summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--src/plugins/acl/acl.api23
-rw-r--r--src/plugins/acl/acl.c29
-rw-r--r--src/plugins/acl/acl_test.c36
3 files changed, 83 insertions, 5 deletions
diff --git a/src/plugins/acl/acl.api b/src/plugins/acl/acl.api
index b58ed76673a..cde46c444dd 100644
--- a/src/plugins/acl/acl.api
+++ b/src/plugins/acl/acl.api
@@ -19,7 +19,7 @@
used to control the ACL plugin
*/
-option version = "1.0.0";
+option version = "1.0.1";
/** \brief Get the plugin version
@param client_index - opaque cookie to identify the sender
@@ -69,6 +69,27 @@ define acl_plugin_control_ping_reply
u32 vpe_pid;
};
+/** \brief Get Connection table max entries
+ @param client_index - opaque cookie to identify the sender
+ @param context - sender context, to match reply w/ request
+*/
+
+define acl_plugin_get_conn_table_max_entries
+{
+ u32 client_index;
+ u32 context;
+};
+
+/** \brief Reply to get connection table max entries
+ @param context - sender context, to match reply w/ request
+ @param conn_table_max_entries - the value of maximum entries of connection table
+*/
+define acl_plugin_get_conn_table_max_entries_reply
+{
+ u32 context;
+ u64 conn_table_max_entries;
+};
+
/** \brief Access List Rule entry
@param is_permit - deny (0), permit (1), or permit+reflect(2) action on this rule.
@param is_ipv6 - IP addresses in this rule are IPv6 (1) or IPv4 (0)
diff --git a/src/plugins/acl/acl.c b/src/plugins/acl/acl.c
index d4cbeb2ef0d..1e040b6a036 100644
--- a/src/plugins/acl/acl.c
+++ b/src/plugins/acl/acl.c
@@ -85,7 +85,8 @@ _(MACIP_ACL_DUMP, macip_acl_dump) \
_(MACIP_ACL_INTERFACE_GET, macip_acl_interface_get) \
_(MACIP_ACL_INTERFACE_LIST_DUMP, macip_acl_interface_list_dump) \
_(ACL_INTERFACE_SET_ETYPE_WHITELIST, acl_interface_set_etype_whitelist) \
-_(ACL_INTERFACE_ETYPE_WHITELIST_DUMP, acl_interface_etype_whitelist_dump)
+_(ACL_INTERFACE_ETYPE_WHITELIST_DUMP, acl_interface_etype_whitelist_dump) \
+_(ACL_PLUGIN_GET_CONN_TABLE_MAX_ENTRIES,acl_plugin_get_conn_table_max_entries)
/* *INDENT-OFF* */
@@ -297,6 +298,32 @@ acl_print_acl_x (acl_vector_print_func_t vpr, vlib_main_t * vm,
}
static void
+ vl_api_acl_plugin_get_conn_table_max_entries_t_handler
+ (vl_api_acl_plugin_get_conn_table_max_entries_t * mp)
+{
+ acl_main_t *am = &acl_main;
+ vl_api_acl_plugin_get_conn_table_max_entries_reply_t *rmp;
+ int msg_size = sizeof (*rmp);
+ unix_shared_memory_queue_t *q;
+
+ q = vl_api_client_index_to_input_queue (mp->client_index);
+ if (q == 0)
+ {
+ return;
+ }
+
+ rmp = vl_msg_api_alloc (msg_size);
+ memset (rmp, 0, msg_size);
+ rmp->_vl_msg_id =
+ ntohs (VL_API_ACL_PLUGIN_GET_CONN_TABLE_MAX_ENTRIES_REPLY +
+ am->msg_id_base);
+ rmp->context = mp->context;
+ rmp->conn_table_max_entries = __bswap_64 (am->fa_conn_table_max_entries);
+
+ vl_msg_api_send_shmem (q, (u8 *) & rmp);
+}
+
+static void
acl_print_acl (vlib_main_t * vm, acl_main_t * am, int acl_index)
{
acl_print_acl_x (print_cli_and_reset, vm, am, acl_index);
diff --git a/src/plugins/acl/acl_test.c b/src/plugins/acl/acl_test.c
index ef98f79351f..19a6f915381 100644
--- a/src/plugins/acl/acl_test.c
+++ b/src/plugins/acl/acl_test.c
@@ -175,7 +175,14 @@ static void vl_api_acl_interface_etype_whitelist_details_t_handler
vam->result_ready = 1;
}
-
+static void vl_api_acl_plugin_get_conn_table_max_entries_reply_t_handler
+ (vl_api_acl_plugin_get_conn_table_max_entries_reply_t * mp)
+ {
+ vat_main_t * vam = acl_test_main.vat_main;
+ clib_warning("\nConn table max entries: %d",
+ __bswap_64(mp->conn_table_max_entries) );
+ vam->result_ready = 1;
+ }
static inline u8 *
vl_api_acl_rule_t_pretty_format (u8 *out, vl_api_acl_rule_t * a)
@@ -302,7 +309,8 @@ _(MACIP_ACL_DETAILS, macip_acl_details) \
_(MACIP_ACL_INTERFACE_ADD_DEL_REPLY, macip_acl_interface_add_del_reply) \
_(MACIP_ACL_INTERFACE_GET_REPLY, macip_acl_interface_get_reply) \
_(ACL_PLUGIN_CONTROL_PING_REPLY, acl_plugin_control_ping_reply) \
-_(ACL_PLUGIN_GET_VERSION_REPLY, acl_plugin_get_version_reply)
+_(ACL_PLUGIN_GET_VERSION_REPLY, acl_plugin_get_version_reply) \
+_(ACL_PLUGIN_GET_CONN_TABLE_MAX_ENTRIES_REPLY,acl_plugin_get_conn_table_max_entries_reply)
static int api_acl_plugin_get_version (vat_main_t * vam)
{
@@ -545,6 +553,27 @@ static int api_acl_add_replace (vat_main_t * vam)
return ret;
}
+static int api_acl_plugin_get_conn_table_max_entries (vat_main_t * vam)
+{
+ acl_test_main_t * sm = &acl_test_main;
+ vl_api_acl_plugin_get_conn_table_max_entries_t * mp;
+ u32 msg_size = sizeof(*mp);
+ int ret;
+
+ vam->result_ready = 0;
+ mp = vl_msg_api_alloc_as_if_client(msg_size);
+ memset (mp, 0, msg_size);
+ mp->_vl_msg_id = ntohs (VL_API_ACL_PLUGIN_GET_CONN_TABLE_MAX_ENTRIES + sm->msg_id_base);
+ mp->client_index = vam->my_client_index;
+
+ /* send it... */
+ S(mp);
+
+ /* Wait for a reply... */
+ W (ret);
+ return ret;
+}
+
/*
* Read the series of ACL entries from file in the following format:
@@ -1455,7 +1484,8 @@ _(macip_acl_add_replace, "<acl-idx> [<ipv4|ipv6> <permit|deny|action N> [count <
_(macip_acl_del, "<acl-idx>")\
_(macip_acl_dump, "[<acl-idx>]") \
_(macip_acl_interface_add_del, "<intfc> | sw_if_index <if-idx> [add|del] acl <acl-idx>") \
-_(macip_acl_interface_get, "")
+_(macip_acl_interface_get, "") \
+_(acl_plugin_get_conn_table_max_entries, "")
static