From dff48db0782444125f68cab14d91e7bb4109286a Mon Sep 17 00:00:00 2001
From: Florin Coras <fcoras@cisco.com>
Date: Sun, 19 Nov 2017 18:06:58 -0800
Subject: session/tcp: filtering improvements

- make allow action explicit (-3)
- add session lookup is_filtered return flag that is set if lookup hit a
  deny filter
- change tcp logic to drop filtered packets when punting is enabled

Change-Id: Ic38f294424663a4e108439b7571511f46f8e0be1
Signed-off-by: Florin Coras <fcoras@cisco.com>
---
 src/vnet/tcp/tcp_test.c | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

(limited to 'src/vnet/tcp/tcp_test.c')

diff --git a/src/vnet/tcp/tcp_test.c b/src/vnet/tcp/tcp_test.c
index 021f416cb76..e3cdb1be758 100644
--- a/src/vnet/tcp/tcp_test.c
+++ b/src/vnet/tcp/tcp_test.c
@@ -1558,7 +1558,7 @@ tcp_test_lookup (vlib_main_t * vm, unformat_input_t * input)
   transport_connection_t _tc1, *tc1 = &_tc1, _tc2, *tc2 = &_tc2, *tconn;
   tcp_connection_t *tc;
   stream_session_t *s;
-  u8 cmp = 0;
+  u8 cmp = 0, is_filtered = 0;
 
   pool_get (smm->sessions[0], s);
   memset (s, 0, sizeof (*s));
@@ -1601,7 +1601,7 @@ tcp_test_lookup (vlib_main_t * vm, unformat_input_t * input)
   tconn = session_lookup_connection_wt4 (0, &tc1->lcl_ip.ip4,
 					 &tc1->rmt_ip.ip4,
 					 tc1->lcl_port, tc1->rmt_port,
-					 tc1->proto, 0);
+					 tc1->proto, 0, &is_filtered);
   cmp = (memcmp (&tconn->rmt_ip, &tc1->rmt_ip, sizeof (tc1->rmt_ip)) == 0);
   TCP_TEST ((cmp), "rmt ip is identical %d", cmp);
   TCP_TEST ((tconn->lcl_port == tc1->lcl_port),
@@ -1614,7 +1614,7 @@ tcp_test_lookup (vlib_main_t * vm, unformat_input_t * input)
   tconn = session_lookup_connection_wt4 (0, &tc2->lcl_ip.ip4,
 					 &tc2->rmt_ip.ip4,
 					 tc2->lcl_port, tc2->rmt_port,
-					 tc2->proto, 0);
+					 tc2->proto, 0, &is_filtered);
   TCP_TEST ((tconn == 0), "lookup result should be null");
 
   /*
@@ -1624,12 +1624,12 @@ tcp_test_lookup (vlib_main_t * vm, unformat_input_t * input)
   tconn = session_lookup_connection_wt4 (0, &tc1->lcl_ip.ip4,
 					 &tc1->rmt_ip.ip4,
 					 tc1->lcl_port, tc1->rmt_port,
-					 tc1->proto, 0);
+					 tc1->proto, 0, &is_filtered);
   TCP_TEST ((tconn == 0), "lookup result should be null");
   tconn = session_lookup_connection_wt4 (0, &tc2->lcl_ip.ip4,
 					 &tc2->rmt_ip.ip4,
 					 tc2->lcl_port, tc2->rmt_port,
-					 tc2->proto, 0);
+					 tc2->proto, 0, &is_filtered);
   TCP_TEST ((tconn == 0), "lookup result should be null");
 
   /*
@@ -1639,7 +1639,7 @@ tcp_test_lookup (vlib_main_t * vm, unformat_input_t * input)
   tconn = session_lookup_connection_wt4 (0, &tc2->lcl_ip.ip4,
 					 &tc2->rmt_ip.ip4,
 					 tc2->lcl_port, tc2->rmt_port,
-					 tc2->proto, 0);
+					 tc2->proto, 0, &is_filtered);
   TCP_TEST ((tconn == 0), "lookup result should be null");
 
   return 0;
-- 
cgit 1.2.3-korg