summaryrefslogtreecommitdiffstats
path: root/src/plugins/acl
diff options
context:
space:
mode:
Diffstat (limited to 'src/plugins/acl')
-rw-r--r--src/plugins/acl/acl.api22
-rw-r--r--src/plugins/acl/acl.c2
-rw-r--r--src/plugins/acl/acl_all_api_h.h302
-rw-r--r--src/plugins/acl/acl_test.c30
-rw-r--r--src/plugins/acl/manual_fns.h348
5 files changed, 388 insertions, 316 deletions
diff --git a/src/plugins/acl/acl.api b/src/plugins/acl/acl.api
index 58a5a17180e..d981338d38c 100644
--- a/src/plugins/acl/acl.api
+++ b/src/plugins/acl/acl.api
@@ -60,7 +60,7 @@ define acl_plugin_get_version_reply
@param tcp_flags_value - if proto==6, mask to AND the TCP flags in the packet with
*/
-typeonly manual_print manual_endian define acl_rule
+typeonly manual_print define acl_rule
{
u8 is_permit;
u8 is_ipv6;
@@ -104,7 +104,7 @@ typeonly manual_print manual_endian define acl_rule
@param src_ip_prefix_len - Source prefix length
*/
-typeonly manual_print manual_endian define macip_acl_rule
+typeonly manual_print define macip_acl_rule
{
u8 is_permit;
u8 is_ipv6;
@@ -161,7 +161,7 @@ define acl_add_replace_reply
@param acl_index - ACL index to delete
*/
-define acl_del
+manual_print define acl_del
{
u32 client_index;
u32 context;
@@ -190,7 +190,7 @@ define acl_del_reply
@param acl_index - index of ACL for the operation
*/
-define acl_interface_add_del
+manual_print define acl_interface_add_del
{
u32 client_index;
u32 context;
@@ -224,7 +224,7 @@ define acl_interface_add_del_reply
@param acls - vector of ACL indices
*/
-manual_endian define acl_interface_set_acl_list
+manual_print define acl_interface_set_acl_list
{
u32 client_index;
u32 context;
@@ -266,7 +266,7 @@ define acl_dump
@param r - Array of rules within this ACL
*/
-manual_print manual_endian define acl_details
+manual_endian manual_print define acl_details
{
u32 context;
u32 acl_index;
@@ -296,7 +296,7 @@ define acl_interface_list_dump
@param acls - the vector of ACL indices
*/
-manual_endian define acl_interface_list_details
+define acl_interface_list_details
{
u32 context;
u32 sw_if_index;
@@ -313,7 +313,7 @@ manual_endian define acl_interface_list_details
@param r - vector of MACIP ACL rules
*/
-manual_print manual_endian define macip_acl_add
+manual_endian manual_print define macip_acl_add
{
u32 client_index;
u32 context;
@@ -341,7 +341,7 @@ define macip_acl_add_reply
@param acl_index - MACIP ACL index to delete
*/
-define macip_acl_del
+manual_print define macip_acl_del
{
u32 client_index;
u32 context;
@@ -367,7 +367,7 @@ define macip_acl_del_reply
@param acl_index - MACIP ACL index
*/
-define macip_acl_interface_add_del
+manual_print define macip_acl_interface_add_del
{
u32 client_index;
u32 context;
@@ -409,7 +409,7 @@ define macip_acl_dump
@param r - rules comprising this ACL
*/
-manual_print manual_endian define macip_acl_details
+manual_endian manual_print define macip_acl_details
{
u32 context;
u32 acl_index;
diff --git a/src/plugins/acl/acl.c b/src/plugins/acl/acl.c
