* ABF ACL module user id returned during the initialization
*/
static u32 abf_acl_user_id;
+/*
+ * ACL plugin method vtable
+ */
+
+static acl_plugin_methods_t acl_plugin;
/**
* A DB of attachments; key={abf_index,sw_if_index}
aia = abf_itf_attach_get (*aiai);
vec_add1 (acl_vec, aia->aia_acl);
}
- acl_plugin_set_acl_vec_for_context (abf_alctx_per_itf[fproto][sw_if_index],
+ acl_plugin.set_acl_vec_for_context (abf_alctx_per_itf[fproto][sw_if_index],
acl_vec);
vec_free (acl_vec);
}
return (VNET_API_ERROR_ENTRY_ALREADY_EXISTS);
/*
- * construt a new attachemnt object
+ * construct a new attachment object
*/
pool_get (abf_itf_attach_pool, aia);
if (1 == vec_len (abf_per_itf[fproto][sw_if_index]))
{
/*
- * when enabling the first ABF polciy on the interface
+ * when enabling the first ABF policy on the interface
* we need to enable the interface input feature
*/
vnet_feature_enable_disable ((FIB_PROTOCOL_IP4 == fproto ?
/* if this is the first ABF policy, we need to acquire an ACL lookup context */
vec_validate_init_empty (abf_alctx_per_itf[fproto], sw_if_index, ~0);
abf_alctx_per_itf[fproto][sw_if_index] =
- acl_plugin_get_lookup_context_index (abf_acl_user_id, sw_if_index, 0);
+ acl_plugin.get_lookup_context_index (abf_acl_user_id, sw_if_index, 0);
}
else
{
abf_setup_acl_lc (fproto, sw_if_index);
/*
- * become a child of the ABF poilcy so we are notified when
+ * become a child of the ABF policy so we are notified when
* its forwarding changes.
*/
aia->aia_sibling = fib_node_child_add (abf_policy_fib_node_type,
u32 index;
/*
- * check this is a valid attahment
+ * check this is a valid attachment
*/
aia = abf_itf_attach_db_find (policy_id, sw_if_index);
if (NULL == aia)
- return (VNET_API_ERROR_ENTRY_ALREADY_EXISTS);
+ return (VNET_API_ERROR_NO_SUCH_ENTRY);
/*
- * first remove from the interface's vecotr
+ * first remove from the interface's vector
*/
ASSERT (abf_per_itf[fproto]);
ASSERT (abf_per_itf[fproto][sw_if_index]);
if (0 == vec_len (abf_per_itf[fproto][sw_if_index]))
{
/*
- * when deleting the last ABF polciy on the interface
+ * when deleting the last ABF policy on the interface
* we need to disable the interface input feature
*/
vnet_feature_enable_disable ((FIB_PROTOCOL_IP4 == fproto ?
sw_if_index, 0, NULL, 0);
/* Return the lookup context, invalidate its id in our records */
- acl_plugin_put_lookup_context_index (abf_alctx_per_itf[fproto]
+ acl_plugin.put_lookup_context_index (abf_alctx_per_itf[fproto]
[sw_if_index]);
abf_alctx_per_itf[fproto][sw_if_index] = ~0;
}
aia->aia_abf, aia->aia_sibling);
/*
- * remove the attahcment from the DB
+ * remove the attachment from the DB
*/
abf_itf_attach_db_del (policy_id, sw_if_index);
abf_policy_t *ap;
ap = abf_policy_get (aia->aia_abf);
- s = format (s, "abf-interface-attach: policy:%d prioity:%d",
+ s = format (s, "abf-interface-attach: policy:%d priority:%d",
ap->ap_id, aia->aia_prio);
s = format (s, "\n %U", format_dpo_id, &aia->aia_dpo, 2);
vlib_node_runtime_t * node,
vlib_frame_t * frame, fib_protocol_t fproto)
{
- u32 n_left_from, *from, *to_next, next_index, matches;
+ u32 n_left_from, *from, *to_next, next_index, matches, misses;
from = vlib_frame_vector_args (frame);
n_left_from = frame->n_vectors;
next_index = node->cached_next_index;
- matches = 0;
+ matches = misses = 0;
while (n_left_from > 0)
{
u32 match_acl_pos = ~0;
u32 match_rule_index = ~0;
u32 trace_bitmap = 0;
+ u32 lc_index;
u8 action;
bi0 = from[0];
/*
* check if any of the policies attached to this interface matches.
*/
- u32 lc_index = abf_alctx_per_itf[fproto][sw_if_index0];
+ lc_index = abf_alctx_per_itf[fproto][sw_if_index0];
- acl_plugin_fill_5tuple (lc_index, b0, (FIB_PROTOCOL_IP6 == fproto),
- 1, 0, &fa_5tuple0);
-
- if (acl_plugin_match_5tuple
- (lc_index, &fa_5tuple0, (FIB_PROTOCOL_IP6 == fproto), &action,
- &match_acl_pos, &match_acl_index, &match_rule_index,
- &trace_bitmap))
+ /*
+ A non-inline version looks like this:
+
+ acl_plugin.fill_5tuple (lc_index, b0, (FIB_PROTOCOL_IP6 == fproto),
+ 1, 0, &fa_5tuple0);
+ if (acl_plugin.match_5tuple
+ (lc_index, &fa_5tuple0, (FIB_PROTOCOL_IP6 == fproto), &action,
+ &match_acl_pos, &match_acl_index, &match_rule_index,
+ &trace_bitmap))
+ . . .
+ */
+ acl_plugin_fill_5tuple_inline (acl_plugin.p_acl_main, lc_index, b0,
+ (FIB_PROTOCOL_IP6 == fproto), 1, 0,
+ &fa_5tuple0);
+
+ if (acl_plugin_match_5tuple_inline
+ (acl_plugin.p_acl_main, lc_index, &fa_5tuple0,
+ (FIB_PROTOCOL_IP6 == fproto), &action, &match_acl_pos,
+ &match_acl_index, &match_rule_index, &trace_bitmap))
{
/*
* match:
* miss:
* move on down the feature arc
*/
- vnet_feature_next (sw_if_index0, &next0, b0);
+ vnet_feature_next (&next0, b0);
+ misses++;
}
if (PREDICT_FALSE (b0->flags & VLIB_BUFFER_IS_TRACED))
abf_ip4_node.index :
abf_ip6_node.index),
ABF_ERROR_MATCHED, matches);
+ vlib_node_increment_counter (vm,
+ (fproto = FIB_PROTOCOL_IP6 ?
+ abf_ip4_node.index :
+ abf_ip6_node.index),
+ ABF_ERROR_MISSED, misses);
return frame->n_vectors;
}
{
abf_itf_attach_fib_node_type =
fib_node_register_new_type (&abf_itf_attach_vft);
- clib_error_t *acl_init_res = acl_plugin_exports_init ();
+ clib_error_t *acl_init_res = acl_plugin_exports_init (&acl_plugin);
if (acl_init_res)
return (acl_init_res);
abf_acl_user_id =
- acl_plugin_register_user_module ("abp plugin", "sw_if_index", NULL);
+ acl_plugin.register_user_module ("ABF plugin", "sw_if_index", NULL);
return (NULL);
}
-VLIB_INIT_FUNCTION (abf_itf_bond_init);
+/* *INDENT-OFF* */
+VLIB_INIT_FUNCTION (abf_itf_bond_init) =
+{
+ .runs_after = VLIB_INITS("acl_init"),
+};
+/* *INDENT-ON* */
/*
* fd.io coding-style-patch-verification: ON