- def add_replace_acl(node, acl_idx=None, ip_ver="ipv4", action="permit",
- src=None, dst=None, sport=None, dport=None, proto=None,
- tcpflg_val=None, tcpflg_mask=None):
- """Add a new ACL or replace the existing one. To replace an existing
- ACL, pass the ID of this ACL.
-
- :param node: VPP node to set ACL on.
- :param acl_idx: ID of ACL. (Optional)
- :param ip_ver: IP version. (Optional)
- :param action: ACL action. (Optional)
- :param src: Source IP in format IP/plen. (Optional)
- :param dst: Destination IP in format IP/plen. (Optional)
- :param sport: Source port or ICMP4/6 type - range format X-Y allowed.
- (Optional)
- :param dport: Destination port or ICMP4/6 code - range format X-Y
- allowed. (Optional)
- :param proto: L4 protocol (http://www.iana.org/assignments/protocol-
- numbers/protocol-numbers.xhtml). (Optional)
- :param tcpflg_val: TCP flags value. (Optional)
- :param tcpflg_mask: TCP flags mask. (Optional)
- :type node: dict
- :type acl_idx: int
- :type ip_ver: str
- :type action: str
- :type src: str
- :type dst: str
- :type sport: str or int
- :type dport: str or int
- :type proto: int
- :type tcpflg_val: int
- :type tcpflg_mask: int
- :raises RuntimeError: If unable to add or replace ACL.
- """
- acl_idx = '{0}'.format(acl_idx) if acl_idx else ''
-
- src = 'src {0}'.format(src) if src else ''
-
- dst = 'dst {0}'.format(dst) if dst else ''
-
- sport = 'sport {0}'.format(sport) if sport else ''
-
- dport = 'dport {0}'.format(dport) if dport else ''
-
- proto = 'proto {0}'.format(proto) if proto else ''
-
- tcpflags = 'tcpflags {0} {1}'.format(tcpflg_val, tcpflg_mask) \
- if tcpflg_val and tcpflg_mask else ''
-
- try:
- with VatTerminal(node, json_param=False) as vat:
- vat.vat_terminal_exec_cmd_from_template(
- "acl_plugin/acl_add_replace.vat", acl_idx=acl_idx,
- ip_ver=ip_ver, action=action, src=src, dst=dst, sport=sport,
- dport=dport, proto=proto, tcpflags=tcpflags)
- except RuntimeError:
- raise RuntimeError("Adding or replacing of ACL failed on "
- "node {0}".format(node['host']))
-
- @staticmethod
- def add_replace_acl_multi_entries(node, acl_idx=None, rules=None):