2 * Copyright (c) 2015 Cisco and/or its affiliates.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at:
7 * http://www.apache.org/licenses/LICENSE-2.0
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
16 *------------------------------------------------------------------
17 * acl_test.c - test harness plugin
18 *------------------------------------------------------------------
22 #include <vlibapi/api.h>
23 #include <vlibmemory/api.h>
24 #include <vppinfra/error.h>
25 #include <vnet/ip/ip.h>
26 #include <arpa/inet.h>
28 #define __plugin_msg_base acl_test_main.msg_id_base
29 #include <vlibapi/vat_helper_macros.h>
31 uword unformat_sw_if_index (unformat_input_t * input, va_list * args);
33 /* Declare message IDs */
34 #include <acl/acl_msg_enum.h>
36 /* define message structures */
38 #include <acl/acl_all_api_h.h>
41 /* define message structures */
43 #include <acl/acl_all_api_h.h>
46 /* instantiate all the print functions we know about */
47 #define vl_print(handle, ...)
49 #include <acl/acl_all_api_h.h>
52 /* Get the API version number. */
53 #define vl_api_version(n,v) static u32 api_version=(v);
54 #include <acl/acl_all_api_h.h>
58 /* API message ID base */
63 acl_test_main_t acl_test_main;
65 #define foreach_standard_reply_retval_handler \
67 _(acl_interface_add_del_reply) \
68 _(macip_acl_interface_add_del_reply) \
69 _(acl_interface_set_acl_list_reply) \
70 _(macip_acl_del_reply)
72 #define foreach_reply_retval_aclindex_handler \
73 _(acl_add_replace_reply) \
74 _(macip_acl_add_reply) \
75 _(macip_acl_add_replace_reply)
78 static void vl_api_##n##_t_handler \
79 (vl_api_##n##_t * mp) \
81 vat_main_t * vam = acl_test_main.vat_main; \
82 i32 retval = ntohl(mp->retval); \
83 if (vam->async_mode) { \
84 vam->async_errors += (retval < 0); \
86 vam->retval = retval; \
87 vam->result_ready = 1; \
90 foreach_standard_reply_retval_handler;
94 static void vl_api_##n##_t_handler \
95 (vl_api_##n##_t * mp) \
97 vat_main_t * vam = acl_test_main.vat_main; \
98 i32 retval = ntohl(mp->retval); \
99 if (vam->async_mode) { \
100 vam->async_errors += (retval < 0); \
102 clib_warning("ACL index: %d", ntohl(mp->acl_index)); \
103 vam->retval = retval; \
104 vam->result_ready = 1; \
107 foreach_reply_retval_aclindex_handler;
110 /* These two ought to be in a library somewhere but they aren't */
112 my_unformat_mac_address (unformat_input_t * input, va_list * args)
114 u8 *a = va_arg (*args, u8 *);
115 return unformat (input, "%x:%x:%x:%x:%x:%x", &a[0], &a[1], &a[2], &a[3],
120 my_format_mac_address (u8 * s, va_list * args)
122 u8 *a = va_arg (*args, u8 *);
123 return format (s, "%02x:%02x:%02x:%02x:%02x:%02x",
124 a[0], a[1], a[2], a[3], a[4], a[5]);
129 static void vl_api_acl_plugin_get_version_reply_t_handler
130 (vl_api_acl_plugin_get_version_reply_t * mp)
132 vat_main_t * vam = acl_test_main.vat_main;
133 clib_warning("ACL plugin version: %d.%d", ntohl(mp->major), ntohl(mp->minor));
134 vam->result_ready = 1;
137 static void vl_api_acl_interface_list_details_t_handler
138 (vl_api_acl_interface_list_details_t * mp)
141 vat_main_t * vam = acl_test_main.vat_main;
143 vl_api_acl_interface_list_details_t_endian(mp);
144 out = format(out, "sw_if_index: %d, count: %d, n_input: %d\n", mp->sw_if_index, mp->count, mp->n_input);
145 out = format(out, " input ");
146 for(i=0; i<mp->count; i++) {
147 if (i == mp->n_input)
148 out = format(out, "\n output ");
149 out = format(out, "%d ", ntohl (mp->acls[i]));
151 out = format(out, "\n");
152 clib_warning("%s", out);
154 vam->result_ready = 1;
