+ int i;
+ for (i = 0; i < vec_len (am->macip_acls); i++)
+ macip_acl_print (am, i);
+ return error;
+}
+
+static clib_error_t *
+acl_show_aclplugin_macip_interface_fn (vlib_main_t * vm,
+ unformat_input_t *
+ input, vlib_cli_command_t * cmd)
+{
+ clib_error_t *error = 0;
+ acl_main_t *am = &acl_main;
+ int i;
+ for (i = 0; i < vec_len (am->macip_acl_by_sw_if_index); i++)
+ {
+ vlib_cli_output (vm, " sw_if_index %d: %d\n", i,
+ vec_elt (am->macip_acl_by_sw_if_index, i));
+ }
+ return error;
+}
+
+#define PRINT_AND_RESET(vm, out0) do { vlib_cli_output(vm, "%v", out0); vec_reset_length(out0); } while(0)
+static void
+acl_print_acl (vlib_main_t * vm, acl_main_t * am, int acl_index)
+{
+ acl_rule_t *r;
+ u8 *out0 = format (0, "acl-index %u count %u tag {%s}\n", acl_index,
+ am->acls[acl_index].count, am->acls[acl_index].tag);
+ int j;
+ PRINT_AND_RESET (vm, out0);
+ for (j = 0; j < am->acls[acl_index].count; j++)
+ {
+ r = &am->acls[acl_index].rules[j];
+ out0 = format (out0, " %4d: %s ", j, r->is_ipv6 ? "ipv6" : "ipv4");
+ out0 = format_acl_action (out0, r->is_permit);
+ out0 = format (out0, " src %U/%d", format_ip46_address, &r->src,
+ r->is_ipv6 ? IP46_TYPE_IP6 : IP46_TYPE_IP4,
+ r->src_prefixlen);
+ out0 =
+ format (out0, " dst %U/%d", format_ip46_address, &r->dst,
+ r->is_ipv6 ? IP46_TYPE_IP6 : IP46_TYPE_IP4, r->dst_prefixlen);
+ out0 = format (out0, " proto %d", r->proto);
+ out0 = format (out0, " sport %d", r->src_port_or_type_first);
+ if (r->src_port_or_type_first != r->src_port_or_type_last)
+ {
+ out0 = format (out0, "-%d", r->src_port_or_type_last);
+ }
+ out0 = format (out0, " dport %d", r->dst_port_or_code_first);
+ if (r->dst_port_or_code_first != r->dst_port_or_code_last)
+ {
+ out0 = format (out0, "-%d", r->dst_port_or_code_last);
+ }
+ if (r->tcp_flags_mask || r->tcp_flags_value)
+ {
+ out0 =
+ format (out0, " tcpflags %d mask %d", r->tcp_flags_value,
+ r->tcp_flags_mask);
+ }
+ out0 = format (out0, "\n");
+ PRINT_AND_RESET (vm, out0);
+ }
+}
+
+#undef PRINT_AND_RESET
+
+static void
+acl_plugin_show_acl (acl_main_t * am, u32 acl_index)
+{
+ u32 i;
+ vlib_main_t *vm = am->vlib_main;
+
+ for (i = 0; i < vec_len (am->acls); i++)
+ {
+ if (acl_is_not_defined (am, i))
+ {
+ /* don't attempt to show the ACLs that do not exist */
+ continue;
+ }
+ if ((acl_index != ~0) && (acl_index != i))
+ {
+ continue;
+ }
+ acl_print_acl (vm, am, i);
+
+ if (i < vec_len (am->input_sw_if_index_vec_by_acl))
+ {
+ vlib_cli_output (vm, " applied inbound on sw_if_index: %U\n",
+ format_vec32, am->input_sw_if_index_vec_by_acl[i],
+ "%d");
+ }
+ if (i < vec_len (am->output_sw_if_index_vec_by_acl))
+ {
+ vlib_cli_output (vm, " applied outbound on sw_if_index: %U\n",
+ format_vec32, am->output_sw_if_index_vec_by_acl[i],
+ "%d");
+ }
+ }
+}
+
+static clib_error_t *
+acl_show_aclplugin_acl_fn (vlib_main_t * vm,
+ unformat_input_t * input, vlib_cli_command_t * cmd)
+{
+ clib_error_t *error = 0;
+ acl_main_t *am = &acl_main;
+
+ u32 acl_index = ~0;
+ (void) unformat (input, "index %u", &acl_index);
+
+ acl_plugin_show_acl (am, acl_index);
+ return error;
+}
+
+static void
+acl_plugin_show_interface (acl_main_t * am, u32 sw_if_index, int show_acl)
+{
+ vlib_main_t *vm = am->vlib_main;
+ u32 swi;
+ u32 *pj;
+ for (swi = 0; (swi < vec_len (am->input_acl_vec_by_sw_if_index)) ||
+ (swi < vec_len (am->output_acl_vec_by_sw_if_index)); swi++)
+ {
+ /* if we need a particular interface, skip all the others */
+ if ((sw_if_index != ~0) && (sw_if_index != swi))
+ continue;
+
+ vlib_cli_output (vm, "sw_if_index %d:\n", swi);
+
+ if (intf_has_etype_whitelist (am, swi, 1))
+ {
+ vlib_cli_output (vm, " input etype whitelist: %U", format_vec16,
+ am->input_etype_whitelist_by_sw_if_index[swi],
+ "%04x");
+ }
+ if (intf_has_etype_whitelist (am, swi, 0))
+ {
+ vlib_cli_output (vm, " output etype whitelist: %U", format_vec16,
+ am->output_etype_whitelist_by_sw_if_index[swi],
+ "%04x");
+ }
+
+ if ((swi < vec_len (am->input_acl_vec_by_sw_if_index)) &&
+ (vec_len (am->input_acl_vec_by_sw_if_index[swi]) > 0))
+ {
+ vlib_cli_output (vm, " input acl(s): %U", format_vec32,
+ am->input_acl_vec_by_sw_if_index[swi], "%d");
+ if (show_acl)
+ {
+ vlib_cli_output (vm, "\n");
+ vec_foreach (pj, am->input_acl_vec_by_sw_if_index[swi])
+ {
+ acl_print_acl (vm, am, *pj);
+ }
+ vlib_cli_output (vm, "\n");
+ }
+ }
+
+ if ((swi < vec_len (am->output_acl_vec_by_sw_if_index)) &&
+ (vec_len (am->output_acl_vec_by_sw_if_index[swi]) > 0))
+ {
+ vlib_cli_output (vm, " output acl(s): %U", format_vec32,
+ am->output_acl_vec_by_sw_if_index[swi], "%d");
+ if (show_acl)
+ {
+ vlib_cli_output (vm, "\n");
+ vec_foreach (pj, am->output_acl_vec_by_sw_if_index[swi])
+ {
+ acl_print_acl (vm, am, *pj);
+ }
+ vlib_cli_output (vm, "\n");
+ }
+ }
+ }
+
+}
+
+
+static clib_error_t *
+acl_show_aclplugin_decode_5tuple_fn (vlib_main_t * vm,
+ unformat_input_t * input,
+ vlib_cli_command_t * cmd)
+{
+ clib_error_t *error = 0;
+ u64 five_tuple[6] = { 0, 0, 0, 0, 0, 0 };
+
+ if (unformat
+ (input, "%llx %llx %llx %llx %llx %llx", &five_tuple[0], &five_tuple[1],
+ &five_tuple[2], &five_tuple[3], &five_tuple[4], &five_tuple[5]))
+ vlib_cli_output (vm, "5-tuple structure decode: %U\n\n",
+ format_acl_plugin_5tuple, five_tuple);
+ else
+ error = clib_error_return (0, "expecting 6 hex integers");
+ return error;
+}
+
+
+static clib_error_t *
+acl_show_aclplugin_interface_fn (vlib_main_t * vm,
+ unformat_input_t *
+ input, vlib_cli_command_t * cmd)
+{
+ clib_error_t *error = 0;
+ acl_main_t *am = &acl_main;
+
+ u32 sw_if_index = ~0;
+ (void) unformat (input, "sw_if_index %u", &sw_if_index);
+ int show_acl = unformat (input, "acl");
+
+ acl_plugin_show_interface (am, sw_if_index, show_acl);
+ return error;
+}
+
+static clib_error_t *
+acl_show_aclplugin_memory_fn (vlib_main_t * vm,
+ unformat_input_t * input,
+ vlib_cli_command_t * cmd)
+{
+ clib_error_t *error = 0;
+ acl_main_t *am = &acl_main;
+
+ vlib_cli_output (vm, "ACL plugin main heap statistics:\n");
+ if (am->acl_mheap)
+ {
+ vlib_cli_output (vm, " %U\n", format_mheap, am->acl_mheap, 1);
+ }
+ else
+ {
+ vlib_cli_output (vm, " Not initialized\n");
+ }
+ vlib_cli_output (vm, "ACL hash lookup support heap statistics:\n");
+ if (am->hash_lookup_mheap)
+ {
+ vlib_cli_output (vm, " %U\n", format_mheap, am->hash_lookup_mheap, 1);
+ }
+ else
+ {
+ vlib_cli_output (vm, " Not initialized\n");
+ }
+ return error;
+}