[P4-dev] ACL to P4 Conversion

Scott Collins (scotcoll) scotcoll at cisco.com
Wed Jun 10 16:54:36 EDT 2015


Hi all,

This is an ACL configuration that uses a not operation to specify exclusions. How could this be represented in P4?

Thanks,
Scott


!
class-map match-all ce_af2_customer
match access-group 187
match not access-group xxx
!
class-map match-all ce_af2_include
match class-map ce_af2_customer
match not access-group 198
!
!
class-map match-any ce_af2_output
match class-map ce_af2_include
!
access-list xxx permit tcp any any eq 8014
access-list xxx permit tcp any eq 8014 any
access-list xxx permit tcp any host 165.72.11.108
access-list xxx permit tcp any host 7.252.68.73
access-list xxx permit tcp host 7.252.68.73 any
!
!
access-list 187 permit tcp any eq telnet any
access-list 187 permit tcp any any eq telnet
access-list 187 permit tcp any eq 2598 any
access-list 187 permit tcp any any eq 2598
access-list 187 permit tcp any any eq 8911
access-list 187 permit udp any eq 8911 any
access-list 187 permit udp any any eq 8911
access-list 187 permit tcp any eq 3306 any
access-list 187 permit tcp any any eq 3306
access-list 187 permit tcp any eq 1186 any
access-list 187 permit tcp any any eq 1186
access-list 187 permit tcp any range 1525 1527 any
access-list 187 permit tcp any any range 1525 1527
access-list 187 permit tcp any eq 1529 any
access-list 187 permit tcp any any eq 1529
access-list 187 permit tcp any eq 5432 any
access-list 187 permit tcp any any eq 5432
access-list 187 permit tcp any eq 9100 any
access-list 187 permit tcp any any eq 9100
access-list 187 permit tcp any any eq 135
access-list 187 permit tcp any eq 135 any
access-list 187 permit tcp any any range 989 990
access-list 187 permit tcp any range 989 990 any
access-list 187 permit tcp any any eq 683
access-list 187 permit tcp any eq 683 any
access-list 187 permit tcp any any eq 2162
access-list 187 permit tcp any eq 2162 any
access-list 187 permit tcp any any range 137 139
access-list 187 permit tcp any range 137 139 any
access-list 187 permit tcp any any eq 575
access-list 187 permit tcp any eq 575 any
access-list 187 permit tcp any eq 5631 any
access-list 187 permit tcp any any eq 5631
access-list 187 permit tcp any eq login any
access-list 187 permit tcp any any eq login
access-list 187 permit tcp any range 6000 6063 any
access-list 187 permit tcp any any range 6000 6063
access-list 187 permit tcp any eq 8004 any
access-list 187 permit tcp any any eq 8004
access-list 187 permit tcp any eq 8888 any
access-list 187 permit tcp 199.40.254.0 0.0.0.255 eq 80 any
access-list 187 permit tcp any 199.40.254.0 0.0.0.255 eq 80
access-list 187 permit tcp 23.252.16.0 0.0.0.255 eq 8080 any
access-list 187 permit tcp any 23.252.16.0 0.0.0.255 eq 8080
access-list 187 permit tcp 10.250.66.0 0.0.0.255 eq 8080 any
access-list 187 permit tcp any 10.250.66.0 0.0.0.255 eq 8080
access-list 187 permit tcp 10.250.66.0 0.0.0.255 eq 80 any
access-list 187 permit tcp any 10.250.66.0 0.0.0.255 eq 80
access-list 187 permit tcp 199.40.254.0 0.0.0.255 eq 3128 any
access-list 187 permit tcp any 199.40.254.0 0.0.0.255 eq 3128
access-list 187 permit tcp 23.252.16.0 0.0.0.255 eq 3128 any
access-list 187 permit tcp any 23.252.16.0 0.0.0.255 eq 3128
access-list 187 permit tcp 10.250.66.0 0.0.0.255 eq 3128 any
access-list 187 permit tcp any 10.250.66.0 0.0.0.255 eq 3128
access-list 187 permit tcp 23.253.31.0 0.0.0.255 eq 8080 any
access-list 187 permit tcp any 23.253.31.0 0.0.0.255 eq 8080
access-list 187 permit tcp 23.253.31.0 0.0.0.255 eq 80 any
access-list 187 permit tcp any 23.253.31.0 0.0.0.255 eq 80
access-list 187 permit tcp 199.40.22.0 0.0.0.255 eq 8080 any
access-list 187 permit tcp any 199.40.22.0 0.0.0.255 eq 8080
access-list 187 permit tcp host 199.40.26.88 eq 8080 any
access-list 187 permit tcp any host 199.40.26.88 eq 8080
access-list 187 permit tcp host 199.40.26.88 eq 80 any
access-list 187 permit tcp any host 199.40.26.88 eq 80
