X-Git-Url: https://gerrit.fd.io/r/gitweb?a=blobdiff_plain;f=src%2Fplugins%2Facl%2Fdataplane_node.c;h=499ad163699c9d5bec7eb24486dda8604dd51467;hb=22f9fb1286d2469819cfcef68ffdc258f4d52c24;hp=351cbbd8fb234a8b6a2b2ddf5b71bc4305e58db9;hpb=812b32dd8f637118bf65de2cdff0e95b421a963b;p=vpp.git

diff --git a/src/plugins/acl/dataplane_node.c b/src/plugins/acl/dataplane_node.c
index 351cbbd8fb2..499ad163699 100644
--- a/src/plugins/acl/dataplane_node.c
+++ b/src/plugins/acl/dataplane_node.c
@@ -82,7 +82,6 @@ acl_fa_node_fn (vlib_main_t * vm,
   u32 trace_bitmap = 0;
   acl_main_t *am = &acl_main;
   fa_5tuple_t fa_5tuple;
-  clib_bihash_kv_40_8_t value_sess;
   vlib_node_runtime_t *error_node;
   u64 now = clib_cpu_time_now ();
   uword thread_index = os_get_thread_index ();
@@ -137,8 +136,8 @@ acl_fa_node_fn (vlib_main_t * vm,
        * Extract the L3/L4 matching info into a 5-tuple structure.
        */
 
-      acl_plugin_fill_5tuple_inline (lc_index0, b[0], is_ip6, is_input,
-				     is_l2_path,
+      acl_plugin_fill_5tuple_inline (&acl_main, lc_index0, b[0], is_ip6,
+				     is_input, is_l2_path,
 				     (fa_5tuple_opaque_t *) & fa_5tuple);
       fa_5tuple.l4.lsb_of_sw_if_index = sw_if_index0 & 0xffff;
       fa_5tuple.pkt.mask_type_index_lsb = ~0;
@@ -153,13 +152,16 @@ acl_fa_node_fn (vlib_main_t * vm,
 
       if (acl_fa_ifc_has_sessions (am, sw_if_index0))
 	{
-	  if (acl_fa_find_session (am, sw_if_index0, &fa_5tuple, &value_sess))
+	  u64 value_sess = ~0ULL;
+	  if (acl_fa_find_session
+	      (am, is_ip6, sw_if_index0, &fa_5tuple, &value_sess)
+	      && (value_sess != ~0ULL))
 	    {
 	      trace_bitmap |= 0x80000000;
 	      error0 = ACL_FA_ERROR_ACL_EXIST_SESSION;
 	      fa_full_session_id_t f_sess_id;
 
-	      f_sess_id.as_u64 = value_sess.value;
+	      f_sess_id.as_u64 = value_sess;
 	      ASSERT (f_sess_id.thread_index < vec_len (vlib_mains));
 
 	      fa_session_t *sess =
@@ -215,10 +217,12 @@ acl_fa_node_fn (vlib_main_t * vm,
 			 sw_if_index0);
 		      vec_elt (pw->fa_session_epoch_change_by_sw_if_index,
 			       sw_if_index0)++;
-		      if (acl_fa_conn_list_delete_session (am, f_sess_id))
+		      if (acl_fa_conn_list_delete_session
+			  (am, f_sess_id, now))
 			{
 			  /* delete the session only if we were able to unlink it */
-			  acl_fa_delete_session (am, sw_if_index0, f_sess_id);
+			  acl_fa_two_stage_delete_session (am, sw_if_index0,
+							   f_sess_id, now);
 			}
 		      acl_check_needed = 1;
 		      trace_bitmap |= 0x40000000;
@@ -230,7 +234,7 @@ acl_fa_node_fn (vlib_main_t * vm,
       if (acl_check_needed)
 	{
 	  action = 0;		/* deny by default */
-	  acl_plugin_match_5tuple_inline (lc_index0,
+	  acl_plugin_match_5tuple_inline (&acl_main, lc_index0,
 					  (fa_5tuple_opaque_t *) &
 					  fa_5tuple, is_ip6, &action,
 					  &match_acl_pos,
@@ -243,7 +247,7 @@ acl_fa_node_fn (vlib_main_t * vm,
 	    {
 	      if (!acl_fa_can_add_session (am, is_input, sw_if_index0))
 		acl_fa_try_recycle_session (am, is_input, thread_index,
-					    sw_if_index0);
+					    sw_if_index0, now);
 
