceNodesBuilder().setAceIpVersion(new AceIpv4Builder().build()).build()).build()));
- assertTrue(macIpIsIpv6(new VppMacipAceBuilder().setVppMacipAceNodes(
- new VppMacipAceNodesBuilder().setAceIpVersion(new AceIpv6Builder().build()).build()).build()));
- }
-
@Test
public void testSourceMacAsBytes() {
- assertTrue(Arrays.equals(DEFAULT_MAC_ADDRESS_BYTES, sourceMacAsBytes(new VppMacipAceBuilder().build())));
- assertTrue(
- Arrays.equals(DEFAULT_MAC_ADDRESS_BYTES, sourceMacAsBytes(new VppMacipAceBuilder().setVppMacipAceNodes(
- new VppMacipAceNodesBuilder().build()).build())));
- assertTrue(Arrays.equals(MAC_ADDRESS_BYTES,
- sourceMacAsBytes(new VppMacipAceBuilder().setVppMacipAceNodes(
- new VppMacipAceNodesBuilder().setSourceMacAddress(MAC_ADDRESS).build())
- .build())));
+ assertTrue(Arrays.equals(MAC_ADDRESS_BYTES, sourceMacAsBytes(MAC_ADDRESS)));
}
@Test
public void sourceMacMaskAsBytes() {
- assertTrue(Arrays.equals(DEFAULT_MAC_ADDRESS_BYTES, sourceMacMaskAsBytes(new VppMacipAceBuilder().build())));
- assertTrue(Arrays.equals(DEFAULT_MAC_ADDRESS_BYTES,
- sourceMacMaskAsBytes(new VppMacipAceBuilder().setVppMacipAceNodes(
- new VppMacipAceNodesBuilder().build()).build())));
- assertTrue(Arrays.equals(MAC_ADDRESS_BYTES,
- sourceMacMaskAsBytes(new VppMacipAceBuilder().setVppMacipAceNodes(
- new VppMacipAceNodesBuilder().setSourceMacAddressMask(MAC_ADDRESS).build())
- .build())));
+ assertTrue(Arrays.equals(MAC_ADDRESS_BYTES, sourceMacMaskAsBytes(MAC_ADDRESS)));
}
@Test
public void testIpv4Address() {
- assertTrue(Arrays.equals(DEFAULT_IPV4_ADDRESS_BYTES, ipv4Address(new VppMacipAceBuilder().build())));
- assertTrue(Arrays.equals(DEFAULT_IPV4_ADDRESS_BYTES, ipv4Address(
- new VppMacipAceBuilder().setVppMacipAceNodes(new VppMacipAceNodesBuilder().build()).build())));
- assertTrue(Arrays.equals(DEFAULT_IPV4_ADDRESS_BYTES, ipv4Address(new VppMacipAceBuilder().setVppMacipAceNodes(
- new VppMacipAceNodesBuilder().setAceIpVersion(new AceIpv4Builder().build()).build()).build())));
- assertTrue(Arrays.equals(IPV4_PREFIX_BYTES, ipv4Address(new VppMacipAceBuilder().setVppMacipAceNodes(
- new VppMacipAceNodesBuilder().setAceIpVersion(new AceIpv4Builder()
- .setSourceIpv4Network(IPV4_PREFIX).build()).build()).build())));
+ assertTrue(Arrays.equals(DEFAULT_IPV4_ADDRESS_BYTES, ipv4Address(new SourceIpv4NetworkBuilder().build())));
+ assertTrue(Arrays.equals(IPV4_PREFIX_BYTES,
+ ipv4Address(new SourceIpv4NetworkBuilder().setSourceIpv4Network(IPV4_PREFIX).build())));
}
@Test
public void testIpv4AddressPrefix() {
- assertEquals(DEFAULT_IPV4_PREFIX_VALUE, ipv4AddressPrefix(new VppMacipAceBuilder().build()));
- assertEquals(DEFAULT_IPV4_PREFIX_VALUE, ipv4AddressPrefix(
- new VppMacipAceBuilder().setVppMacipAceNodes(new VppMacipAceNodesBuilder().build()).build()));
- assertEquals(DEFAULT_IPV4_PREFIX_VALUE, ipv4AddressPrefix(new VppMacipAceBuilder().setVppMacipAceNodes(
- new VppMacipAceNodesBuilder().setAceIpVersion(new AceIpv4Builder().build()).build()).build()));
- assertEquals(IPV4_PREFIX_VALUE, ipv4AddressPrefix(new VppMacipAceBuilder().setVppMacipAceNodes(
- new VppMacipAceNodesBuilder().setAceIpVersion(new AceIpv4Builder()
- .setSourceIpv4Network(IPV4_PREFIX).build()).build()).build()));
+ assertEquals(DEFAULT_IPV4_PREFIX_VALUE, ipv4AddressPrefix(new SourceIpv4NetworkBuilder().build()));
+ assertEquals(IPV4_PREFIX_VALUE,
+ ipv4AddressPrefix(new SourceIpv4NetworkBuilder().setSourceIpv4Network(IPV4_PREFIX).build()));
}
@Test
public void testIpv6Address() {
- assertTrue(Arrays.equals(DEFAULT_IPV6_ADDRESS_BYTES, ipv6Address(new VppMacipAceBuilder().build())));
- assertTrue(Arrays.equals(DEFAULT_IPV6_ADDRESS_BYTES, ipv6Address(
- new VppMacipAceBuilder().setVppMacipAceNodes(new VppMacipAceNodesBuilder().build()).build())));
- assertTrue(Arrays.equals(DEFAULT_IPV6_ADDRESS_BYTES, ipv6Address(new VppMacipAceBuilder().setVppMacipAceNodes(
- new VppMacipAceNodesBuilder().setAceIpVersion(new AceIpv6Builder().build()).build()).build())));
- assertTrue(Arrays.equals(IPV6_PREFIX_BYTES, ipv6Address(new VppMacipAceBuilder().setVppMacipAceNodes(
- new VppMacipAceNodesBuilder().setAceIpVersion(new AceIpv6Builder()
- .setSourceIpv6Network(IPV6_PREFIX).build()).build()).build())));
+ assertTrue(Arrays.equals(DEFAULT_IPV6_ADDRESS_BYTES, ipv6Address(new SourceIpv6NetworkBuilder().build())));
+ assertTrue(Arrays.equals(IPV6_PREFIX_BYTES,
+ ipv6Address(new SourceIpv6NetworkBuilder().setSourceIpv6Network(IPV6_PREFIX).build())));
}
@Test
public void testIpv6AddressPrefix() {
- assertEquals(DEFAULT_IPV6_PREFIX_VALUE, ipv6AddressPrefix(new VppMacipAceBuilder().build()));
- assertEquals(DEFAULT_IPV6_PREFIX_VALUE, ipv6AddressPrefix(
- new VppMacipAceBuilder().setVppMacipAceNodes(new VppMacipAceNodesBuilder().build()).build()));
- assertEquals(DEFAULT_IPV6_PREFIX_VALUE, ipv6AddressPrefix(new VppMacipAceBuilder().setVppMacipAceNodes(
- new VppMacipAceNodesBuilder().setAceIpVersion(new AceIpv6Builder().build()).build()).build()));
- assertEquals(IPV6_PREFIX_VALUE, ipv6AddressPrefix(new VppMacipAceBuilder().setVppMacipAceNodes(
- new VppMacipAceNodesBuilder().setAceIpVersion(new AceIpv6Builder()
- .setSourceIpv6Network(IPV6_PREFIX).build()).build()).build()));
+ assertEquals(DEFAULT_IPV6_PREFIX_VALUE, ipv6AddressPrefix(new SourceIpv6NetworkBuilder().build()));
+ assertEquals(IPV6_PREFIX_VALUE,
+ ipv6AddressPrefix(new SourceIpv6NetworkBuilder().setSourceIpv6Network(IPV6_PREFIX).build()));
}
@Test
verifyExceptionalCase(() -> macIpAction(new AceBuilder().setActions(new ActionsBuilder().build()).build()),
IllegalArgumentException.class);
// this one must pass even if deny is not fully set, because of default value definition
- assertEquals((byte) 0, macIpAction(new AceBuilder().setActions(new ActionsBuilder().setPacketHandling(
- new DenyBuilder().build()).build()).build()));
-
- assertEquals((byte) 1, macIpAction(new AceBuilder().setActions(new ActionsBuilder().setPacketHandling(
- new PermitBuilder().setPermit(true).build()).build()).build()));
+ assertEquals((byte) 0, macIpAction(
+ new AceBuilder().setActions(new ActionsBuilder().setForwarding(Drop.class).build()).build()));
+ assertEquals((byte) 1, macIpAction(
+ new AceBuilder().setActions(new ActionsBuilder().setForwarding(Accept.class).build()).build()));
}
@Test
rule.srcIpAddr = IPV4_PREFIX_BYTES;
rule.srcIpPrefixLen = IPV4_PREFIX_VALUE;
- final AceIpVersion result = ipVersion(rule);
- assertTrue(result instanceof AceIpv4);
- assertEquals(IPV4_PREFIX, AceIpv4.class.cast(result).getSourceIpv4Network());
+ final L3 result = parseMacIpAceL3(rule);
+ assertEquals(Ipv4.class, result.getImplementedInterface());
+ assertEquals(IPV4_PREFIX,
+ ((SourceIpv4Network) ((Ipv4) result).getIpv4().getSourceNetwork()).getSourceIpv4Network());
}
@Test
rule.isIpv6 = 0;
- final AceIpVersion result = ipVersion(rule);
- assertTrue(result instanceof AceIpv4);
- assertNull(AceIpv4.class.cast(result).getSourceIpv4Network());
+ final L3 result = parseMacIpAceL3(rule);
+ assertEquals(Ipv4.class, result.getImplementedInterface());
+ assertNull(((Ipv4) result).getIpv4());
}
@Test
rule.srcIpAddr = IPV6_PREFIX_BYTES;
rule.srcIpPrefixLen = IPV6_PREFIX_VALUE;
- final AceIpVersion result = ipVersion(rule);
- assertTrue(result instanceof AceIpv6);
- assertEquals(IPV6_PREFIX, AceIpv6.class.cast(result).getSourceIpv6Network());
+ final L3 result = parseMacIpAceL3(rule);
+ assertEquals(Ipv6.class, result.getImplementedInterface());
+ assertEquals(IPV6_PREFIX, ((SourceIpv6Network) ((Ipv6) result).getIpv6().getSourceNetwork())
+ .getSourceIpv6Network());
}
@Test
rule.isIpv6 = 1;
- final AceIpVersion result = ipVersion(rule);
- assertTrue(result instanceof AceIpv6);
- assertNull(AceIpv6.class.cast(result).getSourceIpv6Network());
+ final L3 result = parseMacIpAceL3(rule);
+ assertEquals(Ipv6.class, result.getImplementedInterface());
+ assertNull(((Ipv6) result).getIpv6());
}
@Test
import io.fd.vpp.jvpp.acl.types.AclRule;
import java.util.Arrays;
import org.junit.Test;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.AceBuilder;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.ace.ActionsBuilder;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.ace.MatchesBuilder;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.ace.actions.packet.handling.Deny;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.ace.actions.packet.handling.DenyBuilder;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.ace.actions.packet.handling.Permit;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.access.lists.acl.access.list.entries.ace.actions.packet.handling.Stateful;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.access.lists.acl.access.list.entries.ace.actions.packet.handling.StatefulBuilder;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.access.lists.acl.access.list.entries.ace.matches.ace.type.VppAce;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.access.lists.acl.access.list.entries.ace.matches.ace.type.VppAceBuilder;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.access.lists.acl.access.list.entries.ace.matches.ace.type.vpp.ace.VppAceNodesBuilder;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.access.lists.acl.access.list.entries.ace.matches.ace.type.vpp.ace.vpp.ace.nodes.AceIpVersion;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.access.lists.acl.access.list.entries.ace.matches.ace.type.vpp.ace.vpp.ace.nodes.ace.ip.version.AceIpv4;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.access.lists.acl.access.list.entries.ace.matches.ace.type.vpp.ace.vpp.ace.nodes.ace.ip.version.AceIpv4Builder;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.access.lists.acl.access.list.entries.ace.matches.ace.type.vpp.ace.vpp.ace.nodes.ace.ip.version.AceIpv6;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.access.lists.acl.access.list.entries.ace.matches.ace.type.vpp.ace.vpp.ace.nodes.ace.ip.version.AceIpv6Builder;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.acl.ip.protocol.header.fields.ip.protocol.IcmpBuilder;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.acl.ip.protocol.header.fields.ip.protocol.IcmpV6Builder;
+import org.opendaylight.yang.gen.v1.http.fd.io.hc2vpp.yang.vpp.acl.rev181022.AcceptAndReflect;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.Accept;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.Drop;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.AceBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.ActionsBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.MatchesBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.L3;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l3.Ipv4;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l3.Ipv4Builder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l3.Ipv6;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l3.Ipv6Builder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev181001.acl.ipv4.header.fields.destination.network.DestinationIpv4Network;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev181001.acl.ipv4.header.fields.destination.network.DestinationIpv4NetworkBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev181001.acl.ipv4.header.fields.source.network.SourceIpv4Network;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev181001.acl.ipv4.header.fields.source.network.SourceIpv4NetworkBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev181001.acl.ipv6.header.fields.destination.network.DestinationIpv6Network;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev181001.acl.ipv6.header.fields.destination.network.DestinationIpv6NetworkBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev181001.acl.ipv6.header.fields.source.network.SourceIpv6Network;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev181001.acl.ipv6.header.fields.source.network.SourceIpv6NetworkBuilder;
public class StandardAceDataExtractorTest extends AceDataExtractorTestCase implements StandardAceDataExtractor,
CommonTests {
- @Test
- public void testFromStandardAce() {
- verifyExceptionalCase(() -> fromStandardAce(new AceBuilder().build()), IllegalArgumentException.class);
- verifyExceptionalCase(() -> fromStandardAce(new AceBuilder().setMatches(new MatchesBuilder().build()).build()),
- IllegalArgumentException.class);
-
- final VppAce ace = new VppAceBuilder().build();
