From fb088f0a201270e949469c915c529d75ad13353e Mon Sep 17 00:00:00 2001 From: Andrew Yourtchenko Date: Thu, 10 Aug 2017 17:02:58 +0200 Subject: acl-plugin: match index set to first portrange element if non-first portrange matches on the same hash key (VPP-938) Multiple portranges that land on the same hash key will always report the match on the first portrange - even when the subsequent portranges have matched. Test escape, so make a corresponding test case and fix the code so it passes. Change-Id: Idbeb8a122252ead2468f5f9dbaf72cf0e8bb78f1 Signed-off-by: Andrew Yourtchenko --- src/plugins/acl/hash_lookup.c | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) (limited to 'src') diff --git a/src/plugins/acl/hash_lookup.c b/src/plugins/acl/hash_lookup.c index a2edb9f3b25..37808d5e0a7 100644 --- a/src/plugins/acl/hash_lookup.c +++ b/src/plugins/acl/hash_lookup.c @@ -134,11 +134,7 @@ multi_acl_match_get_applied_ace_index(acl_main_t *am, fa_5tuple_t *match) } if (curr_index < curr_match_index) { DBG("The index %d is the new candidate in portrange matches.", curr_index); - curr_match_index = result_val->applied_entry_index; - if (!result_val->shadowed) { - /* new result is known to not be shadowed, so no point to look up further */ - break; - } + curr_match_index = curr_index; } else { DBG("Curr portmatch index %d is too big vs. current matched one %d", curr_index, curr_match_index); } -- cgit 1.2.3-korg