index 5d0b6c25229..6657d370e63 100644
--- a/src/plugins/acl/acl.c
+++ b/src/plugins/acl/acl.c
@@ -1767,8 +1767,6 @@ vl_api_macip_acl_interface_get_t_handler (vl_api_macip_acl_interface_get_t *
vl_msg_api_send_shmem (q, (u8 *) & rmp);
}
-
-
/* Set up the API message handling tables */
static clib_error_t *
acl_plugin_api_hookup (vlib_main_t * vm)
diff --git a/src/plugins/acl/acl_all_api_h.h b/src/plugins/acl/acl_all_api_h.h
index 96eca56d31c..cb781cfd286 100644
--- a/src/plugins/acl/acl_all_api_h.h
+++ b/src/plugins/acl/acl_all_api_h.h
@@ -16,306 +16,6 @@
#include <acl/acl.api.h>
#ifdef vl_printfun
-
-#ifdef LP64
-#define _uword_fmt "%lld"
-#define _uword_cast (long long)
-#else
-#define _uword_fmt "%ld"
-#define _uword_cast long
+#include <acl/manual_fns.h>
#endif
-static inline void *
-vl_api_acl_rule_t_print (vl_api_acl_rule_t * a, void *handle)
-{
- vl_print (handle, "vl_api_acl_rule_t:\n");
- vl_print (handle, "is_permit: %u\n", (unsigned) a->is_permit);
- vl_print (handle, "is_ipv6: %u\n", (unsigned) a->is_ipv6);
- {
- int _i;
- for (_i = 0; _i < 16; _i++)
- {
- vl_print (handle, "src_ip_addr[%d]: %u\n", _i, a->src_ip_addr[_i]);
- }
- }
- vl_print (handle, "src_ip_prefix_len: %u\n",
- (unsigned) a->src_ip_prefix_len);
- {
- int _i;
- for (_i = 0; _i < 16; _i++)
- {
- vl_print (handle, "dst_ip_addr[%d]: %u\n", _i, a->dst_ip_addr[_i]);
- }
- }
- vl_print (handle, "dst_ip_prefix_len: %u\n",
- (unsigned) a->dst_ip_prefix_len);
- vl_print (handle, "proto: %u\n", (unsigned) a->proto);
- vl_print (handle, "srcport_or_icmptype_first: %u\n",
- (unsigned) a->srcport_or_icmptype_first);
- vl_print (handle, "srcport_or_icmptype_last: %u\n",
- (unsigned) a->srcport_or_icmptype_last);
- vl_print (handle, "dstport_or_icmpcode_first: %u\n",
- (unsigned) a->dstport_or_icmpcode_first);
- vl_print (handle, "dstport_or_icmpcode_last: %u\n",
- (unsigned) a->dstport_or_icmpcode_last);
- vl_print (handle, "tcp_flags_mask: %u\n", (unsigned) a->tcp_flags_mask);
- vl_print (handle, "tcp_flags_value: %u\n", (unsigned) a->tcp_flags_value);
- return handle;
-}
-
-static inline void *
-vl_api_acl_add_replace_t_print (vl_api_acl_add_replace_t * a, void *handle)
-{
- int i;
- vl_print (handle, "vl_api_acl_add_replace_t:\n");
- vl_print (handle, "_vl_msg_id: %u\n", (unsigned) a->_vl_msg_id);
- vl_print (handle, "client_index: %u\n", (unsigned) a->client_index);
- vl_print (handle, "context: %u\n", (unsigned) a->context);
- vl_print (handle, "acl_index: %u\n", (unsigned) a->acl_index);
- vl_print (handle, "count: %u\n", (unsigned) a->count);
- vl_print (handle, "r ----- \n");
- for (i = 0; i < a->count; i++)
- {
- vl_print (handle, " r[%d]:\n", i);
- vl_api_acl_rule_t_print (&a->r[i], handle);
- }
- vl_print (handle, "r ----- END \n");
- return handle;
-}
-
-
-static inline void *vl_api_acl_details_t_print (vl_api_acl_details_t *a,void *handle)
-{
- vl_print(handle, "vl_api_acl_details_t:\n");
- vl_print(handle, "_vl_msg_id: %u\n", (unsigned) a->_vl_msg_id);
