diff options
| author |   Andrew Yourtchenko <ayourtch@gmail.com> | 2017-08-09 11:28:02 +0200 |
|---|---|---|
| committer | Andrew Yourtchenko <ayourtch@gmail.com> | 2017-08-09 14:05:50 +0200 |
| commit | 754370f1b55d4102d21dd94676f2bda3170c7df0 (patch) | |
| tree | 034097e5fddf7e1dadef0372f52fa4e1436b8319 /src | |
| parent | b7cd108399c8e9958f1822dbfb0d674a96fc97a4 (diff) | |
acl-plugin: all TCP sessions treated as transient (VPP-932)
The packet that was creating the session was not tracked,
consequently the TCP flags seen within the session record
never got the value for the session to get treated as
being in the established state.
Test-escape, so add the TCP tests which test the
three phases of the TCP session life and make them all pass.
Change-Id: Ib048bc30c809a7f03be2de7e8361c2c281270348
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Diffstat (limited to 'src')
| -rw-r--r-- | src/plugins/acl/fa_node.c | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/src/plugins/acl/fa_node.c b/src/plugins/acl/fa_node.c index ab5db80bf70..47945892881 100644 --- a/src/plugins/acl/fa_node.c +++ b/src/plugins/acl/fa_node.c @@ -871,7 +871,7 @@ acl_fa_try_recycle_session (acl_main_t * am, int is_input, u16 thread_index, u32 } } -static void +static fa_session_t * acl_fa_add_session (acl_main_t * am, int is_input, u32 sw_if_index, u64 now, fa_5tuple_t * p5tuple) { @@ -915,6 +915,7 @@ acl_fa_add_session (acl_main_t * am, int is_input, u32 sw_if_index, u64 now, clib_mem_set_heap (oldheap); pw->fa_session_adds_by_sw_if_index[sw_if_index]++; clib_smp_atomic_add(&am->fa_session_total_adds, 1); + return sess; } static int @@ -1082,8 +1083,10 @@ acl_fa_node_fn (vlib_main_t * vm, if (acl_fa_can_add_session (am, is_input, sw_if_index0)) { - acl_fa_add_session (am, is_input, sw_if_index0, now, - &kv_sess); + fa_session_t *sess = acl_fa_add_session (am, is_input, sw_if_index0, now, + &kv_sess); + acl_fa_track_session (am, is_input, sw_if_index0, now, + sess, &fa_5tuple); pkts_new_session += 1; } else |