summaryrefslogtreecommitdiffstats
path: root/src/plugins/acl
diff options
context:
space:
mode:
authorPavel Kotucek <pkotucek@cisco.com>2017-09-07 14:44:52 +0200
committerFlorin Coras <florin.coras@gmail.com>2017-09-08 05:51:24 +0000
commit932f74196d9571fd007cef32c234bd00ab75975e (patch)
treeedc55da6de1bc40a35d886b2c8844ae09d3212b0 /src/plugins/acl
parenta546ef96a8170aeea70d771ee45662cadc628344 (diff)
ACL-plugin MACIP ACLs tests
Change-Id: Ie40c837358454cfe9475cb2c14fdf20b24fa6602 Signed-off-by: Pavel Kotucek <pkotucek@cisco.com>
Diffstat (limited to 'src/plugins/acl')
-rw-r--r--src/plugins/acl/acl.c18
1 files changed, 16 insertions, 2 deletions
diff --git a/src/plugins/acl/acl.c b/src/plugins/acl/acl.c
index 1ded1afa40c..bf484f6cc41 100644
--- a/src/plugins/acl/acl.c
+++ b/src/plugins/acl/acl.c
@@ -949,8 +949,22 @@ macip_find_match_type (macip_match_type_t * mv, u8 * mac_mask, u8 prefix_len,
static int
match_type_metric (macip_match_type_t * m)
{
- /* FIXME: count the ones in the MAC mask as well, check how well this heuristic works in real life */
- return m->prefix_len + m->is_ipv6 + 10 * m->count;
+ unsigned int mac_bits_set = 0;
+ unsigned int mac_byte;
+ int i;
+ for (i=0; i<6; i++)
+ {
+ mac_byte = m->mac_mask[i];
+ for (; mac_byte; mac_byte >>= 1)
+ mac_bits_set += mac_byte & 1;
+ }
+ /*
+ * Attempt to place the more specific and the more used rules on top.
+ * There are obvious caveat corner cases to this, but they do not
+ * seem to be sensible in real world (e.g. specific IPv4 with wildcard MAC
+ * going with a wildcard IPv4 with a specific MAC).
+ */
+ return m->prefix_len + mac_bits_set + m->is_ipv6 + 10 * m->count;
}
static int