summaryrefslogtreecommitdiffstats
path: root/src/plugins/gbp/gbp_policy_dpo.c
diff options
context:
space:
mode:
authorBenoît Ganne <bganne@cisco.com>2019-09-06 13:43:16 +0200
committerNeale Ranns <nranns@cisco.com>2019-09-23 15:30:29 +0000
commit44ca60ecdba866160bebbc6c1eb983674819d429 (patch)
treeb0b647aa8eb80528cf5d6a78aa707f2afb3441e3 /src/plugins/gbp/gbp_policy_dpo.c
parent1df833e6deecaa1ca68d6e98af7fb109fc0ca18a (diff)
gbp: fix contract rule handling
Fix a memory leak when removing old GBP contract rules and make sure a GBP contract rule exists when matching the corresponding ACL rule. Type: fix Fixes: 13a08cc098 Change-Id: Iba67d573e69280ad998488a7a3d3462341c68ea4 Signed-off-by: Benoît Ganne <bganne@cisco.com>
Diffstat (limited to 'src/plugins/gbp/gbp_policy_dpo.c')
-rw-r--r--src/plugins/gbp/gbp_policy_dpo.c11
1 files changed, 7 insertions, 4 deletions
diff --git a/src/plugins/gbp/gbp_policy_dpo.c b/src/plugins/gbp/gbp_policy_dpo.c
index dec30e46336..9f26b9c67ab 100644
--- a/src/plugins/gbp/gbp_policy_dpo.c
+++ b/src/plugins/gbp/gbp_policy_dpo.c
@@ -268,13 +268,14 @@ gbp_policy_dpo_inline (vlib_main_t * vm,
while (n_left_from > 0 && n_left_to_next > 0)
{
+ gbp_rule_action_t action0 = GBP_RULE_DENY;
+ u32 acl_match = ~0, rule_match = ~0;
const gbp_policy_dpo_t *gpd0;
- gbp_rule_action_t action0;
gbp_contract_error_t err0;
- u32 bi0, next0;
gbp_contract_key_t key0;
vlib_buffer_t *b0;
gbp_rule_t *rule0;
+ u32 bi0, next0;
bi0 = from[0];
to_next[0] = bi0;
@@ -325,7 +326,8 @@ gbp_policy_dpo_inline (vlib_main_t * vm,
action0 =
gbp_contract_apply (vm, gm, &key0, b0, &rule0, &n_allow_intra,
- &n_allow_sclass_1, &err0,
+ &n_allow_sclass_1, &acl_match, &rule_match,
+ &err0,
is_ip6 ? GBP_CONTRACT_APPLY_IP6 :
GBP_CONTRACT_APPLY_IP4);
switch (action0)
@@ -345,7 +347,8 @@ gbp_policy_dpo_inline (vlib_main_t * vm,
}
trace:
- gbp_policy_trace (vm, node, b0, &key0, (next0 != GBP_POLICY_DROP));
+ gbp_policy_trace (vm, node, b0, &key0, action0, acl_match,
+ rule_match);
vlib_validate_buffer_enqueue_x1 (vm, node, next_index, to_next,
n_left_to_next, bi0, next0);