vpp_acl

package
v3.5.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 6, 2023 License: Apache-2.0 Imports: 7 Imported by: 16

Documentation

Index

Constants

View Source 
const (

	// IngressFlow represents ingress packet flow
	IngressFlow = "ingress"
	// EgressFlow represents egress packet flow
	EgressFlow = "egress"
)
View Source 
const (
	// InvalidKeyPart is used in key for parts which are invalid
	InvalidKeyPart = "<invalid>"
)
View Source 
const ModuleName = "vpp.acls"

ModuleName is the module name used for models.

Variables

View Source 
var (
	ACL_Rule_Action_name = map[int32]string{
		0: "DENY",
		1: "PERMIT",
		2: "REFLECT",
	}
	ACL_Rule_Action_value = map[string]int32{
		"DENY":    0,
		"PERMIT":  1,
		"REFLECT": 2,
	}
)

Enum value maps for ACL_Rule_Action.

View Source 
var File_ligato_vpp_acl_acl_proto protoreflect.FileDescriptor
View Source 
var (
	ModelACL = models.Register(&ACL{}, models.Spec{
		Module:  ModuleName,
		Version: "v2",
		Type:    "acl",
	})
)

Functions

func Key 

func Key(aclName string) string

Key returns the prefix used in ETCD to store vpp ACL config of a particular ACL in selected vpp instance.

func ParseACLToInterfaceKey 

func ParseACLToInterfaceKey(key string) (acl, iface, flow string, isACLToInterface bool)

ParseACLToInterfaceKey parses ACL to interface key

func ToInterfaceKey 

func ToInterfaceKey(acl, iface, flow string) string

ToInterfaceKey returns key for ACL to interface

Types

type ACL 

type ACL struct {

	// The name of an access list. A device MAY restrict the length
	// and value of this name, possibly spaces and special
	// characters are not allowed.
	Name       string          `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	Rules      []*ACL_Rule     `protobuf:"bytes,2,rep,name=rules,proto3" json:"rules,omitempty"`
	Interfaces *ACL_Interfaces `protobuf:"bytes,3,opt,name=interfaces,proto3" json:"interfaces,omitempty"`
	// contains filtered or unexported fields
}

ACL defines Access Control List.

func (*ACL) Descriptor deprecated 

func (*ACL) Descriptor() ([]byte, []int)

Deprecated: Use ACL.ProtoReflect.Descriptor instead.

func (*ACL) GetInterfaces 

func (x *ACL) GetInterfaces() *ACL_Interfaces

func (*ACL) GetName 

func (x *ACL) GetName() string

func (*ACL) GetRules 

func (x *ACL) GetRules() []*ACL_Rule

func (*ACL) ProtoMessage 

func (*ACL) ProtoMessage()

func (*ACL) ProtoReflect added in v3.2.0 

func (x *ACL) ProtoReflect() protoreflect.Message

func (*ACL) Reset 

func (x *ACL) Reset()

func (*ACL) String 

func (x *ACL) String() string

type ACL_Interfaces 

type ACL_Interfaces struct {
	Egress  []string `protobuf:"bytes,1,rep,name=egress,proto3" json:"egress,omitempty"`
	Ingress []string `protobuf:"bytes,2,rep,name=ingress,proto3" json:"ingress,omitempty"`
	// contains filtered or unexported fields
}

The set of interfaces that has assigned this ACL on ingres or egress.

func (*ACL_Interfaces) Descriptor deprecated 

func (*ACL_Interfaces) Descriptor() ([]byte, []int)

Deprecated: Use ACL_Interfaces.ProtoReflect.Descriptor instead.

