Open Ethernet Networking (OpEN) API Guide and Reference Manual  3.6.0.3
Data Structures | Macros | Enumerations | Functions
Security Access Lists Configuration [OPENAPI_ACL]

Data Structures

struct  OPEN_ACL_ASSIGNED_INTF_LIST_t
 ACL interface list. More...
 
struct  OPEN_ACL_ASSIGNED_VLAN_LIST_t
 ACL VLAN list. More...
 
struct  OPEN_ACL_INTF_DIR_LIST_t
 Interface ACL list. More...
 
struct  OPEN_ACL_INTF_LIST_INFO_t
 Interface ACL entry information. More...
 
struct  OPEN_ACL_VLAN_DIR_LIST_t
 VLAN ACL list. More...
 
struct  OPEN_ACL_VLAN_LIST_INFO_t
 VLAN ACL entry information. More...
 

Macros

#define OPENAPI_ACL_IP_DSCP_AF11   10
 Match packets with AF11 DSCP.
 
#define OPENAPI_ACL_IP_DSCP_AF12   12
 Match packets with AF12 DSCP.
 
#define OPENAPI_ACL_IP_DSCP_AF13   14
 Match packets with AF13 DSCP.
 
#define OPENAPI_ACL_IP_DSCP_AF21   18
 Match packets with AF21 DSCP.
 
#define OPENAPI_ACL_IP_DSCP_AF22   20
 Match packets with AF22 DSCP.
 
#define OPENAPI_ACL_IP_DSCP_AF23   22
 Match packets with AF23 DSCP.
 
#define OPENAPI_ACL_IP_DSCP_AF31   26
 Match packets with AF31 DSCP.
 
#define OPENAPI_ACL_IP_DSCP_AF32   28
 Match packets with AF32 DSCP.
 
#define OPENAPI_ACL_IP_DSCP_AF33   30
 Match packets with AF33 DSCP.
 
#define OPENAPI_ACL_IP_DSCP_AF41   34
 Match packets with AF41 DSCP.
 
#define OPENAPI_ACL_IP_DSCP_AF42   36
 Match packets with AF42 DSCP.
 
#define OPENAPI_ACL_IP_DSCP_AF43   38
 Match packets with AF43 DSCP.
 
#define OPENAPI_ACL_IP_DSCP_BE   0
 Match packets with BE DSCP.
 
#define OPENAPI_ACL_IP_DSCP_CS0   0
 Match packets with CS0 DSCP.
 
#define OPENAPI_ACL_IP_DSCP_CS1   8
 Match packets with CS1 DSCP.
 
#define OPENAPI_ACL_IP_DSCP_CS2   16
 Match packets with CS2 DSCP.
 
#define OPENAPI_ACL_IP_DSCP_CS3   24
 Match packets with CS3 DSCP.
 
#define OPENAPI_ACL_IP_DSCP_CS4   32
 Match packets with CS4 DSCP.
 
#define OPENAPI_ACL_IP_DSCP_CS5   40
 Match packets with CS5 DSCP.
 
#define OPENAPI_ACL_IP_DSCP_CS6   48
 Match packets with CS6 DSCP.
 
#define OPENAPI_ACL_IP_DSCP_CS7   56
 Match packets with CS7 DSCP.
 
#define OPENAPI_ACL_IP_DSCP_EF   46
 Match packets with EF DSCP.
 
#define OPENAPI_ACL_L4PORT_BGP   179
 Border Gateway Protocol.
 
#define OPENAPI_ACL_L4PORT_DOMAIN   53
 Domain Name System.
 
#define OPENAPI_ACL_L4PORT_ECHO   7
 Echo Protocol.
 
#define OPENAPI_ACL_L4PORT_FTP   21
 File Transfer Control.
 
#define OPENAPI_ACL_L4PORT_FTPDATA   20
 File Transfer Data.
 
#define OPENAPI_ACL_L4PORT_HTTP   80
 Hypertext Transfer Protocol.
 
#define OPENAPI_ACL_L4PORT_NTP   123
 Network Time Protocol.
 
#define OPENAPI_ACL_L4PORT_POP2   109
 Post Office Protocol v2.
 
#define OPENAPI_ACL_L4PORT_POP3   110
 Post Office Protocol v3.
 
#define OPENAPI_ACL_L4PORT_RIP   520
 Routing Information Protocol.
 
#define OPENAPI_ACL_L4PORT_SMTP   25
 Simple Mail Transfer Protocol.
 
#define OPENAPI_ACL_L4PORT_SNMP   161
 Simple Network Management Protocol.
 
#define OPENAPI_ACL_L4PORT_TELNET   23
 Telnet Protocol.
 
#define OPENAPI_ACL_L4PORT_TFTP   69
 Trivial File Transfer Protocol.
 
#define OPENAPI_ACL_L4PORT_TIME   37
 TIME Protocol.
 
#define OPENAPI_ACL_L4PORT_WHO   513
 Who Protocol.
 
#define OPENAPI_ACL_PROTOCOL_EIGRP   88
 Enhanced Interior Gateway keyword value.
 
#define OPENAPI_ACL_PROTOCOL_GRE   47
 Generic Routing Encapsulation keyword value.
 
#define OPENAPI_ACL_PROTOCOL_ICMP   1
 Internet Control Message keyword value.
 
#define OPENAPI_ACL_PROTOCOL_ICMPV6   58
 IPv6 Internet Control Message keyword value.
 
#define OPENAPI_ACL_PROTOCOL_IGMP   2
 Internet Group Management keyword value.
 
#define OPENAPI_ACL_PROTOCOL_IP   255
 Use reserved value.
 
#define OPENAPI_ACL_PROTOCOL_IPINIP   94
 IP Tunneling keyword value.
 
#define OPENAPI_ACL_PROTOCOL_OSPF   89
 Open Shortest Path First keyword value.
 
#define OPENAPI_ACL_PROTOCOL_PIM   103
 Protocol Independent Multicast keyword value.
 
#define OPENAPI_ACL_PROTOCOL_TCP   6
 Transmission Control keyword value.
 
#define OPENAPI_ACL_PROTOCOL_UDP   17
 User Datagram keyword value.
 
#define OPENAPI_ACL_TCP_FLAG_ACK   4
 Acknowledge flag.
 
#define OPENAPI_ACL_TCP_FLAG_FIN   0
 Finish flag.
 
#define OPENAPI_ACL_TCP_FLAG_PSH   3
 Push flag.
 
#define OPENAPI_ACL_TCP_FLAG_RST   2
 Reset flag.
 
#define OPENAPI_ACL_TCP_FLAG_SYN   1
 Synchronize flag.
 
#define OPENAPI_ACL_TCP_FLAG_URG   5
 Urgent flag.
 
#define OPENAPI_ETYPE_ID_APPLETALK   0x809B
 Appletalk Protocol.
 
#define OPENAPI_ETYPE_ID_ARP   0x0806
 Address Resolution Protocol.
 
#define OPENAPI_ETYPE_ID_IBMSNA   0x80D5
 IBM SNA Service over Ethernet.
 
#define OPENAPI_ETYPE_ID_IPV4   0x0800
 Internet Protocol version 4.
 
#define OPENAPI_ETYPE_ID_IPV6   0x86DD
 Internet Protocol version 4.
 
#define OPENAPI_ETYPE_ID_IPX   0x8037
 Novell IPX.
 
#define OPENAPI_ETYPE_ID_MPLSMCAST   0x8848
 MPLS multicast.
 
#define OPENAPI_ETYPE_ID_MPLSUCAST   0x8847
 MPLS unicast.
 
#define OPENAPI_ETYPE_ID_NETBIOS   0x8191
 NetBIOS/NetBEUI.
 
#define OPENAPI_ETYPE_ID_NOVELL_ID1   0x8137
 Novell Netware 1st ID.
 
#define OPENAPI_ETYPE_ID_NOVELL_ID2   0x8138
 Novell Netware 2nd ID.
 
#define OPENAPI_ETYPE_ID_PPPOE_ID1   0x8863
 Novell Netware 1st ID.
 
#define OPENAPI_ETYPE_ID_PPPOE_ID2   0x8864
 Novell Netware 2nd ID.
 
#define OPENAPI_ETYPE_ID_RARP   0x8035
 Reverse Address Resolution Protocol.
 

Enumerations

enum  OPEN_ACL_ACTION_t { OPEN_ACL_PERMIT = 0, OPEN_ACL_DENY = 1 }
 Supported Action Types. More...
 
enum  OPEN_ACL_DIRECTION_t { OPEN_ACL_INBOUND_ACL = 0, OPEN_ACL_OUTBOUND_ACL = 1, OPEN_ACL_DIRECTION_TOTAL = 2 }
 Callers to ACL API functions use these values for interface direction. More...
 
enum  OPEN_ACL_L4_PORT_OPERATOR_t {
  OPEN_ACL_L4_PORT_OPERATOR_EQUAL_TO = 0, OPEN_ACL_L4_PORT_OPERATOR_NOT_EQUAL_TO = 1, OPEN_ACL_L4_PORT_OPERATOR_LESS_THAN = 2, OPEN_ACL_L4_PORT_OPERATOR_GREATER_THAN = 3,
  OPEN_ACL_L4_PORT_OPERATOR_RANGE = 4
}
 Layer 4 Port Operator Flags. More...
 
enum  OPEN_ACL_RULE_STATUS_t { OPEN_ACL_RULE_STATUS_NONE = 0, OPEN_ACL_RULE_STATUS_INACTIVE = 1, OPEN_ACL_RULE_STATUS_ACTIVE = 2 }
 Time Range Status. More...
 
enum  OPEN_ACL_TYPE_t { OPEN_ACL_TYPE_NONE = 0, OPEN_ACL_TYPE_IP = 1, OPEN_ACL_TYPE_MAC = 2, OPEN_ACL_TYPE_IPV6 = 3 }
 Supported Access List types. More...
 
enum  OPEN_ACL_VLAN_OPERATOR_t { OPEN_ACL_VLAN_OPERATOR_EQUAL_TO = 0, OPEN_ACL_VLAN_OPERATOR_RANGE = 1 }
 MAC VLAN Operator Flags. More...
 

Functions

open_error_t openapiAclAssignedIntfDirListGet (openapiClientHandle_t *client_handle, uint32_t aclId, OPEN_ACL_DIRECTION_t dir, OPEN_ACL_ASSIGNED_INTF_LIST_t *intfList)
 Get the list of interfaces currently assigned to the specified ACL and direction. More...
 
open_error_t openapiAclAssignedVlanDirListGet (openapiClientHandle_t *client_handle, uint32_t aclId, OPEN_ACL_DIRECTION_t dir, OPEN_ACL_ASSIGNED_VLAN_LIST_t *vlanList)
 Get the list of VLANs currently assigned to the specified ACL and direction. More...
 
open_error_t openapiAclCountersAdminModeSet (openapiClientHandle_t *client_handle, uint32_t adminMode)
 Configures ACL counters admin mode. More...
 
open_error_t openapiAclCountGet (openapiClientHandle_t *client_handle, uint32_t *aclCount)
 Get the current (total) number of configured ACLs. More...
 
open_error_t openapiAclCreate (openapiClientHandle_t *client_handle, OPEN_ACL_TYPE_t aclType, open_buffdesc *aclName, uint32_t *aclId)
 Create a new Access List. More...
 
open_error_t openapiAclDelete (openapiClientHandle_t *client_handle, uint32_t aclId)
 Delete an Access List. More...
 
open_error_t openapiAclDeleteByName (openapiClientHandle_t *client_handle, OPEN_ACL_TYPE_t aclType, open_buffdesc *aclName)
 Delete an Access List by its name. More...
 
open_error_t openapiAclGet (openapiClientHandle_t *client_handle, OPEN_ACL_TYPE_t aclType, open_buffdesc *aclName, uint32_t *aclId)
 Get the Access List identifier for the given ACL name. More...
 
open_error_t openapiAclGetFirst (openapiClientHandle_t *client_handle, OPEN_ACL_TYPE_t aclType, uint32_t *aclId)
 Get the first named access list identifier created in the system. More...
 
open_error_t openapiAclGetNext (openapiClientHandle_t *client_handle, OPEN_ACL_TYPE_t aclType, uint32_t aclId, uint32_t *nextAclId)
 Get the next named access list identifier created in the system. More...
 
open_error_t openapiAclGlobalDelete (openapiClientHandle_t *client_handle, uint32_t asic, uint32_t aclId)
 Remove ACL from all interfaces. More...
 
open_error_t openapiAclIntfDirAdd (openapiClientHandle_t *client_handle, uint32_t intf, OPEN_ACL_DIRECTION_t dir, uint32_t aclId, uint32_t seqNum)
 Add an access list to the specified interface and direction. More...
 
open_error_t openapiAclIntfDirDelete (openapiClientHandle_t *client_handle, uint32_t intf, OPEN_ACL_DIRECTION_t dir, uint32_t aclId)
 Remove an access list from the specified interface and direction. More...
 
open_error_t openapiAclIntfDirGetNext (openapiClientHandle_t *client_handle, uint32_t intf, OPEN_ACL_DIRECTION_t dir, uint32_t *nextIntf, OPEN_ACL_DIRECTION_t *nextDir)
 Get next sequential interface and direction that is valid for use with an ACL. More...
 
open_error_t openapiAclIntfDirListGet (openapiClientHandle_t *client_handle, uint32_t intf, OPEN_ACL_DIRECTION_t dir, OPEN_ACL_INTF_DIR_LIST_t *listInfo)
 Get the list of ACLs currently assigned to the specified interface and direction. More...
 
open_error_t openapiAclIsDaclGet (openapiClientHandle_t *client_handle, OPEN_ACL_TYPE_t aclType, uint32_t aclId, OPEN_BOOL_t *isDacl)
 Get whether ACL is downloadable or not. More...
 
open_error_t openapiAclIsIntfInUse (openapiClientHandle_t *client_handle, uint32_t intf, OPEN_ACL_DIRECTION_t dir, OPEN_CONTROL_t *inUse)
 Check if an interface and direction is in use by any access list. More...
 
open_error_t openapiAclIsVlanInUse (openapiClientHandle_t *client_handle, uint32_t vlan, OPEN_ACL_DIRECTION_t dir, OPEN_CONTROL_t *inUse)
 Check if a VLAN and direction is in use by any access list. More...
 
open_error_t openapiAclMacCountGet (openapiClientHandle_t *client_handle, uint32_t *aclCount)
 Get the current number of configured MAC ACLs. More...
 
open_error_t openapiAclMaxAclIntfCountGet (openapiClientHandle_t *client_handle, uint32_t *maxIntf)
 Get the maximum number of ACL Interfaces on this platform. More...
 
open_error_t openapiAclMaxAclVlanCountGet (openapiClientHandle_t *client_handle, uint32_t *maxVlan)
 Get the maximum number of ACL VLANs on this platform. More...
 
open_error_t openapiAclMaxAssignQueueGet (openapiClientHandle_t *client_handle, uint32_t *maxQueue)
 Get the maximum queue id value for a match criteria. More...
 
open_error_t openapiAclMaxCountGet (openapiClientHandle_t *client_handle, uint32_t *maxACL)
 Get the maximum number of ACLs that can be configured. More...
 
open_error_t openapiAclMaxIntfAclCountGet (openapiClientHandle_t *client_handle, uint32_t *maxACL)
 Get the maximum number of ACLs per interface on this platform. More...
 
open_error_t openapiAclMaxMirrorIntfCountGet (openapiClientHandle_t *client_handle, uint32_t *maxIntf)
 Get the maximum mirror interface count for a match criteria. More...
 
open_error_t openapiAclMaxRedirectIntfCountGet (openapiClientHandle_t *client_handle, uint32_t *maxIntf)
 Get the maximum redirect interface count for a match criteria. More...
 
open_error_t openapiAclMaxVlanAclCountGet (openapiClientHandle_t *client_handle, uint32_t *maxACL)
 Get the maximum number of ACLs per VLAN on this platform. More...
 
open_error_t openapiAclNameGet (openapiClientHandle_t *client_handle, uint32_t aclId, open_buffdesc *aclName)
 Get the Access List name for the given ACL. More...
 
open_error_t openapiAclRename (openapiClientHandle_t *client_handle, uint32_t aclId, open_buffdesc *aclName)
 Change the Access List name. More...
 
open_error_t openapiAclRouteFilter (openapiClientHandle_t *client_handle, uint32_t aclId, uint32_t routePrefix, uint32_t routeMask, OPEN_ACL_ACTION_t *aclAction)
 Apply an ACL as a route filter. More...
 
open_error_t openapiAclRuleActionAdd (openapiClientHandle_t *client_handle, uint32_t aclId, uint32_t *aclRule, OPEN_ACL_ACTION_t aclAction)
 Add a new rule and its associated action to the given ACL. More...
 
open_error_t openapiAclRuleActionGet (openapiClientHandle_t *client_handle, uint32_t aclId, uint32_t aclRule, OPEN_ACL_ACTION_t *aclAction)
 Get the action for a rule. More...
 
open_error_t openapiAclRuleCountersClear (openapiClientHandle_t *client_handle, uint32_t asic, uint32_t aclId, uint32_t ruleNum)
 Clear ACL rule counters. More...
 
open_error_t openapiAclRuleCountGet (openapiClientHandle_t *client_handle, uint32_t asic, uint32_t aclId, uint32_t ruleNum, uint32_t ruleAction, uint64_t *hitPktCount)
 Get ACL rule hit count. More...
 
open_error_t openapiAclRuleDelete (openapiClientHandle_t *client_handle, uint32_t asic, uint32_t aclId, uint32_t ruleId)
 Delete a specific rule from the given ACL. More...
 
