#include <vnet/l2/l2_classify.h>
#include <vnet/classify/input_acl.h>
+#include <vpp/app/version.h>
#include <vlibapi/api.h>
#include <vlibmemory/api.h>
acl_main_t acl_main;
-/*
- * A handy macro to set up a message reply.
- * Assumes that the following variables are available:
- * mp - pointer to request message
- * rmp - pointer to reply message type
- * rv - return value
- */
-
-#define REPLY_MACRO(t) \
-do { \
- unix_shared_memory_queue_t * q = \
- vl_api_client_index_to_input_queue (mp->client_index); \
- if (!q) \
- return; \
- \
- rmp = vl_msg_api_alloc (sizeof (*rmp)); \
- rmp->_vl_msg_id = ntohs((t)+sm->msg_id_base); \
- rmp->context = mp->context; \
- rmp->retval = ntohl(rv); \
- \
- vl_msg_api_send_shmem (q, (u8 *)&rmp); \
-} while(0);
-
-#define REPLY_MACRO2(t, body) \
-do { \
- unix_shared_memory_queue_t * q; \
- rv = vl_msg_api_pd_handler (mp, rv); \
- q = vl_api_client_index_to_input_queue (mp->client_index); \
- if (!q) \
- return; \
- \
- rmp = vl_msg_api_alloc (sizeof (*rmp)); \
- rmp->_vl_msg_id = ntohs((t)+am->msg_id_base); \
- rmp->context = mp->context; \
- rmp->retval = ntohl(rv); \
- do {body;} while (0); \
- vl_msg_api_send_shmem (q, (u8 *)&rmp); \
-} while(0);
-
-#define REPLY_MACRO3(t, n, body) \
-do { \
- unix_shared_memory_queue_t * q; \
- rv = vl_msg_api_pd_handler (mp, rv); \
- q = vl_api_client_index_to_input_queue (mp->client_index); \
- if (!q) \
- return; \
- \
- rmp = vl_msg_api_alloc (sizeof (*rmp) + n); \
- rmp->_vl_msg_id = ntohs((t)+am->msg_id_base); \
- rmp->context = mp->context; \
- rmp->retval = ntohl(rv); \
- do {body;} while (0); \
- vl_msg_api_send_shmem (q, (u8 *)&rmp); \
-} while(0);
-
+#define REPLY_MSG_ID_BASE am->msg_id_base
+#include <vlibapi/api_helper_macros.h>
/* List of message types that this plugin understands */
_(MACIP_ACL_DUMP, macip_acl_dump) \
_(MACIP_ACL_INTERFACE_GET, macip_acl_interface_get)
-/*
- * This routine exists to convince the vlib plugin framework that
- * we haven't accidentally copied a random .dll into the plugin directory.
- *
- * Also collects global variable pointers passed from the vpp engine
- */
-
-clib_error_t *
-vlib_plugin_register (vlib_main_t * vm, vnet_plugin_handoff_t * h,
- int from_early_init)
-{
- acl_main_t *am = &acl_main;
- clib_error_t *error = 0;
-
- am->vlib_main = vm;
- am->vnet_main = h->vnet_main;
- am->ethernet_main = h->ethernet_main;
-
- l2sess_vlib_plugin_register(vm, h, from_early_init);
-
- return error;
-}
-
+/* *INDENT-OFF* */
+VLIB_PLUGIN_REGISTER () = {
+ .version = VPP_BUILD_VER,
+};
+/* *INDENT-ON* */
static void
vl_api_acl_plugin_get_version_t_handler (vl_api_acl_plugin_get_version_t * mp)
r->src_prefixlen = rules[i].src_ip_prefix_len;
r->dst_prefixlen = rules[i].dst_ip_prefix_len;
r->proto = rules[i].proto;
- r->src_port_or_type_first = rules[i].srcport_or_icmptype_first;
- r->src_port_or_type_last = rules[i].srcport_or_icmptype_last;
- r->dst_port_or_code_first = rules[i].dstport_or_icmpcode_first;
- r->dst_port_or_code_last = rules[i].dstport_or_icmpcode_last;
+ r->src_port_or_type_first = ntohs ( rules[i].srcport_or_icmptype_first );
+ r->src_port_or_type_last = ntohs ( rules[i].srcport_or_icmptype_last );
+ r->dst_port_or_code_first = ntohs ( rules[i].dstport_or_icmpcode_first );
+ r->dst_port_or_code_last = ntohs ( rules[i].dstport_or_icmpcode_last );
r->tcp_flags_value = rules[i].tcp_flags_value;
r->tcp_flags_mask = rules[i].tcp_flags_mask;
}
int is_ip6;
int is_ip4;
u8 proto;
- u16 src_port;
- u16 dst_port;
+ u16 src_port = 0;
+ u16 dst_port = 0;
u8 tcp_flags = 0;
int i;
acl_list_t *a;
{
*trace_bitmap |= 0x00000001;
/* type */
- src_port = *(u8 *) get_ptr_to_offset (b0, 34);
+ src_port = ((u16) (*(u8 *) get_ptr_to_offset (b0, 34)));
/* code */
- dst_port = *(u8 *) get_ptr_to_offset (b0, 35);
- }
- else
- {
+ dst_port = ((u16) (*(u8 *) get_ptr_to_offset (b0, 35)));
+ } else {
/* assume TCP/UDP */
- src_port = (*(u16 *) get_ptr_to_offset (b0, 34));
- dst_port = (*(u16 *) get_ptr_to_offset (b0, 36));
+ src_port = ntohs ((u16) (*(u16 *) get_ptr_to_offset (b0, 34)));
+ dst_port = ntohs ((u16) (*(u16 *) get_ptr_to_offset (b0, 36)));
/* UDP gets ability to check on an oddball data byte as a bonus */
tcp_flags = *(u8 *) get_ptr_to_offset (b0, 14 + 20 + 13);
}
{
*trace_bitmap |= 0x00000002;
/* type */
- src_port = *(u8 *) get_ptr_to_offset (b0, 54);
+ src_port = (u16) (*(u8 *) get_ptr_to_offset (b0, 54));
/* code */
- dst_port = *(u8 *) get_ptr_to_offset (b0, 55);
+ dst_port = (u16) (*(u8 *) get_ptr_to_offset (b0, 55));
}
else
{
/* assume TCP/UDP */
- src_port = (*(u16 *) get_ptr_to_offset (b0, 54));
- dst_port = (*(u16 *) get_ptr_to_offset (b0, 56));
+ src_port = ntohs ((u16) (*(u16 *) get_ptr_to_offset (b0, 54)));
+ dst_port = ntohs ((u16) (*(u16 *) get_ptr_to_offset (b0, 56)));
tcp_flags = *(u8 *) get_ptr_to_offset (b0, 14 + 40 + 13);
}
}
u8 prefix_len;
u32 count;
u32 table_index;
+ u32 arp_table_index;
} macip_match_type_t;
static u32
vec_sort_with_function (mvec, match_type_compare);
/* Create the classifier tables */
last_table = ~0;
+ /* First add ARP tables */
+ vec_foreach (mt, mvec)
+ {
+ int mask_len;
+ int is6 = mt->is_ipv6;
+
+ mt->arp_table_index = ~0;
+ if (!is6)
+ {
+ memset (mask, 0, sizeof (mask));
+ memcpy (&mask[6], mt->mac_mask, 6);
+ memset (&mask[12], 0xff, 2); /* ethernet protocol */
+ memcpy (&mask[14 + 8], mt->mac_mask, 6);
+
+ for (i = 0; i < (mt->prefix_len / 8); i++)
+ mask[14 + 14 + i] = 0xff;
+ if (mt->prefix_len % 8)
+ mask[14 + 14 + (mt->prefix_len / 8)] = 0xff - ((1 << (8 - mt->prefix_len % 8)) - 1);
+
+ mask_len = ((14 + 14 + ((mt->prefix_len+7) / 8) +
+ (sizeof (u32x4)-1))/sizeof(u32x4)) * sizeof (u32x4);
+ acl_classify_add_del_table_small (cm, mask, mask_len, last_table,
+ (~0 == last_table) ? 0 : ~0, &mt->arp_table_index,
+ 1);
+ last_table = mt->arp_table_index;
+ }
+ }
+ /* Now add IP[46] tables */
vec_foreach (mt, mvec)
{
int mask_len;
int l3_src_offs = get_l3_src_offset(is6);
memset (mask, 0, sizeof (mask));
memcpy (&mask[6], a->rules[i].src_mac, 6);
+ memset (&mask[12], 0xff, 2); /* ethernet protocol */
if (is6)
{
memcpy (&mask[l3_src_offs], &a->rules[i].src_ip_addr.ip6, 16);
+ mask[12] = 0x86;
+ mask[13] = 0xdd;
}
else
{
memcpy (&mask[l3_src_offs], &a->rules[i].src_ip_addr.ip4, 4);
+ mask[12] = 0x08;
+ mask[13] = 0x00;
}
match_type_index =
macip_find_match_type (mvec, a->rules[i].src_mac_mask,
vnet_classify_add_del_session (cm, mvec[match_type_index].table_index,
mask, a->rules[i].is_permit ? ~0 : 0, i,
0, action, metadata, 1);
+ /* add ARP table entry too */
+ if (!is6 && (mvec[match_type_index].arp_table_index != ~0))
+ {
+ memset (mask, 0, sizeof (mask));
+ memcpy (&mask[6], a->rules[i].src_mac, 6);
+ mask[12] = 0x08;
+ mask[13] = 0x06;
+ memcpy (&mask[14 + 8], a->rules[i].src_mac, 6);
+ memcpy (&mask[14 + 14], &a->rules[i].src_ip_addr.ip4, 4);
+ vnet_classify_add_del_session (cm, mvec[match_type_index].arp_table_index,
+ mask, a->rules[i].is_permit ? ~0 : 0, i,
+ 0, action, metadata, 1);
+ }
}
return 0;
}
static void
vl_api_acl_del_t_handler (vl_api_acl_del_t * mp)
{
- acl_main_t *sm = &acl_main;
+ acl_main_t *am = &acl_main;
vl_api_acl_del_reply_t *rmp;
int rv;
static void
vl_api_acl_interface_add_del_t_handler (vl_api_acl_interface_add_del_t * mp)
{
- acl_main_t *sm = &acl_main;
- vnet_interface_main_t *im = &sm->vnet_main->interface_main;
+ acl_main_t *am = &acl_main;
+ vnet_interface_main_t *im = &am->vnet_main->interface_main;
u32 sw_if_index = ntohl (mp->sw_if_index);
vl_api_acl_interface_add_del_reply_t *rmp;
int rv = -1;
vl_api_acl_interface_set_acl_list_t_handler
(vl_api_acl_interface_set_acl_list_t * mp)
{
- acl_main_t *sm = &acl_main;
+ acl_main_t *am = &acl_main;
vl_api_acl_interface_set_acl_list_reply_t *rmp;
int rv = 0;
int i;
- vnet_interface_main_t *im = &sm->vnet_main->interface_main;
+ vnet_interface_main_t *im = &am->vnet_main->interface_main;
u32 sw_if_index = ntohl (mp->sw_if_index);
if (pool_is_free_index(im->sw_interfaces, sw_if_index))
api_rule->src_ip_prefix_len = r->src_prefixlen;
api_rule->dst_ip_prefix_len = r->dst_prefixlen;
api_rule->proto = r->proto;
- api_rule->srcport_or_icmptype_first = r->src_port_or_type_first;
- api_rule->srcport_or_icmptype_last = r->src_port_or_type_last;
- api_rule->dstport_or_icmpcode_first = r->dst_port_or_code_first;
- api_rule->dstport_or_icmpcode_last = r->dst_port_or_code_last;
+ api_rule->srcport_or_icmptype_first = htons (r->src_port_or_type_first);
+ api_rule->srcport_or_icmptype_last = htons (r->src_port_or_type_last);
+ api_rule->dstport_or_icmpcode_first = htons (r->dst_port_or_code_first);
+ api_rule->dstport_or_icmpcode_last = htons (r->dst_port_or_code_last);
api_rule->tcp_flags_mask = r->tcp_flags_mask;
api_rule->tcp_flags_value = r->tcp_flags_value;
}
static void
vl_api_macip_acl_del_t_handler (vl_api_macip_acl_del_t * mp)
{
- acl_main_t *sm = &acl_main;
+ acl_main_t *am = &acl_main;
vl_api_macip_acl_del_reply_t *rmp;
int rv;
vl_api_macip_acl_interface_add_del_t_handler
(vl_api_macip_acl_interface_add_del_t * mp)
{
- acl_main_t *sm = &acl_main;
+ acl_main_t *am = &acl_main;
vl_api_macip_acl_interface_add_del_reply_t *rmp;
int rv = -1;
- vnet_interface_main_t *im = &sm->vnet_main->interface_main;
+ vnet_interface_main_t *im = &am->vnet_main->interface_main;
u32 sw_if_index = ntohl (mp->sw_if_index);
if (pool_is_free_index(im->sw_interfaces, sw_if_index))
static clib_error_t *
acl_plugin_api_hookup (vlib_main_t * vm)
{
- acl_main_t *sm = &acl_main;
+ acl_main_t *am = &acl_main;
#define _(N,n) \
- vl_msg_api_set_handlers((VL_API_##N + sm->msg_id_base), \
+ vl_msg_api_set_handlers((VL_API_##N + am->msg_id_base), \
#n, \
vl_api_##n##_t_handler, \
vl_noop_handler, \
#undef vl_msg_name_crc_list
static void
-setup_message_id_table (acl_main_t * sm, api_main_t * am)
+setup_message_id_table (acl_main_t * am, api_main_t * apim)
{
#define _(id,n,crc) \
- vl_msg_api_add_msg_name_crc (am, #n "_" #crc, id + sm->msg_id_base);
+ vl_msg_api_add_msg_name_crc (apim, #n "_" #crc, id + am->msg_id_base);
foreach_vl_msg_name_crc_acl;
#undef _
}
u32 next_out_ip4, u32 next_out_ip6)
{
acl_main_t *am = &acl_main;
- u32 act = am->n_match_actions;
if (am->n_match_actions == 255)
{
return ~0;
}
+ u32 act = am->n_match_actions;
am->n_match_actions++;
am->acl_in_ip4_match_next[act] = next_in_ip4;
am->acl_in_ip6_match_next[act] = next_in_ip6;
feat_bitmap_init_next_nodes (vm, acl_in_node.index, L2INPUT_N_FEAT,
l2input_get_feat_names (),
- am->acl_in_node_input_next_node_index);
+ am->acl_in_node_feat_next_node_index);
+
+ feat_bitmap_init_next_nodes (vm, acl_out_node.index, L2OUTPUT_N_FEAT,
+ l2output_get_feat_names (),
+ am->acl_out_node_feat_next_node_index);
memset (&am->acl_in_ip4_match_next[0], 0,
sizeof (am->acl_in_ip4_match_next));
Code Review / vpp.git / blobdiff