diff options
author | Andrew Yourtchenko <ayourtch@gmail.com> | 2018-03-21 19:53:39 +0100 |
---|---|---|
committer | Damjan Marion <dmarion.lists@gmail.com> | 2018-03-22 20:50:09 +0000 |
commit | 94f9a6de3f706243d138e05b63fef1d5c8174f6c (patch) | |
tree | 5e50ccf062229f3d60b9ec656c6ca53cae0c5455 /src/plugins/acl/lookup_context.h | |
parent | 8ced6e1a53d6a828debe7dc2396c7eb7d6866e4a (diff) |
acl-plugin: implement ACL lookup contexts for "ACL as a service" use by other plugins
This code implements the functionality required for other plugins wishing
to perform ACL lookups in the contexts of their choice, rather than only
in the context of the interface in/out.
The lookups are the stateless ACLs - there is no concept of "direction"
within the context, hence no concept of "connection" either.
The plugins need to include the
The file acl_lookup_context.md has more info.
Change-Id: I91ba97428cc92b24d1517e808dc2fd8e56ea2f8d
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Diffstat (limited to 'src/plugins/acl/lookup_context.h')
-rw-r--r-- | src/plugins/acl/lookup_context.h | 60 |
1 files changed, 60 insertions, 0 deletions
diff --git a/src/plugins/acl/lookup_context.h b/src/plugins/acl/lookup_context.h new file mode 100644 index 00000000000..f5888a9c6fb --- /dev/null +++ b/src/plugins/acl/lookup_context.h @@ -0,0 +1,60 @@ +/* + * Copyright (c) 2018 Cisco and/or its affiliates. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef included_acl_lookup_context_h +#define included_acl_lookup_context_h + +typedef struct { + /* A name of the portion of the code using the ACL infra */ + char *user_module_name; + /* text label for the first u32 user value assigned to context */ + char *val1_label; + /* text label for the second u32 user value assigned to context */ + char *val2_label; + /* vector of lookup contexts of this user */ + u32 *lookup_contexts; +} acl_lookup_context_user_t; + +typedef struct { + /* vector of acl #s within this context */ + u32 *acl_indices; + /* index of corresponding acl_lookup_context_user_t */ + u32 context_user_id; + /* per-instance user value 1 */ + u32 user_val1; + /* per-instance user value 2 */ + u32 user_val2; +} acl_lookup_context_t; + +void acl_plugin_lookup_context_notify_acl_change(u32 acl_num); + +void acl_plugin_show_lookup_context (u32 lc_index); +void acl_plugin_show_lookup_user (u32 user_index); + + +/* These are in the hash matching for now */ +void acl_plugin_show_tables_mask_type (void); +void acl_plugin_show_tables_acl_hash_info (u32 acl_index); +void acl_plugin_show_tables_applied_info (u32 sw_if_index); +void acl_plugin_show_tables_bihash (u32 show_bihash_verbose); + +/* Debug functions to turn validate/trace on and off */ +void acl_plugin_hash_acl_set_validate_heap(int on); +void acl_plugin_hash_acl_set_trace_heap(int on); + + + +#endif + |