faucet.acl module

Configuration for ACLs.

class faucet.acl.ACL(_id, dp_id, conf)[source]

Bases: faucet.conf.Conf

Contains the state for an ACL, including the configuration.

ACL Config

ACLs are configured under the ‘acls’ configuration block. The acls block contains a dictionary of individual acls each keyed by its name.

Each acl contains a list of rules, a packet will have the first matching rule applied to it.

Each rule is a dictionary containing the single key ‘rule’ with the value the matches and actions for the rule.

The matches are key/values based on the ryu RESTFul API. The key ‘actions’ contains a dictionary with keys/values as follows:

  • allow (int): if 1 allow the packet to continue through the Faucet pipeline, if 0 drop the packet.
  • force_port_vlan (int): if 1, do not verify the VLAN/port association for this packet and override any VLAN ACL on the forced VLAN.
  • meter (str): meter to apply to the packet
  • output (dict): used to output a packet directly. details below.
  • cookie (int): set flow cookie to this value on this flow

The output action contains a dictionary with the following elements:

  • port (int or string): the port to output the packet to
  • ports (list): a list of the ports (int or string) to output the packet to
  • set_fields (list): a list of fields to set with values
  • dl_dst (str): old style request to set eth_dst to a value (set_fields recommended)
  • pop_vlans: (int): pop the packet vlan before outputting
  • vlan_vid: (int): push the vlan vid on the packet when outputting
  • vlan_vids: (list): push the list of vlans on the packet when outputting, with option eth_type
  • swap_vid (int): rewrite the vlan vid of the packet when outputting
  • failover (dict): Output with a failover port (experimental)
actions_types = {'allow': <class 'int'>, 'force_port_vlan': <class 'int'>, 'meter': <class 'str'>, 'mirror': (<class 'str'>, <class 'int'>), 'output': <class 'dict'>}
defaults = {'exact_match': False, 'rules': None}
defaults_types = {'exact_match': <class 'bool'>, 'rules': <class 'list'>}
exact_match = None
output_actions_types = {'dl_dst': <class 'str'>, 'failover': <class 'dict'>, 'pop_vlans': <class 'int'>, 'port': (<class 'str'>, <class 'int'>), 'ports': <class 'list'>, 'set_fields': <class 'list'>, 'swap_vid': <class 'int'>, 'vlan_vid': <class 'int'>, 'vlan_vids': <class 'list'>}
rule_types = {'actions': <class 'dict'>, 'cookie': <class 'int'>, 'description': <class 'str'>}
rules = None

Return configuration as a dict.