44 #define vl_print(handle, ...) vlib_cli_output (handle, __VA_ARGS__) 50 #define vl_api_version(n,v) static u32 api_version=(v); 67 #define REPLY_MACRO(t) \ 69 unix_shared_memory_queue_t * q = \ 70 vl_api_client_index_to_input_queue (mp->client_index); \ 74 rmp = vl_msg_api_alloc (sizeof (*rmp)); \ 75 rmp->_vl_msg_id = ntohs((t)+sm->msg_id_base); \ 76 rmp->context = mp->context; \ 77 rmp->retval = ntohl(rv); \ 79 vl_msg_api_send_shmem (q, (u8 *)&rmp); \ 82 #define REPLY_MACRO2(t, body) \ 84 unix_shared_memory_queue_t * q; \ 85 rv = vl_msg_api_pd_handler (mp, rv); \ 86 q = vl_api_client_index_to_input_queue (mp->client_index); \ 90 rmp = vl_msg_api_alloc (sizeof (*rmp)); \ 91 rmp->_vl_msg_id = ntohs((t)+am->msg_id_base); \ 92 rmp->context = mp->context; \ 93 rmp->retval = ntohl(rv); \ 94 do {body;} while (0); \ 95 vl_msg_api_send_shmem (q, (u8 *)&rmp); \ 98 #define REPLY_MACRO3(t, n, body) \ 100 unix_shared_memory_queue_t * q; \ 101 rv = vl_msg_api_pd_handler (mp, rv); \ 102 q = vl_api_client_index_to_input_queue (mp->client_index); \ 106 rmp = vl_msg_api_alloc (sizeof (*rmp) + n); \ 107 rmp->_vl_msg_id = ntohs((t)+am->msg_id_base); \ 108 rmp->context = mp->context; \ 109 rmp->retval = ntohl(rv); \ 110 do {body;} while (0); \ 111 vl_msg_api_send_shmem (q, (u8 *)&rmp); \ 117 #define foreach_acl_plugin_api_msg \ 118 _(ACL_PLUGIN_GET_VERSION, acl_plugin_get_version) \ 119 _(ACL_ADD_REPLACE, acl_add_replace) \ 120 _(ACL_DEL, acl_del) \ 121 _(ACL_INTERFACE_ADD_DEL, acl_interface_add_del) \ 122 _(ACL_INTERFACE_SET_ACL_LIST, acl_interface_set_acl_list) \ 123 _(ACL_DUMP, acl_dump) \ 124 _(ACL_INTERFACE_LIST_DUMP, acl_interface_list_dump) \ 125 _(MACIP_ACL_ADD, macip_acl_add) \ 126 _(MACIP_ACL_DEL, macip_acl_del) \ 127 _(MACIP_ACL_INTERFACE_ADD_DEL, macip_acl_interface_add_del) \ 128 _(MACIP_ACL_DUMP, macip_acl_dump) \ 129 _(MACIP_ACL_INTERFACE_GET, macip_acl_interface_get) 160 int msg_size =
sizeof (*rmp);
170 memset (rmp, 0, msg_size);
172 ntohs (VL_API_ACL_PLUGIN_GET_VERSION_REPLY + am->
msg_id_base);
183 u32 * acl_list_index,
u8 * tag)
191 if (*acl_list_index != ~0)
210 for (i = 0; i < count; i++)
212 r = &acl_new_rules[
i];
236 if (~0 == *acl_list_index)
240 memset (a, 0,
sizeof (*a));
242 *acl_list_index = a - am->
acls;
246 a = am->
acls + *acl_list_index;
250 a->
rules = acl_new_rules;
252 memcpy (a->
tag, tag, sizeof (a->
tag));
301 a = &am->
acls[acl_list_index];
317 _(
" dmac smac etype ")
318 _(ether) __ __ __ __ __ __
v __ __ __ __ __ __
v __ __
v 325 _(" ttl pr checksum ")
334 _("L4 T/U sport dport ")
345 _(" dmac smac etype ")
