aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAndrew Yourtchenko <ayourtch@gmail.com>2018-04-13 13:41:21 +0200
committerNeale Ranns <nranns@cisco.com>2018-04-13 14:37:52 +0000
commitbca9290056b1ee206a05c13bbb46b1b40a8bd804 (patch)
treed9be523ea33ebfd1145f6a37e5c2b28597f98d6b
parent9341e34b500ce7c68fc6857a24ee7b67cac121b1 (diff)
acl-plugin: VPP-1239: acl-as-a-service does not match IPv6 packets, works only in lookup context 0
In process of extracting the matching out of the ACL plugin internals, a couple of pieces setting the miscellaneout fields in the 5tuple structure did not make it, so they are initialized to zeroes. Move the assignments to the right place to make both traffic acls and acl-as-a-service working. Change-Id: I66a7540a13b05113b599f0541999a18fad60385d Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> (cherry picked from commit d3b96ef0d75889f09dc51efb89e5123cdbe7ffe8)
-rw-r--r--src/plugins/acl/fa_node.c2
-rw-r--r--src/plugins/acl/public_inlines.h7
2 files changed, 5 insertions, 4 deletions
diff --git a/src/plugins/acl/fa_node.c b/src/plugins/acl/fa_node.c
index 833b0fa1523..a36a581532b 100644
--- a/src/plugins/acl/fa_node.c
+++ b/src/plugins/acl/fa_node.c
@@ -723,9 +723,7 @@ acl_fa_node_fn (vlib_main_t * vm,
acl_plugin_fill_5tuple_inline (lc_index0, b0, is_ip6, is_input, is_l2_path, (fa_5tuple_opaque_t *)&fa_5tuple);
fa_5tuple.l4.lsb_of_sw_if_index = sw_if_index0 & 0xffff;
- fa_5tuple.pkt.lc_index = lc_index0;
valid_new_sess = acl_make_5tuple_session_key (am, is_input, is_ip6, sw_if_index0, &fa_5tuple, &kv_sess);
- fa_5tuple.pkt.is_ip6 = is_ip6;
// XXDEL fa_5tuple.pkt.is_input = is_input;
fa_5tuple.pkt.mask_type_index_lsb = ~0;
#ifdef FA_NODE_VERBOSE_DEBUG
diff --git a/src/plugins/acl/public_inlines.h b/src/plugins/acl/public_inlines.h
index e7e47c4b561..a2b8fc96d3c 100644
--- a/src/plugins/acl/public_inlines.h
+++ b/src/plugins/acl/public_inlines.h
@@ -210,6 +210,7 @@ acl_fill_5tuple (acl_main_t * am, vlib_buffer_t * b0, int is_ip6,
/* Remainder of the key and per-packet non-key data */
p5tuple_pkt->kv.key[4] = 0;
p5tuple_pkt->kv.value = 0;
+ p5tuple_pkt->pkt.is_ip6 = is_ip6;
if (is_ip6)
{
@@ -732,11 +733,13 @@ acl_plugin_match_5tuple_inline (u32 lc_index,
u32 * trace_bitmap)
{
acl_main_t *am = p_acl_main;
+ fa_5tuple_t * pkt_5tuple_internal = (fa_5tuple_t *)pkt_5tuple;
+ pkt_5tuple_internal->pkt.lc_index = lc_index;
if (am->use_hash_acl_matching) {
- return hash_multi_acl_match_5tuple(lc_index, (fa_5tuple_t *)pkt_5tuple, is_ip6, r_action,
+ return hash_multi_acl_match_5tuple(lc_index, pkt_5tuple_internal, is_ip6, r_action,
r_acl_pos_p, r_acl_match_p, r_rule_match_p, trace_bitmap);
} else {
- return linear_multi_acl_match_5tuple(lc_index, (fa_5tuple_t *)pkt_5tuple, is_ip6, r_action,
+ return linear_multi_acl_match_5tuple(lc_index, pkt_5tuple_internal, is_ip6, r_action,
r_acl_pos_p, r_acl_match_p, r_rule_match_p, trace_bitmap);
}
}