import unittest
import socket
import struct

from scapy.layers.inet import IP, ICMP, TCP, UDP
from scapy.layers.ipsec import SecurityAssociation, ESP
from scapy.layers.l2 import Ether
from scapy.packet import raw, Raw
from scapy.layers.inet6 import IPv6, ICMPv6EchoRequest, IPv6ExtHdrHopByHop, \
    IPv6ExtHdrFragment, IPv6ExtHdrDestOpt


from framework import VppTestCase, VppTestRunner
from util import ppp, reassemble4, fragment_rfc791, fragment_rfc8200
from vpp_papi import VppEnum


class IPsecIPv4Params:

    addr_type = socket.AF_INET
    addr_any = "0.0.0.0"
    addr_bcast = "255.255.255.255"
    addr_len = 32
    is_ipv6 = 0

    def __init__(self):
        self.remote_tun_if_host = '1.1.1.1'
        self.remote_tun_if_host6 = '1111::1'

        self.scapy_tun_sa_id = 100
        self.scapy_tun_spi = 1000
        self.vpp_tun_sa_id = 200
        self.vpp_tun_spi = 2000

        self.scapy_tra_sa_id = 300
        self.scapy_tra_spi = 3000
        self.vpp_tra_sa_id = 400
        self.vpp_tra_spi = 4000

        self.outer_hop_limit = 64
        self.inner_hop_limit = 255
        self.outer_flow_label = 0
        self.inner_flow_label = 0x12345

        self.auth_algo_vpp_id = (VppEnum.vl_api_ipsec_integ_alg_t.
                                 IPSEC_API_INTEG_ALG_SHA1_96)
        self.auth_algo = 'HMAC-SHA1-96'  # scapy name
        self.auth_key = b'C91KUR9GYMm5GfkEvNjX'

        self.crypt_algo_vpp_id = (VppEnum.vl_api_ipsec_crypto_alg_t.
                                  IPSEC_API_CRYPTO_ALG_AES_CBC_128)
        self.crypt_algo = 'AES-CBC'  # scapy name
        self.crypt_key = b'JPjyOWBeVEQiMe7h'
        self.salt = 0
        self.flags = 0
        self.nat_header = None
        self.tun_flags = (VppEnum.vl_api_tunnel_encap_decap_flags_t.
                          TUNNEL_API_ENCAP_DECAP_FLAG_NONE)
        self.dscp = 0
        self.async_mode = False


class IPsecIPv6Params:

    addr_type = socket.AF_INET6
    addr_any = "0::0"
    addr_bcast = "ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff"
    addr_len = 128
    is_ipv6 = 1

    def __init__(self):
        self.remote_tun_if_host = '1111:1111:1111:1111:1111:1111:1111:1111'
        self.remote_tun_if_host4 = '1.1.1.1'

        self.scapy_tun_sa_id = 500
        self.scapy_tun_spi = 3001
        self.vpp_tun_sa_id = 600
        self.vpp_tun_spi = 3000

        self.scapy_tra_sa_id = 700
        self.scapy_tra_spi = 4001
        self.vpp_tra_sa_id = 800
        self.vpp_tra_spi = 4000

        self.outer_hop_limit = 64
        self.inner_hop_limit = 255
        self.outer_flow_label = 0
        self.inner_flow_label = 0x12345

        self.auth_algo_vpp_id = (VppEnum.vl_api_ipsec_integ_alg_t.
                                 IPSEC_API_INTEG_ALG_SHA1_96)
        self.auth_algo = 'HMAC-SHA1-96'  # scapy name
        self.auth_key = b'C91KUR9GYMm5GfkEvNjX'

        self.crypt_algo_vpp_id = (VppEnum.vl_api_ipsec_crypto_alg_t.
                                  IPSEC_API_CRYPTO_ALG_AES_CBC_128)
        self.crypt_algo = 'AES-CBC'  # scapy name
        self.crypt_key = b'JPjyOWBeVEQiMe7h'
        self.salt = 0
        self.flags = 0
        self.nat_header = None
        self.tun_flags = (VppEnum.vl_api_tunnel_encap_decap_flags_t.
                          TUNNEL_API_ENCAP_DECAP_FLAG_NONE)
        self.dscp = 0
        self.async_mode = False


def mk_scapy_crypt_key(p):
    if p.crypt_algo in ("AES-GCM", "AES-CTR"):
        return p.crypt_key + struct.pack("!I", p.salt)
    else:
        return p.crypt_key


def config_tun_params(p, encryption_type, tun_if):
    ip_class_by_addr_type = {socket.AF_INET: IP, socket.AF_INET6: IPv6}
    esn_en = bool(p.flags & (VppEnum.vl_api_ipsec_sad_flags_t.
                             IPSEC_API_SAD_FLAG_USE_ESN))
    p.tun_dst = tun_if.remote_addr[p.addr_type]
    p.tun_src = tun_if.local_addr[p.addr_type]
    crypt_key = mk_scapy_crypt_key(p)
    p.scapy_tun_sa = SecurityAssociation(
        encryption_type, spi=p.vpp_tun_spi,
        crypt_algo=p.crypt_algo,
        crypt_key=crypt_key,
        auth_algo=p.auth_algo, auth_key=p.auth_key,
        tunnel_header=ip_class_by_addr_type[p.addr_type](
            src=p.tun_dst,
            dst=p.tun_src),
        nat_t_header=p.nat_header,
        esn_en=esn_en)
    p.vpp_tun_sa = SecurityAssociation(
        encryption_type, spi=p.scapy_tun_spi,
        crypt_algo=p.crypt_algo,
        crypt_key=crypt_key,
        auth_algo=p.auth_algo, auth_key=p.auth_key,
        tunnel_header=ip_class_by_addr_type[p.addr_type](
            dst=p.tun_dst,
            src=p.tun_src),
        nat_t_header=p.nat_header,
        esn_en=esn_en)


def config_tra_params(p, encryption_type):
    esn_en = bool(p.flags & (VppEnum.vl_api_ipsec_sad_flags_t.
                             IPSEC_API_SAD_FLAG_USE_ESN))
    crypt_key = mk_scapy_crypt_key(p)
    p.scapy_tra_sa = SecurityAssociation(
        encryption_type,
        spi=p.vpp_tra_spi,
        crypt_algo=p.crypt_algo,
        crypt_key=crypt_key,
        auth_algo=p.auth_algo,
        auth_key=p.auth_key,
        nat_t_header=p.nat_header,
        esn_en=esn_en)
    p.vpp_tra_sa = SecurityAssociation(
        encryption_type,
        spi=p.scapy_tra_spi,
        crypt_algo=p.crypt_algo,
        crypt_key=crypt_key,
        auth_algo=p.auth_algo,
        auth_key=p.auth_key,
        nat_t_header=p.nat_header,
        esn_en=esn_en)


class TemplateIpsec(VppTestCase):
    """
    TRANSPORT MODE:

     ------   encrypt   ---
    |tra_if| <-------> |VPP|
     ------   decrypt   ---

    TUNNEL MODE:

     ------   encrypt   ---   plain   ---
    |tun_if| <-------  |VPP| <------ |pg1|
     ------             ---           ---