open_error_t openapiAclRuleDeleteLast (openapiClientHandle_t *client_handle, uint32_t aclId)
 Delete the last rule for the given ACL. More...
 
open_error_t openapiAclRuleGetFirst (openapiClientHandle_t *client_handle, uint32_t aclId, uint32_t *aclRule)
 Get the rule for the given ACL. More...
 
open_error_t openapiAclRuleGetNext (openapiClientHandle_t *client_handle, uint32_t aclId, uint32_t aclRule, uint32_t *nextAclRule)
 Get the next rule for the given ACL. More...
 
open_error_t openapiAclRuleGlobalApply (openapiClientHandle_t *client_handle, uint32_t asic, uint32_t aclId, uint32_t seqNum)
 Apply ACL rule to all interfaces. More...
 
open_error_t openapiAclRuleMatchAssignQueueAdd (openapiClientHandle_t *client_handle, uint32_t aclId, uint32_t aclRule, uint32_t queueId)
 Set the assigned queue id for an access list rule. More...
 
open_error_t openapiAclRuleMatchAssignQueueGet (openapiClientHandle_t *client_handle, uint32_t aclId, uint32_t aclRule, uint32_t *queueId)
 Gets the assigned queue id for an access list rule. More...
 
open_error_t openapiAclRuleMatchDscpAdd (openapiClientHandle_t *client_handle, uint32_t aclId, uint32_t aclRule, uint32_t dscp)
 Set the DSCP value for an access list rule. More...
 
open_error_t openapiAclRuleMatchDscpGet (openapiClientHandle_t *client_handle, uint32_t aclId, uint32_t aclRule, uint32_t *dscp)
 Gets the DSCP value for an access list rule. More...
 
open_error_t openapiAclRuleMatchEveryAdd (openapiClientHandle_t *client_handle, uint32_t aclId, uint32_t aclRule, bool aclMatch)
 Set the match condition whereby all packets match for the ACL rule. More...
 
open_error_t openapiAclRuleMatchEveryGet (openapiClientHandle_t *client_handle, uint32_t aclId, uint32_t aclRule, bool *aclMatch)
 Gets the match-all (every) status for a rule. More...
 
open_error_t openapiAclRuleMatchFlowLabelAdd (openapiClientHandle_t *client_handle, uint32_t aclId, uint32_t aclRule, uint32_t label)
 Set the flow label for an access list rule. More...
 
open_error_t openapiAclRuleMatchFlowLabelGet (openapiClientHandle_t *client_handle, uint32_t aclId, uint32_t aclRule, uint32_t *label)
 Gets the flow label for an access list rule. More...
 
open_error_t openapiAclRuleMatchFragmentsAdd (openapiClientHandle_t *client_handle, uint32_t aclId, uint32_t aclRule, bool fragments)
 Set the match condition to match on non-initial fragmented packets. More...
 
open_error_t openapiAclRuleMatchFragmentsGet (openapiClientHandle_t *client_handle, uint32_t aclId, uint32_t aclRule, bool *fragments)
 Get the match condition for non-initial fragmented packets. More...
 
open_error_t openapiAclRuleMatchIcmpTypeCodeAdd (openapiClientHandle_t *client_handle, uint32_t aclId, uint32_t aclRule, bool addCode, uint32_t type, uint32_t code)
 Add a match condition for ICMP parameters to an existing access list rule. More...
 
open_error_t openapiAclRuleMatchIcmpTypeCodeGet (openapiClientHandle_t *client_handle, uint32_t aclId, uint32_t aclRule, bool getCode, uint32_t *type, uint32_t *code)
 Get the ICMP match condition parameters for an existing access list rule. More...
 
open_error_t openapiAclRuleMatchIgmpTypeAdd (openapiClientHandle_t *client_handle, uint32_t aclId, uint32_t aclRule, uint32_t type)
 Add a match condition for IGMP parameters to an existing access list rule. More...
 
open_error_t openapiAclRuleMatchIgmpTypeGet (openapiClientHandle_t *client_handle, uint32_t aclId, uint32_t aclRule, uint32_t *type)
 Get the IGMP match condition parameters for an existing access list rule. More...
 
open_error_t openapiAclRuleMatchIpDstMaskAdd (openapiClientHandle_t *client_handle, uint32_t aclId, uint32_t aclRule, open_inet_addr_t addr, open_inet_addr_t mask)
 Add the destination IPv4 address and net mask. More...
 
open_error_t openapiAclRuleMatchIpDstMaskGet (openapiClientHandle_t *client_handle, uint32_t aclId, uint32_t aclRule, open_inet_addr_t *addr, open_inet_addr_t *mask)
 Gets the destination IPv4 address and net mask. More...
 
open_error_t openapiAclRuleMatchIpSrcMaskAdd (openapiClientHandle_t *client_handle, uint32_t aclId, uint32_t aclRule, open_inet_addr_t addr, open_inet_addr_t mask)
 Add the source IPv4 address and net mask. More...
 
open_error_t openapiAclRuleMatchIpSrcMaskGet (openapiClientHandle_t *client_handle, uint32_t aclId, uint32_t aclRule, open_inet_addr_t *addr, open_inet_addr_t *mask)
 Gets the source IPv4 address and net mask. More...
 
open_error_t openapiAclRuleMatchIpv6DstPfxAdd (openapiClientHandle_t *client_handle, uint32_t aclId, uint32_t aclRule, open_inet_addr_t addr, uint32_t pfxLen)
 Add the destination IPV6 address and prefix length. More...
 
open_error_t openapiAclRuleMatchIpv6DstPfxGet (openapiClientHandle_t *client_handle, uint32_t aclId, uint32_t aclRule, open_inet_addr_t *addr, uint32_t *pfxLen)
 Gets the destination IPV6 address and prefix length. More...
 
open_error_t openapiAclRuleMatchIpv6SrcPfxAdd (openapiClientHandle_t *client_handle, uint32_t aclId, uint32_t aclRule, open_inet_addr_t addr, uint32_t pfxLen)
 Add the source IPV6 address and prefix length. More...
 
open_error_t openapiAclRuleMatchIpv6SrcPfxGet (openapiClientHandle_t *client_handle, uint32_t aclId, uint32_t aclRule, open_inet_addr_t *addr, uint32_t *pfxLen)
 Gets the source IPV6 address and prefix length. More...
 
open_error_t openapiAclRuleMatchL4DstPortAdd (openapiClientHandle_t *client_handle, uint32_t aclId, uint32_t aclRule, OPEN_ACL_L4_PORT_OPERATOR_t oper, uint32_t startPort, uint32_t endPort)
 Add a Layer 4 destination port match condition. More...
 
open_error_t openapiAclRuleMatchL4DstPortGet (openapiClientHandle_t *client_handle, uint32_t aclId, uint32_t aclRule, OPEN_ACL_L4_PORT_OPERATOR_t *oper, uint32_t *startPort, uint32_t *endPort)
 Get a Layer 4 destination port match condition. More...
 
open_error_t openapiAclRuleMatchL4SrcPortAdd (openapiClientHandle_t *client_handle, uint32_t aclId, uint32_t aclRule, OPEN_ACL_L4_PORT_OPERATOR_t oper, uint32_t startPort, uint32_t endPort)
 Add a Layer 4 source port match condition. More...
 
open_error_t openapiAclRuleMatchL4SrcPortGet (openapiClientHandle_t *client_handle, uint32_t aclId, uint32_t aclRule, OPEN_ACL_L4_PORT_OPERATOR_t *oper, uint32_t *startPort, uint32_t *endPort)
 Get a Layer 4 source port match condition. More...
 
open_error_t openapiAclRuleMatchLoggingAdd (openapiClientHandle_t *client_handle, uint32_t aclId, uint32_t aclRule, bool aclLogging)
 Set the logging flag for an access list rule. More...
 
open_error_t openapiAclRuleMatchLoggingGet (openapiClientHandle_t *client_handle, uint32_t aclId, uint32_t aclRule, bool *aclLogging)
 Gets the logging flag from an existing access list rule entry. More...
 
open_error_t openapiAclRuleMatchMacCos2Add (openapiClientHandle_t *client_handle, uint32_t aclId, uint32_t aclRule, uint32_t cos)
 Add a Secondary Class Of Server (COS) match condition. More...
 
open_error_t openapiAclRuleMatchMacCos2Get (openapiClientHandle_t *client_handle, uint32_t aclId, uint32_t aclRule, uint32_t *cos)
 Get the Secondary Class Of Server (COS) match condition. More...
 
open_error_t openapiAclRuleMatchMacCosAdd (openapiClientHandle_t *client_handle, uint32_t aclId, uint32_t aclRule, uint32_t cos)
 Add a Class Of Server (COS) match condition. More...
 
open_error_t openapiAclRuleMatchMacCosGet (openapiClientHandle_t *client_handle, uint32_t aclId, uint32_t aclRule, uint32_t *cos)
 Get the Class Of Server (COS) match condition. More...
 
open_error_t openapiAclRuleMatchMacDstMacAdd (openapiClientHandle_t *client_handle, uint32_t aclId, uint32_t aclRule, open_buffdesc *mac, open_buffdesc *mask)
 Add the destination MAC address and mask. More...
 
open_error_t openapiAclRuleMatchMacDstMacGet (openapiClientHandle_t *client_handle, uint32_t aclId, uint32_t aclRule, open_buffdesc *mac, open_buffdesc *mask)
 Get the destination MAC address and mask. More...
 
open_error_t openapiAclRuleMatchMacEtherTypeAdd (openapiClientHandle_t *client_handle, uint32_t aclId, uint32_t aclRule, uint32_t type)
 Add a MAC Ethertype match condition. More...
 
open_error_t openapiAclRuleMatchMacEtherTypeGet (openapiClientHandle_t *client_handle, uint32_t aclId, uint32_t aclRule, uint32_t *type)
 Get the MAC Ethertype match condition. More...
 
open_error_t openapiAclRuleMatchMacSecondaryVlanAdd (openapiClientHandle_t *client_handle, uint32_t aclId, uint32_t aclRule, OPEN_ACL_VLAN_OPERATOR_t oper, uint32_t startId, uint32_t endId)
 Add a Secondary VLAN match condition. More...
 
open_error_t openapiAclRuleMatchMacSecondaryVlanGet (openapiClientHandle_t *client_handle, uint32_t aclId, uint32_t aclRule, OPEN_ACL_VLAN_OPERATOR_t *oper, uint32_t *startId, uint32_t *endId)
 Get the Secondary VLAN match condition. More...
 
open_error_t openapiAclRuleMatchMacSrcMacAdd (openapiClientHandle_t *client_handle, uint32_t aclId, uint32_t aclRule, open_buffdesc *mac, open_buffdesc *mask)
 Add the source MAC address and mask. More...
 
open_error_t openapiAclRuleMatchMacSrcMacGet (openapiClientHandle_t *client_handle, uint32_t aclId, uint32_t aclRule, open_buffdesc *mac, open_buffdesc *mask)
 Get the source MAC address and mask. More...
 
open_error_t openapiAclRuleMatchMacVlanAdd (openapiClientHandle_t *client_handle, uint32_t aclId, uint32_t aclRule, OPEN_ACL_VLAN_OPERATOR_t oper, uint32_t startId, uint32_t endId)
 Add a VLAN match condition. More...
 
open_error_t openapiAclRuleMatchMacVlanGet (openapiClientHandle_t *client_handle, uint32_t aclId, uint32_t aclRule, OPEN_ACL_VLAN_OPERATOR_t *oper, uint32_t *startId, uint32_t *endId)
 Get the VLAN match condition. More...
 
open_error_t openapiAclRuleMatchMirrorAdd (openapiClientHandle_t *client_handle, uint32_t aclId, uint32_t aclRule, uint32_t intf)
 Set the mirror interface for an access list rule. More...
 
open_error_t openapiAclRuleMatchMirrorAgentAdd (openapiClientHandle_t *client_handle, uint32_t aclId, uint32_t aclRule, uint32_t agent)
 Add the mirror external agent id for an access list rule. More...
 
open_error_t openapiAclRuleMatchMirrorAgentGet (openapiClientHandle_t *client_handle, uint32_t aclId, uint32_t aclRule, uint32_t *agent)
 Get the mirror external agent id from an access list rule. More...
 
open_error_t openapiAclRuleMatchMirrorGet (openapiClientHandle_t *client_handle, uint32_t aclId, uint32_t aclRule, uint32_t *intf)
 Get the mirror interface from an existing access list rule entry. More...
 
open_error_t openapiAclRuleMatchPrecedenceAdd (openapiClientHandle_t *client_handle, uint32_t aclId, uint32_t aclRule, uint32_t precedence)
 Set the match condition precedence value. More...
 
open_error_t openapiAclRuleMatchPrecedenceGet (openapiClientHandle_t *client_handle, uint32_t aclId, uint32_t aclRule, uint32_t *precedence)
 Get the match condition for precedence value. More...
 
open_error_t openapiAclRuleMatchProtocolAdd (openapiClientHandle_t *client_handle, uint32_t aclId, uint32_t aclRule, uint32_t aclProtocol)
 Add a protocol to an existing access list rule. More...
 
open_error_t openapiAclRuleMatchProtocolGet (openapiClientHandle_t *client_handle, uint32_t aclId, uint32_t aclRule, uint32_t *aclProtocol)
 Gets the protocol from an existing access list rule entry. More...
 
open_error_t openapiAclRuleMatchRateLimitAdd (openapiClientHandle_t *client_handle, uint32_t aclId, uint32_t aclRule, uint32_t dataRate, uint32_t burstSize)
 Set the rate limit parameters for an access list rule. More...
 
open_error_t openapiAclRuleMatchRateLimitGet (openapiClientHandle_t *client_handle, uint32_t aclId, uint32_t aclRule, uint32_t *dataRate, uint32_t *burstSize)
 Get the rate limit parameters from an existing access list rule entry. More...
 
open_error_t openapiAclRuleMatchRedirectAdd (openapiClientHandle_t *client_handle, uint32_t aclId, uint32_t aclRule, uint32_t intf)
 Add the redirect interface for an access list rule. More...
 
open_error_t openapiAclRuleMatchRedirectAgentAdd (openapiClientHandle_t *client_handle, uint32_t aclId, uint32_t aclRule, uint32_t agent)
 Add the redirect external agent id for an access list rule. More...
 
open_error_t openapiAclRuleMatchRedirectAgentGet (openapiClientHandle_t *client_handle, uint32_t aclId, uint32_t aclRule, uint32_t *agent)
 Get the redirect agent Id from an access list rule. More...
 
open_error_t openapiAclRuleMatchRedirectGet (openapiClientHandle_t *client_handle, uint32_t aclId, uint32_t aclRule, uint32_t *intf)
 Get the redirect interface from an existing access list rule entry. More...
 
open_error_t openapiAclRuleMatchRoutingAdd (openapiClientHandle_t *client_handle, uint32_t aclId, uint32_t aclRule, bool flag)
 Set the routing flag for an access list rule. More...
 
open_error_t openapiAclRuleMatchRoutingGet (openapiClientHandle_t *client_handle, uint32_t aclId, uint32_t aclRule, bool *flag)
 Get the routing flag for an access list rule. More...
 
open_error_t openapiAclRuleMatchSflowSamplingAdd (openapiClientHandle_t *client_handle, uint32_t aclId, uint32_t aclRule, bool aclSflowSampling)
 Set the sFlow sampling flag for an access list rule. More...
 
open_error_t openapiAclRuleMatchSflowSamplingGet (openapiClientHandle_t *client_handle, uint32_t aclId, uint32_t aclRule, bool *aclSflowSampling)
 Gets the sFlow sampling flag from an existing access list rule entry. More...
 
open_error_t openapiAclRuleMatchTcpFlagsAdd (openapiClientHandle_t *client_handle, uint32_t aclId, uint32_t aclRule, uint32_t tcpVal, uint32_t tcpMask)
 Add a match condition using a TCP Control Flag and Mask. More...
 
open_error_t openapiAclRuleMatchTcpFlagsGet (openapiClientHandle_t *client_handle, uint32_t aclId, uint32_t aclRule, uint32_t *tcpVal, uint32_t *tcpMask)
 Get a match condition using a TCP Control Flag and Mask. More...
 
open_error_t openapiAclRuleMatchTimeRangeAdd (openapiClientHandle_t *client_handle, uint32_t aclId, uint32_t aclRule, open_buffdesc *name)
 Add the time range name for an access list rule. More...
 
open_error_t openapiAclRuleMatchTimeRangeGet (openapiClientHandle_t *client_handle, uint32_t aclId, uint32_t aclRule, open_buffdesc *name)
 Get the time range name assigned to access list rule. More...
 
open_error_t openapiAclRuleMatchTimeRangeStatusGet (openapiClientHandle_t *client_handle, uint32_t aclId, uint32_t aclRule, OPEN_ACL_RULE_STATUS_t *status)
 Get the rule status of an access list rule entry. More...
 
open_error_t openapiAclRuleMatchTosAdd (openapiClientHandle_t *client_handle, uint32_t aclId, uint32_t aclRule, open_buffdesc *tos, open_buffdesc *tosMask)
 Add a match condition based on the value of the IP ToS field. More...
 
open_error_t openapiAclRuleMatchTosGet (openapiClientHandle_t *client_handle, uint32_t aclId, uint32_t aclRule, open_buffdesc *tos, open_buffdesc *tosMask)
 Get the match condition for IP ToS field. More...
 
open_error_t openapiAclVlanDirAdd (openapiClientHandle_t *client_handle, uint32_t vlan, OPEN_ACL_DIRECTION_t dir, uint32_t aclId, uint32_t seqNum)
 Add an access list to the specified VLAN and direction. More...
 
open_error_t openapiAclVlanDirDelete (openapiClientHandle_t *client_handle, uint32_t vlan, OPEN_ACL_DIRECTION_t dir, uint32_t aclId)
 Remove an access list from the specified VLAN and direction. More...
 
open_error_t openapiAclVlanDirListGet (openapiClientHandle_t *client_handle, uint32_t vlan, OPEN_ACL_DIRECTION_t dir, OPEN_ACL_VLAN_DIR_LIST_t *listInfo)
 Get the list of ACLs currently assigned to the specified VLAN and direction. More...
 

