Documentation ¶
Overview ¶
Package aclplugin implements the ACL Plugin that handles management of VPP Access lists.
Index ¶
- Constants
- type ACLConfigurator
- func (plugin *ACLConfigurator) Close() error
- func (plugin *ACLConfigurator) ConfigureACL(acl *acl.AccessLists_Acl) error
- func (plugin *ACLConfigurator) DeleteACL(acl *acl.AccessLists_Acl) (err error)
- func (plugin *ACLConfigurator) DumpACL() (acls []*acl.AccessLists_Acl, err error)
- func (plugin *ACLConfigurator) Init() (err error)
- func (plugin *ACLConfigurator) ModifyACL(oldACL, newACL *acl.AccessLists_Acl) (err error)
- func (plugin *ACLConfigurator) ResolveCreatedInterface(ifName string, ifIdx uint32) error
- func (plugin *ACLConfigurator) ResolveDeletedInterface(ifName string, ifIdx uint32) error
- func (plugin *ACLConfigurator) Resync(nbACLs []*acl.AccessLists_Acl, log logging.Logger) error
- type ACLIfCacheEntry
Constants ¶
const ( INGRESS = "ingress" EGRESS = "egress" L2 = "l2" )
Interface attribute according to the configuration
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type ACLConfigurator ¶
type ACLConfigurator struct { Log logging.Logger GoVppmux govppmux.API ACLL3L4Indexes aclidx.AclIndexRW ACLL2Indexes aclidx.AclIndexRW // mapping for L2 ACLs SwIfIndexes ifaceidx.SwIfIndex Stopwatch *measure.Stopwatch // timer used to measure and store time ACLIfCache []*ACLIfCacheEntry // cache for ACL un-configured interfaces // contains filtered or unexported fields }
ACLConfigurator runs in the background in its own goroutine where it watches for any changes in the configuration of ACLs as modelled by the proto file "../model/acl/acl.proto" and stored in ETCD under the key "/vnf-agent/{agent-label}/vpp/config/v1/acl/". Updates received from the northbound API are compared with the VPP run-time configuration and differences are applied through the VPP binary API.
func (*ACLConfigurator) ConfigureACL ¶
func (plugin *ACLConfigurator) ConfigureACL(acl *acl.AccessLists_Acl) error
ConfigureACL creates access list with provided rules and sets this list to every relevant interface.
func (*ACLConfigurator) DeleteACL ¶
func (plugin *ACLConfigurator) DeleteACL(acl *acl.AccessLists_Acl) (err error)
DeleteACL removes existing ACL. To detach ACL from interfaces, list of interfaces has to be provided.
func (*ACLConfigurator) DumpACL ¶ added in v1.0.8
func (plugin *ACLConfigurator) DumpACL() (acls []*acl.AccessLists_Acl, err error)
DumpACL returns all configured ACLs in proto format
func (*ACLConfigurator) Init ¶
func (plugin *ACLConfigurator) Init() (err error)
Init goroutines, channels and mappings.
func (*ACLConfigurator) ModifyACL ¶
func (plugin *ACLConfigurator) ModifyACL(oldACL, newACL *acl.AccessLists_Acl) (err error)
ModifyACL modifies previously created access list. L2 access list is removed and recreated, L3/L4 access list is modified directly. List of interfaces is refreshed as well.
func (*ACLConfigurator) ResolveCreatedInterface ¶ added in v1.4.0
func (plugin *ACLConfigurator) ResolveCreatedInterface(ifName string, ifIdx uint32) error
ResolveCreatedInterface configures new interface for every ACL found in cache
func (*ACLConfigurator) ResolveDeletedInterface ¶ added in v1.4.0
func (plugin *ACLConfigurator) ResolveDeletedInterface(ifName string, ifIdx uint32) error
ResolveDeletedInterface puts removed interface to cache, including acl index. Note: it's not needed to remove ACL from interface manually, VPP handles it itself and such an behavior would cause errors (ACLs cannot be dumped from non-existing interface)
func (*ACLConfigurator) Resync ¶
func (plugin *ACLConfigurator) Resync(nbACLs []*acl.AccessLists_Acl, log logging.Logger) error
Resync writes ACLs to the empty VPP.
type ACLIfCacheEntry ¶ added in v1.4.0
type ACLIfCacheEntry struct {
// contains filtered or unexported fields
}
ACLIfCacheEntry contains info about interface, aclID and whether it is MAC IP address. Used as a cache for missing interfaces while configuring ACL
Directories ¶
Path | Synopsis |
---|---|
Package vppcalls contains wrappers over VPP ACL binary APIs.
|
Package vppcalls contains wrappers over VPP ACL binary APIs. |
Package vppdump provides helpers to dump ACLs configured in VPP - per interface and total.
|
Package vppdump provides helpers to dump ACLs configured in VPP - per interface and total. |