acl-plugin: add the support for dumping the ethertype whitelist (VPP-1163)

The gerrit 10434 which added the support for whitelist model on ethertypes,
did not include the support to dump the current state.
This patch fills that gap.

Change-Id: I3222078ccb1839dc366140fa5f6b8999b2926fd2
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>

3 files changed, 180 insertions, 1 deletions

diff --git a/src/plugins/acl/acl.api b/src/plugins/acl/acl.api
index 047fc683b87..b58ed76673a 100644
--- a/src/plugins/acl/acl.api
+++ b/src/plugins/acl/acl.api
@@ -496,3 +496,33 @@ autoreply manual_print define acl_interface_set_etype_whitelist
   u16 whitelist[count];
 };
 
+/** \brief Dump the list(s) of Ethertype whitelists applied to specific or all interfaces
+    @param client_index - opaque cookie to identify the sender
+    @param context - sender context, to match reply w/ request
+    @param sw_if_index - interface to dump the ethertype whitelist for
+*/
+
+define acl_interface_etype_whitelist_dump
+{
+  u32 client_index;
+  u32 context;
+  u32 sw_if_index; /* ~0 for all interfaces */
+};
+
+/** \brief Details about ethertype whitelist on a single interface
+    @param context - returned sender context, to match reply w/ request
+    @param sw_if_index - interface for which the list of MACIP ACLs is applied
+    @param count - total number of whitelisted ethertypes in the vector
+    @param n_input - this many first elements correspond to input whitelisted ethertypes, the rest - output
+    @param whitelist - vector of whitelisted ethertypes
+*/
+
+define acl_interface_etype_whitelist_details
+{
+  u32 context;
+  u32 sw_if_index;
+  u8 count;
+  u8 n_input; /* first n_input ethertypes are input, the rest - output */
+  u16 whitelist[count];
+};
+
diff --git a/src/plugins/acl/acl.c b/src/plugins/acl/acl.c
index 169dc12037a..5ab38ef6e56 100644
--- a/src/plugins/acl/acl.c
+++ b/src/plugins/acl/acl.c
@@ -76,7 +76,8 @@ _(MACIP_ACL_INTERFACE_ADD_DEL, macip_acl_interface_add_del) \
 _(MACIP_ACL_DUMP, macip_acl_dump) \
 _(MACIP_ACL_INTERFACE_GET, macip_acl_interface_get) \
 _(MACIP_ACL_INTERFACE_LIST_DUMP, macip_acl_interface_list_dump) \
-_(ACL_INTERFACE_SET_ETYPE_WHITELIST, acl_interface_set_etype_whitelist)
+_(ACL_INTERFACE_SET_ETYPE_WHITELIST, acl_interface_set_etype_whitelist) \
+_(ACL_INTERFACE_ETYPE_WHITELIST_DUMP, acl_interface_etype_whitelist_dump)
 
 
 /* *INDENT-OFF* */
@@ -2696,6 +2697,98 @@ static void
   REPLY_MACRO (VL_API_ACL_INTERFACE_SET_ETYPE_WHITELIST_REPLY);
 }
 
+static void
+send_acl_interface_etype_whitelist_details (acl_main_t * am,
+					    vl_api_registration_t * reg,
+					    u32 sw_if_index, u32 context)
+{
+  vl_api_acl_interface_etype_whitelist_details_t *mp;
+  int msg_size;
+  int n_input = 0;
+  int n_output = 0;
+  int count = 0;
+  int i = 0;
+
+  u16 *whitelist_in = 0;
+  u16 *whitelist_out = 0;
+
+  if (intf_has_etype_whitelist (am, sw_if_index, 0))
+    whitelist_out =
+      vec_elt (am->output_etype_whitelist_by_sw_if_index, sw_if_index);
+
+  if (intf_has_etype_whitelist (am, sw_if_index, 1))
+    whitelist_in =
+      vec_elt (am->input_etype_whitelist_by_sw_if_index, sw_if_index);
+
+  if ((0 == whitelist_in) && (0 == whitelist_out))
+    return;			/* nothing to do */
+
+  void *oldheap = acl_set_heap (am);
+
+  n_input = vec_len (whitelist_in);
+  n_output = vec_len (whitelist_out);
+  count = n_input + n_output;
+
+  msg_size = sizeof (*mp);
+  msg_size += sizeof (mp->whitelist[0]) * count;
+
+  mp = vl_msg_api_alloc (msg_size);
+  memset (mp, 0, msg_size);
+  mp->_vl_msg_id =
+    ntohs (VL_API_ACL_INTERFACE_ETYPE_WHITELIST_DETAILS + am->msg_id_base);
+
+  /* fill in the message */
+  mp->context = context;
+  mp->sw_if_index = htonl (sw_if_index);
+  mp->count = count;
+  mp->n_input = n_input;
+  for (i = 0; i < n_input; i++)
+    {
+      mp->whitelist[i] = whitelist_in[i];
+    }
+  for (i = 0; i < n_output; i++)
+    {
+      mp->whitelist[n_input + i] = whitelist_out[i];
+    }
+  clib_mem_set_heap (oldheap);
+  vl_api_send_msg (reg, (u8 *) mp);
+}
+
+
+static void
+  vl_api_acl_interface_etype_whitelist_dump_t_handler
+  (vl_api_acl_interface_list_dump_t * mp)
+{
+  acl_main_t *am = &acl_main;
+  vnet_sw_interface_t *swif;
+  vnet_interface_main_t *im = &am->vnet_main->interface_main;
+
+  u32 sw_if_index;
+  vl_api_registration_t *reg;
+
+  reg = vl_api_client_index_to_registration (mp->client_index);
+  if (!reg)
+    return;
+
+  if (mp->sw_if_index == ~0)
+    {
+    /* *INDENT-OFF* */
+    pool_foreach (swif, im->sw_interfaces,
+    ({
+      send_acl_interface_etype_whitelist_details(am, reg, swif->sw_if_index, mp->context);
+    }));
+    /* *INDENT-ON* */
+    }
+  else
+    {
+      sw_if_index = ntohl (mp->sw_if_index);
+      if (!pool_is_free_index (im->sw_interfaces, sw_if_index))
+	send_acl_interface_etype_whitelist_details (am, reg, sw_if_index,
+						    mp->context);
+    }
+}
+
+
 
