acl

package
v1.5.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 23, 2018 License: Apache-2.0 Imports: 3 Imported by: 0

Documentation

Overview

Package acl is a generated protocol buffer package.

It is generated from these files:

acl.proto

It has these top-level messages:

AccessLists

Index

Constants

This section is empty.

Variables

View Source
var AclAction_name = map[int32]string{
	0: "DENY",
	1: "PERMIT",
	2: "REFLECT",
}
View Source
var AclAction_value = map[string]int32{
	"DENY":    0,
	"PERMIT":  1,
	"REFLECT": 2,
}

Functions

func Key

func Key(aclName string) string

Key returns the prefix used in ETCD to store vpp ACL config of a particular ACL in selected vpp instance.

func KeyPrefix

func KeyPrefix() string

KeyPrefix returns the prefix used in ETCD to store vpp ACLs config.

Types

type AccessLists

type AccessLists struct {
	Acls []*AccessLists_Acl `protobuf:"bytes,1,rep,name=acls" json:"acls,omitempty"`
}

This is a top level container for Access Control Lists. It can have one or more Access Control Lists.

func (*AccessLists) Descriptor

func (*AccessLists) Descriptor() ([]byte, []int)

func (*AccessLists) GetAcls

func (m *AccessLists) GetAcls() []*AccessLists_Acl

func (*AccessLists) ProtoMessage

func (*AccessLists) ProtoMessage()

func (*AccessLists) Reset

func (m *AccessLists) Reset()

func (*AccessLists) String

func (m *AccessLists) String() string

type AccessLists_Acl

type AccessLists_Acl struct {
	// The name of access list. A device MAY restrict the length
	// and value of this name, possibly spaces and special
	// characters are not allowed.
	AclName string                  `protobuf:"bytes,1,opt,name=acl_name,json=aclName,proto3" json:"acl_name,omitempty"`
	Rules   []*AccessLists_Acl_Rule `protobuf:"bytes,2,rep,name=rules" json:"rules,omitempty"`
	// The set of interfaces that has assigned this ACL on ingres or egress.
	Interfaces *AccessLists_Acl_Interfaces `protobuf:"bytes,3,opt,name=interfaces" json:"interfaces,omitempty"`
}

An Access Control List (ACL) is an ordered list of Access List Rules.

func (*AccessLists_Acl) Descriptor

func (*AccessLists_Acl) Descriptor() ([]byte, []int)

func (*AccessLists_Acl) GetAclName

func (m *AccessLists_Acl) GetAclName() string

func (*AccessLists_Acl) GetInterfaces

func (m *AccessLists_Acl) GetInterfaces() *AccessLists_Acl_Interfaces

func (*AccessLists_Acl) GetRules

func (m *AccessLists_Acl) GetRules() []*AccessLists_Acl_Rule

func (*AccessLists_Acl) ProtoMessage

func (*AccessLists_Acl) ProtoMessage()

func (*AccessLists_Acl) Reset

func (m *AccessLists_Acl) Reset()

func (*AccessLists_Acl) String

func (m *AccessLists_Acl) String() string

type AccessLists_Acl_Interfaces

type AccessLists_Acl_Interfaces struct {
	Egress  []string `protobuf:"bytes,1,rep,name=egress" json:"egress,omitempty"`
	Ingress []string `protobuf:"bytes,2,rep,name=ingress" json:"ingress,omitempty"`
}

func (*AccessLists_Acl_Interfaces) Descriptor

func (*AccessLists_Acl_Interfaces) Descriptor() ([]byte, []int)

func (*AccessLists_Acl_Interfaces) GetEgress

func (m *AccessLists_Acl_Interfaces) GetEgress() []string

func (*AccessLists_Acl_Interfaces) GetIngress

func (m *AccessLists_Acl_Interfaces) GetIngress() []string

func (*AccessLists_Acl_Interfaces) ProtoMessage

func (*AccessLists_Acl_Interfaces) ProtoMessage()

func (*AccessLists_Acl_Interfaces) Reset

func (m *AccessLists_Acl_Interfaces) Reset()

func (*AccessLists_Acl_Interfaces) String

func (m *AccessLists_Acl_Interfaces) String() string

type AccessLists_Acl_Rule

type AccessLists_Acl_Rule struct {
	// A unique name identifying this Access List Entry (Rule)
	RuleName string `protobuf:"bytes,1,opt,name=rule_name,json=ruleName,proto3" json:"rule_name,omitempty"`
	// Action for this Access List Rule
	AclAction AclAction                   `protobuf:"varint,2,opt,name=acl_action,json=aclAction,proto3,enum=acl.AclAction" json:"acl_action,omitempty"`
	Match     *AccessLists_Acl_Rule_Match `protobuf:"bytes,3,opt,name=match" json:"match,omitempty"`
}