346 _(ether) __ __ __ __ __ __
v __ __ __ __ __ __
v __ __
v 348 _(0x0000) __ __ __ __
350 _(0x0004) __ __
XX __
361 _("L4T/U sport dport ")
362 _(tcpudp)
XX XX XX XX _(padpad) __ __ __ __ _(padeth) __ __;
376 while ((0ULL == *p64) && ((
u8 *) p64 - p) <
size)
380 return (p64 - (
u64 *) p) / 2;
385 u32 mask_len,
u32 next_table_index,
386 u32 miss_next_index,
u32 * table_index,
389 u32 nbuckets = 65536;
392 u32 match = (mask_len / 16) - skip;
393 u8 *skip_mask_ptr = mask + 16 * skip;
394 u32 current_data_flag = 0;
395 int current_data_offset = 0;
401 memory_size, skip, match,
402 next_table_index, miss_next_index,
403 table_index, current_data_flag,
404 current_data_offset, is_add,
410 u32 mask_len,
u32 next_table_index,
411 u32 miss_next_index,
u32 * table_index,
417 u32 match = (mask_len / 16) - skip;
418 u8 *skip_mask_ptr = mask + 16 * skip;
419 u32 current_data_flag = 0;
420 int current_data_offset = 0;
426 memory_size, skip, match,
427 next_table_index, miss_next_index,
428 table_index, current_data_flag,
429 current_data_offset, is_add,
438 u32 ip4_table_index = ~0;
439 u32 ip6_table_index = ~0;
454 sizeof (ip4_5tuple_mask) - 1, ~0,
456 &ip4_table_index, 0);
466 &ip6_table_index, 0);
476 u32 ip4_table_index = ~0;
477 u32 ip6_table_index = ~0;
492 sizeof (ip4_5tuple_mask) - 1, ~0,
494 &ip4_table_index, 0);
504 &ip6_table_index, 0);
514 u32 ip4_table_index = ~0;
515 u32 ip6_table_index = ~0;
522 sizeof (ip4_5tuple_mask) - 1, ~0,
524 &ip4_table_index, 1);
531 &ip6_table_index, 1);
535 sizeof (ip4_5tuple_mask) - 1, ~0,
537 &ip4_table_index, 0);
542 ip6_table_index, ~0);
544 (
"ACL enabling on interface sw_if_index %d, setting tables to the following: ip4: %d ip6: %d\n",
545 sw_if_index, ip4_table_index, ip6_table_index);
551 &ip6_table_index, 0);
553 sizeof (ip4_5tuple_mask) - 1, ~0,
555 &ip4_table_index, 0);
572 u32 ip4_table_index = ~0;
573 u32 ip6_table_index = ~0;
580 sizeof (ip4_5tuple_mask) - 1, ~0,
582 &ip4_table_index, 1);
589 &ip6_table_index, 1);
593 sizeof (ip4_5tuple_mask) - 1, ~0,
595 &ip4_table_index, 0);
600 ip6_table_index, ~0);
602 (
"ACL enabling on interface sw_if_index %d, setting tables to the following: ip4: %d ip6: %d\n",
603 sw_if_index, ip4_table_index, ip6_table_index);
609 &ip6_table_index, 0);
611 sizeof (ip4_5tuple_mask) - 1, ~0,
613 &ip4_table_index, 0);
636 return VNET_API_ERROR_INVALID_SW_IF_INDEX;
659 return VNET_API_ERROR_INVALID_SW_IF_INDEX;
707 if (acl_list_index ==
726 if (acl_list_index ==
814 if (memcmp (addr1, addr2, prefixlen / 8))
821 u8 b1 = *((
u8 *) addr1 + 1 + prefixlen / 8);
822 u8 b2 = *((
u8 *) addr2 + 1 + prefixlen / 8);