159 vl_api_acl_rule_t_pretty_format (u8 *out, vl_api_acl_rule_t * a)
161 int af = a->is_ipv6 ? AF_INET6 : AF_INET;
162 u8 src[INET6_ADDRSTRLEN];
163 u8 dst[INET6_ADDRSTRLEN];
164 inet_ntop(af, a->src_ip_addr, (void *)src, sizeof(src));
165 inet_ntop(af, a->dst_ip_addr, (void *)dst, sizeof(dst));
167 out = format(out, "%s action %d src %s/%d dst %s/%d proto %d sport %d-%d dport %d-%d tcpflags %d mask %d",
168 a->is_ipv6 ? "ipv6" : "ipv4", a->is_permit,
169 src, a->src_ip_prefix_len,
170 dst, a->dst_ip_prefix_len,
172 a->srcport_or_icmptype_first, a->srcport_or_icmptype_last,
173 a->dstport_or_icmpcode_first, a->dstport_or_icmpcode_last,
174 a->tcp_flags_value, a->tcp_flags_mask);
180 static void vl_api_acl_details_t_handler
181 (vl_api_acl_details_t * mp)
184 vat_main_t * vam = acl_test_main.vat_main;
185 vl_api_acl_details_t_endian(mp);
187 out = format(0, "acl_index: %d, count: %d\n tag {%s}\n", mp->acl_index, mp->count, mp->tag);
188 for(i=0; i<mp->count; i++) {
189 out = format(out, " ");
190 out = vl_api_acl_rule_t_pretty_format(out, &mp->r[i]);
191 out = format(out, "%s\n", i<mp->count-1 ? "," : "");
193 clib_warning("%s", out);
195 vam->result_ready = 1;
199 vl_api_macip_acl_rule_t_pretty_format (u8 *out, vl_api_macip_acl_rule_t * a)
201 int af = a->is_ipv6 ? AF_INET6 : AF_INET;
202 u8 src[INET6_ADDRSTRLEN];
203 inet_ntop(af, a->src_ip_addr, (void *)src, sizeof(src));
205 out = format(out, "%s action %d ip %s/%d mac %U mask %U",
206 a->is_ipv6 ? "ipv6" : "ipv4", a->is_permit,
207 src, a->src_ip_prefix_len,
208 my_format_mac_address, a->src_mac,
209 my_format_mac_address, a->src_mac_mask);
214 static void vl_api_macip_acl_details_t_handler
215 (vl_api_macip_acl_details_t * mp)
218 vat_main_t * vam = acl_test_main.vat_main;
219 vl_api_macip_acl_details_t_endian(mp);
220 u8 *out = format(0,"MACIP acl_index: %d, count: %d\n tag {%s}\n", mp->acl_index, mp->count, mp->tag);
221 for(i=0; i<mp->count; i++) {
222 out = format(out, " ");
223 out = vl_api_macip_acl_rule_t_pretty_format(out, &mp->r[i]);
224 out = format(out, "%s\n", i<mp->count-1 ? "," : "");
226 clib_warning("%s", out);
228 vam->result_ready = 1;
231 static void vl_api_macip_acl_interface_get_reply_t_handler
232 (vl_api_macip_acl_interface_get_reply_t * mp)
235 vat_main_t * vam = acl_test_main.vat_main;
236 u8 *out = format(0, "sw_if_index with MACIP ACL count: %d\n", ntohl(mp->count));
237 for(i=0; i<ntohl(mp->count); i++) {
238 out = format(out, " macip_acl_interface_add_del sw_if_index %d add acl %d\n", i, ntohl(mp->acls[i]));
240 out = format(out, "\n");
241 clib_warning("%s", out);
243 vam->result_ready = 1;
246 static void vl_api_acl_plugin_control_ping_reply_t_handler
247 (vl_api_acl_plugin_control_ping_reply_t * mp)
249 vat_main_t *vam = &vat_main;
250 i32 retval = ntohl (mp->retval);
253 vam->async_errors += (retval < 0);
257 vam->retval = retval;
258 vam->result_ready = 1;
264 * Table of message reply handlers, must include boilerplate handlers
267 #define foreach_vpe_api_reply_msg \
268 _(ACL_ADD_REPLACE_REPLY, acl_add_replace_reply) \
269 _(ACL_DEL_REPLY, acl_del_reply) \
270 _(ACL_INTERFACE_ADD_DEL_REPLY, acl_interface_add_del_reply) \
271 _(ACL_INTERFACE_SET_ACL_LIST_REPLY, acl_interface_set_acl_list_reply) \
272 _(ACL_INTERFACE_LIST_DETAILS, acl_interface_list_details) \
273 _(ACL_DETAILS, acl_details) \
274 _(MACIP_ACL_ADD_REPLY, macip_acl_add_reply) \
275 _(MACIP_ACL_ADD_REPLACE_REPLY, macip_acl_add_replace_reply) \
276 _(MACIP_ACL_DEL_REPLY, macip_acl_del_reply) \
277 _(MACIP_ACL_DETAILS, macip_acl_details) \
