X-Git-Url: https://gerrit.fd.io/r/gitweb?a=blobdiff_plain;f=src%2Fplugins%2Facl%2Fdataplane_node.c;h=3ca1be73c150cf797f789fce4502ef683147d6d9;hb=7d98a12f29d5b9696df98b8af2f128614a4f0360;hp=f1ed4c28b993a88568ca072f08b49a7825a4aabf;hpb=4bc1796b346efd10f3fb19b176ff089179263a24;p=vpp.git

diff --git a/src/plugins/acl/dataplane_node.c b/src/plugins/acl/dataplane_node.c
index f1ed4c28b99..3ca1be73c15 100644
--- a/src/plugins/acl/dataplane_node.c
+++ b/src/plugins/acl/dataplane_node.c
@@ -82,7 +82,6 @@ acl_fa_node_fn (vlib_main_t * vm,
   u32 trace_bitmap = 0;
   acl_main_t *am = &acl_main;
   fa_5tuple_t fa_5tuple;
-  clib_bihash_kv_40_8_t value_sess;
   vlib_node_runtime_t *error_node;
   u64 now = clib_cpu_time_now ();
   uword thread_index = os_get_thread_index ();
@@ -137,8 +136,8 @@ acl_fa_node_fn (vlib_main_t * vm,
        * Extract the L3/L4 matching info into a 5-tuple structure.
        */
 
-      acl_plugin_fill_5tuple_inline (lc_index0, b[0], is_ip6, is_input,
-				     is_l2_path,
+      acl_plugin_fill_5tuple_inline (&acl_main, lc_index0, b[0], is_ip6,
+				     is_input, is_l2_path,
 				     (fa_5tuple_opaque_t *) & fa_5tuple);
       fa_5tuple.l4.lsb_of_sw_if_index = sw_if_index0 & 0xffff;
       fa_5tuple.pkt.mask_type_index_lsb = ~0;
@@ -153,14 +152,16 @@ acl_fa_node_fn (vlib_main_t * vm,
 
       if (acl_fa_ifc_has_sessions (am, sw_if_index0))
 	{
-	  if (acl_fa_find_session (am, sw_if_index0, &fa_5tuple, &value_sess)
-	      && (value_sess.value != ~0ULL))
+	  u64 value_sess = ~0ULL;
+	  if (acl_fa_find_session
+	      (am, is_ip6, sw_if_index0, &fa_5tuple, &value_sess)
+	      && (value_sess != ~0ULL))
 	    {
 	      trace_bitmap |= 0x80000000;
 	      error0 = ACL_FA_ERROR_ACL_EXIST_SESSION;
 	      fa_full_session_id_t f_sess_id;
 
-	      f_sess_id.as_u64 = value_sess.value;
+	      f_sess_id.as_u64 = value_sess;
 	      ASSERT (f_sess_id.thread_index < vec_len (vlib_mains));
 
 	      fa_session_t *sess =
@@ -233,7 +234,7 @@ acl_fa_node_fn (vlib_main_t * vm,
       if (acl_check_needed)
 	{
 	  action = 0;		/* deny by default */
-	  acl_plugin_match_5tuple_inline (lc_index0,
+	  acl_plugin_match_5tuple_inline (&acl_main, lc_index0,
 					  (fa_5tuple_opaque_t *) &
 					  fa_5tuple, is_ip6, &action,
 					  &match_acl_pos,
@@ -274,7 +275,7 @@ acl_fa_node_fn (vlib_main_t * vm,
 	  if (is_l2_path)
 	    next0 = vnet_l2_feature_next (b[0], l2_feat_next_node_index, 0);
 	  else
-	    vnet_feature_next (sw_if_index0, &next0, b[0]);
+	    vnet_feature_next (&next0, b[0]);
 	}
 #ifdef FA_NODE_VERBOSE_DEBUG
       clib_warning
@@ -292,12 +293,12 @@ acl_fa_node_fn (vlib_main_t * vm,
 	  t->next_index = next0;
 	  t->match_acl_in_index = match_acl_in_index;
 	  t->match_rule_index = match_rule_index;
-	  t->packet_info[0] = fa_5tuple.kv.key[0];
-	  t->packet_info[1] = fa_5tuple.kv.key[1];
-	  t->packet_info[2] = fa_5tuple.kv.key[2];
-	  t->packet_info[3] = fa_5tuple.kv.key[3];
-	  t->packet_info[4] = fa_5tuple.kv.key[4];
-	  t->packet_info[5] = fa_5tuple.kv.value;
+	  t->packet_info[0] = fa_5tuple.kv_40_8.key[0];
+	  t->packet_info[1] = fa_5tuple.kv_40_8.key[1];
+	  t->packet_info[2] = fa_5tuple.kv_40_8.key[2];
+	  t->packet_info[3] = fa_5tuple.kv_40_8.key[3];
+	  t->packet_info[4] = fa_5tuple.kv_40_8.key[4];
+	  t->packet_info[5] = fa_5tuple.kv_40_8.value;
 	  t->action = action;
 	  t->trace_bitmap = trace_bitmap;
 	}
@@ -414,19 +415,30 @@ format_fa_5tuple (u8 * s, va_list * args)
 {
   fa_5tuple_t *p5t = va_arg (*args, fa_5tuple_t *);
 