List of access list entries (Rules). Each Access Control Rule has a list of match criteria and a list of actions. Access List entry that can define: - IPv4/IPv6 src ip prefix - src MAC address mask - src MAC address value - can be used only for static ACLs.

func (*AccessLists_Acl_Rule) Descriptor

func (*AccessLists_Acl_Rule) Descriptor() ([]byte, []int)

func (*AccessLists_Acl_Rule) GetAclAction

func (m *AccessLists_Acl_Rule) GetAclAction() AclAction

func (*AccessLists_Acl_Rule) GetMatch

func (*AccessLists_Acl_Rule) GetRuleName

func (m *AccessLists_Acl_Rule) GetRuleName() string

func (*AccessLists_Acl_Rule) ProtoMessage

func (*AccessLists_Acl_Rule) ProtoMessage()

func (*AccessLists_Acl_Rule) Reset

func (m *AccessLists_Acl_Rule) Reset()

func (*AccessLists_Acl_Rule) String

func (m *AccessLists_Acl_Rule) String() string

type AccessLists_Acl_Rule_Match

type AccessLists_Acl_Rule_Match struct {
	IpRule    *AccessLists_Acl_Rule_Match_IpRule    `protobuf:"bytes,1,opt,name=ip_rule,json=ipRule" json:"ip_rule,omitempty"`
	MacipRule *AccessLists_Acl_Rule_Match_MacIpRule `protobuf:"bytes,2,opt,name=macip_rule,json=macipRule" json:"macip_rule,omitempty"`
}

Definitions for match criteria for this Access List Rule

func (*AccessLists_Acl_Rule_Match) Descriptor

func (*AccessLists_Acl_Rule_Match) Descriptor() ([]byte, []int)

func (*AccessLists_Acl_Rule_Match) GetIpRule

func (*AccessLists_Acl_Rule_Match) GetMacipRule

func (*AccessLists_Acl_Rule_Match) ProtoMessage

func (*AccessLists_Acl_Rule_Match) ProtoMessage()

func (*AccessLists_Acl_Rule_Match) Reset

func (m *AccessLists_Acl_Rule_Match) Reset()

func (*AccessLists_Acl_Rule_Match) String

func (m *AccessLists_Acl_Rule_Match) String() string

type AccessLists_Acl_Rule_Match_IpRule

type AccessLists_Acl_Rule_Match_IpRule struct {
	Ip   *AccessLists_Acl_Rule_Match_IpRule_Ip   `protobuf:"bytes,1,opt,name=ip" json:"ip,omitempty"`
	Icmp *AccessLists_Acl_Rule_Match_IpRule_Icmp `protobuf:"bytes,2,opt,name=icmp" json:"icmp,omitempty"`
	Tcp  *AccessLists_Acl_Rule_Match_IpRule_Tcp  `protobuf:"bytes,3,opt,name=tcp" json:"tcp,omitempty"`
	Udp  *AccessLists_Acl_Rule_Match_IpRule_Udp  `protobuf:"bytes,4,opt,name=udp" json:"udp,omitempty"`
}

Access List entry that can define: - IPv4/IPv6 src/dst IP prefix - Internet Protocol number - selected L4 headers:

  • ICMP (type range)
  • UDP (port range)
  • TCP (port range, flags mask, flags value)

func (*AccessLists_Acl_Rule_Match_IpRule) Descriptor

func (*AccessLists_Acl_Rule_Match_IpRule) Descriptor() ([]byte, []int)

func (*AccessLists_Acl_Rule_Match_IpRule) GetIcmp

func (*AccessLists_Acl_Rule_Match_IpRule) GetIp

func (*AccessLists_Acl_Rule_Match_IpRule) GetTcp

func (*AccessLists_Acl_Rule_Match_IpRule) GetUdp

func (*AccessLists_Acl_Rule_Match_IpRule) ProtoMessage

func (*AccessLists_Acl_Rule_Match_IpRule) ProtoMessage()

func (*AccessLists_Acl_Rule_Match_IpRule) Reset

func (*AccessLists_Acl_Rule_Match_IpRule) String

type AccessLists_Acl_Rule_Match_IpRule_Icmp

type AccessLists_Acl_Rule_Match_IpRule_Icmp struct {
	// ICMPv6 flag, if false ICMPv4 will be used
	Icmpv6 bool `protobuf:"varint,1,opt,name=icmpv6,proto3" json:"icmpv6,omitempty"`
	// Inclusive range representing icmp codes to be used.
	IcmpCodeRange *AccessLists_Acl_Rule_Match_IpRule_Icmp_Range `protobuf:"bytes,2,opt,name=icmp_code_range,json=icmpCodeRange" json:"icmp_code_range,omitempty"`
	IcmpTypeRange *AccessLists_Acl_Rule_Match_IpRule_Icmp_Range `protobuf:"bytes,3,opt,name=icmp_type_range,json=icmpTypeRange" json:"icmp_type_range,omitempty"`
}

func (*AccessLists_Acl_Rule_Match_IpRule_Icmp) Descriptor

func (*AccessLists_Acl_Rule_Match_IpRule_Icmp) Descriptor() ([]byte, []int)

func (*AccessLists_Acl_Rule_Match_IpRule_Icmp) GetIcmpCodeRange

func (*AccessLists_Acl_Rule_Match_IpRule_Icmp) GetIcmpTypeRange

func (*AccessLists_Acl_Rule_Match_IpRule_Icmp) GetIcmpv6

func (*AccessLists_Acl_Rule_Match_IpRule_Icmp) ProtoMessage

func (*AccessLists_Acl_Rule_Match_IpRule_Icmp) Reset

func (*AccessLists_Acl_Rule_Match_IpRule_Icmp) String

type AccessLists_Acl_Rule_Match_IpRule_Icmp_Range

type AccessLists_Acl_Rule_Match_IpRule_Icmp_Range struct {
	// Lower boundary for range
	First uint32 `protobuf:"varint,1,opt,name=first,proto3" json:"first,omitempty"`
	// Upper boundary for range
	Last uint32 `protobuf:"varint,2,opt,name=last,proto3" json:"last,omitempty"`
}

func (*AccessLists_Acl_Rule_Match_IpRule_Icmp_Range) Descriptor

func (*AccessLists_Acl_Rule_Match_IpRule_Icmp_Range) GetFirst

func (*AccessLists_Acl_Rule_Match_IpRule_Icmp_Range) GetLast

func (*AccessLists_Acl_Rule_Match_IpRule_Icmp_Range) ProtoMessage

func (*AccessLists_Acl_Rule_Match_IpRule_Icmp_Range) Reset

func (*AccessLists_Acl_Rule_Match_IpRule_Icmp_Range) String

type AccessLists_Acl_Rule_Match_IpRule_Ip

type AccessLists_Acl_Rule_Match_IpRule_Ip struct {
	// Destination IPv4/IPv6 network address (<ip>/<network>)
	DestinationNetwork string `protobuf:"bytes,1,opt,name=destination_network,json=destinationNetwork,proto3" json:"destination_network,omitempty"`
	// Destination IPv4/IPv6 network address (<ip>/<network>)
	SourceNetwork string `protobuf:"bytes,2,opt,name=source_network,json=sourceNetwork,proto3" json:"source_network,omitempty"`
}

IP version used in this Access List Entry.

