_(MACIP_ACL_INTERFACE_GET, macip_acl_interface_get) \
_(MACIP_ACL_INTERFACE_LIST_DUMP, macip_acl_interface_list_dump) \
_(ACL_INTERFACE_SET_ETYPE_WHITELIST, acl_interface_set_etype_whitelist) \
-_(ACL_INTERFACE_ETYPE_WHITELIST_DUMP, acl_interface_etype_whitelist_dump)
+_(ACL_INTERFACE_ETYPE_WHITELIST_DUMP, acl_interface_etype_whitelist_dump) \
+_(ACL_PLUGIN_GET_CONN_TABLE_MAX_ENTRIES,acl_plugin_get_conn_table_max_entries)
/* *INDENT-OFF* */
return;
rmp = vl_msg_api_alloc (msg_size);
- memset (rmp, 0, msg_size);
+ clib_memset (rmp, 0, msg_size);
rmp->_vl_msg_id =
ntohs (VL_API_ACL_PLUGIN_GET_VERSION_REPLY + am->msg_id_base);
rmp->context = mp->context;
acl_main_t * am, int acl_index)
{
acl_rule_t *r;
+ acl_rule_t *acl_rules = am->acls[acl_index].rules;
u8 *out0 = format (0, "acl-index %u count %u tag {%s}\n", acl_index,
- am->acls[acl_index].count, am->acls[acl_index].tag);
+ vec_len (acl_rules), am->acls[acl_index].tag);
int j;
vpr (vm, out0);
- for (j = 0; j < am->acls[acl_index].count; j++)
+ for (j = 0; j < vec_len (acl_rules); j++)
{
- r = &am->acls[acl_index].rules[j];
- out0 = format (out0, " %4d: %s ", j, r->is_ipv6 ? "ipv6" : "ipv4");
+ r = &acl_rules[j];
+ out0 = format (out0, " %9d: %s ", j, r->is_ipv6 ? "ipv6" : "ipv4");
out0 = format_acl_action (out0, r->is_permit);
out0 = format (out0, " src %U/%d", format_ip46_address, &r->src,
r->is_ipv6 ? IP46_TYPE_IP6 : IP46_TYPE_IP4,
}
}
+static void
+ vl_api_acl_plugin_get_conn_table_max_entries_t_handler
+ (vl_api_acl_plugin_get_conn_table_max_entries_t * mp)
+{
+ acl_main_t *am = &acl_main;
+ vl_api_acl_plugin_get_conn_table_max_entries_reply_t *rmp;
+ int msg_size = sizeof (*rmp);
+ unix_shared_memory_queue_t *q;
+
+ q = vl_api_client_index_to_input_queue (mp->client_index);
+ if (q == 0)
+ {
+ return;
+ }
+
+ rmp = vl_msg_api_alloc (msg_size);
+ memset (rmp, 0, msg_size);
+ rmp->_vl_msg_id =
+ ntohs (VL_API_ACL_PLUGIN_GET_CONN_TABLE_MAX_ENTRIES_REPLY +
+ am->msg_id_base);
+ rmp->context = mp->context;
+ rmp->conn_table_max_entries = __bswap_64 (am->fa_conn_table_max_entries);
+
+ vl_msg_api_send_shmem (q, (u8 *) & rmp);
+}
+
static void
acl_print_acl (vlib_main_t * vm, acl_main_t * am, int acl_index)
{
for (i = 0; i < count; i++)
{
r = vec_elt_at_index (acl_new_rules, i);
- memset (r, 0, sizeof (*r));
+ clib_memset (r, 0, sizeof (*r));
r->is_permit = rules[i].is_permit;
r->is_ipv6 = rules[i].is_ipv6;
if (r->is_ipv6)
{
/* Get ACL index */
pool_get_aligned (am->acls, a, CLIB_CACHE_LINE_BYTES);
- memset (a, 0, sizeof (*a));
+ clib_memset (a, 0, sizeof (*a));
/* Will return the newly allocated ACL index */
*acl_list_index = a - am->acls;
}
vec_free (a->rules);
}
a->rules = acl_new_rules;
- a->count = count;
memcpy (a->tag, tag, sizeof (a->tag));
if (am->trace_acl > 255)
warning_acl_print_acl (am->vlib_main, am, *acl_list_index);
*/
for (tags = 2; tags >= 0; tags--)
{
- memset (mask, 0, sizeof (mask));
+ clib_memset (mask, 0, sizeof (mask));
/* source MAC address */
memcpy (&mask[6], mt->mac_mask, 6);
{
case 0:
default:
- memset (&mask[12], 0xff, 2); /* ethernet protocol */
