The logic in hash ACL bitmask update was using the vector
of ACLs applied to the interface to rebuild the hash lookup mask.
However, in transient cases (like doing group manipulation with
hash ACLs), that will not hold true. Thus, make
a local copy of for which ACL indices the hash_acl_apply
was called previously, and maintain that one local
to the hash_lookup.c file logic.
Change-Id: I30187d68febce8bba2ab6ffbb1eee13b5c96a44b
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
(cherry picked from commit
1de7d7044434196610190011ebb431f054701259)
if (swi < vec_len(am->input_applied_hash_acl_info_by_sw_if_index)) {
applied_hash_acl_info_t *pal = &am->input_applied_hash_acl_info_by_sw_if_index[swi];
out0 = format(out0, " input lookup mask_type_index_bitmap: %U\n", format_bitmap_hex, pal->mask_type_index_bitmap);
if (swi < vec_len(am->input_applied_hash_acl_info_by_sw_if_index)) {
applied_hash_acl_info_t *pal = &am->input_applied_hash_acl_info_by_sw_if_index[swi];
out0 = format(out0, " input lookup mask_type_index_bitmap: %U\n", format_bitmap_hex, pal->mask_type_index_bitmap);
+ out0 = format(out0, " input applied acls: %U\n", format_vec32, pal->applied_acls, "%d");
}
if (swi < vec_len(am->input_hash_entry_vec_by_sw_if_index)) {
out0 = format(out0, " input lookup applied entries:\n");
}
if (swi < vec_len(am->input_hash_entry_vec_by_sw_if_index)) {
out0 = format(out0, " input lookup applied entries:\n");
if (swi < vec_len(am->output_applied_hash_acl_info_by_sw_if_index)) {
applied_hash_acl_info_t *pal = &am->output_applied_hash_acl_info_by_sw_if_index[swi];
out0 = format(out0, " output lookup mask_type_index_bitmap: %U\n", format_bitmap_hex, pal->mask_type_index_bitmap);
if (swi < vec_len(am->output_applied_hash_acl_info_by_sw_if_index)) {
applied_hash_acl_info_t *pal = &am->output_applied_hash_acl_info_by_sw_if_index[swi];
out0 = format(out0, " output lookup mask_type_index_bitmap: %U\n", format_bitmap_hex, pal->mask_type_index_bitmap);
+ out0 = format(out0, " output applied acls: %U\n", format_vec32, pal->applied_acls, "%d");
}
if (swi < vec_len(am->output_hash_entry_vec_by_sw_if_index)) {
out0 = format(out0, " output lookup applied entries:\n");
}
if (swi < vec_len(am->output_hash_entry_vec_by_sw_if_index)) {
out0 = format(out0, " output lookup applied entries:\n");
&am->output_applied_hash_acl_info_by_sw_if_index;
vec_validate((*applied_hash_acls), sw_if_index);
applied_hash_acl_info_t *pal = vec_elt_at_index((*applied_hash_acls), sw_if_index);
&am->output_applied_hash_acl_info_by_sw_if_index;
vec_validate((*applied_hash_acls), sw_if_index);
applied_hash_acl_info_t *pal = vec_elt_at_index((*applied_hash_acls), sw_if_index);
+
+ /* ensure the list of applied hash acls is initialized and add this acl# to it */
+ u32 index = vec_search(pal->applied_acls, acl_index);
+ if (index != ~0) {
+ clib_warning("BUG: trying to apply twice acl_index %d on sw_if_index %d is_input %d",
+ acl_index, sw_if_index, is_input);
+ goto done;
+ }
+ vec_add1(pal->applied_acls, acl_index);
+
pal->mask_type_index_bitmap = clib_bitmap_or(pal->mask_type_index_bitmap,
ha->mask_type_index_bitmap);
/*
pal->mask_type_index_bitmap = clib_bitmap_or(pal->mask_type_index_bitmap,