- vl_print(handle, "context: %u\n", (unsigned) a->context);
- vl_print(handle, "acl_index: %u\n", (unsigned) a->acl_index);
- {
- int _i;
- for (_i = 0; _i < 64; _i++) {
- vl_print(handle, "tag[%d]: %u\n", _i, a->tag[_i]);
- }
- }
- vl_print(handle, "count: %u\n", (unsigned) a->count);
- vl_print(handle, "r ----- \n");
- // FIXME vl_api_acl_rule_t_print(&a->r, handle);
- vl_print(handle, "r ----- END \n");
- return handle;
-}
-
-static inline void *
-vl_api_macip_acl_rule_t_print (vl_api_macip_acl_rule_t * a, void *handle)
-{
- vl_print (handle, "vl_api_macip_acl_rule_t:\n");
- vl_print (handle, "is_permit: %u\n", (unsigned) a->is_permit);
- vl_print (handle, "is_ipv6: %u\n", (unsigned) a->is_ipv6);
- {
- int _i;
- for (_i = 0; _i < 6; _i++)
- {
- vl_print (handle, "src_mac[%d]: %u\n", _i, a->src_mac[_i]);
- }
- }
- {
- int _i;
- for (_i = 0; _i < 6; _i++)
- {
- vl_print (handle, "src_mac_mask[%d]: %u\n", _i, a->src_mac_mask[_i]);
- }
- }
- {
- int _i;
- for (_i = 0; _i < 16; _i++)
- {
- vl_print (handle, "src_ip_addr[%d]: %u\n", _i, a->src_ip_addr[_i]);
- }
- }
- vl_print (handle, "src_ip_prefix_len: %u\n",
- (unsigned) a->src_ip_prefix_len);
- return handle;
-}
-
-static inline void *
-vl_api_macip_acl_add_t_print (vl_api_macip_acl_add_t * a, void *handle)
-{
- int i;
- vl_print (handle, "vl_api_macip_acl_add_t:\n");
- vl_print (handle, "_vl_msg_id: %u\n", (unsigned) a->_vl_msg_id);
- vl_print (handle, "client_index: %u\n", (unsigned) a->client_index);
- vl_print (handle, "context: %u\n", (unsigned) a->context);
- vl_print (handle, "count: %u\n", (unsigned) a->count);
- vl_print (handle, "r ----- \n");
- for (i = 0; i < a->count; i++)
- {
- vl_print (handle, " r[%d]:\n", i);
- vl_api_macip_acl_rule_t_print (&a->r[i], handle);
- }
- vl_print (handle, "r ----- END \n");
- return handle;
-}
-
-static inline void *vl_api_macip_acl_details_t_print (vl_api_macip_acl_details_t *a,void *handle)
-{
- int i;
- vl_print(handle, "vl_api_macip_acl_details_t:\n");
- vl_print(handle, "_vl_msg_id: %u\n", (unsigned) a->_vl_msg_id);
- vl_print(handle, "context: %u\n", (unsigned) a->context);
- vl_print(handle, "acl_index: %u\n", (unsigned) a->acl_index);
- {
- int _i;
- for (_i = 0; _i < 64; _i++) {
- vl_print(handle, "tag[%d]: %u\n", _i, a->tag[_i]);
- }
- }
- vl_print(handle, "count: %u\n", (unsigned) a->count);
- vl_print(handle, "r ----- \n");
- for (i = 0; i < a->count; i++)
- {
- vl_print (handle, " r[%d]:\n", i);
- vl_api_macip_acl_rule_t_print (&a->r[i], handle);
- }
- vl_print(handle, "r ----- END \n");
- return handle;
-}
-
-#endif /* vl_printfun */
-
-
-#ifdef vl_endianfun
-
-#undef clib_net_to_host_uword
-#ifdef LP64
-#define clib_net_to_host_uword clib_net_to_host_u64
-#else
-#define clib_net_to_host_uword clib_net_to_host_u32
-#endif
-
-/*
- * Manual endian/print functions created by copypasting the automatically
- * generated ones with small required adjustments. Appears the codegen
- * can't make code to print the contents of custom-type array.
