ipsec: keep esp encrypt pointer and index synced

[vpp.git] / src / plugins / acl / acl_test.c

diff --git a/src/plugins/acl/acl_test.c b/src/plugins/acl/acl_test.c
index a35f050..0c21868 100644 (file)
--- a/src/plugins/acl/acl_test.c
+++ b/src/plugins/acl/acl_test.c
@@ -25,6 +25,9 @@
 #include <vnet/ip/ip.h>
 #include <arpa/inet.h>
 
+#include <vnet/ip/ip_format_fns.h>
+#include <vnet/ethernet/ethernet_format_fns.h>
+
 #define __plugin_msg_base acl_test_main.msg_id_base
 #include <vlibapi/vat_helper_macros.h>
 
@@ -33,9 +36,6 @@ uword unformat_sw_if_index (unformat_input_t * input, va_list * args);
 /* Declare message IDs */
 #include <acl/acl.api_enum.h>
 #include <acl/acl.api_types.h>
-#define vl_print(handle, ...)
-#include <acl/manual_fns.h>
-#undef vl_print
 #define vl_endianfun            /* define message structures */
 #include <acl/acl.api.h>
 #undef vl_endianfun
@@ -97,6 +97,15 @@ static void vl_api_acl_plugin_get_version_reply_t_handler
         vam->result_ready = 1;
     }
 
+    static void
+    vl_api_acl_plugin_use_hash_lookup_get_reply_t_handler (
+      vl_api_acl_plugin_use_hash_lookup_get_reply_t *mp)
+    {
+      vat_main_t *vam = acl_test_main.vat_main;
+      clib_warning ("ACL hash lookups enabled: %d", mp->enable);
+      vam->result_ready = 1;
+    }
+
 static void vl_api_acl_interface_list_details_t_handler
     (vl_api_acl_interface_list_details_t * mp)
     {
@@ -156,16 +165,16 @@ static void vl_api_acl_plugin_get_conn_table_max_entries_reply_t_handler
 static inline u8 *
 vl_api_acl_rule_t_pretty_format (u8 *out, vl_api_acl_rule_t * a)
 {
-  int af = a->is_ipv6 ? AF_INET6 : AF_INET;
+  int af = a->src_prefix.address.af ? AF_INET6 : AF_INET;
   u8 src[INET6_ADDRSTRLEN];
   u8 dst[INET6_ADDRSTRLEN];
-  inet_ntop(af, a->src_ip_addr, (void *)src, sizeof(src));
-  inet_ntop(af, a->dst_ip_addr, (void *)dst, sizeof(dst));
+  inet_ntop(af, &a->src_prefix.address.un, (void *)src, sizeof(src));
+  inet_ntop(af, &a->dst_prefix.address.un, (void *)dst, sizeof(dst));
 
   out = format(out, "%s action %d src %s/%d dst %s/%d proto %d sport %d-%d dport %d-%d tcpflags %d mask %d",
-                     a->is_ipv6 ? "ipv6" : "ipv4", a->is_permit,
-                     src, a->src_ip_prefix_len,
-                     dst, a->dst_ip_prefix_len,
+                     a->src_prefix.address.af ? "ipv6" : "ipv4", a->is_permit,
+                     src, a->src_prefix.len,
+                     dst, a->dst_prefix.len,
                      a->proto,
                      a->srcport_or_icmptype_first, a->srcport_or_icmptype_last,
                     a->dstport_or_icmpcode_first, a->dstport_or_icmpcode_last,
@@ -196,13 +205,13 @@ static void vl_api_acl_details_t_handler
 static inline u8 *
 vl_api_macip_acl_rule_t_pretty_format (u8 *out, vl_api_macip_acl_rule_t * a)
 {
-  int af = a->is_ipv6 ? AF_INET6 : AF_INET;
+  int af = a->src_prefix.address.af ? AF_INET6 : AF_INET;
   u8 src[INET6_ADDRSTRLEN];
-  inet_ntop(af, a->src_ip_addr, (void *)src, sizeof(src));
+  inet_ntop(af, &a->src_prefix.address.un, (void *)src, sizeof(src));
 
