aboutsummaryrefslogtreecommitdiffstats
path: root/plugins/acl-plugin/acl/acl_test.c
diff options
context:
space:
mode:
Diffstat (limited to 'plugins/acl-plugin/acl/acl_test.c')
-rw-r--r--plugins/acl-plugin/acl/acl_test.c30
1 files changed, 28 insertions, 2 deletions
diff --git a/plugins/acl-plugin/acl/acl_test.c b/plugins/acl-plugin/acl/acl_test.c
index a0e413e16da..cef90ff8278 100644
--- a/plugins/acl-plugin/acl/acl_test.c
+++ b/plugins/acl-plugin/acl/acl_test.c
@@ -161,14 +161,14 @@ vl_api_acl_rule_t_pretty_format (u8 *out, vl_api_acl_rule_t * a)
inet_ntop(af, a->src_ip_addr, (void *)src, sizeof(src));
inet_ntop(af, a->dst_ip_addr, (void *)dst, sizeof(dst));
- out = format(out, "%s action %d src %s/%d dst %s/%d proto %d sport %d-%d dport %d-%d tcpflags %d %d",
+ out = format(out, "%s action %d src %s/%d dst %s/%d proto %d sport %d-%d dport %d-%d tcpflags %d mask %d",
a->is_ipv6 ? "ipv6" : "ipv4", a->is_permit,
src, a->src_ip_prefix_len,
dst, a->dst_ip_prefix_len,
a->proto,
a->srcport_or_icmptype_first, a->srcport_or_icmptype_last,
a->dstport_or_icmpcode_first, a->dstport_or_icmpcode_last,
- a->tcp_flags_mask, a->tcp_flags_value);
+ a->tcp_flags_value, a->tcp_flags_mask);
return(out);
}
@@ -362,6 +362,7 @@ static int api_acl_add_replace (vat_main_t * vam)
vl_api_acl_rule_t *rules = 0;
int rule_idx = 0;
int n_rules = 0;
+ int n_rules_override = -1;
u32 proto = 0;
u32 port1 = 0;
u32 port2 = 0;
@@ -398,6 +399,10 @@ static int api_acl_add_replace (vat_main_t * vam)
vec_validate_acl_rules(rules, rule_idx);
rules[rule_idx].is_permit = 1;
}
+ else if (unformat (i, "count %d", &n_rules_override))
+ {
+ /* we will use this later */
+ }
else if (unformat (i, "action %d", &action))
{
vec_validate_acl_rules(rules, rule_idx);
@@ -465,6 +470,12 @@ static int api_acl_add_replace (vat_main_t * vam)
rules[rule_idx].tcp_flags_value = tcpflags;
rules[rule_idx].tcp_flags_mask = tcpmask;
}
+ else if (unformat (i, "tcpflags %d mask %d", &tcpflags, &tcpmask))
+ {
+ vec_validate_acl_rules(rules, rule_idx);
+ rules[rule_idx].tcp_flags_value = tcpflags;
+ rules[rule_idx].tcp_flags_mask = tcpmask;
+ }
else if (unformat (i, "proto %d", &proto))
{
vec_validate_acl_rules(rules, rule_idx);
@@ -490,6 +501,9 @@ static int api_acl_add_replace (vat_main_t * vam)
else
n_rules = 0;
+ if (n_rules_override >= 0)
+ n_rules = n_rules_override;
+
msg_size += n_rules*sizeof(rules[0]);
mp = vl_msg_api_alloc_as_if_client(msg_size);
@@ -847,6 +861,7 @@ static int api_macip_acl_add (vat_main_t * vam)
vl_api_macip_acl_rule_t *rules = 0;
int rule_idx = 0;
int n_rules = 0;
+ int n_rules_override = -1;
u32 src_prefix_length = 0;
u32 action = 0;
ip4_address_t src_v4address;
@@ -877,6 +892,10 @@ static int api_macip_acl_add (vat_main_t * vam)
vec_validate_macip_acl_rules(rules, rule_idx);
rules[rule_idx].is_permit = 0;
}
+ else if (unformat (i, "count %d", &n_rules_override))
+ {
+ /* we will use this later */
+ }
else if (unformat (i, "action %d", &action))
{
vec_validate_macip_acl_rules(rules, rule_idx);
@@ -890,6 +909,10 @@ static int api_macip_acl_add (vat_main_t * vam)
rules[rule_idx].src_ip_prefix_len = src_prefix_length;
rules[rule_idx].is_ipv6 = 0;
}
+ else if (unformat (i, "src"))
+ {
+ /* Everything in MACIP is "source" but allow this verbosity */
+ }
else if (unformat (i, "ip %U/%d",
unformat_ip6_address, &src_v6address, &src_prefix_length))
{
@@ -931,6 +954,9 @@ static int api_macip_acl_add (vat_main_t * vam)
else
n_rules = 0;
+ if (n_rules_override >= 0)
+ n_rules = n_rules_override;
+
msg_size += n_rules*sizeof(rules[0]);
mp = vl_msg_api_alloc_as_if_client(msg_size);