int main(int argc, char *argv[])
{
int opt;
char options[] = "AabcDdEefGgHhijklm?F:n:N:o:P:p:q:r:s:S:t:u:U:v:x:y:V:z:Z:";
int fd;
struct acl_args args;
struct acl_list_args *args2;
int method=-1;
int result;
int i;
memset(&args, 0, sizeof(struct acl_args));
args.pn = 7; /* Default do not care*/
/* Max 511 acl entries */
args2=malloc(sizeof(struct acl_list_args) + sizeof(struct acl_args)*511);
if (NULL == args2)
{
printf(" Allocate memory for acl_list_args and acl_args failed.\n");
return 0;
}
fd = open("/dev/"ACL_DEVNAME, O_RDONLY);
if (fd < 0)
{
printf("Open %s pseudo device failed\n","/dev/"ACL_DEVNAME);
free(args2);
return 0;
}
if(argc < 2) {
show_usage();
free(args2);
close(fd);
return 0;
}
while ((opt = getopt (argc, argv, options)) != -1) {
switch (opt) {
case 'A':
method=ACL_ADD_SDMAC_ANY;
break;
case 'a':
method=ACL_ADD_SMAC_DIP_ANY;
break;
case 'b':
method=ACL_ADD_SMAC_DIP_TCP;
break;
case 'c':
method=ACL_ADD_SMAC_DIP_UDP;
break;
case 'D':
method=ACL_DEL_SDMAC_ANY;
break;
case 'd':
method=ACL_DEL_SMAC_DIP_ANY;
break;
case 'e':
method=ACL_DEL_SMAC_DIP_TCP;
break;
case 'E':
method=ACL_ADD_SMAC_DMAC_ETYPE_VID_SIP_DIP_TOS_PORT;
break;
case 'F':
if(strcasecmp(optarg,"TCP")==0){
args.L4=ACL_PROTO_TCP;
}else if(strcasecmp(optarg,"UDP")==0){
args.L4=ACL_PROTO_UDP;
}else if(strcasecmp(optarg,"ANY")==0){
args.L4=ACL_PROTO_ANY;
}else{
printf("Error: -t TCP or UDP or ANY\n");
free(args2);
close(fd);
return 0;
}
break;
case 'G':
method=ACL_DEL_SMAC_DMAC_ETYPE_VID_SIP_DIP_TOS_PORT;
break;
case 'f':
method=ACL_DEL_SMAC_DIP_UDP;
break;
case 'H':
method=ACL_ADD_SIP_DIP_ANY;
break;
case 'g':
method = ACL_GET_ALL_ENTRIES;
break;
case 'h':
method=ACL_ADD_SIP_DIP_TCP;
break;
case 'i':
method=ACL_ADD_SIP_DIP_UDP;
break;
case 'j':
method=ACL_DEL_SIP_DIP_ANY;
break;
case 'k':
method=ACL_DEL_SIP_DIP_TCP;
break;
case 'l':
method=ACL_DEL_SIP_DIP_UDP;
break;
case 'm':
method=ACL_CLEAN_TBL;
break;
case 'n': /* source mac address */
str_to_mac(args.mac, optarg);
break;
case 'N': /* destination mac address */
str_to_mac(args.dmac, optarg);
break;
case 'o': /* start of sip */
str_to_ip(&args.sip_s, optarg);
break;
case 'p': /* end of sip */
str_to_ip(&args.sip_e, optarg);
break;
case 'P': /* Port Number */
args.pn=strtoll(optarg, NULL, 10);
break;
case 'q': /* start of dip */
str_to_ip(&args.dip_s, optarg);
break;
case 'r': /* end of dip */
str_to_ip(&args.dip_e, optarg);
break;
case 's': /* start of dp */
args.dp_s=strtoll(optarg, NULL, 10);
break;
case 't': /* end of dp */
args.dp_e=strtoll(optarg, NULL, 10);