Detailed Description

Enumeration Type Documentation

Supported Action Types.

Enumerator
OPEN_ACL_PERMIT 

Permit.

OPEN_ACL_DENY 

Deny.

Definition at line 133 of file openapi_acl.h.

Callers to ACL API functions use these values for interface direction.

Enumerator
OPEN_ACL_INBOUND_ACL 

Inbound.

OPEN_ACL_OUTBOUND_ACL 

Outbound.

OPEN_ACL_DIRECTION_TOTAL 

Total number of ACL directions defined.

Definition at line 165 of file openapi_acl.h.

Layer 4 Port Operator Flags.

Enumerator
OPEN_ACL_L4_PORT_OPERATOR_EQUAL_TO 

Port equal.

OPEN_ACL_L4_PORT_OPERATOR_NOT_EQUAL_TO 

Port not equal.

OPEN_ACL_L4_PORT_OPERATOR_LESS_THAN 

Port less than.

OPEN_ACL_L4_PORT_OPERATOR_GREATER_THAN 

Port greater than.

OPEN_ACL_L4_PORT_OPERATOR_RANGE 

Port range specified (start and end port)

Definition at line 148 of file openapi_acl.h.

Time Range Status.

Enumerator
OPEN_ACL_RULE_STATUS_NONE 

No State.

OPEN_ACL_RULE_STATUS_INACTIVE 

Inactive.

OPEN_ACL_RULE_STATUS_ACTIVE 

Active.

Definition at line 140 of file openapi_acl.h.

Supported Access List types.

Enumerator
OPEN_ACL_TYPE_NONE 

Undefined.

OPEN_ACL_TYPE_IP 

Named IP ACL.

OPEN_ACL_TYPE_MAC 

Named MAC ACL.

OPEN_ACL_TYPE_IPV6 

Named IPv6 ACL.

Definition at line 124 of file openapi_acl.h.

MAC VLAN Operator Flags.

Enumerator
OPEN_ACL_VLAN_OPERATOR_EQUAL_TO 

Id equal.

OPEN_ACL_VLAN_OPERATOR_RANGE 

Id range specified (start and end VLAN id)

Definition at line 158 of file openapi_acl.h.

Function Documentation

open_error_t openapiAclAssignedIntfDirListGet ( openapiClientHandle_t client_handle,
uint32_t  aclId,
OPEN_ACL_DIRECTION_t  dir,
OPEN_ACL_ASSIGNED_INTF_LIST_t intfList 
)

Get the list of interfaces currently assigned to the specified ACL and direction.

Parameters
[in]client_handleclient handle from registration API
[in]aclIdACL identifier
[in]dirinterface direction
[out]intfListlist of assigned interfaces
Return values
OPEN_E_NONEGet successful.
OPEN_E_FAILGet failed. No more valid ACLs
OPEN_E_PARAMError in parameter passed.
OPEN_E_FULLIf the intfList->intf array is not large enough to hold the maximum number interfaces.
Note
An ACL can be shared/associated with multiple interfaces.

OpEN API Version: 1.2

Examples:
acl_example.c.
open_error_t openapiAclAssignedVlanDirListGet ( openapiClientHandle_t client_handle,
uint32_t  aclId,
OPEN_ACL_DIRECTION_t  dir,
OPEN_ACL_ASSIGNED_VLAN_LIST_t vlanList 
)

Get the list of VLANs currently assigned to the specified ACL and direction.

Parameters
[in]client_handleclient handle from registration API
[in]aclIdACL identifier
[in]dirinterface direction
[out]vlanListlist of VLANS ids
Return values
OPEN_E_NONEGet successful.
OPEN_E_FAILGet failed. No more valid ACLs
OPEN_E_PARAMError in parameter passed.
OPEN_E_FULLIf the vlanList->vlan array is not large enough to hold the maximum number interfaces.
Note
An ACL can be shared/associated with multiple vlans.

OpEN API Version: 1.2

Examples:
acl_example.c.
open_error_t openapiAclCountersAdminModeSet ( openapiClientHandle_t client_handle,
uint32_t  adminMode 
)

Configures ACL counters admin mode.

Parameters
[in]client_handleclient handle from registration API
[in]adminModeadmin mode
Return values
OPEN_E_NONEDelete successful.
OPEN_E_ERRORAnother application has denied approval of this configuration change.
OPEN_E_INTERNALif hardware update failed.
OPEN_E_FAILDelete failed.
OPEN_E_PARAMError in parameter passed.
OPEN_E_UNAVAILACL feature is not supported on this platform.
Note
Calling this API will change the running configuration of the switch

OpEN API Version: 1.14

Examples:
acl_example.c.
open_error_t openapiAclCountGet ( openapiClientHandle_t client_handle,
uint32_t *  aclCount 
)

Get the current (total) number of configured ACLs.

Parameters
[in]client_handleclient handle from registration API
[out]aclCountNumber of ACLs
Return values
OPEN_E_NONEGet successful.
OPEN_E_FAILGet failed.
OPEN_E_PARAMError in parameter passed.

OpEN API Version: 1.2

Examples:
acl_example.c, and acl_pkt_cap.c.
open_error_t openapiAclCreate ( openapiClientHandle_t client_handle,
OPEN_ACL_TYPE_t  aclType,
open_buffdesc aclName,
uint32_t *  aclId 
)

Create a new Access List.

Parameters
[in]client_handleclient handle from registration API
[in]aclTypeACL type
[in]aclNameACL name
-Minimum value OPENAPI_ACL_NAME_LEN_MIN
-Maximum value OPENAPI_ACL_NAME_LEN_MAX
[out]aclIdNewly created ACL identifier
Return values
OPEN_E_NONECreate is successful
OPEN_E_EXISTSACL name already exists
OPEN_E_FAILCreate failed
OPEN_E_ERRORAnother application has denied approval of this configuration change
OPEN_E_FULLIf the maximum number of ACLs or rule nodes already created
OPEN_E_PARAMError in parameter passed
OPEN_E_UNAVAILACL feature is not supported on this platform.
Note
Calling this API will change the running configuration of the switch.
From OpEN API Version 1.15 onwards, setting resourceTrackingFlag for a given client handle will ensure that the TCAM policy (resource) created in hardware gets freed when the client ceases to exist. openapiClientResourceTrackingSet OpEN API can be used to enable or disable resourceTrackingFlag.

OpEN API Version: 1.2

Examples:
acl_example.c, and acl_pkt_cap.c.
open_error_t openapiAclDelete ( openapiClientHandle_t client_handle,
uint32_t  aclId 
)

Delete an Access List.

Parameters
[in]client_handleclient handle from registration API
[in]aclIdACL identifier
Return values
OPEN_E_NONEDelete is successful.
OPEN_E_FAILDelete failed
OPEN_E_NOT_FOUNDACL not found
OPEN_E_ERRORAnother application has denied approval of this configuration change
OPEN_E_PARAMError in parameter passed.
OPEN_E_UNAVAILACL feature is not supported on this platform.
Note
Calling this API will change the running configuration of the switch.
From OpEN API Version 1.15 onwards, setting resourceTrackingFlag for a given client handle will ensure that the TCAM policy (resource) created in hardware gets freed when the client ceases to exist. openapiClientResourceTrackingSet OpEN API can be used to enable or disable resourceTrackingFlag.

OpEN API Version: 1.2

Examples:
acl_example.c.
open_error_t openapiAclDeleteByName ( openapiClientHandle_t client_handle,
OPEN_ACL_TYPE_t  aclType,
open_buffdesc aclName 
)

Delete an Access List by its name.

Parameters
[in]client_handleclient handle from registration API
[in]aclTypeACL type
[in]aclNameACL name
-Minimum value OPENAPI_ACL_NAME_LEN_MIN
-Maximum value OPENAPI_ACL_NAME_LEN_MAX
Return values
OPEN_E_NONEDelete is successful.
OPEN_E_FAILDelete failed
OPEN_E_NOT_FOUNDACL not found
OPEN_E_ERRORAnother application has denied approval of this configuration change
OPEN_E_PARAMError in parameter passed.
OPEN_E_UNAVAILACL feature is not supported on this platform.
Note
Calling this API will change the running configuration of the switch.
From OpEN API Version 1.15 onwards, setting resourceTrackingFlag for a given client handle will ensure that the TCAM policy (resource) created in hardware gets freed when the client ceases to exist. openapiClientResourceTrackingSet OpEN API can be used to enable or disable resourceTrackingFlag.

OpEN API Version: 1.2

Examples:
acl_example.c, and acl_pkt_cap.c.
open_error_t openapiAclGet ( openapiClientHandle_t client_handle,
OPEN_ACL_TYPE_t  aclType,
open_buffdesc aclName,
uint32_t *  aclId 
)

Get the Access List identifier for the given ACL name.

Parameters
[in]client_handleclient handle from registration API
[in]aclTypeACL type
[in]aclNameACL name
-Minimum value OPENAPI_ACL_NAME_LEN_MIN
-Maximum value OPENAPI_ACL_NAME_LEN_MAX
[out]aclIdACL identifier
Return values
OPEN_E_NONEGet successful.
OPEN_E_FAILGet failed.
OPEN_E_NOT_FOUNDACL name not found
OPEN_E_PARAMError in parameter passed.
OPEN_E_UNAVAILACL feature is not supported on this platform.

OpEN API Version: 1.2

Examples:
acl_example.c, and acl_pkt_cap.c.
open_error_t openapiAclGetFirst ( openapiClientHandle_t client_handle,
OPEN_ACL_TYPE_t  aclType,
uint32_t *  aclId 
)

Get the first named access list identifier created in the system.

Parameters
[in]client_handleclient handle from registration API
[in]aclTypeACL type
[out]aclIdACL identifier
Return values
OPEN_E_NONEGet successful.
OPEN_E_FAILNo named ACLs exist in the system.
OPEN_E_PARAMError in parameter passed.
OPEN_E_UNAVAILACL feature is not supported on this platform.

OpEN API Version: 1.2

Examples:
acl_example.c.
open_error_t openapiAclGetNext ( openapiClientHandle_t client_handle,
OPEN_ACL_TYPE_t  aclType,
uint32_t  aclId,
uint32_t *  nextAclId 
)

Get the next named access list identifier created in the system.

Parameters
[in]client_handleclient handle from registration API
[in]aclTypeACL type
[in]aclIdLast ACL identifier
[out]nextAclIdACL identifier
Return values
OPEN_E_NONEGet successful.
OPEN_E_FAILNo more named ACLs
OPEN_E_PARAMError in parameter passed.
OPEN_E_UNAVAILACL feature is not supported on this platform.

OpEN API Version: 1.2

Examples:
acl_example.c.
open_error_t openapiAclGlobalDelete ( openapiClientHandle_t client_handle,
uint32_t  asic,
uint32_t  aclId 
)

Remove ACL from all interfaces.

Parameters
[in]client_handleclient handle from registration API
[in]asicunit
[in]aclIdACL identifier
Return values
OPEN_E_NONEGet successful.
OPEN_E_FAILGet failed.
OPEN_E_PARAMError in parameter passed.
OPEN_E_UNAVAILACL feature is not supported on this platform.

OpEN API Version: 1.14

Examples:
acl_example.c.
open_error_t openapiAclIntfDirAdd ( openapiClientHandle_t client_handle,
uint32_t  intf,
OPEN_ACL_DIRECTION_t  dir,
uint32_t  aclId,
uint32_t  seqNum 
)

Add an access list to the specified interface and direction.

Parameters
[in]client_handleclient handle from registration API
[in]intfinternal interface number
-Minimum value 1
-Maximum value openapiMaxInterfaceCountGet()
[in]dirinterface direction
[in]aclIdACL identifier
[in]seqNumthe ACL evaluation order sequence number
-Minimum value OPENAPI_ACL_INTF_SEQ_NUM_MIN
-Maximum value OPENAPI_ACL_INTF_SEQ_NUM_MAX
Return values
OPEN_E_NONEACL successfully added intf and dir
OPEN_E_ERRORAnother application has denied approval of this configuration change.
OPEN_E_EXISTSintf and dir is already assigned an ACL
OPEN_E_FAILAdd failed or intf and dir is not ACL compatible.
OPEN_E_FULLACL assignment is at capacity for intf and dir
OPEN_E_INTERNALIf hardware update failed.
OPEN_E_PARAMError in parameter passed.
OPEN_E_UNAVAILACL feature is not supported on this platform.
Note
Calling this API will change the running configuration of the switch
This API supports ACLs with IP, IPV6, and MAC ACL types (OPEN_ACL_TYPE_t) and is available for use if the associated feature is supported on this platform.
The interface type and direction supported for ACL use depends on the capabilities of the platform.
The control plane of the CPU can also be used to filter traffic. Use the openapiCpuIntfGet() API to determine the intf number while specifying an OPEN_ACL_OUTBOUND_ACL direction.

FD_CNFGR_NIM_MIN_CPU_INTF_NUM

OpEN API Version: 1.2

Examples:
acl_example.c, and acl_pkt_cap.c.
open_error_t openapiAclIntfDirDelete ( openapiClientHandle_t client_handle,
uint32_t  intf,
OPEN_ACL_DIRECTION_t  dir,
uint32_t  aclId 
)

Remove an access list from the specified interface and direction.

Parameters
[in]client_handleclient handle from registration API
[in]intfinternal interface number
-Minimum value 1
-Maximum value openapiMaxInterfaceCountGet()
[in]dirinterface direction
[in]aclIdACL identifier
Return values
OPEN_E_NONEACL successfully added intf and dir
OPEN_E_ERRORAnother application has denied approval of this configuration change.
OPEN_E_FAILAdd failed or intf and dir is not ACL compatible.
OPEN_E_INTERNALIf hardware update failed.
OPEN_E_PARAMError in parameter passed.
OPEN_E_UNAVAILACL feature is not supported on this platform.
Note
Calling this API will change the running configuration of the switch
This API supports ACLs with IP, IPV6, and MAC ACL types (OPEN_ACL_TYPE_t) and is available for use if the associated feature is supported on this platform.

OpEN API Version: 1.2

Examples:
acl_example.c.
open_error_t openapiAclIntfDirGetNext ( openapiClientHandle_t client_handle,
uint32_t  intf,
OPEN_ACL_DIRECTION_t  dir,
uint32_t *  nextIntf,
OPEN_ACL_DIRECTION_t nextDir 
)

Get next sequential interface and direction that is valid for use with an ACL.

Parameters
[in]client_handleclient handle from registration API
[in]intfinternal interface number
-Minimum value 1
-Maximum value openapiMaxInterfaceCountGet()
[in]dirinterface direction
[out]nextIntfnext internal interface number
[out]nextDirnext interface direction
Return values
OPEN_E_NONEGet successful.
OPEN_E_FAILGet failed. No more valid interfaces for ACL
OPEN_E_PARAMError in parameter passed.
Note
Passing a zero intf indicates a request to return the first available interface.
The interface type and direction supported for ACL use depends on the capabilities of the platform.
This API only provides an interface and direction that is usable for ACLs. It does not indicate whether any ACLs are currently assigned to the interface and direction (see openapiAclIsInterfaceInUse()).

OpEN API Version: 1.2

Examples:
acl_example.c.
open_error_t openapiAclIntfDirListGet ( openapiClientHandle_t client_handle,
uint32_t  intf,
OPEN_ACL_DIRECTION_t  dir,
OPEN_ACL_INTF_DIR_LIST_t listInfo 
)

Get the list of ACLs currently assigned to the specified interface and direction.

Parameters
[in]client_handleclient handle from registration API
[in]intfinternal interface number
-Minimum value 1
-Maximum value openapiMaxInterfaceCountGet()
[in]dirinterface direction
[out]listInfolist of assigned ACLs
Return values
OPEN_E_NONEGet successful.
OPEN_E_FAILGet failed. No more valid ACLs
OPEN_E_PARAMError in parameter passed.
OPEN_E_FULLIf the listInfo->listEntry array is not large enough to hold the maximum ACL entries.
Note
An ACL can be shared/associated with multiple interfaces.
The aclId contained in the output listInfo must be interpreted based on the aclType (OPEN_ACL_TYPE_t).

OpEN API Version: 1.2

Examples:
acl_example.c.
open_error_t openapiAclIsDaclGet ( openapiClientHandle_t client_handle,
OPEN_ACL_TYPE_t  aclType,
uint32_t  aclId,
OPEN_BOOL_t isDacl 
)

Get whether ACL is downloadable or not.

Parameters
[in]client_handleclient handle from registration API
[in]aclTypeACL type
[in]aclIdACL identifier
[out]isDaclget whether ACL is downloadable or not
Return values
OPEN_E_NONEGetting Status successful
OPEN_E_FAILFiled to get the dynamic ACL status
OPEN_E_PARAMError in parameter passed
OPEN_E_UNAVAILACL feature is not supported on this platform.

OpEN API Version: 1.15

open_error_t openapiAclIsIntfInUse ( openapiClientHandle_t client_handle,
uint32_t  intf,
OPEN_ACL_DIRECTION_t  dir,
OPEN_CONTROL_t inUse 
)

Check if an interface and direction is in use by any access list.

