aclplugin

package

v1.4.1 Latest Latest Go to latest Published: Jun 11, 2018 License: Apache-2.0 Imports: 11 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/ligato/vpp-agent

Links

Open Source Insights

README ¶

ACL plugin

The aclplugin is a Core Agent Plugin designed to configure ACL in the VPP. Configuration managed by this plugin is modelled by acl proto file.

The configuration must be stored in ETCD using following keys:

/vnf-agent/<agent-label>/vpp/config/v1/acl/<acl-name>

JSON configuration example with vpp-agent-ctl

An example of basic ACL configuration in JSON format can be found with rules for MACIP, TCP, UDP

Built-in configuration example with vpp-agent-ctl

The vpp-agent-ctl binary also ships with some simple predefined acl configurations. It is meant to be used solely for testing purposes.

To configure a new acl acl1, use:

vpp-agent-ctl /opt/vpp-agent/dev/etcd.conf -acl

To delete the acl, use:

vpp-agent-ctl /opt/vpp-agent/dev/etcd.conf -acld

Documentation ¶

Overview ¶

Package aclplugin implements the ACL Plugin that handles management of VPP Access lists.

Constants ¶

View Source

const (
	INGRESS = "ingress"
	EGRESS  = "egress"
	L2      = "l2"
)

Interface attribute according to the configuration

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type ACLConfigurator ¶

type ACLConfigurator struct {
	Log            logging.Logger
	GoVppmux       govppmux.API
	ACLL3L4Indexes aclidx.AclIndexRW
	ACLL2Indexes   aclidx.AclIndexRW // mapping for L2 ACLs
	SwIfIndexes    ifaceidx.SwIfIndex
	Stopwatch      *measure.Stopwatch // timer used to measure and store time

	ACLIfCache []*ACLIfCacheEntry // cache for ACL un-configured interfaces
	// contains filtered or unexported fields
}

ACLConfigurator runs in the background in its own goroutine where it watches for any changes in the configuration of ACLs as modelled by the proto file "../model/acl/acl.proto" and stored in ETCD under the key "/vnf-agent/{agent-label}/vpp/config/v1/acl/". Updates received from the northbound API are compared with the VPP run-time configuration and differences are applied through the VPP binary API.

func (*ACLConfigurator) Close ¶

func (plugin *ACLConfigurator) Close() error

Close GOVPP channel.

func (*ACLConfigurator) ConfigureACL ¶

func (plugin *ACLConfigurator) ConfigureACL(acl *acl.AccessLists_Acl) error

ConfigureACL creates access list with provided rules and sets this list to every relevant interface.

func (*ACLConfigurator) DeleteACL ¶

func (plugin *ACLConfigurator) DeleteACL(acl *acl.AccessLists_Acl) (err error)

DeleteACL removes existing ACL. To detach ACL from interfaces, list of interfaces has to be provided.

func (*ACLConfigurator) DumpACL ¶ added in v1.0.8

func (plugin *ACLConfigurator) DumpACL() (acls []*acl.AccessLists_Acl, err error)

DumpACL returns all configured ACLs in proto format

func (*ACLConfigurator) Init ¶

func (plugin *ACLConfigurator) Init() (err error)

Init goroutines, channels and mappings.

func (*ACLConfigurator) ModifyACL ¶

func (plugin *ACLConfigurator) ModifyACL(oldACL, newACL *acl.AccessLists_Acl) (err error)

ModifyACL modifies previously created access list. L2 access list is removed and recreated, L3/L4 access list is modified directly. List of interfaces is refreshed as well.

func (*ACLConfigurator) ResolveCreatedInterface ¶ added in v1.4.0

func (plugin *ACLConfigurator) ResolveCreatedInterface(ifName string, ifIdx uint32) error

ResolveCreatedInterface configures new interface for every ACL found in cache

func (*ACLConfigurator) ResolveDeletedInterface ¶ added in v1.4.0

func (plugin *ACLConfigurator) ResolveDeletedInterface(ifName string, ifIdx uint32) error

ResolveDeletedInterface puts removed interface to cache, including acl index. Note: it's not needed to remove ACL from interface manually, VPP handles it itself and such an behavior would cause errors (ACLs cannot be dumped from non-existing interface)

func (*ACLConfigurator) Resync ¶

func (plugin *ACLConfigurator) Resync(nbACLs []*acl.AccessLists_Acl, log logging.Logger) error

Resync writes ACLs to the empty VPP.

type ACLIfCacheEntry ¶ added in v1.4.0

type ACLIfCacheEntry struct {
	// contains filtered or unexported fields
}

ACLIfCacheEntry contains info about interface, aclID and whether it is MAC IP address. Used as a cache for missing interfaces while configuring ACL

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
aclidx
vppcalls Package vppcalls contains wrappers over VPP ACL binary APIs.	Package vppcalls contains wrappers over VPP ACL binary APIs.
vppdump Package vppdump provides helpers to dump ACLs configured in VPP - per interface and total.	Package vppdump provides helpers to dump ACLs configured in VPP - per interface and total.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL