#include <vat/vat.h>
#include <vlibapi/api.h>
#include <vlibmemory/api.h>
-#include <vlibsocket/api.h>
#include <vppinfra/error.h>
#include <vnet/ip/ip.h>
#include <arpa/inet.h>
_(acl_interface_add_del_reply) \
_(macip_acl_interface_add_del_reply) \
_(acl_interface_set_acl_list_reply) \
+_(acl_interface_set_etype_whitelist_reply) \
_(macip_acl_del_reply)
#define foreach_reply_retval_aclindex_handler \
_(acl_add_replace_reply) \
-_(macip_acl_add_reply)
+_(macip_acl_add_reply) \
+_(macip_acl_add_replace_reply)
#define _(n) \
static void vl_api_##n##_t_handler \
out = format(out, "sw_if_index: %d, count: %d, n_input: %d\n", mp->sw_if_index, mp->count, mp->n_input);
out = format(out, " input ");
for(i=0; i<mp->count; i++) {
- out = format(out, "%d ", mp->acls[i]);
- if (i == mp->n_input-1)
+ if (i == mp->n_input)
out = format(out, "\n output ");
+ out = format(out, "%d ", ntohl (mp->acls[i]));
}
out = format(out, "\n");
clib_warning("%s", out);
vam->result_ready = 1;
}
+static void vl_api_acl_interface_etype_whitelist_details_t_handler
+ (vl_api_acl_interface_etype_whitelist_details_t * mp)
+ {
+ int i;
+ vat_main_t * vam = acl_test_main.vat_main;
+ u8 *out = 0;
+ vl_api_acl_interface_etype_whitelist_details_t_endian(mp);
+ out = format(out, "sw_if_index: %d, count: %d, n_input: %d\n", mp->sw_if_index, mp->count, mp->n_input);
+ out = format(out, " input ");
+ for(i=0; i<mp->count; i++) {
+ if (i == mp->n_input)
+ out = format(out, "\n output ");
+ out = format(out, "%04x ", mp->whitelist[i]);
+ }
+ out = format(out, "\n");
+ clib_warning("%s", out);
+ vec_free(out);
+ vam->result_ready = 1;
+ }
+
+
static inline u8 *
vl_api_acl_rule_t_pretty_format (u8 *out, vl_api_acl_rule_t * a)
inet_ntop(af, a->src_ip_addr, (void *)src, sizeof(src));
inet_ntop(af, a->dst_ip_addr, (void *)dst, sizeof(dst));
- out = format(out, "%s action %d src %s/%d dst %s/%d proto %d sport %d-%d dport %d-%d tcpflags %d %d",
+ out = format(out, "%s action %d src %s/%d dst %s/%d proto %d sport %d-%d dport %d-%d tcpflags %d mask %d",
a->is_ipv6 ? "ipv6" : "ipv4", a->is_permit,
src, a->src_ip_prefix_len,
dst, a->dst_ip_prefix_len,
a->proto,
a->srcport_or_icmptype_first, a->srcport_or_icmptype_last,
a->dstport_or_icmpcode_first, a->dstport_or_icmpcode_last,
- a->tcp_flags_mask, a->tcp_flags_value);
+ a->tcp_flags_value, a->tcp_flags_mask);
return(out);
}
vam->result_ready = 1;
}
+static void vl_api_acl_plugin_control_ping_reply_t_handler
+ (vl_api_acl_plugin_control_ping_reply_t * mp)
+{
+ vat_main_t *vam = &vat_main;
+ i32 retval = ntohl (mp->retval);
+ if (vam->async_mode)
+ {
+ vam->async_errors += (retval < 0);
+ }
+ else
+ {
+ vam->retval = retval;
+ vam->result_ready = 1;
+ }
+}
+
/*
* Table of message reply handlers, must include boilerplate handlers
_(ACL_DEL_REPLY, acl_del_reply) \
_(ACL_INTERFACE_ADD_DEL_REPLY, acl_interface_add_del_reply) \
_(ACL_INTERFACE_SET_ACL_LIST_REPLY, acl_interface_set_acl_list_reply) \
+_(ACL_INTERFACE_SET_ETYPE_WHITELIST_REPLY, acl_interface_set_etype_whitelist_reply) \