- assertEquals(ace, fromStandardAce(new AceBuilder().setMatches(new MatchesBuilder()
- .setAceType(ace).build()).build()));
- }
-
@Test
public void testStandardIsIpv6WithoutMatch() {
- assertFalse(standardIsIpv6(new VppAceBuilder().build(), null));
- assertFalse(standardIsIpv6(new VppAceBuilder().setVppAceNodes(new VppAceNodesBuilder().build()).build(), null));
- assertFalse(standardIsIpv6(new VppAceBuilder().setVppAceNodes(new VppAceNodesBuilder()
- .setIpProtocol(new IcmpBuilder().build()).build()).build(), null));
- assertTrue(standardIsIpv6(new VppAceBuilder().setVppAceNodes(new VppAceNodesBuilder()
- .setIpProtocol(new IcmpV6Builder().build()).build()).build(), null));
- }
-
- @Test
- public void testStandardIsIpv6WithMatch() {
- final VppAce ipv6Ace = new VppAceBuilder().setVppAceNodes(new VppAceNodesBuilder()
- .setIpProtocol(new IcmpV6Builder().build()).build()).build();
-
- assertTrue(standardIsIpv6(ipv6Ace, new MatchesBuilder().build()));
- assertTrue(standardIsIpv6(ipv6Ace, new MatchesBuilder().setAceType(new VppAceBuilder().build()).build()));
- assertTrue(standardIsIpv6(ipv6Ace, new MatchesBuilder().setAceType(new VppAceBuilder()
- .setVppAceNodes(new VppAceNodesBuilder().build())
- .build()).build()));
- assertFalse(standardIsIpv6(ipv6Ace, new MatchesBuilder().setAceType(new VppAceBuilder()
- .setVppAceNodes(new VppAceNodesBuilder().setAceIpVersion(new AceIpv4Builder().build()).build())
- .build()).build()));
+ assertFalse(standardIsIpv6(null));
+ assertFalse(standardIsIpv6(new MatchesBuilder().build()));
+ assertFalse(standardIsIpv6(new MatchesBuilder().setL3(new Ipv6Builder().build()).build()));
+ assertTrue(standardIsIpv6(new MatchesBuilder().setL3(new Ipv6Builder().setIpv6(
+ new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l3.ipv6.Ipv6Builder()
+ .build()).build()).build()));
}
@Test
public void testIpv4SourceAddress() {
- assertTrue(Arrays.equals(DEFAULT_IPV4_ADDRESS_BYTES, ipv4SourceAddress(new VppAceBuilder().build())));
- assertTrue(Arrays.equals(DEFAULT_IPV4_ADDRESS_BYTES, ipv4SourceAddress(
- new VppAceBuilder().setVppAceNodes(new VppAceNodesBuilder().build()).build())));
- assertTrue(Arrays.equals(DEFAULT_IPV4_ADDRESS_BYTES, ipv4SourceAddress(new VppAceBuilder().setVppAceNodes(
- new VppAceNodesBuilder().setAceIpVersion(new AceIpv4Builder().build()).build()).build())));
- assertTrue(Arrays.equals(IPV4_PREFIX_BYTES, ipv4SourceAddress(new VppAceBuilder().setVppAceNodes(
- new VppAceNodesBuilder().setAceIpVersion(new AceIpv4Builder()
- .setSourceIpv4Network(IPV4_PREFIX).build()).build()).build())));
+ assertTrue(Arrays.equals(DEFAULT_IPV4_ADDRESS_BYTES, ipv4SourceAddress(new MatchesBuilder().build())));
+ assertTrue(Arrays.equals(DEFAULT_IPV4_ADDRESS_BYTES,
+ ipv4SourceAddress(new MatchesBuilder().setL3(new Ipv4Builder().build()).build())));
+ assertTrue(Arrays.equals(DEFAULT_IPV4_ADDRESS_BYTES, ipv4SourceAddress(new MatchesBuilder()
+ .setL3(new Ipv4Builder().setIpv4(
+ new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l3.ipv4.Ipv4Builder()
+ .build()).build()).build())));
+ assertTrue(Arrays.equals(DEFAULT_IPV4_ADDRESS_BYTES, ipv4SourceAddress(new MatchesBuilder()
+ .setL3(new Ipv4Builder().setIpv4(
+ new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l3.ipv4.Ipv4Builder()
+ .setSourceNetwork(new SourceIpv4NetworkBuilder().build()).build()).build()).build())));
+ assertTrue(Arrays.equals(IPV4_PREFIX_BYTES, ipv4SourceAddress(new MatchesBuilder()
+ .setL3(new Ipv4Builder().setIpv4(
+ new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l3.ipv4.Ipv4Builder()
+ .setSourceNetwork(
+ new SourceIpv4NetworkBuilder().setSourceIpv4Network(IPV4_PREFIX).build())
+ .build()).build()).build())));
}
@Test
public void testIpv4SourceAddressPrefix() {
- assertEquals(DEFAULT_IPV4_PREFIX_VALUE, ipv4SourceAddressPrefix(new VppAceBuilder().build()));
- assertEquals(DEFAULT_IPV4_PREFIX_VALUE, ipv4SourceAddressPrefix(
- new VppAceBuilder().setVppAceNodes(new VppAceNodesBuilder().build()).build()));
- assertEquals(DEFAULT_IPV4_PREFIX_VALUE, ipv4SourceAddressPrefix(new VppAceBuilder().setVppAceNodes(
- new VppAceNodesBuilder().setAceIpVersion(new AceIpv4Builder().build()).build()).build()));
- assertEquals(IPV4_PREFIX_VALUE, ipv4SourceAddressPrefix(new VppAceBuilder().setVppAceNodes(
- new VppAceNodesBuilder().setAceIpVersion(new AceIpv4Builder()
- .setSourceIpv4Network(IPV4_PREFIX).build()).build()).build()));
+ assertEquals(DEFAULT_IPV4_PREFIX_VALUE, ipv4SourceAddressPrefix(new MatchesBuilder().build()));
+ assertEquals(DEFAULT_IPV4_PREFIX_VALUE,
+ ipv4SourceAddressPrefix(new MatchesBuilder().setL3(new Ipv4Builder().build()).build()));
+ assertEquals(DEFAULT_IPV4_PREFIX_VALUE, ipv4SourceAddressPrefix(new MatchesBuilder()
+ .setL3(new Ipv4Builder().setIpv4(
+ new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l3.ipv4.Ipv4Builder()
+ .build()).build()).build()));
+ assertEquals(DEFAULT_IPV4_PREFIX_VALUE, ipv4SourceAddressPrefix(new MatchesBuilder()
+ .setL3(new Ipv4Builder().setIpv4(
+ new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l3.ipv4.Ipv4Builder()
+ .setSourceNetwork(new SourceIpv4NetworkBuilder().build()).build()).build()).build()));
+ assertEquals(IPV4_PREFIX_VALUE, ipv4SourceAddressPrefix(new MatchesBuilder()
+ .setL3(new Ipv4Builder().setIpv4(
+ new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l3.ipv4.Ipv4Builder()
+ .setSourceNetwork(
+ new SourceIpv4NetworkBuilder().setSourceIpv4Network(IPV4_PREFIX).build())
+ .build()).build()).build()));
}
@Test
public void testIpv4DestinationAddress() {
- assertTrue(Arrays.equals(DEFAULT_IPV4_ADDRESS_BYTES, ipv4DestinationAddress(new VppAceBuilder().build())));
+ assertTrue(Arrays.equals(DEFAULT_IPV4_ADDRESS_BYTES, ipv4DestinationAddress(new MatchesBuilder().build())));
+ assertTrue(Arrays.equals(DEFAULT_IPV4_ADDRESS_BYTES, ipv4DestinationAddress(
+ new MatchesBuilder().setL3(new Ipv4Builder().build()).build())));
assertTrue(Arrays.equals(DEFAULT_IPV4_ADDRESS_BYTES, ipv4DestinationAddress(
- new VppAceBuilder().setVppAceNodes(new VppAceNodesBuilder().build()).build())));
- assertTrue(Arrays.equals(DEFAULT_IPV4_ADDRESS_BYTES, ipv4DestinationAddress(new VppAceBuilder().setVppAceNodes(
- new VppAceNodesBuilder().setAceIpVersion(new AceIpv4Builder().build()).build()).build())));
- assertTrue(Arrays.equals(IPV4_PREFIX_BYTES, ipv4DestinationAddress(new VppAceBuilder().setVppAceNodes(
- new VppAceNodesBuilder().setAceIpVersion(new AceIpv4Builder()
- .setDestinationIpv4Network(IPV4_PREFIX).build()).build()).build())));
+ new MatchesBuilder().setL3(new Ipv4Builder().setIpv4(
+ new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l3.ipv4.Ipv4Builder()
+ .build()).build()).build())));
+ assertTrue(Arrays.equals(DEFAULT_IPV4_ADDRESS_BYTES, ipv4DestinationAddress(
+ new MatchesBuilder().setL3(new Ipv4Builder().setIpv4(
+ new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l3.ipv4.Ipv4Builder()
+ .setDestinationNetwork(new DestinationIpv4NetworkBuilder()
+ .build()).build()).build()).build())));
+ assertTrue(Arrays.equals(IPV4_PREFIX_BYTES, ipv4DestinationAddress(
+ new MatchesBuilder().setL3(new Ipv4Builder().setIpv4(
+ new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l3.ipv4.Ipv4Builder()
+ .setDestinationNetwork(
+ new DestinationIpv4NetworkBuilder().setDestinationIpv4Network(IPV4_PREFIX)
+ .build()).build()).build()).build())));
}
@Test
public void testIpv4DestinationAddressPrefix() {
- assertEquals(DEFAULT_IPV4_PREFIX_VALUE, ipv4DestinationAddressPrefix(new VppAceBuilder().build()));
+ assertEquals(DEFAULT_IPV4_PREFIX_VALUE, ipv4DestinationAddressPrefix(new MatchesBuilder().build()));
+ assertEquals(DEFAULT_IPV4_PREFIX_VALUE, ipv4DestinationAddressPrefix(
+ new MatchesBuilder().setL3(new Ipv4Builder().build()).build()));
assertEquals(DEFAULT_IPV4_PREFIX_VALUE, ipv4DestinationAddressPrefix(
- new VppAceBuilder().setVppAceNodes(new VppAceNodesBuilder().build()).build()));
- assertEquals(DEFAULT_IPV4_PREFIX_VALUE, ipv4DestinationAddressPrefix(new VppAceBuilder().setVppAceNodes(
- new VppAceNodesBuilder().setAceIpVersion(new AceIpv4Builder().build()).build()).build()));
- assertEquals(IPV4_PREFIX_VALUE, ipv4DestinationAddressPrefix(new VppAceBuilder().setVppAceNodes(
- new VppAceNodesBuilder().setAceIpVersion(new AceIpv4Builder()
- .setDestinationIpv4Network(IPV4_PREFIX).build()).build()).build()));
+ new MatchesBuilder().setL3(new Ipv4Builder().setIpv4(
+ new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l3.ipv4.Ipv4Builder()
+ .build()).build()).build()));
+ assertEquals(DEFAULT_IPV4_PREFIX_VALUE, ipv4DestinationAddressPrefix(
+ new MatchesBuilder().setL3(new Ipv4Builder().setIpv4(
+ new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l3.ipv4.Ipv4Builder()
+ .setDestinationNetwork(new DestinationIpv4NetworkBuilder()
+ .build()).build()).build()).build()));
+ assertEquals(IPV4_PREFIX_VALUE, ipv4DestinationAddressPrefix(
+ new MatchesBuilder().setL3(new Ipv4Builder().setIpv4(
+ new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l3.ipv4.Ipv4Builder()
+ .setDestinationNetwork(
+ new DestinationIpv4NetworkBuilder().setDestinationIpv4Network(IPV4_PREFIX)
+ .build()).build()).build()).build()));
}
@Test
public void testIpv6SourceAddress() {
- assertTrue(Arrays.equals(DEFAULT_IPV6_ADDRESS_BYTES, ipv6SourceAddress(new VppAceBuilder().build())));
- assertTrue(Arrays.equals(DEFAULT_IPV6_ADDRESS_BYTES, ipv6SourceAddress(
- new VppAceBuilder().setVppAceNodes(new VppAceNodesBuilder().build()).build())));
- assertTrue(Arrays.equals(DEFAULT_IPV6_ADDRESS_BYTES, ipv6SourceAddress(new VppAceBuilder().setVppAceNodes(
- new VppAceNodesBuilder().setAceIpVersion(new AceIpv6Builder().build()).build()).build())));
- assertTrue(Arrays.equals(IPV6_PREFIX_BYTES, ipv6SourceAddress(new VppAceBuilder().setVppAceNodes(
- new VppAceNodesBuilder().setAceIpVersion(new AceIpv6Builder()
- .setSourceIpv6Network(IPV6_PREFIX).build()).build()).build())));
+ assertTrue(Arrays.equals(DEFAULT_IPV6_ADDRESS_BYTES, ipv6SourceAddress(new MatchesBuilder().build())));
+ assertTrue(Arrays.equals(DEFAULT_IPV6_ADDRESS_BYTES,
+ ipv6SourceAddress(new MatchesBuilder().setL3(new Ipv6Builder().build()).build())));
+ assertTrue(Arrays.equals(DEFAULT_IPV6_ADDRESS_BYTES, ipv6SourceAddress(new MatchesBuilder()
+ .setL3(new Ipv6Builder().setIpv6(
+ new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l3.ipv6.Ipv6Builder()
+ .build()).build()).build())));
+ assertTrue(Arrays.equals(DEFAULT_IPV6_ADDRESS_BYTES, ipv6SourceAddress(new MatchesBuilder()
+ .setL3(new Ipv6Builder().setIpv6(
+ new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l3.ipv6.Ipv6Builder()
+ .setSourceNetwork(new SourceIpv6NetworkBuilder().build()).build()).build()).build())));
+ assertTrue(Arrays.equals(IPV6_PREFIX_BYTES, ipv6SourceAddress(new MatchesBuilder().setL3(new Ipv6Builder()
+ .setIpv6(
+ new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l3.ipv6.Ipv6Builder()
+ .setSourceNetwork(
+ new SourceIpv6NetworkBuilder().setSourceIpv6Network(IPV6_PREFIX).build())
+ .build()).build()).build())));
}
@Test
public void ipv6SourceAddressPrefix() {
- assertEquals(DEFAULT_IPV6_PREFIX_VALUE, ipv6SourceAddressPrefix(new VppAceBuilder().build()));
- assertEquals(DEFAULT_IPV6_PREFIX_VALUE, ipv6SourceAddressPrefix(
- new VppAceBuilder().setVppAceNodes(new VppAceNodesBuilder().build()).build()));
- assertEquals(DEFAULT_IPV6_PREFIX_VALUE, ipv6SourceAddressPrefix(new VppAceBuilder().setVppAceNodes(
- new VppAceNodesBuilder().setAceIpVersion(new AceIpv6Builder().build()).build()).build()));
- assertEquals(IPV6_PREFIX_VALUE, ipv6SourceAddressPrefix(new VppAceBuilder().setVppAceNodes(
- new VppAceNodesBuilder().setAceIpVersion(new AceIpv6Builder()
- .setSourceIpv6Network(IPV6_PREFIX).build()).build()).build()));
+ assertEquals(DEFAULT_IPV6_PREFIX_VALUE, ipv6SourceAddressPrefix(new MatchesBuilder().build()));
+ assertEquals(DEFAULT_IPV6_PREFIX_VALUE,
+ ipv6SourceAddressPrefix(new MatchesBuilder().setL3(new Ipv6Builder().build()).build()));
+ assertEquals(DEFAULT_IPV6_PREFIX_VALUE, ipv6SourceAddressPrefix(new MatchesBuilder()
+ .setL3(new Ipv6Builder().setIpv6(
+ new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l3.ipv6.Ipv6Builder()
+ .build()).build()).build()));