Parameters
[in]client_handleclient handle from registration API
[in]intfinternal interface number
-Minimum value 1
-Maximum value openapiMaxInterfaceCountGet()
[in]dirinterface direction
[out]inUsetrue if at least one ACL is attached.
Return values
OPEN_E_NONEGet successful.
OPEN_E_FAILGet failed. No more valid interfaces for ACL
OPEN_E_PARAMError in parameter passed.
Note
The interface type and direction supported for ACL use depends on the capabilities of the platform.

OpEN API Version: 1.2

Examples:
acl_example.c.
open_error_t openapiAclIsVlanInUse ( openapiClientHandle_t client_handle,
uint32_t  vlan,
OPEN_ACL_DIRECTION_t  dir,
OPEN_CONTROL_t inUse 
)

Check if a VLAN and direction is in use by any access list.

Parameters
[in]client_handleclient handle from registration API
[in]vlanVLAN id
-Minimum value OPENAPI_ACL_VLAN_ID_MIN
-Maximum value OPENAPI_ACL_VLAN_ID_MAX
[in]dirinterface direction
[out]inUsetrue if at least one ACL is attached.
Return values
OPEN_E_NONEGet successful.
OPEN_E_FAILGet failed. No more valid interfaces for ACL
OPEN_E_PARAMError in parameter passed.
Note
The VLAN and direction supported for ACL use depends on the capabilities of the platform.

OpEN API Version: 1.2

open_error_t openapiAclMacCountGet ( openapiClientHandle_t client_handle,
uint32_t *  aclCount 
)

Get the current number of configured MAC ACLs.

Parameters
[in]client_handleclient handle from registration API
[out]aclCountNumber of ACLs
Return values
OPEN_E_NONEGet successful.
OPEN_E_FAILGet failed.
OPEN_E_PARAMError in parameter passed.

OpEN API Version: 1.2

Examples:
acl_example.c, and acl_pkt_cap.c.
open_error_t openapiAclMaxAclIntfCountGet ( openapiClientHandle_t client_handle,
uint32_t *  maxIntf 
)

Get the maximum number of ACL Interfaces on this platform.

Parameters
[in]client_handleclient handle from registration API
[out]maxIntfmaximum number of interfaces.
Return values
OPEN_E_NONEGet successful.
OPEN_E_FAILGet failed.
OPEN_E_PARAMError in parameter passed.

OpEN API Version: 1.2

Examples:
acl_example.c.
open_error_t openapiAclMaxAclVlanCountGet ( openapiClientHandle_t client_handle,
uint32_t *  maxVlan 
)

Get the maximum number of ACL VLANs on this platform.

Parameters
[in]client_handleclient handle from registration API
[out]maxVlanmaximum number of VLANs
Return values
OPEN_E_NONEGet successful.
OPEN_E_FAILGet failed.
OPEN_E_PARAMError in parameter passed.

OpEN API Version: 1.2

Examples:
acl_example.c.
open_error_t openapiAclMaxAssignQueueGet ( openapiClientHandle_t client_handle,
uint32_t *  maxQueue 
)

Get the maximum queue id value for a match criteria.

Parameters
[in]client_handleclient handle from registration API
[out]maxQueuemaximum queue id value supported
Return values
OPEN_E_NONEGet successful.
OPEN_E_FAILGet failed.
OPEN_E_PARAMError in parameter passed.

OpEN API Version: 1.2

Examples:
acl_example.c.
open_error_t openapiAclMaxCountGet ( openapiClientHandle_t client_handle,
uint32_t *  maxACL 
)

Get the maximum number of ACLs that can be configured.

Parameters
[in]client_handleclient handle from registration API
[out]maxACLmaximum number of ACLs
Return values
OPEN_E_NONEGet successful.
OPEN_E_FAILGet failed.
OPEN_E_PARAMError in parameter passed.

OpEN API Version: 1.2

open_error_t openapiAclMaxIntfAclCountGet ( openapiClientHandle_t client_handle,
uint32_t *  maxACL 
)

Get the maximum number of ACLs per interface on this platform.

Parameters
[in]client_handleclient handle from registration API
[out]maxACLmaximum number of ACLs
Return values
OPEN_E_NONEGet successful.
OPEN_E_FAILGet failed.
OPEN_E_PARAMError in parameter passed.

OpEN API Version: 1.2

open_error_t openapiAclMaxMirrorIntfCountGet ( openapiClientHandle_t client_handle,
uint32_t *  maxIntf 
)

Get the maximum mirror interface count for a match criteria.

Parameters
[in]client_handleclient handle from registration API
[out]maxIntfmaximum number of interfaces.
Return values
OPEN_E_NONEGet successful.
OPEN_E_FAILGet failed.
OPEN_E_PARAMError in parameter passed.

OpEN API Version: 1.2

open_error_t openapiAclMaxRedirectIntfCountGet ( openapiClientHandle_t client_handle,
uint32_t *  maxIntf 
)

Get the maximum redirect interface count for a match criteria.

Parameters
[in]client_handleclient handle from registration API
[out]maxIntfmaximum number of interfaces.
Return values
OPEN_E_NONEGet successful.
OPEN_E_FAILGet failed.
OPEN_E_PARAMError in parameter passed.

OpEN API Version: 1.2

open_error_t openapiAclMaxVlanAclCountGet ( openapiClientHandle_t client_handle,
uint32_t *  maxACL 
)

Get the maximum number of ACLs per VLAN on this platform.

Parameters
[in]client_handleclient handle from registration API
[out]maxACLmaximum number of ACLs
Return values
OPEN_E_NONEGet successful.
OPEN_E_FAILGet failed.
OPEN_E_PARAMError in parameter passed.

OpEN API Version: 1.2

open_error_t openapiAclNameGet ( openapiClientHandle_t client_handle,
uint32_t  aclId,
open_buffdesc aclName 
)

Get the Access List name for the given ACL.

Parameters
[in]client_handleclient handle from registration API
[in]aclIdACL identifier
[out]aclNameACL name
-Minimum value OPENAPI_ACL_NAME_LEN_MIN
-Maximum value OPENAPI_ACL_NAME_LEN_MAX
Return values
OPEN_E_NONEGet successful.
OPEN_E_FAILGet failed.
OPEN_E_PARAMError in parameter passed.
OPEN_E_UNAVAILACL feature is not supported on this platform.

OpEN API Version: 1.2

Examples:
acl_example.c.
open_error_t openapiAclRename ( openapiClientHandle_t client_handle,
uint32_t  aclId,
open_buffdesc aclName 
)

Change the Access List name.

Parameters
[in]client_handleclient handle from registration API
[in]aclIdACL identifier
[in]aclNameNew ACL name
-Minimum value OPENAPI_ACL_NAME_LEN_MIN
-Maximum value OPENAPI_ACL_NAME_LEN_MAX
Return values
OPEN_E_NONESet successful.
OPEN_E_EXISTSSet failed, ACL name already exists.
OPEN_E_FAILSet failed.
OPEN_E_PARAMError in parameter passed.
OPEN_E_UNAVAILACL feature is not supported on this platform.
Note
Calling this API will change the running configuration of the switch.

OpEN API Version: 1.2

Examples:
acl_example.c.
open_error_t openapiAclRouteFilter ( openapiClientHandle_t client_handle,
uint32_t  aclId,
uint32_t  routePrefix,
uint32_t  routeMask,
OPEN_ACL_ACTION_t aclAction 
)

Apply an ACL as a route filter.

Parameters
[in]client_handleclient handle from registration API
[in]aclIdACL identifier
[in]routePrefixDestination prefix of route
[in]routeMaskDestination mask of route
[out]aclActionon action type (permit/deny)
Return values
OPEN_E_UNAVAILACL feature is not supported on this platform.
OPEN_E_NONEGet successful.
OPEN_E_FAILGet failed.
OPEN_E_PARAMError in parameter passed.

OpEN API Version: 1.3

Examples:
acl_example.c.
open_error_t openapiAclRuleActionAdd ( openapiClientHandle_t client_handle,
uint32_t  aclId,
uint32_t *  aclRule,
OPEN_ACL_ACTION_t  aclAction 
)

Add a new rule and its associated action to the given ACL.

Parameters
[in]client_handleclient handle from registration API
[in]aclIdACL identifier
[in,out]aclRuleACL rule
[in]aclActionACL action
Return values
OPEN_E_NONESet successful.
OPEN_E_ERRORAnother application has denied approval of this configuration change
OPEN_E_INTERNALIf hardware update failed.
OPEN_E_FAILSet failed.
OPEN_E_PARAMError in parameter passed.
OPEN_E_UNAVAILACL feature is not supported on this platform.
Note
Calling this API will change the running configuration of the switch
To create a new rule using the next available ACL rule number, set aclRule to zero. The new rule is also returned.

OpEN API Version: 1.2

Examples:
acl_example.c, and acl_pkt_cap.c.
open_error_t openapiAclRuleActionGet ( openapiClientHandle_t client_handle,
uint32_t  aclId,
uint32_t  aclRule,
OPEN_ACL_ACTION_t aclAction 
)

Get the action for a rule.

Parameters
[in]client_handleclient handle from registration API
[in]aclIdACL identifier
[in]aclRuleACL rule
[out]aclActionon action type (permit/deny)
Return values
OPEN_E_UNAVAILACL feature is not supported on this platform.
OPEN_E_NONEGet successful.
OPEN_E_FAILGet failed.
OPEN_E_PARAMError in parameter passed.

OpEN API Version: 1.2

Examples:
acl_example.c, and acl_pkt_cap.c.
open_error_t openapiAclRuleCountersClear ( openapiClientHandle_t client_handle,
uint32_t  asic,
uint32_t  aclId,
uint32_t  ruleNum 
)

Clear ACL rule counters.

Parameters
[in]client_handleclient handle from registration API
[in]asicunit
[in]aclIdACL identifier
[in]ruleNumACL rule
Return values
OPEN_E_NONEGet successful.
OPEN_E_FAILGet failed.
OPEN_E_PARAMError in parameter passed.
OPEN_E_UNAVAILACL feature is not supported on this platform.

OpEN API Version: 1.14

Examples:
acl_example.c.
open_error_t openapiAclRuleCountGet ( openapiClientHandle_t client_handle,
uint32_t  asic,
uint32_t  aclId,
uint32_t  ruleNum,
uint32_t  ruleAction,
uint64_t *  hitPktCount 
)

Get ACL rule hit count.

Parameters
[in]client_handleclient handle from registration API
[in]asicunit
[in]aclIdACL identifier
[in]ruleNumACL rule
[in]ruleActionACL rule action.
[out]hitPktCountACL rule hit count.
Return values
OPEN_E_NONEGet successful.
OPEN_E_FAILGet failed.
OPEN_E_PARAMError in parameter passed.
OPEN_E_UNAVAILACL feature is not supported on this platform.

OpEN API Version: 1.14

Examples:
acl_example.c.
open_error_t openapiAclRuleDelete ( openapiClientHandle_t client_handle,
uint32_t  asic,
uint32_t  aclId,
uint32_t  ruleId 
)

Delete a specific rule from the given ACL.

Parameters
[in]client_handleclient handle from registration API
[in]asicunit
[in]aclIdACL identifier
[in]ruleIdRule identifier
Return values
OPEN_E_NONEDelete successful.
OPEN_E_ERRORAnother application has denied approval of this configuration change.
OPEN_E_INTERNALif hardware update failed.
OPEN_E_FAILDelete failed.
OPEN_E_PARAMError in parameter passed.
OPEN_E_UNAVAILACL feature is not supported on this platform.
Note
Calling this API will change the running configuration of the switch

OpEN API Version: 1.14

Examples:
acl_example.c.
open_error_t openapiAclRuleDeleteLast ( openapiClientHandle_t client_handle,
uint32_t  aclId 
)

Delete the last rule for the given ACL.

Parameters
[in]client_handleclient handle from registration API
[in]aclIdACL identifier
Return values
OPEN_E_NONEDelete successful.
OPEN_E_ERRORAnother application has denied approval of this configuration change.
OPEN_E_INTERNALif hardware update failed.
OPEN_E_FAILDelete failed.
OPEN_E_PARAMError in parameter passed.
OPEN_E_UNAVAILACL feature is not supported on this platform.
Note
Calling this API will change the running configuration of the switch

OpEN API Version: 1.2

open_error_t openapiAclRuleGetFirst ( openapiClientHandle_t client_handle,
uint32_t  aclId,
uint32_t *  aclRule 
)

Get the rule for the given ACL.

Parameters
[in]client_handleclient handle from registration API
[in]aclIdACL identifier
[out]aclRuleACL rule
Return values
OPEN_E_UNAVAILACL feature is not supported on this platform.
OPEN_E_NONEGet successful.
OPEN_E_FAILGet failed.
OPEN_E_PARAMError in parameter passed.

OpEN API Version: 1.2

Examples:
acl_example.c.
open_error_t openapiAclRuleGetNext ( openapiClientHandle_t client_handle,
uint32_t  aclId,
uint32_t  aclRule,
uint32_t *  nextAclRule 
)

Get the next rule for the given ACL.

Parameters
[in]client_handleclient handle from registration API
[in]aclIdACL identifier
[in]aclRuleACL rule
[out]nextAclRulenext ACL rule
Return values
OPEN_E_UNAVAILACL feature is not supported on this platform.
OPEN_E_NONEGet successful.
OPEN_E_FAILGet failed.
OPEN_E_PARAMError in parameter passed.

OpEN API Version: 1.2

Examples:
acl_example.c.
open_error_t openapiAclRuleGlobalApply ( openapiClientHandle_t client_handle,
uint32_t  asic,
uint32_t  aclId,
uint32_t  seqNum 
)

Apply ACL rule to all interfaces.

Parameters
[in]client_handleclient handle from registration API
[in]asicunit
[in]aclIdACL identifier
[in]seqNumACL sequence number
Return values
OPEN_E_NONEGet successful.
OPEN_E_FAILGet failed.
OPEN_E_PARAMError in parameter passed.
OPEN_E_UNAVAILACL feature is not supported on this platform.

OpEN API Version: 1.14

Examples:
acl_example.c.
open_error_t openapiAclRuleMatchAssignQueueAdd ( openapiClientHandle_t client_handle,
uint32_t  aclId,
uint32_t  aclRule,
uint32_t  queueId 
)

Set the assigned queue id for an access list rule.

Parameters
[in]client_handleclient handle from registration API
[in]aclIdACL identifier
[in]aclRuleACL rule
[in]queueIdqueue identifier
-Minimum value OPENAPI_ACL_ASSIGN_QUEUE_MIN
-Maximum value openapiAclMaxAssignQueueGet()
Return values
OPEN_E_NONESet successful.
OPEN_E_FAILSet failed.
OPEN_E_PARAMError in parameter passed.
OPEN_E_ERRORAnother application has denied approval of this configuration change.
OPEN_E_UNAVAILACL feature is not supported on this platform.
Note
Calling this API will change the running configuration of the switch
This API supports ACLs with IP, IPV6, and MAC ACL types (OPEN_ACL_TYPE_t) and is available for use if the associated feature is supported on this platform.

OpEN API Version: 1.2

Examples:
acl_example.c.
open_error_t openapiAclRuleMatchAssignQueueGet ( openapiClientHandle_t client_handle,
uint32_t  aclId,
uint32_t  aclRule,
uint32_t *  queueId 
)

Gets the assigned queue id for an access list rule.

Parameters
[in]client_handleclient handle from registration API
[in]aclIdACL identifier
[in]aclRuleACL rule
[out]queueIdqueue identifier
Return values
OPEN_E_NONEGet successful.
OPEN_E_FAILGet failed.
OPEN_E_PARAMError in parameter passed.
OPEN_E_UNAVAILACL feature is not supported on this platform.
Note
This API supports ACLs with IP, IPV6, and MAC ACL types (OPEN_ACL_TYPE_t) and is available for use if the associated feature is supported on this platform.

OpEN API Version: 1.2

Examples:
acl_example.c.
open_error_t openapiAclRuleMatchDscpAdd ( openapiClientHandle_t client_handle,
uint32_t  aclId,
uint32_t  aclRule,
uint32_t  dscp 
)

Set the DSCP value for an access list rule.

Parameters
[in]client_handleclient handle from registration API
[in]aclIdACL identifier
[in]aclRuleACL rule
[in]dscpDSCP value
-Minimum value OPENAPI_ACL_DSCP_MIN
-Maximum value OPENAPI_ACL_DSCP_MAX
Return values
OPEN_E_NONESet successful.
OPEN_E_FAILSet failed.
OPEN_E_PARAMError in parameter passed.
OPEN_E_ERRORAnother application has denied approval of this configuration change.
OPEN_E_UNAVAILACL feature is not supported on this platform.
Note
Calling this API will change the running configuration of the switch
This API supports ACLs with IP and IPV6 ACL types (OPEN_ACL_TYPE_t) and is available for use if the associated feature is supported on this platform.
The following known DSCP keywords are provided for convenience.

OpEN API Version: 1.2

Examples:
acl_example.c.
open_error_t openapiAclRuleMatchDscpGet ( openapiClientHandle_t client_handle,
uint32_t  aclId,
uint32_t  aclRule,
uint32_t *  dscp 
)

Gets the DSCP value for an access list rule.

