2 * Copyright (c) 2015 Cisco and/or its affiliates.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at:
7 * http://www.apache.org/licenses/LICENSE-2.0
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
16 *------------------------------------------------------------------
17 * acl_test.c - test harness plugin
18 *------------------------------------------------------------------
22 #include <vlibapi/api.h>
23 #include <vlibmemory/api.h>
24 #include <vlibsocket/api.h>
25 #include <vppinfra/error.h>
26 #include <vnet/ip/ip.h>
27 #include <arpa/inet.h>
28 #include <vlibapi/vat_helper_macros.h>
30 uword unformat_sw_if_index (unformat_input_t * input, va_list * args);
32 /* Declare message IDs */
33 #include <acl/acl_msg_enum.h>
35 /* define message structures */
37 #include <acl/acl_all_api_h.h>
40 /* define message structures */
42 #include <acl/acl_all_api_h.h>
45 /* instantiate all the print functions we know about */
46 #define vl_print(handle, ...)
48 #include <acl/acl_all_api_h.h>
51 /* Get the API version number. */
52 #define vl_api_version(n,v) static u32 api_version=(v);
53 #include <acl/acl_all_api_h.h>
57 /* API message ID base */
62 acl_test_main_t acl_test_main;
64 #define foreach_standard_reply_retval_handler \
66 _(acl_interface_add_del_reply) \
67 _(macip_acl_interface_add_del_reply) \
68 _(acl_interface_set_acl_list_reply) \
69 _(macip_acl_del_reply)
71 #define foreach_reply_retval_aclindex_handler \
72 _(acl_add_replace_reply) \
73 _(macip_acl_add_reply)
76 static void vl_api_##n##_t_handler \
77 (vl_api_##n##_t * mp) \
79 vat_main_t * vam = acl_test_main.vat_main; \
80 i32 retval = ntohl(mp->retval); \
81 if (vam->async_mode) { \
82 vam->async_errors += (retval < 0); \
84 vam->retval = retval; \
85 vam->result_ready = 1; \
88 foreach_standard_reply_retval_handler;
92 static void vl_api_##n##_t_handler \
93 (vl_api_##n##_t * mp) \
95 vat_main_t * vam = acl_test_main.vat_main; \
96 i32 retval = ntohl(mp->retval); \
97 if (vam->async_mode) { \
98 vam->async_errors += (retval < 0); \
100 clib_warning("ACL index: %d", ntohl(mp->acl_index)); \
101 vam->retval = retval; \
102 vam->result_ready = 1; \
105 foreach_reply_retval_aclindex_handler;
108 /* These two ought to be in a library somewhere but they aren't */
110 my_unformat_mac_address (unformat_input_t * input, va_list * args)
112 u8 *a = va_arg (*args, u8 *);
113 return unformat (input, "%x:%x:%x:%x:%x:%x", &a[0], &a[1], &a[2], &a[3],
118 my_format_mac_address (u8 * s, va_list * args)
120 u8 *a = va_arg (*args, u8 *);
121 return format (s, "%02x:%02x:%02x:%02x:%02x:%02x",
122 a[0], a[1], a[2], a[3], a[4], a[5]);
127 static void vl_api_acl_plugin_get_version_reply_t_handler
128 (vl_api_acl_plugin_get_version_reply_t * mp)
130 vat_main_t * vam = acl_test_main.vat_main;
131 clib_warning("ACL plugin version: %d.%d", ntohl(mp->major), ntohl(mp->minor));
132 vam->result_ready = 1;
135 static void vl_api_acl_interface_list_details_t_handler
136 (vl_api_acl_interface_list_details_t * mp)
139 vat_main_t * vam = acl_test_main.vat_main;
141 vl_api_acl_interface_list_details_t_endian(mp);
142 out = format(out, "sw_if_index: %d, count: %d, n_input: %d\n", mp->sw_if_index, mp->count, mp->n_input);