823 u8 mask0 = (0xff - ((1 << (8 - (prefixlen % 8))) - 1));
824 return (b1 & mask0) == b2;
834 uint32_t a1 = ntohl (addr1->ip4.as_u32);
835 uint32_t a2 = ntohl (addr2->ip4.as_u32);
836 uint32_t mask0 = 0xffffffff - ((1 << (32 - prefixlen)) - 1);
837 return (a1 & mask0) == a2;
844 return ((port >= port_first) && (port <= port_last));
849 u8 * r_action,
int *r_is_ip6,
u32 * r_acl_match_p,
850 u32 * r_rule_match_p,
u32 * trace_bitmap)
855 ip46_address_t src, dst;
867 type0 = clib_net_to_host_u16 (h0->
type);
868 is_ip4 = (type0 == ETHERNET_TYPE_IP4);
869 is_ip6 = (type0 == ETHERNET_TYPE_IP6);
871 if (!(is_ip4 || is_ip6))
884 *trace_bitmap |= 0x00000001;
906 *trace_bitmap |= 0x00000002;
923 *r_acl_match_p = acl_index;
925 *r_rule_match_p = -1;
929 a = am->
acls + acl_index;
930 for (i = 0; i < a->
count; i++)
943 if (proto != r->
proto)
961 *r_acl_match_p = acl_index;
971 u32 * acl_match_p,
u32 * rule_match_p,
984 &is_ip6, acl_match_p, rule_match_p, trace_bitmap))
1007 u32 * acl_match_p,
u32 * rule_match_p,
1020 &is_ip6, acl_match_p, rule_match_p, trace_bitmap))
1057 for (i = 0; i <
vec_len (mv); i++)
1059 if ((mv[i].prefix_len == prefix_len) && (mv[
i].
is_ipv6 == is_ipv6)
1060 && (0 == memcmp (mv[i].mac_mask, mac_mask, 6)))
1103 u32 match_type_index;
1109 for (i = 0; i < a->
count; i++)
1117 match_type_index =
vec_len (mvec);
1119 memcpy (mvec[match_type_index].mac_mask,
1125 mvec[match_type_index].
count++;
1140 memset (mask, 0,
sizeof (mask));
1141 memcpy (&mask[6], mt->
mac_mask, 6);
1142 memset (&mask[12], 0xff, 2);
1143 memcpy (&mask[14 + 8], mt->
mac_mask, 6);
1146 mask[14 + 14 + i] = 0xff;
1150 mask_len = ((14 + 14 + ((mt->
prefix_len+7) / 8) +
1164 memset (mask, 0,
sizeof (mask));
1165 memcpy (&mask[6], mt->
mac_mask, 6);
1168 mask[l3_src_offs +
i] = 0xff;
1173 0xff - ((1 << (8 - mt->
prefix_len % 8)) - 1);
1179 mask_len = ((l3_src_offs + ((mt->
prefix_len+7) / 8) +
1191 for (i = 0; i < a->
count; i++)
1197 memset (mask, 0,
sizeof (mask));
1199 memset (&mask[12], 0xff, 2);
1219 0, action, metadata, 1);
1221 if (!is6 && (mvec[match_type_index].arp_table_index != ~0))
1223 memset (mask, 0,
sizeof (mask));
1231 0, action, metadata, 1);
1262 u32 * acl_list_index,
u8 * tag)
1279 for (i = 0; i < count; i++)
1281 r = &acl_new_rules[
i];
1286 if(rules[i].is_ipv6)
1295 memset (a, 0,
sizeof (*a));
1299 a->
rules = acl_new_rules;
1301 memcpy (a->
tag, tag, sizeof (a->
tag));
1316 u32 macip_acl_index;
1321 if (~0 == macip_acl_index)
1337 u32 macip_acl_index)
1450 rv = VNET_API_ERROR_INVALID_SW_IF_INDEX;
1471 rv = VNET_API_ERROR_INVALID_SW_IF_INDEX;