+ assertEquals(DEFAULT_IPV6_PREFIX_VALUE, ipv6SourceAddressPrefix(new MatchesBuilder()
+ .setL3(new Ipv6Builder().setIpv6(
+ new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l3.ipv6.Ipv6Builder()
+ .setSourceNetwork(new SourceIpv6NetworkBuilder().build()).build()).build()).build()));
+ assertEquals(IPV6_PREFIX_VALUE, ipv6SourceAddressPrefix(new MatchesBuilder().setL3(new Ipv6Builder()
+ .setIpv6(
+ new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l3.ipv6.Ipv6Builder()
+ .setSourceNetwork(
+ new SourceIpv6NetworkBuilder().setSourceIpv6Network(IPV6_PREFIX).build())
+ .build()).build()).build()));
}
@Test
public void ipv6DestinationAddress() {
- assertTrue(Arrays.equals(DEFAULT_IPV6_ADDRESS_BYTES, ipv6DestinationAddress(new VppAceBuilder().build())));
- assertTrue(Arrays.equals(DEFAULT_IPV6_ADDRESS_BYTES, ipv6DestinationAddress(
- new VppAceBuilder().setVppAceNodes(new VppAceNodesBuilder().build()).build())));
- assertTrue(Arrays.equals(DEFAULT_IPV6_ADDRESS_BYTES, ipv6DestinationAddress(new VppAceBuilder().setVppAceNodes(
- new VppAceNodesBuilder().setAceIpVersion(new AceIpv6Builder().build()).build()).build())));
- assertTrue(Arrays.equals(IPV6_PREFIX_BYTES, ipv6DestinationAddress(new VppAceBuilder().setVppAceNodes(
- new VppAceNodesBuilder().setAceIpVersion(new AceIpv6Builder()
- .setDestinationIpv6Network(IPV6_PREFIX).build()).build()).build())));
+ assertTrue(Arrays.equals(DEFAULT_IPV6_ADDRESS_BYTES, ipv6DestinationAddress(new MatchesBuilder().build())));
+ assertTrue(Arrays.equals(DEFAULT_IPV6_ADDRESS_BYTES,
+ ipv6DestinationAddress(new MatchesBuilder().setL3(new Ipv6Builder().build()).build())));
+ assertTrue(Arrays.equals(DEFAULT_IPV6_ADDRESS_BYTES, ipv6DestinationAddress(new MatchesBuilder()
+ .setL3(new Ipv6Builder().setIpv6(
+ new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l3.ipv6.Ipv6Builder()
+ .build()).build()).build())));
+ assertTrue(Arrays.equals(DEFAULT_IPV6_ADDRESS_BYTES, ipv6DestinationAddress(new MatchesBuilder()
+ .setL3(new Ipv6Builder().setIpv6(
+ new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l3.ipv6.Ipv6Builder()
+ .setDestinationNetwork(new DestinationIpv6NetworkBuilder().build()).build()).build())
+ .build())));
+ assertTrue(Arrays.equals(IPV6_PREFIX_BYTES, ipv6DestinationAddress(new MatchesBuilder().setL3(new Ipv6Builder()
+ .setIpv6(
+ new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l3.ipv6.Ipv6Builder()
+ .setDestinationNetwork(
+ new DestinationIpv6NetworkBuilder().setDestinationIpv6Network(IPV6_PREFIX)
+ .build())
+ .build()).build()).build())));
}
@Test
public void ipv6DestinationAddressPrefix() {
- assertEquals(DEFAULT_IPV6_PREFIX_VALUE, ipv6DestinationAddressPrefix(new VppAceBuilder().build()));
- assertEquals(DEFAULT_IPV6_PREFIX_VALUE, ipv6DestinationAddressPrefix(
- new VppAceBuilder().setVppAceNodes(new VppAceNodesBuilder().build()).build()));
- assertEquals(DEFAULT_IPV6_PREFIX_VALUE, ipv6DestinationAddressPrefix(new VppAceBuilder().setVppAceNodes(
- new VppAceNodesBuilder().setAceIpVersion(new AceIpv6Builder().build()).build()).build()));
- assertEquals(IPV6_PREFIX_VALUE, ipv6DestinationAddressPrefix(new VppAceBuilder().setVppAceNodes(
- new VppAceNodesBuilder().setAceIpVersion(new AceIpv6Builder()
- .setDestinationIpv6Network(IPV6_PREFIX).build()).build()).build()));
+ assertEquals(DEFAULT_IPV6_PREFIX_VALUE, ipv6DestinationAddressPrefix(new MatchesBuilder().build()));
+ assertEquals(DEFAULT_IPV6_PREFIX_VALUE,
+ ipv6DestinationAddressPrefix(new MatchesBuilder().setL3(new Ipv6Builder().build()).build()));
+ assertEquals(DEFAULT_IPV6_PREFIX_VALUE, ipv6DestinationAddressPrefix(new MatchesBuilder()
+ .setL3(new Ipv6Builder().setIpv6(
+ new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l3.ipv6.Ipv6Builder()
+ .build()).build()).build()));
+ assertEquals(DEFAULT_IPV6_PREFIX_VALUE, ipv6DestinationAddressPrefix(new MatchesBuilder()
+ .setL3(new Ipv6Builder().setIpv6(
+ new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l3.ipv6.Ipv6Builder()
+ .setDestinationNetwork(new DestinationIpv6NetworkBuilder().build()).build()).build())
+ .build()));
+ assertEquals(IPV6_PREFIX_VALUE, ipv6DestinationAddressPrefix(new MatchesBuilder().setL3(new Ipv6Builder()
+ .setIpv6(
+ new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l3.ipv6.Ipv6Builder()
+ .setDestinationNetwork(
+ new DestinationIpv6NetworkBuilder().setDestinationIpv6Network(IPV6_PREFIX)
+ .build())
+ .build()).build()).build()));
}
@Test
// this one should pass because of default value
assertEquals(0, standardAction(
- new AceBuilder().setActions(new ActionsBuilder().setPacketHandling(new DenyBuilder().build()).build())
- .build()));
+ new AceBuilder().setActions(new ActionsBuilder().setForwarding(Drop.class).build()).build()));
assertEquals(2, standardAction(new AceBuilder().setActions(
- new ActionsBuilder().setPacketHandling(new StatefulBuilder().setPermitAndReflect(true).build()).build())
- .build()));
+ new ActionsBuilder().setForwarding(AcceptAndReflect.class).build()).build()));
}
@Test
rule.dstIpAddr = IPV4_2_PREFIX_BYTES;
rule.dstIpPrefixLen = IPV4_2_PREFIX_VALUE;
- final AceIpVersion result = ipVersion(rule);
- assertTrue(result instanceof AceIpv4);
- assertEquals(IPV4_PREFIX, AceIpv4.class.cast(result).getSourceIpv4Network());
- assertEquals(IPV4_2_PREFIX, AceIpv4.class.cast(result).getDestinationIpv4Network());
+ final L3 result = parseStandardAceL3(rule);
+ assertEquals(result.getImplementedInterface(), Ipv4.class);
+ assertEquals(IPV4_PREFIX,
+ ((SourceIpv4Network) ((Ipv4) result).getIpv4().getSourceNetwork()).getSourceIpv4Network());
+ assertEquals(IPV4_2_PREFIX,
+ ((DestinationIpv4Network) ((Ipv4) result).getIpv4().getDestinationNetwork())
+ .getDestinationIpv4Network());
}
@Test
rule.isIpv6 = 0;
- final AceIpVersion result = ipVersion(rule);
- assertTrue(result instanceof AceIpv4);
- assertNull(AceIpv4.class.cast(result).getSourceIpv4Network());
- assertNull(AceIpv4.class.cast(result).getDestinationIpv4Network());
+ final L3 result = parseStandardAceL3(rule);
+ assertEquals(result.getImplementedInterface(), Ipv4.class);
+ assertNull(((Ipv4) result).getIpv4().getSourceNetwork());
+ assertNull(((Ipv4) result).getIpv4().getDestinationNetwork());
}
@Test
rule.dstIpAddr = IPV6_2_PREFIX_BYTES;
rule.dstIpPrefixLen = IPV6_2_PREFIX_VALUE;
- final AceIpVersion result = ipVersion(rule);
- assertTrue(result instanceof AceIpv6);
- assertEquals(IPV6_PREFIX, AceIpv6.class.cast(result).getSourceIpv6Network());
- assertEquals(IPV6_2_PREFIX, AceIpv6.class.cast(result).getDestinationIpv6Network());
+ final L3 result = parseStandardAceL3(rule);
+ assertEquals(result.getImplementedInterface(), Ipv6.class);
+ assertEquals(IPV6_PREFIX,
+ ((SourceIpv6Network) ((Ipv6) result).getIpv6().getSourceNetwork()).getSourceIpv6Network());
+ assertEquals(IPV6_2_PREFIX,
+ ((DestinationIpv6Network) ((Ipv6) result).getIpv6().getDestinationNetwork())
+ .getDestinationIpv6Network());
}
@Test
rule.isIpv6 = 1;
- final AceIpVersion result = ipVersion(rule);
- assertTrue(result instanceof AceIpv6);
- assertNull(AceIpv6.class.cast(result).getSourceIpv6Network());
- assertNull(AceIpv6.class.cast(result).getDestinationIpv6Network());
+ final L3 result = parseStandardAceL3(rule);
+ assertEquals(result.getImplementedInterface(), Ipv6.class);
+ assertNull((((Ipv6) result).getIpv6().getSourceNetwork()));
+ assertNull((((Ipv6) result).getIpv6().getDestinationNetwork()));
}
@Test
public void testActions() {
verifyExceptionalCase(() -> actions((byte) -1), IllegalArgumentException.class);
- assertTrue(actions((byte) 0).getPacketHandling() instanceof Deny);
- assertTrue(actions((byte) 1).getPacketHandling() instanceof Permit);
- assertTrue(actions((byte) 2).getPacketHandling() instanceof Stateful);
+ assertTrue(actions((byte) 0).getForwarding().equals(Drop.class));
+ assertTrue(actions((byte) 1).getForwarding().equals(Accept.class));
}
-
}
\ No newline at end of file
package io.fd.hc2vpp.acl.util.iface.acl;
-import static io.fd.hc2vpp.acl.util.iface.acl.AclInterfaceAssignmentRequest.create;
+import static io.fd.hc2vpp.acl.write.request.AclInterfaceAssignmentRequest.create;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail;
import static org.mockito.ArgumentMatchers.any;
-import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.when;
import static org.mockito.MockitoAnnotations.initMocks;
import com.google.common.collect.ImmutableList;
+import io.fd.hc2vpp.acl.AclIIds;
import io.fd.hc2vpp.acl.util.AclContextManager;
+import io.fd.hc2vpp.acl.write.request.AclInterfaceAssignmentRequest;
import io.fd.hc2vpp.common.test.util.FutureProducer;
import io.fd.hc2vpp.common.test.util.NamingContextHelper;
import io.fd.hc2vpp.common.translate.util.NamingContext;
import org.mockito.ArgumentCaptor;
import org.mockito.Captor;
import org.mockito.Mock;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.Interfaces;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.interfaces.Interface;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.interfaces.InterfaceKey;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214.VppAclInterfaceAugmentation;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214._interface.acl.attributes.Acl;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points.Interface;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points.InterfaceKey;
import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
public class AclInterfaceAssignmentRequestTest implements NamingContextHelper, FutureProducer {
@Mock
private MappingContext mappingContext;
- private InstanceIdentifier<Acl> validIdentifier;
+ private InstanceIdentifier<Interface> validIdentifier;
private NamingContext interfaceContext;
@Mock
public void setUp() {
initMocks(this);
- validIdentifier = InstanceIdentifier.create(Interfaces.class).
- child(Interface.class, new InterfaceKey(INTERFACE_NAME))
- .augmentation(VppAclInterfaceAugmentation.class)
- .child(Acl.class);
+ validIdentifier = AclIIds.ACLS_AP
+ .child(Interface.class, new InterfaceKey(INTERFACE_NAME));
interfaceContext = new NamingContext("iface", "interface-context");
package io.fd.hc2vpp.acl.util.iface.macip;
-import static io.fd.hc2vpp.acl.util.iface.macip.MacIpInterfaceAssignmentRequest.addNew;
-import static io.fd.hc2vpp.acl.util.iface.macip.MacIpInterfaceAssignmentRequest.deleteExisting;
+import static io.fd.hc2vpp.acl.write.request.MacIpInterfaceAssignmentRequest.addNew;
+import static io.fd.hc2vpp.acl.write.request.MacIpInterfaceAssignmentRequest.deleteExisting;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.fail;
import static org.mockito.Mockito.when;
import static org.mockito.MockitoAnnotations.initMocks;
+import io.fd.hc2vpp.acl.AclIIds;
import io.fd.hc2vpp.acl.util.AclContextManager;
+import io.fd.hc2vpp.acl.write.request.MacIpInterfaceAssignmentRequest;
import io.fd.hc2vpp.common.test.util.FutureProducer;
import io.fd.hc2vpp.common.test.util.NamingContextHelper;
import io.fd.hc2vpp.common.translate.util.NamingContext;
import org.mockito.ArgumentCaptor;
import org.mockito.Captor;
import org.mockito.Mock;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.Interfaces;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.interfaces.Interface;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.interfaces.InterfaceKey;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214.VppAclInterfaceAugmentation;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214._interface.acl.attributes.Acl;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214._interface.acl.attributes.acl.Ingress;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214.vpp.macip.acls.base.attributes.VppMacipAcl;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points.Interface;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points.InterfaceKey;
import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
public class MacIpInterfaceAssignmentRequestTest implements NamingContextHelper,FutureProducer {
@Mock
private MappingContext mappingContext;
- private InstanceIdentifier<VppMacipAcl> validIdentifier;
+ private InstanceIdentifier<Interface> validIdentifier;
private NamingContext interfaceContext;
@Mock
private AclContextManager macIpAclContext;
public void setUp() throws Exception {
initMocks(this);
- validIdentifier = InstanceIdentifier.create(Interfaces.class).
