#include <vnet/ip/ip.h>
#include <arpa/inet.h>
+#include <vnet/ip/ip_format_fns.h>
+#include <vnet/ethernet/ethernet_format_fns.h>
+
#define __plugin_msg_base acl_test_main.msg_id_base
#include <vlibapi/vat_helper_macros.h>
/* Declare message IDs */
#include <acl/acl.api_enum.h>
#include <acl/acl.api_types.h>
-#define vl_print(handle, ...)
-#include <acl/manual_fns.h>
-#undef vl_print
#define vl_endianfun /* define message structures */
#include <acl/acl.api.h>
#undef vl_endianfun
vam->result_ready = 1;
}
+ static void
+ vl_api_acl_plugin_use_hash_lookup_get_reply_t_handler (
+ vl_api_acl_plugin_use_hash_lookup_get_reply_t *mp)
+ {
+ vat_main_t *vam = acl_test_main.vat_main;
+ clib_warning ("ACL hash lookups enabled: %d", mp->enable);
+ vam->result_ready = 1;
+ }
+
static void vl_api_acl_interface_list_details_t_handler
(vl_api_acl_interface_list_details_t * mp)
{
static inline u8 *
vl_api_acl_rule_t_pretty_format (u8 *out, vl_api_acl_rule_t * a)
{
- int af = a->is_ipv6 ? AF_INET6 : AF_INET;
+ int af = a->src_prefix.address.af ? AF_INET6 : AF_INET;
u8 src[INET6_ADDRSTRLEN];
u8 dst[INET6_ADDRSTRLEN];
- inet_ntop(af, a->src_ip_addr, (void *)src, sizeof(src));
- inet_ntop(af, a->dst_ip_addr, (void *)dst, sizeof(dst));
+ inet_ntop(af, &a->src_prefix.address.un, (void *)src, sizeof(src));
+ inet_ntop(af, &a->dst_prefix.address.un, (void *)dst, sizeof(dst));
out = format(out, "%s action %d src %s/%d dst %s/%d proto %d sport %d-%d dport %d-%d tcpflags %d mask %d",
- a->is_ipv6 ? "ipv6" : "ipv4", a->is_permit,
- src, a->src_ip_prefix_len,
- dst, a->dst_ip_prefix_len,
+ a->src_prefix.address.af ? "ipv6" : "ipv4", a->is_permit,
+ src, a->src_prefix.len,
+ dst, a->dst_prefix.len,
a->proto,
a->srcport_or_icmptype_first, a->srcport_or_icmptype_last,
a->dstport_or_icmpcode_first, a->dstport_or_icmpcode_last,
static inline u8 *
vl_api_macip_acl_rule_t_pretty_format (u8 *out, vl_api_macip_acl_rule_t * a)
{
- int af = a->is_ipv6 ? AF_INET6 : AF_INET;
+ int af = a->src_prefix.address.af ? AF_INET6 : AF_INET;
u8 src[INET6_ADDRSTRLEN];
- inet_ntop(af, a->src_ip_addr, (void *)src, sizeof(src));
+ inet_ntop(af, &a->src_prefix.address.un, (void *)src, sizeof(src));
out = format(out, "%s action %d ip %s/%d mac %U mask %U",
- a->is_ipv6 ? "ipv6" : "ipv4", a->is_permit,
- src, a->src_ip_prefix_len,
+ a->src_prefix.address.af ? "ipv6" : "ipv4", a->is_permit,
+ src, a->src_prefix.len,
my_format_mac_address, a->src_mac,
my_format_mac_address, a->src_mac_mask);
return(out);
while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
{
- if (unformat (i, "ipv6"))
- {
- vec_validate_acl_rules(rules, rule_idx);
- rules[rule_idx].is_ipv6 = 1;
- }
- else if (unformat (i, "ipv4"))
- {
- vec_validate_acl_rules(rules, rule_idx);
- rules[rule_idx].is_ipv6 = 0;
- }
- else if (unformat (i, "permit+reflect"))
+ if (unformat (i, "permit+reflect"))
{
vec_validate_acl_rules(rules, rule_idx);
rules[rule_idx].is_permit = 2;
unformat_ip4_address, &src_v4address, &src_prefix_length))
{
vec_validate_acl_rules(rules, rule_idx);
- memcpy (rules[rule_idx].src_ip_addr, &src_v4address, 4);
- rules[rule_idx].src_ip_prefix_len = src_prefix_length;
- rules[rule_idx].is_ipv6 = 0;
+ memcpy (rules[rule_idx].src_prefix.address.un.ip4, &src_v4address, 4);
