diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/plugins/acl.am | 4 | ||||
-rw-r--r-- | src/plugins/acl/acl.api | 22 | ||||
-rw-r--r-- | src/plugins/acl/acl.c | 2 | ||||
-rw-r--r-- | src/plugins/acl/acl_all_api_h.h | 302 | ||||
-rw-r--r-- | src/plugins/acl/acl_test.c | 30 | ||||
-rw-r--r-- | src/plugins/acl/manual_fns.h | 348 |
6 files changed, 391 insertions, 317 deletions
diff --git a/src/plugins/acl.am b/src/plugins/acl.am index 03328f6d007..524d906491e 100644 --- a/src/plugins/acl.am +++ b/src/plugins/acl.am @@ -22,6 +22,7 @@ acl_plugin_la_SOURCES = \ acl/l2sess.c \ acl/l2sess_node.c \ acl/l2sess.h \ + acl/manual_fns.h \ acl/acl_plugin.api.h API_FILES += acl/acl.api @@ -29,8 +30,9 @@ API_FILES += acl/acl.api nobase_apiinclude_HEADERS += \ acl/acl_all_api_h.h \ acl/acl_msg_enum.h \ + acl/manual_fns.h \ acl/acl.api.h -acl_test_plugin_la_SOURCES = acl/acl_test.c acl/acl_plugin.api.h +acl_test_plugin_la_SOURCES = acl/acl_test.c acl/acl_plugin.api.h acl/acl_all_api.h # vi:syntax=automake diff --git a/src/plugins/acl/acl.api b/src/plugins/acl/acl.api index 58a5a17180e..d981338d38c 100644 --- a/src/plugins/acl/acl.api +++ b/src/plugins/acl/acl.api @@ -60,7 +60,7 @@ define acl_plugin_get_version_reply @param tcp_flags_value - if proto==6, mask to AND the TCP flags in the packet with */ -typeonly manual_print manual_endian define acl_rule +typeonly manual_print define acl_rule { u8 is_permit; u8 is_ipv6; @@ -104,7 +104,7 @@ typeonly manual_print manual_endian define acl_rule @param src_ip_prefix_len - Source prefix length */ -typeonly manual_print manual_endian define macip_acl_rule +typeonly manual_print define macip_acl_rule { u8 is_permit; u8 is_ipv6; @@ -161,7 +161,7 @@ define acl_add_replace_reply @param acl_index - ACL index to delete */ -define acl_del +manual_print define acl_del { u32 client_index; u32 context; @@ -190,7 +190,7 @@ define acl_del_reply @param acl_index - index of ACL for the operation */ -define acl_interface_add_del +manual_print define acl_interface_add_del { u32 client_index; u32 context; @@ -224,7 +224,7 @@ define acl_interface_add_del_reply @param acls - vector of ACL indices */ -manual_endian define acl_interface_set_acl_list +manual_print define acl_interface_set_acl_list { u32 client_index; u32 context; @@ -266,7 +266,7 @@ define acl_dump @param r - Array of rules within this ACL */ -manual_print manual_endian define acl_details +manual_endian manual_print define acl_details { u32 context; u32 acl_index; @@ -296,7 +296,7 @@ define acl_interface_list_dump @param acls - the vector of ACL indices */ -manual_endian define acl_interface_list_details +define acl_interface_list_details { u32 context; u32 sw_if_index; @@ -313,7 +313,7 @@ manual_endian define acl_interface_list_details @param r - vector of MACIP ACL rules */ -manual_print manual_endian define macip_acl_add +manual_endian manual_print define macip_acl_add { u32 client_index; u32 context; @@ -341,7 +341,7 @@ define macip_acl_add_reply @param acl_index - MACIP ACL index to delete */ -define macip_acl_del +manual_print define macip_acl_del { u32 client_index; u32 context; @@ -367,7 +367,7 @@ define macip_acl_del_reply @param acl_index - MACIP ACL index */ -define macip_acl_interface_add_del +manual_print define macip_acl_interface_add_del { u32 client_index; u32 context; @@ -409,7 +409,7 @@ define macip_acl_dump @param r - rules comprising this ACL */ -manual_print manual_endian define macip_acl_details +manual_endian manual_print define macip_acl_details { u32 context; u32 acl_index; diff --git a/src/plugins/acl/acl.c b/src/plugins/acl/acl.c index 9bec2d5ed3b..98c74b9b358 100644 --- a/src/plugins/acl/acl.c +++ b/src/plugins/acl/acl.c @@ -1767,8 +1767,6 @@ vl_api_macip_acl_interface_get_t_handler (vl_api_macip_acl_interface_get_t * vl_msg_api_send_shmem (q, (u8 *) & rmp); } - - /* Set up the API message handling tables */ static clib_error_t * acl_plugin_api_hookup (vlib_main_t * vm) diff --git a/src/plugins/acl/acl_all_api_h.h b/src/plugins/acl/acl_all_api_h.h index 96eca56d31c..cb781cfd286 100644 --- a/src/plugins/acl/acl_all_api_h.h +++ b/src/plugins/acl/acl_all_api_h.h @@ -16,306 +16,6 @@ #include <acl/acl.api.h> #ifdef vl_printfun - -#ifdef LP64 -#define _uword_fmt "%lld" -#define _uword_cast (long long) -#else -#define _uword_fmt "%ld" -#define _uword_cast long +#include <acl/manual_fns.h> #endif -static inline void * -vl_api_acl_rule_t_print (vl_api_acl_rule_t * a, void *handle) -{ - vl_print (handle, "vl_api_acl_rule_t:\n"); - vl_print (handle, "is_permit: %u\n", (unsigned) a->is_permit); - vl_print (handle, "is_ipv6: %u\n", (unsigned) a->is_ipv6); - { - int _i; - for (_i = 0; _i < 16; _i++) - { - vl_print (handle, "src_ip_addr[%d]: %u\n", _i, a->src_ip_addr[_i]); - } - } - vl_print (handle, "src_ip_prefix_len: %u\n", - (unsigned) a->src_ip_prefix_len); - { - int _i; - for (_i = 0; _i < 16; _i++) - { - vl_print (handle, "dst_ip_addr[%d]: %u\n", _i, a->dst_ip_addr[_i]); - } - } - vl_print (handle, "dst_ip_prefix_len: %u\n", - (unsigned) a->dst_ip_prefix_len); - vl_print (handle, "proto: %u\n", (unsigned) a->proto); - vl_print (handle, "srcport_or_icmptype_first: %u\n", - (unsigned) a->srcport_or_icmptype_first); - vl_print (handle, "srcport_or_icmptype_last: %u\n", - (unsigned) a->srcport_or_icmptype_last); - vl_print (handle, "dstport_or_icmpcode_first: %u\n", - (unsigned) a->dstport_or_icmpcode_first); - vl_print (handle, "dstport_or_icmpcode_last: %u\n", - (unsigned) a->dstport_or_icmpcode_last); - vl_print (handle, "tcp_flags_mask: %u\n", (unsigned) a->tcp_flags_mask); - vl_print (handle, "tcp_flags_value: %u\n", (unsigned) a->tcp_flags_value); - return handle; -} - -static inline void * -vl_api_acl_add_replace_t_print (vl_api_acl_add_replace_t * a, void *handle) -{ - int i; - vl_print (handle, "vl_api_acl_add_replace_t:\n"); - vl_print (handle, "_vl_msg_id: %u\n", (unsigned) a->_vl_msg_id); - vl_print (handle, "client_index: %u\n", (unsigned) a->client_index); - vl_print (handle, "context: %u\n", (unsigned) a->context); - vl_print (handle, "acl_index: %u\n", (unsigned) a->acl_index); - vl_print (handle, "count: %u\n", (unsigned) a->count); - vl_print (handle, "r ----- \n"); - for (i = 0; i < a->count; i++) - { - vl_print (handle, " r[%d]:\n", i); - vl_api_acl_rule_t_print (&a->r[i], handle); - } - vl_print (handle, "r ----- END \n"); - return handle; -} - - -static inline void *vl_api_acl_details_t_print (vl_api_acl_details_t *a,void *handle) -{ - vl_print(handle, "vl_api_acl_details_t:\n"); - vl_print(handle, "_vl_msg_id: %u\n", (unsigned) a->_vl_msg_id); - vl_print(handle, "context: %u\n", (unsigned) a->context); - vl_print(handle, "acl_index: %u\n", (unsigned) a->acl_index); - { - int _i; - for (_i = 0; _i < 64; _i++) { - vl_print(handle, "tag[%d]: %u\n", _i, a->tag[_i]); - } - } - vl_print(handle, "count: %u\n", (unsigned) a->count); - vl_print(handle, "r ----- \n"); - // FIXME vl_api_acl_rule_t_print(&a->r, handle); - vl_print(handle, "r ----- END \n"); - return handle; -} - -static inline void * -vl_api_macip_acl_rule_t_print (vl_api_macip_acl_rule_t * a, void *handle) -{ - vl_print (handle, "vl_api_macip_acl_rule_t:\n"); - vl_print (handle, "is_permit: %u\n", (unsigned) a->is_permit); - vl_print (handle, "is_ipv6: %u\n", (unsigned) a->is_ipv6); - { - int _i; - for (_i = 0; _i < 6; _i++) - { - vl_print (handle, "src_mac[%d]: %u\n", _i, a->src_mac[_i]); - } - } - { - int _i; - for (_i = 0; _i < 6; _i++) - { - vl_print (handle, "src_mac_mask[%d]: %u\n", _i, a->src_mac_mask[_i]); - } - } - { - int _i; - for (_i = 0; _i < 16; _i++) - { - vl_print (handle, "src_ip_addr[%d]: %u\n", _i, a->src_ip_addr[_i]); - } - } - vl_print (handle, "src_ip_prefix_len: %u\n", - (unsigned) a->src_ip_prefix_len); - return handle; -} - -static inline void * -vl_api_macip_acl_add_t_print (vl_api_macip_acl_add_t * a, void *handle) -{ - int i; - vl_print (handle, "vl_api_macip_acl_add_t:\n"); - vl_print (handle, "_vl_msg_id: %u\n", (unsigned) a->_vl_msg_id); - vl_print (handle, "client_index: %u\n", (unsigned) a->client_index); - vl_print (handle, "context: %u\n", (unsigned) a->context); - vl_print (handle, "count: %u\n", (unsigned) a->count); - vl_print (handle, "r ----- \n"); - for (i = 0; i < a->count; i++) - { - vl_print (handle, " r[%d]:\n", i); - vl_api_macip_acl_rule_t_print (&a->r[i], handle); - } - vl_print (handle, "r ----- END \n"); - return handle; -} - -static inline void *vl_api_macip_acl_details_t_print (vl_api_macip_acl_details_t *a,void *handle) -{ - int i; - vl_print(handle, "vl_api_macip_acl_details_t:\n"); - vl_print(handle, "_vl_msg_id: %u\n", (unsigned) a->_vl_msg_id); - vl_print(handle, "context: %u\n", (unsigned) a->context); - vl_print(handle, "acl_index: %u\n", (unsigned) a->acl_index); - { - int _i; - for (_i = 0; _i < 64; _i++) { - vl_print(handle, "tag[%d]: %u\n", _i, a->tag[_i]); - } - } - vl_print(handle, "count: %u\n", (unsigned) a->count); - vl_print(handle, "r ----- \n"); - for (i = 0; i < a->count; i++) - { - vl_print (handle, " r[%d]:\n", i); - vl_api_macip_acl_rule_t_print (&a->r[i], handle); - } - vl_print(handle, "r ----- END \n"); - return handle; -} - -#endif /* vl_printfun */ - - -#ifdef vl_endianfun - -#undef clib_net_to_host_uword -#ifdef LP64 -#define clib_net_to_host_uword clib_net_to_host_u64 -#else -#define clib_net_to_host_uword clib_net_to_host_u32 -#endif - -/* - * Manual endian/print functions created by copypasting the automatically - * generated ones with small required adjustments. Appears