summaryrefslogtreecommitdiffstats
path: root/src/plugins/acl
diff options
context:
space:
mode:
Diffstat (limited to 'src/plugins/acl')
-rw-r--r--src/plugins/acl/acl.c43
-rw-r--r--src/plugins/acl/acl.h3
2 files changed, 37 insertions, 9 deletions
diff --git a/src/plugins/acl/acl.c b/src/plugins/acl/acl.c
index e1d6da02b75..8543ac6eef2 100644
--- a/src/plugins/acl/acl.c
+++ b/src/plugins/acl/acl.c
@@ -2111,13 +2111,17 @@ macip_acl_interface_del_acl (acl_main_t * am, u32 sw_if_index)
int rv;
u32 macip_acl_index;
macip_acl_list_t *a;
- void *oldheap = acl_set_heap (am);
- vec_validate_init_empty (am->macip_acl_by_sw_if_index, sw_if_index, ~0);
- clib_mem_set_heap (oldheap);
+
macip_acl_index = am->macip_acl_by_sw_if_index[sw_if_index];
/* No point in deleting MACIP ACL which is not applied */
if (~0 == macip_acl_index)
return VNET_API_ERROR_NO_SUCH_ENTRY;
+
+ void *oldheap = acl_set_heap (am);
+ vec_validate_init_empty (am->macip_acl_by_sw_if_index, sw_if_index, ~0);
+ vec_validate_init_empty (am->sw_if_index_vec_by_macip_acl, macip_acl_index,
+ ~0);
+ clib_mem_set_heap (oldheap);
a = pool_elt_at_index (am->macip_acls, macip_acl_index);
/* remove the classifier tables off the interface L2 ACL */
rv =
@@ -2129,6 +2133,7 @@ macip_acl_interface_del_acl (acl_main_t * am, u32 sw_if_index)
a->out_l2_table_index, 0);
/* Unset the MACIP ACL index */
am->macip_acl_by_sw_if_index[sw_if_index] = ~0;
+ am->sw_if_index_vec_by_macip_acl[macip_acl_index] = ~0;
return rv;
}
@@ -2147,11 +2152,14 @@ macip_acl_interface_add_acl (acl_main_t * am, u32 sw_if_index,
void *oldheap = acl_set_heap (am);
a = pool_elt_at_index (am->macip_acls, macip_acl_index);
vec_validate_init_empty (am->macip_acl_by_sw_if_index, sw_if_index, ~0);
+ vec_validate_init_empty (am->sw_if_index_vec_by_macip_acl, macip_acl_index,
+ ~0);
clib_mem_set_heap (oldheap);
/* If there already a MACIP ACL applied, unapply it */
if (~0 != am->macip_acl_by_sw_if_index[sw_if_index])
macip_acl_interface_del_acl (am, sw_if_index);
am->macip_acl_by_sw_if_index[sw_if_index] = macip_acl_index;
+ am->sw_if_index_vec_by_macip_acl[macip_acl_index] = sw_if_index;
/* Apply the classifier tables for L2 ACLs */
rv =
@@ -3262,10 +3270,6 @@ macip_acl_print (acl_main_t * am, u32 macip_acl_index)
vlib_main_t *vm = am->vlib_main;
int i;
- /* Don't attempt to show the ACLs that do not exist */
- if (pool_is_free_index (am->macip_acls, macip_acl_index))
- return;
-
/* Don't try to print someone else's memory */
if (macip_acl_index > vec_len (am->macip_acls))
return;
@@ -3299,8 +3303,29 @@ acl_show_aclplugin_macip_acl_fn (vlib_main_t * vm,
clib_error_t *error = 0;
acl_main_t *am = &acl_main;
int i;
+ u32 acl_index = ~0;
+
+ (void) unformat (input, "index %u", &acl_index);
+
for (i = 0; i < vec_len (am->macip_acls); i++)
- macip_acl_print (am, i);
+ {
+ /* Don't attempt to show the ACLs that do not exist */
+ if (pool_is_free_index (am->macip_acls, i))
+ continue;
+
+ if ((acl_index != ~0) && (acl_index != i))
+ {
+ continue;
+ }
+
+ macip_acl_print (am, i);
+ if (i < vec_len (am->sw_if_index_vec_by_macip_acl))
+ {
+ vlib_cli_output (vm, " applied on sw_if_index: %d\n",
+ vec_elt (am->sw_if_index_vec_by_macip_acl, i));
+ }
+ }
+
return error;
}
@@ -3947,7 +3972,7 @@ VLIB_CLI_COMMAND (aclplugin_show_tables_command, static) = {
VLIB_CLI_COMMAND (aclplugin_show_macip_acl_command, static) = {
.path = "show acl-plugin macip acl",
- .short_help = "show acl-plugin macip acl",
+ .short_help = "show acl-plugin macip acl [index N]",
.function = acl_show_aclplugin_macip_acl_fn,
};
diff --git a/src/plugins/acl/acl.h b/src/plugins/acl/acl.h
index 07ed8681ef1..555358c4f66 100644
--- a/src/plugins/acl/acl.h
+++ b/src/plugins/acl/acl.h
@@ -197,6 +197,9 @@ typedef struct {
/* MACIP (input) ACLs associated with the interfaces */
u32 *macip_acl_by_sw_if_index;
+ /* interfaces on which given MACIP ACLs are applied */
+ u32 *sw_if_index_vec_by_macip_acl;
+
/* bitmaps when set the processing is enabled on the interface */
uword *fa_in_acl_on_sw_if_index;
uword *fa_out_acl_on_sw_if_index;