Code Review / vpp.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | inline | side by side
acl-plugin: clean up the code enabling/disabling acl-plugin processing on interface
[vpp.git] / src / plugins / acl / fa_node.c
diff --git a/src/plugins/acl/fa_node.c b/src/plugins/acl/fa_node.c
index 3c23c80..0bbc742 100644 (file)
--- a/src/plugins/acl/fa_node.c
+++ b/src/plugins/acl/fa_node.c
@@ -330,7 +330,7 @@ static void
 acl_fill_5tuple (acl_main_t * am, vlib_buffer_t * b0, int is_ip6,
                 int is_input, int is_l2_path, fa_5tuple_t * p5tuple_pkt)
 {
-  int l3_offset = 14;
+  int l3_offset = ethernet_buffer_header_size(b0);
   int l4_offset;
   u16 ports[2];
   u16 proto;
@@ -1465,6 +1465,7 @@ acl_fa_session_cleaner_process (vlib_main_t * vm, vlib_node_runtime_t * rt,
          {
             uword *clear_sw_if_index_bitmap = 0;
            uword *sw_if_index0;
+            int clear_all = 0;
 #ifdef FA_NODE_VERBOSE_DEBUG
            clib_warning("ACL_FA_CLEANER_DELETE_BY_SW_IF_INDEX received");
 #endif
@@ -1476,7 +1477,17 @@ acl_fa_session_cleaner_process (vlib_main_t * vm, vlib_node_runtime_t * rt,
                ("ACL_FA_NODE_CLEAN: ACL_FA_CLEANER_DELETE_BY_SW_IF_INDEX: %d",
                 *sw_if_index0);
 #endif
-              clear_sw_if_index_bitmap = clib_bitmap_set(clear_sw_if_index_bitmap, *sw_if_index0, 1);
+              if (*sw_if_index0 == ~0)
+                {
+                  clear_all = 1;
+                }
+              else
+                {
+                  if (!pool_is_free_index (am->vnet_main->interface_main.sw_interfaces, *sw_if_index0))
+                    {
+                      clear_sw_if_index_bitmap = clib_bitmap_set(clear_sw_if_index_bitmap, *sw_if_index0, 1);
+                    }
+                }
            }
 #ifdef FA_NODE_VERBOSE_DEBUG
            clib_warning("ACL_FA_CLEANER_DELETE_BY_SW_IF_INDEX bitmap: %U", format_bitmap_hex, clear_sw_if_index_bitmap);
@@ -1496,7 +1507,15 @@ acl_fa_session_cleaner_process (vlib_main_t * vm, vlib_node_runtime_t * rt,
               if (pw0->clear_in_process) {
                 clib_warning("ERROR-BUG! Could not initiate cleaning on worker because another cleanup in progress");
              } else {
-                pw0->pending_clear_sw_if_index_bitmap = clib_bitmap_dup(clear_sw_if_index_bitmap);
+                if (clear_all)
+                  {
+                    /* if we need to clear all, then just clear the interfaces that we are servicing */
+                    pw0->pending_clear_sw_if_index_bitmap = clib_bitmap_dup(pw0->serviced_sw_if_index_bitmap);
+                  }
+                else
+                  {
+                    pw0->pending_clear_sw_if_index_bitmap = clib_bitmap_dup(clear_sw_if_index_bitmap);
+                  }
                 pw0->clear_in_process = 1;
               }
             }
@@ -1579,6 +1598,7 @@ acl_fa_enable_disable (u32 sw_if_index, int is_input, int enable_disable)
   acl_main_t *am = &acl_main;
   if (is_input)
     {
+      ASSERT(clib_bitmap_get(am->fa_in_acl_on_sw_if_index, sw_if_index) != enable_disable);
       vnet_feature_enable_disable ("ip4-unicast", "acl-plugin-in-ip4-fa",
                                   sw_if_index, enable_disable, 0, 0);
       vnet_feature_enable_disable ("ip6-unicast", "acl-plugin-in-ip6-fa",
@@ -1589,6 +1609,7 @@ acl_fa_enable_disable (u32 sw_if_index, int is_input, int enable_disable)
     }
   else
     {
+      ASSERT(clib_bitmap_get(am->fa_out_acl_on_sw_if_index, sw_if_index) != enable_disable);
       vnet_feature_enable_disable ("ip4-output", "acl-plugin-out-ip4-fa",
                                   sw_if_index, enable_disable, 0, 0);
       vnet_feature_enable_disable ("ip6-output", "acl-plugin-out-ip6-fa",
Vector Packet Processing