func (*ACL_Interfaces) GetEgress 

func (x *ACL_Interfaces) GetEgress() []string

func (*ACL_Interfaces) GetIngress 

func (x *ACL_Interfaces) GetIngress() []string

func (*ACL_Interfaces) ProtoMessage 

func (*ACL_Interfaces) ProtoMessage()

func (*ACL_Interfaces) ProtoReflect added in v3.2.0 

func (x *ACL_Interfaces) ProtoReflect() protoreflect.Message

func (*ACL_Interfaces) Reset 

func (x *ACL_Interfaces) Reset()

func (*ACL_Interfaces) String 

func (x *ACL_Interfaces) String() string

type ACL_Rule 

type ACL_Rule struct {
	Action    ACL_Rule_Action     `protobuf:"varint,1,opt,name=action,proto3,enum=ligato.vpp.acl.ACL_Rule_Action" json:"action,omitempty"`
	IpRule    *ACL_Rule_IpRule    `protobuf:"bytes,2,opt,name=ip_rule,json=ipRule,proto3" json:"ip_rule,omitempty"`
	MacipRule *ACL_Rule_MacIpRule `protobuf:"bytes,3,opt,name=macip_rule,json=macipRule,proto3" json:"macip_rule,omitempty"`
	// contains filtered or unexported fields
}

List of access list entries (Rules). Each Access Control Rule has a list of match criteria and a list of actions. Access List entry that can define: - IPv4/IPv6 src ip prefix - src MAC address mask - src MAC address value - can be used only for static ACLs.

func (*ACL_Rule) Descriptor deprecated 

func (*ACL_Rule) Descriptor() ([]byte, []int)

Deprecated: Use ACL_Rule.ProtoReflect.Descriptor instead.

func (*ACL_Rule) GetAction 

func (x *ACL_Rule) GetAction() ACL_Rule_Action

func (*ACL_Rule) GetIpRule 

func (x *ACL_Rule) GetIpRule() *ACL_Rule_IpRule

func (*ACL_Rule) GetMacipRule 

func (x *ACL_Rule) GetMacipRule() *ACL_Rule_MacIpRule

func (*ACL_Rule) ProtoMessage 

func (*ACL_Rule) ProtoMessage()

func (*ACL_Rule) ProtoReflect added in v3.2.0 

func (x *ACL_Rule) ProtoReflect() protoreflect.Message

func (*ACL_Rule) Reset 

func (x *ACL_Rule) Reset()

func (*ACL_Rule) String 

func (x *ACL_Rule) String() string

type ACL_Rule_Action 

type ACL_Rule_Action int32
const (
	ACL_Rule_DENY    ACL_Rule_Action = 0
	ACL_Rule_PERMIT  ACL_Rule_Action = 1
	ACL_Rule_REFLECT ACL_Rule_Action = 2
)

func (ACL_Rule_Action) Descriptor added in v3.2.0 

func (ACL_Rule_Action) Descriptor() protoreflect.EnumDescriptor

func (ACL_Rule_Action) Enum added in v3.2.0 

func (x ACL_Rule_Action) Enum() *ACL_Rule_Action

func (ACL_Rule_Action) EnumDescriptor deprecated 

func (ACL_Rule_Action) EnumDescriptor() ([]byte, []int)

Deprecated: Use ACL_Rule_Action.Descriptor instead.

func (ACL_Rule_Action) Number added in v3.2.0 

func (x ACL_Rule_Action) Number() protoreflect.EnumNumber

func (ACL_Rule_Action) String 

func (x ACL_Rule_Action) String() string

func (ACL_Rule_Action) Type added in v3.2.0 

func (ACL_Rule_Action) Type() protoreflect.EnumType

type ACL_Rule_IpRule 

type ACL_Rule_IpRule struct {
	Ip   *ACL_Rule_IpRule_Ip   `protobuf:"bytes,1,opt,name=ip,proto3" json:"ip,omitempty"`
	Icmp *ACL_Rule_IpRule_Icmp `protobuf:"bytes,2,opt,name=icmp,proto3" json:"icmp,omitempty"`
	Tcp  *ACL_Rule_IpRule_Tcp  `protobuf:"bytes,3,opt,name=tcp,proto3" json:"tcp,omitempty"`
	Udp  *ACL_Rule_IpRule_Udp  `protobuf:"bytes,4,opt,name=udp,proto3" json:"udp,omitempty"`
	// contains filtered or unexported fields
}

func (*ACL_Rule_IpRule) Descriptor deprecated 

func (*ACL_Rule_IpRule) Descriptor() ([]byte, []int)

Deprecated: Use ACL_Rule_IpRule.ProtoReflect.Descriptor instead.