1477 for (i = 0; i < mp->
count; i++)
1480 ntohl (mp->
acls[i]));
1484 REPLY_MACRO (VL_API_ACL_INTERFACE_SET_ACL_LIST_REPLY);
1520 int msg_size =
sizeof (*mp) +
sizeof (mp->
r[0]) * acl->
count;
1523 memset (mp, 0, msg_size);
1524 mp->_vl_msg_id = ntohs (VL_API_ACL_DETAILS + am->
msg_id_base);
1530 memcpy (mp->
tag, acl->
tag, sizeof (mp->
tag));
1533 for (i = 0; i < acl->
count; i++)
1565 send_acl_details(am, q, acl, mp->context);
1574 acl = &am->
acls[acl_index];
1589 u32 sw_if_index,
u32 context)
1603 count = n_input + n_output;
1605 msg_size =
sizeof (*mp);
1606 msg_size +=
sizeof (mp->
acls[0]) * count;
1609 memset (mp, 0, msg_size);
1611 ntohs (VL_API_ACL_INTERFACE_LIST_DETAILS + am->
msg_id_base);
1618 for (i = 0; i < n_input; i++)
1622 for (i = 0; i < n_output; i++)
1624 mp->
acls[n_input +
i] =
1653 send_acl_interface_list_details(am, q, swif->sw_if_index, mp->context);
1673 u32 acl_list_index = ~0;
1709 rv = VNET_API_ERROR_INVALID_SW_IF_INDEX;
1715 REPLY_MACRO (VL_API_MACIP_ACL_INTERFACE_ADD_DEL_REPLY);
1726 int msg_size =
sizeof (*mp) + (acl ?
sizeof (mp->
r[0]) * acl->
count : 0);
1729 memset (mp, 0, msg_size);
1730 mp->_vl_msg_id = ntohs (VL_API_MACIP_ACL_DETAILS + am->
msg_id_base);
1736 memcpy (mp->
tag, acl->
tag, sizeof (mp->
tag));
1740 for (i = 0; i < acl->
count; i++)
1749 memcpy (rules[i].src_ip_addr, &r->
src_ip_addr.ip6,
1752 memcpy (rules[i].src_ip_addr, &r->
src_ip_addr.ip4,
1787 send_macip_acl_details (am, q, acl,
1811 int msg_size =
sizeof (*rmp) +
sizeof (rmp->
acls[0]) * count;
1822 memset (rmp, 0, msg_size);
1824 ntohs (VL_API_MACIP_ACL_INTERFACE_GET_REPLY + am->
msg_id_base);
1826 rmp->
count = htonl (count);
1827 for (i = 0; i < count; i++)
1843 vl_msg_api_set_handlers((VL_API_##N + sm->msg_id_base), \ 1845 vl_api_##n##_t_handler, \ 1847 vl_api_##n##_t_endian, \ 1848 vl_api_##n##_t_print, \ 1849 sizeof(vl_api_##n##_t), 1); 1856 #define vl_msg_name_crc_list 1858 #undef vl_msg_name_crc_list 1863 #define _(id,n,crc) \ 1864 vl_msg_api_add_msg_name_crc (am, #n "_" #crc, id + sm->msg_id_base); 1865 foreach_vl_msg_name_crc_acl;
1871 u32 next_out_ip4,
u32 next_out_ip6)
1931 memset (am, 0,
sizeof (*am));
1935 u8 *name =
format (0,
"acl_%08x%c", api_version, 0);
#define vec_validate(V, I)
Make sure vector is long enough for given index (no header, unspecified alignment) ...
u32 * acl_ip4_output_classify_table_by_sw_if_index
static int macip_acl_interface_add_acl(acl_main_t *am, u32 sw_if_index, u32 macip_acl_index)
Use acl_interface_set_acl_list instead Append/remove an ACL index to/from the list of ACLs checked fo...