func (*AccessLists_Acl_Rule_Match_IpRule_Ip) Descriptor

func (*AccessLists_Acl_Rule_Match_IpRule_Ip) Descriptor() ([]byte, []int)

func (*AccessLists_Acl_Rule_Match_IpRule_Ip) GetDestinationNetwork

func (m *AccessLists_Acl_Rule_Match_IpRule_Ip) GetDestinationNetwork() string

func (*AccessLists_Acl_Rule_Match_IpRule_Ip) GetSourceNetwork

func (m *AccessLists_Acl_Rule_Match_IpRule_Ip) GetSourceNetwork() string

func (*AccessLists_Acl_Rule_Match_IpRule_Ip) ProtoMessage

func (*AccessLists_Acl_Rule_Match_IpRule_Ip) ProtoMessage()

func (*AccessLists_Acl_Rule_Match_IpRule_Ip) Reset

func (*AccessLists_Acl_Rule_Match_IpRule_Ip) String

type AccessLists_Acl_Rule_Match_IpRule_PortRange

type AccessLists_Acl_Rule_Match_IpRule_PortRange struct {
	// Lower boundary for port.
	LowerPort uint32 `protobuf:"varint,1,opt,name=lower_port,json=lowerPort,proto3" json:"lower_port,omitempty"`
	// Upper boundary for port. If existing, the upper port must
	// be greater or equal to lower-port
	UpperPort uint32 `protobuf:"varint,2,opt,name=upper_port,json=upperPort,proto3" json:"upper_port,omitempty"`
}

Inclusive range representing destination ports to be used. When only lower-port is present, it represents a single port.

func (*AccessLists_Acl_Rule_Match_IpRule_PortRange) Descriptor

func (*AccessLists_Acl_Rule_Match_IpRule_PortRange) GetLowerPort

func (*AccessLists_Acl_Rule_Match_IpRule_PortRange) GetUpperPort

func (*AccessLists_Acl_Rule_Match_IpRule_PortRange) ProtoMessage

func (*AccessLists_Acl_Rule_Match_IpRule_PortRange) Reset

func (*AccessLists_Acl_Rule_Match_IpRule_PortRange) String

type AccessLists_Acl_Rule_Match_IpRule_Tcp

type AccessLists_Acl_Rule_Match_IpRule_Tcp struct {
	DestinationPortRange *AccessLists_Acl_Rule_Match_IpRule_PortRange `protobuf:"bytes,1,opt,name=destination_port_range,json=destinationPortRange" json:"destination_port_range,omitempty"`
	SourcePortRange      *AccessLists_Acl_Rule_Match_IpRule_PortRange `protobuf:"bytes,2,opt,name=source_port_range,json=sourcePortRange" json:"source_port_range,omitempty"`
	// Binary mask for tcp flags to match. MSB order (FIN at position 0).
	// Applied as logical AND to tcp flags field of the packet being matched,
	// before it is compared with tcp-flags-value.
	TcpFlagsMask uint32 `protobuf:"varint,3,opt,name=tcp_flags_mask,json=tcpFlagsMask,proto3" json:"tcp_flags_mask,omitempty"`
	// Binary value for tcp flags to match. MSB order (FIN at position 0).
	// Before tcp-flags-value is compared with tcp flags field of the packet being matched,
	// tcp-flags-mask is applied to packet field value.
	TcpFlagsValue uint32 `protobuf:"varint,4,opt,name=tcp_flags_value,json=tcpFlagsValue,proto3" json:"tcp_flags_value,omitempty"`
}

func (*AccessLists_Acl_Rule_Match_IpRule_Tcp) Descriptor

func (*AccessLists_Acl_Rule_Match_IpRule_Tcp) Descriptor() ([]byte, []int)

func (*AccessLists_Acl_Rule_Match_IpRule_Tcp) GetDestinationPortRange

func (*AccessLists_Acl_Rule_Match_IpRule_Tcp) GetSourcePortRange

func (*AccessLists_Acl_Rule_Match_IpRule_Tcp) GetTcpFlagsMask

func (m *AccessLists_Acl_Rule_Match_IpRule_Tcp) GetTcpFlagsMask() uint32

func (*AccessLists_Acl_Rule_Match_IpRule_Tcp) GetTcpFlagsValue

func (m *AccessLists_Acl_Rule_Match_IpRule_Tcp) GetTcpFlagsValue() uint32

func (*AccessLists_Acl_Rule_Match_IpRule_Tcp) ProtoMessage

func (*AccessLists_Acl_Rule_Match_IpRule_Tcp) ProtoMessage()

