From 0bbfade142f6758e38b1d2c31694a7fc1ec26a07 Mon Sep 17 00:00:00 2001 From: stmosher Date: Mon, 26 Jun 2023 17:07:13 -0400 Subject: [PATCH 1/3] feat: icmp msg types and codes support --- .../translation/openconfig_xe/xe_acls.py | 99 ++++++++++++++----- .../yang/extensions/openconfig-acl-ext.yang | 24 ++++- package_nso_to_oc/xe/xe_acls.py | 60 ++++++++++- test/requirements.yml | 2 +- test/tests/xe/xe_acls_extended.yml | 74 ++++++++++++++ test/tests_nso_to_oc/xe/xe_acls.yml | 12 ++- 6 files changed, 240 insertions(+), 31 deletions(-) diff --git a/mdd/python/translation/openconfig_xe/xe_acls.py b/mdd/python/translation/openconfig_xe/xe_acls.py index 72284b24..66f71d49 100644 --- a/mdd/python/translation/openconfig_xe/xe_acls.py +++ b/mdd/python/translation/openconfig_xe/xe_acls.py @@ -4,32 +4,69 @@ from translation.common import prefix_to_network_and_mask from translation.common import get_interface_type_and_number -regex_ports = re.compile(r'(6553[0-5]|655[0-2][0-9]|65[0-4][0-9]{2}|6[0-4][0-9]{3}|[0-5][0-9]{4}|[0-9]{1,4})\.\.(6553[0-5]|655[0-2][0-9]|65[0-4][0-9]{2}|6[0-4][0-9]{3}|[0-5][0-9]{4}|[0-9]{1,4})') +regex_ports = re.compile( + r'(6553[0-5]|655[0-2][0-9]|65[0-4][0-9]{2}|6[0-4][0-9]{3}|[0-5][0-9]{4}|[0-9]{1,4})\.\.(6553[0-5]|655[0-2][0-9]|65[0-4][0-9]{2}|6[0-4][0-9]{3}|[0-5][0-9]{4}|[0-9]{1,4})') def xe_acls_program_service(self, nso_props) -> None: """ Program service for xe NED features """ - protocols_oc_to_xe = {1: 'icmp', - 'oc-pkt-match-types:IP_ICMP': 'icmp', - 2: 'igmp', - 'oc-pkt-match-types:IP_IGMP': 'igmp', - 4: 'ipinip', - 'oc-pkt-match-types:IP_IN_IP': 'ipinip', - 6: 'tcp', - 'oc-pkt-match-types:IP_TCP': 'tcp', - 17: 'udp', - 'oc-pkt-match-types:IP_UDP': 'udp', - 47: 'gre', - 'oc-pkt-match-types:IP_GRE': 'gre', - 50: 'esp', - 'oc-pkt-match-types-ext:IP_ESP': 'esp', - 51: 'ahp', - 'oc-pkt-match-types:IP_AUTH': 'ahp', - 103: 'pim', - 'oc-pkt-match-types:IP_PIM': 'pim'} - + protocols_oc_to_xe = { + 1: 'icmp', + 'oc-pkt-match-types:IP_ICMP': 'icmp', + 2: 'igmp', + 'oc-pkt-match-types:IP_IGMP': 'igmp', + 4: 'ipinip', + 'oc-pkt-match-types:IP_IN_IP': 'ipinip', + 6: 'tcp', + 'oc-pkt-match-types:IP_TCP': 'tcp', + 17: 'udp', + 'oc-pkt-match-types:IP_UDP': 'udp', + 47: 'gre', + 'oc-pkt-match-types:IP_GRE': 'gre', + 50: 'esp', + 'oc-pkt-match-types-ext:IP_ESP': 'esp', + 51: 'ahp', + 'oc-pkt-match-types:IP_AUTH': 'ahp', + 103: 'pim', + 'oc-pkt-match-types:IP_PIM': 'pim'} + icmp_types_to_names = { + (0, 0): "echo-reply", + (3, 0): "unreachable", + (3, 1): "host-unreachable", + (3, 2): "protocol-unreachable", + (3, 3): "port-unreachable", + (3, 4): "packet-too-big", + (3, 5): "source-route-failed", + (3, 6): "network-unknown", + (3, 7): "host-unknown", + (3, 9): "dod-net-prohibited", + (3, 10): "dod-host-prohibited", + (3, 11): "net-tos-unreachable", + (3, 12): "host-tos-unreachable", + (3, 13): "administratively-prohibited", + (4, 0): "source-quench", + (5, 0): "net-redirect", + (5, 1): "host-redirect", + (5, 2): "net-tos-redirect", + (5, 3): "host-tos-redirect", + (6, 0): "alternate-address", + (8, 0): "echo", + (11, 0): "time-exceeded", + (11, 