[P4-dev] ACL to P4 Conversion

Mihai Budiu mbudiu at barefootnetworks.com
Wed Jun 10 17:56:18 EDT 2015


You can choose any action to execute when an entry in a table matches:
i.e., drop, or no_op.
For entries that do not match the default action is executed; there you can
again choose drop or no_op.
The table contents is populated dynamically, from the control plane.

Mihai

On Wed, Jun 10, 2015 at 1:54 PM, Scott Collins (scotcoll) <
scotcoll at cisco.com> wrote:

>  Hi all,
>
>  This is an ACL configuration that uses a not operation to specify
> exclusions. How could this be represented in P4?
>
>  Thanks,
> Scott
>
>
>  !
> class-map match-all ce_af2_customer
> match access-group 187
> match not access-group xxx
> !
> class-map match-all ce_af2_include
> match class-map ce_af2_customer
> match not access-group 198
> !
> !
> class-map match-any ce_af2_output
> match class-map ce_af2_include
> !
> access-list xxx permit tcp any any eq 8014
> access-list xxx permit tcp any eq 8014 any
> access-list xxx permit tcp any host 165.72.11.108
> access-list xxx permit tcp any host 7.252.68.73
> access-list xxx permit tcp host 7.252.68.73 any
> !
> !
> access-list 187 permit tcp any eq telnet any
> access-list 187 permit tcp any any eq telnet
> access-list 187 permit tcp any eq 2598 any
> access-list 187 permit tcp any any eq 2598
> access-list 187 permit tcp any any eq 8911
> access-list 187 permit udp any eq 8911 any
> access-list 187 permit udp any any eq 8911
> access-list 187 permit tcp any eq 3306 any
> access-list 187 permit tcp any any eq 3306
> access-list 187 permit tcp any eq 1186 any
> access-list 187 permit tcp any any eq 1186
> access-list 187 permit tcp any range 1525 1527 any
> access-list 187 permit tcp any any range 1525 1527
> access-list 187 permit tcp any eq 1529 any
> access-list 187 permit tcp any any eq 1529
> access-list 187 permit tcp any eq 5432 any
> access-list 187 permit tcp any any eq 5432
> access-list 187 permit tcp any eq 9100 any
> access-list 187 permit tcp any any eq 9100
> access-list 187 permit tcp any any eq 135
> access-list 187 permit tcp any eq 135 any
> access-list 187 permit tcp any any range 989 990
> access-list 187 permit tcp any range 989 990 any
> access-list 187 permit tcp any any eq 683
> access-list 187 permit tcp any eq 683 any
> access-list 187 permit tcp any any eq 2162
> access-list 187 permit tcp any eq 2162 any
> access-list 187 permit tcp any any range 137 139
> access-list 187 permit tcp any range 137 139 any
> access-list 187 permit tcp any any eq 575
> access-list 187 permit tcp any eq 575 any
> access-list 187 permit tcp any eq 5631 any
> access-list 187 permit tcp any any eq 5631
> access-list 187 permit tcp any eq login any
> access-list 187 permit tcp any any eq login
> access-list 187 permit tcp any range 6000 6063 any
> access-list 187 permit tcp any any range 6000 6063
> access-list 187 permit tcp any eq 8004 any
> access-list 187 permit tcp any any eq 8004
> access-list 187 permit tcp any eq 8888 any
> access-list 187 permit tcp 199.40.254.0 0.0.0.255 eq 80 any
> access-list 187 permit tcp any 199.40.254.0 0.0.0.255 eq 80
> access-list 187 permit tcp 23.252.16.0 0.0.0.255 eq 8080 any
> access-list 187 permit tcp any 23.252.16.0 0.0.0.255 eq 8080
> access-list 187 permit tcp 10.250.66.0 0.0.0.255 eq 8080 any
> access-list 187 permit tcp any 10.250.66.0 0.0.0.255 eq 8080
> access-list 187 permit tcp 10.250.66.0 0.0.0.255 eq 80 any
> access-list 187 permit tcp any 10.250.66.0 0.0.0.255 eq 80
> access-list 187 permit tcp 199.40.254.0 0.0.0.255 eq 3128 any
> access-list 187 permit tcp any 199.40.254.0 0.0.0.255 eq 3128
> access-list 187 permit tcp 23.252.16.0 0.0.0.255 eq 3128 any
> access-list 187 permit tcp any 23.252.16.0 0.0.0.255 eq 3128
> access-list 187 permit tcp 10.250.66.0 0.0.0.255 eq 3128 any
> access-list 187 permit tcp any 10.250.66.0 0.0.0.255 eq 3128
> access-list 187 permit tcp 23.253.31.0 0.0.0.255 eq 8080 any
> access-list 187 permit tcp any 23.253.31.0 0.0.0.255 eq 8080
> access-list 187 permit tcp 23.253.31.0 0.0.0.255 eq 80 any
> access-list 187 permit tcp any 23.253.31.0 0.0.0.255 eq 80
> access-list 187 permit tcp 199.40.22.0 0.0.0.255 eq 8080 any
> access-list 187 permit tcp any 199.40.22.0 0.0.0.255 eq 8080
> access-list 187 permit tcp host 199.40.26.88 eq 8080 any
> access-list 187 permit tcp any host 199.40.26.88 eq 8080
> access-list 187 permit tcp host 199.40.26.88 eq 80 any