the codegen - * can't make code to print the contents of custom-type array. - */ - -static inline void -vl_api_acl_rule_t_endian (vl_api_acl_rule_t * a) -{ - /* a->is_permit = a->is_permit (no-op) */ - /* a->is_ipv6 = a->is_ipv6 (no-op) */ - /* a->src_ip_addr[0..15] = a->src_ip_addr[0..15] (no-op) */ - /* a->src_ip_prefix_len = a->src_ip_prefix_len (no-op) */ - /* a->dst_ip_addr[0..15] = a->dst_ip_addr[0..15] (no-op) */ - /* a->dst_ip_prefix_len = a->dst_ip_prefix_len (no-op) */ - /* a->proto = a->proto (no-op) */ - a->srcport_or_icmptype_first = - clib_net_to_host_u16 (a->srcport_or_icmptype_first); - a->srcport_or_icmptype_last = - clib_net_to_host_u16 (a->srcport_or_icmptype_last); - a->dstport_or_icmpcode_first = - clib_net_to_host_u16 (a->dstport_or_icmpcode_first); - a->dstport_or_icmpcode_last = - clib_net_to_host_u16 (a->dstport_or_icmpcode_last); - /* a->tcp_flags_mask = a->tcp_flags_mask (no-op) */ - /* a->tcp_flags_value = a->tcp_flags_value (no-op) */ -} - -static inline void -vl_api_acl_add_replace_t_endian (vl_api_acl_add_replace_t * a) -{ - int i; - a->_vl_msg_id = clib_net_to_host_u16 (a->_vl_msg_id); - a->client_index = clib_net_to_host_u32 (a->client_index); - a->context = clib_net_to_host_u32 (a->context); - a->acl_index = clib_net_to_host_u32 (a->acl_index); - a->count = clib_net_to_host_u32 (a->count); - for (i = 0; i < a->count; i++) - { - vl_api_acl_rule_t_endian (&a->r[i]); - } -} - -static inline void vl_api_acl_details_t_endian (vl_api_acl_details_t *a) -{ - int i; - a->_vl_msg_id = clib_net_to_host_u16(a->_vl_msg_id); - a->context = clib_net_to_host_u32(a->context); - a->acl_index = clib_net_to_host_u32(a->acl_index); - /* a->tag[0..63] = a->tag[0..63] (no-op) */ - a->count = clib_net_to_host_u32(a->count); - for (i = 0; i < a->count; i++) - { - vl_api_acl_rule_t_endian (&a->r[i]); - } -} - -static inline void vl_api_acl_interface_list_details_t_endian (vl_api_acl_interface_list_details_t *a) -{ - int i; - a->_vl_msg_id = clib_net_to_host_u16(a->_vl_msg_id); - a->context = clib_net_to_host_u32(a->context); - a->sw_if_index = clib_net_to_host_u32(a->sw_if_index); - /* a->count = a->count (no-op) */ - /* a->n_input = a->n_input (no-op) */ - for(i=0; i<a->count; i++) { - a->acls[i] = clib_net_to_host_u32(a->acls[i]); - } -} - -static inline void vl_api_acl_interface_set_acl_list_t_endian (vl_api_acl_interface_set_acl_list_t *a) -{ - int i; - a->_vl_msg_id = clib_net_to_host_u16(a->_vl_msg_id); - a->client_index = clib_net_to_host_u32(a->client_index); - a->context = clib_net_to_host_u32(a->context); - a->sw_if_index = clib_net_to_host_u32(a->sw_if_index); - /* a->count = a->count (no-op) */ - /* a->n_input = a->n_input (no-op) */ - for(i=0; i<a->count; i++) { - a->acls[i] = clib_net_to_host_u32(a->acls[i]); - } -} - -static inline void -vl_api_macip_acl_rule_t_endian (vl_api_macip_acl_rule_t * a) -{ - /* a->is_permit = a->is_permit (no-op) */ - /* a->is_ipv6 = a->is_ipv6 (no-op) */ - /* a->src_mac[0..5] = a->src_mac[0..5] (no-op) */ - /* a->src_mac_mask[0..5] = a->src_mac_mask[0..5] (no-op) */ - /* a->src_ip_addr[0..15] = a->src_ip_addr[0..15] (no-op) */ - /* a->src_ip_prefix_len = a->src_ip_prefix_len (no-op) */ -} - -static inline void -vl_api_macip_acl_add_t_endian (vl_api_macip_acl_add_t * a) -{ - int i; - a->_vl_msg_id = clib_net_to_host_u16 (a->_vl_msg_id); - a->client_index = clib_net_to_host_u32 (a->client_index); - a->context = clib_net_to_host_u32 (a->context); - a->count = clib_net_to_host_u32 (a->count); - for (i = 0; i < a->count; i++) - { - vl_api_macip_acl_rule_t_endian (&a->r[i]); - } -} - -static inline void vl_api_macip_acl_details_t_endian (vl_api_macip_acl_details_t *a) -{ - int i; - a->_vl_msg_id = clib_net_to_host_u16(a->_vl_msg_id); - a->context = clib_net_to_host_u32(a->context); - a->acl_index = clib_net_to_host_u32(a->acl_index); - /* a->tag[0..63] = a->tag[0..63] (no-op) */ - a->count = clib_net_to_host_u32(a->count); - for (i = 0; i < a->count; i++) - { - vl_api_macip_acl_rule_t_endian (&a->r[i]); - } -} - - - - -#endif /* vl_printfun */ - - diff --git a/src/plugins/acl/acl_test.c b/src/plugins/acl/acl_test.c index 23dc6bc0c84..bec06fda6a7 100644 --- a/src/plugins/acl/acl_test.c +++ b/src/plugins/acl/acl_test.c @@ -164,14 +164,14 @@ vl_api_acl_rule_t_pretty_format (u8 *out, vl_api_acl_rule_t * a) inet_ntop(af, a->src_ip_addr, (void *)src, sizeof(src)); inet_ntop(af, a->dst_ip_addr, (void *)dst, sizeof(dst)); - out = format(out, "%s action %d src %s/%d dst %s/%d proto %d sport %d-%d dport %d-%d tcpflags %d %d", + out = format(out, "%s action %d src %s/%d dst %s/%d proto %d sport %d-%d dport %d-%d tcpflags %d mask %d", a->is_ipv6 ? "ipv6" : "ipv4", a->is_permit, src, a->src_ip_prefix_len, dst, a->dst_ip_prefix_len, a->proto, a->srcport_or_icmptype_first, a->srcport_or_icmptype_last, a->dstport_or_icmpcode_first, a->dstport_or_icmpcode_last, - a->tcp_flags_mask, a->tcp_flags_value); + a->tcp_flags_value, a->tcp_flags_mask); return(out); } @@ -326,6 +326,7 @@ static int api_acl_add_replace (vat_main_t * vam) vl_api_acl_rule_t *rules = 0; int rule_idx = 0; int n_rules = 0; + int n_rules_override = -1; u32 proto = 0; u32 port1 = 0; u32 port2 = 0; @@ -363,6 +364,10 @@ static int api_acl_add_replace (vat_main_t * vam) vec_validate_acl_rules(rules, rule_idx); rules[rule_idx].is_permit = 1; } + else if (unformat (i, "count %d", &n_rules_override)) + { + /* we will use this later */ + } else if (unformat (i, "action %d", &action)) { vec_validate_acl_rules(rules, rule_idx); @@ -430,6 +435,12 @@ static int api_acl_add_replace (vat_main_t * vam) rules[rule_idx].tcp_flags_value = tcpflags; rules[rule_idx].tcp_flags_mask = tcpmask; } + else if (unformat (i, "tcpflags %d mask %d", &tcpflags, &tcpmask)) + { + vec_validate_acl_rules(rules, rule_idx); + rules[rule_idx].tcp_flags_value = tcpflags; + rules[rule_idx].tcp_flags_mask = tcpmask; + } else if (unformat (i, "proto %d", &proto)) { vec_validate_acl_rules(rules, rule_idx); @@ -455,6 +466,9 @@ static int api_acl_add_replace (vat_main_t * vam) else n_rules = 0; + if (n_rules_override >= 0) + n_rules = n_rules_override; + msg_size += n_rules*sizeof(rules[0]); mp = vl_msg_api_alloc_as_if_client(msg_size); @@ -812,6 +826,7 @@ static int api_macip_acl_add (vat_main_t * vam) vl_api_macip_acl_rule_t *rules = 0; int rule_idx = 0; int