Skip to content

Add accept action to policy-forwarding supported actions #1269

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,13 @@ submodule openconfig-pf-forwarding-policies {
"This submodule contains configuration and operational state
relating to the definition of policy-forwarding policies.";

oc-ext:openconfig-version "0.7.0";
oc-ext:openconfig-version "0.8.0";

revision "2025-04-21" {
description
"Add explicit policy evaluation termination control via rule-result.";
reference "0.8.0";
}

revision "2024-11-14" {
description
Expand Down Expand Up @@ -85,6 +91,31 @@ submodule openconfig-pf-forwarding-policies {
reference "0.0.1";
}

typedef pf-rule-result-type {
type enumeration {
enum ACCEPT_PACKET {
description
"Accept the packet and terminate evaluation of the current
policy. The packet will be forwarded according to the actions
specified in this rule.";
}
enum REJECT_PACKET {
description
"Reject (discard) the packet and terminate evaluation of the
current policy.";
}
enum NEXT_RULE {
description
"Any actions specified in this rule are applied to the packet,
and evaluation continues with the next rule in the policy.";
}
}
default ACCEPT_PACKET;
description
"Type used to specify packet disposition and policy evaluation
flow control in a policy-forwarding rule.";
}

grouping pf-forwarding-policy-structural {
description
"Structural grouping defining forwarding policies under the
Expand Down Expand Up @@ -261,13 +292,29 @@ submodule openconfig-pf-forwarding-policies {
grouping pf-forwarding-policy-action-config {
description
"Forwarding policy action configuration parameters.";

leaf rule-result {
type pf-rule-result-type;
default "ACCEPT_PACKET";
description
"Specifies the result of this rule and whether policy evaluation
should continue to the next rule. When set to ACCEPT_PACKET, the
packet is processed according to the actions in this rule and policy
evaluation terminates. When set to REJECT_PACKET, the packet is
discarded and policy evaluation terminates. When set to NEXT_RULE,
the actions in this rule are applied and evaluation continues with
the next rule.";
}

leaf discard {
type boolean;
default false;
description
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd like some clarification either in this leaf, or elsewhere, as to how this coexists with ACLs. What is the order of operations -- policy-forwarding and then ACL or ACL then policy-forwarding? Can both be used on a particular link?

"When this leaf is set to true, the local system should drop
packets that match the rule.";
packets that match the rule. Setting this to true has the same
effect as setting rule-result to REJECT_PACKET, but is maintained
for backward compatibility. If both are set, rule-result takes
precedence.";
}

leaf decapsulate-gre {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -86,7 +86,13 @@ module openconfig-policy-forwarding {
The forwarding action of the corresponding policy is set to
PATH_GROUP and references the configured group of LSPs.";

oc-ext:openconfig-version "0.7.0";
oc-ext:openconfig-version "0.8.0";

revision "2025-04-21" {
description
"Add explicit policy evaluation termination control via rule-result.";
reference "0.8.0";
}

revision "2024-11-14" {
description
Expand Down
Loading