- */
-
-static inline void
-vl_api_acl_rule_t_endian (vl_api_acl_rule_t * a)
-{
- /* a->is_permit = a->is_permit (no-op) */
- /* a->is_ipv6 = a->is_ipv6 (no-op) */
- /* a->src_ip_addr[0..15] = a->src_ip_addr[0..15] (no-op) */
- /* a->src_ip_prefix_len = a->src_ip_prefix_len (no-op) */
- /* a->dst_ip_addr[0..15] = a->dst_ip_addr[0..15] (no-op) */
- /* a->dst_ip_prefix_len = a->dst_ip_prefix_len (no-op) */
- /* a->proto = a->proto (no-op) */
- a->srcport_or_icmptype_first =
- clib_net_to_host_u16 (a->srcport_or_icmptype_first);
- a->srcport_or_icmptype_last =
- clib_net_to_host_u16 (a->srcport_or_icmptype_last);
- a->dstport_or_icmpcode_first =
- clib_net_to_host_u16 (a->dstport_or_icmpcode_first);
- a->dstport_or_icmpcode_last =
- clib_net_to_host_u16 (a->dstport_or_icmpcode_last);
- /* a->tcp_flags_mask = a->tcp_flags_mask (no-op) */
- /* a->tcp_flags_value = a->tcp_flags_value (no-op) */
-}
-
-static inline void
-vl_api_acl_add_replace_t_endian (vl_api_acl_add_replace_t * a)
-{
- int i;
- a->_vl_msg_id = clib_net_to_host_u16 (a->_vl_msg_id);
- a->client_index = clib_net_to_host_u32 (a->client_index);
- a->context = clib_net_to_host_u32 (a->context);
- a->acl_index = clib_net_to_host_u32 (a->acl_index);
- a->count = clib_net_to_host_u32 (a->count);
- for (i = 0; i < a->count; i++)
- {
- vl_api_acl_rule_t_endian (&a->r[i]);
- }
-}
-
-static inline void vl_api_acl_details_t_endian (vl_api_acl_details_t *a)
-{
- int i;
- a->_vl_msg_id = clib_net_to_host_u16(a->_vl_msg_id);
- a->context = clib_net_to_host_u32(a->context);
- a->acl_index = clib_net_to_host_u32(a->acl_index);
- /* a->tag[0..63] = a->tag[0..63] (no-op) */
- a->count = clib_net_to_host_u32(a->count);
- for (i = 0; i < a->count; i++)
- {
- vl_api_acl_rule_t_endian (&a->r[i]);
- }
-}
-
-static inline void vl_api_acl_interface_list_details_t_endian (vl_api_acl_interface_list_details_t *a)
-{
- int i;
- a->_vl_msg_id = clib_net_to_host_u16(a->_vl_msg_id);
- a->context = clib_net_to_host_u32(a->context);
- a->sw_if_index = clib_net_to_host_u32(a->sw_if_index);
- /* a->count = a->count (no-op) */
- /* a->n_input = a->n_input (no-op) */
- for(i=0; i<a->count; i++) {
- a->acls[i] = clib_net_to_host_u32(a->acls[i]);
- }
-}
-
-static inline void vl_api_acl_interface_set_acl_list_t_endian (vl_api_acl_interface_set_acl_list_t *a)
-{
- int i;
- a->_vl_msg_id = clib_net_to_host_u16(a->_vl_msg_id);
- a->client_index = clib_net_to_host_u32(a->client_index);
- a->context = clib_net_to_host_u32(a->context);
- a->sw_if_index = clib_net_to_host_u32(a->sw_if_index);
- /* a->count = a->count (no-op) */
- /* a->n_input = a->n_input (no-op) */
- for(i=0; i<a->count; i++) {
- a->acls[i] = clib_net_to_host_u32(a->acls[i]);
- }
-}
-
-static inline void
-vl_api_macip_acl_rule_t_endian (vl_api_macip_acl_rule_t * a)
-{
- /* a->is_permit = a->is_permit (no-op) */
- /* a->is_ipv6 = a->is_ipv6 (no-op) */
- /* a->src_mac[0..5] = a->src_mac[0..5] (no-op) */
- /* a->src_mac_mask[0..5] = a->src_mac_mask[0..5] (no-op) */
- /* a->src_ip_addr[0..15] = a->src_ip_addr[0..15] (no-op) */
- /* a->src_ip_prefix_len = a->src_ip_prefix_len (no-op) */
-}
-
-static inline void
