2 * Copyright (c) 2015 Cisco and/or its affiliates.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at:
7 * http://www.apache.org/licenses/LICENSE-2.0
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
16 *------------------------------------------------------------------
17 * acl_test.c - test harness plugin
18 *------------------------------------------------------------------
22 #include <vlibapi/api.h>
23 #include <vlibmemory/api.h>
24 #include <vlibsocket/api.h>
25 #include <vppinfra/error.h>
26 #include <vnet/ip/ip.h>
27 #include <arpa/inet.h>
29 #define __plugin_msg_base acl_test_main.msg_id_base
30 #include <vlibapi/vat_helper_macros.h>
32 uword unformat_sw_if_index (unformat_input_t * input, va_list * args);
34 /* Declare message IDs */
35 #include <acl/acl_msg_enum.h>
37 /* define message structures */
39 #include <acl/acl_all_api_h.h>
42 /* define message structures */
44 #include <acl/acl_all_api_h.h>
47 /* instantiate all the print functions we know about */
48 #define vl_print(handle, ...)
50 #include <acl/acl_all_api_h.h>
53 /* Get the API version number. */
54 #define vl_api_version(n,v) static u32 api_version=(v);
55 #include <acl/acl_all_api_h.h>
59 /* API message ID base */
64 acl_test_main_t acl_test_main;
66 #define foreach_standard_reply_retval_handler \
68 _(acl_interface_add_del_reply) \
69 _(macip_acl_interface_add_del_reply) \
70 _(acl_interface_set_acl_list_reply) \
71 _(macip_acl_del_reply)
73 #define foreach_reply_retval_aclindex_handler \
74 _(acl_add_replace_reply) \
75 _(macip_acl_add_reply)
78 static void vl_api_##n##_t_handler \
79 (vl_api_##n##_t * mp) \
81 vat_main_t * vam = acl_test_main.vat_main; \
82 i32 retval = ntohl(mp->retval); \
83 if (vam->async_mode) { \
84 vam->async_errors += (retval < 0); \
86 vam->retval = retval; \
87 vam->result_ready = 1; \
90 foreach_standard_reply_retval_handler;
94 static void vl_api_##n##_t_handler \
95 (vl_api_##n##_t * mp) \
97 vat_main_t * vam = acl_test_main.vat_main; \
98 i32 retval = ntohl(mp->retval); \
99 if (vam->async_mode) { \
100 vam->async_errors += (retval < 0); \
102 clib_warning("ACL index: %d", ntohl(mp->acl_index)); \
103 vam->retval = retval; \
104 vam->result_ready = 1; \
107 foreach_reply_retval_aclindex_handler;
110 /* These two ought to be in a library somewhere but they aren't */
112 my_unformat_mac_address (unformat_input_t * input, va_list * args)
114 u8 *a = va_arg (*args, u8 *);
115 return unformat (input, "%x:%x:%x:%x:%x:%x", &a[0], &a[1], &a[2], &a[3],
120 my_format_mac_address (u8 * s, va_list * args)
122 u8 *a = va_arg (*args, u8 *);
123 return format (s, "%02x:%02x:%02x:%02x:%02x:%02x",
124 a[0], a[1], a[2], a[3], a[4], a[5]);
129 static void vl_api_acl_plugin_get_version_reply_t_handler
130 (vl_api_acl_plugin_get_version_reply_t * mp)
132 vat_main_t * vam = acl_test_main.vat_main;
133 clib_warning("ACL plugin version: %d.%d", ntohl(mp->major), ntohl(mp->minor));
134 vam->result_ready = 1;
137 static void vl_api_acl_interface_list_details_t_handler
138 (vl_api_acl_interface_list_details_t * mp)
141 vat_main_t * vam = acl_test_main.vat_main;
143 vl_api_acl_interface_list_details_t_endian(mp);
144 out = format(out, "sw_if_index: %d, count: %d, n_input: %d\n", mp->sw_if_index, mp->count, mp->n_input);
145 out = format(out, " input ");
146 for(i=0; i<mp->count; i++) {
147 out = format(out, "%d ", mp->acls[i]);
148 if (i == mp->n_input-1)
149 out = format(out, "\n output ");
151 out = format(out, "\n");
152 clib_warning("%s", out);
154 vam->result_ready = 1;
159 vl_api_acl_rule_t_pretty_format (u8 *out, vl_api_acl_rule_t * a)
161 int af = a->is_ipv6 ? AF_INET6 : AF_INET;
162 u8 src[INET6_ADDRSTRLEN];
163 u8 dst[INET6_ADDRSTRLEN];
164 inet_ntop(af, a->src_ip_addr, (void *)src, sizeof(src));
165 inet_ntop(af, a->dst_ip_addr, (void *)dst, sizeof(dst));
167 out = format(out, "%s action %d src %s/%d dst %s/%d proto %d sport %d-%d dport %d-%d tcpflags %d mask %d",
168 a->is_ipv6 ? "ipv6" : "ipv4", a->is_permit,
169 src, a->src_ip_prefix_len,
170 dst, a->dst_ip_prefix_len,
172 a->srcport_or_icmptype_first, a->srcport_or_icmptype_last,
173 a->dstport_or_icmpcode_first, a->dstport_or_icmpcode_last,
174 a->tcp_flags_value, a->tcp_flags_mask);
180 static void vl_api_acl_details_t_handler
181 (vl_api_acl_details_t * mp)
184 vat_main_t * vam = acl_test_main.vat_main;
185 vl_api_acl_details_t_endian(mp);
187 out = format(0, "acl_index: %d, count: %d\n tag {%s}\n", mp->acl_index, mp->count, mp->tag);
188 for(i=0; i<mp->count; i++) {
189 out = format(out, " ");
190 out = vl_api_acl_rule_t_pretty_format(out, &mp->r[i]);
191 out = format(out, "%s\n", i<mp->count-1 ? "," : "");
193 clib_warning("%s", out);
195 vam->result_ready = 1;
199 vl_api_macip_acl_rule_t_pretty_format (u8 *out, vl_api_macip_acl_rule_t * a)
201 int af = a->is_ipv6 ? AF_INET6 : AF_INET;
202 u8 src[INET6_ADDRSTRLEN];
203 inet_ntop(af, a->src_ip_addr, (void *)src, sizeof(src));
205 out = format(out, "%s action %d ip %s/%d mac %U mask %U",
206 a->is_ipv6 ? "ipv6" : "ipv4", a->is_permit,
207 src, a->src_ip_prefix_len,
208 my_format_mac_address, a->src_mac,
209 my_format_mac_address, a->src_mac_mask);
214 static void vl_api_macip_acl_details_t_handler
215 (vl_api_macip_acl_details_t * mp)
218 vat_main_t * vam = acl_test_main.vat_main;
219 vl_api_macip_acl_details_t_endian(mp);
220 u8 *out = format(0,"MACIP acl_index: %d, count: %d\n tag {%s}\n", mp->acl_index, mp->count, mp->tag);
221 for(i=0; i<mp->count; i++) {
222 out = format(out, " ");
223 out = vl_api_macip_acl_rule_t_pretty_format(out, &mp->r[i]);
224 out = format(out, "%s\n", i<mp->count-1 ? "," : "");
226 clib_warning("%s", out);
228 vam->result_ready = 1;
231 static void vl_api_macip_acl_interface_get_reply_t_handler
232 (vl_api_macip_acl_interface_get_reply_t * mp)
235 vat_main_t * vam = acl_test_main.vat_main;
236 u8 *out = format(0, "sw_if_index with MACIP ACL count: %d\n", ntohl(mp->count));
237 for(i=0; i<ntohl(mp->count); i++) {
238 out = format(out, " macip_acl_interface_add_del sw_if_index %d add acl %d\n", i, ntohl(mp->acls[i]));
240 out = format(out, "\n");
241 clib_warning("%s", out);
243 vam->result_ready = 1;
248 * Table of message reply handlers, must include boilerplate handlers
251 #define foreach_vpe_api_reply_msg \
252 _(ACL_ADD_REPLACE_REPLY, acl_add_replace_reply) \
253 _(ACL_DEL_REPLY, acl_del_reply) \
254 _(ACL_INTERFACE_ADD_DEL_REPLY, acl_interface_add_del_reply) \
255 _(ACL_INTERFACE_SET_ACL_LIST_REPLY, acl_interface_set_acl_list_reply) \
256 _(ACL_INTERFACE_LIST_DETAILS, acl_interface_list_details) \
257 _(ACL_DETAILS, acl_details) \
258 _(MACIP_ACL_ADD_REPLY, macip_acl_add_reply) \
259 _(MACIP_ACL_DEL_REPLY, macip_acl_del_reply) \
260 _(MACIP_ACL_DETAILS, macip_acl_details) \
261 _(MACIP_ACL_INTERFACE_ADD_DEL_REPLY, macip_acl_interface_add_del_reply) \
262 _(MACIP_ACL_INTERFACE_GET_REPLY, macip_acl_interface_get_reply) \
263 _(ACL_PLUGIN_GET_VERSION_REPLY, acl_plugin_get_version_reply)
265 static int api_acl_plugin_get_version (vat_main_t * vam)
267 acl_test_main_t * sm = &acl_test_main;
268 vl_api_acl_plugin_get_version_t * mp;
269 u32 msg_size = sizeof(*mp);
272 vam->result_ready = 0;
273 mp = vl_msg_api_alloc_as_if_client(msg_size);
274 memset (mp, 0, msg_size);
275 mp->_vl_msg_id = ntohs (VL_API_ACL_PLUGIN_GET_VERSION + sm->msg_id_base);
276 mp->client_index = vam->my_client_index;
281 /* Wait for a reply... */
286 static int api_macip_acl_interface_get (vat_main_t * vam)
288 acl_test_main_t * sm = &acl_test_main;
289 vl_api_acl_plugin_get_version_t * mp;
290 u32 msg_size = sizeof(*mp);
293 vam->result_ready = 0;
294 mp = vl_msg_api_alloc_as_if_client(msg_size);
295 memset (mp, 0, msg_size);
296 mp->_vl_msg_id = ntohs (VL_API_MACIP_ACL_INTERFACE_GET + sm->msg_id_base);
297 mp->client_index = vam->my_client_index;
302 /* Wait for a reply... */
307 #define vec_validate_acl_rules(v, idx) \
309 if (vec_len(v) < idx+1) { \
310 vec_validate(v, idx); \
311 v[idx].is_permit = 0x1; \
312 v[idx].srcport_or_icmptype_last = 0xffff; \
313 v[idx].dstport_or_icmpcode_last = 0xffff; \
318 static int api_acl_add_replace (vat_main_t * vam)
320 acl_test_main_t * sm = &acl_test_main;
321 unformat_input_t * i = vam->input;
322 vl_api_acl_add_replace_t * mp;
324 u32 msg_size = sizeof (*mp); /* without the rules */
326 vl_api_acl_rule_t *rules = 0;
329 int n_rules_override = -1;
334 u32 tcpflags, tcpmask;
335 u32 src_prefix_length = 0, dst_prefix_length = 0;
336 ip4_address_t src_v4address, dst_v4address;
337 ip6_address_t src_v6address, dst_v6address;
341 if (!unformat (i, "%d", &acl_index)) {
345 while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
347 if (unformat (i, "ipv6"))
349 vec_validate_acl_rules(rules, rule_idx);
350 rules[rule_idx].is_ipv6 = 1;
352 else if (unformat (i, "ipv4"))
354 vec_validate_acl_rules(rules, rule_idx);
355 rules[rule_idx].is_ipv6 = 0;
357 else if (unformat (i, "permit+reflect"))
359 vec_validate_acl_rules(rules, rule_idx);
360 rules[rule_idx].is_permit = 2;
362 else if (unformat (i, "permit"))
364 vec_validate_acl_rules(rules, rule_idx);
365 rules[rule_idx].is_permit = 1;
367 else if (unformat (i, "count %d", &n_rules_override))
369 /* we will use this later */
371 else if (unformat (i, "action %d", &action))
373 vec_validate_acl_rules(rules, rule_idx);
374 rules[rule_idx].is_permit = action;
376 else if (unformat (i, "src %U/%d",
377 unformat_ip4_address, &src_v4address, &src_prefix_length))
379 vec_validate_acl_rules(rules, rule_idx);
380 memcpy (rules[rule_idx].src_ip_addr, &src_v4address, 4);
381 rules[rule_idx].src_ip_prefix_len = src_prefix_length;
382 rules[rule_idx].is_ipv6 = 0;
384 else if (unformat (i, "src %U/%d",
385 unformat_ip6_address, &src_v6address, &src_prefix_length))
387 vec_validate_acl_rules(rules, rule_idx);
388 memcpy (rules[rule_idx].src_ip_addr, &src_v6address, 16);
389 rules[rule_idx].src_ip_prefix_len = src_prefix_length;
390 rules[rule_idx].is_ipv6 = 1;
