out = format(out, "sw_if_index: %d, count: %d, n_input: %d\n", mp->sw_if_index, mp->count, mp->n_input);
out = format(out, " input ");
for(i=0; i<mp->count; i++) {
- out = format(out, "%d ", mp->acls[i]);
- if (i == mp->n_input-1)
+ if (i == mp->n_input)
out = format(out, "\n output ");
+ out = format(out, "%d ", ntohl (mp->acls[i]));
}
out = format(out, "\n");
clib_warning("%s", out);
vam->result_ready = 1;
}
+static void vl_api_acl_plugin_control_ping_reply_t_handler
+ (vl_api_acl_plugin_control_ping_reply_t * mp)
+{
+ vat_main_t *vam = &vat_main;
+ i32 retval = ntohl (mp->retval);
+ if (vam->async_mode)
+ {
+ vam->async_errors += (retval < 0);
+ }
+ else
+ {
+ vam->retval = retval;
+ vam->result_ready = 1;
+ }
+}
+
/*
* Table of message reply handlers, must include boilerplate handlers
_(MACIP_ACL_DETAILS, macip_acl_details) \
_(MACIP_ACL_INTERFACE_ADD_DEL_REPLY, macip_acl_interface_add_del_reply) \
_(MACIP_ACL_INTERFACE_GET_REPLY, macip_acl_interface_get_reply) \
+_(ACL_PLUGIN_CONTROL_PING_REPLY, acl_plugin_control_ping_reply) \
_(ACL_PLUGIN_GET_VERSION_REPLY, acl_plugin_get_version_reply)
static int api_acl_plugin_get_version (vat_main_t * vam)
vec_validate_acl_rules(rules, rule_idx);
rules[rule_idx].is_permit = 1;
}
+ else if (unformat (i, "deny"))
+ {
+ vec_validate_acl_rules(rules, rule_idx);
+ rules[rule_idx].is_permit = 0;
+ }
else if (unformat (i, "count %d", &n_rules_override))
{
/* we will use this later */
memset (mp, 0, msg_size);
mp->_vl_msg_id = ntohs (VL_API_ACL_ADD_REPLACE + sm->msg_id_base);
mp->client_index = vam->my_client_index;
- if (n_rules > 0)
+ if ((n_rules > 0) && rules)
clib_memcpy(mp->r, rules, n_rules*sizeof (vl_api_acl_rule_t));
if (tag)
{
return ret;
}
+static void
+api_acl_send_control_ping(vat_main_t *vam)
+{
+ vl_api_acl_plugin_control_ping_t *mp_ping;
+
+ M(ACL_PLUGIN_CONTROL_PING, mp_ping);
+ S(mp_ping);
+}
+
static int api_acl_interface_list_dump (vat_main_t * vam)
{
/* send it... */
S(mp);
+ /* Use control ping for synchronization */
+ api_acl_send_control_ping(vam);
+
/* Wait for a reply... */
W (ret);
return ret;
/* send it... */
S(mp);
+ /* Use control ping for synchronization */
+ api_acl_send_control_ping(vam);
+
/* Wait for a reply... */
W (ret);
return ret;
/* send it... */
S(mp);
+ /* Use control ping for synchronization */
+ api_acl_send_control_ping(vam);
+
/* Wait for a reply... */
W (ret);
return ret;
else if (unformat (i, "ipv4"))
{
vec_validate_macip_acl_rules(rules, rule_idx);
- rules[rule_idx].is_ipv6 = 1;
+ rules[rule_idx].is_ipv6 = 0;
}
else if (unformat (i, "permit"))
{
rules[rule_idx].is_permit = action;
}
else if (unformat (i, "ip %U/%d",
- unformat_ip4_address, &src_v4address, &src_prefix_length))
+ unformat_ip4_address, &src_v4address, &src_prefix_length) ||
+ unformat (i, "ip %U",
+ unformat_ip4_address, &src_v4address))
{
+ if (src_prefix_length == 0)
+ src_prefix_length = 32;
vec_validate_macip_acl_rules(rules, rule_idx);
memcpy (rules[rule_idx].src_ip_addr, &src_v4address, 4);
rules[rule_idx].src_ip_prefix_len = src_prefix_length;
/* Everything in MACIP is "source" but allow this verbosity */
}
else if (unformat (i, "ip %U/%d",
- unformat_ip6_address, &src_v6address, &src_prefix_length))
+ unformat_ip6_address, &src_v6address, &src_prefix_length) ||
+ unformat (i, "ip %U",
+ unformat_ip6_address, &src_v6address))
{
+ if (src_prefix_length == 0)
+ src_prefix_length = 128;
vec_validate_macip_acl_rules(rules, rule_idx);
memcpy (rules[rule_idx].src_ip_addr, &src_v6address, 16);
rules[rule_idx].src_ip_prefix_len = src_prefix_length;
memset (mp, 0, msg_size);
mp->_vl_msg_id = ntohs (VL_API_MACIP_ACL_ADD + sm->msg_id_base);
mp->client_index = vam->my_client_index;
- if (n_rules > 0)
+ if ((n_rules > 0) && rules)
clib_memcpy(mp->r, rules, n_rules*sizeof (mp->r[0]));
if (tag)
{
Code Review / vpp.git / blobdiff