n_rules = 0; + int n_rules_override = -1; u32 src_prefix_length = 0; u32 action = 0; ip4_address_t src_v4address; @@ -843,6 +858,10 @@ static int api_macip_acl_add (vat_main_t * vam) vec_validate_macip_acl_rules(rules, rule_idx); rules[rule_idx].is_permit = 0; } + else if (unformat (i, "count %d", &n_rules_override)) + { + /* we will use this later */ + } else if (unformat (i, "action %d", &action)) { vec_validate_macip_acl_rules(rules, rule_idx); @@ -856,6 +875,10 @@ static int api_macip_acl_add (vat_main_t * vam) rules[rule_idx].src_ip_prefix_len = src_prefix_length; rules[rule_idx].is_ipv6 = 0; } + else if (unformat (i, "src")) + { + /* Everything in MACIP is "source" but allow this verbosity */ + } else if (unformat (i, "ip %U/%d", unformat_ip6_address, &src_v6address, &src_prefix_length)) { @@ -897,6 +920,9 @@ static int api_macip_acl_add (vat_main_t * vam) else n_rules = 0; + if (n_rules_override >= 0) + n_rules = n_rules_override; + msg_size += n_rules*sizeof(rules[0]); mp = vl_msg_api_alloc_as_if_client(msg_size); diff --git a/src/plugins/acl/manual_fns.h b/src/plugins/acl/manual_fns.h new file mode 100644 index 00000000000..cf9c3abc386 --- /dev/null +++ b/src/plugins/acl/manual_fns.h @@ -0,0 +1,348 @@ +/* + * Copyright (c) 2016 Cisco and/or its affiliates. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef included_manual_fns_h +#define included_manual_fns_h + +#include <vnet/ip/format.h> +#include <vnet/ethernet/ethernet.h> + +/* Macro to finish up custom dump fns */ +#define PRINT_S \ + vec_add1 (s, 0); \ + vl_print (handle, (char *)s); \ + vec_free (s); + +static inline void +vl_api_acl_details_t_endian (vl_api_acl_details_t * a) +{ + a->_vl_msg_id = clib_net_to_host_u16 (a->_vl_msg_id); + a->context = clib_net_to_host_u32 (a->context); + a->acl_index = clib_net_to_host_u32 (a->acl_index); + /* a->tag[0..63] = a->tag[0..63] (no-op) */ + a->count = clib_net_to_host_u32 (a->count); + vl_api_acl_rule_t_endian (a->r); +} + +static inline void +vl_api_macip_acl_details_t_endian (vl_api_macip_acl_details_t * a) +{ + a->_vl_msg_id = clib_net_to_host_u16 (a->_vl_msg_id); + a->context = clib_net_to_host_u32 (a->context); + a->acl_index = clib_net_to_host_u32 (a->acl_index); + /* a->tag[0..63] = a->tag[0..63] (no-op) */ + a->count = clib_net_to_host_u32 (a->count); + vl_api_macip_acl_rule_t_endian (a->r); +} + + +static inline void +vl_api_acl_add_replace_t_endian (vl_api_acl_add_replace_t * a) +{ + a->_vl_msg_id = clib_net_to_host_u16 (a->_vl_msg_id); + a->client_index = clib_net_to_host_u32 (a->client_index); + a->context = clib_net_to_host_u32 (a->context); + a->acl_index = clib_net_to_host_u32 (a->acl_index); + /* a->tag[0..63] = a->tag[0..63] (no-op) */ + a->count = clib_net_to_host_u32 (a->count); + vl_api_acl_rule_t_endian (a->r); +} + +static inline void +vl_api_macip_acl_add_t_endian (vl_api_macip_acl_add_t * a) +{ + a->_vl_msg_id = clib_net_to_host_u16 (a->_vl_msg_id); + a->client_index = clib_net_to_host_u32 (a->client_index); + a->context = clib_net_to_host_u32 (a->context); + /* a->tag[0..63] = a->tag[0..63] (no-op) */ + a->count = clib_net_to_host_u32 (a->count); + vl_api_macip_acl_rule_t_endian (a->r); +} + +static inline u8 * +format_acl_action(u8 *s, u8 action) +{ + switch(action) { + case 0: + s = format (s, "deny"); + break; + case 1: + s = format (s, "permit"); + break; + case 2: + s = format (s, "permit+reflect"); + break; + default: + s = format (s, "action %d", action); + } + return(s); +} + +static inline void * +vl_api_acl_rule_t_print (vl_api_acl_rule_t * a, void *handle) +{ + u8 *s; + + s = format (0, " %s ", a->is_ipv6 ? "ipv6" : "ipv4"); + s = format_acl_action (s, a->is_permit); + s = format (s, " \\\n"); + + if (a->is_ipv6) + s = format (s, " src %U/%d dst %U/%d \\\n", + format_ip6_address, a->src_ip_addr, a->src_ip_prefix_len, + format_ip6_address, a->dst_ip_addr, a->dst_ip_prefix_len); + else + s = format (s, " src %U/%d dst %U/%d \\\n", + format_ip4_address, a->src_ip_addr, a->src_ip_prefix_len, + format_ip4_address, a->dst_ip_addr, a->dst_ip_prefix_len); + s = format (s, " proto %d \\\n", a->proto); + s = format (s, " sport %d-%d dport %d-%d \\\n", + clib_net_to_host_u16 (a->srcport_or_icmptype_first), + clib_net_to_host_u16 (a->srcport_or_icmptype_last), + clib_net_to_host_u16 (a->dstport_or_icmpcode_first), + clib_net_to_host_u16 (a->dstport_or_icmpcode_last)); + + s = format (s, " tcpflags %u mask %u, \\", + a->tcp_flags_value, a->tcp_flags_mask); + PRINT_S; + return handle; +} + + + +static inline void * +vl_api_macip_acl_rule_t_print (vl_api_macip_acl_rule_t * a, void *handle) +{ + u8 *s; + + s = format (0, " %s %s \\\n", a->is_ipv6 ? "ipv6" : "ipv4", + a->is_permit ? "permit" : "deny"); + + s = format (s, " src mac %U mask %U \\\n", + format_ethernet_address, a->src_mac, + format_ethernet_address, a->src_mac_mask); + + if (a->is_ipv6) + s = format (s, " src ip %U/%d, \\", + format_ip6_address, a->src_ip_addr, a->src_ip_prefix_len); + else + s = format (s, " src ip %U/%d, \\", + format_ip4_address, a->src_ip_addr, a->src_ip_prefix_len); + + PRINT_S; + return handle; +} + +static inline void * +vl_api_acl_add_replace_t_print (vl_api_acl_add_replace_t * a, void *handle) +{ + u8 *s = 0; + int i; + u32 acl_index = clib_net_to_host_u32 (a->acl_index); + u32 count = clib_net_to_host_u32 (a->count); + if (count > 0x100000) + { + s = format (s, "WARN: acl_add_replace count endianness wrong? Fixup to avoid long loop.\n"); + count = a->count; + } + + s = format (s, "SCRIPT: acl_add_replace %d count %d ", + acl_index, count); + + if (a->tag[0]) + s = format (s, "tag %s ", a->tag); + + s = format(s, "\\\n"); + PRINT_S; + + for (i = 0; i < count; i++) + vl_api_acl_rule_t_print (&a->r[i], handle); + + s = format(s, "\n"); + PRINT_S; + return handle; +} + +static inline void * +vl_api_acl_del_t_print (vl_api_macip_acl_del_t * a, void *handle) +{ + u8 *s; + + s = format (0, "SCRIPT: acl_del %d ", + clib_host_to_net_u32 (a->acl_index)); + + PRINT_S; + return handle; +} + + +static inline void * +vl_api_acl_details_t_print (vl_api_acl_details_t * a, void *handle) +{ + u8 *s = 0; + int i; + u32 acl_index = clib_net_to_host_u32 (a->acl_index); + u32 count = clib_net_to_host_u32 (a->count); + if (count > 0x100000) + { + s = format (s, "WARN: acl_defails count endianness wrong? Fixup to avoid long loop.