summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAndrew Yourtchenko <ayourtch@gmail.com>2017-05-11 12:33:54 +0200
committerNeale Ranns <nranns@cisco.com>2017-05-15 20:26:00 +0000
commit5c85f358bb08403d9edce14d9cc63675bda6799d (patch)
tree673e0097455beaad95e926cafd26b8a287ab87ba
parent90b241536653f8acb1401588a2535dead75e5799 (diff)
acl-plugin: unapply the ACLs if interface is being deleted
(HC2VPP-137 is the client behavior triggering this) If the user does not unapply the ACLs off the interface, but deletes the interface, the subsequent reuse of the sw_if_index might find itself with the datapath hooked up for ACL processing even though there is no ACL configured. The fix is to unapply any ACLs in the callback which is called upon the sw_if_index addition/deletion. Change-Id: Icea413d7fbf1ef891844a4818626e1b34fe79cbf Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> (cherry picked from commit 4c72e629e5ace392390a9d6109594254525064f7)
-rw-r--r--src/plugins/acl/acl.c4
1 files changed, 4 insertions, 0 deletions
diff --git a/src/plugins/acl/acl.c b/src/plugins/acl/acl.c
index 83dc0c1810f..4f3c54e842e 100644
--- a/src/plugins/acl/acl.c
+++ b/src/plugins/acl/acl.c
@@ -1624,6 +1624,10 @@ acl_sw_interface_add_del (vnet_main_t * vnm, u32 sw_if_index, u32 is_add)
if (0 == is_add) {
vlib_process_signal_event (am->vlib_main, am->fa_cleaner_node_index,
ACL_FA_CLEANER_DELETE_BY_SW_IF_INDEX, sw_if_index);
+ /* also unapply any ACLs in case the users did not do so. */
+ macip_acl_interface_del_acl(am, sw_if_index);
+ acl_interface_reset_inout_acls (sw_if_index, 0);
+ acl_interface_reset_inout_acls (sw_if_index, 1);
}
return 0;
}