aboutsummaryrefslogtreecommitdiffstats
path: root/src/plugins/acl
diff options
context:
space:
mode:
authorAndrew Yourtchenko <ayourtch@gmail.com>2019-03-20 11:11:19 +0100
committerDamjan Marion <dmarion@me.com>2019-03-22 17:33:09 +0000
commitb5395729c7b08c88f2e520c06b0edec28d3a1fe1 (patch)
tree8eaa6ef43d59bebd649351295bdf11224b26dac1 /src/plugins/acl
parent063dfa1587a58319fac139eab5e655ad1c555e33 (diff)
acl-plugin: get rid of a separate "count" field in the linear acl struct
Long time ago, the linear array of rules in the ACL structure was not a vector. Now it is, so get rid of the extraneous "count" member. Do so in a manner that would ease potential the MP-safe manipulation of ACL rules in the future. Change-Id: Ib9c0731e4f21723c9ec4d7f00c3e5ead8e1e97bd Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Diffstat (limited to 'src/plugins/acl')
-rw-r--r--src/plugins/acl/acl.c17
-rw-r--r--src/plugins/acl/acl.h1
-rw-r--r--src/plugins/acl/hash_lookup.c10
-rw-r--r--src/plugins/acl/public_inlines.h8
4 files changed, 18 insertions, 18 deletions
diff --git a/src/plugins/acl/acl.c b/src/plugins/acl/acl.c
index 1e040b6a036..396fe1fd114 100644
--- a/src/plugins/acl/acl.c
+++ b/src/plugins/acl/acl.c
@@ -260,13 +260,14 @@ acl_print_acl_x (acl_vector_print_func_t vpr, vlib_main_t * vm,
acl_main_t * am, int acl_index)
{
acl_rule_t *r;
+ acl_rule_t *acl_rules = am->acls[acl_index].rules;
u8 *out0 = format (0, "acl-index %u count %u tag {%s}\n", acl_index,
- am->acls[acl_index].count, am->acls[acl_index].tag);
+ vec_len (acl_rules), am->acls[acl_index].tag);
int j;
vpr (vm, out0);
- for (j = 0; j < am->acls[acl_index].count; j++)
+ for (j = 0; j < vec_len (acl_rules); j++)
{
- r = &am->acls[acl_index].rules[j];
+ r = &acl_rules[j];
out0 = format (out0, " %9d: %s ", j, r->is_ipv6 ? "ipv6" : "ipv4");
out0 = format_acl_action (out0, r->is_permit);
out0 = format (out0, " src %U/%d", format_ip46_address, &r->src,
@@ -457,7 +458,6 @@ acl_add_list (u32 count, vl_api_acl_rule_t rules[],
vec_free (a->rules);
}
a->rules = acl_new_rules;
- a->count = count;
memcpy (a->tag, tag, sizeof (a->tag));
if (am->trace_acl > 255)
warning_acl_print_acl (am->vlib_main, am, *acl_list_index);
@@ -2003,7 +2003,8 @@ send_acl_details (acl_main_t * am, vl_api_registration_t * reg,
vl_api_acl_details_t *mp;
vl_api_acl_rule_t *rules;
int i;
- int msg_size = sizeof (*mp) + sizeof (mp->r[0]) * acl->count;
+ acl_rule_t *acl_rules = acl->rules;
+ int msg_size = sizeof (*mp) + sizeof (mp->r[0]) * vec_len (acl_rules);
void *oldheap = acl_set_heap (am);
mp = vl_msg_api_alloc (msg_size);
@@ -2012,14 +2013,14 @@ send_acl_details (acl_main_t * am, vl_api_registration_t * reg,
/* fill in the message */
mp->context = context;
- mp->count = htonl (acl->count);
+ mp->count = htonl (vec_len (acl_rules));
mp->acl_index = htonl (acl - am->acls);
memcpy (mp->tag, acl->tag, sizeof (mp->tag));
// clib_memcpy (mp->r, acl->rules, acl->count * sizeof(acl->rules[0]));
