2 * Copyright (c) 2017 Cisco and/or its affiliates.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at:
7 * http://www.apache.org/licenses/LICENSE-2.0
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
16 #ifndef __VOM_ACL_LIST_H__
17 #define __VOM_ACL_LIST_H__
21 #include "vom/acl_l2_rule.hpp"
22 #include "vom/acl_l3_rule.hpp"
23 #include "vom/acl_types.hpp"
24 #include "vom/dump_cmd.hpp"
26 #include "vom/inspect.hpp"
28 #include "vom/rpc_cmd.hpp"
29 #include "vom/singular_db.hpp"
31 #include <vapi/acl.api.vapi.hpp>
36 * An ACL list comprises a set of match actions rules to be applied to
38 * A list is bound to a given interface.
40 template <typename RULE, typename UPDATE, typename DELETE, typename DUMP>
41 class list : public object_base
45 * The KEY can be used to uniquely identify the ACL.
46 * (other choices for keys, like the summation of the properties
47 * of the rules, are rather too cumbersome to use
49 typedef std::string key_t;
52 * The rule container type
54 typedef std::multiset<RULE> rules_t;
57 * Construct a new object matching the desried state
59 list(const key_t& key)
64 list(const handle_t& hdl, const key_t& key)
70 list(const key_t& key, const rules_t& rules)
93 m_db.release(m_key, this);
97 * Return the 'sigular instance' of the ACL that matches this object
99 std::shared_ptr<list> singular() const { return find_or_add(*this); }
102 * Dump all ACLs into the stream provided
104 static void dump(std::ostream& os) { m_db.dump(os); }
107 * convert to string format for debug purposes
109 std::string to_string() const
111 std::ostringstream s;
112 s << "acl-list:[" << m_key << " " << m_hdl.to_string() << " rules:[";
114 for (auto rule : m_rules) {
115 s << rule.to_string() << " ";
124 * Insert priority sorted a rule into the list
126 void insert(const RULE& rule) { m_rules.insert(rule); }
129 * Remove a rule from the list
131 void remove(const RULE& rule) { m_rules.erase(rule); }
134 * Return the VPP assign handle
136 const handle_t& handle() const { return m_hdl.data(); }
139 * A command class that Create the list
142 : public rpc_cmd<HW::item<handle_t>, HW::item<handle_t>, UPDATE>
148 update_cmd(HW::item<handle_t>& item, const key_t& key, const rules_t& rules)
149 : rpc_cmd<HW::item<handle_t>, HW::item<handle_t>, UPDATE>(item)
156 * Issue the command to VPP/HW
158 rc_t issue(connection& con);
161 * convert to string format for debug purposes
163 std::string to_string() const
165 std::ostringstream s;
166 s << "ACL-list-update: " << this->item().to_string();
172 * Comparison operator - only used for UT
174 bool operator==(const update_cmd& other) const
176 return ((m_key == other.m_key) && (m_rules == other.m_rules));
181 std::shared_ptr<list> sp = find(m_key);
182 if (sp && this->item()) {
183 list::add(this->item().data(), sp);
189 rpc_cmd<HW::item<handle_t>, HW::item<handle_t>, UPDATE>::succeeded();
194 * A callback function for handling ACL creates
196 virtual vapi_error_e operator()(UPDATE& reply)
198 int acl_index = reply.get_response().get_payload().acl_index;
199 int retval = reply.get_response().get_payload().retval;
201 VOM_LOG(log_level_t::DEBUG) << this->to_string() << " " << retval;
203 HW::item<handle_t> res(acl_index, rc_t::from_vpp_retval(retval));
219 const rules_t& m_rules;
223 * A cmd class that Deletes an ACL
225 class delete_cmd : public rpc_cmd<HW::item<handle_t>, rc_t, DELETE>
231 delete_cmd(HW::item<handle_t>& item)
232 : rpc_cmd<HW::item<handle_t>, rc_t, DELETE>(item)
237 * Issue the command to VPP/HW
239 rc_t issue(connection& con) { return (rc_t::INVALID); }
242 * convert to string format for debug purposes
244 std::string to_string() const
246 std::ostringstream s;
247 s << "ACL-list-delete: " << this->item().to_string();
253 * Comparison operator - only used for UT
255 bool operator==(const delete_cmd& other) const
257 return (this->item().data() == other.item().data());
262 * A cmd class that Dumps all the ACLs
264 class dump_cmd : public VOM::dump_cmd<DUMP>
270 dump_cmd() = default;
271 dump_cmd(const dump_cmd& d) = default;
274 * Issue the command to VPP/HW
276 rc_t issue(connection& con) { return rc_t::INVALID; }
279 * convert to string format for debug purposes
281 std::string to_string() const { return ("acl-list-dump"); }
290 static std::shared_ptr<list> find(const handle_t& handle)
292 return (m_hdl_db[handle].lock());
295 static std::shared_ptr<list> find(const key_t& key)
297 return (m_db.find(key));
300 static void add(const handle_t& handle, std::shared_ptr<list> sp)
302 m_hdl_db[handle] = sp;
305 static void remove(const handle_t& handle) { m_hdl_db.erase(handle); }
309 * Class definition for listeners to OM events
311 class event_handler : public OM::listener, public inspect::command_handler
316 OM::register_listener(this);
317 inspect::register_handler({ "acl" }, "ACL lists", this);
319 virtual ~event_handler() = default;
322 * Handle a populate event
324 void handle_populate(const client_db::key_t& key);
327 * Handle a replay event
329 void handle_replay() { m_db.replay(); }
332 * Show the object in the Singular DB
334 void show(std::ostream& os) { m_db.dump(os); }
337 * Get the sortable Id of the listener
339 dependency_t order() const { return (dependency_t::ACL); }
343 * event_handler to register with OM
345 static event_handler m_evh;
348 * Enquue commonds to the VPP command Q for the update
350 void update(const list& obj)
353 * always update the instance with the latest rule set
355 if (!m_hdl || obj.m_rules != m_rules) {
356 HW::enqueue(new update_cmd(m_hdl, m_key, m_rules));
359 * We don't, can't, read the priority from VPP,
360 * so the is equals check above does not include the priorty.
361 * but we save it now.
363 m_rules = obj.m_rules;
369 HW::item<handle_t> m_hdl;
372 * Find or add the sigular instance in the DB
374 static std::shared_ptr<list> find_or_add(const list& temp)
376 return (m_db.find_or_add(temp.m_key, temp));
380 * It's the VOM::OM class that updates call update
382 friend class VOM::OM;
385 * It's the VOM::singular_db class that calls replay()
387 friend class singular_db<key_t, list>;
390 * Sweep/reap the object if still stale
395 HW::enqueue(new delete_cmd(m_hdl));
401 * Replay the objects state to HW
406 HW::enqueue(new update_cmd(m_hdl, m_key, m_rules));
411 * A map of all ACL's against the client's key
413 static singular_db<key_t, list> m_db;
416 * A map of all ACLs keyed against VPP's handle
418 static std::map<const handle_t, std::weak_ptr<list>> m_hdl_db;
421 * The Key is a user defined identifer for this ACL
426 * A sorted list of the rules
432 * Typedef the L3 ACL type
434 typedef list<l3_rule, vapi::Acl_add_replace, vapi::Acl_del, vapi::Acl_dump>
438 * Typedef the L2 ACL type
440 typedef list<l2_rule,
443 vapi::Macip_acl_dump>
447 * Definition of the static singular_db for ACL Lists
449 template <typename RULE, typename UPDATE, typename DELETE, typename DUMP>
450 singular_db<typename ACL::list<RULE, UPDATE, DELETE, DUMP>::key_t,
451 ACL::list<RULE, UPDATE, DELETE, DUMP>>
452 list<RULE, UPDATE, DELETE, DUMP>::m_db;
455 * Definition of the static per-handle DB for ACL Lists
457 template <typename RULE, typename UPDATE, typename DELETE, typename DUMP>
458 std::map<const handle_t, std::weak_ptr<ACL::list<RULE, UPDATE, DELETE, DUMP>>>
459 list<RULE, UPDATE, DELETE, DUMP>::m_hdl_db;
461 template <typename RULE, typename UPDATE, typename DELETE, typename DUMP>
462 typename ACL::list<RULE, UPDATE, DELETE, DUMP>::event_handler
463 list<RULE, UPDATE, DELETE, DUMP>::m_evh;
468 * fd.io coding-style-patch-verification: ON
471 * eval: (c-set-style "mozilla")