ACL Functions


Data Structures
struct	nmf_acl_rule_stats
union	nmf_acl_rule_attr_value
	ACL Rule Attributes Value Types. More...
Enumerations
enum	nmf_cond_type { NMF_COND_ETH_TYPE = 1, NMF_COND_VLAN_ID, NMF_COND_VLAN_PRI, NMF_COND_SWITCH_PRI, NMF_COND_ETH_SRC, NMF_COND_ETH_DST, NMF_COND_IP_PROTO, NMF_COND_IP_FLAGS, NMF_COND_IP_DSCP, NMF_COND_IP_TTL, NMF_COND_IP4_SRC, NMF_COND_IP4_DST, NMF_COND_IP6_SRC, NMF_COND_IP6_DST, NMF_COND_IP6_FLOW, NMF_COND_TCP_FLAGS, NMF_COND_L4_SRC_PORT, NMF_COND_L4_DST_PORT, NMF_COND_L4_SRC_PORT_RANGE, NMF_COND_L4_DST_PORT_RANGE, NMF_COND_USER, NMF_COND_RX_PORT_LIST }
enum	nmf_action_id { NMF_ACTION_PERMIT = 1, NMF_ACTION_DROP, NMF_ACTION_COUNT, NMF_ACTION_REDIRECT, NMF_ACTION_LOAD_BALANCE, NMF_ACTION_MODIFY, NMF_ACTION_POLICE, NMF_ACTION_MIRROR, NMF_ACTION_LOG, NMF_ACTION_TRAP }
enum	nmf_acl_rule_attr_id
	ACL Rule Attribute Identifiers.
enum	nmf_qos_tc_pri_mode { NMF_QOS_TC_PRI_MODE_STRICT, NMF_QOS_TC_PRI_MODE_BALANCED }
	Quality of Service configuration. More...
enum	nmf_qos_cn_reaction_mode { NMF_QOS_CN_REACTION_FWD = 1, NMF_QOS_CN_REACTION_DROP, NMF_QOS_CN_REACTION_RATELIM }
enum	nmf_qos_port_attr_id { NMF_QOS_PORT_ATTR_RX_VPRI_MAP = 1, NMF_QOS_PORT_ATTR_TX_VPRI_MAP, NMF_QOS_PORT_ATTR_SCHED_PRI_SETS, NMF_QOS_PORT_ATTR_TC_WEIGHTS, NMF_QOS_PORT_ATTR_TC_PRI_MODE, NMF_QOS_PORT_ATTR_TC_TOKEN_RATE, NMF_QOS_PORT_ATTR_TC_BURST_SIZE, NMF_QOS_PORT_ATTR_CN_REACTION_MODE, NMF_QOS_PORT_ATTR_CN_REACTION_RATE, NMF_QOS_PORT_ATTR_CN_FRAME_DMAC_SUFFIX, NMF_QOS_PORT_ATTR_CN_MIN, NMF_QOS_PORT_ATTR_CN_MAX, NMF_QOS_PORT_ATTR_CN_EQ, NMF_QOS_PORT_ATTR_CN_SC }
enum	nmf_qos_cn_mode { NMF_QOS_CN_MODE_DISABLED = 1, NMF_QOS_CN_MODE_VCN, NMF_QOS_CN_MODE_FCN }
enum	nmf_qos_slot_attr_id { NMF_QOS_SLOT_ATTR_VPRI_SWPRI_MAP = 1, NMF_QOS_SLOT_ATTR_DSCP_SWPRI_MAP, NMF_QOS_SLOT_ATTR_SWPRI_TC_MAP, NMF_QOS_SLOT_ATTR_TC_SCHEDPRI_MAP, NMF_QOS_SLOT_ATTR_CN_MODE, NMF_QOS_SLOT_ATTR_CN_FRAME_ETYPE, NMF_QOS_SLOT_ATTR_CN_FRAME_VPRI, NMF_QOS_SLOT_ATTR_CN_FRAME_VLAN, NMF_QOS_SLOT_ATTR_CN_FRAME_SRC_PORT, NMF_QOS_SLOT_ATTR_CN_FRAME_SMAC, NMF_QOS_SLOT_ATTR_CN_FRAME_DMAC, NMF_QOS_SLOT_ATTR_CN_SAMPLING_RATE }
Functions
nmf_status_t	nmf_acl_add (nmf_client_t client_id, int slot_id, nmf_id_t acl_id, char name, nm_u32_t scope, int precedence)
	Allocate an Access Control List.
nmf_status_t	nmf_acl_list_get (nmf_client_t client_id, int slot_id, nm_bv_t *bv)
	Query the set of Access Control Lists.
nmf_status_t	nmf_acl_rule_add (nmf_client_t client_id, int slot_id, nmf_id_t acl_id, int rule_no, struct nmf_acl_rule *acl_rule)
	Add a rule to an Access Control List.
nmf_status_t	nmf_acl_rule_rem (nmf_client_t client_id, int slot_id, nmf_id_t acl_id, int rule)
	Add a rule to an Access Control List.
nmf_status_t	nmf_acl_rule_get (nmf_client_t client_id, int slot_id, nmf_id_t acl_id, int rule, struct nmf_acl_rule **acl_rule)
	Query a rule from an Access Control List.
struct nmf_acl_rule *	nmf_acl_rule_alloc (int cond_count, int action_count)
	Allocate the memory for an ACL rule.
void	nmf_acl_rule_free (struct nmf_acl_rule *acl_rule)
	Free the memory for an ACL rule.
struct nmf_acl_rule *	nmf_acl_rule_dup (struct nmf_acl_rule *dst)
	Copy an ACL.
nmf_status_t	nmf_acl_rem (nmf_client_t client_id, int slot_id, nmf_id_t acl_id)
	Remove a perviously defined ACL.
nmf_status_t	nmf_acl_commit (nmf_client_t client_id, int slot_id)
	Commit ACL changes.
nmf_status_t	nmf_acl_attr_set (nmf_client_t clid, int slot, nmf_id_t acl_id, enum nmf_acl_attr_id id, union nmf_acl_attr_value *attr)
	Set an ACL attribute.
nmf_status_t	nmf_acl_attr_get (nmf_client_t clid, int slot, int acl_id, enum nmf_acl_attr_id id, union nmf_acl_attr_value *attr)
	Get an ACL attribute.

