General "user" support as a source/destination in the framework

[GoogleCodeExporter]

Capirca does not support src/dst other than IPs/networks. Some platforms allow 
ACLs to specify sr/dst as "user" which is then interpreted by the platform 
itself.

Aruba example:
user any any permit

I am not sure if it is feasible to support this but this needs support by the 
Capirca framework itself before it can be used in one of the generators.
I tend to think that it could either be directly in the "source" and 
"destination" parameters or in new ones, depending on how easy it is to 
differentiate "user" from possible definition names.

Another similar thing is support for interface names or groups (e.g. as in PF: 
http://www.openbsd.org/faq/pf/filter.html).

Original issue reported on code.google.com by m...@google.com on 17 Jul 2012 at 9:13

[GoogleCodeExporter]

Currently, implementing support for "user" src/dest is not on the radar.  

In regards to interface names, see: 
http://code.google.com/p/capirca/wiki/PolicyFormat?ts=1342557224&updated=PolicyF
ormat

and see "source-interface" and "destination-interface" under the optional 
keywords section.  These are available for speedway/iptables.

Original comment by watson@google.com on 17 Jul 2012 at 8:36

• Changed state: WontFix