ipng/vppcfg
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

acl: add dumper for acls

Browse Source 
A reasonable attempt will be made to shorten the output of terms, but
due to the nature of the ACL plugin in VPP, all ACLs will be unrolled
into their individual ACEs (called 'terms').

- src/dst-port will only be emitted with UDP/TCP
- icmp-typc/code will only be emitted with ICMP/ICMPv6
- icmp-code/type and source/destination-ports ranges will be collapsed
  where appropriate.
- if protocol is 0, only L3 information will be emitted

NOTE: a bug in the VPP plugin will allow for ICMP 'sport' and 'dport'
upper value to be 16 bits. If an ACE is retrieved from the dataplane
regarding an ICMP or ICMPv6 (referring the 16 bit values to icmp type
and code), they will be truncated and a warning issued.
This commit is contained in:
Pim van Pelt
2023-01-16 17:12:48 +00:00
parent 28b8ba1485
commit 1bebb8d68d
1 changed files with 0 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
vppcfg/vpp/vppapi.py
View File

@ -382,30 +382,6 @@ class VPPApi:
f"MPLS state retrieval requires https://gerrit.fd.io/r/c/vpp/+/39022" f"MPLS state retrieval requires https://gerrit.fd.io/r/c/vpp/+/39022"
) )
try: ## TODO(pim): Remove after 23.10 release
self.logger.debug("Retrieving interface MPLS state")
api_response = self.vpp.api.mpls_interface_dump()
for iface in api_response:
self.cache["interface_mpls"][iface.sw_if_index] = True
except AttributeError:
self.logger.warning(
f"MPLS state retrieval requires https://gerrit.fd.io/r/c/vpp/+/39022"
)
try:
self.logger.debug("Retrieving ACLs")
api_response = self.vpp.api.acl_dump(acl_index=0xFFFFFFFF)
for acl in api_response:
self.cache["acls"][acl.acl_index] = acl
if acl.tag in self.cache["acl_tags"]:
self.logger.error(
f"Duplicate ACL tag '{acl.tag}' found - cannot safely preoceed, bailing"
)
return False
self.cache["acl_tags"][acl.tag] = acl.acl_index
except AttributeError as err:
self.logger.warning(f"ACL API not found - missing plugin: {err}")
try: try:
self.logger.debug("Retrieving ACLs") self.logger.debug("Retrieving ACLs")
api_response = self.vpp.api.acl_dump(acl_index=0xFFFFFFFF) api_response = self.vpp.api.acl_dump(acl_index=0xFFFFFFFF)
@ -419,8 +395,6 @@ class VPPApi:
except AttributeError: except AttributeError:
self.logger.warning(f"ACL API not found - missing plugin: {err}") self.logger.warning(f"ACL API not found - missing plugin: {err}")
=======
>>>>>>> 0cf4473 (Set MPLS for loopback and interface. Allow for --novpp and VPP changes)
self.logger.debug("Retrieving bondethernets") self.logger.debug("Retrieving bondethernets")
api_response = self.vpp.api.sw_bond_interface_dump() api_response = self.vpp.api.sw_bond_interface_dump()
for iface in api_response: for iface in api_response: