acl-plugin: fix coverity 177970-177973,178891, and incorrect reset of dot1q/dot1ad...

17797[1-3] have been a false positive in the optional debug CLI argument handling,
178891 was triggered by an unnecessary use of memcpy.
Also fix the issue reported by khers (thanks!) - since 178891 was in the same place.

Change-Id: I3a804e2b1d25d74c11fcc389020d2c1fd69902b2
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>

diff --git a/src/plugins/acl/acl.c b/src/plugins/acl/acl.c
index 2c02047..dbb740a 100644 (file)
--- a/src/plugins/acl/acl.c
+++ b/src/plugins/acl/acl.c
@@ -337,8 +337,6 @@ acl_del_list (u32 acl_list_index)
 /* Some aids in ASCII graphing the content */
 #define XX "\377"
 #define __ "\000"
-#define DOT1AD "\210\250"
-#define DOT1Q "\201\00"
 #define _(x)
 #define v
 /* *INDENT-OFF* */
@@ -393,15 +391,15 @@ u8 ip4_5tuple_mask[] =
 
  u8 dot1q_5tuple_mask[] =
    _("             dmac               smac          dot1q         etype ")
-   _(ether) __ __ __ __ __ __ v __ __ __ __ __ __ v DOT1Q __ __ v XX XX v
+   _(ether) __ __ __ __ __ __ v __ __ __ __ __ __ v XX XX __ __ v XX XX v
    _(padpad) __ __ __ __
    _(padpad) __ __ __ __
    _(padpad) __ __ __ __
    _(padeth) __ __;
 
  u8 dot1ad_5tuple_mask[] =
-   _("             dmac               smac          dot1ad                     etype ")
-   _(ether) __ __ __ __ __ __ v __ __ __ __ __ __ v DOT1AD __ __ DOT1Q __ __ v XX XX v
+   _("             dmac               smac          dot1ad      dot1q         etype ")
+   _(ether) __ __ __ __ __ __ v __ __ __ __ __ __ v XX XX __ __ XX XX __ __ v XX XX v
    _(padpad) __ __ __ __
    _(padpad) __ __ __ __
    _(padeth) __ __;
@@ -409,8 +407,6 @@ u8 ip4_5tuple_mask[] =
 /* *INDENT-ON* */
 #undef XX
 #undef __
-#undef DOT1AD
-#undef DOT1Q
 #undef _
 #undef v
 
@@ -639,6 +635,21 @@ acl_add_vlan_session (acl_main_t * am, u32 table_index, u8 is_output,
     }
   match = (is_dot1ad) ? dot1ad_5tuple_mask : dot1q_5tuple_mask;
   idx = (is_dot1ad) ? 20 : 16;
+  if (is_dot1ad)
+    {
+      /* 802.1ad ethertype */
+      match[12] = 0x88;
+      match[13] = 0xa8;
+      /* 802.1q ethertype */
+      match[16] = 0x81;
+      match[17] = 0x00;
+    }
+  else
+    {
+      /* 802.1q ethertype */
+      match[12] = 0x81;
+      match[13] = 0x00;
+    }
 
   /* add sessions to vlan tables per ethernet_type */
   if (is_ip6)
@@ -655,7 +666,16 @@ acl_add_vlan_session (acl_main_t * am, u32 table_index, u8 is_output,
     }
   vnet_classify_add_del_session (cm, table_index, match, next_acl,
                                 session_idx, 0, 0, 0, 1);
-  memset (&match[idx], 0x00, 2);
+  /* reset the mask back to being a mask */
+  match[idx] = 0xff;
+  match[idx + 1] = 0xff;
+  match[12] = 0xff;
+  match[13] = 0xff;
+  if (is_dot1ad)
+    {
+      match[16] = 0xff;
+      match[17] = 0xff;
+    }
 }
 
 static int
@@ -2717,7 +2737,7 @@ acl_show_aclplugin_acl_fn (vlib_main_t * vm,
   acl_main_t *am = &acl_main;
 
   u32 acl_index = ~0;
-  unformat (input, "index %u", &acl_index);
+  (void) unformat (input, "index %u", &acl_index);
 
   acl_plugin_show_acl (am, acl_index);
   return error;
@@ -2782,7 +2802,7 @@ acl_show_aclplugin_interface_fn (vlib_main_t * vm,
   acl_main_t *am = &acl_main;
 
   u32 sw_if_index = ~0;
-  unformat (input, "sw_if_index %u", &sw_if_index);
+  (void) unformat (input, "sw_if_index %u", &sw_if_index);
   int show_acl = unformat (input, "acl");
 
   acl_plugin_show_interface (am, sw_if_index, show_acl);
@@ -2964,9 +2984,9 @@ acl_show_aclplugin_sessions_fn (vlib_main_t * vm,
   u32 show_bihash_verbose = 0;
   u32 show_session_thread_id = ~0;
   u32 show_session_session_index = ~0;
-  unformat (input, "thread %u index %u", &show_session_thread_id,
-           &show_session_session_index);
-  unformat (input, "verbose %u", &show_bihash_verbose);
+  (void) unformat (input, "thread %u index %u", &show_session_thread_id,
+                  &show_session_session_index);
+  (void) unformat (input, "verbose %u", &show_bihash_verbose);
 
   acl_plugin_show_sessions (am, show_session_thread_id,
                            show_session_session_index);