static int macip_acl_interface_add_del_acl(u32 sw_if_index, u8 is_add, u32 acl_list_index)
static int acl_hook_l2_output_classify(acl_main_t *am, u32 sw_if_index)
static void send_macip_acl_details(acl_main_t *am, unix_shared_memory_queue_t *q, macip_acl_list_t *acl, u32 context)
sll srl srl sll sra u16x4 i
static clib_error_t * acl_init(vlib_main_t *vm)
int acl_interface_out_enable_disable(acl_main_t *am, u32 sw_if_index, int enable_disable)
char ** l2output_get_feat_names(void)
static int acl_interface_del_inout_acl(u32 sw_if_index, u8 is_input, u32 acl_list_index)
static void vl_api_acl_plugin_get_version_t_handler(vl_api_acl_plugin_get_version_t *mp)
int acl_interface_in_enable_disable(acl_main_t *am, u32 sw_if_index, int enable_disable)
void output_acl_packet_match(u32 sw_if_index, vlib_buffer_t *b0, u32 *nextp, u32 *acl_match_p, u32 *rule_match_p, u32 *trace_bitmap)
Set the vector of input/output ACLs checked for an interface.
#define REPLY_MACRO2(t, body)
#define foreach_acl_plugin_api_msg
u32 ** input_acl_vec_by_sw_if_index
void vl_msg_api_send_shmem(unix_shared_memory_queue_t *q, u8 *elem)
static vlib_main_t * vlib_get_main(void)
Dump the list(s) of ACL applied to specific or all interfaces.
vl_api_macip_acl_rule_t r[count]
void acl_setup_nodes(void)
static int count_skip(u8 *p, u32 size)
vnet_interface_main_t interface_main
static void vl_api_acl_add_replace_t_handler(vl_api_acl_add_replace_t *mp)
static void vl_api_macip_acl_dump_t_handler(vl_api_macip_acl_dump_t *mp)
u32 acl_out_node_feat_next_node_index[32]
uword vlib_node_add_next_with_slot(vlib_main_t *vm, uword node_index, uword next_node_index, uword slot)
#define ACL_PLUGIN_VERSION_MINOR
static void vl_api_macip_acl_add_t_handler(vl_api_macip_acl_add_t *mp)
u32 * acl_ip6_input_classify_table_by_sw_if_index
u32 acl_in_ip4_match_next[256]
unix_shared_memory_queue_t * vl_api_client_index_to_input_queue(u32 index)
void vnet_l2_input_classify_enable_disable(u32 sw_if_index, int enable_disable)
Enable/disable l2 input classification on a specific interface.
u16 dstport_or_icmpcode_last
vlib_node_registration_t acl_out_node
(constructor) VLIB_REGISTER_NODE (acl_out_node)
static u32 macip_find_match_type(macip_match_type_t *mv, u8 *mac_mask, u8 prefix_len, u8 is_ipv6)
#define vec_reset_length(v)
Reset vector length to zero NULL-pointer tolerant.
Details about one MACIP ACL.
#define vec_add(V, E, N)
Add N elements to end of vector V (no header, unspecified alignment)
ethernet_main_t * ethernet_main
u16 dst_port_or_code_last
vnet_main_t * vnet_get_main(void)
static int acl_match_addr(ip46_address_t *addr1, ip46_address_t *addr2, int prefixlen, int is_ip6)
ip46_address_t src_ip_addr
void mv(vnet_classify_table_t *t)
#define pool_foreach(VAR, POOL, BODY)
Iterate through pool.
#define VLIB_INIT_FUNCTION(x)
u16 dstport_or_icmpcode_first
static void * vlib_buffer_get_current(vlib_buffer_t *b)
Get pointer to current data to process.
Add or delete a MACIP ACL to/from interface.
void input_acl_packet_match(u32 sw_if_index, vlib_buffer_t *b0, u32 *nextp, u32 *acl_match_p, u32 *rule_match_p, u32 *trace_bitmap)
#define clib_warning(format, args...)
int vnet_l2_output_classify_set_tables(u32 sw_if_index, u32 ip4_table_index, u32 ip6_table_index, u32 other_table_index)
Set l2 per-protocol, per-interface output classification tables.
static int acl_match_port(u16 port, u16 port_first, u16 port_last, int is_ip6)
u32 * acl_ip4_input_classify_table_by_sw_if_index
int vnet_classify_add_del_session(vnet_classify_main_t *cm, u32 table_index, u8 *match, u32 hit_next_index, u32 opaque_index, i32 advance, u8 action, u32 metadata, int is_add)
static int acl_unhook_l2_input_classify(acl_main_t *am, u32 sw_if_index)
u32 acl_in_node_feat_next_node_index[32]
static int acl_hook_l2_input_classify(acl_main_t *am, u32 sw_if_index)
u16 dst_port_or_code_first
static void vl_api_acl_dump_t_handler(vl_api_acl_dump_t *mp)
Replace an existing ACL in-place or create a new ACL.
