summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/plugins/abf/FEATURE.yaml7
-rw-r--r--src/plugins/abf/abf_itf_attach.c9
2 files changed, 10 insertions, 6 deletions
diff --git a/src/plugins/abf/FEATURE.yaml b/src/plugins/abf/FEATURE.yaml
index b9f3285daa3..7902dbe7800 100644
--- a/src/plugins/abf/FEATURE.yaml
+++ b/src/plugins/abf/FEATURE.yaml
@@ -1,9 +1,12 @@
---
name: ACL Based Forwarding
-maintainer: Neale Ranns <nranns@cisco.com>
+maintainer: Neale Ranns <neale@graphiant.com>
features:
- 'Policy Based Routing'
- - ACLs match traffic to be forwarded
+ - ACLs identify how traffic should be forwarded. Packets matching a permit
+ rule are forwarded using ABF policy. Packets matching a deny rule are
+ excluded from ABF handling and continue traversing the input feature arc on
+ the L3 path.
- Each rule in the ACL has an associated 'path' which determines how the
traffic will be forwarded. This path is described as a FIB path, so anything
possible with basic L3 forwarding is possible with ABF (with the exception
diff --git a/src/plugins/abf/abf_itf_attach.c b/src/plugins/abf/abf_itf_attach.c
index 6f85ff69ae6..a14717e1999 100644
--- a/src/plugins/abf/abf_itf_attach.c
+++ b/src/plugins/abf/abf_itf_attach.c
@@ -567,10 +567,11 @@ abf_input_inline (vlib_main_t * vm,
(FIB_PROTOCOL_IP6 == fproto), 1, 0,
&fa_5tuple0);
- if (acl_plugin_match_5tuple_inline
- (acl_plugin.p_acl_main, lc_index, &fa_5tuple0,
- (FIB_PROTOCOL_IP6 == fproto), &action, &match_acl_pos,
- &match_acl_index, &match_rule_index, &trace_bitmap))
+ if (acl_plugin_match_5tuple_inline (
+ acl_plugin.p_acl_main, lc_index, &fa_5tuple0,
+ (FIB_PROTOCOL_IP6 == fproto), &action, &match_acl_pos,
+ &match_acl_index, &match_rule_index, &trace_bitmap) &&
+ action > 0)
{
/*
* match: