diff options
author | Pavel Kotucek <pkotucek@cisco.com> | 2017-09-07 14:44:52 +0200 |
---|---|---|
committer | Florin Coras <florin.coras@gmail.com> | 2017-09-08 05:51:24 +0000 |
commit | 932f74196d9571fd007cef32c234bd00ab75975e (patch) | |
tree | edc55da6de1bc40a35d886b2c8844ae09d3212b0 /src | |
parent | a546ef96a8170aeea70d771ee45662cadc628344 (diff) |
ACL-plugin MACIP ACLs tests
Change-Id: Ie40c837358454cfe9475cb2c14fdf20b24fa6602
Signed-off-by: Pavel Kotucek <pkotucek@cisco.com>
Diffstat (limited to 'src')
-rw-r--r-- | src/plugins/acl/acl.c | 18 |
1 files changed, 16 insertions, 2 deletions
diff --git a/src/plugins/acl/acl.c b/src/plugins/acl/acl.c index 1ded1afa40c..bf484f6cc41 100644 --- a/src/plugins/acl/acl.c +++ b/src/plugins/acl/acl.c @@ -949,8 +949,22 @@ macip_find_match_type (macip_match_type_t * mv, u8 * mac_mask, u8 prefix_len, static int match_type_metric (macip_match_type_t * m) { - /* FIXME: count the ones in the MAC mask as well, check how well this heuristic works in real life */ - return m->prefix_len + m->is_ipv6 + 10 * m->count; + unsigned int mac_bits_set = 0; + unsigned int mac_byte; + int i; + for (i=0; i<6; i++) + { + mac_byte = m->mac_mask[i]; + for (; mac_byte; mac_byte >>= 1) + mac_bits_set += mac_byte & 1; + } + /* + * Attempt to place the more specific and the more used rules on top. + * There are obvious caveat corner cases to this, but they do not + * seem to be sensible in real world (e.g. specific IPv4 with wildcard MAC + * going with a wildcard IPv4 with a specific MAC). + */ + return m->prefix_len + mac_bits_set + m->is_ipv6 + 10 * m->count; } static int |