-vl_api_macip_acl_add_t_endian (vl_api_macip_acl_add_t * a)
-{
- int i;
- a->_vl_msg_id = clib_net_to_host_u16 (a->_vl_msg_id);
- a->client_index = clib_net_to_host_u32 (a->client_index);
- a->context = clib_net_to_host_u32 (a->context);
- a->count = clib_net_to_host_u32 (a->count);
- for (i = 0; i < a->count; i++)
- {
- vl_api_macip_acl_rule_t_endian (&a->r[i]);
- }
-}
-
-static inline void vl_api_macip_acl_details_t_endian (vl_api_macip_acl_details_t *a)
-{
- int i;
- a->_vl_msg_id = clib_net_to_host_u16(a->_vl_msg_id);
- a->context = clib_net_to_host_u32(a->context);
- a->acl_index = clib_net_to_host_u32(a->acl_index);
- /* a->tag[0..63] = a->tag[0..63] (no-op) */
- a->count = clib_net_to_host_u32(a->count);
- for (i = 0; i < a->count; i++)
- {
- vl_api_macip_acl_rule_t_endian (&a->r[i]);
- }
-}
-
-
-
-
-#endif /* vl_printfun */
-
-
diff --git a/src/plugins/acl/acl_test.c b/src/plugins/acl/acl_test.c
index 23dc6bc0c84..bec06fda6a7 100644
--- a/src/plugins/acl/acl_test.c
+++ b/src/plugins/acl/acl_test.c
@@ -164,14 +164,14 @@ vl_api_acl_rule_t_pretty_format (u8 *out, vl_api_acl_rule_t * a)
inet_ntop(af, a->src_ip_addr, (void *)src, sizeof(src));
inet_ntop(af, a->dst_ip_addr, (void *)dst, sizeof(dst));
- out = format(out, "%s action %d src %s/%d dst %s/%d proto %d sport %d-%d dport %d-%d tcpflags %d %d",
+ out = format(out, "%s action %d src %s/%d dst %s/%d proto %d sport %d-%d dport %d-%d tcpflags %d mask %d",
a->is_ipv6 ? "ipv6" : "ipv4", a->is_permit,
src, a->src_ip_prefix_len,
dst, a->dst_ip_prefix_len,
a->proto,
a->srcport_or_icmptype_first, a->srcport_or_icmptype_last,
a->dstport_or_icmpcode_first, a->dstport_or_icmpcode_last,
- a->tcp_flags_mask, a->tcp_flags_value);
+ a->tcp_flags_value, a->tcp_flags_mask);
return(out);
}
@@ -326,6 +326,7 @@ static int api_acl_add_replace (vat_main_t * vam)
vl_api_acl_rule_t *rules = 0;
int rule_idx = 0;
int n_rules = 0;
+ int n_rules_override = -1;
u32 proto = 0;
u32 port1 = 0;
u32 port2 = 0;
@@ -363,6 +364,10 @@ static int api_acl_add_replace (vat_main_t * vam)
vec_validate_acl_rules(rules, rule_idx);
rules[rule_idx].is_permit = 1;
}
+ else if (unformat (i, "count %d", &n_rules_override))
+ {
+ /* we will use this later */
+ }
else if (unformat (i, "action %d", &action))
{
vec_validate_acl_rules(rules, rule_idx);
@@ -430,6 +435,12 @@ static int api_acl_add_replace (vat_main_t * vam)
rules[rule_idx].tcp_flags_value = tcpflags;
rules[rule_idx].tcp_flags_mask = tcpmask;
}
+ else if (unformat (i, "tcpflags %d mask %d", &tcpflags, &tcpmask))
+ {
+ vec_validate_acl_rules(rules, rule_idx);
+ rules[rule_idx].tcp_flags_value = tcpflags;
+ rules[rule_idx].tcp_flags_mask = tcpmask;
+ }
else if (unformat (i, "proto %d", &proto))
{
vec_validate_acl_rules(rules, rule_idx);
@@ -455,6 +466,9 @@ static int api_acl_add_replace (vat_main_t * vam)
else
n_rules = 0;
+ if (n_rules_override >= 0)
+ n_rules = n_rules_override;
+
msg_size += n_rules*sizeof(rules[0]);
mp = vl_msg_api_alloc_as_if_client(msg_size);
@@ -812,6 +826,7 @@ static int api_macip_acl_add (vat_main_t * vam)
vl_api_macip_acl_rule_t *rules = 0;
int rule_idx = 0;
int n_rules = 0;
+ int n_rules_override = -1;