278 _(MACIP_ACL_INTERFACE_ADD_DEL_REPLY, macip_acl_interface_add_del_reply) \
279 _(MACIP_ACL_INTERFACE_GET_REPLY, macip_acl_interface_get_reply) \
280 _(ACL_PLUGIN_CONTROL_PING_REPLY, acl_plugin_control_ping_reply) \
281 _(ACL_PLUGIN_GET_VERSION_REPLY, acl_plugin_get_version_reply)
283 static int api_acl_plugin_get_version (vat_main_t * vam)
285 acl_test_main_t * sm = &acl_test_main;
286 vl_api_acl_plugin_get_version_t * mp;
287 u32 msg_size = sizeof(*mp);
290 vam->result_ready = 0;
291 mp = vl_msg_api_alloc_as_if_client(msg_size);
292 memset (mp, 0, msg_size);
293 mp->_vl_msg_id = ntohs (VL_API_ACL_PLUGIN_GET_VERSION + sm->msg_id_base);
294 mp->client_index = vam->my_client_index;
299 /* Wait for a reply... */
304 static int api_macip_acl_interface_get (vat_main_t * vam)
306 acl_test_main_t * sm = &acl_test_main;
307 vl_api_acl_plugin_get_version_t * mp;
308 u32 msg_size = sizeof(*mp);
311 vam->result_ready = 0;
312 mp = vl_msg_api_alloc_as_if_client(msg_size);
313 memset (mp, 0, msg_size);
314 mp->_vl_msg_id = ntohs (VL_API_MACIP_ACL_INTERFACE_GET + sm->msg_id_base);
315 mp->client_index = vam->my_client_index;
320 /* Wait for a reply... */
325 #define vec_validate_acl_rules(v, idx) \
327 if (vec_len(v) < idx+1) { \
328 vec_validate(v, idx); \
329 v[idx].is_permit = 0x1; \
330 v[idx].srcport_or_icmptype_last = 0xffff; \
331 v[idx].dstport_or_icmpcode_last = 0xffff; \
336 static int api_acl_add_replace (vat_main_t * vam)
338 acl_test_main_t * sm = &acl_test_main;
339 unformat_input_t * i = vam->input;
340 vl_api_acl_add_replace_t * mp;
342 u32 msg_size = sizeof (*mp); /* without the rules */
344 vl_api_acl_rule_t *rules = 0;
347 int n_rules_override = -1;
352 u32 tcpflags, tcpmask;
353 u32 src_prefix_length = 0, dst_prefix_length = 0;
354 ip4_address_t src_v4address, dst_v4address;
355 ip6_address_t src_v6address, dst_v6address;
359 if (!unformat (i, "%d", &acl_index)) {
363 while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
365 if (unformat (i, "ipv6"))
367 vec_validate_acl_rules(rules, rule_idx);
368 rules[rule_idx].is_ipv6 = 1;
370 else if (unformat (i, "ipv4"))
372 vec_validate_acl_rules(rules, rule_idx);
373 rules[rule_idx].is_ipv6 = 0;
375 else if (unformat (i, "permit+reflect"))
377 vec_validate_acl_rules(rules, rule_idx);
378 rules[rule_idx].is_permit = 2;
380 else if (unformat (i, "permit"))
382 vec_validate_acl_rules(rules, rule_idx);
383 rules[rule_idx].is_permit = 1;
385 else if (unformat (i, "deny"))
387 vec_validate_acl_rules(rules, rule_idx);
388 rules[rule_idx].is_permit = 0;
390 else if (unformat (i, "count %d", &n_rules_override))
392 /* we will use this later */
394 else if (unformat (i, "action %d", &action))
396 vec_validate_acl_rules(rules, rule_idx);
397 rules[rule_idx].is_permit = action;
399 else if (unformat (i, "src %U/%d",
400 unformat_ip4_address, &src_v4address, &src_prefix_length))
402 vec_validate_acl_rules(rules, rule_idx);
403 memcpy (rules[rule_idx].src_ip_addr, &src_v4address, 4);
404 rules[rule_idx].src_ip_prefix_len = src_prefix_length;
405 rules[rule_idx].is_ipv6 = 0;
407 else if (unformat (i, "src %U/%d",
408 unformat_ip6_address, &src_v6address, &src_prefix_length))
410 vec_validate_acl_rules(rules, rule_idx);
411 memcpy (rules[rule_idx].src_ip_addr, &src_v6address, 16);
412 rules[rule_idx].src_ip_prefix_len = src_prefix_length;
413 rules[rule_idx].is_ipv6 = 1;
415 else if (unformat (i, "dst %U/%d",
416 unformat_ip4_address, &dst_v4address, &dst_prefix_length))
418 vec_validate_acl_rules(rules, rule_idx);
419 memcpy (rules[rule_idx].dst_ip_addr, &dst_v4address, 4);
