/* the entry is already there */
return -1;
}
+ /* if there was no ACL applied before, enable the ACL processing */
+ if (vec_len(am->input_acl_vec_by_sw_if_index[sw_if_index]) == 0) {
+ acl_interface_in_enable_disable (am, sw_if_index, 1);
+ }
vec_add (am->input_acl_vec_by_sw_if_index[sw_if_index], &acl_list_index,
1);
vec_validate (am->input_sw_if_index_vec_by_acl, acl_list_index);
vec_add (am->input_sw_if_index_vec_by_acl[acl_list_index], &sw_if_index,
1);
- acl_interface_in_enable_disable (am, sw_if_index, 1);
}
else
{
/* the entry is already there */
return -1;
}
+ /* if there was no ACL applied before, enable the ACL processing */
+ if (vec_len(am->output_acl_vec_by_sw_if_index[sw_if_index]) == 0) {
+ acl_interface_out_enable_disable (am, sw_if_index, 1);
+ }
vec_add (am->output_acl_vec_by_sw_if_index[sw_if_index],
&acl_list_index, 1);
vec_validate (am->output_sw_if_index_vec_by_acl, acl_list_index);
vec_add (am->output_sw_if_index_vec_by_acl[acl_list_index], &sw_if_index,
1);
- acl_interface_out_enable_disable (am, sw_if_index, 1);
}
return 0;
}
}
}
+ /* If there is no more ACLs applied on an interface, disable ACL processing */
if (0 == vec_len (am->input_acl_vec_by_sw_if_index[sw_if_index]))
{
acl_interface_in_enable_disable (am, sw_if_index, 0);
}
}
+ /* If there is no more ACLs applied on an interface, disable ACL processing */
if (0 == vec_len (am->output_acl_vec_by_sw_if_index[sw_if_index]))
{
acl_interface_out_enable_disable (am, sw_if_index, 0);
int i;
if (is_input)
{
- acl_interface_in_enable_disable (am, sw_if_index, 0);
vec_validate (am->input_acl_vec_by_sw_if_index, sw_if_index);
+ if (vec_len(am->input_acl_vec_by_sw_if_index[sw_if_index]) > 0) {
+ acl_interface_in_enable_disable (am, sw_if_index, 0);
+ }
for(i = vec_len(am->input_acl_vec_by_sw_if_index[sw_if_index])-1; i>=0; i--) {
u32 acl_list_index = am->input_acl_vec_by_sw_if_index[sw_if_index][i];
}
else
{
- acl_interface_out_enable_disable (am, sw_if_index, 0);
vec_validate (am->output_acl_vec_by_sw_if_index, sw_if_index);
+ if (vec_len(am->output_acl_vec_by_sw_if_index[sw_if_index]) > 0) {
+ acl_interface_out_enable_disable (am, sw_if_index, 0);
+ }
for(i = vec_len(am->output_acl_vec_by_sw_if_index[sw_if_index])-1; i>=0; i--) {
u32 acl_list_index = am->output_acl_vec_by_sw_if_index[sw_if_index][i];
goto done;
}
if (unformat (input, "session")) {
- if (unformat (input, "clear")) {
- acl_main_t *am = &acl_main;
- vlib_process_signal_event (am->vlib_main, am->fa_cleaner_node_index,
- ACL_FA_CLEANER_DELETE_BY_SW_IF_INDEX, ~0);
- goto done;
- }
if (unformat (input, "table")) {
/* The commands here are for tuning/testing. No user-serviceable parts inside */
if (unformat (input, "max-entries")) {
return error;
}
+static clib_error_t *
+acl_clear_aclplugin_fn (vlib_main_t * vm,
+ unformat_input_t * input,
+ vlib_cli_command_t * cmd)
+{
+ clib_error_t *error = 0;
+ acl_main_t *am = &acl_main;
+ vlib_process_signal_event (am->vlib_main, am->fa_cleaner_node_index,
+ ACL_FA_CLEANER_DELETE_BY_SW_IF_INDEX, ~0);
+ return error;
+}
/* *INDENT-OFF* */
VLIB_CLI_COMMAND (aclplugin_set_command, static) = {
.short_help = "show acl-plugin {sessions|acl|interface|tables}",
.function = acl_show_aclplugin_fn,
};
+
+VLIB_CLI_COMMAND (aclplugin_clear_command, static) = {
+ .path = "clear acl-plugin sessions",
+ .short_help = "clear acl-plugin sessions",
+ .function = acl_clear_aclplugin_fn,
+};
/* *INDENT-ON* */
Code Review / vpp.git / blobdiff