1): "reassembly-timeout", + (12, 0): "parameter-problem", + (12, 1): "option-missing", + (12, 2): "no-room-for-option", + (13, 0): "timestamp-request", + (14, 0): "timestamp-reply", + (15, 0): "information-request", + (16, 0): "information-reply", + (17, 0): "mask-request", + (18, 0): "mask-reply", + (0, 0): "echo-reply", + (11, 0): "time-exceeded", + (12, 0): "general-parameter-problem"} actions_oc_to_xe = {'oc-acl:ACCEPT': 'permit', 'oc-acl:DROP': 'deny', 'oc-acl:REJECT': 'deny'} @@ -98,6 +135,13 @@ def xe_acls_program_service(self, nso_props) -> None: ('TCP_ACK' in i.transport.config.tcp_flags) and \ ('TCP_RST' in i.transport.config.tcp_flags): rule += 'established ' + if i.ipv4.config.protocol == 'oc-pkt-match-types:IP_ICMP': + if isinstance(i.icmp_v4.config.type, int) and isinstance(i.icmp_v4.config.code, int): + icmp_message = icmp_types_to_names.get((i.icmp_v4.config.type, i.icmp_v4.config.code)) + if icmp_message: + rule += f'{icmp_message} ' + else: + rule += f'{i.icmp_v4.config.type} {i.icmp_v4.config.code} ' if i.actions.config.log_action: if i.actions.config.log_action == 'oc-acl:LOG_SYSLOG': rule += 'log-input' @@ -147,7 +191,8 @@ def xe_acls_interfaces_program_service(self, nso_props) -> None: interface_cdb = class_attribute[ f'{interface_number}.{service_acl_interface.interface_ref.config.subinterface}'] elif interface_type == 'Port_channel': - interface_cdb = nso_props.root.devices.device[nso_props.device_name].config.ios__interface.Port_channel_subinterface.Port_channel[ + interface_cdb = nso_props.root.devices.device[ + nso_props.device_name].config.ios__interface.Port_channel_subinterface.Port_channel[ f'{interface_number}.{service_acl_interface.interface_ref.config.subinterface}'] # Apply ACLs TODO add other ACL types @@ -157,24 +202,28 @@ def xe_acls_interfaces_program_service(self, nso_props) -> None: if not interface_cdb.ip.access_group.exists('out'): interface_cdb.ip.access_group.create('out') interface_cdb.ip.access_group['out'].access_list = acl.set_name - self.log.info(f'{nso_props.device_name} ACL {acl.set_name} added to interface {service_acl_interface.id} egress') + self.log.info( + f'{nso_props.device_name} ACL {acl.set_name} added to interface {service_acl_interface.id} egress') if acl.type == 'oc-acl-ext:ACL_IPV4_STANDARD': if not interface_cdb.ip.access_group.exists('out'): interface_cdb.ip.access_group.create('out') interface_cdb.ip.access_group['out'].access_list = acl.set_name - self.log.info(f'{nso_props.device_name} ACL {acl.set_name} added to interface {service_acl_interface.id} egress') + self.log.info( + f'{nso_props.device_name} ACL {acl.set_name} added to interface {service_acl_interface.id} egress') if service_acl_interface.ingress_acl_sets: for acl in service_acl_interface.ingress_acl_sets.ingress_acl_set: if acl.type == 'oc-acl:ACL_IPV4': if not interface_cdb.ip.access_group.exists('in'): interface_cdb.ip.access_group.create('in') interface_cdb.ip.access_group['in'].access_list = acl.set_name - self.log.info(f'{nso_props.device_name} ACL {acl.set_name} added to interface {service_acl_interface.id} ingress') + self.log.info( + f'{nso_props.device_name} ACL {acl.set_name} added to interface {service_acl_interface.id} ingress') if acl.type == 'oc-acl-ext:ACL_IPV4_STANDARD': if not interface_cdb.ip.access_group.exists('in'): interface_cdb.ip.access_group.create('in') interface_cdb.ip.access_group['in'].access_list = acl.set_name - self.log.info(f'{nso_props.device_name} ACL {acl.set_name} added to interface {service_acl_interface.id} ingress') + self.log.info( + f'{nso_props.device_name} ACL {acl.set_name} added to interface {service_acl_interface.id} ingress') def xe_acls_lines_program_service(self, nso_props) -> None: diff --git a/mdd/src/yang/extensions/openconfig-acl-ext.yang b/mdd/src/yang/extensions/openconfig-acl-ext.yang index 48b687f4..021c6fb3 100644 --- a/mdd/src/yang/extensions/openconfig-acl-ext.yang +++ b/mdd/src/yang/extensions/openconfig-acl-ext.yang @@ -20,7 +20,10 @@ module openconfig-acl-ext{ description "Augmentation to openconfig acl model."; - + revision "2023-06-23" { + description + "Added support for ICMP message types and codes"; + } revision "2022-09-27" { description "Added config container and fixed typo"; @@ -47,6 +50,25 @@ module openconfig-acl-ext{ } } } + augment /ncs:devices/ncs:device/mdd:openconfig/oc-acl:acl/oc-acl:acl-sets/oc-acl:acl-set/oc-acl:acl-entries/oc-acl:acl-entry { + when "./oc-acl:ipv4/oc-acl:config/oc-acl:protocol='oc-pkt-match-types:IP_ICMP'" ; + container icmp-v4 { + container config { + description + "Configuration ICMPv4 types and codes"; + leaf type { + type uint8; + description + "ICMP message type."; + } + leaf code { + type uint8; + description + "ICMP message code."; + } + } + } + } augment /ncs:devices/ncs:device/mdd:openconfig/oc-acl:acl { container ntp { description diff --git a/package_nso_to_oc/xe/xe_acls.py b/package_nso_to_oc/xe/xe_acls.py index f6202a8d..8126e87c 100755 --- a/package_nso_to_oc/xe/xe_acls.py +++ b/package_nso_to_oc/xe/xe_acls.py @@ -44,6 +44,40 @@ "esp": "IP_ESP", "pim": "IP_PIM" } +icmp_names_to_types = { + 'administratively-prohibited': (3, 13), + 'alternate-address': (6, 0), + 'dod-host-prohibited': (3, 10), + 'dod-net-prohibited': (3, 9), + 'echo': (8, 0), + 'echo-reply': (0, 0), + 'general-parameter-problem': (12, 0), + 'host-redirect': (5, 1), + 'host-tos-redirect': (5, 3), + 'host-tos-unreachable': (3, 12), + 'host-unknown': (3, 7), + 'host-unreachable': (3, 1), + 'information-reply': (16, 0), + 'information-request': (15, 0), + 'mask-reply': (18, 0), + 'mask-request': (17, 0), + 'net-redirect': (5, 0), + 'net-tos-redirect': (5, 2), + 'net-tos-unreachable': (3, 11), + 'net-unreachable': (3, 0), + 'network-unknown': (3, 6), + 'no-room-for-option': (12, 2), + 'option-missing': (12, 1), + 'packet-too-big': (3, 4), + 'port-unreachable': (3, 3), + 'protocol-unreachable': (3, 2), + 'reassembly-timeout': (11, 1), + 'source-quench': (4, 0), + 'source-route-failed': (3, 5), + 'time-exceeded': (11, 0), + 'timestamp-reply': (14, 0), + 'timestamp-request': (13, 0), + 'unreachable': (3, 0)} # OC has an additional forwarding action, "DROP", which also translates to "deny" in XE. actions_xe_to_oc = { "permit": "ACCEPT", @@ -266,6 +300,8 @@ def __set_ip_and_port(self, rule_parts, current_index, entry, is_source, index): if rule_parts[index + 1] == "tcp" or rule_parts[index + 1] == "udp": current_index = self.