420 rules[rule_idx].dst_ip_prefix_len = dst_prefix_length;
421 rules[rule_idx].is_ipv6 = 0;
423 else if (unformat (i, "dst %U/%d",
424 unformat_ip6_address, &dst_v6address, &dst_prefix_length))
426 vec_validate_acl_rules(rules, rule_idx);
427 memcpy (rules[rule_idx].dst_ip_addr, &dst_v6address, 16);
428 rules[rule_idx].dst_ip_prefix_len = dst_prefix_length;
429 rules[rule_idx].is_ipv6 = 1;
431 else if (unformat (i, "sport %d-%d", &port1, &port2))
433 vec_validate_acl_rules(rules, rule_idx);
434 rules[rule_idx].srcport_or_icmptype_first = htons(port1);
435 rules[rule_idx].srcport_or_icmptype_last = htons(port2);
437 else if (unformat (i, "sport %d", &port1))
439 vec_validate_acl_rules(rules, rule_idx);
440 rules[rule_idx].srcport_or_icmptype_first = htons(port1);
441 rules[rule_idx].srcport_or_icmptype_last = htons(port1);
443 else if (unformat (i, "dport %d-%d", &port1, &port2))
445 vec_validate_acl_rules(rules, rule_idx);
446 rules[rule_idx].dstport_or_icmpcode_first = htons(port1);
447 rules[rule_idx].dstport_or_icmpcode_last = htons(port2);
449 else if (unformat (i, "dport %d", &port1))
451 vec_validate_acl_rules(rules, rule_idx);
452 rules[rule_idx].dstport_or_icmpcode_first = htons(port1);
453 rules[rule_idx].dstport_or_icmpcode_last = htons(port1);
455 else if (unformat (i, "tcpflags %d %d", &tcpflags, &tcpmask))
457 vec_validate_acl_rules(rules, rule_idx);
458 rules[rule_idx].tcp_flags_value = tcpflags;
459 rules[rule_idx].tcp_flags_mask = tcpmask;
461 else if (unformat (i, "tcpflags %d mask %d", &tcpflags, &tcpmask))
463 vec_validate_acl_rules(rules, rule_idx);
464 rules[rule_idx].tcp_flags_value = tcpflags;
465 rules[rule_idx].tcp_flags_mask = tcpmask;
467 else if (unformat (i, "proto %d", &proto))
469 vec_validate_acl_rules(rules, rule_idx);
470 rules[rule_idx].proto = proto;
472 else if (unformat (i, "tag %s", &tag))
475 else if (unformat (i, ","))
478 vec_validate_acl_rules(rules, rule_idx);
484 /* Construct the API message */
485 vam->result_ready = 0;
488 n_rules = vec_len(rules);
492 if (n_rules_override >= 0)
493 n_rules = n_rules_override;
495 msg_size += n_rules*sizeof(rules[0]);
497 mp = vl_msg_api_alloc_as_if_client(msg_size);
498 memset (mp, 0, msg_size);
499 mp->_vl_msg_id = ntohs (VL_API_ACL_ADD_REPLACE + sm->msg_id_base);
500 mp->client_index = vam->my_client_index;
501 if ((n_rules > 0) && rules)
502 clib_memcpy(mp->r, rules, n_rules*sizeof (vl_api_acl_rule_t));
505 if (vec_len(tag) >= sizeof(mp->tag))
507 tag[sizeof(mp->tag)-1] = 0;
508 _vec_len(tag) = sizeof(mp->tag);
510 clib_memcpy(mp->tag, tag, vec_len(tag));
513 mp->acl_index = ntohl(acl_index);
514 mp->count = htonl(n_rules);
519 /* Wait for a reply... */
524 static int api_acl_del (vat_main_t * vam)
526 unformat_input_t * i = vam->input;
527 vl_api_acl_del_t * mp;
531 if (!unformat (i, "%d", &acl_index)) {
532 errmsg ("missing acl index\n");
536 /* Construct the API message */
538 mp->acl_index = ntohl(acl_index);
543 /* Wait for a reply... */
548 static int api_macip_acl_del (vat_main_t * vam)
550 unformat_input_t * i = vam->input;
551 vl_api_acl_del_t * mp;
555 if (!unformat (i, "%d", &acl_index)) {
556 errmsg ("missing acl index\n");
560 /* Construct the API message */
561 M(MACIP_ACL_DEL, mp);
562 mp->acl_index = ntohl(acl_index);
567 /* Wait for a reply... */
572 static int api_acl_interface_add_del (vat_main_t * vam)
574 unformat_input_t * i = vam->input;
575 vl_api_acl_interface_add_del_t * mp;
576 u32 sw_if_index = ~0;
582 // acl_interface_add_del <intfc> | sw_if_index <if-idx> acl_index <acl-idx> [out] [del]