     ------   decrypt   ---   plain   ---
    |tun_if| ------->  |VPP| ------> |pg1|
     ------             ---           ---
    """
    tun_spd_id = 1
    tra_spd_id = 2

    def ipsec_select_backend(self):
        """ empty method to be overloaded when necessary """
        pass

    @classmethod
    def setUpClass(cls):
        super(TemplateIpsec, cls).setUpClass()

    @classmethod
    def tearDownClass(cls):
        super(TemplateIpsec, cls).tearDownClass()

    def setup_params(self):
        if not hasattr(self, 'ipv4_params'):
            self.ipv4_params = IPsecIPv4Params()
        if not hasattr(self, 'ipv6_params'):
            self.ipv6_params = IPsecIPv6Params()
        self.params = {self.ipv4_params.addr_type: self.ipv4_params,
                       self.ipv6_params.addr_type: self.ipv6_params}

    def config_interfaces(self):
        self.create_pg_interfaces(range(3))
        self.interfaces = list(self.pg_interfaces)
        for i in self.interfaces:
            i.admin_up()
            i.config_ip4()
            i.resolve_arp()
            i.config_ip6()
            i.resolve_ndp()

    def setUp(self):
        super(TemplateIpsec, self).setUp()

        self.setup_params()

        self.vpp_esp_protocol = (VppEnum.vl_api_ipsec_proto_t.
                                 IPSEC_API_PROTO_ESP)
        self.vpp_ah_protocol = (VppEnum.vl_api_ipsec_proto_t.
                                IPSEC_API_PROTO_AH)

        self.config_interfaces()

        self.ipsec_select_backend()

    def unconfig_interfaces(self):
        for i in self.interfaces:
            i.admin_down()
            i.unconfig_ip4()
            i.unconfig_ip6()

    def tearDown(self):
        super(TemplateIpsec, self).tearDown()

        self.unconfig_interfaces()

    def show_commands_at_teardown(self):
        self.logger.info(self.vapi.cli("show hardware"))

    def gen_encrypt_pkts(self, p, sa, sw_intf, src, dst, count=1,
                         payload_size=54):
        return [Ether(src=sw_intf.remote_mac, dst=sw_intf.local_mac) /
                sa.encrypt(IP(src=src, dst=dst) /
                           ICMP() / Raw(b'X' * payload_size))
                for i in range(count)]

    def gen_encrypt_pkts6(self, p, sa, sw_intf, src, dst, count=1,
                          payload_size=54):
        return [Ether(src=sw_intf.remote_mac, dst=sw_intf.local_mac) /
                sa.encrypt(IPv6(src=src, dst=dst,
                                hlim=p.inner_hop_limit,
                                fl=p.inner_flow_label) /
                           ICMPv6EchoRequest(id=0, seq=1,
                                             data='X' * payload_size))
                for i in range(count)]

    def gen_pkts(self, sw_intf, src, dst, count=1, payload_size=54):
        return [Ether(src=sw_intf.remote_mac, dst=sw_intf.local_mac) /
                IP(src=src, dst=dst) / ICMP() / Raw(b'X' * payload_size)
                for i in range(count)]

    def gen_pkts6(self, p, sw_intf, src, dst, count=1, payload_size=54):
        return [Ether(src=sw_intf.remote_mac, dst=sw_intf.local_mac) /
                IPv6(src=src, dst=dst,
                     hlim=p.inner_hop_limit, fl=p.inner_flow_label) /
                ICMPv6EchoRequest(id=0, seq=1, data='X' * payload_size)
                for i in range(count)]


class IpsecTcp(object):
    def verify_tcp_checksum(self):
        self.vapi.cli("test http server")
        p = self.params[socket.AF_INET]
        send = (Ether(src=self.tun_if.remote_mac, dst=self.tun_if.local_mac) /
                p.scapy_tun_sa.encrypt(IP(src=p.remote_tun_if_host,
                                          dst=self.tun_if.local_ip4) /
                                       TCP(flags='S', dport=80)))
        self.logger.debug(ppp("Sending packet:", send))
        recv = self.send_and_expect(self.tun_if, [send], self.tun_if)
        recv = recv[0]
        decrypted = p.vpp_tun_sa.decrypt(recv[IP])
        self.assert_packet_checksums_valid(decrypted)


class IpsecTcpTests(IpsecTcp):
    def test_tcp_checksum(self):
        """ verify checksum correctness for vpp generated packets """
        self.verify_tcp_checksum()


class IpsecTra4(object):
    """ verify methods for Transport v4 """
    def get_replay_counts(self, p):
        replay_node_name = ('/err/%s/SA replayed packet' %
                            self.tra4_decrypt_node_name[0])
        count = self.statistics.get_err_counter(replay_node_name)

        if p.async_mode:
            replay_post_node_name = ('/err/%s/SA replayed packet' %
                                     self.tra4_decrypt_node_name[p.async_mode])
            count += self.statistics.get_err_counter(replay_post_node_name)

        return count

    def get_hash_failed_counts(self, p):
        if ESP == self.encryption_type and p.crypt_algo == "AES-GCM":
            hash_failed_node_name = ('/err/%s/ESP decryption failed' %
                                     self.tra4_decrypt_node_name[p.async_mode])
        else:
            hash_failed_node_name = ('/err/%s/Integrity check failed' %
                                     self.tra4_decrypt_node_name[p.async_mode])
        count = self.statistics.get_err_counter(hash_failed_node_name)

        if p.async_mode:
            count += self.statistics.get_err_counter(
                '/err/crypto-dispatch/bad-hmac')

        return count

    def verify_tra_anti_replay(self):
        p = self.params[socket.AF_INET]
        esn_en = p.vpp_tra_sa.esn_en

        seq_cycle_node_name = \
            ('/err/%s/sequence number cycled (packet dropped)' %
             self.tra4_encrypt_node_name)
        replay_count = self.get_replay_counts(p)
        hash_failed_count = self.get_hash_failed_counts(p)
        seq_cycle_count = self.statistics.get_err_counter(seq_cycle_node_name)

        if ESP == self.encryption_type:
            undersize_node_name = ('/err/%s/undersized packet' %
                                   self.tra4_decrypt_node_name[0])
            undersize_count = self.statistics.get_err_counter(
                undersize_node_name)

        #
        # send packets with seq numbers 1->34
        # this means the window size is still in Case B (see RFC4303
        # Appendix A)
        #
        # for reasons i haven't investigated Scapy won't create a packet with
        # seq_num=0
        #
        pkts = [(Ether(src=self.tra_if.remote_mac,
                       dst=self.tra_if.local_mac) /
                 p.scapy_tra_sa.encrypt(IP(src=self.tra_if.remote_ip4,
                                           dst=self.tra_if.local_ip4) /
                                        ICMP(),
                                        seq_num=seq))
                for seq in range(1, 34)]
        recv_pkts = self.send_and_expect(self.tra_if, pkts, self.tra_if)

        # replayed packets are dropped
        self.send_and_assert_no_replies(self.tra_if, pkts)
        replay_count += len(pkts)
        self.assertEqual(self.get_replay_counts(p), replay_count)

