From 932f74196d9571fd007cef32c234bd00ab75975e Mon Sep 17 00:00:00 2001 From: Pavel Kotucek Date: Thu, 7 Sep 2017 14:44:52 +0200 Subject: ACL-plugin MACIP ACLs tests Change-Id: Ie40c837358454cfe9475cb2c14fdf20b24fa6602 Signed-off-by: Pavel Kotucek --- src/plugins/acl/acl.c | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) (limited to 'src/plugins/acl/acl.c') diff --git a/src/plugins/acl/acl.c b/src/plugins/acl/acl.c index 1ded1afa..bf484f6c 100644 --- a/src/plugins/acl/acl.c +++ b/src/plugins/acl/acl.c @@ -949,8 +949,22 @@ macip_find_match_type (macip_match_type_t * mv, u8 * mac_mask, u8 prefix_len, static int match_type_metric (macip_match_type_t * m) { - /* FIXME: count the ones in the MAC mask as well, check how well this heuristic works in real life */ - return m->prefix_len + m->is_ipv6 + 10 * m->count; + unsigned int mac_bits_set = 0; + unsigned int mac_byte; + int i; + for (i=0; i<6; i++) + { + mac_byte = m->mac_mask[i]; + for (; mac_byte; mac_byte >>= 1) + mac_bits_set += mac_byte & 1; + } + /* + * Attempt to place the more specific and the more used rules on top. + * There are obvious caveat corner cases to this, but they do not + * seem to be sensible in real world (e.g. specific IPv4 with wildcard MAC + * going with a wildcard IPv4 with a specific MAC). + */ + return m->prefix_len + mac_bits_set + m->is_ipv6 + 10 * m->count; } static int -- cgit 1.2.3-korg