summaryrefslogtreecommitdiffstats
path: root/src/plugins/acl/acl.api
AgeCommit message (Collapse)AuthorFilesLines
2019-07-29api acl: breakout acl_types.api for reuse by othersPaul Vinciguerra1-79/+2
Type: refactor Change-Id: I40518ccddcb78e58f7e6a098c27d9ec53e5a1146 Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
2019-07-24acl: implement countersAndrew Yourtchenko1-0/+12
implement per-acl-number counters in the stats segment. They are created during the ACL creation, the counters are incremented in the dataplane using the new inline function with the extra parameter being the packet size. Counting in shared segment adds a noticeable overhead, so add also an API to turn the counters on. Type: feature Change-Id: I8af7b0c31a3d986b68089eb52452aed45df66c7b Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2018-12-11New api in order to get max entries of connection table is added.Khers1-1/+22
Change-Id: I2f81ec95de55ad2355f82550451ad825c228e5cd Signed-off-by: Khers <s3m2e1.6star@gmail.com>
2018-03-08acl-plugin: add the support for dumping the ethertype whitelist (VPP-1163)Andrew Yourtchenko1-0/+30
The gerrit 10434 which added the support for whitelist model on ethertypes, did not include the support to dump the current state. This patch fills that gap. Change-Id: I3222078ccb1839dc366140fa5f6b8999b2926fd2 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2018-02-08acl-plugin: add whitelisted ethertype mode (VPP-1163)Andrew Yourtchenko1-0/+20
Currently, ACL plugin largely does not care about the ethertypes other than 0x0800 (IPv4) and 0x86dd (IPv6), the only exception being 0x0806 (ARP), which is dealt with by the MACIP ACLs. The other ethertypes in L2 mode are just let through. This adds a new API message acl_interface_set_etype_whitelist, which allows to flip the mode of a given interface into "ethertype whitelist mode": the caller of this message must supply the two lists (inbound and outbound) of the ethertypes that are to be permitted, the rest of the ethertypes are dropped. The whitelisting for a given interface and direction takes effect only when a policy ACL is also applied. This operates on the same classifier node as the one used for dispatching the policy ACL, thus, if one wishes for most of the reasonable IPv4 deployments to continue to operate within the whitelist mode, they must permit ARP ethertype (0x0806) The empty list for a given direction resets the processing to allow the unknown ethertypes. So, if one wants to just permit the IPv4 and IPv6 and nothing else, one can add their ethertypes to the whitelist. Add the "show acl-plugin interface" corresponding outputs about the whitelists, vat command, and unittests. Change-Id: I4659978c801f36d554b6615e56e424b77876662c Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2018-01-23VPPAPIGEN: vppapigen replacement in Python PLY.Ole Troan1-1/+1
This is a version of the VPP API generator in Python PLY. It supports the existing language, and has a plugin architecture for generators. Currently C and JSON are supported. Changes: - vl_api_version to option version = "major.minor.patch" - enum support - Added error checking and reporting - import support (removed the C pre-processor) - services (tying request/reply together) Version: option version = "1.0.0"; Enum: enum colours { RED, BLUE = 50, }; define foo { vl_api_colours_t colours; }; Services: service { rpc foo returns foo_reply; rpc foo_dump returns stream foo_details; rpc want_stats returns want_stats_reply events ip4_counters, ip6_counters; }; Future planned features: - unions - bool, text - array support (including length) - proto3 output plugin - Refactor C/C++ generator as a plugin - Refactor Java generator as a plugin Change-Id: Ifa289966c790e1b1a8e2938a91e69331e3a58bdf Signed-off-by: Ole Troan <ot@cisco.com>
2017-10-09vppapigen: support per-file (major,minor,patch) version stampsDave Barach1-0/+1
Add one of these statements to foo.api: vl_api_version 1.2.3 to generate a version tuple stanza in foo.api.h: /****** Version tuple *****/ vl_api_version_tuple(foo, 1, 2, 3) Change-Id: Ic514439e4677999daa8463a94f948f76b132ff15 Signed-off-by: Dave Barach <dave@barachs.net> Signed-off-by: Ole Troan <ot@cisco.com>
2017-09-12ACL-plugin add "replace" semantics for adding a new MacIP aclPavel Kotucek1-10/+42
Change-Id: Ia5c869b2d8b8ad012b9e89fb6720c9c32d9ee065 Signed-off-by: Pavel Kotucek <pkotucek@cisco.com>
2017-08-08MAC IP ACL interface list dump (as an alternative to the get/reply)Neale Ranns1-0/+27
Change-Id: I2e71aef1aa745e85ad3234b0b708cdc50f335a75 Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
2017-06-07acl-plugin: add a plugin-specific control-ping message api and make the test ↵Andrew Yourtchenko1-0/+24
code use it This fixes the undesirable pause in the dump commands in case there is nothing to dump. Change-Id: I0554556c9e442038aa2a1ed8c88234f21f7fe9b9 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2017-04-25"autoreply" flag: autogenerate standard xxx_reply_t messagesDave Barach1-55/+5
Change-Id: I72298aaae7d172082ece3a8edea4217c11b28d79 Signed-off-by: Dave Barach <dave@barachs.net>
2017-04-05acl-plugin: fix pretty-printing in "api trace custom-dump" (VPP-683)Andrew Yourtchenko1-11/+11
Change-Id: Id15b401223aabe7dacb7566c871ebefc17fbb1fc Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> (cherry picked from commit 7fd3f513c7df198c45204eba0a3e9a3abe509593)
2017-01-01Move java,lua api and remaining plugins to src/Damjan Marion1-0/+444
Change-Id: I1c3b87e886603678368428ae56a6bd3327cbc90d Signed-off-by: Damjan Marion <damarion@cisco.com>