- child(Interface.class, new InterfaceKey(INTERFACE_NAME))
- .augmentation(VppAclInterfaceAugmentation.class)
- .child(Acl.class)
- .child(Ingress.class)
- .child(VppMacipAcl.class);
+ validIdentifier = AclIIds.ACLS_AP.child(Interface.class, new InterfaceKey(INTERFACE_NAME));
interfaceContext = new NamingContext("iface", "interface-context");
import io.fd.vpp.jvpp.acl.types.AclRule;
import org.junit.Test;
import org.junit.runner.RunWith;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.AccessLists;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.access.lists.acl.access.list.entries.ace.matches.ace.type.VppAce;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.acl.ip.protocol.header.fields.ip.protocol.Icmp;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.acl.ip.protocol.header.fields.ip.protocol.IcmpV6;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.acl.ip.protocol.header.fields.ip.protocol.Other;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.acl.ip.protocol.header.fields.ip.protocol.Tcp;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.acl.ip.protocol.header.fields.ip.protocol.Udp;
+import org.opendaylight.yang.gen.v1.http.fd.io.hc2vpp.yang.vpp.acl.rev181022.VppIcmpAceAugmentation;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.Acls;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.Ace;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l4.Icmp;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l4.Tcp;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l4.Udp;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l4.tcp.tcp.source.port.source.port.RangeOrOperator;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev181001.port.range.or.operator.port.range.or.operator.Range;
@RunWith(HoneycombTestRunner.class)
public class ProtocolParsingTest implements ProtoPreBindRuleProducer, IpProtocolReader, AclTestSchemaContext {
private static final byte IGNORE_PROTOCOL = 0;
- //TODO - remove after resolving how to address identity from different model in textual yang instance identifier
- private VppAce extractAce(AccessLists accessLists) {
- return VppAce.class
- .cast(accessLists.getAcl().get(0).getAccessListEntries().getAce().get(0).getMatches().getAceType());
+ private Ace extractAce(Acls acls) {
+ return acls.getAcl().get(0).getAces().getAce().get(0);
}
@Test
- public void testIcmpRule(@InjectTestData(resourcePath = "/rules/icmp-rule.json") AccessLists acls) {
+ public void testIcmpRule(@InjectTestData(resourcePath = "/rules/icmp-rule.json") Acls acls) {
final AclRule icmpRule = createPreBindRule(extractAce(acls));
assertEquals(1, icmpRule.proto);
assertEquals(0, icmpRule.tcpFlagsMask);
assertEquals(0, icmpRule.tcpFlagsValue);
- final Icmp protocol = (Icmp)parseProtocol(icmpRule);
- assertEquals(5, protocol.getIcmpNodes().getIcmpTypeRange().getFirst().shortValue());
- assertEquals(8, protocol.getIcmpNodes().getIcmpTypeRange().getLast().shortValue());
- assertEquals(1, protocol.getIcmpNodes().getIcmpCodeRange().getFirst().shortValue());
- assertEquals(3, protocol.getIcmpNodes().getIcmpCodeRange().getLast().shortValue());
+ final Icmp protocol = (Icmp) parseProtocol(icmpRule);
+ assertEquals(5, protocol.getIcmp().augmentation(VppIcmpAceAugmentation.class).getVppIcmpAce().getIcmpTypeRange()
+ .getFirst().shortValue());
+ assertEquals(8, protocol.getIcmp().augmentation(VppIcmpAceAugmentation.class).getVppIcmpAce().getIcmpTypeRange()
+ .getLast().shortValue());
+ assertEquals(1, protocol.getIcmp().augmentation(VppIcmpAceAugmentation.class).getVppIcmpAce().getIcmpCodeRange()
+ .getFirst().shortValue());
+ assertEquals(3, protocol.getIcmp().augmentation(VppIcmpAceAugmentation.class).getVppIcmpAce().getIcmpCodeRange()
+ .getLast().shortValue());
}
@Test
- public void testIcmpv6Rule(@InjectTestData(resourcePath = "/rules/icmp-v6-rule.json") AccessLists acls) {
+ public void testIcmpv6Rule(@InjectTestData(resourcePath = "/rules/icmp-v6-rule.json") Acls acls) {
final AclRule icmpv6Rule = createPreBindRule(extractAce(acls));
assertEquals(58, icmpv6Rule.proto);
assertEquals(0, icmpv6Rule.tcpFlagsMask);
assertEquals(0, icmpv6Rule.tcpFlagsValue);
- final IcmpV6 protocol = (IcmpV6)parseProtocol(icmpv6Rule);
- assertEquals(5, protocol.getIcmpV6Nodes().getIcmpTypeRange().getFirst().shortValue());
- assertEquals(8, protocol.getIcmpV6Nodes().getIcmpTypeRange().getLast().shortValue());
- assertEquals(1, protocol.getIcmpV6Nodes().getIcmpCodeRange().getFirst().shortValue());
- assertEquals(3, protocol.getIcmpV6Nodes().getIcmpCodeRange().getLast().shortValue());
+ final Icmp protocol = (Icmp) parseProtocol(icmpv6Rule);
+ assertEquals(5, protocol.getIcmp().augmentation(VppIcmpAceAugmentation.class).getVppIcmpAce().getIcmpTypeRange()
+ .getFirst().shortValue());
+ assertEquals(8, protocol.getIcmp().augmentation(VppIcmpAceAugmentation.class).getVppIcmpAce().getIcmpTypeRange()
+ .getLast().shortValue());
+ assertEquals(1, protocol.getIcmp().augmentation(VppIcmpAceAugmentation.class).getVppIcmpAce().getIcmpCodeRange()
+ .getFirst().shortValue());
+ assertEquals(3, protocol.getIcmp().augmentation(VppIcmpAceAugmentation.class).getVppIcmpAce().getIcmpCodeRange()
+ .getLast().shortValue());
}
@Test
- public void testTcpRule(@InjectTestData(resourcePath = "/rules/tcp-rule.json") AccessLists acls) {
+ public void testTcpRule(@InjectTestData(resourcePath = "/rules/tcp-rule.json") Acls acls) {
final AclRule tcpRule = createPreBindRule(extractAce(acls));
assertEquals(6, tcpRule.proto);
assertEquals(1, tcpRule.tcpFlagsMask);
assertEquals(7, tcpRule.tcpFlagsValue);
- final Tcp protocol = (Tcp)parseProtocol(tcpRule);
- assertEquals(1, protocol.getTcpNodes().getSourcePortRange().getLowerPort().getValue().intValue());
- assertEquals(5487, protocol.getTcpNodes().getSourcePortRange().getUpperPort().getValue().intValue());
- assertEquals(87, protocol.getTcpNodes().getDestinationPortRange().getLowerPort().getValue().intValue());
- assertEquals(6745, protocol.getTcpNodes().getDestinationPortRange().getUpperPort().getValue().intValue());
+ final Tcp protocol = (Tcp) parseProtocol(tcpRule);
+ assertEquals(1,
+ ((Range) ((RangeOrOperator) protocol.getTcp().getSourcePort().getSourcePort()).getPortRangeOrOperator())
+ .getLowerPort().getValue().intValue());
+ assertEquals(5487,
+ ((Range) ((RangeOrOperator) protocol.getTcp().getSourcePort().getSourcePort()).getPortRangeOrOperator())
+ .getUpperPort().getValue().intValue());
+ assertEquals(87,
+ ((Range) ((org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l4.tcp.tcp.destination.port.destination.port.RangeOrOperator) protocol
+ .getTcp().getDestinationPort().getDestinationPort())
+ .getPortRangeOrOperator()).getLowerPort().getValue().intValue());
+ assertEquals(6745,
+ ((Range) ((org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l4.tcp.tcp.destination.port.destination.port.RangeOrOperator) protocol
+ .getTcp().getDestinationPort().getDestinationPort())
+ .getPortRangeOrOperator()).getUpperPort().getValue().intValue());
}
@Test
- public void testTcpRuleNoFlags(@InjectTestData(resourcePath = "/rules/tcp-rule-no-flags.json") AccessLists acls) {
+ public void testTcpRuleNoFlags(@InjectTestData(resourcePath = "/rules/tcp-rule-no-flags.json") Acls acls) {
final AclRule tcpRule = createPreBindRule(extractAce(acls));
assertEquals(6, tcpRule.proto);
assertEquals(123, tcpRule.srcportOrIcmptypeFirst);
assertEquals(123, tcpRule.srcportOrIcmptypeLast);
- assertEquals((short)65000, tcpRule.dstportOrIcmpcodeFirst);
- assertEquals((short)65000, tcpRule.dstportOrIcmpcodeLast);
+ assertEquals((short) 65000, tcpRule.dstportOrIcmpcodeFirst);
+ assertEquals((short) 65000, tcpRule.dstportOrIcmpcodeLast);
assertEquals(0, tcpRule.tcpFlagsMask);
assertEquals(0, tcpRule.tcpFlagsValue);
- final Tcp protocol = (Tcp)parseProtocol(tcpRule);
- assertEquals(123, protocol.getTcpNodes().getSourcePortRange().getLowerPort().getValue().intValue());
- assertEquals(123, protocol.getTcpNodes().getSourcePortRange().getUpperPort().getValue().intValue());
- assertEquals(65000, protocol.getTcpNodes().getDestinationPortRange().getLowerPort().getValue().intValue());
- assertEquals(65000, protocol.getTcpNodes().getDestinationPortRange().getUpperPort().getValue().intValue());
+ final Tcp protocol = (Tcp) parseProtocol(tcpRule);
+ assertEquals(123,
+ ((Range) ((RangeOrOperator) protocol.getTcp().getSourcePort().getSourcePort()).getPortRangeOrOperator())
+ .getLowerPort().getValue().intValue());
+ assertEquals(123,
+ ((Range) ((RangeOrOperator) protocol.getTcp().getSourcePort().getSourcePort()).getPortRangeOrOperator())
+ .getUpperPort().getValue().intValue());
+ assertEquals(65000,
+ ((Range) ((org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l4.tcp.tcp.destination.port.destination.port.RangeOrOperator) protocol
+ .getTcp().getDestinationPort().getDestinationPort())
+ .getPortRangeOrOperator()).getLowerPort().getValue().intValue());
+ assertEquals(65000,
+ ((Range) ((org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l4.tcp.tcp.destination.port.destination.port.RangeOrOperator) protocol
+ .getTcp().getDestinationPort().getDestinationPort())
+ .getPortRangeOrOperator()).getUpperPort().getValue().intValue());
}
@Test
}
@Test
- public void testUdpRule(@InjectTestData(resourcePath = "/rules/udp-rule.json") AccessLists acls) {
+ public void testUdpRule(@InjectTestData(resourcePath = "/rules/udp-rule.json") Acls acls) {
final AclRule udpRule = createPreBindRule(extractAce(acls));
assertEquals(17, udpRule.proto);
assertEquals(0, udpRule.tcpFlagsMask);
assertEquals(0, udpRule.tcpFlagsValue);
- final Udp protocol = (Udp)parseProtocol(udpRule);
- assertEquals(1, protocol.getUdpNodes().getSourcePortRange().getLowerPort().getValue().intValue());
- assertEquals(5487, protocol.getUdpNodes().getSourcePortRange().getUpperPort().getValue().intValue());
- assertEquals(87, protocol.getUdpNodes().getDestinationPortRange().getLowerPort().getValue().intValue());
- assertEquals(6745, protocol.getUdpNodes().getDestinationPortRange().getUpperPort().getValue().intValue());
+ final Udp protocol = (Udp) parseProtocol(udpRule);
+ assertEquals(1,
+ ((Range) ((org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l4.udp.udp.source.port.source.port.RangeOrOperator) protocol
+ .getUdp().getSourcePort().getSourcePort()).getPortRangeOrOperator())
+ .getLowerPort().getValue().intValue());
+ assertEquals(5487,
+ ((Range) ((org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l4.udp.udp.source.port.source.port.RangeOrOperator) protocol
+ .getUdp().getSourcePort().getSourcePort()).getPortRangeOrOperator())
+ .getUpperPort().getValue().intValue());
+ assertEquals(87,
+ ((Range) ((org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l4.udp.udp.destination.port.destination.port.RangeOrOperator) protocol
+ .getUdp().getDestinationPort().getDestinationPort())
+ .getPortRangeOrOperator()).getLowerPort().getValue().intValue());
+ assertEquals(6745,
+ ((Range) ((org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l4.udp.udp.destination.port.destination.port.RangeOrOperator) protocol
+ .getUdp().getDestinationPort().getDestinationPort())
+ .getPortRangeOrOperator()).getUpperPort().getValue().intValue());
}
- @Test
- public void testOtherRule(@InjectTestData(resourcePath = "/rules/other-rule.json") AccessLists acls) {
- final AclRule rule = createPreBindRule(extractAce(acls));
- final int protocolNumber = 64;
- assertEquals(protocolNumber, rule.proto);
- assertEquals(0, rule.srcportOrIcmptypeFirst);
- assertEquals((short) 65535, rule.srcportOrIcmptypeLast);
- assertEquals(0, rule.dstportOrIcmpcodeFirst);
- assertEquals((short) 65535, rule.dstportOrIcmpcodeLast);
- assertEquals(0, rule.tcpFlagsMask);
- assertEquals(0, rule.tcpFlagsValue);
-
- final Other protocol = (Other)parseProtocol(rule);
- assertEquals(protocolNumber, protocol.getOtherNodes().getProtocol().shortValue());
- }
@Test
- public void tesProtocolNotSpecified(@InjectTestData(resourcePath = "/rules/no-protocol-rule.json") AccessLists acls) {
+ public void tesProtocolNotSpecified(@InjectTestData(resourcePath = "/rules/no-protocol-rule.json") Acls acls) {
final AclRule noProtocolRule = createPreBindRule(extractAce(acls));
assertEquals(IGNORE_PROTOCOL, noProtocolRule.proto);
}
-
}
\ No newline at end of file
import static org.mockito.Mockito.when;
import com.google.common.base.Optional;
+import io.fd.hc2vpp.acl.AclIIds;
import io.fd.hc2vpp.acl.AclTestSchemaContext;
import io.fd.hc2vpp.acl.util.AclContextManager;
import io.fd.hc2vpp.common.test.write.WriterCustomizerTest;
import org.mockito.ArgumentCaptor;
import org.mockito.Captor;
import org.mockito.Mock;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.AccessLists;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.Acl;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.AclKey;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.Acls;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.Acl;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.AclKey;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.Interfaces;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.VppAcl;
import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
@RunWith(HoneycombTestRunner.class)
-public class VppAclCustomizerTest extends WriterCustomizerTest implements AclTestSchemaContext {
+public class AclCustomizerTest extends WriterCustomizerTest implements AclTestSchemaContext {
@Mock
private FutureJVppAclFacade aclApi;
private InstanceIdentifier<Acl> validId;
private InstanceIdentifier<Acl> validMacipId;
- private VppAclCustomizer aclCustomizer;