584 while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
586 if (unformat (i, "%d", &acl_index))
593 /* Parse args required to build the message */
594 while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT) {
595 if (unformat (i, "%U", unformat_sw_if_index, vam, &sw_if_index))
597 else if (unformat (i, "sw_if_index %d", &sw_if_index))
599 else if (unformat (i, "add"))
601 else if (unformat (i, "del"))
603 else if (unformat (i, "acl %d", &acl_index))
605 else if (unformat (i, "input"))
607 else if (unformat (i, "output"))
613 if (sw_if_index == ~0) {
614 errmsg ("missing interface name / explicit sw_if_index number \n");
618 if (acl_index == ~0) {
619 errmsg ("missing ACL index\n");
625 /* Construct the API message */
626 M(ACL_INTERFACE_ADD_DEL, mp);
627 mp->acl_index = ntohl(acl_index);
628 mp->sw_if_index = ntohl(sw_if_index);
630 mp->is_input = is_input;
635 /* Wait for a reply... */
640 static int api_macip_acl_interface_add_del (vat_main_t * vam)
642 unformat_input_t * i = vam->input;
643 vl_api_macip_acl_interface_add_del_t * mp;
644 u32 sw_if_index = ~0;
649 /* Parse args required to build the message */
650 while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT) {
651 if (unformat (i, "%U", unformat_sw_if_index, vam, &sw_if_index))
653 else if (unformat (i, "sw_if_index %d", &sw_if_index))
655 else if (unformat (i, "add"))
657 else if (unformat (i, "del"))
659 else if (unformat (i, "acl %d", &acl_index))
665 if (sw_if_index == ~0) {
666 errmsg ("missing interface name / explicit sw_if_index number \n");
670 if (acl_index == ~0) {
671 errmsg ("missing ACL index\n");
677 /* Construct the API message */
678 M(MACIP_ACL_INTERFACE_ADD_DEL, mp);
679 mp->acl_index = ntohl(acl_index);
680 mp->sw_if_index = ntohl(sw_if_index);
686 /* Wait for a reply... */
691 static int api_acl_interface_set_acl_list (vat_main_t * vam)
693 unformat_input_t * i = vam->input;
694 vl_api_acl_interface_set_acl_list_t * mp;
695 u32 sw_if_index = ~0;
702 // acl_interface_set_acl_list <intfc> | sw_if_index <if-idx> input [acl-idx list] output [acl-idx list]
704 /* Parse args required to build the message */
705 while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT) {
706 if (unformat (i, "%U", unformat_sw_if_index, vam, &sw_if_index))
708 else if (unformat (i, "sw_if_index %d", &sw_if_index))
710 else if (unformat (i, "%d", &acl_index))
713 vec_add1(inacls, htonl(acl_index));
715 vec_add1(outacls, htonl(acl_index));
717 else if (unformat (i, "acl %d", &acl_index))
719 else if (unformat (i, "input"))
721 else if (unformat (i, "output"))
727 if (sw_if_index == ~0) {
728 errmsg ("missing interface name / explicit sw_if_index number \n");
732 /* Construct the API message */
733 M2(ACL_INTERFACE_SET_ACL_LIST, mp, sizeof(u32) * (vec_len(inacls) + vec_len(outacls)));
734 mp->sw_if_index = ntohl(sw_if_index);
735 mp->n_input = vec_len(inacls);
736 mp->count = vec_len(inacls) + vec_len(outacls);
737 vec_append(inacls, outacls);
738 if (vec_len(inacls) > 0)
739 clib_memcpy(mp->acls, inacls, vec_len(inacls)*sizeof(u32));
744 /* Wait for a reply... */
750 api_acl_send_control_ping(vat_main_t *vam)
752 vl_api_acl_plugin_control_ping_t *mp_ping;
754 M(ACL_PLUGIN_CONTROL_PING, mp_ping);
759 static int api_acl_interface_list_dump (vat_main_t * vam)
761 unformat_input_t * i = vam->input;
762 u32 sw_if_index = ~0;
763 vl_api_acl_interface_list_dump_t * mp;
766 /* Parse args required to build the message */
767 while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT) {
