summaryrefslogtreecommitdiffstats
path: root/src/plugins/acl/hash_lookup.h
diff options
context:
space:
mode:
authorAndrew Yourtchenko <ayourtch@gmail.com>2018-03-21 19:53:39 +0100
committerDamjan Marion <dmarion.lists@gmail.com>2018-03-22 20:50:09 +0000
commit94f9a6de3f706243d138e05b63fef1d5c8174f6c (patch)
tree5e50ccf062229f3d60b9ec656c6ca53cae0c5455 /src/plugins/acl/hash_lookup.h
parent8ced6e1a53d6a828debe7dc2396c7eb7d6866e4a (diff)
acl-plugin: implement ACL lookup contexts for "ACL as a service" use by other plugins
This code implements the functionality required for other plugins wishing to perform ACL lookups in the contexts of their choice, rather than only in the context of the interface in/out. The lookups are the stateless ACLs - there is no concept of "direction" within the context, hence no concept of "connection" either. The plugins need to include the The file acl_lookup_context.md has more info. Change-Id: I91ba97428cc92b24d1517e808dc2fd8e56ea2f8d Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Diffstat (limited to 'src/plugins/acl/hash_lookup.h')
-rw-r--r--src/plugins/acl/hash_lookup.h29
1 files changed, 6 insertions, 23 deletions
diff --git a/src/plugins/acl/hash_lookup.h b/src/plugins/acl/hash_lookup.h
index 2d7058e80ee..e401d3cbc8b 100644
--- a/src/plugins/acl/hash_lookup.h
+++ b/src/plugins/acl/hash_lookup.h
@@ -19,6 +19,7 @@
#define _ACL_HASH_LOOKUP_H_
#include <stddef.h>
+#include "lookup_context.h"
#include "acl.h"
/*
@@ -26,11 +27,11 @@
* during the packet processing
*/
-void hash_acl_apply(acl_main_t *am, u32 sw_if_index, u8 is_input, int acl_index);
+void hash_acl_apply(acl_main_t *am, u32 lc_index, int acl_index, u32 acl_position);
-/* Remove the ACL from the packet processing lookups on a given interface */
+/* Remove the ACL from the packet processing in a given lookup context */
-void hash_acl_unapply(acl_main_t *am, u32 sw_if_index, u8 is_input, int acl_index);
+void hash_acl_unapply(acl_main_t *am, u32 lc_index, int acl_index);
/*
* Add an ACL or delete an ACL. ACL may already have been referenced elsewhere,
@@ -40,25 +41,7 @@ void hash_acl_unapply(acl_main_t *am, u32 sw_if_index, u8 is_input, int acl_inde
void hash_acl_add(acl_main_t *am, int acl_index);
void hash_acl_delete(acl_main_t *am, int acl_index);
-/*
- * Do the work required to match a given 5-tuple from the packet,
- * and return the action as well as populate the values pointed
- * to by the *_match_p pointers and maybe trace_bitmap.
- */
-
-u8
-hash_multi_acl_match_5tuple (u32 sw_if_index, fa_5tuple_t * pkt_5tuple, int is_l2,
- int is_ip6, int is_input, u32 * acl_match_p,
- u32 * rule_match_p, u32 * trace_bitmap);
-
-
-/*
- * The debug function to show the contents of the ACL lookup hash
- */
-void show_hash_acl_hash(vlib_main_t * vm, acl_main_t *am, u32 verbose);
-
-/* Debug functions to turn validate/trace on and off */
-void acl_plugin_hash_acl_set_validate_heap(acl_main_t *am, int on);
-void acl_plugin_hash_acl_set_trace_heap(acl_main_t *am, int on);
+/* return if there is already a filled-in hash acl info */
+int hash_acl_exists(acl_main_t *am, int acl_index);
#endif