acl-plugin: clean up the code enabling/disabling acl-plugin processing on interface

Multiple subsequent calls to vnet_feature_enable_disable() to enable the feature
cause the feature to be inserted into the processing graph multiple times in a row.
This might be argued to be a bug in that function, but enabling already enabled feature
is suboptimal anyway, so avoid that. The existing tests already catch this issue whenever
the ASSERT() part of this patch was added.

Change-Id: Ia2c06f7dc87bbe05795c2c7b7d19ea06270ce150
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>

1 files changed, 2 insertions, 0 deletions

diff --git a/src/plugins/acl/fa_node.c b/src/plugins/acl/fa_node.c
index c0ff1a5e01a..0bbc7423a39 100644
--- a/src/plugins/acl/fa_node.c
+++ b/src/plugins/acl/fa_node.c
@@ -1598,6 +1598,7 @@ acl_fa_enable_disable (u32 sw_if_index, int is_input, int enable_disable)
   acl_main_t *am = &acl_main;
   if (is_input)
     {
+      ASSERT(clib_bitmap_get(am->fa_in_acl_on_sw_if_index, sw_if_index) != enable_disable);
       vnet_feature_enable_disable ("ip4-unicast", "acl-plugin-in-ip4-fa",
 				   sw_if_index, enable_disable, 0, 0);
       vnet_feature_enable_disable ("ip6-unicast", "acl-plugin-in-ip6-fa",
@@ -1608,6 +1609,7 @@ acl_fa_enable_disable (u32 sw_if_index, int is_input, int enable_disable)
     }
   else
     {
+      ASSERT(clib_bitmap_get(am->fa_out_acl_on_sw_if_index, sw_if_index) != enable_disable);
       vnet_feature_enable_disable ("ip4-output", "acl-plugin-out-ip4-fa",
 				   sw_if_index, enable_disable, 0, 0);
       vnet_feature_enable_disable ("ip6-output", "acl-plugin-out-ip6-fa",