aboutsummaryrefslogtreecommitdiffstats
path: root/src/plugins/acl
diff options
context:
space:
mode:
Diffstat (limited to 'src/plugins/acl')
-rw-r--r--src/plugins/acl/CMakeLists.txt3
-rw-r--r--src/plugins/acl/acl.api22
-rw-r--r--src/plugins/acl/acl.c53
-rw-r--r--src/plugins/acl/acl_test.c1
-rw-r--r--src/plugins/acl/manual_fns.h433
5 files changed, 50 insertions, 462 deletions
diff --git a/src/plugins/acl/CMakeLists.txt b/src/plugins/acl/CMakeLists.txt
index 78cc818d1ea..c43dd23ea51 100644
--- a/src/plugins/acl/CMakeLists.txt
+++ b/src/plugins/acl/CMakeLists.txt
@@ -30,7 +30,4 @@ add_vpp_plugin(acl
API_TEST_SOURCES
acl_test.c
-
- INSTALL_HEADERS
- manual_fns.h
)
diff --git a/src/plugins/acl/acl.api b/src/plugins/acl/acl.api
index 25c231db82a..a4706c3e529 100644
--- a/src/plugins/acl/acl.api
+++ b/src/plugins/acl/acl.api
@@ -102,7 +102,7 @@ define acl_plugin_get_conn_table_max_entries_reply
@r - Rules for this access-list
*/
-manual_print manual_endian define acl_add_replace
+ define acl_add_replace
{
u32 client_index;
u32 context;
@@ -132,7 +132,7 @@ define acl_add_replace_reply
@param acl_index - ACL index to delete
*/
-autoreply manual_print define acl_del
+autoreply define acl_del
{
u32 client_index;
u32 context;
@@ -151,7 +151,7 @@ autoreply manual_print define acl_del
@param acl_index - index of ACL for the operation
*/
-autoreply manual_print define acl_interface_add_del
+autoreply define acl_interface_add_del
{
u32 client_index;
u32 context;
@@ -175,7 +175,7 @@ autoreply manual_print define acl_interface_add_del
@param acls - vector of ACL indices
*/
-autoreply manual_print define acl_interface_set_acl_list
+autoreply define acl_interface_set_acl_list
{
u32 client_index;
u32 context;
@@ -213,7 +213,7 @@ define acl_dump
@param r - Array of rules within this ACL
*/
-manual_endian manual_print define acl_details
+define acl_details
{
u32 context;
u32 acl_index;
@@ -261,7 +261,7 @@ define acl_interface_list_details
@param r - vector of MACIP ACL rules
*/
-manual_endian manual_print define macip_acl_add
+define macip_acl_add
{
u32 client_index;
u32 context;
@@ -293,7 +293,7 @@ define macip_acl_add_reply
@param r - vector of MACIP ACL rules
*/
-manual_endian manual_print define macip_acl_add_replace
+define macip_acl_add_replace
{
u32 client_index;
u32 context;
@@ -323,7 +323,7 @@ define macip_acl_add_replace_reply
@param acl_index - MACIP ACL index to delete
*/
-autoreply manual_print define macip_acl_del
+autoreply define macip_acl_del
{
u32 client_index;
u32 context;
@@ -339,7 +339,7 @@ autoreply manual_print define macip_acl_del
@param acl_index - MACIP ACL index
*/
-autoreply manual_print define macip_acl_interface_add_del
+autoreply define macip_acl_interface_add_del
{
u32 client_index;
u32 context;
@@ -372,7 +372,7 @@ define macip_acl_dump
@param r - rules comprising this MACIP ACL
*/
-manual_endian manual_print define macip_acl_details
+ define macip_acl_details
{
u32 context;
u32 acl_index;
@@ -442,7 +442,7 @@ define macip_acl_interface_list_details
@param whitelist - vector of whitelisted ethertypes
*/