392 else if (unformat (i, "dst %U/%d",
393 unformat_ip4_address, &dst_v4address, &dst_prefix_length))
395 vec_validate_acl_rules(rules, rule_idx);
396 memcpy (rules[rule_idx].dst_ip_addr, &dst_v4address, 4);
397 rules[rule_idx].dst_ip_prefix_len = dst_prefix_length;
398 rules[rule_idx].is_ipv6 = 0;
400 else if (unformat (i, "dst %U/%d",
401 unformat_ip6_address, &dst_v6address, &dst_prefix_length))
403 vec_validate_acl_rules(rules, rule_idx);
404 memcpy (rules[rule_idx].dst_ip_addr, &dst_v6address, 16);
405 rules[rule_idx].dst_ip_prefix_len = dst_prefix_length;
406 rules[rule_idx].is_ipv6 = 1;
408 else if (unformat (i, "sport %d-%d", &port1, &port2))
410 vec_validate_acl_rules(rules, rule_idx);
411 rules[rule_idx].srcport_or_icmptype_first = htons(port1);
412 rules[rule_idx].srcport_or_icmptype_last = htons(port2);
414 else if (unformat (i, "sport %d", &port1))
416 vec_validate_acl_rules(rules, rule_idx);
417 rules[rule_idx].srcport_or_icmptype_first = htons(port1);
418 rules[rule_idx].srcport_or_icmptype_last = htons(port1);
420 else if (unformat (i, "dport %d-%d", &port1, &port2))
422 vec_validate_acl_rules(rules, rule_idx);
423 rules[rule_idx].dstport_or_icmpcode_first = htons(port1);
424 rules[rule_idx].dstport_or_icmpcode_last = htons(port2);
426 else if (unformat (i, "dport %d", &port1))
428 vec_validate_acl_rules(rules, rule_idx);
429 rules[rule_idx].dstport_or_icmpcode_first = htons(port1);
430 rules[rule_idx].dstport_or_icmpcode_last = htons(port1);
432 else if (unformat (i, "tcpflags %d %d", &tcpflags, &tcpmask))
434 vec_validate_acl_rules(rules, rule_idx);
435 rules[rule_idx].tcp_flags_value = tcpflags;
436 rules[rule_idx].tcp_flags_mask = tcpmask;
438 else if (unformat (i, "tcpflags %d mask %d", &tcpflags, &tcpmask))
440 vec_validate_acl_rules(rules, rule_idx);
441 rules[rule_idx].tcp_flags_value = tcpflags;
442 rules[rule_idx].tcp_flags_mask = tcpmask;
444 else if (unformat (i, "proto %d", &proto))
446 vec_validate_acl_rules(rules, rule_idx);
447 rules[rule_idx].proto = proto;
449 else if (unformat (i, "tag %s", &tag))
452 else if (unformat (i, ","))
455 vec_validate_acl_rules(rules, rule_idx);
461 /* Construct the API message */
462 vam->result_ready = 0;
465 n_rules = vec_len(rules);
469 if (n_rules_override >= 0)
470 n_rules = n_rules_override;
472 msg_size += n_rules*sizeof(rules[0]);
474 mp = vl_msg_api_alloc_as_if_client(msg_size);
475 memset (mp, 0, msg_size);
476 mp->_vl_msg_id = ntohs (VL_API_ACL_ADD_REPLACE + sm->msg_id_base);
477 mp->client_index = vam->my_client_index;
479 clib_memcpy(mp->r, rules, n_rules*sizeof (vl_api_acl_rule_t));
482 if (vec_len(tag) >= sizeof(mp->tag))
484 tag[sizeof(mp->tag)-1] = 0;
485 _vec_len(tag) = sizeof(mp->tag);
487 clib_memcpy(mp->tag, tag, vec_len(tag));
490 mp->acl_index = ntohl(acl_index);
491 mp->count = htonl(n_rules);
496 /* Wait for a reply... */
501 static int api_acl_del (vat_main_t * vam)
503 unformat_input_t * i = vam->input;
504 vl_api_acl_del_t * mp;
508 if (!unformat (i, "%d", &acl_index)) {
509 errmsg ("missing acl index\n");
513 /* Construct the API message */
515 mp->acl_index = ntohl(acl_index);
520 /* Wait for a reply... */
525 static int api_macip_acl_del (vat_main_t * vam)
527 unformat_input_t * i = vam->input;
528 vl_api_acl_del_t * mp;
532 if (!unformat (i, "%d", &acl_index)) {
