NAME

Net::ACL - Class representing a generic access-list/route-map

SYNOPSIS

    use Net::ACL;
    use Net::ACL::Rule qw( :action :rc );

    # Constructor
    $list = new Net::ACL(
        Name    => 'MyACL',
        Type    => 'prefix-list',
        Rule    => new Net::ACL::Rule( .. )
        );

    # Fetch existing object by name
    $list = renew Net::ACL(
        Name    => 'MyACL'
        Type    => 'prefix-list'
        );
    $list = renew Net::ACL("$list");

    # Object Copy
    $clone = $list->clone();

    # Class methods
    $type_names_hr = Net::ACL->knownlists();

    # Accessor Methods
    $list->add_rule($rule);
    $list->remove_rule($rule);
    $name = $list->name($name);
    $type = $list->type($type);
    $rc = $list->match(@data);
    ($rc,@data) = $list->query(@data);

DESCRIPTION

This module represents a generic access-list and route-map. It uses the Net::ACL::Rule object to represent the rules.

CONSTRUCTOR

new() - create a new Net::ACL object

    $list = new Net::ACL(
        Name    => 'MyACL',
        Type    => 'prefix-list',
        Rule    => new Net::ACL::Rule( .. )
        );

This is the constructor for Net::ACL objects. It returns a reference to the newly created object. The following named parameters may be passed to the constructor.

Name: The name parameter is optional and is only used to identify a list by the renew() constructor.
Type: The type parameter is optional and defaults to the class name. It is used have different namespaces for the Name parameter. It is intended to have values like 'ip-accesslist', 'prefix-list', 'as-path-filter' and 'route-map'. This way the same name or number of an access-list could be reused in each class.
Rule: The rule parameter could be present one or more times. Each one can have multiple types:

Net::ACL::Rule: A Net::ACL::Rule object.
ARRAY: An array reference of Net::ACL::Rule objects.
HASH: A hash reference with Net::ACL:Rule objects as values. Keys are currently ignored, but might later be used as sequance numbers or labels.

renew() - fetch an existing Net::ACL object

    $list = renew Net::ACL(
        Name    => 'MyACL'
        Type    => 'prefix-list'
        );
    $list = renew Net::ACL("$list");

The renew constructor localizes an existing ACL object from either Name, (Name,Type)-pair or the object in string context (e.g. "Net::ACL=HASH(0x823ff84)"). The Name and Type arguments have similar meaning as for the new() constructor.

OBJECT COPY

clone() - clone a Net::ACL object

    $clone = $list->clone();

This method creates an exact copy of the Net::ACL object and all the rules. The clone will not have a name unless one is assigned explicitly later.

ACCESSOR METHODS

name()

type()

The name() and type() methods return the access-list name and type fields respectively. If called with an argument they change the value to that of the argument.

match()

The match method implements the basics of a standard router access-list matching.

It gets any arbitrary number of arguments. The arguments are passed to the match() method of each of the Net::ACL::Rule rules except any object which have the action() field set to "ACL_CONTINUE". When a match() method returns "ACL_MATCH", the action() of that entry is returned.

query()

The query method implements the basics of a route-map execution.

It calls the Net::ACL::Rule rules query() method one by one as long as they return "ACL_CONTINUE".

The function returns the result code ("ACL_PERMIT" or "ACL_DENY") and the, possibly modified, arguments of the function.

add_rule()

remove_rule()

The add() and remove() rule methods can add and remove rules after object construction.

AUTHOR

Martin Lorensen <bgp@martin.lorensen.dk>