summaryrefslogtreecommitdiffstats
path: root/src/plugins/acl
diff options
context:
space:
mode:
authorDave Barach <dave@barachs.net>2018-10-17 10:38:51 -0400
committerDamjan Marion <dmarion@me.com>2018-10-23 13:06:46 +0000
commitb7b929931a07fbb27b43d5cd105f366c3e29807e (patch)
tree438681c89738802dbb5d339715b96ea2c31bafb4 /src/plugins/acl
parentb9a4c445c1d4e9cdab476a8e1fb8a46ff0fc6080 (diff)
c11 safe string handling support
Change-Id: Ied34720ca5a6e6e717eea4e86003e854031b6eab Signed-off-by: Dave Barach <dave@barachs.net>
Diffstat (limited to 'src/plugins/acl')
-rw-r--r--src/plugins/acl/acl.c90
-rw-r--r--src/plugins/acl/acl_test.c12
-rw-r--r--src/plugins/acl/hash_lookup.c18
-rw-r--r--src/plugins/acl/public_inlines.h2
4 files changed, 61 insertions, 61 deletions
diff --git a/src/plugins/acl/acl.c b/src/plugins/acl/acl.c
index 2af2d7a8b70..dbc658b3640 100644
--- a/src/plugins/acl/acl.c
+++ b/src/plugins/acl/acl.c
@@ -212,7 +212,7 @@ vl_api_acl_plugin_get_version_t_handler (vl_api_acl_plugin_get_version_t * mp)
return;
rmp = vl_msg_api_alloc (msg_size);
- memset (rmp, 0, msg_size);
+ clib_memset (rmp, 0, msg_size);
rmp->_vl_msg_id =
ntohs (VL_API_ACL_PLUGIN_GET_VERSION_REPLY + am->msg_id_base);
rmp->context = mp->context;
@@ -390,7 +390,7 @@ acl_add_list (u32 count, vl_api_acl_rule_t rules[],
for (i = 0; i < count; i++)
{
r = vec_elt_at_index (acl_new_rules, i);
- memset (r, 0, sizeof (*r));
+ clib_memset (r, 0, sizeof (*r));
r->is_permit = rules[i].is_permit;
r->is_ipv6 = rules[i].is_ipv6;
if (r->is_ipv6)
@@ -418,7 +418,7 @@ acl_add_list (u32 count, vl_api_acl_rule_t rules[],
{
/* Get ACL index */
pool_get_aligned (am->acls, a, CLIB_CACHE_LINE_BYTES);
- memset (a, 0, sizeof (*a));
+ clib_memset (a, 0, sizeof (*a));
/* Will return the newly allocated ACL index */
*acl_list_index = a - am->acls;
}
@@ -1105,7 +1105,7 @@ macip_create_classify_tables (acl_main_t * am, u32 macip_acl_index)
*/
for (tags = 2; tags >= 0; tags--)
{
- memset (mask, 0, sizeof (mask));
+ clib_memset (mask, 0, sizeof (mask));
/* source MAC address */
memcpy (&mask[6], mt->mac_mask, 6);
@@ -1113,20 +1113,20 @@ macip_create_classify_tables (acl_main_t * am, u32 macip_acl_index)
{
case 0:
default:
- memset (&mask[12], 0xff, 2); /* ethernet protocol */
+ clib_memset (&mask[12], 0xff, 2); /* ethernet protocol */
l3_offset = 14;
last_tag_table = &mt->arp_table_index;
break;
case 1:
- memset (&mask[12], 0xff, 2); /* VLAN tag1 */
- memset (&mask[16], 0xff, 2); /* ethernet protocol */
+ clib_memset (&mask[12], 0xff, 2); /* VLAN tag1 */
+ clib_memset (&mask[16], 0xff, 2); /* ethernet protocol */
l3_offset = 18;
last_tag_table = &mt->arp_dot1q_table_index;
break;
case 2:
- memset (&mask[12], 0xff, 2); /* VLAN tag1 */
- memset (&mask[16], 0xff, 2); /* VLAN tag2 */