+ private AclCustomizer aclCustomizer;
@Mock
private AclContextManager standardAclContext;
@Override
protected void setUpTest() throws Exception {
- validId =
- InstanceIdentifier.create(AccessLists.class).child(Acl.class, new AclKey("standard-acl", VppAcl.class));
- validMacipId =
- InstanceIdentifier.create(AccessLists.class).child(Acl.class, new AclKey("macip-acl", VppAcl.class));
- aclCustomizer = new VppAclCustomizer(aclApi, standardAclContext, macIpAclContext);
+ validId = AclIIds.ACLS.child(Acl.class, new AclKey("standard-acl"));
+ validMacipId = AclIIds.ACLS.child(Acl.class, new AclKey("macip-acl"));
+ aclCustomizer = new AclCustomizer(aclApi, standardAclContext, macIpAclContext);
when(aclApi.aclAddReplace(any())).thenReturn(future(new AclAddReplaceReply()));
when(aclApi.aclDel(any())).thenReturn(future(new AclDelReply()));
@Test
public void writeCurrentAttributesMacip(@InjectTestData(resourcePath = "/acl/macip/macip-acl.json")
- AccessLists macipAcl) throws WriteFailedException {
+ Acls macipAcl) throws WriteFailedException {
aclCustomizer.writeCurrentAttributes(validMacipId, macipAcl.getAcl().get(0), writeContext);
@Test
public void writeCurrentAttributesIcmpIpv4(@InjectTestData(resourcePath = "/acl/standard/standard-acl-icmp.json")
- AccessLists standardAcls) throws Exception {
+ Acls standardAcls) throws Exception {
aclCustomizer.writeCurrentAttributes(validId, standardAcls.getAcl().get(0), writeContext);
verify(aclApi, times(1)).aclAddReplace(aclAddReplaceRequestCaptor.capture());
@Test
public void updateCurrentAttributesIcmpIpv4(@InjectTestData(resourcePath = "/acl/standard/standard-acl-icmp.json")
- AccessLists standardAcls) throws Exception {
+ Acls standardAcls) throws Exception {
final int aclIndex = 4;
when(standardAclContext.getAclIndex("standard-acl", mappingContext)).thenReturn(aclIndex);
final Acl data = standardAcls.getAcl().get(0);
@Test
public void writeCurrentAttributesIcmpIpv6(@InjectTestData(resourcePath = "/acl/standard/standard-acl-icmp-v6.json")
- AccessLists standardAcls) throws Exception {
+ Acls standardAcls) throws Exception {
aclCustomizer.writeCurrentAttributes(validId, standardAcls.getAcl().get(0), writeContext);
verify(aclApi, times(1)).aclAddReplace(aclAddReplaceRequestCaptor.capture());
@Test
public void updateCurrentAttributesIcmpIpv6(
@InjectTestData(resourcePath = "/acl/standard/standard-acl-icmp-v6.json")
- AccessLists standardAcls) throws Exception {
+ Acls standardAcls) throws Exception {
final int aclIndex = 4;
when(standardAclContext.getAclIndex("standard-acl", mappingContext)).thenReturn(aclIndex);
final Acl data = standardAcls.getAcl().get(0);
@Test
public void writeCurrentAttributesTcp(@InjectTestData(resourcePath = "/acl/standard/standard-acl-tcp.json")
- AccessLists standardAcls) throws Exception {
+ Acls standardAcls) throws Exception {
aclCustomizer.writeCurrentAttributes(validId, standardAcls.getAcl().get(0), writeContext);
verify(aclApi, times(1)).aclAddReplace(aclAddReplaceRequestCaptor.capture());
@Test
public void updateCurrentAttributesTcp(@InjectTestData(resourcePath = "/acl/standard/standard-acl-tcp.json")
- AccessLists standardAcls) throws Exception {
+ Acls standardAcls) throws Exception {
final int aclIndex = 4;
when(standardAclContext.getAclIndex("standard-acl", mappingContext)).thenReturn(aclIndex);
final Acl data = standardAcls.getAcl().get(0);
}
@Test
- public void updateCurrentAttributesTcpSrcOnly(@InjectTestData(resourcePath = "/acl/standard/standard-acl-tcp-src-only.json")
- AccessLists standardAcls) throws Exception {
+ public void updateCurrentAttributesTcpSrcOnly(
+ @InjectTestData(resourcePath = "/acl/standard/standard-acl-tcp-src-only.json")
+ Acls standardAcls) throws Exception {
final int aclIndex = 4;
when(standardAclContext.getAclIndex("standard-acl", mappingContext)).thenReturn(aclIndex);
final Acl data = standardAcls.getAcl().get(0);
@Test
public void writeCurrentAttributesUdp(@InjectTestData(resourcePath = "/acl/standard/standard-acl-udp.json")
- AccessLists standardAcls) throws Exception {
+ Acls standardAcls) throws Exception {
aclCustomizer.writeCurrentAttributes(validId, standardAcls.getAcl().get(0), writeContext);
verify(aclApi, times(1)).aclAddReplace(aclAddReplaceRequestCaptor.capture());
@Test
public void updateCurrentAttributesUdp(@InjectTestData(resourcePath = "/acl/standard/standard-acl-udp.json")
- AccessLists standardAcls) throws Exception {
+ Acls standardAcls) throws Exception {
final int aclIndex = 4;
when(standardAclContext.getAclIndex("standard-acl", mappingContext)).thenReturn(aclIndex);
final Acl data = standardAcls.getAcl().get(0);
@Test
public void deleteCurrentAttributesIcmpIpv4(@InjectTestData(resourcePath = "/acl/standard/standard-acl-icmp.json")
- AccessLists standardAcls) throws Exception {
+ Acls standardAcls) throws Exception {
when(writeContext.readAfter(InstanceIdentifier.create(Interfaces.class))).thenReturn(Optional.absent());
final int aclIndex = 4;
when(standardAclContext.getAclIndex("standard-acl", mappingContext)).thenReturn(aclIndex);
@Test
public void deleteCurrentAttributesIcmpIpv6(
@InjectTestData(resourcePath = "/acl/standard/standard-acl-icmp-v6.json")
- AccessLists standardAcls) throws Exception {
+ Acls standardAcls) throws Exception {
when(writeContext.readAfter(InstanceIdentifier.create(Interfaces.class))).thenReturn(Optional.absent());
final int aclIndex = 4;
when(standardAclContext.getAclIndex("standard-acl", mappingContext)).thenReturn(aclIndex);
@Test
public void deleteCurrentAttributesTcp(@InjectTestData(resourcePath = "/acl/standard/standard-acl-tcp.json")
- AccessLists standardAcls) throws Exception {
+ Acls standardAcls) throws Exception {
when(writeContext.readAfter(InstanceIdentifier.create(Interfaces.class))).thenReturn(Optional.absent());
final int aclIndex = 4;
when(standardAclContext.getAclIndex("standard-acl", mappingContext)).thenReturn(aclIndex);
@Test
public void deleteCurrentAttributesUdp(@InjectTestData(resourcePath = "/acl/standard/standard-acl-udp.json")
- AccessLists standardAcls) throws Exception {
+ Acls standardAcls) throws Exception {
when(writeContext.readAfter(InstanceIdentifier.create(Interfaces.class))).thenReturn(Optional.absent());
final int aclIndex = 4;
when(standardAclContext.getAclIndex("standard-acl", mappingContext)).thenReturn(aclIndex);
package io.fd.hc2vpp.acl.write;
-import static io.fd.hc2vpp.acl.write.VppAclValidator.checkAclReferenced;
-import static java.util.stream.Collectors.toSet;
+import static io.fd.hc2vpp.acl.write.AclValidator.checkAclReferenced;
import static org.hamcrest.MatcherAssert.assertThat;
import static org.hamcrest.Matchers.containsInAnyOrder;
import static org.hamcrest.Matchers.hasSize;
import static org.mockito.MockitoAnnotations.initMocks;
import com.google.common.base.Optional;
+import io.fd.hc2vpp.acl.AclIIds;
import io.fd.hc2vpp.acl.AclTestSchemaContext;
import io.fd.honeycomb.test.tools.HoneycombTestRunner;
import io.fd.honeycomb.test.tools.annotations.InjectTestData;
import io.fd.honeycomb.translate.write.DataValidationFailedException;
import io.fd.honeycomb.translate.write.WriteContext;
+import java.util.HashSet;
import java.util.List;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.mockito.Mock;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.AccessLists;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.Acl;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.AclBuilder;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.AclKey;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.Interfaces;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.InterfacesBuilder;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.interfaces.Interface;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.VppAcl;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.VppMacipAcl;
+import org.opendaylight.yang.gen.v1.http.fd.io.hc2vpp.yang.vpp.acl.rev181022.VppAcl;
+import org.opendaylight.yang.gen.v1.http.fd.io.hc2vpp.yang.vpp.acl.rev181022.VppMacipAcl;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.Acls;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.Acl;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.AclBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.AclKey;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.AttachmentPoints;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.AttachmentPointsBuilder;
import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
@RunWith(HoneycombTestRunner.class)
-public class VppAclValidatorTest implements AclTestSchemaContext {
+public class AclValidatorTest implements AclTestSchemaContext {
- private static final InstanceIdentifier<Acl> ID = InstanceIdentifier.create(AccessLists.class)
- .child(Acl.class, new AclKey("standard-acl", VppAcl.class));
+ private static final InstanceIdentifier<Acl> ID = AclIIds.ACLS
+ .child(Acl.class, new AclKey("standard-acl"));
- @InjectTestData(id = "/ietf-interfaces:interfaces", resourcePath = "/interface-acl/acl-references.json")
- private Interfaces interfaces;
+ @InjectTestData(id = "/ietf-access-control-list:acls/ietf-access-control-list:attachment-points", resourcePath = "/interface-acl/acl-references.json")
+ private AttachmentPoints attachmentPoints;
@Mock
private WriteContext writeContext;
- private VppAclValidator validator;
+ private AclValidator validator;
@Before
public void init(){
initMocks(this);
- when(writeContext.readAfter(InstanceIdentifier.create(Interfaces.class))).thenReturn(Optional.of(interfaces));
- validator = new VppAclValidator();
+ when(writeContext.readAfter(AclIIds.ACLS_AP)).thenReturn(Optional.of(attachmentPoints));
+ validator = new AclValidator();
}
@Test
public void testValidateWrite(
- @InjectTestData(resourcePath = "/acl/standard/standard-acl-icmp.json") AccessLists acls)
+ @InjectTestData(resourcePath = "/acl/standard/standard-acl-icmp.json") Acls acls)
throws DataValidationFailedException.CreateValidationFailedException {
validator.validateWrite(ID, acls.getAcl().get(0), writeContext);
}
@Test
public void testValidateUpdate(
- @InjectTestData(resourcePath = "/acl/standard/standard-acl-icmp.json") AccessLists acls)
+ @InjectTestData(resourcePath = "/acl/standard/standard-acl-icmp.json") Acls acls)
throws DataValidationFailedException.UpdateValidationFailedException {
final Acl data = acls.getAcl().get(0);
validator.validateUpdate(ID, data, data, writeContext);
@Test(expected = DataValidationFailedException.UpdateValidationFailedException.class)
public void testValidateUpdateUnsupportedType(
- @InjectTestData(resourcePath = "/acl/ipv4/ipv4-acl.json") AccessLists acls)
+ @InjectTestData(resourcePath = "/acl/ipv4/ipv4-acl.json") Acls acls)
throws DataValidationFailedException.UpdateValidationFailedException {
final Acl data = acls.getAcl().get(0);
validator.validateUpdate(ID, data, data, writeContext);
@Test
public void testValidateDelete(
- @InjectTestData(resourcePath = "/acl/standard/standard-acl-icmp.json") AccessLists acls)
+ @InjectTestData(resourcePath = "/acl/standard/standard-acl-icmp.json") Acls acls)
throws DataValidationFailedException.DeleteValidationFailedException {
validator.validateDelete(ID, acls.getAcl().get(0), writeContext);
}
@Test(expected = DataValidationFailedException.DeleteValidationFailedException.class)
public void testValidateDeleteReferenced(
- @InjectTestData(resourcePath = "/acl/standard/standard-acl-udp.json")
- AccessLists standardAcls,
- @InjectTestData(resourcePath = "/acl/standard/interface-ref-acl-udp.json")
- Interfaces references) throws Exception {
- when(writeContext.readAfter(InstanceIdentifier.create(Interfaces.class))).thenReturn(
- Optional.of(new InterfacesBuilder().setInterface(references.getInterface()).build()));
+ @InjectTestData(resourcePath = "/acl/standard/standard-acl-udp.json")
+ Acls standardAcls,
+ @InjectTestData(id = "/ietf-access-control-list:acls/ietf-access-control-list:attachment-points",
+ resourcePath = "/acl/standard/interface-ref-acl-udp.json")
+ AttachmentPoints references) throws Exception {
+ when(writeContext.readAfter(AclIIds.ACLS_AP)).thenReturn(
+ Optional.of(new AttachmentPointsBuilder().setInterface(references.getInterface()).build()));
validator.validateDelete(ID, standardAcls.getAcl().get(0), writeContext);
}
@Test
public void testReferencedVppAclFirst() {
- final List<Interface> referenced = checkAclReferenced(writeContext, new AclBuilder()
- .setAclName("acl1").setAclType(VppAcl.class).build());
+ final List<String> referenced = checkAclReferenced(writeContext, new AclBuilder()
+ .setName("acl1").setType(VppAcl.class).build());
assertThat(referenced, hasSize(3));
- assertThat(referenced.stream().map(Interface::getName).collect(toSet()),
- containsInAnyOrder("eth0", "eth1", "eth2"));
+ assertThat(new HashSet<>(referenced), containsInAnyOrder("eth0", "eth1", "eth2"));
}
@Test
public void testReferencedVppAclSecond() {
- final List<Interface> referenced = checkAclReferenced(writeContext, new AclBuilder()
- .setAclName("acl2").setAclType(VppAcl.class).build());
+ final List<String> referenced = checkAclReferenced(writeContext, new AclBuilder()
+ .setName("acl2").setType(VppAcl.class).build());
assertThat(referenced, hasSize(1));
- assertThat(referenced.stream().map(Interface::getName).collect(toSet()),
- containsInAnyOrder("eth1"));
+ assertThat(new HashSet<>(referenced), containsInAnyOrder("eth1"));
}
@Test
public void testReferencedMacipAcl() {
- final List<Interface> referenced = checkAclReferenced(writeContext, new AclBuilder()
- .setAclName("acl4").setAclType(VppMacipAcl.class).build());
