+sfatables is a tool for defining access and admission control policies in an SFA network, in much the same way as iptables is for ip networks. This file gives an overview of the tool and then describes its design and implementation.
+
+EXAMPLES
+--------
+
+An sfatables configuration consists of lists of rules that are applied to incoming and outgoing rspecs. Each rule consists of a 'match spec' and a 'target spec.' A match spec evaluates a request and determines if it matches a given set of criteria, and the corresponding 'target spec' specifies the action in such a case.
+
+Let's start by defining a few policies
+
Examples:
Add rules:
return
- def get_info(self, xmlextension_path):
+ def get_info(self, type, xmlextension_path):
xmldoc = libxml2.parseFile(xmlextension_path)
p = xmldoc.xpathNewContext()
- ext_name_node = p.xpathEval("/match/@name")
+ ext_name_node = p.xpathEval("/%s/@name"%type)
ext_name = ext_name_node[0].content
name_nodes = p.xpathEval("//rule/argument[value!='']/name")
match_path = sfatables_config + '/' + chain + '/' + match_file
target_path = sfatables_config + '/' + chain + '/' + target_file
- match_info = self.get_info (match_path)
- target_info = self.get_info (target_path)
+ match_info = self.get_info ('match',match_path)
+ target_info = self.get_info ('target',target_path)
pretty.push_row(["%d"%number, match_info['name'], match_info['arguments'], target_info['name'], target_info['arguments']])
git://git.onelab.eu / sfa.git / commitdiff