acl-plugin: improvements in 'show acl-plugin macip acl' CLI
- allow to optionally specify the specific MACIP ACL index: 'show acl-plugin macip acl [index N]' - after showing the MACIP ACL, show the sw_if_index of interface(s) where it is applied. Also, add some executions of this debug commands to the MACIP test case for easy verification. Change-Id: I56cf8272abc20b1b2581b60d528d27a70d186b18 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
This commit is contained in:
Andrew Yourtchenko
committed by
Chris Luke
Chris Luke
parent
4585eb86c5
commit
563a8531cb
@ -2163,8 +2163,12 @@ macip_acl_add_list (u32 count, vl_api_macip_acl_rule_t rules[],
|
||||
return rv;
|
||||
}
|
||||
|
||||
|
||||
/* No check for validity of sw_if_index - the callers were supposed to validate */
|
||||
/* No check that sw_if_index denotes a valid interface - the callers
|
||||
* were supposed to validate.
|
||||
*
|
||||
* That said, if sw_if_index corresponds to an interface that exists at all,
|
||||
* this function must return errors accordingly if the ACL is not applied.
|
||||
*/
|
||||
|
||||
static int
|
||||
macip_acl_interface_del_acl (acl_main_t * am, u32 sw_if_index)
|
||||
@ -2172,13 +2176,16 @@ macip_acl_interface_del_acl (acl_main_t * am, u32 sw_if_index)
|
||||
int rv;
|
||||
u32 macip_acl_index;
|
||||
macip_acl_list_t *a;
|
||||
void *oldheap = acl_set_heap (am);
|
||||
vec_validate_init_empty (am->macip_acl_by_sw_if_index, sw_if_index, ~0);
|
||||
clib_mem_set_heap (oldheap);
|
||||
|
||||
/* The vector is too short - MACIP ACL is not applied */
|
||||
if (sw_if_index >= vec_len (am->macip_acl_by_sw_if_index))
|
||||
return VNET_API_ERROR_NO_SUCH_ENTRY;
|
||||
|
||||
macip_acl_index = am->macip_acl_by_sw_if_index[sw_if_index];
|
||||
/* No point in deleting MACIP ACL which is not applied */
|
||||
if (~0 == macip_acl_index)
|
||||
return VNET_API_ERROR_NO_SUCH_ENTRY;
|
||||
|
||||
a = pool_elt_at_index (am->macip_acls, macip_acl_index);
|
||||
/* remove the classifier tables off the interface L2 ACL */
|
||||
rv =
|
||||
@ -2190,6 +2197,11 @@ macip_acl_interface_del_acl (acl_main_t * am, u32 sw_if_index)
|
||||
a->out_l2_table_index, 0);
|
||||
/* Unset the MACIP ACL index */
|
||||
am->macip_acl_by_sw_if_index[sw_if_index] = ~0;
|
||||
/* macip_acl_interface_add_acl did a vec_add1() to this previously, so [sw_if_index] should be valid */
|
||||
u32 index = vec_search (am->sw_if_index_vec_by_macip_acl[macip_acl_index],
|
||||
sw_if_index);
|
||||
if (index != ~0)
|
||||
vec_del1 (am->sw_if_index_vec_by_macip_acl[macip_acl_index], index);
|
||||
return rv;
|
||||
}
|
||||
|
||||
@ -2208,6 +2220,8 @@ macip_acl_interface_add_acl (acl_main_t * am, u32 sw_if_index,
|
||||
void *oldheap = acl_set_heap (am);
|
||||
a = pool_elt_at_index (am->macip_acls, macip_acl_index);
|
||||
vec_validate_init_empty (am->macip_acl_by_sw_if_index, sw_if_index, ~0);
|
||||
vec_validate (am->sw_if_index_vec_by_macip_acl, macip_acl_index);
|
||||
vec_add1 (am->sw_if_index_vec_by_macip_acl[macip_acl_index], sw_if_index);
|
||||