143 out = format(out, " input ");
144 for(i=0; i<mp->count; i++) {
145 out = format(out, "%d ", mp->acls[i]);
146 if (i == mp->n_input-1)
147 out = format(out, "\n output ");
149 out = format(out, "\n");
150 clib_warning("%s", out);
152 vam->result_ready = 1;
157 vl_api_acl_rule_t_pretty_format (u8 *out, vl_api_acl_rule_t * a)
159 int af = a->is_ipv6 ? AF_INET6 : AF_INET;
160 u8 src[INET6_ADDRSTRLEN];
161 u8 dst[INET6_ADDRSTRLEN];
162 inet_ntop(af, a->src_ip_addr, (void *)src, sizeof(src));
163 inet_ntop(af, a->dst_ip_addr, (void *)dst, sizeof(dst));
165 out = format(out, "%s action %d src %s/%d dst %s/%d proto %d sport %d-%d dport %d-%d tcpflags %d %d",
166 a->is_ipv6 ? "ipv6" : "ipv4", a->is_permit,
167 src, a->src_ip_prefix_len,
168 dst, a->dst_ip_prefix_len,
170 a->srcport_or_icmptype_first, a->srcport_or_icmptype_last,
171 a->dstport_or_icmpcode_first, a->dstport_or_icmpcode_last,
172 a->tcp_flags_mask, a->tcp_flags_value);
178 static void vl_api_acl_details_t_handler
179 (vl_api_acl_details_t * mp)
182 vat_main_t * vam = acl_test_main.vat_main;
183 vl_api_acl_details_t_endian(mp);
185 out = format(0, "acl_index: %d, count: %d\n tag {%s}\n", mp->acl_index, mp->count, mp->tag);
186 for(i=0; i<mp->count; i++) {
187 out = format(out, " ");
188 out = vl_api_acl_rule_t_pretty_format(out, &mp->r[i]);
189 out = format(out, "%s\n", i<mp->count-1 ? "," : "");
191 clib_warning("%s", out);
193 vam->result_ready = 1;
197 vl_api_macip_acl_rule_t_pretty_format (u8 *out, vl_api_macip_acl_rule_t * a)
199 int af = a->is_ipv6 ? AF_INET6 : AF_INET;
200 u8 src[INET6_ADDRSTRLEN];
201 inet_ntop(af, a->src_ip_addr, (void *)src, sizeof(src));
203 out = format(out, "%s action %d ip %s/%d mac %U mask %U",
204 a->is_ipv6 ? "ipv6" : "ipv4", a->is_permit,
205 src, a->src_ip_prefix_len,
206 my_format_mac_address, a->src_mac,
207 my_format_mac_address, a->src_mac_mask);
212 static void vl_api_macip_acl_details_t_handler
213 (vl_api_macip_acl_details_t * mp)
216 vat_main_t * vam = acl_test_main.vat_main;
217 vl_api_macip_acl_details_t_endian(mp);
218 u8 *out = format(0,"MACIP acl_index: %d, count: %d\n tag {%s}\n", mp->acl_index, mp->count, mp->tag);
219 for(i=0; i<mp->count; i++) {
220 out = format(out, " ");
221 out = vl_api_macip_acl_rule_t_pretty_format(out, &mp->r[i]);
222 out = format(out, "%s\n", i<mp->count-1 ? "," : "");
224 clib_warning("%s", out);
226 vam->result_ready = 1;
229 static void vl_api_macip_acl_interface_get_reply_t_handler
230 (vl_api_macip_acl_interface_get_reply_t * mp)
233 vat_main_t * vam = acl_test_main.vat_main;
234 u8 *out = format(0, "sw_if_index with MACIP ACL count: %d\n", ntohl(mp->count));
235 for(i=0; i<ntohl(mp->count); i++) {
236 out = format(out, " macip_acl_interface_add_del sw_if_index %d add acl %d\n", i, ntohl(mp->acls[i]));
238 out = format(out, "\n");
239 clib_warning("%s", out);
241 vam->result_ready = 1;
246 * Table of message reply handlers, must include boilerplate handlers
249 #define foreach_vpe_api_reply_msg \
250 _(ACL_ADD_REPLACE_REPLY, acl_add_replace_reply) \
251 _(ACL_DEL_REPLY, acl_del_reply) \
252 _(ACL_INTERFACE_ADD_DEL_REPLY, acl_interface_add_del_reply) \
253 _(ACL_INTERFACE_SET_ACL_LIST_REPLY, acl_interface_set_acl_list_reply) \
