Code Review
/
vpp.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
review
|
tree
raw
|
inline
| side by side
acl-plugin: fix coverity 177970-177973,178891, and incorrect reset of dot1q/dot1ad...
[vpp.git]
/
src
/
plugins
/
acl
/
acl.c
diff --git
a/src/plugins/acl/acl.c
b/src/plugins/acl/acl.c
index
2c02047
..
dbb740a
100644
(file)
--- a/
src/plugins/acl/acl.c
+++ b/
src/plugins/acl/acl.c
@@
-337,8
+337,6
@@
acl_del_list (u32 acl_list_index)
/* Some aids in ASCII graphing the content */
#define XX "\377"
#define __ "\000"
/* Some aids in ASCII graphing the content */
#define XX "\377"
#define __ "\000"
-#define DOT1AD "\210\250"
-#define DOT1Q "\201\00"
#define _(x)
#define v
/* *INDENT-OFF* */
#define _(x)
#define v
/* *INDENT-OFF* */
@@
-393,15
+391,15
@@
u8 ip4_5tuple_mask[] =
u8 dot1q_5tuple_mask[] =
_(" dmac smac dot1q etype ")
u8 dot1q_5tuple_mask[] =
_(" dmac smac dot1q etype ")
- _(ether) __ __ __ __ __ __ v __ __ __ __ __ __ v
DOT1Q
__ __ v XX XX v
+ _(ether) __ __ __ __ __ __ v __ __ __ __ __ __ v
XX XX
__ __ v XX XX v
_(padpad) __ __ __ __
_(padpad) __ __ __ __
_(padpad) __ __ __ __
_(padeth) __ __;
u8 dot1ad_5tuple_mask[] =
_(padpad) __ __ __ __
_(padpad) __ __ __ __
_(padpad) __ __ __ __
_(padeth) __ __;
u8 dot1ad_5tuple_mask[] =
- _(" dmac smac dot1ad
etype ")
- _(ether) __ __ __ __ __ __ v __ __ __ __ __ __ v
DOT1AD __ __ DOT1Q
__ __ v XX XX v
+ _(" dmac smac dot1ad
dot1q
etype ")
+ _(ether) __ __ __ __ __ __ v __ __ __ __ __ __ v
XX XX __ __ XX XX
__ __ v XX XX v
_(padpad) __ __ __ __
_(padpad) __ __ __ __
_(padeth) __ __;
_(padpad) __ __ __ __
_(padpad) __ __ __ __
_(padeth) __ __;
@@
-409,8
+407,6
@@
u8 ip4_5tuple_mask[] =
/* *INDENT-ON* */
#undef XX
#undef __
/* *INDENT-ON* */
#undef XX
#undef __
-#undef DOT1AD
-#undef DOT1Q
#undef _
#undef v
#undef _
#undef v
@@
-639,6
+635,21
@@
acl_add_vlan_session (acl_main_t * am, u32 table_index, u8 is_output,
}
match = (is_dot1ad) ? dot1ad_5tuple_mask : dot1q_5tuple_mask;
idx = (is_dot1ad) ? 20 : 16;
}
match = (is_dot1ad) ? dot1ad_5tuple_mask : dot1q_5tuple_mask;
idx = (is_dot1ad) ? 20 : 16;
+ if (is_dot1ad)
+ {
+ /* 802.1ad ethertype */
+ match[12] = 0x88;
+ match[13] = 0xa8;
+ /* 802.1q ethertype */
+ match[16] = 0x81;
+ match[17] = 0x00;
+ }
+ else
+ {
+ /* 802.1q ethertype */
+ match[12] = 0x81;
+ match[13] = 0x00;
+ }
/* add sessions to vlan tables per ethernet_type */
if (is_ip6)
/* add sessions to vlan tables per ethernet_type */
if (is_ip6)
@@
-655,7
+666,16
@@
acl_add_vlan_session (acl_main_t * am, u32 table_index, u8 is_output,
}
vnet_classify_add_del_session (cm, table_index, match, next_acl,
session_idx, 0, 0, 0, 1);
}
vnet_classify_add_del_session (cm, table_index, match, next_acl,
session_idx, 0, 0, 0, 1);
- memset (&match[idx], 0x00, 2);
+ /* reset the mask back to being a mask */
+ match[idx] = 0xff;
+ match[idx + 1] = 0xff;
+ match[12] = 0xff;
+ match[13] = 0xff;
+ if (is_dot1ad)
+ {
+ match[16] = 0xff;
+ match[17] = 0xff;
+ }
}
static int
}
static int
@@
-2717,7
+2737,7
@@
acl_show_aclplugin_acl_fn (vlib_main_t * vm,
acl_main_t *am = &acl_main;
u32 acl_index = ~0;
acl_main_t *am = &acl_main;
u32 acl_index = ~0;
- unformat (input, "index %u", &acl_index);
+
(void)
unformat (input, "index %u", &acl_index);
acl_plugin_show_acl (am, acl_index);
return error;
acl_plugin_show_acl (am, acl_index);
return error;
@@
-2782,7
+2802,7
@@
acl_show_aclplugin_interface_fn (vlib_main_t * vm,
acl_main_t *am = &acl_main;
u32 sw_if_index = ~0;
acl_main_t *am = &acl_main;
u32 sw_if_index = ~0;
- unformat (input, "sw_if_index %u", &sw_if_index);
+
(void)
unformat (input, "sw_if_index %u", &sw_if_index);
int show_acl = unformat (input, "acl");
acl_plugin_show_interface (am, sw_if_index, show_acl);
int show_acl = unformat (input, "acl");
acl_plugin_show_interface (am, sw_if_index, show_acl);
@@
-2964,9
+2984,9
@@
acl_show_aclplugin_sessions_fn (vlib_main_t * vm,
u32 show_bihash_verbose = 0;
u32 show_session_thread_id = ~0;
u32 show_session_session_index = ~0;
u32 show_bihash_verbose = 0;
u32 show_session_thread_id = ~0;
u32 show_session_session_index = ~0;
- unformat (input, "thread %u index %u", &show_session_thread_id,
- &show_session_session_index);
- unformat (input, "verbose %u", &show_bihash_verbose);
+
(void)
unformat (input, "thread %u index %u", &show_session_thread_id,
+
&show_session_session_index);
+
(void)
unformat (input, "verbose %u", &show_bihash_verbose);
acl_plugin_show_sessions (am, show_session_thread_id,
show_session_session_index);
acl_plugin_show_sessions (am, show_session_thread_id,
show_session_session_index);