+ clib_memset (&mask[12], 0xff, 2); /* ethernet protocol */
l3_offset = 14;
last_tag_table = &mt->arp_table_index;
break;
case 1:
- memset (&mask[12], 0xff, 2); /* VLAN tag1 */
- memset (&mask[16], 0xff, 2); /* ethernet protocol */
+ clib_memset (&mask[12], 0xff, 2); /* VLAN tag1 */
+ clib_memset (&mask[16], 0xff, 2); /* ethernet protocol */
l3_offset = 18;
last_tag_table = &mt->arp_dot1q_table_index;
break;
case 2:
- memset (&mask[12], 0xff, 2); /* VLAN tag1 */
- memset (&mask[16], 0xff, 2); /* VLAN tag2 */
- memset (&mask[20], 0xff, 2); /* ethernet protocol */
+ clib_memset (&mask[12], 0xff, 2); /* VLAN tag1 */
+ clib_memset (&mask[16], 0xff, 2); /* VLAN tag2 */
+ clib_memset (&mask[20], 0xff, 2); /* ethernet protocol */
l3_offset = 22;
last_tag_table = &mt->arp_dot1ad_table_index;
break;
if (mt->has_egress)
{
/* egress ARP table */
- memset (mask, 0, sizeof (mask));
+ clib_memset (mask, 0, sizeof (mask));
switch (tags)
{
case 0:
default:
- memset (&mask[12], 0xff, 2); /* ethernet protocol */
+ clib_memset (&mask[12], 0xff, 2); /* ethernet protocol */
l3_offset = 14;
out_last_tag_table = &mt->out_arp_table_index;
break;
case 1:
- memset (&mask[12], 0xff, 2); /* VLAN tag1 */
- memset (&mask[16], 0xff, 2); /* ethernet protocol */
+ clib_memset (&mask[12], 0xff, 2); /* VLAN tag1 */
+ clib_memset (&mask[16], 0xff, 2); /* ethernet protocol */
l3_offset = 18;
out_last_tag_table = &mt->out_arp_dot1q_table_index;
break;
case 2:
- memset (&mask[12], 0xff, 2); /* VLAN tag1 */
- memset (&mask[16], 0xff, 2); /* VLAN tag2 */
- memset (&mask[20], 0xff, 2); /* ethernet protocol */
+ clib_memset (&mask[12], 0xff, 2); /* VLAN tag1 */
+ clib_memset (&mask[16], 0xff, 2); /* VLAN tag2 */
+ clib_memset (&mask[20], 0xff, 2); /* ethernet protocol */
l3_offset = 22;
out_last_tag_table = &mt->out_arp_dot1ad_table_index;
break;
*/
for (tags = 2; tags >= 0; tags--)
{
- memset (mask, 0, sizeof (mask));
+ clib_memset (mask, 0, sizeof (mask));
memcpy (&mask[6], mt->mac_mask, 6);
l3_src_offs = tags * 4 + get_l3_src_offset (is6);
switch (tags)
{
case 0:
default:
- memset (&mask[12], 0xff, 2); /* ethernet protocol */
+ clib_memset (&mask[12], 0xff, 2); /* ethernet protocol */
last_tag_table = &mt->table_index;
break;
case 1:
- memset (&mask[12], 0xff, 2); /* VLAN tag1 */
- memset (&mask[16], 0xff, 2); /* ethernet protocol */
+ clib_memset (&mask[12], 0xff, 2); /* VLAN tag1 */
+ clib_memset (&mask[16], 0xff, 2); /* ethernet protocol */
last_tag_table = &mt->dot1q_table_index;
break;
case 2:
- memset (&mask[12], 0xff, 2); /* VLAN tag1 */
- memset (&mask[16], 0xff, 2); /* VLAN tag2 */
- memset (&mask[20], 0xff, 2); /* ethernet protocol */
+ clib_memset (&mask[12], 0xff, 2); /* VLAN tag1 */
+ clib_memset (&mask[16], 0xff, 2); /* VLAN tag2 */
+ clib_memset (&mask[20], 0xff, 2); /* ethernet protocol */
last_tag_table = &mt->dot1ad_table_index;
break;
}
{
for (tags = 2; tags >= 0; tags--)
{
- memset (mask, 0, sizeof (mask));
+ clib_memset (mask, 0, sizeof (mask));
/* MAC destination */
memcpy (&mask[0], mt->mac_mask, 6);