+ rules[rule_idx].src_prefix.address.af = ADDRESS_IP4;
+ rules[rule_idx].src_prefix.len = src_prefix_length;
}
else if (unformat (i, "src %U/%d",
unformat_ip6_address, &src_v6address, &src_prefix_length))
{
vec_validate_acl_rules(rules, rule_idx);
- memcpy (rules[rule_idx].src_ip_addr, &src_v6address, 16);
- rules[rule_idx].src_ip_prefix_len = src_prefix_length;
- rules[rule_idx].is_ipv6 = 1;
+ memcpy (rules[rule_idx].src_prefix.address.un.ip6, &src_v6address, 16);
+ rules[rule_idx].src_prefix.address.af = ADDRESS_IP6;
+ rules[rule_idx].src_prefix.len = src_prefix_length;
}
else if (unformat (i, "dst %U/%d",
unformat_ip4_address, &dst_v4address, &dst_prefix_length))
{
vec_validate_acl_rules(rules, rule_idx);
- memcpy (rules[rule_idx].dst_ip_addr, &dst_v4address, 4);
- rules[rule_idx].dst_ip_prefix_len = dst_prefix_length;
- rules[rule_idx].is_ipv6 = 0;
+ memcpy (rules[rule_idx].dst_prefix.address.un.ip4, &dst_v4address, 4);
+ rules[rule_idx].dst_prefix.address.af = ADDRESS_IP4;
+ rules[rule_idx].dst_prefix.len = dst_prefix_length;
}
else if (unformat (i, "dst %U/%d",
unformat_ip6_address, &dst_v6address, &dst_prefix_length))
{
vec_validate_acl_rules(rules, rule_idx);
- memcpy (rules[rule_idx].dst_ip_addr, &dst_v6address, 16);
- rules[rule_idx].dst_ip_prefix_len = dst_prefix_length;
- rules[rule_idx].is_ipv6 = 1;
+ memcpy (rules[rule_idx].dst_prefix.address.un.ip6, &dst_v6address, 16);
+ rules[rule_idx].dst_prefix.address.af = ADDRESS_IP6;
+ rules[rule_idx].dst_prefix.len = dst_prefix_length;
}
else if (unformat (i, "sport %d-%d", &port1, &port2))
{
if (vec_len(tag) >= sizeof(mp->tag))
{
tag[sizeof(mp->tag)-1] = 0;
- _vec_len(tag) = sizeof(mp->tag);
- }
- clib_memcpy(mp->tag, tag, vec_len(tag));
- vec_free(tag);
+ vec_set_len (tag, sizeof (mp->tag));
+ }
+ clib_memcpy (mp->tag, tag, vec_len (tag));
+ vec_free (tag);
}
mp->acl_index = ntohl(acl_index);
mp->count = htonl(n_rules);
return ret;
}
+static int
+api_acl_plugin_use_hash_lookup_set (vat_main_t *vam)
+{
+ acl_test_main_t *sm = &acl_test_main;
+ unformat_input_t *i = vam->input;
+ vl_api_acl_plugin_use_hash_lookup_set_t *mp;
+ u32 msg_size = sizeof (*mp);
+ int ret;
+
+ vam->result_ready = 0;
+ mp = vl_msg_api_alloc_as_if_client (msg_size);
+ memset (mp, 0, msg_size);
+ mp->_vl_msg_id =
+ ntohs (VL_API_ACL_PLUGIN_USE_HASH_LOOKUP_SET + sm->msg_id_base);
+ mp->client_index = vam->my_client_index;
+ mp->enable = 1;
+
+ while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
+ {
+ if (unformat (i, "disable"))
+ mp->enable = 0;
+ else if (unformat (i, "enable"))
+ mp->enable = 1;
+ else
+ break;
+ }
+
+ /* send it... */
+ S (mp);
+
+ /* Wait for a reply... */
+ W (ret);
+ return ret;
+}
+
+static int
+api_acl_plugin_use_hash_lookup_get (vat_main_t *vam)
+{
+ acl_test_main_t *sm = &acl_test_main;
+ vl_api_acl_plugin_use_hash_lookup_set_t *mp;
+ u32 msg_size = sizeof (*mp);
+ int ret;
+
+ vam->result_ready = 0;
+ mp = vl_msg_api_alloc_as_if_client (msg_size);
+ memset (mp, 0, msg_size);
+ mp->_vl_msg_id =
+ ntohs (VL_API_ACL_PLUGIN_USE_HASH_LOOKUP_GET + sm->msg_id_base);
+ mp->client_index = vam->my_client_index;
+
+ /* send it... */
+ S (mp);
+
+ /* Wait for a reply... */
+ W (ret);
+ return ret;
+}
/*
