ip: add classifier-based ACLs support on ip punt

This feature allows one to add classifier-based ACLs on packets punted from the ip infra, eg. to only whitelist specific sender(s). Type: feature Change-Id: Idab37b188583efbca980038875fc3e540cb2e880 Signed-off-by: Benoît Ganne <bganne@cisco.com>
author: Benoît Ganne <bganne@cisco.com> 2021-09-30 13:41:00 +0200
committer: Neale Ranns <neale@graphiant.com> 2021-10-06 11:58:43 +0000
commit: abb2a42239430a1a67b259b931848a9195402d1a (patch)
tree: ebc0c6ed52424f0bea5130090a00b96053e4b451 /src/vnet/classify/classify.api
parent: 7b3a3df263c7a5bf549f350553cbd9bce7ee40b3 (diff)
1 files changed, 16 insertions, 0 deletions
diff --git a/src/vnet/classify/classify.api b/src/vnet/classify/classify.api
index c569fe6a599..d1d7340302f 100644
--- a/src/vnet/classify/classify.api
+++ b/src/vnet/classify/classify.api
@@ -420,6 +420,22 @@ autoreply define input_acl_set_interface
   bool is_add;
 };
 
+/** \brief Add/del punt ACL
+    @param client_index - opaque cookie to identify the sender
+    @param context - sender context, to match reply w/ request
+    @param ip4_table_index - ip4 punt classify table index (~0 for skip)
+    @param ip6_table_index - ip6 punt classify table index (~0 for skip)
+    @param is_add - add punt ACL if non-zero, else delete
+*/
+autoreply define punt_acl_add_del
+{
+  u32 client_index;
+  u32 context;
+  u32 ip4_table_index [default=0xffffffff];
+  u32 ip6_table_index [default=0xffffffff];
+  bool is_add [default=true];
+};
+
 /** \brief Set/unset output ACL interface
     @param client_index - opaque cookie to identify the sender
     @param context - sender context, to match reply w/ request
author	Benoît Ganne <bganne@cisco.com>	2021-09-30 13:41:00 +0200
committer	Neale Ranns <neale@graphiant.com>	2021-10-06 11:58:43 +0000
commit	abb2a42239430a1a67b259b931848a9195402d1a (patch)
tree	ebc0c6ed52424f0bea5130090a00b96053e4b451 /src/vnet/classify/classify.api
parent	7b3a3df263c7a5bf549f350553cbd9bce7ee40b3 (diff)