Detailed Description

An Access Control List (ACL) is a set of match condition that identify a particular packet flow and a set of actions to take on packets in that flow.

Enumeration Type Documentation

enum nmf_action_id

Enumerator:

NMF_ACTION_PERMIT	Accept the packet.
NMF_ACTION_DROP	Drop the packet.
NMF_ACTION_COUNT	Keep a count of the frames and bytes matched by this rule.
NMF_ACTION_REDIRECT	Send the packet to the specified port(s), optionally bypassing lag filtering.
NMF_ACTION_LOAD_BALANCE	Send the packet to the specified load balance group.
NMF_ACTION_MODIFY	Modify a field in the packet.
NMF_ACTION_POLICE	Police and count the packet.
NMF_ACTION_MIRROR	Send a copy of the packet to another port.
NMF_ACTION_LOG	Send a copy of the packet to the CPU and forward the packet.
NMF_ACTION_TRAP	Send the packet to the CPU (don't forward).

Definition at line 2448 of file nmf.h.

enum nmf_cond_type

Enumerator:

NMF_COND_ETH_TYPE	Match the Ethernet type
NMF_COND_VLAN_ID	Match the VLAN Id
NMF_COND_VLAN_PRI	Match VLAN priority
NMF_COND_SWITCH_PRI	Match switch priority
NMF_COND_ETH_SRC	Match the Ethernet source address
NMF_COND_ETH_DST	Match the Ethernet destination address
NMF_COND_IP_PROTO	Match the IP protocol
NMF_COND_IP_FLAGS	Match the IP flags
NMF_COND_IP_DSCP	Match the IP DSCP field
NMF_COND_IP_TTL	Match the time to live
NMF_COND_IP4_SRC	Match the IP source address
NMF_COND_IP4_DST	Match the IP destination address
NMF_COND_IP6_SRC	Match the IPv6 flow label
NMF_COND_IP6_DST	Match the IP destination address
NMF_COND_IP6_FLOW	Match the IPv6 flow label
NMF_COND_TCP_FLAGS	Match the TCP flags
NMF_COND_L4_SRC_PORT	Match the UDP or TCP source port
NMF_COND_L4_DST_PORT	Match the UDP or TCP destination port
NMF_COND_L4_SRC_PORT_RANGE	Match the UDP or TCP source port range
NMF_COND_L4_DST_PORT_RANGE	Match the UDP or TCP destination port range
NMF_COND_USER	Match the user tag for the packet
NMF_COND_RX_PORT_LIST	Match based on ingress port