+_(ACL_INTERFACE_ETYPE_WHITELIST_DETAILS, acl_interface_etype_whitelist_details) \
_(ACL_INTERFACE_LIST_DETAILS, acl_interface_list_details) \
_(ACL_DETAILS, acl_details) \
_(MACIP_ACL_ADD_REPLY, macip_acl_add_reply) \
+_(MACIP_ACL_ADD_REPLACE_REPLY, macip_acl_add_replace_reply) \
_(MACIP_ACL_DEL_REPLY, macip_acl_del_reply) \
_(MACIP_ACL_DETAILS, macip_acl_details) \
_(MACIP_ACL_INTERFACE_ADD_DEL_REPLY, macip_acl_interface_add_del_reply) \
_(MACIP_ACL_INTERFACE_GET_REPLY, macip_acl_interface_get_reply) \
+_(ACL_PLUGIN_CONTROL_PING_REPLY, acl_plugin_control_ping_reply) \
_(ACL_PLUGIN_GET_VERSION_REPLY, acl_plugin_get_version_reply)
static int api_acl_plugin_get_version (vat_main_t * vam)
acl_test_main_t * sm = &acl_test_main;
vl_api_acl_plugin_get_version_t * mp;
u32 msg_size = sizeof(*mp);
- f64 timeout;
+ int ret;
vam->result_ready = 0;
mp = vl_msg_api_alloc_as_if_client(msg_size);
mp->client_index = vam->my_client_index;
/* send it... */
- S;
+ S(mp);
/* Wait for a reply... */
- W;
-
- return 0;
+ W (ret);
+ return ret;
}
static int api_macip_acl_interface_get (vat_main_t * vam)
acl_test_main_t * sm = &acl_test_main;
vl_api_acl_plugin_get_version_t * mp;
u32 msg_size = sizeof(*mp);
- f64 timeout;
+ int ret;
vam->result_ready = 0;
mp = vl_msg_api_alloc_as_if_client(msg_size);
mp->client_index = vam->my_client_index;
/* send it... */
- S;
+ S(mp);
/* Wait for a reply... */
- W;
-
- return 0;
+ W (ret);
+ return ret;
}
#define vec_validate_acl_rules(v, idx) \
{
acl_test_main_t * sm = &acl_test_main;
unformat_input_t * i = vam->input;
- f64 timeout;
vl_api_acl_add_replace_t * mp;
u32 acl_index = ~0;
u32 msg_size = sizeof (*mp); /* without the rules */
vl_api_acl_rule_t *rules = 0;
int rule_idx = 0;
int n_rules = 0;
+ int n_rules_override = -1;
u32 proto = 0;
u32 port1 = 0;
u32 port2 = 0;
ip4_address_t src_v4address, dst_v4address;
ip6_address_t src_v6address, dst_v6address;
u8 *tag = 0;
+ int ret;
if (!unformat (i, "%d", &acl_index)) {
/* Just assume -1 */
vec_validate_acl_rules(rules, rule_idx);
rules[rule_idx].is_permit = 1;
}
+ else if (unformat (i, "deny"))
+ {
+ vec_validate_acl_rules(rules, rule_idx);
+ rules[rule_idx].is_permit = 0;
+ }
+ else if (unformat (i, "count %d", &n_rules_override))
+ {
+ /* we will use this later */
+ }
else if (unformat (i, "action %d", &action))
{
vec_validate_acl_rules(rules, rule_idx);
rules[rule_idx].tcp_flags_value = tcpflags;
rules[rule_idx].tcp_flags_mask = tcpmask;
}
+ else if (unformat (i, "tcpflags %d mask %d", &tcpflags, &tcpmask))
+ {
+ vec_validate_acl_rules(rules, rule_idx);
+ rules[rule_idx].tcp_flags_value = tcpflags;
+ rules[rule_idx].tcp_flags_mask = tcpmask;
+ }
else if (unformat (i, "proto %d", &proto))
{
vec_validate_acl_rules(rules, rule_idx);
else
n_rules = 0;
+ if (n_rules_override >= 0)
+ n_rules = n_rules_override;
+
msg_size += n_rules*sizeof(rules[0]);
mp = vl_msg_api_alloc_as_if_client(msg_size);
memset (mp, 0, msg_size);