func (*ACL_Rule_IpRule) GetIcmp 

func (x *ACL_Rule_IpRule) GetIcmp() *ACL_Rule_IpRule_Icmp

func (*ACL_Rule_IpRule) GetIp 

func (x *ACL_Rule_IpRule) GetIp() *ACL_Rule_IpRule_Ip

func (*ACL_Rule_IpRule) GetTcp 

func (x *ACL_Rule_IpRule) GetTcp() *ACL_Rule_IpRule_Tcp

func (*ACL_Rule_IpRule) GetUdp 

func (x *ACL_Rule_IpRule) GetUdp() *ACL_Rule_IpRule_Udp

func (*ACL_Rule_IpRule) ProtoMessage 

func (*ACL_Rule_IpRule) ProtoMessage()

func (*ACL_Rule_IpRule) ProtoReflect added in v3.2.0 

func (x *ACL_Rule_IpRule) ProtoReflect() protoreflect.Message

func (*ACL_Rule_IpRule) Reset 

func (x *ACL_Rule_IpRule) Reset()

func (*ACL_Rule_IpRule) String 

func (x *ACL_Rule_IpRule) String() string

type ACL_Rule_IpRule_Icmp 

type ACL_Rule_IpRule_Icmp struct {

	// ICMPv6 flag, if false ICMPv4 will be used
	Icmpv6 bool `protobuf:"varint,1,opt,name=icmpv6,proto3" json:"icmpv6,omitempty"`
	// Inclusive range representing icmp codes to be used.
	IcmpCodeRange *ACL_Rule_IpRule_Icmp_Range `protobuf:"bytes,2,opt,name=icmp_code_range,json=icmpCodeRange,proto3" json:"icmp_code_range,omitempty"`
	IcmpTypeRange *ACL_Rule_IpRule_Icmp_Range `protobuf:"bytes,3,opt,name=icmp_type_range,json=icmpTypeRange,proto3" json:"icmp_type_range,omitempty"`
	// contains filtered or unexported fields
}

func (*ACL_Rule_IpRule_Icmp) Descriptor deprecated 

func (*ACL_Rule_IpRule_Icmp) Descriptor() ([]byte, []int)

Deprecated: Use ACL_Rule_IpRule_Icmp.ProtoReflect.Descriptor instead.

func (*ACL_Rule_IpRule_Icmp) GetIcmpCodeRange 

func (x *ACL_Rule_IpRule_Icmp) GetIcmpCodeRange() *ACL_Rule_IpRule_Icmp_Range

func (*ACL_Rule_IpRule_Icmp) GetIcmpTypeRange 

func (x *ACL_Rule_IpRule_Icmp) GetIcmpTypeRange() *ACL_Rule_IpRule_Icmp_Range

func (*ACL_Rule_IpRule_Icmp) GetIcmpv6 

func (x *ACL_Rule_IpRule_Icmp) GetIcmpv6() bool

func (*ACL_Rule_IpRule_Icmp) ProtoMessage 

func (*ACL_Rule_IpRule_Icmp) ProtoMessage()

func (*ACL_Rule_IpRule_Icmp) ProtoReflect added in v3.2.0 

func (x *ACL_Rule_IpRule_Icmp) ProtoReflect() protoreflect.Message

func (*ACL_Rule_IpRule_Icmp) Reset 

func (x *ACL_Rule_IpRule_Icmp) Reset()

func (*ACL_Rule_IpRule_Icmp) String 

func (x *ACL_Rule_IpRule_Icmp) String() string

type ACL_Rule_IpRule_Icmp_Range 

type ACL_Rule_IpRule_Icmp_Range struct {
	First uint32 `protobuf:"varint,1,opt,name=first,proto3" json:"first,omitempty"`
	Last  uint32 `protobuf:"varint,2,opt,name=last,proto3" json:"last,omitempty"`
	// contains filtered or unexported fields
}

func (*ACL_Rule_IpRule_Icmp_Range) Descriptor deprecated 

func (*ACL_Rule_IpRule_Icmp_Range) Descriptor() ([]byte, []int)

Deprecated: Use ACL_Rule_IpRule_Icmp_Range.ProtoReflect.Descriptor instead.