768 if (unformat (i, "%U", unformat_sw_if_index, vam, &sw_if_index))
770 else if (unformat (i, "sw_if_index %d", &sw_if_index))
776 /* Construct the API message */
777 M(ACL_INTERFACE_LIST_DUMP, mp);
778 mp->sw_if_index = ntohl (sw_if_index);
783 /* Use control ping for synchronization */
784 api_acl_send_control_ping(vam);
786 /* Wait for a reply... */
791 static int api_acl_dump (vat_main_t * vam)
793 unformat_input_t * i = vam->input;
795 vl_api_acl_dump_t * mp;
798 /* Parse args required to build the message */
799 while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT) {
800 if (unformat (i, "%d", &acl_index))
806 /* Construct the API message */
808 mp->acl_index = ntohl (acl_index);
813 /* Use control ping for synchronization */
814 api_acl_send_control_ping(vam);
816 /* Wait for a reply... */
821 static int api_macip_acl_dump (vat_main_t * vam)
823 unformat_input_t * i = vam->input;
825 vl_api_acl_dump_t * mp;
828 /* Parse args required to build the message */
829 while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT) {
830 if (unformat (i, "%d", &acl_index))
836 /* Construct the API message */
837 M(MACIP_ACL_DUMP, mp);
838 mp->acl_index = ntohl (acl_index);
843 /* Use control ping for synchronization */
844 api_acl_send_control_ping(vam);
846 /* Wait for a reply... */
851 #define vec_validate_macip_acl_rules(v, idx) \
853 if (vec_len(v) < idx+1) { \
854 vec_validate(v, idx); \
855 v[idx].is_permit = 0x1; \
860 static int api_macip_acl_add (vat_main_t * vam)
862 acl_test_main_t * sm = &acl_test_main;
863 unformat_input_t * i = vam->input;
864 vl_api_macip_acl_add_t * mp;
865 u32 msg_size = sizeof (*mp); /* without the rules */
867 vl_api_macip_acl_rule_t *rules = 0;
870 int n_rules_override = -1;
871 u32 src_prefix_length = 0;
873 ip4_address_t src_v4address;
874 ip6_address_t src_v6address;
877 u8 mac_mask_all_1[6] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
880 while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
882 if (unformat (i, "ipv6"))
884 vec_validate_macip_acl_rules(rules, rule_idx);
885 rules[rule_idx].is_ipv6 = 1;
887 else if (unformat (i, "ipv4"))
889 vec_validate_macip_acl_rules(rules, rule_idx);
890 rules[rule_idx].is_ipv6 = 0;
892 else if (unformat (i, "permit"))
894 vec_validate_macip_acl_rules(rules, rule_idx);
895 rules[rule_idx].is_permit = 1;
897 else if (unformat (i, "deny"))
899 vec_validate_macip_acl_rules(rules, rule_idx);
900 rules[rule_idx].is_permit = 0;
902 else if (unformat (i, "count %d", &n_rules_override))
904 /* we will use this later */
906 else if (unformat (i, "action %d", &action))
908 vec_validate_macip_acl_rules(rules, rule_idx);
909 rules[rule_idx].is_permit = action;
911 else if (unformat (i, "ip %U/%d",
912 unformat_ip4_address, &src_v4address, &src_prefix_length) ||
913 unformat (i, "ip %U",
914 unformat_ip4_address, &src_v4address))
916 if (src_prefix_length == 0)
917 src_prefix_length = 32;
918 vec_validate_macip_acl_rules(rules, rule_idx);
919 memcpy (rules[rule_idx].src_ip_addr, &src_v4address, 4);
920 rules[rule_idx].src_ip_prefix_len = src_prefix_length;
921 rules[rule_idx].is_ipv6 = 0;
923 else if (unformat (i, "src"))
925 /* Everything in MACIP is "source" but allow this verbosity */
927 else if (unformat (i, "ip %U/%d",
928 unformat_ip6_address, &src_v6address, &src_prefix_length) ||
929 unformat (i, "ip %U",
930 unformat_ip6_address, &src_v6address))
932 if (src_prefix_length == 0)
933 src_prefix_length = 128;
934 vec_validate_macip_acl_rules(rules, rule_idx);