#define pool_put(P, E)
Free an object E in pool P.
Details about a single ACL contents.
#define vec_del1(v, i)
Delete the element at index I.
vl_api_acl_rule_t r[count]
static int get_l3_src_offset(int is6)
vlib_node_registration_t acl_in_node
(constructor) VLIB_REGISTER_NODE (acl_in_node)
static void send_acl_details(acl_main_t *am, unix_shared_memory_queue_t *q, acl_list_t *acl, u32 context)
u16 src_port_or_type_first
static int match_type_compare(macip_match_type_t *m1, macip_match_type_t *m2)
#define pool_get_aligned(P, E, A)
Allocate an object E from a pool P (general version).
ethernet_main_t * ethernet_main
vl_api_acl_rule_t r[count]
static int acl_unhook_l2_output_classify(acl_main_t *am, u32 sw_if_index)
Reply to alter the ACL list.
static int match_type_metric(macip_match_type_t *m)
static int macip_acl_del_list(u32 acl_list_index)
Dump one or all defined MACIP ACLs.
static int acl_classify_add_del_table_small(vnet_classify_main_t *cm, u8 *mask, u32 mask_len, u32 next_table_index, u32 miss_next_index, u32 *table_index, int is_add)
void * vl_msg_api_alloc(int nbytes)
#define vec_free(V)
Free vector's memory (no header).
static void feat_bitmap_init_next_nodes(vlib_main_t *vm, u32 node_index, u32 num_features, char **feat_names, u32 *next_nodes)
Initialize the feature next-node indexes of a graph node.
static int acl_classify_add_del_table_big(vnet_classify_main_t *cm, u8 *mask, u32 mask_len, u32 next_table_index, u32 miss_next_index, u32 *table_index, int is_add)
u32 register_match_action_nexts(u32 next_in_ip4, u32 next_in_ip6, u32 next_out_ip4, u32 next_out_ip6)
u16 srcport_or_icmptype_first
Reply to add/replace ACL.
static int acl_interface_add_inout_acl(u32 sw_if_index, u8 is_input, u32 acl_list_index)
Reply with the vector of MACIP ACLs by sw_if_index.
#define clib_memcpy(a, b, c)
int vnet_l2_input_classify_set_tables(u32 sw_if_index, u32 ip4_table_index, u32 ip6_table_index, u32 other_table_index)
Set l2 per-protocol, per-interface input classification tables.
#define pool_is_free_index(P, I)
Use free bitmap to query whether given index is free.
clib_error_t * vlib_plugin_register(vlib_main_t *vm, vnet_plugin_handoff_t *h, int from_early_init)
struct _vnet_classify_main vnet_classify_main_t
u16 srcport_or_icmptype_last
static void vl_api_acl_interface_add_del_t_handler(vl_api_acl_interface_add_del_t *mp)
static int macip_acl_interface_del_acl(acl_main_t *am, u32 sw_if_index)
static void vl_api_macip_acl_del_t_handler(vl_api_macip_acl_del_t *mp)
u16 src_port_or_type_last
MACIP Access List Rule entry.
static int macip_create_classify_tables(acl_main_t *am, u32 macip_acl_index)
static void send_acl_interface_list_details(acl_main_t *am, unix_shared_memory_queue_t *q, u32 sw_if_index, u32 context)
static int acl_packet_match(acl_main_t *am, u32 acl_index, vlib_buffer_t *b0, u8 *r_action, int *r_is_ip6, u32 *r_acl_match_p, u32 *r_rule_match_p, u32 *trace_bitmap)
static void clib_mem_free(void *p)
vnet_classify_main_t vnet_classify_main
Reply to get the plugin version.
