+ if (unformat (input, "skip-ipv6-extension-header %u %u", &eh_val, &val))
+ {
+ if (!acl_set_skip_ipv6_eh (eh_val, val))
+ {
+ error = clib_error_return (0, "expecting eh=0..255, value=0..1");
+ }
+ goto done;
+ }
+ if (unformat (input, "use-hash-acl-matching %u", &val))
+ {
+ am->use_hash_acl_matching = (val != 0);
+ goto done;
+ }
+ if (unformat (input, "l4-match-nonfirst-fragment %u", &val))
+ {
+ am->l4_match_nonfirst_fragment = (val != 0);
+ goto done;
+ }
+ if (unformat (input, "reclassify-sessions %u", &val))
+ {
+ am->reclassify_sessions = (val != 0);
+ goto done;
+ }
+ if (unformat (input, "event-trace"))
+ {
+ if (!unformat (input, "%u", &val))
+ {
+ error = clib_error_return (0,
+ "expecting trace level, got `%U`",
+ format_unformat_error, input);
+ goto done;
+ }
+ else
+ {
+ am->trace_acl = val;
+ goto done;
+ }
+ }
+ if (unformat (input, "heap"))
+ {
+ if (unformat (input, "main"))
+ {
+ if (unformat (input, "validate %u", &val))
+ acl_plugin_acl_set_validate_heap (am, val);
+ else if (unformat (input, "trace %u", &val))
+ acl_plugin_acl_set_trace_heap (am, val);
+ goto done;
+ }
+ else if (unformat (input, "hash"))
+ {
+ if (unformat (input, "validate %u", &val))
+ acl_plugin_hash_acl_set_validate_heap (val);
+ else if (unformat (input, "trace %u", &val))
+ acl_plugin_hash_acl_set_trace_heap (val);
+ goto done;
+ }
+ goto done;
+ }
+ if (unformat (input, "session"))
+ {
+ if (unformat (input, "table"))
+ {
+ /* The commands here are for tuning/testing. No user-serviceable parts inside */
+ if (unformat (input, "max-entries"))
+ {
+ if (!unformat (input, "%u", &val))
+ {
+ error = clib_error_return (0,
+ "expecting maximum number of entries, got `%U`",
+ format_unformat_error, input);
+ goto done;
+ }
+ else
+ {
+ acl_set_session_max_entries (val);
+ goto done;
+ }
+ }
+ if (unformat (input, "hash-table-buckets"))
+ {
+ if (!unformat (input, "%u", &val))
+ {
+ error = clib_error_return (0,
+ "expecting maximum number of hash table buckets, got `%U`",
+ format_unformat_error, input);
+ goto done;
+ }
+ else
+ {
+ am->fa_conn_table_hash_num_buckets = val;
+ goto done;
+ }
+ }
+ if (unformat (input, "hash-table-memory"))
+ {
+ if (!unformat (input, "%U", unformat_memory_size, &memory_size))
+ {
+ error = clib_error_return (0,
+ "expecting maximum amount of hash table memory, got `%U`",
+ format_unformat_error, input);
+ goto done;
+ }
+ else
+ {
+ am->fa_conn_table_hash_memory_size = memory_size;
+ goto done;
+ }
+ }
+ if (unformat (input, "event-trace"))
+ {
+ if (!unformat (input, "%u", &val))
+ {
+ error = clib_error_return (0,
+ "expecting trace level, got `%U`",
+ format_unformat_error, input);
+ goto done;
+ }
+ else
+ {
+ am->trace_sessions = val;
+ goto done;
+ }
+ }
+ goto done;
+ }
+ if (unformat (input, "timeout"))
+ {
+ if (unformat (input, "udp"))
+ {
+ if (unformat (input, "idle"))
+ {
+ if (!unformat (input, "%u", &timeout))
+ {
+ error = clib_error_return (0,
+ "expecting timeout value in seconds, got `%U`",
+ format_unformat_error,
+ input);
+ goto done;
+ }
+ else
+ {
+ acl_set_timeout_sec (ACL_TIMEOUT_UDP_IDLE, timeout);
+ goto done;
+ }
+ }
+ }
+ if (unformat (input, "tcp"))
+ {
+ if (unformat (input, "idle"))
+ {
+ if (!unformat (input, "%u", &timeout))
+ {
+ error = clib_error_return (0,
+ "expecting timeout value in seconds, got `%U`",
+ format_unformat_error,
+ input);
+ goto done;
+ }
+ else
+ {
+ acl_set_timeout_sec (ACL_TIMEOUT_TCP_IDLE, timeout);
+ goto done;
+ }
+ }
+ if (unformat (input, "transient"))
+ {
+ if (!unformat (input, "%u", &timeout))
+ {
+ error = clib_error_return (0,
+ "expecting timeout value in seconds, got `%U`",
+ format_unformat_error,
+ input);
+ goto done;
+ }
+ else
+ {
+ acl_set_timeout_sec (ACL_TIMEOUT_TCP_TRANSIENT,
+ timeout);
+ goto done;
+ }
+ }
+ }
+ goto done;
+ }
+ }
+done:
+ return error;
+}