[vpp-dev] How to add an ACE to an already created ACL?

Thu, 14 Jul 2022 06:07:59 -0700 

I would like to create a new ACE (Access Control Entry) in an already created 
ACL (Access Control List) with the acl_plugin.so mainly trying to use the 
acl_add_replace struct.

It appears I can only add a new ACL with 1 to many entries, I can also replace 
a whole ACL by its index, and lastly delete an ACL. However there does not seem 
to be a way to add an ACE to an existing ACL.

I looked at src/plugins/acl/acl.api lines 105-144

```

define acl_add_replace

{

u32 client_index;

u32 context;

u32 acl_index; /* ~0 to add, existing ACL# to replace */

string tag[64]; /* What gets in here gets out in the corresponding tag field 
when dumping the ACLs. */

u32 count;

vl_api_acl_rule_t r[count];

option vat_help = "<acl-idx> <permit|permit+reflect|deny|action N> [src 
IP/plen] [dst IP/plen] [sport X-Y] [dport X-Y] [proto P] [tcpflags FL MASK], 
... , ...";

};

```

Most of those values in the struct make sense (Especially since above it is a 
comment describing each parameter), except for `vl_api_acl_rule_t r[count]` I 
dont know what this does and there does not appear to be any comment on what 
its purpose is. Not sure its related. Maybe I should be using a different 
struct? So the problem is when I try to target a ACL with `acl_index`, there is 
no way I can find to tell acl_add_replace "Add an entry to the existing acl 
index, dont remove or replace ACE's", therefore the call will cause vpp to 
replace the whole ACL with whatever is in the new rule list.

Either way, how can I add a new ACE to an existing ACL without affecting other 
values in the ACL?
Also, while we are talking about ACE's, how can I replace a specific ACE in an 
ACL without affecting the other ACE's in the ACL (target a specific ACE entry 
to remove or replace)?

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#21658): https://lists.fd.io/g/vpp-dev/message/21658
Mute This Topic: https://lists.fd.io/mt/92378300/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/leave/1480452/21656/631435203/xyzzy 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to