#define TCP_SESSION_IDLE_TIMEOUT_SEC (3600*24)
#define TCP_SESSION_TRANSIENT_TIMEOUT_SEC 120
-#define ACL_FA_DEFAULT_HEAP_SIZE (2 << 29)
-
#define ACL_PLUGIN_HASH_LOOKUP_HEAP_SIZE (2 << 25)
#define ACL_PLUGIN_HASH_LOOKUP_HASH_BUCKETS 65536
#define ACL_PLUGIN_HASH_LOOKUP_HASH_MEMORY (2 << 25)
typedef struct {
/* mheap to hold all the ACL module related allocations, other than hash */
void *acl_mheap;
- u32 acl_mheap_size;
+ uword acl_mheap_size;
/* API message ID base */
u16 msg_id_base;
/* mheap to hold all the miscellaneous allocations related to hash-based lookups */
void *hash_lookup_mheap;
- u32 hash_lookup_mheap_size;
+ uword hash_lookup_mheap_size;
int acl_lookup_hash_initialized;
/*
applied_hash_ace_entry_t **input_hash_entry_vec_by_sw_if_index;
/* lookup contexts where a given ACL is used */
u32 **lc_index_vec_by_acl;
+ /* input and output policy epochs by interface */
+ u32 *input_policy_epoch_by_sw_if_index;
+ u32 *output_policy_epoch_by_sw_if_index;
+
+ /* whether we need to take the epoch of the session into account */
+ int reclassify_sessions;
+
+
+
/* Total count of interface+direction pairs enabled */
u32 fa_total_enabled_count;
extern acl_main_t acl_main;
+/*
+ * pointer to the above.
+ * Needed for some gymnastics to be able to provide
+ * the inline functions from this plugin to other plugins.
+ */
+
+extern acl_main_t *p_acl_main;
void *acl_plugin_set_heap();