-autoreply manual_print define acl_interface_set_etype_whitelist
+autoreply define acl_interface_set_etype_whitelist
{
u32 client_index;
u32 context;
diff --git a/src/plugins/acl/acl.c b/src/plugins/acl/acl.c
index b4770a70db0..b18e8515cde 100644
--- a/src/plugins/acl/acl.c
+++ b/src/plugins/acl/acl.c
@@ -25,6 +25,9 @@
#include <vpp/app/version.h>
#include <vnet/ethernet/ethernet_types_api.h>
+#include <vnet/ip/format.h>
+#include <vnet/ethernet/ethernet.h>
+#include <vnet/ip/ip_types_api.h>
#include <vlibapi/api.h>
#include <vlibmemory/api.h>
@@ -34,7 +37,6 @@
#include <acl/acl.api_types.h>
#define vl_print(handle, ...) vlib_cli_output (handle, __VA_ARGS__)
-#include "manual_fns.h"
#include "fa_node.h"
#include "public_inlines.h"
@@ -132,6 +134,26 @@ print_cli_and_reset (vlib_main_t * vm, u8 * out0)
typedef void (*acl_vector_print_func_t) (vlib_main_t * vm, u8 * out0);
+static inline u8 *
+format_acl_action (u8 * s, u8 action)
+{
+ switch (action)
+ {
+ case 0:
+ s = format (s, "deny");
+ break;
+ case 1:
+ s = format (s, "permit");
+ break;
+ case 2:
+ s = format (s, "permit+reflect");
+ break;
+ default:
+ s = format (s, "action %d", action);
+ }
+ return (s);
+}
+
static void
acl_print_acl_x (acl_vector_print_func_t vpr, vlib_main_t * vm,
acl_main_t * am, int acl_index)
@@ -629,16 +651,16 @@ acl_interface_set_inout_acl_list (acl_main_t * am, u32 sw_if_index,
u32 **pinout_lc_index_by_sw_if_index =
- is_input ? &am->
- input_lc_index_by_sw_if_index : &am->output_lc_index_by_sw_if_index;
+ is_input ? &am->input_lc_index_by_sw_if_index : &am->
+ output_lc_index_by_sw_if_index;
u32 ***pinout_acl_vec_by_sw_if_index =
- is_input ? &am->
- input_acl_vec_by_sw_if_index : &am->output_acl_vec_by_sw_if_index;
+ is_input ? &am->input_acl_vec_by_sw_if_index : &am->
+ output_acl_vec_by_sw_if_index;
u32 ***pinout_sw_if_index_vec_by_acl =
- is_input ? &am->
- input_sw_if_index_vec_by_acl : &am->output_sw_if_index_vec_by_acl;
+ is_input ? &am->input_sw_if_index_vec_by_acl : &am->
+ output_sw_if_index_vec_by_acl;
vec_validate ((*pinout_acl_vec_by_sw_if_index), sw_if_index);
@@ -713,7 +735,9 @@ acl_interface_set_inout_acl_list (acl_main_t * am, u32 sw_if_index,
{
if (~0 != (*pinout_lc_index_by_sw_if_index)[sw_if_index])
{
- acl_plugin.put_lookup_context_index ((*pinout_lc_index_by_sw_if_index)[sw_if_index]);
+ acl_plugin.
+ put_lookup_context_index ((*pinout_lc_index_by_sw_if_index)
+ [sw_if_index]);
(*pinout_lc_index_by_sw_if_index)[sw_if_index] = ~0;
}
}
@@ -750,8 +774,8 @@ acl_interface_add_del_inout_acl (u32 sw_if_index, u8 is_add, u8 is_input,
: VNET_API_ERROR_ACL_IN_USE_OUTBOUND;
u32 ***pinout_acl_vec_by_sw_if_index =
- is_input ? &am->
- input_acl_vec_by_sw_if_index : &am->output_acl_vec_by_sw_if_index;
+ is_input ? &am->input_acl_vec_by_sw_if_index : &am->
+ output_acl_vec_by_sw_if_index;
int rv = 0;
if (is_add)
{
@@ -1435,9 +1459,9 @@ macip_create_classify_tables (acl_main_t * am, u32 macip_acl_index)
vnet_classify_add_del_session (cm, tag_table,
mask,
- a->
- rules[i].is_permit ? ~0 : 0,
- i, 0, action, metadata, 1);
+ a->rules[i].