        #
        # now send a batch of packets all with the same sequence number
        # the first packet in the batch is legitimate, the rest bogus
        #
        self.vapi.cli("clear error")
        self.vapi.cli("clear node counters")
        <style>
@media only all and (prefers-color-scheme: dark) {
.highlight .hll { background-color: #49483e }
.highlight .c { color: #75715e } /* Comment */
.highlight .err { color: #960050; background-color: #1e0010 } /* Error */
.highlight .k { color: #66d9ef } /* Keyword */
.highlight .l { color: #ae81ff } /* Literal */
.highlight .n { color: #f8f8f2 } /* Name */
.highlight .o { color: #f92672 } /* Operator */
.highlight .p { color: #f8f8f2 } /* Punctuation */
.highlight .ch { color: #75715e } /* Comment.Hashbang */
.highlight .cm { color: #75715e } /* Comment.Multiline */
.highlight .cp { color: #75715e } /* Comment.Preproc */
.highlight .cpf { color: #75715e } /* Comment.PreprocFile */
.highlight .c1 { color: #75715e } /* Comment.Single */
.highlight .cs { color: #75715e } /* Comment.Special */
.highlight .gd { color: #f92672 } /* Generic.Deleted */
.highlight .ge { font-style: italic } /* Generic.Emph */
.highlight .gi { color: #a6e22e } /* Generic.Inserted */
.highlight .gs { font-weight: bold } /* Generic.Strong */
.highlight .gu { color: #75715e } /* Generic.Subheading */
.highlight .kc { color: #66d9ef } /* Keyword.Constant */
.highlight .kd { color: #66d9ef } /* Keyword.Declaration */
.highlight .kn { color: #f92672 } /* Keyword.Namespace */
.highlight .kp { color: #66d9ef } /* Keyword.Pseudo */
.highlight .kr { color: #66d9ef } /* Keyword.Reserved */
.highlight .kt { color: #66d9ef } /* Keyword.Type */
.highlight .ld { color: #e6db74 } /* Literal.Date */
.highlight .m { color: #ae81ff } /* Literal.Number */
.highlight .s { color: #e6db74 } /* Literal.String */
.highlight .na { color: #a6e22e } /* Name.Attribute */
.highlight .nb { color: #f8f8f2 } /* Name.Builtin */
.highlight .nc { color: #a6e22e } /* Name.Class */
.highlight .no { color: #66d9ef } /* Name.Constant */
.highlight .nd { color: #a6e22e } /* Name.Decorator */
.highlight .ni { color: #f8f8f2 } /* Name.Entity */
.highlight .ne { color: #a6e22e } /* Name.Exception */
.highlight .nf { color: #a6e22e } /* Name.Function */
.highlight .nl { color: #f8f8f2 } /* Name.Label */
.highlight .nn { color: #f8f8f2 } /* Name.Namespace */
.highlight .nx { color: #a6e22e } /* Name.Other */
.highlight .py { color: #f8f8f2 } /* Name.Property */
.highlight .nt { color: #f92672 } /* Name.Tag */
.highlight .nv { color: #f8f8f2 } /* Name.Variable */
.highlight .ow { color: #f92672 } /* Operator.Word */
.highlight .w { color: #f8f8f2 } /* Text.Whitespace */
.highlight .mb { color: #ae81ff } /* Literal.Number.Bin */
.highlight .mf { color: #ae81ff } /* Literal.Number.Float */
.highlight .mh { color: #ae81ff } /* Literal.Number.Hex */
.highlight .mi { color: #ae81ff } /* Literal.Number.Integer */
.highlight .mo { color: #ae81ff } /* Literal.Number.Oct */
.highlight .sa { color: #e6db74 } /* Literal.String.Affix */
.highlight .sb { color: #e6db74 } /* Literal.String.Backtick */
.highlight .sc { color: #e6db74 } /* Literal.String.Char */
.highlight .dl { color: #e6db74 } /* Literal.String.Delimiter */
.highlight .sd { color: #e6db74 } /* Literal.String.Doc */
.highlight .s2 { color: #e6db74 } /* Literal.String.Double */
.highlight .se { color: #ae81ff } /* Literal.String.Escape */
.highlight .sh { color: #e6db74 } /* Literal.String.Heredoc */
.highlight .si { color: #e6db74 } /* Literal.String.Interpol */
.highlight .sx { color: #e6db74 } /* Literal.String.Other */
.highlight .sr { color: #e6db74 } /* Literal.String.Regex */
.highlight .s1 { color: #e6db74 } /* Literal.String.Single */
.highlight .ss { color: #e6db74 } /* Literal.String.Symbol */
.highlight .bp { color: #f8f8f2 } /* Name.Builtin.Pseudo */
.highlight .fm { color: #a6e22e } /* Name.Function.Magic */
.highlight .vc { color: #f8f8f2 } /* Name.Variable.Class */
.highlight .vg { color: #f8f8f2 } /* Name.Variable.Global */
.highlight .vi { color: #f8f8f2 } /* Name.Variable.Instance */
.highlight .vm { color: #f8f8f2 } /* Name.Variable.Magic */
.highlight .il { color: #ae81ff } /* Literal.Number.Integer.Long */
}
@media (prefers-color-scheme: light) {
.highlight .hll { background-color: #ffffcc }
.highlight .c { color: #888888 } /* Comment */
.highlight .err { color: #a61717; background-color: #e3d2d2 } /* Error */
.highlight .k { color: #008800; font-weight: bold } /* Keyword */
.highlight .ch { color: #888888 } /* Comment.Hashbang */
.highlight .cm { color: #888888 } /* Comment.Multiline */
.highlight .cp { color: #cc0000; font-weight: bold } /* Comment.Preproc */
.highlight .cpf { color: #888888 } /* Comment.PreprocFile */
.highlight .c1 { color: #888888 } /* Comment.Single */
.highlight .cs { color: #cc0000; font-weight: bold; background-color: #fff0f0 } /* Comment.Special */
.highlight .gd { color: #000000; background-color: #ffdddd } /* Generic.Deleted */
.highlight .ge { font-style: italic } /* Generic.Emph */
.highlight .gr { color: #aa0000 } /* Generic.Error */
.highlight .gh { color: #333333 } /* Generic.Heading */
.highlight .gi { color: #000000; background-color: #ddffdd } /* Generic.Inserted */
.highlight .go { color: #888888 } /* Generic.Output */
.highlight .gp { color: #555555 } /* Generic.Prompt */
.highlight .gs { font-weight: bold } /* Generic.Strong */
.highlight .gu { color: #666666 } /* Generic.Subheading */
.highlight .gt { color: #aa0000 } /* Generic.Traceback */
.highlight .kc { color: #008800; font-weight: bold } /* Keyword.Constant */
.highlight .kd { color: #008800; font-weight: bold } /* Keyword.Declaration */
.highlight .kn { color: #008800; font-weight: bold } /* Keyword.Namespace */
.highlight .kp { color: #008800 } /* Keyword.Pseudo */
.highlight .kr { color: #008800; font-weight: bold } /* Keyword.Reserved */
.highlight .kt { color: #888888; font-weight: bold } /* Keyword.Type */
.highlight .m { color: #0000DD; font-weight: bold } /* Literal.Number */
.highlight .s { color: #dd2200; background-color: #fff0f0 } /* Literal.String */
.highlight .na { color: #336699 } /* Name.Attribute */
.highlight .nb { color: #003388 } /* Name.Builtin */
.highlight .nc { color: #bb0066; font-weight: bold } /* Name.Class */
.highlight .no { color: #003366; font-weight: bold } /* Name.Constant */
.highlight .nd { color: #555555 } /* Name.Decorator */
.highlight .ne { color: #bb0066; font-weight: bold } /* Name.Exception */
.highlight .nf { color: #0066bb; font-weight: bold } /* Name.Function */
.highlight .nl { color: #336699; font-style: italic } /* Name.Label */
.highlight .nn { color: #bb0066; font-weight: bold } /* Name.Namespace */
.highlight .py { color: #336699; font-weight: bold } /* Name.Property */
.highlight .nt { color: #bb0066; font-weight: bold } /* Name.Tag */
.highlight .nv { color: #336699 } /* Name.Variable */
.highlight .ow { color: #008800 } /* Operator.Word */
.highlight .w { color: #bbbbbb } /* Text.Whitespace */
.highlight .mb { color: #0000DD; font-weight: bold } /* Literal.Number.Bin */
.highlight .mf { color: #0000DD; font-weight: bold } /* Literal.Number.Float */
.highlight .mh { color: #0000DD; font-weight: bold } /* Literal.Number.Hex */
.highlight .mi { color: #0000DD; font-weight: bold } /* Literal.Number.Integer */
.highlight .mo { color: #0000DD; font-weight: bold } /* Literal.Number.Oct */
.highlight .sa { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Affix */
.highlight .sb { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Backtick */
.highlight .sc { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Char */
.highlight .dl { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Delimiter */
.highlight .sd { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Doc */
.highlight .s2 { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Double */
.highlight .se { color: #0044dd; background-color: #fff0f0 } /* Literal.String.Escape */
.highlight .sh { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Heredoc */
.highlight .si { color: #3333bb; background-color: #fff0f0 } /* Literal.String.Interpol */
.highlight .sx { color: #22bb22; background-color: #f0fff0 } /* Literal.String.Other */
.highlight .sr { color: #008800; background-color: #fff0ff } /* Literal.String.Regex */
.highlight .s1 { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Single */
.highlight .ss { color: #aa6600; background-color: #fff0f0 } /* Literal.String.Symbol */
.highlight .bp { color: #003388 } /* Name.Builtin.Pseudo */
.highlight .fm { color: #0066bb; font-weight: bold } /* Name.Function.Magic */
.highlight .vc { color: #336699 } /* Name.Variable.Class */
.highlight .vg { color: #dd7700 } /* Name.Variable.Global */
.highlight .vi { color: #3333bb } /* Name.Variable.Instance */
.highlight .vm { color: #336699 } /* Name.Variable.Magic */
.highlight .il { color: #0000DD; font-weight: bold } /* Literal.Number.Integer.Long */
}
</style><div class="highlight"><pre><span></span><span class="cm">/*</span>
<span class="cm"> * Copyright (c) 2016 Cisco and/or its affiliates.</span>
<span class="cm"> * Licensed under the Apache License, Version 2.0 (the &quot;License&quot;);</span>
<span class="cm"> * you may not use this file except in compliance with the License.</span>
<span class="cm"> * You may obtain a copy of the License at:</span>
<span class="cm"> *</span>
<span class="cm"> *     http://www.apache.org/licenses/LICENSE-2.0</span>
<span class="cm"> *</span>
<span class="cm"> * Unless required by applicable law or agreed to in writing, software</span>
<span class="cm"> * distributed under the License is distributed on an &quot;AS IS&quot; BASIS,</span>
<span class="cm"> * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.</span>
<span class="cm"> * See the License for the specific language governing permissions and</span>
<span class="cm"> * limitations under the License.</span>
<span class="cm"> */</span>
<span class="cp">#include</span> <span class="cpf">&lt;vnet/classify/policer_classify.h&gt;</span><span class="cp"></span>
<span class="cp">#include</span> <span class="cpf">&lt;vnet/l2/l2_input.h&gt;</span><span class="cp"></span>

