diff options
Diffstat (limited to 'src/vnet/l2')
| -rw-r--r-- | src/vnet/l2/l2_in_out_acl.c (renamed from src/vnet/l2/l2_input_acl.c) | 180 | ||||
| -rw-r--r-- | src/vnet/l2/l2_input.c | 3 | ||||
| -rw-r--r-- | src/vnet/l2/l2_output_acl.c | 341 |
3 files changed, 144 insertions, 380 deletions
diff --git a/src/vnet/l2/l2_input_acl.c b/src/vnet/l2/l2_in_out_acl.c index 84030888c04..6f86a9f66ae 100644 --- a/src/vnet/l2/l2_input_acl.c +++ b/src/vnet/l2/l2_in_out_acl.c @@ -1,7 +1,7 @@ /* - * l2_input_acl.c : layer 2 input acl processing + * l2_in_out_acl.c : layer 2 input/output acl processing * - * Copyright (c) 2013 Cisco and/or its affiliates. + * Copyright (c) 2013,2018 Cisco and/or its affiliates. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at: @@ -25,6 +25,7 @@ #include <vnet/ip/ip6_packet.h> #include <vlib/cli.h> #include <vnet/l2/l2_input.h> +#include <vnet/l2/l2_output.h> #include <vnet/l2/feat_bitmap.h> #include <vppinfra/error.h> @@ -32,18 +33,18 @@ #include <vppinfra/cache.h> #include <vnet/classify/vnet_classify.h> -#include <vnet/classify/input_acl.h> +#include <vnet/classify/in_out_acl.h> typedef struct { /* Next nodes for each feature */ - u32 feat_next_node_index[32]; + u32 feat_next_node_index[IN_OUT_ACL_N_TABLE_GROUPS][32]; /* convenience variables */ vlib_main_t *vlib_main; vnet_main_t *vnet_main; -} l2_inacl_main_t; +} l2_in_out_acl_main_t; typedef struct { @@ -51,24 +52,38 @@ typedef struct u32 next_index; u32 table_index; u32 offset; -} l2_inacl_trace_t; +} l2_in_out_acl_trace_t; /* packet trace format function */ static u8 * -format_l2_inacl_trace (u8 * s, va_list * args) +format_l2_in_out_acl_trace (u8 * s, u32 is_output, va_list * args) { CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *); CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *); - l2_inacl_trace_t *t = va_arg (*args, l2_inacl_trace_t *); + l2_in_out_acl_trace_t *t = va_arg (*args, l2_in_out_acl_trace_t *); - s = format (s, "INACL: sw_if_index %d, next_index %d, table %d, offset %d", + s = format (s, "%s: sw_if_index %d, next_index %d, table %d, offset %d", + is_output ? "OUTACL" : "INACL", t->sw_if_index, t->next_index, t->table_index, t->offset); return s; } -l2_inacl_main_t l2_inacl_main; +static u8 * +format_l2_inacl_trace (u8 * s, va_list * args) +{ + return format_l2_in_out_acl_trace (s, IN_OUT_ACL_INPUT_TABLE_GROUP, args); +} + +static u8 * +format_l2_outacl_trace (u8 * s, va_list * args) +{ + return format_l2_in_out_acl_trace (s, IN_OUT_ACL_OUTPUT_TABLE_GROUP, args); +} + +l2_in_out_acl_main_t l2_in_out_acl_main; static vlib_node_registration_t l2_inacl_node; +static vlib_node_registration_t l2_outacl_node; #define foreach_l2_inacl_error \ _(NONE, "valid input ACL packets") \ @@ -78,6 +93,14 @@ _(CHAIN_HIT, "input ACL hits after chain walk") \ _(TABLE_MISS, "input ACL table-miss drops") \ _(SESSION_DENY, "input ACL session deny drops") +#define foreach_l2_outacl_error \ +_(NONE, "valid output ACL packets") \ +_(MISS, "output ACL misses") \ +_(HIT, "output ACL hits") \ +_(CHAIN_HIT, "output ACL hits after chain walk") \ +_(TABLE_MISS, "output ACL table-miss drops") \ +_(SESSION_DENY, "output ACL session deny drops") + typedef enum { @@ -93,16 +116,32 @@ static char *l2_inacl_error_strings[] = { #undef _ }; -static uword -l2_inacl_node_fn (vlib_main_t * vm, - vlib_node_runtime_t * node, vlib_frame_t * frame) +typedef enum +{ +#define _(sym,str) L2_OUTACL_ERROR_##sym, + foreach_l2_outacl_error +#undef _ + L2_OUTACL_N_ERROR, +} l2_outacl_error_t; + +static char *l2_outacl_error_strings[] = { +#define _(sym,string) string, + foreach_l2_outacl_error +#undef _ +}; + + +static inline uword +l2_in_out_acl_node_fn (vlib_main_t * vm, + vlib_node_runtime_t * node, vlib_frame_t * frame, + int is_output) { u32 n_left_from, *from, *to_next; acl_next_index_t next_index; - l2_inacl_main_t *msm = &l2_inacl_main; - input_acl_main_t *am = &input_acl_main; + l2_in_out_acl_main_t *msm = &l2_in_out_acl_main; + in_out_acl_main_t *am = &in_out_acl_main; vnet_classify_main_t *vcm = am->vnet_classify_main; - input_acl_table_id_t tid = INPUT_ACL_TABLE_L2; + in_out_acl_table_id_t tid = IN_OUT_ACL_TABLE_L2; f64 now = vlib_time_now (vm); u32 hits = 0; u32 misses = 0; @@ -141,13 +180,15 @@ l2_inacl_node_fn (vlib_main_t * vm, bi1 = from[1]; b1 = vlib_get_buffer (vm, bi1); - sw_if_index0 = vnet_buffer (b0)->sw_if_index[VLIB_RX]; + sw_if_index0 = + vnet_buffer (b0)->sw_if_index[is_output ? VLIB_TX : VLIB_RX]; table_index0 = - am->classify_table_index_by_sw_if_index[tid][sw_if_index0]; + am->classify_table_index_by_sw_if_index[is_output][tid][sw_if_index0]; - sw_if_index1 = vnet_buffer (b1)->sw_if_index[VLIB_RX]; + sw_if_index1 = + vnet_buffer (b1)->sw_if_index[is_output ? VLIB_TX : VLIB_RX]; table_index1 = - am->classify_table_index_by_sw_if_index[tid][sw_if_index1]; + am->classify_table_index_by_sw_if_index[is_output][tid][sw_if_index1]; t0 = pool_elt_at_index (vcm->tables, table_index0); @@ -193,9 +234,10 @@ l2_inacl_node_fn (vlib_main_t * vm, bi0 = from[0]; b0 = vlib_get_buffer (vm, bi0); - sw_if_index0 = vnet_buffer (b0)->sw_if_index[VLIB_RX]; + sw_if_index0 = + vnet_buffer (b0)->sw_if_index[is_output ? VLIB_TX : VLIB_RX]; table_index0 = - am->classify_table_index_by_sw_if_index[tid][sw_if_index0]; + am->classify_table_index_by_sw_if_index[is_output][tid][sw_if_index0]; t0 = pool_elt_at_index (vcm->tables, table_index0); @@ -272,8 +314,10 @@ l2_inacl_node_fn (vlib_main_t * vm, vnet_buffer (b0)->l2_classify.opaque_index = ~0; /* Determine the next node */ - next0 = vnet_l2_feature_next (b0, msm->feat_next_node_index, - L2INPUT_FEAT_ACL); + next0 = + vnet_l2_feature_next (b0, msm->feat_next_node_index[is_output], + is_output ? L2OUTPUT_FEAT_ACL : + L2INPUT_FEAT_ACL); if (PREDICT_TRUE (table_index0 != ~0)) { @@ -299,8 +343,12 @@ l2_inacl_node_fn (vlib_main_t * vm, hits++; - error0 = (next0 == ACL_NEXT_INDEX_DENY) ? - L2_INACL_ERROR_SESSION_DENY : L2_INACL_ERROR_NONE; + if (is_output) + error0 = (next0 == ACL_NEXT_INDEX_DENY) ? + L2_OUTACL_ERROR_SESSION_DENY : L2_INACL_ERROR_NONE; + else + error0 = (next0 == ACL_NEXT_INDEX_DENY) ? + L2_OUTACL_ERROR_SESSION_DENY : L2_OUTACL_ERROR_NONE; b0->error = node->errors[error0]; } else @@ -319,8 +367,13 @@ l2_inacl_node_fn (vlib_main_t * vm, misses++; - error0 = (next0 == ACL_NEXT_INDEX_DENY) ? - L2_INACL_ERROR_TABLE_MISS : L2_INACL_ERROR_NONE; + if (is_output) + error0 = (next0 == ACL_NEXT_INDEX_DENY) ? + L2_OUTACL_ERROR_TABLE_MISS : + L2_OUTACL_ERROR_NONE; + else + error0 = (next0 == ACL_NEXT_INDEX_DENY) ? + L2_INACL_ERROR_TABLE_MISS : L2_INACL_ERROR_NONE; b0->error = node->errors[error0]; break; } @@ -344,8 +397,14 @@ l2_inacl_node_fn (vlib_main_t * vm, hits++; chain_hits++; - error0 = (next0 == ACL_NEXT_INDEX_DENY) ? - L2_INACL_ERROR_SESSION_DENY : L2_INACL_ERROR_NONE; + if (is_output) + error0 = (next0 == ACL_NEXT_INDEX_DENY) ? + L2_OUTACL_ERROR_SESSION_DENY : + L2_OUTACL_ERROR_NONE; + else + error0 = (next0 == ACL_NEXT_INDEX_DENY) ? + L2_INACL_ERROR_SESSION_DENY : + L2_INACL_ERROR_NONE; b0->error = node->errors[error0]; break; } @@ -356,9 +415,10 @@ l2_inacl_node_fn (vlib_main_t * vm, if (PREDICT_FALSE ((node->flags & VLIB_NODE_FLAG_TRACE) && (b0->flags & VLIB_BUFFER_IS_TRACED))) { - l2_inacl_trace_t *t = + l2_in_out_acl_trace_t *t = vlib_add_trace (vm, node, b0, sizeof (*t)); - t->sw_if_index = vnet_buffer (b0)->sw_if_index[VLIB_RX]; + t->sw_if_index = + vnet_buffer (b0)->sw_if_index[is_output ? VLIB_TX : VLIB_RX]; t->next_index = next0; t->table_index = t0 ? t0 - vcm->tables : ~0; t->offset = (t0 && e0) ? vnet_classify_get_offset (t0, e0) : ~0; @@ -374,14 +434,33 @@ l2_inacl_node_fn (vlib_main_t * vm, } vlib_node_increment_counter (vm, node->node_index, + is_output ? L2_OUTACL_ERROR_MISS : L2_INACL_ERROR_MISS, misses); vlib_node_increment_counter (vm, node->node_index, + is_output ? L2_OUTACL_ERROR_HIT : L2_INACL_ERROR_HIT, hits); vlib_node_increment_counter (vm, node->node_index, + is_output ? L2_OUTACL_ERROR_CHAIN_HIT : L2_INACL_ERROR_CHAIN_HIT, chain_hits); return frame->n_vectors; } +static uword +l2_inacl_node_fn (vlib_main_t * vm, + vlib_node_runtime_t * node, vlib_frame_t * frame) +{ + return l2_in_out_acl_node_fn (vm, node, frame, + IN_OUT_ACL_INPUT_TABLE_GROUP); +} + +static uword +l2_outacl_node_fn (vlib_main_t * vm, + vlib_node_runtime_t * node, vlib_frame_t * frame) +{ + return l2_in_out_acl_node_fn (vm, node, frame, + IN_OUT_ACL_OUTPUT_TABLE_GROUP); +} + /* *INDENT-OFF* */ VLIB_REGISTER_NODE (l2_inacl_node,static) = { .function = l2_inacl_node_fn, @@ -400,12 +479,34 @@ VLIB_REGISTER_NODE (l2_inacl_node,static) = { [ACL_NEXT_INDEX_DENY] = "error-drop", }, }; -/* *INDENT-ON* */ + +VLIB_REGISTER_NODE (l2_outacl_node,static) = { + .function = l2_outacl_node_fn, + .name = "l2-output-acl", + .vector_size = sizeof (u32), + .format_trace = format_l2_outacl_trace, + .type = VLIB_NODE_TYPE_INTERNAL, + + .n_errors = ARRAY_LEN(l2_outacl_error_strings), + .error_strings = l2_outacl_error_strings, + + .n_next_nodes = ACL_NEXT_INDEX_N_NEXT, + + /* edit / add dispositions here */ + .next_nodes = { + [ACL_NEXT_INDEX_DENY] = "error-drop", + }, +}; VLIB_NODE_FUNCTION_MULTIARCH (l2_inacl_node, l2_inacl_node_fn) - clib_error_t *l2_inacl_init (vlib_main_t * vm) +VLIB_NODE_FUNCTION_MULTIARCH (l2_outacl_node, l2_outacl_node_fn) +/* *INDENT-ON* */ + + +clib_error_t * +l2_in_out_acl_init (vlib_main_t * vm) { - l2_inacl_main_t *mp = &l2_inacl_main; + l2_in_out_acl_main_t *mp = &l2_in_out_acl_main; mp->vlib_main = vm; mp->vnet_main = vnet_get_main (); @@ -415,12 +516,17 @@ VLIB_NODE_FUNCTION_MULTIARCH (l2_inacl_node, l2_inacl_node_fn) l2_inacl_node.index, L2INPUT_N_FEAT, l2input_get_feat_names (), - mp->feat_next_node_index); + mp->feat_next_node_index + [IN_OUT_ACL_INPUT_TABLE_GROUP]); + feat_bitmap_init_next_nodes (vm, l2_outacl_node.index, L2OUTPUT_N_FEAT, + l2output_get_feat_names (), + mp->feat_next_node_index + [IN_OUT_ACL_OUTPUT_TABLE_GROUP]); return 0; } -VLIB_INIT_FUNCTION (l2_inacl_init); +VLIB_INIT_FUNCTION (l2_in_out_acl_init); /* * fd.io coding-style-patch-verification: ON diff --git a/src/vnet/l2/l2_input.c b/src/vnet/l2/l2_input.c index 591211e9805..c05f5cfcd2c 100644 --- a/src/vnet/l2/l2_input.c +++ b/src/vnet/l2/l2_input.c @@ -1148,14 +1148,13 @@ _(l2fib_init) \ _(l2_input_classify_init) \ _(l2bd_init) \ _(l2fwd_init) \ -_(l2_inacl_init) \ +_(l2_in_out_acl_init) \ _(l2input_init) \ _(l2_vtr_init) \ _(l2_invtr_init) \ _(l2_efp_filter_init) \ _(l2learn_init) \ _(l2flood_init) \ -_(l2_outacl_init) \ _(l2output_init) \ _(l2_patch_init) \ _(l2_xcrw_init) diff --git a/src/vnet/l2/l2_output_acl.c b/src/vnet/l2/l2_output_acl.c deleted file mode 100644 index 7d051326ee0..00000000000 --- a/src/vnet/l2/l2_output_acl.c +++ /dev/null @@ -1,341 +0,0 @@ -/* - * l2_output_acl.c : layer 2 output acl processing - * - * Copyright (c) 2013 Cisco and/or its affiliates. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at: - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include <vlib/vlib.h> -#include <vnet/vnet.h> -#include <vnet/pg/pg.h> -#include <vnet/ethernet/ethernet.h> -#include <vnet/ethernet/packet.h> -#include <vnet/ip/ip_packet.h> -#include <vnet/ip/ip4_packet.h> -#include <vnet/ip/ip6_packet.h> -#include <vlib/cli.h> -#include <vnet/l2/feat_bitmap.h> -#include <vnet/l2/l2_output.h> - -#include <vppinfra/error.h> -#include <vppinfra/hash.h> -#include <vppinfra/cache.h> - - -typedef struct -{ - /* Next nodes for L2 output features */ - u32 l2_out_feat_next[32]; - - /* convenience variables */ - vlib_main_t *vlib_main; - vnet_main_t *vnet_main; -} l2_outacl_main_t; - - - -typedef struct -{ - /* per-pkt trace data */ - u8 src[6]; - u8 dst[6]; - u32 next_index; - u32 sw_if_index; -} l2_outacl_trace_t; - -/* packet trace format function */ -static u8 * -format_l2_outacl_trace (u8 * s, va_list * args) -{ - CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *); - CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *); - l2_outacl_trace_t *t = va_arg (*args, l2_outacl_trace_t *); - - s = format (s, "l2-output-acl: sw_if_index %d dst %U src %U", - t->sw_if_index, - format_ethernet_address, t->dst, - format_ethernet_address, t->src); - return s; -} - -l2_outacl_main_t l2_outacl_main; - -static vlib_node_registration_t l2_outacl_node; - -#define foreach_l2_outacl_error \ -_(L2_OUTACL, "L2 output ACL packets") \ -_(DROP, "L2 output drops") - -typedef enum -{ -#define _(sym,str) L2_OUTACL_ERROR_##sym, - foreach_l2_outacl_error -#undef _ - L2_OUTACL_N_ERROR, -} l2_outacl_error_t; - -static char *l2_outacl_error_strings[] = { -#define _(sym,string) string, - foreach_l2_outacl_error -#undef _ -}; - -typedef enum -{ - L2_OUTACL_NEXT_DROP, - L2_OUTACL_N_NEXT, -} l2_outacl_next_t; - - - -static uword -l2_outacl_node_fn (vlib_main_t * vm, - vlib_node_runtime_t * node, vlib_frame_t * frame) -{ - u32 n_left_from, *from, *to_next; - l2_outacl_next_t next_index; - l2_outacl_main_t *msm = &l2_outacl_main; - vlib_node_t *n = vlib_get_node (vm, l2_outacl_node.index); - u32 node_counter_base_index = n->error_heap_index; - vlib_error_main_t *em = &vm->error_main; - - from = vlib_frame_vector_args (frame); - n_left_from = frame->n_vectors; /* number of packets to process */ - next_index = node->cached_next_index; - - while (n_left_from > 0) - { - u32 n_left_to_next; - - /* get space to enqueue frame to graph node "next_index" */ - vlib_get_next_frame (vm, node, next_index, to_next, n_left_to_next); - - while (0 && n_left_from >= 4 && n_left_to_next >= 2) - { - u32 bi0, bi1; - vlib_buffer_t *b0, *b1; - u32 next0, next1; - u32 sw_if_index0, sw_if_index1; - ethernet_header_t *h0, *h1; - - /* Prefetch next iteration. */ - { - vlib_buffer_t *p2, *p3; - - p2 = vlib_get_buffer (vm, from[2]); - p3 = vlib_get_buffer (vm, from[3]); - - vlib_prefetch_buffer_header (p2, LOAD); - vlib_prefetch_buffer_header (p3, LOAD); - - CLIB_PREFETCH (p2->data, CLIB_CACHE_LINE_BYTES, STORE); - CLIB_PREFETCH (p3->data, CLIB_CACHE_LINE_BYTES, STORE); - } - - /* speculatively enqueue b0 and b1 to the current next frame */ - /* bi is "buffer index", b is pointer to the buffer */ - to_next[0] = bi0 = from[0]; - to_next[1] = bi1 = from[1]; - from += 2; - to_next += 2; - n_left_from -= 2; - n_left_to_next -= 2; - - b0 = vlib_get_buffer (vm, bi0); - b1 = vlib_get_buffer (vm, bi1); - - /* TX interface handles */ - sw_if_index0 = vnet_buffer (b0)->sw_if_index[VLIB_TX]; - sw_if_index1 = vnet_buffer (b1)->sw_if_index[VLIB_TX]; - - if (PREDICT_FALSE ((node->flags & VLIB_NODE_FLAG_TRACE))) - { - if (b0->flags & VLIB_BUFFER_IS_TRACED) - { - l2_outacl_trace_t *t = - vlib_add_trace (vm, node, b0, sizeof (*t)); - t->sw_if_index = sw_if_index0; - t->next_index = next0; - clib_memcpy (t->src, h0->src_address, 6); - clib_memcpy (t->dst, h0->dst_address, 6); - } - if (b1->flags & VLIB_BUFFER_IS_TRACED) - { - l2_outacl_trace_t *t = - vlib_add_trace (vm, node, b1, sizeof (*t)); - t->sw_if_index = sw_if_index1; - t->next_index = next1; - clib_memcpy (t->src, h1->src_address, 6); - clib_memcpy (t->dst, h1->dst_address, 6); - } - } - - em->counters[node_counter_base_index + L2_OUTACL_ERROR_L2_OUTACL] += - 2; - - /* add core loop code here */ - - /* verify speculative enqueues, maybe switch current next frame */ - /* if next0==next1==next_index then nothing special needs to be done */ - vlib_validate_buffer_enqueue_x2 (vm, node, next_index, - to_next, n_left_to_next, - bi0, bi1, next0, next1); - } - - while (n_left_from > 0 && n_left_to_next > 0) - { - u32 bi0; - vlib_buffer_t *b0; - u32 next0; - u32 sw_if_index0; - ethernet_header_t *h0; - - /* speculatively enqueue b0 to the current next frame */ - bi0 = from[0]; - to_next[0] = bi0; - from += 1; - to_next += 