Difference between revisions of "VPP/SecurityGroups"
From fd.io
< VPP
(Created page with "= VPP Security Groups = == Introduction == Features are tracked as they are developed in the following [https://jira.fd.io/browse/VPP-427 VPP-427]. == Requirements == * Su...") |
(→API) |
||
| Line 46: | Line 46: | ||
== API == | == API == | ||
| + | add or delete classifier table: | ||
| + | define classify_add_del_table | ||
| + | { | ||
| + | u32 client_index; | ||
| + | u32 context; | ||
| + | u8 is_add; | ||
| + | u32 table_index; | ||
| + | u32 nbuckets; | ||
| + | u32 memory_size; | ||
| + | u32 skip_n_vectors; | ||
| + | u32 match_n_vectors; | ||
| + | u32 next_table_index; | ||
| + | u32 miss_next_index; | ||
| + | u8 mask[0]; | ||
| + | }; | ||
| + | |||
| + | define classify_add_del_table_reply | ||
| + | { | ||
| + | u32 context; | ||
| + | i32 retval; | ||
| + | u32 new_table_index; | ||
| + | u32 skip_n_vectors; | ||
| + | u32 match_n_vectors; | ||
| + | }; | ||
| + | |||
| + | add or delete classifier session: | ||
| + | define classify_add_del_session | ||
| + | { | ||
| + | u32 client_index; | ||
| + | u32 context; | ||
| + | u8 is_add; | ||
| + | u32 table_index; | ||
| + | u32 hit_next_index; | ||
| + | u32 opaque_index; | ||
| + | i32 advance; | ||
| + | u8 match[0]; | ||
| + | }; | ||
| + | |||
| + | define classify_add_del_session_reply | ||
| + | { | ||
| + | u32 context; | ||
| + | i32 retval; | ||
| + | }; | ||
| + | |||
| + | define classify_set_interface_ip_table | ||
| + | { | ||
| + | u32 client_index; | ||
| + | u32 context; | ||
| + | u8 is_ipv6; | ||
| + | u32 sw_if_index; | ||
| + | u32 table_index; /* ~0 => off */ | ||
| + | }; | ||
| + | |||
| + | define classify_set_interface_ip_table_reply | ||
| + | { | ||
| + | u32 context; | ||
| + | i32 retval; | ||
| + | }; | ||
| + | |||
| + | define classify_set_interface_l2_tables | ||
| + | { | ||
| + | u32 client_index; | ||
| + | u32 context; | ||
| + | u32 sw_if_index; | ||
| + | /* 3 x ~0 => off */ | ||
| + | u32 ip4_table_index; | ||
| + | u32 ip6_table_index; | ||
| + | u32 other_table_index; | ||
| + | u8 is_input; | ||
| + | }; | ||
| + | |||
| + | define classify_set_interface_l2_tables_reply | ||
| + | { | ||
| + | u32 context; | ||
| + | i32 retval; | ||
| + | }; | ||
| + | |||
| + | define input_acl_set_interface | ||
| + | { | ||
| + | u32 client_index; | ||
| + | u32 context; | ||
| + | u32 sw_if_index; | ||
| + | u32 ip4_table_index; | ||
| + | u32 ip6_table_index; | ||
| + | u32 l2_table_index; | ||
| + | u8 is_add; | ||
| + | }; | ||
| + | |||
| + | define input_acl_set_interface_reply | ||
| + | { | ||
| + | u32 context; | ||
| + | i32 retval; | ||
| + | }; | ||
| + | |||
| + | define output_acl_set_interface | ||
| + | { | ||
| + | u32 client_index; | ||
| + | u32 context; | ||
| + | u32 sw_if_index; | ||
| + | u32 ip4_table_index; | ||
| + | u32 ip6_table_index; | ||
| + | u32 l2_table_index; | ||
| + | u8 is_add; | ||
| + | }; | ||
| + | |||
| + | define output_acl_set_interface_reply | ||
| + | { | ||
| + | u32 context; | ||
| + | i32 retval; | ||
| + | }; | ||
== CLI == | == CLI == | ||
Revision as of 11:39, 9 October 2016
Contents
VPP Security Groups
Introduction
Features are tracked as they are developed in the following VPP-427.
Requirements
- Support classifiers/filters on L2/bridging interfaces
- Filter on IP-addresses with address mask (IPv4 and IPv6)
- Filter on L4 port ranges
- Filter on L2 MAC addresses
- Support IPv6 with extension headers present
- Combinations of the above filters (e.g. MAC + IP)
- Filters on ingress and egress
Work list
| Task | Owner | Priority | Status | Description |
|---|---|---|---|---|
| API definition | Ole | 0 | WIP | |
| Ingress/Egress support for classifier | 0 | |||
| Support for L2/L3 interfaces | 0 |
API
add or delete classifier table: define classify_add_del_table {
u32 client_index; u32 context; u8 is_add; u32 table_index; u32 nbuckets; u32 memory_size; u32 skip_n_vectors; u32 match_n_vectors; u32 next_table_index; u32 miss_next_index; u8 mask[0];
};
define classify_add_del_table_reply {
u32 context; i32 retval; u32 new_table_index; u32 skip_n_vectors; u32 match_n_vectors;
};
add or delete classifier session: define classify_add_del_session {
u32 client_index; u32 context; u8 is_add; u32 table_index; u32 hit_next_index; u32 opaque_index; i32 advance; u8 match[0];
};
define classify_add_del_session_reply {
u32 context; i32 retval;
};
define classify_set_interface_ip_table {
u32 client_index; u32 context; u8 is_ipv6; u32 sw_if_index; u32 table_index; /* ~0 => off */
};
define classify_set_interface_ip_table_reply {
u32 context; i32 retval;
};
define classify_set_interface_l2_tables {
u32 client_index; u32 context; u32 sw_if_index; /* 3 x ~0 => off */ u32 ip4_table_index; u32 ip6_table_index; u32 other_table_index; u8 is_input;
};
define classify_set_interface_l2_tables_reply {
u32 context; i32 retval;
};
define input_acl_set_interface {
u32 client_index; u32 context; u32 sw_if_index; u32 ip4_table_index; u32 ip6_table_index; u32 l2_table_index; u8 is_add;
};
define input_acl_set_interface_reply {
u32 context; i32 retval;
};
define output_acl_set_interface {
u32 client_index; u32 context; u32 sw_if_index; u32 ip4_table_index; u32 ip6_table_index; u32 l2_table_index; u8 is_add;
};
define output_acl_set_interface_reply {
u32 context; i32 retval;
};