u32 src_prefix_length = 0;
u32 action = 0;
ip4_address_t src_v4address;
@@ -843,6 +858,10 @@ static int api_macip_acl_add (vat_main_t * vam)
vec_validate_macip_acl_rules(rules, rule_idx);
rules[rule_idx].is_permit = 0;
}
+ else if (unformat (i, "count %d", &n_rules_override))
+ {
+ /* we will use this later */
+ }
else if (unformat (i, "action %d", &action))
{
vec_validate_macip_acl_rules(rules, rule_idx);
@@ -856,6 +875,10 @@ static int api_macip_acl_add (vat_main_t * vam)
rules[rule_idx].src_ip_prefix_len = src_prefix_length;
rules[rule_idx].is_ipv6 = 0;
}
+ else if (unformat (i, "src"))
+ {
+ /* Everything in MACIP is "source" but allow this verbosity */
+ }
else if (unformat (i, "ip %U/%d",
unformat_ip6_address, &src_v6address, &src_prefix_length))
{
@@ -897,6 +920,9 @@ static int api_macip_acl_add (vat_main_t * vam)
else
n_rules = 0;
+ if (n_rules_override >= 0)
+ n_rules = n_rules_override;
+
msg_size += n_rules*sizeof(rules[0]);
mp = vl_msg_api_alloc_as_if_client(msg_size);
diff --git a/src/plugins/acl/manual_fns.h b/src/plugins/acl/manual_fns.h
new file mode 100644
index 00000000000..cf9c3abc386
--- /dev/null
+++ b/src/plugins/acl/manual_fns.h
@@ -0,0 +1,348 @@
+/*
+ * Copyright (c) 2016 Cisco and/or its affiliates.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef included_manual_fns_h
+#define included_manual_fns_h
+
+#include <vnet/ip/format.h>
+#include <vnet/ethernet/ethernet.h>
+
+/* Macro to finish up custom dump fns */
+#define PRINT_S \
+ vec_add1 (s, 0); \
+ vl_print (handle, (char *)s); \
+ vec_free (s);
+
+static inline void
+vl_api_acl_details_t_endian (vl_api_acl_details_t * a)
+{
+ a->_vl_msg_id = clib_net_to_host_u16 (a->_vl_msg_id);
+ a->context = clib_net_to_host_u32 (a->context);
+ a->acl_index = clib_net_to_host_u32 (a->acl_index);
+ /* a->tag[0..63] = a->tag[0..63] (no-op) */
+ a->count = clib_net_to_host_u32 (a->count);
+ vl_api_acl_rule_t_endian (a->r);
+}
+
+static inline void
+vl_api_macip_acl_details_t_endian (vl_api_macip_acl_details_t * a)
+{
+ a->_vl_msg_id = clib_net_to_host_u16 (a->_vl_msg_id);
+ a->context = clib_net_to_host_u32 (a->context);
+ a->acl_index = clib_net_to_host_u32 (a->acl_index);
+ /* a->tag[0..63] = a->tag[0..63] (no-op) */
+ a->count = clib_net_to_host_u32 (a->count);
+ vl_api_macip_acl_rule_t_endian (a->r);
+}
+
+
+static inline void
+vl_api_acl_add_replace_t_endian (vl_api_acl_add_replace_t * a)
+{
+ a->_vl_msg_id = clib_net_to_host_u16 (a->_vl_msg_id);
+ a->client_index = clib_net_to_host_u32 (a->client_index);
+ a->context = clib_net_to_host_u32 (a->context);
+ a->acl_index = clib_net_to_host_u32 (a->acl_index);
+ /* a->tag[0..63] = a->tag[0..63] (no-op) */
+ a->count = clib_net_to_host_u32 (a->count);
+ vl_api_acl_rule_t_endian (a->r);
+}
+
+static inline void
+vl_api_macip_acl_add_t_endian (vl_api_macip_acl_add_t * a)
+{
+ a->_vl_msg_id = clib_net_to_host_u16 (a->_vl_msg_id);
+ a->client_index = clib_net_to_host_u32 (a->client_index);
+ a->context = clib_net_to_host_u32 (a->context);
+ /* a->tag[0..63] = a->tag[0..63] (no-op) */
+ a->count = clib_net_to_host_u32 (a->count);
+ vl_api_macip_acl_rule_t_endian (a->r);
+}
+
+static inline u8 *