\n"); + count = a->count; + } + + s = format (s, "acl_details index %d count %d ", + acl_index, count); + + if (a->tag[0]) + s = format (s, "tag %s ", a->tag); + + s = format(s, "\n"); + PRINT_S; + + for (i = 0; i < count; i++) + vl_api_acl_rule_t_print (&a->r[i], handle); + + return handle; +} + +static inline void * +vl_api_macip_acl_details_t_print (vl_api_macip_acl_details_t * a, + void *handle) +{ + u8 *s = 0; + int i; + u32 acl_index = clib_net_to_host_u32 (a->acl_index); + u32 count = clib_net_to_host_u32 (a->count); + if (count > 0x100000) + { + s = format (s, "WARN: macip_acl_defails count endianness wrong? Fixup to avoid long loop.\n"); + count = a->count; + } + + s = format (s, "macip_acl_details index %d count %d ", + acl_index, count); + + if (a->tag[0]) + s = format (s, "tag %s ", a->tag); + + s = format(s, "\n"); + PRINT_S; + + for (i = 0; i < count; i++) + vl_api_macip_acl_rule_t_print (&a->r[i], handle); + + return handle; +} + +static inline void * +vl_api_macip_acl_add_t_print (vl_api_macip_acl_add_t * a, void *handle) +{ + u8 *s = 0; + int i; + u32 count = clib_net_to_host_u32 (a->count); + if (count > 0x100000) + { + s = format (s, "WARN: macip_acl_add count endianness wrong? Fixup to avoid long loop.\n"); + count = a->count; + } + + s = format (0, "SCRIPT: macip_acl_add "); + if (a->tag[0]) + s = format (s, "tag %s ", a->tag); + + s = format (s, "count %d \\\n", count); + + PRINT_S; + + for (i = 0; i < count; i++) + vl_api_macip_acl_rule_t_print (&a->r[i], handle); + + s = format (0, "\n"); + PRINT_S; + + return handle; +} + + +static inline void * +vl_api_acl_interface_set_acl_list_t_print (vl_api_acl_interface_set_acl_list_t + * a, void *handle) +{ + u8 *s; + int i; + + s = format + (0, "SCRIPT: acl_interface_set_acl_list sw_if_index %d count %d\n", + clib_net_to_host_u32 (a->sw_if_index), (u32) a->count); + + s = format (s, " input "); + + for (i = 0; i < a->count; i++) + { + if (i == a->n_input) + s = format (s, "output "); + s = format (s, "%d ", clib_net_to_host_u32 (a->acls[i])); + } + + PRINT_S; + return handle; +} + +static inline void * +vl_api_acl_interface_add_del_t_print (vl_api_acl_interface_add_del_t * a, + void *handle) +{ + u8 *s; + + s = format (0, "SCRIPT: acl_interface_add_del sw_if_index %d acl %d ", + clib_net_to_host_u32 (a->sw_if_index), + clib_net_to_host_u32 (a->acl_index)); + s = format (s, "%s %s", + a->is_input ? "input" : "output", a->is_add ? "add" : "del"); + + PRINT_S; + return handle; +} + +static inline void *vl_api_macip_acl_interface_add_del_t_print + (vl_api_macip_acl_interface_add_del_t * a, void *handle) +{ + u8 *s; + + s = format + (0, + "SCRIPT: macip_acl_interface_add_del sw_if_index %d acl_index %d ", + clib_net_to_host_u32 (a->sw_if_index), + clib_net_to_host_u32 (a->acl_index)); + s = format (s, "%s", a->is_add ? "add" : "del"); + + PRINT_S; + return handle; +} + + +static inline void * +vl_api_macip_acl_del_t_print (vl_api_macip_acl_del_t * a, void *handle) +{ + u8 *s; + + s = format (0, "SCRIPT: macip_acl_del %d ", + clib_host_to_net_u32 (a->acl_index)); + + PRINT_S; + return handle; +} + + +#endif /* included_manual_fns_h */ |