diff options
author | Benoît Ganne <bganne@cisco.com> | 2019-09-06 13:43:16 +0200 |
---|---|---|
committer | Neale Ranns <nranns@cisco.com> | 2019-09-23 15:30:29 +0000 |
commit | 44ca60ecdba866160bebbc6c1eb983674819d429 (patch) | |
tree | b0b647aa8eb80528cf5d6a78aa707f2afb3441e3 /src/plugins/gbp/gbp_policy_dpo.c | |
parent | 1df833e6deecaa1ca68d6e98af7fb109fc0ca18a (diff) |
gbp: fix contract rule handling
Fix a memory leak when removing old GBP contract rules and make sure a
GBP contract rule exists when matching the corresponding ACL rule.
Type: fix
Fixes: 13a08cc098
Change-Id: Iba67d573e69280ad998488a7a3d3462341c68ea4
Signed-off-by: Benoît Ganne <bganne@cisco.com>
Diffstat (limited to 'src/plugins/gbp/gbp_policy_dpo.c')
-rw-r--r-- | src/plugins/gbp/gbp_policy_dpo.c | 11 |
1 files changed, 7 insertions, 4 deletions
diff --git a/src/plugins/gbp/gbp_policy_dpo.c b/src/plugins/gbp/gbp_policy_dpo.c index dec30e46336..9f26b9c67ab 100644 --- a/src/plugins/gbp/gbp_policy_dpo.c +++ b/src/plugins/gbp/gbp_policy_dpo.c @@ -268,13 +268,14 @@ gbp_policy_dpo_inline (vlib_main_t * vm, while (n_left_from > 0 && n_left_to_next > 0) { + gbp_rule_action_t action0 = GBP_RULE_DENY; + u32 acl_match = ~0, rule_match = ~0; const gbp_policy_dpo_t *gpd0; - gbp_rule_action_t action0; gbp_contract_error_t err0; - u32 bi0, next0; gbp_contract_key_t key0; vlib_buffer_t *b0; gbp_rule_t *rule0; + u32 bi0, next0; bi0 = from[0]; to_next[0] = bi0; @@ -325,7 +326,8 @@ gbp_policy_dpo_inline (vlib_main_t * vm, action0 = gbp_contract_apply (vm, gm, &key0, b0, &rule0, &n_allow_intra, - &n_allow_sclass_1, &err0, + &n_allow_sclass_1, &acl_match, &rule_match, + &err0, is_ip6 ? GBP_CONTRACT_APPLY_IP6 : GBP_CONTRACT_APPLY_IP4); switch (action0) @@ -345,7 +347,8 @@ gbp_policy_dpo_inline (vlib_main_t * vm, } trace: - gbp_policy_trace (vm, node, b0, &key0, (next0 != GBP_POLICY_DROP)); + gbp_policy_trace (vm, node, b0, &key0, action0, acl_match, + rule_match); vlib_validate_buffer_enqueue_x1 (vm, node, next_index, to_next, n_left_to_next, bi0, next0); |