 /* Set up the API message handling tables */
 static clib_error_t *
diff --git a/src/plugins/acl/acl_test.c b/src/plugins/acl/acl_test.c
index c264034c939..1b565995308 100644
--- a/src/plugins/acl/acl_test.c
+++ b/src/plugins/acl/acl_test.c
@@ -155,6 +155,27 @@ static void vl_api_acl_interface_list_details_t_handler
         vam->result_ready = 1;
     }
 
+static void vl_api_acl_interface_etype_whitelist_details_t_handler
+    (vl_api_acl_interface_etype_whitelist_details_t * mp)
+    {
+        int i;
+        vat_main_t * vam = acl_test_main.vat_main;
+        u8 *out = 0;
+        vl_api_acl_interface_etype_whitelist_details_t_endian(mp);
+	out = format(out, "sw_if_index: %d, count: %d, n_input: %d\n", mp->sw_if_index, mp->count, mp->n_input);
+        out = format(out, "   input ");
+	for(i=0; i<mp->count; i++) {
+          if (i == mp->n_input)
+            out = format(out, "\n  output ");
+	  out = format(out, "%04x ", mp->whitelist[i]);
+	}
+        out = format(out, "\n");
+        clib_warning("%s", out);
+        vec_free(out);
+        vam->result_ready = 1;
+    }
+
+
 
 static inline u8 *
 vl_api_acl_rule_t_pretty_format (u8 *out, vl_api_acl_rule_t * a)
@@ -271,6 +292,7 @@ _(ACL_DEL_REPLY, acl_del_reply) \
 _(ACL_INTERFACE_ADD_DEL_REPLY, acl_interface_add_del_reply)  \
 _(ACL_INTERFACE_SET_ACL_LIST_REPLY, acl_interface_set_acl_list_reply) \
 _(ACL_INTERFACE_SET_ETYPE_WHITELIST_REPLY, acl_interface_set_etype_whitelist_reply) \
+_(ACL_INTERFACE_ETYPE_WHITELIST_DETAILS, acl_interface_etype_whitelist_details)  \
 _(ACL_INTERFACE_LIST_DETAILS, acl_interface_list_details)  \
 _(ACL_DETAILS, acl_details)  \
 _(MACIP_ACL_ADD_REPLY, macip_acl_add_reply) \
@@ -907,6 +929,39 @@ static int api_macip_acl_dump (vat_main_t * vam)
     return ret;
 }
 
+static int api_acl_interface_etype_whitelist_dump (vat_main_t * vam)
+{
+    unformat_input_t * i = vam->input;
+    u32 sw_if_index = ~0;
+    vl_api_acl_interface_etype_whitelist_dump_t * mp;
+    int ret;
+
+    /* Parse args required to build the message */
+    while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT) {
+        if (unformat (i, "%U", unformat_sw_if_index, vam, &sw_if_index))
+            ;
+        else if (unformat (i, "sw_if_index %d", &sw_if_index))
+            ;
+        else
+            break;
+    }
+
+    /* Construct the API message */
+    M(ACL_INTERFACE_ETYPE_WHITELIST_DUMP, mp);
+    mp->sw_if_index = ntohl (sw_if_index);
+
+    /* send it... */
+    S(mp);
+
+    /* Use control ping for synchronization */
+    api_acl_send_control_ping(vam);
+
+    /* Wait for a reply... */
+    W (ret);
+    return ret;
+}
+
+
 #define vec_validate_macip_acl_rules(v, idx) \
   do {                                 \
     if (vec_len(v) < idx+1) {  \
@@ -1223,6 +1278,7 @@ _(acl_dump, "[<acl-idx>]") \
 _(acl_interface_add_del, "<intfc> | sw_if_index <if-idx> [add|del] [input|output] acl <acl-idx>") \
 _(acl_interface_set_acl_list, "<intfc> | sw_if_index <if-idx> input [acl-idx list] output [acl-idx list]") \
 _(acl_interface_set_etype_whitelist, "<intfc> | sw_if_index <if-idx> input [ethertype list] output [ethertype list]") \
+_(acl_interface_etype_whitelist_dump, "[<intfc> | sw_if_index <if-idx>]") \
 _(acl_interface_list_dump, "[<intfc> | sw_if_index <if-idx>]") \
 _(macip_acl_add, "...") \
 _(macip_acl_add_replace, "<acl-idx> [<ipv4|ipv6> <permit|deny|action N> [count <count>] [src] ip <ipaddress/[plen]> mac <mac> mask <mac_mask>, ... , ...") \