+ final List<String> referenced = checkAclReferenced(writeContext, new AclBuilder()
+ .setName("acl4").setType(VppMacipAcl.class).build());
assertThat(referenced, hasSize(1));
- assertThat(referenced.stream().map(Interface::getName).collect(toSet()),
- containsInAnyOrder("eth2"));
+ assertThat(new HashSet<>(referenced), containsInAnyOrder("eth2"));
}
}
\ No newline at end of file
package io.fd.hc2vpp.acl.write;
import static org.mockito.ArgumentMatchers.any;
-import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.when;
+import io.fd.hc2vpp.acl.AclIIds;
import io.fd.hc2vpp.acl.AclTestSchemaContext;
import io.fd.hc2vpp.acl.util.AclContextManager;
import io.fd.hc2vpp.common.test.write.WriterCustomizerTest;
import java.util.Collections;
import org.junit.Test;
import org.mockito.Mock;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.Interfaces;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.interfaces.Interface;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.interfaces.InterfaceKey;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214.VppAclInterfaceAugmentation;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214._interface.acl.attributes.Acl;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214._interface.acl.attributes.AclBuilder;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214._interface.acl.attributes.acl.IngressBuilder;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214.vpp.acls.base.attributes.VppAcls;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214.vpp.acls.base.attributes.VppAclsBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points.Interface;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points.InterfaceBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points.InterfaceKey;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points._interface.IngressBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points._interface.acl.AclSetsBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points._interface.acl.acl.sets.AclSetBuilder;
import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
public class InterfaceAclCustomizerTest extends WriterCustomizerTest implements AclTestSchemaContext {
private static final String IFC_CTX_NAME = "ifc-test-instance";
private static final String IFACE_NAME = "eth0";
private static final int IFACE_ID = 123;
+ private static final int ACL_ID = 111;
@Mock
private FutureJVppAclFacade aclApi;
@Mock
private AclContextManager standardAclContext;
+ @Mock
+ private AclContextManager macipAclContext;
private InterfaceAclCustomizer customizer;
- private NamingContext interfaceContext;
- private InstanceIdentifier<Acl> ACL_ID = InstanceIdentifier.create(Interfaces.class)
- .child(Interface.class, new InterfaceKey(IFACE_NAME)).augmentation(VppAclInterfaceAugmentation.class).child(Acl.class);
+ private InstanceIdentifier<Interface> IFC_IID =
+ AclIIds.ACLS_AP.child(Interface.class, new InterfaceKey(IFACE_NAME));
+ private Interface ifcAcl;
+ private static final String ACL_NAME = "standard_acl";
+
@Override
- protected void setUpTest() throws Exception {
+ protected void setUpTest() {
defineMapping(mappingContext, IFACE_NAME, IFACE_ID, IFC_CTX_NAME);
- interfaceContext = new NamingContext("generatedIfaceName", IFC_CTX_NAME);
- customizer = new InterfaceAclCustomizer(aclApi, interfaceContext, standardAclContext);
+ final NamingContext interfaceContext = new NamingContext("generatedIfaceName", IFC_CTX_NAME);
+ customizer = new InterfaceAclCustomizer(aclApi, interfaceContext, standardAclContext, macipAclContext);
+ ifcAcl = new InterfaceBuilder()
+ .setIngress(new IngressBuilder()
+ .setAclSets(new AclSetsBuilder()
+ .setAclSet(Collections.singletonList(new AclSetBuilder()
+ .setName(ACL_NAME)
+ .build()))
+ .build())
+ .build())
+ .build();
+ when(standardAclContext.getAclIndex(ACL_NAME, mappingContext)).thenReturn(ACL_ID);
+ when(standardAclContext.containsAcl(ACL_NAME, mappingContext)).thenReturn(true);
when(aclApi.aclInterfaceSetAclList(any())).thenReturn(future(new AclInterfaceSetAclListReply()));
}
@Test
public void testWrite() throws Exception {
- final Acl acl = new AclBuilder().build();
- customizer.writeCurrentAttributes(ACL_ID, acl, writeContext);
+ customizer.writeCurrentAttributes(IFC_IID, ifcAcl, writeContext);
final AclInterfaceSetAclList list = new AclInterfaceSetAclList();
list.swIfIndex = IFACE_ID;
- list.acls = new int[]{};
+ list.acls = new int[]{ACL_ID};
+ list.count = 1;
+ list.nInput = 1;
verify(aclApi).aclInterfaceSetAclList(list);
}
@Test
public void testUpdate() throws Exception {
- final Acl acl = new AclBuilder().build();
- customizer.updateCurrentAttributes(ACL_ID, acl, acl, writeContext);
+ final Interface updIfcAcl = new InterfaceBuilder().build();
+ customizer.updateCurrentAttributes(IFC_IID, updIfcAcl, ifcAcl, writeContext);
final AclInterfaceSetAclList list = new AclInterfaceSetAclList();
list.swIfIndex = IFACE_ID;
- list.acls = new int[]{};
+ list.acls = new int[]{ACL_ID};
+ list.count = 1;
+ list.nInput = 1;
verify(aclApi).aclInterfaceSetAclList(list);
}
@Test
public void testDelete() throws Exception {
- final VppAcls
- element = mock(VppAcls.class);
- final Acl acl = new AclBuilder()
- .setIngress(new IngressBuilder()
- .setVppAcls(Collections.singletonList(new VppAclsBuilder()
- .setName("asd")
- .build()))
- .build())
- .build();
- customizer.deleteCurrentAttributes(ACL_ID, acl, writeContext);
+ customizer.deleteCurrentAttributes(IFC_IID, ifcAcl, writeContext);
final AclInterfaceSetAclList list = new AclInterfaceSetAclList();
list.swIfIndex = IFACE_ID;
list.acls = new int[]{};
verify(aclApi).aclInterfaceSetAclList(list);
}
-
}
\ No newline at end of file
import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.when;
+import io.fd.hc2vpp.acl.AclIIds;
import io.fd.hc2vpp.acl.AclTestSchemaContext;
import io.fd.hc2vpp.acl.util.AclContextManager;
import io.fd.hc2vpp.common.test.write.WriterCustomizerTest;
import io.fd.hc2vpp.common.translate.util.NamingContext;
+import io.fd.vpp.jvpp.acl.dto.AclInterfaceSetAclListReply;
import io.fd.vpp.jvpp.acl.dto.MacipAclInterfaceAddDel;
import io.fd.vpp.jvpp.acl.dto.MacipAclInterfaceAddDelReply;
import io.fd.vpp.jvpp.acl.future.FutureJVppAclFacade;
+import java.util.Collections;
import org.junit.Test;
import org.mockito.Mock;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.Interfaces;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.interfaces.Interface;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.interfaces.InterfaceKey;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214.VppAclInterfaceAugmentation;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214._interface.acl.attributes.Acl;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214._interface.acl.attributes.acl.Ingress;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214.vpp.macip.acls.base.attributes.VppMacipAcl;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214.vpp.macip.acls.base.attributes.VppMacipAclBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points.Interface;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points.InterfaceBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points.InterfaceKey;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points._interface.IngressBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points._interface.acl.AclSetsBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points._interface.acl.acl.sets.AclSetBuilder;
import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
public class InterfaceAclMacipCustomizerTest extends WriterCustomizerTest implements AclTestSchemaContext {
private FutureJVppAclFacade aclApi;
@Mock
private AclContextManager macipAclContext;
+ @Mock
+ private AclContextManager standardAclContext;
- private InterfaceAclMacIpCustomizer customizer;
+ private InterfaceAclCustomizer customizer;
private NamingContext interfaceContext;
- private InstanceIdentifier<VppMacipAcl> ACL_IID = InstanceIdentifier.create(Interfaces.class)
- .child(Interface.class, new InterfaceKey(IFACE_NAME)).augmentation(VppAclInterfaceAugmentation.class)
- .child(Acl.class).child(Ingress.class).child(VppMacipAcl.class);
- private VppMacipAcl acl;
+ private InstanceIdentifier<Interface> IFC_IID =
+ AclIIds.ACLS_AP.child(Interface.class, new InterfaceKey(IFACE_NAME));
+ private Interface ifcAcl;
@Override
protected void setUpTest() throws Exception {
defineMapping(mappingContext, IFACE_NAME, IFACE_ID, IFC_CTX_NAME);
interfaceContext = new NamingContext("generatedIfaceName", IFC_CTX_NAME);
- customizer = new InterfaceAclMacIpCustomizer(aclApi, macipAclContext, interfaceContext);
- acl = new VppMacipAclBuilder().setName(ACL_NAME).build();
+ customizer = new InterfaceAclCustomizer(aclApi, interfaceContext, standardAclContext, macipAclContext);
+ ifcAcl = new InterfaceBuilder().setIngress(new IngressBuilder().setAclSets(new AclSetsBuilder().setAclSet(
+ Collections.singletonList(new AclSetBuilder().setName(ACL_NAME).build())).build()).build()).build();
when(macipAclContext.getAclIndex(ACL_NAME, mappingContext)).thenReturn(ACL_ID);
+ when(macipAclContext.containsAcl(ACL_NAME, mappingContext)).thenReturn(true);
when(aclApi.macipAclInterfaceAddDel(any())).thenReturn(future(new MacipAclInterfaceAddDelReply()));
+ when(aclApi.aclInterfaceSetAclList(any())).thenReturn(future(new AclInterfaceSetAclListReply()));
}
@Test
public void testWrite() throws Exception {
- customizer.writeCurrentAttributes(ACL_IID, acl, writeContext);
+ customizer.writeCurrentAttributes(IFC_IID, ifcAcl, writeContext);
final MacipAclInterfaceAddDel request = new MacipAclInterfaceAddDel();
request.swIfIndex = IFACE_ID;
request.isAdd = 1;
verify(aclApi).macipAclInterfaceAddDel(request);
}
- @Test(expected = UnsupportedOperationException.class)
+ @Test
public void testUpdate() throws Exception {
- customizer.updateCurrentAttributes(ACL_IID, acl, acl, writeContext);
+ customizer.updateCurrentAttributes(IFC_IID, ifcAcl, ifcAcl, writeContext);
+ verify(aclApi).aclInterfaceSetAclList(any());
}
@Test
public void testDelete() throws Exception {
- customizer.deleteCurrentAttributes(ACL_IID, acl, writeContext);
+ customizer.deleteCurrentAttributes(IFC_IID, ifcAcl, writeContext);
final MacipAclInterfaceAddDel request = new MacipAclInterfaceAddDel();
request.swIfIndex = IFACE_ID;
request.isAdd = 0;
request.aclIndex = ACL_ID;
verify(aclApi).macipAclInterfaceAddDel(request);
}
-
}
\ No newline at end of file
{
- "access-lists": {
+ "acls": {
"acl": [
{
- "acl-name": "standard-acl",
- "acl-type": "ipv4-acl",
- "access-list-entries": {
+ "name": "standard-acl",
+ "type": "ipv4-acl-type",
+ "aces": {
"ace": [
{
- "rule-name": "rule1"
+ "name": "rule1"
}
]
}
{
- "access-lists": {
+ "acls": {
"acl": [
{
- "acl-name": "macip-acl",
- "acl-type": "vpp-acl:vpp-macip-acl",
+ "name": "macip-acl",
+ "type": "vpp-acl:vpp-macip-acl",
"tag": "macip-tag-value",
- "access-list-entries": {
+ "aces": {
"ace": [
{
- "rule-name": "macip-rule",
+ "name": "macip-rule",
"matches": {
- "vpp-macip-ace-nodes": {
- "source-ipv4-network": "192.168.2.2/32",
+ "eth": {
"source-mac-address": "aa:aa:aa:aa:aa:aa",
"source-mac-address-mask": "ff:00:00:00:00:00"
+ },
+ "ipv4": {
+ "source-ipv4-network": "192.168.2.2/32"
}
},
"actions": {
- "permit": [null]
+ "forwarding": "ietf-access-control-list:accept"
}
}
]
{
- "interfaces":{
- "interface": [{
- "name": "eth2",
- "acl": {
+ "attachment-points": {
+ "interface": [
+ {
+ "interface-id": "eth2",
"ingress": {
- "vpp-acls": [
- {
- "type": "vpp-acl:vpp-acl",
- "name": "standard-acl"
- }
- ],
- "vpp-macip-acl": {
- "name": "acl4",
- "type": "vpp-acl:vpp-macip-acl"
+ "acl-sets": {
+ "acl-set": [
+ {
+ "name": "standard-acl"
+ },
+ {
+ "name": "acl4"
+ }
+ ]
}
}
}
- }]
+ ]
}
}
\ No newline at end of file
{
- "access-lists": {
+ "acls": {
"acl": [
{
- "acl-name": "standard-acl",
- "acl-type": "vpp-acl:vpp-acl",
+ "name": "standard-acl",
+ "type": "vpp-acl:vpp-acl",
"tag": "icmp-v6-tag-value",
- "access-list-entries": {
+ "aces": {
"ace": [
{
- "rule-name": "imcp-v6-rule",
+ "name": "imcp-v6-rule",
"matches": {
- "vpp-ace-nodes": {
- "destination-ipv6-network": "2001:0db8:0a0b:12f0:0000:0000:0000:0001/64",
+ "ipv6": {
"source-ipv6-network": "2001:0db8:0a0b:12f0:0000:0000:0000:0002/48",
- "icmp-v6-nodes": {
- "icmp-type-range": {
+ "destination-ipv6-network": "2001:0db8:0a0b:12f0:0000:0000:0000:0001/64"
+ },
+ "icmp": {
+ "vpp-acl:vpp-icmp-ace": {
+ "vpp-acl:icmp-type-range": {
"first": "5",
"last": "8"
},
- "icmp-code-range": {
+ "vpp-acl:icmp-code-range": {
"first": "1",
"last": "3"
}
}
},
"actions": {
- "permit": [null]
+ "forwarding": "ietf-access-control-list:accept"
}
}
]
{
- "access-lists": {
+ "acls": {
"acl": [
{
- "acl-name": "standard-acl",
- "acl-type": "vpp-acl:vpp-acl",
+ "name": "standard-acl",
+ "type": "vpp-acl:vpp-acl",
"tag": "icmp-v4-tag-value",
- "access-list-entries": {
+ "aces": {
"ace": [
{
- "rule-name": "imcp-rule",
+ "name": "imcp-rule",
"matches": {
- "vpp-ace-nodes": {
- "destination-ipv4-network": "192.168.2.1/24",
+ "ipv4": {
"source-ipv4-network": "192.168.2.2/32",
- "icmp-nodes": {
- "icmp-type-range": {
+ "destination-ipv4-network": "192.168.2.1/24"
+ },
+ "icmp": {
+ "vpp-acl:vpp-icmp-ace": {
+ "vpp-acl:icmp-type-range": {
"first": "5",
"last": "8"
},
- "icmp-code-range": {
+ "vpp-acl:icmp-code-range": {
"first": "1",
"last": "3"
}
}
},
"actions": {
- "permit": [null]
+ "forwarding": "ietf-access-control-list:accept"
}
}
]
{
- "access-lists": {
+ "acls": {
"acl": [
{
- "acl-name": "standard-acl",
- "acl-type": "vpp-acl:vpp-acl",