+format_acl_action(u8 *s, u8 action)
+{
+ switch(action) {
+ case 0:
+ s = format (s, "deny");
+ break;
+ case 1:
+ s = format (s, "permit");
+ break;
+ case 2:
+ s = format (s, "permit+reflect");
+ break;
+ default:
+ s = format (s, "action %d", action);
+ }
+ return(s);
+}
+
+static inline void *
+vl_api_acl_rule_t_print (vl_api_acl_rule_t * a, void *handle)
+{
+ u8 *s;
+
+ s = format (0, " %s ", a->is_ipv6 ? "ipv6" : "ipv4");
+ s = format_acl_action (s, a->is_permit);
+ s = format (s, " \\\n");
+
+ if (a->is_ipv6)
+ s = format (s, " src %U/%d dst %U/%d \\\n",
+ format_ip6_address, a->src_ip_addr, a->src_ip_prefix_len,
+ format_ip6_address, a->dst_ip_addr, a->dst_ip_prefix_len);
+ else
+ s = format (s, " src %U/%d dst %U/%d \\\n",
+ format_ip4_address, a->src_ip_addr, a->src_ip_prefix_len,
+ format_ip4_address, a->dst_ip_addr, a->dst_ip_prefix_len);
+ s = format (s, " proto %d \\\n", a->proto);
+ s = format (s, " sport %d-%d dport %d-%d \\\n",
+ clib_net_to_host_u16 (a->srcport_or_icmptype_first),
+ clib_net_to_host_u16 (a->srcport_or_icmptype_last),
+ clib_net_to_host_u16 (a->dstport_or_icmpcode_first),
+ clib_net_to_host_u16 (a->dstport_or_icmpcode_last));
+
+ s = format (s, " tcpflags %u mask %u, \\",
+ a->tcp_flags_value, a->tcp_flags_mask);
+ PRINT_S;
+ return handle;
+}
+
+
+
+static inline void *
+vl_api_macip_acl_rule_t_print (vl_api_macip_acl_rule_t * a, void *handle)
+{
+ u8 *s;
+
+ s = format (0, " %s %s \\\n", a->is_ipv6 ? "ipv6" : "ipv4",
+ a->is_permit ? "permit" : "deny");
+
+ s = format (s, " src mac %U mask %U \\\n",
+ format_ethernet_address, a->src_mac,
+ format_ethernet_address, a->src_mac_mask);
+
+ if (a->is_ipv6)
+ s = format (s, " src ip %U/%d, \\",
+ format_ip6_address, a->src_ip_addr, a->src_ip_prefix_len);
+ else
+ s = format (s, " src ip %U/%d, \\",
+ format_ip4_address, a->src_ip_addr, a->src_ip_prefix_len);
+
+ PRINT_S;
+ return handle;
+}
+
+static inline void *
+vl_api_acl_add_replace_t_print (vl_api_acl_add_replace_t * a, void *handle)
+{
+ u8 *s = 0;
+ int i;
+ u32 acl_index = clib_net_to_host_u32 (a->acl_index);
+ u32 count = clib_net_to_host_u32 (a->count);
+ if (count > 0x100000)
+ {
+ s = format (s, "WARN: acl_add_replace count endianness wrong? Fixup to avoid long loop.\n");
+ count = a->count;
+ }
+
+ s = format (s, "SCRIPT: acl_add_replace %d count %d ",
+ acl_index, count);
+
+ if (a->tag[0])
+ s = format (s, "tag %s ", a->tag);
+
+ s = format(s, "\\\n");
+ PRINT_S;
+
+ for (i = 0; i < count; i++)
+ vl_api_acl_rule_t_print (&a->r[i], handle);
+
+ s = format(s, "\n");
+ PRINT_S;
+ return handle;
+}
+
+static inline void *
+vl_api_acl_del_t_print (vl_api_macip_acl_del_t * a, void *handle)
+{
+ u8 *s;
+
+ s = format (0, "SCRIPT: acl_del %d ",
+ clib_host_to_net_u32 (a->acl_index));
+
+ PRINT_S;
+ return handle;
+}
+
+
+static inline void *
+vl_api_acl_details_t_print (vl_api_acl_details_t * a, void *handle)
+{
+ u8 *s = 0;
+ int i;
+ u32 acl_index = clib_net_to_host_u32 (a->acl_index);
+ u32 count = clib_net_to_host_u32 (a->count);
+ if (count > 0x100000)
+ {
+ s = format (s, "WARN: acl_defails count endianness wrong? Fixup to avoid long loop.\n");