<span class="n">policer_classify_main_t</span> <span class="n">policer_classify_main</span><span class="p">;</span>

<span class="k">static</span> <span class="kt">void</span>
<span class="nf">vnet_policer_classify_feature_enable</span> <span class="p">(</span><span class="n">vlib_main_t</span> <span class="o">*</span> <span class="n">vnm</span><span class="p">,</span>
				      <span class="n">policer_classify_main_t</span> <span class="o">*</span> <span class="n">pcm</span><span class="p">,</span>
				      <span class="n">u32</span> <span class="n">sw_if_index</span><span class="p">,</span>
				      <span class="n">policer_classify_table_id_t</span> <span class="n">tid</span><span class="p">,</span>
				      <span class="kt">int</span> <span class="n">feature_enable</span><span class="p">)</span>
<span class="p">{</span>
  <span class="k">if</span> <span class="p">(</span><span class="n">tid</span> <span class="o">==</span> <span class="n">POLICER_CLASSIFY_TABLE_L2</span><span class="p">)</span>
    <span class="p">{</span>
      <span class="n">l2input_intf_bitmap_enable</span> <span class="p">(</span><span class="n">sw_if_index</span><span class="p">,</span> <span class="n">L2INPUT_FEAT_POLICER_CLAS</span><span class="p">,</span>
				  <span class="n">feature_enable</span><span class="p">);</span>
    <span class="p">}</span>
  <span class="k">else</span>
    <span class="p">{</span>
      <span class="n">vnet_feature_config_main_t</span> <span class="o">*</span><span class="n">fcm</span><span class="p">;</span>
      <span class="n">u8</span> <span class="n">arc</span><span class="p">;</span>

      <span class="k">if</span> <span class="p">(</span><span class="n">tid</span> <span class="o">==</span> <span class="n">POLICER_CLASSIFY_TABLE_IP4</span><span class="p">)</span>
	<span class="p">{</span>
	  <span class="n">vnet_feature_enable_disable</span> <span class="p">(</span><span class="s">&quot;ip4-unicast&quot;</span><span class="p">,</span> <span class="s">&quot;ip4-policer-classify&quot;</span><span class="p">,</span>
				       <span class="n">sw_if_index</span><span class="p">,</span> <span class="n">feature_enable</span><span class="p">,</span> <span class="mi">0</span><span class="p">,</span> <span class="mi">0</span><span class="p">);</span>
	  <span class="n">arc</span> <span class="o">=</span> <span class="n">vnet_get_feature_arc_index</span> <span class="p">(</span><span class="s">&quot;ip4-unicast&quot;</span><span class="p">);</span>
	<span class="p">}</span>

      <span class="k">else</span>
	<span class="p">{</span>
	  <span class="n">vnet_feature_enable_disable</span> <span class="p">(</span><span class="s">&quot;ip6-unicast&quot;</span><span class="p">,</span> <span class="s">&quot;ip6-policer-classify&quot;</span><span class="p">,</span>
				       <span class="n">sw_if_index</span><span class="p">,</span> <span class="n">feature_enable</span><span class="p">,</span> <span class="mi">0</span><span class="p">,</span> <span class="mi">0</span><span class="p">);</span>
	  <span class="n">arc</span> <span class="o">=</span> <span class="n">vnet_get_feature_arc_index</span> <span class="p">(</span><span class="s">&quot;ip6-unicast&quot;</span><span class="p">);</span>
	<span class="p">}</span>