 	      if (acl_fa_can_add_session (am, is_input, sw_if_index0))
 		{
@@ -289,12 +293,12 @@ acl_fa_node_fn (vlib_main_t * vm,
 	  t->next_index = next0;
 	  t->match_acl_in_index = match_acl_in_index;
 	  t->match_rule_index = match_rule_index;
-	  t->packet_info[0] = fa_5tuple.kv.key[0];
-	  t->packet_info[1] = fa_5tuple.kv.key[1];
-	  t->packet_info[2] = fa_5tuple.kv.key[2];
-	  t->packet_info[3] = fa_5tuple.kv.key[3];
-	  t->packet_info[4] = fa_5tuple.kv.key[4];
-	  t->packet_info[5] = fa_5tuple.kv.value;
+	  t->packet_info[0] = fa_5tuple.kv_40_8.key[0];
+	  t->packet_info[1] = fa_5tuple.kv_40_8.key[1];
+	  t->packet_info[2] = fa_5tuple.kv_40_8.key[2];
+	  t->packet_info[3] = fa_5tuple.kv_40_8.key[3];
+	  t->packet_info[4] = fa_5tuple.kv_40_8.key[4];
+	  t->packet_info[5] = fa_5tuple.kv_40_8.value;
 	  t->action = action;
 	  t->trace_bitmap = trace_bitmap;
 	}
@@ -411,19 +415,30 @@ format_fa_5tuple (u8 * s, va_list * args)
 {
   fa_5tuple_t *p5t = va_arg (*args, fa_5tuple_t *);
 
-  return format (s, "lc_index %d (lsb16 of sw_if_index %d) l3 %s%s %U -> %U"
-		 " l4 proto %d l4_valid %d port %d -> %d tcp flags (%s) %02x rsvd %x",
-		 p5t->pkt.lc_index, p5t->l4.lsb_of_sw_if_index,
-		 p5t->pkt.is_ip6 ? "ip6" : "ip4",
-		 p5t->pkt.is_nonfirst_fragment ? " non-initial fragment" : "",
-		 format_ip46_address, &p5t->addr[0],
-		 p5t->pkt.is_ip6 ? IP46_TYPE_IP6 : IP46_TYPE_IP4,
-		 format_ip46_address, &p5t->addr[1],
-		 p5t->pkt.is_ip6 ? IP46_TYPE_IP6 : IP46_TYPE_IP4,
-		 p5t->l4.proto, p5t->pkt.l4_valid, p5t->l4.port[0],
-		 p5t->l4.port[1],
-		 p5t->pkt.tcp_flags_valid ? "valid" : "invalid",
-		 p5t->pkt.tcp_flags, p5t->pkt.flags_reserved);
+  if (p5t->pkt.is_ip6)
+    return format (s, "lc_index %d (lsb16 of sw_if_index %d) l3 %s%s %U -> %U"
+		   " l4 proto %d l4_valid %d port %d -> %d tcp flags (%s) %02x rsvd %x",
+		   p5t->pkt.lc_index, p5t->l4.lsb_of_sw_if_index,
+		   "ip6",
+		   p5t->
+		   pkt.is_nonfirst_fragment ? " non-initial fragment" : "",
+		   format_ip6_address, &p5t->ip6_addr[0], format_ip6_address,
+		   &p5t->ip6_addr[1], p5t->l4.proto, p5t->pkt.l4_valid,
+		   p5t->l4.port[0], p5t->l4.port[1],
+		   p5t->pkt.tcp_flags_valid ? "valid" : "invalid",
+		   p5t->pkt.tcp_flags, p5t->pkt.flags_reserved);
+  else
+    return format (s, "lc_index %d (lsb16 of sw_if_index %d) l3 %s%s %U -> %U"
+		   " l4 proto %d l4_valid %d port %d -> %d tcp flags (%s) %02x rsvd %x",
+		   p5t->pkt.lc_index, p5t->l4.lsb_of_sw_if_index,
+		   "ip4",
+		   p5t->
+		   pkt.is_nonfirst_fragment ? " non-initial fragment" : "",
+		   format_ip4_address, &p5t->ip4_addr[0], format_ip4_address,
+		   &p5t->ip4_addr[1], p5t->l4.proto, p5t->pkt.l4_valid,
+		   p5t->l4.port[0], p5t->l4.port[1],
+		   p5t->pkt.tcp_flags_valid ? "valid" : "invalid",
+		   p5t->pkt.tcp_flags, p5t->pkt.flags_reserved);
 }
 
 u8 *