+ is_permit ? ~0 : 0, i, 0,
+ action, metadata, 1);
}
}
}
@@ -2280,7 +2304,8 @@ static void
if (~0 != am->macip_acl_by_sw_if_index[sw_if_index])
{
send_macip_acl_interface_list_details (am, reg, sw_if_index,
- am->macip_acl_by_sw_if_index
+ am->
+ macip_acl_by_sw_if_index
[sw_if_index],
mp->context);
}
diff --git a/src/plugins/acl/acl_test.c b/src/plugins/acl/acl_test.c
index c139b325568..79058cdc268 100644
--- a/src/plugins/acl/acl_test.c
+++ b/src/plugins/acl/acl_test.c
@@ -37,7 +37,6 @@ uword unformat_sw_if_index (unformat_input_t * input, va_list * args);
#include <acl/acl.api_enum.h>
#include <acl/acl.api_types.h>
#define vl_print(handle, ...)
-#include <acl/manual_fns.h>
#undef vl_print
#define vl_endianfun /* define message structures */
#include <acl/acl.api.h>
diff --git a/src/plugins/acl/manual_fns.h b/src/plugins/acl/manual_fns.h
deleted file mode 100644
index f2585a9985d..00000000000
--- a/src/plugins/acl/manual_fns.h
+++ /dev/null
@@ -1,433 +0,0 @@
-/*
- * Copyright (c) 2016 Cisco and/or its affiliates.
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at:
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#ifndef included_manual_fns_h
-#define included_manual_fns_h
-
-#include <vnet/ip/format.h>
-#include <vnet/ethernet/ethernet.h>
-#include <vnet/ip/ip_types_api.h>
-
-#define vl_endianfun /* define message structures */
-#include <acl/acl_types.api.h>
-#undef vl_endianfun
-
-/* Macro to finish up custom dump fns */
-#define PRINT_S \
- vec_add1 (s, 0); \
- vl_print (handle, (char *)s); \
- vec_free (s);
-
-static inline void
-vl_api_acl_rule_t_array_endian(vl_api_acl_rule_t *rules, u32 count)
-{
- u32 i;
- for(i=0; i<count; i++) {
- vl_api_acl_rule_t_endian (&rules[i]);
- }
-}
-
-static inline void
-vl_api_macip_acl_rule_t_array_endian(vl_api_macip_acl_rule_t *rules, u32 count)
-{
- u32 i;
- for(i=0; i<count; i++) {
- vl_api_macip_acl_rule_t_endian (&rules[i]);
- }
-}
-
-static inline void
-vl_api_acl_details_t_endian (vl_api_acl_details_t * a)
-{
- a->_vl_msg_id = clib_net_to_host_u16 (a->_vl_msg_id);
- a->context = clib_net_to_host_u32 (a->context);
- a->acl_index = clib_net_to_host_u32 (a->acl_index);
- /* a->tag[0..63] = a->tag[0..63] (no-op) */
- a->count = clib_net_to_host_u32 (a->count);
- vl_api_acl_rule_t_array_endian (a->r, a->count);
-}
-
-static inline void
-vl_api_macip_acl_details_t_endian (vl_api_macip_acl_details_t * a)
-{
- a->_vl_msg_id = clib_net_to_host_u16 (a->_vl_msg_id);
- a->context = clib_net_to_host_u32 (a->context);
- a->acl_index = clib_net_to_host_u32 (a->acl_index);
- /* a->tag[0..63] = a->tag[0..63] (no-op) */
- a->count = clib_net_to_host_u32 (a->count);
- vl_api_macip_acl_rule_t_array_endian (a->r, a->count);
-}
-
-
-static inline void
-vl_api_acl_add_replace_t_endian (vl_api_acl_add_replace_t * a)
-{
- a->_vl_msg_id = clib_net_to_host_u16 (a->_vl_msg_id);