254 _(ACL_INTERFACE_LIST_DETAILS, acl_interface_list_details) \
255 _(ACL_DETAILS, acl_details) \
256 _(MACIP_ACL_ADD_REPLY, macip_acl_add_reply) \
257 _(MACIP_ACL_DEL_REPLY, macip_acl_del_reply) \
258 _(MACIP_ACL_DETAILS, macip_acl_details) \
259 _(MACIP_ACL_INTERFACE_ADD_DEL_REPLY, macip_acl_interface_add_del_reply) \
260 _(MACIP_ACL_INTERFACE_GET_REPLY, macip_acl_interface_get_reply) \
261 _(ACL_PLUGIN_GET_VERSION_REPLY, acl_plugin_get_version_reply)
263 static int api_acl_plugin_get_version (vat_main_t * vam)
265 acl_test_main_t * sm = &acl_test_main;
266 vl_api_acl_plugin_get_version_t * mp;
267 u32 msg_size = sizeof(*mp);
270 vam->result_ready = 0;
271 mp = vl_msg_api_alloc_as_if_client(msg_size);
272 memset (mp, 0, msg_size);
273 mp->_vl_msg_id = ntohs (VL_API_ACL_PLUGIN_GET_VERSION + sm->msg_id_base);
274 mp->client_index = vam->my_client_index;
279 /* Wait for a reply... */
285 static int api_macip_acl_interface_get (vat_main_t * vam)
287 acl_test_main_t * sm = &acl_test_main;
288 vl_api_acl_plugin_get_version_t * mp;
289 u32 msg_size = sizeof(*mp);
292 vam->result_ready = 0;
293 mp = vl_msg_api_alloc_as_if_client(msg_size);
294 memset (mp, 0, msg_size);
295 mp->_vl_msg_id = ntohs (VL_API_MACIP_ACL_INTERFACE_GET + sm->msg_id_base);
296 mp->client_index = vam->my_client_index;
301 /* Wait for a reply... */
307 #define vec_validate_acl_rules(v, idx) \
309 if (vec_len(v) < idx+1) { \
310 vec_validate(v, idx); \
311 v[idx].is_permit = 0x1; \
312 v[idx].srcport_or_icmptype_last = 0xffff; \
313 v[idx].dstport_or_icmpcode_last = 0xffff; \
318 static int api_acl_add_replace (vat_main_t * vam)
320 acl_test_main_t * sm = &acl_test_main;
321 unformat_input_t * i = vam->input;
323 vl_api_acl_add_replace_t * mp;
325 u32 msg_size = sizeof (*mp); /* without the rules */
327 vl_api_acl_rule_t *rules = 0;
334 u32 tcpflags, tcpmask;
335 u32 src_prefix_length = 0, dst_prefix_length = 0;
336 ip4_address_t src_v4address, dst_v4address;
337 ip6_address_t src_v6address, dst_v6address;
340 if (!unformat (i, "%d", &acl_index)) {
344 while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
346 if (unformat (i, "ipv6"))
348 vec_validate_acl_rules(rules, rule_idx);
349 rules[rule_idx].is_ipv6 = 1;
351 else if (unformat (i, "ipv4"))
353 vec_validate_acl_rules(rules, rule_idx);
354 rules[rule_idx].is_ipv6 = 0;
356 else if (unformat (i, "permit+reflect"))
358 vec_validate_acl_rules(rules, rule_idx);
359 rules[rule_idx].is_permit = 2;
361 else if (unformat (i, "permit"))
363 vec_validate_acl_rules(rules, rule_idx);
364 rules[rule_idx].is_permit = 1;
366 else if (unformat (i, "action %d", &action))
368 vec_validate_acl_rules(rules, rule_idx);
369 rules[rule_idx].is_permit = action;
371 else if (unformat (i, "src %U/%d",
372 unformat_ip4_address, &src_v4address, &src_prefix_length))
374 vec_validate_acl_rules(rules, rule_idx);
375 memcpy (rules[rule_idx].src_ip_addr, &src_v4address, 4);
376 rules[rule_idx].src_ip_prefix_len = src_prefix_length;
377 rules[rule_idx].is_ipv6 = 0;
379 else if (unformat (i, "src %U/%d",
380 unformat_ip6_address, &src_v6address, &src_prefix_length))
382 vec_validate_acl_rules(rules, rule_idx);
383 memcpy (rules[rule_idx].src_ip_addr, &src_v6address, 16);
384 rules[rule_idx].src_ip_prefix_len = src_prefix_length;