   out = format(out, "%s action %d ip %s/%d mac %U mask %U",
-                     a->is_ipv6 ? "ipv6" : "ipv4", a->is_permit,
-                     src, a->src_ip_prefix_len,
+                     a->src_prefix.address.af ? "ipv6" : "ipv4", a->is_permit,
+                     src, a->src_prefix.len,
                      my_format_mac_address, a->src_mac,
                      my_format_mac_address, a->src_mac_mask);
   return(out);
@@ -349,17 +358,7 @@ static int api_acl_add_replace (vat_main_t * vam)
 
     while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
     {
-        if (unformat (i, "ipv6"))
-          {
-            vec_validate_acl_rules(rules, rule_idx);
-            rules[rule_idx].is_ipv6 = 1;
-          }
-        else if (unformat (i, "ipv4"))
-          {
-            vec_validate_acl_rules(rules, rule_idx);
-            rules[rule_idx].is_ipv6 = 0;
-          }
-        else if (unformat (i, "permit+reflect"))
+        if (unformat (i, "permit+reflect"))
           {
             vec_validate_acl_rules(rules, rule_idx);
             rules[rule_idx].is_permit = 2;
@@ -387,33 +386,33 @@ static int api_acl_add_replace (vat_main_t * vam)
          unformat_ip4_address, &src_v4address, &src_prefix_length))
           {
             vec_validate_acl_rules(rules, rule_idx);
-            memcpy (rules[rule_idx].src_ip_addr, &src_v4address, 4);
-            rules[rule_idx].src_ip_prefix_len = src_prefix_length;
-            rules[rule_idx].is_ipv6 = 0;
+            memcpy (rules[rule_idx].src_prefix.address.un.ip4, &src_v4address, 4);
+            rules[rule_idx].src_prefix.address.af = ADDRESS_IP4;
+            rules[rule_idx].src_prefix.len = src_prefix_length;
           }
         else if (unformat (i, "src %U/%d",
          unformat_ip6_address, &src_v6address, &src_prefix_length))
           {
             vec_validate_acl_rules(rules, rule_idx);
-            memcpy (rules[rule_idx].src_ip_addr, &src_v6address, 16);
-            rules[rule_idx].src_ip_prefix_len = src_prefix_length;
-            rules[rule_idx].is_ipv6 = 1;
+            memcpy (rules[rule_idx].src_prefix.address.un.ip6, &src_v6address, 16);
+            rules[rule_idx].src_prefix.address.af = ADDRESS_IP6;
+            rules[rule_idx].src_prefix.len = src_prefix_length;
           }
         else if (unformat (i, "dst %U/%d",
          unformat_ip4_address, &dst_v4address, &dst_prefix_length))
           {
             vec_validate_acl_rules(rules, rule_idx);
-            memcpy (rules[rule_idx].dst_ip_addr, &dst_v4address, 4);
-            rules[rule_idx].dst_ip_prefix_len = dst_prefix_length;
-            rules[rule_idx].is_ipv6 = 0;
+            memcpy (rules[rule_idx].dst_prefix.address.un.ip4, &dst_v4address, 4);
+            rules[rule_idx].dst_prefix.address.af = ADDRESS_IP4;
+            rules[rule_idx].dst_prefix.len = dst_prefix_length;
           }
         else if (unformat (i, "dst %U/%d",
          unformat_ip6_address, &dst_v6address, &dst_prefix_length))
           {
             vec_validate_acl_rules(rules, rule_idx);
-            memcpy (rules[rule_idx].dst_ip_addr, &dst_v6address, 16);
-            rules[rule_idx].dst_ip_prefix_len = dst_prefix_length;
-            rules[rule_idx].is_ipv6 = 1;
+            memcpy (rules[rule_idx].dst_prefix.address.un.ip6, &dst_v6address, 16);
+            rules[rule_idx].dst_prefix.address.af = ADDRESS_IP6;
+            rules[rule_idx].dst_prefix.len = dst_prefix_length;
           }
         else if (unformat (i, "sport %d-%d", &port1, &port2))
           {
@@ -492,10 +491,10 @@ static int api_acl_add_replace (vat_main_t * vam)
         if (vec_len(tag) >= sizeof(mp->tag))
           {
             tag[sizeof(mp->tag)-1] = 0;
-            _vec_len(tag) = sizeof(mp->tag);
-          }
-        clib_memcpy(mp->tag, tag, vec_len(tag));
-        vec_free(tag);
+           vec_set_len (tag, sizeof (mp->tag));
+         }
+       clib_memcpy (mp->tag, tag, vec_len (tag));
+       vec_free (tag);
       }
     mp->acl_index = ntohl(acl_index);
     mp->count = htonl(n_rules);
@@ -559,6 +558,63 @@ static int api_acl_stats_intf_counters_enable (vat_main_t * vam)
     return ret;
 }
 