- a->client_index = clib_net_to_host_u32 (a->client_index);
- a->context = clib_net_to_host_u32 (a->context);
- a->acl_index = clib_net_to_host_u32 (a->acl_index);
- /* a->tag[0..63] = a->tag[0..63] (no-op) */
- a->count = clib_net_to_host_u32 (a->count);
- vl_api_acl_rule_t_array_endian (a->r, a->count);
-}
-
-static inline void
-vl_api_macip_acl_add_t_endian (vl_api_macip_acl_add_t * a)
-{
- a->_vl_msg_id = clib_net_to_host_u16 (a->_vl_msg_id);
- a->client_index = clib_net_to_host_u32 (a->client_index);
- a->context = clib_net_to_host_u32 (a->context);
- /* a->tag[0..63] = a->tag[0..63] (no-op) */
- a->count = clib_net_to_host_u32 (a->count);
- vl_api_macip_acl_rule_t_array_endian (a->r, a->count);
-}
-
-static inline void
-vl_api_macip_acl_add_replace_t_endian (vl_api_macip_acl_add_replace_t * a)
-{
- a->_vl_msg_id = clib_net_to_host_u16 (a->_vl_msg_id);
- a->client_index = clib_net_to_host_u32 (a->client_index);
- a->context = clib_net_to_host_u32 (a->context);
- a->acl_index = clib_net_to_host_u32 (a->acl_index);
- /* a->tag[0..63] = a->tag[0..63] (no-op) */
- a->count = clib_net_to_host_u32 (a->count);
- vl_api_macip_acl_rule_t_array_endian (a->r, a->count);
-}
-
-static inline u8 *
-format_acl_action(u8 *s, u8 action)
-{
- switch(action) {
- case 0:
- s = format (s, "deny");
- break;
- case 1:
- s = format (s, "permit");
- break;
- case 2:
- s = format (s, "permit+reflect");
- break;
- default:
- s = format (s, "action %d", action);
- }
- return(s);
-}
-
-static inline void *
-vl_api_acl_rule_t_print (vl_api_acl_rule_t * a, void *handle)
-{
- u8 *s;
- ip_prefix_t src, dst;
-
- ip_prefix_decode2 (&a->src_prefix, &src);
- ip_prefix_decode2 (&a->dst_prefix, &dst);
-
- s = format (0, " %s ", a->src_prefix.address.af ? "ipv6" : "ipv4");
- s = format_acl_action (s, a->is_permit);
- s = format (s, " \\\n");
-
- s = format (s, " src %U dst %U \\\n",
- format_ip_prefix, &src,
- format_ip_prefix, &dst);
- s = format (s, " proto %d \\\n", a->proto);
- s = format (s, " sport %d-%d dport %d-%d \\\n",
- clib_net_to_host_u16 (a->srcport_or_icmptype_first),
- clib_net_to_host_u16 (a->srcport_or_icmptype_last),
- clib_net_to_host_u16 (a->dstport_or_icmpcode_first),
- clib_net_to_host_u16 (a->dstport_or_icmpcode_last));
-
- s = format (s, " tcpflags %u mask %u, \\",
- a->tcp_flags_value, a->tcp_flags_mask);
- PRINT_S;
- return handle;
-}
-
-static inline void *
-vl_api_macip_acl_rule_t_print (vl_api_macip_acl_rule_t * a, void *handle)
-{
- u8 *s;
- ip_prefix_t src;
-
- ip_prefix_decode2 (&a->src_prefix, &src);
-
- s = format (0, " %s %s \\\n", a->src_prefix.address.af ? "ipv6" : "ipv4",
- a->is_permit ? "permit" : "deny");
-
- s = format (s, " src mac %U mask %U \\\n",
- format_ethernet_address, a->src_mac,
- format_ethernet_address, a->src_mac_mask);
-
- s = format (s, " src ip %U, \\",
