session/tcp: filtering improvements

- make allow action explicit (-3) - add session lookup is_filtered return flag that is set if lookup hit a deny filter - change tcp logic to drop filtered packets when punting is enabled Change-Id: Ic38f294424663a4e108439b7571511f46f8e0be1 Signed-off-by: Florin Coras <fcoras@cisco.com>
author: Florin Coras <fcoras@cisco.com> 2017-11-19 18:06:58 -0800
committer: Dave Wallace <dwallacelf@gmail.com> 2017-11-20 16:15:34 +0000
commit: dff48db0782444125f68cab14d91e7bb4109286a (patch)
tree: 1c30045b625d7161a53512395b591f98d3196854 /src/vnet/session/session_rules_table.h
parent: 45b485099d8bdf5985e9869bc8221852073f9369 (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/src/vnet/session/session_rules_table.h b/src/vnet/session/session_rules_table.h
index ecd2d9b14d6..9088afcca27 100644
--- a/src/vnet/session/session_rules_table.h
+++ b/src/vnet/session/session_rules_table.h
@@ -56,8 +56,8 @@ typedef CLIB_PACKED (struct
 
 #define SESSION_RULE_TAG_MAX_LEN 64
 #define SESSION_RULES_TABLE_INVALID_INDEX MMA_TABLE_INVALID_INDEX
-#define SESSION_RULES_TABLE_ACTION_DROP (((u32)~0) - 1)
-#define SESSION_RULES_TABLE_ACTION_NONE SESSION_RULES_TABLE_INVALID_INDEX
+#define SESSION_RULES_TABLE_ACTION_DROP (MMA_TABLE_INVALID_INDEX - 1)
+#define SESSION_RULES_TABLE_ACTION_ALLOW (MMA_TABLE_INVALID_INDEX - 2)
 
 typedef struct _session_rules_table_add_del_args
 {
author	Florin Coras <fcoras@cisco.com>	2017-11-19 18:06:58 -0800
committer	Dave Wallace <dwallacelf@gmail.com>	2017-11-20 16:15:34 +0000
commit	dff48db0782444125f68cab14d91e7bb4109286a (patch)
tree	1c30045b625d7161a53512395b591f98d3196854 /src/vnet/session/session_rules_table.h
parent	45b485099d8bdf5985e9869bc8221852073f9369 (diff)