* Read the series of ACL entries from file in the following format:
break;
}
+ if (file_name == NULL)
+ goto done;
+
fd = open(file_name, O_RDONLY);
if (fd < 0)
{
- clib_warning("Could not open file '%s'");
+ clib_warning("Could not open file '%s'", file_name);
goto done;
}
rule_idx++;
vec_validate_acl_rules(rules, rule_idx);
- rules[rule_idx].is_ipv6 = 0;
rules[rule_idx].is_permit = is_permit;
- memcpy (rules[rule_idx].src_ip_addr, &src_v4address, 4);
- rules[rule_idx].src_ip_prefix_len = src_prefix_length;
- memcpy (rules[rule_idx].dst_ip_addr, &dst_v4address, 4);
- rules[rule_idx].dst_ip_prefix_len = dst_prefix_length;
+ memcpy (rules[rule_idx].src_prefix.address.un.ip4, &src_v4address, 4);
+ rules[rule_idx].src_prefix.address.af = ADDRESS_IP4;
+ rules[rule_idx].src_prefix.len = src_prefix_length;
+ memcpy (rules[rule_idx].dst_prefix.address.un.ip4, &dst_v4address, 4);
+ rules[rule_idx].dst_prefix.address.af = ADDRESS_IP4;
+ rules[rule_idx].dst_prefix.len = dst_prefix_length;
rules[rule_idx].srcport_or_icmptype_first = htons(sport_low);
rules[rule_idx].srcport_or_icmptype_last = htons(sport_high);
rules[rule_idx].dstport_or_icmpcode_first = htons(dport_low);
rule_idx++;
vec_validate_acl_rules(rules, rule_idx);
- rules[rule_idx].is_ipv6 = 0;
rules[rule_idx].is_permit = is_permit == 2 ? 2 : 1;
src_v4address.data[0]=0;
src_v4address.data[1]=0;
src_v4address.data[2]=0;
src_v4address.data[3]=0;
- memcpy (rules[rule_idx].src_ip_addr, &src_v4address, 4);
- rules[rule_idx].src_ip_prefix_len = 0;
+ memcpy (rules[rule_idx].src_prefix.address.un.ip4, &src_v4address, 4);
+ rules[rule_idx].src_prefix.address.af = ADDRESS_IP4;
+ rules[rule_idx].src_prefix.len = 0;
dst_v4address.data[0]=0;
dst_v4address.data[1]=0;
dst_v4address.data[2]=0;
dst_v4address.data[3]=0;
- memcpy (rules[rule_idx].dst_ip_addr, &dst_v4address, 4);
- rules[rule_idx].dst_ip_prefix_len = 0;
+ memcpy (rules[rule_idx].dst_prefix.address.un.ip4, &dst_v4address, 4);
+ rules[rule_idx].dst_prefix.address.af = ADDRESS_IP4;
+ rules[rule_idx].dst_prefix.len = 0;
rules[rule_idx].srcport_or_icmptype_first = htons(0);
rules[rule_idx].srcport_or_icmptype_last = htons(65535);
while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
{
- if (unformat (i, "ipv6"))
- {
- vec_validate_macip_acl_rules(rules, rule_idx);
- rules[rule_idx].is_ipv6 = 1;
- }
- else if (unformat (i, "ipv4"))
- {
- vec_validate_macip_acl_rules(rules, rule_idx);
- rules[rule_idx].is_ipv6 = 0;
- }
- else if (unformat (i, "permit"))
+ if (unformat (i, "permit"))
{
vec_validate_macip_acl_rules(rules, rule_idx);
rules[rule_idx].is_permit = 1;
if (src_prefix_length == 0)
src_prefix_length = 32;
vec_validate_macip_acl_rules(rules, rule_idx);
- memcpy (rules[rule_idx].src_ip_addr, &src_v4address, 4);
- rules[rule_idx].src_ip_prefix_len = src_prefix_length;
- rules[rule_idx].is_ipv6 = 0;
+ memcpy (rules[rule_idx].src_prefix.address.un.ip4, &src_v4address, 4);
+ rules[rule_idx].src_prefix.address.af = ADDRESS_IP4;
+ rules[rule_idx].src_prefix.len = src_prefix_length;
}
else if (unformat (i, "src"))
{
if (src_prefix_length == 0)
src_prefix_length = 128;
vec_validate_macip_acl_rules(rules, rule_idx);
- memcpy (rules[rule_idx].src_ip_addr, &src_v6address, 16);
