diff options
author | Andrew Yourtchenko <ayourtch@gmail.com> | 2017-05-11 12:33:54 +0200 |
---|---|---|
committer | Ole Trøan <otroan@employees.org> | 2017-05-11 15:39:26 +0000 |
commit | 4c72e629e5ace392390a9d6109594254525064f7 (patch) | |
tree | d16331b5d9ec89e0616a1ebcaaf744722b9fb072 /src | |
parent | 2f8fa30f34515f399910d8b77109c2d73b2fec68 (diff) |
acl-plugin: unapply the ACLs if interface is being deleted
(HC2VPP-137 is the client behavior triggering this)
If the user does not unapply the ACLs off the interface,
but deletes the interface, the subsequent reuse of the
sw_if_index might find itself with the datapath
hooked up for ACL processing even though there is
no ACL configured. The fix is to unapply any ACLs
in the callback which is called upon the sw_if_index
addition/deletion.
Change-Id: Icea413d7fbf1ef891844a4818626e1b34fe79cbf
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Diffstat (limited to 'src')
-rw-r--r-- | src/plugins/acl/acl.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/src/plugins/acl/acl.c b/src/plugins/acl/acl.c index 98c74b9b358..ad5e00408c0 100644 --- a/src/plugins/acl/acl.c +++ b/src/plugins/acl/acl.c @@ -1966,6 +1966,10 @@ acl_sw_interface_add_del (vnet_main_t * vnm, u32 sw_if_index, u32 is_add) if (0 == is_add) { vlib_process_signal_event (am->vlib_main, am->fa_cleaner_node_index, ACL_FA_CLEANER_DELETE_BY_SW_IF_INDEX, sw_if_index); + /* also unapply any ACLs in case the users did not do so. */ + macip_acl_interface_del_acl(am, sw_if_index); + acl_interface_reset_inout_acls (sw_if_index, 0); + acl_interface_reset_inout_acls (sw_if_index, 1); } return 0; } |