Parameters
[in]client_handleclient handle from registration API
[in]aclIdACL identifier
[in]aclRuleACL rule
[out]dscpDSCP value
Return values
OPEN_E_NONEGet successful.
OPEN_E_FAILGet failed.
OPEN_E_PARAMError in parameter passed.
OPEN_E_UNAVAILACL feature is not supported on this platform.
Note
This API supports ACLs with IP and IPV6 ACL types (OPEN_ACL_TYPE_t) and is available for use if the associated feature is supported on this platform.
The following known DSCP keywords are provided for convenience.

OpEN API Version: 1.2

Examples:
acl_example.c.
open_error_t openapiAclRuleMatchEveryAdd ( openapiClientHandle_t client_handle,
uint32_t  aclId,
uint32_t  aclRule,
bool  aclMatch 
)

Set the match condition whereby all packets match for the ACL rule.

Parameters
[in]client_handleclient handle from registration API
[in]aclIdACL identifier
[in]aclRuleACL rule
[in]aclMatchmatch condition (true/false)
Return values
OPEN_E_NONESet successful.
OPEN_E_FAILSet failed.
OPEN_E_PARAMError in parameter passed.
OPEN_E_ERRORAnother application has denied approval of this configuration change.
OPEN_E_UNAVAILACL feature is not supported on this platform.
Note
Calling this API will change the running configuration of the switch
This routine sets the range of all the filtering criteria in a rule to the maximum, in an existing access list.
This API supports ACLs with IP, IPV6, and MAC ACL types (OPEN_ACL_TYPE_t) and is available for use if the associated feature is supported on this platform.

OpEN API Version: 1.2

Examples:
acl_example.c, and acl_pkt_cap.c.
open_error_t openapiAclRuleMatchEveryGet ( openapiClientHandle_t client_handle,
uint32_t  aclId,
uint32_t  aclRule,
bool *  aclMatch 
)

Gets the match-all (every) status for a rule.

Parameters
[in]client_handleclient handle from registration API
[in]aclIdACL identifier
[in]aclRuleACL rule
[out]aclMatchmatch every packet
Return values
OPEN_E_NONEGet successful.
OPEN_E_FAILGet failed.
OPEN_E_PARAMError in parameter passed.
OPEN_E_UNAVAILACL feature is not supported on this platform.
Note
This API supports ACLs with IP, IPV6, and MAC ACL types (OPEN_ACL_TYPE_t) and is available for use if the associated feature is supported on this platform.

OpEN API Version: 1.2

Examples:
acl_example.c, and acl_pkt_cap.c.
open_error_t openapiAclRuleMatchFlowLabelAdd ( openapiClientHandle_t client_handle,
uint32_t  aclId,
uint32_t  aclRule,
uint32_t  label 
)

Set the flow label for an access list rule.

Parameters
[in]client_handleclient handle from registration API
[in]aclIdACL identifier
[in]aclRuleACL rule
[in]labelflow label value
-Minimum value OPENAPI_ACL_FLOW_LABEL_MIN
-Maximum value OPENAPI_ACL_FLOW_LABEL_MAX
Return values
OPEN_E_NONESet successful.
OPEN_E_FAILSet failed.
OPEN_E_PARAMError in parameter passed.
OPEN_E_ERRORAnother application has denied approval of this configuration change.
OPEN_E_UNAVAILACL feature is not supported on this platform.
Note
Calling this API will change the running configuration of the switch
This API supports ACLs with an IPV6 ACL type (OPEN_ACL_TYPE_t) and is available for use if the associated feature is supported on this platform.

OpEN API Version: 1.2

Examples:
acl_example.c.
open_error_t openapiAclRuleMatchFlowLabelGet ( openapiClientHandle_t client_handle,
uint32_t  aclId,
uint32_t  aclRule,
uint32_t *  label 
)

Gets the flow label for an access list rule.

Parameters
[in]client_handleclient handle from registration API
[in]aclIdACL identifier
[in]aclRuleACL rule
[out]labelflow label value
Return values
OPEN_E_NONEGet successful.
OPEN_E_FAILGet failed.
OPEN_E_PARAMError in parameter passed.
OPEN_E_UNAVAILACL feature is not supported on this platform.
Note
This API supports ACLs with an IPV6 ACL type (OPEN_ACL_TYPE_t) and is available for use if the associated feature is supported on this platform.

OpEN API Version: 1.2

Examples:
acl_example.c.
open_error_t openapiAclRuleMatchFragmentsAdd ( openapiClientHandle_t client_handle,
uint32_t  aclId,
uint32_t  aclRule,
bool  fragments 
)

Set the match condition to match on non-initial fragmented packets.

Parameters
[in]client_handleclient handle from registration API
[in]aclIdACL identifier
[in]aclRuleACL rule
[in]fragmentsmatch (true/false)
Return values
OPEN_E_NONESet successful.
OPEN_E_FAILSet failed.
OPEN_E_PARAMError in parameter passed.
OPEN_E_ERRORAnother application has denied approval of this configuration change.
OPEN_E_UNAVAILACL feature is not supported on this platform.
Note
Calling this API will change the running configuration of the switch
This API supports ACLs with IP and IPV6 ACL types (OPEN_ACL_TYPE_t) and is available for use if the associated feature is supported on this platform.

OpEN API Version: 1.2

Examples:
acl_example.c.
open_error_t openapiAclRuleMatchFragmentsGet ( openapiClientHandle_t client_handle,
uint32_t  aclId,
uint32_t  aclRule,
bool *  fragments 
)

Get the match condition for non-initial fragmented packets.

Parameters
[in]client_handleclient handle from registration API
[in]aclIdACL identifier
[in]aclRuleACL rule
[out]fragmentsmatch (true/false)
Return values
OPEN_E_NONEGet successful.
OPEN_E_FAILGet failed.
OPEN_E_PARAMError in parameter passed.
OPEN_E_UNAVAILACL feature is not supported on this platform.
Note
This API supports ACLs with IP and IPV6 ACL types (OPEN_ACL_TYPE_t) and is available for use if the associated feature is supported on this platform.

OpEN API Version: 1.2

Examples:
acl_example.c.
open_error_t openapiAclRuleMatchIcmpTypeCodeAdd ( openapiClientHandle_t client_handle,
uint32_t  aclId,
uint32_t  aclRule,
bool  addCode,
uint32_t  type,
uint32_t  code 
)

Add a match condition for ICMP parameters to an existing access list rule.

Parameters
[in]client_handleclient handle from registration API
[in]aclIdACL identifier
[in]aclRuleACL rule
[in]addCodeSet to true if API should set the ICMP code
[in]typeICMP type
-Minimum value OPENAPI_ACL_ICMP_TYPE_MIN
-Maximum value OPENAPI_ACL_ICMP_TYPE_MAX
[in]codeICMP code (if applicable)
-Minimum value OPENAPI_ACL_ICMP_CODE_MIN
-Maximum value OPENAPI_ACL_ICMP_CODE_MAX
Return values
OPEN_E_NONESet successful.
OPEN_E_FAILSet failed.
OPEN_E_PARAMError in parameter passed.
OPEN_E_ERRORAnother application has denied approval of this configuration change.
OPEN_E_UNAVAILACL feature is not supported on this platform.
Note
Calling this API will change the running configuration of the switch.
This API supports ACLs with IP or IPV6 ACL types (OPEN_ACL_TYPE_t) and is available for use if the associated feature is supported on this platform.
ICMP type match conditions are valid for ACLs using the ICMP or ICMPv6 protocol (OPENAPI_ACL_PROTOCOL_ICMP or OPENAPI_ACL_PROTOCOL_ICMPV6).
Refer to the IANA ICMP parameters site or IANA ICMPv6 parameters site for supported messages and valid type code combinations.

OpEN API Version: 1.2

Examples:
acl_example.c.
open_error_t openapiAclRuleMatchIcmpTypeCodeGet ( openapiClientHandle_t client_handle,
uint32_t  aclId,
uint32_t  aclRule,
bool  getCode,
uint32_t *  type,
uint32_t *  code 
)

Get the ICMP match condition parameters for an existing access list rule.

Parameters
[in]client_handleclient handle from registration API
[in]aclIdACL identifier
[in]aclRuleACL rule
[in]getCodeSet to true if API should return the ICMP code
[out]typeICMP type
[out]codeICMP code (if applicable)
Return values
OPEN_E_NONEGet successful.
OPEN_E_FAILGet failed.
OPEN_E_PARAMError in parameter passed.
OPEN_E_UNAVAILACL feature is not supported on this platform.
Note
This API supports ACLs with IP or IPV6 ACL types (OPEN_ACL_TYPE_t) and is available for use if the associated feature is supported on this platform.
ICMP type match conditions are valid for ACLs using the ICMP or ICMPv6 protocol (OPENAPI_ACL_PROTOCOL_ICMP or OPENAPI_ACL_PROTOCOL_ICMPV6).
Refer to the IANA ICMP parameters site or IANA ICMPv6 parameters site for supported messages and valid type code combinations.

OpEN API Version: 1.2

Examples:
acl_example.c.
open_error_t openapiAclRuleMatchIgmpTypeAdd ( openapiClientHandle_t client_handle,
uint32_t  aclId,
uint32_t  aclRule,
uint32_t  type 
)

Add a match condition for IGMP parameters to an existing access list rule.

Parameters
[in]client_handleclient handle from registration API
[in]aclIdACL identifier
[in]aclRuleACL rule
[in]typeIGMP type
-Minimum value OPENAPI_ACL_IGMP_TYPE_MIN
-Maximum value OPENAPI_ACL_IGMP_TYPE_MAX
Return values
OPEN_E_NONESet successful.
OPEN_E_FAILSet failed.
OPEN_E_PARAMError in parameter passed.
OPEN_E_ERRORAnother application has denied approval of this configuration change.
OPEN_E_UNAVAILACL feature is not supported on this platform.
Note
Calling this API will change the running configuration of the switch.
This API supports ACLs with an IP ACL type (OPEN_ACL_TYPE_t) and is available for use if the associated feature is supported on this platform.
IGMP types are valid for ACLs using the IGMP protocol (OPENAPI_ACL_PROTOCOL_IGMP).
Refer to the IANA IGMP parameters site for supported messages.

OpEN API Version: 1.2

Examples:
acl_example.c.
open_error_t openapiAclRuleMatchIgmpTypeGet ( openapiClientHandle_t client_handle,
uint32_t  aclId,
uint32_t  aclRule,
uint32_t *  type 
)

Get the IGMP match condition parameters for an existing access list rule.

Parameters
[in]client_handleclient handle from registration API
[in]aclIdACL identifier
[in]aclRuleACL rule
[out]typeIGMP type
Return values
OPEN_E_NONEGet successful.
OPEN_E_FAILGet failed.
OPEN_E_PARAMError in parameter passed.
OPEN_E_UNAVAILACL feature is not supported on this platform.
Note
This API supports ACLs with an IP ACL type (OPEN_ACL_TYPE_t) and is available for use if the associated feature is supported on this platform.
IGMP types are valid for ACLs using the IGMP protocol (OPENAPI_ACL_PROTOCOL_IGMP).
Refer to the [IANA IGMP parameters site] http://www.iana.org/assignments/igmp-type-numbers/igmp-type-numbers.xhtml for supported messages.

OpEN API Version: 1.2

Examples:
acl_example.c.
open_error_t openapiAclRuleMatchIpDstMaskAdd ( openapiClientHandle_t client_handle,
uint32_t  aclId,
uint32_t  aclRule,
open_inet_addr_t  addr,
open_inet_addr_t  mask 
)

Add the destination IPv4 address and net mask.

Parameters
[in]client_handleclient handle from registration API
[in]aclIdACL identifier
[in]aclRuleACL rule
[in]ipip address
[in]maskip address mask. A bit value of '0' represents don't care. E.g., to match on network 10.0.0.0, the mask should be 0xff000000.
Return values
OPEN_E_NONESet successful.
OPEN_E_FAILSet failed.
OPEN_E_PARAMError in parameter passed.
OPEN_E_ERRORAnother application has denied approval of this configuration change.
OPEN_E_UNAVAILACL feature is not supported on this platform.
Note
Calling this API will change the running configuration of the switch.
This API supports ACLs with an IP ACL type (OPEN_ACL_TYPE_t) and is available for use if the associated feature is supported on this platform.
An additional masking feature must also be available in order to specify an IP address mask. The mask is cleared if not supported.

OpEN API Version: 1.2

Examples:
acl_example.c, and acl_pkt_cap.c.
open_error_t openapiAclRuleMatchIpDstMaskGet ( openapiClientHandle_t client_handle,
uint32_t  aclId,
uint32_t  aclRule,
open_inet_addr_t addr,
open_inet_addr_t mask 
)

Gets the destination IPv4 address and net mask.

Parameters
[in]client_handleclient handle from registration API
[in]aclIdACL identifier
[in]aclRuleACL rule
[out]ipip address
[out]maskip address mask.
Return values
OPEN_E_NONEGet successful.
OPEN_E_FAILGet failed.
OPEN_E_PARAMError in parameter passed.
OPEN_E_UNAVAILACL feature is not supported on this platform.
Note
This API supports ACLs with an IP ACL type (OPEN_ACL_TYPE_t) and is available for use if the associated feature is supported on this platform.

OpEN API Version: 1.2

Examples:
acl_example.c, and acl_pkt_cap.c.
open_error_t openapiAclRuleMatchIpSrcMaskAdd ( openapiClientHandle_t client_handle,
uint32_t  aclId,
uint32_t  aclRule,
open_inet_addr_t  addr,
open_inet_addr_t  mask 
)

Add the source IPv4 address and net mask.

Parameters
[in]client_handleclient handle from registration API
[in]aclIdACL identifier
[in]aclRuleACL rule
[in]addrip address
[in]maskip address mask. A bit value of '0' represents don't care. E.g., to match on network 10.0.0.0, the mask should be 0xff000000.
Return values
OPEN_E_NONESet successful.
OPEN_E_FAILSet failed.
OPEN_E_PARAMError in parameter passed.
OPEN_E_ERRORAnother application has denied approval of this configuration change.
OPEN_E_UNAVAILACL feature is not supported on this platform.
Note
Calling this API will change the running configuration of the switch.
This API supports ACLs with an IP ACL type (OPEN_ACL_TYPE_t) and is available for use if the associated feature is supported on this platform.
An additional masking feature must also be available in order to specify an IP address mask. The mask is cleared if not supported.

OpEN API Version: 1.2

Examples:
acl_example.c, and acl_pkt_cap.c.
open_error_t openapiAclRuleMatchIpSrcMaskGet ( openapiClientHandle_t client_handle,
uint32_t  aclId,
uint32_t  aclRule,
open_inet_addr_t addr,
open_inet_addr_t mask 
)

Gets the source IPv4 address and net mask.

Parameters
[in]client_handleclient handle from registration API
[in]aclIdACL identifier
[in]aclRuleACL rule
[out]addrip address
[out]maskip address mask.
Return values
OPEN_E_NONEGet successful.
OPEN_E_FAILGet failed.
OPEN_E_PARAMError in parameter passed.
OPEN_E_UNAVAILACL feature is not supported on this platform.
Note
This API supports ACLs with an IP ACL type (OPEN_ACL_TYPE_t) and is available for use if the associated feature is supported on this platform.

OpEN API Version: 1.2

Examples:
acl_example.c, and acl_pkt_cap.c.
open_error_t openapiAclRuleMatchIpv6DstPfxAdd ( openapiClientHandle_t client_handle,
uint32_t  aclId,
uint32_t  aclRule,
open_inet_addr_t  addr,
uint32_t  pfxLen 
)

Add the destination IPV6 address and prefix length.

Parameters
[in]client_handleclient handle from registration API
[in]aclIdACL identifier
[in]aclRuleACL rule
[in]addripv6 address
[in]pfxLenprefix length
Return values
OPEN_E_NONESet successful.
OPEN_E_FAILSet failed.
OPEN_E_PARAMError in parameter passed.
OPEN_E_ERRORAnother application has denied approval of this configuration change.
OPEN_E_UNAVAILACL feature is not supported on this platform.
Note
Calling this API will change the running configuration of the switch.
This API supports ACLs with an IPV6 ACL type (OPEN_ACL_TYPE_t) and is available for use if the associated feature is supported on this platform.

OpEN API Version: 1.2

Examples:
acl_example.c.
open_error_t openapiAclRuleMatchIpv6DstPfxGet ( openapiClientHandle_t client_handle,
uint32_t  aclId,
uint32_t  aclRule,
open_inet_addr_t addr,
uint32_t *  pfxLen 
)

Gets the destination IPV6 address and prefix length.

Parameters
[in]client_handleclient handle from registration API
[in]aclIdACL identifier
[in]aclRuleACL rule
[out]addripv6 address
[out]pfxLenprefix length
Return values
OPEN_E_NONEGet successful.
OPEN_E_FAILGet failed.
OPEN_E_PARAMError in parameter passed.
OPEN_E_UNAVAILACL feature is not supported on this platform.
Note
This API supports ACLs with an IPV6 ACL type (OPEN_ACL_TYPE_t) and is available for use if the associated feature is supported on this platform.

OpEN API Version: 1.2

Examples:
acl_example.c.
open_error_t openapiAclRuleMatchIpv6SrcPfxAdd ( openapiClientHandle_t client_handle,
uint32_t  aclId,
uint32_t  aclRule,
open_inet_addr_t  addr,
uint32_t  pfxLen 
)

Add the source IPV6 address and prefix length.

Parameters
[in]client_handleclient handle from registration API
[in]aclIdACL identifier
[in]aclRuleACL rule
[in]addripv6 address
[in]pfxLenprefix length
Return values
OPEN_E_NONESet successful.
OPEN_E_FAILSet failed.
OPEN_E_PARAMError in parameter passed.
OPEN_E_ERRORAnother application has denied approval of this configuration change.
OPEN_E_UNAVAILACL feature is not supported on this platform.
Note
Calling this API will change the running configuration of the switch.
This API supports ACLs with an IPV6 ACL type (OPEN_ACL_TYPE_t) and is available for use if the associated feature is supported on this platform.

