diff options
Diffstat (limited to 'src/plugins/acl/acl_test.c')
-rw-r--r-- | src/plugins/acl/acl_test.c | 151 |
1 files changed, 88 insertions, 63 deletions
diff --git a/src/plugins/acl/acl_test.c b/src/plugins/acl/acl_test.c index e559f3acc9c..a35f050fcba 100644 --- a/src/plugins/acl/acl_test.c +++ b/src/plugins/acl/acl_test.c @@ -25,9 +25,6 @@ #include <vnet/ip/ip.h> #include <arpa/inet.h> -#include <vnet/ip/ip_format_fns.h> -#include <vnet/ethernet/ethernet_format_fns.h> - #define __plugin_msg_base acl_test_main.msg_id_base #include <vlibapi/vat_helper_macros.h> @@ -159,16 +156,16 @@ static void vl_api_acl_plugin_get_conn_table_max_entries_reply_t_handler static inline u8 * vl_api_acl_rule_t_pretty_format (u8 *out, vl_api_acl_rule_t * a) { - int af = a->src_prefix.address.af ? AF_INET6 : AF_INET; + int af = a->is_ipv6 ? AF_INET6 : AF_INET; u8 src[INET6_ADDRSTRLEN]; u8 dst[INET6_ADDRSTRLEN]; - inet_ntop(af, &a->src_prefix.address.un, (void *)src, sizeof(src)); - inet_ntop(af, &a->dst_prefix.address.un, (void *)dst, sizeof(dst)); + inet_ntop(af, a->src_ip_addr, (void *)src, sizeof(src)); + inet_ntop(af, a->dst_ip_addr, (void *)dst, sizeof(dst)); out = format(out, "%s action %d src %s/%d dst %s/%d proto %d sport %d-%d dport %d-%d tcpflags %d mask %d", - a->src_prefix.address.af ? "ipv6" : "ipv4", a->is_permit, - src, a->src_prefix.len, - dst, a->dst_prefix.len, + a->is_ipv6 ? "ipv6" : "ipv4", a->is_permit, + src, a->src_ip_prefix_len, + dst, a->dst_ip_prefix_len, a->proto, a->srcport_or_icmptype_first, a->srcport_or_icmptype_last, a->dstport_or_icmpcode_first, a->dstport_or_icmpcode_last, @@ -199,13 +196,13 @@ static void vl_api_acl_details_t_handler static inline u8 * vl_api_macip_acl_rule_t_pretty_format (u8 *out, vl_api_macip_acl_rule_t * a) { - int af = a->src_prefix.address.af ? AF_INET6 : AF_INET; + int af = a->is_ipv6 ? AF_INET6 : AF_INET; u8 src[INET6_ADDRSTRLEN]; - inet_ntop(af, &a->src_prefix.address.un, (void *)src, sizeof(src)); + inet_ntop(af, a->src_ip_addr, (void *)src, sizeof(src)); out = format(out, "%s action %d ip %s/%d mac %U mask %U", - a->src_prefix.address.af ? "ipv6" : "ipv4", a->is_permit, - src, a->src_prefix.len, + a->is_ipv6 ? "ipv6" : "ipv4", a->is_permit, + src, a->src_ip_prefix_len, my_format_mac_address, a->src_mac, my_format_mac_address, a->src_mac_mask); return(out); @@ -352,7 +349,17 @@ static int api_acl_add_replace (vat_main_t * vam) while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT) { - if (unformat (i, "permit+reflect")) + if (unformat (i, "ipv6")) + { + vec_validate_acl_rules(rules, rule_idx); + rules[rule_idx].is_ipv6 = 1; + } + else if (unformat (i, "ipv4")) + { + vec_validate_acl_rules(rules, rule_idx); + rules[rule_idx].is_ipv6 = 0; + } + else if (unformat (i, "permit+reflect")) { vec_validate_acl_rules(rules, rule_idx); rules[rule_idx].is_permit = 2; @@ -380,33 +387,33 @@ static int api_acl_add_replace (vat_main_t * vam) unformat_ip4_address, &src_v4address, &src_prefix_length)) { vec_validate_acl_rules(rules, rule_idx); - memcpy (rules[rule_idx].src_prefix.address.un.ip4, &src_v4address, 4); - rules[rule_idx].src_prefix.address.af = ADDRESS_IP4; - rules[rule_idx].src_prefix.len = src_prefix_length; + memcpy (rules[rule_idx].src_ip_addr, &src_v4address, 4); + rules[rule_idx].src_ip_prefix_len = src_prefix_length; + rules[rule_idx].is_ipv6 = 0; } else if (unformat (i, "src %U/%d", unformat_ip6_address, &src_v6address, &src_prefix_length)) { vec_validate_acl_rules(rules, rule_idx); - memcpy (rules[rule_idx].src_prefix.address.un.ip6, &src_v6address, 16); - rules[rule_idx].src_prefix.address.af = ADDRESS_IP6; - rules[rule_idx].src_prefix.len = src_prefix_length; + memcpy (rules[rule_idx].src_ip_addr, &src_v6address, 16); + rules[rule_idx].src_ip_prefix_len = src_prefix_length; + rules[rule_idx].is_ipv6 = 1; } else if (unformat (i, "dst %U/%d", unformat_ip4_address, &dst_v4address, &dst_prefix_length)) { vec_validate_acl_rules(rules, rule_idx); - memcpy (rules[rule_idx].dst_prefix.address.un.ip4, &dst_v4address, 4); - rules[rule_idx].dst_prefix.address.af = ADDRESS_IP4; - rules[rule_idx].dst_prefix.len = dst_prefix_length; + memcpy (rules[rule_idx].dst_ip_addr, &dst_v4address, 4); + rules[rule_idx].dst_ip_prefix_len = dst_prefix_length; + rules[rule_idx].is_ipv6 = 0; } else if (unformat (i, "dst %U/%d", unformat_ip6_address, &dst_v6address, &dst_prefix_length)) { vec_validate_acl_rules(rules, rule_idx); - memcpy (rules[rule_idx].dst_prefix.address.un.ip6, &dst_v6address, 16); - rules[rule_idx].dst_prefix.address.af = ADDRESS_IP6; - rules[rule_idx].dst_prefix.len = dst_prefix_length; + memcpy (rules[rule_idx].dst_ip_addr, &dst_v6address, 16); + rules[rule_idx].dst_ip_prefix_len = dst_prefix_length; + rules[rule_idx].is_ipv6 = 1; } else if (unformat (i, "sport %d-%d", &port1, &port2)) { @@ -644,13 +651,12 @@ api_acl_add_replace_from_file (vat_main_t * vam) rule_idx++; vec_validate_acl_rules(rules, rule_idx); + rules[rule_idx].is_ipv6 = 0; rules[rule_idx].is_permit = is_permit; - memcpy (rules[rule_idx].src_prefix.address.un.ip4, &src_v4address, 4); - rules[rule_idx].src_prefix.address.af = ADDRESS_IP4; - rules[rule_idx].src_prefix.len = src_prefix_length; - memcpy (rules[rule_idx].dst_prefix.address.un.ip4, &dst_v4address, 4); - rules[rule_idx].dst_prefix.address.af = ADDRESS_IP4; - rules[rule_idx].dst_prefix.len = dst_prefix_length; + memcpy (rules[rule_idx].src_ip_addr, &src_v4address, 4); + rules[rule_idx].src_ip_prefix_len = src_prefix_length; + memcpy (rules[rule_idx].dst_ip_addr, &dst_v4address, 4); + rules[rule_idx].dst_ip_prefix_len = dst_prefix_length; rules[rule_idx].srcport_or_icmptype_first = htons(sport_low); rules[rule_idx].srcport_or_icmptype_last = htons(sport_high); rules[rule_idx].dstport_or_icmpcode_first = htons(dport_low); @@ -665,23 +671,22 @@ api_acl_add_replace_from_file (vat_main_t * vam) rule_idx++; vec_validate_acl_rules(rules, rule_idx); + rules[rule_idx].is_ipv6 = 0; rules[rule_idx].is_permit = is_permit == 2 ? 2 : 1; src_v4address.data[0]=0; src_v4address.data[1]=0; src_v4address.data[2]=0; src_v4address.data[3]=0; - memcpy (rules[rule_idx].src_prefix.address.un.ip4, &src_v4address, 4); - rules[rule_idx].src_prefix.address.af = ADDRESS_IP4; - rules[rule_idx].src_prefix.len = 0; + memcpy (rules[rule_idx].src_ip_addr, &src_v4address, 4); + rules[rule_idx].src_ip_prefix_len = 0; dst_v4address.data[0]=0; dst_v4address.data[1]=0; dst_v4address.data[2]=0; dst_v4address.data[3]=0; - memcpy (rules[rule_idx].dst_prefix.address.un.ip4, &dst_v4address, 4); - rules[rule_idx].dst_prefix.address.af = ADDRESS_IP4; - rules[rule_idx].dst_prefix.len = 0; + memcpy (rules[rule_idx].dst_ip_addr, &dst_v4address, 4); + rules[rule_idx].dst_ip_prefix_len = 0; rules[rule_idx].srcport_or_icmptype_first = htons(0); rules[rule_idx].srcport_or_icmptype_last = htons(65535); @@ -1171,7 +1176,17 @@ static int api_macip_acl_add (vat_main_t * vam) while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT) { - if (unformat (i, "permit")) + if (unformat (i, "ipv6")) + { + vec_validate_macip_acl_rules(rules, rule_idx); + rules[rule_idx].is_ipv6 = 1; + } + else if (unformat (i, "ipv4")) + { + vec_validate_macip_acl_rules(rules, rule_idx); + rules[rule_idx].is_ipv6 = 0; + } + else if (unformat (i, "permit")) { vec_validate_macip_acl_rules(rules, rule_idx); rules[rule_idx].is_permit = 1; @@ -1198,9 +1213,9 @@ static int api_macip_acl_add (vat_main_t * vam) if (src_prefix_length == 0) src_prefix_length = 32; vec_validate_macip_acl_rules(rules, rule_idx); - memcpy (rules[rule_idx].src_prefix.address.un.ip4, &src_v4address, 4); - rules[rule_idx].src_prefix.address.af = ADDRESS_IP4; - rules[rule_idx].src_prefix.len = src_prefix_length; + memcpy (rules[rule_idx].src_ip_addr, &src_v4address, 4); + rules[rule_idx].src_ip_prefix_len = src_prefix_length; + rules[rule_idx].is_ipv6 = 0; } else if (unformat (i, "src")) { @@ -1214,9 +1229,9 @@ static int api_macip_acl_add (vat_main_t * vam) if (src_prefix_length == 0) src_prefix_length = 128; vec_validate_macip_acl_rules(rules, rule_idx); - memcpy (rules[rule_idx].src_prefix.address.un.ip4, &src_v6address, 4); - rules[rule_idx].src_prefix.address.af = ADDRESS_IP6; - rules[rule_idx].src_prefix.len = src_prefix_length; + memcpy (rules[rule_idx].src_ip_addr, &src_v6address, 16); + rules[rule_idx].src_ip_prefix_len = src_prefix_length; + rules[rule_idx].is_ipv6 = 1; } else if (unformat (i, "mac %U", my_unformat_mac_address, &src_mac)) @@ -1308,7 +1323,17 @@ static int api_macip_acl_add_replace (vat_main_t * vam) while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT) { - if (unformat (i, "permit")) + if (unformat (i, "ipv6")) + { + vec_validate_macip_acl_rules(rules, rule_idx); + rules[rule_idx].is_ipv6 = 1; + } + else if (unformat (i, "ipv4")) + { + vec_validate_macip_acl_rules(rules, rule_idx); + rules[rule_idx].is_ipv6 = 0; + } + else if (unformat (i, "permit")) { vec_validate_macip_acl_rules(rules, rule_idx); rules[rule_idx].is_permit = 1; @@ -1328,32 +1353,32 @@ static int api_macip_acl_add_replace (vat_main_t * vam) rules[rule_idx].is_permit = action; } else if (unformat (i, "ip %U/%d", - unformat_ip4_address, &src_v4address, &src_prefix_length) || - unformat (i, "ip %U", - unformat_ip4_address, &src_v4address)) + unformat_ip4_address, &src_v4address, &src_prefix_length) || + unformat (i, "ip %U", + unformat_ip4_address, &src_v4address)) { - if (src_prefix_length == 0) - src_prefix_length = 32; - vec_validate_macip_acl_rules(rules, rule_idx); - memcpy (rules[rule_idx].src_prefix.address.un.ip4, &src_v4address, 4); - rules[rule_idx].src_prefix.address.af = ADDRESS_IP4; - rules[rule_idx].src_prefix.len = src_prefix_length; + if (src_prefix_length == 0) + src_prefix_length = 32; + vec_validate_macip_acl_rules(rules, rule_idx); + memcpy (rules[rule_idx].src_ip_addr, &src_v4address, 4); + rules[rule_idx].src_ip_prefix_len = src_prefix_length; + rules[rule_idx].is_ipv6 = 0; } else if (unformat (i, "src")) { - /* Everything in MACIP is "source" but allow this verbosity */ + /* Everything in MACIP is "source" but allow this verbosity */ } else if (unformat (i, "ip %U/%d", - unformat_ip6_address, &src_v6address, &src_prefix_length) || - unformat (i, "ip %U", - unformat_ip6_address, &src_v6address)) + unformat_ip6_address, &src_v6address, &src_prefix_length) || + unformat (i, "ip %U", + unformat_ip6_address, &src_v6address)) { if (src_prefix_length == 0) - src_prefix_length = 128; + src_prefix_length = 128; vec_validate_macip_acl_rules(rules, rule_idx); - memcpy (rules[rule_idx].src_prefix.address.un.ip4, &src_v6address, 4); - rules[rule_idx].src_prefix.address.af = ADDRESS_IP6; - rules[rule_idx].src_prefix.len = src_prefix_length; + memcpy (rules[rule_idx].src_ip_addr, &src_v6address, 16); + rules[rule_idx].src_ip_prefix_len = src_prefix_length; + rules[rule_idx].is_ipv6 = 1; } else if (unformat (i, "mac %U", my_unformat_mac_address, &src_mac)) |