acl_impl¶

Warning

doxygenfile: Cannot find file “eos/acl_impl.h

Type definitions in acl_impl¶

namespace eos

class acl_ttl_spec_impl_t

#include <acl_impl.h>

A TTL specifier, used in an IP ACL rule to define TTLs to match.

Create an instance of the classes below, such as a acl_ttl_spec_gt_t to specify matching TTLs greater than the value passed.

Public Functions

acl_ttl_spec_impl_t()

acl_ttl_spec_impl_t(acl_range_operator_t oper, uint8_t ttl)

acl_range_operator_t oper() const: Getter for ‘oper’: the type of range, note, BETWEEN is not supported.

void oper_is(acl_range_operator_t oper): Setter for ‘oper’.

uint8_t ttl() const: Getter for ‘ttl’: the type of range, note, BETWEEN is not supported.

void ttl_is(uint8_t ttl): Setter for ‘ttl’.

bool operator==(acl_ttl_spec_impl_t const & other) const

bool operator!=(acl_ttl_spec_impl_t const & other) const

bool operator<(acl_ttl_spec_impl_t const & other) const

uint32_t hash() const: The hash function for type acl_ttl_spec_t.

void mix_me(hash_mix & h) const: The hash mix function for type acl_ttl_spec_t.

std::string to_string() const: Returns a string representation of the current object’s values.

Private Members

acl_range_operator_t oper_

uint8_t ttl_

Friends

friend std::ostream & operator<<: A utility stream operator that adds a string representation of acl_ttl_spec_t to the ostream.

class acl_port_spec_impl_t

#include <acl_impl.h>

A UDP or TCP port specifier.

Pick one of either:

acl_port_spec_eq_t : Matches 1-10 port numbers.
acl_port_spec_neq_t : Doesn’t match these 1-10 ports.
acl_port_spec_lt_t : Matches ports less than the value.
acl_port_spec_gt_t : Matches ports greater than the value.
acl_port_spec_between_t : Matches ports between the two values.

Public Functions

acl_port_spec_impl_t(): Default constructor, matches any port.

acl_port_spec_impl_t(acl_range_operator_t oper, std::list< uint16_t > const & ports)

acl_range_operator_t oper() const

void oper_is(acl_range_operator_t oper)

std::list< uint16_t > const & ports() const

void ports_is(std::list< uint16_t > const & ports)

void port_set(uint16_t const & ports): Prepend one port to the list.

void port_del(uint16_t const & ports): Remove all matching port elements.

bool operator==(acl_port_spec_impl_t const & other) const

bool operator!=(acl_port_spec_impl_t const & other) const

bool operator<(acl_port_spec_impl_t const & other) const

uint32_t hash() const: The hash function for type acl_port_spec_t.

void mix_me(hash_mix & h) const: The hash mix function for type acl_port_spec_t.

std::string to_string() const: Returns a string representation of the current object’s values.

Private Members

acl_range_operator_t oper_

std::list< uint16_t > ports_

Friends

friend std::ostream & operator<<: A utility stream operator that adds a string representation of acl_port_spec_t to the ostream.

class acl_rule_base_impl_t

#include <acl_impl.h>

Following are classes that represent access lists (ACLs). Access lists are sequences of rules specifying per-packet rules filters apply to either IPv4, IPv6 or ETH (layer 2) traffic and are attached to traffic arriving (in) or leaving (out) on zero or more interfaces.

To use ACL rules in these libraries, construct the appropriate concrete type of rule you desire, either a:

acl_rule_ip_t or a
acl_rule_eth_t

Base parameters common to all filter types are defined on the parent acl_base_filter_t, such as “log” to enable logging of packets matching the rule, and the action applied to packets matching the rule.

Base ACL rule class containing common fields. Instead of this, instantiate one of the concrete rule classes.

Public Functions

acl_action_t action() const

void action_is(acl_action_t action)

bool log() const

void log_is(bool log)

bool tracked() const

void tracked_is(bool tracked)

uint32_t hash() const: The hash function for type acl_rule_base_t.

void mix_me(hash_mix & h) const: The hash mix function for type acl_rule_base_t.

std::string to_string() const: Returns a string representation of the current object’s values.

Protected Functions

acl_rule_base_impl_t()

Private Members

acl_action_t action_

bool log_

bool tracked_

Friends

friend class acl_rule_base_t

friend std::ostream & operator<<: A utility stream operator that adds a string representation of acl_rule_base_t to the ostream.

class acl_rule_ip_impl_t

#include <acl_impl.h>

An individual ACL rule for IPv4 or IPv6 ACLs.

Public Functions

acl_rule_ip_impl_t()

vlan_id_t vlan() const

void vlan_is(vlan_id_t vlan)

vlan_id_t vlan_mask() const

void vlan_mask_is(vlan_id_t vlan_mask)

vlan_id_t inner_vlan() const

void inner_vlan_is(vlan_id_t inner_vlan)

vlan_id_t inner_vlan_mask() const

void inner_vlan_mask_is(vlan_id_t inner_vlan_mask)

uint8_t ip_protocol() const

void ip_protocol_is(uint8_t ip_protocol)

acl_ttl_spec_t ttl() const

void ttl_is(acl_ttl_spec_t ttl)

ip_addr_mask_t source_addr() const

void source_addr_is(ip_addr_mask_t const & source_addr)

ip_addr_mask_t destination_addr() const

void destination_addr_is(ip_addr_mask_t const & destination_addr)

acl_port_spec_t source_port() const

void source_port_is(acl_port_spec_t source_port)

acl_port_spec_t destination_port() const

void destination_port_is(acl_port_spec_t destination_port)

std::string nexthop_group() const: Getter for ‘nexthop_group’: match nexthop-group in the FIB lookup result.