      <span class="n">fcm</span> <span class="o">=</span> <span class="n">vnet_get_feature_arc_config_main</span> <span class="p">(</span><span class="n">arc</span><span class="p">);</span>
      <span class="n">pcm</span><span class="o">-&gt;</span><span class="n">vnet_config_main</span><span class="p">[</span><span class="n">tid</span><span class="p">]</span> <span class="o">=</span> <span class="o">&amp;</span><span class="n">fcm</span><span class="o">-&gt;</span><span class="n">config_main</span><span class="p">;</span>
    <span class="p">}</span>
<span class="p">}</span>

<span class="kt">int</span>
<span class="nf">vnet_set_policer_classify_intfc</span> <span class="p">(</span><span class="n">vlib_main_t</span> <span class="o">*</span> <span class="n">vm</span><span class="p">,</span> <span class="n">u32</span> <span class="n">sw_if_index</span><span class="p">,</span>
				 <span class="n">u32</span> <span class="n">ip4_table_index</span><span class="p">,</span> <span class="n">u32</span> <span class="n">ip6_table_index</span><span class="p">,</span>
				 <span class="n">u32</span> <span class="n">l2_table_index</span><span class="p">,</span> <span class="n">u32</span> <span class="n">is_add</span><span class="p">)</span>
<span class="p">{</span>
  <span class="n">policer_classify_main_t</span> <span class="o">*</span><span class="n">pcm</span> <span class="o">=</span> <span class="o">&amp;</span><span class="n">policer_classify_main</span><span class="p">;</span>
  <span class="n">vnet_classify_main_t</span> <span class="o">*</span><span class="n">vcm</span> <span class="o">=</span> <span class="n">pcm</span><span class="o">-&gt;</span><span class="n">vnet_classify_main</span><span class="p">;</span>
  <span class="n">u32</span> <span class="n">pct</span><span class="p">[</span><span class="n">POLICER_CLASSIFY_N_TABLES</span><span class="p">]</span> <span class="o">=</span> <span class="p">{</span> <span class="n">ip4_table_index</span><span class="p">,</span> <span class="n">ip6_table_index</span><span class="p">,</span>
    <span class="n">l2_table_index</span>
  <span class="p">};</span>
  <span class="n">u32</span> <span class="n">ti</span><span class="p">;</span>

  <span class="cm">/* Assume that we&#39;ve validated sw_if_index in the API layer */</span>

  <span class="k">for</span> <span class="p">(</span><span class="n">ti</span> <span class="o">=</span> <span class="mi">0</span><span class="p">;</span> <span class="n">ti</span> <span class="o">&lt;</span> <span class="n">POLICER_CLASSIFY_N_TABLES</span><span class="p">;</span> <span class="n">ti</span><span class="o">++</span><span class="p">)</span>
    <span class="p">{</span>
      <span class="k">if</span> <span class="p">(</span><span class="n">pct</span><span class="p">[</span><span class="n">ti</span><span class="p">]</span> <span class="o">==</span> <span class="o">~</span><span class="mi">0</span><span class="p">)</span>
	<span class="k">continue</span><span class="p">;</span>

      <span class="k">if</span> <span class="p">(</span><span class="n">pool_is_free_index</span> <span class="p">(</span><span class="n">vcm</span><span class="o">-&gt;</span><span class="n">tables</span><span class="p">,</span> <span class="n">pct</span><span class="p">[</span><span class="n">ti</span><span class="p">]))</span>
	<span class="k">return</span> <span class="n">VNET_API_ERROR_NO_SUCH_TABLE</span><span class="p">;</span>

      <span class="n">vec_validate_init_empty</span>
	<span class="p">(</span><span class="n">pcm</span><span class="o">-&gt;</span><span class="n">classify_table_index_by_sw_if_index</span><span class="p">[</span><span class="n">ti</span><span class="p">],</span> <span class="n">sw_if_index</span><span class="p">,</span> <span class="o">~</span><span class="mi">0</span><span class="p">);</span>

      <span class="cm">/* Reject any DEL operation with wrong sw_if_index */</span>
      <span class="k">if</span> <span class="p">(</span><span class="o">!</span><span class="n">is_add</span> <span class="o">&amp;&amp;</span>
	  <span class="p">(</span><span class="n">pct</span><span class="p">[</span><span class="n">ti</span><span class="p">]</span> <span class="o">!=</span>
	   <span class="n">pcm</span><span class="o">-&gt;</span><span class="n">classify_table_index_by_sw_if_index</span><span class="p">[</span><span class="n">ti</span><span class="p">][</span><span class="n">sw_if_index</span><span class="p">]))</span>
	<span class="p">{</span>
	  <span class="n">clib_warning</span>
	    <span class="p">(</span><span class="s">&quot;Non-existent intf_idx=%d with table_index=%d for delete&quot;</span><span class="p">,</span>
	     <span class="n">sw_if_index</span><span class="p">,</span> <span class="n">pct</span><span class="p">[</span><span class="n">ti</span><span class="p">]);</span>
	  <span class="k">return</span> <span class="n">VNET_API_ERROR_NO_SUCH_TABLE</span><span class="p">;</span>
	<span class="p">}</span>

      <span class="cm">/* Return ok on ADD operaton if feature is already enabled */</span>
      <span class="k">if</span> <span class="p">(</span><span class="n">is_add</span> <span class="o">&amp;&amp;</span>
	  <span class="n">pcm</span><span class="o">-&gt;</span><span class="n">classify_table_index_by_sw_if_index</span><span class="p">[</span><span class="n">ti</span><span class="p">][</span><span class="n">sw_if_index</span><span class="p">]</span> <span class="o">!=</span> <span class="o">~</span><span class="mi">0</span><span class="p">)</span>
	<span class="k">return</span> <span class="mi">0</span><span class="p">;</span>

      <span class="n">vnet_policer_classify_feature_enable</span> <span class="p">(</span><span class="n">vm</span><span class="p">,</span> <span class="n">pcm</span><span class="p">,</span> <span class="n">sw_if_index</span><span class="p">,</span> <span class="n">ti</span><span class="p">,</span> <span class="n">is_add</span><span class="p">);</span>

      <span class="k">if</span> <span class="p">(</span><span class="n">is_add</span><span class="p">)</span>
	<span class="n">pcm</span><span class="o">-&gt;</span><span class="n">classify_table_index_by_sw_if_index</span><span class="p">[</span><span class="n">ti</span><span class="p">][</span><span class="n">sw_if_index</span><span class="p">]</span> <span class="o">=</span> <span class="n">pct</span><span class="p">[</span><span class="n">ti</span><span class="p">];</span>
      <span class="k">else</span>
	<span class="n">pcm</span><span class="o">-&gt;</span><span class="n">classify_table_index_by_sw_if_index</span><span class="p">[</span><span class="n">ti</span><span class="p">][</span><span class="n">sw_if_index</span><span class="p">]</span> <span class="o">=</span> <span class="o">~</span><span class="mi">0</span><span class="p">;</span>
    <span class="p">}</span>


  <span class="k">return</span> <span class="mi">0</span><span class="p">;</span>
<span class="p">}</span>