func (*ACL_Rule_IpRule_Icmp_Range) GetFirst 

func (x *ACL_Rule_IpRule_Icmp_Range) GetFirst() uint32

func (*ACL_Rule_IpRule_Icmp_Range) GetLast 

func (x *ACL_Rule_IpRule_Icmp_Range) GetLast() uint32

func (*ACL_Rule_IpRule_Icmp_Range) ProtoMessage 

func (*ACL_Rule_IpRule_Icmp_Range) ProtoMessage()

func (*ACL_Rule_IpRule_Icmp_Range) ProtoReflect added in v3.2.0 

func (x *ACL_Rule_IpRule_Icmp_Range) ProtoReflect() protoreflect.Message

func (*ACL_Rule_IpRule_Icmp_Range) Reset 

func (x *ACL_Rule_IpRule_Icmp_Range) Reset()

func (*ACL_Rule_IpRule_Icmp_Range) String 

func (x *ACL_Rule_IpRule_Icmp_Range) String() string

type ACL_Rule_IpRule_Ip 

type ACL_Rule_IpRule_Ip struct {

	// Destination IPv4/IPv6 network address (<ip>/<network>)
	DestinationNetwork string `protobuf:"bytes,1,opt,name=destination_network,json=destinationNetwork,proto3" json:"destination_network,omitempty"`
	// Destination IPv4/IPv6 network address (<ip>/<network>)
	SourceNetwork string `protobuf:"bytes,2,opt,name=source_network,json=sourceNetwork,proto3" json:"source_network,omitempty"`
	// IP protocol number (http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml)
	// Zero value (i.e. undefined protocol) means that the protocol to match will be automatically
	// selected from one of the ICMP/ICMP6/TCP/UDP based on the rule definition. For example, if "icmp"
	// is defined and src/dst addresses are IPv6 then packets of the ICMP6 protocol will be matched, etc.
	Protocol uint32 `protobuf:"varint,3,opt,name=protocol,proto3" json:"protocol,omitempty"`
	// contains filtered or unexported fields
}

IP used in this Access List Entry.

func (*ACL_Rule_IpRule_Ip) Descriptor deprecated 

func (*ACL_Rule_IpRule_Ip) Descriptor() ([]byte, []int)

Deprecated: Use ACL_Rule_IpRule_Ip.ProtoReflect.Descriptor instead.

func (*ACL_Rule_IpRule_Ip) GetDestinationNetwork 

func (x *ACL_Rule_IpRule_Ip) GetDestinationNetwork() string

func (*ACL_Rule_IpRule_Ip) GetProtocol added in v3.2.0 

func (x *ACL_Rule_IpRule_Ip) GetProtocol() uint32

func (*ACL_Rule_IpRule_Ip) GetSourceNetwork 

func (x *ACL_Rule_IpRule_Ip) GetSourceNetwork() string

func (*ACL_Rule_IpRule_Ip) ProtoMessage 

func (*ACL_Rule_IpRule_Ip) ProtoMessage()

func (*ACL_Rule_IpRule_Ip) ProtoReflect added in v3.2.0 

func (x *ACL_Rule_IpRule_Ip) ProtoReflect() protoreflect.Message

func (*ACL_Rule_IpRule_Ip) Reset 

func (x *ACL_Rule_IpRule_Ip) Reset()

func (*ACL_Rule_IpRule_Ip) String 

func (x *ACL_Rule_IpRule_Ip) String() string

type ACL_Rule_IpRule_PortRange 

type ACL_Rule_IpRule_PortRange struct {
	LowerPort uint32 `protobuf:"varint,1,opt,name=lower_port,json=lowerPort,proto3" json:"lower_port,omitempty"`
	// If upper port is set, it must
	// be greater or equal to lower port
	UpperPort uint32 `protobuf:"varint,2,opt,name=upper_port,json=upperPort,proto3" json:"upper_port,omitempty"`
	// contains filtered or unexported fields
}

Inclusive range representing destination ports to be used. When only lower-port is present, it represents a single port.

func (*ACL_Rule_IpRule_PortRange) Descriptor deprecated 

func (*ACL_Rule_IpRule_PortRange) Descriptor() ([]byte, []int)