- rules[rule_idx].src_ip_prefix_len = src_prefix_length;
- rules[rule_idx].is_ipv6 = 1;
+ memcpy (rules[rule_idx].src_prefix.address.un.ip4, &src_v6address, 4);
+ rules[rule_idx].src_prefix.address.af = ADDRESS_IP6;
+ rules[rule_idx].src_prefix.len = src_prefix_length;
}
else if (unformat (i, "mac %U",
my_unformat_mac_address, &src_mac))
if (vec_len(tag) >= sizeof(mp->tag))
{
tag[sizeof(mp->tag)-1] = 0;
- _vec_len(tag) = sizeof(mp->tag);
- }
- clib_memcpy(mp->tag, tag, vec_len(tag));
- vec_free(tag);
+ vec_set_len (tag, sizeof (mp->tag));
+ }
+ clib_memcpy (mp->tag, tag, vec_len (tag));
+ vec_free (tag);
}
mp->count = htonl(n_rules);
while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
{
- if (unformat (i, "ipv6"))
- {
- vec_validate_macip_acl_rules(rules, rule_idx);
- rules[rule_idx].is_ipv6 = 1;
- }
- else if (unformat (i, "ipv4"))
- {
- vec_validate_macip_acl_rules(rules, rule_idx);
- rules[rule_idx].is_ipv6 = 0;
- }
- else if (unformat (i, "permit"))
+ if (unformat (i, "permit"))
{
vec_validate_macip_acl_rules(rules, rule_idx);
rules[rule_idx].is_permit = 1;
rules[rule_idx].is_permit = action;
}
else if (unformat (i, "ip %U/%d",
- unformat_ip4_address, &src_v4address, &src_prefix_length) ||
- unformat (i, "ip %U",
- unformat_ip4_address, &src_v4address))
+ unformat_ip4_address, &src_v4address, &src_prefix_length) ||
+ unformat (i, "ip %U",
+ unformat_ip4_address, &src_v4address))
{
- if (src_prefix_length == 0)
- src_prefix_length = 32;
- vec_validate_macip_acl_rules(rules, rule_idx);
- memcpy (rules[rule_idx].src_ip_addr, &src_v4address, 4);
- rules[rule_idx].src_ip_prefix_len = src_prefix_length;
- rules[rule_idx].is_ipv6 = 0;
+ if (src_prefix_length == 0)
+ src_prefix_length = 32;
+ vec_validate_macip_acl_rules(rules, rule_idx);
+ memcpy (rules[rule_idx].src_prefix.address.un.ip4, &src_v4address, 4);
+ rules[rule_idx].src_prefix.address.af = ADDRESS_IP4;
+ rules[rule_idx].src_prefix.len = src_prefix_length;
}
else if (unformat (i, "src"))
{
- /* Everything in MACIP is "source" but allow this verbosity */
+ /* Everything in MACIP is "source" but allow this verbosity */
}
else if (unformat (i, "ip %U/%d",
- unformat_ip6_address, &src_v6address, &src_prefix_length) ||
- unformat (i, "ip %U",
- unformat_ip6_address, &src_v6address))
+ unformat_ip6_address, &src_v6address, &src_prefix_length) ||
+ unformat (i, "ip %U",
+ unformat_ip6_address, &src_v6address))
{
if (src_prefix_length == 0)
- src_prefix_length = 128;
+ src_prefix_length = 128;
vec_validate_macip_acl_rules(rules, rule_idx);
- memcpy (rules[rule_idx].src_ip_addr, &src_v6address, 16);
- rules[rule_idx].src_ip_prefix_len = src_prefix_length;
- rules[rule_idx].is_ipv6 = 1;
+ memcpy (rules[rule_idx].src_prefix.address.un.ip4, &src_v6address, 4);
+ rules[rule_idx].src_prefix.address.af = ADDRESS_IP6;
+ rules[rule_idx].src_prefix.len = src_prefix_length;
}
else if (unformat (i, "mac %U",
my_unformat_mac_address, &src_mac))
if (vec_len(tag) >= sizeof(mp->tag))
{
tag[sizeof(mp->tag)-1] = 0;
- _vec_len(tag) = sizeof(mp->tag);
- }
- clib_memcpy(mp->tag, tag, vec_len(tag));
- vec_free(tag);
+ vec_set_len (tag, sizeof (mp->tag));
+ }
+ clib_memcpy (mp->tag, tag, vec_len (tag));
+ vec_free (tag);
}
mp->acl_index = ntohl(acl_index);