<span class="k">static</span> <span class="n">clib_error_t</span> <span class="o">*</span>
<span class="nf">set_policer_classify_command_fn</span> <span class="p">(</span><span class="n">vlib_main_t</span> <span class="o">*</span> <span class="n">vm</span><span class="p">,</span>
				 <span class="n">unformat_input_t</span> <span class="o">*</span> <span class="n">input</span><span class="p">,</span>
				 <span class="n">vlib_cli_command_t</span> <span class="o">*</span> <span class="n">cmd</span><span class="p">)</span>
<span class="p">{</span>
  <span class="n">vnet_main_t</span> <span class="o">*</span><span class="n">vnm</span> <span class="o">=</span> <span class="n">vnet_get_main</span> <span class="p">();</span>
  <span class="n">u32</span> <span class="n">sw_if_index</span> <span class="o">=</span> <span class="o">~</span><span class="mi">0</span><span class="p">;</span>
  <span class="n">u32</span> <span class="n">ip4_table_index</span> <span class="o">=</span> <span class="o">~</span><span class="mi">0</span><span class="p">;</span>
  <span class="n">u32</span> <span class="n">ip6_table_index</span> <span class="o">=</span> <span class="o">~</span><span class="mi">0</span><span class="p">;</span>
  <span class="n">u32</span> <span class="n">l2_table_index</span> <span class="o">=</span> <span class="o">~</span><span class="mi">0</span><span class="p">;</span>
  <span class="n">u32</span> <span class="n">is_add</span> <span class="o">=</span> <span class="mi">1</span><span class="p">;</span>
  <span class="n">u32</span> <span class="n">idx_cnt</span> <span class="o">=</span> <span class="mi">0</span><span class="p">;</span>
  <span class="kt">int</span> <span class="n">rv</span><span class="p">;</span>

  <span class="k">while</span> <span class="p">(</span><span class="n">unformat_check_input</span> <span class="p">(</span><span class="n">input</span><span class="p">)</span> <span class="o">!=</span> <span class="n">UNFORMAT_END_OF_INPUT</span><span class="p">)</span>
    <span class="p">{</span>
      <span class="k">if</span> <span class="p">(</span><span class="n">unformat</span> <span class="p">(</span><span class="n">input</span><span class="p">,</span> <span class="s">&quot;interface %U&quot;</span><span class="p">,</span> <span class="n">unformat_vnet_sw_interface</span><span class="p">,</span>
		    <span class="n">vnm</span><span class="p">,</span> <span class="o">&amp;</span><span class="n">sw_if_index</span><span class="p">))</span>
	<span class="p">;</span>
      <span class="k">else</span> <span class="k">if</span> <span class="p">(</span><span class="n">unformat</span> <span class="p">(</span><span class="n">input</span><span class="p">,</span> <span class="s">&quot;ip4-table %d&quot;</span><span class="p">,</span> <span class="o">&amp;</span><span class="n">ip4_table_index</span><span class="p">))</span>
	<span class="n">idx_cnt</span><span class="o">++</span><span class="p">;</span>
      <span class="k">else</span> <span class="k">if</span> <span class="p">(</span><span class="n">unformat</span> <span class="p">(</span><span class="n">input</span><span class="p">,</span> <span class="s">&quot;ip6-table %d&quot;</span><span class="p">,</span> <span class="o">&amp;</span><span class="n">ip6_table_index</span><span class="p">))</span>
	<span class="n">idx_cnt</span><span class="o">++</span><span class="p">;</span>
      <span class="k">else</span> <span class="k">if</span> <span class="p">(</span><span class="n">unformat</span> <span class="p">(</span><span class="n">input</span><span class="p">,</span> <span class="s">&quot;l2-table %d&quot;</span><span class="p">,</span> <span class="o">&amp;</span><span class="n">l2_table_index</span><span class="p">))</span>
	<span class="n">idx_cnt</span><span class="o">++</span><span class="p">;</span>
      <span class="k">else</span> <span class="k">if</span> <span class="p">(</span><span class="n">unformat</span> <span class="p">(</span><span class="n">input</span><span class="p">,</span> <span class="s">&quot;del&quot;</span><span class="p">))</span>
	<span class="n">is_add</span> <span class="o">=</span> <span class="mi">0</span><span class="p">;</span>
      <span class="k">else</span>
	<span class="k">break</span><span class="p">;</span>
    <span class="p">}</span>

  <span class="k">if</span> <span class="p">(</span><span class="n">sw_if_index</span> <span class="o">==</span> <span class="o">~</span><span class="mi">0</span><span class="p">)</span>
    <span class="k">return</span> <span class="n">clib_error_return</span> <span class="p">(</span><span class="mi">0</span><span class="p">,</span> <span class="s">&quot;Interface must be specified.&quot;</span><span class="p">);</span>

  <span class="k">if</span> <span class="p">(</span><span class="o">!</span><span class="n">idx_cnt</span><span class="p">)</span>
    <span class="k">return</span> <span class="n">clib_error_return</span> <span class="p">(</span><span class="mi">0</span><span class="p">,</span> <span class="s">&quot;Table index should be specified.&quot;</span><span class="p">);</span>

  <span class="k">if</span> <span class="p">(</span><span class="n">idx_cnt</span> <span class="o">&gt;</span> <span class="mi">1</span><span class="p">)</span>
    <span class="k">return</span> <span class="n">clib_error_return</span> <span class="p">(</span><span class="mi">0</span><span class="p">,</span> <span class="s">&quot;Only one table index per API is allowed.&quot;</span><span class="p">);</span>

  <span class="n">rv</span> <span class="o">=</span> <span class="n">vnet_set_policer_classify_intfc</span> <span class="p">(</span><span class="n">vm</span><span class="p">,</span> <span class="n">sw_if_index</span><span class="p">,</span> <span class="n">ip4_table_index</span><span class="p">,</span>
					<span class="n">ip6_table_index</span><span class="p">,</span> <span class="n">l2_table_index</span><span class="p">,</span>
					<span class="n">is_add</span><span class="p">);</span>

  <span class="k">switch</span> <span class="p">(</span><span class="n">rv</span><span class="p">)</span>
    <span class="p">{</span>
    <span class="k">case</span> <span class="mi">0</span><span class="o">:</span>
      <span class="k">break</span><span class="p">;</span>

    <span class="k">case</span> <span class="nl">VNET_API_ERROR_NO_MATCHING_INTERFACE</span><span class="p">:</span>
      <span class="k">return</span> <span class="n">clib_error_return</span> <span class="p">(</span><span class="mi">0</span><span class="p">,</span> <span class="s">&quot;No such interface&quot;</span><span class="p">);</span>

    <span class="k">case</span> <span class="nl">VNET_API_ERROR_NO_SUCH_ENTRY</span><span class="p">:</span>
      <span class="k">return</span> <span class="n">clib_error_return</span> <span class="p">(</span><span class="mi">0</span><span class="p">,</span> <span class="s">&quot;No such classifier table&quot;</span><span class="p">);</span>
    <span class="p">}</span>
  <span class="k">return</span> <span class="mi">0</span><span class="p">;</span>
<span class="p">}</span>

