[acl] add knet_handle_enable_access_lists api call

Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>

diff --git a/libknet/handle.c b/libknet/handle.c
index de950e0fe5a36bece42941dc140c8bbb9f3af4c2..96e59746d2ddf9fca5c92ce0d3ab709a8e9e9b76 100644 (file)
--- a/libknet/handle.c
+++ b/libknet/handle.c
@@ -1185,6 +1185,42 @@ int knet_handle_setfwd(knet_handle_t knet_h, unsigned int enabled)
        return 0;
 }
 
+int knet_handle_enable_access_lists(knet_handle_t knet_h, unsigned int enabled)
+{
+       int savederrno = 0;
+
+       if (!knet_h) {
+               errno = EINVAL;
+               return -1;
+       }
+
+       if (enabled > 1) {
+               errno = EINVAL;
+               return -1;
+       }
+
+       savederrno = get_global_wrlock(knet_h);
+       if (savederrno) {
+               log_err(knet_h, KNET_SUB_HANDLE, "Unable to get write lock: %s",
+                       strerror(savederrno));
+               errno = savederrno;
+               return -1;
+       }
+
+       knet_h->use_access_lists = enabled;
+
+       if (enabled) {
+               log_debug(knet_h, KNET_SUB_HANDLE, "Links access lists are enabled");
+       } else {
+               log_debug(knet_h, KNET_SUB_HANDLE, "Links access lists are disabled");
+       }
+
+       pthread_rwlock_unlock(&knet_h->global_rwlock);
+
+       errno = 0;
+       return 0;
+}
+
 int knet_handle_pmtud_getfreq(knet_handle_t knet_h, unsigned int *interval)
 {
        int savederrno = 0;

diff --git a/libknet/internals.h b/libknet/internals.h
index 223e80fd1520e419882c3589211ab04e534fa2fd..946d1804a3b5e3460d220660e6426a6eaa5e0663 100644 (file)
--- a/libknet/internals.h
+++ b/libknet/internals.h
@@ -158,6 +158,7 @@ struct knet_handle {
        int send_to_links_epollfd;
        int recv_from_links_epollfd;
        int dst_link_handler_epollfd;
+       uint8_t use_access_lists; /* set to 0 for disable, 1 for enable */
        unsigned int pmtud_interval;
        unsigned int data_mtu;  /* contains the max data size that we can send onwire
                                 * without frags */

diff --git a/libknet/libknet.h b/libknet/libknet.h
index 05fbe00302dc12366937238656ba75004a8ee365..3f59d8cd917ae00965b9ad7812273abf34c48320 100644 (file)
--- a/libknet/libknet.h
+++ b/libknet/libknet.h
@@ -542,6 +542,28 @@ int knet_handle_enable_filter(knet_handle_t knet_h,
 
 int knet_handle_setfwd(knet_handle_t knet_h, unsigned int enabled);
 
+/**
+ * knet_handle_enable_access_lists
+ *
+ * @brief Start packet forwarding
+ *
+ * knet_h   - pointer to knet_handle_t
+ *
+ * enable   - set to 1 to use ip access lists, 0 to disable ip access_lists.
+ *
+ * @return
+ * knet_handle_enable_access_lists returns
+ * 0 on success
+ * -1 on error and errno is set.
+ *
+ * By default access lists usage is off, but default internal access lists
+ * will be populated regardless, but not enforced. TODO add long explanation
+ * on internal access lists for point to point connections vs global
+ * listeners etc.
+ */
+
+int knet_handle_enable_access_lists(knet_handle_t knet_h, unsigned int enabled);
+
 #define KNET_PMTUD_DEFAULT_INTERVAL 60
 
 /**

diff --git a/libknet/tests/api-check.mk b/libknet/tests/api-check.mk
index 39221fead878396f5270bc87325aac4b489e484c..6268d74fcf4531e8bbe37648812d8691d5b37e55 100644 (file)
--- a/libknet/tests/api-check.mk
+++ b/libknet/tests/api-check.mk
@@ -12,6 +12,7 @@ api_checks            = \
                          api_knet_handle_compress_test \
                          api_knet_handle_crypto_test \
                          api_knet_handle_setfwd_test \
+                         api_knet_handle_enable_access_lists_test \
                          api_knet_handle_enable_filter_test \
                          api_knet_handle_enable_sock_notify_test \
                          api_knet_handle_add_datafd_test \
@@ -90,6 +91,9 @@ api_knet_handle_crypto_test_SOURCES = api_knet_handle_crypto.c \
 api_knet_handle_setfwd_test_SOURCES = api_knet_handle_setfwd.c \
                                      test-common.c
 