+static int
+api_acl_plugin_use_hash_lookup_set (vat_main_t *vam)
+{
+  acl_test_main_t *sm = &acl_test_main;
+  unformat_input_t *i = vam->input;
+  vl_api_acl_plugin_use_hash_lookup_set_t *mp;
+  u32 msg_size = sizeof (*mp);
+  int ret;
+
+  vam->result_ready = 0;
+  mp = vl_msg_api_alloc_as_if_client (msg_size);
+  memset (mp, 0, msg_size);
+  mp->_vl_msg_id =
+    ntohs (VL_API_ACL_PLUGIN_USE_HASH_LOOKUP_SET + sm->msg_id_base);
+  mp->client_index = vam->my_client_index;
+  mp->enable = 1;
+
+  while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
+    {
+      if (unformat (i, "disable"))
+       mp->enable = 0;
+      else if (unformat (i, "enable"))
+       mp->enable = 1;
+      else
+       break;
+    }
+
+  /* send it... */
+  S (mp);
+
+  /* Wait for a reply... */
+  W (ret);
+  return ret;
+}
+
+static int
+api_acl_plugin_use_hash_lookup_get (vat_main_t *vam)
+{
+  acl_test_main_t *sm = &acl_test_main;
+  vl_api_acl_plugin_use_hash_lookup_set_t *mp;
+  u32 msg_size = sizeof (*mp);
+  int ret;
+
+  vam->result_ready = 0;
+  mp = vl_msg_api_alloc_as_if_client (msg_size);
+  memset (mp, 0, msg_size);
+  mp->_vl_msg_id =
+    ntohs (VL_API_ACL_PLUGIN_USE_HASH_LOOKUP_GET + sm->msg_id_base);
+  mp->client_index = vam->my_client_index;
+
+  /* send it... */
+  S (mp);
+
+  /* Wait for a reply... */
+  W (ret);
+  return ret;
+}
 
 /*
  * Read the series of ACL entries from file in the following format:
@@ -622,10 +678,13 @@ api_acl_add_replace_from_file (vat_main_t * vam)
          break;
       }
 
+    if (file_name == NULL)
+        goto done;
+
     fd = open(file_name, O_RDONLY);
     if (fd < 0)
       {
-        clib_warning("Could not open file '%s'");
+        clib_warning("Could not open file '%s'", file_name);
         goto done;
       }
 
@@ -651,12 +710,13 @@ api_acl_add_replace_from_file (vat_main_t * vam)
            rule_idx++;
            vec_validate_acl_rules(rules, rule_idx);
 
-           rules[rule_idx].is_ipv6 = 0;
            rules[rule_idx].is_permit = is_permit;
-           memcpy (rules[rule_idx].src_ip_addr, &src_v4address, 4);
-           rules[rule_idx].src_ip_prefix_len = src_prefix_length;
-           memcpy (rules[rule_idx].dst_ip_addr, &dst_v4address, 4);
-           rules[rule_idx].dst_ip_prefix_len = dst_prefix_length;
+           memcpy (rules[rule_idx].src_prefix.address.un.ip4, &src_v4address, 4);
+            rules[rule_idx].src_prefix.address.af = ADDRESS_IP4;
+           rules[rule_idx].src_prefix.len = src_prefix_length;
+           memcpy (rules[rule_idx].dst_prefix.address.un.ip4, &dst_v4address, 4);
+            rules[rule_idx].dst_prefix.address.af = ADDRESS_IP4;
+           rules[rule_idx].dst_prefix.len = dst_prefix_length;
            rules[rule_idx].srcport_or_icmptype_first = htons(sport_low);
            rules[rule_idx].srcport_or_icmptype_last = htons(sport_high);
            rules[rule_idx].dstport_or_icmpcode_first = htons(dport_low);
@@ -671,22 +731,23 @@ api_acl_add_replace_from_file (vat_main_t * vam)
        rule_idx++;
        vec_validate_acl_rules(rules, rule_idx);
 
