X-Git-Url: https://gerrit.fd.io/r/gitweb?a=blobdiff_plain;f=src%2Fplugins%2Facl%2Facl.c;h=24536eb84b72e79605e2fa77b1b16fb46392f2a1;hb=1d342b9c8;hp=ba4243c69269e09bc3ab1f43296cf33178aa33d9;hpb=fce561226f0941bd144543741fe1f21326c01b87;p=vpp.git

diff --git a/src/plugins/acl/acl.c b/src/plugins/acl/acl.c
index ba4243c6926..24536eb84b7 100644
--- a/src/plugins/acl/acl.c
+++ b/src/plugins/acl/acl.c
@@ -1772,7 +1772,7 @@ macip_acl_interface_add_del_acl (u32 sw_if_index, u8 is_add,
  *
  */
 static int
-verify_message_len (void *mp, u32 expected_len, char *where)
+verify_message_len (void *mp, u64 expected_len, char *where)
 {
   u32 supplied_len = vl_msg_api_get_msg_length (mp);
   if (supplied_len < expected_len)
@@ -1796,7 +1796,7 @@ vl_api_acl_add_replace_t_handler (vl_api_acl_add_replace_t * mp)
   int rv;
   u32 acl_list_index = ntohl (mp->acl_index);
   u32 acl_count = ntohl (mp->count);
-  u32 expected_len = sizeof (*mp) + acl_count * sizeof (mp->r[0]);
+  u64 expected_len = sizeof (*mp) + acl_count * sizeof (mp->r[0]);
 
   if (verify_message_len (mp, expected_len, "acl_add_replace"))
     {
@@ -2085,7 +2085,7 @@ vl_api_macip_acl_add_t_handler (vl_api_macip_acl_add_t * mp)
   int rv;
   u32 acl_list_index = ~0;
   u32 acl_count = ntohl (mp->count);
-  u32 expected_len = sizeof (*mp) + acl_count * sizeof (mp->r[0]);
+  u64 expected_len = sizeof (*mp) + acl_count * sizeof (mp->r[0]);
 
   if (verify_message_len (mp, expected_len, "macip_acl_add"))
     {
@@ -2112,7 +2112,7 @@ vl_api_macip_acl_add_replace_t_handler (vl_api_macip_acl_add_replace_t * mp)
   int rv;
   u32 acl_list_index = ntohl (mp->acl_index);
   u32 acl_count = ntohl (mp->count);
-  u32 expected_len = sizeof (*mp) + acl_count * sizeof (mp->r[0]);
+  u64 expected_len = sizeof (*mp) + acl_count * sizeof (mp->r[0]);
 
   if (verify_message_len (mp, expected_len, "macip_acl_add_replace"))
     {
@@ -2450,6 +2450,45 @@ static void
     }
 }
 
+static void
+vl_api_acl_plugin_use_hash_lookup_set_t_handler (
+  vl_api_acl_plugin_use_hash_lookup_set_t *mp)
+{
+  acl_main_t *am = &acl_main;
+  vl_api_acl_plugin_use_hash_lookup_set_reply_t *rmp;
+  vl_api_registration_t *reg;
+  int rv = 0;
+
+  reg = vl_api_client_index_to_registration (mp->client_index);
+  if (!reg)
+    return;
+
+  am->use_hash_acl_matching = mp->enable;
+  REPLY_MACRO (VL_API_ACL_PLUGIN_USE_HASH_LOOKUP_SET_REPLY);
+}
+
+static void
+vl_api_acl_plugin_use_hash_lookup_get_t_handler (
+  vl_api_acl_plugin_use_hash_lookup_get_t *mp)
+{
+  acl_main_t *am = &acl_main;
+  vl_api_acl_plugin_use_hash_lookup_get_reply_t *rmp;
+  int msg_size = sizeof (*rmp);
+  vl_api_registration_t *reg;
+
+  reg = vl_api_client_index_to_registration (mp->client_index);
+  if (!reg)
+    return;
+
+  rmp = vl_msg_api_alloc (msg_size);
+  clib_memset (rmp, 0, msg_size);
+  rmp->_vl_msg_id =
+    ntohs (VL_API_ACL_PLUGIN_USE_HASH_LOOKUP_GET_REPLY + am->msg_id_base);
+  rmp->context = mp->context;
+  rmp->enable = am->use_hash_acl_matching;
+  vl_api_send_msg (reg, (u8 *) rmp);
+}
+
 static void
 acl_set_timeout_sec (int timeout_type, u32 value)
 {
@@ -2837,8 +2876,7 @@ acl_set_aclplugin_acl_fn (vlib_main_t * vm,
   u32 port2 = 0;
   u32 action = 0;
   u32 tcpflags, tcpmask;
-  u32 src_prefix_length = 0, dst_prefix_length = 0;
-  ip46_address_t src, dst;
+  ip_prefix_t src, dst;
   u8 *tag = 0;
 
   if (!unformat_user (input, unformat_line_input, line_input))
@@ -2870,25 +2908,15 @@ acl_set_aclplugin_acl_fn (vlib_main_t * vm,
 	  vec_validate_acl_rules (rules, rule_idx);
 	  rules[rule_idx].is_permit = action;
 	}
-      else if (unformat (line_input, "src %U/%d",
-			 unformat_ip46_address, &src, IP46_TYPE_ANY,
-			 &src_prefix_length))
+      else if (unformat (line_input, "src %U", unformat_ip_prefix, &src))
 	{
 	  vec_validate_acl_rules (rules, rule_idx);
-	  ip_address_encode (&src, IP46_TYPE_ANY,
-			     &rules[rule_idx].src_prefix.address);
-	  rules[rule_idx].src_prefix.address.af = ADDRESS_IP4;
-	  rules[rule_idx].src_prefix.len = src_prefix_length;
+	  ip_prefix_encode2 (&src, &rules[rule_idx].src_prefix);
 	}
-      else if (unformat (line_input, "dst %U/%d",
-			 unformat_ip46_address, &dst, IP46_TYPE_ANY,
-			 &dst_prefix_length))
+      else if (unformat (line_input, "dst %U", unformat_ip_prefix, &dst))
 	{
 	  vec_validate_acl_rules (rules, rule_idx);
-	  ip_address_encode (&dst, IP46_TYPE_ANY,
-			     &rules[rule_idx].dst_prefix.address);
-	  rules[rule_idx].dst_prefix.address.af = ADDRESS_IP4;
-	  rules[rule_idx].dst_prefix.len = dst_prefix_length;
+	  ip_prefix_encode2 (&dst, &rules[rule_idx].dst_prefix);
 	}
       else if (unformat (line_input, "sport %d-%d", &port1, &port2))
 	{
@@ -3443,6 +3471,8 @@ acl_show_aclplugin_tables_fn (vlib_main_t * vm,
     }
   vlib_cli_output (vm, "Stats counters enabled for interface ACLs: %d",
 		   acl_main.interface_acl_counters_enabled);
+  vlib_cli_output (vm, "Use hash-based lookup for ACLs: %d",
+		   acl_main.use_hash_acl_matching);
   if (show_mask_type)
     acl_plugin_show_tables_mask_type ();
   if (show_acl_hash_info)