- memset (&mask[20], 0xff, 2); /* ethernet protocol */
+ clib_memset (&mask[12], 0xff, 2); /* VLAN tag1 */
+ clib_memset (&mask[16], 0xff, 2); /* VLAN tag2 */
+ clib_memset (&mask[20], 0xff, 2); /* ethernet protocol */
l3_offset = 22;
last_tag_table = &mt->arp_dot1ad_table_index;
break;
@@ -1151,26 +1151,26 @@ macip_create_classify_tables (acl_main_t * am, u32 macip_acl_index)
if (mt->has_egress)
{
/* egress ARP table */
- memset (mask, 0, sizeof (mask));
+ clib_memset (mask, 0, sizeof (mask));
switch (tags)
{
case 0:
default:
- memset (&mask[12], 0xff, 2); /* ethernet protocol */
+ clib_memset (&mask[12], 0xff, 2); /* ethernet protocol */
l3_offset = 14;
out_last_tag_table = &mt->out_arp_table_index;
break;
case 1:
- memset (&mask[12], 0xff, 2); /* VLAN tag1 */
- memset (&mask[16], 0xff, 2); /* ethernet protocol */
+ clib_memset (&mask[12], 0xff, 2); /* VLAN tag1 */
+ clib_memset (&mask[16], 0xff, 2); /* ethernet protocol */
l3_offset = 18;
out_last_tag_table = &mt->out_arp_dot1q_table_index;
break;
case 2:
- memset (&mask[12], 0xff, 2); /* VLAN tag1 */
- memset (&mask[16], 0xff, 2); /* VLAN tag2 */
- memset (&mask[20], 0xff, 2); /* ethernet protocol */
+ clib_memset (&mask[12], 0xff, 2); /* VLAN tag1 */
+ clib_memset (&mask[16], 0xff, 2); /* VLAN tag2 */
+ clib_memset (&mask[20], 0xff, 2); /* ethernet protocol */
l3_offset = 22;
out_last_tag_table = &mt->out_arp_dot1ad_table_index;
break;
@@ -1207,25 +1207,25 @@ macip_create_classify_tables (acl_main_t * am, u32 macip_acl_index)
*/
for (tags = 2; tags >= 0; tags--)
{
- memset (mask, 0, sizeof (mask));
+ clib_memset (mask, 0, sizeof (mask));
memcpy (&mask[6], mt->mac_mask, 6);
l3_src_offs = tags * 4 + get_l3_src_offset (is6);
switch (tags)
{
case 0:
default:
- memset (&mask[12], 0xff, 2); /* ethernet protocol */
+ clib_memset (&mask[12], 0xff, 2); /* ethernet protocol */
last_tag_table = &mt->table_index;
break;
case 1:
- memset (&mask[12], 0xff, 2); /* VLAN tag1 */
- memset (&mask[16], 0xff, 2); /* ethernet protocol */
+ clib_memset (&mask[12], 0xff, 2); /* VLAN tag1 */
+ clib_memset (&mask[16], 0xff, 2); /* ethernet protocol */
last_tag_table = &mt->dot1q_table_index;
break;
case 2:
- memset (&mask[12], 0xff, 2); /* VLAN tag1 */
- memset (&mask[16], 0xff, 2); /* VLAN tag2 */
- memset (&mask[20], 0xff, 2); /* ethernet protocol */
+ clib_memset (&mask[12], 0xff, 2); /* VLAN tag1 */
+ clib_memset (&mask[16], 0xff, 2); /* VLAN tag2 */
+ clib_memset (&mask[20], 0xff, 2); /* ethernet protocol */
last_tag_table = &mt->dot1ad_table_index;
break;
}
@@ -1253,7 +1253,7 @@ macip_create_classify_tables (acl_main_t * am, u32 macip_acl_index)
{
for (tags = 2; tags >= 0; tags--)
{
- memset (mask, 0, sizeof (mask));
+ clib_memset (mask, 0, sizeof (mask));