Definition at line 2312 of file nmf.h.

enum nmf_qos_cn_mode

Enumerator:

NMF_QOS_CN_MODE_DISABLED	No congestion notification frame generation.
NMF_QOS_CN_MODE_VCN	Multicast VCN frames periodically to report congestion
NMF_QOS_CN_MODE_FCN	Transmit congestion notification frames toward the source by randomly sampling frames when the equilibrum point has been exceeded.

Definition at line 2843 of file nmf.h.

enum nmf_qos_cn_reaction_mode

Enumerator:

NMF_QOS_CN_REACTION_FWD	Forward the frame
NMF_QOS_CN_REACTION_DROP	Discard the CN frame
NMF_QOS_CN_REACTION_RATELIM	Trap the frame, using a rate limiter to control the number of PAUSE frames that will be sent if there is congestion.

Definition at line 2748 of file nmf.h.

enum nmf_qos_port_attr_id

Enumerator:

NMF_QOS_PORT_ATTR_RX_VPRI_MAP	Maps the PRI bits from the VLAN tag to an internal VLAN priority.
NMF_QOS_PORT_ATTR_TX_VPRI_MAP	Maps the internal VLAN priority to egress VLAN priority.
NMF_QOS_PORT_ATTR_SCHED_PRI_SETS	Defines priority sets, clustering classes into sets of shared priority.
NMF_QOS_PORT_ATTR_TC_WEIGHTS	Defines the deficit round robin quantum for a traffic class.
NMF_QOS_PORT_ATTR_TC_PRI_MODE	Defines the priority mode for each traffic class.
NMF_QOS_PORT_ATTR_TC_TOKEN_RATE	Defines the maximum transmission rate (token bucket replenishment rate) for a traffic class.
NMF_QOS_PORT_ATTR_TC_BURST_SIZE	Defines the maximum transmission burst size (token bucket saturation value) for a traffic class.
NMF_QOS_PORT_ATTR_CN_REACTION_MODE	Defines how the port will react when it is the egress for a Congestion Notification frame.
NMF_QOS_PORT_ATTR_CN_REACTION_RATE	Defines the rate limit in bits per second to apply when the port needs to be rate limited following capture of the Congestion Notification frame on egress.
NMF_QOS_PORT_ATTR_CN_FRAME_DMAC_SUFFIX	Defines the lower 16 bits of the destination MAC address for Vitual-output-queue Congestion Notification frames on the port. The default value is 0xEEFF, which when combined with the switch-global upper 48 bits, defined with the ''NMF_QOS_ATTR_CN_FRAME_DMAC'' switch QoS attribute, yields a default MAC address of 00:EF:FE:FF:EE:FF.
NMF_QOS_PORT_ATTR_CN_MIN	Defines the % memory usage at which point a congestion condition on the port is considered cleared for a memory partition. The integer value is specified in 100ths, i.e. 4862 is 48.62%
NMF_QOS_PORT_ATTR_CN_MAX	Defines the % memory usage at which point a congestion condition on the port is considered to exist for a memory partition. The integer value is specified in 100ths.
NMF_QOS_PORT_ATTR_CN_EQ	Defines the FCN congestion notification equilibrum point memory usage. The integer value is specified in 100ths.
NMF_QOS_PORT_ATTR_CN_SC	Defines the Fractional Congestion Notification (FCN) severe congestion point. The integer value is specified in 100ths.

