acl_set_heap(acl_main_t *am)
{
if (0 == am->acl_mheap) {
- am->acl_mheap = mheap_alloc (0 /* use VM */ , 2 << 29);
+ am->acl_mheap = mheap_alloc (0 /* use VM */ , am->acl_mheap_size);
mheap_t *h = mheap_header (am->acl_mheap);
h->flags |= MHEAP_FLAG_THREAD_SAFE;
}
}
if (acl_list_index < vec_len(am->input_sw_if_index_vec_by_acl)) {
- if (vec_len(am->input_sw_if_index_vec_by_acl[acl_list_index]) > 0) {
+ if (vec_len(pool_elt_at_index(am->input_sw_if_index_vec_by_acl, acl_list_index)) > 0) {
/* ACL is applied somewhere inbound. Refuse to delete */
return -1;
}
}
if (acl_list_index < vec_len(am->output_sw_if_index_vec_by_acl)) {
- if (vec_len(am->output_sw_if_index_vec_by_acl[acl_list_index]) > 0) {
+ if (vec_len(pool_elt_at_index(am->output_sw_if_index_vec_by_acl, acl_list_index)) > 0) {
/* ACL is applied somewhere outbound. Refuse to delete */
return -1;
}
hash_acl_delete(am, acl_list_index);
/* now we can delete the ACL itself */
- a = &am->acls[acl_list_index];
+ a = pool_elt_at_index (am->acls, acl_list_index);
if (a->rules)
vec_free (a->rules);
{
int rv = -1;
acl_main_t *am = &acl_main;
- void *oldheap = acl_set_heap(am);
if (is_add)
{
rv =
rv =
acl_interface_del_inout_acl (sw_if_index, is_input, acl_list_index);
}
- clib_mem_set_heap (oldheap);
return rv;
}
{
macip_match_type_t *mvec = NULL;
macip_match_type_t *mt;
- macip_acl_list_t *a = &am->macip_acls[macip_acl_index];
+ macip_acl_list_t *a = pool_elt_at_index (am->macip_acls, macip_acl_index);
int i;
u32 match_type_index;
u32 last_table;
1);
last_table = mt->table_index;
}
- a->ip4_table_index = ~0;
- a->ip6_table_index = ~0;
+ a->ip4_table_index = last_table;
+ a->ip6_table_index = last_table;
a->l2_table_index = last_table;
/* Populate the classifier tables with rules from the MACIP ACL */
macip_destroy_classify_tables (acl_main_t * am, u32 macip_acl_index)
{
vnet_classify_main_t *cm = &vnet_classify_main;
- macip_acl_list_t *a = &am->macip_acls[macip_acl_index];
+ macip_acl_list_t *a = pool_elt_at_index (am->macip_acls, macip_acl_index);
if (a->ip4_table_index != ~0)
{
}
else
{
- a = &am->macip_acls[*acl_list_index];
+ a = pool_elt_at_index (am->macip_acls, *acl_list_index);
if (a->rules)
{
vec_free (a->rules);
/* No point in deleting MACIP ACL which is not applied */
if (~0 == macip_acl_index)
return -1;
- a = &am->macip_acls[macip_acl_index];
+ a = pool_elt_at_index (am->macip_acls, macip_acl_index);
/* remove the classifier tables off the interface L2 ACL */
rv =
vnet_set_input_acl_intfc (am->vlib_main, sw_if_index, a->ip4_table_index,
return -1;
}
void *oldheap = acl_set_heap(am);
- a = &am->macip_acls[macip_acl_index];
+ a = pool_elt_at_index (am->macip_acls, macip_acl_index);
vec_validate_init_empty (am->macip_acl_by_sw_if_index, sw_if_index, ~0);
+ clib_mem_set_heap (oldheap);
/* If there already a MACIP ACL applied, unapply it */
if (~0 != am->macip_acl_by_sw_if_index[sw_if_index])
macip_acl_interface_del_acl(am, sw_if_index);
am->macip_acl_by_sw_if_index[sw_if_index] = macip_acl_index;
- clib_mem_set_heap (oldheap);
/* Apply the classifier tables for L2 ACLs */
rv =
macip_acl_del_list (u32 acl_list_index)
{
acl_main_t *am = &acl_main;
- void *oldheap = acl_set_heap(am);
macip_acl_list_t *a;
int i;
if (pool_is_free_index (am->macip_acls, acl_list_index))
}
}
+ void *oldheap = acl_set_heap(am);
/* Now that classifier tables are detached, clean them up */
macip_destroy_classify_tables (am, acl_list_index);
/* now we can delete the ACL itself */
- a = &am->macip_acls[acl_list_index];
+ a = pool_elt_at_index (am->macip_acls, acl_list_index);
if (a->rules)
{
vec_free (a->rules);
u32 acl_list_index)
{
acl_main_t *am = &acl_main;
- void *oldheap = acl_set_heap(am);
int rv = -1;
if (is_add)
{
{
rv = macip_acl_interface_del_acl (am, sw_if_index);
}
- clib_mem_set_heap (oldheap);
return rv;
}
{
acl_index = ntohl (mp->acl_index);
if (!pool_is_free_index (am->acls, acl_index))
- {
- acl = &am->acls[acl_index];
- send_acl_details (am, q, acl, mp->context);
- }
+ {
+ acl = pool_elt_at_index (am->acls, acl_index);
+ send_acl_details (am, q, acl, mp->context);
+ }
}
if (rv == -1)
{
u32 acl_index = ntohl (mp->acl_index);
if (!pool_is_free_index (am->macip_acls, acl_index))
- {
- acl = &am->macip_acls[acl_index];
- send_macip_acl_details (am, q, acl, mp->context);
- }
+ {
+ acl = pool_elt_at_index (am->macip_acls, acl_index);
+ send_macip_acl_details (am, q, acl, mp->context);
+ }
}
}
};
/* *INDENT-ON* */
-
+static clib_error_t *
+acl_plugin_config (vlib_main_t * vm, unformat_input_t * input)
+{
+ acl_main_t *am = &acl_main;
+ u32 conn_table_hash_buckets;
+ u32 conn_table_hash_memory_size;
+ u32 conn_table_max_entries;
+ u32 main_heap_size;
+ u32 hash_heap_size;
+ u32 hash_lookup_hash_buckets;
+ u32 hash_lookup_hash_memory;
+
+ while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT)
+ {
+ if (unformat (input, "connection hash buckets %d", &conn_table_hash_buckets))
+ am->fa_conn_table_hash_num_buckets = conn_table_hash_buckets;
+ else if (unformat (input, "connection hash memory %d",
+ &conn_table_hash_memory_size))
+ am->fa_conn_table_hash_memory_size = conn_table_hash_memory_size;
+ else if (unformat (input, "connection count max %d",
+ &conn_table_max_entries))
+ am->fa_conn_table_max_entries = conn_table_max_entries;
+ else if (unformat (input, "main heap size %d",
+ &main_heap_size))
+ am->acl_mheap_size = main_heap_size;
+ else if (unformat (input, "hash lookup heap size %d",
+ &hash_heap_size))
+ am->hash_lookup_mheap_size = hash_heap_size;
+ else if (unformat (input, "hash lookup hash buckets %d",
+ &hash_lookup_hash_buckets))
+ am->hash_lookup_hash_buckets = hash_lookup_hash_buckets;
+ else if (unformat (input, "hash lookup hash memory %d",
+ &hash_lookup_hash_memory))
+ am->hash_lookup_hash_memory = hash_lookup_hash_memory;
+ else
+ return clib_error_return (0, "unknown input '%U'",
+ format_unformat_error, input);
+ }
+ return 0;
+}
+VLIB_CONFIG_FUNCTION (acl_plugin_config, "acl-plugin");
static clib_error_t *
acl_init (vlib_main_t * vm)
acl_setup_fa_nodes();
+ am->acl_mheap_size = ACL_FA_DEFAULT_HEAP_SIZE;
+ am->hash_lookup_mheap_size = ACL_PLUGIN_HASH_LOOKUP_HEAP_SIZE;
+
+ am->hash_lookup_hash_buckets = ACL_PLUGIN_HASH_LOOKUP_HASH_BUCKETS;
+ am->hash_lookup_hash_memory = ACL_PLUGIN_HASH_LOOKUP_HASH_MEMORY;
+
am->session_timeout_sec[ACL_TIMEOUT_TCP_TRANSIENT] = TCP_SESSION_TRANSIENT_TIMEOUT_SEC;
am->session_timeout_sec[ACL_TIMEOUT_TCP_IDLE] = TCP_SESSION_IDLE_TIMEOUT_SEC;
am->session_timeout_sec[ACL_TIMEOUT_UDP_IDLE] = UDP_SESSION_IDLE_TIMEOUT_SEC;
Code Review / vpp.git / blobdiff