/* MAC destination */
memcpy (&mask[0], mt->mac_mask, 6);
l3_dst_offs = tags * 4 + get_l3_dst_offset (is6);
@@ -1261,18 +1261,18 @@ macip_create_classify_tables (acl_main_t * am, u32 macip_acl_index)
{
case 0:
default:
- memset (&mask[12], 0xff, 2); /* ethernet protocol */
+ clib_memset (&mask[12], 0xff, 2); /* ethernet protocol */
out_last_tag_table = &mt->out_table_index;
break;
case 1:
- memset (&mask[12], 0xff, 2); /* VLAN tag1 */
- memset (&mask[16], 0xff, 2); /* ethernet protocol */
+ clib_memset (&mask[12], 0xff, 2); /* VLAN tag1 */
+ clib_memset (&mask[16], 0xff, 2); /* ethernet protocol */
out_last_tag_table = &mt->out_dot1q_table_index;
break;
case 2:
- memset (&mask[12], 0xff, 2); /* VLAN tag1 */
- memset (&mask[16], 0xff, 2); /* VLAN tag2 */
- memset (&mask[20], 0xff, 2); /* ethernet protocol */
+ clib_memset (&mask[12], 0xff, 2); /* VLAN tag1 */
+ clib_memset (&mask[16], 0xff, 2); /* VLAN tag2 */
+ clib_memset (&mask[20], 0xff, 2); /* ethernet protocol */
out_last_tag_table = &mt->out_dot1ad_table_index;
break;
}
@@ -1327,7 +1327,7 @@ macip_create_classify_tables (acl_main_t * am, u32 macip_acl_index)
for (tags = 2; tags >= 0; tags--)
{
- memset (mask, 0, sizeof (mask));
+ clib_memset (mask, 0, sizeof (mask));
l3_src_offs = tags * 4 + get_l3_src_offset (is6);
memcpy (&mask[6], a->rules[i].src_mac, 6);
switch (tags)
@@ -1369,13 +1369,13 @@ macip_create_classify_tables (acl_main_t * am, u32 macip_acl_index)
vnet_classify_add_del_session (cm, tag_table,
mask, a->rules[i].is_permit ? ~0 : 0,
i, 0, action, metadata, 1);
- memset (&mask[12], 0, sizeof (mask) - 12);
+ clib_memset (&mask[12], 0, sizeof (mask) - 12);
}
/* add ARP table entry too */
if (!is6 && (mvec[match_type_index].arp_table_index != ~0))
{
- memset (mask, 0, sizeof (mask));
+ clib_memset (mask, 0, sizeof (mask));
memcpy (&mask[6], a->rules[i].src_mac, 6);
for (tags = 2; tags >= 0; tags--)
@@ -1422,7 +1422,7 @@ macip_create_classify_tables (acl_main_t * am, u32 macip_acl_index)
/* Add the egress entry with destination set */
for (tags = 2; tags >= 0; tags--)
{
- memset (mask, 0, sizeof (mask));
+ clib_memset (mask, 0, sizeof (mask));
l3_dst_offs = tags * 4 + get_l3_dst_offset (is6);
/* src mac in the other direction becomes dst */
memcpy (&mask[0], a->rules[i].src_mac, 6);
@@ -1468,7 +1468,7 @@ macip_create_classify_tables (acl_main_t * am, u32 macip_acl_index)
mask,
a->rules[i].is_permit ? ~0 : 0,
i, 0, action, metadata, 1);
- // memset (&mask[12], 0, sizeof (mask) - 12);
+ // clib_memset (&mask[12], 0, sizeof (mask) - 12);
}
/* add ARP table entry too */
@@ -1476,7 +1476,7 @@ macip_create_classify_tables (acl_main_t * am, u32 macip_acl_index)
{
for (tags = 2; tags >= 0; tags--)
{
- memset (mask, 0, sizeof (mask));
