return format_ip_in_out_acl_trace (s, 1 /* is_output */ , args);
}
-vlib_node_registration_t ip4_inacl_node;
-vlib_node_registration_t ip4_outacl_node;
-vlib_node_registration_t ip6_inacl_node;
-vlib_node_registration_t ip6_outacl_node;
+extern vlib_node_registration_t ip4_inacl_node;
+extern vlib_node_registration_t ip4_outacl_node;
+extern vlib_node_registration_t ip6_inacl_node;
+extern vlib_node_registration_t ip6_outacl_node;
#define foreach_ip_inacl_error \
_(MISS, "input ACL misses") \
else
h0 = b0->data;
+ /* advance the match pointer so the matching happens on IP header */
+ if (is_output)
+ h0 += vnet_buffer (b0)->l2_classify.pad.l2_len;
+
hash0 = vnet_classify_hash_packet (t0, (u8 *) h0);
e0 = vnet_classify_find_entry
(t0, (u8 *) h0, hash0, now);
IP6_ERROR_INACL_SESSION_DENY) : IP6_ERROR_NONE;
b0->error = error_node->errors[error0];
- if (e0->action == CLASSIFY_ACTION_SET_IP4_FIB_INDEX
- || e0->action ==
- CLASSIFY_ACTION_SET_IP6_FIB_INDEX)
- vnet_buffer (b0)->sw_if_index[VLIB_TX] =
- e0->metadata;
+ if (!is_output)
+ {
+ if (e0->action ==
+ CLASSIFY_ACTION_SET_IP4_FIB_INDEX
+ || e0->action ==
+ CLASSIFY_ACTION_SET_IP6_FIB_INDEX)
+ vnet_buffer (b0)->sw_if_index[VLIB_TX] =
+ e0->metadata;
+ else if (e0->action ==
+ CLASSIFY_ACTION_SET_METADATA)
+ vnet_buffer (b0)->ip.adj_index[VLIB_TX] =
+ e0->metadata;
+ }
break;
}
}
return frame->n_vectors;
}
-static uword
-ip4_inacl (vlib_main_t * vm, vlib_node_runtime_t * node, vlib_frame_t * frame)
+VLIB_NODE_FN (ip4_inacl_node) (vlib_main_t * vm, vlib_node_runtime_t * node,
+ vlib_frame_t * frame)
{
return ip_in_out_acl_inline (vm, node, frame, 1 /* is_ip4 */ ,
0 /* is_output */ );
}
-static uword
-ip4_outacl (vlib_main_t * vm, vlib_node_runtime_t * node,
- vlib_frame_t * frame)
+VLIB_NODE_FN (ip4_outacl_node) (vlib_main_t * vm, vlib_node_runtime_t * node,
+ vlib_frame_t * frame)
{
return ip_in_out_acl_inline (vm, node, frame, 1 /* is_ip4 */ ,
1 /* is_output */ );
/* *INDENT-OFF* */
VLIB_REGISTER_NODE (ip4_inacl_node) = {
- .function = ip4_inacl,
.name = "ip4-inacl",
.vector_size = sizeof (u32),
.format_trace = format_ip_inacl_trace,
};
VLIB_REGISTER_NODE (ip4_outacl_node) = {
- .function = ip4_outacl,
.name = "ip4-outacl",
.vector_size = sizeof (u32),
.format_trace = format_ip_outacl_trace,
};
/* *INDENT-ON* */
-VLIB_NODE_FUNCTION_MULTIARCH (ip4_inacl_node, ip4_inacl);
-VLIB_NODE_FUNCTION_MULTIARCH (ip4_outacl_node, ip4_outacl);
-
-static uword
-ip6_inacl (vlib_main_t * vm, vlib_node_runtime_t * node, vlib_frame_t * frame)
+VLIB_NODE_FN (ip6_inacl_node) (vlib_main_t * vm, vlib_node_runtime_t * node,
+ vlib_frame_t * frame)
{
return ip_in_out_acl_inline (vm, node, frame, 0 /* is_ip4 */ ,
0 /* is_output */ );
}
-static uword
-ip6_outacl (vlib_main_t * vm, vlib_node_runtime_t * node,
- vlib_frame_t * frame)
+VLIB_NODE_FN (ip6_outacl_node) (vlib_main_t * vm, vlib_node_runtime_t * node,
+ vlib_frame_t * frame)
{
return ip_in_out_acl_inline (vm, node, frame, 0 /* is_ip4 */ ,
1 /* is_output */ );
/* *INDENT-OFF* */
VLIB_REGISTER_NODE (ip6_inacl_node) = {
- .function = ip6_inacl,
.name = "ip6-inacl",
.vector_size = sizeof (u32),
.format_trace = format_ip_inacl_trace,
};
VLIB_REGISTER_NODE (ip6_outacl_node) = {
- .function = ip6_outacl,
.name = "ip6-outacl",
.vector_size = sizeof (u32),
.format_trace = format_ip_outacl_trace,
};
/* *INDENT-ON* */
-VLIB_NODE_FUNCTION_MULTIARCH (ip6_inacl_node, ip6_inacl);
-VLIB_NODE_FUNCTION_MULTIARCH (ip6_outacl_node, ip6_outacl);
-
+#ifndef CLIB_MARCH_VARIANT
static clib_error_t *
ip_in_out_acl_init (vlib_main_t * vm)
{
}
VLIB_INIT_FUNCTION (ip_in_out_acl_init);
+#endif /* CLIB_MARCH_VARIANT */
/*