acl_plugin_counter_unlock (am);
}
-static int
-acl_api_ip4_invalid_prefix (const vl_api_prefix_t * prefix)
-{
- ip4_address_t ip4_addr;
- ip4_address_t ip4_mask;
- ip4_address_t ip4_masked_addr;
-
- if (prefix->len > 32)
- return 1;
-
- ip4_address_decode (prefix->address.un.ip4, &ip4_addr);
- ip4_preflen_to_mask (prefix->len, &ip4_mask);
- ip4_masked_addr.as_u32 = ip4_addr.as_u32 & ip4_mask.as_u32;
- int ret = (ip4_masked_addr.as_u32 != ip4_addr.as_u32);
- if (ret)
- {
- clib_warning
- ("inconsistent addr %U for prefix len %d; (%U when masked)",
- format_ip4_address, prefix->address.un.ip4, prefix->len,
- format_ip4_address, &ip4_masked_addr);
- }
- return ret;
-}
-
-static int
-acl_api_ip6_invalid_prefix (const vl_api_prefix_t * prefix)
-{
- ip6_address_t ip6_addr;
- ip6_address_t ip6_mask;
- ip6_address_t ip6_masked_addr;
-
- if (prefix->len > 128)
- return 1;
-
- ip6_address_decode (prefix->address.un.ip6, &ip6_addr);
- ip6_preflen_to_mask (prefix->len, &ip6_mask);
- ip6_masked_addr.as_u64[0] = ip6_addr.as_u64[0] & ip6_mask.as_u64[0];
- ip6_masked_addr.as_u64[1] = ip6_addr.as_u64[1] & ip6_mask.as_u64[1];
- int ret = ((ip6_masked_addr.as_u64[0] != ip6_addr.as_u64[0])
- || (ip6_masked_addr.as_u64[1] != ip6_addr.as_u64[1]));
- if (ret)
- {
- clib_warning
- ("inconsistent addr %U for prefix len %d; (%U when masked)",
- format_ip6_address, prefix->address.un.ip6, prefix->len,
- format_ip6_address, &ip6_masked_addr);
- }
- return ret;
-}
-
static int
acl_api_invalid_prefix (const vl_api_prefix_t * prefix)
{
- if (prefix->address.af == ADDRESS_IP6)
- return acl_api_ip6_invalid_prefix (prefix);
- return acl_api_ip4_invalid_prefix (prefix);
+ ip_prefix_t ip_prefix;
+ return ip_prefix_decode2 (prefix, &ip_prefix);
}
static int
*/
vec_validate_init_empty ((*pinout_lc_index_by_sw_if_index), sw_if_index,
~0);
+ /* lookup context creation is to be done in global heap */
+ void *oldheap = clib_mem_set_heap (am->vlib_main->heap_base);
if (vec_len (vec_acl_list_index) > 0)
{
u32 lc_index = (*pinout_lc_index_by_sw_if_index)[sw_if_index];
(*pinout_lc_index_by_sw_if_index)[sw_if_index] = ~0;
}
}
+ clib_mem_set_heap (oldheap);
/* ensure ACL processing is enabled/disabled as needed */
acl_interface_inout_enable_disable (am, sw_if_index, is_input,
u32 action = 0;
u32 tcpflags, tcpmask;
u32 src_prefix_length = 0, dst_prefix_length = 0;
- ip4_address_t src_v4address, dst_v4address;
- ip6_address_t src_v6address, dst_v6address;
+ ip46_address_t src, dst;
u8 *tag = (u8 *) "cli";
if (!unformat_user (input, unformat_line_input, line_input))
while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
{
- if (unformat (line_input, "ipv6"))
- {
- vec_validate_acl_rules (rules, rule_idx);
- rules[rule_idx].is_ipv6 = 1;
- }
- else if (unformat (line_input, "ipv4"))
- {
- vec_validate_acl_rules (rules, rule_idx);
- rules[rule_idx].is_ipv6 = 0;
- }
- else if (unformat (line_input, "permit+reflect"))
+ if (unformat (line_input, "permit+reflect"))
{
vec_validate_acl_rules (rules, rule_idx);
rules[rule_idx].is_permit = 2;
rules[rule_idx].is_permit = action;
}
else if (unformat (line_input, "src %U/%d",
- unformat_ip4_address, &src_v4address,
+ unformat_ip46_address, &src, IP46_TYPE_ANY,
&src_prefix_length))
{
vec_validate_acl_rules (rules, rule_idx);
- memcpy (rules[rule_idx].src_ip_addr, &src_v4address, 4);
- rules[rule_idx].src_ip_prefix_len = src_prefix_length;
- rules[rule_idx].is_ipv6 = 0;
- }
- else if (unformat (line_input, "src %U/%d",
- unformat_ip6_address, &src_v6address,
- &src_prefix_length))
- {
- vec_validate_acl_rules (rules, rule_idx);
- memcpy (rules[rule_idx].src_ip_addr, &src_v6address, 16);
- rules[rule_idx].src_ip_prefix_len = src_prefix_length;
- rules[rule_idx].is_ipv6 = 1;
- }
- else if (unformat (line_input, "dst %U/%d",
- unformat_ip4_address, &dst_v4address,
- &dst_prefix_length))
- {
- vec_validate_acl_rules (rules, rule_idx);
- memcpy (rules[rule_idx].dst_ip_addr, &dst_v4address, 4);
- rules[rule_idx].dst_ip_prefix_len = dst_prefix_length;
- rules[rule_idx].is_ipv6 = 0;
+ ip_address_encode (&src, IP46_TYPE_ANY,
+ &rules[rule_idx].src_prefix.address);
+ rules[rule_idx].src_prefix.address.af = ADDRESS_IP4;
+ rules[rule_idx].src_prefix.len = src_prefix_length;
}
else if (unformat (line_input, "dst %U/%d",
- unformat_ip6_address, &dst_v6address,
+ unformat_ip46_address, &dst, IP46_TYPE_ANY,
&dst_prefix_length))
{
vec_validate_acl_rules (rules, rule_idx);
- memcpy (rules[rule_idx].dst_ip_addr, &dst_v6address, 16);
- rules[rule_idx].dst_ip_prefix_len = dst_prefix_length;
- rules[rule_idx].is_ipv6 = 1;
+ ip_address_encode (&dst, IP46_TYPE_ANY,
+ &rules[rule_idx].dst_prefix.address);
+ rules[rule_idx].dst_prefix.address.af = ADDRESS_IP4;
+ rules[rule_idx].dst_prefix.len = dst_prefix_length;
}
else if (unformat (line_input, "sport %d-%d", &port1, &port2))
{
Code Review / vpp.git / blobdiff