NAME

Net::ACL::Rule - Class representing a generic access-list/route-map entry

SYNOPSIS

    use Net::ACL::Rule qw( :action :rc );

    # Constructor
    $entry = new Net::ACL::Rule(
	Action	=> ACL_PERMIT
	Match	=> {
		IP	=> '127.0.0.0/8'
		}
	Set	=> {
		IP	=> '127.0.0.1'
		},
	Seq	=> 10
	);

    # Object Copy
    $clone = $entry->clone();

    # Accessor Methods
    $action = $entry->action($action);
    $action_str = $entry->action($action_str);

    $entry->add_match($matchrule);
    $entry->remove_match($matchrule);
    $entry->add_set($setrule);
    $entry->remove_set($setrule);

    $rc = $entry->match(@data);
    @data = $entry->set(@data);

    ($rc,@data) = $entry->query(@data);

    $subrule = $entry->autoconstruction($type,$class,$arg,@values);

DESCRIPTION

This module represent a single generic access-list and route-map entry. It is used by the Net::ACL object. It can match anydata against a list of Net::ACL::Match objects, and if all are matched, it can have a list of Net::ACL::Set objects modify the data.

CONSTRUCTOR

new() - create a new Net::ACL::Rule object
    $entry = new Net::ACL::Rule(
        Action  => ACL_PERMIT
	Match	=> {
		IP	=> '127.0.0.0/8'
		}
	Set	=> {
		IP	=> '127.0.0.1'
		}
	);

This is the constructor for Net::ACL::Rule objects. It returns a reference to the newly created object. The following named parameters may be passed to the constructor.

Action

The action parameter could be either of the constants exported using "action" (See EXPORTS) or just a string matching permit or deny. ACL_PERMIT accepts the data, ACL_DENY drops the data, while ACL_CONTINUE is used to indicate that this entry might change the data, but does not decide whether the data should be accepted or droped.

Match

The match parameter can have multiple forms, and my exists zero, one or more times. The following forms are allowed:

Match object - A Net::ACL::Match object (or ancestor)
List - A list of Net::ACL::Match objects (or ancestors)
Hash - A hash reference. The constructor will for each ($key,$value) pair call the autoconstructor() method and add the returned objects to the rule-set.
Set

The set parameter are in syntaks just like the Match parameter, except it uses Net::ACL::Set objects.

OBJECT COPY

clone() - clone a Net::ACL::Rule object
$clone = $entry->clone();

This method creates an exact copy of the Net::ACL::Rule object, with set, match and action attributes.

ACCESSOR METHODS

action()

This method returns the entry's action value. If called with an argument, the action value are changed to that argument.

action_str()

This method returns the entry's action string as either permit or deny. If called with an argument, the action value are changed to ACL_PERMIT if the argument matches /permit/i - otherwise ACL_DENY.

add_match()
remove_match()
add_set()
remove_set()

The methods adds and removes match and set rules. Each argument should be a match or set rule object. New rules are added in the end of the ruleset.

match()

The match method get any abitrary number of arguments. The arguments are passed to the match method of each of the Net::ACL::Match objects, given at construction time - see new(). If all Match objects did match, the method returns ACL_MATCH. Otherwise ACL_MATCH.

set()

The set method get any abitrary number of arguments. The arguments are passed to the first of the Net::ACL::Set objects set() method. The result of this function is then used to call the next. This is repeated for all Set objects given at construction time - see new(). Finaly the result of the last call is returned.

query()

The query method first attempt to match it's arguments with the match() method. If this failes, it returns ACL_CONTINUE. Otherwise it uses the set() method to potentialy alter the arguments before they are returned with Action given on construction prefixed.

autoconstruction()

This method is used on construction to construct rules based on (key,value)-pairs in a Rule argument hash reference.

The first argument is the type (Match or Set). The second is the class name (see below). The third is the key name from the construction hash. The forth and if any, the rest of the arguments, are used as parameters to the constructor.

The return value will be the result of:

$class->new(@values);

The class is by the constructor set as Net::ACL::$type::$key

NOTE: Do to this, the keys of the hash are case-sensetive!

By replacing this function in a sub-class, it is posible to modify the class and/or key-value pairs and hence make more complex constructions from simple key-value pairs, or have more user-friendly key values (e.g. make them case-insensetive).

EXPORTS

The module exports the following symbols according to the rules and conventions of the Exporter module.

:rc
ACL_MATCH, ACL_NOMATCH
:action
ACL_PERMIT, ACL_DENY, ACL_CONTINUE

SEE ALSO

Net::ACL, Net::ACL::Set, Net::ACL::Match

AUTHOR

Martin Lorensen <bgp@martin.lorensen.dk>