mp->_vl_msg_id = ntohs (VL_API_ACL_ADD_REPLACE + sm->msg_id_base);
mp->client_index = vam->my_client_index;
- if (n_rules > 0)
+ if ((n_rules > 0) && rules)
clib_memcpy(mp->r, rules, n_rules*sizeof (vl_api_acl_rule_t));
if (tag)
{
mp->count = htonl(n_rules);
/* send it... */
- S;
+ S(mp);
/* Wait for a reply... */
- W;
+ W (ret);
+ return ret;
}
static int api_acl_del (vat_main_t * vam)
{
unformat_input_t * i = vam->input;
- f64 timeout;
vl_api_acl_del_t * mp;
u32 acl_index = ~0;
+ int ret;
if (!unformat (i, "%d", &acl_index)) {
errmsg ("missing acl index\n");
}
/* Construct the API message */
- M(ACL_DEL, acl_del);
+ M(ACL_DEL, mp);
mp->acl_index = ntohl(acl_index);
/* send it... */
- S;
+ S(mp);
/* Wait for a reply... */
- W;
+ W (ret);
+ return ret;
}
static int api_macip_acl_del (vat_main_t * vam)
{
unformat_input_t * i = vam->input;
- f64 timeout;
vl_api_acl_del_t * mp;
u32 acl_index = ~0;
+ int ret;
if (!unformat (i, "%d", &acl_index)) {
errmsg ("missing acl index\n");
}
/* Construct the API message */
- M(MACIP_ACL_DEL, acl_del);
+ M(MACIP_ACL_DEL, mp);
mp->acl_index = ntohl(acl_index);
/* send it... */
- S;
+ S(mp);
/* Wait for a reply... */
- W;
+ W (ret);
+ return ret;
}
static int api_acl_interface_add_del (vat_main_t * vam)
{
unformat_input_t * i = vam->input;
- f64 timeout;
vl_api_acl_interface_add_del_t * mp;
u32 sw_if_index = ~0;
u32 acl_index = ~0;
u8 is_input = 0;
u8 is_add = 0;
+ int ret;
// acl_interface_add_del <intfc> | sw_if_index <if-idx> acl_index <acl-idx> [out] [del]
/* Construct the API message */
- M(ACL_INTERFACE_ADD_DEL, acl_interface_add_del);
+ M(ACL_INTERFACE_ADD_DEL, mp);
mp->acl_index = ntohl(acl_index);
mp->sw_if_index = ntohl(sw_if_index);
mp->is_add = is_add;
mp->is_input = is_input;
/* send it... */
- S;
+ S(mp);
/* Wait for a reply... */
- W;
+ W (ret);
+ return ret;
}
static int api_macip_acl_interface_add_del (vat_main_t * vam)
{
unformat_input_t * i = vam->input;
- f64 timeout;
vl_api_macip_acl_interface_add_del_t * mp;
u32 sw_if_index = ~0;
u32 acl_index = ~0;
u8 is_add = 0;
+ int ret;
/* Parse args required to build the message */
while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT) {
/* Construct the API message */
- M(MACIP_ACL_INTERFACE_ADD_DEL, macip_acl_interface_add_del);
+ M(MACIP_ACL_INTERFACE_ADD_DEL, mp);
mp->acl_index = ntohl(acl_index);
mp->sw_if_index = ntohl(sw_if_index);
mp->is_add = is_add;
/* send it... */
- S;
+ S(mp);
/* Wait for a reply... */
- W;
+ W (ret);
+ return ret;
}
static int api_acl_interface_set_acl_list (vat_main_t * vam)
{
unformat_input_t * i = vam->input;
- f64 timeout;
vl_api_acl_interface_set_acl_list_t * mp;
u32 sw_if_index = ~0;
u32 acl_index = ~0;
u32 *inacls = 0;
u32 *outacls = 0;
u8 is_input = 0;
+ int ret;
// acl_interface_set_acl_list <intfc> | sw_if_index <if-idx> input [acl-idx list] output [acl-idx list]
}
/* Construct the API message */
- M2(ACL_INTERFACE_SET_ACL_LIST, acl_interface_set_acl_list, sizeof(u32) * (vec_len(inacls) + vec_len(outacls)));