__set_port(rule_parts, current_index, entry, is_source) + elif rule_parts[index + 1] == "icmp" and not is_source: + current_index = self.__set_icmp(rule_parts, current_index, entry) return current_index @@ -285,7 +321,6 @@ def __set_ip_and_network(self, rule_parts, current_index, entry, is_source): else: self.__get_ipv4_config(entry)[ "openconfig-acl:destination-address"] = f"{rule_parts[current_index + 1]}/32" - return current_index + 2 elif (rule_parts[0].isdigit() and len(rule_parts) == 3) \ or (rule_parts[0].isdigit() and len(rule_parts) == 4 and rule_parts[-1] == "log") \ @@ -323,7 +358,6 @@ def __set_ip_and_network(self, rule_parts, current_index, entry, is_source): self.__get_ipv4_config(entry)[self._src_addr_key] = f"{ip}/{prefixlen}" else: self.__get_ipv4_config(entry)["openconfig-acl:destination-address"] = f"{ip}/{prefixlen}" - return current_index + 2 def __set_port(self, rule_parts, current_index, entry, is_source): @@ -387,6 +421,28 @@ def __set_port(self, rule_parts, current_index, entry, is_source): return current_index + 2 + def __set_icmp(self, rule_parts, current_index, entry): + if len(rule_parts) <= current_index: + # end of the rule or there's messages specified + return current_index + elif rule_parts[current_index] in icmp_names_to_types: + msg, code = icmp_names_to_types[rule_parts[current_index]] + entry['openconfig-acl-ext:icmp-v4'] = {'openconfig-acl-ext:config': + {'openconfig-acl-ext:type': msg, + 'openconfig-acl-ext:code': code}} + return current_index + 1 + elif rule_parts[current_index].isdigit(): + entry['openconfig-acl-ext:icmp-v4'] = {'openconfig-acl-ext:config': + {'openconfig-acl-ext:type': rule_parts[current_index], + 'openconfig-acl-ext:code': 0}} + if current_index + 1 < len(rule_parts) and rule_parts[current_index + 1].isdigit(): + entry['openconfig-acl-ext:icmp-v4']['openconfig-acl-ext:config']['openconfig-acl-ext:code'] = rule_parts[current_index + 1] + return current_index + 2 + return current_index + 1 + else: + return current_index + + def __set_tcp_flags(self, rule_parts, current_index, entry): if len(rule_parts) <= current_index or not rule_parts[current_index] in ["ack", "rst", "established"]: return current_index diff --git a/test/requirements.yml b/test/requirements.yml index f2cf1c28..e61f51f8 100644 --- a/test/requirements.yml +++ b/test/requirements.yml @@ -1,7 +1,7 @@ collections: - name: https://github.com/ciscodevnet/ansible-cml.git type: git - - name: https://github.com/model-driven-devops/ansible-mdd.git,1.1.3 + - name: https://github.com/model-driven-devops/ansible-mdd.git,1.2.5 type: git - name: https://github.com/model-driven-devops/ansible-nso.git type: git \ No newline at end of file diff --git a/test/tests/xe/xe_acls_extended.yml b/test/tests/xe/xe_acls_extended.yml index c5c9ee7d..64e5dad5 100644 --- a/test/tests/xe/xe_acls_extended.yml +++ b/test/tests/xe/xe_acls_extended.yml @@ -704,6 +704,80 @@ rollback: false assertion_ignore_errors: false + - name: test acl_type_extended_icmp configurations + tags: + - acl_type_extended_icmp + import_role: + name: nso-openconfig-test + vars: + content: | + mdd:openconfig: + openconfig-acl:acl: + openconfig-acl:acl-sets: + openconfig-acl:acl-set: + - openconfig-acl:name: 'icmp' + openconfig-acl:type: 'ACL_IPV4' + openconfig-acl:config: + openconfig-acl:description: 'icmp message types and codes' + openconfig-acl:name: 'icmp' + openconfig-acl:type: 'ACL_IPV4' + openconfig-acl:acl-entries: + openconfig-acl:acl-entry: + - openconfig-acl:sequence-id: 10 + openconfig-acl:actions: + openconfig-acl:config: + openconfig-acl:forwarding-action: 'ACCEPT' + openconfig-acl:log-action: 'LOG_NONE' + openconfig-acl:config: + openconfig-acl:description: 'test type and code 10' + openconfig-acl:sequence-id: 10 + openconfig-acl:ipv4: + openconfig-acl:config: + openconfig-acl:destination-address: '0.0.0.0/0' + openconfig-acl:protocol: 'IP_ICMP' + openconfig-acl:source-address: '0.0.0.0/0' + openconfig-acl-ext:icmp-v4: + openconfig-acl-ext:config: + openconfig-acl-ext:type: 222 + openconfig-acl-ext:code: 223 + - openconfig-acl:sequence-id: 20 + openconfig-acl:actions: + openconfig-acl:config: + openconfig-acl:forwarding-action: 'ACCEPT' + openconfig-acl:log-action: 'LOG_NONE' + openconfig-acl:config: + openconfig-acl:description: 'test type and code 20' + openconfig-acl:sequence-id: 20 + openconfig-acl:ipv4: + openconfig-acl:config: + openconfig-acl:destination-address: '0.0.0.0/0' + openconfig-acl:protocol: 'IP_ICMP' + openconfig-acl:source-address: '0.0.0.0/0' + openconfig-acl-ext:icmp-v4: + openconfig-acl-ext:config: + openconfig-acl-ext:type: 3 + openconfig-acl-ext:code: 4 + - openconfig-acl:sequence-id: 30 + openconfig-acl:actions: + openconfig-acl:config: + openconfig-acl:forwarding-action: 'REJECT' + openconfig-acl:log-action: 'LOG_SYSLOG' + openconfig-acl:config: + openconfig-acl:description: 'drop log other packets' + openconfig-acl:sequence-id: 30 + openconfig-acl:ipv4: + openconfig-acl:config: + openconfig-acl:destination-address: '0.0.0.0/0' + openconfig-acl:source-address: '0.0.0.0/0' + assertions: + - "'+ip access-list extended icmp:' in changes" + - "'+ 10 permit icmp any any 222 223:' in changes" + - "'+ 20 permit icmp any any packet-too-big:' in changes" + - "'+ 30 deny ip any any log-input:' in changes" + api_method: PATCH + rollback: false + assertion_ignore_errors: false + - hosts: nso connection: local gather_facts: no diff --git a/test/tests_nso_to_oc/xe/xe_acls.yml b/test/tests_nso_to_oc/xe/xe_acls.yml index 6244ea58..ba1f965c 100644 --- a/test/tests_nso_to_oc/xe/xe_acls.yml +++ b/test/tests_nso_to_oc/xe/xe_acls.yml @@ -263,7 +263,9 @@ - rule: '30 deny tcp 192.168.1.0 0.0.0.255 10.1.1.0 0.0.0.255' - rule: '40 deny tcp host 192.168.1.11 any eq www' - rule: '50 deny tcp host 192.168.1.12 any gt 1024' - - rule: '60 permit ip any any' + - rule: '60 deny icmp host 192.168.1.12 any 222 223' + - rule: '70 deny icmp host 192.168.1.12 any