OpEN API Version: 1.2

Examples:
acl_example.c.
open_error_t openapiAclRuleMatchIpv6SrcPfxGet ( openapiClientHandle_t client_handle,
uint32_t  aclId,
uint32_t  aclRule,
open_inet_addr_t addr,
uint32_t *  pfxLen 
)

Gets the source IPV6 address and prefix length.

Parameters
[in]client_handleclient handle from registration API
[in]aclIdACL identifier
[in]aclRuleACL rule
[out]addripv6 address
[out]pfxLenprefix length
Return values
OPEN_E_NONEGet successful.
OPEN_E_FAILGet failed.
OPEN_E_PARAMError in parameter passed.
OPEN_E_UNAVAILACL feature is not supported on this platform.
Note
This API supports ACLs with an IPV6 ACL type (OPEN_ACL_TYPE_t) and is available for use if the associated feature is supported on this platform.

OpEN API Version: 1.2

Examples:
acl_example.c.
open_error_t openapiAclRuleMatchL4DstPortAdd ( openapiClientHandle_t client_handle,
uint32_t  aclId,
uint32_t  aclRule,
OPEN_ACL_L4_PORT_OPERATOR_t  oper,
uint32_t  startPort,
uint32_t  endPort 
)

Add a Layer 4 destination port match condition.

Parameters
[in]client_handleclient handle from registration API
[in]aclIdACL identifier
[in]aclRuleACL rule
[in]operoperator or range specifier
[in]startPortlayer 4 port
-Minimum value OPENAPI_ACL_L4_PORT_MIN
-Maximum value OPENAPI_ACL_L4_PORT_MAX
[in]endPortending layer 4 port (used if oper is OPEN_ACL_L4_PORT_OPERATOR_RANGE)
-Minimum value OPENAPI_ACL_L4_PORT_MIN
-Maximum value OPENAPI_ACL_L4_PORT_MAX
Return values
OPEN_E_NONESet successful.
OPEN_E_FAILSet failed.
OPEN_E_PARAMError in parameter passed.
OPEN_E_ERRORAnother application has denied approval of this configuration change.
OPEN_E_UNAVAILACL feature is not supported on this platform.
Note
Calling this API will change the running configuration of the switch
This API supports ACLs with IP or IPV6 ACL types (OPEN_ACL_TYPE_t) and is available for use if the associated feature is supported on this platform.
This API supports ACLs with TCP (OPENAPI_ACL_PROTOCOL_TCP) or UDP (OPENAPI_ACL_PROTOCOL_UDP) protocol types.
Refer to the Service Name and Transport Protocol Port Number Registry site for known port assignments.
Use additional ACL rules if multiple L4 port match conditions are desired.
The following common port numbers are provided for convenience.

OpEN API Version: 1.2

Examples:
acl_example.c, and acl_pkt_cap.c.
open_error_t openapiAclRuleMatchL4DstPortGet ( openapiClientHandle_t client_handle,
uint32_t  aclId,
uint32_t  aclRule,
OPEN_ACL_L4_PORT_OPERATOR_t oper,
uint32_t *  startPort,
uint32_t *  endPort 
)

Get a Layer 4 destination port match condition.

Parameters
[in]client_handleclient handle from registration API
[in]aclIdACL identifier
[in]aclRuleACL rule
[out]operoperator or range specifier
[out]startPortlayer 4 port
[out]endPortending layer 4 port (used if oper is OPEN_ACL_L4_PORT_OPERATOR_RANGE)
Return values
OPEN_E_NONEGet successful.
OPEN_E_FAILGet failed.
OPEN_E_PARAMError in parameter passed.
OPEN_E_UNAVAILACL feature is not supported on this platform.
Note
This API supports ACLs with IP or IPV6 ACL types (OPEN_ACL_TYPE_t) and is available for use if the associated feature is supported on this platform.
This API supports ACLs with TCP (OPENAPI_ACL_PROTOCOL_TCP) or UDP (OPENAPI_ACL_PROTOCOL_UDP) protocol types.
Refer to the Service Name and Transport Protocol Port Number Registry site for known port assignments.
The following common port numbers are provided for convenience.

OpEN API Version: 1.2

Examples:
acl_example.c, and acl_pkt_cap.c.
open_error_t openapiAclRuleMatchL4SrcPortAdd ( openapiClientHandle_t client_handle,
uint32_t  aclId,
uint32_t  aclRule,
OPEN_ACL_L4_PORT_OPERATOR_t  oper,
uint32_t  startPort,
uint32_t  endPort 
)

Add a Layer 4 source port match condition.

Parameters
[in]client_handleclient handle from registration API
[in]aclIdACL identifier
[in]aclRuleACL rule
[in]operoperator or range specifier
[in]startPortlayer 4 port
-Minimum value OPENAPI_ACL_L4_PORT_MIN
-Maximum value OPENAPI_ACL_L4_PORT_MAX
[in]endPortending layer 4 port (used if oper is OPEN_ACL_L4_PORT_OPERATOR_RANGE)
-Minimum value OPENAPI_ACL_L4_PORT_MIN
-Maximum value OPENAPI_ACL_L4_PORT_MAX
Return values
OPEN_E_NONESet successful.
OPEN_E_FAILSet failed.
OPEN_E_PARAMError in parameter passed.
OPEN_E_ERRORAnother application has denied approval of this configuration change.
OPEN_E_UNAVAILACL feature is not supported on this platform.
Note
Calling this API will change the running configuration of the switch
This API supports ACLs with IP or IPV6 ACL types (OPEN_ACL_TYPE_t) and is available for use if the associated feature is supported on this platform.
This API supports ACLs with TCP (OPENAPI_ACL_PROTOCOL_TCP) or UDP (OPENAPI_ACL_PROTOCOL_UDP) protocol types.
Refer to the Service Name and Transport Protocol Port Number Registry site for known port assignments.
Use additional ACL rules if multiple L4 port match conditions are desired.
The following common port numbers are provided for convenience.

OpEN API Version: 1.2

Examples:
acl_example.c, and acl_pkt_cap.c.
open_error_t openapiAclRuleMatchL4SrcPortGet ( openapiClientHandle_t client_handle,
uint32_t  aclId,
uint32_t  aclRule,
OPEN_ACL_L4_PORT_OPERATOR_t oper,
uint32_t *  startPort,
uint32_t *  endPort 
)

Get a Layer 4 source port match condition.

Parameters
[in]client_handleclient handle from registration API
[in]aclIdACL identifier
[in]aclRuleACL rule
[out]operoperator or range specifier
[out]startPortlayer 4 port
[out]endPortending layer 4 port (used if oper is OPEN_ACL_L4_PORT_OPERATOR_RANGE)
Return values
OPEN_E_NONEGet successful.
OPEN_E_FAILGet failed.
OPEN_E_PARAMError in parameter passed.
OPEN_E_UNAVAILACL feature is not supported on this platform.
Note
This API supports ACLs with IP or IPV6 ACL types (OPEN_ACL_TYPE_t) and is available for use if the associated feature is supported on this platform.
This API supports ACLs with TCP (OPENAPI_ACL_PROTOCOL_TCP) or UDP (OPENAPI_ACL_PROTOCOL_UDP) protocol types.
Refer to the Service Name and Transport Protocol Port Number Registry site for known port assignments.
The following common port numbers are provided for convenience.

OpEN API Version: 1.2

Examples:
acl_example.c, and acl_pkt_cap.c.
open_error_t openapiAclRuleMatchLoggingAdd ( openapiClientHandle_t client_handle,
uint32_t  aclId,
uint32_t  aclRule,
bool  aclLogging 
)

Set the logging flag for an access list rule.

Parameters
[in]client_handleclient handle from registration API
[in]aclIdACL identifier
[in]aclRuleACL rule
[in]aclLogginglogging flag (true/false)
Return values
OPEN_E_NONESet successful.
OPEN_E_FAILSet failed.
OPEN_E_PARAMError in parameter passed.
OPEN_E_ERRORAnother application has denied approval of this configuration change.
OPEN_E_UNAVAILACL feature is not supported on this platform.
Note
Calling this API will change the running configuration of the switch.
This API supports ACLs with IP, IPV6, and MAC ACL types (OPEN_ACL_TYPE_t) and is available for use if the associated feature is supported on this platform.

OpEN API Version: 1.2

Examples:
acl_example.c.
open_error_t openapiAclRuleMatchLoggingGet ( openapiClientHandle_t client_handle,
uint32_t  aclId,
uint32_t  aclRule,
bool *  aclLogging 
)

Gets the logging flag from an existing access list rule entry.

Parameters
[in]client_handleclient handle from registration API
[in]aclIdACL identifier
[in]aclRuleACL rule
[out]aclLogginglogging flag (true/false)
Return values
OPEN_E_NONEGet successful.
OPEN_E_FAILGet failed.
OPEN_E_PARAMError in parameter passed.
OPEN_E_UNAVAILACL feature is not supported on this platform.
Note
This API supports ACLs with IP, IPV6, and MAC ACL types (OPEN_ACL_TYPE_t) and is available for use if the associated feature is supported on this platform.

OpEN API Version: 1.2

Examples:
acl_example.c.
open_error_t openapiAclRuleMatchMacCos2Add ( openapiClientHandle_t client_handle,
uint32_t  aclId,
uint32_t  aclRule,
uint32_t  cos 
)

Add a Secondary Class Of Server (COS) match condition.

Parameters
[in]client_handleclient handle from registration API
[in]aclIdACL identifier
[in]aclRuleACL rule
[in]cossecondary class of service value.
-Minimum value OPENAPI_ACL_COS_MIN
-Maximum value OPENAPI_ACL_COS_MAX
Return values
OPEN_E_NONESet successful.
OPEN_E_FAILSet failed.
OPEN_E_PARAMError in parameter passed.
OPEN_E_ERRORAnother application has denied approval of this configuration change.
OPEN_E_UNAVAILACL feature is not supported on this platform.
Note
Calling this API will change the running configuration of the switch.
This API supports ACLs with a MAC ACL type (OPEN_ACL_TYPE_t) and is available for use if the associated feature is supported on this platform.

OpEN API Version: 1.2

Examples:
acl_example.c.
open_error_t openapiAclRuleMatchMacCos2Get ( openapiClientHandle_t client_handle,
uint32_t  aclId,
uint32_t  aclRule,
uint32_t *  cos 
)

Get the Secondary Class Of Server (COS) match condition.

Parameters
[in]client_handleclient handle from registration API
[in]aclIdACL identifier
[in]aclRuleACL rule
[out]cossecondary class of service value.
Return values
OPEN_E_NONEGet successful.
OPEN_E_FAILGet failed.
OPEN_E_PARAMError in parameter passed.
OPEN_E_UNAVAILACL feature is not supported on this platform.
Note
This API supports ACLs with a MAC ACL type (OPEN_ACL_TYPE_t) and is available for use if the associated feature is supported on this platform.

OpEN API Version: 1.2

Examples:
acl_example.c.
open_error_t openapiAclRuleMatchMacCosAdd ( openapiClientHandle_t client_handle,
uint32_t  aclId,
uint32_t  aclRule,
uint32_t  cos 
)

Add a Class Of Server (COS) match condition.

Parameters
[in]client_handleclient handle from registration API
[in]aclIdACL identifier
[in]aclRuleACL rule
[in]cosclass of service value.
-Minimum value OPENAPI_ACL_COS_MIN
-Maximum value OPENAPI_ACL_COS_MAX
Return values
OPEN_E_NONESet successful.
OPEN_E_FAILSet failed.
OPEN_E_PARAMError in parameter passed.
OPEN_E_ERRORAnother application has denied approval of this configuration change.
OPEN_E_UNAVAILACL feature is not supported on this platform.
Note
Calling this API will change the running configuration of the switch.
This API supports ACLs with a MAC ACL type (OPEN_ACL_TYPE_t) and is available for use if the associated feature is supported on this platform.

OpEN API Version: 1.2

Examples:
acl_example.c.
open_error_t openapiAclRuleMatchMacCosGet ( openapiClientHandle_t client_handle,
uint32_t  aclId,
uint32_t  aclRule,
uint32_t *  cos 
)

Get the Class Of Server (COS) match condition.

Parameters
[in]client_handleclient handle from registration API
[in]aclIdACL identifier
[in]aclRuleACL rule
[out]cosclass of service value.
Return values
OPEN_E_NONEGet successful.
OPEN_E_FAILGet failed.
OPEN_E_PARAMError in parameter passed.
OPEN_E_UNAVAILACL feature is not supported on this platform.
Note
This API supports ACLs with a MAC ACL type (OPEN_ACL_TYPE_t) and is available for use if the associated feature is supported on this platform.

OpEN API Version: 1.2

Examples:
acl_example.c.
open_error_t openapiAclRuleMatchMacDstMacAdd ( openapiClientHandle_t client_handle,
uint32_t  aclId,
uint32_t  aclRule,
open_buffdesc mac,
open_buffdesc mask 
)

Add the destination MAC address and mask.

Parameters
[in]client_handleclient handle from registration API
[in]aclIdACL identifier
[in]aclRuleACL rule
[in]macMAC address
[in]maskMAC mask. A bit value of '0' represents don't care. E.g., to do an exact match on source mac-address of 00:11:22:33:44:55, the mask should be set to ff:ff:ff:ff:ff:ff. To do a match on source mac address of 00:11:22:xx:xx:xx, the mask should be set to ff:ff:ff:00:00:00.
Return values
OPEN_E_NONESet successful.
OPEN_E_FAILSet failed.
OPEN_E_PARAMError in parameter passed.
OPEN_E_ERRORAnother application has denied approval of this configuration change.
OPEN_E_UNAVAILACL feature is not supported on this platform.
Note
Calling this API will change the running configuration of the switch.
This API supports ACLs with an MAC ACL type (OPEN_ACL_TYPE_t) and is available for use if the associated feature is supported on this platform.
MAC address 01:80:C2:00:00:00 and mask ff:ff:ff:00:00:00 can be used to indicate Bridge Protocol Data Units (BPDUs).

OpEN API Version: 1.2

Examples:
acl_example.c, and acl_pkt_cap.c.
open_error_t openapiAclRuleMatchMacDstMacGet ( openapiClientHandle_t client_handle,
uint32_t  aclId,
uint32_t  aclRule,
open_buffdesc mac,
open_buffdesc mask 
)

Get the destination MAC address and mask.

Parameters
[in]client_handleclient handle from registration API
[in]aclIdACL identifier
[in]aclRuleACL rule
[out]macMAC address
[out]maskMAC mask.
Return values
OPEN_E_NONEGet successful.
OPEN_E_FAILGet failed.
OPEN_E_PARAMError in parameter passed.
OPEN_E_UNAVAILACL feature is not supported on this platform.
Note
This API supports ACLs with an MAC ACL type (OPEN_ACL_TYPE_t) and is available for use if the associated feature is supported on this platform.

OpEN API Version: 1.2

Examples:
acl_example.c, and acl_pkt_cap.c.
open_error_t openapiAclRuleMatchMacEtherTypeAdd ( openapiClientHandle_t client_handle,
uint32_t  aclId,
uint32_t  aclRule,
uint32_t  type 
)

Add a MAC Ethertype match condition.

Parameters
[in]client_handleclient handle from registration API
[in]aclIdACL identifier
[in]aclRuleACL rule
[in]typefour-digit hexadecimal Ethertype value.
-Minimum value OPENAPI_ETHERTYPE_MIN
-Maximum value OPENAPI_ETHERTYPE_MAX
Return values
OPEN_E_NONESet successful.
OPEN_E_FAILSet failed.
OPEN_E_PARAMError in parameter passed.
OPEN_E_ERRORAnother application has denied approval of this configuration change.
OPEN_E_UNAVAILACL feature is not supported on this platform.
Note
Calling this API will change the running configuration of the switch.
This API supports ACLs with a MAC ACL type (OPEN_ACL_TYPE_t) and is available for use if the associated feature is supported on this platform.
The following common Ethertypes are provided for convenience.

OpEN API Version: 1.2

Examples:
acl_example.c.
open_error_t openapiAclRuleMatchMacEtherTypeGet ( openapiClientHandle_t client_handle,
uint32_t  aclId,
uint32_t  aclRule,
uint32_t *  type 
)

Get the MAC Ethertype match condition.

Parameters
[in]client_handleclient handle from registration API
[in]aclIdACL identifier
[in]aclRuleACL rule
[out]typefour-digit hexadecimal Ethertype value.
Return values
OPEN_E_NONEGet successful.
OPEN_E_FAILGet failed.
OPEN_E_PARAMError in parameter passed.
OPEN_E_UNAVAILACL feature is not supported on this platform.
Note
This API supports ACLs with a MAC ACL type (OPEN_ACL_TYPE_t) and is available for use if the associated feature is supported on this platform.
The following common Ethertypes are provided for convenience.

OpEN API Version: 1.2

Examples:
acl_example.c.
open_error_t openapiAclRuleMatchMacSecondaryVlanAdd ( openapiClientHandle_t client_handle,
uint32_t  aclId,
uint32_t  aclRule,
OPEN_ACL_VLAN_OPERATOR_t  oper,
uint32_t  startId,
uint32_t  endId 
)

Add a Secondary VLAN match condition.