+ clib_memset (mask, 0, sizeof (mask));
switch (tags)
{
case 0:
@@ -1644,7 +1644,7 @@ macip_acl_add_list (u32 count, vl_api_macip_acl_rule_t rules[],
{
/* Get ACL index */
pool_get_aligned (am->macip_acls, a, CLIB_CACHE_LINE_BYTES);
- memset (a, 0, sizeof (*a));
+ clib_memset (a, 0, sizeof (*a));
/* Will return the newly allocated ACL index */
*acl_list_index = a - am->macip_acls;
}
@@ -1980,7 +1980,7 @@ send_acl_details (acl_main_t * am, vl_api_registration_t * reg,
void *oldheap = acl_set_heap (am);
mp = vl_msg_api_alloc (msg_size);
- memset (mp, 0, msg_size);
+ clib_memset (mp, 0, msg_size);
mp->_vl_msg_id = ntohs (VL_API_ACL_DETAILS + am->msg_id_base);
/* fill in the message */
@@ -2066,7 +2066,7 @@ send_acl_interface_list_details (acl_main_t * am,
msg_size += sizeof (mp->acls[0]) * count;
mp = vl_msg_api_alloc (msg_size);
- memset (mp, 0, msg_size);
+ clib_memset (mp, 0, msg_size);
mp->_vl_msg_id =
ntohs (VL_API_ACL_INTERFACE_LIST_DETAILS + am->msg_id_base);
@@ -2218,7 +2218,7 @@ send_macip_acl_details (acl_main_t * am, vl_api_registration_t * reg,
int msg_size = sizeof (*mp) + (acl ? sizeof (mp->r[0]) * acl->count : 0);
mp = vl_msg_api_alloc (msg_size);
- memset (mp, 0, msg_size);
+ clib_memset (mp, 0, msg_size);
mp->_vl_msg_id = ntohs (VL_API_MACIP_ACL_DETAILS + am->msg_id_base);
/* fill in the message */
@@ -2308,7 +2308,7 @@ vl_api_macip_acl_interface_get_t_handler (vl_api_macip_acl_interface_get_t *
return;
rmp = vl_msg_api_alloc (msg_size);
- memset (rmp, 0, msg_size);
+ clib_memset (rmp, 0, msg_size);
rmp->_vl_msg_id =
ntohs (VL_API_MACIP_ACL_INTERFACE_GET_REPLY + am->msg_id_base);
rmp->context = mp->context;
@@ -2332,7 +2332,7 @@ send_macip_acl_interface_list_details (acl_main_t * am,
int msg_size = sizeof (*rmp) + sizeof (rmp->acls[0]);
rmp = vl_msg_api_alloc (msg_size);
- memset (rmp, 0, msg_size);
+ clib_memset (rmp, 0, msg_size);
rmp->_vl_msg_id =
ntohs (VL_API_MACIP_ACL_INTERFACE_LIST_DETAILS + am->msg_id_base);
@@ -2448,7 +2448,7 @@ send_acl_interface_etype_whitelist_details (acl_main_t * am,
msg_size += sizeof (mp->whitelist[0]) * count;
mp = vl_msg_api_alloc (msg_size);
- memset (mp, 0, msg_size);
+ clib_memset (mp, 0, msg_size);
mp->_vl_msg_id =
ntohs (VL_API_ACL_INTERFACE_ETYPE_WHITELIST_DETAILS + am->msg_id_base);
@@ -3533,7 +3533,7 @@ acl_init (vlib_main_t * vm)
{
acl_main_t *am = &acl_main;
clib_error_t *error = 0;
- memset (am, 0, sizeof (*am));
+ clib_memset (am, 0, sizeof (*am));
am->vlib_main = vm;
am->vnet_main = vnet_get_main ();
am->log_default = vlib_log_register_class ("acl_plugin", 0);
diff --git a/src/plugins/acl/acl_test.c b/src/plugins/acl/acl_test.c
index 991d877f7af..dcb0888076d 100644
--- a/src/plugins/acl/acl_test.c
+++ b/src/plugins/acl/acl_test.c
