Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Acl: source and destination match field data AND/OR clarification #1157

Open
steliosp-arista opened this issue Aug 2, 2024 · 2 comments
Open
Assignees

Comments

@steliosp-arista
Copy link

Hello,

I would like to clarify if both source-mac/source-address/source-port and destination-mac/destination-address/destination-port
are defined, are packets filtered if both fields match or if any match?

For example, if /acl/acl-set/acl-entries/acl-entry/transport/config/source-port=10, /acl/acl-set/acl-entries/acl-entry/transport/config/source-port/destination-port=20, should this match packets with

  1. source-port=10 AND source-port=20
    OR
  2. source-port=10 OR source-port=20
@steliosp-arista steliosp-arista changed the title Acl: match field data AND/OR clarification Acl: source and destination match field data AND/OR clarification Aug 2, 2024
@dplore
Copy link
Member

dplore commented Aug 2, 2024

Hi, the intent derived from the description of processing rules in order is:
Separate entries == OR
Because if there is no match, processing proceeds to the next entry.

By deduction, that leaves us with
Single entry == AND

I see this is not explicitly called out in the description though. I'll raise a PR to clarify.

@dplore dplore self-assigned this Aug 2, 2024
@dplore dplore moved this to Todo in OC Operator Review Aug 2, 2024
@dplore
Copy link
Member

dplore commented Nov 5, 2024

Reviewed in Nov 5, 2024 OC operator meeting. It was mentioned that /acl/acl-sets/acl-set/acl-entries/acl-entry/transport/config/(source,destination)-port-set can also be used to achieve "OR" functionality in a single entry.

@dplore dplore moved this from Ready to discuss to Waiting for author in OC Operator Review Dec 3, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
Status: Waiting for author
Development

No branches or pull requests

2 participants