faucet.acl module¶
Configuration for ACLs.
-
class
faucet.acl.
ACL
(_id, dp_id, conf)[source]¶ Bases:
faucet.conf.Conf
Contains the state for an ACL, including the configuration.
ACL Config
ACLs are configured under the ‘acls’ configuration block. The acls block contains a dictionary of individual acls each keyed by its name.
Each acl contains a list of rules, a packet will have the first matching rule applied to it.
Each rule is a dictionary containing the single key ‘rule’ with the value the matches and actions for the rule.
The matches are key/values based on the ryu RESTFul API. The key ‘actions’ contains a dictionary with keys/values as follows:
- allow (bool): if True allow the packet to continue through the Faucet pipeline, if False drop the packet.
- meter (str): meter to apply to the packet
- output (dict): used to output a packet directly. details below.
- cookie (int): set flow cookie to this value on this flow
The output action contains a dictionary with the following elements:
- port (int or string): the port to output the packet to
- ports (list): a list of the ports (int or string) to output the packet to
- set_fields (list): a list of fields to set with values
- dl_dst (str): old style request to set eth_dst to a value (set_fields recommended)
- pop_vlans: (int): pop the packet vlan before outputting
- vlan_vid: (int): push the vlan vid on the packet when outputting
- vlan_vids: (list): push the list of vlans on the packet when outputting, with option eth_type
- swap_vid (int): rewrite the vlan vid of the packet when outputting
- failover (dict): Output with a failover port (experimental)
-
actions_types
= {'allow': <class 'int'>, 'meter': <class 'str'>, 'mirror': (<class 'str'>, <class 'int'>), 'output': <class 'dict'>}¶
-
defaults
= {'exact_match': False, 'rules': None}¶
-
defaults_types
= {'exact_match': <class 'bool'>, 'rules': <class 'list'>}¶
-
exact_match
= None¶
-
output_actions_types
= {'dl_dst': <class 'str'>, 'failover': <class 'dict'>, 'pop_vlans': <class 'int'>, 'port': (<class 'str'>, <class 'int'>), 'ports': <class 'list'>, 'set_fields': <class 'list'>, 'swap_vid': <class 'int'>, 'vlan_vid': <class 'int'>, 'vlan_vids': <class 'list'>}¶
-
rule_types
= {'actions': <class 'dict'>, 'cookie': <class 'int'>, 'description': <class 'str'>}¶
-
rules
= None¶