#include <vpp/app/version.h>
#include <vnet/ethernet/ethernet_types_api.h>
+#include <vnet/ip/format.h>
+#include <vnet/ethernet/ethernet.h>
+#include <vnet/ip/ip_types_api.h>
#include <vlibapi/api.h>
#include <vlibmemory/api.h>
#include <acl/acl.api_types.h>
#define vl_print(handle, ...) vlib_cli_output (handle, __VA_ARGS__)
-#include "manual_fns.h"
#include "fa_node.h"
#include "public_inlines.h"
typedef void (*acl_vector_print_func_t) (vlib_main_t * vm, u8 * out0);
+static inline u8 *
+format_acl_action (u8 * s, u8 action)
+{
+ switch (action)
+ {
+ case 0:
+ s = format (s, "deny");
+ break;
+ case 1:
+ s = format (s, "permit");
+ break;
+ case 2:
+ s = format (s, "permit+reflect");
+ break;
+ default:
+ s = format (s, "action %d", action);
+ }
+ return (s);
+}
+
static void
acl_print_acl_x (acl_vector_print_func_t vpr, vlib_main_t * vm,
acl_main_t * am, int acl_index)
u32 **pinout_lc_index_by_sw_if_index =
- is_input ? &am->
- input_lc_index_by_sw_if_index : &am->output_lc_index_by_sw_if_index;
+ is_input ? &am->input_lc_index_by_sw_if_index : &am->
+ output_lc_index_by_sw_if_index;
u32 ***pinout_acl_vec_by_sw_if_index =
- is_input ? &am->
- input_acl_vec_by_sw_if_index : &am->output_acl_vec_by_sw_if_index;
+ is_input ? &am->input_acl_vec_by_sw_if_index : &am->
+ output_acl_vec_by_sw_if_index;
u32 ***pinout_sw_if_index_vec_by_acl =
- is_input ? &am->
- input_sw_if_index_vec_by_acl : &am->output_sw_if_index_vec_by_acl;
+ is_input ? &am->input_sw_if_index_vec_by_acl : &am->
+ output_sw_if_index_vec_by_acl;
vec_validate ((*pinout_acl_vec_by_sw_if_index), sw_if_index);
{
if (~0 != (*pinout_lc_index_by_sw_if_index)[sw_if_index])
{
- acl_plugin.put_lookup_context_index ((*pinout_lc_index_by_sw_if_index)[sw_if_index]);
+ acl_plugin.
+ put_lookup_context_index ((*pinout_lc_index_by_sw_if_index)
+ [sw_if_index]);
(*pinout_lc_index_by_sw_if_index)[sw_if_index] = ~0;
}
}
: VNET_API_ERROR_ACL_IN_USE_OUTBOUND;
u32 ***pinout_acl_vec_by_sw_if_index =
- is_input ? &am->
- input_acl_vec_by_sw_if_index : &am->output_acl_vec_by_sw_if_index;
+ is_input ? &am->input_acl_vec_by_sw_if_index : &am->
+ output_acl_vec_by_sw_if_index;
int rv = 0;
if (is_add)
{
vnet_classify_add_del_session (cm, tag_table,
mask,
- a->
- rules[i].is_permit ? ~0 : 0,
- i, 0, action, metadata, 1);
+ a->rules[i].
+ is_permit ? ~0 : 0, i, 0,
+ action, metadata, 1);
}
}
}
{
/* *INDENT-OFF* */
/* Just dump all ACLs */
- pool_foreach (acl, am->acls,
- ({
+ pool_foreach (acl, am->acls)
+ {
send_acl_details(am, reg, acl, mp->context);
- }));
+ }
/* *INDENT-ON* */
}
else
if (mp->sw_if_index == ~0)
{
/* *INDENT-OFF* */
- pool_foreach (swif, im->sw_interfaces,
- ({
+ pool_foreach (swif, im->sw_interfaces)
+ {
send_acl_interface_list_details(am, reg, swif->sw_if_index, mp->context);
- }));
+ }
/* *INDENT-ON* */
}
else
{
/* Just dump all ACLs for now, with sw_if_index = ~0 */
/* *INDENT-OFF* */
- pool_foreach (acl, am->macip_acls,
- ({
+ pool_foreach (acl, am->macip_acls)
+ {
send_macip_acl_details (am, reg, acl, mp->context);
- }));
+ }
/* *INDENT-ON* */
}
else
if (~0 != am->macip_acl_by_sw_if_index[sw_if_index])
{
send_macip_acl_interface_list_details (am, reg, sw_if_index,
- am->macip_acl_by_sw_if_index
+ am->
+ macip_acl_by_sw_if_index
[sw_if_index],
mp->context);
}
if (mp->sw_if_index == ~0)
{
/* *INDENT-OFF* */
- pool_foreach (swif, im->sw_interfaces,
- ({
+ pool_foreach (swif, im->sw_interfaces)
+ {
send_acl_interface_etype_whitelist_details(am, reg, swif->sw_if_index, mp->context);
- }));
+ }
/* *INDENT-ON* */
}
else
}
vlib_cli_output (vm, " connection add/del stats:", wk);
/* *INDENT-OFF* */
- pool_foreach (swif, im->sw_interfaces,
- ({
+ pool_foreach (swif, im->sw_interfaces)
+ {
u32 sw_if_index = swif->sw_if_index;
u64 n_adds =
(sw_if_index < vec_len (pw->fa_session_adds_by_sw_if_index) ?
n_adds -
n_dels,
n_epoch_changes);
- }));
+ }
/* *INDENT-ON* */
vlib_cli_output (vm, " connection timeout type lists:", wk);