X-Git-Url: https://gerrit.fd.io/r/gitweb?a=blobdiff_plain;f=src%2Fvnet%2Fip%2Fip4_source_and_port_range_check.c;h=fe5c1f24309362468e6f51bf6ede9afd7c2d9061;hb=754f24b;hp=ae836a113a5a120587abfba982cf5892d221cc2d;hpb=7cd468a3d7dee7d6c92f69a0bb7061ae208ec727;p=vpp.git diff --git a/src/vnet/ip/ip4_source_and_port_range_check.c b/src/vnet/ip/ip4_source_and_port_range_check.c index ae836a113a5..fe5c1f24309 100644 --- a/src/vnet/ip/ip4_source_and_port_range_check.c +++ b/src/vnet/ip/ip4_source_and_port_range_check.c @@ -18,6 +18,8 @@ #include #include +source_range_check_main_t source_range_check_main; + /** * @file * @brief IPv4 Source and Port Range Checking. @@ -131,9 +133,8 @@ check_adj_port_range_x1 (const protocol_port_range_dpo_t * ppr_dpo, u16x8_sub_saturate (ppr_dpo->blocks[i].low.as_u16x8, key.as_u16x8); diff2.as_u16x8 = u16x8_sub_saturate (ppr_dpo->blocks[i].hi.as_u16x8, key.as_u16x8); - sum.as_u16x8 = u16x8_add (diff1.as_u16x8, diff2.as_u16x8); - sum_equal_diff2.as_u16x8 = - u16x8_is_equal (sum.as_u16x8, diff2.as_u16x8); + sum.as_u16x8 = diff1.as_u16x8 + diff2.as_u16x8; + sum_equal_diff2.as_u16x8 = (sum.as_u16x8 == diff2.as_u16x8); sum_nonzero = ~u16x8_zero_byte_mask (sum.as_u16x8); sum_equal = ~u16x8_zero_byte_mask (sum_equal_diff2.as_u16x8); winner_mask = sum_nonzero & sum_equal; @@ -448,8 +449,7 @@ ip4_source_and_port_range_check_inline (vlib_main_t * vm, ip0 = vlib_buffer_get_current (b0); - c0 = vnet_feature_next_with_data (sw_if_index0, &next0, - b0, sizeof (c0[0])); + c0 = vnet_feature_next_with_data (&next0, b0, sizeof (c0[0])); /* we can't use the default VRF here... */ for (i = 0; i < IP_SOURCE_AND_PORT_RANGE_CHECK_N_PROTOCOLS; i++) @@ -591,7 +591,7 @@ VLIB_REGISTER_NODE (ip4_source_port_and_range_check_rx) = { .n_next_nodes = IP4_SOURCE_AND_PORT_RANGE_CHECK_N_NEXT, .next_nodes = { - [IP4_SOURCE_AND_PORT_RANGE_CHECK_NEXT_DROP] = "error-drop", + [IP4_SOURCE_AND_PORT_RANGE_CHECK_NEXT_DROP] = "ip4-drop", }, .format_buffer = format_ip4_header, @@ -610,7 +610,7 @@ VLIB_REGISTER_NODE (ip4_source_port_and_range_check_tx) = { .n_next_nodes = IP4_SOURCE_AND_PORT_RANGE_CHECK_N_NEXT, .next_nodes = { - [IP4_SOURCE_AND_PORT_RANGE_CHECK_NEXT_DROP] = "error-drop", + [IP4_SOURCE_AND_PORT_RANGE_CHECK_NEXT_DROP] = "ip4-drop", }, .format_buffer = format_ip4_header, @@ -775,7 +775,7 @@ set_ip_source_and_port_range_check_fn (vlib_main_t * vm, * Example of graph node before range checking is enabled: * @cliexstart{show vlib graph ip4-source-and-port-range-check-tx} * Name Next Previous - * ip4-source-and-port-range- error-drop [0] + * ip4-source-and-port-range- ip4-drop [0] * @cliexend * * Example of how to enable range checking on TX: @@ -784,7 +784,7 @@ set_ip_source_and_port_range_check_fn (vlib_main_t * vm, * Example of graph node after range checking is enabled: * @cliexstart{show vlib graph ip4-source-and-port-range-check-tx} * Name Next Previous - * ip4-source-and-port-range- error-drop [0] ip4-rewrite + * ip4-source-and-port-range- ip4-drop [0] ip4-rewrite * interface-output [1] * @cliexend * @@ -903,7 +903,7 @@ protocol_port_range_dpo_alloc (void) protocol_port_range_dpo_t *ppr_dpo; pool_get_aligned (ppr_dpo_pool, ppr_dpo, CLIB_CACHE_LINE_BYTES); - memset (ppr_dpo, 0, sizeof (*ppr_dpo)); + clib_memset (ppr_dpo, 0, sizeof (*ppr_dpo)); ppr_dpo->n_free_ranges = N_PORT_RANGES_PER_DPO; @@ -1126,6 +1126,14 @@ ip6_source_and_port_range_check_add_del (ip6_address_t * address, u16 * low_ports, u16 * high_ports, int is_add) { + u32 fib_index; + + fib_index = fib_table_find (FIB_PROTOCOL_IP4, vrf_id); + + ASSERT (~0 != fib_index); + + fib_table_unlock (fib_index, FIB_PROTOCOL_IP4, FIB_SOURCE_CLASSIFY); + return 0; } @@ -1138,7 +1146,8 @@ ip4_source_and_port_range_check_add_del (ip4_address_t * address, { u32 fib_index; - fib_index = fib_table_find_or_create_and_lock (FIB_PROTOCOL_IP4, vrf_id); + fib_index = fib_table_find_or_create_and_lock (FIB_PROTOCOL_IP4, vrf_id, + FIB_SOURCE_CLASSIFY); if (is_add == 0) {