- "access-list-entries": {
+ "name": "standard-acl",
+ "type": "vpp-acl:vpp-acl",
+ "aces": {
"ace": [
{
- "rule-name": "tcp-rule",
+ "name": "tcp-rule",
"matches": {
- "vpp-ace-nodes": {
- "source-ipv4-network": "192.168.2.2/32",
- "tcp-nodes": {
- "source-port-range": {
- "lower-port": "1",
- "upper-port": "5487"
- },
- "destination-port-range": {
- "lower-port": "87",
- "upper-port": "6745"
- },
- "tcp-flags-mask": "1",
- "tcp-flags-value": "7"
+ "ipv4": {
+ "source-ipv4-network": "192.168.2.2/32"
+ },
+ "tcp": {
+ "source-port": {
+ "lower-port": "1",
+ "upper-port": "5487"
+ },
+ "destination-port": {
+ "lower-port": "87",
+ "upper-port": "6745"
+ },
+ "flags": "cwr ece urg",
+ "vpp-acl:vpp-tcp-ace": {
+ "vpp-acl:flags-mask": "cwr"
}
}
},
"actions": {
- "permit": [null]
+ "forwarding": "ietf-access-control-list:accept"
}
}
]
{
- "access-lists": {
+ "acls": {
"acl": [
{
- "acl-name": "standard-acl",
- "acl-type": "vpp-acl:vpp-acl",
+ "name": "standard-acl",
+ "type": "vpp-acl:vpp-acl",
"tag": "tcp-tag-value",
- "access-list-entries": {
+ "aces": {
"ace": [
{
- "rule-name": "tcp-rule",
+ "name": "tcp-rule",
"matches": {
- "vpp-ace-nodes": {
+ "ipv4": {
"destination-ipv4-network": "192.168.2.1/24",
- "source-ipv4-network": "192.168.2.2/32",
- "tcp-nodes": {
- "source-port-range": {
- "lower-port": "1",
- "upper-port": "5487"
- },
- "destination-port-range": {
- "lower-port": "87",
- "upper-port": "6745"
- },
- "tcp-flags-mask": "1",
- "tcp-flags-value": "7"
+ "source-ipv4-network": "192.168.2.2/32"
+ },
+ "tcp": {
+ "source-port": {
+ "lower-port": "1",
+ "upper-port": "5487"
+ },
+ "destination-port": {
+ "lower-port": "87",
+ "upper-port": "6745"
+ },
+ "flags": "cwr ece urg",
+ "vpp-acl:vpp-tcp-ace": {
+ "vpp-acl:flags-mask": "cwr"
}
}
},
"actions": {
- "permit": [null]
+ "forwarding": "ietf-access-control-list:accept"
}
}
]
{
- "access-lists": {
+ "acls": {
"acl": [
{
- "acl-name": "standard-acl",
- "acl-type": "vpp-acl:vpp-acl",
+ "name": "standard-acl",
+ "type": "vpp-acl:vpp-acl",
"tag": "udp-tag-value",
- "access-list-entries": {
+ "aces": {
"ace": [
{
- "rule-name": "udp-rule",
+ "name": "udp-rule",
"matches": {
- "vpp-ace-nodes": {
+ "ipv4": {
"destination-ipv4-network": "192.168.2.1/24",
- "source-ipv4-network": "192.168.2.2/32",
- "udp-nodes": {
- "source-port-range": {
- "lower-port": "1",
- "upper-port": "5487"
- },
- "destination-port-range": {
- "lower-port": "87",
- "upper-port": "6745"
- }
+ "source-ipv4-network": "192.168.2.2/32"
+ },
+ "udp": {
+ "source-port": {
+ "lower-port": "1",
+ "upper-port": "5487"
+ },
+ "destination-port": {
+ "lower-port": "87",
+ "upper-port": "6745"
}
}
},
"actions": {
- "permit": [null]
+ "forwarding": "ietf-access-control-list:accept"
}
}
]
{
- "interfaces": {
+ "attachment-points": {
"interface": [
{
- "name": "eth0",
- "acl": {
- "ingress": {
- "vpp-acls": [
+ "interface-id": "eth0",
+ "ingress": {
+ "acl-sets": {
+ "acl-set": [
{
- "type": "vpp-acl:vpp-acl",
"name": "acl1"
}
]
}
},
{
- "name": "eth1",
- "acl": {
- "egress": {
- "vpp-acls": [
+ "interface-id": "eth1",
+ "ingress": {
+ "acl-sets": {
+ "acl-set": [
{
- "type": "vpp-acl:vpp-acl",
"name": "acl1"
- }
- ]
- },
- "ingress": {
- "vpp-acls": [
+ },
{
- "type": "vpp-acl:vpp-acl",
"name": "acl2"
}
]
}
},
{
- "name": "eth2",
- "acl": {
- "ingress": {
- "vpp-acls": [
+ "interface-id": "eth2",
+ "ingress": {
+ "acl-sets": {
+ "acl-set": [
{
- "type": "vpp-acl:vpp-acl",
"name": "acl1"
+ },
+ {
+ "name": "acl4"
}
- ],
- "vpp-macip-acl": {
- "name": "acl4",
- "type": "vpp-acl:vpp-macip-acl"
- }
+ ]
}
}
}
{
- "access-lists": {
+ "acls": {
"acl": [
{
- "acl-name": "standard-acl",
- "acl-type": "vpp-acl:vpp-acl",
- "access-list-entries": {
+ "name": "standard-acl",
+ "type": "vpp-acl:vpp-acl",
+ "aces": {
"ace": [
{
- "rule-name": "imcp-rule",
+ "name": "imcp-rule",
"matches": {
- "vpp-ace-nodes": {
- "destination-ipv4-network": "192.168.2.1/32",
+ "ipv4": {
"source-ipv4-network": "192.168.2.2/32",
- "icmp-nodes": {
- "icmp-type-range": {
+ "destination-ipv4-network": "192.168.2.1/32"
+ },
+ "icmp": {
+ "vpp-acl:vpp-icmp-ace": {
+ "vpp-acl:icmp-type-range": {
"first": "5",
"last": "8"
},
- "icmp-code-range": {
+ "vpp-acl:icmp-code-range": {
"first": "1",
"last": "3"
}
{
- "access-lists": {
+ "acls": {
"acl": [
{
- "acl-name": "standard-acl",
- "acl-type": "vpp-acl:vpp-acl",
- "access-list-entries": {
+ "name": "standard-acl",
+ "type": "vpp-acl:vpp-acl",
+ "aces": {
"ace": [
{
- "rule-name": "imcp-rule",
+ "name": "imcp-v6-rule",
"matches": {
- "vpp-ace-nodes": {
- "destination-ipv6-network": "2001:0db8:0a0b:12f0:0000:0000:0000:0001/64",
- "source-ipv6-network": "2001:0db8:0a0b:12f0:0000:0000:0000:0002/64",
- "icmp-v6-nodes": {
- "icmp-type-range": {
+ "ipv6": {
+ "source-ipv6-network": "2001:0db8:0a0b:12f0:0000:0000:0000:0002/48",
+ "destination-ipv6-network": "2001:0db8:0a0b:12f0:0000:0000:0000:0001/64"
+ },
+ "icmp": {
+ "vpp-acl:vpp-icmp-ace": {
+ "vpp-acl:icmp-type-range": {
"first": "5",
"last": "8"
},
- "icmp-code-range": {
+ "vpp-acl:icmp-code-range": {
"first": "1",
"last": "3"
}
{
- "access-lists": {
+ "acls": {
"acl": [
{
- "acl-name": "standard-acl",
- "acl-type": "vpp-acl:vpp-acl",
- "access-list-entries": {
+ "name": "standard-acl",
+ "type": "vpp-acl:vpp-acl",
+ "aces": {
"ace": [
{
- "rule-name": "no-protocol-rule",
+ "name": "no-protocol-rule",
"matches": {
- "vpp-ace-nodes": {
- "destination-ipv4-network": "192.168.2.1/32",
- "source-ipv4-network": "192.168.2.2/32"
+ "ipv4": {
+ "source-ipv4-network": "192.168.2.2/32",
+ "destination-ipv4-network": "192.168.2.1/32"
}
}
}
+++ /dev/null
-{
- "access-lists": {
- "acl": [
- {
- "acl-name": "standard-acl",
- "acl-type": "vpp-acl:vpp-acl",
- "access-list-entries": {
- "ace": [
- {
- "rule-name": "imcp-rule",
- "matches": {
- "vpp-ace-nodes": {
- "destination-ipv4-network": "192.168.2.1/32",
- "source-ipv4-network": "192.168.2.2/32",
- "other-nodes": {
- "protocol": "64"
- }
- }
- }
- }
- ]
- }
- }
- ]
- }
-}
\ No newline at end of file
{
- "access-lists": {
+ "acls": {
"acl": [
{
- "acl-name": "standard-acl",
- "acl-type": "vpp-acl:vpp-acl",
- "access-list-entries": {
+ "name": "standard-acl",
+ "type": "vpp-acl:vpp-acl",
+ "aces": {
"ace": [
{
- "rule-name": "tcp-no-flags-rule",
+ "name": "tcp-no-flags-rule",
"matches": {
- "vpp-ace-nodes": {
+ "ipv4": {
"destination-ipv4-network": "192.168.2.1/32",
- "source-ipv4-network": "192.168.2.2/32",
- "tcp-nodes": {
- "source-port-range": {
- "lower-port": "123"
- },
- "destination-port-range": {
- "lower-port": "65000"
- }
+ "source-ipv4-network": "192.168.2.2/32"
+ },
+ "tcp": {
+ "source-port": {
+ "lower-port": "123"
+ },
+ "destination-port": {
+ "lower-port": "65000"
}
}
}
{
- "access-lists": {
+ "acls": {
"acl": [
{
- "acl-name": "standard-acl",
- "acl-type": "vpp-acl:vpp-acl",
- "access-list-entries": {
+ "name": "standard-acl",
+ "type": "vpp-acl:vpp-acl",
+ "aces": {
"ace": [
{
- "rule-name": "imcp-rule",
+ "name": "tcp-rule",
"matches": {
- "vpp-ace-nodes": {
+ "ipv4": {
"destination-ipv4-network": "192.168.2.1/32",
- "source-ipv4-network": "192.168.2.2/32",
- "tcp-nodes": {
- "source-port-range": {
- "lower-port": "1",
- "upper-port": "5487"
- },
- "destination-port-range": {
- "lower-port": "87",
- "upper-port": "6745"
- },
- "tcp-flags-mask": "1",
- "tcp-flags-value": "7"
+ "source-ipv4-network": "192.168.2.2/32"
+ },
+ "tcp": {
+ "source-port": {
+ "lower-port": "1",
+ "upper-port": "5487"
+ },
+ "destination-port": {
+ "lower-port": "87",
+ "upper-port": "6745"
+ },
+ "flags": "cwr ece urg",
+ "vpp-acl:vpp-tcp-ace": {
+ "vpp-acl:flags-mask": "cwr"
}
}
}
{
- "access-lists": {
+ "acls": {
"acl": [
{
- "acl-name": "standard-acl",
- "acl-type": "vpp-acl:vpp-acl",
- "access-list-entries": {
+ "name": "standard-acl",
+ "type": "vpp-acl:vpp-acl",
+ "aces": {
"ace": [
{
- "rule-name": "imcp-rule",
+ "name": "imcp-rule",
"matches": {
- "vpp-ace-nodes": {
+ "ipv4": {
"destination-ipv4-network": "192.168.2.1/32",
- "source-ipv4-network": "192.168.2.2/32",
- "udp-nodes": {
- "source-port-range": {
- "lower-port": "1",
- "upper-port": "5487"
- },
- "destination-port-range": {
- "lower-port": "87",
- "upper-port": "6745"
- }
+ "source-ipv4-network": "192.168.2.2/32"
+ },
+ "udp": {
+ "source-port": {
+ "lower-port": "1",
+ "upper-port": "5487"
+ },
+ "destination-port": {
+ "lower-port": "87",
+ "upper-port": "6745"
}
}
}
{
"info": {
- "_postman_id": "7d511277-9b9c-8a1c-2ad7-58618b778f72",
+ "_postman_id": "0c1948da-d645-4b5c-90f4-9b3074a5040f",
"name": "Hc2vpp RESTCONF calls for acl plugin",
"description": "Provides examples of RESTCONF calls for vpp's acl plugin, exposed\nin hc2vpp.",
"schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json"
},
"item": [
{
- "_postman_id": "76a3c744-d3c9-4326-9e53-6896c0220ea6",
"name": "Write mac_ip list",
"request": {
"method": "PUT",
],
"body": {
"mode": "raw",
- "raw": "{\r\n \"acl\": [\r\n {\r\n \"acl-name\": \"macip-acl\",\r\n \"acl-type\": \"vpp-acl:vpp-macip-acl\",\r\n \"access-list-entries\": {\r\n \"ace\": [\r\n {\r\n \"rule-name\": \"macip-rule\",\r\n \"matches\": {\r\n \"vpp-macip-ace-nodes\": {\r\n \"source-ipv4-network\": \"192.168.2.2/32\",\r\n \"source-mac-address\": \"aa:aa:aa:aa:aa:aa\",\r\n \"source-mac-address-mask\": \"ff:00:00:00:00:00\"\r\n }\r\n },\r\n \"actions\": {\r\n \"permit\": [null]\r\n }\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n}"
+ "raw": "{\n \"acl\":\n {\n \"name\":\"macip-acl\",\n \"type\":\"vpp-acl:vpp-macip-acl\",\n \"aces\":{\n \"ace\":[\n {\n \"name\":\"macip-rule\",\n \"matches\":{\n \n \"eth\":{\n \"source-mac-address\":\"aa:aa:aa:aa:aa:aa\",\n \"source-mac-address-mask\":\"ff:00:00:00:00:00\"\n\n },\n\n \"ipv4\":{\n\n \"source-ipv4-network\":\"192.168.2.2/32\"\n\n\n }\n },\n \n \"actions\":{\n \"forwarding\": \"ietf-access-control-list:accept\"\n }\n }\n ]\n }\n }\n}"
},
"url": {
- "raw": "http://localhost:8183/restconf/config/ietf-access-control-list:access-lists/acl/vpp-acl:vpp-macip-acl/macip-acl",
+ "raw": "http://localhost:8183/restconf/config/ietf-access-control-list:acls/acl/macip-acl",
"protocol": "http",
"host": [
"localhost"
"path": [
"restconf",
"config",
- "ietf-access-control-list:access-lists",
+ "ietf-access-control-list:acls",
"acl",
- "vpp-acl:vpp-macip-acl",
"macip-acl"
]
}
"response": []
},
{
- "_postman_id": "69d626eb-ef32-4b62-beef-8f91da807382",
- "name": "Write icmp acl list",
+ "name": "Write tcp acl list",
"request": {
"method": "PUT",
"header": [
],
"body": {
"mode": "raw",
- "raw": "{\r\n \"acl\": [\r\n {\r\n \"acl-name\": \"icmp-acl\",\r\n \"acl-type\": \"vpp-acl:vpp-acl\",\r\n \"access-list-entries\": {\r\n \"ace\": [\r\n {\r\n \"rule-name\": \"imcp-rule\",\r\n \"matches\": {\r\n \"vpp-ace-nodes\": {\r\n \"destination-ipv4-network\": \"192.168.2.1/24\",\r\n \"source-ipv4-network\": \"192.168.2.2/32\",\r\n \"icmp-nodes\": {\r\n \"icmp-type-range\": {\r\n \"first\": \"5\",\r\n \"last\": \"8\"\r\n },\r\n \"icmp-code-range\": {\r\n \"first\": \"1\",\r\n \"last\": \"3\"\r\n }\r\n }\r\n }\r\n },\r\n \"actions\": {\r\n \"permit\": [null]\r\n }\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n}"
+ "raw": "{\n \"acl\":\n {\n \"name\":\"tcp-acl\",\n \"type\":\"vpp-acl:vpp-acl\",\n \"aces\":{\n \"ace\":[\n {\n \"name\":\"tcp-rule\",\n \"matches\":{\n \"ipv4\":{\n \"destination-ipv4-network\":\"192.168.2.1/24\",\n \"source-ipv4-network\":\"192.168.2.2/32\"\n },\n \"tcp\":{\n \"source-port\":{\n \"lower-port\":\"1\",\n \"upper-port\":\"5487\"\n },\n \"destination-port\":{\n \"lower-port\":\"87\",\n \"upper-port\":\"6745\"\n },\n \"flags\":\"cwr ece urg\",\n \"vpp-acl:vpp-tcp-ace\":{\n \"vpp-acl:flags-mask\":\"cwr\"\n }\n }\n },\n \"actions\":{\n \"forwarding\":\"ietf-access-control-list:accept\"\n }\n }\n ]\n }\n }\n}"
},
"url": {
- "raw": "http://localhost:8183/restconf/config/ietf-access-control-list:access-lists/acl/vpp-acl:vpp-acl/icmp-acl",
+ "raw": "http://localhost:8183/restconf/config/ietf-access-control-list:acls/acl/tcp-acl",
"protocol": "http",
"host": [
"localhost"
"path": [
"restconf",
"config",
- "ietf-access-control-list:access-lists",
+ "ietf-access-control-list:acls",
"acl",
- "vpp-acl:vpp-acl",
- "icmp-acl"
+ "tcp-acl"
]
}
},
"response": []
},
{
- "_postman_id": "39f40bc8-b30b-40e2-ae2d-b357a824f611",
- "name": "Write tcp acl list",
+ "name": "Write udp acl list",
"request": {
"method": "PUT",
"header": [
],
"body": {
"mode": "raw",
- "raw": "{\r\n \"acl\": [\r\n {\r\n \"acl-name\": \"tcp-acl\",\r\n \"acl-type\": \"vpp-acl:vpp-acl\",\r\n \"access-list-entries\": {\r\n \"ace\": [\r\n {\r\n \"rule-name\": \"tcp-rule\",\r\n \"matches\": {\r\n \"vpp-ace-nodes\": {\r\n \"destination-ipv4-network\": \"192.168.2.1/24\",\r\n \"source-ipv4-network\": \"192.168.2.2/32\",\r\n \"tcp-nodes\": {\r\n \"source-port-range\": {\r\n \"lower-port\": \"1\",\r\n \"upper-port\": \"5487\"\r\n },\r\n \"destination-port-range\": {\r\n \"lower-port\": \"87\",\r\n \"upper-port\": \"6745\"\r\n },\r\n \"tcp-flags-mask\": \"1\",\r\n \"tcp-flags-value\": \"7\"\r\n }\r\n }\r\n },\r\n \"actions\": {\r\n \"permit\": [null]\r\n }\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n}"
+ "raw": "{\r\n \"acl\":\r\n {\r\n \"name\":\"udp-acl\",\r\n \"type\":\"vpp-acl:vpp-acl\",\r\n \"aces\":{\r\n \"ace\":[\r\n {\r\n \"name\":\"udp-rule\",\r\n \"matches\":{\r\n \"ipv4\":{\r\n \"destination-ipv4-network\":\"192.168.2.1/24\",\r\n \"source-ipv4-network\":\"192.168.2.2/32\"\r\n },\r\n \"udp\":{\r\n \"source-port\":{\r\n \"lower-port\":\"1\",\r\n \"upper-port\":\"5487\"\r\n },\r\n \"destination-port\":{\r\n \"lower-port\":\"87\",\r\n \"upper-port\":\"6745\"\r\n }\r\n }\r\n },\r\n \"actions\":{\r\n \"forwarding\":\"ietf-access-control-list:accept\"\r\n }\r\n }\r\n ]\r\n }\r\n }\r\n}"
