|
| ||||||||||||||||
|
| ||||||||||||||||
Helper class for helping with packet ACL configuration transactions via an Xrl interface.
The class provides error messages suitable for Xrl return values and does some extra checking not in the PaTransactionManager class.
| PaBrowseState (struct) | PaBrowseState |
[protected]
Used to hold state for clients reading snapshots of the ACL tables.
| typedef map<uint32_t, PaBrowseState> PaBrowseDB | PaBrowseDB |
[protected]
| EventLoop& _e | _e |
[protected]
| PaTransactionManager& _pat | _pat |
[protected]
| uint32_t _browse_timeout_ms | _browse_timeout_ms |
[protected]
| uint32_t _next_token | _next_token |
[protected]
| PaBrowseDB _bdb | _bdb |
[protected]
| void crank_token ()
| crank_token |
[protected]
| void timeout_browse (uint32_t token)
| timeout_browse |
[protected]
| inline const EventLoop& eventloop ()
| eventloop |
[const]
| inline uint32_t browse_timeout_ms ()
| browse_timeout_ms |
[const]
| enum { BROWSE_TIMEOUT_MS = 15000 } |
| XrlPacketAclTarget (XrlCmdMap* cmds, EventLoop& e,
PaTransactionManager& pat,
uint32_t browse_timeout_ms = BROWSE_TIMEOUT_MS)
| XrlPacketAclTarget |
Constructor.
Parameters:
| eventloop | an EventLoop which will be used for scheduling timers. |
| cmds | an XrlCmdMap that the commands associated with the target should be added to. This is typically the XrlRouter associated with the target. |
| pat | a PaTransactionManager which manages accesses to the underlying ACL tables. |
| ~XrlPacketAclTarget ()
| ~XrlPacketAclTarget |
[virtual]
Destructor.
Dissociates instance commands from command map.
| bool set_command_map (XrlCmdMap* cmds)
| set_command_map |
Set command map.
Parameters:
| cmds | pointer to command map to associate commands with. This argument is typically a pointer to the XrlRouter associated with the target. |
Returns: true on success, false if cmds is null or a command map has already been supplied.
Reimplemented from XrlPacketAclTargetBase.
| inline const string& name ()
| name |
[const]
Get Xrl instance name associated with command map.
Reimplemented from XrlPacketAclTargetBase.
| inline const char* version ()
| version |
[const]
Get version string of instance.
Reimplemented from XrlPacketAclTargetBase.
| XrlCmdError common_0_1_get_target_name (
string& name)
| common_0_1_get_target_name |
[protected]
Function that needs to be implemented to:
Get name of Xrl Target
Reimplemented from XrlPacketAclTargetBase.
| XrlCmdError common_0_1_get_version (
string& version)
| common_0_1_get_version |
[protected]
Function that needs to be implemented to:
Get version string from Xrl Target
Reimplemented from XrlPacketAclTargetBase.
| XrlCmdError common_0_1_get_status (
uint32_t& status,
string& reason)
| common_0_1_get_status |
[protected]
Function that needs to be implemented to:
Get status of Xrl Target
Reimplemented from XrlPacketAclTargetBase.
| XrlCmdError common_0_1_shutdown ()
| common_0_1_shutdown |
[protected]
Function that needs to be implemented to:
Request clean shutdown of Xrl Target
Reimplemented from XrlPacketAclTargetBase.
| XrlCmdError packet_acl_0_1_get_backend (
string& name)
| packet_acl_0_1_get_backend |
[protected]
Function that needs to be implemented to: Get the name of the ACL back-end provider currently in use.
Reimplemented from XrlPacketAclTargetBase.
| XrlCmdError packet_acl_0_1_set_backend (
const string& name)
| packet_acl_0_1_set_backend |
[protected]
Function that needs to be implemented to: Set the underlying packet ACL provider type in use. NOTE: If XORP rules currently exist, this operation will perform an implicit flush and reload when switching to the new provider.
Reimplemented from XrlPacketAclTargetBase.
| XrlCmdError packet_acl_0_1_get_version (
string& version)
| packet_acl_0_1_get_version |
[protected]
Function that needs to be implemented to: Get the underlying packet ACL provider version in use.
Reimplemented from XrlPacketAclTargetBase.
| XrlCmdError packet_acl_0_1_start_transaction (
uint32_t& tid)
| packet_acl_0_1_start_transaction |
[protected]
Function that needs to be implemented to: Start an ACL configuration transaction.
Parameters:
| tid | The number of the newly started transaction. |
Reimplemented from XrlPacketAclTargetBase.
| XrlCmdError packet_acl_0_1_commit_transaction (
const uint32_t& tid)
| packet_acl_0_1_commit_transaction |
[protected]
Function that needs to be implemented to: Commit a previously started ACL configuration transaction.
Parameters:
| tid | The number of the transaction to commit. |
Reimplemented from XrlPacketAclTargetBase.
| XrlCmdError packet_acl_0_1_abort_transaction (
const uint32_t& tid)
| packet_acl_0_1_abort_transaction |
[protected]
Function that needs to be implemented to: Abort an ACL configuration transaction in progress.
