aboutsummaryrefslogtreecommitdiffstats
path: root/src/plugins/acl
diff options
context:
space:
mode:
Diffstat (limited to 'src/plugins/acl')
-rw-r--r--src/plugins/acl/acl.c23
-rw-r--r--src/plugins/acl/fa_node.c23
2 files changed, 38 insertions, 8 deletions
diff --git a/src/plugins/acl/acl.c b/src/plugins/acl/acl.c
index ae1cbf714c1..d9f22d826d4 100644
--- a/src/plugins/acl/acl.c
+++ b/src/plugins/acl/acl.c
@@ -1828,12 +1828,6 @@ acl_set_aclplugin_fn (vlib_main_t * vm,
goto done;
}
if (unformat (input, "session")) {
- if (unformat (input, "clear")) {
- acl_main_t *am = &acl_main;
- vlib_process_signal_event (am->vlib_main, am->fa_cleaner_node_index,
- ACL_FA_CLEANER_DELETE_BY_SW_IF_INDEX, ~0);
- goto done;
- }
if (unformat (input, "table")) {
/* The commands here are for tuning/testing. No user-serviceable parts inside */
if (unformat (input, "max-entries")) {
@@ -2189,6 +2183,17 @@ acl_show_aclplugin_fn (vlib_main_t * vm,
return error;
}
+static clib_error_t *
+acl_clear_aclplugin_fn (vlib_main_t * vm,
+ unformat_input_t * input,
+ vlib_cli_command_t * cmd)
+{
+ clib_error_t *error = 0;
+ acl_main_t *am = &acl_main;
+ vlib_process_signal_event (am->vlib_main, am->fa_cleaner_node_index,
+ ACL_FA_CLEANER_DELETE_BY_SW_IF_INDEX, ~0);
+ return error;
+}
/* *INDENT-OFF* */
VLIB_CLI_COMMAND (aclplugin_set_command, static) = {
@@ -2202,6 +2207,12 @@ VLIB_CLI_COMMAND (aclplugin_show_command, static) = {
.short_help = "show acl-plugin {sessions|acl|interface|tables}",
.function = acl_show_aclplugin_fn,
};
+
+VLIB_CLI_COMMAND (aclplugin_clear_command, static) = {
+ .path = "clear acl-plugin sessions",
+ .short_help = "clear acl-plugin sessions",
+ .function = acl_clear_aclplugin_fn,
+};
/* *INDENT-ON* */
diff --git a/src/plugins/acl/fa_node.c b/src/plugins/acl/fa_node.c
index e89c47e288e..c0ff1a5e01a 100644
--- a/src/plugins/acl/fa_node.c
+++ b/src/plugins/acl/fa_node.c
@@ -1465,6 +1465,7 @@ acl_fa_session_cleaner_process (vlib_main_t * vm, vlib_node_runtime_t * rt,
{
uword *clear_sw_if_index_bitmap = 0;
uword *sw_if_index0;
+ int clear_all = 0;
#ifdef FA_NODE_VERBOSE_DEBUG
clib_warning("ACL_FA_CLEANER_DELETE_BY_SW_IF_INDEX received");
#endif
@@ -1476,7 +1477,17 @@ acl_fa_session_cleaner_process (vlib_main_t * vm, vlib_node_runtime_t * rt,
("ACL_FA_NODE_CLEAN: ACL_FA_CLEANER_DELETE_BY_SW_IF_INDEX: %d",
*sw_if_index0);
#endif
- clear_sw_if_index_bitmap = clib_bitmap_set(clear_sw_if_index_bitmap, *sw_if_index0, 1);
+ if (*sw_if_index0 == ~0)
+ {
+ clear_all = 1;
+ }
+ else
+ {
+ if (!pool_is_free_index (am->vnet_main->interface_main.sw_interfaces, *sw_if_index0))
+ {
+ clear_sw_if_index_bitmap = clib_bitmap_set(clear_sw_if_index_bitmap, *sw_if_index0, 1);
+ }
+ }
}
#ifdef FA_NODE_VERBOSE_DEBUG
clib_warning("ACL_FA_CLEANER_DELETE_BY_SW_IF_INDEX bitmap: %U", format_bitmap_hex, clear_sw_if_index_bitmap);
@@ -1496,7 +1507,15 @@ acl_fa_session_cleaner_process (vlib_main_t * vm, vlib_node_runtime_t * rt,
if (pw0->clear_in_process) {
clib_warning("ERROR-BUG! Could not initiate cleaning on worker because another cleanup in progress");
} else {
- pw0->pending_clear_sw_if_index_bitmap = clib_bitmap_dup(clear_sw_if_index_bitmap);
+ if (clear_all)
+ {
+ /* if we need to clear all, then just clear the interfaces that we are servicing */
+ pw0->pending_clear_sw_if_index_bitmap = clib_bitmap_dup(pw0->serviced_sw_if_index_bitmap);
+ }
+ else
+ {
+ pw0->pending_clear_sw_if_index_bitmap = clib_bitmap_dup(clear_sw_if_index_bitmap);
+ }
pw0->clear_in_process = 1;
}
}