static clib_error_t * acl_plugin_api_hookup(vlib_main_t *vm)
static int macip_acl_add_list(u32 count, vl_api_macip_acl_rule_t rules[], u32 *acl_list_index, u8 *tag)
vl_api_macip_acl_rule_t r[count]
u32 acl_out_ip6_match_next[256]
Dump the specific ACL contents or all of the ACLs' contents.
int vnet_classify_add_del_table(vnet_classify_main_t *cm, u8 *mask, u32 nbuckets, u32 memory_size, u32 skip, u32 match, u32 next_table_index, u32 miss_next_index, u32 *table_index, u8 current_data_flag, i16 current_data_offset, int is_add, int del_chain)
template key/value backing page structure
u32 * macip_acl_by_sw_if_index
Get the vector of MACIP ACL IDs applied to the interfaces.
u32 * acl_ip6_output_classify_table_by_sw_if_index
static void vl_api_acl_interface_list_dump_t_handler(vl_api_acl_interface_list_dump_t *mp)
vlib_node_t * vlib_get_node_by_name(vlib_main_t *vm, u8 *name)
static int acl_add_list(u32 count, vl_api_acl_rule_t rules[], u32 *acl_list_index, u8 *tag)
static void vl_api_acl_del_t_handler(vl_api_acl_del_t *mp)
macip_acl_list_t * macip_acls
#define vec_len(v)
Number of elements in vector (rvalue-only, NULL tolerant)
static void * get_ptr_to_offset(vlib_buffer_t *b0, int offset)
u32 l2_input_classify_next_acl
Details about a single ACL contents.
Reply to apply/unapply the MACIP ACL.
#define vec_sort_with_function(vec, f)
Sort a vector using the supplied element comparison function.
vnet_sw_interface_t * sw_interfaces
void vnet_l2_output_classify_enable_disable(u32 sw_if_index, int enable_disable)
Enable/disable l2 input classification on a specific interface.
static void vl_api_acl_interface_set_acl_list_t_handler(vl_api_acl_interface_set_acl_list_t *mp)
static void acl_interface_reset_inout_acls(u32 sw_if_index, u8 is_input)
struct clib_bihash_value offset
template key/value backing page structure
u32 l2_output_classify_next_acl
u32 acl_in_ip6_match_next[256]
static void * clib_mem_alloc_aligned(uword size, uword align)
static int acl_interface_add_del_inout_acl(u32 sw_if_index, u8 is_add, u8 is_input, u32 acl_list_index)
static void copy_acl_rule_to_api_rule(vl_api_acl_rule_t *api_rule, acl_rule_t *r)
Reply to delete the MACIP ACL.
#define vec_foreach(var, vec)
Vector iterator.
u32 acl_out_ip4_match_next[256]
u16 vl_msg_api_get_msg_ids(char *name, int n)
#define ACL_PLUGIN_VERSION_MAJOR
void l2sess_vlib_plugin_register(vlib_main_t *vm, void *hh, int from_early_init)
Reply to set the ACL list on an interface.
#define vec_validate_init_empty(V, I, INIT)
Make sure vector is long enough for given index and initialize empty space (no header, unspecified alignment)
#define CLIB_CACHE_LINE_BYTES
static void setup_message_id_table(acl_main_t *sm, api_main_t *am)
u32 ** output_acl_vec_by_sw_if_index
static void vl_api_macip_acl_interface_add_del_t_handler(vl_api_macip_acl_interface_add_del_t *mp)
struct _unix_shared_memory_queue unix_shared_memory_queue_t
static int acl_del_list(u32 acl_list_index)
static void macip_destroy_classify_tables(acl_main_t *am, u32 macip_acl_index)
static u8 acl_get_l4_proto(vlib_buffer_t *b0, int node_is_ip6)
static void vl_api_macip_acl_interface_get_t_handler(vl_api_macip_acl_interface_get_t *mp)