used to control the ACL plugin
*/
-option version = "2.0.0";
+option version = "1.0.1";
import "plugins/acl/acl_types.api";
-import "vnet/interface_types.api";
/** \brief Get the plugin version
@param client_index - opaque cookie to identify the sender
u32 client_index;
u32 context;
u32 acl_index; /* ~0 to add, existing ACL# to replace */
- string tag[64]; /* What gets in here gets out in the corresponding tag field when dumping the ACLs. */
+ u8 tag[64]; /* What gets in here gets out in the corresponding tag field when dumping the ACLs. */
u32 count;
vl_api_acl_rule_t r[count];
option vat_help = "<acl-idx> [<ipv4|ipv6>] <permit|permit+reflect|deny|action N> [src IP/plen] [dst IP/plen] [sport X-Y] [dport X-Y] [proto P] [tcpflags FL MASK], ... , ...";
{
u32 client_index;
u32 context;
- bool is_add [default=true];
+ u8 is_add;
/*
* is_input = 0 => ACL applied on interface egress
* is_input = 1 => ACL applied on interface ingress
*/
- bool is_input;
- vl_api_interface_index_t sw_if_index;
+ u8 is_input;
+ u32 sw_if_index;
u32 acl_index;
option vat_help = "<intfc> | sw_if_index <if-idx> [add|del] [input|output] acl <acl-idx>";
};
{
u32 client_index;
u32 context;
- vl_api_interface_index_t sw_if_index;
+ u32 sw_if_index;
u8 count;
u8 n_input; /* First n_input ACLs are set as a list of input ACLs, the rest are applied as output */
u32 acls[count];
{
u32 context;
u32 acl_index;
- string tag[64]; /* Same blob that was supplied to us when creating the ACL, one hopes. */
+ u8 tag[64]; /* Same blob that was supplied to us when creating the ACL, one hopes. */
u32 count;
vl_api_acl_rule_t r[count];
};
{
u32 client_index;
u32 context;
- vl_api_interface_index_t sw_if_index; /* ~0 for all interfaces */
+ u32 sw_if_index; /* ~0 for all interfaces */
option vat_help = "[<intfc> | sw_if_index <if-idx>]";
};
define acl_interface_list_details
{
u32 context;
- vl_api_interface_index_t sw_if_index;
+ u32 sw_if_index;
u8 count;
u8 n_input;
u32 acls[count];
{
u32 client_index;
u32 context;
- string tag[64];
+ u8 tag[64];
u32 count;
vl_api_macip_acl_rule_t r[count];
option vat_help = "...";
u32 client_index;
u32 context;
u32 acl_index; /* ~0 to add, existing MACIP ACL# to replace */
- string tag[64];
+ u8 tag[64];
u32 count;
vl_api_macip_acl_rule_t r[count];
option vat_help = "<acl-idx> [<ipv4|ipv6>] <permit|deny|action N> [count <count>] [src] ip <ipaddress/[plen]> mac <mac> mask <mac_mask>, ... , ...";
{
u32 client_index;
u32 context;
- bool is_add [default=true];
+ u8 is_add;
/* MACIP ACLs are always input */
- vl_api_interface_index_t sw_if_index;
+ u32 sw_if_index;
u32 acl_index;
option vat_help = "<intfc> | sw_if_index <if-idx> [add|del] acl <acl-idx>";
};
{
u32 context;
u32 acl_index;
- string tag[64];
+ u8 tag[64];
u32 count;
vl_api_macip_acl_rule_t r[count];
};
{
u32 client_index;
u32 context;
- vl_api_interface_index_t sw_if_index; /* ~0 for all interfaces */
+ u32 sw_if_index; /* ~0 for all interfaces */
};
/** \brief Details about a single MACIP ACL contents
define macip_acl_interface_list_details
{
u32 context;
- vl_api_interface_index_t sw_if_index;
+ u32 sw_if_index;
u8 count;
u32 acls[count];
};
{
u32 client_index;
u32 context;
- vl_api_interface_index_t sw_if_index;
+ u32 sw_if_index;
u8 count; /* Total number of ethertypes in the whitelist */
u8 n_input; /* first n_input ethertypes are input, the rest - output */
u16 whitelist[count];
{
u32 client_index;
u32 context;
- vl_api_interface_index_t sw_if_index; /* ~0 for all interfaces */
+ u32 sw_if_index; /* ~0 for all interfaces */
option vat_help = "[<intfc> | sw_if_index <if-idx>]";
};
define acl_interface_etype_whitelist_details
{
u32 context;
- vl_api_interface_index_t sw_if_index;
+ u32 sw_if_index;
u8 count;
u8 n_input; /* first n_input ethertypes are input, the rest - output */
u16 whitelist[count];