+ M2(ACL_INTERFACE_SET_ACL_LIST, mp, sizeof(u32) * (vec_len(inacls) + vec_len(outacls)));
mp->sw_if_index = ntohl(sw_if_index);
mp->n_input = vec_len(inacls);
mp->count = vec_len(inacls) + vec_len(outacls);
clib_memcpy(mp->acls, inacls, vec_len(inacls)*sizeof(u32));
/* send it... */
- S;
+ S(mp);
/* Wait for a reply... */
- W;
+ W (ret);
+ return ret;
+}
+
+static int api_acl_interface_set_etype_whitelist (vat_main_t * vam)
+{
+ unformat_input_t * i = vam->input;
+ vl_api_acl_interface_set_etype_whitelist_t * mp;
+ u32 sw_if_index = ~0;
+ u32 ethertype = ~0;
+ u16 *etypes_in = 0;
+ u16 *etypes_out = 0;
+ u8 is_input = 1;
+ int ret;
+
+// acl_interface_set_etype_whitelist <intfc> | sw_if_index <if-idx> input [ethertype list] output [ethertype list]
+
+ /* Parse args required to build the message */
+ while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT) {
+ if (unformat (i, "%U", unformat_sw_if_index, vam, &sw_if_index))
+ ;
+ else if (unformat (i, "sw_if_index %d", &sw_if_index))
+ ;
+ else if (unformat (i, "%x", ðertype))
+ {
+ ethertype = ethertype & 0xffff;
+ if(is_input)
+ vec_add1(etypes_in, htons(ethertype));
+ else
+ vec_add1(etypes_out, htons(ethertype));
+ }
+ else if (unformat (i, "input"))
+ is_input = 1;
+ else if (unformat (i, "output"))
+ is_input = 0;
+ else
+ break;
+ }
+
+ if (sw_if_index == ~0) {
+ errmsg ("missing interface name / explicit sw_if_index number \n");
+ return -99;
+ }
+
+ /* Construct the API message */
+ M2(ACL_INTERFACE_SET_ETYPE_WHITELIST, mp, sizeof(u32) * (vec_len(etypes_in) + vec_len(etypes_out)));
+ mp->sw_if_index = ntohl(sw_if_index);
+ mp->n_input = vec_len(etypes_in);
+ mp->count = vec_len(etypes_in) + vec_len(etypes_out);
+ vec_append(etypes_in, etypes_out);
+ if (vec_len(etypes_in) > 0)
+ clib_memcpy(mp->whitelist, etypes_in, vec_len(etypes_in)*sizeof(etypes_in[0]));
+
+ /* send it... */
+ S(mp);
+
+ /* Wait for a reply... */
+ W (ret);
+ return ret;
+}
+
+static void
+api_acl_send_control_ping(vat_main_t *vam)
+{
+ vl_api_acl_plugin_control_ping_t *mp_ping;
+
+ M(ACL_PLUGIN_CONTROL_PING, mp_ping);
+ S(mp_ping);
}
static int api_acl_interface_list_dump (vat_main_t * vam)
{
unformat_input_t * i = vam->input;
- f64 timeout;
u32 sw_if_index = ~0;
vl_api_acl_interface_list_dump_t * mp;
+ int ret;
/* Parse args required to build the message */
while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT) {
}
/* Construct the API message */
- M(ACL_INTERFACE_LIST_DUMP, acl_interface_list_dump);
+ M(ACL_INTERFACE_LIST_DUMP, mp);
mp->sw_if_index = ntohl (sw_if_index);
/* send it... */
- S;
+ S(mp);
+
+ /* Use control ping for synchronization */
+ api_acl_send_control_ping(vam);
/* Wait for a reply... */
- W;
+ W (ret);
+ return ret;
}
static int api_acl_dump (vat_main_t * vam)
{
unformat_input_t * i = vam->input;
- f64 timeout;
u32 acl_index = ~0;
vl_api_acl_dump_t * mp;
+ int ret;
/* Parse args required to build the message */
while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT) {
}
/* Construct the API message */
