diff --git a/src/plugins/acl/acl.c b/src/plugins/acl/acl.c index b18e8515cde5..6f9fded4e048 100644 --- a/src/plugins/acl/acl.c +++ b/src/plugins/acl/acl.c @@ -25,9 +25,6 @@ #include #include -#include -#include -#include #include #include @@ -37,6 +34,7 @@ #include #define vl_print(handle, ...) vlib_cli_output (handle, __VA_ARGS__) +#include "manual_fns.h" #include "fa_node.h" #include "public_inlines.h" @@ -134,26 +132,6 @@ print_cli_and_reset (vlib_main_t * vm, u8 * out0) typedef void (*acl_vector_print_func_t) (vlib_main_t * vm, u8 * out0); -static inline u8 * -format_acl_action (u8 * s, u8 action) -{ - switch (action) - { - case 0: - s = format (s, "deny"); - break; - case 1: - s = format (s, "permit"); - break; - case 2: - s = format (s, "permit+reflect"); - break; - default: - s = format (s, "action %d", action); - } - return (s); -} - static void acl_print_acl_x (acl_vector_print_func_t vpr, vlib_main_t * vm, acl_main_t * am, int acl_index) @@ -651,16 +629,16 @@ acl_interface_set_inout_acl_list (acl_main_t * am, u32 sw_if_index, u32 **pinout_lc_index_by_sw_if_index = - is_input ? &am->input_lc_index_by_sw_if_index : &am-> - output_lc_index_by_sw_if_index; + is_input ? &am-> + input_lc_index_by_sw_if_index : &am->output_lc_index_by_sw_if_index; u32 ***pinout_acl_vec_by_sw_if_index = - is_input ? &am->input_acl_vec_by_sw_if_index : &am-> - output_acl_vec_by_sw_if_index; + is_input ? &am-> + input_acl_vec_by_sw_if_index : &am->output_acl_vec_by_sw_if_index; u32 ***pinout_sw_if_index_vec_by_acl = - is_input ? &am->input_sw_if_index_vec_by_acl : &am-> - output_sw_if_index_vec_by_acl; + is_input ? &am-> + input_sw_if_index_vec_by_acl : &am->output_sw_if_index_vec_by_acl; vec_validate ((*pinout_acl_vec_by_sw_if_index), sw_if_index); @@ -735,9 +713,7 @@ acl_interface_set_inout_acl_list (acl_main_t * am, u32 sw_if_index, { if (~0 != (*pinout_lc_index_by_sw_if_index)[sw_if_index]) { - acl_plugin. - put_lookup_context_index ((*pinout_lc_index_by_sw_if_index) - [sw_if_index]); + acl_plugin.put_lookup_context_index ((*pinout_lc_index_by_sw_if_index)[sw_if_index]); (*pinout_lc_index_by_sw_if_index)[sw_if_index] = ~0; } } @@ -774,8 +750,8 @@ acl_interface_add_del_inout_acl (u32 sw_if_index, u8 is_add, u8 is_input, : VNET_API_ERROR_ACL_IN_USE_OUTBOUND; u32 ***pinout_acl_vec_by_sw_if_index = - is_input ? &am->input_acl_vec_by_sw_if_index : &am-> - output_acl_vec_by_sw_if_index; + is_input ? &am-> + input_acl_vec_by_sw_if_index : &am->output_acl_vec_by_sw_if_index; int rv = 0; if (is_add) { @@ -1320,7 +1296,7 @@ macip_create_classify_tables (acl_main_t * am, u32 macip_acl_index) /* add session to table mvec[match_type_index].table_index; */ vnet_classify_add_del_session (cm, tag_table, mask, a->rules[i].is_permit ? ~0 : 0, - i, 0, action, metadata, 1); + i, 0, action, metadata, 0, 1); clib_memset (&mask[12], 0, sizeof (mask) - 12); } @@ -1366,7 +1342,7 @@ macip_create_classify_tables (acl_main_t * am, u32 macip_acl_index) 4); vnet_classify_add_del_session (cm, tag_table, mask, a->rules[i].is_permit ? ~0 : 0, - i, 0, action, metadata, 1); + i, 0, action, metadata, 0, 1); } } if (macip_permit_also_egress (a->rules[i].is_permit)) @@ -1419,7 +1395,7 @@ macip_create_classify_tables (acl_main_t * am, u32 macip_acl_index) vnet_classify_add_del_session (cm, tag_table, mask, a->rules[i].is_permit ? ~0 : 0, - i, 0, action, metadata, 1); + i, 0, action, metadata, 0, 1); // clib_memset (&mask[12], 0, sizeof (mask) - 12); } @@ -1459,9 +1435,9 @@ macip_create_classify_tables (acl_main_t * am, u32 macip_acl_index) vnet_classify_add_del_session (cm, tag_table, mask, - a->rules[i]. - is_permit ? ~0 : 0, i, 0, - action, metadata, 1); + a-> + rules[i].is_permit ? ~0 : 0, + i, 0, action, metadata, 0, 1); } } } @@ -2304,8 +2280,7 @@ static void if (~0 != am->macip_acl_by_sw_if_index[sw_if_index]) { send_macip_acl_interface_list_details (am, reg, sw_if_index, - am-> - macip_acl_by_sw_if_index + am->macip_acl_by_sw_if_index [sw_if_index], mp->context); } diff --git a/src/vlib/buffer.h b/src/vlib/buffer.h index 297240d45f72..7422b338119c 100644 --- a/src/vlib/buffer.h +++ b/src/vlib/buffer.h @@ -167,7 +167,7 @@ typedef union u32 total_length_not_including_first_buffer; /**< More opaque data, see ../vnet/vnet/buffer.h */ - u32 opaque2[14]; + u32 opaque2[16]; /** start of buffer headroom */ CLIB_ALIGN_MARK (headroom, 64); @@ -191,7 +191,7 @@ typedef union #endif } vlib_buffer_t; -STATIC_ASSERT_SIZEOF (vlib_buffer_t, 128 + VLIB_BUFFER_PRE_DATA_SIZE); +STATIC_ASSERT_SIZEOF (vlib_buffer_t, 192 + VLIB_BUFFER_PRE_DATA_SIZE); STATIC_ASSERT (VLIB_BUFFER_PRE_DATA_SIZE % CLIB_CACHE_LINE_BYTES == 0, "VLIB_BUFFER_PRE_DATA_SIZE must be divisible by cache line size"); diff --git a/src/vnet/buffer.h b/src/vnet/buffer.h index 50515c435e29..ed7499ccce57 100644 --- a/src/vnet/buffer.h +++ b/src/vnet/buffer.h @@ -380,7 +380,10 @@ typedef struct u32 flags; } snat; - u32 unused[6]; + u64 value; + u32 unused[6]; // This is not really unused because ipsec uses this data. + // See vnet/ipsec/esp.h. Another unused member variable + // must be defined here for future use. }; } vnet_buffer_opaque_t; diff --git a/src/vnet/classify/classify.api b/src/vnet/classify/classify.api index 38c7343af726..c2291d82eebd 100644 --- a/src/vnet/classify/classify.api +++ b/src/vnet/classify/classify.api @@ -128,6 +128,7 @@ autoreply define classify_add_del_session vl_api_classify_action_t action [default=0]; u32 metadata [default=0]; u32 match_len; + u64 value; u8 match[match_len]; }; diff --git a/src/vnet/classify/classify_api.c b/src/vnet/classify/classify_api.c index b0750e951241..5359a3c91940 100644 --- a/src/vnet/classify/classify_api.c +++ b/src/vnet/classify/classify_api.c @@ -151,6 +151,7 @@ static void vl_api_classify_add_del_session_t_handler u32 table_index, hit_next_index, opaque_index, metadata, match_len; i32 advance; u8 action; + u64 value; vnet_classify_table_t *t; table_index = ntohl (mp->table_index); @@ -160,6 +161,7 @@ static void vl_api_classify_add_del_session_t_handler action = mp->action; metadata = ntohl (mp->metadata); match_len = ntohl (mp->match_len); + value = mp->value; if (pool_is_free_index (cm->tables, table_index)) { @@ -177,7 +179,7 @@ static void vl_api_classify_add_del_session_t_handler rv = vnet_classify_add_del_session (cm, table_index, mp->match, hit_next_index, opaque_index, - advance, action, metadata, mp->is_add); + advance, action, metadata, value, mp->is_add); out: REPLY_MACRO (VL_API_CLASSIFY_ADD_DEL_SESSION_REPLY); diff --git a/src/vnet/classify/flow_classify_node.c