From 4c47a9cb8f37303189df674c3ce38544e13bf06c Mon Sep 17 00:00:00 2001 From: Erick Eckermann <44233963+Pull-eckermann@users.noreply.github.com> Date: Fri, 28 Jun 2024 15:13:19 -0300 Subject: [PATCH 1/5] Update ACL entries in openconfig-packet-match.yang - Change type of ipv4 and ipv6 source and destinations address to oc-inet:ipv4-address. - Creation of source/destination-address-mask leaves to alow wildcard masks --- .../models/acl/openconfig-packet-match.yang | 40 +++++++++++++++---- 1 file changed, 32 insertions(+), 8 deletions(-) diff --git a/release/models/acl/openconfig-packet-match.yang b/release/models/acl/openconfig-packet-match.yang index c28798664..7294957f6 100644 --- a/release/models/acl/openconfig-packet-match.yang +++ b/release/models/acl/openconfig-packet-match.yang @@ -308,9 +308,15 @@ module openconfig-packet-match { for IPv4"; leaf source-address { - type oc-inet:ipv4-prefix; + type oc-inet:ipv4-address; description - "Source IPv4 address prefix."; + "Source IPv4 address."; + } + + leaf source-address-mask { + type oc-pkt-match-types:ipv4-prefix-mask-type; + description + "Source IPv4 address prefix mask."; } leaf source-address-prefix-set { @@ -324,9 +330,15 @@ module openconfig-packet-match { } leaf destination-address { - type oc-inet:ipv4-prefix; + type oc-inet:ipv4-address; + description + "Destination IPv4 address."; + } + + leaf destination-address-mask { + type oc-pkt-match-types:ipv4-prefix-mask-type; description - "Destination IPv4 address prefix."; + "Destination IPv4 address prefix mask."; } leaf destination-address-prefix-set { @@ -378,9 +390,15 @@ module openconfig-packet-match { "Configuration data for IPv6 match fields"; leaf source-address { - type oc-inet:ipv6-prefix; + type oc-inet:ipv6-address; description - "Source IPv6 address prefix."; + "Source IPv6 address."; + } + + leaf source-address-mask { + type oc-pkt-match-types:ipv6-prefix-mask-type; + description + "Source IPv6 address prefix mask."; } leaf source-address-prefix-set { @@ -400,9 +418,15 @@ module openconfig-packet-match { } leaf destination-address { - type oc-inet:ipv6-prefix; + type oc-inet:ipv6-address; + description + "Destination IPv6 address."; + } + + leaf destination-address-mask { + type oc-pkt-match-types:ipv6-prefix-mask-type; description - "Destination IPv6 address prefix."; + "Destination IPv6 address prefix mask."; } leaf destination-address-prefix-set { From 81bad7998462005ed67b5759184227c48689a49a Mon Sep 17 00:00:00 2001 From: Erick Eckermann <44233963+Pull-eckermann@users.noreply.github.com> Date: Fri, 28 Jun 2024 15:14:29 -0300 Subject: [PATCH 2/5] Creation of new types in openconfig-packet-match-types.yang Creation of ipv4-prefix-mask-type and ipv6-prefix-mask-type. --- .../acl/openconfig-packet-match-types.yang | 24 +++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/release/models/acl/openconfig-packet-match-types.yang b/release/models/acl/openconfig-packet-match-types.yang index b5f467a74..2550e3bd3 100644 --- a/release/models/acl/openconfig-packet-match-types.yang +++ b/release/models/acl/openconfig-packet-match-types.yang @@ -371,4 +371,28 @@ module openconfig-packet-match-types { decimal notation, or using a type defined by the ETHERTYPE identity"; } + + typedef ipv4-prefix-mask-type { + type union { + type uint8 { + range 0..32; + } + type oc-inet:ipv4-address; + } + description + "The ipv4-prefix mask to be used in acl-entries. Can be in CIDR + formmat or wildcard bits."; + } + + typedef ipv6-prefix-mask-type { + type union { + type uint8 { + range 0..128; + } + type oc-inet:ipv6-address; + } + description + "The ipv6-prefix mask to be used in acl-entries. Can be in CIDR + formmat or wildcard bits."; + } } From