@@ -313,7 +313,7 @@ static int api_acl_plugin_get_version (vat_main_t * vam)
vam->result_ready = 0;
mp = vl_msg_api_alloc_as_if_client(msg_size);
- memset (mp, 0, msg_size);
+ clib_memset (mp, 0, msg_size);
mp->_vl_msg_id = ntohs (VL_API_ACL_PLUGIN_GET_VERSION + sm->msg_id_base);
mp->client_index = vam->my_client_index;
@@ -334,7 +334,7 @@ static int api_macip_acl_interface_get (vat_main_t * vam)
vam->result_ready = 0;
mp = vl_msg_api_alloc_as_if_client(msg_size);
- memset (mp, 0, msg_size);
+ clib_memset (mp, 0, msg_size);
mp->_vl_msg_id = ntohs (VL_API_MACIP_ACL_INTERFACE_GET + sm->msg_id_base);
mp->client_index = vam->my_client_index;
@@ -519,7 +519,7 @@ static int api_acl_add_replace (vat_main_t * vam)
msg_size += n_rules*sizeof(rules[0]);
mp = vl_msg_api_alloc_as_if_client(msg_size);
- memset (mp, 0, msg_size);
+ clib_memset (mp, 0, msg_size);
mp->_vl_msg_id = ntohs (VL_API_ACL_ADD_REPLACE + sm->msg_id_base);
mp->client_index = vam->my_client_index;
if ((n_rules > 0) && rules)
@@ -693,7 +693,7 @@ api_acl_add_replace_from_file (vat_main_t * vam)
msg_size += n_rules*sizeof(rules[0]);
mp = vl_msg_api_alloc_as_if_client(msg_size);
- memset (mp, 0, msg_size);
+ clib_memset (mp, 0, msg_size);
mp->_vl_msg_id = ntohs (VL_API_ACL_ADD_REPLACE + sm->msg_id_base);
mp->client_index = vam->my_client_index;
if (n_rules > 0)
@@ -1257,7 +1257,7 @@ static int api_macip_acl_add (vat_main_t * vam)
msg_size += n_rules*sizeof(rules[0]);
mp = vl_msg_api_alloc_as_if_client(msg_size);
- memset (mp, 0, msg_size);
+ clib_memset (mp, 0, msg_size);
mp->_vl_msg_id = ntohs (VL_API_MACIP_ACL_ADD + sm->msg_id_base);
mp->client_index = vam->my_client_index;
if ((n_rules > 0) && rules)
@@ -1409,7 +1409,7 @@ static int api_macip_acl_add_replace (vat_main_t * vam)
msg_size += n_rules*sizeof(rules[0]);
mp = vl_msg_api_alloc_as_if_client(msg_size);
- memset (mp, 0, msg_size);
+ clib_memset (mp, 0, msg_size);
mp->_vl_msg_id = ntohs (VL_API_MACIP_ACL_ADD_REPLACE + sm->msg_id_base);
mp->client_index = vam->my_client_index;
if ((n_rules > 0) && rules)
diff --git a/src/plugins/acl/hash_lookup.c b/src/plugins/acl/hash_lookup.c
index 0087a5e2ab7..8c1004e9212 100644
--- a/src/plugins/acl/hash_lookup.c
+++ b/src/plugins/acl/hash_lookup.c
@@ -315,7 +315,7 @@ release_mask_type_index(acl_main_t *am, u32 mask_type_index)
DBG0("RELEAS MTE index %d new refcount %d", mask_type_index, mte->refcount);
if (mte->refcount == 0) {
/* we are not using this entry anymore */
- memset(mte, 0xae, sizeof(*mte));
+ clib_memset(mte, 0xae, sizeof(*mte));
pool_put(am->ace_mask_type_pool, mte);
}
}
@@ -1057,7 +1057,7 @@ ip4_address_mask_from_width (ip4_address_t * a, u32 width)
{
int i, byte, bit, bitnum;
ASSERT (width <= 32);
- memset (a, 0, sizeof (a[0]));
