session/tcp: filtering improvements

- make allow action explicit (-3) - add session lookup is_filtered return flag that is set if lookup hit a deny filter - change tcp logic to drop filtered packets when punting is enabled Change-Id: Ic38f294424663a4e108439b7571511f46f8e0be1 Signed-off-by: Florin Coras <fcoras@cisco.com>
author: Florin Coras <fcoras@cisco.com> 2017-11-19 18:06:58 -0800
committer: Dave Wallace <dwallacelf@gmail.com> 2017-11-20 16:15:34 +0000
commit: dff48db0782444125f68cab14d91e7bb4109286a (patch)
tree: 1c30045b625d7161a53512395b591f98d3196854 /src/vnet/tcp/tcp_error.def
parent: 45b485099d8bdf5985e9869bc8221852073f9369 (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/src/vnet/tcp/tcp_error.def b/src/vnet/tcp/tcp_error.def
index a179717ff13..5bff5ee5d4a 100644
--- a/src/vnet/tcp/tcp_error.def
+++ b/src/vnet/tcp/tcp_error.def
@@ -40,4 +40,5 @@ tcp_error (INVALID_CONNECTION, "Invalid connection")
 tcp_error (NO_WND, "No window")
 tcp_error (CONNECTION_CLOSED, "Connection closed")
 tcp_error (CREATE_EXISTS, "Connection already exists")
-tcp_error (PUNT, "Packets punted")
-\ No newline at end of file
+tcp_error (PUNT, "Packets punted")
+tcp_error (FILTERED, "Packets filtered")
+\ No newline at end of file
author	Florin Coras <fcoras@cisco.com>	2017-11-19 18:06:58 -0800
committer	Dave Wallace <dwallacelf@gmail.com>	2017-11-20 16:15:34 +0000
commit	dff48db0782444125f68cab14d91e7bb4109286a (patch)
tree	1c30045b625d7161a53512395b591f98d3196854 /src/vnet/tcp/tcp_error.def
parent	45b485099d8bdf5985e9869bc8221852073f9369 (diff)