rules = mp->r;
- for (i = 0; i < acl->count; i++)
+ for (i = 0; i < vec_len (acl_rules); i++)
{
- copy_acl_rule_to_api_rule (&rules[i], &acl->rules[i]);
+ copy_acl_rule_to_api_rule (&rules[i], &acl_rules[i]);
}
clib_mem_set_heap (oldheap);
diff --git a/src/plugins/acl/acl.h b/src/plugins/acl/acl.h
index ef2f25a8631..53650916423 100644
--- a/src/plugins/acl/acl.h
+++ b/src/plugins/acl/acl.h
@@ -91,7 +91,6 @@ typedef struct
/** Required for pool_get_aligned */
CLIB_CACHE_LINE_ALIGN_MARK(cacheline0);
u8 tag[64];
- u32 count;
acl_rule_t *rules;
} acl_list_t;
diff --git a/src/plugins/acl/hash_lookup.c b/src/plugins/acl/hash_lookup.c
index ff671d1c092..ccae26453d3 100644
--- a/src/plugins/acl/hash_lookup.c
+++ b/src/plugins/acl/hash_lookup.c
@@ -1182,7 +1182,7 @@ void hash_acl_add(acl_main_t *am, int acl_index)
void *oldheap = hash_acl_set_heap(am);
DBG("HASH ACL add : %d", acl_index);
int i;
- acl_list_t *a = &am->acls[acl_index];
+ acl_rule_t *acl_rules = am->acls[acl_index].rules;
vec_validate(am->hash_acl_infos, acl_index);
hash_acl_info_t *ha = vec_elt_at_index(am->hash_acl_infos, acl_index);
clib_memset(ha, 0, sizeof(*ha));
@@ -1192,19 +1192,19 @@ void hash_acl_add(acl_main_t *am, int acl_index)
is a mask type, increment a reference count for that mask type */
/* avoid small requests by preallocating the entire vector before running the additions */
- if (a->count > 0) {
- vec_validate(ha->rules, a->count-1);
+ if (vec_len(acl_rules) > 0) {
+ vec_validate(ha->rules, vec_len(acl_rules)-1);
vec_reset_length(ha->rules);
}
- for(i=0; i < a->count; i++) {
+ for(i=0; i < vec_len(acl_rules); i++) {
hash_ace_info_t ace_info;
fa_5tuple_t mask;
clib_memset(&ace_info, 0, sizeof(ace_info));
ace_info.acl_index = acl_index;
ace_info.ace_index = i;
- make_mask_and_match_from_rule(&mask, &a->rules[i], &ace_info);
+ make_mask_and_match_from_rule(&mask, &acl_rules[i], &ace_info);
mask.pkt.flags_reserved = 0b000;
ace_info.base_mask_type_index = assign_mask_type_index(am, &mask);
/* assign the mask type index for matching itself */
diff --git a/src/plugins/acl/public_inlines.h b/src/plugins/acl/public_inlines.h
index ba174c9b2a6..03b64012a74 100644
--- a/src/plugins/acl/public_inlines.h
+++ b/src/plugins/acl/public_inlines.h
@@ -292,8 +292,8 @@ single_acl_match_5tuple (acl_main_t * am, u32 acl_index, fa_5tuple_t * pkt_5tupl
u32 * r_rule_match_p, u32 * trace_bitmap)
{
int i;
- acl_list_t *a;
acl_rule_t *r;
+ acl_rule_t *acl_rules;
if (pool_is_free_index (am->acls, acl_index))
{
@@ -304,10 +304,10 @@ single_acl_match_5tuple (acl_main_t * am, u32 acl_index, fa_5tuple_t * pkt_5tupl
/* the ACL does not exist but is used for policy. Block traffic. */
return 0;
}
- a = am->acls + acl_index;
- for (i = 0; i < a->count; i++)
+ acl_rules = am->acls[acl_index].rules;
+ for (i = 0; i < vec_len(acl_rules); i++)
{
- r = a->rules + i;
+ r = &acl_rules[i];
if (is_ip6 != r->is_ipv6)
{
continue;