diff options
Diffstat (limited to 'src/plugins/abf')
-rw-r--r-- | src/plugins/abf/FEATURE.yaml | 7 | ||||
-rw-r--r-- | src/plugins/abf/abf_itf_attach.c | 9 |
2 files changed, 10 insertions, 6 deletions
diff --git a/src/plugins/abf/FEATURE.yaml b/src/plugins/abf/FEATURE.yaml index b9f3285daa3..7902dbe7800 100644 --- a/src/plugins/abf/FEATURE.yaml +++ b/src/plugins/abf/FEATURE.yaml @@ -1,9 +1,12 @@ --- name: ACL Based Forwarding -maintainer: Neale Ranns <nranns@cisco.com> +maintainer: Neale Ranns <neale@graphiant.com> features: - 'Policy Based Routing' - - ACLs match traffic to be forwarded + - ACLs identify how traffic should be forwarded. Packets matching a permit + rule are forwarded using ABF policy. Packets matching a deny rule are + excluded from ABF handling and continue traversing the input feature arc on + the L3 path. - Each rule in the ACL has an associated 'path' which determines how the traffic will be forwarded. This path is described as a FIB path, so anything possible with basic L3 forwarding is possible with ABF (with the exception diff --git a/src/plugins/abf/abf_itf_attach.c b/src/plugins/abf/abf_itf_attach.c index 6f85ff69ae6..a14717e1999 100644 --- a/src/plugins/abf/abf_itf_attach.c +++ b/src/plugins/abf/abf_itf_attach.c @@ -567,10 +567,11 @@ abf_input_inline (vlib_main_t * vm, (FIB_PROTOCOL_IP6 == fproto), 1, 0, &fa_5tuple0); - if (acl_plugin_match_5tuple_inline - (acl_plugin.p_acl_main, lc_index, &fa_5tuple0, - (FIB_PROTOCOL_IP6 == fproto), &action, &match_acl_pos, - &match_acl_index, &match_rule_index, &trace_bitmap)) + if (acl_plugin_match_5tuple_inline ( + acl_plugin.p_acl_main, lc_index, &fa_5tuple0, + (FIB_PROTOCOL_IP6 == fproto), &action, &match_acl_pos, + &match_acl_index, &match_rule_index, &trace_bitmap) && + action > 0) { /* * match: |