clib_mem_set_heap (oldheap);
|
||||
/* If there already a MACIP ACL applied, unapply it */
|
||||
if (~0 != am->macip_acl_by_sw_if_index[sw_if_index])
|
||||
@ -3352,10 +3366,6 @@ macip_acl_print (acl_main_t * am, u32 macip_acl_index)
|
||||
vlib_main_t *vm = am->vlib_main;
|
||||
int i;
|
||||
|
||||
/* Don't attempt to show the ACLs that do not exist */
|
||||
if (pool_is_free_index (am->macip_acls, macip_acl_index))
|
||||
return;
|
||||
|
||||
/* Don't try to print someone else's memory */
|
||||
if (macip_acl_index > vec_len (am->macip_acls))
|
||||
return;
|
||||
@ -3389,8 +3399,31 @@ acl_show_aclplugin_macip_acl_fn (vlib_main_t * vm,
|
||||
clib_error_t *error = 0;
|
||||
acl_main_t *am = &acl_main;
|
||||
int i;
|
||||
u32 acl_index = ~0;
|
||||
|
||||
(void) unformat (input, "index %u", &acl_index);
|
||||
|
||||
for (i = 0; i < vec_len (am->macip_acls); i++)
|
||||
macip_acl_print (am, i);
|
||||
{
|
||||
/* Don't attempt to show the ACLs that do not exist */
|
||||
if (pool_is_free_index (am->macip_acls, i))
|
||||
continue;
|
||||
|
||||
if ((acl_index != ~0) && (acl_index != i))
|
||||
{
|
||||
continue;
|
||||
}
|
||||
|
||||
macip_acl_print (am, i);
|
||||
if (i < vec_len (am->sw_if_index_vec_by_macip_acl))
|
||||
{
|
||||
vlib_cli_output (vm, " applied on sw_if_index(s): %U\n",
|
||||
format_vec32,
|
||||
vec_elt (am->sw_if_index_vec_by_macip_acl, i),
|
||||
"%d");
|
||||
}
|
||||
}
|
||||
|
||||
return error;
|
||||
}
|
||||
|
||||
@ -3915,7 +3948,7 @@ VLIB_CLI_COMMAND (aclplugin_show_tables_command, static) = {
|
||||
|
||||
VLIB_CLI_COMMAND (aclplugin_show_macip_acl_command, static) = {
|
||||
.path = "show acl-plugin macip acl",
|
||||
.short_help = "show acl-plugin macip acl",
|
||||
.short_help = "show acl-plugin macip acl [index N]",
|
||||
.function = acl_show_aclplugin_macip_acl_fn,
|
||||
};
|
||||
|
||||
|
||||
@ -220,6 +220,9 @@ typedef struct {
|
||||
/* MACIP (input) ACLs associated with the interfaces */
|
||||
u32 *macip_acl_by_sw_if_index;
|
||||
|
||||
/* Vector of interfaces on which given MACIP ACLs are applied */
|
||||
u32 **sw_if_index_vec_by_macip_acl;
|
||||
|
||||
/* bitmaps when set the processing is enabled on the interface */
|
||||
uword *fa_in_acl_on_sw_if_index;
|
||||
uword *fa_out_acl_on_sw_if_index;
|
||||
|
||||
@ -1115,6 +1115,12 @@ class TestMACIP(MethodHolder):
|
||||
self.assertEqual(reply.acls[sw_if_index1], 0)
|
||||
self.assertEqual(reply.acls[sw_if_index2], 1)
|
||||
self.assertEqual(reply.acls[sw_if_index3], 1)
|
||||
self.logger.info("MACIP ACL on multiple interfaces:")
|
||||
self.logger.info(self.vapi.ppcli("sh acl-plugin macip acl"))
|
||||
self.logger.info(self.vapi.ppcli("sh acl-plugin macip acl index 1234"))
|
||||
self.logger.info(self.vapi.ppcli("sh acl-plugin macip acl index 1"))
|
||||
self.logger.info(self.vapi.ppcli("sh acl-plugin macip acl index 0"))
|
||||
self.logger.info(self.vapi.ppcli("sh acl-plugin macip interface"))
|
||||
|
||||
intf[2].remove_vpp_config()
|
||||
intf[1].remove_vpp_config()
|
||||
|
||||
Reference in New Issue
Block a user