aboutsummaryrefslogtreecommitdiffstats
path: root/src/plugins/acl/manual_fns.h
AgeCommit message (Collapse)AuthorFilesLines
2018-02-08acl-plugin: add whitelisted ethertype mode (VPP-1163)Andrew Yourtchenko1-0/+24
Currently, ACL plugin largely does not care about the ethertypes other than 0x0800 (IPv4) and 0x86dd (IPv6), the only exception being 0x0806 (ARP), which is dealt with by the MACIP ACLs. The other ethertypes in L2 mode are just let through. This adds a new API message acl_interface_set_etype_whitelist, which allows to flip the mode of a given interface into "ethertype whitelist mode": the caller of this message must supply the two lists (inbound and outbound) of the ethertypes that are to be permitted, the rest of the ethertypes are dropped. The whitelisting for a given interface and direction takes effect only when a policy ACL is also applied. This operates on the same classifier node as the one used for dispatching the policy ACL, thus, if one wishes for most of the reasonable IPv4 deployments to continue to operate within the whitelist mode, they must permit ARP ethertype (0x0806) The empty list for a given direction resets the processing to allow the unknown ethertypes. So, if one wants to just permit the IPv4 and IPv6 and nothing else, one can add their ethertypes to the whitelist. Add the "show acl-plugin interface" corresponding outputs about the whitelists, vat command, and unittests. Change-Id: I4659978c801f36d554b6615e56e424b77876662c Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2017-09-12ACL-plugin add "replace" semantics for adding a new MacIP aclPavel Kotucek1-0/+42
Change-Id: Ia5c869b2d8b8ad012b9e89fb6720c9c32d9ee065 Signed-off-by: Pavel Kotucek <pkotucek@cisco.com>
2017-06-21acl-plugin: the second and subsequent ACEs incorrect endianness when ↵Andrew Yourtchenko1-4/+22
custom-dump and in VAT (VPP-885) Add the missing function to convert the entire array of rules in the respective _endian functions, rather than just the first rule. Change-Id: Ic057f27ff7ec20150595efca1a48b74e5850f52b Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2017-06-21acl-plugin: fix coverity issue 166801Andrew Yourtchenko1-1/+1
A typo resulted in a value being overwritten and flagged as unused, fix the typo. Change-Id: I512ba94321afb80d12c71ebbb0eec42d9fa6f299 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2017-04-05acl-plugin: fix pretty-printing in "api trace custom-dump" (VPP-683)Andrew Yourtchenko1-0/+348
Change-Id: Id15b401223aabe7dacb7566c871ebefc17fbb1fc Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> (cherry picked from commit 7fd3f513c7df198c45204eba0a3e9a3abe509593)