acl-plugin: implement ACL lookup contexts for "ACL as a service" use by other plugins

This code implements the functionality required for other plugins wishing
to perform ACL lookups in the contexts of their choice, rather than only
in the context of the interface in/out.

The lookups are the stateless ACLs - there is no concept of "direction"
within the context, hence no concept of "connection" either.

The plugins need to include the

The file acl_lookup_context.md has more info.

Change-Id: I91ba97428cc92b24d1517e808dc2fd8e56ea2f8d
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>

1 files changed, 8 insertions, 3 deletions

diff --git a/src/plugins/acl/fa_node.h b/src/plugins/acl/fa_node.h
index 7ef558e17ea..dc4f87f0eb1 100644
--- a/src/plugins/acl/fa_node.h
+++ b/src/plugins/acl/fa_node.h
@@ -4,6 +4,8 @@
 #include <stddef.h>
 #include <vppinfra/bihash_40_8.h>
 
+// #define FA_NODE_VERBOSE_DEBUG 3
+
 #define TCP_FLAG_FIN    0x01
 #define TCP_FLAG_SYN    0x02
 #define TCP_FLAG_RST    0x04
@@ -22,15 +24,14 @@
 typedef union {
   u64 as_u64;
   struct {
-    u32 sw_if_index;
+    u32 lc_index;
     u16 mask_type_index_lsb;
     u8 tcp_flags;
     u8 tcp_flags_valid:1;
-    u8 is_input:1;
     u8 l4_valid:1;
     u8 is_nonfirst_fragment:1;
     u8 is_ip6:1;
-    u8 flags_reserved:3;
+    u8 flags_reserved:4;
   };
 } fa_packet_info_t;
 
@@ -53,6 +54,10 @@ typedef union {
   clib_bihash_kv_40_8_t kv;
 } fa_5tuple_t;
 
+typedef struct {
+  u8 opaque[sizeof(fa_5tuple_t)];
+} fa_5tuple_opaque_t;
+
 
 typedef struct {
   fa_5tuple_t info; /* (5+1)*8 = 48 bytes */