- format_ip_prefix, &src);
-
- PRINT_S;
- return handle;
-}
-
-static inline void *
-vl_api_acl_add_replace_t_print (vl_api_acl_add_replace_t * a, void *handle)
-{
- u8 *s = 0;
- int i;
- u32 acl_index = clib_net_to_host_u32 (a->acl_index);
- u32 count = clib_net_to_host_u32 (a->count);
- if (count > 0x100000)
- {
- s = format (s, "WARN: acl_add_replace count endianness wrong? Fixup to avoid long loop.\n");
- count = a->count;
- }
-
- s = format (s, "SCRIPT: acl_add_replace %d count %d ",
- acl_index, count);
-
- if (a->tag[0])
- s = format (s, "tag %s ", a->tag);
-
- s = format(s, "\\\n");
- PRINT_S;
-
- for (i = 0; i < count; i++)
- vl_api_acl_rule_t_print (&a->r[i], handle);
-
- s = format(s, "\n");
- PRINT_S;
- return handle;
-}
-
-static inline void *
-vl_api_acl_del_t_print (vl_api_macip_acl_del_t * a, void *handle)
-{
- u8 *s;
-
- s = format (0, "SCRIPT: acl_del %d ",
- clib_host_to_net_u32 (a->acl_index));
-
- PRINT_S;
- return handle;
-}
-
-
-static inline void *
-vl_api_acl_details_t_print (vl_api_acl_details_t * a, void *handle)
-{
- u8 *s = 0;
- int i;
- u32 acl_index = clib_net_to_host_u32 (a->acl_index);
- u32 count = clib_net_to_host_u32 (a->count);
- if (count > 0x100000)
- {
- s = format (s, "WARN: acl_details count endianness wrong? Fixup to avoid long loop.\n");
- count = a->count;
- }
-
- s = format (s, "acl_details index %d count %d ",
- acl_index, count);
-
- if (a->tag[0])
- s = format (s, "tag %s ", a->tag);
-
- s = format(s, "\n");
- PRINT_S;
-
- for (i = 0; i < count; i++)
- vl_api_acl_rule_t_print (&a->r[i], handle);
-
- return handle;
-}
-
-static inline void *
-vl_api_macip_acl_details_t_print (vl_api_macip_acl_details_t * a,
- void *handle)
-{
- u8 *s = 0;
- int i;
- u32 acl_index = clib_net_to_host_u32 (a->acl_index);
- u32 count = clib_net_to_host_u32 (a->count);
- if (count > 0x100000)
- {
- s = format (s, "WARN: macip_acl_details count endianness wrong? Fixup to avoid long loop.\n");
- count = a->count;
- }
-
- s = format (s, "macip_acl_details index %d count %d ",
- acl_index, count);
-
- if (a->tag[0])
- s = format (s, "tag %s ", a->tag);
-
- s = format(s, "\n");
- PRINT_S;
-
- for (i = 0; i < count; i++)
- vl_api_macip_acl_rule_t_print (&a->r[i], handle);
-
- return handle;
-}
-
-static inline void *
-vl_api_macip_acl_add_t_print (vl_api_macip_acl_add_t * a, void *handle)
-{
- u8 *s = 0;
- int i;
- u32 count = clib_net_to_host_u32 (a->count);
- if (count > 0x100000)
- {
- s = format (s, "WARN: macip_acl_add count endianness wrong? Fixup to avoid long loop.\n");
- count = a->count;
- }
-
- s = format (s, "SCRIPT: macip_acl_add ");
- if (a->tag[0])
- s = format (s, "tag %s ", a->tag);
-
- s = format (s, "count %d \\\n", count);
-
- PRINT_S;
-
- for (i = 0; i < count; i++)
- vl_api_macip_acl_rule_t_print (&a->r[i], handle);
-
- s = format (0, "\n");
- PRINT_S;
-
- return handle;