l3_dst_offs = tags * 4 + get_l3_dst_offset (is6);
{
case 0:
default:
- memset (&mask[12], 0xff, 2); /* ethernet protocol */
+ clib_memset (&mask[12], 0xff, 2); /* ethernet protocol */
out_last_tag_table = &mt->out_table_index;
break;
case 1:
- memset (&mask[12], 0xff, 2); /* VLAN tag1 */
- memset (&mask[16], 0xff, 2); /* ethernet protocol */
+ clib_memset (&mask[12], 0xff, 2); /* VLAN tag1 */
+ clib_memset (&mask[16], 0xff, 2); /* ethernet protocol */
out_last_tag_table = &mt->out_dot1q_table_index;
break;
case 2:
- memset (&mask[12], 0xff, 2); /* VLAN tag1 */
- memset (&mask[16], 0xff, 2); /* VLAN tag2 */
- memset (&mask[20], 0xff, 2); /* ethernet protocol */
+ clib_memset (&mask[12], 0xff, 2); /* VLAN tag1 */
+ clib_memset (&mask[16], 0xff, 2); /* VLAN tag2 */
+ clib_memset (&mask[20], 0xff, 2); /* ethernet protocol */
out_last_tag_table = &mt->out_dot1ad_table_index;
break;
}
for (tags = 2; tags >= 0; tags--)
{
- memset (mask, 0, sizeof (mask));
+ clib_memset (mask, 0, sizeof (mask));
l3_src_offs = tags * 4 + get_l3_src_offset (is6);
memcpy (&mask[6], a->rules[i].src_mac, 6);
switch (tags)
vnet_classify_add_del_session (cm, tag_table,
mask, a->rules[i].is_permit ? ~0 : 0,
i, 0, action, metadata, 1);
- memset (&mask[12], 0, sizeof (mask) - 12);
+ clib_memset (&mask[12], 0, sizeof (mask) - 12);
}
/* add ARP table entry too */
if (!is6 && (mvec[match_type_index].arp_table_index != ~0))
{
- memset (mask, 0, sizeof (mask));
+ clib_memset (mask, 0, sizeof (mask));
memcpy (&mask[6], a->rules[i].src_mac, 6);
for (tags = 2; tags >= 0; tags--)
/* Add the egress entry with destination set */
for (tags = 2; tags >= 0; tags--)
{
- memset (mask, 0, sizeof (mask));
+ clib_memset (mask, 0, sizeof (mask));
l3_dst_offs = tags * 4 + get_l3_dst_offset (is6);
/* src mac in the other direction becomes dst */
memcpy (&mask[0], a->rules[i].src_mac, 6);
mask,
a->rules[i].is_permit ? ~0 : 0,
i, 0, action, metadata, 1);
- // memset (&mask[12], 0, sizeof (mask) - 12);
+ // clib_memset (&mask[12], 0, sizeof (mask) - 12);
}
/* add ARP table entry too */
{
for (tags = 2; tags >= 0; tags--)
{
- memset (mask, 0, sizeof (mask));
+ clib_memset (mask, 0, sizeof (mask));
switch (tags)
{
case 0:
{
/* Get ACL index */
pool_get_aligned (am->macip_acls, a, CLIB_CACHE_LINE_BYTES);
- memset (a, 0, sizeof (*a));
+ clib_memset (a, 0, sizeof (*a));
/* Will return the newly allocated ACL index */
*acl_list_index = a - am->macip_acls;
}
vl_api_acl_details_t *mp;
vl_api_acl_rule_t *rules;
int i;
- int msg_size = sizeof (*mp) + sizeof (mp->r[0]) * acl->count;
+ acl_rule_t *acl_rules = acl->rules;
+ int msg_size = sizeof (*mp) + sizeof (mp->r[0]) * vec_len (acl_rules);
void *oldheap = acl_set_heap (am);
mp = vl_msg_api_alloc (msg_size);
- memset (mp, 0, msg_size);
+ clib_memset (mp, 0, msg_size);
mp->_vl_msg_id = ntohs (VL_API_ACL_DETAILS + am->msg_id_base);
/* fill in the message */
mp->context = context;
- mp->count = htonl (acl->count);
+ mp->count = htonl (vec_len (acl_rules));
mp->acl_index = htonl (acl - am->acls);
memcpy (mp->tag, acl->tag, sizeof (mp->tag));
