From abb2a42239430a1a67b259b931848a9195402d1a Mon Sep 17 00:00:00 2001
From: Benoît Ganne <bganne@cisco.com>
Date: Thu, 30 Sep 2021 13:41:00 +0200
Subject: ip: add classifier-based ACLs support on ip punt
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This feature allows one to add classifier-based ACLs on packets punted
from the ip infra, eg. to only whitelist specific sender(s).

Type: feature

Change-Id: Idab37b188583efbca980038875fc3e540cb2e880
Signed-off-by: Benoît Ganne <bganne@cisco.com>
---
 src/vnet/classify/classify_api.c | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

(limited to 'src/vnet/classify/classify_api.c')

diff --git a/src/vnet/classify/classify_api.c b/src/vnet/classify/classify_api.c
index 269aac1a194..3e8dc511479 100644
--- a/src/vnet/classify/classify_api.c
+++ b/src/vnet/classify/classify_api.c
@@ -896,6 +896,22 @@ static void vl_api_input_acl_set_interface_t_handler
   REPLY_MACRO (VL_API_INPUT_ACL_SET_INTERFACE_REPLY);
 }
 
+static void
+vl_api_punt_acl_add_del_t_handler (vl_api_punt_acl_add_del_t *mp)
+{
+  vlib_main_t *vm = vlib_get_main ();
+  vl_api_punt_acl_add_del_reply_t *rmp;
+  int rv;
+
+  rv = vnet_set_in_out_acl_intfc (
+    vm, 0 /* sw_if_index */, ~0 /* ip4_table_index */,
+    ~0 /* ip6_table_index */, ~0 /* l2_table_index */,
+    ntohl (mp->ip4_table_index), ntohl (mp->ip6_table_index), mp->is_add,
+    0 /* is_output */);
+
+  REPLY_MACRO (VL_API_PUNT_ACL_ADD_DEL_REPLY);
+}
+
 static void vl_api_output_acl_set_interface_t_handler
   (vl_api_output_acl_set_interface_t * mp)
 {
-- 
cgit 1.2.3-korg