ha->mask_type_index_bitmap);
/*
activate_applied_ace_hash_entry(am, sw_if_index, is_input, applied_hash_aces, new_index);
}
applied_hash_entries_analyze(am, applied_hash_aces);
activate_applied_ace_hash_entry(am, sw_if_index, is_input, applied_hash_aces, new_index);
}
applied_hash_entries_analyze(am, applied_hash_aces);
clib_mem_set_heap (oldheap);
}
clib_mem_set_heap (oldheap);
}
{
int i;
uword *new_lookup_bitmap = 0;
{
int i;
uword *new_lookup_bitmap = 0;
- u32 **applied_acls = is_input ? vec_elt_at_index(am->input_acl_vec_by_sw_if_index, sw_if_index)
- : vec_elt_at_index(am->output_acl_vec_by_sw_if_index, sw_if_index);
applied_hash_acl_info_t **applied_hash_acls = is_input ? &am->input_applied_hash_acl_info_by_sw_if_index
: &am->output_applied_hash_acl_info_by_sw_if_index;
applied_hash_acl_info_t *pal = vec_elt_at_index((*applied_hash_acls), sw_if_index);
applied_hash_acl_info_t **applied_hash_acls = is_input ? &am->input_applied_hash_acl_info_by_sw_if_index
: &am->output_applied_hash_acl_info_by_sw_if_index;
applied_hash_acl_info_t *pal = vec_elt_at_index((*applied_hash_acls), sw_if_index);
- for(i=0; i < vec_len(*applied_acls); i++) {
- u32 a_acl_index = *vec_elt_at_index((*applied_acls), i);
+ for(i=0; i < vec_len(pal->applied_acls); i++) {
+ u32 a_acl_index = *vec_elt_at_index((pal->applied_acls), i);
hash_acl_info_t *ha = vec_elt_at_index(am->hash_acl_infos, a_acl_index);
hash_acl_info_t *ha = vec_elt_at_index(am->hash_acl_infos, a_acl_index);
+ DBG("Update bitmask = %U or %U (acl_index %d)\n", format_bitmap_hex, new_lookup_bitmap,
+ format_bitmap_hex, ha->mask_type_index_bitmap, a_acl_index);
new_lookup_bitmap = clib_bitmap_or(new_lookup_bitmap,
ha->mask_type_index_bitmap);
}
new_lookup_bitmap = clib_bitmap_or(new_lookup_bitmap,
ha->mask_type_index_bitmap);
}
int i;
DBG("HASH ACL unapply: sw_if_index %d is_input %d acl %d", sw_if_index, is_input, acl_index);
int i;
DBG("HASH ACL unapply: sw_if_index %d is_input %d acl %d", sw_if_index, is_input, acl_index);
+ applied_hash_acl_info_t **applied_hash_acls = is_input ? &am->input_applied_hash_acl_info_by_sw_if_index
+ : &am->output_applied_hash_acl_info_by_sw_if_index;
+ applied_hash_acl_info_t *pal = vec_elt_at_index((*applied_hash_acls), sw_if_index);
+
+ /* remove this acl# from the list of applied hash acls */
+ u32 index = vec_search(pal->applied_acls, acl_index);
+ if (index == ~0) {
+ clib_warning("BUG: trying to unapply unapplied acl_index %d on sw_if_index %d is_input %d",
+ acl_index, sw_if_index, is_input);
+ return;
+ }
+ vec_del1(pal->applied_acls, index);
hash_acl_info_t *ha = vec_elt_at_index(am->hash_acl_infos, acl_index);
applied_hash_ace_entry_t **applied_hash_aces = get_applied_hash_aces(am, is_input, sw_if_index);
hash_acl_info_t *ha = vec_elt_at_index(am->hash_acl_infos, acl_index);
applied_hash_ace_entry_t **applied_hash_aces = get_applied_hash_aces(am, is_input, sw_if_index);
* hash_ace_info_t=>mask_type_index bits set
*/
uword *mask_type_index_bitmap;
* hash_ace_info_t=>mask_type_index bits set
*/
uword *mask_type_index_bitmap;
+ /* applied ACLs so we can track them independently from main ACL module */
+ u32 *applied_acls;
} applied_hash_acl_info_t;
} applied_hash_acl_info_t;