<span class="cm">/* *INDENT-OFF* */</span>
<span class="n">VLIB_CLI_COMMAND</span> <span class="p">(</span><span class="n">set_policer_classify_command</span><span class="p">,</span> <span class="k">static</span><span class="p">)</span> <span class="o">=</span> <span class="p">{</span>
    <span class="p">.</span><span class="n">path</span> <span class="o">=</span> <span class="s">&quot;set policer classify&quot;</span><span class="p">,</span>
    <span class="p">.</span><span class="n">short_help</span> <span class="o">=</span>
    <span class="s">&quot;set policer classify interface &lt;int&gt; [ip4-table &lt;index&gt;]</span><span class="se">\n</span><span class="s">&quot;</span>
    <span class="s">&quot;  [ip6-table &lt;index&gt;] [l2-table &lt;index&gt;] [del]&quot;</span><span class="p">,</span>
    <span class="p">.</span><span class="n">function</span> <span class="o">=</span> <span class="n">set_policer_classify_command_fn</span><span class="p">,</span>
<span class="p">};</span>
<span class="cm">/* *INDENT-ON* */</span>

<span class="k">static</span> <span class="n">uword</span>
<span class="nf">unformat_table_type</span> <span class="p">(</span><span class="n">unformat_input_t</span> <span class="o">*</span> <span class="n">input</span><span class="p">,</span> <span class="kt">va_list</span> <span class="o">*</span> <span class="n">va</span><span class="p">)</span>
<span class="p">{</span>
  <span class="n">u32</span> <span class="o">*</span><span class="n">r</span> <span class="o">=</span> <span class="n">va_arg</span> <span class="p">(</span><span class="o">*</span><span class="n">va</span><span class="p">,</span> <span class="n">u32</span> <span class="o">*</span><span class="p">);</span>
  <span class="n">u32</span> <span class="n">tid</span><span class="p">;</span>

  <span class="k">if</span> <span class="p">(</span><span class="n">unformat</span> <span class="p">(</span><span class="n">input</span><span class="p">,</span> <span class="s">&quot;ip4&quot;</span><span class="p">))</span>
    <span class="n">tid</span> <span class="o">=</span> <span class="n">POLICER_CLASSIFY_TABLE_IP4</span><span class="p">;</span>
  <span class="k">else</span> <span class="k">if</span> <span class="p">(</span><span class="n">unformat</span> <span class="p">(</span><span class="n">input</span><span class="p">,</span> <span class="s">&quot;ip6&quot;</span><span class="p">))</span>
    <span class="n">tid</span> <span class="o">=</span> <span class="n">POLICER_CLASSIFY_TABLE_IP6</span><span class="p">;</span>
  <span class="k">else</span> <span class="k">if</span> <span class="p">(</span><span class="n">unformat</span> <span class="p">(</span><span class="n">input</span><span class="p">,</span> <span class="s">&quot;l2&quot;</span><span class="p">))</span>
    <span class="n">tid</span> <span class="o">=</span> <span class="n">POLICER_CLASSIFY_TABLE_L2</span><span class="p">;</span>
  <span class="k">else</span>
    <span class="k">return</span> <span class="mi">0</span><span class="p">;</span>

  <span class="o">*</span><span class="n">r</span> <span class="o">=</span> <span class="n">tid</span><span class="p">;</span>
  <span class="k">return</span> <span class="mi">1</span><span class="p">;</span>
<span class="p">}</span>

<span class="k">static</span> <span class="n">clib_error_t</span> <span class="o">*</span>
<span class="nf">show_policer_classify_command_fn</span> <span class="p">(</span><span class="n">vlib_main_t</span> <span class="o">*</span> <span class="n">vm</span><span class="p">,</span>
				  <span class="n">unformat_input_t</span> <span class="o">*</span> <span class="n">input</span><span class="p">,</span>
				  <span class="n">vlib_cli_command_t</span> <span class="o">*</span> <span class="n">cmd</span><span class="p">)</span>
<span class="p">{</span>
  <span class="n">policer_classify_main_t</span> <span class="o">*</span><span class="n">pcm</span> <span class="o">=</span> <span class="o">&amp;</span><span class="n">policer_classify_main</span><span class="p">;</span>
  <span class="n">u32</span> <span class="n">type</span> <span class="o">=</span> <span class="n">POLICER_CLASSIFY_N_TABLES</span><span class="p">;</span>
  <span class="n">u32</span> <span class="o">*</span><span class="n">vec_tbl</span><span class="p">;</span>
  <span class="kt">int</span> <span class="n">i</span><span class="p">;</span>

  <span class="k">if</span> <span class="p">(</span><span class="n">unformat</span> <span class="p">(</span><span class="n">input</span><span class="p">,</span> <span class="s">&quot;type %U&quot;</span><span class="p">,</span> <span class="n">unformat_table_type</span><span class="p">,</span> <span class="o">&amp;</span><span class="n">type</span><span class="p">))</span>
    <span class="p">;</span>
  <span class="k">else</span>
    <span class="k">return</span> <span class="n">clib_error_return</span> <span class="p">(</span><span class="mi">0</span><span class="p">,</span> <span class="s">&quot;Type must be specified.&quot;</span><span class="p">);;</span>

  <span class="k">if</span> <span class="p">(</span><span class="n">type</span> <span class="o">==</span> <span class="n">POLICER_CLASSIFY_N_TABLES</span><span class="p">)</span>
    <span class="k">return</span> <span class="n">clib_error_return</span> <span class="p">(</span><span class="mi">0</span><span class="p">,</span> <span class="s">&quot;Invalid table type.&quot;</span><span class="p">);</span>

  <span class="n">vec_tbl</span> <span class="o">=</span> <span class="n">pcm</span><span class="o">-&gt;</span><span class="n">classify_table_index_by_sw_if_index</span><span class="p">[</span><span class="n">type</span><span class="p">];</span>

  <span class="k">if</span> <span class="p">(</span><span class="n">vec_len</span> <span class="p">(</span><span class="n">vec_tbl</span><span class="p">))</span>
    <span class="n">vlib_cli_output</span> <span class="p">(</span><span class="n">vm</span><span class="p">,</span> <span class="s">&quot;%10s%20s</span><span class="se">\t\t</span><span class="s">%s&quot;</span><span class="p">,</span> <span class="s">&quot;Intfc idx&quot;</span><span class="p">,</span> <span class="s">&quot;Classify table&quot;</span><span class="p">,</span>
		     <span class="s">&quot;Interface name&quot;</span><span class="p">);</span>
  <span class="k">else</span>
    <span class="n">vlib_cli_output</span> <span class="p">(</span><span class="n">vm</span><span class="p">,</span> <span class="s">&quot;No tables configured.&quot;</span><span class="p">);</span>

  <span class="k">for</span> <span class="p">(</span><span class="n">i</span> <span class="o">=</span> <span class="mi">0</span><span class="p">;</span> <span class="n">i</span> <span class="o">&lt;</span> <span class="n">vec_len</span> <span class="p">(</span><span class="n">vec_tbl</span><span class="p">);</span> <span class="n">i</span><span class="o">++</span><span class="p">)</span>
    <span class="p">{</span>
      <span class="k">if</span> <span class="p">(</span><span class="n">vec_elt</span> <span class="p">(</span><span class="n">vec_tbl</span><span class="p">,</span> <span class="n">i</span><span class="p">)</span> <span class="o">==</span> <span class="o">~</span><span class="mi">0</span><span class="p">)</span>
	<span class="k">continue</span><span class="p">;</span>

