FD.io VPP  v20.05.1-6-gf53edbc3b
Vector Packet Processing
acl_l3_rule.hpp
Go to the documentation of this file.
1 /*
2  * Copyright (c) 2017 Cisco and/or its affiliates.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at:
6  *
7  * http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #ifndef __VOM_L3_ACL_RULE_H__
17 #define __VOM_L3_ACL_RULE_H__
18 
19 #include "vom/acl_types.hpp"
20 #include "vom/prefix.hpp"
21 
22 namespace VOM {
23 namespace ACL {
24 /**
25  * An ACL rule is the building block of an ACL. An ACL, which is
26  * the object applied to an interface, is comprised of an ordersed
27  * sequence of ACL rules.
28  * This class is a wrapper around the VAPI generated struct and exports
29  * an API with better types.
30  */
31 class l3_rule
32 {
33 public:
34  /**
35  * Construct a new object matching the desried state
36  */
37  l3_rule(uint32_t priority,
38  const action_t& action,
39  const route::prefix_t& src,
40  const route::prefix_t& dst,
41  uint8_t proto = 0,
42  uint16_t srcport_or_icmptype_first = 0,
43  uint16_t srcport_or_icmptype_last = 0,
44  uint16_t dstport_or_icmpcode_first = 0,
45  uint16_t dstport_or_icmpcode_last = 0,
46  uint8_t tcp_flags_mask = 0,
47  uint8_t tcp_flags_value = 0);
48 
49  /**
50  * Copy Constructor
51  */
52  l3_rule(const l3_rule& o) = default;
53 
54  /**
55  * Destructor
56  */
57  ~l3_rule() = default;
58 
59  /**
60  * convert to string format for debug purposes
61  */
62  std::string to_string() const;
63 
64  /**
65  * less-than operator
66  */
67  bool operator<(const l3_rule& rule) const;
68 
69  /**
70  * comparison operator (for testing)
71  */
72  bool operator==(const l3_rule& rule) const;
73 
74  /**
75  * Set Src Ip Address
76  */
77  void set_src_ip(route::prefix_t src);
78 
79  /**
80  * Set Dst Ip Address
81  */
82  void set_dst_ip(route::prefix_t dst);
83 
84  /**
85  *Set proto
86  */
87  void set_proto(uint8_t proto);
88 
89  /**
90  * Set Src port or ICMP Type first
91  */
93 
94  /**
95  * Set Src port or ICMP Type last
96  */
98 
99  /**
100  * Set Dst port or ICMP code first
101  */
103 
104  /**
105  * Set Dst port or ICMP code last
106  */
108 
109  /**
110  * Set TCP flags mask
111  */
112  void set_tcp_flags_mask(uint8_t tcp_flags_mask);
113 
114  /**
115  * Set TCP flags value
116  */
117  void set_tcp_flags_value(uint8_t tcp_flags_value);
118 
119  /**
120  * Getters
121  */
122  const route::prefix_t& src() const;
123  uint32_t priority() const;
124  const action_t& action() const;
125  const route::prefix_t& dst() const;
126  uint8_t proto() const;
127  uint16_t srcport_or_icmptype_first() const;
128  uint16_t srcport_or_icmptype_last() const;
129  uint16_t dstport_or_icmpcode_first() const;
130  uint16_t dstport_or_icmpcode_last() const;
131  uint8_t tcp_flags_mask() const;
132  uint8_t tcp_flags_value() const;
133 
134 private:
135  /**
136  * Priority. Used to sort the rules in a list in the order
137  * in which they are applied
138  */
139  uint32_t m_priority;
140 
141  /**
142  * Action on match
143  */
144  action_t m_action;
145 
146  /**
147  * Source Prefix
148  */
149  route::prefix_t m_src;
150 
151  /**
152  * Destination Prefix
153  */
154  route::prefix_t m_dst;
155 
156  /**
157  * L4 protocol. IANA number. 1 = ICMP, 58 = ICMPv6, 6 = TCP, 17 =
158  * UDP.
