diff options
Diffstat (limited to 'src/plugins/acl')
-rw-r--r-- | src/plugins/acl/acl.api | 23 | ||||
-rw-r--r-- | src/plugins/acl/acl.c | 29 | ||||
-rw-r--r-- | src/plugins/acl/acl_test.c | 36 |
3 files changed, 83 insertions, 5 deletions
diff --git a/src/plugins/acl/acl.api b/src/plugins/acl/acl.api index b58ed76673a..cde46c444dd 100644 --- a/src/plugins/acl/acl.api +++ b/src/plugins/acl/acl.api @@ -19,7 +19,7 @@ used to control the ACL plugin */ -option version = "1.0.0"; +option version = "1.0.1"; /** \brief Get the plugin version @param client_index - opaque cookie to identify the sender @@ -69,6 +69,27 @@ define acl_plugin_control_ping_reply u32 vpe_pid; }; +/** \brief Get Connection table max entries + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request +*/ + +define acl_plugin_get_conn_table_max_entries +{ + u32 client_index; + u32 context; +}; + +/** \brief Reply to get connection table max entries + @param context - sender context, to match reply w/ request + @param conn_table_max_entries - the value of maximum entries of connection table +*/ +define acl_plugin_get_conn_table_max_entries_reply +{ + u32 context; + u64 conn_table_max_entries; +}; + /** \brief Access List Rule entry @param is_permit - deny (0), permit (1), or permit+reflect(2) action on this rule. @param is_ipv6 - IP addresses in this rule are IPv6 (1) or IPv4 (0) diff --git a/src/plugins/acl/acl.c b/src/plugins/acl/acl.c index d4cbeb2ef0d..1e040b6a036 100644 --- a/src/plugins/acl/acl.c +++ b/src/plugins/acl/acl.c @@ -85,7 +85,8 @@ _(MACIP_ACL_DUMP, macip_acl_dump) \ _(MACIP_ACL_INTERFACE_GET, macip_acl_interface_get) \ _(MACIP_ACL_INTERFACE_LIST_DUMP, macip_acl_interface_list_dump) \ _(ACL_INTERFACE_SET_ETYPE_WHITELIST, acl_interface_set_etype_whitelist) \ -_(ACL_INTERFACE_ETYPE_WHITELIST_DUMP, acl_interface_etype_whitelist_dump) +_(ACL_INTERFACE_ETYPE_WHITELIST_DUMP, acl_interface_etype_whitelist_dump) \ +_(ACL_PLUGIN_GET_CONN_TABLE_MAX_ENTRIES,acl_plugin_get_conn_table_max_entries) /* *INDENT-OFF* */ @@ -297,6 +298,32 @@ acl_print_acl_x (acl_vector_print_func_t vpr, vlib_main_t * vm, } static void + vl_api_acl_plugin_get_conn_table_max_entries_t_handler + (vl_api_acl_plugin_get_conn_table_max_entries_t * mp) +{ + acl_main_t *am = &acl_main; + vl_api_acl_plugin_get_conn_table_max_entries_reply_t *rmp; + int msg_size = sizeof (*rmp); + unix_shared_memory_queue_t *q; + + q = vl_api_client_index_to_input_queue (mp->client_index); + if (q == 0) + { + return; + } + + rmp = vl_msg_api_alloc (msg_size); + memset (rmp, 0, msg_size); + rmp->_vl_msg_id = + ntohs (VL_API_ACL_PLUGIN_GET_CONN_TABLE_MAX_ENTRIES_REPLY + + am->msg_id_base); + rmp->context = mp->context; + rmp->conn_table_max_entries = __bswap_64 (am->fa_conn_table_max_entries); + + vl_msg_api_send_shmem (q, (u8 *) & rmp); +} + +static void acl_print_acl (vlib_main_t * vm, acl_main_t * am, int acl_index) { acl_print_acl_x (print_cli_and_reset, vm, am, acl_index); diff --git a/src/plugins/acl/acl_test.c b/src/plugins/acl/acl_test.c index ef98f79351f..19a6f915381 100644 --- a/src/plugins/acl/acl_test.c +++ b/src/plugins/acl/acl_test.c @@ -175,7 +175,14 @@ static void vl_api_acl_interface_etype_whitelist_details_t_handler vam->result_ready = 1; } - +static void vl_api_acl_plugin_get_conn_table_max_entries_reply_t_handler + (vl_api_acl_plugin_get_conn_table_max_entries_reply_t * mp) + { + vat_main_t * vam = acl_test_main.vat_main; + clib_warning("\nConn table max entries: %d", + __bswap_64(mp->conn_table_max_entries) ); + vam->result_ready = 1; + } static inline u8 * vl_api_acl_rule_t_pretty_format (u8 *out, vl_api_acl_rule_t * a) @@ -302,7 +309,8 @@ _(MACIP_ACL_DETAILS, macip_acl_details) \ _(MACIP_ACL_INTERFACE_ADD_DEL_REPLY, macip_acl_interface_add_del_reply) \ _(MACIP_ACL_INTERFACE_GET_REPLY, macip_acl_interface_get_reply) \ _(ACL_PLUGIN_CONTROL_PING_REPLY, acl_plugin_control_ping_reply) \ -_(ACL_PLUGIN_GET_VERSION_REPLY, acl_plugin_get_version_reply) +_(ACL_PLUGIN_GET_VERSION_REPLY, acl_plugin_get_version_reply) \ +_(ACL_PLUGIN_GET_CONN_TABLE_MAX_ENTRIES_REPLY,acl_plugin_get_conn_table_max_entries_reply) static int api_acl_plugin_get_version (vat_main_t * vam) { @@ -545,6 +553,27 @@ static int api_acl_add_replace (vat_main_t * vam) return ret; } +static int api_acl_plugin_get_conn_table_max_entries (vat_main_t * vam) +{ + acl_test_main_t * sm = &acl_test_main; + vl_api_acl_plugin_get_conn_table_max_entries_t * mp; + u32 msg_size = sizeof(*mp); + int ret; + + vam->result_ready = 0; + mp = vl_msg_api_alloc_as_if_client(msg_size); + memset (mp, 0, msg_size); + mp->_vl_msg_id = ntohs (VL_API_ACL_PLUGIN_GET_CONN_TABLE_MAX_ENTRIES + sm->msg_id_base); + mp->client_index = vam->my_client_index; + + /* send it... */ + S(mp); + + /* Wait for a reply... */ + W (ret); + return ret; +} + /* * Read the series of ACL entries from file in the following format: @@ -1455,7 +1484,8 @@ _(macip_acl_add_replace, "<acl-idx> [<ipv4|ipv6> <permit|deny|action N> [count < _(macip_acl_del, "<acl-idx>")\ _(macip_acl_dump, "[<acl-idx>]") \ _(macip_acl_interface_add_del, "<intfc> | sw_if_index <if-idx> [add|del] acl <acl-idx>") \ -_(macip_acl_interface_get, "") +_(macip_acl_interface_get, "") \ +_(acl_plugin_get_conn_table_max_entries, "") static |