Definition at line 2761 of file nmf.h.

enum nmf_qos_slot_attr_id

Enumerator:

NMF_QOS_SLOT_ATTR_VPRI_SWPRI_MAP	Maps each internal VLAN priority to an internal switch priority. VPRI[0..7] --> SWPRI[0..15]
NMF_QOS_SLOT_ATTR_DSCP_SWPRI_MAP	DSCP priority to switch priority map. DSCP[0..63] --> SWPRI[0..15]
NMF_QOS_SLOT_ATTR_SWPRI_TC_MAP	Switch priority to traffic class map. SWPRI[0..15] --> TC[0..7]
NMF_QOS_SLOT_ATTR_TC_SCHEDPRI_MAP	Traffic class to scheduler priority map. TC[0..7] --> SCHEDPRI[0..7]
NMF_QOS_SLOT_ATTR_CN_MODE	The congestion notification operating mode.
NMF_QOS_SLOT_ATTR_CN_FRAME_ETYPE	The Ethertype value that will be used for congestion notification frames.
NMF_QOS_SLOT_ATTR_CN_FRAME_VPRI	The VLAN priority used in congestion notification frames.
NMF_QOS_SLOT_ATTR_CN_FRAME_VLAN	The VLAN ID used in congestion notification frames
NMF_QOS_SLOT_ATTR_CN_FRAME_SRC_PORT	The source port used in congestion notification frames.
NMF_QOS_SLOT_ATTR_CN_FRAME_SMAC	The source MAC address used in congestion notification frames.
NMF_QOS_SLOT_ATTR_CN_FRAME_DMAC	The destination MAC address used in congestion notification frames.
NMF_QOS_SLOT_ATTR_CN_SAMPLING_RATE	The congestion notification sampling period. For VCN mode, the value is in units of microseconds. For FCN mode, the value is in units of bytes.

Definition at line 2856 of file nmf.h.

enum nmf_qos_tc_pri_mode

Quality of Service configuration.

Specifies the the QOS traffic class priority mode used for scheduling.

Enumerator:

NMF_QOS_TC_PRI_MODE_STRICT	Packets are drained unless the throughput limit is achieved,
NMF_QOS_TC_PRI_MODE_BALANCED	Packets are drained according to weight.

Definition at line 2740 of file nmf.h.

Function Documentation

nmf_status_t nmf_acl_add	(	nmf_client_t	client_id,
		int	slot_id,
		nmf_id_t *	acl_id,
		char *	name,
		nm_u32_t	scope,
		int	precedence
	)

Allocate an Access Control List.

Allocates an empty access control list. An ACL is identified by a unique name and nmf_id_t. The nmf_id_t is used in subsequent requests to modify or query the ACL.

An ACL must be enabled in order to be active. A newly created rule as returned by this function is inactive. See the nmf_acl_enable() and nmf_acl_disable() functions.

If the specified ACL name already exists, the function returns -NMF_EINUSE and returns the associated nmf_id_t. This function can therefore be used to lookup an ACL by name.

Parameters:

	clid	The client handle.
	slot	The slot number
	acl_id	Pointer to an nmf_id_t to receive the ACL Id.
	name	A name to associate with the ACL.
	prec	A rule precedence to prioritize this rule relative to other rules on the same switch.

Returns:: NMF_OK An ACL with the specified name was created. The ACL has no rules and is inactive.
-NMF_EEXIST An ACL with the specified name already exists. The associated nmf_id_t is returned in the acl_id parameter.

nmf_status_t nmf_acl_attr_get	(	nmf_client_t	clid,
		int	slot,
		int	acl_id,
		enum nmf_acl_attr_id	id,
		union nmf_acl_attr_value *	attr
	)

Get an ACL attribute.

Parameters:

	clid	The client handle.
	slot	The slot number
	acl_id	The ACL number.
	attr_id	The attribute identifier
	attr	Pointer to the attribute value

Returns:: NMF_OK Success
-NMF_ENOENT Slot or ACL id not found.

nmf_status_t nmf_acl_attr_set	(	nmf_client_t	clid,
		int	slot,
		nmf_id_t	acl_id,
		enum nmf_acl_attr_id	id,
		union nmf_acl_attr_value *	attr
	)

Set an ACL attribute.

