diff options
author | Andrew Yourtchenko <ayourtch@gmail.com> | 2017-12-09 14:55:52 +0100 |
---|---|---|
committer | Florin Coras <florin.coras@gmail.com> | 2017-12-11 19:05:23 +0000 |
commit | d78349109fdb98fa0ba5f5aff779be700ff78357 (patch) | |
tree | f704a36483ac448ea8946949e90d556510f952be /src/vlibsocket | |
parent | abbc04c564b4120a3ee753cdd133a7a151dc5c8e (diff) |
acl-plugin: unapply/reapply the classifier-based inacls when performing macip_acl_add_replace on an existing MACIP ACL
The classifier tables layout might (and most always will) change during the MACIP ACL modification.
Furthermore, vnet_set_input_acl_intfc() is quite a picky creature - it quietly does nothing
if there is an existing inacl applied, even if the number is different, so a simple "reapply"
does not work. So, cleanly remove inacl, then reapply when the new tables are ready.
Also, fix the testcase which was supposed to test this exact behavior.
Thanks to Jon Loeliger for spotting this issue.
Change-Id: I7e4bd8023d9de7e914448bb4466c1b0ef6940f58
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Diffstat (limited to 'src/vlibsocket')
0 files changed, 0 insertions, 0 deletions