159  * 0 => ignore L4 and ignore the ports/tcpflags when matching.
160  */
161  uint8_t m_proto;
162 
163  /**
164  * If the L4 protocol is TCP or UDP, the below
165  * hold ranges of ports, else if the L4 is ICMP/ICMPv6
166  * they hold ranges of ICMP(v6) types/codes.
167  *
168  * Ranges are inclusive, i.e. to match "any" TCP/UDP port,
169  * use first=0,last=65535. For ICMP(v6),
170  * use first=0,last=255.
171  */
172  uint16_t m_srcport_or_icmptype_first;
173  uint16_t m_srcport_or_icmptype_last;
174  uint16_t m_dstport_or_icmpcode_first;
175  uint16_t m_dstport_or_icmpcode_last;
176 
177  /*
178  * for proto = 6, this matches if the
179  * TCP flags in the packet, ANDed with tcp_flags_mask,
180  * is equal to tcp_flags_value.
181  */
182  uint8_t m_tcp_flags_mask;
183  uint8_t m_tcp_flags_value;
184 };
185 };
186 };
187 
188 /*
189  * fd.io coding-style-patch-verification: ON
190  *
191  * Local Variables:
192  * eval: (c-set-style "mozilla")
193  * End:
194  */
195 
196 #endif
const action_t & action() const
std::string to_string() const
convert to string format for debug purposes
Definition: acl_l3_rule.cpp:67
void set_src_from_port(uint16_t srcport_or_icmptype_first)
Set Src port or ICMP Type first.
l3_rule(uint32_t priority, const action_t &action, const route::prefix_t &src, const route::prefix_t &dst, uint8_t proto=0, uint16_t srcport_or_icmptype_first=0, uint16_t srcport_or_icmptype_last=0, uint16_t dstport_or_icmpcode_first=0, uint16_t dstport_or_icmpcode_last=0, uint8_t tcp_flags_mask=0, uint8_t tcp_flags_value=0)
Construct a new object matching the desried state.
Definition: acl_l3_rule.cpp:22
void set_dst_from_port(uint16_t dstport_or_icmpcode_first)
Set Dst port or ICMP code first.
void set_tcp_flags_value(uint8_t tcp_flags_value)
Set TCP flags value.
uint16_t srcport_or_icmptype_last() const
bool operator<(const l3_rule &rule) const
less-than operator
Definition: acl_l3_rule.cpp:48
void set_tcp_flags_mask(uint8_t tcp_flags_mask)
Set TCP flags mask.
~l3_rule()=default
Destructor.
void set_src_to_port(uint16_t srcport_or_icmptype_last)
Set Src port or ICMP Type last.
bool operator==(const l3_rule &rule) const
comparison operator (for testing)
Definition: acl_l3_rule.cpp:54
void set_dst_ip(route::prefix_t dst)
Set Dst Ip Address.
Definition: acl_l3_rule.cpp:92
uint8_t proto() const
uint16_t dstport_or_icmpcode_last() const
uint16_t dstport_or_icmpcode_first() const
const route::prefix_t & dst() const
const route::prefix_t & src() const
Getters.
void set_dst_to_port(uint16_t dstport_or_icmpcode_last)
Set Dst port or ICMP code last.
uint32_t priority() const
void set_proto(uint8_t proto)
Set proto.
Definition: acl_l3_rule.cpp:98
The VPP Object Model (VOM) library.
Definition: acl_binding.cpp:19
An ACL rule is the building block of an ACL.
Definition: acl_l3_rule.hpp:31
ACL Actions.
Definition: acl_types.hpp:26
uint16_t srcport_or_icmptype_first() const
uint8_t tcp_flags_mask() const
uint8_t tcp_flags_value() const
A prefix defintion.
Definition: prefix.hpp:131
void set_src_ip(route::prefix_t src)
Set Src Ip Address.
Definition: acl_l3_rule.cpp:86