diff options
Diffstat (limited to 'src/plugins/acl')
-rw-r--r-- | src/plugins/acl/acl.c | 23 | ||||
-rw-r--r-- | src/plugins/acl/fa_node.c | 23 |
2 files changed, 38 insertions, 8 deletions
diff --git a/src/plugins/acl/acl.c b/src/plugins/acl/acl.c index ae1cbf714c1..d9f22d826d4 100644 --- a/src/plugins/acl/acl.c +++ b/src/plugins/acl/acl.c @@ -1828,12 +1828,6 @@ acl_set_aclplugin_fn (vlib_main_t * vm, goto done; } if (unformat (input, "session")) { - if (unformat (input, "clear")) { - acl_main_t *am = &acl_main; - vlib_process_signal_event (am->vlib_main, am->fa_cleaner_node_index, - ACL_FA_CLEANER_DELETE_BY_SW_IF_INDEX, ~0); - goto done; - } if (unformat (input, "table")) { /* The commands here are for tuning/testing. No user-serviceable parts inside */ if (unformat (input, "max-entries")) { @@ -2189,6 +2183,17 @@ acl_show_aclplugin_fn (vlib_main_t * vm, return error; } +static clib_error_t * +acl_clear_aclplugin_fn (vlib_main_t * vm, + unformat_input_t * input, + vlib_cli_command_t * cmd) +{ + clib_error_t *error = 0; + acl_main_t *am = &acl_main; + vlib_process_signal_event (am->vlib_main, am->fa_cleaner_node_index, + ACL_FA_CLEANER_DELETE_BY_SW_IF_INDEX, ~0); + return error; +} /* *INDENT-OFF* */ VLIB_CLI_COMMAND (aclplugin_set_command, static) = { @@ -2202,6 +2207,12 @@ VLIB_CLI_COMMAND (aclplugin_show_command, static) = { .short_help = "show acl-plugin {sessions|acl|interface|tables}", .function = acl_show_aclplugin_fn, }; + +VLIB_CLI_COMMAND (aclplugin_clear_command, static) = { + .path = "clear acl-plugin sessions", + .short_help = "clear acl-plugin sessions", + .function = acl_clear_aclplugin_fn, +}; /* *INDENT-ON* */ diff --git a/src/plugins/acl/fa_node.c b/src/plugins/acl/fa_node.c index e89c47e288e..c0ff1a5e01a 100644 --- a/src/plugins/acl/fa_node.c +++ b/src/plugins/acl/fa_node.c @@ -1465,6 +1465,7 @@ acl_fa_session_cleaner_process (vlib_main_t * vm, vlib_node_runtime_t * rt, { uword *clear_sw_if_index_bitmap = 0; uword *sw_if_index0; + int clear_all = 0; #ifdef FA_NODE_VERBOSE_DEBUG clib_warning("ACL_FA_CLEANER_DELETE_BY_SW_IF_INDEX received"); #endif @@ -1476,7 +1477,17 @@ acl_fa_session_cleaner_process (vlib_main_t * vm, vlib_node_runtime_t * rt, ("ACL_FA_NODE_CLEAN: ACL_FA_CLEANER_DELETE_BY_SW_IF_INDEX: %d", *sw_if_index0); #endif - clear_sw_if_index_bitmap = clib_bitmap_set(clear_sw_if_index_bitmap, *sw_if_index0, 1); + if (*sw_if_index0 == ~0) + { + clear_all = 1; + } + else + { + if (!pool_is_free_index (am->vnet_main->interface_main.sw_interfaces, *sw_if_index0)) + { + clear_sw_if_index_bitmap = clib_bitmap_set(clear_sw_if_index_bitmap, *sw_if_index0, 1); + } + } } #ifdef FA_NODE_VERBOSE_DEBUG clib_warning("ACL_FA_CLEANER_DELETE_BY_SW_IF_INDEX bitmap: %U", format_bitmap_hex, clear_sw_if_index_bitmap); @@ -1496,7 +1507,15 @@ acl_fa_session_cleaner_process (vlib_main_t * vm, vlib_node_runtime_t * rt, if (pw0->clear_in_process) { clib_warning("ERROR-BUG! Could not initiate cleaning on worker because another cleanup in progress"); } else { - pw0->pending_clear_sw_if_index_bitmap = clib_bitmap_dup(clear_sw_if_index_bitmap); + if (clear_all) + { + /* if we need to clear all, then just clear the interfaces that we are servicing */ + pw0->pending_clear_sw_if_index_bitmap = clib_bitmap_dup(pw0->serviced_sw_if_index_bitmap); + } + else + { + pw0->pending_clear_sw_if_index_bitmap = clib_bitmap_dup(clear_sw_if_index_bitmap); + } pw0->clear_in_process = 1; } } |