Parameters
[in]client_handleclient handle from registration API
[in]aclIdACL identifier
[in]aclRuleACL rule
[in]operoperator or range specifier
[in]startIdVLAN Id
-Minimum value OPENAPI_ACL_VLAN_ID_MIN
-Maximum value OPENAPI_ACL_VLAN_ID_MAX
[in]endIdending VLAN Id (used if oper is OPEN_ACL_VLAN_OPERATOR_RANGE)
-Minimum value OPENAPI_ACL_VLAN_ID_MIN
-Maximum value OPENAPI_ACL_VLAN_ID_MAX
Return values
OPEN_E_NONESet successful.
OPEN_E_FAILSet failed.
OPEN_E_PARAMError in parameter passed.
OPEN_E_ERRORAnother application has denied approval of this configuration change.
OPEN_E_UNAVAILACL feature is not supported on this platform.
Note
Calling this API will change the running configuration of the switch.
This API supports ACLs with a MAC ACL type (OPEN_ACL_TYPE_t) and is available for use if the associated feature is supported on this platform.

OpEN API Version: 1.2

Examples:
acl_example.c.
open_error_t openapiAclRuleMatchMacSecondaryVlanGet ( openapiClientHandle_t client_handle,
uint32_t  aclId,
uint32_t  aclRule,
OPEN_ACL_VLAN_OPERATOR_t oper,
uint32_t *  startId,
uint32_t *  endId 
)

Get the Secondary VLAN match condition.

Parameters
[in]client_handleclient handle from registration API
[in]aclIdACL identifier
[in]aclRuleACL rule
[out]operoperator or range specifier
[out]startIdVLAN Id
[out]endIdending VLAN Id (used if oper is OPEN_ACL_VLAN_OPERATOR_RANGE)
Return values
OPEN_E_NONEGet successful.
OPEN_E_FAILGet failed.
OPEN_E_PARAMError in parameter passed.
OPEN_E_UNAVAILACL feature is not supported on this platform.
Note
This API supports ACLs with a MAC ACL type (OPEN_ACL_TYPE_t) and is available for use if the associated feature is supported on this platform.

OpEN API Version: 1.2

Examples:
acl_example.c.
open_error_t openapiAclRuleMatchMacSrcMacAdd ( openapiClientHandle_t client_handle,
uint32_t  aclId,
uint32_t  aclRule,
open_buffdesc mac,
open_buffdesc mask 
)

Add the source MAC address and mask.

Parameters
[in]client_handleclient handle from registration API
[in]aclIdACL identifier
[in]aclRuleACL rule
[in]macMAC address
[in]maskMAC mask. A bit value of '0' represents don't care. E.g., to do an exact match on source mac-address of 00:11:22:33:44:55, the mask should be set to ff:ff:ff:ff:ff:ff. To do a match on source mac address of 00:11:22:xx:xx:xx, the mask should be set to ff:ff:ff:00:00:00.
Return values
OPEN_E_NONESet successful.
OPEN_E_FAILSet failed.
OPEN_E_PARAMError in parameter passed.
OPEN_E_ERRORAnother application has denied approval of this configuration change.
OPEN_E_UNAVAILACL feature is not supported on this platform.
Note
Calling this API will change the running configuration of the switch.
This API supports ACLs with an MAC ACL type (OPEN_ACL_TYPE_t) and is available for use if the associated feature is supported on this platform.

OpEN API Version: 1.2

Examples:
acl_example.c, and acl_pkt_cap.c.
open_error_t openapiAclRuleMatchMacSrcMacGet ( openapiClientHandle_t client_handle,
uint32_t  aclId,
uint32_t  aclRule,
open_buffdesc mac,
open_buffdesc mask 
)

Get the source MAC address and mask.

Parameters
[in]client_handleclient handle from registration API
[in]aclIdACL identifier
[in]aclRuleACL rule
[out]macMAC address
[out]maskMAC mask.
Return values
OPEN_E_NONEGet successful.
OPEN_E_FAILGet failed.
OPEN_E_PARAMError in parameter passed.
OPEN_E_UNAVAILACL feature is not supported on this platform.
Note
This API supports ACLs with an MAC ACL type (OPEN_ACL_TYPE_t) and is available for use if the associated feature is supported on this platform.

OpEN API Version: 1.2

Examples:
acl_example.c, and acl_pkt_cap.c.
open_error_t openapiAclRuleMatchMacVlanAdd ( openapiClientHandle_t client_handle,
uint32_t  aclId,
uint32_t  aclRule,
OPEN_ACL_VLAN_OPERATOR_t  oper,
uint32_t  startId,
uint32_t  endId 
)

Add a VLAN match condition.

Parameters
[in]client_handleclient handle from registration API
[in]aclIdACL identifier
[in]aclRuleACL rule
[in]operoperator or range specifier
[in]startIdVLAN Id
-Minimum value OPENAPI_ACL_VLAN_ID_MIN
-Maximum value OPENAPI_ACL_VLAN_ID_MAX
[in]endIdending VLAN Id (used if oper is OPEN_ACL_VLAN_OPERATOR_RANGE)
-Minimum value OPENAPI_ACL_VLAN_ID_MIN
-Maximum value OPENAPI_ACL_VLAN_ID_MAX
Return values
OPEN_E_NONESet successful.
OPEN_E_FAILSet failed.
OPEN_E_PARAMError in parameter passed.
OPEN_E_ERRORAnother application has denied approval of this configuration change.
OPEN_E_UNAVAILACL feature is not supported on this platform.
Note
Calling this API will change the running configuration of the switch.
This API supports ACLs with a MAC ACL type (OPEN_ACL_TYPE_t) and is available for use if the associated feature is supported on this platform.

OpEN API Version: 1.2

Examples:
acl_example.c.
open_error_t openapiAclRuleMatchMacVlanGet ( openapiClientHandle_t client_handle,
uint32_t  aclId,
uint32_t  aclRule,
OPEN_ACL_VLAN_OPERATOR_t oper,
uint32_t *  startId,
uint32_t *  endId 
)

Get the VLAN match condition.

Parameters
[in]client_handleclient handle from registration API
[in]aclIdACL identifier
[in]aclRuleACL rule
[out]operoperator or range specifier
[out]startIdVLAN Id
[out]endIdending VLAN Id (used if oper is OPEN_ACL_VLAN_OPERATOR_RANGE)
Return values
OPEN_E_NONEGet successful.
OPEN_E_FAILGet failed.
OPEN_E_PARAMError in parameter passed.
OPEN_E_UNAVAILACL feature is not supported on this platform.
Note
This API supports ACLs with a MAC ACL type (OPEN_ACL_TYPE_t) and is available for use if the associated feature is supported on this platform.

OpEN API Version: 1.2

Examples:
acl_example.c.
open_error_t openapiAclRuleMatchMirrorAdd ( openapiClientHandle_t client_handle,
uint32_t  aclId,
uint32_t  aclRule,
uint32_t  intf 
)

Set the mirror interface for an access list rule.

Parameters
[in]client_handleclient handle from registration API
[in]aclIdACL identifier
[in]aclRuleACL rule
[in]intfinternal interface number
-Minimum value OPENAPI_ACL_MIRROR_INTF_MIN
-Maximum value openapiAclMaxMirrorIntfCountGet()
Return values
OPEN_E_NONESet successful.
OPEN_E_FAILSet failed.
OPEN_E_PARAMError in parameter passed.
OPEN_E_ERRORAnother application has denied approval of this configuration change.
OPEN_E_UNAVAILACL feature is not supported on this platform.
Note
Calling this API will change the running configuration of the switch.
This API supports ACLs with IP, IPV6, and MAC ACL types (OPEN_ACL_TYPE_t) and is available for use if the associated feature is supported on this platform.
OPEN_E_FAIL is also returned if the ACL rule already contains a packet redirection attribute.

OpEN API Version: 1.2

Examples:
acl_example.c.
open_error_t openapiAclRuleMatchMirrorAgentAdd ( openapiClientHandle_t client_handle,
uint32_t  aclId,
uint32_t  aclRule,
uint32_t  agent 
)

Add the mirror external agent id for an access list rule.

Parameters
[in]client_handleclient handle from registration API
[in]aclIdACL identifier
[in]aclRuleACL rule
[in]agentagent id
-Minimum value OPENAPI_ACL_AGENT_ID_MIN
-Maximum value OPENAPI_ACL_AGENT_ID_MAX
Return values
OPEN_E_NONESet successful.
OPEN_E_FAILSet failed.
OPEN_E_PARAMError in parameter passed.
OPEN_E_ERRORAnother application has denied approval of this configuration change.
OPEN_E_UNAVAILACL feature is not supported on this platform.
Note
Calling this API will change the running configuration of the switch.
This API supports ACLs with IP, IPV6, and MAC ACL types (OPEN_ACL_TYPE_t) and is available for use if the associated feature is supported on this platform.
OPEN_E_FAIL is also returned if the ACL rule already contains a packet mirror or redirect attribute.

OpEN API Version: 1.12

Examples:
acl_pkt_cap.c.
open_error_t openapiAclRuleMatchMirrorAgentGet ( openapiClientHandle_t client_handle,
uint32_t  aclId,
uint32_t  aclRule,
uint32_t *  agent 
)

Get the mirror external agent id from an access list rule.

Parameters
[in]client_handleclient handle from registration API
[in]aclIdACL identifier
[in]aclRuleACL rule
[out]agentagent id
Return values
OPEN_E_NONEGet successful.
OPEN_E_FAILGet failed.
OPEN_E_PARAMError in parameter passed.
OPEN_E_UNAVAILACL feature is not supported on this platform.
Note
This API supports ACLs with IP, IPV6, and MAC ACL types (OPEN_ACL_TYPE_t) and is available for use if the associated feature is supported on this platform.

OpEN API Version: 1.12

Examples:
acl_pkt_cap.c.
open_error_t openapiAclRuleMatchMirrorGet ( openapiClientHandle_t client_handle,
uint32_t  aclId,
uint32_t  aclRule,
uint32_t *  intf 
)

Get the mirror interface from an existing access list rule entry.

Parameters
[in]client_handleclient handle from registration API
[in]aclIdACL identifier
[in]aclRuleACL rule
[out]intfinternal interface number
Return values
OPEN_E_NONEGet successful.
OPEN_E_FAILGet failed.
OPEN_E_PARAMError in parameter passed.
OPEN_E_UNAVAILACL feature is not supported on this platform.
Note
This API supports ACLs with IP, IPV6, and MAC ACL types (OPEN_ACL_TYPE_t) and is available for use if the associated feature is supported on this platform.

OpEN API Version: 1.2

Examples:
acl_example.c.
open_error_t openapiAclRuleMatchPrecedenceAdd ( openapiClientHandle_t client_handle,
uint32_t  aclId,
uint32_t  aclRule,
uint32_t  precedence 
)

Set the match condition precedence value.

Parameters
[in]client_handleclient handle from registration API
[in]aclIdACL identifier
[in]aclRuleACL rule
[in]precedenceprecedence value
-Minimum value OPENAPI_ACL_PRECEDENCE_MIN
-Maximum value OPENAPI_ACL_PRECEDENCE_MAX
Return values
OPEN_E_NONESet successful.
OPEN_E_FAILSet failed.
OPEN_E_PARAMError in parameter passed.
OPEN_E_ERRORAnother application has denied approval of this configuration change.
OPEN_E_UNAVAILACL feature is not supported on this platform.
Note
Calling this API will change the running configuration of the switch
This API supports ACLs with an IP ACL type (OPEN_ACL_TYPE_t) and is available for use if the associated feature is supported on this platform.

OpEN API Version: 1.2

Examples:
acl_example.c.
open_error_t openapiAclRuleMatchPrecedenceGet ( openapiClientHandle_t client_handle,
uint32_t  aclId,
uint32_t  aclRule,
uint32_t *  precedence 
)

Get the match condition for precedence value.

Parameters
[in]client_handleclient handle from registration API
[in]aclIdACL identifier
[in]aclRuleACL rule
[out]precedenceprecedence value
Return values
OPEN_E_NONEGet successful.
OPEN_E_FAILGet failed.
OPEN_E_PARAMError in parameter passed.
OPEN_E_UNAVAILACL feature is not supported on this platform.
Note
This API supports ACLs with an IP ACL type (OPEN_ACL_TYPE_t) and is available for use if the associated feature is supported on this platform.

OpEN API Version: 1.2

Examples:
acl_example.c.
open_error_t openapiAclRuleMatchProtocolAdd ( openapiClientHandle_t client_handle,
uint32_t  aclId,
uint32_t  aclRule,
uint32_t  aclProtocol 
)

Add a protocol to an existing access list rule.

Parameters
[in]client_handleclient handle from registration API
[in]aclIdACL identifier
[in]aclRuleACL rule
[in]aclProtocolprotocol
-Minimum value OPENAPI_ACL_PROTOCOL_MIN
-Maximum value OPENAPI_ACL_PROTOCOL_MAX
Return values
OPEN_E_NONESet successful.
OPEN_E_FAILSet failed.
OPEN_E_PARAMError in parameter passed.
OPEN_E_ERRORAnother application has denied approval of this configuration change.
OPEN_E_UNAVAILACL feature is not supported on this platform.
Note
Calling this API will change the running configuration of the switch.
This API supports ACLs with IP or IPV6 ACL types (OPEN_ACL_TYPE_t) and is available for use if the associated feature is supported on this platform.
The following known protocol keywords are provided for convenience.

OpEN API Version: 1.2

Examples:
acl_example.c, and acl_pkt_cap.c.
open_error_t openapiAclRuleMatchProtocolGet ( openapiClientHandle_t client_handle,
uint32_t  aclId,
uint32_t  aclRule,
uint32_t *  aclProtocol 
)

Gets the protocol from an existing access list rule entry.

Parameters
[in]client_handleclient handle from registration API
[in]aclIdACL identifier
[in]aclRuleACL rule
[out]aclProtocolprotocol
Return values
OPEN_E_NONEGet successful.
OPEN_E_FAILGet failed.
OPEN_E_PARAMError in parameter passed.
OPEN_E_UNAVAILACL feature is not supported on this platform.
Note
This API supports ACLs with IP or IPV6 ACL types (OPEN_ACL_TYPE_t) and is available for use if the associated feature is supported on this platform.
The following known protocol keywords are provided for convenience.

OpEN API Version: 1.2

Examples:
acl_example.c, and acl_pkt_cap.c.
open_error_t openapiAclRuleMatchRateLimitAdd ( openapiClientHandle_t client_handle,
uint32_t  aclId,
uint32_t  aclRule,
uint32_t  dataRate,
uint32_t  burstSize 
)

Set the rate limit parameters for an access list rule.

Parameters
[in]client_handleclient handle from registration API
[in]aclIdACL identifier
[in]aclRuleACL rule
[in]dataRatedata-rate in Kbps
-Minimum value OPENAPI_ACL_RATE_LIMIT_DATA_RATE_MIN
-Maximum value OPENAPI_ACL_RATE_LIMIT_DATA_RATE_MAX
[in]burstSizeburst-size in Kbytes
-Minimum value OPENAPI_ACL_RATE_LIMIT_BURST_SIZE_MIN
-Maximum value OPENAPI_ACL_RATE_LIMIT_BURST_SIZE_MAX
Return values
OPEN_E_NONESet successful.
OPEN_E_FAILSet failed.
OPEN_E_PARAMError in parameter passed.
OPEN_E_ERRORAnother application has denied approval of this configuration change.
OPEN_E_UNAVAILACL feature is not supported on this platform.
Note
Calling this API will change the running configuration of the switch.
This API supports ACLs with IP, IPV6, and MAC ACL types (OPEN_ACL_TYPE_t) and is available for use if the associated feature is supported on this platform.

OpEN API Version: 1.2

Examples:
acl_example.c.
open_error_t openapiAclRuleMatchRateLimitGet ( openapiClientHandle_t client_handle,
uint32_t  aclId,
uint32_t  aclRule,
uint32_t *  dataRate,
uint32_t *  burstSize 
)

Get the rate limit parameters from an existing access list rule entry.

Parameters
[in]client_handleclient handle from registration API
[in]aclIdACL identifier
[in]aclRuleACL rule
[out]dataRatedata-rate in Kbps
[out]burstSizeburst-size in Kbytes
Return values
OPEN_E_NONEGet successful.
OPEN_E_FAILGet failed.
OPEN_E_PARAMError in parameter passed.
OPEN_E_UNAVAILACL feature is not supported on this platform.
Note
This API supports ACLs with IP, IPV6, and MAC ACL types (OPEN_ACL_TYPE_t) and is available for use if the associated feature is supported on this platform.

OpEN API Version: 1.2

Examples:
acl_example.c.
open_error_t openapiAclRuleMatchRedirectAdd ( openapiClientHandle_t client_handle,
uint32_t  aclId,
uint32_t  aclRule,
uint32_t  intf 
)

Add the redirect interface for an access list rule.

Parameters
[in]client_handleclient handle from registration API
[in]aclIdACL identifier
[in]aclRuleACL rule
[in]intfinternal interface number
-Minimum value OPENAPI_ACL_REDIRECT_INTF_MIN
-Maximum value openapiAclMaxRedirectIntfCountGet()
Return values
OPEN_E_NONESet successful.
OPEN_E_FAILSet failed.
OPEN_E_PARAMError in parameter passed.
OPEN_E_ERRORAnother application has denied approval of this configuration change.
OPEN_E_UNAVAILACL feature is not supported on this platform.
Note
Calling this API will change the running configuration of the switch.
This API supports ACLs with IP, IPV6, and MAC ACL types (OPEN_ACL_TYPE_t) and is available for use if the associated feature is supported on this platform.
OPEN_E_FAIL is also returned if the ACL rule already contains a packet mirror attribute.

