Skip to content

Commit 4207b88

Browse files
author
Capirca Team
committed
Add SONiC Capirca generator README
PiperOrigin-RevId: 483875102
1 parent d95c786 commit 4207b88

2 files changed

Lines changed: 46 additions & 0 deletions

File tree

README.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -421,6 +421,7 @@ generators:
421421
* [`packetfilter`](./doc/generators/packetfilter.md): PacketFilter
422422
* [`paloaltofw`](./doc/generators/paloaltofw.md): Palo Alto PANOS
423423
* [`pcap`](./doc/generators/pcap.md): PcapFilter
424+
* [`sonic`](./doc/generators/sonic.md): SONiC ACLs in config_db.json format
424425
* [`speedway`](./doc/generators/speedway.md): Speedway
425426
* [`srxlo`](./doc/generators/srxlo.md): Stateless Juniper ACL
426427
* [`windows_advfirewall`](./doc/generators/windows_advfirewall.md): Windows

doc/generators/sonic.md

Lines changed: 45 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,45 @@
1+
# SONiC
2+
3+
The SONiC header designation has the following format:
4+
5+
```
6+
target:: sonic filter-name {inet|inet6|mixed}
7+
```
8+
9+
* _filter-name_: defines the name of the filter. This is a required field.
10+
Note that the filter name will be present as a key of every ACE (i.e. rule) in
11+
generated policy. For example if the filter-name is 'MyPolicy', each ACE will
12+
come out like:
13+
14+
```
15+
{
16+
'MyPolicy|RULE_10': {...},
17+
'MyPolicy|RULE_20': {...},
18+
...
19+
}
20+
```
21+
22+
## Term Format
23+
24+
* _action::_ The action to take when matched. See Actions section for valid
25+
options.
26+
* _destination-address::_ One or more destination address tokens.
27+
* _destination-port::_ One or more service definition tokens.
28+
* _expiration::_ Stop rendering this term after specified date. Date format:
29+
[YYYY](YYYY.md)-[MM](MM.md)-[DD](DD.md).
30+
* _protocol::_ The network protocols this term will match, such as tcp, udp, or
31+
sctp.
32+
* _source-address::_ One or more source address tokens.
33+
* _source-port::_ One or more service definition tokens.
34+
35+
## Sub Tokens
36+
37+
### Actions
38+
39+
* _accept_
40+
* _deny_
41+
42+
### Option
43+
44+
* _tcp-established::_ Only match "established" connections. It is not stateful -
45+
any TCP packet with ACK and/or RST TCP flag set will match.

0 commit comments

Comments
 (0)