void nexthop_group_is(std::string nexthop_group): Setter for ‘nexthop_group’.

uint16_t tcp_flags() const: Getter for ‘tcp_flags’: bitmask of TCP flags to match, if set.

void tcp_flags_is(uint16_t tcp_flags): Setter for ‘tcp_flags’.

bool established() const: Getter for ‘established’: match “established” connections.

void established_is(bool established): Setter for ‘established’.

uint16_t icmp_type() const: Getter for ‘icmp_type’: match a specific ICMP type and code, the default value 0xFFFF matches all types or codes.

void icmp_type_is(uint16_t icmp_type): Setter for ‘icmp_type’.

uint16_t icmp_code() const: Getter for ‘icmp_code’: match a specific ICMP type and code.

void icmp_code_is(uint16_t icmp_code): Setter for ‘icmp_code’.

uint8_t priority_value() const: Getter for ‘priority_value’: IPv4: 0..63: DSCP value to match; IPv6: 0..255: DSCP + ECN bits (traffic class byte). Warning: for IPv6 the DSCP value must be shifted (ipv4_dscp<<2). Warning: for IPV4 also need to call match_ip_priority. Warning: mask default is 0 (all bits are wildcarded).

void priority_value_is(uint8_t priority_value): Setter for ‘priority_value’.

uint8_t priority_mask() const: Getter for ‘priority_mask’: 0..63 for IPv4; 0..255 for IPv6. Warning: the default mask is 0: any dscp will match.

void priority_mask_is(uint8_t priority_mask): Setter for ‘priority_mask’.

bool match_fragments() const: Getter for ‘match_fragments’: match IP fragments.

void match_fragments_is(bool match_fragments): Setter for ‘match_fragments’.

bool match_ip_priority() const: Getter for ‘match_ip_priority’: IPv4: enable for priority_{value,mask} to be effective; IPv6: dont care (not needed for match to happen).

void match_ip_priority_is(bool match_ip_priority): Setter for ‘match_ip_priority’.

bool operator==(acl_rule_ip_impl_t const & other) const

bool operator!=(acl_rule_ip_impl_t const & other) const

bool operator<(acl_rule_ip_impl_t const & other) const

uint32_t hash() const: The hash function for type acl_rule_ip_t.

void mix_me(hash_mix & h) const: The hash mix function for type acl_rule_ip_t.

std::string to_string() const: Returns a string representation of the current object’s values.

Private Members

vlan_id_t vlan_

vlan_id_t vlan_mask_

vlan_id_t inner_vlan_

vlan_id_t inner_vlan_mask_

uint8_t ip_protocol_

acl_ttl_spec_t ttl_

ip_addr_mask_t source_addr_

ip_addr_mask_t destination_addr_

acl_port_spec_t source_port_

acl_port_spec_t destination_port_

std::string nexthop_group_

uint16_t tcp_flags_

bool established_

uint16_t icmp_type_

uint16_t icmp_code_

uint8_t priority_value_

uint8_t priority_mask_

bool match_fragments_

bool match_ip_priority_

Friends

friend std::ostream & operator<<: A utility stream operator that adds a string representation of acl_rule_ip_t to the ostream.

class acl_rule_eth_impl_t

#include <acl_impl.h>

An Ethernet ACL, which can be applied to Ethernet, Vlan, and MLAG interfaces.

Public Functions

acl_rule_eth_impl_t()

vlan_id_t vlan() const

void vlan_is(vlan_id_t vlan)

vlan_id_t vlan_mask() const

void vlan_mask_is(vlan_id_t vlan_mask)

vlan_id_t inner_vlan() const

void inner_vlan_is(vlan_id_t inner_vlan)

vlan_id_t inner_vlan_mask() const

void inner_vlan_mask_is(vlan_id_t inner_vlan_mask)

eth_addr_t source_addr() const

void source_addr_is(eth_addr_t source_addr)

eth_addr_t destination_addr() const

void destination_addr_is(eth_addr_t destination_addr)

eth_addr_t source_mask() const

void source_mask_is(eth_addr_t source_mask)

eth_addr_t destination_mask() const

void destination_mask_is(eth_addr_t destination_mask)

uint32_t eth_protocol() const

void eth_protocol_is(uint32_t eth_protocol)

bool operator==(acl_rule_eth_impl_t const & other) const

bool operator!=(acl_rule_eth_impl_t const & other) const

uint32_t hash() const: The hash function for type acl_rule_eth_t.

void mix_me(hash_mix & h) const: The hash mix function for type acl_rule_eth_t.

std::string to_string() const: Returns a string representation of the current object’s values.

Private Members

vlan_id_t vlan_

vlan_id_t vlan_mask_

vlan_id_t inner_vlan_

vlan_id_t inner_vlan_mask_

eth_addr_t source_addr_

eth_addr_t destination_addr_

eth_addr_t source_mask_

eth_addr_t destination_mask_

uint32_t eth_protocol_

Friends

friend std::ostream & operator<<: A utility stream operator that adds a string representation of acl_rule_eth_t to the ostream.

acl_impl¶

Type definitions in acl_impl¶

Table of Contents

Previous topic

Next topic