Parameters:

	clid	The client handle.
	slot	The slot number
	acl_lag	The ACL number.
	attr_id	The attribute identifier
	attr	Pointer to the attribute value

Returns:: NMF_OK Success
-NMF_ENOENT Slot or ACL id was not found.

nmf_status_t nmf_acl_commit	(	nmf_client_t	client_id,
		int	slot_id
	)

Commit ACL changes.

Commit all ACL changes since the last commit to the slot.

Parameters:

	clid	The client handle.
	slot	The slot number

nmf_status_t nmf_acl_list_get	(	nmf_client_t	client_id,
		int	slot_id,
		nm_bv_t *	bv
	)

Query the set of Access Control Lists.

Queries the set of ACL defined on the slot and returns the set as a bit vector of nmf_id_t.

Parameters:

	clid	The client handle.
	slot	The slot number
	bv	Pointer to an nm_bv_t to contain the set of acl_id defined for the switch.

nmf_status_t nmf_acl_rem	(	nmf_client_t	client_id,
		int	slot_id,
		nmf_id_t	acl_id
	)

Remove a perviously defined ACL.

Remove an ACL and all associated rules from the switch

Parameters:

	clid	The client handle.
	slot	The slot number
	acl_id	The ACL Id.

nmf_status_t nmf_acl_rule_add	(	nmf_client_t	client_id,
		int	slot_id,
		nmf_id_t	acl_id,
		int	rule_no,
		struct nmf_acl_rule *	acl_rule
	)

Add a rule to an Access Control List.

Queries the set of ACL defined on the slot and returns the set as a bit vector of nmf_id_t.

Parameters:

	clid	The client handle.
	slot	The slot number
	acl_id	The ACL Id.
	rule_no	The rule number is monotonically increasing, zero-based index that uniquely identifies a rule and it's priority with respect to other rules. Rule 0 has the highest priority.
	acl_rule	Pointer to an acl_rule structure defining the ACL.

Returns:: NMF_OK The rule was successfully added.
-NMF_ERANGE The switch cannot handle any more rules.

struct nmf_acl_rule* nmf_acl_rule_alloc	(	int	cond_count,
		int	action_count
	)			`[read]`

Allocate the memory for an ACL rule.

Parameters:

acl_rule

Pointer to an acl_rule to free

struct nmf_acl_rule* nmf_acl_rule_dup ( struct nmf_acl_rule * dst ) [read]

Copy an ACL.

Parameters:

	dst	Pointer to destination
	src	Pointer to source

void nmf_acl_rule_free ( struct nmf_acl_rule * acl_rule )

Free the memory for an ACL rule.

Parameters:

acl_rule

Pointer to an acl_rule to free

nmf_status_t nmf_acl_rule_get	(	nmf_client_t	client_id,
		int	slot_id,
		nmf_id_t	acl_id,
		int	rule,
		struct nmf_acl_rule **	acl_rule
	)

Query a rule from an Access Control List.

Queries the an ACL for the specified rule number. Memory is allocated for the ACL. The caller must free this memory by calling nmf_acl_rule_put.

Parameters:

	clid	The client handle.
	slot	The slot number
	acl_id	The ACL Id.
	rule_no	The rule number.
	acl_rule	Pointer to an acl_rule structure defining the ACL.

Returns:: NMF_OK The rule was found and is returned in acl_rule.
-NMF_NOENT The rule was not found.

nmf_status_t nmf_acl_rule_rem	(	nmf_client_t	client_id,
		int	slot_id,
		nmf_id_t	acl_id,
		int	rule
	)

Add a rule to an Access Control List.

Queries the set of ACL defined on the slot and returns the set as a bit vector of nmf_id_t.

Parameters:

	clid	The client handle.
	slot	The slot number
	acl_id	The ACL Id.
	rule_no	The rule number is user-defined a zero-based index that uniquely identifies a rule and it's priority with respect to other rules. Rule 0 has the highest priority.

ACL Functions

Data Structures

Enumerations

Functions

Detailed Description

Enumeration Type Documentation

Function Documentation