-}
-
-static inline void *
-vl_api_macip_acl_add_replace_t_print (vl_api_macip_acl_add_replace_t * a, void *handle)
-{
- u8 *s = 0;
- int i;
- u32 acl_index = clib_net_to_host_u32 (a->acl_index);
- u32 count = clib_net_to_host_u32 (a->count);
- if (count > 0x100000)
- {
- s = format (s, "WARN: macip_acl_add_replace count endianness wrong? Fixup to avoid long loop.\n");
- count = a->count;
- }
-
- s = format (s, "SCRIPT: macip_acl_add_replace %d count %d ",
- acl_index, count);
- if (a->tag[0])
- s = format (s, "tag %s ", a->tag);
-
- s = format (s, "count %d \\\n", count);
-
- PRINT_S;
-
- for (i = 0; i < count; i++)
- vl_api_macip_acl_rule_t_print (&a->r[i], handle);
-
- s = format (0, "\n");
- PRINT_S;
-
- return handle;
-}
-
-static inline void *
-vl_api_acl_interface_set_acl_list_t_print (vl_api_acl_interface_set_acl_list_t
- * a, void *handle)
-{
- u8 *s;
- int i;
-
- s = format
- (0, "SCRIPT: acl_interface_set_acl_list sw_if_index %d count %d\n",
- clib_net_to_host_u32 (a->sw_if_index), (u32) a->count);
-
- s = format (s, " input ");
-
- for (i = 0; i < a->count; i++)
- {
- if (i == a->n_input)
- s = format (s, "output ");
- s = format (s, "%d ", clib_net_to_host_u32 (a->acls[i]));
- }
-
- PRINT_S;
- return handle;
-}
-
-static inline void *
-vl_api_acl_interface_set_etype_whitelist_t_print (vl_api_acl_interface_set_etype_whitelist_t
- * a, void *handle)
-{
- u8 *s;
- int i;
-
- s = format
- (0, "SCRIPT: acl_interface_set_etype_whitelist sw_if_index %d count %d\n",
- clib_net_to_host_u32 (a->sw_if_index), (u32) a->count);
-
- s = format (s, " input ");
-
- for (i = 0; i < a->count; i++)
- {
- if (i == a->n_input)
- s = format (s, "output ");
- s = format (s, "%x ", clib_net_to_host_u16 (a->whitelist[i]));
- }
-
- PRINT_S;
- return handle;
-}
-
-static inline void *
-vl_api_acl_interface_add_del_t_print (vl_api_acl_interface_add_del_t * a,
- void *handle)
-{
- u8 *s;
-
- s = format (0, "SCRIPT: acl_interface_add_del sw_if_index %d acl %d ",
- clib_net_to_host_u32 (a->sw_if_index),
- clib_net_to_host_u32 (a->acl_index));
- s = format (s, "%s %s",
- a->is_input ? "input" : "output", a->is_add ? "add" : "del");
-
- PRINT_S;
- return handle;
-}
-
-static inline void *vl_api_macip_acl_interface_add_del_t_print
- (vl_api_macip_acl_interface_add_del_t * a, void *handle)
-{
- u8 *s;
-
- s = format
- (0,
- "SCRIPT: macip_acl_interface_add_del sw_if_index %d acl_index %d ",
- clib_net_to_host_u32 (a->sw_if_index),
- clib_net_to_host_u32 (a->acl_index));
- s = format (s, "%s", a->is_add ? "add" : "del");
-
- PRINT_S;
- return handle;
-}
-
-
-static inline void *
-vl_api_macip_acl_del_t_print (vl_api_macip_acl_del_t * a, void *handle)
-{
- u8 *s;
-
- s = format (0, "SCRIPT: macip_acl_del %d ",
- clib_host_to_net_u32 (a->acl_index));
-
- PRINT_S;
- return handle;
-}
-
-
-#endif /* included_manual_fns_h */