cb38c027f1bb04330f23101ad19fde58bd1bdf04 Mon Sep 17 00:00:00 2001 From: Erick Eckermann Date: Mon, 8 Jul 2024 10:26:45 -0300 Subject: [PATCH 3/5] Add sugestions of the review comments Add sugestions of the reviewer: - Remove braking change - Add two new leaves to be used in the case of non-wildcard matches that cannot be expressed by a CIDR mask. --- .../models/acl/openconfig-packet-match.yang | 50 ++++++++++++++----- 1 file changed, 37 insertions(+), 13 deletions(-) diff --git a/release/models/acl/openconfig-packet-match.yang b/release/models/acl/openconfig-packet-match.yang index 7294957f6..a3a2334c5 100644 --- a/release/models/acl/openconfig-packet-match.yang +++ b/release/models/acl/openconfig-packet-match.yang @@ -308,15 +308,21 @@ module openconfig-packet-match { for IPv4"; leaf source-address { + type oc-inet:ipv4-prefix; + description + "Source IPv4 address prefix."; + } + + leaf masked-source-address { type oc-inet:ipv4-address; description - "Source IPv4 address."; + "Source IPv4 address used with a mask."; } - leaf source-address-mask { - type oc-pkt-match-types:ipv4-prefix-mask-type; + leaf destination-source-mask { + type oc-inet:ipv4-address; description - "Source IPv4 address prefix mask."; + "Source IPv4 address mask."; } leaf source-address-prefix-set { @@ -330,15 +336,21 @@ module openconfig-packet-match { } leaf destination-address { + type oc-inet:ipv4-prefix; + description + "Destination IPv4 address prefix."; + } + + leaf masked-destination-address { type oc-inet:ipv4-address; description - "Destination IPv4 address."; + "Destination IPv4 address used with a mask."; } leaf destination-address-mask { - type oc-pkt-match-types:ipv4-prefix-mask-type; + type oc-inet:ipv4-address; description - "Destination IPv4 address prefix mask."; + "Destination IPv4 address mask."; } leaf destination-address-prefix-set { @@ -390,15 +402,21 @@ module openconfig-packet-match { "Configuration data for IPv6 match fields"; leaf source-address { + type oc-inet:ipv6-prefix; + description + "Source IPv6 address prefix."; + } + + leaf masked-source-address { type oc-inet:ipv6-address; description - "Source IPv6 address."; + "Source IPv6 address used with a mask."; } leaf source-address-mask { - type oc-pkt-match-types:ipv6-prefix-mask-type; + type oc-inet:ipv6-address; description - "Source IPv6 address prefix mask."; + "Source IPv6 address mask."; } leaf source-address-prefix-set { @@ -418,15 +436,21 @@ module openconfig-packet-match { } leaf destination-address { + type oc-inet:ipv6-prefix; + description + "Destination IPv6 address prefix."; + } + + leaf masked-destination-address { type oc-inet:ipv6-address; description - "Destination IPv6 address."; + "Destination IPv6 address used with a mask."; } leaf destination-address-mask { - type oc-pkt-match-types:ipv6-prefix-mask-type; + type oc-inet:ipv6-address; description - "Destination IPv6 address prefix mask."; + "Destination IPv6 address mask."; } leaf destination-address-prefix-set { From a3504f9641ea800eb29355360cd11f8308bc11b1 Mon Sep 17 00:00:00 2001 From: Erick Eckermann Date: Mon, 8 Jul 2024 10:36:24 -0300 Subject: [PATCH 4/5] Delete changes in openconfig-packet-match-types.yang Deleting the changes as the typedef is not needed anymore. --- .../acl/openconfig-packet-match-types.yang | 24 ------------------- 1 file changed, 24 deletions(-) diff --git a/release/models/acl/openconfig-packet-match-types.yang b/release/models/acl/openconfig-packet-match-types.yang index 2550e3bd3..b5f467a74 100644 --- a/release/models/acl/openconfig-packet-match-types.yang +++ b/release/models/acl/openconfig-packet-match-types.yang @@ -371,28 +371,4 @@ module openconfig-packet-match-types { decimal notation, or