From 378ac0533e5ac8c3121d8f66ba61a8548e55282f Mon Sep 17 00:00:00 2001 From: Steve Shin Date: Wed, 21 Mar 2018 11:35:12 -0700 Subject: acl-plugin: improvement on 'show acl-plugin' CLI - Show interface on which given MACIP ACL is applied - index is added for show acl-plugin macip acl: ex) show acl-plugin macip acl [index N] Change-Id: I3e888c8e3267060fe157dfc1bbe3e65371bd858a Signed-off-by: Steve Shin --- src/plugins/acl/acl.c | 43 ++++++++++++++++++++++++++++++++++--------- src/plugins/acl/acl.h | 3 +++ 2 files changed, 37 insertions(+), 9 deletions(-) (limited to 'src/plugins/acl') diff --git a/src/plugins/acl/acl.c b/src/plugins/acl/acl.c index e1d6da02b75..8543ac6eef2 100644 --- a/src/plugins/acl/acl.c +++ b/src/plugins/acl/acl.c @@ -2111,13 +2111,17 @@ macip_acl_interface_del_acl (acl_main_t * am, u32 sw_if_index) int rv; u32 macip_acl_index; macip_acl_list_t *a; - void *oldheap = acl_set_heap (am); - vec_validate_init_empty (am->macip_acl_by_sw_if_index, sw_if_index, ~0); - clib_mem_set_heap (oldheap); + macip_acl_index = am->macip_acl_by_sw_if_index[sw_if_index]; /* No point in deleting MACIP ACL which is not applied */ if (~0 == macip_acl_index) return VNET_API_ERROR_NO_SUCH_ENTRY; + + void *oldheap = acl_set_heap (am); + vec_validate_init_empty (am->macip_acl_by_sw_if_index, sw_if_index, ~0); + vec_validate_init_empty (am->sw_if_index_vec_by_macip_acl, macip_acl_index, + ~0); + clib_mem_set_heap (oldheap); a = pool_elt_at_index (am->macip_acls, macip_acl_index); /* remove the classifier tables off the interface L2 ACL */ rv = @@ -2129,6 +2133,7 @@ macip_acl_interface_del_acl (acl_main_t * am, u32 sw_if_index) a->out_l2_table_index, 0); /* Unset the MACIP ACL index */ am->macip_acl_by_sw_if_index[sw_if_index] = ~0; + am->sw_if_index_vec_by_macip_acl[macip_acl_index] = ~0; return rv; } @@ -2147,11 +2152,14 @@ macip_acl_interface_add_acl (acl_main_t * am, u32 sw_if_index, void *oldheap = acl_set_heap (am); a = pool_elt_at_index (am->macip_acls, macip_acl_index); vec_validate_init_empty (am->macip_acl_by_sw_if_index, sw_if_index, ~0); + vec_validate_init_empty (am->sw_if_index_vec_by_macip_acl, macip_acl_index, + ~0); clib_mem_set_heap (oldheap); /* If there already a MACIP ACL applied, unapply it */ if (~0 != am->macip_acl_by_sw_if_index[sw_if_index]) macip_acl_interface_del_acl (am, sw_if_index); am->macip_acl_by_sw_if_index[sw_if_index] = macip_acl_index; + am->sw_if_index_vec_by_macip_acl[macip_acl_index] = sw_if_index; /* Apply the classifier tables for L2 ACLs */ rv = @@ -3262,10 +3270,6 @@ macip_acl_print (acl_main_t * am, u32 macip_acl_index) vlib_main_t *vm = am->vlib_main; int i; - /* Don't attempt to show the ACLs that do not exist */ - if (pool_is_free_index (am->macip_acls, macip_acl_index)) - return; - /* Don't try to print someone else's memory */ if (macip_acl_index > vec_len (am->macip_acls)) return; @@ -3299,8 +3303,29 @@ acl_show_aclplugin_macip_acl_fn (vlib_main_t * vm, clib_error_t *error = 0; acl_main_t *am = &acl_main; int i; + u32 acl_index = ~0; + + (void) unformat (input, "index %u", &acl_index); + for (i = 0; i < vec_len (am->macip_acls); i++) - macip_acl_print (am, i); + { + /* Don't attempt to show the ACLs that do not exist */ + if (pool_is_free_index (am->macip_acls, i)) + continue; + + if ((acl_index != ~0) && (acl_index != i)) + { + continue; + } + + macip_acl_print (am, i); + if (i < vec_len (am->sw_if_index_vec_by_macip_acl)) + { + vlib_cli_output (vm, " applied on sw_if_index: %d\n", + vec_elt (am->sw_if_index_vec_by_macip_acl, i)); + } + } + return error; } @@ -3947,7 +3972,7 @@ VLIB_CLI_COMMAND (aclplugin_show_tables_command, static) = { VLIB_CLI_COMMAND (aclplugin_show_macip_acl_command, static) = { .path = "show acl-plugin macip acl", - .short_help = "show acl-plugin macip acl", + .short_help = "show acl-plugin macip acl [index N]", .function = acl_show_aclplugin_macip_acl_fn, }; diff --git a/src/plugins/acl/acl.h b/src/plugins/acl/acl.h index 07ed8681ef1..555358c4f66 100644 --- a/src/plugins/acl/acl.h +++ b/src/plugins/acl/acl.h @@ -197,6 +197,9 @@ typedef struct { /* MACIP (input) ACLs associated with the interfaces */ u32 *macip_acl_by_sw_if_index; + /* interfaces on which given MACIP ACLs are applied */ + u32 *sw_if_index_vec_by_macip_acl; + /* bitmaps when set the processing is enabled on the interface */ uword *fa_in_acl_on_sw_if_index; uword *fa_out_acl_on_sw_if_index; -- cgit 1.2.3-korg