classifier-based ACL: refactor + add output ACL

[vpp.git] / src / vat / api_format.c

diff --git a/src/vat/api_format.c b/src/vat/api_format.c
index da1892a..c133f6b 100644 (file)
--- a/src/vat/api_format.c
+++ b/src/vat/api_format.c
@@ -19,7 +19,6 @@
 
 #include <vat/vat.h>
 #include <vppinfra/socket.h>
-#include <svm/memfd.h>
 #include <vlibapi/api.h>
 #include <vlibmemory/api.h>
 #include <vnet/ip/ip.h>
@@ -34,7 +33,7 @@
 #include <vpp/api/vpe_msg_enum.h>
 #include <vnet/l2/l2_classify.h>
 #include <vnet/l2/l2_vtr.h>
-#include <vnet/classify/input_acl.h>
+#include <vnet/classify/in_out_acl.h>
 #include <vnet/classify/policer_classify.h>
 #include <vnet/classify/flow_classify.h>
 #include <vnet/mpls/mpls.h>
@@ -2206,7 +2205,7 @@ static void vl_api_memfd_segment_create_reply_t_handler
   socket_client_main_t *scm = vam->socket_client_main;
   int my_fd = -1;
   clib_error_t *error;
-  memfd_private_t memfd;
+  ssvm_private_t memfd;
   i32 retval = ntohl (mp->retval);
 
   if (retval == 0)
@@ -2224,7 +2223,7 @@ static void vl_api_memfd_segment_create_reply_t_handler
       vam->client_index_invalid = 1;
 
       /* Note: this closes memfd.fd */
-      retval = memfd_slave_init (&memfd);
+      retval = ssvm_slave_init_memfd (&memfd);
       if (retval)
        clib_warning ("WARNING: segment map returned %d", retval);
 
@@ -5392,7 +5391,8 @@ _(tcp_configure_src_addresses_reply)                      \
 _(dns_enable_disable_reply)                             \
 _(dns_name_server_add_del_reply)                       \
 _(session_rule_add_del_reply)                          \
-_(ip_container_proxy_add_del_reply)
+_(ip_container_proxy_add_del_reply)                     \
+_(output_acl_set_interface_reply)
 
 #define _(n)                                    \
     static void vl_api_##n##_t_handler          \
@@ -5720,6 +5720,7 @@ _(DNS_RESOLVE_IP_REPLY, dns_resolve_ip_reply)                             \
 _(SESSION_RULE_ADD_DEL_REPLY, session_rule_add_del_reply)              \
 _(SESSION_RULES_DETAILS, session_rules_details)                                \
 _(IP_CONTAINER_PROXY_ADD_DEL_REPLY, ip_container_proxy_add_del_reply)  \
+_(OUTPUT_ACL_SET_INTERFACE_REPLY, output_acl_set_interface_reply)       \
 
 #define foreach_standalone_reply_msg                                   \
 _(SW_INTERFACE_EVENT, sw_interface_event)                               \
@@ -7773,8 +7774,12 @@ api_tap_create_v2 (vat_main_t * vam)
   u8 host_mac_addr_set = 0;
   u8 *host_bridge = 0;
   ip4_address_t host_ip4_addr;
+  ip4_address_t host_ip4_gw;
+  u8 host_ip4_gw_set = 0;
   u32 host_ip4_prefix_len = 0;
   ip6_address_t host_ip6_addr;
+  ip6_address_t host_ip6_gw;
+  u8 host_ip6_gw_set = 0;
   u32 host_ip6_prefix_len = 0;
   int ret;
   int rx_ring_sz = 0, tx_ring_sz = 0;
@@ -7805,6 +7810,12 @@ api_tap_create_v2 (vat_main_t * vam)
       else if (unformat (i, "host-ip6-addr %U/%d", unformat_ip6_address,
                         &host_ip6_addr, &host_ip6_prefix_len))
        ;
+      else if (unformat (i, "host-ip4-gw %U", unformat_ip4_address,
+                        &host_ip4_gw))
+       host_ip4_gw_set = 1;
+      else if (unformat (i, "host-ip6-gw %U", unformat_ip6_address,
+                        &host_ip6_gw))
+       host_ip6_gw_set = 1;
       else if (unformat (i, "rx-ring-size %d", &rx_ring_sz))
        ;
       else if (unformat (i, "tx-ring-size %d", &tx_ring_sz))
@@ -7886,7 +7897,10 @@ api_tap_create_v2 (vat_main_t * vam)
     clib_memcpy (mp->host_ip4_addr, &host_ip4_addr, 4);
   if (host_ip4_prefix_len)
     clib_memcpy (mp->host_ip6_addr, &host_ip6_addr, 16);
-
+  if (host_ip4_gw_set)
+    clib_memcpy (mp->host_ip4_gw, &host_ip4_gw, 4);
+  if (host_ip6_gw_set)
+    clib_memcpy (mp->host_ip6_gw, &host_ip6_gw, 16);
 
   vec_free (host_ns);
   vec_free (host_if_name);
@@ -14126,6 +14140,59 @@ api_input_acl_set_interface (vat_main_t * vam)
   return ret;
 }
 
+static int
+api_output_acl_set_interface (vat_main_t * vam)
+{
+  unformat_input_t *i = vam->input;
+  vl_api_output_acl_set_interface_t *mp;
+  u32 sw_if_index;
+  int sw_if_index_set;
+  u32 ip4_table_index = ~0;
+  u32 ip6_table_index = ~0;
+  u32 l2_table_index = ~0;
+  u8 is_add = 1;
+  int ret;
+
+  while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
+    {
+      if (unformat (i, "%U", api_unformat_sw_if_index, vam, &sw_if_index))
+       sw_if_index_set = 1;
+      else if (unformat (i, "sw_if_index %d", &sw_if_index))
+       sw_if_index_set = 1;
+      else if (unformat (i, "del"))
+       is_add = 0;
+      else if (unformat (i, "ip4-table %d", &ip4_table_index))
+       ;
+      else if (unformat (i, "ip6-table %d", &ip6_table_index))
+       ;
+      else if (unformat (i, "l2-table %d", &l2_table_index))
+       ;
+      else
+       {
+         clib_warning ("parse error '%U'", format_unformat_error, i);
+         return -99;
+       }
+    }
+
+  if (sw_if_index_set == 0)
+    {
+      errmsg ("missing interface name or sw_if_index");
+      return -99;
+    }
+
+  M (OUTPUT_ACL_SET_INTERFACE, mp);
+
+  mp->sw_if_index = ntohl (sw_if_index);
+  mp->ip4_table_index = ntohl (ip4_table_index);
+  mp->ip6_table_index = ntohl (ip6_table_index);
+  mp->l2_table_index = ntohl (l2_table_index);
+  mp->is_add = is_add;
+
+  S (mp);
+  W (ret);
+  return ret;
+}
+
 static int
 api_ip_address_dump (vat_main_t * vam)
 {
@@ -23101,6 +23168,9 @@ _(session_rule_add_del, "[add|del] proto <tcp/udp> <lcl-ip>/<plen> "    \
   "<lcl-port> <rmt-ip>/<plen> <rmt-port> action <nn>")                 \
 _(session_rules_dump, "")                                              \
 _(ip_container_proxy_add_del, "[add|del] <address> <sw_if_index>")     \
+_(output_acl_set_interface,                                             \
+  "<intfc> | sw_if_index <nn> [ip4-table <nn>] [ip6-table <nn>]\n"      \
+  "  [l2-table <nn>] [del]")                                            \
 
 /* List of command functions, CLI names map directly to functions */
 #define foreach_cli_function                                    \