385 rules[rule_idx].is_ipv6 = 1;
387 else if (unformat (i, "dst %U/%d",
388 unformat_ip4_address, &dst_v4address, &dst_prefix_length))
390 vec_validate_acl_rules(rules, rule_idx);
391 memcpy (rules[rule_idx].dst_ip_addr, &dst_v4address, 4);
392 rules[rule_idx].dst_ip_prefix_len = dst_prefix_length;
393 rules[rule_idx].is_ipv6 = 0;
395 else if (unformat (i, "dst %U/%d",
396 unformat_ip6_address, &dst_v6address, &dst_prefix_length))
398 vec_validate_acl_rules(rules, rule_idx);
399 memcpy (rules[rule_idx].dst_ip_addr, &dst_v6address, 16);
400 rules[rule_idx].dst_ip_prefix_len = dst_prefix_length;
401 rules[rule_idx].is_ipv6 = 1;
403 else if (unformat (i, "sport %d-%d", &port1, &port2))
405 vec_validate_acl_rules(rules, rule_idx);
406 rules[rule_idx].srcport_or_icmptype_first = htons(port1);
407 rules[rule_idx].srcport_or_icmptype_last = htons(port2);
409 else if (unformat (i, "sport %d", &port1))
411 vec_validate_acl_rules(rules, rule_idx);
412 rules[rule_idx].srcport_or_icmptype_first = htons(port1);
413 rules[rule_idx].srcport_or_icmptype_last = htons(port1);
415 else if (unformat (i, "dport %d-%d", &port1, &port2))
417 vec_validate_acl_rules(rules, rule_idx);
418 rules[rule_idx].dstport_or_icmpcode_first = htons(port1);
419 rules[rule_idx].dstport_or_icmpcode_last = htons(port2);
421 else if (unformat (i, "dport %d", &port1))
423 vec_validate_acl_rules(rules, rule_idx);
424 rules[rule_idx].dstport_or_icmpcode_first = htons(port1);
425 rules[rule_idx].dstport_or_icmpcode_last = htons(port1);
427 else if (unformat (i, "tcpflags %d %d", &tcpflags, &tcpmask))
429 vec_validate_acl_rules(rules, rule_idx);
430 rules[rule_idx].tcp_flags_value = tcpflags;
431 rules[rule_idx].tcp_flags_mask = tcpmask;
433 else if (unformat (i, "proto %d", &proto))
435 vec_validate_acl_rules(rules, rule_idx);
436 rules[rule_idx].proto = proto;
438 else if (unformat (i, "tag %s", &tag))
441 else if (unformat (i, ","))
444 vec_validate_acl_rules(rules, rule_idx);
450 /* Construct the API message */
451 vam->result_ready = 0;
454 n_rules = vec_len(rules);
458 msg_size += n_rules*sizeof(rules[0]);
460 mp = vl_msg_api_alloc_as_if_client(msg_size);
461 memset (mp, 0, msg_size);
462 mp->_vl_msg_id = ntohs (VL_API_ACL_ADD_REPLACE + sm->msg_id_base);
463 mp->client_index = vam->my_client_index;
465 clib_memcpy(mp->r, rules, n_rules*sizeof (vl_api_acl_rule_t));
468 if (vec_len(tag) >= sizeof(mp->tag))
470 tag[sizeof(mp->tag)-1] = 0;
471 _vec_len(tag) = sizeof(mp->tag);
473 clib_memcpy(mp->tag, tag, vec_len(tag));
476 mp->acl_index = ntohl(acl_index);
477 mp->count = htonl(n_rules);
482 /* Wait for a reply... */
486 static int api_acl_del (vat_main_t * vam)
488 unformat_input_t * i = vam->input;
490 vl_api_acl_del_t * mp;
493 if (!unformat (i, "%d", &acl_index)) {
494 errmsg ("missing acl index\n");
498 /* Construct the API message */
500 mp->acl_index = ntohl(acl_index);
505 /* Wait for a reply... */
509 static int api_macip_acl_del (vat_main_t * vam)
511 unformat_input_t * i = vam->input;
513 vl_api_acl_del_t * mp;
516 if (!unformat (i, "%d", &acl_index)) {
517 errmsg ("missing acl index\n");
521 /* Construct the API message */
522 M(MACIP_ACL_DEL, acl_del);
523 mp->acl_index = ntohl(acl_index);