access-list 187 permit tcp host 199.40.253.79 eq 8080 any
access-list 187 permit tcp any host 199.40.253.79 eq 8080
access-list 187 permit tcp host 199.40.253.79 eq 80 any
access-list 187 permit tcp any host 199.40.253.79 eq 80
access-list 187 permit tcp host 10.250.46.187 eq 3128 any
access-list 187 permit tcp any host 10.250.46.187 eq 3128
access-list 187 permit tcp host 10.250.46.187 eq 8080 any
access-list 187 permit tcp any host 10.250.46.187 eq 8080
access-list 187 permit tcp host 10.250.46.187 eq 80 any
access-list 187 permit tcp any host 10.250.46.187 eq 80
access-list 187 permit tcp 199.40.22.0 0.0.0.255 eq 3128 any
access-list 187 permit tcp any 199.40.22.0 0.0.0.255 eq 3128
access-list 187 permit tcp 199.40.22.0 0.0.0.255 eq 80 any
access-list 187 permit tcp any 199.40.22.0 0.0.0.255 eq 80
access-list 187 permit tcp 23.253.31.0 0.0.0.255 eq 3128 any
access-list 187 permit tcp any 23.253.31.0 0.0.0.255 eq 3128
access-list 187 permit tcp 23.252.18.0 0.0.0.255 eq 3128 any
access-list 187 permit tcp any 23.252.18.0 0.0.0.255 eq 3128
access-list 187 permit tcp 23.252.18.0 0.0.0.255 eq 8080 any
access-list 187 permit tcp any 23.252.18.0 0.0.0.255 eq 8080
access-list 187 permit tcp 23.252.18.0 0.0.0.255 eq 80 any
access-list 187 permit tcp any 23.252.18.0 0.0.0.255 eq 80
access-list 187 permit tcp 165.72.25.0 0.0.0.255 eq 8080 any
access-list 187 permit tcp any 165.72.25.0 0.0.0.255 eq 8080
access-list 187 permit tcp 199.40.175.0 0.0.0.255 eq 8080 any
access-list 187 permit tcp any 199.40.175.0 0.0.0.255 eq 8080
access-list 187 permit tcp 199.40.175.0 0.0.0.255 eq 80 any
access-list 187 permit tcp any 199.40.175.0 0.0.0.255 eq 80
access-list 187 permit tcp 23.156.24.0 0.0.0.255 eq 8080 any
access-list 187 permit tcp any 23.156.24.0 0.0.0.255 eq 8080
access-list 187 permit tcp 23.156.24.0 0.0.0.255 eq 80 any
access-list 187 permit tcp any 23.156.24.0 0.0.0.255 eq 80
access-list 187 permit tcp 199.40.144.0 0.0.0.255 eq 80 any
access-list 187 permit tcp any 199.40.144.0 0.0.0.255 eq 80
access-list 187 permit tcp 165.72.192.0 0.0.0.255 eq 80 any
access-list 187 permit tcp any 165.72.192.0 0.0.0.255 eq 80
access-list 187 permit tcp 10.22.23.0 0.0.0.255 eq 8080 any
access-list 187 permit tcp any 10.22.23.0 0.0.0.255 eq 8080
access-list 187 permit tcp 10.22.23.0 0.0.0.255 eq 80 any
access-list 187 permit tcp any 10.22.23.0 0.0.0.255 eq 80
access-list 187 permit tcp 10.22.23.0 0.0.0.255 eq 3128 any
access-list 187 permit tcp any 10.22.23.0 0.0.0.255 eq 3128
access-list 187 permit tcp 23.252.100.0 0.0.0.127 eq 8080 any
access-list 187 permit tcp any 23.252.100.0 0.0.0.127 eq 8080
access-list 187 permit tcp 23.252.100.0 0.0.0.127 eq 80 any
access-list 187 permit tcp any 23.252.100.0 0.0.0.127 eq 80
access-list 187 permit tcp 23.252.100.0 0.0.0.127 eq 3128 any
access-list 187 permit tcp any 23.252.100.0 0.0.0.127 eq 3128
access-list 187 permit tcp 199.40.20.0 0.0.0.255 eq 80 any
access-list 187 permit tcp any 199.40.20.0 0.0.0.255 eq 80
access-list 187 permit tcp 165.72.12.0 0.0.0.255 eq 80 any
access-list 187 permit tcp any 165.72.12.0 0.0.0.255 eq 80
access-list 187 permit tcp 23.253.32.0 0.0.0.255 eq 80 any
access-list 187 permit tcp any 23.253.32.0 0.0.0.255 eq 80
access-list 187 permit tcp 199.40.23.0 0.0.0.255 eq 80 any
access-list 187 permit tcp any 199.40.23.0 0.0.0.255 eq 80
access-list 187 permit tcp 199.40.30.0 0.0.0.255 eq 80 any
access-list 187 permit tcp any 199.40.30.0 0.0.0.255 eq 80
access-list 187 permit tcp 23.252.17.0 0.0.0.255 eq 80 any
access-list 187 permit tcp any 23.252.17.0 0.0.0.255 eq 80
access-list 187 permit tcp 10.250.62.0 0.0.0.255 eq 80 any
access-list 187 permit tcp any 10.250.62.0 0.0.0.255 eq 80
access-list 187 permit tcp 194.102.25.0 0.0.0.255 eq 80 any
access-list 187 permit tcp any 194.102.25.0 0.0.0.255 eq 80
!
!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.p4.org/pipermail/p4-dev_lists.p4.org/attachments/20150610/d2bec4d7/attachment-0001.html>


More information about the P4-dev mailing list