break;
case 'S': /* Protocol */
args.protocol=strtoll(optarg, NULL, 10);
break;
case 'v': /* start of sp */
args.sp_s=strtoll(optarg, NULL, 10);
break;
case 'x': /* end of sp */
args.sp_e=strtoll(optarg, NULL, 10);
break;
case 'y': /* start of tos */
args.tos_s=strtoll(optarg, NULL, 10);
break;
case 'z': /* end of tos */
args.tos_e=strtoll(optarg, NULL, 10);
break;
case 'Z': /* ethertype */
args.ethertype=strtoll(optarg, NULL, 16);
break;
case 'V': /* VID */
args.vid=strtoll(optarg, NULL, 10);
break;
case 'u': /* Deny/Allow */
if(strcasecmp(optarg,"Deny")==0){
args.method=ACL_DENY_RULE;
}else if(strcasecmp(optarg,"Allow")==0){
args.method=ACL_ALLOW_RULE;
}else if(strcasecmp(optarg,"FP")==0){
args.method=ACL_PRIORITY_RULE;
}else{
printf("Error: -t Deny or Allow\n");
free(args2);
close(fd);
return 0;
}
break;
case 'U': /* User Priority */
args.up=strtoll(optarg, NULL, 10);
break;
case '?':
default:
show_usage();
free(args2);
close(fd);
return 0;
}
}
switch(method) {
case ACL_ADD_SDMAC_ANY:
case ACL_ADD_ETYPE_ANY:
case ACL_ADD_SMAC_DIP_ANY:
case ACL_ADD_SMAC_DIP_TCP:
case ACL_ADD_SMAC_DIP_UDP:
case ACL_DEL_SDMAC_ANY:
case ACL_DEL_ETYPE_ANY:
case ACL_DEL_SMAC_DIP_ANY:
case ACL_DEL_SMAC_DIP_TCP:
case ACL_DEL_SMAC_DIP_UDP:
case ACL_ADD_SIP_DIP_ANY:
case ACL_ADD_SIP_DIP_TCP:
case ACL_ADD_SIP_DIP_UDP:
case ACL_ADD_SMAC_DMAC_ETYPE_VID_SIP_DIP_TOS_PORT:
case ACL_DEL_SIP_DIP_ANY:
case ACL_DEL_SIP_DIP_TCP:
case ACL_DEL_SIP_DIP_UDP:
case ACL_DEL_SMAC_DMAC_ETYPE_VID_SIP_DIP_TOS_PORT:
case ACL_CLEAN_TBL:
SetAclEntry(&args, method);
result = args.result;
break;
case ACL_GET_ALL_ENTRIES:
AclGetAllEntries(args2);
result = args2->result;
printf("Total Entry Count = %d\n",args2->num_of_entries);
for(i=0;i<args2->num_of_entries;i++){
printf("#%d :SMAC=%02X:%02X:%02X:%02X:%02X:%02X => DMAC=%02X:%02X:%02X:%02X:%02X:%02X PROTOCOL=0x%2x\n", \
i, args2->entries[i].mac[0], args2->entries[i].mac[1], args2->entries[i].mac[2], \
args2->entries[i].mac[3], args2->entries[i].mac[4], args2->entries[i].mac[5], \
args2->entries[i].dmac[0], args2->entries[i].dmac[1],args2->entries[i].dmac[2], \
args2->entries[i].dmac[3], args2->entries[i].dmac[4],args2->entries[i].dmac[5], \
args2->entries[i].protocol);
printf(" :SIP %u.%u.%u.%u->%u.%u.%u.%u=>DIP %u.%u.%u.%u->%u.%u.%u.%u SP %d->%d=>DP %d->%d TOS:0x%2x->0x%2x VID:%d ETYPE=0x%4x TCP_UDP=0/TCP=1/UDP=2:%d PN:%d\n\r", \
NIPQUAD(args2->entries[i].sip_s), \
NIPQUAD(args2->entries[i].sip_e), \
NIPQUAD(args2->entries[i].dip_s), \
NIPQUAD(args2->entries[i].dip_e), \
