ip: add classifier-based ACLs support on ip punt
This feature allows one to add classifier-based ACLs on packets punted
from the ip infra, eg. to only whitelist specific sender(s).
Type: feature
Change-Id: Idab37b188583efbca980038875fc3e540cb2e880
Signed-off-by: Benoît Ganne <bganne@cisco.com>
diff --git a/src/vnet/classify/classify.api b/src/vnet/classify/classify.api
index c569fe6..d1d7340 100644
--- a/src/vnet/classify/classify.api
+++ b/src/vnet/classify/classify.api
@@ -420,6 +420,22 @@
bool is_add;
};
+/** \brief Add/del punt ACL
+ @param client_index - opaque cookie to identify the sender
+ @param context - sender context, to match reply w/ request
+ @param ip4_table_index - ip4 punt classify table index (~0 for skip)
+ @param ip6_table_index - ip6 punt classify table index (~0 for skip)
+ @param is_add - add punt ACL if non-zero, else delete
+*/
+autoreply define punt_acl_add_del
+{
+ u32 client_index;
+ u32 context;
+ u32 ip4_table_index [default=0xffffffff];
+ u32 ip6_table_index [default=0xffffffff];
+ bool is_add [default=true];
+};
+
/** \brief Set/unset output ACL interface
@param client_index - opaque cookie to identify the sender
@param context - sender context, to match reply w/ request