func (*AccessLists_Acl_Rule_Match_IpRule_Tcp) Reset

func (*AccessLists_Acl_Rule_Match_IpRule_Tcp) String

type AccessLists_Acl_Rule_Match_IpRule_Udp

type AccessLists_Acl_Rule_Match_IpRule_Udp struct {
	DestinationPortRange *AccessLists_Acl_Rule_Match_IpRule_PortRange `protobuf:"bytes,1,opt,name=destination_port_range,json=destinationPortRange" json:"destination_port_range,omitempty"`
	SourcePortRange      *AccessLists_Acl_Rule_Match_IpRule_PortRange `protobuf:"bytes,2,opt,name=source_port_range,json=sourcePortRange" json:"source_port_range,omitempty"`
}

func (*AccessLists_Acl_Rule_Match_IpRule_Udp) Descriptor

func (*AccessLists_Acl_Rule_Match_IpRule_Udp) Descriptor() ([]byte, []int)

func (*AccessLists_Acl_Rule_Match_IpRule_Udp) GetDestinationPortRange

func (*AccessLists_Acl_Rule_Match_IpRule_Udp) GetSourcePortRange

func (*AccessLists_Acl_Rule_Match_IpRule_Udp) ProtoMessage

func (*AccessLists_Acl_Rule_Match_IpRule_Udp) ProtoMessage()

func (*AccessLists_Acl_Rule_Match_IpRule_Udp) Reset

func (*AccessLists_Acl_Rule_Match_IpRule_Udp) String

type AccessLists_Acl_Rule_Match_MacIpRule

type AccessLists_Acl_Rule_Match_MacIpRule struct {
	// Source IP address.
	SourceAddress string `protobuf:"bytes,1,opt,name=source_address,json=sourceAddress,proto3" json:"source_address,omitempty"`
	// Source IP address prefix.
	SourceAddressPrefix uint32 `protobuf:"varint,2,opt,name=source_address_prefix,json=sourceAddressPrefix,proto3" json:"source_address_prefix,omitempty"`
	// Source MAC address.
	// Before source-mac-address is compared with source mac address field of the packet
	// being matched, source-mac-address-mask is applied to packet field value.
	SourceMacAddress string `protobuf:"bytes,3,opt,name=source_mac_address,json=sourceMacAddress,proto3" json:"source_mac_address,omitempty"`
	// Source MAC address mask.
	// Applied as logical AND with source mac address field of the packet being matched,
	// before it is compared with source-mac-address.
	SourceMacAddressMask string `protobuf:"bytes,4,opt,name=source_mac_address_mask,json=sourceMacAddressMask,proto3" json:"source_mac_address_mask,omitempty"`
}

func (*AccessLists_Acl_Rule_Match_MacIpRule) Descriptor

func (*AccessLists_Acl_Rule_Match_MacIpRule) Descriptor() ([]byte, []int)

func (*AccessLists_Acl_Rule_Match_MacIpRule) GetSourceAddress

func (m *AccessLists_Acl_Rule_Match_MacIpRule) GetSourceAddress() string

func (*AccessLists_Acl_Rule_Match_MacIpRule) GetSourceAddressPrefix

func (m *AccessLists_Acl_Rule_Match_MacIpRule) GetSourceAddressPrefix() uint32

func (*AccessLists_Acl_Rule_Match_MacIpRule) GetSourceMacAddress

func (m *AccessLists_Acl_Rule_Match_MacIpRule) GetSourceMacAddress() string

func (*AccessLists_Acl_Rule_Match_MacIpRule) GetSourceMacAddressMask

func (m *AccessLists_Acl_Rule_Match_MacIpRule) GetSourceMacAddressMask() string

func (*AccessLists_Acl_Rule_Match_MacIpRule) ProtoMessage

func (*AccessLists_Acl_Rule_Match_MacIpRule) ProtoMessage()

func (*AccessLists_Acl_Rule_Match_MacIpRule) Reset

func (*AccessLists_Acl_Rule_Match_MacIpRule) String

type AclAction

type AclAction int32
const (
	AclAction_DENY    AclAction = 0
	AclAction_PERMIT  AclAction = 1
	AclAction_REFLECT AclAction = 2
)

func (AclAction) EnumDescriptor

func (AclAction) EnumDescriptor() ([]byte, []int)

func (AclAction) String

func (x AclAction) String() string

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL