X-Git-Url: https://gerrit.fd.io/r/gitweb?a=blobdiff_plain;f=src%2Fplugins%2Facl%2Facl_test.c;h=19a6f915381efc717a01ecf01d298ca6638925fc;hb=bb5d22d;hp=abb9643ef1c76def3b495b081013f0282021c8be;hpb=c29940c58de3e44c0c1dd5c4eda5e0268d963b14;p=vpp.git diff --git a/src/plugins/acl/acl_test.c b/src/plugins/acl/acl_test.c index abb9643ef1c..19a6f915381 100644 --- a/src/plugins/acl/acl_test.c +++ b/src/plugins/acl/acl_test.c @@ -21,7 +21,6 @@ #include #include #include -#include #include #include #include @@ -68,6 +67,7 @@ _(acl_del_reply) \ _(acl_interface_add_del_reply) \ _(macip_acl_interface_add_del_reply) \ _(acl_interface_set_acl_list_reply) \ +_(acl_interface_set_etype_whitelist_reply) \ _(macip_acl_del_reply) #define foreach_reply_retval_aclindex_handler \ @@ -155,6 +155,34 @@ static void vl_api_acl_interface_list_details_t_handler vam->result_ready = 1; } +static void vl_api_acl_interface_etype_whitelist_details_t_handler + (vl_api_acl_interface_etype_whitelist_details_t * mp) + { + int i; + vat_main_t * vam = acl_test_main.vat_main; + u8 *out = 0; + vl_api_acl_interface_etype_whitelist_details_t_endian(mp); + out = format(out, "sw_if_index: %d, count: %d, n_input: %d\n", mp->sw_if_index, mp->count, mp->n_input); + out = format(out, " input "); + for(i=0; icount; i++) { + if (i == mp->n_input) + out = format(out, "\n output "); + out = format(out, "%04x ", ntohs(mp->whitelist[i])); + } + out = format(out, "\n"); + clib_warning("%s", out); + vec_free(out); + vam->result_ready = 1; + } + +static void vl_api_acl_plugin_get_conn_table_max_entries_reply_t_handler + (vl_api_acl_plugin_get_conn_table_max_entries_reply_t * mp) + { + vat_main_t * vam = acl_test_main.vat_main; + clib_warning("\nConn table max entries: %d", + __bswap_64(mp->conn_table_max_entries) ); + vam->result_ready = 1; + } static inline u8 * vl_api_acl_rule_t_pretty_format (u8 *out, vl_api_acl_rule_t * a) @@ -270,6 +298,8 @@ _(ACL_ADD_REPLACE_REPLY, acl_add_replace_reply) \ _(ACL_DEL_REPLY, acl_del_reply) \ _(ACL_INTERFACE_ADD_DEL_REPLY, acl_interface_add_del_reply) \ _(ACL_INTERFACE_SET_ACL_LIST_REPLY, acl_interface_set_acl_list_reply) \ +_(ACL_INTERFACE_SET_ETYPE_WHITELIST_REPLY, acl_interface_set_etype_whitelist_reply) \ +_(ACL_INTERFACE_ETYPE_WHITELIST_DETAILS, acl_interface_etype_whitelist_details) \ _(ACL_INTERFACE_LIST_DETAILS, acl_interface_list_details) \ _(ACL_DETAILS, acl_details) \ _(MACIP_ACL_ADD_REPLY, macip_acl_add_reply) \ @@ -279,7 +309,8 @@ _(MACIP_ACL_DETAILS, macip_acl_details) \ _(MACIP_ACL_INTERFACE_ADD_DEL_REPLY, macip_acl_interface_add_del_reply) \ _(MACIP_ACL_INTERFACE_GET_REPLY, macip_acl_interface_get_reply) \ _(ACL_PLUGIN_CONTROL_PING_REPLY, acl_plugin_control_ping_reply) \ -_(ACL_PLUGIN_GET_VERSION_REPLY, acl_plugin_get_version_reply) +_(ACL_PLUGIN_GET_VERSION_REPLY, acl_plugin_get_version_reply) \ +_(ACL_PLUGIN_GET_CONN_TABLE_MAX_ENTRIES_REPLY,acl_plugin_get_conn_table_max_entries_reply) static int api_acl_plugin_get_version (vat_main_t * vam) { @@ -290,7 +321,7 @@ static int api_acl_plugin_get_version (vat_main_t * vam) vam->result_ready = 0; mp = vl_msg_api_alloc_as_if_client(msg_size); - memset (mp, 0, msg_size); + clib_memset (mp, 0, msg_size); mp->_vl_msg_id = ntohs (VL_API_ACL_PLUGIN_GET_VERSION + sm->msg_id_base); mp->client_index = vam->my_client_index; @@ -311,7 +342,7 @@ static int api_macip_acl_interface_get (vat_main_t * vam) vam->result_ready = 0; mp = vl_msg_api_alloc_as_if_client(msg_size); - memset (mp, 0, msg_size); + clib_memset (mp, 0, msg_size); mp->_vl_msg_id = ntohs (VL_API_MACIP_ACL_INTERFACE_GET + sm->msg_id_base); mp->client_index = vam->my_client_index; @@ -496,7 +527,7 @@ static int api_acl_add_replace (vat_main_t * vam) msg_size += n_rules*sizeof(rules[0]); mp = vl_msg_api_alloc_as_if_client(msg_size); - memset (mp, 0, msg_size); + clib_memset (mp, 0, msg_size); mp->_vl_msg_id = ntohs (VL_API_ACL_ADD_REPLACE + sm->msg_id_base); mp->client_index = vam->my_client_index; if ((n_rules > 0) && rules) @@ -522,6 +553,196 @@ static int api_acl_add_replace (vat_main_t * vam) return ret; } +static int api_acl_plugin_get_conn_table_max_entries (vat_main_t * vam) +{ + acl_test_main_t * sm = &acl_test_main; + vl_api_acl_plugin_get_conn_table_max_entries_t * mp; + u32 msg_size = sizeof(*mp); + int ret; + + vam->result_ready = 0; + mp = vl_msg_api_alloc_as_if_client(msg_size); + memset (mp, 0, msg_size); + mp->_vl_msg_id = ntohs (VL_API_ACL_PLUGIN_GET_CONN_TABLE_MAX_ENTRIES + sm->msg_id_base); + mp->client_index = vam->my_client_index; + + /* send it... */ + S(mp); + + /* Wait for a reply... */ + W (ret); + return ret; +} + + +/* + * Read the series of ACL entries from file in the following format: + * + +@0.0.0.0/1 131.179.121.0/24 0 : 65535 0 : 65535 0x00/0x00 0x0000/0x0000 +@128.0.0.0/1 85.54.226.0/23 0 : 65535 0 : 65535 0x00/0x00 0x0000/0x0000 +@128.0.0.0/1 85.54.48.0/23 0 : 65535 0 : 65535 0x00/0x00 0x0000/0x0000 +@128.0.0.0/1 31.237.44.0/23 0 : 65535 0 : 65535 0x00/0x00 0x0000/0x0000 +@0.0.0.0/1 255.84.184.0/23 0 : 65535 0 : 65535 0x00/0x00 0x0000/0x0000 +@132.92.0.0/16 0.0.0.0/0 0 : 65535 0 : 65535 0x01/0xFF 0x0000/0x0000 + + * + */ + +static int +api_acl_add_replace_from_file (vat_main_t * vam) +{ + int ret = -1; + unformat_input_t * input = vam->input; + acl_test_main_t * sm = &acl_test_main; + vl_api_acl_add_replace_t * mp; + u32 acl_index = ~0; + u32 msg_size = sizeof (*mp); /* without the rules */ + + vl_api_acl_rule_t *rules = 0; + int rule_idx = -1; + int n_rules = 0; + int is_permit = 0; + int append_default_permit = 0; + u32 tcpflags = 0, tcpmask = 0; + ip4_address_t src_v4address, dst_v4address; + int fd = -1; + + char *file_name = NULL; + unformat_input_t file_input; + + while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT) + { + if (unformat (input, "filename %s", &file_name)) + { + /* we will use this later */ + } + else if (unformat (input, "acl-index %d", &acl_index)) + { + /* we will try to replace an existing ACL */ + } + else if (unformat (input, "permit+reflect")) + { + is_permit = 2; + } + else if (unformat (input, "permit")) + { + is_permit = 1; + } + else if (unformat (input, "append-default-permit")) + { + append_default_permit = 1; + } + else + break; + } + + fd = open(file_name, O_RDONLY); + if (fd < 0) + { + clib_warning("Could not open file '%s'"); + goto done; + } + + /* input from file */ + input = &file_input; + unformat_init_clib_file(input, fd); + + unsigned sport_low, sport_high, dport_low, dport_high; + unsigned proto, protomask; + u32 src_prefix_length, dst_prefix_length; + u32 unused1, unused2; + + while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT) + { + if (!unformat(input, "@%U/%d\t%U/%d\t%d : %d\t%d : %d\t0x%x/0x%x\t0x%x/0x%x", + unformat_ip4_address, &src_v4address, &src_prefix_length, + unformat_ip4_address, &dst_v4address, &dst_prefix_length, + &sport_low, &sport_high, &dport_low, &dport_high, &proto, &protomask, &unused1, &unused2)) { + clib_warning("Error parsing"); + break; + } + + rule_idx++; + vec_validate_acl_rules(rules, rule_idx); + + rules[rule_idx].is_ipv6 = 0; + rules[rule_idx].is_permit = is_permit; + memcpy (rules[rule_idx].src_ip_addr, &src_v4address, 4); + rules[rule_idx].src_ip_prefix_len = src_prefix_length; + memcpy (rules[rule_idx].dst_ip_addr, &dst_v4address, 4); + rules[rule_idx].dst_ip_prefix_len = dst_prefix_length; + rules[rule_idx].srcport_or_icmptype_first = htons(sport_low); + rules[rule_idx].srcport_or_icmptype_last = htons(sport_high); + rules[rule_idx].dstport_or_icmpcode_first = htons(dport_low); + rules[rule_idx].dstport_or_icmpcode_last = htons(dport_high); + rules[rule_idx].tcp_flags_value = tcpflags; + rules[rule_idx].tcp_flags_mask = tcpmask; + rules[rule_idx].proto = proto; + + } + + if (append_default_permit) { + rule_idx++; + vec_validate_acl_rules(rules, rule_idx); + + rules[rule_idx].is_ipv6 = 0; + rules[rule_idx].is_permit = is_permit == 2 ? 2 : 1; + + src_v4address.data[0]=0; + src_v4address.data[1]=0; + src_v4address.data[2]=0; + src_v4address.data[3]=0; + memcpy (rules[rule_idx].src_ip_addr, &src_v4address, 4); + rules[rule_idx].src_ip_prefix_len = 0; + + dst_v4address.data[0]=0; + dst_v4address.data[1]=0; + dst_v4address.data[2]=0; + dst_v4address.data[3]=0; + memcpy (rules[rule_idx].dst_ip_addr, &dst_v4address, 4); + rules[rule_idx].dst_ip_prefix_len = 0; + + rules[rule_idx].srcport_or_icmptype_first = htons(0); + rules[rule_idx].srcport_or_icmptype_last = htons(65535); + rules[rule_idx].dstport_or_icmpcode_first = htons(0); + rules[rule_idx].dstport_or_icmpcode_last = htons(65535); + rules[rule_idx].tcp_flags_value = 0; + rules[rule_idx].tcp_flags_mask = 0; + rules[rule_idx].proto = 0; + } + + /* Construct the API message */ + + vam->result_ready = 0; + + n_rules = vec_len(rules); + + msg_size += n_rules*sizeof(rules[0]); + + mp = vl_msg_api_alloc_as_if_client(msg_size); + clib_memset (mp, 0, msg_size); + mp->_vl_msg_id = ntohs (VL_API_ACL_ADD_REPLACE + sm->msg_id_base); + mp->client_index = vam->my_client_index; + if (n_rules > 0) + clib_memcpy(mp->r, rules, n_rules*sizeof (vl_api_acl_rule_t)); + mp->acl_index = ntohl(acl_index); + mp->count = htonl(n_rules); + + /* send it... */ + S(mp); + + /* Wait for a reply... */ + W (ret); +done: + if (fd > 0) + close (fd); + vec_free(file_name); + + return ret; +} + + static int api_acl_del (vat_main_t * vam) { unformat_input_t * i = vam->input; @@ -747,6 +968,63 @@ static int api_acl_interface_set_acl_list (vat_main_t * vam) return ret; } +static int api_acl_interface_set_etype_whitelist (vat_main_t * vam) +{ + unformat_input_t * i = vam->input; + vl_api_acl_interface_set_etype_whitelist_t * mp; + u32 sw_if_index = ~0; + u32 ethertype = ~0; + u16 *etypes_in = 0; + u16 *etypes_out = 0; + u8 is_input = 1; + int ret; + +// acl_interface_set_etype_whitelist | sw_if_index input [ethertype list] output [ethertype list] + + /* Parse args required to build the message */ + while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT) { + if (unformat (i, "%U", unformat_sw_if_index, vam, &sw_if_index)) + ; + else if (unformat (i, "sw_if_index %d", &sw_if_index)) + ; + else if (unformat (i, "%x", ðertype)) + { + ethertype = ethertype & 0xffff; + if(is_input) + vec_add1(etypes_in, htons(ethertype)); + else + vec_add1(etypes_out, htons(ethertype)); + } + else if (unformat (i, "input")) + is_input = 1; + else if (unformat (i, "output")) + is_input = 0; + else + break; + } + + if (sw_if_index == ~0) { + errmsg ("missing interface name / explicit sw_if_index number \n"); + return -99; + } + + /* Construct the API message */ + M2(ACL_INTERFACE_SET_ETYPE_WHITELIST, mp, sizeof(u32) * (vec_len(etypes_in) + vec_len(etypes_out))); + mp->sw_if_index = ntohl(sw_if_index); + mp->n_input = vec_len(etypes_in); + mp->count = vec_len(etypes_in) + vec_len(etypes_out); + vec_append(etypes_in, etypes_out); + if (vec_len(etypes_in) > 0) + clib_memcpy(mp->whitelist, etypes_in, vec_len(etypes_in)*sizeof(etypes_in[0])); + + /* send it... */ + S(mp); + + /* Wait for a reply... */ + W (ret); + return ret; +} + static void api_acl_send_control_ping(vat_main_t *vam) { @@ -849,6 +1127,39 @@ static int api_macip_acl_dump (vat_main_t * vam) return ret; } +static int api_acl_interface_etype_whitelist_dump (vat_main_t * vam) +{ + unformat_input_t * i = vam->input; + u32 sw_if_index = ~0; + vl_api_acl_interface_etype_whitelist_dump_t * mp; + int ret; + + /* Parse args required to build the message */ + while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT) { + if (unformat (i, "%U", unformat_sw_if_index, vam, &sw_if_index)) + ; + else if (unformat (i, "sw_if_index %d", &sw_if_index)) + ; + else + break; + } + + /* Construct the API message */ + M(ACL_INTERFACE_ETYPE_WHITELIST_DUMP, mp); + mp->sw_if_index = ntohl (sw_if_index); + + /* send it... */ + S(mp); + + /* Use control ping for synchronization */ + api_acl_send_control_ping(vam); + + /* Wait for a reply... */ + W (ret); + return ret; +} + + #define vec_validate_macip_acl_rules(v, idx) \ do { \ if (vec_len(v) < idx+1) { \ @@ -974,7 +1285,7 @@ static int api_macip_acl_add (vat_main_t * vam) msg_size += n_rules*sizeof(rules[0]); mp = vl_msg_api_alloc_as_if_client(msg_size); - memset (mp, 0, msg_size); + clib_memset (mp, 0, msg_size); mp->_vl_msg_id = ntohs (VL_API_MACIP_ACL_ADD + sm->msg_id_base); mp->client_index = vam->my_client_index; if ((n_rules > 0) && rules) @@ -1126,7 +1437,7 @@ static int api_macip_acl_add_replace (vat_main_t * vam) msg_size += n_rules*sizeof(rules[0]); mp = vl_msg_api_alloc_as_if_client(msg_size); - memset (mp, 0, msg_size); + clib_memset (mp, 0, msg_size); mp->_vl_msg_id = ntohs (VL_API_MACIP_ACL_ADD_REPLACE + sm->msg_id_base); mp->client_index = vam->my_client_index; if ((n_rules > 0) && rules) @@ -1160,17 +1471,21 @@ static int api_macip_acl_add_replace (vat_main_t * vam) #define foreach_vpe_api_msg \ _(acl_plugin_get_version, "") \ _(acl_add_replace, " [ [src IP/plen] [dst IP/plen] [sport X-Y] [dport X-Y] [proto P] [tcpflags FL MASK], ... , ...") \ +_(acl_add_replace_from_file, "filename [permit] [append-default-permit]") \ _(acl_del, "") \ _(acl_dump, "[]") \ _(acl_interface_add_del, " | sw_if_index [add|del] [input|output] acl ") \ _(acl_interface_set_acl_list, " | sw_if_index input [acl-idx list] output [acl-idx list]") \ +_(acl_interface_set_etype_whitelist, " | sw_if_index input [ethertype list] output [ethertype list]") \ +_(acl_interface_etype_whitelist_dump, "[ | sw_if_index ]") \ _(acl_interface_list_dump, "[ | sw_if_index ]") \ _(macip_acl_add, "...") \ _(macip_acl_add_replace, " [ [count ] [src] ip mac mask , ... , ...") \ _(macip_acl_del, "")\ _(macip_acl_dump, "[]") \ _(macip_acl_interface_add_del, " | sw_if_index [add|del] acl ") \ -_(macip_acl_interface_get, "") +_(macip_acl_interface_get, "") \ +_(acl_plugin_get_conn_table_max_entries, "") static