summaryrefslogtreecommitdiffstats
path: root/src/vnet/classify/in_out_acl.h
diff options
context:
space:
mode:
authorBenoît Ganne <bganne@cisco.com>2021-09-30 13:41:00 +0200
committerNeale Ranns <neale@graphiant.com>2021-10-06 11:58:43 +0000
commitabb2a42239430a1a67b259b931848a9195402d1a (patch)
treeebc0c6ed52424f0bea5130090a00b96053e4b451 /src/vnet/classify/in_out_acl.h
parent7b3a3df263c7a5bf549f350553cbd9bce7ee40b3 (diff)
ip: add classifier-based ACLs support on ip punt
This feature allows one to add classifier-based ACLs on packets punted from the ip infra, eg. to only whitelist specific sender(s). Type: feature Change-Id: Idab37b188583efbca980038875fc3e540cb2e880 Signed-off-by: Benoît Ganne <bganne@cisco.com>
Diffstat (limited to 'src/vnet/classify/in_out_acl.h')
-rw-r--r--src/vnet/classify/in_out_acl.h16
1 files changed, 9 insertions, 7 deletions
diff --git a/src/vnet/classify/in_out_acl.h b/src/vnet/classify/in_out_acl.h
index be0323055d8..331c64f531f 100644
--- a/src/vnet/classify/in_out_acl.h
+++ b/src/vnet/classify/in_out_acl.h
@@ -31,6 +31,8 @@ typedef enum
IN_OUT_ACL_TABLE_IP4,
IN_OUT_ACL_TABLE_IP6,
IN_OUT_ACL_TABLE_L2,
+ IN_OUT_ACL_TABLE_IP4_PUNT,
+ IN_OUT_ACL_TABLE_IP6_PUNT,
IN_OUT_ACL_N_TABLES,
} in_out_acl_table_id_t;
@@ -59,14 +61,14 @@ typedef struct
extern in_out_acl_main_t in_out_acl_main;
-int vnet_set_in_out_acl_intfc (vlib_main_t * vm, u32 sw_if_index,
- u32 ip4_table_index,
- u32 ip6_table_index,
- u32 l2_table_index, u32 is_add, u32 is_output);
+int vnet_set_in_out_acl_intfc (vlib_main_t *vm, u32 sw_if_index,
+ u32 ip4_table_index, u32 ip6_table_index,
+ u32 l2_table_index, u32 ip4_punt_table_index,
+ u32 ip6_punt_table_index, u32 is_add,
+ u32 is_output);
-int vnet_set_input_acl_intfc (vlib_main_t * vm, u32 sw_if_index,
- u32 ip4_table_index,
- u32 ip6_table_index,
+int vnet_set_input_acl_intfc (vlib_main_t *vm, u32 sw_if_index,
+ u32 ip4_table_index, u32 ip6_table_index,
u32 l2_table_index, u32 is_add);
int vnet_set_output_acl_intfc (vlib_main_t * vm, u32 sw_if_index,