ligang/vpp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

acl: make MACIP ACL apply/unapply/delete logic more robust

Browse Source 
1. vnet_set_input_acl_intfc expects currently applied table ids to
   remove them properly, fixed that.
2. check if the interface has MACIP ACL applied before unapplying it
3. if applying MACIP ACL to interface that has one already applied,
   unapply that first.

These changes required also swapping the order of the add/del functions.

Change-Id: I179490371507b07e9dd8852000954156c318d98c
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
This commit is contained in:
Andrew Yourtchenko
2016-12-08 20:33:19 +01:00
committed by Ole Trøan
parent 32905661d1
commit c9b20bc7a5
1 changed files with 26 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
plugins/acl-plugin/acl/acl.c
View File

@ -1260,6 +1260,29 @@ macip_acl_add_list (u32 count, vl_api_macip_acl_rule_t rules[],
}
/* No check for validity of sw_if_index - the callers were supposed to validate */
static int
macip_acl_interface_del_acl (acl_main_t * am, u32 sw_if_index)
{
int rv;
u32 macip_acl_index;
macip_acl_list_t *a;
vec_validate_init_empty (am->macip_acl_by_sw_if_index, sw_if_index, ~0);
macip_acl_index = am->macip_acl_by_sw_if_index[sw_if_index];
/* No point in deleting MACIP ACL which is not applied */
if (~0 == macip_acl_index)
return -1;
a = &am->macip_acls[macip_acl_index];
/* remove the classifier tables off the interface L2 ACL */
rv =
vnet_set_input_acl_intfc (am->vlib_main, sw_if_index, a->ip4_table_index,
a->ip6_table_index, a->l2_table_index, 0);
/* Unset the MACIP ACL index */
am->macip_acl_by_sw_if_index[sw_if_index] = ~0;
return rv;
}
/* No check for validity of sw_if_index - the callers were supposed to validate */
static int
@ -1274,6 +1297,9 @@ macip_acl_interface_add_acl (acl_main_t * am, u32 sw_if_index,
}
a = &am->macip_acls[macip_acl_index];
vec_validate_init_empty (am->macip_acl_by_sw_if_index, sw_if_index, ~0);
/* If there already a MACIP ACL applied, unapply it */
if (~0 != am->macip_acl_by_sw_if_index[sw_if_index])
macip_acl_interface_del_acl(am, sw_if_index);
am->macip_acl_by_sw_if_index[sw_if_index] = macip_acl_index;
/* Apply the classifier tables for L2 ACLs */
rv =
@ -1282,17 +1308,6 @@ macip_acl_interface_add_acl (acl_main_t * am, u32 sw_if_index,
return rv;
}
static int
macip_acl_interface_del_acl (acl_main_t * am, u32 sw_if_index)
{
int rv;
vec_validate_init_empty (am->macip_acl_by_sw_if_index, sw_if_index, ~0);
am->macip_acl_by_sw_if_index[sw_if_index] = ~0;
/* remove the classifier tables off the interface L2 ACL */
rv = vnet_set_input_acl_intfc (am->vlib_main, sw_if_index, ~0, ~0, ~0, 0);
return rv;
}
static int
macip_acl_del_list (u32 acl_list_index)
{