faucet.valve_acl module

Compose ACLs on ports.

class faucet.valve_acl.ValveAclManager(port_acl_table, vlan_acl_table, egress_acl_table, pipeline, meters, dp_acls=None)[source]

Bases: faucet.valve_manager_base.ValveManagerBase

Handle installation of ACLs on a DP

add_authed_mac(port_num, mac)[source]

Add authed mac address

add_port(port)[source]

Install port acls if configured

add_port_acl(acl, port_num, mac=None)[source]

Create ACL openflow rules for Port

add_vlan(vlan, cold_start)[source]

Install vlan ACLS if configured

build_tunnel_acl_rule_ofmsgs(source_id, tunnel_id, acl)[source]

Build a rule of an ACL that contains a tunnel

build_tunnel_rules_ofmsgs(source_id, tunnel_id, acl)[source]

Build a tunnel only generated rule

cold_start_port(port)[source]

Reload acl for a port by deleting existing rules and calling add_port

create_dot1x_flow_pair(port_num, nfv_sw_port_num, mac)[source]

Create dot1x flow pair

create_mab_flow(port_num, nfv_sw_port_num, mac)[source]
Create MAB ACL for sending IP Activity to Chewie NFV

Returns flowmods to send all IP traffic to Chewie

Parameters

  • port_num (int) – Number of port in

  • nfv_sw_port_num (int) – Number of port out

  • mac (str) – MAC address of the valve/port combo

del_authed_mac(port_num, mac=None, strict=True)[source]

remove authed mac address

del_dot1x_flow_pair(port_num, nfv_sw_port_num, mac)[source]

Deletes dot1x flow pair

del_mab_flow(port_num, nfv_sw_port_num, mac)[source]
Remove MAB ACL for sending IP Activity to Chewie NFV

Returns flowmods to send all IP traffic to Chewie

Parameters

  • port_num (int) – Number of port in

  • nfv_sw_port_num (int) – Number of port out

  • mac (str) – MAC address of the valve/port combo

del_port_acl(acl, port_num, mac=None)[source]

Delete ACL rules for Port

initialise_tables()[source]

Install dp acls if configured

faucet.valve_acl.add_mac_address_to_match(match, eth_src)[source]

Add or change the value of a match type

faucet.valve_acl.build_acl_entry(acl_table, rule_conf, meters, acl_allow_inst, acl_force_port_vlan_inst, port_num=None, vlan_vid=None, tunnel_rules=None, source_id=None)[source]

Build flow/groupmods for one ACL rule entry.

faucet.valve_acl.build_acl_ofmsgs(acls, acl_table, acl_allow_inst, acl_force_port_vlan_inst, highest_priority, meters, exact_match, port_num=None, vlan_vid=None)[source]

Build flow/groupmods for all entries in an ACL.

faucet.valve_acl.build_acl_port_of_msgs(acl, vid, port_num, acl_table, goto_table, priority)[source]

A Helper function for building Openflow Mod Messages for Port ACLs

faucet.valve_acl.build_ordered_output_actions(acl_table, output_list, tunnel_rules=None, source_id=None)[source]

Build actions from ordered ACL output list

faucet.valve_acl.build_output_actions(acl_table, output_dict, tunnel_rules=None, source_id=None)[source]

Implement actions to alter packet/output.

faucet.valve_acl.build_rule_ofmsgs(rule_conf, acl_table, acl_allow_inst, acl_force_port_vlan_inst, highest_priority, acl_rule_priority, meters, exact_match, port_num=None, vlan_vid=None, tunnel_rules=None, source_id=None, flowdel=False)[source]

Build an ACL rule and return OFMSGs

faucet.valve_acl.build_tunnel_ofmsgs(rule_conf, acl_table, priority, port_num=None, vlan_vid=None, flowdel=False)[source]

Build a specific tunnel only ofmsgs

faucet.valve_acl.push_vlan(acl_table, vlan_vid)[source]

Push a VLAN tag with optional selection of eth type.

faucet.valve_acl.rewrite_vlan(acl_table, output_dict)[source]

Implement actions to rewrite VLAN headers.