diff options
Diffstat (limited to 'src/plugins/acl')
-rw-r--r-- | src/plugins/acl/acl.c | 2 | ||||
-rw-r--r-- | src/plugins/acl/hash_lookup.c | 31 | ||||
-rw-r--r-- | src/plugins/acl/hash_lookup_types.h | 2 |
3 files changed, 31 insertions, 4 deletions
diff --git a/src/plugins/acl/acl.c b/src/plugins/acl/acl.c index 80ef56613d4..db54d4e8a52 100644 --- a/src/plugins/acl/acl.c +++ b/src/plugins/acl/acl.c @@ -2377,6 +2377,7 @@ acl_show_aclplugin_fn (vlib_main_t * vm, if (swi < vec_len(am->input_applied_hash_acl_info_by_sw_if_index)) { applied_hash_acl_info_t *pal = &am->input_applied_hash_acl_info_by_sw_if_index[swi]; out0 = format(out0, " input lookup mask_type_index_bitmap: %U\n", format_bitmap_hex, pal->mask_type_index_bitmap); + out0 = format(out0, " input applied acls: %U\n", format_vec32, pal->applied_acls, "%d"); } if (swi < vec_len(am->input_hash_entry_vec_by_sw_if_index)) { out0 = format(out0, " input lookup applied entries:\n"); @@ -2391,6 +2392,7 @@ acl_show_aclplugin_fn (vlib_main_t * vm, if (swi < vec_len(am->output_applied_hash_acl_info_by_sw_if_index)) { applied_hash_acl_info_t *pal = &am->output_applied_hash_acl_info_by_sw_if_index[swi]; out0 = format(out0, " output lookup mask_type_index_bitmap: %U\n", format_bitmap_hex, pal->mask_type_index_bitmap); + out0 = format(out0, " output applied acls: %U\n", format_vec32, pal->applied_acls, "%d"); } if (swi < vec_len(am->output_hash_entry_vec_by_sw_if_index)) { out0 = format(out0, " output lookup applied entries:\n"); diff --git a/src/plugins/acl/hash_lookup.c b/src/plugins/acl/hash_lookup.c index ae522d921cc..a2edb9f3b25 100644 --- a/src/plugins/acl/hash_lookup.c +++ b/src/plugins/acl/hash_lookup.c @@ -339,6 +339,16 @@ hash_acl_apply(acl_main_t *am, u32 sw_if_index, u8 is_input, int acl_index) &am->output_applied_hash_acl_info_by_sw_if_index; vec_validate((*applied_hash_acls), sw_if_index); applied_hash_acl_info_t *pal = vec_elt_at_index((*applied_hash_acls), sw_if_index); + + /* ensure the list of applied hash acls is initialized and add this acl# to it */ + u32 index = vec_search(pal->applied_acls, acl_index); + if (index != ~0) { + clib_warning("BUG: trying to apply twice acl_index %d on sw_if_index %d is_input %d", + acl_index, sw_if_index, is_input); + goto done; + } + vec_add1(pal->applied_acls, acl_index); + pal->mask_type_index_bitmap = clib_bitmap_or(pal->mask_type_index_bitmap, ha->mask_type_index_bitmap); /* @@ -369,6 +379,7 @@ hash_acl_apply(acl_main_t *am, u32 sw_if_index, u8 is_input, int acl_index) activate_applied_ace_hash_entry(am, sw_if_index, is_input, applied_hash_aces, new_index); } applied_hash_entries_analyze(am, applied_hash_aces); +done: clib_mem_set_heap (oldheap); } @@ -492,14 +503,14 @@ hash_acl_build_applied_lookup_bitmap(acl_main_t *am, u32 sw_if_index, u8 is_inpu { int i; uword *new_lookup_bitmap = 0; - u32 **applied_acls = is_input ? vec_elt_at_index(am->input_acl_vec_by_sw_if_index, sw_if_index) - : vec_elt_at_index(am->output_acl_vec_by_sw_if_index, sw_if_index); applied_hash_acl_info_t **applied_hash_acls = is_input ? &am->input_applied_hash_acl_info_by_sw_if_index : &am->output_applied_hash_acl_info_by_sw_if_index; applied_hash_acl_info_t *pal = vec_elt_at_index((*applied_hash_acls), sw_if_index); - for(i=0; i < vec_len(*applied_acls); i++) { - u32 a_acl_index = *vec_elt_at_index((*applied_acls), i); + for(i=0; i < vec_len(pal->applied_acls); i++) { + u32 a_acl_index = *vec_elt_at_index((pal->applied_acls), i); hash_acl_info_t *ha = vec_elt_at_index(am->hash_acl_infos, a_acl_index); + DBG("Update bitmask = %U or %U (acl_index %d)\n", format_bitmap_hex, new_lookup_bitmap, + format_bitmap_hex, ha->mask_type_index_bitmap, a_acl_index); new_lookup_bitmap = clib_bitmap_or(new_lookup_bitmap, ha->mask_type_index_bitmap); } @@ -514,6 +525,18 @@ hash_acl_unapply(acl_main_t *am, u32 sw_if_index, u8 is_input, int acl_index) int i; DBG("HASH ACL unapply: sw_if_index %d is_input %d acl %d", sw_if_index, is_input, acl_index); + applied_hash_acl_info_t **applied_hash_acls = is_input ? &am->input_applied_hash_acl_info_by_sw_if_index + : &am->output_applied_hash_acl_info_by_sw_if_index; + applied_hash_acl_info_t *pal = vec_elt_at_index((*applied_hash_acls), sw_if_index); + + /* remove this acl# from the list of applied hash acls */ + u32 index = vec_search(pal->applied_acls, acl_index); + if (index == ~0) { + clib_warning("BUG: trying to unapply unapplied acl_index %d on sw_if_index %d is_input %d", + acl_index, sw_if_index, is_input); + return; + } + vec_del1(pal->applied_acls, index); hash_acl_info_t *ha = vec_elt_at_index(am->hash_acl_infos, acl_index); applied_hash_ace_entry_t **applied_hash_aces = get_applied_hash_aces(am, is_input, sw_if_index); diff --git a/src/plugins/acl/hash_lookup_types.h b/src/plugins/acl/hash_lookup_types.h index fbc9777b83d..837cc0a802d 100644 --- a/src/plugins/acl/hash_lookup_types.h +++ b/src/plugins/acl/hash_lookup_types.h @@ -73,6 +73,8 @@ typedef struct { * hash_ace_info_t=>mask_type_index bits set */ uword *mask_type_index_bitmap; + /* applied ACLs so we can track them independently from main ACL module */ + u32 *applied_acls; } applied_hash_acl_info_t; |