using a type defined by the ETHERTYPE identity"; } - - typedef ipv4-prefix-mask-type { - type union { - type uint8 { - range 0..32; - } - type oc-inet:ipv4-address; - } - description - "The ipv4-prefix mask to be used in acl-entries. Can be in CIDR - formmat or wildcard bits."; - } - - typedef ipv6-prefix-mask-type { - type union { - type uint8 { - range 0..128; - } - type oc-inet:ipv6-address; - } - description - "The ipv6-prefix mask to be used in acl-entries. Can be in CIDR - formmat or wildcard bits."; - } } From 26d54deed728acf87a3c165cdb0037629a2a57ab Mon Sep 17 00:00:00 2001 From: Erick Eckermann Date: Wed, 24 Jul 2024 16:25:02 -0300 Subject: [PATCH 5/5] Increase specification of new leaves description - Changed the name of leaves source-address-mask and destination-address-mask to source-wildcard-mask and destination-wildcard-mask. - Increase specification ot the description of masked-source-address and masked-destination-address leaves. --- .../models/acl/openconfig-packet-match.yang | 38 ++++++++++++------- 1 file changed, 25 insertions(+), 13 deletions(-) diff --git a/release/models/acl/openconfig-packet-match.yang b/release/models/acl/openconfig-packet-match.yang index a3a2334c5..42bbff141 100644 --- a/release/models/acl/openconfig-packet-match.yang +++ b/release/models/acl/openconfig-packet-match.yang @@ -316,13 +316,16 @@ module openconfig-packet-match { leaf masked-source-address { type oc-inet:ipv4-address; description - "Source IPv4 address used with a mask."; + "Source IPv4 address, to be used with source-wildcard-mask. + This configuration is used in cases of matches that cannot + be expressed by a CIDR mask.."; } - leaf destination-source-mask { + leaf source-wildcard-mask { type oc-inet:ipv4-address; description - "Source IPv4 address mask."; + "Source IPv4 address wildcard mask used + by masked-source-address."; } leaf source-address-prefix-set { @@ -344,13 +347,16 @@ module openconfig-packet-match { leaf masked-destination-address { type oc-inet:ipv4-address; description - "Destination IPv4 address used with a mask."; + "Destination IPv4 address, to be used with destination-wildcard-mask. + This configuration is used in cases of matches that cannot be expressed + by a CIDR mask."; } - leaf destination-address-mask { + leaf destination-wildcard-mask { type oc-inet:ipv4-address; description - "Destination IPv4 address mask."; + "Destination IPv4 address wildcard mask used + by masked-destination-address."; } leaf destination-address-prefix-set { @@ -410,13 +416,16 @@ module openconfig-packet-match { leaf masked-source-address { type oc-inet:ipv6-address; description - "Source IPv6 address used with a mask."; + "Source IPv6 address, to be used with source-wildcard-mask. + This configuration is used in cases of matches that cannot + be expressed by a CIDR mask."; } - leaf source-address-mask { - type oc-inet:ipv6-address; + leaf source-wildcard-mask { + type oc-inet:ipv4-address; description - "Source IPv6 address mask."; + "Source IPv6 address wildcard mask used + by masked-source-address."; } leaf source-address-prefix-set { @@ -444,13 +453,16 @@ module openconfig-packet-match { leaf masked-destination-address { type oc-inet:ipv6-address; description - "Destination IPv6 address used with a mask."; + "Destination IPv6 address, to be used with destination-wildcard-mask. + This configuration is used in cases of matches that cannot be expressed + by a CIDR mask."; } - leaf destination-address-mask { + leaf destination-wildcard-mask { type oc-inet:ipv6-address; description - "Destination IPv6 address mask."; + "Destination IPv6 address wildcard mask used + by masked-destination-address."; } leaf destination-address-prefix-set {