// clib_memcpy (mp->r, acl->rules, acl->count * sizeof(acl->rules[0]));
rules = mp->r;
- for (i = 0; i < acl->count; i++)
+ for (i = 0; i < vec_len (acl_rules); i++)
{
- copy_acl_rule_to_api_rule (&rules[i], &acl->rules[i]);
+ copy_acl_rule_to_api_rule (&rules[i], &acl_rules[i]);
}
clib_mem_set_heap (oldheap);
msg_size += sizeof (mp->acls[0]) * count;
mp = vl_msg_api_alloc (msg_size);
- memset (mp, 0, msg_size);
+ clib_memset (mp, 0, msg_size);
mp->_vl_msg_id =
ntohs (VL_API_ACL_INTERFACE_LIST_DETAILS + am->msg_id_base);
int msg_size = sizeof (*mp) + (acl ? sizeof (mp->r[0]) * acl->count : 0);
mp = vl_msg_api_alloc (msg_size);
- memset (mp, 0, msg_size);
+ clib_memset (mp, 0, msg_size);
mp->_vl_msg_id = ntohs (VL_API_MACIP_ACL_DETAILS + am->msg_id_base);
/* fill in the message */
return;
rmp = vl_msg_api_alloc (msg_size);
- memset (rmp, 0, msg_size);
+ clib_memset (rmp, 0, msg_size);
rmp->_vl_msg_id =
ntohs (VL_API_MACIP_ACL_INTERFACE_GET_REPLY + am->msg_id_base);
rmp->context = mp->context;
int msg_size = sizeof (*rmp) + sizeof (rmp->acls[0]);
rmp = vl_msg_api_alloc (msg_size);
- memset (rmp, 0, msg_size);
+ clib_memset (rmp, 0, msg_size);
rmp->_vl_msg_id =
ntohs (VL_API_MACIP_ACL_INTERFACE_LIST_DETAILS + am->msg_id_base);
msg_size += sizeof (mp->whitelist[0]) * count;
mp = vl_msg_api_alloc (msg_size);
- memset (mp, 0, msg_size);
+ clib_memset (mp, 0, msg_size);
mp->_vl_msg_id =
ntohs (VL_API_ACL_INTERFACE_ETYPE_WHITELIST_DETAILS + am->msg_id_base);
{
acl_main_t *am = &acl_main;
u32 conn_table_hash_buckets;
- u32 conn_table_hash_memory_size;
+ uword conn_table_hash_memory_size;
u32 conn_table_max_entries;
uword main_heap_size;
uword hash_heap_size;
u32 hash_lookup_hash_buckets;
- u32 hash_lookup_hash_memory;
+ uword hash_lookup_hash_memory;
u32 reclassify_sessions;
u32 use_tuple_merge;
u32 tuple_merge_split_threshold;
if (unformat
(input, "connection hash buckets %d", &conn_table_hash_buckets))
am->fa_conn_table_hash_num_buckets = conn_table_hash_buckets;
- else if (unformat (input, "connection hash memory %d",
- &conn_table_hash_memory_size))
+ else
+ if (unformat
+ (input, "connection hash memory %U", unformat_memory_size,
+ &conn_table_hash_memory_size))
am->fa_conn_table_hash_memory_size = conn_table_hash_memory_size;
else if (unformat (input, "connection count max %d",
&conn_table_max_entries))
else if (unformat (input, "hash lookup hash buckets %d",
&hash_lookup_hash_buckets))
am->hash_lookup_hash_buckets = hash_lookup_hash_buckets;
- else if (unformat (input, "hash lookup hash memory %d",
- &hash_lookup_hash_memory))
+ else
+ if (unformat
+ (input, "hash lookup hash memory %U", unformat_memory_size,
+ &hash_lookup_hash_memory))
am->hash_lookup_hash_memory = hash_lookup_hash_memory;
else if (unformat (input, "use tuple merge %d", &use_tuple_merge))
am->use_tuple_merge = use_tuple_merge;
{
acl_main_t *am = &acl_main;
clib_error_t *error = 0;
- memset (am, 0, sizeof (*am));
+ clib_memset (am, 0, sizeof (*am));
am->vlib_main = vm;
am->vnet_main = vnet_get_main ();
am->log_default = vlib_log_register_class ("acl_plugin", 0);