X-Git-Url: https://gerrit.fd.io/r/gitweb?a=blobdiff_plain;f=src%2Fplugins%2Facl%2Facl.c;h=645c6c94a2cd201cbec7b131fa74cbcc3cb468aa;hb=e9ab1c0b4a8d9ae930fbc5522c8d56a0a7a49608;hp=80ef56613d4900ce7674e9334e111dd5169203bc;hpb=ef5dd4f2aec6df1b58aa8d07493acf486eccf802;p=vpp.git

diff --git a/src/plugins/acl/acl.c b/src/plugins/acl/acl.c
index 80ef56613d4..645c6c94a2c 100644
--- a/src/plugins/acl/acl.c
+++ b/src/plugins/acl/acl.c
@@ -1945,6 +1945,10 @@ static clib_error_t *
 acl_sw_interface_add_del (vnet_main_t * vnm, u32 sw_if_index, u32 is_add)
 {
   acl_main_t *am = &acl_main;
+  if (0 == am->acl_mheap) {
+    /* ACL heap is not initialized, so definitely nothing to do. */
+    return 0;
+  }
   if (0 == is_add) {
     vlib_process_signal_event (am->vlib_main, am->fa_cleaner_node_index,
                                ACL_FA_CLEANER_DELETE_BY_SW_IF_INDEX, sw_if_index);
@@ -2091,6 +2095,75 @@ done:
   return error;
 }
 
+static u8 *
+my_format_mac_address (u8 * s, va_list * args)
+{
+  u8 *a = va_arg (*args, u8 *);
+  return format (s, "%02x:%02x:%02x:%02x:%02x:%02x",
+                 a[0], a[1], a[2], a[3], a[4], a[5]);
+}
+
+static inline u8 *
+my_macip_acl_rule_t_pretty_format (u8 *out, va_list *args)
+{
+  macip_acl_rule_t *a = va_arg (*args, macip_acl_rule_t *);
+
+  out = format(out, "%s action %d ip %U/%d mac %U mask %U",
+                     a->is_ipv6 ? "ipv6" : "ipv4", a->is_permit,
+                     format_ip46_address, &a->src_ip_addr, IP46_TYPE_ANY,
+                     a->src_prefixlen,
+                     my_format_mac_address, a->src_mac,
+                     my_format_mac_address, a->src_mac_mask);
+  return(out);
+}
+
+static void
+macip_acl_print(acl_main_t *am, u32 macip_acl_index)
+{
+  vlib_main_t * vm = am->vlib_main;
+  int i;
+
+  /* Don't try to print someone else's memory */
+  if (macip_acl_index > vec_len(am->macip_acls))
+    return;
+
+  macip_acl_list_t *a = vec_elt_at_index(am->macip_acls, macip_acl_index);
+  int free_pool_slot = pool_is_free_index(am->macip_acls, macip_acl_index);
+
+  vlib_cli_output(vm, "MACIP acl_index: %d, count: %d (true len %d) tag {%s} is free pool slot: %d\n",
+                  macip_acl_index, a->count, vec_len(a->rules), a->tag, free_pool_slot);
+  vlib_cli_output(vm, "  ip4_table_index %d, ip6_table_index %d, l2_table_index %d\n",
+                  a->ip4_table_index, a->ip6_table_index, a->l2_table_index);
+  for(i=0; i<vec_len(a->rules); i++)
+    vlib_cli_output(vm, "    rule %d: %U\n", i, my_macip_acl_rule_t_pretty_format,
+                    vec_elt_at_index(a->rules, i));
+
+}
+
+static clib_error_t *
+acl_show_aclplugin_macip_fn (vlib_main_t * vm,
+                              unformat_input_t * input,
+                              vlib_cli_command_t * cmd)
+{
+  clib_error_t *error = 0;
+  acl_main_t *am = &acl_main;
+  int i;
+  if (unformat (input, "interface"))
+    {
+      for(i=0; i < vec_len(am->macip_acl_by_sw_if_index); i++)
+        {
+          vlib_cli_output(vm, "  sw_if_index %d: %d\n", i, vec_elt(am->macip_acl_by_sw_if_index, i));
+        }
+    }
+  else if (unformat (input, "acl"))
+    {
+      for(i=0; i < vec_len(am->macip_acls); i++)
+        macip_acl_print(am, i);
+    }
+  return error;
+}
+
+
 static clib_error_t *
 acl_show_aclplugin_fn (vlib_main_t * vm,
                               unformat_input_t * input,
@@ -2377,6 +2450,7 @@ acl_show_aclplugin_fn (vlib_main_t * vm,
           if (swi < vec_len(am->input_applied_hash_acl_info_by_sw_if_index)) {
             applied_hash_acl_info_t *pal = &am->input_applied_hash_acl_info_by_sw_if_index[swi];
             out0 = format(out0, "  input lookup mask_type_index_bitmap: %U\n", format_bitmap_hex, pal->mask_type_index_bitmap);
+            out0 = format(out0, "  input applied acls: %U\n", format_vec32, pal->applied_acls, "%d");
           }
           if (swi < vec_len(am->input_hash_entry_vec_by_sw_if_index)) {
             out0 = format(out0, "  input lookup applied entries:\n");
@@ -2391,6 +2465,7 @@ acl_show_aclplugin_fn (vlib_main_t * vm,
           if (swi < vec_len(am->output_applied_hash_acl_info_by_sw_if_index)) {
             applied_hash_acl_info_t *pal = &am->output_applied_hash_acl_info_by_sw_if_index[swi];
             out0 = format(out0, "  output lookup mask_type_index_bitmap: %U\n", format_bitmap_hex, pal->mask_type_index_bitmap);
+            out0 = format(out0, "  output applied acls: %U\n", format_vec32, pal->applied_acls, "%d");
           }
           if (swi < vec_len(am->output_hash_entry_vec_by_sw_if_index)) {
             out0 = format(out0, "  output lookup applied entries:\n");
@@ -2440,6 +2515,13 @@ VLIB_CLI_COMMAND (aclplugin_show_command, static) = {
     .function = acl_show_aclplugin_fn,
 };
 
+VLIB_CLI_COMMAND (aclplugin_show_macip_command, static) = {
+    .path = "show acl-plugin macip",
+    .short_help = "show acl-plugin macip {acl|interface}",
+    .function = acl_show_aclplugin_macip_fn,
+};
+
+
 VLIB_CLI_COMMAND (aclplugin_clear_command, static) = {
     .path = "clear acl-plugin sessions",
     .short_help = "clear acl-plugin sessions",