summaryrefslogtreecommitdiffstats
path: root/src/plugins/gbp/gbp_policy_node.c
diff options
context:
space:
mode:
authorBenoît Ganne <bganne@cisco.com>2019-09-06 13:43:16 +0200
committerNeale Ranns <nranns@cisco.com>2019-09-23 15:30:29 +0000
commit44ca60ecdba866160bebbc6c1eb983674819d429 (patch)
treeb0b647aa8eb80528cf5d6a78aa707f2afb3441e3 /src/plugins/gbp/gbp_policy_node.c
parent1df833e6deecaa1ca68d6e98af7fb109fc0ca18a (diff)
gbp: fix contract rule handling
Fix a memory leak when removing old GBP contract rules and make sure a GBP contract rule exists when matching the corresponding ACL rule. Type: fix Fixes: 13a08cc098 Change-Id: Iba67d573e69280ad998488a7a3d3462341c68ea4 Signed-off-by: Benoît Ganne <bganne@cisco.com>
Diffstat (limited to 'src/plugins/gbp/gbp_policy_node.c')
-rw-r--r--src/plugins/gbp/gbp_policy_node.c11
1 files changed, 6 insertions, 5 deletions
diff --git a/src/plugins/gbp/gbp_policy_node.c b/src/plugins/gbp/gbp_policy_node.c
index 7bbcffa5b47..8c6ef5c2b94 100644
--- a/src/plugins/gbp/gbp_policy_node.c
+++ b/src/plugins/gbp/gbp_policy_node.c
@@ -116,10 +116,11 @@ gbp_policy_inline (vlib_main_t * vm,
while (n_left_from > 0 && n_left_to_next > 0)
{
+ gbp_rule_action_t action0 = GBP_RULE_DENY;
const ethernet_header_t *h0;
const gbp_endpoint_t *ge0;
- gbp_rule_action_t action0;
gbp_contract_error_t err0;
+ u32 acl_match = ~0, rule_match = ~0;
gbp_policy_next_t next0;
gbp_contract_key_t key0;
u32 bi0, sw_if_index0;
@@ -220,8 +221,8 @@ gbp_policy_inline (vlib_main_t * vm,
action0 =
gbp_contract_apply (vm, gm, &key0, b0, &rule0, &n_allow_intra,
- &n_allow_sclass_1, &err0,
- GBP_CONTRACT_APPLY_L2);
+ &n_allow_sclass_1, &acl_match, &rule_match,
+ &err0, GBP_CONTRACT_APPLY_L2);
switch (action0)
{
case GBP_RULE_PERMIT:
@@ -239,8 +240,8 @@ gbp_policy_inline (vlib_main_t * vm,
}
trace:
- gbp_policy_trace (vm, node, b0, &key0,
- (next0 != GBP_POLICY_NEXT_DROP));
+ gbp_policy_trace (vm, node, b0, &key0, action0, acl_match,
+ rule_match);
/* verify speculative enqueue, maybe switch current next frame */
vlib_validate_buffer_enqueue_x1 (vm, node, next_index,