+ count = a->count;
+ }
+
+ s = format (s, "acl_details index %d count %d ",
+ acl_index, count);
+
+ if (a->tag[0])
+ s = format (s, "tag %s ", a->tag);
+
+ s = format(s, "\n");
+ PRINT_S;
+
+ for (i = 0; i < count; i++)
+ vl_api_acl_rule_t_print (&a->r[i], handle);
+
+ return handle;
+}
+
+static inline void *
+vl_api_macip_acl_details_t_print (vl_api_macip_acl_details_t * a,
+ void *handle)
+{
+ u8 *s = 0;
+ int i;
+ u32 acl_index = clib_net_to_host_u32 (a->acl_index);
+ u32 count = clib_net_to_host_u32 (a->count);
+ if (count > 0x100000)
+ {
+ s = format (s, "WARN: macip_acl_defails count endianness wrong? Fixup to avoid long loop.\n");
+ count = a->count;
+ }
+
+ s = format (s, "macip_acl_details index %d count %d ",
+ acl_index, count);
+
+ if (a->tag[0])
+ s = format (s, "tag %s ", a->tag);
+
+ s = format(s, "\n");
+ PRINT_S;
+
+ for (i = 0; i < count; i++)
+ vl_api_macip_acl_rule_t_print (&a->r[i], handle);
+
+ return handle;
+}
+
+static inline void *
+vl_api_macip_acl_add_t_print (vl_api_macip_acl_add_t * a, void *handle)
+{
+ u8 *s = 0;
+ int i;
+ u32 count = clib_net_to_host_u32 (a->count);
+ if (count > 0x100000)
+ {
+ s = format (s, "WARN: macip_acl_add count endianness wrong? Fixup to avoid long loop.\n");
+ count = a->count;
+ }
+
+ s = format (0, "SCRIPT: macip_acl_add ");
+ if (a->tag[0])
+ s = format (s, "tag %s ", a->tag);
+
+ s = format (s, "count %d \\\n", count);
+
+ PRINT_S;
+
+ for (i = 0; i < count; i++)
+ vl_api_macip_acl_rule_t_print (&a->r[i], handle);
+
+ s = format (0, "\n");
+ PRINT_S;
+
+ return handle;
+}
+
+
+static inline void *
+vl_api_acl_interface_set_acl_list_t_print (vl_api_acl_interface_set_acl_list_t
+ * a, void *handle)
+{
+ u8 *s;
+ int i;
+
+ s = format
+ (0, "SCRIPT: acl_interface_set_acl_list sw_if_index %d count %d\n",
+ clib_net_to_host_u32 (a->sw_if_index), (u32) a->count);
+
+ s = format (s, " input ");
+
+ for (i = 0; i < a->count; i++)
+ {
+ if (i == a->n_input)
+ s = format (s, "output ");
+ s = format (s, "%d ", clib_net_to_host_u32 (a->acls[i]));
+ }
+
+ PRINT_S;
+ return handle;
+}
+
+static inline void *
+vl_api_acl_interface_add_del_t_print (vl_api_acl_interface_add_del_t * a,
+ void *handle)
+{
+ u8 *s;
+
+ s = format (0, "SCRIPT: acl_interface_add_del sw_if_index %d acl %d ",
+ clib_net_to_host_u32 (a->sw_if_index),
+ clib_net_to_host_u32 (a->acl_index));
+ s = format (s, "%s %s",
+ a->is_input ? "input" : "output", a->is_add ? "add" : "del");
+
+ PRINT_S;
+ return handle;
+}
+
+static inline void *vl_api_macip_acl_interface_add_del_t_print
+ (vl_api_macip_acl_interface_add_del_t * a, void *handle)
+{
+ u8 *s;
+
+ s = format
+ (0,
+ "SCRIPT: macip_acl_interface_add_del sw_if_index %d acl_index %d ",
+ clib_net_to_host_u32 (a->sw_if_index),
+ clib_net_to_host_u32 (a->acl_index));
+ s = format (s, "%s", a->is_add ? "add" : "del");
+
+ PRINT_S;
+ return handle;
+}
+
+
+static inline void *
+vl_api_macip_acl_del_t_print (vl_api_macip_acl_del_t * a, void *handle)
+{
+ u8 *s;
+
+ s = format (0, "SCRIPT: macip_acl_del %d ",
+ clib_host_to_net_u32 (a->acl_index));
+
+ PRINT_S;
+ return handle;
+}
+
+
+#endif /* included_manual_fns_h */