- M(ACL_DUMP, acl_dump);
+ M(ACL_DUMP, mp);
mp->acl_index = ntohl (acl_index);
/* send it... */
- S;
+ S(mp);
+
+ /* Use control ping for synchronization */
+ api_acl_send_control_ping(vam);
/* Wait for a reply... */
- W;
+ W (ret);
+ return ret;
}
static int api_macip_acl_dump (vat_main_t * vam)
{
unformat_input_t * i = vam->input;
- f64 timeout;
u32 acl_index = ~0;
vl_api_acl_dump_t * mp;
+ int ret;
/* Parse args required to build the message */
while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT) {
}
/* Construct the API message */
- M(MACIP_ACL_DUMP, macip_acl_dump);
+ M(MACIP_ACL_DUMP, mp);
mp->acl_index = ntohl (acl_index);
/* send it... */
- S;
+ S(mp);
+
+ /* Use control ping for synchronization */
+ api_acl_send_control_ping(vam);
+
+ /* Wait for a reply... */
+ W (ret);
+ return ret;
+}
+
+static int api_acl_interface_etype_whitelist_dump (vat_main_t * vam)
+{
+ unformat_input_t * i = vam->input;
+ u32 sw_if_index = ~0;
+ vl_api_acl_interface_etype_whitelist_dump_t * mp;
+ int ret;
+
+ /* Parse args required to build the message */
+ while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT) {
+ if (unformat (i, "%U", unformat_sw_if_index, vam, &sw_if_index))
+ ;
+ else if (unformat (i, "sw_if_index %d", &sw_if_index))
+ ;
+ else
+ break;
+ }
+
+ /* Construct the API message */
+ M(ACL_INTERFACE_ETYPE_WHITELIST_DUMP, mp);
+ mp->sw_if_index = ntohl (sw_if_index);
+
+ /* send it... */
+ S(mp);
+
+ /* Use control ping for synchronization */
+ api_acl_send_control_ping(vam);
/* Wait for a reply... */
- W;
+ W (ret);
+ return ret;
}
+
#define vec_validate_macip_acl_rules(v, idx) \
do { \
if (vec_len(v) < idx+1) { \
{
acl_test_main_t * sm = &acl_test_main;
unformat_input_t * i = vam->input;
- f64 timeout;
vl_api_macip_acl_add_t * mp;
u32 msg_size = sizeof (*mp); /* without the rules */
vl_api_macip_acl_rule_t *rules = 0;
int rule_idx = 0;
int n_rules = 0;
+ int n_rules_override = -1;
u32 src_prefix_length = 0;
u32 action = 0;
ip4_address_t src_v4address;
u8 src_mac[6];
u8 *tag = 0;
u8 mac_mask_all_1[6] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
+ int ret;
while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
{
else if (unformat (i, "ipv4"))
{
vec_validate_macip_acl_rules(rules, rule_idx);
- rules[rule_idx].is_ipv6 = 1;
+ rules[rule_idx].is_ipv6 = 0;
}
else if (unformat (i, "permit"))
{
vec_validate_macip_acl_rules(rules, rule_idx);
rules[rule_idx].is_permit = 0;
}
+ else if (unformat (i, "count %d", &n_rules_override))
+ {
+ /* we will use this later */
+ }
else if (unformat (i, "action %d", &action))
{
vec_validate_macip_acl_rules(rules, rule_idx);
rules[rule_idx].is_permit = action;
}
else if (unformat (i, "ip %U/%d",
- unformat_ip4_address, &src_v4address, &src_prefix_length))
+ unformat_ip4_address, &src_v4address, &src_prefix_length) ||
+ unformat (i, "ip %U",
+ unformat_ip4_address, &src_v4address))
{
+ if (src_prefix_length == 0)
+ src_prefix_length = 32;
vec_validate_macip_acl_rules(rules, rule_idx);