b/src/vnet/classify/flow_classify_node.c index 9462d467b70f..7455ab10f653 100644 --- a/src/vnet/classify/flow_classify_node.c +++ b/src/vnet/classify/flow_classify_node.c @@ -236,7 +236,7 @@ flow_classify_inline (vlib_main_t * vm, { misses++; vnet_classify_add_del_session (vcm, table_index0, - h0, ~0, 0, 0, 0, 0, 1); + h0, ~0, 0, 0, 0, 0, 0, 1); /* increment counter */ vnet_classify_find_entry (t0, h0, hash0, now); } diff --git a/src/vnet/classify/ip_classify.c b/src/vnet/classify/ip_classify.c index d598d1a5c9b9..c0dfa8f0a17b 100644 --- a/src/vnet/classify/ip_classify.c +++ b/src/vnet/classify/ip_classify.c @@ -236,6 +236,7 @@ ip_classify_inline (vlib_main_t * vm, { vnet_buffer (b0)->l2_classify.opaque_index = e0->opaque_index; + vnet_buffer (b0)->value = e0->value; vlib_buffer_advance (b0, e0->advance); next0 = (e0->next_index < node->n_next_nodes) ? e0->next_index : next0; @@ -262,6 +263,7 @@ ip_classify_inline (vlib_main_t * vm, { vnet_buffer (b0)->l2_classify.opaque_index = e0->opaque_index; + vnet_buffer (b0)->value = e0->value; vlib_buffer_advance (b0, e0->advance); next0 = (e0->next_index < node->n_next_nodes) ? e0->next_index : next0; diff --git a/src/vnet/classify/vnet_classify.c b/src/vnet/classify/vnet_classify.c index 1e7515e1e122..db940fcdbb47 100644 --- a/src/vnet/classify/vnet_classify.c +++ b/src/vnet/classify/vnet_classify.c @@ -1917,6 +1917,7 @@ classify_filter_command_fn (vlib_main_t * vm, 0 /* advance */ , 0 /* action */ , 0 /* metadata */ , + 0 /* value */, 1 /* is_add */ ); vec_free (match_vector); @@ -2673,7 +2674,8 @@ vnet_classify_add_del_session (vnet_classify_main_t * cm, u32 hit_next_index, u32 opaque_index, i32 advance, - u8 action, u32 metadata, int is_add) + u8 action, u32 metadata, u64 value, + int is_add) { vnet_classify_table_t *t; vnet_classify_entry_5_t _max_e __attribute__ ((aligned (16))); @@ -2693,6 +2695,7 @@ vnet_classify_add_del_session (vnet_classify_main_t * cm, e->last_heard = 0; e->flags = 0; e->action = action; + e->value = value; if (e->action == CLASSIFY_ACTION_SET_IP4_FIB_INDEX) e->metadata = fib_table_find_or_create_and_lock (FIB_PROTOCOL_IP4, metadata, @@ -2737,6 +2740,7 @@ classify_session_command_fn (vlib_main_t * vm, i32 advance = 0; u32 action = 0; u32 metadata = 0; + u64 value = 0; int i, rv; while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT) @@ -2801,7 +2805,7 @@ classify_session_command_fn (vlib_main_t * vm, rv = vnet_classify_add_del_session (cm, table_index, match, hit_next_index, opaque_index, advance, - action, metadata, is_add); + action, metadata, value, is_add); switch (rv) { diff --git a/src/vnet/classify/vnet_classify.h b/src/vnet/classify/vnet_classify.h index f0c812415846..d2527c1c2f87 100644 --- a/src/vnet/classify/vnet_classify.h +++ b/src/vnet/classify/vnet_classify.h @@ -77,6 +77,8 @@ typedef CLIB_PACKED(struct _vnet_classify_entry { u64 opaque_count; }; + u64 value; + /* Really only need 1 bit */ u8 flags; #define VNET_CLASSIFY_ENTRY_FREE (1<<0) @@ -509,7 +511,8 @@ int vnet_classify_add_del_session (vnet_classify_main_t * cm, u32 hit_next_index, u32 opaque_index, i32 advance, - u8 action, u32 metadata, int is_add); + u8 action, u32 metadata, u64 value, + int is_add); int vnet_classify_add_del_table (vnet_classify_main_t * cm, u8 * mask,