otupy.profiles.slpf

StateLess Packet Filter profile

This module collects all public definition that are exported as part of the SLPF profile. All naming follows as much as possible the terminology in the SLPF Specification, by also applying generic ~otupy conventions.

This definition also registers all extensions defined in the SLPF profile (Args, Target, Profile, Results).

The SLPF profile extends the language specification with the following elements:

• Profile:

  • Profile profile is defined for all Actuators that will implement it;

  • nsid is defined as Namespace identifier for the SLPF profile;

• data:

  • Direction is used to specify the rule applies to incoming, outgoing, or both kinds of packets;

• targets:

  • RuleID identifies a rule identifier to distinguish firewalling rules;

• Target:

  • RuleID is the identifier of an SLPF rule;

• Args:

  • Args is extended with drop_process, persistent, direction, and insert_rule arguments;

• Results:

  • Results is extended with the rule_id field;

• validation:

  • AllowedCommandTarget contains all valid Target for each Actions;

  • AllowedCommandArguments contains all valid Args for each < Actions, Target > pair;

• helper functions:

  • validate_command checks a < Target , Actions > pair in a Command is present in AllowedCommandTarget;

  • validate_args checks a < Args , Actions , Target > triple in a Command is present in AllowedCommandArguments.

actuator	SLPF Specifiers
args	SLPF Arguments
data	SLPF additional data types
profile	Statless Packet Filter namespace
results	SLPF Response extensions
targets	SLPF additional data types
validation	SLPF validation rules