},
"url": {
- "raw": "http://localhost:8183/restconf/config/ietf-access-control-list:access-lists/acl/vpp-acl:vpp-acl/tcp-acl",
+ "raw": "http://localhost:8183/restconf/config/ietf-access-control-list:acls/acl/udp-acl",
"protocol": "http",
"host": [
"localhost"
"path": [
"restconf",
"config",
- "ietf-access-control-list:access-lists",
+ "ietf-access-control-list:acls",
"acl",
- "vpp-acl:vpp-acl",
- "tcp-acl"
+ "udp-acl"
+ ]
+ }
+ },
+ "response": []
+ },
+ {
+ "name": "Write icmp acl list",
+ "request": {
+ "method": "PUT",
+ "header": [
+ {
+ "key": "Authorization",
+ "value": "Basic YWRtaW46YWRtaW4="
+ },
+ {
+ "key": "Content-Type",
+ "value": "application/json"
+ }
+ ],
+ "body": {
+ "mode": "raw",
+ "raw": "{\n \"acl\":\n {\n \"name\":\"icmp-acl\",\n \"type\":\"vpp-acl:vpp-acl\",\n \"aces\":{\n \"ace\":[\n {\n \"name\":\"imcp-rule\",\n \"matches\":{\n \"ipv4\":{\n \"source-ipv4-network\":\"192.168.2.2/32\",\n \"destination-ipv4-network\":\"192.168.2.1/24\"\n },\n \"icmp\":{\n \"vpp-acl:vpp-icmp-ace\":{\n \"vpp-acl:icmp-type-range\":{\n \"first\":\"5\",\n \"last\":\"8\"\n },\n \"vpp-acl:icmp-code-range\":{\n \"first\":\"1\",\n \"last\":\"3\"\n }\n }\n }\n },\n \"actions\":{\n \"forwarding\":\"ietf-access-control-list:accept\"\n }\n }\n ]\n }\n }\n}"
+ },
+ "url": {
+ "raw": "http://localhost:8183/restconf/config/ietf-access-control-list:acls/acl/icmp-acl",
+ "protocol": "http",
+ "host": [
+ "localhost"
+ ],
+ "port": "8183",
+ "path": [
+ "restconf",
+ "config",
+ "ietf-access-control-list:acls",
+ "acl",
+ "icmp-acl"
]
}
},
"response": []
},
{
- "_postman_id": "0b24a6ea-b894-427b-91af-74ae075e3dff",
"name": "Write icmp-v6 acl list",
"request": {
"method": "PUT",
],
"body": {
"mode": "raw",
- "raw": "{\r\n \"acl\": [\r\n {\r\n \"acl-name\": \"icmp-v6-acl\",\r\n \"acl-type\": \"vpp-acl:vpp-acl\",\r\n \"access-list-entries\": {\r\n \"ace\": [\r\n {\r\n \"rule-name\": \"imcp-v6-rule\",\r\n \"matches\": {\r\n \"vpp-ace-nodes\": {\r\n \"destination-ipv6-network\": \"2001:0db8:0a0b:12f0:0000:0000:0000:0001/64\",\r\n \"source-ipv6-network\": \"2001:0db8:0a0b:12f0:0000:0000:0000:0002/48\",\r\n \"icmp-v6-nodes\": {\r\n \"icmp-type-range\": {\r\n \"first\": \"5\",\r\n \"last\": \"8\"\r\n },\r\n \"icmp-code-range\": {\r\n \"first\": \"1\",\r\n \"last\": \"3\"\r\n }\r\n }\r\n }\r\n },\r\n \"actions\": {\r\n \"permit\": [null]\r\n }\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n}"
+ "raw": "{\n \"acl\":\n {\n \"name\":\"icmp-v6-acl\",\n \"type\":\"vpp-acl:vpp-acl\",\n \"aces\":{\n \"ace\":[\n {\n \"name\":\"imcp-v6-rule\",\n \"matches\":{\n \"ipv6\":{\n \"source-ipv6-network\":\"2001:0db8:0a0b:12f0:0000:0000:0000:0002/48\",\n \"destination-ipv6-network\":\"2001:0db8:0a0b:12f0:0000:0000:0000:0001/64\"\n },\n \"icmp\":{\n \"vpp-acl:vpp-icmp-ace\":{\n \"vpp-acl:icmp-type-range\":{\n \"first\":\"5\",\n \"last\":\"8\"\n },\n \"vpp-acl:icmp-code-range\":{\n \"first\":\"1\",\n \"last\":\"3\"\n }\n }\n }\n },\n \"actions\":{\n \"forwarding\":\"ietf-access-control-list:accept\"\n }\n }\n ]\n }\n }\n}"
},
"url": {
- "raw": "http://localhost:8183/restconf/config/ietf-access-control-list:access-lists/acl/vpp-acl:vpp-acl/icmp-v6-acl",
+ "raw": "http://localhost:8183/restconf/config/ietf-access-control-list:acls/acl/icmp-v6-acl",
"protocol": "http",
"host": [
"localhost"
"path": [
"restconf",
"config",
- "ietf-access-control-list:access-lists",
+ "ietf-access-control-list:acls",
"acl",
- "vpp-acl:vpp-acl",
"icmp-v6-acl"
]
}
"response": []
},
{
- "_postman_id": "4614b547-11f8-42d8-be28-fcac6af5f6f4",
- "name": "Write udp acl list",
+ "name": "Read interface ACLs (operational)",
"request": {
- "method": "PUT",
+ "method": "GET",
+ "header": [
+ {
+ "key": "Authorization",
+ "value": "Basic YWRtaW46YWRtaW4="
+ },
+ {
+ "key": "Content-Type",
+ "value": "application/json"
+ }
+ ],
+ "body": {
+ "mode": "raw",
+ "raw": ""
+ },
+ "url": {
+ "raw": "http://localhost:8183/restconf/operational/ietf-access-control-list:acls/attachment-points/",
+ "protocol": "http",
+ "host": [
+ "localhost"
+ ],
+ "port": "8183",
+ "path": [
+ "restconf",
+ "operational",
+ "ietf-access-control-list:acls",
+ "attachment-points",
+ ""
+ ]
+ }
+ },
+ "response": []
+ },
+ {
+ "name": "Read interface ACLs (config)",
+ "request": {
+ "method": "GET",
+ "header": [
+ {
+ "key": "Authorization",
+ "value": "Basic YWRtaW46YWRtaW4="
+ },
+ {
+ "key": "Content-Type",
+ "value": "application/json"
+ }
+ ],
+ "body": {
+ "mode": "raw",
+ "raw": ""
+ },
+ "url": {
+ "raw": "http://localhost:8183/restconf/config/ietf-access-control-list:acls/attachment-points/interface/local0",
+ "protocol": "http",
+ "host": [
+ "localhost"
+ ],
+ "port": "8183",
+ "path": [
+ "restconf",
+ "config",
+ "ietf-access-control-list:acls",
+ "attachment-points",
+ "interface",
+ "local0"
+ ]
+ }
+ },
+ "response": []
+ },
+ {
+ "name": "Read ACLs (cfg)",
+ "request": {
+ "method": "GET",
"header": [
{
"key": "Authorization",
],
"body": {
"mode": "raw",
- "raw": "{\r\n \"acl\": [\r\n {\r\n \"acl-name\": \"udp-acl\",\r\n \"acl-type\": \"vpp-acl:vpp-acl\",\r\n \"access-list-entries\": {\r\n \"ace\": [\r\n {\r\n \"rule-name\": \"udp-rule\",\r\n \"matches\": {\r\n \"vpp-ace-nodes\": {\r\n \"destination-ipv4-network\": \"192.168.2.1/24\",\r\n \"source-ipv4-network\": \"192.168.2.2/32\",\r\n \"udp-nodes\": {\r\n \"source-port-range\": {\r\n \"lower-port\": \"1\",\r\n \"upper-port\": \"5487\"\r\n },\r\n \"destination-port-range\": {\r\n \"lower-port\": \"87\",\r\n \"upper-port\": \"6745\"\r\n }\r\n }\r\n }\r\n },\r\n \"actions\": {\r\n \"permit\": [null]\r\n }\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n}"
+ "raw": ""
},
"url": {
- "raw": "http://localhost:8183/restconf/config/ietf-access-control-list:access-lists/acl/vpp-acl:vpp-acl/udp-acl",
+ "raw": "http://localhost:8183/restconf/config/ietf-access-control-list:acls/",
"protocol": "http",
"host": [
"localhost"
"path": [
"restconf",
"config",
- "ietf-access-control-list:access-lists",
- "acl",
- "vpp-acl:vpp-acl",
- "udp-acl"
+ "ietf-access-control-list:acls",
+ ""
+ ]
+ }
+ },
+ "response": []
+ },
+ {
+ "name": "Read ACLs (oper)",
+ "request": {
+ "method": "GET",
+ "header": [
+ {
+ "key": "Authorization",
+ "value": "Basic YWRtaW46YWRtaW4="
+ },
+ {
+ "key": "Content-Type",
+ "value": "application/json"
+ }
+ ],
+ "body": {
+ "mode": "raw",
+ "raw": ""
+ },
+ "url": {
+ "raw": "http://localhost:8183/restconf/operational/ietf-access-control-list:acls/",
+ "protocol": "http",
+ "host": [
+ "localhost"
+ ],
+ "port": "8183",
+ "path": [
+ "restconf",
+ "operational",
+ "ietf-access-control-list:acls",
+ ""
]
}
},
"response": []
},
{
- "_postman_id": "c33624c1-ff25-4227-bf86-4fbdb5d143c5",
"name": "Assign ACLs as ingress to local0",
"request": {
"method": "PUT",
],
"body": {
"mode": "raw",
- "raw": "{\n \"ingress\": {\n \"vpp-acls\": [\n {\n \"type\" : \"vpp-acl:vpp-acl\",\n \"name\" : \"tcp-acl\"\n },\n {\n \"type\" : \"vpp-acl:vpp-acl\",\n \"name\" : \"udp-acl\"\n }\n ]\n }\n}"
+ "raw": "{\n\t\"acl-sets\" : {\n\t\t\"acl-set\" : [\n\t\t\t{\n\t\t\t\t\"name\" : \"tcp-acl\"\t\n\t\t\t},\n\t\t\t{\n\t\t\t\t\"name\" : \"udp-acl\"\t\n\t\t\t}\n\t\t\t]\n\t}\n}\n"
},
"url": {
- "raw": "http://localhost:8183/restconf/config/ietf-interfaces:interfaces/interface/local0/interface-acl:acl/ingress",
+ "raw": "http://localhost:8183/restconf/config/ietf-access-control-list:acls/attachment-points/interface/local0/ingress/acl-sets/",
"protocol": "http",
"host": [
"localhost"
"path": [
"restconf",
"config",
- "ietf-interfaces:interfaces",
+ "ietf-access-control-list:acls",
+ "attachment-points",
"interface",
"local0",
- "interface-acl:acl",
+ "ingress",
+ "acl-sets",
+ ""
+ ]
+ }
+ },
+ "response": []
+ },
+ {
+ "name": "Delete ACLs as ingress from local0",
+ "request": {
+ "method": "DELETE",
+ "header": [
+ {
+ "key": "Authorization",
+ "value": "Basic YWRtaW46YWRtaW4="
+ },
+ {
+ "key": "Content-Type",
+ "value": "application/json"
+ }
+ ],
+ "body": {
+ "mode": "raw",
+ "raw": ""
+ },
+ "url": {
+ "raw": "http://localhost:8183/restconf/config/ietf-access-control-list:acls/attachment-points/interface/local0/ingress",
+ "protocol": "http",
+ "host": [
+ "localhost"
+ ],
+ "port": "8183",
+ "path": [
+ "restconf",
+ "config",
+ "ietf-access-control-list:acls",
+ "attachment-points",
+ "interface",
+ "local0",
"ingress"
]
}
"response": []
},
{
- "_postman_id": "bdf2b03d-d373-4511-95fd-6be666390db3",
"name": "Assign macip ACL to local0",
"request": {
"method": "PUT",
],
"body": {
"mode": "raw",
- "raw": "{\n\t\"vpp-macip-acl\": {\n\t\t\"type\" : \"vpp-acl:vpp-macip-acl\",\n\t\t\"name\" : \"macip-acl\"\n }\n}"
+ "raw": "{\n\t\"acl-set\": {\n\t\t\"name\" : \"macip-acl\"\n\t}\n}"
},
"url": {
- "raw": "http://localhost:8183/restconf/config/ietf-interfaces:interfaces/interface/local0/interface-acl:acl/ingress/vpp-macip-acl",
+ "raw": "http://localhost:8183/restconf/config/ietf-access-control-list:acls/attachment-points/interface/local0/ingress/acl-sets/acl-set/macip-acl",
"protocol": "http",
"host": [
"localhost"
"path": [
"restconf",
"config",
- "ietf-interfaces:interfaces",
+ "ietf-access-control-list:acls",
+ "attachment-points",
"interface",
"local0",
- "interface-acl:acl",
"ingress",
- "vpp-macip-acl"
+ "acl-sets",
+ "acl-set",
+ "macip-acl"
]
}
},
"response": []
},
{
- "_postman_id": "388656cf-05de-4649-82fe-41b132501936",
- "name": "Read ACLs (cfg)",
+ "name": "delete macip ACL from local0",
+ "request": {
+ "method": "DELETE",
+ "header": [
+ {
+ "key": "Authorization",
+ "value": "Basic YWRtaW46YWRtaW4="
+ },
+ {
+ "key": "Content-Type",
+ "value": "application/json"
+ }
+ ],
+ "body": {
+ "mode": "raw",
+ "raw": ""
+ },
+ "url": {
+ "raw": "http://localhost:8183/restconf/config/ietf-access-control-list:acls/attachment-points/interface/local0/ingress/acl-sets/acl-set/macip-acl",
+ "protocol": "http",
+ "host": [
+ "localhost"
+ ],
+ "port": "8183",
+ "path": [
+ "restconf",
+ "config",
+ "ietf-access-control-list:acls",
+ "attachment-points",
+ "interface",
+ "local0",
+ "ingress",
+ "acl-sets",
+ "acl-set",
+ "macip-acl"
+ ]
+ }
+ },
+ "response": []
+ },
+ {
+ "name": "Read ACLs assigned to local0 (cfg)",
"request": {
"method": "GET",
"header": [
],
"body": {
"mode": "raw",
- "raw": "{\r\n \r\n \"interface\": [\r\n {\r\n \"name\": \"testInterface\",\r\n \"description\": \"for testing purposes\",\r\n \"type\": \"iana-if-type:ethernetCsmacd\",\r\n \"enabled\": \"true\",\r\n \"link-up-down-trap-enable\": \"enabled\",\r\n \"ietf-ip:ipv4\": {\r\n \"enabled\": \"true\",\r\n \"mtu\": \"1500\",\r\n \"address\": [\r\n {\r\n \"ip\": \"1.2.3.0\",\r\n \"netmask\": \"255.255.255.0\"\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n \r\n}"
+ "raw": ""
},
"url": {
- "raw": "http://localhost:8183/restconf/config/ietf-access-control-list:access-lists/",
+ "raw": "http://localhost:8183/restconf/config/ietf-access-control-list:acls/attachment-points/interface/local0",
"protocol": "http",
"host": [
"localhost"
"path": [
"restconf",
"config",
- "ietf-access-control-list:access-lists",
- ""
+ "ietf-access-control-list:acls",
+ "attachment-points",
+ "interface",
+ "local0"
]
}
},
"response": []
},
{
- "_postman_id": "4d76b60a-61fd-4213-862e-08a69eb73b9d",
- "name": "Read ingress ACLs assigned to local0",
+ "name": "Assign ACLs as egress to local0",
"request": {
- "method": "GET",
+ "method": "PUT",
"header": [
{
"key": "Authorization",
],
"body": {
"mode": "raw",
- "raw": "{\n \"ingress\": {\n \"vpp-acls\": [\n {\n \"type\" : \"vpp-acl:vpp-acl\",\n \"name\" : \"tcp-acl\"\n },\n {\n \"type\" : \"vpp-acl:vpp-acl\",\n \"name\" : \"udp-acl\"\n }\n ]\n }\n}"
+ "raw": "{\n\t\"egress\" : {\n\t\t\"acl-sets\" : {\n\t\t\t\"acl-set\" : [\n\t\t\t\t{\n\t\t\t\t\t\"name\" : \"tcp-acl\"\t\n\t\t\t\t},\n\t\t\t\t{\n\t\t\t\t\t\"name\" : \"udp-acl\"\t\n\t\t\t\t}\n\t\t\t\t]\n\t\t}\n\t}\n}\n"
},
"url": {
- "raw": "http://localhost:8183/restconf/operational/ietf-interfaces:interfaces-state/interface/local0/interface-acl:acl/ingress",
+ "raw": "http://localhost:8183/restconf/config/ietf-access-control-list:acls/attachment-points/interface/local0/egress",
"protocol": "http",
"host": [
"localhost"
"port": "8183",
"path": [
"restconf",
- "operational",
- "ietf-interfaces:interfaces-state",
+ "config",
+ "ietf-access-control-list:acls",
+ "attachment-points",
"interface",
"local0",
- "interface-acl:acl",
- "ingress"
+ "egress"
]
}
},
"response": []
},
{
- "_postman_id": "986a53c8-7a95-449b-93f4-8bb7ee5112b6",
- "name": "Read ACLs assigned to local0 (cfg)",
+ "name": "Delete ACLs as egress from local0",
"request": {
- "method": "GET",
+ "method": "DELETE",
"header": [
{
"key": "Authorization",
],
"body": {
"mode": "raw",
- "raw": "{\n \"ingress\": {\n \"vpp-acls\": [\n {\n \"type\" : \"vpp-acl:vpp-acl\",\n \"name\" : \"tcp-acl\"\n },\n {\n \"type\" : \"vpp-acl:vpp-acl\",\n \"name\" : \"udp-acl\"\n }\n ]\n }\n}"
+ "raw": ""
},
"url": {
- "raw": "http://localhost:8183/restconf/config/ietf-interfaces:interfaces/interface/local0/interface-acl:acl/ingress",
+ "raw": "http://localhost:8183/restconf/config/ietf-access-control-list:acls/attachment-points/interface/local0/egress",
"protocol": "http",
"host": [
"localhost"
"path": [
"restconf",
"config",
- "ietf-interfaces:interfaces",
+ "ietf-access-control-list:acls",
+ "attachment-points",
"interface",
"local0",
- "interface-acl:acl",
- "ingress"
+ "egress"
]
}
},
Code Review / hc2vpp.git / commitdiff