From 492a5d0bd79c3c0913f1b8fb4ad35d9ad23d821b Mon Sep 17 00:00:00 2001 From: Ole Trøan Date: Thu, 26 Mar 2020 18:08:35 +0000 Subject: acl: revert acl: api cleanup This reverts commit aad1ee149403994194cf37cef4530b042ba7df3a. Reason for revert: Verify failure. Doesn't build. Type: fix Change-Id: I91b1b26ac43edde4853e4561a0083d0b3a06efee Signed-off-by: Ole Troan --- src/plugins/acl/acl_types.api | 49 +++++++++++++++++++++++-------------------- 1 file changed, 26 insertions(+), 23 deletions(-) (limited to 'src/plugins/acl/acl_types.api') diff --git a/src/plugins/acl/acl_types.api b/src/plugins/acl/acl_types.api index 6c796951c4d..fb58f8851c8 100644 --- a/src/plugins/acl/acl_types.api +++ b/src/plugins/acl/acl_types.api @@ -15,20 +15,14 @@ * limitations under the License. */ -import "vnet/ip/ip_types.api"; -import "vnet/ethernet/ethernet_types.api"; - -enum acl_action : u8 -{ - ACL_ACTION_API_DENY = 0, - ACL_ACTION_API_PERMIT = 1, - ACL_ACTION_API_PERMIT_REFLECT = 2, -}; - + /** \brief Access List Rule entry @param is_permit - deny (0), permit (1), or permit+reflect(2) action on this rule. - @param src_prefix - Source prefix - @param dst_prefix - Destination prefix + @param is_ipv6 - IP addresses in this rule are IPv6 (1) or IPv4 (0) + @param src_ip_addr - Source prefix value + @param src_ip_prefix_len - Source prefix length + @param dst_ip_addr - Destination prefix value + @param dst_ip_prefix_len - Destination prefix length @param proto - L4 protocol (http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml) @param srcport_or_icmptype_first - beginning of source port or ICMP4/6 type range @param srcport_or_icmptype_last - end of source port or ICMP4/6 type range @@ -40,14 +34,17 @@ enum acl_action : u8 typedef acl_rule { - vl_api_acl_action_t is_permit; - vl_api_prefix_t src_prefix; - vl_api_prefix_t dst_prefix; + u8 is_permit; + u8 is_ipv6; + u8 src_ip_addr[16]; + u8 src_ip_prefix_len; + u8 dst_ip_addr[16]; + u8 dst_ip_prefix_len; /* * L4 protocol. IANA number. 1 = ICMP, 58 = ICMPv6, 6 = TCP, 17 = UDP. * 0 => ignore L4 and ignore the ports/tcpflags when matching. */ - vl_api_ip_proto_t proto; + u8 proto; /* * If the L4 protocol is TCP or UDP, the below * hold ranges of ports, else if the L4 is ICMP/ICMPv6 @@ -73,24 +70,30 @@ typedef acl_rule /** \brief MACIP Access List Rule entry @param is_permit - deny (0), permit (1) action on this rule. + @param is_ipv6 - IP addresses in this rule are IPv6 (1) or IPv4 (0) @param src_mac - match masked source MAC address against this value @param src_mac_mask - AND source MAC address with this value before matching - @param src_prefix - Source prefix value + @param src_ip_addr - Source prefix value + @param src_ip_prefix_len - Source prefix length */ typedef macip_acl_rule { - vl_api_acl_action_t is_permit; + u8 is_permit; + u8 is_ipv6; /* * The source mac of the packet ANDed with src_mac_mask. * The source ip[46] address in the packet is matched - * against src_prefix set to 0. + * against src_ip_addr, with src_ip_prefix_len set to 0. * * For better performance, minimize the number of - * (src_mac_mask, src_prefix.len) combinations + * (src_mac_mask, src_ip_prefix_len) combinations * in a MACIP ACL. */ - vl_api_mac_address_t src_mac; - vl_api_mac_address_t src_mac_mask; - vl_api_prefix_t src_prefix; + u8 src_mac[6]; + u8 src_mac_mask[6]; + u8 src_ip_addr[16]; + u8 src_ip_prefix_len; }; + + -- cgit 1.2.3-korg