935 memcpy (rules[rule_idx].src_ip_addr, &src_v6address, 16);
936 rules[rule_idx].src_ip_prefix_len = src_prefix_length;
937 rules[rule_idx].is_ipv6 = 1;
939 else if (unformat (i, "mac %U",
940 my_unformat_mac_address, &src_mac))
942 vec_validate_macip_acl_rules(rules, rule_idx);
943 memcpy (rules[rule_idx].src_mac, &src_mac, 6);
944 memcpy (rules[rule_idx].src_mac_mask, &mac_mask_all_1, 6);
946 else if (unformat (i, "mask %U",
947 my_unformat_mac_address, &src_mac))
949 vec_validate_macip_acl_rules(rules, rule_idx);
950 memcpy (rules[rule_idx].src_mac_mask, &src_mac, 6);
952 else if (unformat (i, "tag %s", &tag))
955 else if (unformat (i, ","))
958 vec_validate_macip_acl_rules(rules, rule_idx);
964 /* Construct the API message */
965 vam->result_ready = 0;
968 n_rules = vec_len(rules);
970 if (n_rules_override >= 0)
971 n_rules = n_rules_override;
973 msg_size += n_rules*sizeof(rules[0]);
975 mp = vl_msg_api_alloc_as_if_client(msg_size);
976 memset (mp, 0, msg_size);
977 mp->_vl_msg_id = ntohs (VL_API_MACIP_ACL_ADD + sm->msg_id_base);
978 mp->client_index = vam->my_client_index;
979 if ((n_rules > 0) && rules)
980 clib_memcpy(mp->r, rules, n_rules*sizeof (mp->r[0]));
983 if (vec_len(tag) >= sizeof(mp->tag))
985 tag[sizeof(mp->tag)-1] = 0;
986 _vec_len(tag) = sizeof(mp->tag);
988 clib_memcpy(mp->tag, tag, vec_len(tag));
992 mp->count = htonl(n_rules);
997 /* Wait for a reply... */
1002 static int api_macip_acl_add_replace (vat_main_t * vam)
1004 acl_test_main_t * sm = &acl_test_main;
1005 unformat_input_t * i = vam->input;
1006 vl_api_macip_acl_add_replace_t * mp;
1008 u32 msg_size = sizeof (*mp); /* without the rules */
1010 vl_api_macip_acl_rule_t *rules = 0;
1013 int n_rules_override = -1;
1014 u32 src_prefix_length = 0;
1016 ip4_address_t src_v4address;
1017 ip6_address_t src_v6address;
1020 u8 mac_mask_all_1[6] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
1023 if (!unformat (i, "%d", &acl_index)) {
1024 /* Just assume -1 */
1027 while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
1029 if (unformat (i, "ipv6"))
1031 vec_validate_macip_acl_rules(rules, rule_idx);
1032 rules[rule_idx].is_ipv6 = 1;
1034 else if (unformat (i, "ipv4"))
1036 vec_validate_macip_acl_rules(rules, rule_idx);
1037 rules[rule_idx].is_ipv6 = 0;
1039 else if (unformat (i, "permit"))
1041 vec_validate_macip_acl_rules(rules, rule_idx);
1042 rules[rule_idx].is_permit = 1;
1044 else if (unformat (i, "deny"))
1046 vec_validate_macip_acl_rules(rules, rule_idx);
1047 rules[rule_idx].is_permit = 0;
1049 else if (unformat (i, "count %d", &n_rules_override))
1051 /* we will use this later */
1053 else if (unformat (i, "action %d", &action))
1055 vec_validate_macip_acl_rules(rules, rule_idx);
1056 rules[rule_idx].is_permit = action;
1058 else if (unformat (i, "ip %U/%d",
1059 unformat_ip4_address, &src_v4address, &src_prefix_length) ||
1060 unformat (i, "ip %U",
1061 unformat_ip4_address, &src_v4address))
1063 if (src_prefix_length == 0)
1064 src_prefix_length = 32;
1065 vec_validate_macip_acl_rules(rules, rule_idx);
1066 memcpy (rules[rule_idx].src_ip_addr, &src_v4address, 4);
1067 rules[rule_idx].src_ip_prefix_len = src_prefix_length;
1068 rules[rule_idx].is_ipv6 = 0;
1070 else if (unformat (i, "src"))
1072 /* Everything in MACIP is "source" but allow this verbosity */
1074 else if (unformat (i, "ip %U/%d",
1075 unformat_ip6_address, &src_v6address, &src_prefix_length) ||
1076 unformat (i, "ip %U",
1077 unformat_ip6_address, &src_v6address))
1079 if (src_prefix_length == 0)
1080 src_prefix_length = 128;
1081 vec_validate_macip_acl_rules(rules, rule_idx);