+ clib_memset (a, 0, sizeof (a[0]));
for (i = 0; i < width; i++)
{
bitnum = (7 - (i & 7));
@@ -1090,8 +1090,8 @@ make_port_mask(u16 *portmask, u16 port_first, u16 port_last)
static void
make_mask_and_match_from_rule(fa_5tuple_t *mask, acl_rule_t *r, hash_ace_info_t *hi)
{
- memset(mask, 0, sizeof(*mask));
- memset(&hi->match, 0, sizeof(hi->match));
+ clib_memset(mask, 0, sizeof(*mask));
+ clib_memset(&hi->match, 0, sizeof(hi->match));
hi->action = r->is_permit;
/* we will need to be matching based on lc_index and mask_type_index when applied */
@@ -1107,7 +1107,7 @@ make_mask_and_match_from_rule(fa_5tuple_t *mask, acl_rule_t *r, hash_ace_info_t
make_ip6_address_mask(&mask->ip6_addr[1], r->dst_prefixlen);
hi->match.ip6_addr[1] = r->dst.ip6;
} else {
- memset(hi->match.l3_zero_pad, 0, sizeof(hi->match.l3_zero_pad));
+ clib_memset(hi->match.l3_zero_pad, 0, sizeof(hi->match.l3_zero_pad));
make_ip4_address_mask(&mask->ip4_addr[0], r->src_prefixlen);
hi->match.ip4_addr[0] = r->src.ip4;
make_ip4_address_mask(&mask->ip4_addr[1], r->dst_prefixlen);
@@ -1166,7 +1166,7 @@ void hash_acl_add(acl_main_t *am, int acl_index)
acl_list_t *a = &am->acls[acl_index];
vec_validate(am->hash_acl_infos, acl_index);
hash_acl_info_t *ha = vec_elt_at_index(am->hash_acl_infos, acl_index);
- memset(ha, 0, sizeof(*ha));
+ clib_memset(ha, 0, sizeof(*ha));
ha->hash_acl_exists = 1;
/* walk the newly added ACL entries and ensure that for each of them there
@@ -1174,7 +1174,7 @@ void hash_acl_add(acl_main_t *am, int acl_index)
for(i=0; i < a->count; i++) {
hash_ace_info_t ace_info;
fa_5tuple_t mask;
- memset(&ace_info, 0, sizeof(ace_info));
+ clib_memset(&ace_info, 0, sizeof(ace_info));
ace_info.acl_index = acl_index;
ace_info.ace_index = i;
@@ -1481,8 +1481,8 @@ split_partition(acl_main_t *am, u32 first_index,
hash_acl_info_t *ha = vec_elt_at_index(am->hash_acl_infos, pae->acl_index);
hash_ace_info_t *ace_info;
u32 coll_mask_type_index = pae->mask_type_index;
- memset(&the_min_tuple, 0, sizeof(the_min_tuple));
- memset(&the_max_tuple, 0, sizeof(the_max_tuple));
+ clib_memset(&the_min_tuple, 0, sizeof(the_min_tuple));
+ clib_memset(&the_max_tuple, 0, sizeof(the_max_tuple));
int i=0;
u64 collisions = vec_len(pae->colliding_rules);
diff --git a/src/plugins/acl/public_inlines.h b/src/plugins/acl/public_inlines.h
index 576d081784c..850babfa872 100644
--- a/src/plugins/acl/public_inlines.h
+++ b/src/plugins/acl/public_inlines.h
@@ -73,7 +73,7 @@ acl_fill_5tuple_l3_data (acl_main_t * am, vlib_buffer_t * b0, int is_ip6,
}
else
{
- memset(p5tuple_pkt->l3_zero_pad, 0, sizeof(p5tuple_pkt->l3_zero_pad));
+ clib_memset(p5tuple_pkt->l3_zero_pad, 0, sizeof(p5tuple_pkt->l3_zero_pad));
clib_memcpy (&p5tuple_pkt->ip4_addr,
get_ptr_to_offset (b0,
offsetof (ip4_header_t,