528 /* Wait for a reply... */
532 static int api_acl_interface_add_del (vat_main_t * vam)
534 unformat_input_t * i = vam->input;
536 vl_api_acl_interface_add_del_t * mp;
537 u32 sw_if_index = ~0;
542 // acl_interface_add_del <intfc> | sw_if_index <if-idx> acl_index <acl-idx> [out] [del]
544 while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
546 if (unformat (i, "%d", &acl_index))
553 /* Parse args required to build the message */
554 while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT) {
555 if (unformat (i, "%U", unformat_sw_if_index, vam, &sw_if_index))
557 else if (unformat (i, "sw_if_index %d", &sw_if_index))
559 else if (unformat (i, "add"))
561 else if (unformat (i, "del"))
563 else if (unformat (i, "acl %d", &acl_index))
565 else if (unformat (i, "input"))
567 else if (unformat (i, "output"))
573 if (sw_if_index == ~0) {
574 errmsg ("missing interface name / explicit sw_if_index number \n");
578 if (acl_index == ~0) {
579 errmsg ("missing ACL index\n");
585 /* Construct the API message */
586 M(ACL_INTERFACE_ADD_DEL, acl_interface_add_del);
587 mp->acl_index = ntohl(acl_index);
588 mp->sw_if_index = ntohl(sw_if_index);
590 mp->is_input = is_input;
595 /* Wait for a reply... */
599 static int api_macip_acl_interface_add_del (vat_main_t * vam)
601 unformat_input_t * i = vam->input;
603 vl_api_macip_acl_interface_add_del_t * mp;
604 u32 sw_if_index = ~0;
608 /* Parse args required to build the message */
609 while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT) {
610 if (unformat (i, "%U", unformat_sw_if_index, vam, &sw_if_index))
612 else if (unformat (i, "sw_if_index %d", &sw_if_index))
614 else if (unformat (i, "add"))
616 else if (unformat (i, "del"))
618 else if (unformat (i, "acl %d", &acl_index))
624 if (sw_if_index == ~0) {
625 errmsg ("missing interface name / explicit sw_if_index number \n");
629 if (acl_index == ~0) {
630 errmsg ("missing ACL index\n");
636 /* Construct the API message */
637 M(MACIP_ACL_INTERFACE_ADD_DEL, macip_acl_interface_add_del);
638 mp->acl_index = ntohl(acl_index);
639 mp->sw_if_index = ntohl(sw_if_index);
645 /* Wait for a reply... */
649 static int api_acl_interface_set_acl_list (vat_main_t * vam)
651 unformat_input_t * i = vam->input;
653 vl_api_acl_interface_set_acl_list_t * mp;
654 u32 sw_if_index = ~0;
660 // acl_interface_set_acl_list <intfc> | sw_if_index <if-idx> input [acl-idx list] output [acl-idx list]
662 /* Parse args required to build the message */
663 while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT) {
664 if (unformat (i, "%U", unformat_sw_if_index, vam, &sw_if_index))
666 else if (unformat (i, "sw_if_index %d", &sw_if_index))
668 else if (unformat (i, "%d", &acl_index))
671 vec_add1(inacls, htonl(acl_index));
673 vec_add1(outacls, htonl(acl_index));
675 else if (unformat (i, "acl %d", &acl_index))
677 else if (unformat (i, "input"))
679 else if (unformat (i, "output"))
685 if (sw_if_index == ~0) {
686 errmsg ("missing interface name / explicit sw_if_index number \n");
690 /* Construct the API message */
691 M2(ACL_INTERFACE_SET_ACL_LIST, acl_interface_set_acl_list, sizeof(u32) * (vec_len(inacls) + vec_len(outacls)));
692 mp->sw_if_index = ntohl(sw_if_index);
