A.0 ACL Rule Format

The ACL rules are stored in Novell® eDirectory™ as an Octet String. The attribute name is BRDSRVS:outgoing. Format of the Octet String is shown below:

Figure A-1 Attribute Value Buffer

It shows that the first field in the buffer contains the timestamp and the size is an unsigned long. The second field is direction and the size is 1. The rest should be easy to follow. The number of acl fields is determined by the value of noOfacltype. Each acl field contains some information about the act, including the data (see the following figure).

Figure A-2 ACL Field Diagram

The ACL field contains four major fields:

type, with a size of 1
negated
noOfdata
data, containing one or more data fields. The number of data fields is determined by the value of noOfdata.

Each data field contains one or more blocks of information about the data itself, depending on the type field. (See the following figure.)

Figure A-3 acl->data Block Diagram

The highlighted field is added to the acl data block during the Novell BorderManager 3.9 release to support 128 categories.

If the aclNode->type == ACL_IP_PACKET, the next block in the buffer is the acl id with a size of unsigned long, followed by src_port_beginning with a size of unsigned short, and the rest is typical.