-  return format (s, "lc_index %d (lsb16 of sw_if_index %d) l3 %s%s %U -> %U"
-		 " l4 proto %d l4_valid %d port %d -> %d tcp flags (%s) %02x rsvd %x",
-		 p5t->pkt.lc_index, p5t->l4.lsb_of_sw_if_index,
-		 p5t->pkt.is_ip6 ? "ip6" : "ip4",
-		 p5t->pkt.is_nonfirst_fragment ? " non-initial fragment" : "",
-		 format_ip46_address, &p5t->addr[0],
-		 p5t->pkt.is_ip6 ? IP46_TYPE_IP6 : IP46_TYPE_IP4,
-		 format_ip46_address, &p5t->addr[1],
-		 p5t->pkt.is_ip6 ? IP46_TYPE_IP6 : IP46_TYPE_IP4,
-		 p5t->l4.proto, p5t->pkt.l4_valid, p5t->l4.port[0],
-		 p5t->l4.port[1],
-		 p5t->pkt.tcp_flags_valid ? "valid" : "invalid",
-		 p5t->pkt.tcp_flags, p5t->pkt.flags_reserved);
+  if (p5t->pkt.is_ip6)
+    return format (s, "lc_index %d (lsb16 of sw_if_index %d) l3 %s%s %U -> %U"
+		   " l4 proto %d l4_valid %d port %d -> %d tcp flags (%s) %02x rsvd %x",
+		   p5t->pkt.lc_index, p5t->l4.lsb_of_sw_if_index,
+		   "ip6",
+		   p5t->
+		   pkt.is_nonfirst_fragment ? " non-initial fragment" : "",
+		   format_ip6_address, &p5t->ip6_addr[0], format_ip6_address,
+		   &p5t->ip6_addr[1], p5t->l4.proto, p5t->pkt.l4_valid,
+		   p5t->l4.port[0], p5t->l4.port[1],
+		   p5t->pkt.tcp_flags_valid ? "valid" : "invalid",
+		   p5t->pkt.tcp_flags, p5t->pkt.flags_reserved);
+  else
+    return format (s, "lc_index %d (lsb16 of sw_if_index %d) l3 %s%s %U -> %U"
+		   " l4 proto %d l4_valid %d port %d -> %d tcp flags (%s) %02x rsvd %x",
+		   p5t->pkt.lc_index, p5t->l4.lsb_of_sw_if_index,
+		   "ip4",
+		   p5t->
+		   pkt.is_nonfirst_fragment ? " non-initial fragment" : "",
+		   format_ip4_address, &p5t->ip4_addr[0], format_ip4_address,
+		   &p5t->ip4_addr[1], p5t->l4.proto, p5t->pkt.l4_valid,
+		   p5t->l4.port[0], p5t->l4.port[1],
+		   p5t->pkt.tcp_flags_valid ? "valid" : "invalid",
+		   p5t->pkt.tcp_flags, p5t->pkt.flags_reserved);
 }
 
 u8 *