533 errmsg ("missing acl index\n");
537 /* Construct the API message */
538 M(MACIP_ACL_DEL, mp);
539 mp->acl_index = ntohl(acl_index);
544 /* Wait for a reply... */
549 static int api_acl_interface_add_del (vat_main_t * vam)
551 unformat_input_t * i = vam->input;
552 vl_api_acl_interface_add_del_t * mp;
553 u32 sw_if_index = ~0;
559 // acl_interface_add_del <intfc> | sw_if_index <if-idx> acl_index <acl-idx> [out] [del]
561 while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
563 if (unformat (i, "%d", &acl_index))
570 /* Parse args required to build the message */
571 while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT) {
572 if (unformat (i, "%U", unformat_sw_if_index, vam, &sw_if_index))
574 else if (unformat (i, "sw_if_index %d", &sw_if_index))
576 else if (unformat (i, "add"))
578 else if (unformat (i, "del"))
580 else if (unformat (i, "acl %d", &acl_index))
582 else if (unformat (i, "input"))
584 else if (unformat (i, "output"))
590 if (sw_if_index == ~0) {
591 errmsg ("missing interface name / explicit sw_if_index number \n");
595 if (acl_index == ~0) {
596 errmsg ("missing ACL index\n");
602 /* Construct the API message */
603 M(ACL_INTERFACE_ADD_DEL, mp);
604 mp->acl_index = ntohl(acl_index);
605 mp->sw_if_index = ntohl(sw_if_index);
607 mp->is_input = is_input;
612 /* Wait for a reply... */
617 static int api_macip_acl_interface_add_del (vat_main_t * vam)
619 unformat_input_t * i = vam->input;
620 vl_api_macip_acl_interface_add_del_t * mp;
621 u32 sw_if_index = ~0;
626 /* Parse args required to build the message */
627 while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT) {
628 if (unformat (i, "%U", unformat_sw_if_index, vam, &sw_if_index))
630 else if (unformat (i, "sw_if_index %d", &sw_if_index))
632 else if (unformat (i, "add"))
634 else if (unformat (i, "del"))
636 else if (unformat (i, "acl %d", &acl_index))
642 if (sw_if_index == ~0) {
643 errmsg ("missing interface name / explicit sw_if_index number \n");
647 if (acl_index == ~0) {
648 errmsg ("missing ACL index\n");
654 /* Construct the API message */
655 M(MACIP_ACL_INTERFACE_ADD_DEL, mp);
656 mp->acl_index = ntohl(acl_index);
657 mp->sw_if_index = ntohl(sw_if_index);
663 /* Wait for a reply... */
668 static int api_acl_interface_set_acl_list (vat_main_t * vam)
670 unformat_input_t * i = vam->input;
671 vl_api_acl_interface_set_acl_list_t * mp;
672 u32 sw_if_index = ~0;
679 // acl_interface_set_acl_list <intfc> | sw_if_index <if-idx> input [acl-idx list] output [acl-idx list]
681 /* Parse args required to build the message */
682 while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT) {
683 if (unformat (i, "%U", unformat_sw_if_index, vam, &sw_if_index))
685 else if (unformat (i, "sw_if_index %d", &sw_if_index))
687 else if (unformat (i, "%d", &acl_index))
690 vec_add1(inacls, htonl(acl_index));
692 vec_add1(outacls, htonl(acl_index));
694 else if (unformat (i, "acl %d", &acl_index))
696 else if (unformat (i, "input"))
698 else if (unformat (i, "output"))
704 if (sw_if_index == ~0) {
705 errmsg ("missing interface name / explicit sw_if_index number \n");
709 /* Construct the API message */
710 M2(ACL_INTERFACE_SET_ACL_LIST, mp, sizeof(u32) * (vec_len(inacls) + vec_len(outacls)));
711 mp->sw_if_index = ntohl(sw_if_index);
712 mp->n_input = vec_len(inacls);