+api_knet_handle_enable_access_lists_test_SOURCES = api_knet_handle_enable_access_lists.c \
+                                                  test-common.c
+
 api_knet_handle_enable_filter_test_SOURCES = api_knet_handle_enable_filter.c \
                                             test-common.c
 

diff --git a/libknet/tests/api_knet_handle_enable_access_lists.c b/libknet/tests/api_knet_handle_enable_access_lists.c
new file mode 100644 (file)
index 0000000..fc3bcc1
--- /dev/null
+++ b/libknet/tests/api_knet_handle_enable_access_lists.c
@@ -0,0 +1,100 @@
+/*
+ * Copyright (C) 2016-2018 Red Hat, Inc.  All rights reserved.
+ *
+ * Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
+ *
+ * This software licensed under GPL-2.0+, LGPL-2.0+
+ */
+
+#include "config.h"
+
+#include <errno.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+#include "libknet.h"
+#include "internals.h"
+
+#include "test-common.h"
+
+static void test(void)
+{
+       knet_handle_t knet_h;
+       int logfds[2];
+
+       printf("Test knet_handle_enable_access_lists with invalid knet_h\n");
+
+       if ((!knet_handle_enable_access_lists(NULL, 0)) || (errno != EINVAL)) {
+               printf("knet_handle_enable_access_lists accepted invalid knet_h parameter\n");
+               exit(FAIL);
+       }
+
+       setup_logpipes(logfds);
+
+       printf("Test knet_handle_enable_access_lists with invalid param (2) \n");
+
+       knet_h = knet_handle_start(logfds, KNET_LOG_DEBUG);
+
+       if ((!knet_handle_enable_access_lists(knet_h, 2)) || (errno != EINVAL)) {
+               printf("knet_handle_enable_access_lists accepted invalid param for enabled: %s\n", strerror(errno));
+               knet_handle_free(knet_h);
+               flush_logs(logfds[0], stdout);
+               close_logpipes(logfds);
+               exit(FAIL);
+       }
+
+       flush_logs(logfds[0], stdout);
+
+       printf("Test knet_handle_enable_access_lists with valid param (1) \n");
+
+       if (knet_handle_enable_access_lists(knet_h, 1) < 0) {
+               printf("knet_handle_enable_access_lists failed: %s\n", strerror(errno));
+               knet_handle_free(knet_h);
+               flush_logs(logfds[0], stdout);
+               close_logpipes(logfds);
+               exit(FAIL);
+       }
+
+       if (knet_h->use_access_lists != 1) {
+               printf("knet_handle_enable_access_lists failed to set correct value");
+               knet_handle_free(knet_h);
+               flush_logs(logfds[0], stdout);
+               close_logpipes(logfds);
+               exit(FAIL);
+       }
+
+       flush_logs(logfds[0], stdout);
+
+       printf("Test knet_handle_enable_access_lists with valid param (0) \n");
+
+       if (knet_handle_enable_access_lists(knet_h, 0) < 0) {
+               printf("knet_handle_enable_access_lists failed: %s\n", strerror(errno));
+               knet_handle_free(knet_h);
+               flush_logs(logfds[0], stdout);
+               close_logpipes(logfds);
+               exit(FAIL);
+       }
+
+       if (knet_h->use_access_lists != 0) {
+               printf("knet_handle_enable_access_lists failed to set correct value");
+               knet_handle_free(knet_h);
+               flush_logs(logfds[0], stdout);
+               close_logpipes(logfds);
+               exit(FAIL);
+       }
+
+       flush_logs(logfds[0], stdout);
+
+       knet_handle_free(knet_h);
+       flush_logs(logfds[0], stdout);
+       close_logpipes(logfds);
+}
+
+int main(int argc, char *argv[])
+{
+       test();
+
+       return PASS;
+}