> access-list 187 permit tcp any host 199.40.26.88 eq 80
> access-list 187 permit tcp host 199.40.253.79 eq 8080 any
> access-list 187 permit tcp any host 199.40.253.79 eq 8080
> access-list 187 permit tcp host 199.40.253.79 eq 80 any
> access-list 187 permit tcp any host 199.40.253.79 eq 80
> access-list 187 permit tcp host 10.250.46.187 eq 3128 any
> access-list 187 permit tcp any host 10.250.46.187 eq 3128
> access-list 187 permit tcp host 10.250.46.187 eq 8080 any
> access-list 187 permit tcp any host 10.250.46.187 eq 8080
> access-list 187 permit tcp host 10.250.46.187 eq 80 any
> access-list 187 permit tcp any host 10.250.46.187 eq 80
> access-list 187 permit tcp 199.40.22.0 0.0.0.255 eq 3128 any
> access-list 187 permit tcp any 199.40.22.0 0.0.0.255 eq 3128
> access-list 187 permit tcp 199.40.22.0 0.0.0.255 eq 80 any
> access-list 187 permit tcp any 199.40.22.0 0.0.0.255 eq 80
> access-list 187 permit tcp 23.253.31.0 0.0.0.255 eq 3128 any
> access-list 187 permit tcp any 23.253.31.0 0.0.0.255 eq 3128
> access-list 187 permit tcp 23.252.18.0 0.0.0.255 eq 3128 any
> access-list 187 permit tcp any 23.252.18.0 0.0.0.255 eq 3128
> access-list 187 permit tcp 23.252.18.0 0.0.0.255 eq 8080 any
> access-list 187 permit tcp any 23.252.18.0 0.0.0.255 eq 8080
> access-list 187 permit tcp 23.252.18.0 0.0.0.255 eq 80 any
> access-list 187 permit tcp any 23.252.18.0 0.0.0.255 eq 80
> access-list 187 permit tcp 165.72.25.0 0.0.0.255 eq 8080 any
> access-list 187 permit tcp any 165.72.25.0 0.0.0.255 eq 8080
> access-list 187 permit tcp 199.40.175.0 0.0.0.255 eq 8080 any
> access-list 187 permit tcp any 199.40.175.0 0.0.0.255 eq 8080
> access-list 187 permit tcp 199.40.175.0 0.0.0.255 eq 80 any
> access-list 187 permit tcp any 199.40.175.0 0.0.0.255 eq 80
> access-list 187 permit tcp 23.156.24.0 0.0.0.255 eq 8080 any
> access-list 187 permit tcp any 23.156.24.0 0.0.0.255 eq 8080
> access-list 187 permit tcp 23.156.24.0 0.0.0.255 eq 80 any
> access-list 187 permit tcp any 23.156.24.0 0.0.0.255 eq 80
> access-list 187 permit tcp 199.40.144.0 0.0.0.255 eq 80 any
> access-list 187 permit tcp any 199.40.144.0 0.0.0.255 eq 80
> access-list 187 permit tcp 165.72.192.0 0.0.0.255 eq 80 any
> access-list 187 permit tcp any 165.72.192.0 0.0.0.255 eq 80
> access-list 187 permit tcp 10.22.23.0 0.0.0.255 eq 8080 any
> access-list 187 permit tcp any 10.22.23.0 0.0.0.255 eq 8080
> access-list 187 permit tcp 10.22.23.0 0.0.0.255 eq 80 any
> access-list 187 permit tcp any 10.22.23.0 0.0.0.255 eq 80
> access-list 187 permit tcp 10.22.23.0 0.0.0.255 eq 3128 any
> access-list 187 permit tcp any 10.22.23.0 0.0.0.255 eq 3128
> access-list 187 permit tcp 23.252.100.0 0.0.0.127 eq 8080 any
> access-list 187 permit tcp any 23.252.100.0 0.0.0.127 eq 8080
> access-list 187 permit tcp 23.252.100.0 0.0.0.127 eq 80 any
> access-list 187 permit tcp any 23.252.100.0 0.0.0.127 eq 80
> access-list 187 permit tcp 23.252.100.0 0.0.0.127 eq 3128 any
> access-list 187 permit tcp any 23.252.100.0 0.0.0.127 eq 3128
> access-list 187 permit tcp 199.40.20.0 0.0.0.255 eq 80 any
> access-list 187 permit tcp any 199.40.20.0 0.0.0.255 eq 80
> access-list 187 permit tcp 165.72.12.0 0.0.0.255 eq 80 any
> access-list 187 permit tcp any 165.72.12.0 0.0.0.255 eq 80
> access-list 187 permit tcp 23.253.32.0 0.0.0.255 eq 80 any
> access-list 187 permit tcp any 23.253.32.0 0.0.0.255 eq 80
> access-list 187 permit tcp 199.40.23.0 0.0.0.255 eq 80 any
> access-list 187 permit tcp any 199.40.23.0 0.0.0.255 eq 80
> access-list 187 permit tcp 199.40.30.0 0.0.0.255 eq 80 any
> access-list 187 permit tcp any 199.40.30.0 0.0.0.255 eq 80
> access-list 187 permit tcp 23.252.17.0 0.0.0.255 eq 80 any
> access-list 187 permit tcp any 23.252.17.0 0.0.0.255 eq 80
> access-list 187 permit tcp 10.250.62.0 0.0.0.255 eq 80 any
> access-list 187 permit tcp any 10.250.62.0 0.0.0.255 eq 80
> access-list 187 permit tcp 194.102.25.0 0.0.0.255 eq 80 any
> access-list 187 permit tcp any 194.102.25.0 0.0.0.255 eq 80
> !
> !
>
>
> _______________________________________________
> P4-dev mailing list
> P4-dev at mail.p4.org
> Listinfo - http://mail.p4.org/mailman/listinfo/p4-dev_p4.org
> Archives - http://mail.p4.org/pipermail/p4-dev_p4.org/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.p4.org/pipermail/p4-dev_lists.p4.org/attachments/20150610/298e4ba1/attachment-0001.html>


More information about the P4-dev mailing list