memcpy (rules[rule_idx].src_ip_addr, &src_v4address, 4);
rules[rule_idx].src_ip_prefix_len = src_prefix_length;
rules[rule_idx].is_ipv6 = 0;
}
+ else if (unformat (i, "src"))
+ {
+ /* Everything in MACIP is "source" but allow this verbosity */
+ }
else if (unformat (i, "ip %U/%d",
- unformat_ip6_address, &src_v6address, &src_prefix_length))
+ unformat_ip6_address, &src_v6address, &src_prefix_length) ||
+ unformat (i, "ip %U",
+ unformat_ip6_address, &src_v6address))
{
+ if (src_prefix_length == 0)
+ src_prefix_length = 128;
vec_validate_macip_acl_rules(rules, rule_idx);
memcpy (rules[rule_idx].src_ip_addr, &src_v6address, 16);
rules[rule_idx].src_ip_prefix_len = src_prefix_length;
if(rules)
n_rules = vec_len(rules);
- else
- n_rules = 0;
+
+ if (n_rules_override >= 0)
+ n_rules = n_rules_override;
msg_size += n_rules*sizeof(rules[0]);
memset (mp, 0, msg_size);
mp->_vl_msg_id = ntohs (VL_API_MACIP_ACL_ADD + sm->msg_id_base);
mp->client_index = vam->my_client_index;
- if (n_rules > 0)
+ if ((n_rules > 0) && rules)
clib_memcpy(mp->r, rules, n_rules*sizeof (mp->r[0]));
if (tag)
{
mp->count = htonl(n_rules);
/* send it... */
- S;
+ S(mp);
+
+ /* Wait for a reply... */
+ W (ret);
+ return ret;
+}
+
+static int api_macip_acl_add_replace (vat_main_t * vam)
+{
+ acl_test_main_t * sm = &acl_test_main;
+ unformat_input_t * i = vam->input;
+ vl_api_macip_acl_add_replace_t * mp;
+ u32 acl_index = ~0;
+ u32 msg_size = sizeof (*mp); /* without the rules */
+
+ vl_api_macip_acl_rule_t *rules = 0;
+ int rule_idx = 0;
+ int n_rules = 0;
+ int n_rules_override = -1;
+ u32 src_prefix_length = 0;
+ u32 action = 0;
+ ip4_address_t src_v4address;
+ ip6_address_t src_v6address;
+ u8 src_mac[6];
+ u8 *tag = 0;
+ u8 mac_mask_all_1[6] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
+ int ret;
+
+ if (!unformat (i, "%d", &acl_index)) {
+ /* Just assume -1 */
+ }
+
+ while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
+ {
+ if (unformat (i, "ipv6"))
+ {
+ vec_validate_macip_acl_rules(rules, rule_idx);
+ rules[rule_idx].is_ipv6 = 1;
+ }
+ else if (unformat (i, "ipv4"))
+ {
+ vec_validate_macip_acl_rules(rules, rule_idx);
+ rules[rule_idx].is_ipv6 = 0;
+ }
+ else if (unformat (i, "permit"))
+ {
+ vec_validate_macip_acl_rules(rules, rule_idx);
+ rules[rule_idx].is_permit = 1;
+ }
+ else if (unformat (i, "deny"))
+ {
+ vec_validate_macip_acl_rules(rules, rule_idx);
+ rules[rule_idx].is_permit = 0;
+ }
+ else if (unformat (i, "count %d", &n_rules_override))
+ {
+ /* we will use this later */
+ }
+ else if (unformat (i, "action %d", &action))
+ {
+ vec_validate_macip_acl_rules(rules, rule_idx);
+ rules[rule_idx].is_permit = action;
+ }
+ else if (unformat (i, "ip %U/%d",
+ unformat_ip4_address, &src_v4address, &src_prefix_length) ||
+ unformat (i, "ip %U",
+ unformat_ip4_address, &src_v4address))
+ {
+ if (src_prefix_length == 0)
+ src_prefix_length = 32;
+ vec_validate_macip_acl_rules(rules, rule_idx);
+ memcpy (rules[rule_idx].src_ip_addr, &src_v4address, 4);