Deprecated: Use ACL_Rule_IpRule_PortRange.ProtoReflect.Descriptor instead.

func (*ACL_Rule_IpRule_PortRange) GetLowerPort 

func (x *ACL_Rule_IpRule_PortRange) GetLowerPort() uint32

func (*ACL_Rule_IpRule_PortRange) GetUpperPort 

func (x *ACL_Rule_IpRule_PortRange) GetUpperPort() uint32

func (*ACL_Rule_IpRule_PortRange) ProtoMessage 

func (*ACL_Rule_IpRule_PortRange) ProtoMessage()

func (*ACL_Rule_IpRule_PortRange) ProtoReflect added in v3.2.0 

func (x *ACL_Rule_IpRule_PortRange) ProtoReflect() protoreflect.Message

func (*ACL_Rule_IpRule_PortRange) Reset 

func (x *ACL_Rule_IpRule_PortRange) Reset()

func (*ACL_Rule_IpRule_PortRange) String 

func (x *ACL_Rule_IpRule_PortRange) String() string

type ACL_Rule_IpRule_Tcp 

type ACL_Rule_IpRule_Tcp struct {
	DestinationPortRange *ACL_Rule_IpRule_PortRange `protobuf:"bytes,1,opt,name=destination_port_range,json=destinationPortRange,proto3" json:"destination_port_range,omitempty"`
	SourcePortRange      *ACL_Rule_IpRule_PortRange `protobuf:"bytes,2,opt,name=source_port_range,json=sourcePortRange,proto3" json:"source_port_range,omitempty"`
	// Binary mask for tcp flags to match. MSB order (FIN at position 0).
	// Applied as logical AND to tcp flags field of the packet being matched,
	// before it is compared with tcp-flags-value.
	TcpFlagsMask uint32 `protobuf:"varint,3,opt,name=tcp_flags_mask,json=tcpFlagsMask,proto3" json:"tcp_flags_mask,omitempty"`
	// Binary value for tcp flags to match. MSB order (FIN at position 0).
	// Before tcp-flags-value is compared with tcp flags field of the packet being matched,
	// tcp-flags-mask is applied to packet field value.
	TcpFlagsValue uint32 `protobuf:"varint,4,opt,name=tcp_flags_value,json=tcpFlagsValue,proto3" json:"tcp_flags_value,omitempty"`
	// contains filtered or unexported fields
}

func (*ACL_Rule_IpRule_Tcp) Descriptor deprecated 

func (*ACL_Rule_IpRule_Tcp) Descriptor() ([]byte, []int)

Deprecated: Use ACL_Rule_IpRule_Tcp.ProtoReflect.Descriptor instead.

func (*ACL_Rule_IpRule_Tcp) GetDestinationPortRange 

func (x *ACL_Rule_IpRule_Tcp) GetDestinationPortRange() *ACL_Rule_IpRule_PortRange

func (*ACL_Rule_IpRule_Tcp) GetSourcePortRange 

func (x *ACL_Rule_IpRule_Tcp) GetSourcePortRange() *ACL_Rule_IpRule_PortRange

func (*ACL_Rule_IpRule_Tcp) GetTcpFlagsMask 

func (x *ACL_Rule_IpRule_Tcp) GetTcpFlagsMask() uint32

func (*ACL_Rule_IpRule_Tcp) GetTcpFlagsValue 

func (x *ACL_Rule_IpRule_Tcp) GetTcpFlagsValue() uint32

func (*ACL_Rule_IpRule_Tcp) ProtoMessage 

func (*ACL_Rule_IpRule_Tcp) ProtoMessage()

func (*ACL_Rule_IpRule_Tcp) ProtoReflect added in v3.2.0 

func (x *ACL_Rule_IpRule_Tcp) ProtoReflect() protoreflect.Message

func (*ACL_Rule_IpRule_Tcp) Reset 

func (x *ACL_Rule_IpRule_Tcp) Reset()

func (*ACL_Rule_IpRule_Tcp) String 

func (x *ACL_Rule_IpRule_Tcp) String() string

type ACL_Rule_IpRule_Udp 

type ACL_Rule_IpRule_Udp struct {
	DestinationPortRange *ACL_Rule_IpRule_PortRange `protobuf:"bytes,1,opt,name=destination_port_range,json=destinationPortRange,proto3" json:"destination_port_range,omitempty"`
	SourcePortRange      *ACL_Rule_IpRule_PortRange `protobuf:"bytes,2,opt,name=source_port_range,json=sourcePortRange,proto3" json:"source_port_range,omitempty"`
	// contains filtered or unexported fields
}

func (*ACL_Rule_IpRule_Udp) Descriptor deprecated 

func (*ACL_Rule_IpRule_Udp) Descriptor() ([]byte, []int)