-       rules[rule_idx].is_ipv6 = 0;
        rules[rule_idx].is_permit = is_permit == 2 ? 2 : 1;
 
        src_v4address.data[0]=0;
        src_v4address.data[1]=0;
        src_v4address.data[2]=0;
        src_v4address.data[3]=0;
-       memcpy (rules[rule_idx].src_ip_addr, &src_v4address, 4);
-       rules[rule_idx].src_ip_prefix_len = 0;
+       memcpy (rules[rule_idx].src_prefix.address.un.ip4, &src_v4address, 4);
+        rules[rule_idx].src_prefix.address.af = ADDRESS_IP4;
+       rules[rule_idx].src_prefix.len = 0;
 
        dst_v4address.data[0]=0;
        dst_v4address.data[1]=0;
        dst_v4address.data[2]=0;
        dst_v4address.data[3]=0;
-       memcpy (rules[rule_idx].dst_ip_addr, &dst_v4address, 4);
-       rules[rule_idx].dst_ip_prefix_len = 0;
+       memcpy (rules[rule_idx].dst_prefix.address.un.ip4, &dst_v4address, 4);
+        rules[rule_idx].dst_prefix.address.af = ADDRESS_IP4;
+       rules[rule_idx].dst_prefix.len = 0;
 
        rules[rule_idx].srcport_or_icmptype_first = htons(0);
        rules[rule_idx].srcport_or_icmptype_last = htons(65535);
@@ -1176,17 +1237,7 @@ static int api_macip_acl_add (vat_main_t * vam)
 
     while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
     {
-        if (unformat (i, "ipv6"))
-          {
-            vec_validate_macip_acl_rules(rules, rule_idx);
-            rules[rule_idx].is_ipv6 = 1;
-          }
-        else if (unformat (i, "ipv4"))
-          {
-            vec_validate_macip_acl_rules(rules, rule_idx);
-            rules[rule_idx].is_ipv6 = 0;
-          }
-        else if (unformat (i, "permit"))
+        if (unformat (i, "permit"))
           {
             vec_validate_macip_acl_rules(rules, rule_idx);
             rules[rule_idx].is_permit = 1;
@@ -1213,9 +1264,9 @@ static int api_macip_acl_add (vat_main_t * vam)
             if (src_prefix_length == 0)
               src_prefix_length = 32;
             vec_validate_macip_acl_rules(rules, rule_idx);
-            memcpy (rules[rule_idx].src_ip_addr, &src_v4address, 4);
-            rules[rule_idx].src_ip_prefix_len = src_prefix_length;
-            rules[rule_idx].is_ipv6 = 0;
+            memcpy (rules[rule_idx].src_prefix.address.un.ip4, &src_v4address, 4);
+            rules[rule_idx].src_prefix.address.af = ADDRESS_IP4;
+            rules[rule_idx].src_prefix.len = src_prefix_length;
           }
         else if (unformat (i, "src"))
           {
@@ -1229,9 +1280,9 @@ static int api_macip_acl_add (vat_main_t * vam)
             if (src_prefix_length == 0)
               src_prefix_length = 128;
             vec_validate_macip_acl_rules(rules, rule_idx);
-            memcpy (rules[rule_idx].src_ip_addr, &src_v6address, 16);
-            rules[rule_idx].src_ip_prefix_len = src_prefix_length;
-            rules[rule_idx].is_ipv6 = 1;
+            memcpy (rules[rule_idx].src_prefix.address.un.ip4, &src_v6address, 4);
+            rules[rule_idx].src_prefix.address.af = ADDRESS_IP6;
+            rules[rule_idx].src_prefix.len = src_prefix_length;
           }
         else if (unformat (i, "mac %U",
          my_unformat_mac_address, &src_mac))
@@ -1280,10 +1331,10 @@ static int api_macip_acl_add (vat_main_t * vam)
         if (vec_len(tag) >= sizeof(mp->tag))
           {
             tag[sizeof(mp->tag)-1] = 0;
-            _vec_len(tag) = sizeof(mp->tag);
-          }
-        clib_memcpy(mp->tag, tag, vec_len(tag));
-        vec_free(tag);
+           vec_set_len (tag, sizeof (mp->tag));
+         }
+       clib_memcpy (mp->tag, tag, vec_len (tag));
+       vec_free (tag);
       }
 