packet-too-big' + - rule: '80 permit ip any any' - name: 'service-cmd' ext-access-list-rule: - rule: '10 permit tcp any eq cmd any' @@ -274,7 +276,7 @@ - rule: '10 permit tcp any any eq 22' - rule: '20 permit tcp any any eq www' - rule: '30 permit tcp any any range 1024 65535 established' - - rule: '40 deny ip any any log-input' + - rule: '40 deny ip any any log-input' - name: NSO configure Numbered ACLs tags: @@ -418,6 +420,12 @@ - "oc_result.json['mdd:openconfig']['openconfig-acl:acl']['acl-sets']['acl-set'][2]['acl-entries']['acl-entry'][4]['ipv4']['config']['destination-address'] == '0.0.0.0/0'" - "oc_result.json['mdd:openconfig']['openconfig-acl:acl']['acl-sets']['acl-set'][2]['acl-entries']['acl-entry'][4]['transport']['config']['source-port'] == 'ANY'" - "oc_result.json['mdd:openconfig']['openconfig-acl:acl']['acl-sets']['acl-set'][2]['acl-entries']['acl-entry'][4]['transport']['config']['destination-port'] == '1025..65535'" + - "oc_result.json['mdd:openconfig']['openconfig-acl:acl']['acl-sets']['acl-set'][2]['acl-entries']['acl-entry'][4]['sequence-id'] == 60" + - "oc_result.json['mdd:openconfig']['openconfig-acl:acl']['acl-sets']['acl-set'][2]['acl-entries']['acl-entry'][4]['openconfig-acl-ext:icmp-v4']['config']['type'] == 222" + - "oc_result.json['mdd:openconfig']['openconfig-acl:acl']['acl-sets']['acl-set'][2]['acl-entries']['acl-entry'][4]['openconfig-acl-ext:icmp-v4']['config']['code'] == 223" + - "oc_result.json['mdd:openconfig']['openconfig-acl:acl']['acl-sets']['acl-set'][2]['acl-entries']['acl-entry'][4]['sequence-id'] == 70" + - "oc_result.json['mdd:openconfig']['openconfig-acl:acl']['acl-sets']['acl-set'][2]['acl-entries']['acl-entry'][4]['openconfig-acl-ext:icmp-v4']['config']['type'] == 3" + - "oc_result.json['mdd:openconfig']['openconfig-acl:acl']['acl-sets']['acl-set'][2]['acl-entries']['acl-entry'][4]['openconfig-acl-ext:icmp-v4']['config']['code'] == 4" - "oc_result.json['mdd:openconfig']['openconfig-acl:acl']['openconfig-acl-ext:lines']['line'][0]['id'] == 'vty 0 4'" - "oc_result.json['mdd:openconfig']['openconfig-acl:acl']['openconfig-acl-ext:lines']['line'][0]['egress-acl-set'] == '11'" - "oc_result.json['mdd:openconfig']['openconfig-acl:acl']['openconfig-acl-ext:lines']['line'][0]['ingress-acl-sets']['ingress-acl-set'][0]['config']['ingress-acl-set-name'] == '11'" From ac1d1350b53391c6617fa4d0df2b31359730a985 Mon Sep 17 00:00:00 2001 From: stmosher Date: Mon, 26 Jun 2023 21:18:12 -0400 Subject: [PATCH 2/3] fix: tests ACE indexes --- test/tests_nso_to_oc/xe/xe_acls.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/test/tests_nso_to_oc/xe/xe_acls.yml b/test/tests_nso_to_oc/xe/xe_acls.yml index ba1f965c..7a715dde 100644 --- a/test/tests_nso_to_oc/xe/xe_acls.yml +++ b/test/tests_nso_to_oc/xe/xe_acls.yml @@ -420,12 +420,12 @@ - "oc_result.json['mdd:openconfig']['openconfig-acl:acl']['acl-sets']['acl-set'][2]['acl-entries']['acl-entry'][4]['ipv4']['config']['destination-address'] == '0.0.0.0/0'" - "oc_result.json['mdd:openconfig']['openconfig-acl:acl']['acl-sets']['acl-set'][2]['acl-entries']['acl-entry'][4]['transport']['config']['source-port'] == 