693 mp->n_input = vec_len(inacls);
694 mp->count = vec_len(inacls) + vec_len(outacls);
695 vec_append(inacls, outacls);
696 if (vec_len(inacls) > 0)
697 clib_memcpy(mp->acls, inacls, vec_len(inacls)*sizeof(u32));
702 /* Wait for a reply... */
707 static int api_acl_interface_list_dump (vat_main_t * vam)
709 unformat_input_t * i = vam->input;
711 u32 sw_if_index = ~0;
712 vl_api_acl_interface_list_dump_t * mp;
714 /* Parse args required to build the message */
715 while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT) {
716 if (unformat (i, "%U", unformat_sw_if_index, vam, &sw_if_index))
718 else if (unformat (i, "sw_if_index %d", &sw_if_index))
724 /* Construct the API message */
725 M(ACL_INTERFACE_LIST_DUMP, acl_interface_list_dump);
726 mp->sw_if_index = ntohl (sw_if_index);
731 /* Wait for a reply... */
735 static int api_acl_dump (vat_main_t * vam)
737 unformat_input_t * i = vam->input;
740 vl_api_acl_dump_t * mp;
742 /* Parse args required to build the message */
743 while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT) {
744 if (unformat (i, "%d", &acl_index))
750 /* Construct the API message */
751 M(ACL_DUMP, acl_dump);
752 mp->acl_index = ntohl (acl_index);
757 /* Wait for a reply... */
761 static int api_macip_acl_dump (vat_main_t * vam)
763 unformat_input_t * i = vam->input;
766 vl_api_acl_dump_t * mp;
768 /* Parse args required to build the message */
769 while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT) {
770 if (unformat (i, "%d", &acl_index))
776 /* Construct the API message */
777 M(MACIP_ACL_DUMP, macip_acl_dump);
778 mp->acl_index = ntohl (acl_index);
783 /* Wait for a reply... */
787 #define vec_validate_macip_acl_rules(v, idx) \
789 if (vec_len(v) < idx+1) { \
790 vec_validate(v, idx); \
791 v[idx].is_permit = 0x1; \
796 static int api_macip_acl_add (vat_main_t * vam)
798 acl_test_main_t * sm = &acl_test_main;
799 unformat_input_t * i = vam->input;
801 vl_api_macip_acl_add_t * mp;
802 u32 msg_size = sizeof (*mp); /* without the rules */
804 vl_api_macip_acl_rule_t *rules = 0;
807 u32 src_prefix_length = 0;
809 ip4_address_t src_v4address;
810 ip6_address_t src_v6address;
813 u8 mac_mask_all_1[6] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
815 while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
817 if (unformat (i, "ipv6"))
819 vec_validate_macip_acl_rules(rules, rule_idx);
820 rules[rule_idx].is_ipv6 = 1;
822 else if (unformat (i, "ipv4"))
824 vec_validate_macip_acl_rules(rules, rule_idx);
825 rules[rule_idx].is_ipv6 = 1;
827 else if (unformat (i, "permit"))
829 vec_validate_macip_acl_rules(rules, rule_idx);
830 rules[rule_idx].is_permit = 1;
832 else if (unformat (i, "deny"))
834 vec_validate_macip_acl_rules(rules, rule_idx);
835 rules[rule_idx].is_permit = 0;
837 else if (unformat (i, "action %d", &action))
839 vec_validate_macip_acl_rules(rules, rule_idx);
840 rules[rule_idx].is_permit = action;
842 else if (unformat (i, "ip %U/%d",
843 unformat_ip4_address, &src_v4address, &src_prefix_length))
845 vec_validate_macip_acl_rules(rules, rule_idx);
846 memcpy (rules[rule_idx].src_ip_addr, &src_v4address, 4);
847 rules[rule_idx].src_ip_prefix_len = src_prefix_length;
848 rules[rule_idx].is_ipv6 = 0;
850 else if (unformat (i, "ip %U/%d",