     mp->count = htonl(n_rules);
@@ -1323,17 +1374,7 @@ static int api_macip_acl_add_replace (vat_main_t * vam)
 
     while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
     {
-        if (unformat (i, "ipv6"))
-          {
-            vec_validate_macip_acl_rules(rules, rule_idx);
-            rules[rule_idx].is_ipv6 = 1;
-          }
-        else if (unformat (i, "ipv4"))
-          {
-            vec_validate_macip_acl_rules(rules, rule_idx);
-            rules[rule_idx].is_ipv6 = 0;
-          }
-        else if (unformat (i, "permit"))
+        if (unformat (i, "permit"))
           {
             vec_validate_macip_acl_rules(rules, rule_idx);
             rules[rule_idx].is_permit = 1;
@@ -1353,32 +1394,32 @@ static int api_macip_acl_add_replace (vat_main_t * vam)
             rules[rule_idx].is_permit = action;
           }
         else if (unformat (i, "ip %U/%d",
-         unformat_ip4_address, &src_v4address, &src_prefix_length) ||
-                 unformat (i, "ip %U",
-         unformat_ip4_address, &src_v4address))
+            unformat_ip4_address, &src_v4address, &src_prefix_length) ||
+                   unformat (i, "ip %U",
+            unformat_ip4_address, &src_v4address))
           {
-            if (src_prefix_length == 0)
-              src_prefix_length = 32;
-            vec_validate_macip_acl_rules(rules, rule_idx);
-            memcpy (rules[rule_idx].src_ip_addr, &src_v4address, 4);
-            rules[rule_idx].src_ip_prefix_len = src_prefix_length;
-            rules[rule_idx].is_ipv6 = 0;
+              if (src_prefix_length == 0)
+                src_prefix_length = 32;
+              vec_validate_macip_acl_rules(rules, rule_idx);
+              memcpy (rules[rule_idx].src_prefix.address.un.ip4, &src_v4address, 4);
+              rules[rule_idx].src_prefix.address.af = ADDRESS_IP4;
+              rules[rule_idx].src_prefix.len = src_prefix_length;
           }
         else if (unformat (i, "src"))
           {
-            /* Everything in MACIP is "source" but allow this verbosity */
+              /* Everything in MACIP is "source" but allow this verbosity */
           }
         else if (unformat (i, "ip %U/%d",
-         unformat_ip6_address, &src_v6address, &src_prefix_length) ||
-                 unformat (i, "ip %U",
-         unformat_ip6_address, &src_v6address))
+           unformat_ip6_address, &src_v6address, &src_prefix_length) ||
+                   unformat (i, "ip %U",
+           unformat_ip6_address, &src_v6address))
           {
             if (src_prefix_length == 0)
-              src_prefix_length = 128;
+             src_prefix_length = 128;
             vec_validate_macip_acl_rules(rules, rule_idx);
-            memcpy (rules[rule_idx].src_ip_addr, &src_v6address, 16);
-            rules[rule_idx].src_ip_prefix_len = src_prefix_length;
-            rules[rule_idx].is_ipv6 = 1;
+            memcpy (rules[rule_idx].src_prefix.address.un.ip4, &src_v6address, 4);
+            rules[rule_idx].src_prefix.address.af = ADDRESS_IP6;
+            rules[rule_idx].src_prefix.len = src_prefix_length;
           }
         else if (unformat (i, "mac %U",
          my_unformat_mac_address, &src_mac))
@@ -1432,10 +1473,10 @@ static int api_macip_acl_add_replace (vat_main_t * vam)
         if (vec_len(tag) >= sizeof(mp->tag))
           {
             tag[sizeof(mp->tag)-1] = 0;
-            _vec_len(tag) = sizeof(mp->tag);
-          }
-        clib_memcpy(mp->tag, tag, vec_len(tag));
-        vec_free(tag);
+           vec_set_len (tag, sizeof (mp->tag));
+         }
+       clib_memcpy (mp->tag, tag, vec_len (tag));
+       vec_free (tag);
       }
 
     mp->acl_index = ntohl(acl_index);