NAME

Net::ACL - Class representing a generic access-list/route-map

SYNOPSIS

    use Net::ACL;
    use Net::ACL::Rule qw( :action :rc );

    # Constructor
    $list = new Net::ACL(
	Name    => 'MyACL',
	Type	=> 'prefix-list',
	Rule	=> new Net::ACL::Rule( .. )
	);

    # Fetch existing object by name
    $list = renew Net::ACL(
	Name	=> 'MyACL'
	Type	=> 'prefix-list'
	);
    $list = renew Net::ACL("$list");

    # Object Copy
    $clone = $list->clone();

    # Class methods
    $type_names_hr = Net::ACL->knownlists();

    # Accessor Methods
    $list->add_rule($rule);
    $list->remove_rule($rule);
    $name = $list->name($name);
    $type = $list->type($type);
    $rc = $list->match(@data);
    ($rc,@data) = $list->query(@data);

DESCRIPTION

This module represents a generic access-list and route-map. It uses the Net::ACL::Rule object to represent the rules.

CONSTRUCTOR

new() - create a new Net::ACL object
    $list = new Net::ACL(
        Name    => 'MyACL',
	Type	=> 'prefix-list',
        Rule    => new Net::ACL::Rule( .. )
        );

This is the constructor for Net::ACL objects. It returns a reference to the newly created object. The following named parameters may be passed to the constructor.

Name

The name parameter is optional and is only used to identify a list by the renew() constructor.

Type

The type parameter is optional and defaults to the class name. It is used have different namespaces for the Name parameter. It is intended to have values like 'ip-accesslist', 'prefix-list', 'as-path-filter' and 'route-map'. This way the same name or number of an access-list could be reused in each class.

Rule

The rule parameter could be present one or more times. Each one can have multiple types:

Net::ACL::Rule

A Net::ACL::Rule object.

ARRAY

An array reference of Net::ACL::Rule objects.

HASH

A hash reference with Net::ACL:Rule objects as values. Keys are currently ignored, but might later be used as sequance numbers or labels.

renew() - fetch an existing Net::ACL object
    $list = renew Net::ACL(
	Name	=> 'MyACL'
	Type	=> 'prefix-list'
	);
    $list = renew Net::ACL("$list");

The renew constructor localizes an existing ACL object from either Name, (Name,Type)-pair or the object in string context (e.g. Net::ACL=HASH(0x823ff84)). The Name and Type arguments have similar meaning as for the new() constructor.

OBJECT COPY

clone() - clone a Net::ACL object
$clone = $list->clone();

This method creates an exact copy of the Net::ACL object and all the rules. The clone will not have a name unless one is assigned explicitly later.

ACCESSOR METHODS

name()
type()

The name() and type() methods return the access-list name and type fields respectively. If called with an argument they change the value to that of the argument.

match()

The match method implements the basics of a standard router access-list matching.

It gets any arbitrary number of arguments. The arguments are passed to the match() method of each of the Net::ACL::Rule rules except any object which have the action() field set to ACL_CONTINUE. When a match() method returns ACL_MATCH, the action() of that entry is returned.

query()

The query method implements the basics of a route-map execution.

It calls the Net::ACL::Rule rules query() method one by one as long as they return ACL_CONTINUE.

The function returns the result code (ACL_PERMIT or ACL_DENY) and the, possibly modified, arguments of the function.

add_rule()
remove_rule()

The add() and remove() rule methods can add and remove rules after object construction.

SEE ALSO

Net::ACL::Rule, Net::ACL::File, Net::ACL::Bootstrap

AUTHOR

Martin Lorensen <bgp@martin.lorensen.dk>