summaryrefslogtreecommitdiffstats
path: root/src/vnet/l2/l2_in_out_acl.c
AgeCommit message (Collapse)AuthorFilesLines
2019-03-12l2: migrate old MULTIARCH macros to VLIB_NODE_FNFilip Tehlar1-15/+16
Change-Id: I8370c06150ce4499475e9d6dc6b3ab8be2016202 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2018-02-26Fix current data offset to use vlib_buffer_get_current in input/output ACLSteve Shin1-5/+5
vlib_buffer_get_current() should be used for current data offset in ACL. This is required for output ACL where packets are decoded through a vxlan tunnel rx node. Change-Id: I6f739f251c3eb0d59ee4ae0da97aa04ddf667468 Signed-off-by: Steve Shin <jonshin@cisco.com>
2018-02-07classifier-based ACL: refactor + add output ACLAndrew Yourtchenko1-0/+537
For implementation of MACIP ACLs enhancement (VPP-1088), an outbound classifier-based ACL would be needed. There was an existing incomplete code for outbound ACLs, it looked almost exact copy of input ACLs, minus the various enhancements, trying to sync that code seemed error-prone and cumbersome to maintain in the longer run. This change refactors the input+output ACLs processing into a unified routine (thus any changes will have effect on both), and also adds the API to set the output interface ACL, with the same format and semantics as the existing input one (except working on output ACL of course). WARNING: IP outbound ACL in L3 mode clobbers the ip.* fields in the vnet_buffer_opaque_t, since the code is using l2_classify.* The net_buffer (p0)->ip.save_rewrite_length is rescued into l2_classify.pad.l2_len, and used to rewind the header in case of drop, so that ipX_drop prints something sensible. Change-Id: I62f814f1e3650e504474a3a5359edb8a0a8836ed Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>