1; - n_left_from -= 1; - n_left_to_next -= 1; - - b0 = vlib_get_buffer (vm, bi0); - h0 = vlib_buffer_get_current (b0); - - sw_if_index0 = vnet_buffer (b0)->sw_if_index[VLIB_TX]; - - if (PREDICT_FALSE ((node->flags & VLIB_NODE_FLAG_TRACE) - && (b0->flags & VLIB_BUFFER_IS_TRACED))) - { - l2_outacl_trace_t *t = - vlib_add_trace (vm, node, b0, sizeof (*t)); - t->sw_if_index = sw_if_index0; - clib_memcpy (t->src, h0->src_address, 6); - clib_memcpy (t->dst, h0->dst_address, 6); - } - - em->counters[node_counter_base_index + L2_OUTACL_ERROR_L2_OUTACL] += - 1; - - /* - * L2_OUTACL code - * Dummy for now, just go to next feature node - */ - - /* Determine next node */ - next0 = vnet_l2_feature_next (b0, msm->l2_out_feat_next, - L2OUTPUT_FEAT_ACL); - - /* verify speculative enqueue, maybe switch current next frame */ - vlib_validate_buffer_enqueue_x1 (vm, node, next_index, - to_next, n_left_to_next, - bi0, next0); - } - - vlib_put_next_frame (vm, node, next_index, n_left_to_next); - } - - return frame->n_vectors; -} - - -/* *INDENT-OFF* */ -VLIB_REGISTER_NODE (l2_outacl_node,static) = { - .function = l2_outacl_node_fn, - .name = "l2-output-acl", - .vector_size = sizeof (u32), - .format_trace = format_l2_outacl_trace, - .type = VLIB_NODE_TYPE_INTERNAL, - - .n_errors = ARRAY_LEN(l2_outacl_error_strings), - .error_strings = l2_outacl_error_strings, - - .n_next_nodes = L2_OUTACL_N_NEXT, - - /* edit / add dispositions here */ - .next_nodes = { - [L2_OUTACL_NEXT_DROP] = "error-drop", - }, -}; -/* *INDENT-ON* */ - -VLIB_NODE_FUNCTION_MULTIARCH (l2_outacl_node, l2_outacl_node_fn) - clib_error_t *l2_outacl_init (vlib_main_t * vm) -{ - l2_outacl_main_t *mp = &l2_outacl_main; - - mp->vlib_main = vm; - mp->vnet_main = vnet_get_main (); - - /* Initialize the feature next-node indexes */ - feat_bitmap_init_next_nodes (vm, - l2_outacl_node.index, - L2OUTPUT_N_FEAT, - l2output_get_feat_names (), - mp->l2_out_feat_next); - - return 0; -} - -VLIB_INIT_FUNCTION (l2_outacl_init); - -#if 0 -/** @todo maybe someone will add output ACL's in the future. - * Set subinterface outacl enable/disable. - * The CLI format is: - * set interface acl output <interface> [disable] - */ -static clib_error_t * -int_l2_outacl (vlib_main_t * vm, - unformat_input_t * input, vlib_cli_command_t * cmd) -{ - vnet_main_t *vnm = vnet_get_main (); - clib_error_t *error = 0; - u32 sw_if_index; - u32 enable; - - if (!unformat_user (input, unformat_vnet_sw_interface, vnm, &sw_if_index)) - { - error = clib_error_return (0, "unknown interface `%U'", - format_unformat_error, input); - goto done; - } - - enable = 1; - if (unformat (input, "disable")) - { - enable = 0; - } - - /* set the interface flag */ - l2output_intf_bitmap_enable (sw_if_index, L2OUTPUT_FEAT_ACL, enable); - -done: - return error; -} - -/* *INDENT-OFF* */ -VLIB_CLI_COMMAND (int_l2_outacl_cli, static) = { - .path = "set interface acl output", - .short_help = "set interface acl output <interface> [disable]", - .function = int_l2_outacl, -}; -/* *INDENT-ON* */ -#endif - -/* - * fd.io coding-style-patch-verification: ON - * - * Local Variables: - * eval: (c-set-style "gnu") - * End: - */ |