args2->entries[i].sp_s, \
args2->entries[i].sp_e, \
args2->entries[i].dp_s, \
args2->entries[i].dp_e, \
args2->entries[i].tos_s, \
args2->entries[i].tos_e, \
args2->entries[i].vid, \
args2->entries[i].ethertype, \
args2->entries[i].L4, \
args2->entries[i].pn);
}
break;
default:
result = ACL_FAIL;
}
if(result == ACL_SUCCESS) {
printf("done\n");
}else if (result == ACL_TBL_FULL) {
printf("table full\n");
} else {
printf("fail\n");
}
free(args2);
close(fd);
return 0;
}
int AclIoctl (struct inode *inode, struct file *filp,
unsigned int cmd, unsigned long arg)
#endif
{
struct acl_args *opt=(struct acl_args *)arg;
struct acl_list_args *opt2=(struct acl_list_args *)arg;
AclPlcyNode node;
memcpy(node.Mac,opt->mac,ETH_ALEN);
memcpy(node.DMac,opt->dmac,ETH_ALEN);
node.Method=opt->method;
node.RuleType=cmd;
node.SipS=opt->sip_s;
node.SipE=opt->sip_e;
node.DipS=opt->dip_s;
node.DipE=opt->dip_e;
node.SpS=opt->sp_s;
node.SpE=opt->sp_e;
node.DpS=opt->dp_s;
node.DpE=opt->dp_e;
node.up=opt->up;
node.pn=opt->pn;
node.TosS=opt->tos_s;
node.TosE=opt->tos_e;
node.Ethertype=opt->ethertype;
node.Vid=opt->vid;
node.Proto=opt->L4;
node.Protocol=opt->protocol;
node.SpecialTag=0; /* use for esw port > rt63365 */
switch(cmd)
{
case ACL_ADD_SDMAC_ANY:
case ACL_ADD_ETYPE_ANY:
opt->result = RunIoctlAddHandler(&node, ACL_PROTO_ANY);
break;
case ACL_DEL_SDMAC_ANY:
case ACL_DEL_ETYPE_ANY:
opt->result = RunIoctlDelHandler(&node, ACL_PROTO_ANY);
break;
case ACL_ADD_SMAC_DIP_ANY:
case ACL_ADD_SIP_DIP_ANY:
opt->result = RunIoctlAddHandler(&node, ACL_PROTO_ANY);
break;
case ACL_DEL_SMAC_DIP_ANY:
case ACL_DEL_SIP_DIP_ANY:
opt->result = RunIoctlDelHandler(&node, ACL_PROTO_ANY);
break;
case ACL_ADD_SMAC_DIP_TCP:
case ACL_ADD_SIP_DIP_TCP:
opt->result = RunIoctlAddHandler(&node, ACL_PROTO_TCP);
break;
case ACL_ADD_SMAC_DMAC_ETYPE_VID_SIP_DIP_TOS_PORT:
opt->result = RunIoctlAddHandler(&node, node.Proto);
break;
case ACL_DEL_SMAC_DMAC_ETYPE_VID_SIP_DIP_TOS_PORT:
opt->result = RunIoctlDelHandler(&node, node.Proto);
break;
case ACL_DEL_SMAC_DIP_TCP:
case ACL_DEL_SIP_DIP_TCP:
opt->result = RunIoctlDelHandler(&node, ACL_PROTO_TCP);
break;
case ACL_ADD_SMAC_DIP_UDP:
case ACL_ADD_SIP_DIP_UDP:
opt->result = RunIoctlAddHandler(&node, ACL_PROTO_UDP);
break;
case ACL_DEL_SMAC_DIP_UDP:
case ACL_DEL_SIP_DIP_UDP:
opt->result = RunIoctlDelHandler(&node, ACL_PROTO_UDP);
break;
case ACL_CLEAN_TBL:
AclCleanTbl();
break;
case ACL_GET_ALL_ENTRIES:
opt2->result = AclGetAllEntries(opt2);
break;
default:
break;
}
return 0;
}