'ANY'" - "oc_result.json['mdd:openconfig']['openconfig-acl:acl']['acl-sets']['acl-set'][2]['acl-entries']['acl-entry'][4]['transport']['config']['destination-port'] == '1025..65535'" - - "oc_result.json['mdd:openconfig']['openconfig-acl:acl']['acl-sets']['acl-set'][2]['acl-entries']['acl-entry'][4]['sequence-id'] == 60" - - "oc_result.json['mdd:openconfig']['openconfig-acl:acl']['acl-sets']['acl-set'][2]['acl-entries']['acl-entry'][4]['openconfig-acl-ext:icmp-v4']['config']['type'] == 222" - - "oc_result.json['mdd:openconfig']['openconfig-acl:acl']['acl-sets']['acl-set'][2]['acl-entries']['acl-entry'][4]['openconfig-acl-ext:icmp-v4']['config']['code'] == 223" - - "oc_result.json['mdd:openconfig']['openconfig-acl:acl']['acl-sets']['acl-set'][2]['acl-entries']['acl-entry'][4]['sequence-id'] == 70" - - "oc_result.json['mdd:openconfig']['openconfig-acl:acl']['acl-sets']['acl-set'][2]['acl-entries']['acl-entry'][4]['openconfig-acl-ext:icmp-v4']['config']['type'] == 3" - - "oc_result.json['mdd:openconfig']['openconfig-acl:acl']['acl-sets']['acl-set'][2]['acl-entries']['acl-entry'][4]['openconfig-acl-ext:icmp-v4']['config']['code'] == 4" + - "oc_result.json['mdd:openconfig']['openconfig-acl:acl']['acl-sets']['acl-set'][2]['acl-entries']['acl-entry'][5]['sequence-id'] == 60" + - "oc_result.json['mdd:openconfig']['openconfig-acl:acl']['acl-sets']['acl-set'][2]['acl-entries']['acl-entry'][5]['openconfig-acl-ext:icmp-v4']['config']['type'] == 222" + - "oc_result.json['mdd:openconfig']['openconfig-acl:acl']['acl-sets']['acl-set'][2]['acl-entries']['acl-entry'][5]['openconfig-acl-ext:icmp-v4']['config']['code'] == 223" + - "oc_result.json['mdd:openconfig']['openconfig-acl:acl']['acl-sets']['acl-set'][2]['acl-entries']['acl-entry'][6]['sequence-id'] == 70" + - "oc_result.json['mdd:openconfig']['openconfig-acl:acl']['acl-sets']['acl-set'][2]['acl-entries']['acl-entry'][6]['openconfig-acl-ext:icmp-v4']['config']['type'] == 3" + - "oc_result.json['mdd:openconfig']['openconfig-acl:acl']['acl-sets']['acl-set'][2]['acl-entries']['acl-entry'][6]['openconfig-acl-ext:icmp-v4']['config']['code'] == 4" - "oc_result.json['mdd:openconfig']['openconfig-acl:acl']['openconfig-acl-ext:lines']['line'][0]['id'] == 'vty 0 4'" - "oc_result.json['mdd:openconfig']['openconfig-acl:acl']['openconfig-acl-ext:lines']['line'][0]['egress-acl-set'] == '11'" - "oc_result.json['mdd:openconfig']['openconfig-acl:acl']['openconfig-acl-ext:lines']['line'][0]['ingress-acl-sets']['ingress-acl-set'][0]['config']['ingress-acl-set-name'] == '11'" From 8948f68e646496bf8881d242a497ea0016cd2643 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Tue, 27 Jun 2023 10:50:23 +0000 Subject: [PATCH 3/3] Update version --- mdd/package-meta-data.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mdd/package-meta-data.xml b/mdd/package-meta-data.xml index d80dfac7..4169611f 100644 --- a/mdd/package-meta-data.xml +++ b/mdd/package-meta-data.xml @@ -1,6 +1,6 @@ mdd - 2.70.0 + 2.71.0 Translates OpenConfig models to NSO devices and augments OpenConfig models with custom configurations. 5.5