From abb2a42239430a1a67b259b931848a9195402d1a Mon Sep 17 00:00:00 2001
From: Benoît Ganne <bganne@cisco.com>
Date: Thu, 30 Sep 2021 13:41:00 +0200
Subject: ip: add classifier-based ACLs support on ip punt
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This feature allows one to add classifier-based ACLs on packets punted
from the ip infra, eg. to only whitelist specific sender(s).

Type: feature

Change-Id: Idab37b188583efbca980038875fc3e540cb2e880
Signed-off-by: Benoît Ganne <bganne@cisco.com>
---
 src/vnet/classify/classify.api | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

(limited to 'src/vnet/classify/classify.api')

diff --git a/src/vnet/classify/classify.api b/src/vnet/classify/classify.api
index c569fe6a599..d1d7340302f 100644
--- a/src/vnet/classify/classify.api
+++ b/src/vnet/classify/classify.api
@@ -420,6 +420,22 @@ autoreply define input_acl_set_interface
   bool is_add;
 };
 
+/** \brief Add/del punt ACL
+    @param client_index - opaque cookie to identify the sender
+    @param context - sender context, to match reply w/ request
+    @param ip4_table_index - ip4 punt classify table index (~0 for skip)
+    @param ip6_table_index - ip6 punt classify table index (~0 for skip)
+    @param is_add - add punt ACL if non-zero, else delete
+*/
+autoreply define punt_acl_add_del
+{
+  u32 client_index;
+  u32 context;
+  u32 ip4_table_index [default=0xffffffff];
+  u32 ip6_table_index [default=0xffffffff];
+  bool is_add [default=true];
+};
+
 /** \brief Set/unset output ACL interface
     @param client_index - opaque cookie to identify the sender
     @param context - sender context, to match reply w/ request
-- 
cgit 1.2.3-korg