713 mp->count = vec_len(inacls) + vec_len(outacls);
714 vec_append(inacls, outacls);
715 if (vec_len(inacls) > 0)
716 clib_memcpy(mp->acls, inacls, vec_len(inacls)*sizeof(u32));
721 /* Wait for a reply... */
727 static int api_acl_interface_list_dump (vat_main_t * vam)
729 unformat_input_t * i = vam->input;
730 u32 sw_if_index = ~0;
731 vl_api_acl_interface_list_dump_t * mp;
734 /* Parse args required to build the message */
735 while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT) {
736 if (unformat (i, "%U", unformat_sw_if_index, vam, &sw_if_index))
738 else if (unformat (i, "sw_if_index %d", &sw_if_index))
744 /* Construct the API message */
745 M(ACL_INTERFACE_LIST_DUMP, mp);
746 mp->sw_if_index = ntohl (sw_if_index);
751 /* Wait for a reply... */
756 static int api_acl_dump (vat_main_t * vam)
758 unformat_input_t * i = vam->input;
760 vl_api_acl_dump_t * mp;
763 /* Parse args required to build the message */
764 while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT) {
765 if (unformat (i, "%d", &acl_index))
771 /* Construct the API message */
773 mp->acl_index = ntohl (acl_index);
778 /* Wait for a reply... */
783 static int api_macip_acl_dump (vat_main_t * vam)
785 unformat_input_t * i = vam->input;
787 vl_api_acl_dump_t * mp;
790 /* Parse args required to build the message */
791 while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT) {
792 if (unformat (i, "%d", &acl_index))
798 /* Construct the API message */
799 M(MACIP_ACL_DUMP, mp);
800 mp->acl_index = ntohl (acl_index);
805 /* Wait for a reply... */
810 #define vec_validate_macip_acl_rules(v, idx) \
812 if (vec_len(v) < idx+1) { \
813 vec_validate(v, idx); \
814 v[idx].is_permit = 0x1; \
819 static int api_macip_acl_add (vat_main_t * vam)
821 acl_test_main_t * sm = &acl_test_main;
822 unformat_input_t * i = vam->input;
823 vl_api_macip_acl_add_t * mp;
824 u32 msg_size = sizeof (*mp); /* without the rules */
826 vl_api_macip_acl_rule_t *rules = 0;
829 int n_rules_override = -1;
830 u32 src_prefix_length = 0;
832 ip4_address_t src_v4address;
833 ip6_address_t src_v6address;
836 u8 mac_mask_all_1[6] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
839 while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
841 if (unformat (i, "ipv6"))
843 vec_validate_macip_acl_rules(rules, rule_idx);
844 rules[rule_idx].is_ipv6 = 1;
846 else if (unformat (i, "ipv4"))
848 vec_validate_macip_acl_rules(rules, rule_idx);
849 rules[rule_idx].is_ipv6 = 1;
851 else if (unformat (i, "permit"))
853 vec_validate_macip_acl_rules(rules, rule_idx);
854 rules[rule_idx].is_permit = 1;
856 else if (unformat (i, "deny"))
858 vec_validate_macip_acl_rules(rules, rule_idx);
859 rules[rule_idx].is_permit = 0;
861 else if (unformat (i, "count %d", &n_rules_override))
863 /* we will use this later */
865 else if (unformat (i, "action %d", &action))
867 vec_validate_macip_acl_rules(rules, rule_idx);
868 rules[rule_idx].is_permit = action;
870 else if (unformat (i, "ip %U/%d",
871 unformat_ip4_address, &src_v4address, &src_prefix_length))
873 vec_validate_macip_acl_rules(rules, rule_idx);
874 memcpy (rules[rule_idx].src_ip_addr, &src_v4address, 4);
875 rules[rule_idx].src_ip_prefix_len = src_prefix_length;
876 rules[rule_idx].is_ipv6 = 0;
878 else if (unformat (i, "src"))
880 /* Everything in MACIP is "source" but allow this verbosity */