Deprecated: Use ACL_Rule_IpRule_Udp.ProtoReflect.Descriptor instead.

func (*ACL_Rule_IpRule_Udp) GetDestinationPortRange 

func (x *ACL_Rule_IpRule_Udp) GetDestinationPortRange() *ACL_Rule_IpRule_PortRange

func (*ACL_Rule_IpRule_Udp) GetSourcePortRange 

func (x *ACL_Rule_IpRule_Udp) GetSourcePortRange() *ACL_Rule_IpRule_PortRange

func (*ACL_Rule_IpRule_Udp) ProtoMessage 

func (*ACL_Rule_IpRule_Udp) ProtoMessage()

func (*ACL_Rule_IpRule_Udp) ProtoReflect added in v3.2.0 

func (x *ACL_Rule_IpRule_Udp) ProtoReflect() protoreflect.Message

func (*ACL_Rule_IpRule_Udp) Reset 

func (x *ACL_Rule_IpRule_Udp) Reset()

func (*ACL_Rule_IpRule_Udp) String 

func (x *ACL_Rule_IpRule_Udp) String() string

type ACL_Rule_MacIpRule 

type ACL_Rule_MacIpRule struct {
	SourceAddress       string `protobuf:"bytes,1,opt,name=source_address,json=sourceAddress,proto3" json:"source_address,omitempty"`
	SourceAddressPrefix uint32 `protobuf:"varint,2,opt,name=source_address_prefix,json=sourceAddressPrefix,proto3" json:"source_address_prefix,omitempty"`
	// Before source-mac-address is compared with source mac address field of the packet
	// being matched, source-mac-address-mask is applied to packet field value.
	SourceMacAddress string `protobuf:"bytes,3,opt,name=source_mac_address,json=sourceMacAddress,proto3" json:"source_mac_address,omitempty"`
	// Source MAC address mask.
	// Applied as logical AND with source mac address field of the packet being matched,
	// before it is compared with source-mac-address.
	SourceMacAddressMask string `protobuf:"bytes,4,opt,name=source_mac_address_mask,json=sourceMacAddressMask,proto3" json:"source_mac_address_mask,omitempty"`
	// contains filtered or unexported fields
}

func (*ACL_Rule_MacIpRule) Descriptor deprecated 

func (*ACL_Rule_MacIpRule) Descriptor() ([]byte, []int)

Deprecated: Use ACL_Rule_MacIpRule.ProtoReflect.Descriptor instead.

func (*ACL_Rule_MacIpRule) GetSourceAddress 

func (x *ACL_Rule_MacIpRule) GetSourceAddress() string

func (*ACL_Rule_MacIpRule) GetSourceAddressPrefix 

func (x *ACL_Rule_MacIpRule) GetSourceAddressPrefix() uint32

func (*ACL_Rule_MacIpRule) GetSourceMacAddress 

func (x *ACL_Rule_MacIpRule) GetSourceMacAddress() string

func (*ACL_Rule_MacIpRule) GetSourceMacAddressMask 

func (x *ACL_Rule_MacIpRule) GetSourceMacAddressMask() string

func (*ACL_Rule_MacIpRule) ProtoMessage 

func (*ACL_Rule_MacIpRule) ProtoMessage()

func (*ACL_Rule_MacIpRule) ProtoReflect added in v3.2.0 

func (x *ACL_Rule_MacIpRule) ProtoReflect() protoreflect.Message

func (*ACL_Rule_MacIpRule) Reset 

func (x *ACL_Rule_MacIpRule) Reset()

func (*ACL_Rule_MacIpRule) String 

func (x *ACL_Rule_MacIpRule) String() string

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.