+ rules[rule_idx].src_ip_prefix_len = src_prefix_length;
+ rules[rule_idx].is_ipv6 = 0;
+ }
+ else if (unformat (i, "src"))
+ {
+ /* Everything in MACIP is "source" but allow this verbosity */
+ }
+ else if (unformat (i, "ip %U/%d",
+ unformat_ip6_address, &src_v6address, &src_prefix_length) ||
+ unformat (i, "ip %U",
+ unformat_ip6_address, &src_v6address))
+ {
+ if (src_prefix_length == 0)
+ src_prefix_length = 128;
+ vec_validate_macip_acl_rules(rules, rule_idx);
+ memcpy (rules[rule_idx].src_ip_addr, &src_v6address, 16);
+ rules[rule_idx].src_ip_prefix_len = src_prefix_length;
+ rules[rule_idx].is_ipv6 = 1;
+ }
+ else if (unformat (i, "mac %U",
+ my_unformat_mac_address, &src_mac))
+ {
+ vec_validate_macip_acl_rules(rules, rule_idx);
+ memcpy (rules[rule_idx].src_mac, &src_mac, 6);
+ memcpy (rules[rule_idx].src_mac_mask, &mac_mask_all_1, 6);
+ }
+ else if (unformat (i, "mask %U",
+ my_unformat_mac_address, &src_mac))
+ {
+ vec_validate_macip_acl_rules(rules, rule_idx);
+ memcpy (rules[rule_idx].src_mac_mask, &src_mac, 6);
+ }
+ else if (unformat (i, "tag %s", &tag))
+ {
+ }
+ else if (unformat (i, ","))
+ {
+ rule_idx++;
+ vec_validate_macip_acl_rules(rules, rule_idx);
+ }
+ else
+ break;
+ }
+
+ if (!rules)
+ {
+ errmsg ("rule/s required\n");
+ return -99;
+ }
+ /* Construct the API message */
+ vam->result_ready = 0;
+
+ if(rules)
+ n_rules = vec_len(rules);
+
+ if (n_rules_override >= 0)
+ n_rules = n_rules_override;
+
+ msg_size += n_rules*sizeof(rules[0]);
+
+ mp = vl_msg_api_alloc_as_if_client(msg_size);
+ memset (mp, 0, msg_size);
+ mp->_vl_msg_id = ntohs (VL_API_MACIP_ACL_ADD_REPLACE + sm->msg_id_base);
+ mp->client_index = vam->my_client_index;
+ if ((n_rules > 0) && rules)
+ clib_memcpy(mp->r, rules, n_rules*sizeof (mp->r[0]));
+ if (tag)
+ {
+ if (vec_len(tag) >= sizeof(mp->tag))
+ {
+ tag[sizeof(mp->tag)-1] = 0;
+ _vec_len(tag) = sizeof(mp->tag);
+ }
+ clib_memcpy(mp->tag, tag, vec_len(tag));
+ vec_free(tag);
+ }
+
+ mp->acl_index = ntohl(acl_index);
+ mp->count = htonl(n_rules);
+
+ /* send it... */
+ S(mp);
/* Wait for a reply... */
- W;
+ W (ret);
+ return ret;
}
/*
_(acl_dump, "[<acl-idx>]") \
_(acl_interface_add_del, "<intfc> | sw_if_index <if-idx> [add|del] [input|output] acl <acl-idx>") \
_(acl_interface_set_acl_list, "<intfc> | sw_if_index <if-idx> input [acl-idx list] output [acl-idx list]") \
+_(acl_interface_set_etype_whitelist, "<intfc> | sw_if_index <if-idx> input [ethertype list] output [ethertype list]") \
+_(acl_interface_etype_whitelist_dump, "[<intfc> | sw_if_index <if-idx>]") \
_(acl_interface_list_dump, "[<intfc> | sw_if_index <if-idx>]") \
_(macip_acl_add, "...") \
+_(macip_acl_add_replace, "<acl-idx> [<ipv4|ipv6> <permit|deny|action N> [count <count>] [src] ip <ipaddress/[plen]> mac <mac> mask <mac_mask>, ... , ...") \
_(macip_acl_del, "<acl-idx>")\
_(macip_acl_dump, "[<acl-idx>]") \
_(macip_acl_interface_add_del, "<intfc> | sw_if_index <if-idx> [add|del] acl <acl-idx>") \
Code Review / vpp.git / blobdiff