882 else if (unformat (i, "ip %U/%d",
883 unformat_ip6_address, &src_v6address, &src_prefix_length))
885 vec_validate_macip_acl_rules(rules, rule_idx);
886 memcpy (rules[rule_idx].src_ip_addr, &src_v6address, 16);
887 rules[rule_idx].src_ip_prefix_len = src_prefix_length;
888 rules[rule_idx].is_ipv6 = 1;
890 else if (unformat (i, "mac %U",
891 my_unformat_mac_address, &src_mac))
893 vec_validate_macip_acl_rules(rules, rule_idx);
894 memcpy (rules[rule_idx].src_mac, &src_mac, 6);
895 memcpy (rules[rule_idx].src_mac_mask, &mac_mask_all_1, 6);
897 else if (unformat (i, "mask %U",
898 my_unformat_mac_address, &src_mac))
900 vec_validate_macip_acl_rules(rules, rule_idx);
901 memcpy (rules[rule_idx].src_mac_mask, &src_mac, 6);
903 else if (unformat (i, "tag %s", &tag))
906 else if (unformat (i, ","))
909 vec_validate_macip_acl_rules(rules, rule_idx);
915 /* Construct the API message */
916 vam->result_ready = 0;
919 n_rules = vec_len(rules);
923 if (n_rules_override >= 0)
924 n_rules = n_rules_override;
926 msg_size += n_rules*sizeof(rules[0]);
928 mp = vl_msg_api_alloc_as_if_client(msg_size);
929 memset (mp, 0, msg_size);
930 mp->_vl_msg_id = ntohs (VL_API_MACIP_ACL_ADD + sm->msg_id_base);
931 mp->client_index = vam->my_client_index;
933 clib_memcpy(mp->r, rules, n_rules*sizeof (mp->r[0]));
936 if (vec_len(tag) >= sizeof(mp->tag))
938 tag[sizeof(mp->tag)-1] = 0;
939 _vec_len(tag) = sizeof(mp->tag);
941 clib_memcpy(mp->tag, tag, vec_len(tag));
945 mp->count = htonl(n_rules);
950 /* Wait for a reply... */
956 * List of messages that the api test plugin sends,
957 * and that the data plane plugin processes
959 #define foreach_vpe_api_msg \
960 _(acl_plugin_get_version, "") \
961 _(acl_add_replace, "<acl-idx> [<ipv4|ipv6> <permit|permit+reflect|deny|action N> [src IP/plen] [dst IP/plen] [sport X-Y] [dport X-Y] [proto P] [tcpflags FL MASK], ... , ...") \
962 _(acl_del, "<acl-idx>") \
963 _(acl_dump, "[<acl-idx>]") \
964 _(acl_interface_add_del, "<intfc> | sw_if_index <if-idx> [add|del] [input|output] acl <acl-idx>") \
965 _(acl_interface_set_acl_list, "<intfc> | sw_if_index <if-idx> input [acl-idx list] output [acl-idx list]") \
966 _(acl_interface_list_dump, "[<intfc> | sw_if_index <if-idx>]") \
967 _(macip_acl_add, "...") \
968 _(macip_acl_del, "<acl-idx>")\
969 _(macip_acl_dump, "[<acl-idx>]") \
970 _(macip_acl_interface_add_del, "<intfc> | sw_if_index <if-idx> [add|del] acl <acl-idx>") \
971 _(macip_acl_interface_get, "")
975 void acl_vat_api_hookup (vat_main_t *vam)
977 acl_test_main_t * sm = &acl_test_main;
978 /* Hook up handlers for replies from the data plane plug-in */
980 vl_msg_api_set_handlers((VL_API_##N + sm->msg_id_base), \
982 vl_api_##n##_t_handler, \
984 vl_api_##n##_t_endian, \
985 vl_api_##n##_t_print, \
986 sizeof(vl_api_##n##_t), 1);
987 foreach_vpe_api_reply_msg;
990 /* API messages we can send */
991 #define _(n,h) hash_set_mem (vam->function_by_name, #n, api_##n);
996 #define _(n,h) hash_set_mem (vam->help_by_name, #n, h);
1001 clib_error_t * vat_plugin_register (vat_main_t *vam)
1003 acl_test_main_t * sm = &acl_test_main;
1008 name = format (0, "acl_%08x%c", api_version, 0);
1009 sm->msg_id_base = vl_client_get_first_plugin_msg_id ((char *) name);
1011 if (sm->msg_id_base != (u16) ~0)
1012 acl_vat_api_hookup (vam);