      <span class="n">vlib_cli_output</span> <span class="p">(</span><span class="n">vm</span><span class="p">,</span> <span class="s">&quot;%10d%20d</span><span class="se">\t\t</span><span class="s">%U&quot;</span><span class="p">,</span> <span class="n">i</span><span class="p">,</span> <span class="n">vec_elt</span> <span class="p">(</span><span class="n">vec_tbl</span><span class="p">,</span> <span class="n">i</span><span class="p">),</span>
		       <span class="n">format_vnet_sw_if_index_name</span><span class="p">,</span> <span class="n">pcm</span><span class="o">-&gt;</span><span class="n">vnet_main</span><span class="p">,</span> <span class="n">i</span><span class="p">);</span>
    <span class="p">}</span>

  <span class="k">return</span> <span class="mi">0</span><span class="p">;</span>
<span class="p">}</span>

<span class="cm">/* *INDENT-OFF* */</span>
<span class="n">VLIB_CLI_COMMAND</span> <span class="p">(</span><span class="n">show_policer_classify_command</span><span class="p">,</span> <span class="k">static</span><span class="p">)</span> <span class="o">=</span> <span class="p">{</span>
    <span class="p">.</span><span class="n">path</span> <span class="o">=</span> <span class="s">&quot;show classify policer&quot;</span><span class="p">,</span>
    <span class="p">.</span><span class="n">short_help</span> <span class="o">=</span> <span class="s">&quot;show classify policer type [ip4|ip6|l2]&quot;</span><span class="p">,</span>
    <span class="p">.</span><span class="n">function</span> <span class="o">=</span> <span class="n">show_policer_classify_command_fn</span><span class="p">,</span>
<span class="p">};</span>
<span class="cm">/* *INDENT-ON* */</span>

<span class="cm">/*</span>
<span class="cm"> * fd.io coding-style-patch-verification: ON</span>
<span class="cm"> *</span>
<span class="cm"> * Local Variables:</span>
<span class="cm"> * eval: (c-set-style &quot;gnu&quot;)</span>
<span class="cm"> * End:</span>
<span class="cm"> */</span>
</pre></div>
</code></pre></td></tr></table>
</div> <!-- class=content -->
<div id="lfcollabprojects-footer">
  <div class="gray-diagonal">
    <div class="footer-inner">
      <p>
        &copy; 2016 <a href="https://www.fd.io/">FD.io</a> a Linux Foundation
        Collaborative Project. All Rights Reserved.
      </p>
      <p>
        Linux Foundation is a registered trademark of The Linux Foundation.
        Linux is a registered
        <a
          href="http://www.linuxfoundation.org/programs/legal/trademark"
          title="Linux Mark Institute"
          >trademark</a
        >
        of Linus Torvalds.
      </p>
      <p>
        Please see our
        <a href="http://www.linuxfoundation.org/privacy">privacy policy</a> and
        <a href="http://www.linuxfoundation.org/terms">terms of use</a>
      </p>
    </div>
  </div>
</div>
</div> <!-- id=cgit -->
</body>
</html>
et:",
                                              decrypt_pkt))
                    except:
                        pass
                    raise
        finally:
            self.logger.info(self.vapi.ppcli("show error"))
            self.logger.info(self.vapi.ppcli("show ipsec all"))
        self.verify_counters6(p, p, count)


class IpsecTun6Tests(IpsecTun6):
    """ UT test methods for Tunnel v6 """

    def test_tun_basic66(self):
        """ ipsec 6o6 tunnel basic test """
        self.verify_tun_66(self.params[socket.AF_INET6], count=1)

    def test_tun_reass_basic66(self):
        """ ipsec 6o6 tunnel basic reassembly test """
        self.verify_tun_reass_66(self.params[socket.AF_INET6])

    def test_tun_burst66(self):
        """ ipsec 6o6 tunnel burst test """
        self.verify_tun_66(self.params[socket.AF_INET6], count=257)


class IpsecTun6HandoffTests(IpsecTun6):
    """ UT test methods for Tunnel v6 with multiple workers """
    vpp_worker_count = 2

    def test_tun_handoff_66(self):
        """ ipsec 6o6 tunnel worker hand-off test """
        self.vapi.cli("clear errors")
        self.vapi.cli("clear ipsec sa")

        N_PKTS = 15
        p = self.params[socket.AF_INET6]

        # inject alternately on worker 0 and 1. all counts on the SA
        # should be against worker 0
        for worker in [0, 1, 0, 1]:
            send_pkts = self.gen_encrypt_pkts6(p, p.scapy_tun_sa, self.tun_if,
                                               src=p.remote_tun_if_host,
                                               dst=self.pg1.remote_ip6,
                                               count=N_PKTS)
            recv_pkts = self.send_and_expect(self.tun_if, send_pkts,
                                             self.pg1, worker=worker)
            self.verify_decrypted6(p, recv_pkts)

            send_pkts = self.gen_pkts6(p, self.pg1, src=self.pg1.remote_ip6,
                                       dst=p.remote_tun_if_host,
                                       count=N_PKTS)
            recv_pkts = self.send_and_expect(self.pg1, send_pkts,
                                             self.tun_if, worker=worker)
            self.verify_encrypted6(p, p.vpp_tun_sa, recv_pkts)

        # all counts against the first worker that was used
        self.verify_counters6(p, p, 4*N_PKTS, worker=0)


class IpsecTun4HandoffTests(IpsecTun4):
    """ UT test methods for Tunnel v4 with multiple workers """
    vpp_worker_count = 2

    def test_tun_handooff_44(self):
        """ ipsec 4o4 tunnel worker hand-off test """
        self.vapi.cli("clear errors")
        self.vapi.cli("clear ipsec sa")

        N_PKTS = 15
        p = self.params[socket.AF_INET]

        # inject alternately on worker 0 and 1. all counts on the SA
        # should be against worker 0
        for worker in [0, 1, 0, 1]:
            send_pkts = self.gen_encrypt_pkts(p, p.scapy_tun_sa, self.tun_if,
                                              src=p.remote_tun_if_host,
                                              dst=self.pg1.remote_ip4,
                                              count=N_PKTS)
            recv_pkts = self.send_and_expect(self.tun_if, send_pkts,
                                             self.pg1, worker=worker)
            self.verify_decrypted(p, recv_pkts)

            send_pkts = self.gen_pkts(self.pg1, src=self.pg1.remote_ip4,
                                      dst=p.remote_tun_if_host,
                                      count=N_PKTS)
            recv_pkts = self.send_and_expect(self.pg1, send_pkts,
                                             self.tun_if, worker=worker)
            self.verify_encrypted(p, p.vpp_tun_sa, recv_pkts)

        # all counts against the first worker that was used
        self.verify_counters4(p, 4*N_PKTS, worker=0)


class IpsecTun46Tests(IpsecTun4Tests, IpsecTun6Tests):
    """ UT test methods for Tunnel v6 & v4 """
    pass


if __name__ == '__main__':
    unittest.main(testRunner=VppTestRunner)