1082 memcpy (rules[rule_idx].src_ip_addr, &src_v6address, 16);
1083 rules[rule_idx].src_ip_prefix_len = src_prefix_length;
1084 rules[rule_idx].is_ipv6 = 1;
1086 else if (unformat (i, "mac %U",
1087 my_unformat_mac_address, &src_mac))
1089 vec_validate_macip_acl_rules(rules, rule_idx);
1090 memcpy (rules[rule_idx].src_mac, &src_mac, 6);
1091 memcpy (rules[rule_idx].src_mac_mask, &mac_mask_all_1, 6);
1093 else if (unformat (i, "mask %U",
1094 my_unformat_mac_address, &src_mac))
1096 vec_validate_macip_acl_rules(rules, rule_idx);
1097 memcpy (rules[rule_idx].src_mac_mask, &src_mac, 6);
1099 else if (unformat (i, "tag %s", &tag))
1102 else if (unformat (i, ","))
1105 vec_validate_macip_acl_rules(rules, rule_idx);
1113 errmsg ("rule/s required\n");
1116 /* Construct the API message */
1117 vam->result_ready = 0;
1120 n_rules = vec_len(rules);
1122 if (n_rules_override >= 0)
1123 n_rules = n_rules_override;
1125 msg_size += n_rules*sizeof(rules[0]);
1127 mp = vl_msg_api_alloc_as_if_client(msg_size);
1128 memset (mp, 0, msg_size);
1129 mp->_vl_msg_id = ntohs (VL_API_MACIP_ACL_ADD_REPLACE + sm->msg_id_base);
1130 mp->client_index = vam->my_client_index;
1131 if ((n_rules > 0) && rules)
1132 clib_memcpy(mp->r, rules, n_rules*sizeof (mp->r[0]));
1135 if (vec_len(tag) >= sizeof(mp->tag))
1137 tag[sizeof(mp->tag)-1] = 0;
1138 _vec_len(tag) = sizeof(mp->tag);
1140 clib_memcpy(mp->tag, tag, vec_len(tag));
1144 mp->acl_index = ntohl(acl_index);
1145 mp->count = htonl(n_rules);
1150 /* Wait for a reply... */
1156 * List of messages that the api test plugin sends,
1157 * and that the data plane plugin processes
1159 #define foreach_vpe_api_msg \
1160 _(acl_plugin_get_version, "") \
1161 _(acl_add_replace, "<acl-idx> [<ipv4|ipv6> <permit|permit+reflect|deny|action N> [src IP/plen] [dst IP/plen] [sport X-Y] [dport X-Y] [proto P] [tcpflags FL MASK], ... , ...") \
1162 _(acl_del, "<acl-idx>") \
1163 _(acl_dump, "[<acl-idx>]") \
1164 _(acl_interface_add_del, "<intfc> | sw_if_index <if-idx> [add|del] [input|output] acl <acl-idx>") \
1165 _(acl_interface_set_acl_list, "<intfc> | sw_if_index <if-idx> input [acl-idx list] output [acl-idx list]") \
1166 _(acl_interface_list_dump, "[<intfc> | sw_if_index <if-idx>]") \
1167 _(macip_acl_add, "...") \
1168 _(macip_acl_add_replace, "<acl-idx> [<ipv4|ipv6> <permit|deny|action N> [count <count>] [src] ip <ipaddress/[plen]> mac <mac> mask <mac_mask>, ... , ...") \
1169 _(macip_acl_del, "<acl-idx>")\
1170 _(macip_acl_dump, "[<acl-idx>]") \
1171 _(macip_acl_interface_add_del, "<intfc> | sw_if_index <if-idx> [add|del] acl <acl-idx>") \
1172 _(macip_acl_interface_get, "")
1176 void acl_vat_api_hookup (vat_main_t *vam)
1178 acl_test_main_t * sm = &acl_test_main;
1179 /* Hook up handlers for replies from the data plane plug-in */
1181 vl_msg_api_set_handlers((VL_API_##N + sm->msg_id_base), \
1183 vl_api_##n##_t_handler, \
1185 vl_api_##n##_t_endian, \
1186 vl_api_##n##_t_print, \
1187 sizeof(vl_api_##n##_t), 1);
1188 foreach_vpe_api_reply_msg;
1191 /* API messages we can send */
1192 #define _(n,h) hash_set_mem (vam->function_by_name, #n, api_##n);
1193 foreach_vpe_api_msg;
1197 #define _(n,h) hash_set_mem (vam->help_by_name, #n, h);
1198 foreach_vpe_api_msg;
1202 clib_error_t * vat_plugin_register (vat_main_t *vam)
1204 acl_test_main_t * sm = &acl_test_main;
1209 name = format (0, "acl_%08x%c", api_version, 0);
1210 sm->msg_id_base = vl_client_get_first_plugin_msg_id ((char *) name);
1212 if (sm->msg_id_base != (u16) ~0)
1213 acl_vat_api_hookup (vam);