851 unformat_ip6_address, &src_v6address, &src_prefix_length))
853 vec_validate_macip_acl_rules(rules, rule_idx);
854 memcpy (rules[rule_idx].src_ip_addr, &src_v6address, 16);
855 rules[rule_idx].src_ip_prefix_len = src_prefix_length;
856 rules[rule_idx].is_ipv6 = 1;
858 else if (unformat (i, "mac %U",
859 my_unformat_mac_address, &src_mac))
861 vec_validate_macip_acl_rules(rules, rule_idx);
862 memcpy (rules[rule_idx].src_mac, &src_mac, 6);
863 memcpy (rules[rule_idx].src_mac_mask, &mac_mask_all_1, 6);
865 else if (unformat (i, "mask %U",
866 my_unformat_mac_address, &src_mac))
868 vec_validate_macip_acl_rules(rules, rule_idx);
869 memcpy (rules[rule_idx].src_mac_mask, &src_mac, 6);
871 else if (unformat (i, "tag %s", &tag))
874 else if (unformat (i, ","))
877 vec_validate_macip_acl_rules(rules, rule_idx);
883 /* Construct the API message */
884 vam->result_ready = 0;
887 n_rules = vec_len(rules);
891 msg_size += n_rules*sizeof(rules[0]);
893 mp = vl_msg_api_alloc_as_if_client(msg_size);
894 memset (mp, 0, msg_size);
895 mp->_vl_msg_id = ntohs (VL_API_MACIP_ACL_ADD + sm->msg_id_base);
896 mp->client_index = vam->my_client_index;
898 clib_memcpy(mp->r, rules, n_rules*sizeof (mp->r[0]));
901 if (vec_len(tag) >= sizeof(mp->tag))
903 tag[sizeof(mp->tag)-1] = 0;
904 _vec_len(tag) = sizeof(mp->tag);
906 clib_memcpy(mp->tag, tag, vec_len(tag));
910 mp->count = htonl(n_rules);
915 /* Wait for a reply... */
920 * List of messages that the api test plugin sends,
921 * and that the data plane plugin processes
923 #define foreach_vpe_api_msg \
924 _(acl_plugin_get_version, "") \
925 _(acl_add_replace, "<acl-idx> [<ipv4|ipv6> <permit|permit+reflect|deny|action N> [src IP/plen] [dst IP/plen] [sport X-Y] [dport X-Y] [proto P] [tcpflags FL MASK], ... , ...") \
926 _(acl_del, "<acl-idx>") \
927 _(acl_dump, "[<acl-idx>]") \
928 _(acl_interface_add_del, "<intfc> | sw_if_index <if-idx> [add|del] [input|output] acl <acl-idx>") \
929 _(acl_interface_set_acl_list, "<intfc> | sw_if_index <if-idx> input [acl-idx list] output [acl-idx list]") \
930 _(acl_interface_list_dump, "[<intfc> | sw_if_index <if-idx>]") \
931 _(macip_acl_add, "...") \
932 _(macip_acl_del, "<acl-idx>")\
933 _(macip_acl_dump, "[<acl-idx>]") \
934 _(macip_acl_interface_add_del, "<intfc> | sw_if_index <if-idx> [add|del] acl <acl-idx>") \
935 _(macip_acl_interface_get, "")
939 void acl_vat_api_hookup (vat_main_t *vam)
941 acl_test_main_t * sm = &acl_test_main;
942 /* Hook up handlers for replies from the data plane plug-in */
944 vl_msg_api_set_handlers((VL_API_##N + sm->msg_id_base), \
946 vl_api_##n##_t_handler, \
948 vl_api_##n##_t_endian, \
949 vl_api_##n##_t_print, \
950 sizeof(vl_api_##n##_t), 1);
951 foreach_vpe_api_reply_msg;
954 /* API messages we can send */
955 #define _(n,h) hash_set_mem (vam->function_by_name, #n, api_##n);
960 #define _(n,h) hash_set_mem (vam->help_by_name, #n, h);
965 clib_error_t * vat_plugin_register (vat_main_t *vam)
967 acl_test_main_t * sm = &acl_test_main;
972 name = format (0, "acl_%08x%c", api_version, 0);
973 sm->msg_id_base = vl_client_get_first_plugin_msg_id ((char *) name);
975 if (sm->msg_id_base != (u16) ~0)
976 acl_vat_api_hookup (vam);
Code Review / vpp.git / blob