diff options
| author |   Benoît Ganne <bganne@cisco.com> | 2019-09-06 13:43:16 +0200 |
|---|---|---|
| committer |   Andrew Yourtchenko <ayourtch@gmail.com> | 2019-10-03 08:41:20 +0000 |
| commit | 5308ce13f6b070cb1e4558cb70b330ef548544cf (patch) | |
| tree | c8d9f9baab257d95cb73229c3ee8eae03c9cceb4 /src/plugins/gbp/gbp_policy_dpo.c | |
| parent | 68ac86e923ce55bcc0ea82c4b5a0e0ef83b56c23 (diff) | |
gbp: fix contract rule handling
Fix a memory leak when removing old GBP contract rules and make sure a
GBP contract rule exists when matching the corresponding ACL rule.
Type: fix
Fixes: 13a08cc098
Change-Id: Iba67d573e69280ad998488a7a3d3462341c68ea4
Signed-off-by: Benoît Ganne <bganne@cisco.com>
(cherry picked from commit 44ca60ecdba866160bebbc6c1eb983674819d429)
Diffstat (limited to 'src/plugins/gbp/gbp_policy_dpo.c')
| -rw-r--r-- | src/plugins/gbp/gbp_policy_dpo.c | 11 |
1 files changed, 7 insertions, 4 deletions
diff --git a/src/plugins/gbp/gbp_policy_dpo.c b/src/plugins/gbp/gbp_policy_dpo.c index dec30e46336..9f26b9c67ab 100644 --- a/src/plugins/gbp/gbp_policy_dpo.c +++ b/src/plugins/gbp/gbp_policy_dpo.c @@ -268,13 +268,14 @@ gbp_policy_dpo_inline (vlib_main_t * vm, while (n_left_from > 0 && n_left_to_next > 0) { + gbp_rule_action_t action0 = GBP_RULE_DENY; + u32 acl_match = ~0, rule_match = ~0; const gbp_policy_dpo_t *gpd0; - gbp_rule_action_t action0; gbp_contract_error_t err0; - u32 bi0, next0; gbp_contract_key_t key0; vlib_buffer_t *b0; gbp_rule_t *rule0; + u32 bi0, next0; bi0 = from[0]; to_next[0] = bi0; @@ -325,7 +326,8 @@ gbp_policy_dpo_inline (vlib_main_t * vm, action0 = gbp_contract_apply (vm, gm, &key0, b0, &rule0, &n_allow_intra, - &n_allow_sclass_1, &err0, + &n_allow_sclass_1, &acl_match, &rule_match, + &err0, is_ip6 ? GBP_CONTRACT_APPLY_IP6 : GBP_CONTRACT_APPLY_IP4); switch (action0) @@ -345,7 +347,8 @@ gbp_policy_dpo_inline (vlib_main_t * vm, } trace: - gbp_policy_trace (vm, node, b0, &key0, (next0 != GBP_POLICY_DROP)); + gbp_policy_trace (vm, node, b0, &key0, action0, acl_match, + rule_match); vlib_validate_buffer_enqueue_x1 (vm, node, next_index, to_next, n_left_to_next, bi0, next0); |