Parameters:
| tid | The number of the transaction to abort. |
Reimplemented from XrlPacketAclTargetBase.
| XrlCmdError packet_acl_0_1_add_entry4 (
const uint32_t& tid,
const string& ifname,
const string& vifname,
const IPv4Net& src,
const IPv4Net& dst,
const uint32_t& proto,
const uint32_t& sport,
const uint32_t& dport,
const string& action)
| packet_acl_0_1_add_entry4 |
[protected]
Function that needs to be implemented to: Add an IPv6 family ACL entry.
Parameters:
| tid | The number of the transaction for this operation. |
| ifname | Name of the interface where this filter is to be applied. |
| vifname | Name of the vif where this filter is to be applied. |
| src | Source IPv6 address with network prefix. |
| dst | Destination IPv6 address with network prefix. |
| proto | IP protocol number for match (0-255, 255 is wildcard). |
| sport | Source TCP/UDP port (0-65535, 0 is wildcard). |
| dport | Destination TCP/UDP port (0-65535, 0 is wildcard). |
| action | Action to take when this ACL entry is matched. |
Reimplemented from XrlPacketAclTargetBase.
| XrlCmdError packet_acl_0_1_delete_entry4 (
const uint32_t& tid,
const string& ifname,
const string& vifname,
const IPv4Net& src,
const IPv4Net& dst,
const uint32_t& proto,
const uint32_t& sport,
const uint32_t& dport)
| packet_acl_0_1_delete_entry4 |
[protected]
Function that needs to be implemented to: Delete an IPv4 family ACL entry.
Parameters:
| tid | The number of the transaction for this operation. |
| ifname | Name of the interface where this filter is to be deleted. |
| vifname | Name of the vif where this filter is to be deleted. |
| src | Source IPv4 address with network prefix. |
| dst | Destination IPv4 address with network prefix. |
| proto | IP protocol number for match (0-255, 255 is wildcard). |
| sport | Source TCP/UDP port (0-65535, 0 is wildcard). |
| dport | Destination TCP/UDP port (0-65535, 0 is wildcard). |
Reimplemented from XrlPacketAclTargetBase.
| XrlCmdError packet_acl_0_1_delete_all_entries4 (
const uint32_t& tid)
| packet_acl_0_1_delete_all_entries4 |
[protected]
Function that needs to be implemented to: Delete all IPv4 family ACL entries.
Parameters:
| tid | The number of the transaction for this operation. |
Reimplemented from XrlPacketAclTargetBase.
| XrlCmdError packet_acl_0_1_get_entry_list_start4 (
uint32_t& token,
bool& more)
| packet_acl_0_1_get_entry_list_start4 |
[protected]
Reimplemented from XrlPacketAclTargetBase.
| XrlCmdError packet_acl_0_1_get_entry_list_next4 (
const uint32_t& token,
string& ifname,
string& vifname,
IPv4Net& src,
IPv4Net& dst,
uint32_t& proto,
uint32_t& sport,
uint32_t& dport,
string& action,
bool& more)
| packet_acl_0_1_get_entry_list_next4 |
[protected]
Reimplemented from XrlPacketAclTargetBase.
| XrlCmdError packet_acl_0_1_add_entry6 (
const uint32_t& tid,
const string& ifname,
const string& vifname,
const IPv6Net& src,
const IPv6Net& dst,
const uint32_t& proto,
const uint32_t& sport,
const uint32_t& dport,
const string& action)
| packet_acl_0_1_add_entry6 |
[protected]
Function that needs to be implemented to: Add an IPv6 family ACL entry.
Parameters:
| tid | The number of the transaction for this operation. |
| ifname | Name of the interface where this filter is to be applied. |
| vifname | Name of the vif where this filter is to be applied. |
| src | Source IPv6 address with network prefix. |
| dst | Destination IPv6 address with network prefix. |
| proto | IP protocol number for match (0-255, 255 is wildcard). |
| sport | Source TCP/UDP port (0-65535, 0 is wildcard). |
| dport | Destination TCP/UDP port (0-65535, 0 is wildcard). |
| action | Action to take when this filter is matched. |
Reimplemented from XrlPacketAclTargetBase.
| XrlCmdError packet_acl_0_1_delete_entry6 (
const uint32_t& tid,
const string& ifname,
const string& vifname,
const IPv6Net& src,
const IPv6Net& dst,
const uint32_t& proto,
const uint32_t& sport,
const uint32_t& dport)
| packet_acl_0_1_delete_entry6 |
[protected]
Function that needs to be implemented to: Delete an IPv6 family ACL entry.
Parameters:
| tid | The number of the transaction for this operation. |
| ifname | Name of the interface where this filter is to be deleted. |
| vifname | Name of the vif where this filter is to be deleted. |
| src | Source IPv6 address with network prefix. |
| dst | Destination IPv6 address with network prefix. |
| proto | IP protocol number for match (0-255, 255 is wildcard). |
| sport | Source TCP/UDP port (0-65535, 0 is wildcard). |
| dport | Destination TCP/UDP port (0-65535, 0 is wildcard). |
Reimplemented from XrlPacketAclTargetBase.
| XrlCmdError packet_acl_0_1_delete_all_entries6 (
const uint32_t& tid)
| packet_acl_0_1_delete_all_entries6 |
[protected]
Function that needs to be implemented to: Delete all IPv6 family ACL entries.
Parameters:
| tid | The number of the transaction for this operation. |
Reimplemented from XrlPacketAclTargetBase.