OpEN API Version: 1.2

Examples:
acl_example.c.
open_error_t openapiAclRuleMatchRedirectAgentAdd ( openapiClientHandle_t client_handle,
uint32_t  aclId,
uint32_t  aclRule,
uint32_t  agent 
)

Add the redirect external agent id for an access list rule.

Parameters
[in]client_handleclient handle from registration API
[in]aclIdACL identifier
[in]aclRuleACL rule
[in]agentagent id
-Minimum value OPENAPI_ACL_AGENT_ID_MIN
-Maximum value OPENAPI_ACL_AGENT_ID_MAX
Return values
OPEN_E_NONESet successful.
OPEN_E_FAILSet failed.
OPEN_E_PARAMError in parameter passed.
OPEN_E_ERRORAnother application has denied approval of this configuration change.
OPEN_E_UNAVAILACL feature is not supported on this platform.
Note
Calling this API will change the running configuration of the switch.
This API supports ACLs with IP, IPV6, and MAC ACL types (OPEN_ACL_TYPE_t) and is available for use if the associated feature is supported on this platform.
OPEN_E_FAIL is also returned if the ACL rule already contains a packet mirror or redirect attribute.

OpEN API Version: 1.2

Examples:
acl_example.c, and acl_pkt_cap.c.
open_error_t openapiAclRuleMatchRedirectAgentGet ( openapiClientHandle_t client_handle,
uint32_t  aclId,
uint32_t  aclRule,
uint32_t *  agent 
)

Get the redirect agent Id from an access list rule.

Parameters
[in]client_handleclient handle from registration API
[in]aclIdACL identifier
[in]aclRuleACL rule
[out]agentagent id
Return values
OPEN_E_NONEGet successful.
OPEN_E_FAILGet failed.
OPEN_E_PARAMError in parameter passed.
OPEN_E_UNAVAILACL feature is not supported on this platform.
Note
This API supports ACLs with IP, IPV6, and MAC ACL types (OPEN_ACL_TYPE_t) and is available for use if the associated feature is supported on this platform.

OpEN API Version: 1.2

Examples:
acl_example.c, and acl_pkt_cap.c.
open_error_t openapiAclRuleMatchRedirectGet ( openapiClientHandle_t client_handle,
uint32_t  aclId,
uint32_t  aclRule,
uint32_t *  intf 
)

Get the redirect interface from an existing access list rule entry.

Parameters
[in]client_handleclient handle from registration API
[in]aclIdACL identifier
[in]aclRuleACL rule
[out]intfinternal interface number
Return values
OPEN_E_NONEGet successful.
OPEN_E_FAILGet failed.
OPEN_E_PARAMError in parameter passed.
OPEN_E_UNAVAILACL feature is not supported on this platform.
Note
This API supports ACLs with IP, IPV6, and MAC ACL types (OPEN_ACL_TYPE_t) and is available for use if the associated feature is supported on this platform.

OpEN API Version: 1.2

Examples:
acl_example.c.
open_error_t openapiAclRuleMatchRoutingAdd ( openapiClientHandle_t client_handle,
uint32_t  aclId,
uint32_t  aclRule,
bool  flag 
)

Set the routing flag for an access list rule.

Parameters
[in]client_handleclient handle from registration API
[in]aclIdACL identifier
[in]aclRuleACL rule
[in]flagrouting flag
Return values
OPEN_E_NONESet successful.
OPEN_E_FAILSet failed.
OPEN_E_PARAMError in parameter passed.
OPEN_E_ERRORAnother application has denied approval of this configuration change.
OPEN_E_UNAVAILACL feature is not supported on this platform.
Note
Calling this API will change the running configuration of the switch
This API supports ACLs with an IPV6 ACL type (OPEN_ACL_TYPE_t) and is available for use if the associated feature is supported on this platform.

OpEN API Version: 1.2

Examples:
acl_example.c.
open_error_t openapiAclRuleMatchRoutingGet ( openapiClientHandle_t client_handle,
uint32_t  aclId,
uint32_t  aclRule,
bool *  flag 
)

Get the routing flag for an access list rule.

Parameters
[in]client_handleclient handle from registration API
[in]aclIdACL identifier
[in]aclRuleACL rule
[out]flagrouting flag
Return values
OPEN_E_NONEGet successful.
OPEN_E_FAILGet failed.
OPEN_E_PARAMError in parameter passed.
OPEN_E_UNAVAILACL feature is not supported on this platform.
Note
This API supports ACLs with an IPV6 ACL type (OPEN_ACL_TYPE_t) and is available for use if the associated feature is supported on this platform.

OpEN API Version: 1.2

Examples:
acl_example.c.
open_error_t openapiAclRuleMatchSflowSamplingAdd ( openapiClientHandle_t client_handle,
uint32_t  aclId,
uint32_t  aclRule,
bool  aclSflowSampling 
)

Set the sFlow sampling flag for an access list rule.

Parameters
[in]client_handleclient handle from registration API
[in]aclIdACL identifier
[in]aclRuleACL rule
[in]aclSflowSamplingsFlow Sampling flag (true/false)
Return values
OPEN_E_NONESet successful.
OPEN_E_FAILSet failed.
OPEN_E_PARAMError in parameter passed.
OPEN_E_ERRORAnother application has denied approval of this configuration change.
OPEN_E_UNAVAILACL feature or sFlow hardware sampling is not supported on this platform.
Note
Calling this API will change the running configuration of the switch.
This API supports ACLs with IP, IPV6, and MAC ACL types (OPEN_ACL_TYPE_t) and is available for use if the associated feature is supported on this platform.

OpEN API Version: 1.15

Examples:
acl_example.c.
open_error_t openapiAclRuleMatchSflowSamplingGet ( openapiClientHandle_t client_handle,
uint32_t  aclId,
uint32_t  aclRule,
bool *  aclSflowSampling 
)

Gets the sFlow sampling flag from an existing access list rule entry.

Parameters
[in]client_handleclient handle from registration API
[in]aclIdACL identifier
[in]aclRuleACL rule
[out]aclSflowSamplingsFlow sampling flag (true/false)
Return values
OPEN_E_NONEGet successful.
OPEN_E_FAILGet failed.
OPEN_E_PARAMError in parameter passed.
OPEN_E_UNAVAILACL feature or sFlow hardware sampling is not supported on this platform.
Note
This API supports ACLs with IP, IPV6, and MAC ACL types (OPEN_ACL_TYPE_t) and is available for use if the associated feature is supported on this platform.

OpEN API Version: 1.15

Examples:
acl_example.c.
open_error_t openapiAclRuleMatchTcpFlagsAdd ( openapiClientHandle_t client_handle,
uint32_t  aclId,
uint32_t  aclRule,
uint32_t  tcpVal,
uint32_t  tcpMask 
)

Add a match condition using a TCP Control Flag and Mask.

Parameters
[in]client_handleclient handle from registration API
[in]aclIdACL identifier
[in]aclRuleACL rule
[in]tcpValtos bits
[in]tcpMasktos mask
Return values
OPEN_E_NONESet successful.
OPEN_E_FAILSet failed.
OPEN_E_PARAMError in parameter passed.
OPEN_E_ERRORAnother application has denied approval of this configuration change.
OPEN_E_UNAVAILACL feature is not supported on this platform.
Note
Calling this API will change the running configuration of the switch
This API supports ACLs with IP or IPV6 ACL types (OPEN_ACL_TYPE_t) and is available for use if the associated feature is supported on this platform.
tcpVal is used to set one or more of the following flags;
tcpMask is a used to set or clear the associated tcpVal flags.
An established connection means that the packets belong to an existing connection if the TCP segment has the Acknowledgment (ACK) or Reset (RST) bit set.

OpEN API Version: 1.2

Examples:
acl_example.c, and acl_pkt_cap.c.
open_error_t openapiAclRuleMatchTcpFlagsGet ( openapiClientHandle_t client_handle,
uint32_t  aclId,
uint32_t  aclRule,
uint32_t *  tcpVal,
uint32_t *  tcpMask 
)

Get a match condition using a TCP Control Flag and Mask.

Parameters
[in]client_handleclient handle from registration API
[in]aclIdACL identifier
[in]aclRuleACL rule
[out]tcpValtos bits
[out]tcpMasktos mask
Return values
OPEN_E_NONEGet successful.
OPEN_E_FAILGet failed.
OPEN_E_PARAMError in parameter passed.
OPEN_E_UNAVAILACL feature is not supported on this platform.
Note
This API supports ACLs with IP or IPV6 ACL types (OPEN_ACL_TYPE_t) and is available for use if the associated feature is supported on this platform.
tcpVal is used to set one or more of the following flags;
tcpMask is a used to set or clear the associated tcpVal flags.
An established connection means that the packets belong to an existing connection if the TCP segment has the Acknowledgment (ACK) or Reset (RST) bit set.

OpEN API Version: 1.2

Examples:
acl_example.c, and acl_pkt_cap.c.
open_error_t openapiAclRuleMatchTimeRangeAdd ( openapiClientHandle_t client_handle,
uint32_t  aclId,
uint32_t  aclRule,
open_buffdesc name 
)

Add the time range name for an access list rule.

Parameters
[in]client_handleclient handle from registration API
[in]aclIdACL identifier
[in]aclRuleACL rule
[in]nametime range name
-Minimum value OPENAPI_TIME_RANGE_NAME_LEN_MIN
-Maximum value OPENAPI_TIME_RANGE_NAME_LEN_MAX
Return values
OPEN_E_NONESet successful.
OPEN_E_FAILSet failed.
OPEN_E_PARAMError in parameter passed.
OPEN_E_ERRORAnother application has denied approval of this configuration change.
OPEN_E_UNAVAILACL feature is not supported on this platform.
Note
Calling this API will change the running configuration of the switch
This API supports ACLs with IP, IPV6, and MAC ACL types (OPEN_ACL_TYPE_t) and is available for use if the associated feature is supported on this platform.

OpEN API Version: 1.2

Examples:
acl_example.c.
open_error_t openapiAclRuleMatchTimeRangeGet ( openapiClientHandle_t client_handle,
uint32_t  aclId,
uint32_t  aclRule,
open_buffdesc name 
)

Get the time range name assigned to access list rule.

Parameters
[in]client_handleclient handle from registration API
[in]aclIdACL identifier
[in]aclRuleACL rule
[out]nametime range name
-Minimum value OPENAPI_TIME_RANGE_NAME_LEN_MIN
-Maximum value OPENAPI_TIME_RANGE_NAME_LEN_MAX
Return values
OPEN_E_NONEGet successful.
OPEN_E_FAILGet failed.
OPEN_E_PARAMError in parameter passed.
OPEN_E_UNAVAILACL feature is not supported on this platform.
Note
This API supports ACLs with IP, IPV6, and MAC ACL types (OPEN_ACL_TYPE_t) and is available for use if the associated feature is supported on this platform.

OpEN API Version: 1.2

Examples:
acl_example.c.
open_error_t openapiAclRuleMatchTimeRangeStatusGet ( openapiClientHandle_t client_handle,
uint32_t  aclId,
uint32_t  aclRule,
OPEN_ACL_RULE_STATUS_t status 
)

Get the rule status of an access list rule entry.

Parameters
[in]client_handleclient handle from registration API
[in]aclIdACL identifier
[in]aclRuleACL rule
[out]statustime range status
Return values
OPEN_E_NONEGet successful.
OPEN_E_FAILGet failed.
OPEN_E_PARAMError in parameter passed.
OPEN_E_UNAVAILACL feature is not supported on this platform.
Note
This API supports ACLs with IP, IPV6, and MAC ACL types (OPEN_ACL_TYPE_t) and is available for use if the associated feature is supported on this platform.

OpEN API Version: 1.2

Examples:
acl_example.c.
open_error_t openapiAclRuleMatchTosAdd ( openapiClientHandle_t client_handle,
uint32_t  aclId,
uint32_t  aclRule,
open_buffdesc tos,
open_buffdesc tosMask 
)

Add a match condition based on the value of the IP ToS field.

Parameters
[in]client_handleclient handle from registration API
[in]aclIdACL identifier
[in]aclRuleACL rule
[in]tosToS bits. A two-digit hexadecimal number from 00 to ff.
[in]tosMaskToS mask. A two-digit hexadecimal number from 00 to ff.
Return values
OPEN_E_NONESet successful.
OPEN_E_FAILSet failed.
OPEN_E_PARAMError in parameter passed.
OPEN_E_ERRORAnother application has denied approval of this configuration change.
OPEN_E_UNAVAILACL feature is not supported on this platform.
Note
Calling this API will change the running configuration of the switch.
The IP ToS field in the packet is defined as all eight bits of the Service Type octet in the IP header.
This API supports ACLs with an IP ACL type (OPEN_ACL_TYPE_t) and is available for use if the associated feature is supported on this platform.

OpEN API Version: 1.2

Examples:
acl_example.c.
open_error_t openapiAclRuleMatchTosGet ( openapiClientHandle_t client_handle,
uint32_t  aclId,
uint32_t  aclRule,
open_buffdesc tos,
open_buffdesc tosMask 
)

Get the match condition for IP ToS field.

Parameters
[in]client_handleclient handle from registration API
[in]aclIdACL identifier
[in]aclRuleACL rule
[out]tosToS bits. A two-digit hexadecimal number from 00 to ff.
[out]tosMaskToS mask. A two-digit hexadecimal number from 00 to ff.
Return values
OPEN_E_NONEGet successful.
OPEN_E_FAILGet failed.
OPEN_E_PARAMError in parameter passed.
OPEN_E_UNAVAILACL feature is not supported on this platform.
Note
This API supports ACLs with an IP ACL type (OPEN_ACL_TYPE_t) and is available for use if the associated feature is supported on this platform.

OpEN API Version: 1.2

Examples:
acl_example.c.
open_error_t openapiAclVlanDirAdd ( openapiClientHandle_t client_handle,
uint32_t  vlan,
OPEN_ACL_DIRECTION_t  dir,
uint32_t  aclId,
uint32_t  seqNum 
)

Add an access list to the specified VLAN and direction.

Parameters
[in]client_handleclient handle from registration API
[in]vlanVLAN id
-Minimum value OPENAPI_ACL_VLAN_ID_MIN
-Maximum value OPENAPI_ACL_VLAN_ID_MAX
[in]dirVLAN direction
[in]aclIdACL identifier
[in]seqNumthe ACL evaluation order sequence number
-Minimum value OPENAPI_ACL_VLAN_SEQ_NUM_MIN
-Maximum value OPENAPI_ACL_VLAN_SEQ_NUM_MAX
Return values
OPEN_E_NONEACL successfully added intf and dir
OPEN_E_ERRORAnother application has denied approval of this configuration change.
OPEN_E_EXISTSintf and dir is already assigned an ACL
OPEN_E_FAILAdd failed or intf and dir is not ACL compatible.
OPEN_E_FULLACL assignment is at capacity for intf and dir
OPEN_E_INTERNALIf hardware update failed.
OPEN_E_PARAMError in parameter passed.
OPEN_E_UNAVAILACL feature is not supported on this platform.
Note
Calling this API will change the running configuration of the switch
This API supports ACLs with IP, IPV6, and MAC ACL types (OPEN_ACL_TYPE_t) and is available for use if the associated feature is supported on this platform.
The interface type and direction supported for ACL use depends on the capabilities of the platform.

OpEN API Version: 1.2

Examples:
acl_example.c.
open_error_t openapiAclVlanDirDelete ( openapiClientHandle_t client_handle,
uint32_t  vlan,
OPEN_ACL_DIRECTION_t  dir,
uint32_t  aclId 
)

Remove an access list from the specified VLAN and direction.

Parameters
[in]client_handleclient handle from registration API
[in]vlanVLAN id
-Minimum value OPENAPI_ACL_VLAN_ID_MIN
-Maximum value OPENAPI_ACL_VLAN_ID_MAX
[in]dirVLAN direction
[in]aclIdACL identifier
Return values
OPEN_E_NONEACL successfully added intf and dir
OPEN_E_ERRORAnother application has denied approval of this configuration change.
OPEN_E_FAILAdd failed or intf and dir is not ACL compatible.
OPEN_E_INTERNALIf hardware update failed.
OPEN_E_PARAMError in parameter passed.
OPEN_E_UNAVAILACL feature is not supported on this platform.
Note
Calling this API will change the running configuration of the switch
This API supports ACLs with IP, IPV6, and MAC ACL types (OPEN_ACL_TYPE_t) and is available for use if the associated feature is supported on this platform.

OpEN API Version: 1.2

Examples:
acl_example.c.
open_error_t openapiAclVlanDirListGet ( openapiClientHandle_t client_handle,
uint32_t  vlan,
OPEN_ACL_DIRECTION_t  dir,
OPEN_ACL_VLAN_DIR_LIST_t listInfo 
)

Get the list of ACLs currently assigned to the specified VLAN and direction.

Parameters
[in]client_handleclient handle from registration API
[in]vlaninternal interface number
-Minimum value OPENAPI_ACL_VLAN_ID_MIN
-Maximum value OPENAPI_ACL_VLAN_ID_MAX
[in]dirVLAN direction
[out]listInfolist of assigned ACLs
Return values
OPEN_E_NONEGet successful.
OPEN_E_FAILGet failed. No more valid ACLs
OPEN_E_PARAMError in parameter passed.
OPEN_E_FULLIf the listInfo->listEntry array is not large enough to hold the maximum ACL entries.
Note
An ACL can be shared/associated with multiple interfaces.
The aclId contained in the output listInfo must be interpreted based on the aclType (OPEN_ACL_TYPE_t).

OpEN API Version: 1.2

Examples:
acl_example.c.