mactime: upstream new features

Add per mac address data quotas (simple version) Add mini-ACLs to turf "call home" traffic from a certain species of security DVR. Add FEATURE.yaml Update the API version number Type: feature Feature-name: mactime Change-Id: Ida6945f7791ab43909afa68dcf2f652b20c53afd Signed-off-by: Dave Barach <dave@barachs.net>
author: Dave Barach <dave@barachs.net> 2019-06-03 10:23:30 -0400
committer: Damjan Marion <dmarion@me.com> 2019-06-04 07:47:24 +0000
commit: 0c6ac791dde099346af1752aa92d0eb05fc2db11 (patch)
tree: f6dade9bb0beae5efb79cb04feb1fc62ed894679 /src/plugins/mactime/mactime.c
parent: d5cf64f8c2a08d2f41327cc99dd2d96f77d82ca3 (diff)
1 files changed, 71 insertions, 4 deletions
diff --git a/src/plugins/mactime/mactime.c b/src/plugins/mactime/mactime.c
index 1b053faa2e8..d84151ed29e 100644
--- a/src/plugins/mactime/mactime.c
+++ b/src/plugins/mactime/mactime.c
@@ -220,10 +220,13 @@ static void vl_api_mactime_add_del_range_t_handler
   clib_bihash_kv_8_8_t kv;
   int found = 1;
   clib_bihash_8_8_t *lut = &mm->lookup_table;
+  u64 data_quota;
   int i, rv = 0;
 
   feature_init (mm);
 
+  data_quota = clib_net_to_host_u64 (mp->data_quota);
+
   clib_memset (&kv, 0, sizeof (kv));
   memcpy (&kv.key, mp->mac_address, sizeof (mp->mac_address));
 
@@ -272,14 +275,19 @@ static void vl_api_mactime_add_del_range_t_handler
 	      if (mp->allow)
 		dp->flags = MACTIME_DEVICE_FLAG_STATIC_ALLOW;
 	    }
+	  if (mp->no_udp_10001)
+	    dp->flags |= MACTIME_DEVICE_FLAG_DROP_UDP_10001;
+
+	  dp->data_quota = data_quota;
 
 	  /* Add the hash table entry */
 	  kv.value = dp - mm->devices;
 	  clib_bihash_add_del_8_8 (lut, &kv, 1 /* is_add */ );
 	}
-      else			/* add more ranges */
+      else			/* add more ranges, flags, etc. */
 	{
 	  dp = pool_elt_at_index (mm->devices, kv.value);
+
 	  for (i = 0; i < clib_net_to_host_u32 (mp->count); i++)
 	    {
 	      clib_timebase_range_t _r, *r = &_r;
@@ -287,6 +295,27 @@ static void vl_api_mactime_add_del_range_t_handler
 	      r->end = mp->ranges[i].end;
 	      vec_add1 (dp->ranges, r[0]);
 	    }
+
+	  if (vec_len (dp->ranges))
+	    {
+	      /* Set allow/drop based on msg flags */
+	      if (mp->drop)
+		dp->flags = MACTIME_DEVICE_FLAG_DYNAMIC_DROP;
+	      if (mp->allow)
+		dp->flags = MACTIME_DEVICE_FLAG_DYNAMIC_ALLOW;
+	    }
+	  else
+	    {
+	      /* no ranges, it's a static allow/drop */
+	      if (mp->drop)
+		dp->flags = MACTIME_DEVICE_FLAG_STATIC_DROP;
+	      if (mp->allow)
+		dp->flags = MACTIME_DEVICE_FLAG_STATIC_ALLOW;
+	    }
+	  if (mp->no_udp_10001)
+	    dp->flags |= MACTIME_DEVICE_FLAG_DROP_UDP_10001;
+
+	  dp->data_quota = data_quota;
 	}
     }
   else				/* delete case */
@@ -424,6 +453,40 @@ VLIB_PLUGIN_REGISTER () =
 };
 /* *INDENT-ON* */
 
+u8 *
+format_bytes_with_width (u8 * s, va_list * va)
+{
+  uword nbytes = va_arg (*va, u64);
+  int width = va_arg (*va, int);
+  f64 nbytes_f64;
+  u8 *fmt;
+  char *suffix = "";
+
+  fmt = format (0, "%%%d.3f%%s%c", width, 0);
+
+  if (nbytes > (1024ULL * 1024ULL * 1024ULL))
+    {
+      nbytes_f64 = ((f64) nbytes) / (1024.0 * 1024.0 * 1024.0);
+      suffix = "G";
+    }
+  else if (nbytes > (1024ULL * 1024ULL))
+    {
+      nbytes_f64 = ((f64) nbytes) / (1024.0 * 1024.0);
+      suffix = "M";
+    }
+  else if (nbytes > 1024ULL)
+    {
+      nbytes_f64 = ((f64) nbytes) / (1024.0);
+      suffix = "K";
+    }
+  else
+    nbytes_f64 = (f64) nbytes;
+
+  s = format (s, (char *) fmt, nbytes_f64, suffix);
+  vec_free (fmt);
+  return s;
+}
+
 static clib_error_t *
 show_mactime_command_fn (vlib_main_t * vm,
 			 unformat_input_t * input, vlib_cli_command_t * cmd)
@@ -471,7 +534,7 @@ show_mactime_command_fn (vlib_main_t * vm,
   }));
   /* *INDENT-ON* */
 
-  vlib_cli_output (vm, "%-15s %18s %14s %10s %10s %10s",
+  vlib_cli_output (vm, "%-15s %18s %14s %10s %11s %10s",
 		   "Device Name", "Addresses", "Status",
 		   "AllowPkt", "AllowByte", "DropPkt");
 
@@ -543,9 +606,13 @@ show_mactime_command_fn (vlib_main_t * vm,
       vlib_get_combined_counter (&mm->allow_counters, dp - mm->devices,
 				 &allow);
       vlib_get_combined_counter (&mm->drop_counters, dp - mm->devices, &drop);
-      vlib_cli_output (vm, "%-15s %18s %14s %10lld %10lld %10lld",
+      vlib_cli_output (vm, "%-15s %18s %14s %10lld %U %10lld",
 		       dp->device_name, macstring, status_string,
-		       allow.packets, allow.bytes, drop.packets);
+		       allow.packets, format_bytes_with_width, allow.bytes,
+		       10, drop.packets);
+      if (dp->data_quota > 0)
+	vlib_cli_output (vm, "%-54s %s%U", " ", "Quota ",
+			 format_bytes_with_width, dp->data_quota, 10);
       /* This is really only good for small N... */
       for (j = 0; j < vec_len (mm->arp_cache_copy); j++)
 	{
author	Dave Barach <dave@barachs.net>	2019-06-03 10:23:30 -0400
committer	Damjan Marion <dmarion@me.com>	2019-06-04 07:47:24 +0000
commit	0c6ac791dde099346af1752aa92d0eb05fc2db11 (patch)
tree	f6dade9bb0beae5efb79cb04feb1fc62ed894679 /src/plugins/mactime/mactime.c
parent	d5cf64f8c2a08d2f41327cc99dd2d96f77d82ca3 (diff)